From: Lev Stipakov
Some adapters create multiple device interfaces
and we need to enumerate all of them.
Signed-off-by: Lev Stipakov
---
src/openvpn/tun.c | 37 +
src/openvpn/tun.h | 2 +-
2 files changed, 22 insertions(+), 17 deletions(-)
diff --git a/src
From: Lev Stipakov
Some adapters create multiple device interfaces
and we need to enumerate all of them.
Signed-off-by: Lev Stipakov
---
v2: uncrustify
src/openvpn/tun.c | 35 ---
src/openvpn/tun.h | 2 +-
2 files changed, 21 insertions(+), 16 deletions(-)
d
On Sat, May 14, 2022 at 12:37:17PM +0200, Timo Rothenpieler wrote:
> On Linux, when dropping privileges, interaction with
> the network configuration, such as tearing down routes
> or ovpn-dco interfaces will fail when --user/--group are
> used.
>
> This patch sets the CAP_NET_ADMIN capability, wh
I have not tested this myself, but if I had, the test setup would have
been very similar to what Frank did (so, big thanks) - run a DCO
environment with "owner nobody", and see if things still work.
I will add this to my DCO server test environment - run one of the
iroute-using instances with "no
Hi,
On Thu, Aug 11, 2022 at 12:03:45PM +0200, Gert Doering wrote:
> Uncrustify complained about two lines with tabs -> fixed.
Turns out that it's actually 4 lines, and while I did "git apply $patch",
I forgot the "git commit --amend platform.c", so the whitespace errors
landed in the commit, and
Linux builds need this now in order to retain capabilities when dropping root
privileges.
---
.github/workflows/build.yaml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index b905c0d2..c89d3c8c 100644
--- a/.git
Acked-by: Gert Doering
Haven't tested anything, but it looks like it will fix the build - and
GHA will tell me very soon :-)
Your patch has been applied to the master branch.
commit 4fb4d295d647292c6bc0c036a061f3f60aaa1278
Author: Timo Rothenpieler
Date: Thu Aug 11 13:34:22 2022 +0200
G
LibreSSL has added some of the functions that are defined here. However,
we still need RSA_F_RSA_OSSL_PRIVATE_ENCRYPT.
Signed-off-by: Max Fillinger
---
src/openvpn/openssl_compat.h | 8 +---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/src/openvpn/openssl_compat.h b/src/open
Building OpenVPN on the latest OpenBSD snapshot failed because EVP_MD_CTX
is an opaque struct in LibreSSL now. Therefore, call md_ctx_new() instead
of declaring them on the stack. When they're not on the stack anymore, we
don't have to call EVP_MD_CTX_init() anymore, but we need to call
EVP_MD_CTX_
Am 11.08.22 um 14:07 schrieb Max Fillinger:
Building OpenVPN on the latest OpenBSD snapshot failed because EVP_MD_CTX
is an opaque struct in LibreSSL now. Therefore, call md_ctx_new() instead
of declaring them on the stack. When they're not on the stack anymore, we
don't have to call EVP_MD_CTX_i
> -Original Message-
> From: Arne Schwabe [mailto:a...@rfc2549.org]
> Sent: donderdag 11 augustus 2022 14:21
> To: Maximilian Fillinger ; openvpn-
> de...@lists.sourceforge.net
> Subject: Re: [Openvpn-devel] [PATCH 2/2] Handle EVP_MD_CTX as an opaque
> struct
>
> Am 11.08.22 um 14:07 schri
On 10 Aug 2022, at 18:32, Gert Doering wrote:
> as promised, here's test results and code review.
>
> Test results:
>
> - running openvpn over TCP gives me a kernel panic - this is not so
>nice... (see attached .png from the vmware console) - userland seems
>to assume "kernel can do TCP",
Am 11.08.22 um 17:25 schrieb Kristof Provost via Openvpn-devel:
On 10 Aug 2022, at 18:32, Gert Doering wrote:
as promised, here's test results and code review.
Test results:
- running openvpn over TCP gives me a kernel panic - this is not so
nice... (see attached .png from the vmware con
LibreSSL has added some of the functions that are defined here. However,
we still need RSA_F_RSA_OSSL_PRIVATE_ENCRYPT.
v2: Change ifdef condition for RSA_F_RSA_OSSL_PRIVATE_ENCRYPT.
Signed-off-by: Max Fillinger
---
src/openvpn/openssl_compat.h | 8 +---
1 file changed, 5 insertions(+), 3 de
Hi,
On Thu, Aug 11, 2022 at 07:00:25PM +0200, Arne Schwabe wrote:
> > I???ve pushed a fix for this panic in
> > fd6b3bede5a5c210f327e5c9bd3e415ee905048b.
> > I simply didn???t think that user space might give us a non-UDP socket, so
> > checking for that and rejecting the peer in that case fixes
Hi,
On Tue, Aug 2, 2022 at 8:02 AM Gert Doering wrote:
> Acked-by: Gert Doering
>
> I cannot test this (beyond "compile", but that is trivial) but the
> description in
>
>
> https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg24738.html
>
> makes sense, so allowing "a limited am
Hi,
On Fri, Jun 24, 2022 at 10:38:04AM +0200, Antonio Quartulli wrote:
> Some platforms may have different constraints in terms of incompatible
> opions, therefore we add a function that explicitly checks those.
>
> Also, add generic option check for when ovpn-dco-win is in use.
Looking more clo
Hi,
On Thu, Aug 11, 2022 at 05:25:05PM +0200, Kristof Provost via Openvpn-devel
wrote:
> On 10 Aug 2022, at 18:32, Gert Doering wrote:
> > as promised, here's test results and code review.
> >
> > Test results:
> >
> > - running openvpn over TCP gives me a kernel panic - this is not so
> >ni
18 matches
Mail list logo
