- print protocol, source/dest addresses and ports
- mention "--allow-recursive-routing"
- add possible usecase to manpage
Trac #843
Signed-off-by: Lev Stipakov
---
doc/openvpn.8 | 4 ++-
src/openvpn/forward.c | 89 +++
2 fil
- print protocol, source/dest addresses and ports
- mention "--allow-recursive-routing"
- add possible usecase to manpage
Trac #843
Signed-off-by: Lev Stipakov
---
doc/openvpn.8 | 4 ++-
src/openvpn/forward.c | 89 +++
2 fil
V2: style fixes
- print protocol, source/dest addresses and ports
- mention "--allow-recursive-routing"
- add possible usecase to manpage
Trac #843
Signed-off-by: Lev Stipakov
style fixes
---
doc/openvpn.8 | 4 ++-
src/openvpn/forw
Hi,
> I'm not sure I'm convinced. This is quite a lot of extra code for
> an "add a few extra fields to a warning" enhancement - especially
> given that those that are already confused by the warning today
> will be more confused by "more numbers"...
>
I assume that people are confused by the f
From: Lev Stipakov
This patch decouples setting/unsetting NCP options
from the state of TLS context. At startup (and then
per sighup) we load config (pre-NCP) values to c1,
which persists over sigusr1. When tearing tunnel down
we restore (possibly modified) c->options back to
c1 (origi
From: Lev Stipakov
NCP negotiation can alter options. On reconnect
client sends possibly altered options while server
expects original values. This leads to warnings
in log and, if server uses --opt-verify, breaks
reconnect.
Fix by decouple setting/unsetting NCP options from
the state of TLS
From: Lev Stipakov
This patch enables building openvpn with Visual Studio 2017.
It is advised to use openvpn-build/msvs/build.bat which
also downloads and build required dependencies.
Changes made:
- updated path to Visual Studio toolchain
- updated platform toolset
- added missing
Hi,
>
> I was very delighted to see this contribution. However, after hours of
> struggling to compile and prepare pre-requisites, I gave up my attempts to
> test this patch. The openvpn-build/msvc/build.bat was indeed helpful,
> though a
> bit outdated to be directly usable.
>
Sorry, I probably
Hi,
Thanks, I tested on Windows 10 with Visual Studio build and works as
expected.
A few nitpicks:
+if (!WriteFile(pipe, &dhcp, sizeof(dhcp), &len, NULL)
> +|| !ReadFile(pipe, &ack, sizeof(ack), &len, NULL))
> +{
> +msg(M_WARN, "TUN: could not talk to service: %s [%lu]",
Hi,
> +if (!GetSystemDirectoryW(win_sys_path, _countof(win_sys_path)))
> +{
> +wcsncpy(win_sys_path, default_sys_path, _countof(win_sys_path));
> +win_sys_path[_countof(win_sys_path) - 1] = L'\0';
> +}
>
Is there need in adding null terminator to win_sys_path?
Since
Apparently it is a defensive programming to make sure that string is
null-terminated also in cases where default_sys_path length equals
to win_sys_path.
So, ACK.
ke 3. lokak. 2018 klo 11.53 Lev Stipakov (lstipa...@gmail.com) kirjoitti:
> Hi,
>
>
>> +if (!GetSystemDirector
ACK
ti 2. lokak. 2018 klo 23.02 selva.n...@gmail.com kirjoitti:
> From: Selva Nair
>
> Currently, if dhcp on the TAP interface is disabled, OpenVPN
> on Windows tries to enable it using netsh but that succeeds only when
> run with admin privileges.
>
> When interactive service is available, dele
Built and tested on VS, works as expected.
ACK.
ti 2. lokak. 2018 klo 23.02 selva.n...@gmail.com kirjoitti:
> From: Selva Nair
>
> Move writing the message buffer to the interactive service pipe and
> reading acknowledgement to a function.
>
> A minor bug in open_tun where the ack data could be
From: Lev Stipakov
Functions openvpn_vsntprintf and openvpn_sntprintf return
values of type int, but in reality it is always 0 or 1, which is
essentially bool.
To make code more clear, change return type to bool. Also
use stdbool.h header instead of bool definition macros.
Signed-off-by: Lev
Hi,
> In case of the service code, which is Windows only, there are about 30
> uses of
> BOOL but only a few cases of bool (typdef to int) all of which are in the
> deprecated
> automatic service code.
>
I agree, it probably not worth to introduce a "new" type (stdbool) to
interactive
service co
Hi,
Wishlist: openvpn_swprintf() with nul termination guarantee. I try to avoid
> the TCHAR variety be explicit about wide and narrow characters.
>
Makes sense, at the moment we have 8 swprintf calls all followed by
something like
> tmp[_countof(tmp)-1] = L'\0';
Will do.
-Lev
From: Lev Stipakov
Functions openvpn_vsntprintf and openvpn_sntprintf return
values of type int, but in reality it is always 0 or 1 (and -1 for
snrptinf), which can be represented as boolean.
To make code clearer, change return type to BOOL. Also
use stdbool.h header instead of bool definition
From: Lev Stipakov
Every call to swprintf is followed by line which adds nul terminator. This patch
introduces openvpn_swprintf() which guarantees nul termination for size > 0.
Same approach as for snprintf / openvpn_snprintf.
Signed-off-by: Lev Stipakov
---
src/openvpn/buffe
Hello Samuel,
Do you use radius plugin from http://www.nongnu.org/radiusplugin/ ? I
think the way OpenVPN delegates authentication to a plugin
(OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY hook) is asynchronous, as well
as plugin implementation, i. e. OpenVPN does not wait for a response.
Instead it perio
* Tools version changed to 12
* Added comp.c/h and compat.c/h to project files
* Workaround for missing __attribute__ support
Also, as a preparation for MSVS2015, ensured that snprintf is not defined for
that VS version.
---
config-msvc.h | 3 +++
src/compat/compat.vcxp
v2:
* Bump API level to Vista to for get_default_gateway_ipv6() implementation
* Define HAVE_INET_NTOP/PTON for Vista since it has own implementation of
inet_ntop/pton
v1:
* Add comp/compstub to project files
* Bump tools version to 12
* define __attribute__
Signed-off-by: Lev Stipakov
* Upgrade API level to Vista to implement get_default_gateway_ipv6
* Define HAVE_INET_NTOP/PTON since Vista has its own implementation of those
Signed-off-by: Lev Stipakov
---
config-msvc.h | 6 ++
msvc-env.bat | 2 +-
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/config
when file is removed. We catch that event and remove it from the
dictionary.
Feature is easily tested with sample "defer" plugin and following settings:
auth-user-pass-optional
setenv test_deferred_auth 3
plugin simple.so
Signed-off-by: Lev Stipakov
---
configure.ac | 15
When peer-id value is 0xFF, server should ignore it and treat packet
in a same way as P_DATA_V1.
Make sure that issued peer-id does not exceed 0xFF.
---
src/openvpn/mudp.c | 15 ---
src/openvpn/multi.c | 3 ++-
2 files changed, 14 insertions(+), 4 deletions(-)
diff --git a/
v2:
* Add round brackets for clarity.
* Rephrase comment.
v1:
* When peer-id value is 0xFF, server should ignore it and treat packet
in a same way as P_DATA_V1.
* Make sure that issued peer-id does not exceed 0xFF.
---
src/openvpn/mudp.c | 14 +++---
src/openvpn/multi.c | 3
Also disable behavior for static key setup.
---
src/openvpn/forward.c | 7 +--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
index 513fbae..c17be35 100644
--- a/src/openvpn/forward.c
+++ b/src/openvpn/forward.c
@@ -1199,13 +1199,16
seth, le Fri 02 May 2014 01:39:05 +0200, a écrit :
On 17/04/14 14:07, Lev Stipakov wrote:
Hello,
Are there any plans to support ipv6 env vars in
client-connect/disconnect scripts?
There are at least 2 tickes on that feature:
https://community.openvpn.net/openvpn/ticket/230
https://community.open
Fri 02 May 2014 01:39:05 +0200, a écrit :
>> On 17/04/14 14:07, Lev Stipakov wrote:
>> > Hello,
>> >
>> > Are there any plans to support ipv6 env vars in
>> > client-connect/disconnect scripts?
>> >
>> > There are at least 2
seth, le Fri 02 May 2014 01:39:05 +0200, a écrit :
On 17/04/14 14:07, Lev Stipakov wrote:
Hello,
Are there any plans to support ipv6 env vars in
client-connect/disconnect scripts?
There are at least 2 tickes on that feature:
https://community.openvpn.net/openvpn/ticket/230
https://community.open
seth, le Fri 02 May 2014 01:39:05 +0200, a écrit :
On 17/04/14 14:07, Lev Stipakov wrote:
Hello,
Are there any plans to support ipv6 env vars in
client-connect/disconnect scripts?
There are at least 2 tickes on that feature:
https://community.openvpn.net/openvpn/ticket/230
https://community.open
nal
setenv test_deferred_auth 3
plugin simple.so
Signed-off-by: Lev Stipakov
Add doxygen comment
---
configure.ac | 15 +
src/openvpn/forward.c | 8 +++
src/openvpn/mtcp.c| 28 +
src/openvpn/mudp.c| 27 +
src/openvpn/multi
Add missing #if P2MP_SERVER
---
src/openvpn/push.c | 2 ++
src/openvpn/push.h | 5 ++---
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/openvpn/push.c b/src/openvpn/push.c
index 704818d..a4cb726 100644
--- a/src/openvpn/push.c
+++ b/src/openvpn/push.c
@@ -410,6 +410,7 @@ push_r
if
client should reconnect to the same server or advance to the next one
- Fix compilation when OCC is disabled (--enable-small)
- Update man page
v2:
- Take into use explicit-exit-notify on the server side
- OCC_SHUTTING_DOWN renamed to OCC_SERVER_EXIT
- Code prettifying
Signed-off-by: Le
ACK from me. Tested on ics-openvpn, problem with endtag now fixed.
A nitpick. git am says:
/home/stiple/Projects/ics-openvpn/.git/modules/main/openvpn/rebase-apply/patch:20:
trailing whitespace.
char *line_ptr = line;
warning: 1 line adds whitespace errors.
On 14.10.2015 16:05, Arne Sc
Signed-off-by: Lev Stipakov
---
src/openvpn/mudp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/openvpn/mudp.c b/src/openvpn/mudp.c
index 3aed3a0..9fa9f9e 100644
--- a/src/openvpn/mudp.c
+++ b/src/openvpn/mudp.c
@@ -79,7 +79,7 @@ multi_get_create_instance_udp (struct
v2:
* Bump log level for attack attempt message
* More clear message for float event
v1:
* Decrease log level for peer float message
Signed-off-by: Lev Stipakov
---
src/openvpn/mudp.c | 2 +-
src/openvpn/multi.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src
Commit
https://github.com/OpenVPN/openvpn/commit/685e486e8b8f70c25f09590c24762ff734f94a51
introduced a variable length array. Although C99 supports that, MSVS 2013 still
requires
size of array to be compiler time constant. As a fix, use OPENSSL_malloc/free.
Signed-off-by: Lev Stipakov
---
src
1
> You don't have to use OPENSSL_malloc() in an application but you do
you can make use of OpenSSLs memory leak checking routines if you do.
-Lev
On 20.10.2015 16:52, Gert Doering wrote:
Hi,
On Tue, Oct 20, 2015 at 04:22:59PM +0300, Lev Stipakov wrote:
Commit
https://github.com
You don't have to use OPENSSL_malloc() in an application but you do
you can make use of OpenSSLs memory leak checking routines if you do.
-Lev
On 20.10.2015 16:52, Gert Doering wrote:
Hi,
On Tue, Oct 20, 2015 at 04:22:59PM +0300, Lev Stipakov wrote:
Commit
https://github.com/OpenVPN/open
Signed-off-by: Lev Stipakov
---
src/openvpn/ssl_openssl.c | 7 +++
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
index c08d4fe..3c8d41f 100644
--- a/src/openvpn/ssl_openssl.c
+++ b/src/openvpn/ssl_openssl.c
@@ -141,12 +141,12
ACK from me. Less code is better.
On 21.10.2015 01:39, Steffan Karger wrote:
There is no need to use OPENSSL_malloc(), so use our own functions that
automatically check for NULL and remove the now redundant NULL check.
Signed-off-by: Steffan Karger
---
src/openvpn/ssl_openssl.c | 33
ACK from me. My Clang static analyzer concurs.
On 21.10.2015 01:38, Steffan Karger wrote:
As it says on the tin. aresp would not be free'd nor returned by
my_conv() on errors. Note that we never reach this code if allocation
of aresp failed.
Found with the Clang static analyzer.
Signed-off-b
openvpn-plugin.h was not generated for MSVC build since it has been
removed from sources and made generated by configure script.
This fix generates it for MSVC build and substitutes macroses like
@OPENVPN_VERSION_MAJOR@ with actual values.
Signed-off-by: Lev Stipakov
---
build/msvc/msvc
th adapter name.
Signed-off-by: Olli Mannisto
Signed-off-by: Lev Stipakov
---
src/openvpn/tun.c | 26 +++---
1 file changed, 19 insertions(+), 7 deletions(-)
diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index 24a61ec..aa0278d 100644
--- a/src/openvpn/tun.c
+++ b/src/ope
Hello,
> And with interface indexes, it works all the time?
We have tested it on a few machines which previously have had this
problem and this patch has fixed that. We will test it for larger
audience in near future and report results.
-Lev
On 22.10.2015 16.59, Gert Doering wrote:
hi,
O
Signed-off-by: Lev Stipakov
---
src/openvpn/options.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 2f8915d..de6e453 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -2110,12 +2110,13
et adapter index and use it instead of adapter
name for netsh set address command. if unable to get adapter index,
try with adapter name.
Signed-off-by: Olli Mannisto
Signed-off-by: Lev Stipakov
---
src/openvpn/tun.c | 10 +-
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a
Hi,
It should actually be not very hard - we should be able to set "tt->actual"
to read "interface=nnn", and then it should work automagically without even
touching route.c at all
Setting "interface=" to "tt->actual_name" will affect all code
branches which use that value, for example "netsh
netsh when using
adapter name on "netsh.exe interface ipv6 set address" command.
Changed logic to get adapter index and use it instead of adapter
name for netsh set address command. if unable to get adapter index,
try with adapter name.
Signed-off-by: Olli Mannisto
Signed-off-by: Le
Add missing "include" directive.
Signed-off-by: Lev Stipakov
---
src/openvpn/mtcp.c | 4
1 file changed, 4 insertions(+)
diff --git a/src/openvpn/mtcp.c b/src/openvpn/mtcp.c
index b27c5eb..9926d47 100644
--- a/src/openvpn/mtcp.c
+++ b/src/openvpn/mtcp.c
@@ -37,6 +37,10 @@
Hi,
Since the new server side code does not actually *do* OCC any more we
are just #ifdef'ing it to access options->ce.explicit_exit_notify
because that one is only compiled in #ifdef ENABLE_OCC ... so we're
coupling this new functionality to an #ifdef which is not really
rel
-enable-small)
- Update man page
v2:
- Take into use explicit-exit-notify on the server side
- OCC_SHUTTING_DOWN renamed to OCC_SERVER_EXIT
- Code prettifying
Signed-off-by: Lev Stipakov
---
doc/openvpn.8 | 15 ++--
src/openvpn/multi.c | 66 +++
When client receives "RESTART,N", it advances to the next remote.
Whole patch (server + client) has been merged to master and will be part of 2.4.
Signed-off-by: Lev Stipakov
---
src/openvpn/push.c | 7 +++
1 file changed, 7 insertions(+)
diff --git a/src/openvpn/push.c b/s
Hi,
Sorry for the late response.
+bool
+win_wfp_uninit()
+{
+dmsg (D_LOW, "Uninitializing WFP");
+if (m_hEngineHandle) {
+FwpmSubLayerDeleteByKey0(m_hEngineHandle, &m_subLayerGUID);
+CLEAR(m_subLayerGUID);
+FwpmEngineClose0(m_hEngineHandle);
+m_hEngineHand
On 10.12.2015 18:49, ValdikSS wrote:
I'd better go with just
closing the engine without deleting everything. I don't see any
drawbacks, that should be perfectly OK for a dynamic session.
Is this correct, Lev? If yes, I'll push v9 today or tomorrow morning.
Removing non-working FwpmSubLayerDel
Hi,
So, if we want to use index also for "add/del route", I'd gently modify
add/del_route_ipv6 and make it use "interface=" (without breaking
"vpn server special route" case).
For consistency, I think we should do that. What I'd avoid is to do
the adapter_index lookup for every single route -
Thanks, I think (I think!) I got it now.
1) Since we have tt->adapter_index (which temporarily disappeared from
my perception of reality), no need to add new member to tuntap or
tuntap_options.
2) tt->adapter_index has nothing to do with rgi->adapter_index, first
one is windows adapter index
Trac #637
Signed-off-by: Lev Stipakov
---
src/openvpn/route.c | 16
src/openvpn/tun.c | 2 ++
2 files changed, 14 insertions(+), 4 deletions(-)
diff --git a/src/openvpn/route.c b/src/openvpn/route.c
index 4a60345..2012b5c 100644
--- a/src/openvpn/route.c
+++ b/src/openvpn
Trac #637
Signed-off-by: Lev Stipakov
---
src/openvpn/route.c | 16
src/openvpn/tun.c | 6 +-
2 files changed, 17 insertions(+), 5 deletions(-)
diff --git a/src/openvpn/route.c b/src/openvpn/route.c
index 4a60345..2012b5c 100644
--- a/src/openvpn/route.c
+++ b/src
Trac #637
---
src/openvpn/route.c | 8
src/openvpn/tun.c | 6 +-
2 files changed, 13 insertions(+), 1 deletion(-)
diff --git a/src/openvpn/route.c b/src/openvpn/route.c
index 1775a9c..cf5a067 100644
--- a/src/openvpn/route.c
+++ b/src/openvpn/route.c
@@ -1623,6 +1623,10 @@ add_rout
Trac #637
Signed-off-by: Lev Stipakov
---
src/openvpn/init.c | 18 ++
src/openvpn/misc.c | 6 ++
src/openvpn/misc.h | 3 +++
3 files changed, 27 insertions(+)
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 179c7ef..b0c0e26 100644
--- a/src/openvpn/init.c
+++ b
ACK.
I don't have VC2010, but at least on 2013 it compiles nicely.
Update toolset, define __attribute__.
Signed-off-by: Lev Stipakov
---
src/compat/compat.vcxproj | 4 +++-
src/openvpn/openvpn.vcxproj | 6 --
src/openvpn/syshead.h | 1 +
src/openvpnserv/openvpnserv.vcxproj | 4 +++-
4 files changed, 11 insertions(+), 4
Hi,
Screenshot seems to be lost in transmission.
Moving to openvpn-devel.
We could probably detect XP only (or technically "less then Vista") by
checking that IsWindowsVistaOrGreater() == false which seems to be
simpler. It should fix the problem.
However I like the idea that server will be abl
* Use adapter name instead of index on WinXP - sadly XP does not support indexes
* Write Windows version to log
* Send it with peer-info as IV_PLAT_VER
Signed-off-by: Lev Stipakov
---
config-msvc.h | 1 +
configure.ac | 1 +
src/compat/compat
v2:
* Add compat-versionhelpers.h to compat/Makefile.am so that "make dist" will
include it into tarball.
* Indentation
v1:
* Use adapter name instead of index on WinXP - sadly XP does not support indexes
* Write Windows version to log
* Send it with peer-info as IV_PLAT_VER
Signed-o
Also send it with peer-info as IV_PLAT_VER.
Signed-off-by: Lev Stipakov
---
config-msvc.h | 1 +
configure.ac | 1 +
src/compat/Makefile.am | 3 +-
src/compat/compat-versionhelpers.h | 81 ++
src
consequence, system starts talking to itself on full power,
traffic counters skyrocket and user is not happy.
To prevent that, drop packets which have gateway IP as
destination address.
Tested on Win7/10, OS X.
Trac #642
Signed-off-by: Lev Stipakov
---
src/openvpn/forward.c | 63
to.. tun.
As a consequence, system starts talking to itself on full power,
traffic counters skyrocket and user is not happy.
To prevent that, drop packets which have gateway IP as
destination address.
Tested on Win7/10, OS X.
Trac #642
Signed-off-by: Lev Stipakov
---
src/openvpn/forward.c
Trac #599
Signed-off-by: Lev Stipakov
---
src/openvpn/win32.c | 16
1 file changed, 16 insertions(+)
diff --git a/src/openvpn/win32.c b/src/openvpn/win32.c
index 6c6ac4c..5702304 100644
--- a/src/openvpn/win32.c
+++ b/src/openvpn/win32.c
@@ -1323,6 +1323,20
Hi James,
Has anyone seen issues with --block-outside-dns speed? Because this
approach drops certain DNS packets, I'm wondering if apps will
experience lag time while waiting for dropped DNS requests to time out.
Yes, I have experienced issues with that patch.
On only machine I was able to r
Yep, was a bit busy with other stuff last weeks.
On 27.04.2016 11:16, Arne Schwabe wrote:
I am just going through the patches. Lev, do you plan a follow up for this?
Arne
v3: Use better way of figuring out IP proto version which
does not break TAP mode. Add an option to allow recursive
routing, could be useful when packets sent by openvpn itself
are not subject to the routing tables that would move packets
into the tunnel.
v2: better method naming
On certain OSes
From: Lev Stipakov
v3: Use better way of figuring out IP proto version which
does not break TAP mode. Add an option to allow recursive
routing, could be useful when packets sent by openvpn itself
are not subject to the routing tables that would move packets
into the tunnel.
v2: better method
From: Lev Stipakov
v3:
* move assert outside of loop
* add max-clients value check to options
v2:
* Add round brackets for clarity
* Rephrase comment
Support for disabled peer-id
When peer-id value is 0xFF, server should ignore it and treat packet
in a same way as P_DATA_V1.
---
src
From: Lev Stipakov
v4:
- replace magic number with define
- show user a decimal value instead of hex
v3:
* move assert outside of loop
* add max-clients value check to options
v2:
* Add round brackets for clarity
* Rephrase comment
Support for disabled peer-id
When peer-id value is 0xFF
From: Lev Stipakov
v5:
* Few more nickpicks
v4:
* replace magic number with define
* show user a decimal value instead of hex
v3:
* move assert outside of loop
* add max-clients value check to options
v2:
* Add round brackets for clarity
* Rephrase comment
Support for disabled peer-id
When
ontext,
when options are added and context is reused - we got duplicates.
Fixed by adding options to buffer, as it was done previously.
Signed-off-by: Lev Stipakov
---
src/openvpn/push.c | 83 +++---
1 file changed, 22 insertions(+), 61 deletions(-)
Peer-id might change on restart and this should not trigger reopening
tun.
Trac #649
---
src/openvpn/push.c | 38 --
1 file changed, 24 insertions(+), 14 deletions(-)
diff --git a/src/openvpn/push.c b/src/openvpn/push.c
index 71f39c1..6feaa2a 100644
--- a/src/
Peer-id might change on restart and this should not trigger reopening
tun.
Trac #649
---
src/openvpn/push.c | 39 ---
1 file changed, 24 insertions(+), 15 deletions(-)
diff --git a/src/openvpn/push.c b/src/openvpn/push.c
index a1b999e..d7d54bf 100644
--- a/src
Hi,
ACK from me - tested that peer-id and cipher are not duplicated in
PUSH_REPLY when client reconnects and push-continuation works.
-Lev
2016-09-29 20:49 GMT+03:00 Steffan Karger :
> Hi,
>
> On 24 September 2016 at 12:23, Lev Stipakov wrote:
> > Starting from https://git
-devel] [PATCH] Fix duplicated PUSH_REPLY options
To: Lev Stipakov
Hi,
On 24 September 2016 at 12:23, Lev Stipakov wrote:
> Starting from https://github.com/OpenVPN/openvpn/commit/3a5a46cf2b7f6a8b85
20c2513a8054deb48bfcbe,
> we add peer-id and cipher values to context->options-&
v2:
- Use md5_* methods
- Move digest update to separate method
Peer-id might change on restart and this should not trigger reopening
tun.
Trac #649
---
src/openvpn/push.c | 43 +--
1 file changed, 29 insertions(+), 14 deletions(-)
diff --git a/src/open
v2:
- Move digest update to separate method
Peer-id might change on restart and this should not trigger reopening
tun.
Trac #649
---
src/openvpn/push.c | 45 ++---
1 file changed, 30 insertions(+), 15 deletions(-)
diff --git a/src/openvpn/push.c b/src/op
Replace C++ style comments, which are not allowed in ISO C90 standard,
with C style comments
Signed-off-by: Lev Stipakov
---
src/openvpn/crypto_openssl.c | 4 ++--
src/openvpn/ssl.c| 2 +-
src/openvpn/ssl_openssl.c| 36 ++--
src/plugins/auth-pam
Hi,
I am, and the first version is what we do in (most?) other places, so I'll
> change that on the fly.
>
Got it.
> Also, the patch introduces spurious tab<->whitespace changes "close to
> comments" in a few places - will undo those, too.
I noticed that in few places indentation is a bit of
Move client-specific push options (currently peer-id and cipher) to
separate list, which is deallocated after push_reply
has been send. This makes sure that options are fit into buf,
not duplicated nor leak memory on renegotiation.
Signed-off-by: Lev Stipakov
---
src/openvpn/push.c | 142
.
Signed-off-by: Lev Stipakov
---
src/openvpn/push.c | 186 ++---
1 file changed, 104 insertions(+), 82 deletions(-)
diff --git a/src/openvpn/push.c b/src/openvpn/push.c
index a1b999e..f7bcad1 100644
--- a/src/openvpn/push.c
+++ b/src/openvpn/push.c
memory on renegotiation.
Signed-off-by: Lev Stipakov
---
src/openvpn/push.c | 188 +
1 file changed, 104 insertions(+), 84 deletions(-)
diff --git a/src/openvpn/push.c b/src/openvpn/push.c
index df4f596..1f28826 100644
--- a/src/openvpn/push.c
options fit into buf,
not duplicated nor leak memory on renegotiation.
Signed-off-by: Lev Stipakov
Fix whitespaces and wrap long lines
---
src/openvpn/push.c | 206 ++---
1 file changed, 118 insertions(+), 88 deletions(-)
diff --git a/src/openvpn
From: Lev Stipakov
v4:
- Account for IP header offset in TAP mode
- Correct handle of non-IP protocols in TAP mode
v3: Use better way of figuring out IP proto version which
does not break TAP mode. Add an option to allow recursive
routing, could be useful when packets sent by openvpn itself
ACK from me
Tested with --disable-async-push, #define does not appear.
2016-12-07 0:10 GMT+02:00 David Sommerseth :
> AC_ARG_ENABLE() was used wrong, which led enable_async_push to
> always be set, regardless if --enable-async-push or --disable-async-push
> was used.
>
> Also spotted the exact s
Async-push is a server side feature and inotify_fd is
initialized in server mode.
Trac #786
---
src/openvpn/forward.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
index b50a2e0..4502e10 100644
--- a/src/openvpn/forward.c
+++ b
From: Lev Stipakov
---
Changes.rst | 5 +
1 file changed, 5 insertions(+)
diff --git a/Changes.rst b/Changes.rst
index 843f2bd..44fe346 100644
--- a/Changes.rst
+++ b/Changes.rst
@@ -147,6 +147,11 @@ Control channel encryption (``--tls-crypt``)
channel packets. Provides more privacy
Async push functionality makes sense only with deferred authentication,
which requires plugins.
Trac #783
Signed-off-by: Lev Stipakov
---
configure.ac | 4
1 file changed, 4 insertions(+)
diff --git a/configure.ac b/configure.ac
index 27bdcc3..946f3db 100644
--- a/configure.ac
+++ b
13.12.2016, 02:15, David Sommerseth kirjoitti:
> Coupling --enable-async-push with --enable-plugins makes a lot of sense.
> By the way, there is a typo in the errror message though
> (--enable_async_push should be --enable-async-push).
Yes :(
I wonder if actual committer could fix it or should
Async push is a sub-feature of plugins.
Trac #783
Signed-off-by: Lev Stipakov
---
src/openvpn/syshead.h | 7 +++
1 file changed, 7 insertions(+)
diff --git a/src/openvpn/syshead.h b/src/openvpn/syshead.h
index f5008b7..c7c3259 100644
--- a/src/openvpn/syshead.h
+++ b/src/openvpn/syshead.h
Hi Arne,
I am researching how "session id" can be added to packet. Could you please
clarify the statement "If we choose the session id to be 3 or 7 byte we
would not need the "hack" for the packets with
session id." ?
I am currently at very beginning, so questions might look odd.
1) "3 or 7" -
Hi guys,
I've read January's IRC meeting minutes and there was a discussion
about new frame format with session id.
Is there any progress in this field so far? If James or someone happen
to have time to document a new format, would be nice to see it.
--
-Lev
ition happens seamlessly.
I would love to hear any critics / comments!
--
-Lev
From 284e473548a49012baf6c954a637161eec11c2e8 Mon Sep 17 00:00:00 2001
From: Lev Stipakov
Date: Tue, 11 Mar 2014 17:58:31 +0200
Subject: [PATCH] Floating implementation. Use array lookup for new opcode
P_DATA_V2 and c
1 - 100 of 768 matches
Mail list logo
