Hi,
On Wed, Jan 27, 2016 at 05:34:57PM +0800, Daniel Sim wrote:
> Unless there are undiscovered vulnerabilities in the .NET framework itself,
>
>1. It is necessary to move away from pure C programs for Windows.
>Microsoft's documentation for the services API apart from the .NET
>frame
Hi,
On Thu, Feb 04, 2016 at 10:40:35AM -0500, Selva Nair wrote:
> > (And yes, this needs to be adjusted in the installer, whichever way we
> > go - globally writeable log directory, or user-individual logging)
>
> Its the "HKLM\OpenVPN\log_dir" key set by the installer when the service is
> insta
Hi,
On Fri, Feb 05, 2016 at 01:44:38PM +0800, Daniel Sim wrote:
> May I ask a more generic question about the implementation of the
> interactive service?
>
> So I understand that the patch allows clients to instruct the service to
> modify the routing table.
Yes and no. It allows clients to i
May I ask a more generic question about the implementation of the
interactive service?
So I understand that the patch allows clients to instruct the service to
modify the routing table. In short, it allows ordinary users (since any
program could impersonate the openvpn client) to modify the routin
On Thu, Feb 4, 2016 at 4:40 PM, Selva Nair wrote:
> On Thu, Feb 4, 2016 at 4:38 AM, Gert Doering wrote:
>> Thanks. I take this as an ACK from your for the service change, and
>> Arne's mail as an ACK for the openvpn side, and merge it tonight.
>>
>> Then we can go about improving things further
Hi,
On Thu, Feb 4, 2016 at 4:38 AM, Gert Doering wrote:
> > Anyway, the iservice works well and the only real problem I ran into was
> > lack of write access to the default log_dir. That leads to a log-jam as
> the
> > stdout is now a pipe which the service is not actively reading from.
> Could
Hi,
On Wed, Feb 03, 2016 at 08:57:18PM -0500, Selva Nair wrote:
> On Mon, Feb 1, 2016 at 11:34 AM, Selva Nair wrote:
>
> > Other comments I have are more specific to code snippets and of minor
> > consequence. Will send them after compile/test runs
>
> Following up on that, a couple of comments
Hi,
On Mon, Feb 1, 2016 at 11:34 AM, Selva Nair wrote:
> Other comments I have are more specific to code snippets and of minor
> consequence. Will send them after compile/test runs
Following up on that, a couple of comments below:
HMODULE iphlpapi = GetModuleHandle (TEXT("iphlpapi.dll")
> AC_USE_SYSTEM_EXTENSIONS
> +AM_PROG_CC_C_O
I have no idea what this does. The docu tells me that it is obsolescent.
Other than I looked at other code that is modfied in OpenVPN itself. I
have no idea about all the windows specific stuff. But from the look it
looks good and the other parts it
On Mon, Feb 1, 2016 at 1:41 PM, Heiko Hund wrote:
> On Monday 1 February 2016 11:34:47 Selva Nair wrote:
> > A more serious problem is related to the the service requiring
> connections
> > from UI with impersonation allowed. Again, an unprivileged process
> > pretending to be the service could e
On Monday 1 February 2016 11:34:47 Selva Nair wrote:
> (1) the config file should reside in some pre-defined location(s)
> controlled by, say, a registry key that only an admin user can change
> (2) only a limited set of "safe" options may be allowed on the command line
1) can be implemented by on
Hi,
I did some review over the weekend, but haven't yet run the code, yet
thought of sending these comments in light of the Windows meeting today.
On Tue, Jan 26, 2016 at 2:11 PM, Gert Doering wrote:
>
> From: Heiko Hund
>
> v1: Heiko Hund
> - Message-ID: <2215306.x9ci9DhAZ9@de-gn-40970>
> -
Hi
Sorry was too busy so far to catch up reading with this thread.
On Tuesday 26 January 2016 22:07:18 Samuli Seppänen wrote:
> One question, primarily to Heiko... does the interactive service solve
> the use-case where the administrator/user wants to have persistent
> connections that come up on
On Wed, Jan 27, 2016 at 3:20 AM, Gert Doering mailto:g...@greenie.muc.de>> wrote:
Hi,
On Wed, Jan 27, 2016 at 10:14:18AM +0200, Samuli Seppänen wrote:
> An added bonus is that openvpnserv2 is written in C#, which means it can
> be developed on Linux using Mono, and the languag
On Wed, Jan 27, 2016 at 3:20 AM, Gert Doering wrote:
> Hi,
>
> On Wed, Jan 27, 2016 at 10:14:18AM +0200, Samuli Seppänen wrote:
> > An added bonus is that openvpnserv2 is written in C#, which means it can
> > be developed on Linux using Mono, and the language choice probably helps
> > getting new
(forgot to CC the mailing list earlier)
>
> In case we stay with openvpnserv2, I think some followup questions
> need to be asked...
>
> - do we want to migrate "interactive service" functionality into
>openvpnserv2 as well? More code, but not overly complex stuff
>(if the network/route
Hi,
On Wed, Jan 27, 2016 at 10:14:18AM +0200, Samuli Seppänen wrote:
An added bonus is that openvpnserv2 is written in C#, which means it can
be developed on Linux using Mono, and the language choice probably helps
getting new contributions from people not fluent with C.
I'm not totally convin
Hi,
On Wed, Jan 27, 2016 at 10:14:18AM +0200, Samuli Seppänen wrote:
> An added bonus is that openvpnserv2 is written in C#, which means it can
> be developed on Linux using Mono, and the language choice probably helps
> getting new contributions from people not fluent with C.
I'm not totally c
Il 27/01/2016 00:54, Selva Nair ha scritto:
On Tue, Jan 26, 2016 at 4:24 PM, Gert Doering mailto:g...@greenie.muc.de>> wrote:
Since Heiko has reworked the "classic" code (in automatic.c now, as
he called this "automatic service") maybe we can just use the
opportunity
to get the
On Tue, Jan 26, 2016 at 4:24 PM, Gert Doering wrote:
> Since Heiko has reworked the "classic" code (in automatic.c now, as
> he called this "automatic service") maybe we can just use the opportunity
> to get the remaining issues fixed - is there more than "restart openvpn.exe
> when it dies"?
>
On Tue, Jan 26, 2016 at 4:26 PM, Gert Doering wrote:
> Cool. Was afraid you went silent after I neglected to follow up on
> your configure.ac patch in November (*sigh* - too busy myself)
>
>
That can wait -- may be I'll come up with version 2 on it some time..
> > Its a fairly large
> > chunk
Hi,
On Tue, Jan 26, 2016 at 03:20:38PM -0500, Selva Nair wrote:
> Still alive, though things are a bit hectic at work.
Cool. Was afraid you went silent after I neglected to follow up on
your configure.ac patch in November (*sigh* - too busy myself)
> Its a fairly large
> chunk of code and I h
Hi,
On Tue, Jan 26, 2016 at 10:07:18PM +0200, Samuli Seppänen wrote:
> One question, primarily to Heiko... does the interactive service solve
> the use-case where the administrator/user wants to have persistent
> connections that come up on boot and are not closed or managed in any
> way in the
On Tue, Jan 26, 2016 at 2:19 PM, Gert Doering wrote:
> Hi,
>
> so, this took quite a while - barely 2.5 years, but we're getting
> there. v3 of the patch has been rebased to git master, and all comments
> from Steffan and my earlier review have been integrated into the build
> stuff and the open
> Hi,
so, this took quite a while - barely 2.5 years, but we're getting
there. v3 of the patch has been rebased to git master, and all comments
from Steffan and my earlier review have been integrated into the build
stuff and the openvpn side of the code - so, as far as openvpn goes, I'm
fine wi
Hi,
so, this took quite a while - barely 2.5 years, but we're getting
there. v3 of the patch has been rebased to git master, and all comments
from Steffan and my earlier review have been integrated into the build
stuff and the openvpn side of the code - so, as far as openvpn goes, I'm
fine wit
Hi,
so, this took quite a while - barely 2.5 years, but we're getting
there. v3 of the patch has been rebased to git master, and all comments
from Steffan and my earlier review have been integrated into the build
stuff and the openvpn side of the code - so, as far as openvpn goes, I'm
fine with m
From: Heiko Hund
v1: Heiko Hund
- Message-ID: <2215306.x9ci9DhAZ9@de-gn-40970>
- extend openvpn service to provide "automatic service" and "interactive
service" (which is used by GUI and OpenVPN to run openvpn non-privileged
and still be able to install routes and configure IPv6 addresses
28 matches
Mail list logo
