On Freitag, 9. September 2022 21:59:02 CEST Arne Schwabe wrote:
> --- a/src/openvpn/multi.c
> +++ b/src/openvpn/multi.c
> @@ -1803,6 +1803,10 @@ multi_client_set_protocol_options(struct context *c)
> {
> o->imported_protocol_flags |= CO_USE_TLS_KEY_MATERIAL_EXPORT;
> }
> +if
On Freitag, 9. September 2022 21:59:00 CEST Arne Schwabe wrote:
> This change makes the state machine more strict in terms of transation
*transitions
> Signed-off-by: Arne Schwabe
Acked-by: Heiko Hund
For those who wonder what this is/does, my take on it: basically shields the
calls to
Acked-by: Gert Doering
The feature itself is really in the "we are a swiss army knife and can
do everything" side of things. It does not introduce a new option and
no new #ifdef, and the actual code change is not very intrusive.
I should point out that there is potential for conflict with the
Signed-off-by: Kristof Provost
On 12 Oct 2022, at 16:59, Gert Doering wrote:
> For reasons unknown, OpenVPN has always put FreeBSD tun(4) interfaces
> into point-to-point mode (IFF_POINTOPOINT), which means "local and
> remote address, no on-link subnet".
>
> "--topology subnet" was emulated by
Signed-off-by: Kristof Provost
On 12 Oct 2022, at 16:59, Gert Doering wrote:
> To be able to configure a FreeBSD interface to "subnet" mode
> (as opposed to point-to-point mode), it needs to have its
> if_iflags set to IFF_BROADCAST. For tun(4) interface this is
> done with the TUNSIFMODE
On 12 Oct 2022, at 16:38, Gert Doering wrote:
> people have alreadycomplained at me that I write so long e-mails today,
> so I can write more...
>
> On Wed, Oct 12, 2022 at 08:39:31AM +0200, Gert Doering wrote:
>> Factor 1: single-peer (client or p2p) vs. multi-peer
>>
>> single-peer -> DCO has
Currently the life time of the auth-token is tied to the renegotiation
time. While this is fine for many setups, some setups prefer a user
to be no longer authenticated when the user disconnects from the VPN
for a certain amount of time.
This commit allows to shorten the renewal time of the
Hi,
I'm working through this, and have some questions...
On Fri, Oct 07, 2022 at 05:38:23PM +0200, Arne Schwabe wrote:
> diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
> index 6a45b9e91..eca4a4335 100644
> --- a/src/openvpn/forward.c
> +++ b/src/openvpn/forward.c
> @@ -195,9 +196,15
Acked-by: Gert Doering
Tested the whole lot again. Only difference to v1 is in p2mp mode with
incoming TLS EEN, which now logs
10:15:34 cron2-freebsd-tc-amd64/194.97.140.21:53341 Exit message received by
peer
10:15:34 cron2-freebsd-tc-amd64/194.97.140.21:53341 Delayed exit in 5 seconds