From: Lev Stipakov <lev.stipa...@f-secure.com>
v3: Use better way of figuring out IP proto version which
does not break TAP mode. Add an option to allow recursive
routing, could be useful when packets sent by openvpn itself
are not subject to the routing tables that would move p
From: Lev Stipakov <lev.stipa...@f-secure.com>
v3:
* move assert outside of loop
* add max-clients value check to options
v2:
* Add round brackets for clarity
* Rephrase comment
Support for disabled peer-id
When peer-id value is 0xFF, server should ignore it and treat packet
in a sa
From: Lev Stipakov <lev.stipa...@f-secure.com>
v4:
- replace magic number with define
- show user a decimal value instead of hex
v3:
* move assert outside of loop
* add max-clients value check to options
v2:
* Add round brackets for clarity
* Rephrase comment
Support for disabled peer-id
From: Lev Stipakov <lev.stipa...@f-secure.com>
v5:
* Few more nickpicks
v4:
* replace magic number with define
* show user a decimal value instead of hex
v3:
* move assert outside of loop
* add max-clients value check to options
v2:
* Add round brackets for clarity
* Rephrase comment
S
ontext,
when options are added and context is reused - we got duplicates.
Fixed by adding options to buffer, as it was done previously.
Signed-off-by: Lev Stipakov <lstipa...@gmail.com>
---
src/openvpn/push.c | 83 +++---
1 file changed, 22 inser
Peer-id might change on restart and this should not trigger reopening
tun.
Trac #649
---
src/openvpn/push.c | 38 --
1 file changed, 24 insertions(+), 14 deletions(-)
diff --git a/src/openvpn/push.c b/src/openvpn/push.c
index 71f39c1..6feaa2a 100644
---
Peer-id might change on restart and this should not trigger reopening
tun.
Trac #649
---
src/openvpn/push.c | 39 ---
1 file changed, 24 insertions(+), 15 deletions(-)
diff --git a/src/openvpn/push.c b/src/openvpn/push.c
index a1b999e..d7d54bf 100644
---
Hi,
ACK from me - tested that peer-id and cipher are not duplicated in
PUSH_REPLY when client reconnects and push-continuation works.
-Lev
2016-09-29 20:49 GMT+03:00 Steffan Karger <stef...@karger.me>:
> Hi,
>
> On 24 September 2016 at 12:23, Lev Stipakov <lstipa..
+03:00
Subject: Re: [Openvpn-devel] [PATCH] Fix duplicated PUSH_REPLY options
To: Lev Stipakov <lstipa...@gmail.com>
Hi,
On 24 September 2016 at 12:23, Lev Stipakov <lstipa...@gmail.com> wrote:
> Starting from https://github.com/OpenVPN/openvpn/commit/3a5a46cf2b7f6a8b85
20c2513a805
v2:
- Use md5_* methods
- Move digest update to separate method
Peer-id might change on restart and this should not trigger reopening
tun.
Trac #649
---
src/openvpn/push.c | 43 +--
1 file changed, 29 insertions(+), 14 deletions(-)
diff --git
v2:
- Move digest update to separate method
Peer-id might change on restart and this should not trigger reopening
tun.
Trac #649
---
src/openvpn/push.c | 45 ++---
1 file changed, 30 insertions(+), 15 deletions(-)
diff --git a/src/openvpn/push.c
Hi,
I am, and the first version is what we do in (most?) other places, so I'll
> change that on the fly.
>
Got it.
> Also, the patch introduces spurious tab<->whitespace changes "close to
> comments" in a few places - will undo those, too.
I noticed that in few places indentation is a bit
Hi Arne,
I am researching how "session id" can be added to packet. Could you please
clarify the statement "If we choose the session id to be 3 or 7 byte we
would not need the "hack" for the packets with
session id." ?
I am currently at very beginning, so questions might look odd.
1) "3 or 7"
Hi guys,
I've read January's IRC meeting minutes and there was a discussion
about new frame format with session id.
Is there any progress in this field so far? If James or someone happen
to have time to document a new format, would be nice to see it.
--
-Lev
ens seamlessly.
I would love to hear any critics / comments!
--
-Lev
From 284e473548a49012baf6c954a637161eec11c2e8 Mon Sep 17 00:00:00 2001
From: Lev Stipakov <lev.stipa...@f-secure.com>
Date: Tue, 11 Mar 2014 17:58:31 +0200
Subject: [PATCH] Floating implementation. Use array lookup for n
Hi,
Same patch with added NULL check in push.c:308. Turns out that
peer_info might be NULL.
-Lev
On Wed, Mar 26, 2014 at 10:52 AM, Lev Stipakov <lstipa...@gmail.com> wrote:
> Hello,
>
> Despite that implementation of session-id has already been discussed,
> I wou
Hello,
Are there any plans to support ipv6 env vars in
client-connect/disconnect scripts?
There are at least 2 tickes on that feature:
https://community.openvpn.net/openvpn/ticket/230
https://community.openvpn.net/openvpn/ticket/369
Is there anything that prevents merging any of suggested
Hello,
I'm facing a problem with "defer" sample plugin and rekeying.
I use plugin from
https://github.com/OpenVPN/openvpn/tree/master/sample/sample-plugins/defer.
Relevant part of openvpn config:
> auth-user-pass-optional
> setenv test_deferred_auth 2
> plugin /etc/openvpn/simple.so
>
Hello,
I am pondering about asynchronous OPENVPN_PLUGIN_CLIENT_CONNECT
callback. Basically, I want _not_ to establish connection until
response is received and ofcI don't want to block rest of traffic.
My idea is to have some kind of connect_control_file (similar to
auth_conrol_file) and pass
Hello,
I have analyzed OpenVPN code with Coverity and I could not explain
some resource leaks Coverity has found.
1) https://github.com/OpenVPN/openvpn/blob/master/src/openvpn/options.c#L4378
char * ipv6_local;
VERIFY_PERMISSION (OPT_P_UP);
if ( get_ipv6_addr( p[1], NULL, , _local, msglevel )
;>> Am 27.03.14 09:57, schrieb Lev Stipakov:
>>>>
>>>> Hi,
>>>>
>>>> Same patch with added NULL check in push.c:308. Turns out that
>>>> peer_info might be NULL.
>>>>
>>> I looked at the patched, a few minor nitp
0:21 GMT+03:00 Fabian Knittel <fabian.knit...@lettink.de>:
> Hi Lev,
>
> 2014-07-29 12:56 GMT+02:00 Lev Stipakov <lstipa...@gmail.com>:
>>
>> I am pondering about asynchronous OPENVPN_PLUGIN_CLIENT_CONNECT
>> callback. Basically, I want _not_ to establish connec
Hi Fabian,
> You say that you've added support for the client-connect plugin call. May I
> ask what was missing?
Nothing dramatic, I just added deferred support for client-connect v2.
> So this is basically about replacing a 5s poll-interval with something that
> should proceed near
(nickname lev__) to discuss how we
should process with this feature.
-Lev
2014-10-09 22:49 GMT+03:00 Steffan Karger <stef...@karger.me>:
> Hi Lev,
>
> On 02-10-14 13:47, Lev Stipakov wrote:
>> Apologize for the delay. Patch with review suggestions attached.
>
> Tha
Hi Steffan,
Patch attached.
-Lev
2014-10-23 10:52 GMT+03:00 Steffan Karger <steffan.kar...@fox-it.com>:
> Hi Lev,
>
> On 10/21/2014 09:33 AM, Lev Stipakov wrote:
>>
>> Thanks for your comments. I have fixed (1) and (2) - well, reusing
>> existing code in (2) h
Hello,
As discussed on IRC meeting, we replace session-id with peer-id.
So, waiting for review and code-ACK :)
-Lev
2014-10-23 17:07 GMT+03:00 Lev Stipakov <lstipa...@gmail.com>:
> Hi Steffan,
>
> Patch attached.
>
> -Lev
>
> 2014-10-23 10:52 GMT+03:00 Steffan Karger
Added new packet format P_DATA_V2, which includes peer-id. If server
supports, client sends all data packets in the new format. When data
packet arrives, server identifies peer by peer-id. If peer's ip/port has
changed, server assumes that client has floated, verifies HMAC and
updates ip/port in
Added new packet format P_DATA_V2, which includes peer-id. If server
supports, client sends all data packets in the new format. When data
packet arrives, server identifies peer by peer-id. If peer's ip/port has
changed, server assumes that client has floated, verifies HMAC and
updates ip/port in
Added new packet format P_DATA_V2, which includes peer-id. If server
supports, client sends all data packets in the new format. When data
packet arrives, server identifies peer by peer-id. If peer's ip/port has
changed, server assumes that client has floated, verifies HMAC and
updates ip/port in
Added new packet format P_DATA_V2, which includes peer-id. If server
supports, client sends all data packets in the new format. When data
packet arrives, server identifies peer by peer-id. If peer's ip/port has
changed, server assumes that client has floated, verifies HMAC and
updates ip/port in
Added new packet format P_DATA_V2, which includes peer-id. If server
supports, client sends all data packets in the new format. When data
packet arrives, server identifies peer by peer-id. If peer's ip/port has
changed, server assumes that client has floated, verifies HMAC and
updates ip/port in
Added new packet format P_DATA_V2, which includes peer-id. If server
supports, client sends all data packets in the new format. When data
packet arrives, server identifies peer by peer-id. If peer's ip/port has
changed, server assumes that client has floated, verifies HMAC and
updates ip/port in
is. Maybe we could make it opt-out and have
"-no-peer-id" config option?
-Lev
2014-11-27 16:22 GMT+02:00 Gert Doering <g...@greenie.muc.de>:
> Hi,
>
> On Sun, Nov 23, 2014 at 05:17:11PM +0200, Lev Stipakov wrote:
>> Changes in v7:
>> A few nitpicks.
>
&g
following settings:
auth-user-pass-optional
setenv test_deferred_auth 3
plugin simple.so
Signed-off-by: Lev Stipakov <lstipa...@gmail.com>
---
configure.ac | 15 ++
src/openvpn/forward.c | 8 +++
src/openvpn/mtcp.c| 28 +++
src/openvpn/mudp.c| 27 ++
src
For every float event we generate prefix, which allocates 256 + 64
bytes. That memory is reclaimed when client disconnects, so long lasting
and constantly floating sessions drain memory.
As a fix use preallocated buffer inside multi_instance for storing
multi_prefix.
Signed-off-by: Lev Stipakov
This adds peer-id to the status output which might help analyze floating
logs. This will change the output of status in the same way commit
662ce6acc065bddf6490b3494725b8b3987b7def did.
Signed-off-by: Lev Stipakov <lstipa...@gmail.com>
---
src/openvpn/multi.c | 14 --
1 file c
Hi James,
A few comments on peer-id part:
* A disabled peer ID is denoted by 0xFF.
* Server tells the client to use DATA_V2/peer_id by pushing
the directive "peer-id ID" where ID is a decimal integer
in the range [-1, 16777215]. Setting the peer ID to -1
transmits DATA_V2
ACK
Reproduced the problem with ping -s 1500 (also no compression) and
patch on both sides have fixed it.
2015-01-23 21:52 GMT+02:00 Steffan Karger :
> Data channel packet using P_DATA_V2 will use three bytes extra for the
> peer-id. This needs to be accounted for, otherwise
In certain cases buf.len can be -1, which causes BPTR to return NULL and
NULL pointer dereferencing on the next line.
As a fix, process only packets with non-zero length.
---
src/openvpn/mudp.c | 9 +
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/src/openvpn/mudp.c
When server gets shutdown signal (SIGUSR1, SIGTERM, SIGHUP, SIGINT), it
broadcasts new OCC_SHUTTING_DOWN command to all clients and reschedules
received signal in 2 secs.
When client receives OCC_SHUTTING_DOWN, it fires SIGUSR1 and switches to
the next remote.
---
src/openvpn/multi.c | 63
When server exits / restarts (gets SIGUSR1, SIGTERM, SIGHUP, SIGINT) and
explicit-exit-notify is set, server broadcasts new OCC_SERVER_EXIT command
to all clients and reschedules received signal in 2 secs.
When client receives OCC_SERVER_EXIT, it fires SIGUSR1 and switches to
the next server.
When client receives OCC_SERVER_EXIT, it fires SIGUSR1 and switches to
the next server. Next server is defined as same remote with different IP
address if remote resolves into multiple addresses or next remote
otherwise.
This is a client-side only verion of "Notify clients about server's
When client connects to the server which is in unreachable network (for
example hostname got resolved into ipv6 address and client has no ipv6),
throw SIGUSR1 and connect to the next server without waiting 60 seconds
for "TLS key negotiation failed".
---
src/openvpn/forward.c | 10 ++
1
Due to this bug, mssfix hasn't been assigned to fragment value
and used default value (1450) instead. As a consequence, TCP packets
get fragmented, which causes performance penalty.
Since dual stack patch
https://github.com/OpenVPN/openvpn/commit/23d61c56b9fd218c39ad151b01b7e2d6690e6093
OpenVPN
ACK
2015-03-07 18:23 GMT+02:00 Steffan Karger :
> Makes it a lot easier to see which client is floating.
>
> Signed-off-by: Steffan Karger
> ---
> src/openvpn/multi.c | 7 +--
> 1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git
Hello Samuel,
Do you use radius plugin from http://www.nongnu.org/radiusplugin/ ? I
think the way OpenVPN delegates authentication to a plugin
(OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY hook) is asynchronous, as well
as plugin implementation, i. e. OpenVPN does not wait for a response.
Instead it
* Tools version changed to 12
* Added comp.c/h and compat.c/h to project files
* Workaround for missing __attribute__ support
Also, as a preparation for MSVS2015, ensured that snprintf is not defined for
that VS version.
---
config-msvc.h | 3 +++
v2:
* Bump API level to Vista to for get_default_gateway_ipv6() implementation
* Define HAVE_INET_NTOP/PTON for Vista since it has own implementation of
inet_ntop/pton
v1:
* Add comp/compstub to project files
* Bump tools version to 12
* define __attribute__
Signed-off-by: Lev Stipakov <lst
* Upgrade API level to Vista to implement get_default_gateway_ipv6
* Define HAVE_INET_NTOP/PTON since Vista has its own implementation of those
Signed-off-by: Lev Stipakov <lstipa...@gmail.com>
---
config-msvc.h | 6 ++
msvc-env.bat | 2 +-
2 files changed, 7 insertions(+), 1 de
or when file is removed. We catch that event and remove it from the
dictionary.
Feature is easily tested with sample "defer" plugin and following settings:
auth-user-pass-optional
setenv test_deferred_auth 3
plugin simple.so
Signed-off-by: Lev Stipakov <lstipa...@gmail.com>
-
When peer-id value is 0xFF, server should ignore it and treat packet
in a same way as P_DATA_V1.
Make sure that issued peer-id does not exceed 0xFF.
---
src/openvpn/mudp.c | 15 ---
src/openvpn/multi.c | 3 ++-
2 files changed, 14 insertions(+), 4 deletions(-)
diff --git
v2:
* Add round brackets for clarity.
* Rephrase comment.
v1:
* When peer-id value is 0xFF, server should ignore it and treat packet
in a same way as P_DATA_V1.
* Make sure that issued peer-id does not exceed 0xFF.
---
src/openvpn/mudp.c | 14 +++---
src/openvpn/multi.c | 3
Also disable behavior for static key setup.
---
src/openvpn/forward.c | 7 +--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
index 513fbae..c17be35 100644
--- a/src/openvpn/forward.c
+++ b/src/openvpn/forward.c
@@ -1199,13 +1199,16
seth, le Fri 02 May 2014 01:39:05 +0200, a écrit :
On 17/04/14 14:07, Lev Stipakov wrote:
Hello,
Are there any plans to support ipv6 env vars in
client-connect/disconnect scripts?
There are at least 2 tickes on that feature:
https://community.openvpn.net/openvpn/ticket/230
https://community.
.org>:
> David Sommerseth, le Fri 02 May 2014 01:39:05 +0200, a écrit :
>> On 17/04/14 14:07, Lev Stipakov wrote:
>> > Hello,
>> >
>> > Are there any plans to support ipv6 env vars in
>> > client-connect/disconnect scripts?
>> >
>> >
seth, le Fri 02 May 2014 01:39:05 +0200, a écrit :
On 17/04/14 14:07, Lev Stipakov wrote:
Hello,
Are there any plans to support ipv6 env vars in
client-connect/disconnect scripts?
There are at least 2 tickes on that feature:
https://community.openvpn.net/openvpn/ticket/230
https://community.
seth, le Fri 02 May 2014 01:39:05 +0200, a écrit :
On 17/04/14 14:07, Lev Stipakov wrote:
Hello,
Are there any plans to support ipv6 env vars in
client-connect/disconnect scripts?
There are at least 2 tickes on that feature:
https://community.openvpn.net/openvpn/ticket/230
https://community.
nal
setenv test_deferred_auth 3
plugin simple.so
Signed-off-by: Lev Stipakov <lstipa...@gmail.com>
Add doxygen comment
---
configure.ac | 15 +
src/openvpn/forward.c | 8 +++
src/openvpn/mtcp.c| 28 +
src/openvpn/mudp.c| 27 +
src/openvpn
Add missing #if P2MP_SERVER
---
src/openvpn/push.c | 2 ++
src/openvpn/push.h | 5 ++---
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/openvpn/push.c b/src/openvpn/push.c
index 704818d..a4cb726 100644
--- a/src/openvpn/push.c
+++ b/src/openvpn/push.c
@@ -410,6 +410,7 @@
if
client should reconnect to the same server or advance to the next one
- Fix compilation when OCC is disabled (--enable-small)
- Update man page
v2:
- Take into use explicit-exit-notify on the server side
- OCC_SHUTTING_DOWN renamed to OCC_SERVER_EXIT
- Code prettifying
Signed-off-by: Le
ACK from me. Tested on ics-openvpn, problem with endtag now fixed.
A nitpick. git am says:
/home/stiple/Projects/ics-openvpn/.git/modules/main/openvpn/rebase-apply/patch:20:
trailing whitespace.
char *line_ptr = line;
warning: 1 line adds whitespace errors.
On 14.10.2015 16:05, Arne
Signed-off-by: Lev Stipakov <lstipa...@gmail.com>
---
src/openvpn/mudp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/openvpn/mudp.c b/src/openvpn/mudp.c
index 3aed3a0..9fa9f9e 100644
--- a/src/openvpn/mudp.c
+++ b/src/openvpn/mudp.c
@@ -79,7
v2:
* Bump log level for attack attempt message
* More clear message for float event
v1:
* Decrease log level for peer float message
Signed-off-by: Lev Stipakov <lstipa...@gmail.com>
---
src/openvpn/mudp.c | 2 +-
src/openvpn/multi.c | 2 +-
2 files changed, 2 insertions(+), 2 del
Commit
https://github.com/OpenVPN/openvpn/commit/685e486e8b8f70c25f09590c24762ff734f94a51
introduced a variable length array. Although C99 supports that, MSVS 2013 still
requires
size of array to be compiler time constant. As a fix, use OPENSSL_malloc/free.
Signed-off-by: Lev Stipakov <lst
t; You don't have to use OPENSSL_malloc() in an application but you do
you can make use of OpenSSLs memory leak checking routines if you do.
-Lev
On 20.10.2015 16:52, Gert Doering wrote:
Hi,
On Tue, Oct 20, 2015 at 04:22:59PM +0300, Lev Stipakov wrote:
Commit
https://github.com/OpenVPN/o
don't have to use OPENSSL_malloc() in an application but you do
you can make use of OpenSSLs memory leak checking routines if you do.
-Lev
On 20.10.2015 16:52, Gert Doering wrote:
Hi,
On Tue, Oct 20, 2015 at 04:22:59PM +0300, Lev Stipakov wrote:
Commit
https://github.com/OpenVPN/openvpn/commit
Signed-off-by: Lev Stipakov <lstipa...@gmail.com>
---
src/openvpn/ssl_openssl.c | 7 +++
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
index c08d4fe..3c8d41f 100644
--- a/src/openvpn/ssl_openssl.c
+++ b/src/o
ACK from me. Less code is better.
On 21.10.2015 01:39, Steffan Karger wrote:
There is no need to use OPENSSL_malloc(), so use our own functions that
automatically check for NULL and remove the now redundant NULL check.
Signed-off-by: Steffan Karger
---
ACK from me. My Clang static analyzer concurs.
On 21.10.2015 01:38, Steffan Karger wrote:
As it says on the tin. aresp would not be free'd nor returned by
my_conv() on errors. Note that we never reach this code if allocation
of aresp failed.
Found with the Clang static analyzer.
openvpn-plugin.h was not generated for MSVC build since it has been
removed from sources and made generated by configure script.
This fix generates it for MSVC build and substitutes macroses like
@OPENVPN_VERSION_MAJOR@ with actual values.
Signed-off-by: Lev Stipakov <lstipa...@gmail.
e to get adapter index,
try with adapter name.
Signed-off-by: Olli Mannisto <olmanni...@gmail.com>
Signed-off-by: Lev Stipakov <lstipa...@gmail.com>
---
src/openvpn/tun.c | 26 +++---
1 file changed, 19 insertions(+), 7 deletions(-)
diff --git a/src/openvpn/tun
Hello,
> And with interface indexes, it works all the time?
We have tested it on a few machines which previously have had this
problem and this patch has fixed that. We will test it for larger
audience in near future and report results.
-Lev
On 22.10.2015 16.59, Gert Doering wrote:
hi,
to get adapter index and use it instead of adapter
name for netsh set address command. if unable to get adapter index,
try with adapter name.
Signed-off-by: Olli Mannisto <olmanni...@gmail.com>
Signed-off-by: Lev Stipakov <lstipa...@gmail.com>
---
src/openvpn/tun.c | 10 +-
1
Hi,
It should actually be not very hard - we should be able to set "tt->actual"
to read "interface=nnn", and then it should work automagically without even
touching route.c at all
Setting "interface=" to "tt->actual_name" will affect all code
branches which use that value, for example
netsh when using
adapter name on "netsh.exe interface ipv6 set address" command.
Changed logic to get adapter index and use it instead of adapter
name for netsh set address command. if unable to get adapter index,
try with adapter name.
Signed-off-by: Olli Mannisto <olmanni...@gmail.
Add missing "include" directive.
Signed-off-by: Lev Stipakov <lstipa...@gmail.com>
---
src/openvpn/mtcp.c | 4
1 file changed, 4 insertions(+)
diff --git a/src/openvpn/mtcp.c b/src/openvpn/mtcp.c
index b27c5eb..9926d47 100644
--- a/src/openvpn/mtcp.c
+++ b/src/openvpn
Hi,
Since the new server side code does not actually *do* OCC any more we
are just #ifdef'ing it to access options->ce.explicit_exit_notify
because that one is only compiled in #ifdef ENABLE_OCC ... so we're
coupling this new functionality to an #ifdef which is not really
-enable-small)
- Update man page
v2:
- Take into use explicit-exit-notify on the server side
- OCC_SHUTTING_DOWN renamed to OCC_SERVER_EXIT
- Code prettifying
Signed-off-by: Lev Stipakov <lstipa...@gmail.com>
---
doc/openvpn.8 | 15 ++--
src/ope
Hi,
Sorry for the late response.
+bool
+win_wfp_uninit()
+{
+dmsg (D_LOW, "Uninitializing WFP");
+if (m_hEngineHandle) {
+FwpmSubLayerDeleteByKey0(m_hEngineHandle, _subLayerGUID);
+CLEAR(m_subLayerGUID);
+FwpmEngineClose0(m_hEngineHandle);
+
On 10.12.2015 18:49, ValdikSS wrote:
I'd better go with just
closing the engine without deleting everything. I don't see any
drawbacks, that should be perfectly OK for a dynamic session.
Is this correct, Lev? If yes, I'll push v9 today or tomorrow morning.
Removing non-working
Hi,
So, if we want to use index also for "add/del route", I'd gently modify
add/del_route_ipv6 and make it use "interface=" (without breaking
"vpn server special route" case).
For consistency, I think we should do that. What I'd avoid is to do
the adapter_index lookup for every single route
Thanks, I think (I think!) I got it now.
1) Since we have tt->adapter_index (which temporarily disappeared from
my perception of reality), no need to add new member to tuntap or
tuntap_options.
2) tt->adapter_index has nothing to do with rgi->adapter_index, first
one is windows adapter
Trac #637
Signed-off-by: Lev Stipakov <lstipa...@gmail.com>
---
src/openvpn/route.c | 16
src/openvpn/tun.c | 2 ++
2 files changed, 14 insertions(+), 4 deletions(-)
diff --git a/src/openvpn/route.c b/src/openvpn/route.c
index 4a60345..2012b5c 100644
--- a/src/o
Trac #637
Signed-off-by: Lev Stipakov <lstipa...@gmail.com>
---
src/openvpn/route.c | 16
src/openvpn/tun.c | 6 +-
2 files changed, 17 insertions(+), 5 deletions(-)
diff --git a/src/openvpn/route.c b/src/openvpn/route.c
index 4a60345..2012b5c 100644
--- a/src/o
Trac #637
---
src/openvpn/route.c | 8
src/openvpn/tun.c | 6 +-
2 files changed, 13 insertions(+), 1 deletion(-)
diff --git a/src/openvpn/route.c b/src/openvpn/route.c
index 1775a9c..cf5a067 100644
--- a/src/openvpn/route.c
+++ b/src/openvpn/route.c
@@ -1623,6 +1623,10 @@
Trac #637
Signed-off-by: Lev Stipakov <lstipa...@gmail.com>
---
src/openvpn/init.c | 18 ++
src/openvpn/misc.c | 6 ++
src/openvpn/misc.h | 3 +++
3 files changed, 27 insertions(+)
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 179c7ef..b0c0e26 100644
---
ACK.
I don't have VC2010, but at least on 2013 it compiles nicely.
Update toolset, define __attribute__.
Signed-off-by: Lev Stipakov <lstipa...@gmail.com>
---
src/compat/compat.vcxproj | 4 +++-
src/openvpn/openvpn.vcxproj | 6 --
src/openvpn/syshead.h | 1 +
src/openvpnserv/openvpnserv.vcxproj | 4 +++-
4 files chang
Hi,
Screenshot seems to be lost in transmission.
Moving to openvpn-devel.
We could probably detect XP only (or technically "less then Vista") by
checking that IsWindowsVistaOrGreater() == false which seems to be
simpler. It should fix the problem.
However I like the idea that server will be
* Use adapter name instead of index on WinXP - sadly XP does not support indexes
* Write Windows version to log
* Send it with peer-info as IV_PLAT_VER
Signed-off-by: Lev Stipakov <lstipa...@gmail.com>
---
config-msvc.h | 1 +
configure.ac | 1
v2:
* Add compat-versionhelpers.h to compat/Makefile.am so that "make dist" will
include it into tarball.
* Indentation
v1:
* Use adapter name instead of index on WinXP - sadly XP does not support indexes
* Write Windows version to log
* Send it with peer-info as IV_PLAT_VER
Signed-o
.
As a consequence, system starts talking to itself on full power,
traffic counters skyrocket and user is not happy.
To prevent that, drop packets which have gateway IP as
destination address.
Tested on Win7/10, OS X.
Trac #642
Signed-off-by: Lev Stipakov <lstipa...@gmail.com>
---
src/openvpn/forward.
to.. tun.
As a consequence, system starts talking to itself on full power,
traffic counters skyrocket and user is not happy.
To prevent that, drop packets which have gateway IP as
destination address.
Tested on Win7/10, OS X.
Trac #642
Signed-off-by: Lev Stipakov <lstipa...@gmail.com>
--
Trac #599
Signed-off-by: Lev Stipakov <lstipa...@gmail.com>
---
src/openvpn/win32.c | 16
1 file changed, 16 insertions(+)
diff --git a/src/openvpn/win32.c b/src/openvpn/win32.c
index 6c6ac4c..5702304 100644
--- a/src/openvpn/win32.c
+++ b/src/openvpn/win32.c
@@ -
Hi James,
Has anyone seen issues with --block-outside-dns speed? Because this
approach drops certain DNS packets, I'm wondering if apps will
experience lag time while waiting for dropped DNS requests to time out.
Yes, I have experienced issues with that patch.
On only machine I was able to
Yep, was a bit busy with other stuff last weeks.
On 27.04.2016 11:16, Arne Schwabe wrote:
I am just going through the patches. Lev, do you plan a follow up for this?
Arne
So, following changes are required for V3:
1) No drop_if_recursive() call for P2P
2) Same for TAP
3) Add an option to disable it
Sounds reasonable?
2016-08-24 16:13 GMT+03:00 Gert Doering :
> Hi,
>
> On Wed, Aug 24, 2016 at 10:12:54AM +0200, Jan Just Keijser wrote:
> >
Move client-specific push options (currently peer-id and cipher) to
separate list, which is deallocated after push_reply
has been send. This makes sure that options are fit into buf,
not duplicated nor leak memory on renegotiation.
Signed-off-by: Lev Stipakov <lstipa...@gmail.com>
--
From: Lev Stipakov <lev.stipa...@f-secure.com>
v4:
- Account for IP header offset in TAP mode
- Correct handle of non-IP protocols in TAP mode
v3: Use better way of figuring out IP proto version which
does not break TAP mode. Add an option to allow recursive
routing, could be usefu
.
Signed-off-by: Lev Stipakov <lstipa...@gmail.com>
---
src/openvpn/push.c | 186 ++---
1 file changed, 104 insertions(+), 82 deletions(-)
diff --git a/src/openvpn/push.c b/src/openvpn/push.c
index a1b999e..f7bcad1 100644
--- a/src/openvpn/
1 - 100 of 743 matches
Mail list logo