0.4.5

Version bump

0.4.4

Better metrics gathering using prometheus

0.4.3: Merge pull request #53 from bekriebel/master

Version bumps:

• alpine 3.7
• openvpn 2.4.4

0.4.2: Start pinning openvpn versions & upgrade to openvpn 2.4.3

Security release upgrading openvpn to 2.4.3, which patches bugs found by Guido Vranken (https://guidovranken.wordpress.com/2017/06/21/the-openvpn-post-audit-bug-bonanza/)

CVE-2017-7508 Remotely-triggerable ASSERT() on malformed IPv6 packet
CVE-2017-7520 Pre-authentication remote crash/information disclosure
CVE-2017-7521 Remote-triggerable memory leaks / potential double-free
CVE-2017-7522 Post-authentication remote DoS with --x509-track

kube-openvpn 0.4.0

• based on alpine linux 3.6
• openvpn 2.4

kube-openvpn 0.3.2

• Add OVPN_MANAGEMENT_PORT for dynamic reconfiguration
• Add OVPN_STATUS for printing connection status info
• Minor fixes

Thanks @saadi and @deimosfr for your contributions.

kube-openvpn 0.3.1

Features:

• enable adding arbitrary routes through $OVPN_ROUTES. Properly fixes #37

Fixes:

• Properly push block-outside-dns option (#27, thanks @ajohnstone)

Other:

• Rename openvpn-ingress service to plain openvpn (#34)
• Slightly improved docs

kube-openvpn 0.3.0

Notable changes:

• Alpine Linux 3.5
• OpenVPN 2.3.14
• LibreSSL 2.4.4
• OpenSSL 1.0.2j-r2 (only used for easyrsa)
• Secure default cipher suites (protection against SWEET32 birthday attack)

Upgrade note:
If your clients are not yet using OpenVPN 2.4, make sure they set cipher AES-256-CBC in their openvpn configuration. Newly generated client bundles will automatically have this option set.

kube-openvpn 0.2.4

Features:

• Support for 2nd factor OTP logins (eg google authenticator)
• Multiple settings for routing default gateway traffic

Fix:

• Better (optional) loading of CRL
• Some fixes to deployment strategy (thanks @ajohnstone)

Docs:

• FAQ
• Supported ENV variables
• Route back to client example

kube-openvpn 0.2.3

Fixed iptables bug introduced bug in 34ee22b