384.10 Beta 3 is now available. This release contains a couple of changes surrounding OpenVPN key/certs management, which should notably reduce nvram usage. The issue where key/certs would sometimes be left in nvram is fixed, and the unused key/cert var names are no longer wasting nvram space either, saving a few hundred bytes of nvram. Please make sure no new issue was introduced surrounding management of key/certs.
It is also now possible to remove a key/certs by clearing its field, rather than having to remove the file in /jffs/openvpn/ .
The following script will clear up your nvram:
Code:
#!/bin/sh
echo "Removing unused cert/key from nvram..."
for i in 1 2 3 4 5
do
nvram unset vpn_crt_client$i\_ca
nvram unset vpn_crt_client$i\_extra
nvram unset vpn_crt_client$i\_crt
nvram unset vpn_crt_client$i\_key
nvram unset vpn_crt_client$i\_crl
nvram unset vpn_crt_client$i\_static
done
for i in 1 2
do
nvram unset vpn_crt_server$i\_ca
nvram unset vpn_crt_server$i\_dh
nvram unset vpn_crt_server$i\_ca_key
nvram unset vpn_crt_server$i\_extra
nvram unset vpn_crt_server$i\_client_crt
nvram unset vpn_crt_server$i\_crl
nvram unset vpn_crt_server$i\_crt
nvram unset vpn_crt_server$i\_key
nvram unset vpn_crt_server$i\_static
nvram unset vpn_crt_server$i\_client_key
done
nvram commit
echo "done."
The Firefox stalls when using https with a router-generated certificate should also be resolved now (looks like an old Firefox bug came back when they added TLS 1.3 support), a workaround has been implemented - you might need to re-generate your router certificate.
Code:
314329e5c2 Updated documentation
99c64f99f8 Bumped revision to beta 3
a45ceea61c libvpn: allow erasing a key/cert by providing an empty one
2204f05a5e libvpn: resetting to default wasn't clearing client extra CA certificate
58c2fda137 shared: remove indexed vpn_crt_* entries from default nvram settings
708ee2bb7c httpd: webui: display client's bandwidth on wireless log page
c4583ee465 httpd: do not link with libletsencrypt when OpenSSL 1.1.x is enabled due to mismatched openssl versions
61380ae127 httpd: add emailAddress attribute to generated certificate
7225891383 (rtax88) Merge with 384_5640 GPL
7dbff248a1 webui: Classification page fixes: hide filters on empty list, remove undefined class popup in non-aQoS mode