Re: [Openvpn-devel] OpenVPN 2.3-alpha1 / GUI

Hi Heiko, Some thoughts on this - by all means let me know your opinion though! 1) Makes sense - and that's what I'm doing currently, querying for proxy information (in Windows, including PAC files as well). 2) Unfortunately it's in Visual Basic - only because that takes care of all the GUI /

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

> > > I never used script with openvpn. I've no idea which are real world > > applications for it. > > Scripts are for creative uses that the programmers of openvpn have not > foreseen. Like "after the VPN is up, auto-sync all your git repositories" > or "open up a few xterms with ssh's to

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

A comment on your [1] reference. The issue of remote-user vs enterprise is an old one - that affects many software applications - not just openvpn. I personally think the proper solution is to implement NAC: make "the network/enterprise" audit the remote host and only allow it if it meets

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

On Wed, Feb 29, 2012 at 11:59 PM, Gert Doering wrote: > But I'm leaving this discussion now.  Heiko is doing the implementation > work, James, David and I have agreed (and told the list via IRC session > minutes!) that we think it's a useful way forward, and this is

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

Hi, On Wed, Feb 29, 2012 at 11:36:46PM +0200, Alon Bar-Lev wrote: > > Scripts are for creative uses that the programmers of openvpn have not > > foreseen.  Like "after the VPN is up, auto-sync all your git repositories" > > or "open up a few xterms with ssh's to $internalhosts". > > > > David had

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

2012/2/29 Gert Doering : > Hi, > > On Wed, Feb 29, 2012 at 07:43:18PM +0100, Carsten Krüger wrote: >> > Part of the assumption here is "the user controls the openvpn config", >> > and as such, he can make openvpn.exe run arbitrary scripts anyway - and >> > to stop this from

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

Hi, On Wed, Feb 29, 2012 at 08:25:31PM +0100, Carsten Krüger wrote: > > Same here, please share your thoughts on how to reduce complexity. > > Dismiss the hole service starts openvpn in user context. It makes no > sense. From a pure security perspective, you're right - maximum security would be

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

Hi, On Wed, Feb 29, 2012 at 07:43:18PM +0100, Carsten Krüger wrote: > > Part of the assumption here is "the user controls the openvpn config", > > and as such, he can make openvpn.exe run arbitrary scripts anyway - and > > to stop this from being a problem, just run openvpn.exe with your uid. >

Re: [Openvpn-devel] [PATCH 00/35] build revolution

On Wed, Feb 29, 2012 at 7:38 PM, Alon Bar-Lev wrote: >> However, I'm not terrified of 52 patches to the mailing list.  That's >> definitely doable. > > OK. Well, I sent, not sure all is OK, as I don't see it in archive and some were rejected because of size. At the end of

[Openvpn-devel] [tap-windows 11/11] build: initial build

Signed-off-by: Alon Bar-Lev --- .gitignore |7 +- _build.bat | 49 +++ build.bat | 55 build/MSCV-VSClass3.cer | 29 build/msvc-generate.js | 118 + build/unix2dos.js

[Openvpn-devel] [tap-windows 09/11] cleanup: create .gitignore

Signed-off-by: Alon Bar-Lev --- .gitignore | 10 ++ 1 files changed, 10 insertions(+), 0 deletions(-) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 000..230ee15 --- /dev/null +++ b/.gitignore @@ -0,0 +1,10 @@

[Openvpn-devel] [tap-windows 07/11] cleanup: rename common.h->tap-windows.h

Signed-off-by: Alon Bar-Lev --- src/common.h | 82 - src/resource.rc |3 -- src/tap-windows.h | 82 + src/tapdrvr.c |2 +- 4 files changed, 83

[Openvpn-devel] [tap-windows 08/11] cleanup: add TAP_WIN prefix to exports

Signed-off-by: Alon Bar-Lev --- src/dhcp.c|2 +- src/resource.rc |2 +- src/tap-windows.h | 46 -- src/tapdrvr.c | 28 ++-- 4 files changed, 32 insertions(+), 46 deletions(-)

[Openvpn-devel] [tap-windows 06/11] cleanup: replace TAP-Win32->TAP-Windows

Signed-off-by: Alon Bar-Lev --- src/SOURCES.in |2 +- src/common.h |6 +++--- src/constants.h |4 ++-- src/dhcp.c |4 ++-- src/dhcp.h |4 ++-- src/endian.h |4 ++-- src/error.c

[Openvpn-devel] [tap-windows 05/11] build: set default to newer ddk

Signed-off-by: Alon Bar-Lev --- src/prototypes.h |2 +- src/tapdrvr.c|5 + 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/src/prototypes.h b/src/prototypes.h index 55454d5..18c566f 100755 --- a/src/prototypes.h +++ b/src/prototypes.h @@

[Openvpn-devel] [tap-windows 04/11] debug: add DbgPrint support

Signed-off-by: Alon Bar-Lev --- src/error.c |5 + 1 files changed, 5 insertions(+), 0 deletions(-) diff --git a/src/error.c b/src/error.c index 5b25f48..0541bc3 100755 --- a/src/error.c +++ b/src/error.c @@ -81,6 +81,11 @@ MyDebugPrint (const unsigned char*

[Openvpn-devel] [tap-windows 03/11] cleanup: remove warnings of redefinition of macros

Signed-off-by: Alon Bar-Lev --- src/resource.rc |5 + 1 files changed, 5 insertions(+), 0 deletions(-) diff --git a/src/resource.rc b/src/resource.rc index 84884cf..8b2d2f6 100755 --- a/src/resource.rc +++ b/src/resource.rc @@ -4,6 +4,11 @@ /* get VERSION */

[Openvpn-devel] [tap-windows 00/11] standalone package

1. cleanup warnings. 2. new directory layout 3. rename TAP-Win32 -> TAP-Windows 4. build system. 5. installer. Alon Bar-Lev (11): cleanup: rename tap-win32->src cleanup: OACR warnings cleanup: remove warnings of redefinition of macros debug: add DbgPrint support build: set default to

[Openvpn-devel] [easy-rsa 4/4] packaging: rpm: initial add

Signed-off-by: Alon Bar-Lev --- Makefile.am |2 + configure.ac|3 ++ distro/Makefile.am | 15 + distro/rpm/Makefile.am | 15 + distro/rpm/easy-rsa.spec.in | 68

[Openvpn-devel] [easy-rsa 1/4] cleanup: fix execute permission

Signed-off-by: Alon Bar-Lev --- 0 files changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 easy-rsa/1.0/list-crl mode change 100644 => 100755 easy-rsa/1.0/make-crl mode change 100644 => 100755 easy-rsa/1.0/revoke-crt mode change 100755 => 100644

[Openvpn-devel] [easy-rsa 3/4] build: doc

Signed-off-by: Alon Bar-Lev --- Makefile.am |2 +- configure.ac|1 + doc/Makefile.am | 16 doc/README-1.0 | 161 doc/README-2.0 | 229 +++

[Openvpn-devel] [easy-rsa 2/4] build: simple autotools build

Signed-off-by: Alon Bar-Lev --- .gitignore|9 ++ COPYING | 42 ++ COPYRIGHT.GPL | 339 + Makefile.am | 48 +++ configure.ac | 51

[Openvpn-devel] [openvpn-gui 7/8] cleanup: dos2unix OpenVPN GUI ReadMe.txt

Signed-off-by: Alon Bar-Lev --- OpenVPN GUI ReadMe.txt | 462 1 files changed, 231 insertions(+), 231 deletions(-) diff --git a/OpenVPN GUI ReadMe.txt b/OpenVPN GUI ReadMe.txt index f650357..323361b 100644 --- a/OpenVPN

[Openvpn-devel] [openvpn-gui 8/8] build: rework build

Add: 1. automake 2. libtool 3. some minor modifications Signed-off-by: Alon Bar-Lev --- .gitignore | 39 +- Makefile.am| 102 +++ Makefile.in| 57 -- OpenVPN GUI ReadMe.txt | 231 --- README | 231 +++

[Openvpn-devel] [openvpn-gui 4/8] cleanup: add missing stdlib.h

Signed-off-by: Alon Bar-Lev --- proxy.c |1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/proxy.c b/proxy.c index 9750046..af575f6 100644 --- a/proxy.c +++ b/proxy.c @@ -26,6 +26,7 @@ #include #include #include +#include #include "config.h"

[Openvpn-devel] [openvpn-gui 5/8] cleanup: dos2unix res/openvpn-gui-res-fi.rc

Signed-off-by: Alon Bar-Lev --- res/openvpn-gui-res-fi.rc | 714 ++-- 1 files changed, 357 insertions(+), 357 deletions(-) diff --git a/res/openvpn-gui-res-fi.rc b/res/openvpn-gui-res-fi.rc index 5dabc77..47fcadf 100644 ---

[Openvpn-devel] [openvpn-gui 6/8] cleanup: dos2unix res/openvpn-gui-res-jp.rc

Signed-off-by: Alon Bar-Lev --- res/openvpn-gui-res-jp.rc | 682 ++-- 1 files changed, 341 insertions(+), 341 deletions(-) diff --git a/res/openvpn-gui-res-jp.rc b/res/openvpn-gui-res-jp.rc index 64c7e7d..909980d 100644 ---

[Openvpn-devel] [openvpn-gui 3/8] debug: fix debug under unicode

Signed-off-by: Alon Bar-Lev --- main.c| 26 ++ openvpn.c |2 +- 2 files changed, 15 insertions(+), 13 deletions(-) diff --git a/main.c b/main.c index 22c8bef..95a9dfc 100644 --- a/main.c +++ b/main.c @@ -120,7 +120,7 @@ int WINAPI

[Openvpn-devel] [openvpn-gui 0/8] build rewrite

1. Some cleanups 2. Build rewrite, similar to openvpn build rewrite. Alon Bar-Lev (8): cleanup: resolve unused parameter warnings cleanup: resolve warnings missing malloc include debug: fix debug under unicode cleanup: add missing stdlib.h cleanup: dos2unix res/openvpn-gui-res-fi.rc

[Openvpn-devel] [openvpn-gui 1/8] cleanup: resolve unused parameter warnings

Signed-off-by: Alon Bar-Lev --- localization.c |6 ++ main.c |2 ++ openvpn.c |5 + 3 files changed, 13 insertions(+), 0 deletions(-) diff --git a/localization.c b/localization.c index 8e86b50..eb541fc 100644 --- a/localization.c +++

[Openvpn-devel] [openvpn-gui 2/8] cleanup: resolve warnings missing malloc include

Signed-off-by: Alon Bar-Lev --- localization.c |1 + manage.c |1 + 2 files changed, 2 insertions(+), 0 deletions(-) diff --git a/localization.c b/localization.c index eb541fc..3a6be38 100644 --- a/localization.c +++ b/localization.c @@ -28,6 +28,7 @@

[Openvpn-devel] [PATCH 52/52] build: use tap-windows.h as external dependency

tap-windows.h is provided by the tap project Signed-off-by: Alon Bar-Lev --- configure.ac | 12 include/Makefile.am|2 - include/tap-windows.h | 68 msvc-env.bat |2

[Openvpn-devel] [PATCH 51/52] build: distribute samples in windows

Signed-off-by: Alon Bar-Lev --- configure.ac |3 +++ sample/Makefile.am | 14 ++ 2 files changed, 17 insertions(+), 0 deletions(-) diff --git a/configure.ac b/configure.ac index 0f2a62e..2b095a3 100644 --- a/configure.ac +++ b/configure.ac @@

[Openvpn-devel] [PATCH 49/52] build: move wrappers into platform module

+ Some fixups within the platform.c functions. - need to check environment set on Windows. Signed-off-by: Alon Bar-Lev --- src/openvpn/Makefile.am|1 + src/openvpn/buffer.c |2 +- src/openvpn/crypto.c |6 +- src/openvpn/error.c|2 +-

[Openvpn-devel] [PATCH 48/52] cleanup: move console related function into its own module

Signed-off-by: Alon Bar-Lev --- src/openvpn/Makefile.am|1 + src/openvpn/console.c | 238 src/openvpn/console.h | 33 ++ src/openvpn/misc.c | 125 +--- src/openvpn/misc.h

[Openvpn-devel] [PATCH 45/52] build: move gettimeofday() emulation to compat

Remove all references to gettimeofday() from main project. SIDE EFFECT: mingw will use its own internal gettimeofday(). Signed-off-by: Alon Bar-Lev --- config-msvc.h|1 - configure.ac |1 - src/compat/Makefile.am

[Openvpn-devel] [PATCH 43/52] build: move out config.h include from syshead

Yet another step in reducing the syshead.h content. Conditional compilation of sources needs to be based on a minimum program prefix (config.h only). Signed-off-by: Alon Bar-Lev --- src/openvpn/base64.c |6 ++ src/openvpn/buffer.c |6

[Openvpn-devel] [PATCH 46/52] build: move daemon() emulation into compat

Signed-off-by: Alon Bar-Lev --- src/compat/Makefile.am |3 +- src/compat/compat-daemon.c | 100 src/compat/compat.h|4 ++ src/compat/compat.vcproj |4 ++ src/openvpn/init.c |2 +-

[Openvpn-devel] [PATCH 40/52] build: proper crypto detection and usage

Signed-off-by: Alon Bar-Lev --- configure.ac | 227 ++--- distro/rpm/openvpn.spec.in|6 +- doc/doxygen/doc_data_crypto.h |2 +- include/openvpn-plugin.h | 31 --

[Openvpn-devel] [PATCH 44/52] build: split out compat

compat should not use any of the main project headers or conventions, it should be a standalone library that provides missing library functions. Signed-off-by: Alon Bar-Lev --- configure.ac |3 +- openvpn.sln |7 ++ src/Makefile.am

[Openvpn-devel] [PATCH 42/52] build: win-msvc: msbuild format

Signed-off-by: Alon Bar-Lev --- .gitignore| 11 +- Makefile.am | 10 +- build/Makefile.am |2 + build/msvc/Makefile.am| 15 +

[Openvpn-devel] [PATCH 37/52] build: proper pkcs11-helper detection and usage

Signed-off-by: Alon Bar-Lev --- configure.ac | 49 --- distro/rpm/openvpn.spec.in |5 ++- src/openvpn/Makefile.am|4 +++ src/openvpn/ssl.c |2 +- src/openvpn/syshead.h |7 -- 5

[Openvpn-devel] [PATCH 36/52] build: distribute pkg.m4

RHEL and others do not install this globally, so we provide our own copy. Signed-off-by: Alon Bar-Lev --- m4/pkg.m4 | 159 + 1 files changed, 159 insertions(+), 0 deletions(-) create mode 100644 m4/pkg.m4 diff

[Openvpn-devel] [PATCH 34/52] build: autoconf: minor cleanups

Signed-off-by: Alon Bar-Lev --- configure.ac | 145 +- 1 files changed, 72 insertions(+), 73 deletions(-) diff --git a/configure.ac b/configure.ac index c540f82..98615c6 100644 --- a/configure.ac +++ b/configure.ac

[Openvpn-devel] [PATCH 39/52] build: proper lzo detection and usage

Signed-off-by: Alon Bar-Lev --- configure.ac | 101 - distro/rpm/openvpn.spec.in|2 +- doc/doxygen/doc_compression.h |2 +- src/openvpn/Makefile.am |2 + src/openvpn/forward.c |4

[Openvpn-devel] [PATCH 30/52] build: add libtool + windows resources for executables

Signed-off-by: Alon Bar-Lev --- .gitignore |6 Makefile.am |5 +++- build/Makefile.am| 15 +++ build/ltrc.inc | 23

[Openvpn-devel] [PATCH 28/52] build: remove awk and non-standard autoconf output processing

Replace with simpler environment solution. Signed-off-by: Alon Bar-Lev --- Makefile.am | 12 ++-- configure.ac |3 +++ configure_h.awk | 39 --- configure_log.awk | 33 -

[Openvpn-devel] [PATCH 27/52] build: autoconf: remove OPENVPN_ADD_LIBS useless macro

Signed-off-by: Alon Bar-Lev --- configure.ac | 26 ++ m4/ax_openvpn_lib.m4 |4 2 files changed, 10 insertions(+), 20 deletions(-) delete mode 100644 m4/ax_openvpn_lib.m4 diff --git a/configure.ac b/configure.ac index

[Openvpn-devel] [PATCH 26/52] build: autotools: first pass of trivial autotools changes

Signed-off-by: Alon Bar-Lev --- Makefile.am | 22 +- compat.m4 | 70 +++ configure.ac| 1249 ++- lladdr.c|2 +- misc.c | 30 +-- misc.h |2 +- openvpn.spec.in | 11

[Openvpn-devel] [PATCH 25/52] build: m4/ax_socklen_t.m4: cleanup

Signed-off-by: Alon Bar-Lev --- configure.ac |2 +- m4/ax_socklen_t.m4 | 97 ++-- 2 files changed, 57 insertions(+), 42 deletions(-) diff --git a/configure.ac b/configure.ac index fbed6bf..69a3736 100644 ---

[Openvpn-devel] [PATCH 19/52] Remove tap-win32

Introduce tap-windows.h which is modified tap-win32/common.h. Except of function rename, it is the same without the tap_id. This file should be provided as part of tap-win32 MSI. For now we hold a copy. Signed-off-by: Alon Bar-Lev --- Makefile.am|3

[Openvpn-devel] [PATCH 24/52] build: m4/ax_emptyarray.m4: cleanup

Signed-off-by: Alon Bar-Lev --- m4/ax_emptyarray.m4 | 49 +++-- 1 files changed, 31 insertions(+), 18 deletions(-) diff --git a/m4/ax_emptyarray.m4 b/m4/ax_emptyarray.m4 index 0a8755c..c6781c1 100644 --- a/m4/ax_emptyarray.m4

[Openvpn-devel] [PATCH 23/52] build: m4/ax_varargs.m4: cleanup

Signed-off-by: Alon Bar-Lev --- m4/ax_varargs.m4 | 78 ++ 1 files changed, 55 insertions(+), 23 deletions(-) diff --git a/m4/ax_varargs.m4 b/m4/ax_varargs.m4 index fd5e8b0..37cdebe 100644 --- a/m4/ax_varargs.m4 +++

[Openvpn-devel] [PATCH 21/52] build: remove windows specific build system

It will be completely re-written in future Signed-off-by: Alon Bar-Lev --- Makefile.am|8 +- doclean| 73 - domake-win | 138 msvc/autodefs.h.in | 20 -- msvc/config.py | 93 -- msvc/msvc.mak

[Openvpn-devel] [PATCH 22/52] build: split acinclude.m4 into m4/*

ax_emptyarray.m4 ax_openvpn_lib.m4 ax_socklen_t.m4 ax_varargs.m4 Signed-off-by: Alon Bar-Lev --- Makefile.am |1 + acinclude.m4 | 131 -- configure.ac |1 + m4/ax_emptyarray.m4 | 27

[Openvpn-devel] [PATCH 20/52] cleanup: rename tap-windows function from win32 to win

Signed-off-by: Alon Bar-Lev --- configure.ac| 18 +++--- errlevel.h |2 +- error.c |6 +- forward.c |2 +- options.c |8 +- service-win32/service.h |2 +- sig.c |

[Openvpn-devel] [PATCH 18/52] Remove easy-rsa

Signed-off-by: Alon Bar-Lev --- Makefile.am|1 - easy-rsa/1.0/README| 161 easy-rsa/1.0/build-ca | 13 - easy-rsa/1.0/build-dh | 12 -

[Openvpn-devel] [PATCH 14/52] build: rename plugin directory to plugins

This to avoid conflit with plugin.c rules Signed-off-by: Alon Bar-Lev --- Makefile.am |3 +- openvpn.spec.in | 16 +- plugin/README | 47 --- plugin/auth-pam/.svnignore|1 - plugin/auth-pam/Makefile |

[Openvpn-devel] [PATCH 17/52] Remove install-win32

Signed-off-by: Alon Bar-Lev --- Makefile.am|5 +- configure.ac |3 - images/.svnignore |2 - images/Makefile.am | 41 -- images/icon.ico|

[Openvpn-devel] [PATCH 16/52] build: we need the sample.ovpn in future

Signed-off-by: Alon Bar-Lev --- install-win32/sample.ovpn | 103 sample-windows/sample.ovpn | 103 2 files changed, 103 insertions(+), 103 deletions(-) delete mode 100755

[Openvpn-devel] [PATCH 15/52] build: plugins: properly use CC, CFLAGS and LDFLAGS

Signed-off-by: Alon Bar-Lev --- plugins/auth-pam/Makefile | 14 -- plugins/defer/build|9 + plugins/down-root/Makefile | 11 ++- plugins/examples/build |9 + 4 files changed, 24 insertions(+), 19 deletions(-)

[Openvpn-devel] [PATCH 13/52] build: handle printf style format in mingw

Signed-off-by: Alon Bar-Lev --- buffer.h | 12 ++-- error.h |6 +- misc.h | 12 ++-- status.h |6 +- 4 files changed, 30 insertions(+), 6 deletions(-) diff --git a/buffer.h b/buffer.h index 6c79007..9bc33db 100644 --- a/buffer.h +++

[Openvpn-devel] [PATCH 06/52] cleanup: remove redundant ';'

Signed-off-by: Alon Bar-Lev --- misc.h |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/misc.h b/misc.h index bdada42..dd6bd5a 100644 --- a/misc.h +++ b/misc.h @@ -145,7 +145,7 @@ openvpn_run_script (const struct argv *a, const struct env_set

[Openvpn-devel] [PATCH 12/52] Update .gitignore

Signed-off-by: Alon Bar-Lev --- .gitignore |1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/.gitignore b/.gitignore index 3d12f5d..8cc07de 100644 --- a/.gitignore +++ b/.gitignore @@ -5,6 +5,7 @@ *.obj *.pyc *.so +*~ .deps Makefile

[Openvpn-devel] [PATCH 11/52] build: correct place to alter WINVER is at build system

Signed-off-by: Alon Bar-Lev --- configure.ac|2 +- syshead.h |4 win/msvc.mak.in |2 +- 3 files changed, 2 insertions(+), 6 deletions(-) diff --git a/configure.ac b/configure.ac index 1c4d66c..aa1d509 100644 --- a/configure.ac +++

[Openvpn-devel] [PATCH 09/52] cleanup: memcmp.c: remove unused source

Signed-off-by: Alon Bar-Lev --- configure.ac |3 --- memcmp.c | 43 --- 2 files changed, 0 insertions(+), 46 deletions(-) delete mode 100644 memcmp.c diff --git a/configure.ac b/configure.ac index 25dcc37..1c4d66c 100644

[Openvpn-devel] [PATCH 07/52] cleanup: crypto_openssl.c: remove support for pre-openssl-0.9.6

autoconf rejecting this anyway: --- AC_MSG_CHECKING([that OpenSSL Library is at least version 0.9.6]) AC_MSG_ERROR([OpenSSL crypto Library is too old.]) --- Signed-off-by: Alon Bar-Lev --- crypto_openssl.c | 49 - 1 files

[Openvpn-devel] [PATCH 05/52] cleanup: win32.c: wrong printf format

Signed-off-by: Alon Bar-Lev --- win32.c |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/win32.c b/win32.c index 2ba97fc..acf5ebc 100644 --- a/win32.c +++ b/win32.c @@ -1012,12 +1012,12 @@ openvpn_execve (const struct argv *a, const struct

[Openvpn-devel] [PATCH 10/52] fixup: init.c: add missing conditional for ENABLE_CLIENT_CR

Signed-off-by: Alon Bar-Lev --- init.c |2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/init.c b/init.c index d2ad318..b8f57b2 100644 --- a/init.c +++ b/init.c @@ -2282,9 +2282,11 @@ do_init_crypto_tls (struct context *c, const unsigned int

[Openvpn-devel] [PATCH 03/52] cleanup: options.c: remove redundant include

Signed-off-by: Alon Bar-Lev --- options.c |1 - 1 files changed, 0 insertions(+), 1 deletions(-) diff --git a/options.c b/options.c index a596ffe..3d8085c 100644 --- a/options.c +++ b/options.c @@ -50,7 +50,6 @@ #include "manage.h" #include "forward.h" #include

[Openvpn-devel] [PATCH 04/52] cleanup: remove C++ warnings

Signed-off-by: Alon Bar-Lev --- httpdigest.c |4 ++-- init.c |2 +- misc.c |6 +++--- options.c |4 ++-- socket.c |4 ++-- ssl_polarssl.c |6 -- 6 files changed, 14 insertions(+), 12 deletions(-) diff --git

[Openvpn-devel] [PATCH 08/52] cleanup: tun.c: fix incorrect option in message (ip-win32)

Signed-off-by: Alon Bar-Lev --- tun.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/tun.c b/tun.c index c92c0d7..81b66fb 100644 --- a/tun.c +++ b/tun.c @@ -4492,7 +4492,7 @@ dhcp_masq_addr (const in_addr_t local, const in_addr_t netmask, const

[Openvpn-devel] [PATCH 02/52] package: rpm: strip should be handled by package management

Signed-off-by: Alon Bar-Lev --- openvpn.spec.in |1 - 1 files changed, 0 insertions(+), 1 deletions(-) diff --git a/openvpn.spec.in b/openvpn.spec.in index c5178e9..c42e7c6 100644 --- a/openvpn.spec.in +++ b/openvpn.spec.in @@ -101,7 +101,6 @@ and portability to most

[Openvpn-devel] [PATCH 01/52] build: version should not contain '-'

Signed-off-by: Alon Bar-Lev --- version.m4 |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/version.m4 b/version.m4 index 9f15247..ff9b35f 100644 --- a/version.m4 +++ b/version.m4 @@ -1,5 +1,5 @@ dnl define the OpenVPN version

[Openvpn-devel] [PATCH 00/52] build revolution

1. Many cleanups. 2. New directory layout. 3. Remove easy-rsa, install-win32, windows build, tap-win32. 4. Standard autotools build system. 5. msbuild build system. 6. Split out most of platform specific code. After review I suggest you pull my repository[1], much safer than doing the MIME magic.

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

Hello, > How will you handle that some users use OpenVPN from Windows, Linux and > maybe even a mobile phone (like N900)? ... where paths are different, > depending on OS and/or distribution. And some paths on Linux (probably > *BSD too?) are different if it is a 32bit architecture or 64bit. Do

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 29/02/12 19:40, Carsten Krüger wrote: > > I think it would be good to rethink the hole script idea. Maybe > scripts could be only server pushable. How will you handle that some users use OpenVPN from Windows, Linux and maybe even a mobile phone

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

Hello Heiko, > Same here, please share your thoughts on how to reduce complexity. Dismiss the hole service starts openvpn in user context. It makes no sense. see: Message-ID: <1957833067.20120229194...@gmxpro.de> Message-ID: <1787326494.20120229201...@gmxpro.de> greetings Carsten

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

Hello, > If openvpn.exe startet in users context the user can manipulate it in > ram arbitrarily. Example: http://blog.didierstevens.com/2009/06/25/bpmtk-injecting-vbscript/ (great blog about process manipulation :-) ) I think there is absolutly no benefit from starting openvpn.exe in user

Re: [Openvpn-devel] OpenVPN 2.3-alpha1 / GUI

Russell On Wednesday 29 February 2012 17:26:46 Russell Morris wrote: > 1) I know that someone (Heiko?) was looking at auto-proxy a while back. Is > this now working? Is there a way to test it (if it's now working), to see > what it determines for a proxy? During discussion of the Windows

[Openvpn-devel] [DISCUSSION] OpenVPN privilege separation (Windows)

Hello, Following recent discussion on Windows platform, I open a new thread. I don't think this topic is Windows specific as the security principals are the same. VPN client product has [at least] two different type of configuration. 1. Standalone configuration. 2. Enterprise configuration.

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

Hello Fabian, > Why does the "interactive service" need to start OpenVPN? Yeah, I can't understand that, too. > Why not let the GUI start OpenVPN and let OpenVPN connect to the "interactive > service"? Exactly. If openvpn.exe startet in users context the user can manipulate it in ram

Re: [Openvpn-devel] [PATCH 00/35] build revolution

On Wed, Feb 29, 2012 at 7:31 PM, David Sommerseth wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 28/02/12 22:31, Alon Bar-Lev wrote: >> Hello, >> >> I think I finished. David, tell me if you want me to send the patches >> to the list. I think these

Re: [Openvpn-devel] [PATCH 00/35] build revolution

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 28/02/12 22:31, Alon Bar-Lev wrote: > Hello, > > I think I finished. David, tell me if you want me to send the patches > to the list. I think these are way too long. Great! Thank you very much for digging deep into this. I must admit, I didn't

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

Hi Gert, 2012/2/29 Gert Doering : > The model we follow is "openvpn.exe has the same permissions that you > already have, so there is no benefit in manipulating anything". That was my initial assumption, which would imply that there's no reason to restrict access to the

Re: [Openvpn-devel] OpenVPN 2.3-alpha1 released

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 29/02/12 16:01, Mr Dash Four wrote: > >> For the plug-in API ... look at openvpn-plugin.h ... look for >> openvpn_plugin_*_v3. Especially openvpn_plugin_open_v3() and >> openvpn_plugin_func_v3(). If fact, most of the openvpn-plugin.h is >> a

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

On Wednesday 29 February 2012 15:28:31 Fabian Knittel wrote: > To ensure this in classic Linux this would mean that the OpenVPN > process needs to run as a _different_ user than the GUI user or else > the GUI user could freely manipulate the program using, e.g. ptrace. I > know that similar

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

Hi, On Wed, Feb 29, 2012 at 04:28:31PM +0100, Fabian Knittel wrote: > To ensure this in classic Linux this would mean that the OpenVPN > process needs to run as a _different_ user than the GUI user or else > the GUI user could freely manipulate the program using, e.g. ptrace. I > know that

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

Hi Heiko, 2012/2/29 Heiko Hund : > On Wednesday 29 February 2012 14:07:01 Fabian Knittel wrote: [...] >> (There must be something missing, otherwise >> I don't get why you call it "interactive service" ...?) > > It's interactive in contrast to the other already existing

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

Hi Fabian On Wednesday 29 February 2012 14:07:01 Fabian Knittel wrote: > Let's see whether I understood the design. After initial setup, the > GUI has a connection via the mgmt interface to OpenVPN and OpenVPN has > a connection via the "privilege interface" to the "interactive > service".

Re: [Openvpn-devel] OpenVPN 2.3-alpha1 released

The one-to-one NAT feature seems to be described on the man-page in the "--client-nat" section. The new management features are James' handywork, so they're probably described here: If not,

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

I disagree, open source project is not different than any other software project. OK, I'll bite. I disagree with the above entirely. Open-source project *is* different "from any other project" - vastly so - not least because it is open for scrutiny by the whole community, not just

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

On Wed, Feb 29, 2012 at 4:01 PM, Heiko Hund wrote: > On Wednesday 29 February 2012 13:45:49 Alon Bar-Lev wrote: >> I don't understand you attitude, I am not trying to take anything from you, >> and I don't think you can find anything in my record that had negative >> impact

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

Hi Heiko, Am 29. Februar 2012 13:18 schrieb Heiko Hund : > [...] There will be a new service, I called it > interactive service. The GUI/client connects to a named pipe of that service. > It passes the working directory, command line options and stdin input for > openpvn to

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

On Wednesday 29 February 2012 13:45:49 Alon Bar-Lev wrote: > I don't understand you attitude, I am not trying to take anything from you, > and I don't think you can find anything in my record that had negative > impact on this (or any other) project. And I do know one or two things in > security

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

On Wed, Feb 29, 2012 at 3:25 PM, Heiko Hund wrote: >> Anyway, if there was a design process, I will appreciate if you can send a >> design document, as this is not a small/niche feature, it will effect >> the majority of Windows users. > > Yeah, like the design project

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

On Wednesday 29 February 2012 13:15:16 Alon Bar-Lev wrote: > IRC is synchronous way of communication, it is no suitable for distributed > volunteer team. > Proper discussion of design is done differently, perfecting a design > document and interface specifications. > > If there was such process,

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

On Wed, Feb 29, 2012 at 3:05 PM, Heiko Hund wrote: > On Wednesday 29 February 2012 12:54:18 Alon Bar-Lev wrote: >> What I wrote is simple. > > Wrote where? In this thread or C code that tackles the issue? I'm confused. > >> In order to push a project in coherent direction,

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

On Wednesday 29 February 2012 12:51:41 Carsten Krüger wrote: > > This is way too complex solution for a simple problem. > > A proper design and discussion should take place before advancing in > > this route. > > ACK Same here, please share your thoughts on how to reduce complexity. Heiko --

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

On Wednesday 29 February 2012 12:54:18 Alon Bar-Lev wrote: > What I wrote is simple. Wrote where? In this thread or C code that tackles the issue? I'm confused. > In order to push a project in coherent direction, a proper design > discussion stage should be done. Yeah, you missed that one

  1   2   >