Re: [Openvpn-devel] [PATCH v4 3/3] Implement tls-groups option to specify eliptic curves/groups

Hi, on my GitLab CI build test, the compilation failed with the following message, while compiling against openssl-1.1: /usr/bin/ld: ssl_openssl.o: in function `tls_ctx_set_tls_groups': /builds/ordex986/openvpn/src/openvpn/ssl_openssl.c:611: undefined reference to `SSL_CTX_set1_groups' collect2:

Re: [Openvpn-devel] Summary of the community meeting (24th June 2020)

Hi, On Thu, Jun 25, 2020 at 12:52:30AM +0500, ?? wrote: > there's quite an interesting patchset > https://patchwork.openvpn.net/project/openvpn2/list/?series=230 > is it scheduled for 2.5 release ? No. Too late, too incomplete. > or I've missed something and all patches are

Re: [Openvpn-devel] Summary of the community meeting (24th June 2020)

there's quite an interesting patchset https://patchwork.openvpn.net/project/openvpn2/list/?series=230 is it scheduled for 2.5 release ? or I've missed something and all patches are scheduled for 2.5 ? ср, 24 июн. 2020 г. в 16:11, Samuli Seppänen : > Hi, > > Here's the summary of the IRC meeting.

Re: [Openvpn-devel] [PATCH 00/11] man-page overhaul project

On 24/06/2020 20:07, David Sommerseth wrote: > Hi, > > This is the first real review round of the man-page overhaul project. > Since the n/groff based openvpn.8 format is fairly cumbersome to edit, > we agreed at the 2019 Hackathon in Trento to move the man page into > something more editing and m

[Openvpn-devel] [PATCH 11/11] doc/man: Cleaned up the examples

Removed a lot of outdated information. The loading of the tun module is not needed on current Linux distributions; it is automatically loaded when needed. Also removed all the iptables references and rather refer the reader to figure out how firewalling is configured on their system. The reason

[Openvpn-devel] [PATCH 07/11] doc/man: Move --dhcp-option from client to vpn-network section

Even though the --dhcp-option is only useful in a client context, it is more related to configuration of the VPN network interface and the related settings. Signed-off-by: David Sommerseth --- doc/man-sections/client-options.rst | 69 doc/man-sections/vpn-network-op

[Openvpn-devel] [PATCH 10/11] doc/man: Moved --reneg-* options to its own section

The options related to renegotiation of the data channel encryption key is not really a link option. As the renegotiation is encryption related but doesn't really fit into the generic, tls or pkcs11 sections, add it into its own section. Signed-off-by: David Sommerseth --- doc/man-sections/encr

[Openvpn-devel] [PATCH 04/11] doc/man: Remove unsupported options in OpenVPN 2.5

This removes the options from the man page which is enlisted as deprecated options in OpenVPN 2.5. To provide some history, a short summary of why they were removed has been put into a new file which is included into its own "UNSUPPORTED OPTIONS" section in the man page. Signed-off-by: David Somm

[Openvpn-devel] [PATCH 03/11] doc/man: Move profiles section

The profile documentation has been enlisted in between all the other OpenVPN options. As is not strictly an option by itself but a grouping mechanism, move it into its own section in the man page. This also makes the HTML rendering look much nicer and better structured. Signed-off-by: David So

[Openvpn-devel] [PATCH 09/11] doc/man: Move some options from link to advanced section

Moved --persist-local-ip, --persist-remote-ip, --rcvbuf, --sndbuf and --shaper from the link options section to the advanced section. The rationale is that these options are not common to use and is for more advanced use cases where special tweaking is required. Signed-off-by: David Sommerseth -

[Openvpn-devel] [PATCH 08/11] doc/man: Mark compression options as deprecated

Due to the VORACLE attack vector, compression in general is deprecated. Make this clear in the man page. Also remove an incorrect statement claiming --compress lzo is compatible with --comp-lzo. It is not, as --compress lzo uses a different compression framing than --comp-lzo. Signed-off-by: Dav

[Openvpn-devel] [PATCH 06/11] doc/man: Move --bind from generic to link section

This is more related to the configuration of the link, plus --nobind is already placed in the link section. Signed-off-by: David Sommerseth --- doc/man-sections/generic-options.rst | 7 --- doc/man-sections/link-options.rst| 7 +++ 2 files changed, 7 insertions(+), 7 deletions(-) di

[Openvpn-devel] [PATCH 00/11] man-page overhaul project

Hi, This is the first real review round of the man-page overhaul project. Since the n/groff based openvpn.8 format is fairly cumbersome to edit, we agreed at the 2019 Hackathon in Trento to move the man page into something more editing and management friendly. This set of patches converts the ope

Re: [Openvpn-devel] Summary of the community meeting (24th June 2020)

On 24/06/2020 13:10, Samuli Seppänen wrote: [...snip...] > Talked about the status of OpenVPN 2.5: > > > > Ordex promised to have a look at the async-cc patches this week. > Plaisthos, dazo and cron2 will follow-up on the review comme

[Openvpn-devel] Summary of the community meeting (24th June 2020)

Hi, Here's the summary of the IRC meeting. --- COMMUNITY MEETING Place: #openvpn-meeting on irc.freenode.net Date: Wed 24th June 2020 Time: 11:30 CEST (9:30 UTC) Planned meeting topics for this meeting were here: Your local meeti

Re: [Openvpn-devel] [PATCH] systemd: Change the default cipher to AES-256-GCM for server configs

24.06.2020 14:12, Arne Schwabe пишет: There are openvpn 2.3 clients in 3g routers which  are built without ability to inform server about cipher, so server uses default cipher for them, in case you need to change default cipher on server you can't do this , because clients will not work, it is

Re: [Openvpn-devel] [Openvpn-users] Multiple DNS search suffixes on Windows

Hi, On Tue, Jun 23, 2020 at 03:53:52PM -0400, Selva Nair wrote: > > So what option do we want? > > > > --dhcp-option SEARCH > > --dhcp-option DOMAIN-SEARCH > > --dhcp-option SEARCH-DOMAIN > > RFC 3397 calls it "Domain Search" so it has to be DOMAIN-SEARCH, in my > view. Platform scripts acceptin

Re: [Openvpn-devel] [PATCH] systemd: Change the default cipher to AES-256-GCM for server configs

> There are openvpn 2.3 clients in 3g routers which  are built without > ability to inform server about cipher, so server uses default cipher for > them, > > in case you need to change default cipher on server you can't do this , > because clients will not work, it is also impossible to change de

[Openvpn-devel] [PATCH applied] engine-key tests: make check_engine_keys.sh work with --enable-small

Acked-by: Gert Doering Looks reasonable and does not break anything that already worked. I could reproduce the --enable-small breakage with FreeBSD / 1.0.2s here (interesting enough, not with Linux and 1.1.1*), and can confirm that the patch fixes things. Your patch has been applied to the mast

Re: [Openvpn-devel] engine-test on FreeBSD still not working

Hi, On Mon, Jun 22, 2020 at 08:40:15PM +0200, Gert Doering wrote: > so > > $(builddir)/openvpn.cnf: $(srcdir)/openvpn.cnf.in > sed "s|ABSBUILDDIR|$(abs_builddir)|" < $< > $@ > > should work. It doesn't :-( It worked for my tests of that patch, because the openssl.cnf generated with "gmak