[eurephia-devel] [announcement] eurephia v0.9.2 beta released

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

A new beta release of eurephia is released.  git tree getting updated very soon as well.

The following changes is implemented in this release:

* BUGFIX:  Fixed wrong attempt count reset during eurephia_tlsverify(...)

	The attempt counter for certificates was reset too early.  It was
	reset on successful TLS verification.  But the only place these
	counters should be reset is after successful authentication in
	eurephia_userauth(...)

* BUGFIX:  Firewall thread did not shutdown properly

	The master OpenVPN thread used waitpid() to wait for the firewall
	worker thread to complete.  In daemon mode, these two threads are
	not related any more and is considered to be separate, making the
	waitpid() call fail.

	A solution using POSIX semaphores is introduced as a communication
	method between the processes during shutdown.

* FEATURE: Added firewall block when IP addresses are blacklisted

	When this feature is enabled, IP addresses which is blacklisted in the
	database, will also be inserted into a separate firewall chain.  This
	is to block traffic from the offending client before it reaches the
	OpenVPN process.

	Added new configuration parameter: firewall_blacklist_destination
	This parameter will contain the firewall chain these blacklisted IP
	addresses should be inserted into.

* FEATURE: Added eDBget_blacklisted_ip(ctx) functions in DB drivers

	To support the new firewall blocking feature, a new function in the
	database layer was needed to retrieve all registered blacklisted
	IP addresses.  This is used when OpenVPN starts, to update the
	defined firewall chain to block those IP addresses immediately and
	make in this way make it durable when OpenVPN or the server restarts.

* SOURCE TREE: Created install rules via cmake

	Now you can run configure with --prefix and --sqlite3-prefix options
	to define where to install the eurephia modules and the SQLite3 database
	file.

	The default --prefix is set to /etc/openvpn/eurephia  and for the
	--sqlite3-prefix it is /etc/openvpn

	When running make install, the needed files will be installed into these
	directories.

* SOURCE TREE: Reorganised the source code and some code cleanup

	Moved all OpenVPN plug-in related things into ./plugins, including firewall
	interface.  All shared code got moved into ./common and moved the generic
	part of the database files into ./database

kind regards,

David Sommerseth
da...@us...