OpenVPN 2.3.4发布。2014-05-02 因为众所周知的原因,OpenVPN主站(openvpn.net)被墙了.上一个版本是2014-04-10的2.3.3 。此版本的TLS版本协商不再使用回复到2.3.2的行为,SSL版本库汇报及SOCKSv5认证逻辑修正等。Windows上使用的用户建议升级,遗留产品线2.1.4/2.2.2。
OpenVPN 是一个基于 OpenSSL 库的应用层 VPN 实现。和传统 VPN 相比,它的优点是简单易用。
OpenVPN允许参与建立VPN的单点使用共享金钥,电子证书,或者用户名/密码来进行身份验证。它大量使用了OpenSSL加密库中的SSLv3/TLSv1 协议函式库。目前OpenVPN能在Solaris、Linux、OpenBSD、FreeBSD、NetBSD、Mac OS X与Windows 2000/XP/Vista上运行,并包含了许多安全性的功能。它并不是一个基于Web的VPN软件,也不与IPsec及其他VPN软件包兼容。
OpenVPN使用OpenSSL库加密数据与控制信息:它使用了OpenSSL的加密以及验证功能,意味着,它能够使用任何OpenSSL支持的算法。它提供了可选的数据包HMAC功能以提高连接的安全性。此外,OpenSSL的硬件加速也能提高它的性能。
Ubuntu下OpenVPN客户端配置教程 http://www.linuxidc.com/Linux/2013-06/86562.htm
Ubuntu 10.04搭建OpenVPN http://www.linuxidc.com/Linux/2012-11/74790.htm
Ubuntu 13.04 VPN (OpenVPN) 配置和连接不能同时访问内外网的问题 http://www.linuxidc.com/Linux/2013-07/86899.htm
如何在Linux上用OpenVPN搭建安全的远程网络架构 http://www.linuxidc.com/Linux/2013-11/92646.htm
OpenVPN 2.3.4 -- released on 2014.05.02 (Change Log)
The most important change in this release is that TLS version negotiation is no longer used unless it's explicitly turned on in the configuration files, thus reverting back to the 2.3.2 behaviour as interoperability issues were encountered in 2.3.3. Other notable changes include addition of SSL library version reporting, fixing of SOCKSv5 authentication logic and making serial env exporting consistent between OpenSSL and PolarSSL. This release also contains a number of other bug fixes and small enhancements.
The Windows installer I001 had additional code to prevent problems during install and uninstall if installer bitness is wrong or if the OpenVPN-GUI or an OpenVPN process is running. The Windows I001 installers also bundled OpenSSL 1.0.1g, which means that they are immune to the heartbleed vulnerability (OpenVPN-specifics here). WIndows I002 installers bundle OpenSSL 1.0.0h, which fixes several vulnerabilities, including a MITM vulnerability that affects OpenVPN.
All Windows users of OpenVPN 2.3.4 should upgrade to the latest release immediately.
Experimental Windows installers with NDIS 6 -enabled tap-windows drivers are also available for Windows Vista and above. Note that it is possible, even if unlikely, that the NDIS 6 drivers could crash, giving a BSOD. Long story short: please do not use them on valuable production systems.
完全改进:
OpenVPN 2.3.4
Arne Schwabe (1):
Fix man page and OSCP script: tls_serial_{n} is decimal
Dmitrij Tejblum (1):
Fix is_ipv6 in case of tap interface.
Gert Doering (8):
IPv6 address/route delete fix for Win8
Add SSL library version reporting.
Minor t_client.sh cleanups
Repair --multihome on FreeBSD for IPv4 sockets.
Rewrite manpage section about --multihome
More IPv6-related updates to the openvpn man page.
Conditionalize calls to print_default_gateway on !ENABLE_SMALL
Preparing for release v2.3.4 (ChangeLog, version.m4)
James Yonan (2):
Use native strtoull() with MSVC 2013.
When tls-version-min is unspecified, revert to original versioning approach.
Steffan Karger (4):
Change signedness of hash in x509_get_sha1_hash(), fixes compiler warning.
Fix OCSP_check.sh to also use decimal for stdout verification.
Fix build system to accept non-system crypto library locations for plugins.
Make serial env exporting consistent amongst OpenSSL and PolarSSL builds.
Yawning Angel (1):
Fix SOCKSv5 method selection
kangsterizer (1):
Fix typo in sample build script to use LDFLAGS
下载:http://fossies.org/linux/misc/openvpn-2.3.4.tar.gz
