Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

openvpn-2.4.3-lp150.2.10 RPM for x86_64

From OpenSuSE Leap 15.0 for x86_64

Name: openvpn Distribution: openSUSE Leap 15.0
Version: 2.4.3 Vendor: openSUSE
Release: lp150.2.10 Build date: Thu Nov 23 13:00:00 2017
Group: Productivity/Networking/Security Build host: lamb06
Size: 1376093 Source RPM: openvpn-2.4.3-lp150.2.10.src.rpm
Summary: Full-featured SSL VPN solution using a TUN/TAP Interface
OpenVPN is a full-featured SSL VPN solution which can accommodate a wide
range of configurations, including remote access, site-to-site VPNs,
WiFi security, and enterprise-scale remote access solutions with load
balancing, failover, and fine-grained access-controls.

OpenVPN implements OSI layer 2 or 3 secure network extension using the
industry standard SSL/TLS protocol, supports flexible client
authentication methods based on certificates, smart cards, and/or
2-factor authentication, and allows user or group-specific access
control policies using firewall rules applied to the VPN virtual

OpenVPN runs on: Linux, Windows 2000/XP and higher, OpenBSD, FreeBSD,
NetBSD, Mac OS X, and Solaris.

OpenVPN is not a web application proxy and does not operate through a
web browser.




SUSE-GPL-2.0-with-openssl-exception and LGPL-2.1


* Thu Nov 23 2017
  - Replace references to /var/adm/fillup-templates with new
    %_fillupdir macro (boo#1069468)
* Tue Oct 10 2017
  - Do bound check in read_key before using values(CVE-2017-12166 bsc#1060877).
    [+ 0002-Fix-bounds-check-in-read_key.patch]
* Fri Aug 11 2017
  - Do not package empty /usr/lib64/tmpfiles.d
* Fri Jun 23 2017
  - Update to 2.4.3 (bsc#1045489)
    - Ignore auth-nocache for auth-user-pass if auth-token is pushed
    - crypto: Enable SHA256 fingerprint checking in --verify-hash
    - copyright: Update GPLv2 license texts
    - auth-token with auth-nocache fix broke --disable-crypto builds
    - OpenSSL: don't use direct access to the internal of X509
    - OpenSSL: don't use direct access to the internal of EVP_PKEY
    - OpenSSL: don't use direct access to the internal of RSA
    - OpenSSL: don't use direct access to the internal of DSA
    - OpenSSL: force meth->name as non-const when we free() it
    - OpenSSL: don't use direct access to the internal of EVP_MD_CTX
    - OpenSSL: don't use direct access to the internal of EVP_CIPHER_CTX
    - OpenSSL: don't use direct access to the internal of HMAC_CTX
    - Fix NCP behaviour on TLS reconnect.
    - Remove erroneous limitation on max number of args for --plugin
    - Fix edge case with clients failing to set up cipher on empty PUSH_REPLY.
    - Fix potential 1-byte overread in TCP option parsing.
    - Fix remotely-triggerable ASSERT() on malformed IPv6 packet.
    - Preparing for release v2.4.3 (ChangeLog, version.m4, Changes.rst)
    - refactor my_strupr
    - Fix 2 memory leaks in proxy authentication routine
    - Fix memory leak in add_option() for option 'connection'
    - Ensure option array p[] is always NULL-terminated
    - Fix a null-pointer dereference in establish_http_proxy_passthru()
    - Prevent two kinds of stack buffer OOB reads and a crash for invalid input data
    - Fix an unaligned access on OpenBSD/sparc64
    - Missing include for socket-flags TCP_NODELAY on OpenBSD
    - Make openvpn-plugin.h self-contained again.
    - Pass correct buffer size to GetModuleFileNameW()
    - Log the negotiated (NCP) cipher
    - Avoid a 1 byte overcopy in x509_get_subject (ssl_verify_openssl.c)
    - Skip tls-crypt unit tests if required crypto mode not supported
    - openssl: fix overflow check for long --tls-cipher option
    - Add a DSA test key/cert pair to sample-keys
    - Fix mbedtls fingerprint calculation
    - mbedtls: fix --x509-track post-authentication remote DoS (CVE-2017-7522)
    - mbedtls: require C-string compatible types for --x509-username-field
    - Fix remote-triggerable memory leaks (CVE-2017-7521)
    - Restrict --x509-alt-username extension types
    - Fix potential double-free in --x509-alt-username (CVE-2017-7521)
    - Fix gateway detection with OpenBSD routing domains
* Wed Jun 14 2017
  - use %{_tmpfilesdir} for tmpfiles.d/openvpn.conf (bsc#1044223)
* Tue Jun 06 2017
  - Update to 2.4.2
    - auth-token: Ensure tokens are always wiped on de-auth
    - Make --cipher/--auth none more explicit on the risks
    - Use SHA256 for the internal digest, instead of MD5
    - Deprecate --ns-cert-type
    - Deprecate --no-iv
    - Support --block-outside-dns on multiple tunnels
    - Limit --reneg-bytes to 64MB when using small block ciphers
    - Fix --tls-version-max in mbed TLS builds
    Details changelogs are avilable in
    * openvpn-2.3.x-fixed-multiple-low-severity-issues.patch
    * openvpn-fips140-2.3.2.patch]
  - pkcs11-helper-devel >= 1.11 is needed for openvpn-2.4.2
  - cleanup the spec file
* Fri Apr 21 2017
  - Preform deferred authentication in the background to not
    cause main daemon processing delays when the underlying pam mechanism (e.g.
    ldap) needs longer to response (bsc#959511).
    [+ 0001-preform-deferred-authentication-in-the-background.patch]
  - Added fix for possible heap overflow on read accessing getaddrinfo
    result (bsc#959714).
  - Added a patch to fix multiple low severity issues (bsc#934237).
* Sun Jan 22 2017
  - silence warning about %{_rundir}/openvpn
    - for non systemd case: just package the %{_rundir}/openvpn in
      the package
    - for systemd case: call systemd-tmpfiles and own the dir as
      %ghost in the filelist
* Sun Jan 22 2017
  - refreshed patches to apply cleanly again
* Sun Jan 22 2017
  - update to 2.3.14
    - update year in copyright message
    - Document the --auth-token option
    - Repair topology subnet on FreeBSD 11
    - Repair topology subnet on OpenBSD
    - Drop recursively routed packets
    - Support --block-outside-dns on multiple tunnels
    - When parsing '--setenv opt xx ..' make sure a third parameter
      is present
    - Map restart signals from event loop to SIGTERM during
      exit-notification wait
    - Correctly state the default dhcp server address in man page
    - Clean up format_hex_ex()
  - enabled pkcs11 support
* Sat Dec 03 2016
  - update to 2.3.13
  - removed obsolete patch files openvpn-2.3.0-man-dot.diff and
    2016.11.02 -- Version 2.3.13
    Arne Schwabe (2):
    * Use AES ciphers in our sample configuration files and add a few modern 2.4 examples
    * Incorporate the Debian typo fixes where appropriate and make show_opt default message clearer
    David Sommerseth (4):
    * Make OpenVPN write PID file to avoid various sudo issues
    * Add support for Kerberos/ksu
    * Improve detection if the OpenVPN process did start during tests
    * Add prepare/cleanup possibilties for each test case
    Gert Doering (5):
    * Do not abort t_client run if OpenVPN instance does not start.
    * Fix t_client runs on OpenSolaris
    * make t_client robust against sudoers misconfiguration
    * add POSTINIT_CMD_suf to and sample config
    * Fix --multihome for IPv6 on 64bit BSD systems.
    Ilya Shipitsin (1):
    * skip and if openvpn configured --disable-crypto
    Lev Stipakov (2):
    * Exclude peer-id from pulled options digest
    * Fix compilation in pedantic mode
    Samuli Seppänen (1):
    * Automatically cache expected IPs for on the first run
    Steffan Karger (6):
    * Fix unittests for out-of-source builds
    * Make gnu89 support explicit
    * cleanup: remove code duplication in msg_test()
    * Update cipher-related man page text
    * Limit --reneg-bytes to 64MB when using small block ciphers
    * Add a revoked cert to the sample keys
    2016.08.23 -- Version 2.3.12
    Arne Schwabe (2):
    * Complete push-peer-info documentation and allow IV_PLAT_VER for other platforms than Windows if the client UI supplies it.
    * Move ASSERT so external-key with OpenSSL works again
    David Sommerseth (3):
    * Only build and run cmocka unit tests if its submodule is initialized
    * Another fix related to unit test framework
    * Remove NOP function and callers
    Dorian Harmans (1):
    * Add CHACHA20-POLY1305 ciphersuite IANA name translations.
    Ivo Manca (1):
    * Plug memory leak in mbedTLS backend
    Jeffrey Cutter (1):
    * Update contrib/pull-resolv-conf/client.up for no DOMAIN
    Jens Neuhalfen (2):
    * Add unit testing support via cmocka
    * Add a test for auth-pam searchandreplace
    Josh Cepek (1):
    * Push an IPv6 CIDR mask used by the server, not the pool's size
    Leon Klingele (1):
    * Add link to bug tracker
    Samuli Seppänen (2):
    * Update CONTRIBUTING.rst to allow GitHub PRs for code review purposes
    * Clarify the fact that build instructions in README are for release tarballs
    Selva Nair (4):
    * Make error non-fatal while deleting address using netsh
    * Make block-outside-dns work with persist-tun
    * Ignore SIGUSR1/SIGHUP during exit notification
    * Promptly close the netcmd_semaphore handle after use
    Steffan Karger (4):
    * Fix polarssl / mbedtls builds
    * Don't limit max incoming message size based on c2->frame
    * Fix '--cipher none --cipher' crash
    * Discourage using 64-bit block ciphers
* Mon Nov 28 2016
  - Require iproute2 explicitly. openvpn uses /bin/ip from iproute2,
    so it should be installed
* Thu Sep 08 2016
  - Add an example for a FIPS 140-2 approved cipher configuration to
    the sample configuration files. Fixes bsc#988522
    adding openvpn-fips140-AES-cipher-in-config-template.patch
  - remove gpg-offline signature verification, now a source service
* Tue May 10 2016
  - Update to version 2.3.11
    * Fixed port-share bug with DoS potential
    * Fix buffer overflow by user supplied data
    * Fix undefined signed shift overflow
    * Ensure input read using systemd-ask-password is null terminated
    * Support reading the challenge-response from console
    * hardening: add safe FD_SET() wrapper openvpn_fd_set()
    * Restrict default TLS cipher list
  - Add BuildRequires on xz for SLE11
* Mon Jan 04 2016
  - Update to version 2.3.10
    * Warn user if their certificate has expired
    * Fix regression in setups without a client certificate
* Wed Dec 16 2015
  - Update to version 2.3.9
    * Show extra-certs in current parameters.
    * Do not set the buffer size by default but rely on the operation system default.
    * Remove --enable-password-save option
    * Detect config lines that are too long and give a warning/error
    * Log serial number of revoked certificate
    * Avoid partial authentication state when using --disabled in CCD configs
    * Replace unaligned 16bit access to TCP MSS value with bytewise access
    * Fix possible heap overflow on read accessing getaddrinfo() result.
    * Fix isatty() check for good. (obsoletes revert-daemonize.patch)
    * Client-side part for server restart notification
    * Fix privilege drop if first connection attempt fails
    * Support for username-only auth file.
    * Increase control channel packet size for faster handshakes
    * hardening: add insurance to exit on a failed ASSERT()
    * Fix memory leak in auth-pam plugin
    * Fix (potential) memory leak in init_route_list()
    * Fix unintialized variable in plugin_vlog()
    * Add macro to ensure we exit on fatal errors
    * Fix memory leak in add_option() by simplifying get_ipv6_addr
    * openssl: properly check return value of RAND_bytes()
    * Fix rand_bytes return value checking
    * Fix "White space before end tags can break the config parser"
* Thu Dec 03 2015
  - Adjust /var/run to _rundir macro value in openvpn@.service too.
* Thu Aug 20 2015
  - Removed obsolete --with-lzo-headers option, readded LFS_CFLAGS.
  - Moved openvpn-plugin.h into a devel package, removed .gitignore
* Thu Aug 13 2015
  - Add revert-daemonize.patch, looks like under systemd the stdin
    and stdout are not TTYs by default. This reverts to previous
    behaviour fixing bsc#941569
* Wed Aug 05 2015
  - Update to version 2.3.8
    * Report missing endtags of inline files as warnings
    * Fix commit e473b7c if an inline file happens to have a
      line break exactly at buffer limit
    * Produce a meaningful error message if --daemon gets in the way of
      asking for passwords.
    * Document --daemon changes and consequences (--askpass, --auth-nocache)
    * Del ipv6 addr on close of linux tun interface
    * Fix --askpass not allowing for password input via stdin
    * Write pid file immediately after daemonizing
    * Fix regression: query password before becoming daemon
    * Fix using management interface to get passwords
    * Fix overflow check in openvpn_decrypt()
* Tue Jun 09 2015
  - Update to version 2.3.7
    * down-root plugin: Replaced system() calls with execve()
    * sockets: Remove the limitation of --tcp-nodelay to be server-only
    * pkcs11: Load module by default
    * New approach to handle peer-id related changes to link-mtu
    * Fix incorrect use of get_ipv6_addr() for iroute options
    * Print helpful error message on --mktun/--rmtun if not available
    * Explain effect of --topology subnet on --ifconfig
    * Add note about file permissions and --crl-verify to manpage
    * Repair --dev null breakage caused by db950be85d37
    * Correct note about DNS randomization in openvpn.8
    * Disallow usage of --server-poll-timeout in --secret key mode
    * Slightly enhance documentation about --cipher
    * On signal reception, return EAI_SYSTEM from openvpn_getaddrinfo()
    * Use EAI_AGAIN instead of EAI_SYSTEM for openvpn_getaddrinfo()
    * Fix --redirect-private in --dev tap mode
    * Updated manpage for --rport and --lport
    * Properly escape dashes on the man-page
    * Improve documentation in --script-security section of the man-page
    * Really fix '--cipher none' regression
    * Set tls-version-max to 1.1 if cryptoapicert is used
    * Account for peer-id in frame size calculation
    * Disable SSL compression
    * Fix frame size calculation for non-CBC modes.
    * Allow for CN/username of 64 characters (fixes off-by-one)
    * Re-enable TLS version negotiation by default
    * Remove size limit for files inlined in config
    * Improve --tls-cipher and --show-tls man page description
    * Re-read auth-user-pass file on (re)connect if required
    * Clarify --capath option in manpage
    * Call daemon() before initializing crypto library
* Mon Mar 02 2015
  - Fixed to use correct sha digest data length and in fips mode,
    use aes instead of the disallowed blowfish crypto (boo#914166).
  - Fixed to provide actual plugin/doc dirs in openvpn(8) man page.
* Mon Dec 01 2014
  - Update to version 2.3.6 fixing a denial-of-service vulnerability
    where an authenticated client could stop the server by triggering
    a server-side ASSERT (bnc#907764,CVE-2014-8104).
    See ChangeLog file for a complete list of changes.
* Thu Oct 30 2014
  - Update to version 2.3.5
    * See included changelog
  - Depend on systemd-devel for the daemon check functionality
* Mon Aug 25 2014
  - Update to version 2.3.4
    * Add support for client-cert-not-required for PolarSSL.
    * Introduce safety check for http proxy options.
* Mon May 26 2014
  - Build with large file support in 32 bit systems.
* Sun May 11 2014
  - use %_rundir for %ghost directory - leaving /var/run everywhere
* Tue Jan 14 2014
  - Updated README.SUSE, documented also the rcopenvpn compatibility
    wrapper script (bnc#848070).
* Thu Jan 09 2014
  - openvpn-fips140-2.3.2.patch: Allow usage of SHA1 instead of MD5 in
    some internal checking routines. This allows operation in FIPS 140-2
* Tue Dec 17 2013
  - Readded rcopenvpn helper script under systemd (bnc#848070)
* Thu Oct 31 2013
  - Fixed invalid mode in exec bit removal call from doc files
* Tue Aug 27 2013
  - Add a section about how to control all or a named configuration with the
    help of systemctl to the README.SUSE file.
* Mon Jun 03 2013
  - Update to 2.3.2
    +Fixes since 2.3.0
  - Remove dead code path and putenv functionality
  - Remove unused function xor
  - Move static prototype definition from header into c file
  - Remove unused function no_tap_ifconfig
  - fix build with automake 1.13(.1)
  - Fix corner case in NTLM authentication (trac #172)
  - Update README.IPv6 to match what is in 2.3.0
  - Repair "tcp server queue overflow" brokenness, more <stdbool.h> fallout.
  - Permit pool size of /64.../112 for ifconfig-ipv6-pool
  - Add MIN() compatibility macro
  - Fix directly connected routes for "topology subnet" on Solaris.
  - close more file descriptors on exec
  - Ignore UTF-8 byte order mark
  - reintroduce --no-name-remapping option
  - make --tls-remote compatible with pre 2.3 configs
  - add new option for X.509 name verification
  - add man page patch for missing options
  - Fix parameter listing in non-debug builds at verb 4
  - (updated) [PATCH] Warn when using verb levels >=7 without debug
  - Enable TCP_NODELAY configuration on FreeBSD.
  - Updated README
  - Cleaned up and updated INSTALL
  - PolarSSL-1.2 support
  - Improve PolarSSL key_state_read_{cipher, plain}text messages
  - Improve verify_callback messages
  - Config compatibility patch. Added translate_cipher_name.
  - Switch to IANA names for TLS ciphers.
  - Fixed autoconf script to properly detect missing pkcs11 with polarssl.
  - Use constant time memcmp when comparing HMACs in openvpn_decrypt.
* Mon May 06 2013
  - Try to migrate openvpn.service autostart to openvpn@<CONF>.service
    instance enablement.
* Tue Apr 23 2013
  - Fixed to enable systemd support in configure
  - Fixed openvpn-tmpfile.conf to use GID root, there is no openvpn group.
  - Added file allowing to handle all instances at once.
  - Fixed to install the service template correctly as openvpn@.service.
    Use "systemctl enable openvpn@foo.service" to enable instance using
  - Disabled systemd variant of restart on update rpm macro, adopted other
    macros to use to e.g. stop all instances on uninstall.
* Tue Mar 26 2013
  - Remove _unitdir definition, it is provided by systemd.
  - Install service file without x permissions
* Mon Mar 25 2013
  Update to version 2.3.0:
    * Full IPv6 support
    * SSL layer modularised, enabling easier implementation for other SSL libraries
    * PolarSSL support as a drop-in replacement for OpenSSL
    * New plug-in API providing direct certificate access, improved logging API
    and easier to extend in the future
    * Added 'dev_type' environment variable to scripts and plug-ins - which is
    set to 'TUN' or 'TAP'
    * New feature: --management-external-key - to provide access to the encryption
    keys via the management interface
    * New feature: --x509-track option, more fine grained access to X.509 fields
    in scripts and plug-ins
    * New feature: --client-nat support
    * New feature: --mark which can mark encrypted packets from the tunnel, suitable
    for more advanced routing and firewalling
    * New feature: --management-query-proxy - manage proxy settings via the management
    interface (supercedes --http-proxy-fallback)
    * New feature: --stale-routes-check, which cleans up the internal routing table
    * New feature: --x509-username-field, where other X.509v3 fields can be used for
    the authentication instead of Common Name
    * Improved client-kill management interface command
    * Improved UTF-8 support - and added --compat-names to provide backwards compatibility
    with older scripts/plug-ins
    * Improved auth-pam with COMMONNAME support, passing the certificate's common
    name in the PAM conversation
    * More options can now be used inside <connection> blocks
    * Completely new build system, enabling easier cross-compilation and Windows builds
    * Much of the code has been better documented
    * Many documentation updates
    * Plenty of bug fixes and other code clean-ups
  - Add systemd native support for OpenSUSE > 12.1
  - Adapt patchs to upstream release:
    * openvpn-2.1-plugin-man.dif > openvpn-2.3-plugin-man.dif
    * openvpn-2.1.0-man-dot.diff > openvpn-2.3.0-man-dot.diff
  - Remove obsolete patchs; fixed or merged on upstream release:
    * 0001-Use-SSL_MODE_RELEASE_BUFFERS-if-available.patch
    * openvpn-2.1-plugin-build.dif
    * openvpn-2.1-systemd-passwd.patch
  - Rebase specfile to upstream changes:
    * easy-rsa is not provided anymore with main package
    * remove %clean section
    * autoreconf -fi is no needed
  - Update openvpn.keyring file for upstream release asc key
* Mon Jan 28 2013
  - Join openvpn.service systemd cgroup in start when needed, e.g.
    when starting with further parameters. (bnc#781106)
* Thu Nov 29 2012
  - Verify GPG signature.
* Fri Sep 21 2012
  - fix ciaran's previous license entry. the license has a SUSE prefix
* Thu Sep 20 2012
  - Fixed openvpn init script to not map reopen to reload so the
    reopen code is without any effect (bnc#781106).
  - Added requested OPENVPN_AUTOSTART variable allowing to provide
    an optional list of config names started by default (bnc#692440).
* Wed Aug 22 2012
  - license update: GPL-2.0-with-openssl-exception and LGPL-2.1
    openssl has an openssl exception (also, it is GPL-2.0 only)
* Thu Mar 29 2012
  - Fixed SLES build readding Group tags to sub-packages in spec,
    not require libselinux-devel on SLE-10 and datadir/doc cleanup.
* Wed Feb 15 2012
  - Updated to openvpn-2.2.2:
    - Warn once, that IPv6 in tun mode is not supported in OpenVPN 2.2
    - Pkcs11 support built into the Windows version
    - Fixed a bug in the Windows TAP-driver
* Thu Dec 08 2011
  - Fix source URLs.
* Fri Dec 02 2011
  - add automake as buildrequire to avoid implicit dependency
* Mon Aug 29 2011
  - Marked /var/run/openvpn as ghost (bnc#710270), man page and
    other rpmlint warning fixes
* Tue Aug 23 2011
  - BuildRequires libselinux-devel
  - Use SSL_MODE_RELEASE_BUFFERS to keep memory usage low, sent
    upstream as
* Mon Aug 22 2011
  - Add openvpn-2.1-systemd-passwd.patch / modify openvpn.init to
    support systemd password query (bnc#675406)
* Mon Jul 11 2011
  - Updated to openvpn-2.2.1, a new version series providing several
    new features. This version fixes build issues and provides
    updated easy-rsa for OpenSSL 1.0.0 (fixes Trac ticket #125),
  - Adopted spec file, enabled saving password in a file and to
    specify an alternative username in x509 cert.
  - Removed X-Interactive from init script again, as systemd isn't
    able to use it correctly [any more?] (bnc#675406). We will
    address it later and probably use /bin/systemd-ask-password.
* Tue Mar 15 2011
  - KVPNC is unable to parse openvpn version [bnc#679153]
* Thu Feb 17 2011
  - Added X-Interactive: true LSB tag to the init script.
* Tue Nov 16 2010
  - Updated to openvpn 2.1.4, providing several bug fixes and
    improvements, such as:
    * Fix of a problem with special case route targets
    * Try to ensure, that the tun/tap interface gets closed on
      non-graceful aborts.
    * Several AUTH_FAILED reporting fixes causing the connection
      to fail without any error indication.
    * Enable exponential backoff in reliability layer retransmits.
    * Proxy improvements
    Please review the ChangeLog file for a complete and exact list.
* Wed Sep 08 2010
  - Do not include build date in binaries
* Tue Jun 15 2010
  - Improved netconfig based client up and down sample scripts.
* Fri Jun 11 2010
  - Added netconfig based client up and down scripts to samples.
* Thu Mar 11 2010
  - Updated to openvpn 2.1.1; linux related changes since 2.1_rc20:
    * Fixed a couple issues in sample plugins auth-pam.c and
      (1) Fail gracefully rather than segfault if calloc returns NULL.
      (2) The openvpn_plugin_abort_v1 function can potentially be
      called with handle == NULL.  Add code to detect this case,
    and if so, avoid dereferencing pointers derived from handle
    (Thanks to David Sommerseth for finding this bug).
    * Documented "multihome" option in the man page.
    * Added a hard failure when peer provides a certificate chain
      with depth > 16.  Previously, a warning was issued.
    * Added additional session renegotiation hardening. OpenVPN has
      always required that mid-session renegotiations build up a new
      SSL/TLS session from scratch. While the client certificate
      common name is already locked against changes in mid-session
      TLS renegotiations, we now extend this locking to the
      auth-user-pass username as well as all certificate content in
      the full client certificate chain.
  - Improved openvpn init script adding messages giving a hint about
    pid write failure and to look into the log messages (bnc#559041).
  - Added -fno-strict-aliasing to compile flags in the spec file.
* Thu Dec 17 2009
  - Updated to openvpn 2.1 2.1_rc20, fixing problems in route and
    option handling provided by the from server (bnc#552440).
    For complete list of changes, see ChangeLog file, here just
    the IMO most important:
    * Fixed a bug introduced in 2.1_rc17 (svn r4436) where using
      the redirect-gateway option by itself, without any extra
      parameters, would cause the option to be ignored.
    * Optimized PUSH_REQUEST handshake sequence to shave several
      seconds off of a typical client connection initiation.
    * The maximum number of "route" directives (specified in the
      config file or pulled from a server) can now be configured
      via the new "max-routes" directive.
    * Eliminated the limitation on the number of options that can
      be pushed to clients, including routes. Previously, all
      pushed options needed to fit within a 1024 byte options
    * Added --server-poll-timeout option : when polling possible
      remote servers to connect to in a round-robin fashion,
      spend no more than n seconds waiting for a response before
      trying the next server.
    * Added the ability for the server to provide a custom reason
      string when an AUTH_FAILED message is returned to the client.
      This string can be set by the server-side managment interface
      and read by the client-side management interface.
    * client-kill management interface command, when issued on server,
      will now send a RESTART message to client. This feature is
      intended to make UDP clients respond the same as TCP clients
      in the case where the server issues a RESTART message in order
      to force the client to reconnect and pull a new options/route
* Fri Oct 02 2009
  - Added network-remotefs to init script dependencies (bnc#522279).
* Wed Jun 10 2009
  - Updated to openvpn 2.1 [2.1_rc18] series (fate#305289).
  - Enabled pkcs11-helper for openSUSE > 10.3 (bnc#487558).
  - Adopted spec file and patches, improved init script.
  - Disabled installation of easy-rsa for Windows.



Generated by rpm2html 1.8.1

Fabrice Bellet, Sat Oct 9 10:07:33 2021