On 07/03/12 07:55, Alon Bar-Lev wrote:
> 1. Multi user computer - we need to make sure one user cannot use
> another user credentials and not effect the other users. With changes
> I suggested there is full solution for this.
Is that really a risk worth solving? I mean, does *anyone*, *anywhere*
a
On Tue, Mar 6, 2012 at 8:41 PM, David Sommerseth
wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 06/03/12 19:26, Alon Bar-Lev wrote:
>> On Tue, Mar 6, 2012 at 7:42 PM, Russell Morris
>> wrote:
>>> Hi,
>>>
>>>
>>>
>>> That makes sense - thanks! I'm not a security expert by any mean
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 06/03/12 19:26, Alon Bar-Lev wrote:
> On Tue, Mar 6, 2012 at 7:42 PM, Russell Morris
> wrote:
>> Hi,
>>
>>
>>
>> That makes sense - thanks! I'm not a security expert by any means,
>> so the thread lost me when it diverged into this area ... :-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 06/03/12 18:42, Russell Morris wrote:
> Hi,
>
>
>
> That makes sense - thanks! I'm not a security expert by any means, so
> the thread lost me when it diverged into this area ... :-(.
>
>
>
> At the risk of asking a stupid question (but that i
On Tue, Mar 6, 2012 at 7:42 PM, Russell Morris wrote:
> Hi,
>
>
>
> That makes sense - thanks! I'm not a security expert by any means, so the
> thread lost me when it diverged into this area ... :-(.
>
>
>
> At the risk of asking a stupid question (but that is my specialty ... :-)) -
> is there a
Hi,
That makes sense - thanks! I'm not a security expert by any means, so the
thread lost me when it diverged into this area ... :-(.
At the risk of asking a stupid question (but that is my specialty ... :-)) - is
there a conclusion of how to deal with this?
Thanks again,
... Russell
This exactly what we discuss at the privilege separation thread...
Currently to change configuration you need to start a process.
2012/3/6 Russell Morris :
> Hi,
>
>
>
> Taking off from the thread below - is it possible in Windows to start
> openvpn, but only as a sort of local server (for lack of
Hi,
Taking off from the thread below - is it possible in Windows to start openvpn,
but only as a sort of local server (for lack of a better term)? I would like to
start it up, and then be able to initiate connections, tear them down, change
proxy, etc. - all via the mangement interface.
Forgot to mention...
I've updated the wiki page[1] Samuli started...
[1] https://community.openvpn.net/openvpn/wiki/BuildingUsingGenericBuildsystem
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 06/03/12 12:13, Alon Bar-Lev wrote:
> Not exactly. This file is needed for VERY old libc implementations. I
> don't think these exists anymore in supported configurations. If we
> find memcmp() is missing, we add it properly to compat.
Agreed, and
There goes all the sweat and tears I poured onto that buildsystem :).
I say let it burn. ACK.
Samuli
> It will be completely re-written in future
>
> Signed-off-by: Alon Bar-Lev
> ---
> Makefile.am|8 +-
> doclean| 73 -
> domake-win | 138
Not exactly.
This file is needed for VERY old libc implementations.
I don't think these exists anymore in supported configurations.
If we find memcmp() is missing, we add it properly to compat.
2012/3/6 Samuli Seppänen :
>
>> Signed-off-by: Alon Bar-Lev
>> ---
>> configure.ac | 3 ---
>> memc
2012/3/6 Samuli Seppänen :
> Just wondering... why not move sample.ovpn to "sample-config-files"
> directory?
Because I did not want to change the sample-config-files... This was
windows specific so I left it windows specific.
If you want reorder of example, I will be happy to do any other way.
2012/3/6 Samuli Seppänen :
> Although this commenting style has been valid in C since C99 (year
> 2000), the actual C99 implementations seem to be incomplete[2]. So, just
> to be on the safe side, I'll give this one an ACK.
As long as we need to support old machines, we need to support C89.
There
On Tue, Mar 6, 2012 at 12:34 PM, michael-dev wrote:
> Hi,
>
> just to give you feedback that your thread is actually followed.
This is great!
> I believe the different types of configuration are good and correct and
> that a good threat analysis is a basic step to proper security, though I
> can
As tap-win32 is being moved to a separate subproject, this makes sense.
ACK.
--
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc
irc freenode net: mattock
> Introduce tap-windows.h which is modified tap-win32/common.h.
> Except of function rename, it is the same without the tap_id.
As is said on tap-win32/common.h and in many other places:
"TAP-Win32/TAP-Win64 -- A kernel driver to provide virtual tap device
functionality on Windows."
So, it's not 32-bit only. Thus converting "tap-win32" into "tap-win" makes
sense.
ACK.
--
Samuli Seppänen
Community Manager
OpenVPN Tech
The "install-win32" directory is obsolete, and will be even more so with
this new buildsystem.
ACK.
--
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc
irc freenode net: mattock
> Signed-off-by: Alon Bar-Lev
> ---
> Makefile.am|5 +-
> configure.ac
Moving easy-rsa into a separate subproject, so this makes sense.
ACK.
--
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc
irc freenode net: mattock
> Signed-off-by: Alon Bar-Lev
> ---
> Makefile.am|1 -
> easy-rsa/1.0/README
Il 29.02.2012 22:11, Alon Bar-Lev ha scritto:
> Signed-off-by: Alon Bar-Lev
> ---
> install-win32/sample.ovpn | 103
>
> sample-windows/sample.ovpn | 103
>
> 2 files changed, 103 insertions(+), 103 del
> Signed-off-by: Alon Bar-Lev
> ---
> .gitignore |1 +
> 1 files changed, 1 insertions(+), 0 deletions(-)
>
> diff --git a/.gitignore b/.gitignore
> index 3d12f5d..8cc07de 100644
> --- a/.gitignore
> +++ b/.gitignore
> @@ -5,6 +5,7 @@
> *.obj
> *.pyc
> *.so
> +*~
> .deps
> Makefile
> M
Il 29.02.2012 22:11, Alon Bar-Lev ha scritto:
> Signed-off-by: Alon Bar-Lev
> ---
> configure.ac|2 +-
> syshead.h |4
> win/msvc.mak.in |2 +-
> 3 files changed, 2 insertions(+), 6 deletions(-)
>
> diff --git a/configure.ac b/configure.ac
> index 1c4d66c..aa1d509 10064
Hi,
just to give you feedback that your thread is actually followed.
I believe the different types of configuration are good and correct and
that a good threat analysis is a basic step to proper security, though I
cannot say much about the isolation tricks on Windows. The important
think is, a
> Signed-off-by: Alon Bar-Lev
> ---
> configure.ac |3 ---
> memcmp.c | 43 ---
> 2 files changed, 0 insertions(+), 46 deletions(-)
> delete mode 100644 memcmp.c
>
> diff --git a/configure.ac b/configure.ac
> index 25dcc37..1c4d66c 100644
> ---
> Signed-off-by: Alon Bar-Lev
> ---
> tun.c |2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/tun.c b/tun.c
> index c92c0d7..81b66fb 100644
> --- a/tun.c
> +++ b/tun.c
> @@ -4492,7 +4492,7 @@ dhcp_masq_addr (const in_addr_t local, const in_addr_t
> netmask, const in
> autoconf rejecting this anyway:
> ---
> AC_MSG_CHECKING([that OpenSSL Library is at least version 0.9.6])
>
> AC_MSG_ERROR([OpenSSL crypto Library is too old.])
> ---
>
> Signed-off-by: Alon Bar-Lev
> ---
> crypto_openssl.c | 49 -
> 1 files c
> Signed-off-by: Alon Bar-Lev
> ---
> misc.h |2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/misc.h b/misc.h
> index bdada42..dd6bd5a 100644
> --- a/misc.h
> +++ b/misc.h
> @@ -145,7 +145,7 @@ openvpn_run_script (const struct argv *a, const struct
> env_set *es, c
> Signed-off-by: Alon Bar-Lev
> ---
> httpdigest.c |4 ++--
> init.c |2 +-
> misc.c |6 +++---
> options.c |4 ++--
> socket.c |4 ++--
> ssl_polarssl.c |6 --
> 6 files changed, 14 insertions(+), 12 deletions(-)
>
> diff --git a/httpdige
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 06/03/12 10:53, Samuli Seppänen wrote:
>
>> Signed-off-by: Alon Bar-Lev ---
>> openvpn.spec.in |1 - 1 files changed, 0 insertions(+), 1
>> deletions(-)
>>
>> diff --git a/openvpn.spec.in b/openvpn.spec.in index
>> c5178e9..c42e7c6 100644 ---
> Signed-off-by: Alon Bar-Lev
> ---
> openvpn.spec.in |1 -
> 1 files changed, 0 insertions(+), 1 deletions(-)
>
> diff --git a/openvpn.spec.in b/openvpn.spec.in
> index c5178e9..c42e7c6 100644
> --- a/openvpn.spec.in
> +++ b/openvpn.spec.in
> @@ -101,7 +101,6 @@ and portability to most majo
30 matches
Mail list logo
