:closed_lock_with_key: Kubernetes native OpenVPN
Better metrics gathering using prometheus
Version bumps:
Security release upgrading openvpn to 2.4.3, which patches bugs found by Guido Vranken (https://guidovranken.wordpress.com/2017/06/21/the-openvpn-post-audit-bug-bonanza/)
CVE-2017-7508 Remotely-triggerable ASSERT() on malformed IPv6 packet CVE-2017-7520 Pre-authentication remote crash/information disclosure CVE-2017-7521 Remote-triggerable memory leaks / potential double-free CVE-2017-7522 Post-authentication remote DoS with --x509-track
OVPN_MANAGEMENT_PORT
for dynamic reconfigurationOVPN_STATUS
for printing connection status infoThanks @saadi and @deimosfr for your contributions.
Features:
$OVPN_ROUTES
. Properly fixes #37Fixes:
block-outside-dns
option (#27, thanks @ajohnstone)Other:
openvpn-ingress
service to plain openvpn
(#34)Notable changes:
Upgrade note:
If your clients are not yet using OpenVPN 2.4, make sure they set cipher AES-256-CBC
in their openvpn configuration. Newly generated client bundles will automatically have this option set.
Features:
Fix:
Docs:
Fixed iptables bug introduced bug in 34ee22bb