'Re: [Openvpn-users] How to properly upgrade openvpn server on Ubuntu servers (18.04 and 20.04)?'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openvpn-users
Subject:    Re: [Openvpn-users] How to properly upgrade openvpn server on Ubuntu servers (18.04 and 20.04)?
From:       Bo Berglund <bo.berglund () gmail ! com>
Date:       2022-09-25 4:47:48
Message-ID: rckvihdq4av3ppnnbj9lm9mdg8a1i9c2a0 () 4ax ! com
[Download RAW message or body]

On Sat, 24 Sep 2022 19:01:08 -0400, Nathan Stratton Treadway
<nathanst@ontko.com> wrote:

>Since you aren't using the VPN link during the upgrade, I don't think it
>will make much difference which of those two approaches you take. 
>
>Note that apt/dpkg consider the version string "2.4.7-1ubuntu2.20.04.4"
>(i.e. the Ubuntu package in Focal) to be lower than "2.4.7-xenial0", so
>I'm pretty sure if you follow the second option you will indeed need to
>manually force your system to switch to the Ubuntu version of the
>package after you complete the release upgrade.
>
>(That's where you would use either "apt install openvpn/focal" or "apt
>install openvpn=2.4.7-1ubuntu2.20.04.4" to override the default
>package-version-selection algorithm and force the switch.)
>
>It's not a bad idea to disable the build.openvpn.net repositories in
>your /etc/apt/sources.list files yourself, but I believe the
>release-upgrade process will do that for you in any case....

I am done now but it was a bit bumpy...
In the process I have also taken the chance to move the services away from using
local IP 10.8.0.x(from the cook-book tutorials) and instead using less common
addresses. This affected the itables entries too, which I also had to modify.
But this was not part of the real dit-upgrade, just housekeeping.

What I did in the end was:
- I decided to let openvpn stay until after the release upgrade
- Did all apt updates/upgrades to make the release-upgrade prompt appear on the
login welcome screen
- Shut down the server and took a snapshot (it is a VMWare VM), then started it
again. Serves as a backup.
- Ran the sudo do-release-upgrade command to launch the upgrade
- Stayed by the screen during the process since it has several places where it
stops for user input.
- When it was all done and I rebooted I checked openvpn and it was not working
- So I looked at the apt repo dir and found that both files had openvpn
commented out
- Removed the openvpn related files in /etc/apt/sources.list.d
- I ran sudo apt install openvpn to get it back into the system and found it to
be 2.4.7 as before the upgrade when I used the external repos.
- I changed the location of the conf files by moving them into
/etc/openvpn/server and modified them accordingly regarding paths to the ccd
dirs and the ipp cache files (I run 2 services here)
- I also disabled the existing openvpn services:
  sudo systemctl disable openvpn@server.service
- Then I enabled the new services:
  sudo systemctl enable openvpn-server@server
- But when I tried to start them there was an error concerning access to the
ports used...

After a while of testing I decided to try rebooting and after that the server
ticked on (via the boot actually).

I believe I should have stopped the old services rather than just disabling them
so there was some ghost services clashing on the networking side.

Finally now I have this:

$ apt policy openvpn
openvpn:
  Installed: 2.4.7-1ubuntu2.20.04.4
  Candidate: 2.4.7-1ubuntu2.20.04.4
  Version table:
 *** 2.4.7-1ubuntu2.20.04.4 500
        500 http://us.archive.ubuntu.com/ubuntu focal-updates/main amd64
Packages
        500 http://security.ubuntu.com/ubuntu focal-security/main amd64 Packages
        100 /var/lib/dpkg/status
     2.4.7-1ubuntu2 500
        500 http://us.archive.ubuntu.com/ubuntu focal/main amd64 Packages

And I am able to connect from my clients using the existing ovpn files.

Next on my agenda now is to do another "do-release-upgrade" since I now get the
logon message:

New release '22.04.1 LTS' available.
Run 'do-release-upgrade' to upgrade to it.

But before that I will remove all commented out entries from the apt file
/etc/apt/sources.list.
It now contains entries similar to this:
# deb-src http://us.archive.ubuntu.com/ubuntu/ xenial main restricted
which refer to 18.04.


-- 
Bo Berglund
Developer in Sweden



_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic