| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
Updates to openvpn.init were included in early OpenVPN 2.4 patch
series, but got lost along the way and were never merged.
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
|
|
|
|
|
|
|
|
|
|
| |
Add PROVIDES:=openvpn to the default recipe in order to let all build variants
provide a virtual openvpn package.
The advantage of this approach is that downstream packages can depend on just
"openvpn" without having to require a specific flavor.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
| |
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
| |
Saves around 9kb gzipped on MIPS
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
OpenVPN 2.4 builds with mbedTLS 2.x, rename openvpn-polarssl
variant to openvpn-mbedtls.
Some feature highlights:
* Data channel cipher negotiation
* AEAD cipher support for data channel encryption (currently only
* AES-GCM)
* ECDH key exchange for control channel
* LZ4 compression support
See https://github.com/OpenVPN/openvpn/blob/master/Changes.rst
for additional change notes.
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
|
|
|
|
|
|
| |
Replace *MD5SUM with *HASH, replace MD5 hashes with SHA256
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
OpenVPN requires arguments to --push to be enclosed in double quotes.
One set of quotes is stripped when the UCI config is parsed.
Change append_params() of openvpn.init to enclose push parameters in
double quotes.
Unquoted push parameters do not cause errors in OpenVPN 2.3,
but OpenVPN 2.4 fails to start with unquoted push parameters.
Fixes: FS#290.
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
|
|
|
|
|
|
| |
Changelog: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.13
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
|
|
|
|
|
|
| |
cacert is really called ca and already in the script
Signed-off-by: John Crispin <john@phrozen.org>
|
|
|
|
| |
Signed-off-by: John Crispin <john@phrozen.org>
|
|
|
|
|
|
|
|
|
| |
300-upstream-fix-polarssl-mbedtls-builds.patch has been applied upstream.
Replaced 101-remove_polarssl_debug_call.patch with upstream backport.
Changelog: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.12
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Upstream OpenSSL hardening work introduced a change in shared code that
causes polarssl / mbedtls builds to break when no --tls-cipher is specified.
Import the upstream fix commit as patch until the next OpenVPN release gets
released and packaged.
Reported-by: Sebastian Koch <seb@metafly.info>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
|
|
|
|
|
|
| |
Security fixes:
* Fixed port-share bug with DoS potential
* Fix buffer overflow by user supplied data
Full changelog: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.11
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, the uci data model does not provide support for specifying
the minimum TLS version supported in an OpenVPN instance (be it server
or client).
This patch adds support for writing the relevant option to the openvpn
configuration file at service startup.
Signed-off-by: Matteo Panella <morpheus@level28.org>
[Jo-Philipp Wich: shorten commit title, bump pkg release]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
|
|
|
|
| |
removed upstream in
https://github.com/OpenVPN/openvpn/commit/9ffd00e7541d83571b9eec087c6b3545ff68441f
now its always on
Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
|
|
|
|
|
|
|
|
|
| |
x509-username-field was added in OpenVPN 2.2, and verify-x509-name was
added in 2.3. This fixes ticket #18807.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
SVN-Revision: 48969
|
|
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 48201
|
|
|
|
|
|
|
|
|
| |
Follow up of #21469
This patch enables autoreloading openvpn via procd.
Signed-off-by: Federico Capoano <nemesis@ninux.org>
SVN-Revision: 48150
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- eurephia:
commit: Remove the --disable-eurephia configure option
- fix option name:
http proxy option is now called http-proxy (see configure.ac)
fixes:
configure: WARNING: unrecognized options: --disable-nls, --disable-eurephia, --enable-http
Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
SVN-Revision: 47979
|
|
|
|
|
|
|
|
|
| |
Only costs about 3k compressed, but significantly improves handling of
configuration mismatch
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 47439
|
|
|
|
|
|
|
|
|
| |
OpenVPN 2.3 added a route-pre-down option, to run a command before
routes are removed upon disconnection.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
SVN-Revision: 47134
|
|
|
|
|
|
|
|
|
| |
reported by:
https://reproducible.debian.net/openwrt/dbd/ar71xx/base/openvpn-nossl_2.3.7-1_ar71xx.ipk.html
Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
SVN-Revision: 46860
|
|
|
|
|
|
| |
Signed-off-by: Steven Barth <steven@midlink.org>
SVN-Revision: 46832
|
|
|
|
|
|
|
|
| |
Two patches are dropped as they were already applied upstream.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
SVN-Revision: 46027
|
|
|
|
|
|
| |
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
SVN-Revision: 45962
|
|
|
|
|
|
|
|
|
| |
This is for security precautions. As persist_tun and persist_key are
already there, this should not cause compatibility issue.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
SVN-Revision: 45961
|
|
|
|
|
|
|
|
|
| |
As reported in ticket #19104, auth_retry takes a <type> argument with 3
choices: none, nointeract, interact.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
SVN-Revision: 45960
|
|
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 45608
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
OpenVPN assumes that its control channel messages are sent and received
unfragmented, this assumption is broken when CBC record splitting is
enabled in mbedTLS.
The record splitting is intended as countermeasure against BEAST attacks
which do not apply to OpenVPN, therefore we simply disable it until
upstream OpenVPN gains the ability to process fragmented control
messages.
Disabling the splitting also works around a (not remotely triggerable)
segmentation fault in mbedTLS.
References:
* https://dev.openwrt.org/ticket/19101
* https://community.openvpn.net/openvpn/ticket/524
* https://github.com/ARMmbed/mbedtls/pull/185
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 45602
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Align init behaviour with other distros by starting an OpenVPN instance
for each config file found in /etc/openvpn/. This removes the additional
requirement to "register" the configs with uci and thus simplifies the
setup.
Make sure to respect the disabled state in uci to not suddenly autostart
instances which have been previously set to disabled, also skip configs
which are already started due to uci configuration.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 44310
|
|
|
|
|
|
|
|
|
|
|
| |
Makes sure that the openvpn instance gets restarted in case of a crash.
Intentional stops using /etc/init.d/openvpn stop will not result in
respawning. Anything else will, e.g. killall openvpn.
Signed-off-by: Lars Gierth <larsg@systemli.org>
SVN-Revision: 43886
|
|
|
|
|
|
| |
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 43859
|
|
|
|
|
|
|
|
| |
(fixes #18676)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 43823
|
|
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 43482
|
|
|
|
|
|
|
|
| |
turns out that r43155 adds duplicate info.
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 43167
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Note, that licensing stuff is a nightmare: many packages does not clearly
state their licenses, and often multiple source files are simply copied
together - each with different licensing information in the file headers.
I tried hard to ensure, that the license information extracted into the OpenWRT's
makefiles fit the "spirit" of the packages, e.g. such small packages which
come without a dedicated source archive "inherites" the OpenWRT's own license
in my opinion.
However, I can not garantee that I always picked the correct information
and/or did not miss license information.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
SVN-Revision: 43155
|
|
|
|
|
|
| |
Signed-off-by: Steven Barth <steven@midlink.org>
SVN-Revision: 43151
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
[base-files] shell-scripting: fix wrong usage of '==' operator
normally the '==' is used for invoking a regex parser and is a bashism.
all of the fixes just want to compare a string. the used busybox-ash
will silently "ignore" this mistake, but make it portable/clean at least.
this patch does not change the behavior/logic of the scripts.
Signed-off-by: Bastian Bittorf <bittorf@bluebottle.com>
SVN-Revision: 42911
|
|
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 41425
|
|
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 41416
|
|
|
|
|
|
|
|
| |
http://patchwork.openwrt.org/patch/4945/
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 40931
|
|
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 39930
|
|
|
|
|
|
| |
Signed-off-by: Christoph Kottke <christoph.kottke@gmx.de>
SVN-Revision: 39872
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- clean up duplication of procd instance handling code
- using --cd *after* --config is rather pointless
- to be able to log errors properly, --syslog needs to be passed before --config
- tell procd about the generated or referenced config file instead of
the uci file. this avoids having to restart all instances if only one
of them changes.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 38632
|
|
|
|
|
|
|
|
| |
Possible parameters are yes, no and adaptive. See manpage for more information.
Signed-off-by: Philipp Borgers <borgers@mi.fu-berlin.de>
SVN-Revision: 38412
|
|
|
|
|
|
| |
Signed-off-by: Luka Perkov <luka@openwrt.org>
SVN-Revision: 38351
|
|
|
|
|
|
| |
Signed-off-by: Luka Perkov <luka@openwrt.org>
SVN-Revision: 38331
|
|
|
|
|
|
|
|
|
|
|
|
| |
this patches updates openvpn to v2.3.2
and adds a PKG_MD5SUM to the Makefile
This release fixes a memory access violation when cipher none is used
on ar71xx - at least with my config
Signed-off-by: Peter Wagner <tripolar@gmx.at>
SVN-Revision: 37560
|