From 9bc2be7b4f6bf760dc5f3257374d749c4eb2f658 Mon Sep 17 00:00:00 2001 From: David Sommerseth Date: Thu, 24 Nov 2016 15:04:51 +0100 Subject: [PATCH] Preparing OpenVPN v2.4_beta2 release This also adds a few missing details from Changes.rst Signed-off-by: David Sommerseth --- ChangeLog | 30 ++++++++++++++++++++++++++++++ Changes.rst | 25 +++++++++++++++++++++++++ version.m4 | 2 +- 3 files changed, 56 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 991aeb6a..abb9d385 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,36 @@ OpenVPN Change Log Copyright (C) 2002-2016 OpenVPN Technologies, Inc. +2016.11.24 -- Version 2.4_beta2 +Arne Schwabe (5): + Document that tls-crypt also supports inline + Fix warning that RAND_bytes is undeclared + Remove compat-stdbool.h. + Fix various compiler warnings + Handle DNS6 option on Android + +David Sommerseth (2): + Changes.rst: Fixing wrong formatting + Document the --auth-token option + +Gert Doering (2): + Remove remaining traces of compat-stdbool.h + Stub implementation of "--dhcp-option DNS6 " + +Selva Nair (3): + Do not set ipv6 address if '--ip-win32 manual' is used + Handle --dhcp-option DNS6 on Windows using netsh + Set IPv6 DNS servers using interactive service + +Steffan Karger (6): + multi_process_float: revert part of c14c4a9e + --tls-crypt fixes + Change cmocka remote to use https in stead of git protocol + generate_key_expansion: make assumption explicit, use C99 features + Poor man's NCP for non-NCP peers + Refactor data channel key generation API + + 2016.11.17 -- Version 2.4_beta1 Arne Schwabe (1): Make Changes.rst nicer for 2.4 release diff --git a/Changes.rst b/Changes.rst index 90c37722..6d7bd69b 100644 --- a/Changes.rst +++ b/Changes.rst @@ -18,6 +18,19 @@ Cipher negotiation to use that cipher. Data channel cipher negotiation can be controlled using ``--ncp-ciphers`` and ``--ncp-disable``. + A more limited version also works in client-to-server and server-to-client + scenarios where one of the end points uses a v2.4 client or server and the + other side uses an older version. In such scenarios the v2.4 side will + change to the ``--cipher`` set by the remote side, if permitted by by + ``--ncp-ciphers``. For example, a v2.4 client with ``--cipher BF-CBC`` + and ``ncp-ciphers AES-256-GCM:AES-256-CBC`` can connect to both a v2.3 + server with ``cipher BF-CBC`` as well as a server with + ``cipher AES-256-CBC`` in its config. The other way around, a v2.3 client + with either ``cipher BF-CBC`` or ``cipher AES-256-CBC`` can connect to a + v2.4 server with e.g. ``cipher BF-CBC`` and + ``ncp-ciphers AES-256-GCM:AES-256-CBC`` in its config. For this to work + it requires that OpenVPN was built without disabling OCC support. + AEAD (GCM) data channel cipher support The data channel now supports AEAD ciphers (currently only GCM). The AEAD packet format has a smaller overhead than the CBC packet format, (e.g. 20 @@ -32,6 +45,18 @@ Dualstack client connect Instead of only using the first address of each ``--remote`` OpenVPN will now try all addresses (IPv6 and IPv4) of a ``--remote`` entry. +Support for providing IPv6 DNS servers + A new DHCP sub-options ``DNS6`` is added alongside with the already existing + ``DNS`` sub-option. This is used to provide DNS resolvers available over + IPv6. This will be pushed to clients and `` --up`` scripts and ``--plugin`` + can act upon it through the ``foreign_option_`` environment variables. + + Support for the Windows client picking up this new sub-option is added, + however IPv6 DNS resolvers needs to be configured via ``netsh`` which requires + administrator privileges if the new interactive services on Windows is not + being used. If the interactive services is used, this service will execute + ``netsh`` in the background with the proper privileges. + New improved Windows Background service The new OpenVPNService is based on openvpnserv2, a complete rewrite of the OpenVPN service wrapper. It is intended for launching OpenVPN instances that should be diff --git a/version.m4 b/version.m4 index ab8ea426..b5fb2341 100644 --- a/version.m4 +++ b/version.m4 @@ -3,7 +3,7 @@ define([PRODUCT_NAME], [OpenVPN]) define([PRODUCT_TARNAME], [openvpn]) define([PRODUCT_VERSION_MAJOR], [2]) define([PRODUCT_VERSION_MINOR], [4]) -define([PRODUCT_VERSION_PATCH], [_beta1]) +define([PRODUCT_VERSION_PATCH], [_beta2]) m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MAJOR]) m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MINOR], [[.]]) m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_PATCH], [[]])