[Openvpn-devel] OpenVPN 2.7_alpha1 released

The OpenVPN community project team is proud to release OpenVPN 2.7_alpha1. This is the first Alpha release for the feature release 2.7.0. As the "Alpha" name implies this is an early release build, this is not intended for production use. Highlights of this release include: * Multi-socket support

[Openvpn-devel] OpenVPN 3 Linux v24.1 released

OpenVPN 3 Linux v24 (Bugfix/security release) The v24.1 release is a small security and bugfix release. * Security: CVE-2025-3908 - openvpn3-admin init-config follows symlink Wolfgang Frisch from the SUSE security team reach out and notified us of a potential issue with the openvpn3-admin ini

[Openvpn-devel] OpenVPN 2.6.14 released

The OpenVPN community project team is proud to release OpenVPN 2.6.14. This is a bugfix release containing one security fix. Security fixes: * CVE-2025-2704: fix possible ASSERT() on OpenVPN servers using --tls-crypt-v2 Security scope: OpenVPN servers between 2.6.1 and 2.6.13 using --tls-cryp

[Openvpn-devel] OpenVPN 2.6.13 released

The OpenVPN community project team is proud to release OpenVPN 2.6.13. This is a bugfix release. Feature changes: * on non-windows clients (MacOS, Linux, Unix) send "release" string from uname() call as IV_PLAT_VER to server - while highly OS specific this is still helpful to keep track of O

[Openvpn-devel] OpenVPN 3 Linux v24 released

OpenVPN 3 Linux v24 (Stable release) The v24 release is another stable release. This resolves issues reported in several earlier releases and improves OpenVPN 3 Linux in several areas. * Improvement: Add --dns option support DNS resolver settings has been troublesome for many years, since

[Openvpn-devel] OpenVPN 3 Linux v23 released

OpenVPN 3 Linux v23 (Stable release) The v23 release is stable release which expands the distribution target since v22_dev was released. The goal for this step was to stabilize the codebase which was migrated to GDBus++ and the new Meson building system. The next release (v24) will also be a st

[Openvpn-devel] OpenVPN 2.6.12 released

The OpenVPN community project team is proud to release OpenVPN 2.6.12. This is a bugfix release. Bug fixes: * the fix for CVE-2024-5594 (refuse control channel messages with nonprintable characters) was too strict, breaking user configurations with AUTH_FAIL messages having trailing CR/NL ch

[Openvpn-devel] OpenVPN 2.6.11 released

The OpenVPN community project team is proud to release OpenVPN 2.6.11. This is a bugfix release containing several security fixes. Security fixes: * CVE-2024-4877: Windows: harden interactive service pipe. Security scope: a malicious process with "some" elevated privileges (SeImpersonatePriv

[Openvpn-devel] OpenVPN 3 Linux v22_dev released

OpenVPN 3 Linux v22_dev (Limited Release) This is a limited release primarily targeting Fedora 39 and newer plus Ubuntu 24.04. Other Linux distributions shipping glib2 version 2.76 or newer will also benefit from this release. This release contains a massive re-factoring of the D-Bus integrat

[Openvpn-devel] OpenVPN 2.6.10 released

The OpenVPN community project team is proud to release OpenVPN 2.6.10. This is a bugfix release containing several security fixes for Windows and Windows TAP driver and documentation updates. Security fixes: * CVE-2024-27459: Windows: fix a possible stack overflow in the interactive service co

[Openvpn-devel] OpenVPN 2.6.9 released

The OpenVPN community project team is proud to release OpenVPN 2.6.9. This is a bugfix release containing one security fix for the Windows installer. Security fixes: * Windows Installer: fix ​CVE-2023-7235 where installing to a non-default directory could lead to a local privilege escalation.

Re: [Openvpn-devel] OpenVPN data channel format using 64bit IV

- add protocol-flag aead-packet-format-v2 This signals the client to switch to the new data channel format. And finally have the data channel format. Since this format is negotiated like the cipher, there is no need to use another opcode if keep the peer id to just 24 bit. But we might want t

Re: [Openvpn-devel] [Openvpn-users] OpenVPN and outside clients

Hi, On 03/01/2024 09:14, Peter Davis wrote: Hello, I changed the IP address in the client configuration file, but I can't connect to the server. I got the following error: Wed Jan 3 10:32:32 2024 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivit

Re: [Openvpn-devel] OpenVPN data channel format using 64bit IV

Hi, I've been just lurking for a while, but you've managed to nerd-snipe me in responding. On 11-12-2023 13:31, Arne Schwabe wrote: with DCO and possible future hardware assisted OpenVPN acceleration we are approaching the point where 32 bit IVs are not cutting it any more. Agreed. Though t

[Openvpn-devel] OpenVPN data channel format using 64bit IV

Hey, with DCO and possible future hardware assisted OpenVPN acceleration we are approaching the point where 32 bit IVs are not cutting it any more. To illustrate the problem, some back of the envelope math here: If we want to keep the current 3600s renogotiation interval and have a safety m

Re: [Openvpn-devel] [Openvpn-Devel] [PATCH] vcpkg-ports/pkcs11-helper: bump to version 1.30

On Mon, Dec 04, 2023 at 04:33:45PM +0100, Marc Becker via Openvpn-devel wrote: > update metadata references for pkcs11-helper v1.30 > remove local patches incorporated in new upstream > --- > .../Fix-build-with-disable-shared.patch | 48 > ...cs11-helper-002-dynamic_loader_flags.pa

[Openvpn-devel] [Openvpn-Devel] [PATCH] vcpkg-ports/pkcs11-helper: bump to version 1.30

update metadata references for pkcs11-helper v1.30 remove local patches incorporated in new upstream --- .../Fix-build-with-disable-shared.patch | 48 ...cs11-helper-002-dynamic_loader_flags.patch | 104 -- .../vcpkg-ports/pkcs11-helper/portfile.cmake | 6 +- con

[Openvpn-devel] OpenVPN 2.6.8 released

The OpenVPN community project team is proud to release OpenVPN 2.6.8. This is a small bugfix release fixing a few regressions in 2.6.7 release. User visible changes: * Windows: print warning if pushed options require DHCP (e.g. DOMAIN-SEARCH) and driver in use does not use DHCP (wintun, dco).

Re: [Openvpn-devel] OpenVPN 2.6.7 released

14.11.2023 11:05, Gert Doering пишет: Hi, On Sun, Nov 12, 2023 at 06:08:48PM +, Greg Cox wrote: Spun this config up, then ran: iptables -t nat -A PREROUTING -i eth0 -p tcp -m multiport --dports 443,80 -j REDIRECT --to-ports 1194 Within 5 minutes the random web scanners found and segfaulte

Re: [Openvpn-devel] OpenVPN 2.6.7 released

Hi, On Sun, Nov 12, 2023 at 06:08:48PM +, Greg Cox wrote: > Spun this config up, then ran: > > iptables -t nat -A PREROUTING -i eth0 -p tcp -m multiport --dports 443,80 > -j REDIRECT --to-ports 1194 > > Within 5 minutes the random web scanners found and segfaulted me. ... your port scanners

Re: [Openvpn-devel] OpenVPN 2.6.7 released

Hi, On Sun, Nov 12, 2023 at 07:22:45PM +0100, Gert Doering wrote: > (If you feel like debugging a bit more - could you compile an instance > without optimization, run from gdb, and when it segfaults print all > local variables of interest? i, j, ks, *ks, ks->send_reliable? We > got one variable

Re: [Openvpn-devel] OpenVPN 2.6.7 released

g...@greenie.muc.de > ___________ > Openvpn-devel mailing list > Openvpn-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-devel > ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] OpenVPN 2.6.7 released

Hi, On Sun, Nov 12, 2023 at 06:08:48PM +, Greg Cox wrote: > Spun this config up, then ran: > > iptables -t nat -A PREROUTING -i eth0 -p tcp -m multiport --dports 443,80 > -j REDIRECT --to-ports 1194 > > Within 5 minutes the random web scanners found and segfaulted me. This sounds promising.

Re: [Openvpn-devel] OpenVPN 2.6.7 released

Hi, On Fri, Nov 10, 2023 at 10:51:34AM +0100, Gert Doering wrote: > I'll see if I can reproduce this case here and we'll fix it ASAP. We couldn't reproduce it yet, but we have a crash dump in GH issue #449, which hints at the commit cd4d819c99266 getting this double-extra-check wrong. So if you

Re: [Openvpn-devel] OpenVPN 2.6.7 released

Hi, On Fri, Nov 10, 2023 at 12:25:22PM +0400, Dmitry Melekhov wrote: > btw, what I missed, openvpn dies: > > openvpn[11346]: segfault at 0 ip 55e33503f5f3 sp 7fff33642390 error > 4 in openvpn[55e334fc8000+8f000] > > but only  multipoint udp . This is bad (but very different from "it sto

Re: [Openvpn-devel] OpenVPN 2.6.7 released

btw, what I missed, openvpn dies: openvpn[11346]: segfault at 0 ip 55e33503f5f3 sp 7fff33642390 error 4 in openvpn[55e334fc8000+8f000] but only  multipoint udp . 10.11.2023 11:35, Dmitry Melekhov пишет: 10.11.2023 11:23, Gert Doering пишет: Hi, On Fri, Nov 10, 2023 at 11:19:58AM

Re: [Openvpn-devel] OpenVPN 2.6.7 released

10.11.2023 11:23, Gert Doering пишет: Hi, On Fri, Nov 10, 2023 at 11:19:58AM +0400, Dmitry Melekhov wrote: OK, now I know what is broken. I have so called multihomed server,  and multihomed udp does not work in 2.6.7. On server with only one external interface everything works OK. Are you us

Re: [Openvpn-devel] OpenVPN 2.6.7 released

Hi, On Fri, Nov 10, 2023 at 11:19:58AM +0400, Dmitry Melekhov wrote: > OK, now I know what is broken. > > I have so called multihomed server,  and multihomed udp does not work in > 2.6.7. > > On server with only one external interface everything works OK. Are you using --multihome in your confi

Re: [Openvpn-devel] OpenVPN 2.6.7 released

Hi, On Fri, Nov 10, 2023 at 10:21:35AM +0400, Dmitry Melekhov wrote: > 10.11.2023 00:56, Yuriy Darnobyt ??: > > The OpenVPN community project team is proud to release OpenVPN 2.6.7. > > something is broken in 2.6.7. it stops passing traffic after several seconds > after connection when ac

Re: [Openvpn-devel] OpenVPN 2.6.7 released

10.11.2023 10:21, Dmitry Melekhov пишет: 10.11.2023 00:56, Yuriy Darnobyt пишет: The OpenVPN community project team is proud to release OpenVPN 2.6.7. something is broken in 2.6.7. it stops passing traffic after several seconds after connection when acts as server, so I reverted it back to

Re: [Openvpn-devel] OpenVPN 2.6.7 released

10.11.2023 00:56, Yuriy Darnobyt пишет: The OpenVPN community project team is proud to release OpenVPN 2.6.7. something is broken in 2.6.7. it stops passing traffic after several seconds after connection when acts as server, so I reverted it back to 2.6.6. compiled from sources on ubuntu 2

[Openvpn-devel] OpenVPN 2.6.7 released

The OpenVPN community project team is proud to release OpenVPN 2.6.7. This is a bugfix release containing security fixes. Security Fixes: * CVE-2023-46850 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly use a send buffer after it has been free()d in some circumstances, causing some free()

[Openvpn-devel] OpenVPN 3 Linux v21 released

OpenVPN 3 Linux v21 (stable) This announcement comes a bit delayed as we have spent time ensuring brand new software package repositories for both .deb and .rpm packages are working properly. We have now introduced a set of repositories suitable for production environments. These new repositori

[Openvpn-devel] OpenVPN 2.6.6 released

The OpenVPN community project team is proud to release OpenVPN 2.6.6. This is a small bugfix release. User visible changes: * OCC exit messages are now logged more visibly. See GH ​#391. * OpenSSL error messages are now logged with more details (for example, when loading a provider fails, whic

Re: [Openvpn-devel] OpenVPN Linking Exception - current status report update July

ll be reimplemented. Arne ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel _______ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourcefo

Re: [Openvpn-devel] OpenVPN Linking Exception - current status report

On Wed, May 17, 2023 at 03:01:38PM +0200, Arne Schwabe wrote: > Am 15.02.23 um 13:31 schrieb David Sommerseth: > > > > OpenVPN 2.x is licensed under the GNU Public License v2.0 (GPL-2.0). > > This license has served us well in the past and we are not trying to > > change that.  However, changes in

[Openvpn-devel] OpenVPN 2.6.5 released

The OpenVPN community project team is proud to release OpenVPN 2.6.5. This is a small bugfix release. User visible changes: * tapctl (windows): generate driver-specific names (if using tapctl to create additional tap/wintun/dco devices, and not using --name). See GH ​#337. * interactive serv

Re: [Openvpn-devel] OpenVPN Linking Exception - current status report

Am 15.02.23 um 13:31 schrieb David Sommerseth: OpenVPN 2.x is licensed under the GNU Public License v2.0 (GPL-2.0). This license has served us well in the past and we are not trying to change that.  However, changes in licenses of our dependencies put us in an unfortunate situation. So a go

[Openvpn-devel] OpenVPN 2.6.4 released

The OpenVPN community project team is proud to release OpenVPN 2.6.4. This is a small bugfix release. Note: * License amendment: all NEW commits fall under a modified license that explicitly permits linking with Apache2 libraries (mbedTLS, OpenSSL). See COPYING for details. Existing code wi

Re: [Openvpn-devel] [Openvpn-users] auth-token-user/auth-token issue with "TLS Auth Error: username attempted to change"

Am 05.05.23 um 09:33 schrieb Gert Doering: Hi, On Fri, May 05, 2023 at 09:14:03AM +0200, Ralf Hildebrandt via Openvpn-users wrote: May 5 09:06:00 openvpn-gw170-int openvpn-udp[29574]: hildeb/10.31.192.115:55334 TLS Auth Error: username attempted to change from 'hildeb' to 'hildeb::1f047fb6'

Re: [Openvpn-devel] [Openvpn-users] auth-token-user/auth-token issue with "TLS Auth Error: username attempted to change"

Hi, On Fri, May 05, 2023 at 09:14:03AM +0200, Ralf Hildebrandt via Openvpn-users wrote: > May 5 09:06:00 openvpn-gw170-int openvpn-udp[29574]: > hildeb/10.31.192.115:55334 TLS Auth Error: username attempted to change from > 'hildeb' to 'hildeb::1f047fb6' -- tunnel disabled > May 5 09:06:00 op

[Openvpn-devel] OpenVPN 2.6.3 released

The OpenVPN community project team is proud to release OpenVPN 2.6.3. This is a small bugfix release. Feature changes: * Windows: support setting DNS domain in configurations without GUI and DHCP (typically wintun or windco drivers), see GH ​openvpn#306. Windows MSI changes since 2.6.2: * S

[Openvpn-devel] OpenVPN 2.6.2 released

The OpenVPN community project team is proud to release OpenVPN 2.6.2. This is mostly a bugfix release with some improvements. Feature changes: * implement byte counter statistics for DCO Linux (p2mp server and client) * implement byte counter statistics for DCO Windows (client only) * "--dns ser

[Openvpn-devel] OpenVPN 3 Linux v20 released

OpenVPN 3 Linux v20 (stable) This is the first stable release of OpenVPN 3 Linux. This release is mostly adding minor improvements, a few bug fix and adding two more helper tools. * Feature: openvpn3-admin journal This is a helper function to retrieve log events from the OpenVPN 3 Linux s

[Openvpn-devel] OpenVPN 2.6.1 released

The OpenVPN community project team is proud to release OpenVPN 2.6.1. This is mostly a bugfix release with some improvements. Feature changes: * Dynamic TLS Crypt: When both peers are OpenVPN 2.6.1+, OpenVPN will dynamically create a tls-crypt key that is used for renegotiation. This ensur

Re: [Openvpn-devel] OpenVPN 2.5.9 released

e there is a corresponding configuration option, too. HTH Matthias gert ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel ___

Re: [Openvpn-devel] OpenVPN 2.5.9 released

Hi, On Thu, Feb 16, 2023 at 08:48:26AM -0500, Jonathan K. Bullard wrote: > On Thu, Feb 16, 2023 at 7:51 AM Frank Lichtenheld > wrote: > > > > The OpenVPN community project team is proud to release OpenVPN 2.5.9. This > > is > > a small bugfix release. > > Was this sent a bit early? There is no

Re: [Openvpn-devel] OpenVPN 2.5.9 released

On Thu, Feb 16, 2023 at 9:24 AM Arne Schwabe wrote: > > Am 16.02.23 um 14:11 schrieb Jonathan K. Bullard: > > Not yet seeing anything about 2.5.9 at > > https://openvpn.net/community-downloads/ > > . (From the New York City > > metropolitan area.) > > > >

Re: [Openvpn-devel] OpenVPN 2.5.9 released

Am 16.02.23 um 14:11 schrieb Jonathan K. Bullard: Not yet seeing anything about 2.5.9 at https://openvpn.net/community-downloads/ . (From the New York City metropolitan area.) Maybe caches need updating? I reached out to our the website team and th

Re: [Openvpn-devel] OpenVPN 2.5.9 released

(Sorry for my earlier top-post.) On Thu, Feb 16, 2023 at 7:51 AM Frank Lichtenheld wrote: > > The OpenVPN community project team is proud to release OpenVPN 2.5.9. This is > a small bugfix release. > Was this sent a bit early? There is no 2.5.9 tag at https://github.com/OpenVPN/openvpn/tags. Be

Re: [Openvpn-devel] OpenVPN 2.5.9 released

  Frank Lichtenheld ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel ___ Openvpn-devel mailing list Openvpn-devel@lis

Re: [Openvpn-devel] OpenVPN 2.5.9 released

___ > Openvpn-devel mailing list > Openvpn-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-devel > ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] OpenVPN 2.5.9 released

The OpenVPN community project team is proud to release OpenVPN 2.5.9. This is a small bugfix release. The Windows MSI installers are now built against OpenSSL 1.1.1t which contains several security fixes. List of changes in OpenVPN:

[Openvpn-devel] OpenVPN Linking Exception

OpenVPN 2.x is licensed under the GNU Public License v2.0 (GPL-2.0). This license has served us well in the past and we are not trying to change that. However, changes in licenses of our dependencies put us in an unfortunate situation. Both mbed TLS and OpenSSL nowadays use the Apache 2.x

Re: [Openvpn-devel] OpenVPN 2.6.0 released

On Fri, Jan 27, 2023 at 08:41:38PM +0100, Matthias Andree wrote: > Am 25.01.23 um 20:50 schrieb Frank Lichtenheld: > > The OpenVPN community project team is proud to release OpenVPN 2.6.0. > > This is the new stable version of OpenVPN with some major new features. > > Hi Frank, > > OpenVPN 2.5.x

Re: [Openvpn-devel] OpenVPN 2.6.0 released

Am 25.01.23 um 20:50 schrieb Frank Lichtenheld: The OpenVPN community project team is proud to release OpenVPN 2.6.0. This is the new stable version of OpenVPN with some major new features. Hi Frank, OpenVPN 2.5.x releases also showed up in .tar.xz format - are there plans to provide these (an

Re: [Openvpn-devel] OpenVPN 2.6.0 released

@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] OpenVPN 2.6.0 released

> Openvpn-devel mailing list > Openvpn-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-devel ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] OpenVPN 2.6.0 released

On 25/01/2023 20:50, Frank Lichtenheld wrote: [...snip...] On Red Hat derivatives we recommend using the Fedora Copr repository. A slight update here. The repo above will be preserved for OpenVPN 2.5 releases. A new repos

[Openvpn-devel] OpenVPN 2.6.0 released

The OpenVPN community project team is proud to release OpenVPN 2.6.0. This is the new stable version of OpenVPN with some major new features. Changes since RC2: * Various bugfixes, see https://github.com/OpenVPN/openvpn/blob/v2.6.0/Changes.rst Windows MSI changes since RC2: * Included openvpn-g

Re: [Openvpn-devel] [Openvpn-users] 2.6rc2 server with DCO and 2.6rc2 client with DCO: not working

Hi, (copying openvpn-devel, as Arne and Antonio are not reading -users) On Wed, Jan 18, 2023 at 05:34:51PM +0100, Ralf Hildebrandt via Openvpn-users wrote: > You might have noticed our bug reports regarding capabilities && 2.6rc2. > The whole point of it all was to test 2.6.x's DCO in our openvp

[Openvpn-devel] OpenVPN 2.6_rc2 released

The OpenVPN community project team is proud to release OpenVPN 2.6_rc2. This is the second release candidate (and the fourth beta release) for the feature release 2.6.0. Changes since RC1: * Add rate limiter for incoming "initial handshake packets", enabled by default with a limit of 100 packet

Re: [Openvpn-devel] [OpenVPN/openvpn-gui] UI showing green connected status despite not beeing able to create a route (#9)

Hi, On Mon, Jan 2, 2023 at 5:51 PM Gert Doering wrote: > Hi, > > On Sat, Dec 31, 2022 at 05:40:49PM +0100, Gert Doering wrote: > > On Sat, Dec 17, 2022 at 07:09:34PM -0500, Selva Nair wrote: > > > tldr: Can we get CONNECTED,ERROR instead of CONNECTED,SUCCESS on route > > > errors? > > > > I thin

Re: [Openvpn-devel] [OpenVPN/openvpn-gui] UI showing green connected status despite not beeing able to create a route (#9)

Hi, On Sat, Dec 31, 2022 at 05:40:49PM +0100, Gert Doering wrote: > On Sat, Dec 17, 2022 at 07:09:34PM -0500, Selva Nair wrote: > > tldr: Can we get CONNECTED,ERROR instead of CONNECTED,SUCCESS on route > > errors? > > I think this makes sense. Not sure how complicated it is, and if we > can mak

Re: [Openvpn-devel] [OpenVPN/openvpn-gui] UI showing green connected status despite not beeing able to create a route (#9)

Hi, On Sat, Dec 17, 2022 at 07:09:34PM -0500, Selva Nair wrote: > tldr: Can we get CONNECTED,ERROR instead of CONNECTED,SUCCESS on route > errors? I think this makes sense. Not sure how complicated it is, and if we can make this before 2.6.0 ("some time in January"). gert -- "If was one thing

[Openvpn-devel] OpenVPN 2.6_rc1 released

The OpenVPN community project team is proud to release OpenVPN 2.6_rc1. This is the first release candidate (and the third beta release) for the feature release 2.6.0. Changes since Beta 2: * Officially deprecate NTLMv1 proxy auth method in 2.6. Will be removed in 2.7. * Support unlimited number

Re: [Openvpn-devel] [OpenVPN/openvpn-gui] UI showing green connected status despite not beeing able to create a route (#9)

Hi, Trying to resurrect this thread, as we still have this deficiency in OpenVPN core that makes it difficult for UI's to report routing errors. tldr: Can we get CONNECTED,ERROR instead of CONNECTED,SUCCESS on route errors? See also https://github.com/OpenVPN/openvpn-gui/issues/9 On Fri, Jul 6,

[Openvpn-devel] OpenVPN 2.6_beta2 released

The OpenVPN community project team is proud to release OpenVPN 2.6_beta2. This is the second Beta release for the feature release 2.6.0. Changes since Beta 1: * Transport statistics (bytes in/out) for DCO environments. Currently only for Windows clients and FreeBSD servers. Other platforms wi

Re: [Openvpn-devel] OpenVPN crash with latest "fix p2p reconnect" patch

Hi, On Wed, Dec 07, 2022 at 08:56:04AM +0100, Gert Doering wrote: > the client side tests tested p2p udp (8) before p2p udp TLS (11), so > never noticed that after running (11), (8) would not work any longer... More specifically, because I never tested p2p tun (8) on the DCO-enabled servers ("why

[Openvpn-devel] OpenVPN crash with latest "fix p2p reconnect" patch

Hi, bad news... On Thu, Dec 01, 2022 at 12:01:28PM +0100, Arne Schwabe wrote: > diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c > index 1b418b1bc..958bf0b56 100644 > --- a/src/openvpn/forward.c > +++ b/src/openvpn/forward.c > @@ -1174,9 +1174,22 @@ process_incoming_dco(struct context *

[Openvpn-devel] OpenVPN 2.6_beta1 released

The OpenVPN community project team is proud to release OpenVPN 2.6_beta1. This is the first Beta release for the feature release 2.6.0. Some highlights of this release are: * Data Channel Offload (DCO) kernel acceleration support for Windows, Linux, and FreeBSD. * OpenSSL 3 support. * Improved h

Re: [Openvpn-devel] OpenVPN 2.5.8 released

On Wed, Nov 02, 2022 at 10:37:12PM +0100, Frank Lichtenheld wrote: > Source code and Windows installers can be downloaded from our download page: > > A new version of the Windows MSI installer has been released. It fixes the issue that the original insta

[Openvpn-devel] OpenVPN 2.5.8 released

The OpenVPN community project team is proud to release OpenVPN 2.5.8. This is mostly a bugfix release. However, there were several enhancements of the Windows GUI component: * OpenVPN 3 support -- the GUI can also work as a user interface for the OpenVPN 3 client. * pkcs11-id-management -- the G

[Openvpn-devel] OpenVPN 3 Linux client - v19 beta released

Hi, The OpenVPN 3 Linux v19 (beta) release is now available. First, thank you to all who have reported issues and as well those who also contributed with changes. Your efforts and interest in this project is highly appreciated. Please reach out if you have any questions or wonder about how Ope

[Openvpn-devel] OpenVPN Windows DCO driver

Dear all, The DCO driver for Windows (https://github.com/openvpn/ovpn-dco-win) implements OpenVPN data channel in kernel, eliminating context switch and thus noticeably improves performance. Support for dco-win driver has been merged into openvpn master branch and openvpn installer: x64: htt

[Openvpn-devel] OpenVPN 3 Linux client - v18 beta released

Hi, The OpenVPN 3 Linux v18 (beta) release is now available. This release consists of a larger overhaul on the logging system with a few additional bug fixes and other improvements. * Log system changes In prior releases, the backend VPN client (openvpn3-service-client processes) sent Log

[Openvpn-devel] OpenVPN 2.5.7 released

The OpenVPN community project team is proud to release OpenVPN 2.5.7. This is mostly a bugfix release, but adds limited support for OpenSSL 3.0. Full support will arrive in OpenVPN 2.6. Source code and Windows installers can be

Re: [Openvpn-devel] :openvpn dco connection problem

Am 20.04.22 um 10:18 schrieb yuanxun: Hi I recently encountered a bug when using the openvpn dco branch. When the client connection reaches max_cliants, I reconnect one of the clients, and the client will fail to reconnect when it reaches the set number of reconnections. At this time, the cli

[Openvpn-devel] :openvpn dco connection problem

Hi I recently encountered a bug when using the openvpn dco branch. When the client connection reaches max_cliants, I reconnect one of the clients, and the client will fail to reconnect when it reaches the set number of reconnections. At this time, the client state is Not connected, but on the mana

Re: [Openvpn-devel] OpenVPN encryption architecture

Am 05.04.22 um 05:10 schrieb Leroy Tennison: Thanks for your reply, I'm actually looking for something pretty high-level like "the server (or client) sends their (whatever key) and the client (or server) (creates a session key from it or whatever happens) and that is used for encryption."  I am

Re: [Openvpn-devel] OpenVPN encryption architecture

Am 04.04.22 um 22:32 schrieb Leroy Tennison via Openvpn-devel: Trying to find information on how OpenVPN uses the keys generated for the client and server to encrypt traffic and not having any success (maybe I'm not searching for the right terms).  Can someone explain or point me to a URL expla

[Openvpn-devel] OpenVPN encryption architecture

Trying to find information on how OpenVPN uses the keys generated for the client and server to encrypt traffic and not having any success (maybe I'm not searching for the right terms).  Can someone explain or point me to a URL explaining how OpenVPN encrypts traffic once authentication is succes

[Openvpn-devel] OpenVPN 2.4.12 released

OpenVPN 2.4.12 was released last week. It will be the last release in the 2.4.x series, so we encourage you to migrate to latest 2.5.x release if you can. Source code and Windows installers can be downloaded from our download page: Linux packages are

[Openvpn-devel] OpenVPN 2.5.6 released

The OpenVPN community project team is proud to release OpenVPN 2.5.6. This is mostly a bugfix release including one security fix ("Disallow multiple deferred authentication plug-ins.", CVE: 2022-0547). More details are available in Changes.rst:

Re: [Openvpn-devel] OpenVPN Client 2FA problem with Backslash

Hi Jacob, On Fri, Mar 11, 2022 at 3:52 AM Jakob Curdes wrote: > Hello Selva, hello all, > > I have tested the executable in the circumstances described earlier. I > confirm the problem described (username/password auth succeeds, but second > auth with 2FA data fails as the backslash in the usern

Re: [Openvpn-devel] OpenVPN Client 2FA problem with Backslash

Hi, On Thu, Mar 10, 2022 at 4:23 PM Gert Doering wrote: Hi, On Thu, Mar 10, 2022 at 12:51:51PM -0500, Selva Nair wrote: > I missed this follow up on the devel list. Please see my reply to > openvpn-users. If @ doesnt work there is no easy fix short of patching the > G

Re: [Openvpn-devel] OpenVPN Client 2FA problem with Backslash

Hi, On Thu, Mar 10, 2022 at 4:23 PM Gert Doering wrote: > Hi, > > On Thu, Mar 10, 2022 at 12:51:51PM -0500, Selva Nair wrote: > > I missed this follow up on the devel list. Please see my reply to > > openvpn-users. If @ doesnt work there is no easy fix short of patching > the > > GUI. > > We're

Re: [Openvpn-devel] OpenVPN Client 2FA problem with Backslash

Hi, On Thu, Mar 10, 2022 at 12:51:51PM -0500, Selva Nair wrote: > I missed this follow up on the devel list. Please see my reply to > openvpn-users. If @ doesnt work there is no easy fix short of patching the > GUI. We're planning a 2.5.x release "some time next week" (partly prompted due to the

Re: [Openvpn-devel] OpenVPN Client 2FA problem with Backslash

Hi, On Thu, Mar 10, 2022 at 9:15 AM Jakob Curdes wrote: > Hello all, > > I think I have found a bug in the OpenVPN Windows client , can you help me > to determine if this is true and how to proceed? > > We are trying to implement 2FA for several existing Firebox SSL VPNs > (which essentially use

Re: [Openvpn-devel] OpenVPN Client 2FA problem with Backslash

Hello list, hello Arne, Am 10.03.2022 um 16:32 schrieb Arne Schwabe: Am 10.03.22 um 15:14 schrieb Jakob Curdes: Thu Mar 10 10:35:32 2022 AUTH: Received control message: AUTH_FAILED,CRV1:R,E:1796:Yoirtuqeprtiqrew4==:*Type "p" to receive a push notification or type your one-time password* /(Ty

Re: [Openvpn-devel] OpenVPN Client 2FA problem with Backslash

Am 10.03.22 um 15:14 schrieb Jakob Curdes: Hello all, I think I have found a bug in the OpenVPN Windows client , can you help me to determine if this is true and how to proceed? We are trying to implement 2FA for several existing Firebox SSL VPNs (which essentially uses OpenVPN on server and

[Openvpn-devel] OpenVPN Client 2FA problem with Backslash

Hello all, I think I have found a bug in the OpenVPN Windows client , can you help me to determine if this is true and how to proceed? We are trying to implement 2FA for several existing Firebox SSL VPNs (which essentially uses OpenVPN on server and client side). The remote users all use the

[Openvpn-devel] openvpn user concurrency

Hello! Considering a metric when using openvpn, what is the user concurrency limit for a single service process? Is the concurrency limited by the number of max-clients, or is there a limit? I haven't figured out how to test it, has anyone done this test?

[Openvpn-devel] OpenVPN Data Channel Offload for Windows (Jan 2022)

Dear all, OpenVPN Community would like to present a new technical preview version of OpenVPN Windows client with Data Channel Offload functionality. This version includes many bugfixes and improvements since the previous one (May 2021). It also uses OpenSSL 3.0.1. The client is built from the ope

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.5.5 released

Hi, On Wed, Dec 15, 2021 at 06:17:01PM +0100, Jan Just Keijser wrote: > what!  a malformatted Changes.rst file warrants its own CVE code, I > would say! > Let me report it to mitre ;) We're our own CVE authority now, so mitre has no authority over us!!! That said, do not let me stop you ;-) ge

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.5.5 released

On 15/12/21 18:01, Gert Doering wrote: Hi, On Wed, Dec 15, 2021 at 04:30:43PM +, tincantech via Openvpn-users wrote: -BEGIN PGP SIGNED MESSAGE- It seems only fair to warn the OpenVPN community that Version 2.5.5 has had bugs identified. A new release v2.5.6 is planned for the comin

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.5.5 released

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Seems I was too hasty here. OpenVPN 2.5.5 is the current release and there are no bugs severe enough to warrant a version 2.5.6, at this time. Sorry for the confusion. Regards Richard Sent with ProtonMail Secure Email. ‐‐‐ Original Message

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.5.5 released

Hi, On Wed, Dec 15, 2021 at 04:30:43PM +, tincantech via Openvpn-users wrote: > -BEGIN PGP SIGNED MESSAGE- > It seems only fair to warn the OpenVPN community that Version 2.5.5 has had > bugs identified. > A new release v2.5.6 is planned for the coming week, or so.. That was a misund

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.5.5 released

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 It seems only fair to warn the OpenVPN community that Version 2.5.5 has had bugs identified. A new release v2.5.6 is planned for the coming week, or so.. Regards Richard Sent with ProtonMail Secure Email. ‐‐‐ Original Message ‐‐‐ On Wedn

[Openvpn-devel] OpenVPN 2.5.5 released

The OpenVPN community project team is proud to release OpenVPN 2.5.5. The most notable changes are Windows-related: use of CFG Spectre-mitigations in MSVC builds, bringing back of OpenSSL config loading and several build fixes. More details are available in Changes.rst:

  1   2   3   4   5   6   7   8   9   10   >