multiple addresses will be treated as if each address was an
individual remote directive.
Fixed issue where UDP transport driver was calling socket
connect method synchronously. This can cause exceptions
to be thrown in corner cases, such as "No route to host"
on OSX/iOS for connections to IPv6 addresses when no default
IPv6 route exists on system. Refactoring UDP connect
operation to be asychronous fixes the issue.
Implemented remote-random.
Core: Log but don't raise a fatal error on connections where
server pushes an invalid route or dhcp-option. In this case,
the offending pushed directive will be ignored.
tun semantics, however this code has not been enabled yet on iOS
because it breaks in several ways:
1. network available/unavailable detection appears to break when
tun interface is kept alive across transport connection sessions.
2. plugin session persistence appears to fail when these lines are not
executed immediately after transport pause/resume:
VPNTunnelSetStatus(tunnelRef, kVPNTunnelStatusReasserting, 0);
VPNTunnelClearConfiguration(tunnelRef)
iOS Core change: change pause/reconnect delay to 3 seconds (from 2)
to reduce flapping.
1. route all DNS requests through pushed DNS server if no added
search domains.
2. route selected DNS requests through pushed DNS server if at
least one added search domain.
On Android, apparently there is no selective DNS routing, so all
DNS requests will be routed through pushed DNS server, if at least
one exists.
With redirect-gateway on both platforms, all DNS requests are always
routed through the VPN.
Separated the functionality of replacePasswordWithSessionID
and cachePassword, and allow them to be used together,
in which case the session ID will be used as the password
until it expires or is invalidated, then the cached
password will be used to reauth.
Android: 1.1.9 build 31
* Reverted key-direction back to a default of 1.
* Raise fatal error if "fragment" option is used.
* Made TunBuilderCapture more useful as a base class for
tun construction on various platforms.
* Added disableClientCert flag at ovpncli.hpp API.
* Updated help FAQ with more details on how to
properly set key-direction, and notes about
possible network disconnect during voice calls.
key, if the server allows it. To enable, add the following to
the profile:
setenv CLIENT_CERT 0
This is necessary to resolve an ambiguity when the profile
contains no client certificate or key, because otherwise
the client app can't know whether an external certificate/key
pair should be obtained from the Keychain, or whether the
server actually doesn't require a client certificate/key.
If the above directive is set to 1 or absent, the app will
assume that an external certificate/key pair should be obtained
from the Keychain
The option is given as a "setenv" to avoid breaking other
OpenVPN clients that might not recognize it.
----
Also, made subtle change to autologin determination, so that
community external PKI profiles will work properly with
autologin or userlogin based on the presence or absence of
auth-user-pass.
"reneg-sec"), where if period is 0, we must treat it as essentially
infinite. This fixes the issue where "reneg-sec 0" was causing an
infinite connect loop.
Refactored number.hpp to provide all reasonable number-parsing
functionality, so that typeinfo.hpp can be retired.