aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2008-11-17Version 2.1_rc14v2.1_rc14james2-8/+8
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3496 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-11-17* Added additional method parameter to --script-security to preservejames14-105/+383
backward compatibility with system() call semantics used in OpenVPN 2.1_rc8 and earlier. To preserve backward compatibility use: script-security 3 system git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3495 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-11-16Interim release.james2-1/+87
Version 2.1_rc13b git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3494 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-11-05Minor fix to previous commit (r3476).james1-3/+3
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3477 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-11-04Added config file option "setenv FORWARD_COMPATIBLE 1" to relaxjames3-3/+33
config file syntax checking to allow directives for future OpenVPN versions to be ignored. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3476 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-11-03Fixed revoke-full to deal with issue arising from additionjames1-1/+2
of KEY_NAME environmental variable parameter to openssl.cnf git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3472 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-11-03Fixed some ifconfig-pool issues that precludedjames3-10/+12
it from being combined with --server directive. Now, for example, we can configure thusly: server 10.8.0.0 255.255.255.0 nopool ifconfig-pool 10.8.0.2 10.8.0.99 255.255.255.0 to have ifconfig-pool manage only a subset of the VPN subnet. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3471 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-10-31Updated docs to reflect the addition ofjames3-3/+4
--status-version 3. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3468 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-10-31Added --no-name-remapping option to allow Common Name, X509 Subject,james4-3/+42
and username strings to include any printable character including space, but excluding control characters such as tab, newline, and carriage-return. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3467 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-10-31Added --status-version 3 which is the same as version 2james2-25/+28
except tabs are used as delimiters instead of commas. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3466 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-10-28Modified pkitool to allow flexibility in separatingjames1-14/+20
the Common Name convention from the cert/key filename convention. For example: KEY_CN="James's Laptop" KEY_NAME="james" ./pkitool james will crete a client certificate/key pair of james.crt/james.key having a Common Name of "James's Laptop" and a Name of "james". git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3463 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-10-28Added man page entry for new environmental variable setjames1-0/+37
X509_{n}_{subject_field}. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3462 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-10-28Added server-side --auth-user-pass-optional directive, to allowjames6-21/+57
connections by clients that do not specify a username/password, when a user-defined authentication script/module is in place (via --auth-user-pass-verify, --management-client-auth, or a plugin module). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3461 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-10-28Change to pkitool/openssl.cnf so that calling scripts canjames2-1/+16
set the KEY_NAME environmental variable to set the "name" X509 subject field in generated certificates. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3460 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-10-28Save X509 Subject fields to environment, using the naming convention:james1-0/+54
X509_{cert_depth}_{name}={value} git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3459 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-10-27Fixed informational message in ssl.c to properly indicatejames1-1/+5
deferred authentication. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3457 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-10-24Extended Management Interface "bytecount" commandjames5-29/+153
to work when OpenVPN is running as a server. Documented Management Interface "bytecount" command in management/management-notes.txt. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3452 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-10-24Added optional files SAMPCONF_CONF2 (second sample configurationjames2-0/+14
file) and SAMPCONF_DH (Diffie-Helman parameters) to Windows build system, and may be defined in settings.in. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3450 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-10-17Modified Windows domake-win build system to write all openvpn.nsijames5-49/+94
input files to gen, so that gen can be disconnected from the rest of the source tree and makensis openvpn.nsi will still function correctly. Added additional SAMPCONF_(CA|CRT|KEY) macros to settings.in (commented out by default). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3439 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-10-15Added additional warning messages about --script-security 2james4-3/+10
or higher being required to execute user-defined scripts or executables. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3436 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-10-14Added AC_GNU_SOURCE to configure.ac to enable struct ucred,james3-59/+324
with the goal of fixing a build issue on Fedora 9 that was introduced in 2.1_rc13. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3434 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-10-08Version 2.1_rc13v2.1_rc13james10-30/+43
Minor fixes to Windows build scripts. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3417 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-10-06Copyright notice changed to reflect change in name ofjames157-198/+194
Telethra to OpenVPN Technologies. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3409 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-09-30Management interface can now listen on a unixjames16-45/+693
domain socket, for example: management /tmp/openvpn unix Also added management-client-user and management-client-group directives to control which processes are allowed to connect to the socket. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3396 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-09-23Version 2.1_rc12v2.1_rc12james2-1/+10
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3349 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-09-19Fixed --lladdr bug introduced in 2.1-rc9 where input validation codejames3-2/+42
was incorrectly expecting the lladdr parameter to be an IP address when it is actually a MAC address (HoverHell). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3339 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-09-15Patched Makefile.am so that the new t_cltsrv-down.sh script becomesjames2-2/+3
part of the tarball (Matthias Andree). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3332 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-09-15Version 2.1_rc11v2.1_rc11james4-10/+38
Fixed a bug that can cause SSL/TLS negotiations in UDP mode to fail if UDP packets are dropped. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3330 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-09-10Version 2.1_rc10v2.1_rc10james2-1/+94
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3323 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-09-08Version 2.1_rc9bjames1-1/+1
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3318 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-09-08Fixed bug in intra-session TLS key rollover that was introduced withjames3-18/+68
deferred authentication features in 2.1_rc8. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3316 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-09-06Modified ip_or_dns_addr_safe, which validates pulled DNS names,james2-4/+16
to more closely conform to RFC 3696: * DNS name length must not exceed 255 characters * DNS name characters must be limited to alphanumeric, dash ('-'), and dot ('.') git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3312 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-09-062.1_rc8 and earlier did implicit shell expansion on scriptjames9-363/+350
arguments since all scripts were called by system(). The security hardening changes made to 2.1_rc9 no longer use system(), but rather use the safer execve or CreateProcess system calls. The security hardening also introduced a backward incompatibility with 2.1_rc8 and earlier in that script parameters were no longer shell-expanded, so for example: client-connect "docc CLIENT-CONNECT" would fail to work because execve would try to execute a script called "docc CLIENT-CONNECT" instead of "docc" with "CLIENT-CONNECT" as the first argument. This patch fixes the issue, bringing the script argument semantics back to pre 2.1_rc9 behavior in order to preserve backward compatibility while still using execve or CreateProcess to execute the script/executable. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3311 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-09-04Added --allow-pull-fqdn option which allows client to pull DNS namesjames5-12/+45
from server (rather than only IP address) for --ifconfig, --route, and --route-gateway. OpenVPN versions 2.1_rc7 and earlier allowed DNS names for these options to be pulled and translated to IP addresses by default. Now --allow-pull-fqdn will be explicitly required on the client to enable DNS-name-to-IP-address translation of pulled options. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3307 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-08-11Fixed minor compile issue in ntlm.c (mid-block declaration).james1-2/+4
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3222 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-08-11LZO compression buffer overflow errors will now invalidatejames1-1/+7
the packet rather than trigger a fatal assertion. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3221 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-08-10Workaround bug in OpenSSL 0.9.6b ASN1_STRING_to_UTF8, whichjames2-5/+2
the new implementation of extract_x509_field_ssl depends on. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3220 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-08-10Fixed build issue with ./configure --disable-socks --disable-http.james3-4/+4
Fixed separate compile errors in options.c and ntlm.c that occur on strict C compilers (such as old versions of gcc) that require that C variable declarations occur at the start of a {} block, not in the middle. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3219 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-08-10Tagged security fix in 2.1-rc9 as CVE-2008-3459.james1-0/+1
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3218 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-08-10Updated openvpn/t_cltsrv.sh (used by "make check") to conform to newjames2-14/+44
--script-security rules. Also adds retrying if the addresses are in use (Matthias Andree). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3217 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-08-05Reverted r3181, accomplish the same thing via a special casejames3-21/+16
for Windows stdcall functions in configure.ac (Alon Bar-Lev). Minor fix to cryptoapi.c to not compile itself unless USE_CRYPTO and USE_SSL flags are enabled (Alon Bar-Lev). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3183 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-08-05Workaround for MinGW autoconf issue where HAVE_SETSOCKOPT,james1-0/+12
HAVE_GETSOCKOPT, and HAVE_POLL are undefined even though the underlying functions are present. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3181 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-08-05Added additional warnings to flag common gotchas:james5-27/+133
* Warn when ethernet bridging that the IP address of the bridge adapter is probably not the same address that the LAN adapter was set to previously. * When running as a server, warn if the LAN network address is the all-popular 192.168.[0|1].x, since this condition commonly leads to subnet conflicts down the road. * Primarily on the client, check for subnet conflicts between the local LAN and the VPN subnet. Added a 'netmask' parameter to get_default_gateway, to return the netmask of the adapter containing the default gateway. Only implemented on Windows so far. Other platforms will return 255.255.255.0. Currently the netmask information is only used to warn about subnet conflicts. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3179 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-08-04Fixed minor issue with --redirect-gateway bypass-dhcp or bypass-dnsjames1-1/+1
on Windows. If the bypass IP address is 0.0.0.0 or 255.255.255.255, ignore it. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3177 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-08-02Added "--server-bridge" (without parameters) to enablejames14-34/+427
DHCP proxy mode: Configure server mode for ethernet bridging using a DHCP-proxy, where clients talk to the OpenVPN server-side DHCP server to receive their IP address allocation and DNS server addresses. Added "--route-gateway dhcp", to enable the extraction of the gateway address from a DHCP negotiation with the OpenVPN server-side LAN. Modified client.conf and server.conf to reflect new option modes. Incremented version to 2.1_rc9a. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3164 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-08-01Version 2.1_rc9v2.1_rc9james1-2/+2
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3155 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-07-31In Windows build, package a statically linked openssl.exe to work aroundjames4-13/+6
observed instabilities in the dynamic build since the migration to OpenSSL 0.9.8h. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3149 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-07-31Updated ChangeLog and version number.james2-1/+22
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3147 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-07-27Added additional warnings for:james1-0/+7
* --tls-remote -- some people misunderstand the semantics * --script-security -- warn if script-security will allow user-defined scripts to be called, and also warn separately if passwords may be passed to scripts via the environment git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3129 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-07-27Added additional defensive programming to buffer.[ch] functions.james2-26/+118
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3128 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-07-27Added a warning message when passwords are cached in memory.james1-0/+4
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3127 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-07-26Perform additional input validation on options pulledjames7-64/+230
by client from server. Fixes --iproute vulnerability. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3126 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-07-26Fixed compiler warnings in Windows build (MinGW).james6-5/+8
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3125 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-07-26Completely revamped the system for calling external programs and scripts:james23-420/+1098
* All external programs and scripts are now called by execve() on unix and CreateProcess on Windows. * The system() function is no longer used. * Argument lists for external programs and scripts are now built by the new argv_printf function which natively outputs to string arrays (i.e. char *argv[] lists), never truncates its output, and eliminates the security issues inherent in formatting and parsing command lines, and dealing with argument quoting. * The --script-security directive has been added to offer policy controls on OpenVPN's execution of external programs and scripts. Also added a new plugin example (openvpn/plugin/examples/log.c) that logs information to stdout for every plugin method called by OpenVPN. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3122 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-07-23Added argv_x functions to buffer.[ch] to be used to safely buildjames3-0/+265
up argv strings for execve without the possibility of truncation or misinterpretation of mid-argument spacing. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3107 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-07-19buf_printf will now return false on errors, such as truncationjames2-3/+8
due to overflow. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3085 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-07-19Modified extract_x509_field_ssl to return a status value indicatingjames1-37/+41
success/error, and any truncation of output due to an insufficiently large output buffer will be cause for error. In verify_callback, read X509 Subject Name without truncation. In verify_callback, rather than silently truncating Common Name at 64 bytes, throw an error if Common Name is larger than 64 bytes. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3084 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-07-19Replace leading dash ('-') characters in an X509 name with underbars ('_')james3-0/+19
before calling user-defined scripts, to preclude the chance of a leading dash being interpreted as an option prefix. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3083 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-07-18Added a warning when plugins are specified withoutjames3-1/+28
an absolute pathname. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3082 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-07-18Reverted some recent buffer.[ch] changes, including r3058 (except forjames3-64/+21
likely() and unlikely() macro additions to syshead.h) and r3061. I would like to give more thought to the bigger issue of fortifying buffer.[ch] through the use of additional defensive programming techniques. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3081 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-07-18Fixed format string issue in read_inline_file,james1-1/+1
used in the config file parser. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3078 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-07-18status_printf function will now set error flag onjames2-7/+24
output truncation or failure of write() to write the expected number of bytes. Raised STATUS_PRINTF_MAXLEN to 512 (from 256). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3077 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-07-18gen_path will no longer silently truncate the generatedjames2-1/+15
filename at 256 bytes. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3076 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-07-18Fixed code inclusion bug that was erroneously testingjames2-6/+9
defined(P2MP_SERVER) rather than P2MP_SERVER. Fixed compile issues when USE_CRYPTO is undefined. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3075 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-07-18Modified create_temp_filename to create unpredictablejames1-5/+12
filenames. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3074 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-07-17Previously, OpenVPN might log a client's auth-user-passjames3-2/+19
password if the verbosity was set to a high debug level such as 7 or higher. Normally this would only be used by developers. Now, even at high debug levels, the password will not be output. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3073 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-07-17gen_path now rejects filenames that match Windowsjames3-1/+72
device names such as CON, NUL, LPT1, etc. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3072 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-07-17Call prng_init after fork in background processjames1-0/+4
created by port_share_open, so as to ensure a newly seeded PRNG sequence. This is strictly defensive programming since port_share_proxy currently does not use the PRNG. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3070 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-07-17Added warning when using chroot without specifying user and group.james1-0/+3
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3069 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-07-17Check for multiplication overflow on ALLOC_ARRAY* functions.james2-4/+16
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3068 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-07-17Removed old version of extract_x509_field.james1-40/+0
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3066 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-07-17Support wraparound of reliable.[ch] packet IDs. Injames1-12/+44
practice, wraparound of the packet ID sequence is extremely unlikely since the sequence is restarted for each mid-session TLS renegotiation. But we will support it for completeness. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3065 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-07-17Fixed a potential information leak in the new NTLM phase 3 code,james2-8/+21
as well as a failure of the code to check the return value from base64_decode. Fixed compiler warnings in the new NTLM phase 3 code about implicit casting between signed and unsigned char *. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3064 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-07-17Fixed issue in read_key_file, where the return value ofjames1-1/+3
read() wasn't being checked for errors. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3063 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-07-16Added SOCKET_SND_RCV_BUF_MAX constant (set to 1000000) to limit thejames2-5/+16
maximum size passed to setsockopt SNDBUF/RCVBUF. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3062 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-07-16In the Windows version of tun_finalize, on errors that wouldjames1-1/+6
return -1, set buf->len to 0 rather than -1. While downstream code is set up to consider the buffer invalidated if its length is <= 0, this change makes the code cleaner and safer. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3061 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-07-16Used unlikely() macro to tell compiler that msg() willjames1-1/+1
usually be silent. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3060 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-07-16Added likely() and unlikely() branch prediction hint macrosjames4-21/+68
to syshead.h Introduced BUF_MAX constant to limit struct buffer offset and length values. BUF_MAX has been set to 2^20. Use likely() and unlikely() macros in buffer.h code to allow the compiler to generate more efficient code. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3058 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-07-14Copyright change OpenVPN Solutions LLC -> Telethra, Inc.james153-159/+159
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3048 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-06-13Version 2.1_rc8v2.1_rc8james2-5/+13
On Windows, use -leay32 and -lssl32 to link with OpenSSL. On Windows, bundle pkcs11-helper-1.06-beta1. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2997 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-06-11Updated copyright notice to 2008.james150-152/+152
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2995 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-06-11Updated version & changelog.james4-4/+77
Updated build-pkcs11-helper.sh to build from OpenSSL 0.9.8h. Added pkcs11-related fixes to easy-rsa/2.0/vars. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2994 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-06-11Merged connection profiles fromjames23-582/+1076
http://svn.openvpn.net/projects/openvpn/test/conn git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2993 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-06-11Updated version to 2.1_rc7e.james30-569/+2495
Added client authentication and packet filtering capability to management interface. Extended packet filtering capability to work on both --dev tun and --dev tap tunnels. Updated valgrind-suppress file. Made "Linux ip addr del failed" error nonfatal. Amplified --client-cert-not-required warning. Added #pragma pack to proto.h. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2991 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-06-04Added support for building and linking withjames6-6/+91
openssl-0.9.8h on Windows. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2982 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-06-04Fixed unbounded memory growth bug injames3-2/+18
environmental variable code that could have caused long-running OpenVPN sessions with many TLS renegotiations to incrementally increase memory usage over time. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2981 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-06-04Fixed an issue in extract_x509_field_ssl where the extractionjames1-1/+1
would fail on the first field of the subject name, such as the common name in: /CN=foo/emailAddress=foo@bar.com git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2980 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-06-04In auth-pam authentication module, even when in debug mode,james1-2/+8
never output passwords to stderr. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2979 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-06-04Incremented version to 2.1_rc7d.james26-108/+1210
Support asynchronous authentication by plugins by allowing OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY to return OPENVPN_PLUGIN_FUNC_DEFERRED. See comments in openvpn-plugin.h for documentation. Enabled by ENABLE_DEF_AUTH. Added a simple packet filter functionality that can be driven by a plugin. See comments in openvpn-plugin.h for documentation. Enabled by ENABLE_PF. See openvpn/plugin/defer/simple.c for examples of ENABLE_DEF_AUTH and ENABLE_PF. "TLS Error: local/remote TLS keys are out of sync" is no longer a fatal error for TCP-based sessions, since the error can arise normally in the course of deferred authentication. In a related change, allow packet-id sequence to begin at some number n > 0 for TCP sessions, rather than strictly requiring sequence to begin at 1. Added a test to configure.ac for LoadLibrary function on Windows. Modified "make dist" function to include all files from install-win32 so that ./domake-win can be run from a tarball-expanded directory. setenv and setenv-safe directives may now omit a value argument which defaults to "". git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2978 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-05-25Fixed a bug in plugin.c that caused openvpn_plugin_client_destructor_v1james6-13/+136
to not be called for the top-level "generic" client template. Added additional documentation to openvpn-plugin.h that more clearly illustrates the full sequence and ordering of plugin callbacks (plugin/defer/simple.c was extended to provide the raw data for this documentation). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2973 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-05-24Support asynchronous/deferred authentication injames19-101/+456
OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY plugin handler. See documentation in openvpn-plugin.h and example usage in plugin/defer/simple.c. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2969 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-05-24Did:james0-0/+0
svn propset svn:ignore -F .svnignore . on the modified .svnignore files. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2967 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-05-24Modified .svnignore to only ignore files generatedjames3-46/+18
by the auto* tools and make. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2966 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-05-12Moved branch into official BETA21 position.james90-1274/+2241
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2959 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-03-11Misc XGUI fixes.james4-20/+24
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2836 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-03-11Set tool defaults in pkitool.james1-0/+5
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2835 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-03-10First working version of XGUI inclusion.james10-55/+221
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2834 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-03-05Added new OpenVPN icon and installer graphic.james2-0/+0
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2783 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-02-18Version 2.1_rc7a.james5-12/+15
Minor Windows build system changes: * Fall back to prebuilt-binary if gcc is not available. * Documentation changes in ./domake-win git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2760 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-02-17Clarified tcp-queue-limit man page entryjames1-3/+3
(Matti Linnanvuori). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2750 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-02-17The new function extract_x509_field_ssl tends to breakjames2-1/+14
in early versions of OpenSSL 0.9.6. Now we will fall back to the old function extract_x509_field for OpenSSL 0.9.6. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2749 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-02-17Cleanup IP address for persistence interfaces for tap and also usingjames1-8/+26
ifconfig, gentoo#209055 (Alon Bar-Lev). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2748 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-02-01Changes to Windows build system: added GENOUT_PREBUILT modejames5-15/+86
to allow building an OpenVPN installer with a reduced set of prerequisites. See comments in domake-win for more info. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2711 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-02-01Changes to Windows build system to make it easier to dojames19-195/+248
partial builds, where only a subset of OpenVPN installer components are built. See ./domake-win comments. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2710 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-01-30Version 2.1_rc7v2.1_rc7james2-1/+8
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2702 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-01-26Fixup null interface on close, don't use ip addr flushjames1-9/+16
(Alon Bar-Lev). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2683 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-01-25Added a few extra files that exist in the svn repojames2-2/+6
but were not being copied into the tarball by make dist. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2674 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-01-24VERSION 2.1_rc6v2.1_rc6james2-1/+8
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2666 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-01-24Fixed pkcs11_private_mode undef.james1-1/+1
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2664 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-01-23VERSION 2.1_rc5v2.1_rc5james5-39/+138
Updated ChangeLog. Cleaned up start menu shortcuts in the Windows installer. Make sure that the uninstaller deletes SAMPCONF files. Minor uninstaller fixes to prevent files from being left behind after uninstall. Updated Windows notes. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2660 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-01-23Forgot to put struct WIN2K_NDIS_MINIPORT_BLOCK outsidejames1-4/+4
of #if ENABLE_NONADMIN block. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2658 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-01-23Squashed Win2K TAP bug that was introduced by Vista fixes.james3-88/+106
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2657 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-01-23Incremented TAP version number to 9.4.james2-8/+29
Added SAMPCONF macros to settings.in and openvpn.nsi to allow a default configuration to be loaded by the installer. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2656 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-01-23Added --management-forget-disconnect option -- forgetjames6-1/+36
passwords when management session disconnects (Alon Bar-Lev). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2652 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-01-22Upgraded TAP build scripts to use WDK 6001.17121james8-11/+20
(Windows 2008 Server pre-RTM). Fixed typo of DESC_SecPKCS11DLLs in openvpn.nsi. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2651 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-01-22Incremented version number to 2.1_rc4a.james7-14/+81
Windows changes: Incremented included OpenSSL version to openssl-0.9.7m. Updated openssl.patch for openssl-0.9.7m and added some brief usage comments to the head of the patch. Added build-pkcs11-helper.sh for building the pkcs11-helper library. Integrated inclusion of pkcs11-helper into Windows build system. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2649 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-01-21Changed ASSERT(0) to a more descriptive fatal error in tun.cjames1-1/+1
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2641 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-01-21Fixed --disable-iproute2 in ./configure to actually disablejames1-1/+1
iproute2 usage (Alon Bar-Lev). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2640 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-01-21Allow OpenVPN to run completely unprivileged under Linuxjames9-10/+100
by allowing openvpn --mktun to be used with --user and --group to set the UID/GID of the tun device node. Also added --iproute option to allow an alternative command to be executed in place of the default iproute2 command (Alon Bar-Lev). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2639 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-01-21Rewrote extract_x509_field and modified COMMON_NAME_CHAR_CLASSjames2-2/+48
to allow forward slash characters ("/") in the X509 common name (Pavel Shramov). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2638 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-01-21Added PLUGIN_LIBDIR preprocessor string to prepend a default pluginjames1-1/+20
directory to the dlopen search list when the user specifies the basename of the plugin only (Marius Tomaschewski). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2637 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-01-21Define ALLOW_NON_CBC_CIPHERS for people who don'tjames1-0/+2
want to use a CBC cipher for OpenVPN's data channel. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2636 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-01-21Simple fix where options->ca_file was used withoutjames1-1/+1
first being checked against NULL. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2635 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-01-21epoll driver in event.c should be prepared to handle anjames1-1/+1
EPOLLHUP event in the same way as it handles EPOLLIN, EPOLLPRI, or EPOLLERR events. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2634 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-01-21Fixed interim memory growth issue in TCP connect loop wherejames1-0/+2
"TCP: connect to %s failed, will try again in %d seconds: %s" is output. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2633 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-01-21Added note about alternative version of easy-rsajames1-1/+9
that supports subjectAltName for multi-domain web certificates. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2632 e7ae566f-a301-0410-adde-c780ea21d3b5
2007-10-26PKCS-11 fixups (Alon Bar-Lev).james1-1/+1
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2438 e7ae566f-a301-0410-adde-c780ea21d3b5
2007-10-22Use pkcs11-helper as external library, can be downloadedjames22-14449/+468
from https://www.opensc-project.org/pkcs11-helper (Alon Bar-Lev). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2418 e7ae566f-a301-0410-adde-c780ea21d3b5
2007-10-22Modified command line and config file parser to allowjames2-4/+20
quoted strings using single quotes ('') (Alon Bar-Lev). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2414 e7ae566f-a301-0410-adde-c780ea21d3b5
2007-10-22Added --management-signal option to signal SIGUSR1 when the managementjames6-1/+37
interface disconnects (Alon Bar-Lev). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2413 e7ae566f-a301-0410-adde-c780ea21d3b5
2007-10-22Add "forget-passwords" command to the management interface (Alon Bar-Lev).james2-0/+23
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2412 e7ae566f-a301-0410-adde-c780ea21d3b5
2007-08-17AUTO_USERID feature -- if the auth-user-pass option is usedjames3-3/+5
with some argument ARG, then -ARG will be appended to the username string that is sent to the server. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2259 e7ae566f-a301-0410-adde-c780ea21d3b5
2007-08-14config-win32.h and install-win32/openvpn.nsi are no longer generatedjames1-1/+1
(i.e. they are now original sources), therefore doclean should not delete them. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2249 e7ae566f-a301-0410-adde-c780ea21d3b5
2007-07-18updated iconjames1-0/+0
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2120 e7ae566f-a301-0410-adde-c780ea21d3b5
2007-06-11Fixed a variable declaration that wasn't at the startjames1-2/+4
of a block. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2026 e7ae566f-a301-0410-adde-c780ea21d3b5
2007-04-26script comment changesjames2-1/+3
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1900 e7ae566f-a301-0410-adde-c780ea21d3b5
2007-04-25Version 2.1_rc4v2.1_rc4james2-1/+10
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1881 e7ae566f-a301-0410-adde-c780ea21d3b5
2007-04-25Fixed 64-bit portability bug in time_string function (Thomas Habets).james1-1/+2
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1880 e7ae566f-a301-0410-adde-c780ea21d3b5
2007-04-25misc Windows build system changesjames6-6/+24
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1875 e7ae566f-a301-0410-adde-c780ea21d3b5
2007-04-25TAP driver now passes signing tests on Vista x64.james36-315/+431
Added new settings to settings.in to better control build process. Removed some unneeded JYFIXMEs from source code. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1874 e7ae566f-a301-0410-adde-c780ea21d3b5
2007-04-23Forgot to add changelog item about OpenVPN GUI beingjames1-1/+5
included in 2.1-rc3. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1869 e7ae566f-a301-0410-adde-c780ea21d3b5
2007-04-23Version 2.1_rc3v2.1_rc3james2-1/+21
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1868 e7ae566f-a301-0410-adde-c780ea21d3b5
2007-04-22Version is now specified in version.m4 for bothjames19-92/+204
unix and windows versions. Reworked the Windows build scripting system, with settings (other than version #) specified in settings.in. Moved the native scripting grammar as defined by trans.pl away from NSIS and to something more generic. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1867 e7ae566f-a301-0410-adde-c780ea21d3b5
2007-04-21Moved OpenVPN version number from configure.acjames2-1/+4
to version.m4 git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1866 e7ae566f-a301-0410-adde-c780ea21d3b5
2007-04-21Added a Windows README file to the installer thanjames2-3/+20
contains quick-start instructions. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1864 e7ae566f-a301-0410-adde-c780ea21d3b5
2007-04-21Added OpenVPN GUI (Mathias Sundman version) as installjames2-2/+36
option in Windows installer. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1863 e7ae566f-a301-0410-adde-c780ea21d3b5
2007-04-21The easy-rsa directory installed by the windows installer comes with thejames3-0/+24
old easy-rsa 1.0 files. (even current openvpn-2.1_rc2-install.exe) This bug is not that critical, but it is annoying that easy-rsa still creates server certificates without extended key usage per default (openssl.cnf), making the windows user wonder about error messages if the recommended "remote-cert-tls" option is used. (In this case simply copying the openssl.cnf from the 2.0 directory did the job, for regular usage the path to opensc in the newly added pkcs11 section should be changed). And if possible please add the following three files to the "Windows" directory if easy-rsa. They allow to build password protected versions of the keys (I just copied the files and remove the "-nodes" parameter). Except of build-key-server-pass.bat i think that they are vital for security (e.g. the key files are in an unencrypted directory and physical access is possible). -- Daniel Zauft git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1862 e7ae566f-a301-0410-adde-c780ea21d3b5
2007-04-21Clean up configure on FreeBSD for recent autotool versions thatjames2-7/+39
require that all .h files have to be compiled. Also, FreeBSD install does not support GNU long options which the Makefile in easy-rsa/2.0 uses (not checked the others as we don't install those on Gentoo) -- Roy Marples git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1861 e7ae566f-a301-0410-adde-c780ea21d3b5
2007-04-19Use Server 2003 rather than Vista as x64 target for tap/tapinstall.james4-8/+4
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1853 e7ae566f-a301-0410-adde-c780ea21d3b5
2007-04-19Updated build system and tap driver to work withjames9-28/+42
version 5600 of the Windows DDK. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1851 e7ae566f-a301-0410-adde-c780ea21d3b5
2007-04-14Added options to version.nsi that allow prebuiltjames3-4/+35
amd64 tap/tapinstall to be specified. Verify that tapinstall directory exists before trying to build it. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1838 e7ae566f-a301-0410-adde-c780ea21d3b5
2007-03-16Revert r1773james4-11/+13
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1776 e7ae566f-a301-0410-adde-c780ea21d3b5
2007-03-08Don't build special x64 version of tapinstall.exejames4-13/+11
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1773 e7ae566f-a301-0410-adde-c780ea21d3b5
2007-03-07Windows TAP driver license text changes.james19-168/+174
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1764 e7ae566f-a301-0410-adde-c780ea21d3b5
2007-03-07Cleaned up Windows build scripts.james13-113/+234
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1763 e7ae566f-a301-0410-adde-c780ea21d3b5
2007-03-06Forgot to svn add buildinstaller before last commit.james1-0/+6
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1762 e7ae566f-a301-0410-adde-c780ea21d3b5
2007-03-06./domake-win will now do a full build of the installerjames3-2/+35
from source. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1761 e7ae566f-a301-0410-adde-c780ea21d3b5
2007-03-06Added maketapinstall.james6-15/+83
Added makebin to build bin directory. Modified openvpn.nsi to read distribution files from the new locations. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1760 e7ae566f-a301-0410-adde-c780ea21d3b5
2007-03-06Added maketap and signtap scripts.james3-0/+62
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1759 e7ae566f-a301-0410-adde-c780ea21d3b5
2007-03-06Added service configuration to install-win32/winconfigjames2-0/+17
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1758 e7ae566f-a301-0410-adde-c780ea21d3b5
2007-03-06Changes to Windows build environment, to allow straightforward buildingjames16-437/+106
directly from an svn checkout or export. install-win32/version.nsi contains high-level version info. The script install-win32/winconfig should be run initially to set up build configuration files. Then make can be executed as such: . autodefs/nsidefs.sh make -f makefile.w32 -j 2 git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1757 e7ae566f-a301-0410-adde-c780ea21d3b5
2007-03-05Allow installation of TAP-Win64james3-15/+15
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1755 e7ae566f-a301-0410-adde-c780ea21d3b5
2007-03-05TAP driver fix for Vista x64 BSOD.james4-4/+21
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1754 e7ae566f-a301-0410-adde-c780ea21d3b5
2007-03-05Include tap.cat (TAP driver catalog file) in Windowsjames3-3/+5
installer. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1753 e7ae566f-a301-0410-adde-c780ea21d3b5
2007-02-28Version 2.1_rc2 releasedv2.1_rc2james2-1/+64
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1750 e7ae566f-a301-0410-adde-c780ea21d3b5
2007-02-28On Windows, revert to "ip-win32 dynamic" as the default.james1-1/+1
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1749 e7ae566f-a301-0410-adde-c780ea21d3b5
2007-02-28Worked around an incompatibility in the Windows Vistajames1-7/+25
version of CreateIpForwardEntry as described in http://www.nynaeve.net/?p=59 This issue would cause route additions using the IP Helper API to fail on Vista. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1748 e7ae566f-a301-0410-adde-c780ea21d3b5
2007-02-27The Windows version will now use a default route-delayjames1-1/+1
of 5 seconds to deal with an apparent routing table race condition on Vista. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1747 e7ae566f-a301-0410-adde-c780ea21d3b5
2007-02-27Renamed TAP-Win32 driver from tap0801.sys to tap0901.sysjames12-88/+232
to reflect the fact that Vista has blacklisted the tap0801.sys file name due to previous compatibility issues which have now been resolved. TAP-Win32 major/minor version number is now 9/1. Windows installer will delete a previously installed tap0801.sys TAP driver before installing tap0901.sys. Added code to Windows installer to fail gracefully on 64 bit installs until 64-bit TAP driver issues can be resolved. Added code to Windows installer to fail gracefully on versions of Windows which are not explicitly supported. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1746 e7ae566f-a301-0410-adde-c780ea21d3b5
2006-12-24--reneg-sec clarification in man page.james1-0/+13
Should be added to 2.0.x branch as well. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1606 e7ae566f-a301-0410-adde-c780ea21d3b5
2006-12-05Interim snapshot 2.1_rc1cjames1-1/+1
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1541 e7ae566f-a301-0410-adde-c780ea21d3b5
2006-11-23updated valgrind-suppress for OpenSSL 0.9.8james1-228/+40
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1494 e7ae566f-a301-0410-adde-c780ea21d3b5
2006-11-23Fixed issue where struct env_set methods thatjames4-4/+40
change the value of an existing name=value pair would delay the freeing of the memory held by the previous name=value pair until the underlying client instance object is closed. This could cause a server that handles long-term client connections, resulting in many periodic calls to verify_callback, to needlessly grow the env_set memory allocation until the underlying client instance object is closed. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1493 e7ae566f-a301-0410-adde-c780ea21d3b5
2006-11-13Interim snapshot 2.1_rc1bjames1-1/+1
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1461 e7ae566f-a301-0410-adde-c780ea21d3b5
2006-11-13Revert TAP-Win64 binaries to tapbin64-0801james1-2/+4
in prebuild script. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1460 e7ae566f-a301-0410-adde-c780ea21d3b5
2006-11-13New try at AUTO_USERID.james9-2/+236
Implemented AUTO_USERID using MD5(MAC address(primary network adapter)). Currently implemented for Linux and Windows. Basically if ENABLE_AUTO_USERID is defined, the --auth-user-pass option will not prompt for username/password, but will rather generate a unique username and blank password. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1459 e7ae566f-a301-0410-adde-c780ea21d3b5
2006-11-13Attempt at rational signal handling when in thejames4-11/+69
management hold state. During management hold, ignore SIGUSR1/SIGHUP signals thrown with the "signal" command. Also, "signal" command will now apply remapping as specified with the --remap-usr1 option. When a signal entered using the "signal" command from a management hold is ignored, output: >HOLD:Waiting for hold release git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1458 e7ae566f-a301-0410-adde-c780ea21d3b5
2006-11-10Backed out AUTO_USERID feature introduced in r1436.james4-48/+4
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1449 e7ae566f-a301-0410-adde-c780ea21d3b5
2006-11-09Fixed issue where OpenVPN does not apply the --txqueuelen optionjames3-3/+5
to persistent interfaces made with --mktun (Roy Marples). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1447 e7ae566f-a301-0410-adde-c780ea21d3b5
2006-11-08Interim snapshot 2.1_rc1ajames1-1/+1
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1441 e7ae566f-a301-0410-adde-c780ea21d3b5
2006-11-08Added time_ascii, time_duration, and time_unixjames4-8/+63
environmental variables for plugins and callback scripts. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1440 e7ae566f-a301-0410-adde-c780ea21d3b5
2006-11-08Added #ifdefed out AUTO_USERID feature.james4-4/+48
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1436 e7ae566f-a301-0410-adde-c780ea21d3b5
2006-11-08PROTO_TCPv4 is never used as an index intojames2-5/+8
proto_overhead, however this should be fixed. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1434 e7ae566f-a301-0410-adde-c780ea21d3b5
2006-11-02Fixed typo in tapdrvr.c -- the fix is functionally cosmeticjames1-1/+1
because NdisFreeSpinLock is a null macro. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1429 e7ae566f-a301-0410-adde-c780ea21d3b5
2006-11-01SO_REUSEADDR should not be set on Windows TCP sockets becausejames1-0/+2
it will cause bind to succeed on port conflicts. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1428 e7ae566f-a301-0410-adde-c780ea21d3b5
2006-11-01Prevent SIGUSR1 or SIGHUP from causing programjames4-1/+28
exit from initial management hold. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1427 e7ae566f-a301-0410-adde-c780ea21d3b5
2006-11-01auth-pam change: link with -lpam ratherjames2-3/+2
than dlopen (Roy Marples). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1421 e7ae566f-a301-0410-adde-c780ea21d3b5
2006-11-01Merged Alon's branch:v2.1_rc1james7-36/+88
svn merge -r1322:1392 https://svn.openvpn.net/projects/openvpn/contrib/alon/21rc/openvpn . Version 2.1_rc1 released git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1420 e7ae566f-a301-0410-adde-c780ea21d3b5
2006-10-01Version 2.1_beta16 releasedjames1-1/+1
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1335 e7ae566f-a301-0410-adde-c780ea21d3b5
2006-10-01For Windows build, updated OpenSSL to 0.9.7l.james4-7/+47
Added small OpenSSL patch to be applied prior to Windows build. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1328 e7ae566f-a301-0410-adde-c780ea21d3b5
2006-09-21Documented --socket-flags and the TCP_NODELAY flag.james1-0/+17
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1276 e7ae566f-a301-0410-adde-c780ea21d3b5
2006-09-14ChangeLog edits for r1229 and r1230.james1-0/+13
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1231 e7ae566f-a301-0410-adde-c780ea21d3b5
2006-09-14Fixed bug in loopback self-test introducedjames2-2/+2
in 2.1-beta15 where self test as invoked by "make check" would not properly exit after 2 minutes (Paul Howarth). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1230 e7ae566f-a301-0410-adde-c780ea21d3b5
2006-09-14TAP-Win32 fixes to run on Windows Vista.james11-31/+320
Modified installer to detect 32-bit vs. 64 bit Windows and install the correct TAP driver. TAP-Win32 version number is at 8.4. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1229 e7ae566f-a301-0410-adde-c780ea21d3b5
2006-09-12Version 2.1_beta15 releasedjames3-2/+49
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1226 e7ae566f-a301-0410-adde-c780ea21d3b5
2006-07-03Comment about assertion being hit.james1-1/+1
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1079 e7ae566f-a301-0410-adde-c780ea21d3b5
2006-06-30Fixed bug introduced with the --port-share directivejames1-1/+1
back in r893 which causes TLS soft resets (1 per hour by default) in TCP server mode to force a blockage of tunnel packets and later time-out and restart the connection. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1076 e7ae566f-a301-0410-adde-c780ea21d3b5
2006-06-29pkcs11 changes:james2-17/+28
-r 1046:1053 https://svn.openvpn.net/projects/openvpn/contrib/alon/BETA21 1. Modified ssl.c to not FATAL and return to init.c so auth-retry will work. 2. Modifed pkcs11-helper.c to fix some problem with multiple providers. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1070 e7ae566f-a301-0410-adde-c780ea21d3b5
2006-06-29Added two new management states:james4-7/+39
OPENVPN_STATE_RESOLVE -- DNS lookup */ OPENVPN_STATE_TCP_CONNECT -- Connecting to TCP server Echo management state change to log. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1068 e7ae566f-a301-0410-adde-c780ea21d3b5
2006-06-28Minor syshead.h change for NetBSD to allowjames1-0/+4
TCP_NODELAY flag to work. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1060 e7ae566f-a301-0410-adde-c780ea21d3b5