Re: [Openvpn-devel] interactive service docs

Hi On Mon, Jun 11, 2018 at 2:49 AM, Samuli Seppänen wrote: > Hi, > > Trac has its own Wiki syntax which is somewhat similar to Mediawiki, but > not at all the same. > > However, Trac supports RST natively: > > {{{#!rst > RST-formatted contents go in here > }}} > > For details see > > https://tr

Re: [Openvpn-devel] interactive service docs

Hi, On Mon, Jun 11, 2018 at 11:32 AM, Selva Nair wrote: > Hi > > On Mon, Jun 11, 2018 at 2:49 AM, Samuli Seppänen > wrote: > >> Hi, >> >> Trac has its own Wiki syntax which is somewhat similar to Mediawiki, but >> not at all the same. >> >>

Re: [Openvpn-devel] interactive service docs

On Tue, Jun 12, 2018 at 12:39 PM, Selva Nair wrote: > Hi, > > >>> However, Trac supports RST natively: >>> >>> {{{#!rst >>> RST-formatted contents go in here >>> }}} >>> >> >>> For details see >>&g

Re: [Openvpn-devel] interactive service docs

Hi, On Mon, Jun 18, 2018 at 1:10 PM, tincanteksup wrote: > Hi Selva, > > just a note that: > > > - ``--up`` scripts are run by openvpn.exe itself, which is running as user > *joe*, all privileges are nicely in place. > > - Scripts run by the GUI will run as user *joe*, so that automated tasks

Re: [Openvpn-devel] [PATCH v3 2/8] windows: properly configure TAP driver when no IPv4 is configured

On Mon, Jun 18, 2018 at 2:40 PM, Gert Doering wrote: > > Hi, > > On Wed, Jun 13, 2018 at 10:12:13PM +0800, Antonio Quartulli wrote: > > From: Antonio Quartulli > > > > This patch ensures that the TAP driver on a windows host is still > > configured, even though no IPv4 has been provided. > > > >

Re: [Openvpn-devel] interactive service docs

Hi, > Thanks for clarifying that it is NOT an --up script in this case .. > The comment about --up script was quoted from "Gert's email referred to there" and the advantage of running GUI up script was added later ( a few months ago). > The document you are looking for can also be found here: >

Re: [Openvpn-devel] [PATCH v3 2/8] windows: properly configure TAP driver when no IPv4 is configured

Hi, On Wed, Jun 20, 2018 at 11:53 AM, Gert Doering wrote: > Hi, > > On Wed, Jun 13, 2018 at 10:12:13PM +0800, Antonio Quartulli wrote: >> From: Antonio Quartulli >> >> This patch ensures that the TAP driver on a windows host is still >> configured, even though no IPv4 has been provided. >> >> In

Re: [Openvpn-devel] [PATCH] route: fix format string passed to argv_printf

Hi, On Fri, Jun 22, 2018 at 6:21 AM, Antonio Quartulli wrote: > %lu is not supported by our tiny argv_printf implementation and will > trigger an ASSERT() when parsing it. Even though this particular > ASSERT() is not critical as it happens during shutdown, we still have to > fix it. > > Since in

Re: [Openvpn-devel] [PATCH] route: fix format string passed to argv_printf

Hi, On Fri, Jun 22, 2018 at 10:48 AM, Antonio Quartulli wrote: > Hi, > > On 22/06/18 22:45, Selva Nair wrote: > [cut] > >> --- a/src/openvpn/route.c > >> +++ b/src/openvpn/route.c > >> @@ -1616,7 +1616,7 @@ add_route(struct route_ipv4 *r, const stru

Re: [Openvpn-devel] [PATCH v3 2/8] windows: properly configure TAP driver when no IPv4 is configured

Hi, On Fri, Jun 22, 2018 at 5:49 AM, Antonio Quartulli wrote: > Hi, > > On 22/06/18 17:46, Gert Doering wrote: > > Hi, > > > > On Fri, Jun 22, 2018 at 03:27:02PM +0800, Antonio Quartulli wrote: > >> Fri Jun 22 13:43:51 2018 us=116232 PUSH: Received control message: > 'PUSH_REPLY,redirect-gateway

Re: [Openvpn-devel] [PATCH v3 2/8] windows: properly configure TAP driver when no IPv4 is configured

On Fri, Jun 22, 2018 at 2:27 PM, Gert Doering wrote: > Hi, > > On Fri, Jun 22, 2018 at 02:12:24PM -0400, Selva Nair wrote: >> My tap adapter has a link local address (169.254.98.86) on it possibly due >> to a previous dhcp failure. May be I need to get rid of that (how?) to

Re: [Openvpn-devel] [PATCH v3 2/8] windows: properly configure TAP driver when no IPv4 is configured

Hi, On Fri, Jun 22, 2018 at 10:07 PM, Antonio Quartulli wrote: > Hi, > > On 23/06/18 02:27, Gert Doering wrote: >> Hi, >> >> On Fri, Jun 22, 2018 at 02:12:24PM -0400, Selva Nair wrote: >>> My tap adapter has a link local address (169.254.98.86) on it possibl

Re: [Openvpn-devel] [PATCH] Add %d, %u and %lu tests to test_argv unit tests.

Hi, On Sat, Jun 23, 2018 at 1:31 PM, Gert Doering wrote: > Hi, > > On Sat, Jun 23, 2018 at 02:15:03PM +0200, Gert Doering wrote: > > Some basic integer tests to verify signed, unsigned and > > long unsigned (2^33) printing. > > Ditch that patch... this only works on 64bit systems. > Most 64 bit

Re: [Openvpn-devel] [PATCH v2] Add %d, %u and %lu tests to test_argv unit tests.

Hi, This is good enough, but (there is always a but :) On Sat, Jun 23, 2018 at 2:15 PM, Gert Doering wrote: > Some basic integer tests to verify signed, unsigned and > long unsigned (2^33) printing. > That 2^33 still lurking in the commit message could go.. > > Signed-off-by: Gert Doering >

Re: [Openvpn-devel] [PATCH v3] Add %d, %u and %lu tests to test_argv unit tests.

Hi, On Sat, Jun 23, 2018 at 3:15 PM, Gert Doering wrote: > Some basic integer tests to verify signed, unsigned and > long unsigned (1L) printing. > > Signed-off-by: Gert Doering > -- > v2: test %lu with "1" as windows and linux/i386 do not have 64 bit long > v3: fix 2^33 in commit message, use

Re: [Openvpn-devel] OpenVPN GUI, and routes

Hi Russel, Long time ! On Wed, Jun 27, 2018 at 8:54 PM, Morris, Russell wrote: > Hi, > > > This may be by design – if so just say that and I’ll go away … 😉. But > that said – it seems I have to run the OpenVPN GUI (manually) as an > administrator, for routes to be set / added as directed by the

[Openvpn-devel] [PATCH] Make up/down script errors not FATAL

From: Selva Nair Instead log only a warning. This helps user interfaces enforce a safer script-security setting without causing a FATAL error. Signed-off-by: Selva Nair --- Note: All other scripts are called with flag = 0 and will only trigger a warning message if openvpn_execve fails. src

Re: [Openvpn-devel] [PATCH] Make up/down script errors not FATAL

Hi Jon, On Mon, Jul 2, 2018 at 11:13 PM, Jonathan K. Bullard wrote: > Hi. > > On Mon, Jul 2, 2018 at 9:24 PM, wrote: >> >> From: Selva Nair >> >> Instead log only a warning. >> >> This helps user interfaces enforce a safer script-security setting &g

Re: [Openvpn-devel] [PATCH] Make up/down script errors not FATAL

Hi, On Tue, Jul 3, 2018 at 3:09 AM, Gert Doering wrote: > Hi, > > On Mon, Jul 02, 2018 at 11:13:01PM -0400, Jonathan K. Bullard wrote: > > My initial reaction is that I'd rather a problem in the up/down > > scripts generates a fatal error, so if there's a problem in the > > Tunnelblick scripts s

[Openvpn-devel] [PATCH v2] Make up/down script errors not FATAL

From: Selva Nair Treat the error as not FATAL only if its triggered due to script_security < SSEC_SCRIPTS. This helps user interfaces enforce a safer script-security setting without causing a FATAL error. Signed-off-by: Selva Nair --- v2 changes: - Have script errors continue to trigge

Re: [Openvpn-devel] Upstreaming pqcrypto changes from microsoft/openvpn

Hi, Thanks for the follow up. On Fri, Jul 6, 2018 at 12:03 PM, Kevin Kane via Openvpn-devel wrote: > [Combining threads.] > > > > The work on the OpenSSL fork, and figuring out just what the right interface > is to bring PQ crypto to current crypto libraries, is going to be on-going. > PQ crypto

Re: [Openvpn-devel] [OpenVPN/openvpn-gui] UI showing green connected status despite not beeing able to create a route (#9)

Hi, Copying the devel list as a reminder that "we" have been asking for this change for a long time :) On Fri, Jul 6, 2018 at 2:48 PM, Gert Doering wrote: > Hi, > > On Fri, Jul 06, 2018 at 08:25:02AM -0700, Selva Nair wrote: > > Can we do something about this in open

[Openvpn-devel] [PATCH v3] Make up/down script errors not FATAL

From: Selva Nair The error is treated as a warning only if its triggered due to script_security < SSEC_SCRIPTS. This helps user interfaces enforce a safer script-security setting without causing a FATAL error. Signed-off-by: Selva Nair --- v3 changes: - script_security --> script_se

Re: [Openvpn-devel] Dynamic challenge/response questions

Hi, On Wed, Jul 18, 2018 at 7:46 PM, Jonathan K. Bullard wrote: > I'm trying to implement dynamic challenge/response in Tunnelblick and > have some questions. I've been using the management-interface > documentation [1] as my guide. > > 1. Is what the management interface sends something like (al

Re: [Openvpn-devel] Dynamic challenge/response questions

Hi, On Thu, Jul 19, 2018 at 10:48 AM, Jonathan K. Bullard wrote: > Thank you very much, Selva. > > On Wed, Jul 18, 2018 at 10:48 PM, Selva Nair wrote: > >> There are two messages involved: >> >> 1. First comes the fake auth failure message which contains the >

Re: [Openvpn-devel] Dynamic challenge/response questions

Hi, On Thu, Jul 19, 2018 at 1:52 PM, Gert Doering wrote: > Hi, > > On Thu, Jul 19, 2018 at 11:43:17AM -0400, Jonathan K. Bullard wrote: >> Thank you, Selva! (Now all I need to do is get it working!) > > Looking very much forward to see this happen :-) > > ($payingCustomer ) Send some €€/$$ from

Re: [Openvpn-devel] Dynamic challenge/response questions

Hi, On Sat, Jul 21, 2018 at 1:21 PM, Jonathan K. Bullard wrote: > Hi, > > On Thu, Jul 19, 2018 at 2:38 PM, Selva Nair wrote: >> Jon: I have a server for testing static and dynamic challenge. If >> interested I can send you a config. Or use access server with a free >&

Re: [Openvpn-devel] Dynamic challenge/response questions

Hi, On Sat, Jul 21, 2018 at 1:21 PM, Jonathan K. Bullard wrote: > Some, perhaps including Selva's $payingCustomer, may not want to use > Tunnelblick betas or use OpenVPN 2.5 until it is released. I missed this last time... Its Gert who has $$payingCustomer(s) :) Selva

Re: [Openvpn-devel] Dynamic challenge/response questions

Hi, On Mon, Jul 23, 2018 at 10:58 PM, Jonathan K. Bullard wrote: > I was testing Tunnelblick with Selva's C/R server and config (thanks > again for that) and there was a problem. Maybe I'm (still) > misunderstanding something, but a SIGUSR1 restart asks for the normal > username/password instead

[Openvpn-devel] [PATCH v3] Parse static challenge response in auth-pam plugin

From: Selva Nair If static challenge is in use, the password passed to the plugin by openvpn is of the form "SCRV1:base64-pass:base64-response". Parse this string to separate it into password and response and use them to respond to queries in the pam conversation function. On

Re: [Openvpn-devel] [PATCH] [openvpn-gui] Update system tray to populate Windows VPN flyout

Hi, On Wed, Jul 25, 2018 at 1:01 PM, Kevin Kane via Openvpn-devel wrote: > From ed96e2d91a0eb9ecdaab8d7104f397f7d77e5ced Mon Sep 17 00:00:00 2001 > > From: Kevin Kane > > Date: Fri, 13 Jul 2018 09:50:00 -0700 > > Subject: Update system tray to populate Windows VPN flyout > > > > Add a DLL to be

Re: [Openvpn-devel] Incoming: patches for the dialer feature

Hi, On Wed, Jul 25, 2018 at 1:01 PM, Kevin Kane via Openvpn-devel wrote: > Ok, I’ve gotten clearance to contribute the dialer feature from Microsoft’s > OpenVPN fork back upstream. As previously discussed, this feature isn’t > production-ready because the integration I did was quick and dirty – i

Re: [Openvpn-devel] Incoming: patches for the dialer feature

Hi, On Wed, Jul 25, 2018 at 1:45 PM, Gert Doering wrote: > Hi, > > On Wed, Jul 25, 2018 at 01:34:44PM -0400, Selva Nair wrote: >> Do we have an experimental branch where we could add this so that we do >> not lose track of it? > > If you tell me you want that and how

Re: [Openvpn-devel] Set interface metric instead letting it on auto (OS choice) when we have redirect-gateway present to enforce the desired effect for IPv6

Hi On Sat, Jul 28, 2018 at 9:46 PM, s7r wrote: > Gert Doering wrote: >> HI, >> >> On Fri, Jul 27, 2018 at 05:57:14PM +0300, s7r wrote: >>> I have run into a problem which raised my attention. I am not sure if I >>> can call this a bug, but I think it's best to discuss here and decide if >>> it sh

Re: [Openvpn-devel] Set interface metric instead letting it on auto (OS choice) when we have redirect-gateway present to enforce the desired effect for IPv6

Hi > > Thanks for the hint Selva. Indeed it looks like something DNS related. > The primary wired network interface has 1 IPv4-listening DNS server > (192.168.1.1, which uses 2 upstream IPv4-listening DNS server from the > ISP). The tun device has 2 IPv4 listening DNS servers (google) and 2 > IPv

Re: [Openvpn-devel] [PATCH v3] Parse static challenge response in auth-pam plugin

Hi, On Sun, Jul 29, 2018 at 3:34 PM, Gert Doering wrote: > Hi, > > On Tue, Jul 24, 2018 at 10:34:53PM -0400, selva.n...@gmail.com wrote: >> From: Selva Nair >> >> If static challenge is in use, the password passed to the plugin by openvpn >> is of the form &

Re: [Openvpn-devel] [PATCH v3] Parse static challenge response in auth-pam plugin

Hi, On Mon, Jul 30, 2018 at 10:31 AM, Antonio Quartulli wrote: > Hi, > > On 30/07/18 04:16, Selva Nair wrote: >> Yes that's the base64 patch. What is stopping it is not the >> disagreement on that patch but an "error" [*] in the plugin header >> that

Re: [Openvpn-devel] [PATCH v3] Parse static challenge response in auth-pam plugin

HI On Tue, Jul 31, 2018 at 3:07 AM, David Sommerseth wrote: > On 30/07/18 16:58, Selva Nair wrote: >> Hi, >> >> On Mon, Jul 30, 2018 at 10:31 AM, Antonio Quartulli wrote: >>> Hi, >>> >>> On 30/07/18 04:16, Selva Nair wrote: >>>>

Re: [Openvpn-devel] [PATCH 1/2] plugin: Export base64 encode and decode functions

Hi, Now that the minor "fix" for plugin header seems settled, back to the base64 export patch from David. On Fri, May 5, 2017 at 5:46 PM, David Sommerseth wrote: > This patch builds on the "Export secure_memzero() to plug-ins" patch and > adds export of openvpn_base64_encode() and openvpn_base64

Re: [Openvpn-devel] [PATCH] Clarify and expand management interface documentation

Hi, Thanks for updating and adding more clarity to these docs. On Tue, Jul 31, 2018 at 9:04 AM, Jonathan K. Bullard via Openvpn-devel wrote: > > Clarify and expand the documentation for the management interface: > > * Add examples of static and dynamic challenge/response sequences in > the "COMM

Re: [Openvpn-devel] [PATCH v3] Parse static challenge response in auth-pam plugin

Hi, On Tue, Aug 7, 2018 at 2:59 PM, Gert Doering wrote: ...some good comments snipped... > > There's another catch which we might want to at least document: if you > build this plugin and run it from a slightly older openvpn binary which > doesn't export the base64 functions, it will core dump

Re: [Openvpn-devel] [PATCH v3] Parse static challenge response in auth-pam plugin

Hi, On Tue, Aug 7, 2018 at 3:07 PM, Gert Doering wrote: > Hi, > > On Tue, Aug 07, 2018 at 08:59:37PM +0200, Gert Doering wrote: >> > v2: Depends on the base64 export patch >> > v3: match password string with "SCRV1:" instead of "SCRV1" >> > (pointed out by Joe Bell ) >> >> Nicely works and does w

Re: [Openvpn-devel] [PATCH v3] Parse static challenge response in auth-pam plugin

Hi, Correcting myself... >> Found an interesting caveat which should be addressed, I think. >> >> Our system (LinOTP) knows "PIN+OTP" or "PIN" as valid input, the >> latter leading to "send me a token by SMS/e-mail/...". >> >> If I press return at the challenge prompt, it seems the SCRV1: string

[Openvpn-devel] [PATCH 1/2] Bump version of openvpn plugin argument structs to 5

From: Selva Nair This was missed in commit 6690769f78bbfb889fef2a54088d979896c87d51 that exported base64_encode and base64_decode() functions. Also check the version is >= 5 in auth-pam plugin to ensure that the base64_decode function pointer can be referenced. Signed-off-by: Selva N

[Openvpn-devel] [PATCH 2/2] Accept empty password and/or response in auth-pam plugin

From: Selva Nair In the auth-pam plugin correctly parse the static challenge string even when password or challenge response is empty. Whether an empty user input is an error is determined by the PAM conversation function depending on whether the PAM module queries for it or not. Signed-off-by

Re: [Openvpn-devel] [PATCH v3] Parse static challenge response in auth-pam plugin

Hi On Tue, Aug 7, 2018 at 5:01 PM, Gert Doering wrote: > >> > in the LinOTP URL - so, it didn't decode it, because the second ':' >> > was missing (if I put a blank in there, I get pass=mypin%20). >> > >> > Is this intentional? Should it be that way? >> >> If you are constructing the SCRV1: line

Re: [Openvpn-devel] [PATCH v2] Clarify and expand management interface documentation

Hi, Thanks for the v2. On Wed, Aug 8, 2018 at 7:35 AM, Jonathan K. Bullard via Openvpn-devel wrote: > Clarify and expand the documentation for the management interface: > > * Add examples of static and dynamic challenge/response sequences in > the "COMMAND -- password and username" section. > >

[Openvpn-devel] [PATCH] Enable dhcp on tap adapter using interactive service

From: Selva Nair Currently, if dhcp on the TAP interface is disabled, OpenVPN on Windows tries to enable it using netsh but that succeeds only when run with admin privileges. When interactive service is available, delegate this task to the service. Trac # Tested on Windows 7 Signed-off-by

Re: [Openvpn-devel] [PATCH] Enable dhcp on tap adapter using interactive service

Hi, Thanks for the review and comments. A quick reply below, will send a v2 later. On Mon, Oct 1, 2018 at 7:11 AM Lev Stipakov wrote: > Hi, > > Thanks, I tested on Windows 10 with Visual Studio build and works as > expected. > > A few nitpicks: > > +if (!WriteFile(pipe, &dhcp, sizeof(dhcp),

[Openvpn-devel] [PATCH 2/3 v2] Enable dhcp on tap adapter using interactive service

From: Selva Nair Currently, if dhcp on the TAP interface is disabled, OpenVPN on Windows tries to enable it using netsh but that succeeds only when run with admin privileges. When interactive service is available, delegate this task to the service. Trac # Tested on Windows 7 Signed-off-by

[Openvpn-devel] [PATCH 1/3] Move get system directory to a separate function

From: Selva Nair Only refactoring to reduce code-duplication, no functional changes. Signed-off-by: Selva Nair --- src/openvpnserv/common.c | 16 +++- src/openvpnserv/interactive.c | 23 ++- src/openvpnserv/service.h | 3 +++ 3 files changed, 24

[Openvpn-devel] [PATCH 3/3] Refactor sending commands to interactive service

From: Selva Nair Move writing the message buffer to the interactive service pipe and reading acknowledgement to a function. A minor bug in open_tun where the ack data could be read even after a communication error is fixed. Signed-off-by: Selva Nair --- src/openvpn/route.c | 6 +- src

Re: [Openvpn-devel] [PATCH] openvpnserv: clarify return values type

Hi, On Wed, Oct 3, 2018 at 10:20 AM Lev Stipakov wrote: > From: Lev Stipakov > > Functions openvpn_vsntprintf and openvpn_sntprintf return > values of type int, but in reality it is always 0 or 1, which is > essentially bool. > openvpn_sntprintf could return -1 if size = 0, but this looks like

Re: [Openvpn-devel] [PATCH] openvpnserv: clarify return values type

On Wed, Oct 3, 2018 at 12:05 PM David Sommerseth < open...@sf.lists.topphemmelig.net> wrote: > On 03/10/18 17:08, Selva Nair wrote: > > > > > > To make code more clear, change return type to bool. Also > > use stdbool.h header instead of bool definition m

Re: [Openvpn-devel] [PATCH] openvpnserv: clarify return values type

Hi, On Wed, Oct 3, 2018 at 12:56 PM Lev Stipakov wrote: > Hi, > > Wishlist: openvpn_swprintf() with nul termination guarantee. I try to avoid >> the TCHAR variety be explicit about wide and narrow characters. >> > > Makes sense, at the moment we have 8 swprintf calls all followed by > something

Re: [Openvpn-devel] [PATCH v2] openvpnserv: clarify return values type

Hi, On Wed, Oct 3, 2018 at 1:24 PM Lev Stipakov wrote: > From: Lev Stipakov > > Functions openvpn_vsntprintf and openvpn_sntprintf return > values of type int, but in reality it is always 0 or 1 (and -1 for > snrptinf), which can be represented as boolean. > > To make code clearer, change retur

Re: [Openvpn-devel] OpenVPN 2.3.7-I602-x86_64.exe download 404 Error

On Wed, Jul 1, 2015 at 10:49 AM, Jan Just Keijser wrote: > On 01/07/15 16:41, Gert Doering wrote: > > Hi, > > > > On Wed, Jul 01, 2015 at 03:05:44PM +0100, debbie...@gmail.com wrote: > >> Resolving swupdate.openvpn.org (swupdate.openvpn.org)... 104.28.1.12, > >> 104.28.0.12 > >> Connecting to swu

Re: [Openvpn-devel] Adding routes on Windows using DHCP

On Wed, Jul 8, 2015 at 12:26 PM, Jan Just Keijser wrote: > > FWIW: I've patched openvpn to set routes using DHCP on Windows and yes, > it works: I can add any route to the system routing tables, including > 0.0.0.0/1 and 128.0.0.1/1 ; this could be used as an alternative to > requiring elevated p

Re: [Openvpn-devel] Adding routes on Windows using DHCP

On Thu, Jul 9, 2015 at 7:45 AM, Jan Just Keijser wrote: > as usual, Gert is right :( > I've added an explicit /32 route to the OpenVPN server via DHCP , which > Windows picks up, including the right LAN GW address *BUT* it associates > it with the VPN interface, not the regular LAN interface. Thu

[Openvpn-devel] Interactive windows service

Starting a new thread as this is somewhat tangential to the original On Sat, Oct 17, 2015 at 2:59 AM, Heiko Hund wrote: > > - The OpenVPN-GUI we bundle has several major issues, most related to > > having to run it as an admin > > The interactive service that I posted a year ago solves all these

Re: [Openvpn-devel] Creating a Windows team for OpenVPN?

On Mon, Oct 19, 2015 at 4:14 PM, Fish Wang wrote: > Regarding Windows OpenVPN GUI: I have an internal fork of this OpenVPN GUI > (https://github.com/jochenwierum/openvpn-manager) from jochenwierum, with > many bug fixes and improvements, and it works fairly well on Windows. Maybe > I should tidy

Re: [Openvpn-devel] Interactive windows service

On Tue, Oct 20, 2015 at 6:30 AM, Heiko Hund wrote: > On Saturday 17 October 2015 11:44:07 Selva Nair wrote: > > Is there a public repo where I can access this? I have been using a > > patched MI-GUI to avoid needing admin priv on windows but working > towards > > a

Re: [Openvpn-devel] Interactive windows service

On Tue, Oct 20, 2015 at 1:23 PM, Heiko Hund wrote: > On Tuesday 20 October 2015 13:11:44 Selva Nair wrote: > > Thanks for the link. I cloned it, but it appears to be the same as a late > > 2014 (early 2.3.x ?) version. In particular, the src directory has just > > the sa

Re: [Openvpn-devel] Creating a Windows team for OpenVPN?

On Tue, Oct 20, 2015 at 7:01 AM, Samuli Seppänen wrote: > > > On Tuesday 20 October 2015 10:15:22 Samuli Seppänen wrote: > Are you saying that the interactive service also doubles as a Windows > system service? If so, can it be configured to autostart selected > openvpn connection

Re: [Openvpn-devel] Creating a Windows team for OpenVPN?

Hi Debbie, On Tue, Oct 20, 2015 at 5:06 PM, wrote: > ho hum > > > -Original Message- > > From: David Sommerseth [mailto:openvpn.l...@topphemmelig.net] > > Sent: Monday, October 19, 2015 3:01 PM > > To: Morris, Russell ; Heiko Hund > > ; sam...@openvpn.net > > Cc: openvpn-devel@lists.sour

Re: [Openvpn-devel] Creating a Windows team for OpenVPN?

Hi, On Wed, Oct 21, 2015 at 7:54 AM, Morris, Russell wrote: > Hi, > > Lots of discussion on this - awesome to see! Perhaps a dumb question, but > I can see a few different ways to go on this, as I see comments about > services, applications, etc. ... so a couple thoughts, > - is the intention to

[Openvpn-devel] Fwd: Creating a Windows team for OpenVPN?

Hi, On Thu, Oct 22, 2015 at 1:44 AM, Heiko Hund wrote: > On Tuesday 20 October 2015 22:12:06 Selva Nair wrote: > > > But a sever admin would not want it in the system as it can allow any > user > > with some VPN server account to change the routes etc using the > >

[Openvpn-devel] Fwd: Creating a Windows team for OpenVPN?

On Thu, Oct 22, 2015 at 1:49 AM, Heiko Hund wrote: > On Tuesday 20 October 2015 14:01:33 Samuli Seppänen wrote: > > My NSSM-based replacement thingie aims to address all these > > shortcomings. I believe the interactive service and NSSM are > complementary. > > Or we extend the GUI to make it sta

Re: [Openvpn-devel] Creating a Windows team for OpenVPN?

Hi, On Thu, Oct 22, 2015 at 3:58 PM, Morris, Russell wrote: > Hi, > > Just checked - yep, 9.0.0.21. It seems to be from 2014 though? > > And to the other email I just sent (that seemed to bounce?), > Probably my mistake, in one of the posts I changed the address from devel to users unintentiona

Re: [Openvpn-devel] Creating a Windows team for OpenVPN?

Hi, This may be getting way too off-topic for this thread... Please consider starting a new thread on this TAP I/O error. On Fri, Oct 23, 2015 at 8:46 AM, Morris, Russell wrote: > Hi, > > > > Let me try to collect some logs – the issue is that I’m using NSSM … so it > restarts openvpn on a cra

Re: [Openvpn-devel] Creating a Windows team for OpenVPN?

Hi, On Sat, Oct 24, 2015 at 7:12 AM, Jason Haar wrote: > On 22/10/15 20:50, Gert Doering wrote: > > I've heard people ask for "we need the VPN to be up before user login so > > windows domain login works!" - so the GUI won't be around yet. > > > > Now, not being a windows person and not running

Re: [Openvpn-devel] Topics for today's (Monday, 26th Oct 2015) community meeting

On Mon, Oct 26, 2015 at 11:17 AM, Gmail wrote: > Regarding the instability of connection in the windows version: I > overcame this long ago (and works well to this date) by building a tiny > script that periodically pings the the ovpn gateway (server). If no ping > reply then restart the service

[Openvpn-devel] Windows: stopping openvpn using nssm

Hi, When nssm is used to start openvpn, "nssm stop service-name" appears to terminate the process not so gracefully. Especially, the log doesn't show the usual "SIGTERM received, sending exit-notify" (for example) nor does the the management interface get the state change message saying EXITING. (

Re: [Openvpn-devel] Windows: stopping openvpn using nssm

On Mon, Nov 2, 2015 at 3:31 AM, Samuli Seppänen wrote: >> >> I thought adding --service to the command line may cure this, but it >> doesn't. Any suggestions on how to teach openvpn to process termination >> by nssm as a SIGTERM, or make nssm send a SIGTERM? > > > Hi, > > Based on NSSM documentati

[Openvpn-devel] [PATCH] Fix termination when windows suspends/sleeps

/resume. Signed-off-by: Selva Nair --- src/openvpn/forward.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index 62eb6fc..cef063d 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -958,8 +958,9

Re: [Openvpn-devel] [PATCH applied] Re: Fix termination when windows suspends/sleeps

Hi, On Fri, Nov 6, 2015 at 4:12 PM, Gert Doering wrote: > On Fri, Nov 06, 2015 at 10:08:59PM +0100, Gert Doering wrote: >> ACK. Explanation makes sense, logs and testers demonstrate that it indeed >> fixes a significant problem, and the code is sane :-) - thanks. >> >> Your patch has been applie

[Openvpn-devel] Adding a ctrl-C handler in windows

Hi, I plan to add a control-C handler in win32.c. The handler will simply map it to SIGTERM. Is there any particular reason why control-C is not currently handled? We need this functionality to use nssm properly. When openvpn is started by nssm, the service has no good ways of gracefully terminat

Re: [Openvpn-devel] Adding a ctrl-C handler in windows

Hi, On Mon, Nov 9, 2015 at 1:04 PM, James Yonan wrote: >>> I plan to add a control-C handler in win32.c. The handler will simply >>> map it to SIGTERM. Is there any particular reason why control-C is not >>> currently handled? >> >> Hi, >> >> I forwarded this email to James - he might have a clue

[Openvpn-devel] [PATCH for gui] Do not disconnect on suspend by default

the registry during an upgrade of exisitng installations, or notify the end user of the change in the default value of disconnect_on_suspend (0). Signed-off-by: Selva Nair --- registry.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/registry.c b/registry.c index f96827a

Re: [Openvpn-devel] [PATCH for gui] Do not disconnect on suspend by default

Hi, >> Requires the installer to update the registry during an upgrade of exisitng >> installations, or notify the end user of the change in the default value of >> disconnect_on_suspend (0). > > What does this patch *do*? Is this the "set up registry key on first > start" part (so we set the def

[Openvpn-devel] [PATCH for gui v2] Do not disconnect on suspend

On Mon, Nov 9, 2015 at 3:56 PM, Gert Doering wrote: > On Mon, Nov 09, 2015 at 03:35:23PM -0500, Selva Nair wrote: >> Requires the installer to update the registry during an upgrade of exisitng >> installations, or notify the end user of the change in the default value of >>

[Openvpn-devel] [PATCH] Handle ctrl-C and ctrl-break events on Windows

On Mon, Nov 9, 2015 at 2:03 PM, Selva Nair wrote: >> It's probably okay to just make CTRL-c generate a SIGTERM as F4 is >> already doing. >> >> James > > Thanks for the comment. > > In the interactive mode, the console is opened with no > ENABLE_PROCES

[Openvpn-devel] [PATCH] Handle ctrl-C and ctrl-break events on Windows

Handle ctrl-C or ctrl-Break sent to the console as a SIGTERM. Depending on the console mode, windows delivers ctrl-C as a keyboard input or as a signal. We handle both cases. This allows graceful termination of the openvpn from programs such as nssm. Signed-off-by: Selva Nair --- src/openvpn

[Openvpn-devel] [PATCH] Do not hard-code windows systemroot in env_block

FWIW, fixes trac #500 Signed-off-by: Selva Nair --- src/openvpn/win32.c | 7 ++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/openvpn/win32.c b/src/openvpn/win32.c index 7c89a5a..d06b41f 100644 --- a/src/openvpn/win32.c +++ b/src/openvpn/win32.c @@ -763,7 +763,12

Re: [Openvpn-devel] [PATCH] Do not hard-code windows systemroot in env_block

On Fri, Nov 13, 2015 at 2:38 AM, Gert Doering wrote: > Hi, > > On Thu, Nov 12, 2015 at 09:41:27PM -0500, Selva Nair wrote: >> FWIW, fixes trac #500 >> >> Signed-off-by: Selva Nair >> --- >> src/openvpn/win32.c | 7 ++- >> 1 file changed,

Re: [Openvpn-devel] [PATCH] Do not hard-code windows systemroot in env_block

Hi, On Fri, Nov 13, 2015 at 10:27 AM, Gert Doering wrote: >> >> However, if the user specifies --win-sys some_cruft, win_sys_path will >> get set to that "some_cruft" (in options.c). User is the king. > > Yes. In this case, I do not worry at all - "you get what you ask for". In the current setu

Re: [Openvpn-devel] [PATCH] Handle ctrl-C and ctrl-break events on Windows

Hi, On Fri, Nov 13, 2015 at 2:36 PM, Gert Doering wrote: > On Wed, Nov 11, 2015 at 02:46:10PM -0500, Selva Nair wrote: > [..] >> Tested on windows 7 with cmd-line use and start/stop with nssm. For nssm, >> the default >> delay after ctrl-C is 1500 msec which is not e

Re: [Openvpn-devel] [PATCH v2] Add Windows DNS Leak fix using WFP ('block-outside-dns')

Hi, On Wed, Oct 28, 2015 at 3:47 AM, ValdikSS wrote: > This option is silently ignored on non-Windows platforms and works on > Vista+. > External DNS is blocked even if no DNS server configured (user may > configure it in the tap interface itself). > This option could be ignored from server push

Re: [Openvpn-devel] [PATCH v2] Add Windows DNS Leak fix using WFP ('block-outside-dns')

Hi, On Sat, Nov 14, 2015 at 3:20 PM, ValdikSS wrote: > Hi. > It stops resolving DNS right after connection for me every time too, but > that lasts 15 seconds at most, not the minutes. > Hmm.. one could live with 15 seconds but not 15 minutes. That's how long it took when I tried it again watchi

Re: [Openvpn-devel] [PATCH v2] Add Windows DNS Leak fix using WFP ('block-outside-dns')

On Sat, Nov 14, 2015 at 4:02 PM, Selva Nair wrote: > > Could you please try with my windows 7 settings -- dhcp for wifi, fixed > dns server ip on tap, no firewall On more testing, the fixed dns address on the adapter appears to be the issue. If dns is pushed from the server or specifi

Re: [Openvpn-devel] [PATCH v2] Add Windows DNS Leak fix using WFP ('block-outside-dns')

Hi, Here are some comments on the code -- there is one apparent memory leak (see below). .\"* > .TP > +.B \-\-block\-outside\-dns > +Block external DNS servers on other network adapters to prevent > the word "external" is not required nor

[Openvpn-devel] [PATCH] Handle ctrl-C and ctrl-break events on Windows

ses. This allows graceful termination of openvpn from programs such as nssm. Works in both console mode and service mode. Signed-off-by: Selva Nair --- src/openvpn/win32.c | 53 + 1 file changed, 52 insertions(+) diff --git a/src/openvpn/win32.c b/

Re: [Openvpn-devel] [PATCH v3-master] Add Windows DNS Leak fix using WFP ('block-outside-dns').

Hi, I couldn't apply the patch (its not against master? ) Also it looks like the memory leak not properly fixed (see below). But before making a new version please see the general comment in the following mail too. in win32.c > +} > + > +bool > +win_wfp_uninit() > +{ > +dmsg (D_LOW, "Uninit

Re: [Openvpn-devel] [PATCH v3-master] Add Windows DNS Leak fix using WFP ('block-outside-dns').

Hi, I feel some of the errors may have to be treated as FATAL. I understand this patch was discussed in the last IRC meeting, so may be I'm misunderstanding this, please bear with me. I presume, the main purpose of the option is to work around something seen as a serious security issue for some

Re: [Openvpn-devel] OpenVPN-GUI now on GitHub + other Windows team things

Hi, On Tue, Nov 17, 2015 at 8:44 AM, Morris, Russell wrote: > Hi, > > I do see the notes about " Building OpenVPN GUI from source" - but is > there a way to build this under Linux (may be easier for some)? > Cross compiling on linux is possible. Actually its the only way I've build the gui. Its

Re: [Openvpn-devel] OpenVPN-GUI now on GitHub + other Windows team things

Hi, On Fri, Nov 20, 2015 at 3:31 AM, Samuli Seppänen wrote: I added these instructions + David's notes here: > Thanks. I made some edits to the wiki (hope its ok). There were numerous typos in my email; also made it read less lik

Re: [Openvpn-devel] [PATCH] Handle ctrl-C and ctrl-break events on Windows

Hi, On Sun, Nov 22, 2015 at 10:18 AM, Gert Doering wrote: > Hi, > > On Mon, Nov 16, 2015 at 09:48:09PM -0500, Selva Nair wrote: > > v2 changes > > - cleaner, hopefully easier to get a code review :) > > - handles both console mode and service mode > > -- &g

Re: [Openvpn-devel] [PATCH] Handle ctrl-C and ctrl-break events on Windows

Hi, On Sun, Nov 22, 2015 at 11:30 AM, Gert Doering wrote: > On Sun, Nov 22, 2015 at 10:49:13AM -0500, Selva Nair wrote: > >its safer to setup nssm with a delay of 2500 msec > > between ctrl-C and 'kill without prejudice' (aka Terminate). > > Ah, yes. Thanks :-

Re: [Openvpn-devel] OpenVPN-GUI now on GitHub + other Windows team things

On Sun, Nov 22, 2015 at 12:33 PM, Morris, Russell wrote: > Hi, > > > > Went to get started on this, and I admit – a lot of different and > confusing information about the libraries and include files (and a lot of > it contradicts it seems). Do you have a good source for the “right” files > to gra

Re: [Openvpn-devel] [PATCH v4-master] Add Windows DNS Leak fix using WFP ('block-outside-dns')

Hi, On Thu, Nov 19, 2015 at 10:20 AM, ValdikSS wrote: > This option blocks all out-of-tunnel communication on TCP/UDP port 53 > (except > for OpenVPN itself), preventing DNS Leaks on Windows 8.1 and 10. > This version looks fine and works as promised (tested on Win 7 and 10). I'm told many win

<    1   2   3   4   5   6   7   8   9   10   >