mirror of
https://github.com/schwabe/ics-openvpn.git
synced 2024-09-20 12:02:28 +02:00
OpenVPN Fixes and merge with upstream
This commit is contained in:
parent
f00cd03f5a
commit
8944196988
@ -1,97 +1,65 @@
|
||||
Since 2.3.0, OpenVPN officially supports IPv6, and all widely used
|
||||
patches floating around for older versions have been integrated.
|
||||
|
||||
IPv6 payload support
|
||||
--------------------
|
||||
|
||||
Latest IPv6 payload support code and documentation can be found from here:
|
||||
This is for "IPv6 inside OpenVPN", with server-pushed IPv6 configuration
|
||||
on the client, and support for IPv6 configuration on the tun/tap interface
|
||||
from within the openvpn config.
|
||||
|
||||
http://www.greenie.net/ipv6/openvpn.html
|
||||
The code in 2.3.0 supersedes the IPv6 payload patches from Gert Doering,
|
||||
formerly located at http://www.greenie.net/ipv6/openvpn.html
|
||||
|
||||
For TODO list, see TODO.IPv6.
|
||||
|
||||
Gert Doering, 31.12.2009
|
||||
The following options have been added to handle IPv6 configuration,
|
||||
analogous to their IPv4 counterparts (--server <-> --server-ipv6, etc.)
|
||||
|
||||
- server-ipv6
|
||||
- ifconfig-ipv6
|
||||
- ifconfig-ipv6-pool
|
||||
- ifconfig-ipv6-push
|
||||
- route-ipv6
|
||||
- iroute-ipv6
|
||||
|
||||
see "man openvpn" for details how they are used.
|
||||
|
||||
|
||||
|
||||
IPv6 transport support
|
||||
----------------------
|
||||
|
||||
[ Last updated: 25-Mar-2011. ]
|
||||
This is to enable OpenVPN peers or client/servers to talk to each other
|
||||
over an IPv6 network ("OpenVPN over IPv6").
|
||||
|
||||
OpenVPN-2.1 over UDP6/TCP6 README for ipv6-0.4.x patch releases:
|
||||
( --udp6 and --tcp6-{client,server} )
|
||||
The code in 2.3.0 supersedes the IPv6 transport patches from JuanJo Ciarlante,
|
||||
formerly located at http://github.com/jjo/openvpn-ipv6
|
||||
|
||||
* Availability
|
||||
Source code under GPLv2 from http://github.com/jjo/openvpn-ipv6
|
||||
|
||||
Distro ready repos/packages:
|
||||
o Debian sid official repo, by Alberto Gonzalez Iniesta,
|
||||
starting from openvpn_2.1~rc20-2
|
||||
o Gentoo official portage tree, by Marcel Pennewiss:
|
||||
- https://bugs.gentoo.org/show_bug.cgi?id=287896
|
||||
o Ubuntu package, by Bernhard Schmidt:
|
||||
- https://launchpad.net/~berni/+archive/ipv6/+packages
|
||||
o Freetz.org, milestone freetz-1.2
|
||||
- http://trac.freetz.org/milestone/freetz-1.2
|
||||
Use the following options to select IPv6 transport:
|
||||
|
||||
* Status:
|
||||
o OK:
|
||||
- upd6,tcp6: GNU/Linux, win32, openbsd-4.7, freebsd-8.1
|
||||
- udp4->upd6,tcp4->tcp6 (ipv4/6 mapped): GNU/Linux
|
||||
(gives a warning on local!=remote proto matching)
|
||||
o NOT:
|
||||
- win32: tcp4->tcp6 (ipv4/6 mapped) fails w/connection refused
|
||||
o NOT tested:
|
||||
- mgmt console
|
||||
--proto udp6
|
||||
--proto tcp6-client
|
||||
--proto tcp6-server
|
||||
--proto tcp6 --client / --proto tcp6 --server
|
||||
|
||||
* Build setup:
|
||||
./configure --enable-ipv6 (by default)
|
||||
On systems that permit IPv4 connections on IPv6 sockets (Linux by
|
||||
default, FreeBSD and NetBSD if you turn off the "v6only" sysctl by
|
||||
running "sysctl -w net.inet6.ip6.v6only=0"), an OpenVPN server can
|
||||
handle IPv4 connections on the IPv6 socket as well, making it a true
|
||||
dual-stacked server.
|
||||
|
||||
* Usage:
|
||||
For IPv6 just specify "-p upd6" an proper IPv6 hostnames, adapting the example
|
||||
from man page ...
|
||||
On other systems, as of 2.3.0, you need to run separate server instances
|
||||
for IPv4 and IPv6.
|
||||
|
||||
On may:
|
||||
openvpn --proto udp6 --remote <june_IPv6_addr> --dev tun1 \
|
||||
--ifconfig 10.4.0.1 10.4.0.2 --verb 5 --secret key
|
||||
The client side code is not really "dual-stacked" yet, as it does not
|
||||
automatically try both address families when connecting to a dual-stacked
|
||||
server. For now, you can achieve this with <connection> stanzas in your
|
||||
openvpn config:
|
||||
|
||||
On june:
|
||||
openvpn --proto udp6 --remote <may_IPv6_addr> --dev tun1 \
|
||||
--ifconfig 10.4.0.2 10.4.0.1 --verb 5 --secret key
|
||||
|
||||
Same for --proto tcp6-client, tcp6-server.
|
||||
|
||||
* Main code changes summary:
|
||||
- socket.h: New struct openvpn_sockaddr type that holds sockaddrs and pktinfo,
|
||||
(here I omitted #ifdef USE_PF_xxxx, see socket.h )
|
||||
|
||||
struct openvpn_sockaddr {
|
||||
union {
|
||||
struct sockaddr sa;
|
||||
struct sockaddr_in in;
|
||||
struct sockaddr_in6 in6;
|
||||
} addr;
|
||||
};
|
||||
|
||||
struct link_socket_addr
|
||||
{
|
||||
struct openvpn_sockaddr local;
|
||||
struct openvpn_sockaddr remote;
|
||||
struct openvpn_sockaddr actual;
|
||||
};
|
||||
|
||||
PRO: allows simple type overloading: local.addr.sa, local.addr.in, local.addr.in6 ... etc
|
||||
(also local.pi.in and local.pi.in6)
|
||||
|
||||
- several function prototypes moved from sockaddr_in to openvpn_sockaddr
|
||||
- several new sockaddr functions needed to "generalize" AF_xxxx operations:
|
||||
addr_copy(), addr_zero(), ...etc
|
||||
proto_is_udp(), proto_is_dgram(), proto_is_net()
|
||||
|
||||
* For TODO list, see TODO.IPv6
|
||||
|
||||
--
|
||||
JuanJo Ciarlante jjo () google () com ............................
|
||||
: :
|
||||
. Linux IP Aliasing author .
|
||||
. Modular algo (AES et all) support for FreeSWAN/OpenSWAN author .
|
||||
. OpenVPN over IPv6 support .
|
||||
:...... plus other scattered free software bits in the wild ...:
|
||||
<connection>
|
||||
remote my.dual.stack.server 1194 udp6
|
||||
</connection>
|
||||
<connection>
|
||||
remote my.dual.stack.server 1194 udp
|
||||
</connection>
|
||||
|
@ -34,6 +34,7 @@
|
||||
#include "error.h"
|
||||
#include "integer.h"
|
||||
#include "event.h"
|
||||
#include "fdmisc.h"
|
||||
|
||||
#include "memdbg.h"
|
||||
|
||||
@ -582,6 +583,8 @@ ep_init (int *maxevents, unsigned int flags)
|
||||
if (fd < 0)
|
||||
return NULL;
|
||||
|
||||
set_cloexec (fd);
|
||||
|
||||
ALLOC_OBJ_CLEAR (eps, struct ep_set);
|
||||
|
||||
/* set dispatch functions */
|
||||
|
@ -3288,6 +3288,10 @@ init_instance (struct context *c, const struct env_set *env, const unsigned int
|
||||
/* init garbage collection level */
|
||||
gc_init (&c->c2.gc);
|
||||
|
||||
/* inherit environmental variables */
|
||||
if (env)
|
||||
do_inherit_env (c, env);
|
||||
|
||||
/* signals caught here will abort */
|
||||
c->sig->signal_received = 0;
|
||||
c->sig->signal_text = NULL;
|
||||
@ -3339,10 +3343,6 @@ init_instance (struct context *c, const struct env_set *env, const unsigned int
|
||||
if (c->mode == CM_P2P || c->mode == CM_TOP)
|
||||
do_option_warnings (c);
|
||||
|
||||
/* inherit environmental variables */
|
||||
if (env)
|
||||
do_inherit_env (c, env);
|
||||
|
||||
#ifdef ENABLE_PLUGIN
|
||||
/* initialize plugins */
|
||||
if (c->mode == CM_P2P || c->mode == CM_TOP)
|
||||
|
@ -707,13 +707,6 @@ env_set_remove_from_environment (const struct env_set *es)
|
||||
|
||||
static struct env_item *global_env = NULL; /* GLOBAL */
|
||||
|
||||
void
|
||||
manage_env (char *str)
|
||||
{
|
||||
remove_env_item (str, true, &global_env);
|
||||
add_env_item (str, false, &global_env, NULL);
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
/* add/modify/delete environmental strings */
|
||||
@ -789,27 +782,18 @@ setenv_str_ex (struct env_set *es,
|
||||
if (value)
|
||||
val_tmp = string_mod_const (value, value_include, value_exclude, value_replace, &gc);
|
||||
|
||||
if (es)
|
||||
ASSERT (es);
|
||||
|
||||
if (val_tmp)
|
||||
{
|
||||
if (val_tmp)
|
||||
{
|
||||
const char *str = construct_name_value (name_tmp, val_tmp, &gc);
|
||||
env_set_add (es, str);
|
||||
const char *str = construct_name_value (name_tmp, val_tmp, &gc);
|
||||
env_set_add (es, str);
|
||||
#if DEBUG_VERBOSE_SETENV
|
||||
msg (M_INFO, "SETENV_ES '%s'", str);
|
||||
msg (M_INFO, "SETENV_ES '%s'", str);
|
||||
#endif
|
||||
}
|
||||
else
|
||||
env_set_del (es, name_tmp);
|
||||
}
|
||||
else
|
||||
{
|
||||
char *str = construct_name_value (name_tmp, val_tmp, &gc);
|
||||
if (platform_putenv(str))
|
||||
{
|
||||
msg (M_WARN | M_ERRNO, "putenv('%s') failed", str);
|
||||
}
|
||||
}
|
||||
env_set_del (es, name_tmp);
|
||||
|
||||
gc_free (&gc);
|
||||
}
|
||||
|
@ -275,34 +275,6 @@ platform_unlink (const char *filename)
|
||||
#endif
|
||||
}
|
||||
|
||||
int platform_putenv(char *string)
|
||||
{
|
||||
int status;
|
||||
#if defined(WIN32)
|
||||
struct gc_arena gc = gc_new ();
|
||||
char *s = string_alloc(string, &gc);
|
||||
char *value = strchr(s, '=');
|
||||
if (value!=NULL)
|
||||
{
|
||||
*value = '\0';
|
||||
value++;
|
||||
if (*value == '\0')
|
||||
value = NULL;
|
||||
}
|
||||
|
||||
status = SetEnvironmentVariableW (wide_string (s, &gc),
|
||||
wide_string (value, &gc)) ? 1: 0;
|
||||
gc_free (&gc);
|
||||
#elif defined(HAVE_PUTENV)
|
||||
void manage_env (char *str); /* TODO: Resolve properly */
|
||||
status = putenv (string);
|
||||
if (!status)
|
||||
manage_env (string);
|
||||
#endif
|
||||
|
||||
return status;
|
||||
}
|
||||
|
||||
FILE *
|
||||
platform_fopen (const char *path, const char *mode)
|
||||
{
|
||||
|
@ -33,6 +33,7 @@
|
||||
#include "status.h"
|
||||
#include "perf.h"
|
||||
#include "misc.h"
|
||||
#include "fdmisc.h"
|
||||
|
||||
#include "memdbg.h"
|
||||
|
||||
@ -98,6 +99,7 @@ status_open (const char *filename,
|
||||
if (so->fd >= 0)
|
||||
{
|
||||
so->filename = string_alloc (filename, NULL);
|
||||
set_cloexec (so->fd);
|
||||
|
||||
/* allocate read buffer */
|
||||
if (so->flags & STATUS_OUTPUT_READ)
|
||||
|
Loading…
Reference in New Issue
Block a user