Re: [Openvpn-devel] Fix for OpenVPN MTU Tunnel computation bug for TLS reconnects

Am 05.05.17 um 13:38 schrieb Dirkjan Bussink: > > When testing upgrading OpenVPN from 2.3 to 2.4, we ran into an issue where > every time the same client reconnects the MTU for the tunnel used shrinks, > eventually leading to packets being dropped by OpenVPN. > > Reproduced the problem with a 2 n

Re: [Openvpn-devel] [PATCH v6] convert *_inline attributes to bool

Hi, > On 25 Jan 2017, at 03:58, Steffan Karger wrote: [cut] > ACK, no more nagging from me, thanks! > > Now someone needs to go and review "[PATCH (master)] reformatting: fix > style in crypto*.{c, h}"[1], because this patch needs that one ;) > > -Steffan > > [1] > https://www.mail-archive.c

Re: [Openvpn-devel] [PATCH 1/2] plugin: Export base64 encode and decode functions

On 08/05/17 05:28, Selva Nair wrote: > Hi, > > Thanks for the patch exporting base64_encode/decode > > A quick question/comment though: quoting from your sample base64.c > > On Fri, May 5, 2017 at 5:46 PM, David Sommerseth > wrote: > > +/* Which callbacks to

[Openvpn-devel] [PATCH] plugin: Fix documentation typo for type_mask

The v3 plug-in API was slightly misleading, as that interface does not need to use an int pointer to setting the type_mask from the plug-in. Signed-off-by: David Sommerseth --- include/openvpn-plugin.h.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/openvpn-plu

Re: [Openvpn-devel] [PATCH 1/2] plugin: Export base64 encode and decode functions

Hi, Thanks for the follow up with details. I also put some further thought into this overnight and totally agree with your observations. With one exception :) On Mon, May 8, 2017 at 9:56 AM, David Sommerseth wrote: > I think it is a bit too risky to actually fix the plug-in API to fix > this.

Re: [Openvpn-devel] [PATCH] plugin: Fix documentation typo for type_mask

Hi, On Mon, May 8, 2017 at 10:19 AM, David Sommerseth wrote: > * > * STRUCT MEMBERS > * > - * *type_mask : The plug-in should set this value to the logical OR of > all script > + * type_mask : The plug-in should set this value to the logical OR of > all script > * types whi

Re: [Openvpn-devel] [PATCH] Set a low interface metric for tap adapter when block-outside-dns is in use

Hi, Please bear with me for making a few more comments. This close to final so only a few minor issues. On Thu, May 4, 2017 at 1:36 PM, ValdikSS wrote: > > Windows 10 before Creators Update used to resolve DNS using all available > adapters and IP addresses in parallel. > Now it still resolves a

Re: [Openvpn-devel] [PATCH] Fix memory leak in x509_verify_cert_ku()

On 07/05/17 13:01, Steffan Karger wrote: > If keyUsage was only required to be present, but no specific value was > required, we would omit to free the extracted string. This happens as of > 2.4.1, if --remote-cert-tls is used. In that case we leak a bit of > memory on each TLS (re)negotiation. >

Re: [Openvpn-devel] [PATCH] Fix memory leak in x509_verify_cert_ku()

Hi, On 08-05-17 16:54, David Sommerseth wrote: > On 07/05/17 13:01, Steffan Karger wrote: > > result_t > x509_verify_cert_ku(X509 *x509, const unsigned *const expected_ku, > int expected_len) > { > ASN1_BI

[Openvpn-devel] regressions in openvpn 2.4.1

hi, after we upgrade our servers and client to 2.4.1 we detect many regressions. - first was that with this the server no longer works and the server restart fail after upgrade. imho it's not a safe behavior. but it was easy to fix at least. script-security 2 system - then the new systemd unit fi

Re: [Openvpn-devel] regressions in openvpn 2.4.1

On 08/05/17 17:26, Farkas Levente wrote: > hi, > after we upgrade our servers and client to 2.4.1 we detect many > regressions. > Please, can we have these issues handled *ONE* place? You already opened this trac ticket: And that's where we've

Re: [Openvpn-devel] [PATCH applied] Fix extract_x509_field_ssl for external objects, v2

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Your patch has been applied to the following branches commit 69311687da55b8c0e6966b25c94c72494ea44e57 (master) commit f5d41cc68407f77f8fab41e242fa1d651c55c257 (release/2.4) Author: Hristo Venev Date: Thu May 4 00:10:48 2017 +0100 Fix extra

Re: [Openvpn-devel] [PATCH applied] Fix memory leak in x509_verify_cert_ku()

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Looking good to me. ACK! Your patch has been applied to the following branches commit 7b94d3bbbea46efcea12e1df24da52fe508d0173 (master) commit d7a13af789daecf38fb6a3ca2d6e6cf0ab939a73 (release/2.4) Author: Steffan Karger Date: Sun May 7 13:01:

Re: [Openvpn-devel] [PATCH applied] v4, travis-ci: add 2 mingw "build only" configurations

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Your patch has been applied to the master branch commit 81ba70b39b78d7677aabab957421264800028f53 Author: Ilya Shipitsin Date: Fri May 5 23:08:17 2017 +0500 v4, travis-ci: add 2 mingw "build only" configurations Signed-off-by: Ilya Ship

Re: [Openvpn-devel] [PATCH] plugin: Fix documentation typo for type_mask

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 08/05/17 16:38, Selva Nair wrote: > Hi, > > On Mon, May 8, 2017 at 10:19 AM, David Sommerseth > mailto:dav...@openvpn.net>> wrote: > > * * STRUCT MEMBERS * - * *type_mask : The plug-in should set this > value to the logical OR of all script + *

Re: [Openvpn-devel] Fix for OpenVPN MTU Tunnel computation bug for TLS reconnects

On 08-05-17 14:54, Arne Schwabe wrote: > Am 05.05.17 um 13:38 schrieb Dirkjan Bussink: >> >> When testing upgrading OpenVPN from 2.3 to 2.4, we ran into an issue where >> every time the same client reconnects the MTU for the tunnel used shrinks, >> eventually leading to packets being dropped by Op

[Openvpn-devel] [PATCH] Restore pre-NCP frame parameters for new sessions

As reported in trac #879, as of the introduction of NCP we always adjust the frame parameters on session negotiations, but do not reset the frame state for a new session on an existing state instance. That caused the frame parameters to be reduced for each reconnect, resulting in smaller and small

Re: [Openvpn-devel] [PATCH] plugin: Fix documentation typo for type_mask

Hi, On Mon, May 8, 2017 at 10:57 AM, David Sommerseth < open...@sf.lists.topphemmelig.net> wrote: > On 08/05/17 16:38, Selva Nair wrote: > > Hi, > > > On Mon, May 8, 2017 at 10:19 AM, David Sommerseth >> wrote: >> * >> * STRUCT MEMBERS >> * >> - * *type_mask : The plug-in should set this