OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

Upgrade failure on CentOS 7

https://forums.openvpn.net/viewtopic.php?t=42163

Page 1 of 1

Upgrade failure on CentOS 7

Posted: Sun Dec 10, 2023 3:03 am
by edmoncu
btw just a note for centos 7, as the update seems python 3.8 is a prerequisite (which fails to install).
my workaround is to enable SCL

Code: Select all

sudo yum install centos-release-scl-rh -y
sudo yum install rh-python38 -y
afterwhich the openvpnas update works fine via

Code: Select all

sudo yum -upgrade -y

Re: openvpn WEB_ADMIN real IP always 127.0.0.1

Posted: Sun Dec 10, 2023 3:59 pm
by openvpn_inc
Hello edmoncu,

Yes, as described in the release notes for 2.13.0, CentOS7, Red Hat 7, are required to use Python 3.8 now, and it is done using SCL, and the installation instructions have been updated to include enabling the SCL repository.

https://openvpn.net/vpn-server-resources/release-notes/
"On CentOS 7 and Red Hat 7, we now require Python 3.8. This is done by using the SCL repositories. The installation instructions for these operating systems have been updated to include instructions to enable the SCL repositories."

Also FYI, you should probably start to plan to move away from CentOS 7 / RHEL 7 as 2.13.0 will most likely be the last major release to continue to support those platforms. It's already extremely difficult to marry the concept of modern security standards with an operating system using software from ~10 years ago, but moreover, the EOL date of CentOS 7 is creeping up - June 2024.

Kind regards,
Johan

Re: Upgrade failure on CentOS 7

Posted: Tue Dec 12, 2023 1:39 pm
by edmoncu
may i ask if it is safe to upgrade an existing Debian 10 to 12 directly?
i've followed the guide by debian here : https://wiki.debian.org/DebianUpgrade
with some minor adjustments here : https://www.lisenet.com/2023/libcrypt-s ... -bullseye/

Code: Select all

$ cd /tmp
$ apt download libcrypt1
$ dpkg-deb -x libcrypt1_1%3a4.4.33-2_amd64.deb  .
$ cp -av lib/x86_64-linux-gnu/* /lib/x86_64-linux-gnu/
$ apt --fix-broken install -y

Re: Upgrade failure on CentOS 7

Posted: Tue Dec 12, 2023 5:49 pm
by openvpn_inc
Hi edmoncu,

To be honest I've never upgraded from Debian 10 to 12 directly. That's a fairly big leap as well, not sure if it needs to be from 10 to 11, then 11 to 12. I would have to refer you to someone from Debian that knows more about it to be sure about that.

One thing I can tell you is that after you've done the upgrade, you'll need to ensure that you follow the installation instructions for Debian 12 for Access Server, so that the correct repository is used (Debian 12 software for Debian 12 OS, instead of Debian 10 software for Debian 12 OS) and you can then get the correct version of Access Server that was built for the new OS you'll be running then.

In terms of Access Server's own configuration, that can be transferred between any OS, like Amazon Linux 2 to Red Hat 9 or Debian 12 or whatever. The Access Server configuration is completely OS-agnostic.

edit: one small caveat, if you were using for example TLS 1.0 on Ubuntu 18 and now upgrade to Ubuntu 22, you may find that TLS 1.0 is not allowed anymore and you may need to adjust the configuration to use TLS 1.2 instead. That kind of setting is the only exception to it being OS-agnostic, as in newer operating systems, newer security standards may apply for encryption.

Kind regards,
Johan
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/