Apologize for putting this problem on the developer list. Just not getting to
many hits else where. When I log into my server and manually restart the
server, all is well with my VPN connections. After a short time, login attempts
result in failures. The passwords come back as auth failed or cr
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/11/09 11:25, Victor Wagner wrote:
> On 2009.11.11 at 09:40:59 +0100, David Sommerseth wrote:
>
>> On 10/11/09 17:16, Till Maas wrote:
>>> I would like to get a notification in case a client certificate is used
>>>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/11/09 12:06, Mathieu GIANNECCHINI wrote:
> Victor Wagner a écrit :
>> On 2009.11.11 at 09:40:59 +0100, David Sommerseth wrote:
>>
>>
>>> On 10/11/09 17:16, Till Maas wrote:
>>>
>>>>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/11/09 13:54, Victor Wagner wrote:
> On 2009.11.11 at 13:00:05 +0100, David Sommerseth wrote:
>
>>
>> Good point! I was not aware of the Apache/mod_ssl way of doing it. My
>> only concern about that is if it would be
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/11/09 22:15, Karl O. Pinc wrote:
> On 11/11/2009 06:26:04 AM, David Sommerseth wrote:
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
>> On 11/11/09 12:06, Mathieu GIANNECCHINI wrote:
>>> Victor Wa
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/11/09 12:51, Till Maas wrote:
> On Wed, Nov 11, 2009 at 01:26:04PM +0100, David Sommerseth wrote:
>
>> 1) The certificate is first dumped to file. Would it be possible to
>> pass it only via environment table, to avoid th
/OpenVPN%20eurephia%20patches/openvpn-2.1_rc21_eurephia.patch/download>
The rewriten patch makes now use of the code practice which is found
other places in OpenVPN, and it is not as intrusive as earlier.
kind regards,
David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/11/09 16:37, Victor Wagner wrote:
> On 2009.11.11 at 16:04:12 +0100, David Sommerseth wrote:
>> I completely agree, that under normal circumstances, it should be enough
>> by letting OpenSSL take care of the certificate chain.
aracters outside the standard
7bit ASCII. I've even experienced developers who got non-ASCII
characters in their names, and they forgot about 8bit and multi-byte
characters when implementing solutions processing names.
So having to enable characters outside the 7bit ASCII region explicitly
is most likely a better approach, IMHO.
kind regards,
David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkr8UwkACgkQDC186MBRfrpb+wCdE+umDv+3FpLO1LYlocBA+X57
7rsAn3o1vPMOHLSgfEfInPFot3aXi4T8
=Zboj
-END PGP SIGNATURE-
ihome option?
James, this option is not documented in the man pages, AFAICS. Could
that be the reason the needed use was not discovered?
kind regards,
David Sommerseth
>> Olaf Fraczyk wrote:
>>> Hello,
>>>
>>> I have several interfaces, the problem is that i
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 13/11/09 13:28, Victor Wagner wrote:
> On 2009.11.12 at 19:25:16 +0100, David Sommerseth wrote:
>
>>> no-name-remapping has side effects, i.e. disables system method of
>>> script execution.
>>
>> I'd h
vailable for download here:
<http://sourceforge.net/projects/eurephia/files/OpenVPN/OpenVPN%20eurephia%20patches/openvpn-2.1_rc22_eurephia.patch/download>
The openvpn source tree with and without this patch can be fetched here:
The git tree can be browsed via:
<http://eurephia.git.sour
ot have a "native" OpenVPN implementation, but relies on VPN plug-ins.
There's even a plug-in for vpnc as well.
kind regards,
David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
If openvpn is interrupted before openvpn_plugin_open_v1() is called,
there is no context allocated which openvpn_plugin_abort_v1() can use.
Signed-off-by: David Sommerseth
- ---
plugin/down-root/down-root.c |2 +-
1 files changed, 1
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Make sure that the context is pointing somewhere before continuing.
Signed-off-by: David Sommerseth
- ---
plugin/down-root/down-root.c |8
1 files changed, 8 insertions(+), 0 deletions(-)
diff --git a/plugin/down-root/down-root.c b
either support nor trigger. But I do believe a better
DVCS (than CVS or SVN) is needed for this to work more flawlessly and
efficient, no matter what DVCS is chosen. I just hope it will be an
Open Source based one.
And if James don't want to change it, fine! Just make SVN URLs publicly
and easily available. Anyhow, when starting on the next version when
2.1 is finally released, it is a good time to at least consider the options.
kind regards,
David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAksfkf8ACgkQDC186MBRfrpgbwCgilrmlIuDmTbGjOQG0dYNqBcC
/L0AoJk+HfMXONEFBOviduXytx681/id
=s4BF
-END PGP SIGNATURE-
pure
GPLv2 license. Is this a correct assumption?
Btw! Good move on the license!
kind regards,
David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAksiF70ACgkQDC186MBRfrqEjACeLYEA2zw+tIC8b
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Could someone with list admin please remove this e-mail address from the
mailing-list? Every time I mail to the -devel list, I get this spam in
reply. Might be something similar to the -users list as well
kind regards,
David Sommerseth
vpn source tree with and without this patch can be fetched here:
The git tree can be browsed via:
<http://eurephia.git.sourceforge.net/git/gitweb.cgi?p=eurephia/openvpn-eurephia.git;a=summary>
kind regards,
David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Lin
What is the plan?
Regards,
David
But you have here a double strdup() situation if you get a
match on USERNAME or PASSWORD. It's almost like saying:
char *ptr = strdup (strdup ("string"));
free(ptr);
This code will give you a memory leak.
Please confirm if my assumptions are correct. I would probably suggest
to move the strdup() on line 569 and skip using the return_value at all.
Just use aresp[i].resp directly.
kind regards,
David Sommerseth
things
for me, even though there are some awkward things with this, trying to
make git stuff out of SVN, as that's not always easy due to the very
different way of VCS designs ... but it do work somehow, and when the
cloning is done - it is very fast again.
So for me, git is among the
ways to automate tests and to make sure OpenVPN
will continue to stay as a stable product. And in the long run, it
might help reducing the workload key-persons in the OpenVPN team may have.
That's probably enough thoughts for today :)
kind regards,
David Sommerseth
as well. What is obvious for the developer writing
the patch in that moment, might not be so obvious for a different
developer a few years later on.
kind regards,
David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 13/12/09 02:32, Daniel Johnson wrote:
> David Sommerseth wrote:
>> The pam_auth() function calls my_conv(), and if this function
>> gets a match on USERNAME or PASSWORD value in the block around
>> line 562, it calls searchandr
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 13/12/09 21:18, Daniel Johnson wrote:
> David Sommerseth wrote:
>> - - const char *return_value = NULL;
>> + aresp[i].resp = NULL;
>
>> This I didn't think about, but I saw another potentia
, for the hardware which supports that
... Remember that the box is scratch installed on each test run, to
provide a predictable testing environment.
kind regards,
David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigma
somewhere else as well. If this
is considered waste of time, please stop me NOW! It's a rather
comprehensive job. Booleans are used many places, and I check how each
single place is using this type, including functions returning bool to
each variable being defined as bool.
kind regards,
Dav
are pro and contra points to both staying in #openvpn and to move
to #openvpn-discussion. For me what is chosen, is less important. It is
much more important to me that we actually do have these discussions.
kind regards,
David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Li
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Resending it to openvpn-devel list, to hit the right audience.
kind regards,
David Sommerseth
On 08/01/10 10:39, Enrico Scholz wrote:
> Hi,
>
> I am running a multihomed host where 'local ' must be specified
>
er) have a
broader feature-set than SVN, also speaks for looking at web modules
which are flexible and can support a broader range of VCSes.
And to be honest, the VCS discussion is a discussion which primarily
should go between the developers who are more heavily involved the
development process
hanges to not requiring to subscribe to the list. But that of course
will include issues with spam. Another solution is to either switch to
forum only (which I personally would dislike) or to have both in
parallel with synchronisation (posts in forums are sent to mailing list
and vice versa).
ot sure or they know that their patch has not
been included yet in the SVN tree James keeps.
Of course, I am only going to do this if the community *and* OpenVPN
company accept my offer. So unless somebody feel I'm not trustworthy or
not capable of doing this job, I will step aside and let o
n which describes this. Anyway, the
documentation need should be discussed in the meeting today as well.
kind regards,
David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAktq7rcACgkQDC186MBRfrqezQCcCrE2UfcTX6fmKvJX5Mv9+3IH
ItIAoKXgknhOumtFtp3AxeD+AZJeDdGc
=bN/y
-END PGP SIGNATURE-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/02/10 09:58, Peter Stuge wrote:
> David Sommerseth wrote:
>> I need a place where to put this openvpn-testing tree.
>
> If you send me a public SSH key and prefered username I'll set up a
> repo on git.stuge.se, curre
e
Symbian source code is getting open which might provide the needed
information for someone to write or port a tun/tap driver to Symbian.
With that in place, the rest should be rather simple.
kind regards,
David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment:
rstands the tun/tap drivers and networking in kernel space to catch
the ball and bring it further.
kind regards,
David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEUEARECAAYFAktyj9UACgkQDC186MBRfrrRAwCdEzZY6E7MLRAhKL0HbN28i93e
ubUAlitj/c299V7yleW65o+Ro94haLw=
=la09
-END PGP SIGNATURE-
From: David Sommerseth
Addedd configure option (--disable-eurephia) to disable the code which the
eurephia plug-in depends on.
It was chosen to use --disable-eurephia, as this patch is not much intrusive.
It
just enables a SHA1 fingerprint environment variable for each certificate being
used
, and to
see how smoothly it will merge in those changes.
For those wanting to contact me, I'm available on e-mail:
or on IRC (freenode, #openvpn-devel)
The git tree is available here:
Web view of the git tree can be found here:
<http://openvpn.git.sourceforge.net/git/gitweb.cgi?p=open
mentioned article lists most
important functions which should be ported to newer APIs.
Any comments on this issue would be appreciated. Another issue is of
course how this will influence other platforms than Linux.
kind regards,
David Sommerseth
[1] <http://people.redhat.com/drepper/user
w you have tested this patch? Have you
checked it for memory leaks? (e.g. using valgrind) What happens if no
FQDNs are found?
With some good answers and if this gets acceptance from more people in
regards to usability, I'm giving it an ACK.
kind regards,
David Sommerseth
-BEGIN PGP SIGNA
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 17/02/10 17:20, Gert Doering wrote:
> Hi,
>
> On Wed, Feb 17, 2010 at 02:47:28PM +0100, David Sommerseth wrote:
>> When reviewing the patch "FQDN for routes should expand to all IPs"
>> today, I spotted that the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 16/02/10 19:49, David Sommerseth wrote:
>
> Greetings all!
>
[...snip...]
>
> What's next:
>
[...snip...]
>
> - Update the developers documentation on the wiki, with some
> "requirements" to get patche
gs needs to be fixed, IMHO, before we can
include it into a testing tree. I'm sorry for now withdrawing my
initial and quite positive attitude for an ACK. But we need to have a
few more rounds on this code, I see now.
kind regards,
David Sommerseth
-BEGIN PGP SIGNATURE-
Vers
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 18/02/10 13:53, Gert Doering wrote:
> Hi,
>
> On Thu, Feb 18, 2010 at 12:54:08PM +0100, David Sommerseth wrote:
>> The average user might have hits between 1 and 5 IP addresses
>> (guestimate) on such a hostname lookups. The
From: David Sommerseth
Based on a discussion on the mailing list and in the IRC meeting Feb 18,
it was decided to remove get_random() from the getaddr() function as that
can conflict with round-robin/randomization done by DNS servers.
This change must be documented in the release notes.
Signed
pretty extreme to
> me (as a compiler guy). OTOH I don't know if 20 entries is enough
> (it's plenty for my use case, tho, so I'd be fine with this choice).
Then I would say we will push this down to 20 for now, and we will have
a look at how this works out. This can be a dece
ay, just want to know what the
> 'norm' is going to be.
I would not mind if you have some kind of script which does all the
snapshot work automagically. I probably indicated that above :-P If
these snapshots are uploaded to a community webserver, then we basically
have all we ne
don't know how doable that is. And this is my personal opinion, I
don't mean to instruct anyone into a direction. I will let you guys
find the proper direction.
kind regards,
David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Co
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 18/02/10 22:45, JuanJo Ciarlante wrote:
> On Wed, Feb 17, 2010 at 6:46 PM, JuanJo Ciarlante wrote:
>> > Hi David,
>> >
>> > On Tue, Feb 16, 2010 at 7:49 PM, David Sommerseth
>> > wrote:
>
> Greeti
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 19/02/10 14:46, Gert Doering wrote:
> Hi,
>
> On Fri, Feb 19, 2010 at 12:10:29PM +0100, David Sommerseth wrote:
>>>> I still need to do some touches for allmerged, as
>>>> we conflict w/ Gert's IPv6 patch on
t an implementation which will
handle multi-threading, I will favour that one. I believe OpenVPN will
in the future need to bite the (bitter?) apple and really look into
threading.
So I lean towards JJO here, as far as possible, avoid using functions
which are not thread safe.
[...snip...]
Ki
.beta4.fc12.x86_64
If nobody responds, I'll try to find some time looking into this in the
near future.
kind regards,
David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAA
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 19/02/10 17:05, Karl O. Pinc wrote:
> On 02/19/2010 03:02:40 AM, David Sommerseth wrote:
>> On 19/02/10 04:18, Stefan Monnier wrote:
>
>>>
>>> If it's a config var, it could indeed just be a global var, so I
x27;t actually read anything. This is against openvpn 2.1-rc20,
but probably still applies to the most recent version.
This patch was received anonymously via the sf.net bug tracker:
<http://sourceforge.net/tracker/?func=detail&atid=454719&aid=
From: David Sommerseth
(I'm withdrawing the first version, and suggesting this patch to be used
instead,
as this one follows the new feature deprecation process.)
Based on a discussion on the mailing list and in the IRC meeting Feb 18,
it was decided to remove get_random() from the ge
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 20/02/10 00:06, Karl O. Pinc wrote:
> On 02/19/2010 04:57:30 PM, David Sommerseth wrote:
>
> Am I wrong or does using --disable-depr-random-resolv
> not remove the random choice?
That is correct. According to the newly agreed fea
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 20/02/10 04:39, Karl O. Pinc wrote:
> On 02/19/2010 05:11:38 PM, David Sommerseth wrote:
>> On 20/02/10 00:06, Karl O. Pinc wrote:
>>> On 02/19/2010 04:57:30 PM, David Sommerseth wrote:
>>>
>>> Am I wrong or doe
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 19/02/10 23:57, David Sommerseth wrote:
> From: David Sommerseth
>
> (I'm withdrawing the first version, and suggesting this patch to be used
> instead,
> as this one follows the new feature deprecation process.)
>
>
6/commit/b7e46bd5ebfd4b55146299129e8b9813fab91b5e
>> ):
>
> Thank you very much, applied to my gert-ipv6 branch (at least I hope
> so).
>
> David, please pull gert-ipv6 from git://git.birkenwald.de/openvpn.git to
> receive that change.
>
Pulled and merged into allmerge
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 21/02/10 12:56, JuanJo Ciarlante wrote:
> Hey David,
>
> On Fri, Feb 19, 2010 at 12:29 PM, JuanJo Ciarlante wrote:
> I've created an feat_ipv6_transport branch where I'll track your
> patches. Gert's IPv6 patches a
vely in production.
>
> Regards,
>
> Karl
I forgot to mention this is pulled in. This is applied to the bugfix2.1
branch and merged into the allmerged branch.
commit 22b055eb0888cefa86e0a6d4a34da6066873be45
kind regards,
David Sommerseth
-BEGIN PGP SIGNATURE-
Version:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 19/02/10 17:37, David Sommerseth wrote:
> With --verb 5, openvpn logs a single letter (rwRW) for each package
> received or sent. I recently ran into a problem with the tun device on
> Linux where the read from that device returned 0. Unfo
From: David Sommerseth
Added a new function, warn_deprecated_features(), which is located in
deprecated.[ch]. All deprecated features should present a warning here.
This function will be called during start-up and will show all warnings
after the OpenVPN title string.
Included a deprecated
robably wise to consider which features removals
which will print a warning each it is called. In this case, I feel it
is safe, as it's probably not too often you will trigger this.
On the other hand, we want to bother the users and really make them see
these messages. If they dislike
ight-pass]
[wait for the crash]
(gdb) bt
[full backtrace should appear]
If you're having troubles, you can grab me on IRC (FreeNode,
chat.freenode.net) on the #openvpn-devel channel. We're a few people
there most of the daytime (UTC+1).
kind regards,
David Sommerseth
---
ne for it yet,
but there has been discussions with the Debian maintainer about this.
Regarding Ubuntu, they just pick the Debian work.
> best regards and big thx for spending your valuable time
And thank you for getting this into Gentoo! I will even enable this one
on one of my Gentoo servers
ese things are covered, I
believe the patch has reached a state where it is suitable for inclusion.
kind regards,
David Sommerseth
[1]
<http://www.secure-computing.net/wiki/index.php/OpenVPN/Developer_documentation>
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment:
ew,
Thanks again, Stefan! I appreciate your effort into getting this code
ready for inclusion! (Even though, my requirements might be a big PITA
:)) Anyhow, I only try to follow the guidelines the community have
agreed on, in discussions with James. Following those guideline
also followed by this one:
<http://article.gmane.org/gmane.network.openvpn.devel/2581>
This patch do not apply at all, as the standard checked out tree do not
have INSTALL-win32.html, only INSTALL-win32.txt. Is this correct? I
can't find this HTML file in the 2.1_rc15 nor 2.1_rc16, w
From: Arne Schwabe
There are commands in the management interface which require the cid. The
only way at the moment to get the cid of connected clients is to have
always a management connection established. The patch adds the CID to the
status output.
Signed-off-by: David Sommerseth
at the moment to get the cid of connected clients is to have
> always a management connection established. The patch adds the CID to the
> status output.
This patch is sent for review by more developers. It will need an
official ACK before inclusion, so I hope that will come soon.
Thank yo
has been discussed here:
<http://thread.gmane.org/gmane.network.openvpn.devel/2492>
Signed-off-by: David Sommerseth
---
init.c|1 +
options.c | 10 ++
options.h |1 +
ssl.c | 60
ssl.h |1 +
5 files
been discussed here:
<http://thread.gmane.org/gmane.network.openvpn.user/28622>
Signed-off-by: David Sommerseth
---
options.c |2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/options.c b/options.c
index c5ca8b6..36b9913 100644
--- a/options.c
+++ b/options.c
@@ -4
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 28/02/10 16:10, Eric F Crist wrote:
> ACK,
>
> It's not you, that's duplicate code.
>
ACK. I this is indeed duplicated.
David S.
> On Feb 28, 2010, at 09:05:46, Gert Doering wrote:
>
>> Hi,
>
contrib/pull-resolv-conf/client.{up,down} ; they use the ${!var} variable
indirection feature.
sf.net tracker:
<https://sourceforge.net/tracker/?func=detail&aid=2040296&group_id=48978&atid=454721>
Signed-off-by: David Sommerseth
---
easy-rsa/2.0/build-ca |2 +-
p;group_id=48978&atid=454721>
kind regards,
David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkuK3zYACgkQDC186MBRfrr9qQCghRPXQ9qOkVn1OYJXdXxAqHgy
zEoAnjEUPrIjBXS3+hh1DuiY1p2H
patch add the handling for this behavior by adding the keyword 'auto'
for the pkcs11-id.
sf.net tracker:
<https://sourceforge.net/tracker/?func=detail&aid=2747189&group_id=48978&atid=454721>
Signed-off-by: David Sommerseth
---
options.
From: Davide Guerri
This patch makes it possible to use the --passtos option with 802.1Q tagged
ethernet frames.
sf.net tracker:
<https://sourceforge.net/tracker/?func=detail&aid=2829878&group_id=48978&atid=454721>
Signed-off-by: David Sommerseth
---
proto.c | 14 +
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 28/02/10 23:14, Gert Doering wrote:
> Hi,
>
> On Sun, Feb 28, 2010 at 04:37:45PM +0100, David Sommerseth wrote:
>> On 28/02/10 16:10, Eric F Crist wrote:
>>> ACK,
>>>
>>> It's not you, that's dup
rect, as it
corresponds to the OpenVPN implementation. Having that said, it could
be better described in some comments that this plug-in is using
OpenVPN's packet filter implementation.
Anyhow, this topic do deserve a little discussion on the
#openvpn-discussion meeting on Thursdays@18:00 U
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 28/02/10 15:56, Arne Schwabe wrote:
> On 28.02.2010 14:22, David Sommerseth wrote:
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
>> On 26/06/09 17:00, Arne Schwabe wrote:
>>> Hi,
>>>
>>&g
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/03/10 06:32, Karl O. Pinc wrote:
> On 02/28/2010 10:24:36 PM, Peter Stuge wrote:
>> David Sommerseth wrote:
>>> +++ b/options.c
>>> @@ -529,6 +529,9 @@ static const char usage_message[] =
>>>"
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/03/10 12:03, Arne Schwabe wrote:
> On 01.03.2010 11:16, David Sommerseth wrote:
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
>> On 28/02/10 15:56, Arne Schwabe wrote:
>>> On 28.02.2010 14:22, Dav
o help each other, so this should not be a
task just for the "hard core" OpenVPN developers (which I'm not, btw).
After all, the advantage is that the more people getting involved, the
quicker we can get patches included, and the more discussion the better
we can make OpenVPN to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 28/02/10 15:28, Gert Doering wrote:
> Hi,
>
> On Sun, Feb 28, 2010 at 01:50:35PM +0100, David Sommerseth wrote:
>> There are commands in the management interface which require the cid. The
>> only way at the moment to get
o be frankly, this discussion sounds to more belong to the
openvpn-us...@lists.sourceforge.net list and not the development list,
at this point.
kind regards,
David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Com
133> for details.
sf.net tracker:
<https://sourceforge.net/tracker/?func=detail&aid=2935611&group_id=48978&atid=454721>
Signed-off-by: David Sommerseth
- ---
openvpn.8 | 1612
++--
1 files changed, 806 insertions(+), 806 delet
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/03/10 22:09, Bernhard Schmidt wrote:
> David Sommerseth wrote:
>
> Hi David,
>
>>> David, could you please pull my branch from Berni, and move that patch
>>> to wherever bugfixes/code cleanups go? It sho
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/03/10 22:41, Bernhard Schmidt wrote:
> Hi David,
>
>>> It doesn't make a difference at the moment (since the patch came from
>>> feat_ipv6_payload in the first place), but what's the general wish for
>>&
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 28/02/10 14:44, David Sommerseth wrote:
> From: Enrico Scholz
>
> I am running a multihomed host where 'local ' must be specified
> for proper operation. Unfortunately, this implies 'lport 1194' or
> an
m \
-CAfile /etc/openvpn/ssl.capath/OpenVPNServeur-cafile.pem \
-cert $peer_cert \
-url http://your-ocsp-url
if [ $? -ne 0 ]
then
echo "error : OCSP check failed for ${X509}" | logger -t
"tls-verify"
exit 1
fi
This patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 02/03/10 00:31, David Sommerseth wrote:
> From: Mathieu GIANNECCHINI
>
> It should be nice to enhance tls-verify check possibilities against peer
> cert during a pending TLS connection like :
> - OCSP verification
> - check any
ed.
Commit 87afefff8fe7b43b2c5cbba7a03a887fd9c02336
kind regards,
David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkuNeP4ACgkQDC186MBRfrrpIACfeEixXYP4fBXRe1daBemh+Bcf
1FUAn0OWzEcrrsUjJ00+CIHJpJdI/+qv
=CGim
-END PGP SIGNATURE-
llows:
> +is executed two arguments are appended, as follows:
>
> .B cmd certificate_depth X509_NAME_oneline
>
Applied to the feat_misc branch, to be merged into allmerged.
Commit 87afefff8fe7b43b2c5cbba7a03a887fd9c02336
kind regards,
David Sommerseth
-BEGIN PGP SI
+whitespace separated arguments. The first word of
> .B cmd
> is the shell command to execute and the remaining words are its
> arguments.
Applied to the feat_misc branch, to be merged into allmerged.
Commit 87afefff8fe7b43b2c5cbba7a03a887fd9c02336
kind regards,
David Sommerseth
---
a shell command with multiple arguments, in which
> -case all OpenVPN-generated arguments will be appended
> -to
> -.B cmd
> -to build a command line which will be passed to the script.
> .\"*****
> .TP
> .B --tls-rem
it's difficult to say now just what could have been
the reason for what you observe.
James, if you have a "test script" with configuration files, I can setup
a test environment and run some tests and also enable ftrace [1], which
could also pin-point more where the kernel spends its t
funny if you're using NetworkManager which haven't understood
another program modified it on purpose, and resets it back. Many
distroes now make use of the openresolv or similar packages to solve
this. But, this is a similar issue as the DHCP client issue as well,
which again fa
== 1(stream cipher). So hear is the patch to
fix the bug.
sf.net tracker:
<https://sourceforge.net/tracker/?func=detail&aid=1552062&group_id=48978&atid=454721>
Signed-off-by: David Sommerseth
---
crypto.c |3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff
1 - 100 of 2399 matches
Mail list logo
