| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
Version 2.1.3x1.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7332 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This includes the new "static-challenge" directive.
See management/management-notes.txt for details on both
static and dynamic challenge/response protocols.
All client-side challenge/response code is #ifdefed on
ENABLE_CLIENT_CR and can be removed from the build
by commenting out the definition of ENABLE_CLIENT_CR
in syshead.h.
Version 2.1.3x.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7316 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
|
|
|
|
|
| |
Version 2.1.3w
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7219 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
|
|
|
|
|
|
|
|
|
|
| |
details).
Increase the timeout after SIGUSR1 restart when restart is not
due to server_poll_timeout.
Version 2.1.3v
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7215 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Don't call SSL_CTX_set_client_CA_list or SSL_CTX_set_client_CA_list
if not running in server mode (these functions are only useful for
TLS/SSL servers).
Modified openvpn_snprintf to return false on overflow, and true
otherwise.
When AUTH_FAILED,... is received, log the full string.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7213 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
|
|
|
|
|
|
|
|
| |
configure option. ipconfig on Mac has certain behavior that makes
it unsuitable for use by OpenVPN to configure tun/tap interface.
Version 2.1.3u
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7191 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
|
|
| |
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7152 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
|
|
|
|
|
|
|
|
| |
command on failure once every second for up to 15 seconds. This
is necessary to work around an issue observed on OSX 10.5 where
the ipconfig command sometimes fails if executed immediately after
the tun device open.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7151 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
crash with output like this:
TCP connection established with 85.190.0.3:41781
85.190.0.3:41781 SIGTERM[soft,port-share-redirect] received, client-instance exiting
MANAGEMENT: TCP recv error: Socket operation on non-socket
MANAGEMENT: Client disconnected
MANAGEMENT: Triggering management exit
Exiting due to fatal error
EVENT: epoll_ctl EPOLL_CTL_MOD failed, sd=6: Bad file descriptor (errno=9)
Then an error like this for every incoming connection that should be
proxied:
76.120.71.74:55302 PORT SHARE: sendmsg failed -- unable to communicate with background process (6,8,-1,-1): Connection refused (errno=111)
Version 2.1.3s
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7127 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
UDP sessions when the client daemon was running in UDP/TCP adaptive
mode, and transitioned from TCP to UDP.
The bug would cause a single dropped packet in UDP mode to trigger a
barrage of packet replay errors followed by a disconnect and
reconnect.
Version 2.1.3r
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7125 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
|
|
|
|
|
|
|
| |
false positive packet replays.
Version 2.1.3q.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7109 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
|
|
|
|
|
|
|
|
| |
enable the use of ipconfig (instead of ifconfig) for configuring the
IP address and netmask of the tun/tap adapter.
Version 2.1.3p
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7092 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
pushed by server, and that is used to offer a temporary session
token to clients that can be used in place of a password on
subsequent credential challenges.
This accomplishes the security benefit of preventing caching
of the real password while offering most of the advantages
of password caching, i.e. not forcing the user to re-enter
credentials for every TLS renegotiation or network hiccup.
auth-token does two things:
1. if password caching is enabled, the token replaces the
previous password, and
2. if the management interface is active, the token is output
to it:
>PASSWORD:Auth-Token:<token>
Also made a minor change to HALT/RESTART processing when password
caching is enabled. When client receives a HALT or RESTART message,
and if the message text contains a flags block (i.e. [FFF]:message),
if flag 'P' (preserve auth) is present in flags, don't purge the Auth
password. Otherwise do purge the Auth password.
Version 2.1.3o
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7088 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
|
|
| |
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7086 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
|
|
| |
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7069 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
|
|
|
|
|
| |
within handshake-window seconds.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7066 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
to accept an optional message string. The message string format is:
RESTART|HALT,<human-readable-message>
RESTART will tell the client to restart (i.e. SIGUSR1).
HALT will tell the client to exit (i.e. SIGTERM).
On the client, human-readable-message will be communicated via
management interface:
>NOTIFY,<severity>,<type>,<human-readable-message>"
Version 2.1.3m
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7063 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
|
|
|
|
|
| |
PORT SHARE: sendmsg failed (unable to communicate with background process)
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7062 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
|
|
|
|
|
|
|
|
|
| |
a server if it sent multiple push requests due to the server being
slow to respond. This could cause the client to process pushed
options twice, leading to duplicate pushed routes, among other issues.
The fix, implemented server-side, is to reply only once to a push
request even if multiple requests are received.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7060 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
|
|
|
|
|
| |
in chain (as tls_serial_n vars), rather than only tls_serial_0.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7055 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7051 e7ae566f-a301-0410-adde-c780ea21d3b5
|