you get the ovpn-dco package from?
Because I have my own dev package, but I hardly believe that was pulled
upstream.
Regards,
--
Antonio Quartulli
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists
that there can be many factors affecting the results
here..including the specific platform you are testing this on.
This said, dco is going through a large code revamp, therefore we'll get
a chance to better investigate performance issue once that revamp is done.
Thanks a lot for your
Hi,
On 24/04/2024 11:38, d tbsky wrote:
[ 9652.965804] encrypt crypto_alloc_aead failed, err=-2
This is exactly it. The kernel crypto engine is reporting "not found".
I think you should look for CONFIG_CRYPTO_CHACHA20POLY1305 in the kernel
config.
Regards,
--
Antonio
Hi,
On 24/04/2024 11:21, d tbsky wrote:
Hi:
Antonio Quartulli
Unfortunately there will be no difference as this is an issue between
openvpn and ovpn-dco.
thanks a lot for hint!
Could you please re-run with --verb 6 ? That will include DCO specific
debug messages.
Thanks a lot
Hi,
On 24/04/2024 11:03, d tbsky wrote:
Hi:
Antonio Quartulli
Yes, 2.6.10 requires ovpn-dco-v2.
ok. so I can not downgrade.
wireguard uses chacha20poly1305, therefore it'd be essential to test
with this algorithm in order to make a full comparison.
Do you have a full log to provide
found, ovpn-dco unloaded?" ?
Regards,
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
--
Antonio Quartulli
___
Open
kmod_ovpn_dco_v2 module but
"openvpn --version" still report: "DCO version: N/A".
What is the exact openvpn and dc oversion that you compiled in your last
test?
Regards,
--
Antonio Quartulli
___
Openvpn-users mailin
: I7a1765661f7676eeba8016024080fd1026220ced
Signed-off-by: Selva Nair
Acked-by: Antonio Quartulli
---
v2: Add '--' prefix when referring to auth-user-pass
and mention related github issue
doc/man-sections/client-options.rst | 11 +++
doc/man-sections/inline-files.rst | 2 +-
2 files changed, 12 insertions(+), 1
Acked-by: Antonio Quartulli
---
Does this have to go through gerrit?
doc/man-sections/client-options.rst | 11 +++
doc/man-sections/inline-files.rst | 2 +-
2 files changed, 12 insertions(+), 1 deletion(-)
diff --git a/doc/man-sections/client-options.rst
b/doc/man-sections/client
lla if() go.
Cheers,
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Hi,
On 16/02/2024 15:00, Antonio Quartulli wrote:
Hi,
On 15/02/2024 17:17, Gert Doering wrote:
Hi,
On Thu, Feb 15, 2024 at 03:59:02PM +, its_Giaan (Code Review) wrote:
if (buf->len > 0)
{
- /*
- * The --passtos and --mssfix options require
-
not something we need to test for here (= if
only an IPv6 flag is active, why should we enter this branch?).
We need to enter for either v4 or v6 flags, no?
The check on whether the packet is v4 or v6 happens *inside* this if
block. Am I wrong?
Cheers,
--
Ant
you are seeing is the result of this
implementation detail or something else, especially because in some
cases you get higher throughput.
Cheers,
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https
Hi,
On 09/01/2024 12:24, Peter Davis wrote:
Hi,
In the Easy-RSA directory I have the following files and directories:
easyrsa openssl-easyrsa.cnf pki ta.key vars x509-types
Is it enough to keep the pki directory?
Why not keeping everything?
Cheers,
--
Antonio Quartulli
need the CA key in order to sign your
CRL (Certificate Revocation List).
The CA is the *trusted* entity that is in charge of signing "documents"
that others need to accept. IF you delete it, you have no way of
creating new "documents".
Cheers,
tadata may contain some unique ID of the fingerprint
of the client cert..or anything you may come up with (i.e. an expiry date).
This is why you couldn't find any "how" on the Internet. You need to
build the logic by yourself.
I hope this helps!
Cheers,
read a bit more about PKIs and x509?
These topics are "used" by OpenVPN, but they are generic and applicable
to different environments.
Cheers,
--
Antonio Quartulli
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://l
Hi,
On 08/01/2024 13:02, Peter Davis via Openvpn-users wrote:
I still don't quite understand why I shouldn't delete the Easy-RSA directory
after generating the keys!
Because tomorrow you may add another server or client and thus need to
generate another certificate.
Cheers,
--
Antonio
.
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
--
Antonio Quartulli
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https
Hi,
On 03/01/2024 23:28, Gert Doering wrote:
Hi,
On Wed, Jan 03, 2024 at 10:45:50PM +0100, Antonio Quartulli wrote:
On 03/01/2024 20:03, Gert Doering wrote:
Not sure I can come up with a good attack scenario
in an OpenVPN PKI scenario where the CA would be stopped from doing
something nasty
access to the VPN
server).
I think the .csr dance would prevent the CA from impersonating well
known users with a well known certificate.
Cheers,
--
Antonio Quartulli
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https
?
* Is there any firewall on the VPN server which may be preventing
connections from outside the LAN?
Note: this is unrelated to OpenVPN, but just a generic network
configuration issue.
Thanks again.
You right. The firewall was configured for the TCP protocol, not UDP.
Problem solved.
--
Antonio
Sorry,
posted to the wrong list.
Forwarded to the correct one now.
On 03/01/2024 09:41, Antonio Quartulli wrote:
Hi,
On 03/01/2024 09:14, Peter Davis wrote:
Hello,
I changed the IP address in the client configuration file, but I can't
connect to the server. I got the following error:
Wed
to OpenVPN, but just a generic network
configuration issue.
Regards,
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
people do when having the VPN server behind a
firewall/NAT.
There might be other factors playing a role here (i.e. proper firewall
configuration, etc..), therefore just changing the IP may not be the
only required action.
Cheers,
--
Antonio Quartulli
ES_128_CCM
#data-ciphers-fallback AES-128-GCM
Thanks
Richard
--
Antonio Quartulli
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
erver need to have forwarding
enabled.
gert
--
Antonio Quartulli
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
) enable NAT on the server. this way it will be the server's IP to
reach 192.168.51.0/24 and the connection will/should work.
Did this work before?
Cheers,
--
Antonio Quartulli
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
with new certs created by
easy-rsa v.3 and the results, though not successful are definately
better.
you are missing --keepalive from your server config. Thus the time out.
HTH
--
Antonio Quartulli
___
Openvpn-users mailing list
Openvpn-users
thm which is not accepted by the more
recent OpenSSL.
Regards,
--
Antonio Quartulli
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
all other key material:
>
>
>>
>>
>
>
>> Cheers,
>
>> --
>> Antonio Quartulli
>
>
>
>Hello,
>Thanks.
>My Client.ovpn file is as follows:
>
>https://paste.mozilla.org/CwWTPPW0
>
>I got the following error:
>
>https://past
/man/openvpn-2.6/openvpn.8.html
and print it is using the "Save as PDF" virtual printer?
Cheers,
--
Antonio Quartulli
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
mobile users because it is two files.
Is there a solution?
Yes, you can inline it like all other key material:
Cheers,
--
Antonio Quartulli
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
t at fault here.
Anyway, at least we know it's something obscure in the environment and
most likely (hopefully) not a bug in the code.
Cheers!
--
Antonio Quartulli
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge
Hi,
On 29/11/2023 16:19, Aleksandar Ivanisevic wrote:
On 29. Nov 2023, at 12:23, Antonio Quartulli wrote:
Hi,
On 29/11/2023 11:21, Aleksandar Ivanisevic wrote:
what is your openssl version, maybe that has something to do with it? mine is
OpenSSL 3.0.11 19 Sep 2023 (Library: OpenSSL
Hi,
On 29/11/2023 12:23, Antonio Quartulli wrote:
Could you please share your config?
It may contain important details that otherwise we can only speculate on.
If I had to throw a wild guess, I would say that if chroot is in use, a
strange combination of factors may lead to openvpn reading
?
It may contain important details that otherwise we can only speculate on.
Thanks!
--
Antonio Quartulli
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
,
--
Antonio Quartulli
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
://lists.sourceforge.net/lists/listinfo/openvpn-users
--
Antonio Quartulli
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
s 1.
@Aleksandar would it be an option for you to send your CRL over so that
we can replicate the issue here (also privately)?
Cheers,
--
Antonio Quartulli
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
Hi,
On 21/11/2023 18:06, Arne Schwabe wrote:
This can happen if the memory alloc fails.
Patch V2: add goto error
Patch V3: return -ENOMEM instead of going to error
Change-Id: Iee66caa794d267ac5f8bee584633352893047171
Signed-off-by: Arne Schwabe
Acked-by: Antonio Quartulli
---
src
the client itself.
Arne
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Hi,
On 20/10/2023 21:35, Bo Berglund wrote:
What have I missed?
Breaking your setup in mysterious ways is not going to help :-)
As Gert pointed out, what you want to achieve requires configuring the
firewall to prevent access to the LAN subnet.
Cheers,
--
Antonio Quartulli
semantic, I think we should simply document
what the code does.
Cheers,
Regards,
Selva
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
From: Antonio Quartulli
Add an important detail about the DNS configured via this option
to be an "interface-specific" DNS. This detail is important when
troubleshooting DNS issues since this logic will bypass the
routing table.
Signed-off-by: Antonio Quartulli
---
doc/man-se
d
to your certificates, like the CN, and this is the main reason why you
should rely on those when trying to identifying clients in order to
assign special properties.
I hope this helps.
Cheers,
--
Antonio Quartulli
___
Openvpn-users mailing list
Ope
t in openssl/opensslconf.h
#endif
]]
)],
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
rent message for this case?
Cheers,
#endif
]]
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
struct event_timeout *server_poll_timeout,
struct signal_info *sig_info);
void socks_process_incoming_udp(struct buffer *buf,
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
home' or not depends on your setup.
2- The multihome statement does not need a parameter? I just need to put it
inside of the server.conf file?
Correct. No parameter required and it is just added to the server config.
Regards,
--
Antonio Quartulli
_
ient can connect to my OpenVPN server?
Because there is a file in CCD having the same name as the client CN.
If such file does not exist, then the client won't be able to connect.
This is what ccd-exclusive does.
Cheers,
--
Antonio Quartulli
___
Open
e IPs, you most likely need 'multihome'.
Cheers,
--
Antonio Quartulli
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
dco_multi_get_localaddr())
Prevent crash by running this code only if proto is UDP.
The same check is already performed in socket.c/h for the non-DCO
case.
Fixes: https://github.com/OpenVPN/openvpn/issues/390
Change-Id: I61adc26ce2ff737e020c3d980902a46758cb23e5
Signed-off-by: Antonio Quartulli
---
src/openvpn
Reported-by: Matt Whitlock
Change-Id: Ic473fbc447741e54a9aac83c70bc4e6d87d91080
Signed-off-by: Antonio Quartulli
---
configure.ac | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
index 5ab1d0df..2f65cbd5 100644
--- a/configure.ac
+++ b/configure.ac
co_read_bytes);
| ~~
| |
| counter_type {aka long long unsigned int}
Signed-off-by: Sergey Korolev
Thanks for catching this!
Acked-by: Antonio Quartulli
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourcefo
?
I think so, because the patch is explicitly setting --data-ciphers and
it is not including CHACHA20POLY1305.
Do you have clients advertising chachapoly only?
Cheers,
--
Antonio Quartulli
___
Openvpn-users mailing list
Openvpn-users
ER_key_length(kt));
+EVP_CIPHER_free(kt);
}
+
This is not required - please remove it before merging.
int
cipher_ctx_iv_length(const EVP_CIPHER_CTX *ctx)
{
Acked-by: Antonio Quartulli
--
Antonio Quartulli
___
Openvpn-devel mailing li
eers,
Best regards,
Kristof
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
--
Antonio Quartulli
--
Antonio Quartulli
___
O
if (A ==
NULL). Although I am not sure if the whole codebase was cleaned up yet
or not.
Cheers,
+{
+close(fd);
+return false;
+}
ifcr.ifcr_count = ifcr.ifcr_total;
ifcr.ifcr_buffer = buf;
--
Antonio Quartulli
Hi,
On 15/05/2023 16:21, Frank Lichtenheld wrote:
Leaks a small amount of memory every 15s.
Signed-off-by: Frank Lichtenheld
wonderful catch, Frank!
Acked-by: Antonio Quartulli
---
src/openvpn/dco_linux.c | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/src
for FreeBSD can be found in https://reviews.freebsd.org/D39570
Signed-off-by: Kristof Provost
This looks good to me and I think it's reasonable to use the
CMD_SWAP_KEYS as notification for userspace to actually trigger a key
rotation.
Acked-by: Antonio Quartulli
Linux and Windows part
lt;https://bugzilla.oracle.com/>"
ORACLE_BUGZILLA_PRODUCT="Oracle Linux 8"
ORACLE_BUGZILLA_PRODUCT_VERSION=8.7
ORACLE_SUPPORT_PRODUCT="Oracle Linux"
ORACLE_SUPPORT_PRODUCT_VERSION=8.7
-[~:#]- cat /etc/oracle-release
Oracle Linux Server release 8.7
-[~:#]- cat /etc/redha
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net
struct nl_sock *nl_sock = nl_socket_alloc();
+if (!nl_sock)
+{
+msg(msglevel, "Allocating net link socket failed");
+ret = -1;
+goto err_sock;
+}
+
ret = genl_connect(nl_sock);
if (ret)
{
--
Antonio Quartulli
ne.
(this is what we do in other functions of this file)
Cheers,
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Matthias
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
everything to 'void *'.
Cheers,
}
}
}
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
-by: Antonio Quartulli
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
peer-id %d", __func__, peer_id);
+if (!c->c1.tuntap)
+{
+return 0;
+}
+
dco_context_t *dco = >c1.tuntap->dco;
struct nl_msg *nl_msg = ovpn_dco_nlmsg_create(dco, OVPN_CMD_GET_PEER);
struct nlattr *attr = nla_nest_start(nl_msg, OVPN_ATTR_GET_PEER
Spot on and sorry for forgetting to mentioning it:
You need ovpn-dco at this commit:
commit 726fdfe0fa21aa4e87c5a60294ea0365ce7b6809 (HEAD -> master,
origin/master)
Author: Antonio Quartulli
Date: Mon Mar 20 23:50:52 2023 +0100
ovpn-dco: store and report transport rx/tx stats as w
Hi,
On 23/03/2023 09:03, Gert Doering wrote:
From: Antonio Quartulli
When retrieving the multi_instance of a specific peer,
there is no need to peform a linear search across the
whole m->hash list. We can directly access the needed
object via m->instances[peer-id] in constant time (an
ristof Provost
Change-Id: I8d8af6f872146604a9710edf443db65df48ac3cb
Signed-off-by: Antonio Quartulli
---
NOTE: not tested because I have no FreeBSD environment
Changes from v1:
* added boundary check on peer-id
Changes from v2:
* use one check only instead of two
---
src/openvpn/dco_freebsd.
With this API it is possible to retrieve the stats for a specific peer
or for all peers and then update the userspace counters with the value
reported by DCO.
Change-Id: Ia3990b86b1be7ca844fb1674b39ce0d60528ccff
Signed-off-by: Antonio Quartulli
---
Changes from v1:
* use m->instances[] inst
With this API it is possible to retrieve the stats for a specific peer
or for all peers and then update the userspace counters with the value
reported by DCO.
Change-Id: Ia3990b86b1be7ca844fb1674b39ce0d60528ccff
Signed-off-by: Antonio Quartulli
---
Changes from v1:
* use m->instances[] inst
ristof Provost
Change-Id: I8d8af6f872146604a9710edf443db65df48ac3cb
Signed-off-by: Antonio Quartulli
---
NOTE: not tested because I have no FreeBSD environment
Changes from v1:
* added boundary check on peer-id
---
src/openvpn/dco_freebsd.c | 27 ---
1 file changed, 12 inse
Hi,
On 22/03/2023 08:14, Gert Doering wrote:
Hi,
On Wed, Mar 22, 2023 at 12:10:03AM +0100, Antonio Quartulli wrote:
+struct multi_instance *mi = m->instances[peer_id];
+if (!mi)
{
This (and undoubtedly the same code in dco_linux.c) is trusting the
kernel to never ret
Hi,
On 22/03/2023 00:10, Antonio Quartulli wrote:
When retrieving the multi_instance of a specific peer,
there is no need to peform a linear search across the
whole m->hash list. We can directly access the needed
object via m->instances[peer-id] in constant time (and
just one line o
ristof Provost
Change-Id: I8d8af6f872146604a9710edf443db65df48ac3cb
Signed-off-by: Antonio Quartulli
---
NOTE: not tested because I have no FreeBSD environment and I
can't find how to kick off the buildbot
---
src/openvpn/dco_freebsd.c | 22 +-
1 file changed, 5 insertions(
With this API it is possible to retrieve the stats for a specific peer
or for all peers and then update the userspace counters with the value
reported by DCO.
Change-Id: Ia3990b86b1be7ca844fb1674b39ce0d60528ccff
Signed-off-by: Antonio Quartulli
---
Changes from v1:
* use m->instances[] inst
Signed-off-by: Antonio Quartulli
---
src/openvpn/multi.c | 10 --
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c
index 53c17b3a..1f0a9c01 100644
--- a/src/openvpn/multi.c
+++ b/src/openvpn/multi.c
@@ -549,7 +549,10 @@ multi_del_iroutes
With this API it is possible to retrieve the stats for a specific peer
or for all peers and then update the userspace counters with the value
reported by DCO.
Change-Id: Ia3990b86b1be7ca844fb1674b39ce0d60528ccff
Signed-off-by: Antonio Quartulli
---
Pleas, use the latest ovpn-dco master branch
)
where the errno=4 (and its human readable representation) is a leftover
from the previous recv() interrupted by a signal and it is totally
unrelated to this netlink failure.
Signed-off-by: Antonio Quartulli
---
src/openvpn/dco_linux.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff
Ignore the last message - it was meant for another patch *shrug*
On 09/03/2023 16:02, Antonio Quartulli wrote:
This is being discussed on Gerrit at:
https://gerrit.openvpn.net/c/openvpn/+/28
On 09/03/2023 14:14, Antonio Quartulli wrote:
In order to provide better support in case
-Id: Ia1297c3ae9a28b188ed21ad21ae96fff3d02ee4d
[l...@openvpn.net: ensure win_dco flag is still exposed]
Signed-off-by: Antonio Quartulli
---
Changes from v1:
* improved comments
* improved commit message
This patch was also reviewed and approved on gerrit at:
https://gerrit.openvpn.net/c/openvpn
This is being discussed on Gerrit at:
https://gerrit.openvpn.net/c/openvpn/+/28
On 09/03/2023 14:14, Antonio Quartulli wrote:
In order to provide better support in case of troubleshooting issues,
it's important to know what exact DCO version is loaded on the user
system.
Therefore print
with a follow-up patch.
For Linux we directly fetch the module version from /sys and print
something like:
DCO version: 0.1.20230206-15-g580608ec7c59
Change-Id: Ie1f6fa5d12a473d353d84fd119c2430b638e8bcd
Signed-off-by: Antonio Quartulli
---
Changes from v1:
* beautify usage of buf with some
ver, this was not happening in
tls_crypt_v2_unwrap_client_key() thus leading to the assert being triggered.
Acked-by: Antonio Quartulli
---
src/openvpn/tls_crypt.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/openvpn/tls_crypt.c b/src/openvpn/tls_crypt.c
index 8882d5de0..4f22f8af7 100
with a follow-up patch.
For Linux we directly fetch the module version from /sys and print
something like:
DCO version: 0.1.20230206-15-g580608ec7c59
Change-Id: Ie1f6fa5d12a473d353d84fd119c2430b638e8bcd
Signed-off-by: Antonio Quartulli
---
Changes from v1:
* beautify usage of buf with some
Hi,
On 09/03/2023 13:13, Kristof Provost via Openvpn-devel wrote:
This should use BSTR(data) instead.
I copied Antonio’s code here, but that is better, so I’ll fix that too.
dang! with one email Arne spoiled two patches!
Cheers,
--
Antonio Quartulli
Hi,
On 09/03/2023 10:03, Kristof Provost wrote:
On 9 Mar 2023, at 9:57, Antonio Quartulli wrote:
On 09/03/2023 09:36, Kristof Provost wrote:
On 9 Mar 2023, at 1:52, Antonio Quartulli wrote:
In order to provide better support in case of troubleshooting issues,
it's important to know what
Hi,
On 09/03/2023 09:36, Kristof Provost wrote:
On 9 Mar 2023, at 1:52, Antonio Quartulli wrote:
In order to provide better support in case of troubleshooting issues,
it's important to know what exact DCO version is loaded on the user
system.
Therefore print the DCO version during bootup
with a follow-up patch.
For Linux we directly fetch the module version from /sys and print
something like:
DCO version: 0.1.20230206-15-g580608ec7c59
Cc: Lev Stipakov
Cc: Kristof Provost
Change-Id: Ie1f6fa5d12a473d353d84fd119c2430b638e8bcd
Signed-off-by: Antonio Quartulli
---
src/openvpn
was not there at all.
Under the hood DCO will redirect control packets to the transport socket
without altering them, so that userspace can happily process them as
usual.
Change-Id: Ia1297c3ae9a28b188ed21ad21ae96fff3d02ee4d
[l...@openvpn.net: ensure win_dco flag is still exposed]
Signed-off-by: Antonio Quartulli
30s). Avoid this situation by setting the socket to be
non-blocking, so we get a status in this case that allows us to continue.
Change-Id: I35447c23a9350176007df5455bf9451021e9856d
Signed-off-by: Arne Schwabe
Well spotted!
Acked-by: Antonio Quartulli
---
src/openvpn/dco_linux.c | 2 ++
1 f
Signed-off-by: Antonio Quartulli
---
As concluded on IRC, this version does what we want it to do.
We also quickly tested with some sample program to make sure we weren't
making this up.
src/openvpn/tls_crypt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/openvpn
not enough data in tls-crypt-v2 client key");
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Hi,
On 03/03/2023 12:27, Antonio Quartulli wrote:
Hi,
On 03/03/2023 12:05, Kristof Provost via Openvpn-devel wrote:
From: Kristof Provost
FreeBSD's if_ovpn will never emit this as a peer deletion reason
(because it doesn't support TCP), but this allows us to align the
defines between Linux
EER_REASON_USERSPACE:
/* We assume that is ourselves. Unfortunately, sometimes these
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
With this change we extend the text exposed to people opening a bug in
the OpenVPN project.
Hopefully they will read and immediately understand that GH is not the
right place to report ossues about commercial products.
Change-Id: Idd039612698a6b08f9544450885d1a5f77fd95c6
Signed-off-by: Antonio
only once, therefore
they won't cause the recursion to continue indefinitely.
Acked-by: Antonio Quartulli
---
src/openvpn/dco.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c
index 3087a0df..b53332a8 100644
--- a/src/openvpn/dco.c
+++ b/src/ope
1 - 100 of 4903 matches
Mail list logo