Menu ▾ ▴
openvpn-devel — OpenVPN developers list
You can subscribe to this list here.
| 2002 | Jan | Feb | Mar | Apr (24) | May (14) | Jun (29) | Jul (33) | Aug (3) | Sep (8) | Oct (18) | Nov (1) | Dec (10) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2003 | Jan (3) | Feb (33) | Mar (7) | Apr (28) | May (30) | Jun (5) | Jul (10) | Aug (7) | Sep (32) | Oct (41) | Nov (20) | Dec (10) |
| 2004 | Jan (24) | Feb (18) | Mar (57) | Apr (40) | May (55) | Jun (48) | Jul (77) | Aug (15) | Sep (56) | Oct (80) | Nov (74) | Dec (52) |
| 2005 | Jan (38) | Feb (42) | Mar (39) | Apr (56) | May (79) | Jun (73) | Jul (16) | Aug (23) | Sep (68) | Oct (77) | Nov (52) | Dec (27) |
| 2006 | Jan (27) | Feb (18) | Mar (51) | Apr (62) | May (28) | Jun (50) | Jul (36) | Aug (33) | Sep (47) | Oct (50) | Nov (77) | Dec (13) |
| 2007 | Jan (15) | Feb (8) | Mar (14) | Apr (18) | May (25) | Jun (16) | Jul (16) | Aug (19) | Sep (32) | Oct (17) | Nov (5) | Dec (5) |
| 2008 | Jan (64) | Feb (25) | Mar (25) | Apr (6) | May (28) | Jun (20) | Jul (10) | Aug (27) | Sep (28) | Oct (59) | Nov (37) | Dec (43) |
| 2009 | Jan (40) | Feb (25) | Mar (12) | Apr (57) | May (46) | Jun (29) | Jul (39) | Aug (10) | Sep (20) | Oct (42) | Nov (50) | Dec (57) |
| 2010 | Jan (82) | Feb (165) | Mar (256) | Apr (260) | May (36) | Jun (87) | Jul (53) | Aug (89) | Sep (107) | Oct (51) | Nov (88) | Dec (117) |
| 2011 | Jan (69) | Feb (60) | Mar (113) | Apr (71) | May (67) | Jun (90) | Jul (88) | Aug (90) | Sep (48) | Oct (64) | Nov (69) | Dec (118) |
| 2012 | Jan (49) | Feb (528) | Mar (351) | Apr (190) | May (238) | Jun (193) | Jul (104) | Aug (100) | Sep (57) | Oct (41) | Nov (47) | Dec (51) |
| 2013 | Jan (94) | Feb (57) | Mar (96) | Apr (105) | May (77) | Jun (102) | Jul (27) | Aug (81) | Sep (32) | Oct (53) | Nov (127) | Dec (65) |
| 2014 | Jan (113) | Feb (59) | Mar (104) | Apr (259) | May (70) | Jun (70) | Jul (146) | Aug (45) | Sep (58) | Oct (149) | Nov (77) | Dec (83) |
| 2015 | Jan (53) | Feb (66) | Mar (86) | Apr (50) | May (135) | Jun (76) | Jul (151) | Aug (83) | Sep (97) | Oct (262) | Nov (245) | Dec (231) |
| 2016 | Jan (131) | Feb (233) | Mar (97) | Apr (138) | May (221) | Jun (254) | Jul (92) | Aug (248) | Sep (168) | Oct (275) | Nov (477) | Dec (445) |
| 2017 | Jan (218) | Feb (217) | Mar (146) | Apr (172) | May (216) | Jun (252) | Jul (164) | Aug (192) | Sep (190) | Oct (143) | Nov (255) | Dec (182) |
| 2018 | Jan (295) | Feb (164) | Mar (113) | Apr (147) | May (64) | Jun (262) | Jul (184) | Aug (90) | Sep (69) | Oct (364) | Nov (102) | Dec (101) |
| 2019 | Jan (119) | Feb (64) | Mar (64) | Apr (102) | May (57) | Jun (154) | Jul (84) | Aug (81) | Sep (76) | Oct (102) | Nov (233) | Dec (89) |
| 2020 | Jan (38) | Feb (170) | Mar (155) | Apr (172) | May (120) | Jun (223) | Jul (461) | Aug (227) | Sep (268) | Oct (113) | Nov (56) | Dec (124) |
| 2021 | Jan (121) | Feb (48) | Mar (334) | Apr (345) | May (207) | Jun (136) | Jul (71) | Aug (112) | Sep (122) | Oct (173) | Nov (184) | Dec (223) |
| 2022 | Jan (197) | Feb (206) | Mar (156) | Apr (212) | May (192) | Jun (170) | Jul (143) | Aug (380) | Sep (182) | Oct (148) | Nov (128) | Dec (269) |
| 2023 | Jan (248) | Feb (196) | Mar (264) | Apr (36) | May (123) | Jun (66) | Jul (120) | Aug (48) | Sep (157) | Oct (198) | Nov (300) | Dec (273) |
| 2024 | Jan (271) | Feb (147) | Mar (207) | Apr (78) | May (107) | Jun (168) | Jul (151) | Aug (51) | Sep (438) | Oct (221) | Nov (302) | Dec (357) |
| 2025 | Jan (451) | Feb (219) | Mar (326) | Apr (232) | May (306) | Jun (181) | Jul (452) | Aug (282) | Sep (620) | Oct (793) | Nov (682) | Dec |
| S | M | T | W | T | F | S |
|---|---|---|---|---|---|---|
| | | | | | 1 | 2 |
| 3 | 4 (4) | 5 (2) | 6 | 7 (5) | 8 (4) | 9 (2) |
| 10 (1) | 11 | 12 (1) | 13 | 14 (2) | 15 (3) | 16 |
| 17 | 18 (3) | 19 | 20 (13) | 21 | 22 (3) | 23 (1) |
| 24 | 25 | 26 | 27 (1) | 28 | 29 | 30 |
| 31 | | | | | | |
| From: randy b. <mom...@ya...> - 2014-08-08 18:58:06 |
my vpn does not stay connected. I have to do it myself, sometimes that does not work. On Friday, August 8, 2014 4:12 AM, "ope...@li..." <ope...@li...> wrote: Send Openvpn-devel mailing list submissions to ope...@li... To subscribe or unsubscribe via the World Wide Web, visit https://lists.sourceforge.net/lists/listinfo/openvpn-devel or, via email, send a message with subject or body 'help' to ope...@li... You can reach the person managing the list at ope...@li... When replying, please edit your Subject line so it is more specific than "Re: Contents of Openvpn-devel digest..." Today's Topics: 1. new OpenSSL Security Advisories (Mike Tancsa) 2. Re: new OpenSSL Security Advisories (Steffan Karger) 3. [PATCH] Tease apart ipv6 and ipv4 ifconfig code. (Gavin Shrubbery) 4. Impact of latest OpenSSL vulnerabilities to OpenVPN (Samuli Sepp?nen) 5. Re: Impact of latest OpenSSL vulnerabilities to OpenVPN (Samuli Sepp?nen) ---------------------------------------------------------------------- Message: 1 Date: Thu, 07 Aug 2014 17:11:47 -0400 From: Mike Tancsa <mi...@se...> Subject: [Openvpn-devel] new OpenSSL Security Advisories To: "ope...@li..." <ope...@li...> Message-ID: <53E...@se...> Content-Type: text/plain; charset=utf-8; format=flowed Has anyone had a chance to evaluate the latest security issues and how they might impact OpenVPN ? https://www.openssl.org/news/secadv_20140806.txt -- ------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mi...@se... Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ ------------------------------ Message: 2 Date: Thu, 07 Aug 2014 23:33:02 +0200 From: Steffan Karger <st...@ka...> Subject: Re: [Openvpn-devel] new OpenSSL Security Advisories To: ope...@li... Message-ID: <53E...@ka...> Content-Type: text/plain; charset=windows-1252 Hi, On 07-08-14 23:11, Mike Tancsa wrote: > Has anyone had a chance to evaluate the latest security issues and how > they might impact OpenVPN ? > > https://www.openssl.org/news/secadv_20140806.txt Yes, announcement on the wiki: https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenSSL1.0.1i tl;dr: You're probably not affected. -Steffan ------------------------------ Message: 3 Date: Fri, 8 Aug 2014 11:10:32 +1200 From: Gavin Shrubbery <gav...@gm...> Subject: [Openvpn-devel] [PATCH] Tease apart ipv6 and ipv4 ifconfig code. To: ope...@li... Message-ID: <140...@gm...> This change makes it possible to configure an IPv6 address on a tunnel without also having an IPv4 address. Signed-off-by: Gavin Shrubbery <gav...@gm...> --- src/openvpn/tun.c | 367 +++++++++++++++++++++++++++--------------------------- 1 file changed, 183 insertions(+), 184 deletions(-) diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c index ba4b15e..d1a8a03 100644 --- a/src/openvpn/tun.c +++ b/src/openvpn/tun.c @@ -634,16 +634,10 @@ do_ifconfig (struct tuntap *tt, const char *ifconfig_local = NULL; const char *ifconfig_remote_netmask = NULL; const char *ifconfig_broadcast = NULL; - const char *ifconfig_ipv6_local = NULL; - const char *ifconfig_ipv6_remote = NULL; - bool do_ipv6 = false; struct argv argv; argv_init (&argv); - msg( M_INFO, "do_ifconfig, tt->ipv6=%d, tt->did_ifconfig_ipv6_setup=%d", - tt->ipv6, tt->did_ifconfig_ipv6_setup ); - /* * We only handle TUN/TAP devices here, not --dev null devices. */ @@ -655,13 +649,6 @@ do_ifconfig (struct tuntap *tt, ifconfig_local = print_in_addr_t (tt->local, 0, &gc); ifconfig_remote_netmask = print_in_addr_t (tt->remote_netmask, 0, &gc); - if ( tt->ipv6 && tt->did_ifconfig_ipv6_setup ) - { - ifconfig_ipv6_local = print_in6_addr (tt->local_ipv6, 0, &gc); - ifconfig_ipv6_remote = print_in6_addr (tt->remote_ipv6, 0, &gc); - do_ipv6 = true; - } - /* * If TAP-style device, generate broadcast address. */ @@ -679,7 +666,6 @@ do_ifconfig (struct tuntap *tt, } #endif - #if defined(TARGET_LINUX) #ifdef ENABLE_IPROUTE /* @@ -720,19 +706,6 @@ do_ifconfig (struct tuntap *tt, argv_msg (M_INFO, &argv); openvpn_execve_check (&argv, es, S_FATAL, "Linux ip addr add failed"); } - if ( do_ipv6 ) - { - argv_printf( &argv, - "%s -6 addr add %s/%d dev %s", - iproute_path, - ifconfig_ipv6_local, - tt->netbits_ipv6, - actual - ); - argv_msg (M_INFO, &argv); - openvpn_execve_check (&argv, es, S_FATAL, "Linux ip -6 addr add failed"); - } - tt->did_ifconfig = true; #else if (tun) argv_printf (&argv, @@ -755,21 +728,8 @@ do_ifconfig (struct tuntap *tt, ); argv_msg (M_INFO, &argv); openvpn_execve_check (&argv, es, S_FATAL, "Linux ifconfig failed"); - if ( do_ipv6 ) - { - argv_printf (&argv, - "%s %s add %s/%d", - IFCONFIG_PATH, - actual, - ifconfig_ipv6_local, - tt->netbits_ipv6 - ); - argv_msg (M_INFO, &argv); - openvpn_execve_check (&argv, es, S_FATAL, "Linux ifconfig inet6 failed"); - } - tt->did_ifconfig = true; - #endif /*ENABLE_IPROUTE*/ + tt->did_ifconfig = true; #elif defined(TARGET_SOLARIS) /* Solaris 2.6 (and 7?) cannot set all parameters in one go... @@ -824,52 +784,6 @@ do_ifconfig (struct tuntap *tt, if (!openvpn_execve_check (&argv, es, 0, "Solaris ifconfig phase-2 failed")) solaris_error_close (tt, es, actual, false); - if ( do_ipv6 ) - { - argv_printf (&argv, "%s %s inet6 unplumb", - IFCONFIG_PATH, actual ); - argv_msg (M_INFO, &argv); - openvpn_execve_check (&argv, es, 0, NULL); - - if ( tt->type == DEV_TYPE_TUN ) - { - argv_printf (&argv, - "%s %s inet6 plumb %s/%d %s up", - IFCONFIG_PATH, - actual, - ifconfig_ipv6_local, - tt->netbits_ipv6, - ifconfig_ipv6_remote - ); - } - else /* tap mode */ - { - /* base IPv6 tap interface needs to be brought up first - */ - argv_printf (&argv, "%s %s inet6 plumb up", - IFCONFIG_PATH, actual ); - argv_msg (M_INFO, &argv); - if (!openvpn_execve_check (&argv, es, 0, "Solaris ifconfig IPv6 (prepare) failed")) - solaris_error_close (tt, es, actual, true); - - /* we might need to do "ifconfig %s inet6 auto-dhcp drop" - * after the system has noticed the interface and fired up - * the DHCPv6 client - but this takes quite a while, and the - * server will ignore the DHCPv6 packets anyway. So we don't. - */ - - /* static IPv6 addresses need to go to a subinterface (tap0:1) - */ - argv_printf (&argv, - "%s %s inet6 addif %s/%d up", - IFCONFIG_PATH, actual, - ifconfig_ipv6_local, tt->netbits_ipv6 ); - } - argv_msg (M_INFO, &argv); - if (!openvpn_execve_check (&argv, es, 0, "Solaris ifconfig IPv6 failed")) - solaris_error_close (tt, es, actual, true); - } - if (!tun && tt->topology == TOP_SUBNET) { /* Add a network route for the local tun interface */ @@ -928,32 +842,9 @@ do_ifconfig (struct tuntap *tt, ); argv_msg (M_INFO, &argv); openvpn_execve_check (&argv, es, S_FATAL, "OpenBSD ifconfig failed"); - if ( do_ipv6 ) - { - argv_printf (&argv, - "%s %s inet6 %s/%d", - IFCONFIG_PATH, - actual, - ifconfig_ipv6_local, - tt->netbits_ipv6 - ); - argv_msg (M_INFO, &argv); - openvpn_execve_check (&argv, es, S_FATAL, "OpenBSD ifconfig inet6 failed"); - /* and, hooray, we explicitely need to add a route... */ - add_route_connected_v6_net(tt, es); - } tt->did_ifconfig = true; - #elif defined(TARGET_NETBSD) - -/* whether or not NetBSD can do IPv6 can be seen by the availability of - * the TUNSIFHEAD ioctl() - see next TARGET_NETBSD block for more details - */ -#ifdef TUNSIFHEAD -# define NETBSD_MULTI_AF -#endif - if (tun) argv_printf (&argv, "%s %s %s %s mtu %d netmask 255.255.255.255 up", @@ -994,26 +885,6 @@ do_ifconfig (struct tuntap *tt, argv_msg (M_INFO, &argv); openvpn_execve_check (&argv, es, S_FATAL, "NetBSD ifconfig failed"); - if ( do_ipv6 ) - { -#ifdef NETBSD_MULTI_AF - argv_printf (&argv, - "%s %s inet6 %s/%d", - IFCONFIG_PATH, - actual, - ifconfig_ipv6_local, - tt->netbits_ipv6 - ); - argv_msg (M_INFO, &argv); - openvpn_execve_check (&argv, es, S_FATAL, "NetBSD ifconfig inet6 failed"); - - /* and, hooray, we explicitely need to add a route... */ - add_route_connected_v6_net(tt, es); -#else - msg( M_INFO, "no IPv6 support for tun interfaces on NetBSD before 4.0 (if your system is newer, recompile openvpn)" ); - tt->ipv6 = false; -#endif - } tt->did_ifconfig = true; #elif defined(TARGET_DARWIN) @@ -1079,22 +950,6 @@ do_ifconfig (struct tuntap *tt, add_route (&r, tt, 0, NULL, es); } - if ( do_ipv6 ) - { - argv_printf (&argv, - "%s %s inet6 %s/%d", - IFCONFIG_PATH, - actual, - ifconfig_ipv6_local, - tt->netbits_ipv6 - ); - argv_msg (M_INFO, &argv); - openvpn_execve_check (&argv, es, S_FATAL, "MacOS X ifconfig inet6 failed"); - - /* and, hooray, we explicitely need to add a route... */ - add_route_connected_v6_net(tt, es); - } - #elif defined(TARGET_FREEBSD)||defined(TARGET_DRAGONFLY) /* example: ifconfig tun2 10.2.0.2 10.2.0.1 mtu 1450 netmask 255.255.255.255 up */ @@ -1145,19 +1000,6 @@ do_ifconfig (struct tuntap *tt, add_route (&r, tt, 0, NULL, es); } - if ( do_ipv6 ) - { - argv_printf (&argv, - "%s %s inet6 %s/%d", - IFCONFIG_PATH, - actual, - ifconfig_ipv6_local, - tt->netbits_ipv6 - ); - argv_msg (M_INFO, &argv); - openvpn_execve_check (&argv, es, S_FATAL, "FreeBSD ifconfig inet6 failed"); - } - #elif defined (WIN32) { /* @@ -1196,35 +1038,192 @@ do_ifconfig (struct tuntap *tt, } tt->did_ifconfig = true; } +#else + msg (M_FATAL, "Sorry, but I don't know how to do 'ifconfig' commands on this operating system. You should ifconfig your TUN/TAP device manually or use an --up script."); +#endif + argv_reset (&argv); + } - /* IPv6 always uses "netsh" interface */ - if ( do_ipv6 ) - { - char * saved_actual; + if (tt->ipv6 && tt->did_ifconfig_ipv6_setup) + { + const char *ifconfig_ipv6_local = NULL; + const char *ifconfig_ipv6_remote = NULL; - if (!strcmp (actual, "NULL")) - msg (M_FATAL, "Error: When using --tun-ipv6, if you have more than one TAP-Windows adapter, you must also specify --dev-node"); + struct argv argv; - /* example: netsh interface ipv6 set address MyTap 2001:608:8003::d store=active */ - argv_printf (&argv, - "%s%sc interface ipv6 set address %s %s store=active", - get_win_sys_path(), - NETSH_PATH_SUFFIX, - actual, - ifconfig_ipv6_local ); + argv_init (&argv); - netsh_command (&argv, 4); + msg( M_INFO, "do_ifconfig, tt->ipv6=%d, tt->did_ifconfig_ipv6_setup=%d", + tt->ipv6, tt->did_ifconfig_ipv6_setup ); - /* explicit route needed */ - /* on windows, OpenVPN does ifconfig first, open_tun later, so - * tt->actual_name might not yet be initialized, but routing code - * needs to know interface name - point to "actual", restore later - */ - saved_actual = tt->actual_name; - tt->actual_name = (char*) actual; - add_route_connected_v6_net(tt, es); - tt->actual_name = saved_actual; - } + ifconfig_ipv6_local = print_in6_addr (tt->local_ipv6, 0, &gc); + ifconfig_ipv6_remote = print_in6_addr (tt->remote_ipv6, 0, &gc); + +#if defined(TARGET_LINUX) +#ifdef ENABLE_IPROUTE + argv_printf (&argv, + "%s -6 addr add %s/%d dev %s", + iproute_path, + ifconfig_ipv6_local, + tt->netbits_ipv6, + actual + ); + argv_msg (M_INFO, &argv); + openvpn_execve_check (&argv, es, S_FATAL, "Linux ip -6 addr add failed"); +#else + argv_printf (&argv, + "%s %s add %s/%d", + IFCONFIG_PATH, + actual, + ifconfig_ipv6_local, + tt->netbits_ipv6 + ); + argv_msg (M_INFO, &argv); + openvpn_execve_check (&argv, es, S_FATAL, "Linux ifconfig inet6 failed"); +#endif /*ENABLE_IPROUTE*/ +#elif defined(TARGET_SOLARIS) + + argv_printf (&argv, "%s %s inet6 unplumb", + IFCONFIG_PATH, actual ); + argv_msg (M_INFO, &argv); + openvpn_execve_check (&argv, es, 0, NULL); + + if ( tt->type == DEV_TYPE_TUN ) + { + argv_printf (&argv, + "%s %s inet6 plumb %s/%d %s up", + IFCONFIG_PATH, + actual, + ifconfig_ipv6_local, + tt->netbits_ipv6, + ifconfig_ipv6_remote + ); + } + else /* tap mode */ + { + /* base IPv6 tap interface needs to be brought up first + */ + argv_printf (&argv, "%s %s inet6 plumb up", + IFCONFIG_PATH, actual ); + argv_msg (M_INFO, &argv); + if (!openvpn_execve_check (&argv, es, 0, "Solaris ifconfig IPv6 (prepare) failed")) + solaris_error_close (tt, es, actual, true); + + /* we might need to do "ifconfig %s inet6 auto-dhcp drop" + * after the system has noticed the interface and fired up + * the DHCPv6 client - but this takes quite a while, and the + * server will ignore the DHCPv6 packets anyway. So we don't. + */ + + /* static IPv6 addresses need to go to a subinterface (tap0:1) + */ + argv_printf (&argv, + "%s %s inet6 addif %s/%d up", + IFCONFIG_PATH, actual, + ifconfig_ipv6_local, tt->netbits_ipv6 ); + } + argv_msg (M_INFO, &argv); + if (!openvpn_execve_check (&argv, es, 0, "Solaris ifconfig IPv6 failed")) + solaris_error_close (tt, es, actual, true); + +#elif defined(TARGET_OPENBSD) + + argv_printf (&argv, + "%s %s inet6 %s/%d", + IFCONFIG_PATH, + actual, + ifconfig_ipv6_local, + tt->netbits_ipv6 + ); + argv_msg (M_INFO, &argv); + openvpn_execve_check (&argv, es, S_FATAL, "OpenBSD ifconfig inet6 failed"); + + /* and, hooray, we explicitely need to add a route... */ + add_route_connected_v6_net(tt, es); + +#elif defined(TARGET_NETBSD) + +/* whether or not NetBSD can do IPv6 can be seen by the availability of + * the TUNSIFHEAD ioctl() - see next TARGET_NETBSD block for more details + */ +#ifdef TUNSIFHEAD +# define NETBSD_MULTI_AF +#endif + +#ifdef NETBSD_MULTI_AF + argv_printf (&argv, + "%s %s inet6 %s/%d", + IFCONFIG_PATH, + actual, + ifconfig_ipv6_local, + tt->netbits_ipv6 + ); + argv_msg (M_INFO, &argv); + openvpn_execve_check (&argv, es, S_FATAL, "NetBSD ifconfig inet6 failed"); + + /* and, hooray, we explicitely need to add a route... */ + add_route_connected_v6_net(tt, es); +#else + msg( M_INFO, "no IPv6 support for tun interfaces on NetBSD before 4.0 (if your system is newer, recompile openvpn)" ); + tt->ipv6 = false; +#endif + +#elif defined(TARGET_DARWIN) + /* + * Darwin (i.e. Mac OS X) seems to exhibit similar behaviour to OpenBSD... + */ + argv_printf (&argv, + "%s %s inet6 %s/%d", + IFCONFIG_PATH, + actual, + ifconfig_ipv6_local, + tt->netbits_ipv6 + ); + argv_msg (M_INFO, &argv); + openvpn_execve_check (&argv, es, S_FATAL, "MacOS X ifconfig inet6 failed"); + + /* and, hooray, we explicitely need to add a route... */ + add_route_connected_v6_net(tt, es); + + +#elif defined(TARGET_FREEBSD)||defined(TARGET_DRAGONFLY) + + argv_printf (&argv, + "%s %s inet6 %s/%d", + IFCONFIG_PATH, + actual, + ifconfig_ipv6_local, + tt->netbits_ipv6 + ); + argv_msg (M_INFO, &argv); + openvpn_execve_check (&argv, es, S_FATAL, "FreeBSD ifconfig inet6 failed"); + +#elif defined (WIN32) + /* IPv6 always uses "netsh" interface */ + char * saved_actual; + + if (!strcmp (actual, "NULL")) + msg (M_FATAL, "Error: When using --tun-ipv6, if you have more than one TAP-Windows adapter, you must also specify --dev-node"); + + /* example: netsh interface ipv6 set address MyTap 2001:608:8003::d store=active */ + argv_printf (&argv, + "%s%sc interface ipv6 set address %s %s store=active", + get_win_sys_path(), + NETSH_PATH_SUFFIX, + actual, + ifconfig_ipv6_local ); + + netsh_command (&argv, 4); + + /* explicit route needed */ + /* on windows, OpenVPN does ifconfig first, open_tun later, so + * tt->actual_name might not yet be initialized, but routing code + * needs to know interface name - point to "actual", restore later + */ + saved_actual = tt->actual_name; + tt->actual_name = (char*) actual; + add_route_connected_v6_net(tt, es); + tt->actual_name = saved_actual; #else msg (M_FATAL, "Sorry, but I don't know how to do 'ifconfig' commands on this operating system. You should ifconfig your TUN/TAP device manually or use an --up script."); #endif @@ -4932,7 +4931,7 @@ open_tun (const char *dev, const char *dev_type, const char *dev_node, struct tu if (tt->type == DEV_TYPE_TUN) { - if (!tt->did_ifconfig_setup) + if (!(tt->did_ifconfig_setup || tt->did_ifconfig_ipv6_setup)) { msg (M_FATAL, "ERROR: --dev tun also requires --ifconfig"); } -- 2.0.2 ------------------------------ Message: 4 Date: Fri, 08 Aug 2014 10:10:42 +0300 From: Samuli Sepp?nen <sa...@op...> Subject: [Openvpn-devel] Impact of latest OpenSSL vulnerabilities to OpenVPN To: "ope...@li..." <ope...@li...>, "ope...@li..." <ope...@li...>, "ope...@li..." <ope...@li...> Message-ID: <53E...@op...> Content-Type: text/plain; charset=iso-8859-15 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all, Information on how the latest OpenSSL vulnerabilities affect OpenVPN is available here: <https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenSSL1.0.1i> Yesterday's Windows installer releases bundle OpenSSL 1.0.0i, which is immune to the two issues which may[1] affect OpenVPN. Updated installers are available here: <http://openvpn.net/index.php/download/community-downloads.html> Best regards, - -- Samuli Sepp?nen Community Manager OpenVPN Technologies, Inc irc freenode net: mattock [1] Depending on it's configuration -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAlPkd/IACgkQwp2X7RmNIqOoWwCeLR13x//Vxm4LRXilRlwkxhtP XcoAoMwIn+y3iYkofgL9TFiIK4YGMOK8 =msAA -----END PGP SIGNATURE----- ------------------------------ Message: 5 Date: Fri, 08 Aug 2014 11:11:23 +0300 From: Samuli Sepp?nen <sa...@op...> Subject: Re: [Openvpn-devel] Impact of latest OpenSSL vulnerabilities to OpenVPN To: "ope...@li..." <ope...@li...>, "ope...@li..." <ope...@li...>, "ope...@li..." <ope...@li...> Message-ID: <53E...@op...> Content-Type: text/plain; charset=iso-8859-15 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > Hi all, > > Information on how the latest OpenSSL vulnerabilities affect OpenVPN is > available here: > > <https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenSSL1.0.1i> > > Yesterday's Windows installer releases bundle OpenSSL 1.0.0i, which is > immune to the two issues which may[1] affect OpenVPN. Updated installers > are available here: > Responding to myself before somebody else corrects me. The Windows installers bundle 1.0.1i (not 1.0.0i). Sorry for the noise. - -- Samuli Sepp?nen Community Manager OpenVPN Technologies, Inc irc freenode net: mattock -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAlPkhisACgkQwp2X7RmNIqPKIgCeNsM6/3Z1Y9IDMMOYKQztHeWQ 76cAn1t8clBRaBWhhEAY2pYI8LHbzjSC =XS4x -----END PGP SIGNATURE----- ------------------------------ ------------------------------------------------------------------------------ Want fast and easy access to all the code in your enterprise? Index and search up to 200,000 lines of code with a free copy of Black Duck Code Sight - the same software that powers the world's largest code search on Ohloh, the Black Duck Open Hub! Try it now. http://p.sf.net/sfu/bds ------------------------------ _______________________________________________ Openvpn-devel mailing list Ope...@li... https://lists.sourceforge.net/lists/listinfo/openvpn-devel End of Openvpn-devel Digest, Vol 99, Issue 3 ******************************************** |
| From: Gert D. <ge...@gr...> - 2014-08-08 09:56:28 |
Hi, On Fri, Aug 08, 2014 at 11:10:32AM +1200, Gavin Shrubbery wrote: > This change makes it possible to configure an IPv6 address on a > tunnel without also having an IPv4 address. Thanks. Could you please rebase this on git master? tun.c has changed a bit since 2.3, and your patch looks like it's based on 2.3 (the AIX bits are missing, which is a giveaway). gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany ge...@gr... fax: +49-89-35655025 ge...@ne... |
| From: Samuli S. <sa...@op...> - 2014-08-08 08:11:31 |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > Hi all, > > Information on how the latest OpenSSL vulnerabilities affect OpenVPN is > available here: > > <https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenSSL1.0.1i> > > Yesterday's Windows installer releases bundle OpenSSL 1.0.0i, which is > immune to the two issues which may[1] affect OpenVPN. Updated installers > are available here: > Responding to myself before somebody else corrects me. The Windows installers bundle 1.0.1i (not 1.0.0i). Sorry for the noise. - -- Samuli Seppänen Community Manager OpenVPN Technologies, Inc irc freenode net: mattock -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAlPkhisACgkQwp2X7RmNIqPKIgCeNsM6/3Z1Y9IDMMOYKQztHeWQ 76cAn1t8clBRaBWhhEAY2pYI8LHbzjSC =XS4x -----END PGP SIGNATURE----- |
| From: Samuli S. <sa...@op...> - 2014-08-08 07:10:51 |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all, Information on how the latest OpenSSL vulnerabilities affect OpenVPN is available here: <https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenSSL1.0.1i> Yesterday's Windows installer releases bundle OpenSSL 1.0.0i, which is immune to the two issues which may[1] affect OpenVPN. Updated installers are available here: <http://openvpn.net/index.php/download/community-downloads.html> Best regards, - -- Samuli Seppänen Community Manager OpenVPN Technologies, Inc irc freenode net: mattock [1] Depending on it's configuration -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAlPkd/IACgkQwp2X7RmNIqOoWwCeLR13x//Vxm4LRXilRlwkxhtP XcoAoMwIn+y3iYkofgL9TFiIK4YGMOK8 =msAA -----END PGP SIGNATURE----- |
