[Openvpn-devel] possible socks authentication issue?

Someone on the Tor lists is claiming that OpenVPN isn't implementing SOCKSv5 authentication correctly: https://lists.torproject.org/pipermail/tor-dev/2014-March/006427.html Any ideas? James

Re: [Openvpn-devel] [PATCH] Improve error reporting on file access to --client-config-dir and --ccd-exclusive

Hi, On 16-04-14 17:43, dav...@redhat.com wrote: > When a client connects, the test_file() function is used to check if a client > config file has been prepared. And if not, it continues without trying to > read > it. So, if the privileges of the running OpenVPN process is not allowed to > open

[Openvpn-devel] [PATCH] Improve error reporting on file access to --client-config-dir and --ccd-exclusive

From: David Sommerseth OpenVPN will do some simple sanity checking at startup to ensure the expected files and directories is in place. However, with --client-config-dir and --ccd-exclusive, things are slightly different. In both cases it is perfectly fine that files does not exists, and we can

Re: [Openvpn-devel] RFD: ssl library version numbers

Hi, On Tue, Apr 15, 2014 at 09:42:39AM +0200, Gert Doering wrote: > Different approach: > > char * > get_ssl_library_version(void) > { > static char polar_version[30]; > unsigned int pv = version_get_number(); > sprintf( polar_version, "PolarSSL %d.%d.%d", > (pv>>24)&0

Re: [Openvpn-devel] Fixes for HTTP proxy authentication with NTLM

Hello, Am 16.04.2014 15:56, schrieb Gert Doering: Hi, On Wed, Apr 16, 2014 at 12:48:35PM +0200, Holger Kummert wrote: Any opinions? First of all, a big thank you for taking this on :-) - there have been you're welcome! a couple of bugs in our trac related to NTLM, but since none of the

[Openvpn-devel] [PATCH] Keying Material Exporter [RFC 5705]

TLS keying material exporters allow additional keying material to be derived from existing TLS channel. This exported keying material can then be used for a variety of purposes. - Changes in the patch are made on to of crypto layer and that's reason why they should work for both crypto backends (o

Re: [Openvpn-devel] Fixes for HTTP proxy authentication with NTLM

Hi, On Wed, Apr 16, 2014 at 12:48:35PM +0200, Holger Kummert wrote: > Any opinions? First of all, a big thank you for taking this on :-) - there have been a couple of bugs in our trac related to NTLM, but since none of the developers really understand NTLM auth or have means to test it, nothing e

[Openvpn-devel] [PATCH 2/2] http-proxy: Separate settings for user interaction and authentication auto-behavior

User interaction is set with 'stdin' (one try) and 'interact' (repeated tries) Authentication 'auto' and 'auto-nct' examine auth request from server. If NTLM is requested, NTLMv2 is tried first. Only on failure NTLMv1 is tried with no additional user interaction. The other modes remain at one roun

[Openvpn-devel] [PATCH 1/2] Get NTLMv1 and NTLMv2 up and running

* Force conversion to UTF-16 of username and domain if server requires UTF-16. * Rewrite conversion function to cleanly convert UTF-8 to UTF-16. * Fix bug in length computation in NTLMv2-code. * Architecture independent access to NTLM NegotiateFlags. Signed-off-by: Holger Kummert --- src/openvpn

[Openvpn-devel] Fixes for HTTP proxy authentication with NTLM

Hello, one of our customers reported that the NTLM authentication of OpenVPN doesn't work. I checked that and found that both NTLM versions didn't work against a Win2008 server. The configuration seemed a bit confusing because an 'auth-method' could only be set if an 'authfile' was given (ok, 's