Antonio,
I certainly don’t disagree with you.
However I think I’ve taken up enough bandwidth over this topic on
Openvpn-devel. Thank you all.
Marvin
> On Apr 1, 2018, at 7:20 PM, Antonio Quartulli wrote:
>
>> On 02/04/18 10:12, Marvin Adeff wrote:
>> Even on the internet I can tell country,
On 02/04/18 10:12, Marvin Adeff wrote:
> Even on the internet I can tell country, ISP etc. Very useful for security
> ACLs etc. Unless I’m completely mistaken, I don’t believe this is easily done
> in ipv6.
mostly because at this very moment Tunnel Brokers are widely used and
they act as a "pro
Gert,
Without invalidating the reason for your frustration, I am breathing a sigh of
relief.
As a complete aside, in some ways ipv4 is actually more useful to me in my
work. In a private network I can tell where in the network the traffic is
coming from. Even on the internet I can tell country
Hi,
On Sun, Apr 01, 2018 at 12:21:53PM -0700, Marvin Adeff wrote:
> I had not considered the extra work and code required to maintain both
> versions. But I get it now. Here is the unfortunate position this puts us in:
[..]
Well, that part of my e-mail was a bit of frustration speaking - I've
be
This series is a follow-up to 'add netlink support for Linux' by Antonio
Quartulli. It enhances integration with systemd and improves system security
by running the openvpn process with a dedicated user.
Christian Hesse (3):
systemd: run openvpn with dedicated user
systemd: do not downgrade UI
From: Christian Hesse
Now that we have a native netlink interface run the process with dedicated
user 'openvpn'. This is possibly by granting ambient capabilities, see
systemd.exec(5).
Signed-off-by: Christian Hesse
---
configure.ac | 8
distro/systemd/Mak
From: Christian Hesse
Now that systemd starts the process with dedicated user we do no longer
want to downgrade privileges. Also remove CAP_SETGID and CAP_SETUID
from granted privileges.
Signed-off-by: Christian Hesse
---
distro/systemd/openvpn-cli...@.service.in | 2 +-
distro/systemd/openvpn
From: Christian Hesse
We have a dedicated user created by systemd-sysusers, so create
configuration directories from systemd-tmpfiles for proper permissions.
This mitigates a race condition at packaging/install time.
Signed-off-by: Christian Hesse
---
distro/systemd/tmpfiles-openvpn.conf | 2 +
Ok, I’ll only discard the irate part ;-]
I had not considered the extra work and code required to maintain both
versions. But I get it now. Here is the unfortunate position this puts us in:
We use OpenVPN for connection from 1000’s of devices located at customer
facilities back to us. These de
Hi,
On Sun, Apr 01, 2018 at 11:19:57AM -0700, Marvin Adeff wrote:
> Think of us poor mail list lurkers. Practically gave this one a heart attack!
> Not having seen that private reply, I hope that means I can discard the
> long-ass (and quite irate) reply I was working on?
Please share!
> (Sen
Think of us poor mail list lurkers. Practically gave this one a heart attack!
Not having seen that private reply, I hope that means I can discard the
long-ass (and quite irate) reply I was working on?
Marvin
(Sent from an ipv4 address)
> On Apr 1, 2018, at 8:52 AM, Jonathan K. Bullard wrote:
Hi,
On Sun, Apr 1, 2018 at 11:34 AM, Gert Doering wrote:
> Hi,
>
> On Sun, Apr 01, 2018 at 10:19:37AM -0400, Selva Nair wrote:
>> On Sun, Apr 1, 2018 at 2:30 AM, Gert Doering wrote:
>>
>> > As discussed in trac #208 and on IRC with Antonio, OpenVPN 2.5 will
>> > be IPv6-only. Removal of IPv4-re
Hi,
On Sun, Apr 01, 2018 at 10:19:37AM -0400, Selva Nair wrote:
> On Sun, Apr 1, 2018 at 2:30 AM, Gert Doering wrote:
>
> > As discussed in trac #208 and on IRC with Antonio, OpenVPN 2.5 will
> > be IPv6-only. Removal of IPv4-related code and options will dramatically
> > reduce code complexity
Hi,
On Sun, Apr 1, 2018 at 2:30 AM, Gert Doering wrote:
> As discussed in trac #208 and on IRC with Antonio, OpenVPN 2.5 will
> be IPv6-only. Removal of IPv4-related code and options will dramatically
> reduce code complexity, confusing options, bugs and user questions.
>
> Add deprecation warn
This patch introduces a tiny netlink interface, optimized
for the openvpn use case.
It basically exposes all those operations that are currently
handled by directly calling the /sbin/ip command (or even
ifconfig/route, if configured).
By using netlink, openvpn won't need to spawn new processes
wh
This variable is helpful when the configure script
has to take actions that are strictly limited to
the LINUX platform, as required by the introduction
of netlink support.
Signed-off-by: Antonio Quartulli
---
configure.ac | 2 ++
1 file changed, 2 insertions(+)
diff --git a/configure.ac b/confi
Signed-off-by: Antonio Quartulli
---
src/openvpn/route.c | 364 ++--
1 file changed, 71 insertions(+), 293 deletions(-)
diff --git a/src/openvpn/route.c b/src/openvpn/route.c
index 8990a986..4b398366 100644
--- a/src/openvpn/route.c
+++ b/src/openv
Hi all,
this patchset introduces native netlink support for the Linux platform.
At the moment openvpn operates on the tun interface and on the routing
table by directly invoking the "ip" command (or ifconfig/route if
nettools is selected at compile time).
With this patchset, openvpn would not ne
Signed-off-by: Antonio Quartulli
---
src/openvpn/tun.c | 199 --
1 file changed, 58 insertions(+), 141 deletions(-)
diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index 263cacdf..4e0b3f90 100644
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun
Hello,
Jonathan K. Bullard, on dim. 01 avril 2018 06:17:55 -0400, wrote:
> Either way, can anyone give an approximate release date for 2.5, so we
> can have a time frame for the change? (Even a "not before" date would
> be very helpful in evaluating the impact of these proposed changes.)
I guess
Hi,
On Sun, Apr 1, 2018 at 2:30 AM, Gert Doering wrote:
> As discussed in trac #208 and on IRC with Antonio, OpenVPN 2.5 will
> be IPv6-only. Removal of IPv4-related code and options will dramatically
> reduce code complexity, confusing options, bugs and user questions.
>
> Add deprecation warn
21 matches
Mail list logo
