Bug fixes:
- on Windows, do not use "wmic.exe" any longer to set DNS search domain
(discontinued by Microsoft), use "powershell" fragment instead. - on Windows, logging to the windows event log has been improved
(and logging of GetLastError() strings repaired). To make this work,
a new "openvpnmsgserv.dll" library is now installed and registered. - DNS domain names are now strictly validated with a positive-list of
allowed characters (including UTF-8 high-bit-set bytes) before being
handed to powershell. - Apply more checks to incoming TLS handshake packets before creating
new state - namely, verify message ID / acked ID for "valid range for
an initial packet". This fixes a problem with clients that float
very early but send control channel packet from the pre-float IP
(Github: OpenVPN/openvpn#704,
backported from 2.7_beta1. - backport handling of client float notifications on FreeBSD 14/STABLE DCO
(see https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289303) - update GPL license text to latest version from FSF
- on Linux, on interfaces where applicable, OpenVPN explicitly configures
the broadcast address again. This was dropped for 2.6.0 "because
computers are smart and can do it themselves", but the kernel netlink
interface isn't, and will install "0.0.0.0". This does not normally
matter, but for broadcast-based applications that get the address to
use from "ifconfig", this change repairs functionality.
Windows Client: Community MSI installer for Windows client can be found at Community Downloads.
Linux Packages: Instructions for installing community-maintained Linux packages can be found in the Community Wiki.
Full Changelog: v2.6.14...v2.6.15