The OpenVPN application was designed to be a full-featured SSL VPN solution which can accomodate a wide range of configurations, including remote access, site-to-site VPNs, WiFi security, and enterprise-scale remote access solutions with load balancing.
OpenVPN implements OSI layer 2 or 3 secure network extension using the industry standard SSL/TLS protocol, supports flexible client authentication methods based on certificates, smart cards, and/or 2-factor authentication, and allows user or group-specific access control policies using firewall rules applied to the VPN virtual interface. OpenVPN is not a web application proxy and does not operate through a web browser.
# tunnel any IP subnetwork or virtual ethernet adapter over a single UDP or TCP port,
# configure a scalable, load-balanced VPN server farm using one or more machines which can handle thousands of dynamic connections from incoming VPN clients,
# use all of the encryption, authentication, and certification features of the OpenSSL library to protect your private network traffic as it transits the internet,
# use any cipher, key size, or HMAC digest (for datagram integrity checking) supported by the OpenSSL library,
# choose between static-key based conventional encryption or certificate-based public key encryption,
# use static, pre-shared keys or TLS-based dynamic key exchange,
# use real-time adaptive link compression and traffic-shaping to manage link bandwidth utilization,
# tunnel networks whose public endpoints are dynamic such as DHCP or dial-in clients,
# tunnel networks through connection-oriented stateful firewalls without having to use explicit firewall rules,
# tunnel networks over NAT,
# create secure ethernet bridges using virtual tap devices, and
# control OpenVPN using a GUI on Windows or Mac OS X.
Changelog for this release:
* Fix problem with special case route targets ('remote_host'). The init_route() function will leave &netlist untouched for get_special_addr() routes ("remote_host" being one of them).
netlist is on stack, contains random garbage, and netlist.len will not be 0 - thus, random stack data is copied from netlist.data until the route_list is full.
Thanks to Teodo MICU and Gert Doering for finding and fixing this issue.