Page 3 of 13
Re: Version 1.13.0 : Based on OpenWrt 19.07.8
Posted: Fri Mar 11, 2022 8:46 am
by Lantis
Do you have a source you can refer me to? I can see recommendations, but nothing specific to openvpn implementation. I would need to read additional information to comment accurately.
Gargoyle still generates certificates with 3650 days expiry from the last time I checked.
Re: Version 1.13.0 : Based on OpenWrt 19.07.8
Posted: Fri Mar 11, 2022 11:51 am
by rseiler
No, I couldn't either with specific regard to OpenVPN (aside from the commercial product, Access Server, which still cites 10 years), but I know not too long ago when I was running through an OpenVPN install on 21.02 (I realize we're still 19.07 here), I got 825 for the client/server certs expiries.
When I looked up why, I found many general articles explaining the 825 in connection with an industry change effective March 1, 2018. I thought that meant that OpenVPN+easyRSA had adopted that TLS/SSL standard for new certs, and that maybe the last time I tried this, on v1.12, it was because it was 18.06. Those, done in 2020, don't expire until 2037, which is far longer than even 3650 days.
I think the longer-term certs are good, but am not sure how you're doing it now.
Re: Version 1.13.0 : Based on OpenWrt 19.07.8
Posted: Fri Mar 11, 2022 2:23 pm
by mooread
I want to add my thanks for the 1.13.0 release. The GL-AR150 has been stable since the official release. Before that I had a few development versions built and running for several months and those were solid as well.
Re: Version 1.13.0 : Based on OpenWrt 19.07.8
Posted: Fri Mar 11, 2022 6:11 pm
by Lantis
Switching to shorter certs isn’t a huge issue (unless they get super short), but it’s about making sure that an expired certificate generates an appropriate error we can detect and advise on. Last time I ran into one I was stumped for a while, I don’t want general users to be stuck with that.
At 10 years it’s pretty much a non issue. 2 and a bit years is conceivable to run into.
Re: Version 1.13.0 : Based on OpenWrt 19.07.8
Posted: Sat Mar 12, 2022 2:05 pm
by rseiler
Yes, agreed.
After actually finding it, I was playing around with the EASYRSA_CERT_EXPIRE parameter today and it does look like it still works. For example, setting it to 3650. It's when you don't use it the 825 comes in. It's likely what Gargoyle used behind-the-scenes to get those far-off dates into the late 2030s.
There's also EASYRSA_CA_EXPIRE for the CA one, which without it has a more reasonable default of 3650.
Re: Version 1.13.0 : Based on OpenWrt 19.07.8
Posted: Sat Mar 12, 2022 2:41 pm
by gerardo4020
Greetings.
I have installed gargoyle 1.13 on TP-LINK ARCHER C7 V2 and I have had problems assigning static IPs, since when setting them later the router presents IP address assignment errors, making connectivity via wired and wireless impossible.
the problem lies when the letter -Ñ- or similar is used in the host name
in version 1.12 this type of inconvenience did not happen
Re: Version 1.13.0 : Based on OpenWrt 19.07.8
Posted: Sat Mar 12, 2022 6:29 pm
by Lantis
I have heard some reports of “special” characters causing this issue.
There may have been some change upstream (dnsmasq) that has caused this and I will attempt to investigate, however it is likely not much can be done
Re: Version 1.13.0 : Based on OpenWrt 19.07.8
Posted: Mon Mar 14, 2022 9:04 pm
by snake218
snake218 wrote: ↑Sun Feb 27, 2022 2:46 pm
Thanks for all your hard work, been a fan on gargoyle firmware since 10 or more years.
Sorry to bring the same topic i stated on another post, but still having trouble with gargoyle 1.13.x versions on Archer C7 V2 router.
The problem is when i assign static IP (IPV4) address on the DHCP option, i am not sure if the problem is related to ipv6 or a bug in this specific router. But when I assign static IP most devices can't connect (couldn't get ip address) and a few devices that are able to connect they are assigned an IP that doesn't match router settings and has no internet connection (my dhcp range 192.168.0.100-192.168.0.200) and those few devices are assigned in range 169.254.xxx.xxx, and I don't know where that IP is coming from.
I already Tried disabling ipv6 option on dhcp settings, and disable enforce DHCP assignments. The only way i can connect a device to the router is to assign a static IP on the device itself.
Update: I was able to solve this issue thanks to @tob99 advice. It seems the problem appears if you use space or + sign in devices names. I named my devices using only alphanumeric characters, no symbols and no spaces, and all is working fine now.
Re: Version 1.13.0 : Based on OpenWrt 19.07.8
Posted: Sat Mar 19, 2022 7:34 pm
by sigwx
Does 19.07.8 have the same mac80211 issues as 21.02 (and if so, are the fixes there part of this release)?
Re: Version 1.13.0 : Based on OpenWrt 19.07.8
Posted: Sat Mar 19, 2022 9:01 pm
by Lantis
Reference please