[Openvpn-devel] [PATCH] Added environment variable for IPv6 route metric.

--- doc/man-sections/script-options.rst | 8 src/openvpn/route.c | 7 +++ 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/doc/man-sections/script-options.rst b/doc/man-sections/script-options.rst index a4df6732..03b3dd77 100644 ---

[Openvpn-devel] OpenVPN 2.5-rc2 released

The OpenVPN community project team is proud to release OpenVPN 2.5-rc2. Source code and Windows installers can be downloaded from our download page: Debian and Ubuntu packages are available in the official apt repositories:

[Openvpn-devel] [PATCH 06/11] Add S_EXITCODE flag for openvpn_run_script to report exit code

This allows to use script that have more than just fail/sucess but also deferred as status Signed-off-by: Arne Schwabe --- src/openvpn/platform.c| 35 +++ src/openvpn/platform.h| 5 - src/openvpn/run_command.c | 25 -

[Openvpn-devel] [PATCH 08/11] Allow pending auth to be send from a auth plugin

Signed-off-by: Arne Schwabe --- doc/man-sections/generic-options.rst | 3 +- include/openvpn-plugin.h.in | 8 ++ src/openvpn/ssl.c| 2 +- src/openvpn/ssl_common.h | 1 + src/openvpn/ssl_verify.c | 165 ---

[Openvpn-devel] [PATCH] Allow 'none' cipher being specified in --data-ciphers

Although we want to get rid of none as cipher, we still have not deprecated it. In order to use it currently you need --ncp-disable together with --cipher none to use the none cipher. In our current situation allowing none to be specified in data-ciphers is the lesser evil. This commit also

[Openvpn-devel] [PATCH 02/11] Implement client side handling of AUTH_PENDING message

This allows a client to extend the timeout of pull-request response while waiting for the user to complete a pending authentication. A timeout of 60s for a normal authentication might still works for a simple 2FA (but still challenging). With a sophisticated (or overly complicated) web based

[Openvpn-devel] [PATCH 09/11] Implement deferred auth for scripts

Signed-off-by: Arne Schwabe --- Changes.rst | 9 + doc/man-sections/script-options.rst | 14 +++- src/openvpn/ssl_verify.c| 56 - 3 files changed, 70 insertions(+), 9 deletions(-) diff --git a/Changes.rst b/Changes.rst

[Openvpn-devel] [PATCH 10/11] Implement --client-crresponse script options and plugin interface

This is allows scripts and pluginsto parse/react to a CR_RESPONSE message Signed-off-by: Arne Schwabe --- Changes.rst | 7 doc/man-sections/script-options.rst | 28 - include/openvpn-plugin.h.in | 7 +++- src/openvpn/init.c |

[Openvpn-devel] [PATCH 01/11] Change pull request timeout use a timeout rather than a number

This commit changes the count n_sent_push_requests to time_t based push_request_timeout. This is more in line to our other timeouts which are also time based instead of number retries based. This does not change the behaviour but it prepares allowing to extend the pull request timeout during a

[Openvpn-devel] [PATCH 03/11] Implement server side of AUTH_PENDING with extending timeout

Signed-off-by: Arne Schwabe --- src/openvpn/manage.c | 26 +-- src/openvpn/manage.h | 3 ++- src/openvpn/multi.c | 27 +++- src/openvpn/push.c | 55 +--- src/openvpn/push.h | 10

[Openvpn-devel] [PATCH 07/11] Refactor extract_var_peer_info into standalone function and add ssl_util.c

Our "natural" place for this function would be ssl.c but ssl.c has a lot of dependencies on all kinds of other compilation units so including ssl.c into unit tests is near impossible currently. Instead create a new file ssl_util.c that holds small utility functions like this one. Signed-off-by:

[Openvpn-devel] [PATCH 00/11] Pending authentication improvements

This patchset brings a number of improvements: - Allow a tiemout that is different from the default 60s for pending authentication. 60s is a bit tight, especially when being redirected to a complicated web login process. - Make the server side auth-pending support no longer dependent

[Openvpn-devel] [PATCH 11/11] Add example script demonstrating TOTP via auth-pending

Signed-off-by: Arne Schwabe --- Changes.rst | 2 + doc/man-sections/script-options.rst | 3 + sample/sample-scripts/totpauth.py | 107 3 files changed, 112 insertions(+) create mode 100755 sample/sample-scripts/totpauth.py diff --git

[Openvpn-devel] Summary of the community meeting (30th September 2020)

Hi, Here's the summary of the IRC meeting. --- COMMUNITY MEETING Place: #openvpn-meeting on irc.freenode.net Date: Wed 30th September 2020 Time: 11:30 CEST (9:30 UTC) Planned meeting topics for this meeting were here: Your local

[Openvpn-devel] [PATCH 04/11] Introduce management client state for AUTH_PENDING notifications

This allows a UI client to display the correct state. Technically the client is still waiting for PUSH_REPLY but for every practical concern this is a different state as we are waiting for the pending authentication to finish. Signed-off-by: Arne Schwabe --- src/openvpn/manage.c | 3 +++

[Openvpn-devel] [PATCH 05/11] Change parameter of send_auth_pending_messages from context to tls_multi

This prepares send_auth_pending_messages to be used a in context that does not have context c available but also does not need to schedule an immediate sending of the message (auth plugin/script) Signed-off-by: Arne Schwabe --- src/openvpn/forward.c | 17 + src/openvpn/forward.h