Re: [Openvpn-devel] Separate apt repositories for 2.4-alpha/beta/rc releases?

On 14 Oct 2016 9:14 p.m., "Matthias Andree" wrote: > > Am 14.10.2016 um 17:28 schrieb Samuli Seppänen: > > Hi, > > > > Should we have a separate apt repository for "unstable" apt packages? > > Right now our apt repositories hold 2.3.x packages, meaning that > > upgrades

Re: [Openvpn-devel] [PATCH 2/5] auth-gen-token: Add --auth-gen-token option

On 13-10-16 21:59, David Sommerseth wrote: > This sets the flag if the OpenVPN server should create authentication > tokens on-the-fly on successful --auth-user-pass-verify or --plugin with > OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY processing. > > If an OpenVPN server is running without this

Re: [Openvpn-devel] [PATCH applied] Move memcmp_constant_time() to crypto.h

On 14/10/16 10:48, David Sommerseth wrote: > Your patch has been applied to the master branch > > commit b891e57e1fe794483c08296e32c15751f2676a2d > Author: David Sommerseth > Date: Thu Oct 13 21:59:27 2016 +0200 > > Move memcmp_constant_time() to crypto.h > > Signed-off-by: David

[Openvpn-devel] [PATCH v2 3/5] auth-gen-token: Generate an auth-token per client

When --auth-gen-token is used a random token key is generated for each client after a successful user/password authentication. This token is expected to be returned in the password field on the following authentications. The token is 256 bits long and BASE64 encoded before it is stored. v2 -

Re: [Openvpn-devel] [PATCH 1/5] Move memcmp_constant_time() to crypto.h

Hi David, On 13-10-16 21:59, David Sommerseth wrote: > This function is quite useful other places, so make it generally > accessible. > > Signed-off-by: David Sommerseth > --- > src/openvpn/crypto.c | 18 -- > src/openvpn/crypto.h | 18 ++ >

Re: [Openvpn-devel] [PATCH 3/5] auth-gen-token: Generate an auth-token per client

Hi, Patch looks good, but haven't tested yet. Will test he set as a whole. Some minor remarks: On 13-10-16 21:59, David Sommerseth wrote: > When --auth-gen-token is used a random token key is generated for > each client after a successful user/password authentication. This > token is expected

Re: [Openvpn-devel] [PATCH applied] Move memcmp_constant_time() to crypto.h

binefI2zJVRFB.bin Description: PGP/MIME version identification encrypted.asc Description: OpenPGP encrypted message -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org!

[Openvpn-devel] [PATCH] auth-gen-token: Add --auth-gen-token option

This sets the flag if the OpenVPN server should create authentication tokens on-the-fly on successful --auth-user-pass-verify or --plugin with OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY processing. If an OpenVPN server is running without this option, it should behave as before. Next patches will

Re: [Openvpn-devel] [Patch v5] Remove tun-ipv6 Option. Instead assume that IPv6 is always supported.

Hi, On Thu, Oct 13, 2016 at 06:54:16PM +0200, Arne Schwabe wrote: > Patch V5: Assume generic OS in tun.c is also IPv6 capable. Add changes to man > page. Fix typos/change message as suggest by David. Patch still looks reasonable. Since David tested Linux, I gave NetBSD 5.1 a run for the money

Re: [Openvpn-devel] [PATCH applied] Remove tun-ipv6 Option. Instead assume that IPv6 is always supported.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ACK. This looks good now, testing looks fine on Linux (SL7.2 x86_64) too. I've done some editorial changes to the commit message though, nothing changed except adding and removing whitespaces and fixing a few typos (Ipv6 -> IPv6, etc). Your patch

Re: [Openvpn-devel] [PATCH 4/5] auth-gen-token: Push generated auth-tokens to the client

On 13/10/16 21:59, David Sommerseth wrote: > If --auth-gen-token has been enabled and a token has been generated, > ensure this token is pushed to the client using the 'auth-token' option. > > Signed-off-by: David Sommerseth > --- > src/openvpn/misc.c | 5 + >

[Openvpn-devel] Separate apt repositories for 2.4-alpha/beta/rc releases?

Hi, Should we have a separate apt repository for "unstable" apt packages? Right now our apt repositories hold 2.3.x packages, meaning that upgrades have historically been fairly minor. That said, users who use _our_ apt repositories have expressed interest in using something newer than what

Re: [Openvpn-devel] [PATCH v2 3/5] auth-gen-token: Generate an auth-token per client

Meh ... disregard this patch. Just noticed that the auth_token_sent member in the struct tls_options sneaked into this patch during my git rebasing. I'll send the correct v2 patch (as v2.1 in the subject only) -- kind regards, David Sommerseth On 14/10/16 12:18, David Sommerseth wrote: >

[Openvpn-devel] [PATCH v2.1 3/5] auth-gen-token: Generate an auth-token per client

When --auth-gen-token is used a random token key is generated for each client after a successful user/password authentication. This token is expected to be returned in the password field on the following authentications. The token is 256 bits long and BASE64 encoded before it is stored. v2 -

Re: [Openvpn-devel] [PATCH v2 3/5] auth-gen-token: Generate an auth-token per client

binzYSpfSyiyE.bin Description: PGP/MIME version identification encrypted.asc Description: OpenPGP encrypted message -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org!

Re: [Openvpn-devel] Separate apt repositories for 2.4-alpha/beta/rc releases?

Am 14.10.2016 um 17:28 schrieb Samuli Seppänen: > Hi, > > Should we have a separate apt repository for "unstable" apt packages? > Right now our apt repositories hold 2.3.x packages, meaning that > upgrades have historically been fairly minor. > > That said, users who use _our_ apt repositories

Re: [Openvpn-devel] [PATCH 4/5] auth-gen-token: Push generated auth-tokens to the client

On 14/10/16 15:30, Steffan Karger wrote: > > > On 13-10-16 21:59, David Sommerseth wrote: >> If --auth-gen-token has been enabled and a token has been generated, >> ensure this token is pushed to the client using the 'auth-token' option. >> >> Signed-off-by: David Sommerseth

[Openvpn-devel] [PATCH v2 4/5] auth-gen-token: Push generated auth-tokens to the client

If --auth-gen-token has been enabled and a token has been generated, ensure this token is pushed to the client using the 'auth-token' option. This patch will also remove the logging of auth-token values being pushed, unless --verb level is 7 or higher. v2 - Don't exceed 80 chars line length