diff options
Diffstat (limited to 'openvpn/ChangeLog')
-rw-r--r-- | openvpn/ChangeLog | 3875 |
1 files changed, 3875 insertions, 0 deletions
diff --git a/openvpn/ChangeLog b/openvpn/ChangeLog new file mode 100644 index 0000000..d498344 --- /dev/null +++ b/openvpn/ChangeLog @@ -0,0 +1,3875 @@ +OpenVPN Change Log +Copyright (C) 2002-2011 OpenVPN Technologies, Inc. <sales@openvpn.net> + +2012.02.21 -- Version 2.3-alpha1 +Adriaan de Jong (127): + Added Doxygen doxyfile + Changed configure to accept --with-ssl-type=openssl + Refactored to rand_bytes for OpenSSL-independency + Refactored OpenSSL-specific constants + Refactored maximum cipher and hmac length constants + Refactored show_available_* functions + Refactored SSL_clear_error() + Refactored crypto initialisation functions + Refactored DES key manipulation functions + Refactored NTLM DES key generation + Refactored message digest type functions + Refactored message digest functions + Refactored HMAC functions + Refactored cipher key types + Refactored cipher functions + Added PRNG doxygen + Refactored: Moved crypto.h inline functions to end of file + Removed stale OpenSSL defines from crypto.h + Added a check for Openssl or PolarSSL defines + Refactored: Added stubs for new files + Refactored SSL initialisation functions + Refactored TLS_PRF to new hmac and md primitives + Refactored tls_show_available_ciphers + Refactored get_highest_preference_tls_cipher + Refactored root SSL context initialisation + Refactored new external key code + Refactored DH paramater loading + Refactored root TLS option settings + Refactored PKCS#12 key loading + Refactored PKCS#11 loading + Refactored windows cert loading + Refactored load certificate functions + Refactored private key loading code + Refactored external key loading from management + Refactored CA and extra certs code + Refactored cipher restriction code + Refactored tls_options, key_state, and key_source data structures + Refactored initalisation of key_states + Refactored key_state free code + Refactored print_details + Refactored key_state read code (including bio_read()) + Refactored key_state write functions + Refactored: Moved BIO debug functions to OpenSSL backend + Refactored: removed ks and ks_lame macro for clarity + Refactored: moved write_empty_string function back + Refactored Doxygen for tls_multi functions + Migrated data structures needed by verification functions to ssl_common.h + Refactored client_config_dir_exclusive function + Refactored certificate hash lock checks + Refactored common name locking functions + Refactored username and password authentication code + Add some extra comments + Refactored: split verify_callback into two parts + Added function to extract and verify the subject from a certificate + Added function to verify and extract the username + Refactored: removed global x509_username_field + Refactored: separated environment setup during verification + Refactored: Netscape certificate type verification + Refactored key usage verification code + Refactored EKU verification + Refactored tls-remote checking + Refactored tls-verify-plugin code + Refactored tls-verify script code + Refactored CRL checks + Minor cleanup in verify_cert: + Refactored: Moved verify_cert to ssl_verify + Cleaned up ssl.h + Refactored: made M_SSL dependent on USE_OPENSSL + Refactored: renamed X509 functions from verify_* + Separated OpenSSL-specific parts of the PKCS#11 driver + Modified base64 code in preparation for PolarSSL merge + Final cleanup before PolarSSL addition: + Refactored X509 track feature to be contained within the openssl backend + Added PolarSSL support: + Fixed a missing include in ssl_backend.h + Fixed a bug in the hash generation in ssl_verify_openssl.c + Added SHA_DIGEST_SIZE definition + Changed PolarSSL crypto backend to support v0.99-pre5 + Updated ssl_polarssl.c to work with 0.99-pre5 + Fixed a compilation warning for size_t key sizes + Added a warning that the PolarSSL library does not support pkcs12 files. + Added warning that --capath is not available with PolarSSL + Disable CryptoAPI when not using OpenSSL, and document that fact. + Removed support for management external keys in PolarSSL + Removed stray X509_free from ssl.c + Refactored (and disabled for PolarSSL) support for writing external cert files in scripts + Added an extra define to allow building without PKCS#11 + Added SSL library to title string + Disabled X.509 track and username selection for PolarSSL + Hardening: periodically reset the PRNG's nonce value + Fixes for the plugin system: + Further improvements to plugin support: + Fixed an unintentional change in the options calculated key size. + Moved print messages back to generic crypto.c from cipher backends + Moved HMAC prints back to main crypto module + Added back checks for ks->authenticated in verify_user_pass + Moved gc_new and gc_free to begin end of function + Fixed a bug in the return value of ssl_verify when pre_verify failed + Unified verification function return values: + Removed a stray Fox-IT tag + Fixed a typo: print the subject instead of the serial for verification errors + Made SSL_CIPHER const in print_details, to fix warning + Moved to PolarSSL 1.0.0: + Added missing #ifdef to allow --disable-managent to work again + Fixed disabling crypto and SSL + Got rid of a few magic numbers in ntlm.c + Removed obsolete des_cblock and des_keyschedule + Further removal of des_old.h based calls + Fixed missing comma in plugin.h + Moved prng_uninit out of crypto_uninit_lib + Moved CryptoAPI header include to the ssl_openssl.c + Reordered functions to ensure warning-free Windows build + Added options to switch between OpenSSL and PolarSSL and PKCS11... + Moved from strsep to strtok, for Windows compatibility + Minor cleanup to enable warning-free Windows build: + Fixed a typo when initialising cryptoapi certs + Minor code cleanup: cleaned up error handling in verify_cert. + Moved out of memory prototype to error.h, as the definition is in error.c + Removed support for calling gc_malloc with a NULL gc_arena struct + + (The follwing patches from Adriaan was mistakenly merged with + the wrong commit author in the git tree) + Doxygen: Added data channel crypto docs + Added control channel crypto docs + Added compression docs + Added reliability layer documentation + Added memory management documentation + Added data channel fragmentation docs + Added main/control docs + Moved doxygen-specific files to a separate directory + +Byron Ellacott (1): + autoconf fixes for building on OSX + +David Sommerseth (50): + Provide 'dev_type' environment variable to plug-ins and script hooks + Define the new openvpn_plugin_{open,func}_v3() API + Implement the core v3 plug-in function calls. + Extend the v3 plug-in API to send over X509 certificates + Added a simple plug-in demonstrating the v3 plug-in API. + Separate the general plug-in version constant and v3 plug-in structs version + Use a version-less version identifier on the master branch + Fix the --client-cert-not-required feature + Change the default --tmp-dir path to a more suitable path + Improve the mysprintf() issue in openvpnserv.c + Add a simple comment regarding openvpn_snprintf() is duplicated + Merge branch 'feat_ipv6_transport' + Merge branch 'feat_ipv6_payload' + Merge branch 'svn-branch-2.1' into merge + Solved hidden merge conflicts between master and svn-branch-2.1 + Fix const declarations in plug-in v3 structs + Merge remote-tracking branch 'cron2/feat_ipv6_payload_2.3' + Don't define ENABLE_PUSH_PEER_INFO if SSL is not available + Fix compiling issues with pkcs11 when --disable-management is configured + Remove support for Linux 2.2 configuration fallback + Revert "Add new openssl.cnf to easy-rsa/Windows" + Merge remote branch SVN 2.1 into the git tree + Merge branch 'svn-merger' + Fix Microsoft Visual Studio incompatibility in plugin.c + Fixed compile issues on FreeBSD and Solaris + Fix PolarSSL and --pkcs12 option issues + Fix FreeBSD/OpenBSD/NetBSD compiler warnings in get_default_gateway() + Make '--win-sys env' default + Do some file/directory tests before really starting openvpn + Fix bug after removing Linux 2.2 support + Don't look for 'stdin' file when using --auth-user-pass + Fix compiling with --disable-crypto and/or --disable-ssl + Fix a couple of issues in openvpn_execve() + Move away from openvpn_basename() over to platform provided basename() + Enable access() when building in Visual Studio + New Windows build fixes + Fix compilation errors on Linux platforms without SO_MARK + autotools ./configure don't like compat.h + Fix pool logging when IPv6 is not enabled + Don't check for file presence on inline files + Add --route-pre-down/OPENVPN_PLUGIN_ROUTE_PREDOWN script/plug-in hook + Enhance the error handling in _openssl_get_subject() + Fix assert() situations where gc_malloc() is called without a gc_arena object + Fix compile issues when plug-ins are disabled. + Remove --show-gateway if debug info is not enabled (--disable-debug) + Fix compile issues with status.c + Connection entry {tun,link}_mtu_defined not set correctly + Makefile.am referenced a now non-existing config-win32.h + Makefile.am was missing ssl_common.h + Revamp check_file_access() checks in stdin scenarios + +Davide Guerri (1): + New feauture: Add --stale-routes-check + +Frank de Brabander (1): + Fixed wrong return type of cipher_kt_mode + +Frederic Crozat (1): + Add support to forward console query to systemd + +Gert Doering (45): + Add more detailed explanation regarding the function of "--rdns-internal" + Enable IPv6 Payload in OpenVPN p2mp tun server mode. 20100104-1 release. + remove NOTES file from commit - private scribbling + NetBSD fixes - on 4.0 and up, use multi-af mode. + new feature: "ifconfig-ipv6-push" (from ccd/ config) + add some TODOs to TODO.IPv6 + undo accidential duplication of existing "--iroute" line in the help text + basic documentation of IPv6 related options and their syntax + Enable IPv6 Payload in OpenVPN p2mp tun server mode. + remove NOTES file from commit - private scribbling + env_block(): if PATH is not set, add standard PATH setting to env + add IPv6 route add / route delete code for windows (using "netsh") + - Win32 IPv6 ifconfig support, using "netsh" calls + drop "book ipv6" from open_tun() and tuncfg() prototypes + document recent changes and open TODOs, adapt --version info, tag release + Win32: set next-hop for IPv6 routes according to TUN/TAP mode + when deleting a route on win32, also add gateway address + WIN32: if IPv6 requested in TUN mode, check if TUN/TAP driver < 9.7 + revert unconditionally-enabling of setenv_es() logging + implement IPv6 ifconfig + route setup/deletion on OpenBSD + full "VPN client connect" test framework for OpenVPN t_client.rc-sample + renamed t_client.sh to t_client.sh.in + 2.2-beta3 has a signed TAP driver with the IPv6 code - test for 9.8 + correct URL for "more information about IPv6 patch is *here*" + bugfix for linux/iproute2: IPv6 ifconfig code block was not called for "dev tun"+"topology subnet" + bump IPv6 version number (openvpn --version) to 20100922-1 + Implement "ipv6 ifconfig" for TAP interfaces on Solaris interfaces + rebased to 2.2RC2 (beta 2.2 branch) + Windows IPv6 cleanup - properly remove IPv6 routes and interface config + For all accesses to "struct route_list * rl", check first that rl is non-NULL + Replace 32-bit-based add_in6_addr() implementation by an 8-bit based one + Platform cleanup for NetBSD + Move block for "stale-routes-check" config inside #ifdef P2MP_SERVER block + add missing break between "case IPv4" and "case IPv6" + bump tap driver version from 9.8 to 9.9 + log error message and exit for "win32, tun mode, tap driver version 9.8" + work around inet_ntop/inet_pton problems for MSVC builds on WinXP + Fix build-up of duplicate IPv6 routes on reconnect. + Fix list-overrun checks in copy_route_[ipv6_]option_list() + add "print test titles" and "use sudo" functionality to t_client.rc + Platform cleanup for FreeBSD + Implement IPv6 interface config with non-/64 prefix lengths. + Fix RUN_SUDO functionality for t_client.sh + Document IPv6-related environment variables. + Platform cleanup for OpenBSD + +Gisle Vanem (1): + Avoid re-defining uint32_t when using mingw compiler + +Gustavo Zacarias (1): + Fix compile issues when using --enable-small and --disable-ssl/--disable-crypto + +Heiko Hund (16): + add .gitignore to official repository + remove function is_proto_tcp() + remove legacy code to query IE proxy information + lowercase include header name in syshead.h + define IN6_ARE_ADDR_EQUAL macro for WIN32 + add --mark option to set SO_MARK sockopt + Windows UTF-8 input/output + UTF-8 X.509 distinguished names + set Windows environment variables as UCS-2 + handle Windows unicode paths + replace check for TARGET_WIN32 with WIN32 + do not use mode_t on Windows + use the underscore version of stat on Windows + make MSVC link against shell32 as well + move variable declaration to top of function + define access mode flag X_OK as 0 on Windows + +Igor Novgorodov (1): + The code blocks enabled by ENABLE_CLIENT_CR depends on management + +James Yonan (57): + Added "management-external-key" option. + Minor addition of logging info before and after execution of Windows net commands. + Misc fixes to r6708. + Added --x509-track option. + * added --management-up-down option to allow management interface to be notified of tunnel up/down events. + Fixed minor compile issue triggered on builds where MANAGEMENT_DEF_AUTH is not enabled. + Implemented get_default_gateway_mac_addr for Mac OS X + Fixes to r6925. + Properly handle certificate serial numbers > 32 bits. + Added "client-nat" option for stateless, one-to-one NAT on the client side. + Renamed branch to reflect that it is no longer beta. + env_filter_match now includes the serial number of all certs + Fixed issue where a client might receive multiple push replies from a server + Fixed bug introduced in r7031 that might cause this error message: + Extended "client-kill" management interface command (server-side) + Client will now try to reconnect if no push reply received within handshake-window seconds. + Version 2.1.3n + Fixed compiling issues when using --disable-crypto + Added "management-external-key" option. + Misc fixes to r6708. + win/sign.py now accepts an optional tap-dir argument. + Added "auth-token" client directive + Added ./configure --enable-osxipconfig option for Mac OS X + Added more packet ID debug info at debug level 3 for debugging false positive packet replays. + Fixed bug that incorrectly placed stricter TCP packet replay rules on UDP sessions + Fixed bug in port-share that could cause port share process to crash + For Mac OSX, when DARWIN_USE_IPCONFIG is defined, retry ipconfig command on failure + Version 2.1.3t + Revert r7092 and r7151, i.e. remove --enable-osxipconfig configure option. + Added 'dir' flag to "crl-verify" (see man page for info). + Added new "extra-certs" and "verify-hash" options + Fixed compile issues on Windows. + Added --enable-lzo-stub configure option to build an OpenVPN client without LZO + Added optional journal directory argument to "port-share" directive + Reduce log verbosity at level 3, with a focus on removing excessive log verbosity generated by port-share activity. + env_filter_match now includes the serial number of all certs in chain + Added support for static challenge/response protocol. + r7316 fixes. + Added redirect-gateway block-local flag, with support for Linux, Mac OS X + Extended x509-track to allow SHA1 certificate hash to be extracted + Added "management-query-remote" directive (client) to allow the management interface to override the "remote" directive. + Version 2.1.5. + Fixed MSVC compile error related to r7408. + Redact "echo" directive strings from log, since these strings (going forward) could conceivably contain security-sensitive data. + Modified sanitize_control_message to remove redacted data from control string rather than blotting it out with "_" chars. + Changed CC_PRINT character class to allow UTF-8 chars. + Increased the --verb threshold for "PID_ERR replay" messages to 4 from 3. + Fixed issue where redirect-gateway block-local code was not correctly calculating... + CC_PRINT character class now allows any 8-bit character value >= 32. + "status" management interface command (version >= 2) will now include the username for each connected user. + Minor fix to CC_PRINT char class + Fixed management interface bug where >FATAL notifications were not being output properly + Raised D_PID_DEBUG_LOW from level 3 to 4 to reduce replay error verbosity at level 3. + Added "memstats" option to maintain real-time operating stats in a memory-mapped file. + Fixed client issues with DHCP Router option extraction/deletion when using layer 2 with DHCP proxy: + Allow "tap-win32 dynamic <offset>" to be used in topology subnet mode. + Added support for "on-link" routes on Linux client + +Jan Just Keijser (1): + Made some options connection-entry specific + +Joe Patterson (1): + common_name passing in auth_pam plugin + +JuanJo Ciarlante (40): + * rebased openvpn-2.1_rc1b.jjo.20061206.d.patch + * created getaddr6(), use it from resolve_remote() + * migrated all getaddrinfo() to getaddr6 + * socket.c: use USE_PF_INET6 in switch constructs to actually toss them out, + * support --disable-ipv6 build properly: + * important fix for tcp6 reconnection was incorrectly creating a PF_INET socket + * added README.ipv6.txt + * fixed win32 non-ipv6 build + * ipv6 on win32 "milestone": 1st snapshot that passes all unittests + * document ipv6 milestone status + * doc update w/unittests results + * make possible to x-compile openvpn/win32 in Linux + * correctly setup hints.ai_socktype for getaddrinfo(), althought sorta hacky, see TODO.ipv6. + * renamed README.ipv6{.txt,} + * updated {README,TODO}.ipv6 from feedback at openvpn-devel mlist + * init.c: document the ENABLE_MANAGEMENT place to work on + * init.c: small in-doc tweaks + * fix multi-tcp crash (corrected assertion) + * TODO.ipv6 update + * socket.c: better buf logic in print_sockaddr_ex + * fixed segfault for undef address family in print_sockaddr_ex (thanks Marcel!) + * doc updates + * openbsd: no IFF_MULTICAST, #ifdef around it + * no new funcionality, just small cleanups + * (prototype) fix for supporting "redirect-gateway" for tunneled ipv4 over ipv6 endpoints + * polished redirect-gateway (ipv4 on ipv6 endpoints) support + * updated doc + * fix --disable-ipv6 build + * doc updates + * rebased to v2.1.1 release + * undo mroute.c changes related to ipv6 payload + * fix --multihome for ipv4 + * fix --multihome for ipv6 + * ipv6-0.4.14: fix xinetd usage + * ipv6-0.4.15: add --multihome support to xBSD + * ipv6-0.4.15b: rebase over openvpn-testing-master + * ipv6-0.4.16: fix mingw32 build + * make ipv6_payload compile under windowze + USE_PF_INET6 by default for v2.3 + fix ipv6 compilation under macosx >= 1070 - v3 + +Markus Koetter (1): + Add extv3 X509 field support to --x509-username-field + +Matthew L. Creech (1): + Fix 2.2.0 build failure when management interface disabled + +Matthias Andree (1): + Skip rather than fail test in addressless FreeBSD jails. + +Robert Fischer (8): + Update man page with info about --capath + Update man page with info about --connect-timeout + Added info about --show-proxy-settings + Documented --x509-username-field option + Documented --errors-to-stderr option + Documented --push-peer-info option + Update man page with info about --remote-random-hostname + Added man page entry for --management-client + +Samuli Seppänen (19): + Add man page entry for --redirect-private + Change all CRLF linefeeds to LF linefeeds + Fix a bug in devcon source code handling + Removed Win2k from supported platforms list in INSTALL and win/openvpn.nsi + Fixed copying of tapinstall.exe to dist/bin when using prebuilt TAP-drivers + Fixed a bug with GUI icon deletion on upgrade from 2.2-RC or earlier + Fix a build-ca issue on Windows + Add new openssl.cnf to easy-rsa/Windows + Updated "easy-rsa" for OpenSSL 1.0.0 + Made domake-win builds to use easy-rsa/2.0/openssl-1.0.0.cnf + Fixes to easy-rsa/2.0 + Merged TODO.IPv6 with TODO.ipv6 and README.IPv6 with README.ipv6 + Fixed a number of fatal build errors on Visual Studio 2008 + Fix a Visual Studio 2008 build issue in socket.c + Additional Visual Studio 2008 build fixes to tun.c + Fixed a typo in win32.h that prevented building with Visual Studio + Fixed a regression causing VS2008/Python build failure + Fix a Visual Studio 2008 build error in tun.c + Fix a Visual Studio 2008 build error in options.c + +Simon Matter (1): + Fix issues with some older GCC compilers + +Stefan Hellermann (2): + plugin.h: update prototype of plugin_call dummy in !ENABLE_PLUGIN case + Fixed typo in plugin.h + +chantra (1): + Clarify --tmp-dir option + +smos (1): + Change the netsh.exe command from "add" to "set". + +2011.12.25 -- Version 2.x-master +James Yonan (1): + Added support for "on-link" routes on Linux client -- these are + routes where the gateway is specified as an interface rather than + an address. This allows redirect-gateway to work on Linux clients + whose connection to the internet is via a point-to-point link + such as PPP. + + Note that at the moment, this capability is incompatible with + the "redirect-gateway block-local" directive -- this is because + the block-local directive blocks all traffic from the local LAN + except for the local and gateway addresses. Since a PPP link + is essentially a subnet of two addresses, local and remote (i.e. + gateway), the set of addresses that would be blocked by block-local + is empty. Therefore, the "redirect-gateway block-local" directive + will be ignored on PPP links. + + To view the OpenVPN client's current determination of the default + gateway, use this command: + + ./openvpn --show-gateway + +2011.03.24 -- Version 2.2-RC2 +Alon Bar-Lev (1): + Windows cross-compile cleanup + +David Sommerseth (2): + Open log files as text files on Windows + Clarify default value for the --inactive option. + +Gert Doering (1): + Implement IPv6 in TUN mode for Windows TAP driver. + +Samuli Seppänen (6): + Added support for prebuilt TAP-drivers. Automated embedding manifests. + Fixes to win/openvpn.nsi + Replaced config-win32.h with win/config.h.in + Updated INSTALL-win32.txt + Fixes to Makefile.am + Clarified --client-config-dir section on the man-page. + +Ville Skyttä (1): + Fix line continuation in chkconfig init script description. + +2011.02.28 -- Version 2.2-RC +David Sommerseth (3): + Make the --x509-username-field feature an opt-in feature + Fix compiler warning when compiling against OpenSSL 1.0.0 + Fix packaging of config-win32.h and service-win32/msvc.mak + +James Yonan (1): + Minor addition of logging info before and after execution of Windows net commands. + +Matthias Andree (1): + Change variadic macros to C99 style. + +Samuli Seppänen (15): + Added ENABLE_PASSWORD_SAVE to config-win32.h + Added a nmake makefile for openvpnserv.exe building + Moved TAP-driver version info to version.m4. Cleaned up win/settings.in. + Added helper functionality to win/wb.py + Added support for viewing config-win32.h paramters to win/show.py + Added comments and made small modifications to win/msvc.mak.in + Added command-line switch to win/build_all.py to skip TAP driver building + Added configure.h and version.m4 variable parsing to win/config.py + Added openvpnserv.exe building to win/build.py + Added comments to win/build_ddk.py + Several modifications to win/make_dist.py to allow building the NSI installer + Copied install-win32/setpath.nsi to win/setpath.nsi + Added first version of NSI installer script to win/openvpn.nsi + Changes to buildsystem patchset + Temporary snprintf-related fix to service-win32/openvpnserv.c + +2010.11.25 -- Version 2.2-beta5 + +Samuli Seppänen (1): + Fixed an issue causing a build failure with MS Visual Studio 2008. + +2010.11.18 -- Version 2.2-beta4 + +David Sommerseth (10): + Clarified --explicit-exit-notify man page entry + Clean-up: Remove pthread and mutex locking code + Clean-up: Remove more dead and inactive code paths + Clean-up: Removing useless code - hash related functions + Use stricter snprintf() formatting in socks_username_password_auth() (v3) + Fix compiler warnings about not used dummy() functions + Fixed potential misinterpretation of boolean logic + Only add some functions when really needed + Removed functions not being used anywhere + Merged add_bypass_address() and add_host_route_if_nonlocal() + +Gert Doering (3): + Integrate support for TAP mode on Solaris, written by Kazuyoshi Aizawa <admin2@whiteboard.ne.jp>. + Make "topology subnet" work on Solaris + Improved man page entry for script_type + +James Yonan (5): + Fixed initialization bug in route_list_add_default_gateway (Gert Doering). + Implement challenge/response authentication support in client mode + Make base64.h have the same conditional compilation expression as base64.c. + Fixed compiling issues when using --disable-crypto + In verify_callback, the subject var should be freed by OPENSSL_free, not free + +Jesse Young (1): + Remove hardcoded path to resolvconf + +Lars Hupel (1): + Add HTTP/1.1 Host header + +Pierre Bourdon (1): + Adding support for SOCKS plain text authentication + +Samuli Seppänen (2): + Added check for variable CONFIGURE_DEFINES into options.c + Added command-line option parser and an unsigned build option to build_all.py + +2010.08.21 -- Version 2.2-beta3 + +* Attempt to fix issue where domake-win build system was not properly + signing drivers and .exe files. + + Added win/tap_span.py for building multiple versions of the TAP driver + and tapinstall binaries using different DDK versions to span from Win2K + to Win7 and beyond. + +* Community patches + David Sommerseth (2): + Test framework improvment - Do not FAIL if t_client.rc is missing + More t_client.sh updates - exit with SKIP when we want to skip + + Gert Doering (4): + Fix compile problems on NetBSD and OpenBSD + Fix <net/if.h> compile time problems on OpenBSD for good + full "VPN client connect" test framework for OpenVPN + Build t_client.sh by configure at run-time. + + chantra (1): + Fixes openssl-1.0.0 compilation warning + +2010.08.16 -- Version 2.2-beta2 + +* Windows security issue: + Fixed potential local privilege escalation vulnerability in + Windows service. The Windows service did not properly quote the + executable filename passed to CreateService. A local attacker + with write access to the root directory C:\ could create an + executable that would be run with the same privilege level as + the OpenVPN Windows service. However, since non-Administrative + users normally lack write permission on C:\, this vulnerability + is generally not exploitable except on older versions of Windows + (such as Win2K) where the default permissions on C:\ would allow + any user to create files there. + Credit: Scott Laurie, MWR InfoSecurity + +* Added Python-based based alternative build system for Windows using + Visual Studio 2008 (in win directory). + +* When aborting in a non-graceful way, try to execute do_close_tun in + init.c prior to daemon exit to ensure that the tun/tap interface is + closed and any added routes are deleted. + +* Fixed an issue where AUTH_FAILED was not being properly delivered + to the client when a bad password is given for mid-session reauth, + causing the connection to fail without an error indication. + +* Don't advance to the next connection profile on AUTH_FAILED errors. + +* Fixed an issue in the Management Interface that could cause + a process hang with 100% CPU utilization in --management-client + mode if the management interface client disconnected at the + point where credentials are queried. + +* Fixed an issue where if reneg-sec was set to 0 on the client, + so that the server-side value would take precedence, + the auth_deferred_expire_window function would incorrectly + return a window period of 0 seconds. In this case, the + correct window period should be the handshake window + period. + +* Modified ">PASSWORD:Verification Failed" management interface + notification to include a client reason string: + + >PASSWORD:Verification Failed: 'AUTH_TYPE' ['REASON_STRING'] + +* Enable exponential backoff in reliability layer + retransmits. + +* Set socket buffers (SO_SNDBUF and SO_RCVBUF) immediately after + socket is created rather than waiting until after connect/listen. + +* Management interface performance optimizations: + + 1. Added env-filter MI command to perform filtering on env vars + passed through as a part of --management-client-auth + + 2. man_write will now try to aggregate output into larger blocks + (up to 1024 bytes) for more efficient i/o + +* Fixed minor issue in Windows TAP driver DEBUG builds + where non-null-terminated unicode strings were being + printed incorrectly. + +* Fixed issue on Windows with MSVC compiler, where TCP_NODELAY support + was not being compiled in. + +* Proxy improvements: + + Improved the ability of http-auth "auto" flag to dynamically detect + the auth method required by the proxy. + + Added http-auth "auto-nct" flag to reject weak proxy auth methods. + + Added HTTP proxy digest authentication method. + + Removed extraneous openvpn_sleep calls from proxy.c. + +* Implemented http-proxy-override and http-proxy-fallback directives to make it + easier for OpenVPN client UIs to start a pre-existing client config file with + proxy options, or to adaptively fall back to a proxy connection if a direct + connection fails. + +* Implemented a key/value auth channel from client to server. + +* Fixed issue where bad creds provided by the management interface + for HTTP Proxy Basic Authentication would go into an infinite + retry-fail loop instead of requerying the management interface for + new creds. + +* Added support for MSVC debugging of openvpn.exe in settings.in: + + # Build debugging version of openvpn.exe + !define PRODUCT_OPENVPN_DEBUG + +* Implemented multi-address DNS expansion on the network field of route + commands. + + When only a single IP address is desired from a multi-address DNS + expansion, use the first address rather than a random selection. + +* Added --register-dns option for Windows. + + Fixed some issues on Windows with --log, subprocess creation + for command execution, and stdout/stderr redirection. + +* Fixed an issue where application payload transmissions on the + TLS control channel (such as AUTH_FAILED) that occur during + or immediately after a TLS renegotiation might be dropped. + +* Added warning about tls-remote option in man page. + +2009.12.11 -- Version 2.1.1 + +* Fixed some breakage in openvpn.spec (which is required to build an + RPM distribution) where it was referencing a non-existent + subdirectory in the tarball, causing it to fail (patch from + David Sommerseth). + +2009.12.11 -- Version 2.1.0 + +* Fixed a couple issues in sample plugins auth-pam.c and down-root.c. + (1) Fail gracefully rather than segfault if calloc returns NULL. + (2) The openvpn_plugin_abort_v1 function can potentially be called + with handle == NULL. Add code to detect this case, and if so, avoid + dereferencing pointers derived from handle (Thanks to David + Sommerseth for finding this bug). + +* Documented "multihome" option in the man page. + +2009.11.20 -- Version 2.1_rc22 + +* Fixed a client-side bug on Windows that occurred when the + "dhcp-pre-release" or "dhcp-renew" options were combined with + "route-gateway dhcp". The release/renew would not occur + because the Windows DHCP renew function is blocking and + therefore must be called from another process or thread + so as not to stall the tunnel. + +* Added a hard failure when peer provides a certificate chain + with depth > 16. Previously, a warning was issued. + +2009.11.12 -- Version 2.1_rc21 + +* Rebuilt OpenVPN Windows installer with OpenSSL 0.9.8l to address + CVE-2009-3555. Note that OpenVPN has never relied on the session + renegotiation capabilities that are built into the SSL/TLS protocol, + therefore the fix in OpenSSL 0.9.8l (disable SSL/TLS renegotiation + completely) will not adversely affect OpenVPN mid-session SSL/TLS + renegotation or any other OpenVPN capabilities. + +* Added additional session renegotiation hardening. OpenVPN has always + required that mid-session renegotiations build up a new SSL/TLS + session from scratch. While the client certificate common name is + already locked against changes in mid-session TLS renegotiations, we + now extend this locking to the auth-user-pass username as well as all + certificate content in the full client certificate chain. + +2009.10.01 -- Version 2.1_rc20 + +* Fixed a bug introduced in 2.1_rc17 (svn r4436) where using the + redirect-gateway option by itself, without any extra parameters, + would cause the option to be ignored. + +* Fixed build problem when ./configure --disable-server is used. + +* Fixed ifconfig command for "topology subnet" on FreeBSD (Stefan Bethke). + +* Added --remote-random-hostname option. + +* Added "load-stats" management interface command to get global server + load statistics. + +* Added new ./configure flags: + + --disable-def-auth Disable deferred authentication + --disable-pf Disable internal packet filter + +* Added "setcon" directive for interoperability with SELinux (Sebastien + Raveau). + +* Optimized PUSH_REQUEST handshake sequence to shave several seconds + off of a typical client connection initiation. + +* The maximum number of "route" directives (specified in the config + file or pulled from a server) can now be configured via the new + "max-routes" directive. + +* Eliminated the limitation on the number of options that can be pushed + to clients, including routes. Previously, all pushed options needed + to fit within a 1024 byte options string. + +* Added --server-poll-timeout option : when polling possible remote + servers to connect to in a round-robin fashion, spend no more than + n seconds waiting for a response before trying the next server. + +* Added the ability for the server to provide a custom reason string + when an AUTH_FAILED message is returned to the client. This + string can be set by the server-side managment interface and read + by the client-side management interface. + +* client-kill management interface command, when issued on server, will + now send a RESTART message to client. + This feature is intended to make UDP clients respond the same as TCP + clients in the case where the server issues a RESTART message in + order to force the client to reconnect and pull a new options/route + list. + +2009.07.16 -- Version 2.1_rc19 + +* In Windows TAP driver, refactor DHCP/ARP packet injection code to + use a DPC (deferred procedure call) to defer packet injection until + IRQL < DISPATCH_LEVEL, rather than calling NdisMEthIndicateReceive + in the context of AdapterTransmit. This is an attempt to reduce kernel + stack usage, and prevent EXCEPTION_DOUBLE_FAULT BSODs that have been + observed on Vista. Updated TAP driver version number to 9.6. + +* In configure.ac, use datadir instead of datarootdir for compatibility + with <autoconf-2.60. + +2009.06.07 -- Version 2.1_rc18 + +* Fixed compile error on ./configure --enable-small + +* Fixed issue introduced in r4475 (2.1-rc17) where cryptoapi.c change + does not build on Windows on non-MINGW32. + +2009.05.30 -- Version 2.1_rc17 + +* Reduce the debug level (--verb) at which received management interface + commands are echoed from 7 to 3. Passwords will be filtered. + +* Fixed race condition in management interface recv code on + Windows, where sending a set of several commands to the + management interface in quick succession might cause the + latter commands in the set to be ignored. + +* Increased management interface input command buffer size + from 256 to 1024 bytes. + +* Minor tweaks to Windows build system. + +* Added "redirect-private" option which allows private subnets + to be pushed to the client in such a way that they don't accidently + obscure critical local addresses such as the DHCP server address and + DNS server addresses. + +* Added new 'autolocal' redirect-gateway flag. When enabled, the OpenVPN + client will examine the routing table and determine whether (a) the + OpenVPN server is reachable via a locally connected interface, or (b) + traffic to the server must be forwarded through the default router. + Only add a special bypass route for the OpenVPN server if (b) is true. + If (a) is true, behave as if the 'local' flag is specified, and do not + add a bypass route. + + The new 'autolocal' flag depends on the non-portable test_local_addr() + function in route.c, which is currently only implemented for Windows. + The 'autolocal' flag will act as a no-op on platforms that have not + yet defined a test_local_addr() function. + +* Increased TLS_CHANNEL_BUF_SIZE to 2048 from 1024 (this will allow for + more option content to be pushed from server to client). + +* Raised D_MULTI_DROPPED debug level to 4 from 3 to filter out (at debug + levels <=3) a common and usually innocuous warning. + +* Fixed issue of symbol conflicts interfering with Windows CryptoAPI + functionality (Alon Bar-Lev). + +* Fixed bug where the remote_X environmental variables were not being + set correctly when the 'local' option is specifed. + +2009.05.17 -- Version 2.1_rc16 + +* Windows installer changes: + + 1. ifdefed out the check Windows version code which is causing + problems on Windows 7 + + 2. don't define SF_SELECTED if it is already defined + + 3. Use LZMA instead of BZIP2 compression for better compression + + 4. Upgraded OpenSSL to 0.9.8k + +* Added the ability to read the configuration file + from stdin, when "stdin" is given as the config + file name. + +* Allow "management-client" directive to be used + with unix domain sockets. + +* Added errors-to-stderr option. When enabled, fatal errors + that result in the termination of the daemon will be written + to stderr. + +* Added optional "nogw" (no gateway) flag to --server-bridge + to inhibit the pushing of the route-gateway parameter to + clients. + +* Added new management interface command "pid" to show the + process ID of the current OpenVPN process (Angelo Laub). + +* Fixed issue where SIGUSR1 restarts would fail if private + key was specified as an inline file. + +* Added daemon_start_time and daemon_pid environmental variables. + +* In management interface, added new ">CLIENT:ESTABLISHED" notification. + +* Build fixes: + + 1. Fixed some issues with C++ style comments that leaked into the code. + + 2. Updated configure.ac to work on MinGW64. + + 3. Updated common.h types for _WIN64. + + 4. Fixed issue involving an #ifdef in a macro reference that breaks early gcc + compilers. + + 5. In cryptoapi.c, renamed CryptAcquireCertificatePrivateKey to + OpenVPNCryptAcquireCertificatePrivateKey to work around + a symbol conflict in MinGW-5.1.4. + +2008.11.19 -- Version 2.1_rc15 + +* Fixed issue introduced in 2.1_rc14 that may cause a + segfault when a --plugin module is used. + +* Added server-side --opt-verify option: clients that connect + with options that are incompatible with those of the server + will be disconnected (without this option, incompatible + clients would trigger a warning message in the server log + but would not be disconnected). + +* Added --tcp-nodelay option: Macro that sets TCP_NODELAY socket + flag on the server as well as pushes it to connecting clients. + +* Minor options check fix: --no-name-remapping is a + server-only option and should therefore generate an + error when used on the client. + +* Added --prng option to control PRNG (pseudo-random + number generator) parameters. In previous OpenVPN + versions, the PRNG was hardcoded to use the SHA1 + hash. Now any OpenSSL hash may be used. This is + part of an effort to remove hardcoded references to + a specific cipher or cryptographic hash algorithm. + +* Cleaned up man page synopsis. + +2008.11.16 -- Version 2.1_rc14 + +* Added AC_GNU_SOURCE to configure.ac to enable struct ucred, + with the goal of fixing a build issue on Fedora 9 that was + introduced in 2.1_rc13. + +* Added additional method parameter to --script-security to preserve + backward compatibility with system() call semantics used in OpenVPN + 2.1_rc8 and earlier. To preserve backward compatibility use: + + script-security 3 system + +* Added additional warning messages about --script-security 2 + or higher being required to execute user-defined scripts or + executables. + +* Windows build system changes: + + Modified Windows domake-win build system to write all openvpn.nsi + input files to gen, so that gen can be disconnected from + the rest of the source tree and makensis openvpn.nsi will + still function correctly. + + Added additional SAMPCONF_(CA|CRT|KEY) macros to settings.in + (commented out by default). + + Added optional files SAMPCONF_CONF2 (second sample configuration + file) and SAMPCONF_DH (Diffie-Helman parameters) to Windows + build system, and may be defined in settings.in. + +* Extended Management Interface "bytecount" command + to work when OpenVPN is running as a server. + Documented Management Interface "bytecount" command in + management/management-notes.txt. + +* Fixed informational message in ssl.c to properly indicate + deferred authentication. + +* Added server-side --auth-user-pass-optional directive, to allow + connections by clients that do not specify a username/password, when a + user-defined authentication script/module is in place (via + --auth-user-pass-verify, --management-client-auth, or a plugin module). + +* Changes to easy-rsa/2.0/pkitool and related openssl.cnf: + + Calling scripts can set the KEY_NAME environmental variable to set + the "name" X509 subject field in generated certificates. + + Modified pkitool to allow flexibility in separating the Common Name + convention from the cert/key filename convention. + + For example: + + KEY_CN="James's Laptop" KEY_NAME="james" ./pkitool james + + will create a client certificate/key pair of james.crt/james.key + having a Common Name of "James's Laptop" and a Name of "james". + +* Added --no-name-remapping option to allow Common Name, X509 Subject, + and username strings to include any printable character including + space, but excluding control characters such as tab, newline, and + carriage-return (this is important for compatibility with external + authentication systems). + + As a related change, added --status-version 3 format (and "status 3" + in the management interface) which uses the version 2 format except + that tabs are used as delimiters instead of commas so that there + is no ambiguity when parsing a Common Name that contains a comma. + + Also, save X509 Subject fields to environment, using the naming + convention: + + X509_{cert_depth}_{name}={value} + + This is to avoid ambiguities when parsing out the X509 subject string + since "/" characters could potentially be used in the common name. + +* Fixed some ifconfig-pool issues that precluded it from being combined + with --server directive. + + Now, for example, we can configure thusly: + + server 10.8.0.0 255.255.255.0 nopool + ifconfig-pool 10.8.0.2 10.8.0.99 255.255.255.0 + + to have ifconfig-pool manage only a subset + of the VPN subnet. + +* Added config file option "setenv FORWARD_COMPATIBLE 1" to relax + config file syntax checking to allow directives for future OpenVPN + versions to be ignored. + +2008.10.07 -- Version 2.1_rc13 + +* Bundled OpenSSL 0.9.8i with Windows installer. + +* Management interface can now listen on a unix + domain socket, for example: + + management /tmp/openvpn unix + + Also added management-client-user and management-client-group + directives to control which processes are allowed to connect + to the socket. + +* Copyright change to OpenVPN Technologies, Inc. + +2008.09.23 -- Version 2.1_rc12 + +* Patched Makefile.am so that the new t_cltsrv-down.sh script becomes + part of the tarball (Matthias Andree). + +* Fixed --lladdr bug introduced in 2.1-rc9 where input validation code + was incorrectly expecting the lladdr parameter to be an IP address + when it is actually a MAC address (HoverHell). + +2008.09.14 -- Version 2.1_rc11 + +* Fixed a bug that can cause SSL/TLS negotiations in UDP mode + to fail if UDP packets are dropped. + +2008.09.10 -- Version 2.1_rc10 + +* Added "--server-bridge" (without parameters) to enable + DHCP proxy mode: Configure server mode for ethernet + bridging using a DHCP-proxy, where clients talk to the + OpenVPN server-side DHCP server to receive their IP address + allocation and DNS server addresses. + +* Added "--route-gateway dhcp", to enable the extraction + of the gateway address from a DHCP negotiation with the + OpenVPN server-side LAN. + +* Fixed minor issue with --redirect-gateway bypass-dhcp or bypass-dns + on Windows. If the bypass IP address is 0.0.0.0 or 255.255.255.255, + ignore it. + +* Warn when ethernet bridging that the IP address of the bridge adapter + is probably not the same address that the LAN adapter was set to + previously. + +* When running as a server, warn if the LAN network address is + the all-popular 192.168.[0|1].x, since this condition commonly + leads to subnet conflicts down the road. + +* Primarily on the client, check for subnet conflicts between + the local LAN and the VPN subnet. + +* Added a 'netmask' parameter to get_default_gateway, to return + the netmask of the adapter containing the default gateway. + Only implemented on Windows so far. Other platforms will + return 255.255.255.0. Currently the netmask information is + only used to warn about subnet conflicts. + +* Minor fix to cryptoapi.c to not compile itself unless USE_CRYPTO + and USE_SSL flags are enabled (Alon Bar-Lev). + +* Updated openvpn/t_cltsrv.sh (used by "make check") to conform to new + --script-security rules. Also adds retrying if the addresses are in + use (Matthias Andree). + +* Fixed build issue with ./configure --disable-socks --disable-http. + +* Fixed separate compile errors in options.c and ntlm.c that occur + on strict C compilers (such as old versions of gcc) that require + that C variable declarations occur at the start of a {} block, + not in the middle. + +* Workaround bug in OpenSSL 0.9.6b ASN1_STRING_to_UTF8, which + the new implementation of extract_x509_field_ssl depends on. + +* LZO compression buffer overflow errors will now invalidate + the packet rather than trigger a fatal assertion. + +* Fixed minor compile issue in ntlm.c (mid-block declaration). + +* Added --allow-pull-fqdn option which allows client to pull DNS names + from server (rather than only IP address) for --ifconfig, --route, and + --route-gateway. OpenVPN versions 2.1_rc7 and earlier allowed DNS names + for these options to be pulled and translated to IP addresses by default. + Now --allow-pull-fqdn will be explicitly required on the client to enable + DNS-name-to-IP-address translation of pulled options. + +* 2.1_rc8 and earlier did implicit shell expansion on script + arguments since all scripts were called by system(). + The security hardening changes made to 2.1_rc9 no longer + use system(), but rather use the safer execve or CreateProcess + system calls. The security hardening also introduced a + backward incompatibility with 2.1_rc8 and earlier in that + script parameters were no longer shell-expanded, so + for example: + + client-connect "docc CLIENT-CONNECT" + + would fail to work because execve would try to execute + a script called "docc CLIENT-CONNECT" instead of "docc" + with "CLIENT-CONNECT" as the first argument. + + This patch fixes the issue, bringing the script argument + semantics back to pre 2.1_rc9 behavior in order to preserve + backward compatibility while still using execve or CreateProcess + to execute the script/executable. + +* Modified ip_or_dns_addr_safe, which validates pulled DNS names, + to more closely conform to RFC 3696: + + (1) DNS name length must not exceed 255 characters + + (2) DNS name characters must be limited to alphanumeric, + dash ('-'), and dot ('.') + +* Fixed bug in intra-session TLS key rollover that was introduced with + deferred authentication features in 2.1_rc8. + +2008.07.31 -- Version 2.1_rc9 + +* Security Fix -- affects non-Windows OpenVPN clients running + OpenVPN 2.1-beta14 through 2.1-rc8 (OpenVPN 2.0.x clients are NOT + vulnerable nor are any versions of the OpenVPN server vulnerable). + An OpenVPN client connecting to a malicious or compromised + server could potentially receive an "lladdr" or "iproute" configuration + directive from the server which could cause arbitrary code execution on + the client. A successful attack requires that (a) the client has agreed + to allow the server to push configuration directives to it by including + "pull" or the macro "client" in its configuration file, (b) the client + successfully authenticates the server, (c) the server is malicious or has + been compromised and is under the control of the attacker, and (d) the + client is running a non-Windows OS. Credit: David Wagner. + CVE-2008-3459 + +* Miscellaneous defensive programming changes to multiple + areas of the code. In particular, use of the system() call + for calling executables such as ifconfig, route, and + user-defined scripts has been completely revamped in favor + of execve() on unix and CreateProcess() on Windows. + +* In Windows build, package a statically linked openssl.exe to work around + observed instabilities in the dynamic build since the migration to + OpenSSL 0.9.8h. + +2008.06.11 -- Version 2.1_rc8 + +* Added client authentication and packet filtering capability + to management interface. In addition, allow OpenVPN plugins + to take advantage of deferred authentication and packet + filtering capability. + +* Added support for client-side connection profiles. + +* Fixed unbounded memory growth bug in environmental variable + code that could have caused long-running OpenVPN sessions + with many TLS renegotiations to incrementally + increase memory usage over time. + +* Windows release now packages openssl-0.9.8h. + +* Build system changes -- allow building on Windows using + autoconf/automake scripts (Alon Bar-Lev). + +* Changes to Windows build system to make it easier to do + partial builds, with a reduced set of prerequisites, + where only a subset of OpenVPN installer + components are built. See ./domake-win comments. + +* Cleanup IP address for persistence interfaces for tap and also + using ifconfig, gentoo#209055 (Alon Bar-Lev). + +* Fall back to old version of extract_x509_field for OpenSSL 0.9.6. + +* Clarified tcp-queue-limit man page entry (Matti Linnanvuori). + +* Added new OpenVPN icon and installer graphic. + +* Minor pkitool changes. + +* Added --pkcs11-id-management option, which will cause OpenVPN to + query the management interface via the new NEED-STR asynchronous + notification query to get additional PKCS#11 options (Alon Bar-Lev). + +* Added NEED-STR management interface asynchronous query and + "needstr" management interface command to respond to the query + (Alon Bar-Lev). + +* Added Dragonfly BSD support (Francis-Gudin). + +* Quote device names before passing to up/down script (Josh Cepek). + +* Bracketed struct openvpn_pktinfo with #pragma pack(1) to + prevent structure padding from causing an incorrect length + to be returned by sizeof (struct openvpn_pktinfo) on 64-bit + platforms. + +* On systems that support res_init, always call it + before calling gethostbyname to ensure that + resolver configuration state is current. + +* Added NTLMv2 proxy support (Miroslav Zajic). + +* Fixed an issue in extract_x509_field_ssl where the extraction + would fail on the first field of the subject name, such as + the common name in: /CN=foo/emailAddress=foo@bar.com + +* Made "Linux ip addr del failed" error nonfatal. + +* Amplified --client-cert-not-required warning. + +* Added #pragma pack to proto.h. + +2008.01.29 -- Version 2.1_rc7 + +* Added a few extra files that exist in the svn repo but were + not being copied into the tarball by make dist. + +* Fixup null interface on close, don't use ip addr flush (Alon Bar-Lev). + +2008.01.24 -- Version 2.1_rc6 + +* Fixed options checking bug introduced in rc5 where legitimate configuration + files might elicit the error: "Options error: Parameter pkcs11_private_mode + can only be specified in TLS-mode, i.e. where --tls-server or --tls-client + is also specified." + +2008.01.23 -- Version 2.1_rc5 + +* Fixed Win2K TAP driver bug that was introduced by Vista fixes, + incremented driver version to 9.4. + +* Windows build system changes: + + Incremented included OpenSSL version to openssl-0.9.7m. + + Updated openssl.patch for openssl-0.9.7m and added some + brief usage comments to the head of the patch. + + Added build-pkcs11-helper.sh for building the pkcs11-helper + library. + + Integrated inclusion of pkcs11-helper into Windows build + system. + + Upgraded TAP build scripts to use WDK 6001.17121 + (Windows 2008 Server pre-RTM). + +* Windows installer changes: + + Clean up the start menu folder. + + Allow for a site-specific sample configuration file and keys + to be included in a custom installer (see SAMPCONF macros + in settings.in). + + New icon (temporary). + +* Added "forget-passwords" command to the management interface + (Alon Bar-Lev). + +* Added --management-signal option to signal SIGUSR1 when the + management interface disconnects (Alon Bar-Lev). + +* Modified command line and config file parser to allow + quoted strings using single quotes ('') (Alon Bar-Lev). + +* Use pkcs11-helper as external library, can be downloaded from + https://www.opensc-project.org/pkcs11-helper (Alon Bar-Lev). + +* Fixed interim memory growth issue in TCP connect loop where + "TCP: connect to %s failed, will try again in %d seconds: %s" + is output. + +* Fixed bug in epoll driver in event.c, where the lack of a + handler for EPOLLHUP could cause 99% CPU usage. + +* Defined ALLOW_NON_CBC_CIPHERS for people who don't + want to use a CBC cipher for OpenVPN's data channel. + +* Added PLUGIN_LIBDIR preprocessor string to prepend a default + plugin directory to the dlopen search list when the user + specifies the basename of the plugin only (Marius Tomaschewski). + +* Rewrote extract_x509_field and modified COMMON_NAME_CHAR_CLASS + to allow forward slash characters ("/") in the X509 common name + (Pavel Shramov). + +* Allow OpenVPN to run completely unprivileged under Linux + by allowing openvpn --mktun to be used with --user and --group + to set the UID/GID of the tun device node. Also added --iproute + option to allow an alternative command to be executed in place + of the default iproute2 command (Alon Bar-Lev). + +* Fixed --disable-iproute2 in ./configure to actually disable + iproute2 usage (Alon Bar-Lev). + +* Added --management-forget-disconnect option -- forget + passwords when management session disconnects (Alon Bar-Lev). + +2007.04.25 -- Version 2.1_rc4 + +* Worked out remaining issues with TAP driver signing + on Vista x64. OpenVPN will now run on Vista x64 + with driver signing enforcement enabled. + +* Fixed 64-bit portability bug in time_string function + (Thomas Habets). + +2007.04.22 -- Version 2.1_rc3 + +* Additional fixes to TAP driver for Windows x64. Driver + now runs successfully on Vista x64 if driver signing + enforcement is disabled. + +* The Windows Installer and TAP driver are now signed by + OpenVPN Solutions LLC (in addition to the usual GnuPG + signatures). + +* Added OpenVPN GUI (Mathias Sundman version) as install + option in Windows installer. + +* Clean up configure on FreeBSD for recent autotool versions + that require that all .h files have to be compiled. + Also, FreeBSD install does not support GNU long options + which the Makefile in easy-rsa/2.0 uses (not checked the + others as we don't install those on Gentoo) (Roy Marples). + +* Added additional scripts to easy-rsa/Windows for working + with password-protected keys; also add -extensions server + option when generating server cert via + build-key-server-pass.bat (Daniel Zauft). + +2007.02.27 -- Version 2.1_rc2 + +* auth-pam change: link with -lpam rather + than dlopen (Roy Marples). + +* Prevent SIGUSR1 or SIGHUP from causing program + exit from initial management hold. + +* SO_REUSEADDR should not be set on Windows TCP sockets + because it will cause bind to succeed on port conflicts. + +* Added time_ascii, time_duration, and time_unix + environmental variables for plugins and callback + scripts. + +* Fixed issue where OpenVPN does not apply the --txqueuelen option + to persistent interfaces made with --mktun (Roy Marples). + +* Attempt at rational signal handling when in the + management hold state. During management hold, ignore + SIGUSR1/SIGHUP signals thrown with the "signal" command. + Also, "signal" command will now apply remapping as + specified with the --remap-usr1 option. + When a signal entered using the "signal" command from a management + hold is ignored, output: >HOLD:Waiting for hold release + +* Fixed issue where struct env_set methods that + change the value of an existing name=value pair + would delay the freeing of the memory held by + the previous name=value pair until the underlying + client instance object is closed. + This could cause a server that handles long-term + client connections, resulting in many periodic calls + to verify_callback, to needlessly grow the env_set + memory allocation until the underlying client instance + object is closed. + +* Renamed TAP-Win32 driver from tap0801.sys to tap0901.sys + to reflect the fact that Vista has blacklisted the tap0801.sys + file name due to previous compatibility issues which have now + been resolved. TAP-Win32 major/minor version number is now 9/1. + +* Windows installer will delete a previously installed + tap0801.sys TAP driver before installing tap0901.sys. + +* Added code to Windows installer to fail gracefully on 64 bit + installs until 64-bit TAP driver issues can be resolved. + +* Added code to Windows installer to fail gracefully on + versions of Windows which are not explicitly supported. + +* The Windows version will now use a default route-delay + of 5 seconds to deal with an apparent routing table race + condition on Vista. + +* Worked around an incompatibility in the Windows Vista + version of CreateIpForwardEntry as described in + http://www.nynaeve.net/?p=59 + This issue would cause route additions using the + IP Helper API to fail on Vista. + +* On Windows, revert to "ip-win32 dynamic" as the default. + +2006.10.31 -- Version 2.1_rc1 + +* Support recovery (return to hold) from signal at + management password prompt. + +* Added workaround for OpenSC PKCS#11 bug#108 + (Alon Bar-Lev). + +2006.10.01 -- Version 2.1-beta16 + +* Windows installer updated with OpenSSL 0.9.7l DLLs to fix + published vulnerabilities. + +* Fixed TAP-Win32 bug that caused BSOD on Windows Vista + (Henry Nestler). + +* Autodetect 32/64 bit Windows in installer and install + appropriate TAP driver (Mathias Sundman, Hypherion). + +* Fixed bug in loopback self-test introduced + in 2.1-beta15 where self test as invoked by + "make check" would not properly exit after + 2 minutes (Paul Howarth). + +2006.09.12 -- Version 2.1-beta15 + +* Windows installer updated with OpenSSL 0.9.7k DLLs to fix + RSA Signature Forgery (CVE-2006-4339). + +* Fixed bug introduced with the --port-share directive + (back in 2.1-beta9 which causes TLS soft resets + (1 per hour by default) in TCP server mode to force + a blockage of tunnel packets and later time-out and + restart the connection. + +* easy-rsa update (Alon Bar-Lev) + Makefile (install) is now available so that + distribs will be able to install it safely. + +* PKCS#11 changes: (Alon Bar-Lev) + - Modified ssl.c to not FATAL and return to init.c + so auth-retry will work. + - Modifed pkcs11-helper.c to fix some problem with + multiple providers. + - Added retry counter to PKCS#11 PIN hook. + - Modified PKCS#11 PIN retry loop to return correct error + code when PIN is incorrect. + - Fix handling (ignoring) zero sized attributes. + - Fix gcc-2 issues. + - Fix openssl 0.9.6 (first version) issues. + +* Minor fixes of lladdr (Alon Bar-Lev) + Updated makefile.w32-vc to include lladdr.*, updated + linkage libraries. + Modified lladdr.c to be compiled under visual C. + +* Added two new management states: + OPENVPN_STATE_RESOLVE -- DNS lookup + OPENVPN_STATE_TCP_CONNECT -- Connecting to TCP server + +* Echo management state change to log. + +* Minor syshead.h change for NetBSD to allow + TCP_NODELAY flag to work. + +* Modified --port-share code to remove the assumption that + CMSG_SPACE always evaluates to a constant, to enable + compilation on NetBSD and possibly other BSDs as well. + +* Eliminated gcc 3.3.3 warnings on NetBSD + when ./configure --enable-strict is used. + +* Added optional minimum-number-of-bytes parameter + to --inactive directive. + +2006.04.13 -- Version 2.1-beta14 + +* Fixed Windows server bug in time backtrack handling code which + could cause TLS negotiation failures on legitimate clients. + +* Rewrote gettimeofday function for Windows to be + simpler and more efficient. + +* Merged PKCS#11 extensions to easy-rsa/2.0 (Alon Bar-Lev). + +* Added --route-metric option to set a default route metric + for --route (Roy Marples). + +* Added --lladdr option to specify the link layer (MAC) address + for the tap interface on non-Windows platforms (Roy Marples). + +2006.04.12 -- Version 2.1-beta13 + +* Code added in 2.1-beta7 and 2.0.6-rc1 to extend byte counters + to 64 bits caused a bug in the Windows version which has now + been fixed. The bug could cause intermittent crashes. + +2006.04.05 -- Version 2.1-beta12 + +* Security Vulnerability -- An OpenVPN client connecting to a + malicious or compromised server could potentially receive + "setenv" configuration directives from the server which could + cause arbitrary code execution on the client via a LD_PRELOAD + attack. A successful attack appears to require that (a) the + client has agreed to allow the server to push configuration + directives to it by including "pull" or the macro "client" in + its configuration file, (b) the client configuration file uses + a scripting directive such as "up" or "down", (c) the client + succesfully authenticates the server, (d) the server is + malicious or has been compromised and is under the control of + the attacker, and (e) the attacker has at least some level of + pre-existing control over files on the client (this might be + accomplished by having the server respond to a client web request + with a specially crafted file). Credit: Hendrik Weimer. + CVE-2006-1629. + + The fix is to disallow "setenv" to be pushed to clients from + the server, and to add a new directive "setenv-safe" which is + pushable from the server, but which appends "OPENVPN_" to the + name of each remotely set environmental variable. + +* "topology subnet" fix for FreeBSD (Benoit Bourdin). + +* PKCS11 fixes (Alon Bar-Lev). For full description: + svn log -r990 http://svn.openvpn.net/projects/openvpn/branches/BETA21 + +* When deleting routes under Linux, use the route metric + as a differentiator to ensure that the route teardown + process only deletes the identical route which was originally + added via the "route" directive (Roy Marples). + +* Fix the t_cltsrv.sh file in FreeBSD 4 jails + (Matthias Andree, Dirk Meyer, Vasil Dimov). + +* Extended tun device configure code to support ethernet + bridging on NetBSD (Emmanuel Kasper). + +2006.02.19 -- Version 2.1-beta11 + +* Fixed --port-share bug that caused premature closing + of proxied sessions. + +2006.02.17 -- Version 2.1-beta10 + +* Fixed --port-share breakage introduced in 2.1-beta9. + +2006.02.16 -- Version 2.1-beta9 + +* Added --port-share option for allowing OpenVPN and HTTPS + server to share the same port number. +* Added --management-client option to connect as a client + to management GUI app rather than be connected to as a + server. +* Added "bytecount" command to management interface. +* --remote-cert-tls fixes (Alon Bar-Lev). + +2006.01.03 -- Version 2.1-beta8 + +* --remap-usr1 will now also remap signals thrown during + initialization. +* Added --connect-timeout option to control the timeout + on TCP client connection attempts (doesn't work on all + OSes). This patch also makes OpenVPN signalable during + TCP connection attempts. +* Fixed bug in acinclude.m4 where capability of compiler + to handle zero-length arrays in structs is tested + (David Stipp). +* Fixed typo in manage.c where inline function declaration + was declared without the "static" keyword (David Stipp). +* Patch to support --topology subnet on Mac OS X (Mathias Sundman). +* Added --auto-proxy directive to auto-detect HTTP or SOCKS + proxy settings (currently Windows only). +* Removed redundant base64 code. +* Better sanity checking of --server and --server-bridge + IP pool ranges, so as not to hit the assertion at + pool.c:119 (2.0.5). +* Fixed bug where --daemon and --management-query-passwords + used together would cause OpenVPN to block prior to + daemonization. +* Fixed client/server race condition which could occur + when --auth-retry interact is set and the initially + provided auth-user-pass credentials are incorrect, + forcing a username/password re-query. +* Fixed bug where if --daemon and --management-hold are + used together, --user or --group options would be ignored. +* --ip-win32 adaptive is now the default. +* --ip-win32 netsh (or --ip-win32 adaptive when in netsh + mode) can now set DNS/WINS addresses on the TAP-Win32 + adapter. +* Added new option --route-method adaptive (Win32) + which tries IP helper API first, then falls back to + route.exe. +* Made --route-method adaptive the default. + +2005.11.12 -- Version 2.1-beta7 + +* Allow blank passwords to be passed via the management + interface. +* Fixed bug where "make check" inside a FreeBSD "jail" + would never complete (Matthias Andree). +* Fixed bug where --server directive in --dev tap mode + claimed that it would support subnets of /30 or less + but actually would only accept /29 or less. +* Extend byte counters to 64 bits (M. van Cuijk). +* Fixed bug in Linux get_default_gateway function + introduced in 2.0.4, which would cause redirect-gateway + on Linux clients to fail. +* Moved easy-rsa 2.0 scripts to easy-rsa/2.0 to + be compatible with 2.0.x distribution. +* Documented --route-nopull. +* Documented --ip-win32 adaptive. +* Windows build now linked with LZO2. +* Allow ca, cert, key, and dh files to be specified + inline via XML-like syntax without needing to + reference an explicit file. + For example: + <ca> + data here... + </ca> +* Allow plugin and push directives to have multi-line + parameter lists such as: + <plugin> + my-plugin.so + parm1 + parm2 + </plugin> +* Added connect-retry-max option (Alon Bar-Lev). +* Fixed problems where signals thrown during initialization + were not returning to a management-hold state. +* Added a backtrack-hardened system time algorithm. +* Added --remote-cert-ku, --remote-cert-eku, and + --remote-cert-tls options for verifying certificate + attributes (Alon Bar-Lev). +* For Windows, reverted --ip-win32 default back to "dynamic". + To use new adaptive mode, set explicitly. + +2005.11.01 -- Version 2.1-beta6 + +* Security fix (merged from 2.0.4) -- Affects non-Windows + OpenVPN clients of version 2.0 or higher which connect to + a malicious or compromised server. A format string + vulnerability in the foreign_option function in options.c + could potentially allow a malicious or compromised server + to execute arbitrary code on the client. Only + non-Windows clients are affected. The vulnerability + only exists if (a) the client's TLS negotiation with + the server succeeds, (b) the server is malicious or + has been compromised such that it is configured to + push a maliciously crafted options string to the client, + and (c) the client indicates its willingness to accept + pushed options from the server by having "pull" or + "client" in its configuration file (Credit: Vade79). + CVE-2005-3393 +* Security fix -- (merged from 2.0.4) Potential DoS + vulnerability on the server in TCP mode. If the TCP + server accept() call returns an error status, the resulting + exception handler may attempt to indirect through a NULL + pointer, causing a segfault. Affects all OpenVPN 2.0 versions. + CVE-2005-3409 +* Fix attempt of assertion at multi.c:1586 (note that + this precise line number will vary across different + versions of OpenVPN). +* Windows reliability changes: + (a) Added code to make sure that the local PATH environmental + variable points to the Windows system32 directory. + (b) Added new --ip-win32 adaptive mode which tries 'dynamic' + and then fails over to 'netsh' if the DHCP negotiation fails. + (c) Made --ip-win32 adaptive the default. +* More PKCS#11 additions/changes (Alon Bar-Lev). +* Added ".PHONY: plugin" to Makefile.am to work around + "make dist" issue. +* Fixed double fork issue that occurs when --management-hold + is used. +* Moved TUN/TAP read/write log messages from --verb 8 to 6. +* Warn when multiple clients having the same common name or + username usurp each other when --duplicate-cn is not used. +* Modified Windows and Linux versions of get_default_gateway + to return the route with the smallest metric + if multiple 0.0.0.0/0.0.0.0 entries are present. +* Added ">NEED-OK" alert and "needok" command to management + interface to provide a general interface for sending + alerts to the end-user. Used by the PKCS#11 code + to send Token Insertion Requests to the user. +* Added actual remote address used to the ">STATE" alert + in the management interface (Rolf Fokkens). + +2005.10.17 -- Version 2.1-beta4 + +* Fixed bug introduced in 2.1-beta3 where management + socket bind would fail. +* --capath fix in ssl.c (Zhuang Yuyao). +* Added ".PHONY: plugin" to Makefile.am, reverted + location of "plugin" directory (thanks to + Matthias Andree for figuring this out). + +2005.10.16 -- Version 2.1-beta3 + +* Added PKCS#11 support (Alon Bar-Lev). +* Enable the use of --ca together with --pkcs12. If --ca is + used at the same time as --pkcs12, the CA certificate is loaded + from the file specified by --ca regardless if the pkcs12 file + contains a CA cert or not (Mathias Sundman). +* Merged --capath patch (Thomas Noel). +* Merged --multihome patch. +* Added --bind option for TCP client connections (Ewan Bhamrah + Harley). +* Moved "plugin" directory to "plugins" to deal with strange + automake problem that ended up being also fixable with + ".PHONY: plugin" in Makefile.am. + +2005.10.13 -- Version 2.1-beta2 + +* Made --sndbuf and --rcvbuf pushable. + +2005.10.01 -- Version 2.1-beta1 + +* Made LZO setting pushable. +* Renamed sample-keys/tmp-ca.crt to ca.crt. +* Fixed bug where remove_iroutes_from_push_route_list + was missing routes if those routes had + an implied netmask (by omission) of 255.255.255.255. +* Merged with 2.0.3-rc1 +* easy-rsa/2.0 moved to easy-rsa +* old easy-rsa moved to easy-rsa/1.0 + +2005.09.23 -- Version 2.0.2-TO4 + +* Added feature to TAP-Win32 adapter to allow it to be + opened from non-administrator mode. This feature + is enabled by default, and can be enabled/disabled + in the adapter advanced properties dialog. +* Added --allow-nonadmin standalone option for Windows to + set TAP adapter to allow non-admin access. This + is a user-mode version of the code, and duplicates + the same feature as the above entry. +* Added fix that attempts to solve corner case of tunnel not + forwarding packets when system clock is reset to an earlier time. +* Added --redirect-gateway bypass-dns option. (Developers: + To add bypass-dhcp or bypass-dns support to other OSes, + add a get_bypass_addresses function to route.c for + your OS.) +* Added OPENVPN_PLUGIN_CLIENT_CONNECT_V2 plugin callback, which + allows a client-connect plugin to return configuration text + in memory, rather than via a file. +* Fixed a bug where --mode server --proto tcp-server --cipher none + operation could cause tunnel packet truncation. +* openvpn --version will show [LZO1] or [LZO2], depending on + version that was linked. + +2005.09.07 -- Version 2.0.2-TO1 + +* Added --topology directive. See man page. +* Added --redirect-gateway bypass-dhcp option to add a route + allowing DHCP packets to bypass the tunnel, when the + DHCP server is non-local. Currently only implemented + on Windows clients. +* Modified OpenVPN Service on Windows to declare the DHCP + client service as a dependency. +* Extended the plugin interface to allow plugins to declare + per-client constructor and destructor functions, to make + it simpler for plugins to maintain per-client state. + +2005.09.25 -- Version 2.0.3-rc1 + +* openvpn_plugin_abort_v1 function wasn't being properly + registered on Windows. +* Fixed a bug where --mode server --proto tcp-server --cipher none + operation could cause tunnel packet truncation. + +2005.08.25 -- Version 2.0.2 + +* No change from 2.0.2-rc1. + +2005.08.24 -- Version 2.0.2-rc1 + +* Fixed regression bug in Win32 installer, introduced in 2.0.1, + which incorrectly set OpenVPN service to autostart. +* Don't package source code zip file in Windows installer + in order to reduce the size of the installer. The source + zip file can always be downloaded separately if needed. +* Fixed bug in route.c in FreeBSD, Darwin, OpenBSD and NetBSD + version of get_default_gateway. Allocated socket for route + manipulation is never freed so number of mbufs continuously + grow and exhaust system resources after a while (Jaroslav Klaus). +* Fixed bug where "--proto tcp-server --mode p2p --management + host port" would cause the management port to not respond until + the OpenVPN peer connects. +* Modified pkitool script to be /bin/sh compatible (Johnny Lam). + +2005.08.16 -- Version 2.0.1 + +* Security Fix -- DoS attack against server when run with "verb 0" and + without "tls-auth". If a client connection to the server fails + certificate verification, the OpenSSL error queue is not properly + flushed, which can result in another unrelated client instance on the + server seeing the error and responding to it, resulting in disconnection + of the unrelated client (CAN-2005-2531). +* Security Fix -- DoS attack against server by authenticated client. + This bug presents a potential DoS attack vector against the server + which can only be initiated by a connected and authenticated client. + If the client sends a packet which fails to decrypt on the server, + the OpenSSL error queue is not properly flushed, which can result in + another unrelated client instance on the server seeing the error and + responding to it, resulting in disconnection of the unrelated client + (CAN-2005-2532). Credit: Mike Ireton. +* Security Fix -- DoS attack against server by authenticated client. + A malicious client in "dev tap" ethernet bridging mode could + theoretically flood the server with packets appearing to come from + hundreds of thousands of different MAC addresses, causing the OpenVPN + process to deplete system virtual memory as it expands its internal + routing table. A --max-routes-per-client directive has been added + (default=256) to limit the maximum number of routes in OpenVPN's + internal routing table which can be associated with a given client + (CAN-2005-2533). +* Security Fix -- DoS attack against server by authenticated client. + If two or more client machines try to connect to the server at the + same time via TCP, using the same client certificate, and when + --duplicate-cn is not enabled on the server, a race condition can + crash the server with "Assertion failed at mtcp.c:411" + (CAN-2005-2534). +* Fixed server bug where under certain circumstances, the client instance + object deletion function would try to delete iroutes which had never been + added in the first place, triggering "Assertion failed at mroute.c:349". +* Added --auth-retry option to prevent auth errors from being fatal + on the client side, and to permit username/password requeries in case + of error. Also controllable via new "auth-retry" management interface + command. See man page for more info. +* Added easy-rsa 2.0 scripts to the tarball in easy-rsa/2.0 +* Fixed bug in openvpn.spec where rpmbuild --define 'without_pam 1' + would fail to build. +* Implement "make check" to perform loopback tests (Matthias Andree). + +2005.07.21 -- Version 2.0.1-rc7 + +* Support LZO 2.01 which renamed its library to lzo2 (Matthias Andree). +* Include linux/types.h before checking for linux/errqueue.h (Matthias + Andree). + +2005.07.15 -- Version 2.0.1-rc6 + +* Commented out "user nobody" and "group nobody" in sample + client/server config files. +* Allow '@' character to be used in --client-config-dir + file names. + +2005.07.04 -- Version 2.0.1-rc5 + +* Windows version will log a for-further-info URL when + initialization sequence is completed with errors. +* Added DLOPEN_PAM parameter to plugin/auth-pam/Makefile + to control whether auth-pam plugin links to PAM via + dlopen or -lpam. By default, DLOPEN_PAM=1 so pre-existing + behavior should be preserved. DLOPEN_PAM=0 is the preferred + setting to link via -lpam, but DLOPEN_PAM=1 works around + a bug in SuSE 9.1 (and possibly other distros as well) + where the PAM modules are not linked with -lpam. See + thread on openvpn-devel for more discussion about this + patch (Simon Perreault). + +2005.06.15 -- Version 2.0.1-rc4 + +* Support LZO 2.00, including changes to configure script to + autodetect LZO version. + +2005.06.12 -- Version 2.0.1-rc3 + +* Fixed a bug which caused standard file handles to not be closed + after daemonization when --plugin and --daemon are used together, + and if the plugin initialization function forks (as does auth-pam + and down-root) (Simon Perreault). +* Added client-side up/down scripts in contrib/pull-resolv-conf + for accepting server-pushed "dhcp-option DOMAIN" and "dhcp-option DNS" + on Linux/Unix systems (Jesse Adelman). +* Fixed bug where if client-connect scripts/plugins were cascaded, + and one (but not all) of them returned an error status, there might + be cases where for an individual script/plugin, client-connect was + called but not client-disconnect. The goal of this fix is to + ensure that if client-connect is called on a given client instance, + then client-disconnect will definitely be called. A potential + complication of this fix is that when client-connect functions are + cascaded, it's possible that the client-disconnect function would + be called in cases where the related client-connect function returned + an error status. This fix should not alter OpenVPN behavior when + scripts/plugins are not cascaded. +* Changed the hard-to-reproduce "Assertion failed at fragment.c:312" + fatal error to a warning: "FRAG: outgoing buffer is not empty". + Need more info on how to reproduce this one. +* When --duplicate-cn is used, the --ifconfig-pool allocation + algorithm will now allocate the first available IP address. +* When --daemon and --management-hold are used together, + OpenVPN will daemonize before it enters the management hold state. + +2005.05.16 -- Version 2.0.1-rc2 + +* Modified vendor test in openvpn.spec file to match against + "Mandrakesoft" in addition to "MandrakeSoft". +* Using --iroute in a --client-config-dir file while in --dev tap + mode is not currently supported and will produce a warning + message. Fixed bug where in certain cases, in addition to + generating a warning message, this combination of options + would also produce a fatal assertion in mroute.c. +* Pass --auth-user-pass username to server-side plugin without + performing any string remapping (plugins, unlike scripts, + don't get any security benefit from string remapping). + This is intended to fix an issue with openvpn-auth-pam/pam_winbind + where backslash characters in a username ('\') were being remapped + to underscore ('_'). +* Updated OpenSSL DLLs in Windows build to 0.9.7g. +* Documented --explicit-exit-notify in man page. +* --explicit-exit-notify seconds parameter defaults to 1 if + unspecified. + +2005.04.30 -- Version 2.0.1-rc1 + +* Fixed bug where certain kinds of fatal errors after + initialization (such as port in use) would leave plugin + processes (such as openvpn-auth-pam) still running. +* Added optional openvpn_plugin_abort_v1 plugin function for + closing initialized plugin objects in the event of a fatal + error by main OpenVPN process. +* When the --remote list is > 1, and --resolv-retry is not + specified (meaning that it defaults to "infinite"), apply the + infinite timeout to the --remote list as a whole, but try each + list item only once before moving on to the next item. +* Added new --syslog directive which redirects output + to syslog without requiring the use of the --daemon or --inetd + directives. +* Added openvpn.spec option to allow RPM to be built with support + for passwords read from a file: + rpmbuild -tb [openvpn.x.tar.gz] --define 'with_password_save 1' + +2005.04.17 -- Version 2.0 + +* Fixed minor options string typo in options.c. + +2005.04.10 -- Version 2.0-rc21 + +* Change license description from "GPL Version 2 or (at your + option) any later version" to just "GPL Version 2". + +2005.04.04 -- Version 2.0-rc20 + +* Dag Wieers has put together an OpenVPN/LZO binary RPM set with + excellent distro/version coverage for RH/EL/Fedora, though + using his own SPEC. I modified openvpn.spec to follow some of + the same conventions such as putting sample scripts and doc + files in %doc rather than /usr/share/openvpn. +* Minor change to init scripts to run the user-defined script + /etc/openvpn/openvpn-startup (if it exists) before any OpenVPN + configs are started, and to run /etc/openvpn/openvpn-shutdown + after all OpenVPN configs have been stopped. The + openvpn-startup script can be used for stuff like + insmod tun.o, setting up firewall rules, or starting + ethernet bridges. + +2005.03.29 -- Version 2.0-rc19 + +* Omit additions of routes where the network and + gateway are equal and the netmask is 255.255.255.255. + This can come up if you are using both + server/ifconfig-pool and client-config-dir with + ifconfig-push static addresses for some subset of clients + which directly reference the server IP address as the + remote endpoint. + +2005.03.28 -- Version 2.0-rc18 + +* Packaged Windows installer with OpenSSL 0.9.7f. +* Built Windows installer with NSIS 2.06. + +2005.03.12 -- Version 2.0-rc17 + +* "MANAGEMENT: CMD" log file output will now only occur + at --verb 7 or greater. +* Added an optional name/value configuration list to + the openvpn-auth-pam plugin module argument list. See + plugin/auth-pam/README for documentation. This is necessary + in order for openvpn-auth-pam to work with queries generated + by arbitrary PAM modules. +* In both auth-pam and down-root plugins, in the forked process, + a read error on the parent process socket is no longer fatal. +* MandrakeSoft liblzo1 RPM only Provides for a 'liblzo1'. + A conditional test of the vendor has been added to + Require the appropriately named 'lzo' (liblzo1 / lzo). + (Tom Walsh - http://openhardware.net) + + +2005.02.20 -- Version 2.0-rc16 + +* Fixed bug introduced in rc13 where Windows service wrapper + would be installed with a startup type of Automatic. + This fix restores the previous behavior of installing + with a startup type of Manual. + +2005.02.19 -- Version 2.0-rc15 + +* Added warning when --keepalive is not used in a server + configuration. +* Don't include OpenSSL md4.h file if we are not building + NTLM proxy support (Waldemar Brodkorb). +* Added easy-rsa/build-key-pkcs12 and + easy-rsa/Windows/build-key-pkcs12.bat scripts + (Mathias Sundman). + +2005.02.16 -- Version 2.0-rc14 + +* Fixed small memory leak that occurs when --crl-verify + is used. +* Upgraded Windows installer and .nsi script to NSIS 2.05 + (Mathias Sundman). +* Changed #include backslash usage in cryptoapi.c to use + forward slashes instead (Gisle Vanem). +* Created easy-rsa/revoke-full to handle revocations in + a single step: (a) revoke crt, (b) regenerate CRL, and + (c) verify that revocation succeeded. +* Renamed easy-rsa/Windows/revoke-key to revoke-full so + that both *nix and Windows scripts are equivalent. + +2005.02.11 -- Version 2.0-rc13 + +* Improve human-readability of local/remote options + diff, when inconsistencies are present. +* For Windows easy-rsa, distribute vars.bat.sample and + openssl.cnf.sample, then copy them to their normal + filenames (without the .sample) when init-config.bat + is run. This is to prevent OpenVPN upgrades from + wiping out vars.bat and openssl.cnf edits. +* Modified service wrapper (Windows) to use a + case-insensitive search when scanning for .ovpn files + in \Program Files\OpenVPN\config. Prior versions + required an all-lower-case .ovpn file extension. +* Miscellaneous service wrapper code cleanup. +* If --user/--group is used on Windows, treat it + as a no-op with a warning (this makes it easier to + distribute the same client config file to Windows + and *nix users). +* Warn if --ifconfig-pool-persist is used with + --duplicate-cn. + +2005.02.05 -- Version 2.0-rc12 + +* Removed some debugging code inadvertently included + in rc11 which would print the --auth-user-pass + username/password provided by clients in the server + logfile. +* Client code for cycling through --remote list will + retry the last address which successfully authenticated + before moving on through the list. +* Windows installer will now install sample configuration + files in \Program Files\OpenVPN\sample-configs as well + as generate a start menu shortcut to this directory. +* Minor type change in buffer.[ch] to work around char-type + ambiguity bug. Caused management interface lock-ups on + ARM when building with armv4b-hardhat-linux-gcc 2.95.3. + +2005.02.03 -- Version 2.0-rc11 + +* Windows installer will now install easy-rsa directory + in \Program Files\OpenVPN +* Allow syslog facility to be controlled at compile time, + e.g. -DLOG_OPENVPN=LOG_LOCAL6 (P Kern). +* Changed certain shell scripts in distribution to use + #!/bin/sh rather than #!/bin/bash for better portability. +* If --ifconfig-pool-persist seconds parameter is 0, treat + persist file as an allocation of fixed IP addresses + (previous versions took IP-to-common-name associations + from this list as hints, not mandatory static allocations). +* Fixed bug on *nix where if --auth-user-pass and --log + were used together, the username prompt would be sent to + the log file rather than /dev/tty. +* Spurious text in openvpn.8 detected by doclifter + (Eric S. Raymond). +* Call closelog later on daemon kill so that process + exit message is written to syslog. + +2005.01.27 -- Version 2.0-rc10 + +* When ./configure is run with plugins enabled (the default), + check whether or not dlopen exists in libc before testing + for libdl. This is to fix an issue on FreeBSD and possibly + other OSes which bundle libdl functions in libc. +* On Windows, filter initial WSAEINVAL warning which occurs + on the initial read attempt of an unbound socket. +* The easy-rsa scripts build-key, build-key-pass, and + build-key-server will now chmod the .key file + to 0600. This is in addition to the fact the generated + keys directory has always been similarly protected + (Pete Harlan). + +2005.01.23 -- Version 2.0-rc9 + +* Fixed error "ROUTE: route addition failed using + CreateIpForwardEntry ..." on Windows when --redirect-gateway + is used over a RRAS internet link. +* When using --route-method exe on Windows, include the + gateway parameter on route delete commands (Mathias Sundman). +* Try not to do a hard reset (i.e. SIGHUP) when two + SIGUSR1 signals are received in close succession. +* If the push list tries to grow beyond its buffer capacity, + the resulting error will be non-fatal. +* To increase the push list capacity (must be done on both + client and server), increase TLS_CHANNEL_BUF_SIZE in + common.h (default=1024). + +2005.01.15 -- Version 2.0-rc8 + +* Fixed bug introduced in rc7 where options error + "--auth-user-pass requires --pull" might occur even + if --pull was correctly specified. +* Changed management interface code to bind once + to TCP socket, rather than rebinding after every + client disconnect. +* Added "disable" directive for client-config-dir + files. +* Windows binary install is now distributed with + OpenSSL 0.9.7e. +* Query the management interface for --http-proxy + username/password if authfile is set to "stdin". +* Added current OpenVPN version number to "Unrecognized + option or missing parameter" error message. +* Added "-extensions server" to "openssl req" command + in easy-rsa/build-key-server (Nir Yeffet). + +2005.01.10 -- Version 2.0-rc7 + +* Fixed bug in management interface which could cause + 100% CPU utilization in --proto tcp-server mode + on all *nix OSes except for Linux 2.6. +* --ifconfig-push now accepts DNS names as well as + IP addresses. +* Added sanity check errors when --pull or + --auth-user-pass is used in an incorrect mode. +* Updated man page entries for --client-connect and + --ifconfig-push. +* Added "String Types and Remapping" section to man + page to consisely document the way which OpenVPN + may convert certain types of characters in strings + to ('_'). +* Modified bridging description in HOWTO to emphasize + the fact that bridging allows Windows file and print + sharing without a WINS server (Charles Duffy). + +2004.12.20 -- Version 2.0-rc6 + +* Improved checking for epoll support in ./configure + to fix false positive on RH9 (Jan Just Keijser). +* Made the "MULTI TCP: I/O wait required blocking in + multi_tcp_action, action=7" error nonfatal and replaced + with "MULTI: Outgoing TUN queue full, dropped packet". + So far the issue only seems to occur on Linux 2.2 + in --mode server --proto tcp mode. It occurs when + the TUN/TAP driver locks up and refuses to accept + new packet writes for a second or more. +* Fixed bug where if a --client-config-dir file tried + to include another file using "config", and if that + include failed, OpenVPN would abort with a fatal + error. Now such inclusion failures will be logged + but are no longer fatal. +* Global changes to the way that packet buffer alignment + is handled. Previously we didn't care about alignment + and took care, when handling 16 and 32 bit words + in buffers, to always use alignment-safe transfers. + This approach appears to be inadequate on some + architectures such as alpha. The new approach is + to initialize packet buffers in a way that anticipates + how component structures will be allocated within + them, to maintain correct alignment. +* Added --dhcp-option DISABLE-NBT to disable NetBIOS + over TCP (Jan Just Keijser). +* Added --http-proxy-option directive for controlling + miscellaneous HTTP proxy options. +* Management state will no longer transition to "WAIT" + during TLS renegotiations. + +2004.12.16 -- Version 2.0-rc5 + +* The --client-config-dir option will now try to open + a default file called "DEFAULT" if no file matching + the common name of the incoming client was found. +* The --client-connect script/plugin can now veto client + authentication by returning a failure code. +* The --learn-address script/plugin can now prevent a + client-instance/address association from being learned + by returning a failure code. +* Changed RPM group in .spec file to Applications/Internet. + +2004.12.14 -- Version 2.0-rc4 + +* SuSE only -- Fixed interaction between openvpn.spec and + suse/openvpn.init where the .spec file was writing the + OpenVPN binary to a different location than where the + .init script was referencing it (Stefan Engel). +* Solaris only -- Split Solaris ifconfig command into two + parts (Jan Just Keijser). +* Some cleanup in add_option(). +* Better error checking on input dotted quad IP addresses. +* Verify that --push argument is quoted, if there is + more than one. +* More miscellaneous option sanity checks. + +2004.12.13 -- Version 2.0-rc3 + +* On Windows, when --log or --log-append is used, + save the original stderr for username and password + prompts. +* Fixed a bug introduced in the late 2.0 betas where + if a "verb" parameter >= 16 was used, it would be + ignored and the actual verb level would remain at 1. +* Fixed a bug mostly seen on OS X where --management-hold + or --management-query-passwords would cause the management + interface to be unresponsive to incoming client connections. +* Trigger an options error if one of the management-modifying + options is used without "management" itself. + +2004.12.12 -- Version 2.0-rc2 + +* Amplified warnings in documentation about possible + man-in-the-middle attack when clients do not properly + verify server certificate. Changes to easy-rsa README, + FAQ, HOWTO, man page, and sample client config file. +* Added a warning message if --tls-client or --client + is used without also specifying one of either + --ns-cert-type, --tls-remote, or --tls-verify. +* status_open() fixes for MSVC builds (Blaine Fleming). +* Fix attempt of "ntlm.c:55: error: `des_cblock' undeclared" + compiler error which has been reported on some platforms. +* The openvpn.spec file for rpmbuild has several + new build-time options. See comments in the file. +* Plugins are now built and packaged in the RPM and + will be saved in /usr/share/openvpn/plugin/lib. +* Added --management-hold directive to start OpenVPN + in a hibernating state until released by the + management interface. Also added "hold" command + to the management interface. + +2004.12.07 -- Version 2.0-rc1 + +* openvpn.spec workaround for SuSE confusion regarding + /etc/init.d vs. /etc/rc.d/init.d (Stefan Engel). + +2004.12.05 -- Version 2.0-beta20 + +* The ability to read --askpass and --auth-user-pass + passwords from a file has been disabled by default. + To re-enable, use ./configure --enable-password-save. +* Added additional pre-connected states to management + interface. See management/management-notes.txt + for more info. +* State history is now recorded by the management + interface, and the "state" command now works like + the log or echo commands. +* State history and real-time state change notifications + are now prepended with an integer unix timestamp. +* Added --http-proxy-timeout option, previously + the timeout was hardcoded to 5 seconds. + +2004.12.02 -- Version 2.0-beta19 + +* Fixed bug in management interface line termination + where output lines incorrectly contained a \00 char + after the customary \0d \0a. +* Fixed bug introduced in beta18 where Windows version + would segfault on options errors. +* Fixed bug in management interface where an empty + quoted string ("") entered as a parameter would cause + a segfault. +* Fixed bug where --resolv-retry was not working + properly with multiple --remote hosts. +* Added additional ./configure options to reduce + executable size for embedded applications. + See ./configure --help. + +2004.11.28 -- Version 2.0-beta18 + +* Added management interface. See new --management-* + options or the full management interface documentation + in management/management-notes.txt in the tarball. + Management interface inclusion can be disabled by + ./configure --disable-management. +* Added two new plugin modules: auth-pam and down-root. + Auth-pam supports pam-based authentication using a + split privilege execution model, while down-root enables + a down script to be executed with root privileges, even + when --user/--group is used to drop root privileges. + See the plugin directory in the tarball for READMEs, + source code, and Makefiles. +* Plugin developers should note that some changes were + made to the plugin interface since beta17. See + openvpn-plugin.h for details. + Plugin interface inclusion can be disabled with + ./configure --disable-plugins +* Added easy-rsa/build-key-server script which will + build a certificate with with nsCertType=server. +* Added --ns-cert-type option for verification + of nsCertType field in peer certificate. +* If --fragment n is specified and --mssfix is specified + without a parameter, default --mssfix to n. This restores + the 1.6 behavior when using --mssfix without a parameter. +* Fixed SSL context initialization bug introduced in beta14 + where this error might occur on restarts: "Cannot load + certificate chain ... PEM_read_bio:no start line". + +2004.11.11 -- Version 2.0-beta17 + +* Changed default port number to 1194 per IANA official + port number assignment. +* Added --plugin directive which allows compiled + modules to intercept script callbacks. See + plugin folder in tarball for more info. +* Fixed bug introduced in beta12 where --key-method 1 + authentications which should have succeeded would fail. +* Ignore SIGUSR1 during DNS resolution. +* Added SuSE support to openvpn.spec (Umberto Nicoletti). +* Fixed --cryptoapicert SUBJ: parsing bug (Peter 'Luna' + Runestig). + +2004.11.07 -- Version 2.0-beta16 + +* Modified sample-scripts/auth-pam.pl to get username + and password from OpenVPN via a file rather than + via environmental variables. +* Added bytes_sent and bytes_received environmental + variables to be set prior to client-disconnect script. +* Changed client virtual IP derivation precedence: + (1) use --ifconfig-push directive from --client-connect + script, (2) use --ifconfig-push directive from + --client-config-dir, and (3) use --ifconfig-pool + address. +* If a --client-config-dir file specifies --ifconfig-push, + it will be visible to the --client-connect-script in + the ifconfig_pool_remote_ip environmental variable. +* For tun-style tunnels, the ifconfig_pool_local_ip + environmental variable will be set, while for + tap-style tunnels, the ifconfig_pool_netmask variable + will be set. +* Added intelligence to autoconf script to test + compiler for the accepted form of zero-length arrays. +* Fixed a bug introduced in beta12 where --ip-win32 + netsh would fail if --dev-node was not explicitly + specified. +* --ip-win32 netsh will now work on hidden adapters. +* Fix attempt of "Assertion failed at crypto.c:149". + This assertion has also been reported on 1.x with a + slightly different line number. The fix is twofold: + (1) In previous releases, --mtu-test may trigger this + assertion -- this bug has been fixed. (2) If something + else causes the assertion to be thrown, don't panic, + just output a nonfatal warning to the log and drop + the packet which generated the error. +* Support TAP interfaces on Mac OS X (Waldemar Brodkorb). +* Added --echo directive. +* Added --auth-nocache directive. + +2004.10.28 -- Version 2.0-beta15 + +* Changed environmental variable character classes + so that names must consist of alphanumeric or + underbar chars and values must consist of printable + characters. Illegal chars will be deleted. + Versions prior to 2.0-beta12 were more restrictive + and would map spaces to '.'. +* On Windows, when the TAP adapter fails to + initialize with the correct IP address, output + "Initialization Sequence Completed with Errors" + to the console or log file. +* Added a warning when user/group/chroot is used + without persist-tun and persist-key. +* Added cryptoapi.[ch] to tarball and source zip. +* --tls-remote option now works with common name + prefixes as well as with the full X509 subject + string. This is a useful alternative to using + a CRL on the client. +* common names associated with a static + --ifconfig-push setting will no longer leave + any state in the --ifconfig-pool-persist file. +* Hard TLS errors (TLS handshake failed) will now + trigger either a SIGUSR1 signal by default + or SIGTERM (if --tls-exit is specified). In TCP + mode, all TLS errors are considered to be hard. + In server mode, the signal will be local to the + client instance. +* Added method parameter to --auth-user-pass-verify + directive to select whether username/password + is passed to script via environment or a temporary + file. +* Added --status-version option to control format + of --status file. The --mode server + --status-version 2 format now includes a line + type token, the virtual IP address is shown + in the client list (even in --dev tap mode), + and the integer time_t value is shown anywhere + an ascii-formatted time/date is also shown. +* Added --remap-usr1 directive which can be used + to control whether internally or externally + generated SIGUSR1 signals are remapped to + SIGHUP (restart without persisting state) or + SIGTERM (exit). +* When running as a Windows service (using + --service option), check the exit event before + and after reading one line of input from + stdin, when reading username/password info. +* For developers: Extended the --gremlin function + to better stress-test the new 2.0 features, + added Valgrind support on Linux and Dmalloc + support on Windows. + +2004.10.19 -- Version 2.0-beta14 + +* Fixed a bug introduced in Beta12 that would occur + if you use a --client-connect script without also + defining --tmp-dir. +* Fixed a bug introduced in Beta12 where a learn-address + script might segfault on the delete method. +* Added Crypto API support in Windows version via + the --cryptoapicert option (Peter 'Luna' Runestig). + +2004.10.18 -- Version 2.0-beta13 + +* Fixed an issue introduced in Beta12 where the private + key password would not be prompted for unless --askpass + was explicitly specified in the config. + +2004.10.17 -- Version 2.0-beta12 + +* Added support for username/password-based authentication. + Clients can now authentication themselves with the server + using either a certificate, a username/password, or both. + New directives: --auth-user-pass, --auth-user-pass-verify, + --client-cert-not-required, and --username-as-common-name. +* Added NTLM proxy patch (William Preston). +* Added --ifconfig-pool-linear server flag to allocate + individual tun addresses for clients rather than /30 + subnets (won't work with Windows clients). +* Modified --http-proxy code to cache username/password + across restarts. +* Modified --http-proxy code to read username/password + from the console when the auth file is given as "stdin". +* Modified --askpass to take an optional filename argument. +* --persist-tun and --persist-key now work in client mode + and can be pushed to clients as well. +* Added --ifconfig-pool-persist directive, to maintain + ifconfig-pool info in a file which is persistent across + daemon instantiations. +* --user and --group privilege downgrades as well as + --chroot now also work in client mode (the + dowgrade/chroot will be delayed until the initialization + sequence is completed). +* Added --show-engines standalone directive to show + available OpenSSL crypto accelerator engine support. +* --engine directive now accepts an optional engine-ID + parameter to control which engine is used. +* "Connection reset, restarting" log message now shows + which client is being reset. +* Added --dhcp-pre-release directive in Windows version. +* Second parm to --ip-win32 can be "default", e.g. + --ip-win32 dynamic default 60. +* Fixed documentation bug regarding environmental + variable settings for --ifconfig-pool IP addresses. + The correct environmental variable names are: + ifconfig_pool_local_ip and ifconfig_pool_remote_ip. +* ifconfig_pool_local_ip and ifconfig_pool_remote_ip + environmental variables are now passed to the + client-disconnect script. +* In server mode, environmental variables are now scoped + according to the client they are associated with, + to solve the problem of "crosstalk" between different + client's environmental variable sets. +* Added --down-pre flag to cause --down script to be + called before TUN/TAP close (rather than after). +* Added --tls-exit flag which will cause OpenVPN + to exit on any TLS errors. +* Don't push a route to a client if it exactly + matches an iroute (this lets you push routes to + all clients, and OpenVPN will automatically remove + the route from the route push list only for that client + which the route actually belongs to). +* Made '--resolv-retry infinite' the default. + --resolv-retry can be disabled by using a parameter of 0. +* For clients which plan to pull config info from server, + set an initial default ping-restart of 60 seconds. +* Optimized mute code to lessen the load on the processor + when messages are being muted at a higher frequency. +* Made route log messages non-mutable. +* Silence the Linux "No buffer space available" message. +* Added miscellaneous additional option sanity checks. +* Added Windows version of easy-rsa scripts in + easy-rsa/Windows directory (Andrew J. Richardson). +* Added NetBSD route patch (Ed Ravin). +* Added OpenBSD patch for TAP + --redirect-gateway + (Waldemar Brodkorb). +* Directives which prompt for a username and/or password + will now work with --daemon (OpenVPN will prompt + before forking). +* Warn if CRL is from a different issuer than the + issuer of the peer certificate (Bernhard Weisshuhn). +* Changed init script chkconfig parameters to start + OpenVPN daemon(s) before NFS. +* Bug fix attempt of "too many I/O wait events" which occurs + on OSes which prefer select() over poll() such as Mac OS X. +* Added --ccd-exclusive flag. This flag will require, as a + condition of authentication, that a connecting client has + a --client-config-dir file. +* TAP-Win32 open code will attempt to open a free adapter + if --dev-node is not specified (Mathias Sundman). +* Resequenced --nice and --chroot ordering so that --nice + occurs first. +* Added --suppress-timestamps flag (Charles Duffy). +* Source code changes to allow compilation by MSVC + (Peter 'Luna' Runestig). +* Added experimental --fast-io flag which optimizes + TUN/TAP/UDP writes on non-Windows systems. + +2004.08.18 -- Version 2.0-beta11 + +* Added --server, --server-bridge, --client, and + --keepalive helper directives. See client.conf + and server.conf in sample-config-files for sample + configurations which use the new directives. +* On Windows, added --route-method to control + whether IP Helper API or route.exe is used + to add/delete routes. +* On Windows, added a second parameter to + --route-delay to control the maximum time period + to wait for the TAP-Win32 adapter to come up + before adding routes. +* Fixed bug in Windows version where configurations + which omit --ifconfig might fail to recognize when + the TAP adapter is up. +* Proxy connection failures will now retry according + to the --connect-retry parameter. +* Fixed --dev null handling on Windows so that TLS + loopback test described in INSTALL file works + correctly on Windows. +* Added "Initialization Sequence Completed" message + after all initialization steps have been completed + and the VPN can be considered "up". +* Better sanity-checking on --ifconfig-pool parameters. +* Added --tcp-queue-limit option to control + TUN/TAP -> TCP socket overflow. +* --ifconfig-nowarn flag will now silence general + warnings about possible --ifconfig address + conflicts, including the warning about --ifconfig + and --remote addresses being in same /24 subnet. +* Fixed case where server mode did not correctly + identify certain types of ethernet multicast packets + (Marcel de Kogel). +* Added --explicit-exit-notify option (experimental). + +2004.08.02 -- Version 2.0-beta10 + +* Fixed possible reference after free of option strings + after a restart, bug was introduced in beta8. +* Fixed segfault at route.c:919 in the beta9 + Windows version that was being caused by indirection + through a NULL pointer. +* Mistakenly built debug version of TAP-Win32 driver + for beta9. Beta10 has correct release build. + +2004.07.30 -- Version 2.0-beta9 + +* Fixed --route issue on Windows that was introduced with + the new beta8 route implementation based on the + IP Helper API. + +2004.07.27 -- Version 2.0-beta8 + +* Added TCP support in server mode. +* Added PKCS #12 support (Mathias Sundman). +* Added patch to make revoke-crt and make-crl work + seamlessly within the easy-rsa environment (Jan Kiszka). +* Modified --mode server ethernet bridge code to forward + special IEEE 802.1d MAC Groups, i.e. 01:80:C2:XX:XX:XX. +* Added --dhcp-renew and --dhcp-release flags to Windows + version. Normally DHCP renewal and release on the TAP + adapter occurs automatically under Windows, however + if you set the TAP-Win32 adapter Media Status property + to "Always Connected", you may need these flags. +* Added --show-net standalone flag to Windows version to + show OpenVPN's view of the system adapter and routing + tables. +* Added --show-net-up flag to Windows version to output + the system routing table and network adapter list to + the log file after the TAP-Win32 adapter has been brought + up and any routes have been added. +* Modified Windows version to add routes using the IP Helper + API rather than by calling route.exe. +* Fixed bug where --route-up script was not being called + if no --route options were specified. +* Added --mute-replay-warnings to suppress packet replay + warnings. This is a common false alarm on WiFi nets. +* Added "def1" flag to --redirect-gateway option to override + the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 + rather than 0.0.0.0/0. This has the benefit of overriding + but not wiping out the original default gateway. + (Thanks to Jim Carter for pointing out this idea). +* You can now run OpenVPN with a single config file argument. + For example, you can now say "openvpn config.conf" + rather than "openvpn --config config.conf". +* On Windows, made --route and --route-delay more adaptive + with respect to waiting for interfaces referenced by the + route destination to come up. Routes added by --route + should now be added as soon as the interface comes up, + rather than after an obligatory 10 second delay. The + way this works internally is that --route-delay now + defaults to 0 on Windows. Previous versions would + wait for --route-delay seconds then add the routes. + This version will wait --route-delay seconds and then + test the routing table at one second intervals for the + next 30 seconds and will not add the routes until they + can be added without errors. +* On Windows, don't setsockopt SO_SNDBUF or SO_RCVBUF by + default on TCP/UDP socket in light of reports that this + action can have undesirable global side effects on the + MTU settings of other adapters. These parameters can + still be set, but you need to explicitly specify + --sndbuf and/or --rcvbuf. +* Added --max-clients option to limit the maximum number + of simultaneously connected clients in server mode. +* Added error message to illuminate shell escape gotcha when + single backslashes are used in Windows path names. +* Added optional netmask parm to --ifconfig-pool. +* Fixed bug where http-proxy connect retry attempts were + incorrectly going to the remote OpenVPN server, + not to the HTTP proxy server. + +2004.06.29 -- Version 2.0-beta7 + +* Fixed bug in link_socket_verify_incoming_addr() which + under certain circumstances could have caused --float + behavior even if --float was not specified. +* --tls-auth option now works with --mode server. + All clients and the server should use the same + --tls-auth key when operating in client/server mode. +* Added --engine option to make use of OpenSSL-supported + crypto acceleration hardware. +* Fixed some high verbosity print format size issues + in event.c for 64 bit platforms (Janne Johansson). +* Made failure to open --log or --log-append file + a non-fatal error. + +2004.06.23 -- Version 2.0-beta6 + +* Fixed Windows installer to intelligently put + up a reboot dialog only if tapinstall tells + us that it's really necessary. +* Fixed "Assertion failed at fragment.c:309" + bug when --mode server and --fragment are used + together. +* Ignore HUP, USR1, and USR2 signals during + initialization. Prior versions would abort. +* Fixed bug on OS X: "Assertion failed at event.c:406". +* Added --service option to Windows version, for use + when OpenVPN is being programmatically instantiated + by another process (see man page for info). +* --log and --log-append options now work on Windows. +* Update OpenBSD INSTALL notes (Janne Johansson). +* Enable multicast on tun interface when running on + OpenBSD (Pavlin Radoslavov). +* Fixed recent --test-crypto breakage, where options + such as --cipher were not being parsed correctly. +* Modified options compatibility string by removing + ifconfig substring if it is empty. Incremented + options compatibility string version number to 4. +* Fixed typo in --tls-timeout option parsing + (Mikael Lonnroth). + +2004.06.13 -- Version 2.0-beta5 + +* Fixed rare --mode server crash that could occur + if data was being routed to a client at + high bandwidth at the precise moment that the + client instance object on the server was being + deleted. +* Fixed issue on machines which have epoll.h and + the epoll_create glibc call defined, but which + don't actually implement epoll in the kernel. + OpenVPN will now gracefully fall back to the + poll API in this case. +* Fixed Windows bug which would cause the following + error in a --mode server --dev tap configuration: + "resource limit WSA_MAXIMUM_WAIT_EVENTS has been + exceeded". +* Added CRL (certificate revocation list) management + scripts to easy-rsa directory (Jon Bendtsen). +* Do a better job of getting the ifconfig component + of the options consistency check to work correctly + when --up-delay is used. +* De-inlined some functions which were too complex + to be inlined anyway with gcc. +* If a --dhcp-option option is pushed to a non-windows + client, the option will be saved in the client's + environment before the --up script is called, under + the name "foreign_option_{n}". +* Added --learn-address script (see man page) which + allows for firewall access through the VPN to be + controlled based on the client common name. +* In mode --server mode, when a client connects to + the server, the server will disconnect any + still-active clients which use the same common + name. Use --duplicate-cn flag to revert to + previous behavior of allowing multiple clients + to concurrently connect with the same common name. + +2004.06.08 -- Version 2.0-beta4 + +* Fixed issue with beta3 where Win32 service wrapper + was keying off of old TAP HWID as a dependency. To + ensure that the new service wrapper is correctly + installed, the Windows install script will uninstall + the old wrapper before installing the new one, + causing a reset of service properties. +* Fixed permissions issue on --status output file, + with default access permissions of owner read/write + only (default permissions can be changed of course with + chmod). + +2004.06.05 -- Version 2.0-beta3 + +* More changes to TAP-Win32 driver's INF file which + affects the placement of the driver in the Windows + device namespace. This is done to work around an + apparent bug in Windows when short HWIDs are used, + and will also ease the upgrade from 1.x to 2.0 by + reducing the chances that a reboot will be needed + on upgrade. Like beta2, this upgrade will + delete existing TAP-Win32 interfaces, and reinstall + a single new interface with default properties. +* Major rewrite of I/O event wait layer in the style + of libevent. This is a precursor to TCP support + in --mode server. +* New feature: --status. Outputs a SIGUSR2-like + status summary to a given file, updated once + per n seconds. The status file is comma delimited + for easy machine parsing. +* --ifconfig-pool now remembers common names and + will try to assign a consistent IP to a given + common name. Still to do: persist --ifconfig-pool + memory across restarts by saving state in file. +* Fixed bug in event timer queue which could cause + recurring timer events such as --ping to not + correctly schedule again after firing. This in + turn would cause spurrious ping restarts and possible + connection outages. Thanks to Denis Vlasenko for + tracking this down. +* Possible fix to reported bug where --daemon argument + was not printing to syslog correctly after restart. +* Fixed bug where pulling --route or --dhcp-option + directives from a server would problematically + interact with --persist-tun on the client. +* Updated contrib/multilevel-init.patch (Farkas Levente). +* Added RPM build option to .spec and .spec.in files + to optionally disable LZO inclusion (Ian Pilcher). +* The latest MingW runtime and headers define + 'ssize_t', so a patch is needed (Gisle Vanem). + +2004.05.14 -- Version 2.0-beta2 + +* Fixed signal handling bug in --mode server, where + SIGHUP and SIGUSR1 were treated as SIGTERM. +* Changed the TAP-Win32 HWID from "TAP" to "TAPDEV". + Apparently the larger string may work around + a problem where the TAP adapter is sometimes missing + from the network connections panel, especially under + XP SP2. Also note that installing this upgrade will + uninstall any pre-existing TAP-Win32 adapters, and then + install a single new adapter, meaning that old adapter + properties will be lost. Thanks to Md5Chap for solving + this one. +* For --mode server --dev tap, the options --ifconfig and + --ifconfig-pool are now optional. This allows address + assignment via DHCP or use of a TAP VPN without + IP support, as has always been possible with 1.x. +* Fixed bug where --ifconfig may not work correctly on + Linux 2.2. +* Added 'local' flag to --redirect-gateway for use on + networks where both OpenVPN daemons are connected + to a shared subnet, such as wireless. + +2004.05.09 -- Version 2.0-beta1 + +* Unchanged from test29 except for version number + upgrade. + +2004.05.08 -- Version 2.0-test29 + +* Modified --dev-node on Windows to accept a TAP-Win32 + GUID name. In addition, --show-adapters will now + display the high-level name and GUID of each adapter. + This is an attempt to work around an issue in Windows + where sometimes the TAP-Win32 adapter installs correctly + but has no icon in the network connections control + panel. In such cases, being able to specify + --dev-node {TAP-GUID} can work around the missing icon. + +2004.05.07 -- Version 2.0-test28 + +* Fixed bug which could cause segfault on program + shutdown if --route and --persist-tun are used + together. + +2004.05.06 -- Version 2.0-test27 + +* Fixed bug in close_instance() which might cause + memory to be accessed after it had already been freed. +* Fixed bug in verify_callback() that might have + caused uninitialized data to be referenced. +* --iroute now allows full CIDR subnet routing. +* In "--mode server --dev tun" usage, source addresses + on VPN packets coming from a particular client must + be associated with that client in the OpenVPN internal + routing table. + +2004.04.28 -- Version 2.0-test26 + +* Optimized broadcast path in multi-client mode. +* Added socket buffer size options --rcvbuf & --sndbuf. +* Configure Linux tun/tap driver to use a more sensible + txqueuelen default. Also allow explicit setting + via --txqueuelen option (Harald Roelle). +* The --remote option now allows the port number + to be specified as the second parameter. If + unspecified, the port number defaults to the + --rport value. +* Multiple --remote options on the client can now be + specified for load balancing and failover. The + --remote-random flag can be used to initially randomize + the --remote list for basic load balancing. +* If a remote DNS name resolves to multiple DNS addresses, + one will be chosen by random as a kind of basic + load-balancing feature if --remote-random is used. +* Added --connect-freq option to control maximum + new connection frequency in multi-client mode. +* In multi-client mode, all syslog messages associated + with a specific client now include a client-ID prefix. +* For Windows, use a gettimeofday() function based + on QueryPerformanceCounter (Derek Burdick). +* Fixed bug in interaction between --key-method 2 + and DES ciphers, where dynamic keys would be generated + with bad parity and then be rejected. + +2004.04.17 -- Version 2.0-test24 + +* Reworked multi-client broadcast handling. + +2004.04.13 -- Version 2.0-test23 + +* Fixed bug in --dev tun --client-to-client routing. +* Fixed a potential deadlock in --pull. +* Fixed a problem with select() usage which could + cause a repeating sequence of "select : Invalid + argument (code=22)" + +2004.04.11 -- Version 2.0-test22 + +* Fixed bug where --mode server + --daemon was + prematurely closing syslog connection. +* Added support for --redirect-gateway on Mac OS X + (Jeremy Apple). +* Minor changes to TAP-Win32 driver based on feedback + from the NDISTest tool. + +2004.04.11 -- Version 2.0-test21 + +* Optimizations in multi-client server event loop. + +2004.04.10 -- Version 2.0-test20 + +* --mode server capability now works with either tun + or tap interfaces. When used with tap interfaces, + OpenVPN will internally bridge all client tap + interfaces with the server tap interface. +* Connecting clients can now have a client-specific + configuration on the server, based on the client + common name embedded in the client certificate. + See --client-config-dir and --client-connect. + These options can be used to configure client-specific + routes. +* Added an option --client-to-client that enables + internal client-to-client routing or bridging. + Otherwise, clients will only "see" the server, + not other connected clients. +* Fixed bug in route scheduling which would have caused + --mode server to not work on Windows in test18 + and test19 with the sample config file. +* Man page is up to date with all new options. +* OpenVPN 2.0 release notes on web site updated + with tap-style tunnel examples. + +2004.04.02 -- Version 2.0-test19 + +* Fixed bug where routes pushed from server were + not working correctly on Windows clients. +* Added Mac OS X route patch (Jeremy Apple). + +2004.03.30 -- Version 2.0-test18 + +* Minor fixes + Windows self-install modified + to use OpenSSL 0.9.7d. + +2004.03.29 -- Version 2.0-test17 + +* Fixed some bugs related to instance timeout and deletion. +* Extended --push/--pull option to support additional + option classes. + +2004.03.28 -- Version 2.0-test16 + +* Successful test of --mode udp-server, --push, + --pull, and --ifconfig-pool with server on + Linux 2.4 and clients on Linux and Windows. + +2004.03.25 -- Version 2.0-test15 + +* Implemented hash-table lookup of client instances + based either on remote UDP address/port or remote + ifconfig endpoint. +* Implemented a randomized binary tree based + scheduler for scalably scheduling a large number + of client instance events. Uses the treap + data structure and node rotation algorithm + to keep the tree balanced. +* Initial implementation of ifconfig-pool. +* Made --key-method 2 the default. + +2004.03.20 -- Version 2.0-test14 + +* Implemented --push and --pull. + +2004.03.20 -- Version 2.0-test13 + +* Reduced struct tls_multi and --single-session + memory footprint. +* Modified --single-session flag to be used + in multi-client UDP server client instances. + +2004.03.19 -- Version 2.0-test12 + +* Added the key multi-client UDP server options, + --mode, --push, --pull, and --ifconfig-pool. +* Revamped GC (garbage collection) code to not rely + on any global data. +* Modifications to thread.[ch] to allow a more + flexible thread model. + +2004.03.16 -- Version 2.0-test11 + +* Moved all timer code to interval.h, added new file + interval.c. +* Fixed missing include. + +2004.03.16 -- Version 2.0-test10 + +* More TAP-Win32 fixes. +* Initial debugging and testing of multi.[ch]. + +2004.03.14 -- Version 2.0-test9 + +* Branch merge with 1.6-rc3 +* More point-to-multipoint work in multi.[ch]. +* Major TAP-Win32 driver restructuring to use + NdisMRegisterDevice instead of + IoCreateDevice/IoCreateSymbolicLink. +* Changed TAP-Win32 symbolic links to use \DosDevices\Global\ + pathname prefix. +* In the majority of cases, TAP-Win32 should now be + able to install and uninstall on Win2K without requiring + a reboot. +* TAP-Win32 MAC address can now be explicitly set in the + adapter advanced properties page. + +2004.03.04 -- Version 2.0-test8 + +* Branch merge with 1.6-rc2. + +2004.03.03 -- Version 2.0-test7 + +* Branch merge with 1.6-rc1.2. + +2004.03.02 -- Version 2.0-test6 + +* Branch merge with 1.6-rc1. + +2004.03.02 -- Version 2.0-test5 + +* Move Socks5 UDP header append/remove to socks.c, and is + called from forward.c. +* Moved verify statics from ssl.c into struct tls_session. +* Wrote multi.[ch] to handle top level of point-to-multipoint + mode. +* Wrote some code to allow a struct link_socket in a child context + to be slaved to the parent context. +* Broke up packet read and process functions in forward.c + (from socket or tuntap) into separate functions for read + and process, so that point-to-point and point-to-multipoint can + share the same code. +* Expand TLS control channel to allow the passing of configuration + commands. +* Wrote mroute.[ch] to handle internal packet routing for + point-to-multipoint mode. + +2004.02.22 -- Version 2.0-test3 + +* Initial work on UDP multi-client server. +* Branch merge of 1.6-beta7 + +2004.02.14 -- Version 2.0-test2 + +* Refactorization of openvpn.c into openvpn.[ch] + init.[ch] forward.[ch] forward-inline.h + occ.[ch] occ-inline.h ping.[ch] ping-inline.h + sig.[ch]. Created a master per-tunnel + struct context in openvpn.h. +* Branch merge of 1.6-beta6.2 + +2003.11.06 -- Version 2.0-test1 + +* Initial testbed for 2.0. + +2004.05.09 -- Version 1.6.0 + +* Unchanged from 1.6-rc4 except for version number + upgrade. + +2004.04.01 -- Version 1.6-rc4 + +* Made minor customizations to devcon and + renamed as tapinstall.exe for Windows version. +* Fixed "storage size of `iv' isn't known" build + problem on FreeBSD. +* OpenSSL 0.9.7d bundled with Windows self-install. + +2004.03.13 -- Version 1.6-rc3 + +* Minor Windows fixes for --ip-win32 dynamic, relating to + the way the TAP-Win32 driver responds to a DHCP request + from the Windows DHCP client. +* The net_gateway environmental variable wasn't being + set correctly for called scripts (Paul Zuber). +* Added code to determine the default gateway on FreeBSD, + allowing the --redirect-gateway option to work + (Juan Rodriguez Hervella). + +2004.03.04 -- Version 1.6-rc2 + +* Fixed bug in Windows version where the NetBIOS node-type + DHCP option might have been passed even if it was not + specified. +* Fixed bug in Windows version introduced in 1.6-rc1, where + DHCP timeout would be set to 0 seconds if --ifconfig option + was used and --ip-win32 option was not explicitly specified. +* Added some new --dhcp-option types for Windows version. + +2004.03.02 -- Version 1.6-rc1 + +* For Windows, make "--ip-win32 dynamic" the default. +* For Windows, make "--route-delay 10" the default + unless --ip-win32 dynamic is not used or --route-delay + is explicitly specified. +* L_TLS mutex could have been left in a locked state + for certain kinds of TLS errors. + +2004.02.22 -- Version 1.6-beta7 + +* Allow scheduling priority increase (--nice) together + with UID/GID downgrade (--user/--group). +* Code that causes SIGUSR1 restart on TLS errors in TCP + mode was not activated in pthread builds. +* Save the certificate serial number in an environmental + variable called tls_serial_{n} prior to calling the + --tls-verify script. n is the current cert chain level. +* Added NetBSD IPv6 tunnel capability (also requires + a kernel patch) (Horst Laschinsky). +* Fixed bug in checking the return value of the nice() + function (Ian Pilcher). +* Bug fix in new FreeBSD IPv6 over TUN code which was + originally added in 1.6-beta5 (Nathanael Rensen). +* More Socks5 fixes -- extended the struct frame + infrastructure to accomodate proxy-based encapsulation + overhead. +* Added --dhcp-option to Windows version for setting + adapter properties such as WINS & DNS servers. +* Use a default route-delay of 5 seconds when + --ip-win32 dynamic is specified (only applicable when + --route-delay is not explicitly specified). +* Added "log_append" registry variable to control + whether the OpenVPN service wrapper on Windows + opens log files in append (log_append="1") or + truncate (log_append="0") mode. The default + is truncate. + +2004.02.05 -- Version 1.6-beta6 + +* UDP over Socks5 fix to accomodate Socks5 encapsulation + overhead (Christof Meerwald). +* Minor --ip-win32 dynamic tweaks (use long lease time, + invalidate existing lease with DHCPNAK). + +2004.02.01 -- Version 1.6-beta5 + +* Added Socks5 proxy support (Christof Meerwald). +* IPv6 tun support for FreeBSD (Thomas Glanzmann). +* Special TAP-Win32 debug mode for Windows self-install that was + enabled in beta4 is now turned off. +* Added some new Solaris notes to INSTALL (Koen Maris). +* More work on --ip-win32 dynamic. + +2004.01.27 -- Version 1.6-beta4 + +* For this beta, the Windows self-install is a debug version + and will run slower -- use only for testing. +* Reverted the --ip-win32 default back to 'ipapi' + from 'dynamic'. +* Added the offset parameter to '--ip-win32 dynamic' which + can be used to control the address of the masqueraded + DHCP server which replies to Windows DHCP requests. +* Added a wait/nowait option to --inetd (nowait can only + be used with TCP sockets, TLS authentication, and over + a bridged configuration -- see FAQ for more info) + (Stefan `Sec` Zehl). +* Added a build-time capability where TAP-Win32 driver + debug messages can be output by OpenVPN at --verb 6 + or higher. + +2004.01.20 -- Version 1.6-beta2 + +* Added ./configure --enable-iproute2 flag which + uses iproute2 instead of route + ifconfig -- + this is necessary for the LEAF Linux distro + (Martin Hejl). +* Added renewal-time and rebind-time to set of + DHCP options returned by the TAP-Win32 driver when + "--ip-win32 dynamic" is used. + +2004.01.14 -- Version 1.6-beta1 + +* Fixed --proxy bug that sometimes caused plaintext + control info generated by the proxy prior to http + CONNECT method establishment to be incorrectly + parsed as OpenVPN data. +* For Windows version, implemented the + "--ip-win32 dynamic" method and made it the default. + This method sets the TAP-Win32 adapter IP address + and netmask by replying to the kernel's DHCP queries. + See the man page for more detailed info. +* Added --connect-retry parameter which controls + the time interval (in seconds) between connect() + retries when --proto tcp-client is used. Previously, + this value was hardcoded to 5 seconds, and still + defaults as such. +* --resolv-retry can now be used with a parameter + of "infinite" to retry indefinitely. +* Added SSL_CTX_use_certificate_chain_file() to ssl.c + for support of multi-level certificate chains + (Sten Kalenda). +* Fixed --tls-auth incompatibility with 1.4.x and earlier + versions of OpenVPN when the passphrase file is an + OpenVPN static key file (as generated by --genkey). +* Added shell-escape support in config files using + the backslash character ("\") so that (for example) + double quotes can be passed to the shell. +* Added "contrib" subdirectory on tarball, source zip, + and CVS containing user-submitted contributions. +* Added an optional patch to the Redhat init script to + allow the configuration file directory to be a + multi-level directory hierarchy (Farkas Levente). + See contrib/multilevel-init.patch +* Added some scripts and documentation on using + Linux "fwmark" iptables rules to enable + fine-grained routing control over the VPN + (Sean Reifschneider, <jafo@tummy.com>). + See contrib/openvpn-fwmarkroute-1.00 + +2003.11.20 -- Version 1.5.0 + +* Minor documentation changes. + +2003.11.04 -- Version 1.5-beta14 + +* Fixed build problem with ./configure --disable-ssl + that was reported on Debian woody. +* Fixed bug where --redirect-gateway could not be used + together with --resolv-retry. + +2003.11.03 -- Version 1.5-beta13 + +* Added CRL (certificate revocation list) capability using + --crl-verify option (Stefano Bracalenti). +* Added --replay-window option for variable replay-protection + window sizes. +* Fixed --fragment bug which might have caused certain large + packets to be sent unfragmented. +* Modified --secret and --tls-auth to permit different cipher and + HMAC keys to be used for each data flow direction. Also + increased static key file size generated by --genkey from + 1024 to 2048 bits, where 512 bits each are reserved for + send-HMAC, encrypt, receive-HMAC, and decrypt. Key file forward + and backward compatibility is maintained. See --secret option + documentation on the man page for more info. +* Added --tls-remote option (Teemu Kiviniemi). +* Fixed --tls-cipher documention regarding correct delimiter + usage (Teemu Kiviniemi). +* Added --key-method option for selecting alternative data + channel key negotiation methods. Method 1 is the default. + Method 2 has been added (see man page for more info). +* Added French translation of HOWTO to web site + (Guillaume Lehmann). +* Fixed problem caused by late resolver library load on + certain platforms when --resolv-retry and --chroot are + used together (Teemu Kiviniemi). +* In TCP mode, all decryption or TLS errors will abort the current + connection (this is not done in UDP mode because UDP is + "connectionless"). +* Fixed a TCP client reconnect bug that only occurs on the + BSDs, where connect() fails with an invalid argument. This + bug was partially (but not completely) fixed in beta7. +* Added "route_net_gateway" environmental variable which contains + the pre-existing default gateway address from the routing table + (there's no standard API for getting the default gateway, so + right now this feature only works on Windows or Linux). +* Renamed the "route_default_gateway" enviromental variable to + "route_vpn_gateway" -- this is the remote VPN endpoint. +* The special keywords vpn_gateway, net_gateway, and remote_host + can now be used for the network or gateway components of the + --route option. See the man page for more info. +* Added the --redirect-gateway option to configure the VPN + as the default gateway (implemented on Linux and Windows only). +* Added the --http-proxy option with basic authentication + support for use in TCP client mode. Successfully tested + using Squid as the HTTP proxy, with and without authentication. + +2003.10.12 -- Version 1.5-beta12 + +* Fixed Linux-only bug in --mktun and --rmtun which was + introduced around beta8 or so, which would cause + an error such as "I don't recognize device tun0 as a + tun or tap device1". +* Added --ifconfig-nowarn option to disable options + consistency warnings about --ifconfig parameters. +* Don't allow any kind of sequence number backtracking or + message reordering when in TCP mode. +* Changed beta naming convention to use '_' (underscore) + rather than '-' (dash) to pacify rpmbuild. + +2003.10.08 -- Version 1.5-beta11 + +* Modified code in the Windows version which sets the IP address + and netmask of the TAP-Win32 adapter using the IP Helper API. + Most of the changes involve better error recovery when + the IP Helper API returns an error status. See the + manual page entry on --ip-win32 for more info. + +2003.10.08 -- Version 1.5-beta10 + +* Added getpass() function for Windows version so that --askpass + option works correctly (Stefano Bracalenti). +* Added reboot advisory to end of Win32 install script. +* Changed crypto code to use pseudo-random IVs rather than + carrying forward the IV state from the previous packet. + This is in response to item 2 in the following document: + http://www.openssl.org/~bodo/tls-cbc.txt which points + out weaknesses in TLS's use of the same IV carryforward + approach. This change does not break protocol compatibility + with previous versions of OpenVPN. +* Made a change to the crypto replay protection code to also + protect against certain kinds of packet reordering attacks. + This change does not break protocol compatibility with + previous versions of OpenVPN. +* Added --ip-win32 option to provide several choices for + setting the IP address on the TAP-Win32 adapter. +* #ifdefed out non-CBC crypto modes by default. +* Added --up-delay option to delay TUN/TAP open and --up script + execution until after connection establishment. This option + replaces the earlier windows-only option --tap-delay. + +2003.10.01 -- Version 1.5-beta9 + +* Fixed --route-noexec bug where option was not parsed correctly. +* Complain if --dev tun is specified without --ifconfig on Windows. +* Fixed bug where TCP connections on windows would sometimes cause + an assertion failure. +* Added a new flag to TAP-Win32 advanced properties that allows one + to set the adapter to be always "connected" even when an OpenVPN + process doesn't have it open. The default behavior is to report + a media status of connected only when an OpenVPN process has the + adapter open. +* Rebuilt the Windows self-install distribution with OpenSSL 0.9.7c + DLLs in response to an OpenSSL security advisory. + +2003.09.30 -- Version 1.5-beta8 + +* Extended the --ifconfig option to work on tap devices as well + as tun devices. +* Implemented the --ifconfig option for Windows, by calling the + netsh tool. +* By default, do an "arp -d *" on Windows after TAP-Win32 open to + refresh the MAC cache. This behaviour can be disabled with + --no-arp-del. +* On Windows, allow the --dev-node parameter (which specifies + the name of the TAP-Win32 adapter) to be omitted in cases where + there is a single TAP-Win32 adapter on the system which can be + assumed to be the default. +* Modified the diagnostic --verb 5 debugging level to print 'R' + for TCP/UDP read, 'W' for TCP/UDP write, 'r' for TUN/TAP read, + and 'w' for TUN/TAP write. +* Conditionalize OpenBSD read_tun and write_tun based on tun or tap + mode. +* Added IPv6 tun support to OpenBSD (Thomas Glanzmann). +* Make the --enable-mtu-dynamic ./configure option enabled by + default. +* Deprecated the --mtu-dynamic run-time option, in favor of + --fragment. +* DNS names can now be used as --ifconfig parameters. +* Significant work on TAP-Win32 driver to bring up to SMP standards. +* On Windows, fixed dangling IRP problem if TAP-Win32 driver is + unloaded or disabled, while a user-space process has it open. +* On Windows, if --tun-mtu is not specified, it will be read from + the TAP-Win32 driver via ioctl. +* On Windows, added TAP-Win32 driver status info to "F2" keyboard + signal (only when run from a console window). +* Added --mssfix option to control TCP MSS size (YANO Hirokuni). +* Renamed --mtu-dynamic option to --fragment to more accurately + reflect its function. Fragment accepts a single parameter which + is the upper limit on acceptable UDP packet size. +* Changed default --tun-mtu-extra parameter to 32 from 64. +* Eliminated reference to malloc.o in configure.ac. +* Added tun device emulation to the TAP-Win32 driver. +* Added --route and related options. +* Added init script for SuSE Linux (Frank Plohmann). +* Extended option consistency check between peers to function + in all crypto modes, including static-key and cleartext modes. + Previously only TLS mode was supported. Disable with + --disable-occ. +* Overall, increased the amount of configuration option sanity + checking, especially of networking parameters. +* Added --mtu-test option for empirical MTU measurement. +* Added Windows-only option --tap-delay to not set the TAP-Win32 + adapter media state to 'connected' until TCP/UDP connection + establishment with peer. +* Slightly modified --route/--route-delay semantics so that when + --route is given without --route-delay, routes are added + immediately after tun/tap device open. When --route-delay is + specified, routes will be added n seconds after connection + initiation, where n is the --route-delay parameter (which + can be set to 0). +* Made TCP framing error into a non-fatal error that triggers a + connection reset. + +2003.08.28 -- Version 1.5-beta7 + +* Fixed bug that caused OpenVPN not to respond to exit/restart + signals when --resolv-retry is used and a local or remote DNS + name cannot be resolved. +* Exported a series of environmental variables with useful + info for scripts. See man page for more info. Based + on a suggestion by Anthony Ciaravalo. +* Moved TCP/UDP socket bind to a point in the initialization + before the --up script gets called. This is desirable + because (a) a socket bind failure will happen before + daemonization, allowing an error status code to be returned + to the shell and (b) the possibility is eliminated of a + socket bind failure causing the --up script to be run + but not the --down script. This change has a side effect + that --resolv-retry will no longer work with --local. +* Fixed bug where if an OpenVPN TCP server went down and back + up again, Solaris or FreeBSD clients would fail to reconnect + to it. +* Fixed bug that prevented OpenVPN from being run by + inetd/xinetd in TCP mode. +* Added --log and --log-append options for logging messages to + a file. +* On Windows, check that the current user is a member of the + Administrator group before attempting install or uninstall. + +2003.08.16 -- Version 1.5-beta6 + +* Fixed TAP-Win32 driver to properly increment the Rx/Tx count. + +2003.08.14 -- Version 1.5-beta5 + +* Added user-configurability of the TAP-Win32 adapter MTU + through the adapter advanced properties page. +* Added Windows Service support. +* On Windows, added file association and right-clickability + for .ovpn files (OpenVPN config files). + +2003.08.05 -- Version 1.5-beta4 + +* Extra refinements and error checking added to Windows + NSIS install script. + +2003.08.05 -- Version 1.5-beta3 + +* Added md5.h include to crypto.c to fix build problem on + OpenBSD. +* Created a Win32 installer using NSIS. +* Removed DelService command from TAP-Win32 INF file. It appears + to be not necessary and it interfered with the ability to + uninstall and reinstall the driver without needing to reboot. +* On Windows version, added "addtap" and "deltapall" batch + files to add and delete TAP-Win32 adapter instances. + +2003.07.31 -- Version 1.5-beta2 + +* Renamed INSTALL.w32 to INSTALL-win32.txt and reformatted + in Windows ASCII so it's easier to click and view. +* Added postscript and PDF versions of the HOWTO to the web + site (C R Zamana). +* Merged Michael Clarke's stability patch into TAP-Win32 + driver which appears to fix the suspend/resume driver bug + and significantly improve driver stability. +* Added Christof Meerwald's Media Status patch to the + TAP-Win32 driver which shows the TAP adapter to be + disconnected when OpenVPN is not running. +* Moved socket connect and TCP server listen code to a later + point in openvpn() function so that the TCP server listen + state is entered after daemonization. +* Added keyboard shortcuts to simulate signals in the Windows + version, see the window title bar for descriptions. + +2003.07.24 -- Version 1.5-beta1 + +* Added TCP support via the new --proto option. +* Renamed udp-centric options such as --udp-mtu to + --link-mtu (old option names preserved for compatibility). +* Ported to Windows 2000 + XP using mingw and a TAP driver + derived from the Cipe-Win32 project by Damion K. Wilson. +* Added --show-adapters flag for windows version. +* Reworked the SSL/TLS packet acknowledge code to better + handle certain corner cases. +* Turned off the default enabling of IP forwarding in the + sample-scripts/openvpn.init script for Redhat. + Forwarding can be enabled by users in their --up scripts + or firewall config. +* Added --up-restart option based on suggestion from Sean + Reifschneider. +* If --dev tap or --dev-type tap is specified, --tun-mtu + defaults to 1500 and --tun-mtu-extra defaults to 64. +* Enabled --verb 5 debugging mode that prints 'R' and 'W' + for each packet read or write on the TCP/UDP socket. + +2003.08.04 -- Version 1.4.3 + +* Added md5.h include to crypto.c + to fix build problem on OpenBSD. + +2003.07.15 -- Version 1.4.2 + +* Removed adaptive bandwidth from + --mtu-dynamic -- its absence appears + to work better than its existence (1.4.1.2). +* Minor changes to --shaper to fix long + retransmit timeouts at low bandwidth + (1.4.1.2). +* Added LOG_RW flag to openvpn.h for + debugging (1.4.1.2). +* Silenced spurious configure warnings (1.4.1.2). +* Backed out --dev-name patch, modified --dev + to offer equivalent functionality (1.4.1.4). +* Added an optional parameter to --daemon and + --inetd to support the passing of a custom + program name to the system logger (1.4.1.5). +* Add compiled-in options to the program title + (1.4.1.5). +* Coded the beginnings of a WIN32 port (1.4.1.5). +* Succeeded in porting to Win32 Mingw environment + and running loopback tests (1.4.1.6). Still + need a kernel driver for full Win32 + functionality. +* Fixed a bug in error.h where + HAVE_CPP_VARARG_MACRO_GCC was misspelled. + This would have caused a significant slowdown + of OpenVPN when built by compilers that + lack ISO C99 vararg macros (1.4.1.6). +* Created an init script for Gentoo Linux + in ./gentoo directory (1.4.1.6). + +2003.05.15 -- Version 1.4.1 + +* Modified the Linux 2.4 TUN/TAP open code to + fall back to the 2.2 TUN/TAP interface if the + open or ioctl fails. +* Fixed bug when --verb is set to 0 and non-fatal + socket errors occur, causing 100% CPU utilization. + Occurs on platorms where + EXTENDED_SOCKET_ERROR_CAPABILITY is defined, + such as Linux 2.4. +* Fixed typo in tun.c that was preventing + OpenBSD build. +* Added --enable-mtu-dynamic configure option + to enable --mtu-dynamic experimental option. + +2003.05.07 -- Version 1.4.0 + +* Added --replay-persist feature to allow replay + protection across sessions. +* Fixed bug where --ifconfig could not be used + with --tun-mtu. +* Added --tun-mtu-extra parameter to deal with + the situation where a read on a TUN/TAP device + returns more data than the device's MTU size. +* Fixed bug where some IPv6 support code for + Linux was not being properly ifdefed out for + Linux 2.2, causing compile errors. +* Added OPENVPN_EXIT_STATUS_x codes to + openvpn.h to control which status value + openvpn returns to its caller (such as + a shell or inetd/xinetd) for various conditions. +* Added OPENVPN_DEBUG_COMMAND_LINE flag to + openvpn.h to allow debugging in situations + where stdout, stderr, and syslog cannot be used + for message output, such as when OpenVPN is + instantiated by inetd/xinetd. +* Removed owner-execute permission from file + created by static key generator (Herbert Xu + and Alberto Gonzalez Iniesta). +* Added --passtos option to allow IPv4 TOS bits + to be passed from TUN/TAP input packets to + the outgoing UDP socket (Craig Knox). +* Added code to prevent open socket file descriptors + from being accessible to called scripts. +* Added --dev-name option (Christian Lademann). +* Added --mtu-disc option for manual control + over MTU options. +* Show OS MTU value on UDP socket write failures + (linux only). +* Numerous build system and portability + fixes (Matthias Andree). +* Added better sensing of compiler support for + variable argument macros, including (a) gcc + style, (b) ISO C 1999 style, and (c) no support. +* Removed generated files from CVS. Note INSTALL + file for new CVS build commands. +* Changed certain internal symbol names + for C standards compliance. +* Added TUN/TAP open code to cycle dynamically + through unit numbers until it finds a free + unit (based on code from Thomas Gielfeldt + and VTun). +* Added dynamic MTU and fragmenting infrastructure + (Experimental). Rebuild with FRAGMENT_ENABLE + defined to enable. +* Minor changes to SSL/TLS negotiation, use + exponential backoff on retransmits, and use + a smaller MTU size (note that no protocol + changes have been made which would break + compatibility with 1.3.x). +* Added --enable-strict-options flag + to ./configure. This option will cause + a more strict check for options compatibility + between peers when SSL/TLS negotiation is used, + but should only be used when both OpenVPN peers + are of the same version. +* Reorganization of debugging levels. +* Added a workaround in configure.ac for + default SSL header location on Linux + to fix RH9 build problem. +* Fixed potential deadlock when pthread support + is used on OSes that allocate a small socketpair() + message buffer. +* Fixed openvpn.init to be sh compliant + (Bishop Clark). +* Changed --daemon to wait until all + initialization is finished before becoming a + daemon, for the benefit of initialization + scripts that want a useful return status from + the openvpn command. +* Made openvpn.init script more robust, including + positive indication of initialization errors + in the openvpn daemon and better sanity checks. +* Changed --chroot to wait until initialization + is finished before calling chroot(), and allow + the use of --user and --group with --chroot. +* When syslog logging is enabled (--daemon or + --inetd), set stdin/stdout/stderr to point + to /dev/null. +* For inetd instantiations, dup socket descriptor + to a >2 value. +* Fixed bug in verify-cn script, where test would + incorrectly fail if CN=x was the last component + of the X509 composite string (Anonymous). +* Added Markus F.X.J. Oberhumer's special + license exception to COPYING. + +2002.10.23 -- Version 1.3.2 + +* Added SSL_CTX_set_client_CA_list call + to follow the canonical form for TLS initialization + recommended by the OpenSSL docs. This change allows + better support for intermediate CAs and has no impact + on security. +* Added build-inter script to easy-rsa package, to + facilitate the generation of intermediate CAs. +* Ported to NetBSD (Dimitri Goldin). +* Fixed minor bug in easy-rsa/sign-req. It refers to + openssl.cnf file, instead of $KEY_CONFIG, like all + other scripts (Ernesto Baschny). +* Added --days 3650 to the root CA generation command + in the HOWTO to override the woefully small 30 day + default (Dominik 'Aeneas' Schnitzer). +* Fixed bug where --ping-restart would sometimes + not re-resolve remote DNS hostname. +* Added --tun-ipv6 option and related infrastructure + support for IPv6 over tun. +* Added IPv6 over tun support for Linux (Aaron Sethman). +* Added FreeBSD 4.1.1+ TUN/TAP driver notes to + INSTALL (Matthias Andree). +* Added inetd/xinetd support (--inetd) including + documentation in the HOWTO. +* Added "Important Note on the use of commercial certificate + authorities (CAs) with OpenVPN" to HOWTO based on + issues raised on the openvpn-users list. + +2002.07.10 -- Version 1.3.1 + +* Fixed bug in openvpn.spec and openvpn.init + which caused RPM upgrade to fail. + +2002.07.10 -- Version 1.3.0 + +* Added --dev-node option to allow explicit selection of + tun/tap device node. +* Removed mlockall call from child thread, as it doesn't + appear to be necessary (child thread inherits mlockall + state from parent). +* Added --ping-timer-rem which causes timer for --ping-exit + and --ping-restart not to run unless we have a remote IP + address. +* Added condrestart to openvpn.init and openvpn.spec + (Bishop Clark). +* Added --ifconfig case for FreeBSD (Matthias Andree). +* Call openlog with facility=LOG_DAEMON (Matthias Andree). +* Changed LOG_INFO messages to LOG_NOTICE. +* Added warning when key files are group/others accessible. +* Added --single-session flag for TLS mode. +* Fixed bug where --writepid would segfault if used with + an invalid filename. +* Fixed bug where --ipchange status message was formatted + incorrectly. +* Print more concise error message when system() call + fails. +* Added --disable-occ option. +* Added --local, --remote, and --ifconfig options sanity + check. +* Changed default UDP MTU to 1300 and TUN/TAP MTU to + 1300. +* Successfully tested with OpenSSL 0.9.7 Beta 2. +* Broke out debug level definitions to errlevel.h +* Minor documentation and web site changes. +* All changes maintain protocol compatibility + with OpenVPN versions since 1.1.0, however default + MTU changes will require setting the MTU explicitly + by command line option, if you want 1.3.0 to + communicate with previous versions. + +2002.06.12 -- Version 1.2.1 + +* Added --ping-restart option to restart + connection on ping timeout using SIGUSR1 + logic (Matthias Andree). +* Added --persist-tun, --persist-key, + --persist-local-ip, and --persist-remote-ip + options for finer-grained control over SIGUSR1 + and --ping-restart restarts. To + replicate previous SIGUSR1 functionality, + use --persist-remote-ip. +* Changed residual IV fetching code to take + IV from tail of ciphertext. +* Added check to make sure that CFB or OFB + cipher modes are only used with SSL/TLS + authentication mode, and added a caveat + to INSTALL. +* Changed signal handling during initialization + (including re-initialization during restarts) + to exit on SIGTERM or SIGINT and ignore other + signals which would ordinarily be caught. +* Added --resolv-retry option to allow + retries on hostname resolution. +* Expanded the --float option to also + allow dynamic changes in source port number + on incoming datagrams. +* Added --mute option to limit repetitive + logging of similar message types. +* Added --group option to downgrade GID + after initialization. +* Try to set ifconfig path automatically + in configure. +* Added --ifconfig code for Mac OS X + (Christoph Pfisterer). +* Moved "Peer Connection Initiated" message + to --verb level 1. +* Successfully tested with + OpenSSL 0.9.7 Beta 1 and AES cipher. +* Added RPM notes to INSTALL. +* Added ACX_PTHREAD (from the autoconf + macro archive) to configure.ac + to figure out the right pthread + options for a given platform. +* Broke out macro definitions from + configure.ac to acinclude.m4. +* Minor changes to docs and HOWTO. +* All changes maintain protocol compatibility + with OpenVPN versions since 1.1.0. + +2002.05.22 -- Version 1.2.0 + +* Added configuration file support via + the --config option. +* Added pthread support to improve latency. + With pthread support, OpenVPN + will offload CPU-intensive tasks such as RSA + key number crunching to a background thread + to improve tunnel packet forwarding + latency. pthread support can be enabled + with the --enable-pthread configure option. + Pthread support is currently available + only for Linux and Solaris. +* Added --dev-type option so that tun/tap + device names don't need to begin with + "tun" or "tap". +* Added --writepid option to write main + process ID to a file. +* Numerous portability fixes to ease + porting to other OSes including changing + all network types to uint8_t and uint32_t, + and not assuming that time_t is 32 bits. +* Backported to OpenSSL 0.9.5. +* Ported to Solaris. +* Finished OpenBSD port except for + pthread support. +* Added initialization script: + sample-scripts/openvpn.init + (Douglas Keller) +* Ported to Mac OS X (Christoph Pfisterer). +* Improved resilience to DoS attacks when + TLS mode is used without --remote or + --tls-auth, or when --float is used + with --remote. Note however that the best + defense against DoS attacks in TLS mode + is to use --tls-auth. +* Eliminated automake/autoconf dependency + for non-developers. +* Ported configure.in to configure.ac + and autoconf 2.50+. +* SIGHUP signal now causes OpenVPN to restart + and re-read command line and or config file, + in conformance with canonical daemon behaviour. +* SIGUSR1 now does what SIGHUP did in + version 1.1.1 and earlier -- close and reopen + the UDP socket for use when DHCP changes + host's IP address and preserve most recently + authenticated peer address without rereading + config file. +* SIGUSR2 added -- outputs current statistics, + including compression statistics. +* All changes maintain protocol compatibility + with 1.1.1 and 1.1.0. + +2002.04.22 -- Version 1.1.1 + +* Added --ifconfig option to automatically configure + TUN device. +* Added inactivity disconnect (--inactive + and --ping-exit options). +* Added --ping option to keep stateful firewalls + from timing out. +* Added sanity check to command line parser to + err if any TLS options are used in non-TLS mode. +* Fixed build problem with compiler environments that + define printf as a macro. +* Fixed build problem on linux systems that have + an integrated TUN/TAP driver but lack the persistent + tunnel feature (TUNSETPERSIST). Some linux kernels + >= 2.4.0 and < 2.4.7 fall into this category. +* Changed all calls to EVP_CipherInit to use explicit + encrypt/decrypt mode in order to fix problem with + IDEA-CBC and AES-256-CBC ciphers. +* Minor changes to control channel transmit limiter + algorithm to fix problem where TLS control channel + might not renegotiate within the default 60 second window. +* Simplified man page examples by taking advantage + of the new --ifconfig option. +* Minor changes to configure.in to check more + rigourously for OpenSSL 0.9.6 or greater. +* Put back openvpn.spec, eliminated + openvpn.spec.in. +* Modified openvpn.spec to reflect new automake-based + build environment (Bishop Clark). +* Other documentation changes. +* Added --test-crypto option for debugging. +* Added "missing" and "mkinstalldirs" automake + support files. + + +2002.04.09 -- Version 1.1.0 + +* Strengthened replay protection and IV handling, + extending it fully to both static key and + TLS dynamic key exchange modes. +* Added --mlock option to disable paging and ensure that key + material and tunnel data is never paged to disk. +* Added optional traffic shaping feature to cap the maximum + data rate of the tunnel. +* Converted to automake (The Platypus Brothers 2002-04-01). +* Ported to OpenBSD by Janne Johansson. +* Added --tun-af-inet option to work around an incompatibility + between Linux and BSD tun drivers. +* Sequence number-based replay protection using the + IPSec sliding window model is now the default, + disable with --no-replay. +* Explicit IV is now the default, disable with --no-iv. +* Disabled all cipher modes except CBC, CFB, and OFB. +* In CBC mode, use explicit IV and carry forward residuals, + using IPSec model. +* In CFB/OFB mode, IV is timestamp, sequence number. +* Eliminated --packet-id, --timestamp, and max-delta parameter to + the --tls-auth option as they are now supplanted by improved + replay code which is enabled by default. +* Eliminated --rand-iv as it is now obsolete with improved + IV code. +* Eliminated --reneg-err option as it increases vulnerability + to DoS attacks. +* Added weak key check for DES ciphers. +* --tls-freq option is no longer specified on the command line, + instead it now inherits its parameter from the + --tls-timeout option. +* Fixed bug that would try to free memory on exit that was + never malloced if --comp-lzo was not specified. +* Errata fixed in the man page examples: "test-ca" should be + "tmp-ca". +* Updated manual page. +* Preliminary work in porting to OpenSSL 0.9.7. +* Changed license to allowing linking with OpenSSL. + +2002.03.29 -- Version 1.0.3 + +* Fixed a problem in configure with library ordering on the + command line. + +2002.03.28 -- Version 1.0.2 + +* Improved the efficiency of the inner event loop. +* Fixed a minor bug with timeout handling. +* Improved the build system to build on RH 6.2 through 7.2. +* Added an openvpn.spec file for RPM builders (Bishop Clark). + +2002.03.23 -- Version 1.0 + +* Added TLS-based authentication and key exchange. +* Added gremlin mode to stress test. +* Wrote man page. + +2001.12.26 -- Version 0.91 + +* Added any choice of cipher or HMAC digest. + +2001.5.13 -- Version 0.90 + +* Initial release. +* IP tunnel over UDP, with blowfish cipher and SHA1 HMAC signature. |