OpenVPN Access Server 2.1.12 has been released today. Most of the changes made are small bug fixes and adjustments to default settings for new installations that will enhance the security of new setups. One major change is the ability to turn off TLS authentication. It is recommended to leave this on, and it is on by default, but some client systems just do not know how to do TLS auth and will be able to make a connection if TLS auth is switched off on the server side.

Release notes

Problems with gaps in sequentially ordered lists of keys in the configuration database are now automatically repaired when using sacli start on the command line.

TLS level 1.2 for the OpenVPN protocol is labeled the default for new installations. Upgrades of existing installations remain at the previously set level.

TLS level 1.1 for the web services is labeled the default for new installations. Upgrades of existing installations remain at the previously set level.

SSLv2 and SSLv3 support has been deprecated and will be removed completely in a future release.

SSL settings page is now renamed to TLS settings page, since TLS is now the prevalent technology and SSL is phasing out.

Alias interfaces like eth0:1 and such could not be selected for source NAT outgoing VPN client traffic. This bug has now been fixed.

An option has been added to completely disable TLS auth. This should only be used for compatibility with clients that offer no way to implement TLS auth at all.