openvpn

mirror of https://github.com/OpenVPN/openvpn.git synced 2025-05-09 21:51:05 +08:00

Author	SHA1	Message	Date
james	18597b93f7	I've recently worked on a better version of pkcs11-helper. I've also merged it into QCA (Qt Cryptographic Architecture), so that KDE 4 will finally be able to use smartcards. The changes allows the following features: 1. Thread safe, is activated if USE_PTHREAD. 2. Slot event - Will allow us in the future to disconnect VPN when smartcard is removed. In order to support this OpenVPN must support threading... At least SIGUSR1 from a different thread. Threading should be supported in both Windows and Linux. -- currently disabled. When I talk about threading support it is just support in configuration script and that the method that SIGUSR1 self can be called from a different thread. I already handle the monitor threads. 3. Certificate enumeration - Will allow us to finally have one configuration file for all users! When you add the plugin GUI stuff you talked about, we will be able to display a list of available certificates for the user to select. -- currently disabled. 4. Data object manipulation - Will allow us to store tls-auth on the smartcard as well. -- currently disabled. 5. Many other minor improvements. Alon Bar-Lev git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@990 e7ae566f-a301-0410-adde-c780ea21d3b5	2006-04-05 07:17:02 +00:00
james	be9150b693	Added man page entry for --setenv-safe. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@989 e7ae566f-a301-0410-adde-c780ea21d3b5	2006-04-05 06:57:31 +00:00
james	c1c27fe32a	"topology subnet" fix for FreeBSD (Benoit Bourdin). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@986 e7ae566f-a301-0410-adde-c780ea21d3b5	2006-04-05 06:28:19 +00:00
james	07d19ba76c	Security Vulnerability -- An OpenVPN client connecting to a malicious or compromised server could potentially receive "setenv" configuration directives from the server which could cause arbitrary code execution on the client via a LD_PRELOAD attack. A successful attack appears to require that (a) the client has agreed to allow the server to push configuration directives to it by including "pull" or the macro "client" in its configuration file, (b) the client configuration file uses a scripting directive such as "up" or "down", (c) the client succesfully authenticates the server, (d) the server is malicious or has been compromised and is under the control of the attacker, and (e) the attacker has at least some level of pre-existing control over files on the client (this might be accomplished by having the server respond to a client web request with a specially crafted file). The fix is to disallow "setenv" to be pushed to clients from the server, and to add a new directive "setenv-safe" which is pushable from the server, but which appends "OPENVPN_" to the name of each remotely set environmental variable. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@983 e7ae566f-a301-0410-adde-c780ea21d3b5	2006-04-05 06:01:08 +00:00
james	28549038ac	Minor fixes for gcc (GCC) 4.0.2 warnings. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@905 e7ae566f-a301-0410-adde-c780ea21d3b5	2006-02-23 13:14:55 +00:00
james	16eda09737	Version 2.1_beta11 released git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@904 e7ae566f-a301-0410-adde-c780ea21d3b5	2006-02-19 12:17:59 +00:00
james	154adc7a21	Port share proxy bug fixes. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@903 e7ae566f-a301-0410-adde-c780ea21d3b5	2006-02-18 22:40:55 +00:00
james	93cb134df7	ps.c debug code git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@902 e7ae566f-a301-0410-adde-c780ea21d3b5	2006-02-18 16:35:21 +00:00
james	e92cee68c7	Added comments to ps.c (port share proxy code). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@901 e7ae566f-a301-0410-adde-c780ea21d3b5	2006-02-18 10:33:41 +00:00
james	dc46c0676f	Version 2.1_beta10 released git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@899 e7ae566f-a301-0410-adde-c780ea21d3b5	2006-02-17 07:43:32 +00:00
james	651a01f913	Version 2.1_beta9 released git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@896 e7ae566f-a301-0410-adde-c780ea21d3b5	2006-02-16 18:35:22 +00:00
james	6117b639d3	svn merge -r 888:889 https://svn.openvpn.net/projects/openvpn/contrib/alon/BETA21 21 git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@894 e7ae566f-a301-0410-adde-c780ea21d3b5	2006-02-16 18:17:32 +00:00
james	6add6b2fe7	Added --port-share option for allowing OpenVPN and HTTPS server to share the same port number. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@893 e7ae566f-a301-0410-adde-c780ea21d3b5	2006-02-16 18:12:24 +00:00
james	34a507c9ab	Added "bytecount" command to management interface. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@887 e7ae566f-a301-0410-adde-c780ea21d3b5	2006-02-10 10:01:46 +00:00
james	8d33c06028	Added feature to --management-client to confirm connection by writing IP addr and port to a file. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@885 e7ae566f-a301-0410-adde-c780ea21d3b5	2006-02-03 09:04:52 +00:00
james	4f404ad36d	Added --management-client option to connect as a client to management GUI app rather than be connected to as a server. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@884 e7ae566f-a301-0410-adde-c780ea21d3b5	2006-01-23 14:08:27 +00:00
james	49eb050d55	pkcs11 fixes. svn merge -r 879:881 https://svn.openvpn.net/projects/openvpn/contrib/alon/BETA21/openvpn . git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@882 e7ae566f-a301-0410-adde-c780ea21d3b5	2006-01-14 21:12:22 +00:00
james	513baee13d	Small fixes: * Fixed variable declaration in crypto.c that is not at the head of a block. * Added library to Visual C makefile. * In server.conf config sample, add additional comment text on "dev tap" usage. * Added some short documentation on revoke-full script. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@877 e7ae566f-a301-0410-adde-c780ea21d3b5	2006-01-07 03:21:49 +00:00
james	b366a1ff29	Version 2.1_beta8 released git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@874 e7ae566f-a301-0410-adde-c780ea21d3b5	2006-01-03 09:46:04 +00:00
james	296eddd8f6	incremented version number to 2.1_beta7b git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@872 e7ae566f-a301-0410-adde-c780ea21d3b5	2006-01-03 03:03:24 +00:00
james	183f592033	Added patch to modify openvpn.nsi for building a turnkey installer. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@866 e7ae566f-a301-0410-adde-c780ea21d3b5	2005-12-30 04:44:42 +00:00
james	e5d281cf2f	Fixed bug with tls-auth and key-direction parameter which was introduced in r844. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@865 e7ae566f-a301-0410-adde-c780ea21d3b5	2005-12-29 07:47:47 +00:00
james	cbc0dada77	svn merge -r 854:863 $SO/trunk/openvpn git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@864 e7ae566f-a301-0410-adde-c780ea21d3b5	2005-12-29 02:13:30 +00:00
james	d92819fa1a	Added OPENVPN_PLUGIN_TLS_FINAL plugin callback. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@862 e7ae566f-a301-0410-adde-c780ea21d3b5	2005-12-28 06:58:19 +00:00
james	1147885939	Minor ChangeLog edit. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@861 e7ae566f-a301-0410-adde-c780ea21d3b5	2005-12-23 17:34:46 +00:00
james	51b1d4c2b0	Some PKCS11-related code wasn't properly #ifdefed. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@860 e7ae566f-a301-0410-adde-c780ea21d3b5	2005-12-23 17:29:22 +00:00
james	33e81c4841	Man page and usage message changes to reflect --ip-win32 adaptive and --route-method adaptive. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@859 e7ae566f-a301-0410-adde-c780ea21d3b5	2005-12-22 19:50:48 +00:00
james	6215931bff	Added new option --route-method adaptive (Win32) which tries IP helper API first, then falls back to route.exe. Made --route-method adaptive the default. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@858 e7ae566f-a301-0410-adde-c780ea21d3b5	2005-12-22 18:55:49 +00:00
james	a9c802b2a3	--ip-win32 adaptive is now the default. --ip-win32 netsh (or --ip-win32 adaptive when in netsh mode) can now set DNS/WINS addresses on the TAP-Win32 adapter. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@857 e7ae566f-a301-0410-adde-c780ea21d3b5	2005-12-22 18:09:40 +00:00
james	a67724cb6d	Fixed bug in automatic Win32 PATH setting code. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@856 e7ae566f-a301-0410-adde-c780ea21d3b5	2005-12-17 22:23:28 +00:00
james	92bbb061ac	svn merge -r 845:854 $SO/trunk/openvpn . git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@855 e7ae566f-a301-0410-adde-c780ea21d3b5	2005-12-14 01:09:11 +00:00
james	6d89ede657	Don't warn user if he uses user/group/chroot and did not specify persist-key but uses PKCS#11. svn merge -r 847:848 https://svn.openvpn.net/projects/openvpn/contrib/alon/BETA21/openvpn . git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@853 e7ae566f-a301-0410-adde-c780ea21d3b5	2005-12-13 19:41:07 +00:00
james	f214bb2115	Added --auto-proxy directive to auto-detect HTTP or SOCKS proxy settings (currently Windows only). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@850 e7ae566f-a301-0410-adde-c780ea21d3b5	2005-12-12 19:46:10 +00:00
james	df5722cc68	First attempt at automatic proxy detection, Windows-only at this point. Proxy settings are taken from IE. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@846 e7ae566f-a301-0410-adde-c780ea21d3b5	2005-12-08 23:10:22 +00:00
james	c959fc742e	Inline file capability now works for --secret and --tls-auth. For example: <secret> [ascii key data] </secret> git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@844 e7ae566f-a301-0410-adde-c780ea21d3b5	2005-12-08 18:29:38 +00:00
james	e1447acc97	Fixed some gcc 4 warnings in misc.c. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@843 e7ae566f-a301-0410-adde-c780ea21d3b5	2005-12-08 15:36:27 +00:00
james	bed73623cd	Fixed segfault that occurred if remote_cert_eku is undefined and no server certificate verification method was enabled. Don't declare pkcs11 variables in struct options unless pkcs11 support is enabled. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@833 e7ae566f-a301-0410-adde-c780ea21d3b5	2005-12-05 04:00:00 +00:00
james	6d5d1010bc	Patch to support --topology subnet on Mac OS X (Mathias Sundman). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@832 e7ae566f-a301-0410-adde-c780ea21d3b5	2005-12-05 01:21:49 +00:00
james	5acb3a79ae	svn merge -r 780:820 $SO/trunk/openvpn . git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@828 e7ae566f-a301-0410-adde-c780ea21d3b5	2005-11-28 05:50:52 +00:00
james	027a87ceed	svn merge -r 823:825 $SO/contrib/alon/BETA21/openvpn . git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@827 e7ae566f-a301-0410-adde-c780ea21d3b5	2005-11-28 05:09:54 +00:00
james	a17f69699e	Modified nonblocking connect code so that this works as it should: ./openvpn --dev tap --proto tcp-client --verb 4 --remote [Black-Hole-IP-Addr] --connect-retry-max 1 --remap-usr1 SIGTERM git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@826 e7ae566f-a301-0410-adde-c780ea21d3b5	2005-11-28 04:59:19 +00:00
james	1ae9d05173	Added --connect-timeout option to control the timeout on TCP client connection attempts (doesn't work on all OSes). This patch also makes OpenVPN signalable during TCP connection attempts. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@823 e7ae566f-a301-0410-adde-c780ea21d3b5	2005-11-25 00:05:56 +00:00
james	d5badcf116	--remap-usr1 will now also remap signals thrown during initialization. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@822 e7ae566f-a301-0410-adde-c780ea21d3b5	2005-11-24 18:44:57 +00:00
james	0f4ab65425	Fixed minor man page formatting issue. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@821 e7ae566f-a301-0410-adde-c780ea21d3b5	2005-11-24 18:25:38 +00:00
james	a89295751f	Merged PKCS11 changes from Alon: svn merge -r 813:814 $SO/contrib/alon/BETA21/openvpn . git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@816 e7ae566f-a301-0410-adde-c780ea21d3b5	2005-11-19 01:48:58 +00:00
james	b5e8bfc551	Version 2.1_beta7 released git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@806 e7ae566f-a301-0410-adde-c780ea21d3b5	2005-11-13 01:35:45 +00:00
james	d31f9fd263	For Windows, set ip-win32 default back to dynamic. To use new adaptive mode, set explicitly. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@805 e7ae566f-a301-0410-adde-c780ea21d3b5	2005-11-12 23:11:18 +00:00
james	e78206c0c1	PKCS#11 fixes to interact with new backtrack-hardened openvpn_time function. svn merge -r 802:803 $SO/contrib/alon/BETA21/openvpn . git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@804 e7ae566f-a301-0410-adde-c780ea21d3b5	2005-11-12 23:06:53 +00:00
james	0475d17e1c	Reduce sensitivity to system clock instability and backtracks. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@799 e7ae566f-a301-0410-adde-c780ea21d3b5	2005-11-12 10:59:41 +00:00
james	f19f12c8b9	Fixed minor typos in --remote-cert-* documentation. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@798 e7ae566f-a301-0410-adde-c780ea21d3b5	2005-11-12 08:36:00 +00:00

1 2 3

127 Commits