diff options
| author | Magnus Kroken <mkroken@gmail.com> | 2020-12-01 10:57:07 +0100 |
|---|---|---|
| committer | Rosen Penev <rosenp@gmail.com> | 2020-12-01 13:03:51 -0800 |
| commit | 2e55fc8b2d42682cd1c26e9827b7b6f47fb51398 (patch) | |
| tree | f449ec8c75f00d3a014aa820ebf57c45a3a18029 /net/openvpn/files/openvpn.options | |
| parent | 4434915571b5c3dbc7d000215e48d8d0d60e41bc (diff) | |
openvpn: update to 2.5.0
New features:
* Per client tls-crypt keys
* ChaCha20-Poly1305 can be used to encrypt the data channel
* Routes are added/removed via Netlink instead of ifconfig/route
(unless iproute2 support is enabled).
* VLAN support when using a TAP device
Significant changes:
* Server support can no longer be disabled.
* Crypto support can no longer be disabled, remove nossl variant.
* Blowfish (BF-CBC) is no longer implicitly the default cipher.
OpenVPN peers prior to 2.4, or peers with data cipher negotiation
disabled, will not be able to connect to a 2.5 peer unless
option data_fallback_ciphers is set on the 2.5 peer and it contains a
cipher supported by the client.
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Diffstat (limited to 'net/openvpn/files/openvpn.options')
| -rw-r--r-- | net/openvpn/files/openvpn.options | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/net/openvpn/files/openvpn.options b/net/openvpn/files/openvpn.options index 5d7a387cd..7c641f7d4 100644 --- a/net/openvpn/files/openvpn.options +++ b/net/openvpn/files/openvpn.options @@ -1,10 +1,12 @@ OPENVPN_PARAMS=' +allow_compression askpass auth auth_retry auth_user_pass auth_user_pass_verify bcast_buffers +bind_dev ca capath cd @@ -21,6 +23,7 @@ connect_retry connect_retry_max connect_timeout crl_verify +data_ciphers_fallback dev dev_node dev_type @@ -51,7 +54,6 @@ iroute_ipv6 keepalive key key_direction -key_method keysize learn_address link_mtu @@ -69,7 +71,6 @@ mssfix mtu_disc mute nice -ns_cert_type ping ping_exit ping_restart @@ -116,6 +117,9 @@ syslog tcp_queue_limit tls_auth tls_crypt +tls_crypt_v2 +tls_crypt_v2_verify +tls_export_cert tls_timeout tls_verify tls_version_min @@ -129,6 +133,8 @@ user verb verify_client_cert verify_x509_name +vlan_accept +vlan_pvid x509_username_field ' @@ -137,6 +143,7 @@ allow_recursive_routing auth_nocache auth_user_pass_optional bind +block_ipv6 ccd_exclusive client client_to_client @@ -185,10 +192,13 @@ tls_server up_delay up_restart username_as_common_name +vlan_tagging ' OPENVPN_LIST=' +data_ciphers ncp_ciphers tls_cipher tls_ciphersuites +tls_groups ' |