All notable changes to this project will be documented in this file. Each new release typically also includes the latest modulesync defaults. These should not affect the functionality of the module.
v10.3.0 (2022-08-24)
Implemented enhancements:
v10.2.1 (2022-06-28)
Fixed bugs:
v10.2.0 (2022-04-26)
Implemented enhancements:
- Add support for easyrsa X509 DN mode 'cn_only' #432 (jkroepke)
- Add support for elliptic curve keys #431 (jkroepke)
v10.1.0 (2022-03-28)
Implemented enhancements:
- Add basic support for Solaris/Illumos/SmartOS #429 (smokris)
- Support custom_options in client_specific_config #428 (smokris)
v10.0.0 (2022-03-25)
Breaking changes:
- Remove openvpn::deploy #424 (jkroepke)
- Replace ns_cert_type with remote_cert_tls (**client config regeneration needed**) #415 (jkroepke)
- Drop Ubuntu 16.04 #413 (jkroepke)
- Disable compression and set cipher to AES-256-GCM by default #412 (jkroepke)
- Use Deferred functions instead facts #410 (jkroepke)
Implemented enhancements:
Closed issues:
- Client configurations with the new Deferred function aren't working #421
- Warning: Fact value '...' with the value length: '5274' exceeds the value length limit: 4096 #409
- openvpn facts not generated on server #352
- Fact openvpn exposes private keys #322
Merged pull requests:
v9.1.0 (2021-09-18)
Implemented enhancements:
- Add Debian 11 support #414 (root-expert)
Closed issues:
Merged pull requests:
v9.0.0 (2021-08-09)
Breaking changes:
- Drop Puppet 5 support #399 (root-expert)
- Drop CentOS 6 support #393 (bastelfreak)
- Drop EOL Debian 8 support #388 (bastelfreak)
Implemented enhancements:
- Add Ubuntu 20.04 support #401 (root-expert)
- Add Puppet 7 support #400 (root-expert)
Closed issues:
- FREQ: Please update/certify for Ubuntu 20.04 LTS support please #395
Merged pull requests:
- Update badges in README and regenerate REFERENCE #406 (root-expert)
- Change ensure to "installed" instead of "present" in specs #405 (root-expert)
- Allow puppetlabs/concat and puppetlabs/stdlib 7.x #404 (root-expert)
- Fix typo #397 (itzwam)
- fix(client): Handle expire value for easyrsa version 3 #392 (Turgon37)
v8.3.0 (2020-10-20)
Debian 8 is end of life since a few months. We do not support EOL operating systems. This is the last puppet-openvpn release with Debian 8 support. Afterwards we will do a 9.0.0 release which only supports Debian 9 and 10.
Implemented enhancements:
- Update code to set status parameter optional #385 (smutel)
- Add Debian Buster support #379 (NITEMAN)
- Enable revocation when easyrsa version 3.0 is used #369 (Rubueno)
- Add RHEL 8 support #364 (yakatz)
- Add remote-random and remote-random-hostname to managed server parameters #363 (yakatz)
- Add debian buster to collect easyrsa fact #362 (smutel)
- Optionally manage logfile parent directory #343 (Bluewind)
- Add scripts with server #339 (yakatz)
Fixed bugs:
- Fixes #374 - Revocation command update and crl renew #375 (Rubueno)
- Update server.erb - fix proto for tcp client mode #349 (jimirocks)
Closed issues:
Merged pull requests:
- Repair link to REFERENCE.md in README.md #366 (gabe-sky)
- drop Ubuntu 14.04 support #361 (bastelfreak)
- Clean up acceptance spec helper #356 (ekohl)
- cleanup types in openvpn::client_specific_config #342 (bastelfreak)
v8.2.0 (2019-07-19)
Implemented enhancements:
- Add tls_crypt #334 (jkroepke)
- Adjust clients $compression type to match servers #333 (jkroepke)
- client_specific_config: add support for ifconfig-ipv6-push #235 (invidian)
Fixed bugs:
- Apparently openvpn 2.4 needs double quotes around client specific push options #329
- Only output ldap_tls_client_cert_file and ldap_tls_client_key_file when set #341 (Bluewind)
- Allow puppetlabs/concat 6.x, puppetlabs/stdlib 6.x #340 (dhoppe)
- use double quotes on all push options #330 (qs5779)
Closed issues:
- var renaming overlooked KEY_DIR => EASYRSA_PKI #336
Merged pull requests:
- Add option to disable ordering dependencies on Openvpn::Client #344 (Bluewind)
- Updated KEY_DIR to match new variable #337 (xepa)
- Use stdlib functions for hash key discovery #324 (towo)
v8.1.0 (2019-02-03)
Fixed bugs:
v8.0.0 (2019-01-29)
Breaking changes:
- modulesync 2.5.1 and drop Puppet 4 support #325 (bastelfreak)
- Data in Modules, Modern facts & Cleanup #305 (jkroepke)
Implemented enhancements:
- Timeout when generating Diffie-Hellman parameters on a low-performance CPU #316
- Implement Ubuntu 18.04 support #306
- Should be an option to install openvpn from http://swupdate.openvpn.net/ repo #218
- Set DH timeout to accommodate low performance CPU #317 (dspinellis)
Fixed bugs:
- crl auto renewal broken with easyrsa 3.0 #318
- consider the easyrsa version to trigger the renew crl command #321 (Dan33l)
Closed issues:
- New release ? #323
- Non-executable easy-rsa files cause module to fail #313
- Do not fail fatal if OS is unsupported. #304
- Failures after upgrade #303
- OpenVPN is now generating blank/empty user certificates #225
Merged pull requests:
- updated documentation to conform with REFERENCE.md standard for forge #311 (danquack)
- add acceptance tests with real vpn client/server setup #310 (Dan33l)
- modulesync 2.2.0 and allow puppet 6.x #299 (bastelfreak)
v7.4.0 (2018-10-16)
Implemented enhancements:
- update supported OSes in params.pp #296 (Dan33l)
- use new fact easyrsa to configure easyrsa 2 or 3 #292 (Dan33l)
Fixed bugs:
- Support for easy-rsa version 3 #216
Closed issues:
- debian 7 support broken #291
- Epel has upgraded
easy-rsato version 3.x and removed 2.x, breaking the module #269
Merged pull requests:
- FreeBSD: change additional_packages to easy-rsa2 #301 (olevole)
- Update puppetlabs-stdlib dependency version in README #298 (simonrondelez)
- move concat version_requirement to >= 3.0.0 < 6.0.0 #294 (Dan33l)
- allow puppetlabs/stdlib 5.x #290 (bastelfreak)
- Remove deprecated hiera_hash #289 (Dan33l)
- Remove deprecated hiera_hash #276 (jkroepke)
v7.3.0 (2018-08-18)
Implemented enhancements:
Fixed bugs:
- Configuring management unix socket is no longer possible #274
- openvpn::server, documentation doesn't match the code for parameter 'port' #272
Merged pull requests:
- Remove docker nodesets #282 (bastelfreak)
- drop EOL OSs; fix puppet version range #280 (bastelfreak)
- Changed type for port in class documentation #273 (clxnetom)
v7.2.0 (2018-03-17)
Implemented enhancements:
Fixed bugs:
- Bug Fix: Ensure cipher and tls_cipher can be disabled entirely #270 (jcarr-sailthru)
Closed issues:
- Looking for Maintainers #228
v7.1.0 (2018-01-11)
Implemented enhancements:
Closed issues:
- Elegant solution for renewing CRL #236
v7.0.0 (2018-01-06)
Breaking changes:
Implemented enhancements:
v6.0.0 (2017-11-21)
Breaking changes:
Fixed bugs:
- Doesn't work properly with "remote" in openvpn::server #252
- Correct 252 #253 (cjeanneret)
Merged pull requests:
- replace validate_* with datatypes in init.pp #251 (bastelfreak)
v5.0.0 (2017-11-13)
Breaking changes:
Implemented enhancements:
v4.1.1 (2017-10-07)
v4.1.0 (2017-10-06)
Closed issues:
- Install openvpn & certs also on client nodes #231
- Download config has incorrect protocol #219
- Error while evaluating a Function Call, cannot currently create client configs when corresponding openvpn::server is extca_enabled #199
Merged pull requests:
- Fix auth tls ovpn profile and ldap auth file perms #220 (szponek)
- Correct path of openvpn-auth-pam.so on modern Debian distros. #217 (oc243)
- Add rhel6 support for ldap auth plugin #215 (miguelwhite)
- fix broken namespecific rclink #209 (alxwr)
- Fix namespecific_rclink variable warning for non BSD systems (#214)
- Workaround for MODULES-2874 (#201)
- Fix for external CA handling with exported resources (#201)
- Drop Support for Puppet 3.x (#212)
- Support for FreeBSD (#180)
- Support for port-share (#182/#185)
- Support for pre-shared keys (#186)
- Support LDAP anonymous binds (#189)
- Fix
.ovpnfiles generation (#190) - Support for external CAs (#192)
- Small Typo fix (#192)
- Fix support for Amazon Linux (#194)
- Client
pulloption (#195) - Allow
remote_hostto be an array of servers (#195) - More robust Shared CA handling (#191, #196)
- Support for Ubuntu 15.04 (#168)
- Support for specifying TLS-Cipher (#169)
- Support for specifying custom certificate expiry (#169)
- Support for README in download configs (#169)
- Support for Tunnelblick configurations (#169)
- Fix certificate revocation in Ubuntu Precise (#169)
- Use concat for ovpn generation (#176)
This will be the last version of version 2.x with new features.
- Support to send ipv6 routes (#153, #154)
- Support for
nobindparam for server in client mode (#156) - Fixing autostart_all behaviour (#163)
- Add systemd support for Debian >= 8.0 (#161)
- Support for Archlinux (#162)
- Support to enable/disable service management(#158)
- Fix installation for older Redhat based systems (#165)
- Add ability to specify custom options for clients (#167)
- Support for systems without
lsb-releasepackage (#134) - Support for Amazon EC2 OS (#134)
- Move default log path for status log to
/var/log/openvpn(#139) - Support for
formatparameter (#138) - Ability to configure autostart management on debian (#144)
- Fix ordering in
/etc/default/openvpnwith puppet future parser (#142 - Support for TLS auth when server acts as client (#147)
- Support for customer server options (#147)
- Allow disabling
ns-cert-type serverfor server-clients (#147) - Fix pam plugin path on RedHat/CentOS (#148)
- Fix server in client mode (#137)
- Support for removing a client specific conf file (#115)
- Support for
rcvbufandsndbuf(#116) - Fix RedHat and CentOS package selection (#97)
- Support for TLS and x509-name verification (#118)
- Fix unset client cipher producing invalid configs (#129)
- Support to share a CA between multiple server instances (#112)
- Support for systemd (#127)
- Support for setting
upand/ordownscripts for clients (#89) - Fixing the permissions of the created directories and files (#90, #92, #94, #102)
- Refactor templates to use instance variables instead of
scope.lookupvar(#100) - Add client mode server (#100)
- Move CA management into its own defined type (#100)
- Fix LDAP-Support on Debian Wheezy (#103)
- Support for status-version (#108)
- Change layout of downloadable client config to prevent overriding other client configurations when extracting the tarball (#104)
- Add
ns-cert-type serverfor server-clients (#109)
- Do not include deprecated
concat::setupanymore (#71) - Only warn about pam deprecation if it's used (#72)
- Ability to specify a
downscript (#75) - Support for
client-cert-not-requiredin server config (#76) - Support for
auth-retryin client config (#76) - Support for
setenvin client config (#79) - Support for
setenv_safein client config (#79) - Support for
cipherin client config (#80) - Support for
push routein client specific config (#80)
- Fix Ubuntu Trusty support (#64)
- Basic support to hand out IPv6 addresses (#66)
- Ability to specify the common name of a server (#65)
- Options for KEY_EXPIRE, CA_EXPIRE, KEY_NAME, KEY_OU, KEY_CN easy-rsa vars. (#58, #70)
- Options for cipher, verb, persist-key, persist-tun server directives. (#58, #70)
- A lot of stuff I don't know anymore 😞
* This Changelog was automatically generated by github_changelog_generator