On 2013/04/02 10:07, Björn Ketelaars wrote:
> Included is a diff for updating openvpn to 2.3.1. Who knows, maybe
> fkr has some time to have a look at it.
>
> Concerning testing of rtable support: Current level of confidence
> is *think it works*. This feature could use some extra testing.
Slightly tweaked diff for OpenVPN 2.3.1; I have just cleaned up
Makefile targets a little more.
I think the rtable support is broken though.
In 2.2.2 it seems to just do the same as running "route -T <table>
exec openvpn $options" so if you don't have a route to the other
endpoint it is unable to connect.
With the update, the option is parsed ("rtable = 1" in debug output),
but it appears to just connect as normal via rtable 0.
But I don't really see the use of this limited rtable support anyway;
since we now have 'route exec' we can just use that and remove these
patches.
rtable support might be useful if it was a bit more clever (e.g.
use the default table to connect to the other VPN endpoint, but put
the tun interface and new routes into an alternative rtable) but
as-is I don't really see the point.
What does anyone else think?
Index: Makefile
===================================================================
RCS file: /cvs/ports/net/openvpn/Makefile,v
retrieving revision 1.42
diff -u -p -r1.42 Makefile
--- Makefile 11 Mar 2013 11:35:50 -0000 1.42
+++ Makefile 17 Apr 2013 13:19:09 -0000
@@ -2,8 +2,7 @@
COMMENT= easy-to-use, robust, and highly configurable VPN
-DISTNAME= openvpn-2.2.2
-REVISION= 1
+DISTNAME= openvpn-2.3.1
CATEGORIES= net security
HOMEPAGE= http://openvpn.net/
@@ -22,29 +21,18 @@ LIB_DEPENDS= archivers/lzo2
SEPARATE_BUILD= Yes
CONFIGURE_STYLE= gnu
-CONFIGURE_ARGS+= --with-lzo-headers=${DEPBASE}/include \
- --with-lzo-lib=${DEPBASE}/lib \
- --enable-password-save
+CONFIGURE_ARGS+= --enable-password-save
+CONFIGURE_ENV= CFLAGS="${CFLAGS} -I${LOCALBASE}/include" \
+ LDFLAGS="-L${LOCALBASE}/lib"
-INCLUDE_DIR= ${PREFIX}/include/openvpn
SAMPLES_DIR= ${PREFIX}/share/examples/openvpn
post-install:
- ${INSTALL_DATA_DIR} ${INCLUDE_DIR}
- ${INSTALL_DATA} ${WRKSRC}/openvpn-plugin.h \
- ${INCLUDE_DIR}/openvpn-plugin.h
- ${INSTALL_DATA_DIR} ${SAMPLES_DIR}
- ${INSTALL_DATA_DIR} ${SAMPLES_DIR}/sample-config-files
- ${INSTALL_DATA_DIR} ${SAMPLES_DIR}/sample-keys
- ${INSTALL_DATA_DIR} ${SAMPLES_DIR}/sample-scripts
- ${INSTALL_DATA_DIR} ${SAMPLES_DIR}/easy-rsa
- @rm -rf ${WRKSRC}/easy-rsa/Windows
- @find ${WRKSRC}/sample-config-files/ -type f \! -name "*.orig" -exec \
- ${INSTALL_DATA} {} ${SAMPLES_DIR}/sample-config-files/ \;
- ${INSTALL_DATA} ${WRKSRC}/sample-keys/* ${SAMPLES_DIR}/sample-keys/
- ${INSTALL_DATA} ${WRKSRC}/sample-scripts/*
${SAMPLES_DIR}/sample-scripts/
- @find ${WRKSRC}/easy-rsa -type f -exec perl -pi -e
's,#!/bin/bash,#!/bin/sh,g' {} \;
- @cp -pR ${WRKSRC}/easy-rsa/* ${SAMPLES_DIR}/easy-rsa/
- @chown -R ${SHAREOWN}:${SHAREGRP} ${SAMPLES_DIR}/easy-rsa/
+ ${INSTALL_DATA_DIR} ${SAMPLES_DIR}/sample-config-files \
+ ${SAMPLES_DIR}/sample-keys ${SAMPLES_DIR}/sample-scripts
+ find ${WRKSRC}/sample/sample-config-files/ -type f \! -name "*.orig" \
+ -exec ${INSTALL_DATA} {} ${SAMPLES_DIR}/sample-config-files \;
+ ${INSTALL_DATA} ${WRKSRC}/sample/sample-keys/*
${SAMPLES_DIR}/sample-keys
+ ${INSTALL_DATA} ${WRKSRC}/sample/sample-scripts/*
${SAMPLES_DIR}/sample-scripts
.include <bsd.port.mk>
Index: distinfo
===================================================================
RCS file: /cvs/ports/net/openvpn/distinfo,v
retrieving revision 1.22
diff -u -p -r1.22 distinfo
--- distinfo 12 Jan 2012 08:15:30 -0000 1.22
+++ distinfo 17 Apr 2013 13:19:09 -0000
@@ -1,5 +1,2 @@
-MD5 (openvpn-2.2.2.tar.gz) = xRgeJ7eUX6YnbSGHMynFxw==
-RMD160 (openvpn-2.2.2.tar.gz) = YJkPGDvdRpM3JLO/ObpYYe0CWKY=
-SHA1 (openvpn-2.2.2.tar.gz) = mSNzzfEuG1BlWxN2Wm02qHz9PKM=
-SHA256 (openvpn-2.2.2.tar.gz) = VMqLJg4uo7JuhMIoLMtfjLFJ7c/UJLaG1fsiuNu+rAA=
-SIZE (openvpn-2.2.2.tar.gz) = 911158
+SHA256 (openvpn-2.3.1.tar.gz) = vS19hbOdRYa823SzbrSNCsSrHmgSZUxxmwSCb9xw+zw=
+SIZE (openvpn-2.3.1.tar.gz) = 1145382
Index: patches/patch-Makefile_in
===================================================================
RCS file: patches/patch-Makefile_in
diff -N patches/patch-Makefile_in
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-Makefile_in 17 Apr 2013 13:19:09 -0000
@@ -0,0 +1,13 @@
+$OpenBSD$
+--- Makefile.in.orig Thu Mar 28 12:59:54 2013
++++ Makefile.in Mon Apr 1 17:55:36 2013
+@@ -383,8 +383,7 @@ EXTRA_DIST = \
+ @GIT_CHECKOUT_TRUE@ config-version.h
+
+ SUBDIRS = build distro include src sample doc tests
+-dist_doc_DATA = README README.IPv6 README.polarssl COPYRIGHT.GPL \
+- COPYING $(am__append_1)
++dist_doc_DATA = $(am__append_1)
+ dist_noinst_DATA = .gitignore .gitattributes config-version.h.in PORTS \
+ README.IPv6 TODO.IPv6 README.polarssl openvpn.sln msvc-env.bat \
+ msvc-dev.bat msvc-build.bat $(am__append_2)
Index: patches/patch-configure
===================================================================
RCS file: patches/patch-configure
diff -N patches/patch-configure
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-configure 17 Apr 2013 13:19:09 -0000
@@ -0,0 +1,12 @@
+$OpenBSD$
+--- configure.orig Thu Mar 28 12:59:53 2013
++++ configure Mon Apr 1 17:55:36 2013
+@@ -16308,7 +16308,7 @@ fi
+
+
+ plugindir="${with_plugindir}"
+-sampledir="\$(docdir)/sample"
++sampledir="\$(docdir)"
+
+
+
Index: patches/patch-doc_openvpn_8
===================================================================
RCS file: patches/patch-doc_openvpn_8
diff -N patches/patch-doc_openvpn_8
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-doc_openvpn_8 17 Apr 2013 13:19:09 -0000
@@ -0,0 +1,15 @@
+$OpenBSD$
+--- doc/openvpn.8.orig Wed Mar 20 09:28:14 2013
++++ doc/openvpn.8 Mon Apr 1 17:55:36 2013
+@@ -1411,6 +1411,11 @@ on both client and server for maximum effect.
+ Currently defaults to 100.
+ .\"*********************************************************
+ .TP
++.B --rtable n
++(OpenBSD only) Set the routing table.
++Defaults to 0.
++.\"*********************************************************
++.TP
+ .B \-\-shaper n
+ Limit bandwidth of outgoing tunnel data to
+ .B n
Index: patches/patch-include_Makefile_in
===================================================================
RCS file: patches/patch-include_Makefile_in
diff -N patches/patch-include_Makefile_in
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-include_Makefile_in 17 Apr 2013 13:19:09 -0000
@@ -0,0 +1,12 @@
+$OpenBSD$
+--- include/Makefile.in.orig Thu Mar 28 12:59:54 2013
++++ include/Makefile.in Mon Apr 1 17:55:36 2013
+@@ -249,7 +249,7 @@ host_cpu = @host_cpu@
+ host_os = @host_os@
+ host_vendor = @host_vendor@
+ htmldir = @htmldir@
+-includedir = @includedir@
++includedir = @includedir@/openvpn
+ infodir = @infodir@
+ install_sh = @install_sh@
+ libdir = @libdir@
Index: patches/patch-init_c
===================================================================
RCS file: patches/patch-init_c
diff -N patches/patch-init_c
--- patches/patch-init_c 30 Aug 2010 18:32:20 -0000 1.3
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,11 +0,0 @@
-$OpenBSD: patch-init_c,v 1.3 2010/08/30 18:32:20 fkr Exp $
---- init.c.orig Wed Jul 21 21:08:41 2010
-+++ init.c Sun Aug 22 16:10:23 2010
-@@ -2451,6 +2451,7 @@ do_init_socket_1 (struct context *c, const int mode)
- c->options.mtu_discover_type,
- c->options.rcvbuf,
- c->options.sndbuf,
-+ c->options.rtable,
- sockflags);
- }
-
Index: patches/patch-openvpn_8
===================================================================
RCS file: patches/patch-openvpn_8
diff -N patches/patch-openvpn_8
--- patches/patch-openvpn_8 12 Jan 2012 08:15:30 -0000 1.4
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,15 +0,0 @@
-$OpenBSD: patch-openvpn_8,v 1.4 2012/01/12 08:15:30 sthen Exp $
---- openvpn.8.orig Fri Jun 24 07:13:39 2011
-+++ openvpn.8 Fri Jul 8 14:30:59 2011
-@@ -1357,6 +1357,11 @@ on both client and server for maximum effect.
- Currently defaults to 100.
- .\"*********************************************************
- .TP
-+.B --rtable n
-+(OpenBSD only) Set the routing table.
-+Defaults to 0.
-+.\"*********************************************************
-+.TP
- .B \-\-shaper n
- Limit bandwidth of outgoing tunnel data to
- .B n
Index: patches/patch-options_c
===================================================================
RCS file: patches/patch-options_c
diff -N patches/patch-options_c
--- patches/patch-options_c 12 Jan 2012 08:15:30 -0000 1.4
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,31 +0,0 @@
-$OpenBSD: patch-options_c,v 1.4 2012/01/12 08:15:30 sthen Exp $
---- options.c.orig Fri Jun 24 07:13:39 2011
-+++ options.c Fri Jul 8 14:30:59 2011
-@@ -265,6 +265,7 @@ static const char usage_message[] =
- "--sndbuf size : Set the TCP/UDP send buffer size.\n"
- "--rcvbuf size : Set the TCP/UDP receive buffer size.\n"
- "--txqueuelen n : Set the tun/tap TX queue length to n (Linux only).\n"
-+ "--rtable n : Set the routing table (default=0, OpenBSD only)\n"
- "--mlock : Disable Paging -- ensures key material and tunnel\n"
- " data will never be written to disk.\n"
- "--up cmd : Shell cmd to execute after successful tun device open.\n"
-@@ -1282,6 +1283,7 @@ show_settings (const struct options *o)
- #endif
- SHOW_INT (rcvbuf);
- SHOW_INT (sndbuf);
-+ SHOW_INT (rtable);
- SHOW_INT (sockflags);
-
- SHOW_BOOL (fast_io);
-@@ -4216,6 +4218,11 @@ add_option (struct options *options,
- {
- VERIFY_PERMISSION (OPT_P_SOCKBUF);
- options->sndbuf = positive_atoi (p[1]);
-+ }
-+ else if (streq (p[0], "rtable") && p[1])
-+ {
-+ VERIFY_PERMISSION (OPT_P_SOCKFLAGS);
-+ options->rtable = positive_atoi (p[1]);
- }
- else if (streq (p[0], "socket-flags"))
- {
Index: patches/patch-options_h
===================================================================
RCS file: patches/patch-options_h
diff -N patches/patch-options_h
--- patches/patch-options_h 12 Jan 2012 08:15:30 -0000 1.4
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,13 +0,0 @@
-$OpenBSD: patch-options_h,v 1.4 2012/01/12 08:15:30 sthen Exp $
---- options.h.orig Mon Feb 21 16:38:10 2011
-+++ options.h Tue Mar 22 23:00:56 2011
-@@ -313,6 +313,9 @@ struct options
- int rcvbuf;
- int sndbuf;
-
-+ /* routing domain */
-+ int rtable;
-+
- /* socket flags */
- unsigned int sockflags;
-
Index: patches/patch-route_c
===================================================================
RCS file: patches/patch-route_c
diff -N patches/patch-route_c
--- patches/patch-route_c 12 Jan 2012 08:15:30 -0000 1.6
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,182 +0,0 @@
-$OpenBSD: patch-route_c,v 1.6 2012/01/12 08:15:30 sthen Exp $
---- route.c.orig Mon Feb 21 16:38:10 2011
-+++ route.c Tue Mar 22 23:00:56 2011
-@@ -1926,7 +1926,7 @@ get_default_gateway (in_addr_t *ret, in_addr_t *netmas
- }
- }
-
--#elif defined(TARGET_OPENBSD) || defined(TARGET_NETBSD)
-+#elif defined(TARGET_NETBSD)
-
- #include <sys/types.h>
- #include <sys/socket.h>
-@@ -1975,6 +1975,169 @@ struct rt_msghdr {
- int rtm_errno; /* why failed */
- int rtm_use; /* from rtentry */
- u_long rtm_inits; /* which metrics we are initializing */
-+ struct rt_metrics rtm_rmx; /* metrics themselves */
-+};
-+
-+struct {
-+ struct rt_msghdr m_rtm;
-+ char m_space[512];
-+} m_rtmsg;
-+
-+#define ROUNDUP(a) \
-+ ((a) > 0 ? (1 + (((a) - 1) | (sizeof(long) - 1))) : sizeof(long))
-+
-+static bool
-+get_default_gateway (in_addr_t *ret)
-+{
-+ struct gc_arena gc = gc_new ();
-+ int s, seq, l, rtm_addrs, i;
-+ pid_t pid;
-+ struct sockaddr so_dst, so_mask;
-+ char *cp = m_rtmsg.m_space;
-+ struct sockaddr *gate = NULL, *sa;
-+ struct rt_msghdr *rtm_aux;
-+
-+#define NEXTADDR(w, u) \
-+ if (rtm_addrs & (w)) {\
-+ l = ROUNDUP(u.sa_len); memmove(cp, &(u), l); cp += l;\
-+ }
-+
-+#define ADVANCE(x, n) (x += ROUNDUP((n)->sa_len))
-+
-+#define rtm m_rtmsg.m_rtm
-+
-+ pid = getpid();
-+ seq = 0;
-+ rtm_addrs = RTA_DST | RTA_NETMASK;
-+
-+ bzero(&so_dst, sizeof(so_dst));
-+ bzero(&so_mask, sizeof(so_mask));
-+ bzero(&rtm, sizeof(struct rt_msghdr));
-+
-+ rtm.rtm_type = RTM_GET;
-+ rtm.rtm_flags = RTF_UP | RTF_GATEWAY;
-+ rtm.rtm_version = RTM_VERSION;
-+ rtm.rtm_seq = ++seq;
-+ rtm.rtm_addrs = rtm_addrs;
-+
-+ so_dst.sa_family = AF_INET;
-+ so_dst.sa_len = sizeof(struct sockaddr_in);
-+ so_mask.sa_family = AF_INET;
-+ so_mask.sa_len = sizeof(struct sockaddr_in);
-+
-+ NEXTADDR(RTA_DST, so_dst);
-+ NEXTADDR(RTA_NETMASK, so_mask);
-+
-+ rtm.rtm_msglen = l = cp - (char *)&m_rtmsg;
-+
-+ s = socket(PF_ROUTE, SOCK_RAW, 0);
-+
-+ if (write(s, (char *)&m_rtmsg, l) < 0)
-+ {
-+ warn("writing to routing socket");
-+ gc_free (&gc);
-+ close(s);
-+ return false;
-+ }
-+
-+ do {
-+ l = read(s, (char *)&m_rtmsg, sizeof(m_rtmsg));
-+ } while (l > 0 && (rtm.rtm_seq != seq || rtm.rtm_pid != pid));
-+
-+ close(s);
-+
-+ rtm_aux = &rtm;
-+
-+ cp = ((char *)(rtm_aux + 1));
-+ if (rtm_aux->rtm_addrs) {
-+ for (i = 1; i; i <<= 1)
-+ if (i & rtm_aux->rtm_addrs) {
-+ sa = (struct sockaddr *)cp;
-+ if (i == RTA_GATEWAY )
-+ gate = sa;
-+ ADVANCE(cp, sa);
-+ }
-+ }
-+ else
-+ {
-+ gc_free (&gc);
-+ return false;
-+ }
-+
-+
-+ if (gate != NULL )
-+ {
-+ *ret = ntohl(((struct sockaddr_in *)gate)->sin_addr.s_addr);
-+#if 1
-+ msg (M_INFO, "gw %s",
-+ print_in_addr_t ((in_addr_t) *ret, 0, &gc));
-+#endif
-+
-+ gc_free (&gc);
-+ return true;
-+ }
-+ else
-+ {
-+ gc_free (&gc);
-+ return false;
-+ }
-+}
-+
-+#elif defined(TARGET_OPENBSD)
-+
-+#include <sys/types.h>
-+#include <sys/socket.h>
-+#include <netinet/in.h>
-+
-+/* all of this is taken from <net/route.h> in OpenBSD 3.6 */
-+#define RTA_DST 0x1 /* destination sockaddr present */
-+#define RTA_GATEWAY 0x2 /* gateway sockaddr present */
-+#define RTA_NETMASK 0x4 /* netmask sockaddr present */
-+
-+#define RTM_GET 0x4 /* Report Metrics */
-+
-+#define RTM_VERSION 4 /* Up the ante and ignore older versions */
-+
-+#define RTF_UP 0x1 /* route usable */
-+#define RTF_GATEWAY 0x2 /* destination is a gateway */
-+
-+/*
-+ * Huge version for userland compatibility.
-+ */
-+struct rt_metrics {
-+ u_int64_t rmx_pksent; /* packets sent using this route */
-+ u_int rmx_locks; /* Kernel must leave these values */
-+ u_int rmx_mtu; /* MTU for this path */
-+ u_int rmx_expire; /* lifetime for route, e.g. redirect */
-+ u_int rmx_refcnt; /* # references hold */
-+ /* some apps may still need these no longer used metrics */
-+ u_int rmx_hopcount; /* max hops expected */
-+ u_int rmx_recvpipe; /* inbound delay-bandwidth product */
-+ u_int rmx_sendpipe; /* outbound delay-bandwidth product */
-+ u_int rmx_ssthresh; /* outbound gateway buffer limit */
-+ u_int rmx_rtt; /* estimated round trip time */
-+ u_int rmx_rttvar; /* estimated rtt variance */
-+};
-+
-+/*
-+ * Structures for routing messages.
-+ */
-+struct rt_msghdr {
-+ u_short rtm_msglen; /* to skip over non-understood messages */
-+ u_char rtm_version; /* future binary compatibility */
-+ u_char rtm_type; /* message type */
-+ u_short rtm_hdrlen; /* sizeof(rt_msghdr) to skip over the header */
-+ u_short rtm_index; /* index for associated ifp */
-+ u_short rtm_tableid; /* routing table id */
-+ u_char rtm_prio; /* routing priority */
-+ u_char rtm_pad;
-+ int rtm_addrs; /* bitmask identifying sockaddrs in msg */
-+ int rtm_flags; /* flags, incl. kern & message, e.g. DONE */
-+ int rtm_fmask; /* bitmask used in RTM_CHANGE message */
-+ pid_t rtm_pid; /* identify sender */
-+ int rtm_seq; /* for sender to identify action */
-+ int rtm_errno; /* why failed */
-+ u_int rtm_inits; /* which metrics we are initializing */
- struct rt_metrics rtm_rmx; /* metrics themselves */
- };
-
Index: patches/patch-sample-config-files_client_conf
===================================================================
RCS file: patches/patch-sample-config-files_client_conf
diff -N patches/patch-sample-config-files_client_conf
--- patches/patch-sample-config-files_client_conf 30 Aug 2010 18:32:20
-0000 1.2
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,14 +0,0 @@
-$OpenBSD: patch-sample-config-files_client_conf,v 1.2 2010/08/30 18:32:20 fkr
Exp $
---- sample-config-files/client.conf.orig Wed Mar 31 08:47:07 2010
-+++ sample-config-files/client.conf Fri Aug 27 09:03:50 2010
-@@ -58,8 +58,8 @@ resolv-retry infinite
- nobind
-
- # Downgrade privileges after initialization (non-Windows only)
--;user nobody
--;group nobody
-+user _openvpn
-+group _openvpn
-
- # Try to preserve some state across restarts.
- persist-key
Index: patches/patch-sample-config-files_server_conf
===================================================================
RCS file: patches/patch-sample-config-files_server_conf
diff -N patches/patch-sample-config-files_server_conf
--- patches/patch-sample-config-files_server_conf 30 Aug 2010 18:32:20
-0000 1.3
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,14 +0,0 @@
-$OpenBSD: patch-sample-config-files_server_conf,v 1.3 2010/08/30 18:32:20 fkr
Exp $
---- sample-config-files/server.conf.orig Wed Mar 31 08:47:07 2010
-+++ sample-config-files/server.conf Fri Aug 27 09:04:00 2010
-@@ -259,8 +259,8 @@ comp-lzo
- #
- # You can uncomment this out on
- # non-Windows systems.
--;user nobody
--;group nobody
-+user _openvpn
-+group _openvpn
-
- # The persist options will try to avoid
- # accessing certain resources on restart
Index: patches/patch-sample-config-files_static-home_conf
===================================================================
RCS file: patches/patch-sample-config-files_static-home_conf
diff -N patches/patch-sample-config-files_static-home_conf
--- patches/patch-sample-config-files_static-home_conf 30 Aug 2010 18:32:20
-0000 1.2
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,17 +0,0 @@
-$OpenBSD: patch-sample-config-files_static-home_conf,v 1.2 2010/08/30 18:32:20
fkr Exp $
---- sample-config-files/static-home.conf.orig Wed Mar 31 08:47:07 2010
-+++ sample-config-files/static-home.conf Fri Aug 27 09:04:10 2010
-@@ -37,10 +37,10 @@ secret static.key
- ; port 1194
-
- # Downgrade UID and GID to
--# "nobody" after initialization
-+# "_openvpn" after initialization
- # for extra security.
--; user nobody
--; group nobody
-+user _openvpn
-+group _openvpn
-
- # If you built OpenVPN with
- # LZO compression, uncomment
Index: patches/patch-sample-config-files_static-office_conf
===================================================================
RCS file: patches/patch-sample-config-files_static-office_conf
diff -N patches/patch-sample-config-files_static-office_conf
--- patches/patch-sample-config-files_static-office_conf 30 Aug 2010
18:32:20 -0000 1.2
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,17 +0,0 @@
-$OpenBSD: patch-sample-config-files_static-office_conf,v 1.2 2010/08/30
18:32:20 fkr Exp $
---- sample-config-files/static-office.conf.orig Wed Mar 31 08:47:07 2010
-+++ sample-config-files/static-office.conf Fri Aug 27 09:04:19 2010
-@@ -34,10 +34,10 @@ secret static.key
- ; port 1194
-
- # Downgrade UID and GID to
--# "nobody" after initialization
-+# "_openvpn" after initialization
- # for extra security.
--; user nobody
--; group nobody
-+user _openvpn
-+group _openvpn
-
- # If you built OpenVPN with
- # LZO compression, uncomment
Index: patches/patch-sample-config-files_tls-home_conf
===================================================================
RCS file: patches/patch-sample-config-files_tls-home_conf
diff -N patches/patch-sample-config-files_tls-home_conf
--- patches/patch-sample-config-files_tls-home_conf 30 Aug 2010 18:32:20
-0000 1.2
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,17 +0,0 @@
-$OpenBSD: patch-sample-config-files_tls-home_conf,v 1.2 2010/08/30 18:32:20
fkr Exp $
---- sample-config-files/tls-home.conf.orig Wed Mar 31 08:47:07 2010
-+++ sample-config-files/tls-home.conf Fri Aug 27 09:04:28 2010
-@@ -48,10 +48,10 @@ key home.key
- ; port 1194
-
- # Downgrade UID and GID to
--# "nobody" after initialization
-+# "_openvpn" after initialization
- # for extra security.
--; user nobody
--; group nobody
-+user _openvpn
-+group _openvpn
-
- # If you built OpenVPN with
- # LZO compression, uncomment
Index: patches/patch-sample-config-files_tls-office_conf
===================================================================
RCS file: patches/patch-sample-config-files_tls-office_conf
diff -N patches/patch-sample-config-files_tls-office_conf
--- patches/patch-sample-config-files_tls-office_conf 30 Aug 2010 18:32:20
-0000 1.2
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,17 +0,0 @@
-$OpenBSD: patch-sample-config-files_tls-office_conf,v 1.2 2010/08/30 18:32:20
fkr Exp $
---- sample-config-files/tls-office.conf.orig Wed Mar 31 08:47:07 2010
-+++ sample-config-files/tls-office.conf Fri Aug 27 09:04:39 2010
-@@ -48,10 +48,10 @@ key office.key
- ; port 1194
-
- # Downgrade UID and GID to
--# "nobody" after initialization
-+# "_openvpn" after initialization
- # for extra security.
--; user nobody
--; group nobody
-+user _openvpn
-+group _openvpn
-
- # If you built OpenVPN with
- # LZO compression, uncomment
Index: patches/patch-sample-config-files_xinetd-client-config
===================================================================
RCS file: patches/patch-sample-config-files_xinetd-client-config
diff -N patches/patch-sample-config-files_xinetd-client-config
--- patches/patch-sample-config-files_xinetd-client-config 15 Dec 2006
09:56:14 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,11 +0,0 @@
-$OpenBSD: patch-sample-config-files_xinetd-client-config,v 1.1 2006/12/15
09:56:14 robert Exp $
---- sample-config-files/xinetd-client-config.orig Tue Nov 1 12:06:10 2005
-+++ sample-config-files/xinetd-client-config Fri Dec 15 09:22:42 2006
-@@ -6,6 +6,6 @@ dev tun
- ifconfig 10.4.0.1 10.4.0.2
- remote my-server
- port 1194
--user nobody
-+user _openvpn
- secret /root/openvpn/key
- inactive 600
Index: patches/patch-sample-config-files_xinetd-server-config
===================================================================
RCS file: patches/patch-sample-config-files_xinetd-server-config
diff -N patches/patch-sample-config-files_xinetd-server-config
--- patches/patch-sample-config-files_xinetd-server-config 15 Dec 2006
09:56:14 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,10 +0,0 @@
-$OpenBSD: patch-sample-config-files_xinetd-server-config,v 1.1 2006/12/15
09:56:14 robert Exp $
---- sample-config-files/xinetd-server-config.orig Tue Nov 1 12:06:10 2005
-+++ sample-config-files/xinetd-server-config Fri Dec 15 09:22:42 2006
-@@ -21,5 +21,5 @@ service openvpn_1
- wait = yes
- user = root
- server = /root/openvpn/openvpn
-- server_args = --inetd --dev tun --ifconfig 10.4.0.2 10.4.0.1
--secret /root/openvpn/key --inactive 600 --user nobody
-+ server_args = --inetd --dev tun --ifconfig 10.4.0.2 10.4.0.1
--secret /root/openvpn/key --inactive 600 --user _openvpn
- }
Index: patches/patch-sample_sample-config-files_client_conf
===================================================================
RCS file: patches/patch-sample_sample-config-files_client_conf
diff -N patches/patch-sample_sample-config-files_client_conf
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-sample_sample-config-files_client_conf 17 Apr 2013
13:19:09 -0000
@@ -0,0 +1,14 @@
+$OpenBSD$
+--- sample/sample-config-files/client.conf.orig Mon Sep 10 17:01:08 2012
++++ sample/sample-config-files/client.conf Thu Mar 7 14:02:35 2013
+@@ -58,8 +58,8 @@ resolv-retry infinite
+ nobind
+
+ # Downgrade privileges after initialization (non-Windows only)
+-;user nobody
+-;group nobody
++user _openvpn
++group _openvpn
+
+ # Try to preserve some state across restarts.
+ persist-key
Index: patches/patch-sample_sample-config-files_server_conf
===================================================================
RCS file: patches/patch-sample_sample-config-files_server_conf
diff -N patches/patch-sample_sample-config-files_server_conf
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-sample_sample-config-files_server_conf 17 Apr 2013
13:19:09 -0000
@@ -0,0 +1,14 @@
+$OpenBSD$
+--- sample/sample-config-files/server.conf.orig Mon Sep 10 17:01:08 2012
++++ sample/sample-config-files/server.conf Thu Mar 7 14:02:35 2013
+@@ -259,8 +259,8 @@ comp-lzo
+ #
+ # You can uncomment this out on
+ # non-Windows systems.
+-;user nobody
+-;group nobody
++user _openvpn
++group _openvpn
+
+ # The persist options will try to avoid
+ # accessing certain resources on restart
Index: patches/patch-sample_sample-config-files_static-home_conf
===================================================================
RCS file: patches/patch-sample_sample-config-files_static-home_conf
diff -N patches/patch-sample_sample-config-files_static-home_conf
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-sample_sample-config-files_static-home_conf 17 Apr 2013
13:19:09 -0000
@@ -0,0 +1,17 @@
+$OpenBSD$
+--- sample/sample-config-files/static-home.conf.orig Mon Sep 10 17:01:08 2012
++++ sample/sample-config-files/static-home.conf Thu Mar 7 14:02:35 2013
+@@ -37,10 +37,10 @@ secret static.key
+ ; port 1194
+
+ # Downgrade UID and GID to
+-# "nobody" after initialization
++# "_openvpn" after initialization
+ # for extra security.
+-; user nobody
+-; group nobody
++user _openvpn
++group _openvpn
+
+ # If you built OpenVPN with
+ # LZO compression, uncomment
Index: patches/patch-sample_sample-config-files_static-office_conf
===================================================================
RCS file: patches/patch-sample_sample-config-files_static-office_conf
diff -N patches/patch-sample_sample-config-files_static-office_conf
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-sample_sample-config-files_static-office_conf 17 Apr 2013
13:19:09 -0000
@@ -0,0 +1,17 @@
+$OpenBSD$
+--- sample/sample-config-files/static-office.conf.orig Mon Sep 10 17:01:08 2012
++++ sample/sample-config-files/static-office.conf Thu Mar 7 14:02:35 2013
+@@ -34,10 +34,10 @@ secret static.key
+ ; port 1194
+
+ # Downgrade UID and GID to
+-# "nobody" after initialization
++# "_openvpn" after initialization
+ # for extra security.
+-; user nobody
+-; group nobody
++user _openvpn
++group _openvpn
+
+ # If you built OpenVPN with
+ # LZO compression, uncomment
Index: patches/patch-sample_sample-config-files_tls-home_conf
===================================================================
RCS file: patches/patch-sample_sample-config-files_tls-home_conf
diff -N patches/patch-sample_sample-config-files_tls-home_conf
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-sample_sample-config-files_tls-home_conf 17 Apr 2013
13:19:09 -0000
@@ -0,0 +1,17 @@
+$OpenBSD$
+--- sample/sample-config-files/tls-home.conf.orig Mon Sep 10 17:01:08 2012
++++ sample/sample-config-files/tls-home.conf Thu Mar 7 14:02:35 2013
+@@ -48,10 +48,10 @@ key home.key
+ ; port 1194
+
+ # Downgrade UID and GID to
+-# "nobody" after initialization
++# "_openvpn" after initialization
+ # for extra security.
+-; user nobody
+-; group nobody
++user _openvpn
++group _openvpn
+
+ # If you built OpenVPN with
+ # LZO compression, uncomment
Index: patches/patch-sample_sample-config-files_tls-office_conf
===================================================================
RCS file: patches/patch-sample_sample-config-files_tls-office_conf
diff -N patches/patch-sample_sample-config-files_tls-office_conf
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-sample_sample-config-files_tls-office_conf 17 Apr 2013
13:19:09 -0000
@@ -0,0 +1,17 @@
+$OpenBSD$
+--- sample/sample-config-files/tls-office.conf.orig Mon Sep 10 17:01:08 2012
++++ sample/sample-config-files/tls-office.conf Thu Mar 7 14:02:35 2013
+@@ -48,10 +48,10 @@ key office.key
+ ; port 1194
+
+ # Downgrade UID and GID to
+-# "nobody" after initialization
++# "_openvpn" after initialization
+ # for extra security.
+-; user nobody
+-; group nobody
++user _openvpn
++group _openvpn
+
+ # If you built OpenVPN with
+ # LZO compression, uncomment
Index: patches/patch-sample_sample-config-files_xinetd-client-config
===================================================================
RCS file: patches/patch-sample_sample-config-files_xinetd-client-config
diff -N patches/patch-sample_sample-config-files_xinetd-client-config
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-sample_sample-config-files_xinetd-client-config 17 Apr
2013 13:19:09 -0000
@@ -0,0 +1,11 @@
+$OpenBSD$
+--- sample/sample-config-files/xinetd-client-config.orig Mon Sep 10
17:01:08 2012
++++ sample/sample-config-files/xinetd-client-config Thu Mar 7 14:02:35 2013
+@@ -6,6 +6,6 @@ dev tun
+ ifconfig 10.4.0.1 10.4.0.2
+ remote my-server
+ port 1194
+-user nobody
++user _openvpn
+ secret /root/openvpn/key
+ inactive 600
Index: patches/patch-sample_sample-config-files_xinetd-server-config
===================================================================
RCS file: patches/patch-sample_sample-config-files_xinetd-server-config
diff -N patches/patch-sample_sample-config-files_xinetd-server-config
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-sample_sample-config-files_xinetd-server-config 17 Apr
2013 13:19:09 -0000
@@ -0,0 +1,10 @@
+$OpenBSD$
+--- sample/sample-config-files/xinetd-server-config.orig Mon Sep 10
17:01:08 2012
++++ sample/sample-config-files/xinetd-server-config Thu Mar 7 14:02:35 2013
+@@ -21,5 +21,5 @@ service openvpn_1
+ wait = yes
+ user = root
+ server = /root/openvpn/openvpn
+- server_args = --inetd --dev tun --ifconfig 10.4.0.2 10.4.0.1
--secret /root/openvpn/key --inactive 600 --user nobody
++ server_args = --inetd --dev tun --ifconfig 10.4.0.2 10.4.0.1
--secret /root/openvpn/key --inactive 600 --user _openvpn
+ }
Index: patches/patch-socket_c
===================================================================
RCS file: patches/patch-socket_c
diff -N patches/patch-socket_c
--- patches/patch-socket_c 12 Jan 2012 08:15:30 -0000 1.4
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,42 +0,0 @@
-$OpenBSD: patch-socket_c,v 1.4 2012/01/12 08:15:30 sthen Exp $
---- socket.c.orig Mon Feb 21 16:38:10 2011
-+++ socket.c Tue Mar 22 23:00:56 2011
-@@ -532,6 +532,20 @@ socket_set_tcp_nodelay (int sd, int state)
- #endif
- }
-
-+static void
-+socket_set_rtable (int sd, int rtable)
-+{
-+#ifdef TARGET_OPENBSD
-+ if (rtable > 0)
-+ {
-+ if (setsockopt (sd, IPPROTO_IP, SO_RTABLE, &rtable, sizeof(rtable)) == -1)
-+ msg (M_SOCKERR, "Socket flags: SO_RTABLE=%d failed, cannot bind on
specified routing domain", rtable);
-+ else
-+ dmsg (D_SOCKET_DEBUG, "Socket flags: SO_RTABLE=%d succeeded", rtable);
-+ }
-+#endif
-+}
-+
- static bool
- socket_set_flags (int sd, unsigned int sockflags)
- {
-@@ -1210,6 +1224,7 @@ link_socket_init_phase1 (struct link_socket *sock,
- int mtu_discover_type,
- int rcvbuf,
- int sndbuf,
-+ int rtable,
- unsigned int sockflags)
- {
- ASSERT (sock);
-@@ -1320,6 +1335,9 @@ link_socket_init_phase1 (struct link_socket *sock,
- else if (mode != LS_MODE_TCP_ACCEPT_FROM)
- {
- create_socket (sock);
-+
-+ /* set the routing domain for the socket */
-+ socket_set_rtable (sock->sd, rtable);
-
- /* set socket buffers based on --sndbuf and --rcvbuf options */
- socket_set_buffers (sock->sd, &sock->socket_buffer_sizes);
Index: patches/patch-socket_h
===================================================================
RCS file: patches/patch-socket_h
diff -N patches/patch-socket_h
--- patches/patch-socket_h 8 Jul 2010 09:18:25 -0000 1.2
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,11 +0,0 @@
-$OpenBSD: patch-socket_h,v 1.2 2010/07/08 09:18:25 fkr Exp $
---- socket.h.orig Thu Oct 1 20:02:18 2009
-+++ socket.h Thu Jul 8 07:22:47 2010
-@@ -311,6 +311,7 @@ link_socket_init_phase1 (struct link_socket *sock,
- int mtu_discover_type,
- int rcvbuf,
- int sndbuf,
-+ int rtable,
- unsigned int sockflags);
-
- void link_socket_init_phase2 (struct link_socket *sock,
Index: patches/patch-src_openvpn_init_c
===================================================================
RCS file: patches/patch-src_openvpn_init_c
diff -N patches/patch-src_openvpn_init_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_openvpn_init_c 17 Apr 2013 13:19:09 -0000
@@ -0,0 +1,11 @@
+$OpenBSD$
+--- src/openvpn/init.c.orig Wed Mar 20 09:28:14 2013
++++ src/openvpn/init.c Mon Apr 1 17:55:36 2013
+@@ -2639,6 +2639,7 @@ do_init_socket_1 (struct context *c, const int mode)
+ c->options.rcvbuf,
+ c->options.sndbuf,
+ c->options.mark,
++ c->options.rtable,
+ sockflags);
+ }
+
Index: patches/patch-src_openvpn_options_c
===================================================================
RCS file: patches/patch-src_openvpn_options_c
diff -N patches/patch-src_openvpn_options_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_openvpn_options_c 17 Apr 2013 13:19:09 -0000
@@ -0,0 +1,31 @@
+$OpenBSD$
+--- src/openvpn/options.c.orig Fri Mar 22 18:02:30 2013
++++ src/openvpn/options.c Mon Apr 1 17:55:36 2013
+@@ -304,6 +304,7 @@ static const char usage_message[] =
+ " can be matched in policy routing and packetfilter
rules.\n"
+ #endif
+ "--txqueuelen n : Set the tun/tap TX queue length to n (Linux only).\n"
++ "--rtable n : Set the routing table (default=0, OpenBSD only)\n"
+ #ifdef ENABLE_MEMSTATS
+ "--memstats file : Write live usage stats to memory mapped binary file.\n"
+ #endif
+@@ -1502,6 +1503,7 @@ show_settings (const struct options *o)
+ #endif
+ SHOW_INT (rcvbuf);
+ SHOW_INT (sndbuf);
++ SHOW_INT (rtable);
+ #if defined(TARGET_LINUX) && HAVE_DECL_SO_MARK
+ SHOW_INT (mark);
+ #endif
+@@ -4782,6 +4784,11 @@ add_option (struct options *options,
+ {
+ VERIFY_PERMISSION (OPT_P_SOCKBUF);
+ options->sndbuf = positive_atoi (p[1]);
++ }
++ else if (streq (p[0], "rtable") && p[1])
++ {
++ VERIFY_PERMISSION (OPT_P_SOCKFLAGS);
++ options->rtable = positive_atoi (p[1]);
+ }
+ else if (streq (p[0], "mark") && p[1])
+ {
Index: patches/patch-src_openvpn_options_h
===================================================================
RCS file: patches/patch-src_openvpn_options_h
diff -N patches/patch-src_openvpn_options_h
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_openvpn_options_h 17 Apr 2013 13:19:09 -0000
@@ -0,0 +1,13 @@
+$OpenBSD$
+--- src/openvpn/options.h.orig Thu Nov 22 13:07:50 2012
++++ src/openvpn/options.h Thu Mar 7 14:02:35 2013
+@@ -321,6 +321,9 @@ struct options
+ int rcvbuf;
+ int sndbuf;
+
++ /* routing domain */
++ int rtable;
++
+ /* mark value */
+ int mark;
+
Index: patches/patch-src_openvpn_socket_c
===================================================================
RCS file: patches/patch-src_openvpn_socket_c
diff -N patches/patch-src_openvpn_socket_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_openvpn_socket_c 17 Apr 2013 13:19:09 -0000
@@ -0,0 +1,42 @@
+$OpenBSD$
+--- src/openvpn/socket.c.orig Thu Dec 13 16:46:01 2012
++++ src/openvpn/socket.c Thu Mar 7 14:25:07 2013
+@@ -586,6 +586,20 @@ socket_set_mark (int sd, int mark)
+ #endif
+ }
+
++static void
++socket_set_rtable (int sd, int rtable)
++{
++#ifdef TARGET_OPENBSD
++ if (rtable > 0)
++ {
++ if (setsockopt (sd, IPPROTO_IP, SO_RTABLE, &rtable, sizeof(rtable)) == -1)
++ msg (M_WARN, "Socket flags: SO_RTABLE=%d failed, cannot bind on
specified routing domain", rtable);
++ else
++ dmsg (D_SOCKET_DEBUG, "Socket flags: SO_RTABLE=%d succeeded", rtable);
++ }
++#endif
++}
++
+ static bool
+ socket_set_flags (int sd, unsigned int sockflags)
+ {
+@@ -1367,6 +1381,7 @@ link_socket_init_phase1 (struct link_socket *sock,
+ int mtu_discover_type,
+ int rcvbuf,
+ int sndbuf,
++ int rtable,
+ int mark,
+ unsigned int sockflags)
+ {
+@@ -1481,6 +1496,9 @@ link_socket_init_phase1 (struct link_socket *sock,
+ else if (mode != LS_MODE_TCP_ACCEPT_FROM)
+ {
+ create_socket (sock);
++
++ /* set the routing domain for the socket */
++ socket_set_rtable (sock->sd, rtable);
+
+ /* set socket buffers based on --sndbuf and --rcvbuf options */
+ socket_set_buffers (sock->sd, &sock->socket_buffer_sizes);
Index: patches/patch-src_openvpn_socket_h
===================================================================
RCS file: patches/patch-src_openvpn_socket_h
diff -N patches/patch-src_openvpn_socket_h
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_openvpn_socket_h 17 Apr 2013 13:19:09 -0000
@@ -0,0 +1,11 @@
+$OpenBSD$
+--- src/openvpn/socket.h.orig Thu Dec 20 09:56:00 2012
++++ src/openvpn/socket.h Thu Mar 7 14:02:35 2013
+@@ -327,6 +327,7 @@ link_socket_init_phase1 (struct link_socket *sock,
+ int mtu_discover_type,
+ int rcvbuf,
+ int sndbuf,
++ int rtable,
+ int mark,
+ unsigned int sockflags);
+
Index: patches/patch-src_openvpn_syshead_h
===================================================================
RCS file: patches/patch-src_openvpn_syshead_h
diff -N patches/patch-src_openvpn_syshead_h
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_openvpn_syshead_h 17 Apr 2013 13:19:09 -0000
@@ -0,0 +1,12 @@
+$OpenBSD$
+--- src/openvpn/syshead.h.orig Thu Nov 22 13:07:51 2012
++++ src/openvpn/syshead.h Thu Mar 7 14:02:35 2013
+@@ -29,7 +29,7 @@
+ #include "compat-stdbool.h"
+
+ /* branch prediction hints */
+-#if defined(__GNUC__)
++#if defined(__GNUC__) && __GNUC__ >= 3
+ # define likely(x) __builtin_expect((x),1)
+ # define unlikely(x) __builtin_expect((x),0)
+ #else
Index: patches/patch-src_openvpn_tun_c
===================================================================
RCS file: patches/patch-src_openvpn_tun_c
diff -N patches/patch-src_openvpn_tun_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_openvpn_tun_c 17 Apr 2013 13:19:09 -0000
@@ -0,0 +1,51 @@
+$OpenBSD$
+--- src/openvpn/tun.c.orig Wed Mar 20 09:28:14 2013
++++ src/openvpn/tun.c Mon Apr 1 17:55:36 2013
+@@ -911,7 +911,19 @@ do_ifconfig (struct tuntap *tt,
+ );
+ }
+ else
+- argv_printf (&argv,
++ {
++ if (tt->topology == TOP_SUBNET)
++ argv_printf (&argv,
++ "%s %s %s %s netmask %s mtu %d up",
++ IFCONFIG_PATH,
++ actual,
++ ifconfig_local,
++ ifconfig_local,
++ ifconfig_remote_netmask,
++ tun_mtu
++ );
++ else
++ argv_printf (&argv,
+ "%s %s %s netmask %s mtu %d broadcast %s link0",
+ IFCONFIG_PATH,
+ actual,
+@@ -920,6 +932,7 @@ do_ifconfig (struct tuntap *tt,
+ tun_mtu,
+ ifconfig_broadcast
+ );
++ }
+ argv_msg (M_INFO, &argv);
+ openvpn_execve_check (&argv, es, S_FATAL, "OpenBSD ifconfig failed");
+ if ( do_ipv6 )
+@@ -938,6 +951,18 @@ do_ifconfig (struct tuntap *tt,
+ add_route_connected_v6_net(tt, es);
+ }
+ tt->did_ifconfig = true;
++
++ /* Add a network route for the local tun interface */
++ if (!tun && tt->topology == TOP_SUBNET)
++ {
++ struct route r;
++ CLEAR (r);
++ r.flags = RT_DEFINED;
++ r.network = tt->local & tt->remote_netmask;
++ r.netmask = tt->remote_netmask;
++ r.gateway = tt->local;
++ add_route (&r, tt, 0, NULL, es);
++ }
+
+ #elif defined(TARGET_NETBSD)
+
Index: patches/patch-syshead_h
===================================================================
RCS file: patches/patch-syshead_h
diff -N patches/patch-syshead_h
--- patches/patch-syshead_h 12 Jan 2012 08:15:30 -0000 1.2
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,12 +0,0 @@
-$OpenBSD: patch-syshead_h,v 1.2 2012/01/12 08:15:30 sthen Exp $
---- syshead.h.orig Thu Apr 21 20:13:34 2011
-+++ syshead.h Mon Jun 20 10:09:54 2011
-@@ -33,7 +33,7 @@
- #endif
-
- /* branch prediction hints */
--#if defined(__GNUC__)
-+#if defined(__GNUC__) && __GNUC__ >= 3
- # define likely(x) __builtin_expect((x),1)
- # define unlikely(x) __builtin_expect((x),0)
- #else
Index: patches/patch-tun_c
===================================================================
RCS file: patches/patch-tun_c
diff -N patches/patch-tun_c
--- patches/patch-tun_c 23 Jan 2012 18:07:21 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,47 +0,0 @@
-$OpenBSD: patch-tun_c,v 1.1 2012/01/23 18:07:21 sthen Exp $
---- tun.c.orig Tue Dec 13 16:58:56 2011
-+++ tun.c Thu Jan 12 09:04:48 2012
-@@ -776,7 +776,19 @@ do_ifconfig (struct tuntap *tt,
- tun_mtu
- );
- else
-- argv_printf (&argv,
-+ {
-+ if (tt->topology == TOP_SUBNET)
-+ argv_printf (&argv,
-+ "%s %s %s %s netmask %s mtu %d up",
-+ IFCONFIG_PATH,
-+ actual,
-+ ifconfig_local,
-+ ifconfig_local,
-+ ifconfig_remote_netmask,
-+ tun_mtu
-+ );
-+ else
-+ argv_printf (&argv,
- "%s %s %s netmask %s mtu %d broadcast %s link0",
- IFCONFIG_PATH,
- actual,
-@@ -785,9 +797,22 @@ do_ifconfig (struct tuntap *tt,
- tun_mtu,
- ifconfig_broadcast
- );
-+ }
- argv_msg (M_INFO, &argv);
- openvpn_execve_check (&argv, es, S_FATAL, "OpenBSD ifconfig failed");
- tt->did_ifconfig = true;
-+
-+ /* Add a network route for the local tun interface */
-+ if (!tun && tt->topology == TOP_SUBNET)
-+ {
-+ struct route r;
-+ CLEAR (r);
-+ r.defined = true;
-+ r.network = tt->local & tt->remote_netmask;
-+ r.netmask = tt->remote_netmask;
-+ r.gateway = tt->local;
-+ add_route (&r, tt, 0, es);
-+ }
-
- #elif defined(TARGET_NETBSD)
-
Index: pkg/PFRAG.shared
===================================================================
RCS file: pkg/PFRAG.shared
diff -N pkg/PFRAG.shared
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ pkg/PFRAG.shared 17 Apr 2013 13:19:09 -0000
@@ -0,0 +1,2 @@
+@comment $OpenBSD$
+lib/openvpn/plugins/openvpn-plugin-down-root.so
Index: pkg/PLIST
===================================================================
RCS file: /cvs/ports/net/openvpn/pkg/PLIST,v
retrieving revision 1.15
diff -u -p -r1.15 PLIST
--- pkg/PLIST 27 Jan 2012 12:30:28 -0000 1.15
+++ pkg/PLIST 17 Apr 2013 13:19:09 -0000
@@ -1,57 +1,20 @@
@comment $OpenBSD: PLIST,v 1.15 2012/01/27 12:30:28 jsing Exp $
@newgroup _openvpn:577
@newuser _openvpn:577:_openvpn:daemon:OpenVPN Daemon:/nonexistent:/sbin/nologin
+%%SHARED%%
include/openvpn/
include/openvpn/openvpn-plugin.h
+lib/openvpn/
+lib/openvpn/plugins/
+lib/openvpn/plugins/openvpn-plugin-down-root.a
+lib/openvpn/plugins/openvpn-plugin-down-root.la
@man man/man8/openvpn.8
@bin sbin/openvpn
share/doc/openvpn/
+share/doc/openvpn/README.down-root
share/doc/openvpn/management-notes.txt
share/doc/pkg-readmes/${FULLPKGNAME}
share/examples/openvpn/
-share/examples/openvpn/easy-rsa/
-share/examples/openvpn/easy-rsa/1.0/
-share/examples/openvpn/easy-rsa/1.0/README
-share/examples/openvpn/easy-rsa/1.0/build-ca
-share/examples/openvpn/easy-rsa/1.0/build-dh
-share/examples/openvpn/easy-rsa/1.0/build-inter
-share/examples/openvpn/easy-rsa/1.0/build-key
-share/examples/openvpn/easy-rsa/1.0/build-key-pass
-share/examples/openvpn/easy-rsa/1.0/build-key-pkcs12
-share/examples/openvpn/easy-rsa/1.0/build-key-server
-share/examples/openvpn/easy-rsa/1.0/build-req
-share/examples/openvpn/easy-rsa/1.0/build-req-pass
-share/examples/openvpn/easy-rsa/1.0/clean-all
-share/examples/openvpn/easy-rsa/1.0/list-crl
-share/examples/openvpn/easy-rsa/1.0/make-crl
-share/examples/openvpn/easy-rsa/1.0/openssl.cnf
-share/examples/openvpn/easy-rsa/1.0/revoke-crt
-share/examples/openvpn/easy-rsa/1.0/revoke-full
-share/examples/openvpn/easy-rsa/1.0/sign-req
-share/examples/openvpn/easy-rsa/1.0/vars
-share/examples/openvpn/easy-rsa/2.0/
-@comment share/examples/openvpn/easy-rsa/2.0/Makefile
-share/examples/openvpn/easy-rsa/2.0/README
-share/examples/openvpn/easy-rsa/2.0/build-ca
-share/examples/openvpn/easy-rsa/2.0/build-dh
-share/examples/openvpn/easy-rsa/2.0/build-inter
-share/examples/openvpn/easy-rsa/2.0/build-key
-share/examples/openvpn/easy-rsa/2.0/build-key-pass
-share/examples/openvpn/easy-rsa/2.0/build-key-pkcs12
-share/examples/openvpn/easy-rsa/2.0/build-key-server
-share/examples/openvpn/easy-rsa/2.0/build-req
-share/examples/openvpn/easy-rsa/2.0/build-req-pass
-share/examples/openvpn/easy-rsa/2.0/clean-all
-share/examples/openvpn/easy-rsa/2.0/inherit-inter
-share/examples/openvpn/easy-rsa/2.0/list-crl
-@comment share/examples/openvpn/easy-rsa/2.0/openssl-0.9.6.cnf
-@comment share/examples/openvpn/easy-rsa/2.0/openssl-0.9.8.cnf
-share/examples/openvpn/easy-rsa/2.0/openssl-1.0.0.cnf
-share/examples/openvpn/easy-rsa/2.0/pkitool
-share/examples/openvpn/easy-rsa/2.0/revoke-full
-share/examples/openvpn/easy-rsa/2.0/sign-req
-share/examples/openvpn/easy-rsa/2.0/vars
-@comment share/examples/openvpn/easy-rsa/2.0/whichopensslcnf
share/examples/openvpn/sample-config-files/
share/examples/openvpn/sample-config-files/README
share/examples/openvpn/sample-config-files/client.conf
@@ -81,11 +44,9 @@ share/examples/openvpn/sample-keys/pass.
share/examples/openvpn/sample-keys/pkcs12.p12
share/examples/openvpn/sample-keys/server.crt
share/examples/openvpn/sample-keys/server.key
-share/examples/openvpn/sample-keys/ta.key
share/examples/openvpn/sample-scripts/
share/examples/openvpn/sample-scripts/auth-pam.pl
share/examples/openvpn/sample-scripts/bridge-start
share/examples/openvpn/sample-scripts/bridge-stop
-share/examples/openvpn/sample-scripts/openvpn.init
share/examples/openvpn/sample-scripts/ucn.pl
share/examples/openvpn/sample-scripts/verify-cn
