Log Message:
openvpn: updated to 2.6.2

Overview of changes in 2.6.2

New features

implement byte counter statistics for DCO Linux (p2mp server and client)
implement byte counter statistics for DCO Windows (client only)
'--dns server <n> address ...' now permits up to 8 v4 or v6 addresses
fix a few cases of possibly undefined behaviour detected by ASAN
add more unit tests for Windows cryptoapi interface

Bug fixes

sending of AUTH_PENDING and INFO_PRE messages fixed
Windows: do not treat "setting IPv6 interface metric failed" as fatal \ 
error on "block-dns" install - this can happen if IPv6 is disabled on \ 
the interface and is not harmful in itself
fix '--inactive' if DCO is in use NOTE: on FreeBSD, this is not working yet \ 
(missing per-peer stats)
DCO-Linux: do not print errno on netlink errors (errno is not set by NL)
SOCKS client: improve error reporting on server disconnects
DCO-Linux: fix lockups due to netlink buffer overflows on high client \ 
connect/disconnect activity. See "User visible changes" for more \ 
details of this.
fix some uses of the OpenSSL3 API for non-default providers (enable use of \ 
quantum-crypto OpenSSL provider)
fix memory leak of approx. 1600 bytes per incoming initial TLS packet
fix bug when using ECDSA signatures with OpenSSL 3.0.x and pkcs11-helper (data \ 
format conversion was not done properly)
fix 'make distcheck' - unexpected side effect of 'subdir-objects'
fix ASSERT() with dynamic tls-crypt and --tls-crypt-v2

User visible changes

print (kernel) DCO version on startup - helpful for getting a more complete \ 
picture of the environment in use.
New control packets flow for data channel offloading on Linux. 2.6.2+ changes \ 
the way OpenVPN control packets are handled on Linux when DCO is active, fixing \ 
the lockups observed with 2.6.0/2.6.1 under high client connect/disconnect \ 
activity. This is an INCOMPATIBLE change and therefore an ovpn-dco kernel module \ 
older than v0.2.20230323 (commit ID 726fdfe0fa21) will not work anymore and must \ 
be upgraded. The kernel module was renamed to "ovpn-dco-v2.ko" in \ 
order to highlight this change and ensure that users and userspace software \ 
could easily understand which version is loaded. Attempting to use the old \ 
ovpn-dco with 2.6.2+ will lead to disabling DCO at runtime.
The client-pending-auth management command now requires also the key id. The \ 
management version has been changed to 5 to indicate this change.
A client will now refuse a connection if pushed compression settings will \ 
contradict the setting of allow-compression as this almost always results in a \ 
non-working connection.