OpenVPN 2.4 released

Discussion in 'privacy technology' started by BoerenkoolMetWorst, Jan 2, 2017.

  1. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,341
    Location:
    Outer space
    OpenVPN 2.4.0 -- released on 2016.12.27
    https://openvpn.net/index.php/download/community-downloads.html
     
  2. new2security

    new2security Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    517
    Nice. Now OPVPN gui can be started as a regular user, non-admin.
     
  3. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,341
    Location:
    Outer space
    OpenVPN 2.4.3 -- released on 2017.06.21
     
  4. estervantes

    estervantes Registered Member

    Joined:
    Nov 15, 2007
    Posts:
    47
    Can the latest version, OpenVPN 2.4.3, be installed over the last.or must the previous version be uninstalled first?
     
  5. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    13,444
    Location:
    Here
    You can install new version over previous.
     
  6. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    And so what do those of us that use other products that use OpenVPN do? " AirVPN uses OpenVPN to establish the connection between your computer and the servers."
     
    Last edited: Jun 23, 2017
  7. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    13,444
    Location:
    Here
    You can check for new version of their software.
    Personally I use Mullvad with OpenVPN client and you can check if AirVPN can be set up using OpenVPN client.
     
  8. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    I took the part about OpenVPN from their terms of service. And so AIR already uses OpenVPN. I took a peek at their forum this morning but not seeing anything about an update to fix the OpenVPN issues.
     
  9. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    13,444
    Location:
    Here
    Yes some vendors use OpenVPN as part of their software. But some of them offer configuration files that users can use with native OpenVPN client.
    I checked their site and it seems that they also offer that option: https://airvpn.org/topic/11801-using-airvpn-with-windows-openvpn-gui/
     
  10. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    Ok yes but I am referring to any updates for the vulnerabilities.
     
  11. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,475
    Location:
    North Carolina, USA
    Hello,

    Concerning the AirVPN versions of OpenVPN used in the Eddie client:
    There is a thread on the AirVPN forums discussing this: 4 important security vulnerabilities discovered in OpenVPN - not found by the two recently completed audits of OpenVPN code
    See post # 7 for the Staff reply.
    Currently the experimental version of Eddie (2.13.1) is using OpenVPN 2.4.2 (stable version 2.12.4 is using OpenVPN 2.4). There is supposed to be a new experimental version (2.13.2) released in the next few days which I imagine will use OpenVPN 2.4.3. Note that AirVPN almost never releases a version directly to the stable channel but releases an experimental version first for public testing which will be the case here.
    HTH ;) ...
     
  12. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    13,444
    Location:
    Here
    You have 2 options:
    1. wait for their software to update and start using latest version of OpenVPN (puff-m-d explained it nicely in previous post).
    2. switch from their software to OPenVPN native client and install latest version.

    In first case you have to wait for developers to release new version in second you decide when to update.
     
  13. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,341
    Location:
    Outer space
  14. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499

    Attached Files:

  15. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,341
    Location:
    Outer space
    Yes, that is AirVPN's own software.
     
  16. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    Yup the client is Eddie and their servers use OpenVPN. I checked and all the servers I checked are running OpenVPN versions lower then recommended. Don't know if they are going to update Eddie or just the servers.
     
  17. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    13,444
    Location:
    Here
    There is an option about OpenVPN custom path. Maybe you can install OpenVPN client and point it to it? If their software allows it, it would be IMO best solution. Of course you will have to take care for OpenVPN client updates after that.
     
  18. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    29,086
    OpenVPN v2.4.5 Released (March 01, 2018)
    Download
    Github
    https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst
    Version 2.4.5
    This is primarily a maintenance release, with further improved OpenSSL 1.1 integration, several minor bug fixes and other minor improvements.

    New features
    • The new option --tls-cert-profile can be used to restrict the set of allowed crypto algorithms in TLS certificates in mbed TLS builds. The default profile is 'legacy' for now, which allows SHA1+, RSA-1024+ and any elliptic curve certificates. The default will be changed to the 'preferred' profile in the future, which requires SHA2+, RSA-2048+ and any curve.
    • make CryptoAPI support (Windows) compatible with OpenSSL 1.1 builds
    • TLS v1.2 support for cryptoapicert (on Windows) -- RSA only
    • openvpnserv: Add support for multi-instances (to support multiple parallel OpenVPN installations, like EduVPN and regular OpenVPN)
    • Use P_DATA_V2 for server->client packets too (better packet alignment)
    • improve management interface documentation
    • rework registry key handling for OpenVPN service, notably making most registry values optional, falling back to reasonable defaults
    • accept IPv6 address for pushed "dhcp-option DNS ..." (make OpenVPN 2 option compatible with OpenVPN 3 iOS and Android clients)
    Bug fixes
    • Fix --tls-version-min and --tls-version-max for OpenSSL 1.1+
    • Fix lots of compiler warnings (format string, type casts, ...)
    • Fix --redirect-gateway route installation on Windows systems that have multiple interfaces into the same network (e.g. Wifi and wired LAN).
    • Fix IPv6 interface route cleanup on Windows
    • reload HTTP proxy credentials when moving to the next connection profile
    • Fix build with LibreSSL (multiple times)
    • Remove non-useful warning on pushed tun-ipv6 option.
    • fix building with MSVC due to incompatible C constructs
    • autoconf: Fix engine checks for openssl 1.1
    • lz4: Rebase compat-lz4 against upstream v1.7.5
    • lz4: Fix broken builds when pkg-config is not present but system library is
    • Fix '--bind ipv6only'
    • Allow learning iroutes with network made up of all 0s
     
  19. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    13,444
    Location:
    Here
    Thnx @mood for heads up :thumb:
     
  20. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    29,086
    You're welcome ;)
     
  21. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    29,086
    OpenVPN v2.4.6 Released (April 24, 2018)
    Download
    Github
    https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst
    User visible changes
    • warn if the management interface is configured with a TCP port and no password is set (because it might be possible to interfere with OpenVPN operation by tricking other programs into connecting to the management interface and inject unwanted commands)
    Bug fixes
    • CVE-2018-9336: fix potential double-free() in the Interactive Service (Windows) on malformed input.
    • avoid possible integer overflow in wakeup computation (trac #922)
    • improve handling of incoming packet bursts for control channel data
    • fix compilation with older OpenSSL versions that were broken in 2.4.5
    • Windows + interactive Service: delete the IPv6 route to the "connected" network on tun close
     
  22. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    29,086
    OpenVPN v2.4.7 Released (February 21, 2019)
    Download
    Github
    https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst
    New features
    • ifconfig-ipv6(-push): allow using hostnames (in place of IPv6 addresses)
    • new option: --ciphersuites to select TLS 1.3 cipher suites (--cipher selects TLS 1.2 and earlier ciphers)
    • enable dhcp on tap adapter using interactive service (previously this required a privileged netsh.exe call from OpenVPN)
    • clarify and expand management interface documentation
    • add Interactive Service developer documentation
    User visible changes
    • add message explaining early TLS client hello failure (if TLS 1.0 only clients try to connect to TLS 1.3 capable servers)
    • --show-tls will now display TLS 1.3 and TLS 1.2 ciphers in separate lists (if built with OpenSSL 1.1.1+)
    • don't print OCC warnings about 'key-method', 'keydir' and 'tls-auth' (unnecessary warnings, and will cause spurious warnings with tls-crypt-v2)
    • bump version of openvpn plugin argument structs to 5
    • plugin: Export base64 encode and decode functions
    • man: add security considerations to --compress section
    Bug fixes
    • print port numbers (again) for incoming IPv4 connections received on a dual-stacked IPv6 socket. This got lost at some point during rewrite of the dual-stack code and proper printing of IPv4 addresses.
    • fallback to password authentication when auth-token fails
    • fix combination of --dev tap and --topology subnet across multiple platforms (BSDs, MacOS, and Solaris).
    • fix Windows CryptoAPI usage for TLS 1.2 signatures
    • fix option handling in combination with NCP negotiation and OCC (--opt-verify failure on reconnect if NCP modified options and server verified "original" vs. "modified" options)
    • mbedtls: print warning if random personalisation fails
    • fix subnet topology on NetBSD (2.4).
     
  23. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    13,444
    Location:
    Here
  24. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    29,086
    You're welcome. :)
     
  25. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    13,444
    Location:
    Here
    OpenVPN Windows installer was upgraded from openvpn-install-2.4.7-I601 to openvpn-install-2.4.7-I603. It contains new version of OpenVPN GUI.
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.