OpenVPN is een robuuste en gemakkelijk in te stellen opensource vpn-daemon waarmee verschillende private netwerken aan elkaar geknoopt kunnen worden via een versleutelde tunnel over internet. Voor de beveiliging wordt gebruikgemaakt van de OpenSSL-library, waarmee alle encryptie, authenticatie en certificatie kunnen worden afgehandeld. Sinds versie 2.6.17 zijn de volgende veranderingen en verbeteringen doorgevoerd:
Overview of changes in 2.6.19
Bugfixes
make distwould fail to pack unit_tests/openvpn/test_common.h, breakingmake checkon the tarball if cmocka is installed. Fix.Overview of changes in 2.6.18
New features / User visible changesCode maintenance / Compat changes
- disable DCO if
--bind-devoption is given (no support for this in the old out-of-kernel Linux DCO implementation)- on Windows, if using
--ip-win32 netshand not using the interactive service, IPv4 addresses would be installed as "permanent", possibly causing problems later on with using that IPv4 address on a different interface. Change to "store=active". (GH: #915)Documentation updates
- backport fixes needed to build unit tests with cmocka 2.0.0 and -Werror (some parts of the old API have been deprecated and would raise warnings)
- backport "ensure that all unit tests use unbuffered stdout+stderr" change, otherwise we get no output at all if a unit test crashes
- add explicit error message for failing read in multi_process_file_closed() (reported by SRL)
- test framework: permit overriding the openvpn binary called
- configure.ac: remove use of PKCS11_HELPER_LIBS in mbedTLS checks (old code, purpose unclear, effects non-useful)
- configure.ac: try to use pkg-config to detect mbedTLS
Bugfixes
- improve pull-filter documentation, emphasizing possible problems if used as a naive security measure (reported by SRLabs).
- p2mp server: fix incorrect file descriptor handling on "inotify" FD during a SIGUSR1 restart (GH: #966)
- management interface: fix bug where
--management-forget-disconnectand--management-signalcould be executed even if password authentication to managment interface was still pending (Zeropath finding)- repair client-side interaction on reconnect between DCO event handling and
--persist-tun- after a ping timeout and reconnect, the DCO event handler would not be armed, and the next ping timeout would not be received by userland, causing non-working connections with nothing in the openvpn log (Linux and FreeBSD only, GH: #947)- prevent crash on invalid server-ipv6 argument, calling freeaddrinfo() with a NULL pointer. This only affects OpenBSD. (Klemens Nanni).
:fill(white):strip_exif()/i/2003549196.jpeg?f=thumbmedium)
:strip_icc():strip_exif()/u/219282/crop65bfaacd66e4c_cropped.jpg?f=community){kind=small}
:strip_icc():strip_exif()/u/270010/user.jpg?f=community){kind=small}