[Openvpn-devel] [PATCH v7 4/7] Rewrite auth-token-gen to be based on HMAC based tokens

The previous auth-token implementation had a serious problem, especially when paired with an unpatched OpenVPN client that keeps trying the auth-token (commit e61b401a). The auth-token-gen implementation forgot the auth-token on reconnect, this lead to reconnect with auth-token never working. Thi

[Openvpn-devel] [PATCH v7 5/7] Implement a permanent session id in auth-token

From: Arne Schwabe This allows an external authentication method (e.g. management interface) to track the connection and distinguish a reconnection from multiple connections. Addtionally this now also checks to workaround a problem with OpenVPN 3 core that sometimes uses a username hint from the

[Openvpn-devel] [PATCH v7 6/7] Sent indication that a session is expired to clients

From: Arne Schwabe This allows OpenVPN 3 core to fall back to the original authentication method. This commit changes man_def_auth_set_client_reason to auth_set_client_reason since it now used in more contexts. Also remove a FIXME about client_reason not being freed, as it is freed in tls_multi

[Openvpn-devel] [PATCH v7 7/7] Implement unit tests for auth-gen-token

From: Arne Schwabe The unit test is breaking the 80 char limit in some places but the remaining lines it breaks the limit I feel forcing the 80 char limit will impair readibility Patch V2: adapt unit tests to other V2 patches Patch V4: Resolve rebase conflicts Patch V5: Add \ lost in rebase that

[Openvpn-devel] [PATCH 1/7] Visual Studio: upgrade project files to VS2019

From: Lev Stipakov This set of patches adds support of wintun kernel driver (https://www.wintun.net) to OpenVPN. While wintun is in beta, it performs significantly faster comparison to tap-windows6. Here are some performance numbers (download bandwidth): Server - community openvpn2 mingw, t

[Openvpn-devel] [PATCH 5/7] wintun: interactive service support

From: Lev Stipakov Wintun requires ring buffers registration to be performed by privileged process. In order to use openvpn with wintun by non-Administrator, we need to use interactive service and shared memory to register buffers. Openvpn process creates memory mapping object and event for send

[Openvpn-devel] [PATCH 2/7] wintun: add --windows-driver config option

From: Lev Stipakov This allows to specify which tun driver openvpn should use, tap-windows6 (default) or wintun. Note than wintun support will be added in follow-up patches. Signed-off-by: Lev Stipakov --- src/openvpn/init.c| 7 +++ src/openvpn/options.c | 37

[Openvpn-devel] [PATCH 6/7] wintun: set adapter properties via interactive service

From: Lev Stipakov Since Wintun doesn't do DHCP, use interactive service calls to set up adapter properties. This also fixes bug in previously unused IPv4 code of do_address_service(): - ipv4 address must be in network byte order - prefix length cannot be hardcoded /32 but must be calculated

[Openvpn-devel] [PATCH 7/7] wintun: clear adapter settings on tun close

From: Lev Stipakov With tap-windows6 we clear adapter settings with DHCP, but since wintun doesn't do DHCP we do it with netsh. Signed-off-by: Lev Stipakov --- src/openvpn/tun.c | 79 +++ 1 file changed, 50 insertions(+), 29 deletions(-) dif

[Openvpn-devel] [PATCH 4/7] wintun: ring buffers based I/O

From: Lev Stipakov Implemented according to Wintun documentation and reference client code. Wintun uses ring buffers to communicate between kernel driver and user process. Client allocates send and receive ring buffers, creates events and passes it to kernel driver under LocalSystem privileges.

[Openvpn-devel] [PATCH 3/7] wintun: implement opening wintun device

From: Lev Stipakov To open wintun device, we cannot use "\\.\Global\Wintun" path as before. To get device path which we supply to CreateFile, we have to use SetupAPI to: - enumerate network adapters with "wintun" as component id - for each adapter save its guid - open device information set