[Openvpn-devel] [PATCH] openvpnserv: Cache last error before it is overridden

FormatMessage() sets the last error according to its own success. This looses the original error code leading to mismatched error message and error number when sprintfted together resulting in confusing event log message. Signed-off-by: Simon Rozman --- src/openvpnserv/common.c | 6 -- 1

[Openvpn-devel] [PATCH v2 4/5] tapctl: Resolve MSVC C4996 warnings

Signed-off-by: Simon Rozman --- src/tapctl/tap.c | 11 ++- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/src/tapctl/tap.c b/src/tapctl/tap.c index dd4a10a3..563c07f6 100644 --- a/src/tapctl/tap.c +++ b/src/tapctl/tap.c @@ -2,7 +2,7 @@ * tapctl -- Utility to manipula

Re: [Openvpn-devel] [PATCH 1/5] MSVC: Disable LZ4

Hi, > > Commit 24596b25 ("build: Remove compat-lz4") removed lz4 compat layer, > > but openvpn-build\msvc doesn't provide LZ4 library either. > > What would be needed to actually *build* with LZ4 on MSVC? That is, > build it as prerequisite as LZO is built? > > The idea wasn't to remove LZ4

Re: [Openvpn-devel] [PATCH 4/5] tapctl: Resolve MSVC C4996 warnings

Hi, > > -73,14 +73,13 @@ find_function(const WCHAR *libname, const char > *funcname, HMODULE *m) > > return NULL; > > } > > > > -size_t len = _countof(libpath) - wcslen(libpath) - 1; > > -if (len < wcslen(libname) + 1) > > +if (wcslen(libpath) + 1 /*\*/ + wcslen(libname)

[Openvpn-devel] [PATCH 3/5] interactive.c: Resolve MSVC C4996 warning

/cpp/c-runtime-library/reference/strdup-wcsdup Signed-off-by: Simon Rozman --- src/openvpnserv/interactive.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/openvpnserv/interactive.c b/src/openvpnserv/interactive.c index 5d5cbfe6..b073a0d5 100644 --- a/src/openvpns

[Openvpn-devel] [PATCH 1/5] MSVC: Disable LZ4

Commit 24596b25 ("build: Remove compat-lz4") removed lz4 compat layer, but openvpn-build\msvc doesn't provide LZ4 library either. Signed-off-by: Simon Rozman --- config-msvc.h | 1 - 1 file changed, 1 deletion(-) diff --git a/config-msvc.h b/config-msvc.h index e430ca96..53d97

[Openvpn-devel] [PATCH 4/5] tapctl: Resolve MSVC C4996 warnings

Signed-off-by: Simon Rozman --- src/tapctl/tap.c | 9 - 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/src/tapctl/tap.c b/src/tapctl/tap.c index dd4a10a3..3f76c43a 100644 --- a/src/tapctl/tap.c +++ b/src/tapctl/tap.c @@ -2,7 +2,7 @@ * tapctl -- Utility to manipulate TUN/TA

[Openvpn-devel] [PATCH 2/5] tun.c: Remove dead code

Signed-off-by: Simon Rozman --- src/openvpn/tun.c | 34 -- 1 file changed, 34 deletions(-) diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c index 6c51a52d..6b7c8ef1 100644 --- a/src/openvpn/tun.c +++ b/src/openvpn/tun.c @@ -85,8 +85,6 @@ static void

[Openvpn-devel] [PATCH 5/5] iservice: Resolve MSVC C4996 warnings

Signed-off-by: Simon Rozman --- src/openvpnserv/automatic.c | 8 src/openvpnserv/common.c | 4 ++-- src/openvpnserv/interactive.c | 2 +- src/openvpnserv/service.c | 4 ++-- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/src/openvpnserv/automatic.c b/src/openvpnserv/a

[Openvpn-devel] [PATCH] openvpnmsica: Skip legacy TAP-Windows6 adapters from evaluation

-by: Simon Rozman --- src/openvpnmsica/openvpnmsica.c | 13 src/tapctl/tap.c| 37 + src/tapctl/tap.h| 3 +++ 3 files changed, 49 insertions(+), 4 deletions(-) diff --git a/src/openvpnmsica/openvpnmsica.c b/src/openvpnmsica

[Openvpn-devel] [PATCH 2/3] netsh: Clear existing IPv6 DNS servers before configuring new ones

When there are no IPv6 DNS published, the adapter state is not sanitized and might contain IPv6 DNS server from a previous session. netsh_ifconfig_options() clears DNS servers for IPv4 already. Signed-off-by: Simon Rozman --- src/openvpn/tun.c | 8 +++- 1 file changed, 7 insertions(+), 1

[Openvpn-devel] [PATCH] openvpnmsica: Simplify find_adapters() to void return

As the find_adapters() failure is not critical and FindSystemInfo() should continue regardless, the find_adapters() has been simplified not to return result code. It still logs any error thou. Signed-off-by: Simon Rozman --- src/openvpnmsica/openvpnmsica.c | 7 +++ 1 file changed, 3

[Openvpn-devel] [PATCH 1/3] netsh: Specify interfaces by index rather than name

This is more efficient and less error prone. Signed-off-by: Simon Rozman --- src/openvpn/route.c | 26 +++--- src/openvpn/tun.c | 88 + 2 files changed, 53 insertions(+), 61 deletions(-) diff --git a/src/openvpn/route.c b/src/openvpn

[Openvpn-devel] [PATCH 3/3] netsh: Delete WINS servers on TUN close

Signed-off-by: Simon Rozman --- src/openvpn/tun.c | 10 ++ 1 file changed, 10 insertions(+) diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c index b1cd7a1b..80ae6958 100644 --- a/src/openvpn/tun.c +++ b/src/openvpn/tun.c @@ -6706,6 +6706,16 @@ netsh_delete_address_dns(const struct

Re: [Openvpn-devel] [PATCH v2] openvpnmsica: make adapter renaming non-fatal

, tested it. Although I could not create a phantom TUN adapter to reproduce the issue. Renaming "Ethernet" adapter to "OpenVPN TAP-Windows6" and trying to install MSI next displayed an error in evaluation phase that a foreign adapter with the same name already exists - which is expected. This patch is about solving the situation when: 1. There are no apparent TAP-Windows6 or Wintun adapters present => installation decides to create one. 2. Once adapter is created, the renaming to the desired name fails (as if the name is already taken). I agree with everybody that having a consistently named adapter after initial setup is nice, but not that essential to make the installation fail. So... Acked-by: Simon Rozman Regards, Simon ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] openvpnmsica: remove adapter renaming

Hi, Adapter name already is configurable in openvpn-build/windows-msi/msi.wxs: https://github.com/Amebis/openvpn-build/blob/5f5ba807de2bad50d01a5b08dfc6fad98ee41213/windows-msi/msi.wxs#L1300 Regards, Simon From: Selva Nair Sent: Wednesday, September 2, 2020 3:12 PM To: Lev Stipakov Cc: Lev

Re: [Openvpn-devel] [PATCH] tap.c: fix adapter renaming

m. Ack. 2. I've tested `netsh interface set interface` to ignore case when selecting adapter. Ack. 3. I've tested `netsh interface set interface` to work when renaming adapter back to the original name. Ack. Reviewed the code, compiled, debugged, tested. Acked-by: Simon Rozman Regards, Simon _

Re: [Openvpn-devel] [PATCH 11/12] openvpnmsica: Merge FindTUNTAPAdapters into FindSystemInfo

all is ignored on purpose. Regards, Simon -Original Message- From: Lev Stipakov Date: Tuesday, 24 March 2020 at 13:07 To: Simon Rozman Cc: "openvpn-devel@lists.sourceforge.net" Subject: Re: [Openvpn-devel] [PATCH 11/12] openvpnmsica: Merge FindTUNTAPAdapters into FindSyste

[Openvpn-devel] [PATCH v2 2/2] tun.c: revise the IPv4 ifconfig flow on Windows

--ip-win32 ipapi now. - close_tun() the cleanup has been revised to match the ifconfig workflow in reverse. Signed-off-by: Simon Rozman --- src/openvpn/options.c | 5 +- src/openvpn/tun.c | 130 ++ 2 files changed, 70 insertions(+), 65 deletions

Re: [Openvpn-devel] [PATCH 2/2] tun.c: revise the IPv4 ifconfig flow on Windows

Hi, > A few questions: > > > This also fixes an issue with --windows-driver wintun overriding > > --ip-win32 manual, the later being perfectly fine choice for Wintun > too. > > We do still have code which forces netsh for wintun: > > if (options->windows_driver == WINDOWS_DRIVER_WINTUN)

Re: [Openvpn-devel] [PATCH] tun.c: fix "use after free" error

Nice catch, Lev. The patch indeed fixes an UAC. Compiled and tested it with MSVC. Acked-by: Simon Rozman Regards, Simon > -Original Message- > From: Lev Stipakov > Sent: Thursday, March 12, 2020 7:08 AM > To: openvpn-devel@lists.sourceforge.net > Cc: Lev Stipakov >

[Openvpn-devel] [PATCH v2 12/12] tapctl: Support multiple hardware IDs

ardware IDs. Signed-off-by: Simon Rozman --- src/openvpnmsica/openvpnmsica.c | 43 ++--- src/tapctl/main.c | 24 +++--- src/tapctl/tap.c| 21 src/tapctl/tap.h| 8 +++--- 4 files changed,

[Openvpn-devel] [PATCH 1/2] tun.c: reorder IPv6 ifconfig on Windows

been changed to match reverse order of ifconfig. An additional check was added to skip the cleanup when --ip-win32 is set to manual. Signed-off-by: Simon Rozman --- src/openvpn/tun.c | 51 +-- 1 file changed, 27 insertions(+), 24 deletions(-) diff

[Openvpn-devel] [PATCH 2/2] tun.c: revise the IPv4 ifconfig flow on Windows

now. - close_tun() the cleanup has been revised to match the ifconfig workflow in reverse. Signed-off-by: Simon Rozman --- src/openvpn/tun.c | 127 -- 1 file changed, 65 insertions(+), 62 deletions(-) diff --git a/src/openvpn/tun.c b/src/openvpn/t

Re: [Openvpn-devel] [PATCH] wintun: upgrade error message in case of ring registration failure

To: Simon Rozman Cc: openvpn-devel Subject: Re: [Openvpn-devel] [PATCH] wintun: upgrade error message in case of ring registration failure Hi, -msg(M_NONFATAL, "Failed to register ring buffers: %lu", GetLastError()); +switch (Ge

[Openvpn-devel] [PATCH 11/12] openvpnmsica: Merge FindTUNTAPAdapters into FindSystemInfo

into TAPWINDOWS6ADAPTERS, ACTIVETAPWINDOWS6ADAPTERS, WINTUNADAPTERS and ACTIVEWINTUNADAPTERS to allow finer control. Signed-off-by: Simon Rozman --- src/openvpnmsica/openvpnmsica.c | 235 src/openvpnmsica/openvpnmsica.h | 26 ++-- 2 files changed, 125

[Openvpn-devel] [PATCH 08/12] openvpnmsica: "TAP" => "TUN/TAP"

stalling the OpenVPN? Internal variable names were simplified thou to omit the TUN/TAP referencing. Signed-off-by: Simon Rozman --- src/openvpnmsica/openvpnmsica.c | 156 src/openvpnmsica/openvpnmsica.h | 8 +- 2 files changed, 82 insertions(+), 82 deletions(

[Openvpn-devel] [PATCH 12/12] tapctl: Support multiple hardware IDs

ardware IDs. Signed-off-by: Simon Rozman --- src/openvpnmsica/openvpnmsica.c | 43 ++--- src/tapctl/main.c | 8 +++--- src/tapctl/tap.c| 21 src/tapctl/tap.h| 8 +++--- 4 files changed, 48 inserti

[Openvpn-devel] [PATCH 06/12] openvpnmsica: Simplify static function names

Signed-off-by: Simon Rozman --- src/openvpnmsica/openvpnmsica.c | 63 +++-- 1 file changed, 37 insertions(+), 26 deletions(-) diff --git a/src/openvpnmsica/openvpnmsica.c b/src/openvpnmsica/openvpnmsica.c index 4c186b13..749dce56 100644 --- a/src/openvpnmsica

[Openvpn-devel] [PATCH 07/12] openvpnmsica, tapctl: "interface" => "adapter"

nvpnmsica are all about managing network adapters on Windows computers, the terminology has been updated. Signed-off-by: Simon Rozman --- src/openvpnmsica/openvpnmsica.c | 366 src/openvpnmsica/openvpnmsica.h | 13 +- src/tapctl/main.c | 150 ++---

[Openvpn-devel] [PATCH 01/12] openvpnmsica: Remove required Windows driver certification detection

The MSI packages are switching to TAP-Windows6 and Wintun MSM modules to install the TAP/TUN driver. The MSM modules have built-in Windows version detection already. This commit is now-dead-code clean up with uncrustification. Signed-off-by: Simon Rozman --- src/openvpnmsica/openvpnmsica.c

[Openvpn-devel] [PATCH 04/12] tapctl: Add functions for enabling/disabling adapters

Signed-off-by: Simon Rozman --- src/tapctl/tap.c | 287 --- src/tapctl/tap.h | 28 + 2 files changed, 275 insertions(+), 40 deletions(-) diff --git a/src/tapctl/tap.c b/src/tapctl/tap.c index b8249919..576f6740 100644 --- a/src/tapctl/tap.c +++ b

[Openvpn-devel] [PATCH 05/12] openvpnmsica: Revise MSI custom actions interop

(C) 2018-2019 Simon Rozman +# Copyright (C) 2018-2020 Simon Rozman # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 @@ -48,7 +48,7 @@ endif libopenvpnmsica_la_SOURCES = \ dllmain.c

[Openvpn-devel] [PATCH 10/12] openvpnmsica, tapctl: Revise default hardware ID management

simplified to return all existing adapters when a NULL hardware ID is specified. Signed-off-by: Simon Rozman --- src/openvpnmsica/openvpnmsica.c | 16 ++-- src/tapctl/main.c | 14 ++-- src/tapctl/tap.c| 134 src/tapctl/tap.h

[Openvpn-devel] [PATCH 02/12] openvpnmsica: Fix TAPInterface.DisplayName field interpretation

envpnmsica.c @@ -2,7 +2,7 @@ * openvpnmsica -- Custom Action DLL to provide OpenVPN-specific support to MSI packages * https://community.openvpn.net/openvpn/wiki/OpenVPNMSICA * - * Copyright (C) 2018 Simon Rozman + * Copyright (C) 2018-2020 Simon Rozman * * This prog

[Openvpn-devel] [PATCH 09/12] openvpnmsica: Extend to support arbitrary HWID network adapters

Signed-off-by: Simon Rozman --- src/openvpnmsica/openvpnmsica.c | 73 ++--- 1 file changed, 49 insertions(+), 24 deletions(-) diff --git a/src/openvpnmsica/openvpnmsica.c b/src/openvpnmsica/openvpnmsica.c index 4223b680..cfbda8da 100644 --- a/src/openvpnmsica

[Openvpn-devel] [PATCH 03/12] tapctl: Update documentation

Signed-off-by: Simon Rozman --- src/tapctl/tap.c | 17 - src/tapctl/tap.h | 18 +- 2 files changed, 17 insertions(+), 18 deletions(-) diff --git a/src/tapctl/tap.c b/src/tapctl/tap.c index 464ce725..b8249919 100644 --- a/src/tapctl/tap.c +++ b/src/tapctl/tap.c

Re: [Openvpn-devel] [PATCH 1/2] Skip DNS address validation

Hi, My thoughts exactly: as Lev pointed out: https://github.com/rozmansi/openvpn/commit/6b746cb0bf72a75e9963cc1a037c18cfb 856702a Acked-by: Simon Rozman Domagoj, if it's not too much for you, maybe document the reason why DNS validation is so slow in the commit message. My wording went like

[Openvpn-devel] [PATCH] wintun: check for conflicting options

`--windows-driver wintun` requires `--dev tun`. This is now checked and documented. Signed-off-by: Simon Rozman --- doc/openvpn.8 | 4 src/openvpn/options.c | 7 ++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/doc/openvpn.8 b/doc/openvpn.8 index 8feb3b9c

[Openvpn-devel] [PATCH] wintun: upgrade error message in case of ring registration failure

Rather than have the Interactive Service return a custom 0x2004 (ERROR_REGISTER_RING_BUFFERS) error, return the true GetLastError() code that the TUN_IOCTL_REGISTER_RINGS provides. Signed-off-by: Simon Rozman --- src/openvpn/ring_buffer.h | 2 +- src/openvpn/tun.c | 18

[Openvpn-devel] [PATCH] tun.c: uncrustify

Signed-off-by: Simon Rozman --- src/openvpn/tun.c | 117 +++--- src/openvpn/tun.h | 8 ++-- 2 files changed, 63 insertions(+), 62 deletions(-) diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c index 070b0fa0..47c3088d 100644 --- a/src/openvpn/tun.c

[Openvpn-devel] [PATCH] tun.c: refactor driver detection and make it case-insensitive

Hardware IDs are case insensitive on Windows. Furthermore the driver detection logic has been made more explicit and easier to read. Signed-off-by: Simon Rozman --- src/openvpn/tun.c | 14 +++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/src/openvpn/tun.c b/src

[Openvpn-devel] [PATCH] wintun: refactor code to use enum driver type

Signed-off-by: Simon Rozman --- src/openvpn/forward.c | 4 +- src/openvpn/init.c| 2 +- src/openvpn/options.c | 16 +++ src/openvpn/options.h | 2 +- src/openvpn/tun.c | 108 -- src/openvpn/tun.h | 16 +-- 6 files changed, 75

Re: [Openvpn-devel] [PATCH] options.c: do not force route delay when not using DHCP

Code looks reasonable. Tested it. Acked-by: Simon Rozman Best regards, Simon > -Original Message- > From: Lev Stipakov > Sent: Thursday, December 19, 2019 2:30 PM > To: openvpn-devel@lists.sourceforge.net > Cc: Lev Stipakov > Subject: [Openvpn-devel] [PATCH] optio

[Openvpn-devel] [PATCH v3 6/7] wintun: stop sending TAP-Windows6 ioctls to NDIS device

as NDIS might react to one of these IOCTLs. Signed-off-by: Simon Rozman --- src/openvpn/error.c | 5 - src/openvpn/sig.c | 7 +-- src/openvpn/tun.c | 4 ++-- 3 files changed, 11 insertions(+), 5 deletions(-) diff --git a/src/openvpn/error.c b/src/openvpn/error.c index b2492f2b

[Openvpn-devel] [PATCH v3 4/7] wintun: register ring buffers when iterating adapters

Wintun adapters may be considered available if ring buffer registration succeeded. Therefore, we must attempt to register ring buffers when iterating adapters and continue on failure. Signed-off-by: Simon Rozman --- src/openvpn/tun.c | 111 +++--- 1 file

[Openvpn-devel] [PATCH v2 3/7] tun.c: make wintun_register_ring_buffer() non-fatal on failures

and which one is not. Therefore, a failure to register ring buffers should be detectable, but not M_FATAL. Signed-off-by: Simon Rozman --- src/openvpn/tun.c | 26 ++ 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c index

[Openvpn-devel] [PATCH v2 5/7] wintun: add support for --dev-node

Signed-off-by: Simon Rozman --- src/openvpn/tun.c | 38 -- 1 file changed, 20 insertions(+), 18 deletions(-) diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c index f56682ef..18f06bb6 100644 --- a/src/openvpn/tun.c +++ b/src/openvpn/tun.c @@ -6196,7 +6196,6

[Openvpn-devel] [PATCH v2 4/7] wintun: register ring buffers when iterating adapters

Wintun adapters may be considered available if ring buffer registration succeeded. Therefore, we must attempt to register ring buffers when iterating adapters and continue on failure. Signed-off-by: Simon Rozman --- src/openvpn/tun.c | 112 +++--- 1 file

[Openvpn-devel] [PATCH v2 6/7] wintun: stop sending TAP-Windows6 ioctls to NDIS device

as NDIS might react to one of these IOCTLs. Signed-off-by: Simon Rozman --- src/openvpn/tun.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c index 18f06bb6..6762402c 100644 --- a/src/openvpn/tun.c +++ b/src/openvpn/tun.c @@ -6412,7

[Openvpn-devel] [PATCH v2 7/7] tun.c: reword the at_least_one_tap_win() error

Signed-off-by: Simon Rozman --- src/openvpn/tun.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c index 6762402c..4e16f989 100644 --- a/src/openvpn/tun.c +++ b/src/openvpn/tun.c @@ -4031,7 +4031,7 @@ at_least_one_tap_win(const struct

[Openvpn-devel] [PATCH v2 2/7] tun.c: upgrade get_device_guid() to return the Windows driver type

Signed-off-by: Simon Rozman --- src/openvpn/tun.c | 17 + 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c index 0d6f40fe..f90f201d 100644 --- a/src/openvpn/tun.c +++ b/src/openvpn/tun.c @@ -4104,12 +4104,13

[Openvpn-devel] [PATCH 6/7] wintun: stop sending TAP-Windows6 ioctls to NDIS device

as NDIS might react to one of these IOCTLs. Signed-off-by: Simon Rozman --- src/openvpn/error.c | 5 - src/openvpn/forward.c | 2 +- src/openvpn/sig.c | 2 +- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/src/openvpn/error.c b/src/openvpn/error.c index b2492f2b..8d91a131

[Openvpn-devel] [PATCH 4/7] wintun: register ring buffers when iterating adapters

Wintun adapters may be considered available if ring buffer registration succeeded. Therefore, we must attempt to register ring buffers when iterating adapters and continue on failure. Signed-off-by: Simon Rozman --- src/openvpn/tun.c | 110 +++--- 1 file

[Openvpn-devel] [PATCH 2/7] tun.c: upgrade get_device_guid() to return the Windows driver type

Signed-off-by: Simon Rozman --- src/openvpn/tun.c | 15 --- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c index 053a8232..623ed37b 100644 --- a/src/openvpn/tun.c +++ b/src/openvpn/tun.c @@ -4110,6 +4110,7 @@ static const char

[Openvpn-devel] [PATCH 5/7] wintun: add support for --dev-node

Signed-off-by: Simon Rozman --- src/openvpn/tun.c | 38 -- 1 file changed, 20 insertions(+), 18 deletions(-) diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c index 9dc9b3a2..8508b9c0 100644 --- a/src/openvpn/tun.c +++ b/src/openvpn/tun.c @@ -6194,7 +6194,6

[Openvpn-devel] [PATCH 3/7] tun.c: make wintun_register_ring_buffer() non-fatal on failures

and which one is not. Therefore, a failure to register ring buffers should be detectable, but not M_FATAL. Signed-off-by: Simon Rozman --- src/openvpn/tun.c | 26 ++ 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c index

[Openvpn-devel] [PATCH 7/7] tun.c: reword the at_least_one_tap_win() error

Signed-off-by: Simon Rozman --- src/openvpn/tun.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c index 8508b9c0..14ff0259 100644 --- a/src/openvpn/tun.c +++ b/src/openvpn/tun.c @@ -4031,7 +4031,7 @@ at_least_one_tap_win(const struct

[Openvpn-devel] [PATCH 1/7] tun.c: make Windows device lookup functions more general

those functions (both static) were renamed to better reflect their nature. Signed-off-by: Simon Rozman --- src/openvpn/tun.c | 39 ++- 1 file changed, 22 insertions(+), 17 deletions(-) diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c index ad497a71..053a8232

[Openvpn-devel] [PATCH v2] wintun: set adapter properties via interactive service

be calculated from netmask Signed-off-by: Lev Stipakov Acked-by: Simon Rozman --- src/openvpn/route.c | 2 +- src/openvpn/route.h | 3 +- src/openvpn/tun.c | 75 +++-- 3 files changed, 61 insertions(+), 19 deletions(-) diff --git a/src/openvpn/route.c b/src

Re: [Openvpn-devel] [PATCH] tun.c: refactor open_tun() implementation

adding IPW32_SET_IPAPI support for Wintun, we shall add this pause back. Those were just my observations this is a tiny bit more than just a "refactor". BTW, the patch reindents some parts of the code (looks like editor's auto-format after copy). The indenting will be fixed in my follow

Re: [Openvpn-devel] [PATCH v5 5/7] wintun: interactive service support

Definitely an ack. We need this for Wintun and to drop that SYSTEM token hack. Acked-by: Simon Rozman Best regards, Simon > -Original Message- > From: Lev Stipakov > Sent: Tuesday, December 17, 2019 1:51 PM > To: openvpn-devel@lists.sourceforge.net > Cc: Lev Stip

Re: [Openvpn-devel] [PATCH v8 4/7] wintun: ring buffers based I/O

I have stare-reviewed the code, then run it back and forth with different config files. Works as advertised. Note that this patch contains controversial impersonate_as_system() which we will remove or #ifdef in the patches to follow. Acked-By: Simon Rozman Best regards, Simon > -Origi

Re: [Openvpn-devel] [PATCH v6 4/7] wintun: ring buffers based I/O

in README that "--windows-driver wintun" works with iservice only. (Or, if user is responsible to run openvpn.exe as SYSTEM user himself somehow.) Regards, Simon From: Lev Stipakov Sent: Tuesday, December 17, 2019 10:35 AM To: Selva Nair Cc: Simon Rozman ; Lev Stipakov ; ope

Re: [Openvpn-devel] [PATCH v6 4/7] wintun: ring buffers based I/O

Hi, > > I am running OpenVPN on Windows using NSSM wrapper for years. I had a > brief discussion on the Hackathon with Samuli about integrating SCM > support directly into openvpn.exe (imagine --daemon for Windows): > > > > sc create OpenVPN$MyTunnel binpath= "C:\Program > >

Re: [Openvpn-devel] [PATCH v6 4/7] wintun: ring buffers based I/O

Hi, >>> TLDR: >>> (i) stealing SYSTEM access from winlogon.exe is not a good thing to do >> >> >> This doesn't happen for the majority of use cases - only when iservice is >> not used. We also >> elevate only for the single DeviceIOControl call. > > I understand. But stealing access token

Re: [Openvpn-devel] [PATCH v2 3/7] wintun: implement opening wintun device

I know. The tap.c code needs an upgrade, not to evaluate all drivers, but just compatible drivers when creating a new adapter. This speeds things a lot. There's a flag that needs to be changed. Somewhere deep on my TODO lists. I would suggest against temporary adapters on Windows. This is OK

Re: [Openvpn-devel] [PATCH v2 3/7] wintun: implement opening wintun device

Hi, The Wintun doesn't create its own communication I/O device. Running a separate NdisRegisterDeviceEx() device came with a big can of worms, so we decided not to run our own, but rather piggy-back on the existing NDIS one from the NdisMRegisterMiniportDriver() that we tap on. Technically,

Re: [Openvpn-devel] OpenVPN 2.4.8 released

Hi, > > Is your computer perhaps behind in Windows updates? My hunch is that > > Digicert's latest root certificate is not availabe in the Windows > > certificate store and this causes the failure. > > > > Samuli > >thanks for the hint! but I don't know why uninstall/reinstall make > things

Re: [Openvpn-devel] [PATCH] travis: bump MSVC to 2019

Acked-by: Simon Rozman Best regards, Simon smime.p7s Description: S/MIME cryptographic signature ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH v2 7/7] wintun: clear adapter settings on tun close

Hi, > -Original Message- > From: Lev Stipakov [mailto:lstipa...@gmail.com] > Sent: Thursday, November 7, 2019 6:45 PM > To: openvpn-devel@lists.sourceforge.net > Cc: Lev Stipakov > Subject: [Openvpn-devel] [PATCH v2 7/7] wintun: clear adapter settings on tun > close > > } > +

Re: [Openvpn-devel] [PATCH v2 6/7] wintun: set adapter properties via interactive service

= AF_INET6 ? "IPv6" : "IPv4"); const char *ip_proto_name = family == AF_INET6 ? "IPv6" : "IPv4"; ... to avoid the strcpy(). The rest LGTM, so... Acked-by: Simon Rozman Best regards, Simon smime.p7s Description: S/MIME cryptographic signatur

Re: [Openvpn-devel] [PATCH v2 5/7] wintun: interactive service support

Hi, Acked-by: Simon Rozman Best regards, Simon smime.p7s Description: S/MIME cryptographic signature ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH v2 4/7] wintun: ring buffers based I/O

Hi, > -Original Message- > From: Lev Stipakov [mailto:lstipa...@gmail.com] > Sent: Thursday, November 7, 2019 6:45 PM > To: openvpn-devel@lists.sourceforge.net > Cc: Lev Stipakov > Subject: [Openvpn-devel] [PATCH v2 4/7] wintun: ring buffers based I/O > > diff --git

Re: [Openvpn-devel] [PATCH v2 3/7] wintun: implement opening wintun device

D_DEVCLASS_NET is declared in devguid.h, GUID_DEVINTERFACE_NET in ndisguid.h... No need to redefine them. However, while one could include those SDK files, one needs to add the appropriate .lib files too. It's not worth complicating for just a couple of GUIDs that will never ever change. So, ACK. The rest LGTM.

Re: [Openvpn-devel] [PATCH v2 1/7] Visual Studio: upgrade project files to VS2019

Acked-by: Simon Rozman Note, the OpenSSL and other dependencies should also be built using the same version of MSVC. Best regards, Simon -Original Message- From: Lev Stipakov [mailto:lstipa...@gmail.com] Sent: Thursday, November 7, 2019 6:45 PM To: openvpn-devel@lists.sourceforge.net

Re: [Openvpn-devel] [PATCH applied] Re: VLAN: add basic VLAN tagging support

I revoke this “master.c” idea. It makes incremental compiling ridiculously slow. It might work for production builds, but definitely not for development. Best regards, Simon From: Simon Rozman [mailto:si...@rozman.si] Sent: Thursday, November 7, 2019 2:06 PM To: 'Lev Stipakov' ; 'Gert

[Openvpn-devel] [PATCH] msvc: Add vlan.c/h

This upgrades 99f28081477ca325a14b13c38abec2c9b619eb01 to support MSVC building. Signed-off-by: Simon Rozman --- src/openvpn/openvpn.vcxproj | 2 ++ src/openvpn/openvpn.vcxproj.filters | 6 ++ 2 files changed, 8 insertions(+) diff --git a/src/openvpn/openvpn.vcxproj b/src/openvpn

Re: [Openvpn-devel] [PATCH applied] Re: VLAN: add basic VLAN tagging support

We could introduce a master.c file which would include: #include "argv.c" #include "auth_token.c" #include "base64.c" #include "block_dns.c" #include "buffer.c" . . . #include "status.c" #include "tls_crypt.c" #include "tun.c" #include "win32.c" And then have Makefile.ac and MSVC

Re: [Openvpn-devel] OpenVPN 2.4.8 released

Hi Ton, You can also use pnputil.exe (in an elevated command prompt) to check version, uninstall, and/or install TAP driver manually. The pnputil is a stock command line utility for driver management on all Windows. I advise you use pnputil to list all your installed TAP-Windows6 drivers -

Re: [Openvpn-devel] [PATCH v2] msvc: OpenSSL 1.1.x support

Hi, Unfortunately, I have no Visual Studio 2017 available any more. So, I had to upgrade the openvpn-build and openvpn to build with VS2019 first. Tested with OpenSSL 1.1.1d and this patch is indeed required to build openvpn.exe. Acked-by: Simon Rozman Best regards, Simon On 17.10.2019

Re: [Openvpn-devel] [PATCH] Visual Studio: make it easier to build with VS

OURCEBASE)\..\openvpn-build\msvc\image + PROOT> > $(OPENVPN_DEPROOT) > $(OPENVPN_DEPROOT) > $(OPENVPN_DEPROOT) > -- > 2.7.4 > > > > _______ > Openvpn-devel mailing list > Openvpn-devel@lists.sour

Re: [Openvpn-devel] [PATCH] tapctl: add optional "hardware id" parameter

Hi, LGTM Best regards, Simon > -Original Message- > From: Lev Stipakov > Sent: Monday, September 23, 2019 11:08 AM > To: openvpn-devel@lists.sourceforge.net > Subject: [Openvpn-devel] [PATCH] tapctl: add optional "hardware id" > parameter > > From: Lev Stipakov > > If parameter is

Re: [Openvpn-devel] Summary of the community meeting (20th June 2019)

Hi, I just got from vacation and struggling to catch up on things... > I got the Static Driver Verifier to run with help from Stephen. The > correct (command-line) procedure is now documented here: > > st> > > So it was

Re: [Openvpn-devel] Summary of the community meeting (20th June 2019)

(21:04:58) mattock: assuming Microsoft's systems are happy with the test submission package, that is (21:05:12) mattock: they _should_ be, but we have not tested submitting anything yes 1. Do the SDV and DVL to get tap901.DVL.xml. 2. Compile the driver and EV sign it. Save PDBs too. 3. Deploy

[Openvpn-devel] [PATCH] Add developer notes URL for openvpnmsica.dll

This patch follows Gert's recommendations from [openvpn-devel]. Signed-off-by: Simon Rozman Message-ID: <201901181957.x0ijvlq2003...@chekov.greenie.muc.de> --- src/openvpnmsica/dllmain.c | 1 + src/openvpnmsica/msica_op.c | 1 + src/openvpnmsica/msica_op.h | 1 + src/openvp

[Openvpn-devel] [PATCH] Limit tapctl.exe and openvpnmsica.dll to TAP-Windows6 adapters only

-devel]. Signed-off-by: Simon Rozman Message-ID: <20190120130813.gy...@greenie.muc.de> --- src/openvpnmsica/msica_op.c | 16 src/openvpnmsica/openvpnmsica.c | 69 +-- src/tapctl/main.c | 20 - src/tapctl/tap.c

[Openvpn-devel] [PATCH] Refactor OpenVPNService state detection code

. Signed-off-by: Simon Rozman Message-ID: <201901181944.x0ijiguv003...@chekov.greenie.muc.de> --- src/openvpnmsica/openvpnmsica.c | 59 + 1 file changed, 31 insertions(+), 28 deletions(-) diff --git a/src/openvpnmsica/openvpnmsica.c b/src/openvpnmsica/openvpnmsi

[Openvpn-devel] [PATCH] Add user manual and developer notes URL for tapctl.exe

This patch follows Gert's recommendations from [openvpn-devel]. Signed-off-by: Simon Rozman Message-ID: <20190117155829.ga92...@greenie.muc.de> --- src/tapctl/basic.h | 1 + src/tapctl/error.c | 1 + src/tapctl/error.h | 1 + src/tapctl/main.c | 1 + src/tapctl/tap.c | 1 + src/tapctl

[Openvpn-devel] [PATCH] Add NULL checks

were extended to check for NULL pointer arguments. This patch follows Gert's recommendations from [openvpn-devel]. Signed-off-by: Simon Rozman Message-ID: <20190117155829.ga92...@greenie.muc.de> --- src/openvpnmsica/dllmain.c | 23 ++--- src/openvpnmsica/msica_op.c

[Openvpn-devel] [PATCH] Disambiguate thread local storage references from TLS

Since OpenVPN is security software, "TLS" usually stands for Transport Layer Security. Furthermore, repetitive copy code was refactored using a macro. This patch follows Gert's recommendations from [openvpn-devel]. Signed-off-by: Simon Rozman Message-ID: <20190117155829.ga92...@g

Re: [Openvpn-devel] [PATCH applied] Re: Strip _stdcall suffixes (@nn) for 32-bit builds

Hi, > You really do not like this calling convention, do you? ;-) - learned > something new today, what "-Wl,--kill-at" does... (while the original > round of stdcall discussion was MSVC, here's the mingw variant) If I was importing this library into a C/C++ project, I wouldn't mind function

Re: [Openvpn-devel] [PATCH applied] Re: Extend FindSystemInfo custom action to detect OpenVPNService state

Hi, > +finish_QueryServiceStatusEx:; > + > +// Service is not started. Is it set to auto-start? > +// MSDN describes the maximum buffer size for QueryServiceConfig() > to be 8kB. > +// This is small enough to fit on stack. > > .. there shouldn't be a ";" after a label, and no C++

Re: [Openvpn-devel] [PATCH 5/5] Detect TAP interfaces with root-enumerated hardware ID

Hi, > On Tue, Oct 16, 2018 at 12:26:27PM +0200, Simon Rozman wrote: > > This patch extends the TAP interface enumerating to detect the TAP > > interfaces registered using "root\tap0901" hardware ID. Before, only > > TAP interfaces with legacy "tap0901&

Re: [Openvpn-devel] [PATCH applied] Re: Introduce tapctl.exe utility and openvpnmsica.dll MSI CA

Hi, > (I *have* glanced over the code to see that there isn't anything that > looks "suspicious" - and of course it does not modify openvpn code, so > there is no risk for introducing remote exploits, crypto breaches, etc.) > > I found a few things I'd like to see cleaned up eventually... Thank

Re: [Openvpn-devel] [Help required] Testing MSI installations

Hi, > However, there appears to be a problem .. > > https://paste.fedoraproject.org/paste/Ih2LYl0cR8YoKnI2lNwhcQ > > Part 1 is the client log *with* errors using the binary from your > installer 2.4.6-m4 dated 1/Jan/2019 The 2.4.6-m4 version is based on the current release/2.4

Re: [Openvpn-devel] [Help required] Testing MSI installations

Hi, > Action 06:41:08: FindTAPInterfaces. Searching for TAP interfaces Action > start 06:41:08: FindTAPInterfaces. > CustomAction FindTAPInterfaces returned actual error code 1154 (note > this may not be 100% accurate if translation happened inside sandbox) > Error 1723. There is a problem with

Re: [Openvpn-devel] [Help required] Testing MSI installations

Hi, > This may be a false alarm because Windows has decided this VM needs > "some" updates .. I'll update after the reboot dance. *yawn* Actually, setup should work with a vanilla non-updated Windows 7 too. Though we should encourage our users to run up-to-date Windows. Thank you very much for

Re: [Openvpn-devel] [Help required] Testing MSI installations

Hi, > > The %TEMP%/openvpn-install.log is: ... > I should mention I tested the .exe installer. You didn't need to. The MSI packages does not setup any logging to file by default. The EXE installer is the one who adds /l* %TEMP%/openvpn-install.log to the msiexec command line. The

Re: [Openvpn-devel] [Help required] Testing MSI installations

Hi, > Action 05:28:59: FindTAPInterfaces. Searching for TAP interfaces Action > start 05:28:59: FindTAPInterfaces. > CustomAction FindTAPInterfaces returned actual error code 1154 (note > this may not be 100% accurate if translation happened inside sandbox) error code 1154 = ERROR_INVALID_DLL

  1   2   3   >