Hello
I use OpenVPN server version 2.5.4 - which versions of clients are compatible with that version of server?
Is there any pattern used for this? For example all 2.5.X versions are always compatible but if the second number in the version is changed, then it is imcompatible?
Or is there any documentation for that?
Thank you
Question about server/client version compatibility
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
aldomoro
- OpenVpn Newbie
- Posts: 3
- Joined: Tue Mar 02, 2021 12:33 pm
-
ordex
- OpenVPN Inc.
- Posts: 444
- Joined: Wed Dec 28, 2016 2:32 am
- Location: IRC #openvpn-devel @ libera.chat
Re: Question about server/client version compatibility
The goal has always been to keep compatibility with older clients for as much as possible.
If you are using some new feature, some old clients may not be able to connect anymore.
There is no predefined pattern though.
However, a server running 2.5.4 should be able to accept connection from 2.3+, as long as you're not using some unsupported setting.
If you are using some new feature, some old clients may not be able to connect anymore.
There is no predefined pattern though.
However, a server running 2.5.4 should be able to accept connection from 2.3+, as long as you're not using some unsupported setting.
-
Vuoto66
- OpenVpn Newbie
- Posts: 1
- Joined: Tue Jan 30, 2024 4:01 pm
Re: Question about server/client version compatibility
So, if I understand, using a server 2.5.8 I can connect with a client 2.6.8 that is actually the new one !
Am I right?
Vuoto66
Am I right?
Vuoto66
-
zxcgn
- OpenVpn Newbie
- Posts: 2
- Joined: Fri Jun 30, 2023 10:50 am
Re: Question about server/client version compatibility
I apologizing, because this is probably not the right place to ask, but i hope moderator will correct it, because i don't have right to create new topic yet.
I have very weird problem with new versions of OpenVPN 2.6.x - at least 2.6.13 and 2.6.14 behaved the same way. I have server with public IPv4 with updated Debian 12, where is OpenVPN 2.6.3 and attached configuration. For while everything worked just fine. Users with mostly W10 and W11 (and one or two MACs) can access SMB and RDP services inside VPN.
One of users told me, he cannot connect from home, but from office he can. I tested it thoroughly on my computers, but from other places with different provider and everything worked. One of my clients was PC with W10 and OpenVPN client 2.6.14.
In user locality, we tested two different computers, second was with freshly installed W11 (without MS account...), second W10, both with OpenVPN 2.6.14 (we tested 2.6.13 and before it i thing it was 2.6.10) - with both computers was problem exactly same.
- i can connect with OpenVPN GUI, no errors, everything seems to be working
- i can ping through VPN to the server, answer in 3 - 4ms, very stable, no packet loss (i can see it with tcpdump on server too)
- i cannot connect to the Samba server (SMB version 3.11) or RDP on another server inside VPN
- DNS inside VPN works
- PC is trying connect to the SMB, but it sometimes succeeded once or twice (i can see it in Samba log or with smbstatus), sometimes i could display folder content, but MS Explorer often hangs in second attempt until time outs.
Weird thing is - with exactly same configuration i can connect from other localities.
Weirder thig is - when i downgraded to latest OpenVPN 2.5.10 it started working again, even SMB and RDP passing through VPN.
My question is - how can ping through VPN work, but other services not? How it can depend on internet provider? Can it have something with different virtual network device? I can see OpenVPN 2.5.x is using "OpenVPN TAP", but OpenVPN 2.6.x is using "OpenVPN Wintun".
Obviously i don't have idea what internet provider can do wrong. I only know he doesn't give public IPv4 to the users, his router have private IPv4 on WAN interface, but different from out networks. I am intentionally trying choose unusual range to minimize risk of collision.
Do you have any idea what i can try and check? I cannot diagnose it at whim anytime, it depends on user when he will have time for it, because in all my networks this problem will not occur. But i can then connect to his PC remotely and try some diagnostics...
I have very weird problem with new versions of OpenVPN 2.6.x - at least 2.6.13 and 2.6.14 behaved the same way. I have server with public IPv4 with updated Debian 12, where is OpenVPN 2.6.3 and attached configuration. For while everything worked just fine. Users with mostly W10 and W11 (and one or two MACs) can access SMB and RDP services inside VPN.
One of users told me, he cannot connect from home, but from office he can. I tested it thoroughly on my computers, but from other places with different provider and everything worked. One of my clients was PC with W10 and OpenVPN client 2.6.14.
In user locality, we tested two different computers, second was with freshly installed W11 (without MS account...), second W10, both with OpenVPN 2.6.14 (we tested 2.6.13 and before it i thing it was 2.6.10) - with both computers was problem exactly same.
- i can connect with OpenVPN GUI, no errors, everything seems to be working
- i can ping through VPN to the server, answer in 3 - 4ms, very stable, no packet loss (i can see it with tcpdump on server too)
- i cannot connect to the Samba server (SMB version 3.11) or RDP on another server inside VPN
- DNS inside VPN works
- PC is trying connect to the SMB, but it sometimes succeeded once or twice (i can see it in Samba log or with smbstatus), sometimes i could display folder content, but MS Explorer often hangs in second attempt until time outs.
Weird thing is - with exactly same configuration i can connect from other localities.
Weirder thig is - when i downgraded to latest OpenVPN 2.5.10 it started working again, even SMB and RDP passing through VPN.
My question is - how can ping through VPN work, but other services not? How it can depend on internet provider? Can it have something with different virtual network device? I can see OpenVPN 2.5.x is using "OpenVPN TAP", but OpenVPN 2.6.x is using "OpenVPN Wintun".
Obviously i don't have idea what internet provider can do wrong. I only know he doesn't give public IPv4 to the users, his router have private IPv4 on WAN interface, but different from out networks. I am intentionally trying choose unusual range to minimize risk of collision.
Do you have any idea what i can try and check? I cannot diagnose it at whim anytime, it depends on user when he will have time for it, because in all my networks this problem will not occur. But i can then connect to his PC remotely and try some diagnostics...
server config
dev tun0
mode server
tls-server
keepalive 10 60
port xxxxx
proto udp
persist-key
topology "subnet"
push "topology subnet"
ifconfig 10.aa.bb.1 255.255.255.0
ifconfig-pool 10.aa.bb.100 10.aa.bb.199 255.255.255.0
client-config-dir /etc/openvpn/vpn-users
push "route-gateway 10.aa.bb.1"
push "route 10.aa.bb.0 255.255.255.0"
push "route ccc.ddd.eee.0 255.255.255.0"
push "dhcp-option DNS 10.aa.bb.1"
cipher AES-256-GCM
user nobody
group nogroup
persist-tun
ca /usr/share/easy-rsa/pki/ca.crt
cert /usr/share/easy-rsa/pki/issued/servername.crt
key /usr/share/easy-rsa/pki/private/servername.key
dh /usr/share/easy-rsa/pki/dh.pem
crl-verify /usr/share/easy-rsa/pki/crl.pem
log /var/log/openvpn/openvpn-clients.log
log-append /var/log/openvpn/openvpn-clients-append.log
mode server
tls-server
keepalive 10 60
port xxxxx
proto udp
persist-key
topology "subnet"
push "topology subnet"
ifconfig 10.aa.bb.1 255.255.255.0
ifconfig-pool 10.aa.bb.100 10.aa.bb.199 255.255.255.0
client-config-dir /etc/openvpn/vpn-users
push "route-gateway 10.aa.bb.1"
push "route 10.aa.bb.0 255.255.255.0"
push "route ccc.ddd.eee.0 255.255.255.0"
push "dhcp-option DNS 10.aa.bb.1"
cipher AES-256-GCM
user nobody
group nogroup
persist-tun
ca /usr/share/easy-rsa/pki/ca.crt
cert /usr/share/easy-rsa/pki/issued/servername.crt
key /usr/share/easy-rsa/pki/private/servername.key
dh /usr/share/easy-rsa/pki/dh.pem
crl-verify /usr/share/easy-rsa/pki/crl.pem
log /var/log/openvpn/openvpn-clients.log
log-append /var/log/openvpn/openvpn-clients-append.log