Softpedia >Linux >System >Networking >OpenVPN >  Changelog

OpenVPN Changelog

What's new in OpenVPN 2.4.7

Mar 5, 2019
  • Adam Ciarciński (1):
  • Fix subnet topology on NetBSD (2.4).
  • Antonio Quartulli (3):
  • add support for %lu in argv_printf and prevent ASSERT
  • buffer_list: add functions documentation
  • ifconfig-ipv6(-push): allow using hostnames
  • Arne Schwabe (7):
  • Properly free tuntap struct on android when emulating persist-tun
  • Add OpenSSL compat definition for RSA_meth_set_sign
  • Add support for tls-ciphersuites for TLS 1.3
  • Add better support for showing TLS 1.3 ciphersuites in --show-tls
  • Use right function to set TLS1.3 restrictions in show-tls
  • Add message explaining early TLS client hello failure
  • Fallback to password authentication when auth-token fails
  • Christian Ehrhardt (1):
  • systemd: extend CapabilityBoundingSet for auth_pam
  • David Sommerseth (1):
  • plugin: Export base64 encode and decode functions
  • Gert Doering (4):
  • Add %d, %u and %lu tests to test_argv unit tests.
  • Fix combination of --dev tap and --topology subnet across multiple platforms.
  • Add 'printing of port number' to mroute_addr_print_ex() for v4-mapped v6.
  • preparing release v2.4.7 (ChangeLog, version.m4, Changes.rst)
  • Gert van Dijk (1):
  • Minor reliability layer documentation fixes
  • James Bekkema (1):
  • Resolves small IV_GUI_VER typo in the documentation.
  • Jonathan K. Bullard (1):
  • Clarify and expand management interface documentation
  • Lev Stipakov (5):
  • Refactor NCP-negotiable options handling
  • init.c: refine functions names and description
  • interactive.c: fix usage of potentially uninitialized variable
  • options.c: fix broken unary minus usage
  • Remove extra token after #endif
  • Richard van den Berg via Openvpn-devel (1):
  • Fix error message when using RHEL init script
  • Samy Mahmoudi (1):
  • man: correct a --redirection-gateway option flag
  • Selva Nair (7):
  • Replace M_DEBUG with D_LOW as the former is too verbose
  • Correct the declaration of handle in 'struct openvpn_plugin_args_open_return'
  • Bump version of openvpn plugin argument structs to 5
  • Move get system directory to a separate function
  • Enable dhcp on tap adapter using interactive service
  • Pass the hash without the DigestInfo header to NCryptSignHash()
  • White-list pull-filter and script-security in interactive service
  • Simon Rozman (2):
  • Add Interactive Service developer documentation
  • Detect TAP interfaces with root-enumerated hardware ID
  • Steffan Karger (7):
  • man: add security considerations to --compress section
  • mbedtls: print warning if random personalisation fails
  • Fix memory leak after sighup
  • travis: add OpenSSL 1.1 Windows build
  • Fix --disable-crypto build
  • Don't print OCC warnings about 'key-method', 'keydir' and 'tls-auth'
  • buffer_list_aggregate_separator(): simplify code

New in OpenVPN 2.4.6 (Apr 24, 2018)

  • David Sommerseth (1):
  • management: Warn if TCP port is used without password
  • Gert Doering (3):
  • Correct version in ChangeLog - should be 2.4.5, was mistyped as 2.4.4
  • Fix potential double-free() in Interactive Service (CVE-2018-9336)
  • preparing release v2.4.6 (ChangeLog, version.m4, Changes.rst)
  • Gert van Dijk (1):
  • manpage: improve description of --status and --status-version
  • Joost Rijneveld (1):
  • Make return code external tls key match docs
  • Selva Nair (3):
  • Delete the IPv6 route to the "connected" network on tun close
  • Management: warn about password only when the option is in use
  • Avoid overflow in wakeup time computation
  • Simon Matter (1):
  • Add missing #ifdef SSL_OP_NO_TLSv1_1/2
  • Steffan Karger (1):
  • Check for more data in control channel

New in OpenVPN 2.4.3 (Jun 24, 2017)

  • Antonio Quartulli (1):
  • Ignore auth-nocache for auth-user-pass if auth-token is pushed
  • David Sommerseth (3):
  • crypto: Enable SHA256 fingerprint checking in --verify-hash
  • copyright: Update GPLv2 license texts
  • auth-token with auth-nocache fix broke --disable-crypto builds
  • Emmanuel Deloget (8):
  • OpenSSL: don't use direct access to the internal of X509
  • OpenSSL: don't use direct access to the internal of EVP_PKEY
  • OpenSSL: don't use direct access to the internal of RSA
  • OpenSSL: don't use direct access to the internal of DSA
  • OpenSSL: force meth->name as non-const when we free() it
  • OpenSSL: don't use direct access to the internal of EVP_MD_CTX
  • OpenSSL: don't use direct access to the internal of EVP_CIPHER_CTX
  • OpenSSL: don't use direct access to the internal of HMAC_CTX
  • Gert Doering (6):
  • Fix NCP behaviour on TLS reconnect.
  • Remove erroneous limitation on max number of args for --plugin
  • Fix edge case with clients failing to set up cipher on empty PUSH_REPLY.
  • Fix potential 1-byte overread in TCP option parsing.
  • Fix remotely-triggerable ASSERT() on malformed IPv6 packet.
  • Preparing for release v2.4.3 (ChangeLog, version.m4, Changes.rst)
  • Guido Vranken (6):
  • refactor my_strupr
  • Fix 2 memory leaks in proxy authentication routine
  • Fix memory leak in add_option() for option 'connection'
  • Ensure option array p[] is always NULL-terminated
  • Fix a null-pointer dereference in establish_http_proxy_passthru()
  • Prevent two kinds of stack buffer OOB reads and a crash for invalid input data
  • Jérémie Courrèges-Anglas (2):
  • Fix an unaligned access on OpenBSD/sparc64
  • Missing include for socket-flags TCP_NODELAY on OpenBSD
  • Matthias Andree (1):
  • Make openvpn-plugin.h self-contained again.
  • Selva Nair (1):
  • Pass correct buffer size to GetModuleFileNameW()
  • Steffan Karger (11):
  • Log the negotiated (NCP) cipher
  • Avoid a 1 byte overcopy in x509_get_subject (ssl_verify_openssl.c)
  • Skip tls-crypt unit tests if required crypto mode not supported
  • openssl: fix overflow check for long --tls-cipher option
  • Add a DSA test key/cert pair to sample-keys
  • Fix mbedtls fingerprint calculation
  • mbedtls: fix --x509-track post-authentication remote DoS (CVE-2017-7522)
  • mbedtls: require C-string compatible types for --x509-username-field
  • Fix remote-triggerable memory leaks (CVE-2017-7521)
  • Restrict --x509-alt-username extension types
  • Fix potential double-free in --x509-alt-username (CVE-2017-7521)
  • Steven McDonald (1):
  • Fix gateway detection with OpenBSD routing domains

New in OpenVPN 2.4.2 (May 24, 2017)

  • auth-token: Ensure tokens are always wiped on de-auth
  • docs: Fixed man-page warnings discoverd by rpmlint
  • Make --cipher/--auth none more explicit on the risks
  • plugin: Fix documentation typo for type_mask
  • plugin: Export secure_memzero() to plug-ins
  • Fix extract_x509_field_ssl for external objects, v2
  • In auth-pam plugin clear the password after use
  • cleanup: merge packet_id_alloc_outgoing() into packet_id_write()
  • Don't run packet_id unit tests for --disable-crypto builds
  • Fix Changes.rst layout
  • Fix memory leak in x509_verify_cert_ku()
  • mbedtls: correctly check return value in pkcs11_certificate_dn()
  • Restore pre-NCP frame parameters for new sessions
  • Always clear username/password from memory on error
  • Document tls-crypt security considerations in man page
  • Don't assert out on receiving too-large control packets (CVE-2017-7478)
  • Drop packets instead of assert out if packet id rolls over (CVE-2017-7479)
  • Set a low interface metric for tap adapter when block-outside-dns is in use

New in OpenVPN 2.4.1 (Mar 27, 2017)

  • Antonio Quartulli (4):
  • attempt to add IPv6 route even when no IPv6 address was configured
  • fix redirect-gateway behaviour when an IPv4 default route does not exist
  • CRL: use time_t instead of struct timespec to store last mtime
  • ignore remote-random-hostname if a numeric host is provided
  • Christian Hesse (7):
  • man: fix formatting for alternative option
  • systemd: Use automake tools to install unit files
  • systemd: Do not race on RuntimeDirectory
  • systemd: Add more security feature for systemd units
  • Clean up plugin path handling
  • plugin: Remove GNUism in openvpn-plugin.h generation
  • fix typo in notification message
  • David Sommerseth (6):
  • management: >REMOTE operation would overwrite ce change indicator
  • management: Remove a redundant #ifdef block
  • git: Merge .gitignore files into a single file
  • systemd: Move the READY=1 signalling to an earlier point
  • plugin: Improve the handling of default plug-in directory
  • cleanup: Remove faulty env processing functions
  • Emmanuel Deloget (8):
  • OpenSSL: check for the SSL reason, not the full error
  • OpenSSL: don't use direct access to the internal of X509_STORE_CTX
  • OpenSSL: don't use direct access to the internal of SSL_CTX
  • OpenSSL: don't use direct access to the internal of X509_STORE
  • OpenSSL: don't use direct access to the internal of X509_OBJECT
  • OpenSSL: don't use direct access to the internal of RSA_METHOD
  • OpenSSL: SSLeay symbols are no longer available in OpenSSL 1.1
  • OpenSSL: use EVP_CipherInit_ex() instead of EVP_CipherInit()
  • Eric Thorpe (1):
  • Fix Building Using MSVC
  • Gert Doering (5):
  • Add openssl_compat.h to openvpn_SOURCES
  • Fix '--dev null'
  • Fix installation of IPv6 host route to VPN server when using iservice.
  • Make ENABLE_OCC no longer depend on !ENABLE_SMALL
  • Preparing for release v2.4.1 (ChangeLog, version.m4)
  • Gisle Vanem (1):
  • Crash in options.c
  • Ilya Shipitsin (2):
  • Resolve several travis-ci issues
  • travis-ci: remove unused files
  • Olivier Wahrenberger (1):
  • Fix building with LibreSSL 2.5.1 by cleaning a hack.
  • Selva Nair (4):
  • Fix push options digest update
  • Always release dhcp address in close_tun() on Windows.
  • Add a check for -Wl, --wrap support in linker
  • Fix user's group membership check in interactive service to work with domains
  • Simon Matter (1):
  • Fix segfault when using crypto lib without AES-256-CTR or SHA256
  • Steffan Karger (8):
  • More broadly enforce Allman style and braces-around-conditionals
  • Use SHA256 for the internal digest, instead of MD5
  • OpenSSL: 1.1 fallout - fix configure on old autoconf
  • Fix types in WIN32 socket_listen_accept()
  • Remove duplicate X509 env variables
  • Fix non-C99-compliant builds: don't use const size_t as array length
  • Deprecate --ns-cert-type
  • Be less picky about keyUsage extensions

New in OpenVPN 2.3.14 (Dec 8, 2016)

  • Christian Hesse (1):
  • update year in copyright message
  • David Sommerseth (2):
  • man: Improve the --keepalive section
  • Document the --auth-token option
  • Gert Doering (3):
  • Repair topology subnet on FreeBSD 11
  • Repair topology subnet on OpenBSD
  • Preparing release of v2.3.14
  • Lev Stipakov (1):
  • Drop recursively routed packets
  • Selva Nair (4):
  • Support --block-outside-dns on multiple tunnels
  • When parsing '--setenv opt xx ..' make sure a third parameter is present
  • Map restart signals from event loop to SIGTERM during exit-notification wait
  • Correctly state the default dhcp server address in man page
  • Steffan Karger (1):
  • Clean up format_hex_ex()

New in OpenVPN 2.3.8 (Sep 14, 2015)

  • Arne Schwabe (2):
  • Report missing endtags of inline files as warnings
  • Fix commit e473b7c if an inline file happens to have a line break exactly at buffer limit
  • Gert Doering (3):
  • Produce a meaningful error message if --daemon gets in the way of asking for passwords.
  • Document --daemon changes and consequences (--askpass, --auth-nocache).
  • Preparing for release v2.3.8 (ChangeLog, version.m4)
  • Holger Kummert (1):
  • Del ipv6 addr on close of linux tun interface
  • James Geboski (1):
  • Fix --askpass not allowing for password input via stdin
  • Steffan Karger (5):
  • write pid file immediately after daemonizing
  • Make __func__ work with Visual Studio too
  • fix regression: query password before becoming daemon
  • Fix using management interface to get passwords.
  • Fix overflow check in openvpn_decrypt()

New in OpenVPN 2.3.5 (Oct 31, 2014)

  • Andris Kalnozols (2):
  • Fix some typos in the man page.
  • Do not upcase x509-username-field for mixed-case arguments.
  • Arne Schwabe (1):
  • Fix server routes not working in topology subnet with --server [v3]
  • David Sommerseth (4):
  • Improve error reporting on file access to --client-config-dir and --ccd-exclusive
  • Don't let openvpn_popen() keep zombies around
  • Add systemd unit file for OpenVPN
  • systemd: Use systemd functions to consider systemd availability
  • Gert Doering (4):
  • Drop incoming fe80:: packets silently now.
  • Fix t_lpback.sh platform-dependent failures
  • Call init script helpers with explicit path (./)
  • Preparing for release v2.3.5 (ChangeLog, version.m4)
  • Heiko Hund (1):
  • refine assertion to allow other modes than CBC
  • Hubert Kario (2):
  • ocsp_check - signature verification and cert staus results are separate
  • ocsp_check - double check if ocsp didn't report any errors in execution
  • James Bekkema (1):
  • Fix socket-flag/TCP_NODELAY on Mac OS X
  • James Yonan (6):
  • Fixed several instances of declarations after statements.
  • In socket.c, fixed issue where uninitialized value (err) is being passed to to gai_strerror.
  • Explicitly cast the third parameter of setsockopt to const void * to avoid warning.
  • MSVC 2008 doesn't support dimensioning an array with a const var nor using %z as a printf format specifier.
  • Define PATH_SEPARATOR for MSVC builds.
  • Fixed some compile issues with show_library_versions()
  • Jann Horn (1):
  • Remove quadratic complexity from openvpn_base64_decode()
  • Mike Gilbert (1):
  • Add configure check for the path to systemd-ask-password
  • Philipp Hagemeister (2):
  • Add topology in sample server configuration file
  • Implement on-link route adding for iproute2
  • Samuel Thibault (1):
  • Ensure that client-connect files are always deleted
  • Steffan Karger (13):
  • Remove function without effect (cipher_ok() always returned true).
  • Remove unneeded wrapper functions in crypto_openssl.c
  • Fix bug that incorrectly refuses oid representation eku's in polar builds
  • Update README.polarssl
  • Rename ALLOW_NON_CBC_CIPHERS to ENABLE_OFB_CFB_MODE, and add to configure.
  • Add proper check for crypto modes (CBC or OFB/CFB)
  • Improve --show-ciphers to show if a cipher can be used in static key mode
  • Extend t_lpback tests to test all ciphers reported by --show-ciphers
  • Don't exit daemon if opening or parsing the CRL fails.
  • Fix typo in cipher_kt_mode_{cbc, ofb_cfb}() doxygen.
  • Fix regression with password protected private keys (polarssl)
  • ssl_polarssl.c: fix includes and make casts explicit
  • Remove unused variables from ssl_verify_openssl.c extract_x509_extension()
  • TDivine (1):
  • Fix "code=995" bug with windows NDIS6 tap driver.

New in OpenVPN 2.3.4 (May 16, 2014)

  • Fix man page and OSCP script: tls_serial_{n} is decimal
  • Fix is_ipv6 in case of tap interface.
  • IPv6 address/route delete fix for Win8
  • Add SSL library version reporting.
  • Minor t_client.sh cleanups
  • Repair --multihome on FreeBSD for IPv4 sockets.
  • Rewrite manpage section about --multihome
  • More IPv6-related updates to the openvpn man page.
  • Conditionalize calls to print_default_gateway on !ENABLE_SMALL
  • Preparing for release v2.3.4 (ChangeLog, version.m4)
  • Use native strtoull() with MSVC 2013.
  • When tls-version-min is unspecified, revert to original versioning approach.
  • Change signedness of hash in x509_get_sha1_hash(), fixes compiler warning.
  • Fix OCSP_check.sh to also use decimal for stdout verification.
  • Fix build system to accept non-system crypto library locations for plugins.
  • Make serial env exporting consistent amongst OpenSSL and PolarSSL builds.
  • Fix SOCKSv5 method selection
  • Fix typo in sample build script to use LDFLAGS

New in OpenVPN 2.3.3 (Apr 11, 2014)

  • pkcs11: use generic evp key instead of rsa
  • Add support of utun devices under Mac OS X
  • Add support to ignore specific options.
  • Add a note what setenv opt does for OpenVPN < 2.3.3
  • Add reporting of UI version to basic push-peer-info set.
  • Fix compile error in ssl_openssl introduced by polar external-management patch
  • Fix assertion when SIGUSR1 is received while getaddrinfo is successful
  • Add warning for using connection block variables after connection blocks
  • Introduce safety check for http proxy options
  • man page: Update man page about the tls_digest_{n} environment variable
  • Remove the --disable-eurephia configure option
  • plugin: Extend the plug-in v3 API to identify the SSL implementation used
  • autoconf: Fix typo
  • Fix file checks when --chroot is being used
  • Document authfile for socks server
  • Fix IPv6 examples in t_client.rc-sample
  • Fix slow memory drain on each client renegotiation.
  • t_client.sh: ignore fields from "ip -6 route show" output that distort results.
  • Make code and documentation for --remote-random-hostname consistent.
  • Reduce IV_OPENVPN_GUI_VERSION= to IV_GUI_VER=
  • Document issue with --chroot, /dev/urandom and PolarSSL.
  • Rename 'struct route' to 'struct route_ipv4'
  • Replace copied structure elements with including
  • Workaround missing SSL_OP_NO_TICKET in earlier OpenSSL versions
  • Always load intermediate certificates from a PKCS#12 file
  • Support non-ASCII TAP adapter names on Windows
  • Support non-ASCII characters in Windows tmp path
  • TLS version negotiation
  • Added "setenv opt" directive prefix.
  • Set SSL_OP_NO_TICKET flag in SSL context for OpenSSL builds, to disable TLS stateless session resumption.
  • Fix spurious ignoring of pushed config options (trac#349).
  • Refactor tls_ctx_use_external_private_key()
  • --management-external-key for PolarSSL
  • external_pkcs1_sign: Support non-RSA_SIG_RAW hash_ids
  • Correct error text when no Windows TAP device is present
  • Require a 1.2.x PolarSSL version
  • tls_ctx_load_ca: Improve certificate error messages
  • Remove duplicate cipher entries from TLS translation table.
  • Fix configure interaction with static OpenSSL libraries
  • Do not pass struct tls_session* as void* in key_state_ssl_init().
  • Require polarssl >= 1.2.10 for polarssl-builds, which fixes CVE-2013-5915.
  • Use RSA_generate_key_ex() instead of deprecated, RSA_generate_key()
  • Also update TLSv1_method() calls in support code to SSLv23_method() calls.
  • Update TLSv1 error messages to SSLv23 to reflect changes from commit 4b67f98
  • If --tls-cipher is supplied, make --show-tls parse the list.
  • Add openssl-specific common cipher list names to ssl.c.
  • Add support for client-cert-not-required for PolarSSL.
  • Fix "." in description of utun.

New in OpenVPN 2.3.2 (Nov 14, 2013)

  • Only print script warnings when a script is used. Remove stray mention of script-security system.
  • Move settings of user script into set_user_script function
  • Move checking of script file access into set_user_script
  • Provide more accurate warning message
  • Fix NULL-pointer crash in route_list_add_vpn_gateway().
  • Fix problem with UDP tunneling due to mishandled pktinfo structures.
  • Preparing for v2.3.2 (ChangeLog, version.m4)
  • Always push basic set of peer info values to server.
  • make 'explicit-exit-notify' pullable again
  • Fix proto tcp6 for server & non-P2MP modes
  • Fix Windows script execution when called from script hooks
  • Fixed tls-cipher translation bug in openssl-build
  • Fixed usage of stale define USE_SSL to ENABLE_SSL
  • Fix segfault when enabling pf plug-ins

New in OpenVPN 2.2.2 (Feb 11, 2012)

  • Only warn about non-tackled IPv6 packets once
  • Add missing break between "case IPv4" and "case IPv6", leading to the
  • Bump tap driver version from 9.8 to 9.9
  • Log error message and exit for "win32, tun mode, tap driver version 9.8"
  • Backported pkcs11-related parts of 7a8d707237bb18 to 2.2 branch

New in OpenVPN 2.2.2 (Feb 11, 2012)

  • Only warn about non-tackled IPv6 packets once

New in OpenVPN 2.2 Beta 5 (Dec 21, 2010)

  • Fixed an issue causing a build failure with MS Visual Studio 2008.

New in OpenVPN 2.1.4 (Dec 21, 2010)

  • Fix problem with special case route targets ('remote_host')
  • The init_route() function will leave &netlist untouched for get_special_addr() routes ("remote_host" being one of them).
  • netlist is on stack, contains random garbage, and netlist.len will not be 0 - thus, random stack data is copied from netlist.data[] until the route_list is full.

New in OpenVPN 2.1 (Oct 22, 2010)

  • Windows security issue:
  • Fixed potential local privilege escalation vulnerability in Windows service. The Windows service did not properly quote the executable filename passed to CreateService. A local attacker with write access to the root directory C:\ could create an executable that would be run with the same privilege level as the OpenVPN Windows service. However, since non-Administrative users normally lack write permission on C:\, this vulnerability is generally not exploitable except on older versions of Windows (such as Win2K) where the default permissions on C:\ would allow any user to create files there.
  • Credit:
  • Scott Laurie, MWR InfoSecurity
  • Added Python-based based alternative build system for Windows using Visual Studio 2008 (in win directory).
  • When aborting in a non-graceful way, try to execute do_close_tun in init.c prior to daemon exit to ensure that the tun/tap interface is closed and any added routes are deleted.
  • Fixed an issue where AUTH_FAILED was not being properly delivered to the client when a bad password is given for mid-session reauth, causing the connection to fail without an error indication.
  • Don't advance to the next connection profile on AUTH_FAILED errors.
  • Fixed an issue in the Management Interface that could cause a process hang with 100% CPU utilization in --management-client mode if the management interface client disconnected at the point where credentials are queried.
  • Fixed an issue where if reneg-sec was set to 0 on the client, so that the server-side value would take precedence, the auth_deferred_expire_window function would incorrectly return a window period of 0 seconds. In this case, the correct window period should be the handshake window period.
  • Modified ">PASSWORD:Verification Failed" management interface notification to include a client reason string:
  • >PASSWORD:Verification Failed:
  • 'AUTH_TYPE' ['REASON_STRING']
  • Enable exponential backoff in reliability layer retransmits.
  • Set socket buffers (SO_SNDBUF and SO_RCVBUF) immediately after socket is created rather than waiting until after connect/listen.
  • Management interface performance optimizations:
  • 1. Added env-filter MI command to perform filtering on env vars passed through as a part of --management-client-auth 2. man_write will now try to aggregate output into larger blocks (up to 1024 bytes) for more efficient i/o
  • Fixed minor issue in Windows TAP driver DEBUG builds where non-null-terminated unicode strings were being printed incorrectly.
  • Fixed issue on Windows with MSVC compiler, where TCP_NODELAY support was not being compiled in.
  • Proxy improvements:
  • Improved the ability of http-auth "auto" flag to dynamically detect the auth method required by the proxy. Added http-auth "auto-nct" flag to reject weak proxy auth methods. Added HTTP proxy digest authentication method. Removed extraneous openvpn_sleep calls from proxy.c.
  • Implemented http-proxy-override and http-proxy-fallback directives to make it easier for OpenVPN client UIs to start a pre-existing client config file with proxy options, or to adaptively fall back to a proxy connection if a direct connection fails.
  • Implemented a key/value auth channel from client to server.
  • Fixed issue where bad creds provided by the management interface for HTTP Proxy Basic Authentication would go into an infinite retry-fail loop instead of requerying the management interface for new creds.
  • Added support for MSVC debugging of openvpn.exe in settings.in:
  • # Build debugging version of openvpn.exe !define PRODUCT_OPENVPN_DEBUG
  • Implemented multi-address DNS expansion on the network field of route commands. When only a single IP address is desired from a multi-address DNS expansion, use the first address rather than a random selection.
  • Added --register-dns option for Windows. Fixed some issues on Windows with --log, subprocess creation for command execution, and stdout/stderr redirection.
  • Fixed an issue where application payload transmissions on the TLS control channel (such as AUTH_FAILED) that occur during or immediately after a TLS renegotiation might be dropped.
  • Added warning about tls-remote option in man page.

New in OpenVPN 2.2 Beta 3 (Oct 22, 2010)

  • Attempt to fix issue where domake-win build system was not properly
  • signing drivers and .exe files.
  • Added win/tap_span.py for building multiple versions of the TAP driver
  • and tapinstall binaries using different DDK versions to span from Win2K
  • to Win7 and beyond.
  • Community patches
  • David Sommerseth (2):
  • Test framework improvment - Do not FAIL if t_client.rc is missing
  • More t_client.sh updates - exit with SKIP when we want to skip
  • Gert Doering (4):
  • Fix compile problems on NetBSD and OpenBSD
  • Fix compile time problems on OpenBSD for good
  • full "VPN client connect" test framework for OpenVPN
  • Build t_client.sh by configure at run-time.
  • chantra (1):
  • Fixes openssl-1.0.0 compilation warning

New in OpenVPN 2.1.1 (Dec 13, 2009)

  • Fixed some breakage in openvpn.spec (which is required to build an RPM distribution) where it was referencing a non-existent subdirectory in the tarball, causing it to fail (patch from David Sommerseth).