summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
| * | Fixed bug that incorrectly placed stricter TCP packet replay rules onJames Yonan2011-04-266-14/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | UDP sessions when the client daemon was running in UDP/TCP adaptive mode, and transitioned from TCP to UDP. The bug would cause a single dropped packet in UDP mode to trigger a barrage of packet replay errors followed by a disconnect and reconnect. Version 2.1.3r git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7125 e7ae566f-a301-0410-adde-c780ea21d3b5
| * | Added more packet ID debug info at debug level 3 for debuggingJames Yonan2011-04-266-28/+142
| | | | | | | | | | | | | | | | | | | | | | | | | | | false positive packet replays. Version 2.1.3q. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7109 e7ae566f-a301-0410-adde-c780ea21d3b5
| * | Added ./configure --enable-osxipconfig option for Mac OS X which willJames Yonan2011-04-263-2/+26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | enable the use of ipconfig (instead of ifconfig) for configuring the IP address and netmask of the tun/tap adapter. Version 2.1.3p git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7092 e7ae566f-a301-0410-adde-c780ea21d3b5
| * | Added "auth-token" client directive, which is intended to beJames Yonan2011-04-2611-13/+113
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | pushed by server, and that is used to offer a temporary session token to clients that can be used in place of a password on subsequent credential challenges. This accomplishes the security benefit of preventing caching of the real password while offering most of the advantages of password caching, i.e. not forcing the user to re-enter credentials for every TLS renegotiation or network hiccup. auth-token does two things: 1. if password caching is enabled, the token replaces the previous password, and 2. if the management interface is active, the token is output to it: >PASSWORD:Auth-Token:<token> Also made a minor change to HALT/RESTART processing when password caching is enabled. When client receives a HALT or RESTART message, and if the message text contains a flags block (i.e. [FFF]:message), if flag 'P' (preserve auth) is present in flags, don't purge the Auth password. Otherwise do purge the Auth password. Version 2.1.3o git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7088 e7ae566f-a301-0410-adde-c780ea21d3b5
| * | win/sign.py now accepts an optional tap-dir argument.James Yonan2011-04-261-4/+8
| | | | | | | | | | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7086 e7ae566f-a301-0410-adde-c780ea21d3b5
| * | Version 2.1.3nJames Yonan2011-04-261-1/+1
| | | | | | | | | | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7069 e7ae566f-a301-0410-adde-c780ea21d3b5
| * | Client will now try to reconnect if no push reply receivedJames Yonan2011-04-264-3/+20
| | | | | | | | | | | | | | | | | | | | | within handshake-window seconds. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7066 e7ae566f-a301-0410-adde-c780ea21d3b5
| * | Extended "client-kill" management interface command (server-side)James Yonan2011-04-267-19/+53
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | to accept an optional message string. The message string format is: RESTART|HALT,<human-readable-message> RESTART will tell the client to restart (i.e. SIGUSR1). HALT will tell the client to exit (i.e. SIGTERM). On the client, human-readable-message will be communicated via management interface: >NOTIFY,<severity>,<type>,<human-readable-message>" Version 2.1.3m git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7063 e7ae566f-a301-0410-adde-c780ea21d3b5
| * | Fixed bug introduced in r7031 that might cause this error message:James Yonan2011-04-261-6/+16
| | | | | | | | | | | | | | | | | | | | | PORT SHARE: sendmsg failed (unable to communicate with background process) git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7062 e7ae566f-a301-0410-adde-c780ea21d3b5
| * | Fixed issue where a client might receive multiple push replies fromJames Yonan2011-04-263-2/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | a server if it sent multiple push requests due to the server being slow to respond. This could cause the client to process pushed options twice, leading to duplicate pushed routes, among other issues. The fix, implemented server-side, is to reply only once to a push request even if multiple requests are received. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7060 e7ae566f-a301-0410-adde-c780ea21d3b5
| * | env_filter_match now includes the serial number of all certsJames Yonan2011-04-261-1/+1
| | | | | | | | | | | | | | | | | | | | | in chain (as tls_serial_n vars), rather than only tls_serial_0. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7055 e7ae566f-a301-0410-adde-c780ea21d3b5
| * | Reduce log verbosity at level 3, with a focus on removing excessive log ↵James Yonan2011-04-256-27/+33
| | | | | | | | | | | | | | | | | | | | | | | | verbosity generated by port-share activity. Version 2.1.3k git-svn-id: http://svn.openvpn.net/projects/branches/BETA21@7033 e7ae566f-a301-0410-adde-c780ea21d3b5
| * | Added optional journal directory argument to "port-share" directive, for ↵James Yonan2011-04-258-33/+131
| | | | | | | | | | | | | | | | | | reporting client IP origins of proxied connections. git-svn-id: http://svn.openvpn.net/projects/branches/BETA21@7031 e7ae566f-a301-0410-adde-c780ea21d3b5
| * | Added --enable-lzo-stub configure option to build an OpenVPN client without ↵James Yonan2011-04-257-14/+85
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | LZO, but that has limited interoperability with LZO-enabled servers. Modified "push-peer-info" option to push IV_LZO_STUB=1 to server when client was built with --enable-lzo-stub configure option. This tells the server that the client lacks LZO capabilities, so the server should turn off LZO compression for this client via "lzo no". Added "setenv PUSH_PEER_INFO" option having the same effect as "push-peer-info". Version 2.1.3j git-svn-id: http://svn.openvpn.net/projects/branches/BETA21@7023 e7ae566f-a301-0410-adde-c780ea21d3b5
| * | Added "client-nat" option for stateless, one-to-oneJames Yonan2011-02-1815-17/+490
| | | | | | | | | | | | | | | | | | | | | | | | | | | NAT on the client side. Version 2.1.3i. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6944 e7ae566f-a301-0410-adde-c780ea21d3b5
| * | Properly handle certificate serial numbers > 32 bits.James Yonan2011-02-142-4/+12
| | | | | | | | | | | | | | | | | | | | | Version 2.1.3h git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6931 e7ae566f-a301-0410-adde-c780ea21d3b5
| * | Fixes to r6925.James Yonan2011-02-141-3/+3
| | | | | | | | | | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6927 e7ae566f-a301-0410-adde-c780ea21d3b5
| * | Implemented get_default_gateway_mac_addr for Mac OS X (previously,James Yonan2011-02-143-59/+125
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | was only defined for Windows and Linux). This enables OS X to report the MAC address of the default gateway to the server for ID purposes when client-side --push-peer-info option is specified. Also, minor fix to OS X get_default_gateway function: * include net/route.h directly rather than selectively paste stuff from it into route.c git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6925 e7ae566f-a301-0410-adde-c780ea21d3b5
| * | Fixed minor compile issue triggered on builds whereJames Yonan2011-01-181-1/+1
| | | | | | | | | | | | | | | | | | | | | MANAGEMENT_DEF_AUTH is not enabled. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6830 e7ae566f-a301-0410-adde-c780ea21d3b5
| * | * added --management-up-down option to allow management interfaceJames Yonan2011-01-106-21/+55
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | to be notified of tunnel up/down events. * pulled --ip-win32 options will be suppressed on the client if --route-nopull option is specified. Version 2.1.3f git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6813 e7ae566f-a301-0410-adde-c780ea21d3b5
| * | Added --x509-track option.James Yonan2011-01-0510-4/+186
| | | | | | | | | | | | | | | | | | | | | Version 2.1.3e git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6780 e7ae566f-a301-0410-adde-c780ea21d3b5
| * | Misc fixes to r6708.James Yonan2010-12-138-51/+72
| | | | | | | | | | | | | | | | | | | | | | | | Fixed issue where "signal SIGTERM" entered from the management interface might get subsequently downgraded to a SIGUSR1. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6716 e7ae566f-a301-0410-adde-c780ea21d3b5
| * | Minor addition of logging info before and afterJames Yonan2010-12-102-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | execution of Windows net commands. Version 2.1.3d git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6712 e7ae566f-a301-0410-adde-c780ea21d3b5
| * | Added "management-external-key" option. This option can be usedJames Yonan2010-12-0910-59/+433
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | instead of "key" in client mode, and allows the client to run without the need to load the actual private key. When the SSL protocol needs to perform an RSA sign operation, the data to be signed will be sent to the management interface via a notification as follows: >RSA_SIGN:[BASE64_DATA] The management interface client should then sign BASE64_DATA using the private key and return the signature as follows: rsa-sig [BASE64_SIG_LINE] . . . END This capability is intended to allow the use of arbitrary cryptographic service providers with OpenVPN via the management interface. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6708 e7ae566f-a301-0410-adde-c780ea21d3b5
* | | Merge branch 'feat_ipv6_payload'David Sommerseth2011-04-2527-134/+2622
|\ \ \ | | |/ | |/| | | | | | | | | | | | | | | | | | | Conflicts: options.c - feat_ipv6_payload and feat_ip6_transport both updates this file with presence information Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
| * | rebased to 2.2RC2 (beta 2.2 branch)Gert Doering2011-04-245-47/+95
| | | | | | | | | | | | | | | | | | | | | | | | | | | removed mutex locking stuff (no more threading in 2.2) fixed rebase/merge artifacts in mroute.c add current ChangeLog.IPv6 and TODO.IPv6 to commit tag as ipv6-20110424-2 Signed-off-by: Gert Doering <gert@greenie.muc.de>
| * | Implement "ipv6 ifconfig" for TAP interfaces on SolarisGert Doering2011-04-241-2/+40
| | | | | | | | | | | | | | | | | | | | | Solaris close_tun(): add explicit "unplumb'ing" of IPv6 tun/tap interfaces, otherwise they would linger around after OpenVPN exits. Signed-off-by: Gert Doering <gert@greenie.muc.de>
| * | bump IPv6 version number (openvpn --version) to 20100922-1Gert Doering2011-04-242-1/+11
| | | | | | | | | | | | | | | | | | document Linux tun fixes and test results in ChangeLog.IPv6 Signed-off-by: Gert Doering <gert@greenie.muc.de>
| * | bugfix for linux/iproute2: IPv6 ifconfig code block was not called forGert Doering2011-04-241-14/+15
| | | | | | | | | | | | | | | | | | | | | "dev tun"+"topology subnet" - moved code out of "if (tun)" block, works. add more debug information to help diagnose cases where IPv6 isn't working Signed-off-by: Gert Doering <gert@greenie.muc.de>
| * | correct URL for "more information about IPv6 patch is *here*"Gert Doering2011-04-241-1/+1
| | | | | | | | | | | | Signed-off-by: Gert Doering <gert@greenie.muc.de>
| * | 2.2-beta3 has a signed TAP driver with the IPv6 code, but it's notGert Doering2011-04-242-2/+7
| | | | | | | | | | | | | | | | | | | | | version 9.7 as anticipated (that's 2.1.3) but 9.8 - change test to require 9.8, and change message to point to 2.2-beta3 and up. Signed-off-by: Gert Doering <gert@greenie.muc.de>
| * | renamed t_client.sh to t_client.sh.inGert Doering2011-04-241-298/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | build t_client.sh by configure at run-time, with proper paths to ip/ifconfig/netstat binaries, and (most important) with proper #!SHELL extend configure.ac to find "netstat" binary and to chmod +x "t_client.sh" Signed-off-by: Gert Doering <gert@greenie.muc.de>
| * | full "VPN client connect" test framework for OpenVPNGert Doering2011-04-241-0/+298
| | | | | | | | | | | | | | | | | | | | | run from "make check" if "t_client.rc" is found in workdir or srcdir (copy t_client.rc-sample, fill in specifics for your test server) Signed-off-by: Gert Doering <gert@greenie.muc.de>
| * | implement IPv6 ifconfig + route setup/deletion on OpenBSDGert Doering2011-04-243-11/+71
| | | | | | | | | | | | | | | | | | | | | destroy tunX interface on tun_close() tested on OpenBSD 4.7 Signed-off-by: Gert Doering <gert@greenie.muc.de>
| * | revert unconditionally-enabling of setenv_es() logging (too noisy)Gert Doering2011-04-241-1/+3
| | | | | | | | | | | | replace with #ifdef DEBUG_VERBOSE_SETENV compile-time flag
| * | tag and release as 20100307-1Gert Doering2011-04-243-2/+37
| | |
| * | WIN32: if IPv6 requested in TUN mode, and TUN/TAP driver version is olderGert Doering2011-04-241-0/+10
| | | | | | | | | | | | than 9.7, log warning and disable IPv6 (won't work anyway).
| * | when deleting a route on win32, also add gateway addressGert Doering2011-04-241-0/+11
| | | | | | | | | | | | (otherwise netsh.exe will succeed, but silently ignore request)
| * | Win32: set next-hop for IPv6 routes according to TUN/TAP mode - in TUN mode,Gert Doering2011-04-241-1/+11
| | | | | | | | | | | | use special next-hop address (fe80::8) that tapdrv will handle ND for
| * | document recent changes and open TODOs, adapt --version info, tag releaseGert Doering2011-04-243-1/+57
| | |
| * | drop "book ipv6" from open_tun() and tuncfg() prototypesGert Doering2011-04-241-2/+2
| | |
| * | - Win32 IPv6 ifconfig support, using "netsh" callsGert Doering2011-04-242-75/+157
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - initialize tuntap->ipv6 in init.c::do_init_tun(), to make sure it's setup "early enough", no matter what ifconfig_order() wants - change call convention for open_tun(): drop "ipv6" flag, because it's incompatible with windows/openbsd calling sequence (ifconfig first, open_tun later) - also affects open_tun_generic() and tuncfg(). - drop ipv6_support() helper function - has no useful purpose anymore - introduce add_route_connected_v6_net() helper for Win32, Darwin, Netbsd (cleanup code) - fix NetBSD tunnel setup - destroy/recreate before ifconfig'ing, to make sure no leftover configuration lingers on tunnel from previous call (NetBSD tunnels are always persistent unless explicitely destroyed) - DARWIN (MacOS X) gets its own #ifdef section for open_tun()/close_tun() now, because close_tun() needs to cleanup IPv6 ifconfig
| * | add IPv6 route add / route delete code for windows (using "netsh")Gert Doering2011-04-241-2/+36
| | | | | | | | | | | | | | | - somewhat preliminary, as the next-hop setting requirements of tun/tap driver are not decided yet, and "route add" might need to be adapted
| * | env_block(): if PATH is not set, add standard PATH setting to env so thatGert Doering2011-04-241-0/+16
| | | | | | | | | | | | "netsh.exe" can find "framedyn.dll" (needs work)
| * | * make ipv6_payload compile under windowzeJuanJo Ciarlante2011-04-243-0/+61
| | | | | | | | | | | | | | | | | | | | | - create inet_ntop() and inet_pton() wrap-implementations using WSAAddressToString() and WSAStringToAddress() functions - add relevant win32-only headers to syshead.h NOTE: syshead.h changes are already included in ipv6_transport
| * | add some TODOs to TODO.IPv6Gert Doering2011-04-241-6/+6
| | | | | | | | | | | | | | | --version: change printing of IPv6 payload patch version to [...] style fix "make check" regression in tun.c (unnecessary change reverted)
| * | NetBSD fixes - on 4.0 and up, use multi-af mode. On earlier systems thatGert Doering2011-04-241-43/+0
| | | | | | | | | | | | | | | | | | do not have TUNSIFHEAD (and do not have IPv6 capable tunnels), fall back to old IPv4-only code without address-family prepending. (cherry picked from commit 2a57c58b185deb11b0a62c584489fff59258146c)
| * | remove NOTES file from commit - private scribblingGert Doering2011-04-241-180/+0
| | | | | | | | | | | | (cherry picked from commit 5df8fe6b0eb3c0f351f322b4690e4d9388980aba)
| * | Enable IPv6 Payload in OpenVPN p2mp tun server mode. 20100104-1 release.Gert Doering2011-04-244-6/+269
| | | | | | | | | | | | (cherry picked from commit ec9dce6387afd198881493bfebf13bb121e8a56b)
| * | basic documentation of IPv6 related options and their syntaxGert Doering2011-04-241-0/+53
| | |
generated by cgit (git 2.34.1) at 2025-09-30 11:57:57 +0000