[Openvpn-devel] [PATCH v2 2.3] Repair IPv6 netsh calls if Win XP is detected
v2: * Add compat-versionhelpers.h to compat/Makefile.am so that "make dist" will include it into tarball. * Indentation v1: * Use adapter name instead of index on WinXP - sadly XP does not support indexes * Write Windows version to log * Send it with peer-info as IV_PLAT_VER Signed-off-by: Lev Stipakov--- config-msvc.h | 1 + configure.ac | 1 + src/compat/Makefile.am | 3 +- src/compat/compat-versionhelpers.h | 81 ++ src/openvpn/openvpn.c | 3 ++ src/openvpn/options.c | 12 ++ src/openvpn/options.h | 4 ++ src/openvpn/route.c| 19 ++--- src/openvpn/ssl.c | 3 ++ src/openvpn/tun.c | 2 +- src/openvpn/win32.c| 63 + src/openvpn/win32.h| 13 ++ 12 files changed, 197 insertions(+), 8 deletions(-) create mode 100644 src/compat/compat-versionhelpers.h diff --git a/config-msvc.h b/config-msvc.h index fa99384..ae43a5f 100644 --- a/config-msvc.h +++ b/config-msvc.h @@ -45,6 +45,7 @@ #define HAVE_SYS_STAT_H 1 #define HAVE_LZO_LZO1X_H 1 #define HAVE_LZO_LZOUTIL_H 1 +#define HAVE_VERSIONHELPERS_H 1 #define HAVE_ACCESS 1 #define HAVE_CHDIR 1 diff --git a/configure.ac b/configure.ac index 87d9116..773cded 100644 --- a/configure.ac +++ b/configure.ac @@ -423,6 +423,7 @@ AC_CHECK_HEADERS([ \ netinet/in.h netinet/in_systm.h \ netinet/tcp.h arpa/inet.h netdb.h \ windows.h winsock2.h ws2tcpip.h \ + versionhelpers.h \ ]) AC_CHECK_HEADERS([ \ sys/time.h sys/ioctl.h sys/stat.h \ diff --git a/src/compat/Makefile.am b/src/compat/Makefile.am index 7ad4452..273389e 100644 --- a/src/compat/Makefile.am +++ b/src/compat/Makefile.am @@ -26,4 +26,5 @@ libcompat_la_SOURCES = \ compat-gettimeofday.c \ compat-daemon.c \ compat-inet_ntop.c \ - compat-inet_pton.c + compat-inet_pton.c \ + compat-versionhelpers.h diff --git a/src/compat/compat-versionhelpers.h b/src/compat/compat-versionhelpers.h new file mode 100644 index 000..f634091 --- /dev/null +++ b/src/compat/compat-versionhelpers.h @@ -0,0 +1,81 @@ +/** + * This file is part of the mingw-w64 runtime package. + * No warranty is given; refer to the file DISCLAIMER within this package. + */ + +#ifndef _INC_VERSIONHELPERS +#define _INC_VERSIONHELPERS + +#include + +#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP) && !defined(__WIDL__) + +#ifdef __cplusplus +#define VERSIONHELPERAPI inline bool +#else +#define VERSIONHELPERAPI FORCEINLINE BOOL +#endif + +#define _WIN32_WINNT_WINBLUE0x0603 + +VERSIONHELPERAPI IsWindowsVersionOrGreater(WORD major, WORD minor, WORD servpack) +{ +OSVERSIONINFOEXW vi = {sizeof(vi),major,minor,0,0,{0},servpack}; +return VerifyVersionInfoW(, VER_MAJORVERSION|VER_MINORVERSION|VER_SERVICEPACKMAJOR, +VerSetConditionMask(VerSetConditionMask(VerSetConditionMask(0, +VER_MAJORVERSION,VER_GREATER_EQUAL), +VER_MINORVERSION,VER_GREATER_EQUAL), +VER_SERVICEPACKMAJOR, VER_GREATER_EQUAL)); +} + +VERSIONHELPERAPI IsWindowsXPOrGreater(void) { +return IsWindowsVersionOrGreater(HIBYTE(_WIN32_WINNT_WINXP), LOBYTE(_WIN32_WINNT_WINXP), 0); +} + +VERSIONHELPERAPI IsWindowsXPSP1OrGreater(void) { +return IsWindowsVersionOrGreater(HIBYTE(_WIN32_WINNT_WINXP), LOBYTE(_WIN32_WINNT_WINXP), 1); +} + +VERSIONHELPERAPI IsWindowsXPSP2OrGreater(void) { +return IsWindowsVersionOrGreater(HIBYTE(_WIN32_WINNT_WINXP), LOBYTE(_WIN32_WINNT_WINXP), 2); +} + +VERSIONHELPERAPI IsWindowsXPSP3OrGreater(void) { +return IsWindowsVersionOrGreater(HIBYTE(_WIN32_WINNT_WINXP), LOBYTE(_WIN32_WINNT_WINXP), 3); +} + +VERSIONHELPERAPI IsWindowsVistaOrGreater(void) { +return IsWindowsVersionOrGreater(HIBYTE(_WIN32_WINNT_VISTA), LOBYTE(_WIN32_WINNT_VISTA), 0); +} + +VERSIONHELPERAPI IsWindowsVistaSP1OrGreater(void) { +return IsWindowsVersionOrGreater(HIBYTE(_WIN32_WINNT_VISTA), LOBYTE(_WIN32_WINNT_VISTA), 1); +} + +VERSIONHELPERAPI IsWindowsVistaSP2OrGreater(void) { +return IsWindowsVersionOrGreater(HIBYTE(_WIN32_WINNT_VISTA), LOBYTE(_WIN32_WINNT_VISTA), 2); +} + +VERSIONHELPERAPI IsWindows7OrGreater(void) { +return IsWindowsVersionOrGreater(HIBYTE(_WIN32_WINNT_WIN7), LOBYTE(_WIN32_WINNT_WIN7), 0); +} + +VERSIONHELPERAPI IsWindows7SP1OrGreater(void) { +return IsWindowsVersionOrGreater(HIBYTE(_WIN32_WINNT_WIN7), LOBYTE(_WIN32_WINNT_WIN7), 1); +} + +VERSIONHELPERAPI IsWindows8OrGreater(void) { +return IsWindowsVersionOrGreater(HIBYTE(_WIN32_WINNT_WIN8), LOBYTE(_WIN32_WINNT_WIN8), 0); +} + +VERSIONHELPERAPI IsWindows8Point1OrGreater(void) { +return IsWindowsVersionOrGreater(HIBYTE(_WIN32_WINNT_WINBLUE), LOBYTE(_WIN32_WINNT_WINBLUE), 0); +} + +VERSIONHELPERAPI IsWindowsServer(void) { +OSVERSIONINFOEXW vi =
Re: [Openvpn-devel] [PATCH] Detecting Windows version
Hi, On Tue, Dec 29, 2015 at 06:03:04PM +0200, Lev Stipakov wrote: > * Use adapter name instead of index on WinXP - sadly XP does not support > indexes > * Write Windows version to log > * Send it with peer-info as IV_PLAT_VER Overall, I'm fine with the patch - thanks a lot. I've built release/2.3 + patch on ubuntu 14.04 and tested on XP SP3, and it nicely worked - sending IV_PLAT_VER=5.1 ("WIN_XP"), and using interface name again. A few small details (half of them already discussed on IRC): - please send IV_PLAT_VER only if the client requested this (push-peer-info) (this is slightly more sensitive information, comparable to library versions, and when introducing library versions in IV_SSL, we decided to not send such information by default) - and please send a patch of the windows version bits for master ("all but the changes against route.c and tun.c" :) ) - src/compat/compat-versionhelpers.h needs to be listed "somewhere" (src/compat/Makefile.am libcompat_la_SOURCES=... maybe?) so that "make dist" will include it into the generated .tar.gz > #elif defined (WIN32) > > - struct buffer out = alloc_buf_gc (64, ); > - buf_printf (, "interface=%d", tt->adapter_index ); > - device = buf_bptr(); > + if (win32_version_info() != WIN_XP) > +{ > + struct buffer out = alloc_buf_gc (64, ); > + buf_printf (, "interface=%d", tt->adapter_index ); > + device = buf_bptr(); > +} the indentation on these is off - they are indented with a full but our funny 2.3 convention requires *six* spaces here... (sorry for being a pain... trying to be consistent) Same thing for delete_route_ipv6(). Functionally, this all looks perfectly fine (I only tested on XP, but as the rest is just existing code, it will "obviously" work for the non-XP case). [..] > +int > +win32_version_info() > +{ > +if (!IsWindowsXPOrGreater()) > +{ > +msg (M_FATAL, "Error: Windows version must be XP or greater."); > +} > + > +if (!IsWindowsVistaOrGreater()) > +{ > +return WIN_XP; > +} I'm not sure if this is the canonical best version to deal with it or not, but I don't particularily *want* to get myself involved into this. If someone else thinks this needs improvement (like, working Win10 detection :-) ) I'm all open to accept additional patches on top of it, but to solve our immediate needs, this is good enough for me and does not *need* changes. thanks, and waiting for v2 :-) gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de signature.asc Description: PGP signature
[Openvpn-devel] [PATCH] Detecting Windows version
* Use adapter name instead of index on WinXP - sadly XP does not support indexes * Write Windows version to log * Send it with peer-info as IV_PLAT_VER Signed-off-by: Lev Stipakov--- config-msvc.h | 1 + configure.ac | 1 + src/compat/compat-versionhelpers.h | 81 ++ src/openvpn/openvpn.c | 3 ++ src/openvpn/options.c | 12 ++ src/openvpn/options.h | 4 ++ src/openvpn/route.c| 19 ++--- src/openvpn/ssl.c | 2 + src/openvpn/tun.c | 2 +- src/openvpn/win32.c| 63 + src/openvpn/win32.h| 13 ++ 11 files changed, 194 insertions(+), 7 deletions(-) create mode 100644 src/compat/compat-versionhelpers.h diff --git a/config-msvc.h b/config-msvc.h index fa99384..ae43a5f 100644 --- a/config-msvc.h +++ b/config-msvc.h @@ -45,6 +45,7 @@ #define HAVE_SYS_STAT_H 1 #define HAVE_LZO_LZO1X_H 1 #define HAVE_LZO_LZOUTIL_H 1 +#define HAVE_VERSIONHELPERS_H 1 #define HAVE_ACCESS 1 #define HAVE_CHDIR 1 diff --git a/configure.ac b/configure.ac index 87d9116..773cded 100644 --- a/configure.ac +++ b/configure.ac @@ -423,6 +423,7 @@ AC_CHECK_HEADERS([ \ netinet/in.h netinet/in_systm.h \ netinet/tcp.h arpa/inet.h netdb.h \ windows.h winsock2.h ws2tcpip.h \ + versionhelpers.h \ ]) AC_CHECK_HEADERS([ \ sys/time.h sys/ioctl.h sys/stat.h \ diff --git a/src/compat/compat-versionhelpers.h b/src/compat/compat-versionhelpers.h new file mode 100644 index 000..f634091 --- /dev/null +++ b/src/compat/compat-versionhelpers.h @@ -0,0 +1,81 @@ +/** + * This file is part of the mingw-w64 runtime package. + * No warranty is given; refer to the file DISCLAIMER within this package. + */ + +#ifndef _INC_VERSIONHELPERS +#define _INC_VERSIONHELPERS + +#include + +#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP) && !defined(__WIDL__) + +#ifdef __cplusplus +#define VERSIONHELPERAPI inline bool +#else +#define VERSIONHELPERAPI FORCEINLINE BOOL +#endif + +#define _WIN32_WINNT_WINBLUE0x0603 + +VERSIONHELPERAPI IsWindowsVersionOrGreater(WORD major, WORD minor, WORD servpack) +{ +OSVERSIONINFOEXW vi = {sizeof(vi),major,minor,0,0,{0},servpack}; +return VerifyVersionInfoW(, VER_MAJORVERSION|VER_MINORVERSION|VER_SERVICEPACKMAJOR, +VerSetConditionMask(VerSetConditionMask(VerSetConditionMask(0, +VER_MAJORVERSION,VER_GREATER_EQUAL), +VER_MINORVERSION,VER_GREATER_EQUAL), +VER_SERVICEPACKMAJOR, VER_GREATER_EQUAL)); +} + +VERSIONHELPERAPI IsWindowsXPOrGreater(void) { +return IsWindowsVersionOrGreater(HIBYTE(_WIN32_WINNT_WINXP), LOBYTE(_WIN32_WINNT_WINXP), 0); +} + +VERSIONHELPERAPI IsWindowsXPSP1OrGreater(void) { +return IsWindowsVersionOrGreater(HIBYTE(_WIN32_WINNT_WINXP), LOBYTE(_WIN32_WINNT_WINXP), 1); +} + +VERSIONHELPERAPI IsWindowsXPSP2OrGreater(void) { +return IsWindowsVersionOrGreater(HIBYTE(_WIN32_WINNT_WINXP), LOBYTE(_WIN32_WINNT_WINXP), 2); +} + +VERSIONHELPERAPI IsWindowsXPSP3OrGreater(void) { +return IsWindowsVersionOrGreater(HIBYTE(_WIN32_WINNT_WINXP), LOBYTE(_WIN32_WINNT_WINXP), 3); +} + +VERSIONHELPERAPI IsWindowsVistaOrGreater(void) { +return IsWindowsVersionOrGreater(HIBYTE(_WIN32_WINNT_VISTA), LOBYTE(_WIN32_WINNT_VISTA), 0); +} + +VERSIONHELPERAPI IsWindowsVistaSP1OrGreater(void) { +return IsWindowsVersionOrGreater(HIBYTE(_WIN32_WINNT_VISTA), LOBYTE(_WIN32_WINNT_VISTA), 1); +} + +VERSIONHELPERAPI IsWindowsVistaSP2OrGreater(void) { +return IsWindowsVersionOrGreater(HIBYTE(_WIN32_WINNT_VISTA), LOBYTE(_WIN32_WINNT_VISTA), 2); +} + +VERSIONHELPERAPI IsWindows7OrGreater(void) { +return IsWindowsVersionOrGreater(HIBYTE(_WIN32_WINNT_WIN7), LOBYTE(_WIN32_WINNT_WIN7), 0); +} + +VERSIONHELPERAPI IsWindows7SP1OrGreater(void) { +return IsWindowsVersionOrGreater(HIBYTE(_WIN32_WINNT_WIN7), LOBYTE(_WIN32_WINNT_WIN7), 1); +} + +VERSIONHELPERAPI IsWindows8OrGreater(void) { +return IsWindowsVersionOrGreater(HIBYTE(_WIN32_WINNT_WIN8), LOBYTE(_WIN32_WINNT_WIN8), 0); +} + +VERSIONHELPERAPI IsWindows8Point1OrGreater(void) { +return IsWindowsVersionOrGreater(HIBYTE(_WIN32_WINNT_WINBLUE), LOBYTE(_WIN32_WINNT_WINBLUE), 0); +} + +VERSIONHELPERAPI IsWindowsServer(void) { +OSVERSIONINFOEXW vi = {sizeof(vi),0,0,0,0,{0},0,0,0,VER_NT_WORKSTATION}; +return !VerifyVersionInfoW(, VER_PRODUCT_TYPE, VerSetConditionMask(0, VER_PRODUCT_TYPE, VER_EQUAL)); +} + +#endif +#endif diff --git a/src/openvpn/openvpn.c b/src/openvpn/openvpn.c index 32e326e..823c3dd 100644 --- a/src/openvpn/openvpn.c +++ b/src/openvpn/openvpn.c @@ -220,6 +220,9 @@ openvpn_main (int argc, char *argv[]) /* print version number */ msg (M_INFO, "%s", title_string); +#ifdef WIN32 + show_windows_version(M_INFO); +#endif
[Openvpn-devel] man openvpn(8): --block-outside-dns
Is this considered to be sufficient documentation: https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage --block-outside-dns Block DNS servers on other network adapters to prevent DNS leaks. This option prevents any application from accessing TCP or UDP port 53 except one inside the tunnel. It uses Windows Filtering Platform (WFP) and works on Windows Vista or later. --block-outside-dns is not an openvpn directive ... it cannot be used in a config file as such. Regards
Re: [Openvpn-devel] Summary of today's (28th Dec 2015) IRC meeting
Hi, On Tue, Dec 29, 2015 at 12:21:06AM -, debbie...@gmail.com wrote: > > Discussed the OpenVPN 2.3.10 release. IPv6 support for Windows XP is > > broken right now > > Bit surprised so tested :- > 236-I00x-i686 - ipv6 ok > 237-I00x-i686 - ipv6 ok > 238-I00x-i686 - ipv6 ok > > 239-I00x-i686 - ipv6 *not* ok We're fully aware why this is broken, and it has been already discussed on the mailing list :-) - so nothing to be surprised about. (The "use interface index in argument to netsh.exe" patches break XP, as XP-netsh.exe does not understand interface indexes - *sigh*) gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de signature.asc Description: PGP signature
Re: [Openvpn-devel] Summary of today's (28th Dec 2015) IRC meeting
- Original Message - From: "Samuli Seppänen"To: "Samuli Seppänen" Cc: Sent: Monday, December 28, 2015 9:33 PM Subject: [Openvpn-devel] Summary of today's (28th Dec 2015) IRC meeting Hi, Here's the summary of today's IRC meeting. Discussed the OpenVPN 2.3.10 release. IPv6 support for Windows XP is broken right now Bit surprised so tested :- 236-I00x-i686 - ipv6 ok 237-I00x-i686 - ipv6 ok 238-I00x-i686 - ipv6 ok 239-I00x-i686 - ipv6 *not* ok Regards