mirror/openvpn
0
0
Fork 0
mirror of https://github.com/OpenVPN/openvpn.git synced 2024-09-20 12:02:28 +02:00
Code
225 Commits 13 Branches 119 Tags 33 MiB
dd9f2cb7c0
Commit Graph

225 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
james
c1c27fe32a "topology subnet" fix for FreeBSD (Benoit Bourdin). 
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@986 e7ae566f-a301-0410-adde-c780ea21d3b5
 2006-04-05 06:28:19 +00:00
james
07d19ba76c Security Vulnerability -- An OpenVPN client connecting to a 
malicious or compromised server could potentially receive
"setenv" configuration directives from the server which could
cause arbitrary code execution on the client via a LD_PRELOAD
attack.  A successful attack appears to require that (a) the
client has agreed to allow the server to push configuration
directives to it by including "pull" or the macro "client" in
its configuration file, (b) the client configuration file uses
a scripting directive such as "up" or "down", (c) the client
succesfully authenticates the server, (d) the server is
malicious or has been compromised and is under the control of
the attacker, and (e) the attacker has at least some level of
pre-existing control over files on the client (this might be
accomplished by having the server respond to a client web request
with a specially crafted file).

The fix is to disallow "setenv" to be pushed to clients from
the server, and to add a new directive "setenv-safe" which is
pushable from the server, but which appends "OPENVPN_" to the
name of each remotely set environmental variable.


git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@983 e7ae566f-a301-0410-adde-c780ea21d3b5
 2006-04-05 06:01:08 +00:00
james
28549038ac Minor fixes for gcc (GCC) 4.0.2 warnings. 
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@905 e7ae566f-a301-0410-adde-c780ea21d3b5
 2006-02-23 13:14:55 +00:00
james
16eda09737 Version 2.1_beta11 released 
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@904 e7ae566f-a301-0410-adde-c780ea21d3b5
 2006-02-19 12:17:59 +00:00
james
154adc7a21 Port share proxy bug fixes. 
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@903 e7ae566f-a301-0410-adde-c780ea21d3b5
 2006-02-18 22:40:55 +00:00
james
93cb134df7 ps.c debug code 
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@902 e7ae566f-a301-0410-adde-c780ea21d3b5
 2006-02-18 16:35:21 +00:00
james
e92cee68c7 Added comments to ps.c (port share proxy code). 
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@901 e7ae566f-a301-0410-adde-c780ea21d3b5
 2006-02-18 10:33:41 +00:00
james
dc46c0676f Version 2.1_beta10 released 
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@899 e7ae566f-a301-0410-adde-c780ea21d3b5
 2006-02-17 07:43:32 +00:00
james
651a01f913 Version 2.1_beta9 released 
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@896 e7ae566f-a301-0410-adde-c780ea21d3b5
 2006-02-16 18:35:22 +00:00
james
6117b639d3 svn merge -r 888:889 https://svn.openvpn.net/projects/openvpn/contrib/alon/BETA21 21 
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@894 e7ae566f-a301-0410-adde-c780ea21d3b5
 2006-02-16 18:17:32 +00:00
james
6add6b2fe7 Added --port-share option for allowing OpenVPN and HTTPS 
server to share the same port number.


git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@893 e7ae566f-a301-0410-adde-c780ea21d3b5
 2006-02-16 18:12:24 +00:00
james
34a507c9ab Added "bytecount" command to management interface. 
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@887 e7ae566f-a301-0410-adde-c780ea21d3b5
 2006-02-10 10:01:46 +00:00
james
8d33c06028 Added feature to --management-client to confirm connection 
by writing IP addr and port to a file.


git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@885 e7ae566f-a301-0410-adde-c780ea21d3b5
 2006-02-03 09:04:52 +00:00
james
4f404ad36d Added --management-client option to connect as a client to 
management GUI app rather than be connected to as a server.


git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@884 e7ae566f-a301-0410-adde-c780ea21d3b5
 2006-01-23 14:08:27 +00:00
james
49eb050d55 pkcs11 fixes. 
svn merge -r 879:881 https://svn.openvpn.net/projects/openvpn/contrib/alon/BETA21/openvpn .


git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@882 e7ae566f-a301-0410-adde-c780ea21d3b5
 2006-01-14 21:12:22 +00:00
james
513baee13d Small fixes: 
* Fixed variable declaration in crypto.c that is not at
  the head of a block.
* Added library to Visual C makefile.
* In server.conf config sample, add additional comment
  text on "dev tap" usage.
* Added some short documentation on revoke-full script.


git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@877 e7ae566f-a301-0410-adde-c780ea21d3b5
 2006-01-07 03:21:49 +00:00
james
b366a1ff29 Version 2.1_beta8 released 
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@874 e7ae566f-a301-0410-adde-c780ea21d3b5
 2006-01-03 09:46:04 +00:00
james
296eddd8f6 incremented version number to 2.1_beta7b 
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@872 e7ae566f-a301-0410-adde-c780ea21d3b5
 2006-01-03 03:03:24 +00:00
james
183f592033 Added patch to modify openvpn.nsi for building 
a turnkey installer.


git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@866 e7ae566f-a301-0410-adde-c780ea21d3b5
 2005-12-30 04:44:42 +00:00
james
e5d281cf2f Fixed bug with tls-auth and key-direction parameter 
which was introduced in r844.


git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@865 e7ae566f-a301-0410-adde-c780ea21d3b5
 2005-12-29 07:47:47 +00:00
james
cbc0dada77 svn merge -r 854:863 $SO/trunk/openvpn 
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@864 e7ae566f-a301-0410-adde-c780ea21d3b5
 2005-12-29 02:13:30 +00:00
james
d92819fa1a Added OPENVPN_PLUGIN_TLS_FINAL plugin callback. 
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@862 e7ae566f-a301-0410-adde-c780ea21d3b5
 2005-12-28 06:58:19 +00:00
james
1147885939 Minor ChangeLog edit. 
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@861 e7ae566f-a301-0410-adde-c780ea21d3b5
 2005-12-23 17:34:46 +00:00
james
51b1d4c2b0 Some PKCS11-related code wasn't properly #ifdefed. 
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@860 e7ae566f-a301-0410-adde-c780ea21d3b5
 2005-12-23 17:29:22 +00:00
james
33e81c4841 Man page and usage message changes to reflect 
--ip-win32 adaptive and --route-method adaptive.


git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@859 e7ae566f-a301-0410-adde-c780ea21d3b5
 2005-12-22 19:50:48 +00:00
james
6215931bff Added new option --route-method adaptive (Win32) 
which tries IP helper API first, then falls back to
route.exe.
Made --route-method adaptive the default.


git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@858 e7ae566f-a301-0410-adde-c780ea21d3b5
 2005-12-22 18:55:49 +00:00
james
a9c802b2a3 --ip-win32 adaptive is now the default. 
--ip-win32 netsh (or --ip-win32 adaptive when in netsh
mode) can now set DNS/WINS addresses on the TAP-Win32
adapter.


git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@857 e7ae566f-a301-0410-adde-c780ea21d3b5
 2005-12-22 18:09:40 +00:00
james
a67724cb6d Fixed bug in automatic Win32 PATH setting code. 
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@856 e7ae566f-a301-0410-adde-c780ea21d3b5
 2005-12-17 22:23:28 +00:00
james
92bbb061ac svn merge -r 845:854 $SO/trunk/openvpn . 
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@855 e7ae566f-a301-0410-adde-c780ea21d3b5
 2005-12-14 01:09:11 +00:00
james
6d89ede657 Don't warn user if he uses user/group/chroot and 
did not specify persist-key but uses PKCS#11.

svn merge -r 847:848 https://svn.openvpn.net/projects/openvpn/contrib/alon/BETA21/openvpn .


git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@853 e7ae566f-a301-0410-adde-c780ea21d3b5
 2005-12-13 19:41:07 +00:00
james
f214bb2115 Added --auto-proxy directive to auto-detect HTTP or SOCKS 
proxy settings (currently Windows only).


git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@850 e7ae566f-a301-0410-adde-c780ea21d3b5
 2005-12-12 19:46:10 +00:00
james
df5722cc68 First attempt at automatic proxy detection, 
Windows-only at this point.  Proxy settings
are taken from IE.


git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@846 e7ae566f-a301-0410-adde-c780ea21d3b5
 2005-12-08 23:10:22 +00:00
james
c959fc742e Inline file capability now works for 
--secret and --tls-auth.  For example:

<secret>
[ascii key data]
</secret>


git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@844 e7ae566f-a301-0410-adde-c780ea21d3b5
 2005-12-08 18:29:38 +00:00
james
e1447acc97 Fixed some gcc 4 warnings in misc.c. 
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@843 e7ae566f-a301-0410-adde-c780ea21d3b5
 2005-12-08 15:36:27 +00:00
james
bed73623cd Fixed segfault that occurred if remote_cert_eku is undefined and no 
server certificate verification method was enabled.
Don't declare pkcs11 variables in struct options unless pkcs11
support is enabled.


git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@833 e7ae566f-a301-0410-adde-c780ea21d3b5
 2005-12-05 04:00:00 +00:00
james
6d5d1010bc Patch to support --topology subnet on Mac OS X (Mathias Sundman). 
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@832 e7ae566f-a301-0410-adde-c780ea21d3b5
 2005-12-05 01:21:49 +00:00
james
5acb3a79ae svn merge -r 780:820 $SO/trunk/openvpn . 
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@828 e7ae566f-a301-0410-adde-c780ea21d3b5
 2005-11-28 05:50:52 +00:00
james
027a87ceed svn merge -r 823:825 $SO/contrib/alon/BETA21/openvpn . 
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@827 e7ae566f-a301-0410-adde-c780ea21d3b5
 2005-11-28 05:09:54 +00:00
james
a17f69699e Modified nonblocking connect code so that this works as it should: 
./openvpn --dev tap --proto tcp-client --verb 4 --remote [Black-Hole-IP-Addr] --connect-retry-max 1 --remap-usr1 SIGTERM


git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@826 e7ae566f-a301-0410-adde-c780ea21d3b5
 2005-11-28 04:59:19 +00:00
james
1ae9d05173 Added --connect-timeout option to control the timeout 
on TCP client connection attempts (doesn't work on all
OSes).  This patch also makes OpenVPN signalable during
TCP connection attempts.


git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@823 e7ae566f-a301-0410-adde-c780ea21d3b5
 2005-11-25 00:05:56 +00:00
james
d5badcf116 --remap-usr1 will now also remap signals thrown during initialization. 
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@822 e7ae566f-a301-0410-adde-c780ea21d3b5
 2005-11-24 18:44:57 +00:00
james
0f4ab65425 Fixed minor man page formatting issue. 
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@821 e7ae566f-a301-0410-adde-c780ea21d3b5
 2005-11-24 18:25:38 +00:00
james
a89295751f Merged PKCS11 changes from Alon: 
svn merge -r 813:814 $SO/contrib/alon/BETA21/openvpn .


git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@816 e7ae566f-a301-0410-adde-c780ea21d3b5
 2005-11-19 01:48:58 +00:00
james
b5e8bfc551 Version 2.1_beta7 released 
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@806 e7ae566f-a301-0410-adde-c780ea21d3b5
 2005-11-13 01:35:45 +00:00
james
d31f9fd263 For Windows, set ip-win32 default back to dynamic. 
To use new adaptive mode, set explicitly.


git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@805 e7ae566f-a301-0410-adde-c780ea21d3b5
 2005-11-12 23:11:18 +00:00
james
e78206c0c1 PKCS#11 fixes to interact with new backtrack-hardened 
openvpn_time function.
svn merge -r 802:803 $SO/contrib/alon/BETA21/openvpn .


git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@804 e7ae566f-a301-0410-adde-c780ea21d3b5
 2005-11-12 23:06:53 +00:00
james
0475d17e1c Reduce sensitivity to system clock instability 
and backtracks.


git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@799 e7ae566f-a301-0410-adde-c780ea21d3b5
 2005-11-12 10:59:41 +00:00
james
f19f12c8b9 Fixed minor typos in --remote-cert-* documentation. 
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@798 e7ae566f-a301-0410-adde-c780ea21d3b5
 2005-11-12 08:36:00 +00:00
james
411e89ae6f Merged --remote-cert-ku, --remote-cert-eku, and 
--remote-cert-tls from Alon's branch:
svn merge -r 793:796 $SO/contrib/alon/BETA21/openvpn .


git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@797 e7ae566f-a301-0410-adde-c780ea21d3b5
 2005-11-12 08:26:57 +00:00
james
9423103dab Backed out change to update_time to handle time 
backtracks.  Will reimplement as a more comprehensive
patch.


git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@790 e7ae566f-a301-0410-adde-c780ea21d3b5
 2005-11-09 21:13:57 +00:00