Software Update: OpenVPN 2.5.8

Spread the love

OpenVPN is a robust and easy to set up open source VPN daemon that allows different private networks to be linked together through an encrypted tunnel over the Internet. For security, the OpenSSL library is used, with which all encryption, authentication and certification can be handled. The developers have released version 2.5.8 and the most important changes are listed below for you.

New feature

  • Allow running a default configuration with TLS libraries without BF-CBC (even if TLS cipher negotiation would not actually use BF-CBC, the long-term compatibility “default cipher BF-CBC” would trigger an error on such TLS libraries)

User Visible Changes

  • Add git branch name + commit ID to OpenVPN version string on MSVC builds (windows)

Testing Enhancements

  • t_client.sh: if fping is found and fping6 is not, assume we have fping 4.0 and up, and call “fping -6” for ipv6 ping tests
  • t_client.sh: allow to force FAIL on prerequisite fails, so a CI environment will no longer “silently skip” t_client runs if fping (etc) can not be found, but will error out

Bug fixes

  • –auth-nocache” was not always correctly clearing username+password after a renegotiation
  • Ensure that auth-token received from server is cleared if requested by the management interface (“forget password” or automatically via –management-forget-disconnect”)
  • In a setup without username+password, but with auth-token and auth-token-username pushed by the server, OpenVPN would start asking for username+password on token expiry. Fix.
  • Using –auth-token together with –management-client-auth (on the server) would lead to TLS keys getting out of sync and client being disconnected. Fix.
  • Management interface would sometimes get stuck if client and server try to write something simultaneously. Fix by allowing a limited level of recursion in virtual_output_callback()
  • Fix management interface not returning ERROR:/SUCCESS: response on “signal SIGxxx” commands when in HOLD state
  • Tls-crypt-v2: abort connection if client-key is too short
  • Make man page agree with actual code on replay-window backtrag log message
  • Remove useless empty line from CR_RESPONSE message

Version number 2.5.8
Release status Final
Operating systems Windows 7, Linux, BSD, macOS, Solaris, UNIX, Windows Server 2008, Windows Server 2012, Windows 8, Windows 10, Windows Server 2016, Windows Server 2019, Windows 11
Website OpenVPN
Download
License type Prerequisites (GNU/BSD/etc.)
You might also like