summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* define IN6_ARE_ADDR_EQUAL macro for WIN32Heiko Hund2011-08-311-0/+6
| | | | | | | | | Windows headers do not define the IN6_ARE_ADDR_EQUAL macro. It needs to be defined locally when building for WIN32. Signed-off-by: Heiko Hund <heiko.hund@sophos.com> Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: David Sommerseth <davids@redhat.com>
* lowercase include header name in syshead.hHeiko Hund2011-08-311-1/+1
| | | | | | | | | | | | | | | Cross compiling for Windows is broken since commit 739fa9881f12e67dc8b9cadc7230e59e7fe42423 added the mixed case header name "NtDDNdis.h" to the file. While this header exists in a MinGW build environment it's lowercase there. Windows doesn't mind the case of a file name, but Linux does. So, lowercasing the filename will make openvpn build in both worlds. Signed-off-by: Heiko Hund <heiko.hund@sophos.com> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
* Fixed a typo in win32.h that prevented building with Visual StudioSamuli Seppänen2011-08-251-1/+1
| | | | | | | Signed-off-by: Samuli Seppänen <samuli@openvpn.net> Tested-by: Samuli Seppänen <samuli@openvpn.net> Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: David Sommerseth <davids@redhat.com>
* Additional Visual Studio 2008 build fixes to tun.cSamuli Seppänen2011-08-251-1/+2
| | | | | | | Tested-by: Samuli Seppänen <samuli@openvpn.net> Signed-off-by: Samuli Seppänen <samuli@openvpn.net> Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: David Sommerseth <davids@redhat.com>
* USE_PF_INET6 by default for v2.3JuanJo Ciarlante2011-08-2510-246/+33
| | | | | | | | | | | | | | | | | - put all #ifdef'd code in place, kill the cpp symbol, - thus in v2.3 it's not actually possible to --disable-ipv6 :) RATIONALE: #1 some wacky compilers choke on #ifdef'd constructions for concatenated strings, and given that: #2 v2.3 has already transport ipv6 by default => doesn't justify putting effort on #1 to keep USE_PF_INET6 ifdef wraps. Signed-off-by: JuanJo Ciarlante <jjo+ml@google.com> Signed-off-by: Samuli Seppänen <samuli@openvpn.net> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
* Replace 32-bit-based add_in6_addr() implementation by an 8-bit based oneGert Doering2011-08-251-18/+16
| | | | | | | | | | Windows has no 32-bit accessor to the union inside "struct in6_addr", and the 8-bit accessor is the only common denominator across BSD, Solaris, Linux and Windows... Signed-off-by: Gert Doering <gert@greenie.muc.de> Acked-by: Samuli Seppänen <samuli@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Fix a Visual Studio 2008 build issue in socket.cSamuli Seppänen2011-08-251-1/+2
| | | | | | | Signed-off-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: Samuli Seppänen <samuli@openvpn.net> Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: David Sommerseth <davids@redhat.com>
* Fix a Visual Studio 2008 build error in options.cSamuli Seppanen2011-08-251-0/+1
| | | | | | | | | | Partially fixes Trac ticket #137 Signed-off-by: Gert Doering <gert@greenie.muc.de> Tested-by: Samuli Seppänen <samuli@openvpn.net> Signed-off-by: Samuli Seppänen <samuli@openvpn.net> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
* Fix a Visual Studio 2008 build error in tun.cSamuli Seppanen2011-08-251-1/+1
| | | | | | | | | | Partially fixes ticket #137 Signed-off-by: Gert Doering <gert@greenie.muc.de> Tested-by: Samuli Seppänen <samuli@openvpn.net> Signed-off-by: Samuli Seppänen <samuli@openvpn.net> Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: David Sommerseth <davids@redhat.com>
* Fix Microsoft Visual Studio incompatibility in plugin.cDavid Sommerseth2011-08-251-10/+10
| | | | | | | | | | | MS Visual Studio don't like to have struct members named in the variable declaration. Without this fix, Visual Studio is not able to compile the new v3 plug-in API. Signed-off-by: David Sommerseth <davids@redhat.com> Tested-by: Samuli Seppänen <samuli@openvpn.net> Signed-off-by: Samuli Seppänen <samuli@openvpn.net> Acked-by: Gert Doering <gert@greenie.muc.de>
* Fixed a number of fatal build errors on Visual Studio 2008Samuli Seppänen2011-08-254-7/+13
| | | | | | | | | | Partially fixes ticket #137 Signed-off-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: Samuli Seppänen <samuli@openvpn.net> Tested-by: Samuli Seppänen <samuli@openvpn.net> Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: David Sommerseth <davids@redhat.com>
* Skip rather than fail test in addressless FreeBSD jails.Matthias Andree2011-08-241-1/+1
| | | | | | Signed-off-by: Matthias Andree <matthias.andree@gmx.de> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
* remove legacy code to query IE proxy informationHeiko Hund2011-08-244-176/+0
| | | | | | | | | The code in ieproxy.[ch] is not used anywhere in OpenVPN anymore. So, there's no need to keep it. Signed-off-by: Heiko Hund <heiko.hund@sophos.com> Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: David Sommerseth <davids@redhat.com>
* Merged TODO.IPv6 with TODO.ipv6 and README.IPv6 with README.ipv6Samuli Seppänen2011-08-244-116/+131
| | | | | | | | | | | Prior to this patch were two sets of IPv6 README/TODO files: one from payload and one from transport patchset. Unfortunately Git on Windows gets very confused of these files, as they only differ in case. This patch merges these sets into one. Signed-off-by: Samuli Seppänen <samuli@openvpn.net> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
* remove function is_proto_tcp()Heiko Hund2011-08-242-7/+1
| | | | | | | | | | | The implementation of is_proto_tcp() was invalid since the IPv6 stuff got merged into master. There's proto_is_tcp() that does the same job right. Remove is_proto_tcp() and make its only caller use proto_is_tcp() instead. Signed-off-by: Heiko Hund <heiko.hund@sophos.com> Acked-By: Gert Doering <gert@greenie.muc.de> Signed-off-by: David Sommerseth <davids@redhat.com>
* add .gitignore to official repositoryHeiko Hund2011-08-241-0/+40
| | | | | | | | | | | This .gitignore make the output of git status a lot more readable. It was made from the dynamically generated files that showed after using both build system. Signed-off-by: Samuli Seppänen <samuli@openvpn.ne> Signed-off-by: Heiko Hund <heiko.hund@sophos.com> Acked-By: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
* For all accesses to "struct route_list * rl", check first that rl is non-NULLGert Doering2011-08-242-7/+11
| | | | | | | | | In IPv4-only mode, this cannot happen, but if IPv6 is enabled and a servers pushes IPv6 routes and no IPv4 routes -> crash boom. Signed-off-by: Gert Doering <gert@greenie.muc.de> Acked-By: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
* "status" management interface command (version >= 2) will nowJames Yonan2011-08-243-4/+20
| | | | | | | | | | | | | | include the username for each connected user. This should generally be backward compatible with existing management interface clients since the new username field is added to the CLIENT_LIST header as well. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7539 e7ae566f-a301-0410-adde-c780ea21d3b5 Conflicts: multi.c - hash_iterator_init() takes only 2 arguments now. Signed-off-by: David Sommerseth <davids@redhat.com>
* CC_PRINT character class now allows any 8-bit character value >= 32.James Yonan2011-08-241-1/+1
| | | | | | | This is done to allow UTF-8 and restrict the use of control characters in usernames, passwords, common names, etc. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7538 e7ae566f-a301-0410-adde-c780ea21d3b5
* Fixed issue where redirect-gateway block-local code was notJames Yonan2011-08-241-1/+1
| | | | | | | correctly calculating the two halves of the subnet if the gateway was in the upper half (Gert Doering). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7537 e7ae566f-a301-0410-adde-c780ea21d3b5
* Increased the --verb threshold for "PID_ERR replay" messagesJames Yonan2011-08-241-2/+2
| | | | | | | | to 4 from 3. Version 2.1.10 git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7522 e7ae566f-a301-0410-adde-c780ea21d3b5
* Changed CC_PRINT character class to allow UTF-8 chars.James Yonan2011-08-242-2/+2
| | | | | | | | This allows usernames, common names, etc. to be UTF-8. Version 2.1.9 git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7518 e7ae566f-a301-0410-adde-c780ea21d3b5
* Modified sanitize_control_message to remove redacted data fromJames Yonan2011-08-241-17/+29
| | | | | | | | control string rather than blotting it out with "_" chars. Version 2.1.8 git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7482 e7ae566f-a301-0410-adde-c780ea21d3b5
* Redact "echo" directive strings from log, sinceJames Yonan2011-08-242-0/+9
| | | | | | | | | these strings (going forward) could conceivably contain security-sensitive data. Version 2.1.7 git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7480 e7ae566f-a301-0410-adde-c780ea21d3b5
* Merge branch 'svn-merger'David Sommerseth2011-08-2418-708/+1366
|\
| * Merge remote branch SVN 2.1 into the git treeDavid Sommerseth2011-08-1918-708/+1366
| |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Hopefully the last SVN merge we need to do, as these merges are getting more and more difficult. Most of the files had minor changes, but due to the CRLF unification patch (commit 6b2883a637fe73492) we got an increased number of conflicts. In addition inclusion of IPv6 support makes the creates a lot of merge issues in route.c and socket.c This merge also reverts commit 7c18c6353904f8c6e7 which merged add_bypass_address() into add_host_route_if_nonlocal(). However the SVN tree began to use add_bypass_address() another place, where at first glance it did not be appropriate to use add_host_route_if_nonlocal(). This merge has gone through a 'make check' without any errors, but have not been tested more thoroughly yet. Conflicts: ChangeLog INSTALL INSTALL-win32.txt Makefile.am acinclude.m4 base64.c buffer.c buffer.h common.h configure.ac contrib/pull-resolv-conf/client.down contrib/pull-resolv-conf/client.up crypto.c cryptoapi.c easy-rsa/2.0/Makefile easy-rsa/2.0/README easy-rsa/2.0/build-ca easy-rsa/2.0/build-dh easy-rsa/2.0/build-inter easy-rsa/2.0/build-key easy-rsa/2.0/build-key-pass easy-rsa/2.0/build-key-pkcs12 easy-rsa/2.0/build-key-server easy-rsa/2.0/build-req easy-rsa/2.0/build-req-pass easy-rsa/2.0/clean-all easy-rsa/2.0/inherit-inter easy-rsa/2.0/list-crl easy-rsa/2.0/pkitool easy-rsa/2.0/revoke-full easy-rsa/2.0/sign-req easy-rsa/2.0/vars easy-rsa/2.0/whichopensslcnf easy-rsa/Windows/build-ca-pass.bat easy-rsa/Windows/build-key-pass.bat easy-rsa/Windows/build-key-server-pass.bat easy-rsa/Windows/init-config.bat easy-rsa/Windows/vars.bat.sample error.c error.h forward.c helper.c httpdigest.c httpdigest.h ieproxy.c init.c init.h install-win32/Makefile.am install-win32/makeopenvpn install-win32/openssl/openssl097.patch install-win32/openssl/openssl098.patch install-win32/openvpn.nsi list.c list.h manage.c manage.h management/management-notes.txt mbuf.c mbuf.h misc.c misc.h mroute.c mroute.h msvc/autodefs.h.in msvc/config.py msvc/msvc.mak mtcp.c mudp.c multi.c multi.h occ.c openvpn-plugin.h openvpn.8 openvpn.h options.c options.h otime.c otime.h perf.c pf.c ping.c pkcs11.c plugin.c plugin.h plugin/auth-pam/README plugin/auth-pam/auth-pam.c pool.c pool.h proto.h proxy.c ps.c push.c reliable.c route.c route.h sample-config-files/firewall.sh sample-scripts/bridge-start sample-scripts/bridge-stop sample-scripts/openvpn.init sample-scripts/verify-cn schedule.c schedule.h service-win32/openvpnserv.c sig.c socket.c socket.h socks.c socks.h ssl.c ssl.h status.c syshead.h tap-win32/SOURCES.in tap-win32/common.h tap-win32/proto.h tap-win32/tapdrvr.c tap-win32/types.h tun.c tun.h version.m4 win/autodefs.h.in win/build.py win/build_all.py win/build_ddk.py win/build_exe.py win/config.py win/config_all.py win/config_tap.py win/config_ti.py win/js.py win/make_dist.py win/msvc.mak.in win/settings.in win/show.py win/sign.py win/tap_span.py win/wb.py win32.c win32.h Signed-off-by: David Sommerseth <davids@redhat.com> Reviewed-by: Gert Doering <gert@greenie.muc.de> Reviewed-by: James Yonan <james@openvpn.net> Reviewed-by: Adriaan de Jong <dejong@fox-it.com>
| | * Fixed MSVC compile error related to r7408.James Yonan2011-07-062-3/+2
| | | | | | | | | | | | | | | | | | | | | Version 2.1.6. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7419 e7ae566f-a301-0410-adde-c780ea21d3b5
| | * Version 2.1.5.James Yonan2011-07-052-2/+2
| | | | | | | | | | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7412 e7ae566f-a301-0410-adde-c780ea21d3b5
| | * Added "management-query-remote" directive (client) to allowJames Yonan2011-07-059-12/+242
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | the management interface to override the "remote" directive. See "remote" command in management/management-notes.txt for documentation. Version 2.1.4. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7410 e7ae566f-a301-0410-adde-c780ea21d3b5
| | * Extended x509-track to allow SHA1 certificate hash to be extracted,James Yonan2011-07-042-41/+63
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | e.g.: x509-track "+SHA1" will extract the SHA1 certificate hash for all certs in the client chain. Version 2.1.3z git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7408 e7ae566f-a301-0410-adde-c780ea21d3b5
| | * Added redirect-gateway block-local flag, with support forJames Yonan2011-06-129-604/+820
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Linux, Mac OS X, and Linux. This flag (which is pushable from server) blocks client access to local LAN while VPN session is active. Added standalone --show-gateway option to show info about default gateway. Extensively refactored get_default_gateway function in route.c to ease implementation of block-local. Removed "Experimental" disclaimer from redirect-gateway man page. Version 2.1.3y. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7334 e7ae566f-a301-0410-adde-c780ea21d3b5
| | * r7316 fixes.James Yonan2011-06-103-4/+5
| | | | | | | | | | | | | | | | | | | | | Version 2.1.3x1. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7332 e7ae566f-a301-0410-adde-c780ea21d3b5
| | * Added support for static challenge/response protocol.James Yonan2011-06-0314-68/+274
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This includes the new "static-challenge" directive. See management/management-notes.txt for details on both static and dynamic challenge/response protocols. All client-side challenge/response code is #ifdefed on ENABLE_CLIENT_CR and can be removed from the build by commenting out the definition of ENABLE_CLIENT_CR in syshead.h. Version 2.1.3x. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7316 e7ae566f-a301-0410-adde-c780ea21d3b5
| | * Fixed compile issues on Windows.James Yonan2011-04-254-4/+4
| | | | | | | | | | | | | | | | | | | | | Version 2.1.3w git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7219 e7ae566f-a301-0410-adde-c780ea21d3b5
| | * Added new "extra-certs" and "verify-hash" options (see man page forJames Yonan2011-04-257-1/+128
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | details). Increase the timeout after SIGUSR1 restart when restart is not due to server_poll_timeout. Version 2.1.3v git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7215 e7ae566f-a301-0410-adde-c780ea21d3b5
| | * Added 'dir' flag to "crl-verify" (see man page for info).James Yonan2011-04-247-61/+96
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Don't call SSL_CTX_set_client_CA_list or SSL_CTX_set_client_CA_list if not running in server mode (these functions are only useful for TLS/SSL servers). Modified openvpn_snprintf to return false on overflow, and true otherwise. When AUTH_FAILED,... is received, log the full string. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7213 e7ae566f-a301-0410-adde-c780ea21d3b5
| | * Revert r7092 and r7151, i.e. remove --enable-osxipconfigJames Yonan2011-04-193-35/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | configure option. ipconfig on Mac has certain behavior that makes it unsuitable for use by OpenVPN to configure tun/tap interface. Version 2.1.3u git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7191 e7ae566f-a301-0410-adde-c780ea21d3b5
| | * Version 2.1.3tJames Yonan2011-04-121-1/+1
| | | | | | | | | | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7152 e7ae566f-a301-0410-adde-c780ea21d3b5
| | * For Mac OSX, when DARWIN_USE_IPCONFIG is defined, retry ipconfigJames Yonan2011-04-121-1/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | command on failure once every second for up to 15 seconds. This is necessary to work around an issue observed on OSX 10.5 where the ipconfig command sometimes fails if executed immediately after the tun device open. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7151 e7ae566f-a301-0410-adde-c780ea21d3b5
| | * Fixed bug in port-share that could cause port share process toJames Yonan2011-04-032-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | crash with output like this: TCP connection established with 85.190.0.3:41781 85.190.0.3:41781 SIGTERM[soft,port-share-redirect] received, client-instance exiting MANAGEMENT: TCP recv error: Socket operation on non-socket MANAGEMENT: Client disconnected MANAGEMENT: Triggering management exit Exiting due to fatal error EVENT: epoll_ctl EPOLL_CTL_MOD failed, sd=6: Bad file descriptor (errno=9) Then an error like this for every incoming connection that should be proxied: 76.120.71.74:55302 PORT SHARE: sendmsg failed -- unable to communicate with background process (6,8,-1,-1): Connection refused (errno=111) Version 2.1.3s git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7127 e7ae566f-a301-0410-adde-c780ea21d3b5
| | * Fixed bug that incorrectly placed stricter TCP packet replay rules onJames Yonan2011-04-026-14/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | UDP sessions when the client daemon was running in UDP/TCP adaptive mode, and transitioned from TCP to UDP. The bug would cause a single dropped packet in UDP mode to trigger a barrage of packet replay errors followed by a disconnect and reconnect. Version 2.1.3r git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7125 e7ae566f-a301-0410-adde-c780ea21d3b5
| | * Added more packet ID debug info at debug level 3 for debuggingJames Yonan2011-03-316-28/+142
| | | | | | | | | | | | | | | | | | | | | | | | | | | false positive packet replays. Version 2.1.3q. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7109 e7ae566f-a301-0410-adde-c780ea21d3b5
| | * Added ./configure --enable-osxipconfig option for Mac OS X which willJames Yonan2011-03-273-2/+26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | enable the use of ipconfig (instead of ifconfig) for configuring the IP address and netmask of the tun/tap adapter. Version 2.1.3p git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7092 e7ae566f-a301-0410-adde-c780ea21d3b5
| | * Added "auth-token" client directive, which is intended to beJames Yonan2011-03-2611-13/+113
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | pushed by server, and that is used to offer a temporary session token to clients that can be used in place of a password on subsequent credential challenges. This accomplishes the security benefit of preventing caching of the real password while offering most of the advantages of password caching, i.e. not forcing the user to re-enter credentials for every TLS renegotiation or network hiccup. auth-token does two things: 1. if password caching is enabled, the token replaces the previous password, and 2. if the management interface is active, the token is output to it: >PASSWORD:Auth-Token:<token> Also made a minor change to HALT/RESTART processing when password caching is enabled. When client receives a HALT or RESTART message, and if the message text contains a flags block (i.e. [FFF]:message), if flag 'P' (preserve auth) is present in flags, don't purge the Auth password. Otherwise do purge the Auth password. Version 2.1.3o git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7088 e7ae566f-a301-0410-adde-c780ea21d3b5
| | * win/sign.py now accepts an optional tap-dir argument.James Yonan2011-03-251-4/+8
| | | | | | | | | | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7086 e7ae566f-a301-0410-adde-c780ea21d3b5
| | * Version 2.1.3nJames Yonan2011-03-211-1/+1
| | | | | | | | | | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7069 e7ae566f-a301-0410-adde-c780ea21d3b5
| | * Client will now try to reconnect if no push reply receivedJames Yonan2011-03-204-3/+20
| | | | | | | | | | | | | | | | | | | | | within handshake-window seconds. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7066 e7ae566f-a301-0410-adde-c780ea21d3b5
| | * Extended "client-kill" management interface command (server-side)James Yonan2011-03-207-19/+53
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | to accept an optional message string. The message string format is: RESTART|HALT,<human-readable-message> RESTART will tell the client to restart (i.e. SIGUSR1). HALT will tell the client to exit (i.e. SIGTERM). On the client, human-readable-message will be communicated via management interface: >NOTIFY,<severity>,<type>,<human-readable-message>" Version 2.1.3m git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7063 e7ae566f-a301-0410-adde-c780ea21d3b5
| | * Fixed bug introduced in r7031 that might cause this error message:James Yonan2011-03-201-6/+16
| | | | | | | | | | | | | | | | | | | | | PORT SHARE: sendmsg failed (unable to communicate with background process) git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7062 e7ae566f-a301-0410-adde-c780ea21d3b5
| | * Fixed issue where a client might receive multiple push replies fromJames Yonan2011-03-183-2/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | a server if it sent multiple push requests due to the server being slow to respond. This could cause the client to process pushed options twice, leading to duplicate pushed routes, among other issues. The fix, implemented server-side, is to reply only once to a push request even if multiple requests are received. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7060 e7ae566f-a301-0410-adde-c780ea21d3b5
generated by cgit (git 2.34.1) at 2024-07-03 05:50:17 +0000