>
> Feature-ACK. The failure messages have concerned some Tunnelblick
> users. This _might_ help clarify things for them and it certainly
> won't hurt.
>
> I have not tested the code, but it looks fine.
>
> Note that the last half of the patch consists only of whitespace
> changes (starting at
Hi,
On Sat, Jul 25, 2020 at 7:51 PM Arne Schwabe wrote:
>
> For lack of a better API (or knowledge about a better API) we try to
> open utun devices on macOS by trying utun0 to utun255 and use the
> first one that works. On my Mac I have already 4 devices that
> do nothing but are just there and
Am 17.07.20 um 19:10 schrieb David Sommerseth:
> The --no-replay feature is considered to be a security weakness, which
> was also highlighed during the OpenVPN 2.4 security audit [0]. This
> option was added to the DeprecatedOptions[1] list and has been reported
> as deprecated since OpenVPN 2.4.
When a server sends a client a push request, the client will reply
with a push reply. The reply is bogus and almost empty since almost
all the options that are normally set (remote ip etc) are unset.
I checked 2.4 and master and this does not have any security implications
or other bugs but it is
For lack of a better API (or knowledge about a better API) we try to
open utun devices on macOS by trying utun0 to utun255 and use the
first one that works. On my Mac I have already 4 devices that
do nothing but are just there and another VPN connection resulting in a
number of error messages. This
The introduction of IV_PROTO_REQUEST_PUSH (c290df55) sometimes causes the
server to reply before we setup the push timer. The push reply will then clear
a timer that has not been setup yet. We then start sending push
request after we have gone through the whole initialisation already.
This patch a
The check event_timeout_defined in check_connection_established is
completely redundant as event_timeout_trigger will do the very same
check as first action. Removing this check makes the function
superfluous. To further improve the code move the call check if the
time is expired into process_coar
Am 22.07.20 um 11:30 schrieb Arne Schwabe:
> Mostly C90 -> C99 cleanups and again immediately instead
> wrapping function body into if.
>
> (Review with ignore whitespace)
I made a mistake in this. Ignore it and wait for V2
signature.asc
Description: OpenPGP digital signature
___
Hi,
thanks for the list!
On 24/07/2020 11:00, Arne Schwabe wrote:
To emulate pull-filter with pull-filter you need to block this list:
redirect-private
redirect-gateway
block-ipv6
client-nat
route
route-ipv6
route-gateway
route-metric
ip-win32
dhcp-option
dhcp-renew
register-dns
tap-sleep
bloc
Acked-by: Gert Doering
Code changes look good, Makefile / .vcxproj file changes look reasonable,
and it passes my MinGW test build.
I have not tested the resulting binary because I do not hit this particular
code path anyway - and the end result is fairly trivial ("if (!iservice)
then complain")
Patch has been applied to the master branch.
commit 96d57b0fc5cc2bf08fdf78141130e3c8092ca4d5
Author: Gert Doering
Date: Fri Jul 24 20:13:24 2020 +0200
Repair --inetd
Signed-off-by: Gert Doering
Acked-by: Arne Schwabe
Message-Id: <20200724181324.19037-1-g...@greenie.muc.de
11 matches
Mail list logo
