subject:"\[Openvpn\-devel\] OpenVPN 2.6.7 released"

Re: [Openvpn-devel] OpenVPN 2.6.7 released

2023-11-13 Thread Dmitry Melekhov

14.11.2023 11:05, Gert Doering пишет: Hi, On Sun, Nov 12, 2023 at 06:08:48PM +, Greg Cox wrote: Spun this config up, then ran: iptables -t nat -A PREROUTING -i eth0 -p tcp -m multiport --dports 443,80 -j REDIRECT --to-ports 1194 Within 5 minutes the random web scanners found and segfaulte

Re: [Openvpn-devel] OpenVPN 2.6.7 released

2023-11-13 Thread Gert Doering

Hi, On Sun, Nov 12, 2023 at 06:08:48PM +, Greg Cox wrote: > Spun this config up, then ran: > > iptables -t nat -A PREROUTING -i eth0 -p tcp -m multiport --dports 443,80 > -j REDIRECT --to-ports 1194 > > Within 5 minutes the random web scanners found and segfaulted me. ... your port scanners

Re: [Openvpn-devel] OpenVPN 2.6.7 released

2023-11-12 Thread Gert Doering

Hi, On Sun, Nov 12, 2023 at 07:22:45PM +0100, Gert Doering wrote: > (If you feel like debugging a bit more - could you compile an instance > without optimization, run from gdb, and when it segfaults print all > local variables of interest? i, j, ks, *ks, ks->send_reliable? We > got one variable

Re: [Openvpn-devel] OpenVPN 2.6.7 released

2023-11-12 Thread Greg Cox

Segfaulting STR: Rocky9 host, used 2.6.7 from the copr repo. port 1194 proto tcp-server dev tun1 ca /etc/openvpn/server/keys/ca.crt cert /etc/openvpn/server/keys/server.crt key /etc/openvpn/server/keys/server.key dh none tls-groups secp521r1:secp384r1 topology subn

Re: [Openvpn-devel] OpenVPN 2.6.7 released

2023-11-12 Thread Gert Doering

Hi, On Sun, Nov 12, 2023 at 06:08:48PM +, Greg Cox wrote: > Spun this config up, then ran: > > iptables -t nat -A PREROUTING -i eth0 -p tcp -m multiport --dports 443,80 > -j REDIRECT --to-ports 1194 > > Within 5 minutes the random web scanners found and segfaulted me. This sounds promising.

Re: [Openvpn-devel] OpenVPN 2.6.7 released

2023-11-10 Thread Gert Doering

Hi, On Fri, Nov 10, 2023 at 10:51:34AM +0100, Gert Doering wrote: > I'll see if I can reproduce this case here and we'll fix it ASAP. We couldn't reproduce it yet, but we have a crash dump in GH issue #449, which hints at the commit cd4d819c99266 getting this double-extra-check wrong. So if you

Re: [Openvpn-devel] OpenVPN 2.6.7 released

2023-11-10 Thread Gert Doering

Hi, On Fri, Nov 10, 2023 at 12:25:22PM +0400, Dmitry Melekhov wrote: > btw, what I missed, openvpn dies: > > openvpn[11346]: segfault at 0 ip 55e33503f5f3 sp 7fff33642390 error > 4 in openvpn[55e334fc8000+8f000] > > but only multipoint udp . This is bad (but very different from "it sto

Re: [Openvpn-devel] OpenVPN 2.6.7 released

2023-11-10 Thread Dmitry Melekhov

btw, what I missed, openvpn dies: openvpn[11346]: segfault at 0 ip 55e33503f5f3 sp 7fff33642390 error 4 in openvpn[55e334fc8000+8f000] but only multipoint udp . 10.11.2023 11:35, Dmitry Melekhov пишет: 10.11.2023 11:23, Gert Doering пишет: Hi, On Fri, Nov 10, 2023 at 11:19:58AM

Re: [Openvpn-devel] OpenVPN 2.6.7 released

2023-11-09 Thread Dmitry Melekhov

10.11.2023 11:23, Gert Doering пишет: Hi, On Fri, Nov 10, 2023 at 11:19:58AM +0400, Dmitry Melekhov wrote: OK, now I know what is broken. I have so called multihomed server, and multihomed udp does not work in 2.6.7. On server with only one external interface everything works OK. Are you us

Re: [Openvpn-devel] OpenVPN 2.6.7 released

2023-11-09 Thread Gert Doering

Hi, On Fri, Nov 10, 2023 at 11:19:58AM +0400, Dmitry Melekhov wrote: > OK, now I know what is broken. > > I have so called multihomed server, and multihomed udp does not work in > 2.6.7. > > On server with only one external interface everything works OK. Are you using --multihome in your confi

Re: [Openvpn-devel] OpenVPN 2.6.7 released

2023-11-09 Thread Gert Doering

Hi, On Fri, Nov 10, 2023 at 10:21:35AM +0400, Dmitry Melekhov wrote: > 10.11.2023 00:56, Yuriy Darnobyt ??: > > The OpenVPN community project team is proud to release OpenVPN 2.6.7. > > something is broken in 2.6.7. it stops passing traffic after several seconds > after connection when ac

Re: [Openvpn-devel] OpenVPN 2.6.7 released

2023-11-09 Thread Dmitry Melekhov

10.11.2023 10:21, Dmitry Melekhov пишет: 10.11.2023 00:56, Yuriy Darnobyt пишет: The OpenVPN community project team is proud to release OpenVPN 2.6.7. something is broken in 2.6.7. it stops passing traffic after several seconds after connection when acts as server, so I reverted it back to

Re: [Openvpn-devel] OpenVPN 2.6.7 released

2023-11-09 Thread Dmitry Melekhov

10.11.2023 00:56, Yuriy Darnobyt пишет: The OpenVPN community project team is proud to release OpenVPN 2.6.7. something is broken in 2.6.7. it stops passing traffic after several seconds after connection when acts as server, so I reverted it back to 2.6.6. compiled from sources on ubuntu 2

[Openvpn-devel] OpenVPN 2.6.7 released

2023-11-09 Thread Yuriy Darnobyt

The OpenVPN community project team is proud to release OpenVPN 2.6.7. This is a bugfix release containing security fixes. Security Fixes: * CVE-2023-46850 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly use a send buffer after it has been free()d in some circumstances, causing some free()

Re: [Openvpn-devel] OpenVPN 2.6.7 released

Re: [Openvpn-devel] OpenVPN 2.6.7 released

Re: [Openvpn-devel] OpenVPN 2.6.7 released

Re: [Openvpn-devel] OpenVPN 2.6.7 released

Re: [Openvpn-devel] OpenVPN 2.6.7 released

Re: [Openvpn-devel] OpenVPN 2.6.7 released

Re: [Openvpn-devel] OpenVPN 2.6.7 released

Re: [Openvpn-devel] OpenVPN 2.6.7 released

Re: [Openvpn-devel] OpenVPN 2.6.7 released

Re: [Openvpn-devel] OpenVPN 2.6.7 released

Re: [Openvpn-devel] OpenVPN 2.6.7 released

Re: [Openvpn-devel] OpenVPN 2.6.7 released

Re: [Openvpn-devel] OpenVPN 2.6.7 released

[Openvpn-devel] OpenVPN 2.6.7 released

14 matches

Site Navigation

Mail list logo

Footer information