mirror/openvpn
0
0
Fork 0
mirror of https://github.com/OpenVPN/openvpn.git synced 2024-09-20 03:52:28 +02:00
Code
OpenVPN is an open source VPN daemon
2,812 Commits 13 Branches 119 Tags 33 MiB
C 94.7%
Shell 1.7%
M4 1.4%
CMake 1.1%
Makefile 0.7%
Other 0.4%
b0bff55901
Go to file
Gert Doering b0bff55901 Require at least 100MB of mlock()-able memory if --mlock is used. 
If --mlock is used, the amount of memory OpenVPN can use is guarded
by the RLIMIT_MEMLOCK value (see mlockall(2)).  The OS default for this
is usually 64 Kbyte, which is enough for OpenVPN to initialize, but
as soon as the first TLS handshake comes it, OpenVPN will crash due
to "ouf of memory", and might even end up in a crash loop.

Steady-state OpenVPN requires between 8 MB and 30-50 MB (servers with
many concurrent clients) of memory.  TLS renegotiation with EC keys
requires up to 90 MB of transient memory.

So: with this patch, we check if getrlimit() is available, and if yes,
log the amount of mlock'able memory.  If the amount is below 100 MB,
which is an arbitrary value "large enough for most smaller deployments",
we try to increase the limits to 100 MB, and abort if this fails.

v2:
  change arbitrary number to 100 MB, introduce #define for it
  not only check but also increase with setrlimit()
  uncrustify fixes

v3:
  OpenSolaris has mlockall() and getrlimit(), but no RLIMIT_MEMLOCK -
    make code conditional on HAVE_GETRLIMIT *and* RLIMIT_MEMLOCK
  add Changes.rst entry

Trac: #1390

Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Selva Nair <selva.nair@gmail.com>
Message-Id: <20210310124808.14741-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg21657.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
2021-03-11 17:42:59 +01:00
.github github: Add PR template with contributor related information 2017-02-06 11:26:05 +01:00
.travis Change travis build scripts to use https when fetching prerequisites. 2020-11-24 18:01:46 +01:00
build win: support for Visual Studio 2017 2018-10-01 08:16:29 +02:00
contrib Update copyright to include 2018 plus company name change 2018-02-01 08:29:21 +01:00
debug build: standard directory layout 2012-03-22 22:07:08 +01:00
dev-tools uncrustify openvpn/ sources 2018-12-12 13:43:17 +01:00
distro cleanup: Remove RPM openvpn.spec build approach 2019-02-28 16:54:02 +01:00
doc Require at least 100MB of mlock()-able memory if --mlock is used. 2021-03-11 17:42:59 +01:00
include Allow pending auth to be send from a auth plugin 2021-03-10 15:09:13 +01:00
m4 Fix various spelling mistakes 2019-02-06 19:07:34 +01:00
sample Explain structver usage in sample defer plugin. 2021-02-03 11:25:07 +01:00
src Require at least 100MB of mlock()-able memory if --mlock is used. 2021-03-11 17:42:59 +01:00
tests Refactor extract_var_peer_info into standalone function and add ssl_util.c 2021-03-10 10:40:18 +01:00
.git-blame-ignore-revs Add c1ff8f247f (engine, pool, SSO) to .git-blame-ignore-revs 2020-06-26 15:03:39 +02:00
.gitattributes cleanup: add .gitattributes to control eol style explicitly 2012-04-26 20:54:26 +02:00
.gitignore doc/man: convert openvpn.8 to split-up .rst files 2020-07-17 11:23:18 +02:00
.mailmap Update .mailmap to unify and clean up odd names and e-mail addresses 2016-10-18 13:46:04 +02:00
.svncommitters Added mapping files from SVN commit ID to more descriptive commit IDs. 2010-10-21 11:31:26 +02:00
.travis.yml travis: don't run t_net.sh test 2020-08-10 18:34:19 +02:00
AUTHORS This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
ChangeLog Update copyright to include 2018 plus company name change 2018-02-01 08:29:21 +01:00
Changes.rst Require at least 100MB of mlock()-able memory if --mlock is used. 2021-03-11 17:42:59 +01:00
compat.m4 copyright: Update GPLv2 license texts 2017-06-16 10:38:03 +02:00
config-msvc-version.h.in Fix Building Using MSVC 2017-03-16 08:55:33 +01:00
config-msvc.h Remove --disable-def-auth configure argument 2020-10-24 22:03:41 +02:00
configure.ac Require at least 100MB of mlock()-able memory if --mlock is used. 2021-03-11 17:42:59 +01:00
CONTRIBUTING.rst Update CONTRIBUTING.rst to allow GitHub PRs for code review purposes 2016-05-19 11:22:50 +02:00
COPYING Update copyright to include 2018 plus company name change 2018-02-01 08:29:21 +01:00
COPYRIGHT.GPL copyright: Update GPLv2 license texts 2017-06-16 10:38:03 +02:00
INSTALL Drop support for OpenSSL 1.0.1 2020-07-20 21:40:11 +02:00
Makefile.am Merge Makefile.am's AUTOMAKE_OPTIONS into configure.ac's AM_INIT_AUTOMAKE. 2020-07-17 23:10:31 +02:00
msvc-build.bat win: support for Visual Studio 2017 2018-10-01 08:16:29 +02:00
msvc-dev.bat win: support for Visual Studio 2017 2018-10-01 08:16:29 +02:00
msvc-env.bat win: support for Visual Studio 2017 2018-10-01 08:16:29 +02:00
NEWS This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
openvpn.sln Introduce tapctl.exe utility and openvpnmsica.dll MSI CA 2019-01-17 15:31:18 +01:00
PORTS Update copyright to include 2018 plus company name change 2018-02-01 08:29:21 +01:00
README Update copyright to include 2018 plus company name change 2018-02-01 08:29:21 +01:00
README.ec Implement tls-groups option to specify eliptic curves/groups 2020-07-21 22:33:58 +02:00
README.IPv6 Update IPv6 related readme files 2014-01-03 16:01:12 +01:00
README.mbedtls docs: Replace all PolarSSL references to mbed TLS 2017-09-06 23:42:55 +02:00
TODO.IPv6 Fix various spelling mistakes 2019-02-06 19:07:34 +01:00
version.m4 Change version.m4 to 2.6_git 2020-08-12 13:00:21 +02:00
version.sh.in build: windows: install version.sh to allow installer read version 2012-03-24 00:14:23 +01:00

README 

OpenVPN -- A Secure tunneling daemon

Copyright (C) 2002-2018 OpenVPN Inc. This program is free software;
you can redistribute it and/or modify
it under the terms of the GNU General Public License version 2
as published by the Free Software Foundation.

*************************************************************************

To get the latest release of OpenVPN, go to:

	https://openvpn.net/index.php/download/community-downloads.html

To Build and Install,

	tar -zxf openvpn-<version>.tar.gz
	cd openvpn-<version>
	./configure
	make
	make install

or see the file INSTALL for more info.

*************************************************************************

For detailed information on OpenVPN, including examples, see the man page
  http://openvpn.net/man.html

For a sample VPN configuration, see
  http://openvpn.net/howto.html

To report an issue, see
  https://community.openvpn.net/openvpn/report

For a description of OpenVPN's underlying protocol,
  see the file ssl.h included in the source distribution.

*************************************************************************

Other Files & Directories:

* configure.ac -- script to rebuild our configure
  script and makefile.

* sample/sample-scripts/verify-cn

  A sample perl script which can be used with OpenVPN's
  --tls-verify option to provide a customized authentication
  test on embedded X509 certificate fields.

* sample/sample-keys/

  Sample RSA keys and certificates.  DON'T USE THESE FILES
  FOR ANYTHING OTHER THAN TESTING BECAUSE THEY ARE TOTALLY INSECURE.

* sample/sample-config-files/

  A collection of OpenVPN config files and scripts from
  the HOWTO at http://openvpn.net/howto.html

*************************************************************************

Note that easy-rsa and tap-windows are now maintained in their own subprojects.
Their source code is available here:

  https://github.com/OpenVPN/easy-rsa
  https://github.com/OpenVPN/tap-windows

The old cross-compilation environment (domake-win) and the Python-based
buildsystem have been replaced with openvpn-build:

  https://github.com/OpenVPN/openvpn-build

See the INSTALL file for usage information.