Re: [Openvpn-devel] [PATCH 07/10] Create separate function for replay check

Hi, On Mon, Feb 8, 2016 at 4:55 PM, Arne Schwabe wrote: > Am 07.02.16 um 20:47 schrieb Steffan Karger: >> In preparation for AEAD cipher modes, which will need the same >> functionality. >> >> Should not change any behaviour. > > ACK. Passing gc instead of using an own

Re: [Openvpn-devel] route / route-ipv6 can not be used in ccd

Samuel Thibault, on Mon 08 Feb 2016 22:39:29 +0100, wrote: > We could of course use the --up script to set the routes, Oops, sorry, I didn't mean --up, but client-connect of course. Samuel

[Openvpn-devel] route / route-ipv6 can not be used in ccd

Hello, Is there a reason for not being allowed to set route / route-ipv6 options in the ccd? Here is our need: we have two openvpn daemons running on the same server, one in udp mode, the other in tcp mode. Both have the same configuration, that setup is meant for our users to use whichever

Re: [Openvpn-devel] [PATCH 09/10] Add cipher name translation for OpenSSL.

Am 07.02.16 um 20:47 schrieb Steffan Karger: > This keeps naming consistent. For example, instead of id-aes128-GCM use > AES-128-GCM, which is more like AES-128-CBC. > > + > + if (NULL == pair) > +return cipher_name; > + I like the pair == NULL style more. Otherwise ACK from me. arne

Re: [Openvpn-devel] [PATCH 06/10] Change openvpn_encrypt() to append to work buffer only

Am 07.02.16 um 20:47 schrieb Steffan Karger: > Preparation for AEAD cipher modes, which also have to authenticate the > opcode and peer-id of packets. To supply that information to > openvpn_encrypt(), I want to simply write those to the work buffer > before calling openvpn_encrypt(). That

Re: [Openvpn-devel] [PATCH 07/10] Create separate function for replay check

Am 07.02.16 um 20:47 schrieb Steffan Karger: > In preparation for AEAD cipher modes, which will need the same > functionality. > > Should not change any behaviour. ACK. Passing gc instead of using an own gc does not really matter in this case. Arne

Re: [Openvpn-devel] [PATCH 05/10] Move packet_id into crypto_options

Am 07.02.16 um 20:47 schrieb Steffan Karger: > Decouples struct key_state and struct crypto_options. No longer updating > self-referential pointers! > ACK. Arne

Re: [Openvpn-devel] [PATCH 04/10] Move key_ctx_bi into crypto_options

Am 07.02.16 um 20:47 schrieb Steffan Karger: > The encrypt and decrypt routines use struct crypto_options as their main > information source. A struct crypto_options would have a pointer to a > struct key_ctx_bi, which had to be updated at the correct moments to keep > them correct. Instead of

Re: [Openvpn-devel] [PATCH 03/10] Move crypto_options into key_state and stop using context in SSL-mode.

Am 07.02.16 um 20:47 schrieb Steffan Karger: > Moving crypto_options into key_state enables us to stop using the global > context for each packet encrypt/decrypt operation. Decoupling the crypto > from the global context removes the need to copy the relevant parts of > crypto_options for each

Re: [Openvpn-devel] [PATCH 02/10] Remove reuse of key_type during init of data channel auth and tls-auth

Am 07.02.16 um 20:47 schrieb Steffan Karger: > Prepare for using AEAD cipher modes + tls-auth, as tls-auth might want to > use an HMAC, while the data channel uses e.g. GCM tags. This separates > the two initialisations. Also, error out (and give a clear error message) > if a user specifies

Re: [Openvpn-devel] [PATCH 01/10] Allow NULL argument in cipher_ctx_get_cipher_kt()

Am 07.02.16 um 20:47 schrieb Steffan Karger: > Since otherwise we'll have to perform the check before each call. > > ACK. No changes in behaviour. Arne

[Openvpn-devel] OpenVPN installers with openvpn-gui pull request #13's code included

Hi, Selva has a pending pull request to openvpn-gui, which completes the integration of interactive service into OpenVPN installers: The pull request contains several changes which need testing:

Re: [Openvpn-devel] GUI repo

I saw few cases when openvpn.exe remains running even after openvpn-gui told it to stop (and it was awful). is iservice magic of start/stop openvpn.exe the same as for openvpn-gui ? if yes, I would say that it is ok to switch to iservice by default. 2016-02-08 12:42 GMT+05:00 Gert Doering

Re: [Openvpn-devel] GUI repo

Hi, On Mon, Feb 08, 2016 at 08:35:54AM +0500, ?? wrote: > I have one question regarding that. > when we deployed openvpn, we used to supply our users a config file without > "nobind" keyword. > > it worked for most of our users, however, those who needed 2 or more vpn >

Re: [Openvpn-devel] GUI repo

Hi, On Mon, Feb 08, 2016 at 08:27:13AM +0500, ?? wrote: > but how does it look from user point of view ? why do we show that to user > ? how do you we want user to interact with that ? Installer installs iservice, GUI uses it, done. If someone wants expert mode and clicks

Re: [Openvpn-devel] GUI repo

Hi, On Sun, Feb 7, 2016 at 10:35 PM, Илья Шипицин wrote: > what about that PR. there might be cases when > > 1) interactive service installed > 2) user is administrator > It will just work in all cases that worked before (as Gert said, 1, 2 and 1&&2). The pull request

Re: [Openvpn-devel] GUI repo

I saw that PR. I have one question regarding that. when we deployed openvpn, we used to supply our users a config file without "nobind" keyword. it worked for most of our users, however, those who needed 2 or more vpn connections complained that "port already bind". so, we added "nobind" to

Re: [Openvpn-devel] GUI repo

2016-02-08 2:55 GMT+05:00 Gert Doering : > Hi, > > On Mon, Feb 08, 2016 at 01:12:37AM +0500, ?? wrote: > > there's still "Start OpenVPN directly" > > > > https://github.com/OpenVPN/openvpn-gui/blob/master/openvpn.c#L724 > > > > in such case admin rights