openwrt-packages.git - Community maintained packages for OpenWrt

	Commit message (Collapse)	Author	Age
*	openvpn: update to 2.5.4	Ivan Pavlov	2021-10-13
\| \| \| \| \| \| \|	Include a number of small improvements and bug fixes. Improve compatibility on Windows systems Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
*	openvpn: add OpenVPN option push-peer-info	Nguyen Quang Minh	2021-09-01
\| \| \| \| \| \| \| \| \|	This will allow the server to know more info about the client like HWADDR, very useful for managing IoT devices. See: https://www.mankier.com/8/openvpn#--push-peer-info Signed-off-by: Nguyen Quang Minh <minhnq31@fpt.com.vn>
*	openvpn: enable LZO support by default for OpenSSL variant	Etienne Champetier	2021-07-12
\| \| \| \| \| \| \| \|	User that don't control both OpenVPN client and server might still need LZO support, so keep it enable by default for at least OpenSSL variant. Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
*	openvpn: update to 2.5.3	Ivan Pavlov	2021-06-18
\| \| \| \| \| \| \| \| \|	Fix a possible security issue with OpenSSL config autoloading on Windows (CVE-2021-3606). Include a number of small improvements and bug fixes. remove upstreamed: 115-fix-mbedtls-without-renegotiation.patch Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
*	openvpn: enable using wolfSSL cryptographic API engine	Ivan Pavlov	2021-06-13
\| \| \| \| \| \| \| \| \| \|	Support for wolfSSL has been upstreamed to the master OpenVPN branch in f6dca235ae560597a0763f0c98fcc9130b80ccf4 so we can use wolfSSL directly in OpenVPN. So no more needed differnt SSL engine for OpenVPN in systems based on wolfSSL library Compiled && tested on ramips/mt7620, ramips/mt7621 Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
*	openvpn: update to 2.5.2	Magnus Kroken	2021-04-22
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Fixes two related security vulnerabilities (CVE-2020-15078) which under very specific circumstances allow tricking a server using delayed authentication (plugin or management) into returning a PUSH_REPLY before the AUTH_FAILED message, which can possibly be used to gather information about a VPN setup. In combination with "--auth-gen-token" or a user-specific token auth solution it can be possible to get access to a VPN with an otherwise-invalid account. OpenVPN 2.5.2 also includes other bug fixes and improvements. Add CI build test script. Signed-off-by: Magnus Kroken <mkroken@gmail.com>
*	openvpn: fix invoking user up & down commands from hotplug wrapper	Jo-Philipp Wich	2021-04-01
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	This commit adds a number of fixes to the OpenVPN up/down hotplug command wrapper which currently fails to actually invoke user defined up and down commands for uci configurations not using external native configurations. - Use the `--setenv` to pass the user configured `up` and `down` commands as `user_up` and `user_down` environment variables respectively - Instead of attempting to scrape the `up` and `down` settings from the (possibly generated) native OpenVPN configuration in `/etc/hotplug.d/openvpn/01-user`, read them from the respective environment variables instead - Fix parsing of native configuration values in `get_openvpn_option()`; first try to parse a given setting as single quoted value, then as double quoted and finally as non-quoted, potentially white-space escaped one. This ensures that `up '/bin/foo'` is interpreted as `/bin/foo` and not `'/bin/foo'` Ref: https://forum.openwrt.org/t/openvpn-up-down-configuration-ignored/91126 Supersedes: #15121, #15284 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
*	openvpn: add OpenVPN option server-poll-timeout	Alexander Egorenkov	2021-03-22
\| \| \| \| \| \|	See https://www.mankier.com/8/openvpn#--server-poll-timeout Signed-off-by: Alexander Egorenkov <egorenar-dev@posteo.net>
*	openvpn: update to 2.5.1	Magnus Kroken	2021-02-24
\| \| \| \| \| \|	Set myself as maintainer. Signed-off-by: Magnus Kroken <mkroken@gmail.com>
*	openvpn: Support username and password options	Michal Hrusecky	2020-12-11
\| \| \| \| \| \| \| \| \|	Some VPN providers require username and password for client to connect. This commit adds an option to specify username, password and cert_password directly in uci config which then gets expanded during start of openpvn client. Signed-off-by: Michal Hrusecky <michal.hrusecky@turris.com>
*	openvpn: disable LZO support by default	Magnus Kroken	2020-12-01
\| \| \| \| \| \| \| \| \| \| \|	OpenVPN recommends disabling compression, as it may weaken the security of the connection. For users who need compression, we build with LZ4 support by default. LZO in OpenVPN pulls in liblzo at approx. 32 kB. OpenWrt users will no longer be able to connect to OpenVPN peers that require LZO compression, unless they build the OpenVPN package themselves. Signed-off-by: Magnus Kroken <mkroken@gmail.com>
*	openvpn: update to 2.5.0	Magnus Kroken	2020-12-01
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	New features: * Per client tls-crypt keys * ChaCha20-Poly1305 can be used to encrypt the data channel * Routes are added/removed via Netlink instead of ifconfig/route (unless iproute2 support is enabled). * VLAN support when using a TAP device Significant changes: * Server support can no longer be disabled. * Crypto support can no longer be disabled, remove nossl variant. * Blowfish (BF-CBC) is no longer implicitly the default cipher. OpenVPN peers prior to 2.4, or peers with data cipher negotiation disabled, will not be able to connect to a 2.5 peer unless option data_fallback_ciphers is set on the 2.5 peer and it contains a cipher supported by the client. Signed-off-by: Magnus Kroken <mkroken@gmail.com>
*	openvpn: import from base	Rosen Penev	2020-12-01
	Signed-off-by: Rosen Penev <rosenp@gmail.com>