1. force_aes_cbc_ciphersuites flag will disable V2.
2. Added class CryptoDCSettings to Manage cipher/digest settings,
DC factory, and DC context. A CryptoDCSettings instance is
now declared as a member of ProtoContext::Config and is used
to define the cipher/digest pair of the config.
3. ProtoContext::Config::load now parses the "tun-mtu" directive.
Server-side changes:
1. Parse "keepalive" directive, using the same logic
as OpenVPN 2.x.
2. Added ProtoContext::init_data_channel() method for initializing
the data channel after IV_x peer info received from client.
Dusted off LZ4 implementation and enabled in iOS
and cli.cpp builds.
Tested LZ4 as well with OpenVPN 3 acting as the client,
with a hacked AS and OpenVPN 2.3 (JY) acting as the server
(see lz4hack patches).
Ported iOS client and OpenVPN 3 core to ARM-64.
Now building a "fat binary" with Xcode 5.0.1 that
targets arm7, arm7s, and arm64.
Outstanding issues:
* IPv6 doesn't route through tunnel on iOS7
* Client doesn't install on iOS 5.1.1.
functionality (including LZO-Asym) except for LZO stub:
NO_LZO -- disable all LZO functionality except for stub
HAVE_LZO -- use LZO library for compression/decompression
default -- use LZO-Asym decompressor (no compression)
Added init_process call to start of test/ovpncli/cli.cpp
yes -- support compression on both uplink and downlink
asym -- support compression on downlink only
no (default) -- no compression (stubs only)
Added our own internal LZO decompressor, which is enabled when
HAVE_LZO is undefined and the standard LZO library is not linked.
This allows clients to support LZO in downlink mode only
if the library isn't available.
Android version: 1.1 beta 1
More alignment of iOS and Android clients:
* Normalized building of dependencies for Android and iOS:
This build adds some new library dependencies:
The library versions required are enumerated in
ovpn3/lib-versions, currently:
export BOOST_VERSION=boost_1_51_0
export OPENSSL_VERSION=openssl-1.0.1c
export POLARSSL_VERSION=polarssl-1.1.4
export LZO_VERSION=lzo-2.06
To build, first mkdir ~/src/android and ~/src/mac if they don't
already exist. Set the env var O3 to point to the ovpn3 dir,
usually ~/src/ovpn3.
Build on iOS:
[set PATH to include NDK]
cd ~/src/android
$O3/scripts/android/build-boost
$O3/scripts/android/build-minicrypto
$O3/scripts/android/build-polarssl
$O3/scripts/android/build-lzo
Build on Android:
[set PATH to include NDK]
cd ~/src/android
$O3/scripts/android/build-boost
$O3/scripts/android/build-minicrypto
$O3/scripts/android/build-polarssl
$O3/scripts/android/build-lzo
* Integrated Minicrypto library (an assembly language library
of low-level crypto functions adapted from OpenSSL).
* Added LZO compression with a preference/settings item
to enable or disable.
* Added special compression handling to support older servers
that ignore compression handshake -- this will handle receiving
compressed packets even if we didn't ask for them.
* Normalized profile naming conventions.
iOS changes:
* Log tunnel performance stats immediately on disconnection
of tunnel.
Android changes:
* Client now supports loading profiles as attachments
opened from other apps.
* Added Import Private Tunnel menu item, however current
Private Tunnel download page needs to be adapted to fit
requirements of Android download manager.
* Enter key should advance to the next input field,
or connect if entered from the last field.
* Import from Access Server now provides the option to
download autologin vs. userlogin profiles.
* "About" page now shows copyright text for included
libraries/content (except for LZO and PolarSSL
which will presumably be commercially licensed).
* Added LZO compression
* Updated Boost to 1_51_0
* Cleaned up build scripts so that dependencies can be built
more easily:
cd ~/src/mac
$O3/scripts/mac/build-boost
$O3/scripts/mac/build-polarssl
$O3/scripts/mac/build-lzo
* Build scripts now build for OS X as well as iOS
general-purpose classes.
Rename ProtoStats to SessionStats and make it more flexible
by using an abstract base class model.
Add a client event queue for the beginnings of a client-backend
API.
Added logic to ProtoContext to invalidate session on certain
kinds of errors in TCP that would be normally be okay in UDP
such as HMAC_ERROR, DECRYPT_ERROR, etc.
Add some alignment adjustment logic for READ_LINK_TCP (3 bytes)
and READ_LINK_UDP (1 byte).