From: Lev Stipakov
Starting from commit 21b2dbd3 "[scripts-audit] nmake buildsystem"
vcpkg has removed NO_DEBUG support from nmake buildsystem
and now builds debug variant unconditionally. Debug flags contradict
build options hardcoded in pkcs11 nmake script (like /O2).
Remove hardcod
From: Lev Stipakov
With register_ring_buffers() being declared as "static" in header file,
all translation units, which include that header, got a copy of that function.
This causes GCC warning
warning: "register_ring_buffers" defined but not used [-Wunused-function]
wh
I've discussed this with James, in his opinion it is not needed to be
fixed in openvpn3 server side, since those duplicated packets are
dropped anyway in openvpn2/3 clients. OpenVPN3 client doesn't display
those errors but increments error counter, which is then dumped to log
on disconnect. The
I added a commit to vcpkg/openssl PR
(https://github.com/microsoft/vcpkg/pull/21540) which gives an option
to customize ENGINESDIR. Unfortunately openssl doesn't make it easy -
ENGINESDIR is built based on --prefix, which is set to vcpkg build
dir. The prefix cannot be set to something like
Hi,
A few years back we made a Proof-of-Concept with OpenVPN 3 and Windows
UWP API. Performance-wise it was on tap-windows6 level (which is not
impressive), there were some issues with UDP transport (which were
solved by MSFT later) and usability related to UWP app model - for
example application
From: Lev Stipakov
This is the rebase of original Selva Nair's patch
which hasn't been merged:
https://sourceforge.net/p/openvpn/mailman/message/34674818/
and documentation change to reflect code changes, which
is basically a revert of another Selva's patch (which got merged):
https
Hi,
> Why not just use 0 offset always? Perpetuating this dance of 0 offset in some
> cases, -1 otherwise is not a way forward. Also see my patch from 2015 that
> never got any traction. I have lost touch with the context, so, I'm not sure
> whether this addresses the same (apart from code
From: Lev Stipakov
There are cases when control packet is not acked fast enough,
for example when handling PUSH_REPLY, which requires setting up
tunnel. In those cases packet will be retransmitted.
OpenVPN 2 changes packet-id on retransmission, so it passes
replay protection and got rejected
also ship openssl.exe,
which is used by easyrsa?
ma 22. marrask. 2021 klo 19.56 Selva Nair (selva.n...@gmail.com) kirjoitti:
>
> Hi,
>
> On Mon, Nov 22, 2021 at 12:20 PM Lev Stipakov wrote:
>>
>> I added a commit to vcpkg/openssl PR
>> (https://github.com/microsoft
Hi,
We agreed during the hackathon that we are going to ship a 2.6 Windows
client with OpenSSL 3.0. Apart from merging relevant patches, there
are few (small) blocks:
- vcpkg hasn't yet added OpenSSL 3.0 to official repo, but there is a
PR https://github.com/microsoft/vcpkg/pull/20428 This
Hi,
1) 7/8 should be squashed into 6/8, because 6/8 "ovpn-dco-win:
introduce windows data-channel offload support" breaks mingw i686
build, which 7/8 "ovpn-dco-win: fix mingw i686 build" fixes.
2) Patch 6/8 "ovpn-dco-win: introduce windows data-channel offload
support" has commented out certain
From: Lev Stipakov
MSVC build uses OpenSSL from vcpkg, which at the moment
is 1.1.1l. Key material export was added to 1.1.1, so it is safe
to indicate its support unconditionally.
This enables Windows releases to benefit from tls-ekm
data channel keys derivation.
Signed-off-by: Lev Stipakov
From: Lev Stipakov
MSVC build uses OpenSSL from vcpkg, which at the moment
is 1.1.1l. Key material export was added to 1.1.1, so it is safe
to indicate its support unconditionally.
This enables Windows releases to benefit from tls-ekm
data channel keys derivation.
Signed-off-by: Lev Stipakov
Hi,
I just realized that tls-ekm is a 2.6 feature, which means that
while patch is still valid for 2.5, the last sentence in the commit message
is not.
--
-Lev
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
Please disregard this patch,
I've sent two separate ones for 2.5 and master which fix multiple
issues found by binskim, including HW-enforced stack protection.
https://patchwork.openvpn.net/patch/2209/
https://patchwork.openvpn.net/patch/2210/
Note that before applying 2.5 patch, one needs
From: Lev Stipakov
- enable hardware-enforced stack protection on
compatible hardware/software (/CETCOMPAT linker option)
- hash object files with SHA256 (/ZH:SHA_256 compiler option)
- enable SDL. The required to add
_CRT_NONSTDC_NO_DEPRECATE
_CRT_SECURE_NO_WARNINGS
From: Lev Stipakov
- enable hardware-enforced stack protection on
compatible hardware/software (/CETCOMPAT linker option)
- hash object files with SHA256 (/ZH:SHA_256 compiler option)
- enable SDL. The required to add
_CRT_NONSTDC_NO_DEPRECATE
_CRT_SECURE_NO_WARNINGS
From: Lev Stipakov
This provides hardware-enforced stack protection on compatible
hardware/software.
This is based on patch from Ilya Shipitsin
https://patchwork.openvpn.net/patch/1987/
See
https://techcommunity.microsoft.com/t5/windows-kernel-internals-blog/developer-guidance-for-hardware
From: Lev Stipakov
This fixes
error C4703: potentially uninitialized local pointer variable 'b64output' used
found by arm64 msvc compiler with SDL enabled.
Not sure why this is not triggered on x86/x64.
Signed-off-by: Lev Stipakov
---
src/openvpn/auth_token.c | 2 +-
1 file changed, 1
From: Lev Stipakov
tun_finalize() is essentially subset of socket_finalize() apart from:
- using WSAFoo() functions instead of Foo()
- "from" address is not returned
There is no clear official statement that one can use non-WSA
API on handles, so let's be on a safe side an
From: Lev Stipakov
We always build with OpenSSL >= 1.1.1, which has EC support.
Signed-off-by: Lev Stipakov
---
...-vc.h.in-indicate-OpenSSL-EC-support.patch | 33 +++
contrib/vcpkg-ports/pkcs11-helper/CONTROL | 2 +-
.../vcpkg-ports/pkcs11-helper/portfile.cmake |
From: Lev Stipakov
This release has merged openssl 1.1.1 support patch,
so our own patch could be removed from the port.
Remove unconditional /release flag, which is added by vcpkg
for release builds. Having this flag unconditionally breaks vcpkg
debug builds.
Signed-off-by: Lev Stipakov
From: Lev Stipakov
tun_finalize() is essentially subset of socket_finalize() apart from:
- using WSAFoo() functions instead of Foo()
- "from" address is not returned
There is no clear official statement that one can use non-WSA
API on handles, so let's be on a safe side an
Makes sense.
Acked-by: Lev Stipakov
ma 17. tammik. 2022 klo 11.36 Antonio Quartulli (a...@unstable.cc) kirjoitti:
>
> There are 2 occurrences where the order 'inline static' is used when
> defining a function, while the rest of the code uses the definitely
> more common form 's
This is probably something committer (looks at cron2) could fix on the
fly, unless there are more issues which would require v4?
ma 17. tammik. 2022 klo 11.53 Antonio Quartulli (a...@unstable.cc) kirjoitti:
>
> Hi,
>
> On 17/01/2022 10:49, Lev Stipakov wrote:
> [cut]
> > -
&
From: Lev Stipakov
Signed-off-by: Lev Stipakov
---
contrib/vcpkg-ports/pkcs11-helper/CONTROL| 2 +-
contrib/vcpkg-ports/pkcs11-helper/portfile.cmake | 8
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/contrib/vcpkg-ports/pkcs11-helper/CONTROL
b/contrib/vcpkg
From: Lev Stipakov
While on it, remove deprecated vcpkg_fail_port_install().
since we don't care about UWP/Linux/OS X here.
Also bump github actions's vcpkg commit id.
Signed-off-by: Lev Stipakov
---
.github/workflows/build.yaml| 2 +-
contrib/vcpkg-ports/openssl3
From: Lev Stipakov
Since vcpkg official repo doesn't have openssl 1.1.1n yet,
add own port - just copy files from vcpkg\ports\openssl (excluding
unix and uwp directories) and replace 1.1.1m with 1.1.1n, not
forgetting about SHA512.
Signed-off-by: Lev Stipakov
---
.../openssl/install-pc
From: Lev Stipakov
"make dist" uses tar which breaks on long filenames:
tar:
openvpn-2.5.6/contrib/vcpkg-ports/pkcs11-helper/0003-config-w32-vc.h.in-indicate-OpenSSL-EC-support.patch:
file name is too long (max 99); not dumped
tar: Exiting with failure status due to previ
This is something which Gert could fix on commit, I think?
ke 16. maalisk. 2022 klo 19.22 Frank Lichtenheld (fr...@lichtenheld.com)
kirjoitti:
>
>
> > Lev Stipakov hat am 16.03.2022 14:54 geschrieben:
> >
> >
> > From: Lev Stipakov
> >
> > "mak
From: Lev Stipakov
We've added functionality to openvpn-build
f83f21ef "windows-msi: add ability to specify port overlays in
openvpn-build"
(which is used for release building) to use overlay ports, which
enables us to build releases with updated ports (like openssl)
without maki
I checked that the file is indeed not used and successfully ran GitHub
Actions with this patch.
Acked-by: Lev Stipakov
ma 14. maalisk. 2022 klo 18.21 Antonio Quartulli (a...@unstable.cc) kirjoitti:
> sitnl.h must have slipped in when implementing the networking AI and the
> SITNL b
Let's start from the beginning.
I'll start two new threads (master and 2.5) and Ilya could ack them.
Ilya, to ack please reply on those threads with following line:
Acked-by: Firstname Lastname
su 20. helmik. 2022 klo 19.31 Gert Doering (g...@greenie.muc.de) kirjoitti:
>
> Hi,
>
> On Sun, Feb
From: Lev Stipakov
- enable hardware-enforced stack protection on
compatible hardware/software (/CETCOMPAT linker option)
- hash object files with SHA256 (/ZH:SHA_256 compiler option)
- enable SDL. The required to add
_CRT_NONSTDC_NO_DEPRECATE
_CRT_SECURE_NO_WARNINGS
We had a long discussion with ordex about this patch and came to the
conclusion that error printing is currently broken on Windows and
needs a proper fixing.
Why is it broken?
- the bug that my patch fixes - we use Windows's GetLastError to get
Windows last error code and with that strerror to
From: Lev Stipakov
- enable hardware-enforced stack protection on
compatible hardware/software (/CETCOMPAT linker option)
- hash object files with SHA256 (/ZH:SHA_256 compiler option)
- enable SDL. The required to add
_CRT_NONSTDC_NO_DEPRECATE
_CRT_SECURE_NO_WARNINGS
what do you want
> me to do?
>
> пн, 21 февр. 2022 г. в 13:59, Lev Stipakov :
>>
>> Let's start from the beginning.
>>
>> I'll start two new threads (master and 2.5) and Ilya could ack them.
>>
>> Ilya, to ack please reply on those threads with foll
From: Lev Stipakov
Having .dll for a single executable doesn't make
much sense. Static linking removes 117kb .dll
and grows .exe size by only 4kb.
Signed-off-by: Lev Stipakov
---
contrib/vcpkg-triplets/arm64-windows-ovpn.cmake | 3 ++-
contrib/vcpkg-triplets/x64-windows-ovpn.cmake | 3
From: Lev Stipakov
- enable hardware-enforced stack protection on
compatible hardware/software (/CETCOMPAT linker option)
- hash object files with SHA256 (/ZH:SHA_256 compiler option)
- enable SDL. The required to add
_CRT_NONSTDC_NO_DEPRECATE
_CRT_SECURE_NO_WARNINGS
Hi,
Thanks for testing.
> original patch does not apply
Indeed it doesn't apply anymore since recent changes to vcxproj files.
I have rebased it.
> minor build issues still there: test · chipitsine/openvpn@eeff765 (github.com)
Those are likely because this was not applied
Hi,
> can you please apply "pdb" patch to your branch ?
> CI: github actions: keep "pdb" in artifacts · OpenVPN/openvpn@9da7337
Done! https://github.com/lstipakov/openvpn/actions/runs/1858390624
> BinSkim uses pdb for analysis.
>
> probably, it makes sense to apply this patch to release/2.5
From: Lev Stipakov
On Windows we use GetLastError() to get error code. To get
error description, we must use FormatMessage() and not strerror().
Replace strerror() with openvpn_strerror() macro, which is resolved
to strerror_win32() (which calls FormatMessage) on Windows and
to strerror
Hi,
> While this would be a cleaner fix, it also requires extensive changes and
> it is not always easy to decide where to use M_ERRNO and where to use
> M_WINERR. E.g., without looking into the internals of platform.c one
> doesn't know whether platform_open() uses _wopen() or CreateFile().
>
From: Lev Stipakov
We use M_ERRNO flag in logging to display error code
and error message. This has been broken on Windows,
where we use error code from GetLastError() and
error description from strerror(). strerror() expects
C runtime error code, which is quite different from
last error code
From: Lev Stipakov
When calculating default mssfix, we take into account
protocol overhead, which usually includes 3 bytes peer-id.
Peer-id usage is indicated by options->use_peer_id flag.
In client mode it is set when applying pushed options.
In server mode it is not set and as a res
Hi,
encapsoluation
>
Built and tested on Windows with dco, works as expected - "mssfix 1000
fixed" results in MSS 960 and 1000 bytes in-tunnel TCP packets with 1024
bytes transport UDP packets. Same behavior with "tun-mtu 1000".
From: Lev Stipakov
Add two custom actions to service ovpn-dco driver installation.
- EvaluateDriver
Runs under user privileges. Determines what action (install/uninstall)
should be performed on ovpn-dco component.
- ProcessDriver
Runs under SYSTEM privileges. Performs driver (un
Compiled and slightly tested on Windows/MSVC, works as expected.
Code looks reasonable.
Acked-by: Lev Stipakov
--
-Lev
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
From: Lev Stipakov
Add two custom actions to service ovpn-dco driver installation.
- EvaluateDriver
Runs under user privileges. Determines what action (install/uninstall)
should be performed on ovpn-dco component.
- ProcessDriver
Runs under SYSTEM privileges. Performs driver (un
Dear all,
OpenVPN Community would like to present a new technical preview version of
OpenVPN Windows client with Data Channel Offload functionality. This version
includes many bugfixes and improvements since the previous one (May 2021).
It also uses OpenSSL 3.0.1.
The client is built from the
From: Lev Stipakov
Remove unused macros for dependency directories,
since dependencies are handled by vcpkg.
Remove unused .bat files.
Reported-by: Frank Lichtenheld
Signed-off-by: Lev Stipakov
---
Makefile.am | 5 +--
build/msvc/msvc-generate/Makefile.mak | 14
Hi Ilja,
Is there any chance you could have a look at this patch?
pe 7. tammik. 2022 klo 16.54 Lev Stipakov (lstipa...@gmail.com) kirjoitti:
>
> From: Lev Stipakov
>
> - enable hardware-enforced stack protection on
> compatible hardware/software (/CETCOMPAT linker option)
>
Gentle nudge.
ma 17. tammik. 2022 klo 13.42 Gert Doering (g...@greenie.muc.de) kirjoitti:
>
> Hi,
>
> On Mon, Jan 17, 2022 at 11:56:51AM +0200, Lev Stipakov wrote:
> > This is probably something committer (looks at cron2) could fix on the
> > fly, unless there are more is
From: Lev Stipakov
- add openssl3 port from https://github.com/microsoft/vcpkg/pull/20428/files
with small changes:
--- portfile.cmake.orig 2022-01-24 11:04:44.914467900 +0200
+++ portfile.cmake 2022-01-24 11:02:46.066088800 +0200
@@ -5,8 +5,8 @@
vcpkg_from_github(
OUT_SOURCE_PATH
From: Lev Stipakov
These two patches add openssl3 support for msvc build.
The first one contains fixes to xkey code to make it
compilable by msvc. Second one adds openssl3 port.
Lev Stipakov (2):
xkey: fix msvc build
msvc: switch to openssl3
.github/workflows/build.yaml
From: Lev Stipakov
- use sizeof(void *) since msvc doesn't support sizeof of function ptr
- use XKEY_PROV_PROPS macro instead of props since msvc
requires constant expression in aggregate initializers
Signed-off-by: Lev Stipakov
---
src/openvpn/xkey_helper.c | 4 ++--
src/openvpn
From: Lev Stipakov
Add openssl3 vcpkg port from https://github.com/microsoft/vcpkg/pull/20428/files
with some changes:
- switch to openssl 3.0.1
- add install_runtime make target to build openssl.exe
- create tools/openssl and copy there openssl.exe with dependency dlls
Signed-off-by: Lev
Hi,
> A whole patch in the commit message is not very helpful and makes it hard to
> read. Why not include this patch + the original, and apply the patch during
> build?
>
> Or just add a pointer to the original file in the changed file so that it
> could be diff-ed against if need be,
Yeah,
From: Lev Stipakov
Add openssl3 vcpkg port, which is slightly modified version of
openssl1.1.1 port from official vcpkg repo.
Signed-off-by: Lev Stipakov
---
v2:
- rewrite openssl3 port based on upstream's openssl1.1.1 port
and statically link legacy provider into it
.github/workflows
From: Lev Stipakov
tun_finalize() is essentially subset of socket_finalize() apart from:
- using WSAFoo() functions instead of Foo()
- "from" address is not returned
There is no clear official statement that one can use non-WSA
API on handles, so let's be on a safe side an
/)
Otherwise looks good - pkcs11 port download and patching works, and GitHub
Actions are green.
Acked-by: Lev Stipakov
la 23. huhtik. 2022 klo 16.59 Marc Becker (b...@gmx.de) kirjoitti:
> This release has merged win32 support patch,
> so our own patch could be removed from the port.
>
> Upst
From: Lev Stipakov
There are two flags to indicate peer-id usage, one is
in tls_multi struct and another one is in options.
For P2P mode we don't set this flag in options,
which is used in MTU calculation. As a result,
automatically calculated MSS value in P2P mode is wrong,
Fix by bring
DCO in the
> first place. There is no DCO code yet in master but somehow we have the
> GH action for that :-D
>
> Anyway, can add a sentence to explain what is going on.
>
> Cheers,
>
> >
> > On Fri, Jun 24, 2022 at 10:38:09AM +0200, Antonio Quartulli wro
Hi,
> +if (dco_get_overlapped_result(handle, ov, ,
> poll_interval_ms, FALSE) != 0)
With the removal of mingw compat patch ("dco-win: implement
GetOverlappedResultEx for mingw32"), this needs to be changed to
GetOverlappedResultEx (signature is the same).
-Lev
Hi,
The problem this patch solves appeared on mingw-w64 for 32bit version
6.0.0, which is the latest version of mingw on Windows. When this
patch was written (April 2021), we still used travis/appveyor which
did mingw builds on Windows so back then patch made sense.
Since we moved to GHa since
Hi,
I did some review / testing and suggest following changes to this patch:
> +if (!DeviceIoControl(tt->hand, OVPN_IOCTL_START_VPN, NULL, 0, NULL, 0,
> + _returned, NULL))
> +{
> +msg(M_ERR, "DeviceIoControl(OVPN_IOCTL_START_VPN) failed with code
> %lu",
Hi,
I did some testing and found out that this breaks when establishing
TCP connection to a server which cannot be reached:
> +*tt = dco_create_socket(sock->info.lsa->current_remote,
> +sock->bind_local,
> +sock->info.lsa->bind_local,
>
From: Lev Stipakov
After successfult builds on all platforms,
start openvpn-build GHA which produces
Windows MSI installers.
Signed-off-by: Lev Stipakov
---
.github/workflows/build.yaml | 21 +++--
1 file changed, 19 insertions(+), 2 deletions(-)
diff --git a/.github
As discussed at https://github.com/OpenVPN/openvpn3/pull/218
Acked-by: Lev Stipakov
ti 7. kesäk. 2022 klo 20.26 Christopher Ng (fac...@gmail.com) kirjoitti:
> Signed-off-by: Christopher Ng
> ---
> openvpn/omi/CMakeLists.txt | 9 +
> 1 file changed, 9 insertions(+)
&g
As per discussion on https://github.com/OpenVPN/openvpn3/pull/218
Acked-by: Lev Stipakov
ti 7. kesäk. 2022 klo 20.30 Christopher Ng (fac...@gmail.com) kirjoitti:
> Signed-off-by: Christopher Ng
> ---
> openvpn/ovpnagent/win/ovpnagent.cpp | 6 --
> 1 file changed, 4 inse
From: Lev Stipakov
This code reads the state of OpenVPNService,
such as startup mode and running, and sets MSI
property value. If that property is set, installer
selects OpenVPNService as a feature to be installed.
This has been superseded by change in installer:
https://github.com/OpenVPN
How about we'll add dco_check_timeout(int, context) to dco.h with platform
specific implementations?
Here is what I just did for Windows (Linux part is no-nop):
https://github.com/lstipakov/openvpn/commit/ce242896c621273578a446c5194d5ca6aee04237
ke 27. huhtik. 2022 klo 15.32 Lev Stipakov (lstipa
And of course I forgot non-dco dummy implementation (which we don't call
yet, because on Windows dco is always defined)
https://github.com/lstipakov/openvpn/commit/f223bef8449f15ff5de06acdfee16088b855c47a
ke 27. huhtik. 2022 klo 16.18 Lev Stipakov (lstipa...@gmail.com) kirjoitti:
> How ab
Hi,
@Lev, just a heads up: does dco-win deal with this case? It would be
> good to have a look on your side too.
>
Good point - this functionality (dco keepalive timeout) works in openvpn3
but not in openvpn2.
dco-win notifies userspace about keepalive timeout by returning certain
error code
Hi,
Also there are some places openvpn_errno() is used and the result checked
> against POSIX error codes:
> in forward.c around line 2102:
>
> if ( && ENETUNREACH == error_code && ...)
>
> where error_code = openvpn_errno() which may return WSAENETUNREACH on
> Windows not ENETUNREACH-- even
From: Lev Stipakov
We use M_ERRNO flag in logging to display error code
and error message. This has been broken on Windows,
where we use error code from GetLastError() and
error description from strerror(). strerror() expects
C runtime error code, which is quite different from
last error code
From: Lev Stipakov
We use M_ERRNO flag in logging to display error code
and error message. This has been broken on Windows,
where we use error code from GetLastError() and
error description from strerror(). strerror() expects
C runtime error code, which is quite different from
last error code
From: Lev Stipakov
Add vcpkg manifest file which lists
dependencies and enable manifest usage in
project file.
This simplifies build process by eliminating
separate "vcpkg install" step to install dependencies.
Signed-off-by: Lev Stipakov
---
v2: add missing lz4 dependency
From: Lev Stipakov
Add vcpkg manifest file which lists
dependencies and enable manifest usage in
project file.
This simplifies build process by eliminating
separate "vcpkg install" step to install dependencies.
Signed-off-by: Lev Stipakov
---
.github/workflows/build
From: Lev Stipakov
Add vcpkg manifest file which lists
dependencies and enable manifest usage in
project file.
This simplifies build process by eliminating
separate "vcpkg install" step to install dependencies.
Signed-off-by: Lev Stipakov
---
v3: fix GitHub Actions cache
v2: add m
From: Lev Stipakov
Add vcpkg manifest file which lists
dependencies and enable manifest usage in
project file.
This simplifies build process by eliminating
separate "vcpkg install" step to install dependencies.
Since vcpkg added openssl3 port, remove ours.
Signed-off-by: Le
Another feedback - I asked our corp QA engineer to give this build a
try, here are results:
---
Testing OpenVPN GUI on Windows 11:
- install, remove and upgrade from 2.5.7 to
https://github.com/lstipakov/openvpn-build/actions/runs/2902240643
- Connection with `DCO` via autologin, user-locked,
From: Antonio Quartulli
With this change it is possible to use ovpn-dco-win when running OpenVPN
in client or P2P mode.
Signed-off-by: Arne Schwabe
Signed-off-by: Lev Stipakov
Signed-off-by: Antonio Quartulli
---
Changes from v103:
* Query DCO code for default --data-ciphers only
From: Antonio Quartulli
With this change it is possible to use ovpn-dco-win when running OpenVPN
in client or P2P mode.
Signed-off-by: Arne Schwabe
Signed-off-by: Lev Stipakov
Signed-off-by: Antonio Quartulli
---
Changes from v104:
* query first crypto library for chacha support
From: Lev Stipakov
Since version 0.8.0, dco-win driver added support for
DEL_PEER command, which enabled --persist-tun
implementation on client side.
Add real implementation for dco_del_peer on Windows,
which calls DEL_PEER, which clears peer state
on the driver without tearing tunnel down
From: Lev Stipakov
Since version 0.8.0, dco-win driver added support for
DEL_PEER command, which enabled --persist-tun
implementation on client side.
Add real implementation for dco_del_peer on Windows,
which calls DEL_PEER, which clears peer state
on the driver without tearing tunnel down
le, which
> means that the previous driver version (0.7.6) is stable and new one (with
> persist tun support) is not.
>
> We’ll get back to this patch when I’ll fix the driver.
>
> Lähetetty iPhonesta
>
> > Lev Stipakov kirjoitti 29.8.2022 kello 14.51:
> >
> >
From: Antonio Quartulli
With this change it is possible to use ovpn-dco-win when running OpenVPN
in client or P2P mode.
Signed-off-by: Arne Schwabe
Signed-off-by: Lev Stipakov
Signed-off-by: Antonio Quartulli
---
Changes from v101:
* move tuntap_is_dco_win() check from init.c to open_tun
From: Antonio Quartulli
With this change it is possible to use ovpn-dco-win when running OpenVPN
in client or P2P mode.
Signed-off-by: Arne Schwabe
Signed-off-by: Lev Stipakov
Signed-off-by: Antonio Quartulli
---
Changes from v102:
* use "windows-driver ovpn-dco" without trai
From: Lev Stipakov
This function is available starting from Windows 8. Calling it
"as is" causes startup error on Windows 7.
dco-win driver available on Windows 10 20H1 and newer. On older
systems installer will not show nor install the driver and dco-win code
won't be reached.
From: Lev Stipakov
This allows us to use newer versions of
dependencies, such as openssl 3.0.2 -> 3.0.5.
Signed-off-by: Lev Stipakov
---
.github/workflows/build.yaml | 2 +-
src/openvpn/vcpkg.json | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/.github/workfl
verified that ChaCha20-Poly1305 (cipher supported starting from
Windows 11) works fine with the dco-win driver ,
as well as the good old AES-256-GCM.
More testers are very welcomed.
ma 22. elok. 2022 klo 11.56 Lev Stipakov (lstipa...@gmail.com) kirjoitti:
>
> From: Antonio Qua
Dear all,
The DCO driver for Windows (https://github.com/openvpn/ovpn-dco-win)
implements OpenVPN data channel in kernel, eliminating context switch
and thus noticeably improves performance.
Support for dco-win driver has been merged into openvpn master branch
and openvpn installer:
x64:
klo 19.06 Gert Doering (g...@greenie.muc.de) kirjoitti:
>
> Hi,
>
> On Fri, Aug 19, 2022 at 10:30:05PM +0300, Lev Stipakov wrote:
> > From: Antonio Quartulli
> >
> > With this change it is possible to use ovpn-dco-win when running OpenVPN
> > in client or P
Hi,
I remember someone was explaining to me the necessity of verbose
commit messages.
Chi può essere?
> It seems to take an existing setup that builds an installer *with* DCO,
> and remove the DCO bits?
> ... so maybe we can have a better commit message that explains this?
We decided to move
12.02 Gert Doering (g...@greenie.muc.de) kirjoitti:
>
> Hi,
>
> On Sat, Aug 13, 2022 at 10:42:20PM +0200, Antonio Quartulli wrote:
> > With this change it is possible to use ovpn-dco-win when running OpenVPN
> > in client or P2P mode.
> >
> > Signed-off-by:
NAK.
static inline int
link_socket_read_udp_win32(struct link_socket *sock,
struct buffer *buf,
struct link_socket_actual *from)
{
sockethandle_t sh = { .s = sock->sd };
if (sock->info.dco_installed)
From: Lev Stipakov
On startup, check following conditions:
- ovpn-dco-win driver is installed. Perform this check
by trying to open adapter by symbolic name.
- options are compatible with dco. Same checks as on
Linux and FreeBSD. In addition, check that --mode server
is not used
Hi,
> One general question about the patch: Whenever we have
> defined(TARGET_LINUX) || defined(TARGET_FREEBSD) || defined(_WIN32)
> in the DCO code, couldn't we just remove it completely?
> Since this is bascially "every time" anyway, isn't it?
Well, almost. There is also Mac and some other
From: Lev Stipakov
Reverse if condition - this allows us to get rid of
indentation level, which makes code easier to read.
Signed-off-by: Lev Stipakov
---
src/openvpn/init.c | 88 --
1 file changed, 45 insertions(+), 43 deletions(-)
diff --git
501 - 600 of 743 matches
Mail list logo