From: Lev Stipakov
v5:
* Few more nickpicks
v4:
* replace magic number with define
* show user a decimal value instead of hex
v3:
* move assert outside of loop
* add max-clients value check to options
v2:
* Add round brackets for clarity
* Rephrase comment
Support for disabled peer-id
When p
Hi,
On Sat, Sep 17, 2016 at 9:20 AM, Gert Doering wrote:
> In -std=c99 mode, WIN32 is not defined to be "1" anymore, but just
> "#define WIN32" - so the "#if WIN32" breaks, needs to be "#ifdef WIN32"
>
Indeed...
To depend on the compiler or system headers to define WIN32 was not a great
idea a
Implementation with multiple threads needs that to be able run encryption in
parallel. Tested with James' OpenVPN 3 server.
---
src/openvpn/comp.c | 1 +
src/openvpn/init.c | 1 -
src/openvpn/options.c | 5 -
src/openvpn/packet_id.c | 7 +++
src/openvpn/packet_id.h | 2 +-
src
Hi,
On Sat, Sep 17, 2016 at 03:33:28PM +0200, Arne Schwabe wrote:
> --- a/src/openvpn/forward.c
> +++ b/src/openvpn/forward.c
> @@ -391,7 +391,7 @@ check_fragment_dowork (struct context *c)
>struct link_socket_info *lsi = get_link_socket_info (c);
>
>/* OS MTU Hint? */
> - if (lsi->mtu_
Hi,
On Sat, Sep 17, 2016 at 06:40:00PM +0500, ?? wrote:
> Should we add mingw compiler to travis-ci matrix?
If travis can do mingw builds, that would be good.
But it is complicated.
gert
--
USENET is *not* the non-clickable part of WWW!
Should we add mingw compiler to travis-ci matrix?
17 сент. 2016 г. 6:34 PM пользователь "Gert Doering"
написал:
In -std=c99 mode, WIN32 is not defined to be "1" anymore, but just
"#define WIN32" - so the "#if WIN32" breaks, needs to be "#ifdef WIN32"
Signed-off-by: Gert Doering
---
src/openvp
From: Lev Stipakov
v4:
- replace magic number with define
- show user a decimal value instead of hex
v3:
* move assert outside of loop
* add max-clients value check to options
v2:
* Add round brackets for clarity
* Rephrase comment
Support for disabled peer-id
When peer-id value is 0xFF,
Implementation with multiple threads needs that to be able run encryption in
parallel. Tested with James' OpenVPN 3 server.
---
src/openvpn/comp.c | 1 +
src/openvpn/forward.c | 2 +-
src/openvpn/init.c | 1 -
src/openvpn/options.c | 5 -
src/openvpn/packet_id.c | 7 +++
src
In -std=c99 mode, WIN32 is not defined to be "1" anymore, but just
"#define WIN32" - so the "#if WIN32" breaks, needs to be "#ifdef WIN32"
Signed-off-by: Gert Doering
---
src/openvpn/misc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/openvpn/misc.c b/src/openvpn/misc.
This isn't an option to be used directly in any configuration files,
but to be used via --client-connect scripts or --plugin making use of
OPENVPN_PLUGIN_CLIENT_CONNECT or OPENVPN_PLUGIN_CLIENT_CONNECT_V2.
[v2 - Added lacking .B styling of options
- Clarified the token life time ]
Signed-of
Hi,
On 17 September 2016 at 14:53, Lev Stipakov wrote:
> From: Lev Stipakov
>
> v3:
> * move assert outside of loop
> * add max-clients value check to options
>
> [...]
>
> --- a/src/openvpn/options.c
> +++ b/src/openvpn/options.c
> @@ -5893,6 +5893,11 @@ add_option (struct options *options,
>
From: Lev Stipakov
v3:
* move assert outside of loop
* add max-clients value check to options
v2:
* Add round brackets for clarity
* Rephrase comment
Support for disabled peer-id
When peer-id value is 0xFF, server should ignore it and treat packet
in a same way as P_DATA_V1.
---
src/openv
Hi,
On Sat, Sep 17, 2016 at 02:01:03PM +0200, Gert Doering wrote:
> Your patch has been applied to the master branch.
>
> commit 3ffe2338c092d7bd4abace3ae9fa0b4f85cf4b87
> Author: Arne Schwabe
> Date: Sat Sep 17 11:00:35 2016 +0200
Forgot to push and then David put a new patch in between, so t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 17/09/16 14:37, ??? wrote:
> Hello,
>
> I see couple of valgrind-like tests
>
> debug/dovalns debug/doval
>
> however, I do not see any usage of them
>
> [ilia@localhost openvpn]$ find . -type f -exec grep doval {} ';'
> -print Binary f
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
ACK!
Your patch has been applied to the master branch
This patch includes also the clean cert_hash_remember scoping patch.
commit af1e4d26ab65bd71de168ea621ca55d0e40a0bc1
Author: Steffan Karger
Date: Thu May 5 22:14:07 2016 +0200
Add SHA256 f
ACK.
Your patch has been applied to the master branch.
commit 3ffe2338c092d7bd4abace3ae9fa0b4f85cf4b87
Author: Arne Schwabe
Date: Sat Sep 17 11:00:35 2016 +0200
Prefer RECVDSTADDR to PKTINFO for IPv4 in OS X since it actually works
(unlike PKTINFO)
Acked-by: Gert Doering
Mess
ACK.
Your patch has been applied to the master branch.
Text changed to read "ENABLE_CRYPTO_OPENSSL"
commit d13a40a4a477bae3efede6945174df1cb2c3aa69
Author: Arne Schwabe
Date: Sat Sep 17 13:16:46 2016 +0200
Fix ENABLE_CRYPTO_OPENSSL set to YES even with --disable-crypto set
Acked-by
Hello,
I see couple of valgrind-like tests
debug/dovalns
debug/doval
however, I do not see any usage of them
[ilia@localhost openvpn]$ find . -type f -exec grep doval {} ';' -print
Binary file ./.git/index matches
./.git/index
[ilia@localhost openvpn]$
I would like to valgrind tests to .trav
ACK, thanks.
Your patch has been applied to the following branches
commit 3712322ee1219e55640f2f4e5f822799edacd7cc (master)
commit 3347d51ea779b190864fe0715da3e9d7e8fa365c (release/2.3)
Author: David Sommerseth
Date: Sat Sep 17 14:18:05 2016 +0300
t_client.sh: Improve detection if the O
2016-09-17 16:17 GMT+05:00 Steffan Karger :
> Hi,
>
> On 17 September 2016 at 12:54, Ilya Shipitsin
> wrote:
> > ---
> > .travis.yml | 4
> > 1 file changed, 4 deletions(-)
> >
> > diff --git a/.travis.yml b/.travis.yml
> > index 452c48e..369db97 100644
> > --- a/.travis.yml
> > +++ b/.trav
Your patch has been applied to the following branches
commit 6b25b99fe4b8bdf5cdba4a0fb247df40277d0525 (master)
commit f1b66b21f2f5c0ef74903048f84d69023ef21b8e (release/2.3)
Author: David Sommerseth
Date: Sat Sep 17 13:50:33 2016 +0300
t_client.sh: Add support for Kerberos/ksu
Signe
This will check the OpenVPN log file if the process initialized successfully.
It will check the log file for 30 seconds before aborting the test run. This
also has the advantage of starting the testing quicker if the initialization
goes faster than 10 seconds (which was the old sleep time).
The u
Hi,
On 17 September 2016 at 12:54, Ilya Shipitsin wrote:
> ---
> .travis.yml | 4
> 1 file changed, 4 deletions(-)
>
> diff --git a/.travis.yml b/.travis.yml
> index 452c48e..369db97 100644
> --- a/.travis.yml
> +++ b/.travis.yml
> @@ -51,10 +51,6 @@ matrix:
>os: osx
>osx_im
On OS X openssl/x509.h is not in the standard include path and the
files still try to include since the includes only depend on on
ENABLE_WITH_OPENSSL.
---
configure.ac | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/configure.ac b/configure.ac
index 5c5cdf8..e4f613b 1006
---
.travis.yml | 4
1 file changed, 4 deletions(-)
diff --git a/.travis.yml b/.travis.yml
index 452c48e..369db97 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -51,10 +51,6 @@ matrix:
os: osx
osx_image: xcode7.3
compiler: clang
- allow_failures:
-- env: SSLLIB="open
If the t_client.rc have PREFER_KSU=1 configured, t_client.sh
will check if you have a valid Kerberos ticket and if so it will
do all execution via ksu instead of sudo.
If PREFER_KSU is not set or a Kerberos ticket is not found, it
will fallback to the configured RUN_SUDO approach.
When using ksu
Hi,
On Sat, Sep 17, 2016 at 01:19:33PM +0300, David Sommerseth wrote:
> +klist -l &> /dev/null
NAK :)
(bashism, on ksh it will just put "klist -l" into the background)
gert
--
USENET is *not* the non-clickable part of WWW!
//ww
From: Lev Stipakov
v3: Use better way of figuring out IP proto version which
does not break TAP mode. Add an option to allow recursive
routing, could be useful when packets sent by openvpn itself
are not subject to the routing tables that would move packets
into the tunnel.
v2: better method nam
This option was useful when Ipv6 tun support was non standard and was an
internal/user specified flag that tracked the Ipv6 capability of the tun device.
All supported OS support IPv6. Also tun-ipv6 is pushable by the remote so not
putting tun-ipv6 does not forbid ipv6 addresses.
This commit al
Your patch has been applied to the master branch.
commit d7c15ff12a8790c2ad2e0adc0e191c32f081463f
Author: Gert Doering
Date: Fri Sep 16 21:45:11 2016 +0200
Show compile-time variant for --multihome in --version output.
Signed-off-by: Gert Doering
Acked-by: Arne Schwabe
Me
Your patch has been applied to the master branch.
commit 7efa60d9790e029b8f9efd6a0ca06312d31d3420
Author: Gert Doering
Date: Fri Sep 16 21:02:42 2016 +0200
Fix IP_PKTINFO related compilation failure on NetBSD 7.0
Signed-off-by: Gert Doering
Acked-by: Arne Schwabe
Message-
Am 16.09.16 um 22:45 schrieb Gert Doering:
> Instead of just [MH], show [MH/PKTINFO] or [MH/RECVDA], to see more
> easily which compile-time variant was chosen by configure and syshead.h
>
ACK from me.
Arne
--
_
Am 16.09.16 um 22:02 schrieb Gert Doering:
> NetBSD has introduced IP_PKTINFO and struct in_pktinfo, but does not
> have the "ipi_spec_dst" structure element, causing compilation errors.
>
> Introduce a check for that (AC_CHECK_MEMBER) in configure.ac, and
> change all "#ifdef HAVE_IN_PKTINFO" to
If the t_client.rc have PREFER_KSU=1 configured, t_client.sh
will check if you have a valid Kerberos ticket and if so it will
do all execution via ksu instead of sudo.
If PREFER_KSU is not set or a Kerberos ticket is not found, it
will fallback to the configured RUN_SUDO approach.
When using ksu
Your patch has been applied to the following branches
commit a85ba0e06badf9932e80deb53b68f50611943c6e (master)
commit 8e13e38aef5028e2227eb2d5e0a7e35ba6ff028e (release/2.3)
Author: Ilya Shipitsin
Date: Sat Sep 17 14:33:09 2016 +0500
skip t_lpback.sh and t_cltsrv.sh if openvpn configured
Am 17.09.16 um 12:40 schrieb Илья Шипицин:
> funny enough, neither Azure, nor GCP are running ipv6.
> well, GCP images are compiled with ipv6 support actually.
Yeah. But the patch is not about ipv6 actually working. Just about
telling that the OS support of IPv6 tun.
Arne
--
This option was useful when Ipv6 tun support was non standard and was an
internal/user specified flag that tracked the Ipv6 capability of the tun device.
All supported OS support IPv6. Also tun-ipv6 is pushable by the remote so not
putting tun-ipv6 does not forbid ipv6 addresses.
This commit al
Hi,
On Sat, Sep 17, 2016 at 12:44:15PM +0300, David Sommerseth wrote:
> +else
> +RUN_SUDO="ksu -q -e $*"
NAK :)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, German
ACK. Because it make sense and I've been bitten by the bug, too :-)
Your patch has been applied to the following branches
commit e0926ebfe55347843af701216be9598827a1367a (master)
commit 057b70f1642336b7eb939f8515de791d515b8d04 (release/2.3)
Author: David Sommerseth
Date: Sat Sep 17 12:20:26
v3: Use better way of figuring out IP proto version which
does not break TAP mode. Add an option to allow recursive
routing, could be useful when packets sent by openvpn itself
are not subject to the routing tables that would move packets
into the tunnel.
v2: better method naming
On certain OSes
If the t_client.rc have PREFER_KSU=1 configured, t_client.sh
will check if you have a valid Kerberos ticket and if so it will
do all execution via ksu instead of sudo.
If PREFER_KSU is not set or a Kerberos ticket is not found, it
will fallback to the configured RUN_SUDO approach.
When using ksu
On 17 September 2016 at 11:33, Ilya Shipitsin wrote:
> ---
> configure.ac | 1 +
> tests/Makefile.am | 5 -
> 2 files changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/configure.ac b/configure.ac
> index d733023..dc95123 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -1192,
funny enough, neither Azure, nor GCP are running ipv6.
well, GCP images are compiled with ipv6 support actually.
2016-09-17 14:23 GMT+05:00 Arne Schwabe :
> This option was useful when Ipv6 tun support was non standard and was an
> internal/user specified flag that tracked the Ipv6 capability of
thanks!
I'm going to unleash "allowed as failure" tests now.
2016-09-17 14:19 GMT+05:00 Gert Doering :
> ACK. Your patch has been applied to the master branch
>
> (Talking with Steffan, we've decided to squash both patches into just one,
> because it seems to be somewhat silly to add a file just
---
configure.ac | 1 +
tests/Makefile.am | 5 -
2 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
index d733023..dc95123 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1192,6 +1192,7 @@ AM_CONDITIONAL([WIN32], [test "${WIN32}" = "yes"])
AM_CONDI
This option was useful when Ipv6 tun support was non standard and was an
internal/user specified flag that tracked the Ipv6 capability of the tun device.
All supported OS support IPv6. Also tun-ipv6 is pushable by the remote so not
putting tun-ipv6 does not forbid ipv6 addresses.
This commit al
This resolves an issue where $! returns the PID of the sudo process instead
of the PID of OpenVPN and when sudo does not properly propagate signales
down to OpenVPN.
Trac: #738
Signed-off-by: David Sommerseth
---
tests/t_client.sh.in | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
di
ACK. Your patch has been applied to the master branch
(Talking with Steffan, we've decided to squash both patches into just one,
because it seems to be somewhat silly to add a file just to completely
rewrite in the next patch again)
commit 368991264d82f038bde30a67910ac6c7681a4ba9
Author: Ilya Shi
---
configure.ac | 1 +
1 file changed, 1 insertion(+)
diff --git a/configure.ac b/configure.ac
index 418ad57..6dfe256 100644
--- a/configure.ac
+++ b/configure.ac
@@ -337,6 +337,7 @@ case "$host" in
have_tap_header="yes"
dnl some Mac OS X tendering (we use vararg
49 matches
Mail list logo
