aboutsummaryrefslogtreecommitdiff
path: root/push.c (follow)
AgeCommit message (Collapse)AuthorFilesLines
2011-04-26Merge branch 'svn-branch-2.1' into mergeDavid Sommerseth1-17/+80
Pulling in changes from James' 2.1/openvpn branch in SVN. Conflicts: buffer.c init.c manage.h multi.c openvpn.8 options.c ssl.c version.m4 win/sign.py Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
2011-04-26Added 'dir' flag to "crl-verify" (see man page for info).James Yonan1-1/+1
Don't call SSL_CTX_set_client_CA_list or SSL_CTX_set_client_CA_list if not running in server mode (these functions are only useful for TLS/SSL servers). Modified openvpn_snprintf to return false on overflow, and true otherwise. When AUTH_FAILED,... is received, log the full string. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7213 e7ae566f-a301-0410-adde-c780ea21d3b5
2011-04-26Added "auth-token" client directive, which is intended to beJames Yonan1-3/+21
pushed by server, and that is used to offer a temporary session token to clients that can be used in place of a password on subsequent credential challenges. This accomplishes the security benefit of preventing caching of the real password while offering most of the advantages of password caching, i.e. not forcing the user to re-enter credentials for every TLS renegotiation or network hiccup. auth-token does two things: 1. if password caching is enabled, the token replaces the previous password, and 2. if the management interface is active, the token is output to it: >PASSWORD:Auth-Token:<token> Also made a minor change to HALT/RESTART processing when password caching is enabled. When client receives a HALT or RESTART message, and if the message text contains a flags block (i.e. [FFF]:message), if flag 'P' (preserve auth) is present in flags, don't purge the Auth password. Otherwise do purge the Auth password. Version 2.1.3o git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7088 e7ae566f-a301-0410-adde-c780ea21d3b5
2011-04-26Client will now try to reconnect if no push reply receivedJames Yonan1-1/+12
within handshake-window seconds. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7066 e7ae566f-a301-0410-adde-c780ea21d3b5
2011-04-26Extended "client-kill" management interface command (server-side)James Yonan1-6/+23
to accept an optional message string. The message string format is: RESTART|HALT,<human-readable-message> RESTART will tell the client to restart (i.e. SIGUSR1). HALT will tell the client to exit (i.e. SIGTERM). On the client, human-readable-message will be communicated via management interface: >NOTIFY,<severity>,<type>,<human-readable-message>" Version 2.1.3m git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7063 e7ae566f-a301-0410-adde-c780ea21d3b5
2011-04-26Fixed issue where a client might receive multiple push replies fromJames Yonan1-2/+12
a server if it sent multiple push requests due to the server being slow to respond. This could cause the client to process pushed options twice, leading to duplicate pushed routes, among other issues. The fix, implemented server-side, is to reply only once to a push request even if multiple requests are received. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7060 e7ae566f-a301-0410-adde-c780ea21d3b5
2011-04-24Enable IPv6 Payload in OpenVPN p2mp tun server mode. 20100104-1 release.Gert Doering1-0/+2
(cherry picked from commit ec9dce6387afd198881493bfebf13bb121e8a56b)
2011-04-24Enable IPv6 Payload in OpenVPN p2mp tun server mode. 20100104-1 release.Gert Doering1-0/+16
(cherry picked from commit ec9dce6387afd198881493bfebf13bb121e8a56b)
2011-02-18Added "client-nat" option for stateless, one-to-oneJames Yonan1-4/+11
NAT on the client side. Version 2.1.3i. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6944 e7ae566f-a301-0410-adde-c780ea21d3b5
2010-11-13Merge branch 'svn-BETA21' into beta2.2David Sommerseth1-1/+11
Conflicts: version.m4 - Reset version.m4 to a more neutral version number Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
2010-10-24Implement challenge/response authentication support in client mode,James Yonan1-1/+11
where credentials are entered from stdin. This capability is compiled when ENABLE_CLIENT_CR is defined in syshead.h (enabled by default). Challenge/response support was previously implemented for creds that are queried via the management interface. In this case, the challenge message will be returned as a custom client-reason-text string (see management-notes.txt for more info) on auth failure. Also, see the comments in misc.c above get_auth_challenge() for info on the OpenVPN challenge/response protocol. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6568 e7ae566f-a301-0410-adde-c780ea21d3b5
2010-10-21Fixed compiler warnings reported on Ubuntu 10.04David Sommerseth1-3/+3
The warnings reported where: -------------------------------------------------------- misc.c:158: warning: ignoring return value of ‘nice’, declared with attribute warn_unused_result options.c:4033: warning: format not a string literal and no format arguments options.c:4043: warning: format not a string literal and no format arguments options.c:4053: warning: format not a string literal and no format arguments push.c:182: warning: format not a string literal and no format arguments push.c:199: warning: format not a string literal and no format arguments push.c:235: warning: format not a string literal and no format arguments status.c:171: warning: ignoring return value of ‘ftruncate’, declared with attribute warn_unused_result -------------------------------------------------------- Signed-off-by: David Sommerseth <dazo@users.sourceforge.net> Acked-by: Gert Doering <gert@greenie.muc.de> Acked-by: Peter Stuge <peter@stuge.se>
2010-10-21Fixed client hang when server don't PUSH (aka the NO_SOUP_FOR_YOU patch)David Sommerseth1-0/+17
Solves bug ticket 13 <https://community.openvpn.net/openvpn/ticket/13> When the client sends PUSH_REQUESTS, it waits until the server sends PUSH_REPLY. If the server do not have anything to push to the client nothing happens. The client will then regularly send new PUSH_REQUESTS until it gets an answer, which results in not completing the connection negotiation. This patch makes the server send an empty PUSH_REPLY when it has nothing to more to push to the client. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net> Acked-by: James Yonan <james@openvpn.net>
2010-06-01Implemented a key/value auth channel from client to server.James Yonan1-3/+3
Version 2.1.1i git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5668 e7ae566f-a301-0410-adde-c780ea21d3b5
2010-04-28Updated copyright date to 2010.James Yonan1-1/+1
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5599 e7ae566f-a301-0410-adde-c780ea21d3b5
2010-03-12Modified ">PASSWORD:Verification Failed" management interfaceJames Yonan1-2/+2
notification to include a client reason string: >PASSWORD:Verification Failed: 'AUTH_TYPE' ['REASON_STRING'] git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5468 e7ae566f-a301-0410-adde-c780ea21d3b5
2010-01-16Don't advance the connection list on AUTH_FAILED errors.james1-0/+1
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5370 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-10-01client-kill management interface command, when issued on server, willjames1-1/+27
now send a RESTART message to client. This feature is intended to make UDP clients respond the same as TCP clients in the case where the server issues a RESTART message in order to force the client to reconnect and pull a new options/route list. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5021 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-09-29Added the ability for the server to provide a custom reason stringjames1-4/+28
when an AUTH_FAILED message is returned to the client. This string can be set by the server-side managment interface and read by the client-side management interface. For more info, see management/management-notes.txt, and look for references to "client-reason-text". git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5012 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-09-27Eliminated the limitation on the number of options that can be pushedjames1-65/+117
to clients, including routes. Previously, all pushed options needed to fit within a 1024 byte options string. Remember that to make use of this feature to allow many routes to be pushed to clients, the client config file must specify the max-routes option, and the number of pushed routes cannot exceed this limit. Also, both server and client must include this commit. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4991 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-05-30Update copyright to 2009.james1-1/+1
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4477 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-10-06Copyright notice changed to reflect change in name ofjames1-1/+1
Telethra to OpenVPN Technologies. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3409 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-07-14Copyright change OpenVPN Solutions LLC -> Telethra, Inc.james1-1/+1
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3048 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-06-11Updated copyright notice to 2008.james1-1/+1
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2995 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-05-24Support asynchronous/deferred authentication injames1-4/+4
OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY plugin handler. See documentation in openvpn-plugin.h and example usage in plugin/defer/simple.c. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2969 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-05-12Moved branch into official BETA21 position.james1-6/+0
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2959 e7ae566f-a301-0410-adde-c780ea21d3b5
2005-11-09Removed annoying 'i' variable from add_option.james1-0/+8
Allow plugin and push directives to have multiple parameters specified instead of only 1 quoted parameter. Allow plugin and push directives to have multi-line parameter lists, such as: <plugin> my-plugin.so parm1 parm2 </plugin> git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@785 e7ae566f-a301-0410-adde-c780ea21d3b5
2005-10-01Renamed sample-keys/tmp-ca.crt to ca.crt.james1-3/+3
Fixed bug where remove_iroutes_from_push_route_list was missing routes if those routes had an implied netmask (by omission) of 255.255.255.255. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@587 e7ae566f-a301-0410-adde-c780ea21d3b5
2005-09-26version 2.1_beta1james1-1/+1
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@581 e7ae566f-a301-0410-adde-c780ea21d3b5
2005-09-26This is the start of the BETA21 branch.james1-0/+326
It includes the --topology feature, and TAP-Win32 driver changes to allow non-admin access. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@580 e7ae566f-a301-0410-adde-c780ea21d3b5