the getaddr6 and getaddr_mutli functions are duplicates of each other.
Since we always require getaddrinfo to be present both function are merge
into one openvpn_getaddrinfo.
This functions also returns a standard struct addrinfo* so our resolve
interface is closer to the standard unix interface. The getaddr function
is a wrapper which provides backward compatibility for IPv4 addresses.
Ipv6 calls and calls to getaddr_multi are replaced with the new interface.
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: 1344333837-22076-1-git-send-email-arne@rfc2549.org
URL: http://article.gmane.org/gmane.network.openvpn.devel/6959
Signed-off-by: David Sommerseth <davids@redhat.com>
[DS: Applied proper indenting on the changes wherever needed]
This amends commit 62c613d46d to check whether a named tun/tap
device ("--dev tunX" instead of "--dev tun") exists before OpenVPN
started - if yes, keep around at program end. If no, destroy.
Also has a spelling fix, and changes clear_tuntap() to be "static"
(only ever called from within tun.c).
Tested on FreeBSD 7.4, FreeBSD 9.0, NetBSD 5.1, OpenBSD 4.9
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Eric Crist <ecrist@secure-computing.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
This is useful if a test fails, and the tester wants to run the very
same OpenVPN call with the very same arguments interactively to
pinpoint and fix the problem.
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: David Sommerseth <davids@redhat.com>
Message-Id: 1345141883-9889-2-git-send-email-gert@greenie.muc.de
URL: http://article.gmane.org/gmane.network.openvpn.devel/6984
Signed-off-by: David Sommerseth <davids@redhat.com>
For 2.3 release, we do not need to have more details, as there is no
separate patch set anymore, and both IPv6 transport and IPv6 payload
(PF_INET6) have been fully integrated.
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: David Sommerseth <davids@redhat.com>
Message-Id: 1345141883-9889-3-git-send-email-gert@greenie.muc.de
URL: http://article.gmane.org/gmane.network.openvpn.devel/6985
Signed-off-by: David Sommerseth <davids@redhat.com>
This patch documents the usage of inline files in OpenVPN. Hackish ways of
inline files are deliberately left out. For tls-auth and
secret the key-direction option is right way of specifying the direction
and not by using two tls-auth/secret lines where the first sets the
direction and has a dummy file name and the second sets the inline file
data but does not reset the direction parameter.
Also pkcs12 [[INLINE]] base64encoded_data works but is a quirk of how the
config parser works
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: 1345756860-2044-1-git-send-email-arne@rfc2549.org
URL: http://article.gmane.org/gmane.network.openvpn.devel/7006
Signed-off-by: David Sommerseth <davids@redhat.com>
Some plugins want to add messages to the openvpn log file. The
plugin_log() and plugin_vlog() APIs provide ways for them to do so.
OPENVPN_PLUGINv3_STRUCTVER is not incremented as the v3 plugin API
is new in 2.3 and this is merged during alpha phase.
Signed-off-by: Heiko Hund <heiko.hund@sophos.com>
Acked-by: David Sommerseth <davids@redhat.com>
Message-Id: 1343920822-29161-1-git-send-email-heiko.hund@sophos.com
URL: http://article.gmane.org/gmane.network.openvpn.devel/6946
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Commit af1bf85a introducing the --management-query-proxy option
broke the initialization of HTTP proxy options by not assigning
the allocated object to the options element in the function
init_http_proxy_options_once().
Signed-off-by: Heiko Hund <heiko.hund@sophos.com>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: 1343639122-8658-1-git-send-email-heiko.hund@sophos.com
URL: http://article.gmane.org/gmane.network.openvpn.devel/6913
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Make openvpn query for proxy information through the
management interface. This allows GUIs to provide (automatically
detected) proxy information on a per connection basis.
This new option supersedes the undocumented --http-proxy-fallback
option and puts the responsibilty for HTTP proxy fallback handling
to the GUI caring for such.
Signed-off-by: Heiko Hund <heiko.hund@sophos.com>
Reviewed-by: James Yonan <james@openvpn.net>
Message-Id: 1342009010-9735-1-git-send-email-heiko.hund@sophos.com
URL: http://article.gmane.org/gmane.network.openvpn.devel/6841
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
WSAGetLastError() is just a wrapper for GetLastError(). So, there's
no need to differentiate between socket related and other errors.
This patch removes all special handling of socket errors in favor
of simplifying the codebase somewhat.
Signed-off-by: Heiko Hund <heiko.hund@sophos.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: 1342542316-32563-1-git-send-email-heiko.hund@sophos.com
URL: http://article.gmane.org/gmane.network.openvpn.devel/6876
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Some of the MANAGEMENT_QUERY_REMOTE were actually needed. Put #ifdef
ENABLE_MANAGMENT in their place
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: David Sommerseth <davids@redhat.com>
Message-Id: 1341479835-12963-1-git-send-email-arne@rfc2549.org
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Operator/Cast precedence wrong: casting mac[0] to (bool) first - giving
"1" for "any mac address that does not start with 00:" - and only then
bit-anding with "1" - thus always returning "true". Which, in turn,
leads to "reject all incoming packets with 'bad source address'".
OpenVPN bug #216.
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Fabian Knittel <fabian.knittel@lettink.de>
Message-Id: 1341089443-2287-1-git-send-email-gert@greenie.muc.de
URL: http://article.gmane.org/gmane.network.openvpn.devel/6817
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
This fixes starting openvpn compiled as client only version of systems
that have no /tmp (Android). --tmp-dir could only be set if P2MP_SERVER
has been enabled too.
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: 1340044749-10694-2-git-send-email-arne@rfc2549.org
URL: http://article.gmane.org/gmane.network.openvpn.devel/6741
Signed-off-by: David Sommerseth <davids@redhat.com>
This include is superfluous, as all callers already include config.h -
and under certain combinations of configure options and syshead.h
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Alon Bar-Lev <alon.barlev@gmail.com>
Message-Id: 20120614144454.GX1059@greenie.muc.de
URL: http://article.gmane.org/gmane.network.openvpn.devel/6723
Signed-off-by: David Sommerseth <davids@redhat.com>
Clarify status of each already-done item for "IPv6 payload" TODOs.
Remove TODOs from "IPv6 transport" list that have been solved in
"IPv6 payload" work.
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
OpenVPN on Linux (iproute2+ifconfig), FreeBSD and MacOS X (Darwin)
normally points routes directly towards the "tun" interface, obviating
the need for a gateway. For "tap" interfaces, now add gateway spec to
linux route command, and replace "-iface <dev>" with gateway spec (both
together do not work) on FreeBSD and MacOS X.
Also adapt "route delete" appropriately, otherwise route will not be found.
All other platforms already use the gateway address for tun and tap,
because there's no way to install a route "towards an interface" there.
Remove warning about missing IPv6 route gateway handling.
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: David Sommerseth <davids@redhat.com>
Message-Id: 1339342891-28443-5-git-send-email-gert@greenie.muc.de
URL: http://article.gmane.org/gmane.network.openvpn.devel/6712
Signed-off-by: David Sommerseth <davids@redhat.com>
This is not the a problem when building using the latest Mac OS X SDK.
I've did a quick search and it seems to be a more common issue on some
(old) Darwin platforms.
[ Additional review note from Gert Doering:
IPV6_PKTINFO is part of the "extended socket API" defined in RFC2292.
That RFC used IPV6_PKTINFO both for receiving the destination IPv6 address
in UDP packets, and for setting the source address for outgoing packets.
RFC2292 was updated by RFC3542, which renamed the "receive" function to
IPV6_RECVPKTINFO, leaving the "sending" function as IPV6_PKTINFO - and,
subsequently, in FreeBSD they have different "setsockopt()" opcodes.
So, on a system that has *both*, we need to use IPV6_RECVPKTINFO for
receving (turning it on with setsockopt) to make --multihome work, and
IPV6_PKTINFO for sending (which we don't actually do).
On a system that only has IPV6_PKTINFO, because it's API only implements
2292 (MacOS up until 10.6), use IPV6_PKTINFO for setsockopt().
Now, the interesting question is whether a 10.5-compiled openvpn.exe
will behave correctly under 10.7 if --multihome is active...
]
Signed-off-by: Frank de Brabander <debrabander@gmail.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: eb2837a3-ce55-4f52-b2fe-f822efc661f7@l14g2000vbe.googlegroups.com
URL: http://article.gmane.org/gmane.network.openvpn.devel/5591
Signed-off-by: David Sommerseth <davids@redhat.com>
Without this patch, Solaris will do "--dev tun3" just fine, but "--dev tun"
will either use "tun0" if that is available, or fail. With the patch, the
first available device is searched if "--dev tun" or "--dev tap" (without
a number) is specified.
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: David Sommerseth <davids@redhat.com>
Message-Id: 20120607174638.GW1059@greenie.muc.de
URL: http://article.gmane.org/gmane.network.openvpn.devel/6705
Signed-off-by: David Sommerseth <davids@redhat.com>
Yet another postprocess-output fix for iproute2 (sometimes there was
no whitespace in the output, so substituting away expiry time failed).
Print summary line of succeeded and failed test sets at the very end.
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: David Sommerseth <davids@redhat.com>
Message-Id: 20120607174255.GV1059@greenie.muc.de
URL: http://article.gmane.org/gmane.network.openvpn.devel/6704
Signed-off-by: David Sommerseth <davids@redhat.com>
During discussion on FOSDEM 2012 it was decided that proxy auto detection
is best done in the GUI as it's highly platform specific and shouldn't be
handled in openvpn itself for every supported platform in openvpn itself.
This removes --auto-proxy from openvpn.
Signed-off-by: Heiko Hund <heiko.hund@sophos.com>
Acked-by: David Sommerseth <davids@redhat.com>
Message-Id: 1328446029-30523-1-git-send-email-heiko.hund@sophos.com
URL: http://article.gmane.org/gmane.network.openvpn.devel/5333
Signed-off-by: David Sommerseth <davids@redhat.com>
Changes
Options error: option 'dhcp-option' cannot be used in this context
to
P:Options error: option 'dhcp-option' cannot be used in this context
([PUSH-OPTIONS])
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: David Sommerseth <davids@redhat.com>
Message-Id: 1338642223-20324-6-git-send-email-arne@rfc2549.org
URL: http://article.gmane.org/gmane.network.openvpn.devel/6646
Signed-off-by: David Sommerseth <davids@redhat.com>
