[Openvpn-devel] [PATCH] t_net.sh: delete dummy iface using iproute command

A dummy interface cannot be deleted using --rmtun because openvpn tries to send some ioctl (i.e. TUNSETPERSIST) which is not supported by this device type. This results in the following error: 2022-04-07 09:59:29 Cannot ioctl TUNSETPERSIST(0) ovpn-dummy0: Bad file descriptor (errno=9) 2022-04-07

[Openvpn-devel] [PATCH v2 3/7] networking: implement net_iface_new and net_iface_del APIs

These two new methods can be used to create and delete a tun or an ovpn-dco interface via networking API. Implementations for SITNL and iproute2 are provided Signed-off-by: Arne Schwabe Signed-off-by: Antonio Quartulli --- Changes from v1: * removed enum iface_type -> just use strings to make

[Openvpn-devel] [PATCH v3 3/7] networking: implement net_iface_new and net_iface_del APIs

These two new methods can be used to create and delete a tun or an ovpn-dco interface via networking API. Implementations for SITNL and iproute2 are provided Signed-off-by: Arne Schwabe Signed-off-by: Antonio Quartulli --- Changes from v1: * removed enum iface_type -> just use strings to make

Re: [Openvpn-devel] [PATCH] Enable deferred auth for multiple plugins (RFC).

On 10/03/2022 12:57, Gert Doering wrote: Without this patch, OpenVPN behaviour if more than one plugin wants to do deferred user/password authentication not well-defined, as there is just one set of auth control files and a single plugin state. This patch changes "key state -> plugin_auth" from

[Openvpn-devel] [PATCH] networking_iproute2: don't pass M_WARN to openvpn_execve_check()

openvpn_execve_check() expects a set of flags as third argument and not a loglevel. For this reason, if no FATAL behaviour is expected, we should simply pass 0. openvpn_execve_check() will then pick the appropriate loglevel on its own. Signed-off-by: Antonio Quartulli --- src/openvpn/networking_

[Openvpn-devel] [PATCH v3] platform: Retain CAP_NET_ADMIN when dropping privileges

On Linux, when dropping privileges, interaction with the network configuration, such as tearing down routes or ovpn-dco interfaces will fail when --user/--group are used. This patch sets the CAP_NET_ADMIN capability, which grants the needed privileges during the lifetime of the OpenVPN process whe

[Openvpn-devel] [PATCH applied] Re: networking_iproute2: don't pass M_WARN to openvpn_execve_check()

Acked-by: Gert Doering Good catch :-) Your patch introduced a whitespace change on the second line. I asked uncrustify, uncrustify said "previous indent is correct", so only changing the first line. Your patch has been applied to the master and release/2.5 branch. commit 545f6bdea30e04a09b118