| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
althought sorta hacky, see TODO.ipv6.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
was incorrectly creating a PF_INET socket
|
| |
|
|
|
| |
- tests now are pass (and fail) properly for ipv6/4 builds
* more GNU indenting
|
| |
|
|
| |
GNU indentation for my deltas
|
| |
|
|
| |
* tests Ok: {loopback,remote}{udp,tcp}{4,6}
|
| |
|
|
|
| |
next: merge ipv{4,6} signal logic into one inside resolve_remote()
* passes {loopback,remote}{udp,tcp}{4,6} tests
|
| |
|
|
|
| |
* passes {udp,tcp}x{v4,v6} loopback tests
* passes {udp,tcp}x{v6} remote tests
|
| |
|
|
| |
Signed-off-by: David Sommerseth <davids@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Added the ability to have "COMMONNAME" replaced with certificate common
name in pam conversation.
Signed-off-by: Joe Patterson <j.m.patterson@gmail.com>
Acked-By: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
A additional ';' had sneaked in commit 4c4b8cedfa98e8892a53. Lets
kick it out again.
Signed-off-by: Stefan Hellermann <stefan@the2masters.de>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Commit 2db5a0ac3e053857d97e468de53e70a605f54561 adds two arguments to
plugin_call(...), but missed the !ENABLE_PLUGIN case. With
!ENABLE_PLUGIN, plugin_call(...) is only a dummy, so add these two
parameters there too.
Signed-off-by: Stefan Hellermann <stefan@the2masters.de>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
After a review of the second round of the the v3 plug-in implementation, it
was decided to use a separate constant defining the version of the structs
used for argument and return value passing, instead of OPENVPN_PLUGIN_VERSION.
To not make it too complex, this patch uses a shared version constant for all
the v3 structures. It is not expected that these strucutures will change too
much and too often.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Acked-by: James Yonan <james@openvpn.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To build the plug-in, do ./build log_v3 in the plugin/examples directory.
This plug-in can be tested by running an OpenVPN server like this:
# ./openvpn --plugin plugin/examples/log_v3.so --dev tun \
--server 192.168.240.0 255.255.255.0 --ca sample-keys/ca.crt \
--cert sample-keys/server.crt --key sample-keys/server.key \
--dh sample-keys/dh1024.pem
The client can be started like this:
# ./openvpn --client --remote localhost --ca sample-keys/ca.crt \
--cert sample-keys/client.crt --key sample-keys/client.key \
--dev tun --nobind --auth-user-pass
This plug-in will only log arguments and environment variables it receives
during all the different plug-in phases OpenVPN currently supports. It will
also parse the X509 certificate information given during the TLS_VERIFY phase.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Acked-by: James Yonan <james@openvpn.net>
|
| |
|
|
|
|
|
|
|
| |
The certificates sent to the plug-in API will only happen during the
OPENVPN_PLUGIN_TLS_VERIFY phase and will contain a pointer to the OpenSSL
X509 certificate data.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Acked-by: James Yonan <james@openvpn.net>
|
| |
|
|
|
|
|
|
| |
Let OpenVPN call the openvpn_plugin_open_v3() and
openvpn_plugin_func_v3() plug-in functions if they exist in the plug-in.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Acked-by: James Yonan <james@openvpn.net>
|
| |
|
|
|
|
|
|
| |
This just implements the basic API changes needed for the newer and more
flexible plug-in API.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Acked-by: James Yonan <james@openvpn.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Normally OpenVPN is configured with --dev {tun,tap}, but it is also possible
to use --dev myvpn instead. In these situations, OpenVPN will request
--dev-type as well to be able to set up a tun or tap device properly.
The 'dev' environment variable will contain the value provided by --dev. In
those cases where the plug-in/script need to behave differently when using a tun
device versus using a tap device, there are no possibilities for it to know what
kind of device --dev myvpn would be.
This patch adds a 'dev_type' environment variable which contains a string of the
device type, either automatically discovered based on the --dev name, or set using
the --dev-type option.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Acked-by: James Yonan <james@openvpn.net>
|
| |
|
|
|
|
|
|
| |
Fixed issue where "signal SIGTERM" entered from the management
interface might get subsequently downgraded to a SIGUSR1.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6716 e7ae566f-a301-0410-adde-c780ea21d3b5
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
instead of "key" in client mode, and allows the client to run
without the need to load the actual private key. When the SSL
protocol needs to perform an RSA sign operation, the data to
be signed will be sent to the management interface via a
notification as follows:
>RSA_SIGN:[BASE64_DATA]
The management interface client should then sign BASE64_DATA
using the private key and return the signature as follows:
rsa-sig
[BASE64_SIG_LINE]
.
.
.
END
This capability is intended to allow the use of arbitrary
cryptographic service providers with OpenVPN via the
management interface.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6708 e7ae566f-a301-0410-adde-c780ea21d3b5
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Peter Korsgaard <jacmet@sunsite.dk> reported an issue [1] when compiling
with --disable-crypto activated. He suggested a patch, which only
partly solved the issue. SVN r6568 / commit 3cf9dd88fd84108 added a
new feature which further made it impossible to compile without crypto.
This patch fixes both issues, based on Peter Korsgaard's patch.
[1] <http://sourceforge.net/mailarchive/forum.php?thread_name=87fwx08bod.fsf%40macbook.be.48ers.dk&forum_name=openvpn-devel>
Signed-off-by: James Yonan <james@openvpn.net>
Acked-by: David Sommerseth <dazo@users.sourceforge.net>
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This allows using other X509 certificate fields for the certificate
authentication. To use altSubjectName, use
--x509-username-field ext:altSubjectName
This feature requires OpenVPN to be built with --enable-x509-alt-username
This patch is slightly modified, to honour --enable-x509-alt-username
compile time configuration. Two #ifdef's are added.
Signed-off-by: Markus Koetter <koetter@rrzn-hiwi.uni-hannover.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
|
| |
|
|
| |
Signed-off-by: David Sommerseth <davids@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It should be sufficient to just try to see if socklen_t is defined.
Next, on all platforms it would be int in all other platforms.
And, there is no need to check for the type in monolitic environment
like Windows, as it will be always the same.
Currently it fails cross compile windows in mingw-w64 compiler, as
winsock.h is as follows:
"""
/* define WINSOCK_API_LINKAGE and WSAAPI for less
* diff output between winsock.h and winsock2.h, but
* remember to undefine them at the end of file */
"""
And the macro uses these macros which are internal winsock macros and
should not be used anyway.
Also, when did the autodefs.h went mandatory? Why is it in
tap-win32/common.h while no constant is actually used?
The use of WSA_IO_INCOMPLETE without including winsock2.h is invalid!
Look at http://msdn.microsoft.com/en-us/library/aa921087.aspx
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
|
| |
|
|
|
|
| |
Signed-off-by: Samuli Seppänen <samuli@openvpn.net>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
|
| |
|
|
|
|
|
|
| |
It is not clear in the manual that this feature is disabled
by default.
Signed-off-by: David Sommerseth <davids@redhat.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
By giving the "t" flag to _fdopen() on Windows, the file will be
opened in a "translate mode", where it will take care of converting
\n to \r\n, and also look for the CTRL-Z mark when opening the log
file in append mode.
Reference:
<http://msdn.microsoft.com/en-us/library/dye30d82%28VS.80%29.aspx>
Thanks to Alon Bar-Lev for pointing out this solution.
Reported-by: Thomas Reifferscheid
Signed-off-by: David Sommerseth <davids@redhat.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
|
| |
|
|
|
|
|
|
|
| |
Removed reference to config-win32.h, which has been removed. Added
management-notes.txt to dist_doc_DATA.
Signed-off-by: Samuli Seppänen <samuli@openvpn.net>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
|
| |
|
|
|
|
| |
Signed-off-by: Samuli Seppänen <samuli@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The original config-win32.h - a static header file - has been superceded by both
"domake-win" script and the new Python-based buildsystem. Transformed it into a
template file, win/config.h.in, which obtains the most commonly used build
parameters from win/settings.in.
Added support code to win/config.py and win/wb.py to preprocess win/config.h.in
and copy it to config.h, from where source and header files can find it.
Removed all references to config-win32.h. Also removed obsolete
PACKAGE_BUGREPORT and USE_PTHREAD variables from the win/config.h.in file.
Signed-off-by: Samuli Seppänen <samuli@openvpn.net>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Added support for generating installer with unsigned TAP drivers. Fixed Windows
Vista/7 Start menu shortcut uninstall failure.
Signed-off-by: Samuli Seppänen <samuli@openvpn.net>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Removed win/make_dist.py's dependency on TAP-driver and tapinstall.exe building.
Also added manifest embedding commands to win/make_dist.py. To avoid duplicate
code moved the "build_vc" method from win/build.py to win/wb.py and renamed it
"run_in_vs_shell".
Signed-off-by: Samuli Seppänen <samuli@openvpn.net>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* install-win32/settings.in: bump version to 9.7, TAP_RELDATE to "07/03/2010".
* tap-win32/proto.h: add data types and definitions needed for IPv6
* tap-win32/types.h: add m_UserToTap_IPv6 ethernet header for IPv6 packets
* tap-win32/tapdrvr.c: implement support for IPv6 in TUN mode:
- IPv6 packets User->OS need correct ether type
- IPv6 packets OS->User get correctly forwarded
- IPv6 neighbour discovery packets for "fe80::8" (magic address
installed as route-nexthop by OpenVPN.exe) get answered locally
(cherry picked from commit 175e17a5abd5969f6803a9cc9587b7959e1100ae)
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
|
|
|
|
| |
See the chkconfig(8) man page for details.
Signed-off-by: Ville Skyttä <ville.skytta@iki.fi>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
The config-win32.h and service-win32/msvc.mak was not included
into the final source balls when using 'make dist', which is
crucial for Windows building.
Signed-off-by: David Sommerseth <davids@redhat.com>
Acked-by: Samuli Seppänen <samuli@openvpn.net>
|
| |
|
|
| |
Signed-off-by: David Sommerseth <davids@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is intended just as a TEMPORARY solution to get the 2.2-RC released.
The intesion is to get this fixed with a better solution for the final 2.2
release. This patch has also been discussed here:
http://thread.gmane.org/gmane.network.openvpn.devel/4325/
The only reason for this patch to be accepted in its current shape, is
that it will be fixed before the final 2.2 release.
Signed-off-by: Samuli Seppänen <samuli@openvpn.net>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Implemented changes to the buildsystem patchset suggested by jamesyonan in IRC
meeting on 17th Feb 2010:
1) Remove variables added to version.m4 and use win/settings.in instead
2) Add ENABLE_<FEATURE> configuration to win/settings.in instead of parsing
config-win32.h for them
This patch applies on top of the previous 13 patches.
Signed-off-by: Samuli Seppänen <samuli@openvpn.net>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This win/openvpn.nsi file is a heavily cleaned-up version of the
install-win32/openvpn.nsi file. The key differences:
- paths have been adapted to new buildsystem's requirements
- obsolete XGUI support has been removed
- unused Windows version detection has been removed
- variables specific to new build system (win/settings.in, version.m4) are
imported
- a few new installer options have been introduced:
- install lzo2.dll
- install msvcr90.dll (a requirement from VS2008 builds)
Signed-off-by: Samuli Seppänen <samuli@openvpn.net>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
|
|
| |
Signed-off-by: Samuli Seppänen <samuli@openvpn.net>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Added copying of all remaining openvpn dependencies to dist directory so that
the NSI installer script (win/openvpn.nsi) can find and use them more easily.
This includes openvpn.exe, openvpnserv.exe, libpkcs11-helper-1.dll, openssl.exe,
and example files. The associated, external DDL/manifest files are copied also,
so that embedding them with mt.exe is easier. This is a temporary solution until
nmake makefiles are modified to automate this process, except for a few of the
library dependencies (lzo2.dll and libpkcs11-helper-1.dll).
Signed-off-by: Samuli Seppänen <samuli@openvpn.net>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
|
|
| |
Signed-off-by: Samuli Seppänen <samuli@openvpn.net>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
|
|
|
|
|
| |
Made win/build.py call nmake in service-win32 directory to build openvpnserv.exe
after main build (openvpn.exe) has finished.
Signed-off-by: Samuli Seppänen <samuli@openvpn.net>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
|
|
|
|
|
|
| |
Python-based buildsystem uses win/config.py to obtain global build parameters
from various sources. Added parsing of the (fake) configure.h and version.m4 to
it so that other Python build files can use them.
Signed-off-by: Samuli Seppänen <samuli@openvpn.net>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
|
|
|
|
|
|
| |
Modified win/build_all.py so that by giving -n or --notap switch the TAP driver
is not built. This is useful if using prebuilt TAP drivers, or when WinDDK is
not installed.
Signed-off-by: Samuli Seppänen <samuli@openvpn.net>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
