Hi,
On Tue, Jan 10, 2023 at 06:02:57PM +0100, Frank Lichtenheld wrote:
> @@ -27,7 +27,7 @@ ${top_builddir}/src/openvpn/openvpn --cd
> ${top_srcdir}/sample --config sample-co
> # first off check we died because of a key mismatch. If this doesn't
> # pass, suspect openssl of returning different
Acked-by: Gert Doering
This is really straightforward. Tested with my .ovpn full with generated
"remote" lines, some of them changed to "tcp", and "--proto-force tcp-client"
..
190,1185.server.org,1185,udp,disabled
191,1186.server.org,1186,udp,disabled
192,1187.server.org,1187,udp,disabled
193,
Error in commit message:
0,vpn.example.org,udp,enabled
> 2,vpn.example.net,tcp-client,disabled
> 1,vpn.example.com,udp,enabled
>
That should have been
0,vpn.example.org,udp,enabled
1,vpn.example.net,tcp-client,disabled
2,vpn.example.com,udp,enabled
with indices 0, 1, 2 ordered.
From: Selva Nair
- The response to the management command "remote-entry-get" is
amended to include the status of the remote entry. The status
reads "disabled" if (ce->flag & DISABLED) is true, "enabled"
otherwise.
- Update and correct the description of this option in
management-notes.tx
On Tue, Jan 10, 2023 at 4:56 PM Gert Doering wrote:
> Hi,
>
> On Tue, Jan 10, 2023 at 04:42:50PM -0500, Selva Nair wrote:
> > I'm trying to get this info into the GUI for handling
> > "--management-query-remote". Selecting a disabled entry from the UI
> would
> > lead to erratic behaviour. Ideal
Hi,
On Tue, Jan 10, 2023 at 04:42:50PM -0500, Selva Nair wrote:
> I'm trying to get this info into the GUI for handling
> "--management-query-remote". Selecting a disabled entry from the UI would
> lead to erratic behaviour. Ideally this info (CE_DISABLED state) should be
> included in the respon
correction:
> (i) --proto-force is in effect : configs not matching with the forced
protocol are disabled
configs --> connection entries
> (ii) --http-proxy-override : UDP profiles get disabled.
profiles --> connection entries
On Tue, Jan 10, 2023 at 4:42 PM Selva Nair wrote:
> Hi,
>
> I see
Hi,
I see two situations under which a connection-entry (remote) could be
disabled while iterating through the list of remotes:
(i) --proto-force is in effect : configs not matching with the forced
protocol are disabled
(ii) --http-proxy-override : UDP profiles get disabled.
This looks like an unu
Hi, sure, will do.
Yes, I’ve noticed undesired code dup in v14 and have fixed everything found
in v15 rebase, same will be rechecked in v16 of course.
Thanks!
Ср, 11 янв. 2023 г. в 01:05, Gert Doering :
> Hi,
>
> On Thu, Dec 29, 2022 at 12:27:46PM +0500, Vladislav Grishenko wrote:
> > client wi
Hi,
On Thu, Dec 29, 2022 at 12:27:46PM +0500, Vladislav Grishenko wrote:
> client will move on to the next connection entry.
>
> v15:
> rebase to master (Dec 2022)
> add optional port argument to --remote and --remote-srv usage message
> fix --proto option coexisting with --remote-s
Haven't tested this beyond "does it compile on Github?" - it looks
correct, though :-)
Your patch has been applied to the master branch.
commit 202b34da386c8574692111bad23814602d0e09f5 (master)
commit 71f3a109f9f73f0d978f58e08caed896c064767f (release/2.6)
Author: Frank Lichtenheld
Date: Tue Jan
Hi,
On Tue, Jan 10, 2023 at 8:21 AM Frank Lichtenheld
wrote:
> Warning by GCC 12:
> pkcs11_openssl.c:237:22: warning:
> dangling pointer ‘tbs’ to ‘enc’ may be used [-Wdangling-pointer=]
>
> Signed-off-by: Frank Lichtenheld
> ---
> src/openvpn/pkcs11_openssl.c | 6 +++---
> 1 file changed, 3 in
Not enabled by default with OpenSSL 3, so we don't
see this in our builds.
While here add missing entries to .gitignore (which
is what made me look at engine-key test in the first
place).
Signed-off-by: Frank Lichtenheld
---
.gitignore | 4
tests/unit_t
Acked-by: Gert Doering
"Automatic and really easy to verify" ("git show -I Copyright")
The patch seems to be too big for mail-archive.com to archive it
(wat?) - it's not visible there, so pointing URL: to patchwork.
Your patch has been applied to the master and release/2.6 branch.
commit ccf9d
Acked-by: Gert Doering
Works and helps with DCO debugging.
Some of the messages look a bit stupid now... so we might want to go
and polish :-)
.. gremlin14943/194.97.140.21:12404 peer-id=9 dco_update_keys: peer_id=9
.. gremlin14833/194.97.140.21:11036 peer-id=11 dco_update_keys: peer_id=11
.. g
This enables logging the peer id in p2mp mode if dco is enabled
and the log level is high enough
Patch v2: use check_debug_level to check current log level
Signed-off-by: Arne Schwabe
---
src/openvpn/multi.c | 6 ++
1 file changed, 6 insertions(+)
diff --git a/src/openvpn/multi.c b/src/ope
Antonio, thanks for the review. Fixed the whitespace. (Uncrustify
did not see it since the patch was ad-hoc written on a system that
does not have the hook - but my pre-merge hook would have caught it).
Patch has been applied to the master and release/2.6 branch.
commit 85e0df6b493396d9d1d9030c
Hi,
On 09/01/2023 21:00, Gert Doering wrote:
p2p --tls-server with no active client/peer logs once per second
"dco_update_keys: peer_id=-1"
which does exactly nothing, except fill the disk. So skip the call to
dco_update_keys() if peer_id == -1.
Signed-off-by: Gert Doering
---
src/open
Hi,
On Tue, Dec 27, 2022 at 11:12:44AM +0100, Gert Doering wrote:
> Playing around with the patch a bit, the offending piece seems to be
> "mi->context.options.verbosity >= D_DCO_DEBUG" - which is unsurprising,
> as D_DCO_DEBUG is not "6" but "LOGLEV(6, 69, M_DEBUG)", which translates
> to
>
>
Warning by GCC 12:
pkcs11_openssl.c:237:22: warning:
dangling pointer ‘tbs’ to ‘enc’ may be used [-Wdangling-pointer=]
Signed-off-by: Frank Lichtenheld
---
src/openvpn/pkcs11_openssl.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/openvpn/pkcs11_openssl.c b/src/op
On Mon, Jan 09, 2023 at 05:36:06PM +0100, Arne Schwabe wrote:
> Am 09.01.23 um 16:01 schrieb Frank Lichtenheld:
> > On Mon, Dec 12, 2022 at 12:27:45PM +0100, Arne Schwabe wrote:
> > > Currently we have only one slot for renegotiation of the session/keys.
> > > If a replayed/faked packet is inserted
Acked-by: Gert Doering
We discussed this previously, and it makes sense to take "route addition
errors" into account, even if we consciously decided (long before I got
involved...) that we consider these non-fatal, unlike ifconfig errors.
I have stared at the code, and it looks reasonable (we di
22 matches
Mail list logo
