infrastructure-notes/OpenVPN Upgrade Notes.md

OpenVPN Upgrade Notes

OpenVPN Access Server Knowledge Base Docs - Keeping OpenVPN Access Server updated

OpenVPN Access Server on Linux - VPN Software Repository & Packages

Current version 2.7.3

:warning: OpenVPN Version 2.8.x is NOT FIPS Compliant and will NOT run in FIPS mode.

1. Download next version to Repo server.

   wget -O openvpn-as-2.8.6-CentOS7.x86_64.rpm https://openvpn.net/downloads/openvpn-as-latest-CentOS7.x86_64.rpm
   wget -O openvpn-as-bundled-clients-13.rpm https://openvpn.net/downloads/openvpn-as-bundled-clients-latest.rpm
   

2. Follow Reposerver Notes for prepping Repo server and target server.

3. Backup the current configuration - reference Backing up the OpenVPN Access Server Configuration

   which apt > /dev/null 2>&1 && apt -y install sqlite3
   which yum > /dev/null 2>&1 && yum -y install sqlite
   cd /usr/local/openvpn_as/etc/db
   [ -e config.db ]&&sqlite3 config.db .dump>../../config.db.bak
   [ -e certs.db ]&&sqlite3 certs.db .dump>../../certs.db.bak
   [ -e userprop.db ]&&sqlite3 userprop.db .dump>../../userprop.db.bak
   [ -e log.db ]&&sqlite3 log.db .dump>../../log.db.bak
   [ -e config_local.db ]&&sqlite3 config_local.db .dump>../../config_local.db.bak
   [ -e cluster.db ]&&sqlite3 cluster.db .dump>../../cluster.db.bak
   [ -e clusterdb.db ]&&sqlite3 clusterdb.db .dump>../../clusterdb.db.bak
   [ -e notification.db ]&&sqlite3 notification.db .dump>../../notification.db.bak 
   cp ../as.conf ../../as.conf.bak
   

4. Ensure you have a good EBS Volume Snapshot ( take a new one so it will not get auto deleted )

5. After a yum update, the OpenVPN service might die and not come back up. Use the bastion host to ssh in a remedy this. systemctl status openvpn

6. shutdown -r now

7. check version /usr/local/openvpn_as/scripts/sacli Version