kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
pkgsrc/net/openvpn/PLIST

59 lines
2.2 KiB
Text
Raw Normal View History

Changes 2.1.3: * Fixed potential local privilege escalation vulnerability in Windows service. * Added Python-based based alternative build system for Windows using Visual Studio 2008 (in win directory). * When aborting in a non-graceful way, try to execute do_close_tun in init.c prior to daemon exit to ensure that the tun/tap interface is closed and any added routes are deleted. * Fixed an issue where AUTH_FAILED was not being properly delivered to the client when a bad password is given for mid-session reauth, causing the connection to fail without an error indication. * Don't advance to the next connection profile on AUTH_FAILED errors. * Fixed an issue in the Management Interface that could cause a process hang with 100% CPU utilization in --management-client mode if the management interface client disconnected at the point where credentials are queried. * Fixed an issue where if reneg-sec was set to 0 on the client, so that the server-side value would take precedence, the auth_deferred_expire_window function would incorrectly return a window period of 0 seconds. In this case, the correct window period should be the handshake window period. * Modified ">PASSWORD:Verification Failed" management interface notification to include a client reason string: >PASSWORD:Verification Failed: 'AUTH_TYPE' ['REASON_STRING'] * Enable exponential backoff in reliability layer retransmits. * Set socket buffers (SO_SNDBUF and SO_RCVBUF) immediately after socket is created rather than waiting until after connect/listen. * Management interface performance optimizations: 1. Added env-filter MI command to perform filtering on env vars passed through as a part of --management-client-auth 2. man_write will now try to aggregate output into larger blocks (up to 1024 bytes) for more efficient i/o * Fixed minor issue in Windows TAP driver DEBUG builds where non-null-terminated unicode strings were being printed incorrectly. * Fixed issue on Windows with MSVC compiler, where TCP_NODELAY support was not being compiled in. * Proxy improvements: * Implemented http-proxy-override and http-proxy-fallback directives to make it easier for OpenVPN client UIs to start a pre-existing client config file with proxy options, or to adaptively fall back to a proxy connection if a direct connection fails. * Implemented a key/value auth channel from client to server. * Fixed issue where bad creds provided by the management interface for HTTP Proxy Basic Authentication would go into an infinite retry-fail loop instead of requerying the management interface for new creds.
2010-09-05 22:33:48 +02:00
@comment $NetBSD: PLIST,v 1.11 2010/09/05 20:33:48 adam Exp $
Initial commit of openvpn-1.5.0: A robust and highly configurable VPN
2004-02-10 13:39:17 +01:00
man/man8/openvpn.8
sbin/openvpn
Update net/openvpn to version 2.0.1. Major changes from version 1.6.0 include: Adding a highly scalable server for handling multiple TCP/UDP clients over point-to-point TUN interfaces, all using a single port number. The server has been designed so that it can run with reduced privilege. On the client side, "pull" has been added, which basically says "accept certain config file options which the server pushes back to you." The major win of the push/pull capability is that the same client configuration file can be used on each client provided each client has its own set of SSL/TLS keys which have been signed by the master CA. A management interface has been developed which can be used to remotely control or centrally manage an OpenVPN daemon. "remote" can now specify a set of machines, or a hostname can be configured with multiple addresses in DNS. A server will be randomly chosen from the list, and if the connect fails, another will be tried (see the "remote-random" option) A package for easy RSA key management (easy-rsa-2.0rc1) has been included to aid in generating SSL keys and certificates for use with OpenVPN.
2005-08-17 21:55:57 +02:00
share/examples/openvpn/config/README
share/examples/openvpn/config/client.conf
share/examples/openvpn/config/firewall.sh
share/examples/openvpn/config/home.up
share/examples/openvpn/config/loopback-client
share/examples/openvpn/config/loopback-server
share/examples/openvpn/config/office.up
share/examples/openvpn/config/openvpn-shutdown.sh
share/examples/openvpn/config/openvpn-startup.sh
share/examples/openvpn/config/server.conf
share/examples/openvpn/config/static-home.conf
share/examples/openvpn/config/static-office.conf
share/examples/openvpn/config/tls-home.conf
share/examples/openvpn/config/tls-office.conf
share/examples/openvpn/config/xinetd-client-config
share/examples/openvpn/config/xinetd-server-config
share/examples/openvpn/keys/README
Updated net/openvpn to 2.1rc7 * Added a few extra files that exist in the svn repo but were not being copied into the tarball by make dist. * Fixup null interface on close, don't use ip addr flush (Alon Bar-Lev). * Fixed options checking bug introduced in rc5 where legitimate configuration files might elicit the error: "Options error: Parameter pkcs11_private_mode can only be specified in TLS-mode, i.e. where --tls-server or --tls-client is also specified." * Added "forget-passwords" command to the management interface (Alon Bar-Lev). * Added --management-signal option to signal SIGUSR1 when the management interface disconnects (Alon Bar-Lev). * Modified command line and config file parser to allow quoted strings using single quotes ('') (Alon Bar-Lev). * Use pkcs11-helper as external library, can be downloaded from https://www.opensc-project.org/pkcs11-helper (Alon Bar-Lev). * Fixed interim memory growth issue in TCP connect loop where "TCP: connect to %s failed, will try again in %d seconds: %s" is output. * Fixed bug in epoll driver in event.c, where the lack of a handler for EPOLLHUP could cause 99% CPU usage. * Defined ALLOW_NON_CBC_CIPHERS for people who don't want to use a CBC cipher for OpenVPN's data channel. * Added PLUGIN_LIBDIR preprocessor string to prepend a default plugin directory to the dlopen search list when the user specifies the basename of the plugin only (Marius Tomaschewski). * Rewrote extract_x509_field and modified COMMON_NAME_CHAR_CLASS to allow forward slash characters ("/") in the X509 common name (Pavel Shramov). * Allow OpenVPN to run completely unprivileged under Linux by allowing openvpn --mktun to be used with --user and --group to set the UID/GID of the tun device node. Also added --iproute option to allow an alternative command to be executed in place of the default iproute2 command (Alon Bar-Lev). * Fixed --disable-iproute2 in ./configure to actually disable iproute2 usage (Alon Bar-Lev). * Added --management-forget-disconnect option -- forget passwords when management session disconnects (Alon Bar-Lev).
2008-02-13 13:07:24 +01:00
share/examples/openvpn/keys/ca.crt
share/examples/openvpn/keys/ca.key
Update net/openvpn to version 2.0.1. Major changes from version 1.6.0 include: Adding a highly scalable server for handling multiple TCP/UDP clients over point-to-point TUN interfaces, all using a single port number. The server has been designed so that it can run with reduced privilege. On the client side, "pull" has been added, which basically says "accept certain config file options which the server pushes back to you." The major win of the push/pull capability is that the same client configuration file can be used on each client provided each client has its own set of SSL/TLS keys which have been signed by the master CA. A management interface has been developed which can be used to remotely control or centrally manage an OpenVPN daemon. "remote" can now specify a set of machines, or a hostname can be configured with multiple addresses in DNS. A server will be randomly chosen from the list, and if the connect fails, another will be tried (see the "remote-random" option) A package for easy RSA key management (easy-rsa-2.0rc1) has been included to aid in generating SSL keys and certificates for use with OpenVPN.
2005-08-17 21:55:57 +02:00
share/examples/openvpn/keys/client.crt
share/examples/openvpn/keys/client.key
share/examples/openvpn/keys/dh1024.pem
share/examples/openvpn/keys/pass.crt
share/examples/openvpn/keys/pass.key
share/examples/openvpn/keys/pkcs12.p12
share/examples/openvpn/keys/server.crt
share/examples/openvpn/keys/server.key
share/examples/openvpn/scripts/auth-pam.pl
share/examples/openvpn/scripts/bridge-start
share/examples/openvpn/scripts/bridge-stop
share/examples/openvpn/scripts/openvpn.init
Update to 2.1_rc1. Many, many improvements including: Added optional minimum-number-of-bytes parameter to --inactive directive. Added --route-metric option to set a default route metric for --route Added --lladdr option to specify the link layer (MAC) address for the tap interface on non-Windows platforms Security Vulnerability CVE-2006-1629 Extended tun device configure code to support ethernet bridging on NetBSD Added --port-share option for allowing OpenVPN and HTTPS server to share the same port number. Added --management-client option to connect as a client to management GUI app rather than be connected to as a server. Added "bytecount" command to management interface. Added --connect-timeout option to control the timeout on TCP client connection attempts (doesn't work on all OSes). This patch also makes OpenVPN signalable during TCP connection attempts. Allow ca, cert, key, and dh files to be specified inline via XML-like syntax without needing to reference an explicit file. Allow plugin and push directives to have multi-line parameter lists Added connect-retry-max option Added a backtrack-hardened system time algorithm. Added --remote-cert-ku, --remote-cert-eku, and --remote-cert-tls options for verifying certificate attributes Added PKCS#11 support Added --bind option for TCP client connections Made LZO setting pushable Plus numerous bug fixes.
2007-02-20 10:40:49 +01:00
share/examples/openvpn/scripts/ucn.pl
Update net/openvpn to version 2.0.1. Major changes from version 1.6.0 include: Adding a highly scalable server for handling multiple TCP/UDP clients over point-to-point TUN interfaces, all using a single port number. The server has been designed so that it can run with reduced privilege. On the client side, "pull" has been added, which basically says "accept certain config file options which the server pushes back to you." The major win of the push/pull capability is that the same client configuration file can be used on each client provided each client has its own set of SSL/TLS keys which have been signed by the master CA. A management interface has been developed which can be used to remotely control or centrally manage an OpenVPN daemon. "remote" can now specify a set of machines, or a hostname can be configured with multiple addresses in DNS. A server will be randomly chosen from the list, and if the connect fails, another will be tried (see the "remote-random" option) A package for easy RSA key management (easy-rsa-2.0rc1) has been included to aid in generating SSL keys and certificates for use with OpenVPN.
2005-08-17 21:55:57 +02:00
share/examples/openvpn/scripts/verify-cn
share/examples/rc.d/openvpn
share/openvpn/easy-rsa/README
share/openvpn/easy-rsa/build-ca
share/openvpn/easy-rsa/build-dh
share/openvpn/easy-rsa/build-inter
share/openvpn/easy-rsa/build-key
share/openvpn/easy-rsa/build-key-pass
share/openvpn/easy-rsa/build-key-pkcs12
share/openvpn/easy-rsa/build-key-server
share/openvpn/easy-rsa/build-req
share/openvpn/easy-rsa/build-req-pass
share/openvpn/easy-rsa/clean-all
share/openvpn/easy-rsa/inherit-inter
share/openvpn/easy-rsa/list-crl
Update net/openvpn to 2.1rc4. Changes from version 2.1rc2 include: * Fixed 64-bit portability bug in time_string function (Thomas Habets). * Clean up configure on FreeBSD for recent autotool versions that require that all .h files have to be compiled. Also, FreeBSD install does not support GNU long options which the Makefile in easy-rsa/2.0 uses (not checked the others as we don't install those on Gentoo) (Roy Marples).
2007-06-21 23:44:42 +02:00
share/openvpn/easy-rsa/openssl-0.9.6.cnf
Update net/openvpn to version 2.0.1. Major changes from version 1.6.0 include: Adding a highly scalable server for handling multiple TCP/UDP clients over point-to-point TUN interfaces, all using a single port number. The server has been designed so that it can run with reduced privilege. On the client side, "pull" has been added, which basically says "accept certain config file options which the server pushes back to you." The major win of the push/pull capability is that the same client configuration file can be used on each client provided each client has its own set of SSL/TLS keys which have been signed by the master CA. A management interface has been developed which can be used to remotely control or centrally manage an OpenVPN daemon. "remote" can now specify a set of machines, or a hostname can be configured with multiple addresses in DNS. A server will be randomly chosen from the list, and if the connect fails, another will be tried (see the "remote-random" option) A package for easy RSA key management (easy-rsa-2.0rc1) has been included to aid in generating SSL keys and certificates for use with OpenVPN.
2005-08-17 21:55:57 +02:00
share/openvpn/easy-rsa/openssl.cnf
share/openvpn/easy-rsa/pkitool
share/openvpn/easy-rsa/revoke-full
share/openvpn/easy-rsa/sign-req
share/openvpn/easy-rsa/vars
Update net/openvpn to 2.1rc4. Changes from version 2.1rc2 include: * Fixed 64-bit portability bug in time_string function (Thomas Habets). * Clean up configure on FreeBSD for recent autotool versions that require that all .h files have to be compiled. Also, FreeBSD install does not support GNU long options which the Makefile in easy-rsa/2.0 uses (not checked the others as we don't install those on Gentoo) (Roy Marples).
2007-06-21 23:44:42 +02:00
share/openvpn/easy-rsa/whichopensslcnf
Add a pam option for the PAM plugin
2009-10-30 20:06:06 +01:00
${PLIST.pam}lib/openvpn/openvpn-auth-pam.so
Reference in a new issue Copy permalink