Mirror of packages feed https://git.openwrt.org/feed/packages/atom?h=master 2026-02-22T09:54:13Z 2026-02-22T09:54:13Z Paul Donald 2026-02-16T19:01:50Z urn:sha1:2607b761549a4793eff91dcb60a287c05f631846 openvpn needs a proto handler. Here it is. Removed all of the up/down scripts from the init handler and made those entirely optional (with some ucode examples). The config options have been updated to reflect v 2.6/2.7, with a 'd' flag to denote deprecated. Deprecated flags are gated behind an 'allow_deprecated' config flag, which must be on to use them. Some flags will cease to work in the next version. Users should not be using compression. Openvpn has enough security holes and pitfalls already without using compression. Updated the example configs (left in place as legacy documentation) and removed older cryptos which do not exist in ovpn any longer. A migration script is included -x. /etc/config/openvpn entries become interface entries in /etc/config/network with proto='openvpn'. The source config is retained. Signed-off-by: Paul Donald <newtwen+github@gmail.com> https://github.com/openwrt/packages/pull/28533 2024-07-03T19:55:24Z Clemens Hopfer 2024-07-02T20:49:02Z urn:sha1:1cf592503b42956a422804d8b84ab25ea7e16d10 External scripts may only be specified with script-security 2 or higher, otherwise OpenVPN fails at tunnel startup with an error. This changes the previously hardcoded hotplug scripts to only be added if script-security is 2 or higher is used. Signed-off-by: Clemens Hopfer <openwrt@wireloss.net> 2024-02-20T20:35:16Z Dirk Brenken 2024-02-19T13:54:08Z urn:sha1:fe736b2f8c415e6d590931f1f1f504e1d18c579b Check the conffile existance (with .conf extension), before calling the function 'start_path_instance'. This fixes errors with non-existing and wrong spelling instances. Signed-off-by: Dirk Brenken <dev@brenken.org> - Update commit description Signed-off-by: Florian Eckert <fe@dev.tdt.de> 2024-01-30T00:06:13Z Erik Conijn 2024-01-17T12:31:37Z urn:sha1:61eb0a3d965a3a3e8eed24c9689e67c82a991203 Maintainer: @mkrkn @neheb Compile tested: armv7, cortexA15, OpenWRT 23.05 Run tested: Linksys EA8500 Compile tested: armv8, cortexA53, OpenWRT main Run tested: Dynalink DL-WRX36 Description: Script-security is always 2 and cannot be changed from the openvpn config file due to a missing rule in openvpn.init. This is discussed in issue #23014 This patch adds the missing rule in openvpn.init to parse script-security from the openvpn config file. Signed-off-by: Erik Conijn <egc112@msn.com> 2024-01-02T23:27:52Z Erik Conijn 2023-12-24T10:26:26Z urn:sha1:7735cdfe6046a4f8690c8cf7e4a05a8cff5622dd Maintainer: @mkrkn @neheb Compile tested: aarch64, cortex-a53, OpenWRT Master Run tested: Dynalink DL-WRX36 Description: [A previous commit](https://github.com/openwrt/packages/commit/f8a8b71e26b9bdbf86fbb7d4d1482637af7f3ba4) has added more script event options. However it looked like that commit was not complete as it stops the use of the script events route-up, route-pre-down, and ipchange when those are placed in the openvpn config file. This PR fixes a regression that makes it problematic to specify certain event options in the OpenVPN configuration file. Discussion in [this thread](https://forum.openwrt.org/t/openvpn-custom-route-up-script-in-23-05-rc2/167105/13) and [here](https://forum.openwrt.org/t/openvpn-route-up-and-route-pre-down-broken-in-23-05/176568) Please have a look and consider implementing or make it possible to use all script event options in the openvpn config file in another way. Pull request has been discussed and improved with the help of @AuthorReflex, see: https://github.com/openwrt/packages/pull/21732 Signed-off-by: Erik Conijn <egc112@msn.com> 2023-12-20T14:01:46Z Florian Eckert 2023-12-20T13:20:13Z urn:sha1:053e588162a8c559e1c1731cb8bf8d109576ca25 OpenVPN configurations that have a uci entry, the enable/enabled option can be used to control whether the OpenVPN connection should be started at system startup or not. OpenVPN configurations that are located under '/etc/openvpn/' are always started at system boot. To ensure that these connections can also be started later, they must 'not' be started automatically during system boot. This can be prevented with the following entry in the OpenVPN configuration. config globals 'globals' option autostart '0' These OpenVPN configurations can then be started later with the command. '/etc/init.d/openvpn start <name>' Signed-off-by: Florian Eckert <fe@dev.tdt.de> 2023-12-20T14:01:39Z Florian Eckert 2023-12-20T09:19:24Z urn:sha1:9a27865acbcd08acc703d0e9412a6fe93c12d4b6 This commit adds the possibility that an OpenVPN instance located under '/etc/openvpn' can also be started with the command. '/etc/init.d/openvpn start <name>' Signed-off-by: Florian Eckert <fe@dev.tdt.de> 2023-12-20T14:01:29Z Florian Eckert 2023-12-20T09:13:39Z urn:sha1:0b633a08867578fd028c17dd47f3250a22f17da3 This commit moves the part for starting an instance to a sub function. Signed-off-by: Florian Eckert <fe@dev.tdt.de> 2023-12-20T14:01:24Z Florian Eckert 2023-12-20T08:59:13Z urn:sha1:b2269ecbf779b712db8ef40203ef1bcaaf4175ce Move the start of the OpenVPN configurations in '/etc/openvpn' in a function. Signed-off-by: Florian Eckert <fe@dev.tdt.de> 2023-12-20T14:01:14Z Florian Eckert 2023-12-20T08:53:52Z urn:sha1:01d8f5c9befdce35d4d254aaa0793b8daa4b0008 Preparation commit to make it clear that this is a uci configuration. Signed-off-by: Florian Eckert <fe@dev.tdt.de>