summaryrefslogtreecommitdiffstats
path: root/version.m4
Commit message (Collapse)AuthorAgeFilesLines
* Added "auth-token" client directive, which is intended to beJames Yonan2011-04-261-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | pushed by server, and that is used to offer a temporary session token to clients that can be used in place of a password on subsequent credential challenges. This accomplishes the security benefit of preventing caching of the real password while offering most of the advantages of password caching, i.e. not forcing the user to re-enter credentials for every TLS renegotiation or network hiccup. auth-token does two things: 1. if password caching is enabled, the token replaces the previous password, and 2. if the management interface is active, the token is output to it: >PASSWORD:Auth-Token:<token> Also made a minor change to HALT/RESTART processing when password caching is enabled. When client receives a HALT or RESTART message, and if the message text contains a flags block (i.e. [FFF]:message), if flag 'P' (preserve auth) is present in flags, don't purge the Auth password. Otherwise do purge the Auth password. Version 2.1.3o git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7088 e7ae566f-a301-0410-adde-c780ea21d3b5
* Version 2.1.3nJames Yonan2011-04-261-1/+1
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7069 e7ae566f-a301-0410-adde-c780ea21d3b5
* Extended "client-kill" management interface command (server-side)James Yonan2011-04-261-1/+1
| | | | | | | | | | | | | | | | | | | | to accept an optional message string. The message string format is: RESTART|HALT,<human-readable-message> RESTART will tell the client to restart (i.e. SIGUSR1). HALT will tell the client to exit (i.e. SIGTERM). On the client, human-readable-message will be communicated via management interface: >NOTIFY,<severity>,<type>,<human-readable-message>" Version 2.1.3m git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7063 e7ae566f-a301-0410-adde-c780ea21d3b5
* Reduce log verbosity at level 3, with a focus on removing excessive log ↵James Yonan2011-04-251-1/+1
| | | | | | | | verbosity generated by port-share activity. Version 2.1.3k git-svn-id: http://svn.openvpn.net/projects/branches/BETA21@7033 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added --enable-lzo-stub configure option to build an OpenVPN client without ↵James Yonan2011-04-251-1/+1
| | | | | | | | | | | | | | | | LZO, but that has limited interoperability with LZO-enabled servers. Modified "push-peer-info" option to push IV_LZO_STUB=1 to server when client was built with --enable-lzo-stub configure option. This tells the server that the client lacks LZO capabilities, so the server should turn off LZO compression for this client via "lzo no". Added "setenv PUSH_PEER_INFO" option having the same effect as "push-peer-info". Version 2.1.3j git-svn-id: http://svn.openvpn.net/projects/branches/BETA21@7023 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added "client-nat" option for stateless, one-to-oneJames Yonan2011-02-181-1/+1
| | | | | | | | | NAT on the client side. Version 2.1.3i. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6944 e7ae566f-a301-0410-adde-c780ea21d3b5
* Properly handle certificate serial numbers > 32 bits.James Yonan2011-02-141-1/+1
| | | | | | | Version 2.1.3h git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6931 e7ae566f-a301-0410-adde-c780ea21d3b5
* Implemented get_default_gateway_mac_addr for Mac OS X (previously,James Yonan2011-02-141-1/+1
| | | | | | | | | | | | | | was only defined for Windows and Linux). This enables OS X to report the MAC address of the default gateway to the server for ID purposes when client-side --push-peer-info option is specified. Also, minor fix to OS X get_default_gateway function: * include net/route.h directly rather than selectively paste stuff from it into route.c git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6925 e7ae566f-a301-0410-adde-c780ea21d3b5
* * added --management-up-down option to allow management interfaceJames Yonan2011-01-101-1/+1
| | | | | | | | | | | | to be notified of tunnel up/down events. * pulled --ip-win32 options will be suppressed on the client if --route-nopull option is specified. Version 2.1.3f git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6813 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added --x509-track option.James Yonan2011-01-051-1/+1
| | | | | | | Version 2.1.3e git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6780 e7ae566f-a301-0410-adde-c780ea21d3b5
* Minor addition of logging info before and afterJames Yonan2010-12-101-1/+1
| | | | | | | | | execution of Windows net commands. Version 2.1.3d git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6712 e7ae566f-a301-0410-adde-c780ea21d3b5
* In verify_callback, the subject var should be freed by OPENSSL_free,James Yonan2010-11-161-1/+1
| | | | | | | not free, since it is allocated by OpenSSL. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6655 e7ae566f-a301-0410-adde-c780ea21d3b5
* Version 2.1.3bJames Yonan2010-10-281-1/+1
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6585 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added --proto-force directive.James Yonan2010-09-011-1/+1
| | | | | | | Version 2.1.3a git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6424 e7ae566f-a301-0410-adde-c780ea21d3b5
* Attempt to fix issue where domake-win build system was not properlyv2.1.3James Yonan2010-08-201-1/+1
| | | | | | | | | | | | | signing drivers and .exe files. Added win/tap_span.py for building multiple versions of the TAP driver and tapinstall binaries using different DDK versions to span from Win2K to Win7 and beyond. Version 2.1.3 git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6404 e7ae566f-a301-0410-adde-c780ea21d3b5
* Windows security issue:v2.1.2James Yonan2010-08-151-1/+1
| | | | | | | | | | | | | | | | | | | Fixed potential local privilege escalation vulnerability in Windows service. The Windows service did not properly quote the executable filename passed to CreateService. A local attacker with write access to the root directory C:\ could create an executable that would be run with the same privilege level as the OpenVPN Windows service. However, since non-Administrative users normally lack write permission on C:\, this vulnerability is generally not exploitable except on older versions of Windows (such as Win2K) where the default permissions on C:\ would allow any user to create files there. Credit: Scott Laurie, MWR InfoSecurity Version 2.1.2 git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6400 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added "net stop dnscache" and "net start dnscache" in frontJames Yonan2010-07-271-1/+1
| | | | | | | of existing --register-dns commands. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6352 e7ae566f-a301-0410-adde-c780ea21d3b5
* Fixed an issue where application payload transmissions on theJames Yonan2010-07-271-1/+1
| | | | | | | | | | TLS control channel (such as AUTH_FAILED) that occur during or immediately after a TLS renegotiation might be dropped. Version 2.1.1n git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6350 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added --register-dns option for Windows.James Yonan2010-07-161-1/+1
| | | | | | | | | | Fixed some issues on Windows with --log, subprocess creation for command execution, and stdout/stderr redirection. Version 2.1.1m. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6304 e7ae566f-a301-0410-adde-c780ea21d3b5
* Implemented multi-address DNS expansion on the network field of routeJames Yonan2010-07-121-1/+1
| | | | | | | | | | | | commands. When only a single IP address is desired from a multi-address DNS expansion, use the first address rather than a random selection. Version 2.1.1l git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6291 e7ae566f-a301-0410-adde-c780ea21d3b5
* Version 2.1.1kJames Yonan2010-07-101-1/+1
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6285 e7ae566f-a301-0410-adde-c780ea21d3b5
* Fixed issue where bad creds provided by the management interfaceJames Yonan2010-06-101-1/+1
| | | | | | | | | for HTTP Proxy Basic Authentication would go into an infinite retry-fail loop instead of requerying the management interface for new creds. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5701 e7ae566f-a301-0410-adde-c780ea21d3b5
* Implemented a key/value auth channel from client to server.James Yonan2010-06-011-1/+1
| | | | | | | Version 2.1.1i git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5668 e7ae566f-a301-0410-adde-c780ea21d3b5
* Implemented http-proxy-override and http-proxy-fallback directives to make itJames Yonan2010-05-241-1/+1
| | | | | | | | | easier for OpenVPN client UIs to start a pre-existing client config file with proxy options, or to adaptively fall back to a proxy connection if a direct connection fails. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5652 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added Python-based build system for Windows inJames Yonan2010-04-221-1/+1
| | | | | | | | | | | | | win directory. Fixed minor issue in TAP driver DEBUG builds where non-null-terminated unicode strings were being printed incorrectly. Version 2.1.1g git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5577 e7ae566f-a301-0410-adde-c780ea21d3b5
* Management interface performance optimizations:James Yonan2010-04-161-1/+1
| | | | | | | | | | | | | * Added env-filter MI command to perform filtering on env vars passed through as a part of --management-client-auth * man_write will now try to aggregate output into larger blocks (up to 1024 bytes) for more efficient i/o Version 2.1.1f git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5557 e7ae566f-a301-0410-adde-c780ea21d3b5
* Updated MSVC build scripts to Visual Studio 2008:James Yonan2010-03-311-1/+1
| | | | | | | | | | python msvc\config.py nmake /f msvc\msvc.mak Version 2.1.1e git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5516 e7ae566f-a301-0410-adde-c780ea21d3b5
* Set socket buffers (SO_SNDBUF and SO_RCVBUF) immediately afterJames Yonan2010-03-301-1/+1
| | | | | | | | | socket is created rather than waiting until after connect/listen. Version 2.1.1d git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5514 e7ae566f-a301-0410-adde-c780ea21d3b5
* Version 2.1.1cJames Yonan2010-03-171-1/+1
| | | | | | | | Enable exponential backoff in reliability layer retransmits. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5490 e7ae566f-a301-0410-adde-c780ea21d3b5
* Version 2.1.1bjames2010-01-161-1/+1
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5371 e7ae566f-a301-0410-adde-c780ea21d3b5
* When aborting in a non-graceful way, try to execute do_close_tun injames2010-01-121-1/+1
| | | | | | | | init.c prior to daemon exit to ensure that the tun/tap interface is closed and any added routes are deleted. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5367 e7ae566f-a301-0410-adde-c780ea21d3b5
* Fixed some breakage in openvpn.spec (which is required to build anv2.1.1james2009-12-111-1/+1
| | | | | | | | | | | RPM distribution) where it was referencing a non-existent subdirectory in the tarball, causing it to fail (patch from David Sommerseth). Version 2.1.1. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5269 e7ae566f-a301-0410-adde-c780ea21d3b5
* Version 2.1.0v2.1.0james2009-12-111-1/+1
| | | | | | | | | | * Updated ChangeLog. * Note in man page that clients connecting to a --multihome server should always use the --nobind option. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5266 e7ae566f-a301-0410-adde-c780ea21d3b5
* Version 2.1_rc22v2.1_rc22james2009-11-201-1/+1
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5169 e7ae566f-a301-0410-adde-c780ea21d3b5
* Fixed a client-side bug that occurred when the "dhcp-pre-release"james2009-11-191-1/+1
| | | | | | | | | | | | | | | | or "dhcp-renew" options were combined with "route-gateway dhcp". The problem is that the IP Helper functions for DHCP release and renew are blocking, and so calling them from a single-threaded client stops tunnel traffic forwarding, and hence breaks "route-gateway dhcp" which requires an active tunnel. The fix is to call the IP Helper functions for DHCP release and renew from another process. Version 2.1_rc21b. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5164 e7ae566f-a301-0410-adde-c780ea21d3b5
* Increase MAX_CERT_DEPTH to 16 (from 8), and when exceeded,james2009-11-131-1/+1
| | | | | | | make it a hard failure, rather than just a warning. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5159 e7ae566f-a301-0410-adde-c780ea21d3b5
* Version 2.1_rc21v2.1_rc21james2009-11-121-1/+1
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5152 e7ae566f-a301-0410-adde-c780ea21d3b5
* Version 2.1_rc20ajames2009-10-251-1/+1
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5106 e7ae566f-a301-0410-adde-c780ea21d3b5
* Version 2.1_rc20james2009-10-011-1/+1
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5023 e7ae566f-a301-0410-adde-c780ea21d3b5
* Eliminated the limitation on the number of options that can be pushedjames2009-09-271-1/+1
| | | | | | | | | | | | | to clients, including routes. Previously, all pushed options needed to fit within a 1024 byte options string. Remember that to make use of this feature to allow many routes to be pushed to clients, the client config file must specify the max-routes option, and the number of pushed routes cannot exceed this limit. Also, both server and client must include this commit. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4991 e7ae566f-a301-0410-adde-c780ea21d3b5
* Modified client to send a PUSH_REQUEST message to server 1 secondjames2009-09-161-1/+1
| | | | | | | | | | | | | | | after connection initiation rather than 0 seconds after. Successive PUSH_REQUEST messages after the first will continue to be sent at 5 second intervals until a response is received. This tends to speed up the client connection sequence by 4 seconds because the first PUSH_REQUEST message is usually sent too soon and is dropped, causing a wait of 5 seconds until the next PUSH_REQUEST message is sent. Version 2.1_rc19d git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4965 e7ae566f-a301-0410-adde-c780ea21d3b5
* Updated version number to 2.1_rc19c.james2009-09-081-1/+1
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4946 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added new ./configure flags:james2009-08-241-1/+1
| | | | | | | | --disable-def-auth Disable deferred authentication --disable-pf Disable internal packet filter git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4852 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added --remote-random-hostname option.james2009-08-221-1/+1
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4843 e7ae566f-a301-0410-adde-c780ea21d3b5
* OpenVPN version 2.1_rc19 releasedv2.1_rc19james2009-07-161-1/+1
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4712 e7ae566f-a301-0410-adde-c780ea21d3b5
* In Windows TAP driver, refactor DHCP/ARP packet injection code tojames2009-06-221-1/+1
| | | | | | | | | | | use a DPC (deferred procedure call) to defer packet injection until IRQL < DISPATCH_LEVEL, rather than calling NdisMEthIndicateReceive in the context of AdapterTransmit. This is an attempt to reduce kernel stack usage, and prevent EXCEPTION_DOUBLE_FAULT BSODs that have been observed on Vista. Updated TAP driver version number to 9.6. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4606 e7ae566f-a301-0410-adde-c780ea21d3b5
* Version 2.1_rc18v2.1_rc18james2009-06-071-1/+1
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4526 e7ae566f-a301-0410-adde-c780ea21d3b5
* Version 2.1_rc17v2.1_rc17james2009-06-011-1/+1
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4500 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added new 'autolocal' redirect-gateway flag. When enabled, the OpenVPNjames2009-05-241-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | client will examine the routing table and determine whether (a) the OpenVPN server is reachable via a locally connected interface, or (b) traffic to the server must be forwarded through the default router. Only add a special bypass route for the OpenVPN server if (b) is true. If (a) is true, behave as if the 'local' flag is specified, and do not add a bypass route. The new 'autolocal' flag depends on the non-portable test_local_addr() function in route.c, which is currently only implemented for Windows. The 'autolocal' flag will act as a no-op on platforms that have not yet defined a test_local_addr() function. Increased TLS_CHANNEL_BUF_SIZE to 2048 from 1024 (this will allow for more option content to be pushed from server to client). Raised D_MULTI_DROPPED debug level to 4 from 3. Version 2.1_rc16b. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4446 e7ae566f-a301-0410-adde-c780ea21d3b5
* Version 2.1_rc16v2.1_rc16james2009-05-181-1/+1
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4363 e7ae566f-a301-0410-adde-c780ea21d3b5
generated by cgit (git 2.34.1) at 2024-09-29 22:27:51 +0000