Age | Commit message (Collapse) | Author | Files | Lines |
|
Conflicts:
options.c
- version string for IPv6 payload changed
Signed-off-by: David Sommerseth <davids@redhat.com>
|
|
after tunnel shutdown. Needs to make delete_route_ipv6() visible from
tun.c (route.c, route.h) and to properly zero-out host bits from IPv6
"network" at interface route clearing. Further, add IPv6 routes with
"store=active" to make sure nothing lingers after a system crash while
OpenVPN was running.
While at it, small Solaris cleanup - use CLEAR() to zero-out "ifr" struct.
Tested on Windows XP SP3 and Win7 by Gert Doering and Tony Lim.
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
Pulling in changes from James' 2.1/openvpn branch in SVN.
Conflicts:
buffer.c
init.c
manage.h
multi.c
openvpn.8
options.c
ssl.c
version.m4
win/sign.py
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
Conflicts:
options.c
- feat_ipv6_payload and feat_ip6_transport both updates
this file with presence information
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
destroy tunX interface on tun_close()
tested on OpenBSD 4.7
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
(otherwise netsh.exe will succeed, but silently ignore request)
|
|
use special next-hop address (fe80::8) that tapdrv will handle ND for
|
|
- somewhat preliminary, as the next-hop setting requirements of tun/tap
driver are not decided yet, and "route add" might need to be adapted
|
|
affects options.h, options.c, multi.c
benefit: static IPv6 address assignment from radiusplugin (etc)
rewritten get_ipv6_addr() to handle IPv6 addresses with and without "/bits"
affects route.c and mainly options.c
benefit: ifconfig-ipv6, ifconfig-ipv6-pool can now be accept
configurations with networks != /64 (the rest of the implementation
is not yet completely there, but this is imporant preparation work to
be able to add /bits to "push 'ifconfig-ipv6 ...'" later on without
breaking clients
do not try to add/delete IPv6 routes if no IPv6 on tunnel
affects: route.c
benefit: avoid error messages, and make IPv6 troubleshooting easier
flag as "config error" if --ifconfig-ipv6-pool used without --ifconfig-ipv6
flag as "config error" if --ifconfig-ipv6-pool used without --server
print warning if --ifconfig-ipv6 is used without --tun-ipv6
changes documented in more detail in ChangeLog.IPv6
* release patch set 20100114-1
(cherry picked from commit c04f774c7e9bed602818b1fe2ff4e83cf913d471)
|
|
(cherry picked from commit ec9dce6387afd198881493bfebf13bb121e8a56b)
|
|
|
|
|
|
ipv6 endpoints
|
|
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6927 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
was only defined for Windows and Linux). This enables OS X to report
the MAC address of the default gateway to the server for ID purposes
when client-side --push-peer-info option is specified.
Also, minor fix to OS X get_default_gateway function:
* include net/route.h directly rather than selectively paste stuff
from it into route.c
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6925 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
Conflicts:
acinclude.m4
config-win32.h
configure.ac
misc.c
thread.c
thread.h
- These conflicts was mainly due to feat_misc getting old
and mostly caused by the pthread clean-up patches in
feat_misc
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
The add_host_route_if_nonlocal() function is too simple to really
benefit from calling add_bypass_address() when this function is the
only caller to this function.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Acked-by: Peter Stuge <peter@stuge.se>
|
|
Conflicts:
Makefile.am
openvpn.8
options.c
socket.c
ssl.c
- feat_misc is missing a lot of bugfix2.1 changes
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
Kazuyoshi Aizawa, adding of local "connected subnet" route by me)
Tested on OpenSolaris/i386, no impact for other TARGETs.
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Kazuyoshi Aizawa <admin2@whiteboard.ne.jp>
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
(Gert Doering).
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6566 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
The init_route() function will leave &netlist untouched for
get_special_addr() routes ("remote_host" being one of them).
netlist is on stack, contains random garbage, and netlist.len
will not be 0 - thus, random stack data is copied from
netlist.data[] until the route_list is full.
This issue has been reported several places lately:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=600166
http://thread.gmane.org/gmane.network.openvpn.devel/4083
https://forums.openvpn.net/viewtopic.php?f=1&t=7201&p=8168
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: David Sommerseth <dazo@users.sourceforge.net>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
commands.
When only a single IP address is desired from a multi-address DNS
expansion, use the first address rather than a random selection.
Version 2.1.1l
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6291 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
Version 2.1.1i
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5668 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5599 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
to clients, including routes. Previously, all pushed options needed
to fit within a 1024 byte options string.
Remember that to make use of this feature to allow many routes to
be pushed to clients, the client config file must specify the
max-routes option, and the number of pushed routes cannot exceed
this limit. Also, both server and client must include this commit.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4991 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
file or pulled from a server) can now be configured via the new
"max-routes" directive.
Previously, the limit was set to 100 and fixed by a compile-time
constant. Now the limit is dynamic and can be modified by the
"max-routes" directive. If max-routes is not specified, the default
limit is 100.
Note that this change does not address the maximum size of the
pushed options string sent from server to client, which is still
controlled by the TLS_CHANNEL_BUF_SIZE compile-time constant.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4967 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
in route.c to make it easier to spot them.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4851 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4477 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
client will examine the routing table and determine whether (a) the
OpenVPN server is reachable via a locally connected interface, or (b)
traffic to the server must be forwarded through the default router.
Only add a special bypass route for the OpenVPN server if (b) is true.
If (a) is true, behave as if the 'local' flag is specified, and do not
add a bypass route.
The new 'autolocal' flag depends on the non-portable test_local_addr()
function in route.c, which is currently only implemented for Windows.
The 'autolocal' flag will act as a no-op on platforms that have not
yet defined a test_local_addr() function.
Increased TLS_CHANNEL_BUF_SIZE to 2048 from 1024 (this will allow for
more option content to be pushed from server to client).
Raised D_MULTI_DROPPED debug level to 4 from 3.
Version 2.1_rc16b.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4446 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
to be pushed to the client in such a way that they don't accidently
obscure critical local addresses such as the DHCP server address and
DNS server addresses.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4436 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3899 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
backward compatibility with system() call semantics used in OpenVPN
2.1_rc8 and earlier. To preserve backward compatibility use:
script-security 3 system
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3495 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
Telethra to OpenVPN Technologies.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3409 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
* Warn when ethernet bridging that the IP address of the
bridge adapter is probably not the same address that
the LAN adapter was set to previously.
* When running as a server, warn if the LAN network address is
the all-popular 192.168.[0|1].x, since this condition commonly
leads to subnet conflicts down the road.
* Primarily on the client, check for subnet conflicts between
the local LAN and the VPN subnet.
Added a 'netmask' parameter to get_default_gateway, to return
the netmask of the adapter containing the default gateway.
Only implemented on Windows so far. Other platforms will
return 255.255.255.0. Currently the netmask information is
only used to warn about subnet conflicts.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3179 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
on Windows. If the bypass IP address is 0.0.0.0 or 255.255.255.255,
ignore it.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3177 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
DHCP proxy mode: Configure server mode for ethernet
bridging using a DHCP-proxy, where clients talk to the
OpenVPN server-side DHCP server to receive their IP address
allocation and DNS server addresses.
Added "--route-gateway dhcp", to enable the extraction
of the gateway address from a DHCP negotiation with the
OpenVPN server-side LAN.
Modified client.conf and server.conf to reflect new option
modes.
Incremented version to 2.1_rc9a.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3164 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
by client from server. Fixes --iproute vulnerability.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3126 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3125 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
* All external programs and scripts are now called by execve() on unix and
CreateProcess on Windows.
* The system() function is no longer used.
* Argument lists for external programs and scripts are now built by the new
argv_printf function which natively outputs to string arrays (i.e.
char *argv[] lists), never truncates its output, and eliminates the security
issues inherent in formatting and parsing command lines, and dealing with
argument quoting.
* The --script-security directive has been added to offer policy controls on
OpenVPN's execution of external programs and scripts.
Also added a new plugin example (openvpn/plugin/examples/log.c) that logs
information to stdout for every plugin method called by OpenVPN.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3122 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3048 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2995 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2959 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
by allowing openvpn --mktun to be used with --user and --group
to set the UID/GID of the tun device node. Also added --iproute
option to allow an alternative command to be executed in place
of the default iproute2 command (Alon Bar-Lev).
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2639 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
version of CreateIpForwardEntry as described in
http://www.nynaeve.net/?p=59
This issue would cause route additions using the
IP Helper API to fail on Vista.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1748 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
Implemented AUTO_USERID using
MD5(MAC address(primary network adapter)).
Currently implemented for Linux and Windows.
Basically if ENABLE_AUTO_USERID is defined,
the --auth-user-pass option will not prompt
for username/password, but will rather generate
a unique username and blank password.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1459 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
for --route (Roy Marples).
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1011 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@991 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
which tries IP helper API first, then falls back to
route.exe.
Made --route-method adaptive the default.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@858 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@832 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@766 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
* Added code to make sure that the local PATH environmental
variable points to the Windows system32 directory.
* Added new --ip-win32 adaptive mode which tries 'dynamic'
and then fails over to 'netsh' if the DHCP negotiation fails.
* Made --ip-win32 adaptive the default.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@739 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
in the management interface (Rolf Fokkens).
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@701 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
to return the route with the smallest metric
if multiple 0.0.0.0/0.0.0.0 entries are present.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@692 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
to return the route with the smallest metric
if multiple 0.0.0.0/0.0.0.0 entries are present.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@691 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@581 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
It includes the --topology feature, and
TAP-Win32 driver changes to allow
non-admin access.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@580 e7ae566f-a301-0410-adde-c780ea21d3b5
|