Re: [Openvpn-devel] [PATCH v5-master] Add Windows DNS Leak fix using WFP ('block-outside-dns')

I **hope** I get it right this time. On 29.11.2015 02:32, Arne Schwabe wrote: > Am 28.11.15 um 18:25 schrieb Selva Nair: > I am also voting on fatal error if the option is unknown. You can always > use setenv opt block-outside-dns or use ignore-unknown-option if you do > not want it to fail. > > A

[Openvpn-devel] [PATCH v7-2.3] Add Windows DNS Leak fix using WFP ('block-outside-dns')

This option blocks all out-of-tunnel communication on TCP/UDP port 53 (except for OpenVPN itself), preventing DNS Leaks on Windows 8.1 and 10. --- doc/openvpn.8 | 12 ++- src/openvpn/init.c | 17 src/openvpn/openvpn.vcxproj | 0 src/openvpn/options.c | 14 +++

[Openvpn-devel] [PATCH v7-master] Add Windows DNS Leak fix using WFP ('block-outside-dns')

This option blocks all out-of-tunnel communication on TCP/UDP port 53 (except for OpenVPN itself), preventing DNS Leaks on Windows 8.1 and 10. --- doc/openvpn.8 | 12 ++- src/openvpn/Makefile.am | 2 +- src/openvpn/init.c | 17 src/openvpn/openvpn.vcxproj | 4

Re: [Openvpn-devel] [PATCH] Also remove second Instanz von enable-password-save in the manage

I wanna be out of this please NO MORE MESSAGES Envoyé de mon iPhone > Le 29 nov. 2015 à 15:30, Selva Nair a écrit : > > >> On Sun, Nov 29, 2015 at 2:38 PM, Arne Schwabe wrote: >> --- >> doc/openvpn.8 | 5 + >> 1 file changed, 1 insertion(+), 4 deletions(-) >> >> diff --git a/doc/o

[Openvpn-devel] [PATCH applied] Re: Also remove second Instanz von enable-password-save in the manage

Your patch has been applied to the master and release/2.3 branch. commit 80442aeed408f26700ea7570ced2409e7dd3e98b (master) commit 0a9f866f78b5287e9996978898ccf213afd6b8d2 (release/2.3) Author: Arne Schwabe List-Post: openvpn-devel@lists.sourceforge.net Date: Sun Nov 29 20:38:21 2015 +0100

Re: [Openvpn-devel] [PATCH] Also remove second Instanz von enable-password-save in the manage

On Sun, Nov 29, 2015 at 2:38 PM, Arne Schwabe wrote: > --- > doc/openvpn.8 | 5 + > 1 file changed, 1 insertion(+), 4 deletions(-) > > diff --git a/doc/openvpn.8 b/doc/openvpn.8 > index 3519e7d..1b9dcae 100644 > --- a/doc/openvpn.8 > +++ b/doc/openvpn.8 > @@ -4886,10 +4886,7 @@ is specified,

[Openvpn-devel] [PATCH] Also remove second Instanz von enable-password-save in the manage

--- doc/openvpn.8 | 5 + 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/doc/openvpn.8 b/doc/openvpn.8 index 3519e7d..1b9dcae 100644 --- a/doc/openvpn.8 +++ b/doc/openvpn.8 @@ -4886,10 +4886,7 @@ is specified, read the password from the first line of .B file. Keep in mind that s

Re: [Openvpn-devel] [PATCH] Reflect enable-password-save change in documentation

Am 29.11.15 um 20:29 schrieb Selva Nair: > Hi, > > On Sun, Nov 29, 2015 at 2:23 PM, Arne Schwabe > wrote: > > > Hm but the paragraph of --askpass is not related to > --enable-password-save, or do I miss something? > > > please see starting line 4886 of openvpn

Re: [Openvpn-devel] [PATCH] Reflect enable-password-save change in documentation

Hi, On Sun, Nov 29, 2015 at 2:23 PM, Arne Schwabe wrote: > > Hm but the paragraph of --askpass is not related to > --enable-password-save, or do I miss something? please see starting line 4886 of openvpn.8 quoted below: If .B file is specified, read the password from the first line of .B file

[Openvpn-devel] [PATCH applied] Re: Reflect enable-password-save change in documentation

ACK, thanks. Your patch has been applied to the master and release/2.3 branch. Changes.rst did not exist in that branch yet, so git decided to copy over the whole Changes.rst file from 2.4 :-) - adapted to 2.3.x (not complete yet) commit 1e9c1f09cba95ebf72083c746cf847056a61c761 (master) commit f

Re: [Openvpn-devel] [PATCH] Reflect enable-password-save change in documentation

Am 29.11.15 um 20:09 schrieb Selva Nair: > Hi, > > On Sun, Nov 29, 2015 at 1:52 PM, Arne Schwabe > wrote: > > --- a/doc/openvpn.8 > +++ b/doc/openvpn.8 > @@ -3800,10 +3800,7 @@ over the client's routing table. > Authenticate with server using username/pa

Re: [Openvpn-devel] [PATCH] Reflect enable-password-save change in documentation

Hi, On Sun, Nov 29, 2015 at 1:52 PM, Arne Schwabe wrote: > --- a/doc/openvpn.8 > +++ b/doc/openvpn.8 > @@ -3800,10 +3800,7 @@ over the client's routing table. > Authenticate with server using username/password. > .B up > is a file containing username/password on 2 lines. If the > -password li

[Openvpn-devel] [PATCH] Reflect enable-password-save change in documentation

--- Changes.rst | 3 +++ doc/openvpn.8 | 5 + 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Changes.rst b/Changes.rst index a791ca3..c2142fa 100644 --- a/Changes.rst +++ b/Changes.rst @@ -72,3 +72,6 @@ User-visible Changes - proto udp6/tcp6 in server mode will now try to al

Re: [Openvpn-devel] [PATCH] Remove --enable-password-save option

Hi, On Sun, Nov 29, 2015 at 10:52:37AM -0500, Jonathan K. Bullard wrote: > But please update the man page, too; it references > "--enable-password-save". (Then again, the man page doesn't mention > allowing username-only files, so it is already inaccurate. Good point. I'll see to that "ASAP". g

[Openvpn-devel] [PATCH applied] Re: Remove --enable-password-save option

ACK - we agreed to do this 2014 in Munich, but nobody submitted a patch yet... Your patch has been applied to the master and release/2.3 branch. commit 9ffd00e7541d83571b9eec087c6b3545ff68441f (master) commit 747ae0c49d813434a70953ea05f58953d7da11c0 (release/2.3) Author: Arne Schwabe List-Post:

Re: [Openvpn-devel] [PATCH] Remove --enable-password-save option

Hi. On Sun, Nov 29, 2015 at 9:55 AM, Arne Schwabe wrote: > This options is enabled in virtually all distributions and gives no real > security benefit. > --- > configure.ac | 8 > src/openvpn/misc.c | 8 > src/openvpn/misc.h | 2 +- > src/openvpn/ssl.c | 8 > 4

[Openvpn-devel] [PATCH] Remove --enable-password-save option

This options is enabled in virtually all distributions and gives no real security benefit. --- configure.ac | 8 src/openvpn/misc.c | 8 src/openvpn/misc.h | 2 +- src/openvpn/ssl.c | 8 4 files changed, 5 insertions(+), 21 deletions(-) diff --git a/configure.ac

[Openvpn-devel] [PATCH applied] Re: put virtual IPv6 addresses into env

ACK, thanks. Your patch has been applied to the master and release/2.3 branch. commit a8f8b9267183c3cfc065f344d61effe6c55c3da6 (master) commit 0369e57d0380d6a3ec3bc493df535fa90dc97e78 (release/2.3) Author: Heiko Hund List-Post: openvpn-devel@lists.sourceforge.net Date: Wed Nov 25 17:46:49 2015

Re: [Openvpn-devel] [PATCH v4-master] Add Windows DNS Leak fix using WFP ('block-outside-dns')

Hi, On Wed, Nov 25, 2015 at 08:52:09AM -0800, Fish Wang wrote: > Just a small suggestion: I think the following will work: > > - Check the version of the current operating system. > - Dynamically loading related DLLs (in this case, should be WFP-related > libraries) using LoadLibrary() only if Op

[Openvpn-devel] [PATCH applied] Re: Unbreak read username password from management

ACK. This looks reasonable, and I've tested the use cases I can easily test here ("all from stdin", "username from file, pass from stdin", "both from file"). Sorry for causing you pain in your VPN setups - and thanks for taking care of this. Your patch has been applied to the master and release

[Openvpn-devel] [PATCH applied] Re: Support duplicate x509 field values in environment

ACK on the changes v1->v2, keeping Selva's ACK for v1. Your patch has been applied to the master branch. commit 13b585e8a4c6f9681ff23bc7fb0af71ce9d0162f Author: Steffan Karger List-Post: openvpn-devel@lists.sourceforge.net Date: Sun Nov 29 10:39:24 2015 +0100 Support duplicate x509 field

[Openvpn-devel] [PATCH applied] Re: Fix openssl builds with custom-built library: specify most-dependent first

Your patch has been applied to the master branch (with some massaging as the context has the aead_modes stuff in your tree...). commit 09f2670ce27158f81b4983c06f63870a5188d4aa Author: Steffan Karger List-Post: openvpn-devel@lists.sourceforge.net Date: Sat Nov 28 23:48:01 2015 +0100 Fix ope

[Openvpn-devel] [PATCH applied] Re: Un-break compilation on *BSD

Thanks for review. Patch has been applied to the master branch. commit 4a82a9ac0bef6db58858a42b4dc500ae9e09682d (master) Author: Gert Doering List-Post: openvpn-devel@lists.sourceforge.net Date: Sat Nov 28 20:58:37 2015 +0100 Un-break compilation on *BSD Signed-off-by: Gert Doering

Re: [Openvpn-devel] [PATCH] Un-break compilation on *BSD

Am 28.11.15 um 20:58 schrieb Gert Doering: > Commit 2191c47165 introduced code to handle IP address query on > multihoming hosts for IP_PKTINFO-supporting OSes, but all the BSDs > need the "#elsif IP_RECVDSTADDR" variant... add code equivalent > to what we have in socket.c/print_link_socket_actual_

Re: [Openvpn-devel] [PATCH] Fix openssl builds with custom-built library: specify most-dependent first

Am 28.11.15 um 23:48 schrieb Steffan Karger: > Libraries should be specified from left-to-right as most-dependent to > least-dependent. Thus, -lssl comes first, then -lcrypto. > > (This does not fail when pkg-config finds your libraries for you, since > we tell it '-lssl needs -lcrypto' and we th

Re: [Openvpn-devel] [PATCH] Support duplicate x509 field values in environment

Hi, On Sun, Nov 29, 2015 at 6:29 AM, Selva Nair wrote: > A useful change and clean code. A couple of places could benefit from const > qualifiers, though You're absolutely right. Thanks. Attached a v2 patch that adds the suggested const qualifiers. Now that I was looking at my own code again,

Re: [Openvpn-devel] [PATCH] Support duplicate x509 field values in environment

Hi, On Sat, Nov 28, 2015 at 5:03 AM, Steffan Karger wrote: > As reported in trac #387, an x509 DN can contain duplicate fields. > Previously, we would overwrite any previous field value with a new one if > we would process a second same-name field. Now, instead, append _$N, > starting at N=1 to