Re: [Openvpn-devel] [PATCH] Add option --push-suppress-ipv6 to stop sending IPv6 info to clients.

On 20/10/15 23:28, Gert Doering wrote: > Hi, > > On Tue, Oct 20, 2015 at 10:45:23AM +0200, Arne Schwabe wrote: >> Am 19.10.15 um 20:06 schrieb Gert Doering: >>> Workaround option for servers that have IPv6 working just fine, but >>> need to turn it off for individual clients - in that case, set

[Openvpn-devel] [PATCH] openssl: remove usage of OPENSSL_malloc() from show_available_curves

There is no need to use OPENSSL_malloc(), so use our own functions that automatically check for NULL and remove the now redundant NULL check. Signed-off-by: Steffan Karger --- src/openvpn/ssl_openssl.c | 33 + 1 file changed, 13 insertions(+),

[Openvpn-devel] [PATCH] Fix memory leak in auth-pam plugin

As it says on the tin. aresp would not be free'd nor returned by my_conv() on errors. Note that we never reach this code if allocation of aresp failed. Found with the Clang static analyzer. Signed-off-by: Steffan Karger --- src/plugins/auth-pam/auth-pam.c | 3 +++ 1 file

[Openvpn-devel] [PATCH] hardening: add insurance to exit on a failed ASSERT()

The code behind our ASSERT() macro is pretty complex. Although it seems to be correct, make it trivially clear we will never return from a failed assert by adding an _exit(1) call. As was suggested by Sebastian Krahmer of the SuSE security team. A secondary benefit is that tools like clang

Re: [Openvpn-devel] [PATCH] Add option --push-suppress-ipv6 to stop sending IPv6 info to clients.

Hi, On Tue, Oct 20, 2015 at 10:45:23AM +0200, Arne Schwabe wrote: > Am 19.10.15 um 20:06 schrieb Gert Doering: > > Workaround option for servers that have IPv6 working just fine, but > > need to turn it off for individual clients - in that case, set this > > option in the --client-config-dir file

Re: [Openvpn-devel] Creating a Windows team for OpenVPN?

ho hum -Original Message- From: David Sommerseth [mailto:openvpn.l...@topphemmelig.net] Sent: Monday, October 19, 2015 3:01 PM To: Morris, Russell ; Heiko Hund ; sam...@openvpn.net Cc: openvpn-devel@lists.sourceforge.net Subject: Re:

Re: [Openvpn-devel] Creating a Windows team for OpenVPN?

By the way, there is an open-source SecurePoint VPN client (https://sourceforge.net/projects/securepoint/) which handles current versions of Windows very well. And here is my list of available open-source OpenVPN GUIs: https://gist.github.com/ValdikSS/9d7b13b5ef510c6b6d45#file-openvpn-guis-md

Re: [Openvpn-devel] Interactive windows service

On Tue, Oct 20, 2015 at 1:23 PM, Heiko Hund wrote: > On Tuesday 20 October 2015 13:11:44 Selva Nair wrote: > > Thanks for the link. I cloned it, but it appears to be the same as a late > > 2014 (early 2.3.x ?) version. In particular, the src directory has just > > the

Re: [Openvpn-devel] Interactive windows service

On Tuesday 20 October 2015 13:11:44 Selva Nair wrote: > Thanks for the link. I cloned it, but it appears to be the same as a late > 2014 (early 2.3.x ?) version. In particular, the src directory has just > the same two subdirectories openvpn and openvpnserv, and the latter is the > same as in the

Re: [Openvpn-devel] Interactive windows service

On Tue, Oct 20, 2015 at 6:30 AM, Heiko Hund wrote: > On Saturday 17 October 2015 11:44:07 Selva Nair wrote: > > Is there a public repo where I can access this? I have been using a > > patched MI-GUI to avoid needing admin priv on windows but working > towards > > a

Re: [Openvpn-devel] [PATCH] Replace variable length array with malloc

Why OPENSSL_malloc() in particular? I looked for other malloc calls in that file and only example I've found was OPENSSL_malloc in show_available_curves(). On the other side Dr. Stephen Henson says (quote unedited): http://permalink.gmane.org/gmane.comp.encryption.openssl.user/11291 You

Re: [Openvpn-devel] [PATCH] Replace variable length array with malloc

> Why OPENSSL_malloc() in particular? I looked for other malloc calls in that file and only example I've found was OPENSSL_malloc in show_available_curves(). On the other side Dr. Stephen Henson says (quote unedited): http://permalink.gmane.org/gmane.comp.encryption.openssl.user/11291 > You

Re: [Openvpn-devel] [PATCH] Replace variable length array with malloc

Hi, On Tue, Oct 20, 2015 at 04:22:59PM +0300, Lev Stipakov wrote: > Commit > https://github.com/OpenVPN/openvpn/commit/685e486e8b8f70c25f09590c24762ff734f94a51 > introduced a variable length array. Although C99 supports that, MSVS 2013 > still requires > size of array to be compiler time

[Openvpn-devel] [PATCH] Replace variable length array with malloc

Commit https://github.com/OpenVPN/openvpn/commit/685e486e8b8f70c25f09590c24762ff734f94a51 introduced a variable length array. Although C99 supports that, MSVS 2013 still requires size of array to be compiler time constant. As a fix, use OPENSSL_malloc/free. Signed-off-by: Lev Stipakov

[Openvpn-devel] Interesting link related to OpenVPN on Windows

Hi, just read this post: http://www.theregister.co.uk/2015/10/19/microsoft_openssh_code_release/ Here's Redmond's rough road map for the OpenSSH port: Update NoMachine port to OpenSSH 7.1 [Done] Leverage Windows crypto api’s instead of OpenSSL/LibreSSL and run as Windows

Re: [Openvpn-devel] Creating a Windows team for OpenVPN?

On Tuesday 20 October 2015 10:15:22 Samuli Seppänen wrote: Are you saying that the interactive service also doubles as a Windows system service? If so, can it be configured to autostart selected openvpn connections on boot and restart them if they crash/stop? No, and I do not think that the

Re: [Openvpn-devel] Creating a Windows team for OpenVPN?

On Tuesday 20 October 2015 11:51:16 Samuli Seppänen wrote: > 3) Adding OpenVPN-GUI to OpenVPN's GitHub page > > This was proposed by someone else earlier. If nothing else, it would > allow sharing responsibility of OpenVPN-GUI development among more > people, like what happened with easy-rsa,

Re: [Openvpn-devel] Creating a Windows team for OpenVPN?

On Monday 19 October 2015 16:57:02 Selva Nair wrote: > I feel a framework such as the "interactive service" -- which is now and > again mentioned in the mailing lists but no idea what it is --- with new > GUI or a partial rewrite of the current one to effectively use the > management interface

Re: [Openvpn-devel] Creating a Windows team for OpenVPN?

On Tuesday 20 October 2015 10:15:22 Samuli Seppänen wrote: > >> Are you saying that the interactive service also doubles as a Windows > >> system service? If so, can it be configured to autostart selected > >> openvpn connections on boot and restart them if they crash/stop? > > > > No, and I do

Re: [Openvpn-devel] Interactive windows service

On Saturday 17 October 2015 11:44:07 Selva Nair wrote: > Is there a public repo where I can access this? I have been using a > patched MI-GUI to avoid needing admin priv on windows but working towards > a solution that could come bundled with "official" releases would be great. Currently it is

Re: [Openvpn-devel] Creating a Windows team for OpenVPN?

On 19/10/15 16:58, Morris, Russell wrote: I'd be happy to help out - but as above, I'm not an expert. So definitely willing, but usefulness may be questionable unfortunately ... ;-). That isn't too far away from where I started and got involved into the OpenVPN core dev-team. I was far from

Re: [Openvpn-devel] Creating a Windows team for OpenVPN?

Hi all, This response is not really a response - please bear with me. Regarding Windows GUIs... The situation with them is similar to the situation we had with OpenVPN back in 2009. Back then, the main repository (SVN) was managed by James, but he did not have time to review or merge

Re: [Openvpn-devel] [PATCH] Add option --push-suppress-ipv6 to stop sending IPv6 info to clients.

Am 19.10.15 um 20:06 schrieb Gert Doering: > Workaround option for servers that have IPv6 working just fine, but > need to turn it off for individual clients - in that case, set this > option in the --client-config-dir file for a particular user, or > via --client-connect script/plugin hook for

Re: [Openvpn-devel] Creating a Windows team for OpenVPN?

Hi, Are you saying that the interactive service also doubles as a Windows system service? If so, can it be configured to autostart selected openvpn connections on boot and restart them if they crash/stop? No, and I do not think that the service should take care of that. That's rather things