Update OpenVPN 2.5.3. Turning off Opera VPN and VYPRVPN in Russian Federation

Prepared Corrective release OpenVPN 2.5. 3 , a package for creating virtual private networks, which allows you to organize an encrypted connection between two client machines or ensure the operation of a centralized VPN server for the simultaneous operation of several clients. OpenVPN code distributed under the GPLv2 license, ready-made binary packages are formed for debian, ubuntu, centos, rhel and windows.

in new version Eliminated Vulnerability ( CVE-2021-3606 ), manifested only in an assembly for the Windows platform. Vulnerability allows you to organize the download of OpenSSL configuration files from third-party directories available on the entry, to change the encryption settings. In the new version, the OpenSSL configuration files are completely disabled.

From non-security changes. Adding the “–auth-token-user” option (Analog “–Auth-token”, but without the use of “–auth-user-pass”), improve the build process for Windows , Improving the support of the library MBEDTLS and Update copyright notes in code (cosmetic changes).

Additionally, you can note Disconnection Opera’s company VPN for Russian users at the request of Roskomnadzor. At the moment, the VPN functionality has ceased to operate in Beta and Developer versions of the browser. Roskomnadzor argues that restrictions are necessary for “response to threats to circumvent access to children’s pornography, suicidal, procricted and other prohibited content.” In addition to Opera VPN, the lock is also applied to the service vyprvpn .

Earlier, Roskomnadzor sent a warning of 10 VPN services with the requirement “Connections to the State Information System (FGIS)” to block access to resources prohibited in the Russian Federation, Opera VPN and VYPRVPN were among them. 9 of 10 services requirement ignored or refused to cooperate with Roskomnadzor ( nordvpn , Hide My Ass! , Hola VPN, OpenVPN , vyprvpn , ExpressVPN, TORGUARD , Ipvanish

/Media reports.