tun semantics, however this code has not been enabled yet on iOS
because it breaks in several ways:
1. network available/unavailable detection appears to break when
tun interface is kept alive across transport connection sessions.
2. plugin session persistence appears to fail when these lines are not
executed immediately after transport pause/resume:
VPNTunnelSetStatus(tunnelRef, kVPNTunnelStatusReasserting, 0);
VPNTunnelClearConfiguration(tunnelRef)
iOS Core change: change pause/reconnect delay to 3 seconds (from 2)
to reduce flapping.
Android: 1.1.9 build 31
* Reverted key-direction back to a default of 1.
* Raise fatal error if "fragment" option is used.
* Made TunBuilderCapture more useful as a base class for
tun construction on various platforms.
* Added disableClientCert flag at ovpncli.hpp API.
* Updated help FAQ with more details on how to
properly set key-direction, and notes about
possible network disconnect during voice calls.
"reneg-sec"), where if period is 0, we must treat it as essentially
infinite. This fixes the issue where "reneg-sec 0" was causing an
infinite connect loop.
Refactored number.hpp to provide all reasonable number-parsing
functionality, so that typeinfo.hpp can be retired.
* VoD profiles can be defined using the iPhone Configuration utility:
1. Connection Type should be set to Custom SSL
2. Identifier should be set to net.openvpn.OpenVPN-Connect.vpnplugin
3. Server can be set to a hostname, or "DEFAULT" to use the
hostname(s) from the OpenVPN configuration.
4. User Authentication should be set to Certificate, and the client
certificate+key should be attached as a PKCS#12 file.
5. VPN On Demand should be enabled and match entries should be
defined.
In addition, the OpenVPN client configuration file may be defined
via key/value pairs:
1. VoD requires an autologin profile.
2. Define each OpenVPN directive as a key, with arguments
specified as the value.
3. For Access server meta-directives such as
OVPN_ACCESS_SERVER_USERNAME, remove the "OVPN_ACCESS_SERVER_"
prefix, giving USERNAME as the directive.
4. If no arguments are present, use "NOARGS" as the value.
5. If multiple instances of the same directive are present,
number the directives in the order they should be processed by
appending .<n> to the directive, where n is an integer,
such as remote.1 or remote.2
6. For multi-line directives such as <ca> and <tls-auth>, you must
convert the multi-line argument to a single line by specifying
line breaks as \n -- also note that because of
this escaping model, you must use \\ to pass backslash itself.
* VoD profiles are recognized and listed by the app.
* The app can disconnect but not connect a VoD profile.
* Most app-level functionality such as logging and preferences
work correctly for VoD profiles.
Core changes:
* Added support for key-direction parameter in core.
* Fix attempt for java.lang.NullPointerException in
net.openvpn.openvpn.OpenVPNService.onStartCommand(OpenVPNService.java:838)
* Allow non-unified profiles (i.e. profiles containing directives that
reference other files) to be imported from SD card, as long
as all referenced files are present in the same directory on the
SD card as the profile.
* Relaxed parsing of "remote" directive to allow the port and/or
protocol parameters to be omitted. The port defaults to 1194
and the protocol to UDP. Either defaults can be changed with
the "port" or "proto" directive.
* Fixed issue where profile parser was choking on files containing
Windows-style line-endings.
Implemented IPv6 in iOS client.
Added new flags to redirect-gateway to control whether redirection
occurs at IPv4 or IPv6 levels (or both):
* ipv4 (default)
* !ipv4
* ipv6
* !ipv6
Added new directive "redirect-dns yes|no". If yes, all DNS requests
will be forwarded through pushed DNS servers. If no, only DNS
requests that match domains enumerated in "dhcp-option DOMAIN"
directives will be forwarded. If redirect-dns is omitted, it will
default to yes if redirect-gateway is specified at the IPv4 level
(this is the normal pre-existing behavior).
Allow the following aggregated options that are normally pushed by
the server to be defined in the config file as well. These options
will be combined with server-pushed options:
* route
* route-ipv6
* redirect-gateway
* redirect-private
* dhcp-option
Allow the following singleton options (i.e. options that don't
aggregate), that are normally pushed, to be defined in the config
file (note that server-pushed singleton options will override the
config file setting):
* redirect-dns
The Connection Details section of the UI now displays VPN IP
addresses for IPv4 and IPv6.
Added new pushable option "client-ip IP_ADDR" that can be pushed
by the server with the client's IP address as seen by the server.
The client will then show the address in the Connection Details
section of the UI.
array instead of concatenated string, and to resolve issue on OS X
where signals were being ignored after system() was called.
C++ iterators incremented in a for statement should usually use
a preincrement syntax.
OpenVPN 1.0 Beta 4
* Fixed issue where large profiles were hitting against a limitation
in Apple VPN API (configd[14] <Error>: VPN Controller: failed to
write to VPN control socket - msgtype: 2050). The fix is to pass the
profile to the plugin via a temporary file rather than putting the
file content into the plist.
* Added Help section toggle button.
* Added Private Tunnel import.
* Added anti-race sequencing to prevent connection request processing
until after callbacks and event stream subscriptions have been
set up.
Refactored some of the base Activity stuff into
OpenVPNClientBase.java.
Clients sending intents to OpenVPNService should use
OpenVPNService.INTENT_PREFIX as a key prefix when
calling putExtra.