I have a Problem with setting the extra options in an Open VPN client config.
For reasons our Open VPN servers signature encryption method is outdated and upgrading the server will take at least a fews months…
Most clients (RUT240) still use 01.14.7 as firmware. When i upgrade the firmware to the newest RutOS i will have to set the openVPN client configs extra option to seclevel 0 or otherwise the router won’t come back online after upgrading, since the newer openVPN/openSSL software in RutOS blocks the signature algorythm (deprecated).
Because i have a few 100 clients i do the settings and upgrade via SSH.
Problem: If i set the extra option in UI everything works fine after the upgrade. If i set the extra option via uci the extra option is missing after the upgrade and the router won’t come back online.
What i do:
- connect via SSH
- uci set openvpn.client_123.extra=‘tls-cipher “DEFAULT:@SECLEVEL=0”’
- sysupgrade -r /tmp/RUT2_R_00.07.06.13_WEBUI.bin
(i use 00.07.06.13 because 07.06.16 doesn’t work)
In step 2 i tried another version with a _ before extra. After that i can see the setting in UI on 01.14.7 but after upgrading it’s also missing. Every other setting works perfectly fine.
So what am i missing?