NameDateSize

..16-Mar-201612 KiB

.gitattributes29-Dec-201295

.gitignore07-Aug-2015707

.mailmap29-Dec-201288

.svncommitters29-Dec-201240

AUTHORS29-Dec-201228

build/29-Dec-20124 KiB

ChangeLog29-Dec-2012164.9 KiB

Changes.rst30-Nov-20152.8 KiB

compat.m429-Dec-20122.2 KiB

config-msvc-version.h.in29-Dec-2012498

config-msvc.h12-Oct-20152.8 KiB

configure.ac30-Nov-201533.1 KiB

contrib/17-Apr-20154 KiB

CONTRIBUTING.rst12-Oct-20151.3 KiB

COPYING29-Dec-20129.3 KiB

COPYRIGHT.GPL29-Dec-201217.5 KiB

debug/29-Dec-20124 KiB

distro/03-Dec-20144 KiB

doc/15-Dec-20154 KiB

include/07-Aug-20154 KiB

INSTALL23-Nov-201312.2 KiB

INSTALL-win32.txt04-Feb-20132.5 KiB

m4/29-Dec-20124 KiB

Makefile.am22-Apr-20143.3 KiB

msvc-build.bat29-Dec-2012971

msvc-dev.bat29-Dec-2012400

msvc-env.bat12-Oct-20151.5 KiB

NEWS29-Dec-20120

PORTS29-Dec-20123.8 KiB

README04-Feb-20132 KiB

README.ec28-Apr-20141.7 KiB

README.IPv610-Jan-20141.8 KiB

README.polarssl25-Jun-2014789

sample/29-Dec-20124 KiB

src/29-Dec-20124 KiB

tests/03-Dec-20144 KiB

TODO.IPv610-Jan-20147.5 KiB

version.m407-Aug-2015663

version.sh.in29-Dec-2012156

README

1OpenVPN -- A Secure tunneling daemon
2
3Copyright (C) 2002-2010 OpenVPN Technologies, Inc. This program is free software;
4you can redistribute it and/or modify
5it under the terms of the GNU General Public License version 2
6as published by the Free Software Foundation.
7
8*************************************************************************
9
10For the latest version of OpenVPN, go to:
11
12	http://openvpn.net/
13
14To Build and Install,
15
16	./configure
17	make
18	make install
19
20or see the file INSTALL for more info.
21
22*************************************************************************
23
24For detailed information on OpenVPN, including examples, see the man page
25  http://openvpn.net/man.html
26
27For a sample VPN configuration, see
28  http://openvpn.net/howto.html
29
30For a description of OpenVPN's underlying protocol,
31  see the file ssl.h included in the source distribution.
32
33*************************************************************************
34
35Other Files & Directories:
36
37* INSTALL-win32.txt -- installation instructions
38  for Windows
39
40* configure.ac -- script to rebuild our configure
41  script and makefile.
42
43* sample/sample-scripts/verify-cn
44
45  A sample perl script which can be used with OpenVPN's
46  --tls-verify option to provide a customized authentication
47  test on embedded X509 certificate fields.
48
49* sample/sample-keys/
50
51  Sample RSA keys and certificates.  DON'T USE THESE FILES
52  FOR ANYTHING OTHER THAN TESTING BECAUSE THEY ARE TOTALLY INSECURE.
53
54* sample/sample-config-files/
55
56  A collection of OpenVPN config files and scripts from
57  the HOWTO at http://openvpn.net/howto.html
58
59*************************************************************************
60
61Note that easy-rsa and tap-windows are now maintained in their own subprojects.
62Their source code is available here:
63
64  https://github.com/OpenVPN/easy-rsa
65  https://github.com/OpenVPN/tap-windows
66
67The old cross-compilation environment (domake-win) and the Python-based
68buildsystem have been replaced with openvpn-build:
69
70  https://github.com/OpenVPN/openvpn-build
71
72See the INSTALL file for usage information.
73

README.ec

1Since 2.4.0, OpenVPN has official support for elliptic curve crypto. Elliptic
2curves are an alternative to RSA for asymmetric encryption.
3
4Elliptic curve crypto ('ECC') can be used for the ('TLS') control channel only
5in OpenVPN; the data channel (encrypting the actual network traffic) uses
6symmetric encryption. ECC can be used in TLS for authentication (ECDSA) and key
7exchange (ECDH).
8
9Key exchange (ECDH)
10-------------------
11OpenVPN 2.4.0 and newer automatically initialize ECDH parameters. When ECDSA is
12used for authentication, the curve used for the server certificate will be used
13for ECDH too. When autodetection fails (e.g. when using RSA certificates)
14OpenVPN lets the crypto library decide if possible, or falls back to the
15secp384r1 curve.
16
17An administrator can force an OpenVPN/OpenSSL server to use a specific curve
18using the --ecdh-curve <curvename> option with one of the curves listed as
19available by the --show-curves option. Clients will use the same curve as
20selected by the server.
21
22Note that not all curves listed by --show-curves are available for use with TLS;
23in that case connecting will fail with a 'no shared cipher' TLS error.
24
25Authentication (ECDSA)
26----------------------
27Since OpenVPN 2.4.0, using ECDSA certificates works 'out of the box'. Which
28specific curves and cipher suites are available depends on your version and
29configuration of the crypto library. The crypto library will automatically
30select a cipher suite for the TLS control channel.
31
32Support for generating an ECDSA certificate chain is available in EasyRSA (in
33spite of it's name) since EasyRSA 3.0. The parameters you're looking for are
34'--use-algo=ec' and '--curve=<curve_name>'. See the EasyRSA documentation for
35more details on generating ECDSA certificates.
36

README.IPv6

1Since 2.3.0, OpenVPN officially supports IPv6, and all widely used
2patches floating around for older versions have been integrated.
3
4IPv6 payload support
5--------------------
6
7This is for "IPv6 inside OpenVPN", with server-pushed IPv6 configuration
8on the client, and support for IPv6 configuration on the tun/tap interface
9from within the openvpn config.
10
11The code in 2.3.0 supersedes the IPv6 payload patches from Gert Doering,
12formerly located at http://www.greenie.net/ipv6/openvpn.html
13
14
15The following options have been added to handle IPv6 configuration,
16analogous to their IPv4 counterparts (--server <-> --server-ipv6, etc.)
17
18     - server-ipv6
19     - ifconfig-ipv6
20     - ifconfig-ipv6-pool
21     - ifconfig-ipv6-push
22     - route-ipv6
23     - iroute-ipv6
24
25see "man openvpn" for details how they are used.
26
27
28
29IPv6 transport support
30----------------------
31
32This is to enable OpenVPN peers or client/servers to talk to each other
33over an IPv6 network ("OpenVPN over IPv6").
34
35The code in 2.3.0 supersedes the IPv6 transport patches from JuanJo Ciarlante,
36formerly located at http://github.com/jjo/openvpn-ipv6
37
38OpenVPN 2.4.0 includes a big overhaul of the IPv6 transport patches
39originally implemented for the Android client (ics-openvpn)
40
41IPv4/IPv6 transport is automatically is selected when resolving addresses.
42Use a 6 or 4 suffix to force IPv6/IPv4:
43
44  --proto udp6
45  --proto tcp4
46  --proto tcp6-client
47  --proto tcp4-server
48  --proto tcp6 --client / --proto tcp6 --server
49
50On systems that allow IPv4 connections on IPv6 sockets
51(all systems supporting IPV6_V6ONLY setsockopt), an OpenVPN server can
52handle IPv4 connections on the IPv6 socket as well, making it a true
53dual-stacked server. Use bind ipv6only to disable this behaviour.
54
55On other systems, as of 2.3.0, you need to run separate server instances
56for IPv4 and IPv6.
57

README.polarssl

1This version of OpenVPN has PolarSSL support. To enable follow the following
2instructions:
3
4To Build and Install,
5
6	./configure --with-crypto-library=polarssl
7	make
8	make install
9
10This version depends on PolarSSL 1.3 (and requires at least 1.3.3).
11
12*************************************************************************
13
14Due to limitations in the PolarSSL library, the following features are missing
15in the PolarSSL version of OpenVPN:
16
17 * PKCS#12 file support
18 * --capath support - Loading certificate authorities from a directory
19 * Windows CryptoAPI support
20 * X.509 alternative username fields (must be "CN")
21
22Plugin/Script features:
23
24 * X.509 subject line has a different format than the OpenSSL subject line
25 * X.509 certificate export does not work
26 * X.509 certificate tracking
27