The OpenVPN community project team is proud to release OpenVPN 2.4.7. It can be downloaded from here:
<https://openvpn.net/community-downloads/> This is primarily a maintenance release with bugfixes and improvements. One of the big things is enhanced TLS 1.3 support Please note that LibreSSL is not a supported crypto backend. We accept patches and we do test on OpenBSD 6.0 which comes with LibreSSL, but if newer versions of LibreSSL break API compatibility we do not take responsibility to fix that. Also note that Windows installers have been built with NSIS version that has been patched against several NSIS installer code execution and privilege escalation problems: <https://community.openvpn.net/openvpn/wiki/NSISBug1125> Based on our testing, though, older Windows versions such as Windows 7 might not benefit from these fixes. We thus strongly encourage you to always move NSIS installers to a non-user-writeable location before running them. Our long-term plan is to migrate to using MSI installers instead. A summary of all included changes is available here: <https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst> A full list of changes is available here: <https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24> Compared to OpenVPN 2.3 this is a major update with a large number of new features, improvements and fixes. Some of the major features are AEAD (GCM) cipher and Elliptic Curve DH key exchange support, improved IPv4/IPv6 dual stack support and more seamless connection migration when client's IP address changes (Peer-ID). Also, the new --tls-crypt feature can be used to increase users' connection privacy. OpenVPN GUI bundled with the Windows installer has a large number of new features compared to the one bundled with OpenVPN 2.3. One of major features is the ability to run OpenVPN GUI without administrator privileges. For full details, look here: <https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24> The new OpenVPN GUI features are documented here: <https://github.com/OpenVPN/openvpn-gui> Please note that OpenVPN 2.4 installers will not work on Windows XP. For generic help use these support channels: Official documentation: <http://openvpn.net/index.php/open-source/documentation/howto.html> Wiki: <https://community.openvpn.net> Forums: <https://forums.openvpn.net> User mailing list: <http://sourceforge.net/mail/?group_id=48978> User IRC channel: #openvpn at irc.freenode.net Please report bugs and ask development questions here: Bug tracker and wiki: <https://community.openvpn.net> Developer mailing list: <http://sourceforge.net/mail/?group_id=48978> Developer IRC channel: #openvpn-devel at irc.freenode.net (requires Freenode registration) -- Samuli Seppänen Community Manager OpenVPN Technologies, Inc irc freenode net: mattock
Adam Ciarciński (1):
Fix subnet topology on NetBSD (2.4).
Antonio Quartulli (3):
add support for %lu in argv_printf and prevent ASSERT
buffer_list: add functions documentation
ifconfig-ipv6(-push): allow using hostnames
Arne Schwabe (7):
Properly free tuntap struct on android when emulating persist-tun
Add OpenSSL compat definition for RSA_meth_set_sign
Add support for tls-ciphersuites for TLS 1.3
Add better support for showing TLS 1.3 ciphersuites in --show-tls
Use right function to set TLS1.3 restrictions in show-tls
Add message explaining early TLS client hello failure
Fallback to password authentication when auth-token fails
Christian Ehrhardt (1):
systemd: extend CapabilityBoundingSet for auth_pam
David Sommerseth (1):
plugin: Export base64 encode and decode functions
Gert Doering (4):
Add %d, %u and %lu tests to test_argv unit tests.
Fix combination of --dev tap and --topology subnet across multiple
platforms.
Add 'printing of port number' to mroute_addr_print_ex() for v4-mapped v6.
preparing release v2.4.7 (ChangeLog, version.m4, Changes.rst)
Gert van Dijk (1):
Minor reliability layer documentation fixes
James Bekkema (1):
Resolves small IV_GUI_VER typo in the documentation.
Jonathan K. Bullard (1):
Clarify and expand management interface documentation
Lev Stipakov (5):
Refactor NCP-negotiable options handling
init.c: refine functions names and description
interactive.c: fix usage of potentially uninitialized variable
options.c: fix broken unary minus usage
Remove extra token after #endif
Richard van den Berg via Openvpn-devel (1):
Fix error message when using RHEL init script
Samy Mahmoudi (1):
man: correct a --redirection-gateway option flag
Selva Nair (7):
Replace M_DEBUG with D_LOW as the former is too verbose
Correct the declaration of handle in 'struct
openvpn_plugin_args_open_return'
Bump version of openvpn plugin argument structs to 5
Move get system directory to a separate function
Enable dhcp on tap adapter using interactive service
Pass the hash without the DigestInfo header to NCryptSignHash()
White-list pull-filter and script-security in interactive service
Simon Rozman (2):
Add Interactive Service developer documentation
Detect TAP interfaces with root-enumerated hardware ID
Steffan Karger (7):
man: add security considerations to --compress section
mbedtls: print warning if random personalisation fails
Fix memory leak after sighup
travis: add OpenSSL 1.1 Windows build
Fix --disable-crypto build
Don't print OCC warnings about 'key-method', 'keydir' and 'tls-auth'
buffer_list_aggregate_separator(): simplify code
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
