[eduVPN-deploy] [2020-05-03] Package Updates
François Kooman
fkooman at tuxed.net
Sun May 3 21:50:47 CEST 2020
Hi all,
* vpn-server-api: 2.2.0 [1]
* vpn-ca: 2.0.1 [2]
The big change in this release is the switch to vpn-ca for issuing VPN
certificates, both for the OpenVPN server as well as for VPN clients.
Until now easy-rsa was used, but this component had various issues. See
[3] for more details.
When updating the packages, vpn-ca will be automatically used
afterwards. The existing CA will migrate to vpn-ca, so everything will
keep working they way it did before. New certificates will be issued by
vpn-ca from then on.
In addition, there are two changes:
- OpenVPN server certificates will expire now at the same time as the
CA. A compromised server will require setting up a new CA anyway as no
revocation support is available at all.
- Until now issued certificates/keys were kept under the
`/var/lib/vpn-server-api/easy-rsa` directory. As some deployed servers
ran into trouble storing all of them (no more free inodes) we now no
longer keep the certificates/keys, there was no need to do so anyway...
**NOTE**: if you update on Debian, as always, make sure you use
"dist-upgrade" as vpn-ca is a new dependency of vpn-server-api!
Let me know if you have any questions!
Regards,
François
[1]
https://github.com/eduvpn/vpn-server-api/blob/v2/CHANGES.md#220-2020-05-03
[2]
https://github.com/letsconnectvpn/vpn-ca/blob/master/CHANGES.md#201-2020-04-30
[3] https://github.com/letsconnectvpn/vpn-ca#why
More information about the eduVPN-deploy
mailing list