Age | Commit message (Collapse) | Author | Files | Lines |
|
Pulling in changes from James' 2.1/openvpn branch in SVN.
Conflicts:
buffer.c
init.c
manage.h
multi.c
openvpn.8
options.c
ssl.c
version.m4
win/sign.py
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
Don't call SSL_CTX_set_client_CA_list or SSL_CTX_set_client_CA_list
if not running in server mode (these functions are only useful for
TLS/SSL servers).
Modified openvpn_snprintf to return false on overflow, and true
otherwise.
When AUTH_FAILED,... is received, log the full string.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7213 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
pushed by server, and that is used to offer a temporary session
token to clients that can be used in place of a password on
subsequent credential challenges.
This accomplishes the security benefit of preventing caching
of the real password while offering most of the advantages
of password caching, i.e. not forcing the user to re-enter
credentials for every TLS renegotiation or network hiccup.
auth-token does two things:
1. if password caching is enabled, the token replaces the
previous password, and
2. if the management interface is active, the token is output
to it:
>PASSWORD:Auth-Token:<token>
Also made a minor change to HALT/RESTART processing when password
caching is enabled. When client receives a HALT or RESTART message,
and if the message text contains a flags block (i.e. [FFF]:message),
if flag 'P' (preserve auth) is present in flags, don't purge the Auth
password. Otherwise do purge the Auth password.
Version 2.1.3o
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7088 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
within handshake-window seconds.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7066 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
to accept an optional message string. The message string format is:
RESTART|HALT,<human-readable-message>
RESTART will tell the client to restart (i.e. SIGUSR1).
HALT will tell the client to exit (i.e. SIGTERM).
On the client, human-readable-message will be communicated via
management interface:
>NOTIFY,<severity>,<type>,<human-readable-message>"
Version 2.1.3m
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7063 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
a server if it sent multiple push requests due to the server being
slow to respond. This could cause the client to process pushed
options twice, leading to duplicate pushed routes, among other issues.
The fix, implemented server-side, is to reply only once to a push
request even if multiple requests are received.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7060 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
(cherry picked from commit ec9dce6387afd198881493bfebf13bb121e8a56b)
|
|
(cherry picked from commit ec9dce6387afd198881493bfebf13bb121e8a56b)
|
|
NAT on the client side.
Version 2.1.3i.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6944 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
Conflicts:
version.m4
- Reset version.m4 to a more neutral version number
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
where credentials are entered from stdin. This capability is
compiled when ENABLE_CLIENT_CR is defined in syshead.h (enabled
by default).
Challenge/response support was previously implemented for creds
that are queried via the management interface. In this case,
the challenge message will be returned as a custom
client-reason-text string (see management-notes.txt for more
info) on auth failure.
Also, see the comments in misc.c above get_auth_challenge()
for info on the OpenVPN challenge/response protocol.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6568 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
The warnings reported where:
--------------------------------------------------------
misc.c:158: warning: ignoring return value of ‘nice’, declared with attribute warn_unused_result
options.c:4033: warning: format not a string literal and no format arguments
options.c:4043: warning: format not a string literal and no format arguments
options.c:4053: warning: format not a string literal and no format arguments
push.c:182: warning: format not a string literal and no format arguments
push.c:199: warning: format not a string literal and no format arguments
push.c:235: warning: format not a string literal and no format arguments
status.c:171: warning: ignoring return value of ‘ftruncate’, declared with attribute warn_unused_result
--------------------------------------------------------
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Peter Stuge <peter@stuge.se>
|
|
Solves bug ticket 13
<https://community.openvpn.net/openvpn/ticket/13>
When the client sends PUSH_REQUESTS, it waits until the server sends PUSH_REPLY.
If the server do not have anything to push to the client nothing happens. The
client will then regularly send new PUSH_REQUESTS until it gets an answer, which
results in not completing the connection negotiation.
This patch makes the server send an empty PUSH_REPLY when it has nothing to more
to push to the client.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Acked-by: James Yonan <james@openvpn.net>
|
|
Version 2.1.1i
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5668 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5599 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
notification to include a client reason string:
>PASSWORD:Verification Failed: 'AUTH_TYPE' ['REASON_STRING']
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5468 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5370 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
now send a RESTART message to client.
This feature is intended to make UDP clients respond the same as TCP
clients in the case where the server issues a RESTART message in
order to force the client to reconnect and pull a new options/route
list.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5021 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
when an AUTH_FAILED message is returned to the client. This
string can be set by the server-side managment interface and read
by the client-side management interface.
For more info, see management/management-notes.txt, and look for
references to "client-reason-text".
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5012 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
to clients, including routes. Previously, all pushed options needed
to fit within a 1024 byte options string.
Remember that to make use of this feature to allow many routes to
be pushed to clients, the client config file must specify the
max-routes option, and the number of pushed routes cannot exceed
this limit. Also, both server and client must include this commit.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4991 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4477 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
Telethra to OpenVPN Technologies.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3409 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3048 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2995 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY plugin handler.
See documentation in openvpn-plugin.h and example
usage in plugin/defer/simple.c.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2969 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2959 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
Allow plugin and push directives to have multiple
parameters specified instead of only 1 quoted
parameter.
Allow plugin and push directives to have multi-line
parameter lists, such as:
<plugin>
my-plugin.so
parm1
parm2
</plugin>
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@785 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
Fixed bug where remove_iroutes_from_push_route_list
was missing routes if those routes had
an implied netmask (by omission) of 255.255.255.255.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@587 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@581 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
It includes the --topology feature, and
TAP-Win32 driver changes to allow
non-admin access.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@580 e7ae566f-a301-0410-adde-c780ea21d3b5
|