Reviewed in Gerrit.
Acked-by: Lev Stipakov
pe 31. maalisk. 2023 klo 18.43 Frank Lichtenheld
(fr...@lichtenheld.com) kirjoitti:
>
> The biggest change is that this allows to build this port
> with mingw, not just MSVC
> (which will become important with my CMake patch that
> wil
Reviewed in Gerrit.
Acked-by: Lev Stipakov
pe 31. maalisk. 2023 klo 18.43 Frank Lichtenheld
(fr...@lichtenheld.com) kirjoitti:
>
> So it is easier to check the merge status.
>
> Change-Id: Ia1f8a8d26d4752a7dda1a20521c59ded06bc7c52
> Signed-off-by: Frank Lichtenheld
>
Reviewed in Gerrit.
Acked-by: Lev Stipakov
pe 31. maalisk. 2023 klo 18.43 Frank Lichtenheld
(fr...@lichtenheld.com) kirjoitti:
>
> To be in line with current vcpkg packaging policies.
>
> Change-Id: Ifad0965a2b724b0b278783ba9c0ad5a82274445d
> Signed-off-by: Frank Lichtenheld
&
Reviewed in Gerrit.
Acked-by: Lev Stipakov
pe 31. maalisk. 2023 klo 18.43 Frank Lichtenheld
(fr...@lichtenheld.com) kirjoitti:
>
> Annoyingly this requires custom vcpkg triplets because
> the mingw toolchain definition and the vcpkg_configure_make
> function use incompatible defa
From: Lev Stipakov
We set DNS domain either via interactve service or DHCP.
When interactive service is not used, for example,
when profiles are started by OpenVPNService, this option
is not working for DCO and wintun.
This implements setting DNS domain via WMIC command,
similar
Hi,
> Adding "!tuntap_maybe_dhcp()" here looks wrong. We must set the domain if not
> set during IPv4 processing and that is indicated by did_ifconfig_setup. Just
> as done in the case handled by interactive-service above.
Right, did_ifconfig_setup is not set if the IPv4 address is not
pushed,
From: Lev Stipakov
We set DNS domain either via interactve service or DHCP.
When interactive service is not used, for example,
when profiles are started by OpenVPNService, this option
is not working for DCO and wintun.
This implements setting DNS domain via WMIC command,
similar
From: Lev Stipakov
Socket is a handle on Windows, which is usually logged in hex.
Also an interesting value is INVALID_SOCKET, which is ~0.
PRIuPTR prints decimals, and for INVALID_SOCKET it prints something like
2023-02-10 14:45:21 us=906000 write to TUN/TAP : Jrjestelmkutsulle
annettu data
From: Lev Stipakov
Followin DHCP options:
DOMAIN, ADAPTER_DOMAIN_SUFFIX, DNS, WINS
don't require DHCP server in order to be used.
This change allows those options to be used with dco and wintun
drivers. If an option specified which requires DHCP server and
tap-windows6 driver is not used
Clear enough.
Acked-by: Lev Stipakov
pe 3. helmik. 2023 klo 21.15 Frank Lichtenheld (fr...@lichtenheld.com)
kirjoitti:
>
> Signed-off-by: Frank Lichtenheld
> ---
> src/openvpn/win32.c | 7 +++
> 1 file changed, 3 insertions(+), 4 deletions(-)
>
> diff --git a/src/
>
> Hi,
>
> On 07/02/2023 10:42, Lev Stipakov wrote:
> > From: Lev Stipakov
> >
> > Followin DHCP options:
> >
> >DOMAIN, ADAPTER_DOMAIN_SUFFIX, DNS, WINS
> >
> > don't require DHCP server in order to be used.
> >
> > Thi
Looks good, looked at the code test-compiled in MSVC.
Acked-by: Lev Stipakov
ti 7. helmik. 2023 klo 15.44 Frank Lichtenheld (fr...@lichtenheld.com)
kirjoitti:
>
> Relevant defines/typedefs:
> typedef UINT_PTRSOCKET;
> if defined(_WIN64)
> typedef unsigned __int64 U
Hi,
I found this behavior a bit confusing.
First,
2023-02-10 09:53:14 us=187000 Options error: Cannot set comp-lzo to
'no', allow-compression is set to 'no'
2023-02-10 09:53:14 us=187000 OPTIONS IMPORT: compression parms modified
parms->params
but they weren't really modified, weren't they?
> We can certainly add logic that will make the
> client abort in this cases but that should affect all the other options
> that are being pushed that the client refuses.
At least for compression we know for sure that the tunnel will be broken,
doesn't it warrant any special case? At least clear
Hi,
> Good point. I have a version that splits "add" and "delete" actions into
> separate functions and does something like this.
>
> Please take a look here:
> https://github.com/selvanair/openvpn/tree/block-dns-fix
> The add and delete functions are in that order (with a forward declaration)
From: Lev Stipakov
Followin DHCP options:
DOMAIN, ADAPTER_DOMAIN_SUFFIX, DNS, WINS
don't require DHCP server in order to be used.
This change allows those options to be used with dco and wintun
drivers. If an option specified which requires DHCP server and
tap-windows6 driver is not used
I haven't tested it in the MinGW environment, but checked the code in MSVC and
ensured that setenv_foreign_option is indeed not used at all in Win32.
Acked-by: Lev Stipakov
pe 3. helmik. 2023 klo 21.15 Frank Lichtenheld (fr...@lichtenheld.com)
kirjoitti:
>
> Signed-off-by: Frank Licht
Looks good. Stared at the code and test-compiled with MSVC.
Acked-by: Lev Stipakov
pe 3. helmik. 2023 klo 21.15 Frank Lichtenheld (fr...@lichtenheld.com)
kirjoitti:
>
> At this point it might be easier to create a
> dedicated function for Windows...
>
> Signed-off-by: Fr
From: Lev Stipakov
Followin DHCP options:
DOMAIN, ADAPTER_DOMAIN_SUFFIX, DNS, WINS
don't require DHCP server in order to be used.
This change allows those options to be used with dco and wintun
drivers. If an option specified which requires DHCP server and
tap-windows6 driver is not used
Hi,
I made a slightly different fix but then noticed your mail.
Indeed the problem is that get/set_interface_metric fails,
and we call FwpmEngineClose0 after updating the undo list. When
openvpn process exits, we execute commands in undo list,
and second call to FwpmEngineClose0 causes Access
From: Lev Stipakov
This is needed to support domains with hyphens.
Not using double quotes here, since our code replaces
them with underbars (see
https://github.com/OpenVPN/openvpn/blob/master/src/openvpn/win32.c#L980).
Fixes https://github.com/OpenVPN/openvpn/issues/363
Change-Id
From: Lev Stipakov
Commit a261e173 ("Make sending plain text control message session
aware") added KID parameter to "client-pending-auth" management command,
but forgot to mention it in the output of management help.
Change-Id: I201bdaa5fe4020d15a9dd1674aba5e0c4517073
From: Lev Stipakov
By default CMake links C runtime dynamically,
which doesn't work on Windows 7, for example.
This is not an issue with other openvpn binaries,
since we bundle C runtime, but it is not yet available
during installation.
Change-Id: Ib2b014f075908e7db0d9115abaa2240e47fd27b9
I had this problem on both arm64 and x64 machines and CMake patch
fixed it. So I'd also go with that.
to 6. heinäk. 2023 klo 13.46 Arne Schwabe (a...@rfc2549.org) kirjoitti:
>
> Am 06.07.23 um 12:21 schrieb Frank Lichtenheld:
> > On Thu, Jul 06, 2023 at 12:04:07PM +0200, Frank Lichtenheld wrote:
Hi,
> It looks much simpler to write the above 5 lines as
>
> _stprintf_s(name, name_len, TEXT("%ls #%d"), base_name, i)
Agreed.
> If (adapter_name) is false, we reach here with iResult not set, but it gets
> referenced below. Add an else { iResult = 1; } or initialize iResult to 1 at
> top?
From: Lev Stipakov
At the moment if --name is not specified, adapter names
are generated by Windows and they look a bit confusing
like "Local Area Connection 2".
This is also behavior of "Add a new virtual network
adapter" shortcuts.
This makes tapctl generate d
From: Lev Stipakov
At the moments WINS servers are set either:
- via DHCP, which works only for tap-windows6 driver
- via netsh when running without interactice service
This means that in 2.6 default setup (interactive service and dco)
WINS is silently ignored.
Add WINS support for non-DHCP
Looks good, makes sense. Test-compiled locally.
Acked-by: Lev Stipakov
pe 28. heinäk. 2023 klo 16.10 flichtenheld (Code Review)
(ger...@openvpn.net) kirjoitti:
>
> flichtenheld has uploaded this change for review.
>
> View Change
>
> options: Do not hide variables from parent
This doesn't change anything (apart from lzo includes) in existing
build systems, so looks harmless. I have looked closer at the CMake
changes in the follow-up patch.
Acked-by: Lev Stipakov
ti 20. kesäk. 2023 klo 16.55 Frank Lichtenheld (fr...@lichtenheld.com)
kirjoitti:
>
> From: Arne S
I have looked at the MSVC part and gave some suggestions, which are
now implemented.
I also tested openvpn.exe, openvpnserv.exe and tapctl.exe binaries - looks good.
Acked-by: Lev Stipakov
ti 20. kesäk. 2023 klo 16.55 Frank Lichtenheld (fr...@lichtenheld.com)
kirjoitti:
>
> This is
-by: Lev Stipakov
ti 20. kesäk. 2023 klo 16.54 Frank Lichtenheld (fr...@lichtenheld.com)
kirjoitti:
>
> So that we get reproducible builds.
>
> Change-Id: Iffdd3ac5f266cc7d592ab678afc14c122acbb351
> Signed-off-by: Frank Lichtenheld
> ---
> CMakeLists.txt | 1 +
> 1 f
It would be nice to see the reason for the version bump in the commit message.
Anyway, GHA is happy with this.
Acked-by: Lev Stipakov
ti 20. kesäk. 2023 klo 16.54 Frank Lichtenheld (fr...@lichtenheld.com)
kirjoitti:
>
> Change-Id: I4183edacc0295e9671c586cfcd77cf687015a22c
> S
From: Lev Stipakov
By default CMake links C runtime dynamically,
which doesn't work on Windows 7, for example.
This is not an issue with other openvpn binaries,
since we bundle C runtime, but it is not yet available
during installation.
Change-Id: Ib2b014f075908e7db0d9115abaa2240e47fd27b9
Hi,
My understanding is that this is related to
https://github.com/OpenVPN/openvpn-gui/issues/626#issuecomment-1546934297
since normally we use string representation of HANDLE value
as an event name.
Looks good to me. Also compiled and tested.
Acked-by: Lev Stipakov
ti 16. toukok. 2023 klo
From: Lev Stipakov
With --dev-node on Windows, one can specify GUID
of the adapter openvpn should use. Those can be listed with:
C:\Program Files\OpenVPN\bin>openvpn.exe --show-adapters
While on it, remove "TAP-WIN32 / Wintun" from --show-adapters output.
Fixes https://githu
From: Lev Stipakov
At the moment if --name is not specified, adapter names
are generated by Windows and they look a bit confusing
like "Local Area Connection 2".
This is also behavior of "Add a new virtual network
adapter" shortcuts.
This makes tapctl generate d
From: Lev Stipakov
At the moment if --name is not specified, adapter names
are generated by Windows and they look a bit confusing
like "Local Area Connection 2".
This is also behavior of "Add a new virtual network
adapter" shortcuts.
This makes tapctl generate d
directory)
- System directory
Loading from UNC paths is disallowed.
Note: This change affects only Windows environments.
CVE: 2024-27903
Change-Id: I154a4aaad9242c9253a64312a14c5fd2ea95f40d
Reported-by: Vladimir Tokarev
Signed-off-by: Lev Stipakov
Acked-by: Selva Nair
---
src/openvpn
terminate the misbehaving process if the peeked message
size exceeds the maximum allowable size.
CVE: 2024-27459
Microsoft case number: 85932
Reported-by: Vladimir Tokarev
Change-Id: Ib5743cba0741ea11f9ee62c4978b2c6789b81ada
Signed-off-by: Lev Stipakov
Acked-by: Heiko Hund
---
v2: added CVE
terminate the misbehaving process if the peeked message
size exceeds the maximum allowable size.
Reported-by: Vladimir Tokarev
Change-Id: Ib5743cba0741ea11f9ee62c4978b2c6789b81ada
Signed-off-by: Lev Stipakov
Acked-by: Heiko Hund
---
src/openvpnserv/interactive.c | 35
privileged interactive service on a victim machine
and start openvpn processes remotely.
CVE: 2024-24974
Microsoft case number: 85925
Reported-by: Vladimir Tokarev
Change-Id: I8739c5f127e9ca0683fcdbd099dba9896ae46277
Signed-off-by: Lev Stipakov
Acked-by: Heiko Hund
---
v2: add CVE and MSFT c
privileged interactive service on a victim machine
and start openvpn processes remotely.
Reported-by: Vladimir Tokarev
Change-Id: I8739c5f127e9ca0683fcdbd099dba9896ae46277
Signed-off-by: Lev Stipakov
Acked-by: Heiko Hund
---
src/openvpnserv/interactive.c | 2 +-
1 file changed, 1 insertion(+),
Tokarev
Change-Id: Ib5743cba0741ea11f9ee62c4978b2c6789b81ada
Signed-off-by: Lev Stipakov
Acked-by: Heiko Hund
---
src/openvpnserv/interactive.c | 33 -
1 file changed, 20 insertions(+), 13 deletions(-)
diff --git a/src/openvpnserv/interactive.c b/src/openvpnserv
701 - 743 of 743 matches
Mail list logo
