mirror/openvpn
0
0
Fork 0
mirror of https://github.com/OpenVPN/openvpn.git synced 2024-09-20 12:02:28 +02:00
Code
OpenVPN is an open source VPN daemon
3,341 Commits 13 Branches 119 Tags 33 MiB
C 94.7%
Shell 1.7%
M4 1.4%
CMake 1.1%
Makefile 0.7%
Other 0.4%
104e4ef1e3
Go to file
Gert Doering 104e4ef1e3 DCO: require valid netbits setting for non-primary iroutes. 
The existing DCO code had extra logic for "if this is not
MR_WITH_NETBITS, set 32/128 as address length", but only for
iroute addition.  For iroute deletion, this was missing, and
subsequently iroute deletion for IPv4 host routes failed on
FreeBSD DCO (commit 3433577a99).

Iroute handling differenciates between "primary" iroutes (coming
from anm IP pool or ccd/ifconfig-push), and "non-primary" iroutes,
coming from --iroute and --iroute-ipv6 statements in per-client config.

"Primary" iroutes always use "-1" for their netbits, but since these
are not installed via DCO, this is of no concern here.  Whether these
can and should be changed needs further study on internal route
learning and cleanup.

Refactor options.c and multi.c to ensure that netbits is always set
for non-primary iroutes - and ASSERT() on this in the DCO path, so we can
find out if there might be other code violating this.

Change options.c::option_iroute() to always set netbits=32 for IPv4
host routes (options_iroute_ipv6() never differenciated).  Since
netmask_to_netbits() also insists on "-1" for host routes, change
to netmask_to_netbits2().

Remove all the extra MR_WITH_NETBITS logic from dco.c, where it should
have never appeared.

Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Kristof Provost <kprovost@netgate.com>
Acked-by: Antonio Quartulli <a@unstable.cc>
Message-Id: <20220820140124.11325-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg25044.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
2022-08-25 22:50:32 +02:00
.github Include libressl and macOS 12 to macOS github actions 2022-08-22 21:17:20 +02:00
.travis Change travis build scripts to use https when fetching prerequisites. 2020-11-24 18:01:46 +01:00
build msvc: cleanup 2022-02-08 22:08:44 +01:00
contrib vcpkg: switch to manifest 2022-05-05 15:41:23 +02:00
debug build: standard directory layout 2012-03-22 22:07:08 +01:00
dev-tools dco-win: introduce low-level code for handling ovpn-dco-win in Windows 2022-08-18 20:16:48 +02:00
distro Linux: Retain CAP_NET_ADMIN when dropping privileges 2022-08-11 11:59:08 +02:00
doc dco: add documentation for ovpn-dco-linux 2022-08-05 12:56:41 +02:00
include plugins: Remove defer/simple.c sample plugin 2022-03-15 16:38:16 +01:00
m4 Remove support for non ISO C99 vararg support 2021-03-28 16:34:42 +02:00
sample Reformat for sp_after_comma=add 2022-05-22 13:06:32 +02:00
src DCO: require valid netbits setting for non-primary iroutes. 2022-08-25 22:50:32 +02:00
tests Fix declaration of pubkeys in test_provider.c in MSVC builds 2022-08-25 22:45:25 +02:00
.git-blame-ignore-revs uncrustify: add sp_after_comma=add 2022-05-22 13:10:22 +02:00
.gitattributes cleanup: add .gitattributes to control eol style explicitly 2012-04-26 20:54:26 +02:00
.gitignore vcpkg: switch to manifest 2022-05-05 15:41:23 +02:00
.mailmap Update .mailmap to unify and clean up odd names and e-mail addresses 2016-10-18 13:46:04 +02:00
.svncommitters Added mapping files from SVN commit ID to more descriptive commit IDs. 2010-10-21 11:31:26 +02:00
.travis.yml travis: don't run t_net.sh test 2020-08-10 18:34:19 +02:00
AUTHORS This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
ChangeLog Remove outdated information from ChangeLog, point at release branches. 2022-08-10 19:01:12 +02:00
Changes.rst dco: add documentation for ovpn-dco-linux 2022-08-05 12:56:41 +02:00
compat.m4 Remove checks for uint* types that are part of C99 2021-04-07 08:30:34 +02:00
config-msvc-version.h.in msvc: fix product version display 2021-10-14 16:29:35 +02:00
config-msvc.h dco-win: introduce low-level code for handling ovpn-dco-win in Windows 2022-08-18 20:16:48 +02:00
configure.ac dco-win: introduce low-level code for handling ovpn-dco-win in Windows 2022-08-18 20:16:48 +02:00
CONTRIBUTING.rst Add git pre-commit hook script to uncrustify 2022-04-22 09:25:55 +02:00
COPYING update copyright year to 2022 2022-01-26 13:38:41 +01:00
COPYRIGHT.GPL copyright: Update GPLv2 license texts 2017-06-16 10:38:03 +02:00
INSTALL Drop support for OpenSSL 1.0.1 2020-07-20 21:40:11 +02:00
Makefile.am Get rid of README.IPv6 and TODO.IPv6 2022-02-13 11:40:20 +01:00
NEWS This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
openvpn.sln msvc: add ARM64 configuration 2021-05-10 17:54:57 +02:00
PORTS update copyright year to 2022 2022-01-26 13:38:41 +01:00
README Update copyright to include 2018 plus company name change 2018-02-01 08:29:21 +01:00
README.dco.md dco-win: add documentation to README.dco.md 2022-08-25 22:17:50 +02:00
README.ec Implement tls-groups option to specify eliptic curves/groups 2020-07-21 22:33:58 +02:00
README.mbedtls Add warning about mbed TLS licensing problem 2022-02-17 16:13:53 +01:00
README.wolfssl README.wolfssl Update 2021-03-19 15:19:31 +01:00
version.m4 Change version.m4 to 2.6_git 2020-08-12 13:00:21 +02:00
version.sh.in build: windows: install version.sh to allow installer read version 2012-03-24 00:14:23 +01:00

README 

OpenVPN -- A Secure tunneling daemon

Copyright (C) 2002-2018 OpenVPN Inc. This program is free software;
you can redistribute it and/or modify
it under the terms of the GNU General Public License version 2
as published by the Free Software Foundation.

*************************************************************************

To get the latest release of OpenVPN, go to:

	https://openvpn.net/index.php/download/community-downloads.html

To Build and Install,

	tar -zxf openvpn-<version>.tar.gz
	cd openvpn-<version>
	./configure
	make
	make install

or see the file INSTALL for more info.

*************************************************************************

For detailed information on OpenVPN, including examples, see the man page
  http://openvpn.net/man.html

For a sample VPN configuration, see
  http://openvpn.net/howto.html

To report an issue, see
  https://community.openvpn.net/openvpn/report

For a description of OpenVPN's underlying protocol,
  see the file ssl.h included in the source distribution.

*************************************************************************

Other Files & Directories:

* configure.ac -- script to rebuild our configure
  script and makefile.

* sample/sample-scripts/verify-cn

  A sample perl script which can be used with OpenVPN's
  --tls-verify option to provide a customized authentication
  test on embedded X509 certificate fields.

* sample/sample-keys/

  Sample RSA keys and certificates.  DON'T USE THESE FILES
  FOR ANYTHING OTHER THAN TESTING BECAUSE THEY ARE TOTALLY INSECURE.

* sample/sample-config-files/

  A collection of OpenVPN config files and scripts from
  the HOWTO at http://openvpn.net/howto.html

*************************************************************************

Note that easy-rsa and tap-windows are now maintained in their own subprojects.
Their source code is available here:

  https://github.com/OpenVPN/easy-rsa
  https://github.com/OpenVPN/tap-windows

The old cross-compilation environment (domake-win) and the Python-based
buildsystem have been replaced with openvpn-build:

  https://github.com/OpenVPN/openvpn-build

See the INSTALL file for usage information.