mirror/openvpn
0
0
Fork 0
mirror of https://github.com/OpenVPN/openvpn.git synced 2024-09-20 12:02:28 +02:00
Code
6e5ad2fa0b
openvpn/doc
History
Steffan Karger 6e5ad2fa0b Poor man's NCP for non-NCP peers 
Allows non-NCP peers (<= 2.3, or 2.4+ with --ncp-disable) to specify a
--cipher that is different from the one in our config, as long as the new
cipher value is allowed (i.e. in --ncp-ciphers at our side).

This works both client-to-server and server-to-client.  I.e. a 2.4 client
with "cipher BF-CBC" and "ncp-ciphers AES-256-GCM:AES-256-CBC" can connect
to both a 2.3 server with "cipher BF-CBC" as well as a server with
"cipher AES-256-CBC" in its config.  The other way around, a 2.3 client
with either "cipher BF-CBC" or "cipher AES-256-CBC" can connect to a 2.4
server with e.g. "cipher BF-CBC" and "ncp-ciphers AES-256-GCM:AES-256-CBC"
in its config.

This patch was inspired by Gert's "Poor man's NCP for 2.3 clients" patch,
but takes a different approach to avoid the need for server-side scripts
or client-side 'setenv UV_*' tricks.

Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1479936104-4045-1-git-send-email-steffan@karger.me>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13218.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
2016-11-23 22:47:25 +01:00
..
doxygen Replace WIN32 by _WIN32 2016-11-15 09:38:06 +01:00
android.txt Handle DNS6 option on Android 2016-11-22 17:31:30 +01:00
keying-material-exporter.txt Added document for TLS Keying Material Exporters [RFC-5705] 2015-10-10 00:03:07 +02:00
Makefile.am build: integrate plugins build into core build 2012-06-26 11:29:02 +02:00
management-notes.txt Change the hold command to communicate the time that OpenVPN would wait to the UI. 2016-10-13 17:19:48 +02:00
openvpn.8 Poor man's NCP for non-NCP peers 2016-11-23 22:47:25 +01:00
README.plugins build: integrate plugins build into core build 2012-06-26 11:29:02 +02:00

README.plugins 

OpenVPN Plugins
---------------

Starting with OpenVPN 2.0-beta17, compiled plugin modules are
supported on any *nix OS which includes libdl or on Windows.
One or more modules may be loaded into OpenVPN using
the --plugin directive, and each plugin module is capable of
intercepting any of the script callbacks which OpenVPN supports:

(1) up
(2) down
(3) route-up
(4) ipchange
(5) tls-verify
(6) auth-user-pass-verify
(7) client-connect
(8) client-disconnect
(9) learn-address

See the openvpn-plugin.h file in the top-level directory of the
OpenVPN source distribution for more detailed information
on the plugin interface.

Included Plugins
----------------

auth-pam -- Authenticate using PAM and a split privilege
            execution model which functions even if
            root privileges or the execution environment
            have been altered with --user/--group/--chroot.
            Tested on Linux only.

down-root -- Enable the running of down scripts with root privileges
             even if --user/--group/--chroot have been used
             to drop root privileges or change the execution
             environment.  Not applicable on Windows.

examples -- A simple example that demonstrates a portable
            plugin, i.e. one which can be built for *nix
            or Windows from the same source.

Building Plugins
----------------

cd to the top-level directory of a plugin, and use the
"make" command to build it.  The examples plugin is
built using a build script, not a makefile.