Mirror of packages feed https://git.openwrt.org/feed/packages/atom?h=master 2026-03-11T13:22:41Z 2026-03-11T13:22:41Z Florian Eckert 2026-03-05T07:58:48Z urn:sha1:a5b3ecfbcf69db035175c26bcfd75a0a853e2935 This was forgotten during renameing of this option. Fixes: e026ce0f ("openvpn: handle ovpnproto exclusively") Signed-off-by: Florian Eckert <fe@dev.tdt.de> 2026-02-22T09:54:13Z Paul Donald 2026-02-16T19:01:50Z urn:sha1:2607b761549a4793eff91dcb60a287c05f631846 openvpn needs a proto handler. Here it is. Removed all of the up/down scripts from the init handler and made those entirely optional (with some ucode examples). The config options have been updated to reflect v 2.6/2.7, with a 'd' flag to denote deprecated. Deprecated flags are gated behind an 'allow_deprecated' config flag, which must be on to use them. Some flags will cease to work in the next version. Users should not be using compression. Openvpn has enough security holes and pitfalls already without using compression. Updated the example configs (left in place as legacy documentation) and removed older cryptos which do not exist in ovpn any longer. A migration script is included -x. /etc/config/openvpn entries become interface entries in /etc/config/network with proto='openvpn'. The source config is retained. Signed-off-by: Paul Donald <newtwen+github@gmail.com> https://github.com/openwrt/packages/pull/28533 2021-07-13T03:47:12Z Etienne Champetier 2021-07-04T18:14:30Z urn:sha1:03c3c924965a74b650a45394cc424b4d02f333f1 User that don't control both OpenVPN client and server might still need LZO support, so keep it enable by default for at least OpenSSL variant. Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com> 2020-12-11T16:07:53Z Michal Hrusecky 2020-11-16T13:34:19Z urn:sha1:0830dfa41c490252b6630f8e7627d634a2e6ed00 Some VPN providers require username and password for client to connect. This commit adds an option to specify username, password and cert_password directly in uci config which then gets expanded during start of openpvn client. Signed-off-by: Michal Hrusecky <michal.hrusecky@turris.com> 2020-12-01T21:04:38Z Magnus Kroken 2020-12-01T10:03:55Z urn:sha1:e4376793b4e093089543cb1bad64eef34ed25eca OpenVPN recommends disabling compression, as it may weaken the security of the connection. For users who need compression, we build with LZ4 support by default. LZO in OpenVPN pulls in liblzo at approx. 32 kB. OpenWrt users will no longer be able to connect to OpenVPN peers that require LZO compression, unless they build the OpenVPN package themselves. Signed-off-by: Magnus Kroken <mkroken@gmail.com> 2020-12-01T21:03:51Z Magnus Kroken 2020-12-01T09:57:07Z urn:sha1:2e55fc8b2d42682cd1c26e9827b7b6f47fb51398 New features: * Per client tls-crypt keys * ChaCha20-Poly1305 can be used to encrypt the data channel * Routes are added/removed via Netlink instead of ifconfig/route (unless iproute2 support is enabled). * VLAN support when using a TAP device Significant changes: * Server support can no longer be disabled. * Crypto support can no longer be disabled, remove nossl variant. * Blowfish (BF-CBC) is no longer implicitly the default cipher. OpenVPN peers prior to 2.4, or peers with data cipher negotiation disabled, will not be able to connect to a 2.5 peer unless option data_fallback_ciphers is set on the 2.5 peer and it contains a cipher supported by the client. Signed-off-by: Magnus Kroken <mkroken@gmail.com> 2020-12-01T20:37:37Z Rosen Penev 2020-12-01T20:36:46Z urn:sha1:4434915571b5c3dbc7d000215e48d8d0d60e41bc Signed-off-by: Rosen Penev <rosenp@gmail.com>