Add a deprecation warning for OpenVPN site-to-site with pre-shared secret
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	dmbaturin
	Jun 8 2023, 4:17 PM

Description

The new right way to make CA-less "site-to-site" OpenVPN setups is to use certificate fingerprint validation (T5271). Since the --secret option will be removed in OpenVPN 2.7, we need to warn the users that they should migrate away from it.

Proposed wording:

WARNING: The shared-secret-key option is deprecated and will be removed in VyOS 1.5.
Consider using OpenVPN with self-signed certificates and fingerprint validation instead.
Consult the documentation for details: <URL here>

Details

Difficulty level: Unknown (require assessment)
Version: -
Why the issue appeared?: Will be filled on close
Is it a breaking change?: Behavior change
Issue type: Feature/functionality removal

Related Objects
Search...

		Status	Subtype	Assigned	Task
		Resolved		dmbaturin	T5269 OpenVPN non-TLS site-to-site mode deprecation
		Resolved		dmbaturin	T5274 Add a deprecation warning for OpenVPN site-to-site with pre-shared secret