-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
openvpn: add mbedtls build option. #23429
Conversation
Default to it since openvpn is broken with libressl-3.1.X.
@jkoderu-git This should fix the issue with openvpn. |
That is nice - mbedtls has LTS releases ;) |
Thank you so much @travankor for your help! |
Did you check if this fixes the problematic servers? (only aware of ProtonVPN confis so far) |
Can we be sure this doesn't break other uses of OpenVPN as well? |
The features that don't work compared to the openssl build:
This is why the Admittedly, I don't know the reason why libressl is causing problems and to what extent things are broken with openvpn. And yes, I tested protonovpn, which seems to work. |
Can you suggest some to test? Keep in mind that I can't really test every use case (like the ones involving corporate networks). So far, I think the main difference is that the mbedtls version is a little slower and less responsive than the openssl/libressl version. |
I have no idea, because I don't use it myself. Just want to avoid a regression for OpenVPN users whose setup is working with the latest LibreSSL version. |
The best solution is to use Openssl. The other options are either 1) mbedtls or 2) patch libressl and/or openvpn to work. |
Hi, This has broken pcks12 for me, is there anyway we can re-enable this option? Thanks |
@Redcroft could you open a separate issue, please? That way it's easier to track. If you know how to build the package yourself, you can build it with the |
Default to it since openvpn is broken with libressl-3.1.X.