Hi,
On 03/10/2024 00:35, Shuah Khan wrote:
On 10/2/24 03:02, Antonio Quartulli wrote:
The ovpn-cli tool can be compiled and used as selftest for the ovpn
kernel module.
Does this test load ovpn module before running tests? If so does
it unload the modules after tests are complete?
The
.
The scripts can be performed in sequence by running run.sh
Cc: sh...@kernel.org
Cc: linux-kselft...@vger.kernel.org
Signed-off-by: Antonio Quartulli
---
MAINTAINERS |1 +
tools/testing/selftests/Makefile |1 +
tools/testing/selftests
Implement support for basic ethtool functionality.
Note that ovpn is a virtual device driver, therefore
various ethtool APIs are just not meaningful and thus
not implemented.
Signed-off-by: Antonio Quartulli
Reviewed-by: Andrew Lunn
---
drivers/net/ovpn/main.c | 15 +++
1 file
Whenever a peer is deleted, send a notification to userspace so that it
can react accordingly.
This is most important when a peer is deleted due to ping timeout,
because it all happens in kernelspace and thus userspace has no direct
way to learn about it.
Signed-off-by: Antonio Quartulli
This change introduces the netlink commands needed to add, delete and
swap keys for a specific peer.
Userspace is expected to use these commands to create, destroy and
rotate session keys for a specific peer.
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn/netlink.c | 210
amount of traffic by
periodically polling GET_PEER and fetching the VPN/LINK stats.
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn/crypto.c | 19
drivers/net/ovpn/crypto.h | 2 ++
drivers/net/ovpn/io.c | 18 ++-
drivers/net/ovpn/netlink.c | 55
This change introduces the netlink command needed to add, delete and
retrieve/dump known peers. Userspace is expected to use these commands
to handle known peer lifecycles.
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn/netlink.c | 582
A peer connected via UDP may change its IP address without reconnecting
(float).
Add support for detecting and updating the new peer IP/port in case of
floating.
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn/bind.c | 10 ++--
drivers/net/ovpn/io.c | 9
drivers/net/ovpn/peer.c
In case of UDP links, the local endpoint used to communicate with a
given peer may change without a connection restart.
Add support for learning the new address in case of change.
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn/peer.c | 45
OpenVPN supports configuring a periodic keepalive packet.
message to allow the remote endpoint detect link failures.
This change implements the keepalive sending and timer expiring logic.
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn/io.c | 77 +
drivers/net
: Antonio Quartulli
---
drivers/net/ovpn/peer.c | 272 ++--
1 file changed, 264 insertions(+), 8 deletions(-)
diff --git a/drivers/net/ovpn/peer.c b/drivers/net/ovpn/peer.c
index
3c6fbf99f696c18d8a2dbe169c7f6f5933fb71ac
With this change an ovpn instance will be able to stay connected to
multiple remote endpoints.
This functionality is strictly required when running ovpn on an
OpenVPN server.
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn/main.c | 50 +++-
drivers/net/ovpn/ovpnstruct.h
With this change ovpn is allowed to communicate to peers also via TCP.
Parsing of incoming messages is implemented through the strparser API.
Signed-off-by: Antonio Quartulli
---
drivers/net/Kconfig | 1 +
drivers/net/ovpn/Makefile | 1 +
drivers/net/ovpn/io.c | 4 +
drivers/net
Byte/packet counters for in-tunnel and transport streams
are now initialized and updated as needed.
To be exported via netlink.
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn/Makefile | 1 +
drivers/net/ovpn/crypto_aead.c | 2 ++
drivers/net/ovpn/io.c | 12
This change implements encryption/decryption and
encapsulation/decapsulation of OpenVPN packets.
Support for generic crypto state is added along with
a wrapper for the AEAD crypto kernel API.
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn/Makefile | 3 +
drivers/net/ovpn/crypto.c
Packets received over the socket are forwarded to the user device.
Implementation is UDP only. TCP will be added by a later patch.
Note: no decryption/decapsulation exists yet, packets are forwarded as
they arrive without much processing.
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn
Packets sent over the ovpn interface are processed and transmitted to the
connected peer, if any.
Implementation is UDP only. TCP will be added by a later patch.
Note: no crypto/encapsulation exists yet. packets are just captured and
sent.
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn
a later
patch.
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn/Makefile | 2 +
drivers/net/ovpn/socket.c | 120 ++
drivers/net/ovpn/socket.h | 48 +++
drivers/net/ovpn/udp.c| 72
drivers/net
ovpn_peer, also the ovpn_bind object is introcued
as the two are strictly related.
An ovpn_bind object wraps a sockaddr representing the local
coordinates being used to talk to a specific peer.
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn/Makefile | 2 +
drivers/net/ovpn/bind.c
An ovpn interface will keep carrier always on and let the user
decide when an interface should be considered disconnected.
This way, even if an ovpn interface is not connected to any peer,
it can still retain all IPs and routes and thus prevent any data
leak.
Signed-off-by: Antonio Quartulli
Allow userspace to create and destroy an interface using netlink
commands.
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn/main.h| 2 ++
drivers/net/ovpn/netlink.c | 59 --
2 files changed, 59 insertions(+), 2 deletions(-)
diff --git a
Add basic infrastructure for handling ovpn interfaces.
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn/main.c | 155 +-
drivers/net/ovpn/main.h | 10 +++
drivers/net/ovpn/ovpnstruct.h | 8 +++
drivers/net/ovpn/packet.h | 40
/ovpn/netlink-gen.h
Cc: donald.hun...@gmail.com
Signed-off-by: Antonio Quartulli
---
Documentation/netlink/specs/ovpn.yaml | 387 ++
MAINTAINERS | 2 +
drivers/net/ovpn/Makefile | 2 +
drivers/net/ovpn/main.c
ff-by: Antonio Quartulli
---
MAINTAINERS | 8
drivers/net/Kconfig | 14 ++
drivers/net/Makefile | 1 +
drivers/net/ovpn/Makefile | 11 +
drivers/net/ovpn/io.c | 22 ++
drivers/net/ovpn/io.h | 15 +++
drivers/net/ovpn/main.c
Similarly to NLA_POLICY_MIN_LEN, NLA_POLICY_MAX_LEN defines a policy
with a maximum length value.
The netlink generator for YAML specs has been extended accordingly.
Cc: donald.hun...@gmail.com
Signed-off-by: Antonio Quartulli
---
include/net/netlink.h | 1 +
tools/net/ynl/ynl-gen-c.py
linux-kernel-ovpn
Thanks a lot!
Best Regards,
Antonio Quartulli
OpenVPN Inc.
---
Antonio Quartulli (24):
netlink: add NLA_POLICY_MAX_LEN macro
net: introduce OpenVPN Data Channel Offload (ovpn)
ovpn: add basic netlink support
ovpn: add basic interface creation/destru
.
The scripts can be performed in sequence by running run.sh
Cc: sh...@kernel.org
Cc: linux-kselftest@vger.kernel.org
Signed-off-by: Antonio Quartulli
---
tools/testing/selftests/Makefile |1 +
tools/testing/selftests/net/ovpn/.gitignore |2 +
tools/testing/selftests/net/ovpn
attachment/wiki/IRCimages/clientlan.png
In a nutshell, you need to configure both a route and a "iroute" to
inform the VPN server (your relay point) where a certain LAN is.
Hope this helps.
Regards,
--
Antonio Quartulli
___
Openvpn-users m
rs trying to
DoS a node?)
Let me know if you'd still prefer a flag instead of a separate
hash table and I could change that.
I think splitting is a good idea, not only because of the timeout, but
also because it makes the state more clear.
Regards,
Regards, Linus
--
Antonio Quartulli
rk queue callback item for cache purging */
struct delayed_work work;
--
Antonio Quartulli
x27;t you agree?
Cheers,
--
Antonio Quartulli
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
.
The scripts can be performed in sequence by running run.sh
Cc: sh...@kernel.org
Cc: linux-kselftest@vger.kernel.org
Signed-off-by: Antonio Quartulli
---
tools/testing/selftests/Makefile |1 +
tools/testing/selftests/net/ovpn/.gitignore |2 +
tools/testing/selftests/net/ovpn
On 08/07/2024 23:53, Илья Шипицин wrote:
пн, 8 июл. 2024 г. в 23:47, Antonio Quartulli :
Hi,
On 08/07/2024 23:44, Илья Шипицин wrote:
+msg( M_FATAL, "Failed allocate memory saved_pid_file_name");
patchset looks great, but (!!) there should be no space after t
quot; );
Unfortunately those are unlucky leftovers that haven't been fixed yet:
$ grep -r 'msg(M_FATAL' . |wc -l
286
$ grep -r 'msg( M_FATAL' . |wc -l
4
also, uncrustify GHA jobs agreed that it is no formatting violation
doubly unfortunate as I think
_name");
patchset looks great, but (!!) there should be no space after the
opening parenthesis..
Cheers,
+}
}
}
}
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge
.
The scripts can be performed in sequence by running run.sh
Cc: sh...@kernel.org
Cc: linux-kselftest@vger.kernel.org
Signed-off-by: Antonio Quartulli
---
tools/testing/selftests/Makefile |1 +
tools/testing/selftests/net/ovpn/.gitignore |2 +
tools/testing/selftests/net/ovpn
On 17/06/2024 23:29, Mika Laitio wrote:
Unless there are restrictions in algorithm used or key length?
I think these are the only things you need.
But I think the admin should be able to give you all information about
what's required.
Regards,
--
Antonio Quar
ts you to create your
key pair and a CSR, so that he can then create the certificate for you.
The configuration file (which is a bit orthogonal to this) should still
be provided by the admin.
I hope it helps.
Regards,
--
Antonio Quartulli
___
Openv
Hi,
On 21/05/2024 14:15, Remi Pommarel wrote:
On Tue, May 21, 2024 at 09:43:56AM +0200, Antonio Quartulli wrote:
Hi,
On 18/05/2024 17:50, Remi Pommarel wrote:
Wiphy should be locked before calling rdev_get_station() (see lockdep
assert in ieee80211_get_station()).
Adding the lock is fine
.
Have you checked where in ath10k_sta_statistics this is exactly
happening? Do you think some sta was partly released and thus fields
were NULLified?
Regards,
--
Antonio Quartulli
be enough)
Maybe certificates have not expired, but something else is annoying the
client which stops responding.
Regards,
--
Antonio Quartulli
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/list
not reply (tcpdump), but
also does not print any reason for rejection.
I wonder if the server is sending its reply over another interface and
thus getting lost?
Have you tried running tcpdump with '-i any'?
Regards,
--
Antonio Quartulli
opers here. They do not really
engage with "the outside world", it seems.
I have reported this message internally for further discussion.
Thanks for raising the concern.
Regards,
--
Antonio Quartulli
___
Openvpn-users mailin
e did you get the ovpn-dco package from?
Because I have my own dev package, but I hardly believe that was pulled
upstream.
Regards,
--
Antonio Quartulli
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/
blem being that there can be many factors affecting the results
here..including the specific platform you are testing this on.
This said, dco is going through a large code revamp, therefore we'll get
a chance to better investigate performance issue once that revamp is done.
T
Hi,
On 24/04/2024 11:38, d tbsky wrote:
[ 9652.965804] encrypt crypto_alloc_aead failed, err=-2
This is exactly it. The kernel crypto engine is reporting "not found".
I think you should look for CONFIG_CRYPTO_CHACHA20POLY1305 in the kernel
config.
Regards,
--
Antonio
Hi,
On 24/04/2024 11:21, d tbsky wrote:
Hi:
Antonio Quartulli
Unfortunately there will be no difference as this is an issue between
openvpn and ovpn-dco.
thanks a lot for hint!
Could you please re-run with --verb 6 ? That will include DCO specific
debug messages.
Thanks a lot for
Hi,
On 24/04/2024 11:03, d tbsky wrote:
Hi:
Antonio Quartulli
Yes, 2.6.10 requires ovpn-dco-v2.
ok. so I can not downgrade.
wireguard uses chacha20poly1305, therefore it'd be essential to test
with this algorithm in order to make a full comparison.
Do you have a full log to pr
t not found, ovpn-dco unloaded?" ?
Regards,
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
--
Antonio Quartulli
___
kmod_ovpn_dco_v2 module but
"openvpn --version" still report: "DCO version: N/A".
What is the exact openvpn and dc oversion that you compiled in your last
test?
Regards,
--
Antonio Quartulli
___
Openvpn-users mailin
: I7a1765661f7676eeba8016024080fd1026220ced
Signed-off-by: Selva Nair
Acked-by: Antonio Quartulli
---
v2: Add '--' prefix when referring to auth-user-pass
and mention related github issue
doc/man-sections/client-options.rst | 11 +++
doc/man-sections/inline-files.rst | 2 +-
2 files changed, 12 insert
Acked-by: Antonio Quartulli
---
Does this have to go through gerrit?
doc/man-sections/client-options.rst | 11 +++
doc/man-sections/inline-files.rst | 2 +-
2 files changed, 12 insertions(+), 1 deletion(-)
diff --git a/doc/man-sections/client-options.rst
b/doc/man-sections/client
lla if() go.
Cheers,
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Hi,
On 16/02/2024 15:00, Antonio Quartulli wrote:
Hi,
On 15/02/2024 17:17, Gert Doering wrote:
Hi,
On Thu, Feb 15, 2024 at 03:59:02PM +, its_Giaan (Code Review) wrote:
if (buf->len > 0)
{
- /*
- * The --passtos and --mssfix options require
- *
not something we need to test for here (= if
only an IPv6 flag is active, why should we enter this branch?).
We need to enter for either v4 or v6 flags, no?
The check on whether the packet is v4 or v6 happens *inside* this if
block. Am I wrong?
Cheers,
--
Ant
to tell if what you are seeing is the result of this
implementation detail or something else, especially because in some
cases you get higher throughput.
Cheers,
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.source
Hi,
On 09/01/2024 12:24, Peter Davis wrote:
Hi,
In the Easy-RSA directory I have the following files and directories:
easyrsa openssl-easyrsa.cnf pki ta.key vars x509-types
Is it enough to keep the pki directory?
Why not keeping everything?
Cheers,
--
Antonio Quartulli
need the CA key in order to sign your
CRL (Certificate Revocation List).
The CA is the *trusted* entity that is in charge of signing "documents"
that others need to accept. IF you delete it, you have no way of
creating new "documents".
Cheers,
he metadata may contain some unique ID of the fingerprint
of the client cert..or anything you may come up with (i.e. an expiry date).
This is why you couldn't find any "how" on the Internet. You need to
build the logic by yourself.
I hope this helps!
st you to read a bit more about PKIs and x509?
These topics are "used" by OpenVPN, but they are generic and applicable
to different environments.
Cheers,
--
Antonio Quartulli
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
Hi,
On 08/01/2024 13:02, Peter Davis via Openvpn-users wrote:
I still don't quite understand why I shouldn't delete the Easy-RSA directory
after generating the keys!
Because tomorrow you may add another server or client and thus need to
generate another certificate.
Cheers,
hanks.
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
--
Antonio Quartulli
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
Hi,
On 03/01/2024 23:28, Gert Doering wrote:
Hi,
On Wed, Jan 03, 2024 at 10:45:50PM +0100, Antonio Quartulli wrote:
On 03/01/2024 20:03, Gert Doering wrote:
Not sure I can come up with a good attack scenario
in an OpenVPN PKI scenario where the CA would be stopped from doing
something nasty
access to the VPN
server).
I think the .csr dance would prevent the CA from impersonating well
known users with a well known certificate.
Cheers,
--
Antonio Quartulli
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https
there any firewall on the VPN server which may be preventing
connections from outside the LAN?
Note: this is unrelated to OpenVPN, but just a generic network
configuration issue.
Thanks again.
You right. The firewall was configured for the TCP protocol, not UDP.
Problem solved.
--
An
Sorry,
posted to the wrong list.
Forwarded to the correct one now.
On 03/01/2024 09:41, Antonio Quartulli wrote:
Hi,
On 03/01/2024 09:14, Peter Davis wrote:
Hello,
I changed the IP address in the client configuration file, but I can't
connect to the server. I got the following error:
lated to OpenVPN, but just a generic network
configuration issue.
Regards,
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
people do when having the VPN server behind a
firewall/NAT.
There might be other factors playing a role here (i.e. proper firewall
configuration, etc..), therefore just changing the IP may not be the
only required action.
Cheers,
--
Antonio Quartulli
t-security 2
#comp-lzo
#data-ciphers AES_256_GCM:CHACHA20_POLY1305:AES_128_GCM:AES_128_CCM
#data-ciphers-fallback AES-128-GCM
Thanks
Richard
--
Antonio Quartulli
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
server need to have forwarding
enabled.
gert
--
Antonio Quartulli
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
PN;
2) enable NAT on the server. this way it will be the server's IP to
reach 192.168.51.0/24 and the connection will/should work.
Did this work before?
Cheers,
--
Antonio Quartulli
___
Openvpn-users mailing list
Openvpn-users@lists.sourc
ized the system with new certs created by
easy-rsa v.3 and the results, though not successful are definately
better.
you are missing --keepalive from your server config. Thus the time out.
HTH
--
Antonio Quartulli
___
Openvpn-users mailin
thm which is not accepted by the more
recent OpenSSL.
Regards,
--
Antonio Quartulli
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
like all other key material:
>
>
>>
>>
>
>
>> Cheers,
>
>> --
>> Antonio Quartulli
>
>
>
>Hello,
>Thanks.
>My Client.ovpn file is as follows:
>
>https://paste.mozilla.org/CwWTPPW0
>
>I got the following error:
>
>https:/
/man/openvpn-2.6/openvpn.8.html
and print it is using the "Save as PDF" virtual printer?
Cheers,
--
Antonio Quartulli
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
ile users because it is two files.
Is there a solution?
Yes, you can inline it like all other key material:
Cheers,
--
Antonio Quartulli
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
t at fault here.
Anyway, at least we know it's something obscure in the environment and
most likely (hopefully) not a bug in the code.
Cheers!
--
Antonio Quartulli
___
Openvpn-users mailing list
Openvpn-users@lists.source
Hi,
On 29/11/2023 16:19, Aleksandar Ivanisevic wrote:
On 29. Nov 2023, at 12:23, Antonio Quartulli wrote:
Hi,
On 29/11/2023 11:21, Aleksandar Ivanisevic wrote:
what is your openssl version, maybe that has something to do with it? mine is
OpenSSL 3.0.11 19 Sep 2023 (Library: OpenSSL
Hi,
On 29/11/2023 12:23, Antonio Quartulli wrote:
Could you please share your config?
It may contain important details that otherwise we can only speculate on.
If I had to throw a wild guess, I would say that if chroot is in use, a
strange combination of factors may lead to openvpn reading a
may contain important details that otherwise we can only speculate on.
Thanks!
--
Antonio Quartulli
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
?
Regards,
--
Antonio Quartulli
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
://lists.sourceforge.net/lists/listinfo/openvpn-users
--
Antonio Quartulli
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
ter is 1.
@Aleksandar would it be an option for you to send your CRL over so that
we can replicate the issue here (also privately)?
Cheers,
--
Antonio Quartulli
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
Hi,
On 21/11/2023 18:06, Arne Schwabe wrote:
This can happen if the memory alloc fails.
Patch V2: add goto error
Patch V3: return -ENOMEM instead of going to error
Change-Id: Iee66caa794d267ac5f8bee584633352893047171
Signed-off-by: Arne Schwabe
Acked-by: Antonio Quartulli
---
src
gle thread for the client itself.
Arne
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Hi,
On 20/10/2023 21:35, Bo Berglund wrote:
What have I missed?
Breaking your setup in mysterious ways is not going to help :-)
As Gert pointed out, what you want to achieve requires configuring the
firewall to prevent access to the LAN subnet.
Cheers,
--
Antonio Quartulli
o instead of forcing any semantic, I think we should simply document
what the code does.
Cheers,
Regards,
Selva
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
From: Antonio Quartulli
Add an important detail about the DNS configured via this option
to be an "interface-specific" DNS. This detail is important when
troubleshooting DNS issues since this logic will bypass the
routing table.
Signed-off-by: Antonio Quartulli
---
doc/man-se
d
to your certificates, like the CN, and this is the main reason why you
should rely on those when trying to identifying clients in order to
assign special properties.
I hope this helps.
Cheers,
--
Antonio Quartulli
___
Openvpn-users mailing list
Ope
efault in openssl/opensslconf.h
#endif
]]
)],
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
rent message for this case?
Cheers,
#endif
]]
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
ket_descriptor_t ctrl_sd, /* already
open to proxy */
socket_descriptor_t udp_sd,
struct openvpn_sockaddr *relay_addr,
+ struct event_timeout *server_poll_timeout,
struct signal_info *sig_info
x27;t have 'local', using 'multihome' or not depends on your setup.
2- The multihome statement does not need a parameter? I just need to put it
inside of the server.conf file?
Correct. No parameter required and it is just added to the server config.
Regards,
--
Antoni
ient can connect to my OpenVPN server?
Because there is a file in CCD having the same name as the client CN.
If such file does not exist, then the client won't be able to connect.
This is what ccd-exclusive does.
Cheers,
--
Antonio Quartulli
___
ever, if you have multiple IPs, you most likely need 'multihome'.
Cheers,
--
Antonio Quartulli
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
ction dco_multi_get_localaddr())
Prevent crash by running this code only if proto is UDP.
The same check is already performed in socket.c/h for the non-DCO
case.
Fixes: https://github.com/OpenVPN/openvpn/issues/390
Change-Id: I61adc26ce2ff737e020c3d980902a46758cb23e5
Signed-off-by: Antonio Quartulli
---
src/op
Reported-by: Matt Whitlock
Change-Id: Ic473fbc447741e54a9aac83c70bc4e6d87d91080
Signed-off-by: Antonio Quartulli
---
configure.ac | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
index 5ab1d0df..2f65cbd5 100644
--- a/configure.ac
+++ b/configure.ac
831 | c2->dco_read_bytes);
| ~~
| |
| counter_type {aka long long unsigned int}
Signed-off-by: Sergey Korolev
Thanks for catching this!
Acked-by: Antonio Quartulli
--
Antonio Quartulli
___
Openv
?
I think so, because the patch is explicitly setting --data-ciphers and
it is not including CHACHA20POLY1305.
Do you have clients advertising chachapoly only?
Cheers,
--
Antonio Quartulli
___
Openvpn-users mailing list
Openvpn-users
_CIPHER_key_length(kt));
+EVP_CIPHER_free(kt);
}
+
This is not required - please remove it before merging.
int
cipher_ctx_iv_length(const EVP_CIPHER_CTX *ctx)
{
Acked-by: Antonio Quartulli
--
Antonio Quartulli
___
Openvpn-devel maili
1 - 100 of 4765 matches
Mail list logo