Re: [Openvpn-devel] build against openssl 1.1.0

Am 17.02.2017 um 17:35 schrieb Emmanuel Deloget: > I understand that I'm the new guy in town, but can you allow me to > make the formal request to ditch OpenSSL 0.9.8, 1.0.0 and 1.0.1 and > require at least version 1.0.2? 1.0.1 has also gone out of support, and I propose to let the distros sort

Re: [Openvpn-devel] build against openssl 1.1.0

Am 13.02.2017 um 20:50 schrieb Christian Hesse: > And a lot more has to be done... There's a long list of packages to be > fixed. Sadly openssl developers do not care about ABI and API stability > or compatibility. :( Much frustration can be muttered and uttered about OpenSSL and more so of its

Re: [Openvpn-devel] OpenVPN 2.3.12 released

Please - instead of my patch, use Steffan Karger's, subject "[PATCH] Fix unittests for out-of-source builds" of 2016-08-15. Thanks. -- ___ Openvpn-devel mailing list

Re: [Openvpn-devel] Protocol Change policy

to go. Anything else adds too much complexity. -- Matthias Andree pgpeQ6M1nzUJe.pgp Description: PGP signature

Re: [Openvpn-devel] use extv3 extensions such as subjectAltName as common_name

ilure (aka "return false;") and the caller deals with that in case there are embedded NULs, IOW strlen() != ia5.size. For safer example code, see, for instance, the strlen vs. length comparison at <http://gitorious.org/fetchmail/fetchmail/blobs/846ffbb938c7ecf6819a5c3b844adf306bf87f02/socket.c#line682> -- Matthias Andree

Re: [Openvpn-devel] use extv3 extensions such as subjectAltName as common_name

Am 30.11.2010 16:50, schrieb Matthias Andree: > Make sure that the extraction reports failure (aka "return false;") and the > caller deals with that in case there are embedded NULs, IOW strlen() != > ia5.size. That ia5.size should be read as "ia5->length". Sorry

Re: [Openvpn-devel] Documentation and alternative SSL backend patches

most distro switch from openssl to nss. is there any reason you switch > to polarssl in stead of nss? > What do you base the "most distro" assessment on? Are you aware of any website discussing the advantages of the "big" SSL providers (OpenSSL, Mozilla NSS, GnuTLS, PolarSSL, CyaSSL, ...)? -- Matthias Andree

Re: [Openvpn-devel] Error C2010 in openvpnserv.c during VS2008 build

Am 04.12.2010 03:55, schrieb Matthias Andree: > Am 03.12.2010 16:22, schrieb Samuli Seppänen: >> Hi, >> >> I've managed to extend the Python build system so that it now tries to >> build the Windows service wrapper, "openvpnserv.exe", after building >>

Re: [Openvpn-devel] Error C2010 in openvpnserv.c during VS2008 build

ed on IRC with David Sommerseth and yourself on 2010-12-04 around 11:08 UTC that we deem it unnecessary to keep GCC < 3.0 compatibility for this new Windows-only code. Best -- Matthias Andree >From 0374c641d4086dfea91bd64c22bb5280bbddf346 Mon Sep 17 00:00:00 2001 From: Matthias Andree <matt

[Openvpn-devel] [PATCH] Remove excess semicolon (invalid C99).

Signed-off-by: Matthias Andree <matthias.and...@gmx.de> --- misc.h |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/misc.h b/misc.h index 3f22ca0..f449601 100644 --- a/misc.h +++ b/misc.h @@ -143,7 +143,7 @@ openvpn_run_script (const struct argv *a, const struct e

Re: [Openvpn-devel] [PATCH] Remove excess semicolon (invalid C99).

Am 04.12.2010 14:02, schrieb Matthias Andree: > Signed-off-by: Matthias Andree <matthias.and...@gmx.de> > --- > misc.h |2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) This applies to the beta2.2 branch and affects this code section: 138 139 static

Re: [Openvpn-devel] [Patch] OpenVPN PolarSSL PKCS #11 Support Preview [8/8]

ree to ask details if you can't get to terms with the Git tutorials or my comments. Best regards -- Matthias Andree

Re: [Openvpn-devel] [Patch] OpenVPN PolarSSL PKCS #11 Support Preview [8/8]

I'm holding off > until I get the go ahead on the stability of the tree though :). Hi Adriaan, I seem to recall that Mercurial also has some kind of email command or extension, however, I don't know if plays together with MQ. HTH -- Matthias Andree

Re: [Openvpn-devel] [Patch] OpenVPN PolarSSL Support Preview [7/8]

> > Having the branch in git allows iterating over the commits with great > ease. OTOH, Adriaan has the patches in Mercurial Queues for now, so let's not waste time discussing this over and over again. :) -- Matthias Andree

Re: [Openvpn-devel] [OpenVPN 2.1.4 BUG]: hard-coded values in Makefiles for down-root and auth-pam plugins prevent cross compilation

Am 26.12.2010 18:32, schrieb Mr Dash Four: > Due to the fact that I have spent the last two and a half hours trying > to find a place where to submit a bug report via the Trac system > (https://community.openvpn.net/openvpn) - and failing, miserably so - I > am submitting it here! > > In this

Re: [Openvpn-devel] [OpenVPN 2.1.4 BUG]: hard-coded values in Makefiles for down-root and auth-pam plugins prevent cross compilation

Am 30.12.2010 22:04, schrieb Mr Dash Four: > >> I think it would be good to integrate this with automake if the whole >> setup is >> to be integrated and these plugins are supposed to be built more or >> less officially. >> > Yep, that's what I meant. Better still, autogen can be utilised to

Re: [Openvpn-devel] [PATCH] Changed snprintf to _snprintf in service-win32/openvpnserv.c

Am 05.01.2011 14:21, schrieb Samuli Seppänen: > This fixes a generic Windows/VC++ issue: > > > > Does this change affect the automake/gcc-based Windows builds? NAK. Do not mess with the

[Openvpn-devel] [PATCH 2/2] Hook auth-pam and down-root to the build.

y link the plugin +dnl statically, but I suppose that takes changes to plugin.? code, +dnl too. -- Matthias Andree, 2011-01-06 if test "${WIN32}" = "yes"; then AC_ARG_VAR([MAN2HTML], [man2html utility]) @@ -379,7 +385,9 @@ if test "${WIN32}" != "yes&q

[Openvpn-devel] [PATCH 1/2] Cleanup: move AC_GNU_SOURCE to quench autotools warnings.

--- configure.ac |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/configure.ac b/configure.ac index e30f990..e1ca65e 100644 --- a/configure.ac +++ b/configure.ac @@ -32,6 +32,7 @@ AC_CONFIG_SRCDIR(syshead.h) dnl Guess host type. AC_CANONICAL_HOST +AC_GNU_SOURCE

[Openvpn-devel] beta2.2: automake support for plugin build

Greetings, this is the beta2.2 patch pair for hooking the auth-pam and down-root plugins to the build. The bugfix2.1 patch pair has been sent earlier. Looking for review, ACK and NAK. Best regards Matthias

[Openvpn-devel] [PATCH 1/2] Cleanup: move AC_GNU_SOURCE to quench autotools warnings.

--- configure.ac |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/configure.ac b/configure.ac index 4777108..529abd3 100644 --- a/configure.ac +++ b/configure.ac @@ -32,6 +32,7 @@ AC_CONFIG_SRCDIR(syshead.h) dnl Guess host type. AC_CANONICAL_HOST +AC_GNU_SOURCE

[Openvpn-devel] [PATCH 2/2] Hook auth-pam and down-root to the build.

o plugin.? code, +dnl too. -- Matthias Andree, 2011-01-06 if test "${WIN32}" = "yes"; then AC_ARG_VAR([MAN2HTML], [man2html utility]) @@ -373,7 +379,9 @@ if test "${WIN32}" != "yes"; then netinet/tcp.h arpa/inet.h dnl

[Openvpn-devel] bugfix2.1: automake support for plugin build

Greetings, following up the "[OpenVPN 2.1.4 BUG]: hard-coded values in Makefiles for down-root and auth-pam plugins prevent cross compilation" bug, I am providing patches for review and test in cross-compilation environments. I have tested these on native compiles with Ubuntu Linux 10.10 32-bit,

Re: [Openvpn-devel] bugfix2.1: automake support for plugin build

Am 06.01.2011 21:42, schrieb Mr Dash Four: > >> I suppose you need to modify the .spec file to make sure you're running >> autoreconf twice up front (or libtoolize, aclocal, autoconf, automake, >> possibly autoheader). >> >> Note you'll want to remove the .la files from the destdir, and list the

Re: [Openvpn-devel] bugfix2.1: automake support for plugin build

gt; LDFLAGS are hard-coded (which is very bad program practice by the way) > in a propriety Makefile as is the case with the OpenVPN plugins. Which means that it's still somehow in your build. -- Matthias Andree

Re: [Openvpn-devel] further mysnprintf discussion (was: Summary of the IRC meeting (6th Jan 2011))

ts #include "..."-d by buffer.c and by service-win32/openvpnserv.c, then at least you don't have the headaches to remember to change two places when fixing a bug. HTH & best regards -- Matthias Andree

Re: [Openvpn-devel] OpenVPN documentation (man page) review

ually reduces confusion this way. Basically what you want is more (a) a concise HOWTO (more or less in place on the website), and (b) an exhaustive reference, no? -- Matthias Andree

Re: [Openvpn-devel] OpenVPN documentation (man page) review

t; little bit more as well. And needs to be system-specific in that very instant because the tools are. > Another thing, just as a side note, easy-rsa could really use a man page > as well. True enough, but better placed in a separate thread on the lists, and I suppose you'll collect volunteers much more easily for this much smaller project :) -- Matthias Andree

Re: [Openvpn-devel] configure not finding lzo (Solaris, NetBSD)

; fixed? Same story on FreeBSD. Should be fixed, but those fixes likely belong into autoconf proper, rather than each and every package that uses autoconf. Such workarounds don't belong into OpenVPN. Until that time, passing CPPFLAGS and LDFLAGS on the ./configure command line like ./configure CPPFLAGS=-I/usr/local/include LDFLAGS=-L/usr/local/lib would do the trick. -- Matthias Andree

Re: [Openvpn-devel] configure not finding lzo (Solaris, NetBSD)

th-lzo-lib=..." - but I still wonder if > life shouldn't be easier for the 95%-case on a given distribution. The 95% case on a given distribution is that the distributor packages OpenVPN and the user doesn't care beyond that point. > "If other packages can get this automatically, why do we need switches > for OpenVPN"? Document that and be done. It helps the user much more than convenience hacks. -- Matthias Andree

Re: [Openvpn-devel] [PATCH 1/1] Fix warning: format not a string literal and no format arguments

Good catch, patch approved. -- Matthias Andree

Re: [Openvpn-devel] [PATCH] fix 2.2.0 build failure when management interface disabled

and that is obviously only needed if management > is enabled. > > So: ACK from me. > > Samuli: we need buildbot variants with/without management, it seems... Cutting down complexity (i. e. cutting out branches in the decision and/or option trees) is going to help more than just trying to cure the symptoms. -- Matthias Andree

Re: [Openvpn-devel] [PATCH] Fixes to easy-rsa/2.0

Am 30.06.2011 09:59, schrieb sam...@openvpn.net: > From: Samuli Seppänen > > As support for OpenSSL 1.0.0 requires a modified openssl.cnf file, it was > decided to rename openssl.cnf to openssl-1.0.0.cnf for clarity and better > support of different OpenSSL versions. The old

Re: [Openvpn-devel] [PATCH] Fixes to easy-rsa/2.0

Am 01.07.2011 10:26, schrieb David Sommerseth: > Agreed, and we decided yesterday in the developers meeting to remove 0.9.6 > support. However we found it better to remove that support first in > OpenVPN 2.3, as we will then go through the source code and remove all > 0.9.6 related stuff in the

Re: [Openvpn-devel] [PATCH] Fixes for the plugin system:

Am 07.07.2011 09:27, schrieb Adriaan de Jong: > - Removed the dependency on an SSL library for USE_SSL when creating non-SSL > plugins > - Fixed example plugin code to include USE_SSL when needed > > Signed-off-by: Adriaan de Jong > diff --git a/openvpn-plugin.h

Re: [Openvpn-devel] [PATCH] Further improvements to plugin support:

Am 07.07.2011 10:19, schrieb Adriaan de Jong: > - Renamed struct entries to explicitly show them as disabled > - Added a warning if USE_SSL is enabled, but neither ssl_verify_openssl.h or > ssl_verify_polarssl.h is included > - If neither of those files is included, disable ssl support for a

[Openvpn-devel] [PATCH] Skip rather than fail test in addressless FreeBSD jails.

Signed-off-by: Matthias Andree <matthias.and...@gmx.de> --- t_cltsrv.sh |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/t_cltsrv.sh b/t_cltsrv.sh index 808d719..5bcbfc7 100755 --- a/t_cltsrv.sh +++ b/t_cltsrv.sh @@ -33,7 +33,7 @@ case `uname -s` in

Re: [Openvpn-devel] configure patch for MacOS 10.7

Am 07.02.2012 11:24, schrieb Gert Doering: > Hi, > > I'm forwarding this "as-is", as I do not have enough understanding of > autoconf to say whether this is necessary, or "the right fix" - but > anyway, I've been told that this is needed to make our configure > behave on MacOS 10.7. Looks

[Openvpn-devel] [PATCH] Enable TCP_NODELAY configuration on FreeBSD.

Listening for incoming TCP connection on [undef] Sat Jan 12 13:39:18 2013 Socket flags: TCP_NODELAY=1 succeeded Obtained from: https://community.openvpn.net/openvpn/ticket/158 Credits to: M. Nottebrock Signed-off-by: Matthias Andree <matthias.and...@gmx.de> --- src/openvpn/syshead.h | 4

Re: [Openvpn-devel] OpenVPN 2.3.0 released

Am 08.01.2013 15:14, schrieb Samuli Seppänen: > The OpenVPN community project team is proud to release OpenVPN > 2.3.0. It can be downloaded from here: > > > > This release includes two bug fixes. A full list of changes is available >

Re: [Openvpn-devel] fix build with automake 1.13(.1)

Am 08.01.2013 09:39, schrieb Christian Hesse: > AM_CONFIG_HEADER has been deprecated for some time, finally it is removed on > automake 1.13. The attached patch replaces it with AC_CONFIG_HEADERS and > fixes build process with latest automake. Please apply. ACK. signature.asc Description:

Re: [Openvpn-devel] [PATCH] Enable TCP_NODELAY configuration on FreeBSD.

Am 12.01.2013 21:13, schrieb Gert Doering: > Hi, > > On Sat, Jan 12, 2013 at 01:41:17PM +0100, Matthias Andree wrote: >> The missing #include causes a defined(TCP_NODELAY) to >> fail. I have added the patch to the FreeBSD ports OpenVPN 2.2.2 and >> 2.3.0, and confirm

[Openvpn-devel] easy-rsa status?

Greetings, I have just added the easy-rsa package to the FreeBSD ports collection, security/easy-rsa, and security/openvpn is now optionally (default: yes) depending on security/easy-rsa so people get this, as they did with 2.2.2. However, I found it hard to collect together the few scattered

Re: [Openvpn-devel] compiling with visual studio

Am 16.01.2013 11:11, schrieb Gert Doering: > Hi, > > On Tue, Jan 15, 2013 at 09:03:07PM +0200, Athanasios Douitsis wrote: >> Trying to compile 2.3 with visual studio 2010. I am getting the following >> error: >> >> init.c(186): error C2143: syntax error : missing ';' before 'type' >>

Re: [Openvpn-devel] [PATCH 3/3] PolarSSL-1.2 support

Is there any important system where requiring PolarSSL >= 1.2.3 is not an option, besides "admin is too lazy or can't convince his manager that he needs to upgrade"? This #ifdef stuff makes the whole story a bit inconcise. It might be suitable for 2.3.X, but not to base 2.4 or newer releases on.

Re: [Openvpn-devel] [PATCH 3/3] PolarSSL-1.2 support

Am 21.01.2013 14:23, schrieb Gert Doering: > Hi, > > just for the sake of those not following the discussion on IRC... > > On Mon, Jan 21, 2013 at 11:23:17AM +0100, Gert Doering wrote: >> I'm more concernced about maintainability of the OpenVPN code base, and >> having more #ifdef in there is

Re: [Openvpn-devel] Topics for next weeks meeting

Am 10.04.2013 13:47, schrieb Samuli Seppänen: > Hi all, > > After a fairly long pause, the community meetings are starting again. > Next one is on Thursday 18th Apr 2013. The preliminary agenda is here: > > > > Best regards, >

Re: [Openvpn-devel] RFD - block-ipv6

Am 17.08.2013 12:30, schrieb Gert Doering: > So, what I'm hoping to hear from you... > > - should we include this in 2.3.3? > - if yes, are changes needed? Well, it would take huge warning banners because it might disrupt existing setups (which would be insecure through the "connect around

Re: [Openvpn-devel] [PATCH] t_client.sh: Check for fping/fping6 availability

Am 15.11.2013 18:12, schrieb David Sommerseth: > From: David Sommerseth > > Check if fping and fping6 is available before running the real tests, > to avoid misleading test failures. > > Signed-off-by: David Sommerseth > --- > tests/t_client.sh.in | 12

Re: [Openvpn-devel] [PATCH] Support non-ASCII characters in Windows tmp path

I also found http://moser-isi.ethz.ch/docs/english_verb_inf_ing.pdf after my earlier post.

Re: [Openvpn-devel] Openvpn 2.3.2: "Could not create temporary file" ....Too many open files

Am 23.07.2014 08:19, schrieb arno.oderm...@ch.schindler.com: > Dear both, > > thank you for your reply. > Yes, we are using the "--client-connect" and according to 2.3 OpenVPN > manual (see section below) it does create files by writing to "file > named by $1." > > Gert, we are sure, there was

[Openvpn-devel] AES-NI trouble, and patch - please review/comment

Greetings, I received a bug report against the FreeBSD OpenVPN port, but before applying a patch (by Ermal Luçi) I do not currently oversee, I would like your input. https://redmine.pfsense.org/issues/3966 original https://community.openvpn.net/openvpn/ticket/480 copy

Re: [Openvpn-devel] [PATCH] configure.ac: fix default behavior

Am 22.11.2014 um 10:43 schrieb Steffan Karger: > Hi Yegor, > > On 21-11-14 20:43, Yegor Yefremov wrote: >> This patch is a result of our IRC discussion with Arne. Alternative >> approach were to always build with password-save functionality without >> configure option at all. > > Thanks for the

Re: [Openvpn-devel] AES-NI trouble, and patch - please review/comment

Am 18.11.2014 um 23:46 schrieb Matthias Andree: > Greetings, > > I received a bug report against the FreeBSD OpenVPN port, but before > applying a patch (by Ermal Luçi) I do not currently oversee, I would > like your input. > > https://redmine.pf

Re: [Openvpn-devel] Topics for next week's (Monday, 30th Mar 2015) community meeting

Am 23.03.2015 um 20:21 schrieb Samuli Seppänen: > Hi, > > We're going to have an IRC meeting _next_ Monday, 30th March, starting > at 20:00 CET (19:00 UTC) on #openvpn-de...@irc.freenode.net. Current > topic list along with basic information is here: > >

[Openvpn-devel] [PATCH] Manual page update for Re-enabled TLS version negotiation.

Signed-off-by: Matthias Andree <matthias.and...@gmx.de> --- doc/openvpn.8 | 13 - 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/doc/openvpn.8 b/doc/openvpn.8 index a95d353..1420bdd 100644 --- a/doc/openvpn.8 +++ b/doc/openvpn.8 @@ -4286,16 +4286,19 @@ includ

Re: [Openvpn-devel] [PATCH] Re-enable TLS version negotiation by default

Am 10.03.2015 um 20:26 schrieb Steffan Karger: > Re-enable TLS version negotiation by default, so that users > benefit from the stronger and better crypto of TLSv1.1 and > TLSv1.2, without having to add 'tls-version-min' to their > config files. > > We tried this before in 2.3.3, but got various

Re: [Openvpn-devel] [PATCH] Remove useless dash escapes from the man-page

Am 31.03.2015 um 08:44 schrieb sam...@openvpn.net: > From: Samuli Seppänen > > This patch is against the release/2.3 branch > > Trac: 512 > Signed-off-by: Samuli Seppänen > --- > doc/openvpn.8 | 1800 >

Re: [Openvpn-devel] [PATCH] m4: enable silent build

Am 14.04.2015 um 20:34 schrieb Yegor Yefremov: > Signed-off-by: Yegor Yefremov > --- > configure.ac | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/configure.ac b/configure.ac > index 9132468..ca0d9c3 100644 > --- a/configure.ac > +++ b/configure.ac > @@

Re: [Openvpn-devel] [PATCH] m4: enable silent build

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am 27.04.2015 um 16:48 schrieb David Sommerseth: > Having this said, if you do builds on systems with a more modern > automake, I do want to encourage people to run 'make V=0' or use > ./configure --enable-silent-rules. This will ensure we can

Re: [Openvpn-devel] [PATCH] Remove useless dash escapes from the man-page

Am 29.04.2015 um 14:07 schrieb David Woodhouse: > On Tue, 2015-03-31 at 09:19 +0200, Matthias Andree wrote: >> I am concerned this will cause misformattings and inability to search >> for options with leading dashes on some systems - I don't recall >> versions, but I do know t

Re: [Openvpn-devel] SIGSEGV (NULL ptr deref) in PolarSSL-based build if noTLS ciphers specified (was: OpenVPN 2.3.11 released)

Am 10.05.2016 um 12:06 schrieb Samuli Seppänen: > The OpenVPN community project team is proud to release OpenVPN 2.3.11. > It can be downloaded from here: > > > > This release fixes two vulnerabilities: a port-share bug with DoS >

Re: [Openvpn-devel] [PATCH v2 (2.3)] Restrict default TLS cipher list

Am 17.04.2016 um 20:23 schrieb Steffan Karger: > In the past years, the internet has been moving forward wrt deprecating > older and less secure ciphers. Let's follow this example in OpenVPN and > also restrict the default list of negotiable TLS ciphers in 2.3.x. > > This disables the following:

Re: [Openvpn-devel] [PATCH applied] Re: Fix polarssl / mbedtls builds

Am 13.05.2016 um 09:32 schrieb Gert Doering: > ACK. Tested on FreeBSD 9.3, all 3 tests in "make check", works. > > It is in line with the much better tested code in master, and with the > man page: > > "The default for --tls-cipher is to use PolarSSL's default cipher > list when using

Re: [Openvpn-devel] OpenVPN 2.3.11 released

Am 10.05.2016 um 12:06 schrieb Samuli Seppänen: > The OpenVPN community project team is proud to release OpenVPN 2.3.11. > It can be downloaded from here: > > > > This release fixes two vulnerabilities: a port-share bug with DoS >

Re: [Openvpn-devel] Valgring findings

Am 07.06.2016 um 15:47 schrieb Илья Шипицин: > Hello, > > I played with valgrind a bit > > https://travis-ci.org/chipitsine/openvpn/jobs/135869065 > > Looks like there are leaks in openssl code, should we suppress it? Not that I've found the "leaks" you're reporting; however: I seem to recall

Re: [Openvpn-devel] OpenVPN 2.3.12 released

Please - instead of my patch, use Steffan Karger's, subject "[PATCH] Fix unittests for out-of-source builds" of 2016-08-15. Thanks. -- ___ Openvpn-devel mailing list

Re: [Openvpn-devel] Protocol Change policy

to go. Anything else adds too much complexity. -- Matthias Andree pgpeQ6M1nzUJe.pgp Description: PGP signature

Re: [Openvpn-devel] OpenVPN Project Update

o further maximize its huge revenues, should not be supported by OpenSource developers. If your opinion differs from mine, that's called freedom. :-) -- Matthias Andree

Re: [Openvpn-devel] Another pre-1.3.2 beta

On Sun, 20 Oct 2002, James Yonan wrote: > Changes since last beta: > > * Added inetd/xinetd support (--inetd) including > documentation in the HOWTO. Works for me. Thanks.

Re: [Openvpn-devel] Pre-1.3.3 beta available for testing

ing cvs rm -f mkinstalldirs cvs commit -m "Remove generated files from CVS." -- Matthias Andree

Re: [Openvpn-devel] Pre-1.3.3 beta available for testing

/tmp/openvpn/openvpn.c:346: structure has no member named `packet_id_file' /home/ma/tmp/openvpn/openvpn.c:347: structure has no member named `packet_id_file' /home/ma/tmp/openvpn/openvpn.c: In function `main': /home/ma/tmp/openvpn/openvpn.c:1730: storage size of `pid_persist' isn't known -- Matthias Andree

Re: [Openvpn-devel] Pre-1.3.3 beta available for testing

On Wed, 19 Feb 2003, Matthias Andree wrote: > On Sun, 16 Feb 2003, James Yonan wrote: > > > Beta is available on CVS as well as here: > > > > http://openvpn.sourceforge.net/beta/openvpn-1.3.2.9.tar.gz > > I tried the current CVS as of some minutes ago o

Re: [Openvpn-devel] Pre-1.3.3 beta available for testing

OK, here is a full patch for your convenience without the "apply on top" junk, with this patch, the current CVS compiles on: SuSE Linux 7.3 x86 gcc 2.95.3 SuSE Linux 8.1 x86 gcc 3.2 FreeBSD 4-STABLE x86 gcc 2.95.3+FreeBSD Solaris 8 Sparc gcc 2.95.3 Solaris 8 Sparc SunPro Workshop 6. The unfixed

Re: [Openvpn-devel] Pre-1.3.3 beta available for testing

On Wed, 19 Feb 2003, James Yonan wrote: > Hey, thanks for the patch and all the testing work on different platforms. You're welcome. I thought if I give it a whirl, I'd spin it until it was dizzy :-) > You raise a number of good points which I will address below: There were more warnings that

Second half of variadic macro fix (was: [Openvpn-devel] Pre-1.3.3 beta available for testing)

Dear Jim, this second patch completes the varargs stuff. Tested on all machines I listed last time, and SUNpro 6 is very happy with the ISO C99 stuff and uses the macro (rather than the function). I tried to force the function underneath gcc 2.95 (edited config.cache, ran ./config.status

Re: [Openvpn-devel] First half of macro-vs-function hacks (was: Pre-1.3.3 beta available for testing)

t has ./configure > already generated, so that openvpn can be built and installed with the > usual "./configure && make && make install"? The canonical way is: make distcheck If you're absolutely confident it works, because you just changed documentation, "make dist" will suffice. -- Matthias Andree

Re: [Openvpn-devel] New pre-1.3.3 beta

ou intend to silence the warnings or are you interested to see them? I think they're harmless but annoying. Other than that, it compiles on FreeBSD 4.8-RC x86 and Solaris 8 sparc (32-bit mode), on the latter with Sun's compiler and gcc 2.95. -- Matthias Andree

Re: [Openvpn-devel] New pre-1.3.3 beta

On Sat, 15 Mar 2003, James Yonan wrote: > Yes, I think we should try to fix if it's only a trivial cast involved to > silence the warning. > > I don't see them on gcc 2.96, even with "-Wall -W -Wpointer-arith > -Wsign-compare -Winline". Indeed, it takes the sun compiler or the even more picky

[Openvpn-devel] Re: New beta available + progress update

read_number(void) { return (!x_main_thread_id || pthread_self () == x_main_thread_id) ? MAIN_THREAD : WORK_THREAD; } @@ -100,11 +100,11 @@ } } -void thread_init(); -void thread_cleanup(); +void thread_init(void); +void thread_cleanup(void); void work_thread_create (void *(*start_routine) (void *), void* arg); -void work_thread_join (); +void work_thread_join (void); #else /* USE_PTHREAD */ Index: tun.c === RCS file: /cvsroot/openvpn/openvpn/tun.c,v retrieving revision 1.28 diff -u -r1.28 tun.c --- tun.c 17 Apr 2003 07:12:16 - 1.28 +++ tun.c 17 Apr 2003 10:51:22 - @@ -417,7 +417,7 @@ int fd; if ((fd = socket(PF_INET, SOCK_DGRAM, 0)) < 0) - msg (M_WARN, "Cannot open control_fd", dev); + msg (M_WARN, "Cannot open control_fd"); else { strncpynt (r.ifr_name, tt->actual, IFNAMSIZ); Index: tun.h === RCS file: /cvsroot/openvpn/openvpn/tun.h,v retrieving revision 1.20 diff -u -r1.20 tun.h --- tun.h 17 Apr 2003 07:12:16 - 1.20 +++ tun.h 17 Apr 2003 10:51:22 - @@ -88,7 +88,7 @@ #define IFCONFIG_DEFAULT 1 static inline int -ifconfig_order() +ifconfig_order(void) { #if defined(TARGET_LINUX) return IFCONFIG_AFTER_TUN_OPEN; -- Matthias Andree

[Openvpn-devel] Re: New beta available + progress update

} static inline void -work_thread_join () +work_thread_join (void) { } -- Matthias Andree

Re: [Openvpn-devel] Re: New beta available + progress update

On Thu, 17 Apr 2003, James Yonan wrote: > The nice part about a radio link is that it is probably under your control, > meaning that you can ensure that ICMPs get properly passed. This allows path > MTU discovery to work and therefore solves a lot of the harder problems. Well, at least for the

Re: [Openvpn-devel] Fwd: RE: Multi-channel VPN

On Fri, 18 Apr 2003, James Yonan wrote: > I'm forwarding this discussion of an interesting feature request. Namely, > could (and should) OpenVPN have a channel bonding capability, where more than > one UDP connection over different paths is used to connect two peers, and > OpenVPN does channel

[Openvpn-devel] TCP-over-TCP (was: Multi-channel VPN)

ongested links, but I haven't compared vpnd to openvpn. (And I've found vtund to be fragile, a single ping -f into a tunnel usually let the tunnel collapse on Linux. OpenVPN is solid in these circumstances.) -- Matthias Andree

Re: [Openvpn-devel] TCP-over-TCP (was: Multi-channel VPN)

s into dgram sockets for connections that use the tunnel is sufficient. However, this doesn't actually apply to openvpn because openvpn does TCP-over-UDP. -- Matthias Andree

Re: [Openvpn-devel] TCP-over-TCP (was: Multi-channel VPN)

ply byte streams flowing over the TUN pipe. They > can be filtered without resorting to raw sockets or any other such potentially > unportable constructs. Only that OpenVPN would have to parse the TCP protocol for IPv4 and IPv6. -- Matthias Andree

Re: [Openvpn-devel] Openvpn for RH62 - eek!

On Fri, 02 May 2003, James Yonan wrote: > How do most other initialization scripts handle the differences between bash 1 > and 2? Do they just restrict themselves to the least common denominator (a)? Yes. /bin/sh is standardized; Solaris for some strange reason ship b0rked year-old stuff though

Re: [Openvpn-devel] Fwd: Re: comp-lzo and licensing issues

> If OpenSSL is in the base system of FreeBSD, then there shouldn't be any > problem linking LZO with it. > You could also allow OpenVPN binaries without LZO support (as I > currently do in Debian). This will break compatibility and is no longer needed in the light of the special permission

Re: [Openvpn-devel] 1.4.0 Released

On Thu, 08 May 2003, James Yonan wrote: > Release Notes: > > This release adds options for persistence of replay protection information > across sessions, pass through of IPv4 TOS bits from the TUN/TAP device to the > UDP link, some advanced MTU control options, moderate revamping of the build >

Re: [Openvpn-devel] Fwd: Bug#182020: openvpn needs dynamic choice on HAVE_LINUX_IF_TUN_H

On Thu, 08 May 2003, James Yonan wrote: > OpenVPN's config script assumes that if 2.4 headers are present (i.e. > if_tun.h), then it should build for the 2.4 tun/tap driver. This may not be true for build hosts of a distributor, who needs the most conservative code if he's still shipping 2.2

Re: [Openvpn-devel] OpenVPN 1.4.2 release candidate, please test

n prototypes causing an implicit type conversion. Most of these are > pretty harmless. > > Anyway, I've fixed them. Thanks. -- Matthias Andree

Re: [Openvpn-devel] Need 1.5 beta testers for *BSD, Linux 2.2, OS X

hink the client would always want to compress data to avoid redundancy-based or "known-plaintext" attacks on the encrypted connection, but anyways.) -- Matthias Andree Encrypt your mail: my GnuPG key ID is 0x052E7D95

Re: [Openvpn-devel] New feature: --ifconfig for tap devices

tap results in: 4: Can't set multiplexor id: No such device or address (errno=6) Did I miss anything? -- Matthias Andree Encrypt your mail: my GnuPG key ID is 0x052E7D95

Re: [Openvpn-devel] New feature: --ifconfig for tap devices

hink it can be done. Tried loading a "tap" or "if_tap" module or something? FreeBSD compiles tap as a module that isn't loaded by default, you need to manually kldload it on FreeBSD. -- Matthias Andree Encrypt your mail: my GnuPG key ID is 0x052E7D95

Re: [Openvpn-devel] Re: [Openvpn-users] Windows tun driver

e don't need Windoze broadcast traffic gated, and "my" Windows boxes hardly generate non-IP traffic. IPX or NetBEUI drivers aren't installed on the Windows machines I maintain. ARP isn't needed. Granted, if you need IGMP, you'll want tap, but I'd guess that the SMB browsing can deal with most

Re: [Openvpn-devel] CVS

c. I was wondering why the trunk hadn't changed :-) -- Matthias Andree Encrypt your mail: my GnuPG key ID is 0x052E7D95

Re: [Openvpn-devel] Re: [Openvpn-users] Problem while compiling openvpn

was a rather unpleasant experience). -- Matthias Andree Encrypt your mail: my GnuPG key ID is 0x052E7D95

[Openvpn-devel] Idea for --ifconfig & co.

Hi, would it be feasible to have openvpn create interfaces (--ifconfig or something) in "down" state until a remote peer connects - unless the tunnel is marked persistent? I know I can do this with scripts, but it might be the natural choice to reflect the tunnel status in interface

[Openvpn-devel] OpenVPN 1.6-beta6 on Windows XP - observations

e configuration and its quirks. Thanks in advance and have a nice week-end, -- Matthias Andree Encrypt your mail: my GnuPG key ID is 0x052E7D95

Re: [Openvpn-devel] OpenVPN 1.6-beta6 on Windows XP - observations

gt; Anzahl", the all-numeric printout with addresses where BSD has interface names isn't helpful, and DNS configuration adds to the confusion. With Samba and "net view \\bigserver", WINS also gets into play and I see packets coming from the wrong and the right source IP... It's not Op

  1   2   3   >