github OpenVPN/openvpn v2.7.1
on GitHub

6 hours ago

New features:

  • Add a new username-only flag argument to --auth-user-pass which
    will now make OpenVPN only query for username and send a dummy password
    to the server. This is only useful if auth schemes are used on the
    server side that will do some sort of external challenge base on username,
    and not password authentication. See discussion in
    GH OpenVPN/openvpn#501
    (starting Jan 30, 2024).
  • Increase default sizing of internal hash maps to 4 * --max-clients.
    The default used to be 256 with a --max-clients default of
    1024 - this is bad for performance, while the memory savings are
    minimal. On a very memory constrained system, reduce --max-clients.

User-visible Changes:

  • When compiled with the AWS-LC SSL library, using --tls-cert-profile
    will now print a run-time warning - the library does not support it,
    so it would silently do nothing.
  • Systemd unit files: change LimitNPROC to TasksMax and increase limit
    (GH: OpenVPN/openvpn#929)
  • Documentation improvements.
  • port-share: log incoming connections at verb 3, not on error
    level anymore (GH: OpenVPN/openvpn#976).

Bugfixes:

  • Fix usage of --lport inside a <connection> block - this got
    broken with the multi-socket patchset (GH: OpenVPN/openvpn#995)
  • Do not try to run auto-pam unit test when cross-compiling.
  • Do not break private-key passphrases of length >= 64
    (GH: OpenVPN/openvpn#993)
  • Fix obscure ASSERT() crash on TCP connects with TAP and no ip config.
  • Make DCO work on FreeBSD systems that have no IPv4 support in kernel
    (FreeBSD PR 286263)
  • Make DCO work on Linux on big endian systems (namely, MIPS and PowerPC)
    (GH: OpenVPN/ovpn-dco#96)
  • Fixup responses to management interface version command (for >= 4)
  • Make --enable-async-push work on FreeBSD 15 (which has native
    inotify support, and consequently no libinotify.pc anymore)
  • Adjust some code parts to new "const" handling on string function
    returns (ISO C23, as implemented by glibc 2.43 and newer).

For details see Changes.rst

Windows Client: Community MSI installer for Windows client can be found at Community Downloads.

Linux Packages: Instructions for installing community-maintained Linux packages can be found in the Community Wiki.

Full Changelog: v2.7.0...v2.7.1

Check out latest releases or
releases around OpenVPN/openvpn v2.7.1

Don't miss a new openvpn release

NewReleases is sending notifications on new releases.

Get notifications