OpenVPN 2.3.12
OpenVPN is designed to be a full-featured SSL VPN solution which can accommodate a wide range of configurations
These include remote access, site-to-site VPNs, WiFi security, and enterprise-scale remote access solutions with load balancing.
It implements OSI layer 2 or 3 secure network extension using the industry standard SSL/TLS protocol, supports flexible client authentication methods based on certificates, smart cards, and/or 2-factor authentication, and allows user or group-specific access control policies using firewall rules applied to the VPN virtual interface. OpenVPN is not a web application proxy and does not operate through a web browser.
OpenVPN Features:
- Tunnel any IP subnetwork or virtual ethernet adapter over a single UDP or TCP port,
- Configure a scalable, load-balanced VPN server farm using one or more machines which can handle thousands of dynamic connections from incoming VPN clients,
- Use all of the encryption, authentication, and certification features of the OpenSSL library to protect your private network traffic as it transits the internet,
- Use any cipher, key size, or HMAC digest (for datagram integrity checking) supported by the OpenSSL library,
- Choose between static-key based conventional encryption or certificate-based public key encryption,
- Use static, pre-shared keys or TLS-based dynamic key exchange,
- Use real-time adaptive link compression and traffic-shaping to manage link bandwidth utilization,
- Tunnel networks whose public endpoints are dynamic such as DHCP or dial-in clients,
- Tunnel networks through connection-oriented stateful firewalls without having to use explicit firewall rules,
- Tunnel networks over NAT,
- Create secure ethernet bridges using virtual tap devices, and control OpenVPN using a GUI on Windows or Mac OS X.
Changelog
This release includes many small improvements and fixes. This is the first release that actively discourages the use of 64-bit block ciphers for security reasons.
Arne Schwabe (2):
Complete push-peer-info documentation and allow IV_PLAT_VER for other platforms than Windows if the client UI supplies it.
Move ASSERT so external-key with OpenSSL works again
David Sommerseth (5):
Only build and run cmocka unit tests if its submodule is initialized
Another fix related to unit test framework
Remove NOP function and callers
Revert "Drop recursively routed packets"
Preparing release of v2.3.12
Dorian Harmans (1):
Add CHACHA20-POLY1305 ciphersuite IANA name translations.
Ivo Manca (1):
Plug memory leak in mbedTLS backend
Jeffrey Cutter (1):
Update contrib/pull-resolv-conf/client.up for no DOMAIN
Jens Neuhalfen (2):
Add unit testing support via cmocka
Add a test for auth-pam searchandreplace
Josh Cepek (1):
Push an IPv6 CIDR mask used by the server, not the pool's size
Leon Klingele (1):
Add link to bug tracker
Lev Stipakov (1):
Drop recursively routed packets
Samuli Seppänen (2):
Update CONTRIBUTING.rst to allow GitHub PRs for code review purposes
Clarify the fact that build instructions in README are for release tarballs
Selva Nair (4):
Make error non-fatal while deleting address using netsh
Make block-outside-dns work with persist-tun
Ignore SIGUSR1/SIGHUP during exit notification
Promptly close the netcmd_semaphore handle after use
Steffan Karger (4):
Fix polarssl / mbedtls builds
Don't limit max incoming message size based on c2->frame
Fix '--cipher none --cipher' crash
Discourage using 64-bit block ciphers
Home Page:
http://www.openvpn.net/
Installer (32-bit), Windows Vista and later
https://swupdate.openvpn.org/community/releases/openvpn-install-2.3.12-I601-i686.exe
Installer (64-bit), Windows Vista and later
https://swupdate.openvpn.org/community/releases/openvpn-install-2.3.12-I601-x86_64.exe
Installer (32-bit), Windows XP
http://swupdate.openvpn.org/community/releases/openvpn-install-2.3.12-I001-i686.exe
Installer (64-bit), Windows XP
http://swupdate.openvpn.org/community/releases/openvpn-install-2.3.12-I001-x86_64.exe