[Openvpn-devel] Recently-disclosed LZO vulnerability and OpenVPN's use of LZO

A recent *"Lab Mouse Security research blog" entry* claimed that a bug exists in several implementations of the LZO algorithm commonly used by OpenVPN and that the bug causes a security vulnerability. A rebuttal on t

Re: [Openvpn-devel] Easy-RSA v3 release planning

On Tue, Dec 17, 2013 at 9:05 PM, Josh Cepek wrote: > The notable fix since -rc1 has been support for OpenSSL-0.9.8 (commit > 8b1fe01.) While I hope this isn't a common need, the fix was simple > enough, and this is still a supported OpenSSL version. > Any update on the availability of an -rc2 wi

Re: [Openvpn-devel] Easy-RSA v3 release planning

On Tue, Jul 15, 2014 at 12:05 AM, Eric Crist wrote: > Josh and I spoke on this today and we're going to push to close a couple > bugs and try to get an RC-2 published some time this week. > Terrific. Thanks for the update. > On Jul 14, 2014, at 22:57:29, Jonathan K.

Re: [Openvpn-devel] New OpenVPN Windows installers (I004 and I604) released

On Tue, Oct 21, 2014 at 5:11 AM, Gert Doering wrote: > This will hopefully be fixed in 2.4 with the interactive service, we just > need to find time for Heiko to find the code and send it to us :-) (but > I've already seen it last year) Is there any documentation for the new "interactive service"

Re: [Openvpn-devel] New OpenVPN Windows installers (I004 and I604) released

On Tue, Oct 21, 2014 at 6:43 AM, Gert Doering wrote: > Yes, exactly. In essence, you have a windows service running with full > privileges, which is instructed by the GUI to run an openvpn.exe process > (with user privs, so OpenVPN can't do damage) and OpenVPN communicates > back to the service w

[Openvpn-devel] [PATCH] Fix mismatch of fprintf format specifier and argument type

This fixes a warning about a mismatch between a fprintf format string and an argument type on Darwin-64-bit builds: %lu specifies type 'unsigned long' but the argument has type '__darwin_suseconds_t' (aka 'int') --- openvpn/src/openvpn/error.c 2015-01-23 13:17:50.0 -0500 +++ patched/src/op

Re: [Openvpn-devel] [PATCH v3] Mac OS X Keychain management client

On Mon, Feb 23, 2015 at 4:00 AM, Gert Doering wrote: > > On Mon, Feb 23, 2015 at 09:28:31AM +0100, Arne Schwabe wrote: > > > What do you think of the change? > > I like the idea. You could make the macos-keychain in the string optional. > > What Arne said (both parts of it) :-) I agree -- the ar

Re: [Openvpn-devel] [PATCH v3] Mac OS X Keychain management client

On Mon, Feb 23, 2015 at 8:10 AM, David Woodhouse wrote: > On Mon, 2015-02-23 at 13:59 +0100, Arne Schwabe wrote: >> >> All fine. My rationale was like, if I want a certificate with a certain >> SUBJECT (e.g. CN=schw...@mycoolca.com) etc. it should not matter for men >> wether I get it from OS X, W

[Openvpn-devel] OpenVPN argument parsing of most options ignores "extra" parameters

I would like to propose a patch which complains if OpenVPN options include parameters that are not expected. If possible, I would like to get a "feature ACK" consensus before I create the patch. (If I get a "feature NAK" then I won't create the patch.) The patch would be to reject options that ar

Re: [Openvpn-devel] OpenVPN argument parsing of most options ignores "extra" parameters

On Sun, May 3, 2015 at 12:33 PM, Steffan Karger wrote: > On 17-04-15 11:28, Jonathan K. Bullard wrote: > > I would like to propose a patch which complains if OpenVPN options > > include parameters that are not expected. > > I agree that silently ignoring extra parameters is

Re: [Openvpn-devel] Request peer review of modified OpenVPN client software

On Tue, May 12, 2015 at 7:27 AM, Lisa Minogue wrote: > Can I conclude from your above statements that applying obfuscation > patches to the standard OpenVPN client software may actually introduce > security vulnerabilities? > The openvpn_xorpatch

Re: [Openvpn-devel] Modernising the management interface

On Wed, Aug 31, 2016 at 2:55 PM, David Sommerseth wrote: > > > One of the things which have struck me is that D-Bus is adopted a lot > of places, and its internal API have been considered stable for about > 10 years or more. Even though there are areas where D-Bus seems a bit > over-engineered, i

[Openvpn-devel] Fwd: [PATCH] Remove deprecated --compat-x509-names and --no-name-remapping

Sorry, sent to Steffan but not the list: -- Forwarded message - From: Jonathan K. Bullard Date: Wed, Oct 24, 2018 at 7:00 AM Subject: Re: [Openvpn-devel] [PATCH] Remove deprecated --compat-x509-names and --no-name-remapping To: Steffan Karger Hi, The actual option name is

Re: [Openvpn-devel] Adding Google Analytics code to Trac?

Hi, On Wed, Oct 24, 2018 at 5:22 AM David Sommerseth wrote: > > On 24/10/18 13:47, Samuli Seppänen wrote: > > Hi, > > > > The OpenVPN Inc. webmaster would like to add Google Analytics to > > community.openvpn.net, i.e. our Trac wiki/bug tracker. I said we need to > > consult the community first b

Re: [Openvpn-devel] [PATCH 0/5] Implement additional two step authentication methods

Hi, On Thu, Jun 13, 2019 at 2:35 PM Selva Nair wrote: > > Hi > > On Thu, Jun 13, 2019 at 10:42 AM Arne Schwabe wrote: > > > > These patches mainly implement forwarding passing/forwarding extra > > messages between management interface on server and client side. > > > > These new extra messages c

Re: [Openvpn-devel] Removing --disable-server option from OpenVPN

Hi, On Wed, Sep 18, 2019 at 6:38 AM Samuli Seppänen wrote: > > Hi, > > We are considering removing the --disable-server option from OpenVPN in 2.5. > > Do you use (and need) it, or know of somebody using (and needing) it? As far as I know, it is not used by any Tunnelblick users. Also, note tha

Re: [Openvpn-devel] Removing --disable-server option from OpenVPN

Oops. On Wed, Sep 18, 2019 at 6:54 AM Jonathan K. Bullard wrote: > > Hi, > > On Wed, Sep 18, 2019 at 6:38 AM Samuli Seppänen wrote: > > > > Hi, > > > > We are considering removing the --disable-server option from OpenVPN in 2.5. > > > > Do you u

Re: [Openvpn-devel] [PATCH 2/2] When auth-user-pass file has no password, query the management

Hi, On Sun, Mar 29, 2020 at 4:34 PM wrote: > > From: Selva Nair > > If only username is found in the file, redirect the auth-user-pass > query to the management on Windows if (i) management-query-passwords > is enabled and (ii) stdout is redirected to a log file. These > restrictions avoid regre

Re: [Openvpn-devel] [PATCH 2/2] When auth-user-pass file has no password, query the management

Hi, On Sun, Mar 29, 2020 at 7:58 PM Selva Nair wrote: > > Hi, > > On Sun, Mar 29, 2020 at 7:13 PM Jonathan K. Bullard > wrote: > > On a Mac using Tunnelblick (which uses the management interface with > > management-query-passwords enabled), if the auth-user-pass

Re: [Openvpn-devel] [PATCH 2/2] When auth-user-pass file has no password, query the management

Hi, On Mon, Mar 30, 2020 at 11:12 AM Selva Nair wrote: > Jonathan K. Bullard wrote: > > > > If the OS X command line user was using --management-query-passwords > > (as Tunnelblick does), they wouldn't see the password prompt on > > /dev/tty, would they?

Re: [Openvpn-devel] [PATCH 2/2] When auth-user-pass file has no password, query the management

On Mon, Mar 30, 2020 at 12:30 PM Selva Nair wrote: > That is, if management-query-passwords is enabled and auth file is > missing password, query the management, not on console irrespective > of other options and OS. If that's acceptable, I'll submit a v2. That's fine with me (and Tunnelblick),

Re: [Openvpn-devel] [PATCH v2 2/2] When auth-user-pass file has no password, query the management

Hi, On Mon, Mar 30, 2020 at 2:06 PM wrote: > > From: Selva Nair > > When only username is found in the file, redirect the auth-user-pass > query to the management if management-query-passwords is enabled. > Otherwise the user is prompted on console, if available, as before. > > This changes the

Re: [Openvpn-devel] OpenVPN 2.4.9 released

IHi, On Fri, Apr 17, 2020 at 8:47 AM Samuli Seppänen wrote: > > The OpenVPN community project team is proud to release OpenVPN 2.4.9. It > can be downloaded from here: > > I'm having trouble verifying 2.4.9.tar.gz with GPG. I'm pretty clueless about gp

Re: [Openvpn-devel] OpenVPN 2.4.9 released

Hi, On Fri, Apr 17, 2020 at 5:35 PM Gert Doering wrote: > > ... the new subkeys are just a few weeks old, so we need to publish > a new key bundle with the new subkeys. So until a new security-keys-2020.asc (or whatever you will call it) is published on the OpenVPN website, I can't verify the do

Re: [Openvpn-devel] OpenVPN 2.4.9 released

Hi, On Fri, Apr 17, 2020 at 9:22 PM Antonio Quartulli wrote: > > Hi, > > On 18/04/2020 00:41, Jonathan K. Bullard wrote: > > Hi, > > > > On Fri, Apr 17, 2020 at 5:35 PM Gert Doering wrote: > >> > >> ... the new subkeys are just a few weeks old,

Re: [Openvpn-devel] [Openvpn-users] Multiple DNS search suffixes on Windows

Hi! On Sun, Jun 21, 2020 at 7:15 AM Gert Doering wrote: > > Hi, > > going through OpenVPN threads that went stale - I think this is > actually a nice addition (read: other people have already asked > me if this can be done). > > On Thu, Mar 05, 2020 at 01:53:12PM +0100, Jan Just Keijser wrote: >

Re: [Openvpn-devel] [Openvpn-users] Multiple DNS search suffixes on Windows

Hi, On Sun, Jun 21, 2020 at 11:15 AM Selva Nair wrote: > > Hi, > > On Sun, Jun 21, 2020 at 7:14 AM Gert Doering wrote: > > > > Hi, > > > > going through OpenVPN threads that went stale - I think this is > > actually a nice addition (read: other people have already asked > > me if this can be don

Re: [Openvpn-devel] [Patch] New man page corrections - windows-options.rst

Improves English diction and/or grammar of man page. Acked-by: Jonathan K. Bullard On Tue, Jun 30, 2020 at 9:11 PM Richard Bonhomme wrote: > > Signed-off-by: Richard Bonhomme > --- > doc/man-sections/windows-options.rst | 4 ++-- > 1 file changed, 2 insertions(+), 2 deleti

Re: [Openvpn-devel] [Openvpn-users] Multiple DNS search suffixes on Windows

Hi, On Fri, Jul 3, 2020 at 3:39 AM Jan Just Keijser wrote: > > Hi, > > On 02/07/20 23:04, David Sommerseth wrote: > > On 30/06/2020 16:15, Jan Just Keijser wrote: > >> hi, > >> > >> On 30/06/20 16:11, Gert Doering wrote: > >>> Hi, > >>> > >>> On Tue, Jun 30, 2020 at 04:07:52PM +0200, Jan Just Kei

Re: [Openvpn-devel] [RFC] Challenges with OpenVPN and configuring DNS

Hi. There's a lot here and I haven't digested all of it, but have a couple of comments about macOS and Tunnelblick, below. On Tue, Jun 23, 2020 at 6:57 PM David Sommerseth wrote: > > > Hi, > > Arne and I have discussed the challenge of DNS configuration and we have paid > attention to a recent di

Re: [Openvpn-devel] [PATCH applied] Re: Unified success messages for setting mtu

Hi, On Mon, Jul 6, 2020 at 11:43 AM Gert Doering wrote: > > Acked-by: Gert Doering > > Thanks :-) - given that this is somewhat trivial, I have not actually > run a binary to look at the messages. I have counted arguments and done > a test build to see if new warnings show up (no). > > I *do* s

Re: [Openvpn-devel] [PATCH] Include utun device number in utun error messages

Hi, On Sat, Jul 25, 2020 at 7:51 PM Arne Schwabe wrote: > > For lack of a better API (or knowledge about a better API) we try to > open utun devices on macOS by trying utun0 to utun255 and use the > first one that works. On my Mac I have already 4 devices that > do nothing but are just there and

Re: [Openvpn-devel] OpenVPN 2.5.9 released

Not yet seeing anything about 2.5.9 at https://openvpn.net/community-downloads/. (From the New York City metropolitan area.) Maybe caches need updating? Best regards, Jon Bullard On Thu, Feb 16, 2023 at 7:51 AM Frank Lichtenheld wrote: > The OpenVPN community project team is proud to relea

Re: [Openvpn-devel] OpenVPN 2.5.9 released

(Sorry for my earlier top-post.) On Thu, Feb 16, 2023 at 7:51 AM Frank Lichtenheld wrote: > > The OpenVPN community project team is proud to release OpenVPN 2.5.9. This is > a small bugfix release. > Was this sent a bit early? There is no 2.5.9 tag at https://github.com/OpenVPN/openvpn/tags. Be

Re: [Openvpn-devel] OpenVPN 2.5.9 released

On Thu, Feb 16, 2023 at 9:24 AM Arne Schwabe wrote: > > Am 16.02.23 um 14:11 schrieb Jonathan K. Bullard: > > Not yet seeing anything about 2.5.9 at > > https://openvpn.net/community-downloads/ > > <https://openvpn.net/community-downloads/>. (From the New Y

Re: [Openvpn-devel] [PATCH 7/7] add message about changing default values

Hi, On Mon, Sep 13, 2021 at 8:37 AM Gert Doering wrote: > > Hi, > > On Sat, Sep 04, 2021 at 11:56:29AM +0200, Antonio Quartulli wrote: > > Add warning at startup to notify users about the change. > [..] > > +/* Give a general warning at the end of initialisation that defaults > > + * have

Re: [Openvpn-devel] [PATCH applied] Re: Static-challenge concatenation option

Hi, On Mon, Sep 9, 2024 at 1:11 PM Gert Doering wrote: > > Hi, > > On Mon, Sep 09, 2024 at 12:01:54PM -0400, Selva Nair wrote: > > > Is the GUI support already committed? I seem to remember seeing a PR > > > for that "weeks ago"... and someone needs to bring Tunnelblick on board. > > > > I've se

Re: [Openvpn-devel] [L] Change in openvpn[master]: dns: don't publish env vars to non-dns scripts

HI. On Mon, Jan 13, 2025 at 8:13 AM d12fk (Code Review) wrote: > With --dns-script in place we no longer need DNS related vars in the > environment for other script hooks. Code for doing that is removed and > the function to set --dns stuff made static, for internal use only. > > Another thing:

Re: [Openvpn-devel] [L] Change in openvpn[master]: dns: don't publish env vars to non-dns scripts

On Mon, Jan 20, 2025 at 7:00 PM Heiko Hund wrote: > > Right, the plan is to ship this in 2.7, as it is a way too large change for > slipping it in somewhere in between. Ok, thanks! ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net htt

Re: [Openvpn-devel] [L] Change in openvpn[master]: dns: don't publish env vars to non-dns scripts

Hi. On Mon, Jan 20, 2025 at 2:38 PM Heiko Hund wrote: > Hi Jon > > On Montag, 20. Januar 2025 00:02:46 CET Jonathan K. Bullard wrote: > > On Mon, Jan 13, 2025 at 8:13 AM d12fk (Code Review) > > wrote: > > > With --dns-script in place we no longer need DNS related

[Openvpn-devel] [PATCH] Clarify and expand management interface documentation

--auth-retry none" (the default) is in effect. * Update the list of UIs that support challenge/response. * Fix a typo. ("posesses" => "possesses"). Signed-off-by: Jonathan K. Bullard --- doc/management-notes.txt | 213 --- 1 file

Re: [Openvpn-devel] [PATCH] Clarify and expand management interface documentation

Thanks, Selva. I agree with all of your comments except two, details below: On August 2, 2018 11:32 AM, Selva Nair wrote: > > >NEED-OK:Need 'token-insertion-request' confirmation MSG:Please insert > > your cryptographic token > > > > > > - The management client, if it is a GUI, can flash

[Openvpn-devel] [PATCH v2] Clarify and expand management interface documentation

--auth-retry none" (the default) is in effect. * Fix a typo. ("posesses" => "possesses"). Signed-off-by: Jonathan K. Bullard --- v2: * Incorporate Selva Nair’s suggestions (thanks!). * Remove incorrect quotes in Example 8. * Use &

<    1   2