11-16-2020, 08:45 PM
Before FW 85 OpenVPN always worked with embedding the VPN keys and cert into the vpn.cnf file like so:
This does not work anymore with FW 85. I tested this with a T54W (FW 96.85.0.65), a VP59 (FW 91.85.0.5) and a W60B (FW 77.85.0.20).
It works when adding a "keys" folder and the key and certs as separate files. Is that change on purpose? It make it more complicated to generate the vpn.cnf, and worse is not backwards compatible. When customers upgrade their existing phones (using OpenVPN), it won't work anymore.
Code:
remote 192.168.1.1 1194 udp
cipher AES-128-CBC
key-direction 1
client
remote-cert-tls server
nobind
persist-key
persist-tun
dev tun
verb 3
<ca>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----
</key>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
...
-----END OpenVPN Static key V1-----
</tls-auth>
This does not work anymore with FW 85. I tested this with a T54W (FW 96.85.0.65), a VP59 (FW 91.85.0.5) and a W60B (FW 77.85.0.20).
It works when adding a "keys" folder and the key and certs as separate files. Is that change on purpose? It make it more complicated to generate the vpn.cnf, and worse is not backwards compatible. When customers upgrade their existing phones (using OpenVPN), it won't work anymore.