﻿Changes for package: OPENVPN
===============================================================================
$Id: openvpn.txt 44543 2016-02-16 12:47:00Z kristov $
===============================================================================

2.1.5:
------
07.12.2003 babel
    - first release

2.1.6:
------
07.03.2004 babel
    - document updates
    - openvpn checks are more stricter
    
2.1.7:
------
25.04.2004 babel
    - add isdn raw up/down support
    - add OPENVPN_x_ISDN_CIRC_NAME
    - add OPENVPN_x_PROTOCOL
    
2.1.8:
------
xx.xx.2004 babel
    - rewrote large parts of rc900.openvpn
    - extended the openvpn check script to catch common
      user misconfigurations
    - add several new options:
      OPENVPN_x_SHAPER shapes outgoing traffic 
      OPENVPN_x_ACTIV disable this openvpn configuration
      OPENVPN_x_CHECK_CONFIG disable configuration check
      OPENVPN_x_MSSFIX, OPENVPN_x_FRAGMENT and OPENVPN_x_LINK_MTU allow
      setting of different link related network settings
    - update OpenVPN to 1.6
    - add packetfilter lists to openvpn. This allows to specify
      packetfilter rules to individual vpns.

2.1.9:
------
xx.xx.2004 babel
    - update OpenVPN to 2.0rc7
    - add root-down plugin, openvpn now runs again with uid
      nobody in an empty chroot
    - remove paketfilter rules if a openvpn process is
      terminated
    - change link_mtu, mssfix and fragment settings as
      recommended, turn on mtu path discovery
    - removed some configuration options like 
      OPENVPN_DEFAULT_PACKETFILTER and
      OPENVPN_x_PACKETFILTER
    - allow logging of OpenVPN packetfilter

2.1.10:
-------
09.06.2005 hh
    - New Web-GUI
09.06.2005 babel
    - update OpenVPN to 2.01rc2
    - add MUTE_REPLAY_WARNINGS option
    - add POLICY support
    
2.1.12:
-------
30.10.2005 babel
    - update to OpenVPN 2.0.2
02.11.2005 babel    
    - update OpenVPN to 2.0.4 (security bugfix)
13.11.2005 babel
    - split vpn paket in the two independed packages
      cipe and openvpn

2.1.13
------
02.12.2005 babel
    - update to OpenvPN 2.0.5
    - add chain in-ovpn-ports for all ports that openvpn
      will listen to
    - rename paketfilterchains to follow fli4l standard

3.0.0:
------
18.12.2005 babel
    - add PRE/POSTROUTING support

3.0.1:
------
06.01.2006 babel
    - fix REMOTE-NET, LOCAL-VPN-IP and REMOTE-VPN-IP regex
    - reformat rc900.openvpn
    - optimize rc900.openvpn to avoid if calls, use case instead
      if possible
21.02.2006 helhum
    - remove NAT rules on OpenVPN connection shutdown
    - fix parsing for config names like net-sven and sven

3.1.0:
------
23.06.2006 hh
    - update to OpenVPN 2.0.7

3.1.1:
------
11.07.2006 hh
	- fix bug in fwrules generation (reported by Kai Pape)
14.08.2006 witchdoc
    - fix bug in build when defining a default route with kernel 2.6
21.08.2006 hh
    - add skinning support for vpn-gui

3.1.2:
------
21.11.2006 helhum
    - add required netfilter targets
14.03.2007 babel
    - change defaults if someone is using OPENVPN_REMOTE_HOSTS_N
2007
    - renamed packet filter variables (for instance INPUT_LIST_N -> PF_INPUT_N)
    - use ip instead of ifconfig
    - removed debug code from openvpn daemon
    - handle new naming scheme of portfw files
    - update openvpn to 2.0.9

3.1.3:
------
04.06.07 witchdoc
    - enable client/server support (--mode server + client mode)
09.08.07 babel
    - use openvpn 2.1rc4 with fli4l specific patch to allow redirect gateway
      even is the default gw is routed with a pppoe device
2007-08-19 hh
    - fall back to openvpn 2.0.9 due to problems with the shaper
2007-09-13 babel
    - recompile 2.0.9 binaries to make default route via vpn working again.

3.1.4:
------
2007-12-10 hh
    - change sec_action from "show" to "view", to unify security section naming with other cgi scripts and 
      therefore do not hide menu entry, for users which only have rights to show/view ovpn status

3.3.0:
------
2008-04-15 jw5
    - introduce dmz type for openvpn connections to allow specification of openvpn tunnels as green networks
2008-05-26 babel
    - enhance default route handling a lot (and fixing some old bugs).
2008-09-12 bastard
    - introduce expert-mode
2008-10-24 babel
    - expert-mode is now optional

3.3.1:
------
2008-12-20 lanspezi
    - add dns and rdns delegation for tunnels
      OPENVPN_x_DNSIP, OPENVPN_x_DOMAIN set dns and rdns for the complete tunnel
      OPENVPN_x_DNSIP_y, OPENVPN_x_DOMAIN_y set dns and rdns settings for each OPENVPN_x_ROUTE_y


3.3.2:
------
2009-04-13 tobig
    - allow tun-devices in firewall config when using expert mode

3.4.1:
------
2009-05-25 babel
    - update openvpn binaries to 2.1_rc16
2009-05-26 babel
    - start every tunnel with hold state and release the hold within ip-up
    - remove chroot and drop user privileges
2009-06-10 babel
    - update openvpn binaries to 2.1_rc18

3.5.0:
------
2009-07-30 babel
    - update openvpn binaries to 2.1_rc19 and remove different openvpn builds. We now use a full build for everything.
    - change behaviour of persist-remote-ip to be off if opt_dyndns isn't used.
2009-11-16 babel
    - update openvpn binaries to 2.1_rc21.
    - add openvpn 2.0.9 binaries with current managment patches as openvpn-oldstable. Thanks to Frank Rudolph and some
      fli4l svn "bisecting" we narrow down the shaper problem to openvpn itself.
2009-12-03 babel
    - update openvpn binaries to 2.1_rc22.
    - add config option to switch between openvpn 2.0.9 and 2.1.0rcx.
2009-12-23 babel
    - update openvpn binaries to 2.1.1.
2010-02-12 babel
    - add UMTS patch from Christian Thiele <c_thiele@hussein.de>
2010-03-02 babel 
    - change POSTROUTING for VPN connections. This could break old (buggy) entries! 
2010-08-04 babel
    - add some hints to documentation for FRAGMENT option, see
      http://extern.fli4l.de/fli4l_newsportal/article.php?id=200166&group=spline.fli4l#200166
2010-08-16 babel
    - update openvpn to 2.1.2
2010-09-27 babel
    - update openvpn to 2.1.3

3.6.0:
------
2011-04-29
    - release of stable version

3.6.1:
------
2011-07-27 babel
    - warn if shapping is used, shapping causes all kinds of trouble sometimes.
2011-09-28 babel
    - update to openvpn 2.2.1

3.7.0:
------
2012-01-04 babel
    - update to openvpn 2.2.2
2012-03-31 kristov
    - moving ahead to new uClibc/fli4l buildroot!
    - support for OpenVPN < 2.2 dropped, OPENVPN_VERSION variable removed
2012-05-31 kristov
    - variables renamed:
      OPENVPN_%_REMOTE_HOSTS_N --> OPENVPN_%_REMOTE_HOST_N
      OPENVPN_%_DNSIP_% --> OPENVPN_%_ROUTE_%_DNSIP
      OPENVPN_%_DOMAIN_% --> OPENVPN_%_ROUTE_%_DOMAIN
2012-08-06 babel
    - allow use of cipher/digest none without secret files
2012-10-04 babel
    - shorten pre/post prefix to match regex limit for config names. avoid
      too long iptables chain names.

3.9.0:
------
2013-01-18 roland
    - bump openvpn to version 2.3.0
2013-05-12 babel
    - bump openvpn to version 2.3.1

3.10.1:
-------
FFL-236:       OpenVPN mit save_password
FFL-250:       OpenVPN startet nicht komplett, wenn der fli4l als Ethernet-Router arbeitet
FFL-256:       OpenVPN Fehlermeldungen im Bootlog
FFL-266:       Einbau von ocf-linux.
FFL-311:       OpenVPN-Upgrade auf Version 2.3.0
FFL-326:       WEB-Interface fuer OpenVPN so anpassen, dass Ansicht sortiert dargestellt werden kann
FFL-350:       openVPN für IPv6 Tunnel konfigurieren
FFL-481:       tool netcalc um ipv6 Support erweitern
FFL-482:       Openvpn soll DNS-Reverse-Lookup auch bei gerouteten IPv6 Netzen unterstützen
FFL-510:       Einbinden der Variable reneg-sec in openvpn
FFL-513:       Regeln im VPN Tunnel werden nicht richtig angelegt
FFL-531:       Update OpenVPN to 2.3.1
FFL-542:       OpenVPN stürzt bei häufigem "ovpnctrl signal SIGUSR1" ab
FFL-619:       OpenVPN Update 2.3.1 -> 2.3.2
FFL-628:       OpenVPN Prüfscript wegen Routing anpassen
FFL-630:       OpenVPN ip-up Problem mit 2.3.x
FFL-669:       OpenVPN erkennt keine VLAN-Schnittstellen für OPENVPN_x_LOCAL_HOST
FFL-766:       OpenVPN - sicherere Verwendung von persist-remote-ip
FFL-809:       Erweiterung von OpenVPN zur Unterstützung weiterer Ciphers und Auth Mechanismen
FFL-810:       Update OpenVPN auf V2.3.3
FFL-826:       Openvpn ist in Version V2.3.4 erschienen
FFL-865:       Hardwareunterstützung für Krytographie auf Alix Plattformen fehlt
FFL-905:       OCF und OpenSSL spielen neuerdings schlecht zusammen
FFL-1037:      Update Openssl auf V1.0.1j
FFL-1070:      Aktualisierung auf OpenVPN 2.3.5
FFL-1099:      Kritische DoS-Lücke in OpenVPN 2.3.x

3.10.2:
-------
(keine Änderungen)

3.10.3:
-------
FFL-1417:      OpenVPN-Upgrade auf Version 2.3.7

3.10.4:
-------
(keine Änderungen)

3.10.5:
-------
FFL-1555:      OpenSSL-Update auf Version 1.0.1q
FFL-1614:      OpenSSL-Update auf Version 1.0.1r
FFL-1628:      OpenVPN Inactivity timeout (--ping-restart)
