Re: [Openvpn-devel] OpenVPN 2.3-alpha1 / GUI

Hi Heiko, Some thoughts on this - by all means let me know your opinion though! 1) Makes sense - and that's what I'm doing currently, querying for proxy information (in Windows, including PAC files as well). 2) Unfortunately it's in Visual Basic - only because that takes care of all the GUI / Wi

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

> > > I never used script with openvpn. I've no idea which are real world > > applications for it. > > Scripts are for creative uses that the programmers of openvpn have not > foreseen. Like "after the VPN is up, auto-sync all your git repositories" > or "open up a few xterms with ssh's to $intern

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

A comment on your [1] reference. The issue of remote-user vs enterprise is an old one - that affects many software applications - not just openvpn. I personally think the proper solution is to implement NAC: make "the network/enterprise" audit the remote host and only allow it if it meets expectati

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

On Wed, Feb 29, 2012 at 11:59 PM, Gert Doering wrote: > But I'm leaving this discussion now.  Heiko is doing the implementation > work, James, David and I have agreed (and told the list via IRC session > minutes!) that we think it's a useful way forward, and this is developing > into a bikeshed.

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

Hi, On Wed, Feb 29, 2012 at 11:36:46PM +0200, Alon Bar-Lev wrote: > > Scripts are for creative uses that the programmers of openvpn have not > > foreseen.  Like "after the VPN is up, auto-sync all your git repositories" > > or "open up a few xterms with ssh's to $internalhosts". > > > > David had

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

2012/2/29 Gert Doering : > Hi, > > On Wed, Feb 29, 2012 at 07:43:18PM +0100, Carsten Krüger wrote: >> > Part of the assumption here is "the user controls the openvpn config", >> > and as such, he can make openvpn.exe run arbitrary scripts anyway - and >> > to stop this from being a problem, just ru

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

Hi, On Wed, Feb 29, 2012 at 08:25:31PM +0100, Carsten Krüger wrote: > > Same here, please share your thoughts on how to reduce complexity. > > Dismiss the hole service starts openvpn in user context. It makes no > sense. From a pure security perspective, you're right - maximum security would be

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

Hi, On Wed, Feb 29, 2012 at 07:43:18PM +0100, Carsten Krüger wrote: > > Part of the assumption here is "the user controls the openvpn config", > > and as such, he can make openvpn.exe run arbitrary scripts anyway - and > > to stop this from being a problem, just run openvpn.exe with your uid. > >

Re: [Openvpn-devel] [PATCH 00/35] build revolution

On Wed, Feb 29, 2012 at 7:38 PM, Alon Bar-Lev wrote: >> However, I'm not terrified of 52 patches to the mailing list.  That's >> definitely doable. > > OK. Well, I sent, not sure all is OK, as I don't see it in archive and some were rejected because of size. At the end of review, please pull fro

[Openvpn-devel] [tap-windows 11/11] build: initial build

Signed-off-by: Alon Bar-Lev --- .gitignore |7 +- _build.bat | 49 +++ build.bat | 55 build/MSCV-VSClass3.cer | 29 build/msvc-generate.js | 118 + build/unix2dos.js | 54 ++

[Openvpn-devel] [tap-windows 10/11] docs: add COPYING COPYRIGHT.GPL

Signed-off-by: Alon Bar-Lev --- COPYING | 40 +++ COPYRIGHT.GPL | 339 + 2 files changed, 379 insertions(+), 0 deletions(-) create mode 100644 COPYING create mode 100644 COPYRIGHT.GPL diff --git a/COPYING b/COPYING new file

[Openvpn-devel] [tap-windows 09/11] cleanup: create .gitignore

Signed-off-by: Alon Bar-Lev --- .gitignore | 10 ++ 1 files changed, 10 insertions(+), 0 deletions(-) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 000..230ee15 --- /dev/null +++ b/.gitignore @@ -0,0 +1,10 @@ +*.pdb +*.sys +*.map +*

[Openvpn-devel] [tap-windows 07/11] cleanup: rename common.h->tap-windows.h

Signed-off-by: Alon Bar-Lev --- src/common.h | 82 - src/resource.rc |3 -- src/tap-windows.h | 82 + src/tapdrvr.c |2 +- 4 files changed, 83 insertions(+), 86 deletion

[Openvpn-devel] [tap-windows 08/11] cleanup: add TAP_WIN prefix to exports

Signed-off-by: Alon Bar-Lev --- src/dhcp.c|2 +- src/resource.rc |2 +- src/tap-windows.h | 46 -- src/tapdrvr.c | 28 ++-- 4 files changed, 32 insertions(+), 46 deletions(-) diff --git a/src/dhcp.c b/

[Openvpn-devel] [tap-windows 06/11] cleanup: replace TAP-Win32->TAP-Windows

Signed-off-by: Alon Bar-Lev --- src/SOURCES.in |2 +- src/common.h |6 +++--- src/constants.h |4 ++-- src/dhcp.c |4 ++-- src/dhcp.h |4 ++-- src/endian.h |4 ++-- src/error.c |4 ++--

[Openvpn-devel] [tap-windows 05/11] build: set default to newer ddk

Signed-off-by: Alon Bar-Lev --- src/prototypes.h |2 +- src/tapdrvr.c|5 + 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/src/prototypes.h b/src/prototypes.h index 55454d5..18c566f 100755 --- a/src/prototypes.h +++ b/src/prototypes.h @@ -202,7 +202,7 @@ VOID HookD

[Openvpn-devel] [tap-windows 04/11] debug: add DbgPrint support

Signed-off-by: Alon Bar-Lev --- src/error.c |5 + 1 files changed, 5 insertions(+), 0 deletions(-) diff --git a/src/error.c b/src/error.c index 5b25f48..0541bc3 100755 --- a/src/error.c +++ b/src/error.c @@ -81,6 +81,11 @@ MyDebugPrint (const unsigned char* format, ...) NT

[Openvpn-devel] [tap-windows 03/11] cleanup: remove warnings of redefinition of macros

Signed-off-by: Alon Bar-Lev --- src/resource.rc |5 + 1 files changed, 5 insertions(+), 0 deletions(-) diff --git a/src/resource.rc b/src/resource.rc index 84884cf..8b2d2f6 100755 --- a/src/resource.rc +++ b/src/resource.rc @@ -4,6 +4,11 @@ /* get VERSION */ #include "common.h" +#und

[Openvpn-devel] [tap-windows 00/11] standalone package

1. cleanup warnings. 2. new directory layout 3. rename TAP-Win32 -> TAP-Windows 4. build system. 5. installer. Alon Bar-Lev (11): cleanup: rename tap-win32->src cleanup: OACR warnings cleanup: remove warnings of redefinition of macros debug: add DbgPrint support build: set default to new

[Openvpn-devel] [easy-rsa 4/4] packaging: rpm: initial add

Signed-off-by: Alon Bar-Lev --- Makefile.am |2 + configure.ac|3 ++ distro/Makefile.am | 15 + distro/rpm/Makefile.am | 15 + distro/rpm/easy-rsa.spec.in | 68 +++ 5 files changed

[Openvpn-devel] [easy-rsa 1/4] cleanup: fix execute permission

Signed-off-by: Alon Bar-Lev --- 0 files changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 easy-rsa/1.0/list-crl mode change 100644 => 100755 easy-rsa/1.0/make-crl mode change 100644 => 100755 easy-rsa/1.0/revoke-crt mode change 100755 => 100644 easy-rsa/2.0/openssl-0.9.6.

[Openvpn-devel] [easy-rsa 3/4] build: doc

Signed-off-by: Alon Bar-Lev --- Makefile.am |2 +- configure.ac|1 + doc/Makefile.am | 16 doc/README-1.0 | 161 doc/README-2.0 | 229 +++ easy-rsa/1.0/README | 16

[Openvpn-devel] [easy-rsa 2/4] build: simple autotools build

Signed-off-by: Alon Bar-Lev --- .gitignore|9 ++ COPYING | 42 ++ COPYRIGHT.GPL | 339 + Makefile.am | 48 +++ configure.ac | 51 easy-rsa/2.0/Makefile | 13 -- 6 fi

[Openvpn-devel] [easy-rsa 0/4] standalone package

1. Make easy-rsa standalone package. 2. Package. 3. Add spec file. Alon Bar-Lev (4): cleanup: fix execute permission build: simple autotools build build: doc packaging: rpm: initial add .gitignore |9 + COPYING | 42 + COPYRIGHT.GP

[Openvpn-devel] [openvpn-gui 7/8] cleanup: dos2unix OpenVPN GUI ReadMe.txt

Signed-off-by: Alon Bar-Lev --- OpenVPN GUI ReadMe.txt | 462 1 files changed, 231 insertions(+), 231 deletions(-) diff --git a/OpenVPN GUI ReadMe.txt b/OpenVPN GUI ReadMe.txt index f650357..323361b 100644 --- a/OpenVPN GUI ReadMe.txt +++ b/

[Openvpn-devel] [openvpn-gui 8/8] build: rework build

Add: 1. automake 2. libtool 3. some minor modifications Signed-off-by: Alon Bar-Lev --- .gitignore | 39 +- Makefile.am| 102 +++ Makefile.in| 57 -- OpenVPN GUI ReadMe.txt | 231 --- README | 231 +++ acinclude.m4 |

[Openvpn-devel] [openvpn-gui 4/8] cleanup: add missing stdlib.h

Signed-off-by: Alon Bar-Lev --- proxy.c |1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/proxy.c b/proxy.c index 9750046..af575f6 100644 --- a/proxy.c +++ b/proxy.c @@ -26,6 +26,7 @@ #include #include #include +#include #include "config.h" #include "main.h" --

[Openvpn-devel] [openvpn-gui 5/8] cleanup: dos2unix res/openvpn-gui-res-fi.rc

Signed-off-by: Alon Bar-Lev --- res/openvpn-gui-res-fi.rc | 714 ++-- 1 files changed, 357 insertions(+), 357 deletions(-) diff --git a/res/openvpn-gui-res-fi.rc b/res/openvpn-gui-res-fi.rc index 5dabc77..47fcadf 100644 --- a/res/openvpn-gui-res-fi.rc ++

[Openvpn-devel] [openvpn-gui 6/8] cleanup: dos2unix res/openvpn-gui-res-jp.rc

Signed-off-by: Alon Bar-Lev --- res/openvpn-gui-res-jp.rc | 682 ++-- 1 files changed, 341 insertions(+), 341 deletions(-) diff --git a/res/openvpn-gui-res-jp.rc b/res/openvpn-gui-res-jp.rc index 64c7e7d..909980d 100644 --- a/res/openvpn-gui-res-jp.rc ++

[Openvpn-devel] [openvpn-gui 3/8] debug: fix debug under unicode

Signed-off-by: Alon Bar-Lev --- main.c| 26 ++ openvpn.c |2 +- 2 files changed, 15 insertions(+), 13 deletions(-) diff --git a/main.c b/main.c index 22c8bef..95a9dfc 100644 --- a/main.c +++ b/main.c @@ -120,7 +120,7 @@ int WINAPI WinMain (HINSTANCE hThisInstan

[Openvpn-devel] [openvpn-gui 0/8] build rewrite

1. Some cleanups 2. Build rewrite, similar to openvpn build rewrite. Alon Bar-Lev (8): cleanup: resolve unused parameter warnings cleanup: resolve warnings missing malloc include debug: fix debug under unicode cleanup: add missing stdlib.h cleanup: dos2unix res/openvpn-gui-res-fi.rc cl

[Openvpn-devel] [openvpn-gui 1/8] cleanup: resolve unused parameter warnings

Signed-off-by: Alon Bar-Lev --- localization.c |6 ++ main.c |2 ++ openvpn.c |5 + 3 files changed, 13 insertions(+), 0 deletions(-) diff --git a/localization.c b/localization.c index 8e86b50..eb541fc 100644 --- a/localization.c +++ b/localization.c @@ -296,6 +

[Openvpn-devel] [openvpn-gui 2/8] cleanup: resolve warnings missing malloc include

Signed-off-by: Alon Bar-Lev --- localization.c |1 + manage.c |1 + 2 files changed, 2 insertions(+), 0 deletions(-) diff --git a/localization.c b/localization.c index eb541fc..3a6be38 100644 --- a/localization.c +++ b/localization.c @@ -28,6 +28,7 @@ #include #include #inclu

[Openvpn-devel] [PATCH 52/52] build: use tap-windows.h as external dependency

tap-windows.h is provided by the tap project Signed-off-by: Alon Bar-Lev --- configure.ac | 12 include/Makefile.am|2 - include/tap-windows.h | 68 msvc-env.bat |2 + src/openvpn/Makefile.

[Openvpn-devel] [PATCH 51/52] build: distribute samples in windows

Signed-off-by: Alon Bar-Lev --- configure.ac |3 +++ sample/Makefile.am | 14 ++ 2 files changed, 17 insertions(+), 0 deletions(-) diff --git a/configure.ac b/configure.ac index 0f2a62e..2b095a3 100644 --- a/configure.ac +++ b/configure.ac @@ -903,6 +903,9 @@ AC_SUBST([O

[Openvpn-devel] [PATCH 50/52] build: windows: install version.sh to allow installer read version

Signed-off-by: Alon Bar-Lev --- .gitignore|1 + Makefile.am |5 + configure.ac |1 + version.sh.in |4 4 files changed, 11 insertions(+), 0 deletions(-) create mode 100644 version.sh.in diff --git a/.gitignore b/.gitignore index e7232cf..2f72ed8 100644 --- a/.gi

[Openvpn-devel] [PATCH 49/52] build: move wrappers into platform module

+ Some fixups within the platform.c functions. - need to check environment set on Windows. Signed-off-by: Alon Bar-Lev --- src/openvpn/Makefile.am|1 + src/openvpn/buffer.c |2 +- src/openvpn/crypto.c |6 +- src/openvpn/error.c|2 +- src/openvpn/init.c

[Openvpn-devel] [PATCH 47/52] build: move inet_ntop(), inet_pton() emulation into compat

Signed-off-by: Alon Bar-Lev --- configure.ac |2 +- src/compat/Makefile.am|4 ++- src/compat/compat-inet_ntop.c | 76 +++ src/compat/compat-inet_pton.c | 79 + src/compat/compat.h

[Openvpn-devel] [PATCH 48/52] cleanup: move console related function into its own module

Signed-off-by: Alon Bar-Lev --- src/openvpn/Makefile.am|1 + src/openvpn/console.c | 238 src/openvpn/console.h | 33 ++ src/openvpn/misc.c | 125 +--- src/openvpn/misc.h |3 +- src/ope

[Openvpn-devel] [PATCH 45/52] build: move gettimeofday() emulation to compat

Remove all references to gettimeofday() from main project. SIDE EFFECT: mingw will use its own internal gettimeofday(). Signed-off-by: Alon Bar-Lev --- config-msvc.h|1 - configure.ac |1 - src/compat/Makefile.am |3 +- src/compat/co

[Openvpn-devel] [PATCH 43/52] build: move out config.h include from syshead

Yet another step in reducing the syshead.h content. Conditional compilation of sources needs to be based on a minimum program prefix (config.h only). Signed-off-by: Alon Bar-Lev --- src/openvpn/base64.c |6 ++ src/openvpn/buffer.c |6 ++ src/openvpn/cli

[Openvpn-devel] [PATCH 46/52] build: move daemon() emulation into compat

Signed-off-by: Alon Bar-Lev --- src/compat/Makefile.am |3 +- src/compat/compat-daemon.c | 100 src/compat/compat.h|4 ++ src/compat/compat.vcproj |4 ++ src/openvpn/init.c |2 +- src/openvpn/misc.c | 3

[Openvpn-devel] [PATCH 40/52] build: proper crypto detection and usage

Signed-off-by: Alon Bar-Lev --- configure.ac | 227 ++--- distro/rpm/openvpn.spec.in|6 +- doc/doxygen/doc_data_crypto.h |2 +- include/openvpn-plugin.h | 31 -- src/openvpn/Makefile.am |2 + s

[Openvpn-devel] [PATCH 44/52] build: split out compat

compat should not use any of the main project headers or conventions, it should be a standalone library that provides missing library functions. Signed-off-by: Alon Bar-Lev --- configure.ac |3 +- openvpn.sln |7 ++ src/Makefile.am |2 +-

[Openvpn-devel] [PATCH 42/52] build: win-msvc: msbuild format

Signed-off-by: Alon Bar-Lev --- .gitignore| 11 +- Makefile.am | 10 +- build/Makefile.am |2 + build/msvc/Makefile.am| 15 + build/msvc/msvc-generate/Makefile.am

[Openvpn-devel] [PATCH 38/52] build: properly process lzo-stub

Signed-off-by: Alon Bar-Lev --- configure.ac | 12 +++- src/openvpn/lzo.c | 20 ++-- src/openvpn/lzo.h | 20 ++-- src/openvpn/ssl.c |2 +- src/openvpn/syshead.h | 12 5 files changed, 28 insertions(+), 38 delet

[Openvpn-devel] [PATCH 41/52] build: autoconf: update defaults for options

Signed-off-by: Alon Bar-Lev --- configure.ac | 56 1 files changed, 28 insertions(+), 28 deletions(-) diff --git a/configure.ac b/configure.ac index 57d294d..9ffcc68 100644 --- a/configure.ac +++ b/configure.ac @@ -41,195 +41,195 @@ AC_

[Openvpn-devel] [PATCH 37/52] build: proper pkcs11-helper detection and usage

Signed-off-by: Alon Bar-Lev --- configure.ac | 49 --- distro/rpm/openvpn.spec.in |5 ++- src/openvpn/Makefile.am|4 +++ src/openvpn/ssl.c |2 +- src/openvpn/syshead.h |7 -- 5 files changed, 26 inserti

[Openvpn-devel] [PATCH 35/52] build: proper selinux detection and usage

Signed-off-by: Alon Bar-Lev --- configure.ac| 35 +++ src/openvpn/Makefile.am |1 + src/openvpn/init.c |4 ++-- src/openvpn/options.c |6 +++--- src/openvpn/options.h |2 +- src/openvpn/syshead.h |2 +- 6 files changed,

[Openvpn-devel] [PATCH 36/52] build: distribute pkg.m4

RHEL and others do not install this globally, so we provide our own copy. Signed-off-by: Alon Bar-Lev --- m4/pkg.m4 | 159 + 1 files changed, 159 insertions(+), 0 deletions(-) create mode 100644 m4/pkg.m4 diff --git a/m4/pkg.m4 b/m4/

[Openvpn-devel] [PATCH 34/52] build: autoconf: minor cleanups

Signed-off-by: Alon Bar-Lev --- configure.ac | 145 +- 1 files changed, 72 insertions(+), 73 deletions(-) diff --git a/configure.ac b/configure.ac index c540f82..98615c6 100644 --- a/configure.ac +++ b/configure.ac @@ -400,6 +400,16 @@ AC

[Openvpn-devel] [PATCH 39/52] build: proper lzo detection and usage

Signed-off-by: Alon Bar-Lev --- configure.ac | 101 - distro/rpm/openvpn.spec.in|2 +- doc/doxygen/doc_compression.h |2 +- src/openvpn/Makefile.am |2 + src/openvpn/forward.c |4 +- src/openvpn/init.c

[Openvpn-devel] [PATCH 31/52] build: autoconf: commands as environment

Signed-off-by: Alon Bar-Lev --- configure.ac | 66 - 1 files changed, 28 insertions(+), 38 deletions(-) diff --git a/configure.ac b/configure.ac index 6b5cf71..ed98464 100644 --- a/configure.ac +++ b/configure.ac @@ -267,37 +267,6 @@ AC_

[Openvpn-devel] [PATCH 33/52] build: properly detect and use socket libs

Signed-off-by: Alon Bar-Lev --- configure.ac| 27 +-- src/openvpn/Makefile.am |1 + 2 files changed, 18 insertions(+), 10 deletions(-) diff --git a/configure.ac b/configure.ac index a0dc462..c540f82 100644 --- a/configure.ac +++ b/configure.ac @@ -442,1

[Openvpn-devel] [PATCH 32/52] build: libdl usage

1. properly detect. 2. Link only required components. 3. No way we don't have LoadLibrary on Windows. 4. ENABLE_PLUGIN should be controlled in autoconf. Signed-off-by: Alon Bar-Lev --- configure.ac| 50 --- src/openvpn/Makefile.am |4

[Openvpn-devel] [PATCH 30/52] build: add libtool + windows resources for executables

Signed-off-by: Alon Bar-Lev --- .gitignore |6 Makefile.am |5 +++- build/Makefile.am| 15 +++ build/ltrc.inc | 23 configure.ac

[Openvpn-devel] [PATCH 28/52] build: remove awk and non-standard autoconf output processing

Replace with simpler environment solution. Signed-off-by: Alon Bar-Lev --- Makefile.am | 12 ++-- configure.ac |3 +++ configure_h.awk | 39 --- configure_log.awk | 33 - options.c |4 -

[Openvpn-devel] [PATCH 27/52] build: autoconf: remove OPENVPN_ADD_LIBS useless macro

Signed-off-by: Alon Bar-Lev --- configure.ac | 26 ++ m4/ax_openvpn_lib.m4 |4 2 files changed, 10 insertions(+), 20 deletions(-) delete mode 100644 m4/ax_openvpn_lib.m4 diff --git a/configure.ac b/configure.ac index 07b2e1a..81bf933 100644 --- a/conf

[Openvpn-devel] [PATCH 26/52] build: autotools: first pass of trivial autotools changes

Signed-off-by: Alon Bar-Lev --- Makefile.am | 22 +- compat.m4 | 70 +++ configure.ac| 1249 ++- lladdr.c|2 +- misc.c | 30 +-- misc.h |2 +- openvpn.spec.in | 11 +- options.c |

[Openvpn-devel] [PATCH 25/52] build: m4/ax_socklen_t.m4: cleanup

Signed-off-by: Alon Bar-Lev --- configure.ac |2 +- m4/ax_socklen_t.m4 | 97 ++-- 2 files changed, 57 insertions(+), 42 deletions(-) diff --git a/configure.ac b/configure.ac index fbed6bf..69a3736 100644 --- a/configure.ac +++ b/config

[Openvpn-devel] [PATCH 19/52] Remove tap-win32

Introduce tap-windows.h which is modified tap-win32/common.h. Except of function rename, it is the same without the tap_id. This file should be provided as part of tap-win32 MSI. For now we hold a copy. Signed-off-by: Alon Bar-Lev --- Makefile.am|3 +- configure.ac

[Openvpn-devel] [PATCH 24/52] build: m4/ax_emptyarray.m4: cleanup

Signed-off-by: Alon Bar-Lev --- m4/ax_emptyarray.m4 | 49 +++-- 1 files changed, 31 insertions(+), 18 deletions(-) diff --git a/m4/ax_emptyarray.m4 b/m4/ax_emptyarray.m4 index 0a8755c..c6781c1 100644 --- a/m4/ax_emptyarray.m4 +++ b/m4/ax_emptyarray.

[Openvpn-devel] [PATCH 23/52] build: m4/ax_varargs.m4: cleanup

Signed-off-by: Alon Bar-Lev --- m4/ax_varargs.m4 | 78 ++ 1 files changed, 55 insertions(+), 23 deletions(-) diff --git a/m4/ax_varargs.m4 b/m4/ax_varargs.m4 index fd5e8b0..37cdebe 100644 --- a/m4/ax_varargs.m4 +++ b/m4/ax_varargs.m4 @@ -6,1

[Openvpn-devel] [PATCH 21/52] build: remove windows specific build system

It will be completely re-written in future Signed-off-by: Alon Bar-Lev --- Makefile.am|8 +- doclean| 73 - domake-win | 138 msvc/autodefs.h.in | 20 -- msvc/config.py | 93 -- msvc/msvc.mak | 52 --- ser

[Openvpn-devel] [PATCH 22/52] build: split acinclude.m4 into m4/*

ax_emptyarray.m4 ax_openvpn_lib.m4 ax_socklen_t.m4 ax_varargs.m4 Signed-off-by: Alon Bar-Lev --- Makefile.am |1 + acinclude.m4 | 131 -- configure.ac |1 + m4/ax_emptyarray.m4 | 27 ++ m4/ax_openvpn_

[Openvpn-devel] [PATCH 20/52] cleanup: rename tap-windows function from win32 to win

Signed-off-by: Alon Bar-Lev --- configure.ac| 18 +++--- errlevel.h |2 +- error.c |6 +- forward.c |2 +- options.c |8 +- service-win32/service.h |2 +- sig.c |2 +- tap-windows.h

[Openvpn-devel] [PATCH 18/52] Remove easy-rsa

Signed-off-by: Alon Bar-Lev --- Makefile.am|1 - easy-rsa/1.0/README| 161 easy-rsa/1.0/build-ca | 13 - easy-rsa/1.0/build-dh | 12 - easy-rsa/1.0/build-inter

[Openvpn-devel] [PATCH 14/52] build: rename plugin directory to plugins

This to avoid conflit with plugin.c rules Signed-off-by: Alon Bar-Lev --- Makefile.am |3 +- openvpn.spec.in | 16 +- plugin/README | 47 --- plugin/auth-pam/.svnignore|1 - plugin/auth-pam/Makefile | 30 -- plugin/auth-pam/R

[Openvpn-devel] [PATCH 17/52] Remove install-win32

Signed-off-by: Alon Bar-Lev --- Makefile.am|5 +- configure.ac |3 - images/.svnignore |2 - images/Makefile.am | 41 -- images/icon.ico| Bin 22486 -> 0 bytes im

[Openvpn-devel] [PATCH 16/52] build: we need the sample.ovpn in future

Signed-off-by: Alon Bar-Lev --- install-win32/sample.ovpn | 103 sample-windows/sample.ovpn | 103 2 files changed, 103 insertions(+), 103 deletions(-) delete mode 100755 install-win32/sample.ovpn crea

[Openvpn-devel] [PATCH 15/52] build: plugins: properly use CC, CFLAGS and LDFLAGS

Signed-off-by: Alon Bar-Lev --- plugins/auth-pam/Makefile | 14 -- plugins/defer/build|9 + plugins/down-root/Makefile | 11 ++- plugins/examples/build |9 + 4 files changed, 24 insertions(+), 19 deletions(-) diff --git a/plugins/auth

[Openvpn-devel] [PATCH 13/52] build: handle printf style format in mingw

Signed-off-by: Alon Bar-Lev --- buffer.h | 12 ++-- error.h |6 +- misc.h | 12 ++-- status.h |6 +- 4 files changed, 30 insertions(+), 6 deletions(-) diff --git a/buffer.h b/buffer.h index 6c79007..9bc33db 100644 --- a/buffer.h +++ b/buffer.h @@ -312,7 +3

[Openvpn-devel] [PATCH 06/52] cleanup: remove redundant ';'

Signed-off-by: Alon Bar-Lev --- misc.h |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/misc.h b/misc.h index bdada42..dd6bd5a 100644 --- a/misc.h +++ b/misc.h @@ -145,7 +145,7 @@ openvpn_run_script (const struct argv *a, const struct env_set *es, const unsign openv

[Openvpn-devel] [PATCH 12/52] Update .gitignore

Signed-off-by: Alon Bar-Lev --- .gitignore |1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/.gitignore b/.gitignore index 3d12f5d..8cc07de 100644 --- a/.gitignore +++ b/.gitignore @@ -5,6 +5,7 @@ *.obj *.pyc *.so +*~ .deps Makefile Makefile.in -- 1.7.3.4

[Openvpn-devel] [PATCH 11/52] build: correct place to alter WINVER is at build system

Signed-off-by: Alon Bar-Lev --- configure.ac|2 +- syshead.h |4 win/msvc.mak.in |2 +- 3 files changed, 2 insertions(+), 6 deletions(-) diff --git a/configure.ac b/configure.ac index 1c4d66c..aa1d509 100644 --- a/configure.ac +++ b/configure.ac @@ -342,7 +342,7 @@ ca

[Openvpn-devel] [PATCH 09/52] cleanup: memcmp.c: remove unused source

Signed-off-by: Alon Bar-Lev --- configure.ac |3 --- memcmp.c | 43 --- 2 files changed, 0 insertions(+), 46 deletions(-) delete mode 100644 memcmp.c diff --git a/configure.ac b/configure.ac index 25dcc37..1c4d66c 100644 --- a/configure.ac +++

[Openvpn-devel] [PATCH 07/52] cleanup: crypto_openssl.c: remove support for pre-openssl-0.9.6

autoconf rejecting this anyway: --- AC_MSG_CHECKING([that OpenSSL Library is at least version 0.9.6]) AC_MSG_ERROR([OpenSSL crypto Library is too old.]) --- Signed-off-by: Alon Bar-Lev --- crypto_openssl.c | 49 - 1 files changed, 0 insertions(+

[Openvpn-devel] [PATCH 05/52] cleanup: win32.c: wrong printf format

Signed-off-by: Alon Bar-Lev --- win32.c |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/win32.c b/win32.c index 2ba97fc..acf5ebc 100644 --- a/win32.c +++ b/win32.c @@ -1012,12 +1012,12 @@ openvpn_execve (const struct argv *a, const struct env_set *es, const unsigned

[Openvpn-devel] [PATCH 10/52] fixup: init.c: add missing conditional for ENABLE_CLIENT_CR

Signed-off-by: Alon Bar-Lev --- init.c |2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/init.c b/init.c index d2ad318..b8f57b2 100644 --- a/init.c +++ b/init.c @@ -2282,9 +2282,11 @@ do_init_crypto_tls (struct context *c, const unsigned int flags) to.x509_track = opt

[Openvpn-devel] [PATCH 03/52] cleanup: options.c: remove redundant include

Signed-off-by: Alon Bar-Lev --- options.c |1 - 1 files changed, 0 insertions(+), 1 deletions(-) diff --git a/options.c b/options.c index a596ffe..3d8085c 100644 --- a/options.c +++ b/options.c @@ -50,7 +50,6 @@ #include "manage.h" #include "forward.h" #include "configure.h" -#include "f

[Openvpn-devel] [PATCH 04/52] cleanup: remove C++ warnings

Signed-off-by: Alon Bar-Lev --- httpdigest.c |4 ++-- init.c |2 +- misc.c |6 +++--- options.c |4 ++-- socket.c |4 ++-- ssl_polarssl.c |6 -- 6 files changed, 14 insertions(+), 12 deletions(-) diff --git a/httpdigest.c b/httpdigest.c i

[Openvpn-devel] [PATCH 08/52] cleanup: tun.c: fix incorrect option in message (ip-win32)

Signed-off-by: Alon Bar-Lev --- tun.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/tun.c b/tun.c index c92c0d7..81b66fb 100644 --- a/tun.c +++ b/tun.c @@ -4492,7 +4492,7 @@ dhcp_masq_addr (const in_addr_t local, const in_addr_t netmask, const int offset msg (M_

[Openvpn-devel] [PATCH 02/52] package: rpm: strip should be handled by package management

Signed-off-by: Alon Bar-Lev --- openvpn.spec.in |1 - 1 files changed, 0 insertions(+), 1 deletions(-) diff --git a/openvpn.spec.in b/openvpn.spec.in index c5178e9..c42e7c6 100644 --- a/openvpn.spec.in +++ b/openvpn.spec.in @@ -101,7 +101,6 @@ and portability to most major OS platforms. %b

[Openvpn-devel] [PATCH 01/52] build: version should not contain '-'

Signed-off-by: Alon Bar-Lev --- version.m4 |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/version.m4 b/version.m4 index 9f15247..ff9b35f 100644 --- a/version.m4 +++ b/version.m4 @@ -1,5 +1,5 @@ dnl define the OpenVPN version -define(PRODUCT_VERSION,[2.3-alpha1]) +defi

[Openvpn-devel] [PATCH 00/52] build revolution

1. Many cleanups. 2. New directory layout. 3. Remove easy-rsa, install-win32, windows build, tap-win32. 4. Standard autotools build system. 5. msbuild build system. 6. Split out most of platform specific code. After review I suggest you pull my repository[1], much safer than doing the MIME magic.

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

Hello, > How will you handle that some users use OpenVPN from Windows, Linux and > maybe even a mobile phone (like N900)? ... where paths are different, > depending on OS and/or distribution. And some paths on Linux (probably > *BSD too?) are different if it is a 32bit architecture or 64bit. Do

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 29/02/12 19:40, Carsten Krüger wrote: > > I think it would be good to rethink the hole script idea. Maybe > scripts could be only server pushable. How will you handle that some users use OpenVPN from Windows, Linux and maybe even a mobile phone (l

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

Hello Heiko, > Same here, please share your thoughts on how to reduce complexity. Dismiss the hole service starts openvpn in user context. It makes no sense. see: Message-ID: <1957833067.20120229194...@gmxpro.de> Message-ID: <1787326494.20120229201...@gmxpro.de> greetings Carsten

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

Hello, > If openvpn.exe startet in users context the user can manipulate it in > ram arbitrarily. Example: http://blog.didierstevens.com/2009/06/25/bpmtk-injecting-vbscript/ (great blog about process manipulation :-) ) I think there is absolutly no benefit from starting openvpn.exe in user conte

Re: [Openvpn-devel] OpenVPN 2.3-alpha1 / GUI

Russell On Wednesday 29 February 2012 17:26:46 Russell Morris wrote: > 1) I know that someone (Heiko?) was looking at auto-proxy a while back. Is > this now working? Is there a way to test it (if it's now working), to see > what it determines for a proxy? During discussion of the Windows --auto-p

[Openvpn-devel] [DISCUSSION] OpenVPN privilege separation (Windows)

Hello, Following recent discussion on Windows platform, I open a new thread. I don't think this topic is Windows specific as the security principals are the same. VPN client product has [at least] two different type of configuration. 1. Standalone configuration. 2. Enterprise configuration. Th

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

Hello Gert, > Part of the assumption here is "the user controls the openvpn config", > and as such, he can make openvpn.exe run arbitrary scripts anyway - and > to stop this from being a problem, just run openvpn.exe with your uid. What operation could be in script that is usefull when it's execu

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

Hello Fabian, > Why does the "interactive service" need to start OpenVPN? Yeah, I can't understand that, too. > Why not let the GUI start OpenVPN and let OpenVPN connect to the "interactive > service"? Exactly. If openvpn.exe startet in users context the user can manipulate it in ram arbitrar

Re: [Openvpn-devel] [PATCH 00/35] build revolution

On Wed, Feb 29, 2012 at 7:31 PM, David Sommerseth wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 28/02/12 22:31, Alon Bar-Lev wrote: >> Hello, >> >> I think I finished. David, tell me if you want me to send the patches >> to the list. I think these are way too long. > > Great!  Th

Re: [Openvpn-devel] [PATCH 00/35] build revolution

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 28/02/12 22:31, Alon Bar-Lev wrote: > Hello, > > I think I finished. David, tell me if you want me to send the patches > to the list. I think these are way too long. Great! Thank you very much for digging deep into this. I must admit, I didn't e

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

Hi Gert, 2012/2/29 Gert Doering : > The model we follow is "openvpn.exe has the same permissions that you > already have, so there is no benefit in manipulating anything". That was my initial assumption, which would imply that there's no reason to restrict access to the named pipe (apart from mak

Re: [Openvpn-devel] OpenVPN 2.3-alpha1 released

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 29/02/12 16:01, Mr Dash Four wrote: > >> For the plug-in API ... look at openvpn-plugin.h ... look for >> openvpn_plugin_*_v3. Especially openvpn_plugin_open_v3() and >> openvpn_plugin_func_v3(). If fact, most of the openvpn-plugin.h is >> a pr

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

On Wednesday 29 February 2012 15:28:31 Fabian Knittel wrote: > To ensure this in classic Linux this would mean that the OpenVPN > process needs to run as a _different_ user than the GUI user or else > the GUI user could freely manipulate the program using, e.g. ptrace. I > know that similar manipul

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

Hi, On Wed, Feb 29, 2012 at 04:28:31PM +0100, Fabian Knittel wrote: > To ensure this in classic Linux this would mean that the OpenVPN > process needs to run as a _different_ user than the GUI user or else > the GUI user could freely manipulate the program using, e.g. ptrace. I > know that similar

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

Hi Heiko, 2012/2/29 Heiko Hund : > On Wednesday 29 February 2012 14:07:01 Fabian Knittel wrote: [...] >> (There must be something missing, otherwise >> I don't get why you call it "interactive service" ...?) > > It's interactive in contrast to the other already existing service, that just > starts

  1   2   >