First release of the 2.6 series.
Release announcement excerpt:
--8<--
The OpenVPN community project team is proud to release OpenVPN 2.6.0.
This is the new stable version of OpenVPN with some major new features.
Changes since RC2:
* Various bugfixes, see https://github.com/OpenVPN/openvpn/blob/v2.6.0/Changes.rst
Windows MSI changes since RC2:
* Included openvpn-gui updated to 11.36.0.0. See https://github.com/OpenVPN/openvpn-gui/blob/v11.36.0.0/CHANGES.rst.
* DCO driver is now included as a installer module (msm) so that other products (like OpenVPN Connect) can share the DCO installation.
Some highlights of 2.6.0 are:
* Data Channel Offload (DCO) kernel acceleration support for Windows, Linux, and FreeBSD.
* OpenSSL 3 support, which is now the default on Windows.
* Improved handling of tunnel MTU, including support for pushable MTU.
* Outdated cryptographic algorithms disabled by default, but there are options to override
if necessary.
* Reworked TLS handshake, making OpenVPN immune to replay-packet state exhaustion attacks.
* Added --peer-fingerprint mode for a more simplistic certificate setup and verification.
* Added Pre-Logon Access Provider support to OpenVPN GUI for Windows.
* Improved protocol negotiation, leading to faster connection setup.
More details can be found in the Changes document:
<https://github.com/OpenVPN/openvpn/blob/release/2.6/Changes.rst>
(The Changes document also contains a section with work-arounds for
common problems encountered when using OpenVPN with OpenSSL 3)
Source code and Windows installers can be downloaded from our download page:
<https://community.openvpn.net/openvpn/wiki/Downloads>
(The Windows installers use OpenSSL 3 now)
(The Community Downloads page on openvpn.net
<https://openvpn.net/community-downloads/>
will probably be updated tomorrow).
-->8--
Obviously the DCO support didn't magically pop up in our kernel. Even
though it would improve performance and there's a FreeBSD driver to
import/adapt, I'm not sure there's room in our GENERIC kernel for such
kind of driver.
LibreSSL related: many detection tests were dropped, which leads to no
fallout.
Build-tested on sparc64, client runtime tested on amd64. Tests and
feedback welcome, especially if you run a server.
Index: Makefile
===================================================================
RCS file: /home/cvs/ports/net/openvpn/Makefile,v
retrieving revision 1.114
diff -u -p -r1.114 Makefile
--- Makefile 8 Nov 2022 11:16:59 -0000 1.114
+++ Makefile 26 Jan 2023 08:30:08 -0000
@@ -1,7 +1,6 @@
COMMENT= easy-to-use, robust, and highly configurable VPN
-DISTNAME= openvpn-2.5.8
-REVISION= 0
+DISTNAME= openvpn-2.6.0
CATEGORIES= net security
Index: distinfo
===================================================================
RCS file: /home/cvs/ports/net/openvpn/distinfo,v
retrieving revision 1.53
diff -u -p -r1.53 distinfo
--- distinfo 6 Nov 2022 17:18:01 -0000 1.53
+++ distinfo 26 Jan 2023 08:30:12 -0000
@@ -1,2 +1,2 @@
-SHA256 (openvpn-2.5.8.tar.gz) = pvMVtyMdRFJ+ZZAf9kb4fX8HhiyH8zUx2qEJ+0jFPbI=
-SIZE (openvpn-2.5.8.tar.gz) = 1875551
+SHA256 (openvpn-2.6.0.tar.gz) = 6+yTMmPJhQ72984SXi8iIUvmCxy7jM/xiJJkP+CDro8=
+SIZE (openvpn-2.6.0.tar.gz) = 1840792
Index: patches/patch-configure
===================================================================
RCS file: /home/cvs/ports/net/openvpn/patches/patch-configure,v
retrieving revision 1.29
diff -u -p -r1.29 patch-configure
--- patches/patch-configure 6 Nov 2022 17:18:01 -0000 1.29
+++ patches/patch-configure 26 Jan 2023 09:51:18 -0000
@@ -1,7 +1,7 @@
Index: configure
--- configure.orig
+++ configure
-@@ -19809,7 +19809,7 @@ else
+@@ -19303,7 +19303,7 @@ else
fi
Index: patches/patch-include_Makefile_in
===================================================================
RCS file: /home/cvs/ports/net/openvpn/patches/patch-include_Makefile_in,v
retrieving revision 1.14
diff -u -p -r1.14 patch-include_Makefile_in
--- patches/patch-include_Makefile_in 6 Nov 2022 17:18:01 -0000 1.14
+++ patches/patch-include_Makefile_in 26 Jan 2023 09:51:18 -0000
@@ -1,7 +1,7 @@
Index: include/Makefile.in
--- include/Makefile.in.orig
+++ include/Makefile.in
-@@ -340,7 +340,7 @@ host_cpu = @host_cpu@
+@@ -346,7 +346,7 @@ host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
Index: patches/patch-sample_sample-config-files_client_conf
===================================================================
RCS file: /home/cvs/ports/net/openvpn/patches/patch-sample_sample-config-files_client_conf,v
retrieving revision 1.2
diff -u -p -r1.2 patch-sample_sample-config-files_client_conf
--- patches/patch-sample_sample-config-files_client_conf 10 Mar 2022 00:04:07 -0000 1.2
+++ patches/patch-sample_sample-config-files_client_conf 26 Jan 2023 09:51:18 -0000
@@ -1,11 +1,12 @@
---- sample/sample-config-files/client.conf.orig Mon Sep 10 17:01:08 2012
-+++ sample/sample-config-files/client.conf Thu Mar 7 14:02:35 2013
+Index: sample/sample-config-files/client.conf
+--- sample/sample-config-files/client.conf.orig
++++ sample/sample-config-files/client.conf
@@ -58,8 +58,8 @@ resolv-retry infinite
nobind
# Downgrade privileges after initialization (non-Windows only)
--;user nobody
--;group nobody
+-;user openvpn
+-;group openvpn
+user _openvpn
+group _openvpn
Index: patches/patch-sample_sample-config-files_server_conf
===================================================================
RCS file: /home/cvs/ports/net/openvpn/patches/patch-sample_sample-config-files_server_conf,v
retrieving revision 1.5
diff -u -p -r1.5 patch-sample_sample-config-files_server_conf
--- patches/patch-sample_sample-config-files_server_conf 10 Mar 2022 00:04:07 -0000 1.5
+++ patches/patch-sample_sample-config-files_server_conf 26 Jan 2023 09:51:18 -0000
@@ -1,11 +1,12 @@
---- sample/sample-config-files/server.conf.orig Thu Nov 3 09:52:28 2016
-+++ sample/sample-config-files/server.conf Fri Nov 18 17:49:59 2016
+Index: sample/sample-config-files/server.conf
+--- sample/sample-config-files/server.conf.orig
++++ sample/sample-config-files/server.conf
@@ -271,8 +271,8 @@ cipher AES-256-CBC
#
- # You can uncomment this out on
- # non-Windows systems.
--;user nobody
--;group nobody
+ # You can uncomment this on non-Windows
+ # systems after creating a dedicated user.
+-;user openvpn
+-;group openvpn
+user _openvpn
+group _openvpn
Index: patches/patch-sample_sample-config-files_tls-home_conf
===================================================================
RCS file: /home/cvs/ports/net/openvpn/patches/patch-sample_sample-config-files_tls-home_conf,v
retrieving revision 1.3
diff -u -p -r1.3 patch-sample_sample-config-files_tls-home_conf
--- patches/patch-sample_sample-config-files_tls-home_conf 10 Mar 2022 00:04:07 -0000 1.3
+++ patches/patch-sample_sample-config-files_tls-home_conf 26 Jan 2023 09:51:18 -0000
@@ -1,15 +1,12 @@
Index: sample/sample-config-files/tls-home.conf
--- sample/sample-config-files/tls-home.conf.orig
+++ sample/sample-config-files/tls-home.conf
-@@ -48,10 +48,10 @@ cipher AES-256-GCM
- ; port 1194
-
- # Downgrade UID and GID to
--# "nobody" after initialization
-+# "_openvpn" after initialization
+@@ -50,8 +50,8 @@ cipher AES-256-GCM
+ # Downgrade UID and GID to an
+ # unpriviledged user after initialization
# for extra security.
--; user nobody
--; group nobody
+-; user openvpn
+-; group openvpn
+user _openvpn
+group _openvpn
Index: patches/patch-sample_sample-config-files_tls-office_conf
===================================================================
RCS file: /home/cvs/ports/net/openvpn/patches/patch-sample_sample-config-files_tls-office_conf,v
retrieving revision 1.3
diff -u -p -r1.3 patch-sample_sample-config-files_tls-office_conf
--- patches/patch-sample_sample-config-files_tls-office_conf 10 Mar 2022 00:04:07 -0000 1.3
+++ patches/patch-sample_sample-config-files_tls-office_conf 26 Jan 2023 09:51:18 -0000
@@ -1,15 +1,12 @@
Index: sample/sample-config-files/tls-office.conf
--- sample/sample-config-files/tls-office.conf.orig
+++ sample/sample-config-files/tls-office.conf
-@@ -51,10 +51,10 @@ cipher AES-256-GCM
- ; port 1194
-
- # Downgrade UID and GID to
--# "nobody" after initialization
-+# "_openvpn" after initialization
+@@ -53,8 +53,8 @@ cipher AES-256-GCM
+ # Downgrade UID and GID to an
+ # unpriviledged user after initialization
# for extra security.
--; user nobody
--; group nobody
+-; user openvpn
+-; group openvpn
+user _openvpn
+group _openvpn
Index: patches/patch-sample_sample-config-files_xinetd-client-config
===================================================================
RCS file: patches/patch-sample_sample-config-files_xinetd-client-config
diff -N patches/patch-sample_sample-config-files_xinetd-client-config
--- patches/patch-sample_sample-config-files_xinetd-client-config 10 Mar 2022 00:04:07 -0000 1.2
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,10 +0,0 @@
---- sample/sample-config-files/xinetd-client-config.orig Mon Sep 10 17:01:08 2012
-+++ sample/sample-config-files/xinetd-client-config Thu Mar 7 14:02:35 2013
-@@ -6,6 +6,6 @@ dev tun
- ifconfig 10.4.0.1 10.4.0.2
- remote my-server
- port 1194
--user nobody
-+user _openvpn
- secret /root/openvpn/key
- inactive 600
Index: patches/patch-sample_sample-config-files_xinetd-server-config
===================================================================
RCS file: patches/patch-sample_sample-config-files_xinetd-server-config
diff -N patches/patch-sample_sample-config-files_xinetd-server-config
--- patches/patch-sample_sample-config-files_xinetd-server-config 10 Mar 2022 00:04:07 -0000 1.2
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,9 +0,0 @@
---- sample/sample-config-files/xinetd-server-config.orig Mon Sep 10 17:01:08 2012
-+++ sample/sample-config-files/xinetd-server-config Thu Mar 7 14:02:35 2013
-@@ -21,5 +21,5 @@ service openvpn_1
- wait = yes
- user = root
- server = /root/openvpn/openvpn
-- server_args = --inetd --dev tun --ifconfig 10.4.0.2 10.4.0.1 --secret /root/openvpn/key --inactive 600 --user nobody
-+ server_args = --inetd --dev tun --ifconfig 10.4.0.2 10.4.0.1 --secret /root/openvpn/key --inactive 600 --user _openvpn
- }
Index: patches/patch-src_openvpn_route_c
===================================================================
RCS file: /home/cvs/ports/net/openvpn/patches/patch-src_openvpn_route_c,v
retrieving revision 1.17
diff -u -p -r1.17 patch-src_openvpn_route_c
--- patches/patch-src_openvpn_route_c 10 Mar 2022 00:04:07 -0000 1.17
+++ patches/patch-src_openvpn_route_c 26 Jan 2023 09:51:18 -0000
@@ -5,7 +5,7 @@
Index: src/openvpn/route.c
--- src/openvpn/route.c.orig
+++ src/openvpn/route.c
-@@ -1809,12 +1809,17 @@ add_route(struct route_ipv4 *r,
+@@ -1815,12 +1815,17 @@ add_route(struct route_ipv4 *r,
}
No comments:
Post a Comment