User visible changes
- disable DCO if
--bind-devoption is given (no support for this in
the old out-of-kernel Linux DCO implementation) - on Windows, if using
--ip-win32 netshand not using the interactive
service, IPv4 addresses would be installed as "permanent", possibly
causing problems later on with using that IPv4 address on a different
interface. Change to "store=active". (GH: #915) - improve pull-filter documentation, emphasizing possible problems if
used as a naive security measure (reported by SRLabs)
Bugfixes
- p2mp server: fix incorrect file descriptor handling on "inotify" FD
during a SIGUSR1 restart (GH: #966) - management interface: fix bug where
--management-forget-disconnect
and--management-signalcould be executed even if password authentication
to managment interface was still pending (ZeroPath finding) - repair client-side interaction on reconnect between DCO event handling
and--persist-tun- after a ping timeout and reconnect, the DCO
event handler would not be armed, and the next ping timeout would not
be received by userland, causing non-working connections with nothing
in the openvpn log (Linux and FreeBSD only, GH: #947)
- prevent crash on invalid server-ipv6 argument, calling
freeaddrinfo()
with a NULL pointer. This only affects OpenBSD. (Klemens Nanni).
Windows Client: Community MSI installer for Windows client can be found at Community Downloads.
Linux Packages: Instructions for installing community-maintained Linux packages can be found in the Community Wiki.
Full Changelog: v2.6.17...v2.6.19