openvpn.git, branch master Copy of the official OpenVPN git repo Refine float logging 2015-10-15T14:54:02+00:00 Lev Stipakov lstipakov@gmail.com 2015-10-15T11:39:42+00:00 5203d8094f38a9d23d983377171c11b1d3a82ad2 v2: * Bump log level for attack attempt message * More clear message for float event v1: * Decrease log level for peer float message Signed-off-by: Lev Stipakov <lstipakov@gmail.com> Acked-by: Steffan Karger <steffan.karger@fox-it.com> Message-Id: 1444909182-11785-1-git-send-email-lstipakov@gmail.com URL: http://article.gmane.org/gmane.network.openvpn.devel/10276 Signed-off-by: David Sommerseth <davids@redhat.com> 
v2:
 * Bump log level for attack attempt message
 * More clear message for float event

v1:
 * Decrease log level for peer float message

Signed-off-by: Lev Stipakov <lstipakov@gmail.com>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: 1444909182-11785-1-git-send-email-lstipakov@gmail.com
URL: http://article.gmane.org/gmane.network.openvpn.devel/10276
Signed-off-by: David Sommerseth <davids@redhat.com>
Fix commit c67acea173dc9ee37220f5b9ff14ede081181992 2015-10-15T14:50:04+00:00 Arne Schwabe arne@rfc2549.org 2015-10-14T13:05:56+00:00 cba33989101175ac07434b9c5cceba116bf38127 Move things to the proper place, ensure that line_ptr is actually properly initialized for *every* line read, not just for the first one Acked-by: Lev Stipakov <lstipakov@gmail.com> Message-Id: 1444827956-2169-1-git-send-email-arne@rfc2549.org URL: http://article.gmane.org/gmane.network.openvpn.devel/10271 Signed-off-by: David Sommerseth <davids@redhat.com> 
Move things to the proper place, ensure that line_ptr is actually properly
initialized for *every* line read, not just for the first one

Acked-by: Lev Stipakov <lstipakov@gmail.com>
Message-Id: 1444827956-2169-1-git-send-email-arne@rfc2549.org
URL: http://article.gmane.org/gmane.network.openvpn.devel/10271

Signed-off-by: David Sommerseth <davids@redhat.com>
Fix compilation with --disable-server 2015-10-11T10:59:03+00:00 Lev Stipakov lstipakov@gmail.com 2015-10-11T10:15:31+00:00 8929a395c7e9ad41872d9d25b654a14e1bb37e9c Add missing #if P2MP_SERVER Acked-by: David Sommerseth <davids@redhat.com> Message-Id: <1444558531-18241-1-git-send-email-lstipakov@gmail.com> URL: http://article.gmane.org/gmane.network.openvpn.devel/10259 Signed-off-by: David Sommerseth <davids@redhat.com> 
Add missing #if P2MP_SERVER

Acked-by: David Sommerseth <davids@redhat.com>
Message-Id: <1444558531-18241-1-git-send-email-lstipakov@gmail.com>
URL: http://article.gmane.org/gmane.network.openvpn.devel/10259
Signed-off-by: David Sommerseth <davids@redhat.com>
Send push reply right after async auth complete 2015-10-11T09:05:09+00:00 Lev Stipakov lstipakov@gmail.com 2015-10-10T16:04:25+00:00 0d1a75bfe241466230c41a52c6013494135c5935 v3: * better comments * better variable naming * include sys/inotify.h if HAVE_SYS_INOTIFY_H is defined v2: More careful inotify_watchers handling * Ensure that same multi_instance is added only once * Ensure that multi_instance is always removed v1: This feature speeds up connection establishment in cases when async authentication result is not ready when first push request arrives. At the moment server sends push reply only when it receives next push request, which comes 5 seconds later. Implementation overview. Add new configure option ENABLE_ASYNC_PUSH, which can be enabled if system supports inotify. Add inotify descriptor to an event loop. Add inotify watch for a authentication control file. Store mapping between watch descriptor and multi_instance in a dictionary. When file is closed, inotify fires an event and we continue with connection establishment - call client- connect etc and send push reply. Inotify watch descriptor got automatically deleted after file is closed or when file is removed. We catch that event and remove it from the dictionary. Feature is easily tested with sample "defer" plugin and following settings: auth-user-pass-optional setenv test_deferred_auth 3 plugin simple.so Signed-off-by: Lev Stipakov <lstipakov@gmail.com> Add doxygen comment Acked-by: David Sommerseth <davids@redhat.com> Message-Id: <1444493065-13506-1-git-send-email-lstipakov@gmail.com> URL: http://article.gmane.org/gmane.network.openvpn.devel/10248 Signed-off-by: David Sommerseth <davids@redhat.com> 
v3:
* better comments
* better variable naming
* include sys/inotify.h if HAVE_SYS_INOTIFY_H is defined

v2:
More careful inotify_watchers handling
* Ensure that same multi_instance is added only once
* Ensure that multi_instance is always removed

v1:
This feature speeds up connection establishment in cases when async
authentication result is not ready when first push request arrives. At
the moment server sends push reply only when it receives next push
request, which comes 5 seconds later.

Implementation overview.

Add new configure option ENABLE_ASYNC_PUSH, which can be enabled if
system supports inotify.

Add inotify descriptor to an event loop. Add inotify watch for a
authentication control file. Store mapping between watch descriptor and
multi_instance in a dictionary. When file is closed, inotify fires an
event and we continue with connection establishment - call client-
connect etc and send push reply.

Inotify watch descriptor got automatically deleted after file is closed
or when file is removed. We catch that event and remove it from the
dictionary.

Feature is easily tested with sample "defer" plugin and following settings:

auth-user-pass-optional
setenv test_deferred_auth 3
plugin simple.so

Signed-off-by: Lev Stipakov <lstipakov@gmail.com>

Add doxygen comment
Acked-by: David Sommerseth <davids@redhat.com>
Message-Id: <1444493065-13506-1-git-send-email-lstipakov@gmail.com>
URL: http://article.gmane.org/gmane.network.openvpn.devel/10248
Signed-off-by: David Sommerseth <davids@redhat.com>
Remove support for snappy compression. 2015-10-11T08:25:06+00:00 Gert Doering gert@greenie.muc.de 2015-10-10T16:34:49+00:00 9403e3f4b510fbc4187044f31be8f7dccbde1cf1 LZ4 is using less CPU at similar performance, and it is easier to build and support for binary installs (as it does not require C++ and a C++ runtime). Since it was never supported in any formally released OpenVPN version, just drop it again. This leaves in the compression opcode for Snappy for documentation purposes. trac #617 Signed-off-by: Gert Doering <gert@greenie.muc.de> Acked-by: Arne Schwabe <arne@rfc2549.org> Message-Id: <1444494889-28925-1-git-send-email-gert@greenie.muc.de> URL: http://article.gmane.org/gmane.network.openvpn.devel/10251 
LZ4 is using less CPU at similar performance, and it is easier to
build and support for binary installs (as it does not require C++
and a C++ runtime).  Since it was never supported in any formally
released OpenVPN version, just drop it again.

This leaves in the compression opcode for Snappy for documentation
purposes.

trac #617

Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1444494889-28925-1-git-send-email-gert@greenie.muc.de>
URL: http://article.gmane.org/gmane.network.openvpn.devel/10251
Fix "White space before end tags can break the config parser" 2015-10-11T07:52:13+00:00 janjust janjust@nikhef.nl 2015-10-10T16:12:49+00:00 c67acea173dc9ee37220f5b9ff14ede081181992 trac #569 Acked-by: Arne Schwabe <arne@rfc2549.org> Message-Id: <1444493569-24026-1-git-send-email-janjust@nikhef.nl> URL: http://article.gmane.org/gmane.network.openvpn.devel/10249 Signed-off-by: Gert Doering <gert@greenie.muc.de> 
trac #569

Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1444493569-24026-1-git-send-email-janjust@nikhef.nl>
URL: http://article.gmane.org/gmane.network.openvpn.devel/10249

Signed-off-by: Gert Doering <gert@greenie.muc.de>
Add CONTRIBUTING.rst 2015-10-10T13:48:55+00:00 Samuli Seppänen samuli@openvpn.net 2015-10-10T13:41:14+00:00 0c1d92291e4c1829bf503067e1f9d39328d01ee9 Signed-off-by: Samuli Seppänen <samuli@openvpn.net> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1444484474-6471-1-git-send-email-samuli@openvpn.net> Signed-off-by: Gert Doering <gert@greenie.muc.de> 
Signed-off-by: Samuli Seppänen <samuli@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1444484474-6471-1-git-send-email-samuli@openvpn.net>
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Update expiry date in management event loop 2015-10-10T10:36:40+00:00 Thomas Veerman thomas.veerman@wanwire.net 2014-01-22T08:27:29+00:00 b51a024a7b26e691e6459964d4d29f15b70089bd When there are events from the management console with an interval shorter than 1 second, the event loop never stops as it keeps resetting event_wait. Acked-by: Arne Schwabe <arne@rfc2549.org> Message-Id: <etPan.52df80ec.2901d82.13bb7@Bert-3.local> URL: http://article.gmane.org/gmane.network.openvpn.devel/8253 Signed-off-by: Gert Doering <gert@greenie.muc.de> 
When there are events from the management console with an interval shorter
than 1 second, the event loop never stops as it keeps resetting event_wait.

Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <etPan.52df80ec.2901d82.13bb7@Bert-3.local>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8253

Signed-off-by: Gert Doering <gert@greenie.muc.de>
Fix compilation error with --disable-crypto 2015-10-10T10:19:53+00:00 Lev Stipakov lstipakov@gmail.com 2015-10-10T10:14:29+00:00 b05a453be5dd21326e79f42b0a363f2f23eaa29a Also disable "ENETUNREACH -> restart" behavior for static key setup. Acked-by: Arne Schwabe <arne@rfc2549.org> Message-Id: <1444472069-32036-1-git-send-email-lstipakov@gmail.com> URL: http://article.gmane.org/gmane.network.openvpn.devel/10231 Signed-off-by: Gert Doering <gert@greenie.muc.de> 
Also disable "ENETUNREACH -> restart" behavior for static key setup.

Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1444472069-32036-1-git-send-email-lstipakov@gmail.com>
URL: http://article.gmane.org/gmane.network.openvpn.devel/10231

Signed-off-by: Gert Doering <gert@greenie.muc.de>
Fix --mtu-disc option with IPv6 transport 2015-10-10T09:58:41+00:00 Julien Muchembled jm@nexedi.com 2015-10-10T09:44:51+00:00 2bed089d31a12c2d0277e36a64964ebab6640f75 Socket configuration of MTU discovery was done unconditionally at IP level, which has no effect for other protocols. This fixes the issue of OpenVPN sending fragmented tcp6/udp6 packets even when 'mtu-disc yes' option is passed. Patch V2 (by Arne Schwabe): Rebase to current master and have separate #ifdefs for IPv4 an IPv6 Signed-off-by: Julien Muchembled <jm@nexedi.com> Acked-by: Arne Schwabe <arne@rfc2549.org> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1444470291-2980-1-git-send-email-arne@rfc2549.org> URL: http://article.gmane.org/gmane.network.openvpn.devel/10229 Signed-off-by: Gert Doering <gert@greenie.muc.de> 
Socket configuration of MTU discovery was done unconditionally at IP level,
which has no effect for other protocols. This fixes the issue of OpenVPN
sending fragmented tcp6/udp6 packets even when 'mtu-disc yes' option is
passed.

Patch V2 (by Arne Schwabe): Rebase to current master and have
separate #ifdefs for IPv4 an IPv6

Signed-off-by: Julien Muchembled <jm@nexedi.com>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1444470291-2980-1-git-send-email-arne@rfc2549.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/10229
Signed-off-by: Gert Doering <gert@greenie.muc.de>