Marco Baffo [Fri, 10 Oct 2025 14:19:56 +0000 (16:19 +0200)]
PUSH_UPDATE server: bug-fix, reset buffer after processing
In the send_single_push_update() function the buffer containing
the message was not reset after processing, so o in a push-update-broad
the messages sent starting from the second client would have been
shrunk (offset advanced and size decreased).
Change-Id: I41d08a9a2e79ac1f1104e72dd5b7b7617e2071a0 Signed-off-by: Marco Baffo <marco@mandelbit.com> Acked-by: Gert Doering <gert@greenie.muc.de>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1264
Message-Id: <20251010142002.27308-1-gert@greenie.muc.de>
URL: https://sourceforge.net/p/openvpn/mailman/message/59244933/ Signed-off-by: Gert Doering <gert@greenie.muc.de>
- Removes unused field prompt_len
- Change field reponse_len to int since that
is what the code actually expects. Most callers
user a constant either way.
Change-Id: I04542e678f81d5d4a853b4370d9b8adc4dac1212 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1216
Message-Id: <20251010094753.2825-1-gert@greenie.muc.de>
URL: https://sourceforge.net/p/openvpn/mailman/message/59244794/ Signed-off-by: Gert Doering <gert@greenie.muc.de>
Lev Stipakov [Thu, 9 Oct 2025 17:19:11 +0000 (19:19 +0200)]
Preserve ifconfig(_ipv6)_local across reconnect
Turns out that ifconfig_(ipv6)_local options are set once
and are not reset on a reconnect.
Consider following scenario:
- connect first time, server pushes ifconfig-ipv6
- add a ipv6 network route because ifconfig_ipv6_local is set
- reconnect, server doesn't push ifconfig-ipv6
Because of ifconfig_ipv6_local is not reset and holds the value
set by the first connect, client adds a ipv6 network route -
but this is wrong, since ipv6 wasn't pushed this time by the server.
Fix by saving/restoring ifconfig(_ipv6)_local in a
struct options_pre_connect along with other options which
preserves the initial values until --pull modifications
are applied.
Github: OpenVPN/openvpn#850
Change-Id: I9b099924286f9bccb6833e1e40606abe72714bbb Signed-off-by: Lev Stipakov <lev@openvpn.net>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1248
Message-Id: <20251009171916.12811-1-gert@greenie.muc.de>
URL: https://sourceforge.net/p/openvpn/mailman/message/59244523/ Signed-off-by: Gert Doering <gert@greenie.muc.de>
After removing --wrap from some other tests in
a previous commit I got confused here myself.
--wrap is really only needed when you have the
original function linked in. Somehow I thought
the call ordering and mocking logic needed this.
But this is wrong, so no need to use --wrap here
since we currently do not link any of those
functions.
Change-Id: I60df1e61ed89be52e9d032b5b49133a784f9811e Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1258
Message-Id: <20251008161357.5679-1-gert@greenie.muc.de>
URL: https://sourceforge.net/p/openvpn/mailman/message/59244071/ Signed-off-by: Gert Doering <gert@greenie.muc.de>
test_options_parse: Do not use uintmax_t instead of LargestIntegralType
At least on OpenBSD it seems that uintmax_t maps
to unsigned long long always, but LargestIntegralType
is unsigned long. So if we have a version of cmocka.h
that defines LargestIntegralType then respect that.
Change-Id: I59a49696acd665d43b21e5c23f24b86c15989cd6 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1256
Message-Id: <20251008133338.23652-1-gert@greenie.muc.de>
URL: https://sourceforge.net/p/openvpn/mailman/message/59243971/ Signed-off-by: Gert Doering <gert@greenie.muc.de>
Lev Stipakov [Wed, 8 Oct 2025 12:37:51 +0000 (14:37 +0200)]
dco-win: support for epoch data channel
Starting from 2.8.0, dco-win driver supports epoch data channel.
This commit adds missing userspace part to query DCO drivers for epoch
data format support (always "false" for now for Linux and FreeBSD, true
if Win-DCO driver is 2.8 or later), and pass "CRYPTO_OPTIONS_EPOCH"
flag via a new OVPN_IOCTL_NEW_KEY_V2 ioctl() to windows driver to turn
it on, if negotiated.
Change-Id: Ib5ed5969dcd405a47e34ed8479b7ffaaa5c43080 Signed-off-by: Lev Stipakov <lev@openvpn.net> Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1219
Message-Id: <20251008123757.18670-1-gert@greenie.muc.de>
URL: https://sourceforge.net/p/openvpn/mailman/message/59243920/ Signed-off-by: Gert Doering <gert@greenie.muc.de>
Only Debian 11 (GCC 10) complains about this.
We decided not to add work-arounds for GCC 10
and older and instead accept that they do not
build -Werror clean.
Change-Id: I73c46ac630834a8cf8894aaa2dcc429fbedd3db7 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1179
Message-Id: <20251008105507.9997-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg33285.html Signed-off-by: Gert Doering <gert@greenie.muc.de>
When parsing a "line" that is longer than the
available line buffer, then buf_parse was
eating up to 2 characters. It advanced past
them but they were not part of the output.
This can lead to unexpected results if buf_parse
is used in a while loop on unrestricted input,
like e.g. when reading configs (see in_src_get()
used for check_inline_file_via_buf()).
Change-Id: I3724660bf0f8336ee58c172acfb7c4f38e457393 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de> Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1246
Message-Id: <20251008103001.7696-1-gert@greenie.muc.de>
URL: https://sourceforge.net/p/openvpn/mailman/message/59243829/ Signed-off-by: Gert Doering <gert@greenie.muc.de>
Marco Baffo [Wed, 8 Oct 2025 08:30:41 +0000 (10:30 +0200)]
PUSH_UPDATE: disabling PUSH_UPDATE server and client if DCO is enabled
The PUSH_UPDATE currently doesn't work with DCO.
For example, in server, if a new ifconfig is sent, the DCO
doesn't receive the new peer address and the connection drops.
Similarly in the client when a PUSH_UPDATE is received, the tun is
closed and reopened but the DCO doesn't receive the peer info.
Change-Id: Ibe78949435bb2f26ad68301e2710321bf37c9486 Signed-off-by: Marco Baffo <marco@mandelbit.com> Acked-by: Antonio Quartulli <antonio@mandelbit.com>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1245
Message-Id: <20251008083046.27209-1-gert@greenie.muc.de>
URL: https://sourceforge.net/p/openvpn/mailman/message/59243711/ Signed-off-by: Gert Doering <gert@greenie.muc.de>
Steffan Karger [Tue, 7 Oct 2025 20:28:10 +0000 (22:28 +0200)]
Document that tls-crypt-v2 can be used in connection profile
As reported in https://github.com/OpenVPN/openvpn/issues/795,
tls-crypt-v2 was not documented as an option that was allowed to be used
in <connection> blocks. This is a documentation mistake - it has from
it's introduction been possible to do so.
- Make some type casts explicit. Due to the types used
in our networking API and the netlink APIs respectively
this can't be avoided.
- In many cases just use correct types from the start, e.g.
where we use constants anyway.
Change-Id: I20205ebd06bbf7cbee8c9be93f399961f5b74fcc Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Antonio Quartulli <antonio@mandelbit.com>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1251
Message-Id: <20251007122747.16064-1-gert@greenie.muc.de>
URL: https://sourceforge.net/p/openvpn/mailman/message/59243289/ Signed-off-by: Gert Doering <gert@greenie.muc.de>
COPYING: Remove licenses for software bundled in the Windows client
This is wildly outdated:
- we do not use NSIS or devcon.exe,
- the OpenSSL license hasn't been updated
In general this file is confusing, since clearly it only
applies to the Windows client. It does not document the
licenses used throughout the source code.
So instead of updating it here, move the duty of documenting
the licenses to the Windows installer build (in
openvpn-build repository).
v2:
- add back LZO linking exception, this is required for anyone
who wants to distribute openvpn binaries not just us.
Change-Id: I1aeed74dedf6dd5f559f4eb5cc84645f149ba788 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1249
Message-Id: <20251007104820.7781-1-gert@greenie.muc.de>
URL: https://sourceforge.net/p/openvpn/mailman/message/59243256/ Signed-off-by: Gert Doering <gert@greenie.muc.de>
uid_t/gid_t are int on many platform but unsigned
on at least Linux. So rewrite the code in a way that
does not make any assumptions about the types. Mainly
this means storing the information whether the value
is valid in a separate bool and not in the value
itself.
Note that this changes the return behavior of
platform_{user,group}_get but a review of the
callers determined that this makes no actual
difference.
Change-Id: Ie6b4c41d13544d5ba71d441cc794c7abd12408f3 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: MaxF <max@max-fillinger.net>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1206
Message-Id: <20251003100602.375062-1-frank@lichtenheld.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg33266.html Signed-off-by: Gert Doering <gert@greenie.muc.de>
Lev Stipakov [Mon, 29 Sep 2025 15:28:41 +0000 (17:28 +0200)]
dco-win: fix broken ASSERT in dco_new_key
Commit
e77c343 ("dco_win: In dco_new_key, document size assumptions for the integer casts")
has added an ASSERT on key-id, but didn't take into account that
key-id 0 is a perfectly valid value and is the first key-id. This
essentially broke dco-win.
Fix by adjusting ASSERT to >= 0.
Change-Id: I3b1243461ec9b6e85897f452f78dc4b05f7e126d Signed-off-by: Lev Stipakov <lev@openvpn.net> Acked-by: Frank Lichtenheld <frank@lichtenheld.com>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1223
Message-Id: <20250929152841.177424-1-frank@lichtenheld.com>
URL: https://sourceforge.net/p/openvpn/mailman/message/59240115/ Signed-off-by: Gert Doering <gert@greenie.muc.de>
ssl_openssl: Use uint16_t internally for TLS versions
libressl changed the API for the involved functions. Since
uint16_t is a true subset of int it should be safe to switch
to that for all OpenSSL variants.
One trivial drive-by fix in unrelated code to be able
to enable -Wconversion fully for the file. This just
adds a cast where the comment says we intend a cast.
Change-Id: I9ea87531afb553f789289787403900a4758b8e1c Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: MaxF <max@max-fillinger.net>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1212
Message-Id: <20250924150300.29318-1-gert@greenie.muc.de>
URL: https://sourceforge.net/p/openvpn/mailman/message/59238230/ Signed-off-by: Gert Doering <gert@greenie.muc.de>
Gert Doering [Wed, 24 Sep 2025 20:35:52 +0000 (22:35 +0200)]
OpenVPN Release 2.7_beta2
version.m4, ChangeLog, Changes.rst
Changes.rst has not received an "2.7_beta2" section - it has the
"highlevel" overview of what is new in 2.7, but for alpha/beta releases
it's better to look at git log to see what has been added/fixed.
Notable changes beta1 -> beta2 are:
- even more of signed/unsigned related warnings have been fixed
- #pragmas have been added to all to-be-fixed source files, so we can
now always enable -Wconversion to see if new code brings new warnings
(and the CI infra builds with -Werror)
- add proper input sanitation to DNS strings to prevent an attack
coming from a trusted-but-malicous OpenVPN server (CVE: 2025-10680,
affects unixoid systems with --dns-updown scripts and windows using
the built-in powershell call)
- greatly improved event log handling for the Windows interactive service
- this brings build system changes and a new openvpnservmsg.dll
- bugfixes when using multi-socket on windows
(properly recognize that TCP server mode does not work with DCO,
properly handle TCP multi-socket server setups without DCO)
- bring back configuring of IPv4 broadcast addresses on Linux
(also backported to 2.6.15)
- Rename Fox Crypto to Sentyron in copyright notices
- Switch test_ssl certificate from RSA 2048 to secp384r1
(so "make check" runs with OpenSSL set to @SECLEVEL=3)
- repair "--dhcp-option DNS" setting in combination with DHCP (TAP)
or --up scripts (GH issue #839, #840)
- clean up MI prefix handling
- replace all assert() calls with OpenVPN ASSERT()
On Linux (and similar platforms), those options are written to a tmp file,
which is later sourced by a script running as root. Since options are
controlled by the server, it is possible for a malicious server to
execute script injection attack by pushing something like
--dns search-domains x;id
in which case "id" command will be executed as a root.
On Windows, the value of DOMAIN/ADAPTER_DOMAIN_SUFFIX is passed to
a powershell script. A malicious server could push:
--dhcp-option DOMAIN a';Restart-Computer'
and if openvpn is not using DHCP (this is the default, with dco-win driver)
and running without interactive service, that powershell command will be
executed.
Validation is performed in a way that value only contains following
symbols:
[A-Za-z0-9.-_\x80-\0xff]
Reported-By: Stanislav Fort <disclosure@aisle.com>
CVE: 2025-10680
Change-Id: I09209ccd785cc368b2fcf467a3d211fbd41005c6 Signed-off-by: Lev Stipakov <lev@openvpn.net> Acked-by: Gert Doering <gert@greenie.muc.de>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1213
Message-Id: <20250924201601.25304-1-gert@greenie.muc.de>
URL: https://sourceforge.net/p/openvpn/mailman/message/59238367/ Signed-off-by: Gert Doering <gert@greenie.muc.de>
Enable -Wconversion -Wno-sign-conversion by default
Grand-father all known locations of existing errors,
so that -Werror builds still pass and we do not spam
build logs.
Still, this should give us a much better roadmap to
work on these issues one by one while still enabling
the warnings for a lot of code-paths.
In general I did go for least amount of pragmas, so
usually there is only one override per file, covering
ALL of the failures in that file. While this protects
a lot of code that doesn't need it, it also cut down
the amount of pragmas by a lot.
This does cover gcc builds including mingw and clang
builds. Does not cover MSVC.
Once the amount of issues has been suitable reduced
more warnings could be enabled.
Change-Id: Iad5b00c35a1f1993b1fa99e8b945ab17b230ef59 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1168
Message-Id: <20250924122755.14391-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg33181.html Signed-off-by: Gert Doering <gert@greenie.muc.de>
dns: Fix bug in error handling when talking to script
Comparing the result of read/write to a size_t value
is dangerous C. Since ssize_t and size_t have the same
size ssize_t is promoted to size_t, so -1 becomes
size_t max value and is not smaller than the expected
length.
Make sure to compare ssize_t to ssize_t to avoid any
suprises.
We take two values and try to massage them in various
ways. But this function only has one caller and that
puts exactly the same value into both of them. So
simplify the code.
Change-Id: I9cb8aa6ef01445cb99758583aba8ae8f9ded0862 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1209
Message-Id: <20250923160459.32273-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg33176.html Signed-off-by: Gert Doering <gert@greenie.muc.de>
- Includes fixes for
- -Wimplicit-fallthrough=2
(=3 is default but requires replacing all
fallthrough comments)
- -Wmissing-field-initializers
- -Wold-style-declaration
- All other warnings that would need fixes are
disabled for now.
Change-Id: I9ce664d073a4e6a6d433e9e6f986a5086dae8aa1 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1202
Message-Id: <20250923140854.21766-1-gert@greenie.muc.de>
URL: https://sourceforge.net/p/openvpn/mailman/message/59237558/ Signed-off-by: Gert Doering <gert@greenie.muc.de>
Gert Doering [Mon, 22 Sep 2025 08:02:59 +0000 (10:02 +0200)]
Fix t_net.sh / networking_testdriver after 'broadcast' change
Commit 0df0edc49c re-introduced explicit setting of broadcast addresses
for Linux IPv4 interfaces. t_net.sh verifies that the built-in netlink
code (sitnl) achieves the same result as "equivalent" iproute2 statements
- and we missed adjusting of these iproute2 statements (printed by
networking_testdriver). Done.
Change-Id: I5fea6ca1ccadb434b5c4f4b49881524a079a9d15 Signed-off-by: Gert Doering <gert@greenie.muc.de> Acked-by: Antonio Quartulli <antonio@mandelbit.com>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1203
Message-Id: <20250922080305.18477-1-gert@greenie.muc.de>
URL: https://sourceforge.net/p/openvpn/mailman/message/59236810/ Signed-off-by: Gert Doering <gert@greenie.muc.de>
This fixes a problem that was introduced in OpenVPN 2.5. Previously,
the ifconfig utility was used for adding the local address to an
interface. This utility automatically sets the correct broadcast address
based on the given unicast address and netmask.
Due to switching to iproute and Netlink, this does not happen
automatically any longer, which means that applications that rely on
broadcasts do not work correctly.
This patch fixes this issue both when using iproute (by telling iproute
to set the broadcast address based on the local address and prefix) and
when using Netlink (by calculating the correct broadcast address and
setting it).
Signed-off-by: Sebastian Marsching <sebastian-git-2016@marsching.com> Acked-by: Antonio Quartulli <antonio@openvpn.net>
Message-Id: <20250915110507.20557-1-sebastian-git-2016@marsching.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg33131.html Signed-off-by: Gert Doering <gert@greenie.muc.de>
Introduce msglvl_t to unify msglevel type handling
msglevel was definitely unsigned as the first
argument to msg(), but many parts of the code
had it as signed. So this produced a LOT of
warnings when enabling -Wsign-conversion.
Introduce a msglvl_t typedef and switch all
users to it. This includes any values that
are stored in the msglevel field, including
debug level and mute level.
There is one exception in struct status_output
where -1 is a valid value in the API. Only
positive values are translated into standard
message levels.
Change-Id: Id492cb774c6d022d06bb3cf5fec2a4bdd410e619 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1110
Message-Id: <20250917170428.3310-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg33028.html Signed-off-by: Gert Doering <gert@greenie.muc.de>
Gert Doering [Fri, 19 Sep 2025 11:24:19 +0000 (13:24 +0200)]
fix building of openvpnsrvmsg.dll from eventmsg.mc in mingw builds
commit 06919a60ae61 introduces .mc files that need to be compiled to
.h and .bin by the windows "mc.exe" tool, and from there into a new
.dll. This worked for MSVC builds, did nothing for cmake/mingw builds,
and broke compilation on autoconf/mingw builds.
This patch consists of two parts:
1. add building of openvpnsrvmsg.dll to autoconf/mingw builds
Add logic to configure.ac to find the "windmc" binary in the linux or
mingw variants, add rules to src/openvpnserv/Makefile.am so make knows
what to do.
Libtool is getting in the way when "openvpnsrvmsg.dll" is created as
anything listed in ...BIN or ...LIB, so decare it as "DATA" and make
the necessary rules explicit.
2. fix building of openvpnsrvmsg.dll on cmake/mingw builds
Fix "find_program()" invocation to avoid using "midnight commander"
binary (mc) on Linux (called "windmc" there).
Change from "-Wl,--noentry" to linker invocation that works.
See also:
https://learn.microsoft.com/en-us/cpp/build/creating-a-resource-only-dll?view=msvc-170
Change-Id: I071e8190dac28f429257b8af1c6f9e68f8896bc0 Signed-off-by: Gert Doering <gert@greenie.muc.de> Acked-by: Frank Lichtenheld <frank@lichtenheld.com>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1197
Message-Id: <20250919112424.24728-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg33083.html Signed-off-by: Gert Doering <gert@greenie.muc.de>
Lev Stipakov [Wed, 17 Sep 2025 09:05:48 +0000 (11:05 +0200)]
openvpnserv: Fix writing messages to the event log
There are two problems with the current implementation:
- due to the code bug, we never display actual error message
corresponding to the Windows error code. We use
FORMAT_MESSAGE_ALLOCATE_BUFFER, in which case we must pass
a pointer to the LPTSTR, not the LPTSTR itself.
- The error is not displayed in the "General" tab, which is very confusing.
One needs to go to the "Details" tab to see what is wrong.
This commit solves both problems. We now display a proper error
message in addition to the text provided by the service ("what went wrong").
While on it, remove trailing symbols Ãn a safer way.
To display the message in "General" tab, we create a registered message file
(openvpnservmsg.dll), which contains message template. Note that this requires
changes to the installer - we need to install the new DLL and
add a registry entry.
Gert Doering [Wed, 17 Sep 2025 12:07:15 +0000 (14:07 +0200)]
dev-tools/gerrit-send-mail.py: include Gerrit URL into the commit message
We used to reference to one of the mailing list archives as the formal
reference for the patch and the review discussions. With the problematic
reliability of the archives, I've started to manually add the URLs in
the OpenVPN Gerrit to the commits because they give a better reference
and (usually) all the feedback is there in a useful format.
So, enhance this dev-tool script to do this automatically.
Change-Id: Idb137ecbade4b0584a4d74aee34978062e247bc5 Signed-off-by: Gert Doering <gert@greenie.muc.de> Acked-by: Frank Lichtenheld <frank@lichtenheld.com>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1196
Message-Id: <20250917120720.30738-1-gert@greenie.muc.de>
URL: https://sourceforge.net/p/openvpn/mailman/message/59234672/ Signed-off-by: Gert Doering <gert@greenie.muc.de>
The dco_check_option_ce(), for dco_win, checked only
the global protocol of the current connection entry,
but now it should be extended to the local_list
and since dco_win does not support more than 1
socket, checking the first entry of the local_list
will be enough.
Change-Id: I74e2b6aed3c7454e897db57f777e6a191be3d87f Signed-off-by: Gianmarco De Gregori <gianmarco@mandelbit.com> Acked-by: Lev Stipakov <lstipakov@gmail.com>
Message-Id: <20250912131056.42342-1-frank@lichtenheld.com>
URL: https://sourceforge.net/p/openvpn/mailman/message/59232442/
URL: https://gerrit.openvpn.net/c/openvpn/+/1173 Signed-off-by: Gert Doering <gert@greenie.muc.de>
Lev Stipakov [Fri, 12 Sep 2025 13:22:35 +0000 (15:22 +0200)]
Preserve --dhcp-option values from local config
Commit
2dfc4f8 ("dns: deal with --dhcp-options when --dns is active")
has changed the way how --dhcp-option values are stored. Instead of
storing them directly in tuntap_options, they are now stored in
dns_options->from_dhcp.
Before connect, we save options before --pull is applied, and for that
we call clone_dns_options(). However, this was missing to clone the
"from_dhcp" struct, and as a result, the values of --dhcp-option from
the local config have been lost.
Fix by adding shallow-copying of dhcp_options to clone_dns_options(). It
is safe to do because it only contains fixed-size arrays, scalar types
and pointers to the strings which this struct doesn't own.
dco: add standard mi prefix handling to multi_process_incoming_dco()
Our code generally expects functions that deal with a multi instance
to set up a log prefix at the beginning with set_prefix(mi) and clear
it at the end with clear_prefix().
Add the calls to multi_process_incoming_dco() in a similar way to
what is done for multi_process_incoming_link() - handling "link
events" and "dco events" the same, with correct prefix in the
function and no leftover prefix afterwards.
Github: closes OpenVPN/openvpn#799
Change-Id: I1ad5df0f6785ffe9becd9f83329a9335d1a36f24 Signed-off-by: Antonio Quartulli <antonio@mandelbit.com> Signed-off-by: Gert Doering <gert@greenie.muc.de> Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20250911201222.25382-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg32859.html
URL: https://gerrit.openvpn.net/c/openvpn/+/1116 Signed-off-by: Gert Doering <gert@greenie.muc.de>
On Windows, multi-socket support failed with mixed protocols due
to repeated socket_set() calls, which caused accept() to be triggered
before having an event to process. This fix skips socket_set()
calls for non-UDP sockets in MODE_SERVER inside multi_io_process_flags().
Change-Id: Ia389fcec50fb2bbc0aa5ad41a2c23c17c04e6e9b Signed-off-by: Gianmarco De Gregori <gianmarco@mandelbit.com> Acked-by: Lev Stipakov <lstipakov@gmail.com>
Message-Id: <20250912131207.42597-1-frank@lichtenheld.com>
URL: https://sourceforge.net/p/openvpn/mailman/message/59232443/
URL: https://gerrit.openvpn.net/c/openvpn/+/1174 Signed-off-by: Gert Doering <gert@greenie.muc.de>
Gert Doering [Sun, 7 Sep 2025 21:12:46 +0000 (23:12 +0200)]
replace assert() calls with ASSERT()
OpenVPN's ASSERT() macro will do a bit more than the standard-libc
assert() call, namely print out which function and what expression
failed, before calling _exit(1). Also, it can not be accidentially
compiled-away (-DNDEBUG).
Use of ASSERT() is generally only advised in cases of "this must not
happen, but if it does, it's a programming or state corruption error
that we must know about". Use of assert() is lacking the extra debug
info, and as such, not advised at all.
Change-Id: I6480d6f741c2368a0d951004b91167d5943f8f9d Signed-off-by: Gert Doering <gert@greenie.muc.de> Acked-by: mandree <matthias.andree@gmx.de>
Message-Id: <20250907211252.23924-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg32824.html Signed-off-by: Gert Doering <gert@greenie.muc.de>
Gert Doering [Wed, 3 Sep 2025 17:03:39 +0000 (19:03 +0200)]
OpenVPN Release 2.7_beta1
version.m4, ChangeLog, Changes.rst
Changes.rst has not received an "2.7_beta1" section - it has the
"highlevel" overview of what is new in 2.7, but for alpha/beta releases
it's better to look at git log to see what has been added/fixed.
New features alpha3 -> beta1 are
- a large number of signed/unsigned related warnings have been fixed
- bugfixes in --dns-updown script for linux systems using resolvconf
- rewrite of the management interface "bytecount" infastructure to better
interact with DCO
- PUSH_UPDATE server support (via management interface)
- introduction of route_redirect_gateway_ipv4 and _ipv6 env variables
- speeding up t_client tests by reducing per-test startup delay 3s -> 1s
The biggest noticeable difference in beta1 is the reformatting using
clang-format, leaving uncrustify as that wasn't stable across versions.
Marco Baffo [Wed, 3 Sep 2025 16:48:20 +0000 (18:48 +0200)]
PUSH_UPDATE message sender: enabling the server to send PUSH_UPDATE control messages
Using the management interface you can now target one or more clients
(via broadcast or via cid) and send a PUSH_UPDATE control message
to update some options. See doc/management-notes.txt for details.
Change-Id: Ie82bcc7a8e583de9156b185d71d1a323ed8df3fc Signed-off-by: Marco Baffo <marco@mandelbit.com> Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20250903164826.13284-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg32807.html Signed-off-by: Gert Doering <gert@greenie.muc.de>
management: stop bytecount on client disconnection
When a management interface client requests periodic bytecount
notifications, openvpn continues to emit them even after the client has
disconnected. Additionally, upon reconnecting, the client starts
receiving these notifications without having issued a new bytecount
command.
Stop the periodic bytecount operation when the management interface
client disconnects, preventing unnecessary stats polling when using DCO
and ensuring that clients only receive notifications they have
explicitly requested.
Change-Id: I1474d232278433d097baf85352dfc9a79853bad1 Signed-off-by: Ralf Lici <ralf@mandelbit.com> Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20250902163514.22339-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg32765.html Signed-off-by: Gert Doering <gert@greenie.muc.de>
dco_linux: validate tun interface before fetching stats
If dco_get_peer_stats() is called with an uninitialized c->c1.tuntap it
results in a segfault. This issue happens when a client who has not
connected to any server:
- has --management and exits,
- has --management and a management interface client issues either
`bytecount` or `status` or
- if SIGUSR2 is sent to it.
Add a check to ensure the tun interface was set up before attempting to
retrieve peer statistics.
Change-Id: I40c11864745cc1619cb9cbf490b168f90feb5eac Signed-off-by: Ralf Lici <ralf@mandelbit.com> Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20250902164521.23145-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg32768.html Signed-off-by: Gert Doering <gert@greenie.muc.de>
On messages printed for async DCO events, the currently-set mi prefix
does not (always) belong to the peer that the async messages refer to,
creating confusion.
To avoid this, the M_NOIPREFIX flag is now used along with msglevel.
Change-Id: I84a73d625c79d6a6a19122e48c91960dbe01ec49 Signed-off-by: Gianmarco De Gregori <gianmarco@mandelbit.com> Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20250902115954.29021-1-gert@greenie.muc.de>
URL: https://sourceforge.net/p/openvpn/mailman/message/59228149/ Signed-off-by: Gert Doering <gert@greenie.muc.de>
management: resync timer on bytecount interval change
coarse_timer_wakeup tracks when the next timer-driven task will occur.
If a user issues `bytecount n` via the management interface, but the
next scheduled wakeup is more than n seconds away, bandwidth logging
will be delayed until that timer fires.
To ensure timely logging, reset the timer whenever a new `bytecount`
command is received. This guarantees that logging begins exactly n
seconds after the command, matching the user-defined interval.
Change-Id: Ic0035d52e0ea123398318870d2f4d21af927a602 Signed-off-by: Ralf Lici <ralf@mandelbit.com> Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20250902160050.18640-1-gert@greenie.muc.de>
URL: https://sourceforge.net/p/openvpn/mailman/message/59228306/ Signed-off-by: Gert Doering <gert@greenie.muc.de>
Lev Stipakov [Tue, 2 Sep 2025 10:36:01 +0000 (12:36 +0200)]
Refactor management bytecount tracking
There are few issues with it:
- when using DCO, the server part doesn't output BYTECOUNT_CLI since
process_incoming_link_part1/process_outgoing_link are not called
- when using DCO, the server part applies bytecount timer to the each
connection, unneccessary making too many calls to the kernel and also
uses incorrect BYTECOUNT output.
- client part outputs counters using timer, server part utilizes
traffic activity -> inconsistency
Following changes have been made:
- Use timer to output counters in client and server mode. Code which
deals with bytecount on traffic activity has been removed. This unifies
DCO and non-DCO, as well as client and server mode
- In server mode, peers stats are fetched with the single ioctl call
- Per-packet stats are not persisted anymore in the client mode during
traffic activity. Instead cumulative stats (including DCO stats) are
persisted when the session closes.
GitHub: closes OpenVPN/openvpn#820
Change-Id: I43a93f0d84f01fd808a64115e1b8c3b806706491 Signed-off-by: Lev Stipakov <lev@openvpn.net> Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20250902103606.22181-1-gert@greenie.muc.de>
URL: https://sourceforge.net/p/openvpn/mailman/message/59228150/ Signed-off-by: Gert Doering <gert@greenie.muc.de>
Lev Stipakov [Tue, 2 Sep 2025 12:25:36 +0000 (14:25 +0200)]
dco-win: add support for multipeer stats
Use the new driver API to fetch per-peer link and VPN byte counters
in both client and server modes.
Two usage modes are supported:
- Single peer: pass the peer ID and a fixed-size output buffer. If the
IOCTL is not supported (old driver), fall back to the legacy API.
- All peers: first call the IOCTL with a small output buffer to get
the required size, then allocate a buffer and call again to fetch
stats for all peers.
Change-Id: I525d7300e49f9a5a18e7146ee35ccc2af8184b8a Signed-off-by: Lev Stipakov <lev@openvpn.net> Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20250902122542.31023-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg32744.html Signed-off-by: Gert Doering <gert@greenie.muc.de>
Gert Doering [Tue, 26 Aug 2025 18:40:38 +0000 (20:40 +0200)]
Introduce env variables to communicate desired gateway redirection to NM.
When run under Network Manager control, OpenVPN is not allowed to
control routing. Instead, NM uses the OpenVPN-set environment variables
("route_network_1" etc) to set up routes as requested. This method never
worked properly for "redirect-gateway", as the information was not made
available in environment variables.
<not set> = no gateway redirection desired
1 = "redirect-gateway for that protocol in question"
2 = "include block-local to redirect the local LAN as well"
We intentionally do not expose all the IPv4 flags ("local", "def1", ...)
as this is really internal OpenVPN historical cruft.
Change-Id: I1e623b4a836f7216750867243299c7e4d0bd32d0 Signed-off-by: Gert Doering <gert@greenie.muc.de> Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org>
Message-Id: <20250826184046.21434-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg32686.html Signed-off-by: Gert Doering <gert@greenie.muc.de>
Arne Schwabe [Tue, 19 Aug 2025 21:22:09 +0000 (23:22 +0200)]
Check message id/acked ids too when doing sessionid cookie checks
This fixes that control packets on a floating client can trigger
creating a new session in special circumstances:
To trigger this circumstance a connection needs to
- starts on IP A
- successfully floats to IP B by data packet
- then has a control packet from IP A before any
data packet can trigger the float back to IP A
and all of this needs to happen in the 60s time
that hmac cookie is valid in the default
configuration.
In this scenario we would trigger a new connection as the HMAC
session id would be valid.
This patch adds checking also of the message-id and acked ids to
discern packet from the initial three-way handshake where these
ids are 0 or 1 from any later packet.
This will now trigger (at verb 4 or higher) a messaged like:
Packet (P_ACK_V1) with invalid or missing SID
instead.
Also remove a few duplicated free_tls_pre_decrypt_state in test_ssl.
Reported-By: Walter Doekes <walter.openvpn@wjd.nu> Tested-By: Walter Doekes <walter.openvpn@wjd.nu>
Change-Id: I6752dcd5aff3e5cea2b439366479e86751a1c403 Signed-off-by: Arne Schwabe <arne@rfc2549.org> Acked-by: MaxF <max@max-fillinger.net>
Message-Id: <20250819212214.16218-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg32626.html Signed-off-by: Gert Doering <gert@greenie.muc.de>
projects / thirdparty / openvpn.git / log
