[Openvpn-devel] [PATCH master] Support --block-outside-dns on multiple tunnels

2016-08-24 Thread Selva Nair
Currently each instance of openvpn adds WFP filters into an independent sublayer. As a block in one sublayer can over-ride a permit in another, this causes all DNS traffic to block when --block-outside-dns is used in multiple tunnels. Fix using a common sublayer for adding firewall rules (filters)

[Openvpn-devel] [PATCH 2.3] Support --block-outside-dns on multiple tunnels

2016-08-24 Thread Selva Nair
Currently each instance of openvpn adds WFP filters into an independent sublayer. As a block in one sublayer can over-ride a permit in another, this causes all DNS traffic to block when --block-outside-dns is used in multiple tunnels. Fix using a common sublayer for adding firewall rules (filters)

Re: [Openvpn-devel] OpenVPN 2.3.12 released

2016-08-24 Thread Matthias Andree
Please - instead of my patch, use Steffan Karger's, subject "[PATCH] Fix unittests for out-of-source builds" of 2016-08-15. Thanks. -- ___ Openvpn-devel mailing list Openvpn-deve

Re: [Openvpn-devel] [PATCH] Fix unittests for out-of-source builds

2016-08-24 Thread Matthias Andree
Am 15.08.2016 um 20:02 schrieb Steffan Karger: > Signed-off-by: Steffan Karger > --- > configure.ac | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/configure.ac b/configure.ac > index 4f14ebd..9189c94 100644 > --- a/configure.ac > +++ b/configure.ac > @@ -1215,7 +1215,7 @

Re: [Openvpn-devel] OpenVPN 2.3.12 released

2016-08-24 Thread Matthias Andree
Am 23.08.2016 um 17:52 schrieb Samuli Seppänen: > The OpenVPN community project team is proud to release OpenVPN 2.3.12. > It can be downloaded from here: > > > > This release includes many small improvements and fixes. This is the > first

Re: [Openvpn-devel] Combined Windows installers

2016-08-24 Thread Selva Nair
On Wed, Aug 24, 2016 at 5:26 AM, Samuli Seppänen wrote: > 2) Bundle 32-bit and 64-bit OpenVPN in one installer > > Here one would select the installer based on OS (XP or Vista+), but > bitness would not matter: > > - NDIS5 + openvpn i686 + openvpn x86_64 > - NDIS6 + openvpn i686 + openvpn x86_64)

Re: [Openvpn-devel] Win10 Tun Server +Standard W10 User +OVPN Interactive Service +OVPN GUI

2016-08-24 Thread Selva Nair
On Wed, Aug 24, 2016 at 4:14 AM, Jan Just Keijser wrote: > Hi, > > On 23/08/16 14:34, Gert Doering wrote: > > On Tue, Aug 23, 2016 at 01:55:23AM +0100, debbie10t wrote: > >> I need to use --up/--down/--client-connect/disconnect et al .. > > You can, but they will run with the user privileges of t

Re: [Openvpn-devel] Win10 Tun Server +Standard W10 User +OVPN Interactive Service +OVPN GUI

2016-08-24 Thread Samuli Seppänen
Il 24/08/2016 16:25, Jan Just Keijser ha scritto: >> Iservice works like this (we have a documentation page coming, but that's >> not there yet) >> >> - the GUI runs as "me" (gert) >> - the iservice runs as "local service", maximum privileges >> - the GUI connects to the iservice, and asks i

Re: [Openvpn-devel] OpenVPN 2.3.12 released

2016-08-24 Thread Gert Doering
Hi, On Wed, Aug 24, 2016 at 09:25:12PM +1200, Jason Haar wrote: > On Wed, Aug 24, 2016 at 3:52 AM, Samuli Seppänen wrote: > > > The OpenVPN community project team is proud to release OpenVPN 2.3.12. > > Great work guys. Can you tell me if the peer-info and peer-id server side > code is in this

Re: [Openvpn-devel] Win10 Tun Server +Standard W10 User +OVPN Interactive Service +OVPN GUI

2016-08-24 Thread Jan Just Keijser
Hi Gert, On 24/08/16 14:53, Gert Doering wrote: > On Wed, Aug 24, 2016 at 11:11:53AM +0200, Jan Just Keijser wrote: just for my understanding: how would a user run an up/down script with *USER* credentials (necessary to map a share or printer, for example) in this scenario? > [..] >

Re: [Openvpn-devel] [PATCH v2] Drop recursively routed packets

2016-08-24 Thread Gert Doering
Hi, On Wed, Aug 24, 2016 at 10:12:54AM +0200, Jan Just Keijser wrote: > may I suggest to make this configurable, Well... > i.e. the user can specify > whether rec routed packets should be dropped? I'm afraid that we might > end up with code that drops packets that really should not be droppe

Re: [Openvpn-devel] Win10 Tun Server +Standard W10 User +OVPN Interactive Service +OVPN GUI

2016-08-24 Thread Gert Doering
Hi, On Wed, Aug 24, 2016 at 11:11:53AM +0200, Jan Just Keijser wrote: > >> just for my understanding: how would a user run an up/down script with > >> *USER* credentials (necessary to map a share or printer, for example) in > >> this scenario? [..] > Actually, how would a (clueless) user do this a

Re: [Openvpn-devel] Win10 Tun Server +Standard W10 User +OVPN Interactive Service +OVPN GUI

2016-08-24 Thread debbie10t
On 24/08/16 10:11, Jan Just Keijser wrote: > Hi, > > On 24/08/16 10:45, Samuli Seppänen wrote: >> Il 24/08/2016 11:14, Jan Just Keijser ha scritto: >>> Hi, >>> >>> On 23/08/16 14:34, Gert Doering wrote: On Tue, Aug 23, 2016 at 01:55:23AM +0100, debbie10t wrote: > I need to use --up/--dow

Re: [Openvpn-devel] broken link at https://community.openvpn.net/openvpn/wiki/BuildingUsingGenericBuildsystem

2016-08-24 Thread debbie10t
On 24/08/16 08:16, Samuli Seppänen wrote: > Il 23/08/2016 22:52, Илья Шипицин ha scritto: >> Hello, >> >> "Building TAP-Windows" link is broken. >> can we replace link with https://github.com/OpenVPN/tap-windows6 ? >> > The page was apparently emptied by spammers that attacked us 4 months > ago.

Re: [Openvpn-devel] OpenVPN 2.3.12 released

2016-08-24 Thread Jason Haar
On Wed, Aug 24, 2016 at 3:52 AM, Samuli Seppänen wrote: > The OpenVPN community project team is proud to release OpenVPN 2.3.12. > Great work guys. Can you tell me if the peer-info and peer-id server side code is in this version too? I'm still running on a GIT version of the server because of my

[Openvpn-devel] Combined Windows installers

2016-08-24 Thread Samuli Seppänen
Hi all, Right now we have four different Windows installers: 1) tap-windows (NDIS5) + 32-bit OpenVPN 2) tap-windows (NDIS5) + 64-bit OpenVPN 3) tap-windows6 (NDIS6) + 32-bit OpenVPN 4) tap-windows6 (NDIS6) + 32-bit OpenVPN Installers 1-2 are aimed at Windows XP, and installers 3-4 to Windows Vi

Re: [Openvpn-devel] Win10 Tun Server +Standard W10 User +OVPN Interactive Service +OVPN GUI

2016-08-24 Thread Jan Just Keijser
Hi, On 24/08/16 10:45, Samuli Seppänen wrote: > Il 24/08/2016 11:14, Jan Just Keijser ha scritto: >> Hi, >> >> On 23/08/16 14:34, Gert Doering wrote: >>> On Tue, Aug 23, 2016 at 01:55:23AM +0100, debbie10t wrote: I need to use --up/--down/--client-connect/disconnect et al .. >>> You can, but

Re: [Openvpn-devel] Win10 Tun Server +Standard W10 User +OVPN Interactive Service +OVPN GUI

2016-08-24 Thread Samuli Seppänen
Il 24/08/2016 11:14, Jan Just Keijser ha scritto: > Hi, > > On 23/08/16 14:34, Gert Doering wrote: >> On Tue, Aug 23, 2016 at 01:55:23AM +0100, debbie10t wrote: >>> I need to use --up/--down/--client-connect/disconnect et al .. >> You can, but they will run with the user privileges of the user that

Re: [Openvpn-devel] Win10 Tun Server +Standard W10 User +OVPN Interactive Service +OVPN GUI

2016-08-24 Thread Jan Just Keijser
Hi, On 23/08/16 14:34, Gert Doering wrote: > On Tue, Aug 23, 2016 at 01:55:23AM +0100, debbie10t wrote: >> I need to use --up/--down/--client-connect/disconnect et al .. > You can, but they will run with the user privileges of the user that > runs openvpn-gui by default. If you need more privileg

Re: [Openvpn-devel] [PATCH v2] Drop recursively routed packets

2016-08-24 Thread Jan Just Keijser
Hi, On 23/08/16 15:43, Gert Doering wrote: Hi, On Mon, Aug 22, 2016 at 09:18:28PM +0200, Gert Doering wrote: On Mon, Jan 04, 2016 at 02:43:44PM +0200, Lev Stipakov wrote: v2: better method naming [..] Trac #642 Signed-off-by: Lev Stipakov ACK. As stupid as this feels - we need to back t

Re: [Openvpn-devel] broken link at https://community.openvpn.net/openvpn/wiki/BuildingUsingGenericBuildsystem

2016-08-24 Thread Samuli Seppänen
Il 23/08/2016 22:52, Илья Шипицин ha scritto: > Hello, > > "Building TAP-Windows" link is broken. > can we replace link with https://github.com/OpenVPN/tap-windows6 ? > The page was apparently emptied by spammers that attacked us 4 months ago. I reverted their changes, so the original page is now

Re: [Openvpn-devel] what is "enable_distonly" for ?

2016-08-24 Thread Samuli Seppänen
> Hello, > > I'm going to clean up currently unused nsis code in openvpn-gui. The openvpn-gui.nsi file can be scrapped altogether, as it serves no purpose. It was created in the time before the Interactive Service and Selva's latest changes to OpenVPN-GUI. > Also, I noticed "enable_distonly" c