Software-update: OpenVPN 2.4.8

OpenVPN is een robuuste en gemakkelijk in te stellen opensource-vpn-daemon waarmee verschillende private networks aan elkaar geknoopt kunnen worden door middel van een encrypted tunnel via internet. Voor de beveiliging wordt gebruikgemaakt van de OpenSSL-library, waarmee alle encryptie, authenticatie en certificatie kunnen worden afgehandeld. Voor meer informatie verwijzen we naar deze pagina en een installatiehandleiding is op deze pagina te raadplegen. De ontwikkelaars hebben al weer even geleden versie 2.4.8 uitgebracht, met de volgende veranderingen:

OpenVPN 2.4.8

This is primarily a maintenance release with bugfixes and improvements. The Windows installers (I601) have several improvements compared to the previous release:

• New tap-windows6 driver (9.24.2) which fixes some suspend and resume issues
• Latest OpenVPN-GUI
• Considerable performance boost due to new compiler optimization flags

A summary of the changes is available in Changes.rst, and a full list of changes is available here.

Please note that LibreSSL is not a supported crypto backend. We accept patches and we do test on OpenBSD 6.0 which comes with LibreSSL, but if newer versions of LibreSSL break API compatibility we do not take responsibility to fix that.

Also note that Windows installers have been built with NSIS version that has been patched against several NSIS installer code execution and privilege escalation problems. Based on our testing, though, older Windows versions such as Windows 7 might not benefit from these fixes. We thus strongly encourage you to always move NSIS installers to a non-user-writeable location before running them. We are moving to MSI installers in OpenVPN 2.5, but OpenVPN 2.4.x will remain NSIS-only.

New features

• Support compiling with OpenSSL 1.1 without deprecated APIs
• handle PSS padding in cryptoapicert (necessary for TLS >= 1.2)

User visible changes

• do not abort when hitting the combination of "--pull-filter" and "--mode server" (this got hit when starting OpenVPN servers using the windows GUI which installs a pull-filter to force ip-win32)
• increase listen() backlog queue to 32 (improve response behaviour on openvpn servers using TCP that get portscanned) fix and enhance documentation (INSTALL, man page, ...)

Bug fixes

• the combination "IPv6 and proto UDP and SOCKS proxy" did not work - as a workaround, force IPv4 in this case until a full implementation for IPv6-UDP-SOCKS can be made.
• fix IPv6 routes on tap interfaces on OpenSolaris/OpenIndiana
• fix building with LibreSSL
• do not set pkcs11-helper 'safe fork mode' (should fix PIN querying in systemd environments)
• repair windows builds
• repair Darwin builds (remove -no-cpp-precomp flag)