From: Lev Stipakov
This code reads the state of OpenVPNService,
such as startup mode and running, and sets MSI
property value. If that property is set, installer
selects OpenVPNService as a feature to be installed.
This has been superseded by change in installer:
https://github.com/OpenVPN/op
Am 28.07.22 um 05:45 schrieb selva.n...@gmail.com:
From: Selva Nair
Generally we expect a response of SUCCESS: or ERROR: to every
command sent to the management interface. But, while in
the management-hold state, sending "signal foo" returns only
the following reply (with foo = SIGHUP, SIGUSR1
index 87d6fc31..dba9d02c 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -3194,6 +3194,16 @@ options_postprocess_mutate_ce(struct options *o, struct
connection_entry *ce)
ce->explicit_exit_notification = 0;
}
+/* when DCO is in use we can't send data ch
On 28/07/2022 14:56, Arne Schwabe wrote:
index 87d6fc31..dba9d02c 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -3194,6 +3194,16 @@ options_postprocess_mutate_ce(struct options
*o, struct connection_entry *ce)
ce->explicit_exit_notification = 0;
}
+ /* w
Am 27.07.22 um 20:58 schrieb Gert Doering:
Hi,
On Sun, Jun 26, 2022 at 01:41:46AM +0200, Arne Schwabe wrote:
+
+/**
+ * Checks if the cipher is allowed and updates the TLS session cipher with it,
+ * otherwise returns false
+ */
+bool
+update_session_cipher(struct tls_session *session, struct o
Hi,
On Thu, Jul 28, 2022 at 03:47:53PM +0200, Arne Schwabe wrote:
> > Is that comment correct? I can't find any "updating" here, only "checking".
> >
> > What am I overlooking?
>
> It sets options->cipher sometimes but the name is misleading. I will
> rename to check_session_cipher
The "optio
The ovpn-dco kernel module needs to be informed about the keys to be
used to encrypt/decrypt data traffic to/from a peer.
Configure keys in DCO right afte they are generated by the SSL code, to
avoid keeping them in memory longer than needed.
Signed-off-by: Antonio Quartulli
---
Changes from v2
Am 28.07.22 um 17:20 schrieb Antonio Quartulli:
The ovpn-dco kernel module needs to be informed about the keys to be
used to encrypt/decrypt data traffic to/from a peer.
Configure keys in DCO right afte they are generated by the SSL code, to
avoid keeping them in memory longer than needed.
Sign
Data channel keys are periodically regenarated and installed in
ovpn-dco.
However, there is a certain moment when keys are rotated in order
to elect the new primary one.
Check the key status in userspace so that kernelspace can be informed as
well when rotations happen.
Signed-off-by: Antonio Qua
DCO will try to install keys upon generating them, however, this happens
when parsing pushed cipher options (due to NCP).
For this reason we need to postpone parsing pushed cipher options to *after*
the tunnel interface has been opened, otherwise we would have no DCO netdev
object to operate on.
This change introduces ovpn-dco support along the p2mp/server code path.
Some code seems to be duplicate of the p2p version, but details are
different, so it couldn't be shared.
Signed-off-by: Antonio Quartulli
---
Changes from v1:
* fix if condition P_DATA_V2 -> P_DATA_V1
* fix unknown reason s
11 matches
Mail list logo
