Skip to content

Tags: Knudn/openvpn

Tags

v2.5.5

OpenVPN v2.5.5 release

2021.12.14 -- Version 2.5.5

Adrian (1):
      Fix error in example firewall.sh script

Antonio Quartulli (1):
      configure: remove useless -Wno-* from default CFLAGS

Arne Schwabe (2):
      Add argv_insert_head__empty_argv__head_only to argv tests
      Move deprecation of SWEET32/64bit block size ciphers to 2.7

Gert Doering (3):
      Include --push-remove in the output of --help.
      Move '--push-peer-info' documentation from 'server' to 'client options'
      add test case(s) to notice 'openvpn --show-cipher' crashing

Ilya Shipitsin (1):
      BUILD: enable CFG and Spectre mitigation for MSVC

Lev Stipakov (12):
      Fix loading PKCS12 files on Windows
      msvc: fix product version display
      msvc: add missing header to project file
      config-msvc.h: fix OpenSSL-related defines
      contrib/vcpkg-ports: remove openssl port
      GitHub Actions: use latest working lukka/run-vcpkg
      Use network address for emulated DHCP server as a default
      Load OpenSSL config on Windows from trusted location
      ring_buffer.h: fix GCC warning about unused function
      ssh_openssl.h: remove unused declaration
      vcpkg/pkcs11-helper: compatibility with latest vcpkg
      config-msvc.h: indicate key material export support

Max Fillinger (2):
      Don't use BF-CBC in unit tests if we don't have it
      Define have_blowfish variable in ncp unit tests

Richard T Bonhomme (1):
      doc link-options.rst: Use free open-source dynamic-DNS provider URL

Selva Nair (3):
      Fix some more wrong defines in config-msvc.h
      Ensure the current common_name is in the environment for scripts
      Require EC key support in Windows builds

Sergio E. Nemirowski (1):
      resolvconf fails with -p

Todd Zullinger (2):
      Update IRC information in CONTRIBUTING.rst
      doc/man (vpn-network-options): fix foreign_option_{n} typo

Ville Skyttä (1):
      README.down-root: Fix plugin module name

v2.5.4

OpenVPN v2.5.4 release

2021.10.04 -- Version 2.5.4

Antonio Quartulli (3):
      route.c: pass the right parameter to IN6_IS_ADDR_UNSPECIFIED
      configure: search also for rst2{man, html}.py
      networking: add networking API net_addr_ll_set() and use it on Linux

Arne Schwabe (1):
      Move examples into openvpn-examples(5) man page

David Korczynski (1):
      Fix argv leaks in add_route() and add_route_ipv6()

David Sommerseth (2):
      doc: Use generic rules for man/html generation
      man: Clarify IV_HWADDR

Gert Doering (1):
      Add error reporting to get_console_input_win32().

Lev Stipakov (3):
      Fix console prompts with redirected log
      Add building man page on Windows
      GitHub Actions: remove Ubuntu 16.04 environment

Max Fillinger (1):
      Update Fox e-mail address in copyright notices

Selva Nair (1):
      Minor doc correction: tls-crypt-v2 key generation

v2.5.3

OpenVPN v2.5.3 release

2021.06.17 -- Version 2.5.3

Arne Schwabe (3):
      Add missing free_key_ctx for auth_token
      Add github actions
      Implement auth-token-user

David Sommerseth (1):
      Update copyrights

Gert Doering (1):
      Preparing release 2.5.3

Lev Stipakov (8):
      openvpnmsica: properly schedule reboot in the end of installation
      msvc: add ARM64 configuration
      msvc: standalone building
      contrib/vcpkg-ports: add pkcs11-helper port
      vcpkg-ports: restore trailing whitespaces in .patch files
      GitHub actions: add MSVC build
      crypto_openssl.c: disable explicit initialization on Windows (CVE-2121-3606)
      contrib/vcpkg-ports: add openssl port with --no-autoload-config option set (CVE-2121-3606)

Matthias Andree (1):
      Fix SIGSEGV (NULL deref) receiving push "echo"

Max Fillinger (1):
      Fix build with mbedtls w/o SSL renegotiation support

Selva Nair (2):
      Improve documentation of AUTH_PENDING related directives
      Apply the connect-retry backoff to only one side of a connection

v2.5.2

OpenVPN v2.5.2 release

2021.04.20 -- Version 2.5.2

Arne Schwabe (10):
      Avoid generating unecessary mbed debug messages
      Restore also ping related options on a reconnect
      Cleanup print_details and add signature/ED certificate print
      Always disable TLS renegotiations
      Also restore/save route-gateway options on SIGUSR1 reconnects
      Move context_auth from context_2 to tls_multi and name it multi_state
      Fix condition to generate session keys
      Move auth_token_state from multi to key_state
      Ensure auth-token is only sent on a fully authenticated session
      Ensure key state is authenticated before sending push reply

Gert Doering (2):
      Fix potential NULL ptr crash if compiled with DMALLOC

Max Fillinger (2):
      In init_ssl, open the correct CRL path pre-chroot
      Abort if CRL file can't be stat-ed in ssl_init

Richard Bonhomme (1):
      Do not print Diffie Hellman parameters file to log file

Simon Rozman (1):
      openvpnserv: Cache last error before it is overridden

Vladislav Grishenko (1):
      Fix IPv4 default gateway with multiple route tables

v2.4.11

OpenVPN v2.4.11 release

2021.04.20 -- Version 2.4.11

Arne Schwabe (1):
      Ensure key state is authenticated before sending push reply

Gert Doering (2):
      clean up / rewrite sample-plugins/defer/simple.c
      Fix potential NULL ptr crash if compiled with DMALLOC

Greg Cox (5):
      Fix naming error in sample-plugins/defer/simple.c
      Documentation fixes around openvpn_plugin_func_v3 in openvpn-plugin.h.in
      Update openvpn_plugin_func_v2 to _v3 in sample-plugins/defer/simple.c
      More explicit versioning compatibility in sample-plugins/defer/simple.c
      Explain structver usage in sample defer plugin.

v2.5.1

OpenVPN v2.5.1 release

2021.02.24 -- Version 2.5.1
Arne Schwabe (5):
      Fix auth-token not being updated if auth-nocache is set
      Remove auth_user_pass.wait_for_push variable
      Fix port-share option with TLS-Crypt v2
      Zero initialise msghdr prior to calling sendmesg
      Fix tls-auth mismatch OCC message when tls-cryptv2 is used.

David Sommerseth (1):
      build: Fix missing install of man page in certain environments

Domagoj Pensa (3):
      Fix too early argv freeing when registering DNS
      Remove 1 second delay before running netsh
      Skip DHCP renew with Wintun adapter

Gert Doering (6):
      Change travis build scripts to use https when fetching prerequisites.
      Fix line number reporting on config file errors after <inline> segments
      Clarify --block-ipv6 intent and direction.
      Document common uses of 'echo' directive, re-enable logging for 'echo'.
      Make OPENVPN_PLUGIN_ENABLE_PF failures FATAL
      clean up / rewrite sample-plugins/defer/simple.c

Greg Cox (5):
      Fix naming error in sample-plugins/defer/simple.c
      Documentation fixes around openvpn_plugin_func_v3 in openvpn-plugin.h.in
      Update openvpn_plugin_func_v2 to _v3 in sample-plugins/defer/simple.c
      More explicit versioning compatibility in sample-plugins/defer/simple.c
      Explain structver usage in sample defer plugin.

Richard Bonhomme (1):
      Man page sections corrections

Selva Nair (1):
      Quote the domain name argument passed to the wmic command

Steffan Karger (2):
      tls-crypt-v2: fix server memory leak
      tls-crypt-v2: also preload tls-crypt-v2 keys (if --persist-key)

v2.4.10

OpenVPN v2.4.10 release

2020.12.09 -- Version 2.4.10

Antonio Quartulli (1):
      pool: prevent IPv6 pools to be larger than 2^16 addresses

Arne Schwabe (5):
      Fix tls_ctx_client/server_new leaving error on OpenSSL error stack
      Normalise ncp-ciphers option and restrict it to 127 bytes
      Also announce IV_CIPHERS as client in OpenVPN 2.4
      Fix auth-token not being updated if auth-nocache is set
      Remove auth_user_pass.wait_for_push variable

David Sommerseth (1):
      compat/lz4: Update to v1.9.2

Gert Doering (12):
      Fix stack overflow in OpenSolaris NEXTADDR()
      Document that --push-remove is generally more suitable than --push-reset
      Fix error detection / abort in --inetd corner case.
      Fix TUNSETGROUP compatibility with very old Linux systems.
      Fix handling of 'route remote_host' for IPv6 transport case.
      Fix description of --client-disconnect calling convention in manpage.
      Handle NULL returns from calloc() in sample plugins.
      Fix --show-gateway for IPv6 on NetBSD/i386.
      socks.c: fix alen for DOMAIN type addresses, bump up buffer sizes
      Fix redirecting of IPv4 default gateway if connecting over IPv6.
      Change travis build scripts to use https when fetching prerequisites.
      Fix line number reporting on config file errors after <inline> segments

Jeremy Evans (1):
      Switch assertion failure to returning false

Matthias Andree (1):
      Fix stack buffer overruns in NEXTADDR() macro:

Selva Nair (3):
      Parse static challenge response in auth-pam plugin
      Accept empty password and/or response in auth-pam plugin
      Persist management-query-remote and proxy prompts

Vladislav Grishenko (2):
      Log serial number of revoked certificate
      Fix fatal error at switching remotes (OpenVPN#629)

v2.5.0

OpenVPN v2.5.0 release

2020.10.27 -- Version 2.5.0
      (no changes relative to v2.5_rc3)

v2.5_rc3

OpenVPN v2.5_rc3 release

2020.10.15 -- Version 2.5_rc3
Arne Schwabe (2):
      Allow 'none' cipher being specified in --data-ciphers
      Add function for common env setting of verify user/pass calls

David Sommerseth (1):
      compat/lz4: Update to v1.9.2

Gert Doering (2):
      Fix redirecting of IPv4 default gateway if connecting over IPv6.
      Avoid passing NULL to argv_printf_cat() in temp_file error case.

Jan Seeger (1):
      Added 'route_ipv6_metric_NN' environment variable for IPv6 route metric.

Richard Bonhomme (1):
      Improve error msg when all TAP adapters are in use 'or disabled'

Steffan Karger (1):
      networking_iproute2: fix memory leak in net_iface_mtu_set()

Vladislav Grishenko (2):
      Selectively reformat too long lines
      Speedup TCP remote hosts connections

v2.5_rc2

OpenVPN v2.5_rc2 release

2020.09.30 -- Version 2.5_rc2

Lev Stipakov (1):
      Alias ADAPTER_DOMAIN_SUFFIX to DOMAIN

Selva Nair (2):
      Set DNS Domain using iservice
      Improve documentation of --username-as-common-name

Simon Rozman (4):
      netsh: Specify interfaces by index rather than name
      netsh: Clear existing IPv6 DNS servers before configuring new ones
      netsh: Delete WINS servers on TUN close
      openvpnmsica: Simplify find_adapters() to void return

Vladislav Grishenko (1):
      Fix update_time() and openvpn_gettimeofday() coexistence