| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
When configuring OpenVPN nowadays, the TUN/TAP configuration can
sometimes jump into the Linux 2.2 fallback code paths, which will
also fails. The reason it jumps into fallback mode is that the
tun/tap device already exists or that /dev/net/tun does not exist.
This can be very confusing, as /dev/tunX which the fallback mode tries
to use, does not exist on Linux 2.4 and newer.
Considering that the last Linux 2.2 update was released 25-Feb-2004
and the first Linux 2.4 release came 04-Jan-2001, there are no
reasonable reasons to help users to stay on outdated kernels.
I consider this extra code path just waste of bytes ... so lets make
the world simpler.
Signed-off-by: David Sommerseth <davids@redhat.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
|
|
Conflicts:
options.c
- version string for IPv6 payload changed
Signed-off-by: David Sommerseth <davids@redhat.com>
|
|
after tunnel shutdown. Needs to make delete_route_ipv6() visible from
tun.c (route.c, route.h) and to properly zero-out host bits from IPv6
"network" at interface route clearing. Further, add IPv6 routes with
"store=active" to make sure nothing lingers after a system crash while
OpenVPN was running.
While at it, small Solaris cleanup - use CLEAR() to zero-out "ifr" struct.
Tested on Windows XP SP3 and Win7 by Gert Doering and Tony Lim.
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
This prevents the netsh.exe command from exiting with a status 1
when the address already exists. By adding store=active the address
will not survive a reboot and be assigned temporarily.
Tested on Windows 7 and Windows XP SP 2.
Signed-off-by: smos <seth.mos@dds.nl>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
Pulling in changes from James' 2.1/openvpn branch in SVN.
Conflicts:
buffer.c
init.c
manage.h
multi.c
openvpn.8
options.c
ssl.c
version.m4
win/sign.py
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
configure option. ipconfig on Mac has certain behavior that makes
it unsuitable for use by OpenVPN to configure tun/tap interface.
Version 2.1.3u
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7191 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
command on failure once every second for up to 15 seconds. This
is necessary to work around an issue observed on OSX 10.5 where
the ipconfig command sometimes fails if executed immediately after
the tun device open.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7151 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
enable the use of ipconfig (instead of ifconfig) for configuring the
IP address and netmask of the tun/tap adapter.
Version 2.1.3p
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7092 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
Conflicts:
options.c
- feat_ipv6_payload and feat_ip6_transport both updates
this file with presence information
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
Solaris close_tun(): add explicit "unplumb'ing" of IPv6 tun/tap
interfaces, otherwise they would linger around after OpenVPN exits.
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
"dev tun"+"topology subnet" - moved code out of "if (tun)" block, works.
add more debug information to help diagnose cases where IPv6 isn't working
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
version 9.7 as anticipated (that's 2.1.3) but 9.8 - change test to
require 9.8, and change message to point to 2.2-beta3 and up.
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
destroy tunX interface on tun_close()
tested on OpenBSD 4.7
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
than 9.7, log warning and disable IPv6 (won't work anyway).
|
|
- initialize tuntap->ipv6 in init.c::do_init_tun(), to make sure it's
setup "early enough", no matter what ifconfig_order() wants
- change call convention for open_tun(): drop "ipv6" flag, because it's
incompatible with windows/openbsd calling sequence (ifconfig first,
open_tun later) - also affects open_tun_generic() and tuncfg().
- drop ipv6_support() helper function - has no useful purpose anymore
- introduce add_route_connected_v6_net() helper for Win32, Darwin, Netbsd
(cleanup code)
- fix NetBSD tunnel setup - destroy/recreate before ifconfig'ing, to make
sure no leftover configuration lingers on tunnel from previous call
(NetBSD tunnels are always persistent unless explicitely destroyed)
- DARWIN (MacOS X) gets its own #ifdef section for open_tun()/close_tun()
now, because close_tun() needs to cleanup IPv6 ifconfig
|
|
--version: change printing of IPv6 payload patch version to [...] style
fix "make check" regression in tun.c (unnecessary change reverted)
|
|
do not have TUNSIFHEAD (and do not have IPv6 capable tunnels), fall back
to old IPv4-only code without address-family prepending.
(cherry picked from commit 2a57c58b185deb11b0a62c584489fff59258146c)
|
|
(cherry picked from commit ec9dce6387afd198881493bfebf13bb121e8a56b)
|
|
--version: change printing of IPv6 payload patch version to [...] style
fix "make check" regression in tun.c (unnecessary change reverted)
|
|
do not have TUNSIFHEAD (and do not have IPv6 capable tunnels), fall back
to old IPv4-only code without address-family prepending.
(cherry picked from commit 2a57c58b185deb11b0a62c584489fff59258146c)
|
|
(cherry picked from commit ec9dce6387afd198881493bfebf13bb121e8a56b)
|
|
|
|
execution of Windows net commands.
Version 2.1.3d
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6712 e7ae566f-a301-0410-adde-c780ea21d3b5
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
(cherry picked from commit 7621741b480f93411928c66735d2ee9c7f69de3b)
|
|
execution of Windows net commands.
Version 2.1.3d
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6712 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
Conflicts:
Makefile.am
openvpn.8
options.c
socket.c
ssl.c
- feat_misc is missing a lot of bugfix2.1 changes
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
Kazuyoshi Aizawa, adding of local "connected subnet" route by me)
Tested on OpenSolaris/i386, no impact for other TARGETs.
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Kazuyoshi Aizawa <admin2@whiteboard.ne.jp>
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
<admin2@whiteboard.ne.jp>.
See also http://www.whiteboard.ne.jp/~admin2/tuntap/
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Kazuyoshi Aizawa <admin2@whiteboard.ne.jp>
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
(ACKed by Eric F Crist and David Sommerseth)
(cherry picked from commit dd66b12647852e3f1267be70b0fb3b11deedf377)
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
txqueuelen directive is set to 0.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6420 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
of existing --register-dns commands.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6352 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
Fixed some issues on Windows with --log, subprocess creation
for command execution, and stdout/stderr redirection.
Version 2.1.1m.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6304 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5599 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
python msvc\config.py
nmake /f msvc\msvc.mak
Version 2.1.1e
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5516 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
(ACKed by Eric F Crist and David Sommerseth)
(cherry picked from commit dd66b12647852e3f1267be70b0fb3b11deedf377)
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
or "dhcp-renew" options were combined with "route-gateway dhcp".
The problem is that the IP Helper functions for DHCP release and
renew are blocking, and so calling them from a single-threaded
client stops tunnel traffic forwarding, and hence breaks
"route-gateway dhcp" which requires an active tunnel. The fix is
to call the IP Helper functions for DHCP release and renew from
another process.
Version 2.1_rc21b.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5164 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4837 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4477 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
backward compatibility with system() call semantics used in OpenVPN
2.1_rc8 and earlier. To preserve backward compatibility use:
script-security 3 system
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3495 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
Telethra to OpenVPN Technologies.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3409 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
* Warn when ethernet bridging that the IP address of the
bridge adapter is probably not the same address that
the LAN adapter was set to previously.
* When running as a server, warn if the LAN network address is
the all-popular 192.168.[0|1].x, since this condition commonly
leads to subnet conflicts down the road.
* Primarily on the client, check for subnet conflicts between
the local LAN and the VPN subnet.
Added a 'netmask' parameter to get_default_gateway, to return
the netmask of the adapter containing the default gateway.
Only implemented on Windows so far. Other platforms will
return 255.255.255.0. Currently the netmask information is
only used to warn about subnet conflicts.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3179 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
by client from server. Fixes --iproute vulnerability.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3126 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
* All external programs and scripts are now called by execve() on unix and
CreateProcess on Windows.
* The system() function is no longer used.
* Argument lists for external programs and scripts are now built by the new
argv_printf function which natively outputs to string arrays (i.e.
char *argv[] lists), never truncates its output, and eliminates the security
issues inherent in formatting and parsing command lines, and dealing with
argument quoting.
* The --script-security directive has been added to offer policy controls on
OpenVPN's execution of external programs and scripts.
Also added a new plugin example (openvpn/plugin/examples/log.c) that logs
information to stdout for every plugin method called by OpenVPN.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3122 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
likely() and unlikely() macro additions to syshead.h) and r3061.
I would like to give more thought to the bigger issue of fortifying
buffer.[ch] through the use of additional defensive programming techniques.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3081 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
return -1, set buf->len to 0 rather than -1. While downstream
code is set up to consider the buffer invalidated if its length
is <= 0, this change makes the code cleaner and safer.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3061 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3048 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2995 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
Added client authentication and packet filtering capability
to management interface.
Extended packet filtering capability to work on both --dev tun
and --dev tap tunnels.
Updated valgrind-suppress file.
Made "Linux ip addr del failed" error nonfatal.
Amplified --client-cert-not-required warning.
Added #pragma pack to proto.h.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2991 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2959 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
ifconfig, gentoo#209055 (Alon Bar-Lev).
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2748 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
(Alon Bar-Lev).
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2683 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2641 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
by allowing openvpn --mktun to be used with --user and --group
to set the UID/GID of the tun device node. Also added --iproute
option to allow an alternative command to be executed in place
of the default iproute2 command (Alon Bar-Lev).
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2639 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
Added new settings to settings.in to better control
build process.
Removed some unneeded JYFIXMEs from source code.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1874 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
Implemented AUTO_USERID using
MD5(MAC address(primary network adapter)).
Currently implemented for Linux and Windows.
Basically if ENABLE_AUTO_USERID is defined,
the --auth-user-pass option will not prompt
for username/password, but will rather generate
a unique username and blank password.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1459 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1449 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
to persistent interfaces made with --mktun (Roy Marples).
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1447 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1436 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
Modified installer to detect 32-bit vs.
64 bit Windows and install the correct TAP
driver.
TAP-Win32 version number is at 8.4.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1229 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1079 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
when ./configure --enable-strict is used.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1040 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@991 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@986 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
--ip-win32 netsh (or --ip-win32 adaptive when in netsh
mode) can now set DNS/WINS addresses on the TAP-Win32
adapter.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@857 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@832 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
* Added code to make sure that the local PATH environmental
variable points to the Windows system32 directory.
* Added new --ip-win32 adaptive mode which tries 'dynamic'
and then fails over to 'netsh' if the DHCP negotiation fails.
* Made --ip-win32 adaptive the default.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@739 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
in the management interface (Rolf Fokkens).
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@701 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@581 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
It includes the --topology feature, and
TAP-Win32 driver changes to allow
non-admin access.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@580 e7ae566f-a301-0410-adde-c780ea21d3b5
|
