On 07/02/2022 13:46, Bo Berglund wrote:
I have an OpenVPN server running on an Ubuntu Server 18.04 LTS and it is due for
release-upgrade. The installation of OpenVPN was originally done back in 2017 on
the 16.04 LTS version.
Now I do not remember *how* it was installed, if I just used apt install openvpn
like I do nowadays or if I first added the OpenVPN repositories to apt...
Any customizations of apt sources will be overwritten bya a release-upgrade so I
need to figure this out before the upgrade can be done.
I check like this:
$ openvpn --version
OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11]
[MH/PKTINFO] [AEAD] built on Feb 19 2019
library versions: OpenSSL 1.0.2n 7 Dec 2017, LZO 2.10
So it seems rather old, but if I do the same check in another newer Ubuntu
20.04.3 I have then I get this:
$ openvpn --version
OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11]
[MH/PKTINFO] [AEAD] built on Jul 19 2021
library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10
This is the same 2.4.7 version on both but the dates differ a lot...
Hi,
So the upstream version number (2.4.7 in this case) might not be the
code you are actually running. You need to check the .deb package
instead, like `dpkg -s openvpn`. On a Debian 11 box I use for testing I
see the "Version" line has "2.5.1-3", and the "-3" part is important.
For all the LTS distros, the OpenVPN packages are not upgraded during
the lifetime of the distro itself. But the package maintainer backports
fixes from newer versions to the version in the distro repository, and
this is what the "-3" part indicates. The package maintainer does his
utmost to ensure these updates does not break a running system.
But you may have added an additional repository, where you pick the
packages from our own apt repository. This is provided by the OpenVPN
community project, but we don't provide the same guarantees as the
distro maintainer does. However, you get much newer releases quicker -
which in most cases works very well.
I am not able to understand nor see where openvpn-aptrepo.list comes
from. I would suggest you to compare that with information found here:
<https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos>
In general, old configuration files will usually work just fine. But if
you are in doubt, install a test machine (or use a Docker container, or
similar - for smoke testing the config) where you install the wanted
OpenVPN version and copy over your production configs. Then just try to
run the openvpn command directly on the configuration files. If it
doesn't complain about anything in the configuration file itself, it
will in most cases work just fine.
--
kind regards,
David Sommerseth
OpenVPN Inc
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
