[Openvpn-devel] [PATCH 3/4] Allow administrator to supply a user to pam_start().

If the user doesn't supply any arguments to the plugin in the OpenVPN configuration file, then it defaults to setting the second argument to the pam_start() function with the username that the other end of the vpn supplied. The pam libraries use this as the initial value for the PAM_USER pam

[Openvpn-devel] [PATCH 0/4] RFC changes to the auth-pam plugin.

I wanted to use OpenVPN with PAM whilst enforcing the use of the TLS client cert common name in place of the user-supplied user name. This wouldn't work with the PAM plugin I was using, and in the process of debugging this I've made a few changes to the auth-pam plugin which I hope make it easier

[Openvpn-devel] [PATCH 2/4] Factor out name/val list walk, add default password reply.

If the user doesn't supply any arguments to the plugin in the OpenVPN configuration file, then it defaults to answering any PAM conversation 'questions' where the pam module sets the message style to PAM_PROMPT_ECHO_OFF with the password, and where the style is set to PAM_PROMPT_ECHO_ON with the

[Openvpn-devel] [PATCH 4/4] Improve docs and also detail new functionality.

Hopefully clarify usage, and fix spelling errors. Document new functionality WRT PAM_USER and implicit password responses when a non-matching non-echoing PROMPT is made by a PAM module. Signed-off-by: Tim Small --- src/plugins/auth-pam/README.auth-pam | 152

[Openvpn-devel] [PATCH 1/4] Add explicit debug statements for pam auth and account steps.

The plugin carries out separate checks on authorisation and account validity, but only prints a single "user X failed to authenticate" message, even if the PAM authenticate tests pass, but the PAM account check fails. Also log common name as well as user name. Signed-off-by: Tim Small

Re: [Openvpn-devel] Adding routes on Windows using DHCP

hi, On Wed, Jul 08, 2015 at 02:22:36PM -0400, Selva Nair wrote: > On Wed, Jul 8, 2015 at 12:26 PM, Jan Just Keijser wrote: > > > FWIW: I've patched openvpn to set routes using DHCP on Windows and yes, > > it works: I can add any route to the system routing tables, including >

Re: [Openvpn-devel] Adding routes on Windows using DHCP

Hi, On Wed, Jul 08, 2015 at 06:26:33PM +0200, Jan Just Keijser wrote: > >AFAICT windows does support that option (that's what I was referring > >to with options 121 or 249) . OTOH, I am *not* sure if it allows you > >to set a 0.0.0.0/1 route using that option, but I guess there's only > >one

Re: [Openvpn-devel] Adding routes on Windows using DHCP

On Wed, Jul 8, 2015 at 12:26 PM, Jan Just Keijser wrote: > > FWIW: I've patched openvpn to set routes using DHCP on Windows and yes, > it works: I can add any route to the system routing tables, including > 0.0.0.0/1 and 128.0.0.1/1 ; this could be used as an alternative to >

Re: [Openvpn-devel] [PATCH v2] Add TFTP and WPAD DHCP options

Hi, Jan Just Keijser wrote: Gert Doering wrote: On Thu, Jul 02, 2015 at 11:56:28AM +0200, Jan Just Keijser wrote: +write_dhcp_str (buf, 66, o->tftp, ); +write_dhcp_str (buf, 150, o->tftp, ); This does not look safe to me (or I'm overlooking something) - if o->tftp is not

Re: [Openvpn-devel] Adding routes on Windows using DHCP

Hi, Jan Just Keijser wrote: On 03/07/15 15:15, Gert Doering wrote: On Fri, Jul 03, 2015 at 01:56:39PM +0200, JÁKÓ András wrote: yes this is possible; it's possible to push multiple gateways and multiple (classless) routes (dhcp options 121 & 249). If the metric on the tap-win adapter is set