[Openvpn-devel] What changes were made from 2.1.2 to 2.1.3?

The downloads page, http://openvpn.net/index.php/open-source/downloads.html, has release 2.1.3 (2010.08.27). However, the release notes linked to on that page, http://openvpn.net/changelog-beta.html, only include changes up through 2.1.2 (2010.08.09). (The Documentation page, http://openvpn.net/in

Re: [Openvpn-devel] Intelligent OpenVPN service?

You might want to look at the client GUI. For example, Tunnelblick (OS X GUI which also includes imbedded tun/tap kexts, OpenVPN and OpenSSL binaries) has just such a "pre-connnection" feature. People can call a script before OpenVPN is started, and when OpenVPN finishes. It is used to do such thin

Re: [Openvpn-devel] Preview of OpenVPN 2.1.4 Debian and Ubuntu packages

(I'm the primary developer of Tunnelblick, the OS X GUI for OpenVPN, having taken over from Angelo Laub.) Can someone make sure the release notes get updated when a release is made? It's hard to decide whether/when to include a new version of OpenVPN into Tunnelblick without knowing what is in th

Re: [Openvpn-devel] [PATCH] Add --route-pre-down/OPENVPN_PLUGIN_ROUTE_PREDOWN script/plug-in hook

Hi. On Tue, Jan 24, 2012 at 6:38 AM, David Sommerseth wrote: > > This patchs adds a script/plug-in hook which is called right before the > network routes are taken down.  This is give external processes a > possibility to tear down communication over the VPN before the VPN > disappears. > > One u

Re: [Openvpn-devel] [PATCH] Add --route-pre-down/OPENVPN_PLUGIN_ROUTE_PREDOWN script/plug-in hook

On Wed, Jan 25, 2012 at 5:18 PM, Gert Doering wrote: >> If so, shouldn't patches that >> change the interface include appropriate changes to the man page? > > ... and so does the patch.  At least my copy of it had a section starting > with My apologies. I didn't connect that part of the patch wit

Re: [Openvpn-devel] OpenVPN 2.3-alpha1 preview 1 installer now available

2012/2/21 Samuli Seppänen > A preview of OpenVPN 2.3-alpha1 installer for Windows is now available > here: > > I realize that this post was aimed at Windows, but building on OS X 10.6.8 (for Tunnelblick) fails

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

> > > I never used script with openvpn. I've no idea which are real world > > applications for it. > > Scripts are for creative uses that the programmers of openvpn have not > foreseen. Like "after the VPN is up, auto-sync all your git repositories" > or "open up a few xterms with ssh's to $intern

[Openvpn-devel] 2.3alpha1 fails on OS X when the --up argument contains more than an execution path

I'm the developer for Tunnelblick (open source GUI for OS X), having taken over from Angelo Laub a couple of years ago. I'd like to make a beta of Tunnelblick with OpenVPN 2.3alpha1 available for testing, but the alpha has a bug that makes it useless for most users of Tunnelblick. Lots of people us

Re: [Openvpn-devel] 2.3alpha1 fails on OS X when the --up argument contains more than an execution path

On Wed, Mar 7, 2012 at 9:10 AM, David Sommerseth wrote: [skipped] > > OpenVPN 2.3alpha1 fails when the argument to "--up" contains more > > than an execution path. The problem also occurs for the "--down" > > option and the new "--route-pre-down" option (and presumably any other > > options that t

Re: [Openvpn-devel] The future of contrib/keychain-mcd

Hi. Several weeks ago "kaloprominat" submitted PR #369 [1] to Tunnelblick. It incorporates the keychain-mcd code into Tunnelblick. (I don't know if that triggered your scrutiny of keychain-mcd or if that is a coincidence.) I have not finished reviewing the PR, but it includes fixes for several pr

Re: [Openvpn-devel] OpenVPN 2.3.16 released

On Fri, May 19, 2017 at 5:29 AM, Samuli Seppänen wrote: > > The OpenVPN community project team is proud to release OpenVPN 2.3.16. > It can be downloaded from here: > > > > This is a minor release that fixes a few bugs. This release was mad

[Openvpn-devel] Problem with sig for 2.3.16?

When I try to verify the signature on openvpn-2.3.16.tar.gz (using openvpn-2.3.16.tar.gz.asc) from the "Downloads" page [1], I get the following: gpg: assuming signed data in `XXX/openvpn-2.3.16.tar.gz' gpg: Signature made Thu May 18 16:56:48 2017 EDT using RSA key ID 8CC2B034 gpg:

Re: [Openvpn-devel] Problem with sig for 2.3.16?

On Fri, May 19, 2017 at 1:44 PM, Samuli Seppänen wrote: > On 19/05/2017 17:50, David Sommerseth wrote: >> On 19/05/17 16:28, Jonathan K. Bullard wrote: >>> When I try to verify the signature on openvpn-2.3.16.tar.gz (using >>> openvpn-2.3.16.tar.gz.asc) from the &quo

Re: [Openvpn-devel] Problem with sig for 2.3.16?

On Fri, May 19, 2017 at 6:41 PM, David Sommerseth wrote: > On 19/05/17 21:23, Jonathan K. Bullard wrote: [snip] > > OK, I get that, but the key file from the link David provided (and > > which was also in his reply to the email announcing 2.3.16): > > > > <http:/

Re: [Openvpn-devel] OpenVPN 2.4.3 released (with security fixes)

On Wed, Jun 21, 2017 at 6:47 AM, Samuli Seppänen wrote: > The OpenVPN community project team is proud to release OpenVPN 2.4.3. It > can be downloaded from here: > > Hi. Thanks for this release. Verifying the PGP signature on 2.3.17.tar.g

Re: [Openvpn-devel] ***UNCHECKED*** Re: OpenVPN 2.4.3 released (with security fixes)

On Wed, Jun 21, 2017 at 8:40 AM, David Sommerseth wrote: > On 21/06/17 14:30, David Sommerseth wrote: >> On 21/06/17 13:48, Jonathan K. Bullard wrote: >>> On Wed, Jun 21, 2017 at 6:47 AM, Samuli Seppänen wrote: >>>> The OpenVPN community project team is prou

Re: [Openvpn-devel] OpenVPN 2.4.3 released (with security fixes)

On Wed, Jun 21, 2017 at 7:48 AM, Jonathan K. Bullard wrote: > On Wed, Jun 21, 2017 at 6:47 AM, Samuli Seppänen > wrote: > > The OpenVPN community project team is proud to release OpenVPN 2.4.3. It > > can be downloaded from here: > > > > <http://openvpn.net/ind

Re: [Openvpn-devel] OpenVPN 2.4.3 released (with security fixes)

On Wed, Jun 21, 2017 at 12:48 PM, Matthias Andree wrote: > > Am 21.06.2017 um 16:33 schrieb Samuli Seppänen: > > On 21/06/2017 17:06, Simon Matter wrote: > >>> On Wed, Jun 21, 2017 at 6:47 AM, Samuli Seppänen > >>> wrote: > The OpenVPN community project team is proud to release OpenVPN 2.4.3

Re: [Openvpn-devel] [PATCH] Implement block-ipv6

Hi. I have one small nit-pick. On Thu, Jul 6, 2017 at 11:33 AM, Arne Schwabe wrote: > This can be used to redirect all IPv6 traffic to the tun interface, > effectively black holing the IPv6 traffic. Without ICMPv6 error messages this > will result in timeouts when the server does not send erro

Re: [Openvpn-devel] [PATCH] contrib: Remove keychain-mcd code

On Tue, Jul 25, 2017 at 9:03 AM, David Sommerseth wrote: > After the security audits performed by Cryptography Engineering the > spring of 2017 [1], there were several concerns about the contrib code > for the macOS keychain support. After more careful review of this > code base, it was considere

Re: [Openvpn-devel] [PATCH] Implement "status 4" (JSON) for management interface

Hi, On Tue, Nov 14, 2017 at 3:31 AM, Gert Doering wrote: > Hi, > > On Mon, Nov 13, 2017 at 01:16:46PM +0100, David Sommerseth wrote: >> But we should consider if we want to make use of a JSON library >> producing the JSON streams. The reason is to ensure the output is >> according to the specifi

Re: [Openvpn-devel] [PATCH] Implement "status 4" (JSON) for management interface

Hi, On Tue, Nov 14, 2017 at 7:40 AM, David Sommerseth wrote: > > On 14/11/17 12:02, Gert Doering wrote: >> JSON is very trivial to produce (unlike XML, or netlink). The escaping >> rules on producing are also very easy - basically, encode things in double >> quotes, and escape the set of { BS, F

Re: [Openvpn-devel] Follow up on sending messages to the GUI

Thanks, Selva, On Wed, Nov 29, 2017 at 9:03 PM, Selva Nair wrote: > > I have made a draft implementation of this feature that was discussed in a > previous thread. A test executable (GUI only) is in this pre-release: > > https://github.com/selvanair/openvpn-gui/releases/tag/v11-echo-msg > > Als

Re: [Openvpn-devel] Follow up on sending messages to the GUI

Hi, On Thu, Nov 30, 2017 at 10:26 PM, Selva Nair wrote: > Hi Jon, > > On Thu, Nov 30, 2017 at 8:41 PM, Jonathan K. Bullard > wrote: > >> Thanks, Selva, >> >> On Wed, Nov 29, 2017 at 9:03 PM, Selva Nair wrote: >> > >> > I have made a draf

Re: [Openvpn-devel] Follow up on sending messages to the GUI

Hi, On Fri, Dec 1, 2017 at 10:58 AM, Selva Nair wrote: > > Hi, > > On Fri, Dec 1, 2017 at 8:53 AM, Arne Schwabe wrote: >> >> Am 30.11.2017 um 03:03 schrieb Selva Nair: >> >> Cross-posting to users and devel as this may be of interest to both. >> >> Hi, >> >> I have made a draft implementation of

Re: [Openvpn-devel] Follow up on sending messages to the GUI

Hi, On Sat, Dec 2, 2017 at 7:08 AM, Jonathan K. Bullard wrote: > Hi, > > On Fri, Dec 1, 2017 at 10:58 AM, Selva Nair wrote: >> >> Hi, >> >> On Fri, Dec 1, 2017 at 8:53 AM, Arne Schwabe wrote: >>> >>> Am 30.11.2017 um 03:03 schrieb Selva Nai

Re: [Openvpn-devel] On testing with openssl 0.9.8

Hi, On Mon, Jan 22, 2018 at 7:33 AM, David Sommerseth wrote: > Let me rather twist this question around ... Do we want to support OpenSSL > 0.9.8? Are there any Linux distributions or other OSes out there in the wild > which is still supported which are also based on openssl-0.9.8? > > Officiall

[Openvpn-devel] Fwd: [PATCH 2/3] Allow external EC key through --management-external-key

Hi. On Mon, Jan 22, 2018 at 12:31 PM, Selva Nair wrote: > What about extending the current "version" command with an argument > where the client states the version of "management-speak" that it > supports. Current management version is 1, we increase it to 1.1 and > unless the client says "versio

Re: [Openvpn-devel] [PATCH] Properly respond to SIGTERM received during DNS resolution.

I'm not sure I'm reading the description right, to understand the > actual issue this is fixing - but if I'm reading it right, then this > makes sense :-) - what about SIGINT?) On Tue, Apr 12, 2016 at 11:48 AM, Fish Wang wrote: > > Right, it's for the "on DNS

[Openvpn-devel] OpenSSL version(s) officially supported by OpenVPN?

Hi. Inspired by the recent discussion about LibreSSL support: Can someone clarify which versions of OpenSSL OpenVPN supports (that is, "works with when linked statically")? >From what I gather: * OpenVPN 2.3.18 supports OpenSSL 1.0.2n * OpenVPN 2.4.5 supports OpenSSL 1.0.2n and 1.1.0g * Open

Re: [Openvpn-devel] OpenSSL version(s) officially supported by OpenVPN?

Hi. On Wed, Mar 7, 2018 at 4:25 AM, Steffan Karger wrote: > > Hi, > > On 06-03-18 23:16, Jonathan K. Bullard wrote: > > Can someone clarify which versions of OpenSSL OpenVPN supports (that > > is, "works with when linked statically")? > > > >

Re: [Openvpn-devel] [PATCH] Depreciate IPv4-related options.

Hi, On Sun, Apr 1, 2018 at 2:30 AM, Gert Doering wrote: > As discussed in trac #208 and on IRC with Antonio, OpenVPN 2.5 will > be IPv6-only. Removal of IPv4-related code and options will dramatically > reduce code complexity, confusing options, bugs and user questions. > > Add deprecation warn

Re: [Openvpn-devel] [PATCH] Depreciate IPv4-related options.

Hi, On Sun, Apr 1, 2018 at 11:34 AM, Gert Doering wrote: > Hi, > > On Sun, Apr 01, 2018 at 10:19:37AM -0400, Selva Nair wrote: >> On Sun, Apr 1, 2018 at 2:30 AM, Gert Doering wrote: >> >> > As discussed in trac #208 and on IRC with Antonio, OpenVPN 2.5 will >> > be IPv6-only. Removal of IPv4-re

Re: [Openvpn-devel] [PATCH] Specify platform and version on command line.

Hi. On Fri, Apr 13, 2018 at 1:23 PM, Micah Morton wrote: > From 557d2e73bf21ddb9d07b43f716c7914d610e7392 Mon Sep 17 00:00:00 2001 > From: Micah Morton > Date: Fri, 13 Apr 2018 09:55:22 -0700 > Subject: [PATCH] Specify platform and version on command line. > > Add --iv-plat and --iv-plat-rel comm

Re: [Openvpn-devel] [PATCH v5] Add Interactive Service developer documentation

Hi, On Sat, Jun 9, 2018 at 12:23 PM, Selva Nair wrote: > > Hi, > > On Thu, Apr 19, 2018 at 7:23 AM, Simon Rozman wrote: > > The OpenVPN Interactive Service documentation from > > https://community.openvpn.net/openvpn/wiki/OpenVPNInteractiveService was > > upgraded with a description of the clien

Re: [Openvpn-devel] [PATCH] Make up/down script errors not FATAL

Hi. On Mon, Jul 2, 2018 at 9:24 PM, wrote: > > From: Selva Nair > > Instead log only a warning. > > This helps user interfaces enforce a safer script-security setting > without causing a FATAL error. Can you expand on that? What "safer script secuity settings' do you have in mind? Tunnelblick

Re: [Openvpn-devel] [OpenVPN/openvpn-gui] UI showing green connected status despite not beeing able to create a route (#9)

Hi, On Fri, Jul 6, 2018 at 3:24 PM, Selva Nair wrote: > > Hi, > > Copying the devel list as a reminder that "we" have been asking for this > change for a long time :) > > On Fri, Jul 6, 2018 at 2:48 PM, Gert Doering wrote: >> >> Hi, >> >> On Fri, Jul 06, 2018 at 08:25:02AM -0700, Selva Nair wro

[Openvpn-devel] Dynamic challenge/response questions

I'm trying to implement dynamic challenge/response in Tunnelblick and have some questions. I've been using the management-interface documentation [1] as my guide. 1. Is what the management interface sends something like (all on one line): >PASSWORD:Verification Failed: 'Auth' >['CRV1:R,E:Om01u7F

Re: [Openvpn-devel] Dynamic challenge/response questions

Thank you very much, Selva. On Wed, Jul 18, 2018 at 10:48 PM, Selva Nair wrote: > There are two messages involved: > > 1. First comes the fake auth failure message which contains the > challenge string. The format of this is as you have quoted above. The > single quoted string between the square

Re: [Openvpn-devel] Dynamic challenge/response questions

Thank you, Selva! (Now all I need to do is get it working!) Best regards, Jon On Thu, Jul 19, 2018 at 11:39 AM, Selva Nair wrote: > Hi, > > On Thu, Jul 19, 2018 at 10:48 AM, Jonathan K. Bullard > wrote: >> Thank you very much, Selva. >> >> On Wed, Jul 18, 2018

Re: [Openvpn-devel] Dynamic challenge/response questions

Hi, Selva, On Thu, Jul 19, 2018 at 2:38 PM, Selva Nair wrote: >> Jon: I have a server for testing static and dynamic challenge. If > interested I can send you a config. Or use access server with a free > test license. Mine will just challenge with 1 + 1 = ? kind of > questions, nothing fancy. Th

Re: [Openvpn-devel] Dynamic challenge/response questions

Hi Arne, (For some reason Gmail put your post in my spam folder, so I just saw it now.) On Thu, Jul 19, 2018 at 11:49 AM, Arne Schwabe wrote: > Am 19.07.18 um 17:43 schrieb Jonathan K. Bullard: >> Thank you, Selva! (Now all I need to do is get it working!) >> > > If you

Re: [Openvpn-devel] Dynamic challenge/response questions

Hi, On Thu, Jul 19, 2018 at 2:38 PM, Selva Nair wrote: > Jon: I have a server for testing static and dynamic challenge. If > interested I can send you a config. Or use access server with a free > test license. Mine will just challenge with 1 + 1 = ? kind of > questions, nothing fancy. Thanks, Se

Re: [Openvpn-devel] Dynamic challenge/response questions

Thanks, Selva, On Mon, Jul 23, 2018 at 1:30 PM, Selva Nair wrote: > > Hi, > > > On Sat, Jul 21, 2018 at 1:21 PM, Jonathan K. Bullard > wrote: > > Hi, > > > > On Thu, Jul 19, 2018 at 2:38 PM, Selva Nair wrote: > >> Jon: I have a server

Re: [Openvpn-devel] Dynamic challenge/response questions

wrote: >> Hi, >> >> On Thu, Jul 19, 2018 at 02:38:55PM -0400, Selva Nair wrote: >>> On Thu, Jul 19, 2018 at 1:52 PM, Gert Doering wrote: >>> > On Thu, Jul 19, 2018 at 11:43:17AM -0400, Jonathan K. Bullard wrote: >>> >> Thank you, Selva! (Now all

Re: [Openvpn-devel] Dynamic challenge/response questions

Hi, On Mon, Jul 23, 2018 at 10:31 PM, Selva Nair wrote: > On Sat, Jul 21, 2018 at 1:21 PM, Jonathan K. Bullard > wrote: > >> Some, perhaps including Selva's $payingCustomer, may not want to use >> Tunnelblick betas or use OpenVPN 2.5 until it is released. > > I m

Re: [Openvpn-devel] Dynamic challenge/response questions

Hi, On Tue, Jul 24, 2018 at 12:02 AM, Selva Nair wrote: > Hi, > > On Mon, Jul 23, 2018 at 10:58 PM, Jonathan K. Bullard > wrote: >> I was testing Tunnelblick with Selva's C/R server and config (thanks >> again for that) and there was a problem. Maybe I'm (st

Re: [Openvpn-devel] OpenVPN argument parsing of most options ignores "extra" parameters

On Mon, May 4, 2015 at 9:26 AM, Jonathan K. Bullard wrote: > If I have a > configuration that has worked for many years I might be more likely to > not notice one warning among all the output in a typical log at the > default "verb 3" setting. Correction: the default se

[Openvpn-devel] [Patch] Fix null pointer dereference in options.c

(At Gert's request, I am posting this to openvpn-devel.) This patch fixes a null pointer dereference in options.c. Below are versions for openvpn-master and openvpn-2.3; they differ only in the line number reference. 2.3 branch diff -U 4 -r openvpn-release-2.3/src/openvpn/optio

[Openvpn-devel] [Patch] Fail if options have extra parameters

The attached patch causes an error if an option has are extra parameters; previously they were ignored. This feature was discussed on the openvpn-devel mailing list: http://thread.gmane.org/gmane.network.openvpn.devel/9599 The patch is for the master branch only -- the consensus of the mailing li

Re: [Openvpn-devel] [Patch] Fail if options have extra parameters

Sorry, forgot to add a link to the ticket for this: https://community.openvpn.net/openvpn/ticket/557 On Fri, May 29, 2015 at 11:38 AM, Jonathan K. Bullard wrote: > The attached patch causes an error if an option has are extra > parameters; previously they were ignored. > > This

Re: [Openvpn-devel] [Patch] Fail if options have extra parameters

Please ignore this patch; it is an old version. I will resubmit. Sorry for the noise. On Fri, May 29, 2015 at 11:54 AM, Jonathan K. Bullard wrote: > Sorry, forgot to add a link to the ticket for this: > > https://community.openvpn.net/openvpn/ticket/557 > > On Fri, May 29, 2

[Openvpn-devel] [Patch] Version 2: Fail if options have extra parameters

This is a new thread with version 2 of the patch; the first submission included the wrong .patch file and was withdrawn. The attached patch causes an error if an option has extra parameters; previously they were ignored (ticket #557 at https://community.openvpn.net/openvpn/ticket/557). This featu

Re: [Openvpn-devel] [Patch] Version 2: Fail if options have extra parameters

On Wed, Jun 3, 2015 at 2:33 AM, Arne Schwabe wrote: > ACK. But some things I noticed (should go into separate patch) > > We do not catch > > --connection foo, it is silently ignored I noticed a few such problems, mostly in options that I couldn't find consistent documentation for. I didn't want t

Re: [Openvpn-devel] [PATCH] Add TFTP and WPAD DHCP options

On Thu, Jul 2, 2015 at 2:56 AM, Jan Just Keijser wrote: > Attached is the patch to add the TFTP and WPAD DHCP options. The patch > is based on openvpn 2.3.7 as I did not know how to do a windows mingw > build of the git version ... > The patch was tested on Windows XP 32bit and Windows 7sp1 64bit.

Re: [Openvpn-devel] [PATCH v2] Add TFTP and WPAD DHCP options

On Thu, Jul 2, 2015 at 6:24 AM, Jan Just Keijser wrote: > I fully agree. Here's v2 with Jonathan's remarks addressed as well. ACK as to my concerns, thanks!

Re: [Openvpn-devel] Docs or Bug: --push options no longer require double quotes

On Sat, Jul 25, 2015 at 3:45 PM, Gert Doering wrote: > Hi, > > On Sat, Jul 25, 2015 at 01:34:46PM +0100, debbie...@gmail.com wrote: >> As the title states --push no longer requires options to be double quoted. > > Well, *did* it require double quotes at some point? If yes, when? Double-quotes ma

Re: [Openvpn-devel] [PATCH] Remove --enable-password-save option

Hi. On Sun, Nov 29, 2015 at 9:55 AM, Arne Schwabe wrote: > This options is enabled in virtually all distributions and gives no real > security benefit. > --- > configure.ac | 8 > src/openvpn/misc.c | 8 > src/openvpn/misc.h | 2 +- > src/openvpn/ssl.c | 8 > 4

[Openvpn-devel] Options that are "safe" for users to modify?

Inspired by Gert, I am considering adding a new feature to Tunnelblick (FOSS GUI for OpenVPN on OS X) and would like your reactions. In an earlier thread on openvpn-users, my original more grandiose idea was (with good reason) NAKed. It was also suggested that openvpn-devel was a better place for t

Re: [Openvpn-devel] Options that are "safe" for users to modify?

Hi. On Sat, Dec 12, 2015 at 5:23 PM, Arne Schwabe wrote: > Might not really be related to this but have looked into the work that > provides the certificates and keys via the managment console? We have > even have a contrib program that gets certificates from the Mac OS X > keychain and provides

Re: [Openvpn-devel] Options that are "safe" for users to modify?

Thanks, Selva. On Sat, Dec 12, 2015 at 5:43 PM, Selva Nair wrote: > I suppose, not just adding but also removing options will be allowed. There > could be more options that are ok (i.e not unsafe) to remove but not change. What I'm proposing isn't to allow "add/remove/modify" options in the Open

Re: [Openvpn-devel] [PATCH 09/10] Added directive to specify HTTP proxy credentials in config.

On Thu, Mar 3, 2016 at 3:19 AM, James Yonan wrote: > > The inline directive http-proxy-user-pass can be used to > specify proxy credentials in config, e.g.: > > http-proxy proxy.tld 3128 auto-nct > > foo > bar > > > This usage is already supported by OpenVPN 3. > > Signed-off-by: James Yonan >

Re: [Openvpn-devel] [PATCH 3/7] vlan: Add global, per-client 802.1q-based options

On Sun, Apr 3, 2016 at 2:51 PM, Mike Auty wrote: > > This patch add the new global "--vlan-tagging" boolean switch. This specifies > whether openvpn should handle 802.1q tagged packets in any way. > > This patch also adds the new global '--vlan-accept tagged|untagged|all' which > specifies the be

[Openvpn-devel] The end of the Gmane archive

Yesterday Lars Ingebrigtsen, who established and has run Gmane since 2002, posted an article saying that Gmane might go away [1]. He posted an update [2] which says the Gmane archive *has* gone away and unless someone steps up to take it over, it is gone for good. The OpenVPN mailing list archive

Re: [Openvpn-devel] [PATCH] Have the same username/password length regardless of PKCS#11 enablement

On Thu, Sep 22, 2016 at 6:04 AM, David Sommerseth wrote: > If running an OpenVPN client with --enable-pkcs11 and a server without > and having a username and/or password with more than 128 characters, > the authentication will fail as the server truncates the password > to 128 bytes. > > This make

Re: [Openvpn-devel] Topics for today's (Monday, 10th Oct 2016) community meeting

On Mon, Oct 10, 2016 at 8:56 AM, Samuli Seppänen wrote: > > We're going to have an IRC meeting today starting at 20:00 CEST (18:00 > UTC) on #openvpn-meeting irc.freenode.net. You do not have to be > logged in to Freenode to join the channel. I can't attend the meeting, so here is a simple (mayb

Re: [Openvpn-devel] [PATCH v4] Remove tun-ipv6 Option. Instead assume that IPv6 is always supported.

Hi. On Wed, Oct 12, 2016 at 5:13 AM, Arne Schwabe wrote: > > This option was useful when Ipv6 tun support was > non standard and was an internal/user specified flag > that tracked the Ipv6 capability of the tun device. > > All supported OS support IPv6. Also tun-ipv6 is > pushable by the remote s

Re: [Openvpn-devel] [PATCH v4] Remove tun-ipv6 Option. Instead assume that IPv6 is always supported.

Thanks, Arne. Sorry if I wasn't a clear as I should have been. On Wed, Oct 12, 2016 at 8:08 AM, Arne Schwabe wrote: > > Am 12.10.16 um 13:17 schrieb Jonathan K. Bullard: > > Hi. > > > > On Wed, Oct 12, 2016 at 5:13 AM, Arne Schwabe wrote: > >> This optio

Re: [Openvpn-devel] [PATCH v4] Remove tun-ipv6 Option. Instead assume that IPv6 is always supported.

Thanks to both Gert and Arne for their answers. On Wed, Oct 12, 2016 at 9:12 AM, Arne Schwabe wrote: >> What I should have asked is: with this patch will an OpenVPN client >> still send out IPv4 packets if there are no IPv6 options specified or >> pulled from the server?

Re: [Openvpn-devel] Summary of today's (Monday, 10th Oct 2016) community meeting

On Mon, Oct 10, 2016 at 4:26 PM, Samuli Seppänen wrote: > Discussed OpenVPN 2.3.13 release. Three things are missing: > > 1. recursive routing > 2. block-outside-dns v2 > 3. 64MB renegotiation for 64-bit block ciphers > > Cron2 will take care of 1-2, and syzzer will tackle 3. > > -- > > Preliminar

Re: [Openvpn-devel] Summary of today's (Monday, 10th Oct 2016) community meeting

On Wed, Nov 2, 2016 at 6:52 AM, Gert Doering wrote: > On Wed, Nov 02, 2016 at 06:19:26AM -0400, Jonathan K. Bullard wrote: >> Sorry to be a pest, but is there an update on when 2.3.13 might be released? > > Tomorrow ("noon-time-ish for Europe") > > (We decided this

Re: [Openvpn-devel] Summary of today's (Monday, 10th Oct 2016) community meeting

Hi, On Thu, Nov 3, 2016 at 8:26 AM, Gert Doering wrote: > > On Wed, Nov 02, 2016 at 06:19:26AM -0400, Jonathan K. Bullard wrote: > > On Mon, Oct 10, 2016 at 4:26 PM, Samuli Seppänen > wrote: > > > Discussed OpenVPN 2.3.13 release. Three things are missing: > >

Re: [Openvpn-devel] [PATCH] Use SHA256 for the internal digest, instead of MD5

On Sun, Dec 25, 2016 at 6:20 PM, Steffan Karger wrote: > Hi, > > On 18-12-16 22:26, Gert Doering wrote: >> On Sun, Dec 18, 2016 at 05:40:55PM +0100, Steffan Karger wrote: >>> Our internal options digest uses MD5 hashes to store the state, instead of >>> storing the full options string. There's no

Re: [Openvpn-devel] 2.3alpha1 fails on OS X when the --up argument contains more than an execution path

On Fri, Mar 23, 2012 at 10:18 AM, Gert Doering wrote: > Hi, Thank you, Gert, for your detailed comments on my first attempt at this patch. The patch is meant to fix problems in the new-in-2.3 checking of options before trying to create the connection. Options that accept a command parameter i

Re: [Openvpn-devel] 2.3alpha1 fails on OS X when the --up argument contains more than an execution path

On Wed, Mar 28, 2012 at 9:57 AM, Fabian Knittel wrote: gc_arena instances are used by explicitly passing a pointer to it. So, > unless one of the functions takes an instance of gc_arena as a > parameter, you don't need to prepare one. As many functions in OpenVPN > take one, there's some dead code

Re: [Openvpn-devel] 2.3alpha1 fails on OS X when the --up argument contains more than an execution path

On Wed, Mar 28, 2012 at 2:11 PM, David Sommerseth < openvpn.l...@topphemmelig.net> wrote: > > Attached is a heavily revised version of my original patch. It uses > > argv_printf() to __check__ an option's commands, so it accepts exactly > > the same input as the parts of OpenVPN that __use__ the

[Openvpn-devel] OpenVPN 3.3_alpha2 build problem

I'm trying to include OpenVPN 3.3_alpha2 in Tunnelblick (OS X GUI for OpenVPN), but get the following error when compiling OpenVPN on OS X: configure: error: lzo enabled but missing I am not familiar with the new OpenVPN build process, but I assume this is

Re: [Openvpn-devel] OpenVPN 3.3_alpha2 build problem

Thank you, Arne and Alon -- I finally managed to get Tunnelblick more-or-less built using the new build system in 2.3_alpha2. For the record, I had to use xxx*_LIBS*="-Lyyy" (not xxx*_LDFLAGS*) before ./configure, to get it working.

[Openvpn-devel] New build system questions

I'm in the process of trying to build 2.3_alpha2 into Tunnelblick. It's slow going because of my unfamiliarity with make/automake, etc. I have several questions: (1) Is there a way to disable building "openvpnserv" and the "auth-pam" plugin? (Other than modifying src/Makefile.am and src/plugins/Ma

Re: [Openvpn-devel] OpenVPN 3.3_alpha2 build problem

LIBS="-Lxxx -Lyyy -Lzzz" doesn't build. It gets "ld: library not found for -llzo2". On Mon, Jul 16, 2012 at 7:24 PM, Jonathan K. Bullard > wrote: > > Thank you, Arne and Alon -- I finally managed to get Tunnelblick > > more-or-less built using the new build system in 2.3_alpha2. > > > > For the record, I had to use xxx_LIBS="-Lyyy" (not xxx_LDFLAGS) before > > ./configure, to get it working. > > >

Re: [Openvpn-devel] [PATCH] plugin: load plugin relative to plugindir

On Tue, Jun 26, 2012 at 1:05 PM, Alon Bar-Lev wrote: > Currently openvpn requires/endorses specifying full path in plugin > parameter. As build system already aware of plugin location, it is > possible to load plugin relative to this directory, so full path is not > required nor more secured. > >

Re: [Openvpn-devel] New build system questions

On Mon, Jul 16, 2012 at 12:45 PM, Alon Bar-Lev wrote: > > (1) Is there a way to disable building "openvpnserv" and the "auth-pam" > > plugin? > --disable-plugin-auth-pam > Thanks. I have found the configure documentation. However, I can't get it to do what I want it to do: I want to build a singl

Re: [Openvpn-devel] [PATCH] plugin: load plugin relative to plugindir

On Wed, Jul 18, 2012 at 9:37 AM, Alon Bar-Lev wrote: > Nobody disables the absolute path use. > This patch permits relative use. > I'm sorry, I misunderstood. So a relative path will now be interpreted as relative to the plugins directory specified a build time, rather than whatever it is relati

Re: [Openvpn-devel] [PATCH] plugin: load plugin relative to plugindir

On Wed, Jul 18, 2012 at 10:10 AM, David Sommerseth < openvpn.l...@topphemmelig.net> wrote: > * The computer is configured to allow OpenVPN to run without root > password > Yes. The vulnerability requires configuring the computer to allow *the user*to start OpenVPN *as root* without entering the

[Openvpn-devel] Bug in program, bug in documentation, or something else?

A Tunnelblick user has reported odd behavior with name resolution failures. I can't tell if it is a bug in OpenVPN, a bug in the documentation, or something else. The behavior is apparently the same in OpenVPN 2.2.1 and 2.3alpha1. The 2.3 man page says: > --resolv-retry n > If hostname resol

Re: [Openvpn-devel] Bug in program, bug in documentation, or something else?

On Sun, Oct 21, 2012 at 7:03 PM, Eric Crist wrote: > This sounds like a Tunnelblick failure. I'd suggest checking with them > first, they do all sorts of things with scripts and such. > Thanks, but *I'm* the current Tunnelblick developer! You're correct that Tunnelblick does a lot in its script

Re: [Openvpn-devel] Bug in program, bug in documentation, or something else?

ase to see if this behavior was introduced in 2.2) and post them on this thread. On Mon, Oct 22, 2012 at 6:11 AM, David Sommerseth < openvpn.l...@topphemmelig.net> wrote: > On 22/10/12 10:48, Gert Doering wrote: > > Hi Jonathan, > > > > On Sun, Oct 21, 2012 at 06:40:

Re: [Openvpn-devel] [PATCH] Add support of utun devices under Mac OS X

On Mon, Apr 1, 2013 at 7:12 AM, Gert Doering wrote: > Hi, > > On Sun, Mar 31, 2013 at 10:43:29PM +0200, Arne Schwabe wrote: >> Mac OS X 10.7+ natively supports tun devices (called utun). The "standard" >> utun.ko driver is sometimes problematic (e.g. VmWare Fusion 5 and tun.ko do >> not work tog

Re: [Openvpn-devel] [PATCH] Add support of utun devices under Mac OS X

On Mon, Apr 1, 2013 at 10:29 AM, Arne Schwabe wrote: > > Am 01.04.13 15:26, schrieb Jonathan K. Bullard: > >> On Mon, Apr 1, 2013 at 7:12 AM, Gert Doering wrote: >>> >>> Hi, >>> >>> On Sun, Mar 31, 2013 at 10:43:29PM +0200, Arne Schwabe wr

Re: [Openvpn-devel] [PATCH] Add support of utun devices under Mac OS X

On Mon, Apr 1, 2013 at 11:06 AM, Arne Schwabe wrote: > > >> The "standard" utun.ko driver is sometimes problematic (e.g. VmWare >> Fusion 5 and tun.ko do not work together). >> >> If it is the other way around (use tun if it is available and if not, >> try utun) then anybody who has loade

Re: [Openvpn-devel] [PATCH] Add support of utun devices under Mac OS X

ote: > Am 01.04.13 17:18, schrieb Jonathan K. Bullard: > > On Mon, Apr 1, 2013 at 11:06 AM, Arne Schwabe wrote: >> >>> >>> The "standard" utun.ko driver is sometimes problematic (e.g. VmWare >>>>>>>> Fusion 5 and tun.ko do not wo

Re: [Openvpn-devel] building on OSX (for Tunnelblick) (was: [PATCH] Add support of utun devices under Mac OS X)

On Mon, Apr 1, 2013 at 2:48 PM, Gert Doering wrote: > On Mon, Apr 01, 2013 at 09:26:04AM -0400, Jonathan K. Bullard wrote: > > I don't have an opinion about including it in 2.3.2 vs. 2.4 -- I still > > can't get anything after 2.3alpha1 to build properly for Tunnelblick

Re: [Openvpn-devel] building on OSX (for Tunnelblick)

On Tue, Apr 2, 2013 at 9:46 AM, Arne Schwabe wrote: > > Tunnelblick is still being built on OS X 10.6.8 with Xcode 3.2.2 > > because it still supports PowerPC, which later versions of Xcode > > (which are required for use on 10.7+) don't support. > Is there a specific reason for Xcode 3.2.2? I se

Re: [Openvpn-devel] Native OS X tunnels

On Sun, Jun 16, 2013 at 5:14 PM, Arne Schwabe wrote: > > I think using utun as default at least for -master and 2.4rc candidates is > a good way to get the feature tested. I hope there is time in the next > OpenVPN developer IRC meeting to decide if my or your patch should be > included. I won'

Re: [Openvpn-devel] [Patch v2] Add support of utun devices under Mac OS X

On Tue, Jun 18, 2013 at 1:23 AM, Arne Schwabe wrote: > > Mac OS X 10.7+ natively supports tun devices (called utun). The "standard" > utun.ko driver is sometimes problematic (e.g. VmWare Fusion 5 and tun.ko do > not work together). > > When OpenVPN is compiled with utun support it will if no dev

Re: [Openvpn-devel] [Patch v3.1] Add support of utun devices under Mac OS X

On Thu, Jun 20, 2013 at 4:58 AM, Arne Schwabe wrote: > I have a OS X 10.6 VM with Xcode 3.2.6 installed and this VM has the > if/utun.h header. I probably was added somewhere between 10.6.0 and 10.6.8. Ah. Thanks for mentioning this. That makes sense. > I changed the M_ERR to M_WARN. It should

Re: [Openvpn-devel] [Patch v6] Add support of utun devices under Mac OS X

On Thu, Jun 20, 2013 at 1:28 PM, Gert Doering wrote: > > Hi, > > On Thu, Jun 20, 2013 at 04:38:43PM +0200, Arne Schwabe wrote: > > v6: add commit message change log, replace strstr with strncmp, move > > #includes to the top of the file > > > > This looks good to me. It would be great if Jonatha

Re: [Openvpn-devel] [Patch v7] Add support of utun devices under Mac OS X

On Fri, Jun 21, 2013 at 6:48 AM, Arne Schwabe wrote: > Mac OS X 10.7+ natively supports tun devices (called utun). The "standard" > utun.ko driver is sometimes problematic (e.g. VmWare Fusion 5 and tun.ko do > not work together). > > When OpenVPN is compiled with utun support it will if no dev-n

Re: [Openvpn-devel] English language? Re: [PATCH] Support non-ASCII characters in Windows tmp path

On Wed, Dec 4, 2013 at 4:35 AM, Matthias Andree wrote: > Am 19.11.2013 18:36, schrieb Heiko Hund: > > + msg (M_WARN, "Could not get temporary directory. Path is too > long." > > + " Consider to use --tmp-dir"); > > I think when touching the code, we ought to change all occurrences t

Re: [Openvpn-devel] [Openvpn-users] [PATCH] Add support for specifying the syslog facility, as requested in trac #188.

On Fri, May 2, 2014 at 11:20 AM, David Sommerseth < openvpn.l...@topphemmelig.net> wrote: > The core principle in OpenVPN's option > parsing is that the last argument wins. So if you have f.ex. --ping-exit > 3 > times in a command line and two times in a config file, it's the last one > which re

  1   2   >