Re: [Openvpn-devel] [PATCH] multi.c: Allow floating to a new IP right after connection setup

ection that blocks you. And there is no explaination why this connection exist in the first place. You are fixing the sympton of this ghost connection that blocks your float but from my perspective we have not really established why it exists in the first place. Arne ___________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] multi.c: Allow floating to a new IP right after connection setup

> The thing is that I do not really understand your scenario and how it > exactly breaks for you to the extend that I cannot reproduce the issue. I thought I explained things sufficiently in: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg31502.html Apparently not.

Re: [Openvpn-devel] [PATCH] multi.c: Allow floating to a new IP right after connection setup

+else if (!cert_hash_compare(m1->locked_cert_hash_set, > m2->locked_cert_hash_set)) > { > msg(D_MULTI_LOW, "Disallow float to an address taken by > another client %s", > multi_instance_string(ex_mi, false, &gc)); > -- > 2.34.1 > > ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] OpenVPN 3 Linux v24.1 released

rsion tags to contain dots and minor version digits configmgr/proxy: Ignore minor version number in feature check OpenPGP_signature.asc Description: OpenPGP digital signature _________

[Openvpn-devel] [PATCH] multi.c: Allow floating to a new IP right after connection setup

sh_set)) { msg(D_MULTI_LOW, "Disallow float to an address taken by another client %s", multi_instance_string(ex_mi, false, &gc)); -- 2.34.1 ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] multi.c: Allow floating to a new IP right after connection setup

gering the issue is even more > perplexing. Well. If it was expected, we wouldn't be here investigating ;) Can I assist you with some test or extra log line? Cheers, Walter ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] multi.c: Allow floating to a new IP right after connection setup

second connection. I haven't checked if it's something I can fix yet. But At least we have a culprit now. Cheers, Walter Doekes OSSO B.V. _______ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] multi.c: Allow floating to a new IP right after connection setup

, I betting you're right on these points. I don't know where the "tls state session ID" is and if it's there. I'm dealing with OpenVPN 2.5 clients (no older ones, I hope). If you can point me in the right direction, I'd be grateful. This is my first venture into o

[Openvpn-devel] [PATCH] multi.c: Allow floating to a new IP right after connection setup

h_set, m2->locked_cert_hash_set)) { msg(D_MULTI_LOW, "Disallow float to an address taken by another client %s", multi_instance_string(ex_mi, false, &gc)); -- 2.34.1 _______ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [patch]: debian lintian informational warning (Authorization)

rds, David Sommerseth OpenVPN Inc ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH 2/2] Document x509-username-fields oid usage

uses the :code:`ext:` prefix to signify that the X.509 extension ``fieldname`` :code:`subjectAltName` be searched for an rfc822Name (email) field to be used as the username. In cases where there are -- 2.48.1 _______ Openvpn-devel mailin

[Openvpn-devel] [PATCH 1/2] Remove x509-username-fields uppercasing

; !x509_username_field_ext_supported(s+4)) { msg(msglevel, "Unsupported x509-username-field extension: %s", s); } -- 2.48.1 ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH 0/2] x509-username-fields improvements

+ doc/man-sections/tls-options.rst | 12 src/openvpn/options.c| 27 +-- 3 files changed, 10 insertions(+), 34 deletions(-) -- 2.48.1 ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https

[Openvpn-devel] [PATCH] Adding AWS-LC to the OpenVPN CI

make -j3 + - name: configure checks +run: echo 'RUN_SUDO="sudo -E"' >tests/t_server_null.rc + - name: make check + run: make -j3 check VERBOSE=1 \ No newline at end of file -- 2.39.5 (Apple Git-154) _______ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH] Adding AWS-LC to the OpenVPN CI

run: make -j3 + - name: configure checks +run: echo 'RUN_SUDO="sudo -E"' >tests/t_server_null.rc + - name: make check + run: make -j3 check VERBOSE=1 \ No newline at end of file -- 2.39.5 (Apple Git-154) _______ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH] Add compatibility to build OpenVPN with AWS-LC.

sl); #else STACK_OF(SSL_CIPHER) *sk = SSL_get1_supported_ciphers(ssl); -- 2.39.5 (Apple Git-154) ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH] Adding AWS-LC to the OpenVPN CI

SUDO="sudo -E"' >tests/t_server_null.rc + - name: make check +run: LD_LIBRARY_PATH="${{ env.AWS_LC_INSTALL }}/lib" make -j3 check VERBOSE=1 \ No newline at end of file -- 2.39.5 (Apple Git-154) _______ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH] Add compatibility to build OpenVPN with AWS-LC.

SSL_VERSION_NUMBER < 0x101fL || defined(OPENSSL_IS_AWSLC) STACK_OF(SSL_CIPHER) *sk = SSL_get_ciphers(ssl); #else STACK_OF(SSL_CIPHER) *sk = SSL_get1_supported_ciphers(ssl); -- 2.39.5 (Apple Git-154) ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH applied] Re: console_systemd: remove the timeout when using 'systemd-ask-password'

ther it's a bugfix or a feature). Looking forward to it :) . --Ben _______________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH 1/1] console_systemd: remove the timeout when using `systemd-ask-password`

On 31/12/2024 21:46, Ben Boeckel via Openvpn-devel wrote: Without this, the password request will expire after 90 seconds leaving no way to provide the password without OpenVPN asking for it again. Given that interactive use will wait for input without a timeout, it makes sense to have non

Re: [Openvpn-devel] [PATCH 1/1] console_systemd: remove the timeout when using `systemd-ask-password`

on was added in commit f3bc7fdc7bf47193a9f8618a7d22a6ceec2df6f7) since 2011, released with systemd v25. I think we can assume anything using a modern openvpn is also using something newer than this as well. --Ben ___ Openvpn-devel mailing list Openvpn

Re: [Openvpn-devel] [PATCH 1/1] console_systemd: remove the timeout when using `systemd-ask-password`

On 31/12/2024 21:46, Ben Boeckel via Openvpn-devel wrote: Without this, the password request will expire after 90 seconds leaving no way to provide the password without OpenVPN asking for it again. Given that interactive use will wait for input without a timeout, it makes sense to have non

[Openvpn-devel] [PATCH 0/1] Remove system password timeout

___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH 1/1] console_systemd: remove the timeout when using `systemd-ask-password`

(std_out = openvpn_popen(&argv, NULL)) < 0) -- 2.47.1 ___________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH v3 2/2] port-share: Add proxy protocol v2 support

if (journal_dir) { -journal_add(journal_dir, pc, cp); +if (0 == strcmp("proxy_protocol_v2", journal_dir)) +{ +send_proxy_protocol_v2_header(pc, cp); +} +else +{ + journal_add(journal_dir, pc, cp); +} } dmsg(

Re: [Openvpn-devel] [PATCH v2 2/2] port-share: Add proxy protocol v2 support

Hi, On 26.12.24 14:13, Gert Doering wrote: > On Mon, Dec 16, 2024 at 01:22:51PM +0100, corubba via Openvpn-devel wrote: >> In addition to the custom journal solution, also support the widely >> used binary PROXY protocol version 2 to convey the original client >> connect

Re: [Openvpn-devel] [PATCH v2 1/2] port-share: Normalize IPv4-mapped IPv6 addresses

t gc_arena const char *print_in6_addr(struct in6_addr addr6, unsigned int flags, struct gc_arena *gc); +void normalize_sockaddr(struct openvpn_sockaddr *sock); + +void copy_normalized_sockaddr(const struct openvpn_sockaddr *src, struct openvpn_sockaddr *dst); + +struct openvpn_sock

[Openvpn-devel] [PATCH v2 2/2] port-share: Add proxy protocol v2 support

/* add journal entry */ if (journal_dir) { -journal_add(journal_dir, pc, cp); +if (0 == strcmp("proxy_protocol_v2", journal_dir)) +{ +send_proxy_protocol_v2_header(pc, cp); +} + else + { + journal_ad

[Openvpn-devel] [PATCH v2 3/2] port-share: Add unix-socket and udp support for proxy protocol

+69,7 @@ struct openvpn_sockaddr struct sockaddr sa; struct sockaddr_in in4; struct sockaddr_in6 in6; +struct sockaddr_un un; } addr; }; -- 2.47.1 ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH v2 1/2] port-share: Normalize IPv4-mapped IPv6 addresses

const char *t = print_openvpn_sockaddr(&to, &gc); fnlen = strlen(journal_dir) + strlen(t) + 2; -- 2.47.1 ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH 3/2] port-share: Add unix-socket and udp support for proxy protocol

578b3c3 100644 --- a/src/openvpn/socket.h +++ b/src/openvpn/socket.h @@ -69,6 +69,7 @@ struct openvpn_sockaddr struct sockaddr sa; struct sockaddr_in in4; struct sockaddr_in6 in6; +struct sockaddr_un un; } addr; }; -- 2.47.1 _____

[Openvpn-devel] [PATCH 2/2] port-share: Add proxy protocol v2 support

/* add journal entry */ if (journal_dir) { -journal_add(journal_dir, pc, cp); +if (0 == strcmp("proxy_protocol_v2", journal_dir)) +{ +send_proxy_protocol_v2_header(pc, cp); +} +else + { + journal_add

[Openvpn-devel] [PATCH 1/2] port-share: Normalize IPv4-mapped IPv6 addresses

const char *t = print_openvpn_sockaddr(&to, &gc); fnlen = strlen(journal_dir) + strlen(t) + 2; -- 2.47.1 ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH 0/2] proxy protocol v2 for port-share

ournal directory" with it. [0] https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt Best regards -- Corubba _______ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH] Support IPv6 towards port-share proxy receiver

+ /* * Make a socket for foreground and background processes * to communicate. -- 2.47.1 ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] SystemD user names

seth OpenVPN Inc _______ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] spelling errors

cb6c73234> -- kind regards, David Sommerseth OpenVPN Inc ___________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] OpenVPN 3 Linux v24 released

ide -> Override sessionmgr: Remove unused Session::connection_started bool netcfg/resolvconf-file: Don't add nameservers that already exist ---------------- OpenPGP_signature Description: OpenPGP digital signature _______ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH 2/2] Fix port-share journal doc

determine the origin of the connection. Each generated file will be automatically -- 2.47.1 ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH 1/2] Fix IPv6 in port-share journal

); if (!getpeername(pc->sd, (struct sockaddr *) &from.addr.sa, &slen) && !getsockname(cp->sd, (struct sockaddr *) &to.addr.sa, &dlen)) { -- 2.47.1 ___________ Openvpn-devel mailing list Openvpn-dev

Re: [Openvpn-devel] [PATCH 1/2] Haiku: Introduce basic platform support

On Tuesday, November 26th, 2024 at 8:32 AM, Gert Doering wrote: > > this is great, but alas... > On Tue, Nov 26, 2024 at 02:26:52PM +, Alexander von Gluck via > Openvpn-devel wrote: > > > +#el > > if defined(TARGET_HAIKU) > > ... > > > +#

[Openvpn-devel] [PATCH 1/2] Haiku: Introduce basic platform support

snprintf(dynamic_name, sizeof(dynamic_name), "%s%d", dev, i); +#endif if ((tt->fd = open(tunname, O_RDWR)) > 0) { dynamic_opened = true; -- 2.47.1 signature.asc Description: OpenPGP digital signature ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH 2/2] Haiku: Pull in routing table to get default route

const struct in6_addr *dest, openvpn_net_ctx_t *ctx) +{ +/* TODO: Same for ipv6 with AF_INET6 */ +CLEAR(*rgi6); +} + #elif defined(TARGET_DARWIN) || defined(TARGET_SOLARIS)\ || defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY)\ || defined(TARGET_OPENBSD) || defined(TARGET_NETBSD) -- 2.47.1 signature.asc Description: OpenPGP digital signature ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] Subject: Potential OpenVPN Vulnerability Report: Repeated TLS Handshake Failures Leading to Denial-of-Service Conditions

ing all people took for >             granted, was >              >             conviction that if you >              >               feed honest figures into a computer, honest >             figures come >              >             out. Neve

Re: [Openvpn-devel] Subject: Potential OpenVPN Vulnerability Report: Repeated TLS Handshake Failures Leading to Denial-of-Service Conditions

                                         Robert A. Heinlein, The Moon >             is a Harsh Mistress > >             Gert Doering - Munich, Germany g...@greenie.muc.de <mailto:g...@greenie.muc.de> >             <mailto:g...@greenie.muc.de

Re: [Openvpn-devel] Subject: Potential OpenVPN Vulnerability Report: Repeated TLS Handshake Failures Leading to Denial-of-Service Conditions

//netanel.ml> _______ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net <mailto:Openvpn-devel@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] Subject: OpenVPN Client Vulnerability - TLS Key Negotiation Timeout Leading to DoS (Black Box Pentest)

e reported behaviour is expected behaviour and we do not see any > > > > security problems/implication in that behaviour, so no security problem, > > > > no CVE. > > > > > > > > > > > > -- > > > > -- -BEGIN PGP SIGNATURE- Version: ProtonMail wsBzBAEBCAAnBYJnOW/aCZBPl5z2a5C4nRYhBAm8PURno41yecVVVU+XnPZr kLidAADJqgf/fP+US1O0sV88Ui7MjEiaOUPyneyB5A1REmGnON+8Wr1rYngi EZ+fN/t+ro1F5oVN3r+Y+DrrxQY6sy3C1p62CjcVcu3ogeHtPvpzprcpq6QV GNl0hp5jg58T7yUyKFD4XPQJoiRBRr4TPnjP8Xa6O3D1KvcU0n22Xa3R/FxC pCIjeFgcSkqnjrCCmVqQ7cyS4WZ42Sfq1a/ijsq/RWoUX04Afuatyr0qB3fE EdVUZuzPic0HTA/zrxbnj2Bnv3J05euWROPzVmqpMGqVokKXboN8/N/AyPQb NZGlV8tierETQvnt/5x6fCM87psCF0K73S8YTbQ/dLfS+7wL2PLlGg== =c6Lz -END PGP SIGNATURE- publickey - tincantech@protonmail.com - 0x09BC3D44.asc Description: application/pgp-keys publickey - tincantech@protonmail.com - 0x09BC3D44.asc.sig Description: PGP signature ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] Subject: OpenVPN Client Vulnerability - TLS Key Negotiation Timeout Leading to DoS (Black Box Pentest)

ards, David Sommerseth OpenVPN Inc _______ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] Fwd: Inquiry About Potential Vulnerabilities in OpenVPN for Remote Code Execution (RCE)

___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] Fwd: Inquiry About Potential Vulnerabilities in OpenVPN for Remote Code Execution (RCE)

On 13/11/2024 14:59, נתי שטרן wrote: -- Forwarded message - מאת: *נתי שטרן* mailto:nsh...@gmail.com>> ‪Date: יום ד׳, 13 בנוב׳ 2024, 15:52‬ Subject: Re: [Openvpn-devel] Inquiry About Potential Vulnerabilities in OpenVPN for Remote Code Execution (RCE) To: Gert Doering ma

Re: [Openvpn-devel] [PATCH] Allow auth plugins not to be invoked if other auth plugins fail

ves this challenge better. That's my 2cents. -- kind regards, David Sommerseth OpenVPN Inc ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] IRC community meeting summary

C network every Wednesday at 14:00 Central European Time. Kind regards, Johan Draaisma _______ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH] Add calls to nvlist_destroy to avoid leaks (v2)

return ret; @@ -750,6 +763,7 @@ retry: if (!nvlist_exists_nvlist_array(nvl, "peers")) { /* no peers */ +nvlist_destroy(nvl); return 0; } @@ -762,6 +776,7 @@ retry: dco_update_peer_stat(m, peerid, nvlist_get_nvlist(peer, "bytes&qu

[Openvpn-devel] IRC community meeting summary

, Johan Draaisma _______ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH] Add calls to nvlist_destroy to avoid leaks

return ret; @@ -750,6 +763,7 @@ retry: if (!nvlist_exists_nvlist_array(nvl, "peers")) { /* no peers */ +nvlist_destroy(nvl); return 0; } @@ -762,6 +776,7 @@ retry: dco_update_peer_stat(m, peerid, nvlist_get_nvlist(peer, "bytes&qu

[Openvpn-devel] IRC community meeting summary

27;re welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 14:00 Central European Time. Kind regards, Johan Draaisma ___________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] IRC community meeting summary

nesday at 14:00 Central European Time. Kind regards, Johan Draaisma _______ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] IRC community meeting summary

ou're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 14:00 Central European Time. Kind regards, Johan Draaisma _______ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listin

Re: [Openvpn-devel] [PATCH] Configurable installation directories

ere. Your changes makes sense, so I don't expect any issues here. Going to test it a bit first, though. -- kind regards, David Sommerseth OpenVPN Inc ___________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourcefo

Re: [Openvpn-devel] [PATCH] build: reduce hardcode in `asio_path`

! -- kind regards, David Sommerseth OpenVPN Inc ___________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] build: reduce hardcode in `asio_path`

ly. I've seen your patch, and it makes total sense. It's in my pipe to get merged as soon as I have cleaned up a bunch of other changes as well. Again, sorry for the slow response. -- kind regards, David Sommerseth OpenVPN Inc _______ Op

[Openvpn-devel] OpenVPN 3 Linux v23 released

d of overwriting netcfg: Check stub-resolv.conf before giving up on systemd-resolved common: give SingleCommand a virtual destructor addons/devposture: Add core_ver and extra_ver to client_info ------------ -

[Openvpn-devel] [PATCH] examples: Switched to ed25519, nodes -> noenc

a elliptic curve (`secp384`), which allows +Note: This example use a elliptic curve (`ed25519`), which allows ``--dh`` to be set to ``none``. Example 3: A tunnel with full PKI and TLS-based security -- 2.45.2 _______ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] OpenVPN 3 Linux v22_dev released

vice method calls netcfg: Return when no DNS resolver is configured in method_add_dns_search() Frank Lichtenheld (1): build-selinux-policy: make sure to use bash Razvan Cojocaru (4): GDBus++: Migrate openvpn3-service-configmgr build: Use version_compare(), not lexicographical comparisons Use get_option('sbindir') instead of hardcoded 'sbin' log/syslog: Don't assign NULL to const std::string& parameter ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH applied] Re: Implement Windows CA template match for Crypto-API selector

Nair > Message-Id: <20240606103441.26598-1-g...@greenie.muc.de> > URL: >https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28726.html > Signed-off-by: Gert Doering Thanks for pushing this to master. I wonder if it would be

Re: [Openvpn-devel] IRC community meeting summary (Feb 14th)

C3D44.asc Description: application/pgp-keys publickey - tincantech@protonmail.com - 0x09BC3D44.asc.sig Description: PGP signature ___________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH] dco-freebsd: dynamically re-allocate buffer if it's too small

nvl) { msg(M_WARN, "Failed to unpack nvlist"); -- 2.43.0 ___________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [Openvpn-Devel] [PATCH] vcpkg-ports/pkcs11-helper: bump to version 1.30

er", -"version": "1.29.0", +"version": "1.30.0", "description": "pkcs11-helper is a library that simplifies the interaction with PKCS#11 providers for end-user applications.", "homepage": "https://github.com/OpenSC/pkcs11-helper";, "license": "BSD-3-Clause OR GPL-2.0-only" -- 2.43.0.windows.1 ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH] dco-linux: fix counter print format

if (tb[OVPN_GET_PEER_RESP_ATTR_VPN_TX_BYTES]) { c2->tun_write_bytes = nla_get_u64(tb[OVPN_GET_PEER_RESP_ATTR_VPN_TX_BYTES]); -msg(D_DCO_DEBUG, "%s / tun_write_bytes: %lu", __func__, +msg(D_DCO_DEBUG, "%s / tun_write_bytes: " counter_format,

[Openvpn-devel] [PATCH] DCO: support key rotation notifications

+573,9 @@ bool tls_session_generate_data_channel_keys(struct tls_multi *multi, struct tls_session *session); +void +tls_session_soft_reset(struct tls_multi *multi); + /** * Load ovpn.xkey provider used for external key signing */ -- 2.40.0 ___

[Openvpn-devel] [PATCH] dco: print FreeBSD version

gt;version; } void -- 2.39.2 ___________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] dco: print FreeBSD version

On 9 Mar 2023, at 13:06, Arne Schwabe wrote: > Am 09.03.23 um 10:26 schrieb Kristof Provost via Openvpn-devel: >> From: Kristof Provost >> >> Implement dco_version_string() for FreeBSD. >> Unlike Linux and Windows the DCO driver is built into the operating >>

[Openvpn-devel] [PATCH] dco: print FreeBSD version

uot;%s", name.version); + +return (char *)out.data; } void -- 2.39.2 _______________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] dco: print version to log if available

gt; This said, reporting the kernel/os version is absolutely appropriate if > that's what identifies the DCO version. > There’s no API in FreeBSD’s DCO to identify its version either, which is another reason to just use the OS version. > Is that something you could implement in dco_fre

Re: [Openvpn-devel] [PATCH] dco: print version to log if available

to do for FreeBSD is to log the OS version. Kristof _______________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] dco: define OVPN_DEL_PEER_REASON_TRANSPORT_DISCONNECT on FreeBSD

On 3 Mar 2023, at 12:48, Antonio Quartulli wrote: > On 03/03/2023 12:27, Antonio Quartulli wrote: >> Hi, >> >> On 03/03/2023 12:05, Kristof Provost via Openvpn-devel wrote: >>> From: Kristof Provost >>> >>> FreeBSD's if_ovpn will never emit t

[Openvpn-devel] [PATCH] dco: define OVPN_DEL_PEER_REASON_TRANSPORT_DISCONNECT on FreeBSD

ly, sometimes these -- 2.39.2 ___________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH 1/2] configure: improve FreeBSD DCO check

.]) +AC_MSG_WARN([DCO header not found.]) ] ) if test "$enable_dco" = "no"; then -- 2.39.2 ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH 2/2] options.c: enforce a minimal fragment size

t;fragment needs to be at least 68"); +goto err; +} + if (p[2] && streq(p[2], "mtu")) { options->ce.fragment_encap = true; -- 2.39.2 ___________ Openvpn-devel mailing list Openvpn-devel@lists.

Re: [Openvpn-devel] OpenVPN 2.6.0 released

gt; releases. A new repository for OpenVPN 2.6 has been published: > > https://copr.fedorainfracloud.org/coprs/dsommers/openvpn-release-2.6/ > > > > -- > kind regards, > > David Sommerseth > OpenVPN Inc > > > > > ___

[Openvpn-devel] [PATCH] vcpkg-ports/pkcs11-helper: support loader flags

ig-w32-vc.h.in-indicate-OpenSSL.patch pkcs11-helper-001-RFC7512.patch +pkcs11-helper-002-dynamic_loader_flags.patch ) vcpkg_build_nmake( -- 2.39.0.windows.1 _______ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH v2 3/3] special handling for PKCS11 providers on win32

also be an acceptable compromise: 3/3 v2 -> 2.6 branch 3/3 v3 -> master The timeline for pkcs11-helper releases is not something I even dare to predict. :) Regrads, Marc ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net

[Openvpn-devel] [PATCH v3 3/3] special handling for PKCS11 providers on win32

ags, sizeof(loader_flags)); +} +#endif if (rv != CKR_OK || (rv = pkcs11h_initializeProvider(provider)) != CKR_OK) { -- 2.38.1.windows.1 _______ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.ne

[Openvpn-devel] [PATCH v2 3/3] special handling for PKCS11 providers on win32

LOAD_LIBRARY_SEARCH_DLL_LOAD_DIR; +rv = pkcs11h_setProviderProperty(provider, PKCS11H_PROVIDER_PROPERTY_LOADER_FLAGS, &loader_flags, sizeof(loader_flags)); +} +#endif if (rv != CKR_OK || (rv = pkcs11h_initializeProvider(provider)) != CKR_OK) { -- 2.38

[Openvpn-devel] [PATCH v2 2/3] use new pkcs11-helper interface to add providers

h_getMessage(rv)); } +#endif /* if PKCS11H_VERSION >= ((1<<16) | (28<<8) | (0<<0)) */ dmsg( D_PKCS11_DEBUG, -- 2.38.1.windows.1 ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH v2 1/3] unify code path for adding PKCS#11 providers

TAL, "Failed to add PKCS#11 provider '%s", provider); goto cleanup; } -- 2.38.1.windows.1 ___________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH] support PKCS11 lib dependencies

. ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH 3/3] special handling for PKCS11 providers on win32

quot;PKCS#11: Cannot set alternative loader flags '%s' %ld-'%s'", provider, rv, pkcs11h_getMessage(rv)); +} +#endif if ((rv = pkcs11h_initializeProvider(provider)) != CKR_OK) { pkcs11h_removeProvider(provider); -- 2.38.1.windows.1

[Openvpn-devel] [PATCH 1/3] unify code paths for loading PKCS11

, TRUE, 0, cert_private ? TRUE : FALSE)) { msg(M_FATAL, "PKCS#11: Cannot add provider '%s' %ld-'%s'", provider, rv, pkcs11h_getMessage(rv)); goto cleanup; -- 2.38.1.windows.1 ___________ Openvpn-de

[Openvpn-devel] [PATCH 2/3] use new pkcs11-helper provider interface

er( provider, @@ -407,6 +441,7 @@ pkcs11_addProvider( cert_private )) != CKR_OK ) +#endif { msg(M_WARN, "PKCS#11: Cannot initialize provider '%s' %ld-'%s'", provider, rv, pkcs11h_getMessage(rv)); } -- 2.38.1.windows.1 ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH 1/4] Read DCO traffic stats from the kernel

er_type link_read_bytes; +counter_type dco_read_bytes; counter_type link_read_bytes_auth; counter_type link_write_bytes; +counter_type dco_write_bytes; #ifdef PACKET_TRUNCATION_CHECK counter_type n_trunc_tun_read; counter_type n_trunc_tun_write; diff --git a/src/openvpn/o

[Openvpn-devel] [PATCH 3/4] Read the peer deletion reason from the kernel

OVPN_NOTIF_DEL_PEER, }; +enum ovpn_del_reason { +OVPN_DEL_REASON_REQUESTED = 0, +OVPN_DEL_REASON_TIMEOUT = 1 +}; + enum ovpn_key_slot { OVPN_KEY_SLOT_PRIMARY = 0, OVPN_KEY_SLOT_SECONDARY = 1 -- 2.38.1 ___________ Openvpn-devel maili

[Openvpn-devel] [PATCH 4/4] dco: cleanup FreeBSD dco_do_read()

wn kernel notification %d", type); +break; } nvlist_destroy(nvl); -- 2.38.1 ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH]: FreeBSD DCO updates

/D37606 Best regards, Kristof ___________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH 2/4] dco: Update counters when a client disconnects

i_context *m) dco->dco_message_type = 0; dco->dco_message_peer_id = -1; +dco->dco_read_bytes = 0; +dco->dco_write_bytes = 0; return ret > 0; } #endif /* if defined(ENABLE_DCO) && defined(TARGET_LINUX) */ -- 2.38.1 _______ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH] Read DCO traffic stats from the kernel

read_bytes; counter_type link_read_bytes_auth; counter_type link_write_bytes; +counter_type dco_write_bytes; #ifdef PACKET_TRUNCATION_CHECK counter_type n_trunc_tun_read; counter_type n_trunc_tun_write; diff --git a/src/openvpn/ovpn_dco_freebsd.h b/src/ope

[Openvpn-devel] [DRAFT]: packet counting for DCO

ets which go through the socket directly (so not through the DCO driver). This isn't intended to be a finished patch, rather it's intended to serve as a basis for discussion. Best regards, Kristof ___________ Openvpn-devel mailing list Openvpn-dev

[Openvpn-devel] [PATCH] dco: pass control packets through the socket on FreeBSD

l->dco_installed; #else return false; -- 2.38.1 _______ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH] dco: pass control packets through the socket on FreeBSD

l->dco_installed; #else return false; -- 2.38.1 _______ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH]: FreeBSD DCO can use the socket for control packets

Hi, The next e-mail has a patch to teach OpenVPN it can pass control packets through the socket on FreeBSD. This patch does that, and also removes the now unused dco_do_write() implementation. Best regards, Kristof ___ Openvpn-devel mailing list

  1   2   3   4   >