git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Lev Stipakov <lev@openvpn.net>
	Thu, 15 Sep 2022 10:40:28 +0000 (13:40 +0300)
committer	Gert Doering <gert@greenie.muc.de>
	Fri, 16 Sep 2022 16:17:58 +0000 (18:17 +0200)
commit	e9a156a160bb71e03ae03ba0bf4f31ced7282a13
tree	f30de6eb6465631dcb301e32259f13325a6aa6a7	tree
parent	bbcc17a7350dae81b43de1d84c14a8d4739b5b1a	commit \| diff

Use DCO on Windows by default

On startup, check following conditions:

- ovpn-dco-win driver is installed. Perform this check
   by trying to open adapter by symbolic name.

- options are compatible with dco. Same checks as on
   Linux and FreeBSD. In addition, check that --mode server
   is not used and --windows-driver is not set to tap-windows6/wintun.

If both checks are passed, use DCO.

Move options_postprocess_mutate_invariant() call
below since it depends on selected windows driver.

dco_check_option() has side effect on Windows -
if dco is not used, it might complain "cipher chachapoly
not supported by dco, disabling dco" if chachapoly
support is missing system-wide. To not to see this,
check dco options only if dco is enabled. This means
moving dco_enabled() from dco_check_startup_option()
to one level above. We do similar thing in
multi_connection_established() before checking ccd options.

Signed-off-by: Lev Stipakov <lev@openvpn.net>
Acked-by: Frank Lichtenheld <frank@lichtenheld.com>
Message-Id: <20220915104028.188-1-lstipakov@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg25221.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

src/openvpn/dco.c		diff \| blob \| blame \| history
src/openvpn/dco_win.c		diff \| blob \| blame \| history
src/openvpn/options.c		diff \| blob \| blame \| history
src/openvpn/options.h		diff \| blob \| blame \| history
src/openvpn/tun.c		diff \| blob \| blame \| history
src/openvpn/tun.h		diff \| blob \| blame \| history