aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2010-04-19The man page does not mention that the default value of "mssfix" is 1450.Davide Brini1-1/+2
Signed-off-by: Davide Brini <dave_br@gmx.com> Signed-off-by: David Sommerseth <dazo@users.sourceforge.net> Acked-by: David Sommerseth <dazo@users.sourceforge.net>
2010-04-19Fixed potential NULL pointer issueDavid Sommerseth1-1/+1
If create_temp_file() returns NULL, this strlen() check would cause a SEGV. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net> Acked-by: Gert Doering <gert@greenie.muc.de>
2010-04-19Removed no longer needed delete_file() callDavid Sommerseth1-1/+0
Fabian Knittel noticed that this delete_file() calls should have been removed in commit 5d30273a8741d2c1410bfdbc08b341398bf39b40 Signed-off-by: David Sommerseth <dazo@users.sourceforge.net> Acked-by: Gert Doering <gert@greenie.muc.de>
2010-04-19Updated the man page to reflect the behavioural change of create_temp_file()David Sommerseth1-1/+1
As this function now creates the temp file, it is no longer 'not-yet-created', but 'freshly created'. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net> Acked-by: Gert Doering <gert@greenie.muc.de>
2010-04-19Renamed all calls to create_temp_filename()David Sommerseth4-37/+53
All places where create_temp_filename() was called are now calling create_temp_file(). Extra checks on the result of create_temp_file() is added in addition. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net> Acked-by: Gert Doering <gert@greenie.muc.de>
2010-04-19Harden create_temp_filename() (version 2)David Sommerseth2-16/+48
By hardening the create_temp_filename() function to check if the generated filename exists and to create the temp file with only S_IRUSR|S_IWUSR bit files set before calling the script, it should become even more difficult to exploit such a scenario. After a discussion on the mailing list, Fabian Knittel provided an enhanced version of the inital patch which is added to this patch. This patch also renames create_temp_filename() to create_temp_file(), as this patch also creates the temporary file. The function returns the filename of the created file, or NULL on error. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net> Signed-off-by: Fabian Knittel <fabian.knittel@avona.com> Acked-by: Gert Doering <gert@greenie.muc.de>
2010-04-19Merge branch 'master' into bugfix2.1David Sommerseth7-13/+161
2010-04-17Merge branch 'svn-BETA21'David Sommerseth7-13/+161
2010-04-17Minor change to doclean script:James Yonan1-1/+0
Don't delete config-win32.h, because this is now a true source file and no longer a generated file. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5558 e7ae566f-a301-0410-adde-c780ea21d3b5
2010-04-16Management interface performance optimizations:James Yonan6-12/+161
* Added env-filter MI command to perform filtering on env vars passed through as a part of --management-client-auth * man_write will now try to aggregate output into larger blocks (up to 1024 bytes) for more efficient i/o Version 2.1.1f git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5557 e7ae566f-a301-0410-adde-c780ea21d3b5
2010-04-08Merge remote branch 'origin/master'David Sommerseth0-0/+0
2010-04-08Make use of counter_type instead of int when counting bytes and network packetsDavid Sommerseth2-3/+4
This is in response to a reported Debian bug, where the connection counter overflows. <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=576827> Signed-off-by: David Sommerseth <dazo@users.sourceforge.net> Acked-by: Gert Doering <gert@greenie.muc.de>
2010-04-08Added mapping files from SVN commit ID to more descriptive commit IDs.David Sommerseth2-0/+2
Unfortunately, this will not rewrite the commit history. So all commits done by james@e7ae566f-a301-0410-adde-c780ea21d3b5 is James Yonans commits. It was considered to risky to use git tools to rewrite the commit history, as it could influence those already using this git tree.
2010-04-01Merge remote branch 'origin/bugfix2.1' into bugfix2.1David Sommerseth0-0/+0
2010-04-01Merge remote branch 'origin/master' with SVNDavid Sommerseth0-0/+0
2010-04-01When I began testing OpenVPN v2.1_rc9 I was having trouble authenticating to ↵Daniel Johnson1-7/+35
the MS Active Directory through auth-pam and Samba. I used the following line in my configs (without the linebreak of course): plugin /opt/openvpn/openvpn-auth-pam.so "openvpn login OURDOMAIN+USERNAME password PASSWORD" Finally I turned on more verbose logging and found that the plugin did not recognize "USERNAME" as something to replace, because it expected the string to be surrounded by whitespace. I wrote the following patch to correct this. I hope you find it useful, Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
2010-04-01Debian patch: Fix spelling in log messageAlberto Gonzalez Iniesta1-1/+1
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net> Acked-by: David Sommerseth <dazo@users.sourceforge.net>
2010-04-01Fix autotools cross-compiling supportDavid Sommerseth2-22/+21
This is a modified version of a patch sent to the sf.net patch tracker: <http://sourceforge.net/tracker/?func=detail&aid=2491190&group_id=48978&atid=454721> After having disucssed this patch on IRC (#openvpn-discussions) March 4, 2010, it was decided to accept this patch when not modifying TARGET_* defines through out the code. Further, in a mail comment Alon Bar-Lev had some other comments of what would be needed to be done. Mail reference: <http://thread.gmane.org/gmane.network.openvpn.devel/3176> This patch has been tested by bootstrapping the code on a RHEL4.6 box. with the following autotools packages installed: autoconf-2.59-5 automake-1.9.2-3 libtool-1.5.6-4.EL4.2 It builds cleanly and 'make check' passes. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net> Acked-by: James Yonan <james@openvpn.net> Acked-by: Alon Bar-Lev <alon.barlev@gmail.com>
2010-04-01On TARGET_LINUX define _GNU_SOURCE if not definedDavid Sommerseth1-0/+4
This is to include peercred support on hosts where _GNU_SOURCE is not defined by default. This issue has been found on Gentoo with glibc-2.8. The solution was discussed on the IRC meeting March 4, 2010 in #openvpn-discussions. <http://thread.gmane.org/gmane.network.openvpn.devel/3242> Signed-off-by: David Sommerseth <dazo@users.sourceforge.net> Acked-by: James Yonan <james@openvpn.net>
2010-04-01The man page needs dash escaping in UTF-8 environmentsJan Brinkmann1-806/+806
There was a debian bugreport which was filed in 2005 . It was patched but it seems that nobody forwarded the patch to the openvpn project itself. The problem is quite simple: The dashes for options (the double dashes) are not escaped. This causes trouble in relationship with utf-8 . Since the bugreport was closed it was patched within the debian/ubuntu packages itself. I've attached the patch to get it atleast reviewed by the openvpn project itself. See <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=296133> for details. sf.net tracker: <https://sourceforge.net/tracker/?func=detail&aid=2935611&group_id=48978&atid=454721> Signed-off-by: David Sommerseth <dazo@users.sourceforge.net> Tested-by: Jan Just Keijser <janjust@nikhef.nl> Tested-by: Pavel Shramov <shramov@mexmat.net> Tested-by: Samuli Seppänen <samuli@openvpn.net>
2010-04-01bash->bourne script cleanupDan Nelson17-17/+17
Many of the scripts in the openvpn source have their shell set to /bin/bash, but only two use bash features. The attached patch (against openvpn-2.1_rc9) sets the shell on the rest of the scripts to /bin/sh for better portability. The only scripts that actually require bash are contrib/pull-resolv-conf/client.{up,down} ; they use the ${!var} variable indirection feature. sf.net tracker: <https://sourceforge.net/tracker/?func=detail&aid=2040296&group_id=48978&atid=454721> Discussed on the IRC meeting March 4, 2010 in #openvpn-discussions. <http://thread.gmane.org/gmane.network.openvpn.devel/3242> Signed-off-by: David Sommerseth <dazo@users.sourceforge.net> Acked-by: James Yonan <james@openvpn.net>
2010-04-01Allow 'lport 0' setup for random port bindingEnrico Scholz1-1/+1
I am running a multihomed host where 'local <extip>' must be specified for proper operation. Unfortunately, this implies 'lport 1194' or another static port. This causes problems with stateful firewalls which register the host/port pairs in the internal connection tracking table. On ungraceful reconnects, the new TCP connection will have same the host/port pairs but unexpected sequence numbers. The new connection will be assumed as invalid hence and be dropped. It would be nice when local port can be configured to be bound to a random port number. After reading code, | else if (streq (p[0], "lport") && p[1]) | ... | port = atoi (p[1]); |- if (!legal_ipv4_port (port)) |+ if (port != 0 && !legal_ipv4_port (port)) | { in options.c seems to be the only required change. This has been discussed here: <http://thread.gmane.org/gmane.network.openvpn.user/28622> Signed-off-by: David Sommerseth <dazo@users.sourceforge.net> Acked-by: Gert Doering <gert@greenie.muc.de>
2010-04-01remove duplicate code in FREEBSD+DRAGONFLY system-dependent ifconfigGert Doering1-14/+3
(ACKed by Eric F Crist and David Sommerseth) (cherry picked from commit dd66b12647852e3f1267be70b0fb3b11deedf377) Signed-off-by: David Sommerseth <dazo@users.sourceforge.net> Signed-off-by: Gert Doering <gert@greenie.muc.de>
2010-04-01verb 5 logging wrongly reports received bytesDavid Sommerseth1-2/+2
With --verb 5, openvpn logs a single letter (rwRW) for each package received or sent. I recently ran into a problem with the tun device on Linux where the read from that device returned 0. Unfortunately this was also logged as "r", which made me assume that openvpn had received something, while it actually hadn't. (See https://dev.openwrt.org/ticket/6650 for the bug that made me find out about this problem with openvpn.) I'm attaching a patch which prevents openvpn from logging "r" or "R" when it didn't actually read anything. This is against openvpn 2.1-rc20, but probably still applies to the most recent version. This patch was received anonymously via the sf.net bug tracker: <http://sourceforge.net/tracker/?func=detail&atid=454719&aid=2951003&group_id=48978> Signed-off-by: David Sommerseth <dazo@users.sourceforge.net> Acked-by: David Sommerseth <dazo@users.sourceforge.net> Acked-by: Gert Doering <gert@greenie.muc.de>
2010-04-01[PATCH] Change verify-cn so cn is no longer hardcoded in openvpn's config fileKarl O. Pinc1-15/+27
This patch should be easy to process. A resubmission of the patch sent to this list on 04/23/2009. The patch changes the verify-cn script sample to be used with --tls-verify so that instead of having to hardcode a cn to verify in the OpenVPN configuration file the allowed cns may be written into a separate file. This makes the process of verifying cns a whole lot more dynamic, to the point where it is useful in the real world. One problem with this patch is that it is backwards incompatible. I did not bother keeping the original calling interface as A) it's a sample script, and B) the original's functionality seems useless and equalivant functionality is easily available with the new script. The problem with the original is that there seems little point in verifying a client's cn when all the clients share one cn, as would have to be the case when the cn is hardcoded into the openvpn config file. This patch applies against the testing allmiscs branch, and should apply against any of the other testing branches as well. It works for me. I've tested it throughly but not used it extensively in production. Regards, Karl <kop@meme.com> Signed-off-by: David Sommerseth <dazo@users.sourceforge.net> Acked-by: Gert Doering <gert@greenie.muc.de> Acked-by: Eric F Crist <ecrist@secure-computing.net>
2010-04-01Do not randomize resolving of IP addresses in getaddr()David Sommerseth1-3/+2
Based on a discussion on the mailing list and in the IRC meeting Feb 18, it was decided to remove get_random() from the getaddr() function as that can conflict with round-robin/randomization done by DNS servers. This change must be documented in the release notes. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
2010-04-01Added mapping files from SVN commit ID to more descriptive commit IDs.David Sommerseth2-0/+2
Unfortunately, this will not rewrite the commit history. So all commits done by james@e7ae566f-a301-0410-adde-c780ea21d3b5 is James Yonans commits. It was considered to risky to use git tools to rewrite the commit history, as it could influence those already using this git tree.
2010-03-31Updated MSVC build scripts to Visual Studio 2008:James Yonan17-530/+491
python msvc\config.py nmake /f msvc\msvc.mak Version 2.1.1e git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5516 e7ae566f-a301-0410-adde-c780ea21d3b5
2010-03-30Merge remote branch 'origin/master' and latest SVN updateDavid Sommerseth0-0/+0
2010-03-30When I began testing OpenVPN v2.1_rc9 I was having trouble authenticating to ↵Daniel Johnson1-7/+35
the MS Active Directory through auth-pam and Samba. I used the following line in my configs (without the linebreak of course): plugin /opt/openvpn/openvpn-auth-pam.so "openvpn login OURDOMAIN+USERNAME password PASSWORD" Finally I turned on more verbose logging and found that the plugin did not recognize "USERNAME" as something to replace, because it expected the string to be surrounded by whitespace. I wrote the following patch to correct this. I hope you find it useful, Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
2010-03-30Added mapping files from SVN commit ID to more descriptive commit IDs.David Sommerseth2-0/+2
Unfortunately, this will not rewrite the commit history. So all commits done by james@e7ae566f-a301-0410-adde-c780ea21d3b5 is James Yonans commits. It was considered to risky to use git tools to rewrite the commit history, as it could influence those already using this git tree.
2010-03-30Set socket buffers (SO_SNDBUF and SO_RCVBUF) immediately afterJames Yonan2-4/+5
socket is created rather than waiting until after connect/listen. Version 2.1.1d git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5514 e7ae566f-a301-0410-adde-c780ea21d3b5
2010-03-30Set socket buffers (SO_SNDBUF and SO_RCVBUF) immediately afterjames2-4/+5
socket is created rather than waiting until after connect/listen. Version 2.1.1d git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5514 e7ae566f-a301-0410-adde-c780ea21d3b5
2010-03-19Version 2.1.1cjames2-2/+2
Enable exponential backoff in reliability layer retransmits. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5490 e7ae566f-a301-0410-adde-c780ea21d3b5
2010-03-17Version 2.1.1cJames Yonan2-2/+2
Enable exponential backoff in reliability layer retransmits. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5490 e7ae566f-a301-0410-adde-c780ea21d3b5
2010-03-17Version 2.1.1cjames2-2/+2
Enable exponential backoff in reliability layer retransmits. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5490 e7ae566f-a301-0410-adde-c780ea21d3b5
2010-03-16Debian patch: Fix spelling in log messageAlberto Gonzalez Iniesta1-1/+1
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net> Acked-by: David Sommerseth <dazo@users.sourceforge.net>
2010-03-16Fix autotools cross-compiling supportDavid Sommerseth2-22/+21
This is a modified version of a patch sent to the sf.net patch tracker: <http://sourceforge.net/tracker/?func=detail&aid=2491190&group_id=48978&atid=454721> After having disucssed this patch on IRC (#openvpn-discussions) March 4, 2010, it was decided to accept this patch when not modifying TARGET_* defines through out the code. Further, in a mail comment Alon Bar-Lev had some other comments of what would be needed to be done. Mail reference: <http://thread.gmane.org/gmane.network.openvpn.devel/3176> This patch has been tested by bootstrapping the code on a RHEL4.6 box. with the following autotools packages installed: autoconf-2.59-5 automake-1.9.2-3 libtool-1.5.6-4.EL4.2 It builds cleanly and 'make check' passes. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net> Acked-by: James Yonan <james@openvpn.net> Acked-by: Alon Bar-Lev <alon.barlev@gmail.com>
2010-03-16Merge remote branch 'origin/bugfix2.1' into bugfix2.1David Sommerseth0-0/+0
2010-03-16Merge remote branch 'origin/master'David Sommerseth0-0/+0
2010-03-16On TARGET_LINUX define _GNU_SOURCE if not definedDavid Sommerseth1-0/+4
This is to include peercred support on hosts where _GNU_SOURCE is not defined by default. This issue has been found on Gentoo with glibc-2.8. The solution was discussed on the IRC meeting March 4, 2010 in #openvpn-discussions. <http://thread.gmane.org/gmane.network.openvpn.devel/3242> Signed-off-by: David Sommerseth <dazo@users.sourceforge.net> Acked-by: James Yonan <james@openvpn.net>
2010-03-16The man page needs dash escaping in UTF-8 environmentsJan Brinkmann1-806/+806
There was a debian bugreport which was filed in 2005 . It was patched but it seems that nobody forwarded the patch to the openvpn project itself. The problem is quite simple: The dashes for options (the double dashes) are not escaped. This causes trouble in relationship with utf-8 . Since the bugreport was closed it was patched within the debian/ubuntu packages itself. I've attached the patch to get it atleast reviewed by the openvpn project itself. See <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=296133> for details. sf.net tracker: <https://sourceforge.net/tracker/?func=detail&aid=2935611&group_id=48978&atid=454721> Signed-off-by: David Sommerseth <dazo@users.sourceforge.net> Tested-by: Jan Just Keijser <janjust@nikhef.nl> Tested-by: Pavel Shramov <shramov@mexmat.net> Tested-by: Samuli Seppänen <samuli@openvpn.net>
2010-03-16bash->bourne script cleanupDan Nelson17-17/+17
Many of the scripts in the openvpn source have their shell set to /bin/bash, but only two use bash features. The attached patch (against openvpn-2.1_rc9) sets the shell on the rest of the scripts to /bin/sh for better portability. The only scripts that actually require bash are contrib/pull-resolv-conf/client.{up,down} ; they use the ${!var} variable indirection feature. sf.net tracker: <https://sourceforge.net/tracker/?func=detail&aid=2040296&group_id=48978&atid=454721> Discussed on the IRC meeting March 4, 2010 in #openvpn-discussions. <http://thread.gmane.org/gmane.network.openvpn.devel/3242> Signed-off-by: David Sommerseth <dazo@users.sourceforge.net> Acked-by: James Yonan <james@openvpn.net>
2010-03-16Allow 'lport 0' setup for random port bindingEnrico Scholz1-1/+1
I am running a multihomed host where 'local <extip>' must be specified for proper operation. Unfortunately, this implies 'lport 1194' or another static port. This causes problems with stateful firewalls which register the host/port pairs in the internal connection tracking table. On ungraceful reconnects, the new TCP connection will have same the host/port pairs but unexpected sequence numbers. The new connection will be assumed as invalid hence and be dropped. It would be nice when local port can be configured to be bound to a random port number. After reading code, | else if (streq (p[0], "lport") && p[1]) | ... | port = atoi (p[1]); |- if (!legal_ipv4_port (port)) |+ if (port != 0 && !legal_ipv4_port (port)) | { in options.c seems to be the only required change. This has been discussed here: <http://thread.gmane.org/gmane.network.openvpn.user/28622> Signed-off-by: David Sommerseth <dazo@users.sourceforge.net> Acked-by: Gert Doering <gert@greenie.muc.de>
2010-03-16remove duplicate code in FREEBSD+DRAGONFLY system-dependent ifconfigGert Doering1-14/+3
(ACKed by Eric F Crist and David Sommerseth) (cherry picked from commit dd66b12647852e3f1267be70b0fb3b11deedf377) Signed-off-by: David Sommerseth <dazo@users.sourceforge.net> Signed-off-by: Gert Doering <gert@greenie.muc.de>
2010-03-16verb 5 logging wrongly reports received bytesDavid Sommerseth1-2/+2
With --verb 5, openvpn logs a single letter (rwRW) for each package received or sent. I recently ran into a problem with the tun device on Linux where the read from that device returned 0. Unfortunately this was also logged as "r", which made me assume that openvpn had received something, while it actually hadn't. (See https://dev.openwrt.org/ticket/6650 for the bug that made me find out about this problem with openvpn.) I'm attaching a patch which prevents openvpn from logging "r" or "R" when it didn't actually read anything. This is against openvpn 2.1-rc20, but probably still applies to the most recent version. This patch was received anonymously via the sf.net bug tracker: <http://sourceforge.net/tracker/?func=detail&atid=454719&aid=2951003&group_id=48978> Signed-off-by: David Sommerseth <dazo@users.sourceforge.net> Acked-by: David Sommerseth <dazo@users.sourceforge.net> Acked-by: Gert Doering <gert@greenie.muc.de>
2010-03-16[PATCH] Change verify-cn so cn is no longer hardcoded in openvpn's config fileKarl O. Pinc1-15/+27
This patch should be easy to process. A resubmission of the patch sent to this list on 04/23/2009. The patch changes the verify-cn script sample to be used with --tls-verify so that instead of having to hardcode a cn to verify in the OpenVPN configuration file the allowed cns may be written into a separate file. This makes the process of verifying cns a whole lot more dynamic, to the point where it is useful in the real world. One problem with this patch is that it is backwards incompatible. I did not bother keeping the original calling interface as A) it's a sample script, and B) the original's functionality seems useless and equalivant functionality is easily available with the new script. The problem with the original is that there seems little point in verifying a client's cn when all the clients share one cn, as would have to be the case when the cn is hardcoded into the openvpn config file. This patch applies against the testing allmiscs branch, and should apply against any of the other testing branches as well. It works for me. I've tested it throughly but not used it extensively in production. Regards, Karl <kop@meme.com> Signed-off-by: David Sommerseth <dazo@users.sourceforge.net> Acked-by: Gert Doering <gert@greenie.muc.de> Acked-by: Eric F Crist <ecrist@secure-computing.net>
2010-03-16Do not randomize resolving of IP addresses in getaddr()David Sommerseth1-3/+2
Based on a discussion on the mailing list and in the IRC meeting Feb 18, it was decided to remove get_random() from the getaddr() function as that can conflict with round-robin/randomization done by DNS servers. This change must be documented in the release notes. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
2010-03-16Added mapping files from SVN commit ID to more descriptive commit IDs.David Sommerseth2-0/+2
Unfortunately, this will not rewrite the commit history. So all commits done by james@e7ae566f-a301-0410-adde-c780ea21d3b5 is James Yonans commits. It was considered to risky to use git tools to rewrite the commit history, as it could influence those already using this git tree.
2010-03-12Modified ">PASSWORD:Verification Failed" management interfaceJames Yonan4-6/+9
notification to include a client reason string: >PASSWORD:Verification Failed: 'AUTH_TYPE' ['REASON_STRING'] git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5468 e7ae566f-a301-0410-adde-c780ea21d3b5
2010-03-12Modified ">PASSWORD:Verification Failed" management interfacejames4-6/+9
notification to include a client reason string: >PASSWORD:Verification Failed: 'AUTH_TYPE' ['REASON_STRING'] git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5468 e7ae566f-a301-0410-adde-c780ea21d3b5
2010-03-12Added stub directive "remote-ip-hint".James Yonan1-0/+5
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5467 e7ae566f-a301-0410-adde-c780ea21d3b5
2010-03-12Added stub directive "remote-ip-hint".james1-0/+5
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5467 e7ae566f-a301-0410-adde-c780ea21d3b5
2010-03-12Trivial fix to proxy.c -- #define proxy auth type as UP_TYPE_PROXY.James Yonan1-1/+3
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5466 e7ae566f-a301-0410-adde-c780ea21d3b5
2010-03-12Trivial fix to proxy.c -- #define proxy auth type as UP_TYPE_PROXY.james1-1/+3
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5466 e7ae566f-a301-0410-adde-c780ea21d3b5
2010-03-10bash->bourne script cleanupDan Nelson17-17/+17
Many of the scripts in the openvpn source have their shell set to /bin/bash, but only two use bash features. The attached patch (against openvpn-2.1_rc9) sets the shell on the rest of the scripts to /bin/sh for better portability. The only scripts that actually require bash are contrib/pull-resolv-conf/client.{up,down} ; they use the ${!var} variable indirection feature. sf.net tracker: <https://sourceforge.net/tracker/?func=detail&aid=2040296&group_id=48978&atid=454721> Discussed on the IRC meeting March 4, 2010 in #openvpn-discussions. <http://thread.gmane.org/gmane.network.openvpn.devel/3242> Signed-off-by: David Sommerseth <dazo@users.sourceforge.net> Acked-by: James Yonan <james@openvpn.net>
2010-03-09Merge remote branch 'origin/master'David Sommerseth0-0/+0
2010-03-09Added mapping files from SVN commit ID to more descriptive commit IDs.David Sommerseth2-0/+2
Unfortunately, this will not rewrite the commit history. So all commits done by james@e7ae566f-a301-0410-adde-c780ea21d3b5 is James Yonans commits. It was considered to risky to use git tools to rewrite the commit history, as it could influence those already using this git tree.
2010-03-06Fixed an issue where if reneg-sec was set to 0 on the client,James Yonan1-2/+5
so that the server-side value would take precedence, the auth_deferred_expire_window function would incorrectly return a window period of 0 seconds. In this case, the correct window period should be the handshake window period. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5464 e7ae566f-a301-0410-adde-c780ea21d3b5
2010-03-06Fixed an issue where if reneg-sec was set to 0 on the client,james1-2/+5
so that the server-side value would take precedence, the auth_deferred_expire_window function would incorrectly return a window period of 0 seconds. In this case, the correct window period should be the handshake window period. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5464 e7ae566f-a301-0410-adde-c780ea21d3b5
2010-03-01Allow 'lport 0' setup for random port bindingEnrico Scholz1-1/+1
I am running a multihomed host where 'local <extip>' must be specified for proper operation. Unfortunately, this implies 'lport 1194' or another static port. This causes problems with stateful firewalls which register the host/port pairs in the internal connection tracking table. On ungraceful reconnects, the new TCP connection will have same the host/port pairs but unexpected sequence numbers. The new connection will be assumed as invalid hence and be dropped. It would be nice when local port can be configured to be bound to a random port number. After reading code, | else if (streq (p[0], "lport") && p[1]) | ... | port = atoi (p[1]); |- if (!legal_ipv4_port (port)) |+ if (port != 0 && !legal_ipv4_port (port)) | { in options.c seems to be the only required change. This has been discussed here: <http://thread.gmane.org/gmane.network.openvpn.user/28622> Signed-off-by: David Sommerseth <dazo@users.sourceforge.net> Acked-by: Gert Doering <gert@greenie.muc.de>
2010-02-28Merge remote branch 'origin/master'David Sommerseth0-0/+0
2010-02-28remove duplicate code in FREEBSD+DRAGONFLY system-dependent ifconfigGert Doering1-14/+3
(ACKed by Eric F Crist and David Sommerseth) (cherry picked from commit dd66b12647852e3f1267be70b0fb3b11deedf377) Signed-off-by: David Sommerseth <dazo@users.sourceforge.net> Signed-off-by: Gert Doering <gert@greenie.muc.de>
2010-02-28Fixed an issue in the Management Interface that could causeJames Yonan1-6/+15
a process hang with 100% CPU utilization in --management-client mode if the management interface client disconnected at the point where credentials are queried. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5458 e7ae566f-a301-0410-adde-c780ea21d3b5
2010-02-26Merge remote branch 'origin/master'David Sommerseth0-0/+0
2010-02-26Merge branch 'master' into bugfix2.1David Sommerseth1-6/+15
2010-02-26Added mapping files from SVN commit ID to more descriptive commit IDs.David Sommerseth2-0/+2
Unfortunately, this will not rewrite the commit history. So all commits done by james@e7ae566f-a301-0410-adde-c780ea21d3b5 is James Yonans commits. It was considered to risky to use git tools to rewrite the commit history, as it could influence those already using this git tree.
2010-02-26Fixed an issue in the Management Interface that could causeJames Yonan1-6/+15
a process hang with 100% CPU utilization in --management-client mode if the management interface client disconnected at the point where credentials are queried. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5458 e7ae566f-a301-0410-adde-c780ea21d3b5
2010-02-26Fixed an issue in the Management Interface that could causejames1-6/+15
a process hang with 100% CPU utilization in --management-client mode if the management interface client disconnected at the point where credentials are queried. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5458 e7ae566f-a301-0410-adde-c780ea21d3b5
2010-02-19verb 5 logging wrongly reports received bytesDavid Sommerseth1-2/+2
With --verb 5, openvpn logs a single letter (rwRW) for each package received or sent. I recently ran into a problem with the tun device on Linux where the read from that device returned 0. Unfortunately this was also logged as "r", which made me assume that openvpn had received something, while it actually hadn't. (See https://dev.openwrt.org/ticket/6650 for the bug that made me find out about this problem with openvpn.) I'm attaching a patch which prevents openvpn from logging "r" or "R" when it didn't actually read anything. This is against openvpn 2.1-rc20, but probably still applies to the most recent version. This patch was received anonymously via the sf.net bug tracker: <http://sourceforge.net/tracker/?func=detail&atid=454719&aid=2951003&group_id=48978> Signed-off-by: David Sommerseth <dazo@users.sourceforge.net> Acked-by: David Sommerseth <dazo@users.sourceforge.net> Acked-by: Gert Doering <gert@greenie.muc.de>
2010-02-18[PATCH] Change verify-cn so cn is no longer hardcoded in openvpn's config fileKarl O. Pinc1-15/+27
This patch should be easy to process. A resubmission of the patch sent to this list on 04/23/2009. The patch changes the verify-cn script sample to be used with --tls-verify so that instead of having to hardcode a cn to verify in the OpenVPN configuration file the allowed cns may be written into a separate file. This makes the process of verifying cns a whole lot more dynamic, to the point where it is useful in the real world. One problem with this patch is that it is backwards incompatible. I did not bother keeping the original calling interface as A) it's a sample script, and B) the original's functionality seems useless and equalivant functionality is easily available with the new script. The problem with the original is that there seems little point in verifying a client's cn when all the clients share one cn, as would have to be the case when the cn is hardcoded into the openvpn config file. This patch applies against the testing allmiscs branch, and should apply against any of the other testing branches as well. It works for me. I've tested it throughly but not used it extensively in production. Regards, Karl <kop@meme.com> Signed-off-by: David Sommerseth <dazo@users.sourceforge.net> Acked-by: Gert Doering <gert@greenie.muc.de> Acked-by: Eric F Crist <ecrist@secure-computing.net>
2010-02-18Do not randomize resolving of IP addresses in getaddr()David Sommerseth1-3/+2
Based on a discussion on the mailing list and in the IRC meeting Feb 18, it was decided to remove get_random() from the getaddr() function as that can conflict with round-robin/randomization done by DNS servers. This change must be documented in the release notes. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
2010-02-16Added mapping files from SVN commit ID to more descriptive commit IDs.David Sommerseth2-0/+2
Unfortunately, this will not rewrite the commit history. So all commits done by james@e7ae566f-a301-0410-adde-c780ea21d3b5 is James Yonans commits. It was considered to risky to use git tools to rewrite the commit history, as it could influence those already using this git tree.
2010-01-16Version 2.1.1bjames1-1/+1
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5371 e7ae566f-a301-0410-adde-c780ea21d3b5
2010-01-16Don't advance the connection list on AUTH_FAILED errors.james1-0/+1
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5370 e7ae566f-a301-0410-adde-c780ea21d3b5
2010-01-16Fixed an issue where AUTH_FAILED was not being properly deliveredjames2-13/+35
to the client when a bad password is given for mid-session reauth. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5369 e7ae566f-a301-0410-adde-c780ea21d3b5
2010-01-12When aborting in a non-graceful way, try to execute do_close_tun injames3-1/+20
init.c prior to daemon exit to ensure that the tun/tap interface is closed and any added routes are deleted. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5367 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-12-11Fixed some breakage in openvpn.spec (which is required to build anv2.1.1james3-2/+12
RPM distribution) where it was referencing a non-existent subdirectory in the tarball, causing it to fail (patch from David Sommerseth). Version 2.1.1. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5269 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-12-11Version 2.1.0v2.1.0james4-2/+19
* Updated ChangeLog. * Note in man page that clients connecting to a --multihome server should always use the --nobind option. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5266 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-12-11Clarified that TAP-Win32 driver is licensed under GPL 2.james19-94/+19
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5265 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-12-11Documented --multihome in the man page.james1-0/+9
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5264 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-12-10Fixed a couple issues in sample plugins auth-pam.c and down-root.c:james2-2/+6
1. Fail gracefully rather than segfault if calloc returns NULL. 2. The openvpn_plugin_abort_v1 function can potentially be called with handle == NULL. Add code to detect this case, and if so, avoid dereferencing pointers derived from handle. (Thanks to David Sommerseth for finding this bug). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5261 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-11-20Version 2.1_rc22v2.1_rc22james2-1/+13
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5169 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-11-19Fixed a client-side bug that occurred when the "dhcp-pre-release"james7-33/+141
or "dhcp-renew" options were combined with "route-gateway dhcp". The problem is that the IP Helper functions for DHCP release and renew are blocking, and so calling them from a single-threaded client stops tunnel traffic forwarding, and hence breaks "route-gateway dhcp" which requires an active tunnel. The fix is to call the IP Helper functions for DHCP release and renew from another process. Version 2.1_rc21b. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5164 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-11-13Increase MAX_CERT_DEPTH to 16 (from 8), and when exceeded,james3-3/+6
make it a hard failure, rather than just a warning. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5159 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-11-12Version 2.1_rc21v2.1_rc21james3-2/+18
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5152 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-10-25Version 2.1_rc20ajames1-1/+1
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5106 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-10-25On server, lock client-provided certs against mid-session TLSjames3-5/+156
renegotiations -- this is similer to how the common name is also locked. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5105 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-10-25Change to doval valgrind script. The openvpn command parameter is nowjames2-1/+14
implied, so new usage is: ./doval [openvpn parms] instead of: ./doval ./openvpn [openvpn parms] git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5104 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-10-24On server, lock session username against changes in mid-session TLSjames2-3/+31
renegotiations -- this is similer to how the common name is also locked. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5098 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-10-16Added "setenv GENERIC_CONFIG" directive, for generic configsjames1-0/+5
that cannot directly be used as a config file. The directive will simply cause OpenVPN to exit with an error if a generic config file is used. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5077 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-10-07Fixed issue where some .svn directories were being inadvertentlyv2.1_rc20james1-1/+1
included in the .tar.gz file built by make dist. Re-released as Version 2.1_rc20 git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5058 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-10-01Version 2.1_rc20james2-1/+51
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5023 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-10-01client-kill management interface command, when issued on server, willjames6-7/+41
now send a RESTART message to client. This feature is intended to make UDP clients respond the same as TCP clients in the case where the server issues a RESTART message in order to force the client to reconnect and pull a new options/route list. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5021 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-10-01Minor fix: management interface shouldn't echo 'load-stats' commands tojames1-1/+1
log file. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5020 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-09-29Added the ability for the server to provide a custom reason stringjames8-14/+84
when an AUTH_FAILED message is returned to the client. This string can be set by the server-side managment interface and read by the client-side management interface. For more info, see management/management-notes.txt, and look for references to "client-reason-text". git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5012 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-09-28Fixed a bug introduced in r4436 (2.1_rc17) where using thejames1-2/+2
redirect-gateway option by itself, without any extra parameters, would cause the option to be ignored. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5011 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-09-28Added --server-poll-timeout option : when polling possible remotejames8-0/+70
servers to connect to in a round-robin fashion, spend no more than n seconds waiting for a response before trying the next server. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5010 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-09-27Eliminated the limitation on the number of options that can be pushedjames16-115/+271
to clients, including routes. Previously, all pushed options needed to fit within a 1024 byte options string. Remember that to make use of this feature to allow many routes to be pushed to clients, the client config file must specify the max-routes option, and the number of pushed routes cannot exceed this limit. Also, both server and client must include this commit. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4991 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-09-17The maximum number of "route" directives (specified in the configjames8-30/+86
file or pulled from a server) can now be configured via the new "max-routes" directive. Previously, the limit was set to 100 and fixed by a compile-time constant. Now the limit is dynamic and can be modified by the "max-routes" directive. If max-routes is not specified, the default limit is 100. Note that this change does not address the maximum size of the pushed options string sent from server to client, which is still controlled by the TLS_CHANNEL_BUF_SIZE compile-time constant. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4967 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-09-16Modified client to send a PUSH_REQUEST message to server 1 secondjames3-5/+14
after connection initiation rather than 0 seconds after. Successive PUSH_REQUEST messages after the first will continue to be sent at 5 second intervals until a response is received. This tends to speed up the client connection sequence by 4 seconds because the first PUSH_REQUEST message is usually sent too soon and is dropped, causing a wait of 5 seconds until the next PUSH_REQUEST message is sent. Version 2.1_rc19d git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4965 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-09-08Updated version number to 2.1_rc19c.james1-1/+1
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4946 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-09-04Added "setcon" directive for interoperability with SELinuxjames6-4/+104
(Sebastien Raveau). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4932 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-08-24Added new ./configure flags:james3-3/+23
--disable-def-auth Disable deferred authentication --disable-pf Disable internal packet filter git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4852 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-08-24Added PLATFORM-SPECIFIC comment tag to platform-specific functionsjames1-4/+4
in route.c to make it easier to spot them. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4851 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-08-23Added "load-stats" management interface command to get globaljames2-0/+27
server load statistics. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4844 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-08-22Added --remote-random-hostname option.james6-10/+89
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4843 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-08-19Fixed ifconfig command for "topology subnet" on FreeBSD (Stefan Bethke).james1-6/+10
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4837 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-08-19Fixed build problem when ./configure --disable-server is used.james1-0/+2
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4836 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-07-16OpenVPN version 2.1_rc19 releasedv2.1_rc19james2-1/+13
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4712 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-06-22In Windows TAP driver, refactor DHCP/ARP packet injection code tojames7-28/+154
use a DPC (deferred procedure call) to defer packet injection until IRQL < DISPATCH_LEVEL, rather than calling NdisMEthIndicateReceive in the context of AdapterTransmit. This is an attempt to reduce kernel stack usage, and prevent EXCEPTION_DOUBLE_FAULT BSODs that have been observed on Vista. Updated TAP driver version number to 9.6. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4606 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-06-22Rename generated tapdrvr.cod to a unique name to avoid the issue wherejames1-0/+1
building for multiple architectures causes the previous tapdrvr.cod to be overwritten. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4604 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-06-09In configure.ac, use datadir instead of datarootdir for compatibilityjames1-1/+1
with <autoconf-2.60. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4539 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-06-07Version 2.1_rc18v2.1_rc18james2-2/+9
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4526 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-06-07Fixed issue introduced in r4475 (2.1-rc17) where cryptoapi.c changejames1-0/+2
does not build on Windows on non-MINGW32. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4525 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-06-01Fixed compile error on ./configure --enable-smalljames1-0/+1
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4501 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-06-01Version 2.1_rc17v2.1_rc17james2-2/+45
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4500 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-05-30Update copyright to 2009.james157-160/+160
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4477 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-05-30Fixed bug where the remote_X environmental variables were not beingjames1-2/+2
set correctly when the 'local' option is specifed. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4476 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-05-30Fixed issue of symbol conflicts interfering with Windows CryptoAPIjames4-8/+7
functionality (Alon Bar-Lev). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4475 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-05-24Added new 'autolocal' redirect-gateway flag. When enabled, the OpenVPNjames6-33/+119
client will examine the routing table and determine whether (a) the OpenVPN server is reachable via a locally connected interface, or (b) traffic to the server must be forwarded through the default router. Only add a special bypass route for the OpenVPN server if (b) is true. If (a) is true, behave as if the 'local' flag is specified, and do not add a bypass route. The new 'autolocal' flag depends on the non-portable test_local_addr() function in route.c, which is currently only implemented for Windows. The 'autolocal' flag will act as a no-op on platforms that have not yet defined a test_local_addr() function. Increased TLS_CHANNEL_BUF_SIZE to 2048 from 1024 (this will allow for more option content to be pushed from server to client). Raised D_MULTI_DROPPED debug level to 4 from 3. Version 2.1_rc16b. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4446 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-05-23Added "redirect-private" option which allows private subnetsjames3-69/+80
to be pushed to the client in such a way that they don't accidently obscure critical local addresses such as the DHCP server address and DNS server addresses. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4436 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-05-21Fixed race condition in management interface recv code onjames3-5/+6
Windows, where sending a set of several commands to the management interface in quick succession might cause the latter commands in the set to be ignored. Increased management interface input command buffer size from 256 to 1024 bytes. Minor tweaks to Windows build system. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4414 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-05-21Reduce the debug level (--verb) at which received management interfacejames1-1/+1
commands are echoed from 7 to 3. Passwords will be filtered. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4413 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-05-18Version 2.1_rc16v2.1_rc16james2-1/+54
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4363 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-05-13Updated Windows build scripts to package openssl-0.9.8k,james4-21/+21
and to use the Server 2008 WDK (6001.18002). In cryptoapi.c, renamed CryptAcquireCertificatePrivateKey to OpenVPNCryptAcquireCertificatePrivateKey to work around a symbol conflict in MinGW-5.1.4.exe. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4318 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-04-13Added errors-to-stderr option. When enabled, fatal errorsjames3-6/+28
that result in the termination of the daemon will be written to stderr. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4131 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-04-10Allow "management-client" directive to be usedjames5-44/+91
with unix domain sockets. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4128 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-04-09Added the ability to read the configuration filejames1-2/+6
from stdin, when "stdin" is given as the config file name. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4127 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-02-13install-win32/buildinstaller will now always sign executablejames1-1/+1
if SIGNTOOL is defined, even if EXTRACT_FILES is enabled. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3976 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-01-27Fixed issue involving an #ifdef in a macro reference that breaks early gccjames1-2/+5
compilers. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3903 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-01-27Updated common.h types for _WIN64.james1-0/+8
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3902 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-01-27Updated configure.ac to work on MinGW.james1-53/+58
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3901 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-01-27Fixed some compile-time warnings.james4-5/+7
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3900 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-01-27Fixed some issues with C++ style comments that leaked into the code.james2-6/+6
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3899 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-01-21Version 2.1_rc15ejames2-1/+6
Windows installer changes: * ifdefed out the check Windows version code which is causing problems on Windows 7 * don't define SF_SELECTED if it is already defined git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3855 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-01-01In Windows installer generator, don't sign the installer .exejames1-1/+1
if EXTRACT_FILES is defined in settings.in. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3791 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-12-26Added daemon_start_time and daemon_pid environmental variables.james6-6/+22
In management interface, added new ">CLIENT:ESTABLISHED" notification. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3763 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-12-25Fixed issue where SIGUSR1 restarts would fail if privatejames3-4/+7
key was specified as an inline file. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3743 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-12-23Version 2.1_rc15bjames1-1/+1
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3729 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-12-18Added n_clients environmental variable to information passedjames1-4/+20
to management interface client when management-client-auth is enabled. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3718 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-12-18Added "nclients" command to management interface tojames4-0/+37
display the current number of authenticated clients connected to the server. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3717 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-12-01Added MultiFileExtract capability to Windows Installer.james4-128/+16
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3620 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-11-30Added ExtractAuxFile capability to Windows Installer.james4-2/+136
Changed Windows installer to use LZMA instead of BZIP2 compression. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3616 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-11-20Added new management interface command "pid" to show thejames2-0/+10
process ID of the current OpenVPN process (Angelo Laub). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3552 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-11-20Added optional "nogw" (no gateway) flag to --server-bridgejames5-84/+101
to inhibit the pushing of the route-gateway parameter to clients. Miscellaneous man page edits, fixed some formatting issues. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3550 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-11-19Version 2.1_rc15v2.1_rc15james2-1/+28
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3525 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-11-19Fixed issue introduced in 2.1_rc14 that may cause ajames1-1/+1
segfault when a --plugin module is used. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3524 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-11-18Added --tcp-nodelay option: Macro that sets TCP_NODELAY socketjames5-0/+76
flag on the server as well as pushes it to connecting clients. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3513 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-11-18Cleaned up man page synopsis.james1-273/+2
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3507 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-11-18Minor options check fix: --no-name-remapping is ajames1-0/+2
server-only option and should therefore generate an error when used on the client. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3506 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-11-18Added server-side --opt-verify option: clients that connectjames4-0/+29
with options that are incompatible with those of the server will be disconnected. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3505 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-11-18Added --prng option to control PRNG (pseudo-randomjames9-21/+136
number generator) parameters. In previous OpenVPN versions, the PRNG was hardcoded to use the SHA1 hash. Now any OpenSSL hash may be used. This is part of an effort to remove hardcoded references to a specific cipher or cryptographic hash algorithm. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3503 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-11-17Version 2.1_rc14v2.1_rc14james2-8/+8
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3496 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-11-17* Added additional method parameter to --script-security to preservejames14-105/+383
backward compatibility with system() call semantics used in OpenVPN 2.1_rc8 and earlier. To preserve backward compatibility use: script-security 3 system git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3495 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-11-16Interim release.james2-1/+87
Version 2.1_rc13b git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3494 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-11-05Minor fix to previous commit (r3476).james1-3/+3
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3477 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-11-04Added config file option "setenv FORWARD_COMPATIBLE 1" to relaxjames3-3/+33
config file syntax checking to allow directives for future OpenVPN versions to be ignored. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3476 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-11-03Fixed revoke-full to deal with issue arising from additionjames1-1/+2
of KEY_NAME environmental variable parameter to openssl.cnf git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3472 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-11-03Fixed some ifconfig-pool issues that precludedjames3-10/+12
it from being combined with --server directive. Now, for example, we can configure thusly: server 10.8.0.0 255.255.255.0 nopool ifconfig-pool 10.8.0.2 10.8.0.99 255.255.255.0 to have ifconfig-pool manage only a subset of the VPN subnet. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3471 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-10-31Updated docs to reflect the addition ofjames3-3/+4
--status-version 3. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3468 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-10-31Added --no-name-remapping option to allow Common Name, X509 Subject,james4-3/+42
and username strings to include any printable character including space, but excluding control characters such as tab, newline, and carriage-return. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3467 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-10-31Added --status-version 3 which is the same as version 2james2-25/+28
except tabs are used as delimiters instead of commas. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3466 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-10-28Modified pkitool to allow flexibility in separatingjames1-14/+20
the Common Name convention from the cert/key filename convention. For example: KEY_CN="James's Laptop" KEY_NAME="james" ./pkitool james will crete a client certificate/key pair of james.crt/james.key having a Common Name of "James's Laptop" and a Name of "james". git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3463 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-10-28Added man page entry for new environmental variable setjames1-0/+37
X509_{n}_{subject_field}. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3462 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-10-28Added server-side --auth-user-pass-optional directive, to allowjames6-21/+57
connections by clients that do not specify a username/password, when a user-defined authentication script/module is in place (via --auth-user-pass-verify, --management-client-auth, or a plugin module). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3461 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-10-28Change to pkitool/openssl.cnf so that calling scripts canjames2-1/+16
set the KEY_NAME environmental variable to set the "name" X509 subject field in generated certificates. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3460 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-10-28Save X509 Subject fields to environment, using the naming convention:james1-0/+54
X509_{cert_depth}_{name}={value} git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3459 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-10-27Fixed informational message in ssl.c to properly indicatejames1-1/+5
deferred authentication. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3457 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-10-24Extended Management Interface "bytecount" commandjames5-29/+153
to work when OpenVPN is running as a server. Documented Management Interface "bytecount" command in management/management-notes.txt. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3452 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-10-24Added optional files SAMPCONF_CONF2 (second sample configurationjames2-0/+14
file) and SAMPCONF_DH (Diffie-Helman parameters) to Windows build system, and may be defined in settings.in. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3450 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-10-17Modified Windows domake-win build system to write all openvpn.nsijames5-49/+94
input files to gen, so that gen can be disconnected from the rest of the source tree and makensis openvpn.nsi will still function correctly. Added additional SAMPCONF_(CA|CRT|KEY) macros to settings.in (commented out by default). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3439 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-10-15Added additional warning messages about --script-security 2james4-3/+10
or higher being required to execute user-defined scripts or executables. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3436 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-10-14Added AC_GNU_SOURCE to configure.ac to enable struct ucred,james3-59/+324
with the goal of fixing a build issue on Fedora 9 that was introduced in 2.1_rc13. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3434 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-10-08Version 2.1_rc13v2.1_rc13james10-30/+43
Minor fixes to Windows build scripts. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3417 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-10-06Copyright notice changed to reflect change in name ofjames157-198/+194
Telethra to OpenVPN Technologies. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3409 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-09-30Management interface can now listen on a unixjames16-45/+693
domain socket, for example: management /tmp/openvpn unix Also added management-client-user and management-client-group directives to control which processes are allowed to connect to the socket. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3396 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-09-23Version 2.1_rc12v2.1_rc12james2-1/+10
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3349 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-09-19Fixed --lladdr bug introduced in 2.1-rc9 where input validation codejames3-2/+42
was incorrectly expecting the lladdr parameter to be an IP address when it is actually a MAC address (HoverHell). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3339 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-09-15Patched Makefile.am so that the new t_cltsrv-down.sh script becomesjames2-2/+3
part of the tarball (Matthias Andree). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3332 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-09-15Version 2.1_rc11v2.1_rc11james4-10/+38
Fixed a bug that can cause SSL/TLS negotiations in UDP mode to fail if UDP packets are dropped. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3330 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-09-10Version 2.1_rc10v2.1_rc10james2-1/+94
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3323 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-09-08Version 2.1_rc9bjames1-1/+1
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3318 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-09-08Fixed bug in intra-session TLS key rollover that was introduced withjames3-18/+68
deferred authentication features in 2.1_rc8. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3316 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-09-06Modified ip_or_dns_addr_safe, which validates pulled DNS names,james2-4/+16
to more closely conform to RFC 3696: * DNS name length must not exceed 255 characters * DNS name characters must be limited to alphanumeric, dash ('-'), and dot ('.') git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3312 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-09-062.1_rc8 and earlier did implicit shell expansion on scriptjames9-363/+350
arguments since all scripts were called by system(). The security hardening changes made to 2.1_rc9 no longer use system(), but rather use the safer execve or CreateProcess system calls. The security hardening also introduced a backward incompatibility with 2.1_rc8 and earlier in that script parameters were no longer shell-expanded, so for example: client-connect "docc CLIENT-CONNECT" would fail to work because execve would try to execute a script called "docc CLIENT-CONNECT" instead of "docc" with "CLIENT-CONNECT" as the first argument. This patch fixes the issue, bringing the script argument semantics back to pre 2.1_rc9 behavior in order to preserve backward compatibility while still using execve or CreateProcess to execute the script/executable. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3311 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-09-04Added --allow-pull-fqdn option which allows client to pull DNS namesjames5-12/+45
from server (rather than only IP address) for --ifconfig, --route, and --route-gateway. OpenVPN versions 2.1_rc7 and earlier allowed DNS names for these options to be pulled and translated to IP addresses by default. Now --allow-pull-fqdn will be explicitly required on the client to enable DNS-name-to-IP-address translation of pulled options. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3307 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-08-11Fixed minor compile issue in ntlm.c (mid-block declaration).james1-2/+4
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3222 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-08-11LZO compression buffer overflow errors will now invalidatejames1-1/+7
the packet rather than trigger a fatal assertion. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3221 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-08-10Workaround bug in OpenSSL 0.9.6b ASN1_STRING_to_UTF8, whichjames2-5/+2
the new implementation of extract_x509_field_ssl depends on. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3220 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-08-10Fixed build issue with ./configure --disable-socks --disable-http.james3-4/+4
Fixed separate compile errors in options.c and ntlm.c that occur on strict C compilers (such as old versions of gcc) that require that C variable declarations occur at the start of a {} block, not in the middle. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3219 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-08-10Tagged security fix in 2.1-rc9 as CVE-2008-3459.james1-0/+1
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3218 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-08-10Updated openvpn/t_cltsrv.sh (used by "make check") to conform to newjames2-14/+44
--script-security rules. Also adds retrying if the addresses are in use (Matthias Andree). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3217 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-08-05Reverted r3181, accomplish the same thing via a special casejames3-21/+16
for Windows stdcall functions in configure.ac (Alon Bar-Lev). Minor fix to cryptoapi.c to not compile itself unless USE_CRYPTO and USE_SSL flags are enabled (Alon Bar-Lev). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3183 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-08-05Workaround for MinGW autoconf issue where HAVE_SETSOCKOPT,james1-0/+12
HAVE_GETSOCKOPT, and HAVE_POLL are undefined even though the underlying functions are present. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3181 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-08-05Added additional warnings to flag common gotchas:james5-27/+133
* Warn when ethernet bridging that the IP address of the bridge adapter is probably not the same address that the LAN adapter was set to previously. * When running as a server, warn if the LAN network address is the all-popular 192.168.[0|1].x, since this condition commonly leads to subnet conflicts down the road. * Primarily on the client, check for subnet conflicts between the local LAN and the VPN subnet. Added a 'netmask' parameter to get_default_gateway, to return the netmask of the adapter containing the default gateway. Only implemented on Windows so far. Other platforms will return 255.255.255.0. Currently the netmask information is only used to warn about subnet conflicts. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3179 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-08-04Fixed minor issue with --redirect-gateway bypass-dhcp or bypass-dnsjames1-1/+1
on Windows. If the bypass IP address is 0.0.0.0 or 255.255.255.255, ignore it. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3177 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-08-02Added "--server-bridge" (without parameters) to enablejames14-34/+427
DHCP proxy mode: Configure server mode for ethernet bridging using a DHCP-proxy, where clients talk to the OpenVPN server-side DHCP server to receive their IP address allocation and DNS server addresses. Added "--route-gateway dhcp", to enable the extraction of the gateway address from a DHCP negotiation with the OpenVPN server-side LAN. Modified client.conf and server.conf to reflect new option modes. Incremented version to 2.1_rc9a. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3164 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-08-01Version 2.1_rc9v2.1_rc9james1-2/+2
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3155 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-07-31In Windows build, package a statically linked openssl.exe to work aroundjames4-13/+6
observed instabilities in the dynamic build since the migration to OpenSSL 0.9.8h. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3149 e7ae566f-a301-0410-adde-c780ea21d3b5