Re: [Openvpn-devel] [PATCH] Do not abort t_client run if OpenVPN instance does not start.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 13/09/16 22:04, Gert Doering wrote: > Basically, an oversight - if one test instance does not start at > all (due to "tap driver not loaded") the whole script would exit, > instead of logging the failing instance and proceeding to the next > test ru

Re: [Openvpn-devel] [PATCH applied] Drop gnu89/c89 support, switch to c99

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Your patch has been applied to the master branch commit 058f0efdec63aba911addee9ab205382c4762d06 Author: Steffan Karger Date: Thu Sep 1 22:14:30 2016 +0200 Drop gnu89/c89 support, switch to c99 Signed-off-by: Steffan Karger Acked-b

[Openvpn-devel] [PATCH] Remove tun-ipv6 Option. Instead assume that IPv6 is always supported.

This option was useful when Ipv6 tun support was non standard and was an internal/user specified flag that tracked the Ipv6 capability of the tun device. All supported OS support IPv6. Also tun-ipv6 is pushable by the remote so not putting tun-ipv6 does not forbid ipv6 addresses. This commit al

Re: [Openvpn-devel] [PATCH applied] Do not abort t_client run if OpenVPN instance does not start.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Your patch has been applied to the following branches commit a7b02f7f660707f765881f35867b4d23d89b390f (master) commit 0043ddbbe6768ac560996e9879f47381e043a116 (release/2.3) Author: Gert Doering Date: Tue Sep 13 22:04:58 2016 +0200 Do not abo

[Openvpn-devel] [PATCH 2.3 v2] Make gnu89 support explicit

In the release/2.3 branch we support gnu89, basically to keep pre-2015 MSVC happy. Old gcc (<5) defaulted to gnu89. But gcc 5+ and clang default to gnu11/c11. This patch makes our gnu89 support explicit, such these newer compilers will also point out gnu89 violations to developers. v2: only set

Re: [Openvpn-devel] [PATCH] Remove tun-ipv6 Option. Instead assume that IPv6 is always supported.

Hi, On Fri, Sep 16, 2016 at 04:35:58PM +0200, Arne Schwabe wrote: > @@ -1420,8 +1417,8 @@ do_open_tun (struct context *c) >struct gc_arena gc = gc_new (); >bool ret = false; > > - c->c2.ipv4_tun = (!c->options.tun_ipv6 > - && is_dev_type (c->options.dev, c->options.dev_t

Re: [Openvpn-devel] [RFC] - Enable 2FA to be used with renegotiations

On 25/08/16 15:45, David Sommerseth wrote: > > Hi, > [...snip...] > > What the patch-set does is: > > - Add --auth-gen-token, and when used the following steps happens > > - After a successful normal user/password authentication, it will > generate a random token for this tunnel and keep a lo

Re: [Openvpn-devel] [PATCH applied] Make gnu89 support explicit

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ACK. This works well on CentOS 5, so this change makes sense as this makes the compiler behaviour more predictable in regards to C standards. This will most possibly break non-GNU compilers though (Solaris and AIX?). But as this behaviour can be ove

Re: [Openvpn-devel] [PATCH applied] cleanup: remove code duplication in msg_test()

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Your patch has been applied to the following branches commit d7ce876841d1d5b01940251f92780fdbb05b4df0 (master) commit 59114b956a46c89da06b36a37b4db0a7a087b879 (release/2.3) Author: Steffan Karger Date: Thu Sep 1 21:13:27 2016 +0200 cleanup:

[Openvpn-devel] [PATCH] Fix IP_PKTINFO related compilation failure on NetBSD 7.0

NetBSD has introduced IP_PKTINFO and struct in_pktinfo, but does not have the "ipi_spec_dst" structure element, causing compilation errors. Introduce a check for that (AC_CHECK_MEMBER) in configure.ac, and change all "#ifdef HAVE_IN_PKTINFO" to also check "HAVE_IPI_SPEC_DST". Patch inspired by Ne

Re: [Openvpn-devel] [PATCH] Fix IP_PKTINFO related compilation failure on NetBSD 7.0

Hi, On Fri, Sep 16, 2016 at 09:02:42PM +0200, Gert Doering wrote: > NetBSD has introduced IP_PKTINFO and struct in_pktinfo, but does not > have the "ipi_spec_dst" structure element, causing compilation errors. > > Introduce a check for that (AC_CHECK_MEMBER) in configure.ac, and > change all "#if

[Openvpn-devel] [PATCH] Show compile-time variant for --multihome in --version output.

Instead of just [MH], show [MH/PKTINFO] or [MH/RECVDA], to see more easily which compile-time variant was chosen by configure and syshead.h Signed-off-by: Gert Doering --- src/openvpn/options.c | 6 +- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/openvpn/options.c b/src/o

[Openvpn-devel] [PATCH] cleanup cert_hash_remember scoping

Add scopes for the conditional code, remove local scope that's only needed for c89 support (which we dropped). This patch should be applied after the SHA256 fingerprint support patch. Signed-off-by: Steffan Karger --- src/openvpn/ssl_verify.c | 17 ++--- 1 file changed, 10 insertion

[Openvpn-devel] [PATCH master v2] Support --block-outside-dns on multiple tunnels

v2: Simplify the "add sublayer" code. Currently each instance of openvpn adds WFP filters into an independent sublayer. As a block in one sublayer can over-ride a permit in another, this causes all DNS traffic to block when --block-outside-dns is used in multiple tunnels. Fix using a common subla

[Openvpn-devel] [PATCH 2.3 v2] Support --block-outside-dns on multiple tunnels

v2: Simplified "add sublayer" code Currently each instance of openvpn adds WFP filters into an independent sublayer. As a block in one sublayer can over-ride a permit in another, this causes all DNS traffic to block when --block-outside-dns is used in multiple tunnels. Fix using a common sublayer