Re: [Openvpn-devel] [PATCH 1/2] Deprecate non TLS mode in OpenVPN

I made this change to the wiki: https://community.openvpn.net/openvpn/wiki/DeprecatedOptions?action=diff&version=45 ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH v2] Implement '--compress migrate' to migrate to non-compression setup

Am 25.03.21 um 00:12 schrieb tincanteksup: > I found a typo, so I double checked every comment. > Thanks. I think Gert can fix that on the fly on the merge. Arne ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourcef

[Openvpn-devel] [PATCH 1/2] Deprecate non TLS mode in OpenVPN

The non-TLS mode is a relict from OpenVPN 1.x or 2.0. When tls mode was introduce the advantages of TLS over non-tls were small but tls mode evolved to include a lot more features. (NCP, multipeer, AEAD ciphers to name a few). Today VPN that use --secret are mainly used because of its relative eas

[Openvpn-devel] [PATCH 2/2] Remove deprecated option '--keysize'

This option has been deprecated in OpenVPN 2.4 and the ciphers that allow using this option fall all into the SWEET32 category of ciphers with 64 bit block size. Signed-off-by: Arne Schwabe --- config-msvc.h| 1 - configure.ac | 2 +- src/openvpn/crypto.c

Re: [Openvpn-devel] [PATCH 2/2] Allows a plugin to provide a client_reason for authentication failure

I am just going through some older patches and this one of them that I didn't review last time. This patch does not apply cleanly to master anymore but there some other things that should be fixed regardless. So it would be good to have a version 2 of this patch. > diff --git a/src/openvpn/ssl_

[Openvpn-devel] [PATCH 2/2] Remove deprecated option '--keysize'

This option has been deprecated in OpenVPN 2.4 and the ciphers that allow using this option fall all into the SWEET32 category of ciphers with 64 bit block size. Signed-off-by: Arne Schwabe --- config-msvc.h| 1 - configure.ac | 2 +- src/openvpn/crypto.c

[Openvpn-devel] [PATCH 1/2] Deprecate non TLS mode in OpenVPN

The non-TLS mode is a relict from OpenVPN 1.x or 2.0. When tls mode was introduce the advantages of TLS over non-tls were small but tls mode evolved to include a lot more features. (NCP, multipeer, AEAD ciphers to name a few). Today VPN that use --secret are mainly used because of its relative eas

Re: [Openvpn-devel] [PATCH v2] Implement '--compress migrate' to migrate to non-compression setup

I found a typo, so I double checked every comment. On 24/03/2021 22:08, Arne Schwabe wrote: diff --git a/src/openvpn/ssl_util.h b/src/openvpn/ssl_util.h index 741a7782..472aa591 100644 --- a/src/openvpn/ssl_util.h +++ b/src/openvpn/ssl_util.h @@ -54,4 +54,19 @@ extract_var_peer_info(const cha

[Openvpn-devel] [PATCH 3/4] Fix socket related functions using int instead of socket_descriptor_t

On windows the SOCKET type is a UINT_PTR, which is a 64 bit pointer, so using an int worked so far but is actually quite wrong. Signed-off-by: Arne Schwabe --- src/openvpn/fdmisc.c | 8 src/openvpn/fdmisc.h | 10 +- src/openvpn/mtu.c| 2 +- src/openvpn/mtu.h| 2 +- sr

[Openvpn-devel] [PATCH 1/4] Make buffer related function conversion explicit when narrowing

Clang and gcc do report many of the narrowing conversion that MSVC reports, like these: warning C4267: 'function': conversion from 'size_t' to 'int', possible loss of data This commit changes int to size_t where it is safe (e.g. checked by buf_size_valid) and add casts where necessary. In the

[Openvpn-devel] [PATCH 2/4] Fix unchecked signess conversions reported by MSVC

Whenever possible the types have been aligned in the various parts of OpenVPN. If that was not possible, an explicit cast to a narrower type has been added. Signed-off-by: Arne Schwabe --- src/openvpn/console_builtin.c | 2 +- src/openvpn/dhcp.c| 2 +- src/openvpn/multi.h |

[Openvpn-devel] [PATCH 4/4] Use correct types for OpenSSL and Windows APIs

The error code of OpenSSL is a long. On most Unics systems (mac, Linux...) this happens to be the same as size_t. But on Windows as LP64, long is a 32 bit type and size_t is a 64 bit type. So use the same type as OpenSSL. When calling the Windows API use DWORD for the functions that want a DWORD.

Re: [Openvpn-devel] [PATCH] reliable: retransmit if 3 follow-up ACKs are received

Am 18.03.21 um 20:27 schrieb Maximilian Fillinger via Openvpn-devel: The sender is strange, this strange sender ends up in git as author. > Hi! > > I'm currently preparing the OpenVPN-NL 2.5 release at Fox-IT. (We're a > bit behind the times...) I thought that one of our patches, by Steffan > Ka

[Openvpn-devel] [PATCH v2] Implement '--compress migrate' to migrate to non-compression setup

This option allow migration to a non compression server config while still retraining compatibility with client that have a compression setting in their config. For existing setups that used to have comp-lzo no or another compression setting in their configs it is a difficult to migrate to a setup

Re: [Openvpn-devel] [PATCH 2/2] Implement '--compress migrate' to migrate to non-compression setup

Hi, On 19/03/2021 16:31, Arne Schwabe wrote: > This option allow migration to a non compression server config while > still retraining compatibility with client that have a compression > setting in their config. > > For existing setups that used to have comp-lzo no or another > compression settin

[Openvpn-devel] Introducing the OpenVPN Data Channel Offload Windows driver

Dear all, OpenVPN Inc. and I are happy to announce that we've released ovpn-dco-win, which stands for "OpenVPN Data Channel Offload for Windows". It is a modern Windows driver, which functions as a virtual network adapter and implements required functionality to handle the OpenVPN data channel. Wh

[Openvpn-devel] Summary of the community meeting (24th March 2021)

Hi, Here's the summary of the IRC meeting. --- COMMUNITY MEETING Place: #openvpn-meeting on irc.freenode.net Date: Wed 24th March 2021 Time: 11:30 CET (10:30 UTC) Planned meeting topics for this meeting were here: Your local mee