turnkey-openvpn-18.1 (1) turnkey; urgency=low

  * v18.1 rebuild - includes latest Debian & TurnKey packages.

  * Update/fix TLS config - closes #1996.
    [Stefan Davis <stefan@turnkeylinux.org>]

  * Configuration console (confconsole) - v2.1.6+2+ge808780:
    - Fix password quoting in mail relay plugin - support SASL
      passwords including spaces - closes #1994.
    - Bugfix broken DNS-01 Let's Encrypt challenge - closes #1876 & #1895.
      Fixed in v2.1.5 - already included in some appliances.
    - Let's Encrypt/Dehydrated - bugfix cron failure - closes #1962.
    - General dehydrated-wrapper code cleanup - now passes shellcheck.

  * Web management console (webmin):
    - Include webmin-logviewer module by default - closes #1866.
    - Replace webmin-shell with webmin-xterm module by default - closes #1904.

  * Reduce log noise by creating ntpsec log dir - closes #1952.

 -- Jeremy Davis <jeremy@turnkeylinux.org>  Mon, 18 Nov 2024 06:14:22 +0000

turnkey-openvpn-18.0 (1) turnkey; urgency=low

  * Install OpenVPN from Debian repos - v2.6.3.
    [Anton Pyrogovskyi <anton@turnkeylinux.org>]

  * Helper scripts updated to match upstream changes from easy-rsa.
    [Anton Pyrogovskyi <anton@turnkeylinux.org>]

  * Helper script renamed: 'openvpn-revoke' -> 'openvpn-removeclient' - to
    make it's intention clearer (and consistent with Wireguard appliance)
    - closes #1347.
    [Anton Pyrogovskyi <anton@turnkeylinux.org>]

  * Landing page notes updated to match changes.
    [Anton Pyrogovskyi <anton@turnkeylinux.org>]

  * lighttpd config updated to match upstream changes.
    [Anton Pyrogovskyi <anton@turnkeylinux.org>]

  * Shell scripts linted.
    [Anton Pyrogovskyi <anton@turnkeylinux.org>]

  * Confconsole: bugfix broken DNS-01 Let's Encrypt challenge- closes #1876 &
    #1895.
    [Jeremy Davis <jeremy@turnkeylinux.org>]

  * Ensure hashfile includes URL to public key - closes #1864.

  * Include webmin-logviewer module by default - closes #1866.

  * Upgraded base distribution to Debian 12.x/Bookworm.

  * Configuration console (confconsole):
    - Support for DNS-01 Let's Encrypt challenges.
      [ Oleh Dmytrychenko <dmytrychenko.oleh@gmail.com> github: @NitrogenUA ]
    - Support for getting Let's Encrypt cert via IPv6 - closes #1785.
    - Refactor network interface code to ensure that it works as expected and
      supports more possible network config (e.g. hotplug interfaces & wifi).
    - Show error message rather than stacktrace when window resized to
      incompatable resolution - closes  #1609.
      [ Stefan Davis <stefan@turnkeylinux.org> ]
    - Bugfix exception when quitting configuration of mail relay.
      [ Oleh Dmytrychenko <dmytrychenko.oleh@gmail.com> github: @NitrogenUA ]
    - Improve code quality: implement typing, fstrings and make (mostly) PEP8
      compliant.
      [Stefan Davis <stefan@turnkeylinux.org> & Jeremy Davis

  * Firstboot Initialization (inithooks):
    - Refactor start up (now hooks into getty process, rather than having it's
      own service).
      [ Stefan Davis <stefan@turnkeylinux.org> ]
    - Refactor firstboot.d/01ipconfig (and 09hostname) to ensure that hostname
      is included in dhcp info when set via inithooks.
    - Package turnkey-make-ssl-cert script (from common overlay - now packaged
      as turnkey-ssl). Refactor relevant scripts to leverage turnkey-ssl.
    - Refactor run script - use bashisms and general tidying.
    - Show blacklisted password characters more nicely.
    - Misc packaging changes/improvements.
    - Support returning output from MySQL - i.e. support 'SELECT'. (Only
      applies to apps that include MySQL/MariaDB).

  * Web management console (webmin):
    - Upgraded webmin to v2.105.
    - Replace webmin-shell with webmin-xterm module by default - closes #1904.
    - Removed stunnel reverse proxy (Webmin hosted directly now).
    - Ensure that Webmin uses HTTPS with default cert
      (/etc/ssl/private/cert.pem).
    - Disabled Webmin Let's Encrypt (for now).

  * Web shell (shellinabox):
    - Completely removed in v18.0 (Webmin now has a proper interactive shell).

  * Backup (tklbam):
    - Ported dependencies to Debian Bookworm; otherwise unchanged.

  * Security hardening & improvements:
    - Generate and use new TurnKey Bookworm keys.
    - Automate (and require) default pinning for packages from Debian
      backports. Also support non-free backports.

  * IPv6 support:
    - Adminer (only on LAMP based apps) listen on IPv6.
    - Nginx/NodeJS (NodeJS based apps only) listen on IPv6.

  * Misc bugfixes & feature implementations:
    - Remove rsyslog package (systemd journal now all that's needed).
    - Include zstd compression support.
    - Enable new non-free-firmware apt repo by default.
    - Improve turnkey-artisan so that it works reliably in cron jobs (only
      Laravel based LAMP apps).

 -- Jeremy Davis <jeremy@turnkeylinux.org>  Wed, 13 Mar 2024 07:28:18 +0000

turnkey-openvpn-17.1 (1) turnkey; urgency=low

  * Updated all Debian packages to latest.
    [ autopatched by buildtasks ]

  * Patched bugfix release. Closes #1734.
    [ autopatched by buildtasks ]

 -- Jeremy Davis <jeremy@turnkeylinux.org>  Fri, 11 Nov 2022 02:00:46 +0000

turnkey-openvpn-17.0 (1) turnkey; urgency=low

  * Updated all relevant Debian packages to Bullseye/11 versions

  * Close #1522 (set timezone in inithook)

  * Close #1328 (initfence not working on aws)

  * Note: Please refer to turnkey-core's 17.0 changelog for changes common to all
    appliances. Here we only describe changes specific to this appliance.

 -- Stefan Davis <stefan@turnkeylinux.org>  Wed, 20 Jul 2022 03:01:51 +0000

turnkey-openvpn-16.1 (1) turnkey; urgency=low

  * Rebuilt against latest Debian Buster

  * Note: Please refer to turnkey-core's 16.1 changelog for changes common to all
    appliances. Here we only describe changes specific to this appliance.

 -- Stefan Davis <stefan@turnkeylinux.org>  Mon, 26 Apr 2021 17:14:11 +1000

turnkey-openvpn-16.0 (1) turnkey; urgency=low

  * Latest Debian Buster package version of OpenVPN and other components.

  * Note: Please refer to turnkey-core's changelog for changes common to all
    appliances. Here we only describe changes specific to this appliance.

 -- Stefan Davis <stefan@turnkeylinux>  Mon, 12 Oct 2020 17:50:31 +1100

turnkey-openvpn-15.2 (1) turnkey; urgency=low

  * Add Confconsole convienence scripts - closes #992.
    [ Zhenya Hvorostian ]

 -- Jeremy Davis <jeremy@turnkeylinux.org>  Fri, 22 Mar 2019 09:55:54 +1100

turnkey-openvpn-15.1 (1) turnkey; urgency=low

  * extend default_crl_days to 1095 (i.e. CRL expiry = 3 years) - closes #1291

  * Update openvpn-addclient script to current standards, include
    'remote-cert-tls server' & 'auth-nocache' - closes #1264.
    [ https://github.com/AlejandroBOFH ]

  * Refacter openvpn-addclient script to accept '--no-authcache' as an
    optional argument so 'auth-nocache' is optional rather than being forced.

 -- Jeremy Davis <jeremy@turnkeylinux.org>  Thu, 07 Feb 2019 15:32:15 +1100

turnkey-openvpn-15.0 (1) turnkey; urgency=low

  * Latest Debian Stretch package version of OpenVPN and other components.

  * Workaround EasyRSA bug  by providing symlink - see further discussion:
    https://github.com/turnkeylinux-apps/openvpn/pull/22#discussion_r221468138
    - closes #1200.
    [ Stefan Davis & Anton Pyrogovskyi ]

  * Create /dev/net/tun device when running within a container - via addition
    of openvpn-tun.service - closes #1011.
    [ Anton Pyrogovskyi & Jeremy Davis ]

  * Note: Please refer to turnkey-core's changelog for changes common to all
    appliances. Here we only describe changes specific to this appliance.

 -- Stefan Davis <stefan@turnkeylinux.org>  Mon, 24 Sep 2018 00:52:47 +1000

turnkey-openvpn-14.2 (1) turnkey; urgency=low

  * Support encrypted private key (optional).

    - Thanks to @JelteF (Jelte Fennema on GitHub) for initial PR.

  * Fix addclient private subnet problem [#772].

    - Thanks to @swamilad (on GitHub) for reporting issue & posting workaround.

  * Fix OpenVPN trademark compliance (updated readme & logo) [#774].

  * Fix /etc/cron.hourly/openvpn-profiles-delexpired cronjob [#800].

    - Thanks to @ainkinen (Antti-Jussi Inkinen on GitHub) for reporting issue &
      providing PR.

  * Installed security updates.

  * Note: Please refer to turnkey-core's changelog for changes common to all
    appliances. Here we only describe changes specific to this appliance.

 -- Jeremy Davis <jeremy@turnkeylinux.org>  Wed, 03 May 2017 10:50:18 +1000

turnkey-openvpn-14.1 (1) turnkey; urgency=low

  * Fix LigHTTPd bug in 15regen-sllcert (#512).

  * Note: Please refer to turnkey-core's changelog for changes common to all
    appliances. Here we only describe changes specific to this appliance.

 -- Jeremy Davis <jeremy@turnkeylinux.org>  Thu, 18 Feb 2016 15:19:03 +1100

turnkey-openvpn-14.0 (1) turnkey; urgency=low

  * Latest Debian Jessie package version of OpenVPN and other components.

  * Easy-RSA installed from Debian repos:

    - Now packaged separately to openVPN

  * Hardened default lighttpd SSL settings
  
  * Note: Please refer to turnkey-core's changelog for changes common to all
    appliances. Here we only describe changes specific to this appliance.

 -- Jeremy Davis <jeremy@turnkeylinux.org>  Mon, 08 Jun 2015 19:32:46 +1000

turnkey-openvpn-13.0 (1) turnkey; urgency=low

  * Initial public release of TurnKey OpenVPN.

  * OpenVPN related:

    - Inithook supporting server, gateway, client profiles (convenience).
    - Custom openvpn-addclient script generating client profile (convenience).
    - Expiring obfuscated profile download urls with QR code (convenience, security).
    - Supports SSL/TLS certificates for auth and key exchange (security).
    - Configured to drop privilages (security).
    - Configured to run in chroot jail dedicated to CRL (security).
    - Configured to use TLS-Auth HMAC verification (security).

  * Note: Please refer to turnkey-core's changelog for changes common to all
    appliances. Here we only describe changes specific to this appliance.

 -- Alon Swartz <alon@turnkeylinux.org>  Wed, 28 Aug 2013 17:58:06 +0300

