INFO,<payload>
Payload can be any UTF-8 printable string under 64 KB
(multiple lines are okay).
INFO notifications can be sent from server to client
in real-time, on any active client connection.
The client will attach the payload to an INFO event and
forward it to the controlling app via the event callback:
virtual void event(const Event&) = 0;
receive path to reassemble messages fragmented by the
SSL layer up to a max message size of 64 KB.
Ramifications:
* Peer info data and pushed options can be significantly
larger (i.e. approaching 64 KB).
* Less need for the options continuation feature.
Limitations:
* While this patch doesn't change the underlying OpenVPN
protocol, it can result in messages being sent that are
fragmented by the receiving SSL implementation into
multiple buffers. Implementations that lack reassembly
capabilities (such as OpenVPN 2.x at this point in time)
would see each buffer fragment as a separate message.
* This patch running on the server will break negotiation
with pre-peer-info clients. Basically this means it will
interoperate with any OpenVPN 3 version or OpenVPN 2.x
version that includes the June 2010 commit "Implemented a
key/value auth channel from client to server.
Version 2.1.1i".
(instead of 2):
(a) ordinary events such as CONNECTING, CONNECTED,
(b) nonfatal errors such as TRANSPORT_ERROR that will
automatically trigger a reconnect, and
(c) fatal errors such as AUTH_FAILED, that will be followed
by a DISCONNECT
In ClientAPI::Event, added a new "fatal" boolean to indicate
when errors are fatal.
Added a new non-fatal event TUN_ERROR that triggers a
reconnect when errors are indicated in tunio.hpp.
ClientAPI::Config::ipv6 string:
IPv6 preference
no -- disable IPv6, so tunnel will be IPv4-only
yes -- request combined IPv4/IPv6 tunnel
default (or empty string) -- leave decision to server
bool ClientAPI::Config::autologinSessions and default
to false. Previously, the logic was hardcoded to true.
Autologin Sessions can be enabled in the cli.cpp wrapper
using the -a flag.
ClientAPI::Config::gremlinConfig string.
The gremlin option allows extra packet latency
or unreliability to be added to the tunnel.
The format of the option is a comma-separated list
of numerical parameters:
send_delay_ms, recv_delay_ms, send_drop_prob, recv_drop_prob
Parameter description:
send_delay_ms : delay packets by n milliseconds before
transmission (UDP/TCP).
recv_delay_ms : delay received packets by n milliseconds
before processing them (UDP/TCP).
send_drop_prob : drop sent packets with probability 1/n
(UDP only).
recv_drop_prob : drop received packets with probability
1/n (UDP only).
Set any parameter to 0 to disable.
Gremlin parameters currently work with UDP and TCP
transport as documented above, but not for proxy transport.
Client must be built with the OPENVPN_GREMLIN flag to compile
gremlin functionality.
Command-line client can set the gremlin config
string using --gremlin or -G, for example:
--gremlin=250,250,64,64
When using the above parameters, an extra 500 milliseconds
will be added to round-trip latency, and 1/64 sent or
received packets will be dropped.
class with ovpn3 core:
// If enabled, don't direct ovpn3 core logging to
// ClientAPI::OpenVPNClient::log() virtual method.
// Instead, logging will go to LogBaseSimple::log().
// In this case, make sure to define:
// LogBaseSimple log;
// at the top of your main() function to receive
// log messages from all threads.
// Also, note that the OPENVPN_LOG_GLOBAL setting
// MUST be consistent across all compilation units.
#if 0
#define OPENVPN_LOG_GLOBAL // use global rather than thread-local log object pointer
#include <openvpn/log/logbasesimple.hpp>
#endif
interface management code into TunMac::Setup()
(tunsetup.hpp).
Added TunBuilderSetup::Config, Base, and Factory for use
as a unix-portable abstraction layer for tun interface
management code.
Added Stop object pointer to Mac OS X tun config
(TunMac::ClientConfig), so that tun management code can
detect stop commands if it's blocking outside of outer
asio::io_context.
data to the OpenVPN handshake (peer-info is a client -> server
key/value list that is part of the OpenVPN protocol). To
add peer-info key/value pairs, use ClientAPI::Config::peerInfo.
Incremented core OPENVPN_VERSION to "3.0.6".
allowing backtracks of up to 2048 (previous limit was 64).
In addition, we now maintain the packet ID window as a bit
array (previously a byte array was used).
This feature is needed by Android because it lacks a native
VPN API method for excluding routes.
If redirect-gateway is enabled and exclude routes are present,
such as:
route 54.215.128.71 255.255.255.255 net_gateway
the client will emulate the excluded route(s) by adding routes
that encompass the entire IPv4/v6 address space EXCEPT for the
excluded route. These routes will be used for redirect-gateway
instead of the standard 0.0.0.0/0 and ::0/0.
1. work with latest proto.hpp API changes.
2. NOERR -- if defined, turn off simulated errors
3. FORCE_AES_CBC -- set force_aes_cbc_ciphersuites SSL flag
4. if VERBOSE, enable SSL debugging output