Re: [Openvpn-devel] [PATCH 05/10] get_default_gateway_ipv6(): Linux / Netlink implementation.

+CLEAR(rtreq); +rtreq.nh.nlmsg_type = RTM_GETROUTE; +rtreq.nh.nlmsg_flags = NLM_F_REQUEST; /* XXX */ There should an indication why this is XXX, some kind of comment. > +rtreq.rtm.rtm_family = AF_INET6; > +rtreq.rtm.rtm_src_len = 0; > +rtreq.rtm.rtm_ds

[Openvpn-devel] [PATCH 8/8] Remove http-proxy-timeout, socks timeout and set default of server-poll-timeout to 120s

With this change all timeouts before the first packet from the OpenVPN server are unified into the server-poll-timeout option. Also make connect-timeout and server-poll-timeout aliases. The old connect-timeout handling the tcp timeout now also uses the same timeout. The default of 120s has been

[Openvpn-devel] [PATCH 6/8] Extend network-change command to allow reprotecting on the same network (for short connection losses)

--- src/openvpn/init.c | 6 +++--- src/openvpn/manage.c | 11 --- src/openvpn/manage.h | 2 +- 3 files changed, 12 insertions(+), 7 deletions(-) diff --git a/src/openvpn/init.c b/src/openvpn/init.c index beeb487..52743e7 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -316

[Openvpn-devel] [PATCH 7/8] Remove unused function h_errno_msg

--- src/openvpn/socket.c | 17 - 1 file changed, 17 deletions(-) diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c index 5248f44..57d5962 100644 --- a/src/openvpn/socket.c +++ b/src/openvpn/socket.c @@ -71,23 +71,6 @@ sf2gaf(const unsigned int getaddr_flags, * Functions r

[Openvpn-devel] [PATCH 2/8] Remove #ifdefs for client nat support.

The client-nat feature was always unconditionally enabled --- src/openvpn/clinat.c | 4 src/openvpn/clinat.h | 2 +- src/openvpn/forward.c | 12 +++- src/openvpn/multi.c | 2 -- src/openvpn/openvpn.h | 2 -- src/openvpn/options.c | 18 +- src/openvpn/options.h

[Openvpn-devel] [PATCH 4/8] Use pseudo gw as default gw on Android as a workaround for not being able to read /proc/net/route

--- src/openvpn/route.c | 14 ++ 1 file changed, 14 insertions(+) diff --git a/src/openvpn/route.c b/src/openvpn/route.c index 03f8332..56cce07 100644 --- a/src/openvpn/route.c +++ b/src/openvpn/route.c @@ -2474,6 +2474,7 @@ get_default_gateway (struct route_gateway_info *rgi) CLE

[Openvpn-devel] [PATCH 1/8] Add support for requesting the fd again to rebind to the next interface.

This not done via android_control since calling management from management leads to an infinitive loop --- src/openvpn/init.c | 34 ++ src/openvpn/manage.c | 26 ++ src/openvpn/manage.h | 3 +++ 3 files changed, 63 insertions(+) diff --g

[Openvpn-devel] [PATCH 3/8] Don’t redirect the gateway on Android even if requested

Routing loops are avoided using the VPNService API --- src/openvpn/route.c | 4 1 file changed, 4 insertions(+) diff --git a/src/openvpn/route.c b/src/openvpn/route.c index 6b2af3c..03f8332 100644 --- a/src/openvpn/route.c +++ b/src/openvpn/route.c @@ -528,8 +528,10 @@ add_block_local (struc

[Openvpn-devel] [PATCH 5/8] Fix loglevel of protect socket message

--- src/openvpn/socket.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c index 7f889b1..5248f44 100644 --- a/src/openvpn/socket.c +++ b/src/openvpn/socket.c @@ -898,11 +898,11 @@ static void protect_fd_nonlocal (int fd, const stru

[Openvpn-devel] [PATCH applied] Re: Create basic infrastructure for IPv6 default gateway handling / redirection.

Patch has been applied to the master branch, with an addition to openvpn.8 (see below). commit d8a8656f1a8721f56a08439afe24916beadfef55 Author: Gert Doering List-Post: openvpn-devel@lists.sourceforge.net Date: Fri Sep 11 17:33:41 2015 +0200 Create basic infrastructure for IPv6 default gat

[Openvpn-devel] [PATCH applied] Re: Remove unused function h_errno_msg

ACK, this was an easy one :-) Your patch has been applied to the master branch. commit 1d11134feee33689904ded0c6a0108e865d17d7e Author: Arne Schwabe List-Post: openvpn-devel@lists.sourceforge.net Date: Tue Sep 15 11:23:38 2015 +0200 Remove unused function h_errno_msg Acked-by: Gert

Re: [Openvpn-devel] [PATCH 1/8] Add support for requesting the fd again to rebind to the next interface.

Hi, On Tue, Sep 15, 2015 at 11:23:32AM +0200, Arne Schwabe wrote: > This not done via android_control since calling management from management > leads to an infinitive loop I'm all willing to ACK it, but... > +#ifdef TARGET_ANDROID > +int > +managmenet_callback_network_change (void *arg)

[Openvpn-devel] [PATCH 0/8] Miscallenous patches for OpenVPN

Submission of multiple patches that are still in my OpenVPN for Android "fork" of OpenVPN for Android. Some of the patches are specific for the Android version (1, 3-6) 2 and 7 are cleanup patches (remove unused function and remove an Inline). The only major patch is the timeout patch. (8). We t

Re: [Openvpn-devel] Log cert serial no if it is revoked

Hi. Any news on importing this patch into codebase? On 26.08.2015 16:15, David Sommerseth wrote: On 24/08/15 18:54, Boris Lytochkin wrote: Hi. Author: Boris Lytochkin Sponsored-by: Yandex LLC Log serial number of revoked certificate In most of situations admin of OpenVPN server needs to kn

[Openvpn-devel] [PATCH applied] Re: Add support for requesting the fd again to rebind to the next interface.

ACK. As discussed, I've changed the two occurances of "managmenet" into "management". Otherwise, unchanged. Your patch has been applied to the master branch. commit 300039789b23216f1733890063cef3120722f4cf Author: Arne Schwabe List-Post: openvpn-devel@lists.sourceforge.net Date: Tue Sep 15

Re: [Openvpn-devel] [PATCH 06/10] Implement handling of overlapping IPv6 routes with IPv6 remote VPN server address

+ * "good enough") + */ +static bool +route_ipv6_match_host( const struct route_ipv6 *r6, + const struct in6_addr *host ) +{ +int bits = r6->netbits; +int i; +unsigned int mask; + +if ( bits<0 || bits>128 ) + return false; bits should be unisgned int si

[Openvpn-devel] [PATCH applied] Re: Don't redirect the gateway on Android even if requested

Your patch has been applied to the master branch. (I've taken the liberty to replace the UTF-8 apostroph in "Don't" with a 7 bit one... still living in ISO8859-1 land and this messes up my terminals :) ) commit ad80d6779488e77bc81f395f61d4052184f9a589 Author: Arne Schwabe List-Post: openvpn-dev

[Openvpn-devel] [PATCH applied] Re: Don't redirect the gateway on Android even if requested

Argh, too fast... "ACK!" And I expect we'll need a similar patch for the IPv6 routing bits, as soon as they are fully merged - the code is not needed on Android, and the best thing it can do is "get in the way", so #ifndef is good :) Your patch has been applied to the master branch. (I've tak

[Openvpn-devel] [PATCH applied] Re: Fix loglevel of protect socket message

ACK. Makes sense, and TARGET_ANDROID anyway... Your patch has been applied to the master branch. commit acd487d0f3597e67f451aa23b73ad03dc19842b0 Author: Arne Schwabe List-Post: openvpn-devel@lists.sourceforge.net Date: Tue Sep 15 11:23:36 2015 +0200 Fix loglevel of protect socket message

Re: [Openvpn-devel] [PATCH 07/10] Implement '--redirect-gateway ipv6'

Am 11.09.15 um 16:33 schrieb Gert Doering: > Add "ipv6" and "!ipv4" sub-options to "--redirect-gateway" option. > > This is done in the same way as in the OpenVPN 3 code base, so > "--redirect-gateway ipv6" will redirect both IPv4 and IPv6 - if you > want v6-only, use "--redirect-gateway ipv6 !ip

[Openvpn-devel] [PATCH] Do not install a IPv6 host route for the VPN on Android

Routing loops are avoided using the VPNService API protect API --- src/openvpn/route.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/openvpn/route.c b/src/openvpn/route.c index 3959abd..7e4a766 100644 --- a/src/openvpn/route.c +++ b/src/openvpn/route.c @@ -768,6 +768,7

Re: [Openvpn-devel] [PATCH 07/10] Implement '--redirect-gateway ipv6'

Hi, On Tue, Sep 15, 2015 at 12:10:12PM +0100, Arne Schwabe wrote: > > + if ( options->routes_ipv6->flags & RG_REROUTE_GW ) > > +{ > > + char *opt_list[] = { "::/3", "2000::/4", "3000::/4", "fc00::/7", > > NULL }; > > + int i; > > + > > > I cannot judge how good or bad this default

[Openvpn-devel] [PATCH applied] Re: Extend network-change command to allow reprotecting on the same network (for short connection losses)

ACK. Android specific, no obvious code issues. Taking the "management <-> managmenet" typo of 1/8 into account. Your patch has been applied to the master branch. commit d967ec289df5c5196f68a3708a9f36a5ba354833 Author: Arne Schwabe List-Post: openvpn-devel@lists.sourceforge.net Date: Tue Sep

[Openvpn-devel] [PATCH applied] Re: Use pseudo gw as default gw on Android as a workaround for not being able to read /proc/net/route

ACK. To be expected :-) - and why bother creating error messages when the VPN API does not need this information anyway. I wondered why the part after " /* scan adapter list */" is still active, but this is about "which locally connected networks exist?" (--redirect-gateway block-local), so tha

[Openvpn-devel] [PATCH applied] Re: Remove #ifdefs for client nat support.

ACK. I can't remember when we discussed this (some IRC meeting), but as this is always enabled anyway, and all the #ifdefs are really hurting the eyes, away with it :-) (I admit I have never used it and have no idea what nice stuff one can do with it... should set up a test case for it!) Your pa

Re: [Openvpn-devel] Log cert serial no if it is revoked

Hi, I agree that the functionality makes, but need to look at the code. I'm currently on a long holiday and haven't had enough spare cycles to spend on openvpn. After I get back (next week), this will be part of my backlog :) -Steffan On 15 Sep 2015 03:34, "Boris Lytochkin" wrote: > Hi. > > An