Lots of improvements, seems to work fine here but please check that your use case still works.
https://github.com/OpenVPN/openvpn/blob/master/Changes.rst (See "Deprecated features" and "User-visible Changes".) Index: Makefile =================================================================== RCS file: /cvs/ports/net/openvpn/Makefile,v retrieving revision 1.70 diff -u -p -r1.70 Makefile --- Makefile 18 Dec 2016 18:58:01 -0000 1.70 +++ Makefile 17 Jan 2017 08:21:00 -0000 @@ -2,7 +2,7 @@ COMMENT= easy-to-use, robust, and highly configurable VPN -DISTNAME= openvpn-2.3.14 +DISTNAME= openvpn-2.4.0 CATEGORIES= net security HOMEPAGE= https://openvpn.net/index.php/open-source/ @@ -12,18 +12,19 @@ MAINTAINER= Jeremie Courreges-Anglas <jc # GPLv2 only PERMIT_PACKAGE_CDROM= Yes -WANTLIB += c crypto ssl lzo2 +WANTLIB += c crypto lz4 lzo2 ssl MASTER_SITES= http://swupdate.openvpn.net/community/releases/ -LIB_DEPENDS= archivers/lzo2 +LIB_DEPENDS= archivers/lzo2 \ + archivers/lz4 SEPARATE_BUILD= Yes CONFIGURE_STYLE= gnu CONFIGURE_ARGS+= --enable-password-save -CONFIGURE_ENV= CFLAGS="${CFLAGS} -I${LOCALBASE}/include" \ - LDFLAGS="-L${LOCALBASE}/lib" +CONFIGURE_ENV= CPPFLAGS="-I${LOCALBASE}/include" \ + LDFLAGS="-L${LOCALBASE}/lib ${LDFLAGS}" SAMPLES_DIR= ${PREFIX}/share/examples/openvpn @@ -37,11 +38,11 @@ SAMPLES_DIR= ${PREFIX}/share/examples/op #.endif post-install: - ${INSTALL_DATA_DIR} ${SAMPLES_DIR}/sample-config-files \ - ${SAMPLES_DIR}/sample-keys ${SAMPLES_DIR}/sample-scripts - find ${WRKSRC}/sample/sample-config-files/ -type f \! -name "*.orig" \ - -exec ${INSTALL_DATA} {} ${SAMPLES_DIR}/sample-config-files \; - ${INSTALL_DATA} ${WRKSRC}/sample/sample-keys/* ${SAMPLES_DIR}/sample-keys - ${INSTALL_DATA} ${WRKSRC}/sample/sample-scripts/* ${SAMPLES_DIR}/sample-scripts + cd ${WRKSRC}/sample/; \ + find sample-config-files sample-keys sample-scripts -type d \ + -exec ${INSTALL_DATA_DIR} ${SAMPLES_DIR}/{} ';' ; \ + find sample-config-files sample-keys sample-scripts -type f \ + '(' ! -name '*.orig' -a ! -name '.gitignore' ')' \ + -exec ${INSTALL_DATA} {} ${SAMPLES_DIR}/{} ';' .include <bsd.port.mk> Index: distinfo =================================================================== RCS file: /cvs/ports/net/openvpn/distinfo,v retrieving revision 1.34 diff -u -p -r1.34 distinfo --- distinfo 18 Dec 2016 18:58:01 -0000 1.34 +++ distinfo 17 Jan 2017 08:21:00 -0000 @@ -1,2 +1,2 @@ -SHA256 (openvpn-2.3.14.tar.gz) = K1W5NCTkiauLeNDtdej5kqs0BSzWZrxNakFEGRkUO5c= -SIZE (openvpn-2.3.14.tar.gz) = 1241145 +SHA256 (openvpn-2.4.0.tar.gz) = 8h21JbPAOpu9Cnq20OT7r4kC8ji/U7i8TgT4NOTnyqQ= +SIZE (openvpn-2.4.0.tar.gz) = 1409019 Index: patches/patch-configure =================================================================== RCS file: /cvs/ports/net/openvpn/patches/patch-configure,v retrieving revision 1.13 diff -u -p -r1.13 patch-configure --- patches/patch-configure 29 Nov 2016 09:22:02 -0000 1.13 +++ patches/patch-configure 17 Jan 2017 08:21:00 -0000 @@ -1,7 +1,7 @@ $OpenBSD: patch-configure,v 1.13 2016/11/29 09:22:02 jca Exp $ ---- configure.orig Thu Nov 3 09:52:52 2016 -+++ configure Fri Nov 18 17:49:59 2016 -@@ -17092,7 +17092,7 @@ fi +--- configure.orig Tue Dec 27 12:22:04 2016 ++++ configure Tue Jan 17 03:33:06 2017 +@@ -17090,7 +17090,7 @@ fi plugindir="${with_plugindir}" Index: patches/patch-include_Makefile_in =================================================================== RCS file: /cvs/ports/net/openvpn/patches/patch-include_Makefile_in,v retrieving revision 1.6 diff -u -p -r1.6 patch-include_Makefile_in --- patches/patch-include_Makefile_in 29 Nov 2016 09:22:02 -0000 1.6 +++ patches/patch-include_Makefile_in 17 Jan 2017 08:21:00 -0000 @@ -1,7 +1,7 @@ $OpenBSD: patch-include_Makefile_in,v 1.6 2016/11/29 09:22:02 jca Exp $ ---- include/Makefile.in.orig Thu Nov 3 09:52:54 2016 -+++ include/Makefile.in Tue Nov 29 10:18:42 2016 -@@ -316,7 +316,7 @@ host_cpu = @host_cpu@ +--- include/Makefile.in.orig Tue Dec 27 12:22:04 2016 ++++ include/Makefile.in Tue Jan 17 03:33:06 2017 +@@ -322,7 +322,7 @@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ Index: patches/patch-src_openvpn_route_c =================================================================== RCS file: /cvs/ports/net/openvpn/patches/patch-src_openvpn_route_c,v retrieving revision 1.6 diff -u -p -r1.6 patch-src_openvpn_route_c --- patches/patch-src_openvpn_route_c 18 Dec 2016 18:58:01 -0000 1.6 +++ patches/patch-src_openvpn_route_c 17 Jan 2017 08:21:00 -0000 @@ -2,26 +2,26 @@ $OpenBSD: patch-src_openvpn_route_c,v 1. - add support for on-link routes ---- src/openvpn/route.c.orig Wed Dec 7 12:35:43 2016 -+++ src/openvpn/route.c Tue Dec 13 18:55:42 2016 -@@ -1501,12 +1501,17 @@ add_route (struct route_ipv4 *r, - argv_printf_cat (&argv, "-rtt %d", r->metric); +--- src/openvpn/route.c.orig Mon Dec 26 12:51:00 2016 ++++ src/openvpn/route.c Tue Jan 17 03:36:54 2017 +@@ -1758,12 +1758,17 @@ add_route(struct route_ipv4 *r, + } #endif -- argv_printf_cat (&argv, "-net %s %s -netmask %s", -+ argv_printf_cat (&argv, "-net %s -netmask %s", - network, -- gateway, - netmask); +- argv_printf_cat(&argv, "-net %s %s -netmask %s", ++ argv_printf_cat (&argv, "-net %s -netmask %s", + network, +- gateway, + netmask); -- /* FIXME -- add on-link support for OpenBSD/NetBSD */ -+ /* FIXME -- add on-link support for NetBSD */ +- /* FIXME -- add on-link support for OpenBSD/NetBSD */ ++ /* FIXME -- add on-link support for NetBSD */ +#ifdef TARGET_OPENBSD -+ if (is_on_link (is_local_route, flags, rgi)) -+ argv_printf_cat (&argv, "-link -iface %s", rgi->iface); -+ else ++ if (is_on_link (is_local_route, flags, rgi)) ++ argv_printf_cat (&argv, "-link -iface %s", rgi->iface); ++ else +#endif -+ argv_printf_cat (&argv, "%s", gateway); ++ argv_printf_cat (&argv, "%s", gateway); - argv_msg (D_ROUTE, &argv); - status = openvpn_execve_check (&argv, es, 0, "ERROR: OpenBSD/NetBSD route add command failed"); + argv_msg(D_ROUTE, &argv); + status = openvpn_execve_check(&argv, es, 0, "ERROR: OpenBSD/NetBSD route add command failed"); Index: patches/patch-src_openvpn_tun_c =================================================================== RCS file: /cvs/ports/net/openvpn/patches/patch-src_openvpn_tun_c,v retrieving revision 1.10 diff -u -p -r1.10 patch-src_openvpn_tun_c --- patches/patch-src_openvpn_tun_c 18 Dec 2016 18:58:01 -0000 1.10 +++ patches/patch-src_openvpn_tun_c 17 Jan 2017 08:21:00 -0000 @@ -2,38 +2,38 @@ $OpenBSD: patch-src_openvpn_tun_c,v 1.10 - no need for link0 any more, we have separate tap interfaces ---- src/openvpn/tun.c.orig Wed Dec 7 12:35:43 2016 -+++ src/openvpn/tun.c Tue Dec 13 18:17:14 2016 -@@ -928,7 +928,7 @@ do_ifconfig (struct tuntap *tt, - /* example: ifconfig tun2 10.2.0.2 10.2.0.1 mtu 1450 netmask 255.255.255.255 up */ - if (tun) - argv_printf (&argv, -- "%s %s %s %s mtu %d netmask 255.255.255.255 up -link0", -+ "%s %s %s %s mtu %d netmask 255.255.255.255 up", - IFCONFIG_PATH, - actual, - ifconfig_local, -@@ -940,7 +940,7 @@ do_ifconfig (struct tuntap *tt, - { - remote_end = create_arbitrary_remote( tt ); - argv_printf (&argv, -- "%s %s %s %s mtu %d netmask %s up -link0", -+ "%s %s %s %s mtu %d netmask %s up", - IFCONFIG_PATH, - actual, - ifconfig_local, -@@ -950,8 +950,13 @@ do_ifconfig (struct tuntap *tt, - ); - } - else -+ /* -+ * OpenBSD has distinct tun and tap devices -+ * so we don't need the "link0" extra parameter to specify we want to do -+ * tunneling at the ethernet level -+ */ - argv_printf (&argv, -- "%s %s %s netmask %s mtu %d broadcast %s link0", -+ "%s %s %s netmask %s mtu %d broadcast %s", - IFCONFIG_PATH, - actual, - ifconfig_local, +--- src/openvpn/tun.c.orig Mon Dec 26 12:51:00 2016 ++++ src/openvpn/tun.c Tue Jan 17 03:39:13 2017 +@@ -1196,7 +1196,7 @@ do_ifconfig(struct tuntap *tt, + if (tun) + { + argv_printf(&argv, +- "%s %s %s %s mtu %d netmask 255.255.255.255 up -link0", ++ "%s %s %s %s mtu %d netmask 255.255.255.255 up", + IFCONFIG_PATH, + actual, + ifconfig_local, +@@ -1208,7 +1208,7 @@ do_ifconfig(struct tuntap *tt, + { + remote_end = create_arbitrary_remote( tt ); + argv_printf(&argv, +- "%s %s %s %s mtu %d netmask %s up -link0", ++ "%s %s %s %s mtu %d netmask %s up", + IFCONFIG_PATH, + actual, + ifconfig_local, +@@ -1219,8 +1219,13 @@ do_ifconfig(struct tuntap *tt, + } + else + { ++ /* ++ * OpenBSD has distinct tun and tap devices ++ * so we don't need the "link0" extra parameter to specify we want to do ++ * tunneling at the ethernet level ++ */ + argv_printf(&argv, +- "%s %s %s netmask %s mtu %d broadcast %s link0", ++ "%s %s %s netmask %s mtu %d broadcast %s", + IFCONFIG_PATH, + actual, + ifconfig_local, Index: pkg/PLIST =================================================================== RCS file: /cvs/ports/net/openvpn/pkg/PLIST,v retrieving revision 1.19 diff -u -p -r1.19 PLIST --- pkg/PLIST 29 Nov 2016 09:22:02 -0000 1.19 +++ pkg/PLIST 17 Jan 2017 08:21:00 -0000 @@ -2,6 +2,7 @@ @newgroup _openvpn:577 @newuser _openvpn:577:_openvpn:daemon:OpenVPN Daemon:/nonexistent:/sbin/nologin include/openvpn/ +include/openvpn/openvpn-msg.h include/openvpn/openvpn-plugin.h lib/openvpn/ lib/openvpn/plugins/ @@ -13,6 +14,7 @@ lib/openvpn/plugins/openvpn-plugin-down- share/doc/openvpn/ share/doc/openvpn/COPYING share/doc/openvpn/COPYRIGHT.GPL +share/doc/openvpn/Changes.rst share/doc/openvpn/README share/doc/openvpn/README.IPv6 share/doc/openvpn/README.down-root @@ -50,10 +52,36 @@ share/examples/openvpn/sample-keys/clien share/examples/openvpn/sample-keys/dh2048.pem share/examples/openvpn/sample-keys/gen-sample-keys.sh share/examples/openvpn/sample-keys/openssl.cnf +share/examples/openvpn/sample-keys/sample-ca/ +share/examples/openvpn/sample-keys/sample-ca/01.pem +share/examples/openvpn/sample-keys/sample-ca/02.pem +share/examples/openvpn/sample-keys/sample-ca/03.pem +share/examples/openvpn/sample-keys/sample-ca/ca.crl +share/examples/openvpn/sample-keys/sample-ca/ca.crt +share/examples/openvpn/sample-keys/sample-ca/ca.key +share/examples/openvpn/sample-keys/sample-ca/client-pass.key +share/examples/openvpn/sample-keys/sample-ca/client-revoked.crt +share/examples/openvpn/sample-keys/sample-ca/client-revoked.csr +share/examples/openvpn/sample-keys/sample-ca/client-revoked.key +share/examples/openvpn/sample-keys/sample-ca/client.crt +share/examples/openvpn/sample-keys/sample-ca/client.csr +share/examples/openvpn/sample-keys/sample-ca/client.key +share/examples/openvpn/sample-keys/sample-ca/client.p12 +share/examples/openvpn/sample-keys/sample-ca/index.txt +share/examples/openvpn/sample-keys/sample-ca/index.txt.attr +share/examples/openvpn/sample-keys/sample-ca/index.txt.attr.old +share/examples/openvpn/sample-keys/sample-ca/index.txt.old +share/examples/openvpn/sample-keys/sample-ca/secp256k1.pem +share/examples/openvpn/sample-keys/sample-ca/serial +share/examples/openvpn/sample-keys/sample-ca/serial.old +share/examples/openvpn/sample-keys/sample-ca/server.crt +share/examples/openvpn/sample-keys/sample-ca/server.csr +share/examples/openvpn/sample-keys/sample-ca/server.key share/examples/openvpn/sample-keys/server-ec.crt share/examples/openvpn/sample-keys/server-ec.key share/examples/openvpn/sample-keys/server.crt share/examples/openvpn/sample-keys/server.key +share/examples/openvpn/sample-keys/ta.key share/examples/openvpn/sample-scripts/ share/examples/openvpn/sample-scripts/auth-pam.pl share/examples/openvpn/sample-scripts/bridge-start -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
