then please enlighten me.
Couldn't that be done in a much cleaner way by just using the $* shell
variable?
Heiko
--
Heiko Hund | Software Engineer | Phone +49-721-25516-237 | Fax -200
Astaro AG | An der RaumFabrik 33a | 76227 Karlsruhe | Germany
Executive Board: Markus Hennig, Jan Hichert, Gün
I hope.
Thanks again
Heiko
[1] http://sf.net/projects/openvpn-gui/files/
[2] http://sf.net/project/screenshots.php?group_id=248281
--
Heiko Hund | Software Engineer | Phone +49-721-25516-237 | Fax -200
Astaro AG | An der RaumFabrik 33a | 76227 Karlsruhe | Germany
Executive Board: Markus Henn
term goal as it takes a while to get it
included.
If the service is started by the GUI it still makes sense to use user specific
proxy settings, doesn't it? One could consider auto-proxy for auto-started
VPNs a misconfiguration, as well. Or am I mislead?
Heiko
--
Heiko Hund | Software Enginee
On Wednesday 28 April 2010 16:45:47 Alon Bar-Lev wrote:
> On Wed, Apr 28, 2010 at 5:38 PM, Heiko Hund <hh...@astaro.com> wrote:
> > On Wednesday 28 April 2010 16:24:31 Alon Bar-Lev wrote:
> >> The IE API is user specific.
> >> As OpenVPN runs as a service using o
On Thursday 29 April 2010 03:44:37 Jason Haar wrote:
> On 04/29/2010 02:38 AM, Heiko Hund wrote:
> > If the service is started by the GUI it still makes sense to use user
> > specific proxy settings, doesn't it? One could consider auto-proxy for
> > auto-started VPNs a misc
happened in the non-GUI part. However, I would like to encourage you
to check it out with your current setup anyways, as I'm pretty sure that I've
introduced regressions. Comments and bug reports are very welcome.
Regards
Heiko
[1] http://sourceforge.net/projects/openvpn-gui/files/
--
Heiko Hund
ection state?
Regards
Heiko
--
Heiko Hund | Software Engineer | Phone +49-721-25516-237 | Fax -200
Astaro GmbH & Co. KG | An der RaumFabrik 33a | 76227 Karlsruhe | Germany
Commercial Register: Mannheim HRA 702710 | Headquarter Location: Karlsruhe
Represented by the General Partner Astaro Verwalt
b=HEAD
--
Heiko Hund | Software Engineer | Phone +49-721-25516-237 | Fax -200
Astaro GmbH & Co. KG | An der RaumFabrik 33a | 76227 Karlsruhe | Germany
Commercial Register: Mannheim HRA 702710 | Headquarter Location: Karlsruhe
Represented by the General Partner Astaro Verwaltungs GmbH
An der
Hi,
thanks to Morten Christensen the latest OpenVPN GUI snapshot [1]
now additionally contains a Danish localization.
All Danish out there, enjoy! =)
Regards
Heiko
[1]
https://sourceforge.net/projects/openvpn-gui/files/Snapshot%20Binaries/openvpn-gui-20100827145918.exe/download
--
Heiko Hund
were 1027
> opened files). The bad thing is that killing all those 1200 clients did
> not help the OpenVPN server to recover and it remained in stall state. It
> looks like a bug for me.
If you used --proto tcp it probably just were the connected sockets.
Heiko
--
Heiko Hund | Softw
found, ieshims.dll and wer.dll. Both are
a 5th level dependency coming from shell32.dll. Procmon didn't show any
unsuccessful attempts to load them, though. They are part of Windows starting
from Vista.
Regards
Heiko
--
Heiko Hund | Software Engineer | Phone +49-721-25516-237 | Fax -200
Astaro Gmb
he tray icon and then click on "connect". (Heiko can reproduce it,
> so it's fixable :-) ).
I just uploaded a new OpenVPN GUI snapshot to [1]. It should fix the issues
found by Gert. Please report if you run into problems.
Heiko
[1] http://sourceforge.net/projects/openvpn-gui/files/
--
Heiko
On Wednesday 08 September 2010 22:56:40 Arne Schwabe wrote:
> On 08.09.2010 22:32, Heiko Hund wrote:
> > On Wednesday 08 September 2010 17:34:28 you wrote:
> >> We found one problem in the GUI already: if you only have a single
> >> openvpn config file (foo.ovp
Hi
This series is a direct outcome of the incident with my previous
patch. I've taken on struct argv and related functions and made
them like I please.
For a more detailed description what's happening see the
comments in the individual patches:
[PATCH 1/7] put argv_* functions into own file,
misc.c is too crowded with different things to perform any
sane unit testing due to its dependencies. So, in order to re-write
the #ifdef'ed tests for the argv_* family of functions into unit
tests I moved them into a dedicated file.
Signed-off-by: Heiko Hund <heiko.h...@sophos.
Signed-off-by: Heiko Hund <heiko.h...@sophos.com>
---
src/openvpn/argv.c| 53 +++
src/openvpn/argv.h| 6 -
src/openvpn/console_systemd.c | 3 +--
src/openvpn/route.c | 12 --
src/openvpn/tun.c
With the private gc_arena we do not have to allocate the strings
found during parsing again, since we know the arena they are
allocated in is valid as long as the argv vector is.
Signed-off-by: Heiko Hund <heiko.h...@sophos.com>
---
src/openvpn/argv.c
Move functionality to parse command strings into argv_parse_cmd().
That is a preparation for the upcoming refactoring of argv_printf().
Signed-off-by: Heiko Hund <heiko.h...@sophos.com>
---
src/openvpn/argv.c | 47 +---
src/openvpn/
CII "group separator" control character, which fits its
purpose).
Signed-off-by: Heiko Hund <heiko.h...@sophos.com>
---
src/openvpn/argv.c | 203 ++-
src/openvpn/argv.h | 4 +-
src/openvpn/route.c |
On Sonntag, 9. Oktober 2016 17:25:50 CEST Gert Doering wrote:
> diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
> index 4a11d10..1250547 100644
> --- a/src/openvpn/tun.c
> +++ b/src/openvpn/tun.c
> @@ -1373,11 +1373,13 @@ do_ifconfig (struct tuntap *tt,
> else
> {
> /*
Signed-off-by: Heiko Hund <heiko.h...@sophos.com>
---
src/openvpn/argv.c | 86 --
src/openvpn/argv.h | 1 -
2 files changed, 87 deletions(-)
diff --git a/src/openvpn/argv.c b/src/openvpn/argv.c
index 89c9b14..a279a40 100644
--- a/src/o
be used to actually reset the argv without re-allocation.
Signed-off-by: Heiko Hund <heiko.h...@sophos.com>
---
src/openvpn/argv.c | 45
src/openvpn/argv.h | 2 +-
src/openvpn/console_systemd.c| 2 +-
src/openvpn/
Hi David,
On Wednesday, November 9, 2016 9:41:21 PM CET David Sommerseth wrote:
> In the new argv_prep_format() function:
>
> + if (!in_token)
> +{
> + ++*count;
> + if (f[0])
> +f[j++] = delim;
> +}
>
> What is the purpose of the f[0] check?
On Wednesday, November 9, 2016 11:58:21 PM CET David Sommerseth wrote:
> > argv_init (struct argv *a)
> > {
> >
> >a->capacity = 0;
> >a->argc = 0;
> >a->argv = NULL;
> >
> > + argv_extend (a, 8);
>
> Why 8? Done any performance and/or memory utilization tests? Does the
>
On Thursday, November 10, 2016 4:01:20 PM CET David Sommerseth wrote:
> On 28/10/16 18:42, Heiko Hund wrote:
> >
> > + a->gc = gc_new ();
> >argv_extend (a, 8);
> > }
>
> Any specific reason we want to keep our own gc_arena on argv? Why not
With the private gc_arena we do not have to allocate the strings
found during parsing again, since we know the arena they are
allocated in is valid as long as the argv vector is.
Signed-off-by: Heiko Hund <heiko.h...@sophos.com>
---
src/openvpn/argv.c
be used to actually reset the argv without re-allocation.
Signed-off-by: Heiko Hund <heiko.h...@sophos.com>
---
src/openvpn/argv.c | 53 ++--
src/openvpn/argv.h | 2 +-
src/openvpn/console_systemd.c| 2 +-
src/openvpn/
CII "group separator" control character, which fits its
purpose).
Signed-off-by: Heiko Hund <heiko.h...@sophos.com>
---
src/openvpn/argv.c | 253 ---
src/openvpn/argv.h | 4 +-
src/openvpn/route.c |
With the private gc_arena we do not have to allocate the strings
found during parsing again, since we know the arena they are
allocated in is valid as long as the argv vector is.
Signed-off-by: Heiko Hund <heiko.h...@sophos.com>
---
src/openvpn/argv.c
Hi Gert
On Donnerstag, 17. März 2022 11:41:22 CET Gert Doering wrote:
> I wonder why we bother to actually *do* this? As in "we already know
> that this can never overflow here" (because all strings involved are
> known, and the max width of %d is known, too), but *if* it ever did,
> calling the
On Samstag, 12. März 2022 14:58:10 CET Heiko Hund wrote:
> +name_ok = openvpn_snprintf(env_name, sizeof(env_name),
> "dns_search_domain_%d", i) && name_ok;
With some distance, I still like the &= version better from a readability
standpoint.
Even thoug
-option can be used together for
smoother transition. Settings from --dns will override ones --dhcp-option
where applicable.
For detailed information about the option consult the documentation in
this commit.
Signed-off-by: Heiko Hund
---
doc/man-sections/client-options.rst | 55 +++
doc/man
-option can be used together for
smoother transition. Settings from --dns will override ones --dhcp-option
where applicable.
For detailed information about the option consult the documentation in
this commit.
Signed-off-by: Heiko Hund
---
doc/man-sections/client-options.rst | 59
doc/man
On Mittwoch, 9. März 2022 13:40:32 CET Arne Schwabe wrote:
> Am 09.03.22 um 00:06 schrieb Heiko Hund:
> > +bool dns_server_priority_parse(long *priority, const char *str, bool
> > +[...]
> > +void show_dns_options(const struct dns_options *o);
>
> These new functions a
Sorry, this is [PATCH v2].
Somehow I managed for send-email to override my --subject.
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
On Mittwoch, 23. März 2022 15:34:52 CET Heiko Hund wrote:
> +static void
> +setenv_dns_option(struct env_set *es,
> + const char *format, int i, int j,
> + const char *value)
> +{
> +char name[64];
> +bool name_ok = false;
-option can be used together for
smoother transition. Settings from --dns will override ones --dhcp-option
where applicable.
For detailed information about the option consult the documentation in
this commit.
Signed-off-by: Heiko Hund
---
doc/man-sections/client-options.rst | 59
doc/man
which can be git apply'ed to fix all issues found.
The script was originally authored by David Martin [1] and slightly
modified to fit our needs. At the time it had a 2-clause BSD license.
[1] https://github.com/avidmartin/Pre-commit-hooks
Signed-off-by: Heiko Hund
---
CONTRI
which can be git apply'ed to fix all issues found.
The script was originally authored by David Martin [1] and slightly
modified to fit our needs. At the time it had a 2-clause BSD license.
[1] https://github.com/avidmartin/Pre-commit-hooks
Signed-off-by: Heiko Hund
---
dev-tools/git-
Hi David
On Donnerstag, 21. April 2022 13:41:58 CEST David Schneider wrote:
> Did you consider to use the pre-commit framework [1] written in
> Python? There is a maintained hook for uncrustify [2].
> This would allow it to easily integrate other linters/checks. See the
> list of supported hooks
Hi Frank
On Donnerstag, 21. April 2022 10:01:29 CEST Frank Lichtenheld wrote:
> > +# If called so, install this script as pre-commit hook
> > +if [ "$1" = "install" ] ; then
> > +ROOTDIR=$(git rev-parse --show-toplevel)
> > +HOOKSDIR="$ROOTDIR/.git/hooks"
>
> Actually, the correct way to
Hi
On Donnerstag, 21. April 2022 10:16:03 CEST Gert Doering wrote:
> On Thu, Apr 21, 2022 at 10:01:29AM +0200, Frank Lichtenheld wrote:
> > Definitive NACK due to licensing concern mentioned below.
>
> Streams crossed here, but I saw your NAK before pushing.
> So, yes, all valid concerns and I
which can be git apply'ed to fix all issues found.
The script was originally authored by David Martin [1] and slightly
modified to fit our needs. At the time it had a 2-clause BSD license.
[1] https://github.com/avidmartin/Pre-commit-hooks
Signed-off-by: Heiko Hund
---
CONTRI
On Donnerstag, 21. April 2022 16:20:14 CEST Frank Lichtenheld wrote:
> > Heiko Hund hat am 21.04.2022 15:58 geschrieben:
> [...]
>
> > +ROOTDIR=$(git rev-parse --show-toplevel)
> > +
> > +# If called so, install this script as pre-commit hook
> > +if [ "$
:
git add file.c
git commit
... pre-commit hooks complains about formatting ...
... you fix the file manually, forget to git add ...
git commit
... succeeds, even though the commit still has issues ...
Signed-off-by: Heiko Hund
---
dev-tools/git-pre-commit-uncrustify.sh | 25
Hi
On Mittwoch, 18. Mai 2022 15:35:58 CEST Antonio Quartulli wrote:
> > -# does not match any of the extensions specified in $FILE_EXTS
> > +# does not match the extensions .c or .h
>
> is this unrelated?
Yes, it is. The original script (collection) has a config file where $FILE_EXTS
Hi Gert
On Freitag, 27. Mai 2022 13:40:57 CEST Gert Doering wrote:
> is included by "syshead.h" already today, with a nice
> HAVE_UNISTD_H wraper (thus, not depending on a "if it's not WIN32,
> it surely must have unistd.h" assumption).
>
> So I wonder what issue this fixes? I see no compile
Signed-off-by: Heiko Hund
---
src/openvpn/error.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/openvpn/error.h b/src/openvpn/error.h
index 972619fe..76308560 100644
--- a/src/openvpn/error.h
+++ b/src/openvpn/error.h
@@ -33,6 +33,8 @@
#if _WIN32
#include
+#else
+#include
-by: Heiko Hund
---
src/openvpn/options.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 20cc849d..65f4d889 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -7825,7 +7825,6 @@ add_option(struct options *options
Signed-off-by: Heiko Hund
---
src/openvpn/options.c | 7 ---
1 file changed, 7 deletions(-)
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 65f4d889..bc3fd6a2 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -5531,13 +5531,6 @@ add_option(struct options
As discussed in this week's community meeting, here is the patchset to
implement foreign_option emulation for --dns options. For more info
please consult the individual commit messages.
___
Openvpn-devel mailing list
Override DNS related foreign_options with values set by the --dns
option. This is done, so that scripts looking for these options continue
to work if only --dns option were pushed, or the values in the
--dhcp-options differ fron what's pushed in --dns.
Signed-off-by: Heiko Hund
---
src/openvpn
Add setenv_ prefix to foreign_option funtion so it is more obvious what
it does. Move it further up within options.c, so it is defined before
all future callers. Also declare all argv strings const.
Signed-off-by: Heiko Hund
---
src/openvpn/options.c | 78
On Freitag, 13. Mai 2022 09:17:49 CEST Arne Schwabe wrote:
> Am 13.05.2022 um 09:14 schrieb Arne Schwabe:
> > Am 13.05.2022 um 01:11 schrieb Heiko Hund:
> >> Have clients set a bit in IV_PROTO, so that servers can make an informed
> >> decision on whether to push --dns t
-off-by: Heiko Hund
---
src/openvpn/ssl.c | 3 +++
src/openvpn/ssl.h | 3 +++
2 files changed, 6 insertions(+)
diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
index 61dea996..24d7f3f4 100644
--- a/src/openvpn/ssl.c
+++ b/src/openvpn/ssl.c
@@ -1940,6 +1940,9 @@ push_peer_info(struct buffer *buf
On Freitag, 13. Mai 2022 10:55:32 CEST Arne Schwabe wrote:
> Am 11.05.22 um 14:10 schrieb Heiko Hund:
> > + Valid syntax::
>
> I don't understand this to be honest. I don't have a good about rst but
> all other instances of Valid syntax use the form like what was befor
-off-by: Heiko Hund
---
src/openvpn/ssl.c | 4 ++--
src/openvpn/ssl.h | 3 +++
2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
index 61dea996..12f51150 100644
--- a/src/openvpn/ssl.c
+++ b/src/openvpn/ssl.c
@@ -1937,8 +1937,8 @@ push_peer_info
The %x specifier requires for the argument to be an unsigned int.
Signed-off-by: Heiko Hund
---
src/openvpn/options.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 9ff384d0..3dbd3fab 100644
--- a/src/openvpn/options.c
On Freitag, 24. Juni 2022 10:37:52 CEST Antonio Quartulli wrote:
> +else if (streq(p[0], "disable-dco") || streq(p[0], "dco-disable"))
Don't think we need to be backwards compatible here, or do we?
___
Openvpn-devel mailing list
On Freitag, 24. Juni 2022 10:38:07 CEST Antonio Quartulli wrote:
> +if (!is_windco(c->c1.tuntap))
[...]
> +if ((options->windows_driver ==
> WINDOWS_DRIVER_WINTUN || options->windows_driver == WINDOWS_DRIVER_WINDCO)
[...]
> +create_socket_windco(struct context *c, struct link_socket
gt; Signed-off-by: Antonio Quartulli
Looks mighty, but is rather trivial. Two things:
I think the code could benefit from factoring out the call to run_up_down()
and block_outside_dns into two simple functions. Currently it's pretty much
duplicated in the if and else branch.
On Freitag, 24. Juni 2022 10:37:58 CEST Antonio Quartulli wrote:
> +uint8_t *ptr = BPTR(>dco_packet_in);
> +uint8_t op = ptr[0] >> P_OPCODE_SHIFT;
> +if (op == P_DATA_V2 || op == P_DATA_V2)
This looks odd. Seems you wanted to check for a second opcode, or is it
obsolete?
> +
On Freitag, 24. Juni 2022 10:38:08 CEST Antonio Quartulli wrote:
> +Getting started (Windows)
> +-
> +Getting started under windows is currently for brave people having
> experience
> +with windows development. You need to compile openvpn yourself
> and also need
> +to
On Freitag, 24. Juni 2022 10:37:57 CEST Antonio Quartulli wrote:
> +/* These inet_pton conversion are fatal since options.c already
> implements
> + * checks to have only valid addresses when setting the
> options */
> +if (c->options.ifconfig_ipv6_remote)
> +{
> +if
y: Lev Stipakov
> Signed-off-by: Antonio Quartulli
Trivial and compile-checked.
Acked-by: Heiko Hund
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
On Freitag, 24. Juni 2022 10:38:06 CEST Antonio Quartulli wrote:
> +int
> +dco_del_key(dco_context_t *dco, unsigned int peerid, dco_key_slot_t slot)
> +{
> +msg(D_DCO, "%s: peer-id %d, slot %d called but ignored", __func__,
> peerid, +slot);
> +/* FIXME: Implement in driver first
;
> Signed-off-by: Antonio Quartulli
> Signed-off-by: Lev Stipakov
Acked-by: Heiko Hund
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
On Freitag, 24. Juni 2022 10:37:59 CEST Antonio Quartulli wrote:
> +application. Note that DCO will use DATA_V2 packets
> in P2P mode, therefore,
> +this implies that peers must be running 2.6.0+
> in order to have P2P-NCP
> +which brings DATA_V2 packet support.
[...]
> +- OpenVPN
_net_ctx_t *ctx, const openvpn_net_iface_t *iface,
> const char *type, void *arg);
Acked-by: Heiko Hund
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
On Freitag, 24. Juni 2022 10:37:46 CEST Antonio Quartulli wrote:
> +/**
> + * Returns whether the current configuration has dco enabled.
> + */
> +static inline bool
> +dco_enabled(const struct options *o)
> +{
> +return !o->tuntap_options.disable_dco;
> +}
I think it would be beneficial if
On Mittwoch, 23. Mai 2018 21:28:02 CEST Antonio Quartulli wrote:
> -if (o && o->push_list.head && o->iroutes)
> +if (o && o->push_list.head && (o->iroutes || o->iroutes_ipv6))
[...]
> +else if (p[0] && !strcmp(p[0], "route-ipv6") && !p[2])
I think it would make sense to
On Dienstag, 28. Juni 2022 10:20:24 CEST Antonio Quartulli wrote:
> A server should push a route to a client only if there is no matching
> iroute for the same client.
>
> While this logic works fine for IPv4, there is no IPv6 counterpart.
>
> Implement the same check for IPv6 routes and discard
On Dienstag, 28. Juni 2022 17:07:14 CEST Gert Doering wrote:
> Uncrustify has complained at me when I merged the patch (because in that
> moment, ovpn_dco_linux.h was "newly modified" and the exclusion rule
> does not match on the pre-commit-hook) - but as discussed, this is a bit
> complicated
>
> Changes from v1:
> * use suffix _dco_win instead of _windco
> * create helper function to retrieve last error from socket object
Acked-by: Heiko Hund
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourc
n order to keep the two
> close to each other.
>
> Cc: Arne Schwabe
> Signed-off-by: Antonio Quartulli
Noticed this as well before, but was too lazy to patch ;-)
Acked-by: Heiko Hund
___
Openvpn-devel mailing list
Openvpn-devel@
On Mittwoch, 29. Juni 2022 14:49:45 CEST Antonio Quartulli wrote:
> name when not specified b the user. For this reason the DCO case can
nit: b -> by
> +strncpynt(tunname, dynamic_name,
> + sizeof(dynamic_name));
This need to be
Signed-off-by: Heiko Hund
---
doc/man-sections/tls-options.rst | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/doc/man-sections/tls-options.rst b/doc/man-sections/tls-options.rst
index c06ee335..d51aff77 100644
--- a/doc/man-sections/tls-options.rst
+++ b/doc/man-sections
Patch and thus series doesn't apply anymore, in addition to eventual changes
also please rebase.
On Freitag, 20. Mai 2022 23:32:47 CEST Arne Schwabe wrote:
> + If both server and client support sending this message using the control
> + channel, the message will be sent as control-channel
What Frank said, and the nitpick about this hunk which should be removed:
On Freitag, 20. Mai 2022 23:32:50 CEST Arne Schwabe wrote:
> @@ -1376,6 +1440,7 @@ verify_user_pass_plugin(struct tls_session *session,
> struct tls_multi *multi, /* call command */
> retval =
On Freitag, 20. Mai 2022 23:32:49 CEST Arne Schwabe wrote:
> This allows a server to indicate a temporary problem on the server and
> allows the server to indicate how to proceed (i.e. move to the next server,
> retry the same server, wait a certain time,...)
>
> This adds options_utils.c/h to be
On Freitag, 20. Mai 2022 23:32:48 CEST Arne Schwabe wrote:
> This simplifies the buffer handling in the method and adds a quick
> return instead of wrapping the whole method in a if (pull) block
>
> Patch V2: remove uncessary ifdef/endif and unnecassary block
Acked-by
On Freitag, 1. Juli 2022 00:42:55 CEST Arne Schwabe wrote:
> Basically if I had been a bit more forwarding looking we would now have
> protocol-flags ekm cc-exit instead of key-derivation ekm and
> protocol-flags cc-exit
Then maybe also add support for handling ekm via --protocol-flags and
unction
> Patch V5: unify message when unable to create/write crresponse file
>
> Signed-off-by: Arne Schwabe
Acked-by: Heiko Hund
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
On Donnerstag, 18. August 2022 19:20:33 CEST Gert Doering wrote:
> On Thu, Aug 18, 2022 at 04:39:07PM +0200, Heiko Hund wrote:
> > On Freitag, 20. Mai 2022 23:32:48 CEST Arne Schwabe wrote:
> > > Patch V2: remove uncessary ifdef/endif and unnecassary block
> >
On Freitag, 19. August 2022 11:51:32 CEST Arne Schwabe wrote:
> +verify_crresponse_script(struct tls_multi *multi, const char *cr_response)
> +{
[...]
> +if (!status_close(so))
> +{
> +msg(D_TLS_ERRORS, "TLS CR Response Error: could not write cr"
> +
On Freitag, 9. September 2022 21:59:02 CEST Arne Schwabe wrote:
> --- a/src/openvpn/multi.c
> +++ b/src/openvpn/multi.c
> @@ -1803,6 +1803,10 @@ multi_client_set_protocol_options(struct context *c)
> {
> o->imported_protocol_flags |= CO_USE_TLS_KEY_MATERIAL_EXPORT;
> }
> +if
On Freitag, 9. September 2022 21:59:00 CEST Arne Schwabe wrote:
> This change makes the state machine more strict in terms of transation
*transitions
> Signed-off-by: Arne Schwabe
Acked-by: Heiko Hund
For those who wonder what this is/does, my take on it: basically shields the
On Mittwoch, 24. August 2022 16:08:48 CEST Arne Schwabe wrote:
> This is currently only possible when using the management interface
> and the client-deny functionality.
>
> Patch v3: add missing gc_free
Acked-by: Heiko Hund
___
O
On Mittwoch, 24. August 2022 14:58:58 CEST Arne Schwabe wrote:
> Patch v3: cleanup parse_auth_failed_temp to use a simple const string
> instead of a buffer
Besides the pending rebase and the one code smell below:
Acked-by: Heiko Hund
> src/openvpn/openvpn.vcxproj.filte
stakes, remove unused argument to
> receive_exit_message
>
> Patch V3: rename data_channel_crypto_flags to imported_protocol_flags
> add tls-ekm to protocol-flags.
Hunks #2 and #3 in push.c do not apply to master anymore, thus some rebase
action is n
This patch need to be rebased again, does not apply to master anymore:
checking file src/openvpn/ssl.c
Hunk #1 succeeded at 297 (offset 1 line).
Hunk #2 FAILED at 321.
Hunk #3 succeeded at 1256 (offset -42 lines).
On Mittwoch, 11. Mai 2022 13:08:10 CEST Arne Schwabe wrote:
> @@ -141,6 +147,8 @@
Doesn't apply to master anymore, please rebase.
On Sonntag, 26. Juni 2022 01:41:47 CEST Arne Schwabe wrote:
> --- a/doc/man-sections/vpn-network-options.rst
> +++ b/doc/man-sections/vpn-network-options.rst
> @@ -516,6 +516,11 @@ routing.
>It's best to use the ``--fragment`` and/or
On Montag, 27. Juni 2022 10:36:02 CEST Frank Lichtenheld wrote:
> As mentioned this is true for the specific options configured above.
> But you can easily also get different values out of this function by
> changing the options because frame_calculate_payload overhead does
> not always return the
hat I have seen, besides the small typo
below:
Acked-by: Heiko Hund
> + Starting with OpenVPN 2.6 when running server mode (``--mode server``,
> + ``--server``, or ``-server-ipv6`` options present in the configuration),
Should be ``--server-ipv6``
On Dienstag, 18. Mai 2021 14:26:35 CEST Arne Schwabe wrote:
> This is allows scripts and pluginsto parse/react to a CR_RESPONSE message
This commit message needs a makeover, I think.
> - If ``method`` is set to :code:`via-env`, OpenVPN will call ``script``
> + If ``method`` is set to
On Donnerstag, 4. März 2021 12:40:18 CEST Arne Schwabe wrote:
> + For a sample script that implement TOTP (RFC 6238) based two-factor
> + authentication, see :code:`sample-scripts/totp.py`.
This filename doesn't match with below.
> diff --git a/sample/sample-scripts/totpauth.py
>
def ENABLE_MANAGEMENT
> auth_user_pass_setup(c->options.auth_user_pass_file,
> >options.sc_info); #else
This should be inside the #ifdef to do exactly the same as before, i.e.
doesn't introduce side effects potentially. But then we want to get rid of
ENABLE_MANAGEMENT soonish, thus it may
tonio Quartulli
> ---
>
> Changes from v1:
> * fix if condition P_DATA_V2 -> P_DATA_V1
> * fix unknown reason string
Acked-by: Heiko Hund
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
the priority
because it still serves the case where you want to override pushed
server settings with local ones and when you run backends which do
support multiple server's settings like dnsmasq(8).
Change-Id: I1f97d8e5ae8f049d72db5c12ce627f601d87505c
Signed-off-by: Heiko Hund
---
doc/man
, it is better to not
support this instead of supporting it, but incorrectly.
Change-Id: I7f422add22f3f01e9f47985065782dd67bca46eb
Signed-off-by: Heiko Hund
---
doc/man-sections/client-options.rst | 14 +-
doc/man-sections/script-options.rst | 1 -
src/openvpn/dns.c | 13
201 - 300 of 308 matches
Mail list logo