| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
* document {un,}trusted_ip6 in manpage
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
ipv6 endpoints
|
|
|
|
|
|
| |
- cmdline options help: add tcp6/udp6 missing messages
- win32: expand usage of proto_is_udp(), proto_is_tcp()
- replace some memset(&obj, 0, sizeof obj) by openvpn's CLEAR(obj)
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
althought sorta hacky, see TODO.ipv6.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
was incorrectly creating a PF_INET socket
|
|
|
|
|
| |
- tests now are pass (and fail) properly for ipv6/4 builds
* more GNU indenting
|
|
|
|
| |
GNU indentation for my deltas
|
|
|
|
| |
* tests Ok: {loopback,remote}{udp,tcp}{4,6}
|
|
|
|
|
| |
next: merge ipv{4,6} signal logic into one inside resolve_remote()
* passes {loopback,remote}{udp,tcp}{4,6} tests
|
|
|
|
|
| |
* passes {udp,tcp}x{v4,v6} loopback tests
* passes {udp,tcp}x{v6} remote tests
|
|
|
|
| |
Signed-off-by: David Sommerseth <davids@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Added the ability to have "COMMONNAME" replaced with certificate common
name in pam conversation.
Signed-off-by: Joe Patterson <j.m.patterson@gmail.com>
Acked-By: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
|
|
|
|
|
|
|
|
|
| |
A additional ';' had sneaked in commit 4c4b8cedfa98e8892a53. Lets
kick it out again.
Signed-off-by: Stefan Hellermann <stefan@the2masters.de>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 2db5a0ac3e053857d97e468de53e70a605f54561 adds two arguments to
plugin_call(...), but missed the !ENABLE_PLUGIN case. With
!ENABLE_PLUGIN, plugin_call(...) is only a dummy, so add these two
parameters there too.
Signed-off-by: Stefan Hellermann <stefan@the2masters.de>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After a review of the second round of the the v3 plug-in implementation, it
was decided to use a separate constant defining the version of the structs
used for argument and return value passing, instead of OPENVPN_PLUGIN_VERSION.
To not make it too complex, this patch uses a shared version constant for all
the v3 structures. It is not expected that these strucutures will change too
much and too often.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Acked-by: James Yonan <james@openvpn.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To build the plug-in, do ./build log_v3 in the plugin/examples directory.
This plug-in can be tested by running an OpenVPN server like this:
# ./openvpn --plugin plugin/examples/log_v3.so --dev tun \
--server 192.168.240.0 255.255.255.0 --ca sample-keys/ca.crt \
--cert sample-keys/server.crt --key sample-keys/server.key \
--dh sample-keys/dh1024.pem
The client can be started like this:
# ./openvpn --client --remote localhost --ca sample-keys/ca.crt \
--cert sample-keys/client.crt --key sample-keys/client.key \
--dev tun --nobind --auth-user-pass
This plug-in will only log arguments and environment variables it receives
during all the different plug-in phases OpenVPN currently supports. It will
also parse the X509 certificate information given during the TLS_VERIFY phase.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Acked-by: James Yonan <james@openvpn.net>
|
|
|
|
|
|
|
|
|
| |
The certificates sent to the plug-in API will only happen during the
OPENVPN_PLUGIN_TLS_VERIFY phase and will contain a pointer to the OpenSSL
X509 certificate data.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Acked-by: James Yonan <james@openvpn.net>
|
|
|
|
|
|
|
|
| |
Let OpenVPN call the openvpn_plugin_open_v3() and
openvpn_plugin_func_v3() plug-in functions if they exist in the plug-in.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Acked-by: James Yonan <james@openvpn.net>
|
|
|
|
|
|
|
|
| |
This just implements the basic API changes needed for the newer and more
flexible plug-in API.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Acked-by: James Yonan <james@openvpn.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Normally OpenVPN is configured with --dev {tun,tap}, but it is also possible
to use --dev myvpn instead. In these situations, OpenVPN will request
--dev-type as well to be able to set up a tun or tap device properly.
The 'dev' environment variable will contain the value provided by --dev. In
those cases where the plug-in/script need to behave differently when using a tun
device versus using a tap device, there are no possibilities for it to know what
kind of device --dev myvpn would be.
This patch adds a 'dev_type' environment variable which contains a string of the
device type, either automatically discovered based on the --dev name, or set using
the --dev-type option.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Acked-by: James Yonan <james@openvpn.net>
|
|
|
|
|
|
|
|
| |
Fixed issue where "signal SIGTERM" entered from the management
interface might get subsequently downgraded to a SIGUSR1.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6716 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
instead of "key" in client mode, and allows the client to run
without the need to load the actual private key. When the SSL
protocol needs to perform an RSA sign operation, the data to
be signed will be sent to the management interface via a
notification as follows:
>RSA_SIGN:[BASE64_DATA]
The management interface client should then sign BASE64_DATA
using the private key and return the signature as follows:
rsa-sig
[BASE64_SIG_LINE]
.
.
.
END
This capability is intended to allow the use of arbitrary
cryptographic service providers with OpenVPN via the
management interface.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6708 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Peter Korsgaard <jacmet@sunsite.dk> reported an issue [1] when compiling
with --disable-crypto activated. He suggested a patch, which only
partly solved the issue. SVN r6568 / commit 3cf9dd88fd84108 added a
new feature which further made it impossible to compile without crypto.
This patch fixes both issues, based on Peter Korsgaard's patch.
[1] <http://sourceforge.net/mailarchive/forum.php?thread_name=87fwx08bod.fsf%40macbook.be.48ers.dk&forum_name=openvpn-devel>
Signed-off-by: James Yonan <james@openvpn.net>
Acked-by: David Sommerseth <dazo@users.sourceforge.net>
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This allows using other X509 certificate fields for the certificate
authentication. To use altSubjectName, use
--x509-username-field ext:altSubjectName
This feature requires OpenVPN to be built with --enable-x509-alt-username
This patch is slightly modified, to honour --enable-x509-alt-username
compile time configuration. Two #ifdef's are added.
Signed-off-by: Markus Koetter <koetter@rrzn-hiwi.uni-hannover.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
|
|
|
|
| |
Signed-off-by: David Sommerseth <davids@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It should be sufficient to just try to see if socklen_t is defined.
Next, on all platforms it would be int in all other platforms.
And, there is no need to check for the type in monolitic environment
like Windows, as it will be always the same.
Currently it fails cross compile windows in mingw-w64 compiler, as
winsock.h is as follows:
"""
/* define WINSOCK_API_LINKAGE and WSAAPI for less
* diff output between winsock.h and winsock2.h, but
* remember to undefine them at the end of file */
"""
And the macro uses these macros which are internal winsock macros and
should not be used anyway.
Also, when did the autodefs.h went mandatory? Why is it in
tap-win32/common.h while no constant is actually used?
The use of WSA_IO_INCOMPLETE without including winsock2.h is invalid!
Look at http://msdn.microsoft.com/en-us/library/aa921087.aspx
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
|
|
|
|
|
|
| |
Signed-off-by: Samuli Seppänen <samuli@openvpn.net>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
|
|
|
|
|
|
|
|
| |
It is not clear in the manual that this feature is disabled
by default.
Signed-off-by: David Sommerseth <davids@redhat.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
By giving the "t" flag to _fdopen() on Windows, the file will be
opened in a "translate mode", where it will take care of converting
\n to \r\n, and also look for the CTRL-Z mark when opening the log
file in append mode.
Reference:
<http://msdn.microsoft.com/en-us/library/dye30d82%28VS.80%29.aspx>
Thanks to Alon Bar-Lev for pointing out this solution.
Reported-by: Thomas Reifferscheid
Signed-off-by: David Sommerseth <davids@redhat.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
| |
Removed reference to config-win32.h, which has been removed. Added
management-notes.txt to dist_doc_DATA.
Signed-off-by: Samuli Seppänen <samuli@openvpn.net>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
|