summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* r7316 fixes.James Yonan2011-06-103-4/+5
| | | | | | | Version 2.1.3x1. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7332 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added support for static challenge/response protocol.James Yonan2011-06-0314-68/+274
| | | | | | | | | | | | | | | | | This includes the new "static-challenge" directive. See management/management-notes.txt for details on both static and dynamic challenge/response protocols. All client-side challenge/response code is #ifdefed on ENABLE_CLIENT_CR and can be removed from the build by commenting out the definition of ENABLE_CLIENT_CR in syshead.h. Version 2.1.3x. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7316 e7ae566f-a301-0410-adde-c780ea21d3b5
* Fixed compile issues on Windows.James Yonan2011-04-254-4/+4
| | | | | | | Version 2.1.3w git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7219 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added new "extra-certs" and "verify-hash" options (see man page forJames Yonan2011-04-257-1/+128
| | | | | | | | | | | | details). Increase the timeout after SIGUSR1 restart when restart is not due to server_poll_timeout. Version 2.1.3v git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7215 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added 'dir' flag to "crl-verify" (see man page for info).James Yonan2011-04-247-61/+96
| | | | | | | | | | | | | | Don't call SSL_CTX_set_client_CA_list or SSL_CTX_set_client_CA_list if not running in server mode (these functions are only useful for TLS/SSL servers). Modified openvpn_snprintf to return false on overflow, and true otherwise. When AUTH_FAILED,... is received, log the full string. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7213 e7ae566f-a301-0410-adde-c780ea21d3b5
* Revert r7092 and r7151, i.e. remove --enable-osxipconfigJames Yonan2011-04-193-35/+1
| | | | | | | | | | configure option. ipconfig on Mac has certain behavior that makes it unsuitable for use by OpenVPN to configure tun/tap interface. Version 2.1.3u git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7191 e7ae566f-a301-0410-adde-c780ea21d3b5
* Version 2.1.3tJames Yonan2011-04-121-1/+1
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7152 e7ae566f-a301-0410-adde-c780ea21d3b5
* For Mac OSX, when DARWIN_USE_IPCONFIG is defined, retry ipconfigJames Yonan2011-04-121-1/+11
| | | | | | | | | | command on failure once every second for up to 15 seconds. This is necessary to work around an issue observed on OSX 10.5 where the ipconfig command sometimes fails if executed immediately after the tun device open. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7151 e7ae566f-a301-0410-adde-c780ea21d3b5
* Fixed bug in port-share that could cause port share process toJames Yonan2011-04-032-1/+4
| | | | | | | | | | | | | | | | | | | | | | crash with output like this: TCP connection established with 85.190.0.3:41781 85.190.0.3:41781 SIGTERM[soft,port-share-redirect] received, client-instance exiting MANAGEMENT: TCP recv error: Socket operation on non-socket MANAGEMENT: Client disconnected MANAGEMENT: Triggering management exit Exiting due to fatal error EVENT: epoll_ctl EPOLL_CTL_MOD failed, sd=6: Bad file descriptor (errno=9) Then an error like this for every incoming connection that should be proxied: 76.120.71.74:55302 PORT SHARE: sendmsg failed -- unable to communicate with background process (6,8,-1,-1): Connection refused (errno=111) Version 2.1.3s git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7127 e7ae566f-a301-0410-adde-c780ea21d3b5
* Fixed bug that incorrectly placed stricter TCP packet replay rules onJames Yonan2011-04-026-14/+15
| | | | | | | | | | | | | | UDP sessions when the client daemon was running in UDP/TCP adaptive mode, and transitioned from TCP to UDP. The bug would cause a single dropped packet in UDP mode to trigger a barrage of packet replay errors followed by a disconnect and reconnect. Version 2.1.3r git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7125 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added more packet ID debug info at debug level 3 for debuggingJames Yonan2011-03-316-28/+142
| | | | | | | | | false positive packet replays. Version 2.1.3q. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7109 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added ./configure --enable-osxipconfig option for Mac OS X which willJames Yonan2011-03-273-2/+26
| | | | | | | | | | enable the use of ipconfig (instead of ifconfig) for configuring the IP address and netmask of the tun/tap adapter. Version 2.1.3p git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7092 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added "auth-token" client directive, which is intended to beJames Yonan2011-03-2611-13/+113
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | pushed by server, and that is used to offer a temporary session token to clients that can be used in place of a password on subsequent credential challenges. This accomplishes the security benefit of preventing caching of the real password while offering most of the advantages of password caching, i.e. not forcing the user to re-enter credentials for every TLS renegotiation or network hiccup. auth-token does two things: 1. if password caching is enabled, the token replaces the previous password, and 2. if the management interface is active, the token is output to it: >PASSWORD:Auth-Token:<token> Also made a minor change to HALT/RESTART processing when password caching is enabled. When client receives a HALT or RESTART message, and if the message text contains a flags block (i.e. [FFF]:message), if flag 'P' (preserve auth) is present in flags, don't purge the Auth password. Otherwise do purge the Auth password. Version 2.1.3o git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7088 e7ae566f-a301-0410-adde-c780ea21d3b5
* win/sign.py now accepts an optional tap-dir argument.James Yonan2011-03-251-4/+8
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7086 e7ae566f-a301-0410-adde-c780ea21d3b5
* Version 2.1.3nJames Yonan2011-03-211-1/+1
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7069 e7ae566f-a301-0410-adde-c780ea21d3b5
* Client will now try to reconnect if no push reply receivedJames Yonan2011-03-204-3/+20
| | | | | | | within handshake-window seconds. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7066 e7ae566f-a301-0410-adde-c780ea21d3b5
* Extended "client-kill" management interface command (server-side)James Yonan2011-03-207-19/+53
| | | | | | | | | | | | | | | | | | | | to accept an optional message string. The message string format is: RESTART|HALT,<human-readable-message> RESTART will tell the client to restart (i.e. SIGUSR1). HALT will tell the client to exit (i.e. SIGTERM). On the client, human-readable-message will be communicated via management interface: >NOTIFY,<severity>,<type>,<human-readable-message>" Version 2.1.3m git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7063 e7ae566f-a301-0410-adde-c780ea21d3b5
* Fixed bug introduced in r7031 that might cause this error message:James Yonan2011-03-201-6/+16
| | | | | | | PORT SHARE: sendmsg failed (unable to communicate with background process) git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7062 e7ae566f-a301-0410-adde-c780ea21d3b5
* Fixed issue where a client might receive multiple push replies fromJames Yonan2011-03-183-2/+14
| | | | | | | | | | | a server if it sent multiple push requests due to the server being slow to respond. This could cause the client to process pushed options twice, leading to duplicate pushed routes, among other issues. The fix, implemented server-side, is to reply only once to a push request even if multiple requests are received. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7060 e7ae566f-a301-0410-adde-c780ea21d3b5
* env_filter_match now includes the serial number of all certsJames Yonan2011-03-171-1/+1
| | | | | | | in chain (as tls_serial_n vars), rather than only tls_serial_0. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7055 e7ae566f-a301-0410-adde-c780ea21d3b5
* Renamed branch to reflect that it is no longer beta.James Yonan2011-03-17355-0/+104511
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7051 e7ae566f-a301-0410-adde-c780ea21d3b5
generated by cgit (git 2.34.1) at 2024-07-02 14:50:58 +0000