Re: [Openvpn-devel] [Openvpn-users] --auth-user-pass-verify and --script-security
this is a major gripe for me as well: the behaviour on how to start external programs changed quite drastically somewhere between rc7 and rc13 (I believe rc10 was the first version), especially on the Windows platform. Yet this is (as of today) poorly documented and nobody has written any info on how to convert old style scripts (e.g. "Auth4OpenVPN.vbs") to a new style ("cscript.exe " ) etc. So, in short, your guess is as good as mine ... Personally I'd go for the second one. For those who still remembers what this threat was about - I managed to get v2.1rc13 working with auth-user-pass-verify "c:/windows/system32/cscript.exe //H:cscript c:/Progra~1/OpenVPN/config/Auth4OpenVPN.vbs" via-env fantastic! I totally agree with you that we should not be breaking the semantics for calling external programs, and it wasn't our intention to do so. Our original hope was that the security benefits of migrating from system() to execve() on unix and CreateProcess() on Windows could be done transparently. But seeing that that's not the case, I would suggest that we offer the previous system() semantics as a deprecated option, using the syntax script-security where mode is "execve" by default, (which means to use execve() on unix family platforms or CreateProcess on Windows) or "system" which means to use system(). This means that any OpenVPN config prior to 2.1_rc9 could continue to use system() by adding: script-security 2 system OpenVPN would issue a warning about system() usage being deprecated, but would continue to use pre-2.1_rc9 external program calling semantics. Comments? James
Re: [Openvpn-devel] [WINDOWS] Request for test win64
A new one [1]. This time with amd64 assembly. Maybe it would be even faster! [1] http://alon.barlev.googlepages.com/openvpn-win64.tar.bz2 On 11/8/08, Alon Bar-Lev wrote: > On 11/8/08, Jason R. Coombs wrote: > > > > > > It appears as if the 64-bit build does have a 5-10% performance increase > over > > the 32-bit build in this environment. > > > > I hope these results are helpful. Unfortunately, I don't have a testbed > where > > I can configure two isolated, clean systems, which would probably result > in > > more deterministic results. Let me know if I can arrange the tests > > differently to highlight a particular aspect of the performance. > > > > Regards, > > > > Jason > > > Great work! > Maybe someone else can also perform these tests so users will know if > they wish to use 64bit build? > > > Alon. >
[Openvpn-devel] IPv6 Support
Hi, a long time ago Juanjo Ciarlante wrote a patch for openvpn to create a tunnel via ipv6 [1]. Later i fixed the patch to work with openvpn-2.0 and 2.1 which i use on OpenWRT and Gentoo. Roy (from Gentoo) wrote about this also to the devel-list [1]. But since that no one answered :( What about IPv6-support to create a tunnel over IPv6? Since my first patch i try to adapt the patch to newer versions. This patches are not properly tested but works fine for me (on gentoo).[2][3] I'm not able to adapt the patch detailed 'cause of not enough knowledge about the source and missing programming skills. JuanJo want some integration to the official openvpn source code, but knowone did this until now. [1] http://sourceforge.net/mailarchive/message.php?msg_id=20070629101345.0f8beeba%40uberlaptop.marples.name [2] http://source.pennewiss.de/openvpn/udp6/ [3] http://bugs.gentoo.org/show_bug.cgi?id=183457 Are there plans to integrate it to the future? Regards, Marcel