Changes between Initial Version and Version 1 of ProtocolCompatibility


Ignore:
Timestamp:
07/24/14 14:40:15 (10 years ago)
Author:
Samuli Seppänen
Comment:

Migrated content from http://openvpn.net/index.php/open-source/documentation/miscellaneous/protocol-compatibility.html

Legend:

Unmodified
Added
Removed
Modified
  • ProtocolCompatibility

    v1 v1  
     1While OpenVPN has evolved quickly since its initial release in March 2002, all reasonable efforts have been made to preserve protocol compatibility across different OpenVPN versions.
     2
     3Several changes, however, have been made since version 1.1.0 that could affect compatibility.
     4
     5These notes assume that you are using OpenVPN 1.1.0 or later. Versions before 1.1.0 should be considered experimental.
     6
     7In version 1.3.0, the default --udp-mtu was changed from 1500 to 1300. If you want a 1.3.0 or later version of OpenVPN to talk to a 1.1.x or 1.2.x version, you should explicitly use --udp-mtu on both sides of the connection rather than depending on defaults.
     8
     9In version 1.5.x, the TLS-mode options string format was changed. This change will only affect you if you are using TLS-based security. Version 1.5.x is fully compatible with 1.4.x. Version 1.5.x can talk to 1.3.x, but you must use the --disable-occ flag on the 1.3.x peer. Version 1.5.x cannot talk with 1.2.x or earlier using TLS.
     10
     11In version 1.5.x, if you are using a TAP-style tunnel, the following default is used to simplify the configuration of ethernet bridging: --tun-mtu 1500 --tun-mtu-extra 32. If you are bridging to a 1.4.x peer or earlier, you should explicitly state the preceding options on the 1.4.x peer.
     12
     13In version 1.5.x, the Red Hat /etc/init.d/openvpn file has been changed to not enable IP forwarding by default (this was construed as being overly presumptuous for default behavior). IP forwarding can be easily enabled in a script or --up file with the command:
     14{{{
     15echo 1 > /proc/sys/net/ipv4/ip_forward
     16}}}
     17In version 1.5.x, --udp-mtu was renamed to --link-mtu since OpenVPN now supports both the UDP and TCP protocols for the tunnel transport layer. --udp-mtu will still be supported for compatibility.
     18
     19In version 1.5.x, --verb 5 is now a debugging level. For normal usage, --verb 4 should be considered an upper bound.
     20
     21In version 1.6.0 and up, the config file parser supports shell-escapes by preceding a character with a backslash. If you want to pass a backslash character itself, you must use two consecutive backslashes.
     22
     23In version 2.0, --tun-mtu 1500 --mssfix 1450 is now the default. In 1.x the default is --link-mtu 1300 for tun interfaces and --tun-mtu 1500 for tap interfaces, with --mssfix disabled).
     24
     25Also in verson 2.0, when using TLS, --key-method 2 is now the default. Use --key-method 1 on the 2.0 side to communicate with 1.x.
     26
     27Starting with version 2.0-beta12, OpenVPN has adopted a consistent approach to string remapping to prevent trusted or semi-trusted peers from sending maliciously crafted strings. The details are discussed in the String Types and Remapping section of the [wiki:Openvpn20ManPage man page].
     28
     29Starting with version 2.0-beta17, OpenVPN's default port number has been changed from 5000 to 1194 per an official port assignment by IANA in November 2004.
     30
     31Copyright © 2002-2008 by OpenVPN Technologies, Inc. < info@openvpn.net>. OpenVPN is a trademark of OpenVPN Technologies, Inc.