e from our
repositories, remember to also update this package when upgrading
OpenVPN 3 Linux.
Instructions how to install OpenVPN 3 Linux can be found here:
<https://community.openvpn.net/openvpn/wiki/OpenVPN3Linux>
--
kind regards,
David Sommerseth
OpenVPN Inc
n't abuse the --tmp-dir option to relocate it to one of these
more persistent locations. Just don't use tmp-dir as a "data exchange
point" outside of the communication between the OpenVPN process and the
scripts/plug-ins it runs.
--
kind regards,
David Sommerseth
OpenVPN Inc
From: David Sommerseth
Prior to this patch, the Makefile.am needs to be modified multiple
places to add a new man or HTML page to be generated. Since it is not
too often we modify this, it is easy to miss these finer details.
This changes the man and HTML generator rules to be more generic
approval though; they can be
changed on-the-fly if so be.
Acked-By: David Sommerseth
--
kind regards,
David Sommerseth
OpenVPN Inc
OpenPGP_signature
Description: OpenPGP digital signature
___
Openvpn-devel mailing list
Openvpn-devel
From: David Sommerseth
Prior to this patch, the Makefile.am needs to be modified multiple
places to add a new man or HTML page to be generated. Since it is not
too often we modify this, it is easy to miss these finer details.
This changes the man and HTML generator rules to be more generic
BSD hosts. So we can ignore this for now.
Except of these two really minor things, this is good to go.
Acked-By: David Sommerseth
--
kind regards,
David Sommerseth
OpenVPN Inc
OpenPGP_signature
Description: OpenPGP digital signature
___
Openvpn
regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
n-dco at that point *if* the server side
cipher/auth/compression is compliant with DCO? (Otherwise, use a tun
interface)
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://list
akefile.am and not a document file itself.
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
man
page. This can be done after this change, though.
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
is fully C99 capable.
[0] <https://endoflife.software/operating-systems/linux/FreeBSD>
[1]
<https://endoflife.software/operating-systems/linux/red-hat-enterprise-linux-rhel#7>
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel
On 21/03/2021 13:56, Arne Schwabe wrote:
Am 20.03.21 um 14:20 schrieb David Sommerseth:
On 19/03/2021 16:31, Arne Schwabe wrote:
This option allow migration to a non compression server config while
still retraining compatibility with client that have a compression
setting in their config
or each function it appears in
make[3]: *** [Makefile:742: ssl.o] Error 1
--
kind regards,
David Sommerseth
OpenVPN Inc
OpenPGP_signature
Description: OpenPGP digital signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https:/
/ssl_util.c | 16
src/openvpn/ssl_util.h | 8
5 files changed, 26 insertions(+), 27 deletions(-)
Glared at code, compared the move. All good. Compile tested on RHEL-8
just fine with no warnings.
Acked-By: David Sommerseth
--
kind regards,
David Sommerseth
OpenVPN Inc
16.04 LTS is the oldest one
supported by Canonical, and after end of April this year only 16.04.4 is
supported.
<https://endoflife.software/operating-systems/linux/ubuntu>
--
kind regards,
David Sommerseth
OpenVPN Inc
On 18/03/2021 21:52, David Sommerseth wrote:
On 18/03/2021 19:12, J
On 18/03/2021 21:52, David Sommerseth wrote:
It would be great to figure out if pkg-config is available on those
build hosts failing without this change. If it is present, it needs to
be checked which version it is.
If this is due to an outdated pkg-config, I'm reluctant to give this
patch
rdless, the commit message is incorrect. But that can probably be
fixed at commit time.
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
On 18/03/2021 18:56, Gert Doering wrote:
Hi,
On Thu, Mar 18, 2021 at 06:25:13PM +0100, David Sommerseth wrote:
I'm not seeing the rationale to why we need this; can you explain that?
See my other mail: because the previous configure.ac patch (for WolfSSL
support) breaks some platforms
it is received by beta/rc
testers. And further, for 2.7 we can consider having --enable-comp-stub
by default.
I can do a similar move with the Fedora Copr openvpn-git development builds.
--
kind regards,
David Sommerseth
OpenVPN Inc
чт, 18 мар. 2021 г. в 12:45, Gert Doering <mailt
eded
git diff --->> _How_ the change is solved
[1] <https://chris.beams.io/posts/git-commit/>
--
kind regards,
David Sommerseth
OpenVPN Inc
OpenPGP_signature
Description: OpenPGP digital signature
___
Openvpn-devel mailing li
network-speed-test/>
But openvpn --mlock is never the solution to performance and swapping.
Never ever.
--
kind regards,
David Sommerseth
OpenVPN Inc
OpenPGP_signature
Description: OpenPGP digital signature
___
Openvpn-devel maili
g while ago, related to lack of privileges
- but that could have been SELinux restrictions as well. Need to
revisit this.
--
kind regards,
David Sommerseth
OpenVPN Inc
OpenPGP_signature
Description: OpenPGP digital signature
___
Openvpn-devel mailing
to swapping, you
need to revisit your swap setup - or add more RAM. A few hundred
megabyte related to OpenVPN will not make things better or worse system
wide on your system. Fixing the real reason you have swapping issues will.
--
kind regards,
David Sommerseth
OpenVPN Inc
lity games. If it breaks,
it's their bug not ours.
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
VSZ RSS TTY STAT START TIME COMMAND
openvpn 2805670 0.0 0.8 76624 6896 ?Ss Feb25 7:08
/usr/sbin/openvpn
The start date is from when openvpn-2.5.1 got released and updated.
OpenSSL 1.1.1g-12 is used on both hosts.
--
kind regards,
David Sommerseth
OpenVPN Inc
OpenPGP
-mtu
option and put up a plan for removing it was also considered too much, I
don't see why that argument would be much different with --ciphers.
--
kind regards,
David Sommerseth
OpenVPN Inc
OpenPGP_signature
Description: OpenPGP digital signature
us to look at temporary RSA/DH keys,
- * otherwise we should print their lengths too */
msg(D_HANDSHAKE, "%s%s", s1, s2);
}
--
kind regards,
David Sommerseth
OpenVPN Inc
OpenPGP_signature
Description: OpenPGP digital signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
2 files changed, 114 insertions(+)
create mode 100755 sample/sample-scripts/totpauth.py
diff --git a/doc/man-sections/script-options.rst
b/doc/man-sections/script-options.rst
index f48e5818..6517f847 100644
Acked-By: David Sommerseth
--
kind regards,
David Sommerseth
OpenVPN Inc
/ssl_verify.c| 84 +
4 files changed, 87 insertions(+), 25 deletions(-)
diff --git a/Changes.rst b/Changes.rst
index 62008e8d..74728d2a 100644
Acked-By: David Sommerseth
--
kind regards,
David Sommerseth
OpenVPN Inc
OpenPGP_signature
Description
umentation does not mention the "method" part.
There are also a few nitpicks in the patch 11/11 which I did not see on
the ML so far.
<https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg21528.html>
Message-Id:
--
kind regards,
David Sommerseth
OpenVPN Inc
Ope
Signed-off-by: Viktor Oreshkin
--
kind regards,
David Sommerseth
OpenVPN Inc
OpenPGP_signature
Description: OpenPGP digital signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
not break any configuration, they
will just be ignored instead of being handled as an error.
Signed-off-by: Romain Loutrel
Signed-off-by: David Sommerseth
<https://github.com/OpenVPN/openvpn3-linux/commit/b1a270062e3d35dcf73f57340bd85fcb3d84b4cc>
--
kind regards,
David Somm
these changes, and they look good.
Acked-By: David Sommerseth
--
kind regards,
David Sommerseth
OpenVPN Inc
OpenPGP_signature
Description: OpenPGP digital signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.s
/sample-plugins/defer/simple.c | 21 ++---
1 file changed, 18 insertions(+), 3 deletions(-)
Yes, this is also reasonable and aligns well with the intension of these
version checks. Thanks a lot!
Acked-By: David Sommerseth
--
kind regards,
David Sommerseth
OpenVPN Inc
---
sample/sample-plugins/defer/simple.c | 23 ++-
1 file changed, 14 insertions(+), 9 deletions(-)
Thanks a lot! This makes a lot of sense and works as expected.
Acked-By: David Sommerseth
--
kind regards,
David Sommerseth
OpenVPN Inc
OpenPGP_signature
Description
From: David Sommerseth
Extend the defer/simple sample-plugin supporting test_defer_timeout
and test_defer_openurl environment variables to trigger an additional
web based authentication. Both variables are required to enable this
feature.
Since this plug-in will require clients to use --auth
to
remove this #ifdef to be able to test it with the totpauth.py script in
patch 11/11 (with patch 10/11 applied as well).
Otherwise looking good and works when removing this #ifdef. But needs a
bit more polish.
--
kind regards,
David Sommerseth
OpenVPN Inc
OpenPGP_signature
Description
this is good enough for me.
Acked-By: David Sommerseth
--
kind regards,
David Sommerseth
OpenVPN Inc
OpenPGP_signature
Description: OpenPGP digital signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https
OpenVPN 2.x enabling the management interface and
setting the IV_SSO env variable properly.
Otherwise, this generally looks good - but we should improve docs a bit
more and fix those minor issues while at it.
--
kind regards,
David Sommerseth
OpenVPN Inc
OpenPGP_signature
Description:
. I ended up
patching sample/sample-plugins/defer/simple.c to do an openurl call.
This worked fine.
I'll send a patch updating the sample-plugin after this patchset has
been reviewed.
Acked-By: David Sommerseth
--
kind regards,
David Sommerseth
OpenVPN Inc
OpenPGP_signature
Description
where we've tried to standardize
to be as close to the native and most common ground available.
That mingw is moving towards similar goals replacing msvcrt with ISO-C
standards is just great for us in the long run.
--
kind regards,
David Sommerseth
OpenVPN Inc
OpenPGP_signature
Descr
of the
openvpn_plugin_open_v3() function, which has the same phrasing.
Thanks a lot!
Acked-By: David Sommerseth
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net
from if-else block... */
This is just a quick draft skeleton. Right now the code is pretty
messy, and we should improve the code quality on such critical code
paths such as user authentication.
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
as well. This needs to be carefully tested with all these auth changes
in place too.
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
irst glance, but might be I stumble across
something during testing.
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
to install OpenVPN 3 Linux can be found here:
<https://community.openvpn.net/openvpn/wiki/OpenVPN3Linux>
--
kind regards,
David Sommerseth
OpenVPN Inc
Tech preview: Enable OpenVPN Data Channel Offload --
-
## WARNING
releases, the Python 3 openvpn module did not understand
the --tls-version-min and --tls-version-max options. This has been
resolved and these options are forwarded properly to the
configuration manager.
--
kind regards,
David Sommerseth
OpenVPN Inc
[0] <https://gitlab.com/openvpn/openv
On 02/11/2020 19:22, Gert Doering wrote:
> Hi,
>
> On Mon, Nov 02, 2020 at 03:00:58PM +0100, David Sommerseth wrote:
>>> Then the imported configuration profile must get the DCO feature
>>> enabled:
>>>
>>> $ openvpn3 config-manage --show
On 02/11/2020 14:30, David Sommerseth wrote:
> With the kernel module installed, the configuration file must be
> be imported:
>
> $ openvpn3 config-import --config CONFIG_FILENAME \
> --name CFGNAME \
> --persistent
>
ignals to the Access Server the
downloaded configuration profile is intended to be imported into
a local storage.
--
kind regards,
David Sommerseth
OpenVPN Inc
[0] <https://gitlab.com/openvpn/openvpn3-linux>
<https://github.com/OpenVPN/openvpn3-linux>
--
file is prebuilt in source
tarballs and will thus be available.
Reported-By: Philip Brown
Tested-By: Philip Brown
Signed-off-by: David Sommerseth
---
Note: This may have a negative impact on hosts running 'make install'
(which also happens via 'make distcheck') when using the git tree
e error
message at line 1122.
But after all, the chosen approach gives a reasonable code execution
flow and I consider it cleaner. I don't see any reasons why it would be
beneficial to format the command line only after creating the temp file.
So ...
Acked-By: Davi
rather save some goodies for post 2.6 releases - to help the overall
development/release cycles go faster.
--
kind regards,
David Sommerseth
OpenVPN Inc
signature.asc
Description: OpenPGP digital signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
ves a problem
which cannot be solved through other reasonable ways.
--
kind regards,
David Sommerseth
OpenVPN Inc
signature.asc
Description: OpenPGP digital signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
nguage with D-Bus support will
work:
<https://github.com/OpenVPN/openvpn3-linux/tree/master/src/tests/python>
<https://github.com/OpenVPN/openvpn3-linux/tree/master/src/python>
--
kind regards,
David Sommerseth
OpenVPN Inc
signature.asc
Description: OpenPGP
"user story", which is the appropriate term for the 2020s).
My stance is pretty well covered in the ticket [1], and the only potential use
case which was provided does have, in my opinion, a better alternative by
using --management and --management-hold.
<htt
ct script) and file names parsed in
> + client-config directory will match the username.
I have not verified the behavior described, but I trust Selva's understanding
and testing. The extension of this part is valuable and makes both the man
entry and behavior clearer.
The fix I've touched above can
preserved as /nnn in the IPv6 range in
route_ipv6_network_{n}.
(These examples needs the proper :code:`value` and ``value`` highlighting,
removed here for clarity)
--
kind regards,
David Sommerseth
OpenVPN Inc
signature.asc
Description: OpenPGP digital signature
_
ct.c
>
I've only glared at important code pieces, diffed against the v2 of this patch
and compiled it on RHEL-7 (gcc-4.8.5 and gcc-9.3.1/devtoolset-9). Since
everything is as expected now (no compiler complaints, diff is good) and prior
review testing worked as expected ...
Acked-By: David Sommerse
lopers using a distro package of the library; these
packages install all these pkg-config files in the appropriate directory. The
challenge is more for those compiling and installing unpackaged versions of
the library; which is where the WOLFSSL_LIBS and WOLFSSL_CFLAGS comes into play.
--
kind regards,
this Makefile in the list
of files 'make distclean' should remove.
Signed-off-by: David Sommerseth
---
sample/Makefile.am | 3 +++
1 file changed, 3 insertions(+)
diff --git a/sample/Makefile.am b/sample/Makefile.am
index 3be698e7..46d113ab 100644
--- a/sample/Makefile.am
+++ b/sample
e client without any issues on CentOS 7, as
well as developing openvpn3-linux on RHEL-7 as the main development environment.
We're mostly on IRC, FreeNode in the #openvpn-devel room.
--
kind regards,
David Sommerseth
OpenVPN Inc
signature.asc
Description: OpenPGP digital signature
_
[resent from proper address]
On 16/09/2020 15:48, Gert Doering wrote:
> Hi,
>
> On Tue, Sep 15, 2020 at 10:52:54PM +0200, David Sommerseth wrote:
>> ---
>> v2 - Process README files with correct instructions and details
>> v3 - Add missing -I$(top_srcdir)/include an
#include "config.h" in sample code, to also get
various macros defined by the ./configure run.
This patch does not touch the winbuild scripts, as it seems building
these sample-plugins on Windows requires a bit different compile and
linking steps than *nix systems in general.
Signed-off
#include "config.h" in sample code, to also get
various macros defined by the ./configure run.
This patch does not touch the winbuild scripts, as it seems building
these sample-plugins on Windows requires a bit different compile and
linking steps than *nix systems in general.
Signed-off
On 15/09/2020 12:22, Gert Doering wrote:
> Hi,
>
> On Mon, Sep 14, 2020 at 02:27:21PM +0200, David Sommerseth wrote:
>> The sample-plugins have their own set of build/winbuild scripts in each
>> of these plugin directories. This does not give a good way to reuse
>>
#include "config.h" in sample code, to also get
various macros defined by the ./configure run.
This patch does not touch the winbuild scripts, as it seems building
these sample-plugins on Windows requires a bit different compile and
linking steps than *nix systems in general.
Signed-off
#include "config.h" in sample code, to also get
various macros defined by the ./configure run.
This patch does not touch the winbuild scripts, as it seems building
these sample-plugins on Windows requires a bit different compile and
linking steps than *nix systems in general.
Signed-off
ction
‘openvpn_plugin_client_connect’:
client-connect/sample-client-connect.c:356:9: error: ‘for’ loop initial
declarations are only allowed in C99 mode
for (int i = 0; argv[i]; i++)
--
kind regards,
David Sommerseth
OpenVPN Inc
signature.asc
Description: Ope
contains #define _GNU_SOURCE 1. This removes this compiler warning.
This is on RHEL-7 with both gcc-4.8 and gcc-9.3.
Otherwise, the code looks reasonable and it works. The log file does not
include the pushed echo statement (can be enabled in options.c:5286). The
management interface shows the pu
e and compiled all the sample plug-ins. All looks
reasonable and good.
Acked-By: David Sommerseth
--
kind regards,
David Sommerseth
OpenVPN Inc
signature.asc
Description: OpenPGP digital signature
___
Openvpn-devel mailing list
Openvpn-devel@lists
During the conversion from .8 to .rst and further reorganizing of the
content into separate files, the --server-ipv6 entry got lost. This
resurrects it again.
Signed-off-by: David Sommerseth
---
doc/man-sections/server-options.rst | 14 ++
1 file changed, 14 insertions(+)
diff
the next release. And
> otherwise we remove the support before the next release. That should our
> concerns of wanting to see ongoing support and also your concern of it
> not being included.
I completely agree. This makes a lot of sense and is a reasonable way forward.
--
kind regar
spread out.
Signed-off-by: David Sommerseth
---
doc/man-sections/client-options.rst | 60 -
1 file changed, 34 insertions(+), 26 deletions(-)
diff --git a/doc/man-sections/client-options.rst
b/doc/man-sections/client-options.rst
index ec1e3b11..af21fbcd 100644
On 08/09/2020 21:01, Vladislav Grishenko wrote:
> Hi David,
>
>> -Original Message-----
>> From: David Sommerseth
>> Sent: Tuesday, September 8, 2020 6:23 PM
>> To: Vladislav Grishenko ; openvpn-
>> de...@lists.sourceforge.net
>> Subject: Re: [Op
ting the man page to .rst files. The example should be:
remote server.example.net 1194 tcp
The OpenVPN 2.4 and prior releases has this line:
--remote host [port] [proto]
But this syntax was not supported by rst2man, so it was replaced with "args"
and the examples coming be
erver-options.rst | 8
> 1 file changed, 8 insertions(+)
Acked-By: David Sommerseth
It would be good if --push-reset would actually not remove certain critical
options, but this is anyhow a good heads-up for our users.
--
kind regards,
David Somm
But
I don't see the need for this if it is primarily to enable support for ancient
kernel releases which are no longer supported by the upstream kernel community
(where 4.4 is the oldest one).
I would lean on what Antonio says here as well, as he kinda owns the sitnl
implementation and API.
--
kind
tHub before the .rst conversion.
[1] <https://github.com/OpenVPN/openvpn/blob/release/2.4/doc/openvpn.8>
--
kind regards,
David Sommerseth
OpenVPN Inc
signature.asc
Description: OpenPGP digital signature
___
Openvpn-devel mailing list
Openvpn-d
as been extended with more region CA certificates used
for the request validations. In addition it will now pick up more of
system CA certificate file locations than before.
--
kind regards,
David Sommerseth
OpenVPN Inc
[0] <https://gitlab.com/openvpn/openvpn3-linux>
<h
le
> removal process. But if we remove an option/drop support for something
> something that should still be a weighing of pros and cons.
>
> For this specific option of ncp-ciphers/data-ciphers. This not just a
> fringe option. This is an option that affects one of the core things of
"data-ciphers") || streq(p[0], "ncp-ciphers"))
>> +&& p[1] && !p[2])
>> {
>> VERIFY_PERMISSION(OPT_P_GENERAL|OPT_P_INSTANCE);
>> options->ncp_ciphers = p[1];
>> diff --git a/src/openvpn/ssl_ncp.c b/src/open
. The filter
itself is simple to implement, just hasn't surfaced on the more critical
issues we've needed to tackle.
--
kind regards,
David Sommerseth
OpenVPN Inc
signature.asc
Description: OpenPGP digital signature
___
Openvpn-devel mailing list
Openvpn-dev
.
Otherwise I do fear for the future of OpenVPN 2.x.
By having a clear strategy and adhering to a process of feature/option
management in OpenVPN, we give clearly defined time-window for stability and
functionality for our users. This predictability is, in my experience, much
more important to
better explains what it is used for.
But I do reject NOT adding a deprecation path for --ncp-ciphers. We should
support --ncp-ciphers for 1-2 major releases, but after that it should be
removed. We have too many options and we certainly should avoid duplicating
options with the exact same functionality.
--
kind regards,
David Sommerseth
OpenVPN Inc
signature.asc
Description: OpenPGP digital signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
On 22/07/2020 14:01, Arne Schwabe wrote:
> Am 22.07.20 um 11:54 schrieb David Sommerseth:
>> Before --link-mtu, it was --udp-mtu. This was changed in
>> OpenVPN 1.5_beta1 (release July 2003). It should be safe now
>> to remove --udp-mtu, the transition period should hav
Before --link-mtu, it was --udp-mtu. This was changed in
OpenVPN 1.5_beta1 (release July 2003). It should be safe now
to remove --udp-mtu, the transition period should have been long
enough.
Signed-off-by: David Sommerseth
---
src/openvpn/options.c | 3 +--
1 file changed, 1 insertion(+), 2
st this patch on git master
commit 08469ca1eccc). Builds fine, 'make check' looks good.
Acked-By: David Sommerseth
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
On 20/07/2020 15:22, Arne Schwabe wrote:
> Am 20.07.20 um 15:16 schrieb David Sommerseth:
>> On 17/07/2020 15:47, Arne Schwabe wrote:
>>> Key-method 1 is only needed to talk to pre OpenVPN 2.0 clients.
>>>
>>> Patch V2: Fix style. Make V1 op codes illegal, remov
> -}
> -
> if (!read_control_auth(buf, >tls_wrap, from,
> session->opt))
> {
I had already started my own approach of removing --key-method when I was made
aware of this patch. Co
This option has been deprecated since OpenVPN 2.1 and it has been
highlighted in the documentation and log files since OpenVPN 2.4.4.
Signed-off-by: David Sommerseth
---
Changes.rst | 3 +++
src/openvpn/options.c | 9 -
2 files changed, 3 insertions(+), 9 deletions(-)
diff
This removes support for the --client-cert-not-required option. To
avoid starting a server with this option just ignored, which would make
it impossible for existing clients to connect it will exit with
instructions to replace this option with --verify-client-cert none.
Signed-off-by: David
This removes support for the --client-cert-not-required option. To
avoid starting a server with this option just ignored, which would make
it impossible for existing clients to connect it will exit with
instructions to replace this option with --verify-client-cert none.
Signed-off-by: David
the
'make distcheck' build test fail.
Signed-off-by: David Sommerseth
---
.travis.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.travis.yml b/.travis.yml
index 925d09ea..b154277e 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -111,7 +111,7 @@ jobs:
addons:
apt
messy.
By moving these files to dist_noinst_DATA= instead, these files are
still distributed but not installed via 'make install'.
Signed-off-by: David Sommerseth
---
doc/Makefile.am | 9 +
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/doc/Makefile.am b/doc/Makefile.am
index
iding our COPYING and
> +# INSTALL targets:
> +AM_INIT_AUTOMAKE(foreign serial_tests 1.9) dnl NB: Do not [quote] this
> parameter.
> AC_CANONICAL_HOST
> AC_USE_SYSTEM_EXTENSIONS
>
Acked-By: David Sommerseth
This works better than the previous attempt, this also passes 'make dist
This finializes the depreacation started in OpenVPN 2.4, where --no-iv
was made into a NOOP option.
Signed-off-by: David Sommerseth
---
Changes.rst | 3 +++
doc/man-sections/server-options.rst | 2 +-
doc/man-sections/unsupported-options.rst | 2 +-
src/openvpn
://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits#OVPN-03-3:Insecureconfigurationoptions:--no-replay
URL: [1]
https://community.openvpn.net/openvpn/wiki/DeprecatedOptions#Option:--no-replay
Signed-off-by: David Sommerseth
---
Changes.rst | 5
doc/man
On 17/07/2020 17:36, David Sommerseth wrote:
> On 17/07/2020 17:05, Matthias Andree wrote:
>> Signed-off-by: Matthias Andree
>> ---
>> doc/Makefile.am | 5 +++--
>> 1 file changed, 3 insertions(+), 2 deletions(-)
>>
>> diff --git a/doc/Makefile.am b/doc/
/.deps/libopenvpnmsica_la-tap.Plo'. Stop.
make[3]: Leaving directory `/home/davids/devel/OpenVPN/openvpn/src/openvpnmsica'
This needs more work to avoid this issue. It's also interesting that Windows
code is suddenly being pulled into the dependency tracking on a plain Linux
bo
101 - 200 of 2019 matches
Mail list logo