[Openvpn-devel] IPv6 route addition error on SIGHUP restarts (Windows)

2016-11-23 Thread Selva Nair
Hi, I see the following route addition error during SIGHUP restarts on Windows. Wed Nov 23 21:44:39 2016 add_route_ipv6(::e001:3b08::/64 -> ::e001:3b08::1001 metric 0) dev SanSel-VPN Wed Nov 23 21:44:39 2016 ROUTE: route addition failed using service: The object already exists.

[Openvpn-devel] [PATCH] Set IPv6 DNS servers using interactive service

2016-11-23 Thread Selva Nair
- Any existing addresses are deleted before adding - On close_tun all addresses are deleted (only if any were added) Signed-off-by: Selva Nair --- doc/openvpn.8 | 2 +- include/openvpn-msg.h | 7 +- src/openvpn/tun.c | 72

Re: [Openvpn-devel] [PATCH applied] Re: Poor man's NCP for non-NCP peers

2016-11-23 Thread Steffan Karger
Hi, On 23-11-16 23:32, Gert Doering wrote: > On Wed, Nov 23, 2016 at 11:16:58PM +0100, Gert Doering wrote: >> ACK. We made it :-) > > I *did* find a way to break it, I think - haven't tested, need to sleep - > just copying what I wrote to IRC just now since everyone is asleep > already... > >

Re: [Openvpn-devel] [PATCH applied] Re: Poor man's NCP for non-NCP peers

2016-11-23 Thread Gert Doering
Hi, On Wed, Nov 23, 2016 at 11:16:58PM +0100, Gert Doering wrote: > ACK. We made it :-) I *did* find a way to break it, I think - haven't tested, need to sleep - just copying what I wrote to IRC just now since everyone is asleep already... 23:30 <@cron2> syzzer: I *do* have a potential way to

[Openvpn-devel] [PATCH applied] Re: Poor man's NCP for non-NCP peers

2016-11-23 Thread Gert Doering
ACK. We made it :-) I've made three changes (as discussed on IRC) to avoid another round for "minor nuisances" - moved prototype in options.h outside #ifdef ENABLE_OCC (warning if --disable-small) - undo the moving of #if P2MP_SERVER in key_method_2_read() (would break

[Openvpn-devel] [PATCH 1/2 v6] Poor man's NCP for non-NCP peers

2016-11-23 Thread Steffan Karger
Allows non-NCP peers (<= 2.3, or 2.4+ with --ncp-disable) to specify a --cipher that is different from the one in our config, as long as the new cipher value is allowed (i.e. in --ncp-ciphers at our side). This works both client-to-server and server-to-client. I.e. a 2.4 client with "cipher

[Openvpn-devel] Summary of the today's (Wednesday, 23rd Nov 2016) community meeting

2016-11-23 Thread Samuli Seppänen
Hi, Here's the summary of today's IRC meeting. --- COMMUNITY MEETING Place: #openvpn-meeting on irc.freenode.net Date: Wednesday 23rd November 2016 Time: 20:00 CET (19:00 UTC) Planned meeting topics for this meeting were here:

[Openvpn-devel] [PATCH 1/2 v5] Poor man's NCP for non-NCP peers

2016-11-23 Thread Steffan Karger
Allows non-NCP peers (<= 2.3, or 2.4+ with --ncp-disable) to specify a --cipher that is different from the one in our config, as long as the new cipher value is allowed (i.e. in --ncp-ciphers at our side). This works both client-to-server and server-to-client. I.e. a 2.4 client with "cipher

[Openvpn-devel] [PATCH 2/2] Refactor data channel key generation API

2016-11-23 Thread Steffan Karger
Originally for "poor man's NPC", I introduced a simpler API for generating data channel keys. That refactoring is no longer needed for that patch, but I believe still worth a patch on it's own. This patch should not change any functionality. Signed-off-by: Steffan Karger ---

[Openvpn-devel] [PATCH applied] Re: Document the --auth-token option

2016-11-23 Thread Gert Doering
ACK. Documentation text leaves endless possibilities for twisting words around, but this is much better than "no documentation" :-) Your patch has been applied to the master and release/2.3 branch. commit f8a367f7c51af5482013fa3d783cade376b047ed (master) commit

Re: [Openvpn-devel] [PATCH] Refactor setting close-on-exec for socket FDs

2016-11-23 Thread Gert Doering
Hi, On Wed, Nov 23, 2016 at 11:20:18AM +0100, Gert Doering wrote: > The existing code can leak socket FDs to the "--up" script, which is > not desired. Brought up by Alberto Gonzalez Iniesta, based on debian > bug 367716. I'm not sure if that patch is good enough yet. Arne brought up

[Openvpn-devel] OSTIF.org has started an OpenVPN security audit fundraiser

2016-11-23 Thread Samuli Seppänen
Hi, OSTIF[1] has started a new fundraiser with the goal of getting a security audit for OpenVPN 2.4.x: On that page there are suggestions on how to promote the fundraiser. This new fundraiser has way more

[Openvpn-devel] [PATCH] Refactor setting close-on-exec for socket FDs

2016-11-23 Thread Gert Doering
The existing code can leak socket FDs to the "--up" script, which is not desired. Brought up by Alberto Gonzalez Iniesta, based on debian bug 367716. Since different sockets get create at different times, just moving the set_cloexec() to link_socket_init_phase1() is not good enough - so move the

Re: [Openvpn-devel] handle unsupported windows versions in installer

2016-11-23 Thread Илья Шипицин
hello, here's new PR https://github.com/OpenVPN/openvpn-build/pull/52 it is tricky to add http link to message box, I'd avoid using nsDialogs.nsh now 2016-11-21 16:21 GMT+05:00 Илья Шипицин : > > > 2016-11-21 16:14 GMT+05:00 Samuli Seppänen : > >> Il