mlock
will now check if enough memlock-able memory has been reserved,The --peer-fingerprint
option has been introduced to give users an
easy to use alternative to the tls-verify
for matching the
fingerprint of the peer. The option takes use a number of allowed
SHA256 certificate fingerprints.
See the man page section "Small OpenVPN setup with peer-fingerprint" for a tutorial on how to use this feature. This is also available online under https://github.com/openvpn/openvpn/blob/master/doc/man-sections/example-fingerprint.rst
--peer-fingerprint
is used, the --ca
and --capath
option
become optional. This allows for small OpenVPN setups without setting up
a PKI with Easy-RSA or similar software.--auth-user-pass-verify
script supports now deferred authentication.Both auth plugin and script can now signal pending authentication to
the client when using deferred authentication. The new client-crresponse
script option and OPENVPN_PLUGIN_CLIENT_CRRESPONSE
plugin function can
be used to parse a client response to a CR_TEXT
two factor challenge.
See sample/sample-scripts/totpauth.py
for an example.
--compat-mode
)--compat-mode
allows UIs to provide users
with an easy way to still connect to older servers.--tls-cert-profile insecure
has been added to allow selecting the lowest OpenSSL security level (not
recommended, use only if you must). OpenSSL 3.0 no longer supports the Blowfish
(and other deprecated) algorithm by default and the new option --providers
allows loading the legacy provider to renable these algorithms.--data-ciphers
--data-ciphers
can now be prefixed with a ?
to mark
those as optional and only use them if the SSL library supports them.inetd
has been removedverify-hash
has been deprecated--ca
configuration or with a --tls-verify
script.secret
has been deprecated--peer-fingerprint
makes
TLS mode about as easy as using --secret
.ncp-disable
has been removedtls-version-min
is set to 1.2 by default. OpenVPN 2.6.0 defaults
to a minimum TLS version of 1.2 as TLS 1.0 and 1.1 should be generally
avoided. Note that OpenVPN versions older than 2.3.7 use TLS 1.0 only.--cipher
argument is no longer appended to --data-ciphers
--cipher
has been removed.
Effectively, --cipher
is a no-op in TLS mode now, and will
only have an effect in pre-shared-key mode (--secret
).
From now on --cipher
should not be used in new configurations
for TLS mode.
Should backwards compatibility with older OpenVPN peers be
required, please see the --compat-mode
instead.--prng
has beeen removed--allow-compression
defaults to no
in OpeNVPN 2.6.0.
By default, OpenVPN 2.5 still allowed a server to enable compression by
pushing compression related options.--management-client-pf
and any other compile
time or run time related option do not exist any longer.--data-ciphers
when available.--prng
is ignored as we rely on the SSL library random number generator.--nobind
is default when --client
or --pull
is used in the configuration--tls-crypt-v2
)tls-crypt-v2
adds the ability to supply each client with a unique
tls-crypt key. This allows large organisations and VPN providers to profit
from the same DoS and TLS stack protection that small deployments can
already achieve using tls-auth
or tls-crypt
.The option ncp-ciphers
has been renamed to data-ciphers
.
The old name is still accepted. The change in name signals that
data-ciphers
is the preferred way to configure data channel
ciphers and the data prefix is chosen to avoid the ambiguity that
exists with --cipher
for the data cipher and tls-cipher
for the TLS ciphers.
OpenVPN clients will now signal all supported ciphers from the
data-ciphers
option to the server via IV_CIPHERS
. OpenVPN
servers will select the first common cipher from the data-ciphers
list instead of blindly pushing the first cipher of the list. This
allows to use a configuration like
data-ciphers ChaCha20-Poly1305:AES-256-GCM
on the server that
prefers ChaCha20-Poly1305 but uses it only if the client supports it.
See the data channel negotiation section in the manual for more details.
By default OpenVPN 2.5 will only accept AES-256-GCM and AES-128-GCM as data ciphers. OpenVPN 2.4 allows AES-256-GCM,AES-128-GCM and BF-CBC when no --cipher and --ncp-ciphers options are present. Accepting BF-CBC can be enabled by adding
data-ciphers AES-256-GCM:AES-128-GCM:BF-CBC
and when you need to support very old peers also
data-ciphers-fallback BF-CBC
To offer backwards compatibility with older configs an explicit
cipher BF-CBC
in the configuration will be automatically translated into adding BF-CBC to the data-ciphers option and setting data-ciphers-fallback to BF-CBC (as in the example commands above). We strongly recommend to switching away from BF-CBC to a more secure cipher.
--client-connect
option and the connect plugin API allow
asynchronous/deferred return of the configuration file in the same way
as the auth-plugin.IV_PROTO
variable that it is in pull
mode. This allows the server to push the configuration options to
the client without waiting for a PULL_REQUEST
message. The feature
is automatically enabled if both client and server support it and
significantly reduces the connection setup time by avoiding one
extra packet round-trip and 1s of internal event delays.On Linux, if configured without --enable-iproute2
, configuring IP
addresses and adding/removing routes is now done via the netlink(3)
kernel interface. This is much faster than calling ifconfig
or
route
and also enables OpenVPN to run with less privileges.
If configured with --enable-iproute2, the ip
command is used
(as in 2.4). Support for ifconfig
and route
is gone.
wintun
devices. They are faster
than the traditional tap9
tun/tap devices, but do not provide
--dev tap
mode - so the official installers contain both. To use
a wintun device, add --windows-driver wintun
to your config
(and use of the interactive service is required as wintun needs
SYSTEM privileges to enable access).--bind-dev
option, the OpenVPN outside socket can
now be put into a Linux VRF. See the "Virtual Routing and Forwarding"
documentation in the man page.--tls-ciphersuites
and --tls-groups
have been
added to fine tune TLS protocol options. Most of the improvements
were also backported to OpenVPN 2.4 as part of the maintainance
releases.--dhcp-option DOMAIN-SEARCH my.example.com
has been
defined, and Windows support for it is implemented (tun/tap only, no
wintun support yet). Other platforms need to support this via --up
script (Linux) or GUI (OSX/Tunnelblick).--data-ciphers
or data-ciphers-fallback
Add support for OpenSSL engines to access private key material (like TPM).
--auth-gen-token
support has been improved and now generates HMAC
based user token. If the optional --auth-gen-token-secret
option is
used clients will be able to seamlessly reconnect to a different server
using the same secret file or to the same server after a server restart.The protocol has been enhanced to be able to signal that the authentication should use a secondary authentication via web (like SAML) or a two factor authentication without disconnecting the OpenVPN session with AUTH_FAILED. The session will instead be stay in a authenticated state and wait for the second factor authentication to complete.
This feature currently requires usage of the managent interface
on both client and server side. See the management-notes.txt
client-pending-auth
and cr-response
commands for more
details.
OpenVPN servers in TAP mode can now use 802.1q tagged VLANs
on the TAP interface to separate clients into different groups
that can then be handled differently (different subnets / DHCP,
firewall zones, ...) further down the network. See the new
options --vlan-tagging
, --vlan-accept
, --vlan-pvid
.
802.1q tagging on the client side TAP interface is not handled today (= tags are just forwarded transparently to the server).
Support building of .msi installers for Windows
Allow unicode search string in --cryptoapicert
option (Windows)
--block-ipv6
to reject all IPv6 packets (ICMPv6)--ifconfig-ipv6
and --ifconfig-ipv6-push
will now acceptFor an up-to-date list of all deprecated options, see this wiki page: https://community.openvpn.net/openvpn/wiki/DeprecatedOptions
ncp-disable
has been deprecatedncp-disable
should not be necessary anymore.inetd
has been deprecated
This is a very limited and not-well-tested way to run OpenVPN, on TCP
and TAP mode only, which complicates the code quite a bit for little gain.
To be removed in OpenVPN 2.6 (unless users protest).no-iv
has been removed
This option was made into a NOOP option with OpenVPN 2.4. This has now
been completely removed.--client-cert-not-required
has been removed
This option will now cause server configurations to not start. Use
--verify-client-cert none
instead.--ifconfig-pool-linear
has been removed
This option is removed. Use --topology p2p
or --topology subnet
instead.--compress xxx
is considered risky and is warned against, see below.--key-method 1
has been removed--compress
is nowadays considered risky, because attacks exist
leveraging compression-inside-crypto to reveal plaintext (VORACLE). So
by default, --compress xxx
will now accept incoming compressed
packets (for compatibility with peers that have not been upgraded yet),
but will not use compression outgoing packets. This can be controlled with
the new option --allow-compression yes|no|asym
.--txlen
aways from OS defaults unless explicitly specified
in config file. OS defaults nowadays are actually larger then what we used
to configure, so our defaults sometimes caused packet drops = bad performance.--writepid
pid file on exit now--machine-readable-output
)--clr-verify
now loads all CRLs if more than one CRL is in the same
file (OpenSSL backend only, mbedTLS always did that)--auth-user-pass file
has no password, and the management interface
is active, query management interface (instead of trying console query,
which does not work on windows)--cryptoapicert
)--socks-proxy
+ --proto udp*
will now allways use IPv4, even if
IPv6 is requested and available. Our SOCKS code does not handle IPv6+UDP,
and before that change it would just fail in non-obvious ways.key-method
,
keydir
, tls-auth
and cipher
- these are either gone now, or
negotiated, and the warnings do not serve a useful purpose.dhcp-option DNS
and dhcp-option DNS6
are now treated identically
(= both accept an IPv4 or IPv6 address for the nameserver)make distcheck
it is). Release tarballs
contain the openvpn.8 file, so unless some .rst is changed, doc-utils are
not needed for building.--disable-server
has been removed from configure (so it is no longer
possible to build a client-/p2p-only OpenVPN binary) - the saving in code
size no longer outweighs the extra maintenance effort.--enable-iproute2
will disable netlink(3) support, so maybe remove
that from package building configs (see above)--disable-crypto
configure option has been removed. OpenVPN is now always
built with crypto support, which makes the code much easier to maintain.
This does not affect --cipher none
to do a tunnel without encryption.--disable-multi
configure option has been removedData channel ciphers (--cipher
) are now by default negotiated. If a
client advertises support for Negotiable Crypto Parameters (NCP), the
server will choose a cipher (by default AES-256-GCM) for the data channel,
and tell the client to use that cipher. Data channel cipher negotiation
can be controlled using --ncp-ciphers
and --ncp-disable
.
A more limited version also works in client-to-server and server-to-client
scenarios where one of the end points uses a v2.4 client or server and the
other side uses an older version. In such scenarios the v2.4 side will
change to the --cipher
set by the remote side, if permitted by by
--ncp-ciphers
. For example, a v2.4 client with --cipher BF-CBC
and ncp-ciphers AES-256-GCM:AES-256-CBC
can connect to both a v2.3
server with cipher BF-CBC
as well as a server with
cipher AES-256-CBC
in its config. The other way around, a v2.3 client
with either cipher BF-CBC
or cipher AES-256-CBC
can connect to a
v2.4 server with e.g. cipher BF-CBC
and
ncp-ciphers AES-256-GCM:AES-256-CBC
in its config. For this to work
it requires that OpenVPN was built without disabling OCC support.
--remote
OpenVPN
will now try all addresses (IPv6 and IPv4) of a --remote
entry.A new DHCP sub-option DNS6
is added alongside with the already existing
DNS
sub-option. This is used to provide DNS resolvers available over
IPv6. This may be pushed to clients where `` --up`` scripts and --plugin
can act upon it through the foreign_option_<n>
environment variables.
Support for the Windows client picking up this new sub-option is added,
however IPv6 DNS resolvers need to be configured via netsh
which requires
administrator privileges unless the new interactive services on Windows is
being used. If the interactive service is used, this service will execute
netsh
in the background with the proper privileges.
The installer starts OpenVPNServiceInteractive automatically and configures it to start at system startup.
The interactive Windows service allows unprivileged users to start OpenVPN connections in the global config directory (usually C:\Program Files\OpenVPN\config) using OpenVPN GUI without any extra configuration.
Users who belong to the built-in Administrator group or to the local "OpenVPN Administrator" group can also store configuration files under %USERPROFILE%\OpenVPN\config for use with the interactive service.
--push-reset
).<http-proxy-user-pass>
.. </http-proxy-user-pass>
--push-peer-info
is set on client).--tls-crypt
)--tls-auth
key) to encrypt control
channel packets. Provides more privacy, some obfuscation and poor-man's
post-quantum security../configure --enable-async-push
. This is a compile-time only switch.For an up-to-date list of all deprecated options, see this wiki page: https://community.openvpn.net/openvpn/wiki/DeprecatedOptions
--key-method 1
is deprecated in OpenVPN 2.4 and will be removed in v2.5.
Migrate away from --key-method 1
as soon as possible. The recommended
approach is to remove the --key-method
option from the configuration
files, OpenVPN will then use --key-method 2
by default. Note that this
requires changing the option in both the client and server side configs.--tls-remote
is removed in OpenVPN 2.4, as indicated in the v2.3
man-pages. Similar functionality is provided via --verify-x509-name
,
which does the same job in a better way.--compat-names
and --no-name-remapping
were deprecated in OpenVPN 2.3
and will be removed in v2.5. All scripts and plug-ins depending on the old
non-standard X.509 subject formatting must be updated to the standardized
formatting. See the man page for more information.--no-iv
is deprecated in OpenVPN 2.4 and will be removed in v2.5.--keysize
is deprecated in OpenVPN 2.4 and will be removed in v2.6
together with the support of ciphers with cipher block size less than
128-bits.--comp-lzo
is deprecated in OpenVPN 2.4. Use --compress
instead.--ifconfig-pool-linear
has been deprecated since OpenVPN 2.1 and will be
removed in v2.5. Use --topology p2p
instead.--client-cert-not-required
is deprecated in OpenVPN 2.4 and will be removed
in v2.5. Use --verify-client-cert none
for a functional equivalent.--ns-cert-type
is deprecated in OpenVPN 2.3.18 and v2.4. It will be removed
in v2.5. Use the far better --remote-cert-tls
option which replaces this
feature.When using ciphers with cipher blocks less than 128-bits,
OpenVPN will complain loudly if the configuration uses ciphers considered
weak, such as the SWEET32 attack vector. In such scenarios, OpenVPN will by
default renegotiate for each 64MB of transported data (--reneg-bytes
).
This renegotiation can be disabled, but is HIGHLY DISCOURAGED.
For certificate DNs with duplicate fields, e.g. "OU=one,OU=two", both fields are now exported to the environment, where each second and later occurrence of a field get _$N appended to it's field name, starting at N=1. For the example above, that would result in e.g. X509_0_OU=one, X509_0_OU_1=two. Note that this breaks setups that rely on the fact that OpenVPN would previously (incorrectly) only export the last occurrence of a field.
proto udp
and proto tcp
now use both IPv4 and IPv6. The new
options proto udp4
and proto tcp4
use IPv4 only.
--sndbuf
and --recvbuf
default now to OS defaults instead of 64k
OpenVPN exits with an error if an option has extra parameters; previously they were silently ignored
--tls-auth
always requires OpenVPN static key files and will no
longer work with free form files
--proto udp6/tcp6
in server mode will now try to always listen to
both IPv4 and IPv6 on platforms that allow it. Use --bind ipv6only
to explicitly listen only on IPv6.
Removed --enable-password-save
from configure. This option is now
always enabled.
Stricter default TLS cipher list (override with --tls-cipher
), that now
also disables:
mbed TLS builds: changed the tls_digest_N values exported to the script environment to be equal to the ones exported by OpenSSL builds, namely the certificate fingerprint (was the hash of the 'to be signed' data).
mbed TLS builds: minimum RSA key size is now 2048 bits. Shorter keys will not be accepted, both local and from the peer.
--connect-timeout
now specifies the timeout until the first TLS packet
is received (identical to --server-poll-timeout
) and this timeout now
includes the removed socks proxy timeout and http proxy timeout.
In --static
mode connect-timeout
specifies the timeout for TCP and
proxy connection establishment
--connect-retry-max
now specifies the maximum number of unsuccessful
attempts of each remote/connection entry before exiting.
--http-proxy-timeout
and the static non-changeable socks timeout (5s)
have been folded into a "unified" --connect-timeout
which covers all
steps needed to connect to the server, up to the start of the TLS exchange.
The default value has been raised to 120s, to handle slow http/socks
proxies graciously. The old "fail TCP fast" behaviour can be achieved by
adding "--connect-timeout 10
" to the client config.
--http-proxy-retry
and --sock-proxy-retry
have been removed. Proxy connections
will now behave like regular connection entries and generate a USR1 on failure.
--connect-retry
gets an optional second argument that specifies the maximum
time in seconds to wait between reconnection attempts when an exponential
backoff is triggered due to repeated retries. Default = 300 seconds.
Data channel cipher negotiation (see New features section) can override
ciphers configured in the config file. Use --ncp-disable
if you do not want
this behavior.
All tun devices on all platforms are always considered to be IPv6
capable. The --tun-ipv6
option is ignored (behaves like it is always
on).
On the client side recursively routed packets, which have the same destination as the VPN server, are dropped. This can be disabled with --allow-recursive-routing option.
On Windows, when the --register-dns
option is set, OpenVPN no longer
restarts the dnscache
service - this had unwanted side effects, and
seems to be no longer necessary with currently supported Windows versions.
If no flags are given, and the interactive Windows service is used, "def1" is implicitly set (because "delete and later reinstall the existing default route" does not work well here). If not using the service, the old behaviour is kept.
OpenVPN now reloads a CRL only if the modication time or file size has changed, instead of for each new connection. This reduces the connection setup time, in particular when using large CRLs.
OpenVPN now ships with more up-to-date systemd unit files which take advantage of the improved service management as well as some hardening steps. The configuration files are picked up from the /etc/openvpn/server/ and /etc/openvpn/client/ directories (depending on unit file). This also avoids these new unit files and how they work to collide with older pre-existing unit files.
Using --no-iv
(which is generally not a recommended setup) will
require explicitly disabling NCP with --disable-ncp
. This is
intentional because NCP will by default use AES-GCM, which requires
an IV - so we want users of that option to consciously reconsider.
--tls-cert-profile
can be used to restrict the set of
allowed crypto algorithms in TLS certificates in mbed TLS builds. The
default profile is 'legacy' for now, which allows SHA1+, RSA-1024+ and any
elliptic curve certificates. The default will be changed to the 'preferred'
profile in the future, which requires SHA2+, RSA-2048+ and any curve.--x509-track
post-authentication remote DoS
A client could crash a v2.4+ mbedtls server, if that server uses the
--x509-track
option and the client has a correct, signed and unrevoked
certificate that contains an embedded NUL in the certificate subject.
Discovered and reported to the OpenVPN security team by Guido Vranken.--x509-username-field
option with an X.509
extension field (option argument prefixed with ext:
). A client that can
cause a server to run out-of-memory (see above) might be able to cause the
server to double free, which in turn might lead to remote code execution.
Discovered and reported to the OpenVPN security team by Guido Vranken.
(OpenSSL builds only.)--http-proxy <server> <port> [<authfile>|'auto'|'auto-nct'] ntlm2
),
a man-in-the-middle attacker between the client and the proxy can cause
the client to crash or disclose at most 96 bytes of stack memory. The
disclosed stack memory is likely to contain the proxy password. If the
proxy password is not reused, this is unlikely to compromise the security
of the OpenVPN tunnel itself. Clients who do not use the --http-proxy
option with ntlm2 authentication are not affected.--mssfix
are enabled and the IPv6 networks used inside the VPN
are known.Proxy-Authenticate:
headers for digest auth.--tls-cipher
optionGetModuleFileNameW()
(OSTIF/Quarkslabs audit, finding 5.6)--verify-hash
can now take an optional flag which changes the hashing
algorithm. It can be either SHA1 or SHA256. The default if not provided is
SHA1 to preserve backwards compatibility with existing configurations.--x509-username-field
extension fields to subjectAltName
and issuerAltName. Other extensions probably didn't work anyway, and would
cause OpenVPN to crash when a client connects.tls_digest_*
env vars, or that use --verify-hash
will have to change
the fingerprint values they check against. The security impact of the
incorrect calculation is very minimal; the last few bytes (max 4, typically
4) are not verified by the fingerprint. We expect no real-world impact,
because users that used this feature before will notice that it has suddenly
stopped working, and users that didn't will notice that connection setup
fails if they specify correct fingerprints.--plugin
--remote-cert-tls
is
used, we leaked some memory on each TLS (re)negotiation.--tls-auth
or
--tls-crypt
is used, only attackers that have the --tls-auth
or
--tls-crypt
key can mount an attack.
(OSTIF/Quarkslab audit finding 5.1, CVE-2017-7478)--remote-cert-ku
now only requires the certificate to have at least the
bits set of one of the values in the supplied list, instead of requiring an
exact match to one of the values in the list.--remote-cert-tls
now only requires that a keyUsage is present in the
certificate, and leaves the verification of the value up to the crypto
library, which has more information (i.e. the key exchange method in use)
to verify that the keyUsage is correct.--ns-cert-type
is deprecated. Use --remote-cert-tls
instead.
The nsCertType x509 extension is very old, and barely used.
--remote-cert-tls
uses the far more common keyUsage and extendedKeyUsage
extension instead. Make sure your certificates carry these to be able to
use --remote-cert-tls
.此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。