mirror of
https://github.com/OpenVPN/openvpn.git
synced 2024-09-20 12:02:28 +02:00
1308ccec9f
OpenVPN shipped a small packet filtering tool called PF. It has never been straightforward as it required a plugin to work. On top of that, keeping PF support, makes the code more complicated and increases the maintenance cost of OpenVPN. PF itself is not actually maintained at all and there is little motivation in keeping it alive. Some years ago an IPv6 extension for PF was proposed, but it was never picked up for the reasons above. External (and more appropriate) tools can still be used to implement packet filtering on the OpenVPN interface. Drop PF support for good. Note that IDs used for external communication (i.e. to the plugin or management interface) have been commented out, but not removed, as they should not be used in the future. v2: * changed // to /* */ * changed "NOT IMPLEMENTED" to "REMOVED FEATURE" * removed extra empty lines after removing ifdef blocks * clarified on IRC that tls_final has to be removed and therefore that hunk is correct * removed mi_prefix() function as it is now unused Cc: Arne Schwabe <arne@rfc2549.org> Signed-off-by: Antonio Quartulli <a@unstable.cc> Acked-by: Arne Schwabe <arne@rfc2549.org> Message-Id: <20210827190014.12640-1-a@unstable.cc> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg22780.html Signed-off-by: Gert Doering <gert@greenie.muc.de> |
||
|---|---|---|
| .. | ||
| doxygen | ||
| man-sections | ||
| android.txt | ||
| gui-notes.txt | ||
| interactive-service-notes.rst | ||
| keying-material-exporter.txt | ||
| Makefile.am | ||
| management-notes.txt | ||
| openvpn-examples.5.rst | ||
| openvpn.8.rst | ||
| README.man | ||
| README.plugins | ||
| tls-crypt-v2.txt | ||
OpenVPN Plugins
---------------
Starting with OpenVPN 2.0-beta17, compiled plugin modules are
supported on any *nix OS which includes libdl or on Windows.
One or more modules may be loaded into OpenVPN using
the --plugin directive, and each plugin module is capable of
intercepting any of the script callbacks which OpenVPN supports:
(1) up
(2) down
(3) route-up
(4) ipchange
(5) tls-verify
(6) auth-user-pass-verify
(7) client-connect
(8) client-disconnect
(9) learn-address
See the openvpn-plugin.h file in the top-level directory of the
OpenVPN source distribution for more detailed information
on the plugin interface.
Included Plugins
----------------
auth-pam -- Authenticate using PAM and a split privilege
execution model which functions even if
root privileges or the execution environment
have been altered with --user/--group/--chroot.
Tested on Linux only.
down-root -- Enable the running of down scripts with root privileges
even if --user/--group/--chroot have been used
to drop root privileges or change the execution
environment. Not applicable on Windows.
examples -- A simple example that demonstrates a portable
plugin, i.e. one which can be built for *nix
or Windows from the same source.
Building Plugins
----------------
cd to the top-level directory of a plugin, and use the
"make" command to build it. The examples plugin is
built using a build script, not a makefile.