| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
| |
used in
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1366059999-31731-1-git-send-email-arne@rfc2549.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7511
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
| |
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: David Sommerseth <davids@redhat.com>
Message-Id: 1368873781-29552-1-git-send-email-gert@greenie.muc.de
URL: http://article.gmane.org/gmane.network.openvpn.devel/7598
Signed-off-by: David Sommerseth <davids@redhat.com>
|
|
|
|
|
|
|
|
| |
Signed-off-by: Tamas TEVESZ <ice@extreme.hu>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: alpine.GSO.2.03.1306080732510.23277@extreme.hu
URL: http://article.gmane.org/gmane.network.openvpn.devel/7667
Signed-off-by: David Sommerseth <davids@redhat.com>
|
|
|
|
|
|
|
|
| |
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Message-Id: 51B1DBEF.1090705@fox-it.com
URL: http://article.gmane.org/gmane.network.openvpn.devel/7664
Signed-off-by: David Sommerseth <davids@redhat.com>
|
|
|
|
|
|
|
|
| |
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1370013992-18592-1-git-send-email-arne@rfc2549.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7647
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
| |
At the moment script are only checked if P2MP_SERVER is defined. For
CLIENT_ONLY openvpn script were never checked.
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1369947737-26081-1-git-send-email-arne@rfc2549.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7635
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
| |
This also fixes commit 567bfc06d051b60e9cdca1f5bb468631b899682a if not all
script options are available by setting options->user_script_used
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1369945603-17169-1-git-send-email-arne@rfc2549.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7634
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
|
| |
(Fix check introduced by commit a8be73799be1639, testing with #ifdef
instead of #if - P2MP_SERVER is always defined, and can be "0" or "1")
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1369949680-9499-1-git-send-email-arne@rfc2549.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7637
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
| |
Very simple fix.
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <0LzcMG-1ULZ4T0Fuc-014gq9@mail.gmx.com>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7628
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
| |
script-security system.
Acked-by: Jan Just Keijser <janjust@nikhef.nl>
Message-Id: <1369920428-11350-1-git-send-email-arne@rfc2549.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7625
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In link_socket_write_udp_posix_sendmsg(), pktinfo structures for ipv4 and
ipv6 are going out of scope before actually calling sendmsg(), so depending
on compiler optimization, garbage is passed to sendmsg() - fix by using
"union openvpn_pktinfo" and having that in scope all the time.
Problem reported and patch provided by "danta" in trac#297
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Arne Schwabe <arne@rfc2549.org>
URL: https://community.openvpn.net/openvpn/ticket/297
Message-ID: <20130530184427.GP20843@greenie.muc.de>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7629
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Without this patch, peer-info pushed by clients in the TLS handshake
is only visible on the management interface, and only if
--management-client-auth is enabled.
With this patch, received records are sanitized and put into the normal
"multi instance" environment, where it can be evaluated by --client-connect
or --auth-user-pass-verify scripts and plugins, etc. Only records matching
a fairly strict "name=value" format are accepted, and only names starting
with IV_ or UV_ are exported, to avoid clients sending funny stuff and
playing havoc with script/plugin environments on the server. In the
"value" part, spaces, non-printable characters and shell metacharacters
are replaced by '_'.
The change is somewhat invasive as reception of the peer_info string was
only done when username+password are expected from the client, but the
data is always there (if the client sends no username/password, it will
send 0-length strings, so always extracting 3 strings is safe). Also,
the sanitation function validate_peer_info_line() and the opts->peer_info
field were only compiled in #ifdef MANGEMENT_DEF_AUTH...
Patch v3: do not call the old man_output_peer_info_env() anymore, unless
a management env-filter has been set (= ensure IV_ and UV_ stuff is sent
at most *once*, and exactly the way OpenVPN AS expects it). Add
substituting of "bad" characters in the environment values.
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1367757373-31637-1-git-send-email-gert@greenie.muc.de>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7582
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On the client, allow certain peer info fields to be pushed even if
push-peer-info isn't specified in the config.
This is needed to allow the compression handshake to work correctly
(i.e. where the client indicates its support for LZO and/or Snappy).
Fields that have privacy implications such as Mac Address and UV_*
environment variables will not be pushed to the server as before unless
push-peer-info is specified by client config.
v1: equivalent to OpenVPN SVN r8225 (2.1.21c)
v2: distinguish 3 levels of peer-info detail
--push-peer-info specified --> send all we have
--pull specified --> send basic set, as per r8225
default --> send nothing (do not leak from server)
v3: undo extra whitespace changes in v1 and v2
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1369044801-7594-1-git-send-email-gert@greenie.muc.de>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7604
|
|
|
|
|
|
|
|
| |
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <519F5ED0.4070109@nikhef.nl>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7605
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The new compression framework introduced by SVN r8206 only works for
a P2MP server if the compression settings are re-installed for each
client via management interface, ccd/ file or client-connect script,
but the "global" settings get lost due to (needlessly) clearing the
c2.comp_context in the per-client instance. Fixed. (also trac#273)
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1366393268-27392-6-git-send-email-gert@greenie.muc.de>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7529
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Added support for the Snappy compression algorithm which has shown to
have considerably better compression speed than LZO at a comparable
compression ratio.
To enable Snappy add:
compress snappy
to both client and server config files.
Alternatively, enable compression framing on the client:
compress
and have the server selectively push "compress snappy" to the client.
This change also extends the client capability handshake to include
IV_SNAPPY so the server can be aware that a connecting client supports
Snappy.
Note that the Snappy implementation also includes an improved framing
approach where the first byte of the compressed payload is replaced by
the compression control byte (the first payload byte is moved to the end
of the packet). This solves off-by-one alignment issues, which improves
performance on ARM.
By default, the configure script will try to build with Snappy support.
To disable, use the --disable-snappy option.
The --enable-lzo-stub configure directive is now --enable-comp-stub
(because it's not actually "lzo" but "compression-enabled packet framing")
Add compression overhead to extra buffer unconditionally, as long
as USE_COMP is defined.
OpenVPN SVN r8206 (2.1.21a) and r8212 (2.1.21b)
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1366393268-27392-3-git-send-email-gert@greenie.muc.de>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7531
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Console applications under Windows, such as batch scripts, require the
CREATE_NO_WINDOW process flag when run without an actual console window
present. This change allows such scripts to execute and impact the hook
status by way of their return code.
Fixes bug #240.
Signed-off-by: Josh Cepek <josh.cepek@usa.net>
Acked-by: Heiko Hund <heiko.hund@sophos.com>
Message-Id: <kn2pao$5sv$1@ger.gmane.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7594
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add ASSERT() check to route_list_add_vpn_gateway() to ensure that *rl
is valid (and if not, crash with a somewhat more meaningful message than
"segmentation violation"). For the actual bugfix, change init code to
always allocate a "struct route_list" for IPv4, even if no --route options
have been seen in the config.
Fix trac#281 and trac#258.
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Josh Cepek <josh.cepek@usa.net>
Message-Id: <1367608404-2257-1-git-send-email-gert@greenie.muc.de>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7581
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reverts commit 15ca5c297b556fbb, instead change ssl_openssl.c to use
"constrain_int()", which already exists in "integer.h".
Using this instead of min_int() ensures that the result is always bounded
to 0...256 even in the case of a potential MAX_INT overflow.
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: David Sommerseth <davids@redhat.com>
Message-Id: 1367826941-22412-1-git-send-email-gert@greenie.muc.de
URL: http://article.gmane.org/gmane.network.openvpn.devel/7586
Signed-off-by: David Sommerseth <davids@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
This fixes an issue where a segfault happens in pf_cn_test() if no
packet filtering rules have been parsed. See the trac ticket for
more details.
Trac: 163
Signed-off-by: David Sommerseth <davids@redhat.com>
Acked-by: David Sommerseth <davids@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fix adds support for using tcp6 as a proto in server or non-P2MP
modes, resolving a failed ASSERT in such cases.
Fixes the crash in trac#288.
Signed-off-by: Josh Cepek <josh.cepek@usa.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <klul5d$8ta$1@ger.gmane.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7578
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
|
|
| |
On Android changing the configuration of tun is not possible. So instead
of reconfiguring the tun device, open a new tun device and close the old
one if needed.
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1367006372-14815-1-git-send-email-arne@rfc2549.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7558
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On Android 4.0 (TARGET_ANDROID) the real opening of the tun is handled by
the (Java) application controlling OpenVPN. Instead of calling
ifconfig/route call the management to do the work. When running openvpn as
root openvpn should be compiled as TARGET_LINUX
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1367350151-23089-1-git-send-email-arne@rfc2549.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7570
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Used for communicating with the Java side on Android to send
to-be-protected socket fd, and to receive tun fd.
For now under #ifdef ANDROID
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1367006045-13576-2-git-send-email-arne@rfc2549.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7557
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
| |
opening tun
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1367159559-22947-1-git-send-email-arne@rfc2549.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7564
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This removes the single 'git revision' line from the --version screen and
moves this information on the top, together with the OpenVPN version.
In addition this patch adds two git flags after the git committish. If
there exists changed but unstaged files when the build was done, a '+' is
appended after the committish. If there exists staged files (files which
have been added with 'git add') a '*' will be appended. These flags are
not exclusive.
This also simplifies the config-version.h generation by not using
sed parsing a template. It's just two lines which are generated, so
no need to complicate things more than needed.
Signed-off-by: David Sommerseth <davids@redhat.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: 1366375212-14886-1-git-send-email-dazo@users.sourceforge.net
URL: http://article.gmane.org/gmane.network.openvpn.devel/7522
|
|
|
|
|
|
|
|
| |
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <516BCEA2.6000608@fox-it.com>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7509
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
|
| |
Add extra column to management queries for "status 2" or "status 3"
after "Virtual Address", empty if no IPv6 address assigned to this
client (or IPv6 not active at all).
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <20130411150918.GW569@greenie.muc.de>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7503
|
|
|
|
|
|
|
|
|
|
|
|
| |
print an empty string.
Also use %lu instead of %u for printing unsigned long int
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1365687278-3921-1-git-send-email-arne@rfc2549.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7498
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This add adds CID which is needed by a few other management commands to
the status output. This will change the output of status in the same way
commit ca18a638aa7cf316611f893127ba44131e57083c did.
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1346422753-19520-1-git-send-email-arne@rfc2549.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7021
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
| |
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1CED409804E2164C8104F9E623B08B9013BC28A538@FOXDFT02.FOX.local>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7480
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This basically brings back the previously-working metric setting for
directly connected routes (add a "0" to the "route add" command) on
Solaris/OpenSolaris. It was working in f0eac1a59790, and got broken
by the route.c/route.h refactoring in 576dc96ca1ef1 - the patch
un-does that change to the TARGET_SOLARIS code, plus adds some more
descriptive comments.
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Josh Cepek <josh.cepek@usa.net>
Message-Id: <1364314175-20758-1-git-send-email-gert@greenie.muc.de>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7460
|
|
|
|
|
|
|
|
|
|
|
| |
commit 3b23b18dddb8f8f4a introduced usage of MIN(), and not all platforms
have the macro in "readily usable" system header files, most notably it's
missing on OpenSolaris and Android. Add macro if not defined yet.
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <20130323112234.GM17727@greenie.muc.de>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7450
|
|
|
|
|
|
|
|
|
|
|
|
| |
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Notes:
This issue has been assigned to CVE-2013-2061
URL: http://www.openwall.com/lists/oss-security/2013/05/06/6
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2061
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Added translation table and functions to translate between TLS OpenSSL
and IANA (IETF) cipher suite names. The previously used OpenSSL names
are still accepted, but a deprecation warning is issued.
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1363942465-3251-6-git-send-email-steffan.karger@fox-it.com>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7439
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Added translate_cipher name to crypto_openssl.c and crypto_polarssl.c
to translate between OpenVPN(/OpenSSL) and PolarSSL data channel
cipher algorithm names. OpenSSL does not require any translating,
PolarSSL does for a small number of algorithms. This improves on
config file compatibility between the OpenSSL and PolarSSL builds.
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1363942465-3251-5-git-send-email-steffan.karger@fox-it.com>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7435
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Print the *flags argument, which - for PolarSSL-1.2 - contains the reasons
that the certificate failed (pre-)verification.
Signed-off-by: Joachim Schipper <joachim.schipper@fox-it.com>
Acked-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1363942465-3251-4-git-send-email-steffan.karger@fox-it.com>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7437
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of logging the fact that an error occured, log the error code and
description (when available in the PolarSSL build).
Signed-off-by: Joachim Schipper <joachim.schipper@fox-it.com>
Acked-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1363942465-3251-3-git-send-email-steffan.karger@fox-it.com>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7440
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add support for PolarSSL-1.2, which has changed the API in several places.
This is a minimal port, new features have not been enabled. Only PolarSSL
1.2.5 and newer are accepted, as earlier versions contain unresolved
(security) issues.
Signed-off-by: Joachim Schipper <joachim.schipper@fox-it.com>
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Adriaan de Jong <dejong@fox-it.com>
Message-Id: <1363942465-3251-2-git-send-email-steffan.karger@fox-it.com>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7436
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On 3/20/2013 11:42, Arne Schwabe wrote:
> ACK. But I would change "debug verb" to "debug verbosity" and I think
> there should be no comma before "but"
This text change makes sense: I've adjusted it to read "NOTE: debug
verbosity..." and saved another byte removing the comma.
Updated patch attached.
--
Josh
>From d41a0237220f2fea6647a508a2ab07263e0f160b Mon Sep 17 00:00:00 2001
From: Josh Cepek <josh.cepek@usa.net>
Date: Tue, 19 Mar 2013 22:52:12 -0500
Subject: [PATCH] Warn when using verb levels >=7 without debug
This patch adds a log warning when using --verb levels at 7 or higher
when running on builds lacking debug support. Since official builds are
now built with enable_debug=no, this warning will help developers
identify why expected debug messages may not be present in log output.
The test and message output code is omitted when built with
enable_debug=yes or enable_small=yes.
Signed-off-by: Josh Cepek <josh.cepek@usa.net>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <kicup2$gfv$1@ger.gmane.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7425
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When built with enable_debug=no, the parameter output expected at --verb
4 is not printed due to use of #ifdef ENABLE_DEBUG in the responsible
code sections. This appears to be a mistake when looking at the
configure help text for enable_small and enable_debug.
This change keys the relevant code off of enable_small instead,
including the parameter listing when enale_small=no (the
configure-script default.) Most of this code is in options.c, with some
callers present in plugin.c/h and route.c/h. No function code is
changed, just the #ifdef values to use the small feature instead of
debug.
This means builds no longer need enable_debug=yes in order to get the
expected log output at verb 4.
Signed-off-by: Josh Cepek <josh.cepek@usa.net>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <437RBuq1U8032S07.1361465626@web07.cms.usa.net>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7361
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
| |
(Leftover check from the early days where --server-ipv6 also only
accepted /64 - nowadays we handle smaller pools just fine)
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <20130120185030.GR22465@greenie.muc.de>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7269
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Return value of mbuf_len() wrong - it's returning a length value, not
a yes/no value - so when the queue length approached 65 (full!), it
still only returned "1", leading to MBUF overflow later on. Change
from "bool" to "unsigned int", misbehaviour gone...
This fixes OpenVPN trac ticket #263.
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Peter Caprioli <petercap@kth.se>
Message-Id: <20130312100706.GN953@greenie.muc.de>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7396
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
| |
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1363032651-23934-4-git-send-email-arne@rfc2549.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7388
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
| |
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1363032651-23934-3-git-send-email-arne@rfc2549.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7389
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
| |
The function name xor is also a reserved keyword in C++
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1363032651-23934-1-git-send-email-arne@rfc2549.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7390
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add the option --verify-x509-name to provide the functionality
of the now deprecated --tls-remote.
The new option accepts RFC 2253 subject DNs only and compares
RDN or RDN prefix only if configured explicitly.
Signed-off-by: Heiko Hund <heiko.hund@sophos.com>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: 1362670601-18660-1-git-send-email-heiko.hund@sophos.com
URL: http://article.gmane.org/gmane.network.openvpn.devel/7376
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In openvpn 2.3.0 the semantics of the --tls-remote option changed.
That broke more configurations than anticipated. To not break
configurations that use --tls-remote with a legacy OpenSSL style DN
anymore, it is now detected when such a DN is configured. When
necessary the --compat-names option is then automatically enabled.
Signed-off-by: Heiko Hund <heiko.hund@sophos.com>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: 1361526263-1740-3-git-send-email-heiko.hund@sophos.com
URL: http://article.gmane.org/gmane.network.openvpn.devel/7366
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
|
| |
The option is just an alias for --compat-names no-remapping and is
introduced so pre-2.3 server configurations don't break.
Signed-off-by: Heiko Hund <heiko.hund@sophos.com>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: 1361526263-1740-2-git-send-email-heiko.hund@sophos.com
URL: http://article.gmane.org/gmane.network.openvpn.devel/7364
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The problem is located in the file proxy.c within
"establish_http_proxy_passthru": To keep buffers small long
base64-encoded NTLM-Strings are truncated.
But the truncating is done on a wrong place: base 64 strings can be
cut every 4 chars. the buffer is 128 bytes - including the terminating
\0, so the usable data is only 127 bytes. And decoding a 127 char
base64 string fails... this is why the ntlm authentication fails in
certain cases (long strings)...
Acked-by: Joerg Willmann <joe@clnt.de>
URL: https://community.openvpn.net/openvpn/ticket/172
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|