summaryrefslogtreecommitdiffstats
path: root/options.c
Commit message (Collapse)AuthorAgeFilesLines
* Fixed format string issue in read_inline_file,james2008-07-181-1/+1
| | | | | | | used in the config file parser. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3078 e7ae566f-a301-0410-adde-c780ea21d3b5
* Copyright change OpenVPN Solutions LLC -> Telethra, Inc.james2008-07-141-2/+2
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3048 e7ae566f-a301-0410-adde-c780ea21d3b5
* Updated copyright notice to 2008.james2008-06-111-2/+2
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2995 e7ae566f-a301-0410-adde-c780ea21d3b5
* Merged connection profiles fromjames2008-06-111-314/+513
| | | | | | | http://svn.openvpn.net/projects/openvpn/test/conn git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2993 e7ae566f-a301-0410-adde-c780ea21d3b5
* Updated version to 2.1_rc7e.james2008-06-111-22/+39
| | | | | | | | | | | | | | | | | | | Added client authentication and packet filtering capability to management interface. Extended packet filtering capability to work on both --dev tun and --dev tap tunnels. Updated valgrind-suppress file. Made "Linux ip addr del failed" error nonfatal. Amplified --client-cert-not-required warning. Added #pragma pack to proto.h. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2991 e7ae566f-a301-0410-adde-c780ea21d3b5
* Incremented version to 2.1_rc7d.james2008-06-041-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Support asynchronous authentication by plugins by allowing OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY to return OPENVPN_PLUGIN_FUNC_DEFERRED. See comments in openvpn-plugin.h for documentation. Enabled by ENABLE_DEF_AUTH. Added a simple packet filter functionality that can be driven by a plugin. See comments in openvpn-plugin.h for documentation. Enabled by ENABLE_PF. See openvpn/plugin/defer/simple.c for examples of ENABLE_DEF_AUTH and ENABLE_PF. "TLS Error: local/remote TLS keys are out of sync" is no longer a fatal error for TCP-based sessions, since the error can arise normally in the course of deferred authentication. In a related change, allow packet-id sequence to begin at some number n > 0 for TCP sessions, rather than strictly requiring sequence to begin at 1. Added a test to configure.ac for LoadLibrary function on Windows. Modified "make dist" function to include all files from install-win32 so that ./domake-win can be run from a tarball-expanded directory. setenv and setenv-safe directives may now omit a value argument which defaults to "". git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2978 e7ae566f-a301-0410-adde-c780ea21d3b5
* Moved branch into official BETA21 position.james2008-05-121-11/+16
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2959 e7ae566f-a301-0410-adde-c780ea21d3b5
* Fixed pkcs11_private_mode undef.james2008-01-241-1/+1
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2664 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added --management-forget-disconnect option -- forgetjames2008-01-231-1/+10
| | | | | | | passwords when management session disconnects (Alon Bar-Lev). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2652 e7ae566f-a301-0410-adde-c780ea21d3b5
* Allow OpenVPN to run completely unprivileged under Linuxjames2008-01-211-0/+12
| | | | | | | | | | by allowing openvpn --mktun to be used with --user and --group to set the UID/GID of the tun device node. Also added --iproute option to allow an alternative command to be executed in place of the default iproute2 command (Alon Bar-Lev). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2639 e7ae566f-a301-0410-adde-c780ea21d3b5
* Use pkcs11-helper as external library, can be downloadedjames2007-10-221-91/+21
| | | | | | | from https://www.opensc-project.org/pkcs11-helper (Alon Bar-Lev). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2418 e7ae566f-a301-0410-adde-c780ea21d3b5
* Modified command line and config file parser to allowjames2007-10-221-1/+16
| | | | | | | quoted strings using single quotes ('') (Alon Bar-Lev). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2414 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added --management-signal option to signal SIGUSR1 when the managementjames2007-10-221-1/+8
| | | | | | | interface disconnects (Alon Bar-Lev). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2413 e7ae566f-a301-0410-adde-c780ea21d3b5
* TAP driver now passes signing tests on Vista x64.james2007-04-251-0/+3
| | | | | | | | | | Added new settings to settings.in to better control build process. Removed some unneeded JYFIXMEs from source code. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1874 e7ae566f-a301-0410-adde-c780ea21d3b5
* On Windows, revert to "ip-win32 dynamic" as the default.james2007-02-281-1/+1
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1749 e7ae566f-a301-0410-adde-c780ea21d3b5
* The Windows version will now use a default route-delayjames2007-02-271-1/+1
| | | | | | | | of 5 seconds to deal with an apparent routing table race condition on Vista. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1747 e7ae566f-a301-0410-adde-c780ea21d3b5
* Eliminated gcc 3.3.3 warnings on NetBSDjames2006-06-241-1/+1
| | | | | | | when ./configure --enable-strict is used. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1040 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added optional minimum-number-of-bytesjames2006-06-111-1/+4
| | | | | | | parameter to --inactive directive. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1036 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added --lladdr option to specify the link layer (MAC) addressjames2006-04-131-0/+11
| | | | | | | for the tap interface on non-Windows platforms (Roy Marples). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1012 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added --route-metric option to set a default route metricjames2006-04-131-0/+7
| | | | | | | for --route (Roy Marples). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1011 e7ae566f-a301-0410-adde-c780ea21d3b5
* I've recently worked on a better version of pkcs11-helper. I've also mergedjames2006-04-051-27/+43
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | it into QCA (Qt Cryptographic Architecture), so that KDE 4 will finally be able to use smartcards. The changes allows the following features: 1. Thread safe, is activated if USE_PTHREAD. 2. Slot event - Will allow us in the future to disconnect VPN when smartcard is removed. In order to support this OpenVPN must support threading... At least SIGUSR1 from a different thread. Threading should be supported in both Windows and Linux. -- currently disabled. When I talk about threading support it is just support in configuration script and that the method that SIGUSR1 self can be called from a different thread. I already handle the monitor threads. 3. Certificate enumeration - Will allow us to finally have one configuration file for all users! When you add the plugin GUI stuff you talked about, we will be able to display a list of available certificates for the user to select. -- currently disabled. 4. Data object manipulation - Will allow us to store tls-auth on the smartcard as well. -- currently disabled. 5. Many other minor improvements. Alon Bar-Lev git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@990 e7ae566f-a301-0410-adde-c780ea21d3b5
* Security Vulnerability -- An OpenVPN client connecting to ajames2006-04-051-1/+6
| | | | | | | | | | | | | | | | | | | | | | | | | malicious or compromised server could potentially receive "setenv" configuration directives from the server which could cause arbitrary code execution on the client via a LD_PRELOAD attack. A successful attack appears to require that (a) the client has agreed to allow the server to push configuration directives to it by including "pull" or the macro "client" in its configuration file, (b) the client configuration file uses a scripting directive such as "up" or "down", (c) the client succesfully authenticates the server, (d) the server is malicious or has been compromised and is under the control of the attacker, and (e) the attacker has at least some level of pre-existing control over files on the client (this might be accomplished by having the server respond to a client web request with a specially crafted file). The fix is to disallow "setenv" to be pushed to clients from the server, and to add a new directive "setenv-safe" which is pushable from the server, but which appends "OPENVPN_" to the name of each remotely set environmental variable. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@983 e7ae566f-a301-0410-adde-c780ea21d3b5
* svn merge -r 888:889 ↵james2006-02-161-3/+3
| | | | | | https://svn.openvpn.net/projects/openvpn/contrib/alon/BETA21 21 git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@894 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added --port-share option for allowing OpenVPN and HTTPSjames2006-02-161-0/+34
| | | | | | | server to share the same port number. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@893 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added feature to --management-client to confirm connectionjames2006-02-031-1/+4
| | | | | | | by writing IP addr and port to a file. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@885 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added --management-client option to connect as a client tojames2006-01-231-1/+9
| | | | | | | management GUI app rather than be connected to as a server. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@884 e7ae566f-a301-0410-adde-c780ea21d3b5
* Man page and usage message changes to reflectjames2005-12-221-1/+2
| | | | | | | --ip-win32 adaptive and --route-method adaptive. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@859 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added new option --route-method adaptive (Win32)james2005-12-221-3/+5
| | | | | | | | | which tries IP helper API first, then falls back to route.exe. Made --route-method adaptive the default. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@858 e7ae566f-a301-0410-adde-c780ea21d3b5
* --ip-win32 adaptive is now the default.james2005-12-221-0/+4
| | | | | | | | | --ip-win32 netsh (or --ip-win32 adaptive when in netsh mode) can now set DNS/WINS addresses on the TAP-Win32 adapter. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@857 e7ae566f-a301-0410-adde-c780ea21d3b5
* svn merge -r 845:854 $SO/trunk/openvpn .james2005-12-141-11/+2
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@855 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added --auto-proxy directive to auto-detect HTTP or SOCKSjames2005-12-121-76/+70
| | | | | | | proxy settings (currently Windows only). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@850 e7ae566f-a301-0410-adde-c780ea21d3b5
* First attempt at automatic proxy detection,james2005-12-081-10/+68
| | | | | | | | Windows-only at this point. Proxy settings are taken from IE. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@846 e7ae566f-a301-0410-adde-c780ea21d3b5
* Inline file capability now works forjames2005-12-081-0/+24
| | | | | | | | | | | --secret and --tls-auth. For example: <secret> [ascii key data] </secret> git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@844 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added --connect-timeout option to control the timeoutjames2005-11-251-1/+13
| | | | | | | | | on TCP client connection attempts (doesn't work on all OSes). This patch also makes OpenVPN signalable during TCP connection attempts. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@823 e7ae566f-a301-0410-adde-c780ea21d3b5
* For Windows, set ip-win32 default back to dynamic.james2005-11-121-1/+1
| | | | | | | To use new adaptive mode, set explicitly. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@805 e7ae566f-a301-0410-adde-c780ea21d3b5
* Fixed minor typos in --remote-cert-* documentation.james2005-11-121-1/+1
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@798 e7ae566f-a301-0410-adde-c780ea21d3b5
* Merged --remote-cert-ku, --remote-cert-eku, andjames2005-11-121-0/+58
| | | | | | | | --remote-cert-tls from Alon's branch: svn merge -r 793:796 $SO/contrib/alon/BETA21/openvpn . git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@797 e7ae566f-a301-0410-adde-c780ea21d3b5
* Merged (with some changes) Alon'sjames2005-11-091-0/+8
| | | | | | | | | | | | | connect-retry-max option from /contrib/alon/BETA21@783. Added uninit_management_callback call to init_instance_handle_signals so that signals thrown during initialization can bring us back to a management hold. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@786 e7ae566f-a301-0410-adde-c780ea21d3b5
* Removed annoying 'i' variable from add_option.james2005-11-091-218/+16
| | | | | | | | | | | | | | | | | | Allow plugin and push directives to have multiple parameters specified instead of only 1 quoted parameter. Allow plugin and push directives to have multi-line parameter lists, such as: <plugin> my-plugin.so parm1 parm2 </plugin> git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@785 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added ENABLE_INLINE_FILES feature.james2005-11-081-0/+134
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@784 e7ae566f-a301-0410-adde-c780ea21d3b5
* Documented --ip-win32 adaptive.james2005-11-031-2/+2
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@768 e7ae566f-a301-0410-adde-c780ea21d3b5
* Documented --route-nopull.james2005-11-031-0/+2
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@767 e7ae566f-a301-0410-adde-c780ea21d3b5
* More PKCS#11 changes.james2005-11-011-0/+10
| | | | | | | Merged with https://svn.openvpn.net/projects/openvpn/contrib/alon/BETA21@752 git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@753 e7ae566f-a301-0410-adde-c780ea21d3b5
* svn merge -r 734:737 $SO/trunk/openvpnjames2005-10-311-1/+1
| | | | | | | Security fixes from 2.0.3 git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@740 e7ae566f-a301-0410-adde-c780ea21d3b5
* Windows reliability changes:james2005-10-311-4/+8
| | | | | | | | | | | * Added code to make sure that the local PATH environmental variable points to the Windows system32 directory. * Added new --ip-win32 adaptive mode which tries 'dynamic' and then fails over to 'netsh' if the DHCP negotiation fails. * Made --ip-win32 adaptive the default. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@739 e7ae566f-a301-0410-adde-c780ea21d3b5
* Merged with Alon's r688.james2005-10-201-2/+2
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@689 e7ae566f-a301-0410-adde-c780ea21d3b5
* Brought up-to-date with Alon's PKCS11 patch atjames2005-10-171-124/+130
| | | | | | | | https://svn.openvpn.net/projects/openvpn/contrib/alon/BETA21/openvpn@645 Pre-2.1_beta5 git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@648 e7ae566f-a301-0410-adde-c780ea21d3b5
* svn merge -r 614:615 $SO/patches/openvpn-2-1_alpha3a-tcpbindjames2005-10-151-2/+48
| | | | | | | | Added --bind option for TCP client connections (Ewan Bhamrah Harley). Pre-2.1-beta3 git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@623 e7ae566f-a301-0410-adde-c780ea21d3b5
* svn merge -r 618:619 $SO/patches/openvpn-2-0_rc16-mh/openvpnjames2005-10-151-0/+10
| | | | | | | | Merged --multihome patch + aggregated sockflags. Pre-2.1_beta3 git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@622 e7ae566f-a301-0410-adde-c780ea21d3b5
* Merged --capath patch (Thomas Noel).james2005-10-151-2/+21
| | | | | | | | svn merge -r 616:617 $SO/patches/2.0.x-r599-capath/openvpn Pre-2.1_beta3 git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@621 e7ae566f-a301-0410-adde-c780ea21d3b5
generated by cgit (git 2.34.1) at 2024-05-12 10:47:02 +0000