Re: [Openvpn-devel] [PATCH] Improve documentation for --dev and --dev-node.

Hi, On Tue, Sep 13, 2022 at 11:38:29PM +0200, Antonio Quartulli wrote: > > + On other platforms, ``--dev-node node`` will influence the naming of the > > + created tun/tap device, if supported on that platform. If OpenVPN cannot > > + figure out whether ``node`` is a TUN or TAP device based

Re: [Openvpn-devel] [PATCH] cleanup open_tun() for TARGET_NETBSD

Hi, On Tue, Sep 13, 2022 at 11:33:20PM +0200, Antonio Quartulli wrote: > in open_tun_generic() there is a check *before* reaching the code above: > > "if (dev_node)" > > After your patch this check becomes secondary and won't be reached if > $dev == "tap". > > Is this wanted? It sounds like

[Openvpn-devel] [PATCH applied] Re: cleanup open_tun() for TARGET_NETBSD

Patch has been applied to the master branch. One whitespace error fixed (tab before end-of-line comment) that uncrustify complained about on merge. commit 6e3fc642b74180f0e8e7ef63c0d6ca4e0c5537f4 Author: Gert Doering Date: Mon Aug 8 17:23:44 2022 +0200 cleanup open_tun() for

Re: [Openvpn-devel] [PATCH] cleanup open_tun() for TARGET_NETBSD

Hi, On 14/09/2022 08:15, Gert Doering wrote: Other than that the patch looks good and the new comment for open_tun is easy to digest, also for non bsders like me. Would that be an ACK? :-) Yes: Acked-by: Antonio Quartulli we may really want to prune this --dev-node thing once and for all

Re: [Openvpn-devel] [PATCH] Improve documentation for --dev and --dev-node.

On 12/09/2022 09:41, Gert Doering wrote: During the research for commit a5cf4cfb77f745 it turned out that OpenVPN's behaviour regarding "--dev arbitrary-name" is very platform-specific and not very well documented. The referenced commit fixed DCO behaviour to be in line with non-DCO linux

Re: [Openvpn-devel] [PATCH] Improve documentation for --dev and --dev-node.

On 14/09/2022 09:38, Antonio Quartulli wrote: Hi, On 14/09/2022 09:33, David Sommerseth wrote: On 12/09/2022 09:41, Gert Doering wrote: During the research for commit a5cf4cfb77f745 it turned out that OpenVPN's behaviour regarding "--dev arbitrary-name" is very platform-specific and not very

[Openvpn-devel] [PATCH applied] Re: doc: cleanup for --data-ciphers and related

I have not proofread these changes - Arne is the expert, and has ACKed. (I have looked at the actual code changes, and it's only text and comments, so no further testing done) There was a comment about removal of some still-valid sections for 2.4 clients, and missing P2P NCP updates... -> so

Re: [Openvpn-devel] [PATCH] Improve documentation for --dev and --dev-node.

Hi, On 14/09/2022 08:23, Gert Doering wrote: Hi, On Tue, Sep 13, 2022 at 11:38:29PM +0200, Antonio Quartulli wrote: + On other platforms, ``--dev-node node`` will influence the naming of the + created tun/tap device, if supported on that platform. If OpenVPN cannot + figure out whether

Re: [Openvpn-devel] [PATCH] Improve documentation for --dev and --dev-node.

Hi, On 14/09/2022 09:33, David Sommerseth wrote: On 12/09/2022 09:41, Gert Doering wrote: During the research for commit a5cf4cfb77f745 it turned out that OpenVPN's behaviour regarding "--dev arbitrary-name" is very platform-specific and not very well documented. The referenced commit fixed

[Openvpn-devel] Community meetings in September 2022

Hi, Next community meetings have been scheduled to - Wed 14th September 2022 at 10:30 CEST - Wed 21th August 2022 at 10:30 CEST - Wed 28th August 2022 at 10:30 CEST The place is #openvpn-meeting IRC channel at libera.chat Meeting agendas and summaries are in here:

Re: [Openvpn-devel] [PATCH] Improve documentation for --dev and --dev-node.

Hi, On Wed, Sep 14, 2022 at 09:33:46AM +0200, David Sommerseth wrote: > > + What happens if the device name is not :code:`tun` or :code:`tap` is > > + platform dependent. > > + > > + On most platforms, :code:`tunN` (e.g. tun2, tun30) and :code:`tapN` > > + (e.g. tap3) will create a numbered

Re: [Openvpn-devel] Summary of the community meeting (14th September 2022)

On Wed, Sep 14, 2022 at 01:41:52PM +0300, Samuli Seppänen wrote: > --- > > Talked about uncrustify. Noted that it is broken in some cases because it is > not a real C parser. One alternative is clang-format. The challenge there is > that clang-format may not be customizable enough to be able to

[Openvpn-devel] Summary of the community meeting (14th September 2022)

Hi, Here's the summary of the IRC meeting. --- COMMUNITY MEETING Place: #openvpn-meeting on libera.chat Date: Wed 14th September 2022 Time: 10:30 CEST (9:30 UTC) Planned meeting topics for this meeting were here: Your local

Re: [Openvpn-devel] [PATCH v3 4/4] Allow scripts and plugins to set a custom AUTH_FAILED message

On Mittwoch, 24. August 2022 16:08:48 CEST Arne Schwabe wrote: > This is currently only possible when using the management interface > and the client-deny functionality. > > Patch v3: add missing gc_free Acked-by: Heiko Hund ___ Openvpn-devel

Re: [Openvpn-devel] [PATCH v3] Implement AUTH_FAIL, TEMP message support

On Mittwoch, 24. August 2022 14:58:58 CEST Arne Schwabe wrote: > Patch v3: cleanup parse_auth_failed_temp to use a simple const string > instead of a buffer Besides the pending rebase and the one code smell below: Acked-by: Heiko Hund > src/openvpn/openvpn.vcxproj.filters | 3 +

Re: [Openvpn-devel] [PATCH v2] Use DCO on Windows by default

Hi, > One general question about the patch: Whenever we have > defined(TARGET_LINUX) || defined(TARGET_FREEBSD) || defined(_WIN32) > in the DCO code, couldn't we just remove it completely? > Since this is bascially "every time" anyway, isn't it? Well, almost. There is also Mac and some other

Re: [Openvpn-devel] [PATCH v2] Use DCO on Windows by default

So, to be more specific about the suggested changes On Mon, Sep 12, 2022 at 12:10:57PM +0300, Lev Stipakov wrote: [...] > diff --git a/src/openvpn/options.c b/src/openvpn/options.c > index 2e567571..2a379f94 100644 > --- a/src/openvpn/options.c > +++ b/src/openvpn/options.c > @@ -183,7 +183,7 @@

Re: [Openvpn-devel] [PATCH v2] Use DCO on Windows by default

On Mon, Sep 12, 2022 at 12:10:57PM +0300, Lev Stipakov wrote: > From: Lev Stipakov > > On startup, check following conditions: > > - ovpn-dco-win driver is installed. Perform this check > by trying to open adapter by symbolic name. > > - options are compatible with dco. Same checks as on >

Re: [Openvpn-devel] [PATCH v2] Use DCO on Windows by default

Hi, On 14/09/2022 16:41, Lev Stipakov wrote: Hi, One general question about the patch: Whenever we have defined(TARGET_LINUX) || defined(TARGET_FREEBSD) || defined(_WIN32) in the DCO code, couldn't we just remove it completely? Since this is bascially "every time" anyway, isn't it? Well,

Re: [Openvpn-devel] [PATCH v3] Implement exit notification via control channel

On Freitag, 19. August 2022 14:38:53 CEST Arne Schwabe wrote: > Current exit notification relies on data channel messages with specific > prefix. Adding these to new data channel modules (DCO) adds unncessary > complexity for the data for messages that from their idea belong to the > control

Re: [Openvpn-devel] [PATCH v2] Improve data key id not found error message

Am 24.08.22 um 13:38 schrieb Frank Lichtenheld: On Wed, Aug 24, 2022 at 12:46:07PM +0200, Arne Schwabe wrote: With delayed data key generation now with deferred auth, NCP and similar mechanism the "TLS Error: local/remote TLS keys are out of sync" is shown much too frequent and confuses a lot

[Openvpn-devel] [PATCH v3] Use DCO on Windows by default

From: Lev Stipakov On startup, check following conditions: - ovpn-dco-win driver is installed. Perform this check by trying to open adapter by symbolic name. - options are compatible with dco. Same checks as on Linux and FreeBSD. In addition, check that --mode server is not used and

[Openvpn-devel] [PATCH 1/2] auth-user-pass: add support for inline credentials

--auth-user-pass is probably the only option expecting a filename as argument that cannot be inline'd as of today. This patch allows specifying username and password inline in the config file within the tag. This logic was already implemented for --http-proxy-user-pass, therefore it was just

[Openvpn-devel] [PATCH 2/2] get_user_pass_cr: get password from stdin if missing inline

Until now, when HTTP proxy user and password were specified inline, it was assumed that both creds were specified. A missing password would result in an empty password being stored. This behaviour is not ideal, as we want to allow the user to store the username, but let the password be entered

Re: [Openvpn-devel] [PATCH 2/2] get_user_pass_cr: get password from stdin if missing inline

On Wed, Sep 14, 2022 at 3:30 PM Antonio Quartulli wrote: > Hi, > > On 14/09/2022 21:26, Selva Nair wrote: > > diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c > > index 07f6e202..50f7f975 100644 > > --- a/src/openvpn/misc.c > > +++ b/src/openvpn/misc.c > > @@ -197,6

Re: [Openvpn-devel] [PATCH 2/2] get_user_pass_cr: get password from stdin if missing inline

Hi, On 14/09/2022 21:40, Selva Nair wrote: On Wed, Sep 14, 2022 at 3:30 PM Antonio Quartulli > wrote: Hi, On 14/09/2022 21:26, Selva Nair wrote: >     diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c >     index 07f6e202..50f7f975 100644 > 

Re: [Openvpn-devel] [PATCH 2/2] get_user_pass_cr: get password from stdin if missing inline

Hi, On 14/09/2022 21:26, Selva Nair wrote: diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c index 07f6e202..50f7f975 100644 --- a/src/openvpn/misc.c +++ b/src/openvpn/misc.c @@ -197,6 +197,11 @@ get_user_pass_cr(struct user_pass *up,                  buf_parse(,

[Openvpn-devel] [PATCH v4] Implement exit notification via control channel

Current exit notification relies on data channel messages with specific prefix. Adding these to new data channel modules (DCO) adds unncessary complexity for the data for messages that from their idea belong to the control channel anyway. This patch adds announcing support for control channel and

[Openvpn-devel] [PATCH v4] Implement AUTH_FAIL, TEMP message support

This allows a server to indicate a temporary problem on the server and allows the server to indicate how to proceed (i.e. move to the next server, retry the same server, wait a certain time,...) This adds options_utils.c/h to be able to unit test the new function. Patch v2: Improve

[Openvpn-devel] [PATCH v3] Improve data key id not found error message

With delayed data key generation now with deferred auth, NCP and similar mechanism the "TLS Error: local/remote TLS keys are out of sync" is shown much too frequent and confuses a lot of people. This also removes the dead code of printing multi not ready keys and replace it with an assert.

Re: [Openvpn-devel] [PATCH 2/2] get_user_pass_cr: get password from stdin if missing inline

On Wed, Sep 14, 2022 at 3:02 PM Antonio Quartulli wrote: > Until now, when HTTP proxy user and password were specified inline, > it was assumed that both creds were specified. A missing password would > result in an empty password being stored. > > This behaviour is not ideal, as we want to