OpenVPN ChangeLog
Copyright (C) 2002-2025 OpenVPN Inc <sales@openvpn.net>
+2025.10.13 -- Version 2.7_beta3
+
+Arne Schwabe (2):
+ Allowing installing FreeBSD routes with interface instead of next-hop
+ Allow route_ipv6_match_host to be used outside of route.c
+
+Frank Lichtenheld (33):
+ GHA: Dependency updates September 2025
+ comp-lz4: Fix types in call to LZ4_decompress_safe
+ dco_win: In dco_new_key, document size assumptions for the integer casts
+ dco_linux: Fix -Wconversion warnings
+ ssl_openssl: Use uint16_t internally for TLS versions
+ dco: Change sd argument to dco_new_peer from int to socket_descriptor_t
+ crypto_epoch: Clean up type handling in ovpn_expand_label()
+ route: Fix a unused-but-set-variable warning on OpenBSD
+ platform: Do not assume uid_t/gid_t are signed
+ mtu: Trivial -Wconversion fix
+ Review CMocka assertion usage
+ dhcp: Fix conversion warnings
+ COPYING: Remove licenses for software bundled in the Windows client
+ sitnl: Clean up type handling
+ options: Factor out parsing code to separate options_parse.c
+ unit_tests: Remove useless wrapping for argv/buffer tests
+ crypto: Make some casts to int explicit
+ test_options_parse: Start new UT for options_parse.c
+ buffer: Fix buf_parse eating input
+ test_options_parse: Add test for read_config_string
+ vlan: Remove -Wconversion override
+ GHA: Run options_parse test for MinGW
+ test_options_parse: Do not use uintmax_t instead of LargestIntegralType
+ proto: Clean up conversion warnings related to checksum macros
+ test_options_parse: Remove --wrap
+ lzo: Fix conversion warning
+ options_util: Fix conversion warning in atoi_constrained
+ options: Review use of positive_atoi vs atoi_constrained
+ console: Simplify query_user_add interface
+ socks: Fix conversion warnings with MinGW
+ Move build_dhcp_options_string from tun to dhcp
+ dhcp: Replace DHCP Option types with defines
+ test_user_pass: Check fatal errors for empty username/password
+
+Lev Stipakov (4):
+ dco-win: fix broken ASSERT in dco_new_key
+ dco-win: support for epoch data channel
+ Preserve ifconfig(_ipv6)_local across reconnect
+ Make recursive routing check more fine-grained
+
+Marco Baffo (4):
+ PUSH_UPDATE: disabling PUSH_UPDATE server and client if DCO is enabled
+ PUSH_UPDATE server: bug-fix, reset buffer after processing
+ PUSH_UPDATE server: check IV_PROTO before sending the message to the client
+ redirect-gateway: only redirect traffic through TUN if address families match
+
+Selva Nair (1):
+ Fix PIN cache time in test_pkcs11.c
+
+Steffan Karger (1):
+ Document that tls-crypt-v2 can be used in connection profile
+
+
2025.09.25 -- Version 2.7_beta2
Antonio Quartulli (1):
- IV constructed with XOR instead of concatenation to not have (parts) of
the real IV on the wire
+Support for Epoch data channel on Windows, using the win-dco driver (2.8.0+)
+
Default ciphers in ``--data-ciphers``
Ciphers in ``--data-ciphers`` can contain the string DEFAULT that is
replaced by the default ciphers used by OpenVPN, making it easier to
currently only supported by OpenVPN Inc commercial offerings, the
implementation for OpenVPN 2.x is still under development.
See also: https://openvpn.github.io/openvpn-rfc/openvpn-wire-protocol.html
+ NOTE: PUSH_UPDATE client support is currently disabled if DCO
+ is active (on all platforms).
PUSH_UPDATE server support (minimal)
new management interface commands ``push-update-broad`` and
clients ("there is a new DNS server") or only a specific client ID
("privileges have changed, here's a new IP address"). See
doc/management-notes.txt
+ NOTE: PUSH_UPDATE server support is currently disabled if DCO
+ is active (on all platforms).
Support for user-defined routing tables on Linux
see the ``--route-table`` option in the manpage
Improved logging of service events/errors to event log on Windows.
+"Recursive Routing" check is now more granular, and will only drop
+ packets-in-tunnel if destination IP, protocol and port matches with
+ those needed to reach the VPN server. With that change, you can now
+ use policies that direct "everything that is not OpenVPN" into the
+ tunnel, and have IP packets to the VPN server address arrive as
+ expected (no such policies are currently installed by OpenVPN)
+ (github #669).
+
+COPYING: license details only relevant to our Windows installers have
+ been updated and moved to the openvpn-build repo
+
Deprecated features
-------------------
use from "ifconfig", this change repairs functionality (this has
been backported to 2.6.15, but is not in earlier 2.6 versions).
+- `max-routes-per-client 0` used to be silently upgraded to `1`. This
+ now produces an error.
+
+- `ifconfig` and `ifconfig-ipv6` values are now stored in pre-connect
+ options cache, and will be restored to pre-connect values on reconnects
+ if the server stops pushing the respective option.
+
Overview of changes in 2.6
==========================
define([PRODUCT_TARNAME], [openvpn])
define([PRODUCT_VERSION_MAJOR], [2])
define([PRODUCT_VERSION_MINOR], [7])
-define([PRODUCT_VERSION_PATCH], [_beta2])
+define([PRODUCT_VERSION_PATCH], [_beta3])
m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MAJOR])
m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MINOR], [[.]])
m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_PATCH], [[]])
projects / thirdparty / openvpn.git / commitdiff
