Upgrade Ubuntu version on OpenVPN Access Server

[opg1987]

Hi All,

I hope this is the correct place to ask this question and apologies if it has been asked before (I couldn't find anything using search).
(Apologies also if this is a simple / inane question. I'm still fairly new to Linux).

Question: Can I upgrade my OpenVPN AS running Ubuntu 14.04.05 LTS to Ubuntu 16.04.03 LTS using the 'do-release-upgrade' command? If so, will it affect my OpenVPN AS installation in any way?

I recently upgraded our OpenVPN installation from 2.1.8 to 2.1.12. This worked perfectly, as usual. While I was performing this update/installation, I noticed that my OpenVPN server is still on Ubuntu 14.04.05 LTS which reaches end of life in April this year.

I'd like to upgrade this server's OS to 16.04.03 LTS so that both the OS and OpenVPN AS version are running on the latest and greatest.

My terminal/console gives me the following message: "New release '16.04.03 LTS' available. Run 'do-release-upgrade' to upgrade it".

Is it safe for me to so this, safe in the knowledge that it will not affect my OpenVPN AS installation? My OpenVPN server settings and licences will be unaffected?

Many thanks,
Oliver

[opg1987]

Polite bump.

Can anyone confirm whether an in-place upgrade of Ubuntu using 'do-release-upgrade' is supported with OpenVPN Access Server 2.1.12 installed?

Correction for original post. Ubuntu 14.04.5 is end of life April 2019 (next year). Still, I would like to get our OpenVPN server up to 16.04.3 as soon as possible.

Thanks.

[edmoncu]

Another bump.

Hopefully someone would be able to help test this approach if it's possible to do an in-place-upgade (do-release-upgrade)
https://ubuntu.com/blog/how-to-upgrade- ... -lts-today

So far, openvpn's documentation only states an update via migration to a newer instance with the latest version
https://openvpn.net/vpn-server-resource ... erver-aws/

update:
background: i setup a linode with 18.04 in it and installed openvpnas on it. it's running on 2.11.3. fully updated the instance. i also had it registered to ubuntu one to allow it to get the latest patches for 18.04. take note of the openvpnas accounts and credentials.

in-place upgrade: here are the commands and remarks

lsb_release -a
sudo apt update
sudo apt full-upgrade -y
sudo apt autoremove -y
sudo apt install update-manager -y
sudo nano /etc/update-manager/release-upgrades.d/ubuntu-advantage-upgrades.cfg

Code: Select all

 [Sources]
  AllowThirdParty=yes

sudo do-release-upgrade

• have the update restart services
  update lsd 4.0
  grub boot loader install to /sda
  allow the update to restart

lsb_release -a
sudo apt autoremove -y
sudo nano /etc/apt/sources.list.d/openvpn-as-repo.list

• replace bionic with focal

sudo apt update && sudo apt -y install openvpn-as

the OS is now on after this the OS is updated from 18.x LTS to 20.04.6 LTS, openvpn is re-installed and is updated to the latest version 2.12.1 (as of typing) and the existing credentials intact.

[edmoncu]

OT : while you're at it, you can also update OpenSSL from the current 1.1.1f to the latest 3.1.2 (as of posting) with the following commands

Code: Select all

sudo su
openssl version
apt install make gcc -y
cd ~
wget --no-check-certificate https://www.openssl.org/source/openssl-3.1.2.tar.gz
ls
tar -xzf openssl-3.1.2.tar.gz
rm -rf openssl-3.1.2.tar.gz
cd openssl-3.1.2/
./config
make && make test

wait for quite awhile (approx 15 minutes)

Code: Select all

mv /usr/bin/openssl ~/tmp
make install

wait again awhile (approx 10 minutes)

Code: Select all

ln -s /usr/local/bin/openssl /usr/bin/openssl
perl configdata.pm --dump
ldconfig
export LD_LIBRARY_PATH=/usr/local/ssl/lib/
ldconfig /usr/local/lib64
openssl version

[openvpn_inc]

Hello edmoncu and anyone else reading this,

While we do appreciate the sharing of knowledge I have to add something to this as a warning for OpenVPN Access Server users.

We recommend against changing the OpenSSL version in your operating system. You should pick an operating system that comes with the major OpenSSL version that you want to use. For example if you want OpenSSL3 use for example Ubuntu 22.04 LTS or Red Hat 9 or newer.

If you manually replace the OpenSSL version it will not be used by OpenVPN Access Server. That is because it, and Python3 programming language, and many other programs, are compiled against the specific OpenSSL version that comes with the operating system. Even if you slap OpenSSL3 on an OS with OpenSSL1, it won't be used by Access Server. And many other programs will not either for that matter. Trying to change this will almost certainly lead to unexpected problems and failures. We do not test against this and we will not test against this. We create and test OpenVPN Access Server with the OpenSSL version that comes with the operating system, and that is the only supported configuration, and the only recommended configuration.

We urge people that are trying to go to OpensSL3 to switch to an operating system that actually comes with OpenSSL3. If you do not, you may not get expected results, and you may very well get unexpected situations in terms of security, and it is generally just not recommended. For example what will you do if OpenSSL3 has a security update? You are now responsible to update it. If you just pick an OS that has OpenSSL3 in it already, you just get the security updates for your distribution and you're done. Also we test things in this situation.

This custom situation with OpenSSL3 installed in an OS that does not come with OpenSSL3 as proposed in this forum post is something that we very firmly recommend against. If you are on an OS now that has OpenSSL1 and you want to go to OpenSSL3, then set up a new OS that comes with OpenSSL3 and migrate your settings there, or do an in-place upgrade to a newer version of the OS that comes with OpenSSL3.

Kind regards,
Johan