summaryrefslogtreecommitdiffstats
path: root/push.c
Commit message (Collapse)AuthorAgeFilesLines
* Implement IPv6 interface config with non-/64 prefix lengths.Gert Doering2012-02-041-4/+2
| | | | | | | | | | | | | | | | | | | | | Add "ifconfig_ipv6_netbits_parm" parameter to init_tun(), use that to initialize tt->netbits_ipv6 (previously: always /64). Actual interface setup code already used tt->netbits_ipv6, so no changes needed there. Remove restrictions on "/netbits" value for --server-ipv6 config option (can now be /64.../112, previously had to be exactly /64). Supporting even smaller networks could cause problems with ipv6-pool handling and are only allowed for explicit "ifconfig-ipv6", not for "server-ipv6". Add /netbits to pushed "ifconfig-ipv6" values on server side (client side always accepted this, but ignored it so far, so this does not break compatibility). Tested on Linux/ifconfig, Linux/iproute2 and FreeBSD 7.4 Signed-off-by: Gert Doering <gert@greenie.muc.de> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
* Merge branch 'svn-branch-2.1' into mergeDavid Sommerseth2011-04-261-17/+80
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Pulling in changes from James' 2.1/openvpn branch in SVN. Conflicts: buffer.c init.c manage.h multi.c openvpn.8 options.c ssl.c version.m4 win/sign.py Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
| * Added 'dir' flag to "crl-verify" (see man page for info).James Yonan2011-04-261-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Don't call SSL_CTX_set_client_CA_list or SSL_CTX_set_client_CA_list if not running in server mode (these functions are only useful for TLS/SSL servers). Modified openvpn_snprintf to return false on overflow, and true otherwise. When AUTH_FAILED,... is received, log the full string. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7213 e7ae566f-a301-0410-adde-c780ea21d3b5
| * Added "auth-token" client directive, which is intended to beJames Yonan2011-04-261-3/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | pushed by server, and that is used to offer a temporary session token to clients that can be used in place of a password on subsequent credential challenges. This accomplishes the security benefit of preventing caching of the real password while offering most of the advantages of password caching, i.e. not forcing the user to re-enter credentials for every TLS renegotiation or network hiccup. auth-token does two things: 1. if password caching is enabled, the token replaces the previous password, and 2. if the management interface is active, the token is output to it: >PASSWORD:Auth-Token:<token> Also made a minor change to HALT/RESTART processing when password caching is enabled. When client receives a HALT or RESTART message, and if the message text contains a flags block (i.e. [FFF]:message), if flag 'P' (preserve auth) is present in flags, don't purge the Auth password. Otherwise do purge the Auth password. Version 2.1.3o git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7088 e7ae566f-a301-0410-adde-c780ea21d3b5
| * Client will now try to reconnect if no push reply receivedJames Yonan2011-04-261-1/+12
| | | | | | | | | | | | | | within handshake-window seconds. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7066 e7ae566f-a301-0410-adde-c780ea21d3b5
| * Extended "client-kill" management interface command (server-side)James Yonan2011-04-261-6/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | to accept an optional message string. The message string format is: RESTART|HALT,<human-readable-message> RESTART will tell the client to restart (i.e. SIGUSR1). HALT will tell the client to exit (i.e. SIGTERM). On the client, human-readable-message will be communicated via management interface: >NOTIFY,<severity>,<type>,<human-readable-message>" Version 2.1.3m git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7063 e7ae566f-a301-0410-adde-c780ea21d3b5
| * Fixed issue where a client might receive multiple push replies fromJames Yonan2011-04-261-2/+12
| | | | | | | | | | | | | | | | | | | | | | a server if it sent multiple push requests due to the server being slow to respond. This could cause the client to process pushed options twice, leading to duplicate pushed routes, among other issues. The fix, implemented server-side, is to reply only once to a push request even if multiple requests are received. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7060 e7ae566f-a301-0410-adde-c780ea21d3b5
| * Added "client-nat" option for stateless, one-to-oneJames Yonan2011-02-181-4/+11
| | | | | | | | | | | | | | | | | | NAT on the client side. Version 2.1.3i. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6944 e7ae566f-a301-0410-adde-c780ea21d3b5
* | Enable IPv6 Payload in OpenVPN p2mp tun server mode. 20100104-1 release.Gert Doering2011-04-241-0/+2
| | | | | | | | (cherry picked from commit ec9dce6387afd198881493bfebf13bb121e8a56b)
* | Enable IPv6 Payload in OpenVPN p2mp tun server mode. 20100104-1 release.Gert Doering2011-04-241-0/+16
| | | | | | | | (cherry picked from commit ec9dce6387afd198881493bfebf13bb121e8a56b)
* | Merge branch 'svn-BETA21' into beta2.2David Sommerseth2010-11-131-1/+11
|\| | | | | | | | | | | | | | | Conflicts: version.m4 - Reset version.m4 to a more neutral version number Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
| * Implement challenge/response authentication support in client mode,James Yonan2010-10-241-1/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | where credentials are entered from stdin. This capability is compiled when ENABLE_CLIENT_CR is defined in syshead.h (enabled by default). Challenge/response support was previously implemented for creds that are queried via the management interface. In this case, the challenge message will be returned as a custom client-reason-text string (see management-notes.txt for more info) on auth failure. Also, see the comments in misc.c above get_auth_challenge() for info on the OpenVPN challenge/response protocol. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6568 e7ae566f-a301-0410-adde-c780ea21d3b5
* | Fixed compiler warnings reported on Ubuntu 10.04David Sommerseth2010-10-211-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The warnings reported where: -------------------------------------------------------- misc.c:158: warning: ignoring return value of ‘nice’, declared with attribute warn_unused_result options.c:4033: warning: format not a string literal and no format arguments options.c:4043: warning: format not a string literal and no format arguments options.c:4053: warning: format not a string literal and no format arguments push.c:182: warning: format not a string literal and no format arguments push.c:199: warning: format not a string literal and no format arguments push.c:235: warning: format not a string literal and no format arguments status.c:171: warning: ignoring return value of ‘ftruncate’, declared with attribute warn_unused_result -------------------------------------------------------- Signed-off-by: David Sommerseth <dazo@users.sourceforge.net> Acked-by: Gert Doering <gert@greenie.muc.de> Acked-by: Peter Stuge <peter@stuge.se>
* | Fixed client hang when server don't PUSH (aka the NO_SOUP_FOR_YOU patch)David Sommerseth2010-10-211-0/+17
|/ | | | | | | | | | | | | | | | Solves bug ticket 13 <https://community.openvpn.net/openvpn/ticket/13> When the client sends PUSH_REQUESTS, it waits until the server sends PUSH_REPLY. If the server do not have anything to push to the client nothing happens. The client will then regularly send new PUSH_REQUESTS until it gets an answer, which results in not completing the connection negotiation. This patch makes the server send an empty PUSH_REPLY when it has nothing to more to push to the client. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net> Acked-by: James Yonan <james@openvpn.net>
* Implemented a key/value auth channel from client to server.James Yonan2010-06-011-3/+3
| | | | | | | Version 2.1.1i git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5668 e7ae566f-a301-0410-adde-c780ea21d3b5
* Updated copyright date to 2010.James Yonan2010-04-281-1/+1
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5599 e7ae566f-a301-0410-adde-c780ea21d3b5
* Modified ">PASSWORD:Verification Failed" management interfaceJames Yonan2010-03-121-2/+2
| | | | | | | | | notification to include a client reason string: >PASSWORD:Verification Failed: 'AUTH_TYPE' ['REASON_STRING'] git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5468 e7ae566f-a301-0410-adde-c780ea21d3b5
* Don't advance the connection list on AUTH_FAILED errors.james2010-01-161-0/+1
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5370 e7ae566f-a301-0410-adde-c780ea21d3b5
* client-kill management interface command, when issued on server, willjames2009-10-011-1/+27
| | | | | | | | | | | | now send a RESTART message to client. This feature is intended to make UDP clients respond the same as TCP clients in the case where the server issues a RESTART message in order to force the client to reconnect and pull a new options/route list. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5021 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added the ability for the server to provide a custom reason stringjames2009-09-291-4/+28
| | | | | | | | | | | | when an AUTH_FAILED message is returned to the client. This string can be set by the server-side managment interface and read by the client-side management interface. For more info, see management/management-notes.txt, and look for references to "client-reason-text". git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5012 e7ae566f-a301-0410-adde-c780ea21d3b5
* Eliminated the limitation on the number of options that can be pushedjames2009-09-271-65/+117
| | | | | | | | | | | | | to clients, including routes. Previously, all pushed options needed to fit within a 1024 byte options string. Remember that to make use of this feature to allow many routes to be pushed to clients, the client config file must specify the max-routes option, and the number of pushed routes cannot exceed this limit. Also, both server and client must include this commit. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4991 e7ae566f-a301-0410-adde-c780ea21d3b5
* Update copyright to 2009.james2009-05-301-1/+1
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4477 e7ae566f-a301-0410-adde-c780ea21d3b5
* Copyright notice changed to reflect change in name ofjames2008-10-061-1/+1
| | | | | | | Telethra to OpenVPN Technologies. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3409 e7ae566f-a301-0410-adde-c780ea21d3b5
* Copyright change OpenVPN Solutions LLC -> Telethra, Inc.james2008-07-141-1/+1
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3048 e7ae566f-a301-0410-adde-c780ea21d3b5
* Updated copyright notice to 2008.james2008-06-111-1/+1
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2995 e7ae566f-a301-0410-adde-c780ea21d3b5
* Support asynchronous/deferred authentication injames2008-05-241-4/+4
| | | | | | | | | | OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY plugin handler. See documentation in openvpn-plugin.h and example usage in plugin/defer/simple.c. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2969 e7ae566f-a301-0410-adde-c780ea21d3b5
* Moved branch into official BETA21 position.james2008-05-121-6/+0
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2959 e7ae566f-a301-0410-adde-c780ea21d3b5
* Removed annoying 'i' variable from add_option.james2005-11-091-0/+8
| | | | | | | | | | | | | | | | | | Allow plugin and push directives to have multiple parameters specified instead of only 1 quoted parameter. Allow plugin and push directives to have multi-line parameter lists, such as: <plugin> my-plugin.so parm1 parm2 </plugin> git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@785 e7ae566f-a301-0410-adde-c780ea21d3b5
* Renamed sample-keys/tmp-ca.crt to ca.crt.james2005-10-011-3/+3
| | | | | | | | | Fixed bug where remove_iroutes_from_push_route_list was missing routes if those routes had an implied netmask (by omission) of 255.255.255.255. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@587 e7ae566f-a301-0410-adde-c780ea21d3b5
* version 2.1_beta1james2005-09-261-1/+1
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@581 e7ae566f-a301-0410-adde-c780ea21d3b5
* This is the start of the BETA21 branch.james2005-09-261-0/+326
It includes the --topology feature, and TAP-Win32 driver changes to allow non-admin access. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@580 e7ae566f-a301-0410-adde-c780ea21d3b5
generated by cgit (git 2.34.1) at 2024-05-28 07:13:48 +0000