[Openvpn-announce] OpenVPN 2.5.0 released

2020-10-28 Thread Samuli Seppänen
st: <http://sourceforge.net/mail/?group_id=48978>
User IRC channel: #openvpn at irc.freenode.net

--
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock


___
Openvpn-announce mailing list
Openvpn-announce@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-announce


[Openvpn-announce] OpenVPN 2.5-rc3 released

2020-10-19 Thread Samuli Seppänen

The OpenVPN community project team is proud to release OpenVPN
2.5-rc3. Source code and Windows installers can be downloaded from our
download page:

<https://openvpn.net/community-downloads/>

Debian and Ubuntu packages are available in the official apt repositories:

<https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos>

On Red Hat derivatives we recommend using the Fedora Copr repository:

<https://copr.fedorainfracloud.org/coprs/dsommers/openvpn-beta/>

This release includes a number of fixes to OpenVPN.

OpenVPN 2.5 is a new major release with many new features:

Client-specific tls-crypt keys (--tls-crypt-v2)
Added support for using the ChaCha20-Poly1305 cipher in the OpenVPN
data channel
Improved Data channel cipher negotiation
Removal of BF-CBC support in default configuration
Asynchronous (deferred) authentication support for auth-pam plugin
Deferred client-connect
Faster connection setup
Netlink support
Wintun support
IPv6-only operation
Improved Windows 10 detection
Linux VRF support
TLS 1.3 support
Support setting DHCP search domain
Handle setting of tun/tap interface MTU on Windows
HMAC based auth-token support
VLAN support
Support building of .msi installers for Windows
Allow unicode search string in --cryptoapicert option (Windows)
Support IPv4 configs with /31 netmasks now
New option --block-ipv6 to reject all IPv6 packets (ICMPv6)
MSI installer (Windows)
The MSI installer now bundles EasyRSA 3, a modern take on OpenVPN CA
  management

More details on these new features as well as a list of deprecated
features and user-visible changes are available in Changes.rst:

<https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst>

For generic help use these support channels:

Official documentation:
<http://openvpn.net/index.php/open-source/documentation/howto.html>
Wiki: <https://community.openvpn.net/>
Forums: <https://forums.openvpn.net/>
User mailing list: <http://sourceforge.net/mail/?group_id=48978>
User IRC channel: #openvpn at irc.freenode.net

Please report bugs and ask development questions here:

Community bug tracker: <https://community.openvpn.net/>
Developer mailing list: <http://sourceforge.net/mail/?group_id=48978>
Developer IRC channel: #openvpn-devel at irc.freenode.net (requires
Freenode registration)

--
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock


___
Openvpn-announce mailing list
Openvpn-announce@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-announce


[Openvpn-announce] OpenVPN 2.5-rc2 released

2020-09-30 Thread Samuli Seppänen
The OpenVPN community project team is proud to release OpenVPN
2.5-rc2. Source code and Windows installers can be downloaded from our
download page:

<https://openvpn.net/community-downloads/>

Debian and Ubuntu packages are available in the official apt repositories:

<https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos>

On Red Hat derivatives we recommend using the Fedora Copr repository:

<https://copr.fedorainfracloud.org/coprs/dsommers/openvpn-beta/>

This release includes a number of fixes to OpenVPN, most of which affect
Windows only.

OpenVPN 2.5 is a new major release with many new features:

Client-specific tls-crypt keys (--tls-crypt-v2)
Added support for using the ChaCha20-Poly1305 cipher in the OpenVPN
data channel
Improved Data channel cipher negotiation
Removal of BF-CBC support in default configuration
Asynchronous (deferred) authentication support for auth-pam plugin
Deferred client-connect
Faster connection setup
Netlink support
Wintun support
IPv6-only operation
Improved Windows 10 detection
Linux VRF support
TLS 1.3 support
Support setting DHCP search domain
Handle setting of tun/tap interface MTU on Windows
HMAC based auth-token support
VLAN support
Support building of .msi installers for Windows
Allow unicode search string in --cryptoapicert option (Windows)
Support IPv4 configs with /31 netmasks now
New option --block-ipv6 to reject all IPv6 packets (ICMPv6)
MSI installer (Windows)
The MSI installer now bundles EasyRSA 3, a modern take on OpenVPN CA
  management

More details on these new features as well as a list of deprecated
features and user-visible changes are available in Changes.rst:

<https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst>

For generic help use these support channels:

Official documentation:
<http://openvpn.net/index.php/open-source/documentation/howto.html>
Wiki: <https://community.openvpn.net/>
Forums: <https://forums.openvpn.net/>
User mailing list: <http://sourceforge.net/mail/?group_id=48978>
User IRC channel: #openvpn at irc.freenode.net

Please report bugs and ask development questions here:

Community bug tracker: <https://community.openvpn.net/>
Developer mailing list: <http://sourceforge.net/mail/?group_id=48978>
Developer IRC channel: #openvpn-devel at irc.freenode.net (requires
Freenode registration)

-- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock


Gert Doering (1):
  Preparing release 2.5_rc2

Lev Stipakov (1):
  Alias ADAPTER_DOMAIN_SUFFIX to DOMAIN

Selva Nair (2):
  Set DNS Domain using iservice
  Improve documentation of --username-as-common-name

Simon Rozman via Openvpn-devel (4):
  netsh: Specify interfaces by index rather than name
  netsh: Clear existing IPv6 DNS servers before configuring new ones
  netsh: Delete WINS servers on TUN close
  openvpnmsica: Simplify find_adapters() to void return

Vladislav Grishenko (1):
  Fix update_time() and openvpn_gettimeofday() coexistence



pEpkey.asc
Description: application/pgp-keys
___
Openvpn-announce mailing list
Openvpn-announce@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-announce


[Openvpn-announce] OpenVPN 2.5-rc1 released

2020-09-22 Thread Samuli Seppänen
The OpenVPN community project team is proud to release OpenVPN
2.5-rc1. Source code and Windows installers can be downloaded from our
download page:

<https://openvpn.net/community-downloads/>

Debian and Ubuntu packages are available in the official apt repositories:

<https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos>

On Red Hat derivatives we recommend using the Fedora Copr repository:

<https://copr.fedorainfracloud.org/coprs/dsommers/openvpn-beta/>

This release includes a number of fixes to OpenVPN. On the Windows side
there are several changes:

- The MSI installer now bundles EasyRSA 3, a modern take on OpenVPN CA
management

- OpenVPN GUI can now be run as admin without breaking Wintun with the
"Always use interactive service by default" checkbox.

- Windows performance is increased by enabling compile-time
optimizations for OpenVPN and OpenSSL.

OpenVPN 2.5 is a new major release with many new features:

Client-specific tls-crypt keys (--tls-crypt-v2)
Added support for using the ChaCha20-Poly1305 cipher in the OpenVPN
data channel
Improved Data channel cipher negotiation
Removal of BF-CBC support in default configuration
Asynchronous (deferred) authentication support for auth-pam plugin
Deferred client-connect
Faster connection setup
Netlink support
Wintun support
IPv6-only operation
Improved Windows 10 detection
Linux VRF support
TLS 1.3 support
Support setting DHCP search domain
Handle setting of tun/tap interface MTU on Windows
HMAC based auth-token support
VLAN support
Support building of .msi installers for Windows
Allow unicode search string in --cryptoapicert option (Windows)
Support IPv4 configs with /31 netmasks now
New option --block-ipv6 to reject all IPv6 packets (ICMPv6)

More details on these new features as well as a list of deprecated
features and user-visible changes are available in Changes.rst:

<https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst>

For generic help use these support channels:

Official documentation:
<http://openvpn.net/index.php/open-source/documentation/howto.html>
Wiki: <https://community.openvpn.net/>
Forums: <https://forums.openvpn.net/>
User mailing list: <http://sourceforge.net/mail/?group_id=48978>
User IRC channel: #openvpn at irc.freenode.net

Please report bugs and ask development questions here:

Community bug tracker: <https://community.openvpn.net/>
Developer mailing list: <http://sourceforge.net/mail/?group_id=48978>
Developer IRC channel: #openvpn-devel at irc.freenode.net (requires
Freenode registration)

-- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock

David Sommerseth (4):
  man: Add missing --server-ipv6
  man: Improve --remote entry
  sample-plugins: Partially autotoolize the sample-plugins build
  build: Fix make distclean/distcheck

Gert Doering (11):
  Fix handling of 'route remote_host' for IPv6 transport case.
  Replace 'echo -n' with 'printf' in tests/t_lpback.sh
  Fix description of --client-disconnect calling convention in manpage.
  Handle NULL returns from calloc() in sample plugins.
  Fix --show-gateway for IPv6 on NetBSD/i386.
  socks.c: fix alen for DOMAIN type addresses, bump up buffer sizes
  Fix netbits setting (in TAP mode) for IPv6 on Windows.
  If IPv6 pool specification sets pool start to ::0 address, increment.
  Add demo plugin that excercises "CLIENT_CONNECT" and "CLIENT_CONNECT_V2" 
paths
  Fix combination of --dev tap and --topology subnet across multiple 
platforms.
  Preparing release 2.5_rc1

Lev Stipakov (1):
  msvc: better support for 32bit architecture

Selva Nair (2):
  Add a remark on dropping privileges when --mlock is used
  Allow --dhcp-option in config file when windows-driver is wintun

Vladislav Grishenko (1):
  Fix fatal error at switching remotes (#629)



pEpkey.asc
Description: application/pgp-keys
___
Openvpn-announce mailing list
Openvpn-announce@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-announce


[Openvpn-announce] OpenVPN 2.5-beta4 released

2020-09-11 Thread Samuli Seppänen
The OpenVPN community project team is proud to release OpenVPN
2.5-beta4. Source code and Windows installers can be downloaded from our
download page:

<https://openvpn.net/community-downloads/>

Debian and Ubuntu packages are available in the official apt repositories:

<https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos>

On Red Hat derivatives we recommend using the Fedora Copr repository:

<https://copr.fedorainfracloud.org/coprs/dsommers/openvpn-beta/>

The 2.5-beta4 release includes important fixes to the Windows MSI
installers, plus some smaller fixes to OpenVPN itself.

OpenVPN 2.5 is a new major release with many new features:

Client-specific tls-crypt keys (--tls-crypt-v2)
Added support for using the ChaCha20-Poly1305 cipher in the OpenVPN
data channel
Improved Data channel cipher negotiation
Removal of BF-CBC support in default configuration
Asynchronous (deferred) authentication support for auth-pam plugin
Deferred client-connect
Faster connection setup
Netlink support
Wintun support
IPv6-only operation
Improved Windows 10 detection
Linux VRF support
TLS 1.3 support
Support setting DHCP search domain
Handle setting of tun/tap interface MTU on Windows
HMAC based auth-token support
VLAN support
Support building of .msi installers for Windows
Allow unicode search string in --cryptoapicert option (Windows)
Support IPv4 configs with /31 netmasks now
New option --block-ipv6 to reject all IPv6 packets (ICMPv6)

More details on these new features as well as a list of deprecated
features and user-visible changes are available in Changes.rst:

<https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst>

For generic help use these support channels:

Official documentation:
<http://openvpn.net/index.php/open-source/documentation/howto.html>
Wiki: <https://community.openvpn.net/>
Forums: <https://forums.openvpn.net/>
User mailing list: <http://sourceforge.net/mail/?group_id=48978>
User IRC channel: #openvpn at irc.freenode.net

Please report bugs and ask development questions here:

Community bug tracker: <https://community.openvpn.net/>
Developer mailing list: <http://sourceforge.net/mail/?group_id=48978>
Developer IRC channel: #openvpn-devel at irc.freenode.net (requires
Freenode registration)

-- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock


pEpkey.asc
Description: application/pgp-keys
___
Openvpn-announce mailing list
Openvpn-announce@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-announce


[Openvpn-announce] OpenVPN 2.5-beta3 released

2020-09-01 Thread Samuli Seppänen
The OpenVPN community project team is proud to release OpenVPN
2.5-beta3. Source code and Windows installers can be downloaded from



Debian and Ubuntu packages are available in the official apt repositories:



On RedHat derivatives we recommend using the Fedora Copr repository:



This release includes fixes to MSI packaging and client NCP OCP fallback
behavior.

OpenVPN 2.5 is a new major release with many new features:

- Client-specific tls-crypt keys (--tls-crypt-v2)
- Added support for using the ChaCha20-Poly1305 cipher in the
OpenVPN data channel
- Improved Data channel cipher negotiation
- Removal of BF-CBC support in default configuration
- Asynchronous (deferred) authentication support for auth-pam plugin
- Deferred client-connect
- Faster connection setup
- Netlink support
- Wintun support
- IPv6-only operation
- Improved Windows 10 detection
- Linux VRF support
- TLS 1.3 support
- Support setting DHCP search domain
- Handle setting of tun/tap interface MTU on Windows
- HMAC based auth-token support
- VLAN support
- Support building of .msi installers for Windows
- Allow unicode search string in --cryptoapicert option (Windows)
- Support IPv4 configs with /31 netmasks now
- New option --block-ipv6 to reject all IPv6 packets (ICMPv6)
- IPv4-only VPN

More details on these new features as well as a list of deprecated
features and user-visible changes are available in Changes.rst:



For generic help use these support channels:

Official documentation:

Wiki: 
Forums: 
User mailing list: 
User IRC channel: #openvpn at irc.freenode.net

Please report bugs and ask development questions here:

Bug tracker and wiki: 
Developer mailing list: 
Developer IRC channel: #openvpn-devel at irc.freenode.net (requires
Freenode registration)



signature.asc
Description: OpenPGP digital signature
___
Openvpn-announce mailing list
Openvpn-announce@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-announce


[Openvpn-announce] OpenVPN 2.5-beta1 released

2020-08-14 Thread Samuli Seppänen
The OpenVPN community project team is proud to release OpenVPN
2.5-beta1. Source code and Windows installers can be downloaded from



Debian and Ubuntu packages are available in the official apt repositories:



On RedHat derivatives we recommend using the Fedora Copr repository:



This is a new major release with many new features:

- Client-specific tls-crypt keys (--tls-crypt-v2)
- Added support for using the ChaCha20-Poly1305 cipher in the
OpenVPN data channel
- Improved Data channel cipher negotiation
- Removal of BF-CBC support in default configuration
- Asynchronous (deferred) authentication support for auth-pam plugin
- Deferred client-connect
- Faster connection setup
- Netlink support
- Wintun support
- IPv6-only operation
- Improved Windows 10 detection
- Linux VRF support
- TLS 1.3 support
- Support setting DHCP search domain
- Handle setting of tun/tap interface MTU on Windows
- HMAC based auth-token support
- VLAN support
- Support building of .msi installers for Windows
- Allow unicode search string in --cryptoapicert option (Windows)
- Support IPv4 configs with /31 netmasks now
- New option --block-ipv6 to reject all IPv6 packets (ICMPv6)
- IPv4-only VPN

More details on these new features as well as a list of deprecated
features and user-visible changes are available in Changes.rst:



For generic help use these support channels:

Official documentation:

Wiki: 
Forums: 
User mailing list: 
User IRC channel: #openvpn at irc.freenode.net

Please report bugs and ask development questions here:

Bug tracker and wiki: 
Developer mailing list: 
Developer IRC channel: #openvpn-devel at irc.freenode.net (requires
Freenode registration)




signature.asc
Description: OpenPGP digital signature
___
Openvpn-announce mailing list
Openvpn-announce@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-announce


[Openvpn-announce] OpenVPN 2.4.9 released

2020-04-17 Thread Samuli Seppänen
The OpenVPN community project team is proud to release OpenVPN 2.4.9. It
can be downloaded from here:



This is primarily a maintenance release with bugfixes and improvements.
This release also fixes a security issue (CVE-2020-11810, trac #1272)
which allows disrupting service of a freshly connected client that has
not yet not negotiated session keys. The vulnerability cannot be used to
inject or steal VPN traffic.

A summary of all included changes is available here:



A full list of changes is available here:



Please note that LibreSSL is not a supported crypto backend. We accept
patches and we do test on OpenBSD 6.0 which comes with LibreSSL, but if
newer versions of LibreSSL break API compatibility we do not take
responsibility to fix that.

Also note that  Windows installers have been built with NSIS version
that has been patched against several NSIS installer code execution and
privilege escalation problems:



Based on our testing, though, older Windows versions such as Windows 7
might not benefit from these fixes. We thus strongly encourage you to
always move NSIS installers to a non-user-writeable location before
running them. Our long-term plan is to migrate to using MSI installers
instead.

Compared to OpenVPN 2.3 this is a major update with a large number of
new features, improvements and fixes. Some of the major features are
AEAD (GCM) cipher and Elliptic Curve DH key exchange support, improved
IPv4/IPv6 dual stack support and more seamless connection migration when
client's IP address changes (Peer-ID). Also, the new --tls-crypt feature
can be used to increase users' connection privacy.

OpenVPN GUI bundled with the Windows installer has a large number of new
features compared to the one bundled with OpenVPN 2.3. One of major
features is the ability to run OpenVPN GUI without administrator privileges.

For full details, look here:



The new OpenVPN GUI features are documented here:



Please note that OpenVPN 2.4 installers will not work on Windows XP.

For generic help use these support channels:

Official documentation:

Wiki: 
Forums: 
User mailing list: 
User IRC channel: #openvpn at irc.freenode.net

Please report bugs and ask development questions here:

Bug tracker and wiki: 
Developer mailing list: 
Developer IRC channel: #openvpn-devel at irc.freenode.net (requires
Freenode registration)


Samuli

Antonio Quartulli (1):
  socks: use the right function when printing struct openvpn_sockaddr

Arne Schwabe (3):
  Fetch OpenSSL versions via source/old links
  Fix OpenSSL error stack handling of tls_ctx_add_extra_certs
  Fix OpenSSL 1.1.1 not using auto elliptic curve selection

Gert Doering (1):
  Preparing release v2.4.9 (ChangeLog, version.m4, Changes.rst)

Lev Stipakov (4):
  Fix broken fragmentation logic when using NCP
  Fix building with --enable-async-push in FreeBSD
  Fix broken async push with NCP is used
  Fix illegal client float (CVE-2020-11810)

Maxim Plotnikov (1):
  OpenSSL: Fix --crl-verify not loading multiple CRLs in one file

Santtu Lakkala (1):
  Fix OpenSSL private key passphrase notices

Selva Nair (7):
  Swap the order of checks for validating interactive service user
  Move querying username/password from management interface to a function
  When auth-user-pass file has no password query the management interface 
(if available).
  Fix possibly uninitialized return value in GetOpenvpnSettings()
  Fix possible access of uninitialized pipe handles
  Skip expired certificates in Windows certificate store
  Allow unicode search string in --cryptoapicert option

Tom van Leeuwen (1):
  mbedTLS: Make sure TLS session survives move

WGH (1):
  docs: Add reference to X509_LOOKUP_hash_dir(3)



signature.asc
Description: OpenPGP digital signature
___
Openvpn-announce mailing list
Openvpn-announce@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-announce


Re: [Openvpn-announce] OpenVPN 2.4.8 released

2019-10-31 Thread Samuli Seppänen
Hi,

We recently found out that the code signing certificate the 2.4.8
Windows installers use expired a couple of weeks ago. I will get a new
certificate today evening (~6 hours) and push out new installers.

This problem only seems to affect the prompt you get when you
double-click on the installer executable. You probably see "Unknown
publisher" there. Besides that Windows seems to be perfectly happy with
the executables and libraries. That is the main reason why a problem
such as this was able to slip through testing.

Samuli

Il 31/10/19 12:27, Samuli Seppänen ha scritto:
> The OpenVPN community project team is proud to release OpenVPN 2.4.8. It
> can be downloaded from here:
> 
> <https://openvpn.net/community-downloads/>
> 
> This is primarily a maintenance release with bugfixes and improvements.
> The Windows installers (I601) have several improvements compared to the
> previous release:
> 
> * New tap-windows6 driver (9.24.2) which fixes some suspend and resume
> issues
> * Latest OpenVPN-GUI
> * Considerable performance boost due to new compiler optimization flags
> 
> A summary of all included changes is available here:
> 
> <https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst>
> 
> A full list of changes is available here:
> 
> <https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24>
> 
> Please note that LibreSSL is not a supported crypto backend. We accept
> patches and we do test on OpenBSD 6.0 which comes with LibreSSL, but if
> newer versions of LibreSSL break API compatibility we do not take
> responsibility to fix that.
> 
> Also note that  Windows installers have been built with NSIS version
> that has been patched against several NSIS installer code execution and
> privilege escalation problems:
> 
> <https://community.openvpn.net/openvpn/wiki/NSISBug1125>
> 
> Based on our testing, though, older Windows versions such as Windows 7
> might not benefit from these fixes. We thus strongly encourage you to
> always move NSIS installers to a non-user-writeable location before
> running them. Our long-term plan is to migrate to using MSI installers
> instead.
> 
> Compared to OpenVPN 2.3 this is a major update with a large number of
> new features, improvements and fixes. Some of the major features are
> AEAD (GCM) cipher and Elliptic Curve DH key exchange support, improved
> IPv4/IPv6 dual stack support and more seamless connection migration when
> client's IP address changes (Peer-ID). Also, the new --tls-crypt feature
> can be used to increase users' connection privacy.
> 
> OpenVPN GUI bundled with the Windows installer has a large number of new
> features compared to the one bundled with OpenVPN 2.3. One of major
> features is the ability to run OpenVPN GUI without administrator privileges.
> 
> For full details, look here:
> 
> <https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24>
> 
> The new OpenVPN GUI features are documented here:
> 
> <https://github.com/OpenVPN/openvpn-gui>
> 
> Please note that OpenVPN 2.4 installers will not work on Windows XP.
> 
> For generic help use these support channels:
> 
> Official documentation:
> <http://openvpn.net/index.php/open-source/documentation/howto.html>
> Wiki: <https://community.openvpn.net>
> Forums: <https://forums.openvpn.net>
> User mailing list: <http://sourceforge.net/mail/?group_id=48978>
> User IRC channel: #openvpn at irc.freenode.net
> 
> Please report bugs and ask development questions here:
> 
> Bug tracker and wiki: <https://community.openvpn.net>
> Developer mailing list: <http://sourceforge.net/mail/?group_id=48978>
> Developer IRC channel: #openvpn-devel at irc.freenode.net (requires
> Freenode registration)
> 
> 
> Samuli
> 
> 
> 
> ___
> Openvpn-devel mailing list
> openvpn-de...@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openvpn-devel
> 




signature.asc
Description: OpenPGP digital signature
___
Openvpn-announce mailing list
Openvpn-announce@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-announce


[Openvpn-announce] OpenVPN 2.4.8 released

2019-10-31 Thread Samuli Seppänen
The OpenVPN community project team is proud to release OpenVPN 2.4.8. It
can be downloaded from here:



This is primarily a maintenance release with bugfixes and improvements.
The Windows installers (I601) have several improvements compared to the
previous release:

* New tap-windows6 driver (9.24.2) which fixes some suspend and resume
issues
* Latest OpenVPN-GUI
* Considerable performance boost due to new compiler optimization flags

A summary of all included changes is available here:



A full list of changes is available here:



Please note that LibreSSL is not a supported crypto backend. We accept
patches and we do test on OpenBSD 6.0 which comes with LibreSSL, but if
newer versions of LibreSSL break API compatibility we do not take
responsibility to fix that.

Also note that  Windows installers have been built with NSIS version
that has been patched against several NSIS installer code execution and
privilege escalation problems:



Based on our testing, though, older Windows versions such as Windows 7
might not benefit from these fixes. We thus strongly encourage you to
always move NSIS installers to a non-user-writeable location before
running them. Our long-term plan is to migrate to using MSI installers
instead.

Compared to OpenVPN 2.3 this is a major update with a large number of
new features, improvements and fixes. Some of the major features are
AEAD (GCM) cipher and Elliptic Curve DH key exchange support, improved
IPv4/IPv6 dual stack support and more seamless connection migration when
client's IP address changes (Peer-ID). Also, the new --tls-crypt feature
can be used to increase users' connection privacy.

OpenVPN GUI bundled with the Windows installer has a large number of new
features compared to the one bundled with OpenVPN 2.3. One of major
features is the ability to run OpenVPN GUI without administrator privileges.

For full details, look here:



The new OpenVPN GUI features are documented here:



Please note that OpenVPN 2.4 installers will not work on Windows XP.

For generic help use these support channels:

Official documentation:

Wiki: 
Forums: 
User mailing list: 
User IRC channel: #openvpn at irc.freenode.net

Please report bugs and ask development questions here:

Bug tracker and wiki: 
Developer mailing list: 
Developer IRC channel: #openvpn-devel at irc.freenode.net (requires
Freenode registration)


Samuli
Antonio Quartulli (1):
  mbedtls: fix segfault by calling mbedtls_cipher_free() in 
cipher_ctx_free()

Arne Schwabe (1):
  Remove -no-cpp-precomp flag from Darwin builds

David Sommerseth (3):
  cleanup: Remove RPM openvpn.spec build approach
  docs: Update INSTALL
  build: Package missing mock_msg.h

Gert Doering (5):
  repair windows builds (2.4)
  Increase listen() backlog queue to 32
  Force combinationation of --socks-proxy and --proto UDP to use IPv4.
  Fix IPv6 routes on tap interfaces on OpenSolaris/OpenIndiana
  preparing release v2.4.8 (ChangeLog, version.m4, Changes.rst)

Gisle Vanem (1):
  Wrong FILETYPE in .rc files

Hilko Bengen (1):
  Do not set pkcs11-helper 'safe fork mode'

Ilya Shipitsin (2):
  travis-ci: add "linux-ppc64le" to build matrix, change trusty image to 
xenial, update osx to xcode9.4 and modernize brew management
  travis-ci: fix osx builds

Kyle Evans (1):
  tests/t_lpback.sh: Switch sed(1) to POSIX-compatible regex.

Lev Stipakov (1):
  Fix various compiler warnings

Matthias Andree (1):
  Fix regression, reinstate LibreSSL support.

Michal Soltys (1):
  man: correct the description of --capath and --crl-verify regarding CRLs

Mykola Baibuz (1):
  Fix typo in NTLM proxy debug message

Richard Bonhomme (1):
  Ignore --pull-filter for --mode server

Rosen Penev (1):
  openssl: Fix compilation without deprecated OpenSSL 1.1 APIs

Selva Nair (3):
  Better error message when script fails due to script-security setting
  Correct the return value of cryptoapi RSA signature callbacks
  Handle PSS padding in cryptoapicert

Steffan Karger (1):
  cmocka: use relative paths

Thomas Quinot (1):
  Fix documentation of tls-verify script argument



signature.asc
Description: OpenPGP digital signature
___
Openvpn-announce mailing list
Openvpn-announce@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-announce


[Openvpn-announce] New OpenVPN 2.4.7 Windows installers released

2019-04-24 Thread Samuli Seppänen
Hi,

New OpenVPN Windows installers have been released. The release
highlights are:

- Latest openvpn-gui
- Latest openvpnserv2 (OpenVPNService)
- Latest tap-windows6 driver
  - ARM64 support
  - NDIS 6.30 support
  - other enhancements
  - fix to local privilege exploit vulnerability

The installers come in two flavors. Windows 7/8/8.1/Server 2012r2:

<https://swupdate.openvpn.org/community/releases/openvpn-install-2.4.7-I606-Win7.exe>

Windows 10 (any version):

<https://swupdate.openvpn.org/community/releases/openvpn-install-2.4.7-I606-Win10.exe>

We're unable to release a version for Windows Server 2016 at this point,
 so you need to use the old installer:

<https://swupdate.openvpn.org/community/releases/openvpn-install-2.4.7-I603.exe>

We're working on getting tap-windows6 pass the HLK test suite on Windows
Server 2016. This will allow us to get a signature from Microsoft and
release an updated tap-windows6 on that platform as well. While waiting
please avoid running OpenVPN on nodes where all users are not trusted.

For further details see the download page:

<https://openvpn.net/community-downloads/>

Best regards,

-- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock



signature.asc
Description: OpenPGP digital signature
___
Openvpn-announce mailing list
Openvpn-announce@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-announce


[Openvpn-announce] OpenVPN 2.4.7 released

2019-02-21 Thread Samuli Seppänen
The OpenVPN community project team is proud to release OpenVPN 2.4.7. It
can be downloaded from here:

<https://openvpn.net/community-downloads/>

This is primarily a maintenance release with bugfixes and improvements.
One of the big things is enhanced TLS 1.3 support

Please note that LibreSSL is not a supported crypto backend. We accept
patches and we do test on OpenBSD 6.0 which comes with LibreSSL, but if
newer versions of LibreSSL break API compatibility we do not take
responsibility to fix that.

Also note that  Windows installers have been built with NSIS version
that has been patched against several NSIS installer code execution and
privilege escalation problems:

<https://community.openvpn.net/openvpn/wiki/NSISBug1125>

Based on our testing, though, older Windows versions such as Windows 7
might not benefit from these fixes. We thus strongly encourage you to
always move NSIS installers to a non-user-writeable location before
running them. Our long-term plan is to migrate to using MSI installers
instead.

A summary of all included changes is available here:

<https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst>

A full list of changes is available here:

<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24>

Compared to OpenVPN 2.3 this is a major update with a large number of
new features, improvements and fixes. Some of the major features are
AEAD (GCM) cipher and Elliptic Curve DH key exchange support, improved
IPv4/IPv6 dual stack support and more seamless connection migration when
client's IP address changes (Peer-ID). Also, the new --tls-crypt feature
can be used to increase users' connection privacy.

OpenVPN GUI bundled with the Windows installer has a large number of new
features compared to the one bundled with OpenVPN 2.3. One of major
features is the ability to run OpenVPN GUI without administrator privileges.

For full details, look here:

<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24>

The new OpenVPN GUI features are documented here:

<https://github.com/OpenVPN/openvpn-gui>

Please note that OpenVPN 2.4 installers will not work on Windows XP.

For generic help use these support channels:

Official documentation:
<http://openvpn.net/index.php/open-source/documentation/howto.html>
Wiki: <https://community.openvpn.net>
Forums: <https://forums.openvpn.net>
User mailing list: <http://sourceforge.net/mail/?group_id=48978>
User IRC channel: #openvpn at irc.freenode.net

Please report bugs and ask development questions here:

Bug tracker and wiki: <https://community.openvpn.net>
Developer mailing list: <http://sourceforge.net/mail/?group_id=48978>
Developer IRC channel: #openvpn-devel at irc.freenode.net (requires
Freenode registration)

-- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock
Adam Ciarciński (1):
  Fix subnet topology on NetBSD (2.4).

Antonio Quartulli (3):
  add support for %lu in argv_printf and prevent ASSERT
  buffer_list: add functions documentation
  ifconfig-ipv6(-push): allow using hostnames

Arne Schwabe (7):
  Properly free tuntap struct on android when emulating persist-tun
  Add OpenSSL compat definition for RSA_meth_set_sign
  Add support for tls-ciphersuites for TLS 1.3
  Add better support for showing TLS 1.3 ciphersuites in --show-tls
  Use right function to set TLS1.3 restrictions in show-tls
  Add message explaining early TLS client hello failure
  Fallback to password authentication when auth-token fails

Christian Ehrhardt (1):
  systemd: extend CapabilityBoundingSet for auth_pam

David Sommerseth (1):
  plugin: Export base64 encode and decode functions

Gert Doering (4):
  Add %d, %u and %lu tests to test_argv unit tests.
  Fix combination of --dev tap and --topology subnet across multiple 
platforms.
  Add 'printing of port number' to mroute_addr_print_ex() for v4-mapped v6.
  preparing release v2.4.7 (ChangeLog, version.m4, Changes.rst)

Gert van Dijk (1):
  Minor reliability layer documentation fixes

James Bekkema (1):
  Resolves small IV_GUI_VER typo in the documentation.

Jonathan K. Bullard (1):
  Clarify and expand management interface documentation

Lev Stipakov (5):
  Refactor NCP-negotiable options handling
  init.c: refine functions names and description
  interactive.c: fix usage of potentially uninitialized variable
  options.c: fix broken unary minus usage
  Remove extra token after #endif

Richard van den Berg via Openvpn-devel (1):
  Fix error message when using RHEL init script

Samy Mahmoudi (1):
  man: correct a --redirection-gateway option flag

Selva Nair (7):
  Replace M_DEBUG with D_LOW as the former is too verbose
  Correct the declaration of handle in 'struct 
openvpn_plugin_args_open_return'
  Bump version of openvpn plugin argument structs to 5
  Move get 

[Openvpn-announce] OpenVPN 2.4.4 released (with security fixes)

2017-09-26 Thread Samuli Seppänen
The OpenVPN community project team is proud to release OpenVPN 2.4.4. It
can be downloaded from here:

<http://openvpn.net/index.php/open-source/downloads.html>

This release includes a large number of small fixes and enhancements.
There is also an important security fix for legacy setups that may still
be using key-method 1:

<https://community.openvpn.net/openvpn/wiki/CVE-2017-12166>

As that option was deprecated 12 years ago we estimate that not many
production setups are affected in practice.

In addition Windows installers have been built with NSIS version that
has been patched against several NSIS installer code execution and
privilege escalation problems:

<https://community.openvpn.net/openvpn/wiki/NSISBug1125>

Based on our testing, though, older Windows versions such as Windows 7
might not benefit from these fixes. We thus strongly encourage you to
always move NSIS installers to a non-user-writeable location before
running them. Our long-term plan is to migrate to using MSI installers
instead.

Windows installer I601 includes updated OpenVPN GUI (11.9.0.0) and
easy-rsa (2.3.2). Note that OpenVPN's bin directory is no longer added
to system PATH. While most users will be unaffected by this change, you
should have a look at vars.bat.sample if you are migrating an old
easy-rsa CA to a new easy-rsa installation.

A summary of all included changes is available here:

<https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst>

A full list of changes is available here:

<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24>

Compared to OpenVPN 2.3 this is a major update with a large number of
new features, improvements and fixes. Some of the major features are
AEAD (GCM) cipher and Elliptic Curve DH key exchange support, improved
IPv4/IPv6 dual stack support and more seamless connection migration when
client's IP address changes (Peer-ID). Also, the new --tls-crypt feature
can be used to increase users' connection privacy.

OpenVPN GUI bundled with the Windows installer has a large number of new
features compared to the one bundled with OpenVPN 2.3. One of major
features is the ability to run OpenVPN GUI without administrator privileges.

For full details, look here:

<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24>

The new OpenVPN GUI features are documented here:

<https://github.com/OpenVPN/openvpn-gui>

Please note that OpenVPN 2.4 installers will not work on Windows XP.

For generic help use these support channels:

Official documentation:
<http://openvpn.net/index.php/open-source/documentation/howto.html>
Wiki: <https://community.openvpn.net>
Forums: <https://forums.openvpn.net>
User mailing list: <http://sourceforge.net/mail/?group_id=48978>
User IRC channel: #openvpn at irc.freenode.net

Please report bugs and ask development questions here:

Bug tracker and wiki: <https://community.openvpn.net>
Developer mailing list: <http://sourceforge.net/mail/?group_id=48978>
Developer IRC channel: #openvpn-devel at irc.freenode.net (requires
Freenode registration)

-- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock






0x40864578.asc
Description: application/pgp-keys


0x40864578.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Openvpn-announce mailing list
Openvpn-announce@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-announce


[Openvpn-announce] OpenVPN 2.4.4 released (with security fixes)

2017-09-26 Thread Samuli Seppänen
The OpenVPN community project team is proud to release OpenVPN 2.4.4. It
can be downloaded from here:

<http://openvpn.net/index.php/open-source/downloads.html>

This release includes a large number of small fixes and enhancements.
There is also an important security fix for legacy setups that may still
be using key-method 1:

<https://community.openvpn.net/openvpn/wiki/CVE-2017-12166>

As that option was deprecated 12 years ago we estimate that not many
production setups are affected in practice.

In addition Windows installers have been built with NSIS version that
has been patched against several NSIS installer code execution and
privilege escalation problems:

<https://community.openvpn.net/openvpn/wiki/NSISBug1125>

Based on our testing, though, older Windows versions such as Windows 7
might not benefit from these fixes. We thus strongly encourage you to
always move NSIS installers to a non-user-writeable location before
running them. Our long-term plan is to migrate to using MSI installers
instead.

Windows installer I601 includes updated OpenVPN GUI (11.9.0.0) and
easy-rsa (2.3.2). Note that OpenVPN's bin directory is no longer added
to system PATH. While most users will be unaffected by this change, you
should have a look at vars.bat.sample if you are migrating an old
easy-rsa CA to a new easy-rsa installation.

A summary of all included changes is available here:

<https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst>

A full list of changes is available here:

<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24>

Compared to OpenVPN 2.3 this is a major update with a large number of
new features, improvements and fixes. Some of the major features are
AEAD (GCM) cipher and Elliptic Curve DH key exchange support, improved
IPv4/IPv6 dual stack support and more seamless connection migration when
client's IP address changes (Peer-ID). Also, the new --tls-crypt feature
can be used to increase users' connection privacy.

OpenVPN GUI bundled with the Windows installer has a large number of new
features compared to the one bundled with OpenVPN 2.3. One of major
features is the ability to run OpenVPN GUI without administrator privileges.

For full details, look here:

<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24>

The new OpenVPN GUI features are documented here:

<https://github.com/OpenVPN/openvpn-gui>

Please note that OpenVPN 2.4 installers will not work on Windows XP.

For generic help use these support channels:

Official documentation:
<http://openvpn.net/index.php/open-source/documentation/howto.html>
Wiki: <https://community.openvpn.net>
Forums: <https://forums.openvpn.net>
User mailing list: <http://sourceforge.net/mail/?group_id=48978>
User IRC channel: #openvpn at irc.freenode.net

Please report bugs and ask development questions here:

Bug tracker and wiki: <https://community.openvpn.net>
Developer mailing list: <http://sourceforge.net/mail/?group_id=48978>
Developer IRC channel: #openvpn-devel at irc.freenode.net (requires
Freenode registration)

-- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock





0x40864578.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Openvpn-announce mailing list
Openvpn-announce@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-announce


[Openvpn-announce] OpenVPN 2.3.18 released (with security fixes)

2017-09-26 Thread Samuli Seppänen
The OpenVPN community project team is proud to release OpenVPN 2.3.18.
It can be downloaded from here:

<http://openvpn.net/index.php/open-source/downloads.html>

This release has an important security fix for legacy setups that may
still be using key-method 1:

<https://community.openvpn.net/openvpn/wiki/CVE-2017-12166>

As that option was deprecated 12 years ago we estimate that not many
production setups are affected in practice.

In addition Windows installers have been built with NSIS version that
has been patched against several NSIS installer code execution and
privilege escalation problems:

<https://community.openvpn.net/openvpn/wiki/NSISBug1125>

Based on our testing, though, older Windows versions such as Windows 7
might not benefit from these fixes. We thus strongly encourage you to
always move NSIS installers to a non-user-writeable location before
running them. Our long-term plan is to migrate to using MSI installers
instead.

A summary of the changes is available here:

<https://github.com/OpenVPN/openvpn/blob/release/2.3/Changes.rst>

A full list of changes is available here:

<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23>

For generic help use these support channels:

Official documentation:
<http://openvpn.net/index.php/open-source/documentation/howto.html>
Wiki: <https://community.openvpn.net>
Forums: <https://forums.openvpn.net>
User mailing list: <http://sourceforge.net/mail/?group_id=48978>
User IRC channel: #openvpn at irc.freenode.net

Please report bugs and ask development questions here:

Bug tracker and wiki: <https://community.openvpn.net>
Developer mailing list: <http://sourceforge.net/mail/?group_id=48978>
Developer IRC channel: #openvpn-devel at irc.freenode.net (requires
Freenode registration)

-- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock




0x40864578.asc
Description: application/pgp-keys


0x40864578.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Openvpn-announce mailing list
Openvpn-announce@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-announce


[Openvpn-announce] New 2.4.3 Windows installer with a security fix and improvements now available

2017-07-25 Thread Samuli Seppänen
Hi all,

An updated 2.4 Windows installer is now available here:

<https://swupdate.openvpn.org/community/releases/openvpn-install-2.4.3-I602.exe>

This installer includes updated OpenVPN GUI (11.8.0.0) and easy-rsa (2.3.0).

The installer also fixes a security vulnerability in the service
installation code:

<https://community.openvpn.net/openvpn/wiki/UnquotedServicePathIn24WindowsInstallers>

Systems where the C:\ drive is writable by limited users and which have
OpenVPN 2.4 installed are affected. Users of such systems should upgrade
to openvpn-install-2.4.3-I602.

-- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Openvpn-announce mailing list
Openvpn-announce@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-announce


Re: [Openvpn-announce] [Openvpn-devel] OpenVPN 2.4.3 released (with security fixes)

2017-06-22 Thread Samuli Seppänen
am repo
   - Must ensure that what is pushed is the bare minimum
3. Building and testing Debian packages
4) Building and testing Windows installers
5) Playing with CloudFlare caches

Producing release announcements (1) from a template would help quite a
bit actually, as the announcements are generally very similar to each
other. This script could potentially be public.

Parts of 2) have been automated by my release script, but there is still
room for improvement. This also could potentially be public.

Debian package (3) building generally goes smoothly, but there are
occasional hickups when something has changed somewhere (e.g. OpenVPN or
the underlying OS). Plus building tons of packages simply takes a lot of
time. This is already public, but could be automated further.

Windows installer building (4) is fairly straightforward and testing has
been automated using openvpn-windows-test (see GitHub). Still several
different versions have to be built atm:

- 2.4.x combined (32/64-bit) installer for Vista+
- 2.3.x installers (32/64-bit) for Vista+
- 2.3.x installers (32/64-bit) for XP

Building and testing these takes a lot of time and care. All the scripts
are public already, but further automation is possible.

CloudFlare (5) cache clearing could probably be automated fairly easily.
A separate Python script, for example, could be used. If this part is
made generic enough it could be made public.

> - We need to write down a proper check-list of all the steps needed
>   for a release, including putting a clear responsibility for each
>   release.  This list must also mention which scripts to be run.  Again,
>   automation is key to reduce the risk for errors.

We have a pretty thorough internal checklist in JIRA.

> - Consider how many who really needs to be involved in producing a
>   release.  More chefs in a kitchen can result in great food, but it can
>   also end up quite messy.

Agreed.

Many of the tasks in the JIRA ticket do not require any special access
to OpenVPN Technologies internal services (CloudFlare) or servers
(download/build/management servers). So those tasks could potentially be
handled by community developers. But would that make sense? Would it not
be easier to handle the entire release process from one point and just
ensure that the process can be replicated by more than one person (an
employee)?

What we could do is split the release into logical single-purpose steps
each of which is handled by a separate script. The scripts which would
not need access to OpenVPN Tech servers or CloudFlare could then be
published on GitHub. Or, if the scripts are generic enough they could
(potentially) be used by others by simply modifying a configuration file
or command-line options.

I've done this for some of the larger scripts I use for releases:

- openvpn-windows-test (the Powershell test suite)
- sbuild_wrapper (used to produce Debian packages)

> - At the same time, ensure we don't end up in a "single point of
>   failure".  More of us core developers need to be able to step in for
>   others, and still be able to produce a release without errors.  This
>   can be the end result if we have proper scripts, both for automated
>   and manual tasks.

I think you are the best fit for the role :). You have a good
understanding of the release process and have or can be granted the
access that is needed to handle all the release steps.

> My intention with these points are primarily "food for thought".  I
> don't fully believe it will be easy to have a well structured debate
> about the complete release process in a mailing list thread.
> 
> So I suggest we take a few weeks holiday, let this sink in, and then we
> can schedule a meeting some time in August where we discuss these
> issues.  And lets hope we don't need to rush yet another release before
> August :)
> 
> 

Makes sense.

-- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock


0x40864578.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Openvpn-announce mailing list
Openvpn-announce@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-announce


[Openvpn-announce] OpenVPN 2.4.3 released (with security fixes)

2017-06-21 Thread Samuli Seppänen
The OpenVPN community project team is proud to release OpenVPN 2.4.3. It
can be downloaded from here:

<http://openvpn.net/index.php/open-source/downloads.html>

OpenVPN v2.4.2 was analyzed closely using a fuzzer by Guido Vranken. In
the process several vulnerabilities were found, some of which are
remotely exploitable in certain circumstances. We recommend you to
upgrade to OpenVPN 2.4.3 or 2.3.17 as soon as possible. More details are
available in our official security announcement:

<https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243>

In addition a number of bugs with no security impact have been fixed.
The one big feature in the 2.4.3 release is support for building with
OpenSSL 1.1.

A summary of all included changes is available here:

<https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst>

A full list of changes is available here:

<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24>

Compared to OpenVPN 2.3 this is a major update with a large number of
new features, improvements and fixes. Some of the major features are
AEAD (GCM) cipher and Elliptic Curve DH key exchange support, improved
IPv4/IPv6 dual stack support and more seamless connection migration when
client's IP address changes (Peer-ID). Also, the new --tls-crypt feature
can be used to increase users' connection privacy.

OpenVPN GUI bundled with the Windows installer has a large number of new
features compared to the one bundled with OpenVPN 2.3. One of major
features is the ability to run OpenVPN GUI without administrator privileges.

For full details, look here:

<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24>

The new OpenVPN GUI features are documented here:

<https://github.com/OpenVPN/openvpn-gui>

Please note that OpenVPN 2.4 installers will not work on Windows XP.

For generic help use these support channels:

Official documentation:
<http://openvpn.net/index.php/open-source/documentation/howto.html>
Wiki: <https://community.openvpn.net>
Forums: <https://forums.openvpn.net>
User mailing list: <http://sourceforge.net/mail/?group_id=48978>
User IRC channel: #openvpn at irc.freenode.net

Please report bugs and ask development questions here:

Bug tracker and wiki: <https://community.openvpn.net>
Developer mailing list: <http://sourceforge.net/mail/?group_id=48978>
Developer IRC channel: #openvpn-devel at irc.freenode.net (requires
Freenode registration)

-- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock




0x40864578.asc
Description: application/pgp-keys


0x40864578.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Openvpn-announce mailing list
Openvpn-announce@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-announce


[Openvpn-announce] OpenVPN 2.3.17 released (with security fixes)

2017-06-21 Thread Samuli Seppänen
The OpenVPN community project team is proud to release OpenVPN 2.3.17.
It can be downloaded from here:

<http://openvpn.net/index.php/open-source/downloads.html>

OpenVPN v2.4.2 was analyzed closely using a fuzzer by Guido Vranken. In
the process several vulnerabilities were found, some of which are
remotely exploitable in certain circumstances. Most of these issues also
affect OpenVPN 2.3.16 and earlier. We recommend you to upgrade to
OpenVPN 2.4.3 or 2.3.17 as soon as possible. More details are available
in our official security announcement:

<https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243>

A summary of the changes is available here:

<https://github.com/OpenVPN/openvpn/blob/release/2.3/Changes.rst>

A full list of changes is available here:

<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23>

For generic help use these support channels:

Official documentation:
<http://openvpn.net/index.php/open-source/documentation/howto.html>
Wiki: <https://community.openvpn.net>
Forums: <https://forums.openvpn.net>
User mailing list: <http://sourceforge.net/mail/?group_id=48978>
User IRC channel: #openvpn at irc.freenode.net

Please report bugs and ask development questions here:

Bug tracker and wiki: <https://community.openvpn.net>
Developer mailing list: <http://sourceforge.net/mail/?group_id=48978>
Developer IRC channel: #openvpn-devel at irc.freenode.net (requires
Freenode registration)

-- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock


0x40864578.asc
Description: application/pgp-keys


0x40864578.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Openvpn-announce mailing list
Openvpn-announce@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-announce


[Openvpn-announce] OpenVPN 2.3.16 released

2017-05-19 Thread Samuli Seppänen
The OpenVPN community project team is proud to release OpenVPN 2.3.16.
It can be downloaded from here:

<http://openvpn.net/index.php/open-source/downloads.html>

This is a minor release that fixes a few bugs. This release was made
primarily because CloudFlare managed to serve obsolete pre-release
OpenVPN 2.3.15 tarballs which lack a fix for CVE-2017-7478:

<https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits>

The official OpenVPN 2.3.15 Windows installers have the fix.
Nevertheless, you are advised to upgrade your OpenVPN installations to
2.3.16 or 2.4.2.

A summary of the changes is available here:

<https://github.com/OpenVPN/openvpn/blob/release/2.3/Changes.rst>

A full list of changes is available here:

<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23>

NOTE: The GPG key used to sign release files has changed:

<https://openvpn.net/index.php/open-source/documentation/sig.html>

For generic help use these support channels:

Official documentation:
<http://openvpn.net/index.php/open-source/documentation/howto.html>
Wiki: <https://community.openvpn.net>
Forums: <https://forums.openvpn.net>
User mailing list: <http://sourceforge.net/mail/?group_id=48978>
User IRC channel: #openvpn at irc.freenode.net

Please report bugs and ask development questions here:

Bug tracker and wiki: <https://community.openvpn.net>
Developer mailing list: <http://sourceforge.net/mail/?group_id=48978>
Developer IRC channel: #openvpn-devel at irc.freenode.net (requires
Freenode registration)

-- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock



0x40864578.asc
Description: application/pgp-keys
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Openvpn-announce mailing list
Openvpn-announce@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-announce


[Openvpn-announce] OpenVPN releases tomorrow at 14:00 UTC (fixes vulnerabilities)

2017-05-10 Thread Samuli Seppänen
Hi all,

We will make OpenVPN releases tomorrow (11th May 2017) at 14:00 UTC,
fixing two remote DoS vulnerabilities. More details will follow at
release time.

-- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock


0x40864578.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Openvpn-announce mailing list
Openvpn-announce@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-announce


[Openvpn-announce] OpenVPN 2.4.1 released

2017-03-22 Thread Samuli Seppänen
The OpenVPN community project team is proud to release OpenVPN 2.4.1. It
can be downloaded from here:

<http://openvpn.net/index.php/open-source/downloads.html>

Compared to OpenVPN 2.3 this is a major update with a large number of
new features, improvements and fixes. Some of the major features are
AEAD (GCM) cipher and Elliptic Curve DH key exchange support, improved
IPv4/IPv6 dual stack support and more seamless connection migration when
client's IP address changes (Peer-ID). Also, the new --tls-crypt feature
can be used to increase users' connection privacy.

Compared to OpenVPN 2.4.0 there are several bugfixes and small
enhancements. A summary of the changes is available here:

<https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst>

A full list of changes is available here.

<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24>

OpenVPN GUI bundled with the Windows installer has a large number of new
features compared to the one bundled with OpenVPN 2.3. Details are
available on the "ChangesInOpenvpn24" page, above.

For generic help use these support channels:

Official documentation:
<http://openvpn.net/index.php/open-source/documentation/howto.html>
Wiki: <https://community.openvpn.net>
Forums: <https://forums.openvpn.net>
User mailing list: <http://sourceforge.net/mail/?group_id=48978>
User IRC channel: #openvpn at irc.freenode.net

Please report bugs and ask development questions here:

Bug tracker and wiki: <https://community.openvpn.net>
Developer mailing list: <http://sourceforge.net/mail/?group_id=48978>
Developer IRC channel: #openvpn-devel at irc.freenode.net (requires
Freenode registration)

-- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock


0x40864578.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Openvpn-announce mailing list
Openvpn-announce@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-announce


[Openvpn-announce] OpenVPN 2.4.0 released

2016-12-27 Thread Samuli Seppänen
The OpenVPN community project team is proud to release OpenVPN 2.4.0. It 
can be downloaded from here:

<http://openvpn.net/index.php/open-source/downloads.html>

Compared to OpenVPN 2.3 this is a major update with a large number of 
new features, improvements and fixes. Changes compared to the previous 
OpenVPN 2.4 release are very minor. A summary of these changes is 
available here:

<https://github.com/OpenVPN/openvpn/blob/master/Changes.rst>

A full list of changes is available here.

<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24>

OpenVPN GUI bundled with the Windows installer has a large number of new 
features compared to the one bundled with OpenVPN 2.3. Details are 
available on the "ChangesInOpenvpn24" page, above.

For generic help use these support channels:

Official documentation: 
<http://openvpn.net/index.php/open-source/documentation/howto.html>
Wiki: <https://community.openvpn.net>
Forums: <https://forums.openvpn.net>
User mailing list: <http://sourceforge.net/mail/?group_id=48978>
User IRC channel: #openvpn at irc.freenode.net

Please report bugs and ask development questions here:

Bug tracker and wiki: <https://community.openvpn.net>
Developer mailing list: <http://sourceforge.net/mail/?group_id=48978>
Developer IRC channel: #openvpn-devel at irc.freenode.net (requires 
Freenode registration)

-- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock

--
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
___
Openvpn-announce mailing list
Openvpn-announce@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-announce


[Openvpn-announce] OpenVPN 2.4_beta1 released

2016-11-17 Thread Samuli Seppänen
The OpenVPN community project team is proud to release OpenVPN 
2.4_beta1. It can be downloaded from here:

<http://openvpn.net/index.php/open-source/downloads.html>

The biggest new feature in this release (compared to 2.4_alpha2) is the 
optional control channel encryption. In addition several smaller fixes 
and improvements are included. A summary of these changes is available here:

<https://github.com/OpenVPN/openvpn/blob/master/Changes.rst>

A full list of changes is available here.

<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24>

For generic help use these support channels:

Official documentation: 
<http://openvpn.net/index.php/open-source/documentation/howto.html>
Wiki: <https://community.openvpn.net>
Forums: <https://forums.openvpn.net>
User mailing list: <http://sourceforge.net/mail/?group_id=48978>
User IRC channel: #openvpn at irc.freenode.net

Please report bugs and ask development questions here:

Bug tracker and wiki: <https://community.openvpn.net>
Developer mailing list: <http://sourceforge.net/mail/?group_id=48978>
Developer IRC channel: #openvpn-devel at irc.freenode.net (requires 
Freenode registration)

-- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock

--
___
Openvpn-announce mailing list
Openvpn-announce@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-announce


[Openvpn-announce] OpenVPN 2.3.11 released

2016-05-10 Thread Samuli Seppänen
The OpenVPN community project team is proud to release OpenVPN 2.3.11. 
It can be downloaded from here:


<http://openvpn.net/index.php/open-source/downloads.html>

This release fixes two vulnerabilities: a port-share bug with DoS 
potential and a buffer overflow by user supplied data when using pam 
authentication. In addition a number of small fixes and improvements are 
included. A full list of changes is available here:


<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23>

For generic help use these support channels:

Official documentation: 
<http://openvpn.net/index.php/open-source/documentation/howto.html>

Wiki: <https://community.openvpn.net>
Forums: <https://forums.openvpn.net>
User mailing list: <http://sourceforge.net/mail/?group_id=48978>
User IRC channel: #openvpn at irc.freenode.net

Please report bugs and ask development questions here:

Bug tracker and wiki: <https://community.openvpn.net>
Developer mailing list: <http://sourceforge.net/mail/?group_id=48978>
Developer IRC channel: #openvpn-devel at irc.freenode.net (requires 
Freenode registration)


--
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock



[Openvpn-announce] OpenVPN 2.3.11 released

2016-05-10 Thread Samuli Seppänen
The OpenVPN community project team is proud to release OpenVPN 2.3.11. 
It can be downloaded from here:


<http://openvpn.net/index.php/open-source/downloads.html>

This release fixes two vulnerabilities: a port-share bug with DoS 
potential and a buffer overflow by user supplied data when using pam 
authentication. In addition a number of small fixes and improvements are 
included. A full list of changes is available here:


<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23>

For generic help use these support channels:

Official documentation: 
<http://openvpn.net/index.php/open-source/documentation/howto.html>

Wiki: <https://community.openvpn.net>
Forums: <https://forums.openvpn.net>
User mailing list: <http://sourceforge.net/mail/?group_id=48978>
User IRC channel: #openvpn at irc.freenode.net

Please report bugs and ask development questions here:

Bug tracker and wiki: <https://community.openvpn.net>
Developer mailing list: <http://sourceforge.net/mail/?group_id=48978>
Developer IRC channel: #openvpn-devel at irc.freenode.net (requires 
Freenode registration)


--
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock



[Openvpn-announce] New OpenVPN 2.3.10 Windows installers (I604/I003) released

2016-05-04 Thread Samuli Seppänen

Hi all,

New OpenVPN Windows installers have been released. The I003 and I604 
installers bundle OpenSSL 1.0.1t which fixes some security 
vulnerabilities. The I604 installers also bundle a new tap-windows6 
driver (9.21.2) which has dual authenticode signatures (SHA1/SHA2) for 
the best possible compatibility across Windows versions (Vista -> 
Windows 10). In addition, the 9.21.2 driver fixes a security 
vulnerability which, however, required local admin rights to be 
exploitable. OpenVPN-GUI has also seen minor changes.


Best regards,

--
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock



[Openvpn-announce] New OpenVPN 2.3.10 Windows installers (I604/I003) released

2016-05-04 Thread Samuli Seppänen

Hi all,

New OpenVPN Windows installers have been released. The I003 and I604 
installers bundle OpenSSL 1.0.1t which fixes some security 
vulnerabilities. The I604 installers also bundle a new tap-windows6 
driver (9.21.2) which has dual authenticode signatures (SHA1/SHA2) for 
the best possible compatibility across Windows versions (Vista -> 
Windows 10). In addition, the 9.21.2 driver fixes a security 
vulnerability which, however, required local admin rights to be 
exploitable. OpenVPN-GUI has also seen minor changes.


Best regards,

--
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock



[Openvpn-announce] OpenVPN 2.3.10 released

2016-01-04 Thread Samuli Seppänen
The OpenVPN community project team is proud to release OpenVPN 2.3.10. 
It can be downloaded from here:


<http://openvpn.net/index.php/open-source/downloads.html>

This release fixes IPv6 on WIndows XP and warns users about expired 
certificates. A few other small fixes and improvements are included. In 
addition, PolarSSL 1.3 is now required for PolarSSL builds. The Windows 
installers now bundle OpenVPN-GUI 10, which automatically requests 
administrator privileges using UAC, instead of launching as a normal 
user and then failing at route creation time. A full list of changes is 
available here:


<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23>

For generic help use these support channels:

Official documentation: 
<http://openvpn.net/index.php/open-source/documentation/howto.html>

Wiki: <https://community.openvpn.net>
Forums: <https://forums.openvpn.net>
User mailing list: <http://sourceforge.net/mail/?group_id=48978>
User IRC channel: #openvpn at irc.freenode.net

Please report bugs and ask development questions here:

Bug tracker and wiki: <https://community.openvpn.net>
Developer mailing list: <http://sourceforge.net/mail/?group_id=48978>
Developer IRC channel: #openvpn-devel at irc.freenode.net (requires 
Freenode registration)


--
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock



[Openvpn-announce] OpenVPN 2.3.10 released

2016-01-04 Thread Samuli Seppänen
The OpenVPN community project team is proud to release OpenVPN 2.3.10. 
It can be downloaded from here:


<http://openvpn.net/index.php/open-source/downloads.html>

This release fixes IPv6 on WIndows XP and warns users about expired 
certificates. A few other small fixes and improvements are included. In 
addition, PolarSSL 1.3 is now required for PolarSSL builds. The Windows 
installers now bundle OpenVPN-GUI 10, which automatically requests 
administrator privileges using UAC, instead of launching as a normal 
user and then failing at route creation time. A full list of changes is 
available here:


<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23>

For generic help use these support channels:

Official documentation: 
<http://openvpn.net/index.php/open-source/documentation/howto.html>

Wiki: <https://community.openvpn.net>
Forums: <https://forums.openvpn.net>
User mailing list: <http://sourceforge.net/mail/?group_id=48978>
User IRC channel: #openvpn at irc.freenode.net

Please report bugs and ask development questions here:

Bug tracker and wiki: <https://community.openvpn.net>
Developer mailing list: <http://sourceforge.net/mail/?group_id=48978>
Developer IRC channel: #openvpn-devel at irc.freenode.net (requires 
Freenode registration)


--
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock



[Openvpn-announce] OpenVPN 2.3.6 released - fixes a critical DoS issue

2014-12-01 Thread Samuli Seppänen

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

The OpenVPN community project team is proud to release OpenVPN 2.3.6. It
can be downloaded from here:

<http://openvpn.net/index.php/open-source/downloads.html>

This release fixes a critical denial of service vulnerability in OpenVPN
servers (CVE-2014-8104). The vulnerability can be exploited by
authenticated clients only. Also note that confidentiality and
authenticity of traffic are not affected. More information about this
vulnerability is available on the Trac Wiki:

<https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b>

This release also includes a few other fixes and enhancements.

A full list of changes is available here:

<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23>

The changelog is also attached to this email.

The 2.2 branch in Git has also been patched for the DoS vulnerability.
Fixed source packages (2.2.3) are also provided, primarily for the
benefit of OpenVPN package maintainers. Official Windows installers
based on 2.2.3 will not be released.

For generic help use these support channels:

- - - Official documentation:
<http://openvpn.net/index.php/open-source/documentation/howto.html>
- - - Wiki: <https://community.openvpn.net>
- - - Forums: <https://forums.openvpn.net>
- - - User mailing list: <http://sourceforge.net/mail/?group_id=48978>
- - - User IRC channel: #openvpn at irc.freenode.net

Please report bugs and ask development questions here:

- - - Bug tracker and Wiki: <https://community.openvpn.net>
- - - Developer mailing list: <http://sourceforge.net/mail/?group_id=48978>
- - - Developer IRC channel: #openvpn-devel at irc.freenode.net (requires
  Freenode registration)

- - --
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iEYEARECAAYFAlR8saQACgkQwp2X7RmNIqN63wCfWzr5rN60BoHuir//x0jSkvtQ
7n8An2ppL7+1QQ/3VxGMwlYbdEgBzu3q
=X0lz
-END PGP SIGNATURE-

David Sommerseth (1):
  systemd: Reworked the systemd unit file to handle server and client 
configs better

Gert Doering (2):
  Add client-only support for peer-id.
  Preparing for release v2.3.6 (ChangeLog, version.m4)

Samuli Seppänen (1):
  Fix to --shaper documentation on the man-page

Steffan Karger (4):
  Fix assertion error when using --cipher none
  Add --tls-version-max
  Modernize sample keys and sample configs
  Drop too-short control channel packets instead of asserting out.



openvpn-2.3.6-changelog.sig
Description: PGP signature


[Openvpn-announce] OpenVPN 2.3.6 released - fixes a critical DoS issue

2014-12-01 Thread Samuli Seppänen

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

The OpenVPN community project team is proud to release OpenVPN 2.3.6. It
can be downloaded from here:

<http://openvpn.net/index.php/open-source/downloads.html>

This release fixes a critical denial of service vulnerability in OpenVPN
servers (CVE-2014-8104). The vulnerability can be exploited by
authenticated clients only. Also note that confidentiality and
authenticity of traffic are not affected. More information about this
vulnerability is available on the Trac Wiki:

<https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b>

This release also includes a few other fixes and enhancements.

A full list of changes is available here:

<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23>

The changelog is also attached to this email.

The 2.2 branch in Git has also been patched for the DoS vulnerability.
Fixed source packages (2.2.3) are also provided, primarily for the
benefit of OpenVPN package maintainers. Official Windows installers
based on 2.2.3 will not be released.

For generic help use these support channels:

- - - Official documentation:
<http://openvpn.net/index.php/open-source/documentation/howto.html>
- - - Wiki: <https://community.openvpn.net>
- - - Forums: <https://forums.openvpn.net>
- - - User mailing list: <http://sourceforge.net/mail/?group_id=48978>
- - - User IRC channel: #openvpn at irc.freenode.net

Please report bugs and ask development questions here:

- - - Bug tracker and Wiki: <https://community.openvpn.net>
- - - Developer mailing list: <http://sourceforge.net/mail/?group_id=48978>
- - - Developer IRC channel: #openvpn-devel at irc.freenode.net (requires
  Freenode registration)

- - --
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iEYEARECAAYFAlR8saQACgkQwp2X7RmNIqN63wCfWzr5rN60BoHuir//x0jSkvtQ
7n8An2ppL7+1QQ/3VxGMwlYbdEgBzu3q
=X0lz
-END PGP SIGNATURE-

David Sommerseth (1):
  systemd: Reworked the systemd unit file to handle server and client 
configs better

Gert Doering (2):
  Add client-only support for peer-id.
  Preparing for release v2.3.6 (ChangeLog, version.m4)

Samuli Seppänen (1):
  Fix to --shaper documentation on the man-page

Steffan Karger (4):
  Fix assertion error when using --cipher none
  Add --tls-version-max
  Modernize sample keys and sample configs
  Drop too-short control channel packets instead of asserting out.



openvpn-2.3.6-changelog.sig
Description: PGP signature


[Openvpn-announce] Critical denial of service vulnerability in OpenVPN servers

2014-11-30 Thread Samuli Seppänen

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi all,

A critical denial of service security vulnerability affecting OpenVPN
servers was recently brought to our attention. A fixed version of
OpenVPN (2.3.6) will be released today/tomorrow (1st Dec 2014) at around
18:00 UTC.

Brace yourselves for the update.

Best regards,

- -- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iEYEARECAAYFAlR7mzAACgkQwp2X7RmNIqOebgCgpMNqILpQ1fwUICZlfVOZUkNL
WPUAniTsX/a6OuLymSbBa4Ra2Y4Oasvh
=o8li
-END PGP SIGNATURE-





[Openvpn-announce] Critical denial of service vulnerability in OpenVPN servers

2014-11-30 Thread Samuli Seppänen

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi all,

A critical denial of service security vulnerability affecting OpenVPN
servers was recently brought to our attention. A fixed version of
OpenVPN (2.3.6) will be released today/tomorrow (1st Dec 2014) at around
18:00 UTC.

Brace yourselves for the update.

Best regards,

- -- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iEYEARECAAYFAlR7mzAACgkQwp2X7RmNIqOebgCgpMNqILpQ1fwUICZlfVOZUkNL
WPUAniTsX/a6OuLymSbBa4Ra2Y4Oasvh
=o8li
-END PGP SIGNATURE-





[Openvpn-announce] OpenVPN 2.3.5 released

2014-10-28 Thread Samuli Seppänen
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

The OpenVPN community project team is proud to release OpenVPN 2.3.5.
It can be downloaded from here:

<http://openvpn.net/index.php/open-source/downloads.html>

This release fixes a serious interoperability issue with OpenVPN and
the tap-windows6 driver. In addition a fair number of other bug fixes
and small enhancements are included.

A full list of changes is available here:

<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23>

The changelog is also attached to this email.

For generic help use these support channels:

- - Official documentation:
<http://openvpn.net/index.php/open-source/documentation/howto.html>
- - Wiki: <https://community.openvpn.net>
- - Forums: <https://forums.openvpn.net>
- - User mailing list: <http://sourceforge.net/mail/?group_id=48978>
- - User IRC channel: #openvpn at irc.freenode.net

Please report bugs and ask development questions here:

- - Bug tracker and Wiki: <https://community.openvpn.net>
- - Developer mailing list: <http://sourceforge.net/mail/?group_id=48978>
- - Developer IRC channel: #openvpn-devel at irc.freenode.net (requires
  Freenode registration)

- -- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iEYEARECAAYFAlRP4+oACgkQwp2X7RmNIqNlFwCfa5sWq2MVZ7TfhpewRa9c20wp
bu0AoNJwNim1+BkX8ZEMs/ctTcL3jS0I
=/FCN
-END PGP SIGNATURE-
Andris Kalnozols (2):
  Fix some typos in the man page.
  Do not upcase x509-username-field for mixed-case arguments.

Arne Schwabe (1):
  Fix server routes not working in topology subnet with --server [v3]

David Sommerseth (4):
  Improve error reporting on file access to --client-config-dir and 
--ccd-exclusive
  Don't let openvpn_popen() keep zombies around
  Add systemd unit file for OpenVPN
  systemd: Use systemd functions to consider systemd availability

Gert Doering (4):
  Drop incoming fe80:: packets silently now.
  Fix t_lpback.sh platform-dependent failures
  Call init script helpers with explicit path (./)
  Preparing for release v2.3.5 (ChangeLog, version.m4)

Heiko Hund (1):
  refine assertion to allow other modes than CBC

Hubert Kario (2):
  ocsp_check - signature verification and cert staus results are separate
  ocsp_check - double check if ocsp didn't report any errors in execution

James Bekkema (1):
  Fix socket-flag/TCP_NODELAY on Mac OS X

James Yonan (6):
  Fixed several instances of declarations after statements.
  In socket.c, fixed issue where uninitialized value (err) is being passed 
to to gai_strerror.
  Explicitly cast the third parameter of setsockopt to const void * to 
avoid warning.
  MSVC 2008 doesn't support dimensioning an array with a const var nor 
using %z as a printf format specifier.
  Define PATH_SEPARATOR for MSVC builds.
  Fixed some compile issues with show_library_versions()

Jann Horn (1):
  Remove quadratic complexity from openvpn_base64_decode()

Mike Gilbert (1):
  Add configure check for the path to systemd-ask-password

Philipp Hagemeister (2):
  Add topology in sample server configuration file
  Implement on-link route adding for iproute2

Samuel Thibault (1):
  Ensure that client-connect files are always deleted

Steffan Karger (13):
  Remove function without effect (cipher_ok() always returned true).
  Remove unneeded wrapper functions in crypto_openssl.c
  Fix bug that incorrectly refuses oid representation eku's in polar builds
  Update README.polarssl
  Rename ALLOW_NON_CBC_CIPHERS to ENABLE_OFB_CFB_MODE, and add to configure.
  Add proper check for crypto modes (CBC or OFB/CFB)
  Improve --show-ciphers to show if a cipher can be used in static key mode
  Extend t_lpback tests to test all ciphers reported by --show-ciphers
  Don't exit daemon if opening or parsing the CRL fails.
  Fix typo in cipher_kt_mode_{cbc, ofb_cfb}() doxygen.
  Fix regression with password protected private keys (polarssl)
  ssl_polarssl.c: fix includes and make casts explicit
  Remove unused variables from ssl_verify_openssl.c extract_x509_extension()

TDivine (1):
  Fix "code=995" bug with windows NDIS6 tap driver.



openvpn-2.3.5-changelog.sig
Description: PGP signature


[Openvpn-announce] OpenVPN 2.3.5 released

2014-10-28 Thread Samuli Seppänen
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

The OpenVPN community project team is proud to release OpenVPN 2.3.5.
It can be downloaded from here:

<http://openvpn.net/index.php/open-source/downloads.html>

This release fixes a serious interoperability issue with OpenVPN and
the tap-windows6 driver. In addition a fair number of other bug fixes
and small enhancements are included.

A full list of changes is available here:

<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23>

The changelog is also attached to this email.

For generic help use these support channels:

- - Official documentation:
<http://openvpn.net/index.php/open-source/documentation/howto.html>
- - Wiki: <https://community.openvpn.net>
- - Forums: <https://forums.openvpn.net>
- - User mailing list: <http://sourceforge.net/mail/?group_id=48978>
- - User IRC channel: #openvpn at irc.freenode.net

Please report bugs and ask development questions here:

- - Bug tracker and Wiki: <https://community.openvpn.net>
- - Developer mailing list: <http://sourceforge.net/mail/?group_id=48978>
- - Developer IRC channel: #openvpn-devel at irc.freenode.net (requires
  Freenode registration)

- -- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iEYEARECAAYFAlRP4+oACgkQwp2X7RmNIqNlFwCfa5sWq2MVZ7TfhpewRa9c20wp
bu0AoNJwNim1+BkX8ZEMs/ctTcL3jS0I
=/FCN
-END PGP SIGNATURE-
Andris Kalnozols (2):
  Fix some typos in the man page.
  Do not upcase x509-username-field for mixed-case arguments.

Arne Schwabe (1):
  Fix server routes not working in topology subnet with --server [v3]

David Sommerseth (4):
  Improve error reporting on file access to --client-config-dir and 
--ccd-exclusive
  Don't let openvpn_popen() keep zombies around
  Add systemd unit file for OpenVPN
  systemd: Use systemd functions to consider systemd availability

Gert Doering (4):
  Drop incoming fe80:: packets silently now.
  Fix t_lpback.sh platform-dependent failures
  Call init script helpers with explicit path (./)
  Preparing for release v2.3.5 (ChangeLog, version.m4)

Heiko Hund (1):
  refine assertion to allow other modes than CBC

Hubert Kario (2):
  ocsp_check - signature verification and cert staus results are separate
  ocsp_check - double check if ocsp didn't report any errors in execution

James Bekkema (1):
  Fix socket-flag/TCP_NODELAY on Mac OS X

James Yonan (6):
  Fixed several instances of declarations after statements.
  In socket.c, fixed issue where uninitialized value (err) is being passed 
to to gai_strerror.
  Explicitly cast the third parameter of setsockopt to const void * to 
avoid warning.
  MSVC 2008 doesn't support dimensioning an array with a const var nor 
using %z as a printf format specifier.
  Define PATH_SEPARATOR for MSVC builds.
  Fixed some compile issues with show_library_versions()

Jann Horn (1):
  Remove quadratic complexity from openvpn_base64_decode()

Mike Gilbert (1):
  Add configure check for the path to systemd-ask-password

Philipp Hagemeister (2):
  Add topology in sample server configuration file
  Implement on-link route adding for iproute2

Samuel Thibault (1):
  Ensure that client-connect files are always deleted

Steffan Karger (13):
  Remove function without effect (cipher_ok() always returned true).
  Remove unneeded wrapper functions in crypto_openssl.c
  Fix bug that incorrectly refuses oid representation eku's in polar builds
  Update README.polarssl
  Rename ALLOW_NON_CBC_CIPHERS to ENABLE_OFB_CFB_MODE, and add to configure.
  Add proper check for crypto modes (CBC or OFB/CFB)
  Improve --show-ciphers to show if a cipher can be used in static key mode
  Extend t_lpback tests to test all ciphers reported by --show-ciphers
  Don't exit daemon if opening or parsing the CRL fails.
  Fix typo in cipher_kt_mode_{cbc, ofb_cfb}() doxygen.
  Fix regression with password protected private keys (polarssl)
  ssl_polarssl.c: fix includes and make casts explicit
  Remove unused variables from ssl_verify_openssl.c extract_x509_extension()

TDivine (1):
  Fix "code=995" bug with windows NDIS6 tap driver.



openvpn-2.3.5-changelog.sig
Description: PGP signature


[Openvpn-announce] New OpenVPN Windows installers (I004 and I604) released

2014-10-20 Thread Samuli Seppänen

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi all,

New Windows installers with OpenSSL 1.0.1j have been released:

<http://openvpn.net/index.php/download/community-downloads.html>

Two of the issues fixed in OpenSSL may impact OpenVPN. More details here:

<http://thread.gmane.org/gmane.network.openvpn.devel/9133>

Let me know if there are any issues with these installers.

Best regards,

- -- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iEYEARECAAYFAlRFCSEACgkQwp2X7RmNIqPYCgCg4H2uIUnpO2pQzwwdS0H3VyLl
lSQAn1w8BWUgofRJr4SsXL47zPEhe1He
=5sXk
-END PGP SIGNATURE-





[Openvpn-announce] New OpenVPN Windows installers (I004 and I604) released

2014-10-20 Thread Samuli Seppänen

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi all,

New Windows installers with OpenSSL 1.0.1j have been released:

<http://openvpn.net/index.php/download/community-downloads.html>

Two of the issues fixed in OpenSSL may impact OpenVPN. More details here:

<http://thread.gmane.org/gmane.network.openvpn.devel/9133>

Let me know if there are any issues with these installers.

Best regards,

- -- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iEYEARECAAYFAlRFCSEACgkQwp2X7RmNIqPYCgCg4H2uIUnpO2pQzwwdS0H3VyLl
lSQAn1w8BWUgofRJr4SsXL47zPEhe1He
=5sXk
-END PGP SIGNATURE-





Re: [Openvpn-announce] [Openvpn-devel] Impact of latest OpenSSL vulnerabilities to OpenVPN

2014-08-08 Thread Samuli Seppänen

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1



> Hi all,
>
> Information on how the latest OpenSSL vulnerabilities affect OpenVPN is
> available here:
>
>
<https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenSSL1.0.1i>
>
> Yesterday's Windows installer releases bundle OpenSSL 1.0.0i, which is
> immune to the two issues which may[1] affect OpenVPN. Updated installers
> are available here:
>
Responding to myself before somebody else corrects me. The Windows
installers bundle 1.0.1i (not 1.0.0i).

Sorry for the noise.
- -- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iEYEARECAAYFAlPkhisACgkQwp2X7RmNIqPKIgCeNsM6/3Z1Y9IDMMOYKQztHeWQ
76cAn1t8clBRaBWhhEAY2pYI8LHbzjSC
=XS4x
-END PGP SIGNATURE-




Re: [Openvpn-announce] [Openvpn-devel] Impact of latest OpenSSL vulnerabilities to OpenVPN

2014-08-08 Thread Samuli Seppänen

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1



> Hi all,
>
> Information on how the latest OpenSSL vulnerabilities affect OpenVPN is
> available here:
>
>
<https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenSSL1.0.1i>
>
> Yesterday's Windows installer releases bundle OpenSSL 1.0.0i, which is
> immune to the two issues which may[1] affect OpenVPN. Updated installers
> are available here:
>
Responding to myself before somebody else corrects me. The Windows
installers bundle 1.0.1i (not 1.0.0i).

Sorry for the noise.
- -- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iEYEARECAAYFAlPkhisACgkQwp2X7RmNIqPKIgCeNsM6/3Z1Y9IDMMOYKQztHeWQ
76cAn1t8clBRaBWhhEAY2pYI8LHbzjSC
=XS4x
-END PGP SIGNATURE-




[Openvpn-announce] Impact of latest OpenSSL vulnerabilities to OpenVPN

2014-08-08 Thread Samuli Seppänen

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi all,

Information on how the latest OpenSSL vulnerabilities affect OpenVPN is
available here:

<https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenSSL1.0.1i>

Yesterday's Windows installer releases bundle OpenSSL 1.0.0i, which is
immune to the two issues which may[1] affect OpenVPN. Updated installers
are available here:

<http://openvpn.net/index.php/download/community-downloads.html>

Best regards,

- -- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock


[1] Depending on it's configuration
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iEYEARECAAYFAlPkd/IACgkQwp2X7RmNIqOoWwCeLR13x//Vxm4LRXilRlwkxhtP
XcoAoMwIn+y3iYkofgL9TFiIK4YGMOK8
=msAA
-END PGP SIGNATURE-




[Openvpn-announce] Impact of latest OpenSSL vulnerabilities to OpenVPN

2014-08-08 Thread Samuli Seppänen

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi all,

Information on how the latest OpenSSL vulnerabilities affect OpenVPN is
available here:

<https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenSSL1.0.1i>

Yesterday's Windows installer releases bundle OpenSSL 1.0.0i, which is
immune to the two issues which may[1] affect OpenVPN. Updated installers
are available here:

<http://openvpn.net/index.php/download/community-downloads.html>

Best regards,

- -- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock


[1] Depending on it's configuration
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iEYEARECAAYFAlPkd/IACgkQwp2X7RmNIqOoWwCeLR13x//Vxm4LRXilRlwkxhtP
XcoAoMwIn+y3iYkofgL9TFiIK4YGMOK8
=msAA
-END PGP SIGNATURE-




[Openvpn-announce] New OpenVPN Windows installers bundle OpenSSL 1.0.1i

2014-08-07 Thread Samuli Seppänen
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi all,

The OpenSSL project released fixes to several security vulnerabilities
yesterday, some of which may affect OpenVPN:

<http://www.openssl.org/news/secadv_20140806.txt>

OpenVPN 2.3.2 and 2.3.4 Windows installers that include a fixed
version of OpenSSL are available here:

<http://openvpn.net/index.php/download/community-downloads.html>

All Windows users of OpenVPN should upgrade their installations
immediately to the latest 2.3.2 or 2.3.4 releases.

- -- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iEYEARECAAYFAlPjfxkACgkQwp2X7RmNIqMOKwCghrJrWhKjS52XTlvHUJjzdHDX
JF8AoIBQz10Xn/7Lg2hBuFmxYc6yHBTC
=87V/
-END PGP SIGNATURE-



[Openvpn-announce] New OpenVPN Windows installers bundle OpenSSL 1.0.1i

2014-08-07 Thread Samuli Seppänen
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi all,

The OpenSSL project released fixes to several security vulnerabilities
yesterday, some of which may affect OpenVPN:

<http://www.openssl.org/news/secadv_20140806.txt>

OpenVPN 2.3.2 and 2.3.4 Windows installers that include a fixed
version of OpenSSL are available here:

<http://openvpn.net/index.php/download/community-downloads.html>

All Windows users of OpenVPN should upgrade their installations
immediately to the latest 2.3.2 or 2.3.4 releases.

- -- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iEYEARECAAYFAlPjfxkACgkQwp2X7RmNIqMOKwCghrJrWhKjS52XTlvHUJjzdHDX
JF8AoIBQz10Xn/7Lg2hBuFmxYc6yHBTC
=87V/
-END PGP SIGNATURE-



[Openvpn-announce] New OpenVPN Windows installers released to fix OpenSSL security vulnerabilities

2014-06-05 Thread Samuli Seppänen

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi all,

The OpenSSL project released fixes to several security vulnerabilities
today, one of which (the MITM vulnerability) affects OpenVPN:

<http://www.openssl.org/news/secadv_20140605.txt>

OpenVPN 2.3.2 and 2.3.4 Windows installers that include a fixed version
of OpenSSL have now been released:

<http://openvpn.net/index.php/download/community-downloads.html>

All Windows users of OpenVPN should upgrade their installations
immediately to the latest 2.3.2 or 2.3.4 releases.

Please note that OpenVPN 2.2.2 Windows installers, which were also
vulnerable, have been removed from the main download pages. If you are
unable to upgrade to a recent release you can still build 2.2.2
yourself, linking it to a more recent OpenSSL version.

- -- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlOQiHoACgkQwp2X7RmNIqPhUgCfdKXmmnZGz71w5wF4leaC6aJf
kwYAoIDK8M3fNcIx3gAWepaL0Lt04cGe
=XOGC
-END PGP SIGNATURE-




[Openvpn-announce] New OpenVPN Windows installers released to fix OpenSSL security vulnerabilities

2014-06-05 Thread Samuli Seppänen

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi all,

The OpenSSL project released fixes to several security vulnerabilities
today, one of which (the MITM vulnerability) affects OpenVPN:

<http://www.openssl.org/news/secadv_20140605.txt>

OpenVPN 2.3.2 and 2.3.4 Windows installers that include a fixed version
of OpenSSL have now been released:

<http://openvpn.net/index.php/download/community-downloads.html>

All Windows users of OpenVPN should upgrade their installations
immediately to the latest 2.3.2 or 2.3.4 releases.

Please note that OpenVPN 2.2.2 Windows installers, which were also
vulnerable, have been removed from the main download pages. If you are
unable to upgrade to a recent release you can still build 2.2.2
yourself, linking it to a more recent OpenSSL version.

- -- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlOQiHoACgkQwp2X7RmNIqPhUgCfdKXmmnZGz71w5wF4leaC6aJf
kwYAoIDK8M3fNcIx3gAWepaL0Lt04cGe
=XOGC
-END PGP SIGNATURE-




[Openvpn-announce] OpenVPN 2.3.4 released

2014-05-02 Thread Samuli Seppänen
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

The OpenVPN community project team is proud to release OpenVPN 2.3.4.
It can be downloaded from here:

<http://openvpn.net/index.php/open-source/downloads.html>

The most important change in this release is that TLS version
negotiation is no longer used unless it's explicitly turned on in the
configuration files, thus reverting back to the 2.3.2 behaviour as
interoperability issues were encountered in 2.3.3. Other notable
changes include addition of SSL library version reporting, fixing of
SOCKSv5 authentication logic and making serial env exporting
consistent between OpenSSL and PolarSSL. This release also contains a
number of other bug fixes and small enhancements.

The Windows installer I001 has additional code to prevent problems
during install and uninstall if installer bitness is wrong or if the
OpenVPN-GUI or an OpenVPN process is running. The Windows installers
also bundle OpenSSL 1.0.1g, which means that they are immune to the
heartbleed vulnerability:

<http://heartbleed.com/>
<https://community.openvpn.net/openvpn/wiki/heartbleed>

All Windows users of OpenVPN 2.3-rc2-I001 through OpenVPN 2.3.2-I003
should upgrade their installations immediately.

Experimental Windows installers with NDIS 6 -enabled tap-windows
drivers are also available for Windows Vista and above, here:

<https://community.openvpn.net/openvpn/wiki/ExperimentalVersions>

Note that it is possible, even if unlikely, that the NDIS 6 drivers
could crash, giving a BSOD. Long story short: please do not use them
on valuable production systems.

A full list of changes is available here:

<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23>

The changelog is also attached to this email.

For generic help use these support channels:

- - Official documentation:
<http://openvpn.net/index.php/open-source/documentation/howto.html>
- - Wiki: <https://community.openvpn.net>
- - Forums: <https://forums.openvpn.net>
- - User mailing list: <http://sourceforge.net/mail/?group_id=48978>
- - User IRC channel: #openvpn at irc.freenode.net

Please report bugs and ask development questions here:

- - Bug tracker and Wiki: <https://community.openvpn.net>
- - Developer mailing list: <http://sourceforge.net/mail/?group_id=48978>
- - Developer IRC channel: #openvpn-devel at irc.freenode.net (requires
  Freenode registration)

- -- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock



-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlNjo4EACgkQwp2X7RmNIqNOuACeM190nx7c4RPcSQ+x/JS4c1W5
ozoAn0Ep1W3PxFWaalXEoMo0JL/KtS82
=8CX/
-END PGP SIGNATURE-
Arne Schwabe (1):
  Fix man page and OSCP script: tls_serial_{n} is decimal

Dmitrij Tejblum (1):
  Fix is_ipv6 in case of tap interface.

Gert Doering (8):
  IPv6 address/route delete fix for Win8
  Add SSL library version reporting.
  Minor t_client.sh cleanups
  Repair --multihome on FreeBSD for IPv4 sockets.
  Rewrite manpage section about --multihome
  More IPv6-related updates to the openvpn man page.
  Conditionalize calls to print_default_gateway on !ENABLE_SMALL
  Preparing for release v2.3.4 (ChangeLog, version.m4)

James Yonan (2):
  Use native strtoull() with MSVC 2013.
  When tls-version-min is unspecified, revert to original versioning 
approach.

Steffan Karger (4):
  Change signedness of hash in x509_get_sha1_hash(), fixes compiler warning.
  Fix OCSP_check.sh to also use decimal for stdout verification.
  Fix build system to accept non-system crypto library locations for 
plugins.
  Make serial env exporting consistent amongst OpenSSL and PolarSSL builds.

Yawning Angel (1):
  Fix SOCKSv5 method selection

kangsterizer (1):
  Fix typo in sample build script to use LDFLAGS



openvpn-2.3.4-changelog.sig
Description: PGP signature


[Openvpn-announce] OpenVPN 2.3.4 released

2014-05-02 Thread Samuli Seppänen
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

The OpenVPN community project team is proud to release OpenVPN 2.3.4.
It can be downloaded from here:

<http://openvpn.net/index.php/open-source/downloads.html>

The most important change in this release is that TLS version
negotiation is no longer used unless it's explicitly turned on in the
configuration files, thus reverting back to the 2.3.2 behaviour as
interoperability issues were encountered in 2.3.3. Other notable
changes include addition of SSL library version reporting, fixing of
SOCKSv5 authentication logic and making serial env exporting
consistent between OpenSSL and PolarSSL. This release also contains a
number of other bug fixes and small enhancements.

The Windows installer I001 has additional code to prevent problems
during install and uninstall if installer bitness is wrong or if the
OpenVPN-GUI or an OpenVPN process is running. The Windows installers
also bundle OpenSSL 1.0.1g, which means that they are immune to the
heartbleed vulnerability:

<http://heartbleed.com/>
<https://community.openvpn.net/openvpn/wiki/heartbleed>

All Windows users of OpenVPN 2.3-rc2-I001 through OpenVPN 2.3.2-I003
should upgrade their installations immediately.

Experimental Windows installers with NDIS 6 -enabled tap-windows
drivers are also available for Windows Vista and above, here:

<https://community.openvpn.net/openvpn/wiki/ExperimentalVersions>

Note that it is possible, even if unlikely, that the NDIS 6 drivers
could crash, giving a BSOD. Long story short: please do not use them
on valuable production systems.

A full list of changes is available here:

<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23>

The changelog is also attached to this email.

For generic help use these support channels:

- - Official documentation:
<http://openvpn.net/index.php/open-source/documentation/howto.html>
- - Wiki: <https://community.openvpn.net>
- - Forums: <https://forums.openvpn.net>
- - User mailing list: <http://sourceforge.net/mail/?group_id=48978>
- - User IRC channel: #openvpn at irc.freenode.net

Please report bugs and ask development questions here:

- - Bug tracker and Wiki: <https://community.openvpn.net>
- - Developer mailing list: <http://sourceforge.net/mail/?group_id=48978>
- - Developer IRC channel: #openvpn-devel at irc.freenode.net (requires
  Freenode registration)

- -- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock



-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlNjo4EACgkQwp2X7RmNIqNOuACeM190nx7c4RPcSQ+x/JS4c1W5
ozoAn0Ep1W3PxFWaalXEoMo0JL/KtS82
=8CX/
-END PGP SIGNATURE-
Arne Schwabe (1):
  Fix man page and OSCP script: tls_serial_{n} is decimal

Dmitrij Tejblum (1):
  Fix is_ipv6 in case of tap interface.

Gert Doering (8):
  IPv6 address/route delete fix for Win8
  Add SSL library version reporting.
  Minor t_client.sh cleanups
  Repair --multihome on FreeBSD for IPv4 sockets.
  Rewrite manpage section about --multihome
  More IPv6-related updates to the openvpn man page.
  Conditionalize calls to print_default_gateway on !ENABLE_SMALL
  Preparing for release v2.3.4 (ChangeLog, version.m4)

James Yonan (2):
  Use native strtoull() with MSVC 2013.
  When tls-version-min is unspecified, revert to original versioning 
approach.

Steffan Karger (4):
  Change signedness of hash in x509_get_sha1_hash(), fixes compiler warning.
  Fix OCSP_check.sh to also use decimal for stdout verification.
  Fix build system to accept non-system crypto library locations for 
plugins.
  Make serial env exporting consistent amongst OpenSSL and PolarSSL builds.

Yawning Angel (1):
  Fix SOCKSv5 method selection

kangsterizer (1):
  Fix typo in sample build script to use LDFLAGS



openvpn-2.3.4-changelog.sig
Description: PGP signature


[Openvpn-announce] OpenVPN 2.3.3 released

2014-04-09 Thread Samuli Seppänen
The OpenVPN community project team is proud to release OpenVPN 2.3.3. It
can be downloaded from here:

<http://openvpn.net/index.php/open-source/downloads.html>

This release contains a number of bug fixes, small enhancements and
changes aimed at improving long-term compatibility with newer OpenVPN
versions. In addition, the Windows installer is bundled with an updated
OpenVPN-GUI and more importantly includes OpenSSL 1.0.0g that fixes the
very serious heartbleed vulnerability:

<http://heartbleed.com/>
<https://community.openvpn.net/openvpn/wiki/heartbleed>

All Windows users of OpenVPN 2.3-rc2-I001 through OpenVPN 2.3.2-I003
should upgrade their installations immediately.

A full list of changes is available here:

<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23>

The changelog is also attached to this email.

For generic help use these support channels:

- Official documentation:
<http://openvpn.net/index.php/open-source/documentation/howto.html>
- Wiki: <https://community.openvpn.net>
- Forums: <https://forums.openvpn.net>
- User mailing list: <http://sourceforge.net/mail/?group_id=48978>
- User IRC channel: #openvpn at irc.freenode.net

Please report bugs and ask development questions here:

- Bug tracker and Wiki: <https://community.openvpn.net>
- Developer mailing list: <http://sourceforge.net/mail/?group_id=48978>
- Developer IRC channel: #openvpn-devel at irc.freenode.net (requires
  Freenode registration)

-- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock

Alon Bar-Lev (1):
  pkcs11: use generic evp key instead of rsa

Arne Schwabe (8):
  Add support of utun devices under Mac OS X
  Add support to ignore specific options.
  Add a note what setenv opt does for OpenVPN < 2.3.3
  Add reporting of UI version to basic push-peer-info set.
  Fix compile error in ssl_openssl introduced by polar external-management 
patch
  Fix assertion when SIGUSR1 is received while getaddrinfo is successful
  Add warning for using connection block variables after connection blocks
  Introduce safety check for http proxy options

David Sommerseth (5):
  man page: Update man page about the tls_digest_{n} environment variable
  Remove the --disable-eurephia configure option
  plugin: Extend the plug-in v3 API to identify the SSL implementation used
  autoconf: Fix typo
  Fix file checks when --chroot is being used

Davide Brini (1):
  Document authfile for socks server

Gert Doering (9):
  Fix IPv6 examples in t_client.rc-sample
  Fix slow memory drain on each client renegotiation.
  t_client.sh: ignore fields from "ip -6 route show" output that distort 
results.
  Make code and documentation for --remote-random-hostname consistent.
  Reduce IV_OPENVPN_GUI_VERSION= to IV_GUI_VER=
  Document issue with --chroot, /dev/urandom and PolarSSL.
  Rename 'struct route' to 'struct route_ipv4'
  Replace copied structure elements with including 
  Workaround missing SSL_OP_NO_TICKET in earlier OpenSSL versions

Heikki Hannikainen (1):
  Always load intermediate certificates from a PKCS#12 file

Heiko Hund (2):
  Support non-ASCII TAP adapter names on Windows
  Support non-ASCII characters in Windows tmp path

James Yonan (3):

  TLS version negotiation
  Added "setenv opt" directive prefix.
  Set SSL_OP_NO_TICKET flag in SSL context for OpenSSL builds, to disable 
TLS stateless session resumption.

Jens Wagner (1):
  Fix spurious ignoring of pushed config options (trac#349).

Joachim Schipper (3):
  Refactor tls_ctx_use_external_private_key()
  --management-external-key for PolarSSL
  external_pkcs1_sign: Support non-RSA_SIG_RAW hash_ids

Josh Cepek (2):
  Correct error text when no Windows TAP device is present
  Require a 1.2.x PolarSSL version

Klee Dienes (1):
  tls_ctx_load_ca: Improve certificate error messages

Max Muster (1):
  Remove duplicate cipher entries from TLS translation table.

Peter Sagerson (1):
  Fix configure interaction with static OpenSSL libraries

Steffan Karger (7):
  Do not pass struct tls_session* as void* in key_state_ssl_init().
  Require polarssl >= 1.2.10 for polarssl-builds, which fixes CVE-2013-5915.
  Use RSA_generate_key_ex() instead of deprecated, RSA_generate_key()
  Also update TLSv1_method() calls in support code to SSLv23_method() calls.
  Update TLSv1 error messages to SSLv23 to reflect changes from commit 
4b67f98
  If --tls-cipher is supplied, make --show-tls parse the list.
  Add openssl-specific common cipher list names to ssl.c.

Tamas TEVESZ (1):
  Add support for client-cert-not-required for PolarSSL.

Thomas Veerman (1):
  Fix "." in description of utun.



[Openvpn-announce] OpenVPN 2.3.3 released

2014-04-09 Thread Samuli Seppänen
The OpenVPN community project team is proud to release OpenVPN 2.3.3. It
can be downloaded from here:

<http://openvpn.net/index.php/open-source/downloads.html>

This release contains a number of bug fixes, small enhancements and
changes aimed at improving long-term compatibility with newer OpenVPN
versions. In addition, the Windows installer is bundled with an updated
OpenVPN-GUI and more importantly includes OpenSSL 1.0.0g that fixes the
very serious heartbleed vulnerability:

<http://heartbleed.com/>
<https://community.openvpn.net/openvpn/wiki/heartbleed>

All Windows users of OpenVPN 2.3-rc2-I001 through OpenVPN 2.3.2-I003
should upgrade their installations immediately.

A full list of changes is available here:

<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23>

The changelog is also attached to this email.

For generic help use these support channels:

- Official documentation:
<http://openvpn.net/index.php/open-source/documentation/howto.html>
- Wiki: <https://community.openvpn.net>
- Forums: <https://forums.openvpn.net>
- User mailing list: <http://sourceforge.net/mail/?group_id=48978>
- User IRC channel: #openvpn at irc.freenode.net

Please report bugs and ask development questions here:

- Bug tracker and Wiki: <https://community.openvpn.net>
- Developer mailing list: <http://sourceforge.net/mail/?group_id=48978>
- Developer IRC channel: #openvpn-devel at irc.freenode.net (requires
  Freenode registration)

-- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock

Alon Bar-Lev (1):
  pkcs11: use generic evp key instead of rsa

Arne Schwabe (8):
  Add support of utun devices under Mac OS X
  Add support to ignore specific options.
  Add a note what setenv opt does for OpenVPN < 2.3.3
  Add reporting of UI version to basic push-peer-info set.
  Fix compile error in ssl_openssl introduced by polar external-management 
patch
  Fix assertion when SIGUSR1 is received while getaddrinfo is successful
  Add warning for using connection block variables after connection blocks
  Introduce safety check for http proxy options

David Sommerseth (5):
  man page: Update man page about the tls_digest_{n} environment variable
  Remove the --disable-eurephia configure option
  plugin: Extend the plug-in v3 API to identify the SSL implementation used
  autoconf: Fix typo
  Fix file checks when --chroot is being used

Davide Brini (1):
  Document authfile for socks server

Gert Doering (9):
  Fix IPv6 examples in t_client.rc-sample
  Fix slow memory drain on each client renegotiation.
  t_client.sh: ignore fields from "ip -6 route show" output that distort 
results.
  Make code and documentation for --remote-random-hostname consistent.
  Reduce IV_OPENVPN_GUI_VERSION= to IV_GUI_VER=
  Document issue with --chroot, /dev/urandom and PolarSSL.
  Rename 'struct route' to 'struct route_ipv4'
  Replace copied structure elements with including 
  Workaround missing SSL_OP_NO_TICKET in earlier OpenSSL versions

Heikki Hannikainen (1):
  Always load intermediate certificates from a PKCS#12 file

Heiko Hund (2):
  Support non-ASCII TAP adapter names on Windows
  Support non-ASCII characters in Windows tmp path

James Yonan (3):

  TLS version negotiation
  Added "setenv opt" directive prefix.
  Set SSL_OP_NO_TICKET flag in SSL context for OpenSSL builds, to disable 
TLS stateless session resumption.

Jens Wagner (1):
  Fix spurious ignoring of pushed config options (trac#349).

Joachim Schipper (3):
  Refactor tls_ctx_use_external_private_key()
  --management-external-key for PolarSSL
  external_pkcs1_sign: Support non-RSA_SIG_RAW hash_ids

Josh Cepek (2):
  Correct error text when no Windows TAP device is present
  Require a 1.2.x PolarSSL version

Klee Dienes (1):
  tls_ctx_load_ca: Improve certificate error messages

Max Muster (1):
  Remove duplicate cipher entries from TLS translation table.

Peter Sagerson (1):
  Fix configure interaction with static OpenSSL libraries

Steffan Karger (7):
  Do not pass struct tls_session* as void* in key_state_ssl_init().
  Require polarssl >= 1.2.10 for polarssl-builds, which fixes CVE-2013-5915.
  Use RSA_generate_key_ex() instead of deprecated, RSA_generate_key()
  Also update TLSv1_method() calls in support code to SSLv23_method() calls.
  Update TLSv1 error messages to SSLv23 to reflect changes from commit 
4b67f98
  If --tls-cipher is supplied, make --show-tls parse the list.
  Add openssl-specific common cipher list names to ssl.c.

Tamas TEVESZ (1):
  Add support for client-cert-not-required for PolarSSL.

Thomas Veerman (1):
  Fix "." in description of utun.



[Openvpn-announce] OpenVPN 2.3.2 released

2013-06-03 Thread Samuli Seppänen
The OpenVPN community project team is proud to release OpenVPN 2.3.2. It
can be downloaded from here:

<http://openvpn.net/index.php/open-source/downloads.html>

This release contains a number of bug fixes and small enhancements. In
addition, the Windows installer is bundled with an updated OpenVPN-GUI.
A full list of changes is available here:

<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23>

The changelog is also attached to this email.

For generic help use these support channels:

- Official documentation:
<http://openvpn.net/index.php/open-source/documentation/howto.html>
- Wiki: <https://community.openvpn.net>
- Forums: <https://forums.openvpn.net>
- User mailing list: <http://sourceforge.net/mail/?group_id=48978>
- User IRC channel: #openvpn at irc.freenode.net

Please report bugs and ask development questions here:

- Bug tracker and Wiki: <https://community.openvpn.net>
- Developer mailing list: <http://sourceforge.net/mail/?group_id=48978>
- Developer IRC channel: #openvpn-devel at irc.freenode.net (requires
  Freenode registration)

-- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock

Arne Schwabe (3):
  Only print script warnings when a script is used. Remove stray mention of 
script-security system.
  Move settings of user script into set_user_script function
  Move checking of script file access into set_user_script

Davide Brini (1):
  Provide more accurate warning message

Gert Doering (3):
  Fix NULL-pointer crash in route_list_add_vpn_gateway().
  Fix problem with UDP tunneling due to mishandled pktinfo structures.
  Preparing for v2.3.2 (ChangeLog, version.m4)

James Yonan (1):
  Always push basic set of peer info values to server.

Jan Just Keijser (1):
  make 'explicit-exit-notify' pullable again

Josh Cepek (2):
  Fix proto tcp6 for server & non-P2MP modes
  Fix Windows script execution when called from script hooks

Steffan Karger (2):
  Fixed tls-cipher translation bug in openssl-build
  Fixed usage of stale define USE_SSL to ENABLE_SSL

svimik (1):
  Fix segfault when enabling pf plug-ins



[Openvpn-announce] OpenVPN 2.3.2 released

2013-06-03 Thread Samuli Seppänen
The OpenVPN community project team is proud to release OpenVPN 2.3.2. It
can be downloaded from here:

<http://openvpn.net/index.php/open-source/downloads.html>

This release contains a number of bug fixes and small enhancements. In
addition, the Windows installer is bundled with an updated OpenVPN-GUI.
A full list of changes is available here:

<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23>

The changelog is also attached to this email.

For generic help use these support channels:

- Official documentation:
<http://openvpn.net/index.php/open-source/documentation/howto.html>
- Wiki: <https://community.openvpn.net>
- Forums: <https://forums.openvpn.net>
- User mailing list: <http://sourceforge.net/mail/?group_id=48978>
- User IRC channel: #openvpn at irc.freenode.net

Please report bugs and ask development questions here:

- Bug tracker and Wiki: <https://community.openvpn.net>
- Developer mailing list: <http://sourceforge.net/mail/?group_id=48978>
- Developer IRC channel: #openvpn-devel at irc.freenode.net (requires
  Freenode registration)

-- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock

Arne Schwabe (3):
  Only print script warnings when a script is used. Remove stray mention of 
script-security system.
  Move settings of user script into set_user_script function
  Move checking of script file access into set_user_script

Davide Brini (1):
  Provide more accurate warning message

Gert Doering (3):
  Fix NULL-pointer crash in route_list_add_vpn_gateway().
  Fix problem with UDP tunneling due to mishandled pktinfo structures.
  Preparing for v2.3.2 (ChangeLog, version.m4)

James Yonan (1):
  Always push basic set of peer info values to server.

Jan Just Keijser (1):
  make 'explicit-exit-notify' pullable again

Josh Cepek (2):
  Fix proto tcp6 for server & non-P2MP modes
  Fix Windows script execution when called from script hooks

Steffan Karger (2):
  Fixed tls-cipher translation bug in openssl-build
  Fixed usage of stale define USE_SSL to ENABLE_SSL

svimik (1):
  Fix segfault when enabling pf plug-ins



[Openvpn-announce] OpenVPN 2.3.0 released

2013-01-08 Thread Samuli Seppänen
The OpenVPN community project team is proud to release OpenVPN
2.3.0. It can be downloaded from here:

<http://openvpn.net/index.php/open-source/downloads.html>

This release includes two bug fixes. A full list of changes is available
here:

<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23>

The changelog is also attached to this email.

For generic help use these support channels:

- Official documentation:
<http://openvpn.net/index.php/open-source/documentation/howto.html>
- Wiki: <https://community.openvpn.net>
- Forums: <https://forums.openvpn.net>
- User mailing list: <http://sourceforge.net/mail/?group_id=48978>
- User IRC channel: #openvpn at irc.freenode.net

Please report bugs and ask development questions here:

- Bug tracker and Wiki: <https://community.openvpn.net>
- Developer mailing list: <http://sourceforge.net/mail/?group_id=48978>
- Developer IRC channel: #openvpn-devel at irc.freenode.net (requires
  Freenode registration)

-- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock



David Sommerseth (1):
  Preparing for v2.3.0

Gert Doering (2):
  Fix parameter type for IP_TOS setsockopt on non-Linux systems.
  Fix client crash on double PUSH_REPLY.



[Openvpn-announce] OpenVPN 2.3.0 released

2013-01-08 Thread Samuli Seppänen
The OpenVPN community project team is proud to release OpenVPN
2.3.0. It can be downloaded from here:

<http://openvpn.net/index.php/open-source/downloads.html>

This release includes two bug fixes. A full list of changes is available
here:

<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23>

The changelog is also attached to this email.

For generic help use these support channels:

- Official documentation:
<http://openvpn.net/index.php/open-source/documentation/howto.html>
- Wiki: <https://community.openvpn.net>
- Forums: <https://forums.openvpn.net>
- User mailing list: <http://sourceforge.net/mail/?group_id=48978>
- User IRC channel: #openvpn at irc.freenode.net

Please report bugs and ask development questions here:

- Bug tracker and Wiki: <https://community.openvpn.net>
- Developer mailing list: <http://sourceforge.net/mail/?group_id=48978>
- Developer IRC channel: #openvpn-devel at irc.freenode.net (requires
  Freenode registration)

-- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock



David Sommerseth (1):
  Preparing for v2.3.0

Gert Doering (2):
  Fix parameter type for IP_TOS setsockopt on non-Linux systems.
  Fix client crash on double PUSH_REPLY.



[Openvpn-announce] OpenVPN 2.3_rc1 released

2012-10-31 Thread Samuli Seppänen
The OpenVPN community project team is proud to release OpenVPN
2.3_rc1. It can be downloaded from here:

<http://openvpn.net/index.php/open-source/downloads.html>

This release fixes a number of small issues. It also removes support for
the "system" method for the "script-security" option, which requires
changes to OpenVPN configuration in some cases; for details, look here:

<https://community.openvpn.net/openvpn/ticket/228>

In addition, an updated GUI is included in the Windows installer.

<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23>

A full list of new features and the changelog are available here:

<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23>

The changelog is also attached to this email.

For generic help use these support channels:

- Official documentation:
<http://openvpn.net/index.php/open-source/documentation/howto.html>
- Wiki: <https://community.openvpn.net>
- Forums: <https://forums.openvpn.net>
- User mailing list: <http://sourceforge.net/mail/?group_id=48978>
- User IRC channel: #openvpn at irc.freenode.net

Please report bugs and ask development questions here:

- Bug tracker and Wiki: <https://community.openvpn.net>
- Developer mailing list: <http://sourceforge.net/mail/?group_id=48978>
- Developer IRC channel: #openvpn-devel at irc.freenode.net (requires
  Freenode registration)

-- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock




Adriaan de Jong (1):
  Fixed a bug where PolarSSL gave an error when using an inline file tag.

Arne Schwabe (2):
  Document man agent-external-key
  Options parsing demands unnecessary configuration if PKCS11 is used

David Sommerseth (3):
  Make git ignore some more files
  Remove the support for using system() when executing external programs or 
scripts
  Preparing for v2.3_rc1

Heiko Hund (2):
  Fix display of plugin hook types
  Support UTF-8 --client-config-dir

Kenneth Rose (1):
  Fix v3 plugins to support returning values back to OpenVPN.



[Openvpn-announce] OpenVPN 2.3_rc1 released

2012-10-31 Thread Samuli Seppänen
The OpenVPN community project team is proud to release OpenVPN
2.3_rc1. It can be downloaded from here:

<http://openvpn.net/index.php/open-source/downloads.html>

This release fixes a number of small issues. It also removes support for
the "system" method for the "script-security" option, which requires
changes to OpenVPN configuration in some cases; for details, look here:

<https://community.openvpn.net/openvpn/ticket/228>

In addition, an updated GUI is included in the Windows installer.

<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23>

A full list of new features and the changelog are available here:

<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23>

The changelog is also attached to this email.

For generic help use these support channels:

- Official documentation:
<http://openvpn.net/index.php/open-source/documentation/howto.html>
- Wiki: <https://community.openvpn.net>
- Forums: <https://forums.openvpn.net>
- User mailing list: <http://sourceforge.net/mail/?group_id=48978>
- User IRC channel: #openvpn at irc.freenode.net

Please report bugs and ask development questions here:

- Bug tracker and Wiki: <https://community.openvpn.net>
- Developer mailing list: <http://sourceforge.net/mail/?group_id=48978>
- Developer IRC channel: #openvpn-devel at irc.freenode.net (requires
  Freenode registration)

-- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock




Adriaan de Jong (1):
  Fixed a bug where PolarSSL gave an error when using an inline file tag.

Arne Schwabe (2):
  Document man agent-external-key
  Options parsing demands unnecessary configuration if PKCS11 is used

David Sommerseth (3):
  Make git ignore some more files
  Remove the support for using system() when executing external programs or 
scripts
  Preparing for v2.3_rc1

Heiko Hund (2):
  Fix display of plugin hook types
  Support UTF-8 --client-config-dir

Kenneth Rose (1):
  Fix v3 plugins to support returning values back to OpenVPN.



[Openvpn-announce] OpenVPN 2.3_beta1 released

2012-09-14 Thread Samuli Seppänen
The OpenVPN community project team is proud to release OpenVPN
2.3_beta1. It can be downloaded from here:

<http://openvpn.net/index.php/open-source/downloads.html>

This release includes several bugfixes, cleanups and minor enhancements.
In addition, the Windows installers comes with an updated version of
openvpn-gui. A full list of new features and the changelog is available
here:

<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23>

A full list of new features and the changelog are available here:

<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23>

The changelog is also attached to this email.

For generic help use these support channels:

- Official documentation:
<http://openvpn.net/index.php/open-source/documentation/howto.html>
- Wiki: <https://community.openvpn.net>
- Forums: <https://forums.openvpn.net>
- User mailing list: <http://sourceforge.net/mail/?group_id=48978>
- User IRC channel: #openvpn at irc.freenode.net

Please report bugs and ask development questions here:

- Bug tracker and Wiki: <https://community.openvpn.net>
- Developer mailing list: <http://sourceforge.net/mail/?group_id=48978>
- Developer IRC channel: #openvpn-devel at irc.freenode.net (requires
  Freenode registration)

-- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock



Arne Schwabe (7):
  Fixes error: --key fails with EXTERNAL_PRIVATE_KEY: No such file or 
directory if --management-external-key is used
  Merge almost identical create_socket_tcp and create_socket_tcp6
  Document the inlining of files in openvpn and document key-direction
  Merge getaddr_multi and getaddr6 into one function
  Document --management-client and --management-signal a bit better
  Document that keep alive will double the second value in server mode and 
give a short explanation why the value is chosen.
  Add checks for external-key-managements

David Sommerseth (1):
  Fix reconnect issues when --push and UDP is used on the server

Gert Doering (4):
  Reduce --version string detail about IPv6 to just "[IPv6]".
  Put actual OpenVPN command line on top of corresponding log file.
  Keep pre-existing tun/tap devices around on *BSD
  make "ipv6 ifconfig" on linux compatible with busybox ifconfig

Heiko Hund (6):
  fix regression with --http-proxy[-*] options
  add x_msg_va() log function
  add API for plug-ins to write to openvpn log
  remove stale _openssl_get_subject() prototype
  remove unused flag SSLF_NO_NAME_REMAPPING
  Add --compat-names option



[Openvpn-announce] OpenVPN 2.3_beta1 released

2012-09-14 Thread Samuli Seppänen
The OpenVPN community project team is proud to release OpenVPN
2.3_beta1. It can be downloaded from here:

<http://openvpn.net/index.php/open-source/downloads.html>

This release includes several bugfixes, cleanups and minor enhancements.
In addition, the Windows installers comes with an updated version of
openvpn-gui. A full list of new features and the changelog is available
here:

<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23>

A full list of new features and the changelog are available here:

<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23>

The changelog is also attached to this email.

For generic help use these support channels:

- Official documentation:
<http://openvpn.net/index.php/open-source/documentation/howto.html>
- Wiki: <https://community.openvpn.net>
- Forums: <https://forums.openvpn.net>
- User mailing list: <http://sourceforge.net/mail/?group_id=48978>
- User IRC channel: #openvpn at irc.freenode.net

Please report bugs and ask development questions here:

- Bug tracker and Wiki: <https://community.openvpn.net>
- Developer mailing list: <http://sourceforge.net/mail/?group_id=48978>
- Developer IRC channel: #openvpn-devel at irc.freenode.net (requires
  Freenode registration)

-- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock



Arne Schwabe (7):
  Fixes error: --key fails with EXTERNAL_PRIVATE_KEY: No such file or 
directory if --management-external-key is used
  Merge almost identical create_socket_tcp and create_socket_tcp6
  Document the inlining of files in openvpn and document key-direction
  Merge getaddr_multi and getaddr6 into one function
  Document --management-client and --management-signal a bit better
  Document that keep alive will double the second value in server mode and 
give a short explanation why the value is chosen.
  Add checks for external-key-managements

David Sommerseth (1):
  Fix reconnect issues when --push and UDP is used on the server

Gert Doering (4):
  Reduce --version string detail about IPv6 to just "[IPv6]".
  Put actual OpenVPN command line on top of corresponding log file.
  Keep pre-existing tun/tap devices around on *BSD
  make "ipv6 ifconfig" on linux compatible with busybox ifconfig

Heiko Hund (6):
  fix regression with --http-proxy[-*] options
  add x_msg_va() log function
  add API for plug-ins to write to openvpn log
  remove stale _openssl_get_subject() prototype
  remove unused flag SSLF_NO_NAME_REMAPPING
  Add --compat-names option



[Openvpn-announce] OpenVPN 2.3_alpha3 released

2012-07-25 Thread Samuli Seppänen
The OpenVPN community project team is proud to release OpenVPN
2.3_alpha3. It can be downloaded from here:

<http://openvpn.net/index.php/open-source/downloads.html>

This release fixes a major problem in "tap server" mode (Trac #216),
adds support for querying proxy information via the management interface
and fixes some smaller issues. In addition, the Windows installer comes
with tap-windows-9.9.2 (fixes the "DHCP NAK bomb on Windows 7" bug, Trac
#97) and  openvpn-gui-1.0.5.

A full list of new features and the changelog are available here:

<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23>

The changelog is also attached to this email.

For generic help use these support channels:

- Official documentation:
<http://openvpn.net/index.php/open-source/documentation/howto.html>
- Wiki: <https://community.openvpn.net>
- Forums: <https://forums.openvpn.net>
- User mailing list: <http://sourceforge.net/mail/?group_id=48978>
- User IRC channel: #openvpn at irc.freenode.net

Please report bugs and ask development questions here:

- Bug tracker and Wiki: <https://community.openvpn.net>
- Developer mailing list: <http://sourceforge.net/mail/?group_id=48978>
- Developer IRC channel: #openvpn-devel at irc.freenode.net (requires
  Freenode registration)

-- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock


2012.07.20 -- Version 2.3_alpha3
Arne Schwabe (1):
  Fix compiling with --disable-management

Gert Doering (1):
  Repair "tap server" mode brokenness caused by  fallout

Heiko Hund (4):
  make non-blocking connect work on Windows
  don't treat socket related errors special anymore
  remove unused show_connection_list debug function
  add option --management-query-proxy


[Openvpn-announce] OpenVPN 2.3_alpha3 released

2012-07-25 Thread Samuli Seppänen
The OpenVPN community project team is proud to release OpenVPN
2.3_alpha3. It can be downloaded from here:

<http://openvpn.net/index.php/open-source/downloads.html>

This release fixes a major problem in "tap server" mode (Trac #216),
adds support for querying proxy information via the management interface
and fixes some smaller issues. In addition, the Windows installer comes
with tap-windows-9.9.2 (fixes the "DHCP NAK bomb on Windows 7" bug, Trac
#97) and  openvpn-gui-1.0.5.

A full list of new features and the changelog are available here:

<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23>

The changelog is also attached to this email.

For generic help use these support channels:

- Official documentation:
<http://openvpn.net/index.php/open-source/documentation/howto.html>
- Wiki: <https://community.openvpn.net>
- Forums: <https://forums.openvpn.net>
- User mailing list: <http://sourceforge.net/mail/?group_id=48978>
- User IRC channel: #openvpn at irc.freenode.net

Please report bugs and ask development questions here:

- Bug tracker and Wiki: <https://community.openvpn.net>
- Developer mailing list: <http://sourceforge.net/mail/?group_id=48978>
- Developer IRC channel: #openvpn-devel at irc.freenode.net (requires
  Freenode registration)

-- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock


2012.07.20 -- Version 2.3_alpha3
Arne Schwabe (1):
  Fix compiling with --disable-management

Gert Doering (1):
  Repair "tap server" mode brokenness caused by  fallout

Heiko Hund (4):
  make non-blocking connect work on Windows
  don't treat socket related errors special anymore
  remove unused show_connection_list debug function
  add option --management-query-proxy


[Openvpn-announce] OpenVPN 2.3_alpha2 released

2012-07-04 Thread Samuli Seppänen
The OpenVPN community project team is proud to release OpenVPN
2.3_alpha2. It can be downloaded from here:

<http://openvpn.net/index.php/open-source/downloads.html>

The largest change in OpenVPN 2.3_alpha2 is the split into several
subprojects (thanks go to Alon Bar-Lev):

- openvpn (the core project)
- tap-windows (Windows TAP-driver)
- easy-rsa (PKI management package)
- openvpn-build (external buildsystem)
  - "generic": cross-compile on *NIX platforms (e.g. Linux -> Windows)
  - "msvc": build using MSVC on Windows
  - "windows-nsis": generate Windows installers on *NIX

These changes have resulted in a number of user-visible changes:

- Separate 32- and 64-bit installers for Windows (see INSTALL-win32.txt)
- Old "domake-win" and Python-based buildsystems have been removed
- "easy-rsa" and "tap-windows" removed from the OpenVPN Git tree
- All Windows executables and libraries cross-compiled with mingw_w64
and signed
- Rewrite of the openvpn autotools buildsystem

In addition, there a number of changes not related to the above:

- Many bugfixes
- Stabilized the PolarSSL support
- Enabled IPv6 support on OSX
- General code cleanup
- Improved UTF-8 support in Windows

Note that a few changes have been made which may affect existing
installations. A list of new features and the changelog are available here:

<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23>

The changelog is also attached to this email.

For generic help use these support channels:

- Official documentation:
<http://openvpn.net/index.php/open-source/documentation/howto.html>
- Wiki: <https://community.openvpn.net>
- Forums: <https://forums.openvpn.net>
- User mailing list: <http://sourceforge.net/mail/?group_id=48978>
- User IRC channel: #openvpn at irc.freenode.net

Please report bugs and ask development questions here:

- Bug tracker and Wiki: <https://community.openvpn.net>
- Developer mailing list: <http://sourceforge.net/mail/?group_id=48978>
- Developer IRC channel: #openvpn-devel at irc.freenode.net (requires
  Freenode registration)

-- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock
Adriaan de Jong (11):
  Fixed off-by-one in serial length calculation
  Migrated x509_get_subject to use of the garbage collector
  Migrated x509_get_serial to use the garbage collector
  Migrated x509_get_sha1_hash to use the garbage collector
  Ensure sys/un.h autoconf detection includes sys/socket.h
  Added support for new PolarSSL 1.1 RNG
  Added a configuration option to enable prediction resistance in the 
PolarSSL random number generator.
  Use POLARSSL_CFLAGS instead of POLARSSL_CRYPTO_CFLAGS in configure.ac
  Removed support for PolarSSL < 1.1
  Updated README.polarssl with build system changes.
  Removed stray "Fox-IT hardening" string.

Alon Bar-Lev (94):
  build: version should not contain '-'
  package: rpm: strip should be handled by package management
  cleanup: options.c: remove redundant include
  cleanup: remove C++ warnings
  cleanup: win32.c: wrong printf format
  cleanup: remove redundant ';'
  cleanup: crypto_openssl.c: remove support for pre-openssl-0.9.6
  cleanup: tun.c: fix incorrect option in message (ip-win32)
  cleanup: memcmp.c: remove unused source
  fixup: init.c: add missing conditional for ENABLE_CLIENT_CR
  build: correct place to alter WINVER is at build system
  Update .gitignore
  build: handle printf style format in mingw
  build: rename plugin directory to plugins
  build: plugins: properly use CC, CFLAGS and LDFLAGS
  build: we need the sample.ovpn in future
  Remove install-win32
  Remove easy-rsa
  Remove tap-win32
  cleanup: rename tap-windows function from win32 to win
  build: remove windows specific build system
  build: split acinclude.m4 into m4/*
  build: m4/ax_varargs.m4: cleanup
  build: m4/ax_emptyarray.m4: cleanup
  build: m4/ax_socklen_t.m4: cleanup
  build: autotools: first pass of trivial autotools changes
  build: autoconf: remove OPENVPN_ADD_LIBS useless macro
  build: remove awk and non-standard autoconf output processing
  build: standard directory layout
  build: add libtool + windows resources for executables
  build: autoconf: commands as environment
  build: libdl usage
  build: properly detect and use socket libs
  build: autoconf: minor cleanups
  build: proper selinux detection and usage
  build: distribute pkg.m4
  build: proper pkcs11-helper detection and usage
  build: properly process lzo-stub
  build: proper lzo detection and usage
  build: proper crypto detection and usage
  build: autoconf: update defaults for options
  build: win-msvc: msbuild format
  build: move out config.h incl

[Openvpn-announce] OpenVPN 2.3_alpha2 released

2012-07-04 Thread Samuli Seppänen
The OpenVPN community project team is proud to release OpenVPN
2.3_alpha2. It can be downloaded from here:

<http://openvpn.net/index.php/open-source/downloads.html>

The largest change in OpenVPN 2.3_alpha2 is the split into several
subprojects (thanks go to Alon Bar-Lev):

- openvpn (the core project)
- tap-windows (Windows TAP-driver)
- easy-rsa (PKI management package)
- openvpn-build (external buildsystem)
  - "generic": cross-compile on *NIX platforms (e.g. Linux -> Windows)
  - "msvc": build using MSVC on Windows
  - "windows-nsis": generate Windows installers on *NIX

These changes have resulted in a number of user-visible changes:

- Separate 32- and 64-bit installers for Windows (see INSTALL-win32.txt)
- Old "domake-win" and Python-based buildsystems have been removed
- "easy-rsa" and "tap-windows" removed from the OpenVPN Git tree
- All Windows executables and libraries cross-compiled with mingw_w64
and signed
- Rewrite of the openvpn autotools buildsystem

In addition, there a number of changes not related to the above:

- Many bugfixes
- Stabilized the PolarSSL support
- Enabled IPv6 support on OSX
- General code cleanup
- Improved UTF-8 support in Windows

Note that a few changes have been made which may affect existing
installations. A list of new features and the changelog are available here:

<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23>

The changelog is also attached to this email.

For generic help use these support channels:

- Official documentation:
<http://openvpn.net/index.php/open-source/documentation/howto.html>
- Wiki: <https://community.openvpn.net>
- Forums: <https://forums.openvpn.net>
- User mailing list: <http://sourceforge.net/mail/?group_id=48978>
- User IRC channel: #openvpn at irc.freenode.net

Please report bugs and ask development questions here:

- Bug tracker and Wiki: <https://community.openvpn.net>
- Developer mailing list: <http://sourceforge.net/mail/?group_id=48978>
- Developer IRC channel: #openvpn-devel at irc.freenode.net (requires
  Freenode registration)

-- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock
Adriaan de Jong (11):
  Fixed off-by-one in serial length calculation
  Migrated x509_get_subject to use of the garbage collector
  Migrated x509_get_serial to use the garbage collector
  Migrated x509_get_sha1_hash to use the garbage collector
  Ensure sys/un.h autoconf detection includes sys/socket.h
  Added support for new PolarSSL 1.1 RNG
  Added a configuration option to enable prediction resistance in the 
PolarSSL random number generator.
  Use POLARSSL_CFLAGS instead of POLARSSL_CRYPTO_CFLAGS in configure.ac
  Removed support for PolarSSL < 1.1
  Updated README.polarssl with build system changes.
  Removed stray "Fox-IT hardening" string.

Alon Bar-Lev (94):
  build: version should not contain '-'
  package: rpm: strip should be handled by package management
  cleanup: options.c: remove redundant include
  cleanup: remove C++ warnings
  cleanup: win32.c: wrong printf format
  cleanup: remove redundant ';'
  cleanup: crypto_openssl.c: remove support for pre-openssl-0.9.6
  cleanup: tun.c: fix incorrect option in message (ip-win32)
  cleanup: memcmp.c: remove unused source
  fixup: init.c: add missing conditional for ENABLE_CLIENT_CR
  build: correct place to alter WINVER is at build system
  Update .gitignore
  build: handle printf style format in mingw
  build: rename plugin directory to plugins
  build: plugins: properly use CC, CFLAGS and LDFLAGS
  build: we need the sample.ovpn in future
  Remove install-win32
  Remove easy-rsa
  Remove tap-win32
  cleanup: rename tap-windows function from win32 to win
  build: remove windows specific build system
  build: split acinclude.m4 into m4/*
  build: m4/ax_varargs.m4: cleanup
  build: m4/ax_emptyarray.m4: cleanup
  build: m4/ax_socklen_t.m4: cleanup
  build: autotools: first pass of trivial autotools changes
  build: autoconf: remove OPENVPN_ADD_LIBS useless macro
  build: remove awk and non-standard autoconf output processing
  build: standard directory layout
  build: add libtool + windows resources for executables
  build: autoconf: commands as environment
  build: libdl usage
  build: properly detect and use socket libs
  build: autoconf: minor cleanups
  build: proper selinux detection and usage
  build: distribute pkg.m4
  build: proper pkcs11-helper detection and usage
  build: properly process lzo-stub
  build: proper lzo detection and usage
  build: proper crypto detection and usage
  build: autoconf: update defaults for options
  build: win-msvc: msbuild format
  build: move out config.h incl

[Openvpn-announce] OpenVPN 2.3-alpha1 released

2012-02-28 Thread Samuli Seppänen
The OpenVPN community project team is proud to release OpenVPN
2.3-alpha1. It can be downloaded from here:

<http://openvpn.net/index.php/open-source/downloads.html>

This release includes a few new major features:

 * Complete IPv6 support, both transport and payload
 * Optional PolarSSL support (build time configuration)
 * Improved plug-in API (v3) which can more easily be expanded in the
   future: includes support for direct access to X.509 certificate data in
   plug-ins
 * Several improvements to the management interface
 * One-to-one NAT to circumvent IP address conflicts between local and
   remote networks
 * New OpenVPN-GUI

Note that a few changes have been made which may affect existing
installations. A list of new features and the changelog are available here:

<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23>

The changelog is also attached to this email.

For generic help use these support channels:

- Official documentation:
<http://openvpn.net/index.php/open-source/documentation/howto.html>
- Wiki: <https://community.openvpn.net>
- Forums: <https://forums.openvpn.net>
- User mailing list: <http://sourceforge.net/mail/?group_id=48978>
- User IRC channel: #openvpn at irc.freenode.net

Please report bugs and ask development questions here:

- Bug tracker and Wiki: <https://community.openvpn.net>
- Developer mailing list: <http://sourceforge.net/mail/?group_id=48978>
- Developer IRC channel: #openvpn-devel at irc.freenode.net (requires
  Freenode registration)

-- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock




2012.02.21 -- Version 2.3-alpha1
Adriaan de Jong (127):
  Added Doxygen doxyfile
  Changed configure to accept --with-ssl-type=openssl
  Refactored to rand_bytes for OpenSSL-independency
  Refactored OpenSSL-specific constants
  Refactored maximum cipher and hmac length constants
  Refactored show_available_* functions
  Refactored SSL_clear_error()
  Refactored crypto initialisation functions
  Refactored DES key manipulation functions
  Refactored NTLM DES key generation
  Refactored message digest type functions
  Refactored message digest functions
  Refactored HMAC functions
  Refactored cipher key types
  Refactored cipher functions
  Added PRNG doxygen
  Refactored: Moved crypto.h inline functions to end of file
  Removed stale OpenSSL defines from crypto.h
  Added a check for Openssl or PolarSSL defines
  Refactored: Added stubs for new files
  Refactored SSL initialisation functions
  Refactored TLS_PRF to new hmac and md primitives
  Refactored tls_show_available_ciphers
  Refactored get_highest_preference_tls_cipher
  Refactored root SSL context initialisation
  Refactored new external key code
  Refactored DH paramater loading
  Refactored root TLS option settings
  Refactored PKCS#12 key loading
  Refactored PKCS#11 loading
  Refactored windows cert loading
  Refactored load certificate functions
  Refactored private key loading code
  Refactored external key loading from management
  Refactored CA and extra certs code
  Refactored cipher restriction code
  Refactored tls_options, key_state, and key_source data structures
  Refactored initalisation of key_states
  Refactored key_state free code
  Refactored print_details
  Refactored key_state read code (including bio_read())
  Refactored key_state write functions
  Refactored: Moved BIO debug functions to OpenSSL backend
  Refactored: removed ks and ks_lame macro for clarity
  Refactored: moved write_empty_string function back
  Refactored Doxygen for tls_multi functions
  Migrated data structures needed by verification functions to ssl_common.h
  Refactored client_config_dir_exclusive function
  Refactored certificate hash lock checks
  Refactored common name locking functions
  Refactored username and password authentication code
  Add some extra comments
  Refactored: split verify_callback into two parts
  Added function to extract and verify the subject from a certificate
  Added function to verify and extract the username
  Refactored: removed global x509_username_field
  Refactored: separated environment setup during verification
  Refactored: Netscape certificate type verification
  Refactored key usage verification code
  Refactored EKU verification
  Refactored tls-remote checking
  Refactored tls-verify-plugin code
  Refactored tls-verify script code
  Refactored CRL checks
  Minor cleanup in verify_cert:
  Refactored: Moved verify_cert to ssl_verify
  Cleaned up ssl.h
  Refactored: made M_SSL dependent on USE_OPENSSL
  Refactored: renamed X509 functions from verify_*
  Separated OpenSSL-specific parts of the PKCS#11 driver
  

[Openvpn-announce] OpenVPN 2.3-alpha1 released

2012-02-28 Thread Samuli Seppänen
The OpenVPN community project team is proud to release OpenVPN
2.3-alpha1. It can be downloaded from here:

<http://openvpn.net/index.php/open-source/downloads.html>

This release includes a few new major features:

 * Complete IPv6 support, both transport and payload
 * Optional PolarSSL support (build time configuration)
 * Improved plug-in API (v3) which can more easily be expanded in the
   future: includes support for direct access to X.509 certificate data in
   plug-ins
 * Several improvements to the management interface
 * One-to-one NAT to circumvent IP address conflicts between local and
   remote networks
 * New OpenVPN-GUI

Note that a few changes have been made which may affect existing
installations. A list of new features and the changelog are available here:

<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23>

The changelog is also attached to this email.

For generic help use these support channels:

- Official documentation:
<http://openvpn.net/index.php/open-source/documentation/howto.html>
- Wiki: <https://community.openvpn.net>
- Forums: <https://forums.openvpn.net>
- User mailing list: <http://sourceforge.net/mail/?group_id=48978>
- User IRC channel: #openvpn at irc.freenode.net

Please report bugs and ask development questions here:

- Bug tracker and Wiki: <https://community.openvpn.net>
- Developer mailing list: <http://sourceforge.net/mail/?group_id=48978>
- Developer IRC channel: #openvpn-devel at irc.freenode.net (requires
  Freenode registration)

-- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock




2012.02.21 -- Version 2.3-alpha1
Adriaan de Jong (127):
  Added Doxygen doxyfile
  Changed configure to accept --with-ssl-type=openssl
  Refactored to rand_bytes for OpenSSL-independency
  Refactored OpenSSL-specific constants
  Refactored maximum cipher and hmac length constants
  Refactored show_available_* functions
  Refactored SSL_clear_error()
  Refactored crypto initialisation functions
  Refactored DES key manipulation functions
  Refactored NTLM DES key generation
  Refactored message digest type functions
  Refactored message digest functions
  Refactored HMAC functions
  Refactored cipher key types
  Refactored cipher functions
  Added PRNG doxygen
  Refactored: Moved crypto.h inline functions to end of file
  Removed stale OpenSSL defines from crypto.h
  Added a check for Openssl or PolarSSL defines
  Refactored: Added stubs for new files
  Refactored SSL initialisation functions
  Refactored TLS_PRF to new hmac and md primitives
  Refactored tls_show_available_ciphers
  Refactored get_highest_preference_tls_cipher
  Refactored root SSL context initialisation
  Refactored new external key code
  Refactored DH paramater loading
  Refactored root TLS option settings
  Refactored PKCS#12 key loading
  Refactored PKCS#11 loading
  Refactored windows cert loading
  Refactored load certificate functions
  Refactored private key loading code
  Refactored external key loading from management
  Refactored CA and extra certs code
  Refactored cipher restriction code
  Refactored tls_options, key_state, and key_source data structures
  Refactored initalisation of key_states
  Refactored key_state free code
  Refactored print_details
  Refactored key_state read code (including bio_read())
  Refactored key_state write functions
  Refactored: Moved BIO debug functions to OpenSSL backend
  Refactored: removed ks and ks_lame macro for clarity
  Refactored: moved write_empty_string function back
  Refactored Doxygen for tls_multi functions
  Migrated data structures needed by verification functions to ssl_common.h
  Refactored client_config_dir_exclusive function
  Refactored certificate hash lock checks
  Refactored common name locking functions
  Refactored username and password authentication code
  Add some extra comments
  Refactored: split verify_callback into two parts
  Added function to extract and verify the subject from a certificate
  Added function to verify and extract the username
  Refactored: removed global x509_username_field
  Refactored: separated environment setup during verification
  Refactored: Netscape certificate type verification
  Refactored key usage verification code
  Refactored EKU verification
  Refactored tls-remote checking
  Refactored tls-verify-plugin code
  Refactored tls-verify script code
  Refactored CRL checks
  Minor cleanup in verify_cert:
  Refactored: Moved verify_cert to ssl_verify
  Cleaned up ssl.h
  Refactored: made M_SSL dependent on USE_OPENSSL
  Refactored: renamed X509 functions from verify_*
  Separated OpenSSL-specific parts of the PKCS#11 driver
  

[Openvpn-announce] OpenVPN 2.2.1 released

2011-07-06 Thread Samuli Seppänen
The OpenVPN community project team is proud to release OpenVPN 2.2.1. It
can be downloaded from here:

<http://openvpn.net/index.php/open-source/downloads.html>

Changes include:

- Fixed several build issues
- Updated easy-rsa for OpenSSL 1.0.0 (fixes Trac ticket #125)
- Man-page improvements

A more comprehensive list of changes is available here:

<http://openvpn.net/index.php/open-source/documentation/change-log/425-changelog-for-openvpn-22.html>

For generic help use these support channels:

- Official documentation:
<http://openvpn.net/index.php/open-source/documentation/howto.html>
- Wiki: <https://community.openvpn.net>
- Forums: <https://forums.openvpn.net>
- User mailing list: <http://sourceforge.net/mail/?group_id=48978>
- User IRC channel: #openvpn at irc.freenode.net

Please report bugs and ask development questions here:

- Bug tracker and Wiki: <https://community.openvpn.net>
- Developer mailing list: <http://sourceforge.net/mail/?group_id=48978>
- Developer IRC channel: #openvpn-devel at irc.freenode.net

Note that we've recently switched to using a different Git repository:



-- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock



[Openvpn-announce] OpenVPN 2.2.1 released

2011-07-06 Thread Samuli Seppänen
The OpenVPN community project team is proud to release OpenVPN 2.2.1. It
can be downloaded from here:

<http://openvpn.net/index.php/open-source/downloads.html>

Changes include:

- Fixed several build issues
- Updated easy-rsa for OpenSSL 1.0.0 (fixes Trac ticket #125)
- Man-page improvements

A more comprehensive list of changes is available here:

<http://openvpn.net/index.php/open-source/documentation/change-log/425-changelog-for-openvpn-22.html>

For generic help use these support channels:

- Official documentation:
<http://openvpn.net/index.php/open-source/documentation/howto.html>
- Wiki: <https://community.openvpn.net>
- Forums: <https://forums.openvpn.net>
- User mailing list: <http://sourceforge.net/mail/?group_id=48978>
- User IRC channel: #openvpn at irc.freenode.net

Please report bugs and ask development questions here:

- Bug tracker and Wiki: <https://community.openvpn.net>
- Developer mailing list: <http://sourceforge.net/mail/?group_id=48978>
- Developer IRC channel: #openvpn-devel at irc.freenode.net

Note that we've recently switched to using a different Git repository:



-- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock



[Openvpn-announce] OpenVPN 2.2-RC2 released

2011-03-25 Thread Samuli Seppänen
The OpenVPN community project team is proud to release OpenVPN 2.2-RC2.
It can be downloaded from here:

<http://openvpn.net/index.php/open-source/downloads.html>

Changes include:

* Turn off ENABLE_CLIENT_ONLY build setting that disabled all server
functionality (turned on in 2.2-RC by mistake)
* Implement IPv6 in TUN mode for Windows TAP driver
* Several buildsystem fixes and enhancements
* Several man-page fixes

A more comprehensive list of changes is available here:

<http://openvpn.net/index.php/open-source/documentation/change-log/425-changelog-for-openvpn-22.html>

If you find a bug in this release, please file a bug report to our Trac
bug tracker:

<https://community.openvpn.net>

In uncertain cases please contact our developers first, either using the
openvpn-devel mailinglist (http://sourceforge.net/mail/?group_id=48978)
or the developer IRC channel (#openvpn-devel at irc.freenode.net).

NOTE: In production environments you should use the latest stable
release, not this release candidate build.

-- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock




[Openvpn-announce] OpenVPN 2.2-RC2 released

2011-03-25 Thread Samuli Seppänen
The OpenVPN community project team is proud to release OpenVPN 2.2-RC2.
It can be downloaded from here:

<http://openvpn.net/index.php/open-source/downloads.html>

Changes include:

* Turn off ENABLE_CLIENT_ONLY build setting that disabled all server
functionality (turned on in 2.2-RC by mistake)
* Implement IPv6 in TUN mode for Windows TAP driver
* Several buildsystem fixes and enhancements
* Several man-page fixes

A more comprehensive list of changes is available here:

<http://openvpn.net/index.php/open-source/documentation/change-log/425-changelog-for-openvpn-22.html>

If you find a bug in this release, please file a bug report to our Trac
bug tracker:

<https://community.openvpn.net>

In uncertain cases please contact our developers first, either using the
openvpn-devel mailinglist (http://sourceforge.net/mail/?group_id=48978)
or the developer IRC channel (#openvpn-devel at irc.freenode.net).

NOTE: In production environments you should use the latest stable
release, not this release candidate build.

-- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock