OpenVPN Change Log
Copyright (C) 2002-2016 OpenVPN Technologies, Inc. <sales@openvpn.net>
+2016.11.24 -- Version 2.4_beta2
+Arne Schwabe (5):
+ Document that tls-crypt also supports inline
+ Fix warning that RAND_bytes is undeclared
+ Remove compat-stdbool.h.
+ Fix various compiler warnings
+ Handle DNS6 option on Android
+
+David Sommerseth (2):
+ Changes.rst: Fixing wrong formatting
+ Document the --auth-token option
+
+Gert Doering (2):
+ Remove remaining traces of compat-stdbool.h
+ Stub implementation of "--dhcp-option DNS6 <v6addr>"
+
+Selva Nair (3):
+ Do not set ipv6 address if '--ip-win32 manual' is used
+ Handle --dhcp-option DNS6 on Windows using netsh
+ Set IPv6 DNS servers using interactive service
+
+Steffan Karger (6):
+ multi_process_float: revert part of c14c4a9e
+ --tls-crypt fixes
+ Change cmocka remote to use https in stead of git protocol
+ generate_key_expansion: make assumption explicit, use C99 features
+ Poor man's NCP for non-NCP peers
+ Refactor data channel key generation API
+
+
2016.11.17 -- Version 2.4_beta1
Arne Schwabe (1):
Make Changes.rst nicer for 2.4 release
to use that cipher. Data channel cipher negotiation can be controlled
using ``--ncp-ciphers`` and ``--ncp-disable``.
+ A more limited version also works in client-to-server and server-to-client
+ scenarios where one of the end points uses a v2.4 client or server and the
+ other side uses an older version. In such scenarios the v2.4 side will
+ change to the ``--cipher`` set by the remote side, if permitted by by
+ ``--ncp-ciphers``. For example, a v2.4 client with ``--cipher BF-CBC``
+ and ``ncp-ciphers AES-256-GCM:AES-256-CBC`` can connect to both a v2.3
+ server with ``cipher BF-CBC`` as well as a server with
+ ``cipher AES-256-CBC`` in its config. The other way around, a v2.3 client
+ with either ``cipher BF-CBC`` or ``cipher AES-256-CBC`` can connect to a
+ v2.4 server with e.g. ``cipher BF-CBC`` and
+ ``ncp-ciphers AES-256-GCM:AES-256-CBC`` in its config. For this to work
+ it requires that OpenVPN was built without disabling OCC support.
+
AEAD (GCM) data channel cipher support
The data channel now supports AEAD ciphers (currently only GCM). The AEAD
packet format has a smaller overhead than the CBC packet format, (e.g. 20
Instead of only using the first address of each ``--remote`` OpenVPN
will now try all addresses (IPv6 and IPv4) of a ``--remote`` entry.
+Support for providing IPv6 DNS servers
+ A new DHCP sub-options ``DNS6`` is added alongside with the already existing
+ ``DNS`` sub-option. This is used to provide DNS resolvers available over
+ IPv6. This will be pushed to clients and `` --up`` scripts and ``--plugin``
+ can act upon it through the ``foreign_option_<n>`` environment variables.
+
+ Support for the Windows client picking up this new sub-option is added,
+ however IPv6 DNS resolvers needs to be configured via ``netsh`` which requires
+ administrator privileges if the new interactive services on Windows is not
+ being used. If the interactive services is used, this service will execute
+ ``netsh`` in the background with the proper privileges.
+
New improved Windows Background service
The new OpenVPNService is based on openvpnserv2, a complete rewrite of the OpenVPN
service wrapper. It is intended for launching OpenVPN instances that should be
define([PRODUCT_TARNAME], [openvpn])
define([PRODUCT_VERSION_MAJOR], [2])
define([PRODUCT_VERSION_MINOR], [4])
-define([PRODUCT_VERSION_PATCH], [_beta1])
+define([PRODUCT_VERSION_PATCH], [_beta2])
m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MAJOR])
m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MINOR], [[.]])
m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_PATCH], [[]])
projects / thirdparty / openvpn.git / commitdiff
