[Openvpn-devel] [PATCH 1/2] Fix IPv6 in port-share journal

getpeername() and getsockname() will truncate the result if it is larger than the passed-in length. Because here always the size of the `sa` IPv4 union member was passed in, all larger (aka IPv6) results were truncated. Instead use the size of the `addr` union, which is the maximum size of all unio

[Openvpn-devel] [PATCH 2/2] Fix port-share journal doc

Filename and content descriptions were switched. Signed-off-by: corubba --- doc/man-sections/server-options.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/man-sections/server-options.rst b/doc/man-sections/server-options.rst index 0632e314..3fe9862c 100644 --- a/doc

Re: [Openvpn-devel] [PATCH v2 1/2] port-share: Normalize IPv4-mapped IPv6 addresses

Hi, On 26.12.24 14:00, Gert Doering wrote: > On Wed, Dec 25, 2024 at 05:21:35PM +0100, Gert Doering wrote: >> I'm fine with the idea, but I do not like the implementation with >> "yet another localized sockaddr manipulation function" - we already >> have similar code in socket.c/setenv_sockaddr(),

[Openvpn-devel] [PATCH v3 2/2] port-share: Add proxy protocol v2 support

In addition to the custom journal solution, also support the widely used binary PROXY protocol version 2 to convey the original client connection parameters to the proxy receiver. This makes the port-share journal feature more accessable and easier to use, because one doesn't need a custom integrat

Re: [Openvpn-devel] [PATCH v2 2/2] port-share: Add proxy protocol v2 support

Hi, On 26.12.24 14:13, Gert Doering wrote: > On Mon, Dec 16, 2024 at 01:22:51PM +0100, corubba via Openvpn-devel wrote: >> In addition to the custom journal solution, also support the widely >> used binary PROXY protocol version 2 to convey the original client >> connect

[Openvpn-devel] [PATCH v2 3/2] port-share: Add unix-socket and udp support for proxy protocol

Just in case it is ever needed. Signed-off-by: Corubba Smith --- src/openvpn/ps.c | 42 +++--- src/openvpn/socket.h | 1 + 2 files changed, 36 insertions(+), 7 deletions(-) diff --git a/src/openvpn/ps.c b/src/openvpn/ps.c index b5d04c5b..b34df315 100644

[Openvpn-devel] [PATCH v2 1/2] port-share: Normalize IPv4-mapped IPv6 addresses

Before passing IPv4-mapped IPv6 addresses to the proxy journal, translate them to plain IPv4 addresses. Whether the connection was accepted by OpenVPN on a "dual stack" socket is of no importance to the proxy receiver. Signed-off-by: Corubba Smith --- src/openvpn/ps.c | 18 ++ 1

[Openvpn-devel] [PATCH v2 2/2] port-share: Add proxy protocol v2 support

In addition to the custom journal solution, also support the widely used binary PROXY protocol version 2 to convey the original client connection parameters to the proxy receiver. This makes the port-share journal feature more accessable and easier to use, because one doesn't need a custom integrat

[Openvpn-devel] [PATCH 0/2] proxy protocol v2 for port-share

Hello, since v2.1 (released 2009) OpenVPN has the "port-share" feature, where it listens on a tcp port (like 443) and forwards/proxies all incoming non-OpenVPN connections (like HTTPS) to a different server/port (hereafter called the "downstream server"). Because this terminates the tcp connection

[Openvpn-devel] [PATCH 2/2] port-share: Add proxy protocol v2 support

In addition to the custom journal solution, also support the widely used binary PROXY protocol version 2 to convey the original client connection parameters to the proxy receiver. This makes the port-share journal feature more accessable and easier to use, because one doesn't need a custom integrat

[Openvpn-devel] [PATCH 1/2] port-share: Normalize IPv4-mapped IPv6 addresses

Before passing IPv4-mapped IPv6 addresses to the proxy journal, translate them to plain IPv4 addresses. Whether the connection was accepted by OpenVPN on a "dual stack" socket is of no importance to the proxy receiver. Signed-off-by: corubba --- src/openvpn/ps.c | 18 ++ 1 file c

[Openvpn-devel] [PATCH 3/2] port-share: Add unix-socket and udp support for proxy protocol

Subject: [PATCH 3/3] port-share: Add unix-socket and udp support for proxy protocol v2 Just in case it is ever needed. Signed-off-by: corubba --- src/openvpn/ps.c | 42 +++--- src/openvpn/socket.h | 1 + 2 files changed, 36 insertions(+), 7 deletions(-)

[Openvpn-devel] [PATCH] Support IPv6 towards port-share proxy receiver

While port-share already supports IPv6 connections from clients, it only supported IPv4 connections towards the proxy receiver. The used common/shared OpenVPN machinery is already IPv6-ready, so all needed was to use properly-sized `sockaddr` structs and removing hardcoded IPv4 restrictions. Signe

[Openvpn-devel] [PATCH 1/2] Remove x509-username-fields uppercasing

The uppercasing was first introduced together with the x509-username-field option in commit 935c62be, and first released with v2.2.0 in 2011. The uppercasing was later deprecated with commit f4e0ad82 and release v2.4.0 in 2016. It think it is time to finally remove it. This deprecated feature prev

[Openvpn-devel] [PATCH 2/2] Document x509-username-fields oid usage

When built against OpenSSL, the parameters of the x509-username-fields option are in extract_x509_field_ssl() fed through OBJ_txt2obj() [0] which accepts "long names and short names [...] as well as numerical forms." Because of this, you can for example use `x509-username-field 2.5.4.41` to make Op

[Openvpn-devel] [PATCH 0/2] x509-username-fields improvements

This patchset contains two small improvements for the x509-username-fields option. The first patch removes the long-deprecated and only for backwards-compatibility kept uppercasing of the fieldnames. The second patch documents a long available but until now undocumented way to specify fields by the