Re: [Openvpn-devel] [PATCH] Fix building with LibreSSL 2.5.1 by cleaning a hack.

2017-02-08 Thread Arne Schwabe
Am 08.02.17 um 23:39 schrieb Steffan Karger: > Hi, > > On 06-02-17 20:18, Olivier W wrote: >> Should be compatible with all versions of OpenSSL and LibreSSL. >> Similar to what is done in curl: >>

Re: [Openvpn-devel] [PATCH] Allow to specify bind interface for outbound/inbound connections

2017-01-25 Thread Arne Schwabe
A quick from me. > This has been in production use for some time now and there don't seem > to be any problems :) > > Can I motivate anyone on commenting on or applying this? :) > > Best > Max > > > commit 1baa7e6782b39ed664eedb9b006728d31e22c07e > Author: Maximilian Wilhelm >

Re: [Openvpn-devel] Time to change the default cipher?

2016-08-30 Thread Arne Schwabe
Am 30.08.16 um 09:42 schrieb Steffan Karger: > Hi, > > On 30 August 2016 at 09:01, Jens Neuhalfen > wrote: >>> OTOH, what we could do is: indeed *change+ the default, and add a big fat >>> warning ("you have not specified a --cipher directive. The default has >>>

[Openvpn-devel] [PATCH] Remove tun-ipv6 Option. Instead assume that IPv6 is always supported.

2016-09-16 Thread Arne Schwabe
This option was useful when Ipv6 tun support was non standard and was an internal/user specified flag that tracked the Ipv6 capability of the tun device. All supported OS support IPv6. Also tun-ipv6 is pushable by the remote so not putting tun-ipv6 does not forbid ipv6 addresses. This commit

Re: [Openvpn-devel] [PATCH] Fix IP_PKTINFO related compilation failure on NetBSD 7.0

2016-09-17 Thread Arne Schwabe
Am 16.09.16 um 22:02 schrieb Gert Doering: > NetBSD has introduced IP_PKTINFO and struct in_pktinfo, but does not > have the "ipi_spec_dst" structure element, causing compilation errors. > > Introduce a check for that (AC_CHECK_MEMBER) in configure.ac, and > change all "#ifdef HAVE_IN_PKTINFO" to

Re: [Openvpn-devel] [PATCH] Show compile-time variant for --multihome in --version output.

2016-09-17 Thread Arne Schwabe
Am 16.09.16 um 22:45 schrieb Gert Doering: > Instead of just [MH], show [MH/PKTINFO] or [MH/RECVDA], to see more > easily which compile-time variant was chosen by configure and syshead.h > ACK from me. Arne --

[Openvpn-devel] [PATCH v4] Remove tun-ipv6 Option. Instead assume that IPv6 is always supported.

2016-09-17 Thread Arne Schwabe
This option was useful when Ipv6 tun support was non standard and was an internal/user specified flag that tracked the Ipv6 capability of the tun device. All supported OS support IPv6. Also tun-ipv6 is pushable by the remote so not putting tun-ipv6 does not forbid ipv6 addresses. This commit

[Openvpn-devel] [PATCH] Fix ENABLE_WITH_OPENSSL set to YES even with --disable-crypto set

2016-09-17 Thread Arne Schwabe
On OS X openssl/x509.h is not in the standard include path and the files still try to include since the includes only depend on on ENABLE_WITH_OPENSSL. --- configure.ac | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/configure.ac b/configure.ac index 5c5cdf8..e4f613b

[Openvpn-devel] [PATCH] Enable TCP non-linear packet ID

2016-09-17 Thread Arne Schwabe
Implementation with multiple threads needs that to be able run encryption in parallel. Tested with James' OpenVPN 3 server. --- src/openvpn/comp.c | 1 + src/openvpn/forward.c | 2 +- src/openvpn/init.c | 1 - src/openvpn/options.c | 5 - src/openvpn/packet_id.c | 7 +++

[Openvpn-devel] [PATCHv2] Enable TCP non-linear packet ID

2016-09-17 Thread Arne Schwabe
Implementation with multiple threads needs that to be able run encryption in parallel. Tested with James' OpenVPN 3 server. --- src/openvpn/comp.c | 1 + src/openvpn/init.c | 1 - src/openvpn/options.c | 5 - src/openvpn/packet_id.c | 7 +++ src/openvpn/packet_id.h | 2 +-

Re: [Openvpn-devel] [PATCH] Make sure options->ciphername and options->authname are always defined

2016-09-28 Thread Arne Schwabe
Am 28.09.16 um 11:33 schrieb Steffan Karger: > The NCP code does a strcmp(options->ciphername, ...) without first checking > whether options->ciphername is NULL. This could cause a crash when using > "--cipher none". This patch fixes that problem by ensuring that > options->ciphername (and

Re: [Openvpn-devel] [PATCH] Automatically cache expected IPs for t_client.sh on the first run

2016-10-04 Thread Arne Schwabe
Am 03.10.16 um 12:51 schrieb sam...@openvpn.net: > From: Samuli Seppänen > > Previously one had to manually define correct values for the EXPECT_IFCONFIG* > variables based on what IPv4 and IPv6 addresses the test VPN server handed > out. > This was a tedious process

Re: [Openvpn-devel] [PATCH] make t_client robust against sudoers misconfiguration

2016-10-04 Thread Arne Schwabe
Am 02.10.16 um 15:19 schrieb Gert Doering: > Instead of testing (and priming) sudo with "true", prime with > "kill -0 $$" (just test signalling ourselves). If this fails, > we won't be able to kill the openvpn process we're going to > start later on -> thus, SKIP on failure. > > This helps with

Re: [Openvpn-devel] [PATCH] add POSTINIT_CMD_suf to t_client.sh and sample config

2016-10-04 Thread Arne Schwabe
Am 04.10.16 um 13:38 schrieb Gert Doering: > We have pre-init and cleanup commands, but some test cases might need > or want to run a shell script after openvpn has initialized, but before > executing any tests (ifconfig comparison and ping). > > Example: POSTINIT_CMD_4="sleep 5" on MacOS X for

Re: [Openvpn-devel] Slight change to buildbot t_client.sh.in & t_client.rc

2016-10-06 Thread Arne Schwabe
Am 06.10.16 um 14:17 schrieb Gert Doering: > Hi, > > On Thu, Oct 06, 2016 at 01:02:57PM +0100, debbie10t wrote: >> -R >> Instead of using all-zeros as the packet data, generate random bytes. >> Use to defeat, e.g., link data compression > -R is unlikely to have an effect here, as test 6 is run

Re: [Openvpn-devel] OpenVPN and Android 4.0 VPN API

2012-04-05 Thread Arne Schwabe
Am 02.03.12 00:05, schrieb Arne Schwabe: ... and for the rest, well, we'd need a volunteer that wants to *work* on this, not just ask for it... I don't have an Android device (and no time) so it wouldn't be me. I'm raising my hand. This path sounds better than what I thought would

Re: [Openvpn-devel] OpenVPN and Android 4.0 VPN API

2012-04-09 Thread Arne Schwabe
Am 06.04.12 20:12, schrieb James Ring: Hey Arne, On Thu, Apr 5, 2012 at 12:19 PM, Arne Schwabe<schw...@uni-paderborn.de> wrote: I have managed to hack a proof of concept together. (Screen shot here: http://plai.de/android/Bildschirmfoto%202012-04-05%20um%2021.00.57.png) The co

[Openvpn-devel] [PATCH] Openvpn for Android 4.0 Changeset

2012-05-09 Thread Arne Schwabe
:00:00 2001 From: Arne Schwabe <a...@rfc2549.org> List-Post: openvpn-devel@lists.sourceforge.net Date: Tue, 1 May 2012 14:04:22 +0200 Subject: [PATCH] rebase on head --- src/openvpn/error.c | 86 + src/openvpn/event.c |4 ++ src/openv

Re: [Openvpn-devel] [PATCH] Openvpn for Android 4.0 Changeset

2012-05-09 Thread Arne Schwabe
hanges in small steps and commiting each step? (I am still trying to learn how to work with git) Arne From b9a52d5ee919818a2e2ee525e0800e8e1f06b45f Mon Sep 17 00:00:00 2001 From: Arne Schwabe <a...@rfc2549.org> Date: Wed, 9 May 2012 23:18:31 +0200 Subject: [PATCH 1/1] Openvpn for Android ICS API --- s

Re: [Openvpn-devel] [PATCH] Openvpn for Android 4.0 Changeset

2012-05-10 Thread Arne Schwabe
Am 10.05.12 00:50, schrieb Alon Bar-Lev: > On Thu, May 10, 2012 at 1:36 AM, Arne Schwabe <a...@rfc2549.org> wrote: >> Am 10.05.12 00:09, schrieb Alon Bar-Lev: >>> Hmmm... the fact that you are not using git, and create separate >>> branch for the changes makes it

Re: [Openvpn-devel] [PATCH] Openvpn for Android 4.0 Changeset

2012-05-10 Thread Arne Schwabe
> I need a better description of the tun process... so far I did not > understand why you cannot use standard approach of creating persistent > tun with non root access and then use the iproute2 wrapper with suid > or sudo to setup its configuration. > > Alon. I have no root access on the

Re: [Openvpn-devel] [PATCH] Openvpn for Android 4.0 Changeset

2012-05-10 Thread Arne Schwabe
Am 10.05.12 01:39, schrieb Alon Bar-Lev: > On Thu, May 10, 2012 at 2:24 AM, Arne Schwabe <a...@rfc2549.org> wrote: >>> I need a better description of the tun process... so far I did not >>> understand why you cannot use standard approach of creating persistent &

Re: [Openvpn-devel] [PATCH] Openvpn for Android 4.0 Changeset

2012-05-10 Thread Arne Schwabe
e plans are for the plugin interface but I can imagine that if it becomes more powerful over time we might be able to spin off these changes as a separate plugin later. > I agree on these. -- Arne Schwabe, M.Sc. - http://www.uni-paderborn.de/cs/cn/ Computer Science, University of Paderborn, Germany, +49 5251 60-1756

Re: [Openvpn-devel] [PATCH] Openvpn for Android 4.0 Changeset

2012-05-10 Thread Arne Schwabe
I am listing a few requirements that are not discussed before but may still be important and non obvious. These at least people not involved with the Android platform a better picture of required changes. > To allow OpenVPN to be properly refactored afterwards, the important > part is probably to

Re: [Openvpn-devel] [PATCH] Openvpn for Android 4.0 Changeset

2012-05-11 Thread Arne Schwabe
Am 11.05.12 20:56, schrieb Gert Doering: > Changing the build environment to build a shared library out of openvpn > is something I do not fully understand yet, though - and don't view > a particular useful goal right now. The shared library is not used as real shared library. I build libopenvpn

Re: [Openvpn-devel] [PATCH] Openvpn for Android 4.0 Changeset

2012-05-11 Thread Arne Schwabe
>> I would like you to try to do so using libtool... >> >> Just replace: >> --- >> sbin_PROGRAMS = openvpn >> openvpn_SOURCES = >> --- >> with: >> --- >> lib_LTLIBRARIES = openvpn.la >> openvpn_la_SOURCES = ... >> openvpn_la_LDFLAGS = \ >>-module -shared -avoid-version -no-undefined >>

[Openvpn-devel] Disable tun-ipv6 warning

2012-05-13 Thread Arne Schwabe
Hey, Openvpn will show the following warning, if I enable tun-ipv6 in the local config and not remote or vice versa: WARNING: 'tun-ipv6' is present in remote config but missing in local config, remote='tun-ipv6' >From my understanding a ipv6 capable tun interface is always capable of ipv4 only.

[Openvpn-devel] [PATCH 0/8] Openvpn for Android patch set

2012-06-02 Thread Arne Schwabe
These are the patches that currently are applied to the openvpn version distributed in the android version of openvpn. Only the last two patches are really android specific the rest of the patches should also be useful on other platforms. Arne Schwabe (8): Silence Port is now 1194 IANA

[Openvpn-devel] [PATCH 3/8] Only use tmpdir if tmp_dir is really used.

2012-06-02 Thread Arne Schwabe
This fixes starting openvpn compiled as client only version of systems that have no /tmp (Android). --tmp-dir could only be set if P2MP_SERVER has been enabled too. Signed-off-by: Arne Schwabe <a...@rfc2549.org> --- src/openvpn/options.c | 12 src/openvpn/options.h

[Openvpn-devel] [PATCH 1/8] Silence Port is now 1194 IANA warning if remote option with port is used

2012-06-02 Thread Arne Schwabe
Signed-off-by: Arne Schwabe <a...@rfc2549.org> --- src/openvpn/options.c |1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 08f9cb2..8e5d3b9 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -4506,6 +

[Openvpn-devel] [PATCH 7/8] add ability to send/receive file descriptors via management interface, only used in android so. For now under #ifdef ANDROID

2012-06-02 Thread Arne Schwabe
Signed-off-by: Arne Schwabe <a...@rfc2549.org> --- src/openvpn/manage.c | 88 ++ src/openvpn/manage.h |4 ++ 2 files changed, 92 insertions(+), 0 deletions(-) diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c index 141..c

[Openvpn-devel] [PATCH 5/8] Add the name of the context where option is not allowed to the error message.

2012-06-02 Thread Arne Schwabe
Changes Options error: option 'dhcp-option' cannot be used in this context to P:Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS]) Signed-off-by: Arne Schwabe <a...@rfc2549.org> --- src/openvpn/options.c |5 +++-- 1 files changed, 3 insertions

[Openvpn-devel] [PATCH 2/8] Add the query to the error message. Makes the diagnose what went wrong from logs easier.

2012-06-02 Thread Arne Schwabe
Signed-off-by: Arne Schwabe <a...@rfc2549.org> --- src/openvpn/console.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/src/openvpn/console.c b/src/openvpn/console.c index 2464e7e..afda8ca 100644 --- a/src/openvpn/console.c +++ b/src/openvpn/console.c @@ -232,7

[Openvpn-devel] [PATCH 4/8] Explain that route-nopull also causes the client to ignore dhcp options.

2012-06-02 Thread Arne Schwabe
Signed-off-by: Arne Schwabe <a...@rfc2549.org> --- doc/openvpn.8 |3 ++- src/openvpn/options.c |2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/doc/openvpn.8 b/doc/openvpn.8 index 24b1a2c..f420d58 100644 --- a/doc/openvpn.8 +++ b/doc/openvpn.8 @@ -

[Openvpn-devel] [PATCH 8/8] Android platform specific changes.

2012-06-02 Thread Arne Schwabe
Signed-off-by: Arne Schwabe <a...@rfc2549.org> --- src/openvpn/options.c |6 +++ src/openvpn/route.c | 25 +- src/openvpn/socket.c | 10 + src/openvpn/ssl.c |2 + src/openvpn/syshead.h |2 +- src/openvpn/tun.c

[Openvpn-devel] Build broken on Mac OS X

2012-06-02 Thread Arne Schwabe
Hello, while preparing my patches for OS X I also noticed that the build is broken on OS X: [...] checking net/if_tun.h usability... no checking net/if_tun.h presence... no checking for net/if_tun.h... no checking net/tun/if_tun.h usability... no checking net/tun/if_tun.h presence... no checking

Re: [Openvpn-devel] Build broken on Mac OS X

2012-06-02 Thread Arne Schwabe
Am 02.06.12 16:19, schrieb Alon Bar-Lev: > Hello, > > On Sat, Jun 2, 2012 at 5:14 PM, Arne Schwabe <a...@rfc2549.org> wrote: >> Hello, >> >> while preparing my patches for OS X I also noticed that the build is >> broken on OS X: >> >> [...] >&

Re: [Openvpn-devel] [PATCH 6/8] Allow routes to be set before opening tun, similar to ifconfig before opening tun

2012-06-02 Thread Arne Schwabe
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am 02.06.12 18:35, schrieb David Sommerseth: > > See comments below. > > On 02/06/12 15:03, Arne Schwabe wrote: > > > Signed-off-by: Arne Schwabe <a...@rfc2549.org> --- > > src/openvpn/init.c | 11 +-- src/ope

Re: [Openvpn-devel] [PATCH 1/8] Silence Port is now 1194 IANA warning if remote option with port is used

2012-06-02 Thread Arne Schwabe
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am 02.06.12 18:24, schrieb David Sommerseth: > > First of all, thank you very much for your work on this patch set! > And you have a lot of good things here. > > So to this patch ... > > On 02/06/12 15:03, Arne Schwabe wr

Re: [Openvpn-devel] [PATCH 8/8] Android platform specific changes.

2012-06-08 Thread Arne Schwabe
Am 07.06.12 18:44, schrieb Adriaan de Jong: > Hi Arne, > > Could you please split this patch up a little further? As it is, it > performs a number of functions, which, although related to Android > would be easier to ack if they were separate. > > Am I correct in noting that you use

Re: [Openvpn-devel] [V2.4 0/4] tun cleanups

2012-06-18 Thread Arne Schwabe
Am 12.05.12 21:31, schrieb Alon Bar-Lev: > Platform independent interface for tun provider. > > Split the long tun.c into platform specific files using > tun_engine interface. > > Functionality is the same. > > Maintenance will be much easier! new options, like stacking > several interfaces and

[Openvpn-devel] [PATCH 0/6] misc cleanup patches

2012-06-18 Thread Arne Schwabe
A few clean up patches that I have local. Some of these might be useful in a 2.3 release. Arne Schwabe (6): Only use tmpdir if tmp_dir is really used. Completely remove ancient IANA port warning. Remove ENABLE_INLINE_FILES conditionals, this code is always enabled and removing

[Openvpn-devel] [PATCH 1/6] Only use tmpdir if tmp_dir is really used.

2012-06-18 Thread Arne Schwabe
This fixes starting openvpn compiled as client only version of systems that have no /tmp (Android). --tmp-dir could only be set if P2MP_SERVER has been enabled too. Signed-off-by: Arne Schwabe <a...@rfc2549.org> --- src/openvpn/options.c |7 +-- src/openvpn/options.h |4 +

[Openvpn-devel] [PATCH 2/6] Completely remove ancient IANA port warning.

2012-06-18 Thread Arne Schwabe
Signed-off-by: Arne Schwabe <a...@rfc2549.org> --- src/openvpn/init.c|6 -- src/openvpn/options.c |3 --- src/openvpn/options.h |1 - 3 files changed, 0 insertions(+), 10 deletions(-) diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 61fd2a6..eacb67d

[Openvpn-devel] [PATCH 5/6] Fix most of the clang warnings, mostly unused variables and comparisons which were always true

2012-06-18 Thread Arne Schwabe
Signed-off-by: Arne Schwabe <a...@rfc2549.org> --- src/openvpn/crypto.c |2 -- src/openvpn/mroute.c | 28 src/openvpn/multi.c |7 +-- src/openvpn/options.c|2 -- src/openvpn/r

[Openvpn-devel] [PATCH 6/6] Fix clang warnings for conversion from unsigned<->signed

2012-06-18 Thread Arne Schwabe
Signed-off-by: Arne Schwabe <a...@rfc2549.org> --- src/openvpn/httpdigest.c | 44 ++-- src/openvpn/ntlm.c |8 2 files changed, 26 insertions(+), 26 deletions(-) diff --git a/src/openvpn/httpdigest.c b/src/openvpn/httpdigest.c

[Openvpn-devel] [PATCH 3/6] Remove ENABLE_INLINE_FILES conditionals, this code is always enabled and removing the #ifdef make the code a little bit clearer

2012-06-18 Thread Arne Schwabe
Signed-off-by: Arne Schwabe <a...@rfc2549.org> --- src/openvpn/common.h |2 -- src/openvpn/crypto.c |6 -- src/openvpn/init.c |4 src/openvpn/misc.c |6 -- src/openvpn/options.c | 24 src/openvpn/opt

[Openvpn-devel] [PATCH 4/6] Remove ENABLE_CONNECTIONS ifdefs, connections were always on for a long time. Not that ENABLE_MAMAGEMENT_REMOTE was only depending on ENABLE_CONNECTIONS and is removed as w

2012-06-18 Thread Arne Schwabe
Signed-off-by: Arne Schwabe <a...@rfc2549.org> --- src/openvpn/init.c| 12 src/openvpn/manage.c |8 src/openvpn/manage.h |6 -- src/openvpn/options.c | 24 src/openvpn/options.h | 19 --- src/openvpn/sys

Re: [Openvpn-devel] [V2.4 0/4] tun cleanups

2012-06-18 Thread Arne Schwabe
Am 18.06.12 20:42, schrieb Alon Bar-Lev: > On Mon, Jun 18, 2012 at 9:21 PM, Arne Schwabe <a...@rfc2549.org> wrote: >> Am 12.05.12 21:31, schrieb Alon Bar-Lev: >>> Platform independent interface for tun provider. >>> >>> Split the long tun.c into pl

[Openvpn-devel] [PATCH] Fix --management-external-key in 2.3alpha

2012-06-28 Thread Arne Schwabe
Just a quick patch which fixes --management-external-key, which I need for a cleaner way to access Android key store. Arne >From 53c5018f953764221c0aa51daa8bfa74f146900f Mon Sep 17 00:00:00 2001 From: Arne Schwabe <a...@rfc2549.org> List-Post: openvpn-devel@lists.sourceforge.net Date

Re: [Openvpn-devel] [PATCH] Fix --management-external-key in 2.3alpha

2012-06-28 Thread Arne Schwabe
Am 28.06.12 19:58, schrieb Alon Bar-Lev: > Hmmm I discussed this before in list... the whole external key > should be modified... the management should be able to support > certificate + key, and key should probably not be limited to RSA only. > I had plans to clean this one as well. > Sure.

Re: [Openvpn-devel] [PATCH] Fix --management-external-key in 2.3alpha

2012-06-28 Thread Arne Schwabe
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am 28.06.12 21:33, schrieb David Sommerseth: > On 28/06/12 19:44, Arne Schwabe wrote: >> >> Just a quick patch which fixes --management-external-key, which I need >> for a cleaner way to access Android key store. >>

Re: [Openvpn-devel] [PATCH] Fix --management-external-key in 2.3alpha

2012-06-29 Thread Arne Schwabe
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am 29.06.12 09:49, schrieb David Sommerseth: > On 28/06/12 23:21, Arne Schwabe wrote: > >> But ... is it expected to pass --key if you use > >> --management-external-key? I probably don't know enough about > >> this --m

Re: [Openvpn-devel] Android ICS openvpn client

2012-07-02 Thread Arne Schwabe
Am 02.07.12 22:18, schrieb Seth Mos: > Hi Everyone, > > We just did some tests with the Android OpenVPN client against the OpenVPN > 2.2 with IPv6 patches we have in pfSense 2.1 and IPv4 and IPv6 tunneling from > the phone and/or tablet works. Yay! (Windows 7 already worked) > > We also added

[Openvpn-devel] [PATCH] Fix compiling with --disable-management

2012-07-05 Thread Arne Schwabe
Some of the MANAGEMENT_QUERY_REMOTE were actually needed. Put #ifdef ENABLE_MANAGMENT in their place Signed-off-by: Arne Schwabe <a...@rfc2549.org> --- src/openvpn/init.c |7 ++- 1 files changed, 6 insertions(+), 1 deletions(-) diff --git a/src/openvpn/init.c b/src/openvpn/

[Openvpn-devel] [PATCH] If --management-external-key is used do not check for private key file existence

2012-07-21 Thread Arne Schwabe
Fixes error: --key fails with EXTERNAL_PRIVATE_KEY: No such file or directory if --management-external-key is used Signed-off-by: Arne Schwabe <a...@rfc2549.org> --- src/openvpn/options.c | 13 - 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/src/openvpn/opt

Re: [Openvpn-devel] [PATCH] If --management-external-key is used do not check for private key file existence

2012-07-21 Thread Arne Schwabe
Am 21.07.12 01:02, schrieb Arne Schwabe: > Fixes error: --key fails with EXTERNAL_PRIVATE_KEY: No such file or > directory if --management-external-key is used > > Ignore that patch version. It did not compile. I am too tired today. I will post the correct version tommorow. Sorry f

Re: [Openvpn-devel] [PATCH] add option --management-query-proxy

2012-07-30 Thread Arne Schwabe
Am 19.07.12 21:57, schrieb David Sommerseth: > On 11/07/12 14:16, Heiko Hund wrote: >> Make openvpn query for proxy information through the >> management interface. This allows GUIs to provide (automatically >> detected) proxy information on a per connection basis. >> >> This new option supersedes

Re: [Openvpn-devel] [PATCH] fix regression with --http-proxy[-*] options

2012-07-30 Thread Arne Schwabe
Am 30.07.12 11:05, schrieb Heiko Hund: > Commit af1bf85a introducing the --management-query-proxy option > broke the initialization of HTTP proxy options by not assigning > the allocated object to the options element in the function > init_http_proxy_options_once(). > > Signed-off-by: Heiko Hund

[Openvpn-devel] [PATCH 1/4] Fixes error: --key fails with EXTERNAL_PRIVATE_KEY: No such file or directory if --management-external-key is used

2012-08-01 Thread Arne Schwabe
Warn if both options are used at the same time. Signed-off-by: Arne Schwabe <a...@rfc2549.org> --- src/openvpn/options.c | 18 -- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 9f4ddbb..03dc82f 100644 ---

[Openvpn-devel] [PATCH 4/4] Simplify print_sockaddr_ex function, merge duplicate ipv4/ipv6 logic

2012-08-01 Thread Arne Schwabe
--- src/openvpn/socket.c | 89 ++ 1 file changed, 39 insertions(+), 50 deletions(-) diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c index acc4f2b..8ab5872 100644 --- a/src/openvpn/socket.c +++ b/src/openvpn/socket.c @@ -2173,57 +2173,46

[Openvpn-devel] [PATCH 3/4] Merge almost identical create_socket_tcp and create_socket_tcp6

2012-08-01 Thread Arne Schwabe
--- src/openvpn/manage.c |4 ++-- src/openvpn/socket.c | 53 +++--- src/openvpn/socket.h |2 +- 3 files changed, 10 insertions(+), 49 deletions(-) diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c index 3ef14e5..d0bb416 100644 ---

[Openvpn-devel] [PATCH 2/4] Merge getaddr_multi and getaddr6 into one function

2012-08-01 Thread Arne Schwabe
interface. The getaddr function is a wrapper which provides backward compatibility for IPv4 addresses. Ipv6 calls and calls to getaddr_multi are replaced with the new interface. Signed-off-by: Arne Schwabe <a...@rfc2549.org> --- src/openvpn/route.c | 50 ++--- src/openvpn/socket.c

[Openvpn-devel] [PATCH 0/4] Cleanup patches

2012-08-01 Thread Arne Schwabe
patches don't change any functionality but clean up the code. Arne Schwabe (4): Fixes error: --key fails with EXTERNAL_PRIVATE_KEY: No such file or directory if --management-external-key is used Merge getaddr_multi and getaddr6 into one function Merge almost identical create_socket_tcp

Re: [Openvpn-devel] [PATCH 3/4] Merge almost identical create_socket_tcp and create_socket_tcp6

2012-08-01 Thread Arne Schwabe
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am 01.08.12 22:38, schrieb Gert Doering: > Hi, > > On Wed, Aug 01, 2012 at 06:11:09PM +0200, Arne Schwabe wrote: >> @@ -1099,15 +1068,7 @@ socket_connect (socket_descriptor_t *sd, >> if (*signal_received) >> goto

[Openvpn-devel] [PATCH 3/4] Merge almost identical create_socket_tcp and create_socket_tcp6

2012-08-02 Thread Arne Schwabe
Signed-off-by: Arne Schwabe <a...@rfc2549.org> --- src/openvpn/manage.c |4 ++-- src/openvpn/socket.c | 53 +++--- src/openvpn/socket.h |2 +- 3 files changed, 10 insertions(+), 49 deletions(-) diff --git a/src/openvpn/manage.c b/src/o

[Openvpn-devel] [PATCH 1/4] Fixes error: --key fails with EXTERNAL_PRIVATE_KEY: No such file or directory if --management-external-key is used

2012-08-02 Thread Arne Schwabe
Warn if both options are used at the same time. Signed-off-by: Arne Schwabe <a...@rfc2549.org> --- src/openvpn/options.c | 17 +++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 9f4ddbb..39dceb8 100644 ---

[Openvpn-devel] [Version 2:] Merge getaddr_multi and getaddr6 into one function

2012-08-07 Thread Arne Schwabe
interface. The getaddr function is a wrapper which provides backward compatibility for IPv4 addresses. Ipv6 calls and calls to getaddr_multi are replaced with the new interface. Signed-off-by: Arne Schwabe <a...@rfc2549.org> --- src/openvpn/route.c | 50 ++--- src/openvpn/socket.c

[Openvpn-devel] [Version 3] Merge getaddr_multi and getaddr6 into one function

2012-08-07 Thread Arne Schwabe
interface. The getaddr function is a wrapper which provides backward compatibility for IPv4 addresses. Ipv6 calls and calls to getaddr_multi are replaced with the new interface. Signed-off-by: Arne Schwabe <a...@rfc2549.org> --- src/openvpn/route.c | 50 ++--- src/openvpn/socket.c

[Openvpn-devel] [Version 4] Merge getaddr_multi and getaddr6 into one function

2012-08-07 Thread Arne Schwabe
interface. The getaddr function is a wrapper which provides backward compatibility for IPv4 addresses. Ipv6 calls and calls to getaddr_multi are replaced with the new interface. Signed-off-by: Arne Schwabe <a...@rfc2549.org> --- src/openvpn/route.c | 50 ++--- src/openvpn/socket.c

[Openvpn-devel] [PATCH] management-signal maps disconnect to SIGTERM if used with management-client

2012-08-07 Thread Arne Schwabe
Signed-off-by: Arne Schwabe <a...@rfc2549.org> --- doc/openvpn.8 |3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/doc/openvpn.8 b/doc/openvpn.8 index 56be29e..2b54d9b 100644 --- a/doc/openvpn.8 +++ b/doc/openvpn.8 @@ -2478,7 +2478,8 @@ command. .B \-\-management-

[Openvpn-devel] [PATCH] Document --management-client and --management-signal a bit better

2012-08-08 Thread Arne Schwabe
Signed-off-by: Arne Schwabe <a...@rfc2549.org> --- doc/openvpn.8 | 10 +++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/doc/openvpn.8 b/doc/openvpn.8 index 56be29e..845fb9a 100644 --- a/doc/openvpn.8 +++ b/doc/openvpn.8 @@ -2431,11 +2431,14 @@ be set to 127.0.0.1

Re: [Openvpn-devel] OpenVPN 2.3 alpha - configfile with static keyfile does not work!

2012-08-19 Thread Arne Schwabe
On 19.08.2012 12:07, Gert Doering wrote: Hi, On Sat, Aug 18, 2012 at 11:21:32PM +0200, Markus Ferlitsch wrote: Now with OpenvPN 2.3 alpha the TLS configfile works fine (none error in logfile) Bu the config-file with only static secret-file doesn't connect - it's a bug in alpha I think. It's

[Openvpn-devel] [PATCH] Document the inlining of files in openvpn and document key-direction

2012-08-23 Thread Arne Schwabe
a dummy file name and the second sets the inline file data but does not reset the direction parameter. Also pkcs12 [[INLINE]] base64encoded_data works but is a quirk of how the config parser works Signed-off-by: Arne Schwabe <a...@rfc2549.org> --- doc/openvpn.8

Re: [Openvpn-devel] [PATCH] Add CID to the management status overview

2012-08-31 Thread Arne Schwabe
Am 28.02.10 17:46, schrieb Gert Doering: > Hi, > > On Sun, Feb 28, 2010 at 04:31:53PM +0100, David Sommerseth wrote: >>> In the grand scheme of things, small whitespace changes might later on >>> lead to a merge conflict with another patch in this line (like "introduce >>> version 4" or so), and

[Openvpn-devel] [PATCH] Add the client id (CID) to the output of the status command

2012-08-31 Thread Arne Schwabe
This add adds CID which is needed by a few other management commands to the status output. This will change the output of status in the same way commit ca18a638aa7cf316611f893127ba44131e57083c did. Signed-off-by: Arne Schwabe <a...@rfc2549.org> --- src/openvpn/multi.c |9 +

[Openvpn-devel] [PATCH] Simplify print_sockaddr_ex function, merge duplicate ipv4/ipv6 logic

2012-09-02 Thread Arne Schwabe
Signed-off-by: Arne Schwabe <a...@rfc2549.org> --- src/openvpn/socket.c | 89 ++ 1 file changed, 39 insertions(+), 50 deletions(-) diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c index a34e78c..5b2bb9d 100644 --- a/src/openvpn/so

[Openvpn-devel] [PATCH] Simplify print_sockaddr_ex function, merge duplicate ipv4/ipv6 logic

2012-09-03 Thread Arne Schwabe
Some BSD need the right salen, max(sizeof(v4),sizeof(v6)) does not work. Since sa_len is not a member in sockaddr for Linux and Windows and SA_LEN is no available on Darwin, NetBSD explicitly set salem Signed-off-by: Arne Schwabe <a...@rfc2549.org> --- src/openvpn/socket.c

[Openvpn-devel] [PATCH] Simplify print_sockaddr_ex function, merge duplicate ipv4/ipv6 logic

2012-09-03 Thread Arne Schwabe
Some BSD need the right salen, max(sizeof(v4),sizeof(v6)) does not work. Since sa_len is not a member in sockaddr for Linux and Windows and SA_LEN is no available on Darwin, NetBSD explicitly set salem Signed-off-by: Arne Schwabe <a...@rfc2549.org> --- src/openvpn/socket.c

Re: [Openvpn-devel] [PATCH] Simplify print_sockaddr_ex function, merge duplicate ipv4/ipv6 logic

2012-09-03 Thread Arne Schwabe
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am 03.09.12 09:09, schrieb Gert Doering: > Hi, > > On Mon, Sep 03, 2012 at 08:49:42AM +0200, Arne Schwabe wrote: >> Some BSD need the right salen, max(sizeof(v4),sizeof(v6)) does not work. Since sa_len is not a member in soc

[Openvpn-devel] [PATCH] Simplify print_sockaddr_ex function, merge duplicate ipv4/ipv6 logic

2012-09-03 Thread Arne Schwabe
--- src/openvpn/socket.c | 68 ++ 1 file changed, 30 insertions(+), 38 deletions(-) diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c index 505cf3b..a9adf3f 100644 --- a/src/openvpn/socket.c +++ b/src/openvpn/socket.c @@ -2164,60 +2164,52

[Openvpn-devel] [PATCH 2/2] Document that keep alive will double the second value in server mode and give a short explanation why the value is chosen.

2012-09-03 Thread Arne Schwabe
--- doc/openvpn.8 |6 +- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/doc/openvpn.8 b/doc/openvpn.8 index f586744..bfc8c25 100644 --- a/doc/openvpn.8 +++ b/doc/openvpn.8 @@ -1582,7 +1582,11 @@ A helper directive designed to simplify the expression of .B \-\-ping and .B

[Openvpn-devel] [PATCH v2] Document that keep alive will double the second value in server mode and give a short explanation why the value is chosen.

2012-09-03 Thread Arne Schwabe
--- doc/openvpn.8 |4 1 file changed, 4 insertions(+) diff --git a/doc/openvpn.8 b/doc/openvpn.8 index f586744..6b10fe4 100644 --- a/doc/openvpn.8 +++ b/doc/openvpn.8 @@ -1584,6 +1584,10 @@ and .B \-\-ping-restart in server mode configurations. +The server timeout is set twice the

[Openvpn-devel] [PATCH] Add checks for external-key-managements

2012-09-10 Thread Arne Schwabe
-by: Arne Schwabe <a...@rfc2549.org> --- src/openvpn/options.c | 25 - 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 534e319..0f1dfc1 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/opt

[Openvpn-devel] [PATCH] Document man agent-external-key

2012-10-01 Thread Arne Schwabe
Adapt commit message from cf69617bbea45a15423c4188daa9386debcbe1ec for man page and management documentation. Signed-off-by: Arne Schwabe <a...@rfc2549.org> --- doc/management-notes.txt | 28 doc/openvpn.8|5 + 2 files changed, 33 inse

[Openvpn-devel] [PATCH] Options parsing demands unnecessary configuration if PKCS11 is used

2012-10-17 Thread Arne Schwabe
In the old patch the if incorrectly closed the outer if condition. (closes ticket #231) --- src/openvpn/options.c | 10 ++ 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 05a0f54..8717b89 100644 ---

Re: [Openvpn-devel] Bug in program, bug in documentation, or something else?

2012-10-22 Thread Arne Schwabe
Am 22.10.12 00:40, schrieb Jonathan K. Bullard: > A Tunnelblick user has reported odd behavior with name resolution > failures. I can't tell if it is a bug in OpenVPN, a bug in the > documentation, or something else. The behavior is apparently the same > in OpenVPN 2.2.1 and 2.3alpha1. > > The 2.3

[Openvpn-devel] [PATCH] Error message if max-routes used incorrectly

2012-11-19 Thread Arne Schwabe
the route/route-ipv6/redirect-gateway options allocate the route structe with max_routes number of routes. A max-routes after any of this commands has no effect. This can be problematic (http://code.google.com/p/ics-openvpn/issues/detail?id=101) Signed-off-by: Arne Schwabe <a...@rfc2549.

Re: [Openvpn-devel] [PATCH] Properly require --key even if defined(MANAGMENT_EXTERNAL_KEY)

2012-11-26 Thread Arne Schwabe
Am 26.11.12 15:12, schrieb Joachim Schipper: > When specifying --tls-client --cert ... without a --key (or --pkcs11) option, > OpenVPN should complain: "You must define private key file (--key)...". Ensure > that this works even when compiling with MANAGMENT_EXTERNAL_KEY. > > Signed-off-by:

[Openvpn-devel] [PATCH] Properly require --key even if defined(MANAGMENT_EXTERNAL_KEY)

2012-11-26 Thread Arne Schwabe
inal-Patch-by: Found by Joachim Schipper <joachim.schip...@fox-it.com> Signed-off-by: Arne Schwabe <a...@rfc2549.org> --- src/openvpn/options.c |4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 5f19c27..a8843ed 10

[Openvpn-devel] [PATCH 01/10] Remove dnsflags_to_socktype, it is not used anywhere

2012-11-30 Thread Arne Schwabe
--- src/openvpn/socket.c |2 +- src/openvpn/socket.h |5 - 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c index 505cf3b..21a4b2b 100644 --- a/src/openvpn/socket.c +++ b/src/openvpn/socket.c @@ -158,7 +158,7 @@

[Openvpn-devel] [PATCH 07/10] change the type of remote to addrinfo.

2012-11-30 Thread Arne Schwabe
--- src/openvpn/init.c |5 +-- src/openvpn/route.c |1 + src/openvpn/socket.c | 52 -- src/openvpn/socket.h | 85 +++--- src/openvpn/tun.c| 16 ++ src/openvpn/tun.h|2 +- 6 files changed,

[Openvpn-devel] [PATCH 09/10] When resolving fails print the error message from socket layer

2012-11-30 Thread Arne Schwabe
--- src/openvpn/socket.c |8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c index b4d7ea7..7b4a4fb 100644 --- a/src/openvpn/socket.c +++ b/src/openvpn/socket.c @@ -186,15 +186,15 @@ openvpn_getaddrinfo (unsigned int flags,

[Openvpn-devel] [PATCH 06/10] Remove the ip-remote-hint option.

2012-11-30 Thread Arne Schwabe
after being presented with the non overridden remote. Overriding all remote options can also be done by management-query-remote and issuing remote MOD or by changing alll remote statements in the configuration. Also: remove unused variable newcycle Signed-off-by: Arne Schwabe <a...@rfc2549.

[Openvpn-devel] [PATCH 05/10] Split link_socket_init_phase2 into smaller more managable/readable functions. No functional changes

2012-11-30 Thread Arne Schwabe
Signed-off-by: Arne Schwabe <a...@rfc2549.org> --- src/openvpn/socket.c | 509 -- 1 file changed, 282 insertions(+), 227 deletions(-) diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c index 31d05eb..3a9af65 100644 --- a/src/openvpn/so

[Openvpn-devel] [PATCH 03/10] Simplify print_sockaddr_ex function, merge duplicate ipv4/ipv6 logic

2012-11-30 Thread Arne Schwabe
--- src/openvpn/socket.c | 68 ++ 1 file changed, 30 insertions(+), 38 deletions(-) diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c index 5a99de5..8a3301f 100644 --- a/src/openvpn/socket.c +++ b/src/openvpn/socket.c @@ -2152,60 +2152,52

[Openvpn-devel] [PATCH 02/10] Change the type of all ports in openvpn to const char* and let getaddrinfo resolve the port together with the hostname.

2012-11-30 Thread Arne Schwabe
This delays error reporting from config parsing to resolving of host addresses. But it allows statements like remote openvpn.example.org openvpn port https management localhost ntp Signed-off-by: Arne Schwabe <a...@rfc2549.org> --- doc/openvpn.8 |8 +-- src/openvpn/init.c

[Openvpn-devel] [PATCH 08/10] Fix print_sockaddr part 2

2012-11-30 Thread Arne Schwabe
--- src/openvpn/ps.c |4 +-- src/openvpn/socket.c | 66 -- src/openvpn/socket.h | 16 ++-- 3 files changed, 47 insertions(+), 39 deletions(-) diff --git a/src/openvpn/ps.c b/src/openvpn/ps.c index 44eda89..98d6580 100644 ---

[Openvpn-devel] [PATCH 04/10] Split the PROTO_UDP_xx options into AF_INET/AF_INET6 and PROTO_TCP/PROTO_UDP part.

2012-11-30 Thread Arne Schwabe
Splitting will make the code a little bit cleaner and prepares for dual stack Signed-off-by: Arne Schwabe <a...@rfc2549.org> --- src/openvpn/error.c |6 +- src/openvpn/forward.c |8 +-- src/openvpn/init.c| 21 +++ src/openvpn/options.c | 69 ++--

Re: [Openvpn-devel] [PATCH 10/10] Implement dual stack client support for OpenVPN

2012-12-01 Thread Arne Schwabe
On 30.11.2012 20:17, Arne Schwabe wrote: Change meaning from udp and tcp to allow both IPv4 and IPv6. Introducue new udp4 and tcp4 to force IPv4. The tcp4 and tcp6 should only temporary. I will later follow up with a patch which cleans up the protocol names and options. But I did not want

  1   2   3   4   5   6   7   8   >