This also removes unittest.vcxproj from solution, since
it is deprecated in favor of CMake-based unit tests.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
This test attempts to assure that the measurements we get from
openvpn::cpu_time() is within a reasonable range of what we should
normally expect.
This is achieved by using a simple worker thread which ensures the
process is not "idling" (like it would with sleep()) but in a real busy
loop which takes some time. Then we measure the time spent in the busy
loop, both using a simplistic time() and comparing that with what
cpu_time() returns.
This unit test also supports measuring multiple running threads
individually too.
Signed-off-by: David Sommerseth <davids@openvpn.net>
This introduces experimental support for Wintun
as an alternative for tap-windows6.
In order to use wintun, set "ClientAPI::Config::wintun"
flag to "true" or use "-w" option in test client.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
This takes into use new TunSetup API which enables to create bypass
routes before establishing connection.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
There are two ways how Linux tun can be manipulated -
by using iproute2 or netlink. Both implementations have
defined identical Setup class implementation.
This commit factors out Setup class from tun implementations
and templatizes it, which removes need in duplicated code.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
This requires cli.cpp to be included in openvpn3-linux build environment
and the right defines set before the test.cpp is included.
This workaround is necessary since the dbus dependencies are not part
of the core and to adding an extra copy of cli.cpp to openvpn3-linux
Signed-off-by: Arne Schwabe <arne@openvpn.net>
The metadata that may be possibly be contained in the WKc has to be
verified by means of a user implemented behaviour.
Implement an abstract class that exports a verify() method to be
used for this purpose.
Users can extend this class and override the verify() method with
their own.
A basic implementation is also provided: it will just ignore the
metadata (if any) and report success to the core.
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
On the linux client we need the information to which remote the client
is connecting to query the route information to ultimately discover the
device. On other platform that do not need these extra information we
ignore the extra arguments
The API uses std::string and bool instead of passing of passing IPAddr as
the API needs to be understand by Swig/Java and similar methods also opt in
favour of call by value and simply types.
Signed-off-by: Arne Schwabe <arne@openvpn.net>
If the PROF env variable is already set, respect that original value
instead of enforcing a value which might be wrong on the build host.
Signed-off-by: David Sommerseth <davids@openvpn.net>
For testing, add the capability to get the next "remote"
directive from the output of an external script or binary.
Signed-off-by: James Yonan <james@openvpn.net>
// If true, consider AUTH_FAILED to be a non-fatal error,
// and retry the connection after a pause.
bool retryOnAuthFailed = false;
Signed-off-by: James Yonan <james@openvpn.net>
The OpenVPN 3 config file parser allows an embedded server list,
given as:
setenv SERVER <HOST1>/<FRIENDLY_NAME1>
setenv SERVER <HOST2>/<FRIENDLY_NAME2>
. . .
This patch allows the -s server override to specify
a friendly name and will substitute the host or IP
address given in the server list.
Signed-off-by: James Yonan <james@openvpn.net>
Following an high number of users complaints, it was suggested
to re-enable MD5 and to give our users a notice period of some
months before dropping its support entirely.
With this patch we add a new certificate profile called "insecure"
which is equal to "legacy" with the addition of MD5.
By default OpenVPN3 still use legacy and the insecure profile
must be enabled explicitly by the client app.
The new profile is also enveloped in an ifdef so that
such support is not introduced, unless who builds the core
knows about it.
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
Allow source files that require JSON library functionality
to include a single file (openvpn/common/jsonlib.hpp) which
will then draw in the appropriate JSON library header based
on configuration #defines.
Code can #ifdef on HAVE_JSON to test whether or not JSON
functionality is available (previously, HAVE_JSONCPP
was used).
Currently supports JsonCpp and an OpenVPN-internal JSON
implementation.
This model assumes that alternative JSON implementations
are API-compatible with JsonCpp.
Signed-off-by: James Yonan <james@openvpn.net>
By default tls-crypt is now enabled instead of tls-auth.
It can be easily changed by editing the define at the top
of test/ssl/proto.hpp
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
Not really important, but worth fixing to avoid polluting
any memchecker output with unreleased (leaked) resources.
Release process resources before exiting the main function.
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
* enabled by OPENVPN_OVPNCLI_SINGLE_THREAD compile flag.
* turns off the signal blocker.
* Adds overrideable clock_tick() virtual method with
configurable frequency that is used when processing
signals when the OpenVPN client is running in
single-thread mode.
Signed-off-by: James Yonan <james@openvpn.net>
Created a lightweight abstraction layer so that another i/o
reactor can be dropped in place of asio.
The basic approach is to rename all references to asio::xxx
types to openvpn_io::xxx and then make openvpn_io a
preprocessor variable that points to the top-level namespace
of the i/o reactor implementation.
All of the source files that currently include <asio.hpp> now
include <openvpn/io/io.hpp> instead:
This gives us a lightweight abstraction layer that allows us
to define openvpn_io to be something other than asio.
Other changes:
* Inclusion of asio by scripts/build is now optional, and is
enabled by passing ASIO=1 or ASIO_DIR=<dir>.
* Refactored openvpn/common/socktypes.hpp to no longer
require asio.
* Refactored openvpn/log/logthread.hpp to no longer require
asio.
* Added openvpn::get_hostname() method as alternative to
calling asio directly.
* openvpn/openssl/util/init.hpp will now #error
if USE_ASIO is undefined.
Signed-off-by: James Yonan <james@openvpn.net>
legacy -- allow 1024-bit RSA certs signed with SHA1
preferred -- require at least 2048-bit RSA certs signed
with SHA256 or higher
suiteb -- require NSA Suite-B
The current default is legacy.
The directive can be set in the profile or overridden/defaulted
in the client API via ClientAPI::Config::tlsCertProfileOverride
var.
TODO: implement for OpenSSL.
