[Openvpn-devel] [Fwd: Re: [OpenVPN Community] #97: OpenVPN produces DCHP NAK bomb on Win 7 64bit]

2012-07-13 Thread Jan Just Keijser 

did one of the tap-win32 developers see this:

Seems to be a bug in the TAP driver. It's happening after you try to
refresh the DHCP lease 3 times (after resume from hibernation, Windows
tries to acquire a DHCP lease too).
I think the reason for this is a programming error in dhcp.c in function
ProcessDHCP:


  // Is this a bad DHCPREQUEST?
  if (msg_type == DHCPREQUEST && dhcp->ciaddr != p_Adapter->m_dhcp_addr)
++p_Adapter->m_dhcp_bad_requests;


should be:

  if (dhcp->ciaddr && msg_type == DHCPREQUEST && dhcp->ciaddr !=
p_Adapter->m_dhcp_addr)
++p_Adapter->m_dhcp_bad_requests;

as the win32 DHCP client always requests with all fields set to 0, so this
increases the error counter even though it isn't a bad request and as
BAD_DHCPREQUEST_NAK_THRESHOLD is 3, it fails after the third renew
attempt.


?

share and enjoy,

JJK



--- Begin Message ---
#97: OpenVPN produces DCHP NAK bomb on Win 7 64bit
--+-
 Reporter:  janjust   |Owner:   
 Type:  Bug / Defect  |   Status:  closed   
 Priority:  major |Milestone:  release 2.2.2
Component:  Networking|  Version:  2.1.4
 Severity:  Not set (if unsure, select this one)  |   Resolution:  fixed
 Keywords:  win7 tap-win32 dhcpnak|  
--+-

Comment(by ert):

 Seems to be a bug in the TAP driver. It's happening after you try to
 refresh the DHCP lease 3 times (after resume from hibernation, Windows
 tries to acquire a DHCP lease too).
 I think the reason for this is a programming error in dhcp.c in function
 ProcessDHCP:


   // Is this a bad DHCPREQUEST?
   if (msg_type == DHCPREQUEST && dhcp->ciaddr != p_Adapter->m_dhcp_addr)
 ++p_Adapter->m_dhcp_bad_requests;


 should be:

   if (dhcp->ciaddr && msg_type == DHCPREQUEST && dhcp->ciaddr !=
 p_Adapter->m_dhcp_addr)
 ++p_Adapter->m_dhcp_bad_requests;

 as the win32 DHCP client always requests with all fields set to 0, so this
 increases the error counter even though it isn't a bad request and as
 BAD_DHCPREQUEST_NAK_THRESHOLD is 3, it fails after the third renew
 attempt.
 Could someone please fix this in the TAP driver and provide a signed copy?
 We need the driver for production use...

 Regards.

-- 
Ticket URL: 
OpenVPN Community 
OpenVPN is a layer 2/3 SSL VPN
--- End Message ---

Re: [Openvpn-devel] Openvpn-2.3_alpha2 and easy-rsa-2.2.0_master packages and packaging files published

2012-07-13 Thread Alon Bar-Lev 
Hello Samuli,

Why didn't you use rpmbuild -tb .tar.gz?
And if you have changes in spec file you should probably add this with
proper conditionals to the spec file within the appropriate package.

There should be no external resource maintained.

The debian packaging should also be integrated within project.

Alon

On Fri, Jul 13, 2012 at 3:22 PM, Samuli Seppänen  wrote:
> Hi all,
>
> I've just finished packaging openvpn-2.3_alpha2 for Debian/Ubuntu and
> Fedora/EL. As the packaging files required significant changes on both
> Debian and RPM front, I've put them here for others to use/improve:
>
> 
>
> The packaging highlights for the 2.3_alpha2 are:
>
> - easy-rsa split into it's own architecture-independent package
> - packages for Ubuntu 12.04
> - debian packaging files made as generic as possible, only Ubuntu 12.04
> files having required minor changes
>
> CentOS/EL6 is still missing the new packages as I don't have direct
> access to the CentOS build computers until next Monday. All other
> packages are already in their respective ("-snapshot") repositories.
>
> For details on how to use our software repositories, please look here:
>
> 
>
> If you encounter any issues with the packages, please let me know! Also,
> any suggestions on where to host these files in the long run are most
> appreciated! Perhaps "openvpn-build" repository would be the least bad
> place?
> --
> Samuli Seppänen
> Community Manager
> OpenVPN Technologies, Inc
>
> irc freenode net: mattock
>
> --
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> ___
> Openvpn-devel mailing list
> Openvpn-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] make non-blocking connect work on Windows

2012-07-13 Thread Alon Bar-Lev 
Hello,

In my projects I always compare to the two values EWOULDBLOCK and
EINPROGRESS and it works without much conditionals.

So simply do:
---
  if (status == EINPROGRESS || status == EWOULDBLOCK)
---

Alon.

On Fri, Jul 13, 2012 at 12:55 PM, Heiko Hund  wrote:
>
> Instead of EINPROGRESS WinSock2 returns WSAEWOULDBLOCK if a non-blocking
> connect(2) cannot be completed immediately.
>
> Signed-off-by: Heiko Hund 
> ---
>  configure.ac |2 ++
>  src/openvpn/socket.c |2 +-
>  2 files changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/configure.ac b/configure.ac
> index d3d974d..ba5dce1 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -617,6 +617,7 @@ m4_define(
> [setsockopt getsockopt getsockname poll]dnl
>  )
>  if test "${WIN32}" = "yes"; then
> +   AC_DEFINE([CONNECT_IN_PROGRESS], [WSAEWOULDBLOCK], [errno for
> incomplete non-blocking connect(2)])
> m4_foreach(
> [F],
> m4_split(SOCKET_FUNCS SOCKET_OPT_FUNCS),
> @@ -624,6 +625,7 @@ if test "${WIN32}" = "yes"; then
> AC_DEFINE([UF], [1], [Win32 builtin])
> )
>  else
> +   AC_DEFINE([CONNECT_IN_PROGRESS], [EINPROGRESS], [errno for
> incomplete non-blocking connect(2)])
> AC_CHECK_FUNCS(
> SOCKET_FUNCS,
> ,
> diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c
> index 54ebce7..b2d6bba 100644
> --- a/src/openvpn/socket.c
> +++ b/src/openvpn/socket.c
> @@ -1165,7 +1165,7 @@ openvpn_connect (socket_descriptor_t sd,
>status = connect (sd, &remote->addr.sa,
> af_addr_size(remote->addr.sa.sa_family));
>if (status)
>  status = openvpn_errno_socket ();
> -  if (status == EINPROGRESS)
> +  if (status == CONNECT_IN_PROGRESS)
>  {
>while (true)
> {
> --
> 1.7.9.5
>
>
>
> --
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> ___
> Openvpn-devel mailing list
> Openvpn-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [OpenVPN Community] #97: OpenVPN produces DCHP NAK bomb on Win 7 64bit

2012-07-13 Thread Gert Doering 
Hi,

forwarding something from a Trac ticket so "someone with time at his
hands" (and understanding of the code) could look into this...

gert

- Forwarded message from OpenVPN Trac instance  
-

#97: OpenVPN produces DCHP NAK bomb on Win 7 64bit
--+-
 Reporter:  janjust   |Owner:   
 Type:  Bug / Defect  |   Status:  closed   
 Priority:  major |Milestone:  release 2.2.2
Component:  Networking|  Version:  2.1.4
 Severity:  Not set (if unsure, select this one)  |   Resolution:  fixed
 Keywords:  win7 tap-win32 dhcpnak|  
--+-

Comment(by ert):

 Seems to be a bug in the TAP driver. It's happening after you try to
 refresh the DHCP lease 3 times (after resume from hibernation, Windows
 tries to acquire a DHCP lease too).
 I think the reason for this is a programming error in dhcp.c in function
 ProcessDHCP:


   // Is this a bad DHCPREQUEST?
   if (msg_type == DHCPREQUEST && dhcp->ciaddr != p_Adapter->m_dhcp_addr)
 ++p_Adapter->m_dhcp_bad_requests;


 should be:

   if (dhcp->ciaddr && msg_type == DHCPREQUEST && dhcp->ciaddr !=
 p_Adapter->m_dhcp_addr)
 ++p_Adapter->m_dhcp_bad_requests;

 as the win32 DHCP client always requests with all fields set to 0, so this
 increases the error counter even though it isn't a bad request and as
 BAD_DHCPREQUEST_NAK_THRESHOLD is 3, it fails after the third renew
 attempt.
 Could someone please fix this in the TAP driver and provide a signed copy?
 We need the driver for production use...

 Regards.

-- 
Ticket URL: 
OpenVPN Community 
OpenVPN is a layer 2/3 SSL VPN


- End forwarded message -

-- 
USENET is *not* the non-clickable part of WWW!
   //www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de


pgpfRge1l0cvY.pgp
Description: PGP signature

[Openvpn-devel] Openvpn-2.3_alpha2 and easy-rsa-2.2.0_master packages and packaging files published

2012-07-13 Thread Samuli Seppänen 
Hi all,

I've just finished packaging openvpn-2.3_alpha2 for Debian/Ubuntu and
Fedora/EL. As the packaging files required significant changes on both
Debian and RPM front, I've put them here for others to use/improve:



The packaging highlights for the 2.3_alpha2 are:

- easy-rsa split into it's own architecture-independent package
- packages for Ubuntu 12.04
- debian packaging files made as generic as possible, only Ubuntu 12.04
files having required minor changes

CentOS/EL6 is still missing the new packages as I don't have direct
access to the CentOS build computers until next Monday. All other
packages are already in their respective ("-snapshot") repositories.

For details on how to use our software repositories, please look here:



If you encounter any issues with the packages, please let me know! Also,
any suggestions on where to host these files in the long run are most
appreciated! Perhaps "openvpn-build" repository would be the least bad
place?
-- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock

[Openvpn-devel] [PATCH] make non-blocking connect work on Windows

2012-07-13 Thread Heiko Hund 
Instead of EINPROGRESS WinSock2 returns WSAEWOULDBLOCK if a non-blocking
connect(2) cannot be completed immediately.

Signed-off-by: Heiko Hund 
---
 configure.ac |2 ++
 src/openvpn/socket.c |2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/configure.ac b/configure.ac
index d3d974d..ba5dce1 100644
--- a/configure.ac
+++ b/configure.ac
@@ -617,6 +617,7 @@ m4_define(
[setsockopt getsockopt getsockname poll]dnl
 )
 if test "${WIN32}" = "yes"; then
+   AC_DEFINE([CONNECT_IN_PROGRESS], [WSAEWOULDBLOCK], [errno for 
incomplete non-blocking connect(2)])
m4_foreach(
[F],
m4_split(SOCKET_FUNCS SOCKET_OPT_FUNCS),
@@ -624,6 +625,7 @@ if test "${WIN32}" = "yes"; then
AC_DEFINE([UF], [1], [Win32 builtin])
)
 else
+   AC_DEFINE([CONNECT_IN_PROGRESS], [EINPROGRESS], [errno for incomplete 
non-blocking connect(2)])
AC_CHECK_FUNCS(
SOCKET_FUNCS,
,
diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c
index 54ebce7..b2d6bba 100644
--- a/src/openvpn/socket.c
+++ b/src/openvpn/socket.c
@@ -1165,7 +1165,7 @@ openvpn_connect (socket_descriptor_t sd,
   status = connect (sd, &remote->addr.sa, 
af_addr_size(remote->addr.sa.sa_family));
   if (status)
 status = openvpn_errno_socket ();
-  if (status == EINPROGRESS)
+  if (status == CONNECT_IN_PROGRESS)
 {
   while (true)
{
-- 
1.7.9.5