Page MenuHomeVyOS Platform

Add a deprecation warning for OpenVPN site-to-site with pre-shared secret
Closed, ResolvedPublic


The new right way to make CA-less "site-to-site" OpenVPN setups is to use certificate fingerprint validation (T5271). Since the --secret option will be removed in OpenVPN 2.7, we need to warn the users that they should migrate away from it.

Proposed wording:

WARNING: The shared-secret-key option is deprecated and will be removed in VyOS 1.5.
Consider using OpenVPN with self-signed certificates and fingerprint validation instead.
Consult the documentation for details: <URL here>


Difficulty level
Unknown (require assessment)
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Behavior change
Issue type
Feature/functionality removal