The asio::io_context::work class has been replaced by a new
class having somewhat different and more verbose
semantics.
We create our own class AsioWork based on the new class
asio::executor_work_guard<asio::io_context::executor_type>
that implements the semantics of the original
asio::io_context::work class.
mutable_buffers_1 -> mutable_buffer
const_buffers_1 -> const_buffer
This patch is a granularization of a patch by David Sommerseth
<davids@openvpn.net> where only the above renames are included.
construction even when user/group lookup fails.
Updated calls to std::strerror() to use a saved version
of errno.
Added chown(), gid(), and additional defined() methods.
Use uid_t as the return type for uid().
to HTTP CONNECT but implemented over the OpenVPN protocol.
1. Client connects to relay server as if it were connecting
to an ordinary OpenVPN server.
2. Client authenticates to relay server using its client
certificate.
3. Client sends a PUSH_REQUEST method to relay server which
then replies with a RELAY message instead of PUSH_REPLY.
4. On receiving the RELAY message, the client attempts to
reconnect using the existing transport socket. The
server will proxy this new connection (at the transport
layer) to a second server (chosen by the relay server)
that is the target of proxy.
5. The client must establish and authenticate a new session
from scratch with the target server, only reusing the
transport layer socket from the original connection to
the relay server.
6. The relay acts as a man-in-the-middle only at the
transport layer (like most proxies), i.e. it forwards
the encrypted session between client and target server
without decrypting or having the capability to decrypt
the session.
7. The client is designed to protect against potentially
untrusted or malicious relays:
(a) The client never transmits the target server
username/password credentials to the relay server.
(b) The relay forwards the encrypted OpenVPN session
between client and target server without having
access to the session keys.
(c) The client configuration has a special directive
for relay server CA (<relay-extra-ca>) and relay
server tls-auth key (<relay-tls-auth>) to allow
for separation of TLS/crypto configuration between
relay and target servers.
(d) The client will reject any PUSH_REPLY messages
from the relay itself to prevent the relay from
trying to establish a tunnel directly with the
client.
Example configuring a client for relay:
# remote addresses point to the relay server
remote ... 1194 udp
remote ... 443 tcp
# include all other directives for connecting
# to the target server
# enable relay mode
relay-mode
# constrain the relay server's cert type
relay-ns-cert-type server
# include extra CAs that validate the relay
# server cert (optional).
<relay-extra-ca>
-----BEGIN CERTIFICATE-----
. . .
-----END CERTIFICATE-----
</relay-extra-ca>
# specify the TLS auth key for the relay server
relay-key-direction 1
<relay-tls-auth>
-----BEGIN OpenVPN Static key V1-----
. . .
-----END OpenVPN Static key V1-----
</relay-tls-auth>
Triple DES, and other 64-bit block-size ciphers vulnerable
to "Sweet32" birthday attack (CVE-2016-6329). Limit such
cipher keys to no more than 64 MB of data
encrypted/decrypted. While our overall goal is to limit
data-limited keys to 64 MB, we trigger a renegotiation
at 48 MB to compensate for possible delays in renegotiation
and rollover to the new key.
This client-side implementation extends data limit
protection to the entire session, even when the server
doesn't implement data limits.
This capability is advertised to servers via the a
peer info setting:
IV_BS64DL=1
meaning "Block-Size 64-bit Data Limit". The "1" indicates
the implementation version.
The implementation currently has some limitations:
* Keys are renegotiated at a maximum rate of once per
5 seconds to reduce the likelihood of loss of
synchronization between peers.
* The maximum renegotiation rate may be further extended
if the peer delays rollover from the old to new key
after renegotiation.
Added N_KEY_LIMIT_RENEG stats counter to count the number
of data-limit-triggered renegotiations.
Added new stats counter KEY_STATE_ERROR which roughly
corresponds to the OpenVPN 2.x error "TLS Error:
local/remote TLS keys are out of sync".
Prevously, the TLS ack/retransmit timeout was hardcoded to
2 seconds. Now we lower the default to 1 second and make
it variable using the (pushable) "tls-timeout" directive.
Additionally, the tls-timeout directive can be specified
in milliseconds instead of seconds by using the
"tls-timeout-ms" form of the directive.
Made the "become primary" time duration configurable via
the (pushable) "become-primary" directive which accepts
a number-of-seconds parameter. become-primary indicates
the time delay between renegotiation and rollover to the
new key for encryption/transmission. become-primary
defaults to the handshake-window which in turn defaults
to 60 seconds.
Incremented core version to 3.0.20.
* Added uid() method.
* Removed "explicit" qualifier from constructors since it
appears to be superfluous.
* Added "::" prefix to global libc functions.
* Added clarifying comment that SetUserGroup object does not
own passwd and group objects, therefore *pw and *gr can
change under us.
error detection without throwing an exception, and
extended get_num() method in Option and OptionList to
parse both decimal and hex strings, where hex strings
are prefixed with "0x".
* Support log observers.
* Support asynchronous stop.
* More flexibility on choosing the RC base class of
ServerThreadType and inherit virtually to allow
for shared RC bases.
If either "push-peer-info" or "setenv PUSH_PEER_INFO"
directives are specified, client will push "setenv UV_x"
directives to the server via peer info data.
chars is passed to this template method:
template <typename V>
std::string encode(const V& data) const
The problem is that references to data[] were failing to
cast the value to unsigned char, so UTF-8 chars >= 0x80
were being interpreted as negative values.
definition of mutable globals.
For all but the first compilation unit, define:
#define OPENVPN_EXTERN extern
This will cause mutable globals to be referenced as
extern.
* Where unicode/ansi versions of a method exist, always
explicitly call one of unicode or ansi methods by
appending a 'W' or 'A' to the end of the method name.
Never omit the 'W' or 'A' because that will cause the
default method to be used which may vary according to
build flags.
* Prepend all Windows API method references with "::" to
indicate that the method names should be resolved from
the top-level namespace.
to communicate with subprocess and provides std::strings for
input/output/error.
Updated Command class with new execute() signature.
Added RedirectPipe (redir.hpp) to deal with handling
input/output/error pipes for a subprocess.
implementations to provide custom ActionList handlers.
This can be used, for example, to forward tun configuration
commands requiring higher privileges to a remote daemon.
* Added static polymorphic sink for print formatting in
print_formatted_detail::Output<T> where T can be
std::string or std::ostringstream
* By default printfmt() uses:
PrintFormatted<std::string> pf(fmt, 256);
* prune openvpn::to_string() methods prior to removal
(obsoleted by C++11 std::to_string())
(1) Create new versions of to_string() method:
(a) for numeric types, dispatch to std::to_string()
(b) for string, char, and nullptr_t types, handle directly
(c) for other types, use std::ostringstream
(2) Create vararg methods prints, print, and printd
for printing argument lists.
(3) Create method printfmt() with string formatting
similar to sprintf but fully type-safe.
usage: printfmt(<format_string>, args...)
options:
%s formats any argument regardless of type.
%r formats any argument regardless of type and quotes it.
%% formats '%'
1. Hash code is now compatible with VS 2015, so
HAVE_HASH_COMBINE can be removed.
2. Added OPENVPN_HASH_METHOD macro for defining std::hash<>
classes.
3. Make Hash::combine() into a varargs method.
data to the OpenVPN handshake (peer-info is a client -> server
key/value list that is part of the OpenVPN protocol). To
add peer-info key/value pairs, use ClientAPI::Config::peerInfo.
Incremented core OPENVPN_VERSION to "3.0.6".
a security check to ensure that untrusted content pasted into
multiline config file directives such as:
<cert>
. . .
</cert>
doesn't try to break out of the pseudo-XML block
by inserting its own </cert>.
* added ServerThreadWeakBase, an alternative version of
ServerThreadBase that supports weak pointers,
* added set_exit_socket() method for triggering a mutual
exit between two partner processes if either process
closes their end of the socket,
* added a prefix string to distinguish between multiple
RunContext objects, and
* refactored cancel() method to better leverage on asio::post.
a file descriptor to a writable file, and keeps the
file open over multiple write cycles to the file.
Useful for updating a file after privilege downgrade.
1. log_setup -- redirect stdin/stdout/stderr
2. daemonize -- actually call daemon()
For compatibility, the old daemonize() method is still
available and is now internally composed using the new
methods.
* rename BOOST_NOEXCEPT to noexcept
* verify that certain classes are noexcept move constructable
including Option, Buffer, BufferAllocated, RunContext::Thread
control whether hex chars a-f are rendered as lowercase or
uppercase.
Renamed the template form of render_hex() to render_hex_generic(),
to avoid ambiguity from new caps parameter.
* Make use of C++11 move semantics for optimization, especially
where std::vector<Option> is pushed onto OptionList.
* Fixed bug in Option::render() where arguments would be
printed without any delimiter if RENDER_BRACKET flag was
absent.
* Added parse_from_peer_info() method, for parsing peer info
string received from client.
to use Link abstraction (openvpn/common/link.hpp) to link with
transport layer (and other layers such as routing and management
as development progresses).
terminates loop through char array.
This is functionally a no-op because the
(*p == equal || is_base64_char(*p)) term will effectively
terminate the loop when *p != '\0' because is_base64_char(0)
returns 0.
executed asynchronously in a worker thread.
Needed to make some changes to logthread as well
to allow log context to be made available to
the worker thread.
These scripts
scripts/mac/build-minicrypto
scripts/mac/build-polarssl
will now build PolarSSL (on OSX) with libminicrypto linkage.
Currently, only SHA1/256/512 implementations from OpenSSL are
built in libminicrypto. We leave the current PolarSSL AES
implementation as-is since it now implements AES-NI.
Also added portable openssl/build-openssl script.
* Allow DestructorBase object to be bound to TunPersist-owned
SCOPED_OBJ object, so that DestructorBase::destroy() is guaranteed
to be called before SCOPED_OBJ destruction. This is used as a
mechanism to remove routes and other properties of the Windows
TAP adapter that must be unwound when the TAP adapter is closed.
* Added ScopedAsioStream to allow an Asio stream object to
be managed by a TunPersist object.
* Added TunPersistAsioStream which supports that subset of the Asio
stream interface required by TunIO, and is intended to wrap a
ScopedAsioStream embedded in a TunPersist object.
It is used primarily on Windows to wrap the TAP interface HANDLE
in way that plays well with Windows I/O completion ports (once
a HANDLE is bound to an I/O completion port it cannot be unbound).
base_type value, i.e. -1. This is intended to smooth out the
differences between ScopedFD and (upcoming) ScopedHANDLE APIs,
so that they can be used as template types.
Added support for "http-proxy" and "http-proxy-option" directives
in the main section of the config file, outside of <connection>
blocks.
Added <http-proxy-user-pass> multiline directive for inlining
proxy creds:
<http-proxy-user-pass>
user
pass
</http-proxy-user-pass>
Merge class now knows how to expand creds file inline.
For example,
http-proxy ntlm.yonan.net 3128 auth.txt
is converted to:
http-proxy ntlm.yonan.net 3128 auto
<http-proxy-user-pass>
user
pass
</http-proxy-user-pass>
Dusted off LZ4 implementation and enabled in iOS
and cli.cpp builds.
Tested LZ4 as well with OpenVPN 3 acting as the client,
with a hacked AS and OpenVPN 2.3 (JY) acting as the server
(see lz4hack patches).
Ported iOS client and OpenVPN 3 core to ARM-64.
Now building a "fat binary" with Xcode 5.0.1 that
targets arm7, arm7s, and arm64.
Outstanding issues:
* IPv6 doesn't route through tunnel on iOS7
* Client doesn't install on iOS 5.1.1.
tls-version-min directive:
setenv opt tls-version-min 1.2 or-highest
In 3.0 core, properly set OPENVPN_VERSION to 3.0.
Updated make-community to automatically push at
end of build.
unrecognized, ignored, or unused.
This behavior is somewhat different (by design) to 2.x branch, which
will raise a fatal exception if an unrecognized option is
encountered.
where if more than one instance of an option exists, and
a single instance of the option is required, use the last
instance. Previously we would raise an exception in this case.
modifications due to server push will not persist across client
instantiations.
Added RCCopyable object, a variation on RC that allows copying and
assignment.
OpenVPN 1.1.10 build 42 (Android)
Change to memcmp_secure: declare memory regions as volatile
to avoid potential compiler optimizations from leaking
timing info.
tun semantics, however this code has not been enabled yet on iOS
because it breaks in several ways:
1. network available/unavailable detection appears to break when
tun interface is kept alive across transport connection sessions.
2. plugin session persistence appears to fail when these lines are not
executed immediately after transport pause/resume:
VPNTunnelSetStatus(tunnelRef, kVPNTunnelStatusReasserting, 0);
VPNTunnelClearConfiguration(tunnelRef)
iOS Core change: change pause/reconnect delay to 3 seconds (from 2)
to reduce flapping.
Android: 1.1.9 build 31
* Reverted key-direction back to a default of 1.
* Raise fatal error if "fragment" option is used.
* Made TunBuilderCapture more useful as a base class for
tun construction on various platforms.
* Added disableClientCert flag at ovpncli.hpp API.
* Updated help FAQ with more details on how to
properly set key-direction, and notes about
possible network disconnect during voice calls.
"reneg-sec"), where if period is 0, we must treat it as essentially
infinite. This fixes the issue where "reneg-sec 0" was causing an
infinite connect loop.
Refactored number.hpp to provide all reasonable number-parsing
functionality, so that typeinfo.hpp can be retired.
* VoD profiles can be defined using the iPhone Configuration utility:
1. Connection Type should be set to Custom SSL
2. Identifier should be set to net.openvpn.OpenVPN-Connect.vpnplugin
3. Server can be set to a hostname, or "DEFAULT" to use the
hostname(s) from the OpenVPN configuration.
4. User Authentication should be set to Certificate, and the client
certificate+key should be attached as a PKCS#12 file.
5. VPN On Demand should be enabled and match entries should be
defined.
In addition, the OpenVPN client configuration file may be defined
via key/value pairs:
1. VoD requires an autologin profile.
2. Define each OpenVPN directive as a key, with arguments
specified as the value.
3. For Access server meta-directives such as
OVPN_ACCESS_SERVER_USERNAME, remove the "OVPN_ACCESS_SERVER_"
prefix, giving USERNAME as the directive.
4. If no arguments are present, use "NOARGS" as the value.
5. If multiple instances of the same directive are present,
number the directives in the order they should be processed by
appending .<n> to the directive, where n is an integer,
such as remote.1 or remote.2
6. For multi-line directives such as <ca> and <tls-auth>, you must
convert the multi-line argument to a single line by specifying
line breaks as \n -- also note that because of
this escaping model, you must use \\ to pass backslash itself.
* VoD profiles are recognized and listed by the app.
* The app can disconnect but not connect a VoD profile.
* Most app-level functionality such as logging and preferences
work correctly for VoD profiles.
Core changes:
* Added support for key-direction parameter in core.
* Fix attempt for java.lang.NullPointerException in
net.openvpn.openvpn.OpenVPNService.onStartCommand(OpenVPNService.java:838)
* Allow non-unified profiles (i.e. profiles containing directives that
reference other files) to be imported from SD card, as long
as all referenced files are present in the same directory on the
SD card as the profile.
* Relaxed parsing of "remote" directive to allow the port and/or
protocol parameters to be omitted. The port defaults to 1194
and the protocol to UDP. Either defaults can be changed with
the "port" or "proto" directive.
* Fixed issue where profile parser was choking on files containing
Windows-style line-endings.
Implemented IPv6 in iOS client.
Added new flags to redirect-gateway to control whether redirection
occurs at IPv4 or IPv6 levels (or both):
* ipv4 (default)
* !ipv4
* ipv6
* !ipv6
Added new directive "redirect-dns yes|no". If yes, all DNS requests
will be forwarded through pushed DNS servers. If no, only DNS
requests that match domains enumerated in "dhcp-option DOMAIN"
directives will be forwarded. If redirect-dns is omitted, it will
default to yes if redirect-gateway is specified at the IPv4 level
(this is the normal pre-existing behavior).
Allow the following aggregated options that are normally pushed by
the server to be defined in the config file as well. These options
will be combined with server-pushed options:
* route
* route-ipv6
* redirect-gateway
* redirect-private
* dhcp-option
Allow the following singleton options (i.e. options that don't
aggregate), that are normally pushed, to be defined in the config
file (note that server-pushed singleton options will override the
config file setting):
* redirect-dns
The Connection Details section of the UI now displays VPN IP
addresses for IPv4 and IPv6.
Added new pushable option "client-ip IP_ADDR" that can be pushed
by the server with the client's IP address as seen by the server.
The client will then show the address in the Connection Details
section of the UI.
array instead of concatenated string, and to resolve issue on OS X
where signals were being ignored after system() was called.
C++ iterators incremented in a for statement should usually use
a preincrement syntax.
OpenVPN 1.0 Beta 4
* Fixed issue where large profiles were hitting against a limitation
in Apple VPN API (configd[14] <Error>: VPN Controller: failed to
write to VPN control socket - msgtype: 2050). The fix is to pass the
profile to the plugin via a temporary file rather than putting the
file content into the plist.
* Added Help section toggle button.
* Added Private Tunnel import.
* Added anti-race sequencing to prevent connection request processing
until after callbacks and event stream subscriptions have been
set up.
Refactored some of the base Activity stuff into
OpenVPNClientBase.java.
Clients sending intents to OpenVPNService should use
OpenVPNService.INTENT_PREFIX as a key prefix when
calling putExtra.
* raise default headroom/tailroom to 512 for worst-case compression
expansion
* for TCP connections use async_connect instead of connect
* for Time and Time::Duration, handle subtraction reasonably with
infinite values
* handle possible infinite duration in to_posix_duration
* fix overflow in Time::Duration::to_milliseconds
* call Base::update_now() in ClientProto::start
Added ClientProtoTerminateCallback abstraction to ClientProto.
Added ClientProto::Config for configuration parameters, rather than
passing parameters individually to ClientProto constructor.
general-purpose classes.
Rename ProtoStats to SessionStats and make it more flexible
by using an abstract base class model.
Add a client event queue for the beginnings of a client-backend
API.
Added logic to ProtoContext to invalidate session on certain
kinds of errors in TCP that would be normally be okay in UDP
such as HMAC_ERROR, DECRYPT_ERROR, etc.
Add some alignment adjustment logic for READ_LINK_TCP (3 bytes)
and READ_LINK_UDP (1 byte).