v2: Simplified "add sublayer" code
Currently each instance of openvpn adds WFP filters into an independent
sublayer. As a block in one sublayer can over-ride a permit in another,
this causes all DNS traffic to block when --block-outside-dns is used
in multiple tunnels.
Fix using a common
v2: Simplify the "add sublayer" code.
Currently each instance of openvpn adds WFP filters into an independent
sublayer. As a block in one sublayer can over-ride a permit in another,
this causes all DNS traffic to block when --block-outside-dns is used
in multiple tunnels.
Fix using a common
Add scopes for the conditional code, remove local scope that's only needed
for c89 support (which we dropped).
This patch should be applied after the SHA256 fingerprint support patch.
Signed-off-by: Steffan Karger
---
src/openvpn/ssl_verify.c | 17 ++---
1 file
Instead of just [MH], show [MH/PKTINFO] or [MH/RECVDA], to see more
easily which compile-time variant was chosen by configure and syshead.h
Signed-off-by: Gert Doering
---
src/openvpn/options.c | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git
Hi,
On Fri, Sep 16, 2016 at 09:02:42PM +0200, Gert Doering wrote:
> NetBSD has introduced IP_PKTINFO and struct in_pktinfo, but does not
> have the "ipi_spec_dst" structure element, causing compilation errors.
>
> Introduce a check for that (AC_CHECK_MEMBER) in configure.ac, and
> change all
NetBSD has introduced IP_PKTINFO and struct in_pktinfo, but does not
have the "ipi_spec_dst" structure element, causing compilation errors.
Introduce a check for that (AC_CHECK_MEMBER) in configure.ac, and
change all "#ifdef HAVE_IN_PKTINFO" to also check "HAVE_IPI_SPEC_DST".
Patch inspired by
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
ACK. This works well on CentOS 5, so this change makes sense as this
makes the compiler behaviour more predictable in regards to C standards.
This will most possibly break non-GNU compilers though (Solaris and AIX?).
But as this behaviour can be
On 25/08/16 15:45, David Sommerseth wrote:
>
> Hi,
>
[...snip...]
>
> What the patch-set does is:
>
> - Add --auth-gen-token, and when used the following steps happens
>
> - After a successful normal user/password authentication, it will
> generate a random token for this tunnel and keep a
In the release/2.3 branch we support gnu89, basically to keep
pre-2015 MSVC happy. Old gcc (<5) defaulted to gnu89. But
gcc 5+ and clang default to gnu11/c11. This patch makes our
gnu89 support explicit, such these newer compilers will also
point out gnu89 violations to developers.
v2: only
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Your patch has been applied to the following branches
commit a7b02f7f660707f765881f35867b4d23d89b390f (master)
commit 0043ddbbe6768ac560996e9879f47381e043a116 (release/2.3)
Author: Gert Doering
Date: Tue Sep 13 22:04:58 2016 +0200
Do not
This option was useful when Ipv6 tun support was non standard and was an
internal/user specified flag that tracked the Ipv6 capability of the tun device.
All supported OS support IPv6. Also tun-ipv6 is pushable by the remote so not
putting tun-ipv6 does not forbid ipv6 addresses.
This commit
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 13/09/16 22:04, Gert Doering wrote:
> Basically, an oversight - if one test instance does not start at
> all (due to "tap driver not loaded") the whole script would exit,
> instead of logging the failing instance and proceeding to the next
> test
12 matches
Mail list logo