Release notes:

The often-requested HTTP proxy feature
has been added to allow OpenVPN to connect
to its remote peer through an HTTP proxy
using the HTTP CONNECT method.
Basic HTTP authentication is supported as an
option.  For more info, see the --http-proxy

The --redirect-gateway feature has been added
which redirects all IP traffic into the tunnel.

Many of the changes in this release involve
minor additions to the crypto layer.

The --secret and --tls-auth options now support
key directionality, where different keys
can be used for both data flow directions.
To use the new key directionality feature, you
must generate a new key with --genkey, then
add a direction parameter to --secret or
--tls-auth.  See the man page for details.

The --tls-auth option now accepts an OpenVPN
static key file generated by --genkey.
Freeform files can still be used with --tls-auth --
they will be hashed to generate an HMAC key.

The replay protection logic now exports two
parameters which previously were held
constant.  See the --replay-window option.

A --key-method option has been added which can
be used to select one of two different data
channel key generation methods to be used
in TLS mode.  Key method 1 is the original,
default key generation method.  Key
method 2 is new and uses the TLS PRF function.

A Certificate Revocation List capability has
been added.

None of the crypto changes affect key file or
protocol compatibility with previous releases,
however all of the new crypto options (with the
exception of --replay-window) require current
versions of OpenVPN on both sides of the connection.

Reply via email to