Patch has been applied to the master branch.
(Changes.rst hunk and "all other clients" adjusted appropriately)
commit c83b197a72a6f909a4ddcded027469f0da5d4a24
Author: Gert Doering
Date: Wed Jul 15 11:01:05 2020 +0200
Add deferred authentication support to plugin-auth-pam
From: Richard Bonhomme
Signed-off-by: Richard Bonhomme
Signed-off-by: David Sommerseth
---
doc/man-sections/advanced-options.rst| 4 +--
doc/man-sections/client-options.rst | 17 +-
doc/man-sections/connection-profiles.rst | 2 +-
doc/man-sections/encryption-options.rst |
Am 15.07.2020 um 16:59 schrieb Antonio Quartulli:
> Hi,
>
> On 15/07/2020 16:16, Arne Schwabe wrote:
> [CUT]
>
>> -multi_client_connect_early_setup(m, mi);
>> +handler = _connect_handlers[defer_state->cur_handler_index];
>>
>> -for (int i = 0; cc_succeeded && handlers[i]; i++)
>> +
Hi,
The time has come to send this pile of patches to the mailing list,
which incorporates many improvements by Richard Bonhomme (Thanks a lot!).
I do however fear that patch 5/16 and possibly patch 1/16 and 2/16 will
be rejected by the sourceforge mailman instance as they might exceed some
Removed a lot of outdated information. The loading of the tun module is
not needed on current Linux distributions; it is automatically loaded
when needed.
Also removed all the iptables references and rather refer the reader to
figure out how firewalling is configured on their system. The reason
Make the valid syntax clearer and apply proper styling of few
reference strings.
Signed-off-by: David Sommerseth
---
doc/man-sections/plugin-options.rst | 14 +++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/doc/man-sections/plugin-options.rst
This removes the options from the man page which is enlisted as
deprecated options in OpenVPN 2.5. To provide some history, a short
summary of why they were removed has been put into a new file which is
included into its own "UNSUPPORTED OPTIONS" section in the man page.
Signed-off-by: David
Due to the VORACLE attack vector, compression in general is deprecated.
Make this clear in the man page.
Also remove an incorrect statement claiming --compress lzo is compatible
with --comp-lzo. It is not, as --compress lzo uses a different
compression framing than --comp-lzo.
Signed-off-by:
The server returns "AUTH_FAILED". Such strings and code related
references should use the :code:`SOME_STRING` style.
Signed-off-by: David Sommerseth
---
doc/man-sections/client-options.rst | 10 +-
doc/man-sections/script-options.rst | 2 +-
2 files changed, 6 insertions(+), 6
Even though the --dhcp-option is only useful in a client context, it is
more related to configuration of the VPN network interface and the
related settings.
Signed-off-by: David Sommerseth
---
doc/man-sections/client-options.rst | 69
The options related to renegotiation of the data channel encryption key
is not really a link option. As the renegotiation is encryption
related but doesn't really fit into the generic, tls or pkcs11 sections,
add it into its own section.
Signed-off-by: David Sommerseth
---
From: Richard Bonhomme
Signed-off-by: Richard Bonhomme
Signed-off-by: David Sommerseth
---
doc/man-sections/advanced-options.rst | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/doc/man-sections/advanced-options.rst
b/doc/man-sections/advanced-options.rst
index
Moved --persist-local-ip, --persist-remote-ip, --rcvbuf, --sndbuf
and --shaper from the link options section to the advanced section.
The rationale is that these options are not common to use and is for
more advanced use cases where special tweaking is required.
Signed-off-by: David Sommerseth
Commit c67e93b25208be2 updated the man page in reagrds to new
compression options and improving existing compression options. This
adopts those changes into the .rst format.
Signed-off-by: David Sommerseth
---
doc/man-sections/protocol-options.rst | 52 ++-
1 file
The profile documentation has been enlisted in between all
the other OpenVPN options. As is not strictly an option by
itself but a grouping mechanism, move it into its own section in the man
page. This also makes the HTML rendering look much nicer and better
structured.
Signed-off-by: David
This is more related to the configuration of the link, plus --nobind is
already placed in the link section.
Signed-off-by: David Sommerseth
---
doc/man-sections/generic-options.rst | 7 ---
doc/man-sections/link-options.rst| 7 +++
2 files changed, 7 insertions(+), 7 deletions(-)
Hi,
On 11/07/2020 11:36, Arne Schwabe wrote:
> From: Fabian Knittel
>
> This patch introduces the concept of a return value file for the
> client-connect
> handlers. (This is very similar to the auth value file used during deferred
> authentication.) The file name is stored in the
If OpenVPN signals deferred authentication support (by setting
the internal environment variables "auth_control_file" and
"deferred_auth_pam"), do not wait for PAM stack to finish. Instead,
the privileged PAM process returns RESPONSE_DEFER via the control
socket, which gets turned into
Hi Everyone,
do you have an update on the latest patch I sent? There have been
updates to wolfSSL to fix the remaining issues brought up last time.
Thanks
Juliusz
On 16/06/2020 20:00, Juliusz Sosinowicz wrote:
This patch adds support for wolfSSL in OpenVPN. Support is added by using
Hi,
On 11/07/2020 11:36, Arne Schwabe wrote:
> This make the code a bit better readable and also prepares resuing
> the function for client-connect return files
>
> Signed-off-by: Arne Schwabe
This patch looks good and does what it says. No functional change is
implemented, but it's all about
Your patch has been applied to the master branch.
Fixed the typo in the commit message as requested.
Tested yesterday on client and server testbed, which tests all these states.
I have not modified the "static" hunk - it would be a better fit in
another patch, but it's useful, reasonably
Am 14.07.20 um 14:32 schrieb Antonio Quartulli:
> can we please add a variable for the index and make all these long lines
> saner? Now they are really ugly:
>
> int idx = defer_state->cur_handler_index;
> while (cc_succeeded
>&& client_connect_handlers[idx].main != NULL)
>
> and also
Your patch has been applied to the master branch.
(I have merged this out of sequence while we still haggle about
the least ugly way for 08 :-) - it's really "just moving this
code parts", but due to the reformatting and variable renaming
git can't see it. Compared manually. Also applied the
Hi,
On Wed, Jul 15, 2020 at 01:31:32PM +0200, Gert Doering wrote:
> commit a8f8b926718 introduces $ENV{ifconfig_pool_local_ip6} and
> $ENV{ifconfig_pool_remote_ip6}, but instead of properly setting them,
> the code overwrites the IPv4 variables, $ENV{ifconfig_pool_remote}
> and
Hi,
Thanks for v3. All good except Changes.rst has diverged, so the patch
doesn't apply as is. Can be fixed at merge time.
The code is unchanged from the last version and the added text in
README is clear and detailed. A minor grammar thingy:
"all forwarding for all other client" -- > "all
typo
On 15/07/2020 15:16, Arne Schwabe wrote:
This patch moves the state, that was previously tracked within the
multi_connection_established() function, into struct client_connect_state. The
multi_connection_established() function can now be exited and re-entered as
many times as necessary -
Hi,
my test rig today is not testing "client-connect" plugins yet, but
it better should do so (while Arne is busy rebuilding all that stuff).
Before I start writing something basic - does anyone of you happen to
use an existing plugin that provides client-connect functionality
(as in "create
Acked-by: Gert Doering
Your patch has been applied to the master branch.
It has been stared-at, and tested on the server side test rig.
We've had quite a bit of discussion about this on IRC, and the conclusion is
"multiple calls to these functions might be needed in some situations"
(like,
Am 15.07.20 um 13:31 schrieb Gert Doering:
> commit a8f8b926718 introduces $ENV{ifconfig_pool_local_ip6} and
> $ENV{ifconfig_pool_remote_ip6}, but instead of properly setting them,
> the code overwrites the IPv4 variables, $ENV{ifconfig_pool_remote}
> and $ENV{ifconfig_pool_local}.
>
> Trivial
commit a8f8b926718 introduces $ENV{ifconfig_pool_local_ip6} and
$ENV{ifconfig_pool_remote_ip6}, but instead of properly setting them,
the code overwrites the IPv4 variables, $ENV{ifconfig_pool_remote}
and $ENV{ifconfig_pool_local}.
Trivial fix.
Signed-off-by: Gert Doering
---
Your patch has been applied to the master branch.
White space has been whacked as instructed :-)
Tested (yesterday) already on the server test rig, all good.
The code changes look good (though I find the patch granularity "too fine",
with all the extra calls to cc_check_return() added just to
This patch moves the state, that was previously tracked within the
multi_connection_established() function, into struct client_connect_state. The
multi_connection_established() function can now be exited and re-entered as
many times as necessary - without losing the client-connect handling state.
Your patch has been applied to the master branch.
commit 90ed0fd2df37441dd6fc368ece006e4dd49093e9
Author: Arne Schwabe
Date: Wed Jul 15 16:14:25 2020 +0200
reformat multi_client_generate_tls_keys according to uncrustify
Signed-off-by: Arne Schwabe
Acked-by: Antonio Quartulli
Hi
On 13-07-2020 11:46, Arne Schwabe wrote:
> @@ -1100,7 +1100,7 @@ process_incoming_link_part1(struct context *c, struct
> link_socket_info *lsi, boo
> floated, _start))
> {
> /* Restore pre-NCP frame parameters */
> -
The refactor accidently used a wrong code style template and
ended up using 2 instead of 4 as indent.
Signed-off-by: Arne Schwabe
---
src/openvpn/multi.c | 20 ++--
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c
index
Hi,
On 15/07/2020 16:14, Arne Schwabe wrote:
> The refactor accidently used a wrong code style template and
> ended up using 2 instead of 4 as indent.
>
> Signed-off-by: Arne Schwabe
Acked-by: Antonio Quartulli
--
Antonio Quartulli
___
Hi,
On 15/07/2020 16:16, Arne Schwabe wrote:
[CUT]
> -multi_client_connect_early_setup(m, mi);
> +handler = _connect_handlers[defer_state->cur_handler_index];
>
> -for (int i = 0; cc_succeeded && handlers[i]; i++)
> +while (cc_succeeded && handler->main != NULL)
> {
> -
37 matches
Mail list logo
