Acked-By: Frank Lichtenheld
Best viewed with "git show -w" ;)
AFAICT this is a good cleanup without any behavioral change.
> Arne Schwabe hat am 20.05.2022 23:32 geschrieben:
> This simplifies the buffer handling in the method and adds a quick
> return instead of wrapping
struct auth_deferred_status *status)
> +{
> +struct gc_arena gc = gc_new();
> +const char *msg = key_state_check_auth_failed_message_file(status,
> multi, &gc);
> +if (msg)
> +{
> +auth_set_client_reason(multi, msg);
> +}
> +
Acked-By: Frank Lichtenheld
Trivial.
> Arne Schwabe hat am 23.05.2022 11:17 geschrieben:
>
>
> ---
> src/openvpn/manage.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c
> index aeea5f9ff..9
Acked-By: Frank Lichtenheld
I'm convinced that this does what it is supposed to do.
Some typo fixes and one potential improvement to the UT noted below.
> Arne Schwabe hat am 22.04.2022 16:29 geschrieben:
> This adds an LRU cache for the last seen packets from the peer to send ac
Acked-By: Frank Lichtenheld
I can confirm that this fixes issues seen with
./configure --enable-small --disable-debug --enable-werror
(compile tested on Debian 11 amd64, gcc 10.2.1)
The init.c change did not fix a warning for my compiler, but it looks correct
and might be a warning with
Acked-By: Frank Lichtenheld
Looks correct to me according to the code and the referenced commit.
Regards,
Frank Lichtenheld
> Martin Janů via Openvpn-devel hat am
> 10.06.2022 14:04 CEST geschrieben:
>
>
> The man pages reference a logging message which has been
Acked-By: Frank Lichtenheld
Trivial code move.
On Tue, Jun 21, 2022 at 06:16:46PM +0200, Arne Schwabe wrote:
> This allow the code later to check if the cipher is okay to use and
> update it for the calculation for the max MTU size.
>
> Signed-off-by: Arne Schwabe
> ---
>
NACK, doesn't build:
mtu.c: In function ‘frame_calculate_default_mtu’:
mtu.c:223:31: error: too few arguments to function
‘frame_calculate_payload_overhead’
223 | size_t payload_overhead = frame_calculate_payload_overhead(0,
&options, &kt);
| ^~~
Code changes look fine to me, but several documentation suggestions.
On Tue, Jun 21, 2022 at 06:16:48PM +0200, Arne Schwabe wrote:
> This changes the default MTU of the tun-mtu to 1420 to avoid MTU related
> issues that are even more prominent when DCO server or clients are involved.
>
> To maxim
On Fri, Jun 24, 2022 at 10:35:24AM +0200, Frank Lichtenheld wrote:
> Code changes look fine to me, but several documentation suggestions.
Hmm, after reading the next patch might I suggest to move the
change to push.c actually to the next patch? Both references
to IV_MTU and tun-max-mtu only m
Only skimmed this. A few small typo fixes and the like.
On Tue, Jun 21, 2022 at 06:16:49PM +0200, Arne Schwabe wrote:
> This allows tun-mtu to pushed but only up to the size of the preallocated
> buffers. This is not a perfect solution but should allow most of the use
> cases where the mtu is clos
On Fri, Jun 24, 2022 at 01:13:16PM +0200, Arne Schwabe wrote:
> We could also just hardcode this value to 1420 but this approach does
> not add much (complicated) code and it is a bit better than to have
> a magic number to just be there.
>
[...]
> +/**
> + * Function to calculate the default MTU
Doesn't make sense to test with fragment, if the code
ignores it.
Signed-off-by: Frank Lichtenheld
---
tests/unit_tests/openvpn/test_crypto.c | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/tests/unit_tests/openvpn/test_crypto.c
b/tests/unit_tests/op
NACK. See below.
On Sun, Jun 26, 2022 at 01:41:49AM +0200, Arne Schwabe wrote:
> diff --git a/tests/unit_tests/openvpn/test_crypto.c
> b/tests/unit_tests/openvpn/test_crypto.c
> index 83572b827..ca595b0a5 100644
> --- a/tests/unit_tests/openvpn/test_crypto.c
> +++ b/tests/unit_tests/openvpn/test_
Acked-By: Frank Lichtenheld
Code definitely looks like it will be doing what it is
intended to do.
Would be a good opportunity for a UT, though.
On Fri, May 27, 2022 at 03:24:57AM +0200, Heiko Hund wrote:
> Override DNS related foreign_options with values set by the --dns
> option. T
- Fix various formatting inconsistencies
- Remove outdated (as of 2.6) information from
--data-ciphers and instead add a link to
cipher negotiation chapter.
- Some drive-by fixes in related code comments
and log messages as I was reading them.
Cc: Arne Schwabe
Signed-off-by: Frank
- Fix various formatting inconsistencies
- Remove outdated (as of 2.6) information from
--data-ciphers and instead add a link to
cipher negotiation chapter.
- Some drive-by fixes in related code comments
and log messages as I was reading them.
Signed-off-by: Frank Lichtenheld
---
doc/man
Note that this patch is wrong. Do not waste time reviewing it. Maybe at
some point I will send a v2. But since it is not high priority it might
take some time.
On Thu, May 05, 2022 at 01:43:22PM +0200, Frank Lichtenheld wrote:
> I think that makes the code slightly more readable.
>
> S
y workarounds?
> +- Not all incompatible options are currently identified
> +- No per client statistics. Only total statistics available on the interface
Regards,
--
Frank Lichtenheld
___
Openvpn-devel mailing list
Openvpn-dev
(+), 34 deletions(-)
Trivial enough. Also can be applied independently of all changes
before it in the series!
Acked-By: Frank Lichtenheld
Regards,
--
Frank Lichtenheld
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://li
out waiting for the rest of series, since --enable-dco is already
available.
Acked-By: Frank Lichtenheld
Regards,
--
Frank Lichtenheld
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
${HOME}/mingw/opt/lib/pkgconfig
> LDFLAGS=-L$HOME/mingw/opt/lib CFLAGS=-I$HOME/mingw/opt/include
> OPENSSL_LIBS="-L${HOME}/opt/lib -lssl -lcrypto"
> OPENSSL_CFLAGS=-I$HOME/mingw/opt/include PREFIX=$HOME/mingw/opt
> LZO_CFLAGS=-I$HOME/mingw/opt/include LZO_LIBS="-L${HOM
p; o->remap_sigusr1 == SIGHUP)
> +{
> +MSG(M_USAGE, "Options 'config stdin' and 'remap-sigusr SIGHUP' are"
> + "incompatible with each other.");
FWIW, the option is called remap-usr1, not remap-sigusr.
Regards,
In automated tests we want the build to fail if the
worker node is configured incorrectly.
Signed-off-by: Frank Lichtenheld
---
tests/t_client.sh.in | 20
1 file changed, 12 insertions(+), 8 deletions(-)
diff --git a/tests/t_client.sh.in b/tests/t_client.sh.in
index
).
>
> Add comments to make explicit that the asymmetry here (IPv4 extended
> socket error reporting is enabled on all sockets) is intentional.
>
> Signed-off-by: Gert Doering
Acked-By: Frank Lichtenheld
Tested that it indeed removes the spurious error.
Co
Found this when trying to build the Debian package
twice in a row. Which failed since then there were
additional files.
Signed-off-by: Frank Lichtenheld
---
distro/systemd/Makefile.am | 1 +
1 file changed, 1 insertion(+)
diff --git a/distro/systemd/Makefile.am b/distro/systemd/Makefile.am
struct key2 *key2, int key_direction,
> const char *ciphername, bool server);
>
> +/**
> + * Possibly swap or wipe keys from DCO
I would actually prefer to be a bit more explicit here:
"Sync our key status to DCO, potentially swapping or wipi
hanges.
uncrustify is not, see below, but that can probably
be fixed on apply.
Acked-By: Frank Lichtenheld
> diff --git a/tests/unit_tests/openvpn/test_provider.c
> b/tests/unit_tests/openvpn/test_provider.c
> index 47e7e395..d146af62 100644
> --- a/tests/unit_tests/openvpn
On Thu, Jul 28, 2022 at 09:35:42PM +0200, Antonio Quartulli wrote:
> Data channel keys are periodically regenarated and installed in
> ovpn-dco.
> However, there is a certain moment when keys are rotated in order
> to elect the new primary one.
>
> Check the key status in userspace so that kernels
flow
> ** fixed comment about userspace (use "we" for more clarity)
> ** add error code handling. The idea is to abort operations as soon as a
>failure is detected, so that the next iteration can make another
>attempt.
Looks to me lik
this information from release
builds, but not from builds done directly
from the git checkout.
Signed-off-by: Frank Lichtenheld
---
src/openvpn/options.c | 2 ++
src/tapctl/main.c | 1 -
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
We only need to include this when we want the
git version. This is currently only the case
in options.c
Signed-off-by: Frank Lichtenheld
---
src/openvpn/block_dns.c | 3 ---
src/openvpn/plugin.c| 3 ---
src/tapctl/main.c | 3 ---
3 files changed, 9 deletions(-)
diff --git a/src
t; ---
> Changes.rst | 9 ++
> README.dco.md | 121 ++
> doc/man-sections/advanced-options.rst | 13 +++
> doc/man-sections/server-options.rst | 6 ++
> 4 files changed, 149 insertions(+)
> create mode 100644 README.dco.md
On Fri, Aug 05, 2022 at 11:37:03AM +0200, Antonio Quartulli wrote:
> Signed-off-by: Antonio Quartulli
> ---
>
> Changes from v2:
> * more adjustments
Acked-By: Frank Lichtenheld
Regards,
--
Frank Lichtenheld
___
Openvpn-dev
We only need to include this when we want the
git version.
Signed-off-by: Frank Lichtenheld
---
src/openvpn/block_dns.c | 3 ---
src/tapctl/main.c | 3 ---
2 files changed, 6 deletions(-)
v2: Do not remove include in plugin.c
diff --git a/src/openvpn/block_dns.c b/src/openvpn
FWIW I put this through the buildbot as a test for the new
extended t_client tests on the docker workers and it caused
no issues. Also ran the t_client tests on my DCO-enabled
Ubuntu 22 laptop. I did not do any more specific tests.
Changes look sensible to me, so
Acked-By: Frank Lichtenheld
On
probably better to have no message than a
misleading one, remove it.
Signed-off-by: Frank Lichtenheld
---
src/openvpn/dco.c | 4
1 file changed, 4 deletions(-)
diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c
index 4f40255e..8aa7e896 100644
--- a/src/openvpn/dco.c
+++ b/src/openvpn/dco.c
test 11 passes
With the patch and --disable-dco --enable-iproute2:
- no cap retained
- errors on teardown (ip)
Looks to me like it does what it is supposed to do.
Acked-By: Frank Lichtenheld
That said, maybe we should add some hint about this
behavior to the actual documentation? Maybe to
--user
Signed-off-by: Frank Lichtenheld
---
dev-tools/uncrustify.conf | 1 +
1 file changed, 1 insertion(+)
diff --git a/dev-tools/uncrustify.conf b/dev-tools/uncrustify.conf
index 325f3108..c73fba0c 100644
--- a/dev-tools/uncrustify.conf
+++ b/dev-tools/uncrustify.conf
@@ -40,6 +40,7
Signed-off-by: Frank Lichtenheld
---
src/openvpn/auth_token.h| 16 -
src/openvpn/block_dns.h | 16 -
src/openvpn/buffer.h| 7 ++--
src/openvpn/crypto.h| 18 --
src/openvpn/crypto_openssl.h| 3 +-
src/openvpn/dco_win.h
fping and fping6 were merged in version 4.0,
released in 2017. Many recent distributions do
not include the compatibility symlink anymore.
So if we find fping but not fping6 do not error
out but assume that fping is capable of IPv6.
Signed-off-by: Frank Lichtenheld
---
tests/t_client.sh.in
ubious to me. However, the github
actions are
accessible by people outside of the project, so they are definitely not
completely
redundant.
Regards,
--
Frank Lichtenheld
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
return;
> +}
> +if (ks->state >= S_ACTIVE && ks->authenticated == KS_AUTH_FALSE)
While here we do check key_id at all?
> +{
> + msg(D_MULTI_DROPPED,
> +"Key %s [%d] no longer authorized (y
d avoid the overhead.
>
> Patch v2: fix comparing key_id to state value, improve message
Okay, less confusing. But I still don't understand why we loop over all keys
without checking the ks->key_id?
Regards,
--
Frank Lichtenheld
__
rther time arguing about this
specific bikeshed ;)
Regards,
--
Frank Lichtenheld
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
dows. Or "MSVC on Windows".
> normal build system does not do but my out of tree cmake build script
> tries and fails
Actual change is trivial so
Acked-By: Frank Lichtenheld
Regards,
--
Frank Lichtenheld
___
Openvpn-devel m
On Mon, Aug 22, 2022 at 04:18:06PM +0200, Frank Lichtenheld wrote:
> fping and fping6 were merged in version 4.0,
> released in 2017. Many recent distributions do
> not include the compatibility symlink anymore.
>
> So if we find fping but not fping6 do not error
> out but as
Signed-off-by: Frank Lichtenheld
---
dev-tools/uncrustify.conf | 3 +++
1 file changed, 3 insertions(+)
diff --git a/dev-tools/uncrustify.conf b/dev-tools/uncrustify.conf
index 325f3108..25d85ecd 100644
--- a/dev-tools/uncrustify.conf
+++ b/dev-tools/uncrustify.conf
@@ -34,6 +34,9
Signed-off-by: Frank Lichtenheld
---
config-msvc.h| 2 +-
.../client-connect/sample-client-connect.c | 2 +-
src/openvpn/crypto.c | 4 ++--
src/openvpn/crypto_mbedtls.c | 2 +-
src/openvpn/init.c
There are several different uncrustify settings
controlling the space around operators. This
series presents a few options of what to set.
Pick and choose ;)
Frank Lichtenheld (6):
uncrustify: add space around compare operators
reformat for sp_compare=add
uncrustify: add space around
Signed-off-by: Frank Lichtenheld
---
src/openvpn/buffer.c | 6 +--
src/openvpn/buffer.h | 2 +-
src/openvpn/console_systemd.c | 2 +-
src/openvpn/crypto.c | 6 +--
src/openvpn/crypto_mbedtls.c | 10
Only '+' and '-' since sp_arith=add would be very
intrusive.
Signed-off-by: Frank Lichtenheld
---
dev-tools/uncrustify.conf | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dev-tools/uncrustify.conf b/dev-tools/uncrustify.conf
index 25d85ecd..3c721396 10
Signed-off-by: Frank Lichtenheld
---
dev-tools/uncrustify.conf | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/dev-tools/uncrustify.conf b/dev-tools/uncrustify.conf
index 3c721396..d5c2a8a7 100644
--- a/dev-tools/uncrustify.conf
+++ b/dev-tools/uncrustify.conf
@@ -34,8
On Fri, Aug 26, 2022 at 10:54:27AM +0200, Frank Lichtenheld wrote:
> Signed-off-by: Frank Lichtenheld
Looking a bit closer at the changes this one seems slightly broken.
Examples:
> diff --git a/src/openvpn/misc.h b/src/openvpn/misc.h
> index 2a6c0b8b..7ad19bf7 100644
> --- a
On Fri, Aug 26, 2022 at 01:57:05PM +0200, Antonio Quartulli wrote:
> On 26/08/2022 11:10, Frank Lichtenheld wrote:
> > So this seems to misinterpret '*' and '&' after ')'.
> > This doesn't break compilation but is really ugly and confusing.
&g
From: Arne Schwabe
Acked-by: Frank Lichtenheld
Signed-off-by: Arne Schwabe
---
src/openvpn/options.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
patch got lost back in 2017
still included in Debian package
original mail:
https://www.mail-archive.com/openvpn-devel
o just use uncrustify as-is for now," obviously.
Regards,
--
Frank Lichtenheld
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
BSD) || defined(_WIN32)
in the DCO code, couldn't we just remove it completely?
Since this is bascially "every time" anyway, isn't it?
Regards,
--
Frank Lichtenheld
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
dif
> }
> diff --git a/src/openvpn/options.h b/src/openvpn/options.h
> index 6d9174a4..557054ba 100644
> --- a/src/openvpn/options.h
> +++ b/src/openvpn/options.h
> @@ -882,9 +882,7 @@ bool key_is_external(const struct options *options);
> static inline bool
> dco_en
ular reason you left this one in?
> "--disable-dco : Do not attempt using Data Channel Offload.\n"
> #endif
> "--lladdr hw : Set the link layer address of the tap device.\n"
Regards,
--
Frank Lichtenheld
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
age() in options.c
> - simplify #ifdef in show_settings() in options.c
Code looks good to me. Also lightly tested it with
.exe from https://github.com/lstipakov/openvpn/actions/runs/3060106587:
- ovpn-dco is used by default
- when persist-tun is set, falls back to tap-windows6
- when window
Did you not move the "(default)" to ovpn-dco since the other
patch, that makes ovpn-doc the default, is not merged, yet?
Patch is certainly correct relative to current master, so
Acked-by: Frank Lichtenheld
On Thu, Sep 15, 2022 at 03:03:49PM +0300, Lev Stipakov wrote:
> From:
On Thu, Sep 15, 2022 at 02:11:34PM +0200, Frank Lichtenheld wrote:
> Acked-by: Frank Lichtenheld
Also put this through buildbot and saw no failures.
Regards,
--
Frank Lichtenheld
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.
d avoid the overhead.
>
> Patch v2: fix comparing key_id to state value, improve message
> Patch v3: also take key_id into account
Code looks good to me now. Is there any way of testing this?
Regards,
--
Frank Lichtenheld
___
Openvpn-devel
that went into the existing x509-username-field
seem questionable in hindsight and don't give a good way of
integrating this functionality. But having two completely separate
implementations of "extract a name from SAN" seems wasteful as well.
Don't have any good soluti
{
> + msg(D_DCO, "Renewing P2P peer in tls-server mode");
> +int ret = dco_p2p_add_new_peer(c);
> +if (ret < 0)
> +{
> +msg(D_DCO, "Cannot renew peer in DCO: %s (%d)",
> strerror(-ret), ret);
> +}
> +}
> }
>
> /* Receive Key */
[...]
Regards,
--
Frank Lichtenheld
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
in.
Would it be a good idea (and possible) to improve the
error handling in a way that if the soft-restart fails it
instead tries a hard-restart?
Anyway, since I do not think this specific problem is caused
by this patch:
Acked-By: Frank Lich
You did not remove it in interval.c
>
> /*
> * Measure time intervals in microseconds
> diff --git a/src/openvpn/openvpn.h b/src/openvpn/openvpn.h
> index 00cd652fa..aae1d21b8 100644
> --- a/src/openvpn/openvpn.h
> +++ b/src/openvpn/openvpn.h
> @@ -386,7 +38
t;-O 0x10".
>
Trivial change. Tested and looks good.
Acked-By: Frank Lichtenheld
Regards,
--
Frank Lichtenheld
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
nt full output, always, as before
>
> default is V=1 now
>
Seems to do what it is supposed to do.
Acked-By: Frank Lichtenheld
Regards,
--
Frank Lichtenheld
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
gt; + 0|1) ;; # no per-test output for 'OK'
> + *) echo "OK" ;; # print all
> + esac
> + tests_passed=$(( $tests_passed + 1 ))
> +fi
> +}
> +
> +# if runni
>
> code-wise, introduce test_start() / test_end() functions which do
> the $? check as well, so the actual testing code is streamlined.
>
> v2:
> replace indent tabs with spaces
> change [ $V == 1 ] expression to [ $V = 1 ] (POSIXly correct)
>
Acke
rt can probably fix them on
apply.
Acked-By: Frank Lichtenheld
[...]
> -/*
> - * Will return the time left for a timeout, this function does not check
> - * if the timeout is actually valid
> +/**
> + * Returns the time until the timeout should triggered from from now.
"should
On Fri, Aug 26, 2022 at 10:54:25AM +0200, Frank Lichtenheld wrote:
> Signed-off-by: Frank Lichtenheld
Note: This patch doesn't apply cleanly anymore due to a conflict
in tun.c. But obviously it can trivially be recreated, since it
is just a call to ./dev-tools/reformat-all.sh.
Let me
On Fri, Aug 26, 2022 at 10:54:26AM +0200, Frank Lichtenheld wrote:
> Signed-off-by: Frank Lichtenheld
> ---
> dev-tools/uncrustify.conf | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/dev-tools/uncrustify.conf b/dev-tools/uncrustify.conf
> ind
trying to use the CCM cipher.
>
> We say "a supported AEAD" mode in our error since CCM is also an AEAD mode
> but one we support like GCM.
"but not one we support, like GCM" or
"but one we don't support, unlike GCM"
Actual code looks good
ugh to warrant moving
it to a shared function.
Regards,
--
Frank Lichtenheld
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
On Tue, Oct 11, 2022 at 03:07:04PM +0200, Heiko Hund wrote:
> On Montag, 27. Juni 2022 10:36:02 CEST Frank Lichtenheld wrote:
> > As mentioned this is true for the specific options configured above.
> > But you can easily also get different values out of this function by
> >
tls-mtu to max-packet-size in message.
Reread the code. Did some client-side tests with small MTUs. Didn't find any
issues.
One remaining typo found, see below.
I think it would actually have been possible to split this up in even smaller
patches (e.g. removing the maxlen parameter), but prob
Acked-By: Frank Lichtenheld
Already acked in 1957647252.642516.1652264253...@office.mailbox.org
On Wed, Sep 21, 2022 at 12:49:30PM +0200, Arne Schwabe wrote:
> Patch v4: rebase
>
> Signed-off-by: Arne Schwabe
> ---
> tests/unit_tests/openvpn/Makefile.am | 5 +-
>
ax-packet-size value outside of allowed control "
> +"channel packet size (%d to %d), will use %d "
> +"instead", TLS_CHANNEL_MTU_MIN, TLS_CHANNEL_BUF_SIZE,
> +options->ce.tls_mtu);
Would add '.' after in
On Tue, Oct 18, 2022 at 06:16:54PM +0200, Frank Lichtenheld wrote:
> Acked-By: Frank Lichtenheld
>
> Already acked in 1957647252.642516.1652264253...@office.mailbox.org
>
Note: this patch does not depend on 2/3, only on 1/3.
Regards,
--
Frank
Patch v4: introduce max-packet-size instead of tls-mtu
> Patch v5: improve documentation
Thanks. Documentation is much improved now, indeed. There is always more
that could be improved but let's not do that in this patch.
Acked-By: Frank Lichtenheld
Two tiny nit-picks noted below whic
-- the GUI now lists connections started at
> boot by the automatic service and lets the user control it. Interactive
> inputs such as username/password with such connections are possible.
Okay, will include this.
Regards,
--
Frank Lichtenheld
__
The OpenVPN community project team is proud to release OpenVPN 2.5.8. This is
mostly a bugfix release.
However, there were several enhancements of the Windows GUI component:
* OpenVPN 3 support -- the GUI can also work as a user interface for
the OpenVPN 3 client.
* pkcs11-id-management -- the G
additional complexity.
While here, change some leading whitespace to tabs as
expected in Makefile.
Signed-off-by: Frank Lichtenheld
---
build/msvc/msvc-generate/Makefile.mak | 9 ++---
1 file changed, 6 insertions(+), 3 deletions(-)
Note: this patch applies to both master and release/2.5 cleanly
There is no way to detect whether this information
is outdated in nmake itself. So leave it up to the
Python script to decide.
While here, change some leading whitespace to tabs as
expected in Makefile.
Signed-off-by: Frank Lichtenheld
Signed-off-by: Lev Stipakov
---
build/msvc/msvc-generate
On Wed, Nov 02, 2022 at 10:37:12PM +0100, Frank Lichtenheld wrote:
> Source code and Windows installers can be downloaded from our download page:
>
> <https://openvpn.net/community-downloads/>
A new version of the Windows MSI installer has been released. It fixes the issue
th
should work fine. 16 bit Architectures are unlikely
> +to work.
> +
>
> -PORTING NOTES:
> +PORTING GUIDELINE TO A NEW PLATFORM:
>
>* Make sure that OpenSSL will build on your
> platform.
Regards,
--
Frank Lichtenheld
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
That makes it possible to remove several preprocessor
directives which is a good thing. The cost should be
negligible.
Signed-off-by: Frank Lichtenheld
---
src/openvpn/manage.h | 41 +++---
src/openvpn/options.c | 46
in messages
> like::
"a peer"
> +
> +TLS error: Unsupported protocol. This typically indicates that client
> and server have no common TLS version enabled. This can be caused by
> mismatched tls-version-min and tls-version-max options on client and server.
ot;2.2+" from Linux, and name the fruitish thing "macOS"
>
Acked-by: Frank Lichtenheld
--
Frank Lichtenheld
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
des a best-effort APT repository
If you want to include Fedora here, then need to change "APT repository"
to "package repositories" (and remove "a").
Acked-By: Frank Lichtenheld
if this is fixed.
> -for Debian and
,
--
Frank Lichtenheld
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Recommend to create an user dedicated to openvpn
so that there is no priviledge escalation between
different services using that user.
cf. https://wiki.ubuntu.com/nobody
Trac: #1335
CC: tincantech
Signed-off-by: Frank Lichtenheld
---
doc/man-sections/generic-options.rst | 9
Still a few small suggestions. See below. But generally
Acked-By: Frank Lichtenheld
On Tue, Nov 29, 2022 at 12:30:31PM +0100, Arne Schwabe wrote:
> We expect a number of configuration to no longer work with OpenVPN
"configurations"
> 2.6 and OpenSSL 3.0. This section tries to
issues over to them if applicable.
This patch series adds a first issue template for our use
and does various documentation updates.
Frank Lichtenheld (3):
GitHub Issues: Create first issue template (Bug)
GitHub Issues: add new links to INSTALL and README
GitHub Issues: add note to Changes as
If we want people to use GH issues, we should
probably offer some issue templates to give
guidance on what to include.
Based on GH's standard bug template.
Signed-off-by: Frank Lichtenheld
---
.github/ISSUE_TEMPLATE/bug_report.md | 25 +
1 file changed, 25 inser
For maximum visibility.
Signed-off-by: Frank Lichtenheld
---
Changes.rst | 6 ++
1 file changed, 6 insertions(+)
diff --git a/Changes.rst b/Changes.rst
index 11652b85..fe91ece2 100644
--- a/Changes.rst
+++ b/Changes.rst
@@ -1,6 +1,12 @@
Overview of changes in 2.6
But keep the old links around as well for now since
the GitHub issues aren't useful, yet.
Signed-off-by: Frank Lichtenheld
---
INSTALL | 4 +++-
README | 5 -
2 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/INSTALL b/INSTALL
index db24e98c..a63bab6a 100644
--- a/IN
1 - 100 of 574 matches
Mail list logo
