summaryrefslogtreecommitdiffstats
path: root/options.c
Commit message (Collapse)AuthorAgeFilesLines
* Update copyright to 2009.james2009-05-301-2/+2
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4477 e7ae566f-a301-0410-adde-c780ea21d3b5
* Fixed bug where the remote_X environmental variables were not beingjames2009-05-301-2/+2
| | | | | | | set correctly when the 'local' option is specifed. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4476 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added new 'autolocal' redirect-gateway flag. When enabled, the OpenVPNjames2009-05-241-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | client will examine the routing table and determine whether (a) the OpenVPN server is reachable via a locally connected interface, or (b) traffic to the server must be forwarded through the default router. Only add a special bypass route for the OpenVPN server if (b) is true. If (a) is true, behave as if the 'local' flag is specified, and do not add a bypass route. The new 'autolocal' flag depends on the non-portable test_local_addr() function in route.c, which is currently only implemented for Windows. The 'autolocal' flag will act as a no-op on platforms that have not yet defined a test_local_addr() function. Increased TLS_CHANNEL_BUF_SIZE to 2048 from 1024 (this will allow for more option content to be pushed from server to client). Raised D_MULTI_DROPPED debug level to 4 from 3. Version 2.1_rc16b. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4446 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added "redirect-private" option which allows private subnetsjames2009-05-231-3/+7
| | | | | | | | | to be pushed to the client in such a way that they don't accidently obscure critical local addresses such as the DHCP server address and DNS server addresses. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4436 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added errors-to-stderr option. When enabled, fatal errorsjames2009-04-131-1/+6
| | | | | | | | that result in the termination of the daemon will be written to stderr. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4131 e7ae566f-a301-0410-adde-c780ea21d3b5
* Allow "management-client" directive to be usedjames2009-04-101-6/+2
| | | | | | | with unix domain sockets. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4128 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added the ability to read the configuration filejames2009-04-091-2/+6
| | | | | | | | from stdin, when "stdin" is given as the config file name. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4127 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added daemon_start_time and daemon_pid environmental variables.james2008-12-261-0/+2
| | | | | | | In management interface, added new ">CLIENT:ESTABLISHED" notification. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3763 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added optional "nogw" (no gateway) flag to --server-bridgejames2008-11-201-0/+6
| | | | | | | | | | to inhibit the pushing of the route-gateway parameter to clients. Miscellaneous man page edits, fixed some formatting issues. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3550 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added --tcp-nodelay option: Macro that sets TCP_NODELAY socketjames2008-11-181-0/+10
| | | | | | | flag on the server as well as pushes it to connecting clients. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3513 e7ae566f-a301-0410-adde-c780ea21d3b5
* Minor options check fix: --no-name-remapping is ajames2008-11-181-0/+2
| | | | | | | | server-only option and should therefore generate an error when used on the client. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3506 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added server-side --opt-verify option: clients that connectjames2008-11-181-0/+9
| | | | | | | | with options that are incompatible with those of the server will be disconnected. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3505 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added --prng option to control PRNG (pseudo-randomjames2008-11-181-0/+28
| | | | | | | | | | | number generator) parameters. In previous OpenVPN versions, the PRNG was hardcoded to use the SHA1 hash. Now any OpenSSL hash may be used. This is part of an effort to remove hardcoded references to a specific cipher or cryptographic hash algorithm. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3503 e7ae566f-a301-0410-adde-c780ea21d3b5
* * Added additional method parameter to --script-security to preservejames2008-11-171-7/+28
| | | | | | | | | | backward compatibility with system() call semantics used in OpenVPN 2.1_rc8 and earlier. To preserve backward compatibility use: script-security 3 system git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3495 e7ae566f-a301-0410-adde-c780ea21d3b5
* Minor fix to previous commit (r3476).james2008-11-051-3/+3
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3477 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added config file option "setenv FORWARD_COMPATIBLE 1" to relaxjames2008-11-041-2/+16
| | | | | | | | config file syntax checking to allow directives for future OpenVPN versions to be ignored. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3476 e7ae566f-a301-0410-adde-c780ea21d3b5
* Fixed some ifconfig-pool issues that precludedjames2008-11-031-1/+2
| | | | | | | | | | | | | | | it from being combined with --server directive. Now, for example, we can configure thusly: server 10.8.0.0 255.255.255.0 nopool ifconfig-pool 10.8.0.2 10.8.0.99 255.255.255.0 to have ifconfig-pool manage only a subset of the VPN subnet. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3471 e7ae566f-a301-0410-adde-c780ea21d3b5
* Updated docs to reflect the addition ofjames2008-10-311-1/+1
| | | | | | | --status-version 3. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3468 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added --no-name-remapping option to allow Common Name, X509 Subject,james2008-10-311-0/+7
| | | | | | | | | and username strings to include any printable character including space, but excluding control characters such as tab, newline, and carriage-return. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3467 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added --status-version 3 which is the same as version 2james2008-10-311-2/+2
| | | | | | | except tabs are used as delimiters instead of commas. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3466 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added server-side --auth-user-pass-optional directive, to allowjames2008-10-281-8/+18
| | | | | | | | | connections by clients that do not specify a username/password, when a user-defined authentication script/module is in place (via --auth-user-pass-verify, --management-client-auth, or a plugin module). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3461 e7ae566f-a301-0410-adde-c780ea21d3b5
* Copyright notice changed to reflect change in name ofjames2008-10-061-2/+2
| | | | | | | Telethra to OpenVPN Technologies. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3409 e7ae566f-a301-0410-adde-c780ea21d3b5
* Management interface can now listen on a unixjames2008-09-301-4/+46
| | | | | | | | | | | | | domain socket, for example: management /tmp/openvpn unix Also added management-client-user and management-client-group directives to control which processes are allowed to connect to the socket. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3396 e7ae566f-a301-0410-adde-c780ea21d3b5
* Fixed --lladdr bug introduced in 2.1-rc9 where input validation codejames2008-09-191-2/+2
| | | | | | | | was incorrectly expecting the lladdr parameter to be an IP address when it is actually a MAC address (HoverHell). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3339 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added --allow-pull-fqdn option which allows client to pull DNS namesjames2008-09-041-12/+20
| | | | | | | | | | | from server (rather than only IP address) for --ifconfig, --route, and --route-gateway. OpenVPN versions 2.1_rc7 and earlier allowed DNS names for these options to be pulled and translated to IP addresses by default. Now --allow-pull-fqdn will be explicitly required on the client to enable DNS-name-to-IP-address translation of pulled options. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3307 e7ae566f-a301-0410-adde-c780ea21d3b5
* Fixed build issue with ./configure --disable-socks --disable-http.james2008-08-101-1/+1
| | | | | | | | | | Fixed separate compile errors in options.c and ntlm.c that occur on strict C compilers (such as old versions of gcc) that require that C variable declarations occur at the start of a {} block, not in the middle. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3219 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added "--server-bridge" (without parameters) to enablejames2008-08-021-7/+20
| | | | | | | | | | | | | | | | | | | DHCP proxy mode: Configure server mode for ethernet bridging using a DHCP-proxy, where clients talk to the OpenVPN server-side DHCP server to receive their IP address allocation and DNS server addresses. Added "--route-gateway dhcp", to enable the extraction of the gateway address from a DHCP negotiation with the OpenVPN server-side LAN. Modified client.conf and server.conf to reflect new option modes. Incremented version to 2.1_rc9a. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3164 e7ae566f-a301-0410-adde-c780ea21d3b5
* Perform additional input validation on options pulledjames2008-07-261-21/+85
| | | | | | | by client from server. Fixes --iproute vulnerability. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3126 e7ae566f-a301-0410-adde-c780ea21d3b5
* Completely revamped the system for calling external programs and scripts:james2008-07-261-0/+19
| | | | | | | | | | | | | | | | | | | | | | * All external programs and scripts are now called by execve() on unix and CreateProcess on Windows. * The system() function is no longer used. * Argument lists for external programs and scripts are now built by the new argv_printf function which natively outputs to string arrays (i.e. char *argv[] lists), never truncates its output, and eliminates the security issues inherent in formatting and parsing command lines, and dealing with argument quoting. * The --script-security directive has been added to offer policy controls on OpenVPN's execution of external programs and scripts. Also added a new plugin example (openvpn/plugin/examples/log.c) that logs information to stdout for every plugin method called by OpenVPN. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3122 e7ae566f-a301-0410-adde-c780ea21d3b5
* Fixed format string issue in read_inline_file,james2008-07-181-1/+1
| | | | | | | used in the config file parser. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3078 e7ae566f-a301-0410-adde-c780ea21d3b5
* Copyright change OpenVPN Solutions LLC -> Telethra, Inc.james2008-07-141-2/+2
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3048 e7ae566f-a301-0410-adde-c780ea21d3b5
* Updated copyright notice to 2008.james2008-06-111-2/+2
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2995 e7ae566f-a301-0410-adde-c780ea21d3b5
* Merged connection profiles fromjames2008-06-111-314/+513
| | | | | | | http://svn.openvpn.net/projects/openvpn/test/conn git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2993 e7ae566f-a301-0410-adde-c780ea21d3b5
* Updated version to 2.1_rc7e.james2008-06-111-22/+39
| | | | | | | | | | | | | | | | | | | Added client authentication and packet filtering capability to management interface. Extended packet filtering capability to work on both --dev tun and --dev tap tunnels. Updated valgrind-suppress file. Made "Linux ip addr del failed" error nonfatal. Amplified --client-cert-not-required warning. Added #pragma pack to proto.h. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2991 e7ae566f-a301-0410-adde-c780ea21d3b5
* Incremented version to 2.1_rc7d.james2008-06-041-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Support asynchronous authentication by plugins by allowing OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY to return OPENVPN_PLUGIN_FUNC_DEFERRED. See comments in openvpn-plugin.h for documentation. Enabled by ENABLE_DEF_AUTH. Added a simple packet filter functionality that can be driven by a plugin. See comments in openvpn-plugin.h for documentation. Enabled by ENABLE_PF. See openvpn/plugin/defer/simple.c for examples of ENABLE_DEF_AUTH and ENABLE_PF. "TLS Error: local/remote TLS keys are out of sync" is no longer a fatal error for TCP-based sessions, since the error can arise normally in the course of deferred authentication. In a related change, allow packet-id sequence to begin at some number n > 0 for TCP sessions, rather than strictly requiring sequence to begin at 1. Added a test to configure.ac for LoadLibrary function on Windows. Modified "make dist" function to include all files from install-win32 so that ./domake-win can be run from a tarball-expanded directory. setenv and setenv-safe directives may now omit a value argument which defaults to "". git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2978 e7ae566f-a301-0410-adde-c780ea21d3b5
* Moved branch into official BETA21 position.james2008-05-121-11/+16
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2959 e7ae566f-a301-0410-adde-c780ea21d3b5
* Fixed pkcs11_private_mode undef.james2008-01-241-1/+1
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2664 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added --management-forget-disconnect option -- forgetjames2008-01-231-1/+10
| | | | | | | passwords when management session disconnects (Alon Bar-Lev). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2652 e7ae566f-a301-0410-adde-c780ea21d3b5
* Allow OpenVPN to run completely unprivileged under Linuxjames2008-01-211-0/+12
| | | | | | | | | | by allowing openvpn --mktun to be used with --user and --group to set the UID/GID of the tun device node. Also added --iproute option to allow an alternative command to be executed in place of the default iproute2 command (Alon Bar-Lev). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2639 e7ae566f-a301-0410-adde-c780ea21d3b5
* Use pkcs11-helper as external library, can be downloadedjames2007-10-221-91/+21
| | | | | | | from https://www.opensc-project.org/pkcs11-helper (Alon Bar-Lev). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2418 e7ae566f-a301-0410-adde-c780ea21d3b5
* Modified command line and config file parser to allowjames2007-10-221-1/+16
| | | | | | | quoted strings using single quotes ('') (Alon Bar-Lev). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2414 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added --management-signal option to signal SIGUSR1 when the managementjames2007-10-221-1/+8
| | | | | | | interface disconnects (Alon Bar-Lev). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2413 e7ae566f-a301-0410-adde-c780ea21d3b5
* TAP driver now passes signing tests on Vista x64.james2007-04-251-0/+3
| | | | | | | | | | Added new settings to settings.in to better control build process. Removed some unneeded JYFIXMEs from source code. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1874 e7ae566f-a301-0410-adde-c780ea21d3b5
* On Windows, revert to "ip-win32 dynamic" as the default.james2007-02-281-1/+1
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1749 e7ae566f-a301-0410-adde-c780ea21d3b5
* The Windows version will now use a default route-delayjames2007-02-271-1/+1
| | | | | | | | of 5 seconds to deal with an apparent routing table race condition on Vista. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1747 e7ae566f-a301-0410-adde-c780ea21d3b5
* Eliminated gcc 3.3.3 warnings on NetBSDjames2006-06-241-1/+1
| | | | | | | when ./configure --enable-strict is used. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1040 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added optional minimum-number-of-bytesjames2006-06-111-1/+4
| | | | | | | parameter to --inactive directive. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1036 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added --lladdr option to specify the link layer (MAC) addressjames2006-04-131-0/+11
| | | | | | | for the tap interface on non-Windows platforms (Roy Marples). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1012 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added --route-metric option to set a default route metricjames2006-04-131-0/+7
| | | | | | | for --route (Roy Marples). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1011 e7ae566f-a301-0410-adde-c780ea21d3b5
* I've recently worked on a better version of pkcs11-helper. I've also mergedjames2006-04-051-27/+43
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | it into QCA (Qt Cryptographic Architecture), so that KDE 4 will finally be able to use smartcards. The changes allows the following features: 1. Thread safe, is activated if USE_PTHREAD. 2. Slot event - Will allow us in the future to disconnect VPN when smartcard is removed. In order to support this OpenVPN must support threading... At least SIGUSR1 from a different thread. Threading should be supported in both Windows and Linux. -- currently disabled. When I talk about threading support it is just support in configuration script and that the method that SIGUSR1 self can be called from a different thread. I already handle the monitor threads. 3. Certificate enumeration - Will allow us to finally have one configuration file for all users! When you add the plugin GUI stuff you talked about, we will be able to display a list of available certificates for the user to select. -- currently disabled. 4. Data object manipulation - Will allow us to store tls-auth on the smartcard as well. -- currently disabled. 5. Many other minor improvements. Alon Bar-Lev git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@990 e7ae566f-a301-0410-adde-c780ea21d3b5
generated by cgit (git 2.34.1) at 2024-06-07 09:56:23 +0000