Re: [Openvpn-devel] OpenVPN 3 Linux client - v11 beta released

2020-11-03 Thread David Sommerseth
On 02/11/2020 19:22, Gert Doering wrote: > Hi, > > On Mon, Nov 02, 2020 at 03:00:58PM +0100, David Sommerseth wrote: >>> Then the imported configuration profile must get the DCO feature >>> enabled: >>> >>> $ openvpn3 config-manage --show

Re: [Openvpn-devel] OpenVPN 3 Linux client - v11 beta released

2020-11-02 Thread David Sommerseth
On 02/11/2020 14:30, David Sommerseth wrote: > With the kernel module installed, the configuration file must be > be imported: > > $ openvpn3 config-import --config CONFIG_FILENAME \ > --name CFGNAME \ > --persistent >

[Openvpn-devel] OpenVPN 3 Linux client - v11 beta released

2020-11-02 Thread David Sommerseth
ignals to the Access Server the downloaded configuration profile is intended to be imported into a local storage. -- kind regards, David Sommerseth OpenVPN Inc [0] <https://gitlab.com/openvpn/openvpn3-linux> <https://github.com/OpenVPN/openvpn3-linux> --

[Openvpn-devel] [PATCH] build: Fix missing install of man page in certain environments

2020-10-29 Thread David Sommerseth
file is prebuilt in source tarballs and will thus be available. Reported-By: Philip Brown Tested-By: Philip Brown Signed-off-by: David Sommerseth --- Note: This may have a negative impact on hosts running 'make install' (which also happens via 'make distcheck') when using the git tree

Re: [Openvpn-devel] [PATCH] Avoid passing NULL to argv_printf_cat() in temp_file error case.

2020-10-15 Thread David Sommerseth
e error message at line 1122. But after all, the chosen approach gives a reasonable code execution flow and I consider it cleaner. I don't see any reasons why it would be beneficial to format the command line only after creating the temp file. So ... Acked-By: Davi

Re: [Openvpn-devel] [PATCH applied] Re: Support X509 field list to be username

2020-10-08 Thread David Sommerseth
rather save some goodies for post 2.6 releases - to help the overall development/release cycles go faster. -- kind regards, David Sommerseth OpenVPN Inc signature.asc Description: OpenPGP digital signature ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] Add --up-pre with the same functionality as --down-pre

2020-10-01 Thread David Sommerseth
ves a problem which cannot be solved through other reasonable ways. -- kind regards, David Sommerseth OpenVPN Inc signature.asc Description: OpenPGP digital signature ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] Add --up-pre with the same functionality as --down-pre

2020-10-01 Thread David Sommerseth
nguage with D-Bus support will work: <https://github.com/OpenVPN/openvpn3-linux/tree/master/src/tests/python> <https://github.com/OpenVPN/openvpn3-linux/tree/master/src/python> -- kind regards, David Sommerseth OpenVPN Inc signature.asc Description: OpenPGP

Re: [Openvpn-devel] Add --up-pre with the same functionality as --down-pre

2020-10-01 Thread David Sommerseth
"user story", which is the appropriate term for the 2020s). My stance is pretty well covered in the ticket [1], and the only potential use case which was provided does have, in my opinion, a better alternative by using --management and --management-hold. <htt

Re: [Openvpn-devel] [PATCH] Improve documentation of --username-as-common-name

2020-09-28 Thread David Sommerseth
ct script) and file names parsed in > + client-config directory will match the username. I have not verified the behavior described, but I trust Selva's understanding and testing. The extension of this part is valuable and makes both the man entry and behavior clearer. The fix I've touched above can

Re: [Openvpn-devel] [PATCH] Added environment variable for IPv6 route metric.

2020-09-23 Thread David Sommerseth
preserved as /nnn in the IPv6 range in route_ipv6_network_{n}. (These examples needs the proper :code:`value` and ``value`` highlighting, removed here for clarity) -- kind regards, David Sommerseth OpenVPN Inc signature.asc Description: OpenPGP digital signature _

Re: [Openvpn-devel] [PATCH v4] Add demo plugin that excercises "CLIENT_CONNECT" and "CLIENT_CONNECT_V2" paths

2020-09-17 Thread David Sommerseth
ct.c > I've only glared at important code pieces, diffed against the v2 of this patch and compiled it on RHEL-7 (gcc-4.8.5 and gcc-9.3.1/devtoolset-9). Since everything is as expected now (no compiler complaints, diff is good) and prior review testing worked as expected ... Acked-By: David Sommerse

Re: [Openvpn-devel] [PATCH] Support for wolfSSL in OpenVPN

2020-09-16 Thread David Sommerseth
lopers using a distro package of the library; these packages install all these pkg-config files in the appropriate directory. The challenge is more for those compiling and installing unpackaged versions of the library; which is where the WOLFSSL_LIBS and WOLFSSL_CFLAGS comes into play. -- kind regards,

[Openvpn-devel] [PATCH] build: Fix make distclean/distcheck

2020-09-16 Thread David Sommerseth
this Makefile in the list of files 'make distclean' should remove. Signed-off-by: David Sommerseth --- sample/Makefile.am | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sample/Makefile.am b/sample/Makefile.am index 3be698e7..46d113ab 100644 --- a/sample/Makefile.am +++ b/sample

Re: [Openvpn-devel] LD Errors / vpn_connect or vpn_init

2020-09-16 Thread David Sommerseth
e client without any issues on CentOS 7, as well as developing openvpn3-linux on RHEL-7 as the main development environment. We're mostly on IRC, FreeNode in the #openvpn-devel room. -- kind regards, David Sommerseth OpenVPN Inc signature.asc Description: OpenPGP digital signature _

Re: [Openvpn-devel] [PATCH v3] sample-plugins: Partially autotoolize the sample-plugins build

2020-09-16 Thread David Sommerseth
[resent from proper address] On 16/09/2020 15:48, Gert Doering wrote: > Hi, > > On Tue, Sep 15, 2020 at 10:52:54PM +0200, David Sommerseth wrote: >> --- >> v2 - Process README files with correct instructions and details >> v3 - Add missing -I$(top_srcdir)/include an

[Openvpn-devel] [PATCH v4] sample-plugins: Partially autotoolize the sample-plugins build

2020-09-16 Thread David Sommerseth
#include "config.h" in sample code, to also get various macros defined by the ./configure run. This patch does not touch the winbuild scripts, as it seems building these sample-plugins on Windows requires a bit different compile and linking steps than *nix systems in general. Signed-off

[Openvpn-devel] [PATCH v3] sample-plugins: Partially autotoolize the sample-plugins build

2020-09-15 Thread David Sommerseth
#include "config.h" in sample code, to also get various macros defined by the ./configure run. This patch does not touch the winbuild scripts, as it seems building these sample-plugins on Windows requires a bit different compile and linking steps than *nix systems in general. Signed-off

Re: [Openvpn-devel] [PATCH v2] sample-plugins: Partially autotoolize the sample-plugins build

2020-09-15 Thread David Sommerseth
On 15/09/2020 12:22, Gert Doering wrote: > Hi, > > On Mon, Sep 14, 2020 at 02:27:21PM +0200, David Sommerseth wrote: >> The sample-plugins have their own set of build/winbuild scripts in each >> of these plugin directories. This does not give a good way to reuse >>

[Openvpn-devel] [PATCH v2] sample-plugins: Partially autotoolize the sample-plugins build

2020-09-14 Thread David Sommerseth
#include "config.h" in sample code, to also get various macros defined by the ./configure run. This patch does not touch the winbuild scripts, as it seems building these sample-plugins on Windows requires a bit different compile and linking steps than *nix systems in general. Signed-off

[Openvpn-devel] [PATCH] sample-plugins: Partially autotoolize the sample-plugins build

2020-09-14 Thread David Sommerseth
#include "config.h" in sample code, to also get various macros defined by the ./configure run. This patch does not touch the winbuild scripts, as it seems building these sample-plugins on Windows requires a bit different compile and linking steps than *nix systems in general. Signed-off

Re: [Openvpn-devel] [PATCH v2] Add demo plugin that excercises "CLIENT_CONNECT" and "CLIENT_CONNECT_V2" paths

2020-09-14 Thread David Sommerseth
ction ‘openvpn_plugin_client_connect’: client-connect/sample-client-connect.c:356:9: error: ‘for’ loop initial declarations are only allowed in C99 mode for (int i = 0; argv[i]; i++) -- kind regards, David Sommerseth OpenVPN Inc signature.asc Description: Ope

Re: [Openvpn-devel] [PATCH v2] Add demo plugin that excercises "CLIENT_CONNECT" and "CLIENT_CONNECT_V2" paths

2020-09-11 Thread David Sommerseth
contains #define _GNU_SOURCE 1. This removes this compiler warning. This is on RHEL-7 with both gcc-4.8 and gcc-9.3. Otherwise, the code looks reasonable and it works. The log file does not include the pushed echo statement (can be enabled in options.c:5286). The management interface shows the pu

Re: [Openvpn-devel] [PATCH] Handle NULL returns from calloc() in sample plugins.

2020-09-11 Thread David Sommerseth
e and compiled all the sample plug-ins. All looks reasonable and good. Acked-By: David Sommerseth -- kind regards, David Sommerseth OpenVPN Inc signature.asc Description: OpenPGP digital signature ___ Openvpn-devel mailing list Openvpn-devel@lists

[Openvpn-devel] [PATCH] man: Add missing --server-ipv6

2020-09-11 Thread David Sommerseth
During the conversion from .8 to .rst and further reorganizing of the content into separate files, the --server-ipv6 entry got lost. This resurrects it again. Signed-off-by: David Sommerseth --- doc/man-sections/server-options.rst | 14 ++ 1 file changed, 14 insertions(+) diff

Re: [Openvpn-devel] [PATCH] Support for wolfSSL in OpenVPN

2020-09-11 Thread David Sommerseth
the next release. And > otherwise we remove the support before the next release. That should our > concerns of wanting to see ongoing support and also your concern of it > not being included. I completely agree. This makes a lot of sense and is a reasonable way forward. -- kind regar

[Openvpn-devel] [PATCH] man: Improve --remote entry

2020-09-09 Thread David Sommerseth
spread out. Signed-off-by: David Sommerseth --- doc/man-sections/client-options.rst | 60 - 1 file changed, 34 insertions(+), 26 deletions(-) diff --git a/doc/man-sections/client-options.rst b/doc/man-sections/client-options.rst index ec1e3b11..af21fbcd 100644

Re: [Openvpn-devel] [PATCH] Fix --remote protocol can't be set without port argument

2020-09-09 Thread David Sommerseth
On 08/09/2020 21:01, Vladislav Grishenko wrote: > Hi David, > >> -Original Message----- >> From: David Sommerseth >> Sent: Tuesday, September 8, 2020 6:23 PM >> To: Vladislav Grishenko ; openvpn- >> de...@lists.sourceforge.net >> Subject: Re: [Op

Re: [Openvpn-devel] [PATCH] Fix --remote protocol can't be set without port argument

2020-09-08 Thread David Sommerseth
ting the man page to .rst files. The example should be: remote server.example.net 1194 tcp The OpenVPN 2.4 and prior releases has this line: --remote host [port] [proto] But this syntax was not supported by rst2man, so it was replaced with "args" and the examples coming be

Re: [Openvpn-devel] [PATCH] Document that --push-remove is generally more suitable than --push-reset

2020-09-08 Thread David Sommerseth
erver-options.rst | 8 > 1 file changed, 8 insertions(+) Acked-By: David Sommerseth It would be good if --push-reset would actually not remove certain critical options, but this is anyhow a good heads-up for our users. -- kind regards, David Somm

Re: [Openvpn-devel] [PATCH v3] Fix best gateway selection over netlink

2020-09-08 Thread David Sommerseth
But I don't see the need for this if it is primarily to enable support for ancient kernel releases which are no longer supported by the upstream kernel community (where 4.4 is the oldest one). I would lean on what Antonio says here as well, as he kinda owns the sitnl implementation and API. -- kind

Re: [Openvpn-devel] New man-section pages format

2020-09-04 Thread David Sommerseth
tHub before the .rst conversion. [1] <https://github.com/OpenVPN/openvpn/blob/release/2.4/doc/openvpn.8> -- kind regards, David Sommerseth OpenVPN Inc signature.asc Description: OpenPGP digital signature ___ Openvpn-devel mailing list Openvpn-d

[Openvpn-devel] OpenVPN 3 Linux client - v10 beta released

2020-07-27 Thread David Sommerseth
as been extended with more region CA certificates used for the request validations. In addition it will now pick up more of system CA certificate file locations than before. -- kind regards, David Sommerseth OpenVPN Inc [0] <https://gitlab.com/openvpn/openvpn3-linux> <h

Re: [Openvpn-devel] [PATCH 8/9] Rename ncp-ciphers to data-ciphers

2020-07-24 Thread David Sommerseth
le > removal process. But if we remove an option/drop support for something > something that should still be a weighing of pros and cons. > > For this specific option of ncp-ciphers/data-ciphers. This not just a > fringe option. This is an option that affects one of the core things of

Re: [Openvpn-devel] [PATCH 8/9] Rename ncp-ciphers to data-ciphers

2020-07-24 Thread David Sommerseth
"data-ciphers") || streq(p[0], "ncp-ciphers")) >> +&& p[1] && !p[2]) >> { >> VERIFY_PERMISSION(OPT_P_GENERAL|OPT_P_INSTANCE); >> options->ncp_ciphers = p[1]; >> diff --git a/src/openvpn/ssl_ncp.c b/src/open

Re: [Openvpn-devel] Regarding deprecation of --route-nopull

2020-07-24 Thread David Sommerseth
. The filter itself is simple to implement, just hasn't surfaced on the more critical issues we've needed to tackle. -- kind regards, David Sommerseth OpenVPN Inc signature.asc Description: OpenPGP digital signature ___ Openvpn-devel mailing list Openvpn-dev

Re: [Openvpn-devel] [PATCH 8/9] Rename ncp-ciphers to data-ciphers

2020-07-23 Thread David Sommerseth
. Otherwise I do fear for the future of OpenVPN 2.x. By having a clear strategy and adhering to a process of feature/option management in OpenVPN, we give clearly defined time-window for stability and functionality for our users. This predictability is, in my experience, much more important to

Re: [Openvpn-devel] [PATCH 8/9] Rename ncp-ciphers to data-ciphers

2020-07-22 Thread David Sommerseth
better explains what it is used for. But I do reject NOT adding a deprecation path for --ncp-ciphers. We should support --ncp-ciphers for 1-2 major releases, but after that it should be removed. We have too many options and we certainly should avoid duplicating options with the exact same functionality. -- kind regards, David Sommerseth OpenVPN Inc signature.asc Description: OpenPGP digital signature ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] options: Remove --udp-mtu

2020-07-22 Thread David Sommerseth
On 22/07/2020 14:01, Arne Schwabe wrote: > Am 22.07.20 um 11:54 schrieb David Sommerseth: >> Before --link-mtu, it was --udp-mtu. This was changed in >> OpenVPN 1.5_beta1 (release July 2003). It should be safe now >> to remove --udp-mtu, the transition period should hav

[Openvpn-devel] [PATCH] options: Remove --udp-mtu

2020-07-22 Thread David Sommerseth
Before --link-mtu, it was --udp-mtu. This was changed in OpenVPN 1.5_beta1 (release July 2003). It should be safe now to remove --udp-mtu, the transition period should have been long enough. Signed-off-by: David Sommerseth --- src/openvpn/options.c | 3 +-- 1 file changed, 1 insertion(+), 2

Re: [Openvpn-devel] [PATCH v3 5/9] Remove key-method 1

2020-07-21 Thread David Sommerseth
st this patch on git master commit 08469ca1eccc). Builds fine, 'make check' looks good. Acked-By: David Sommerseth -- kind regards, David Sommerseth OpenVPN Inc ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH v2 5/9] Remove key-method 1

2020-07-20 Thread David Sommerseth
On 20/07/2020 15:22, Arne Schwabe wrote: > Am 20.07.20 um 15:16 schrieb David Sommerseth: >> On 17/07/2020 15:47, Arne Schwabe wrote: >>> Key-method 1 is only needed to talk to pre OpenVPN 2.0 clients. >>> >>> Patch V2: Fix style. Make V1 op codes illegal, remov

Re: [Openvpn-devel] [PATCH v2 5/9] Remove key-method 1

2020-07-20 Thread David Sommerseth
> -} > - > if (!read_control_auth(buf, >tls_wrap, from, > session->opt)) > { I had already started my own approach of removing --key-method when I was made aware of this patch. Co

[Openvpn-devel] [PATCH] Remove --ifconfig-pool-linear

2020-07-20 Thread David Sommerseth
This option has been deprecated since OpenVPN 2.1 and it has been highlighted in the documentation and log files since OpenVPN 2.4.4. Signed-off-by: David Sommerseth --- Changes.rst | 3 +++ src/openvpn/options.c | 9 - 2 files changed, 3 insertions(+), 9 deletions(-) diff

[Openvpn-devel] [PATCH v2] Remove --client-cert-not-required

2020-07-20 Thread David Sommerseth
This removes support for the --client-cert-not-required option. To avoid starting a server with this option just ignored, which would make it impossible for existing clients to connect it will exit with instructions to replace this option with --verify-client-cert none. Signed-off-by: David

[Openvpn-devel] [PATCH] Remove --client-cert-not-required

2020-07-20 Thread David Sommerseth
This removes support for the --client-cert-not-required option. To avoid starting a server with this option just ignored, which would make it impossible for existing clients to connect it will exit with instructions to replace this option with --verify-client-cert none. Signed-off-by: David

[Openvpn-devel] [PATCH] travis: Fix make distcheck failure

2020-07-20 Thread David Sommerseth
the 'make distcheck' build test fail. Signed-off-by: David Sommerseth --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 925d09ea..b154277e 100644 --- a/.travis.yml +++ b/.travis.yml @@ -111,7 +111,7 @@ jobs: addons: apt

[Openvpn-devel] [PATCH] doc/man: Do not install man *.rst files

2020-07-19 Thread David Sommerseth
messy. By moving these files to dist_noinst_DATA= instead, these files are still distributed but not installed via 'make install'. Signed-off-by: David Sommerseth --- doc/Makefile.am | 9 + 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/doc/Makefile.am b/doc/Makefile.am index

Re: [Openvpn-devel] [PATCH] Merge Makefile.am's AUTOMAKE_OPTIONS into configure.ac's AM_INIT_AUTOMAKE.

2020-07-17 Thread David Sommerseth
iding our COPYING and > +# INSTALL targets: > +AM_INIT_AUTOMAKE(foreign serial_tests 1.9) dnl NB: Do not [quote] this > parameter. > AC_CANONICAL_HOST > AC_USE_SYSTEM_EXTENSIONS > Acked-By: David Sommerseth This works better than the previous attempt, this also passes 'make dist

[Openvpn-devel] [PATCH] Remove --no-iv

2020-07-17 Thread David Sommerseth
This finializes the depreacation started in OpenVPN 2.4, where --no-iv was made into a NOOP option. Signed-off-by: David Sommerseth --- Changes.rst | 3 +++ doc/man-sections/server-options.rst | 2 +- doc/man-sections/unsupported-options.rst | 2 +- src/openvpn

[Openvpn-devel] [PATCH] Remove --no-replay

2020-07-17 Thread David Sommerseth
://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits#OVPN-03-3:Insecureconfigurationoptions:--no-replay URL: [1] https://community.openvpn.net/openvpn/wiki/DeprecatedOptions#Option:--no-replay Signed-off-by: David Sommerseth --- Changes.rst | 5 doc/man

Re: [Openvpn-devel] [PATCH 2/2] Permit make dist* targets without py*-docutils

2020-07-17 Thread David Sommerseth
On 17/07/2020 17:36, David Sommerseth wrote: > On 17/07/2020 17:05, Matthias Andree wrote: >> Signed-off-by: Matthias Andree >> --- >> doc/Makefile.am | 5 +++-- >> 1 file changed, 3 insertions(+), 2 deletions(-) >> >> diff --git a/doc/Makefile.am b/doc/

Re: [Openvpn-devel] [PATCH 1/2] Automake options: add subdir-objects, and clean up

2020-07-17 Thread David Sommerseth
/.deps/libopenvpnmsica_la-tap.Plo'. Stop. make[3]: Leaving directory `/home/davids/devel/OpenVPN/openvpn/src/openvpnmsica' This needs more work to avoid this issue. It's also interesting that Windows code is suddenly being pulled into the dependency tracking on a plain Linux bo

Re: [Openvpn-devel] [PATCH 2/2] Permit make dist* targets without py*-docutils

2020-07-17 Thread David Sommerseth
> > # Failsafe - do not delete these files unless we can recreate them > CLEANFILES = \ Thanks! This fixes the 'make distdir', which should also fix the 'make check' issues Gert found [1]. Acked-By: David Sommerseth [1] Message-Id: 20200717131607.gs1...@greenie.muc.de <https:/

Re: [Openvpn-devel] [PATCH] Convert cc_check_return to switch/case

2020-07-17 Thread David Sommerseth
et) { case CC_RET_SUCCEEDED: (*cc_succeeded_count)++; return true; case CC_RET_FAILED: return false; case CC_RET_SKIPPED: return true; default: ASSERT(0); } I generally find this a

[Openvpn-devel] [PATCH] doc/man: Add misssing renegotiation.rst to Makefile.am

2020-07-17 Thread David Sommerseth
such a tarball, it will explode and complain about this missing file. Signed-off-by: David Sommerseth --- doc/Makefile.am | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/Makefile.am b/doc/Makefile.am index a1ac02f6..add92198 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -31,6 +31,7

[Openvpn-devel] [PATCH] doc/man: Documentation for --bind-dev / VRFs on Linux

2020-07-17 Thread David Sommerseth
Signed-off-by: Maximilian Wilhelm Signed-off-by: David Sommerseth --- v2 - Added missing entry into Makefile.am --- doc/Makefile.am | 1 + doc/man-sections/network-config.rst | 1 + .../virtual-routing-and-forwarding.rst| 78

Re: [Openvpn-devel] [PATCH applied] Re: doc/man: Replace old man page with generated man page

2020-07-17 Thread David Sommerseth
t,distcheck}" from the *git repo*, python-docutils need to be a mandatory dependency - because we don't check in the prebuilt openvpn.8 and openvpn.html files into the git repo. This logic could probably contains some flaws and can be further improved, but I figured we need to get this tested

[Openvpn-devel] [PATCH v2 5/8] doc/man: Mark compression options as deprecated

2020-07-16 Thread David Sommerseth
-by: David Sommerseth --- doc/man-sections/protocol-options.rst | 15 +++ 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/doc/man-sections/protocol-options.rst b/doc/man-sections/protocol-options.rst index ae85a25e..a5a1253a 100644 --- a/doc/man-sections/protocol-options.rst

[Openvpn-devel] [PATCH v2 7/8] doc/man: Update --txqueuelen default setting (Now OS default)

2020-07-16 Thread David Sommerseth
From: Richard Bonhomme Signed-off-by: Richard Bonhomme Signed-off-by: David Sommerseth --- doc/man-sections/advanced-options.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/man-sections/advanced-options.rst b/doc/man-sections/advanced-options.rst index dbf7799c

[Openvpn-devel] [PATCH v2 6/8] doc/man: Adopt compression documentation

2020-07-16 Thread David Sommerseth
Commit c67e93b25208be2 updated the man page in reagrds to new compression options and improving existing compression options. This adopts those changes into the .rst format. Signed-off-by: David Sommerseth --- doc/man-sections/protocol-options.rst | 52 ++- 1 file

[Openvpn-devel] [PATCH v2 8/8] doc/man: Documentation for --bind-dev / VRFs on Linux

2020-07-16 Thread David Sommerseth
Signed-off-by: Maximilian Wilhelm Signed-off-by: David Sommerseth --- doc/man-sections/network-config.rst | 1 + .../virtual-routing-and-forwarding.rst| 78 +++ doc/man-sections/vpn-network-options.rst | 4 + 3 files changed, 83 insertions(+) create

[Openvpn-devel] [PATCH v2 0/8] man-page overhaul project - round 2

2020-07-16 Thread David Sommerseth
of that commit, but I wanted to be sure he gets the proper credit somehow. kind regards, David Sommerseth OpenVPN Inc David Sommerseth (7): doc/man: Add an .rst formatted version of the man page doc/man: Replace old man page with generated man page doc/man: Split up and reorganize main man page

Re: [Openvpn-devel] [PATCH v5 14/14] client-connect: Add documentation for the deferred client connect feature

2020-07-16 Thread David Sommerseth
On 16/07/2020 23:07, Gert Doering wrote: > Hi, > > On Thu, Jul 16, 2020 at 11:04:09PM +0200, David Sommerseth wrote: >> So I'm looking into migrating this text over to the new .rst format ... and I >> have a question ... > > This one *should* be identical to 6/6 fro

Re: [Openvpn-devel] [PATCH v5 14/14] client-connect: Add documentation for the deferred client connect feature

2020-07-16 Thread David Sommerseth
th_control_file/client_connect_deferred_file when using deferred auth method Is this what you intended to say? * OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY plugin hook and --client-connect scripts to return success/failure via auth_control_file/client_connect_deferred_file when using

[Openvpn-devel] [PATCH 12/16] doc/man: Misc grammar and typo fixes

2020-07-15 Thread David Sommerseth
From: Richard Bonhomme Signed-off-by: Richard Bonhomme Signed-off-by: David Sommerseth --- doc/man-sections/advanced-options.rst| 4 +-- doc/man-sections/client-options.rst | 17 +- doc/man-sections/connection-profiles.rst | 2 +- doc/man-sections/encryption-options.rst

[Openvpn-devel] [PATCH 10/16] doc/man: Moved --reneg-* options to its own section

2020-07-15 Thread David Sommerseth
The options related to renegotiation of the data channel encryption key is not really a link option. As the renegotiation is encryption related but doesn't really fit into the generic, tls or pkcs11 sections, add it into its own section. Signed-off-by: David Sommerseth --- doc/man-sections

[Openvpn-devel] [PATCH 14/16] doc/man: Update --txqueuelen default setting (Now OS default)

2020-07-15 Thread David Sommerseth
From: Richard Bonhomme Signed-off-by: Richard Bonhomme Signed-off-by: David Sommerseth --- doc/man-sections/advanced-options.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/man-sections/advanced-options.rst b/doc/man-sections/advanced-options.rst index dbf7799c

[Openvpn-devel] [PATCH 09/16] doc/man: Move some options from link to advanced section

2020-07-15 Thread David Sommerseth
Moved --persist-local-ip, --persist-remote-ip, --rcvbuf, --sndbuf and --shaper from the link options section to the advanced section. The rationale is that these options are not common to use and is for more advanced use cases where special tweaking is required. Signed-off-by: David Sommerseth

[Openvpn-devel] [PATCH 13/16] doc/man: Adopt compression documentation

2020-07-15 Thread David Sommerseth
Commit c67e93b25208be2 updated the man page in reagrds to new compression options and improving existing compression options. This adopts those changes into the .rst format. Signed-off-by: David Sommerseth --- doc/man-sections/protocol-options.rst | 52 ++- 1 file

[Openvpn-devel] [PATCH 16/16] doc/man: Minor improvements to the plug-in section

2020-07-15 Thread David Sommerseth
Make the valid syntax clearer and apply proper styling of few reference strings. Signed-off-by: David Sommerseth --- doc/man-sections/plugin-options.rst | 14 +++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/doc/man-sections/plugin-options.rst b/doc/man-sections

[Openvpn-devel] [PATCH 04/16] doc/man: Remove unsupported options in OpenVPN 2.5

2020-07-15 Thread David Sommerseth
This removes the options from the man page which is enlisted as deprecated options in OpenVPN 2.5. To provide some history, a short summary of why they were removed has been put into a new file which is included into its own "UNSUPPORTED OPTIONS" section in the man page. Signed-off

[Openvpn-devel] [PATCH 08/16] doc/man: Mark compression options as deprecated

2020-07-15 Thread David Sommerseth
-by: David Sommerseth --- doc/man-sections/protocol-options.rst | 19 ++- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/doc/man-sections/protocol-options.rst b/doc/man-sections/protocol-options.rst index 37e55eb7..5bc072af 100644 --- a/doc/man-sections/protocol

[Openvpn-devel] [PATCH 15/16] doc/man: Fix a few typos and improve style usage

2020-07-15 Thread David Sommerseth
The server returns "AUTH_FAILED". Such strings and code related references should use the :code:`SOME_STRING` style. Signed-off-by: David Sommerseth --- doc/man-sections/client-options.rst | 10 +- doc/man-sections/script-options.rst | 2 +- 2 files changed, 6 insert

[Openvpn-devel] [PATCH 11/16] doc/man: Cleaned up the examples

2020-07-15 Thread David Sommerseth
of the instructions should be fairly OS neutral and is a quick introduction how to get tunnels configured and gradually expand the configuration and improve the security along the way. Signed-off-by: David Sommerseth --- doc/man-sections/examples.rst | 105 -- 1

[Openvpn-devel] [PATCH 07/16] doc/man: Move --dhcp-option from client to vpn-network section

2020-07-15 Thread David Sommerseth
Even though the --dhcp-option is only useful in a client context, it is more related to configuration of the VPN network interface and the related settings. Signed-off-by: David Sommerseth --- doc/man-sections/client-options.rst | 69 doc/man-sections/vpn-network

[Openvpn-devel] [PATCH 06/16] doc/man: Move --bind from generic to link section

2020-07-15 Thread David Sommerseth
This is more related to the configuration of the link, plus --nobind is already placed in the link section. Signed-off-by: David Sommerseth --- doc/man-sections/generic-options.rst | 7 --- doc/man-sections/link-options.rst| 7 +++ 2 files changed, 7 insertions(+), 7 deletions

[Openvpn-devel] [PATCH 03/16] doc/man: Move profiles section

2020-07-15 Thread David Sommerseth
The profile documentation has been enlisted in between all the other OpenVPN options. As is not strictly an option by itself but a grouping mechanism, move it into its own section in the man page. This also makes the HTML rendering look much nicer and better structured. Signed-off-by: David

[Openvpn-devel] [PATCH 00/16] man-page overhaul project

2020-07-15 Thread David Sommerseth
into a single commit, I have no issues with that. kind regards, David Sommerseth OpenVPN Inc David Sommerseth (14): doc/man: Add an .rst formatted version of the man page doc/man: Replace old man page with generated man page doc/man: Move profiles section doc/man: Remove unsupported opti

Re: [Openvpn-devel] [Openvpn-users] Multiple DNS search suffixes on Windows

2020-07-02 Thread David Sommerseth
cation between the OpenVPN end-points themselves). The DNS settings and more related to host configuration and similar will be moved into an IV_FEAT field. Except of that, nothing else has changed from the initial mail. The main purpose of that RFC is to ensure we handle DNS and --dhcp-options cons

Re: [Openvpn-devel] [PATCH] New man page corrections - advanced-options.rst

2020-06-26 Thread David Sommerseth
. Defaults to operation system > + Set the TCP/UDP socket send buffer size. Defaults to operating system >default. Thanks again! I've squashed this change into your previous grammar/typo fix commit. -- kind regards, David Sommerseth

Re: [Openvpn-devel] [PATCH] New man page corrections - encryption-options.rst

2020-06-26 Thread David Sommerseth
t;; that would make it a bit difficult to use :) I think what was meant was: "This file should be kept secret *on* the server ..." -- kind regards, David Sommerseth OpenVPN Inc signature.asc Description: OpenPGP digital signature ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] New man page - Simple corrections

2020-06-26 Thread David Sommerseth
lign it with the other commits in this branch. -- kind regards, David Sommerseth OpenVPN Inc signature.asc Description: OpenPGP digital signature ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH 00/11] man-page overhaul project

2020-06-24 Thread David Sommerseth
On 24/06/2020 20:07, David Sommerseth wrote: > Hi, > > This is the first real review round of the man-page overhaul project. > Since the n/groff based openvpn.8 format is fairly cumbersome to edit, > we agreed at the 2019 Hackathon in Trento to move the man page into > some

[Openvpn-devel] [PATCH 07/11] doc/man: Move --dhcp-option from client to vpn-network section

2020-06-24 Thread David Sommerseth
Even though the --dhcp-option is only useful in a client context, it is more related to configuration of the VPN network interface and the related settings. Signed-off-by: David Sommerseth --- doc/man-sections/client-options.rst | 69 doc/man-sections/vpn-network

[Openvpn-devel] [PATCH 11/11] doc/man: Cleaned up the examples

2020-06-24 Thread David Sommerseth
of the instructions should be fairly OS neutral and is a quick introduction how to get tunnels configured and gradually expand the configuration and improve the security along the way. Signed-off-by: David Sommerseth --- doc/man-sections/examples.rst | 105 -- 1

[Openvpn-devel] [PATCH 10/11] doc/man: Moved --reneg-* options to its own section

2020-06-24 Thread David Sommerseth
The options related to renegotiation of the data channel encryption key is not really a link option. As the renegotiation is encryption related but doesn't really fit into the generic, tls or pkcs11 sections, add it into its own section. Signed-off-by: David Sommerseth --- doc/man-sections

[Openvpn-devel] [PATCH 04/11] doc/man: Remove unsupported options in OpenVPN 2.5

2020-06-24 Thread David Sommerseth
This removes the options from the man page which is enlisted as deprecated options in OpenVPN 2.5. To provide some history, a short summary of why they were removed has been put into a new file which is included into its own "UNSUPPORTED OPTIONS" section in the man page. Signed-off

[Openvpn-devel] [PATCH 03/11] doc/man: Move profiles section

2020-06-24 Thread David Sommerseth
The profile documentation has been enlisted in between all the other OpenVPN options. As is not strictly an option by itself but a grouping mechanism, move it into its own section in the man page. This also makes the HTML rendering look much nicer and better structured. Signed-off-by: David

[Openvpn-devel] [PATCH 09/11] doc/man: Move some options from link to advanced section

2020-06-24 Thread David Sommerseth
Moved --persist-local-ip, --persist-remote-ip, --rcvbuf, --sndbuf and --shaper from the link options section to the advanced section. The rationale is that these options are not common to use and is for more advanced use cases where special tweaking is required. Signed-off-by: David Sommerseth

[Openvpn-devel] [PATCH 08/11] doc/man: Mark compression options as deprecated

2020-06-24 Thread David Sommerseth
-by: David Sommerseth --- doc/man-sections/protocol-options.rst | 19 ++- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/doc/man-sections/protocol-options.rst b/doc/man-sections/protocol-options.rst index 37e55eb7..5bc072af 100644 --- a/doc/man-sections/protocol

[Openvpn-devel] [PATCH 06/11] doc/man: Move --bind from generic to link section

2020-06-24 Thread David Sommerseth
This is more related to the configuration of the link, plus --nobind is already placed in the link section. Signed-off-by: David Sommerseth --- doc/man-sections/generic-options.rst | 7 --- doc/man-sections/link-options.rst| 7 +++ 2 files changed, 7 insertions(+), 7 deletions

[Openvpn-devel] [PATCH 00/11] man-page overhaul project

2020-06-24 Thread David Sommerseth
sections. I will continue to update my own git branch containing this work as review comments come in until this is merged into master. You can find it here: https://gitlab.com/dazo/openvpn/-/tree/dev/man-reformatting/doc kind regards, David Sommerseth OpenVPN Inc. David Sommerseth (11

Re: [Openvpn-devel] Summary of the community meeting (24th June 2020)

2020-06-24 Thread David Sommerseth
ompression > - async cc > - VRF (which is quite trivial) > > The auth-token fixes are corner-cases and it was agreed that that can be > resolved between 2.5-alpha1 and 2.5-beta1. That's also incorrect. We will resolve these issues between the beta1 and rc1 releases. -- kind regard

[Openvpn-devel] [RFC] Challenges with OpenVPN and configuring DNS

2020-06-23 Thread David Sommerseth
what it will be capable of. -- kind regards, Arne Schwabe David Sommerseth OpenVPN Inc signature.asc Description: OpenPGP digital signature ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] systemd: Change the default cipher to AES-256-GCM for server configs

2020-06-22 Thread David Sommerseth
[resent for the ML inclusion] On 22/06/2020 18:58, Selva Nair wrote: > On Mon, Jun 22, 2020 at 7:31 AM David Sommerseth wrote: [...snip...] >> +ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log >> --status-version 2 --suppress-timestamps --cipher AES-256-GC

Re: [Openvpn-devel] [PATCH] systemd: Change the default cipher to AES-256-GCM for server configs

2020-06-22 Thread David Sommerseth
On 22/06/2020 14:43, Steffan Karger wrote: > Hi, > > On 22-06-2020 14:29, David Sommerseth wrote: >> On 22/06/2020 14:21, Arne Schwabe wrote: >>> >>>> PrivateTmp=true >>>> WorkingDirectory=/etc/openvpn/server >>>> -ExecStar

Re: [Openvpn-devel] [PATCH] systemd: Change the default cipher to AES-256-GCM for server configs

2020-06-22 Thread David Sommerseth
On 22/06/2020 19:20, André via Openvpn-devel wrote: > Hi, > > > Sent with ProtonMail Secure Email. > > ‐‐‐ Original Message ‐‐‐ > On Monday 22 June 2020 18:58, Selva Nair wrote: > >> On Mon, Jun 22, 2020 at 7:31 AM David Sommerseth dav...@openvpn.net w

Re: [Openvpn-devel] [PATCH] systemd: Change the default cipher to AES-256-GCM for server configs

2020-06-22 Thread David Sommerseth
grade. Do we want do do that? I'm fine with removing BF-CBC, but it is scheduled for removal in OpenVPN 2.6. <https://community.openvpn.net/openvpn/wiki/DeprecatedOptions#Policy:Removalofinsecureciphers:Cipherswithcipherblock-sizelessthan128bitsmostcommonlyBFDESCAST5IDEAandRC2

[Openvpn-devel] [PATCH] systemd: Change the default cipher to AES-256-GCM for server configs

2020-06-22 Thread David Sommerseth
of the OpenVPN binary itself with time. Signed-off-by: David Sommerseth --- Changes.rst | 15 +++ distro/systemd/openvpn-ser...@.service.in | 2 +- 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/Changes.rst b/Changes.rst index 00dd6ed8..e76d3c73

  1   2   3   4   5   6   7   8   9   10   >