Samuli Seppänen | 28 May 13:39 2015
Picon

Topics for next Monday's (1st Jun 2015) community meeting

Hi,

We're going to have an IRC meeting next Monday, 1st Jun, starting at
20:00 CEST (18:00 UTC) on #openvpn-devel <at> irc.freenode.net.
Current topic list along with basic information is here:

<https://community.openvpn.net/openvpn/wiki/Topics-2015-06-01>

If you have any other things you'd like to bring up, respond to this
mail, send me mail privately or add them to the list yourself.

In case you can't attend the meeting, please feel free to make comments
on the topics by responding to this email or to the summary email sent
after the meeting. Whenever possible, we'll also respond to existing,
related email threads.

NOTE: It's required to use a registered Freenode IRC nickname to join
#openvpn-devel - look here for details:

<https://community.openvpn.net/openvpn/wiki/GettingHelp#DeveloperIRCchannel>

--

-- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock

------------------------------------------------------------------------------
(Continue reading)

Gert Doering | 26 May 23:01 2015
Picon

[PATCH] slightly enhance documentation about --cipher

point out that this is for "data channel" packets

trac #463

Signed-off-by: Gert Doering <gert <at> greenie.muc.de>
---
 doc/openvpn.8 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/openvpn.8 b/doc/openvpn.8
index b1c2fab..fb759cf 100644
--- a/doc/openvpn.8
+++ b/doc/openvpn.8
 <at>  <at>  -3904,7 +3904,7  <at>  <at>  For more information on HMAC see
 .\"*********************************************************
 .TP
 .B \-\-cipher alg
-Encrypt packets with cipher algorithm
+Encrypt data channel packets with cipher algorithm
 .B alg.
 The default is
 .B BF-CBC,
--

-- 
2.3.6

------------------------------------------------------------------------------
Gert Doering | 24 May 21:30 2015
Picon

rfd: 'serial-tests' automake option

Hi,

somewhere between automake-1.11 and automake-1.14 the default for handling
"make check" changed from "serial-tests" to "parallel-tests" - which 
sounds harmless, but has the interesting side effect of hiding the output
of all (potentially parallel-run) test scripts until the summary at the
end, and even then, only printing the summary, not the detail output.

I can see that this looks much more pretty (and colours, wooh!), but
for my day-to-day regression testing and for analyzing buildbot failures,
this just adds extra steps to figure out what it is doing right now, and
where and why it failed this time - especially in the buildbot case, the
difference is "the reason is right in the mail" vs "I need to login to
the buildbot machine, go to the right build directory (of many), and 
grab the log file from there".

Fortunately, there is an automake option for this, which I'd propose to
enable... (well hidden inside "info automake-1.14" -> "Options")

diff --git a/tests/Makefile.am b/tests/Makefile.am
index b7980e0..02fa392 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
 <at>  <at>  -9,6 +9,8  <at>  <at> 
 #  Copyright (C) 2006-2012 Alon Bar-Lev <alon.barlev <at> gmail.com>
 #

+AUTOMAKE_OPTIONS = serial-tests
+
 MAINTAINERCLEANFILES = \
(Continue reading)

Gert Doering | 24 May 15:02 2015
Picon

[PATCH] Disallow usage of --server-poll-timeout in --secret key mode.

The internal machinery wants TLS for this to work, so just add this
to the (long) list of options not allowed unless either --tls-client
or --tls-server is active.  For added sanity, add an ASSERT() call
to place where this combination caused a NULL ptr reference, and
document the restriction.

Fix trac #373

Signed-off-by: Gert Doering <gert <at> greenie.muc.de>
---
 doc/openvpn.8         | 4 ++++
 src/openvpn/forward.c | 1 +
 src/openvpn/options.c | 1 +
 3 files changed, 6 insertions(+)

diff --git a/doc/openvpn.8 b/doc/openvpn.8
index b1c2fab..3fff3f2 100644
--- a/doc/openvpn.8
+++ b/doc/openvpn.8
 <at>  <at>  -3783,6 +3783,10  <at>  <at>  when polling possible remote servers to connect to
 in a round-robin fashion, spend no more than
 .B n
 seconds waiting for a response before trying the next server.
+As this only makes sense in client-to-server setups, it cannot
+be used in point-to-point setups using
+.B \-\-secret
+symmetrical key mode.
 .\"*********************************************************
 .TP
 .B \-\-explicit\-exit\-notify [n]
(Continue reading)

Steffan Karger | 24 May 11:45 2015

[PATCH] Clarify --capath option in manpage

Prevent confusion as described in trac #422 by better explaining the 
behaviour of --capath, and providing pointers to relevant openssl man pages.

Attached are patches for the master and release/2.3 branches.  The only 
difference is that in the master patch, a line referencing the 
requirement for OpenSSL 0.9.7 is removed, since master already requires 
OpenSSL >= 0.9.8.

-Steffan
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Gert Doering | 23 May 22:47 2015
Picon

[PATCH] Correct note about DNS randomization in openvpn.8

Commit 4880739c17b502d00a removed DNS randomization, but this fact
never made it into the man page.

Trac #411

Signed-off-by: Gert Doering <gert <at> greenie.muc.de>
---
 doc/openvpn.8 | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/doc/openvpn.8 b/doc/openvpn.8
index 56e7e80..f6e910c 100644
--- a/doc/openvpn.8
+++ b/doc/openvpn.8
 <at>  <at>  -265,9 +265,9  <at>  <at>  not match
 If
 .B host
 is a DNS name which resolves to multiple IP addresses,
-one will be randomly
-chosen, providing a sort of basic load-balancing and
-failover capability.
+the first address returned by the system getaddrinfo() function 
+will be used (no DNS randomization inside OpenVPN 2.3.x, and 
+it will not try multiple addresses).
 .\"*********************************************************
 .TP
 .B \-\-remote\-random\-hostname
--

-- 
2.3.6

(Continue reading)

Jonathan K. Bullard | 23 May 21:33 2015
Picon

[Patch] Fix null pointer dereference in options.c

(At Gert's request, I am posting this to openvpn-devel.)

This patch fixes a null pointer dereference in options.c.

Below are versions for openvpn-master and openvpn-2.3; they differ
only in the line number reference.

================
2.3 branch

diff -U 4 -r openvpn-release-2.3/src/openvpn/options.c
openvpn-fix-peer-id-2.3/src/openvpn/options.c
--- openvpn-release-2.3/src/openvpn/options.c 2015-05-18
12:30:14.000000000 -0400
+++ openvpn-fix-peer-id-2.3/src/openvpn/options.c 2015-05-21
06:52:38.000000000 -0400
 <at>  <at>  -7058,9 +7058,9  <at>  <at> 
       VERIFY_PERMISSION (OPT_P_GENERAL);
       options->persist_config = true;
       options->persist_mode = 1;
     }
-  else if (streq (p[0], "peer-id"))
+  else if (streq (p[0], "peer-id") && p[1])
     {
       VERIFY_PERMISSION (OPT_P_PEER_ID);
       options->use_peer_id = true;
       options->peer_id = atoi(p[1]);

================
Master branch
(Continue reading)

Steffan Karger | 23 May 15:02 2015

[PATCH] Re-read auth-user-pass file on (re)connect if required

Fixes trac #225 ('--auth-user-pass FILE' and '--auth-nocache' problem).

This patch is based on the changes suggested by ye_olde_iron in the trac
ticket.  Also added a note to the manpage to inform people to use
absolute paths when combining --auth-user-pass file and --auth-nocache.

Signed-off-by: Steffan Karger <steffan <at> karger.me>
---
 doc/openvpn.8            | 3 +++
 src/openvpn/init.c       | 1 +
 src/openvpn/ssl.c        | 4 ++--
 src/openvpn/ssl_common.h | 1 +
 4 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/doc/openvpn.8 b/doc/openvpn.8
index b9eee0d..e1e0af2 100644
--- a/doc/openvpn.8
+++ b/doc/openvpn.8
 <at>  <at>  -4780,6 +4780,9  <at>  <at>  when OpenVPN needs a username/password, it will prompt for input
 from stdin, which may be multiple times during the duration of an
 OpenVPN session.

+When using \-\-auth\-nocache in combination with a user/password file
+and \-\-chroot or \-\-daemon, make sure to use an absolute path.
+
 This directive does not affect the
 .B \-\-http\-proxy
 username/password.  It is always cached.
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 87c2211..67caec7 100644
(Continue reading)

Jan Just Keijser | 20 May 04:33 2015
Picon
Picon

patch for bug #93: up-restart env vars

hi all,

here's my patch for bug #93: missing ifconfig_* env vars after 
up-restart. Tested with both IPv4, IPv6, topology subnet and topology net30

cheers,

JJK

Attachment (ifconfig_envvar.patch): text/x-patch, 5315 bytes
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Steffan Karger | 18 May 21:21 2015

[PATCH] Updated manpage for --rport and --lport

[SK: v2, patch taken from trac #127 and updated to current master branch]

Signed-off-by: Robert Fischer <ml-openvpn <at> trispace.org>
Signed-off-by: Steffan Karger <steffan <at> karger.me>
---
 doc/openvpn.8 | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/doc/openvpn.8 b/doc/openvpn.8
index 23cc789..b9eee0d 100644
--- a/doc/openvpn.8
+++ b/doc/openvpn.8
 <at>  <at>  -670,18 +670,28  <at>  <at>  peer on its new IP address.
 .\"*********************************************************
 .TP
 .B \-\-port port
-TCP/UDP port number or port name for both local and remote.  The current
+TCP/UDP port number or port name for both local and remote (sets both
+.B \-\-lport
+and
+.B \-\-rport
+options to given port).  The current
 default of 1194 represents the official IANA port number
 assignment for OpenVPN and has been used since version 2.0-beta17.
 Previous versions used port 5000 as the default.
 .\"*********************************************************
 .TP
 .B \-\-lport port
-TCP/UDP port number or name for bind.
+Set local TCP/UDP port number or name.  Cannot be used together with
(Continue reading)

Samuli Seppänen | 18 May 10:38 2015
Picon

Fwd: monit alert -- Resource limit matched rootfs

Hi,

Diskspace on git.openvpn.in is running out real soon...

Samuli


-------- Messaggio Inoltrato -------- Oggetto: Data: Mittente: A:
monit alert -- Resource limit matched rootfs
Sun, 17 May 2015 14:03:22 GMT
monit <at> git.openvpn.in
status <at> openvpn.in


Resource limit matched Service rootfs Date: Sun, 17 May 2015 14:03:22 Action: alert Host: git.openvpn.in Description: space usage 97.6% matches resource limit [space usage>90.0%] Your faithful employee, Monit

------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Gmane