Page MenuHomeSolus

openvpn: Update to 2.5.2
ClosedPublic

Authored by ReillyBrogan on Tue, Jun 1, 8:13 PM.

Details

Summary

Security Updates:

OpenVPN 2.5 Changes:

  • Connections setup is now much faster
  • ChaCha20-Poly1305 cipher in the OpenVPN data channel
  • Client-specific tls-crypt keys
  • Improved Data channel cipher negotiation
  • Removal of BF-CBC support in default configuration
  • HMAC based auth-token support for seamless reconnects to standalone servers or a group of servers.
  • Asynchronous (deferred) authentication support for auth-pam plugin
  • Asynchronous (deferred) support for client-connect scripts and plugins
  • Support IPv4 configs with /31 netmasks now
  • 802.1q VLAN support on TAP servers
  • IPv6-only tunnels
  • New option --block-ipv6 to reject all IPv6 packets (ICMPv6)
  • VRF support
  • Netlink integration (OpenVPN no longer needs to execute ifconfig/route or ip commands)

Complete release notes available here

Test Plan
  • Rebuilt all reverse dependencies
  • Connected to a few different Openvpn servers via GNOME network-manager applet

Diff Detail

Repository
R2261 openvpn
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

ReillyBrogan created this revision.Tue, Jun 1, 8:13 PM
ReillyBrogan requested review of this revision.Tue, Jun 1, 8:13 PM
  • Didn't mean to commit checks disabled
algent added a subscriber: algent.Tue, Jun 1, 8:25 PM

I think /usr/share/doc can be deleted.

  • Remove docs

FYI @serebit Qomui doesn't build currently (source path needs to be changed). You may also consider removing it from the repos as it appears to be dead upstream.

wait why me

Actually disregard that comment @serebit for some reason I thought you were the qomui maintainer (probably because you're the maintainer of protonvpn-cli one of the other openvpn reverse dependencies)

JoshStrobl accepted this revision.Wed, Jun 2, 9:08 PM
JoshStrobl added a subscriber: JoshStrobl.

LGTM, thanks!

This revision is now accepted and ready to land.Wed, Jun 2, 9:08 PM
This revision was automatically updated to reflect the committed changes.