summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--openvpn.814
-rw-r--r--push.c6
-rw-r--r--sample-config-files/loopback-client2
-rw-r--r--sample-config-files/loopback-server2
-rw-r--r--sample-keys/README2
-rw-r--r--sample-keys/ca.crt (renamed from sample-keys/tmp-ca.crt)0
-rw-r--r--sample-keys/ca.key (renamed from sample-keys/tmp-ca.key)0
7 files changed, 13 insertions, 13 deletions
diff --git a/openvpn.8 b/openvpn.8
index 8d55815..2d40ca9 100644
--- a/openvpn.8
+++ b/openvpn.8
@@ -3363,15 +3363,15 @@ certificate. This file can have multiple
certificates in .pem format, concatenated together. You can construct your own
certificate authority certificate and private key by using a command such as:
-.B openssl req -nodes -new -x509 -keyout tmp-ca.key -out tmp-ca.crt
+.B openssl req -nodes -new -x509 -keyout ca.key -out ca.crt
Then edit your openssl.cnf file and edit the
.B certificate
variable to point to your new root certificate
-.B tmp-ca.crt.
+.B ca.crt.
For testing purposes only, the OpenVPN distribution includes a sample
-CA certificate (tmp-ca.crt).
+CA certificate (ca.crt).
Of course you should never use
the test certificates and test keys distributed with OpenVPN in a
production environment, since by virtue of the fact that
@@ -5001,9 +5001,9 @@ Diffie Hellman parameters (see above where
.B --dh
is discussed for more info). You can also use the
included test files client.crt, client.key,
-server.crt, server.key and tmp-ca.crt.
+server.crt, server.key and ca.crt.
The .crt files are certificates/public-keys, the .key
-files are private keys, and tmp-ca.crt is a certification
+files are private keys, and ca.crt is a certification
authority who has signed both
client.crt and server.crt. For Diffie Hellman
parameters you can use the included file dh1024.pem.
@@ -5011,11 +5011,11 @@ parameters you can use the included file dh1024.pem.
.LP
On may:
.IP
-.B openvpn --remote june.kg --dev tun1 --ifconfig 10.4.0.1 10.4.0.2 --tls-client --ca tmp-ca.crt --cert client.crt --key client.key --reneg-sec 60 --verb 5
+.B openvpn --remote june.kg --dev tun1 --ifconfig 10.4.0.1 10.4.0.2 --tls-client --ca ca.crt --cert client.crt --key client.key --reneg-sec 60 --verb 5
.LP
On june:
.IP
-.B openvpn --remote may.kg --dev tun1 --ifconfig 10.4.0.2 10.4.0.1 --tls-server --dh dh1024.pem --ca tmp-ca.crt --cert server.crt --key server.key --reneg-sec 60 --verb 5
+.B openvpn --remote may.kg --dev tun1 --ifconfig 10.4.0.2 10.4.0.1 --tls-server --dh dh1024.pem --ca ca.crt --cert server.crt --key server.key --reneg-sec 60 --verb 5
.LP
Now verify the tunnel is working by pinging across the tunnel.
.LP
diff --git a/push.c b/push.c
index 3db8e74..e5c940a 100644
--- a/push.c
+++ b/push.c
@@ -273,12 +273,12 @@ remove_iroutes_from_push_route_list (struct options *o)
if (parse_line (line, p, SIZE (p), "[PUSH_ROUTE_REMOVE]", 1, D_ROUTE_DEBUG, &gc))
{
/* is the push item a route directive? */
- if (p[0] && p[1] && p[2] && !strcmp (p[0], "route"))
+ if (p[0] && !strcmp (p[0], "route") && !p[3])
{
/* get route parameters */
bool status1, status2;
const in_addr_t network = getaddr (GETADDR_HOST_ORDER, p[1], 0, &status1, NULL);
- const in_addr_t netmask = getaddr (GETADDR_HOST_ORDER, p[2], 0, &status2, NULL);
+ const in_addr_t netmask = getaddr (GETADDR_HOST_ORDER, p[2] ? p[2] : "255.255.255.255", 0, &status2, NULL);
/* did route parameters parse correctly? */
if (status1 && status2)
@@ -288,7 +288,7 @@ remove_iroutes_from_push_route_list (struct options *o)
/* does route match an iroute? */
for (ir = o->iroutes; ir != NULL; ir = ir->next)
{
- if (network == ir->network && netmask == netbits_to_netmask (ir->netbits))
+ if (network == ir->network && netmask == netbits_to_netmask (ir->netbits >= 0 ? ir->netbits : 32))
{
copy = false;
break;
diff --git a/sample-config-files/loopback-client b/sample-config-files/loopback-client
index 9db2877..5499763 100644
--- a/sample-config-files/loopback-client
+++ b/sample-config-files/loopback-client
@@ -17,7 +17,7 @@ dev null
verb 3
reneg-sec 10
tls-client
-ca sample-keys/tmp-ca.crt
+ca sample-keys/ca.crt
key sample-keys/client.key
cert sample-keys/client.crt
cipher DES-EDE3-CBC
diff --git a/sample-config-files/loopback-server b/sample-config-files/loopback-server
index 18bbbeb..d9fe506 100644
--- a/sample-config-files/loopback-server
+++ b/sample-config-files/loopback-server
@@ -18,7 +18,7 @@ verb 3
reneg-sec 10
tls-server
dh sample-keys/dh1024.pem
-ca sample-keys/tmp-ca.crt
+ca sample-keys/ca.crt
key sample-keys/server.key
cert sample-keys/server.crt
cipher DES-EDE3-CBC
diff --git a/sample-keys/README b/sample-keys/README
index dd5c25c..1cd473a 100644
--- a/sample-keys/README
+++ b/sample-keys/README
@@ -7,7 +7,7 @@ NOTE: THESE KEYS ARE FOR TESTING PURPOSES ONLY.
DON'T USE THEM FOR ANY REAL WORK BECAUSE
THEY ARE TOTALLY INSECURE!
-tmp-ca.{crt,key} -- sample CA key/cert
+ca.{crt,key} -- sample CA key/cert
client.{crt,key} -- sample client key/cert
server.{crt,key} -- sample server key/cert (nsCertType=server)
pass.{crt,key} -- sample client key/cert with password-encrypted key
diff --git a/sample-keys/tmp-ca.crt b/sample-keys/ca.crt
index e063ccc..e063ccc 100644
--- a/sample-keys/tmp-ca.crt
+++ b/sample-keys/ca.crt
diff --git a/sample-keys/tmp-ca.key b/sample-keys/ca.key
index b4bf792..b4bf792 100644
--- a/sample-keys/tmp-ca.key
+++ b/sample-keys/ca.key