The OpenVPN community project team is proud to release OpenVPN 2.4.5. It can be downloaded from here:
<http://openvpn.net/index.php/open-source/downloads.html> This release includes a large number of fixes and enhancements. One of the biggest changes is that 2.4.5 Windows installers bundle OpenSSL 1.1.0 instead of OpenSSL 1.0.2 by default. The Windows installer also comes with OpenVPN GUI (11.10.0.0) that has a large number of fixes and improvements. Some easy-rsa 2 fixes are also included. Please note that LibreSSL is not a supported crypto backend. We accept patches and we do test on OpenBSD 6.0 which comes with LibreSSL, but if newer versions of LibreSSL break API compatibility we do not take responsibility to fix that. Also note that Windows installers have been built with NSIS version that has been patched against several NSIS installer code execution and privilege escalation problems: <https://community.openvpn.net/openvpn/wiki/NSISBug1125> Based on our testing, though, older Windows versions such as Windows 7 might not benefit from these fixes. We thus strongly encourage you to always move NSIS installers to a non-user-writeable location before running them. Our long-term plan is to migrate to using MSI installers instead. A summary of all included changes is available here: <https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst> A full list of changes is available here: <https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24> Compared to OpenVPN 2.3 this is a major update with a large number of new features, improvements and fixes. Some of the major features are AEAD (GCM) cipher and Elliptic Curve DH key exchange support, improved IPv4/IPv6 dual stack support and more seamless connection migration when client's IP address changes (Peer-ID). Also, the new --tls-crypt feature can be used to increase users' connection privacy. OpenVPN GUI bundled with the Windows installer has a large number of new features compared to the one bundled with OpenVPN 2.3. One of major features is the ability to run OpenVPN GUI without administrator privileges. For full details, look here: <https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24> The new OpenVPN GUI features are documented here: <https://github.com/OpenVPN/openvpn-gui> Please note that OpenVPN 2.4 installers will not work on Windows XP. For generic help use these support channels: Official documentation: <http://openvpn.net/index.php/open-source/documentation/howto.html> Wiki: <https://community.openvpn.net> Forums: <https://forums.openvpn.net> User mailing list: <http://sourceforge.net/mail/?group_id=48978> User IRC channel: #openvpn at irc.freenode.net Please report bugs and ask development questions here: Bug tracker and wiki: <https://community.openvpn.net> Developer mailing list: <http://sourceforge.net/mail/?group_id=48978> Developer IRC channel: #openvpn-devel at irc.freenode.net (requires Freenode registration) -- Samuli Seppänen Community Manager OpenVPN Technologies, Inc irc freenode net: mattock
Antonio Quartulli (4): reload HTTP proxy credentials when moving to the next connection profile Allow learning iroutes with network made up of all 0s (only if netbits < 8) mbedtls: fix typ0 in comment manpage: fix simple typ0 Arne Schwabe (2): Treat dhcp-option DNS6 and DNS identical show the right string for key-direction Bertrand Bonnefoy-Claudet (1): Fix typo in error message: "optione" -> "option" David Sommerseth (8): lz4: Fix confused version check lz4: Fix broken builds when pkg-config is not present but system library is Remove references to keychain-mcd in Changes.rst lz4: Rebase compat-lz4 against upstream v1.7.5 systemd: Add and ship README.systemd Update copyright to include 2018 plus company name change man: Add .TQ groff support macro man: Reword --management to prefer unix sockets over TCP Emmanuel Deloget (1): OpenSSL: check EVP_PKEY key types before returning the pkey Gert Doering (3): Remove warning on pushed tun-ipv6 option. Fix removal of on-link prefix on windows with netsh Preparing for release v2.4.5 (ChangeLog, version.m4, Changes.rst) Ilya Shipitsin (2): travis-ci: add brew cache, remove ccache travis-ci: modify openssl build script to support openssl-1.1.0 James Bottomley (1): autoconf: Fix engine checks for openssl 1.1 Jeremie Courreges-Anglas (2): Cast time_t to long long in order to print it. Fix build with LibreSSL Selva Nair (14): Check whether in pull_mode before warning about previous connection blocks Avoid illegal memory access when malformed data is read from the pipe Fix missing check for return value of malloc'd buffer Return NULL if GetAdaptersInfo fails Use RSA_meth_free instead of free Bring cryptoapi.c upto speed with openssl 1.1 Add SSL_CTX_get_max_proto_version() not in openssl 1.0 TLS v1.2 support for cryptoapicert -- RSA only Refactor get_interface_metric to return metric and auto flag separately Ensure strings read from registry are null-terminated Make most registry values optional Use lowest metric interface when multiple interfaces match a route Adapt to RegGetValue brokenness in Windows 7 Fix format spec errors in Windows builds Simon Rozman (11): Local functions are not supported in MSVC. Bummer. Mixing wide and regular strings in concatenations is not allowed in MSVC. RtlIpv6AddressToStringW() and RtlIpv4AddressToStringW() require mstcpip.h Simplify iphlpapi.dll API calls Fix local #include to use quoted form Document ">PASSWORD:Auth-Token" real-time message Fix typo in "verb" command examples Uniform swprintf() across MinGW and MSVC compilers MSVC meta files added to .gitignore list openvpnserv: Add support for multi-instances Document missing OpenVPN states Steffan Karger (21): make struct key * argument of init_key_ctx const buffer_list_aggregate_separator(): add unit tests Add --tls-cert-profile option. Use P_DATA_V2 for server->client packets too Fix memory leak in buffer unit tests buffer_list_aggregate_separator(): update list size after aggregating buffer_list_aggregate_separator(): don't exceed max_len buffer_list_aggregate_separator(): prevent 0-byte malloc Fix types around buffer_list_push(_data) ssl_openssl: fix compiler warning by removing getbio() wrapper travis: use clang's -fsanitize=address to catch more bugs Fix --tls-version-min and --tls-version-max for OpenSSL 1.1+ Add support for TLS 1.3 in --tls-version-{min, max} Plug memory leak if push is interrupted Fix format errors when cross-compiling for Windows Log pre-handshake packet drops using D_MULTI_DROPPED Enable stricter compiler warnings by default Get rid of ax_check_compile_flag.m4 mbedtls: don't use API deprecated in mbed 2.7 Warn if tls-version-max < tls-version-min Don't throw fatal errors from create_temp_file() hashiz (1): Fix '--bind ipv6only'
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users