Difuse/packages
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
packages/net/openvpn/Config-openssl.in
Magnus Kroken 2e55fc8b2d
openvpn: update to 2.5.0 
New features:
* Per client tls-crypt keys
* ChaCha20-Poly1305 can be used to encrypt the data channel
* Routes are added/removed via Netlink instead of ifconfig/route
  (unless iproute2 support is enabled).
* VLAN support when using a TAP device

Significant changes:
* Server support can no longer be disabled.
* Crypto support can no longer be disabled, remove nossl variant.
* Blowfish (BF-CBC) is no longer implicitly the default cipher.
  OpenVPN peers prior to 2.4, or peers with data cipher negotiation
  disabled, will not be able to connect to a 2.5 peer unless
  option data_fallback_ciphers is set on the 2.5 peer and it contains a
  cipher supported by the client.

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2020-12-01 13:03:51 -08:00

58 lines
1.3 KiB
Text
Raw Blame History

if PACKAGE_openvpn-openssl
config OPENVPN_openssl_ENABLE_LZO
bool "Enable LZO compression support"
default y
config OPENVPN_openssl_ENABLE_LZ4
bool "Enable LZ4 compression support"
default y
config OPENVPN_openssl_ENABLE_X509_ALT_USERNAME
bool "Enable the --x509-username-field feature"
default n
#config OPENVPN_openssl_ENABLE_EUREPHIA
# bool "Enable support for the eurephia plug-in"
# default n
config OPENVPN_openssl_ENABLE_MANAGEMENT
bool "Enable management server support"
default n
#config OPENVPN_openssl_ENABLE_PKCS11
# bool "Enable pkcs11 support"
# default n
config OPENVPN_openssl_ENABLE_FRAGMENT
bool "Enable internal fragmentation support (--fragment)"
default y
config OPENVPN_openssl_ENABLE_MULTIHOME
bool "Enable multi-homed UDP server support (--multihome)"
default y
config OPENVPN_openssl_ENABLE_PORT_SHARE
bool "Enable TCP server port-share support (--port-share)"
default y
config OPENVPN_openssl_ENABLE_DEF_AUTH
bool "Enable deferred authentication"
default y
config OPENVPN_openssl_ENABLE_PF
bool "Enable internal packet filter"
default y
config OPENVPN_openssl_ENABLE_IPROUTE2
bool "Enable support for iproute2"
default n
config OPENVPN_openssl_ENABLE_SMALL
bool "Enable size optimization"
default y
help
enable smaller executable size (disable OCC, usage
message, and verb 4 parm list)
endif
Reference in a new issue View git blame Copy permalink