It fixes two related security vulnerabilities (CVE-2020-15078) which under very specific circumstances allow tricking a server using delayed authentication (plugin or management) into returning a PUSH_REPLY before the AUTH_FAILED message, which can possibly be used to gather information about a VPN setup. The OpenVPN community project team is proud to release OpenVPN 2.4.11. Installer I604 fixes some small Windows issues. Installer version I603 fixes a bug in the version number as seen by Windows (was 2.5.4, not 2.5.4). Installer version I602 fixes loading of pkcs11 files on Windows. The latter includes several improvements, the most important of which is the ability to import profiles from URLs where available. Windows installers include updated OpenSSL and new OpenVPN GUI. Windows executable and libraries are now built natively on Windows using MSVC, not cross-compiled on Linux as with earlier 2.5 releases. One of the fixes is to password prompting on windows console when stderr redirection is in use - this breaks 2.5.x on Win11/ARM, and might also break on Win11/amd64. This release include a number of fixes and small improvements. The OpenVPN community project team is proud to release OpenVPN 2.5.4. Updated easy-rsa3 bundled with the installer on Windows.Included openvpn-gui updated to 11.37.0.0.Improved protocol negotiation, leading to faster connection setup.Added Pre-Logon Access Provider support to OpenVPN GUI for Windows.Added -peer-fingerprint mode for a more simplistic certificate setup and verification.Reworked TLS handshake, making OpenVPN immune to replay-packet state exhaustion attacks.Outdated cryptographic algorithms disabled by default, but there are options to override if necessary.Improved handling of tunnel MTU, including support for pushable MTU.Data Channel Offload (DCO) kernel acceleration support for Windows, Linux, and FreeBSD.New features and improvements in 2.6.0 compared to 2.5.8: The Changes document also contains a section with workarounds for common problems encountered when using OpenVPN with OpenSSL 3. This is a new stable release with some major new features. The OpenVPN community project team is proud to release OpenVPN 2.6.0. Update included ovpn-dco-win driver to 0.9.2.On Linux this brings in a new default dependency for libnl-genl (for Linux distributions that are too old to have a suitable version of the library, use "configure -disable-dco") Note: configure now enables DCO build by default on FreeBSD and Linux. "-cryptoapicert ISSUER:" where is matched as a substring of the issuer (CA) name in the certificate. Certificate selection string can now specify a partial issuer name string as CryptoAPI (Windows): support issuer name as a selector.This ensure that only the previously authenticated peer can do trigger renegotiation and complete renegotiations. Dynamic TLS Crypt: When both peers are OpenVPN 2.6.1+, OpenVPN will dynamically create a tls-crypt key that is used for renegotiation.This is mostly a bugfix release with some improvements. The OpenVPN community project team is proud to release OpenVPN 2.6.1.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |