mirror/openvpn
0
0
Fork 0
mirror of https://github.com/OpenVPN/openvpn.git synced 2024-09-20 12:02:28 +02:00
Code
OpenVPN is an open source VPN daemon
489 Commits 13 Branches 119 Tags 33 MiB
C 94.7%
Shell 1.7%
M4 1.4%
CMake 1.1%
Makefile 0.7%
Other 0.4%
0db046f253
Go to file
James Yonan 0db046f253 Added "auth-token" client directive, which is intended to be 
pushed by server, and that is used to offer a temporary session
token to clients that can be used in place of a password on
subsequent credential challenges.

This accomplishes the security benefit of preventing caching
of the real password while offering most of the advantages
of password caching, i.e. not forcing the user to re-enter
credentials for every TLS renegotiation or network hiccup.

auth-token does two things:

1. if password caching is enabled, the token replaces the
   previous password, and

2. if the management interface is active, the token is output
   to it:

     >PASSWORD:Auth-Token:<token>

Also made a minor change to HALT/RESTART processing when password
caching is enabled.  When client receives a HALT or RESTART message,
and if the message text contains a flags block (i.e. [FFF]:message),
if flag 'P' (preserve auth) is present in flags, don't purge the Auth
password.  Otherwise do purge the Auth password.

Version 2.1.3o


git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7088 e7ae566f-a301-0410-adde-c780ea21d3b5
2011-04-26 22:29:11 +02:00
contrib Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
debug Change to doval valgrind script. The openvpn command parameter is now 2009-10-25 15:44:28 +00:00
easy-rsa Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
images Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
install-win32 Attempt to fix issue where domake-win build system was not properly 2010-08-20 20:24:42 +00:00
management Added the ability for the server to provide a custom reason string 2009-09-29 23:10:14 +00:00
msvc Updated MSVC build scripts to Visual Studio 2008: 2010-03-31 06:38:21 +00:00
plugin Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
sample-config-files Added "--server-bridge" (without parameters) to enable 2008-08-02 08:02:53 +00:00
sample-keys Renamed sample-keys/tmp-ca.crt to ca.crt. 2005-10-01 11:10:12 +00:00
sample-scripts version 2.1_beta1 2005-09-26 07:40:02 +00:00
service-win32 Windows security issue: 2010-08-15 21:53:00 +00:00
suse This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
tap-win32 Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
win win/sign.py now accepts an optional tap-dir argument. 2011-04-26 22:29:11 +02:00
.svnignore Updated MSVC build scripts to Visual Studio 2008: 2010-03-31 06:38:21 +00:00
acinclude.m4 Moved branch into official BETA21 position. 2008-05-12 20:31:43 +00:00
AUTHORS This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
base64.c Misc fixes to r6708. 2010-12-13 09:27:08 +00:00
base64.h Added "management-external-key" option. This option can be used 2010-12-09 11:21:04 +00:00
basic.h Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
buffer.c Added "management-external-key" option. This option can be used 2010-12-09 11:21:04 +00:00
buffer.h Fixed an issue where application payload transmissions on the 2010-07-27 07:10:01 +00:00
ChangeLog Windows security issue: 2010-08-15 21:53:00 +00:00
circ_list.h Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
clinat.c Added "client-nat" option for stateless, one-to-one 2011-02-18 17:48:25 +00:00
clinat.h Added "client-nat" option for stateless, one-to-one 2011-02-18 17:48:25 +00:00
common.h Client will now try to reconnect if no push reply received 2011-04-26 22:29:11 +02:00
config-win32.h Minor fixes to recent HTTP proxy changes: 2010-05-11 19:47:03 +00:00
configure.ac Added --enable-lzo-stub configure option to build an OpenVPN client without LZO, but that has limited interoperability with LZO-enabled servers. 2011-04-25 22:12:03 +02:00
COPYING Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
COPYRIGHT.GPL This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
crypto.c Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
crypto.h Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
cryptoapi.c Fixed issue introduced in r4475 (2.1-rc17) where cryptoapi.c change 2009-06-07 06:44:11 +00:00
cryptoapi.h This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
dhcp.c Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
dhcp.h Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
doclean Minor change to doclean script: 2010-04-17 02:23:50 +00:00
domake-win Updated Windows build scripts to package openssl-0.9.8k, 2009-05-13 13:36:23 +00:00
doval Change to doval valgrind script. The openvpn command parameter is now 2009-10-25 15:44:28 +00:00
dovalns Updated version to 2.1_rc7e. 2008-06-11 08:45:09 +00:00
errlevel.h Reduce log verbosity at level 3, with a focus on removing excessive log verbosity generated by port-share activity. 2011-04-25 22:13:45 +02:00
error.c Added optional journal directory argument to "port-share" directive, for reporting client IP origins of proxied connections. 2011-04-25 22:13:22 +02:00
error.h Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
event.c Added optional journal directory argument to "port-share" directive, for reporting client IP origins of proxied connections. 2011-04-25 22:13:22 +02:00
event.h Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
fdmisc.c Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
fdmisc.h Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
forward-inline.h Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
forward.c Added "auth-token" client directive, which is intended to be 2011-04-26 22:29:11 +02:00
forward.h Added "client-nat" option for stateless, one-to-one 2011-02-18 17:48:25 +00:00
fragment.c Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
fragment.h Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
gremlin.c Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
gremlin.h Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
helper.c Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
helper.h Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
httpdigest.c Minor fixes to recent HTTP proxy changes: 2010-05-11 19:47:03 +00:00
httpdigest.h Minor fixes to recent HTTP proxy changes: 2010-05-11 19:47:03 +00:00
ieproxy.c Moved branch into official BETA21 position. 2008-05-12 20:31:43 +00:00
ieproxy.h Removed spurious executable propset from 2006-06-26 01:35:18 +00:00
init.c Added "auth-token" client directive, which is intended to be 2011-04-26 22:29:11 +02:00
init.h Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
INSTALL Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
INSTALL-win32.txt VERSION 2.1_rc5 2008-01-23 21:08:22 +00:00
integer.h Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
interval.c Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
interval.h Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
list.c Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
list.h Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
lladdr.c Completely revamped the system for calling external programs and scripts: 2008-07-26 07:27:03 +00:00
lladdr.h Added --lladdr option to specify the link layer (MAC) address 2006-04-13 21:09:04 +00:00
lzo.c Reduce log verbosity at level 3, with a focus on removing excessive log verbosity generated by port-share activity. 2011-04-25 22:13:45 +02:00
lzo.h Added --enable-lzo-stub configure option to build an OpenVPN client without LZO, but that has limited interoperability with LZO-enabled servers. 2011-04-25 22:12:03 +02:00
Makefile.am Added "client-nat" option for stateless, one-to-one 2011-02-18 17:48:25 +00:00
manage.c Added "auth-token" client directive, which is intended to be 2011-04-26 22:29:11 +02:00
manage.h Added "auth-token" client directive, which is intended to be 2011-04-26 22:29:11 +02:00
mbuf.c Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
mbuf.h Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
memcmp.c Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
memdbg.h Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
misc.c Added "auth-token" client directive, which is intended to be 2011-04-26 22:29:11 +02:00
misc.h Added "auth-token" client directive, which is intended to be 2011-04-26 22:29:11 +02:00
mroute.c Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
mroute.h Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
mss.c Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
mss.h Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
mtcp.c Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
mtcp.h Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
mtu.c Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
mtu.h Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
mudp.c Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
mudp.h Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
multi.c Extended "client-kill" management interface command (server-side) 2011-04-26 22:29:11 +02:00
multi.h Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
NEWS This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
ntlm.c Added "management-external-key" option. This option can be used 2010-12-09 11:21:04 +00:00
ntlm.h This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
occ-inline.h Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
occ.c Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
occ.h Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
openvpn-plugin.h Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
openvpn.8 Added optional journal directory argument to "port-share" directive, for reporting client IP origins of proxied connections. 2011-04-25 22:13:22 +02:00
openvpn.c Implemented http-proxy-override and http-proxy-fallback directives to make it 2010-05-24 22:51:16 +00:00
openvpn.h Client will now try to reconnect if no push reply received 2011-04-26 22:29:11 +02:00
openvpn.spec.in Fixed some breakage in openvpn.spec (which is required to build an 2009-12-11 23:44:34 +00:00
options.c Added "auth-token" client directive, which is intended to be 2011-04-26 22:29:11 +02:00
options.h Added optional journal directory argument to "port-share" directive, for reporting client IP origins of proxied connections. 2011-04-25 22:13:22 +02:00
otime.c Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
otime.h Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
packet_id.c Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
packet_id.h Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
perf.c Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
perf.h Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
pf-inline.h Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
pf.c Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
pf.h Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
ping-inline.h Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
ping.c Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
ping.h Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
pkcs11.c Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
pkcs11.h Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
plugin.c Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
plugin.h Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
pool.c Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
pool.h Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
PORTS Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
proto.c Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
proto.h Added "client-nat" option for stateless, one-to-one 2011-02-18 17:48:25 +00:00
proxy.c Fixed issue where bad creds provided by the management interface 2010-06-10 03:17:21 +00:00
proxy.h Implemented http-proxy-override and http-proxy-fallback directives to make it 2010-05-24 22:51:16 +00:00
ps.c Fixed bug introduced in r7031 that might cause this error message: 2011-04-26 22:29:11 +02:00
ps.h Added optional journal directory argument to "port-share" directive, for reporting client IP origins of proxied connections. 2011-04-25 22:13:22 +02:00
push.c Added "auth-token" client directive, which is intended to be 2011-04-26 22:29:11 +02:00
push.h Extended "client-kill" management interface command (server-side) 2011-04-26 22:29:11 +02:00
pushlist.h Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
README Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
reliable.c Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
reliable.h Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
route.c Fixes to r6925. 2011-02-14 05:20:23 +00:00
route.h Implemented a key/value auth channel from client to server. 2010-06-01 07:12:27 +00:00
schedule.c Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
schedule.h Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
session_id.c Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
session_id.h Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
shaper.c Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
shaper.h Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
sig.c Misc fixes to r6708. 2010-12-13 09:27:08 +00:00
sig.h Misc fixes to r6708. 2010-12-13 09:27:08 +00:00
socket.c Reduce log verbosity at level 3, with a focus on removing excessive log verbosity generated by port-share activity. 2011-04-25 22:13:45 +02:00
socket.h Added --proto-force directive. 2010-09-01 06:04:29 +00:00
socks.c Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
socks.h Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
sources Incremented version to 2.1_rc7d. 2008-06-04 05:16:44 +00:00
ssl.c Added "auth-token" client directive, which is intended to be 2011-04-26 22:29:11 +02:00
ssl.h Added "auth-token" client directive, which is intended to be 2011-04-26 22:29:11 +02:00
status.c Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
status.h Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
syshead.h Added --enable-lzo-stub configure option to build an OpenVPN client without LZO, but that has limited interoperability with LZO-enabled servers. 2011-04-25 22:12:03 +02:00
t_cltsrv-down.sh Updated openvpn/t_cltsrv.sh (used by "make check") to conform to new 2008-08-10 18:49:28 +00:00
t_cltsrv.sh Updated openvpn/t_cltsrv.sh (used by "make check") to conform to new 2008-08-10 18:49:28 +00:00
t_lpback.sh svn merge -r 771:780 $SO/trunk/openvpn 2005-11-05 07:42:33 +00:00
thread.c Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
thread.h Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
tun.c Minor addition of logging info before and after 2010-12-10 21:17:36 +00:00
tun.h Added --register-dns option for Windows. 2010-07-16 18:01:11 +00:00
version.m4 Added "auth-token" client directive, which is intended to be 2011-04-26 22:29:11 +02:00
win32.c Added --register-dns option for Windows. 2010-07-16 18:01:11 +00:00
win32.h Added "net stop dnscache" and "net start dnscache" in front 2010-07-27 21:46:34 +00:00

README 

OpenVPN -- A Secure tunneling daemon

Copyright (C) 2002-2010 OpenVPN Technologies, Inc. This program is free software;
you can redistribute it and/or modify
it under the terms of the GNU General Public License version 2
as published by the Free Software Foundation.

*************************************************************************

For the latest version of OpenVPN, go to:

	http://openvpn.net/

To Build and Install,

	./configure
	make
	make install

or see the file INSTALL for more info.

*************************************************************************

For detailed information on OpenVPN, including examples, see the man page
  http://openvpn.net/man.html

For a sample VPN configuration, see
  http://openvpn.net/howto.html

For a description of OpenVPN's underlying protocol,
  see the file ssl.h included in the source distribution.

*************************************************************************

Other Files & Directories:

* INSTALL-win32.txt -- installation instructions
  for Windows

* configure.ac -- script to rebuild our configure
  script and makefile.

* openvpn.spec -- RPM Spec file
  To build an OpenVPN binary RPM, use the command:

	rpmbuild -tb [tarball]

  When you install the binary RPM, it will automatically
  install sample-scripts/openvpn.init (see below)

* sample-scripts/openvpn.init

  A sample init script for OpenVPN.  See the file for
  comments and additional information.

* sample-scripts/verify-cn

  A sample perl script which can be used with OpenVPN's
  --tls-verify option to provide a customized authentication
  test on embedded X509 certificate fields.

* sample-keys/

  Sample RSA keys and certificates.  DON'T USE THESE FILES
  FOR ANYTHING OTHER THAN TESTING BECAUSE THEY ARE TOTALLY INSECURE.

* sample-config-files/

  A collection of OpenVPN config files and scripts from
  the HOWTO at http://openvpn.net/howto.html

* easy-rsa/

  A simple guide to RSA key management, scripts included.
  Also see http://openvpn.net/easyrsa.html