Announcements from OpenVPN involving bugs, updates, and new features.
-
novaflash
- OpenVPN Inc.
- Posts: 1073
- Joined: Fri Apr 13, 2012 8:43 pm
Post
by novaflash » Fri Mar 10, 2023 7:40 pm
The OpenVPN community project team is proud to release OpenVPN 2.6.1. This is mostly a bugfix release with some improvements.
Feature changes:
- Dynamic TLS Crypt: When both peers are OpenVPN 2.6.1+, OpenVPN will dynamically create a tls-crypt key that is used for renegotiation. This ensure that only the previously authenticated peer can do trigger renegotiation and complete renegotiations.
- CryptoAPI (Windows): support issuer name as a selector. Certificate selection string can now specify a partial issuer name string as "--cryptoapicert ISSUER:<string>" where <string> is matched as a substring of the issuer (CA) name in the certificate.
- Note: configure now enables DCO build by default on FreeBSD and Linux. On Linux this brings in a new default dependency for libnl-genl (for Linux distributions that are too old to have a suitable version of the library, use "configure --disable-dco")
Windows MSI changes since 2.6.0:
- Update included ovpn-dco-win driver to 0.9.2
Downloads
Useful resources
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.
-
fixed77
- Posts: 0
- Joined: Tue Jan 31, 2023 2:32 pm
Post
by fixed77 » Sat Mar 11, 2023 6:32 am
> Note: configure now enables DCO build by default on FreeBSD and Linux. On Linux this brings in a new default dependency for libnl-genl (for Linux distributions that are too old to have a suitable version of the library, use "configure --disable-dco")
OpenVPN 2.6.1 in Ubuntu repo (
https://build.openvpn.net/) build without DCO.
openvpn --version shown enable_dco=no build option.
-
flichtenheld
- OpenVPN Inc.
- Posts: 13
- Joined: Fri Oct 28, 2022 3:25 pm
Post
by flichtenheld » Thu Mar 16, 2023 9:36 am
fixed77 wrote: ↑Sat Mar 11, 2023 6:32 am
> Note: configure now enables DCO build by default on FreeBSD and Linux. On Linux this brings in a new default dependency for libnl-genl (for Linux distributions that are too old to have a suitable version of the library, use "configure --disable-dco")
OpenVPN 2.6.1 in Ubuntu repo (
https://build.openvpn.net/) build without DCO.
openvpn --version shown enable_dco=no build option.
This known problem is tracked in
https://github.com/OpenVPN/openvpn-build/issues/333. I just updated that ticket to provide a status update.
Summary: It is fixed for most relevant versions, but specifically not the Ubuntu focal package.
Frank Lichtenheld
DevOps Engineer
OpenVPN, Inc.
