[Openvpn-devel] Radiusplugin fully asynchronous fork with additional patches

by Yafeng Shan * Asynchronous client-connect and instant client-disconnect by me With the latest patch, radiusplugin won't stall OpenVPN's main thread when clients are connecting or disconnecting. https://github.com/ValdikSS/openvpn-radiusplugin Asynchronous client-connect requires additional

Re: [Openvpn-devel] russian language fixes

I posted the similar patch a year ago directly to openvpn-gui sourceforge page and it seems to be gone. So please apply this. On 06.10.2015 11:45, Anatoly Pugachev wrote: > > Hello! > > Can you please apply patch from trac ticket 446. Thanks. > > https://community.openvpn.net/openvpn/ticket/446

Re: [Openvpn-devel] [PATCH] Do not set the buffer size by default but rely on the operation system default.

On 11.10.2015 17:25, Steffan Karger wrote: > On Sun, Oct 11, 2015 at 3:47 PM, Arne Schwabe wrote: > Nice, changelog entries! But, 65k should be 64k. > > Am I right that it was tested that this indeed results in using > operating system defaults? Yes. > > -Steffan > >

Re: [Openvpn-devel] Creating a Windows team for OpenVPN?

By the way, there is an open-source SecurePoint VPN client (https://sourceforge.net/projects/securepoint/) which handles current versions of Windows very well. And here is my list of available open-source OpenVPN GUIs: https://gist.github.com/ValdikSS/9d7b13b5ef510c6b6d45#file-openvpn-guis-md

[Openvpn-devel] [PATCH] Add Windows DNS Leak fix using WFP ('block-outside-dns')

This option is silently ignored on non-Windows platforms and works on Vista+. External DNS is blocked even if no DNS server configured (user may configure it in the tap interface itself). This option could be ignored from server push using route-nopull. --- doc/openvpn.8 | 11 ++-

[Openvpn-devel] [PATCH v2] Add Windows DNS Leak fix using WFP ('block-outside-dns')

This option is silently ignored on non-Windows platforms and works on Vista+. External DNS is blocked even if no DNS server configured (user may configure it in the tap interface itself). This option could be ignored from server push using route-nopull. v2: * Add missing libs to MSVC project

Re: [Openvpn-devel] [PATCH v2] Add Windows DNS Leak fix using WFP ('block-outside-dns')

It seems that Thunderbird scrabbled the patch. Here is the attachment. On 28.10.2015 10:47, ValdikSS wrote: > This option is silently ignored on non-Windows platforms and works on Vista+. > External DNS is blocked even if no DNS server configured (user may configure > it in the tap

Re: [Openvpn-devel] [PATCH] Fix a few typos in the Russian localization

Thanks for the patch but all these and another typos are already fixed in the mattock's repository https://github.com/mattock/openvpn-gui/commit/b5b00c272674233c5c951c0e473f2341065a9fc4 and would be included in next release. On 09.11.2015 21:32, Роман Донченко wrote: > --- >

Re: [Openvpn-devel] [PATCH v2] Add Windows DNS Leak fix using WFP ('block-outside-dns')

:01, Selva Nair wrote: > Hi, > > On Wed, Oct 28, 2015 at 3:47 AM, ValdikSS <i...@valdikss.org.ru > <mailto:i...@valdikss.org.ru>> wrote: > > I tested this on Windows 7 and ran into some problems. > > Blocking dns through all interfaces except the tun/tap works (t

Re: [Openvpn-devel] [PATCH v2] Add Windows DNS Leak fix using WFP ('block-outside-dns')

On 16.11.2015 09:17, Selva Nair wrote: > Hi, > > Here are some comments on the code -- there is one apparent memory leak (see > below). > > > the word "external" is not required nor appropriate as it blocks all, isn't > it? I'm not a native speaker. If you say that, probably you're right. >

[Openvpn-devel] [PATCH v4-master] Add Windows DNS Leak fix using WFP ('block-outside-dns')

This option blocks all out-of-tunnel communication on TCP/UDP port 53 (except for OpenVPN itself), preventing DNS Leaks on Windows 8.1 and 10. --- doc/openvpn.8 | 12 +++- src/openvpn/Makefile.am | 2 +- src/openvpn/init.c | 22 ++ src/openvpn/openvpn.vcxproj |

Re: [Openvpn-devel] [PATCH v4-master] Add Windows DNS Leak fix using WFP ('block-outside-dns')

I can't figure out why Thunderbird corrupts my patches. Please use the attached version. I still need help with 2.3 build system. If somebody willing to help me, please use the attached version. On 24.11.2015 11:39, Gert Doering wrote: > Hi, > > On Thu, Nov 19, 2015 at 06:20:19PM +0300,

Re: [Openvpn-devel] [PATCH v4-master] Add Windows DNS Leak fix using WFP ('block-outside-dns')

It's cron2 who wanted clear ifdefs for master, because there's no WinXP support there. I need help with 2.3 build system. While the code itself would compile fine, it won't link because I can't figure out how to link libraries available in vista+ only for vista+ build and do not link it for XP.

[Openvpn-devel] [PATCH v5-master] Add Windows DNS Leak fix using WFP ('block-outside-dns')

This option blocks all out-of-tunnel communication on TCP/UDP port 53 (except for OpenVPN itself), preventing DNS Leaks on Windows 8.1 and 10. --- doc/openvpn.8 | 12 ++- src/openvpn/Makefile.am | 2 +- src/openvpn/init.c | 17 src/openvpn/openvpn.vcxproj | 4

[Openvpn-devel] [PATCH v5-master] Add Windows DNS Leak fix using WFP ('block-outside-dns')

This option blocks all out-of-tunnel communication on TCP/UDP port 53 (except for OpenVPN itself), preventing DNS Leaks on Windows 8.1 and 10. --- doc/openvpn.8 | 12 ++- src/openvpn/Makefile.am | 2 +- src/openvpn/init.c | 17 src/openvpn/openvpn.vcxproj | 4

[Openvpn-devel] [PATCH v5-2.3] Add Windows DNS Leak fix using WFP ('block-outside-dns')

This option blocks all out-of-tunnel communication on TCP/UDP port 53 (except for OpenVPN itself), preventing DNS Leaks on Windows 8.1 and 10. --- doc/openvpn.8 | 12 ++- src/openvpn/init.c | 17 src/openvpn/openvpn.vcxproj | 0 src/openvpn/options.c | 16

Re: [Openvpn-devel] [PATCH v5-master] Add Windows DNS Leak fix using WFP ('block-outside-dns')

Sorry for double post. This patch comes with removed wfp_init, moved defines to win32.c from win32.h, whitespace fix in documentation. signature.asc Description: OpenPGP digital signature

Re: [Openvpn-devel] [PATCH v5-master] Add Windows DNS Leak fix using WFP ('block-outside-dns')

Please ignore this patch, it won't compile, I'm an idiot. signature.asc Description: OpenPGP digital signature

Re: [Openvpn-devel] [PATCH v5-master] Add Windows DNS Leak fix using WFP ('block-outside-dns')

Hi! You have the point, note is confusing on XP. Changed it to "…on Windows Vista or later". Non-fatal note message is intended to have one config file on various platforms without any modifications. On the other hand, you probably would still use ignore-unknown-option to comply with outdated

[Openvpn-devel] [PATCH v6-master] Add Windows DNS Leak fix using WFP ('block-outside-dns')

This option blocks all out-of-tunnel communication on TCP/UDP port 53 (except for OpenVPN itself), preventing DNS Leaks on Windows 8.1 and 10. --- doc/openvpn.8 | 12 ++- src/openvpn/Makefile.am | 2 +- src/openvpn/init.c | 17 src/openvpn/openvpn.vcxproj | 4

[Openvpn-devel] [PATCH v6-2.3] Add Windows DNS Leak fix using WFP ('block-outside-dns')

This option blocks all out-of-tunnel communication on TCP/UDP port 53 (except for OpenVPN itself), preventing DNS Leaks on Windows 8.1 and 10. --- doc/openvpn.8 | 12 ++- src/openvpn/init.c | 17 src/openvpn/openvpn.vcxproj | 0 src/openvpn/options.c | 16

[Openvpn-devel] [PATCH v7-master] Add Windows DNS Leak fix using WFP ('block-outside-dns')

This option blocks all out-of-tunnel communication on TCP/UDP port 53 (except for OpenVPN itself), preventing DNS Leaks on Windows 8.1 and 10. --- doc/openvpn.8 | 12 ++- src/openvpn/Makefile.am | 2 +- src/openvpn/init.c | 17 src/openvpn/openvpn.vcxproj | 4

[Openvpn-devel] [PATCH v7-2.3] Add Windows DNS Leak fix using WFP ('block-outside-dns')

This option blocks all out-of-tunnel communication on TCP/UDP port 53 (except for OpenVPN itself), preventing DNS Leaks on Windows 8.1 and 10. --- doc/openvpn.8 | 12 ++- src/openvpn/init.c | 17 src/openvpn/openvpn.vcxproj | 0 src/openvpn/options.c | 14

Re: [Openvpn-devel] [PATCH v5-master] Add Windows DNS Leak fix using WFP ('block-outside-dns')

I **hope** I get it right this time. On 29.11.2015 02:32, Arne Schwabe wrote: > Am 28.11.15 um 18:25 schrieb Selva Nair: > I am also voting on fatal error if the option is unknown. You can always > use setenv opt block-outside-dns or use ignore-unknown-option if you do > not want it to fail. > >

Re: [Openvpn-devel] [PATCH v7-master] Add Windows DNS Leak fix using WFP ('block-outside-dns')

These issues should be fixed. Please check PATCH v7. On 04.12.2015 04:19, James Yonan wrote: > These may have been fixed by now, but noticed some issues in the original > patch that was discussed in the OpenVPN-devel IRC meeting several weeks ago. > > * win_adapter_index_to_luid is declared to

Re: [Openvpn-devel] [PATCH v7-master] Add Windows DNS Leak fix using WFP ('block-outside-dns')

Indeed. Pushed fixed version to github repo. https://github.com/ValdikSS/openvpn-with-patches/commit/287ceb11abfa33ee331ba2651572908cbad008d1 If there is no other remarks, I'll send PATCH v8. On 04.12.2015 08:50, Selva Nair wrote: > Hi, > > On Fri, Dec 4, 2015 at 12:14 AM, Va

[Openvpn-devel] [PATCH v8-master] Add Windows DNS Leak fix using WFP ('block-outside-dns')

This option blocks all out-of-tunnel communication on TCP/UDP port 53 (except for OpenVPN itself), preventing DNS Leaks on Windows 8.1 and 10. --- doc/openvpn.8 | 12 ++- src/openvpn/Makefile.am | 2 +- src/openvpn/init.c | 17 src/openvpn/openvpn.vcxproj | 4

Re: [Openvpn-devel] [PATCH v8-master] Add Windows DNS Leak fix using WFP ('block-outside-dns')

That would break name resolver on reconnection if remote is a hostname. On 12/10/2015 06:53 PM, Selva Nair wrote: > > On Thu, Dec 10, 2015 at 4:55 AM, Lev Stipakov > wrote: > > That sounds useful for yet another reason as well. Its only

Re: [Openvpn-devel] [PATCH v8-master] Add Windows DNS Leak fix using WFP ('block-outside-dns')

No, I'm afraid it would fail by default since DNS queries are (usually) made from svchost.exe. Whitelisting openvpn.exe is done to not to break OpenVPN on UDP port 53. I could be incorrect tho. On 12/10/2015 07:31 PM, Selva Nair wrote: > > On Thu, Dec 10, 2015 at 11:24 AM, Valdi

Re: [Openvpn-devel] [PATCH v8-master] Add Windows DNS Leak fix using WFP ('block-outside-dns')

crosoft.com/ru-ru/aa364040 On 12/10/2015 08:17 PM, Selva Nair wrote: > > On Thu, Dec 10, 2015 at 11:49 AM, ValdikSS <i...@valdikss.org.ru > <mailto:i...@valdikss.org.ru>> wrote: > > Provided it doesn't leak memory. As the current implementation of > wfp_add_filter

Re: [Openvpn-devel] XP broken (wrt IPv6 in 2.3.9)

I don't like the idea with additional win32-route option, it really should just use interface name on XP and index on Vista+. On 12/20/2015 09:19 PM, Gert Doering wrote: > Hi, > > On Sun, Dec 20, 2015 at 07:32:56PM +0200, Lev Stipakov wrote: > The usual problem of "attached you'll find...

[Openvpn-devel] [PATCH] Clarify mssfix documentation

--- doc/openvpn.8 | 6 +- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/doc/openvpn.8 b/doc/openvpn.8 index 9760e8b..ef77b29 100644 --- a/doc/openvpn.8 +++ b/doc/openvpn.8 @@ -1381,7 +1381,11 @@ parameter is interpreted in the same way as the .B \-\-link\-mtu parameter, i.e.

Re: [Openvpn-devel] [PATCH] Clarify mssfix documentation

This is applicable to both --mssfix and --fragment options I believe. Yes, it affects both tun and tap modes. On 01/09/2016 07:07 PM, Jan Just Keijser wrote: > Hi, > > On 09/01/16 16:53, ValdikSS wrote: > > this is a clarification for the --fragment option, right? and is the 28/4

[Openvpn-devel] [PATCH] Update --block-outside-dns to work on Windows Vista

Windows Vista doesn't support non-equal matching of application name, it is available only since Windows 7. This commit splits 2 filtering conditions with non-equal matching to 2 filters each with 1 filtering condition: permit IPv4 (first filter) and IPv6 (second filter) port 53 traffic from

[Openvpn-devel] [PATCH] Clarify --block-outside-dns documentation

--- doc/openvpn.8 | 9 + 1 file changed, 9 insertions(+) diff --git a/doc/openvpn.8 b/doc/openvpn.8 index ef77b29..a276936 100644 --- a/doc/openvpn.8 +++ b/doc/openvpn.8 @@ -5575,6 +5575,15 @@ DNS leaks. This option prevents any application from accessing TCP or UDP port 53 except one

[Openvpn-devel] [PATCH v2] Clarify --block-outside-dns documentation

--- doc/openvpn.8 | 10 ++ 1 file changed, 10 insertions(+) diff --git a/doc/openvpn.8 b/doc/openvpn.8 index ef77b29..76650e9 100644 --- a/doc/openvpn.8 +++ b/doc/openvpn.8 @@ -5575,6 +5575,16 @@ DNS leaks. This option prevents any application from accessing TCP or UDP port 53 except

Re: [Openvpn-devel] [PATCH] Clarify --block-outside-dns documentation

You're right, thanks. Sent v2 of this patch. On 01/16/2016 03:35 PM, Gert Doering wrote: > Hi, > > On Sat, Jan 16, 2016 at 02:45:05AM +0300, ValdikSS wrote: > While I agree with the idea (and this is a frequent question, so thanks!), > it's not totally correct for Windows XP - with

Re: [Openvpn-devel] Test installers with the Interactive service / Vista-compatible block-outside-dns

ut starting > a > second openvpn.exe also fails at name resolution although the apparent > purpose of the permit filter is to allow that traffic through the LAN or any > other > interface > Valdikss: Is this filter useful at all? When openvpn does name resolution, I > supp

Re: [Openvpn-devel] Handling bitness (32/64) for OpenVPN Windowsinstallers

On 02/17/2016 06:16 PM, Samuli Seppänen wrote: > I don't think there are many (any?) 32-bit Windows operating systems > being bundled with new computers. The reason why Microsoft backpedaled > on dropping 32-bit support in Windows 10 seemed to be their free upgrade > program: they wanted the

[Openvpn-devel] Pushing multiple certificates from server

Hello everyone, I'm trying to leisurely move from an old existing 1024 bit CA to a new 4096 bit one without a hassle for a clients. From a X.509 perspective it shouldn't be a problem, and I already have new CA self-signed and cross-signed with old CA, it should work just fine. While there's no

Re: [Openvpn-devel] Pushing multiple certificates from server

we put installer > and > config on enterprise website). after some time we were able to shut down the > old ca. > > 2016-03-04 2:04 GMT+05:00 ValdikSS <i...@valdikss.org.ru > <mailto:i...@valdikss.org.ru>>: > signature.asc Description: OpenPGP digital signature

Re: [Openvpn-devel] Pushing multiple certificates from server

03/03/16 22:04, ValdikSS wrote: > > it's possible to send a stacked CA certificate (i.e. server certificate and > intermediate CA cert) from server to the client. We use this in production, > and it > is done by simply stacking (cat'ing) the server cert and intermediary CA cert

Re: [Openvpn-devel] Pushing multiple certificates from server

On 03/04/2016 03:57 PM, David Woodhouse wrote: > On Fri, 2016-03-04 at 15:37 +0300, ValdikSS wrote: > What you described *was* chained certificates, wasn't it? > > From the point of view of a client which only trusts the old CA, the > server is presenting a chain — its own

Re: [Openvpn-devel] Pushing multiple certificates from server

On 03/04/2016 04:12 PM, Arne Schwabe wrote: > > Am 03.03.16 um 22:04 schrieb ValdikSS: > Shouldn't sending the new CA chain only be enough? Since it is > (cross)signed by the old CA, the client will accept it. For the old > clients the new CA will look like an intermediate certi

Re: [Openvpn-devel] Pushing multiple certificates from server

On 03/04/2016 03:26 PM, Jan Just Keijser wrote: > Hi, > > On 03/03/16 22:04, ValdikSS wrote: > it's possible to send a stacked CA certificate (i.e. server certificate > and intermediate CA cert) from server to the client. We use this in > production, and it is done by simply

Re: [Openvpn-devel] Pushing multiple certificates from server

On 03/04/2016 11:08 PM, Jan Just Keijser wrote: > Hi, > > On 04/03/16 14:24, Arne Schwabe wrote: > the more I think about it, the more I think that what you are trying to > achieve ought not to work: > > your current situation is this: > - clients are equipped with a 1024bit CA cert; the server

Re: [Openvpn-devel] Pushing multiple certificates from server

to my server with a chain Bad news: * OpenVPN 2.3 and master can't connect to this server, with both OpenSSL and PolarSSL backends. Maybe if I supply certificates in correct order, client would work. On 03/04/2016 12:04 AM, ValdikSS wrote: > Hello everyone, > > I'm trying to

Re: [Openvpn-devel] Pushing multiple certificates from server

On 03/05/2016 04:36 AM, Jan Just Keijser wrote: > Hi, > > On 04/03/16 22:58, ValdikSS wrote: > how did you generate the cross-signed CA certs? I've looked around but all > cross-signing either requires you to use the same private key (i.e. bit size) > or > that you exten

Re: [Openvpn-devel] Pushing multiple certificates from server

On 03/05/2016 08:24 AM, ValdikSS wrote: > > > On 03/05/2016 04:36 AM, Jan Just Keijser wrote: > > I've signed my new CA's private key (4096 bit) with old CA (1024 bit) and it > became intermediate to my old CA (what you call extending trust), but also > issued > sel

Re: [Openvpn-devel] Pushing multiple certificates from server

On 03/05/2016 12:58 AM, ValdikSS wrote: > I have good news and bad news: > > Good news: > > * OpenVPN sends all certificates from the server supplied for --server > directive (although with a small bug that a certificate which you have > private key > for mus

Re: [Openvpn-devel] Pushing multiple certificates from server

On 03/05/2016 06:27 PM, Gert Doering wrote: > Hi, > > On Sat, Mar 05, 2016 at 12:58:06AM +0300, ValdikSS wrote: > If Connect works, and OpenVPN for Android does not, this hints at > "PolarSSL vs. OpenSSL". > > Or at "we call the crypto library differently&quo

[Openvpn-devel] [PATCH 3/3] Do not pass env for system commands on OS X

--- src/openvpn/route.c | 8 src/openvpn/tun.c | 6 +++--- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/src/openvpn/route.c b/src/openvpn/route.c index 822d02b..c1ce7fd 100644 --- a/src/openvpn/route.c +++ b/src/openvpn/route.c @@ -1601,7 +1601,7 @@ add_route (struct

[Openvpn-devel] [PATCH 1/3] Do not pass env for system commands on Linux

It's possible to have so much routes that they won't fit into stack and execve would fail with E2BIG (Argument list too long). This commit fixes this issue by not adding route information into execve'd application env. --- src/openvpn/lladdr.c | 2 +- src/openvpn/route.c | 8

[Openvpn-devel] [PATCH 2/3] Do not pass env for system commands on Windows

--- src/openvpn/route.c | 12 ++-- 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/openvpn/route.c b/src/openvpn/route.c index c327866..822d02b 100644 --- a/src/openvpn/route.c +++ b/src/openvpn/route.c @@ -1487,7 +1487,7 @@ add_route (struct route_ipv4 *r, else if

Re: [Openvpn-devel] [PATCH v2] Drop recursively routed packets

-10 messages per second to the log with verb 4. On 06/11/2016 02:05 PM, Gert Doering wrote: > Hi, > > On Wed, Apr 06, 2016 at 11:44:34PM +0300, ValdikSS wrote: > Coming back to this patch set - could you share your test results? > > I'll then go and see that I can code rev

Re: [Openvpn-devel] block-outside-dns and multiple tunnels

This is known issue (for me), and it was superficially discussed on IRC at some point. It wasn't considered significant to implement block-outside-dns for multiple connections. Is there ahy reason to use block-outside-dns on multiple connections? Just asked supergregg (bug reporter), he

Re: [Openvpn-devel] dhcp-option DNS IPv6 server address for windows client

…probably not only DHCPv6, but also Router Advertisement too. I doubt that DHCPv6 could be used without RA on Windows. On 10/30/2016 12:55 AM, debbie10t wrote: > Hi, > > currently, openvpn does not accept an IPv6 dhcp-option DNS server address. > > See: >

Re: [Openvpn-devel] Feature proposal: tls-crypt

Experimental branch doesn't work in TCP mode. Client gets the following error right after sending P_CONTROL_HARD_RESET_CLIENT_V2: Assertion failed at socket.c:2992 (buf_write_prepend (buf, , sizeof (len))) On 09/18/2016 03:25 PM, Steffan Karger wrote: > Hi, > > On 27 July 2016 at 16:42,

[Openvpn-devel] Windows 10 Creators Update broke --block-outside-dns

Windows 10 Creators Update changed the way DNS works. It used to resolve DNS address using all available adapters and IP addresses in parallel, now it still resolves addresses using all available adapters but in sequence, beginning with random adapter. This interfere with how

Re: [Openvpn-devel] devel mailing list

Sorry, I totally forgot that OpenVPN mail list does not support DMARC. My domain has strict DMARC policy, that's why some of you didn't get and won't get my emails. On 16.04.2017 00:06, Christian Hesse wrote: > Selva Nair on Sat, 2017/04/15 16:08: > I did receive the

[Openvpn-devel] Windows 10 Creators Update broke --block-outside-dns

Windows 10 Creators Update changed the way DNS works. It used to resolve DNS address using all available adapters and IP addresses in parallel, now it still resolves addresses using all available adapters but in sequence, beginning with random adapter. This interfere with how

[Openvpn-devel] Windows 10 Creators Update broke --block-outside-dns

I hope this message would finally receive everyone. Sorry for spamming mail list. Windows 10 Creators Update changed the way DNS works. It used to resolve DNS address using all available adapters and IP addresses in parallel, now it still resolves addresses using all available adapters but in

[Openvpn-devel] Windows 10 Creators Update broke --block-outside-dns

I hope this message would finally receive everyone. Sorry for spamming mail list. Windows 10 Creators Update changed the way DNS works. It used to resolve DNS address using all available adapters and IP addresses in parallel, now it still resolves addresses using all available adapters but in

Re: [Openvpn-devel] devel mailing list

Should I try to re-post it? Could it be because of 7z archive? On 15.04.2017 23:38, debbie10t wrote: > > On 15/04/17 21:08, Selva Nair wrote: > It is not only you :( > > > > -- > Check out the vibrant tech community on

Re: [Openvpn-devel] devel mailing list

It's not just gmail. I didn't get any bounce back and I can't see this message over gmane NNTP. Don't know what has happened. Reposting again. On 16.04.2017 00:19, Selva Nair wrote: > > On Sat, Apr 15, 2017 at 5:17 PM, ValdikSS <i...@valdikss.org.ru > <mailto:i...@valdikss

Re: [Openvpn-devel] Windows 10 Creators Update broke --block-outside-dns

On 18.04.2017 21:37, Selva Nair wrote: > > On Sat, Apr 15, 2017 at 6:41 PM, ValdikSS <valdi...@gmail.com > <mailto:valdi...@gmail.com>> wrote: > > How does this registry entry tell Windows that TAP adapter should be > preferred for DNS? Or is this to be

Re: [Openvpn-devel] Windows 10 Creators Update broke --block-outside-dns

Thanks, please see v2 here https://github.com/ValdikSS/openvpn-with-patches/commit/bb5893bdbd74b8168e1ad9561a55bd9449b1d5b5 On 26.04.2017 00:06, David Sommerseth wrote: > On 25/04/17 22:40, ValdikSS wrote: > I've quickly looked at it. I am by far no Windows developer, so I don't > under

Re: [Openvpn-devel] Windows 10 Creators Update broke --block-outside-dns

Please check updated version https://github.com/ValdikSS/openvpn-with-patches/commit/80345eac823326299c5428a8db45dc06a8d10f7b set_interface_metric() needs to be called from interactive service but the service doesn't include win32.h/c so I had to copy/paste code into it. How could

[Openvpn-devel] [PATCH v2] Set a low interface metric for tap adapter when block-outside-dns is in use

From: ValdikSS <i...@valdikss.org.ru> Windows 10 before Creators Update used to resolve DNS using all available adapters and IP addresses in parallel. Now it still resolves addresses using all available adapters but in a round-robin way, beginning with random adapter. This behaviour intr

Re: [Openvpn-devel] [PATCH] Set a low interface metric for tap adapter when block-outside-dns is in use

On 08.05.2017 17:47, Selva Nair wrote: > Hi, > > Please bear with me for making a few more comments. Please don't excuse. That's totally fine. > This close to final so only > a few minor issues. > > On Thu, May 4, 2017 at 1:36 PM, ValdikSS <valdi...@gmail.com >

Re: [Openvpn-devel] [PATCH] Set a low interface metric for tap adapter when block-outside-dns is in use

Added it. Can't compile for 32 bit, I tried multiple times but can't wrestle down build system to compile my version from git. It never finds OpenSSL. It successfully compiles for 64 bit. Please check v2. On 10.05.2017 19:40, Selva Nair wrote: > > On Wed, May 10, 2017 at 12:08 PM, Va

Re: [Openvpn-devel] block-outside-dns and persist-tun

On 28.05.2017 18:20, Selva Nair wrote: > Hi, > > Copying the -devel list: > > On Sun, May 28, 2017 at 10:16 AM, ValdikSS <valdi...@gmail.com > <mailto:valdi...@gmail.com>> wrote: > > Is this only with 2.4.2 or is 2.4.1 also affected? As you imply, the filter

Re: [Openvpn-devel] block-outside-dns and persist-tun

; > On Sat, Jun 3, 2017 at 4:13 PM, ValdikSS <valdi...@gmail.com > <mailto:valdi...@gmail.com>> wrote: > > I did not find any related to failure to remove WFP filters. That specific > comment link reads > > > Sun May 28 18:07:25 2017 Block_DNS: WFP engine opene

Re: [Openvpn-devel] block-outside-dns and persist-tun

May 28 18:32:38 2017 Block_DNS: Added permit filters for TAP interface Sun May 28 18:32:38 2017 Blocking DNS failed! Sun May 28 18:32:38 2017 Exiting due to fatal error On 04.06.2017 07:11, Selva Nair wrote: > > On Sat, Jun 3, 2017 at 4:13 PM, ValdikSS <valdi...@gmail.com > &

Re: [Openvpn-devel] [PATCH] Set a low interface metric for tap adapter when block-outside-dns is in use

On 05.05.2017 23:21, Selva Nair wrote: > Hi, > > On Thu, May 4, 2017 at 1:36 PM, ValdikSS <valdi...@gmail.com > <mailto:valdi...@gmail.com>> wrote: > > Hmm... If it starts with a random adapter, this metric lowering is not the > right fix, isn't it? Or did you m

[Openvpn-devel] [PATCH] Set a low interface metric for tap adapter when block-outside-dns is in use

From: ValdikSS <i...@valdikss.org.ru> Windows 10 before Creators Update used to resolve DNS using all available adapters and IP addresses in parallel. Now it still resolves addresses using all available adapters but in a round-robin way, beginning with random adapter. This behaviour intr

Re: [Openvpn-devel] [PATCH] Use adapter index instead of name

If like this index approach. Actually, we should have used indexes and not interface names from the beginning.   Original Message   From: Gert Doering Sent: Thursday, 22 October 2015 18:26 To: Lev Stipakov Cc: openvpn-devel@lists.sourceforge.net Subject: Re: [Openvpn-devel] [PATCH] Use adapter