From: Lev Stipakov
Since Wintun doesn't do DHCP, use interactive service
calls to set up adapter properties.
This also fixes bug in previously unused IPv4 code of
do_address_service():
- ipv4 address must be in network byte order
- prefix length cannot be hardcoded /32 but
must be calculated
Hi,
Probably this is the only one in the series without an ACK.
v2 was reviewed by Simon and suggested changes are in here.
This looks good to me.
On Tue, Nov 12, 2019 at 9:44 AM Lev Stipakov wrote:
>
> From: Lev Stipakov
>
> With tap-windows6 we clear adapter settings with DHCP,
> but since w
Your patch has been applied to the master branch.
(An ACK on v2, an ACK on v5, this is v5 :-) ).
Test built on Ubuntu 1604 (works), not actually tested anything.
Did a little bit of stare-at-code, which did not turn up anything
I need to complain about... introducing a new ring_buffer.c file fo
Your patch has been applied to the master branch.
I have "forward-logged" Steffan's ACK on the v6 patch as the v8 is
close enough, except for the "struct win_tun" change (which look
reasonable), plus Simon's ACK.
What I do not like is code that uses malloc() and then calls ZeroMemory()
right af
Hi
On Tue, Dec 17, 2019 at 6:09 AM Simon Rozman wrote:
>
> I have been playing with Lev's patches for the past few days. Tested them,
> debugged them, did some fixes. There are things to be desired like
> netsh=>ipcfg, remove or #ifdef the SYSTEM token hack... But those are design
> choices we
Hi,
> While patch looks big and scary, there are no functional changes at all,
> just tossing code around.
Indeed this looks scary. This patch chops Windows version of open_tun() into
functions. Maybe, preserve functions in the original order to help diff pair
the changes next time. Took me more
Hi Simon,
A quick reply:
> > IMO, the right approach on Windows is to run a bare minimal code as a
> > service to get SYSTEM rights and the rest with limited privileges.
>
> Selva, those are two different use-cases. And none is "right" or "wrong".
> OpenVPN can or should have both. :)
>
> 1. I n
Definitely an ack. We need this for Wintun and to drop that SYSTEM token
hack.
Acked-by: Simon Rozman
Best regards,
Simon
> -Original Message-
> From: Lev Stipakov
> Sent: Tuesday, December 17, 2019 1:51 PM
> To: openvpn-devel@lists.sourceforge.net
> Cc: Lev Stipakov
> Subject: [Open
I have stare-reviewed the code, then run it back and forth with different
config files. Works as advertised.
Note that this patch contains controversial impersonate_as_system() which we
will remove or #ifdef in the patches to follow.
Acked-By: Simon Rozman
Best regards,
Simon
> -Original M
From: Lev Stipakov
Wintun requires ring buffers registration to be
performed by privileged process. In order to use
openvpn with wintun by non-Administrator, we
need to use interactive service and shared memory
to register buffers.
Openvpn process creates memory mapping object and event
for send
From: Lev Stipakov
Implemented according to Wintun documentation
and reference client code.
Wintun uses ring buffers to communicate between
kernel driver and user process. Client allocates
send and receive ring buffers, creates events
and passes it to kernel driver under LocalSystem
privileges.
I don't want to give up :)
Let's at least wrap that code inside #define ENABLE_SYSTEM_ELEVATION
(because we don't have enough defines) to not to complicate development /
debugging.
ti 17. jouluk. 2019 klo 13.18 Simon Rozman (si...@rozman.si) kirjoitti:
> Hi,
>
>
>
> Lev, unfortunately, the openv
Hi,
Lev, unfortunately, the openvpn.exe binary will still contain this hack's
machine code and might really rise some eyebrows with anti-virus software.
Before the final release the entire SYSTEM token hack should be removed from
the OpenVPN source.
I think it's okay to make a note in RE
Hi,
> > I am running OpenVPN on Windows using NSSM wrapper for years. I had a
> brief discussion on the Hackathon with Samuli about integrating SCM
> support directly into openvpn.exe (imagine --daemon for Windows):
> >
> > sc create OpenVPN$MyTunnel binpath= "C:\Program
> > Files\OpenVPN\bin\open
How about compromise - let's add "--enable-system-elevation" windows
specific option.
- When it is set, we print warning and elevate to SYSTEM for the single
DeviceIOControl call
- When it is not set and wintun is used, we run openvpn from command line
via iservice
- If service is missing, w
15 matches
Mail list logo