summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Version 2.1_rc14v2.1_rc14james2008-11-172-8/+8
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3496 e7ae566f-a301-0410-adde-c780ea21d3b5
* * Added additional method parameter to --script-security to preservejames2008-11-1714-105/+383
| | | | | | | | | | backward compatibility with system() call semantics used in OpenVPN 2.1_rc8 and earlier. To preserve backward compatibility use: script-security 3 system git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3495 e7ae566f-a301-0410-adde-c780ea21d3b5
* Interim release.james2008-11-162-1/+87
| | | | | | | Version 2.1_rc13b git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3494 e7ae566f-a301-0410-adde-c780ea21d3b5
* Minor fix to previous commit (r3476).james2008-11-051-3/+3
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3477 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added config file option "setenv FORWARD_COMPATIBLE 1" to relaxjames2008-11-043-3/+33
| | | | | | | | config file syntax checking to allow directives for future OpenVPN versions to be ignored. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3476 e7ae566f-a301-0410-adde-c780ea21d3b5
* Fixed revoke-full to deal with issue arising from additionjames2008-11-031-1/+2
| | | | | | | of KEY_NAME environmental variable parameter to openssl.cnf git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3472 e7ae566f-a301-0410-adde-c780ea21d3b5
* Fixed some ifconfig-pool issues that precludedjames2008-11-033-10/+12
| | | | | | | | | | | | | | | it from being combined with --server directive. Now, for example, we can configure thusly: server 10.8.0.0 255.255.255.0 nopool ifconfig-pool 10.8.0.2 10.8.0.99 255.255.255.0 to have ifconfig-pool manage only a subset of the VPN subnet. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3471 e7ae566f-a301-0410-adde-c780ea21d3b5
* Updated docs to reflect the addition ofjames2008-10-313-3/+4
| | | | | | | --status-version 3. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3468 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added --no-name-remapping option to allow Common Name, X509 Subject,james2008-10-314-3/+42
| | | | | | | | | and username strings to include any printable character including space, but excluding control characters such as tab, newline, and carriage-return. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3467 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added --status-version 3 which is the same as version 2james2008-10-312-25/+28
| | | | | | | except tabs are used as delimiters instead of commas. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3466 e7ae566f-a301-0410-adde-c780ea21d3b5
* Modified pkitool to allow flexibility in separatingjames2008-10-281-14/+20
| | | | | | | | | | | | | | | the Common Name convention from the cert/key filename convention. For example: KEY_CN="James's Laptop" KEY_NAME="james" ./pkitool james will crete a client certificate/key pair of james.crt/james.key having a Common Name of "James's Laptop" and a Name of "james". git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3463 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added man page entry for new environmental variable setjames2008-10-281-0/+37
| | | | | | | X509_{n}_{subject_field}. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3462 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added server-side --auth-user-pass-optional directive, to allowjames2008-10-286-21/+57
| | | | | | | | | connections by clients that do not specify a username/password, when a user-defined authentication script/module is in place (via --auth-user-pass-verify, --management-client-auth, or a plugin module). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3461 e7ae566f-a301-0410-adde-c780ea21d3b5
* Change to pkitool/openssl.cnf so that calling scripts canjames2008-10-282-1/+16
| | | | | | | | set the KEY_NAME environmental variable to set the "name" X509 subject field in generated certificates. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3460 e7ae566f-a301-0410-adde-c780ea21d3b5
* Save X509 Subject fields to environment, using the naming convention:james2008-10-281-0/+54
| | | | | | | X509_{cert_depth}_{name}={value} git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3459 e7ae566f-a301-0410-adde-c780ea21d3b5
* Fixed informational message in ssl.c to properly indicatejames2008-10-271-1/+5
| | | | | | | deferred authentication. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3457 e7ae566f-a301-0410-adde-c780ea21d3b5
* Extended Management Interface "bytecount" commandjames2008-10-245-29/+153
| | | | | | | | | | to work when OpenVPN is running as a server. Documented Management Interface "bytecount" command in management/management-notes.txt. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3452 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added optional files SAMPCONF_CONF2 (second sample configurationjames2008-10-242-0/+14
| | | | | | | | file) and SAMPCONF_DH (Diffie-Helman parameters) to Windows build system, and may be defined in settings.in. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3450 e7ae566f-a301-0410-adde-c780ea21d3b5
* Modified Windows domake-win build system to write all openvpn.nsijames2008-10-175-49/+94
| | | | | | | | | | | | input files to gen, so that gen can be disconnected from the rest of the source tree and makensis openvpn.nsi will still function correctly. Added additional SAMPCONF_(CA|CRT|KEY) macros to settings.in (commented out by default). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3439 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added additional warning messages about --script-security 2james2008-10-154-3/+10
| | | | | | | | or higher being required to execute user-defined scripts or executables. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3436 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added AC_GNU_SOURCE to configure.ac to enable struct ucred,james2008-10-143-59/+324
| | | | | | | | with the goal of fixing a build issue on Fedora 9 that was introduced in 2.1_rc13. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3434 e7ae566f-a301-0410-adde-c780ea21d3b5
* Version 2.1_rc13v2.1_rc13james2008-10-0810-30/+43
| | | | | | | Minor fixes to Windows build scripts. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3417 e7ae566f-a301-0410-adde-c780ea21d3b5
* Copyright notice changed to reflect change in name ofjames2008-10-06157-198/+194
| | | | | | | Telethra to OpenVPN Technologies. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3409 e7ae566f-a301-0410-adde-c780ea21d3b5
* Management interface can now listen on a unixjames2008-09-3016-45/+693
| | | | | | | | | | | | | domain socket, for example: management /tmp/openvpn unix Also added management-client-user and management-client-group directives to control which processes are allowed to connect to the socket. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3396 e7ae566f-a301-0410-adde-c780ea21d3b5
* Version 2.1_rc12v2.1_rc12james2008-09-232-1/+10
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3349 e7ae566f-a301-0410-adde-c780ea21d3b5
* Fixed --lladdr bug introduced in 2.1-rc9 where input validation codejames2008-09-193-2/+42
| | | | | | | | was incorrectly expecting the lladdr parameter to be an IP address when it is actually a MAC address (HoverHell). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3339 e7ae566f-a301-0410-adde-c780ea21d3b5
* Patched Makefile.am so that the new t_cltsrv-down.sh script becomesjames2008-09-152-2/+3
| | | | | | | part of the tarball (Matthias Andree). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3332 e7ae566f-a301-0410-adde-c780ea21d3b5
* Version 2.1_rc11v2.1_rc11james2008-09-154-10/+38
| | | | | | | | Fixed a bug that can cause SSL/TLS negotiations in UDP mode to fail if UDP packets are dropped. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3330 e7ae566f-a301-0410-adde-c780ea21d3b5
* Version 2.1_rc10v2.1_rc10james2008-09-102-1/+94
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3323 e7ae566f-a301-0410-adde-c780ea21d3b5
* Version 2.1_rc9bjames2008-09-081-1/+1
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3318 e7ae566f-a301-0410-adde-c780ea21d3b5
* Fixed bug in intra-session TLS key rollover that was introduced withjames2008-09-083-18/+68
| | | | | | | deferred authentication features in 2.1_rc8. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3316 e7ae566f-a301-0410-adde-c780ea21d3b5
* Modified ip_or_dns_addr_safe, which validates pulled DNS names,james2008-09-062-4/+16
| | | | | | | | | | | | to more closely conform to RFC 3696: * DNS name length must not exceed 255 characters * DNS name characters must be limited to alphanumeric, dash ('-'), and dot ('.') git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3312 e7ae566f-a301-0410-adde-c780ea21d3b5
* 2.1_rc8 and earlier did implicit shell expansion on scriptjames2008-09-069-363/+350
| | | | | | | | | | | | | | | | | | | | | | | | arguments since all scripts were called by system(). The security hardening changes made to 2.1_rc9 no longer use system(), but rather use the safer execve or CreateProcess system calls. The security hardening also introduced a backward incompatibility with 2.1_rc8 and earlier in that script parameters were no longer shell-expanded, so for example: client-connect "docc CLIENT-CONNECT" would fail to work because execve would try to execute a script called "docc CLIENT-CONNECT" instead of "docc" with "CLIENT-CONNECT" as the first argument. This patch fixes the issue, bringing the script argument semantics back to pre 2.1_rc9 behavior in order to preserve backward compatibility while still using execve or CreateProcess to execute the script/executable. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3311 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added --allow-pull-fqdn option which allows client to pull DNS namesjames2008-09-045-12/+45
| | | | | | | | | | | from server (rather than only IP address) for --ifconfig, --route, and --route-gateway. OpenVPN versions 2.1_rc7 and earlier allowed DNS names for these options to be pulled and translated to IP addresses by default. Now --allow-pull-fqdn will be explicitly required on the client to enable DNS-name-to-IP-address translation of pulled options. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3307 e7ae566f-a301-0410-adde-c780ea21d3b5
* Fixed minor compile issue in ntlm.c (mid-block declaration).james2008-08-111-2/+4
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3222 e7ae566f-a301-0410-adde-c780ea21d3b5
* LZO compression buffer overflow errors will now invalidatejames2008-08-111-1/+7
| | | | | | | the packet rather than trigger a fatal assertion. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3221 e7ae566f-a301-0410-adde-c780ea21d3b5
* Workaround bug in OpenSSL 0.9.6b ASN1_STRING_to_UTF8, whichjames2008-08-102-5/+2
| | | | | | | the new implementation of extract_x509_field_ssl depends on. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3220 e7ae566f-a301-0410-adde-c780ea21d3b5
* Fixed build issue with ./configure --disable-socks --disable-http.james2008-08-103-4/+4
| | | | | | | | | | Fixed separate compile errors in options.c and ntlm.c that occur on strict C compilers (such as old versions of gcc) that require that C variable declarations occur at the start of a {} block, not in the middle. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3219 e7ae566f-a301-0410-adde-c780ea21d3b5
* Tagged security fix in 2.1-rc9 as CVE-2008-3459.james2008-08-101-0/+1
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3218 e7ae566f-a301-0410-adde-c780ea21d3b5
* Updated openvpn/t_cltsrv.sh (used by "make check") to conform to newjames2008-08-102-14/+44
| | | | | | | | --script-security rules. Also adds retrying if the addresses are in use (Matthias Andree). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3217 e7ae566f-a301-0410-adde-c780ea21d3b5
* Reverted r3181, accomplish the same thing via a special casejames2008-08-053-21/+16
| | | | | | | | | | for Windows stdcall functions in configure.ac (Alon Bar-Lev). Minor fix to cryptoapi.c to not compile itself unless USE_CRYPTO and USE_SSL flags are enabled (Alon Bar-Lev). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3183 e7ae566f-a301-0410-adde-c780ea21d3b5
* Workaround for MinGW autoconf issue where HAVE_SETSOCKOPT,james2008-08-051-0/+12
| | | | | | | | HAVE_GETSOCKOPT, and HAVE_POLL are undefined even though the underlying functions are present. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3181 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added additional warnings to flag common gotchas:james2008-08-055-27/+133
| | | | | | | | | | | | | | | | | | | | | | * Warn when ethernet bridging that the IP address of the bridge adapter is probably not the same address that the LAN adapter was set to previously. * When running as a server, warn if the LAN network address is the all-popular 192.168.[0|1].x, since this condition commonly leads to subnet conflicts down the road. * Primarily on the client, check for subnet conflicts between the local LAN and the VPN subnet. Added a 'netmask' parameter to get_default_gateway, to return the netmask of the adapter containing the default gateway. Only implemented on Windows so far. Other platforms will return 255.255.255.0. Currently the netmask information is only used to warn about subnet conflicts. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3179 e7ae566f-a301-0410-adde-c780ea21d3b5
* Fixed minor issue with --redirect-gateway bypass-dhcp or bypass-dnsjames2008-08-041-1/+1
| | | | | | | | on Windows. If the bypass IP address is 0.0.0.0 or 255.255.255.255, ignore it. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3177 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added "--server-bridge" (without parameters) to enablejames2008-08-0214-34/+427
| | | | | | | | | | | | | | | | | | | DHCP proxy mode: Configure server mode for ethernet bridging using a DHCP-proxy, where clients talk to the OpenVPN server-side DHCP server to receive their IP address allocation and DNS server addresses. Added "--route-gateway dhcp", to enable the extraction of the gateway address from a DHCP negotiation with the OpenVPN server-side LAN. Modified client.conf and server.conf to reflect new option modes. Incremented version to 2.1_rc9a. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3164 e7ae566f-a301-0410-adde-c780ea21d3b5
* Version 2.1_rc9v2.1_rc9james2008-08-011-2/+2
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3155 e7ae566f-a301-0410-adde-c780ea21d3b5
* In Windows build, package a statically linked openssl.exe to work aroundjames2008-07-314-13/+6
| | | | | | | | observed instabilities in the dynamic build since the migration to OpenSSL 0.9.8h. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3149 e7ae566f-a301-0410-adde-c780ea21d3b5
* Updated ChangeLog and version number.james2008-07-312-1/+22
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3147 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added additional warnings for:james2008-07-271-0/+7
| | | | | | | | | | | * --tls-remote -- some people misunderstand the semantics * --script-security -- warn if script-security will allow user-defined scripts to be called, and also warn separately if passwords may be passed to scripts via the environment git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3129 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added additional defensive programming to buffer.[ch] functions.james2008-07-272-26/+118
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3128 e7ae566f-a301-0410-adde-c780ea21d3b5
generated by cgit (git 2.34.1) at 2024-06-10 16:50:52 +0000