Re: [Openvpn-devel] [PATCH] Implement parsing and sending INFO and INFO_PRE control messages

Hi, On 03/07/18 23:33, Gert Doering wrote: > Hi, > > On Tue, Jul 03, 2018 at 04:47:55PM +0200, Arne Schwabe wrote: >> OpenVPN 3 implements these messages to send information during the >> authentication to the UI, implement these message also in OpenVPN 2.x > > Feature-Questionmark :-) > > Is

Re: [Openvpn-devel] Upstreaming pqcrypto changes from microsoft/openvpn

[Resending to openvpn-devel now that I'm subscribed to it.] Hello all, Thanks to Jon for making the introduction. My team works on post-quantum (PQ) cryptography, which is algorithms used by regular computers but which are resistant to attack by a sufficiently powerful quantum computer. This

[Openvpn-devel] Upstreaming pqcrypto changes from microsoft/openvpn

Hi, (Retitling thread from RE: [Openvpn-devel] Topics for the community meeting (Wed, 13th June 2018)) > do you know this activity https://github.com/Microsoft/openvpn/ ? > there are interesting things There are *very* interesting things there! > Do you know if Kevin (or his manager/team)

Re: [Openvpn-devel] tap-windows6 and AppVeyor

Agreed. I leapt a bit too far to land at my conclusion. :| I gladly defer to those who have to live with this decision in the long run. (Unfortunately, it seems that MS' VSTS doesn't have any WDK or EWDK CI solutions at all...oh well.) -Original Message- From: Simon Rozman Sent:

Re: [Openvpn-devel] tap-windows6 and AppVeyor

Hi, > I chose the EWDK thinking it would actually be easier for CI because it was > so > similar to the Win7 DDK, but from what you are saying I was wrong (at least > for AppVeyor). Are you interested converting buildtap.py to use > VS2017+WDK instead of the EWDK? I'm happy to do it, but I won't

[Openvpn-devel] [PATCH applied] Re: Add MTU to Android IFCONFIG6 control command

Acked-by: Gert Doering "I guessed that something interesting might happen here" - nothing much to review, though, as it's Android specific and does not touch anything else (and no obvious issues with it). Your patch has been applied to the master branch. commit

Re: [Openvpn-devel] Topics for the community meeting (Wed, 13th June 2018)

I don't know right off, but I will ask. -Original Message- From: Samuli Seppänen Sent: Tuesday, July 3, 2018 11:23 AM To: Jon Kunkee ; Илья Шипицин Cc: openvpn-devel Subject: Re: [Openvpn-devel] Topics for the community meeting (Wed, 13th June 2018) Hi Jon, Do you know if Kevin

Re: [Openvpn-devel] Topics for the community meeting (Wed, 13th June 2018)

Hi Jon, Do you know if Kevin (or his manager/team) plans to push his work upstream (i.e. to us) at some point? -- Samuli Seppänen Community Manager OpenVPN Technologies, Inc irc freenode net: mattock Il 03/07/2018 20:55, Jon Kunkee ha scritto: > Yes, I am aware of that. Note that it’s not

Re: [Openvpn-devel] Topics for the community meeting (Wed, 13th June 2018)

Yes, I am aware of that. Note that it’s not tap-windows6, but openvpn. I talked to the primary contributor to that fork, Kevin Kane, a few days ago. When I asked if his team had done anything with signing the driver or doing the HLK work, he said his team uses tap-windows6 as-shipped, complete

Re: [Openvpn-devel] Topics for the community meeting (Wed, 13th June 2018)

Hello, Jon. do you know this activity https://github.com/Microsoft/openvpn/ ? there are interesting things вт, 3 июл. 2018 г. в 22:43, Jon Kunkee via Openvpn-devel < openvpn-devel@lists.sourceforge.net>: > Hi, > > 2. Tap-windows6 patches, building and testing > > In order to get the

Re: [Openvpn-devel] Topics for the community meeting (Wed, 13th June 2018)

Hi, 2. Tap-windows6 patches, building and testing In order to get the tap-windows6 driver signed properly for Windows Server 2016, it needs to pass the Windows Hardware Certification Program subset of the Windows Hardware Logo Kit (HLK) tests. Samuli has the tests running in EC2, but there

[Openvpn-devel] Topics for the community meeting (Wed, 13th June 2018)

Hi, We're going to have an IRC meeting starting at 11:30 CET (9:30 UTC) on #openvpn-meeting irc.freenode.net. You do not have to be logged in to Freenode to join the channel. Current topic list along with basic information is here:

Re: [Openvpn-devel] tap-windows6 and AppVeyor

I chose the EWDK thinking it would actually be easier for CI because it was so similar to the Win7 DDK, but from what you are saying I was wrong (at least for AppVeyor). Are you interested converting buildtap.py to use VS2017+WDK instead of the EWDK? I'm happy to do it, but I won't get to it

[Openvpn-devel] [PATCH] Add MTU to Android IFCONFIG6 control command

Since OpenVPN nows supports IPv6 only connections, OpenVPN for Android cannot longer rely on IFCONFIG to send the MTU. Add sending the MTU to IFCONFIG6 too. --- src/openvpn/tun.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c index

[Openvpn-devel] [PATCH v2] Make up/down script errors not FATAL

From: Selva Nair Treat the error as not FATAL only if its triggered due to script_security < SSEC_SCRIPTS. This helps user interfaces enforce a safer script-security setting without causing a FATAL error. Signed-off-by: Selva Nair --- v2 changes: - Have script errors continue to trigger a

Re: [Openvpn-devel] [PATCH] Implement parsing and sending INFO and INFO_PRE control messages

Hi, On Tue, Jul 03, 2018 at 04:47:55PM +0200, Arne Schwabe wrote: > OpenVPN 3 implements these messages to send information during the > authentication to the UI, implement these message also in OpenVPN 2.x Feature-Questionmark :-) Is there any documentation about this? What sort of messages

[Openvpn-devel] [PATCH v4] Implement block-ipv6

This can be used to redirect all IPv6 traffic to the tun interface, effectively black holing the IPv6 traffic. Without ICMPv6 error messages this will result in timeouts when the server does not send error codes. block-ipv6 allows client side only blocking on all platforms that OpenVPN supports

[Openvpn-devel] [PATCH] Implement parsing and sending INFO and INFO_PRE control messages

OpenVPN 3 implements these messages to send information during the authentication to the UI, implement these message also in OpenVPN 2.x --- src/openvpn/forward.c | 8 src/openvpn/push.c| 29 + src/openvpn/push.h| 2 ++ 3 files changed, 39

Re: [Openvpn-devel] [PATCH v3] Implement block-ipv6

>> +} >> +if (c->c2.buf.len > 0) >> +{ > > is this related to the ipv6 change? If so, how? To drop packet OpenVPN generally sets the buf len to zero. Since we now also drop packets that would normally go from client to server, I added the check here so these packets can be

Re: [Openvpn-devel] [PATCH] Make up/down script errors not FATAL

Hi, On Tue, Jul 3, 2018 at 3:09 AM, Gert Doering wrote: > Hi, > > On Mon, Jul 02, 2018 at 11:13:01PM -0400, Jonathan K. Bullard wrote: > > My initial reaction is that I'd rather a problem in the up/down > > scripts generates a fatal error, so if there's a problem in the > > Tunnelblick scripts

Re: [Openvpn-devel] tap-windows6 and AppVeyor

Hi, I was dismissed by the AppVeyor about an image preinstalled with EWDK request. They explained I can use their build cache to maintain a local EWDK copy. Unfortunately, the build cache is account-specific, meaning every user trying to run its own fork (including OpenVPN for upstream) will

Re: [Openvpn-devel] [PATCH v3 1/2] crypto: always reload tls-auth/crypt key contexts

Hi, On 27/06/18 09:50, Antonio Quartulli wrote: > Hi, > > On 27/06/18 05:33, David Sommerseth wrote: >> On 05/06/18 10:14, Antonio Quartulli wrote: >>> In preparation to having tls-auth/crypt keys per connection >>> block, it is important to ensure that such material is always >>> reloaded upon

Re: [Openvpn-devel] [PATCH] Make up/down script errors not FATAL

Hi, On 03/07/18 16:23, David Sommerseth wrote: > TL;DR: Reduce the possibility to run scripts to an absolute minimum (if at > all). If having this possibility run them with as few privileges as possible, > and scripts to run is preferred to be configured outside of the OpenVPN > configuration

Re: [Openvpn-devel] [PATCH] Make up/down script errors not FATAL

On 03/07/18 09:49, Selva Nair wrote: > Hi Jon, > > On Mon, Jul 2, 2018 at 11:13 PM, Jonathan K. Bullard > wrote: >> Hi. >> >> On Mon, Jul 2, 2018 at 9:24 PM, > wrote: >>> >>> From: Selva Nair mailto:selva.n...@gmail.com>> >>> >>> Instead

Re: [Openvpn-devel] [PATCH] Make up/down script errors not FATAL

Hi, On Mon, Jul 02, 2018 at 11:13:01PM -0400, Jonathan K. Bullard wrote: > My initial reaction is that I'd rather a problem in the up/down > scripts generates a fatal error, so if there's a problem in the > Tunnelblick scripts somebody will report it. In my experience, almost > nobody pays

Re: [Openvpn-devel] [PATCH] Make up/down script errors not FATAL

Hi Jon, On Mon, Jul 2, 2018 at 11:13 PM, Jonathan K. Bullard wrote: > Hi. > > On Mon, Jul 2, 2018 at 9:24 PM, wrote: >> >> From: Selva Nair >> >> Instead log only a warning. >> >> This helps user interfaces enforce a safer script-security setting >> without causing a FATAL error. > > > Can you