Heiko Hund | 24 Jun 18:01 2016
Gravatar

[PATCH] Windows: do_ifconfig() after open_tun()

When you had multiple TAP adapters and IPv6 configured you got an error
message about "you must also specify --dev-node" and openvpn exited.
Very inconvenient especially since this is only due to the fact that
Windows tries to set the adapter address before it is opened; for no
good reason.

This patch changes the order to IFCONFIG_AFTER_TUN_OPEN, moves some
initialization code to init_tun, where it belongs, and removes duplicate
code that is now no longer needed.

Signed-off-by: Heiko Hund <heiko.hund <at> sophos.com>
---
 src/openvpn/tun.c | 56 ++++++++++++++++++-------------------------------------
 src/openvpn/tun.h |  2 +-
 2 files changed, 19 insertions(+), 39 deletions(-)

diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index b7a29f7..4a11d10 100644
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
 <at>  <at>  -611,6 +611,21  <at>  <at>  init_tun (const char *dev,       /* --dev option */
 	  tt->broadcast = generate_ifconfig_broadcast_addr (tt->local, tt->remote_netmask);
 	}

+#ifdef WIN32
+      /*
+       * Make sure that both ifconfig addresses are part of the
+       * same .252 subnet.
+       */
+      if (tun)
(Continue reading)

Gert Doering | 24 Jun 16:05 2016
Picon

brainstorming: t_client system test equivalent for windows?

Hi,

a new patch set from Heiko is coming up, which is going to change the
"IFCONFIG_BEFORE_TUN_OPEN" to "what everyone else does" (because what
we currently have is older than anyone remembers, and makes life much
more complicated than needed).

Now, we are not currently properly testing Windows - on the unix systems,
I'd build a t_client.rc test set with like 5 extra tests for "--route-method
adaptive/ipapi/exe", "IPv4 only", "IPv6 and IPv6", interactive service
or not, etc. - but I'm not sure what the best way is to do this on
windows.

Would "use mingw/msys bash" work for stuff like "put regular openvpn.exe
into background with 'openvpn.exe & pid=$! ' and kill with "kill $opid"?

I have been toying with the idea of replacing t_client.sh with a perl
script that uses the management interface to control openvpn (at least
the "has our startup finished?  have we exploded?  shutdown orderly now!"
bits...) - but that's also not trivially implemented as one would have
to redo the whole "look at ifconfig/route output and parse in a system
dependent way" - and test on a gazillion of platforms :-)

So... other ideas?  Selva, Valdikss, how do you test windows builds?

Jens, since you have dived into t_client improvements - any nice ideas
how to make this happen with "reasonable effort"?

gert
--

-- 
(Continue reading)

Илья Шипицин | 23 Jun 15:07 2016
Picon

windows installer: choosing x86/x64 and NDIS5/NDIS6

Hello,

we used to enroll our own installer, and we bundled both x86 and x64 into single installer

it was easy, several blocks

${If} ${RunningX64}
....
${Else}
...
${EndIf}


we are going to pack NDIS5/NDIS6 the same way. in order to choose proper installer automatically, not to put that decision to user.

if there's an interest, I can make some PR on that.

Cheers,
Ilya Shipitsin

------------------------------------------------------------------------------
Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
David Sommerseth | 23 Jun 10:23 2016
Picon

Re: [PATCH 3/3] Clarify which Windows versions require which TUN/TAP driver

On 22/06/16 19:19, Илья Шипицин wrote:
> we use ndis5 on windows 10.

If the rumours I've heard are right, NDIS5 support will disappear in
some Windows updates.  The very first rumours was that it would
disappear in Win 8.2 (whatever that version ended up as), but Microsoft
might have delayed the deprecation a bit longer.

On a more general note, please use the NDIS6 (tap6) driver instead, as
that is what gets most of the attention these days and it does need far
more testing.  We really do want the old NDIS5 drive to die.  My opinion
is that once OpenVPN 2.4 will be released, we should stop shipping the
NDIS5 driver when git master begins to target for
OpenVPN 2.5.

-- 
kind regards,

David Sommerseth

> 2016-06-22 22:14 GMT+05:00 Samuli Seppänen <samuli <at> openvpn.net
> <mailto:samuli <at> openvpn.net>>:
> 
>     I have not actually tested tap-windows (NDIS 5) on Windows 10, but I
>     believe NDIS 5 support was removed from Windows 10 a while back. If
>     NDIS 5 drivers still work for Windows 10 then I can definitely
>     reword this part.
> 
>         why "must" for windows 10 ?
> 
>         2016-06-22 22:06 GMT+05:00 <samuli <at> openvpn.net
>         <mailto:samuli <at> openvpn.net> <mailto:samuli <at> openvpn.net
>         <mailto:samuli <at> openvpn.net>>>:
> 
>             From: Samuli Seppänen <samuli <at> openvpn.net
>         <mailto:samuli <at> openvpn.net> <mailto:samuli <at> openvpn.net
>         <mailto:samuli <at> openvpn.net>>>
> 
>             Signed-off-by: Samuli Seppänen <samuli <at> openvpn.net
>         <mailto:samuli <at> openvpn.net>
>             <mailto:samuli <at> openvpn.net <mailto:samuli <at> openvpn.net>>>
> 
>             ---
>              INSTALL | 8 ++++----
>              1 file changed, 4 insertions(+), 4 deletions(-)
> 
>             diff --git a/INSTALL b/INSTALL
>             index 42f78d8..334d0e6 100644
>             --- a/INSTALL
>             +++ b/INSTALL
>              <at>  <at>  -298,13 +298,13  <at>  <at>  TUN/TAP Driver Configuration:
> 
>                  http://www.whiteboard.ne.jp/~admin2/tuntap/
> 
>             -* Windows XP/2003/Vista/7:
>             +* Windows
> 
>                OpenVPN on Windows needs a TUN/TAP kernel driver to work.
>         OpenVPN
>             installers
>                include this driver, so installing it separately is not
>         usually
>             required.
>             -  The driver source code is available here:
>             -
>             -    https://github.com/OpenVPN/tap-windows
>             +  Windows XP/2003 must use the NDIS 5 (tap-windows) driver,
>         whereas
>             more recent
>             +  Windows versions should (Vista to 8.1) or must (Windows
>         10) use
>             the NDIS 6
>             +  driver (tap-windows6) instead.
> 
>            
>          *************************************************************************
> 
>             --
>             2.1.4
> 

------------------------------------------------------------------------------
Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Selva Nair | 23 Jun 04:42 2016
Picon

[PATCH] Return process id of openvpn from interactive service to client

- The process id is returned as a message formatted in the same manner
  as error messages from the service to the client: i.e., a three-line
  message with pid formatted as 0x%08x on line 1, "Process Id" on
  line 2 and a blank line 3.

This provides a way for service clients to check the status of openvpn
and terminate it without needing management interface or exit event.
Useful when the interactive service is used from a launch script, or
to force-terminate openvpn from the GUI if/when needed.

Signed-off-by: Selva Nair <selva.nair <at> gmail.com>
---
 src/openvpnserv/interactive.c |   14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/src/openvpnserv/interactive.c b/src/openvpnserv/interactive.c
index 2453f17..c80a181 100644
--- a/src/openvpnserv/interactive.c
+++ b/src/openvpnserv/interactive.c
 <at>  <at>  -230,6 +230,18  <at>  <at>  WritePipeAsync (HANDLE pipe, LPVOID data, DWORD size, DWORD count, LPHANDLE even
   return AsyncPipeOp (write, pipe, data, size, count, events);
 }

+static VOID
+ReturnProcessId (HANDLE pipe, DWORD pid, DWORD count, LPHANDLE events)
+{
+  const WCHAR msg[] = L"\nProcess ID\n";
+  WCHAR buf[10 + _countof(msg)]; /* 10 characters for the pid in 0x%08x format */
+
+  /* A 3-line string like an error message but with pid in place of error number */
+  _snwprintf (buf, _countof(buf), L"0x%08x%s", pid, msg);
+  buf[_countof(buf) - 1] = '\0';
+
+  WritePipeAsync (pipe, buf, wcslen (buf) * 2, count, events);
+}

 static VOID
 ReturnError (HANDLE pipe, DWORD error, LPCWSTR func, DWORD count, LPHANDLE events)
 <at>  <at>  -1293,6 +1305,8  <at>  <at>  RunOpenvpn (LPVOID p)
       goto out;
     }

+  ReturnProcessId (pipe, proc_info.dwProcessId, 1, &exit_event);
+
   CloseHandleEx (&stdout_write);
   CloseHandleEx (&stdin_read);
   CloseHandleEx (&svc_pipe);
--

-- 
1.7.10.4

------------------------------------------------------------------------------
Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape
samuli | 22 Jun 19:06 2016
Picon

[PATCH 1/3] Mention tap-windows6 in INSTALL file

From: Samuli Seppänen <samuli <at> openvpn.net>

Signed-off-by: Samuli Seppänen <samuli <at> openvpn.net>
---
 INSTALL | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/INSTALL b/INSTALL
index 2401f7c..42f78d8 100644
--- a/INSTALL
+++ b/INSTALL
 <at>  <at>  -30,10 +30,14  <at>  <at>  To download easy-rsa go to:

     https://github.com/OpenVPN/easy-rsa

-To download tap-windows driver source code go to:
+To download tap-windows (NDIS 5) driver source code go to:

     https://github.com/OpenVPN/tap-windows

+To download tap-windows (NDIS 6) driver source code go to:
+
+    https://github.com/OpenVPN/tap-windows6
+
 To get the cross-compilation environment go to:

     https://github.com/OpenVPN/openvpn-build
--

-- 
2.1.4

------------------------------------------------------------------------------
Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Илья Шипицин | 20 Jun 18:43 2016
Picon

https://github.com/OpenVPN/openvpn-build/blob/master/generic/mingw64/build ?

Hello,


there is separate build in mingw64 folder.
what is it for ?

Cheers,
Ilya Shipitsin
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports. http://sdm.link/zohomanageengine
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Илья Шипицин | 20 Jun 11:08 2016
Picon

openvpn/openvpn-build

Hello,

I see issues are closed at https://github.com/openvpn/openvpn-build
what is preffered way of reporting bugs ?

somehow, I managed to run it on cygwin without wget installed (I installed curl),
so I see 'curl' branch is broken, curl does not follow redirects

do we really need both wget and curl there ?

I'd remove curl at all, it will make scripts more readable and predictible. Or, ok, remove wget.

actually, we can fix it. and even I'll expand travis-ci matrix for curl/wget, but I do not really understand why do we need both wget and curl there.

Cheers,
Ilya Shipitsin
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports. http://sdm.link/zohomanageengine
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Samuel Thibault | 19 Jun 21:45 2016
Gravatar

Adding "protocol static" to Linux routes?

Hello,

Here we used two openvpn servers for resiliency, and we use the bird
bgp daemon to make the two boxes exchange routes. Bird however does not
pick up openvpn's routes because they are considered as "protocol boot"
in Linux' "ip route" terms, i.e. they are assumed to be an automatic
configuration, and not an administratively-configured route (see the
protocol RTPROTO part of man ip-route for the details).

So we need the attached change, which just adds "protocol static", to
express that the routes created by openvpn are to override other
dynamic routing.

What do you think?

Samuel
diff --git a/src/openvpn/route.c b/src/openvpn/route.c
index a90195f..62ea633 100644
--- a/src/openvpn/route.c
+++ b/src/openvpn/route.c
 <at>  <at>  -1418,7 +1418,7  <at>  <at>  add_route (struct route_ipv4 *r,

 #if defined(TARGET_LINUX)
 #ifdef ENABLE_IPROUTE
-  argv_printf (&argv, "%s route add %s/%d",
+  argv_printf (&argv, "%s route add %s/%d protocol static",
   	      iproute_path,
 	      network,
               netmask_to_netbits2(r->netmask));
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports. http://sdm.link/zohomanageengine
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Илья Шипицин | 19 Jun 10:41 2016
Picon

what is the best way of skipping tests when openvpn configured --disable-crypto ?

Hello,

when playing with travis-ci, I encountered that t_lpback.sh and t_cltsrv.sh fails on "make check" if openvpn is configured with --disable-crypto (because --genkey is not available)

what would be the best ?

1) run 'openvpn --help' and grep for --genkey ?
2) check exit code of 'openvpn --genkey' ?
3) run 'openvpn --show-ciphers' and see it is empty ?
4) somehow determine exact configure options ? (I haven't found a way yet)

Cheers,
Ilya Shipitsin

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports. http://sdm.link/zohomanageengine
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Arne Schwabe | 17 Jun 14:47 2016
Gravatar

[PATCH] Remove http-proxy-retry and socks-proxy-retry

---
 Changes.rst           |  2 ++
 src/openvpn/init.c    |  4 +---
 src/openvpn/options.c | 13 ++++---------
 src/openvpn/options.h |  1 -
 src/openvpn/proxy.c   |  3 +--
 src/openvpn/proxy.h   |  1 -
 src/openvpn/socks.c   | 10 +++-------
 src/openvpn/socks.h   |  4 +---
 8 files changed, 12 insertions(+), 26 deletions(-)

diff --git a/Changes.rst b/Changes.rst
index ab322e2..f43f057 100644
--- a/Changes.rst
+++ b/Changes.rst
 <at>  <at>  -113,6 +113,9  <at>  <at>  User-visible Changes
   proxies graciously.  The old "fail TCP fast" behaviour can be achieved by
   adding "--connect-timeout 10" to the client config.

+- --http-proxy-retry and --sock-proxy-retry have been removed. Proxy 
+  connections will now behave like regular connection entries and
+  generate a USR1 on failure.

 Maintainer-visible changes
 --------------------------
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 58b95aa..498d36f 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
 <at>  <at>  -138,7 +138,6  <at>  <at>  management_callback_proxy_cmd (void *arg, const char **p)
           ho = init_http_proxy_options_once (&ce->http_proxy_options, gc);
           ho->server = string_alloc (p[2], gc);
           ho->port = string_alloc (p[3], gc);
-          ho->retry = true;
           ho->auth_retry = (p[4] && streq (p[4], "nct") ? PAR_NCT : PAR_ALL);
           ret = true;
         }
 <at>  <at>  -473,8 +472,7  <at>  <at>  init_proxy_dowork (struct context *c)
     {
       c->c1.socks_proxy = socks_proxy_new (c->options.ce.socks_proxy_server,
 					   c->options.ce.socks_proxy_port,
-					   c->options.ce.socks_proxy_authfile,
-					   c->options.ce.socks_proxy_retry);
+					   c->options.ce.socks_proxy_authfile);
       if (c->c1.socks_proxy)
 	{
 	  c->c1.socks_proxy_owned = true;
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 313fd94..0aa1b61 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
 <at>  <at>  -135,7 +135,6  <at>  <at>  static const char usage_message[] =
   "--http-proxy s p 'auto[-nct]' : Like the above directive, but automatically\n"
   "                  determine auth method and query for username/password\n"
   "                  if needed.  auto-nct disables weak proxy auth methods.\n"
-  "--http-proxy-retry     : Retry indefinitely on HTTP proxy errors.\n"
   "--http-proxy-option type [parm] : Set extended HTTP proxy options.\n"
   "                                  Repeat to set multiple options.\n"
   "                  VERSION version (default=1.0)\n"
 <at>  <at>  -1329,7 +1328,6  <at>  <at>  show_http_proxy_options (const struct http_proxy_options *o)
   SHOW_STR (port);
   SHOW_STR (auth_method_string);
   SHOW_STR (auth_file);
-  SHOW_BOOL (retry);
   SHOW_STR (http_version);
   SHOW_STR (user_agent);
   for  (i=0; i < MAX_CUSTOM_HTTP_HEADER && o->custom_headers[i].name;i++)
 <at>  <at>  -1397,7 +1395,6  <at>  <at>  show_connection_entry (const struct connection_entry *o)
     show_http_proxy_options (o->http_proxy_options);
   SHOW_STR (socks_proxy_server);
   SHOW_STR (socks_proxy_port);
-  SHOW_BOOL (socks_proxy_retry);
   SHOW_INT (tun_mtu);
   SHOW_BOOL (tun_mtu_defined);
   SHOW_INT (link_mtu);
 <at>  <at>  -1749,7 +1746,6  <at>  <at>  parse_http_proxy_override (const char *server,
       ALLOC_OBJ_CLEAR_GC (ho, struct http_proxy_options, gc);
       ho->server = string_alloc(server, gc);
       ho->port = port;
-      ho->retry = true;
       if (flags && !strcmp(flags, "nct"))
 	ho->auth_retry = PAR_NCT;
       else
 <at>  <at>  -5216,10 +5212,9  <at>  <at>  add_option (struct options *options,
     }
   else if (streq (p[0], "http-proxy-retry") && !p[1])
     {
-      struct http_proxy_options *ho;
       VERIFY_PERMISSION (OPT_P_GENERAL|OPT_P_CONNECTION);
-      ho = init_http_proxy_options_once (&options->ce.http_proxy_options, &options->gc);
-      ho->retry = true;
+      msg (M_WARN, "DEPRECATED OPTION: http-proxy-retry: In OpenVPN 2.4 proxy connection retries are handled"
+             "like regular tcp connects");
     }
   else if (streq (p[0], "http-proxy-timeout") && p[1] && !p[2])
     {
 <at>  <at>  -5292,8 +5287,8  <at>  <at>  add_option (struct options *options,
   else if (streq (p[0], "socks-proxy-retry") && !p[1])
     {
       VERIFY_PERMISSION (OPT_P_GENERAL|OPT_P_CONNECTION);
-      options->ce.socks_proxy_retry = true;
-    }
+      msg (M_WARN, "DEPRECATED OPTION: http-proxy-retry: In OpenVPN 2.4 proxy connection retries are handled"
+        "like regular tcp connects");    }
   else if (streq (p[0], "keepalive") && p[1] && p[2] && !p[3])
     {
       VERIFY_PERMISSION (OPT_P_GENERAL);
diff --git a/src/openvpn/options.h b/src/openvpn/options.h
index 78e4fe0..7bb36c9 100644
--- a/src/openvpn/options.h
+++ b/src/openvpn/options.h
 <at>  <at>  -101,7 +101,6  <at>  <at>  struct connection_entry
   const char *socks_proxy_server;
   const char *socks_proxy_port;
   const char *socks_proxy_authfile;
-  bool socks_proxy_retry;

   int tun_mtu;           /* MTU of tun device */
   bool tun_mtu_defined;  /* true if user overriding parm with command line option */
diff --git a/src/openvpn/proxy.c b/src/openvpn/proxy.c
index b051355..7248519 100644
--- a/src/openvpn/proxy.c
+++ b/src/openvpn/proxy.c
 <at>  <at>  -941,9 +941,8  <at>  <at>  establish_http_proxy_passthru (struct http_proxy_info *p,
   return ret;

  error:
-  /* on error, should we exit or restart? */
   if (!*signal_received)
-    *signal_received = (p->options.retry ? SIGUSR1 : SIGTERM); /* SOFT-SIGUSR1 -- HTTP proxy error */
+    *signal_received = SIGUSR1; /* SOFT-SIGUSR1 -- HTTP proxy error */
   gc_free (&gc);
   return ret;
 }
diff --git a/src/openvpn/proxy.h b/src/openvpn/proxy.h
index f5b4519..b190a88 100644
--- a/src/openvpn/proxy.h
+++ b/src/openvpn/proxy.h
 <at>  <at>  -45,7 +45,6  <at>  <at>  struct http_custom_header {
 struct http_proxy_options {
   const char *server;
   const char *port;
-  bool retry;

 # define PAR_NO  0  /* don't support any auth retries */
 # define PAR_ALL 1  /* allow all proxy auth protocols */
diff --git a/src/openvpn/socks.c b/src/openvpn/socks.c
index a9d04ae..5a9ea6c 100644
--- a/src/openvpn/socks.c
+++ b/src/openvpn/socks.c
 <at>  <at>  -60,8 +60,7  <at>  <at>  socks_adjust_frame_parameters (struct frame *frame, int proto)
 struct socks_proxy_info *
 socks_proxy_new (const char *server,
 		 const char *port,
-		 const char *authfile,
-		 bool retry)
+		 const char *authfile)
 {
   struct socks_proxy_info *p;

 <at>  <at>  -78,7 +77,6  <at>  <at>  socks_proxy_new (const char *server,
   else
     p->authfile[0] = 0;

-  p->retry = retry;
   p->defined = true;

   return p;
 <at>  <at>  -470,9 +468,8  <at>  <at>  establish_socks_proxy_passthru (struct socks_proxy_info *p,
   return;

  error:
-  /* on error, should we exit or restart? */
   if (!*signal_received)
-    *signal_received = (p->retry ? SIGUSR1 : SIGTERM); /* SOFT-SIGUSR1 -- socks error */
+    *signal_received = SIGUSR1; /* SOFT-SIGUSR1 -- socks error */
   return;
 }

 <at>  <at>  -508,9 +505,8  <at>  <at>  establish_socks_proxy_udpassoc (struct socks_proxy_info *p,
   return;

  error:
-  /* on error, should we exit or restart? */
   if (!*signal_received)
-    *signal_received = (p->retry ? SIGUSR1 : SIGTERM); /* SOFT-SIGUSR1 -- socks error */
+    *signal_received = SIGUSR1; /* SOFT-SIGUSR1 -- socks error */
   return;
 }

diff --git a/src/openvpn/socks.h b/src/openvpn/socks.h
index 2475261..a2843b9 100644
--- a/src/openvpn/socks.h
+++ b/src/openvpn/socks.h
 <at>  <at>  -37,7 +37,6  <at>  <at>  struct link_socket_actual;

 struct socks_proxy_info {
   bool defined;
-  bool retry;

   char server[128];
   const char *port;
 <at>  <at>  -48,8 +47,7  <at>  <at>  void socks_adjust_frame_parameters (struct frame *frame, int proto);

 struct socks_proxy_info *socks_proxy_new (const char *server,
 					  const char *port,
-					  const char *authfile,
-					  bool retry);
+					  const char *authfile);

 void socks_proxy_close (struct socks_proxy_info *sp);

--

-- 
2.7.4 (Apple Git-66)

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports. http://sdm.link/zohomanageengine

Gmane