Package: openvpn Version: 2.6.0~git20220518+dco-2 Severity: important User: de...@kali.org Usertags: origin-kali X-Debbugs-Cc: raph...@freexian.com
Hello Bernhard, as Kali is based on Debian testing, our users started to experience the git snapshot of OpenVPN that you uploaded. Unfortunately, we got multiple reports that their VPN break because many VPN services ship .opvn files that rely on --cipher. At the same time, it's not really reasonable to expect (commercial) services to be ready for a version of OpenVPN that is not released yet. Upstream OpenVPN contributors are blaming Debian/Kali for this choice: https://forums.openvpn.net/viewtopic.php?p=107165#p107154 As such I really believe that this git snapshot should have stayed in experimental. Why was it uploaded to unstable before its upstream release? I assume it was due to OpenSSL 3 becoming the default. However I notice that upstream released 2.5.7 on May 31 that adds limited support of OpenSSL 3.x. Can we switch back to 2.5.7 until 2.6 is released upstream? (We will likely do this in Kali with a version like 2.6.0~really2.5.7) If we don't want to switch back to 2.5.x, it might make sense to temporarily revert the backwards incompatible change that breaks most people's setup, I'm speaking of this commit: https://github.com/OpenVPN/openvpn/commit/65f6da8eeb84fbcea357765e13fa73d0169a143c It seems to be the change that is causing most issues. Thank you for maintaining such an important package!
