Release notes: The often-requested HTTP proxy feature has been added to allow OpenVPN to connect to its remote peer through an HTTP proxy using the HTTP CONNECT method. Basic HTTP authentication is supported as an option. For more info, see the --http-proxy option.
The --redirect-gateway feature has been added which redirects all IP traffic into the tunnel. Many of the changes in this release involve minor additions to the crypto layer. The --secret and --tls-auth options now support key directionality, where different keys can be used for both data flow directions. To use the new key directionality feature, you must generate a new key with --genkey, then add a direction parameter to --secret or --tls-auth. See the man page for details. The --tls-auth option now accepts an OpenVPN static key file generated by --genkey. Freeform files can still be used with --tls-auth -- they will be hashed to generate an HMAC key. The replay protection logic now exports two parameters which previously were held constant. See the --replay-window option. A --key-method option has been added which can be used to select one of two different data channel key generation methods to be used in TLS mode. Key method 1 is the original, default key generation method. Key method 2 is new and uses the TLS PRF function. A Certificate Revocation List capability has been added. None of the crypto changes affect key file or protocol compatibility with previous releases, however all of the new crypto options (with the exception of --replay-window) require current versions of OpenVPN on both sides of the connection.
