throw() is the same as noexcept(true), which is the same as noexpect.
(https://en.cppreference.com/w/cpp/language/noexcept_spec)
noexpect is more standard nowadays and less likely to create confusion.
Single argument constructors should be marked explicit so they do not
end up being acidentially called.
This adds proper handling of AUTH_FAILED,TEMP server responses,
potentially modifying the restart delay time and which address
is to be used for the next connection attempt.
Changes the reconnect behavior so that all addresses of a remote
are tried in case of a connection error, instead of continuing
with the next remote immediately.
Signed-off-by: Heiko Hund <heiko@openvpn.net>
By giving an advance type to RemoteList::next() optionally, the
behavior of the function can be modified to move to the next remote
instead of the next address, or not move at all.
Signed-off-by: Heiko Hund <heiko@openvpn.net>
The tests in common were based on running main(); the tests have been
converted to the gtest framework and are now part of the automated
unit test suite.
Signed-off-by: Mark Deric <jmark@openvpn.net>
vcpkg has removed OPENSSL_VERSION from portfile.cmake
in favor of VERSION variable which is set based on port version
(https://github.com/microsoft/vcpkg/pull/27178/files).
Parse port manifest to get OpenSSL version.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Commit ae99307 ("tun: add persis-tun support for dco-win")
broke handling of premature exit of agent process. Introduced
"tun_persist->close_destructor()" call in "tun_start() " also closes
agent process handle within WinCommandAgent,
which triggers fail handler (without error code).
Fix by "re-arming" fail handler after "close_destructor()"
call in "tun_start()".
Signed-off-by: Lev Stipakov <lev@openvpn.net>
This commit changes the way the core deals with UV_ variables. They
now also respect push-peer-info (like in OpenVPN 2.x) and if variables
are present in both client.peerInfo and as setenv in the configuration
content, only the ones from peerInfo are send to the server.
The new behaviour can be tested with
ovpncli -I UV_TEST=cmdline conf.ovpn
and conf.ovpn having a setenv UV_TEST foobar in it as well
Signed-off-by: Arne Schwabe <arne@openvpn.net>
parent->transport_connecting() might trigger stop(),
reset device handle and set halt to true if TCP server
is down. In this case we should not queue read.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Add DcoTunPersist object to DCO::TunConfig.
DcoTunPersist stores:
- device handle
- tun settings
- adapter index/name
- pointer to TunSetup object, which itself
stores commands to undo tun settings
When intializing client options, instantiate DcoTunPersist
object within the scope of ClientConfig, which serves as
transport and tun factory for dco. Indicate that "sock" object
(device handle) should be preserved - not replaced when persisting
tun settings.
When establishing dco-win connection in OvpnDcoWinClient,
either use tun_persist created above (if persistance is enabled)
or instantiate it in-place (no persistance).
If nothing is stored in tun_persist (means this is first
connection or reconnect without persistance), acquire device
handle from tun_setup, wrap it into ASIO's basic_stream_handle
and store it in OvpnDcoWinClient - no need to persist it yet.
When starting tun, check if persisted tun session matches
to-be-created session. If no - clear previous tun settings,
set up tun and persist tun state. If device handle is already
stored in tun_persist, it won't be replaced.
On tun stop, send DEL_PEER command, which deletes peer
from the driver but keeps adapter in connected state. Then
close locally stored ASIO handle and reset tun_persist.
In case of "short term persistance" this will undo tun settings
and close device handle. For long term persistence, tun_persist
is also stored in ClientConfig and handle won't be closed yet.
In case of disconnect, ClientConfig::finalize(disconnect=true)
is called, which resets tun_persist, which in turn
undoes tun settings and closes device handle.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
In case of dco-win persist tun, adapter state (index and name)
persists over lifetime on TunSetup object. Add setter/getter
for adapter state to TunSetup.
While on it, ensure that TunSetup::establish() doesn't
acquire adapter handle for dco - this is done by another
dco-specific "get_handle" method. The handle is not
really used by establish() method when using dco-win.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Replace wintun-specific hardcoded RingBuffer with
ADAPTER_STATE template. This will be used later
for dco-win tun persist support.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Previously, we only supported int64 serial numbers.
This change renames get_sn() method to serial_number_as_int64()
for code that cares about 64-bit serial numbers.
Signed-off-by: James Yonan <james@openvpn.net>
If the ENABLE_DOXYGEN setting is enabled in CMake, it will look for the
local Doxygen installation and configure it. The HTML output will be
located under doxygen/core.
Signed-off-by: David Sommerseth <davids@openvpn.net>
Found by clang:
ovpn3/core/test/ovpncli/cli.cpp:664:16: warning:
'remote_override' overrides a member function but is not marked 'override'
[-Winconsistent-missing-override]
virtual void remote_override(ClientAPI::RemoteOverride& ro)
^
ovpn3/core/cmake/../client/ovpncli.hpp:658:20: note:
overridden virtual function is here
virtual void remote_override(RemoteOverride&);
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Both OPENVPN_REMOTE_OVERRIDE and PRIVATE_TUNNEL_PROXY
only enable features and do not change the behavior unless
configuration is also changed. Since the kovpn variant
is internal anyway, this should be safe to enable.
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
This adds a clang-format with the new code style for OpenVPN 3.
A very light Emacs dir-locals configuration has also been added, but
that will most likely not cover all the formatting aspects which
clang-format does. Running clang-format before committing is still
highly recommended to ensure the coding style is consistent.
Signed-off-by: David Sommerseth <davids@openvpn.net>
This commit add several improvements to dealing with unknown options
in client configuration files:
- implement ignore-unknown-option
- categorise the OpenVPN2 options in multiple categories and
warn/error out depending on the category
- error out when unsupported/unknown options are found. This avoids
problems like with --tls-crypt/--tls-crypt-v2 before where client
would ignore these options and not connect at all
Signed-off-by: Arne Schwabe <arne@openvpn.net>
If "state" is given without parameters, treat it as "state 1",
same as in openvpn 2.
This is sent, for example, but openvpn-gui.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
We already use IPAPI to add routes, so there is no reason
not to use it to add excluded routes. Example from server config:
push "redirect-gateway def1"
push "route 192.168.0.0 255.255.0.0 net_gateway"
This should redirect all traffic to VPN except one route. What
we should see in logs is:
IPHelper: add route 192.168.0.0/16 21 100.64.0.1 metric=-1
(where 100.64 is a default gw on my machine)
Reported-by: Arul Thileeban <arulthileeban@vt.edu>
Signed-off-by: Lev Stipakov <lev@openvpn.net>
- test_cpu_time: fix unused variable
- Allow GIT version to be reported as part of platform (version) string
- Update OpenSSL to 3.0.5, build fat lib for macos, drop 32 bit on iOS
- README.rst: some fixes for macOS instructions
- extpki.hpp: ignore deprecated EC_KEY_* functions
- mingw: fix OpenSSL on x86_64
- mingw: fix broken OpenSSL checkout
- test_ssl: fix ssl.enablelegacyProvider
- dco/GeNL: ignore message for unrelated interfaces
Signed-off-by: David Sommerseth <davids@openvpn.net>
dco-win adapter creates multiple device interfaces and in some
cases the right one is not the first one. Enumerate all interfaces
and pick the one with correct reference string.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
- the OpenSSL build script for all platform, was only
used on macOS and better alternatives like homebrew exit there
- mac build scripts in general, cmake/homebrew is a better alternative
- vars for Android, Android uses CMake based build, see ics-openvpn for an example
- lzo build scripts. Core can do lzo decompress witout it and if used, system lzo can
be used
Signed-off-by: Arne Schwabe <arne@openvpn.net>
clang 13 complains:
test/unittests/test_cpu_time.cpp:110:16:
error: variable 'd' set but not used [-Werror,-Wunused-but-set-variable]
double d=0;
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
(cherry picked from commit 9367513b4a)
This allows disabling the route emulation for Andorid API 33
(Tiramisu/API 33) or if the app implements its own emulation (ics-openvpn)
Signed-off-by: Arne Schwabe <arne@openvpn.net>
Since we do not operate any servers on macOS, we
do not want to invest time in fixing this.
In most cases you would want to use launchd anyway
and not use damonize().
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
OpenVPN 3.x has the same approach/problem for buffer allocation for the
tunnel packets that OpenVPN 2.x uses. Buffers are allocated very early
in the setup, so resizing/reacting to different frame sizes is not
really possible without major refactoring.
Therefore we use the same approach as with OpenVPN 2.x and allow a
MTU of up to 1600 by default and require setting tun-mtu-max in the
configuration file to allow larger values and allocate larger buffers.
Signed-off-by: Arne Schwabe <arne@openvpn.net>
- Fix rst syntax error
- Add pkg-config to list of brew packages to
install. While here, order them alphabetically.
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Doing first -Werror builds on Linux against OpenSSL 3.0.
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
(cherry picked from commit ab55c9fdb2)
Hardcode libdir to lib, because openssl3 chooses
lib64 otherwise.
While here, some small changes:
- remove dangerous "|| true" after openssl make
- remove "-j1" for openssl "make install". Speeds
up the documentation generation.
- use set -x
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
(cherry picked from commit f27157e28b)
