Upgrade failure on CentOS 7

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
edmoncu
OpenVPN User
Posts: 32
Joined: Fri Aug 07, 2020 4:30 pm

Upgrade failure on CentOS 7

Post by edmoncu » Sun Dec 10, 2023 3:03 am

btw just a note for centos 7, as the update seems python 3.8 is a prerequisite (which fails to install).
my workaround is to enable SCL

Code: Select all

sudo yum install centos-release-scl-rh -y
sudo yum install rh-python38 -y
afterwhich the openvpnas update works fine via

Code: Select all

sudo yum -upgrade -y

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1321
Joined: Tue Feb 16, 2021 10:41 am

Re: openvpn WEB_ADMIN real IP always 127.0.0.1

Post by openvpn_inc » Sun Dec 10, 2023 3:59 pm

Hello edmoncu,

Yes, as described in the release notes for 2.13.0, CentOS7, Red Hat 7, are required to use Python 3.8 now, and it is done using SCL, and the installation instructions have been updated to include enabling the SCL repository.

https://openvpn.net/vpn-server-resources/release-notes/
"On CentOS 7 and Red Hat 7, we now require Python 3.8. This is done by using the SCL repositories. The installation instructions for these operating systems have been updated to include instructions to enable the SCL repositories."

Also FYI, you should probably start to plan to move away from CentOS 7 / RHEL 7 as 2.13.0 will most likely be the last major release to continue to support those platforms. It's already extremely difficult to marry the concept of modern security standards with an operating system using software from ~10 years ago, but moreover, the EOL date of CentOS 7 is creeping up - June 2024.

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

edmoncu
OpenVPN User
Posts: 32
Joined: Fri Aug 07, 2020 4:30 pm

Re: Upgrade failure on CentOS 7

Post by edmoncu » Tue Dec 12, 2023 1:39 pm

may i ask if it is safe to upgrade an existing Debian 10 to 12 directly?
i've followed the guide by debian here : https://wiki.debian.org/DebianUpgrade
with some minor adjustments here : https://www.lisenet.com/2023/libcrypt-s ... -bullseye/

Code: Select all

$ cd /tmp
$ apt download libcrypt1
$ dpkg-deb -x libcrypt1_1%3a4.4.33-2_amd64.deb  .
$ cp -av lib/x86_64-linux-gnu/* /lib/x86_64-linux-gnu/
$ apt --fix-broken install -y

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1321
Joined: Tue Feb 16, 2021 10:41 am

Re: Upgrade failure on CentOS 7

Post by openvpn_inc » Tue Dec 12, 2023 5:49 pm

Hi edmoncu,

To be honest I've never upgraded from Debian 10 to 12 directly. That's a fairly big leap as well, not sure if it needs to be from 10 to 11, then 11 to 12. I would have to refer you to someone from Debian that knows more about it to be sure about that.

One thing I can tell you is that after you've done the upgrade, you'll need to ensure that you follow the installation instructions for Debian 12 for Access Server, so that the correct repository is used (Debian 12 software for Debian 12 OS, instead of Debian 10 software for Debian 12 OS) and you can then get the correct version of Access Server that was built for the new OS you'll be running then.

In terms of Access Server's own configuration, that can be transferred between any OS, like Amazon Linux 2 to Red Hat 9 or Debian 12 or whatever. The Access Server configuration is completely OS-agnostic.

edit: one small caveat, if you were using for example TLS 1.0 on Ubuntu 18 and now upgrade to Ubuntu 22, you may find that TLS 1.0 is not allowed anymore and you may need to adjust the configuration to use TLS 1.2 instead. That kind of setting is the only exception to it being OS-agnostic, as in newer operating systems, newer security standards may apply for encryption.

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

Post Reply