Kube Openvpn Versions Save

Better metrics gathering using prometheus

Version bumps:

• alpine 3.7
• openvpn 2.4.4

Security release upgrading openvpn to 2.4.3, which patches bugs found by Guido Vranken (https://guidovranken.wordpress.com/2017/06/21/the-openvpn-post-audit-bug-bonanza/)

CVE-2017-7508 Remotely-triggerable ASSERT() on malformed IPv6 packet CVE-2017-7520 Pre-authentication remote crash/information disclosure CVE-2017-7521 Remote-triggerable memory leaks / potential double-free CVE-2017-7522 Post-authentication remote DoS with --x509-track

• based on alpine linux 3.6
• openvpn 2.4

• Add OVPN_MANAGEMENT_PORT for dynamic reconfiguration
• Add OVPN_STATUS for printing connection status info
• Minor fixes

Thanks @saadi and @deimosfr for your contributions.

Features:

• enable adding arbitrary routes through $OVPN_ROUTES. Properly fixes #37

Fixes:

• Properly push block-outside-dns option (#27, thanks @ajohnstone)

Other:

• Rename openvpn-ingress service to plain openvpn (#34)
• Slightly improved docs

Notable changes:

• Alpine Linux 3.5
• OpenVPN 2.3.14
• LibreSSL 2.4.4
• OpenSSL 1.0.2j-r2 (only used for easyrsa)
• Secure default cipher suites (protection against SWEET32 birthday attack)

Upgrade note: If your clients are not yet using OpenVPN 2.4, make sure they set cipher AES-256-CBC in their openvpn configuration. Newly generated client bundles will automatically have this option set.

Features:

• Support for 2nd factor OTP logins (eg google authenticator)
• Multiple settings for routing default gateway traffic

Fix:

• Better (optional) loading of CRL
• Some fixes to deployment strategy (thanks @ajohnstone)

Docs:

• FAQ
• Supported ENV variables
• Route back to client example

Fixed iptables bug introduced bug in 34ee22bb