Thank you Jan, Gert et al for the replies. Especially Jan for going to all that trouble!
Jan, to all your points — yes I agree. Upgrading this device to a newer kernel will be a major undertaking, I won’t bother you all with the details here. I asked the question to get an idea of how recent we can go in OpenVPN version in the interim while we plan our overall system upgrade (it is currently at 2.3.4 with OpenSSL 1.01h and lzo 2.02). Thanks again all! I really appreciate your attention. Best, Marvin > On May 23, 2018, at 3:25 AM, Jan Just Keijser <janj...@nikhef.nl> wrote: > > Hi, > > >> On 22/05/18 22:47, Gert Doering wrote: >>> On Tue, May 22, 2018 at 09:10:10PM +0200, David Sommerseth wrote: >>>> On 22/05/18 19:32, Marvin wrote: >>>> Can someone tell me the minimum Linux version that OpenVPN 2.4.x will build >>>> and run on? We have an older appliance the runs on an older 2.4.31 kernel >>>> (cannot be upgraded -- but it's very hardened so really doesn't need to be >>>> for >>>> our use.) >>> >>> But I do know there has been some >>> code changes over the years which is strictly 2.6 kernel and newer; but its >>> quite a long time ago so I don't recall exactly what and when. >> For OpenVPN 2.4, I think we kicked out some old method to set up Linux >> tunnels. OTOH, that was 2.2.x stuff, if I remember correctly... >> (86e2fa5597fd1ad8e010) >> >> > as usual, Gert is right ... > I've dusted off and fired up a really ancient VM running CentOS 3.9, which > is based on kernel 2.4.21. After falling off my chair in amazement and > climbing back on, I then copied over openssl 1.0.2, lzo-2.03 and openvpn > 2.4.5; openssl builds, as does lzo. As Gert predicted: > OpenVPN 2.4.5 fails to build on tun.c , line 2092: 'TUNSETGROUP' undeclared. > > I then copied over openvpn 2.3.18 and built that: it builds and runs just > fine. > So in short: openvpn 2.3.X is the last version that can be run on a 2.4 > kernel. > > Now stop and think about this: > - WHY?!?!?!?!!? would you want to do this? > - as others have said, the 2.4 kernel series is no longer updated , and > 2.4.31 is not even the last version (that's 2.4.37). I would not consider > any device running a 2.4 kernel secure enough to run a secure VPN on it, > especially over the internet. > - why do would you need openvpn 2.4.x in the first place for such a device? > if it's AES-GCM that you are looking for then there's a good chance that it > will be SLOWER on embedded hardware compared to AES-256-CBC+SHA256. > > > JM2CW, > > JJK > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Openvpn-devel mailing list > Openvpn-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-devel ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
