https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst
Faster connections
Connections setup is now much faster
Crypto specific changes
ChaCha20-Poly1305 cipher in the OpenVPN data channel (Requires OpenSSL 1.1.0 or newer)
Improved TLS 1.3 support when using OpenSSL 1.1.1 or newer
Client-specific tls-crypt keys (–tls-crypt-v2)
Improved Data channel cipher negotiation
Removal of BF-CBC support in default configuration (see below for possible incompatibilities)
Server-side improvements
HMAC based auth-token support for seamless reconnects to standalone servers or a group of servers.
Asynchronous (deferred) authentication support for auth-pam plugin
Asynchronous (deferred) support for client-connect scripts and plugins
Network-related changes
Support IPv4 configs with /31 netmasks now
802.1q VLAN support on TAP servers
IPv6-only tunnels
New option –block-ipv6 to reject all IPv6 packets (ICMPv6)
Linux-specific features
VRF support
Netlink integration (OpenVPN no longer needs to execute ifconfig/route or ip commands)
Windows-specific features
Wintun driver support, a faster alternative to tap-windows6
Setting tun/tap interface MTU
Setting DHCP search domain
Allow unicode search string in –cryptoapicert option
EasyRSA3, a modern take on OpenVPN CA management
MSI installer
No comments:
Post a Comment