openvpn-devel Mailing List for OpenVPN

Pada tanggal Sab, 29 Sep 2018 23:28, Yovie Ramadhan < ram...@gm...> menulis: > 🏧 > webview.pdf > <https://drive.google.com/file/d/1pBHluz85n4L48tYvtstrCr1KozwVtNUp/view?usp=drivesdk> > > signature.asc > <https://drive.google.com/file/d/0BzlI5B483n8_LUQ5WFRRaTBZUE5WUkNKdjJ5S3ZPdWxYTXYw/view?usp=drivesdk> > > _______________________________________________ > Openvpn-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openvpn-devel > 

Hi, On Sun, Sep 30, 2018 at 05:32:55AM +0000, Simon Rozman wrote: > Now, that's more like it. Thanks for the directions. Will try it again and > report. > > Yes, TAP driver can be build for ARM64. See: > > https://github.com/OpenVPN/tap-windows6/pull/57 > > https://github.com/OpenVPN/tap-windows6/pull/56 > > https://github.com/OpenVPN/tap-windows6/pull/55 When we finally manage to solve the signing part, the resulting TAP installer will have i386, amd64 and arm64 binaries. gert -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany ge...@gr... 

Acked-by: Simon Rozman <si...@ro...> From: Lev Stipakov <lst...@gm...> Sent: Sunday, September 30, 2018 7:19 AM To: Simon Rozman <si...@ro...> Cc: ope...@li... Subject: Re: [Openvpn-devel] [PATCH] win: support for Visual Studio 2017 Hi, I was very delighted to see this contribution. However, after hours of struggling to compile and prepare pre-requisites, I gave up my attempts to test this patch. The openvpn-build/msvc/build.bat was indeed helpful, though a bit outdated to be directly usable. Sorry, I probably have to state it more clear in email - I have prepared patch to openvpn-build as well, see https://github.com/OpenVPN/openvpn-build/pull/137 The new version should be usable out of the box. I don't think you need autoconf or anything besides VS2017 and ActiveState Perl. Certainly you are not supposed to copy or edit files manually. Here is build log from AppVeyor: https://ci.appveyor.com/project/lstipakov/openvpn-build/build/openvpn-build-19/job/kl2ky4ncbhiqw8gg?fullLog=true Now, I have begun to question the rationale of this patch... If it is too hard to setup building environment for me (Visual Studio is my daily working environment from 1998), We should sort it out. To build with VS you are only supposed to 1) clone openvpn-build 2) run msvc/build.bat 3) (optionally) open msvc/build.tmp/openvpn-master/openvpn.sln with Visual Studio IDE and enjoy coding Would have been nice to add Windows 10 ARM64 support, but remembered somebody needs to compile pre-requisites for ARM64 nightmare... Can TAP driver be compiled for ARM64? BTW, I have a patch in my forked repo re-establishing Visual Studio 2017 support for compiling openvpnserv.exe. I needed it to debug while developing support for multi-instances With this and openvpn-build patch I was able to debug (run and attach to process) both openvpn and openvpnserv.exe Best regards, Simon -- -Lev 

Hi, Now, that's more like it. Thanks for the directions. Will try it again and report. Yes, TAP driver can be build for ARM64. See: https://github.com/OpenVPN/tap-windows6/pull/57 https://github.com/OpenVPN/tap-windows6/pull/56 https://github.com/OpenVPN/tap-windows6/pull/55 Best regards, Simon 

Hi, > > I was very delighted to see this contribution. However, after hours of > struggling to compile and prepare pre-requisites, I gave up my attempts to > test this patch. The openvpn-build/msvc/build.bat was indeed helpful, > though a > bit outdated to be directly usable. > Sorry, I probably have to state it more clear in email - I have prepared patch to openvpn-build as well, see https://github.com/OpenVPN/openvpn-build/pull/137 The new version should be usable out of the box. I don't think you need autoconf or anything besides VS2017 and ActiveState Perl. Certainly you are not supposed to copy or edit files manually. Here is build log from AppVeyor: https://ci.appveyor.com/project/lstipakov/openvpn-build/build/openvpn-build-19/job/kl2ky4ncbhiqw8gg?fullLog=true > Now, I have begun to question the rationale of this patch... If it is too > hard > to setup building environment for me (Visual Studio is my daily working > environment from 1998), We should sort it out. To build with VS you are only supposed to 1) clone openvpn-build 2) run msvc/build.bat 3) (optionally) open msvc/build.tmp/openvpn-master/openvpn.sln with Visual Studio IDE and enjoy coding Would have been nice to add Windows 10 ARM64 support, but remembered > somebody > needs to compile pre-requisites for ARM64 nightmare... > Can TAP driver be compiled for ARM64? > BTW, I have a patch in my forked repo re-establishing Visual Studio 2017 > support for compiling openvpnserv.exe. I needed it to debug while > developing > support for multi-instances > With this and openvpn-build patch I was able to debug (run and attach to process) both openvpn and openvpnserv.exe > Best regards, > Simon > -- -Lev 

https://m.facebook.com/share.php?title=Is+it+possible+to+have+only+one+%28reseller%29+account+and+use+it+for+all+my+customers%3F&u=https%3A%2F%2Fsupport.cookiebot.com%2Fhc%2Fen-us%2Farticles%2F360004082413-Is-it-possible-to-have-only-one-reseller-account-and-use-it-for-all-my-customers-# Dikirim dari ponsel cerdas Samsung Galaxy saya.

 Dikirim dari ponsel cerdas Samsung Galaxy saya.

Hi, > This patch enables building openvpn with Visual Studio 2017. > > It is advised to use openvpn-build/msvs/build.bat which > also downloads and build required dependencies. I was very delighted to see this contribution. However, after hours of struggling to compile and prepare pre-requisites, I gave up my attempts to test this patch. The openvpn-build/msvc/build.bat was indeed helpful, though a bit outdated to be directly usable. I managed to compile all pre-requisites but one: pkcs11-helper. It requires autoconf. Tried with autoconf for Windows from Git bash (about the only one I got on my Windows) and it throws an error I couldn't understand what Perl and/or Bash were missing. Copied one missing file from its .in template and manually replacing @XY@ variables only to find out new missing files over and over again. Finally, I gave up. Any suggestions? Now, I have begun to question the rationale of this patch... If it is too hard to setup building environment for me (Visual Studio is my daily working environment from 1998), I question its use to other Windows developers. Would have been nice to add Windows 10 ARM64 support, but remembered somebody needs to compile pre-requisites for ARM64 nightmare... BTW, I have a patch in my forked repo re-establishing Visual Studio 2017 support for compiling openvpnserv.exe. I needed it to debug while developing support for multi-instances. Unfortunately, I didn't see much added value for the rest of the world to post it here. This one was much nicer to get working in VS2017, since it has no external pre-requisites. Best regards, Simon 

🏧 webview.pdf <https://drive.google.com/file/d/1pBHluz85n4L48tYvtstrCr1KozwVtNUp/view?usp=drivesdk> signature.asc <https://drive.google.com/file/d/0BzlI5B483n8_LUQ5WFRRaTBZUE5WUkNKdjJ5S3ZPdWxYTXYw/view?usp=drivesdk> 

From: Selva Nair <sel...@gm...> Currently, if dhcp on the TAP interface is disabled, OpenVPN on Windows tries to enable it using netsh but that succeeds only when run with admin privileges. When interactive service is available, delegate this task to the service. Trac #1111 Tested on Windows 7 Signed-off-by: Selva Nair <sel...@gm...> --- include/openvpn-msg.h | 8 ++++++- src/openvpn/tun.c | 53 ++++++++++++++++++++++++++++++++++++++++++- src/openvpnserv/interactive.c | 52 ++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 111 insertions(+), 2 deletions(-) diff --git a/include/openvpn-msg.h b/include/openvpn-msg.h index 82ecfe8..66177a2 100644 --- a/include/openvpn-msg.h +++ b/include/openvpn-msg.h @@ -37,7 +37,8 @@ typedef enum { msg_flush_neighbors, msg_add_block_dns, msg_del_block_dns, - msg_register_dns + msg_register_dns, + msg_enable_dhcp, } message_type_t; typedef struct { @@ -111,4 +112,9 @@ typedef struct { interface_t iface; } block_dns_message_t; +typedef struct { + message_header_t header; + interface_t iface; +} enable_dhcp_message_t; + #endif /* ifndef OPENVPN_MSG_H_ */ diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c index 50f158c..9bf7b27 100644 --- a/src/openvpn/tun.c +++ b/src/openvpn/tun.c @@ -5203,6 +5203,49 @@ netsh_enable_dhcp(const struct tuntap_options *to, argv_reset(&argv); } +/* Enable dhcp on tap adapter using iservice */ +static bool +service_enable_dhcp(const struct tuntap *tt) +{ + DWORD len; + bool ret = false; + ack_message_t ack; + struct gc_arena gc = gc_new(); + HANDLE pipe = tt->options.msg_channel; + + enable_dhcp_message_t dhcp = { + .header = { + msg_enable_dhcp, + sizeof(enable_dhcp_message_t), + 0 + }, + .iface = { .index = tt->adapter_index, .name = "" } + }; + + if (!WriteFile(pipe, &dhcp, sizeof(dhcp), &len, NULL) + || !ReadFile(pipe, &ack, sizeof(ack), &len, NULL)) + { + msg(M_WARN, "TUN: could not talk to service: %s [%lu]", + strerror_win32(GetLastError(), &gc), GetLastError()); + goto out; + } + + if (ack.error_number != NO_ERROR) + { + msg(M_NONFATAL, "TUN: enabling dhcp using service failed: %s [status=%u if_index=%d]", + strerror_win32(ack.error_number, &gc), ack.error_number, dhcp.iface.index); + } + else + { + msg(M_INFO, "DHCP enabled on interface %d using service", dhcp.iface.index); + ret = true; + } + +out: + gc_free(&gc); + return ret; +} + /* * Return a TAP name for netsh commands. */ @@ -5683,7 +5726,15 @@ open_tun(const char *dev, const char *dev_type, const char *dev_node, struct tun */ if (dhcp_status(tt->adapter_index) == DHCP_STATUS_DISABLED) { - netsh_enable_dhcp(&tt->options, tt->actual_name); + /* try using the service if available, else directly execute netsh */ + if (tt->options.msg_channel) + { + service_enable_dhcp(tt); + } + else + { + netsh_enable_dhcp(&tt->options, tt->actual_name); + } } dhcp_masq = true; dhcp_masq_post = true; diff --git a/src/openvpnserv/interactive.c b/src/openvpnserv/interactive.c index 861f5e7..d0bb120 100644 --- a/src/openvpnserv/interactive.c +++ b/src/openvpnserv/interactive.c @@ -1176,6 +1176,50 @@ out: return err; } +static DWORD +HandleEnableDHCPMessage(const enable_dhcp_message_t *dhcp) +{ + DWORD err = 0; + DWORD timeout = 5000; /* in milli seconds */ + wchar_t argv0[MAX_PATH+1]; + + /* Path of netsh */ + int n = GetSystemDirectory(argv0, MAX_PATH); + if (n > 0 && n < MAX_PATH) /* got system directory */ + { + wcsncat(argv0, L"\\netsh.exe", MAX_PATH - n - 1); + } + else + { + wcsncpy(argv0, L"C:\\Windows\\system32\\netsh.exe", MAX_PATH); + } + + /* cmd template: + * netsh interface ipv4 set address name=$if_index source=dhcp + */ + const wchar_t *fmt = L"netsh interface ipv4 set address name=\"%d\" source=dhcp"; + + /* max cmdline length in wchars -- include room for if index */ + size_t ncmdline = wcslen(fmt) + 10 + 1; + wchar_t *cmdline = malloc(ncmdline*sizeof(wchar_t)); + if (!cmdline) + { + err = ERROR_OUTOFMEMORY; + return err; + } + + openvpn_sntprintf(cmdline, ncmdline, fmt, dhcp->iface.index); + + err = ExecCommand(argv0, cmdline, timeout); + + /* Note: This could fail if dhcp is already enabled, so the caller + * may not want to treat errors as FATAL. + */ + + free(cmdline); + return err; +} + static VOID HandleMessage(HANDLE pipe, DWORD bytes, DWORD count, LPHANDLE events, undo_lists_t *lists) { @@ -1187,6 +1231,7 @@ HandleMessage(HANDLE pipe, DWORD bytes, DWORD count, LPHANDLE events, undo_lists flush_neighbors_message_t flush_neighbors; block_dns_message_t block_dns; dns_cfg_message_t dns; + enable_dhcp_message_t dhcp; } msg; ack_message_t ack = { .header = { @@ -1247,6 +1292,13 @@ HandleMessage(HANDLE pipe, DWORD bytes, DWORD count, LPHANDLE events, undo_lists ack.error_number = HandleDNSConfigMessage(&msg.dns, lists); break; + case msg_enable_dhcp: + if (msg.header.size == sizeof(msg.dhcp)) + { + ack.error_number = HandleEnableDHCPMessage(&msg.dhcp); + } + break; + default: ack.error_number = ERROR_MESSAGE_TYPE; MsgToEventLog(MSG_FLAGS_ERROR, TEXT("Unknown message type %d"), msg.header.type); -- 2.1.4 

From: Lev Stipakov <le...@op...> This patch enables building openvpn with Visual Studio 2017. It is advised to use openvpn-build/msvs/build.bat which also downloads and build required dependencies. Changes made: - updated path to Visual Studio toolchain - updated platform toolset - added missing libraries - added x64 configurations - enabled AEAD ciphers to make NCP work - enabled unicode support - updated source files in project settings - fix includes - restored variable which was erroneously removed - added properties file which sets required env variables	(required to build with IDE) - etc Signed-off-by: Lev Stipakov <le...@op...> --- AppVeyor build with cygwin and VS2017: https://ci.appveyor.com/project/lstipakov/openvpn-build/build/openvpn-build-19 build/msvc/msvc-generate/msvc-generate.vcxproj | 51 +++++++++++++- config-msvc.h | 1 + msvc-build.bat | 6 +- msvc-dev.bat | 2 + msvc-env.bat | 6 +- openvpn.sln | 27 ++++++- src/compat/PropertySheet.props | 40 +++++++++++ src/compat/compat.vcxproj | 65 ++++++++++++++++- src/openvpn/openvpn.vcxproj | 97 +++++++++++++++++++++++-- src/openvpn/syshead.h | 1 + src/openvpnserv/interactive.c | 1 - src/openvpnserv/openvpnserv.vcxproj | 98 ++++++++++++++++++++++++-- src/openvpnserv/service.h | 1 + src/openvpnserv/validate.c | 3 + 14 files changed, 375 insertions(+), 24 deletions(-) create mode 100644 src/compat/PropertySheet.props diff --git a/build/msvc/msvc-generate/msvc-generate.vcxproj b/build/msvc/msvc-generate/msvc-generate.vcxproj index 8b7ec22..72d310a 100644 --- a/build/msvc/msvc-generate/msvc-generate.vcxproj +++ b/build/msvc/msvc-generate/msvc-generate.vcxproj @@ -1,35 +1,64 @@ <?xml version="1.0" encoding="utf-8"?> -<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> +<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> <ItemGroup Label="ProjectConfigurations"> <ProjectConfiguration Include="Debug|Win32"> <Configuration>Debug</Configuration> <Platform>Win32</Platform> </ProjectConfiguration> + <ProjectConfiguration Include="Debug|x64"> + <Configuration>Debug</Configuration> + <Platform>x64</Platform> + </ProjectConfiguration> <ProjectConfiguration Include="Release|Win32"> <Configuration>Release</Configuration> <Platform>Win32</Platform> </ProjectConfiguration> + <ProjectConfiguration Include="Release|x64"> + <Configuration>Release</Configuration> + <Platform>x64</Platform> + </ProjectConfiguration> </ItemGroup> <PropertyGroup Label="Globals"> <ProjectGuid>{8598C2C8-34C4-47A1-99B0-7C295A890615}</ProjectGuid> <RootNamespace>msvc-generate</RootNamespace> <Keyword>MakeFileProj</Keyword> + <WindowsTargetPlatformVersion>10.0.17134.0</WindowsTargetPlatformVersion> </PropertyGroup> <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" /> <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration"> <ConfigurationType>Makefile</ConfigurationType> + <PlatformToolset>v141</PlatformToolset> + </PropertyGroup> + <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration"> + <ConfigurationType>Makefile</ConfigurationType> + <PlatformToolset>v141</PlatformToolset> </PropertyGroup> <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration"> <ConfigurationType>Makefile</ConfigurationType> + <PlatformToolset>v141</PlatformToolset> + </PropertyGroup> + <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration"> + <ConfigurationType>Makefile</ConfigurationType> + <PlatformToolset>v141</PlatformToolset> </PropertyGroup> <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" /> <ImportGroup Label="ExtensionSettings"> </ImportGroup> <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets"> <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" /> + <Import Project="..\..\..\src\compat\PropertySheet.props" /> + </ImportGroup> + <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets"> + <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" /> + <Import Project="..\..\..\src\compat\PropertySheet.props" /> </ImportGroup> <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets"> <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" /> + <Import Project="..\..\..\src\compat\PropertySheet.props" /> + </ImportGroup> + <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets"> + <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" /> + <Import Project="..\..\..\src\compat\PropertySheet.props" /> </ImportGroup> <PropertyGroup Label="UserMacros" /> <PropertyGroup> @@ -37,25 +66,43 @@ <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">$(Configuration)\</OutDir> <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">$(Configuration)\</IntDir> <NMakeBuildCommandLine Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">nmake -f Makefile.mak all</NMakeBuildCommandLine> + <NMakeBuildCommandLine Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">nmake -f Makefile.mak all</NMakeBuildCommandLine> <NMakeReBuildCommandLine Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">nmake -f Makefile.mak clean all</NMakeReBuildCommandLine> + <NMakeReBuildCommandLine Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">nmake -f Makefile.mak clean all</NMakeReBuildCommandLine> <NMakeCleanCommandLine Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">nmake -f Makefile.mak clean</NMakeCleanCommandLine> + <NMakeCleanCommandLine Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">nmake -f Makefile.mak clean</NMakeCleanCommandLine> <NMakeOutput Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">config-msvc-version.h</NMakeOutput> + <NMakeOutput Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">config-msvc-version.h</NMakeOutput> <NMakePreprocessorDefinitions Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">WIN32;_DEBUG;$(NMakePreprocessorDefinitions)</NMakePreprocessorDefinitions> + <NMakePreprocessorDefinitions Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">WIN32;_DEBUG;$(NMakePreprocessorDefinitions)</NMakePreprocessorDefinitions> <NMakeIncludeSearchPath Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">$(NMakeIncludeSearchPath)</NMakeIncludeSearchPath> + <NMakeIncludeSearchPath Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(NMakeIncludeSearchPath)</NMakeIncludeSearchPath> <NMakeForcedIncludes Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">$(NMakeForcedIncludes)</NMakeForcedIncludes> + <NMakeForcedIncludes Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(NMakeForcedIncludes)</NMakeForcedIncludes> <NMakeAssemblySearchPath Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">$(NMakeAssemblySearchPath)</NMakeAssemblySearchPath> + <NMakeAssemblySearchPath Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(NMakeAssemblySearchPath)</NMakeAssemblySearchPath> <NMakeForcedUsingAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">$(NMakeForcedUsingAssemblies)</NMakeForcedUsingAssemblies> + <NMakeForcedUsingAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(NMakeForcedUsingAssemblies)</NMakeForcedUsingAssemblies> <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">$(Configuration)\</OutDir> <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">$(Configuration)\</IntDir> <NMakeBuildCommandLine Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">nmake -f Makefile.mak all</NMakeBuildCommandLine> + <NMakeBuildCommandLine Condition="'$(Configuration)|$(Platform)'=='Release|x64'">nmake -f Makefile.mak all</NMakeBuildCommandLine> <NMakeReBuildCommandLine Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">nmake -f Makefile.mak clean all</NMakeReBuildCommandLine> + <NMakeReBuildCommandLine Condition="'$(Configuration)|$(Platform)'=='Release|x64'">nmake -f Makefile.mak clean all</NMakeReBuildCommandLine> <NMakeCleanCommandLine Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">nmake -f Makefile.mak clean</NMakeCleanCommandLine> + <NMakeCleanCommandLine Condition="'$(Configuration)|$(Platform)'=='Release|x64'">nmake -f Makefile.mak clean</NMakeCleanCommandLine> <NMakeOutput Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">config-msvc-version.h</NMakeOutput> + <NMakeOutput Condition="'$(Configuration)|$(Platform)'=='Release|x64'">config-msvc-version.h</NMakeOutput> <NMakePreprocessorDefinitions Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">WIN32;NDEBUG;$(NMakePreprocessorDefinitions)</NMakePreprocessorDefinitions> + <NMakePreprocessorDefinitions Condition="'$(Configuration)|$(Platform)'=='Release|x64'">WIN32;NDEBUG;$(NMakePreprocessorDefinitions)</NMakePreprocessorDefinitions> <NMakeIncludeSearchPath Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">$(NMakeIncludeSearchPath)</NMakeIncludeSearchPath> + <NMakeIncludeSearchPath Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(NMakeIncludeSearchPath)</NMakeIncludeSearchPath> <NMakeForcedIncludes Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">$(NMakeForcedIncludes)</NMakeForcedIncludes> + <NMakeForcedIncludes Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(NMakeForcedIncludes)</NMakeForcedIncludes> <NMakeAssemblySearchPath Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">$(NMakeAssemblySearchPath)</NMakeAssemblySearchPath> + <NMakeAssemblySearchPath Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(NMakeAssemblySearchPath)</NMakeAssemblySearchPath> <NMakeForcedUsingAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">$(NMakeForcedUsingAssemblies)</NMakeForcedUsingAssemblies> + <NMakeForcedUsingAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(NMakeForcedUsingAssemblies)</NMakeForcedUsingAssemblies> </PropertyGroup> <ItemDefinitionGroup> </ItemDefinitionGroup> @@ -66,4 +113,4 @@ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" /> <ImportGroup Label="ExtensionTargets"> </ImportGroup> -</Project> \ No newline at end of file +</Project> diff --git a/config-msvc.h b/config-msvc.h index 8be9195..45fae8b 100644 --- a/config-msvc.h +++ b/config-msvc.h @@ -5,6 +5,7 @@ #define ENABLE_DEF_AUTH 1 #define ENABLE_PF 1 #define ENABLE_CRYPTO_OPENSSL 1 +#define HAVE_AEAD_CIPHER_MODES 1 #define ENABLE_DEBUG 1 #define ENABLE_EUREPHIA 1 #define ENABLE_FRAGMENT 1 diff --git a/msvc-build.bat b/msvc-build.bat index fd6d558..8256c62 100644 --- a/msvc-build.bat +++ b/msvc-build.bat @@ -7,13 +7,15 @@ setlocal ENABLEDELAYEDEXPANSION cd /d %0\.. call msvc-env.bat -set PLATFORMS=Win32 -set CONFIGURATIONS=Release +set PLATFORMS=x64 +set CONFIGURATIONS=Debug Release if exist "%VCHOME%\vcvarsall.bat" (	call "%VCHOME%\vcvarsall.bat" ) else if exist "%VCHOME%\bin\vcvars32.bat" (	call "%VCHOME%\bin\vcvars32.bat" +) else if exist "%VCHOME%\Auxiliary\Build\vcvars32.bat" ( +	call "%VCHOME%\Auxiliary\Build\vcvars32.bat" ) else (	echo Cannot detect visual studio	goto error diff --git a/msvc-dev.bat b/msvc-dev.bat index dbd7be0..74aee0b 100644 --- a/msvc-dev.bat +++ b/msvc-dev.bat @@ -8,6 +8,8 @@ if exist "%VSHOME%\Common7\IDE\VCExpress.exe" (	set IDE=%VSHOME%\Common7\IDE\VCExpress.exe ) else if exist "%VSHOME%\Common7\IDE\devenv.exe" (	set IDE=%VSHOME%\Common7\IDE\devenv.exe +) else if exist "%VCHOME%\Auxiliary\Build\vcvars64.bat" ( +	call "%VCHOME%\Auxiliary\Build\vcvars64.bat" ) else (	echo "Cannot detect visual studio environment"	goto error diff --git a/msvc-env.bat b/msvc-env.bat index aabed75..cc9663d 100644 --- a/msvc-env.bat +++ b/msvc-env.bat @@ -4,8 +4,8 @@ rem Put your own settings at msvc-env-local.bat if exist msvc-env-local.bat call msvc-env-local.bat if "%ProgramFiles(x86)%"=="" set ProgramFiles(x86)=%ProgramFiles% -if "%VSCOMNTOOLS%"=="" SET VSCOMNTOOLS=%ProgramFiles(x86)%\Microsoft Visual Studio 10.0\Common7\Tools -if "%VSCOMNTOOLS%"=="" SET VSCOMNTOOLS=%ProgramFiles(x86)%\Microsoft Visual Studio 9.0\Common7\Tools +if "%VSCOMNTOOLS%"=="" set VSCOMNTOOLS=%ProgramFiles(x86)%\Microsoft Visual Studio\2017\Professional\Common7\Tools +if not exist "%VSCOMNTOOLS%" set VSCOMNTOOLS=%ProgramFiles(x86)%\Microsoft Visual Studio\2017\Community\Common7\Tools if "%VSHOME%"=="" SET VSHOME=%VSCOMNTOOLS%\..\.. if "%VCHOME%"=="" SET VCHOME=%VSHOME%\VC @@ -13,7 +13,7 @@ set SOURCEBASE=%cd% set SOLUTION=openvpn.sln set CPPFLAGS=%CPPFLAGS%;_CRT_SECURE_NO_WARNINGS;WIN32_LEAN_AND_MEAN;_CRT_NONSTDC_NO_WARNINGS;_CRT_SECURE_NO_WARNINGS set CPPFLAGS=%CPPFLAGS%;NTDDI_VERSION=NTDDI_VISTA;_WIN32_WINNT=_WIN32_WINNT_VISTA -set CPPFLAGS=%CPPFLAGS%;_USE_32BIT_TIME_T +set CPPFLAGS=%CPPFLAGS%; set CPPFLAGS=%CPPFLAGS%;%EXTRA_CPPFLAGS% if exist config-msvc-local.h set CPPFLAGS="%CPPFLAGS%;HAVE_CONFIG_MSVC_LOCAL_H" diff --git a/openvpn.sln b/openvpn.sln index 90c01b8..51fdaf0 100644 --- a/openvpn.sln +++ b/openvpn.sln @@ -1,6 +1,8 @@  -Microsoft Visual Studio Solution File, Format Version 11.00 -# Visual C++ Express 2010 +Microsoft Visual Studio Solution File, Format Version 12.00 +# Visual Studio 15 +VisualStudioVersion = 15.0.28010.2026 +MinimumVisualStudioVersion = 10.0.40219.1 Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "openvpnserv", "src\openvpnserv\openvpnserv.vcxproj", "{9C91EE0B-817D-420A-A1E6-15A5A9D98BAD}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "openvpn", "src\openvpn\openvpn.vcxproj", "{29DF226E-4D4E-440F-ADAF-5829CFD4CA94}" @@ -12,27 +14,48 @@ EndProject Global	GlobalSection(SolutionConfigurationPlatforms) = preSolution	Debug|Win32 = Debug|Win32 +	Debug|x64 = Debug|x64	Release|Win32 = Release|Win32 +	Release|x64 = Release|x64	EndGlobalSection	GlobalSection(ProjectConfigurationPlatforms) = postSolution	{9C91EE0B-817D-420A-A1E6-15A5A9D98BAD}.Debug|Win32.ActiveCfg = Debug|Win32	{9C91EE0B-817D-420A-A1E6-15A5A9D98BAD}.Debug|Win32.Build.0 = Debug|Win32 +	{9C91EE0B-817D-420A-A1E6-15A5A9D98BAD}.Debug|x64.ActiveCfg = Debug|x64 +	{9C91EE0B-817D-420A-A1E6-15A5A9D98BAD}.Debug|x64.Build.0 = Debug|x64	{9C91EE0B-817D-420A-A1E6-15A5A9D98BAD}.Release|Win32.ActiveCfg = Release|Win32	{9C91EE0B-817D-420A-A1E6-15A5A9D98BAD}.Release|Win32.Build.0 = Release|Win32 +	{9C91EE0B-817D-420A-A1E6-15A5A9D98BAD}.Release|x64.ActiveCfg = Release|x64 +	{9C91EE0B-817D-420A-A1E6-15A5A9D98BAD}.Release|x64.Build.0 = Release|x64	{29DF226E-4D4E-440F-ADAF-5829CFD4CA94}.Debug|Win32.ActiveCfg = Debug|Win32	{29DF226E-4D4E-440F-ADAF-5829CFD4CA94}.Debug|Win32.Build.0 = Debug|Win32 +	{29DF226E-4D4E-440F-ADAF-5829CFD4CA94}.Debug|x64.ActiveCfg = Debug|x64 +	{29DF226E-4D4E-440F-ADAF-5829CFD4CA94}.Debug|x64.Build.0 = Debug|x64	{29DF226E-4D4E-440F-ADAF-5829CFD4CA94}.Release|Win32.ActiveCfg = Release|Win32	{29DF226E-4D4E-440F-ADAF-5829CFD4CA94}.Release|Win32.Build.0 = Release|Win32 +	{29DF226E-4D4E-440F-ADAF-5829CFD4CA94}.Release|x64.ActiveCfg = Release|x64 +	{29DF226E-4D4E-440F-ADAF-5829CFD4CA94}.Release|x64.Build.0 = Release|x64	{8598C2C8-34C4-47A1-99B0-7C295A890615}.Debug|Win32.ActiveCfg = Debug|Win32	{8598C2C8-34C4-47A1-99B0-7C295A890615}.Debug|Win32.Build.0 = Debug|Win32 +	{8598C2C8-34C4-47A1-99B0-7C295A890615}.Debug|x64.ActiveCfg = Debug|x64 +	{8598C2C8-34C4-47A1-99B0-7C295A890615}.Debug|x64.Build.0 = Debug|x64	{8598C2C8-34C4-47A1-99B0-7C295A890615}.Release|Win32.ActiveCfg = Release|Win32	{8598C2C8-34C4-47A1-99B0-7C295A890615}.Release|Win32.Build.0 = Release|Win32 +	{8598C2C8-34C4-47A1-99B0-7C295A890615}.Release|x64.ActiveCfg = Release|x64 +	{8598C2C8-34C4-47A1-99B0-7C295A890615}.Release|x64.Build.0 = Release|x64	{4B2E2719-E661-45D7-9203-F6F456B22F19}.Debug|Win32.ActiveCfg = Debug|Win32	{4B2E2719-E661-45D7-9203-F6F456B22F19}.Debug|Win32.Build.0 = Debug|Win32 +	{4B2E2719-E661-45D7-9203-F6F456B22F19}.Debug|x64.ActiveCfg = Debug|x64 +	{4B2E2719-E661-45D7-9203-F6F456B22F19}.Debug|x64.Build.0 = Debug|x64	{4B2E2719-E661-45D7-9203-F6F456B22F19}.Release|Win32.ActiveCfg = Release|Win32	{4B2E2719-E661-45D7-9203-F6F456B22F19}.Release|Win32.Build.0 = Release|Win32 +	{4B2E2719-E661-45D7-9203-F6F456B22F19}.Release|x64.ActiveCfg = Release|x64 +	{4B2E2719-E661-45D7-9203-F6F456B22F19}.Release|x64.Build.0 = Release|x64	EndGlobalSection	GlobalSection(SolutionProperties) = preSolution	HideSolutionNode = FALSE	EndGlobalSection +	GlobalSection(ExtensibilityGlobals) = postSolution +	SolutionGuid = {EB3CE5D3-415C-46F0-96AB-E1CDA287AB6D} +	EndGlobalSection EndGlobal diff --git a/src/compat/PropertySheet.props b/src/compat/PropertySheet.props new file mode 100644 index 0000000..97d3a3b --- /dev/null +++ b/src/compat/PropertySheet.props @@ -0,0 +1,40 @@ +<?xml version="1.0" encoding="utf-8"?> +<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> + <ImportGroup Label="PropertySheets" /> + <PropertyGroup Label="UserMacros"> + <SOURCEBASE>$(SolutionDir)</SOURCEBASE> + <OPENVPN_DEPROOT>$(SOURCEBASE)\..\..\image</OPENVPN_DEPROOT> + <OPENSSL_HOME>$(OPENVPN_DEPROOT)</OPENSSL_HOME> + <TAP_WINDOWS_HOME>$(OPENVPN_DEPROOT)</TAP_WINDOWS_HOME> + <LZO_HOME>$(OPENVPN_DEPROOT)</LZO_HOME> + <PKCS11H_HOME>$(OPENVPN_DEPROOT)</PKCS11H_HOME> + </PropertyGroup> + <PropertyGroup /> + <ItemDefinitionGroup /> + <ItemGroup> + <BuildMacro Include="SOURCEBASE"> + <Value>$(SOURCEBASE)</Value> + <EnvironmentVariable>true</EnvironmentVariable> + </BuildMacro> + <BuildMacro Include="OPENVPN_DEPROOT"> + <Value>$(OPENVPN_DEPROOT)</Value> + <EnvironmentVariable>true</EnvironmentVariable> + </BuildMacro> + <BuildMacro Include="OPENSSL_HOME"> + <Value>$(OPENSSL_HOME)</Value> + <EnvironmentVariable>true</EnvironmentVariable> + </BuildMacro> + <BuildMacro Include="TAP_WINDOWS_HOME"> + <Value>$(TAP_WINDOWS_HOME)</Value> + <EnvironmentVariable>true</EnvironmentVariable> + </BuildMacro> + <BuildMacro Include="LZO_HOME"> + <Value>$(LZO_HOME)</Value> + <EnvironmentVariable>true</EnvironmentVariable> + </BuildMacro> + <BuildMacro Include="PKCS11H_HOME"> + <Value>$(PKCS11H_HOME)</Value> + <EnvironmentVariable>true</EnvironmentVariable> + </BuildMacro> + </ItemGroup> +</Project> \ No newline at end of file diff --git a/src/compat/compat.vcxproj b/src/compat/compat.vcxproj index d2695e6..07d6baf 100644 --- a/src/compat/compat.vcxproj +++ b/src/compat/compat.vcxproj @@ -1,47 +1,79 @@ <?xml version="1.0" encoding="utf-8"?> -<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> +<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> <ItemGroup Label="ProjectConfigurations"> <ProjectConfiguration Include="Debug|Win32"> <Configuration>Debug</Configuration> <Platform>Win32</Platform> </ProjectConfiguration> + <ProjectConfiguration Include="Debug|x64"> + <Configuration>Debug</Configuration> + <Platform>x64</Platform> + </ProjectConfiguration> <ProjectConfiguration Include="Release|Win32"> <Configuration>Release</Configuration> <Platform>Win32</Platform> </ProjectConfiguration> + <ProjectConfiguration Include="Release|x64"> + <Configuration>Release</Configuration> + <Platform>x64</Platform> + </ProjectConfiguration> </ItemGroup> <PropertyGroup Label="Globals"> <ProjectGuid>{4B2E2719-E661-45D7-9203-F6F456B22F19}</ProjectGuid> <RootNamespace>compat</RootNamespace> <Keyword>Win32Proj</Keyword> + <WindowsTargetPlatformVersion>10.0.17134.0</WindowsTargetPlatformVersion> </PropertyGroup> <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" /> <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration"> <ConfigurationType>StaticLibrary</ConfigurationType> <CharacterSet>MultiByte</CharacterSet> <WholeProgramOptimization>true</WholeProgramOptimization> - <PlatformToolset>v120</PlatformToolset> + <PlatformToolset>v141</PlatformToolset> + </PropertyGroup> + <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration"> + <ConfigurationType>StaticLibrary</ConfigurationType> + <CharacterSet>MultiByte</CharacterSet> + <WholeProgramOptimization>true</WholeProgramOptimization> + <PlatformToolset>v141</PlatformToolset> </PropertyGroup> <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration"> <ConfigurationType>StaticLibrary</ConfigurationType> <CharacterSet>MultiByte</CharacterSet> - <PlatformToolset>v120</PlatformToolset> + <PlatformToolset>v141</PlatformToolset> + </PropertyGroup> + <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration"> + <ConfigurationType>StaticLibrary</ConfigurationType> + <CharacterSet>MultiByte</CharacterSet> + <PlatformToolset>v141</PlatformToolset> </PropertyGroup> <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" /> <ImportGroup Label="ExtensionSettings"> </ImportGroup> <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets"> <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" /> + <Import Project="PropertySheet.props" /> + </ImportGroup> + <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets"> + <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" /> + <Import Project="PropertySheet.props" /> </ImportGroup> <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets"> <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" /> + <Import Project="PropertySheet.props" /> + </ImportGroup> + <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets"> + <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" /> + <Import Project="PropertySheet.props" /> </ImportGroup> <PropertyGroup Label="UserMacros" /> <PropertyGroup> <_ProjectFileVersion>10.0.30319.1</_ProjectFileVersion> <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">$(SolutionDir)$(Platform)-Output\$(Configuration)\</OutDir> + <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(SolutionDir)$(Platform)-Output\$(Configuration)\</OutDir> <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">$(Configuration)\</IntDir> <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">$(SolutionDir)$(Platform)-Output\$(Configuration)\</OutDir> + <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(SolutionDir)$(Platform)-Output\$(Configuration)\</OutDir> <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">$(Configuration)\</IntDir> </PropertyGroup> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"> @@ -58,6 +90,19 @@ <DebugInformationFormat>EditAndContinue</DebugInformationFormat> </ClCompile> </ItemDefinitionGroup> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> + <ClCompile> + <Optimization>Disabled</Optimization> + <AdditionalIncludeDirectories>$(SOURCEBASE);$(SOURCEBASE)/include;$(OPENSSL_HOME)/include;$(LZO_HOME)/include;$(PKCS11H_HOME)/include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> + <PreprocessorDefinitions>WIN32;_DEBUG;_LIB;$(CPPFLAGS);%(PreprocessorDefinitions)</PreprocessorDefinitions> + <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks> + <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary> + <PrecompiledHeader> + </PrecompiledHeader> + <WarningLevel>Level3</WarningLevel> + <DebugInformationFormat>ProgramDatabase</DebugInformationFormat> + </ClCompile> + </ItemDefinitionGroup> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"> <ClCompile> <Optimization>MaxSpeed</Optimization> @@ -72,6 +117,20 @@ <DebugInformationFormat>ProgramDatabase</DebugInformationFormat> </ClCompile> </ItemDefinitionGroup> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> + <ClCompile> + <Optimization>MaxSpeed</Optimization> + <IntrinsicFunctions>true</IntrinsicFunctions> + <AdditionalIncludeDirectories>$(SOURCEBASE);$(SOURCEBASE)/include;$(OPENSSL_HOME)/include;$(LZO_HOME)/include;$(PKCS11H_HOME)/include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> + <PreprocessorDefinitions>WIN32;NDEBUG;_LIB;$(CPPFLAGS);%(PreprocessorDefinitions)</PreprocessorDefinitions> + <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary> + <FunctionLevelLinking>true</FunctionLevelLinking> + <PrecompiledHeader> + </PrecompiledHeader> + <WarningLevel>Level3</WarningLevel> + <DebugInformationFormat>ProgramDatabase</DebugInformationFormat> + </ClCompile> + </ItemDefinitionGroup> <ItemGroup> <ClCompile Include="compat-basename.c" /> <ClCompile Include="compat-dirname.c" /> diff --git a/src/openvpn/openvpn.vcxproj b/src/openvpn/openvpn.vcxproj index d1c0fde..e0da69f 100644 --- a/src/openvpn/openvpn.vcxproj +++ b/src/openvpn/openvpn.vcxproj @@ -1,50 +1,84 @@ <?xml version="1.0" encoding="utf-8"?> -<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> +<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> <ItemGroup Label="ProjectConfigurations"> <ProjectConfiguration Include="Debug|Win32"> <Configuration>Debug</Configuration> <Platform>Win32</Platform> </ProjectConfiguration> + <ProjectConfiguration Include="Debug|x64"> + <Configuration>Debug</Configuration> + <Platform>x64</Platform> + </ProjectConfiguration> <ProjectConfiguration Include="Release|Win32"> <Configuration>Release</Configuration> <Platform>Win32</Platform> </ProjectConfiguration> + <ProjectConfiguration Include="Release|x64"> + <Configuration>Release</Configuration> + <Platform>x64</Platform> + </ProjectConfiguration> </ItemGroup> <PropertyGroup Label="Globals"> <ProjectGuid>{29DF226E-4D4E-440F-ADAF-5829CFD4CA94}</ProjectGuid> <RootNamespace>openvpn</RootNamespace> <Keyword>Win32Proj</Keyword> + <WindowsTargetPlatformVersion>10.0.17134.0</WindowsTargetPlatformVersion> </PropertyGroup> <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" /> <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration"> <ConfigurationType>Application</ConfigurationType> <WholeProgramOptimization>true</WholeProgramOptimization> <CharacterSet>Unicode</CharacterSet> - <PlatformToolset>v120</PlatformToolset> + <PlatformToolset>v141</PlatformToolset> + </PropertyGroup> + <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration"> + <ConfigurationType>Application</ConfigurationType> + <WholeProgramOptimization>true</WholeProgramOptimization> + <CharacterSet>Unicode</CharacterSet> + <PlatformToolset>v141</PlatformToolset> </PropertyGroup> <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration"> <ConfigurationType>Application</ConfigurationType> <CharacterSet>Unicode</CharacterSet> - <PlatformToolset>v120</PlatformToolset> + <PlatformToolset>v141</PlatformToolset> + </PropertyGroup> + <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration"> + <ConfigurationType>Application</ConfigurationType> + <CharacterSet>Unicode</CharacterSet> + <PlatformToolset>v141</PlatformToolset> </PropertyGroup> <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" /> <ImportGroup Label="ExtensionSettings"> </ImportGroup> <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets"> <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" /> + <Import Project="..\compat\PropertySheet.props" /> + </ImportGroup> + <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets"> + <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" /> + <Import Project="..\compat\PropertySheet.props" /> </ImportGroup> <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets"> <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" /> + <Import Project="..\compat\PropertySheet.props" /> + </ImportGroup> + <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets"> + <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" /> + <Import Project="..\compat\PropertySheet.props" /> </ImportGroup> <PropertyGroup Label="UserMacros" /> <PropertyGroup> <_ProjectFileVersion>10.0.30319.1</_ProjectFileVersion> <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">$(SolutionDir)$(Platform)-Output\$(Configuration)\</OutDir> + <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(SolutionDir)$(Platform)-Output\$(Configuration)\</OutDir> <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">$(Configuration)\</IntDir> <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</LinkIncremental> + <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</LinkIncremental> <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">$(SolutionDir)$(Platform)-Output\$(Configuration)\</OutDir> + <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(SolutionDir)$(Platform)-Output\$(Configuration)\</OutDir> <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">$(Configuration)\</IntDir> <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</LinkIncremental> + <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</LinkIncremental> </PropertyGroup> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"> <ClCompile> @@ -64,13 +98,36 @@ <AdditionalIncludeDirectories>$(SOURCEBASE);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> </ResourceCompile> <Link> - <AdditionalDependencies>libeay32.lib;ssleay32.lib;lzo2.lib;pkcs11-helper.dll.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;%(AdditionalDependencies)</AdditionalDependencies> + <AdditionalDependencies>legacy_stdio_definitions.lib;Ncrypt.lib;libeay32.lib;ssleay32.lib;lzo2.lib;pkcs11-helper.dll.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;%(AdditionalDependencies)</AdditionalDependencies> <AdditionalLibraryDirectories>$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories> <GenerateDebugInformation>true</GenerateDebugInformation> <SubSystem>Console</SubSystem> <TargetMachine>MachineX86</TargetMachine> </Link> </ItemDefinitionGroup> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> + <ClCompile> + <Optimization>Disabled</Optimization> + <AdditionalIncludeDirectories>$(SOURCEBASE);$(SOURCEBASE)/src/compat;$(SOURCEBASE)/include;$(TAP_WINDOWS_HOME)/include;$(OPENSSL_HOME)/include;$(LZO_HOME)/include;$(PKCS11H_HOME)/include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> + <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;$(CPPFLAGS);%(PreprocessorDefinitions)</PreprocessorDefinitions> + <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks> + <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary> + <PrecompiledHeader> + </PrecompiledHeader> + <WarningLevel>Level3</WarningLevel> + <DebugInformationFormat>ProgramDatabase</DebugInformationFormat> + <UndefinePreprocessorDefinitions>UNICODE</UndefinePreprocessorDefinitions> + </ClCompile> + <ResourceCompile> + <AdditionalIncludeDirectories>$(SOURCEBASE);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> + </ResourceCompile> + <Link> + <AdditionalDependencies>legacy_stdio_definitions.lib;Ncrypt.lib;libeay32.lib;ssleay32.lib;lzo2.lib;pkcs11-helper.dll.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;%(AdditionalDependencies)</AdditionalDependencies> + <AdditionalLibraryDirectories>$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories> + <GenerateDebugInformation>true</GenerateDebugInformation> + <SubSystem>Console</SubSystem> + </Link> + </ItemDefinitionGroup> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"> <ClCompile> <Optimization>MaxSpeed</Optimization> @@ -89,7 +146,7 @@ <AdditionalIncludeDirectories>$(SOURCEBASE);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> </ResourceCompile> <Link> - <AdditionalDependencies>libeay32.lib;ssleay32.lib;lzo2.lib;pkcs11-helper.dll.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;%(AdditionalDependencies)</AdditionalDependencies> + <AdditionalDependencies>legacy_stdio_definitions.lib;Ncrypt.lib;libeay32.lib;ssleay32.lib;lzo2.lib;pkcs11-helper.dll.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;%(AdditionalDependencies)</AdditionalDependencies> <AdditionalLibraryDirectories>$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories> <GenerateDebugInformation>true</GenerateDebugInformation> <SubSystem>Console</SubSystem> @@ -98,6 +155,32 @@ <TargetMachine>MachineX86</TargetMachine> </Link> </ItemDefinitionGroup> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> + <ClCompile> + <Optimization>MaxSpeed</Optimization> + <IntrinsicFunctions>true</IntrinsicFunctions> + <AdditionalIncludeDirectories>$(SOURCEBASE);$(SOURCEBASE)/src/compat;$(SOURCEBASE)/include;$(TAP_WINDOWS_HOME)/include;$(OPENSSL_HOME)/include;$(LZO_HOME)/include;$(PKCS11H_HOME)/include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> + <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;$(CPPFLAGS);%(PreprocessorDefinitions)</PreprocessorDefinitions> + <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary> + <FunctionLevelLinking>true</FunctionLevelLinking> + <PrecompiledHeader> + </PrecompiledHeader> + <WarningLevel>Level3</WarningLevel> + <DebugInformationFormat>ProgramDatabase</DebugInformationFormat> + <UndefinePreprocessorDefinitions>UNICODE</UndefinePreprocessorDefinitions> + </ClCompile> + <ResourceCompile> + <AdditionalIncludeDirectories>$(SOURCEBASE);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> + </ResourceCompile> + <Link> + <AdditionalDependencies>legacy_stdio_definitions.lib;Ncrypt.lib;libeay32.lib;ssleay32.lib;lzo2.lib;pkcs11-helper.dll.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;%(AdditionalDependencies)</AdditionalDependencies> + <AdditionalLibraryDirectories>$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories> + <GenerateDebugInformation>true</GenerateDebugInformation> + <SubSystem>Console</SubSystem> + <OptimizeReferences>true</OptimizeReferences> + <EnableCOMDATFolding>true</EnableCOMDATFolding> + </Link> + </ItemDefinitionGroup> <ItemGroup> <ClCompile Include="argv.c" /> <ClCompile Include="base64.c" /> @@ -112,6 +195,7 @@ <ClCompile Include="crypto.c" /> <ClCompile Include="crypto_openssl.c" /> <ClCompile Include="cryptoapi.c" /> + <ClCompile Include="env_set.c" /> <ClCompile Include="dhcp.c" /> <ClCompile Include="error.c" /> <ClCompile Include="event.c" /> @@ -156,6 +240,7 @@ <ClCompile Include="push.c" /> <ClCompile Include="reliable.c" /> <ClCompile Include="route.c" /> + <ClCompile Include="run_command.c" /> <ClCompile Include="schedule.c" /> <ClCompile Include="session_id.c" /> <ClCompile Include="shaper.c" /> @@ -189,6 +274,7 @@ <ClInclude Include="crypto_openssl.h" /> <ClInclude Include="cryptoapi.h" /> <ClInclude Include="dhcp.h" /> + <ClInclude Include="env_set.h" /> <ClInclude Include="errlevel.h" /> <ClInclude Include="error.h" /> <ClInclude Include="event.h" /> @@ -240,6 +326,7 @@ <ClInclude Include="pushlist.h" /> <ClInclude Include="reliable.h" /> <ClInclude Include="route.h" /> + <ClInclude Include="run_command.h" /> <ClInclude Include="schedule.h" /> <ClInclude Include="session_id.h" /> <ClInclude Include="shaper.h" /> diff --git a/src/openvpn/syshead.h b/src/openvpn/syshead.h index e83f9a3..ced7fdc 100644 --- a/src/openvpn/syshead.h +++ b/src/openvpn/syshead.h @@ -47,6 +47,7 @@ #ifdef _MSC_VER /* Visual Studio */ #define __func__ __FUNCTION__ #define __attribute__(x) +#include <inttypes.h> #endif #if defined(__APPLE__) diff --git a/src/openvpnserv/interactive.c b/src/openvpnserv/interactive.c index 861f5e7..9d459a6 100644 --- a/src/openvpnserv/interactive.c +++ b/src/openvpnserv/interactive.c @@ -24,7 +24,6 @@ #include "service.h" -#include <winsock2.h> #include <ws2tcpip.h> #include <iphlpapi.h> #include <userenv.h> diff --git a/src/openvpnserv/openvpnserv.vcxproj b/src/openvpnserv/openvpnserv.vcxproj index c6760da..9098920 100644 --- a/src/openvpnserv/openvpnserv.vcxproj +++ b/src/openvpnserv/openvpnserv.vcxproj @@ -1,55 +1,89 @@ <?xml version="1.0" encoding="utf-8"?> -<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> +<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> <ItemGroup Label="ProjectConfigurations"> <ProjectConfiguration Include="Debug|Win32"> <Configuration>Debug</Configuration> <Platform>Win32</Platform> </ProjectConfiguration> + <ProjectConfiguration Include="Debug|x64"> + <Configuration>Debug</Configuration> + <Platform>x64</Platform> + </ProjectConfiguration> <ProjectConfiguration Include="Release|Win32"> <Configuration>Release</Configuration> <Platform>Win32</Platform> </ProjectConfiguration> + <ProjectConfiguration Include="Release|x64"> + <Configuration>Release</Configuration> + <Platform>x64</Platform> + </ProjectConfiguration> </ItemGroup> <PropertyGroup Label="Globals"> <ProjectGuid>{9C91EE0B-817D-420A-A1E6-15A5A9D98BAD}</ProjectGuid> <RootNamespace>openvpnserv</RootNamespace> <Keyword>Win32Proj</Keyword> + <WindowsTargetPlatformVersion>10.0.17134.0</WindowsTargetPlatformVersion> </PropertyGroup> <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" /> <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration"> <ConfigurationType>Application</ConfigurationType> <CharacterSet>MultiByte</CharacterSet> <WholeProgramOptimization>true</WholeProgramOptimization> - <PlatformToolset>v120</PlatformToolset> + <PlatformToolset>v141</PlatformToolset> + </PropertyGroup> + <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration"> + <ConfigurationType>Application</ConfigurationType> + <CharacterSet>MultiByte</CharacterSet> + <WholeProgramOptimization>true</WholeProgramOptimization> + <PlatformToolset>v141</PlatformToolset> </PropertyGroup> <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration"> <ConfigurationType>Application</ConfigurationType> <CharacterSet>MultiByte</CharacterSet> - <PlatformToolset>v120</PlatformToolset> + <PlatformToolset>v141</PlatformToolset> + </PropertyGroup> + <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration"> + <ConfigurationType>Application</ConfigurationType> + <CharacterSet>Unicode</CharacterSet> + <PlatformToolset>v141</PlatformToolset> </PropertyGroup> <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" /> <ImportGroup Label="ExtensionSettings"> </ImportGroup> <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets"> <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" /> + <Import Project="..\compat\PropertySheet.props" /> + </ImportGroup> + <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets"> + <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" /> + <Import Project="..\compat\PropertySheet.props" /> </ImportGroup> <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets"> <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" /> + <Import Project="..\compat\PropertySheet.props" /> + </ImportGroup> + <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets"> + <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" /> + <Import Project="..\compat\PropertySheet.props" /> </ImportGroup> <PropertyGroup Label="UserMacros" /> <PropertyGroup> <_ProjectFileVersion>10.0.30319.1</_ProjectFileVersion> <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">$(SolutionDir)$(Platform)-Output\$(Configuration)\</OutDir> + <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(SolutionDir)$(Platform)-Output\$(Configuration)\</OutDir> <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">$(Configuration)\</IntDir> <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</LinkIncremental> + <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</LinkIncremental> <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">$(SolutionDir)$(Platform)-Output\$(Configuration)\</OutDir> + <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(SolutionDir)$(Platform)-Output\$(Configuration)\</OutDir> <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">$(Configuration)\</IntDir> <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</LinkIncremental> + <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</LinkIncremental> </PropertyGroup> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"> <ClCompile> <Optimization>Disabled</Optimization> - <AdditionalIncludeDirectories>$(SOURCEBASE);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> + <AdditionalIncludeDirectories>$(SOURCEBASE);..\..\include;..\openvpn;..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;$(CPPFLAGS);%(PreprocessorDefinitions)</PreprocessorDefinitions> <MinimalRebuild>true</MinimalRebuild> <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks> @@ -63,16 +97,38 @@ <AdditionalIncludeDirectories>$(SOURCEBASE);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> </ResourceCompile> <Link> + <AdditionalDependencies>Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies> <GenerateDebugInformation>true</GenerateDebugInformation> <SubSystem>Console</SubSystem> <TargetMachine>MachineX86</TargetMachine> </Link> </ItemDefinitionGroup> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> + <ClCompile> + <Optimization>Disabled</Optimization> + <AdditionalIncludeDirectories>$(SOURCEBASE);..\..\include;..\openvpn;..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> + <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;$(CPPFLAGS);%(PreprocessorDefinitions)</PreprocessorDefinitions> + <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks> + <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary> + <PrecompiledHeader> + </PrecompiledHeader> + <WarningLevel>Level3</WarningLevel> + <DebugInformationFormat>ProgramDatabase</DebugInformationFormat> + </ClCompile> + <ResourceCompile> + <AdditionalIncludeDirectories>$(SOURCEBASE);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> + </ResourceCompile> + <Link> + <AdditionalDependencies>legacy_stdio_definitions.lib;Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies> + <GenerateDebugInformation>true</GenerateDebugInformation> + <SubSystem>Console</SubSystem> + </Link> + </ItemDefinitionGroup> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"> <ClCompile> <Optimization>MaxSpeed</Optimization> <IntrinsicFunctions>true</IntrinsicFunctions> - <AdditionalIncludeDirectories>$(SOURCEBASE);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> + <AdditionalIncludeDirectories>$(SOURCEBASE);..\..\include;..\openvpn;..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;$(CPPFLAGS);%(PreprocessorDefinitions)</PreprocessorDefinitions> <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary> <FunctionLevelLinking>true</FunctionLevelLinking> @@ -85,6 +141,7 @@ <AdditionalIncludeDirectories>$(SOURCEBASE);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> </ResourceCompile> <Link> + <AdditionalDependencies>Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies> <GenerateDebugInformation>true</GenerateDebugInformation> <SubSystem>Console</SubSystem> <OptimizeReferences>true</OptimizeReferences> @@ -92,12 +149,41 @@ <TargetMachine>MachineX86</TargetMachine> </Link> </ItemDefinitionGroup> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> + <ClCompile> + <Optimization>MaxSpeed</Optimization> + <IntrinsicFunctions>true</IntrinsicFunctions> + <AdditionalIncludeDirectories>$(SOURCEBASE);..\..\include;..\openvpn;..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> + <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary> + <FunctionLevelLinking>true</FunctionLevelLinking> + <PrecompiledHeader> + </PrecompiledHeader> + <WarningLevel>Level3</WarningLevel> + <DebugInformationFormat>ProgramDatabase</DebugInformationFormat> + </ClCompile> + <ResourceCompile> + <AdditionalIncludeDirectories>$(SOURCEBASE);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> + </ResourceCompile> + <Link> + <AdditionalDependencies>legacy_stdio_definitions.lib;Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies> + <GenerateDebugInformation>true</GenerateDebugInformation> + <SubSystem>Console</SubSystem> + <OptimizeReferences>true</OptimizeReferences> + <EnableCOMDATFolding>true</EnableCOMDATFolding> + </Link> + </ItemDefinitionGroup> <ItemGroup> - <ClCompile Include="openvpnserv.c" /> + <ClCompile Include="automatic.c" /> + <ClCompile Include="common.c" /> + <ClCompile Include="interactive.c" /> <ClCompile Include="service.c" /> + <ClCompile Include="validate.c" /> + <ClCompile Include="..\openvpn\block_dns.c" /> </ItemGroup> <ItemGroup> <ClInclude Include="service.h" /> + <ClInclude Include="validate.h" /> + <ClInclude Include="..\openvpn\block_dns.h" /> </ItemGroup> <ItemGroup> <ResourceCompile Include="openvpnserv_resources.rc" /> diff --git a/src/openvpnserv/service.h b/src/openvpnserv/service.h index af8f37f..4d03b88 100644 --- a/src/openvpnserv/service.h +++ b/src/openvpnserv/service.h @@ -30,6 +30,7 @@ #include "config-msvc.h" #endif +#include <winsock2.h> #include <windows.h> #include <stdlib.h> #include <tchar.h> diff --git a/src/openvpnserv/validate.c b/src/openvpnserv/validate.c index 653bd12..91c6a2b 100644 --- a/src/openvpnserv/validate.c +++ b/src/openvpnserv/validate.c @@ -61,6 +61,9 @@ CheckConfigPath(const WCHAR *workdir, const WCHAR *fname, const settings_t *s) WCHAR tmp[MAX_PATH]; const WCHAR *config_file = NULL; const WCHAR *config_dir = NULL; +#ifndef UNICODE + WCHAR widepath[MAX_PATH]; +#endif /* convert fname to full path */ if (PathIsRelativeW(fname) ) -- 2.7.4 

On 27/09/18 22:20, Matthias Andree wrote: [...] >> + msg(M_WARN, "mbed TLS does not support setting tls-ciphersuites. Ignoring TLS 1.3 cipher list: %s", ciphers); >> +} >> + > > Is the blank between mbed and TLS right? Looks so, when seeing what they do on the official web pages: <https://tls.mbed.org/> Seems pretty consistent there. -- kind regards, David Sommerseth OpenVPN Inc 

Hi, On 20/08/18 04:07, Gert Doering wrote: > --topology should have no effect in tap mode (tap is always "subnet"), > but due to the way options are checked, setting "topology subnet" caught > an improper branch on all non-linux and non-win32 platforms. > > Easily tested by adding "--topology subnet" to a "--dev tap" t_client > test. > > Tested, verified, and fixed on FreeBSD 10.4, NetBSD 7.0.1, OpenBSD 6.0, > and OpenSolaris 10. Compile-tested on MacOS X. > > Trac: #1085 > > Signed-off-by: Gert Doering <ge...@gr...> After staring at the code I couldn't identify any issue and the logic followed by the code is not more clear (for what it can be ..). I had a discussion with Gert on IRC and he clarified some doubts I had in a clear manner, therefore I am happy with this patch. Acked-by: Antonio Quartulli <an...@op...> -- Antonio Quartulli 

Hi Arne, I haven't looked at the code, only at strings for now, and I'd like to pick a few nits. Am 26.09.18 um 15:44 schrieb Arne Schwabe: > OpenSSL 1.1.1 introduces a seperate list for TLS 1.3 ciphers. As these > interfaces are meant to be user facing or not exposed at all and we > expose the tls-cipher interface, we should also expose tls-cipherlist. > [...] > index 15a10296..0b44a29d 100644 > --- a/doc/openvpn.8 > +++ b/doc/openvpn.8 > @@ -5001,11 +5001,13 @@ determines the derivation of the tunnel session keys. > .\"********************************************************* > .TP > .B \-\-tls\-cipher l > +.TQ > +.B \-\-tls\-ciphersuites l > A list > .B l > of allowable TLS ciphers delimited by a colon (":"). > > -This setting can be used to ensure that certain cipher suites are used (or > +These setting can be used to ensure that certain cipher suites are used (or These setting_s_ ... > not used) for the TLS connection. OpenVPN uses TLS to secure the control > channel, over which the keys that are used to protect the actual VPN traffic > are exchanged. > @@ -5014,13 +5016,24 @@ The supplied list of ciphers is (after potential OpenSSL/IANA name translation) > simply supplied to the crypto library. Please see the OpenSSL and/or mbed TLS > documentation for details on the cipher list interpretation. > > +For OpenSSL the add a comma before "the" > +.B \-\-tls-cipher > +is used for TLS 1.2 and below. For TLS 1.3 and up add a comma at the end. > +the > +.B \-\-tls\-ciphersuites > +setting is used. mbed TLS has no TLS 1.3 support yet and only the > +.B \-\-tls-cipher > +setting is used. > + > Use > .B \-\-show\-tls > to see a list of TLS ciphers supported by your crypto library. > > Warning! > .B \-\-tls\-cipher > -is an expert feature, which \- if used correcly \- can improve the security of > +and > +.B \-\-tls\-ciphersuites > +are expert features, which \- if used correcly \- can improve the security of > your VPN connection. But it is also easy to unwittingly use it to carefully ...use _them_... > + msg(M_WARN, "mbed TLS does not support setting tls-ciphersuites. Ignoring TLS 1.3 cipher list: %s", ciphers); > +} > + Is the blank between mbed and TLS right? Cheers, Matthias 

Your patch has been applied to the master branch. commit 5544f47b0eb31e516aa8afbb68579e35e69cf7e7 Author: Steffan Karger Date: Wed Sep 26 21:27:06 2018 +0200 Fix memory leak in SSL_CTX_use_certificate Signed-off-by: Steffan Karger <st...@ka...> Acked-by: Arne Schwabe <ar...@rf...> Message-Id: <201...@ka...> Signed-off-by: Gert Doering <ge...@gr...> -- kind regards, Gert Doering 

Am 26.09.18 um 21:27 schrieb Steffan Karger: > Commit 98bfeeb4 introduced a memory leak in SSL_CTX_use_certificate by > removing the "if(x509) { ... }" bit while not changing the > "else if(x) {}" right after to an "if(x) {}". Hmpf, I should have spotted that. Acked-By: Arne Schwabe <ar...@rf...> Arne 

Commit 98bfeeb4 introduced a memory leak in SSL_CTX_use_certificate by removing the "if(x509) { ... }" bit while not changing the "else if(x) {}" right after to an "if(x) {}". Signed-off-by: Steffan Karger <st...@ka...> --- src/openvpn/ssl_openssl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c index d9bc9d74..fe4db604 100644 --- a/src/openvpn/ssl_openssl.c +++ b/src/openvpn/ssl_openssl.c @@ -855,7 +855,7 @@ end: { BIO_free(in); } - else if (x) + if (x) { X509_free(x); } -- 2.17.1 

OpenSSL 1.1.1 introduces a seperate list for TLS 1.3 ciphers. As these interfaces are meant to be user facing or not exposed at all and we expose the tls-cipher interface, we should also expose tls-cipherlist. Combining both settings into tls-cipher would add a lot of glue logic that needs to be maintained and is error prone. On top of that, users should not set either settings unless absolutely required. OpenSSL's own s_client/s_server also expose both settings and I believe most other software will too: -cipher val Specify TLSv1.2 and below cipher list to be used -ciphersuites val Specify TLSv1.3 ciphersuites to be used For mbed TLS only the future can tell if we will see a combined or also two seperate lists. --- doc/openvpn.8 | 19 ++++- src/openvpn/options.c | 7 ++ src/openvpn/options.h | 1 + src/openvpn/ssl.c | 3 +- src/openvpn/ssl_backend.h | 13 ++- src/openvpn/ssl_mbedtls.c | 12 +++ src/openvpn/ssl_openssl.c | 167 +++++++++++++++++++++++--------------- 7 files changed, 151 insertions(+), 71 deletions(-) diff --git a/doc/openvpn.8 b/doc/openvpn.8 index 15a10296..0b44a29d 100644 --- a/doc/openvpn.8 +++ b/doc/openvpn.8 @@ -5001,11 +5001,13 @@ determines the derivation of the tunnel session keys. .\"********************************************************* .TP .B \-\-tls\-cipher l +.TQ +.B \-\-tls\-ciphersuites l A list .B l of allowable TLS ciphers delimited by a colon (":"). -This setting can be used to ensure that certain cipher suites are used (or +These setting can be used to ensure that certain cipher suites are used (or not used) for the TLS connection. OpenVPN uses TLS to secure the control channel, over which the keys that are used to protect the actual VPN traffic are exchanged. @@ -5014,13 +5016,24 @@ The supplied list of ciphers is (after potential OpenSSL/IANA name translation) simply supplied to the crypto library. Please see the OpenSSL and/or mbed TLS documentation for details on the cipher list interpretation. +For OpenSSL the +.B \-\-tls-cipher +is used for TLS 1.2 and below. For TLS 1.3 and up +the +.B \-\-tls\-ciphersuites +setting is used. mbed TLS has no TLS 1.3 support yet and only the +.B \-\-tls-cipher +setting is used. + Use .B \-\-show\-tls to see a list of TLS ciphers supported by your crypto library. Warning! .B \-\-tls\-cipher -is an expert feature, which \- if used correcly \- can improve the security of +and +.B \-\-tls\-ciphersuites +are expert features, which \- if used correcly \- can improve the security of your VPN connection. But it is also easy to unwittingly use it to carefully align a gun with your foot, or just break your connection. Use with care! @@ -5028,6 +5041,8 @@ The default for \-\-tls\-cipher is to use mbed TLS's default cipher list when using mbed TLS or "DEFAULT:!EXP:!LOW:!MEDIUM:!kDH:!kECDH:!DSS:!PSK:!SRP:!kRSA" when using OpenSSL. + +The default for \-\-tls\-ciphersuites is to use the crypto library's default. .\"********************************************************* .TP .B \-\-tls\-cert\-profile profile diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 03550c1e..a574c9f9 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -1766,6 +1766,7 @@ show_settings(const struct options *o) #endif SHOW_STR(cipher_list); SHOW_STR(tls_cert_profile); + SHOW_STR(cipher_list_tls13); SHOW_STR(tls_verify); SHOW_STR(tls_export_cert); SHOW_INT(verify_x509_type); @@ -2759,6 +2760,7 @@ options_postprocess_verify_ce(const struct options *options, const struct connec MUST_BE_UNDEF(pkcs12_file); #endif MUST_BE_UNDEF(cipher_list); + MUST_BE_UNDEF(cipher_list_tls13); MUST_BE_UNDEF(tls_cert_profile); MUST_BE_UNDEF(tls_verify); MUST_BE_UNDEF(tls_export_cert); @@ -7948,6 +7950,11 @@ add_option(struct options *options, VERIFY_PERMISSION(OPT_P_GENERAL); options->tls_cert_profile = p[1]; } + else if (streq(p[0], "tls-ciphersuites") && p[1] && !p[2]) + { + VERIFY_PERMISSION(OPT_P_GENERAL); + options->cipher_list_tls13 = p[1]; + } else if (streq(p[0], "crl-verify") && p[1] && ((p[2] && streq(p[2], "dir")) || (p[2] && streq(p[1], INLINE_FILE_TAG) ) || !p[2]) && !p[3]) { diff --git a/src/openvpn/options.h b/src/openvpn/options.h index 4c3bc4fb..3e7ef4f8 100644 --- a/src/openvpn/options.h +++ b/src/openvpn/options.h @@ -508,6 +508,7 @@ struct options const char *priv_key_file; const char *pkcs12_file; const char *cipher_list; + const char *cipher_list_tls13; const char *tls_cert_profile; const char *ecdh_curve; const char *tls_verify; diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index e5e4aac2..616c2696 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -626,9 +626,10 @@ init_ssl(const struct options *options, struct tls_root_ctx *new_ctx) tls_ctx_set_cert_profile(new_ctx, options->tls_cert_profile); /* Allowable ciphers */ - /* Since @SECLEVEL also influces loading of certificates, set the + /* Since @SECLEVEL also influences loading of certificates, set the * cipher restrictions before loading certificates */ tls_ctx_restrict_ciphers(new_ctx, options->cipher_list); + tls_ctx_restrict_ciphers_tls13(new_ctx, options->cipher_list_tls13); if (!tls_ctx_set_options(new_ctx, options->ssl_flags)) { diff --git a/src/openvpn/ssl_backend.h b/src/openvpn/ssl_backend.h index 5023c02a..0995bb4c 100644 --- a/src/openvpn/ssl_backend.h +++ b/src/openvpn/ssl_backend.h @@ -169,7 +169,8 @@ bool tls_ctx_initialised(struct tls_root_ctx *ctx); bool tls_ctx_set_options(struct tls_root_ctx *ctx, unsigned int ssl_flags); /** - * Restrict the list of ciphers that can be used within the TLS context. + * Restrict the list of ciphers that can be used within the TLS context for TLS 1.2 + * and below * * @param ctx TLS context to restrict, must be valid. * @param ciphers String containing : delimited cipher names, or NULL to use @@ -177,6 +178,16 @@ bool tls_ctx_set_options(struct tls_root_ctx *ctx, unsigned int ssl_flags); */ void tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers); +/** + * Restrict the list of ciphers that can be used within the TLS context for TLS 1.3 + * and higher + * + * @param ctx TLS context to restrict, must be valid. + * @param ciphers String containing : delimited cipher names, or NULL to use + * sane defaults. + */ +void tls_ctx_restrict_ciphers_tls13(struct tls_root_ctx *ctx, const char *ciphers); + /** * Set the TLS certificate profile. The profile defines which crypto * algorithms may be used in the supplied certificate. diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c index e4850cb6..7c578a90 100644 --- a/src/openvpn/ssl_mbedtls.c +++ b/src/openvpn/ssl_mbedtls.c @@ -222,6 +222,18 @@ tls_translate_cipher_name(const char *cipher_name) return pair->iana_name; } +void +tls_ctx_restrict_ciphers_tls13(struct tls_root_ctx *ctx, const char *ciphers) +{ + if (ciphers == NULL) + { + /* Nothing to do, return without warning message */ + return; + } + + msg(M_WARN, "mbed TLS does not support setting tls-ciphersuites. Ignoring TLS 1.3 cipher list: %s", ciphers); +} + void tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers) { diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c index 51bb6843..e3fb097f 100644 --- a/src/openvpn/ssl_openssl.c +++ b/src/openvpn/ssl_openssl.c @@ -322,6 +322,105 @@ tls_ctx_set_options(struct tls_root_ctx *ctx, unsigned int ssl_flags) return true; } +void +convert_tls_list_to_openssl(char* openssl_ciphers, size_t len,const char *ciphers) +{ + /* Parse supplied cipher list and pass on to OpenSSL */ + size_t begin_of_cipher, end_of_cipher; + + const char *current_cipher; + size_t current_cipher_len; + + const tls_cipher_name_pair *cipher_pair; + + size_t openssl_ciphers_len = 0; + openssl_ciphers[0] = '\0'; + + /* Translate IANA cipher suite names to OpenSSL names */ + begin_of_cipher = end_of_cipher = 0; + for (; begin_of_cipher < strlen(ciphers); begin_of_cipher = end_of_cipher) + { + end_of_cipher += strcspn(&ciphers[begin_of_cipher], ":"); + cipher_pair = tls_get_cipher_name_pair(&ciphers[begin_of_cipher], end_of_cipher - begin_of_cipher); + + if (NULL == cipher_pair) + { + /* No translation found, use original */ + current_cipher = &ciphers[begin_of_cipher]; + current_cipher_len = end_of_cipher - begin_of_cipher; + + /* Issue warning on missing translation */ + /* %.*s format specifier expects length of type int, so guarantee */ + /* that length is small enough and cast to int. */ + msg(D_LOW, "No valid translation found for TLS cipher '%.*s'", + constrain_int(current_cipher_len, 0, 256), current_cipher); + } + else + { + /* Use OpenSSL name */ + current_cipher = cipher_pair->openssl_name; + current_cipher_len = strlen(current_cipher); + + if (end_of_cipher - begin_of_cipher == current_cipher_len + && 0 != memcmp(&ciphers[begin_of_cipher], cipher_pair->iana_name, + end_of_cipher - begin_of_cipher)) + { + /* Non-IANA name used, show warning */ + msg(M_WARN, "Deprecated TLS cipher name '%s', please use IANA name '%s'", cipher_pair->openssl_name, cipher_pair->iana_name); + } + } + + /* Make sure new cipher name fits in cipher string */ + if ((SIZE_MAX - openssl_ciphers_len) < current_cipher_len + || (len - 1) < (openssl_ciphers_len + current_cipher_len)) + { + msg(M_FATAL, + "Failed to set restricted TLS cipher list, too long (>%d).", + (int)(len - 1)); + } + + /* Concatenate cipher name to OpenSSL cipher string */ + memcpy(&openssl_ciphers[openssl_ciphers_len], current_cipher, current_cipher_len); + openssl_ciphers_len += current_cipher_len; + openssl_ciphers[openssl_ciphers_len] = ':'; + openssl_ciphers_len++; + + end_of_cipher++; + } + + if (openssl_ciphers_len > 0) + { + openssl_ciphers[openssl_ciphers_len-1] = '\0'; + } +} + +void +tls_ctx_restrict_ciphers_tls13(struct tls_root_ctx *ctx, const char *ciphers) +{ + if (ciphers == NULL) + { + /* default cipher list of OpenSSL 1.1.1 is sane, do not set own own + * default as we do with tls-cipher */ + return; + } + +#if (OPENSSL_VERSION_NUMBER < 0x1010100fL) + crypto_msg(M_WARN, "Not compiled with OpenSSL 1.1.1 or higher. " + "Ignoring TLS 1.3 only tls-ciphersuites '%s' setting.", + ciphers); +#else + ASSERT(NULL != ctx); + + char openssl_ciphers[4096]; + convert_tls_list_to_openssl(openssl_ciphers, sizeof(openssl_ciphers), ciphers); + + if (!SSL_CTX_set_ciphersuites(ctx->ctx, openssl_ciphers)) + { + crypto_msg(M_FATAL, "Failed to set restricted TLS 1.3 cipher list: %s", openssl_ciphers); + } +#endif +} + void tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers) { @@ -345,77 +444,11 @@ tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers) return; } - /* Parse supplied cipher list and pass on to OpenSSL */ - size_t begin_of_cipher, end_of_cipher; - - const char *current_cipher; - size_t current_cipher_len; - - const tls_cipher_name_pair *cipher_pair; - char openssl_ciphers[4096]; - size_t openssl_ciphers_len = 0; - openssl_ciphers[0] = '\0'; + convert_tls_list_to_openssl(openssl_ciphers, sizeof(openssl_ciphers), ciphers); ASSERT(NULL != ctx); - /* Translate IANA cipher suite names to OpenSSL names */ - begin_of_cipher = end_of_cipher = 0; - for (; begin_of_cipher < strlen(ciphers); begin_of_cipher = end_of_cipher) - { - end_of_cipher += strcspn(&ciphers[begin_of_cipher], ":"); - cipher_pair = tls_get_cipher_name_pair(&ciphers[begin_of_cipher], end_of_cipher - begin_of_cipher); - - if (NULL == cipher_pair) - { - /* No translation found, use original */ - current_cipher = &ciphers[begin_of_cipher]; - current_cipher_len = end_of_cipher - begin_of_cipher; - - /* Issue warning on missing translation */ - /* %.*s format specifier expects length of type int, so guarantee */ - /* that length is small enough and cast to int. */ - msg(D_LOW, "No valid translation found for TLS cipher '%.*s'", - constrain_int(current_cipher_len, 0, 256), current_cipher); - } - else - { - /* Use OpenSSL name */ - current_cipher = cipher_pair->openssl_name; - current_cipher_len = strlen(current_cipher); - - if (end_of_cipher - begin_of_cipher == current_cipher_len - && 0 != memcmp(&ciphers[begin_of_cipher], cipher_pair->iana_name, - end_of_cipher - begin_of_cipher)) - { - /* Non-IANA name used, show warning */ - msg(M_WARN, "Deprecated TLS cipher name '%s', please use IANA name '%s'", cipher_pair->openssl_name, cipher_pair->iana_name); - } - } - - /* Make sure new cipher name fits in cipher string */ - if ((SIZE_MAX - openssl_ciphers_len) < current_cipher_len - || ((sizeof(openssl_ciphers)-1) < openssl_ciphers_len + current_cipher_len)) - { - msg(M_FATAL, - "Failed to set restricted TLS cipher list, too long (>%d).", - (int)sizeof(openssl_ciphers)-1); - } - - /* Concatenate cipher name to OpenSSL cipher string */ - memcpy(&openssl_ciphers[openssl_ciphers_len], current_cipher, current_cipher_len); - openssl_ciphers_len += current_cipher_len; - openssl_ciphers[openssl_ciphers_len] = ':'; - openssl_ciphers_len++; - - end_of_cipher++; - } - - if (openssl_ciphers_len > 0) - { - openssl_ciphers[openssl_ciphers_len-1] = '\0'; - } - /* Set OpenSSL cipher list */ if (!SSL_CTX_set_cipher_list(ctx->ctx, openssl_ciphers)) { -- 2.19.0 

In my tests an OpenSSL 1.1.1 server does not accept TLS 1.0 only clients anymore. Unfortunately, Debian 8 still has OpenVPN 2.3.4, which is TLS 1.0 only without setting tls-version-min. We currently log only OpenSSL: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol which indicates the right technical error but is not very helpful to a person without deep knowledge in SSL/TLS and OpenVPN's TLS version history. This commit adds a hopefully helpful message and also tells users how to fix the old Debian 8 clients. The error message will be displayed on the server side only. Note that connecting with an OpenSSL 1.1.1 client to a TLS 1.0 only server works fine. This behaviour is also not specific to OpenVPN. Using an openssl s_client with the -tls1 option against an openssl s_server exhibits the same behaviour. Patch V2: fixed message grammar, use tls-version-min 1.0 and clarify 2.3.6 and older to be actually between 2.3.2 and 2.3.6 --- src/openvpn/crypto_openssl.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c index 9ec2048d..43d75b89 100644 --- a/src/openvpn/crypto_openssl.c +++ b/src/openvpn/crypto_openssl.c @@ -199,7 +199,16 @@ crypto_print_openssl_errors(const unsigned int flags) "in common with the client. Your --tls-cipher setting might be " "too restrictive."); } - + else if (ERR_GET_REASON(err) == SSL_R_UNSUPPORTED_PROTOCOL) + { + msg(D_CRYPT_ERRORS, "TLS error: Unsupported protocol. This typically " + "indicates that client and server have no common TLS version enabled. " + "This can be caused by mismatched tls-version-min and tls-version-max " + "options on client and server. " + "If your OpenVPN client is between v2.3.6 and v2.3.2 try adding " + "tls-version-min 1.0 to the client configuration to use TLS 1.0+ " + "instead of TLS 1.0 only"); + } msg(flags, "OpenSSL: %s", ERR_error_string(err, NULL)); } } -- 2.19.0 

Am 26.09.18 um 08:52 schrieb Antonio Quartulli: > Hi, > > On 26/09/18 06:19, Arne Schwabe wrote: >> Am 25.09.18 um 16:31 schrieb David Sommerseth: >>> On 25/09/18 14:48, Arne Schwabe wrote: >>>> In my tests an OpenSSL 1.1.1 server does not accept TLS 1.0 only clients >>>> anymore. Unfortunately, Debian 8 still has OpenVPN 2.3.4, which is >>>> TLS 1.0 only without setting tls-version-min. >>>> >>>> We currently log only >>>> OpenSSL: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol >>>> which indicates the right technical error but is not very helpful to a >>>> person without deep knowledge in SSL/TLS and OpenVPN's TLS version >>>> history. >>>> >>>> This commit adds a hopefully helpful message and also tells users how >>>> to fix the old Debian 8 clients. >>>> --- >>>> src/openvpn/crypto_openssl.c | 10 +++++++++- >>>> 1 file changed, 9 insertions(+), 1 deletion(-) >>>> >>>> diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c >>>> index 9ec2048d..3360bb19 100644 >>>> --- a/src/openvpn/crypto_openssl.c >>>> +++ b/src/openvpn/crypto_openssl.c >>>> @@ -199,7 +199,15 @@ crypto_print_openssl_errors(const unsigned int flags) >>>> "in common with the client. Your --tls-cipher setting might be " >>>> "too restrictive."); >>>> } >>>> - >>>> + else if (ERR_GET_REASON(err) == SSL_R_UNSUPPORTED_PROTOCOL) >>>> + { >>>> + msg(D_CRYPT_ERRORS, "TLS error: Unsupported protocol. This typically " >>>> + "indicates that client and server have no common TLS version enabled. " >>>> + "This can be caused by mismatched tls-version-min and tls-version-max options " >>>> + "on client and server. " >>>> + "If your client is 2.3.6 or older consider adding tls-version 1.1" >>>> + "to the the configuration to use TLS 1.1+ instead of TLS 1.0 only"); >>> >>> >>> Good advice in the log. But should this be added in the local or remote >>> configuration? It is the 2.3.6 reference which makes it confusing for me, >>> otherwise I would have interpreted this as the local side where this warning >>> occurs. So this could be clearer. >> >> 2.3.7 is the first version of OpenVPN which enables TLS 1.0+ instead TLS >> 1.0 only by default. See this commit by Steffan: >> >> https://github.com/OpenVPN/openvpn/commit/8dc6ed28941cb9b9167e0b466e96b5f11359eb59 >> > > I think the problem is: we apply this patch to the latest 2.3.x release, > so it will never appear on "2.3.6 or older" clients. > Hence, does it really make sense to print that particular sentence? This appears in the server log when a 2.3.6 client or older tries to connect to a server that has OpenSSL 1.1.1. I am not sure that OpenVPN 2.3.x has OpenSSL 1.1 support. Arne 

Hi, Here's the summary of the IRC meeting. --- COMMUNITY MEETING Place: #openvpn-meeting on irc.freenode.net Date: Wednesday 26th Sep 2018 Time: 11:30 CEST (9:30 UTC) Planned meeting topics for this meeting were here: <https://community.openvpn.net/openvpn/wiki/Topics-2018-09-26> The next meeting has not been scheduled yet. Your local meeting time is easy to check from services such as <http://www.timeanddate.com/worldclock> SUMMARY cron2, dazo, lev, mattock, ordex, plaisthos, syzzer and tincantech participated in this meeting. -- Discussed tap-windows6 release and HLK testing. An outsourcing company is currently HLK testing the driver, but they are probably unable to fix some of the issues. OpenVPN Inc. may have to hire a Windows kernel driver developer to resolve those issues, after which we can make HLK tests pass, get WHQL certification and finally release a driver that loads on Windows Server 2016 and later. Mattock will discuss this topic in an internal meeting the upcoming Friday. -- Discussed the Lviv hackathon: https://community.openvpn.net/openvpn/wiki/LvivHackathon2018 Agreed that the focus should be on "what should go in to OpenVPN 2.5". It was agreed that being in sync with Debian 10's release cycle would be good: https://lists.debian.org/debian-devel-announce/2018/04/msg00006.html However, it will be a tough deadline to meet due to the number of potential features: https://community.openvpn.net/openvpn/wiki/StatusOfOpenvpn25 Dazo and mattock will try to get more focus on 2.5 from OpenVPN Inc's developers. -- Discussed tap-windows6 in relation to the new Windows VPN API. It was agreed that we can't migrate away from tap-windows6 any time soon, plus the VPN API only works with "modern" apps. OpenVPN Inc has written a proprietary OpenVPN 3-based "modern" app that uses the VPN API, but it is still in beta in Windows Marketplace. Plus there are glitches in the VPN API itself. -- Full chatlog attached. -- Samuli Seppänen Community Manager OpenVPN Technologies, Inc irc freenode net: mattock 

Cursory review, way too much crypto / too little time for me to say "I understand the changes". But nothing that looks obviously erroneous. Trusting Arne, Steffan and my t_client tests on this :-) Your patch has been applied to the master branch. commit 03c8bfc90fbc63007f62d3ed165942d149225551 Author: Steffan Karger Date: Fri Sep 14 11:14:19 2018 +0200 mbedtls: remove dependency on mbedtls pkcs11 module Signed-off-by: Steffan Karger <ste...@fo...> Acked-by: Arne Schwabe <ar...@rf...> Message-Id: <153...@fo...> URL: https://www.mail-archive.com/ope...@li.../msg17463.html Signed-off-by: Gert Doering <ge...@gr...> -- kind regards, Gert Doering 

Tested with a mbedTLS "t_client" run, but no "external key" tests here - trusting Arne and Steffan on this. Cursory review. Your patch has been applied to the master branch. commit 03defa3b29eafc954304532d766aff11712ff9de Author: Steffan Karger Date: Fri Sep 14 11:14:18 2018 +0200 mbedtls: make external signing code generic Signed-off-by: Steffan Karger <ste...@fo...> Acked-by: Arne Schwabe <ar...@rf...> Message-Id: <153...@fo...> URL: https://www.mail-archive.com/ope...@li.../msg17465.html Signed-off-by: Gert Doering <ge...@gr...> -- kind regards, Gert Doering 

Your patch has been applied to the master branch. I have only done a very cursory sanity check, plus test build (of course, mbedtls + openssl), and fixed one funky indentation artefact (8 spaces plus a tab in the very last change). commit 73513aaa301e9e9413b6156ed263dd27f8fad7fd Author: Steffan Karger Date: Fri Sep 14 11:14:17 2018 +0200 Do not load certificate from tls_ctx_use_external_private_key() Signed-off-by: Steffan Karger <ste...@fo...> Acked-by: Arne Schwabe <ar...@rf...> Message-Id: <153...@fo...> URL: https://www.mail-archive.com/ope...@li.../msg17464.html Signed-off-by: Gert Doering <ge...@gr...> -- kind regards, Gert Doering