Maintainer seems busy and does not respond: Included a diff for updating openvpn from 2.2.2 to 2.3.0. Changelog can be found at:
https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23 Tested for a couple of weeks on amd64.
Index: Makefile =================================================================== RCS file: /cvs/ports/net/openvpn/Makefile,v retrieving revision 1.41 diff -u -p -r1.41 Makefile --- Makefile 29 Mar 2012 13:38:48 -0000 1.41 +++ Makefile 7 Mar 2013 20:50:57 -0000 @@ -2,8 +2,7 @@ COMMENT= easy-to-use, robust, and highly configurable VPN -DISTNAME= openvpn-2.2.2 -REVISION= 1 +DISTNAME= openvpn-2.3.0 CATEGORIES= net security HOMEPAGE= http://openvpn.net/ @@ -25,29 +24,19 @@ LIB_DEPENDS= archivers/lzo2 SEPARATE_BUILD= Yes CONFIGURE_STYLE= gnu -CONFIGURE_ARGS+= --with-lzo-headers=${DEPBASE}/include \ - --with-lzo-lib=${DEPBASE}/lib \ - --enable-password-save +CONFIGURE_ARGS+= --enable-password-save +CONFIGURE_ENV= CFLAGS="${CFLAGS} -I${LOCALBASE}/include" \ + LDFLAGS="-L${LOCALBASE}/lib" -INCLUDE_DIR= ${PREFIX}/include/openvpn SAMPLES_DIR= ${PREFIX}/share/examples/openvpn post-install: - ${INSTALL_DATA_DIR} ${INCLUDE_DIR} - ${INSTALL_DATA} ${WRKSRC}/openvpn-plugin.h \ - ${INCLUDE_DIR}/openvpn-plugin.h - ${INSTALL_DATA_DIR} ${SAMPLES_DIR} ${INSTALL_DATA_DIR} ${SAMPLES_DIR}/sample-config-files ${INSTALL_DATA_DIR} ${SAMPLES_DIR}/sample-keys ${INSTALL_DATA_DIR} ${SAMPLES_DIR}/sample-scripts - ${INSTALL_DATA_DIR} ${SAMPLES_DIR}/easy-rsa - @rm -rf ${WRKSRC}/easy-rsa/Windows - @find ${WRKSRC}/sample-config-files/ -type f \! -name "*.orig" -exec \ - ${INSTALL_DATA} {} ${SAMPLES_DIR}/sample-config-files/ \; - ${INSTALL_DATA} ${WRKSRC}/sample-keys/* ${SAMPLES_DIR}/sample-keys/ - ${INSTALL_DATA} ${WRKSRC}/sample-scripts/* ${SAMPLES_DIR}/sample-scripts/ - @find ${WRKSRC}/easy-rsa -type f -exec perl -pi -e 's,#!/bin/bash,#!/bin/sh,g' {} \; - @cp -pR ${WRKSRC}/easy-rsa/* ${SAMPLES_DIR}/easy-rsa/ - @chown -R ${SHAREOWN}:${SHAREGRP} ${SAMPLES_DIR}/easy-rsa/ + @find ${WRKSRC}/sample/sample-config-files/ -type f \! -name "*.orig" -exec \ + ${INSTALL_DATA} {} ${SAMPLES_DIR}/sample-config-files \; + ${INSTALL_DATA} ${WRKSRC}/sample/sample-keys/* ${SAMPLES_DIR}/sample-keys + ${INSTALL_DATA} ${WRKSRC}/sample/sample-scripts/* ${SAMPLES_DIR}/sample-scripts .include <bsd.port.mk> Index: distinfo =================================================================== RCS file: /cvs/ports/net/openvpn/distinfo,v retrieving revision 1.22 diff -u -p -r1.22 distinfo --- distinfo 12 Jan 2012 08:15:30 -0000 1.22 +++ distinfo 7 Mar 2013 20:50:57 -0000 @@ -1,5 +1,2 @@ -MD5 (openvpn-2.2.2.tar.gz) = xRgeJ7eUX6YnbSGHMynFxw== -RMD160 (openvpn-2.2.2.tar.gz) = YJkPGDvdRpM3JLO/ObpYYe0CWKY= -SHA1 (openvpn-2.2.2.tar.gz) = mSNzzfEuG1BlWxN2Wm02qHz9PKM= -SHA256 (openvpn-2.2.2.tar.gz) = VMqLJg4uo7JuhMIoLMtfjLFJ7c/UJLaG1fsiuNu+rAA= -SIZE (openvpn-2.2.2.tar.gz) = 911158 +SHA256 (openvpn-2.3.0.tar.gz) = RgKo0PZt+mrBC3q/66NSYNfUxXCUj266X4IW/6OixJA= +SIZE (openvpn-2.3.0.tar.gz) = 1130659 Index: patches/patch-Makefile_in =================================================================== RCS file: patches/patch-Makefile_in diff -N patches/patch-Makefile_in --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-Makefile_in 7 Mar 2013 20:50:57 -0000 @@ -0,0 +1,13 @@ +$OpenBSD$ +--- Makefile.in.orig Thu Mar 7 21:03:09 2013 ++++ Makefile.in Thu Mar 7 21:03:47 2013 +@@ -349,8 +349,7 @@ EXTRA_DIST = \ + @GIT_CHECKOUT_TRUE@ config-version.h + + SUBDIRS = build distro include src sample doc tests +-dist_doc_DATA = README README.IPv6 README.polarssl COPYRIGHT.GPL \ +- COPYING $(am__append_1) ++dist_doc_DATA = $(am__append_1) + dist_noinst_DATA = .gitignore .gitattributes config-version.h.in PORTS \ + README.IPv6 TODO.IPv6 README.polarssl openvpn.sln msvc-env.bat \ + msvc-dev.bat msvc-build.bat $(am__append_2) Index: patches/patch-configure =================================================================== RCS file: patches/patch-configure diff -N patches/patch-configure --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-configure 7 Mar 2013 20:50:57 -0000 @@ -0,0 +1,12 @@ +$OpenBSD$ +--- configure.orig Thu Mar 7 21:27:01 2013 ++++ configure Thu Mar 7 21:27:19 2013 +@@ -15511,7 +15511,7 @@ fi + + + plugindir="${with_plugindir}" +-sampledir="\$(docdir)/sample" ++sampledir="\$(docdir)" + + + Index: patches/patch-doc_openvpn_8 =================================================================== RCS file: patches/patch-doc_openvpn_8 diff -N patches/patch-doc_openvpn_8 --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-doc_openvpn_8 7 Mar 2013 20:50:57 -0000 @@ -0,0 +1,15 @@ +$OpenBSD$ +--- doc/openvpn.8.orig Thu Nov 22 13:08:09 2012 ++++ doc/openvpn.8 Thu Mar 7 14:02:35 2013 +@@ -1404,6 +1404,11 @@ on both client and server for maximum effect. + Currently defaults to 100. + .\"********************************************************* + .TP ++.B --rtable n ++(OpenBSD only) Set the routing table. ++Defaults to 0. ++.\"********************************************************* ++.TP + .B \-\-shaper n + Limit bandwidth of outgoing tunnel data to + .B n Index: patches/patch-include_Makefile_in =================================================================== RCS file: patches/patch-include_Makefile_in diff -N patches/patch-include_Makefile_in --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-include_Makefile_in 7 Mar 2013 20:50:57 -0000 @@ -0,0 +1,12 @@ +$OpenBSD$ +--- include/Makefile.in.orig Thu Mar 7 21:12:39 2013 ++++ include/Makefile.in Thu Mar 7 21:13:52 2013 +@@ -219,7 +219,7 @@ host_cpu = @host_cpu@ + host_os = @host_os@ + host_vendor = @host_vendor@ + htmldir = @htmldir@ +-includedir = @includedir@ ++includedir = @includedir@/openvpn + infodir = @infodir@ + install_sh = @install_sh@ + libdir = @libdir@ Index: patches/patch-init_c =================================================================== RCS file: patches/patch-init_c diff -N patches/patch-init_c --- patches/patch-init_c 30 Aug 2010 18:32:20 -0000 1.3 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,11 +0,0 @@ -$OpenBSD: patch-init_c,v 1.3 2010/08/30 18:32:20 fkr Exp $ ---- init.c.orig Wed Jul 21 21:08:41 2010 -+++ init.c Sun Aug 22 16:10:23 2010 -@@ -2451,6 +2451,7 @@ do_init_socket_1 (struct context *c, const int mode) - c->options.mtu_discover_type, - c->options.rcvbuf, - c->options.sndbuf, -+ c->options.rtable, - sockflags); - } - Index: patches/patch-openvpn_8 =================================================================== RCS file: patches/patch-openvpn_8 diff -N patches/patch-openvpn_8 --- patches/patch-openvpn_8 12 Jan 2012 08:15:30 -0000 1.4 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,15 +0,0 @@ -$OpenBSD: patch-openvpn_8,v 1.4 2012/01/12 08:15:30 sthen Exp $ ---- openvpn.8.orig Fri Jun 24 07:13:39 2011 -+++ openvpn.8 Fri Jul 8 14:30:59 2011 -@@ -1357,6 +1357,11 @@ on both client and server for maximum effect. - Currently defaults to 100. - .\"********************************************************* - .TP -+.B --rtable n -+(OpenBSD only) Set the routing table. -+Defaults to 0. -+.\"********************************************************* -+.TP - .B \-\-shaper n - Limit bandwidth of outgoing tunnel data to - .B n Index: patches/patch-options_c =================================================================== RCS file: patches/patch-options_c diff -N patches/patch-options_c --- patches/patch-options_c 12 Jan 2012 08:15:30 -0000 1.4 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,31 +0,0 @@ -$OpenBSD: patch-options_c,v 1.4 2012/01/12 08:15:30 sthen Exp $ ---- options.c.orig Fri Jun 24 07:13:39 2011 -+++ options.c Fri Jul 8 14:30:59 2011 -@@ -265,6 +265,7 @@ static const char usage_message[] = - "--sndbuf size : Set the TCP/UDP send buffer size.\n" - "--rcvbuf size : Set the TCP/UDP receive buffer size.\n" - "--txqueuelen n : Set the tun/tap TX queue length to n (Linux only).\n" -+ "--rtable n : Set the routing table (default=0, OpenBSD only)\n" - "--mlock : Disable Paging -- ensures key material and tunnel\n" - " data will never be written to disk.\n" - "--up cmd : Shell cmd to execute after successful tun device open.\n" -@@ -1282,6 +1283,7 @@ show_settings (const struct options *o) - #endif - SHOW_INT (rcvbuf); - SHOW_INT (sndbuf); -+ SHOW_INT (rtable); - SHOW_INT (sockflags); - - SHOW_BOOL (fast_io); -@@ -4216,6 +4218,11 @@ add_option (struct options *options, - { - VERIFY_PERMISSION (OPT_P_SOCKBUF); - options->sndbuf = positive_atoi (p[1]); -+ } -+ else if (streq (p[0], "rtable") && p[1]) -+ { -+ VERIFY_PERMISSION (OPT_P_SOCKFLAGS); -+ options->rtable = positive_atoi (p[1]); - } - else if (streq (p[0], "socket-flags")) - { Index: patches/patch-options_h =================================================================== RCS file: patches/patch-options_h diff -N patches/patch-options_h --- patches/patch-options_h 12 Jan 2012 08:15:30 -0000 1.4 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,13 +0,0 @@ -$OpenBSD: patch-options_h,v 1.4 2012/01/12 08:15:30 sthen Exp $ ---- options.h.orig Mon Feb 21 16:38:10 2011 -+++ options.h Tue Mar 22 23:00:56 2011 -@@ -313,6 +313,9 @@ struct options - int rcvbuf; - int sndbuf; - -+ /* routing domain */ -+ int rtable; -+ - /* socket flags */ - unsigned int sockflags; - Index: patches/patch-route_c =================================================================== RCS file: patches/patch-route_c diff -N patches/patch-route_c --- patches/patch-route_c 12 Jan 2012 08:15:30 -0000 1.6 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,182 +0,0 @@ -$OpenBSD: patch-route_c,v 1.6 2012/01/12 08:15:30 sthen Exp $ ---- route.c.orig Mon Feb 21 16:38:10 2011 -+++ route.c Tue Mar 22 23:00:56 2011 -@@ -1926,7 +1926,7 @@ get_default_gateway (in_addr_t *ret, in_addr_t *netmas - } - } - --#elif defined(TARGET_OPENBSD) || defined(TARGET_NETBSD) -+#elif defined(TARGET_NETBSD) - - #include <sys/types.h> - #include <sys/socket.h> -@@ -1975,6 +1975,169 @@ struct rt_msghdr { - int rtm_errno; /* why failed */ - int rtm_use; /* from rtentry */ - u_long rtm_inits; /* which metrics we are initializing */ -+ struct rt_metrics rtm_rmx; /* metrics themselves */ -+}; -+ -+struct { -+ struct rt_msghdr m_rtm; -+ char m_space[512]; -+} m_rtmsg; -+ -+#define ROUNDUP(a) \ -+ ((a) > 0 ? (1 + (((a) - 1) | (sizeof(long) - 1))) : sizeof(long)) -+ -+static bool -+get_default_gateway (in_addr_t *ret) -+{ -+ struct gc_arena gc = gc_new (); -+ int s, seq, l, rtm_addrs, i; -+ pid_t pid; -+ struct sockaddr so_dst, so_mask; -+ char *cp = m_rtmsg.m_space; -+ struct sockaddr *gate = NULL, *sa; -+ struct rt_msghdr *rtm_aux; -+ -+#define NEXTADDR(w, u) \ -+ if (rtm_addrs & (w)) {\ -+ l = ROUNDUP(u.sa_len); memmove(cp, &(u), l); cp += l;\ -+ } -+ -+#define ADVANCE(x, n) (x += ROUNDUP((n)->sa_len)) -+ -+#define rtm m_rtmsg.m_rtm -+ -+ pid = getpid(); -+ seq = 0; -+ rtm_addrs = RTA_DST | RTA_NETMASK; -+ -+ bzero(&so_dst, sizeof(so_dst)); -+ bzero(&so_mask, sizeof(so_mask)); -+ bzero(&rtm, sizeof(struct rt_msghdr)); -+ -+ rtm.rtm_type = RTM_GET; -+ rtm.rtm_flags = RTF_UP | RTF_GATEWAY; -+ rtm.rtm_version = RTM_VERSION; -+ rtm.rtm_seq = ++seq; -+ rtm.rtm_addrs = rtm_addrs; -+ -+ so_dst.sa_family = AF_INET; -+ so_dst.sa_len = sizeof(struct sockaddr_in); -+ so_mask.sa_family = AF_INET; -+ so_mask.sa_len = sizeof(struct sockaddr_in); -+ -+ NEXTADDR(RTA_DST, so_dst); -+ NEXTADDR(RTA_NETMASK, so_mask); -+ -+ rtm.rtm_msglen = l = cp - (char *)&m_rtmsg; -+ -+ s = socket(PF_ROUTE, SOCK_RAW, 0); -+ -+ if (write(s, (char *)&m_rtmsg, l) < 0) -+ { -+ warn("writing to routing socket"); -+ gc_free (&gc); -+ close(s); -+ return false; -+ } -+ -+ do { -+ l = read(s, (char *)&m_rtmsg, sizeof(m_rtmsg)); -+ } while (l > 0 && (rtm.rtm_seq != seq || rtm.rtm_pid != pid)); -+ -+ close(s); -+ -+ rtm_aux = &rtm; -+ -+ cp = ((char *)(rtm_aux + 1)); -+ if (rtm_aux->rtm_addrs) { -+ for (i = 1; i; i <<= 1) -+ if (i & rtm_aux->rtm_addrs) { -+ sa = (struct sockaddr *)cp; -+ if (i == RTA_GATEWAY ) -+ gate = sa; -+ ADVANCE(cp, sa); -+ } -+ } -+ else -+ { -+ gc_free (&gc); -+ return false; -+ } -+ -+ -+ if (gate != NULL ) -+ { -+ *ret = ntohl(((struct sockaddr_in *)gate)->sin_addr.s_addr); -+#if 1 -+ msg (M_INFO, "gw %s", -+ print_in_addr_t ((in_addr_t) *ret, 0, &gc)); -+#endif -+ -+ gc_free (&gc); -+ return true; -+ } -+ else -+ { -+ gc_free (&gc); -+ return false; -+ } -+} -+ -+#elif defined(TARGET_OPENBSD) -+ -+#include <sys/types.h> -+#include <sys/socket.h> -+#include <netinet/in.h> -+ -+/* all of this is taken from <net/route.h> in OpenBSD 3.6 */ -+#define RTA_DST 0x1 /* destination sockaddr present */ -+#define RTA_GATEWAY 0x2 /* gateway sockaddr present */ -+#define RTA_NETMASK 0x4 /* netmask sockaddr present */ -+ -+#define RTM_GET 0x4 /* Report Metrics */ -+ -+#define RTM_VERSION 4 /* Up the ante and ignore older versions */ -+ -+#define RTF_UP 0x1 /* route usable */ -+#define RTF_GATEWAY 0x2 /* destination is a gateway */ -+ -+/* -+ * Huge version for userland compatibility. -+ */ -+struct rt_metrics { -+ u_int64_t rmx_pksent; /* packets sent using this route */ -+ u_int rmx_locks; /* Kernel must leave these values */ -+ u_int rmx_mtu; /* MTU for this path */ -+ u_int rmx_expire; /* lifetime for route, e.g. redirect */ -+ u_int rmx_refcnt; /* # references hold */ -+ /* some apps may still need these no longer used metrics */ -+ u_int rmx_hopcount; /* max hops expected */ -+ u_int rmx_recvpipe; /* inbound delay-bandwidth product */ -+ u_int rmx_sendpipe; /* outbound delay-bandwidth product */ -+ u_int rmx_ssthresh; /* outbound gateway buffer limit */ -+ u_int rmx_rtt; /* estimated round trip time */ -+ u_int rmx_rttvar; /* estimated rtt variance */ -+}; -+ -+/* -+ * Structures for routing messages. -+ */ -+struct rt_msghdr { -+ u_short rtm_msglen; /* to skip over non-understood messages */ -+ u_char rtm_version; /* future binary compatibility */ -+ u_char rtm_type; /* message type */ -+ u_short rtm_hdrlen; /* sizeof(rt_msghdr) to skip over the header */ -+ u_short rtm_index; /* index for associated ifp */ -+ u_short rtm_tableid; /* routing table id */ -+ u_char rtm_prio; /* routing priority */ -+ u_char rtm_pad; -+ int rtm_addrs; /* bitmask identifying sockaddrs in msg */ -+ int rtm_flags; /* flags, incl. kern & message, e.g. DONE */ -+ int rtm_fmask; /* bitmask used in RTM_CHANGE message */ -+ pid_t rtm_pid; /* identify sender */ -+ int rtm_seq; /* for sender to identify action */ -+ int rtm_errno; /* why failed */ -+ u_int rtm_inits; /* which metrics we are initializing */ - struct rt_metrics rtm_rmx; /* metrics themselves */ - }; - Index: patches/patch-sample-config-files_client_conf =================================================================== RCS file: patches/patch-sample-config-files_client_conf diff -N patches/patch-sample-config-files_client_conf --- patches/patch-sample-config-files_client_conf 30 Aug 2010 18:32:20 -0000 1.2 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,14 +0,0 @@ -$OpenBSD: patch-sample-config-files_client_conf,v 1.2 2010/08/30 18:32:20 fkr Exp $ ---- sample-config-files/client.conf.orig Wed Mar 31 08:47:07 2010 -+++ sample-config-files/client.conf Fri Aug 27 09:03:50 2010 -@@ -58,8 +58,8 @@ resolv-retry infinite - nobind - - # Downgrade privileges after initialization (non-Windows only) --;user nobody --;group nobody -+user _openvpn -+group _openvpn - - # Try to preserve some state across restarts. - persist-key Index: patches/patch-sample-config-files_server_conf =================================================================== RCS file: patches/patch-sample-config-files_server_conf diff -N patches/patch-sample-config-files_server_conf --- patches/patch-sample-config-files_server_conf 30 Aug 2010 18:32:20 -0000 1.3 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,14 +0,0 @@ -$OpenBSD: patch-sample-config-files_server_conf,v 1.3 2010/08/30 18:32:20 fkr Exp $ ---- sample-config-files/server.conf.orig Wed Mar 31 08:47:07 2010 -+++ sample-config-files/server.conf Fri Aug 27 09:04:00 2010 -@@ -259,8 +259,8 @@ comp-lzo - # - # You can uncomment this out on - # non-Windows systems. --;user nobody --;group nobody -+user _openvpn -+group _openvpn - - # The persist options will try to avoid - # accessing certain resources on restart Index: patches/patch-sample-config-files_static-home_conf =================================================================== RCS file: patches/patch-sample-config-files_static-home_conf diff -N patches/patch-sample-config-files_static-home_conf --- patches/patch-sample-config-files_static-home_conf 30 Aug 2010 18:32:20 -0000 1.2 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,17 +0,0 @@ -$OpenBSD: patch-sample-config-files_static-home_conf,v 1.2 2010/08/30 18:32:20 fkr Exp $ ---- sample-config-files/static-home.conf.orig Wed Mar 31 08:47:07 2010 -+++ sample-config-files/static-home.conf Fri Aug 27 09:04:10 2010 -@@ -37,10 +37,10 @@ secret static.key - ; port 1194 - - # Downgrade UID and GID to --# "nobody" after initialization -+# "_openvpn" after initialization - # for extra security. --; user nobody --; group nobody -+user _openvpn -+group _openvpn - - # If you built OpenVPN with - # LZO compression, uncomment Index: patches/patch-sample-config-files_static-office_conf =================================================================== RCS file: patches/patch-sample-config-files_static-office_conf diff -N patches/patch-sample-config-files_static-office_conf --- patches/patch-sample-config-files_static-office_conf 30 Aug 2010 18:32:20 -0000 1.2 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,17 +0,0 @@ -$OpenBSD: patch-sample-config-files_static-office_conf,v 1.2 2010/08/30 18:32:20 fkr Exp $ ---- sample-config-files/static-office.conf.orig Wed Mar 31 08:47:07 2010 -+++ sample-config-files/static-office.conf Fri Aug 27 09:04:19 2010 -@@ -34,10 +34,10 @@ secret static.key - ; port 1194 - - # Downgrade UID and GID to --# "nobody" after initialization -+# "_openvpn" after initialization - # for extra security. --; user nobody --; group nobody -+user _openvpn -+group _openvpn - - # If you built OpenVPN with - # LZO compression, uncomment Index: patches/patch-sample-config-files_tls-home_conf =================================================================== RCS file: patches/patch-sample-config-files_tls-home_conf diff -N patches/patch-sample-config-files_tls-home_conf --- patches/patch-sample-config-files_tls-home_conf 30 Aug 2010 18:32:20 -0000 1.2 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,17 +0,0 @@ -$OpenBSD: patch-sample-config-files_tls-home_conf,v 1.2 2010/08/30 18:32:20 fkr Exp $ ---- sample-config-files/tls-home.conf.orig Wed Mar 31 08:47:07 2010 -+++ sample-config-files/tls-home.conf Fri Aug 27 09:04:28 2010 -@@ -48,10 +48,10 @@ key home.key - ; port 1194 - - # Downgrade UID and GID to --# "nobody" after initialization -+# "_openvpn" after initialization - # for extra security. --; user nobody --; group nobody -+user _openvpn -+group _openvpn - - # If you built OpenVPN with - # LZO compression, uncomment Index: patches/patch-sample-config-files_tls-office_conf =================================================================== RCS file: patches/patch-sample-config-files_tls-office_conf diff -N patches/patch-sample-config-files_tls-office_conf --- patches/patch-sample-config-files_tls-office_conf 30 Aug 2010 18:32:20 -0000 1.2 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,17 +0,0 @@ -$OpenBSD: patch-sample-config-files_tls-office_conf,v 1.2 2010/08/30 18:32:20 fkr Exp $ ---- sample-config-files/tls-office.conf.orig Wed Mar 31 08:47:07 2010 -+++ sample-config-files/tls-office.conf Fri Aug 27 09:04:39 2010 -@@ -48,10 +48,10 @@ key office.key - ; port 1194 - - # Downgrade UID and GID to --# "nobody" after initialization -+# "_openvpn" after initialization - # for extra security. --; user nobody --; group nobody -+user _openvpn -+group _openvpn - - # If you built OpenVPN with - # LZO compression, uncomment Index: patches/patch-sample-config-files_xinetd-client-config =================================================================== RCS file: patches/patch-sample-config-files_xinetd-client-config diff -N patches/patch-sample-config-files_xinetd-client-config --- patches/patch-sample-config-files_xinetd-client-config 15 Dec 2006 09:56:14 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,11 +0,0 @@ -$OpenBSD: patch-sample-config-files_xinetd-client-config,v 1.1 2006/12/15 09:56:14 robert Exp $ ---- sample-config-files/xinetd-client-config.orig Tue Nov 1 12:06:10 2005 -+++ sample-config-files/xinetd-client-config Fri Dec 15 09:22:42 2006 -@@ -6,6 +6,6 @@ dev tun - ifconfig 10.4.0.1 10.4.0.2 - remote my-server - port 1194 --user nobody -+user _openvpn - secret /root/openvpn/key - inactive 600 Index: patches/patch-sample-config-files_xinetd-server-config =================================================================== RCS file: patches/patch-sample-config-files_xinetd-server-config diff -N patches/patch-sample-config-files_xinetd-server-config --- patches/patch-sample-config-files_xinetd-server-config 15 Dec 2006 09:56:14 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,10 +0,0 @@ -$OpenBSD: patch-sample-config-files_xinetd-server-config,v 1.1 2006/12/15 09:56:14 robert Exp $ ---- sample-config-files/xinetd-server-config.orig Tue Nov 1 12:06:10 2005 -+++ sample-config-files/xinetd-server-config Fri Dec 15 09:22:42 2006 -@@ -21,5 +21,5 @@ service openvpn_1 - wait = yes - user = root - server = /root/openvpn/openvpn -- server_args = --inetd --dev tun --ifconfig 10.4.0.2 10.4.0.1 --secret /root/openvpn/key --inactive 600 --user nobody -+ server_args = --inetd --dev tun --ifconfig 10.4.0.2 10.4.0.1 --secret /root/openvpn/key --inactive 600 --user _openvpn - } Index: patches/patch-sample_sample-config-files_client_conf =================================================================== RCS file: patches/patch-sample_sample-config-files_client_conf diff -N patches/patch-sample_sample-config-files_client_conf --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-sample_sample-config-files_client_conf 7 Mar 2013 20:50:57 -0000 @@ -0,0 +1,14 @@ +$OpenBSD$ +--- sample/sample-config-files/client.conf.orig Mon Sep 10 17:01:08 2012 ++++ sample/sample-config-files/client.conf Thu Mar 7 14:02:35 2013 +@@ -58,8 +58,8 @@ resolv-retry infinite + nobind + + # Downgrade privileges after initialization (non-Windows only) +-;user nobody +-;group nobody ++user _openvpn ++group _openvpn + + # Try to preserve some state across restarts. + persist-key Index: patches/patch-sample_sample-config-files_server_conf =================================================================== RCS file: patches/patch-sample_sample-config-files_server_conf diff -N patches/patch-sample_sample-config-files_server_conf --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-sample_sample-config-files_server_conf 7 Mar 2013 20:50:57 -0000 @@ -0,0 +1,14 @@ +$OpenBSD$ +--- sample/sample-config-files/server.conf.orig Mon Sep 10 17:01:08 2012 ++++ sample/sample-config-files/server.conf Thu Mar 7 14:02:35 2013 +@@ -259,8 +259,8 @@ comp-lzo + # + # You can uncomment this out on + # non-Windows systems. +-;user nobody +-;group nobody ++user _openvpn ++group _openvpn + + # The persist options will try to avoid + # accessing certain resources on restart Index: patches/patch-sample_sample-config-files_static-home_conf =================================================================== RCS file: patches/patch-sample_sample-config-files_static-home_conf diff -N patches/patch-sample_sample-config-files_static-home_conf --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-sample_sample-config-files_static-home_conf 7 Mar 2013 20:50:57 -0000 @@ -0,0 +1,17 @@ +$OpenBSD$ +--- sample/sample-config-files/static-home.conf.orig Mon Sep 10 17:01:08 2012 ++++ sample/sample-config-files/static-home.conf Thu Mar 7 14:02:35 2013 +@@ -37,10 +37,10 @@ secret static.key + ; port 1194 + + # Downgrade UID and GID to +-# "nobody" after initialization ++# "_openvpn" after initialization + # for extra security. +-; user nobody +-; group nobody ++user _openvpn ++group _openvpn + + # If you built OpenVPN with + # LZO compression, uncomment Index: patches/patch-sample_sample-config-files_static-office_conf =================================================================== RCS file: patches/patch-sample_sample-config-files_static-office_conf diff -N patches/patch-sample_sample-config-files_static-office_conf --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-sample_sample-config-files_static-office_conf 7 Mar 2013 20:50:57 -0000 @@ -0,0 +1,17 @@ +$OpenBSD$ +--- sample/sample-config-files/static-office.conf.orig Mon Sep 10 17:01:08 2012 ++++ sample/sample-config-files/static-office.conf Thu Mar 7 14:02:35 2013 +@@ -34,10 +34,10 @@ secret static.key + ; port 1194 + + # Downgrade UID and GID to +-# "nobody" after initialization ++# "_openvpn" after initialization + # for extra security. +-; user nobody +-; group nobody ++user _openvpn ++group _openvpn + + # If you built OpenVPN with + # LZO compression, uncomment Index: patches/patch-sample_sample-config-files_tls-home_conf =================================================================== RCS file: patches/patch-sample_sample-config-files_tls-home_conf diff -N patches/patch-sample_sample-config-files_tls-home_conf --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-sample_sample-config-files_tls-home_conf 7 Mar 2013 20:50:57 -0000 @@ -0,0 +1,17 @@ +$OpenBSD$ +--- sample/sample-config-files/tls-home.conf.orig Mon Sep 10 17:01:08 2012 ++++ sample/sample-config-files/tls-home.conf Thu Mar 7 14:02:35 2013 +@@ -48,10 +48,10 @@ key home.key + ; port 1194 + + # Downgrade UID and GID to +-# "nobody" after initialization ++# "_openvpn" after initialization + # for extra security. +-; user nobody +-; group nobody ++user _openvpn ++group _openvpn + + # If you built OpenVPN with + # LZO compression, uncomment Index: patches/patch-sample_sample-config-files_tls-office_conf =================================================================== RCS file: patches/patch-sample_sample-config-files_tls-office_conf diff -N patches/patch-sample_sample-config-files_tls-office_conf --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-sample_sample-config-files_tls-office_conf 7 Mar 2013 20:50:57 -0000 @@ -0,0 +1,17 @@ +$OpenBSD$ +--- sample/sample-config-files/tls-office.conf.orig Mon Sep 10 17:01:08 2012 ++++ sample/sample-config-files/tls-office.conf Thu Mar 7 14:02:35 2013 +@@ -48,10 +48,10 @@ key office.key + ; port 1194 + + # Downgrade UID and GID to +-# "nobody" after initialization ++# "_openvpn" after initialization + # for extra security. +-; user nobody +-; group nobody ++user _openvpn ++group _openvpn + + # If you built OpenVPN with + # LZO compression, uncomment Index: patches/patch-sample_sample-config-files_xinetd-client-config =================================================================== RCS file: patches/patch-sample_sample-config-files_xinetd-client-config diff -N patches/patch-sample_sample-config-files_xinetd-client-config --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-sample_sample-config-files_xinetd-client-config 7 Mar 2013 20:50:57 -0000 @@ -0,0 +1,11 @@ +$OpenBSD$ +--- sample/sample-config-files/xinetd-client-config.orig Mon Sep 10 17:01:08 2012 ++++ sample/sample-config-files/xinetd-client-config Thu Mar 7 14:02:35 2013 +@@ -6,6 +6,6 @@ dev tun + ifconfig 10.4.0.1 10.4.0.2 + remote my-server + port 1194 +-user nobody ++user _openvpn + secret /root/openvpn/key + inactive 600 Index: patches/patch-sample_sample-config-files_xinetd-server-config =================================================================== RCS file: patches/patch-sample_sample-config-files_xinetd-server-config diff -N patches/patch-sample_sample-config-files_xinetd-server-config --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-sample_sample-config-files_xinetd-server-config 7 Mar 2013 20:50:57 -0000 @@ -0,0 +1,10 @@ +$OpenBSD$ +--- sample/sample-config-files/xinetd-server-config.orig Mon Sep 10 17:01:08 2012 ++++ sample/sample-config-files/xinetd-server-config Thu Mar 7 14:02:35 2013 +@@ -21,5 +21,5 @@ service openvpn_1 + wait = yes + user = root + server = /root/openvpn/openvpn +- server_args = --inetd --dev tun --ifconfig 10.4.0.2 10.4.0.1 --secret /root/openvpn/key --inactive 600 --user nobody ++ server_args = --inetd --dev tun --ifconfig 10.4.0.2 10.4.0.1 --secret /root/openvpn/key --inactive 600 --user _openvpn + } Index: patches/patch-socket_c =================================================================== RCS file: patches/patch-socket_c diff -N patches/patch-socket_c --- patches/patch-socket_c 12 Jan 2012 08:15:30 -0000 1.4 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,42 +0,0 @@ -$OpenBSD: patch-socket_c,v 1.4 2012/01/12 08:15:30 sthen Exp $ ---- socket.c.orig Mon Feb 21 16:38:10 2011 -+++ socket.c Tue Mar 22 23:00:56 2011 -@@ -532,6 +532,20 @@ socket_set_tcp_nodelay (int sd, int state) - #endif - } - -+static void -+socket_set_rtable (int sd, int rtable) -+{ -+#ifdef TARGET_OPENBSD -+ if (rtable > 0) -+ { -+ if (setsockopt (sd, IPPROTO_IP, SO_RTABLE, &rtable, sizeof(rtable)) == -1) -+ msg (M_SOCKERR, "Socket flags: SO_RTABLE=%d failed, cannot bind on specified routing domain", rtable); -+ else -+ dmsg (D_SOCKET_DEBUG, "Socket flags: SO_RTABLE=%d succeeded", rtable); -+ } -+#endif -+} -+ - static bool - socket_set_flags (int sd, unsigned int sockflags) - { -@@ -1210,6 +1224,7 @@ link_socket_init_phase1 (struct link_socket *sock, - int mtu_discover_type, - int rcvbuf, - int sndbuf, -+ int rtable, - unsigned int sockflags) - { - ASSERT (sock); -@@ -1320,6 +1335,9 @@ link_socket_init_phase1 (struct link_socket *sock, - else if (mode != LS_MODE_TCP_ACCEPT_FROM) - { - create_socket (sock); -+ -+ /* set the routing domain for the socket */ -+ socket_set_rtable (sock->sd, rtable); - - /* set socket buffers based on --sndbuf and --rcvbuf options */ - socket_set_buffers (sock->sd, &sock->socket_buffer_sizes); Index: patches/patch-socket_h =================================================================== RCS file: patches/patch-socket_h diff -N patches/patch-socket_h --- patches/patch-socket_h 8 Jul 2010 09:18:25 -0000 1.2 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,11 +0,0 @@ -$OpenBSD: patch-socket_h,v 1.2 2010/07/08 09:18:25 fkr Exp $ ---- socket.h.orig Thu Oct 1 20:02:18 2009 -+++ socket.h Thu Jul 8 07:22:47 2010 -@@ -311,6 +311,7 @@ link_socket_init_phase1 (struct link_socket *sock, - int mtu_discover_type, - int rcvbuf, - int sndbuf, -+ int rtable, - unsigned int sockflags); - - void link_socket_init_phase2 (struct link_socket *sock, Index: patches/patch-src_openvpn_init_c =================================================================== RCS file: patches/patch-src_openvpn_init_c diff -N patches/patch-src_openvpn_init_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-src_openvpn_init_c 7 Mar 2013 20:50:57 -0000 @@ -0,0 +1,11 @@ +$OpenBSD$ +--- src/openvpn/init.c.orig Thu Nov 22 13:08:09 2012 ++++ src/openvpn/init.c Thu Mar 7 14:02:35 2013 +@@ -2640,6 +2640,7 @@ do_init_socket_1 (struct context *c, const int mode) + c->options.rcvbuf, + c->options.sndbuf, + c->options.mark, ++ c->options.rtable, + sockflags); + } + Index: patches/patch-src_openvpn_options_c =================================================================== RCS file: patches/patch-src_openvpn_options_c diff -N patches/patch-src_openvpn_options_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-src_openvpn_options_c 7 Mar 2013 20:50:57 -0000 @@ -0,0 +1,31 @@ +$OpenBSD$ +--- src/openvpn/options.c.orig Mon Dec 17 10:36:07 2012 ++++ src/openvpn/options.c Thu Mar 7 14:02:35 2013 +@@ -304,6 +304,7 @@ static const char usage_message[] = + " can be matched in policy routing and packetfilter rules.\n" + #endif + "--txqueuelen n : Set the tun/tap TX queue length to n (Linux only).\n" ++ "--rtable n : Set the routing table (default=0, OpenBSD only)\n" + #ifdef ENABLE_MEMSTATS + "--memstats file : Write live usage stats to memory mapped binary file.\n" + #endif +@@ -1502,6 +1503,7 @@ show_settings (const struct options *o) + #endif + SHOW_INT (rcvbuf); + SHOW_INT (sndbuf); ++ SHOW_INT (rtable); + #if defined(TARGET_LINUX) && HAVE_DECL_SO_MARK + SHOW_INT (mark); + #endif +@@ -4772,6 +4774,11 @@ add_option (struct options *options, + { + VERIFY_PERMISSION (OPT_P_SOCKBUF); + options->sndbuf = positive_atoi (p[1]); ++ } ++ else if (streq (p[0], "rtable") && p[1]) ++ { ++ VERIFY_PERMISSION (OPT_P_SOCKFLAGS); ++ options->rtable = positive_atoi (p[1]); + } + else if (streq (p[0], "mark") && p[1]) + { Index: patches/patch-src_openvpn_options_h =================================================================== RCS file: patches/patch-src_openvpn_options_h diff -N patches/patch-src_openvpn_options_h --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-src_openvpn_options_h 7 Mar 2013 20:50:57 -0000 @@ -0,0 +1,13 @@ +$OpenBSD$ +--- src/openvpn/options.h.orig Thu Nov 22 13:07:50 2012 ++++ src/openvpn/options.h Thu Mar 7 14:02:35 2013 +@@ -321,6 +321,9 @@ struct options + int rcvbuf; + int sndbuf; + ++ /* routing domain */ ++ int rtable; ++ + /* mark value */ + int mark; + Index: patches/patch-src_openvpn_socket_c =================================================================== RCS file: patches/patch-src_openvpn_socket_c diff -N patches/patch-src_openvpn_socket_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-src_openvpn_socket_c 7 Mar 2013 20:50:57 -0000 @@ -0,0 +1,42 @@ +$OpenBSD$ +--- src/openvpn/socket.c.orig Thu Dec 13 16:46:01 2012 ++++ src/openvpn/socket.c Thu Mar 7 14:25:07 2013 +@@ -586,6 +586,20 @@ socket_set_mark (int sd, int mark) + #endif + } + ++static void ++socket_set_rtable (int sd, int rtable) ++{ ++#ifdef TARGET_OPENBSD ++ if (rtable > 0) ++ { ++ if (setsockopt (sd, IPPROTO_IP, SO_RTABLE, &rtable, sizeof(rtable)) == -1) ++ msg (M_WARN, "Socket flags: SO_RTABLE=%d failed, cannot bind on specified routing domain", rtable); ++ else ++ dmsg (D_SOCKET_DEBUG, "Socket flags: SO_RTABLE=%d succeeded", rtable); ++ } ++#endif ++} ++ + static bool + socket_set_flags (int sd, unsigned int sockflags) + { +@@ -1367,6 +1381,7 @@ link_socket_init_phase1 (struct link_socket *sock, + int mtu_discover_type, + int rcvbuf, + int sndbuf, ++ int rtable, + int mark, + unsigned int sockflags) + { +@@ -1481,6 +1496,9 @@ link_socket_init_phase1 (struct link_socket *sock, + else if (mode != LS_MODE_TCP_ACCEPT_FROM) + { + create_socket (sock); ++ ++ /* set the routing domain for the socket */ ++ socket_set_rtable (sock->sd, rtable); + + /* set socket buffers based on --sndbuf and --rcvbuf options */ + socket_set_buffers (sock->sd, &sock->socket_buffer_sizes); Index: patches/patch-src_openvpn_socket_h =================================================================== RCS file: patches/patch-src_openvpn_socket_h diff -N patches/patch-src_openvpn_socket_h --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-src_openvpn_socket_h 7 Mar 2013 20:50:57 -0000 @@ -0,0 +1,11 @@ +$OpenBSD$ +--- src/openvpn/socket.h.orig Thu Dec 20 09:56:00 2012 ++++ src/openvpn/socket.h Thu Mar 7 14:02:35 2013 +@@ -327,6 +327,7 @@ link_socket_init_phase1 (struct link_socket *sock, + int mtu_discover_type, + int rcvbuf, + int sndbuf, ++ int rtable, + int mark, + unsigned int sockflags); + Index: patches/patch-src_openvpn_syshead_h =================================================================== RCS file: patches/patch-src_openvpn_syshead_h diff -N patches/patch-src_openvpn_syshead_h --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-src_openvpn_syshead_h 7 Mar 2013 20:50:57 -0000 @@ -0,0 +1,12 @@ +$OpenBSD$ +--- src/openvpn/syshead.h.orig Thu Nov 22 13:07:51 2012 ++++ src/openvpn/syshead.h Thu Mar 7 14:02:35 2013 +@@ -29,7 +29,7 @@ + #include "compat-stdbool.h" + + /* branch prediction hints */ +-#if defined(__GNUC__) ++#if defined(__GNUC__) && __GNUC__ >= 3 + # define likely(x) __builtin_expect((x),1) + # define unlikely(x) __builtin_expect((x),0) + #else Index: patches/patch-src_openvpn_tun_c =================================================================== RCS file: patches/patch-src_openvpn_tun_c diff -N patches/patch-src_openvpn_tun_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-src_openvpn_tun_c 7 Mar 2013 20:50:57 -0000 @@ -0,0 +1,51 @@ +$OpenBSD$ +--- src/openvpn/tun.c.orig Thu Nov 22 13:07:51 2012 ++++ src/openvpn/tun.c Thu Mar 7 14:32:38 2013 +@@ -919,7 +919,19 @@ do_ifconfig (struct tuntap *tt, + ); + } + else +- argv_printf (&argv, ++ { ++ if (tt->topology == TOP_SUBNET) ++ argv_printf (&argv, ++ "%s %s %s %s netmask %s mtu %d up", ++ IFCONFIG_PATH, ++ actual, ++ ifconfig_local, ++ ifconfig_local, ++ ifconfig_remote_netmask, ++ tun_mtu ++ ); ++ else ++ argv_printf (&argv, + "%s %s %s netmask %s mtu %d broadcast %s link0", + IFCONFIG_PATH, + actual, +@@ -928,6 +940,7 @@ do_ifconfig (struct tuntap *tt, + tun_mtu, + ifconfig_broadcast + ); ++ } + argv_msg (M_INFO, &argv); + openvpn_execve_check (&argv, es, S_FATAL, "OpenBSD ifconfig failed"); + if ( do_ipv6 ) +@@ -946,6 +959,18 @@ do_ifconfig (struct tuntap *tt, + add_route_connected_v6_net(tt, es); + } + tt->did_ifconfig = true; ++ ++ /* Add a network route for the local tun interface */ ++ if (!tun && tt->topology == TOP_SUBNET) ++ { ++ struct route r; ++ CLEAR (r); ++ r.flags = RT_DEFINED; ++ r.network = tt->local & tt->remote_netmask; ++ r.netmask = tt->remote_netmask; ++ r.gateway = tt->local; ++ add_route (&r, tt, 0, NULL, es); ++ } + + #elif defined(TARGET_NETBSD) + Index: patches/patch-syshead_h =================================================================== RCS file: patches/patch-syshead_h diff -N patches/patch-syshead_h --- patches/patch-syshead_h 12 Jan 2012 08:15:30 -0000 1.2 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,12 +0,0 @@ -$OpenBSD: patch-syshead_h,v 1.2 2012/01/12 08:15:30 sthen Exp $ ---- syshead.h.orig Thu Apr 21 20:13:34 2011 -+++ syshead.h Mon Jun 20 10:09:54 2011 -@@ -33,7 +33,7 @@ - #endif - - /* branch prediction hints */ --#if defined(__GNUC__) -+#if defined(__GNUC__) && __GNUC__ >= 3 - # define likely(x) __builtin_expect((x),1) - # define unlikely(x) __builtin_expect((x),0) - #else Index: patches/patch-tun_c =================================================================== RCS file: patches/patch-tun_c diff -N patches/patch-tun_c --- patches/patch-tun_c 23 Jan 2012 18:07:21 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,47 +0,0 @@ -$OpenBSD: patch-tun_c,v 1.1 2012/01/23 18:07:21 sthen Exp $ ---- tun.c.orig Tue Dec 13 16:58:56 2011 -+++ tun.c Thu Jan 12 09:04:48 2012 -@@ -776,7 +776,19 @@ do_ifconfig (struct tuntap *tt, - tun_mtu - ); - else -- argv_printf (&argv, -+ { -+ if (tt->topology == TOP_SUBNET) -+ argv_printf (&argv, -+ "%s %s %s %s netmask %s mtu %d up", -+ IFCONFIG_PATH, -+ actual, -+ ifconfig_local, -+ ifconfig_local, -+ ifconfig_remote_netmask, -+ tun_mtu -+ ); -+ else -+ argv_printf (&argv, - "%s %s %s netmask %s mtu %d broadcast %s link0", - IFCONFIG_PATH, - actual, -@@ -785,9 +797,22 @@ do_ifconfig (struct tuntap *tt, - tun_mtu, - ifconfig_broadcast - ); -+ } - argv_msg (M_INFO, &argv); - openvpn_execve_check (&argv, es, S_FATAL, "OpenBSD ifconfig failed"); - tt->did_ifconfig = true; -+ -+ /* Add a network route for the local tun interface */ -+ if (!tun && tt->topology == TOP_SUBNET) -+ { -+ struct route r; -+ CLEAR (r); -+ r.defined = true; -+ r.network = tt->local & tt->remote_netmask; -+ r.netmask = tt->remote_netmask; -+ r.gateway = tt->local; -+ add_route (&r, tt, 0, es); -+ } - - #elif defined(TARGET_NETBSD) - Index: pkg/PFRAG.shared =================================================================== RCS file: pkg/PFRAG.shared diff -N pkg/PFRAG.shared --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ pkg/PFRAG.shared 7 Mar 2013 20:50:57 -0000 @@ -0,0 +1,2 @@ +@comment $OpenBSD$ +lib/openvpn/plugins/openvpn-plugin-down-root.so Index: pkg/PLIST =================================================================== RCS file: /cvs/ports/net/openvpn/pkg/PLIST,v retrieving revision 1.15 diff -u -p -r1.15 PLIST --- pkg/PLIST 27 Jan 2012 12:30:28 -0000 1.15 +++ pkg/PLIST 7 Mar 2013 20:50:58 -0000 @@ -1,57 +1,19 @@ @comment $OpenBSD: PLIST,v 1.15 2012/01/27 12:30:28 jsing Exp $ @newgroup _openvpn:577 @newuser _openvpn:577:_openvpn:daemon:OpenVPN Daemon:/nonexistent:/sbin/nologin +%%SHARED%% include/openvpn/ include/openvpn/openvpn-plugin.h +lib/openvpn/ +lib/openvpn/plugins/ +lib/openvpn/plugins/openvpn-plugin-down-root.la @man man/man8/openvpn.8 @bin sbin/openvpn share/doc/openvpn/ +share/doc/openvpn/README.down-root share/doc/openvpn/management-notes.txt share/doc/pkg-readmes/${FULLPKGNAME} share/examples/openvpn/ -share/examples/openvpn/easy-rsa/ -share/examples/openvpn/easy-rsa/1.0/ -share/examples/openvpn/easy-rsa/1.0/README -share/examples/openvpn/easy-rsa/1.0/build-ca -share/examples/openvpn/easy-rsa/1.0/build-dh -share/examples/openvpn/easy-rsa/1.0/build-inter -share/examples/openvpn/easy-rsa/1.0/build-key -share/examples/openvpn/easy-rsa/1.0/build-key-pass -share/examples/openvpn/easy-rsa/1.0/build-key-pkcs12 -share/examples/openvpn/easy-rsa/1.0/build-key-server -share/examples/openvpn/easy-rsa/1.0/build-req -share/examples/openvpn/easy-rsa/1.0/build-req-pass -share/examples/openvpn/easy-rsa/1.0/clean-all -share/examples/openvpn/easy-rsa/1.0/list-crl -share/examples/openvpn/easy-rsa/1.0/make-crl -share/examples/openvpn/easy-rsa/1.0/openssl.cnf -share/examples/openvpn/easy-rsa/1.0/revoke-crt -share/examples/openvpn/easy-rsa/1.0/revoke-full -share/examples/openvpn/easy-rsa/1.0/sign-req -share/examples/openvpn/easy-rsa/1.0/vars -share/examples/openvpn/easy-rsa/2.0/ -@comment share/examples/openvpn/easy-rsa/2.0/Makefile -share/examples/openvpn/easy-rsa/2.0/README -share/examples/openvpn/easy-rsa/2.0/build-ca -share/examples/openvpn/easy-rsa/2.0/build-dh -share/examples/openvpn/easy-rsa/2.0/build-inter -share/examples/openvpn/easy-rsa/2.0/build-key -share/examples/openvpn/easy-rsa/2.0/build-key-pass -share/examples/openvpn/easy-rsa/2.0/build-key-pkcs12 -share/examples/openvpn/easy-rsa/2.0/build-key-server -share/examples/openvpn/easy-rsa/2.0/build-req -share/examples/openvpn/easy-rsa/2.0/build-req-pass -share/examples/openvpn/easy-rsa/2.0/clean-all -share/examples/openvpn/easy-rsa/2.0/inherit-inter -share/examples/openvpn/easy-rsa/2.0/list-crl -@comment share/examples/openvpn/easy-rsa/2.0/openssl-0.9.6.cnf -@comment share/examples/openvpn/easy-rsa/2.0/openssl-0.9.8.cnf -share/examples/openvpn/easy-rsa/2.0/openssl-1.0.0.cnf -share/examples/openvpn/easy-rsa/2.0/pkitool -share/examples/openvpn/easy-rsa/2.0/revoke-full -share/examples/openvpn/easy-rsa/2.0/sign-req -share/examples/openvpn/easy-rsa/2.0/vars -@comment share/examples/openvpn/easy-rsa/2.0/whichopensslcnf share/examples/openvpn/sample-config-files/ share/examples/openvpn/sample-config-files/README share/examples/openvpn/sample-config-files/client.conf @@ -81,11 +43,9 @@ share/examples/openvpn/sample-keys/pass. share/examples/openvpn/sample-keys/pkcs12.p12 share/examples/openvpn/sample-keys/server.crt share/examples/openvpn/sample-keys/server.key -share/examples/openvpn/sample-keys/ta.key share/examples/openvpn/sample-scripts/ share/examples/openvpn/sample-scripts/auth-pam.pl share/examples/openvpn/sample-scripts/bridge-start share/examples/openvpn/sample-scripts/bridge-stop -share/examples/openvpn/sample-scripts/openvpn.init share/examples/openvpn/sample-scripts/ucn.pl share/examples/openvpn/sample-scripts/verify-cn