Hi
Thanks for the patch.This feature (and a similar support for plugins)
is something very nice to have
But this implementation is inadequate.
The main problem is that multi->client_reason is sent back to the client only
during the initial auth not during reauth (renegotiations). So this will wo
It is now possible to specify 'local' multiple times in a server
config to let it listen on multiple sockets (address:port) of
the same protocol.
Signed-off-by: Antonio Quartulli
---
doc/openvpn.8 | 10 ++-
src/openvpn/init.c| 9 +--
src/openvpn/options.c | 162 +++
This change ensures that when a numeric IP address is specified
as argument to a 'local' directive, its ai_family overrides
the one extracted from the 'proto' config option.
Signed-off-by: Antonio Quartulli
---
src/openvpn/socket.c | 11 +--
1 file changed, 9 insertions(+), 2 deletions(-
Signed-off-by: Antonio Quartulli
---
src/openvpn/socket.c | 10 --
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c
index 84d828e6..79fbc6a8 100644
--- a/src/openvpn/socket.c
+++ b/src/openvpn/socket.c
@@ -988,9 +988,15 @@ bind_loca
In order to prepare the code to work with distinct sockets,
it is essential that i/o functions do not operate on any
hard-coded socket object (i.e. c->c2.link_socket).
This patch changes all the low-level i/o functionis to work
with a socket specified as argument rather than a fixed one.
Signed-o
This patchset allows a server to listen on multiple sockets
concurrently.
Practically this means that an admin can configure his/her server to
listen on multiple IPs and/or multiple ports at the same time.
The new behaviour can be configured by using an extension of the current
"--local" option.
Signed-off-by: Antonio Quartulli
---
src/openvpn/event.h | 1 +
src/openvpn/forward-inline.h | 15 ++-
src/openvpn/forward.c| 51 ++---
src/openvpn/forward.h| 18 ++--
src/openvpn/init.c | 197 +++
src/openvpn/init.h
In order to prepare the event handling code to deal with multiple
listening sockets, we have to make sure that it is possible to
distinguish which of these sockets have been pocked by an incoming
connection request.
To achieve that, this patch changes the object being passed as
event handler argum
Instead of passing the shift argument as pointer, pass
directly its integer value. This will allow the code to
distinguish a shift value from a real object pointer,
like we already do in multi_tcp_process_io().
This change will allow us later to pass an event_arg
object as event handler argument i
In order to allow the code to work with multiple listening sockets
it is essential to allow the generic multi_io event handler
to distinguish between the various socket objects.
This can be achieved by passing an event_arg object that contains
a pointer to the link_socket.
This code path is used
Hi,
came across an old posting today, by chance - cc'ing openvpn-devel,
because that's really more of a -devel question...
On Thu, May 18, 2017 at 02:47:37PM -0700, Yury Shefer wrote:
> Here is what I noticed:
> 1) when I hit max-sessions and the daemon no longer accepts new
> connections (by log
From: Selva Nair
The driver version (taken from the INF) and the file version of
tap0901.sys file (from its resource) will now display like
9.22.1.601.
The driver details tab will continue to show the text form of
the version as "major.minor.revision major/minor".
Eg., "9.22.1 9/22"
Signed-off-
Il 25/04/2018 15:42, Selva Nair ha scritto:
> Hi,
>
> On Wed, Apr 25, 2018 at 3:04 AM, Samuli Seppänen wrote:
>> Feature-ACK, but I have not tested this yet. I think we should increment
>> version to 9.22.2 (a.k.a. 9,22,2,601) though. The current release is 9.22.1.
>
> Treating this like any oth
Hi,
On Tue, Apr 24, 2018 at 4:16 PM, Christian Hesse wrote:
> Antonio Quartulli on Tue, 2018/04/24 23:08:
>> OTOH I understand that there are people that don't care about having a
>> working tunnel reconfiguration and are fine with starting openvpn as
>> root (and then dropping privileges).
>>
>
Hi,
On Mon, Apr 23, 2018 at 11:28:13AM +0200, Christian Hesse wrote:
> @@ -1151,6 +1151,14 @@ do_uid_gid_chroot(struct context *c, bool no_delay)
> /* set user and/or group if we want to setuid/setgid */
> if (c0->uid_gid_specified)
> {
> +#ifdef ENABLE_SYSTEMD
> +
Hi,
On Tue, Apr 24, 2018 at 10:16:36PM +0200, Christian Hesse wrote:
> No need to have root involved. Sounds good?
This is not our traditional approach of "give people rope to hang themselves
if they want so". So I'll NAK any patch that *requires* use of systemd,
capabilities and non-root users
Hi,
On Tue, Apr 24, 2018 at 11:08:22PM +0800, Antonio Quartulli wrote:
> Generally speaking I believe that openvpn, as a VPN and partly routing
> daemon, should be allowed to run with CAP_NET_ADMIN set as it enables
> more features (tunnel reconfiguration to start with).
If we go there, we might
Hi,
On Wed, Apr 25, 2018 at 3:04 AM, Samuli Seppänen wrote:
> Feature-ACK, but I have not tested this yet. I think we should increment
> version to 9.22.2 (a.k.a. 9,22,2,601) though. The current release is 9.22.1.
Treating this like any other patch, I think version bump should not be
a part of i
18 matches
Mail list logo
