HI,
On Thu, Aug 11, 2022 at 12:03:45PM +0200, Gert Doering wrote:
> I have not tested this myself, but if I had, the test setup would have
> been very similar to what Frank did (so, big thanks) - run a DCO
> environment with "owner nobody", and see if things still work.
>
> I will add this to
On 15/08/2022 11:54, Gert Doering wrote:
HI,
On Thu, Aug 11, 2022 at 12:03:45PM +0200, Gert Doering wrote:
I have not tested this myself, but if I had, the test setup would have
been very similar to what Frank did (so, big thanks) - run a DCO
environment with "owner nobody", and see if things
Hi,
On Mon, Aug 15, 2022 at 12:40:55PM +0200, Timo Rothenpieler wrote:
> Add checks for ifconfig-noexec + route-noexec being set, and either only
> warn in that case,
... this is what I suggested two mails upthread :-)
> or don't even try to retain capabilities, since
> they're not needed
Hi,
On Mon, Aug 15, 2022 at 12:14:23PM +0200, Timo Rothenpieler wrote:
> > Unfortunately, it seems that our approach to "if SITNL is used, we hard
> > require that setting CAP_NET_ADMIN succeeds" is too strong for the twisted
> > ways that people use openvpn.
>
> That's not how the patch
On 15/08/2022 12:29, Gert Doering wrote:
Hi,
On Mon, Aug 15, 2022 at 12:14:23PM +0200, Timo Rothenpieler wrote:
Unfortunately, it seems that our approach to "if SITNL is used, we hard
require that setting CAP_NET_ADMIN succeeds" is too strong for the twisted
ways that people use openvpn.
From: Lev Stipakov
Device interface is a path which is used by userspace
to access device. A driver can create one or more device
interfaces and specify "reference string", so that userspace
could enumerate all device interfaces in the list and pick
the corrct one which ends with reference
Hi,
On 14/08/2022 23:53, Lev Stipakov wrote:
From: Lev Stipakov
Device interface is a path which is used by userspace
to access device. A driver can create one or more device
interfaces and specify "reference string", so that userspace
could enumerate all device interfaces in the list and
When adding a peer to a P2P interface, the VPN IPs are not really used by DCO as
there is no routing happening in this mode.
For this reason don't pass any VPN IP when adding a new peer in p2p mode.
Signed-off-by: Antonio Quartulli
---
src/openvpn/dco.c | 51
On Dienstag, 18. Mai 2021 14:26:35 CEST Arne Schwabe wrote:
> This is allows scripts and pluginsto parse/react to a CR_RESPONSE message
This commit message needs a makeover, I think.
> - If ``method`` is set to :code:`via-env`, OpenVPN will call ``script``
> + If ``method`` is set to