for different ARM platforms:
1. armeabi
2. armeabi-v7a
Android build script will package both versions of libovpncli.so
in the .apk, where the correct version should be automatically
chosen by Android on install.
multiple addresses will be treated as if each address was an
individual remote directive.
Fixed issue where UDP transport driver was calling socket
connect method synchronously. This can cause exceptions
to be thrown in corner cases, such as "No route to host"
on OSX/iOS for connections to IPv6 addresses when no default
IPv6 route exists on system. Refactoring UDP connect
operation to be asychronous fixes the issue.
Implemented remote-random.
1. route all DNS requests through pushed DNS server if no added
search domains.
2. route selected DNS requests through pushed DNS server if at
least one added search domain.
On Android, apparently there is no selective DNS routing, so all
DNS requests will be routed through pushed DNS server, if at least
one exists.
With redirect-gateway on both platforms, all DNS requests are always
routed through the VPN.
Android: 1.1.9 build 31
* Reverted key-direction back to a default of 1.
* Raise fatal error if "fragment" option is used.
* Made TunBuilderCapture more useful as a base class for
tun construction on various platforms.
* Added disableClientCert flag at ovpncli.hpp API.
* Updated help FAQ with more details on how to
properly set key-direction, and notes about
possible network disconnect during voice calls.
* VoD profiles can be defined using the iPhone Configuration utility:
1. Connection Type should be set to Custom SSL
2. Identifier should be set to net.openvpn.OpenVPN-Connect.vpnplugin
3. Server can be set to a hostname, or "DEFAULT" to use the
hostname(s) from the OpenVPN configuration.
4. User Authentication should be set to Certificate, and the client
certificate+key should be attached as a PKCS#12 file.
5. VPN On Demand should be enabled and match entries should be
defined.
In addition, the OpenVPN client configuration file may be defined
via key/value pairs:
1. VoD requires an autologin profile.
2. Define each OpenVPN directive as a key, with arguments
specified as the value.
3. For Access server meta-directives such as
OVPN_ACCESS_SERVER_USERNAME, remove the "OVPN_ACCESS_SERVER_"
prefix, giving USERNAME as the directive.
4. If no arguments are present, use "NOARGS" as the value.
5. If multiple instances of the same directive are present,
number the directives in the order they should be processed by
appending .<n> to the directive, where n is an integer,
such as remote.1 or remote.2
6. For multi-line directives such as <ca> and <tls-auth>, you must
convert the multi-line argument to a single line by specifying
line breaks as \n -- also note that because of
this escaping model, you must use \\ to pass backslash itself.
* VoD profiles are recognized and listed by the app.
* The app can disconnect but not connect a VoD profile.
* Most app-level functionality such as logging and preferences
work correctly for VoD profiles.
Core changes:
* Added support for key-direction parameter in core.
* Implement a simple DNS cache to work around issue with
Seamless Tunnel -- When Seamless Tunnel is enabled,
reconnections are unable to send DNS requests because
the internet is blocked. This fix caches the IP address
used for the initial connection, then reuses it
over the lifetime of the Seamless Tunnel.
* Try to ensure that connections properly pause on device
sleep (when sleep on screen blanking is NOT enabled) so
that they will survive until wakeup.
iOS:
* Don't choke on foreign profiles (such as VPN On Demand) that are
imported onto the device but lack critical info such as a
config file.
* Fixed core segfault that would occur if external_pki_cert_request
returned an error status.
* More robust handling of External PKI alias invalidation.
* Minor fixes to allow jellybean_hack.cpp to build in
debug mode.
* Fix attempt for java.lang.NullPointerException in
net.openvpn.openvpn.OpenVPNService.onStartCommand(OpenVPNService.java:838)
* Allow non-unified profiles (i.e. profiles containing directives that
reference other files) to be imported from SD card, as long
as all referenced files are present in the same directory on the
SD card as the profile.
* Relaxed parsing of "remote" directive to allow the port and/or
protocol parameters to be omitted. The port defaults to 1194
and the protocol to UDP. Either defaults can be changed with
the "port" or "proto" directive.
* Fixed issue where profile parser was choking on files containing
Windows-style line-endings.
Versioning:
iOS -- 1.0 Beta 23
Android -- 1.1.0 (build 6)
Both clients:
* Bundled IPv6 test profile as provided by Gert Doering.
Modified iOS beta testing notes with info on this profile.
* Fixed issue where profile import might fail if profile
filename ended in .OVPN (i.e. all-caps extension).
Android client:
* General UI cleanup:
1. Added status icon,
2. eliminated long "Connected" line that wrapped badly on
phone-sized devices,
3. reorganized connection details,
4. include all stats that are provided by the core,
including "last packet received n seconds ago".
* Fixed issue where importing profiles via web browser would not
ultimately land on the OpenVPN main page after import completion.
* Added profile rename (select via long-touch on profile name).
* Added "Auto Keyboard" preference similar to iOS.
* Turn on full compression by default (can be modified via
a preference), just as it is for iOS.
* Disable spell-checker on all input fields.
* Wait a maximum of 5 seconds (formerly 3) after Disconnect button
press before abandoning core thread.
* Added versionName and versionCode to AndroidManifest.xml for
Google play submission.
* Revamped OpenVPNService event model for profile management events,
to fix some corner-case issues.
Android API changes:
This release includes some minor changes to the OpenVPN Service API:
1. Added enable_trust_error_dialog boolean parameter to
OpenVPNClientBase.importProfileRemote. This should be set to false
for Private Tunnel client.
2. Changed the way that profile import events signal back to the UI
layer. OpenVPNClientBase.get_priority_profile_name has been
removed, and profile signaling events are now performed completely
via the standard event stream.
Implemented IPv6 in iOS client.
Added new flags to redirect-gateway to control whether redirection
occurs at IPv4 or IPv6 levels (or both):
* ipv4 (default)
* !ipv4
* ipv6
* !ipv6
Added new directive "redirect-dns yes|no". If yes, all DNS requests
will be forwarded through pushed DNS servers. If no, only DNS
requests that match domains enumerated in "dhcp-option DOMAIN"
directives will be forwarded. If redirect-dns is omitted, it will
default to yes if redirect-gateway is specified at the IPv4 level
(this is the normal pre-existing behavior).
Allow the following aggregated options that are normally pushed by
the server to be defined in the config file as well. These options
will be combined with server-pushed options:
* route
* route-ipv6
* redirect-gateway
* redirect-private
* dhcp-option
Allow the following singleton options (i.e. options that don't
aggregate), that are normally pushed, to be defined in the config
file (note that server-pushed singleton options will override the
config file setting):
* redirect-dns
The Connection Details section of the UI now displays VPN IP
addresses for IPv4 and IPv6.
Added new pushable option "client-ip IP_ADDR" that can be pushed
by the server with the client's IP address as seen by the server.
The client will then show the address in the Connection Details
section of the UI.
used as both client and server implementation.
Added DH support to PolarSSL.
Added CLIENT_NO_RENEG and SERVER_NO_RENEG flags to test code
in proto.cpp to allow scenarios to be tested where either
the server, client, or both initiate renegotiation.
Updated test/ovpncli/cli.cpp with new command line options
and will now run on Mac OS X.
Updated Android and iOS build systems to no longer include
any LZO support, and to include Snappy support instead.
organization.
Added scripts under scripts/linux for building dependent
libraries.
Added test/ovpncli/cli.cpp to provide a command line client that
exercises ovpncli.hpp API and can be built via build script.
PT=1 ./build-android-polar
from ovpn3/javacli directory.
Turned off inclusion of standard LZO library, but
LZOAsym is now active for downlink decompression.
yes -- support compression on both uplink and downlink
asym -- support compression on downlink only
no (default) -- no compression (stubs only)
Added our own internal LZO decompressor, which is enabled when
HAVE_LZO is undefined and the standard LZO library is not linked.
This allows clients to support LZO in downlink mode only
if the library isn't available.
Android version: 1.1 beta 1
More alignment of iOS and Android clients:
* Normalized building of dependencies for Android and iOS:
This build adds some new library dependencies:
The library versions required are enumerated in
ovpn3/lib-versions, currently:
export BOOST_VERSION=boost_1_51_0
export OPENSSL_VERSION=openssl-1.0.1c
export POLARSSL_VERSION=polarssl-1.1.4
export LZO_VERSION=lzo-2.06
To build, first mkdir ~/src/android and ~/src/mac if they don't
already exist. Set the env var O3 to point to the ovpn3 dir,
usually ~/src/ovpn3.
Build on iOS:
[set PATH to include NDK]
cd ~/src/android
$O3/scripts/android/build-boost
$O3/scripts/android/build-minicrypto
$O3/scripts/android/build-polarssl
$O3/scripts/android/build-lzo
Build on Android:
[set PATH to include NDK]
cd ~/src/android
$O3/scripts/android/build-boost
$O3/scripts/android/build-minicrypto
$O3/scripts/android/build-polarssl
$O3/scripts/android/build-lzo
* Integrated Minicrypto library (an assembly language library
of low-level crypto functions adapted from OpenSSL).
* Added LZO compression with a preference/settings item
to enable or disable.
* Added special compression handling to support older servers
that ignore compression handshake -- this will handle receiving
compressed packets even if we didn't ask for them.
* Normalized profile naming conventions.
iOS changes:
* Log tunnel performance stats immediately on disconnection
of tunnel.
Android changes:
* Client now supports loading profiles as attachments
opened from other apps.
* Added Import Private Tunnel menu item, however current
Private Tunnel download page needs to be adapted to fit
requirements of Android download manager.
* Enter key should advance to the next input field,
or connect if entered from the last field.
* Import from Access Server now provides the option to
download autologin vs. userlogin profiles.
* "About" page now shows copyright text for included
libraries/content (except for LZO and PolarSSL
which will presumably be commercially licensed).
connect intent to service when already connected.
One of the ramifications of the "hot connect" fix above is that
OpenVPNClientBase.is_active() will now return a value that is
instantaneously up-to-date, whereas events might lag because
of the mechanics of inter-thread message posting. Keep this in
mind when correlating received events to is_active() values.
For C++ core threads, increased allowed thread-stop delay to 2.5
seconds before thread is marked as unresponsive and abandoned.
Previous delay was 1 second. This delay can't be made too long,
otherwise Android will tell the user that the app is unresponsive
and invite them to kill it.
When closing out an abandoned core thread, indicate this condition
with a new event type called CORE_THREAD_ABANDONED. If the thread
is abandoned due to lack of response to a disconnect request, then
the CORE_THREAD_ABANDONED event will occur followed by
CORE_THREAD_INACTIVE. For core threads that properly exit,
the DISCONNECTED event will be followed by CORE_THREAD_INACTIVE.
Added save_as_filename parameter to importProfileRemote method for
controlling the filename that the imported profile is saved as.
This parameter may be set to null to have the method choose an
appropriate name. To have an imported profile replace an existing
profile, the filenames much match.
Added UI_OVERLOADED debugging constant to OpenVPNClient to allow
the UI to connect to a profile when already connected to another
profile in order to test "hot connect".
Added new events CLIENT_HALT and CLIENT_RESTART for compatibility
with an Access Server feature that allows the server to remotely
kill or restart the client.
When connecting a profile, the core will now automatically fill in
the username if it is not specified for userlocked profiles.
Version 0.902.
build process, one for core and one for java wrapper.
This is so that different optimization flags can be applied
to each step. In particular, the wrapper needs
-fno-strict-aliasing, but the core does not.
* clear_auth() now clears username field.
* OpenSSL impl in core now logs TLS handshake details.
* Added build-openssl-small to build a trimmed-down version
of OpenSSL.
* Added beta expiration capability. Current expiration is May 1, 2012.
* Fixed issue where closing the OpenVPNClient activity would sometimes
wrongly shut down the service.
* Moved additional methods from OpenVPNClient into OpenVPNClientBase.
* Implemented connection timeout.
* Implemented show raw stats page.
* Work around issue where sometimes core doesn't stop when
stop() method is called, because of delays in canceling
Asio DNS resolution thread.
Refactored some of the base Activity stuff into
OpenVPNClientBase.java.
Clients sending intents to OpenVPNService should use
OpenVPNService.INTENT_PREFIX as a key prefix when
calling putExtra.
* Multi-profile support.
* UI now only shows required fields for each profile.
* Added support for server field.
* Added support for static challenge/response.
* Persist profile/server settings to preferences store.
