Changes VPN =============================================================================== 2.1.5: ------ 07.12.2003 babel - first release 2.1.6: ------ 07.03.2004 babel - document updates - openvpn checks are more stricter 2.1.7: ------ 25.04.2004 babel - add isdn raw up/down support - add OPENVPN_x_ISDN_CIRC_NAME - add OPENVPN_x_PROTOCOL 2.1.8: ------ xx.xx.2004 babel - rewrote large parts of rc900.openvpn - extended the openvpn check script to catch common user misconfigurations - add several new options: OPENVPN_x_SHAPER shapes outgoing traffic OPENVPN_x_ACTIV disable this openvpn configuration OPENVPN_x_CHECK_CONFIG disable configuration check OPENVPN_x_MSSFIX, OPENVPN_x_FRAGMENT and OPENVPN_x_LINK_MTU allow setting of different link related network settings - update OpenVPN to 1.6 - add packetfilter lists to openvpn. This allows to specify packetfilter rules to individual vpns. 2.1.9: ------ xx.xx.2004 babel - update OpenVPN to 2.0rc7 - add root-down plugin, openvpn now runs again with uid nobody in an empty chroot - remove paketfilter rules if a openvpn process is terminated - change link_mtu, mssfix and fragment settings as recommended, turn on mtu path discovery - removed some configuration options like OPENVPN_DEFAULT_PACKETFILTER and OPENVPN_x_PACKETFILTER - allow logging of OpenVPN packetfilter 2.1.10: ------- 09.06.2005 hh - New Web-GUI 09.06.2005 babel - update OpenVPN to 2.01rc2 - add MUTE_REPLAY_WARNINGS option - add POLICY support 2.1.12: ------- 30.10.2005 babel - update to OpenVPN 2.0.2 02.11.2005 babel - update OpenVPN to 2.0.4 (security bugfix) 13.11.2005 babel - split vpn paket in the two independed packages cipe and openvpn 2.1.13 ------ 02.12.2005 babel - update to OpenvPN 2.0.5 - add chain in-ovpn-ports for all ports that openvpn will listen to - rename paketfilterchains to follow fli4l standard 3.0.0: ------ 18.12.2005 babel - add PRE/POSTROUTING support 3.0.1: ------ 06.01.2006 babel - fix REMOTE-NET, LOCAL-VPN-IP and REMOTE-VPN-IP regex - reformat rc900.openvpn - optimize rc900.openvpn to avoid if calls, use case instead if possible 21.02.2006 helhum - remove NAT rules on OpenVPN connection shutdown - fix parsing for config names like net-sven and sven 3.1.0: ------ 23.06.2006 hh - update to OpenVPN 2.0.7 3.1.1: ------ 11.07.2006 hh - fix bug in fwrules generation (reported by Kai Pape) 14.08.2006 witchdoc - fix bug in build when defining a default route with kernel 2.6 21.08.2006 hh - add skinning support for vpn-gui 3.1.2: ------ 21.11.2006 helhum - add required netfilter targets 14.03.2007 babel - change defaults if someone is using OPENVPN_REMOTE_HOSTS_N 2007 - renamed packet filter variables (for instance INPUT_LIST_N -> PF_INPUT_N) - use ip instead of ifconfig - removed debug code from openvpn daemon - handle new naming scheme of portfw files - update openvpn to 2.0.9 3.1.3: ------ 04.06.07 witchdoc - enable client/server support (--mode server + client mode) 09.08.07 babel - use openvpn 2.1rc4 with fli4l specific patch to allow redirect gateway even is the default gw is routed with a pppoe device 2007-08-19 hh - fall back to openvpn 2.0.9 due to problems with the shaper 2007-09-13 babel - recompile 2.0.9 binaries to make default route via vpn working again. 3.1.4: ------ 2007-12-10 hh - change sec_action from "show" to "view", to unify security section naming with other cgi scripts and therefore do not hide menu entry, for users which only have rights to show/view ovpn status 3.3.0: ------ 2008-04-15 jw5 - introduce dmz type for openvpn connections to allow specification of openvpn tunnels as green networks 2008-05-26 babel - enhance default route handling a lot (and fixing some old bugs). 2008-09-12 bastard - introduce expert-mode 2008-10-24 babel - expert-mode is now optional 3.3.1: ------ 2008-12-20 lanspezi - add dns and rdns delegation for tunnels OPENVPN_x_DNSIP, OPENVPN_x_DOMAIN set dns and rdns for the complete tunnel OPENVPN_x_DNSIP_y, OPENVPN_x_DOMAIN_y set dns and rdns settings for each OPENVPN_x_ROUTE_y 3.3.2: ------ 2009-04-13 tobig - allow tun-devices in firewall config when using expert mode 3.4.1: ------ 2009-05-25 babel - update openvpn binaries to 2.1_rc16 2009-05-26 babel - start every tunnel with hold state and release the hold within ip-up - remove chroot and drop user privileges 2009-06-10 babel - update openvpn binaries to 2.1_rc18 3.5.0: ------ 2009-07-30 babel - update openvpn binaries to 2.1_rc19 and remove different openvpn builds. We now use a full build for everything. - change behaviour of persist-remote-ip to be off if opt_dyndns isn't used. 2009-11-16 babel - update openvpn binaries to 2.1_rc21. - add openvpn 2.0.9 binaries with current managment patches as openvpn-oldstable. Thanks to Frank Rudolph and some fli4l svn "bisecting" we narrow down the shaper problem to openvpn itself. 2009-12-03 babel - update openvpn binaries to 2.1_rc22. - add config option to switch between openvpn 2.0.9 and 2.1.0rcx. 2009-12-23 babel - update openvpn binaries to 2.1.1. 2010-02-12 babel - add UMTS patch from Christian Thiele 2010-03-02 babel - change POSTROUTING for VPN connections. This could break old (buggy) entries! 2010-08-04 babel - add some hints to documentation for FRAGMENT option, see http://extern.fli4l.de/fli4l_newsportal/article.php?id=200166&group=spline.fli4l#200166 2010-08-16 babel - update openvpn to 2.1.2 2010-09-27 babel - update openvpn to 2.1.3 3.6.0: ------ 2011-04-29 - release of stable version 3.6.1: ------ 2011-07-27 babel - warn if shapping is used, shapping causes all kinds of trouble sometimes. 2011-09-28 babel - update to openvpn 2.2.1 3.6.2: ------