mirror/openvpn
0
0
Fork 0
mirror of https://github.com/OpenVPN/openvpn.git synced 2024-09-19 19:42:30 +02:00
Code
63ba6b27ce
openvpn/doc
History
Arne Schwabe e7d8c4a720 Implement HMAC based session id for tls-crypt v2 
Tls-crypt v2 is more complicated to implement a proper stateless
handshake. To allow state handshake this commit does

 - introduce a new packet CONTROL_WKC_V1 that repeats the wrapped
   client key.
 - introduce a way to negotiate the support for this packet in the
   three way handshake

Details about the protocol changes are in tls-crypt-v2.txt. Optional
arguments to the tls-crypt-v2 option have been added to explicitly
allow or disallow client that do not support the stateless handshake.

Signed-off-by: Arne Schwabe <arne@rfc2549.org>

Patch v3: improve grammar, style, comments, fix unit tests
Patch v4: remove explicit flag for ability to resend WKc,
          clean up comments, improve code style in some instances
Acked-by: Antonio Quartulli <antonio@openvpn.net>
Message-Id: <20220505130348.1183195-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg24287.html

Signed-off-by: Gert Doering <gert@greenie.muc.de>
2022-05-06 14:16:05 +02:00
..
doxygen Implement stateless HMAC-based sesssion-id three-way-handshake 2022-05-05 12:12:55 +02:00
man-sections Implement HMAC based session id for tls-crypt v2 2022-05-06 14:16:05 +02:00
tests sample-plugin: New plugin for testing multiple auth plugins 2022-03-15 16:29:22 +01:00
android.txt Handle DNS6 option on Android 2016-11-22 17:31:30 +01:00
gui-notes.txt Document common uses of 'echo' directive, re-enable logging for 'echo'. 2021-01-20 20:18:07 +01:00
interactive-service-notes.rst Add Interactive Service developer documentation 2018-06-09 20:14:26 +02:00
keying-material-exporter.txt Fix various spelling mistakes 2019-02-06 19:07:34 +01:00
Makefile.am doc/Makefile: rebuild rst docs if input files change 2022-02-10 08:50:59 +01:00
management-notes.txt Allow management client to announce pss padding support 2022-01-20 16:29:45 +01:00
openvpn-examples.5.rst Add detailed man page section to setup a OpenVPN setup with peer-fingerprint 2021-08-01 19:47:44 +02:00
openvpn.8.rst Move examples into openvpn-examples(5) man page 2021-07-02 11:50:11 +02:00
README.man doc/man: convert openvpn.8 to split-up .rst files 2020-07-17 11:23:18 +02:00
README.plugins build: integrate plugins build into core build 2012-06-26 11:29:02 +02:00
tls-crypt-v2.txt Implement HMAC based session id for tls-crypt v2 2022-05-06 14:16:05 +02:00

README.plugins 

OpenVPN Plugins
---------------

Starting with OpenVPN 2.0-beta17, compiled plugin modules are
supported on any *nix OS which includes libdl or on Windows.
One or more modules may be loaded into OpenVPN using
the --plugin directive, and each plugin module is capable of
intercepting any of the script callbacks which OpenVPN supports:

(1) up
(2) down
(3) route-up
(4) ipchange
(5) tls-verify
(6) auth-user-pass-verify
(7) client-connect
(8) client-disconnect
(9) learn-address

See the openvpn-plugin.h file in the top-level directory of the
OpenVPN source distribution for more detailed information
on the plugin interface.

Included Plugins
----------------

auth-pam -- Authenticate using PAM and a split privilege
            execution model which functions even if
            root privileges or the execution environment
            have been altered with --user/--group/--chroot.
            Tested on Linux only.

down-root -- Enable the running of down scripts with root privileges
             even if --user/--group/--chroot have been used
             to drop root privileges or change the execution
             environment.  Not applicable on Windows.

examples -- A simple example that demonstrates a portable
            plugin, i.e. one which can be built for *nix
            or Windows from the same source.

Building Plugins
----------------

cd to the top-level directory of a plugin, and use the
"make" command to build it.  The examples plugin is
built using a build script, not a makefile.