Re: [Openvpn-devel] [PATCH] Fix tmp-dir documentation

ric-options.rst | 11 +-- > doc/man-sections/script-options.rst | 8 +++- > 2 files changed, 8 insertions(+), 11 deletions(-) Acked-by: Frank Lichtenheld Comparing to the source code this looks correct to me. Regards, --

[Openvpn-devel] [PATCH v1] GHA: Dependency and Actions update April 2025

-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/926 This mail reflects revision 1 of this Change. Acked-by according to Gerrit

[Openvpn-devel] [PATCH v2] t_server_null_default.rc: Add some tests with --data-ciphers

Trying to verify some of the negotiation parts. Change-Id: I47d95eee8a00b9878331fd6cd6a7db12665f5537 Signed-off-by: Frank Lichtenheld Acked-by: Samuli Seppänen --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https

[Openvpn-devel] [PATCH v3] Handle missing DCO peer by restarting the session

return an error already trigger a SIGUSR1 signal or even call _exit(1). This commit extends that behavior to include dco_get_peer_stats_multi() and dco_get_peer_stats(). Change-Id: Ib118426c5a69256894040c69856a4003d9f4637c Signed-off-by: Ralf Lici Acked-by: Frank Lichtenheld --- This change was

[Openvpn-devel] [PATCH v11] Add lwip support to t_server_null

From: Samuli Seppänen Change-Id: Ie63f302402f469c3aa48ac146ca6b8c029f0d250 Signed-off-by: Samuli Seppänen Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c

[Openvpn-devel] [PATCH v8] Implement override-username

From: Arne Schwabe This allow the server to set and override the username that is assumed for the client for interaction with the client after the authentication. This is especially intended to allow the of use auth-gen-token in scenarios where the clients use certificates and multi-factor authe

[Openvpn-devel] [PATCH v3] Add more "intentional fallthrough" comments

To make it easier to exclude them from compiler warnings. Based on the existing comment in init.c Change-Id: I925accd8267f94ecfd9ccea85bae965dc2a10208 Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one developer. I

[Openvpn-devel] [PATCH v1] GHA: Publish Doxygen documentation to Github Pages

To make it more easily available to everyone. Change-Id: I3922714972fffb3d7b1592f882d09c1fe1137241 Signed-off-by: Frank Lichtenheld Acked-by: Yuriy Darnobyt --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https

Re: [Openvpn-devel] [PATCH] Add 'localhost' token to client-nat network option

actions basically instantly to get some cross-platform verification of your work. Regards, -- Frank Lichtenheld ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] Add 'localhost' token to client-nat network option

at snat|dnat network netmask alias : on client add 1-to-1 > NAT rule.\n" > +" set the network to 'localhost' to use the client ip > received from the server.\n" Please also include an update to the documentation in doc/man-sections/client-options.rst > "--push-peer-info : (client only) push client info to server.\n" > "--setenv name value : Set a custom environmental variable to pass to > script.\n" > "--setenv FORWARD_COMPATIBLE 1 : Relax config file syntax checking to > allow\n" > -- > 2.39.5 Regards, -- Frank Lichtenheld ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH v1] Haiku: change del to delete in route command. del is undocumented

From: Alexander von Gluck Change-Id: Ieca0f8aa07413682d39e73dd3ed21a0038d41f49 Signed-off-by: Alexander von Gluck Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net

[Openvpn-devel] [PATCH v1] Haiku: Fix short interface path length

From: Alexander von Gluck * Haiku uses full paths for interface names, 16 characters isn't enough. Change-Id: I6de60ed5c03ea45e1d7a3fbfc8ed5075e84d Signed-off-by: Alexander von Gluck Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at leas

[Openvpn-devel] [PATCH v1] Remove comparing username to NULL in tls_lock_username

From: Arne Schwabe tls_lock_username is only called in a single place and that place calls this is function with up->username, which is always defined. Change-Id: Ib8adf7b31cae02e2de3d45da23b76a2d79f13e20 Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed

[Openvpn-devel] [PATCH v10] mudp.c: keep offset value when resetting buffer

77d032d3747ed72 Signed-off-by: Lev Stipakov Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/814 This mail reflects revision 10 of this Change. Acked-by acco

[Openvpn-devel] OpenVPN 2.6.13 released

tu packages are available in the official apt repositories: <https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos#DebianUbuntu:UsingOpenVPNaptrepositories> On Red Hat derivatives we recommend using the Fedora Copr repository. <https://copr.fedorainfracloud.org/coprs/dsommers/openvpn

[Openvpn-devel] [PATCH v1] Improve peer fingerpint documentation

Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/859 This mail reflects revision 1 of this Change. Acked-by according to Gerrit (reflected above): Frank Lichtenheld

Re: [Openvpn-devel] [PATCH 1/1] console_systemd: remove the timeout when using `systemd-ask-password`

OpenVPN-Devel" - Add Signed-off-by line to commit message Doing this as part of an experiment to add mail-submitted patches to Gerrit. Regards, -- Frank Lichtenheld ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] RFC: tchar removal patch series

g our Windows experts. Regards, -- Frank Lichtenheld ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH v2] GHA: General update December 2024

: I91f68317450c3c0d69be2c489276739211ccb422 Signed-off-by: Frank Lichtenheld Acked-by: Yuriy Darnobyt Acked-by: Lev Stipakov --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/789 This mail reflects revision 2

[Openvpn-devel] [PATCH v3] Allow DEFAULT in data-ciphers and report both expanded and user set option

is not supported by the server. This commit aims to provide a better way for these situation as we still want people to rely on default cipher selection from OpenVPN when possible. Change-Id: Ia1c5209022d3ab4c0dac6438c41891c7d059f812 Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld

[Openvpn-devel] [PATCH v1] service: add utf8to16 function that takes a size

: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/836 This mail reflects revision 1 of this Change. Acked-by according to Gerrit (reflected above): Frank Lichtenheld

[Openvpn-devel] [PATCH v1] dns: clone options via pointer instead of copy

From: Heiko Hund Change-Id: I12b8bb26c0cb70e50b2d42b1c69018894e9f080c Signed-off-by: Heiko Hund Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/835

[Openvpn-devel] [PATCH v1] dns: store IPv4 addresses in network byte order

: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/834 This mail reflects revision 1 of this Change. Acked-by according to Gerrit (reflected above): Frank

[Openvpn-devel] [PATCH v4] io_work: pass event_arg object to event handler in case of socket event

link_socket. This code path is used on clients as well as UDP servers. Change-Id: I7ebf0d4fb2a23278e16003b2e35598178155d658 Signed-off-by: Antonio Quartulli Signed-off-by: Gianmarco De Gregori Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I

[Openvpn-devel] [PATCH v4] io_work: convert shift argument to uintptr_t

as event handler argument instead of a simple integer value. Change-Id: Ib583bf17e35b14aed78fd8217b6e71e8c2b78089 Signed-off-by: Antonio Quartulli Signed-off-by: Gianmarco De Gregori Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I

[Openvpn-devel] [PATCH v4] event/multi: add event_arg object to make event handling more generic

th only as UDP servers use only one socket to handle all clients. Change-Id: Icd7f6a2ad350cdc2312b3e80fa0dbdd7e4311d2e Signed-off-by: Antonio Quartulli Signed-off-by: Gianmarco De Gregori Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I

[Openvpn-devel] [PATCH v4] pass link_socket object to i/o functions

her than a fixed one. Change-Id: I8eae2d3356bbcc5d632eeb4fbe80de8009d9b40d Signed-off-by: Antonio Quartulli Signed-off-by: Gianmarco De Gregori Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. I manua

[Openvpn-devel] [PATCH v4] event/multi: add event_arg object to make event handling more generic

th only as UDP servers use only one socket to handle all clients. Change-Id: Icd7f6a2ad350cdc2312b3e80fa0dbdd7e4311d2e Signed-off-by: Antonio Quartulli Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master.

[Openvpn-devel] [PATCH v3] io_work: convert shift argument to uintptr_t

as event handler argument instead of a simple integer value. Change-Id: Ib583bf17e35b14aed78fd8217b6e71e8c2b78089 Signed-off-by: Antonio Quartulli Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Note

[Openvpn-devel] IRC community meeting summary (Oct 2nd)

ty security audit for supported projects. So we will apply for that around or after the 2.7 release to review the latest code. Regards, -- Frank Lichtenheld ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sour

[Openvpn-devel] [PATCH v5] Remove support for compression on send

sym" and removes all resulting dead code. Change-Id: I402ba016b75cfcfec4fc8b2b01cc4eca7e2bcc60 Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.op

[Openvpn-devel] [PATCH v1] GHA: Pin dependencies

Done by renovate. Updates will also be handled by renovate. This makes the builds slightly more deterministic and removes some potential supply-chain attack vectors. GitHub: #610 Change-Id: I92dfbc3a0cc347a51892600bf02b501295ce612b Signed-off-by: Frank Lichtenheld Acked-by: Yuriy Darnobyt

[Openvpn-devel] [PATCH v4] dco: better naming for function parameters

From: Lev Stipakov Current naming (remote_in4/6) is confusing, since those are in fact VPN IPv4/v6 addresses and not related to remote at all. Change-Id: I101bbc9f682375ec733bca10b52da82f0abfec27 Signed-off-by: Lev Stipakov Acked-by: Antonio Quartulli --- This change was reviewed on Gerrit an

[Openvpn-devel] IRC community meeting summary (Sep 25th)

ntral European Time. Regards, -- Frank Lichtenheld ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] make t_server_null "server alive?" check more robust

100755 > --- a/tests/t_server_null_server.sh > +++ b/tests/t_server_null_server.sh > @@ -82,6 +82,11 @@ for PID_FILE in $server_pid_files > do > SERVER_PID=$(cat "${PID_FILE}") > > +if [ -z "$SERVER_PID" ] ; then > +echo "WARNING: could not k

[Openvpn-devel] [PATCH v1] GHA: Update dependency Mbed-TLS/mbedtls to v3.6.1

Requires submodule checkout. Change-Id: I86ceceb4e1c716b33c6c6ec8853eca0fb4b394f1 Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c

[Openvpn-devel] [PATCH v10] Implement support for larger packet counter sizes

channel implementations to only support a limited set of data channel formats. Change-Id: I01e258e97351b5aa4b9e561f5b35ddc2318569e2 Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld Acked-by: Lev Stipakov --- This change was reviewed on Gerrit and approved by at least one developer. I request

[Openvpn-devel] [PATCH v3] configure: Allow to detect git checkout if .git is not a directory

d-off-by: Frank Lichtenheld Acked-by: Arne Schwabe Acked-by: Yuriy Darnobyt --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/675 This mail reflects revision 3 of this Change. Ack

[Openvpn-devel] [PATCH v8] tun: use is_tun_p2p more consistently

hat are not required. Also use is_tun_p2p in more places. Change-Id: Ice8b95f953c3f7e71657a78ea12b02a08c60aa67 Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https:

[Openvpn-devel] [PATCH v3] configure: Try to use pkg-config to detect mbedTLS

mbedTLS does not seem to have pkg-config support on e.g. Debian/Ubuntu, so we definitely need to keep the fallback check as well. Change-Id: I5d0da76018e874cda5dbab9202a2b817ad5e4692 Signed-off-by: Frank Lichtenheld Acked-by: Yuriy Darnobyt --- This change was reviewed on Gerrit and approved

[Openvpn-devel] [PATCH v1] GHA: Configure Renovate

From: OpenVPN Renovate Maintain GitHub actions and other version references in GHA. Switch some GHA references from branch versions to tag version so the pinning works correctly. Change-Id: I06253be7ed783e3bf30e7df1d6da8ca888016711 Signed-off-by: Frank Lichtenheld Acked-by: Yuriy Darnobyt

[Openvpn-devel] [PATCH v5] Ensures all params are ready before invoking dco_set_peer()

From: Gianmarco De Gregori In UDP case the dco_set_peer() is currently perfomed at the wrong time since the mssfix param is calculated later on in tls_session_update_crypto_params_do_work(). By moving the dco_set_peer() inside the tls_session_update_crypto_params_do_work() and removing the p2p_se

[Openvpn-devel] [PATCH v2] Add a test for loading certificate and key using file: URI

air Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/730 This mail reflects revision 2 of this Change. Acked-by according to Gerrit (reflected abo

[Openvpn-devel] [PATCH v3] Interpret --key and --cert option argument as URI

s PR 591 but with the fixup commit that addresses review comments is squashed. Change-Id: I82b32d5ab472926e7889a5f4a90caba14231879a Signed-off-by: Selva Nair Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://

[Openvpn-devel] [PATCH v2] Add a test for loading certificate and key to ssl context

test that the latter was loaded correctly. Change-Id: Ic6f089896191145f68ce9a11023587d05dcec4d8 Signed-off-by: Selva Nair Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https

[Openvpn-devel] [PATCH v3] Static-challenge concatenation option

ld be used. v2: use scrv1|concat instead of 0|1 as option argument fix typos v3: improve and correct documentation in management-notes.txt Change-Id: I59a90446bfe73d8856516025a58a6f62cc98ab0d Signed-off-by: Selva Nair Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and appr

[Openvpn-devel] [PATCH v1] Add Ubuntu 24.04 runner to Github Actions

From: Arne Schwabe Change-Id: I44b9003143fdad90bfff7b2c86d0bb503f9157de Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn

[Openvpn-devel] [PATCH v3] Avoid SIGUSR1 to SIGHUP when the configuration is read from stdin

-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/533 This mail reflects revision 3 of this Change. Acked-by according to Gerrit (reflected above): Frank L

[Openvpn-devel] [PATCH release/2.5] Allow trailing \r and \n in control channel message

. Change-Id: I47c992b6b73b1475cbff8a28f720cf50dc1fbe3e Signed-off-by: Arne Schwabe Signed-off-by: Frank Lichtenheld --- src/openvpn/forward.c | 73 +-- 1 file changed, 43 insertions(+), 30 deletions(-) diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c

Re: [Openvpn-devel] [PATCH v2] configure: Switch to C11 by default

On Wed, Jul 10, 2024 at 09:32:39PM +0200, Gert Doering wrote: > Hi, > > On Wed, Jul 10, 2024 at 06:03:06PM +0200, Frank Lichtenheld wrote: > > Mostly so we can use anonymous structs without jumping through > > hoops or relying on unofficial suppor

[Openvpn-devel] [PATCH v2] configure: Switch to C11 by default

Mostly so we can use anonymous structs without jumping through hoops or relying on unofficial support. Change-Id: I72934e747d1ad68a7e3675afbeb1b63df7941186 Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one developer. I

[Openvpn-devel] [PATCH v3] Remove check for anonymous unions from configure and cmake config

: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/588 This mail reflects revision 3 of this Change. Acked-by according to Gerrit (reflected

Re: [Openvpn-devel] [PATCH v4] Allow trailing \r and \n in control channel message

On Wed, Jul 10, 2024 at 04:06:23PM +0200, Frank Lichtenheld wrote: > From: Arne Schwabe > > Writing a reason from a script will easily end up adding extra \r\n characters > at the end of the reason. Our current code pushes this to the peer. So be more > liberal in acceptin

[Openvpn-devel] [PATCH v4] Allow trailing \r and \n in control channel message

Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/672 This mail reflects revision 4 of this Change. Acked-by according to

Re: [Openvpn-devel] [PATCH 2/5] sample/sample-plugins/defer/multi-auth.c: handle strdup errors

text->test_valid_pass = strdup(args->argv[4]); > +if (!context->test_valid_pass) > +{ > +plog(context, PLOG_ERR, "Out of memory"); > +goto error; > +} > } > else > { A bit ugly. Might be nicer

Re: [Openvpn-devel] [PATCH 5/5] tests/unit_tests/openvpn/test_auth_token.c: handle strdup errors

> free_key_ctx(&ctx->multi.opt.auth_token_key); > auth_token_init_secret(&ctx->multi.opt.auth_token_key, random_key, true); Acked-by: Frank Lichtenheld Regards, -- Frank Lichtenheld ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH v8] configure: Try to detect LZO with pkg-config

de it. Change-Id: I1c038dc4ec80d3499582d81eee61fee74f26e693 Signed-off-by: Frank Lichtenheld Acked-by: Gert Doering --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/556 This mail ref

[Openvpn-devel] OpenVPN 2.6.11 released

able in the official apt repositories: <https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos#DebianUbuntu:UsingOpenVPNaptrepositories> On Red Hat derivatives we recommend using the Fedora Copr repository. <https://copr.fedorainfracloud.org/coprs/dsommers/

[Openvpn-devel] [PATCH v2] Add t_server_null test suite

From: Samuli Seppänen Change-Id: I1b54da258c7d15551b6c3de7522a0d19afdb66de Signed-off-by: Samuli Seppänen Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c

[Openvpn-devel] [PATCH v2] Only schedule_exit() once

is scheduled - we no longer notify management on redundant exit. Change-Id: I9457f005f4ba970502e6b667d9dc4299a588d661 Signed-off-by: Reynir Björnsson Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master

[Openvpn-devel] [PATCH v6] Allow the TLS session to send out TLS alerts

experience is much better with alerts, this compromise is worth it. Change-Id: I0ad48915004ddee587e97c8ed190ba8ee989e48d Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL

[Openvpn-devel] [PATCH v3] crypto_backend: fix type of enc parameter

ution. Fix the actual API definition Change-Id: If0dcdde30879fd6185efb2ad31399c1629c04d22 Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.

[Openvpn-devel] [PATCH v1] Fix snprintf/swnprintf related compiler warnings

) Change-Id: If23988a05dd53a519c5e57f2aa3b2d10bd29df1d Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/549 This mail reflects

[Openvpn-devel] [PATCH v1] Add bracket in fingerprint message and do not warn about missing verification

From: Arne Schwabe Change-Id: Ia73d53002f4ba2658af18c17cce1b68f79de5781 Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn

[Openvpn-devel] [PATCH] script-options.rst: Update ifconfig_* variables

- Remove obsolete ifconfig_broadcast. Since this was removed in 2.5.0, do not add a removal note but just completely remove it. - Add missing documentation of IPv6 variants for ifconfig_pool_* variables. Github: #527 Change-Id: Ia8c8de6799f0291fc900628fbd06c8a414e741ca Signed-off-by: Frank

[Openvpn-devel] [PATCH v1] GHA: general update March 2024

- Update to Node 20 versions of actions to avoid warnings - Update to current vcpkg - Update mbedTLS and LibreSSL to latest releases Change-Id: I1ad6a0b1323ce0872f4a3299c5a9f18a982e0126 Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved

Re: [Openvpn-devel] [PATCH v2] Implement server_poll_timeout for socks

On Fri, Mar 15, 2024 at 05:20:11PM +0100, Frank Lichtenheld wrote: > From: 5andr0 > > So far --server-poll-timeout was only applied > for HTTP proxies, apply it also to SOCKS proxies. > > This removes the default 5 second socks connect timeout > which can be too small depen

[Openvpn-devel] [PATCH v2] Implement server_poll_timeout for socks

From: 5andr0 So far --server-poll-timeout was only applied for HTTP proxies, apply it also to SOCKS proxies. This removes the default 5 second socks connect timeout which can be too small depending on network setup and replaces it with the configurable overall connect timeout (default 120 second

Re: [Openvpn-devel] [PATCH applied] Re: t_client.sh: Allow to skip tests

way. > commit 0c7cf0694ee6f878168330e9a084c255c51a9e8b > Author: Frank Lichtenheld > Date: Fri Mar 8 11:28:18 2024 +0100 > > t_client.sh: Allow to skip tests > > Signed-off-by: Frank Lichtenheld > Acked-by: Gert Doering > Message-Id: <20240308

[Openvpn-devel] [PATCH] Update documentation references in systemd unit files

From: Christoph Schug The systemd unit files for both client and server were referencing outdated documentation as they were hard-coded to the OpenVPN 2.4.x release branch. Change-Id: Iee289aa5df9ee0e9a03c0dc562e45dd39836e794 Signed-off-by: Christoph Schug Acked-by: Frank Lichtenheld

[Openvpn-devel] [PATCH] remove repetitive words in documentation and comments

From: wellweek Change-Id: I4f349963b41ebe155d3866da8955f2d7245d0394 Signed-off-by: wellweek Acked-by: Frank Lichtenheld --- Changes.rst | 2 +- contrib/OCSP_check/OCSP_check.sh | 2 +- doc/man-sections/cipher-negotiation.rst | 2 +- doc/man-sections/vpn

Re: [Openvpn-devel] [PATCH OpenVPN3] Add 'pull' to ignored options

options "client" and "pull" but no "tls-client" in the config, > the "pull" option will not be touched. True, due to short-circuit logic. I will prepare a fix. Regards, -- Frank Lichtenheld ___ Open

Re: [Openvpn-devel] [PATCH OpenVPN3] Add 'pull' to ignored options

t; send-mail' [1]. > > In this specific case, resending the patch as an attachment can also work. Since I was confused about the state of this patch: It has been superseded by a patch from Arne, see commit https://github.com/OpenVPN/openvpn3/commit/53614a0cce7775ba0ae4a43887ee03aa2fa09

Re: [Openvpn-devel] [PATCH] Implement server_poll_timeout for socks

reason I can also take care of it but it would be preferred if the original submitter does it :) Regards, -- Frank Lichtenheld ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH 1/1] openvpn-[client|server].service: Remove syslog.target

From: Martin Rys Change-Id: If825e5b1ebc6eecc9e5398f0d8274927b53e5b83 Signed-off-by: Martin Rys Acked-by: Frank Lichtenheld Signed-off-by: Frank Lichtenheld --- distro/systemd/openvpn-cli...@.service.in | 2 +- distro/systemd/openvpn-ser...@.service.in | 2 +- 2 files changed, 2 insertions

[Openvpn-devel] [PATCH v1] samples: Remove tls-*.conf

These are mostly redundant with client/server.conf Let's try to manage to maintain one set of sample configurations before we branch out further. Change-Id: I199541fea5a76c8edef7f67d2dbfc476987dc2f7 Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe Acked-by: Antonio Quartulli ---

[Openvpn-devel] IRC community meeting summary (Feb 28th)

work on it yet/ Regards, -- Frank Lichtenheld ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH v2] Route: remove incorrect routes on exit

value. Fixes: Trac #1457 Change-Id: I8a67b82eb4afdc8d82c5a879c18457b41e77cbe7 Signed-off-by: Gianmarco De Gregori Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/op

[Openvpn-devel] [PATCH v2] Minor fix to process_ip_header

R macros. Fixes: Trac https://community.openvpn.net/openvpn/ticket/269 Change-Id: I4b5e8357d872c920efdb64632e9bce72cebee202 Signed-off-by: Gianmarco De Gregori Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it t

Re: [Openvpn-devel] [PATCH] Document that auth-user-pass may be inlined

http-proxy-user-pass``, ``--tls-auth``, > ``--auth-gen-token-secret``, ``--peer-fingerprint``, ``--tls-crypt``, > -``--tls-crypt-v2`` and ``--verify-hash`` options. > +``--tls-crypt-v2``, ``--verify-hash`` and ``auth-user-pass`` options. --auth-user-pass for consistency. Rega

Re: [Openvpn-devel] IRC community meeting summary (Feb 14th)

On Wed, Feb 14, 2024 at 05:18:21PM +, tincantech wrote: > On Wednesday, 14 February 2024 at 15:22, Frank Lichtenheld > wrote: > > > Meeting summary for 14 February 2024: > > > > > * New: Easy-rsa in Windows installers > > easy-rsa has included pre-bu

[Openvpn-devel] [PATCH v1] check_compression_settings_valid: Do not test for LZ4 in LZO check

Probably introduced by copy & paste since there is no COMP_ALGV2_LZO. Github: #500 Change-Id: Id6b038c1c0095b2f22033e9dc7090e2507a373ab Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one developer. I request to merg

[Openvpn-devel] IRC community meeting summary (Feb 14th)

people really care about easy-rsa in the Windows installers. Depending on the feedback we might drop it from the installer./ * *Closed: 2.6.9* /Release was done on Monday/ Regards, -- Frank Lichtenheld ___ Openvpn-devel mailing list Openvpn

[Openvpn-devel] [PATCH v3] Implement support for AEAD tag at the end

as they do not need to buffer a whole packet content and encrypt it to finally write the tag but instead just add the calculated tag at the end of processing. Change-Id: I00821d75342daf3f813b829812d648fe298bea81 Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed

[Openvpn-devel] OpenVPN 2.6.9 released

tps://copr.fedorainfracloud.org/coprs/dsommers/openvpn-release-2.6/> Kind regards, -- Frank Lichtenheld ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] wolfssl: include "ssl.h" by "src/openvpn/ssl.h"

changes to buildsystem configuration would be required. Regards, -- Frank Lichtenheld ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] IRC community meeting summary (Feb 7th)

and uddr and colleague from Fox IT. Tuesday 13th at 11:00 CET/ Regards, -- Frank Lichtenheld ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH v9] Print SSL peer signature information in handshake debug details

peer certificate: 384 bits ECsecp384r1, signature: ecdsa-with-SHA256, server temp key: 448 bits X448, peer signing digest/type: SHA384 ECDSA Change-Id: Ib5fc0c4b8f164596681ac5ad73002068ec6de1e5 Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and app

[Openvpn-devel] [PATCH v8] Implement generating TLS 1.0 PRF using new OpenSSL 3.0 APIs

be in the future. Change-Id: Ic74195a4ed340547c5e862dc2438f95be318c286 Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/457

[Openvpn-devel] [PATCH v5] Turn dead list test code into unit test

From: Arne Schwabe Change-Id: I7511bc43cd6a0bcb89476f27d5822ab4a78d0d21 Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn

[Openvpn-devel] [PATCH v5] Windows: enforce 'block-local' with WFP filters

From: Heiko Hund In an attempt to better defend against the TunnelCrack attacks, enforce that no traffic can pass to anything else than the VPN interface when the 'block-local' flags is given with either --redirect-gateway or --redirect-private. Reuse much of the existing --block-outside-dns cod

[Openvpn-devel] [PATCH v8] test_user_pass: add basic tests for static/dynamic challenges

Change-Id: I8b5570f6314e917f92dce072279efe415d79b22a Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/475 This mail reflects

[Openvpn-devel] [PATCH] documentation: Fixes for previous fixes to --push-peer-info

- Clarify compression IV_ settings - Clarify which settings might come from --setenv Change-Id: Id8615515c8df6e38e931e357396811234faad796 Signed-off-by: Frank Lichtenheld --- doc/man-sections/client-options.rst | 13 + 1 file changed, 9 insertions(+), 4 deletions(-) For master and

[Openvpn-devel] [PATCH] documentation: Update and fix documentation for --push-peer-info

- description of IV_PROTO was outdated, missing a lot of flags - complete list of compression flags, but separate them out - various other style/grammar/typo fixes Change-Id: I7f854a5a14d2a2a391ebb78a2a92b3e14cfd8be6 Signed-off-by: Frank Lichtenheld --- doc/man-sections/client-options.rst

Re: [Openvpn-devel] [PATCH applied] Re: README.cmake.md: Document minimum required CMake version for --preset

On Thu, Feb 01, 2024 at 08:28:21PM +0100, Gert Doering wrote: > Makes sense (I did read the GH issue). > > Your patch has been applied to the master branch. I think it would make sense to apply this to release/2.6 as well, since that uses the same CMake build. Thanks, -- Frank Li

[Openvpn-devel] [PATCH v1] [CMake] Allow unit tests to fall back to hard coded location

Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/509 This mail reflects revision 1 of this Change. Acked-by according to Gerrit (reflected above): Frank Lichtenheld

[Openvpn-devel] [PATCH] README.cmake.md: Document minimum required CMake version for --preset

CMakePreset.json is supported since 3.19, but we have a version 3 preset file, so need at least 3.21. Github: OpenVPN/openvpn#489 Change-Id: I44c555f6ffa08f2aee739c7f687fa3b678c86231 Signed-off-by: Frank Lichtenheld --- README.cmake.md | 7 ++- 1 file changed, 6 insertions(+), 1 deletion

[Openvpn-devel] [PATCH v7] forked-test-driver: Show test output always

We want to see the progress, at least for slow tests like t_client.sh. Change-Id: I11e0091482d9acee89ca018374cb8d96d22f8514 Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master

[Openvpn-devel] [PATCH v6] tests: fork default automake test-driver

Change-Id: I67d461afbcc9c06b1fc5ab4477141d7b8bd9ba8e Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/478 This mail reflects revision 6 of t

[Openvpn-devel] [PATCH v4] Ensure that all unit tests use unbuffered stdout and stderr

lost. As the unit test x_msg mock implementation prints even fatal on stdout we ensure with this setup method that stdout is also unbuffered. Change-Id: I5c06dc13e9d8ab73997f79b13c30ee8949e5e993 Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one

  1   2   3   4   5   6   >