Full-featured SSL VPN solution using a TUN/TAP Interface
OpenVPN is a full-featured SSL VPN solution which can accommodate a wide
range of configurations, including remote access, site-to-site VPNs,
WiFi security, and enterprise-scale remote access solutions with load
balancing, failover, and fine-grained access-controls.
OpenVPN implements OSI layer 2 or 3 secure network extension using the
industry standard SSL/TLS protocol, supports flexible client
authentication methods based on certificates, smart cards, and/or
2-factor authentication, and allows user or group-specific access
control policies using firewall rules applied to the VPN virtual
interface.
OpenVPN runs on: Linux, Windows 2000/XP and higher, OpenBSD, FreeBSD,
NetBSD, Mac OS X, and Solaris.
OpenVPN is not a web application proxy and does not operate through a
web browser.
- Sources inherited from project SUSE:SLE-15-SP6:GA
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout SUSE:SLE-15-SP6:Update/openvpn && cd $_
- Create Badge
Source Files
Filename | Size | Changed |
---|---|---|
client-netconfig.down | 0000001043 1.02 KB | |
client-netconfig.up | 0000002188 2.14 KB | |
openvpn-2.3-plugin-man.dif | 0000000698 698 Bytes | |
openvpn-2.6.8.tar.gz | 0001896563 1.81 MB | |
openvpn-2.6.8.tar.gz.asc | 0000000833 833 Bytes | |
openvpn-tmpfile.conf | 0000000032 32 Bytes | |
openvpn.README.SUSE | 0000000821 821 Bytes | |
openvpn.changes | 0000070318 68.7 KB | |
openvpn.keyring | 0000031982 31.2 KB | |
openvpn.service | 0000000484 484 Bytes | |
openvpn.spec | 0000008982 8.77 KB | |
openvpn.target | 0000000097 97 Bytes | |
rcopenvpn | 0000000535 535 Bytes |
Latest Revision
- update to 2.6.8: (jsc#PED-5763 bsc#1217073) * SIGSEGV crash: Do not check key_state buffers that are in S_UNDEF state - the new sanity check function introduced in 2.6.7 sometimes tried to use a NULL pointer after an unsuccessful TLS handshake * CVE-2023-46850 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly use a send buffer after it has been free()d in some circumstances, causing some free()d memory to be sent to the peer. All configurations using TLS (e.g. not using --secret) are affected by this issue. * CVE-2023-46849 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly restore --fragment configuration in some circumstances, leading to a division by zero when --fragment is used. On platforms where division by zero is fatal, this will cause an OpenVPN crash. * DCO: warn if DATA_V1 packets are sent by the other side - this a hard incompatibility between a 2.6.x client connecting to a 2.4.0-2.4.4 server, and the only fix is to use --disable-dco. * Remove OpenSSL Engine method for loading a key. This had to be removed because the original author did not agree to relicensing the code with the new linking exception added. This was a somewhat obsolete feature anyway as it only worked with OpenSSL 1.x, which is end-of-support. * add warning if p2p NCP client connects to a p2mp server - this is a combination that used to work without cipher negotiation (pre 2.6 on both ends), but would fail in non-obvious ways with 2.6 to 2.6. * add warning to --show-groups that not all supported groups are listed (this is due the internal enumeration in OpenSSL being a bit weird, omitting X448 and X25519 curves). * --dns: remove support for exclude-domains argument (this was a new 2.6 option, with no backend support implemented yet on any platform, and it turns out that no platform supported it at all - so remove option again) * warn user if INFO control message too long, do not forward to management client (safeguard against protocol-violating server implementations)
Comments 0