Re: [Openvpn-devel] [PATCH 0/2] Improve usability of non-privileged operation

2017-08-03 Thread David Sommerseth 
On 02/08/17 20:14, Conrad Hoffmann wrote:
> Ohai!
> 
> I recently undertook the project of not having my VPN client run as root
> anymore. I noticed there are a lot of questions about this on the internet, 
> and
> I think one reason that this is more difficult then necessary is that the
> "official" client.down script doesn't work when used in the conjunction with
> the down-root plugin.
> 
> I noticed that both the up and the down script get a lot of information 
> through
> environment variables, and the up script relies on that already anyways. So I
> figured doing the same in the down script would be a reasonable thing to do
> (it's also what the most commonly referred to external up/down scripts do).
> 
> With this change, the down script can actually be used with the down-root
> plugin just like this:
> 
>   plugin openvpn-plugin-down-root.so "/etc/openvpn/client.down"
> 
> Hope this makes sense,
> Conrad

Hi Conrad,

Nice catch!  And thanks for your patches!  As you're a new contributor,
I just wanted to let you know your patch is in the pipe now and will be
reviewed and tested as soon as some of us are ready to process it.

And based on a 10 seconds look, this does look correct - we just need to
need to do a little test run first.


-- 
kind regards,

David Sommerseth
OpenVPN Technologies, Inc




signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] doc/openvpn.8: Correct --verify-x509-name *type* example

2017-08-03 Thread David Sommerseth 
On 03/08/17 19:07, debbie10t wrote:
> 
> 
> On 03/08/17 17:46, David Sommerseth wrote:
>> On 03/08/17 18:03, debbie...@gmail.com wrote:
>>> From: Richard Bonhomme 
>>>
>>> Signed-off-by: Richard Bonhomme 
>>> ---
>>>   doc/openvpn.8 | 2 +-
>>>   1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> diff --git a/doc/openvpn.8 b/doc/openvpn.8
>>> index 20bdd91..fdd5dde 100644
>>> --- a/doc/openvpn.8
>>> +++ b/doc/openvpn.8
>>> @@ -5340,7 +5340,7 @@ subject DN "C=KG, ST=NA, L=Bishkek,
>>> CN=Server-1" would be matched by:
>>>   and
>>>   .B \-\-verify\-x509\-name Server\-1 name
>>>   or you could use
>>> -.B \-\-verify\-x509\-name Server -name-prefix
>>> +.B \-\-verify\-x509\-name Server\- name\-prefix
>>>   if you want a client to only accept connections to "Server-1",
>>> "Server-2", etc.
>>
>> Just wondering ... Shouldn't the "Server-1" and "Server-2" be escaped
>> too?
>>
>>
> 
> Yes of course but I only wanted to correct the example at this time
> and, as this is my first submission, I just wanted to get that right.
> I will start a project to format the man page more thoroughly in time.

Ahh, right.  Well, I think we can fix at least the surrounding escape
issues at the same time too.  I do like small commits, but we can afford
a bit bigger change sets on the man page on the surrounding issues.  We
seldom need to bisect man page issues ;-)


-- 
kind regards,

David Sommerseth
OpenVPN Technologies, Inc




signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] doc/openvpn.8: Correct --verify-x509-name *type* example

2017-08-03 Thread debbie10t 



On 03/08/17 17:46, David Sommerseth wrote:

On 03/08/17 18:03, debbie...@gmail.com wrote:

From: Richard Bonhomme 

Signed-off-by: Richard Bonhomme 
---
  doc/openvpn.8 | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/openvpn.8 b/doc/openvpn.8
index 20bdd91..fdd5dde 100644
--- a/doc/openvpn.8
+++ b/doc/openvpn.8
@@ -5340,7 +5340,7 @@ subject DN "C=KG, ST=NA, L=Bishkek, CN=Server-1" would be 
matched by:
  and
  .B \-\-verify\-x509\-name Server\-1 name
  or you could use
-.B \-\-verify\-x509\-name Server -name-prefix
+.B \-\-verify\-x509\-name Server\- name\-prefix
  if you want a client to only accept connections to "Server-1", "Server-2", 
etc.


Just wondering ... Shouldn't the "Server-1" and "Server-2" be escaped too?




Yes of course but I only wanted to correct the example at this time
and, as this is my first submission, I just wanted to get that right.
I will start a project to format the man page more thoroughly in time.


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] doc/openvpn.8: Correct --verify-x509-name *type* example

2017-08-03 Thread David Sommerseth 
On 03/08/17 18:03, debbie...@gmail.com wrote:
> From: Richard Bonhomme 
> 
> Signed-off-by: Richard Bonhomme 
> ---
>  doc/openvpn.8 | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/doc/openvpn.8 b/doc/openvpn.8
> index 20bdd91..fdd5dde 100644
> --- a/doc/openvpn.8
> +++ b/doc/openvpn.8
> @@ -5340,7 +5340,7 @@ subject DN "C=KG, ST=NA, L=Bishkek, CN=Server-1" would 
> be matched by:
>  and
>  .B \-\-verify\-x509\-name Server\-1 name
>  or you could use
> -.B \-\-verify\-x509\-name Server -name-prefix
> +.B \-\-verify\-x509\-name Server\- name\-prefix
>  if you want a client to only accept connections to "Server-1", "Server-2", 
> etc.

Just wondering ... Shouldn't the "Server-1" and "Server-2" be escaped too?


-- 
kind regards,

David Sommerseth
OpenVPN Technologies, Inc




signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH] doc/openvpn.8: Correct --verify-x509-name *type* example

2017-08-03 Thread debbie10t 
From: Richard Bonhomme 

Signed-off-by: Richard Bonhomme 
---
 doc/openvpn.8 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/openvpn.8 b/doc/openvpn.8
index 20bdd91..fdd5dde 100644
--- a/doc/openvpn.8
+++ b/doc/openvpn.8
@@ -5340,7 +5340,7 @@ subject DN "C=KG, ST=NA, L=Bishkek, CN=Server-1" would be 
matched by:
 and
 .B \-\-verify\-x509\-name Server\-1 name
 or you could use
-.B \-\-verify\-x509\-name Server -name-prefix
+.B \-\-verify\-x509\-name Server\- name\-prefix
 if you want a client to only accept connections to "Server-1", "Server-2", etc.
 
 .B \-\-verify\-x509\-name
-- 
2.10.2


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel