Re: [Openvpn-devel] autoconf/automake warnings

On Fri, Aug 12, 2016 at 6:30 AM, David Sommerseth < open...@sf.lists.topphemmelig.net> wrote: > On 12/08/16 03:14, Selva Nair wrote: > > > > > > On Thu, Aug 11, 2016 at 2:50 PM, David Sommerseth > > <open...@sf.lists.topphemmelig.net > > <mai

Re: [Openvpn-devel] Error: when using --tun-ipv6, if you have more than one TAP-Windows adapter, you must also specify --dev-node

Hi, On Thu, Aug 18, 2016 at 9:11 AM, debbie10t wrote: > Thu Aug 18 13:54:41 2016 us=240792 MANAGEMENT: > >STATE:1471524881,ASSIGN_IP,,10.8.0.6,12fc:1918::10:8:0:1000 > Thu Aug 18 13:54:41 2016 us=240792 MANAGEMENT: Client disconnected > Thu Aug 18 13:54:41 2016

Re: [Openvpn-devel] [PATCH] reload HTTP proxy credentials when moving to the next connection profile

Hi, On Tue, Jan 31, 2017 at 1:22 PM, Antonio Quartulli wrote: > iff --git a/src/openvpn/proxy.c b/src/openvpn/proxy.c > index b0ed3279..27f34bed 100644 > --- a/src/openvpn/proxy.c > +++ b/src/openvpn/proxy.c > @@ -256,7 +256,16 @@ username_password_as_base64(const struct >

[Openvpn-devel] [PATCH] Make auth-nocache cooperate with auth-token

From: Selva Nair <selva.n...@gmail.com> - Keep the username even if auth-nocache is specified so that any auth_token pushed by the server could be utilized - When auth-token is received, set nocache = false in user_pass Note: When handling of auth failure due to token expiry is fixed, re

Re: [Openvpn-devel] [PATCH] Make auth-nocache cooperate with auth-token

Hi, On Wed, Feb 8, 2017 at 10:01 PM, Antonio Quartulli <a...@unstable.cc> wrote: > On Wed, Feb 08, 2017 at 02:25:44PM -0500, selva.n...@gmail.com wrote: > > From: Selva Nair <selva.n...@gmail.com> > > > > - Keep the username even if auth-nocache is specified so

Re: [Openvpn-devel] [PATCH] reload HTTP proxy credentials when moving to the next connection profile

On Wed, Feb 1, 2017 at 3:33 AM, Antonio Quartulli wrote: > On Wed, Feb 01, 2017 at 11:04:55AM +0800, Antonio Quartulli wrote: > > > That said, there is one issue with this approach. Looks like SIGUSR1 > > > restarts will now always prompt for proxy password, which is not >

Re: [Openvpn-devel] [PATCH v2] Fix user's group membership check in interactive service to work with domains

Hi, On Sat, Jan 14, 2017 at 4:16 PM, <selva.n...@gmail.com> wrote: > From: Selva Nair <selva.n...@gmail.com> > > Currently the username unqualified by the domain is used to validate > a user which fails for domain users. Instead authorize the user > > (

Re: [Openvpn-devel] [PATCH] Resolving several travis-ci issues:

On Fri, Jan 27, 2017 at 10:08 AM, David Sommerseth < open...@sf.lists.topphemmelig.net> wrote: > On 27/01/17 14:56, Илья Шипицин wrote: > > > > > > > may I ask you something in turn ? > > I cannot read other people thoughts, if there's something wrong with my > > patch, there's no other known

Re: [Openvpn-devel] [PATCH applied] Add a check for -Wl, --wrap support in linker

On Fri, Jan 20, 2017 at 1:16 PM, David Sommerseth wrote: > Your patch has been applied to the following branches > > commit f91ab283a407e25c4b32aecb390911b212ce2694 (master) > commit 2f5f1d8fffcba26d21d47cbcb1e99e0e1c313568 (release/2.4) > I am curious to know whether the

Re: [Openvpn-devel] ASLR/DEP -enabled 2.4.0 Windows installer available

Hi, On Fri, Jan 20, 2017 at 11:42 AM, Selva Nair <selva.n...@gmail.com> wrote: > On Fri, Jan 20, 2017 at 9:43 AM, Samuli Seppänen <sam...@openvpn.net> >> wrote: >> Thanks for testing! I think we just have to merge the ASLR/DEP change in >> openvpn-build and see

Re: [Openvpn-devel] [PATCH applied] Add a check for -Wl, --wrap support in linker

Hi, On Fri, Jan 20, 2017 at 4:40 PM, Gert Doering <g...@greenie.muc.de> wrote: > On Fri, Jan 20, 2017 at 03:38:46PM -0500, Selva Nair wrote: > > I am curious to know whether the opensolaris buildbot (there is one isn't > > it?) run and pass all tests? > > There is one,

Re: [Openvpn-devel] [PATCH v2] Fix user's group membership check in interactive service to work with domains

On Mon, Feb 20, 2017 at 7:18 AM, Gert Doering <g...@greenie.muc.de> wrote: > On Sat, Jan 14, 2017 at 04:16:29PM -0500, selva.n...@gmail.com wrote: > > From: Selva Nair <selva.n...@gmail.com> > > > > Currently the username unqualified by the domain is used t

Re: [Openvpn-devel] [PATCH] Fix building with LibreSSL 2.5.1 by cleaning a hack.

Hi, On Mon, Feb 13, 2017 at 3:55 PM, Olivier W wrote: > >> That's a not exactly helpful error message... :( - I tend to just turn > >> off SSL on stuff that goes to public mailing lists anyway if it causes > >> issues... > > > > OpenSSL errors requires quite some efforts

Re: [Openvpn-devel] ASLR/DEP -enabled 2.4.0 Windows installer available

Hi, On Mon, Jan 23, 2017 at 4:55 AM, Samuli Seppänen wrote: > >> Checked this on win7. Process explorer shows ASLR flag is set on the >> executable. But ASLR is not really active. The GUI is loaded at the same >> address each time (as per vmmap from sysinternals). I see no

Re: [Openvpn-devel] [PATCH] Add a check for -Wl, --wrap support in linker

Hi, Thanks for the comments. On Thu, Jan 19, 2017 at 9:41 AM, David Sommerseth < open...@sf.lists.topphemmelig.net> wrote: > Any reason to have this AC_DEFINE? That puts HAVE_LD_WRAP_SUPPORT into > config.h, which I don't think makes much sense. If we don't have --wrap > support, would we

[Openvpn-devel] [PATCH] Add a check for -Wl, --wrap support in linker

From: Selva Nair <selva.n...@gmail.com> - Also make tests that require --wrap option to be conditional on this support Signed-off-by: Selva Nair <selva.n...@gmail.com> --- configure.ac | 26 ++ tests/unit_tests/openvpn/Makefile.am |

Re: [Openvpn-devel] [PATCH] Add a check for -Wl, --wrap support in linker

Hi, On Thu, Jan 19, 2017 at 2:36 PM, David Sommerseth < open...@sf.lists.topphemmelig.net> wrote: > > So currently its just a preprocessor define that provides a solution > > waiting for a problem. If the consensus is not to define it, fine with > me. > > I have no issues adding such an

Re: [Openvpn-devel] block-outside-dns and multiple tunnels

Hi, On Tue, Aug 16, 2016 at 1:42 PM, Selva Nair <selva.n...@gmail.com> wrote: > Hi, > > On Tue, Aug 16, 2016 at 12:41 PM, ValdikSS <i...@valdikss.org.ru> wrote: > >> This is known issue (for me), and it was superficially discussed on IRC >> at some poi

[Openvpn-devel] [PATCH master] Support --block-outside-dns on multiple tunnels

. They get automatically removed when the process exits. The sublayer will, however, persist until reboot. Resolves Trac 718 Tested on Windows 7, 10 with/without interactive service Signed-off-by: Selva Nair <selva.n...@gmail.com> --- src/openvpn/block_dns.c

Re: [Openvpn-devel] Modernising the management interface

Hi, On Wed, Aug 31, 2016 at 4:11 PM, David Sommerseth wrote: > > It is not being planned to remove the management interface. If > > D-Bus works well for everyone on all platforms, then we can discuss > > what to do next. But as of now, I have no plans to

Re: [Openvpn-devel] [PATCH (master)] Drop gnu89/c89 support, switch to c99

On Sun, Aug 28, 2016 at 3:46 PM, Steffan Karger wrote: > On 28 August 2016 at 21:42, Steffan Karger wrote: > > Previously, we would use the compiler's default C version, which defaults > > to gnu89 for GCC < 5, gnu11 for GCC > 5, and c11 for clang, but

Re: [Openvpn-devel] autoconf/automake warnings

Hi, You are right, it was me who introduced reference to sources in subdir to avoid duplication when block-dns support was added to the interactive service. On Thu, Aug 11, 2016 at 2:50 PM, David Sommerseth < open...@sf.lists.topphemmelig.net> wrote: > Hi, > > I noticed a few errors today when

[Openvpn-devel] [PATCH] Avoid format specifier %zu for Windows compatibility

does warn that z is an unknown conversion type. v2: Cast to (unsigned int) instead of (int). Signed-off-by: Selva Nair <selva.n...@gmail.com> --- src/openvpn/crypto.c |4 ++-- src/openvpn/options.c |4 ++-- src/openvpn/ssl_mbedtls.c |4 ++-- 3 files changed, 6

Re: [Openvpn-devel] autoconf/automake warnings

On Thu, Aug 11, 2016 at 2:50 PM, David Sommerseth wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > > Hi, > > I noticed a few errors today when building OpenVPN on Fedora 23. The > attached patch resolves this. But it breaks 'make' when it reaches

Re: [Openvpn-devel] [PATCH v4.1] systemd: Do not mask usernames when querying for it via systemd-ask-password

On Thu, Aug 11, 2016 at 10:33 AM, David Sommerseth wrote: > In systemd after version 216, systemd-ask-password will support --echo > which > will avoid masking the user input. As OpenVPN uses this mechanism > collecting > usernames when systemd is available, this will avoid

[Openvpn-devel] [PATCH v4 2/4] Re-implement the systemd support using the new query user API

(sending again with the list in CC:) Mon, Aug 8, 2016 at 3:28 PM, David Sommerseth wrote: > This provides exactly the same systemd functionality which existed > before the query user infrastructure got implemented. > > [v4 - change disapproved &= syntax ] > > [v3 -

[Openvpn-devel] [PATCH master v2] Support --block-outside-dns on multiple tunnels

ll filters are added in dynamic sessions as before. They get automatically removed when the process exits. The sublayer will, however, persist until reboot. Resolves Trac 718 Tested on Windows 7, 10 with/without interactive service Signed-off-by: Selva Nair <selva.n...@gmail.com>

[Openvpn-devel] [PATCH 2.3 v2] Support --block-outside-dns on multiple tunnels

e-resolved fwpm functions Tested on Windows 7, 10 Signed-off-by: Selva Nair <selva.n...@gmail.com> --- src/openvpn/win32.c | 108 +-- src/openvpn/win32_wfp.h | 23 +++--- 2 files changed, 102 insertions(+), 29 deletions(-) diff --git a/s

Re: [Openvpn-devel] [PATCH] Fix win32 building with C99 mode

Hi, On Sat, Sep 17, 2016 at 9:20 AM, Gert Doering wrote: > In -std=c99 mode, WIN32 is not defined to be "1" anymore, but just > "#define WIN32" - so the "#if WIN32" breaks, needs to be "#ifdef WIN32" > Indeed... To depend on the compiler or system headers to define WIN32

Re: [Openvpn-devel] [PATCH] Fix win32 building with C99 mode

On Sun, Sep 18, 2016 at 2:59 AM, Gert Doering wrote: > Ah. Here we go... trying to redefine WIN32 at the end of syshead.h > shows what is happening: > > In file included from /usr/share/mingw-w64/include/windef.h:8:0, > from

Re: [Openvpn-devel] [PATCHv2] Fix win32 building with C99 mode

Hi, On Sun, Sep 18, 2016 at 8:14 AM, Gert Doering <g...@greenie.muc.de> wrote: > In -std=c99 mode, WIN32 is not defined to be "1" anymore, but just > "#define WIN32" - so the "#if WIN32" breaks, needs to be "#ifdef WIN32" > > v2: also

Re: [Openvpn-devel] Feature proposal: tls-crypt

Hi, On Sun, Sep 18, 2016 at 8:25 AM, Steffan Karger wrote: > Hi, > > On 27 July 2016 at 16:42, Steffan Karger > wrote: > > Our customers, as well as community users, have asked for encryption of > > control channel packets to hide their certificate

Re: [Openvpn-devel] [PATCH] Have the same username/password length regardless of PKCS#11 enablement

Hi, On Thu, Sep 22, 2016 at 6:04 AM, David Sommerseth wrote: > If running an OpenVPN client with --enable-pkcs11 and a server without > and having a username and/or password with more than 128 characters, > the authentication will fail as the server truncates the password >

Re: [Openvpn-devel] [PATCH] Have the same username/password length regardless of PKCS#11 enablement

Hi, On Thu, Sep 22, 2016 at 1:44 PM, David Sommerseth < open...@sf.lists.topphemmelig.net> wrote: > On 22/09/16 18:43, Selva Nair wrote: > > > > Also usernames > 64 bytes will break --username-as-common-name as > > CN is limited to 64 bytes (could 64 code po

Re: [Openvpn-devel] [PATCH] Remove static global allocation of HTTP proxy user/passwords

Hi, On Thu, Sep 22, 2016 at 3:40 PM, David Sommerseth wrote: > This avoids allocating static memory which is not used unless the > a HTTP proxy with authentication is configured. . The only place the original code referred to the global static_proxy_user_pass appears

Re: [Openvpn-devel] extended error messages ?

On Fri, Sep 23, 2016 at 10:14 AM, Илья Шипицин wrote: > > login/password are correct, but ... > > 1) password is expired > 2) acount is disabled > 3) access is not permitted If you use management-client-auth on the server side, you can return a reason for failure.

[Openvpn-devel] private key from management-interface

Hi, I am implementing a VPN setup using OpenVPN for a few users most of who use Windows and the server also has to run on Windows. I can't have users running openvpn with root privilege so I've settled on using the service option with a management-interface client running with limited user

Re: [Openvpn-devel] New OpenVPN Windows installers (I004 and I604) released

Currently OpneVPN-MI-GUI does work without elevated privileges using openvpn service and the management interface. I have a small user-base who have been happily using it this way for more than a year now. In my view if OpenVPN distribution could bundle the MI-GUI, it would be of great help.

[Openvpn-devel] Fwd: New OpenVPN Windows installers (I004 and I604) released

Hi, On Tue, Oct 21, 2014 at 10:26 AM, Gert Doering <g...@greenie.muc.de> wrote: > On Tue, Oct 21, 2014 at 09:55:09AM -0400, Selva Nair wrote: >> Currently OpneVPN-MI-GUI does work without elevated privileges using >> openvpn service and the management interface. I have

Re: [Openvpn-devel] New OpenVPN Windows installers (I004 and I604) released

Correction: > Locally, I have patched it to pass the > certificate key as well although we don't normally use that option. I meant to say respond to RSA_SIGN requests so that the private key need not be in the config. Selva

Re: [Openvpn-devel] Fwd: New OpenVPN Windows installers (I004 and I604) released

Hi, On Tue, Oct 21, 2014 at 3:28 PM, Gert Doering wrote: > > > The MI-GUI solves that problem right now as opposed to sometime in > future. > > True, this should have been integrated much sooner. We expected a 2.4 > release early 2014, not "maybe q2 2015" or such, but

Re: [Openvpn-devel] OpenVPN 2.3.7-I602-x86_64.exe download 404 Error

On Wed, Jul 1, 2015 at 10:49 AM, Jan Just Keijser wrote: > On 01/07/15 16:41, Gert Doering wrote: > > Hi, > > > > On Wed, Jul 01, 2015 at 03:05:44PM +0100, debbie...@gmail.com wrote: > >> Resolving swupdate.openvpn.org (swupdate.openvpn.org)... 104.28.1.12, > >> 104.28.0.12 >

Re: [Openvpn-devel] Adding routes on Windows using DHCP

On Wed, Jul 8, 2015 at 12:26 PM, Jan Just Keijser wrote: > > FWIW: I've patched openvpn to set routes using DHCP on Windows and yes, > it works: I can add any route to the system routing tables, including > 0.0.0.0/1 and 128.0.0.1/1 ; this could be used as an alternative to >

Re: [Openvpn-devel] Adding routes on Windows using DHCP

On Thu, Jul 9, 2015 at 7:45 AM, Jan Just Keijser wrote: > as usual, Gert is right :( > I've added an explicit /32 route to the OpenVPN server via DHCP , which > Windows picks up, including the right LAN GW address *BUT* it associates > it with the VPN interface, not the

[Openvpn-devel] Interactive windows service

Starting a new thread as this is somewhat tangential to the original On Sat, Oct 17, 2015 at 2:59 AM, Heiko Hund wrote: > > - The OpenVPN-GUI we bundle has several major issues, most related to > > having to run it as an admin > > The interactive service that I posted a

Re: [Openvpn-devel] Creating a Windows team for OpenVPN?

On Mon, Oct 19, 2015 at 4:14 PM, Fish Wang wrote: > Regarding Windows OpenVPN GUI: I have an internal fork of this OpenVPN GUI > (https://github.com/jochenwierum/openvpn-manager) from jochenwierum, with > many bug fixes and improvements, and it works fairly well on Windows.

Re: [Openvpn-devel] Interactive windows service

On Tue, Oct 20, 2015 at 6:30 AM, Heiko Hund <heiko.h...@sophos.com> wrote: > On Saturday 17 October 2015 11:44:07 Selva Nair wrote: > > Is there a public repo where I can access this? I have been using a > > patched MI-GUI to avoid needing admin priv on windows

Re: [Openvpn-devel] Interactive windows service

On Tue, Oct 20, 2015 at 1:23 PM, Heiko Hund <heiko.h...@sophos.com> wrote: > On Tuesday 20 October 2015 13:11:44 Selva Nair wrote: > > Thanks for the link. I cloned it, but it appears to be the same as a late > > 2014 (early 2.3.x ?) version. In particular, the s

Re: [Openvpn-devel] Creating a Windows team for OpenVPN?

On Tue, Oct 20, 2015 at 7:01 AM, Samuli Seppänen wrote: > > > On Tuesday 20 October 2015 10:15:22 Samuli Seppänen wrote: > Are you saying that the interactive service also doubles as a Windows > system service? If so, can it be configured to autostart selected >

Re: [Openvpn-devel] Creating a Windows team for OpenVPN?

Hi Debbie, On Tue, Oct 20, 2015 at 5:06 PM, wrote: > ho hum > > > -Original Message- > > From: David Sommerseth [mailto:openvpn.l...@topphemmelig.net] > > Sent: Monday, October 19, 2015 3:01 PM > > To: Morris, Russell ; Heiko Hund > >

Re: [Openvpn-devel] Creating a Windows team for OpenVPN?

Hi, On Wed, Oct 21, 2015 at 7:54 AM, Morris, Russell wrote: > Hi, > > Lots of discussion on this - awesome to see! Perhaps a dumb question, but > I can see a few different ways to go on this, as I see comments about > services, applications, etc. ... so a couple thoughts, >

[Openvpn-devel] Fwd: Creating a Windows team for OpenVPN?

Hi, On Thu, Oct 22, 2015 at 1:44 AM, Heiko Hund <heiko.h...@sophos.com> wrote: > On Tuesday 20 October 2015 22:12:06 Selva Nair wrote: > > > But a sever admin would not want it in the system as it can allow any > user > > with some VPN server account to

Re: [Openvpn-devel] Creating a Windows team for OpenVPN?

Hi, On Thu, Oct 22, 2015 at 3:58 PM, Morris, Russell wrote: > Hi, > > Just checked - yep, 9.0.0.21. It seems to be from 2014 though? > > And to the other email I just sent (that seemed to bounce?), > Probably my mistake, in one of the posts I changed the address from devel

Re: [Openvpn-devel] Creating a Windows team for OpenVPN?

Hi, This may be getting way too off-topic for this thread... Please consider starting a new thread on this TAP I/O error. On Fri, Oct 23, 2015 at 8:46 AM, Morris, Russell wrote: > Hi, > > > > Let me try to collect some logs – the issue is that I’m using NSSM … so it >

Re: [Openvpn-devel] Creating a Windows team for OpenVPN?

Hi, On Sat, Oct 24, 2015 at 7:12 AM, Jason Haar wrote: > On 22/10/15 20:50, Gert Doering wrote: > > I've heard people ask for "we need the VPN to be up before user login so > > windows domain login works!" - so the GUI won't be around yet. > > > > Now, not being a

Re: [Openvpn-devel] Topics for today's (Monday, 26th Oct 2015) community meeting

On Mon, Oct 26, 2015 at 11:17 AM, Gmail wrote: > Regarding the instability of connection in the windows version: I > overcame this long ago (and works well to this date) by building a tiny > script that periodically pings the the ovpn gateway (server). If no ping > reply

[Openvpn-devel] Windows: stopping openvpn using nssm

Hi, When nssm is used to start openvpn, "nssm stop service-name" appears to terminate the process not so gracefully. Especially, the log doesn't show the usual "SIGTERM received, sending exit-notify" (for example) nor does the the management interface get the state change message saying EXITING.

Re: [Openvpn-devel] Windows: stopping openvpn using nssm

On Mon, Nov 2, 2015 at 3:31 AM, Samuli Seppänen wrote: >> >> I thought adding --service to the command line may cure this, but it >> doesn't. Any suggestions on how to teach openvpn to process termination >> by nssm as a SIGTERM, or make nssm send a SIGTERM? > > > Hi, > >

[Openvpn-devel] [PATCH] Fix termination when windows suspends/sleeps

/resume. Signed-off-by: Selva Nair <selva.n...@gmail.com> --- src/openvpn/forward.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index 62eb6fc..cef063d 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@

Re: [Openvpn-devel] [PATCH applied] Re: Fix termination when windows suspends/sleeps

Hi, On Fri, Nov 6, 2015 at 4:12 PM, Gert Doering wrote: > On Fri, Nov 06, 2015 at 10:08:59PM +0100, Gert Doering wrote: >> ACK. Explanation makes sense, logs and testers demonstrate that it indeed >> fixes a significant problem, and the code is sane :-) - thanks. >> >> Your

[Openvpn-devel] Adding a ctrl-C handler in windows

Hi, I plan to add a control-C handler in win32.c. The handler will simply map it to SIGTERM. Is there any particular reason why control-C is not currently handled? We need this functionality to use nssm properly. When openvpn is started by nssm, the service has no good ways of gracefully

Re: [Openvpn-devel] Adding a ctrl-C handler in windows

Hi, On Mon, Nov 9, 2015 at 1:04 PM, James Yonan wrote: >>> I plan to add a control-C handler in win32.c. The handler will simply >>> map it to SIGTERM. Is there any particular reason why control-C is not >>> currently handled? >> >> Hi, >> >> I forwarded this email to James -

[Openvpn-devel] [PATCH for gui] Do not disconnect on suspend by default

the registry during an upgrade of exisitng installations, or notify the end user of the change in the default value of disconnect_on_suspend (0). Signed-off-by: Selva Nair <selva.n...@gmail.com> --- registry.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/regist

Re: [Openvpn-devel] [PATCH for gui] Do not disconnect on suspend by default

Hi, >> Requires the installer to update the registry during an upgrade of exisitng >> installations, or notify the end user of the change in the default value of >> disconnect_on_suspend (0). > > What does this patch *do*? Is this the "set up registry key on first > start" part (so we set the

[Openvpn-devel] [PATCH for gui v2] Do not disconnect on suspend

On Mon, Nov 9, 2015 at 3:56 PM, Gert Doering <g...@greenie.muc.de> wrote: > On Mon, Nov 09, 2015 at 03:35:23PM -0500, Selva Nair wrote: >> Requires the installer to update the registry during an upgrade of exisitng >> installations, or notify the end user of the change

[Openvpn-devel] [PATCH] Handle ctrl-C and ctrl-break events on Windows

On Mon, Nov 9, 2015 at 2:03 PM, Selva Nair <selva.n...@gmail.com> wrote: >> It's probably okay to just make CTRL-c generate a SIGTERM as F4 is >> already doing. >> >> James > > Thanks for the comment. > > In the interactive mode, the console is opened

[Openvpn-devel] [PATCH] Do not hard-code windows systemroot in env_block

FWIW, fixes trac #500 Signed-off-by: Selva Nair <selva.n...@gmail.com> --- src/openvpn/win32.c | 7 ++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/openvpn/win32.c b/src/openvpn/win32.c index 7c89a5a..d06b41f 100644 --- a/src/openvpn/win32.c +++ b/src/openvpn/w

Re: [Openvpn-devel] [PATCH] Do not hard-code windows systemroot in env_block

On Fri, Nov 13, 2015 at 2:38 AM, Gert Doering <g...@greenie.muc.de> wrote: > Hi, > > On Thu, Nov 12, 2015 at 09:41:27PM -0500, Selva Nair wrote: >> FWIW, fixes trac #500 >> >> Signed-off-by: Selva Nair <selva.n...@gmail.com> >> --- >> sr

Re: [Openvpn-devel] [PATCH] Do not hard-code windows systemroot in env_block

Hi, On Fri, Nov 13, 2015 at 10:27 AM, Gert Doering wrote: >> >> However, if the user specifies --win-sys some_cruft, win_sys_path will >> get set to that "some_cruft" (in options.c). User is the king. > > Yes. In this case, I do not worry at all - "you get what you ask

Re: [Openvpn-devel] [PATCH] Handle ctrl-C and ctrl-break events on Windows

Hi, On Fri, Nov 13, 2015 at 2:36 PM, Gert Doering <g...@greenie.muc.de> wrote: > On Wed, Nov 11, 2015 at 02:46:10PM -0500, Selva Nair wrote: > [..] >> Tested on windows 7 with cmd-line use and start/stop with nssm. For nssm, >> the default >> delay after ctrl-C is

Re: [Openvpn-devel] [PATCH v2] Add Windows DNS Leak fix using WFP ('block-outside-dns')

Hi, On Wed, Oct 28, 2015 at 3:47 AM, ValdikSS wrote: > This option is silently ignored on non-Windows platforms and works on > Vista+. > External DNS is blocked even if no DNS server configured (user may > configure it in the tap interface itself). > This option could be

Re: [Openvpn-devel] [PATCH v2] Add Windows DNS Leak fix using WFP ('block-outside-dns')

Hi, On Sat, Nov 14, 2015 at 3:20 PM, ValdikSS wrote: > Hi. > It stops resolving DNS right after connection for me every time too, but > that lasts 15 seconds at most, not the minutes. > Hmm.. one could live with 15 seconds but not 15 minutes. That's how long it took when

Re: [Openvpn-devel] [PATCH v2] Add Windows DNS Leak fix using WFP ('block-outside-dns')

On Sat, Nov 14, 2015 at 4:02 PM, Selva Nair <selva.n...@gmail.com> wrote: > > Could you please try with my windows 7 settings -- dhcp for wifi, fixed > dns server ip on tap, no firewall On more testing, the fixed dns address on the adapter appears to be the issue. If dns

Re: [Openvpn-devel] [PATCH v2] Add Windows DNS Leak fix using WFP ('block-outside-dns')

Hi, Here are some comments on the code -- there is one apparent memory leak (see below). .\"* > .TP > +.B \-\-block\-outside\-dns > +Block external DNS servers on other network adapters to prevent > the word "external" is not required

[Openvpn-devel] [PATCH] Handle ctrl-C and ctrl-break events on Windows

ses. This allows graceful termination of openvpn from programs such as nssm. Works in both console mode and service mode. Signed-off-by: Selva Nair <selva.n...@gmail.com> --- src/openvpn/win32.c | 53 + 1 file changed, 52 insertions(+) diff --

Re: [Openvpn-devel] OpenVPN-GUI now on GitHub + other Windows team things

Hi, On Fri, Nov 20, 2015 at 3:31 AM, Samuli Seppänen wrote: I added these instructions + David's notes here: > Thanks. I made some edits to the wiki (hope its ok). There were numerous typos in my email; also

Re: [Openvpn-devel] [PATCH] Handle ctrl-C and ctrl-break events on Windows

Hi, On Sun, Nov 22, 2015 at 10:18 AM, Gert Doering <g...@greenie.muc.de> wrote: > Hi, > > On Mon, Nov 16, 2015 at 09:48:09PM -0500, Selva Nair wrote: > > v2 changes > > - cleaner, hopefully easier to get a code review :) > > - handles both consol

Re: [Openvpn-devel] [PATCH v4-master] Add Windows DNS Leak fix using WFP ('block-outside-dns')

Hi, On Thu, Nov 19, 2015 at 10:20 AM, ValdikSS wrote: > This option blocks all out-of-tunnel communication on TCP/UDP port 53 > (except > for OpenVPN itself), preventing DNS Leaks on Windows 8.1 and 10. > This version looks fine and works as promised (tested on Win 7 and

Re: [Openvpn-devel] [PATCH v4-master] Add Windows DNS Leak fix using WFP ('block-outside-dns')

Hi, On Tue, Nov 24, 2015 at 3:11 PM, Gert Doering wrote: > > I still need help with 2.3 build system. If somebody willing to help me, > please use the attached version. > > Well, the 2.3 version would need all the #ifdefs around the code if not > running at VISTA level, and

Re: [Openvpn-devel] [PATCH v4-master] Add Windows DNS Leak fix using WFP ('block-outside-dns')

Hi, On Tue, Nov 24, 2015 at 12:49 PM, ValdikSS wrote: > I can't figure out why Thunderbird corrupts my patches. > Its not a thunderbird-specific malady, almost every mail client messes up with line breaks, adds extra spaces etc. As Gert suggested please use git

Re: [Openvpn-devel] [PATCH v4-master] Add Windows DNS Leak fix using WFP ('block-outside-dns')

On Wed, Nov 25, 2015 at 12:31 AM, ValdikSS wrote: > It's cron2 who wanted clear ifdefs for master, because there's no WinXP > support there. If WinXP support is really going away in 2.4, agreed, ifdef WIN32 is cleaner. That apart, the patch doesn't apply to 2.3, please

[Openvpn-devel] [PATCH] Unbreak reading username-password from management

Fix a bug introduced by commit 6e9373c84639382c16d9eb8f1f78f60079bb89df Signed-off-by: Selva Nair <selva.n...@gmail.com> --- Without this, management-query-passwords is broken. After successfully taking the username and password from management the code falls to the if block where it is pr

Re: [Openvpn-devel] [PATCH v4-master] Add Windows DNS Leak fix using WFP ('block-outside-dns')

Hi, On Wed, Nov 25, 2015 at 2:54 AM, Gert Doering wrote: > Hi, > > On Wed, Nov 25, 2015 at 08:31:23AM +0300, ValdikSS wrote: > > I need help with 2.3 build system. While the code itself would compile > fine, it won't link because I can't figure out how to link libraries >

Re: [Openvpn-devel] OpenVPN-GUI now on GitHub + other Windows team things

On Wed, Nov 25, 2015 at 11:48 AM, Morris, Russell wrote: > Hi, > > Yep, that makes sense - but Selva was thinking this would ignore the > libraries for now ... or did I misunderstand? > Yes, as a first test its easier to build without openssl and with my suggested configure

Re: [Openvpn-devel] OpenVPN-GUI now on GitHub + other Windows team things

Hi, On Wed, Nov 25, 2015 at 4:14 PM, Morris, Russell wrote: > Yep, that works better … J. Thanks! > > So did it compile? > > > Any pointers on fixing the OpenSSL “limitation”? > Its not a limitation. You just need cross-compiled openssl library and include files to

[Openvpn-devel] [PATCH take2] Unbreak read username password from management

Commit 6e9373c846.. introduced a bug by which auth-user-pass input falls back to read-from-stdin after successfully reading from management. Signed-off-by: Selva Nair <selva.n...@gmail.com> --- src/openvpn/misc.c |3 +++ 1 file changed, 3 insertions(+) diff --git a/src/openvpn/misc.c

Re: [Openvpn-devel] [PATCH take2] Unbreak read username password from management

Hi, On Thu, Nov 26, 2015 at 7:53 AM, Gert Doering <g...@greenie.muc.de> wrote: > On Thu, Nov 26, 2015 at 12:15:32AM -0500, Selva Nair wrote: > > Commit 6e9373c846.. introduced a bug by which auth-user-pass > > input falls back to read-from-stdin after successfully readin

Re: [Openvpn-devel] [PATCH v5-master] Add Windows DNS Leak fix using WFP ('block-outside-dns')

Hi, I did some tests on the patch for 2.3 [*]. Build for vista+ needed some hacking of configure.ac (but that's not relevant for this patch). For XP+, it builds out of the box. When the resulting exe is run on windows 7 with --block-outside-dns, it prints the following warning "NOTE:

[Openvpn-devel] [PATCH take3] Unbreak read username password from management

Commit 6e9373c846.. introduced a bug by which auth-user-pass or need-ok input falls back to read-from-stdin after successfully reading from management or console. Fix by treating stdin as the last option for input. Signed-off-by: Selva Nair <selva.n...@gmail.com> --- Changes: Delay the s

[Openvpn-devel] A request to those with commit rights

Hi, May I request to have --scissors option added by default to git am while applying patches? Sometimes its useful to add a comment above the commit message that is only meant to help code review. Placing such comments below the three dashes is not as effective. Thanks, Selva

Re: [Openvpn-devel] [PATCH] Use example.com to improve clarity of documentation

Hi, On Tue, Nov 17, 2015 at 7:51 PM, Phillip Smith wrote: > The example.com domain is set aside defined by IANA for use as > documentation > examples. Replacing references to "june.kg" etc., which could one day become someone's private domain, is not a bad move. Though, not

Re: [Openvpn-devel] [PATCH v5-master] Add Windows DNS Leak fix using WFP ('block-outside-dns')

Hi, On Sat, Nov 28, 2015 at 10:08 AM, ValdikSS wrote: > Hi! > > You have the point, note is confusing on XP. Changed it to "…on Windows > Vista or later". > That doesn't make it any less confusing. If I run a generic 2.3 (i.e no wfp) build on on windows 7. I'll get that

Re: [Openvpn-devel] [PATCH] Support duplicate x509 field values in environment

Hi, On Sat, Nov 28, 2015 at 5:03 AM, Steffan Karger wrote: > As reported in trac #387, an x509 DN can contain duplicate fields. > Previously, we would overwrite any previous field value with a new one if > we would process a second same-name field. Now, instead, append _$N,

Re: [Openvpn-devel] [PATCH] Reflect enable-password-save change in documentation

Hi, On Sun, Nov 29, 2015 at 1:52 PM, Arne Schwabe wrote: > --- a/doc/openvpn.8 > +++ b/doc/openvpn.8 > @@ -3800,10 +3800,7 @@ over the client's routing table. > Authenticate with server using username/password. > .B up > is a file containing username/password on 2 lines. If

Re: [Openvpn-devel] [PATCH] Also remove second Instanz von enable-password-save in the manage

On Sun, Nov 29, 2015 at 2:38 PM, Arne Schwabe wrote: > --- > doc/openvpn.8 | 5 + > 1 file changed, 1 insertion(+), 4 deletions(-) > > diff --git a/doc/openvpn.8 b/doc/openvpn.8 > index 3519e7d..1b9dcae 100644 > --- a/doc/openvpn.8 > +++ b/doc/openvpn.8 > @@ -4886,10

Re: [Openvpn-devel] [PATCH v7-master] Add Windows DNS Leak fix using WFP ('block-outside-dns')

Hi, On Sun, Nov 29, 2015 at 5:10 PM, ValdikSS wrote: > This option blocks all out-of-tunnel communication on TCP/UDP port 53 > (except > for OpenVPN itself), preventing DNS Leaks on Windows 8.1 and 10. v7 looks good and behaves as promised.. Tested v7-master and v7-2.3

Re: [Openvpn-devel] [PATCH v7-master] Add Windows DNS Leak fix using WFP ('block-outside-dns')

Hi, On Fri, Dec 4, 2015 at 12:14 AM, ValdikSS wrote: > These issues should be fixed. Please check PATCH v7. > I think you missed the NET_LUID one. I had thought this was fixed earlier, but v7 still has this issue On 04.12.2015 04:19, James Yonan wrote: > > These may have

[Openvpn-devel] [PATCH master] Add an autoconf macro to check WINAPI functions

This adds a macro file with a permissive license. Its small so I don't mind inlining the macro into configure.ac if that is preferred. ---8< Makes configure tests for Windows API neater and consistent. Signed-off-by: Selva Nair <selva.n...@gmail.com> --- check_symbols_in.

[Openvpn-devel] [PATCH 2.3] Add an autoconf macro to check WINAPI functions

Signed-off-by: Selva Nair <selva.n...@gmail.com> --- check_symbols_in.m4 | 43 +++ configure.ac| 17 + 2 files changed, 52 insertions(+), 8 deletions(-) create mode 100644 check_symbols_in.m4 diff --git a/check_symbols_i

[Openvpn-devel] [PATCH] Make default dhcp server ip offset = 0 for subnet topology

for windows clients. This change also brings the code in agreement with the comments in helper.c and the documentation. Signed-off-by: Selva Nair <selva.n...@gmail.com> --- src/openvpn/helper.c |2 +- src/openvpn/tun.c|2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git

  1   2   3   4   5   6   7   8   9   10   >