Am 08.02.17 um 23:39 schrieb Steffan Karger:
> Hi,
>
> On 06-02-17 20:18, Olivier W wrote:
>> Should be compatible with all versions of OpenSSL and LibreSSL.
>> Similar to what is done in curl:
>>
A quick from me.
> This has been in production use for some time now and there don't seem
> to be any problems :)
>
> Can I motivate anyone on commenting on or applying this? :)
>
> Best
> Max
>
>
> commit 1baa7e6782b39ed664eedb9b006728d31e22c07e
> Author: Maximilian Wilhelm
>
This option was useful when Ipv6 tun support was non standard and was an
internal/user specified flag that tracked the Ipv6 capability of the tun device.
All supported OS support IPv6. Also tun-ipv6 is pushable by the remote so not
putting tun-ipv6 does not forbid ipv6 addresses.
This commit
Am 16.09.16 um 22:02 schrieb Gert Doering:
> NetBSD has introduced IP_PKTINFO and struct in_pktinfo, but does not
> have the "ipi_spec_dst" structure element, causing compilation errors.
>
> Introduce a check for that (AC_CHECK_MEMBER) in configure.ac, and
> change all "#ifdef HAVE_IN_PKTINFO" to
Am 16.09.16 um 22:45 schrieb Gert Doering:
> Instead of just [MH], show [MH/PKTINFO] or [MH/RECVDA], to see more
> easily which compile-time variant was chosen by configure and syshead.h
>
ACK from me.
Arne
--
This option was useful when Ipv6 tun support was non standard and was an
internal/user specified flag that tracked the Ipv6 capability of the tun device.
All supported OS support IPv6. Also tun-ipv6 is pushable by the remote so not
putting tun-ipv6 does not forbid ipv6 addresses.
This commit
On OS X openssl/x509.h is not in the standard include path and the
files still try to include since the includes only depend on on
ENABLE_WITH_OPENSSL.
---
configure.ac | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/configure.ac b/configure.ac
index 5c5cdf8..e4f613b
Implementation with multiple threads needs that to be able run encryption in
parallel. Tested with James' OpenVPN 3 server.
---
src/openvpn/comp.c | 1 +
src/openvpn/forward.c | 2 +-
src/openvpn/init.c | 1 -
src/openvpn/options.c | 5 -
src/openvpn/packet_id.c | 7 +++
Implementation with multiple threads needs that to be able run encryption in
parallel. Tested with James' OpenVPN 3 server.
---
src/openvpn/comp.c | 1 +
src/openvpn/init.c | 1 -
src/openvpn/options.c | 5 -
src/openvpn/packet_id.c | 7 +++
src/openvpn/packet_id.h | 2 +-
Am 28.09.16 um 11:33 schrieb Steffan Karger:
> The NCP code does a strcmp(options->ciphername, ...) without first checking
> whether options->ciphername is NULL. This could cause a crash when using
> "--cipher none". This patch fixes that problem by ensuring that
> options->ciphername (and
Am 03.10.16 um 12:51 schrieb sam...@openvpn.net:
> From: Samuli Seppänen
>
> Previously one had to manually define correct values for the EXPECT_IFCONFIG*
> variables based on what IPv4 and IPv6 addresses the test VPN server handed
> out.
> This was a tedious process
Am 02.10.16 um 15:19 schrieb Gert Doering:
> Instead of testing (and priming) sudo with "true", prime with
> "kill -0 $$" (just test signalling ourselves). If this fails,
> we won't be able to kill the openvpn process we're going to
> start later on -> thus, SKIP on failure.
>
> This helps with
Am 04.10.16 um 13:38 schrieb Gert Doering:
> We have pre-init and cleanup commands, but some test cases might need
> or want to run a shell script after openvpn has initialized, but before
> executing any tests (ifconfig comparison and ping).
>
> Example: POSTINIT_CMD_4="sleep 5" on MacOS X for
Am 06.10.16 um 14:17 schrieb Gert Doering:
> Hi,
>
> On Thu, Oct 06, 2016 at 01:02:57PM +0100, debbie10t wrote:
>> -R
>> Instead of using all-zeros as the packet data, generate random bytes.
>> Use to defeat, e.g., link data compression
> -R is unlikely to have an effect here, as test 6 is run
Am 02.03.12 00:05, schrieb Arne Schwabe:
... and for the rest, well, we'd need a volunteer that wants to
*work* on
this, not just ask for it... I don't have an Android device (and no
time) so it wouldn't be me.
I'm raising my hand. This path sounds better than what I thought would
Am 06.04.12 20:12, schrieb James Ring:
Hey Arne,
On Thu, Apr 5, 2012 at 12:19 PM, Arne Schwabe<schw...@uni-paderborn.de> wrote:
I have managed to hack a proof of concept together. (Screen shot here:
http://plai.de/android/Bildschirmfoto%202012-04-05%20um%2021.00.57.png)
The co
:00:00 2001
From: Arne Schwabe <a...@rfc2549.org>
List-Post: openvpn-devel@lists.sourceforge.net
Date: Tue, 1 May 2012 14:04:22 +0200
Subject: [PATCH] rebase on head
---
src/openvpn/error.c | 86 +
src/openvpn/event.c |4 ++
src/openv
hanges in small steps
and commiting each step? (I am still trying to learn how to work with git)
Arne
From b9a52d5ee919818a2e2ee525e0800e8e1f06b45f Mon Sep 17 00:00:00 2001
From: Arne Schwabe <a...@rfc2549.org>
Date: Wed, 9 May 2012 23:18:31 +0200
Subject: [PATCH 1/1] Openvpn for Android ICS API
---
s
Am 10.05.12 00:50, schrieb Alon Bar-Lev:
> On Thu, May 10, 2012 at 1:36 AM, Arne Schwabe <a...@rfc2549.org> wrote:
>> Am 10.05.12 00:09, schrieb Alon Bar-Lev:
>>> Hmmm... the fact that you are not using git, and create separate
>>> branch for the changes makes it
> I need a better description of the tun process... so far I did not
> understand why you cannot use standard approach of creating persistent
> tun with non root access and then use the iproute2 wrapper with suid
> or sudo to setup its configuration.
>
> Alon.
I have no root access on the
Am 10.05.12 01:39, schrieb Alon Bar-Lev:
> On Thu, May 10, 2012 at 2:24 AM, Arne Schwabe <a...@rfc2549.org> wrote:
>>> I need a better description of the tun process... so far I did not
>>> understand why you cannot use standard approach of creating persistent
&
e plans are for the plugin interface but I can imagine
that if it becomes more powerful over time we might be able to spin off
these changes as a separate plugin later.
>
I agree on these.
--
Arne Schwabe, M.Sc. - http://www.uni-paderborn.de/cs/cn/
Computer Science, University of Paderborn, Germany, +49 5251 60-1756
I am listing a few requirements that are not discussed before but may
still be important and non obvious. These at least people not involved
with the Android platform a better picture of required changes.
> To allow OpenVPN to be properly refactored afterwards, the important
> part is probably to
Am 11.05.12 20:56, schrieb Gert Doering:
> Changing the build environment to build a shared library out of openvpn
> is something I do not fully understand yet, though - and don't view
> a particular useful goal right now.
The shared library is not used as real shared library. I build
libopenvpn
>> I would like you to try to do so using libtool...
>>
>> Just replace:
>> ---
>> sbin_PROGRAMS = openvpn
>> openvpn_SOURCES =
>> ---
>> with:
>> ---
>> lib_LTLIBRARIES = openvpn.la
>> openvpn_la_SOURCES = ...
>> openvpn_la_LDFLAGS = \
>>-module -shared -avoid-version -no-undefined
>>
Hey,
Openvpn will show the following warning, if I enable tun-ipv6 in the
local config and not remote or vice versa:
WARNING: 'tun-ipv6' is present in remote config but missing in local
config, remote='tun-ipv6'
>From my understanding a ipv6 capable tun interface is always capable of
ipv4 only.
These are the patches that currently are applied to the openvpn version
distributed
in the android version of openvpn. Only the last two patches are really android
specific
the rest of the patches should also be useful on other platforms.
Arne Schwabe (8):
Silence Port is now 1194 IANA
This fixes starting openvpn compiled as client only version of systems that
have no /tmp (Android). --tmp-dir could only be set if P2MP_SERVER has been
enabled too.
Signed-off-by: Arne Schwabe <a...@rfc2549.org>
---
src/openvpn/options.c | 12
src/openvpn/options.h
Signed-off-by: Arne Schwabe <a...@rfc2549.org>
---
src/openvpn/options.c |1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 08f9cb2..8e5d3b9 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -4506,6 +
Signed-off-by: Arne Schwabe <a...@rfc2549.org>
---
src/openvpn/manage.c | 88 ++
src/openvpn/manage.h |4 ++
2 files changed, 92 insertions(+), 0 deletions(-)
diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c
index 141..c
Changes
Options error: option 'dhcp-option' cannot be used in this context
to
P:Options error: option 'dhcp-option' cannot be used in this context
([PUSH-OPTIONS])
Signed-off-by: Arne Schwabe <a...@rfc2549.org>
---
src/openvpn/options.c |5 +++--
1 files changed, 3 insertions
Signed-off-by: Arne Schwabe <a...@rfc2549.org>
---
src/openvpn/console.c |2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/openvpn/console.c b/src/openvpn/console.c
index 2464e7e..afda8ca 100644
--- a/src/openvpn/console.c
+++ b/src/openvpn/console.c
@@ -232,7
Signed-off-by: Arne Schwabe <a...@rfc2549.org>
---
doc/openvpn.8 |3 ++-
src/openvpn/options.c |2 +-
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/doc/openvpn.8 b/doc/openvpn.8
index 24b1a2c..f420d58 100644
--- a/doc/openvpn.8
+++ b/doc/openvpn.8
@@ -
Signed-off-by: Arne Schwabe <a...@rfc2549.org>
---
src/openvpn/options.c |6 +++
src/openvpn/route.c | 25 +-
src/openvpn/socket.c | 10 +
src/openvpn/ssl.c |2 +
src/openvpn/syshead.h |2 +-
src/openvpn/tun.c
Hello,
while preparing my patches for OS X I also noticed that the build is
broken on OS X:
[...]
checking net/if_tun.h usability... no
checking net/if_tun.h presence... no
checking for net/if_tun.h... no
checking net/tun/if_tun.h usability... no
checking net/tun/if_tun.h presence... no
checking
Am 02.06.12 16:19, schrieb Alon Bar-Lev:
> Hello,
>
> On Sat, Jun 2, 2012 at 5:14 PM, Arne Schwabe <a...@rfc2549.org> wrote:
>> Hello,
>>
>> while preparing my patches for OS X I also noticed that the build is
>> broken on OS X:
>>
>> [...]
>&
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Am 02.06.12 18:35, schrieb David Sommerseth:
>
> See comments below.
>
> On 02/06/12 15:03, Arne Schwabe wrote:
>
> > Signed-off-by: Arne Schwabe <a...@rfc2549.org> ---
> > src/openvpn/init.c | 11 +-- src/ope
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Am 02.06.12 18:24, schrieb David Sommerseth:
>
> First of all, thank you very much for your work on this patch set!
> And you have a lot of good things here.
>
> So to this patch ...
>
> On 02/06/12 15:03, Arne Schwabe wr
Am 07.06.12 18:44, schrieb Adriaan de Jong:
> Hi Arne,
>
> Could you please split this patch up a little further? As it is, it
> performs a number of functions, which, although related to Android
> would be easier to ack if they were separate.
>
> Am I correct in noting that you use
Am 12.05.12 21:31, schrieb Alon Bar-Lev:
> Platform independent interface for tun provider.
>
> Split the long tun.c into platform specific files using
> tun_engine interface.
>
> Functionality is the same.
>
> Maintenance will be much easier! new options, like stacking
> several interfaces and
A few clean up patches that I have local. Some of these might be useful in a
2.3 release.
Arne Schwabe (6):
Only use tmpdir if tmp_dir is really used.
Completely remove ancient IANA port warning.
Remove ENABLE_INLINE_FILES conditionals, this code is always enabled
and removing
This fixes starting openvpn compiled as client only version of systems that
have no /tmp (Android). --tmp-dir could only be set if P2MP_SERVER has been
enabled too.
Signed-off-by: Arne Schwabe <a...@rfc2549.org>
---
src/openvpn/options.c |7 +--
src/openvpn/options.h |4 +
Signed-off-by: Arne Schwabe <a...@rfc2549.org>
---
src/openvpn/init.c|6 --
src/openvpn/options.c |3 ---
src/openvpn/options.h |1 -
3 files changed, 0 insertions(+), 10 deletions(-)
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 61fd2a6..eacb67d
Signed-off-by: Arne Schwabe <a...@rfc2549.org>
---
src/openvpn/crypto.c |2 --
src/openvpn/mroute.c | 28
src/openvpn/multi.c |7 +--
src/openvpn/options.c|2 --
src/openvpn/r
Signed-off-by: Arne Schwabe <a...@rfc2549.org>
---
src/openvpn/httpdigest.c | 44 ++--
src/openvpn/ntlm.c |8
2 files changed, 26 insertions(+), 26 deletions(-)
diff --git a/src/openvpn/httpdigest.c b/src/openvpn/httpdigest.c
Signed-off-by: Arne Schwabe <a...@rfc2549.org>
---
src/openvpn/common.h |2 --
src/openvpn/crypto.c |6 --
src/openvpn/init.c |4
src/openvpn/misc.c |6 --
src/openvpn/options.c | 24
src/openvpn/opt
Signed-off-by: Arne Schwabe <a...@rfc2549.org>
---
src/openvpn/init.c| 12
src/openvpn/manage.c |8
src/openvpn/manage.h |6 --
src/openvpn/options.c | 24
src/openvpn/options.h | 19 ---
src/openvpn/sys
Am 18.06.12 20:42, schrieb Alon Bar-Lev:
> On Mon, Jun 18, 2012 at 9:21 PM, Arne Schwabe <a...@rfc2549.org> wrote:
>> Am 12.05.12 21:31, schrieb Alon Bar-Lev:
>>> Platform independent interface for tun provider.
>>>
>>> Split the long tun.c into pl
Just a quick patch which fixes --management-external-key, which I need
for a cleaner way to access Android key store.
Arne
>From 53c5018f953764221c0aa51daa8bfa74f146900f Mon Sep 17 00:00:00 2001
From: Arne Schwabe <a...@rfc2549.org>
List-Post: openvpn-devel@lists.sourceforge.net
Date
Am 28.06.12 19:58, schrieb Alon Bar-Lev:
> Hmmm I discussed this before in list... the whole external key
> should be modified... the management should be able to support
> certificate + key, and key should probably not be limited to RSA only.
> I had plans to clean this one as well.
>
Sure.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Am 28.06.12 21:33, schrieb David Sommerseth:
> On 28/06/12 19:44, Arne Schwabe wrote:
>>
>> Just a quick patch which fixes --management-external-key, which I need
>> for a cleaner way to access Android key store.
>>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Am 29.06.12 09:49, schrieb David Sommerseth:
> On 28/06/12 23:21, Arne Schwabe wrote:
> >> But ... is it expected to pass --key if you use
> >> --management-external-key? I probably don't know enough about
> >> this --m
Am 02.07.12 22:18, schrieb Seth Mos:
> Hi Everyone,
>
> We just did some tests with the Android OpenVPN client against the OpenVPN
> 2.2 with IPv6 patches we have in pfSense 2.1 and IPv4 and IPv6 tunneling from
> the phone and/or tablet works. Yay! (Windows 7 already worked)
>
> We also added
Some of the MANAGEMENT_QUERY_REMOTE were actually needed. Put #ifdef
ENABLE_MANAGMENT in their place
Signed-off-by: Arne Schwabe <a...@rfc2549.org>
---
src/openvpn/init.c |7 ++-
1 files changed, 6 insertions(+), 1 deletions(-)
diff --git a/src/openvpn/init.c b/src/openvpn/
Fixes error: --key fails with EXTERNAL_PRIVATE_KEY: No such file or directory
if --management-external-key is used
Signed-off-by: Arne Schwabe <a...@rfc2549.org>
---
src/openvpn/options.c | 13 -
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/src/openvpn/opt
Am 21.07.12 01:02, schrieb Arne Schwabe:
> Fixes error: --key fails with EXTERNAL_PRIVATE_KEY: No such file or
> directory if --management-external-key is used
>
>
Ignore that patch version. It did not compile. I am too tired today. I
will post the correct version tommorow. Sorry f
Am 19.07.12 21:57, schrieb David Sommerseth:
> On 11/07/12 14:16, Heiko Hund wrote:
>> Make openvpn query for proxy information through the
>> management interface. This allows GUIs to provide (automatically
>> detected) proxy information on a per connection basis.
>>
>> This new option supersedes
Am 30.07.12 11:05, schrieb Heiko Hund:
> Commit af1bf85a introducing the --management-query-proxy option
> broke the initialization of HTTP proxy options by not assigning
> the allocated object to the options element in the function
> init_http_proxy_options_once().
>
> Signed-off-by: Heiko Hund
Warn if both options are used at the same time.
Signed-off-by: Arne Schwabe <a...@rfc2549.org>
---
src/openvpn/options.c | 18 --
1 file changed, 16 insertions(+), 2 deletions(-)
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 9f4ddbb..03dc82f 100644
---
---
src/openvpn/socket.c | 89 ++
1 file changed, 39 insertions(+), 50 deletions(-)
diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c
index acc4f2b..8ab5872 100644
--- a/src/openvpn/socket.c
+++ b/src/openvpn/socket.c
@@ -2173,57 +2173,46
---
src/openvpn/manage.c |4 ++--
src/openvpn/socket.c | 53 +++---
src/openvpn/socket.h |2 +-
3 files changed, 10 insertions(+), 49 deletions(-)
diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c
index 3ef14e5..d0bb416 100644
---
interface. The getaddr function is a
wrapper which provides backward compatibility for IPv4 addresses. Ipv6 calls
and calls to getaddr_multi are replaced with the new interface.
Signed-off-by: Arne Schwabe <a...@rfc2549.org>
---
src/openvpn/route.c | 50 ++---
src/openvpn/socket.c
patches don't change any functionality but clean up the
code.
Arne Schwabe (4):
Fixes error: --key fails with EXTERNAL_PRIVATE_KEY: No such file or
directory if --management-external-key is used
Merge getaddr_multi and getaddr6 into one function
Merge almost identical create_socket_tcp
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Am 01.08.12 22:38, schrieb Gert Doering:
> Hi,
>
> On Wed, Aug 01, 2012 at 06:11:09PM +0200, Arne Schwabe wrote:
>> @@ -1099,15 +1068,7 @@ socket_connect (socket_descriptor_t *sd,
>> if (*signal_received)
>> goto
Signed-off-by: Arne Schwabe <a...@rfc2549.org>
---
src/openvpn/manage.c |4 ++--
src/openvpn/socket.c | 53 +++---
src/openvpn/socket.h |2 +-
3 files changed, 10 insertions(+), 49 deletions(-)
diff --git a/src/openvpn/manage.c b/src/o
Warn if both options are used at the same time.
Signed-off-by: Arne Schwabe <a...@rfc2549.org>
---
src/openvpn/options.c | 17 +++--
1 file changed, 15 insertions(+), 2 deletions(-)
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 9f4ddbb..39dceb8 100644
---
interface. The getaddr function is a
wrapper which provides backward compatibility for IPv4 addresses. Ipv6 calls
and calls to getaddr_multi are replaced with the new interface.
Signed-off-by: Arne Schwabe <a...@rfc2549.org>
---
src/openvpn/route.c | 50 ++---
src/openvpn/socket.c
interface. The getaddr function is a
wrapper which provides backward compatibility for IPv4 addresses. Ipv6 calls
and calls to getaddr_multi are replaced with the new interface.
Signed-off-by: Arne Schwabe <a...@rfc2549.org>
---
src/openvpn/route.c | 50 ++---
src/openvpn/socket.c
interface. The getaddr function is a
wrapper which provides backward compatibility for IPv4 addresses. Ipv6 calls
and calls to getaddr_multi are replaced with the new interface.
Signed-off-by: Arne Schwabe <a...@rfc2549.org>
---
src/openvpn/route.c | 50 ++---
src/openvpn/socket.c
Signed-off-by: Arne Schwabe <a...@rfc2549.org>
---
doc/openvpn.8 |3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/doc/openvpn.8 b/doc/openvpn.8
index 56be29e..2b54d9b 100644
--- a/doc/openvpn.8
+++ b/doc/openvpn.8
@@ -2478,7 +2478,8 @@ command.
.B \-\-management-
Signed-off-by: Arne Schwabe <a...@rfc2549.org>
---
doc/openvpn.8 | 10 +++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/doc/openvpn.8 b/doc/openvpn.8
index 56be29e..845fb9a 100644
--- a/doc/openvpn.8
+++ b/doc/openvpn.8
@@ -2431,11 +2431,14 @@ be set to 127.0.0.1
On 19.08.2012 12:07, Gert Doering wrote:
Hi,
On Sat, Aug 18, 2012 at 11:21:32PM +0200, Markus Ferlitsch wrote:
Now with OpenvPN 2.3 alpha the TLS configfile works fine (none error in logfile)
Bu the config-file with only static secret-file doesn't connect - it's
a bug in alpha I think.
It's
a dummy file name and the second sets the inline file data but does not
reset the direction parameter.
Also pkcs12 [[INLINE]] base64encoded_data works but is a quirk of how the
config parser works
Signed-off-by: Arne Schwabe <a...@rfc2549.org>
---
doc/openvpn.8
Am 28.02.10 17:46, schrieb Gert Doering:
> Hi,
>
> On Sun, Feb 28, 2010 at 04:31:53PM +0100, David Sommerseth wrote:
>>> In the grand scheme of things, small whitespace changes might later on
>>> lead to a merge conflict with another patch in this line (like "introduce
>>> version 4" or so), and
This add adds CID which is needed by a few other management commands to the
status output. This will change the output of status in the same way commit
ca18a638aa7cf316611f893127ba44131e57083c did.
Signed-off-by: Arne Schwabe <a...@rfc2549.org>
---
src/openvpn/multi.c |9 +
Signed-off-by: Arne Schwabe <a...@rfc2549.org>
---
src/openvpn/socket.c | 89 ++
1 file changed, 39 insertions(+), 50 deletions(-)
diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c
index a34e78c..5b2bb9d 100644
--- a/src/openvpn/so
Some BSD need the right salen, max(sizeof(v4),sizeof(v6)) does not work. Since
sa_len is not a member in sockaddr for Linux and Windows and SA_LEN is no
available on Darwin, NetBSD explicitly set salem
Signed-off-by: Arne Schwabe <a...@rfc2549.org>
---
src/openvpn/socket.c
Some BSD need the right salen, max(sizeof(v4),sizeof(v6)) does not work. Since
sa_len is not a member in sockaddr for Linux and Windows and SA_LEN is no
available on Darwin, NetBSD explicitly set salem
Signed-off-by: Arne Schwabe <a...@rfc2549.org>
---
src/openvpn/socket.c
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Am 03.09.12 09:09, schrieb Gert Doering:
> Hi,
>
> On Mon, Sep 03, 2012 at 08:49:42AM +0200, Arne Schwabe wrote:
>> Some BSD need the right salen, max(sizeof(v4),sizeof(v6)) does not
work. Since sa_len is not a member in soc
---
src/openvpn/socket.c | 68 ++
1 file changed, 30 insertions(+), 38 deletions(-)
diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c
index 505cf3b..a9adf3f 100644
--- a/src/openvpn/socket.c
+++ b/src/openvpn/socket.c
@@ -2164,60 +2164,52
---
doc/openvpn.8 |6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/doc/openvpn.8 b/doc/openvpn.8
index f586744..bfc8c25 100644
--- a/doc/openvpn.8
+++ b/doc/openvpn.8
@@ -1582,7 +1582,11 @@ A helper directive designed to simplify the expression of
.B \-\-ping
and
.B
---
doc/openvpn.8 |4
1 file changed, 4 insertions(+)
diff --git a/doc/openvpn.8 b/doc/openvpn.8
index f586744..6b10fe4 100644
--- a/doc/openvpn.8
+++ b/doc/openvpn.8
@@ -1584,6 +1584,10 @@ and
.B \-\-ping-restart
in server mode configurations.
+The server timeout is set twice the
-by: Arne Schwabe <a...@rfc2549.org>
---
src/openvpn/options.c | 25 -
1 file changed, 24 insertions(+), 1 deletion(-)
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 534e319..0f1dfc1 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/opt
Adapt commit message from cf69617bbea45a15423c4188daa9386debcbe1ec for man page
and management documentation.
Signed-off-by: Arne Schwabe <a...@rfc2549.org>
---
doc/management-notes.txt | 28
doc/openvpn.8|5 +
2 files changed, 33 inse
In the old patch the if incorrectly closed the outer if condition. (closes
ticket #231)
---
src/openvpn/options.c | 10 ++
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 05a0f54..8717b89 100644
---
Am 22.10.12 00:40, schrieb Jonathan K. Bullard:
> A Tunnelblick user has reported odd behavior with name resolution
> failures. I can't tell if it is a bug in OpenVPN, a bug in the
> documentation, or something else. The behavior is apparently the same
> in OpenVPN 2.2.1 and 2.3alpha1.
>
> The 2.3
the route/route-ipv6/redirect-gateway options allocate the route structe with
max_routes number of routes. A max-routes after any of this commands has no
effect. This can be problematic
(http://code.google.com/p/ics-openvpn/issues/detail?id=101)
Signed-off-by: Arne Schwabe <a...@rfc2549.
Am 26.11.12 15:12, schrieb Joachim Schipper:
> When specifying --tls-client --cert ... without a --key (or --pkcs11) option,
> OpenVPN should complain: "You must define private key file (--key)...". Ensure
> that this works even when compiling with MANAGMENT_EXTERNAL_KEY.
>
> Signed-off-by:
inal-Patch-by: Found by Joachim Schipper <joachim.schip...@fox-it.com>
Signed-off-by: Arne Schwabe <a...@rfc2549.org>
---
src/openvpn/options.c |4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 5f19c27..a8843ed 10
---
src/openvpn/socket.c |2 +-
src/openvpn/socket.h |5 -
2 files changed, 1 insertion(+), 6 deletions(-)
diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c
index 505cf3b..21a4b2b 100644
--- a/src/openvpn/socket.c
+++ b/src/openvpn/socket.c
@@ -158,7 +158,7 @@
---
src/openvpn/init.c |5 +--
src/openvpn/route.c |1 +
src/openvpn/socket.c | 52 --
src/openvpn/socket.h | 85 +++---
src/openvpn/tun.c| 16 ++
src/openvpn/tun.h|2 +-
6 files changed,
---
src/openvpn/socket.c |8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c
index b4d7ea7..7b4a4fb 100644
--- a/src/openvpn/socket.c
+++ b/src/openvpn/socket.c
@@ -186,15 +186,15 @@ openvpn_getaddrinfo (unsigned int flags,
after being
presented with the non overridden remote.
Overriding all remote options can also be done by management-query-remote and
issuing remote MOD or by changing alll remote statements in the configuration.
Also: remove unused variable newcycle
Signed-off-by: Arne Schwabe <a...@rfc2549.
Signed-off-by: Arne Schwabe <a...@rfc2549.org>
---
src/openvpn/socket.c | 509 --
1 file changed, 282 insertions(+), 227 deletions(-)
diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c
index 31d05eb..3a9af65 100644
--- a/src/openvpn/so
---
src/openvpn/socket.c | 68 ++
1 file changed, 30 insertions(+), 38 deletions(-)
diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c
index 5a99de5..8a3301f 100644
--- a/src/openvpn/socket.c
+++ b/src/openvpn/socket.c
@@ -2152,60 +2152,52
This delays error reporting from config parsing to resolving of host addresses.
But it allows statements like
remote openvpn.example.org openvpn
port https
management localhost ntp
Signed-off-by: Arne Schwabe <a...@rfc2549.org>
---
doc/openvpn.8 |8 +--
src/openvpn/init.c
Splitting will make the code a little bit cleaner and prepares for dual stack
Signed-off-by: Arne Schwabe <a...@rfc2549.org>
---
src/openvpn/error.c |6 +-
src/openvpn/forward.c |8 +--
src/openvpn/init.c| 21 +++
src/openvpn/options.c | 69 ++--
On 30.11.2012 20:17, Arne Schwabe wrote:
Change meaning from udp and tcp to allow both IPv4 and IPv6. Introducue new
udp4 and tcp4 to force IPv4.
The tcp4 and tcp6 should only temporary. I will later follow up with a
patch which cleans up the protocol names and options. But I did not want
Fix the "WARNING: 'proto' is used inconsistently, local='proto UDP',
remote='proto UDPv6'." message.
Note that the on wire strings are now always TCPv4 and UDPv4 to be compatible
to pre2.3
Signed-off-by: Arne Schwabe <a...@rfc2549.org>
---
src/openvpn/socket.c | 22 +
Am 02.12.12 22:11, schrieb Gert Doering:
> Rename process_ipv4_header() to process_ip_header() and PIPV4_MSSFIX
> flag to PIP_MSSFIX, to make visible that it's no longer IPv4-only.
>
> Inside process_ip_header(), call out to mss_fixup_ipv6() if --mssfix
> is active and IPv6 packet seen.
>
> Rename
1 - 100 of 2428 matches
Mail list logo