| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
address
- socket.[ch]: add link_socket_current_remote_ipv6() helper to extract
current address of remote VPN server (if IPv6, NULL otherwise), IPv6
equivalent to link_socket_current_remote()
- init.c: pass remote VPN server address to init_route_ipv6_list()
(link_socket_current_remote_ipv6())
- route.h: add route_ipv6_gateway_info to route_ipv6_list, and reorder
structures so that this actually compiles. Add iface/adapter_index
to struct route_ipv6 (for non-tun/tap routes).
- route.[ch]: add "const" to *dest argument to get_default_gateway_ipv6()
- route.c: add route_ipv6_match_host() helper to check whether an IPv6
address is matched by a given "route_ipv6" IPv6 route)
- route.c: init_route_ipv6_list()
- call get_default_gateway_ipv6()
- check to-be-installed IPv6 routes against VPN server address (if IPv6)
- if an overlap is seen, add a host route for the VPN server address
via the just-discovered gateway to the list of IPv6 routes to be
installed (rl6->routes_ipv6)
- warn if overlap is detected but platform code has not been able to
discover IPv6 default gateway
- route.c: add_route_ipv6() / delete_route_ipv6(): set "device" to
"external default gateway interface" (r6->iface) instead of TUN/TAP
device (if set), which nicely enables arbitrary gateway/interface
combinations for Linux
- ssl.c: add "IV_RGI6=1" to push-peer-info data to let server know we can
handle pushed IPv6 routes that overlap with server IPv6 address
- tun.c: when adding/removing on-link routes, CLEAR(r6) first to
ensure new struct route_ipv6 members are cleared
Tested on Linux with iproute2 and /bin/route, on eth and tun routes.
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1441985627-14822-7-git-send-email-gert@greenie.muc.de>
URL: http://article.gmane.org/gmane.network.openvpn.devel/10089
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
adjust "struct route_ipv6" (and all users) to reflect changes
to "struct route_ipv4" done in commit 7fb0e07e, namely:
- new member "r6->flags"
- "r6->defined" becomes "r6->flags & RT_DEFINED"
- "r6->metric_defined" becomes "r6->flags & RT_METRIC_DEFINED"
- route addition status is stored in "r6->flags & RT_ADDED"
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1441985627-14822-2-git-send-email-gert@greenie.muc.de>
URL: http://article.gmane.org/gmane.network.openvpn.devel/10083
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When a linux tun interface is closed (e.g. on disconnect)
an optional ipv6 addr that was previously set is deleted now.
Without this patch a later reconnect could fail with
'Linux ip -6 addr add failed: external program exited with error status: 2'
and openvpn would exit.
This is mainly relevant for persistant tun devices (staying around
after openvpn exits) but can also happen at reconnect.
If addresses are *supposed* to stay around on openvpn exit, run
openvpn with --ifconfig-noexec and configure IPv4/IPv6 addresses
manually before openvpn starts (or using an --up script).
Trac #141
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1435248080-12670-1-git-send-email-Holger.Kummert@Sophos.com>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9810
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For "topology subnet", we only pretend to have a subnet and keep
using the tun if in point-to-point mode - but for that to fully
work, the "remote" address needs to be different from the "local"
address. So just arbitrarily construct one from the on-link
subnet - base+1, if "that is not us", base+2, otherwise.
Fix trac #481
See also: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=194745
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Tested-By: Anton Sayetsky <vsasjason@gmail.com>
Lazy-ACK-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1430071438-31675-1-git-send-email-gert@greenie.muc.de>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9606
|
|
|
|
|
|
|
|
|
|
|
|
| |
"make check" self-test was broken after commit db950be85d37 due to
do_ifconfig_setenv() not checking whether tt->did_ifconfig_setup
was set (which isn't, for "dev null" type setups)
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Steffan Karger <steffan@karger.me>
Message-Id: <1432404098-29401-1-git-send-email-gert@greenie.muc.de>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9718
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
here's my patch for bug #93: missing ifconfig_* env vars after
up-restart. Tested with both IPv4, IPv6, topology subnet and topology net30
Document differences between --up-restart and --up in openvpn.8
See trac #93 and the discussion starting with <555BF270.3090706@nikhef.nl>
on the openvpn-devel mailing list.
fix trac #93
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <555BF270.3090706@nikhef.nl>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9705
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes compilation error on linux with musl libc because of
conflicting ethhdr declarations in <netinet/if_ether.h> and
<linux/if_ether.h> which is included from <linux/if_tun.h>
Signed-off-by: Felix Janda <felix.janda@posteo.de>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <20150516134604.GA2302@euler>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9690
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
|
|
| |
The previous Linux/iproute2 code converted binary netmasks to string
representation (print_in_addr_t()), just to immediately scanf() it back
to binary to count bits. netmask_to_netbits2() directly works on the
in_addr_t.
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <1419713983-16272-1-git-send-email-gert@greenie.muc.de>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9360
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
AIX is special... ifconfig only works if it can add the data to
the ODM right away, so setup a local enviromnment set that has
"ODMDIR=/etc/objrepos" in it (hard-coded, nobody changes that).
Only --dev tap or --dev tapNN are supported right now. AIX has no
tun driver (so tun mode would need to dynamically add/remove ethernet
headers to/from AIX).
Signed-off-by: Gert Doering <gd@medat.de>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1402409073-54067216-3-git-send-email-gert@greenie.muc.de>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8788
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use "store=active" for IPv6 address and route deletion - seems to be
required on Windows 8 and up, and not doing it will break OpenVPN
reconnection (old addresses are not properly deleted, thus address can
not be configured on connect).
Reported-by: Cedric <cedric+openvpn@bgtn.net>
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Cedric Tabary <cedric+openvpn@bgtn.net>
Message-Id: <20140413170648.GU16637@greenie.muc.de>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8499
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In Android 4.4 it is not possible to open a new tun device and then close
the old tun device without breaking the whole VPNService stack until the
device is rebooted.
Add new management method to ask the UI what method should be taken to
ensure the optimal solution for the situation. Then do open-before-close
or close-before-open inside open_tun() as requested.
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1395407925-25518-4-git-send-email-arne@rfc2549.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8373
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
|
|
| |
To fix trac #340, we need to rename our "struct route" to avoid a
collision with "struct route" from <net/route.h> on *BSD.
No functional changes.
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1389650074-18455-1-git-send-email-gert@greenie.muc.de>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8231
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch contains a number of changes. I did not further spit this since some changes make only sense being changed together.
Always use connection_list, simplifies the reconnection logic.
Change meaning of --connect-retry-max and --connect-retry to be used
all connections. This now allows OpenVPN to quit after n unsuccessful
udp connection attempts
Remove the tcp reconnection logic. Failing a TCP connection will now
cause a USR1 like a UDP connection. Also extend sig->source from bool to
int to specify signal source. This allows a finer grained reconnection
logic if necessary in the future.
Dual-Stack support: if an address resolves to multiple records each
address is tried in sequential order. Then proceed to next connection
entry. Introduce the field current_remote to represent the current
connecting remote. Also change some fields to struct addrinfo* form
openvn_addr to store multiple addresses needed for the dual stack support.
Change meaning from udp and tcp to allow both IPv4 and IPv6. Introducue
new udp4 and tcp4 to force IPv4.
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1385382680-5912-6-git-send-email-arne@rfc2549.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8058
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Message-ID: <20131129194258.GL161@greenie.muc.de>
Acked-by: Arne Schwabe <arne@rfc2549.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8071
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Warning: this is work in progress, preparing for the full dual-stack
client patch. With this commit in place, connecting via "--proto udp" or
"--proto tcp-client" to a host that has IPv4+IPv6 in place, on an OS that
will prefer IPv6 to IPv4 will always fail. The remote_list will have IPv6
in it's first entry, while the socket will try to do AF_INET, and that
will not work. This will be fixed by the upcoming change to handle
multiple remote IP addresses (as returned by getaddrinfo()) as multiple
<connection> blocks, with appropriate retry and AF selection logic.
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1385382680-5912-4-git-send-email-arne@rfc2549.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8053
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently the TAP adapter name is fetched as an OEM string, which
is problematic if it contains non-ASCII characters and is to used
with netsh. The logfile also contains these non UTF-8 characters.
This patch fetches the name from the registry as UCS-2 and converts
it right into UTF-8 before it's used.
Signed-off-by: Heiko Hund <heiko.hund@sophos.com>
Acked-by: Josh Cepek <josh.cepek@usa.net>
Message-Id: <1381829022-15244-1-git-send-email-heiko.hund@sophos.com>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7913
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Starting with the 2.3-series, the TAP-Windows driver/utilities and
OpenVPN are separately installed components. The error message given to
users without available TAP devices uses the pre-2.3 path that does not
exist. The path should be listed under the TAP-Windows program group
that the tap-windows project installer uses.
Resolves bug #320
Signed-off-by: Josh Cepek <josh.cepek@usa.net>
Acked-by: David Sommerseth <dazo@users.sourceforge.net>
Message-Id: <kv4ece$s8s$1@ger.gmane.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7825
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Mac OS X 10.7+ natively supports tun devices (called utun). The "standard"
utun.ko driver is sometimes problematic (e.g. VmWare Fusion 5 and tun.ko
do not work together).
When OpenVPN is compiled with utun support it will if no dev-node is given
first try to use utun and if that is not available will try the
traditional tun devices
v2: Fixed tap support, get device name via ioctl, add manage
v3.1: Fix compiling without if/utun.h, fix manage errors
v4/v5: Don't try open to dynamically open utun0 -255 when early utun
initialization fails, fix fallback to tun, give fatal error message when
utun fails but no tun fallback should be done
v6: add commit message change log, replace strstr with strncmp, move
v7: Throw error if a user does the strange combination of --dev tun
--dev-type tap and --dev-node utun
A lot good input on earlier patches by Jonathan K. Bullard
<jkbullard@gmail.com>
Parts of the patches are inspired from Peter Sagerson's
<psagers@ignorare.net> utun patch
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Tested-by: Jonathan K. Bullard <jkbullard@gmail.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1371811708-8528-1-git-send-email-arne@rfc2549.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7739
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On Android 4.0 (TARGET_ANDROID) the real opening of the tun is handled by
the (Java) application controlling OpenVPN. Instead of calling
ifconfig/route call the management to do the work. When running openvpn as
root openvpn should be compiled as TARGET_LINUX
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1367350151-23089-1-git-send-email-arne@rfc2549.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7570
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
| |
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1363032651-23934-4-git-send-email-arne@rfc2549.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7388
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
| |
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1363032651-23934-3-git-send-email-arne@rfc2549.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7389
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We used to call "ifconfig tun0 inet6 add...". The "inet6" part is
optional,
and not understood by busybox. So now we call "ifconfig tun0 add ...",
which works on all supported Linux variants.
Tested on Gentoo, RHEL5+, Debian Lenny & up.
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: David Sommerseth <davids@redhat.com>
Message-Id: 1347364615-26878-1-git-send-email-gert@greenie.muc.de
URL: http://article.gmane.org/gmane.network.openvpn.devel/7052
Signed-off-by: David Sommerseth <davids@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This amends commit 62c613d46dc49 to check whether a named tun/tap
device ("--dev tunX" instead of "--dev tun") exists before OpenVPN
started - if yes, keep around at program end. If no, destroy.
Also has a spelling fix, and changes clear_tuntap() to be "static"
(only ever called from within tun.c).
Tested on FreeBSD 7.4, FreeBSD 9.0, NetBSD 5.1, OpenBSD 4.9
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Eric Crist <ecrist@secure-computing.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
for this OS" for MacOS X (because it *is*).
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: David Sommerseth <davids@redhat.com>
Message-Id: 1339342891-28443-4-git-send-email-gert@greenie.muc.de
URL: http://article.gmane.org/gmane.network.openvpn.devel/6716
Signed-off-by: David Sommerseth <davids@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
"no metric set" is now stored as "-1"
"metric 0" means "on-link route" (what the BSDs do)
properly initialize metric value to "0" for on-link IPv6 net on BSDs
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: David Sommerseth <davids@redhat.com>
Message-Id: 1339342891-28443-2-git-send-email-gert@greenie.muc.de
URL: http://article.gmane.org/gmane.network.openvpn.devel/6710
Signed-off-by: David Sommerseth <davids@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Without this patch, Solaris will do "--dev tun3" just fine, but "--dev tun"
will either use "tun0" if that is available, or fail. With the patch, the
first available device is searched if "--dev tun" or "--dev tap" (without
a number) is specified.
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: David Sommerseth <davids@redhat.com>
Message-Id: 20120607174638.GW1059@greenie.muc.de
URL: http://article.gmane.org/gmane.network.openvpn.devel/6705
Signed-off-by: David Sommerseth <davids@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These days it is highly unlikely that OpenVPN will be built in a non-IPv6
capable Linux environment. So remove compile-time related macros identifying
that.
This also solves an issue which was introduced in commit 51bd56f46f55177cf0f8b
where HAVE_TUN_PI is no longer detected. The tun_pi struct is defined in
linux/if_tun.h, which will be checked for later on. As this struct has history
in linux/if_tun.h all back to the beginning of the kernel git tree (2.6.12-rc2,
April 2005), it is considered not needed to check for this struct explicit.
[ v2: Commit 7c0a2b5f2b4409 modifies some of the checks this patch touches. This
patch just adopts to those changes ]
Signed-off-by: David Sommerseth <davids@redhat.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Alon Bar-Lev <alon.barlev@gmail.com>
Message-Id: 1335521425-23391-1-git-send-email-davids@redhat.com
URL: http://article.gmane.org/gmane.network.openvpn.devel/6351
|
|
|
|
|
|
|
|
|
| |
Do not rely on system symbol throught sources
but on autoconf detection.
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use the following constants:
- METRIC_NOT_USED
- TUN_ADAPTER_INDEX_INVALID
Modified: Use MAXDWORD for route loop.
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
|
|
|
|
|
|
|
|
| |
Use IPV4_NETMASK_HOST constant.
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
|
|
|
|
|
|
|
|
|
| |
+ Some fixups within the platform.c functions.
- need to check environment set on Windows.
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Yet another step in reducing the syshead.h content.
Conditional compilation of sources needs to be based on
a minimum program prefix (config.h only).
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
|
|
|
|
|
|
| |
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
Acked-by: Samuli Seppänen <samuli@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
|
|
Suitable for mature project.
root - administrative stuff
doc - documents
src - sources
tests - tests
distro - distro specific files
sample - samples
SIDE EFFECT: many changes to rpm spec.
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
Acked-by: Adriaan de Jong <dejong@fox-it.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
|