mirror/openvpn-android
0
0
Fork 0
mirror of https://github.com/schwabe/ics-openvpn.git synced 2024-09-20 12:02:28 +02:00
Code

OpenVPN Fixes and merge with upstream

Browse Source
This commit is contained in:
Arne Schwabe 2013-02-03 14:13:10 +01:00
parent f00cd03f5a
commit 8944196988
6 changed files with 61 additions and 132 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

122
openvpn/README.IPv6
View File

@ -1,97 +1,65 @@
Since 2.3.0, OpenVPN officially supports IPv6, and all widely used
patches floating around for older versions have been integrated.
IPv6 payload support
--------------------
Latest IPv6 payload support code and documentation can be found from here:
This is for "IPv6 inside OpenVPN", with server-pushed IPv6 configuration
on the client, and support for IPv6 configuration on the tun/tap interface
from within the openvpn config.
http://www.greenie.net/ipv6/openvpn.html
The code in 2.3.0 supersedes the IPv6 payload patches from Gert Doering,
formerly located at http://www.greenie.net/ipv6/openvpn.html
For TODO list, see TODO.IPv6.
Gert Doering, 31.12.2009
The following options have been added to handle IPv6 configuration,
analogous to their IPv4 counterparts (--server <-> --server-ipv6, etc.)
- server-ipv6
- ifconfig-ipv6
- ifconfig-ipv6-pool
- ifconfig-ipv6-push
- route-ipv6
- iroute-ipv6
see "man openvpn" for details how they are used.
IPv6 transport support
----------------------
[ Last updated: 25-Mar-2011. ]
This is to enable OpenVPN peers or client/servers to talk to each other
over an IPv6 network ("OpenVPN over IPv6").
OpenVPN-2.1 over UDP6/TCP6 README for ipv6-0.4.x patch releases:
( --udp6 and --tcp6-{client,server} )
The code in 2.3.0 supersedes the IPv6 transport patches from JuanJo Ciarlante,
formerly located at http://github.com/jjo/openvpn-ipv6
* Availability
Source code under GPLv2 from http://github.com/jjo/openvpn-ipv6
Distro ready repos/packages:
o Debian sid official repo, by Alberto Gonzalez Iniesta,
starting from openvpn_2.1~rc20-2
o Gentoo official portage tree, by Marcel Pennewiss:
- https://bugs.gentoo.org/show_bug.cgi?id=287896
o Ubuntu package, by Bernhard Schmidt:
- https://launchpad.net/~berni/+archive/ipv6/+packages
o Freetz.org, milestone freetz-1.2
- http://trac.freetz.org/milestone/freetz-1.2
Use the following options to select IPv6 transport:
* Status:
o OK:
- upd6,tcp6: GNU/Linux, win32, openbsd-4.7, freebsd-8.1
- udp4->upd6,tcp4->tcp6 (ipv4/6 mapped): GNU/Linux
(gives a warning on local!=remote proto matching)
o NOT:
- win32: tcp4->tcp6 (ipv4/6 mapped) fails w/connection refused
o NOT tested:
- mgmt console
--proto udp6
--proto tcp6-client
--proto tcp6-server
--proto tcp6 --client / --proto tcp6 --server
* Build setup:
./configure --enable-ipv6 (by default)
On systems that permit IPv4 connections on IPv6 sockets (Linux by
default, FreeBSD and NetBSD if you turn off the "v6only" sysctl by
running "sysctl -w net.inet6.ip6.v6only=0"), an OpenVPN server can
handle IPv4 connections on the IPv6 socket as well, making it a true
dual-stacked server.
* Usage:
For IPv6 just specify "-p upd6" an proper IPv6 hostnames, adapting the example
from man page ...
On other systems, as of 2.3.0, you need to run separate server instances
for IPv4 and IPv6.
On may:
openvpn --proto udp6 --remote <june_IPv6_addr> --dev tun1 \
--ifconfig 10.4.0.1 10.4.0.2 --verb 5 --secret key
The client side code is not really "dual-stacked" yet, as it does not
automatically try both address families when connecting to a dual-stacked
server. For now, you can achieve this with <connection> stanzas in your
openvpn config:
On june:
openvpn --proto udp6 --remote <may_IPv6_addr> --dev tun1 \
--ifconfig 10.4.0.2 10.4.0.1 --verb 5 --secret key
Same for --proto tcp6-client, tcp6-server.
* Main code changes summary:
- socket.h: New struct openvpn_sockaddr type that holds sockaddrs and pktinfo,
(here I omitted #ifdef USE_PF_xxxx, see socket.h )
struct openvpn_sockaddr {
union {
struct sockaddr sa;
struct sockaddr_in in;
struct sockaddr_in6 in6;
} addr;
};
struct link_socket_addr
{
struct openvpn_sockaddr local;
struct openvpn_sockaddr remote;
struct openvpn_sockaddr actual;
};
PRO: allows simple type overloading: local.addr.sa, local.addr.in, local.addr.in6 ... etc
(also local.pi.in and local.pi.in6)
- several function prototypes moved from sockaddr_in to openvpn_sockaddr
- several new sockaddr functions needed to "generalize" AF_xxxx operations:
addr_copy(), addr_zero(), ...etc
proto_is_udp(), proto_is_dgram(), proto_is_net()
* For TODO list, see TODO.IPv6
--
JuanJo Ciarlante jjo () google () com ............................
: :
. Linux IP Aliasing author .
. Modular algo (AES et all) support for FreeSWAN/OpenSWAN author .
. OpenVPN over IPv6 support .
:...... plus other scattered free software bits in the wild ...:
<connection>
remote my.dual.stack.server 1194 udp6
</connection>
<connection>
remote my.dual.stack.server 1194 udp
</connection>

3
openvpn/src/openvpn/event.c
View File

@ -34,6 +34,7 @@
#include "error.h"
#include "integer.h"
#include "event.h"
#include "fdmisc.h"
#include "memdbg.h"
@ -582,6 +583,8 @@ ep_init (int *maxevents, unsigned int flags)
if (fd < 0)
return NULL;
set_cloexec (fd);
ALLOC_OBJ_CLEAR (eps, struct ep_set);
/* set dispatch functions */

8
openvpn/src/openvpn/init.c
View File

@ -3288,6 +3288,10 @@ init_instance (struct context *c, const struct env_set *env, const unsigned int
/* init garbage collection level */
gc_init (&c->c2.gc);
/* inherit environmental variables */
if (env)
do_inherit_env (c, env);
/* signals caught here will abort */
c->sig->signal_received = 0;
c->sig->signal_text = NULL;
@ -3339,10 +3343,6 @@ init_instance (struct context *c, const struct env_set *env, const unsigned int
if (c->mode == CM_P2P || c->mode == CM_TOP)
do_option_warnings (c);
/* inherit environmental variables */
if (env)
do_inherit_env (c, env);
#ifdef ENABLE_PLUGIN
/* initialize plugins */
if (c->mode == CM_P2P || c->mode == CM_TOP)

30
openvpn/src/openvpn/misc.c
View File

@ -707,13 +707,6 @@ env_set_remove_from_environment (const struct env_set *es)
static struct env_item *global_env = NULL; /* GLOBAL */
void
manage_env (char *str)
{
remove_env_item (str, true, &global_env);
add_env_item (str, false, &global_env, NULL);
}
#endif
/* add/modify/delete environmental strings */
@ -789,27 +782,18 @@ setenv_str_ex (struct env_set *es,
if (value)
val_tmp = string_mod_const (value, value_include, value_exclude, value_replace, &gc);
if (es)
ASSERT (es);
if (val_tmp)
{
if (val_tmp)
{
const char *str = construct_name_value (name_tmp, val_tmp, &gc);
env_set_add (es, str);
const char *str = construct_name_value (name_tmp, val_tmp, &gc);
env_set_add (es, str);
#if DEBUG_VERBOSE_SETENV
msg (M_INFO, "SETENV_ES '%s'", str);
msg (M_INFO, "SETENV_ES '%s'", str);
#endif
}
else
env_set_del (es, name_tmp);
}
else
{
char *str = construct_name_value (name_tmp, val_tmp, &gc);
if (platform_putenv(str))
{
msg (M_WARN | M_ERRNO, "putenv('%s') failed", str);
}
}
env_set_del (es, name_tmp);
gc_free (&gc);
}

28
openvpn/src/openvpn/platform.c
View File

@ -275,34 +275,6 @@ platform_unlink (const char *filename)
#endif
}
int platform_putenv(char *string)
{
int status;
#if defined(WIN32)
struct gc_arena gc = gc_new ();
char *s = string_alloc(string, &gc);
char *value = strchr(s, '=');
if (value!=NULL)
{
*value = '\0';
value++;
if (*value == '\0')
value = NULL;
}
status = SetEnvironmentVariableW (wide_string (s, &gc),
wide_string (value, &gc)) ? 1: 0;
gc_free (&gc);
#elif defined(HAVE_PUTENV)
void manage_env (char *str); /* TODO: Resolve properly */
status = putenv (string);
if (!status)
manage_env (string);
#endif
return status;
}
FILE *
platform_fopen (const char *path, const char *mode)
{

2
openvpn/src/openvpn/status.c
View File

@ -33,6 +33,7 @@
#include "status.h"
#include "perf.h"
#include "misc.h"
#include "fdmisc.h"
#include "memdbg.h"
@ -98,6 +99,7 @@ status_open (const char *filename,
if (so->fd >= 0)
{
so->filename = string_alloc (filename, NULL);
set_cloexec (so->fd);
/* allocate read buffer */
if (so->flags & STATUS_OUTPUT_READ)