Hi,
On 19/09/2022 17:35, Antonio Quartulli wrote:
In P2P mode when the peer reconnects we have to renew the state in DCO
in order to inform it about the new peer-id.
Cc: Arne Schwabe
Signed-off-by: Antonio Quartulli
---
Changes from v1:
* remove useless arguments from tls_multi_process
s "-1", AFAICS, just the if() here is weird)
Using -1 makes sense, because 0 is a valid peer ID. I presume just that
if () is wrong.
Cheers,
gert
_______
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.source
pointer".
[or if we want to go the clean way, we should use strlen() == 0, but I
understand that may be overkill]
my 3 cents.
Cheers,
{
multi->locked_username = string_alloc(username, NULL);
}
--
Antonio Quartulli
_
From: Dmitry Zelenkovsky
Disconnect clients after session-timeout expires.
session-timeout can be defined in ccd files in order to limit
per-user connection time.
Signed-off-by: Dmitry Zelenkovsky
---
Changes from v2:
* improve manpage wording
* improve session_timeout comment
Changes from v1:
sh V=1 runs).
This all said: this patch brings an implementation of undo_ifconfig_*()
for TARGET_FREEBSD ("ifconfig tunX $ip -alias"), and brings back the
old "do nothing" behaviour for all other unixoid platforms. Tested
on FreeBSD 7.4, 12.3, 14.0.
v2: use #elif defined(TARGET_FREEB
el failed");
argv_free(&argv);
gc_free(&gc);
#endif /* if defined(TARGET_LINUX) */
- /* Empty for _WIN32. */
+ /* Empty for _WIN32 and all other unixoid platforms */
}
void
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
platform_state_group)
^~~
init.c:3530:13: note: cast one or both operands to int to silence this warning
1 warning generated.
.. so do what it wants us to do.
Signed-off-by: Gert Doering
Acked-by: Antonio Quartulli
---
sr
full output, always, as before
default is V=1 now
Seems to do what it is supposed to do.
Acked-By: Frank Lichtenheld
I also second this verdict:
Acked-by: Antonio Quartulli
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel
Hi,
On 26/09/2022 08:39, Gert Doering wrote:
Hi,
On Mon, Sep 26, 2022 at 12:13:57AM +0200, Antonio Quartulli wrote:
For now I will just remove the brackets from case 2, where they are not
needed.
TBH, I think we should just not use switch/case here.
It might seem elegant, to do this with a
witch/case block with sorted
peer-info details levels appearing one after the other.
While at it, the for loop extracting the wanted env variables has been
restructured a bit to avoid uber long conditions and extreme indentation.
Signed-off-by: Antonio Quartulli
---
NOTE: I tried to move
Hi,
On 20/09/2022 21:57, Selva Nair wrote:
On Tue, Sep 20, 2022 at 3:26 PM Antonio Quartulli <mailto:a...@unstable.cc>> wrote:
Hi,
On 20/09/2022 18:42, Gert Doering wrote:
> Hi,
>
> On Mon, Sep 19, 2022 at 12:06:18AM +0200, Anton
Hi,
On 20/09/2022 18:42, Gert Doering wrote:
Hi,
On Mon, Sep 19, 2022 at 12:06:18AM +0200, Antonio Quartulli wrote:
+switch (session->opt->push_peer_info_detail)
{
-/* push version */
-buf_printf(&out, "IV_VER=%s\n", PACKAGE_VERSI
Hi,
On 18/09/2022 20:30, Selva Nair wrote:
On Sat, Sep 17, 2022 at 10:09 AM Antonio Quartulli <mailto:a...@unstable.cc>> wrote:
From: Michael Karvan mailto:michael.kar...@gmail.com>>
Signed-off-by: Michael Karvan mailto:michael.kar...@gmail.com>>
---
dc448c74..bbb8d2f8 100644
--- a/src/openvpn/route.h
+++ b/src/openvpn/route.h
@@ -320,6 +320,7 @@ void setenv_routes(struct env_set *es, const struct
route_list *rl);
void setenv_routes_ipv6(struct env_set *es, const struct route_ipv6_list
*rl6);
bool is_speci
In P2P mode when the peer reconnects we have to renew the state in DCO
in order to inform it about the new peer-id.
Cc: Arne Schwabe
Signed-off-by: Antonio Quartulli
---
Changes from v1:
* remove useless arguments from tls_multi_process() (and descendant
calls) as we now pass 'c'
Hi,
On 19/09/2022 16:47, Frank Lichtenheld wrote:
On Mon, Sep 19, 2022 at 04:17:57PM +0200, Antonio Quartulli wrote:
In P2P mode when the peer reconnects we have to renew the state in DCO
in order to inform it about the new peer-id.
Cc: Arne Schwabe
Signed-off-by: Antonio Quartulli
In P2P mode when the peer reconnects we have to renew the state in DCO
in order to inform it about the new peer-id.
Cc: Arne Schwabe
Signed-off-by: Antonio Quartulli
---
src/openvpn/forward.c | 2 +-
src/openvpn/ssl.c | 42 +-
src/openvpn/ssl.h
From: Dmitry Zelenkovsky
Disconnect clients after session-timeout expires.
session-timeout can be defined in ccd files in order to limit
per-user connection time.
Signed-off-by: Dmitry Zelenkovsky
---
Changes from v1:
* added documentation to manpage
* added entry in Changes.rst
---
Changes.rs
jects.
Their source code is available here:
https://github.com/OpenVPN/easy-rsa
- https://github.com/OpenVPN/tap-windows
+ https://github.com/OpenVPN/tap-windows6
The old cross-compilation environment (domake-win) and the Python-based
buildsystem have been replaced with openvpn-
ifconfig + route..."
get_ifconfig_route >$LOGDIR/$SUF:ifconfig_route_post.txt
-echo -n "compare pre- and post-openvpn ifconfig + route..."
+output -n "compare pre- and post-openvpn ifconfig + route..."
if diff $LOGDIR/$SUF:ifconfig_route_pre.txt \
it is triggered. The rearm happens via
_reset(), which we don't call. So this patch looks good to me as is.
Cheers,
gert
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-dev
SIGUSR1 is
a cleaner handler.
Cheers,
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
On 18/09/2022 12:37, Gert Doering wrote:
HI,
On Sun, Sep 18, 2022 at 01:10:30AM +0200, Antonio Quartulli wrote:
From: Dmitry Zelenkovsky
Disconnect clients after session-timeout expires.
session-timeout can be defined in ccd files in order to limit
per-user connection time.
I find this
From: Mateusz Markowicz
When using "--verify-x509-name [hostname] subject-alt-name" hostname
will now be accepted also when matched against one of the
X509v3 Subject Alternative Name IP or DNS entries (instead of just
Subject's CN).
While at it, fix a few uncrustify complaints to allow committin
witch/case block with sorted
peer-info details levels appearing one after the other.
While at it, the for loop extracting the wanted env variables has been
restructured a bit to avoid uber long conditions and extreme indentation.
Signed-off-by: Antonio Quartulli
---
NOTE: I tried to move
Hi,
This patch was msising some hunks. To be resent as v2.
Cheers,
On 18/09/2022 01:32, Antonio Quartulli wrote:
From: Mateusz Markowicz
When using "--verify-x509-name [hostname] subject-alt-name" hostname
will now be accepted also when matched against one of the
X509v3 Subject A
Hi,
On 18/09/2022 22:31, Gert Doering wrote:
Hi,
On Sun, Sep 18, 2022 at 09:47:56PM +0200, Antonio Quartulli wrote:
In the worst case I will only address the second point of the list above
(as we may later access an IPv6 header that is not fully allocated).
I think everything that actually
Hi,
On 18/09/2022 12:12, Gert Doering wrote:
Hi,
On Sat, Sep 17, 2022 at 11:31:54PM +0200, Antonio Quartulli wrote:
This patch brings the following improvements:
* check that ETH proto and version in IP header are consistent;
* check that length of the packet is enough to store the expected
From: Mateusz Markowicz
When using "--verify-x509-name [hostname] subject-alt-name" hostname
will now be accepted also when matched against one of the
X509v3 Subject Alternative Name IP or DNS entries (instead of just
Subject's CN).
While at it, fix a few uncrustify complaints to allow committin
From: Dmitry Zelenkovsky
Disconnect clients after session-timeout expires.
session-timeout can be defined in ccd files in order to limit
per-user connection time.
Signed-off-by: Dmitry Zelenkovsky
---
src/openvpn/forward.c | 22 ++
src/openvpn/init.c| 7 +++
src/op
In this case the function would exit without releasing the argv object
initialized via argv_new().
Move initialization of argv after thic check is performed.
While at it, also move the declaration of gc and initizlize it with
gc_new().
Reported-by: Camille Guérin
Signed-off-by: Antonio
From: "Vittorio Gambaletta (VittGam)"
Signed-off-by: "Vittorio Gambaletta (VittGam)"
---
src/openvpn/forward.c | 18 -
src/openvpn/forward.h | 2 +-
src/openvpn/multi.c | 2 +-
src/openvpn/options.c | 2 +-
src/openvpn/socket.h | 45 +++-
)' in invocations.
Signed-off-by: Antonio Quartulli
---
src/openvpn/proto.c | 91 ++---
1 file changed, 69 insertions(+), 22 deletions(-)
diff --git a/src/openvpn/proto.c b/src/openvpn/proto.c
index 88abd199..345df341 100644
--- a/src/openvpn/proto.c
From: Michael Karvan
Signed-off-by: Michael Karvan
---
src/plugins/auth-pam/auth-pam.c | 9 -
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/src/plugins/auth-pam/auth-pam.c b/src/plugins/auth-pam/auth-pam.c
index 70339445..9f37c8c0 100644
--- a/src/plugins/auth-pam/auth-pa
From: Alexandr Kutashov
It's better to have distinct enums for more straightforward debug of exit
function.
Signed-off-by: Alexandr Kutashov
---
src/openvpn/error.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/openvpn/error.h b/src/openvpn/error.h
index 89adb3e6
assic case (username writte in file), where the password is requested
via stdin when missing.
While a it, add an empty line between prototypes in init.c to make
uncrustify happy.
Signed-off-by: Antonio Quartulli
---
Changes from v1:
* properly add _inline suffix to 2nd argument of auth_user_pass_
This was originally reported on GH, but never dealt with.
Make sure 'ptr' is always initialized to prevent derefence of null
pointer in case of empty dev string.
While at it, change the if condition to use ptr instead of dev, since
dev is not used anymore in the logic.
Signed-off-b
Hi,
On 17/09/2022 14:37, Gert Doering wrote:
Hi,
On Wed, Sep 14, 2022 at 08:59:36PM +0200, Antonio Quartulli wrote:
#ifdef ENABLE_MANAGEMENT
-auth_user_pass_setup(c->options.auth_user_pass_file,
&c->options.sc_info);
+auth_user_pass_setup(c->options.auth_u
Hi,
On 14/09/2022 21:40, Selva Nair wrote:
On Wed, Sep 14, 2022 at 3:30 PM Antonio Quartulli <mailto:a...@unstable.cc>> wrote:
Hi,
On 14/09/2022 21:26, Selva Nair wrote:
> diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c
> index 07f6e202..
t still apply?
If the mgmt interface has troubles with querying the password, then it
means we already have this problem without the patch, right?
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.s
via stdin.
This affects both http proxy and authentication inline'd creds.
Signed-off-by: Antonio Quartulli
---
Changes.rst| 4 +++-
src/openvpn/misc.c | 5 +
2 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/Changes.rst b/Changes.rst
index 2967533a..2daa97fb 100644
assic case (username writte in file), where the password is requested
via stdin when missing.
While a it, add an empty line between prototypes in init.c to make
uncrustify happy.
Signed-off-by: Antonio Quartulli
---
Changes.rst | 4
src/openvpn/init.c | 9 +++--
src/op
uctures. Would it be better to have disable_dco member, assuming
platform doesn't support dco?
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
reference to the pre-created interface.
Windows didn't use to create interfaces on-the-fly like on
Linux/BSD/macOS. Not sure if that has changed with tap-windows6 and
neither how this is with wintun or ovpn-dco-win.
It has not changed, but the "other platforms" the text is ta
Hi,
On 14/09/2022 08:23, Gert Doering wrote:
Hi,
On Tue, Sep 13, 2022 at 11:38:29PM +0200, Antonio Quartulli wrote:
+ On other platforms, ``--dev-node node`` will influence the naming of the
+ created tun/tap device, if supported on that platform. If OpenVPN cannot
+ figure out whether
Hi,
On 14/09/2022 08:15, Gert Doering wrote:
Other than that the patch looks good and the new comment for open_tun is
easy to digest, also for non bsders like me.
Would that be an ACK? :-)
Yes:
Acked-by: Antonio Quartulli
we may really want to prune this --dev-node thing once and for all
ther platforms" or "some platforms" or
"most platforms" without explicitly saying which ones is the same as to
not really documenting the behaviour. Because I am still unable to
understand which platform does what.
Should we rather split this platform by plat
device %s opened", ifr.ifr_name);
+
+tt->actual_name = string_alloc(ifr.ifr_name, NULL);
+}
+ else
+ {
+ /* dynamic / named tun can be handled by the generic function
+ * named tap ("tap3") is handled there as well, if pre-created
+ */
+open_tun_generic(dev, dev_type, dev_node, tt);
+}
if (tt->fd >= 0)
{
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Anything that cannot be changed by a CCD file is only checked at startup.
Acked-by: Antonio Quartulli
Cheers,
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
to brain process, imho).
Acked-by: Antonio Quartulli
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
amed "anything"
+ * ("--dev tap" and "--dev null" are caught earlier and not handled here)
*/
-if (!tun_name_is_fixed(dev))
+if (strcmp(dev,"tun") == 0)
you need to add a space after the ','.
{
for (int i = 0; i &l
hat & and * are arithmetic operators in some
contexts and so it adds spaces around them. darn.
What version are you using?
Cheers,
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
--enable-dco
at configure time is not needed anymore.
Signed-off-by: Lev Stipakov
Signed-off-by: Antonio Quartulli
---
Changes from v101:
* rebased
.github/workflows/build.yaml | 7 +--
1 file changed, 1 insertion(+), 6 deletions(-)
diff --git a/.github/workflows/build.yaml b/.github
aces around boolean
operator. (How come that uncrustify did not complain? we may need to add
another toggle..)
sitnl does the right thing:
2022-08-24 00:50:50 net_route_v4_add: 8.8.8.8/32 via 10.10.0.3 dev tun0
table 0 metric 100
So, other than the space
-by: Frank Lichtenheld
Quickly checked the behaviour of fping on gentoo (fping v5.0) and I can
confirm what Frank said.
Also, on GH it is possible to read when the merge happened:
https://github.com/schweikert/fping/releases/tag/v4.0
Acked-by: Antonio Quartulli
--
Antonio Quartulli
Hi,
On 19/08/2022 11:50, Arne Schwabe wrote:
Am 18.08.22 um 22:43 schrieb Antonio Quartulli:
yes! This is what we need!
Acked-by: Antonio Quartulli
I am out of the loop here. Could you two explain why we need this? I.e.
what is wrong with the current style is and what the plan is to
At the moment dco-win doesn't support --persist-tun and --server,
so check for these options at startup time.
Signed-off-by: Antonio Quartulli
Signed-off-by: Lev Stipakov
---
Changes from v103:
* fix ifdef condition (use || instead of &&) in options.c
Changes from v102:
* re
yes! This is what we need!
Acked-by: Antonio Quartulli
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Acked-by: Antonio Quartulli
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
DEL_PEER events can be sent by ovpn-dco to userspace for various reasons.
We should trigger the ping timeout reaction only if the reason was
"peer has expired".
Signed-off-by: Antonio Quartulli
---
src/openvpn/forward.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff -
At the moment dco-win doesn't support --persist-tun and --server,
so check for these options at startup time.
Signed-off-by: Antonio Quartulli
Signed-off-by: Lev Stipakov
---
Changes from v102:
* remove platform defined log level and make check_options_ calls on
Windows explicit and doc
At the moment dco-win doesn't support --persist-tun and --server,
so check for these options at startup time.
Signed-off-by: Antonio Quartulli
Signed-off-by: Lev Stipakov
---
Changes from v101:
* rebased
* remove call to dco_check_option_ from verify() and reuse invocation
that was al
witch/case block with sorted
peer-info details levels appearing one after the other.
While at it, the for loop extracting the wanted env variables has been
restructured a bit to avoid uber long conditions and extreme indentation.
Signed-off-by: Antonio Quartulli
---
NOTE: I tried to move
Function prototypes should have the return type on the same line as the
function name itself. Fix this in ssl_util.h.
Signed-off-by: Antonio Quartulli
---
src/openvpn/ssl_util.h | 13 +
1 file changed, 5 insertions(+), 8 deletions(-)
diff --git a/src/openvpn/ssl_util.h b/src
witch/case block with sorted
peer-info details levels appearing one after the other.
While at it, the for loop extracting the wanted env variables has been
restructured a bit to avoid uber long conditions and extreme indentation.
Signed-off-by: Antonio Quartulli
---
Changes from v1:
* add s
When closing the tunnel interface we know if we were using DCO or not.
for this reason we can customize the closing message and make it
consistent with the opening one.
Signed-off-by: Antonio Quartulli
---
src/openvpn/init.c | 10 +-
1 file changed, 9 insertions(+), 1 deletion(-)
diff
witch/case block with sorted
peer-info details levels appearing one after the other.
While at it, the for loop extracting the wanted env variables has been
restructured a bit to avoid uber long conditions and extreme indentation.
Signed-off-by: Antonio Quartulli
---
src/openvpn/ssl.c
and does what we discussed on IRC.
Should we require platform specific option check on pushed options, then
we can re-introduce the _platform() variant again.
Acked-by: Antonio Quartulli
---
src/openvpn/dco.c | 9 ++---
src/openvpn/dco.h | 18 ++
src/openvpn
P VPN setups")
Signed-off-by: Arne Schwabe
Same as v1, just rebased and with an extended commit message.
Tested by setting some UV_VAR and seeing it being sent only with
--push-peer-info.
Acked-by: Antonio Quartulli
---
src/openvpn/ssl.c | 2 +-
1 file changed, 1 insertion(+),
ot; (or "> 2") now.
This patch makes this change.
Note that this patch is lacking the SoB line.
Wouldn't be bad to also add some 'Fixes: ID ("commit title")' line
ButArne, could you resend this patch rebased on top o
When adding a peer to a P2P interface, the VPN IPs are not really used by DCO as
there is no routing happening in this mode.
For this reason don't pass any VPN IP when adding a new peer in p2p mode.
Signed-off-by: Antonio Quartulli
---
src/openvpn/dco.c
ks as expected.
The windows API does not say anything about the empty string at the end
of the list, but having that seems to be the actual behaviour.
Acked-by: Antonio Quartulli
---
v3: use gc_malloc() and "char *" instead of buffer and improve commit message
v2: uncrust
On Windows the high level API should still use the link_socket object to
read and write packets. For this reason, even if dco_installed is true,
we still need to rely on the classic link_socket object.
Signed-off-by: Antonio Quartulli
---
Changes from v102:
* mark helper as 'inline'
On Windows the high level API should still use the link_socket object to
read and write packets. For this reason, even if dco_installed is true,
we still need to rely on the classic link_socket object.
Signed-off-by: Antonio Quartulli
---
Changes from v101:
* add defined(TARGET_FREEBSD) to the
Signed-off-by: Arne Schwabe
Signed-off-by: Lev Stipakov
Signed-off-by: Antonio Quartulli
---
Changes from v100:
* add URL to windows installer (openvpn+dco) and modify text
---
README.dco.md | 11 ++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/README.dco.md b
On Windows the high level API should still use the link_socket object to
read and write packets. For this reason, even if dco_installed is true,
we still need to rely on the classic link_socket object.
Signed-off-by: Antonio Quartulli
---
Changes from v100:
* removed ASSERTs (moved to previous
Signed-off-by: Arne Schwabe
Signed-off-by: Lev Stipakov
Signed-off-by: Antonio Quartulli
---
Changes from v100:
* rebased (fixed conflict in configure.ac)
* fixed access to disable_dco member in dco.c
* renamed ovpn-dco-win.h to ovpn_dco_win.h
* make tun_open_device and close_tun_handle non
With this change it is possible to use ovpn-dco-win when running OpenVPN
in client or P2P mode.
Signed-off-by: Arne Schwabe
Signed-off-by: Lev Stipakov
Signed-off-by: Antonio Quartulli
---
Changes from v100:
* rebased (fixed conflicts in options.h and tun.h)
Changes from v3:
* rename
At the moment dco-win doesn't support --persist-tun and --server,
so check for these options at startup time.
Signed-off-by: Antonio Quartulli
Signed-off-by: Lev Stipakov
---
Changes from v100:
* improved commit title/message
---
src/openvpn/dco.c | 17 +++--
src/op
renamed remote_addrX variables to vpn_addrX to make it clear that they
refer to the address over the VPN/tunnel
Signed-off-by: Antonio Quartulli
---
src/openvpn/dco.c | 17 +
1 file changed, 9 insertions(+), 8 deletions(-)
diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c
Signed-off-by: Lev Stipakov
Signed-off-by: Antonio Quartulli
---
.github/workflows/build.yaml | 7 +--
1 file changed, 1 insertion(+), 6 deletions(-)
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index c89d3c8c..6bd108b9 100644
--- a/.github/workflows/build.yaml
s the real change
is only about 3 lines. The rest is indentation change.
Signed-off-by: Antonio Quartulli
---
** the dco-win patchset is based on this patch. I should have sent this
earlier, but it slipped off.
src/openvpn/init.c | 174 +++--
1 file c
This message is purely a debug message, so it should go to the
appropriate log level. At the same time make it more clear.
Signed-off-by: Antonio Quartulli
---
src/openvpn/dco_linux.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/openvpn/dco_linux.c b/src/openvpn
Netlink errors detected during dco availability detection are not really
required and can confuse the user.
Have them printed to the dco debug level.
Signed-off-by: Antonio Quartulli
---
src/openvpn/dco_linux.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/openvpn
v100 to kinda restart from zero, without mixing up
existing versions of these patches.
Enjoy!
Antonio Quartulli (10):
do_open_tun: restyle "can preserve TUN" check
dco-win: introduce low-level code for handling ovpn-dco-win in Windows
dco-win: add platform dependant check on in
renamed remote_addrX variables to vpn_addrX to make it clear that they
refer to the address over the VPN/tunnel
Signed-off-by: Antonio Quartulli
---
src/openvpn/dco.c | 17 +
1 file changed, 9 insertions(+), 8 deletions(-)
diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c
Signed-off-by: Lev Stipakov
Signed-off-by: Antonio Quartulli
---
.github/workflows/build.yaml | 7 +--
1 file changed, 1 insertion(+), 6 deletions(-)
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index c89d3c8c..6bd108b9 100644
--- a/.github/workflows/build.yaml
With this change it is possible to use ovpn-dco-win when running OpenVPN
in client or P2P mode.
Signed-off-by: Arne Schwabe
Signed-off-by: Lev Stipakov
Signed-off-by: Antonio Quartulli
---
Changes from v3:
* rename WINDOWS_DRIVER_WINDCO to WINDOWS_DRIVER_DCO
* add reference string check
On Windows the high level API should still use the link_socket object to
read and write packets. For this reason, even if dco_installed is true,
we still need to rely on the classic link_socket object.
Signed-off-by: Antonio Quartulli
---
src/openvpn/dco_win.c | 4 ++--
src/openvpn/forward.c
Some platforms may have different constraints in terms of incompatible
opions, therefore we add a function that explicitly checks those.
Also, add generic option check for when ovpn-dco-win is in use.
Signed-off-by: Antonio Quartulli
Signed-off-by: Lev Stipakov
---
src/openvpn/dco.c | 17
Signed-off-by: Arne Schwabe
Signed-off-by: Lev Stipakov
Signed-off-by: Antonio Quartulli
---
config-msvc.h | 2 +
configure.ac| 9 +-
dev-tools/special-files.lst | 1 +
src/openvpn/Makefile.am | 4 +-
src/openvpn
make the check even uglier.
For this reason, factor out the check in a separate function which can
keep the ifdefs craziness well hidden, while do_open_tun becomes
(a bit) cleaner.
Signed-off-by: Antonio Quartulli
---
src/openvpn/init.c | 282 +++--
1
Signed-off-by: Arne Schwabe
Signed-off-by: Lev Stipakov
Signed-off-by: Antonio Quartulli
---
README.dco.md | 11 ++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/README.dco.md b/README.dco.md
index c38d3de3..d67f6e7e 100644
--- a/README.dco.md
+++ b/README.dco.md
specifications include a gateway anyway.
Since it is probably better to have no message than a
misleading one, remove it.
Signed-off-by: Frank Lichtenheld
Acked-by: Antonio Quartulli
Regards,
---
src/openvpn/dco.c | 4
1 file changed, 4 deletions(-)
diff --git a/src/openvpn/dco.c b
Hi,
On 09/08/2022 09:22, Lev Stipakov wrote:
From: Lev Stipakov
Signed-off-by: Lev Stipakov
This gc thing is indeed unused and can go.
Acked-by: Antonio Quartulli
---
src/openvpn/tun.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index
@ void
open_tun(const char *dev, const char *dev_type, const char *dev_node, struct
tuntap *tt,
openvpn_net_ctx_t *ctx)
{
-open_tun_generic(dev, dev_type, dev_node, true, tt);
+open_tun_generic(dev, dev_type, dev_node, tt);
}
void
other than my nitpick above,
Acked-by: Antonio
Other platforms may need more complex logic to decide whether a cipher
is supported or not, therefore turn hardcoded list into a function that
can be implemented by each platform independently.
Signed-off-by: Lev Stipakov
Signed-off-by: Antonio Quartulli
---
Changes from v1:
* rebased
---
src
Allowing compression means that we may accept a pushable compress
setting.
This scenario can't work with DCO therefore disable it when compression
is allowed.
Signed-off-by: Antonio Quartulli
---
Changes from v1:
* improve wording for message
---
src/openvpn/dco.c | 6 --
1 file chang
Allowing compression means that we may accept a pushable compress
setting.
This scenario can't work with DCO therefore disable it when compression
is allowed.
Signed-off-by: Antonio Quartulli
---
src/openvpn/dco.c | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git
we perform the
check only when required.
Reported-By: Gert Doering
Signed-off-by: Antonio Quartulli
---
src/openvpn/init.c | 19 ++-
1 file changed, 10 insertions(+), 9 deletions(-)
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 2e7544de..b6705921 100644
--- a/src
101 - 200 of 1005 matches
Mail list logo
