Patch has been applied to the master and release/2.5 branch.
commit 94cebf8261d20a55b0260cce61ad892a98bc24d8 (master)
commit 44e9f3933e27988193e4a0346559f53e5b876bde (release/2.5)
Author: Gert Doering
Date: Thu Sep 17 18:19:09 2020 +0200
Add demo plugin that excercises CLIENT_CONNECT and
On 17/09/2020 18:19, Gert Doering wrote:
> This is a new "samples" plugin which does not do many useful things,
> besides
> - show how a plugin is programmed
> - how the various messages get dispatched
> - how to pass back information from a client-connect/v2 plugin
> - how to do async-cc
This is a new "samples" plugin which does not do many useful things,
besides
- show how a plugin is programmed
- how the various messages get dispatched
- how to pass back information from a client-connect/v2 plugin
- how to do async-cc plugins [not yet implemented]
the operation of the
Hi Arne,
thank you for your extensive review of OpenVPN with wolfSSL.
On 17/09/2020 00:05, Arne Schwabe wrote:
...
I am still seeing this warning:
2020-09-16 23:20:14 WARNING: 'auth' is used inconsistently, local='auth
SHA', remote='auth SHA1'
Are you internally calling SHA1 just SHA and
Am 17.09.20 um 17:50 schrieb Juliusz Sosinowicz:
> Could you describe how you generated this warning? Looking into our
> sources, we do call SHA1 just SHA in wolfSSL. Other variants have names
> in the format of SHA.
Just connecting to a server.
Arne
signature.asc
Description: OpenPGP digital
Patch has been applied to the master and release/2.5 branch.
Release/2.4 has the same "unintended feature", but the pool code
is sufficiently different that this patch will not work - I do
not see this as significant problem ("a documented workaround
exists"), so do not currently plan to
Hi,
On 17/09/2020 10:59, Gert Doering wrote:
> The first IPv6 address in a subnet is not usable (IPv6 anycast address),
> but our pool code ignored this.
>
> Instead of assigning an unusable address or erroring out, just log the
> fact, and increment the pool start to ::1
>
> NOTE: this is a
DNS SRV remote host discovery allows to have multiple OpenVPN servers for
a single domain w/o explicit profile enumeration, to move services from
host to host with little fuss, and to designate hosts as primary servers
for a service and others as backups.
Feature has been asked several times
Hi, Gert
> > That "fix for real" is about persist_remote_ip option as far as I
> > understand, not directly related to this fatal assert fix.
>
> Well, the whole preresolve / connection entry "complex" is old and has
been
> extended and updated a few times, and your SVR patch also builds on top
Hi,
> openvpn3, as I understand, sets up "all host routes!" right at the start
It depends on how openvpn3 library is used.
OpenVPN3 Linux client adds bypass route for the specific remote
just before connection attempt. Same for our Connect Windows / Mac clients,
which are partially
The first IPv6 address in a subnet is not usable (IPv6 anycast address),
but our pool code ignored this.
Instead of assigning an unusable address or erroring out, just log the
fact, and increment the pool start to ::1
NOTE: this is a bit simplistic. A pool that is larger than /96 and
has non-0
Hi,
On Thu, Sep 17, 2020 at 01:54:39PM +0500, Vladislav Grishenko wrote:
> Thank you a lot,
Not needed :-)
> That "fix for real" is about persist_remote_ip option as far as I
> understand, not directly related to this fatal assert fix.
Well, the whole preresolve / connection entry "complex" is
Thank you a lot,
That "fix for real" is about persist_remote_ip option as far as I
understand, not directly related to this fatal assert fix.
--
Best Regards, Vladislav Grishenko
> -Original Message-
> From: Gert Doering
> Sent: Thursday, September 17, 2020 1:46 PM
> To: Vladislav
Your patch has been applied to the master, release/2.5 and release/2.4 branch
(bugfix).
I have fixed a few "addinfo" occurances and re-wrapped the comment
slightly. Not checked the actual code, just ran a t_client test on
2.4 "to be sure".
As Arne wrote there is a "fix for real" dangling
Hi,
On 17/09/2020 09:01, Gert Doering wrote:
> We look at "base", which is only the host part, but "at most 32 bits of
> the host part".
>
> (This is *your* code...!)
(self-shaming dance mode=ON)
Riiight, then drop this comment. The patch looks good, except for the
comment that needs more
Hi,
On Thu, Sep 17, 2020 at 08:55:07AM +0200, Antonio Quartulli wrote:
> > }
> >
> > pool->ipv6.base = ipv6_base;
> > +
> > +/* if a pool starts at ::0, that first IPv6 address is not usable
>
> can we reword a bit this comment? I.e.: "if the starting address of a
>
Hi,
On 11/09/2020 13:59, Gert Doering wrote:
> The first IPv6 address in a subnet is not usable (IPv6 anycast address),
> but our pool code ignored this.
>
> Instead of assigning an unusable address or erroring out, just log the
> fact, and increment the pool start to ::1
>
> NOTE: this is a
Hi,
> If remote server has been resolved to multiple addresses, at
> least one connection attemt
typ0
> Fix this behaviour by cleaning stale addinfo objects.
Stared at code and it looks fine - same cleanup logic as in
do_close_link_socket().
Built and tested with MSVC - reproduced assert
18 matches
Mail list logo
