From: Selva Nair
For PSS padding, CNG requires the digest to be signed
and the digest algorithm in use, which are not accessible
via the rsa_sign and rsa_priv_enc callbacks of OpenSSL.
This patch uses the EVP_KEY interface to hook to
evp_pkey_sign callback if OpenSSL version is > 1.1.0.
To t
On Wed, Jan 30, 2019 at 8:09 AM Arne Schwabe wrote:
> Am 23.01.19 um 18:48 schrieb selva.n...@gmail.com:
> > From: Selva Nair
> >
> > For PSS padding, CNG requires the digest to be signed
> > and the digest algorithm in use, which are not accessible
> >
with openssl 1.1.1. That said, we could continue shipping
2.4.x for Windows built against OpenSSL 1.1.0, so I'm fine with no PSS (and
hence no OpenSSL 1.1.1) support in 2.4.
Selva
On Wed, Jan 23, 2019 at 2:08 PM Gert Doering wrote:
> Your patch has been applied to the master branch.
>
>
From: Selva Nair
For PSS padding, CNG requires the digest to be signed
and the digest algorithm in use, which are not accessible
via the rsa_sign and rsa_priv_enc callbacks of OpenSSL.
This patch uses the EVP_KEY interface to hook to
evp_pkey_sign callback if OpenSSL version is > 1.1.0.
To t
uld
> not worry about here.
>
> Apart from the minor issues this gets an ACK from me.
>
Thanks for taking time to review this. All good comments and v2 is in the
next mail.
Selva
___
Openvpn-devel mailing list
Openvpn-devel@
From: Selva Nair
This allows the Windows GUI to use these options on the command
line without triggering user authorization errors.
Useful for
(i) ignoring certain pushed options such as "route-method" which
could otherwise bypass the interactive service
(ii) enforcing a safer scrip
Hi,
On Wed, Dec 19, 2018 at 5:00 PM Gert Doering wrote:
>
> Hi,
>
> On Wed, Dec 19, 2018 at 04:48:49PM -0500, Selva Nair wrote:
> > It seems I'm behind times and cant figure out where these patches apply. Are
> > these for openvpn, openvpn-build or something else?
>
inates the need to execute FindSystemInfo in both sequences.
> ---
> src/openvpnmsica/openvpnmsica.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
It seems I'm behind times and cant figure out where these patches apply. Are
these for openvpn, openvpn-build or somethi
From: Selva Nair
Also add a function to map OpenSSL padding identifier to
corresponding CNG constant.
This is to help add support for additional padding
types: only refactoring, no functional changes.
Signed-off-by: Selva Nair
---
src/openvpn/cryptoapi.c | 120
irrespectable tls min/max version.
>
Aha, I missed that. Still I really do not understand the need for erroring
here
instead of when prompting for PK_SIGN based on client version.
Much simpler.
Selva
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Somehow this didn't get copied to the list
-- Forwarded message -
From: Selva Nair
Date: Wed, Nov 14, 2018 at 11:06 AM
Subject: Re: [Openvpn-devel] [PATCH v5 2/2] Add support for OpenSSL TLS 1.3
when using management-external-key
To: Arne Schwabe
Hi,
On Wed, Nov 14, 2018
_query_pk_sig(management, in_b64,
> + get_sig_padding_name(padding));
Then that would be just padding or sign_alg
>
> }
> if (out_b64)
> {
> @@ -1110,18 +1132,19 @@ get_sig_from_man(const unsigned
>
Not so fast, likely its my stupidity to push for this.
>
> On 05-10-18 17:30, Selva Nair wrote:
> > On Fri, Oct 5, 2018 at 5:44 AM Steffan Karger > <mailto:stef...@karger.me>> wrote:
> >
> > Hi,
> >
> > On 13-07-18 16:16, selva.n...@gma
From: Selva Nair
commit bf97c00f7dba441b504881f38e40afcbb610a39f moved
the generic openvpn_execve() to run_command.c and made it static.
But the Windows version is still in win32.c and is called from
run_command.c
Fix by declaring the function in win32.h
Signed-off-by: Selva Nair
Hi,
On Wed, Oct 24, 2018 at 9:00 AM David Sommerseth
wrote:
>
> On 24/10/18 14:39, Selva Nair wrote:
> > On Wed, Oct 24, 2018 at 6:23 AM Antonio Quartulli wrote:
> >>
> >> Hi,
> >>
> >
> >
> > Also there is a misplac
comment added to
buffer.c that says
+/* vswprintf is missing in OpenBSD 4.2 */
len = vswprintf(str, size, format, arglist);
Makes little sense in that context and why 4.2..
That one could be removed.
Otherwise an ACK from me too.
Selva
__
On Tue, Oct 23, 2018 at 6:37 PM Rostyslav Maryliak
wrote:
>
> Dear John and Selva,
>
> I've tried almost all advises I was able to find in Internet but still no
> luck.
> Also, I've tried to test this hacky tap-adapter from jkunkee. I was able to
> build the tapinstall itse
elessly break things").
Good point. We should never need (v)swprintf on non-windows
platforms as keeping strings in utf8 should be the preferred way.
Enclosing this inside #ifdef _WIN32 sounds good. My bad to be too
much fixated on Windows during review..
Selva
_
tr, size_t size, LPCTSTR
> format, va_list arglist
>
> BOOL openvpn_sntprintf(LPTSTR str, size_t size, LPCTSTR format, ...);
>
> +BOOL openvpn_swprintf(wchar_t *const str, const size_t size, const wchar_t
> *const format, ...);
> +
> DWORD GetOpenvpnSettings(settings_t
1 insertions(+), 16 deletions(-)
openvpn_swprintf in common.c has to be declared in one
of the headers (service.h?) too. Missing as of now.
Should have noticed in the last round...
Selva
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Hi,
On Thu, Oct 4, 2018 at 7:39 AM Lev Stipakov wrote:
>
> From: Lev Stipakov
>
> Every call to swprintf is followed by line which adds nul terminator. This
> patch
> introduces openvpn_swprintf() which guarantees nul termination for size > 0.
>
> Same approach as for snprintf /
Hi,
On Wed, Oct 17, 2018 at 6:00 AM Arne Schwabe wrote:
>
> Am 17.10.18 um 05:15 schrieb Selva Nair:
> > Hi,
> >
> > Not a review, but some thoughts:
> >
> > On Sun, Oct 7, 2018 at 5:59 PM Arne Schwabe wrote:
> >>
> >> For TLS 1
Hi,
On Wed, Oct 17, 2018 at 8:07 AM Gert Doering wrote:
> Hi,
>
> On Tue, Oct 16, 2018 at 05:48:29PM -0400, Selva Nair wrote:
> > Going through patchworks noticed this.
> >
> > Thankfully this never got committed so here goes a retraction.
> >
> > On
more logical way but since we only now that version very late,
> it would extra logic and complexity to deal with this asynchronous
> behaviour .
IMO, we should explore this further and try to avoid
--management-external-key-foo.
Selva
___
Openvpn
Hi,
Going through patchworks noticed this.
Thankfully this never got committed so here goes a retraction.
On Sun, Jan 21, 2018 at 1:45 PM Selva Nair wrote:
> Hi,
>
> I'm on a reviewing spree (doing my penance), so here goes..
>
> Thanks for the patch
>
> On Tue, Jan 9,
Replying to self :)
On Fri, Oct 12, 2018 at 12:24 PM Selva Nair wrote:
> Hi,
>
> My testing shows that OpenSSL 1.1.1 likes to use PSS even for TLS 1.2, so,
> even in the short-term, this can't be worked around by just disabling TLS
> 1.3.
>
> Now, for cryptoapicert, it
(does it?).
Any suggestions on what do we do?
Thanks,
Selva
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Hi,
On Sun, Oct 7, 2018 at 3:38 AM Gert Doering wrote:
> Hi,
>
> On Sun, Mar 04, 2018 at 12:44:02PM -0500, selva.n...@gmail.com wrote:
> > From: Selva Nair
> >
> > Openssl docs do not explicitly state these to be macros although they
> > are currently de
Hi,
Sorry I missed this patch cleaning up my mistake..
Gert has already reviewed and asked for this v2 so this may be redundant,
but fwiw:
On Mon, Oct 8, 2018 at 2:15 PM Lev Stipakov wrote:
> From: Lev Stipakov
>
> In function netsh_dns_cmd() it is possible to jump on a label and
> call
la_SOURCES = test.c
libtest_la_CFLAGS = --std=c99
Run autoreconf -iv; ./configure; make and will produce libtest.dll in
./.libs/
I believe all symbols are exported by default. Adding "-export-symbols
symbol-file"
may be an easy way to customize it.
Selva
___
Hi
On Tue, Oct 9, 2018 at 5:14 PM Selva Nair wrote:
>
>
> In fact the issue here is not the unary minus, but the unsigned to signed
> conversion. So when there is no scope for overflow all is good. If there is
> overflow, unsigned->signed conversion is ill-defined -
Hi,
More noise: a typo alert below:
On Tue, Oct 9, 2018 at 5:14 PM Selva Nair wrote:
> Hi
>
> On Tue, Oct 9, 2018 at 4:39 PM Steffan Karger wrote:
>
>> Hi,
>>
>> On 08-10-18 18:09, Lev Stipakov wrote:
>> > From: Lev Stipakov
>> >
>> >
ed operand to
its unsigned type, applying -, and converting back to the signed type".!!
So what the cast achieves is a an additional iteration of conversions which
gains nothing.
> I'm just not sure whether we should add casts, or stop using the 'hack'
> of supplying a negative value to frame_add_to_extra_frame. Maybe we
> should add a frame_remove_from_extra_frame function instead. What do you
> think?
>
If the logic could be changed that should be preferred.
Selva
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
k the superseded patches as such on patchwork so that
the newest versions stand out.
Thanks,
Selva
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
ild is its unlikely to work anymore -- there are
number of places we implicitly assume that TCHAR = WCHAR. So assuming
UNICODE is defined (and refusing to build otherwise) would be good.
Selva
___
Openvpn-devel mailing list
Openvpn-devel@
l as Windows 10 (doesn't it?)
such issues should show up on that platform too. Or are there some network
protocol improvements that are enabled only on server 2016?
Selva
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.source
From: Selva Nair
In case of TLS 1.2 signatures, the callback rsa_priv_enc() gets
the hash with the DigestInfo prepended. Signing this using
NCryptSignHash() with hash algorithm id set to NULL works in most cases.
But when using some hardware tokens, the data gets interpreted as the pre
TLS 1.2
t).
A patch for 2.4 follows -- same as for master except for the context of one
hunk.
Thanks,
Selva
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Hi,
On Fri, Oct 5, 2018 at 5:44 AM Steffan Karger wrote:
> Hi,
>
> On 13-07-18 16:16, selva.n...@gmail.com wrote:
> > From: Selva Nair
> >
> > The error is treated as a warning only if its triggered due
> > to script_security < SSEC_SCRIPTS.
> >
>
Hi,
On Fri, Oct 5, 2018 at 4:02 AM Rostyslav Maryliak <
rostyslav.maryl...@idealscorp.com> wrote:
> Dear Selva,
>
> I've got a similar results. Except the outbound network speed for win2016
> server.
> The bandwidth in clear is about 700 Mbits/sec in both directions and
ed.
Knuth's literate programming never caught on, did it..
Thanks for the ack and merge..
For 2.4, have to look through and figure out --- it has been a while..
Selva
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourc
flowing from Linux to Windows so not
the direction that you have problem with. Using -R switch in the opposite
direction works normally.
Selva
Selva
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Hi,
On Wed, Oct 3, 2018 at 1:24 PM Lev Stipakov wrote:
> From: Lev Stipakov
>
> Functions openvpn_vsntprintf and openvpn_sntprintf return
> values of type int, but in reality it is always 0 or 1 (and -1 for
> snrptinf), which can be represented as boolean.
>
> To make code clearer, change
all followed by
> something like
>
> > tmp[_countof(tmp)-1] = L'\0';
>
That must be me --- nul termination paranoia :) Cant blame, given none of
these x[n]printf variants
guarantee nul termination in spite of taking the buffer length as an input..
Selva
___
On Wed, Oct 3, 2018 at 12:05 PM David Sommerseth <
open...@sf.lists.topphemmelig.net> wrote:
> On 03/10/18 17:08, Selva Nair wrote:
> >
> >
> > To make code more clear, change return type to bool. Also
> > use stdbool.h header instead of bool definition m
argv);
>
> -int openvpn_vsntprintf(LPTSTR str, size_t size, LPCTSTR format, va_list
> arglist);
> +bool openvpn_vsntprintf(LPTSTR str, size_t size, LPCTSTR format, va_list
> arglist);
>
> -int openvpn_sntprintf(LPTSTR str, size_t size, LPCTSTR format, ...);
> +bool openvpn_sntprintf(LPTSTR str, size_t size, LPCTSTR format, ...);
>
> DWORD GetOpenvpnSettings(settings_t *s);
>
> --
> 2.7.4
>
Thanks,
Selva
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
From: Selva Nair
Move writing the message buffer to the interactive service pipe and
reading acknowledgement to a function.
A minor bug in open_tun where the ack data could be read even after
a communication error is fixed.
Signed-off-by: Selva Nair
---
src/openvpn/route.c | 6 +-
src
From: Selva Nair
Currently, if dhcp on the TAP interface is disabled, OpenVPN
on Windows tries to enable it using netsh but that succeeds only when
run with admin privileges.
When interactive service is available, delegate this task to the
service.
Trac #
Tested on Windows 7
Signed-off
From: Selva Nair
Currently, if dhcp on the TAP interface is disabled, OpenVPN
on Windows tries to enable it using netsh but that succeeds only when
run with admin privileges.
When interactive service is available, delegate this task to the
service.
Trac #
Tested on Windows 7
Signed-off
h a username and password are needed, not just a
> username or a password.
>
> * Clarify that an exit with a fatal error for a dynamic C/R will occur
> only if "--auth-retry none" (the default) is in effect.
>
> * Fix a typo. ("posesses" => "possesses").
&g
t.
I cannot reproduce this but the plugin was not able to handle an empty
challenge response. The patch sent to the list should fix that.
With that just pressing at the challenge prompt behaves as
expected (on unpack
From: Selva Nair
In the auth-pam plugin correctly parse the static challenge string
even when password or challenge response is empty.
Whether an empty user input is an error is determined by the PAM
conversation function depending on whether the PAM module queries
for it or not.
Signed-off
From: Selva Nair
This was missed in commit 6690769f78bbfb889fef2a54088d979896c87d51
that exported base64_encode and base64_decode() functions.
Also check the version is >= 5 in auth-pam plugin to ensure
that the base64_decode function pointer can be referenced.
Signed-off-by: Selva N
patch assumes a non-empty
password and response after base64 decode. Else it gives up on
unpacking and treats it as a regular password.
E.g., in auth-pamc.c (line 316)
n = plugin_base64_decode(resp, up->response, sizeof(up->response)-1);
if (n > 0)
I think we could and should accept e
t didn't decode it, because the second ':'
> was missing (if I put a blank in there, I get pass=mypin%20).
>
> Is this intentional? Should it be that way?
If you are constructing the SCRV1: line using a custom UI,
I would suggest to add the second colon. If using Windows-GUI or runni
ch
but we took
a year and some to get there :)
Let's bump the plugin struct version and add a check for it in this plugin.
Selva
--
Check out the vibrant tech community on one of the world's most
e
C:" indicates that the response
> +should be echoed.
>
> The management interface client in this case should add the static
> challenge text to the auth dialog followed by a field for the user to
> -enter a resp
Hi,
Now that the minor "fix" for plugin header seems settled, back to the
base64 export patch from David.
On Fri, May 5, 2017 at 5:46 PM, David Sommerseth wrote:
> This patch builds on the "Export secure_memzero() to plug-ins" patch and
> adds export of openvpn_base64_encode() and
HI
On Tue, Jul 31, 2018 at 3:07 AM, David Sommerseth
wrote:
> On 30/07/18 16:58, Selva Nair wrote:
>> Hi,
>>
>> On Mon, Jul 30, 2018 at 10:31 AM, Antonio Quartulli wrote:
>>> Hi,
>>>
>>> On 30/07/18 04:16, Selva Nair wrote:
&g
Hi,
On Mon, Jul 30, 2018 at 10:31 AM, Antonio Quartulli wrote:
> Hi,
>
> On 30/07/18 04:16, Selva Nair wrote:
>> Yes that's the base64 patch. What is stopping it is not the
>> disagreement on that patch but an "error" [*] in the plugin header
>> that
Hi,
On Sun, Jul 29, 2018 at 3:34 PM, Gert Doering wrote:
> Hi,
>
> On Tue, Jul 24, 2018 at 10:34:53PM -0400, selva.n...@gmail.com wrote:
>> From: Selva Nair
>>
>> If static challenge is in use, the password passed to the plugin by openvpn
>> is of the form &
Hi
>
> Thanks for the hint Selva. Indeed it looks like something DNS related.
> The primary wired network interface has 1 IPv4-listening DNS server
> (192.168.1.1, which uses 2 upstream IPv4-listening DNS server from the
> ISP). The tun device has 2 IPv4 listening DNS servers
which DNS server gets used when its "working" as expected and when its
"not working" would be relevant. Also whether block-outside-dns is in
use.
Selva
--
Check out the vibrant tech community on one of the
Hi,
On Wed, Jul 25, 2018 at 1:45 PM, Gert Doering wrote:
> Hi,
>
> On Wed, Jul 25, 2018 at 01:34:44PM -0400, Selva Nair wrote:
>> Do we have an experimental branch where we could add this so that we do
>> not lose track of it?
>
> If you tell me you want that and how
t more useful.
Do we have an experimental branch where we could add this so that we do
not lose track of it?
Selva
--
Check out the vibrant tech community on one of the world's most
engaging t
t, not disconnect and the entry does not
show whether its connected or not -- so this is a feature of very
dubious utility.
(iii) Communicating with the GUI using COPYDATA message (we support
connect, disconnect, status etc.) sho
From: Selva Nair
If static challenge is in use, the password passed to the plugin by openvpn
is of the form "SCRV1:base64-pass:base64-response". Parse this string to
separate it into password and response and use them to respond to queries
in the pam conversation function.
On
a problem) in that the
> first thing Tunnelblick sees over the management interface for the
> original connection is "ENTER PASSWORD:SUCCESS: password is correct"
> -- that comes even before ">INFO:OpenVPN Management Interface Version
> 1 -- type 'help' for more info", and long be
Hi,
On Sat, Jul 21, 2018 at 1:21 PM, Jonathan K. Bullard
wrote:
> Some, perhaps including Selva's $payingCustomer, may not want to use
> Tunnelblick betas or use OpenVPN 2.5 until it is released.
I missed this last time... Its Gert who has $$payingCustomer(s) :)
Hi,
On Sat, Jul 21, 2018 at 1:21 PM, Jonathan K. Bullard
wrote:
> Hi,
>
> On Thu, Jul 19, 2018 at 2:38 PM, Selva Nair wrote:
>> Jon: I have a server for testing static and dynamic challenge. If
>> interested I can send you a config. Or use access server with a free
Hi,
On Thu, Jul 19, 2018 at 1:52 PM, Gert Doering wrote:
> Hi,
>
> On Thu, Jul 19, 2018 at 11:43:17AM -0400, Jonathan K. Bullard wrote:
>> Thank you, Selva! (Now all I need to do is get it working!)
>
> Looking very much forward to see this happen :-)
>
> ($payingCusto
Hi,
On Thu, Jul 19, 2018 at 10:48 AM, Jonathan K. Bullard
wrote:
> Thank you very much, Selva.
>
> On Wed, Jul 18, 2018 at 10:48 PM, Selva Nair wrote:
>
>> There are two messages involved:
>>
>> 1. First comes the fake auth failure message which contains the
&
construct the CRV1 "password" reply:
template = "password \"Auth\" \"CRV1::%s::%s\""
and pass the result though an escape processor before writing to the
management socket. Alternatively you can use single quotes to enclose
the 'THE_PASSWORD'.
Selva
From: Selva Nair
The error is treated as a warning only if its triggered due
to script_security < SSEC_SCRIPTS.
This helps user interfaces enforce a safer script-security setting
without causing a FATAL error.
Signed-off-by: Selva Nair
---
v3 changes:
- script_security --> script_se
Hi,
Copying the devel list as a reminder that "we" have been asking for this
change for a long time :)
On Fri, Jul 6, 2018 at 2:48 PM, Gert Doering
wrote:
> Hi,
>
> On Fri, Jul 06, 2018 at 08:25:02AM -0700, Selva Nair wrote:
> > Can we do something about this in open
th minimal code for
starting openvpn (spawning it with minimal privileges). But in that
case wont it be
better to implement the Pre-Logon_access-Provider (PLAP) interface
which appears to be
meant for such purposes?
Selva
--
From: Selva Nair
Treat the error as not FATAL only if its triggered due
to script_security < SSEC_SCRIPTS.
This helps user interfaces enforce a safer script-security setting
without causing a FATAL error.
Signed-off-by: Selva Nair
---
v2 changes:
- Have script errors continue to trig
r.
>
> The difference is that today, if you have --script-security 1 and a --up
> config, that combination will cause an error, while after the change, this
> will only cause a warning.
>
> Selva, did I read that correctly?
>
Unfortunately no. This patch will trigger only a
Hi Jon,
On Mon, Jul 2, 2018 at 11:13 PM, Jonathan K. Bullard
wrote:
> Hi.
>
> On Mon, Jul 2, 2018 at 9:24 PM, wrote:
>>
>> From: Selva Nair
>>
>> Instead log only a warning.
>>
>> This helps user interfaces enforce a safer script-security setting
&g
From: Selva Nair
Instead log only a warning.
This helps user interfaces enforce a safer script-security setting
without causing a FATAL error.
Signed-off-by: Selva Nair
---
Note: All other scripts are called with flag = 0 and will only
trigger a warning message if openvpn_execve fails.
src
rvice so the service should be running ---
but that's the default. And, when the GUI is started as a limited user it
will warn if the service is stopped. So not sure, why its not working for
you. Client logs may hold some clues.
Cheers,
Selva
-
> +assert_string_equal(output, "[" PATH1 PATH2 "] [" PARAM1 "] [" PARAM2
> "]"
> + " [-1] [4294967295] [1]");
> argv_reset();
> gc_free();
>
ACK otherwise.
Good luck with the gam
rint "1", so we know "%lu works and prints its
> argument nicely"?
>
That should be enough, but we could get fancy and use -1L and compare
the result against sprintf(str, "%lu", -1L)
Selva
--
Hi,
On Fri, Jun 22, 2018 at 10:07 PM, Antonio Quartulli wrote:
> Hi,
>
> On 23/06/18 02:27, Gert Doering wrote:
>> Hi,
>>
>> On Fri, Jun 22, 2018 at 02:12:24PM -0400, Selva Nair wrote:
>>> My tap adapter has a link local address (169.254.98.86) on it possibl
On Fri, Jun 22, 2018 at 2:27 PM, Gert Doering wrote:
> Hi,
>
> On Fri, Jun 22, 2018 at 02:12:24PM -0400, Selva Nair wrote:
>> My tap adapter has a link local address (169.254.98.86) on it possibly due
>> to a previous dhcp failure. May be I need to get rid of that (how?) to
AY fe80::2d0:b7ff:febe:d8bc I=15
Again, no assert.
Possibly you have some v4 route that triggers the assert, but I can't
figure which.
Or are you testing using a v6 only server -- even if so, its not clear how
that would
matter.
My tap adapter has a link local address (169.254.98.86)
Hi,
On Fri, Jun 22, 2018 at 10:48 AM, Antonio Quartulli wrote:
> Hi,
>
> On 22/06/18 22:45, Selva Nair wrote:
> [cut]
> >> --- a/src/openvpn/route.c
> >> +++ b/src/openvpn/route.c
> >> @@ -1616,7 +1616,7 @@ add_route(struct route_ipv4 *r, const stru
https://patchwork.openvpn.net/patch/234/#463), so I suggest either
cast to (unsigned) which we know is safe here, or add "%lu" to
argv_printf_arglist().
I would prefer the latter as its easy to overlook the fact that
argv_printf_cat() can't handle %lu which is commonly used
on Wi
pied it over the original but that edit disappeared
last week (server crash?), and now on copying it back once again, the
rst processor seems to misbehave.
Hence this email chain hoping Samuli will be able to provide some
insight as
Hi,
On Mon, Jun 18, 2018 at 1:10 PM, tincanteksup
wrote:
> Hi Selva,
>
> just a note that:
>
>
> - ``--up`` scripts are run by openvpn.exe itself, which is running as user
> *joe*, all privileges are nicely in place.
>
> - Scripts run by the GUI will run as user *jo
On Tue, Jun 12, 2018 at 12:39 PM, Selva Nair wrote:
> Hi,
>
>
>>> However, Trac supports RST natively:
>>>
>>> {{{#!rst
>>> RST-formatted contents go in here
>>> }}}
>>>
>>
>>> For details see
>>&g
Hi,
On Mon, Jun 11, 2018 at 11:32 AM, Selva Nair wrote:
> Hi
>
> On Mon, Jun 11, 2018 at 2:49 AM, Samuli Seppänen
> wrote:
>
>> Hi,
>>
>> Trac has its own Wiki syntax which is somewhat similar to Mediawiki, but
>> not at all the same.
>>
>>
es not show the end results but raw RST.
> This seems to be a feature/bug of Trac WikiProcessors in general.
>
Thanks for tip. I've now updated the original page by embedding the rst
content as {{{#!rst }}}.
https://community.openvpn.net/openvpn/wiki/OpenVPNInteractiveService
Selva
-
(using pandoc) with
some manual edits. See the working copy here:
https://community.openvpn.net/openvpn/wiki/OpenVPNInteractiveService-v2
But that still needs a lot more further manual changes. Is there a
less painful way of converting rst to the wiki format in use here?
Thanks,
Selva
onfiguration, and non-default instance installation.
> ---
> Thank you Selva for your review.
>
> Changes from [PATCH v4]:
>
> 1. git mv doc/interactive-service-notes.txt doc/interactive-service-notes.rst
> 2. The section headings were restyled
> 3. Selva's remark on openvpn.ex
Hi,
On Fri, Jun 8, 2018 at 10:01 AM Gert Doering wrote:
>
> Hi,
>
> On Tue, Jun 05, 2018 at 04:06:10PM -0400, selva.n...@gmail.com wrote:
> > From: Selva Nair
> >
> > M_DEBUG only indicates the type of the message and will print even
> > at verb 0. Use D_LOW
ushed) which is not the same as v4 is disabled.
Anyway, I'll leave it at that.
Selva
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Hi,
On Thu, Jun 7, 2018 at 1:29 PM Antonio Quartulli wrote:
> On 08/06/18 01:05, Selva Nair wrote:
> > Hi,
> >
> > On Thu, Jun 7, 2018 at 12:57 PM, Gert Doering
> wrote:
> >> Hi,
> >>
> >> On Thu, Jun 07, 2018 at 12:14:51PM -0400, Selva
Hi,
On Thu, Jun 7, 2018 at 12:57 PM, Gert Doering wrote:
> Hi,
>
> On Thu, Jun 07, 2018 at 12:14:51PM -0400, Selva Nair wrote:
>> Note: All that said, I can't seem to connect to the server via ipv6
>> when there is no v4 address. tracert fails before the first hop.
>>
t;
> you are the master of the log levels, therefore I'll just follow your
> suggestion, unless somebody else objects.
Personally I do not like M_WARN|M_INFO but that's the best I can think
of to get the warning tag and print only if verb > 0
601 - 700 of 1409 matches
Mail list logo