ttps://gitlab.com/dazo/openvpn/-/tree/dev/struct-argv-overhaul-2020.02>
[5]
<https://patchwork.openvpn.net/project/openvpn2/list/?series=553&state=%2A&archive=both>
--
kind regards,
David Sommerseth
OpenVPN Inc
-------
lly is
the ASCII "group separator" control character, which fits its
purpose).
This commit has been updated by David Sommerseth based on Arne
Schwabe and his own feedback on the mailing list.
Signed-off-by: Heiko Hund
Signed-off-by: David Sommerseth
---
v2 - Improved comments, to make
ac508
openvpn3-linux-7_beta.tar.xz.asc
git references -
git tag: v7_beta
git commit: 9478329ed017ba252b61b702d16a076b3adab678
Changes from v6 to v7 ----------
David Sommerseth (72):
docs: Updat
On 29/11/2019 12:37, Gert Doering wrote:
> Hi,
>
> On Fri, Nov 29, 2019 at 12:25:13PM +0100, David Sommerseth wrote:
>> On 29/11/2019 11:52, Gert Doering wrote:
>>> On Fri, Nov 29, 2019 at 11:47:02AM +0100, David Sommerseth wrote:
>>>> With GCC-4.3.8, I see th
On 29/11/2019 11:52, Gert Doering wrote:
> Hi,
>
> On Fri, Nov 29, 2019 at 11:47:02AM +0100, David Sommerseth wrote:
>> With GCC-4.3.8, I see this warning:
>
> This is about as old as you :-) - do we care about suppressing warnings
> in old gcc versions that might suppr
ttached,
this silences this warning with GCC-4.3.8 at least. That said, I'm not
sure this is the best approach; it may hide other missing braces warnings
we should see.
--
kind regards,
David Sommerseth
OpenVPN Inc
From 1166081219e8623e32aeea93ddabd2937df36ef8 Mon Sep 17 00:00:00 200
wo steps. Without this patch, clang-5.0.1
spits out lots of warnings related to -Wno-stringop-truncation.
Acked-By: David Sommerseth
--
kind regards,
David Sommerseth
OpenVPN Inc
signature.asc
Description: OpenPGP digital signature
__
$old_cflags".
Just add a comment in that area why we add the -Werror explicitly. This makes
the whole change smaller and clearer. If we need the flexibility later on, we
can adjust this when that time arrives.
--
kind regards,
David Sommerseth
OpenVPN Inc
ng)
$ gcc -o test test.c -Wall -Wno-non-existing-flag -Werror
(no error nor warning)
* then with an unknown -W* argument (without the no- prefix)
$ gcc -o test test.c -Wall -Wnon-existing-flag
gcc: error: unrecognized command line option ‘-Wnon-existing-flag’
I think you said it pretty well in
RC meeting next Thursday (Nov
21 @ 20:00 CET, #openvpn-meeting on FreeNode [1]). I strongly recommend you
to attend this meeting to follow up your request.
[1] You need to have your nick registered to join
<https://freenode.net/kb/answer/registra
On 12/11/2019 19:39, David Sommerseth wrote:
> On 09/11/2019 16:00, Gert Doering wrote:
>> Hi,
>>
>> On Sat, Nov 09, 2019 at 03:49:51PM +0100, Gert Doering wrote:
>>> wintun: add --windows-driver config option
>>>
>>> Signed-off-b
e a few notes in our repo for similar situations or
clarifications.
--
kind regards,
David Sommerseth
OpenVPN Inc
signature.asc
Description: OpenPGP digital signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
+}
> Should this check not be moved to the postprocess checks? This will now
> only trigger is comp was first set, and allow-compression later in the
> config, not the other way around.
What about pushed options? It's too long time si
> exactly n
> + * @return Return wether p has n (or at least n) parameters
> + */
> static bool
> man_need(struct management *man, const char **p, const int n, unsigned int
> flags)
There's something missing here ... like a description of the function.
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
> buf_printf(&out, "%s\n", e->string);
>
These new lines breaks the coding style of spaces around '==' and after comma
in the strncmp() arguments, but so does the existing code. This needs to be
fixed, but lets handle that outside of this
also be good if we could extend these new functions with doxygen
comments on what these functions work. What information they parse, what they
expect of data, from where the data comes and how they respond/produce results.
Other than that, it looks good.
--
kind regards,
David Sommerseth
OpenVPN Inc
signature.asc
Description: OpenPGP digital signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
STR(&buf);
> +}
> +
> +#ifdef ENABLE_MANAGEMENT
This looks good, but the indenting of the #ifdef above is wrong; it should be
at the beginning of the line.
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
recall now if the patches from Lev updates the man page, but it should
when the merge finally happens.
--
kind regards,
David Sommerseth
OpenVPN Inc
signature.asc
Description: OpenPGP digital signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
*-*-openbsd*)
> AC_DEFINE([TARGET_OPENBSD], [1], [Are we running on OpenBSD?])
>
I have not tested this (don't have access to Solaris environments), but looks
like a reasonable solution.
Acked-By: David Sommerseth
--
kind regards,
David Sommerseth
OpenVPN Inc
si
But you it should probably be empty ("") if up.remote is
NULL. And I suggest using the same format as found in other parts of the
OpenVPN logging ... "USERNAME/IP-ADDRESS". If IP address is not available,
use just "USERNAME".
If you have any questions or comments, feel free to reach out. And also feel
free to join the #openvpn-devel IRC channel on FreeNode; there are several of
us community and corporate developers there so it is a chance to get quicker
replies there (most of us are in the EU time zones).
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
>
[2] git master commit ef2c7b2fa4fd9fae934e608e37dc8d98edbace5f
[3] Message-ID:
<https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg17957.html>
--
kind regards,
David Sommerseth
OpenVPN Inc
--------
David Sommerseth (1):
Documente
Added doxygen comments for all the functions in argv.c.
There are some slight refactoring, renaming a few variables to make
their use case more obvious and ensure lines do not break our 80-chars
per line coding style limit.
Signed-off-by: David Sommerseth
---
src/openvpn/argv.c | 251
ality so that it can
be used to actually reset the argv without re-allocation.
Signed-off-by: Heiko Hund
Signed-off-by: David Sommerseth
---
src/openvpn/argv.c | 81 ++--
src/openvpn/argv.h | 2 +-
src/openvpn/console_systemd.c
From: Heiko Hund
With the private gc_arena we do not have to allocate the strings
found during parsing again, since we know the arena they are
allocated in is valid as long as the argv vector is.
Signed-off-by: Heiko Hund
Signed-off-by: David Sommerseth
---
src/openvpn/argv.c
lly is
the ASCII "group separator" control character, which fits its
purpose).
This commit has been updated by David Sommerseth based on Arne
Schwabe and his own feedback on the mailing list.
Signed-off-by: Heiko Hund
Signed-off-by: David Sommerseth
---
v2 - Improved comments, to make
things to be in specific situations.
--
kind regards,
David Sommerseth
OpenVPN Inc
signature.asc
Description: OpenPGP digital signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
ment interface as well; even on 2.4.x
clients connecting to a server with this patch.
--
kind regards,
David Sommerseth
OpenVPN Inc
signature.asc
Description: OpenPGP digital signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
-off-by: David Sommerseth
---
src/openvpn/push.c | 2 ++
src/openvpn/ssl_common.h | 2 +-
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/openvpn/push.c b/src/openvpn/push.c
index dc1a536a..49b9d1be 100644
--- a/src/openvpn/push.c
+++ b/src/openvpn/push.c
@@ -39,7 +39,9
When building with --disable-management, the compiler complains with
implicit declaration of function ‘ssl_clean_auth_token’. This is due to
the ssl_clean_auth_token() function being declared inside an #ifdef
ENABLE_MANAGEMENT fence where it should not be.
Signed-off-by: David Sommerseth
A couple of places the documentation was not clear enough or not even
correct. Just improve this to avoid confusion later on.
Signed-off-by: David Sommerseth
---
src/openvpn/auth_token.h | 2 --
src/openvpn/ssl_common.h | 2 +-
2 files changed, 1 insertion(+), 3 deletions(-)
diff --git a/src
./configure with --disable-server. Otherwise the existing patches works
fine.
The second patch, --disable-management fix, just fixes a long outstanding
compiler warning.
And the final patch with comment updates are just clarifications and
minor improvements.
David Sommerseth (3):
auth-token: Fix
---
> 9 files changed, 270 insertions(+), 41 deletions(-)
This patch works ... but there are some comments which got ignored from the
previous patch review. I will send a patch for this, as this is mostly
documentation errors, not code errors.
So, I'll approve this now; thes
t this (and
the rest of the patches) passes compiling on our buildbot rig - including
--disable-server.
Acked-By: David Sommerseth
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
+++
> 2 files changed, 411 insertions(+), 1 deletion(-)
> create mode 100644 tests/unit_tests/openvpn/test_auth_token.c
Acked-By: David Sommerseth
This looks good now, and passes on my system.
--
kind regards,
David Sommerseth
OpenVPN Inc
_
| 6 ++
> src/openvpn/ssl_common.h | 10 +-
> src/openvpn/ssl_verify.c | 8
> src/openvpn/ssl_verify.h | 15 ++-
> 5 files changed, 24 insertions(+), 18 deletions(-)
Acked-By: David Sommerseth
This is identical to the previous version, just reference points
FAILED ] 1 test(s), listed below:
[ FAILED ] auth_token_test_empty_user
1 FAILED TEST(S)
--
Seems like the verify_auth_token() call doesn't add
AUTH_TOKEN_VALID_EMPTYUSER flag. I didn't dive deep enough to try to
understand
on.h | 10 +-
> src/openvpn/ssl_verify.c | 8
> src/openvpn/ssl_verify.h | 15 ++-
> 5 files changed, 24 insertions(+), 18 deletions(-)
>
Acked-By: David Sommerseth
This looks reasonable and the code does what it says. On my quick testing, I
managed to trigg
y, swapping out TUN_PASS_BUFFER with _WIN32 makes more sense.
Acked-By: David Sommerseth
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
ich basically was the first public commit after the 1.6.0
release. In my very quick look, not even once has the return value been used
since that time.
So this change makes sense. No need to have a return value which has not been
interesting since November 2004.
Acked-By: Da
rom time to time.
So getting a trust that you're going to be available also after WolfSSL
support is added is kind of the key point; to help maintaining both the
WolfSSL implementation but also helping out on a regular basis, especially on
the crypto side.
--
kind regards,
David Sommerseth
Op
gin(struct tls_session *session,
> const struct user_pass *up)
> /* setenv client real IP address */
> setenv_untrusted(session);
>
> +/* add auth-token environment */
> + add_session_token_env(sess
--
This warning is not present when compiling with gcc-7.3.1, gcc-8.3.1,
clang-3.4.2 nor clang-5.0.1. So I'm blaming buggy/confused older GCC
compilers for this one.
Since I've tested and reviewed the rest in earlier rounds and the change from
previous ver
00",
> as long as it's "more than 1".
>
> Found and debugged by "mjo" in Trac.
>
> Trac: #1208
>
> Signed-off-by: Gert Doering
Acked-By: David Sommerseth
I agree with Antonio, and we should make it somewhat easier to modify. I'm
not
ll break compilation if using
./configure --with-crypto-library=mbedtls ... This should also be improved.
Other than that, the code looks reasonable at first glance (I have not compile
tested it yet)
--
kind regards,
David Sommerseth
OpenVPN Inc
signature.asc
Description: OpenPGP digital signa
to syslog, have a look at the journal integration
rsyslog provides - which can also include the additional meta-data:
<https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system_administrators_guide/s1-interaction_of_rsyslog_and_journal>
--
kind regard
On 13/08/2019 23:46, Steffan Karger wrote:
> Hi,
>
> On 13-08-19 23:31, Antonio Quartulli wrote:
>> On 13/08/2019 23:26, David Sommerseth wrote:
>>> wouldn't it be better to
>>> do 'if (rgi6->iface[0])' instead? Since the buffer should be NULL
a static
allocated buffer; constant size always "readable" - wouldn't it be better to
do 'if (rgi6->iface[0])' instead? Since the buffer should be NULL terminated
and has to be NULL terminted for strlen() to function anyhow. But the
compiled code would be a bit more e
on.h | 10 +-
> src/openvpn/ssl_verify.c | 8
> src/openvpn/ssl_verify.h | 15 ++-
> 5 files changed, 24 insertions(+), 18 deletions(-)
>
There's a typo in the subject line (Sent -> Send), otherwise this is fine and
works as expected.
Acked-by:
erify_auth_token':
.../OpenVPN/openvpn/tests/unit_tests/openvpn/../../../src/openvpn/auth_token.c:299:
undefined reference to `openvpn_base64_decode'
-
In addition comes the warnings I've already report
^~~
auth_token.c:234:36: note: format string is defined here
"current timestamp (%lld). Broken/unsynchronised clock?",
~~~^
%ld
----
Other than these issues, th
> src/openvpn/options.h | 11 +++-
> tests/t_lpback.sh | 8 +--
> 10 files changed, 151 insertions(+), 97 deletions(-)
>
Acked-by: David Sommerseth
Looks good now, 'make check' passes and behaviour is
x_overhead(void);
[]> +/**
> + * Generate ephermal key material into the key structure or if
^
This comment don't need those two last words, but that can be fixed during
commit time.
Acked-By: Da
cation which is really outweighing the
> benefit of a local build today - so, use the system-wide installation
> if available (querying pgk-config). Do not build unit-tests otherwise.
>
> v2: (inspired by patch from David Sommerseth)
> introduce "configure --disable-unit-test&q
| 6 +-
> tests/unit_tests/openvpn/Makefile.am | 2 ++
> tests/unit_tests/openvpn/test_networking.c | 16
> 3 files changed, 3 insertions(+), 21 deletions(-)
Only glared at the code changes, and it makes sense after some clarifications
on IRC.
Acked-by: Davi
de key loading...");
> tls_crypt_v2_init_client_key(&test_client_key, &test_wrapped_client_key,
> - filename, NULL);
> + client_filename, client_inline);
> free_key_ctx_bi(&test_client_key);
>
> /* Sanity check: unwrap and load client key (as "server") */
>
Acked-By: David Sommerseth
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
ite(key, rand, BCAP(key));
> +return true;
> +}
> +else
> +{
> +return read_pem_key_file(key, pem_name, key_file, key_inline);
> +}
> +}
> +
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
nbits_written;
>
> -notnull(options->shared_secret_file,
> -"shared secret output file (--secret)");
> +if (options->shared_secret_file && options->genkey_filename)
> +{
> +msg(M_USAGE, "You must provide a filename to either --genkey or
> --secret, not both");
> +}
By removing support for --genkey with --secret, this check need to moved
outside this if() scope and check whether --secret and --genkey are both
present.
Otherwise, this patch looks reasonable.
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
- 30 seconds, reneg happens
- Client restarts with username/password auth (state: Initial)
- 30 seconds, reneg happens
- Client restarts with username/password auth (state: Initial)
I'll run more tests and review patches too, but here's something to dive into
at least.
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
7;s probably not a big challenge, just need to fully grasp the
C++ template complaint and find a fix which also doesn't break 64 bit.
Btw ... (and I'm NOT pointing fingers) .. but these kind of questions are
usually better suited for openvpn-devel mailing list (on Cc).
openvpn2 and openvpn3 also
provides --help screens, and openvpn3 also provides that for each
"command" you give to it, like openvpn3 session-manage --help.
If you have any questions, issues, comments, suggestions, etc ... please get
in touch!
--
kind regards,
David Sommerseth
O
8a16865
openvpn3-linux-6_beta.tar.xz.asc
git references -
git tag: v6_beta
git commit: e6c66892ba0868206d558ad8b81351140c1195b4
Changes from v5 to v6 ------
David Sommerseth (12):
build: Add sit
e should
definitely have some wiki pages under https://community.openvpn.net/ related
to how to prepare a good setup for performance testing.
--
kind regards,
David Sommerseth
OpenVPN Inc
> ср, 15 мая 2019 г. в 18:49, Lev Stipakov <mailto:lstipa...@gmail.com>>:
>
>
roject manually in vendor/ from an unpacked
tarball.
With this fix the cmocka unit tests can also run from tarballs, with
manually extracting/fetching the cmocka source code in vendor/cmocka.
This patch is a backport of git master commit 19a22ac5a8673e8715.
Signed-off-by: David Sommerseth
Cc:
in subtle ways, and in particular when graphical mail clients
- including webmails.
The alternative is to either submit the patch as an attachment, or use the
more preferred 'git send-email' approach where it will connect to your SMTP
server of your preference and send the patch proper
roject manually in vendor/ from an unpacked
tarball.
With this fix the cmocka unit tests can also run from tarballs, with
manually extracting/fetching the cmocka source code in vendor/cmocka.
Signed-off-by: David Sommerseth
8<8<8<8<8<8<8<8
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Acked-By: David Sommerseth
This didn't break anything on my systems, and changes makes sense.
I spotted another fix also sneaked in, replacing the incorrect
OPTIONAL_PKCS11_{LIBS,CFLAGS} with the correct
OPTIONAL_PKCS11_HELPER_{LIBS,C
really
wonder about the value here. You can always argue that it's just a text file
laying there if not being used, but we also want to avoid "dead files" in our
repository.
--
kind regards,
David Sommerseth
OpenVPN Inc
signature.asc
Des
release/2.4. The contents is the same as git master,
as it is still valid for v2.4.
Signed-off-by: David Sommerseth
---
v2 - Fixing incorrect OpenSSL version dependency
---
INSTALL | 104 +++-
1 file changed, 65 insertions(+), 39 deletions
alternatives were scarce :(
Is this a Windows only issue? Or is it present on other platforms as well?
If it's Windows only, I think we can get around it by patching it and ensuring
upstream is aware of this. But if it is more platforms, patching
pkcs11-helper gets nasty quickly.
--
kind rega
--
git tag: v5_beta
git commit: 16dd2acdf3343e6180e005a229dbd4bd40c9f644
Changes from v4 to v5 --
Arne Schwabe (2):
Rename bash completion script
build: Allow configure.ac also to work with submodules
-cipher at all - expecting the server to push
a sane cipher - the current behaviour will to NOT warn about a weak cipher.
Is that correctly understood?
In general, I don't mind annoying/scaring users that they use an insecure
cipher - no matter if it is through direct or indirect (pushed) con
The INSTALL file contained several minor errors, typos and was generally
not up-to-date in regards to what ./configure provides today. In
addition, several URL references have moved around to new homes.
Signed-off-by: David Sommerseth
---
This is just a backport of git master 6099ab67122429c0
The INSTALL file contained several minor errors, typos and was generally
not up-to-date in regards to what ./configure provides today. In
addition, several URL references have moved around to new homes.
Signed-off-by: David Sommerseth
---
INSTALL | 104
ranches
commit 57ec6cec85b92e6af35a7871d105d84a753d6549 (master)
commit f6a447cb42c097a2b35f55d3ca3e1a4be46738c6 (release/2.4)
Author: David Sommerseth
Date: Wed Feb 20 14:19:06 2019 +0100
cleanup: Remove RPM openvpn.spec build approach
Signed-off-by: David Sommerseth
Acked-by: Gert Doering
ased on the error message (CKR_SESSION_HANDLE_INVALID), it seems the locking
being disabled with using pkcs11h_setForkMode(FALSE) still breaks something
along the way.
On the positive side, the "hang" we experience without this patch is gone.
But I can't claim this being a proper fix a
t-apply,
and it looks much better. It would get an ACK from me without much fuzz.
Thanks!
--
kind regards,
David Sommerseth
OpenVPN Inc
signature.asc
Description: OpenPGP digital signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourcef
git tag: v4_beta
git commit: d2fef7e83b46da8b4d9c3d417c8e3f7aa7aecae6
Changes from v3 to v4 --
Arne Schwabe (2):
build: Allow GIT_CHECKOUT also to work with submodules and out of dir git
repos
contrib: Add Jenkins build file
David Sommerseth
accessible information of the OpenVPN packages they provide. Linux
distributions is most likely much better at keeping the packaging
up-to-shape much better than we.
Signed-off-by: David Sommerseth
---
.gitignore | 1 -
INSTALL| 47 +++---
co
}
If execve() fails, the exit code is 127. That would normally be caught by the
waitpid() later on and this exit code would be returned by openvpn_execve().
This should be improved in a separate patch though, but is no
ret_file)
> +{
> +msg(M_USAGE, "--auth-gen-token-secret-genkey requires a server
> key "
> +"to be set via --auth-gen-token-secret to create a shared
> secret");
> +}
> +auth_token_write_server_
msg(M_INFO, "--auth-token-gen: auth-token from client expired");
Feature-ACK! Code change looks sane, but need to test this more carefully -
where it would be good to have the changes from previous comments implemented.
But, we should fix the incorrect msg() above. It should say
correctly results in authentication success.
In this case, why can't the auth backend do everything?
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
On 08/02/2019 15:50, Arne Schwabe wrote:
> Am 08.02.19 um 13:30 schrieb David Sommerseth:
>> On 22/01/2019 16:03, Arne Schwabe wrote:
>>> From: Arne Schwabe
>>>
>>> This is useful for features that can use either a persistent
>>> or an ephemeral key.
ot;scr** them, they need to fix
their configs".
But I also got lots of complaints from Fedora users when we changed
_incorrect_ configurations to fail in similar ways. It's just amazing how few
users who really *read* their log files. So with this in mind, I think this
behavioural chang
file, INLINE_FILE_TAG))
> +if (key_file && strcmp(key_file, INLINE_FILE_TAG))
Is this fixing a bug? I'd recommend putting such fixes in a separate commit.
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
xz.asc
260820538bec38c790c7ffa7a86f045e33ffb300819e912d4df4d01db2ff3fab
openvpn3-linux-2_beta.tar.xz
b0a1659998bdfb8a5f7bf904be6abe5ec7ac21fcd16872298b9c2f8aaccd2453
openvpn3-linux-2_beta.tar.xz.asc
-----
Change
On 04/01/2019 18:32, Bernhard Schmidt wrote:
> Am 04.01.19 um 17:25 schrieb David Sommerseth:
>
> Hi everyone,
>
>> Okay, I was a bit unclear. The approach used with openvpn.service and
>> openvpn@.service are broken by (Debian) design. Quite many users have
>&g
On 02/01/2019 07:35, Samuli Seppänen wrote:
> Hi,
>
> Il 31/12/18 01:08, David Sommerseth ha scritto:
[...snip...]
>> And IIRC, we managed to get the new unit files into the Debian openvpn 2.4
>> package. And I just hope that they are updated with whatever we provide in
&g
might be considered broken packaging. The reason
you'll find the b0rken unit files in the upstream Debian packages is to not
break old existing installs. Which is nice, just that it behaves broken
regardless.
So if anyone is in doubt ... UPGRADE to the openvpn-{server,client}@.service
unit files ASAP.
--
kind regards,
David Sommerseth
OpenVPN Inc
signature.asc
Description: OpenPGP digital signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
On 19/12/2018 00:09, Antonio Quartulli wrote:
>
> I personally prefer the rfc3986 notation because it is more widespread
> and, therefore, easier to understand/recognize.
+1
--
kind regards,
David Sommerseth
OpenVPN Inc
signature.asc
Description: OpenPGP digital
aintained than the one we ship here.
[0] <https://src.fedoraproject.org/rpms/openvpn/tree/epel7>
--
kind regards,
David Sommerseth
OpenVPN Inc
signature.asc
Description: OpenPGP digital signature
___
Openvpn-devel mailing list
Openvpn-de
full perfection. Telling contributors to "run your changes
through uncrustify before sending patches" will definitely help.
--
kind regards,
David Sommerseth
OpenVPN Inc
signature.asc
Description: OpenPGP digital signature
___
g and closing.
Your patch has been applied to the master branch
commit f57431cdc88f22fa4d7962946f0d3187fe058539
Author: Gert Doering
Date: Fri Nov 30 14:56:41 2018 +0100
uncrustify openvpn/ sources
Signed-off-by: Gert Doering
Acked-by: David Sommerseth
Message-Id: <20181130
/ sources
Signed-off-by: Gert Doering
Acked-by: David Sommerseth
Message-Id: <20181130135641.11533-2-g...@greenie.muc.de>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg17971.html
Signed-off-by: David Sommerseth
- --
kind regards,
Uncrustify sample-plugin sources according to code style
Signed-off-by: Gert Doering
Acked-by: David Sommerseth
Message-Id: <20181130135641.11533-1-g...@greenie.muc.de>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg17969.html
Signed-
mctl reload dbus
(Do _NOT_ attempt to _restart_ dbus-daemon on a running system, it
might make your system misbehave afterwards)
--
kind regards,
David Sommerseth
OpenVPN Inc
--- a/openvpn3-core/openvpn/mbedtls/ssl/sslctx.hpp.orig 2018-12-07 23:35:14.288411887 +0100
+++ b/openvpn3-co
he future -
so clients and servers can be upgraded independently without really breaking
anything.
With all that said: Thank you for valuable feedback regardless. And your
feedback on changing the "change of MTU" on Windows prior to Vista was gold!
For the rest of your point
emote);
Instead of:
net_addr_v4_add(ctx, iface, local, 0, remote , true);
Of course, the 'true' could be a variable, but I don't see the real benefit of
making net_addr_v4_add() implemented wit different modes. Especially when the
"broadcast" and "peer" passing would most likely go via a shared variable.
And it wouldn't make it cleared if peer and remote was separate arguments
either; as only one of them can be present at the same time.
So from code clarity, I like the distinction via the function names instead.
It is more straight to the point for me.
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
out these
#endif remarks in the past but something we saw more of after the big
reformatting commit right before the v2.4.0 release.
We used these uncrustify settings for the great reformatting patch:
---
# Annotate #else and #endif statements
mod_add_long_ifdef_endif_comment=20
mod_add_long
-by: Antonio Quartulli
Message-Id: <1540208715-14044-3-git-send-email-steffan.kar...@fox-it.com>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg17791.html
Signed-off-by: David Sommerseth
- --
kind regards,
David Sommerseth
-BEGIN PGP SIG
301 - 400 of 2287 matches
Mail list logo
