mirror/openvpn
0
0
Fork 0
mirror of https://github.com/OpenVPN/openvpn.git synced 2024-09-20 12:02:28 +02:00
Code
OpenVPN is an open source VPN daemon
124 Commits 13 Branches 119 Tags 33 MiB
C 94.7%
Shell 1.7%
M4 1.4%
CMake 1.1%
Makefile 0.7%
Other 0.4%
07d19ba76c
Go to file
james 07d19ba76c Security Vulnerability -- An OpenVPN client connecting to a 
malicious or compromised server could potentially receive
"setenv" configuration directives from the server which could
cause arbitrary code execution on the client via a LD_PRELOAD
attack.  A successful attack appears to require that (a) the
client has agreed to allow the server to push configuration
directives to it by including "pull" or the macro "client" in
its configuration file, (b) the client configuration file uses
a scripting directive such as "up" or "down", (c) the client
succesfully authenticates the server, (d) the server is
malicious or has been compromised and is under the control of
the attacker, and (e) the attacker has at least some level of
pre-existing control over files on the client (this might be
accomplished by having the server respond to a client web request
with a specially crafted file).

The fix is to disallow "setenv" to be pushed to clients from
the server, and to add a new directive "setenv-safe" which is
pushable from the server, but which appends "OPENVPN_" to the
name of each remotely set environmental variable.


git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@983 e7ae566f-a301-0410-adde-c780ea21d3b5
2006-04-05 06:01:08 +00:00
contrib This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
debug This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
easy-rsa Small fixes: 2006-01-07 03:21:49 +00:00
gentoo This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
images This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
install-win32 Added patch to modify openvpn.nsi for building 2005-12-30 04:44:42 +00:00
management Added actual remote address used to the ">STATE" alert 2005-10-20 19:00:56 +00:00
pkcs11-headers Fixed some minor build issues with PKCS11 patch: 2005-10-15 12:14:56 +00:00
plugin Reverted plugin directory location. 2005-10-16 12:24:10 +00:00
sample-config-files Small fixes: 2006-01-07 03:21:49 +00:00
sample-keys Renamed sample-keys/tmp-ca.crt to ca.crt. 2005-10-01 11:10:12 +00:00
sample-scripts version 2.1_beta1 2005-09-26 07:40:02 +00:00
service-win32 Added feature to --management-client to confirm connection 2006-02-03 09:04:52 +00:00
suse This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
tap-win32 Changed tap-win32 version number in 2005-10-15 10:15:45 +00:00
.svnignore added *.rej to .svnignore 2005-10-15 04:48:36 +00:00
acinclude.m4 svn merge -r 780:820 $SO/trunk/openvpn . 2005-11-28 05:50:52 +00:00
AUTHORS This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
base64.c Added --auto-proxy directive to auto-detect HTTP or SOCKS 2005-12-12 19:46:10 +00:00
base64.h Added --auto-proxy directive to auto-detect HTTP or SOCKS 2005-12-12 19:46:10 +00:00
basic.h This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
buffer.c Added --auto-proxy directive to auto-detect HTTP or SOCKS 2005-12-12 19:46:10 +00:00
buffer.h Added --auto-proxy directive to auto-detect HTTP or SOCKS 2005-12-12 19:46:10 +00:00
ChangeLog Version 2.1_beta11 released 2006-02-19 12:17:59 +00:00
circ_list.h This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
common.h Inline file capability now works for 2005-12-08 18:29:38 +00:00
config-win32.h.in Added feature to --management-client to confirm connection 2006-02-03 09:04:52 +00:00
configure.ac Minor fixes for gcc (GCC) 4.0.2 warnings. 2006-02-23 13:14:55 +00:00
COPYING Merged PKCS#11 patch. 2005-10-13 08:38:41 +00:00
COPYRIGHT.GPL This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
crypto.c Small fixes: 2006-01-07 03:21:49 +00:00
crypto.h Fixed bug with tls-auth and key-direction parameter 2005-12-29 07:47:47 +00:00
cryptoapi.c This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
cryptoapi.h This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
cryptoki-win32.h Fixed some minor build issues with PKCS11 patch: 2005-10-15 12:14:56 +00:00
cryptoki.h Fixed some minor build issues with PKCS11 patch: 2005-10-15 12:14:56 +00:00
doclean This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
errlevel.h Port share proxy bug fixes. 2006-02-18 22:40:55 +00:00
error.c Added --port-share option for allowing OpenVPN and HTTPS 2006-02-16 18:12:24 +00:00
error.h Added --port-share option for allowing OpenVPN and HTTPS 2006-02-16 18:12:24 +00:00
event.c This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
event.h Added --port-share option for allowing OpenVPN and HTTPS 2006-02-16 18:12:24 +00:00
fdmisc.c Added --port-share option for allowing OpenVPN and HTTPS 2006-02-16 18:12:24 +00:00
fdmisc.h Added --port-share option for allowing OpenVPN and HTTPS 2006-02-16 18:12:24 +00:00
forward-inline.h This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
forward.c Added --port-share option for allowing OpenVPN and HTTPS 2006-02-16 18:12:24 +00:00
forward.h version 2.1_beta1 2005-09-26 07:40:02 +00:00
fragment.c This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
fragment.h This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
gremlin.c This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
gremlin.h This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
helper.c svn merge -r 845:854 $SO/trunk/openvpn . 2005-12-14 01:09:11 +00:00
helper.h This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
ieproxy.c First attempt at automatic proxy detection, 2005-12-08 23:10:22 +00:00
ieproxy.h First attempt at automatic proxy detection, 2005-12-08 23:10:22 +00:00
init.c Version 2.1_beta10 released 2006-02-17 07:43:32 +00:00
init.h svn merge -r 734:737 $SO/trunk/openvpn 2005-10-31 03:49:25 +00:00
INSTALL svn merge -r 854:863 $SO/trunk/openvpn 2005-12-29 02:13:30 +00:00
INSTALL-win32.txt This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
integer.h This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
interval.c This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
interval.h Reduce sensitivity to system clock instability 2005-11-12 10:59:41 +00:00
list.c This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
list.h This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
lzo.c svn merge -r 780:820 $SO/trunk/openvpn . 2005-11-28 05:50:52 +00:00
lzo.h version 2.1_beta1 2005-10-02 03:41:35 +00:00
Makefile.am Added --port-share option for allowing OpenVPN and HTTPS 2006-02-16 18:12:24 +00:00
makefile.w32 Added --auto-proxy directive to auto-detect HTTP or SOCKS 2005-12-12 19:46:10 +00:00
makefile.w32-vc Small fixes: 2006-01-07 03:21:49 +00:00
manage.c Added "bytecount" command to management interface. 2006-02-10 10:01:46 +00:00
manage.h Added "bytecount" command to management interface. 2006-02-10 10:01:46 +00:00
mbuf.c This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
mbuf.h This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
memcmp.c This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
memdbg.h This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
misc.c Security Vulnerability -- An OpenVPN client connecting to a 2006-04-05 06:01:08 +00:00
misc.h Security Vulnerability -- An OpenVPN client connecting to a 2006-04-05 06:01:08 +00:00
mroute.c svn merge -r 618:619 $SO/patches/openvpn-2-0_rc16-mh/openvpn 2005-10-15 08:44:02 +00:00
mroute.h svn merge -r 618:619 $SO/patches/openvpn-2-0_rc16-mh/openvpn 2005-10-15 08:44:02 +00:00
mss.c This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
mss.h This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
mtcp.c svn merge -r 618:619 $SO/patches/openvpn-2-0_rc16-mh/openvpn 2005-10-15 08:44:02 +00:00
mtcp.h This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
mtu.c This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
mtu.h This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
mudp.c svn merge -r 618:619 $SO/patches/openvpn-2-0_rc16-mh/openvpn 2005-10-15 08:44:02 +00:00
mudp.h This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
multi.c Reduce sensitivity to system clock instability 2005-11-12 10:59:41 +00:00
multi.h Reduce sensitivity to system clock instability 2005-11-12 10:59:41 +00:00
NEWS This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
ntlm.c This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
ntlm.h This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
occ-inline.h This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
occ.c svn merge -r 771:780 $SO/trunk/openvpn 2005-11-05 07:42:33 +00:00
occ.h This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
openvpn-plugin.h Added OPENVPN_PLUGIN_TLS_FINAL plugin callback. 2005-12-28 06:58:19 +00:00
openvpn.8 Minor fixes for gcc (GCC) 4.0.2 warnings. 2006-02-23 13:14:55 +00:00
openvpn.c Added --port-share option for allowing OpenVPN and HTTPS 2006-02-16 18:12:24 +00:00
openvpn.h --ip-win32 adaptive is now the default. 2005-12-22 18:09:40 +00:00
openvpn.spec.in Reverted plugin directory location. 2005-10-16 12:24:10 +00:00
options.c Security Vulnerability -- An OpenVPN client connecting to a 2006-04-05 06:01:08 +00:00
options.h Added --port-share option for allowing OpenVPN and HTTPS 2006-02-16 18:12:24 +00:00
otime.c Reduce sensitivity to system clock instability 2005-11-12 10:59:41 +00:00
otime.h Reduce sensitivity to system clock instability 2005-11-12 10:59:41 +00:00
packet_id.c This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
packet_id.h This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
perf.c This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
perf.h This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
ping-inline.h svn merge -r 618:619 $SO/patches/openvpn-2-0_rc16-mh/openvpn 2005-10-15 08:44:02 +00:00
ping.c Windows reliability changes: 2005-10-31 03:01:17 +00:00
ping.h This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
pkcs11-helper-config.h PKCS#11 fixes to interact with new backtrack-hardened 2005-11-12 23:06:53 +00:00
pkcs11-helper.c pkcs11 fixes. 2006-01-14 21:12:22 +00:00
pkcs11-helper.h More PKCS#11 changes. 2005-11-01 22:42:58 +00:00
pkcs11.c Minor fixes for gcc (GCC) 4.0.2 warnings. 2006-02-23 13:14:55 +00:00
pkcs11.h More PKCS#11 changes. 2005-11-01 22:42:58 +00:00
plugin.c Added OPENVPN_PLUGIN_TLS_FINAL plugin callback. 2005-12-28 06:58:19 +00:00
plugin.h Removed annoying 'i' variable from add_option. 2005-11-09 07:30:14 +00:00
pool.c svn merge -r 845:854 $SO/trunk/openvpn . 2005-12-14 01:09:11 +00:00
pool.h svn merge -r 845:854 $SO/trunk/openvpn . 2005-12-14 01:09:11 +00:00
PORTS This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
proto.c version 2.1_beta1 2005-09-26 07:40:02 +00:00
proto.h version 2.1_beta1 2005-09-26 07:40:02 +00:00
proxy.c Added --auto-proxy directive to auto-detect HTTP or SOCKS 2005-12-12 19:46:10 +00:00
proxy.h Added --auto-proxy directive to auto-detect HTTP or SOCKS 2005-12-12 19:46:10 +00:00
ps.c Minor fixes for gcc (GCC) 4.0.2 warnings. 2006-02-23 13:14:55 +00:00
ps.h Added --port-share option for allowing OpenVPN and HTTPS 2006-02-16 18:12:24 +00:00
push.c Removed annoying 'i' variable from add_option. 2005-11-09 07:30:14 +00:00
push.h Removed annoying 'i' variable from add_option. 2005-11-09 07:30:14 +00:00
README This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
reliable.c Added --port-share option for allowing OpenVPN and HTTPS 2006-02-16 18:12:24 +00:00
reliable.h Added --port-share option for allowing OpenVPN and HTTPS 2006-02-16 18:12:24 +00:00
route.c Added new option --route-method adaptive (Win32) 2005-12-22 18:55:49 +00:00
route.h Added new option --route-method adaptive (Win32) 2005-12-22 18:55:49 +00:00
schedule.c This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
schedule.h This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
session_id.c This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
session_id.h This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
shaper.c This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
shaper.h Reduce sensitivity to system clock instability 2005-11-12 10:59:41 +00:00
sig.c Added --management-client option to connect as a client to 2006-01-23 14:08:27 +00:00
sig.h Added --management-client option to connect as a client to 2006-01-23 14:08:27 +00:00
socket.c Version 2.1_beta10 released 2006-02-17 07:43:32 +00:00
socket.h Version 2.1_beta10 released 2006-02-17 07:43:32 +00:00
socks.c Added --auto-proxy directive to auto-detect HTTP or SOCKS 2005-12-12 19:46:10 +00:00
socks.h Added --auto-proxy directive to auto-detect HTTP or SOCKS 2005-12-12 19:46:10 +00:00
ssl.c Added --port-share option for allowing OpenVPN and HTTPS 2006-02-16 18:12:24 +00:00
ssl.h Added --port-share option for allowing OpenVPN and HTTPS 2006-02-16 18:12:24 +00:00
status.c This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
status.h This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
syshead.h Added --port-share option for allowing OpenVPN and HTTPS 2006-02-16 18:12:24 +00:00
t_cltsrv.sh svn merge -r 771:780 $SO/trunk/openvpn 2005-11-05 07:42:33 +00:00
t_lpback.sh svn merge -r 771:780 $SO/trunk/openvpn 2005-11-05 07:42:33 +00:00
thread.c This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
thread.h This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
tun.c --ip-win32 adaptive is now the default. 2005-12-22 18:09:40 +00:00
tun.h --ip-win32 adaptive is now the default. 2005-12-22 18:09:40 +00:00
win32.c This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
win32.h This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00

README 

OpenVPN -- A Secure tunneling daemon

Copyright (C) 2002-2005 OpenVPN Solutions LLC. This program is free software;
you can redistribute it and/or modify
it under the terms of the GNU General Public License version 2
as published by the Free Software Foundation.

*************************************************************************

For the latest version of OpenVPN, go to:

	http://openvpn.net/

To Build and Install,

	./configure
	make
	make install

or see the file INSTALL for more info.

*************************************************************************

For detailed information on OpenVPN, including examples, see the man page
  http://openvpn.net/man.html

For a sample VPN configuration, see
  http://openvpn.net/howto.html

For a description of OpenVPN's underlying protocol,
  see the file ssl.h included in the source distribution.

*************************************************************************

Other Files & Directories:

* INSTALL-win32.txt -- installation instructions
  for Windows

* configure.ac -- script to rebuild our configure
  script and makefile.

* openvpn.spec -- RPM Spec file
  To build an OpenVPN binary RPM, use the command:

	rpmbuild -tb [tarball]

  When you install the binary RPM, it will automatically
  install sample-scripts/openvpn.init (see below)

* sample-scripts/openvpn.init

  A sample init script for OpenVPN.  See the file for
  comments and additional information.

* sample-scripts/verify-cn

  A sample perl script which can be used with OpenVPN's
  --tls-verify option to provide a customized authentication
  test on embedded X509 certificate fields.

* sample-keys/

  Sample RSA keys and certificates.  DON'T USE THESE FILES
  FOR ANYTHING OTHER THAN TESTING BECAUSE THEY ARE TOTALLY INSECURE.

* sample-config-files/

  A collection of OpenVPN config files and scripts from
  the HOWTO at http://openvpn.net/howto.html

* easy-rsa/

  A simple guide to RSA key management, scripts included.
  Also see http://openvpn.net/easyrsa.html