From: James Y. <ji...@nt...> - 2002-05-22 13:18:11
|
Download: http://prdownloads.sourceforge.net/openvpn/openvpn-1.2.0.tar.gz Release Notes: OpenVPN 1.2.0 adds pthread support for background processing of SSL/TLS key negotiations, allowing efficient usage of large RSA keys (i.e. 2048 bits or larger). The OpenVPN web site has been considerably expanded, including a new HOWTO page that gives detailed instructions for setting up a complete telecommuting solution with firewall, VPN, NAT, and DHCP support. OpenVPN 1.2.0 has additional feature improvements including configuration file support and running daemon statistics via SIGUSR2. Since version 1.1.1, OpenVPN has seen extensive porting activity, including ports to Solaris, OpenBSD, Mac OS X (Darwin), and 64-bit Linux. ChangeLog from 1.1.1 -> 1.2.0 * Added configuration file support via the --config option. * Added pthread support to improve latency. With pthread support, OpenVPN will offload CPU-intensive tasks such as RSA key number crunching to a background thread to improve tunnel packet forwarding latency. pthread support can be enabled with the --enable-pthread configure option. Pthread support is currently available only for Linux and Solaris. * Added --dev-type option so that tun/tap device names don't need to begin with "tun" or "tap". * Added --writepid option to write main process ID to a file. * Numerous portability fixes to ease porting to other OSes including changing all network types to uint8_t and uint32_t, and not assuming that time_t is 32 bits. * Backported to OpenSSL 0.9.5. * Ported to Solaris. * Finished OpenBSD port except for pthread support. * Added initialization script: sample-scripts/openvpn.init (Douglas Keller) * Ported to Mac OS X (Christoph Pfisterer). * Improved resilience to DoS attacks when TLS mode is used without --remote or --tls-auth, or when --float is used with --remote. Note however that the best defense against DoS attacks in TLS mode is to use --tls-auth. * Eliminated automake/autoconf dependency for non-developers. * Ported configure.in to configure.ac and autoconf 2.50+. * SIGHUP signal now causes OpenVPN to restart and re-read command line and or config file, in conformance with canonical daemon behaviour. * SIGUSR1 now does what SIGHUP did in version 1.1.1 and earlier -- close and reopen the UDP socket for use when DHCP changes host's IP address and preserve most recently authenticated peer address without rereading config file. * SIGUSR2 added -- outputs current statistics, including compression statistics. * All changes maintain protocol compatibility with 1.1.1 and 1.1.0. James |