Re: [Openvpn-devel] combined ndis5 + ndis6 installer ?

Il 02/12/2016 05:54, Илья Шипицин ha scritto: > unicode nsis is different from ansi nsis. for example, nsProcess needs > different dll. Ok. More research is needed to see what is involved, then. > and, unicode nsis is not shipped in most common Linux repo (you need to > install it separately).

Re: [Openvpn-devel] combined ndis5 + ndis6 installer ?

2016-12-01 16:40 GMT+05:00 Samuli Seppänen : > Hi, > > Il 30/11/2016 11:58, Илья Шипицин ha scritto: > >> >> >> (and, yes, I'm going to build multi-language installer, probably >> right >> after 2.4 release) >> >> >> This makes sense. Any plans on

[Openvpn-devel] fuzz testing by google ?

Hello, https://opensource.googleblog.com/2016/12/announcing-oss-fuzz-continuous-fuzzing.html Cheers, Ilya Shipitsin -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org!

Re: [Openvpn-devel] [PATCH v2 2/2] Refuse to daemonize when running from systemd

Gutted .. I have to step in here NOW and say that this did not work for me. I applied to the current (as of this email) git master: * Use systemd service manager notification * The patch below * No others. - then $ autoreconf -ivf $ ./configure --enable-systemd $ make # make uninstall #

Re: [Openvpn-devel] [PATCH applied] Refuse to daemonize when running from systemd

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ACK. A natural continuation of commit c5931897ae8d663e7e. Your patch has been applied to the master branch commit 7660bba111f739f9cc7017c392c1434f201b8c44 Author: Christian Hesse Date: Thu Dec 1 22:31:04 2016 +0100 Refuse to daemonize when

Re: [Openvpn-devel] [PATCH applied] Use systemd service manager notification

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ACK. Code looks good and does what it promises. This also improved the situation where OpenVPN needs username/passwords from the console. So this is indeed a far better solution. The patch got also fairly good testing on a relatively short time,

Re: [Openvpn-devel] [PATCH applied] Re: Do not restart dns client service as a part of --register-dns processing

Hi, On Thu, Dec 1, 2016 at 3:21 AM, Gert Doering wrote: > ACK, thanks. > > Code looks good, and test compiles. Have not test-run yet but do not > expect any surprises there. > > I have added a Changes.rst entry (someone *might* notice and wonder if > this was intentional

[Openvpn-devel] [PATCH v3 1/2] Use systemd service manager notification

From: Christian Hesse Notify systemd service manager when our initialization sequence completed. This helps ordering services as dependencies can rely on vpn being available. v2: Add curly brackets (and indention) to block the else-part, msg() call was non-conditional before.

[Openvpn-devel] [PATCH v2 2/2] Refuse to daemonize when running from systemd

From: Christian Hesse We start with systemd Type=notify, so refuse to daemonize. This does not affect starting openvpn from script or command line. v2: Update commit message about script and command line. Signed-off-by: Christian Hesse ---

Re: [Openvpn-devel] [PATCH 1/1] update year in copyright for README

On 01/12/16 18:39, Gert Doering wrote: > Hi, > > On Thu, Dec 01, 2016 at 05:43:28PM +0100, Christian Hesse wrote: >> From: Christian Hesse >> >> This line has not been touched in a long time... Let's >> update the copyright with recent year for README. > > I'm fine with merging

Re: [Openvpn-devel] [PATCH 1/1] update year in copyright for README

Hi, On Thu, Dec 1, 2016 at 12:39 PM, Gert Doering wrote: > On Thu, Dec 01, 2016 at 05:43:28PM +0100, Christian Hesse wrote: > > From: Christian Hesse > > > > This line has not been touched in a long time... Let's > > update the copyright with recent year for

Re: [Openvpn-devel] [PATCH 1/1] update year in copyright for README

Hi, On Thu, Dec 01, 2016 at 05:43:28PM +0100, Christian Hesse wrote: > From: Christian Hesse > > This line has not been touched in a long time... Let's > update the copyright with recent year for README. I'm fine with merging these, but... could you send a combined

[Openvpn-devel] [PATCH 1/1] update year in copyright for README

From: Christian Hesse This line has not been touched in a long time... Let's update the copyright with recent year for README. Signed-off-by: Christian Hesse --- README | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README b/README index

Re: [Openvpn-devel] [PATCH applied] Re: Force 'def1' method when --redirect-gateway is done through service

Hi, On Thu, Dec 01, 2016 at 11:19:56AM -0500, Selva Nair wrote: > Did I overlook something? Sounds too complex to me :-) - "just use def1" is good. > Not that I like it. Wonder how android does it. Well, there's a VPN API - you tell the API "these networks is what I want to connect to" and

Re: [Openvpn-devel] [PATCH applied] Re: Force 'def1' method when --redirect-gateway is done through service

Hi, On Thu, Dec 1, 2016 at 3:07 AM, Gert Doering wrote: > On Wed, Nov 30, 2016 at 11:06:02PM +0100, Arne Schwabe wrote: > > Slight correction. We actually set 0.0.0.0/0 on Android but Android > > *always* translates that into a 0.0.0.0/1 and a 128.0.0.0/1 rule. > > > > We

[Openvpn-devel] [PATCH v2 2/2] Refuse to daemonize when running from systemd

From: Christian Hesse We start with systemd Type=notify, so refuse to daemonize. This does not affect starting openvpn from script or command line. Signed-off-by: Christian Hesse --- distro/systemd/openvpn-client@.service | 1 -

[Openvpn-devel] [PATCH v2 1/2] Use systemd service manager notification

From: Christian Hesse Notify systemd service manager when our initialization sequence completed. This helps ordering services as dependencies can rely on vpn being available. Signed-off-by: Christian Hesse --- distro/systemd/openvpn-client@.service | 1 +

[Openvpn-devel] [PATCH applied] Re: Mention that OpenVPN 2.4 requires Windows Vista or higher

ACK. Your patch has been applied to the master branch. commit 1c587a11122206186098c2014d407d0eb469656e Author: Samuli Seppänen Date: Thu Dec 1 16:03:05 2016 +0200 Mention that OpenVPN 2.4 requires Windows Vista or higher Signed-off-by: Samuli Seppänen

Re: [Openvpn-devel] [PATCH] push: Provide a warning if --ifconfig-push have argument mismatch with --topology

Am 01.12.16 um 13:37 schrieb Gert Doering: > Hi, > > On Thu, Dec 01, 2016 at 01:31:31PM +0100, Arne Schwabe wrote: >> Am 30.11.16 um 23:41 schrieb David Sommerseth: >>> This adds a warning to the log file if --topology is configured to use >>> subnet or net30 and the 'subnet mask' argument of an

Re: [Openvpn-devel] [PATCH] push: Provide a warning if --ifconfig-push have argument mismatch with --topology

On 01-12-16 13:38, Gert Doering wrote: > On Thu, Dec 01, 2016 at 01:35:49PM +0100, Steffan Karger wrote: >> On 1 December 2016 at 13:33, Gert Doering wrote: >>>((uchar *)>c2.push_ifconfig_remote_netmask)[0] >> >> Looks like dereferencing a type-punned pointer to me ;) >

Re: [Openvpn-devel] [PATCH 1/1] Use systemd service manager notification

Christian Hesse on Wed, 2016/11/30 09:12: > Ok, lets go into detail. We can use three different settings: Type=simple, > Type=forking and Type=notify. > > * We used Type=forking for a long time. That is fine: systemd reports > success when the process forks off first time. That is

Re: [Openvpn-devel] [PATCH] push: Provide a warning if --ifconfig-push have argument mismatch with --topology

Hi, On Thu, Dec 01, 2016 at 01:35:49PM +0100, Steffan Karger wrote: > On 1 December 2016 at 13:33, Gert Doering wrote: > >((uchar *)>c2.push_ifconfig_remote_netmask)[0] > > Looks like dereferencing a type-punned pointer to me ;) I was waiting for this :-) (...but I

Re: [Openvpn-devel] [PATCH] push: Provide a warning if --ifconfig-push have argument mismatch with --topology

Hi, On Thu, Dec 01, 2016 at 01:31:31PM +0100, Arne Schwabe wrote: > Am 30.11.16 um 23:41 schrieb David Sommerseth: > > This adds a warning to the log file if --topology is configured to use > > subnet or net30 and the 'subnet mask' argument of an --ifconfig-push option > > is not an subnet mask.

Re: [Openvpn-devel] [PATCH] push: Provide a warning if --ifconfig-push have argument mismatch with --topology

Hi, On Thu, Dec 01, 2016 at 01:23:52PM +0100, David Sommerseth wrote: > > (What you can do is "peek at byte 0", which will always be the same > > part of the netmask [network byte order!], and which might actually > > make this easier to read .-) ) > > You mean like this? > > in_addr_t

Re: [Openvpn-devel] [PATCH] push: Provide a warning if --ifconfig-push have argument mismatch with --topology

Am 30.11.16 um 23:41 schrieb David Sommerseth: > This adds a warning to the log file if --topology is configured to use > subnet or net30 and the 'subnet mask' argument of an --ifconfig-push option > is not an subnet mask. The check done is to ensure the first octet is 0xff > (255) > > But way

Re: [Openvpn-devel] [PATCH] push: Provide a warning if --ifconfig-push have argument mismatch with --topology

On 01/12/16 09:01, Gert Doering wrote: > Hi, > > On Wed, Nov 30, 2016 at 11:41:27PM +0100, David Sommerseth wrote: >> + if ((c->options.topology == TOP_SUBNET || c->options.topology == >> TOP_NET30) >> + && (c->c2.push_ifconfig_remote_netmask & 0xff00) != >> 0xff00) > >

Re: [Openvpn-devel] combined ndis5 + ndis6 installer ?

Hi, Il 30/11/2016 11:58, Илья Шипицин ha scritto: > > > (and, yes, I'm going to build multi-language installer, probably > right > after 2.4 release) > > > This makes sense. Any plans on how you're going to do it? > > > > as we do not support windows 2000 anymore, we

[Openvpn-devel] [PATCH applied] Re: reload CRL only if file was modified

Your patch has been applied to the master branch. I've added a Changes.rst entry as discussed on IRC. commit ce91c187ee0dd73aa4dbe4468181db90403951ce Author: Antonio Quartulli Date: Thu Dec 1 18:41:45 2016 +0800 reload CRL only if file was modified Signed-off-by: Antonio Quartulli

Re: [Openvpn-devel] [PATCH v3] reload CRL only if file was modified

On 01-12-16 11:41, Antonio Quartulli wrote: > In order to prevent annoying delays upon client connection, > reload the CRL file only if it was modified since the last > reload operation. > If not, keep on using the already stored CRL. > > This change will boost client connection time in instances

[Openvpn-devel] [PATCH v3] reload CRL only if file was modified

In order to prevent annoying delays upon client connection, reload the CRL file only if it was modified since the last reload operation. If not, keep on using the already stored CRL. This change will boost client connection time in instances where the CRL file is quite large (dropping from

Re: [Openvpn-devel] [PATCH v2] reload CRL only if file was modified

On 01-12-16 09:13, Steffan Karger wrote: > else if (0 != platform_stat(crl_file, _stat)) > { > msg (M_WARN, "WARNING: Failed to stat CRL file, using cached CRL."); > } Ahum, as Gert noted on IRC, this missed a return statement to actually *not* load the CRL. So, better

Re: [Openvpn-devel] [PATCH v2] reload CRL only if file was modified

On Thu, Dec 01, 2016 at 09:13:36AM +0100, Steffan Karger wrote: > Hi, > > Tested on linux and windows, works as expected, except for one thing: > > On 01-12-16 07:55, Antonio Quartulli wrote: > > + /* > > + * an inline CRL can't change at runtime, therefore there is no need to > > + *

[Openvpn-devel] [PATCH applied] Re: Do not restart dns client service as a part of --register-dns processing

ACK, thanks. Code looks good, and test compiles. Have not test-run yet but do not expect any surprises there. I have added a Changes.rst entry (someone *might* notice and wonder if this was intentional :) ) and updated doc/openvpn.8 and the help text in options.c which both used to list all the

Re: [Openvpn-devel] [PATCH v2] reload CRL only if file was modified

Hi, Tested on linux and windows, works as expected, except for one thing: On 01-12-16 07:55, Antonio Quartulli wrote: > + /* > + * an inline CRL can't change at runtime, therefore there is no need to > + * reload it. It will be reloaded upon config change + SIGHUP. > + * Use always '1' as

Re: [Openvpn-devel] [PATCH applied] Re: Force 'def1' method when --redirect-gateway is done through service

Hi, On Wed, Nov 30, 2016 at 11:06:02PM +0100, Arne Schwabe wrote: > Slight correction. We actually set 0.0.0.0/0 on Android but Android > *always* translates that into a 0.0.0.0/1 and a 128.0.0.0/1 rule. > > We could do the same and do the translation in the interactive service > instead of

Re: [Openvpn-devel] [PATCH] push: Provide a warning if --ifconfig-push have argument mismatch with --topology

Hi, On Thu, Dec 01, 2016 at 05:15:11AM +0300, SviMik wrote: > While I admit that it is *extremely* unlikely to have a network larger than > /8, such logic still looks a little clumsy. It does not cover all the valid > netmasks neither it detects all possible invalid ones. This is true, but not

Re: [Openvpn-devel] [PATCH] push: Provide a warning if --ifconfig-push have argument mismatch with --topology

Hi, On Wed, Nov 30, 2016 at 11:41:27PM +0100, David Sommerseth wrote: > + if ((c->options.topology == TOP_SUBNET || c->options.topology == > TOP_NET30) > + && (c->c2.push_ifconfig_remote_netmask & 0xff00) != 0xff00) Are you sure of that? I would assume that this is stored