[Openvpn-devel] [PATCH v2] reload CRL only if file was modified

2016-11-30 Thread Antonio Quartulli
In order to prevent annoying delays upon client connection, reload the CRL file only if it was modified since the last reload operation. If not, keep on using the already stored CRL. This change will boost client connection time in instances where the CRL file is quite large (dropping from

Re: [Openvpn-devel] [PATCH] push: Provide a warning if --ifconfig-push have argument mismatch with --topology

2016-11-30 Thread Selva Nair
Hi, Some nitpicking on the eleventh hour... The comment does not agree with the code: > +++ b/src/openvpn/push.c > @@ -333,6 +333,16 @@ prepare_push_reply (struct context *c, struct > gc_arena *gc, >print_in_addr_t (ifconfig_local, 0, gc), >

Re: [Openvpn-devel] [PATCH] push: Provide a warning if --ifconfig-push have argument mismatch with --topology

2016-11-30 Thread SviMik
While I admit that it is *extremely* unlikely to have a network larger than /8, such logic still looks a little clumsy. It does not cover all the valid netmasks neither it detects all possible invalid ones. If you wish to test if the netmask is valid, this solution could be better:

[Openvpn-devel] [PATCH] push: Provide a warning if --ifconfig-push have argument mismatch with --topology

2016-11-30 Thread David Sommerseth
This adds a warning to the log file if --topology is configured to use subnet or net30 and the 'subnet mask' argument of an --ifconfig-push option is not an subnet mask. The check done is to ensure the first octet is 0xff (255) Trac: #755 Signed-off-by: David Sommerseth ---

Re: [Openvpn-devel] [PATCH applied] Re: Force 'def1' method when --redirect-gateway is done through service

2016-11-30 Thread Selva Nair
On Wed, Nov 30, 2016 at 5:06 PM, Arne Schwabe wrote: > > > > The patch does what we agreed on in the trac ticket ("no user changes" > > for the normal case, and "in the service pipe change, imply def1 if > > no flags set"). This is very little extra code and easily checked, >

Re: [Openvpn-devel] [PATCH applied] Re: Force 'def1' method when --redirect-gateway is done through service

2016-11-30 Thread Arne Schwabe
Am 30.11.16 um 19:58 schrieb Gert Doering: > ACK, thanks. > > The patch does what we agreed on in the trac ticket ("no user changes" > for the normal case, and "in the service pipe change, imply def1 if > no flags set"). This is very little extra code and easily checked, > while fixing this in

[Openvpn-devel] [PATCH] Do not restart dns client service as a part of --register-dns processing

2016-11-30 Thread Selva Nair
As reported and discussed on Trac #775, restarting dns service has unwanted side effects when there are dependent services. And it appears unnecessary to restart this service to get DNS registered on Windows. Resolve by removing two actions from --register-dns: 'net stop dnscache' and 'net start

[Openvpn-devel] Summary of the today's (Wednesday, 30th Nov 2016) community meeting

2016-11-30 Thread Samuli Seppänen
Hi, Here's the summary of today's IRC meeting. --- COMMUNITY MEETING Place: #openvpn-meeting on irc.freenode.net Date: Wednesday 30th November 2016 Time: 20:00 CET (19:00 UTC) Planned meeting topics for this meeting were here:

[Openvpn-devel] [PATCH applied] Re: Force 'def1' method when --redirect-gateway is done through service

2016-11-30 Thread Gert Doering
ACK, thanks. The patch does what we agreed on in the trac ticket ("no user changes" for the normal case, and "in the service pipe change, imply def1 if no flags set"). This is very little extra code and easily checked, while fixing this in other ways would need much more code - for a sort-of

[Openvpn-devel] [PATCH applied] Re: Map restart signals from event loop to SIGTERM during exit-notification wait

2016-11-30 Thread Gert Doering
ACK. Same (reproduceable) problem, similar fix, good :-) Your patch has been applied to the release/2.3 branch. commit 4d397fcbc023271c7117cb83b13114389bf3265b Author: Selva Nair Date: Tue Nov 29 20:48:55 2016 -0500 Map restart signals from event loop to SIGTERM during exit-notification

Re: [Openvpn-devel] [PATCH] reload CRL only if file was modified

2016-11-30 Thread Antonio Quartulli
On Wed, Nov 30, 2016 at 05:26:30PM +0300, SviMik wrote: > 1) I would also check if the file size was changed, not only mtime. > this would work against 2 CRLs with the same mtime but different size: is this is a real case we have to worry about? Anyway, adding this check is easy. I'd do it if

Re: [Openvpn-devel] [PATCH] reload CRL only if file was modified

2016-11-30 Thread SviMik
1) I would also check if the file size was changed, not only mtime. 2) I wasn't digging the code deeply, but the > ssl_ctx->crl_last_mtime.tv_sec >= crl_stat.st_mtime makes me think it would fail if the file goes reverted to a previous version. Perhaps the check shall be != instead of >=. > In

Re: [Openvpn-devel] [PATCH v2 9/9] client-connect: Add deferred support to the client-connect plugin v1 handler

2016-11-30 Thread Heikki Hannikainen
Fabian, Have you by any chance ported this patch set forward to the current OpenVPN master / 2.4. beta? We have used a variation of it, and gained a noticeable performance boost, for a long time. Thanks to the deferred client-connect handling the openvpn server does not stop packet processing

Re: [Openvpn-devel] [PATCH 1/1] Refuse to daemonize when running from systemd

2016-11-30 Thread Christian Hesse
David Sommerseth on Wed, 2016/11/30 12:52: > On 30/11/16 09:59, Christian Hesse wrote: > > From: Christian Hesse > > > > We start with systemd Type=notify, so refuse to daemonize. > > > > Signed-off-by: Christian Hesse > > --- >

Re: [Openvpn-devel] [PATCH 1/1] Refuse to daemonize when running from systemd

2016-11-30 Thread David Sommerseth
On 30/11/16 10:15, Christian Hesse wrote: > Steffan Karger on Wed, 2016/11/30 10:06: >> Hi, >> >> On 30-11-16 09:59, Christian Hesse wrote: >>> --- a/src/openvpn/init.c >>> +++ b/src/openvpn/init.c >>> @@ -926,6 +926,13 @@ bool >>> possibly_become_daemon (const struct

Re: [Openvpn-devel] [PATCH 1/1] Refuse to daemonize when running from systemd

2016-11-30 Thread David Sommerseth
On 30/11/16 09:59, Christian Hesse wrote: > From: Christian Hesse > > We start with systemd Type=notify, so refuse to daemonize. > > Signed-off-by: Christian Hesse > --- > distro/systemd/openvpn-client@.service | 1 - > distro/systemd/openvpn-server@.service | 1

Re: [Openvpn-devel] combined ndis5 + ndis6 installer ?

2016-11-30 Thread Илья Шипицин
2016-11-30 12:36 GMT+03:00 Samuli Seppänen : > Il 30/11/2016 09:53, Илья Шипицин ha scritto: > >> Hello, >> >> as we finished x86 + x64 installer, we can do something else now. >> @mattock, which installer are you going to build ? >> >> it used to be (ndis5, ndis6) x (x86,

Re: [Openvpn-devel] combined ndis5 + ndis6 installer ?

2016-11-30 Thread Samuli Seppänen
Il 30/11/2016 09:53, Илья Шипицин ha scritto: > Hello, > > as we finished x86 + x64 installer, we can do something else now. > @mattock, which installer are you going to build ? > > it used to be (ndis5, ndis6) x (x86, x64) matrix, what will be future > matrix ? As discussed earlier bloating the

Re: [Openvpn-devel] [PATCH 1/1] Refuse to daemonize when running from systemd

2016-11-30 Thread Steffan Karger
On 30-11-16 10:15, Christian Hesse wrote: > Steffan Karger on Wed, 2016/11/30 10:06: >> Hi, >> >> On 30-11-16 09:59, Christian Hesse wrote: >>> --- a/src/openvpn/init.c >>> +++ b/src/openvpn/init.c >>> @@ -926,6 +926,13 @@ bool >>> possibly_become_daemon (const struct

Re: [Openvpn-devel] [PATCH 1/1] Refuse to daemonize when running from systemd

2016-11-30 Thread Christian Hesse
Steffan Karger on Wed, 2016/11/30 10:06: > Hi, > > On 30-11-16 09:59, Christian Hesse wrote: > > --- a/src/openvpn/init.c > > +++ b/src/openvpn/init.c > > @@ -926,6 +926,13 @@ bool > > possibly_become_daemon (const struct options *options) > > { > >bool ret =

Re: [Openvpn-devel] [PATCH 1/1] Refuse to daemonize when running from systemd

2016-11-30 Thread Steffan Karger
Hi, On 30-11-16 09:59, Christian Hesse wrote: > --- a/src/openvpn/init.c > +++ b/src/openvpn/init.c > @@ -926,6 +926,13 @@ bool > possibly_become_daemon (const struct options *options) > { >bool ret = false; > + > +#ifdef ENABLE_SYSTEMD > + /* return without forking if we are running from

[Openvpn-devel] [PATCH 1/1] Refuse to daemonize when running from systemd

2016-11-30 Thread Christian Hesse
From: Christian Hesse We start with systemd Type=notify, so refuse to daemonize. Signed-off-by: Christian Hesse --- distro/systemd/openvpn-client@.service | 1 - distro/systemd/openvpn-server@.service | 1 - src/openvpn/init.c | 7 +++ 3

[Openvpn-devel] [PATCH applied] Re: When parsing '--setenv opt xx ..' make sure a third parameter is present

2016-11-30 Thread Gert Doering
ACK, thanks. (I thought "just checking for ...&& p[2] && ..." would be nicer, but then it falls through and just silently setenv-s "opt" to "empty", which is not the intent...) I have changed the reference to the Trac ticket to the newly-agreed-upon (yesterday on IRC) standard format, which is

Re: [Openvpn-devel] [PATCH] reload CRL only if file was modified

2016-11-30 Thread Steffan Karger
Hi, On 30-11-16 02:16, Antonio Quartulli wrote: > Do I really need to split declaration and definition? Or can I just > doxy-document the definition in the same place where it is now? Well, either add a declaration at the top of the file (before the first usage), or move the function up to

Re: [Openvpn-devel] [PATCH 1/1] Use systemd service manager notification

2016-11-30 Thread Christian Hesse
CCing Elias Probst as he is listed as contributor for last commit changing systemd units (8b42c197626430118ed126c1b8256ba5ae1f699a, "systemd: Improve the systemd unit files"). Anybody else involved with systemd units? David Sommerseth on Wed, 2016/11/30 02:45: