mirror of
https://github.com/OpenVPN/openvpn.git
synced 2024-09-20 12:02:28 +02:00
1308ccec9f
OpenVPN shipped a small packet filtering tool called PF. It has never been straightforward as it required a plugin to work. On top of that, keeping PF support, makes the code more complicated and increases the maintenance cost of OpenVPN. PF itself is not actually maintained at all and there is little motivation in keeping it alive. Some years ago an IPv6 extension for PF was proposed, but it was never picked up for the reasons above. External (and more appropriate) tools can still be used to implement packet filtering on the OpenVPN interface. Drop PF support for good. Note that IDs used for external communication (i.e. to the plugin or management interface) have been commented out, but not removed, as they should not be used in the future. v2: * changed // to /* */ * changed "NOT IMPLEMENTED" to "REMOVED FEATURE" * removed extra empty lines after removing ifdef blocks * clarified on IRC that tls_final has to be removed and therefore that hunk is correct * removed mi_prefix() function as it is now unused Cc: Arne Schwabe <arne@rfc2549.org> Signed-off-by: Antonio Quartulli <a@unstable.cc> Acked-by: Arne Schwabe <arne@rfc2549.org> Message-Id: <20210827190014.12640-1-a@unstable.cc> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg22780.html Signed-off-by: Gert Doering <gert@greenie.muc.de> |
||
---|---|---|
.. | ||
doxygen | ||
man-sections | ||
android.txt | ||
gui-notes.txt | ||
interactive-service-notes.rst | ||
keying-material-exporter.txt | ||
Makefile.am | ||
management-notes.txt | ||
openvpn-examples.5.rst | ||
openvpn.8.rst | ||
README.man | ||
README.plugins | ||
tls-crypt-v2.txt |
OpenVPN Plugins --------------- Starting with OpenVPN 2.0-beta17, compiled plugin modules are supported on any *nix OS which includes libdl or on Windows. One or more modules may be loaded into OpenVPN using the --plugin directive, and each plugin module is capable of intercepting any of the script callbacks which OpenVPN supports: (1) up (2) down (3) route-up (4) ipchange (5) tls-verify (6) auth-user-pass-verify (7) client-connect (8) client-disconnect (9) learn-address See the openvpn-plugin.h file in the top-level directory of the OpenVPN source distribution for more detailed information on the plugin interface. Included Plugins ---------------- auth-pam -- Authenticate using PAM and a split privilege execution model which functions even if root privileges or the execution environment have been altered with --user/--group/--chroot. Tested on Linux only. down-root -- Enable the running of down scripts with root privileges even if --user/--group/--chroot have been used to drop root privileges or change the execution environment. Not applicable on Windows. examples -- A simple example that demonstrates a portable plugin, i.e. one which can be built for *nix or Windows from the same source. Building Plugins ---------------- cd to the top-level directory of a plugin, and use the "make" command to build it. The examples plugin is built using a build script, not a makefile.