[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Safe to use old clients (1.5) with new 2.0beta7 server mode?


  • Subject: Re: [Openvpn-users] Safe to use old clients (1.5) with new 2.0beta7 server mode?
  • From: James Yonan <jim@xxxxxxxxx>
  • Date: Sat, 24 Jul 2004 16:04:13 -0500

On Friday 23 July 2004 15:49, Erik Anderson wrote:
> I just tried to get this to work a couple days ago but couldn't get the
> mtu's to match up on remote/local site.  I suspect that someone has changed
> the data packet protocols between the two versions, but there's really no
> way for me to know.

The protocol hasn't changed, but some of the default options have.  These 
parameters are now the default for 2.0:

 tun-mtu 1500
 tun-mtu-extra 32
 mssfix 1450
 key-method 2

If you want 2.0 to talk to 1.5 or 1.6, then in the 1.x config file, you should 
explicitly specify the above parameters.

> The obvious answer is that you need to specify "key-method 1" on the 2.0
> server so that it can authenticate properly with the 1.0 clients.

"key-method 2" was introduced in 1.5 and made the default in 2.0.  So either 
1.5 or 1.6 can talk to 2.0 using either key-method 1 or 2.  If you don't 
specify key-method, then 1.x uses key-method 1 and 2.0 uses key-method 2.

James

> ----- Original Message -----
> From: "Evan Harris" <eharris@xxxxxxxxxxxxx>
> To: "OpenVPN" <openvpn-users@xxxxxxxxxxxxxxxxxxxxx>
> Sent: Friday, July 23, 2004 11:45 AM
> Subject: [Openvpn-users] Safe to use old clients (1.5) with new 2.0beta7
> server mode?
>
> > I've been waiting for the server mode a long time so that one port
> > allowed through firewalls can support many client connections.  I'm using
> > udp and tun.
> >
> > I'm thinking of testing the new stuff with our systems, but I'd like to
>
> know
>
> > if it is safe/possible to use the new code in server mode on our vpn
>
> server
>
> > with old 1.5 clients which is what all of our other systems use.  Many of
> > those clients will be very hard to upgrade, so I'd like to do it over an
> > extended time period.
> >
> > What are the caveats (if any) to doing this?
> >
> > Evan
> >
> >
> >
> >
> > -------------------------------------------------------
> > This SF.Net email is sponsored by BEA Weblogic Workshop
> > FREE Java Enterprise J2EE developer tools!
> > Get your free copy of BEA WebLogic Workshop 8.1 today.
> > http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
> > _______________________________________________
> > Openvpn-users mailing list
> > Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> > https://lists.sourceforge.net/lists/listinfo/openvpn-users
>
> -------------------------------------------------------
> This SF.Net email is sponsored by BEA Weblogic Workshop
> FREE Java Enterprise J2EE developer tools!
> Get your free copy of BEA WebLogic Workshop 8.1 today.
> http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/openvpn-users

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users