On 19/04/10 15:51, Michal Soltys wrote:
On 4/10/19 3:45 PM, Michal Soltys wrote:
On 4/10/19 10:24 AM, Arne Schwabe wrote:
Am 09.04.19 um 16:34 schrieb Michal Soltys:
The man page states that when using --capath, the user is required to
provide CRLs for CAs. This is not true and providing CRLs
For the record - it seems that TransmitPackets is a Windows equivalent of
sendmmsg which sends each passed buffer in its own UDP datagram,
I have created a test project to understand better how it works,
https://github.com/lstipakov/TransmitPackets/blob/master/TransmitPackets.cpp ,
will try at
From: Arne Schwabe
This allows an external authentication method
(e.g. management interface) to track the connection and distinguish a
reconnection from multiple connections.
Addtionally this now also checks to workaround a problem with
OpenVPN 3 core that sometimes uses a username hint from
The previous auth-token implementation had a serious problem, especially when
paired with an unpatched OpenVPN client that keeps trying the auth-token
(commit e61b401a).
The auth-token-gen implementation forgot the auth-token on reconnect, this
lead to reconnect with auth-token never working.
This unifies our key generation and also migrates the generation
of the tls-crypt-v2 keys. Since tls-crypt-v2 is not included in any
released version, we remove the the old syntax without compatibility.
PATCH V4: Introduce warning/error when using --secret with --genkey
Update non code
From: Arne Schwabe
Patch V2: adapt unit tests to other V2 patches
Patch V4: Resolve rebase conflicts
---
tests/unit_tests/openvpn/Makefile.am | 20 +-
tests/unit_tests/openvpn/test_auth_token.c | 375 +
2 files changed, 394 insertions(+), 1 deletion(-)
create mode
From: Arne Schwabe
This allows OpenVPN 3 core to fall back to the original authentication
method.
This commit changes man_def_auth_set_client_reason to
auth_set_client_reason since it now used in more contexts.
Also remove a FIXME about client_reason not being freed, as it is freed
in
From: Arne Schwabe
This is useful for features that can use enither a persistent
or an ephemeral key.
Patch V2: Move the functionality of generating a random key into a
separate function that acts as wrapper for pem_read_key_file
Patch V4: Move wrapper functionality to caller and
When signalling the client that it should do Challenge response
without reconnecting (IV_SSO=crtext/INFOPRE=CR_TEXT), the server
needs forward the response via the management console.
Signed-off-by: Arne Schwabe
---
doc/management-notes.txt | 19 +++
src/openvpn/forward.c|
These patches mainly implement forwarding passing/forwarding extra
messages between management interface on server and client side.
These new extra messages can be used to implement a two step
authentication like TOTP (Google Authenticator) or web based
out of band (like SAML).
Since this
This implements sending AUTH_PENDING and INFO_PRE messages to clients
that indicate that the clients should be continue authentication with
a second factor. This can currently be out of band (openurl) or a normal
challenge/response 2FA like TOTP (CR_TEXT).
Note that this also sends a AUTH_PENDING
Signed-off-by: Arne Schwabe
---
src/openvpn/ssl.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
index 640808f9..45806553 100644
--- a/src/openvpn/ssl.c
+++ b/src/openvpn/ssl.c
@@ -2343,7 +2343,9 @@ push_peer_info(struct buffer *buf,
OpenVPN out of band and auth pending authentication implements these
messages to send information during the authentication to the UI,
implement these message also in OpenVPN 2.x to be able to be piked up
by the UI
Signed-off-by: Arne Schwabe
---
src/openvpn/forward.c | 8
> * The --help screen is inaccurate in regards to --auth-gen-token and --genkey
> entries.
>
> * Using --genkey with --secret now sends the key to stdout instead of the
> given --secret file. I don't recall if we discussed this and if this was
> considered expected.
These two will be
When a client announces its support to support text based
challenge/response via IV_SOO=cr_text,the client needs to also
be able to reply to that response.
This adds the "cr-response" management function to be able to
do this. The answer should be base64 encoded.
Signed-off-by: Arne Schwabe
---
Hi,
On Thu, Jun 13, 2019 at 2:35 PM Selva Nair wrote:
>
> Hi
>
> On Thu, Jun 13, 2019 at 10:42 AM Arne Schwabe wrote:
> >
> > These patches mainly implement forwarding passing/forwarding extra
> > messages between management interface on server and client side.
> >
> > These new extra messages
Hi
On Thu, Jun 13, 2019 at 10:42 AM Arne Schwabe wrote:
>
> These patches mainly implement forwarding passing/forwarding extra
> messages between management interface on server and client side.
>
> These new extra messages can be used to implement a two step
> authentication like TOTP (Google
Hi,
Il 13/06/19 00:21, Dan Haim ha scritto:
> Hello,
>
> I've just managed to compile a Windows on ARM64 port of OpenVPN. If you
> happen to have a Windows on ARM laptop (ARM64, not the old RT) I'd like
> to hear from you and help test things out. I've uploaded it here for the
> time being –
18 matches
Mail list logo