Full-featured SSL VPN solution using a TUN/TAP Interface
OpenVPN is a full-featured SSL VPN solution which can accommodate a wide
range of configurations, including remote access, site-to-site VPNs,
WiFi security, and enterprise-scale remote access solutions with load
balancing, failover, and fine-grained access-controls.
OpenVPN implements OSI layer 2 or 3 secure network extension using the
industry standard SSL/TLS protocol, supports flexible client
authentication methods based on certificates, smart cards, and/or
2-factor authentication, and allows user or group-specific access
control policies using firewall rules applied to the VPN virtual
interface.
OpenVPN runs on: Linux, Windows 2000/XP and higher, OpenBSD, FreeBSD,
NetBSD, Mac OS X, and Solaris.
OpenVPN is not a web application proxy and does not operate through a
web browser.
- Sources inherited from project SUSE:SLE-15-SP6:GA
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout SUSE:SLE-15-SP6:Update/openvpn && cd $_ - Create Badge
Source Files
| Filename | Size | Changed |
|---|---|---|
| client-netconfig.down | 0000001043 1.02 KB | |
| client-netconfig.up | 0000002188 2.14 KB | |
| openvpn-2.3-plugin-man.dif | 0000000698 698 Bytes | |
| openvpn-2.6.8.tar.gz | 0001896563 1.81 MB | |
| openvpn-2.6.8.tar.gz.asc | 0000000833 833 Bytes | |
| openvpn-tmpfile.conf | 0000000032 32 Bytes | |
| openvpn.README.SUSE | 0000000821 821 Bytes | |
| openvpn.changes | 0000070318 68.7 KB | |
| openvpn.keyring | 0000031982 31.2 KB | |
| openvpn.service | 0000000484 484 Bytes | |
| openvpn.spec | 0000008982 8.77 KB | |
| openvpn.target | 0000000097 97 Bytes | |
| rcopenvpn | 0000000535 535 Bytes |
Latest Revision
Daniel Mach (dmach)
committed
(revision 3)
- update to 2.6.8: (jsc#PED-5763 bsc#1217073)
* SIGSEGV crash: Do not check key_state buffers that are in S_UNDEF
state - the new sanity check function introduced in 2.6.7 sometimes
tried to use a NULL pointer after an unsuccessful TLS handshake
* CVE-2023-46850 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly
use a send buffer after it has been free()d in some circumstances,
causing some free()d memory to be sent to the peer. All configurations
using TLS (e.g. not using --secret) are affected by this issue.
* CVE-2023-46849 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly
restore --fragment configuration in some circumstances, leading to a
division by zero when --fragment is used. On platforms where division
by zero is fatal, this will cause an OpenVPN crash.
* DCO: warn if DATA_V1 packets are sent by the other side - this a hard
incompatibility between a 2.6.x client connecting to a 2.4.0-2.4.4
server, and the only fix is to use --disable-dco.
* Remove OpenSSL Engine method for loading a key. This had to be removed
because the original author did not agree to relicensing the code with
the new linking exception added. This was a somewhat obsolete feature
anyway as it only worked with OpenSSL 1.x, which is end-of-support.
* add warning if p2p NCP client connects to a p2mp server - this is a
combination that used to work without cipher negotiation (pre 2.6 on
both ends), but would fail in non-obvious ways with 2.6 to 2.6.
* add warning to --show-groups that not all supported groups are listed
(this is due the internal enumeration in OpenSSL being a bit weird,
omitting X448 and X25519 curves).
* --dns: remove support for exclude-domains argument (this was a new 2.6
option, with no backend support implemented yet on any platform, and it
turns out that no platform supported it at all - so remove option again)
* warn user if INFO control message too long, do not forward to management
client (safeguard against protocol-violating server implementations)
Comments 0