Samuli Seppänen | 15 Apr 18:59 2014
Picon

Tap-windows6 (NDIS 6) installer available for testing

Hi all,

A tap-windows6 installer is now available for download here:

<http://build.openvpn.net/downloads/releases/tap-windows-9.21.0.exe>

Some instructions and notes are available here:

<http://build.openvpn.net/downloads/releases/tap-windows-9.21.0.exe.txt>

The GPG signature is here:

<http://build.openvpn.net/downloads/releases/tap-windows-9.21.0.exe.asc>

The driver has been tested on Windows 7 64-bit and it "seems to work
ok". If you test this driver please let me know if it works - or if it
does not.

I will soon create separate OpenVPN 2.3.x builds with this NDIS 6 driver
for use with Windows Vista and above.

--

-- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock

------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
(Continue reading)

Gert Doering | 15 Apr 13:00 2014
Picon

RFD: "--ignore-ipv6-failure" switch

Hi,

a few of my users are driving me nuts, by unchecking "[ ] IPv6" in their
windows TAP adapter settings, and then complaining that their OpenVPN
is not connecting to this customers' server properly (because netsh.exe
fails to add an IPv6 address, and this is considered fatal).

Now, I don't actually *need* IPv6 there yet, but I want to have the
infrastructure fully ready when the first customer comes asking for
"will your product do IPv6?" - so I do not want to turn off IPv6 on
the server, but for this sort of users, it would be good enough for
now to disable IPv6 on the openvpn client, or just make it "ignore that
error".

So I propose to add an option (yay)

  --ignore-ipv6-failure

or such, which would make the failure to ifconfig/netsh.exe/... IPv6
addresses a non-fatal error - log warning, unset tun_ipv6 (so routes are
not installed, which wouldn't work anyway), go ahead.

This would be pushable, so I can send it to problematic clients by means
of CCD/ - and thus I also know who needs personal attention later on,
when I can lay my hand on their laptops.

Comments?

gert
--

-- 
(Continue reading)

Samuli Seppänen | 14 Apr 10:13 2014
Picon

OpenVPN PolarSSL builds?

Hi,

Currently all of the binary builds we provide[*] are linked to OpenSSL.
Would having both OpenSSL and PolarSSL builds make sense (e.g. starting
with 2.4)?

--

-- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock

[*] For Windows, Debian, Ubuntu

------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
Piotr Zborowski | 13 Apr 19:24 2014
Picon

[PATCH] fixed typo in tray tooltip (polish language)

Signed-off-by: Piotr Zborowski <pzborowski <at> users.sf.net>
---
 res/openvpn-gui-res-pl.rc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/res/openvpn-gui-res-pl.rc b/res/openvpn-gui-res-pl.rc
index 8a00dbf..943e967 100644
--- a/res/openvpn-gui-res-pl.rc
+++ b/res/openvpn-gui-res-pl.rc
 <at>  <at>  -158,7 +158,7  <at>  <at>  BEGIN
     IDS_TIP_DEFAULT "OpenVPN GUI "
     IDS_TIP_CONNECTED "\nPołączony z: "
     IDS_TIP_CONNECTING "\nŁączenie z: "
-    IDS_TIP_CONNECTED_SINCE "\nPołączony z: "
+    IDS_TIP_CONNECTED_SINCE "\nPołączony od: "
     IDS_TIP_ASSIGNED_IP "\nPrzyznane IP: %s"
     IDS_MENU_SERVICE "Usługa OpenVPN"
     IDS_MENU_SETTINGS "Ustawienia…"
--

-- 
1.9.0.msysgit.0

---
Ta wiadomość e-mail jest wolna od wirusów i złośliwego oprogramowania, ponieważ ochrona avast!
Antivirus jest aktywna.
http://www.avast.com

------------------------------------------------------------------------------
Put Bad Developers to Shame
Dominate Development with Jenkins Continuous Integration
Continuously Automate Build, Test & Deployment 
(Continue reading)

Gert Doering | 13 Apr 17:26 2014
Picon

RFD: ssl library version numbers

Hi,

OpenVPN does not currently report the version of the SSL library it is
using - which I'm not sure whether it's by design or just because nobody
ever added it.  Anyway, right now I think we need it, to help future
cases.

There are a few questions that go along with that, which I want to discuss
here :-)

- shall we report compile-time versions as well, or only run-time version?

  Like:

	OpenSSL compile version='OpenSSL 1.0.1f 6 Jan 2014'
		library version='OpenSSL 1.0.1g 7 Apr 2014'

  (this is on one of my test systems where I discovered an old OpenSSL
  installation, and upgraded *after* I built the OpenVPN binary)

  While I always like seeing numbers, I think the compile-time version is
  not actually that useful - if the ABI is not compatible, it will break,
  and if it is, the library version is what is relevant.

- how do I get the library version for PolarSSL?

- shall we report the library version to the server, e.g. in the form of

   IV_SSL=OpenSSL 1.0.1f
   IV_SSL=PolarSSL 1.2.8
(Continue reading)

Gert Doering | 13 Apr 13:43 2014
Picon

[PATCH] Fix SOCKSv5 method selection

From: Yawning Angel <yawning <at> schwanenlied.me>

So, RFC 1928 doesn't say anything about the METHODS field in the Method
Selection message being ordered in terms of preference or anything, and
the server is free to pick any of the METHODS offered by the client.

Always sending a Method Selection message with NO AUTHENTICATION REQUIRED
and USERNAME/PASSWORD set is broken on two fronts:

 * If the OpenVPN client can't handle the server picking USERNAME/PASSWORD
   due to the credentials being missing, it shouldn't offer it to the server.

 * If the OpenVPN client has credentials, then it should always attempt to
   authenticate.  This is a security product.  "You can misconfigure it and
   it will work" is not acceptable.  Setting a username/password when the
   SOCKS server doesn't require/support that as an option is the user not
   configuring it correctly, and should be treated as such.

Also verify that the SOCKS server returned the auth that was requested.
---
 src/openvpn/socks.c | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/src/openvpn/socks.c b/src/openvpn/socks.c
index 1551da8..5cd27ac 100644
--- a/src/openvpn/socks.c
+++ b/src/openvpn/socks.c
 <at>  <at>  -190,9 +190,12  <at>  <at>  socks_handshake (struct socks_proxy_info *p,
   int len = 0;
   const int timeout_sec = 5;
(Continue reading)

Gert Doering | 13 Apr 13:15 2014
Picon

github pull 15 / Fix typo in build script to use LDFLAGS

From 553ca06af9e9c2daa8acfa36988aac0b8ed5dab4 Mon Sep 17 00:00:00 2001
From: kangsterizer <kang <at> insecure.ws>
Date: Thu, 10 Apr 2014 11:23:24 -0700
Subject: [PATCH] Fix typo in build script to use LDFLAGS

---
 sample/sample-plugins/defer/build | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sample/sample-plugins/defer/build b/sample/sample-plugins/defer/build
index 0612c08..ba41a39 100755
--- a/sample/sample-plugins/defer/build
+++ b/sample/sample-plugins/defer/build
 <at>  <at>  -12,4 +12,4  <at>  <at>  CC="${CC:-gcc}"
 CFLAGS="${CFLAGS:--O2 -Wall -g}"

 $CC $CPPFLAGS $CFLAGS -fPIC -c $1.c && \
-$CC $CFLAGS -fPIC -shared ${LDFLAS} -Wl,-soname,$1.so -o $1.so $1.o -lc
+$CC $CFLAGS -fPIC -shared ${LDFLAGS} -Wl,-soname,$1.so -o $1.so $1.o -lc
-- 
1.9.1

--

-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert <at> greenie.muc.de
fax: +49-89-35655025                        gert <at> net.informatik.tu-muenchen.de
------------------------------------------------------------------------------
(Continue reading)

Kevin Cernekee | 13 Apr 07:16 2014
Picon

[PATCH 0/3] Support non-root operation using ocproxy

Sometimes it is desirable to establish VPN connections without setting
up a kernel tun/tap device.  Possible use cases include:

 - Routing traffic from different applications through different VPNs.

 - Connecting to multiple VPNs (clients, sites, ...) that have
   overlapping IP ranges.

 - Connecting to multiple VPNs that each advertise their own default
   route and/or DNS settings.

 - Situations in which direct access to the VPN from all processes/UIDs
   is not necessarily wanted, impairs performance, or presents an
   unacceptable risk of intrusion or data leakage.

 - Multiuser systems or container-based VPSes.

 - Other situations in which the openvpn user or program is not trusted
   to reconfigure a tun/tap device.

For a long time, OpenConnect has had the ability to run as non-root[1],
redirecting VPN traffic to/from a helper program over a socketpair.
ocproxy[2] was written to take advantage of this interface.  Now I am
submitting changes to allow openvpn to be used in a similar manner.
Sample usage:

openvpn --config foo.ovpn \
        --script-security 2 \
        --dev "|/usr/bin/ocproxy -L 2222:unix-host:22 -D 11080"

(Continue reading)

Lisa Minogue | 13 Apr 05:42 2014
Picon

Openvpn 2.3.3 (community edition) and "Socks V5 method selection"

Hello

I would like to know if the latest version of Openvpn 2.3.3 (community edition) has incorporated the fix for
"Socks V5 method selection" flaw? If not, when does Openvpn plan to incorporate it?

For more information please click the following links:

https://lists.torproject.org/pipermail/tor-dev/2014-March/006427.html
https://github.com/Yawning/openvpn/commit/7474f1acfc
-----------------------------------------------------
Mail.be, WebMail and Virtual Office
http://www.mail.be

------------------------------------------------------------------------------
Put Bad Developers to Shame
Dominate Development with Jenkins Continuous Integration
Continuously Automate Build, Test & Deployment 
Start a new project now. Try Jenkins in the cloud.
http://p.sf.net/sfu/13600_Cloudbees
arno.odermatt | 11 Apr 09:26 2014

Q: Multi threading and roadmap

Hi,

I found the roadmap https://community.openvpn.net/openvpn/wiki/RoadMap, where the thoughts about Monolithic architecture vs. "scaling OpenVPN across threads " have been discussed.

Will the aspects of OpenVPN (3.x??)  to be capable to run in multi thread mode be available some when soon?

Thank you for any reply







******************************************************
Notice: The information contained in this message is intended only for use of the individual(s) named above and may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you are not the intended recipient of this message you are hereby notified that you must not use, disseminate , copy it in any form or take any action in reliance of it. If you have received this message in error please delete it and any copies of it and notify the sender immediately.
*******************************************************
------------------------------------------------------------------------------
Put Bad Developers to Shame
Dominate Development with Jenkins Continuous Integration
Continuously Automate Build, Test & Deployment 
Start a new project now. Try Jenkins in the cloud.
http://p.sf.net/sfu/13600_Cloudbees
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Samuli Seppänen | 10 Apr 20:03 2014
Picon

Debian/Ubuntu packages for OpenVPN 2.3.3 released

Hi,

I just pushed OpenVPN 2.3.3 packages to our apt repos[*]. They come in
i386 and amd64 flavors for the following operating systems:

Debian 6.x/7.x
Ubuntu 10.04/12.04/13.04/13.10

I tested these packages lightly on Debian 6, Debian 7 and Ubuntu 12.04.
I will add Ubuntu 14.04 packages soon. If you encounter any problems
with these packages let me know!

--

-- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock

[*] <https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos>

------------------------------------------------------------------------------
Put Bad Developers to Shame
Dominate Development with Jenkins Continuous Integration
Continuously Automate Build, Test & Deployment 
Start a new project now. Try Jenkins in the cloud.
http://p.sf.net/sfu/13600_Cloudbees

Gmane