Gert Doering | 27 Jul 22:46 2015
Picon

[PATCH] Fix build on OpenSolaris (non-gmake)

Was broken in commit 9de35d4, missing backslash in include/Makefile.am

Signed-off-by: Gert Doering <gert <at> greenie.muc.de>
---
 include/Makefile.am | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/Makefile.am b/include/Makefile.am
index 70f20e9..c5a91b1 100644
--- a/include/Makefile.am
+++ b/include/Makefile.am
 <at>  <at>  -10,7 +10,7  <at>  <at> 
 #

 MAINTAINERCLEANFILES = \
-	$(srcdir)/Makefile.in
+	$(srcdir)/Makefile.in \
 	$(srcdir)/openvpn-plugin.h.in

 include_HEADERS = openvpn-plugin.h
--

-- 
2.3.6

------------------------------------------------------------------------------
Steffan Karger | 27 Jul 21:59 2015

[PATCH] Fix out-of-tree builds; openvpn-plugin.h should be in AC_CONFIG_HEADERS

Was broken in commit 9de35d4.

Signed-off-by: Steffan Karger <steffan <at> karger.me>
---
 configure.ac | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/configure.ac b/configure.ac
index 7bcbb7c..51ef93b 100644
--- a/configure.ac
+++ b/configure.ac
 <at>  <at>  -38,7 +38,7  <at>  <at>  AC_DEFINE([OPENVPN_VERSION_MINOR], [PRODUCT_VERSION_MINOR], [OpenVPN minor versi
 AC_DEFINE([OPENVPN_VERSION_PATCH], ["PRODUCT_VERSION_PATCH"], [OpenVPN patch level - may be a
string or integer])

 AC_CONFIG_AUX_DIR([.])
-AC_CONFIG_HEADERS([config.h])
+AC_CONFIG_HEADERS([config.h include/openvpn-plugin.h])
 AC_CONFIG_SRCDIR([src/openvpn/syshead.h])
 AC_CONFIG_MACRO_DIR([m4])

 <at>  <at>  -1229,7 +1229,6  <at>  <at>  AC_CONFIG_FILES([
 	distro/rpm/Makefile
 	distro/rpm/openvpn.spec
 	include/Makefile
-	include/openvpn-plugin.h
 	src/Makefile
 	src/compat/Makefile
 	src/openvpn/Makefile
--

-- 
(Continue reading)

Arne Schwabe | 27 Jul 17:33 2015

[PATCH] Fix commit e473b7c if an inline file happens to have a line break exactly at buffer limit

The check does only for strlen(line) space and buf_printf will only use at most space -1
and not print the final character ('\n') in this corner. Since a missing \n only breaks
certificates at the start and end marker, missing line breaks otherwise do not trigger this
error.
---
 src/openvpn/buffer.h  | 5 ++++-
 src/openvpn/options.c | 3 ++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/openvpn/buffer.h b/src/openvpn/buffer.h
index 5695f64..0dc511b 100644
--- a/src/openvpn/buffer.h
+++ b/src/openvpn/buffer.h
 <at>  <at>  -329,7 +329,10  <at>  <at>  has_digit (const unsigned char* src)
 }

 /*
- * printf append to a buffer with overflow check
+ * printf append to a buffer with overflow check,
+ * due to usage of vsnprintf, it will leave space for
+ * a final null character and thus use only
+ * capacity - 1
  */
 bool buf_printf (struct buffer *buf, const char *format, ...)
 #ifdef __GNUC__
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 93baa2b..737d9a2 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
 <at>  <at>  -3712,7 +3712,7  <at>  <at>  read_inline_file (struct in_src *is, const char *close_tag, struct gc_arena *gc)
(Continue reading)

Samuli Seppänen | 27 Jul 13:22 2015
Picon

Topics for today's (27th July 2015) community meeting

Hi,

We're going to have an IRC meeting today, 27th July, starting at
20:00 CEST (18:00 UTC) on #openvpn-devel <at> irc.freenode.net.
Current topic list along with basic information is here:

<https://community.openvpn.net/openvpn/wiki/Topics-2015-07-27>

If you have any other things you'd like to bring up, respond to this
mail, send me mail privately or add them to the list yourself.

In case you can't attend the meeting, please feel free to make comments
on the topics by responding to this email or to the summary email sent
after the meeting. Whenever possible, we'll also respond to existing,
related email threads.

NOTE: It's required to use a registered Freenode IRC nickname to join
#openvpn-devel - look here for details:

<https://community.openvpn.net/openvpn/wiki/GettingHelp#DeveloperIRCchannel>

--

-- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock

------------------------------------------------------------------------------
(Continue reading)

Steffan Karger | 26 Jul 21:21 2015

Re: [PATCH] reintroduce md5_digest wrapper struct to fix gcc warnings

On Sun, Jul 26, 2015 at 4:41 PM, David Sommerseth
<openvpn.list <at> topphemmelig.net> wrote:
> On 26/07/15 13:27, Steffan Karger wrote:
>> I was wrong to assume that adding the const qualifier to the pointer-to-
>> fixed-size-array contruction used in options_hash_changed_or_zero() was
>> allowed.  GCC actually warns about this, but I was using clang and clang
>> seems to be fine with the contruction.  To make GCC happy too, reintroduce
>> the md5_digest wrapped struct, and use that when passing around the digest.
>>
>> Signed-off-by: Steffan Karger <steffan <at> karger.me>
>
> On holiday these days, so too lazy to check the git commit log ... but is this
> a revert of a single commit?  If so, having a reference to that commit would
> be beneficial to include in this commit message.

It doesn't really revert a commit, since the commit that introduced
this changed a lot more code. But it indeed does make sense to
reference it explicitly. Gert, could you include a reference to
827de237860813d2859aaae3aca292d42a9c2a82 in the commit msg?

-Steffan

------------------------------------------------------------------------------
Steffan Karger | 26 Jul 13:27 2015

[PATCH] reintroduce md5_digest wrapper struct to fix gcc warnings

I was wrong to assume that adding the const qualifier to the pointer-to-
fixed-size-array contruction used in options_hash_changed_or_zero() was
allowed.  GCC actually warns about this, but I was using clang and clang
seems to be fine with the contruction.  To make GCC happy too, reintroduce
the md5_digest wrapped struct, and use that when passing around the digest.

Signed-off-by: Steffan Karger <steffan <at> karger.me>
---
 src/openvpn/crypto.h  |  5 +++++
 src/openvpn/init.c    | 12 ++++++------
 src/openvpn/openvpn.h |  4 ++--
 src/openvpn/push.c    |  2 +-
 4 files changed, 14 insertions(+), 9 deletions(-)

diff --git a/src/openvpn/crypto.h b/src/openvpn/crypto.h
index 504896d..b32a900 100644
--- a/src/openvpn/crypto.h
+++ b/src/openvpn/crypto.h
 <at>  <at>  -108,6 +108,11  <at>  <at> 
 #include "packet_id.h"
 #include "mtu.h"

+/** Wrapper struct to pass around MD5 digests */
+struct md5_digest {
+  uint8_t digest[MD5_DIGEST_LENGTH];
+};
+
 /*
  * Defines a key type and key length for both cipher and HMAC.
  */
(Continue reading)

debbie10t | 25 Jul 14:34 2015
Picon

Docs or Bug: --push options no longer require double quotes

Hi

As the title states --push no longer requires options to be double quoted.

First tests:
https://forums.openvpn.net/topic19323.html#p53583

Sebsequent tests
Windows 2.3.7 i686-w64-mingw32 as either server or client
Linux 2.3.7 i486-pc-linux-gnu as either server or client
Linux git master as either server or client

>From server config or CCD file

No errors generated

Options tested (Server and CCD )
push route-delay 5
push route 192.168.222.0 255.255.255.0
push comp-lzo no

Client log:
PUSH: Received control message: 'PUSH_REPLY,route-delay 5,route 
192.168.222.0 255.255.255.0,comp-lzo no,

Is this a bug or a new feature or other ?

Thanks

------------------------------------------------------------------------------
(Continue reading)

li yuqian | 24 Jul 10:40 2015

Does Openvpn really support cryptodev hardware accelerators

Hi,

I am working on try use the cryptodev hardware accelerator in Openvpn, i know this question is belong to user list, but i got confused for the issue, so, i think maybe need developer to help :) 

I have two boards, one is Freescale LS1021a ARM cpu, another one is INTEL E3815 cpu, both of them i can enable the cryptodev hardware accelerator, and tested them in openssl, it working good when enabled the cryptodev, i can got about 72 times performance improved with command "openssl speed -evp aes-128-cbc", here is a INTEL cpu test result
----------
with cryptodev support:
----------
root <at> ubuntu:/etc/openvpn# /usr/local/ssl/bin/openssl speed -evp aes-128-cbc
Doing aes-128-cbc for 3s on 16 size blocks: 1324358 aes-128-cbc's in 0.47s
Doing aes-128-cbc for 3s on 64 size blocks: 986320 aes-128-cbc's in 0.33s
Doing aes-128-cbc for 3s on 256 size blocks: 487522 aes-128-cbc's in 0.19s
Doing aes-128-cbc for 3s on 1024 size blocks: 157636 aes-128-cbc's in 0.05s
Doing aes-128-cbc for 3s on 8192 size blocks: 22318 aes-128-cbc's in 0.01s
OpenSSL 1.0.2 22 Jan 2015
built on: reproducible build, date unspecified
options:bn(64,64) rc4(16x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx)
compiler: gcc -I. -I.. -I../include  -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DHAVE_CRYPTODEV -DUSE_CRYPTDEV_DIGESTS -Wa,--noexecstack -m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-128-cbc      45084.53k   191286.30k   656871.75k  3228385.28k 18282905.60k
root <at> ubuntu:/etc/openvpn#
----------
without  cryptodev support:
----------
root <at> ubuntu:/etc/openvpn# /usr/local/ssl/bin/openssl speed -evp aes-128-cbc
Doing aes-128-cbc for 3s on 16 size blocks: 29624370 aes-128-cbc's in 2.99s
Doing aes-128-cbc for 3s on 64 size blocks: 10070739 aes-128-cbc's in 3.01s
Doing aes-128-cbc for 3s on 256 size blocks: 2846673 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 1024 size blocks: 735685 aes-128-cbc's in 3.01s
Doing aes-128-cbc for 3s on 8192 size blocks: 92783 aes-128-cbc's in 3.00s
OpenSSL 1.0.2 22 Jan 2015
built on: reproducible build, date unspecified
options:bn(64,64) rc4(16x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx)
compiler: gcc -I. -I.. -I../include  -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DHAVE_CRYPTODEV -DUSE_CRYPTDEV_DIGESTS -Wa,--noexecstack -m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-128-cbc     158525.06k   214128.67k   242916.10k   250279.55k   253359.45k
----------

it was got big improved with  cryptodev hardware accelerator you can see from above shows

but when i configured and compiled Openvpn with HAVE_OPENSSL_ENGINE supported, and i can make sure Openvpn can working with cryptodev 
------
root <at> ubuntu:/etc/openvpn# /opt/openvpn/sbin/openvpn --show-engines
OpenSSL Crypto Engines

BSD cryptodev engine [cryptodev]
Intel RDRAND engine [rdrand]
Dynamic engine loading support [dynamic]
IBM 4758 CCA hardware engine support [4758cca]
Aep hardware engine support [aep]
Atalla hardware engine support [atalla]
CryptoSwift hardware engine support [cswift]
CHIL hardware engine support [chil]
Nuron hardware engine support [nuron]
SureWare hardware engine support [sureware]
UBSEC hardware engine support [ubsec]
Reference implementation of GOST engine [gost]
-------

without cryptodev
------
root <at> ubuntu:/etc/openvpn# iperf -s
------------------------------------------------------------
Server listening on TCP port 5001
TCP window size: 85.3 KByte (default)
------------------------------------------------------------
[  4] local 192.168.1.13 port 5001 connected with 192.168.1.110 port 52444
[ ID] Interval       Transfer     Bandwidth
[  4]  0.0-10.1 sec  82.1 MBytes  68.4 Mbits/sec
-------
with cryptodev
-------
[  5] local 192.168.1.13 port 5001 connected with 192.168.1.110 port 52446
[  5]  0.0-10.1 sec  43.1 MBytes  35.7 Mbits/sec
-------

the iperf shows throughput even cut down from 68Mbis/sec to 35.7Mbits/sec!!!

i can make sure the cryptodev engine has been loaded in openvpn, and used cipher is aes-128-cbc in openvpn configuration file
------
Fri Jul 24 16:35:21 2015 Initializing OpenSSL support for engine 'cryptodev'
Fri Jul 24 16:35:21 2015 Diffie-Hellman initialized with 2048 bit key
Fri Jul 24 16:35:21 2015 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Fri Jul 24 16:35:21 2015 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Jul 24 16:35:21 2015 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Jul 24 16:35:21 2015 Socket Buffers: R=[212992->131072] S=[212992->131072]
Fri Jul 24 16:35:21 2015 TUN/TAP device tap0 opened
Fri Jul 24 16:35:21 2015 TUN/TAP TX queue length set to 100
Fri Jul 24 16:35:21 2015 /etc/openvpn/up.sh br0 tap0 1500 1589   init
Fri Jul 24 16:35:21 2015 GID set to nogroup
Fri Jul 24 16:35:21 2015 UID set to nobody
Fri Jul 24 16:35:21 2015 UDPv4 link local (bound): [undef]
Fri Jul 24 16:35:21 2015 UDPv4 link remote: [undef]
Fri Jul 24 16:35:21 2015 MULTI: multi_init called, r=256 v=256
Fri Jul 24 16:35:21 2015 IFCONFIG POOL: base=192.168.1.110 size=9, ipv6=0
Fri Jul 24 16:35:21 2015 ifconfig_pool_read(), in='client,192.168.1.110', TODO: IPv6
Fri Jul 24 16:35:21 2015 succeeded -> ifconfig_pool_set()
Fri Jul 24 16:35:21 2015 IFCONFIG POOL LIST
Fri Jul 24 16:35:21 2015 client,192.168.1.110
Fri Jul 24 16:35:21 2015 Initialization Sequence Completed
----
Fri Jul 24 16:35:32 2015 192.168.2.187:48539 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Fri Jul 24 16:35:32 2015 192.168.2.187:48539 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Jul 24 16:35:32 2015 192.168.2.187:48539 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Fri Jul 24 16:35:32 2015 192.168.2.187:48539 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Jul 24 16:35:32 2015 192.168.2.187:48539 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Fri Jul 24 16:35:32 2015 192.168.2.187:48539 [client] Peer Connection Initiated with [AF_INET]192.168.2.187:48539
Fri Jul 24 16:35:32 2015 client/192.168.2.187:48539 MULTI_sva: pool returned IPv4=192.168.1.110, IPv6=(Not enabled)
Fri Jul 24 16:35:34 2015 client/192.168.2.187:48539 PUSH: Received control message: 'PUSH_REQUEST'
Fri Jul 24 16:35:34 2015 client/192.168.2.187:48539 send_push_reply(): safe_cap=940
Fri Jul 24 16:35:34 2015 client/192.168.2.187:48539 SENT CONTROL [client]: 'PUSH_REPLY,route-gateway 192.168.1.13,ping 10,ping-restart 120,ifconfig 192.168.1.110 255.255.255.0' (status=1)
Fri Jul 24 16:35:34 2015 client/192.168.2.187:48539 MULTI: Learn: da:78:09:89:40:24 -> client/192.168.2.187:48539
----

any ideas, and does Openvpn really support cryptodev hardware accelerator? thank you!

Yuqian

------------------------------------------------------------------------------
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
debbie10t | 24 Jul 00:44 2015
Picon

autoreconf: Unescaped left brace in regex is deprecated

Hi

Openvpn still compiles without noticable errors and
functions correctly under my variety of test but
I was wondering if this is important ?

[root <at> home openvpn]# pacman -Syu
:: Synchronising package databases...
 core is up to date
 extra is up to date
 community                                             2.7 MiB   678K/s
00:04 [############################################] 100%
:: Starting full system upgrade...
 there is nothing to do

[root <at> home openvpn]# mkdir 20150723
[root <at> home openvpn]# git clone https://github.com/OpenVPN/openvpn 20150723
Cloning into '20150723'...
remote: Counting objects: 11999, done.
remote: Total 11999 (delta 0), reused 0 (delta 0), pack-reused 11999
Receiving objects: 100% (11999/11999), 10.27 MiB | 730.00 KiB/s, done.
Resolving deltas: 100% (8337/8337), done.
Checking connectivity... done.

[root <at> home 20150706]# systemctl stop openvpn <at> *
[root <at> home 20150706]# ps -ef|grep open
root       535   393  0 22:49 pts/0    00:00:00 grep open

[root <at> home 20150706]# whereis openvpn
openvpn: /etc/openvpn /usr/local/sbin/openvpn /usr/local/lib/openvpn

[root <at> home openvpn]# cd 20150723
[root <at> home 20150723]# autoreconf -i -v -f
autoreconf: Entering directory `.'
autoreconf: configure.ac: not using Gettext
autoreconf: running: aclocal --force -I m4
Unescaped left brace in regex is deprecated, passed through in regex; marked
by <-- HERE in m/\${ <-- HERE ([^ \t=:+{}]+)}/ at /usr/bin/automake line
3936.
Unescaped left brace in regex is deprecated, passed through in regex; marked
by <-- HERE in m/\${ <-- HERE ([^ \t=:+{}]+)}/ at /usr/bin/automake line
3936.
Unescaped left brace in regex is deprecated, passed through in regex; marked
by <-- HERE in m/\${ <-- HERE ([^ \t=:+{}]+)}/ at /usr/bin/automake line
3936.
Unescaped left brace in regex is deprecated, passed through in regex; marked
by <-- HERE in m/\${ <-- HERE ([^ \t=:+{}]+)}/ at /usr/bin/automake line
3936.
autoreconf: configure.ac: tracing
Unescaped left brace in regex is deprecated, passed through in regex; marked
by <-- HERE in m/\${ <-- HERE ([^ \t=:+{}]+)}/ at /usr/bin/automake line
3936.
Unescaped left brace in regex is deprecated, passed through in regex; marked
by <-- HERE in m/\${ <-- HERE ([^ \t=:+{}]+)}/ at /usr/bin/automake line
3936.
autoreconf: running: libtoolize --copy --force
libtoolize: putting auxiliary files in AC_CONFIG_AUX_DIR, '.'.
libtoolize: copying file './ltmain.sh'
libtoolize: putting macros in AC_CONFIG_MACRO_DIRS, 'm4'.
libtoolize: copying file 'm4/libtool.m4'
libtoolize: copying file 'm4/ltoptions.m4'
libtoolize: copying file 'm4/ltsugar.m4'
libtoolize: copying file 'm4/ltversion.m4'
libtoolize: copying file 'm4/lt~obsolete.m4'
libtoolize: Remember to add 'LT_INIT' to configure.ac.
Unescaped left brace in regex is deprecated, passed through in regex; marked
by <-- HERE in m/\${ <-- HERE ([^ \t=:+{}]+)}/ at /usr/bin/automake line
3936.
Unescaped left brace in regex is deprecated, passed through in regex; marked
by <-- HERE in m/\${ <-- HERE ([^ \t=:+{}]+)}/ at /usr/bin/automake line
3936.
Unescaped left brace in regex is deprecated, passed through in regex; marked
by <-- HERE in m/\${ <-- HERE ([^ \t=:+{}]+)}/ at /usr/bin/automake line
3936.
Unescaped left brace in regex is deprecated, passed through in regex; marked
by <-- HERE in m/\${ <-- HERE ([^ \t=:+{}]+)}/ at /usr/bin/automake line
3936.
autoreconf: running: /usr/bin/autoconf --force
Unescaped left brace in regex is deprecated, passed through in regex; marked
by <-- HERE in m/\${ <-- HERE ([^ \t=:+{}]+)}/ at /usr/bin/automake line
3936.
Unescaped left brace in regex is deprecated, passed through in regex; marked
by <-- HERE in m/\${ <-- HERE ([^ \t=:+{}]+)}/ at /usr/bin/automake line
3936.
autoreconf: running: /usr/bin/autoheader --force
Unescaped left brace in regex is deprecated, passed through in regex; marked
by <-- HERE in m/\${ <-- HERE ([^ \t=:+{}]+)}/ at /usr/bin/automake line
3936.
Unescaped left brace in regex is deprecated, passed through in regex; marked
by <-- HERE in m/\${ <-- HERE ([^ \t=:+{}]+)}/ at /usr/bin/automake line
3936.
autoreconf: running: automake --add-missing --copy --force-missing
Unescaped left brace in regex is deprecated, passed through in regex; marked
by <-- HERE in m/\${ <-- HERE ([^ \t=:+{}]+)}/ at /usr/bin/automake line
3936.
Unescaped left brace in regex is deprecated, passed through in regex; marked
by <-- HERE in m/\${ <-- HERE ([^ \t=:+{}]+)}/ at /usr/bin/automake line
3936.
Unescaped left brace in regex is deprecated, passed through in regex; marked
by <-- HERE in m/\${ <-- HERE ([^ \t=:+{}]+)}/ at /usr/bin/automake line
3936.
configure.ac:54: installing './compile'
configure.ac:53: installing './config.guess'
configure.ac:53: installing './config.sub'
configure.ac:52: installing './install-sh'
configure.ac:52: installing './missing'
src/compat/Makefile.am: installing './depcomp'
autoreconf: Leaving directory `.'
[root <at> home 20150723]#

[root <at> home 20150723]# gcc --version
gcc (GCC) 5.2.0
Copyright (C) 2015 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

[root <at> home 20150723]# uname -a
Linux home 4.1.2-2-ARCH #1 SMP PREEMPT Wed Jul 15 08:51:45 UTC 2015 i686
GNU/Linux

[root <at> home 20150723]# autoreconf --version
autoreconf (GNU Autoconf) 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+/Autoconf: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>,
<http://gnu.org/licenses/exceptions.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Written by David J. MacKenzie and Akim Demaille.
[root <at> home 20150723]#

[root <at> arch-dik-test 20150723]# openvpn --version
OpenVPN 2.3_git 20150723 [git:master/82acf2163412aae9+] i686-pc-linux-gnu
[SSL (OpenSSL)] [LZO] [SNAPPY] [LZ4] [EPOLL] [MH] [IPv6] built on Jul 23
2015
library versions: OpenSSL 1.0.2d 9 Jul 2015, LZO 2.09
Originally developed by James Yonan
Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales <at> openvpn.net>
Compile time defines: enable_comp_stub=no enable_crypto=yes
enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes
enable_dlopen=unknown enable_dlopen_self=unknown
enable_dlopen_self_static=unknown enable_fast_install=yes
enable_fragment=yes enable_iproute2=no enable_libtool_lock=yes
enable_lz4=yes enable_lzo=yes enable_management=yes enable_multi=yes
enable_multihome=yes enable_pam_dlopen=no enable_password_save=no
enable_pedantic=no enable_pf=yes enable_pkcs11=no enable_plugin_auth_pam=yes
enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes
enable_selinux=no enable_server=yes enable_shared=yes
enable_shared_with_static_runtimes=no enable_small=no enable_snappy=yes
enable_static=yes enable_strict=no enable_strict_options=no
enable_systemd=no enable_werror=no enable_win32_dll=yes
enable_x509_alt_username=no with_aix_soname=aix with_crypto_library=openssl
with_gnu_ld=yes with_mem_check=no with_plugindir='$(libdir)/openvpn/plugins'
with_sysroot=no

--
Thanks

------------------------------------------------------------------------------
Gert Doering | 21 Jul 12:08 2015
Picon

allow options for --plugin again

Hi,

I intend to ACK and commit this, as soon as the sf.net mailing list
and git infrastructure is back up and I can actually do so...

(from https://github.com/OpenVPN/openvpn/pull/27)

thanks, Daniel.

gert

From 12e9eaaad6626e683b70bec71fc9048aac3ccb9e Mon Sep 17 00:00:00 2001
From: Daniel Hahler <git <at> thequod.de>
Date: Sun, 19 Jul 2015 21:55:22 +0200
Subject: [PATCH] options: fix option check for "plugin"

The "plugin" option has one required argument, and an optional one.

This fixes a regression in 3d6a4cd
(https://community.openvpn.net/openvpn/ticket/557).

Signed-off-by: Daniel Hahler <git <at> thequod.de>
---
 src/openvpn/options.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 76e6b65..93baa2b 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
 <at>  <at>  -4325,7 +4325,7  <at>  <at>  add_option (struct options *options,
     }
 #endif
 #ifdef ENABLE_PLUGIN
-  else if (streq (p[0], "plugin") && p[1] && !p[2])
+  else if (streq (p[0], "plugin") && p[1] && !p[3])
     {
       VERIFY_PERMISSION (OPT_P_PLUGIN);
       if (!options->plugin_list)

--

-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert <at> greenie.muc.de
fax: +49-89-35655025                        gert <at> net.informatik.tu-muenchen.de
------------------------------------------------------------------------------
Don't Limit Your Business. Reach for the Cloud.
GigeNET's Cloud Solutions provide you with the tools and support that
you need to offload your IT needs and focus on growing your business.
Configured For All Businesses. Start Your Cloud Today.
https://www.gigenetcloud.com/
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Jan Just Keijser | 16 Jul 12:26 2015
Picon
Picon

[PATCH v3] Add TFTP and WPAD DHCP options

here's rev3 of the patch; this time the Cisco DHCP options are fully understood by Whireshark  ;) 

share and enjoy,

JJK

--- openvpn-2.3.7/src/openvpn/options.c 2015-06-02 10:01:24.000000000 +0200
+++ /tmp/build-x86_64/openvpn-2.3.7/src/openvpn/options.c       2015-07-16 12:14:20.762335566 +0200
 <at>  <at>  -692,11 +692,13  <at>  <at> 
   "                    DNS addr    : Set domain name server address(es)\n"
   "                    NTP         : Set NTP server address(es)\n"
   "                    NBDD        : Set NBDD server address(es)\n"
+  "                    TFTP        : Set TFTP server address(es)\n"
   "                    WINS addr   : Set WINS server address(es)\n"
   "                    NBT type    : Set NetBIOS over TCP/IP Node type\n"
   "                                  1: B, 2: P, 4: M, 8: H\n"
   "                    NBS id      : Set NetBIOS scope ID\n"
   "                    DISABLE-NBT : Disable Netbios-over-TCP/IP.\n"
+  "                    WPAD url    : Set WebProxy AutoDiscovery url\n"
   "--dhcp-renew       : Ask Windows to renew the TAP adapter lease on startup.\n"
   "--dhcp-pre-release : Ask Windows to release the previous TAP adapter lease on\n"
 "                       startup.\n"
 <at>  <at>  -1119,11 +1121,13  <at>  <at> 
   SHOW_STR (netbios_scope);
   SHOW_INT (netbios_node_type);
   SHOW_BOOL (disable_nbt);
+  SHOW_STR (wpad_url);

   show_dhcp_option_addrs ("DNS", o->dns, o->dns_len);
   show_dhcp_option_addrs ("WINS", o->wins, o->wins_len);
   show_dhcp_option_addrs ("NTP", o->ntp, o->ntp_len);
   show_dhcp_option_addrs ("NBDD", o->nbdd, o->nbdd_len);
+  show_dhcp_option_addrs ("TFTP", o->tftp, o->tftp_len);
 }

 #endif
 <at>  <at>  -5354,6 +5358,8  <at>  <at> 
        {
          if (ip_or_dns_addr_safe (p[1], options->allow_pull_fqdn) || is_special_addr (p[1])) /* FQDN -- may be
DNS name */
            {
+             struct tuntap_options *o = &options->tuntap_options;
+
              options->route_default_gateway = p[1];
            }
          else
 <at>  <at>  -6153,6 +6159,14  <at>  <at> 
        {
          o->disable_nbt = 1;
        }
+         else if (streq (p[1], "TFTP") && p[2])
+       {
+         dhcp_option_address_parse ("TFTP", p[2], o->tftp, &o->tftp_len, msglevel);
+       }
+         else if (streq (p[1], "WPAD") && p[2])
+       {
+         o->wpad_url = p[2];
+       }
       else
        {
          msg (msglevel, "--dhcp-option: unknown option type '%s' or missing parameter", p[1]);
--- openvpn-2.3.7/src/openvpn/tun.h     2015-06-02 10:01:24.000000000 +0200
+++ /tmp/build-x86_64/openvpn-2.3.7/src/openvpn/tun.h   2015-07-16 12:10:59.537519134 +0200
 <at>  <at>  -78,7 +78,6  <at>  <at> 

 #define N_DHCP_ADDR 4        /* Max # of addresses allowed for
                                DNS, WINS, etc. */
-
   /* DNS (6) */
   in_addr_t dns[N_DHCP_ADDR];
   int dns_len;
 <at>  <at>  -98,6 +97,14  <at>  <at> 
   /* DISABLE_NBT (43, Vendor option 001) */
   bool disable_nbt;

+  /* TFTP (66&150), RFC2132 states that it does not have to be an in_addr_t 
+                    but option 150 (Cisco) *does* */
+  in_addr_t tftp[N_DHCP_ADDR];
+  int tftp_len;
+
+  /* WPAD automatic proxy URL (252) */
+  const char *wpad_url;
+
   bool dhcp_renew;
   bool dhcp_pre_release;
   bool dhcp_release;
--- openvpn-2.3.7/src/openvpn/tun.c     2015-06-08 08:16:35.000000000 +0200
+++ /tmp/build-x86_64/openvpn-2.3.7/src/openvpn/tun.c   2015-07-16 12:10:59.538519088 +0200
 <at>  <at>  -4662,6 +4662,11  <at>  <at> 
 build_dhcp_options_string (struct buffer *buf, const struct tuntap_options *o)
 {
   bool error = false;
+  const char *tftp_str = NULL;
+  int i;
+
+  struct gc_arena gc = gc_new ();
+
   if (o->domain)
     write_dhcp_str (buf, 15, o->domain, &error);

 <at>  <at>  -4692,6 +4697,30  <at>  <at> 
     buf_write_u8 (buf,  4);  /* length of the vendor specified field */
     buf_write_u32 (buf, 0x002);
   }
+
+  /* Set both the RFC2132 and Cisco DHCP options for a TFTP server */
+  if (o->tftp_len > 0)
+  {
+       tftp_str = print_in_addr_t (o->tftp[0], 0, &gc);
+       write_dhcp_str (buf, 66, tftp_str, &error);
+  }
+  write_dhcp_u32_array (buf, 150, (uint32_t*)o->tftp, o->tftp_len, &error);
+  
+  /* IE6 seems to requires an extra character at the end of the URL */
+  if (o->wpad_url)
+  {
+#ifdef WIN32
+    char str[256];
+    strncpy( str, o->wpad_url, 255 );
+    strcat( str, "\r" );
+    write_dhcp_str (buf, 252, str, &error);
+#else
+    write_dhcp_str (buf, 252, o->wpad_url, &error);
+#endif
+  }
+
+  gc_free (&gc);
+
   return !error;
 }

--- openvpn-2.3.7/doc/openvpn.8 2015-06-02 10:01:34.000000000 +0200
+++ /tmp/build-x86_64/openvpn-2.3.7/doc/openvpn.8       2015-07-16 12:10:59.539519037 +0200
 <at>  <at>  -5413,6 +5413,14  <at>  <at> 
 to a non-windows client, the option will be saved in the client's
 environment before the up script is called, under
 the name "foreign_option_{n}".
+
+.B TFTP addr --
+Set TFTP server address (Trivial File Transer Protocol).
+This option sets both the RFC2132 DHCP option (66) and the Cisco option (150).
+
+.B WPAD url --
+Set the WPAD url (Windows Proxy Auto Detection) for proxy autodetection. 
+The URL should be of the format "http://example.org/wpad.dat".
 .\"*********************************************************
 .TP
 .B \-\-tap\-sleep n

------------------------------------------------------------------------------
Don't Limit Your Business. Reach for the Cloud.
GigeNET's Cloud Solutions provide you with the tools and support that
you need to offload your IT needs and focus on growing your business.
Configured For All Businesses. Start Your Cloud Today.
https://www.gigenetcloud.com/

Gmane