gmane.network.openvpn.announce

OpenVPN 2.3-alpha1 released

Samuli Seppänen — 2012-02-28T14:30:22

The OpenVPN community project team is proud to release OpenVPN
2.3-alpha1. It can be downloaded from here:

<http://openvpn.net/index.php/open-source/downloads.html>

This release includes a few new major features:

 * Complete IPv6 support, both transport and payload
 * Optional PolarSSL support (build time configuration)
 * Improved plug-in API (v3) which can more easily be expanded in the
   future: includes support for direct access to X.509 certificate data in
   plug-ins
 * Several improvements to the management interface
 * One-to-one NAT to circumvent IP address conflicts between local and
   remote networks
 * New OpenVPN-GUI

Note that a few changes have been made which may affect existing
installations. A list of new features and the changelog are available here:

<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23>

The changelog is also attached to this email.

For generic help use these support channels:

- Official documentation:
<http://openvpn.net/index.php/open-source/documentation/howto.html>
- Wiki: <https://community.openvpn.net>
- Forums: <https://forums.openvpn.net>
- User mailing list: <http://sourceforge.net/mail/?group_id=48978>
- User IRC channel: #openvpn at irc.freenode.net

Please report bugs and ask development questions here:

- Bug tracker and Wiki: <https://community.openvpn.net>
- Developer mailing list: <http://sourceforge.net/mail/?group_id=48978>
- Developer IRC channel: #openvpn-devel at irc.freenode.net (requires
  Freenode registration)

OpenVPN 2.2.2 released

Samuli Seppänen — 2011-12-22T14:22:13

The OpenVPN community project team is proud to release OpenVPN 2.2.2. It
can be downloaded from here:

<http://openvpn.net/index.php/open-source/downloads.html>

Changes include:

- Pkcs11 support built into the Windows version
- Fixed a bug in the Windows TAP-driver

Full list of changes is attached to this email and is also available here:

<http://openvpn.net/index.php/open-source/documentation/change-log/425-changelog-for-openvpn-22.html>

For generic help use these support channels:

- Official documentation:
<http://openvpn.net/index.php/open-source/documentation/howto.html>
- Wiki: <https://community.openvpn.net>
- Forums: <https://forums.openvpn.net>
- User mailing list: <http://sourceforge.net/mail/?group_id=48978>
- User IRC channel: #openvpn at irc.freenode.net

Please report bugs and ask development questions here:

- Bug tracker and Wiki: <https://community.openvpn.net>
- Developer mailing list: <http://sourceforge.net/mail/?group_id=48978>
- Developer IRC channel: #openvpn-devel at irc.freenode.net

Note that we've recently switched to using a different Git repository:

<git://openvpn.git.sourceforge.net/gitroot/openvpn/openvpn.git>

OpenVPN 2.2.1 released

Samuli Seppänen — 2011-07-06T15:55:04

The OpenVPN community project team is proud to release OpenVPN 2.2.1. It
can be downloaded from here:

<http://openvpn.net/index.php/open-source/downloads.html>

Changes include:

- Fixed several build issues
- Updated easy-rsa for OpenSSL 1.0.0 (fixes Trac ticket #125)
- Man-page improvements

A more comprehensive list of changes is available here:

<http://openvpn.net/index.php/open-source/documentation/change-log/425-changelog-for-openvpn-22.html>

For generic help use these support channels:

- Official documentation:
<http://openvpn.net/index.php/open-source/documentation/howto.html>
- Wiki: <https://community.openvpn.net>
- Forums: <https://forums.openvpn.net>
- User mailing list: <http://sourceforge.net/mail/?group_id=48978>
- User IRC channel: #openvpn at irc.freenode.net

Please report bugs and ask development questions here:

- Bug tracker and Wiki: <https://community.openvpn.net>
- Developer mailing list: <http://sourceforge.net/mail/?group_id=48978>
- Developer IRC channel: #openvpn-devel at irc.freenode.net

Note that we've recently switched to using a different Git repository:

<git://openvpn.git.sourceforge.net/gitroot/openvpn/openvpn.git>

OpenVPN 2.2.0 released

Samuli Seppänen — 2011-04-27T18:48:00

The OpenVPN community project team is proud to release OpenVPN 2.2.0. It
can be downloaded from here:

<http://openvpn.net/index.php/open-source/downloads.html>

Changes include:

- Several man-page updates
- Several buildsystem fixes
- Fixed a bug with GUI icon deletion on upgrade from 2.2-RC or earlier
- Change the default --tmp-dir path to a more suitable path
- Improve the mysprintf() issue in openvpnserv.c
- Fixed bug in port-share that could cause port share process to crash
- Fix the --client-cert-not-required feature

A more comprehensive list of changes is available here:

<http://openvpn.net/index.php/open-source/documentation/change-log/425-changelog-for-openvpn-22.html>

For generic help use these support channels:

- Official documentation:
<http://openvpn.net/index.php/open-source/documentation/howto.html>
- Wiki: <https://community.openvpn.net>
- Forums: <https://forums.openvpn.net>
- User mailing list: <http://sourceforge.net/mail/?group_id=48978>
- User IRC channel: #openvpn at irc.freenode.net

Please report bugs and ask development questions here:

- Bug tracker and Wiki: <https://community.openvpn.net>
- Developer mailing list: <http://sourceforge.net/mail/?group_id=48978>
- Developer IRC channel: #openvpn-devel at irc.freenode.net

Note that we've recently switched to using a different Git repository:

<git://openvpn.git.sourceforge.net/gitroot/openvpn/openvpn.git>

OpenVPN 2.2-RC2 released

Samuli Seppänen — 2011-03-25T20:23:25

The OpenVPN community project team is proud to release OpenVPN 2.2-RC2.
It can be downloaded from here:

<http://openvpn.net/index.php/open-source/downloads.html>

Changes include:

* Turn off ENABLE_CLIENT_ONLY build setting that disabled all server
functionality (turned on in 2.2-RC by mistake)
* Implement IPv6 in TUN mode for Windows TAP driver
* Several buildsystem fixes and enhancements
* Several man-page fixes

A more comprehensive list of changes is available here:

<http://openvpn.net/index.php/open-source/documentation/change-log/425-changelog-for-openvpn-22.html>

If you find a bug in this release, please file a bug report to our Trac
bug tracker:

<https://community.openvpn.net>

In uncertain cases please contact our developers first, either using the
openvpn-devel mailinglist (http://sourceforge.net/mail/?group_id=48978)
or the developer IRC channel (#openvpn-devel at irc.freenode.net).

NOTE: In production environments you should use the latest stable
release, not this release candidate build.

OpenVPN 2.2-RC released

Samuli Seppänen — 2011-03-04T19:26:11

The OpenVPN community project team is proud to release OpenVPN 2.2-RC.
It can be downloaded from here:

 * http://openvpn.net/index.php/open-source/downloads.html

Changes include:

    * Windows installer built and packaged with the new Python-based
buildsystem that utilizes the Visual Studio 2008 toolchain
    * Lots of enhancements and fixes to the Python-based Windows
buildsystem (see Changelog for details)
    * Make the --x509-username-field feature an opt-in feature

A more comprehensive list of changes is available here:

 *
http://openvpn.net/index.php/open-source/documentation/change-log/425-changelog-for-openvpn-22.html

If you find a bug in this release, please file a bug report to our Trac
bug tracker. In uncertain cases please contact our developers first,
either using the openvpn-devel mailinglist or the developer IRC channel
(#openvpn-devel at irc.freenode.net).

NOTE: In production environments you should use the latest stable
release, not this release candidate build.

OpenVPN 2.2-beta5 released

Samuli Seppänen — 2010-12-03T21:16:14

The OpenVPN community project team is proud to release OpenVPN
2.2-beta5. It can be downloaded from here:

<http://openvpn.net/index.php/open-source/downloads.html>

Changes since last beta release (2.2-beta3) include:

- Adding support for SOCKS plain text authentication
- Add HTTP/1.1 Host header
- TAP support on Solaris
- "topology subnet" made to work on Solaris
- Lots of bugfixes, see changelog for details

If you find a bug in this release, please file a bug report to our Trac
bug tracker at

<https://community.openvpn.net>

In uncertain cases please contact our developers first, either using the
openvpn-devel mailinglist
<https://lists.sourceforge.net/mailman/listinfo/openvpn-devel>or the
developer IRC channel (#openvpn-devel< at >irc.freenode.net).

OpenVPN 2.1.4 released

Samuli Seppänen — 2010-11-09T19:04:28

Hi all,

OpenVPN 2.1.4 is now released. This is a bugfix release and fixes a
problem with special case route targets ('remote_host'), which could
cause filling of the routing table with random garbage. Thanks to Teodo
MICU and Gert Doering for finding and fixing this issue. There are no
other significant changes to the previous 2.1.x release. As usual, these
latest OpenVPN packages can be downloaded from here:

<http://openvpn.net/index.php/open-source/downloads.html>

Note that Debian Lenny (i386/amd64) and Ubuntu 10.04 (i386/amd64)
packages are also available.

OpenVPN version 2.1.2 released

James Yonan — 2010-08-15T22:27:06

2010.08.09 -- Version 2.1.2

* Windows security issue:
   Fixed potential local privilege escalation vulnerability in
   Windows service. The Windows service did not properly quote the
   executable filename passed to CreateService.  A local attacker
   with write access to the root directory C:\ could create an
   executable that would be run with the same privilege level as
   the OpenVPN Windows service.  However, since non-Administrative
   users normally lack write permission on C:\, this vulnerability
   is generally not exploitable except on older versions of Windows
   (such as Win2K) where the default permissions on C:\ would allow
   any user to create files there.
   Credit:  Scott Laurie, MWR InfoSecurity

* Added Python-based based alternative build system for Windows using
   Visual Studio 2008 (in win directory).

* When aborting in a non-graceful way, try to execute do_close_tun in
   init.c prior to daemon exit to ensure that the tun/tap interface is
   closed and any added routes are deleted.

* Fixed an issue where AUTH_FAILED was not being properly delivered
   to the client when a bad password is given for mid-session reauth,
   causing the connection to fail without an error indication.

* Don't advance to the next connection profile on AUTH_FAILED errors.

* Fixed an issue in the Management Interface that could cause
   a process hang with 100% CPU utilization in --management-client
   mode if the management interface client disconnected at the
   point where credentials are queried.

* Fixed an issue where if reneg-sec was set to 0 on the client,
   so that the server-side value would take precedence,
   the auth_deferred_expire_window function would incorrectly
   return a window period of 0 seconds.  In this case, the
   correct window period should be the handshake window
   period.

* Modified ">PASSWORD:Verification Failed" management interface
   notification to include a client reason string:

     >PASSWORD:Verification Failed: 'AUTH_TYPE' ['REASON_STRING']

* Enable exponential backoff in reliability layer
   retransmits.

* Set socket buffers (SO_SNDBUF and SO_RCVBUF) immediately after
   socket is created rather than waiting until after connect/listen.

* Management interface performance optimizations:

   1. Added env-filter MI command to perform filtering on env vars
      passed through as a part of --management-client-auth

   2. man_write will now try to aggregate output into larger blocks
      (up to 1024 bytes) for more efficient i/o

* Fixed minor issue in Windows TAP driver DEBUG builds
   where non-null-terminated unicode strings were being
   printed incorrectly.

* Fixed issue on Windows with MSVC compiler, where TCP_NODELAY support
   was not being compiled in.

* Proxy improvements:

   Improved the ability of http-auth "auto" flag to dynamically detect
   the auth method required by the proxy.

   Added http-auth "auto-nct" flag to reject weak proxy auth methods.

   Added HTTP proxy digest authentication method.

   Removed extraneous openvpn_sleep calls from proxy.c.

* Implemented http-proxy-override and http-proxy-fallback directives to 
make it
   easier for OpenVPN client UIs to start a pre-existing client config 
file with
   proxy options, or to adaptively fall back to a proxy connection if a 
direct
   connection fails.

* Implemented a key/value auth channel from client to server.

* Fixed issue where bad creds provided by the management interface
   for HTTP Proxy Basic Authentication would go into an infinite
   retry-fail loop instead of requerying the management interface for
   new creds.

* Added support for MSVC debugging of openvpn.exe in settings.in:

   # Build debugging version of openvpn.exe
   !define PRODUCT_OPENVPN_DEBUG

* Implemented multi-address DNS expansion on the network field of route
   commands.

   When only a single IP address is desired from a multi-address DNS
   expansion, use the first address rather than a random selection.

* Added --register-dns option for Windows.

   Fixed some issues on Windows with --log, subprocess creation
   for command execution, and stdout/stderr redirection.

* Fixed an issue where application payload transmissions on the
   TLS control channel (such as AUTH_FAILED) that occur during
   or immediately after a TLS renegotiation might be dropped.

* Added warning about tls-remote option in man page.

------------------------------------------------------------------------------
This SF.net email is sponsored by 

Make an app they can't live without
Enter the BlackBerry Developer Challenge
http://p.sf.net/sfu/RIM-dev2dev

OpenVPN 2.1.0 released

James Yonan — 2009-12-11T09:17:01

I'm happy to announce the release of OpenVPN 2.1.0.  This release is 
basically 2.1_rc22 + some last-minute trivial fixes to documentation and 
plugin sample code.  Enjoy!

James


------------------------------------------------------------------------------
Return on Information:
Google Enterprise Search pays you back
Get the facts.
http://p.sf.net/sfu/google-dev2dev

OpenVPN 2.1_rc21 released

James Yonan — 2009-11-12T10:04:14

This release is to respond to the OpenSSL vulnerability CVE-2009-3555.

Some people have worried that the fix made to OpenSSL to address this
vulnerability (ban all SSL/TLS renegotiations) would break OpenVPN's
session renegotiation capability.  This is not the case.  OpenVPN does 
not rely on the session renegotiation capability that is built into 
SSL/TLS, and therefore if OpenVPN is linked against an OpenSSL library 
that disables SSL/TLS renegotiation, there should be no loss of 
functionality.

Changes:

2009.11.12 -- Version 2.1_rc21

* Rebuilt OpenVPN Windows installer with OpenSSL 0.9.8l to address
   CVE-2009-3555.  Note that OpenVPN has never relied on the session
   renegotiation capabilities that are built into the SSL/TLS protocol,
   therefore the fix in OpenSSL 0.9.8l (disable SSL/TLS renegotiation
   completely) will not adversely affect OpenVPN mid-session SSL/TLS
   renegotation or any other OpenVPN capabilities.

* Added additional session renegotiation hardening.  OpenVPN has always
   required that mid-session renegotiations build up a new SSL/TLS
   session from scratch.  While the client certificate common name is
   already locked against changes in mid-session TLS renegotiations, we
   now extend this locking to the auth-user-pass username as well as all
   certificate content in the full client certificate chain.

James

------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with
Crystal Reports now.  http://p.sf.net/sfu/bobj-july