@dpb587 dpb587 released this Dec 22, 2018 · 1 commit to master since this release

Assets 2

Upgrades

Development

  • pipeline/automation improvements
  • switch to terraform resource and credential management

@dpb587 dpb587 released this Jul 9, 2018 · 13 commits to master since this release

Assets 2

Upgrades

Development

@dpb587 dpb587 released this Apr 11, 2018

Assets 2

Breaking Changes

  • the openvpn job will now always push the compress property to clients, when configured (push_compress property has been removed)

New Features

  • the compress algorithm will now, by default, be automatically determined based on client compatibility (this adds implicit support for older, 2.3 clients)
  • the openvpn-client job can now be configured with a static username and password

Upgrades

  • openvpn 2.4.5 (was 2.4.4)
  • openssl 1.1.0h (was 1.1.0g)

Development

  • add job template testing
  • move artifacts into a separate artifacts branch
  • add dev/beta/rc/stable channels for external consumption

@dpb587 dpb587 released this Feb 13, 2018

Assets 2
  • fix: client config directories cannot be used on stemcells v3541+

@dpb587 dpb587 released this Dec 11, 2017

Assets 2
  • fix: openvpn should use embedded release version of openssl rather than system version
  • enhancement: parallelize compilation steps to use all available CPUs
  • upgrade: openssl/1.0.1g (was 1.0.1f)

@dpb587 dpb587 released this Oct 1, 2017

Assets 2
  • add openvpn-clients job to support running multiple clients with raw openvpn configuration files
  • upgrade: openssl/1.0.1f (was 1.0.1e)
  • upgrade: openvpn/2.4.4 (was 2.4.3)

@dpb587 dpb587 released this Jun 28, 2017 · 121 commits to master since this release

Assets 2

Please review these changes carefully - many properties and defaults have changed which may impact connectivity. While breaking changes are generally avoided, the goals of this release necessitated some significant changes. Those goals were: utilize modern BOSH features, encourage secure defaults, avoid duplicating features, and simplify configuration requirements.

Breaking Changes

  • properties are no longer prefixed with openvpn namespace
  • the openvpn job will no longer act as a client (see the new openvpn-client job)
  • the openvpn job improves security defaults (either explicitly use older values, or upgrade clients as necessary)
    • cipher is now AES-256-CBC (this must be in sync with clients; previous default BF-CBC)
    • tls_version_min is now 1.2 (requires clients 2.3.3+; previous default 1.0)
  • custom iptables rules are no longer managed (use the iptables job of networking release instead)
  • server and client certificates are now configured with the tls_server and tls_client properties, respectively (previously via ca_crt, certificate, and private_key properties)
  • certificate revocation lists for openvpn are now configured with the tls_crl property (previously via crl_pem property)

New Features

  • UDP is now supported (see protocol property of openvpn)
  • the openvpn compress option is now supported (see compress property of openvpn)
  • the openvpn tls-crypt option is now supported (see tls_crypt property of openvpn)
  • new extra_configs property of openvpn and openvpn-client (similar to extra_config, but accepts an array of openvpn directives)
  • new device property is now supported for explicit virtual network device usage
  • certificate-related properties can now be dynamically generated

Development & Tooling

  • git version tags now refer to the commit a release was created from (previously the commit which finalized the release was used)

@dpb587 dpb587 released this Jun 12, 2017 · 167 commits to master since this release

Assets 2

No changes (release automation changes only)

@dpb587 dpb587 released this Jun 8, 2017

Assets 2
  • support pushing DNS servers via openvpn.push_dns
  • support pushing DNS search domains via openvpn.push_dns_search_domains