Re: [Openvpn-devel] openvpn windows gui

On Mon, Feb 27, 2012 at 6:18 PM, Alon Bar-Lev wrote: > Will be ready in a few hours. Done [1]. Tarball is available. Please review/pull. Basically you need to modify the --with-crypto... With: ./configure CFLAGS="-Ixxx/include" LDFLAGS="-Lxxx/lib" Where xxx is the openssl

Re: [Openvpn-devel] [PATCH 01/02] Add support for PolarSSL 1.1.x branch

On 28.02.2012 1:37, Fabian Knittel wrote: Hi Igor, 2012/2/27 Igor Novgorodov: The attached patch adds checking for PolarSSL version on crypto_polarssl.c and depending on which version we are using (1.0.x or 1.1.x) chooses a new shiny havege_random() function, or an old ugly

Re: [Openvpn-devel] [PATCH 02/02] Remove calls to OpenSSL when building with --disable-ssl

Then maybe we should move these calls to crypto_openssl.c into crypto_init_lib() function to make crypto.c library-independent? And why OpenSSL_add_all_algorithms() and stuff is called only when USE_SSL is not defined? And if these calls are for 0.9.8, maybe add a check for OpenSSL version?

Re: [Openvpn-devel] [PATCH 01/02] Add support for PolarSSL 1.1.x branch

Hi Igor, 2012/2/28 Igor Novgorodov : > On 28.02.2012 1:37, Fabian Knittel wrote: >> Your patch removes the code that causes havege_init() to only be >> called once. You never want to initialise your PRNG more than once, >> otherwise you increase the risk that your randomness is

Re: [Openvpn-devel] [PATCH 01/02] Add support for PolarSSL 1.1.x branch

Hi Fabian and Igor, Thanks for your patch! As the Havege random number generator has some known issues on a (limited) set of virtual machines, there's a brand new RNG in PolarSSL. I'm currently working on a more complete support patch for PolarSSL's new RNG. Instead of calling Havege

Re: [Openvpn-devel] [PATCH 02/02] Remove calls to OpenSSL when building with --disable-ssl

Hmmm I really can't tell... maybe can be removed until someone reports an issue... I just remember that there were cases it was needed and cases it wasn't. It will not hurt to call these in any case. On Tue, Feb 28, 2012 at 7:54 AM, Igor Novgorodov wrote: > Then maybe we

Re: [Openvpn-devel] [PATCH 02/02] Remove calls to OpenSSL when building with --disable-ssl

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 28/02/12 06:54, Igor Novgorodov wrote: > Then maybe we should move these calls to crypto_openssl.c into > crypto_init_lib() function to make crypto.c library-independent? And > why OpenSSL_add_all_algorithms() and stuff is called only when >

Re: [Openvpn-devel] static build

>> Mr Dash Four: could you try following the steps Alon gave in his earlier >> mail to see if it works for you? The buildsystem fetches the >> dependencies from standard URLs, see "openvpn-build/generic/build.vars". >> > Except that they are not "standard", at least not all of them. > The

Re: [Openvpn-devel] [PATCH 02/02] Remove calls to OpenSSL when building with --disable-ssl

On 28.02.2012 14:39, David Sommerseth wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 28/02/12 06:54, Igor Novgorodov wrote: Then maybe we should move these calls to crypto_openssl.c into crypto_init_lib() function to make crypto.c library-independent? And why

Re: [Openvpn-devel] [PATCH 02/02] Remove calls to OpenSSL when building with --disable-ssl

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 28/02/12 12:16, Igor Novgorodov wrote: > On 28.02.2012 14:39, David Sommerseth wrote: >> On 28/02/12 06:54, Igor Novgorodov wrote: >>> Then maybe we should move these calls to crypto_openssl.c into >>> crypto_init_lib() function to make crypto.c

Re: [Openvpn-devel] [PATCH 02/02] Remove calls to OpenSSL when building with --disable-ssl

On 28.02.2012 15:34, David Sommerseth wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 28/02/12 12:16, Igor Novgorodov wrote: On 28.02.2012 14:39, David Sommerseth wrote: On 28/02/12 06:54, Igor Novgorodov wrote: Then maybe we should move these calls to crypto_openssl.c into

Re: [Openvpn-devel] [PATCH 02/02] Remove calls to OpenSSL when building with --disable-ssl

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 28/02/12 12:40, Igor Novgorodov wrote: > On 28.02.2012 15:34, David Sommerseth wrote: >> On 28/02/12 12:16, Igor Novgorodov wrote: >>> On 28.02.2012 14:39, David Sommerseth wrote: On 28/02/12 06:54, Igor Novgorodov wrote: [...snip...]

Re: [Openvpn-devel] openvpn windows gui

Samuli Seppänen wrote: We should probably write an installer. I'm not sure if it's the best idea to make each and every GUI project out there write it's own installer, when it's mostly a single executable that needs to be replaced to package it with upstream openvpn. The pragmatic way

Re: [Openvpn-devel] openvpn windows gui

2012/2/28 Jan Just Keijser : > Samuli Seppänen wrote: We should probably write an installer. >>> >>> I'm not sure if it's the best idea to make each and every GUI project out >>> there write it's own installer, when it's mostly a single executable that >>> needs

Re: [Openvpn-devel] [PATCH 02/02] Remove calls to OpenSSL when building with --disable-ssl

On 02/28/2012 12:48 PM, David Sommerseth wrote: > On 28/02/12 12:40, Igor Novgorodov wrote: >> On 28.02.2012 15:34, David Sommerseth wrote: >> And when building with SSL support, it won't be called here, but >> in ssl_openssl.c in tls_init_lib() instead. > > Indeed. This looks good. So unless

Re: [Openvpn-devel] [PATCH] Bogus check for negative values on an unsigned number.

Hi, On Fri, Feb 17, 2012 at 10:58:16PM +0100, Gert Doering wrote: > [ on ir->netbits and ir6->netbits, signed int vs. unsigned int ] > > Thanks for reporting this. I'll look into it. I've dug a bit further into the code, and the IPv4 and IPv6 code differ here - IPv4 flags "a host iroute" with

[Openvpn-devel] OpenVPN 2.3-alpha1 released

The OpenVPN community project team is proud to release OpenVPN 2.3-alpha1. It can be downloaded from here: This release includes a few new major features: * Complete IPv6 support, both transport and payload * Optional PolarSSL support

[Openvpn-devel] Temporarily delaying patch acceptances

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all, As you all probably know, Alon Bar-Lev is doing a revolution to our build system. The more I look at these changes, the more I like them, and it shows how overdue this process was. Alon's patches changes so much inside the source tree,

[Openvpn-devel] [PATCH] Fixed off-by-one in serial length calculation

The serial length was one digit too short, resulting in missing digits at the end of the certificate's stringified serial number. Signed-off-by: Adriaan de Jong --- ssl_verify_polarssl.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git

[Openvpn-devel] [PATCH 1/2] Added support for new PolarSSL 1.1 RNG

This patch, while retaining PolarSSL 1.0 support, introduces the PolarSSL 1.1 DRBG. This RNG adds a number of features, including support for personalisation strings and multiple entropy sources. Personalisation strings have been implemented, based on PID, program name, place within memory,

[Openvpn-devel] [PATCH 2/2] Added a configuration option to enable prediction resistance in the PolarSSL random number generator.

Signed-off-by: Eelse-jan Stutvoet Signed-off-by: Adriaan de Jong --- crypto_polarssl.c |9 + crypto_polarssl.h |7 +++ init.c|6 ++ openvpn.8 | 14 ++ options.c | 22

Re: [Openvpn-devel] OpenVPN 2.3-alpha1 released

* Improved plug-in API (v3) which can more easily be expanded in the future: includes support for direct access to X.509 certificate data in plug-ins [...] * One-to-one NAT to circumvent IP address conflicts between local and remote networks Is there any help/doc/wiki where I

Re: [Openvpn-devel] OpenVPN 2.3-alpha1 released

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 28/02/12 17:32, Mr Dash Four wrote: > >> * Improved plug-in API (v3) which can more easily be expanded in >> the future: includes support for direct access to X.509 certificate >> data in plug-ins [...] * One-to-one NAT to circumvent IP address >>

[Openvpn-devel] Another undocumented feature: management-external-key

Hello David, Please also work to document this commit (management-notes, man). It is extrenely important feature, for example it can be used to move the whole smartcard interaction to the UI. This feature should be extended to provide X.509 certificate as well, it is incomplete without this.

Re: [Openvpn-devel] [PATCH 1/2] Added support for new PolarSSL 1.1 RNG

Hi Adriaan, I only found a minor nit: 2012/2/28 Adriaan de Jong : > --- a/ssl.c > +++ b/ssl.c > @@ -385,6 +385,11 @@ init_ssl (const struct options *options, struct > tls_root_ctx *new_ctx) >       tls_ctx_restrict_ciphers(new_ctx, options->cipher_list); >     } > > +#ifdef

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

Hello Samuli, > The OpenVPN community project team is proud to release OpenVPN > 2.3-alpha1. It can be downloaded from here: > > This release includes a few new major features: > * Complete IPv6 support, both transport and payload > *

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

2012/2/28 Carsten Krüger : >>  * New OpenVPN-GUI > > Are there any chances to get full non-admin support for windows in version > 2.3 final? > > I mean strict seperation between OpenVPN service running with local system > privileges (can modify routes, etc.) and usermode part

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 28/02/12 18:31, Carsten Krüger wrote: > Hello Samuli, > >> The OpenVPN community project team is proud to release OpenVPN >> 2.3-alpha1. It can be downloaded from here: > >> > >> This

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

Hello Alon, ABL> This is *THE* missing functionality in Windows environment. ABL> It seems that nobody interested in developing proper UI using ABL> management interface for Windows. ABL> Same goes to proper smartcard support. Developing the UI (command line) would be trivial but to my knowledge

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 28/02/12 19:07, Alon Bar-Lev wrote: > 2012/2/28 Carsten Krüger : >>> * New OpenVPN-GUI >> >> Are there any chances to get full non-admin support for windows in >> version 2.3 final? >> >> I mean strict seperation between

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

Hello David, > The solution we've ended up with is a OpenVPN service helper which runs > some code parts with admin rights and the OpenVPN binary itself > (openvpn.exe) will run completely unprivileged. Those two instances will > communicate via named pipes, to set up the proper routes and other

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 28/02/12 19:17, Carsten Krüger wrote: > Hello Alon, > > ABL> This is *THE* missing functionality in Windows environment. ABL> > It seems that nobody interested in developing proper UI using ABL> > management interface for Windows. ABL> Same goes

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

On Tue, Feb 28, 2012 at 8:25 PM, David Sommerseth wrote: >> This is *THE* missing functionality in Windows environment. It seems >> that nobody interested in developing proper UI using management >> interface for Windows. Same goes to proper smartcard support. > > I

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

2012/2/28 David Sommerseth : > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 28/02/12 19:17, Carsten Krüger wrote: >> Hello Alon, >> >> ABL> This is *THE* missing functionality in Windows environment. ABL> >> It seems that nobody interested in developing

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 28/02/12 19:29, Carsten Krüger wrote: > Hello David, > >> The solution we've ended up with is a OpenVPN service helper which >> runs some code parts with admin rights and the OpenVPN binary >> itself (openvpn.exe) will run completely unprivileged.

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 28/02/12 19:42, Alon Bar-Lev wrote: > 2012/2/28 David Sommerseth : >> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 >> >> On 28/02/12 19:17, Carsten Krüger wrote: >>> Hello Alon, >>> >>> ABL> This is *THE* missing

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

Hi, On Tue, Feb 28, 2012 at 06:31:03PM +0100, Carsten Krüger wrote: > Are there any chances to get full non-admin support for windows in version > 2.3 final? Work is going on on full privilege separation for windows. It's not done yet, so we'll see whether it will make 2.3 (which was the

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

Hello Alon, > This is *THE* missing functionality in Windows environment. > It seems that nobody interested in developing proper UI using > management interface for Windows. > Same goes to proper smartcard support. I found that openvpn management interface works as I'd like it. Add the

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

Hello, > et voila openvpn connects. Use this to disconnect: |forget-passwords |SUCCESS: Passwords were forgotten |signal SIGUSR1 |SUCCESS: signal SIGUSR1 thrown |>HOLD:Waiting for hold release greetings Carsten

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

2012/2/28 Carsten Krüger : > Hello Alon, > >> This is *THE* missing functionality in Windows environment. >> It seems that nobody interested in developing proper UI using >> management interface for Windows. >> Same goes to proper smartcard support. > > I found that openvpn

Re: [Openvpn-devel] [PATCH 00/35] build revolution

Hello, I think I finished. David, tell me if you want me to send the patches to the list. I think these are way too long. I will be happy if people can test this. Modified OpenVPN repository[1], build system re-write + cleanups. Build automation repository[2], provides cross compile, msvc and

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

Hello Alon, > Right. This is long existing feature, just that in Windows people > expect to work using UI... I don't expect a UI but usefull documentation. management-notes.txt isn't even bundled with windows binaries :-( I use openvpn since version 1 on windows and wasn't aware that the

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

2012/2/29 Carsten Krüger : >> Years back I wrote a simple .net to do to this... > > Could you please share? > I found that openvpn.exe is extremly unstable on non perfectly friendly > behaving client ... I use [1], a simple perl/kde UI for Linux. I deleted the .net as I did not