summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Attempt to fix issue where domake-win build system was not properlyv2.1.3James Yonan2010-08-2011-203/+191
| | | | | | | | | | | | | signing drivers and .exe files. Added win/tap_span.py for building multiple versions of the TAP driver and tapinstall binaries using different DDK versions to span from Win2K to Win7 and beyond. Version 2.1.3 git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6404 e7ae566f-a301-0410-adde-c780ea21d3b5
* Windows security issue:v2.1.2James Yonan2010-08-154-3/+116
| | | | | | | | | | | | | | | | | | | Fixed potential local privilege escalation vulnerability in Windows service. The Windows service did not properly quote the executable filename passed to CreateService. A local attacker with write access to the root directory C:\ could create an executable that would be run with the same privilege level as the OpenVPN Windows service. However, since non-Administrative users normally lack write permission on C:\, this vulnerability is generally not exploitable except on older versions of Windows (such as Win2K) where the default permissions on C:\ would allow any user to create files there. Credit: Scott Laurie, MWR InfoSecurity Version 2.1.2 git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6400 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added warning about tls-remote in man page.James Yonan2010-08-101-0/+7
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6384 e7ae566f-a301-0410-adde-c780ea21d3b5
* Distribute win directory (Python/MSVC-based build system)James Yonan2010-08-091-1/+2
| | | | | | | in "make dist" tarball. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6382 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added "net stop dnscache" and "net start dnscache" in frontJames Yonan2010-07-276-8/+34
| | | | | | | of existing --register-dns commands. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6352 e7ae566f-a301-0410-adde-c780ea21d3b5
* Fixed an issue where application payload transmissions on theJames Yonan2010-07-276-12/+54
| | | | | | | | | | TLS control channel (such as AUTH_FAILED) that occur during or immediately after a TLS renegotiation might be dropped. Version 2.1.1n git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6350 e7ae566f-a301-0410-adde-c780ea21d3b5
* Fixed typo: missing comment close.James Yonan2010-07-261-1/+1
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6347 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added win/build_exe.py script, which is similar toJames Yonan2010-07-162-21/+38
| | | | | | | | win/build_all.py except that it doesn't build the TAP drivers or tapinstall. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6306 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added --register-dns option for Windows.James Yonan2010-07-169-11/+79
| | | | | | | | | | Fixed some issues on Windows with --log, subprocess creation for command execution, and stdout/stderr redirection. Version 2.1.1m. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6304 e7ae566f-a301-0410-adde-c780ea21d3b5
* Implemented multi-address DNS expansion on the network field of routeJames Yonan2010-07-124-16/+85
| | | | | | | | | | | | commands. When only a single IP address is desired from a multi-address DNS expansion, use the first address rather than a random selection. Version 2.1.1l git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6291 e7ae566f-a301-0410-adde-c780ea21d3b5
* Version 2.1.1kJames Yonan2010-07-101-1/+1
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6285 e7ae566f-a301-0410-adde-c780ea21d3b5
* Fixed bug in proxy fallback capability where openvpn.exe couldJames Yonan2010-07-102-18/+22
| | | | | | | | core dump if http-proxy-fallback-disable command was issued in response to ">PROXY:NEED_NOW management" interface notification. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6284 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added support for MSVC debugging of openvpn.exe in settings.in:James Yonan2010-07-103-7/+16
| | | | | | | | # Build debugging version of openvpn.exe !define PRODUCT_OPENVPN_DEBUG git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6283 e7ae566f-a301-0410-adde-c780ea21d3b5
* Fixed issue where bad creds provided by the management interfaceJames Yonan2010-06-102-3/+6
| | | | | | | | | for HTTP Proxy Basic Authentication would go into an infinite retry-fail loop instead of requerying the management interface for new creds. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5701 e7ae566f-a301-0410-adde-c780ea21d3b5
* Implemented a key/value auth channel from client to server.James Yonan2010-06-0114-9/+248
| | | | | | | Version 2.1.1i git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5668 e7ae566f-a301-0410-adde-c780ea21d3b5
* Implemented http-proxy-override and http-proxy-fallback directives to make itJames Yonan2010-05-2414-72/+565
| | | | | | | | | easier for OpenVPN client UIs to start a pre-existing client config file with proxy options, or to adaptively fall back to a proxy connection if a direct connection fails. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5652 e7ae566f-a301-0410-adde-c780ea21d3b5
* Minor fixes to recent HTTP proxy changes:James Yonan2010-05-113-5/+5
| | | | | | | | | | * use strcasecmp instead of stricmp * define HASH and HASHHEX as unsigned char to avoid compiler warnings git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5629 e7ae566f-a301-0410-adde-c780ea21d3b5
* Proxy improvements:James Yonan2010-05-1110-101/+676
| | | | | | | | | | | | | | Improved the ability of http-auth "auto" flag to dynamically detect the auth method required by the proxy. Added http-auth "auto-nct" flag to reject weak proxy auth methods. Added HTTP proxy digest authentication method. Removed extraneous openvpn_sleep calls from proxy.c. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5628 e7ae566f-a301-0410-adde-c780ea21d3b5
* Fixed issue on Windows with MSVC compiler, where TCP_NODELAY supportJames Yonan2010-05-091-1/+1
| | | | | | | was not being compiled in. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5620 e7ae566f-a301-0410-adde-c780ea21d3b5
* Updated copyright date to 2010.James Yonan2010-04-28157-160/+160
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5599 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added Python-based build system for Windows inJames Yonan2010-04-2224-26/+609
| | | | | | | | | | | | | win directory. Fixed minor issue in TAP driver DEBUG builds where non-null-terminated unicode strings were being printed incorrectly. Version 2.1.1g git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5577 e7ae566f-a301-0410-adde-c780ea21d3b5
* Minor change to doclean script:James Yonan2010-04-171-1/+0
| | | | | | | | Don't delete config-win32.h, because this is now a true source file and no longer a generated file. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5558 e7ae566f-a301-0410-adde-c780ea21d3b5
* Management interface performance optimizations:James Yonan2010-04-166-12/+161
| | | | | | | | | | | | | * Added env-filter MI command to perform filtering on env vars passed through as a part of --management-client-auth * man_write will now try to aggregate output into larger blocks (up to 1024 bytes) for more efficient i/o Version 2.1.1f git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5557 e7ae566f-a301-0410-adde-c780ea21d3b5
* Updated MSVC build scripts to Visual Studio 2008:James Yonan2010-03-3117-530/+491
| | | | | | | | | | python msvc\config.py nmake /f msvc\msvc.mak Version 2.1.1e git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5516 e7ae566f-a301-0410-adde-c780ea21d3b5
* Set socket buffers (SO_SNDBUF and SO_RCVBUF) immediately afterJames Yonan2010-03-302-4/+5
| | | | | | | | | socket is created rather than waiting until after connect/listen. Version 2.1.1d git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5514 e7ae566f-a301-0410-adde-c780ea21d3b5
* Version 2.1.1cJames Yonan2010-03-172-2/+2
| | | | | | | | Enable exponential backoff in reliability layer retransmits. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5490 e7ae566f-a301-0410-adde-c780ea21d3b5
* Modified ">PASSWORD:Verification Failed" management interfaceJames Yonan2010-03-124-6/+9
| | | | | | | | | notification to include a client reason string: >PASSWORD:Verification Failed: 'AUTH_TYPE' ['REASON_STRING'] git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5468 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added stub directive "remote-ip-hint".James Yonan2010-03-121-0/+5
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5467 e7ae566f-a301-0410-adde-c780ea21d3b5
* Trivial fix to proxy.c -- #define proxy auth type as UP_TYPE_PROXY.James Yonan2010-03-121-1/+3
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5466 e7ae566f-a301-0410-adde-c780ea21d3b5
* Fixed an issue where if reneg-sec was set to 0 on the client,James Yonan2010-03-061-2/+5
| | | | | | | | | | | so that the server-side value would take precedence, the auth_deferred_expire_window function would incorrectly return a window period of 0 seconds. In this case, the correct window period should be the handshake window period. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5464 e7ae566f-a301-0410-adde-c780ea21d3b5
* Fixed an issue in the Management Interface that could causeJames Yonan2010-02-261-6/+15
| | | | | | | | | a process hang with 100% CPU utilization in --management-client mode if the management interface client disconnected at the point where credentials are queried. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5458 e7ae566f-a301-0410-adde-c780ea21d3b5
* Version 2.1.1bjames2010-01-161-1/+1
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5371 e7ae566f-a301-0410-adde-c780ea21d3b5
* Don't advance the connection list on AUTH_FAILED errors.james2010-01-161-0/+1
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5370 e7ae566f-a301-0410-adde-c780ea21d3b5
* Fixed an issue where AUTH_FAILED was not being properly deliveredjames2010-01-162-13/+35
| | | | | | | to the client when a bad password is given for mid-session reauth. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5369 e7ae566f-a301-0410-adde-c780ea21d3b5
* When aborting in a non-graceful way, try to execute do_close_tun injames2010-01-123-1/+20
| | | | | | | | init.c prior to daemon exit to ensure that the tun/tap interface is closed and any added routes are deleted. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5367 e7ae566f-a301-0410-adde-c780ea21d3b5
* Fixed some breakage in openvpn.spec (which is required to build anv2.1.1james2009-12-113-2/+12
| | | | | | | | | | | RPM distribution) where it was referencing a non-existent subdirectory in the tarball, causing it to fail (patch from David Sommerseth). Version 2.1.1. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5269 e7ae566f-a301-0410-adde-c780ea21d3b5
* Version 2.1.0v2.1.0james2009-12-114-2/+19
| | | | | | | | | | * Updated ChangeLog. * Note in man page that clients connecting to a --multihome server should always use the --nobind option. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5266 e7ae566f-a301-0410-adde-c780ea21d3b5
* Clarified that TAP-Win32 driver is licensed under GPL 2.james2009-12-1119-94/+19
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5265 e7ae566f-a301-0410-adde-c780ea21d3b5
* Documented --multihome in the man page.james2009-12-111-0/+9
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5264 e7ae566f-a301-0410-adde-c780ea21d3b5
* Fixed a couple issues in sample plugins auth-pam.c and down-root.c:james2009-12-102-2/+6
| | | | | | | | | | | | | 1. Fail gracefully rather than segfault if calloc returns NULL. 2. The openvpn_plugin_abort_v1 function can potentially be called with handle == NULL. Add code to detect this case, and if so, avoid dereferencing pointers derived from handle. (Thanks to David Sommerseth for finding this bug). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5261 e7ae566f-a301-0410-adde-c780ea21d3b5
* Version 2.1_rc22v2.1_rc22james2009-11-202-1/+13
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5169 e7ae566f-a301-0410-adde-c780ea21d3b5
* Fixed a client-side bug that occurred when the "dhcp-pre-release"james2009-11-197-33/+141
| | | | | | | | | | | | | | | | or "dhcp-renew" options were combined with "route-gateway dhcp". The problem is that the IP Helper functions for DHCP release and renew are blocking, and so calling them from a single-threaded client stops tunnel traffic forwarding, and hence breaks "route-gateway dhcp" which requires an active tunnel. The fix is to call the IP Helper functions for DHCP release and renew from another process. Version 2.1_rc21b. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5164 e7ae566f-a301-0410-adde-c780ea21d3b5
* Increase MAX_CERT_DEPTH to 16 (from 8), and when exceeded,james2009-11-133-3/+6
| | | | | | | make it a hard failure, rather than just a warning. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5159 e7ae566f-a301-0410-adde-c780ea21d3b5
* Version 2.1_rc21v2.1_rc21james2009-11-123-2/+18
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5152 e7ae566f-a301-0410-adde-c780ea21d3b5
* Version 2.1_rc20ajames2009-10-251-1/+1
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5106 e7ae566f-a301-0410-adde-c780ea21d3b5
* On server, lock client-provided certs against mid-session TLSjames2009-10-253-5/+156
| | | | | | | | renegotiations -- this is similer to how the common name is also locked. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5105 e7ae566f-a301-0410-adde-c780ea21d3b5
* Change to doval valgrind script. The openvpn command parameter is nowjames2009-10-252-1/+14
| | | | | | | | | | | | | implied, so new usage is: ./doval [openvpn parms] instead of: ./doval ./openvpn [openvpn parms] git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5104 e7ae566f-a301-0410-adde-c780ea21d3b5
* On server, lock session username against changes in mid-session TLSjames2009-10-242-3/+31
| | | | | | | | renegotiations -- this is similer to how the common name is also locked. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5098 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added "setenv GENERIC_CONFIG" directive, for generic configsjames2009-10-161-0/+5
| | | | | | | | | that cannot directly be used as a config file. The directive will simply cause OpenVPN to exit with an error if a generic config file is used. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5077 e7ae566f-a301-0410-adde-c780ea21d3b5
* Fixed issue where some .svn directories were being inadvertentlyv2.1_rc20james2009-10-071-1/+1
| | | | | | | | | included in the .tar.gz file built by make dist. Re-released as Version 2.1_rc20 git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5058 e7ae566f-a301-0410-adde-c780ea21d3b5
generated by cgit (git 2.34.1) at 2024-05-03 19:29:43 +0000