1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

OpenVPN from recent Merlin FW or Entware

Discussion in 'Asuswrt-Merlin' started by zd59, Jun 12, 2019 at 3:12 AM.

  1. zd59

    zd59 Occasional Visitor

    Joined:
    Feb 13, 2017
    Messages:
    14
    Hello!

    I bought RT-AC86U and want to use OpenVPN.
    Want to use libOpenSSL version 1.1.1 which is more secure than 1.0.X.
    In Merlin FW are installed both libraries libOpenSSL version 1.1.X and 1.0.X. Which is used for VPN?

    Need advice, which one to use: one from Merlin FW 384.11_2 or from https://bin.entware.net/aarch64-k3.10 released may 2019?


     
  2. Martineau

    Martineau Part of the Furniture

    Joined:
    Jul 8, 2012
    Messages:
    2,199
    Location:
    UK
    From the changelog since v384.10 (24-March-2019)

    upload_2019-6-12_12-53-15.png
     
  3. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    8,558
    Location:
    UK
    Always use the router's built-in entware-setup.sh script. It will download the current version.

    Read the change log:
    Code:
    384.10 (24-March-2019)
      - NEW: Added OpenSSL 1.1.1b in parallel to 1.0.2.  Some services
             like AiCloud are still linked against 1.0.2 because they
             would require Asus to recompile them against 1.1.1.
    
             Main services that currently use OpenSSL 1.1.1:
             httpd (webui), OpenVPN, wget, net-snmp, Tor,
             Strongswan (IPSEC server), inadyn, vsftpd, avahi.
    
             Models that lack AES acceleration will prioritize the use
             of CHACHA20 over AES-256-GCM, for a small performance
             improvement (for instance with the webui).
    
             Note that OpenVPN 2.4.7's support is still limited.
             TLS 1.3 is supported, but CHACHA20 support is
             only expected with OpenVPN 2.5.0.
    
             The 1.0.2 userspace tool is still named "openssl", while
             the 1.1.x version is named "openssl11".
     
  4. zd59

    zd59 Occasional Visitor

    Joined:
    Feb 13, 2017
    Messages:
    14
    Thank you both.

    So Melin FW version VPN is current and I'll use it.
     
  5. eibgrad

    eibgrad Regular Contributor

    Joined:
    Feb 20, 2017
    Messages:
    177
    You can always go to a shell (ssh) and get the OpenVPN version, which will also show the OpenSSL version in use.

    Code:
    [email protected]:/tmp/home/root# openvpn --version
    OpenVPN 2.4.7 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jun  7 2019
    library versions: OpenSSL 1.1.1c  28 May 2019, LZO 2.08
    Originally developed by James Yonan
    Copyright (C) 2002-2018 OpenVPN Inc <[email protected]>
    Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=no enable_def_auth=yes enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=yes enable_fragment=yes enable_iproute2=yes enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_management=yes enable_multihome=yes enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=no enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=no enable_werror=no enable_win32_dll=yes enable_x509_alt_username=no with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_sysroot=no
    And lots of other details.