Similarly to ifconfig(-push), its IPv6 counterpart is now able to
accept hostnames as well instead of IP addresses in numeric form.
Basically this means that the user is now allowed to specify
something like this:
ifconfig-ipv6-push my.hostname.cx/64
This is exactly the same behaviour that we al
Hi,
On Fri, Dec 1, 2017 at 10:58 AM, Selva Nair wrote:
>
> Hi,
>
> On Fri, Dec 1, 2017 at 8:53 AM, Arne Schwabe wrote:
>>
>> Am 30.11.2017 um 03:03 schrieb Selva Nair:
>>
>> Cross-posting to users and devel as this may be of interest to both.
>>
>> Hi,
>>
>> I have made a draft implementation of
The crypto engine cannot be disabled anymore, therefore get
rid of all the related ifdefs in the code.
This change makes the code simpler and reduces our the
number of config combinations we have to test after a new
change is applied.
[re-enable unit-tests that were previously disabled]
Signed-o
SSL_LIB_VER_STR made sense only when ENABLE_CRYPTO also
existed. It can now be removed and thus simplify the code.
Signed-off-by: Antonio Quartulli
---
src/openvpn/options.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
ind
Now that ENABLE_CRYPTO has been removed, CIPHER_ENABLED is basically
a useless shortcut which does not really help the readability of the
code.
Remove it and use its expanded expression instead.
Signed-off-by: Antonio Quartulli
---
src/openvpn/init.c| 4 ++--
src/openvpn/openvpn.h | 2 --
2
ENABLE_PUSH_PEER_INFO depended on ENABLE_CRYPTO that now does
not exist anymore.
Get rid of ENABLE_PUSH_PEER_INFO by assuming that it is always
enabled and simplify the code.
Signed-off-by: Antonio Quartulli
---
src/openvpn/init.c | 2 --
src/openvpn/options.c| 10 --
src/open
Apparently the MS5SUM macro is not used anywhere.
Remove it.
Signed-off-by: Antonio Quartulli
---
src/openvpn/openvpn.h | 1 -
1 file changed, 1 deletion(-)
diff --git a/src/openvpn/openvpn.h b/src/openvpn/openvpn.h
index d843c913..fe8324ab 100644
--- a/src/openvpn/openvpn.h
+++ b/src/openvpn/o
With this patch we remove the possibility to disable the crypto engine
(ENABLE_CRYPTO define) at configuration time.
[Some unit-test are temporarily disabled and will be enabled again when
ENABLE_CRYPTO is completely removed from the codebase]
[--disable-crypto has been removed from .travis.yml t
Now that ENABLE_CRYPTO has been removed, TLS_MODE is basically
a useless shortcut which does not really help the readability of the
code.
Remove it and use its expanded expression instead.
Signed-off-by: Antonio Quartulli
---
src/openvpn/forward.c | 2 +-
src/openvpn/init.c| 2 +-
src/openv
It is plausible for a user to be willing to add a route for a network
made up of all 0s via a VPN client (i.e. 0.0.0.0/1), therefore such
iroute should be supported.
As of now the option parsing code will accept such iroute, but
the learning routine will (silently) reject it after a sanity check.
Carrying around the INLINE_TAG is not really efficient,
because it requires a strcmp() to be performed every
time we want to understand if the data is stored inline
or not.
Convert all the *_inline attributes to bool to make the
logic easier and checks more efficient.
Signed-off-by: Antonio Quart
Some ICMPv6 packets can't be dropped otherwise the entire
overlaying network layer (IPv6) would just stop working.
Such packets are described in RFC4890, sec. 4.4.1.
Improve the mroute packet parsing routine in order to detect
these specific packets types and thus avoid PF to drop them.
This way
The PF subnets component has been extended to also accept
IPv6 networks. The syntax is exactly the same as the IPv4
subnets.
The user only needs to list the IPv6 networks in the same
"[SUBNETS DROP/ACCEPT]" block as the IPv4 ones.
Example:
[SUBNETS ACCEPT]
-180.180.0.0/16
-2001:caca:beef::/48
T
Hi
On Sat, Dec 2, 2017 at 7:08 AM, Jonathan K. Bullard
wrote:
> Hi,
>
> On Fri, Dec 1, 2017 at 10:58 AM, Selva Nair wrote:
> >
> > Hi,
> >
> > On Fri, Dec 1, 2017 at 8:53 AM, Arne Schwabe wrote:
> >>
>
..
> >>
> >> Could we have some text stating that clients might only display one
> message
On 03/12/17 00:47, Arne Schwabe wrote:
> Am 02.12.17 um 17:24 schrieb Antonio Quartulli:
>> Some ICMPv6 packets can't be dropped otherwise the entire
>> overlaying network layer (IPv6) would just stop working.
>>
>> Such packets are described in RFC4890, sec. 4.4.1.
>>
>> Improve the mroute packe
Hi,
On Sat, Dec 2, 2017 at 3:54 AM, Antonio Quartulli wrote:
> Similarly to ifconfig(-push), its IPv6 counterpart is now able to
> accept hostnames as well instead of IP addresses in numeric form.
>
If dns names currently work for ifconfig-push (I didn't know), makes sense
to
support it for ip
Hi,
On 03/12/17 04:27, Selva Nair wrote:
> Hi,
>
> On Sat, Dec 2, 2017 at 3:54 AM, Antonio Quartulli wrote:
>
>> Similarly to ifconfig(-push), its IPv6 counterpart is now able to
>> accept hostnames as well instead of IP addresses in numeric form.
>>
>
> If dns names currently work for ifconfi
oops forgot to cc the list..
-- Forwarded message --
From: Selva Nair
Date: Sat, Dec 2, 2017 at 10:16 PM
Subject: Re: [Openvpn-devel] [PATCH v2] ifconfig-ipv6(-push): allow using
hostnames
To: Antonio Quartulli
Hi,
On Sat, Dec 2, 2017 at 9:25 PM, Antonio Quartulli wrote:
> H
Hi,
On 03/12/17 11:39, Selva Nair wrote:
> oops forgot to cc the list..
>
> -- Forwarded message --
> From: Selva Nair
> Date: Sat, Dec 2, 2017 at 10:16 PM
> Subject: Re: [Openvpn-devel] [PATCH v2] ifconfig-ipv6(-push): allow using
> hostnames
> To: Antonio Quartulli
>
>
> Hi,
Similarly to ifconfig(-push), its IPv6 counterpart is now able to
accept hostnames as well instead of IP addresses in numeric form.
Basically this means that the user is now allowed to specify
something like this:
ifconfig-ipv6-push my.hostname.cx/64
This is exactly the same behaviour that we al
Sorry, I did some mistake on my own. Will send v4.
On 03/12/17 12:09, Antonio Quartulli wrote:
> Similarly to ifconfig(-push), its IPv6 counterpart is now able to
> accept hostnames as well instead of IP addresses in numeric form.
>
> Basically this means that the user is now allowed to specify
>
Similarly to ifconfig(-push), its IPv6 counterpart is now able to
accept hostnames as well instead of IP addresses in numeric form.
Basically this means that the user is now allowed to specify
something like this:
ifconfig-ipv6-push my.hostname.cx/64
This is exactly the same behaviour that we al
Hi,
Responding to this old version just to be on record.
I realized patch this was assigned to Gert on patchwork too late after
started responding on my own. Sorry for jumping the gun. Have to make
keeping an eye on patchwork a habit..
I'll leave the latest v4 alone.
cheers,
Selva
Hi,
On 03/12/17 12:38, Selva Nair wrote:
> Hi,
>
> Responding to this old version just to be on record.
>
> I realized patch this was assigned to Gert on patchwork too late after
> started responding on my own. Sorry for jumping the gun. Have to make
> keeping an eye on patchwork a habit..
No p
Hi,
On 25/11/17 04:23, j...@carroll.com wrote:
> From: JimC
>
> Modified the autoconf, automake and code to support building OpenVPN with
> OpenSSL FIPS Object Module v2.0 validated encryption.
>
> * Adds: --enable-fips-mode switch to configure.ac
> * Adds: --enable-fips-mode co
25 matches
Mail list logo