https://github.com/OpenVPN/openvpn/releases/tag/v2.7.0
Servers keep working fine, just like they did with the RC diffs I tested.
I'm happy to see the multi-socket support land, which is great for dual-stack.
On OpenBSD clients I noticed it now messes with resolv.conf, i.e. duplicate
lines show up. Easiest way seems to disable the hook by default (until
someone makes it use route(8) nameserver, I guess).
patches/ hunks are just churn.
Feedback? OK?
Index: Makefile
===================================================================
RCS file: /cvs/ports/net/openvpn/Makefile,v
diff -u -p -r1.140 Makefile
--- Makefile 11 Feb 2026 17:57:54 -0000 1.140
+++ Makefile 11 Feb 2026 23:29:17 -0000
@@ -1,6 +1,6 @@
COMMENT= easy-to-use, robust, and highly configurable VPN
-DISTNAME= openvpn-2.6.19
+DISTNAME= openvpn-2.7.0
CATEGORIES= net security
@@ -25,7 +25,8 @@ CONFIGURE_STYLE= gnu
CONFIGURE_ENV= CPPFLAGS="-I${LOCALBASE}/include" \
LDFLAGS="-L${LOCALBASE}/lib ${LDFLAGS}"
-CONFIGURE_ARGS+=--with-openssl-engine=no
+CONFIGURE_ARGS= --disable-dns-updown-by-default \
+ --with-openssl-engine=no
DEBUG_PACKAGES= ${BUILD_PACKAGES}
Index: distinfo
===================================================================
RCS file: /cvs/ports/net/openvpn/distinfo,v
diff -u -p -r1.71 distinfo
--- distinfo 11 Feb 2026 17:57:54 -0000 1.71
+++ distinfo 11 Feb 2026 23:29:17 -0000
@@ -1,2 +1,2 @@
-SHA256 (openvpn-2.6.19.tar.gz) = E3AlJvaHwYslQMGj8uGJGHuqplIR7c9/9ncvpp8FNs8=
-SIZE (openvpn-2.6.19.tar.gz) = 1926557
+SHA256 (openvpn-2.7.0.tar.gz) = Lw4Q6ycr5h6Psl/hz6IIdf8wrIV+8UGAAMAikL1t+kU=
+SIZE (openvpn-2.7.0.tar.gz) = 2083303
Index: patches/patch-configure
===================================================================
RCS file: /cvs/ports/net/openvpn/patches/patch-configure,v
diff -u -p -r1.41 patch-configure
--- patches/patch-configure 11 Feb 2026 17:57:54 -0000 1.41
+++ patches/patch-configure 11 Feb 2026 23:29:17 -0000
@@ -1,7 +1,7 @@
Index: configure
--- configure.orig
+++ configure
-@@ -19784,7 +19784,7 @@ else
+@@ -19946,7 +19946,7 @@ else
fi
Index: patches/patch-include_Makefile_in
===================================================================
RCS file: /cvs/ports/net/openvpn/patches/patch-include_Makefile_in,v
diff -u -p -r1.25 patch-include_Makefile_in
--- patches/patch-include_Makefile_in 11 Feb 2026 17:57:54 -0000 1.25
+++ patches/patch-include_Makefile_in 11 Feb 2026 23:29:17 -0000
@@ -1,7 +1,7 @@
Index: include/Makefile.in
--- include/Makefile.in.orig
+++ include/Makefile.in
-@@ -349,7 +349,7 @@ host_cpu = @host_cpu@
+@@ -359,7 +359,7 @@ host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
Index: patches/patch-sample_sample-config-files_client_conf
===================================================================
RCS file: /cvs/ports/net/openvpn/patches/patch-sample_sample-config-files_client_conf,v
diff -u -p -r1.3 patch-sample_sample-config-files_client_conf
--- patches/patch-sample_sample-config-files_client_conf 29 Jan 2023 12:06:09 -0000 1.3
+++ patches/patch-sample_sample-config-files_client_conf 11 Feb 2026 23:29:17 -0000
@@ -11,4 +11,4 @@ Index: sample/sample-config-files/client
+group _openvpn
# Try to preserve some state across restarts.
- persist-key
+ persist-tun
Index: patches/patch-sample_sample-config-files_server_conf
===================================================================
RCS file: /cvs/ports/net/openvpn/patches/patch-sample_sample-config-files_server_conf,v
diff -u -p -r1.8 patch-sample_sample-config-files_server_conf
--- patches/patch-sample_sample-config-files_server_conf 24 Sep 2025 17:00:29 -0000 1.8
+++ patches/patch-sample_sample-config-files_server_conf 11 Feb 2026 23:29:17 -0000
@@ -10,5 +10,5 @@ Index: sample/sample-config-files/server
+user _openvpn
+group _openvpn
- # The persist options will try to avoid
+ # The persist option will try to avoid
# accessing certain resources on restart
Index: patches/patch-src_openvpn_route_c
===================================================================
RCS file: /cvs/ports/net/openvpn/patches/patch-src_openvpn_route_c,v
diff -u -p -r1.22 patch-src_openvpn_route_c
--- patches/patch-src_openvpn_route_c 16 Jan 2025 22:40:32 -0000 1.22
+++ patches/patch-src_openvpn_route_c 11 Feb 2026 23:29:17 -0000
@@ -3,7 +3,7 @@
Index: src/openvpn/route.c
--- src/openvpn/route.c.orig
+++ src/openvpn/route.c
-@@ -1548,7 +1548,7 @@ local_route(in_addr_t network,
+@@ -1468,7 +1468,7 @@ local_route(in_addr_t network, in_addr_t netmask, in_a
/* Return true if the "on-link" form of the route should be used. This is when the gateway for
* a route is specified as an interface rather than an address. */
@@ -12,24 +12,21 @@ Index: src/openvpn/route.c
static inline bool
is_on_link(const int is_local_route, const unsigned int flags, const struct route_gateway_info *rgi)
{
-@@ -1820,12 +1820,17 @@ add_route(struct route_ipv4 *r,
+@@ -1713,9 +1713,15 @@ add_route(struct route_ipv4 *r, const struct tuntap *t
}
No comments:
Post a Comment