Wednesday, August 12, 2009

1.25vpn3.4 release

You can download the binaries from here.

Source is available at the Git repository.
Be sure to read the COPYING file if you plan to use/distribute the sources.
Direct links:
Notable changes from 1.25vpn3.3
  • Upgraded to OpenVPN 2.1rc19
  • AES speed improvements (Thanks fyellin!)
  • More "Accept DNS configuration" options (strict/exclusive)
  • Add (dynamic) HOWTO links to GUI for key generation
  • TLS renegotiation time setting
  • WINS options pushed/accepted along with other DNS options
  • Option to not push server LAN route to clients
  • Option to leave comp-lzo directive out of confi altogether (now "Disable", "None" is equivalent to the old "Disable")
  • Non-VPN changes (also sent to Jon for inclusion in Tomato)
    • Multiple MAC addresses can share an IP for Static DHCP
    • EditDNS added to Dynamic DNS providers
  • Various code cleanups/improvements

Monday, June 1, 2009

1.25vpn3.3 release

You can download the binaries from here.

Source is available at the Git repository.
Be sure to read the COPYING file if you plan to use/distribute the sources.
Direct links:
Notable changes from 1.23vpn3.2
  • Moved to Tomato 1.25 baseline
  • AES cipher available! (Thanks fyellin!)
  • GUI option for redirecting internet traffic over tunnel
    • Options available for client and for server
  • GUI option to push DNS directives to clients
  • GUI option for client to accept DNS options from server
  • OpenVPN upgraded to 2.1rc16
  • Various code cleanups/improvements

Monday, May 4, 2009

Roadmap

Just thought I'd give a peek into my intentions for future features. As always, I'm open to comments/suggestions.
By the way, the comments section of this post would probably be the appropriate place for feature requests.
To-do items:
  • GUI for client-config-dir to allow full site-to-site
  • Get DNS over VPN working
  • Get client to accept dhcp-option items from server
    • At this point I'll also add a GUI option to push DNS from the server
  • GUI option to route Internet-bound traffic over the tunnel
    • This will probably include an option on the client and an option on the server to push it to clients
  • Upgrade OpenSSL
    • Might not be necessary now that fyellin ported AES back to the current OpenSSL version
  • Get OpenSSL to use encryption hardware where appropriate

Wish-list items (won't work on them until the to-do list is empty):
  • IPSec tunneling
  • PPTP tunneling

Not on the radar, but often requested:
  • SNMP
    • Perhaps it's that I don't fully see where this would be needed on the router, but I don't see myself taking time to learning about it and working out the kinks.
    • If someone can explain how it would greatly improve the VPN experience, I may reconsider
    • Of course, if someone adds a git branch with SNMP+GUI, it'd probably be easier to convince me to include it.

Friday, May 1, 2009

1.23vpn3.2 release

You can download the binaries from here.

Source is available at the Git repository.
Be sure to read the COPYING file if you plan to use/distribute the sources.
Direct links:
Notable changes from 1.23vpn3.0001
  • Status tab has nicer display for static-key servers
  • Added status tab for clients
  • GUI option to have server accept DNS requests from tunnel
  • Firewall rules now work when you have enabled logging of inbound blocked packets
    • Almost everyone shouldn't care about this
  • Various code cleanups/improvements

Saturday, April 11, 2009

1.23vpn3.0001 release

You can download the binaries from here.
This is a new download location, so let me know if there are problems.

Source is available at the Git repository.
Be sure to read the COPYING file if you plan to use/distribute the sources.
Direct links:Notable changes from 1.23vpn3.0000
  • GUI option to auto-start server/client with router
    • You no longer need start commands in your init script
  • Automatic firewall rules now work when DMZ is activated
  • Fixed a couple of minor GUI bugs
  • Various code cleanups/improvements

Thursday, March 19, 2009

Client-specific options

Of the new features in TomatoVPN 1.23vpn3.0000, the new client-specific options feature may be overshadowed by the more visible GUI overhaul and server status AJAX display. However, it is the feature I'm personally most excited about, so I thought I'd post to shed some light on it.

Using this option, you can have full bidirectional site-to-site TLS VPNs with no Custom Configuration or init scripts.

Selecting this option displays a table where you fill in the Common Name (from when you generated the TLS certificates), subnet (optional), and netmask (optional). If you fill in the subnet and netmask of the client, your server LAN will be able to communicate with your client LAN whenever it's connected (be sure not to choose the NAT option on the client router). Without this, you're stuck with just client->server communication.

If you also select the "Allow Client<->Client" option, another checkbox appears in the table that, when selected, allows other clients (or client LANs) to communicate with this client LAN. So, now you can have multiple sites all connected together with communication between any of them as desired.

An "allow only these clients" option is also present. With this selected, clients that aren't in the table are not allowed to connect. If you want to allow a client that doesn't have a LAN behind it (or you don't want to allow access to it), just put it in the table and leave the subnet/netmask blank.

With these options, this release removed the biggest limitation that's been present since the first release: having the VPN limited to client-initiated connections.

Feedback on this new feature is, of course, welcome and appreciated.

Sunday, March 15, 2009

1.23vpn3.0000 release

You can download the binaries from here.

Source is available at the Git repository.
Be sure to read the COPYING file if you plan to use/distribute the sources.
Direct links:Changes from 1.23vpn2.0006
  • Split the GUI into sections
  • Added server status to the GUI (via AJAX)
  • Make client-specific options (client-config-dir) configurable via GUI.
  • service vpn[server|client][1|2] now checks if already started
    • This makes the vpnup.sh script unnecessary.
  • Re-upgraded OpenVPN to 2.1rc15 from 2.1rc13
    • The downgrade didn't seem to solve anything
  • Various code cleanups/improvements

Older releases

Older releases can be found at the following locations:
  • Build 1.23vpn2.0006 can be downloaded here.
  • Build 1.23vpn2.0005 can be downloaded here.
  • Build 1.22vpn2.0005 can be downloaded here.
  • Build 1.22vpn2.0004 can be downloaded here.
  • Build 1.22vpn2.0002 can be downloaded here. Bug in automatic firewall rules; use newer builds.
  • Build 1.21vpn2.0001 can be downloaded here.
  • Build 1.21vpn1.0017 can be downloaded here.
  • Build 1.21vpn1.0016 can be downloaded here. Bug when using tcp; use newer builds.
  • Build 1.21vpn0087 can be downloaded here.