发布于 2014-10-31 02:22:51 | 402 次阅读 | 评论: 0 | 来源: 网友投递
OpenVPN
VPN直译就是虚拟专用通道,是提供给企业之间或者个人与公司之间安全数据传输的隧道,OpenVPN无疑是Linux下开源VPN的先锋,提供了良好的性能和友好的用户GUI。
OpenVPN 2.3.5发布。2014-10-29 因为众所周知的原因,OpenVPN主站(openvpn.net)被墙了.上一个版本是2014-05-02的2.3.4 .此版本主要修正了和windows tap-windows6驱动不兼容的问题及其他的一些小Bug修正和增强。遗留产品线2.1.4/2.2.2。
OpenVPN 是一个基于 OpenSSL 库的应用层 VPN 实现。和传统 VPN 相比,它的优点是简单易用。
VPN直译就是虚拟专用通道,是提供给企业之间或者个人与公司之间安全数据传输的隧道,OpenVPN无疑是Linux下开源VPN的先锋,提供了良好的性能和友好的用户GUI。
OpenVPN 允许参与建立VPN的单点使用共享金钥,电子证书,或者用户名/密码来进行身份验证。它大量使用了OpenSSL加密库中的SSLv3/TLSv1 协议函式库。目前OpenVPN能在Solaris、Linux、OpenBSD、FreeBSD、NetBSD、Mac OS X与Windows 2000/XP/Vista上运行,并包含了许多安全性的功能。它并不是一个基于Web的VPN软件,也不与IPsec及其他VPN软件包兼容。
OpenVPN使用OpenSSL库加密数据与控制信息:它使用了OpenSSL的加密以及验证功能,意味着,它能够使用任何OpenSSL支持的算法。它提供了可选的数据包HMAC功能以提高连接的安全性。此外,OpenSSL的硬件加速也能提高它的性能。
完全改进:
This release fixes a serious interoperability issue with OpenVPN and the tap-windows6 driver. In addition a fair number of other bug fixes and small enhancements are included.
Andris Kalnozols (2): Fix some typos in the man page. Do not upcase x509-username-field for mixed-case arguments. Arne Schwabe (1): Fix server routes not working in topology subnet with --server [v3] David Sommerseth (4): Improve error reporting on file access to --client-config-dir and --ccd-exclusive Don't let openvpn_popen() keep zombies around Add systemd unit file for OpenVPN systemd: Use systemd functions to consider systemd availability Gert Doering (4): Drop incoming fe80:: packets silently now. Fix t_lpback.sh platform-dependent failures Call init script helpers with explicit path (./) Preparing for release v2.3.5 (ChangeLog, version.m4) Heiko Hund (1): refine assertion to allow other modes than CBC Hubert Kario (2): ocsp_check - signature verification and cert staus results are separate ocsp_check - double check if ocsp didn't report any errors in execution James Bekkema (1): Fix socket-flag/TCP_NODELAY on Mac OS X James Yonan (6): Fixed several instances of declarations after statements. In socket.c, fixed issue where uninitialized value (err) is being passed to to gai_strerror. Explicitly cast the third parameter of setsockopt to const void * to avoid warning. MSVC 2008 doesn't support dimensioning an array with a const var nor using %z as a printf format specifier. Define PATH_SEPARATOR for MSVC builds. Fixed some compile issues with show_library_versions() Jann Horn (1): Remove quadratic complexity from openvpn_base64_decode() Mike Gilbert (1): Add configure check for the path to systemd-ask-password Philipp Hagemeister (2): Add topology in sample server configuration file Implement on-link route adding for iproute2 Samuel Thibault (1): Ensure that client-connect files are always deleted Steffan Karger (13): Remove function without effect (cipher_ok() always returned true). Remove unneeded wrapper functions in crypto_openssl.c Fix bug that incorrectly refuses oid representation eku's in polar builds Update README.polarssl Rename ALLOW_NON_CBC_CIPHERS to ENABLE_OFB_CFB_MODE, and add to configure. Add proper check for crypto modes (CBC or OFB/CFB) Improve --show-ciphers to show if a cipher can be used in static key mode Extend t_lpback tests to test all ciphers reported by --show-ciphers Don't exit daemon if opening or parsing the CRL fails. Fix typo in cipher_kt_mode_{cbc, ofb_cfb}() doxygen. Fix regression with password protected private keys (polarssl) ssl_polarssl.c: fix includes and make casts explicit Remove unused variables from ssl_verify_openssl.c extract_x509_extension() TDivine (1): Fix "code=995" bug with windows NDIS6 tap driver.
下载 http://fossies.org/linux/misc/openvpn-2.3.5.tar.gz