OpenVPN: fix guide for Ubuntu 24.04+ #296
Conversation
valerio-bozzolan
force-pushed
the
216-openvpn-fixes
branch
from
d480fda to
acb3df7
Compare
valerio-bozzolan
force-pushed
the
216-openvpn-fixes
branch
4 times, most recently
from
1d27094 to
0c4f719
Compare
Avoid the following OpenVPN deprecation notice while generating the key:
DEPRECATED OPTION: The option --secret is deprecated.
WARNING: Using --genkey --secret filename is DEPRECATED. Use --genkey secret filename instead.
In short:
#Bad: 'sudo openvpn --genkey --secret ta.key'
#Good: 'sudo openvpn --genkey secret ta.key'
Ref canonical#216
If you get this error:
TLS Error: cannot locate HMAC in incoming packet from ...
Very probably you will appreciate the added entry in the troubleshooting list.
Ref canonical#216
valerio-bozzolan
force-pushed
the
216-openvpn-fixes
branch
from
0c4f719 to
693a975
Compare
|
Thanks for your round of review and enjoy the new commit history 👍 I've solved all change requests and also fixed a pending problem was just mentioned in the issue, about minimal environments like Ubuntu official Docker images. I tried to be nice and still mention the old stuff from Ubuntu 20.04 since it's still under Expanded Security Maintenance (?) but feel free to kill that paragraph violently, if the policy is to don't mention Ubuntu 20.04 anymore. I kept that block since it costs nothing for me to keep it. |
| > ```bash | ||
| > echo 'path-include=/usr/share/doc/openvpn/examples/*' > /etc/dpkg/dpkg.cfg.d/my-openvpn | ||
| > apt install --reinstall openvpn | ||
| > ``` |
There was a problem hiding this comment.
I don't think this is the right place for this information. Nowhere else in the server guide do we talk about how to tweak such minimal environments when describing a particular service. If we want to go down this route, I believe it's better to document such steps in a separate entry in the server guide, perhaps near the installation docs, or even a new one that talks about minimal images.
There was a problem hiding this comment.
Indeed. Could I try mentioning this in the troubleshooting section, in a line, very shortly? 👍
There was a problem hiding this comment.
I think suggesting to change your ubuntu installation just to fetch these sample config files is overkill. How about a link to fetch these from the internet? We could link directly to the package git repository. For example, those example files can be seen here: https://git.launchpad.net/ubuntu/+source/openvpn/tree/sample/sample-config-files?h=applied/ubuntu/noble-devel
We can link directly:
These are stable links guaranteed to always point at these files from the latest release of openvpn for Ubuntu Noble 24.04.
| > ```bash | ||
| > echo 'path-include=/usr/share/doc/openvpn/examples/*' > /etc/dpkg/dpkg.cfg.d/my-openvpn | ||
| > apt install --reinstall openvpn | ||
| > ``` |
There was a problem hiding this comment.
Indeed. Could I try mentioning this in the troubleshooting section, in a line, very shortly? 👍
|
Lots of updates in this PR, nice! Taking a look! |
|
Hi @valerio-bozzolan, are you still interested in working on this PR? |
Description
Fix all the small issues described in #216 for OpenVPN in Ubuntu 24.04. In order of importance:
/usr/share/doc/openvpnDEPRECATED OPTION: The option --secret is deprecated.»Related Issue
Merge Strategy
I suggest to do not squash the commits, since each commit has meaningful details for the benefit of future 'git blame'. Therefore I suggest to merge as fast-forward (or merge commit). You're welcome! 👍 lol
Checklist