HomeSolus

openvpn: Update to 2.5.2

Authored by ReillyBrogan on Jun 2 2021, 9:08 PM.

Description

openvpn: Update to 2.5.2

Summary:
Security Updates:

OpenVPN 2.5 Changes:

  • Connections setup is now much faster
  • ChaCha20-Poly1305 cipher in the OpenVPN data channel
  • Client-specific tls-crypt keys
  • Improved Data channel cipher negotiation
  • Removal of BF-CBC support in default configuration
  • HMAC based auth-token support for seamless reconnects to standalone servers or a group of servers.
  • Asynchronous (deferred) authentication support for auth-pam plugin
  • Asynchronous (deferred) support for client-connect scripts and plugins
  • Support IPv4 configs with /31 netmasks now
  • 802.1q VLAN support on TAP servers
  • IPv6-only tunnels
  • New option --block-ipv6 to reject all IPv6 packets (ICMPv6)
  • VRF support
  • Netlink integration (OpenVPN no longer needs to execute ifconfig/route or ip commands)

Complete release notes available here

Test Plan:

  • Rebuilt all reverse dependencies
  • Connected to a few different Openvpn servers via GNOME network-manager applet

Reviewers: Triage Team, JoshStrobl

Reviewed By: Triage Team, JoshStrobl

Subscribers: JoshStrobl, serebit, algent

Differential Revision: https://dev.getsol.us/D11199

Details

Committed
JoshStroblJun 2 2021, 9:08 PM
Pushed
JoshStroblJun 2 2021, 9:08 PM
Reviewer
Triage Team
Differential Revision
D11199: openvpn: Update to 2.5.2
Parents
R2261:4b50cabd6a8b: Add patch to change default cipher. Enable async push. Switch to mbedtls.
Branches
Unknown
Tags
Unknown
References
tag: openvpn-2.5.2-15