turnkey-openvpn-18.1 (1) turnkey; urgency=low * v18.1 rebuild - includes latest Debian & TurnKey packages. * Update/fix TLS config - closes #1996. [Stefan Davis ] * Configuration console (confconsole) - v2.1.6+2+ge808780: - Fix password quoting in mail relay plugin - support SASL passwords including spaces - closes #1994. - Bugfix broken DNS-01 Let's Encrypt challenge - closes #1876 & #1895. Fixed in v2.1.5 - already included in some appliances. - Let's Encrypt/Dehydrated - bugfix cron failure - closes #1962. - General dehydrated-wrapper code cleanup - now passes shellcheck. * Web management console (webmin): - Include webmin-logviewer module by default - closes #1866. - Replace webmin-shell with webmin-xterm module by default - closes #1904. * Reduce log noise by creating ntpsec log dir - closes #1952. -- Jeremy Davis Mon, 18 Nov 2024 06:14:22 +0000 turnkey-openvpn-18.0 (1) turnkey; urgency=low * Install OpenVPN from Debian repos - v2.6.3. [Anton Pyrogovskyi ] * Helper scripts updated to match upstream changes from easy-rsa. [Anton Pyrogovskyi ] * Helper script renamed: 'openvpn-revoke' -> 'openvpn-removeclient' - to make it's intention clearer (and consistent with Wireguard appliance) - closes #1347. [Anton Pyrogovskyi ] * Landing page notes updated to match changes. [Anton Pyrogovskyi ] * lighttpd config updated to match upstream changes. [Anton Pyrogovskyi ] * Shell scripts linted. [Anton Pyrogovskyi ] * Confconsole: bugfix broken DNS-01 Let's Encrypt challenge- closes #1876 & #1895. [Jeremy Davis ] * Ensure hashfile includes URL to public key - closes #1864. * Include webmin-logviewer module by default - closes #1866. * Upgraded base distribution to Debian 12.x/Bookworm. * Configuration console (confconsole): - Support for DNS-01 Let's Encrypt challenges. [ Oleh Dmytrychenko github: @NitrogenUA ] - Support for getting Let's Encrypt cert via IPv6 - closes #1785. - Refactor network interface code to ensure that it works as expected and supports more possible network config (e.g. hotplug interfaces & wifi). - Show error message rather than stacktrace when window resized to incompatable resolution - closes #1609. [ Stefan Davis ] - Bugfix exception when quitting configuration of mail relay. [ Oleh Dmytrychenko github: @NitrogenUA ] - Improve code quality: implement typing, fstrings and make (mostly) PEP8 compliant. [Stefan Davis & Jeremy Davis * Firstboot Initialization (inithooks): - Refactor start up (now hooks into getty process, rather than having it's own service). [ Stefan Davis ] - Refactor firstboot.d/01ipconfig (and 09hostname) to ensure that hostname is included in dhcp info when set via inithooks. - Package turnkey-make-ssl-cert script (from common overlay - now packaged as turnkey-ssl). Refactor relevant scripts to leverage turnkey-ssl. - Refactor run script - use bashisms and general tidying. - Show blacklisted password characters more nicely. - Misc packaging changes/improvements. - Support returning output from MySQL - i.e. support 'SELECT'. (Only applies to apps that include MySQL/MariaDB). * Web management console (webmin): - Upgraded webmin to v2.105. - Replace webmin-shell with webmin-xterm module by default - closes #1904. - Removed stunnel reverse proxy (Webmin hosted directly now). - Ensure that Webmin uses HTTPS with default cert (/etc/ssl/private/cert.pem). - Disabled Webmin Let's Encrypt (for now). * Web shell (shellinabox): - Completely removed in v18.0 (Webmin now has a proper interactive shell). * Backup (tklbam): - Ported dependencies to Debian Bookworm; otherwise unchanged. * Security hardening & improvements: - Generate and use new TurnKey Bookworm keys. - Automate (and require) default pinning for packages from Debian backports. Also support non-free backports. * IPv6 support: - Adminer (only on LAMP based apps) listen on IPv6. - Nginx/NodeJS (NodeJS based apps only) listen on IPv6. * Misc bugfixes & feature implementations: - Remove rsyslog package (systemd journal now all that's needed). - Include zstd compression support. - Enable new non-free-firmware apt repo by default. - Improve turnkey-artisan so that it works reliably in cron jobs (only Laravel based LAMP apps). -- Jeremy Davis Wed, 13 Mar 2024 07:28:18 +0000 turnkey-openvpn-17.1 (1) turnkey; urgency=low * Updated all Debian packages to latest. [ autopatched by buildtasks ] * Patched bugfix release. Closes #1734. [ autopatched by buildtasks ] -- Jeremy Davis Fri, 11 Nov 2022 02:00:46 +0000 turnkey-openvpn-17.0 (1) turnkey; urgency=low * Updated all relevant Debian packages to Bullseye/11 versions * Close #1522 (set timezone in inithook) * Close #1328 (initfence not working on aws) * Note: Please refer to turnkey-core's 17.0 changelog for changes common to all appliances. Here we only describe changes specific to this appliance. -- Stefan Davis Wed, 20 Jul 2022 03:01:51 +0000 turnkey-openvpn-16.1 (1) turnkey; urgency=low * Rebuilt against latest Debian Buster * Note: Please refer to turnkey-core's 16.1 changelog for changes common to all appliances. Here we only describe changes specific to this appliance. -- Stefan Davis Mon, 26 Apr 2021 17:14:11 +1000 turnkey-openvpn-16.0 (1) turnkey; urgency=low * Latest Debian Buster package version of OpenVPN and other components. * Note: Please refer to turnkey-core's changelog for changes common to all appliances. Here we only describe changes specific to this appliance. -- Stefan Davis Mon, 12 Oct 2020 17:50:31 +1100 turnkey-openvpn-15.2 (1) turnkey; urgency=low * Add Confconsole convienence scripts - closes #992. [ Zhenya Hvorostian ] -- Jeremy Davis Fri, 22 Mar 2019 09:55:54 +1100 turnkey-openvpn-15.1 (1) turnkey; urgency=low * extend default_crl_days to 1095 (i.e. CRL expiry = 3 years) - closes #1291 * Update openvpn-addclient script to current standards, include 'remote-cert-tls server' & 'auth-nocache' - closes #1264. [ https://github.com/AlejandroBOFH ] * Refacter openvpn-addclient script to accept '--no-authcache' as an optional argument so 'auth-nocache' is optional rather than being forced. -- Jeremy Davis Thu, 07 Feb 2019 15:32:15 +1100 turnkey-openvpn-15.0 (1) turnkey; urgency=low * Latest Debian Stretch package version of OpenVPN and other components. * Workaround EasyRSA bug by providing symlink - see further discussion: https://github.com/turnkeylinux-apps/openvpn/pull/22#discussion_r221468138 - closes #1200. [ Stefan Davis & Anton Pyrogovskyi ] * Create /dev/net/tun device when running within a container - via addition of openvpn-tun.service - closes #1011. [ Anton Pyrogovskyi & Jeremy Davis ] * Note: Please refer to turnkey-core's changelog for changes common to all appliances. Here we only describe changes specific to this appliance. -- Stefan Davis Mon, 24 Sep 2018 00:52:47 +1000 turnkey-openvpn-14.2 (1) turnkey; urgency=low * Support encrypted private key (optional). - Thanks to @JelteF (Jelte Fennema on GitHub) for initial PR. * Fix addclient private subnet problem [#772]. - Thanks to @swamilad (on GitHub) for reporting issue & posting workaround. * Fix OpenVPN trademark compliance (updated readme & logo) [#774]. * Fix /etc/cron.hourly/openvpn-profiles-delexpired cronjob [#800]. - Thanks to @ainkinen (Antti-Jussi Inkinen on GitHub) for reporting issue & providing PR. * Installed security updates. * Note: Please refer to turnkey-core's changelog for changes common to all appliances. Here we only describe changes specific to this appliance. -- Jeremy Davis Wed, 03 May 2017 10:50:18 +1000 turnkey-openvpn-14.1 (1) turnkey; urgency=low * Fix LigHTTPd bug in 15regen-sllcert (#512). * Note: Please refer to turnkey-core's changelog for changes common to all appliances. Here we only describe changes specific to this appliance. -- Jeremy Davis Thu, 18 Feb 2016 15:19:03 +1100 turnkey-openvpn-14.0 (1) turnkey; urgency=low * Latest Debian Jessie package version of OpenVPN and other components. * Easy-RSA installed from Debian repos: - Now packaged separately to openVPN * Hardened default lighttpd SSL settings * Note: Please refer to turnkey-core's changelog for changes common to all appliances. Here we only describe changes specific to this appliance. -- Jeremy Davis Mon, 08 Jun 2015 19:32:46 +1000 turnkey-openvpn-13.0 (1) turnkey; urgency=low * Initial public release of TurnKey OpenVPN. * OpenVPN related: - Inithook supporting server, gateway, client profiles (convenience). - Custom openvpn-addclient script generating client profile (convenience). - Expiring obfuscated profile download urls with QR code (convenience, security). - Supports SSL/TLS certificates for auth and key exchange (security). - Configured to drop privilages (security). - Configured to run in chroot jail dedicated to CRL (security). - Configured to use TLS-Auth HMAC verification (security). * Note: Please refer to turnkey-core's changelog for changes common to all appliances. Here we only describe changes specific to this appliance. -- Alon Swartz Wed, 28 Aug 2013 17:58:06 +0300