Hopefully the last SVN merge we need to do, as these merges are getting
more and more difficult. Most of the files had minor changes, but due to
the CRLF unification patch (commit 6b2883a637) we got an increased
number of conflicts. In addition inclusion of IPv6 support makes the
creates a lot of merge issues in route.c and socket.c
This merge also reverts commit 7c18c63539 which merged
add_bypass_address() into add_host_route_if_nonlocal(). However the SVN
tree began to use add_bypass_address() another place, where at first glance
it did not be appropriate to use add_host_route_if_nonlocal().
This merge has gone through a 'make check' without any errors, but have
not been tested more thoroughly yet.
Conflicts:
ChangeLog
INSTALL
INSTALL-win32.txt
Makefile.am
acinclude.m4
base64.c
buffer.c
buffer.h
common.h
configure.ac
contrib/pull-resolv-conf/client.down
contrib/pull-resolv-conf/client.up
crypto.c
cryptoapi.c
easy-rsa/2.0/Makefile
easy-rsa/2.0/README
easy-rsa/2.0/build-ca
easy-rsa/2.0/build-dh
easy-rsa/2.0/build-inter
easy-rsa/2.0/build-key
easy-rsa/2.0/build-key-pass
easy-rsa/2.0/build-key-pkcs12
easy-rsa/2.0/build-key-server
easy-rsa/2.0/build-req
easy-rsa/2.0/build-req-pass
easy-rsa/2.0/clean-all
easy-rsa/2.0/inherit-inter
easy-rsa/2.0/list-crl
easy-rsa/2.0/pkitool
easy-rsa/2.0/revoke-full
easy-rsa/2.0/sign-req
easy-rsa/2.0/vars
easy-rsa/2.0/whichopensslcnf
easy-rsa/Windows/build-ca-pass.bat
easy-rsa/Windows/build-key-pass.bat
easy-rsa/Windows/build-key-server-pass.bat
easy-rsa/Windows/init-config.bat
easy-rsa/Windows/vars.bat.sample
error.c
error.h
forward.c
helper.c
httpdigest.c
httpdigest.h
ieproxy.c
init.c
init.h
install-win32/Makefile.am
install-win32/makeopenvpn
install-win32/openssl/openssl097.patch
install-win32/openssl/openssl098.patch
install-win32/openvpn.nsi
list.c
list.h
manage.c
manage.h
management/management-notes.txt
mbuf.c
mbuf.h
misc.c
misc.h
mroute.c
mroute.h
msvc/autodefs.h.in
msvc/config.py
msvc/msvc.mak
mtcp.c
mudp.c
multi.c
multi.h
occ.c
openvpn-plugin.h
openvpn.8
openvpn.h
options.c
options.h
otime.c
otime.h
perf.c
pf.c
ping.c
pkcs11.c
plugin.c
plugin.h
plugin/auth-pam/README
plugin/auth-pam/auth-pam.c
pool.c
pool.h
proto.h
proxy.c
ps.c
push.c
reliable.c
route.c
route.h
sample-config-files/firewall.sh
sample-scripts/bridge-start
sample-scripts/bridge-stop
sample-scripts/openvpn.init
sample-scripts/verify-cn
schedule.c
schedule.h
service-win32/openvpnserv.c
sig.c
socket.c
socket.h
socks.c
socks.h
ssl.c
ssl.h
status.c
syshead.h
tap-win32/SOURCES.in
tap-win32/common.h
tap-win32/proto.h
tap-win32/tapdrvr.c
tap-win32/types.h
tun.c
tun.h
version.m4
win/autodefs.h.in
win/build.py
win/build_all.py
win/build_ddk.py
win/build_exe.py
win/config.py
win/config_all.py
win/config_tap.py
win/config_ti.py
win/js.py
win/make_dist.py
win/msvc.mak.in
win/settings.in
win/show.py
win/sign.py
win/tap_span.py
win/wb.py
win32.c
win32.h
Signed-off-by: David Sommerseth <davids@redhat.com>
Reviewed-by: Gert Doering <gert@greenie.muc.de>
Reviewed-by: James Yonan <james@openvpn.net>
Reviewed-by: Adriaan de Jong <dejong@fox-it.com>
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <dazo@users.sourceforge.net>
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <dazo@users.sourceforge.net>
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <dazo@users.sourceforge.net>
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
As support for OpenSSL 1.0.0 requires a modified openssl.cnf file, it was
decided to rename openssl.cnf to openssl-1.0.0.cnf for clarity and better
support of different OpenSSL versions. The old openssl.cnf was renamed as
openssl-0.9.8.cnf.
This patch makes sure that all openssl*.cnf files are copied when running 'make
install' in easy-rsa and makes the whichopensslcnf script aware of them as well.
Signed-off-by: Samuli Seppänen <samuli@openvpn.net>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
This patch fixes remaining issues with Trac ticket #125. It does the following:
- Update easy-rsa/2.0/README
- Rename easy-rsa/2.0/openssl.cnf as openssl-0.9.8.cnf
- Add easy-rsa/2.0/openssl-1.0.0.cnf
- Updated vars.bat.sample to use openssl-1.0.0.cnf
- Updated win/openvpn.nsi to use openssl-1.0.0.cnf
- Add a few undefined variables to vars and vars.bat.sample:
required by OpenSSL 1.0.0 (at least on Windows)
Signed-off-by: Samuli Seppänen <samuli@openvpn.net>
Tested-by: Samuli Seppänen <samuli@openvpn.net>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
This is required for patch "Fix a build-ca issue on Windows" to work
Signed-off-by: Samuli Seppänen <samuli@openvpn.net>
Acked-by: David Sommerseth <davids@redhat.com>
When configuring OpenVPN nowadays, the TUN/TAP configuration can
sometimes jump into the Linux 2.2 fallback code paths, which will
also fails. The reason it jumps into fallback mode is that the
tun/tap device already exists or that /dev/net/tun does not exist.
This can be very confusing, as /dev/tunX which the fallback mode tries
to use, does not exist on Linux 2.4 and newer.
Considering that the last Linux 2.2 update was released 25-Feb-2004
and the first Linux 2.4 release came 04-Jan-2001, there are no
reasonable reasons to help users to stay on outdated kernels.
I consider this extra code path just waste of bytes ... so lets make
the world simpler.
Signed-off-by: David Sommerseth <davids@redhat.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Also fixed a typo in the --help screen.
Signed-off-by: Robert Fischer <ml-openvpn@trispace.org>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
Signed-off-by: Robert Fischer <ml-openvpn@trispace.org>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
Linux, Mac OS X, and Linux. This flag (which is pushable
from server) blocks client access to local LAN while VPN
session is active.
Added standalone --show-gateway option to show info about
default gateway.
Extensively refactored get_default_gateway function in
route.c to ease implementation of block-local.
Removed "Experimental" disclaimer from redirect-gateway
man page.
Version 2.1.3y.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7334 e7ae566f-a301-0410-adde-c780ea21d3b5
This includes the new "static-challenge" directive.
See management/management-notes.txt for details on both
static and dynamic challenge/response protocols.
All client-side challenge/response code is #ifdefed on
ENABLE_CLIENT_CR and can be removed from the build
by commenting out the definition of ENABLE_CLIENT_CR
in syshead.h.
Version 2.1.3x.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7316 e7ae566f-a301-0410-adde-c780ea21d3b5
pkcs11.c seems to miss some header files which gets implicitly added when
the management interface is enabled.
Signed-off-by: David Sommerseth <davids@redhat.com>
Tested-by: Mr Dash Four <mr.dash.four@googlemail.com>
The push_peer_info feature depends on the SSL infrastructure and openvpn
will fail to build if ./configure --disable-crypto --disable-ssl is
used. The solution is to not define ENABLE_PUSH_PEER_INFO if we don't
have crypto/ssl.
Signed-off-by: David Sommerseth <davids@redhat.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
after tunnel shutdown. Needs to make delete_route_ipv6() visible from
tun.c (route.c, route.h) and to properly zero-out host bits from IPv6
"network" at interface route clearing. Further, add IPv6 routes with
"store=active" to make sure nothing lingers after a system crash while
OpenVPN was running.
While at it, small Solaris cleanup - use CLEAR() to zero-out "ifr" struct.
Tested on Windows XP SP3 and Win7 by Gert Doering and Tony Lim.
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Microsoft Visual Studio complains about const char const **ptr declarations
and expects them to be be const char ** const ptr. The latter is what was the
intention, that neither the pointer nor the value(s) it points at can be changed.
Signed-off-by: David Sommerseth <davids@redhat.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
This prevents the netsh.exe command from exiting with a status 1
when the address already exists. By adding store=active the address
will not survive a reboot and be assigned temporarily.
Tested on Windows 7 and Windows XP SP 2.
Signed-off-by: smos <seth.mos@dds.nl>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: Gert Doering <gert@greenie.muc.de>
I just upgraded to 2.2.0, and my build fails with:
ps.c: In function 'port_share_open':
ps.c:778:7: error: 'management' undeclared (first use in this function)
ps.c:778:7: note: each undeclared identifier is reported only once for
each function it appears in
make[5]: *** [ps.o] Error 1
[Comment by David Sommerseth:
This happens only when building with --enable-small, --disable-management
and --disable-pkcs11
Also changed MANAGEMENT_ENABLED to ENABLE_MANAGEMENT from the original
patch.
]
Mailing-list: http://thread.gmane.org/gmane.network.openvpn.devel/4639
Signed-off-by: Matthew L. Creech <mlcreech@gmail.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
Some older GCC compilers don't like that variables are declared
in the middle of the code, and expect them on the top in the
block/scope.
Trac-ticket: 99
Signed-off-by: Simon Matter <simon.matter@invoca.ch>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
The tmp_dir string is required in the options struct regardless of options
so spin it out of #if conditionals.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Acked-by: David Sommerseth <dazo@users.sourceforge.net>
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
ps.c - The feat_ipv6_transport patch set modifies struct openvpn_sockaddr by
adding a union named 'addr' in commit 8335caf929.
ssl.c - A needed } and #endif had been dropped by a mistake
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Don't call SSL_CTX_set_client_CA_list or SSL_CTX_set_client_CA_list
if not running in server mode (these functions are only useful for
TLS/SSL servers).
Modified openvpn_snprintf to return false on overflow, and true
otherwise.
When AUTH_FAILED,... is received, log the full string.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7213 e7ae566f-a301-0410-adde-c780ea21d3b5
command on failure once every second for up to 15 seconds. This
is necessary to work around an issue observed on OSX 10.5 where
the ipconfig command sometimes fails if executed immediately after
the tun device open.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7151 e7ae566f-a301-0410-adde-c780ea21d3b5