OpenVPN is een robuuste en gemakkelijk in te stellen opensource-vpn-daemon waarmee verschillende private networks aan elkaar geknoopt kunnen worden door middel van een encrypted tunnel via internet. Voor de beveiliging wordt gebruikgemaakt van de OpenSSL-library, waarmee alle encryptie, authenticatie en certificatie kunnen worden afgehandeld. De ontwikkelaars hebben versie 2.5.2 uitgebracht en de belangrijkste veranderingen daarin zijn hieronder voor je op een rijtje gezet.
BugfixesUser-visible Changes
- CVE-2020-15078 see this for more information.
This bug allows - under very specific circumstances - to trick a server using delayed authentication (plugin or management) into returning a PUSH_REPLY before the AUTH_FAILED message, which can possibly be used to gather information about a VPN setup.
In combination with "--auth-gen-token" or an user-specific token auth solution it can be possible to get access to a VPN with an otherwise-invalid account.- restore pushed "ping" settings correctly on a SIGUSR1 restart
- avoid generating unecessary mbed debug messages - this is actually a workaround for an mbedTLS 2.25 bug when using Curve25519 and Curve448 ED curves - mbedTLS crashes on preparing debug infos that we do not actually need unless running with "--verb 8"
- do not print inlined (<dh>...</dh>) Diffie Hellman parameters to log file
- fix Linux/SITNL default route lookup in case of multiple routing tables with more than one default route present (always use "main table" for now)
- Fix CRL file handling in combination with chroot
New features
- OpenVPN will now refuse to start if CRL file is not present at startup time. At "reload time" absense of the CRL file is still OK (and the in memory copy is used) but at startup it is now considered an error.
- printing of the TLS ciphers negotiated has been extended, especially displaying TLS 1.3 and EC certificates more correctly.
:fill(white):strip_exif()/i/2003549196.jpeg?f=thumbmedium)