Skip to content

openvpn/4.0.0

You can find the source of this version on GitHub at dpb587/openvpn-bosh-release. It was created based on the commit 401cba7.

Release Notes

Please review these changes carefully - many properties and defaults have changed which may impact connectivity. While breaking changes are generally avoided, the goals of this release necessitated some significant changes. Those goals were: utilize modern BOSH features, encourage secure defaults, avoid duplicating features, and simplify configuration requirements.

Breaking Changes

  • properties are no longer prefixed with openvpn namespace
  • the openvpn job will no longer act as a client (see the new openvpn-client job)
  • the openvpn job improves security defaults (either explicitly use older values, or upgrade clients as necessary)
    • cipher is now AES-256-CBC (this must be in sync with clients; previous default BF-CBC)
    • tls_version_min is now 1.2 (requires clients 2.3.3+; previous default 1.0)
  • custom iptables rules are no longer managed (use the iptables job of networking release instead)
  • server and client certificates are now configured with the tls_server and tls_client properties, respectively (previously via ca_crt, certificate, and private_key properties)
  • certificate revocation lists for openvpn are now configured with the tls_crl property (previously via crl_pem property)

New Features

  • UDP is now supported (see protocol property of openvpn)
  • the openvpn compress option is now supported (see compress property of openvpn)
  • the openvpn tls-crypt option is now supported (see tls_crypt property of openvpn)
  • new extra_configs property of openvpn and openvpn-client (similar to extra_config, but accepts an array of openvpn directives)
  • new device property is now supported for explicit virtual network device usage
  • certificate-related properties can now be dynamically generated

Development & Tooling

  • git version tags now refer to the commit a release was created from (previously the commit which finalized the release was used)

Usage

You can reference this release in your deployment manifest from the releases section:

- name: "openvpn"
  version: "4.0.0"
  url: "https://bosh.io/d/github.com/dpb587/openvpn-bosh-release?v=4.0.0"
  sha1: "dfec894806972de17ff8bd072d136f13f73acd09"

Or upload it to your director with the upload-release command:

bosh upload-release --sha1 dfec894806972de17ff8bd072d136f13f73acd09 \
  "https://bosh.io/d/github.com/dpb587/openvpn-bosh-release?v=4.0.0"

Jobs

Packages