Re: [Openvpn-devel] GUI repo

Hi, On Sun, Feb 07, 2016 at 03:25:51PM -0500, Selva Nair wrote: > So the idea is to keep the current manifest in the GUI distributed with > 2.3 and remove the HigestAvailable from that to be distributed with 2.4. > This change is also required to let admin users (with UAC) use interactive > servi

Re: [Openvpn-devel] GUI repo

Hi, On Mon, Feb 08, 2016 at 01:12:37AM +0500, ?? wrote: > there's still "Start OpenVPN directly" > > https://github.com/OpenVPN/openvpn-gui/blob/master/openvpn.c#L724 > > in such case admin rights are still required for routes manipulation. In this case, it would just not w

Re: [Openvpn-devel] GUI repo

as far as I understand it is up to user whether to install openvpn as a service or not. if openvpn is not installed as a service, highest priv is required, right? 2016-02-08 1:29 GMT+05:00 Selva Nair : > Hi, > > On Sun, Feb 7, 2016 at 3:12 PM, Илья Шипицин wrote: > >> there's still "Start OpenVP

Re: [Openvpn-devel] GUI repo

Hi, On Sun, Feb 7, 2016 at 3:12 PM, Илья Шипицин wrote: > there's still "Start OpenVPN directly" > > https://github.com/OpenVPN/openvpn-gui/b, lob/master/openvpn.c#L724 > > > in such case admin rights are still required for rout

Re: [Openvpn-devel] GUI repo

Hi, On Sun, Feb 7, 2016 at 11:00 AM, Илья Шипицин wrote: > if you mean interactive service, keep in mind that people sometimes start > openvpn as a child of openvpn-gui, not as a service Requiring HighestAvailable was an interim solution until interactive service becomes available. Users who

[Openvpn-devel] [PATCH] Report Windows bitness

Trac #599 Signed-off-by: Lev Stipakov --- src/openvpn/win32.c | 16 1 file changed, 16 insertions(+) diff --git a/src/openvpn/win32.c b/src/openvpn/win32.c index 6c6ac4c..5702304 100644 --- a/src/openvpn/win32.c +++ b/src/openvpn/win32.c @@ -1323,6 +1323,20 @@ win32_version_inf

Re: [Openvpn-devel] [PATCH] Fix misleading socket error code on Windows

Hi. I've made some mistakes on my previous message. I should have been more patient. After further investigation, I realized that ETIMEDOUT is defined in several header files: #define ETIMEDOUT WSAETIMEDOUT - WinSock2.h #define ETIMEDOUT 138 - winsock.h #define ETIMEDOUT WSAETIMEDOUT - winerror.h

Re: [Openvpn-devel] GUI repo

there's still "Start OpenVPN directly" https://github.com/OpenVPN/openvpn-gui/blob/master/openvpn.c#L724 in such case admin rights are still required for routes manipulation. maybe we should release two installers (or make a checkbox in installer?) 1) regular mode (with highest priv manifest)

[Openvpn-devel] [PATCH 08/10] Add AEAD cipher support (GCM)

Add Authenticated Encryption with Additional Data (AEAD) support for ciphers, which obviates the need for a separate HMAC step. The MAC is integrated into the cipher and the MAC tag is prepended to the payload. This patch is inspired by the patch originally submitted by Kenny Root on the openvpn-

[Openvpn-devel] [PATCH 10/10] Add preliminary server-side support for negotiable crypto parameters

Add preliminary support for Negotiable Crypto Parameters 'level 2' (IV_NCP=2), as proposed by James Yonan on the openvpn-devel mailinglist: http://comments.gmane.org/gmane.network.openvpn.devel/9385 This patch: * Makes the server advertise "IV_NCP=2", if --push-peer-info 2 is enabled. * Pushes a

[Openvpn-devel] [PATCH 09/10] Add cipher name translation for OpenSSL.

This keeps naming consistent. For example, instead of id-aes128-GCM use AES-128-GCM, which is more like AES-128-CBC. Signed-off-by: Steffan Karger --- src/openvpn/crypto.c | 40 +++- src/openvpn/crypto_backend.h | 30 ++ s

[Openvpn-devel] [PATCH 07/10] Create separate function for replay check

In preparation for AEAD cipher modes, which will need the same functionality. Should not change any behaviour. Signed-off-by: Steffan Karger --- src/openvpn/crypto.c | 52 +--- 1 file changed, 37 insertions(+), 15 deletions(-) diff --git a/src/op

[Openvpn-devel] [PATCH 06/10] Change openvpn_encrypt() to append to work buffer only

Preparation for AEAD cipher modes, which also have to authenticate the opcode and peer-id of packets. To supply that information to openvpn_encrypt(), I want to simply write those to the work buffer before calling openvpn_encrypt(). That however requires that openvpn_encrypt() never prepends some

[Openvpn-devel] [PATCH 05/10] Move packet_id into crypto_options

Decouples struct key_state and struct crypto_options. No longer updating self-referential pointers! Signed-off-by: Steffan Karger --- src/openvpn/crypto.c | 45 - src/openvpn/crypto.h | 10 -- src/openvpn/init.c | 11 +--

[Openvpn-devel] [PATCH 03/10] Move crypto_options into key_state and stop using context in SSL-mode.

Moving crypto_options into key_state enables us to stop using the global context for each packet encrypt/decrypt operation. Decoupling the crypto from the global context removes the need to copy the relevant parts of crypto_options for each processed packet, but instead enables us to just pass alon

[Openvpn-devel] [PATCH 04/10] Move key_ctx_bi into crypto_options

The encrypt and decrypt routines use struct crypto_options as their main information source. A struct crypto_options would have a pointer to a struct key_ctx_bi, which had to be updated at the correct moments to keep them correct. Instead of doing this administration, just put the struct key_ctx_

[Openvpn-devel] [PATCH 02/10] Remove reuse of key_type during init of data channel auth and tls-auth

Prepare for using AEAD cipher modes + tls-auth, as tls-auth might want to use an HMAC, while the data channel uses e.g. GCM tags. This separates the two initialisations. Also, error out (and give a clear error message) if a user specifies tls-auth but no valid auth algorithm, which makes no sense

[Openvpn-devel] [PATCH 01/10] Allow NULL argument in cipher_ctx_get_cipher_kt()

Since otherwise we'll have to perform the check before each call. Signed-off-by: Steffan Karger --- src/openvpn/crypto_backend.h | 8 src/openvpn/crypto_openssl.c | 2 +- src/openvpn/crypto_polarssl.c | 4 +--- 3 files changed, 6 insertions(+), 8 deletions(-) diff --git a/src/openvpn

[Openvpn-devel] [PATCH] Add support for AEAD (GCM) cipher mode

Hi, These patches add support for GCM mode ciphers to OpenVPN. These are originally inspired by the patch from kruton (trac #301, and http://thread.gmane.org/gmane.network.openvpn.devel/7653), but most of the original code has been rewritten. As discussed in various IRC meetings and at the hacka

Re: [Openvpn-devel] GUI repo

Hi, On Sun, Feb 07, 2016 at 09:00:28PM +0500, ?? wrote: > if you mean interactive service, keep in mind that people sometimes start > openvpn as a child of openvpn-gui, not as a service Interactive Service is running openvpn.exe under control of openvpn-gui, and you won't not

[Openvpn-devel] Fwd: [PATCH] Fix misleading socket error code on Windows

Hi. First of all, this is my first contribution ever to an open source project. I hope I'm doing this right. After installing OpenVPN 2.3.10 on my Windows computer and trying to connect to a VPN server, I was getting this error message: TCP: connect to [AF_INET]x.x.x.x:80 failed, will try again i

Re: [Openvpn-devel] GUI repo

if you mean interactive service, keep in mind that people sometimes start openvpn as a child of openvpn-gui, not as a service воскресенье, 7 февраля 2016 г. пользователь Selva Nair написал: > Hi, > > We can now remove the HighestAvailable privilege request in GUI, but have > to keep it in the 2.3

[Openvpn-devel] GUI repo

Hi, We can now remove the HighestAvailable privilege request in GUI, but have to keep it in the 2.3.x windows installer which doesn't have iservice. So it may be useful to make a release branch in the GUI repo. Thanks, Selva