a security check to ensure that untrusted content pasted into
multiline config file directives such as:
<cert>
. . .
</cert>
doesn't try to break out of the pseudo-XML block
by inserting its own </cert>.
* rename BOOST_NOEXCEPT to noexcept
* verify that certain classes are noexcept move constructable
including Option, Buffer, BufferAllocated, RunContext::Thread
* Make use of C++11 move semantics for optimization, especially
where std::vector<Option> is pushed onto OptionList.
* Fixed bug in Option::render() where arguments would be
printed without any delimiter if RENDER_BRACKET flag was
absent.
* Added parse_from_peer_info() method, for parsing peer info
string received from client.
Ported iOS client and OpenVPN 3 core to ARM-64.
Now building a "fat binary" with Xcode 5.0.1 that
targets arm7, arm7s, and arm64.
Outstanding issues:
* IPv6 doesn't route through tunnel on iOS7
* Client doesn't install on iOS 5.1.1.
unrecognized, ignored, or unused.
This behavior is somewhat different (by design) to 2.x branch, which
will raise a fatal exception if an unrecognized option is
encountered.
where if more than one instance of an option exists, and
a single instance of the option is required, use the last
instance. Previously we would raise an exception in this case.
Android: 1.1.9 build 31
* Reverted key-direction back to a default of 1.
* Raise fatal error if "fragment" option is used.
* Made TunBuilderCapture more useful as a base class for
tun construction on various platforms.
* Added disableClientCert flag at ovpncli.hpp API.
* Updated help FAQ with more details on how to
properly set key-direction, and notes about
possible network disconnect during voice calls.
"reneg-sec"), where if period is 0, we must treat it as essentially
infinite. This fixes the issue where "reneg-sec 0" was causing an
infinite connect loop.
Refactored number.hpp to provide all reasonable number-parsing
functionality, so that typeinfo.hpp can be retired.
* VoD profiles can be defined using the iPhone Configuration utility:
1. Connection Type should be set to Custom SSL
2. Identifier should be set to net.openvpn.OpenVPN-Connect.vpnplugin
3. Server can be set to a hostname, or "DEFAULT" to use the
hostname(s) from the OpenVPN configuration.
4. User Authentication should be set to Certificate, and the client
certificate+key should be attached as a PKCS#12 file.
5. VPN On Demand should be enabled and match entries should be
defined.
In addition, the OpenVPN client configuration file may be defined
via key/value pairs:
1. VoD requires an autologin profile.
2. Define each OpenVPN directive as a key, with arguments
specified as the value.
3. For Access server meta-directives such as
OVPN_ACCESS_SERVER_USERNAME, remove the "OVPN_ACCESS_SERVER_"
prefix, giving USERNAME as the directive.
4. If no arguments are present, use "NOARGS" as the value.
5. If multiple instances of the same directive are present,
number the directives in the order they should be processed by
appending .<n> to the directive, where n is an integer,
such as remote.1 or remote.2
6. For multi-line directives such as <ca> and <tls-auth>, you must
convert the multi-line argument to a single line by specifying
line breaks as \n -- also note that because of
this escaping model, you must use \\ to pass backslash itself.
* VoD profiles are recognized and listed by the app.
* The app can disconnect but not connect a VoD profile.
* Most app-level functionality such as logging and preferences
work correctly for VoD profiles.
Core changes:
* Added support for key-direction parameter in core.
* Fix attempt for java.lang.NullPointerException in
net.openvpn.openvpn.OpenVPNService.onStartCommand(OpenVPNService.java:838)
* Allow non-unified profiles (i.e. profiles containing directives that
reference other files) to be imported from SD card, as long
as all referenced files are present in the same directory on the
SD card as the profile.
* Relaxed parsing of "remote" directive to allow the port and/or
protocol parameters to be omitted. The port defaults to 1194
and the protocol to UDP. Either defaults can be changed with
the "port" or "proto" directive.
* Fixed issue where profile parser was choking on files containing
Windows-style line-endings.
Implemented IPv6 in iOS client.
Added new flags to redirect-gateway to control whether redirection
occurs at IPv4 or IPv6 levels (or both):
* ipv4 (default)
* !ipv4
* ipv6
* !ipv6
Added new directive "redirect-dns yes|no". If yes, all DNS requests
will be forwarded through pushed DNS servers. If no, only DNS
requests that match domains enumerated in "dhcp-option DOMAIN"
directives will be forwarded. If redirect-dns is omitted, it will
default to yes if redirect-gateway is specified at the IPv4 level
(this is the normal pre-existing behavior).
Allow the following aggregated options that are normally pushed by
the server to be defined in the config file as well. These options
will be combined with server-pushed options:
* route
* route-ipv6
* redirect-gateway
* redirect-private
* dhcp-option
Allow the following singleton options (i.e. options that don't
aggregate), that are normally pushed, to be defined in the config
file (note that server-pushed singleton options will override the
config file setting):
* redirect-dns
The Connection Details section of the UI now displays VPN IP
addresses for IPv4 and IPv6.
Added new pushable option "client-ip IP_ADDR" that can be pushed
by the server with the client's IP address as seen by the server.
The client will then show the address in the Connection Details
section of the UI.
array instead of concatenated string, and to resolve issue on OS X
where signals were being ignored after system() was called.
C++ iterators incremented in a for statement should usually use
a preincrement syntax.
