aboutsummaryrefslogtreecommitdiffstats
path: root/package/network/services/openvpn
Commit message (Collapse)AuthorAgeFilesLines
* openvpn: fix missing cipher list for polarssl in v2.3.11Jo-Philipp Wich2016-06-282-1/+43
| | | | | | | | | | | Upstream OpenSSL hardening work introduced a change in shared code that causes polarssl / mbedtls builds to break when no --tls-cipher is specified. Import the upstream fix commit as patch until the next OpenVPN release gets released and packaged. Reported-by: Sebastian Koch <seb@metafly.info> Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* openvpn: update to 2.3.11Magnus Kroken2016-06-133-4/+25
| | | | | | | | | | Security fixes: * Fixed port-share bug with DoS potential * Fix buffer overflow by user supplied data Full changelog: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.11 Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* openvpn: add support for tls-version-minMatteo Panella2016-06-072-2/+2
| | | | | | | | | | | | | Currently, the uci data model does not provide support for specifying the minimum TLS version supported in an OpenVPN instance (be it server or client). This patch adds support for writing the relevant option to the openvpn configuration file at service startup. Signed-off-by: Matteo Panella <morpheus@level28.org> [Jo-Philipp Wich: shorten commit title, bump pkg release] Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* openvpn: remove unrecognized optionDirk Neukirchen2016-06-011-1/+0
| | | | | | | | removed upstream in https://github.com/OpenVPN/openvpn/commit/9ffd00e7541d83571b9eec087c6b3545ff68441f now its always on Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
* openvpn: add support for X.509 name optionsJohn Crispin2016-03-081-0/+1
| | | | | | | | | x509-username-field was added in OpenVPN 2.2, and verify-x509-name was added in 2.3. This fixes ticket #18807. Signed-off-by: Jeffery To <jeffery.to@gmail.com> SVN-Revision: 48969
* openvpn: update to version 2.3.10Felix Fietkau2016-01-115-276/+5
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48201
* openvpn: added service_triggers() to init scriptFelix Fietkau2016-01-071-0/+4
| | | | | | | | | Follow up of #21469 This patch enables autoreloading openvpn via procd. Signed-off-by: Federico Capoano <nemesis@ninux.org> SVN-Revision: 48150
* openvpn: fix configure optionsJohn Crispin2015-12-231-2/+1
| | | | | | | | | | | | | | | - eurephia: commit: Remove the --disable-eurephia configure option - fix option name: http proxy option is now called http-proxy (see configure.ac) fixes: configure: WARNING: unrecognized options: --disable-nls, --disable-eurephia, --enable-http Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de> SVN-Revision: 47979
* openvpn: enable options consistency check even in the small buildFelix Fietkau2015-11-101-0/+12
| | | | | | | | | Only costs about 3k compressed, but significantly improves handling of configuration mismatch Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 47439
* openvpn: add handling for route-pre-down optionJohn Crispin2015-10-051-1/+1
| | | | | | | | | OpenVPN 2.3 added a route-pre-down option, to run a command before routes are removed upon disconnection. Signed-off-by: Jeffery To <jeffery.to@gmail.com> SVN-Revision: 47134
* openvpn: remove __DATE__ from options outputFelix Fietkau2015-09-111-0/+10
| | | | | | | | | reported by: https://reproducible.debian.net/openwrt/dbd/ar71xx/base/openvpn-nossl_2.3.7-1_ar71xx.ipk.html Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de> SVN-Revision: 46860
* package: replace ifconfig-usage with ipSteven Barth2015-09-081-1/+1
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 46832
* openvpn: bump to 2.3.7.Felix Fietkau2015-06-185-78/+6
| | | | | | | | Two patches are dropped as they were already applied upstream. Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com> SVN-Revision: 46027
* openvpn: bump PKG_RELEASE.Felix Fietkau2015-06-141-1/+1
| | | | | | Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com> SVN-Revision: 45962
* openvpn: let instances drop to nobody in default config.Felix Fietkau2015-06-141-0/+2
| | | | | | | | | This is for security precautions. As persist_tun and persist_key are already there, this should not cause compatibility issue. Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com> SVN-Revision: 45961
* openvpn: fix handling option auth_retry.Felix Fietkau2015-06-141-2/+2
| | | | | | | | | As reported in ticket #19104, auth_retry takes a <type> argument with 3 choices: none, nointeract, interact. Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com> SVN-Revision: 45960
* openvpn: replace polarssl run-time version check with a compile-time oneFelix Fietkau2015-05-051-0/+11
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 45608
* openvpn: disable CBC record splitting in PolarSSL/mbedTLS (#19101)Jo-Philipp Wich2015-05-042-1/+17
| | | | | | | | | | | | | | | | | | | | | | | | OpenVPN assumes that its control channel messages are sent and received unfragmented, this assumption is broken when CBC record splitting is enabled in mbedTLS. The record splitting is intended as countermeasure against BEAST attacks which do not apply to OpenVPN, therefore we simply disable it until upstream OpenVPN gains the ability to process fragmented control messages. Disabling the splitting also works around a (not remotely triggerable) segmentation fault in mbedTLS. References: * https://dev.openwrt.org/ticket/19101 * https://community.openvpn.net/openvpn/ticket/524 * https://github.com/ARMmbed/mbedtls/pull/185 Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 45602
* openvpn: autostart openvpn instances for each .conf file in /etc/openvpnJo-Philipp Wich2015-02-072-4/+32
| | | | | | | | | | | | | | | Align init behaviour with other distros by starting an OpenVPN instance for each config file found in /etc/openvpn/. This removes the additional requirement to "register" the configs with uci and thus simplifies the setup. Make sure to respect the disabled state in uci to not suddenly autostart instances which have been previously set to disabled, also skip configs which are already started due to uci configuration. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 44310
* openvpn: procd_set_param respawnJohn Crispin2015-01-081-0/+1
| | | | | | | | | | | Makes sure that the openvpn instance gets restarted in case of a crash. Intentional stops using /etc/init.d/openvpn stop will not result in respawning. Anything else will, e.g. killall openvpn. Signed-off-by: Lars Gierth <larsg@systemli.org> SVN-Revision: 43886
* openvpn: bump PKG_REVISION and copyright yearJo-Philipp Wich2015-01-061-2/+2
| | | | | | Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 43859
* openvpn: backport an upstream fix for a regression in using --cipher none ↵Felix Fietkau2015-01-041-0/+57
| | | | | | | | (fixes #18676) Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 43823
* openvpn: update to 2.3.6, fixes CVE-2014-8104Felix Fietkau2014-12-012-25/+46
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 43482
* license info - revert r43155John Crispin2014-11-031-3/+0
| | | | | | | | turns out that r43155 adds duplicate info. Signed-off-by: John Crispin <blogic@openwrt.org> SVN-Revision: 43167
* Add more license tags with SPDX identifiersJohn Crispin2014-11-031-0/+3
| | | | | | | | | | | | | | | | | | Note, that licensing stuff is a nightmare: many packages does not clearly state their licenses, and often multiple source files are simply copied together - each with different licensing information in the file headers. I tried hard to ensure, that the license information extracted into the OpenWRT's makefiles fit the "spirit" of the packages, e.g. such small packages which come without a dedicated source archive "inherites" the OpenWRT's own license in my opinion. However, I can not garantee that I always picked the correct information and/or did not miss license information. Signed-off-by: Michael Heimpold <mhei@heimpold.de> SVN-Revision: 43155
* Add a few SPDX tagsSteven Barth2014-11-021-0/+1
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 43151
* scripts: fix wrong usage of '==' operatorJohn Crispin2014-10-141-1/+1
| | | | | | | | | | | | | | [base-files] shell-scripting: fix wrong usage of '==' operator normally the '==' is used for invoking a regex parser and is a bashism. all of the fixes just want to compare a string. the used busybox-ash will silently "ignore" this mistake, but make it portable/clean at least. this patch does not change the behavior/logic of the scripts. Signed-off-by: Bastian Bittorf <bittorf@bluebottle.com> SVN-Revision: 42911
* openvpn: fix compile error with muslFelix Fietkau2014-06-301-0/+13
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 41425
* openvpn: update to version 2.3.4Felix Fietkau2014-06-302-66/+81
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 41416
* openvpn: enable ipv6 parametersJohn Crispin2014-06-021-1/+2
| | | | | | | | http://patchwork.openwrt.org/patch/4945/ Signed-off-by: John Crispin <blogic@openwrt.org> SVN-Revision: 40931
* polarssl: update to version 1.3.4 and add openssl compat patchFelix Fietkau2014-03-141-0/+221
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 39930
* openvpn: make size optimization configurableFelix Fietkau2014-03-114-1/+22
| | | | | | Signed-off-by: Christoph Kottke <christoph.kottke@gmx.de> SVN-Revision: 39872
* openvpn: clean up and fix the init scriptFelix Fietkau2013-10-311-17/+16
| | | | | | | | | | | | | - clean up duplication of procd instance handling code - using --cd *after* --config is rather pointless - to be able to log errors properly, --syslog needs to be passed before --config - tell procd about the generated or referenced config file instead of the uci file. this avoids having to restart all instances if only one of them changes. Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 38632
* openvpn: make comp_lzo a parameterLuka Perkov2013-10-153-5/+5
| | | | | | | | Possible parameters are yes, no and adaptive. See manpage for more information. Signed-off-by: Philipp Borgers <borgers@mi.fu-berlin.de> SVN-Revision: 38412
* openvpn: rework initscript (fixes #14299)Luka Perkov2013-10-091-8/+30
| | | | | | Signed-off-by: Luka Perkov <luka@openwrt.org> SVN-Revision: 38351
* openvpn: switch to new procd init script styleLuka Perkov2013-10-072-65/+14
| | | | | | Signed-off-by: Luka Perkov <luka@openwrt.org> SVN-Revision: 38331
* openvpn: update to 2.3.2Felix Fietkau2013-07-262-61/+2
| | | | | | | | | | | | this patches updates openvpn to v2.3.2 and adds a PKG_MD5SUM to the Makefile This release fixes a memory access violation when cipher none is used on ar71xx - at least with my config Signed-off-by: Peter Wagner <tripolar@gmx.at> SVN-Revision: 37560
* openvpn: enable password save support (#13245)Felix Fietkau2013-04-011-0/+1
| | | | SVN-Revision: 36144
* openvpn: remove the stale PKG_REV variableFelix Fietkau2013-02-051-1/+0
| | | | SVN-Revision: 35499
* openvpn: split easy-rsa into a separate package, it is no longer bundled ↵Felix Fietkau2013-02-053-26/+0
| | | | | | with the release tarball SVN-Revision: 35498
* openvpn: add from openvpn-devel from /packages, fix support for current polarsslFelix Fietkau2013-01-3010-0/+927
SVN-Revision: 35412