aboutsummaryrefslogtreecommitdiff
path: root/net/openvpn/patches
Commit message (Collapse)AuthorAge
* openvpn: update to 2.5.2Magnus Kroken2021-04-22
| | | | | | | | | | | | | | | | Fixes two related security vulnerabilities (CVE-2020-15078) which under very specific circumstances allow tricking a server using delayed authentication (plugin or management) into returning a PUSH_REPLY before the AUTH_FAILED message, which can possibly be used to gather information about a VPN setup. In combination with "--auth-gen-token" or a user-specific token auth solution it can be possible to get access to a VPN with an otherwise-invalid account. OpenVPN 2.5.2 also includes other bug fixes and improvements. Add CI build test script. Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* openvpn: update to 2.5.0Magnus Kroken2020-12-01
| | | | | | | | | | | | | | | | | | | | New features: * Per client tls-crypt keys * ChaCha20-Poly1305 can be used to encrypt the data channel * Routes are added/removed via Netlink instead of ifconfig/route (unless iproute2 support is enabled). * VLAN support when using a TAP device Significant changes: * Server support can no longer be disabled. * Crypto support can no longer be disabled, remove nossl variant. * Blowfish (BF-CBC) is no longer implicitly the default cipher. OpenVPN peers prior to 2.4, or peers with data cipher negotiation disabled, will not be able to connect to a 2.5 peer unless option data_fallback_ciphers is set on the 2.5 peer and it contains a cipher supported by the client. Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* openvpn: import from baseRosen Penev2020-12-01
Signed-off-by: Rosen Penev <rosenp@gmail.com>