v4.30-9695-beta

WARNING.TXT

@@ -104,6 +104,25 @@ be disabled anytime by setting up so on the VPN-client side.
 
 
 2. VPN Software
+The notes in this section are not specific to SoftEther VPN or VPN Gate, but
+apply to general system software. SoftEther VPN Client, SoftEther VPN Server,
+SoftEther VPN Bridge, and VPN Gate Relay Service will be installed on your
+computer as system services. System services always run in the background.
+System services usually do not appear on the computer display. Then your
+computer system is booted, system services automatically start in the
+background even before you or other users log in. To check whether
+PacketiX-related system service is running, check the process list or the
+background service list of your OS (called as "Services" in Windows, or
+"Daemons" in UNIX.) You can activate, deactivate, start, or stop system
+services using the functions of the OS anytime. PacketiX-related GUI tools for
+managing system services communicate with these system services. After you
+terminate these management GUI tools, PacketiX-related system services will
+continue to run in the background. System services consume CPU time, computer
+power, memory and disk space. Because system services consume power, your
+electricity charges and amount of thermal of your computer increase as result.
+In addition, there is a possibility that the mechanical parts of the life of
+your computer is reduced.
+
 2.1. SoftEther VPN Client
 If you use SoftEther VPN Client on Windows, the Virtual Network Adapter device
 driver will be installed on Windows. The Virtual Network Adapter is

src/BuildUtil/UnixBuildSoftwares.cs

@@ -694,6 +694,9 @@ namespace BuildUtil
 			sr.WriteLine("\t@echo \"You can choose your prefered language of {0} at any time.\"", BuildHelper.GetSoftwareTitle(this.Software));
 			sr.WriteLine("\t@echo \"To switch the current language, open and edit the 'lang.config' file.\"");
 
+			sr.WriteLine("\t@echo");
+			sr.WriteLine("\t@echo");
+			sr.WriteLine("\t@echo \"Note: the administrative password is not set on the VPN Server. Please set your own administrative password as soon as possible by vpncmd or the GUI manager.\"");
 			sr.WriteLine("\t@echo");
 			sr.WriteLine("\t@echo");
 
@@ -707,6 +710,7 @@ namespace BuildUtil
 			sr.WriteLine("\t@echo \"And please execute './vpncmd' to run the SoftEther VPN Command-Line Utility to configure {0}.\"", BuildHelper.GetSoftwareTitle(this.Software));
 #endif
 			sr.WriteLine("\t@echo");
+
 #if !BU_SOFTETHER
 			sr.WriteLine("\t@echo \"Of course, you can use the VPN Server Manager GUI Application for Windows on the other Windows PC in order to configure the {0} remotely.\"", BuildHelper.GetSoftwareTitle(this.Software));
 #else
@@ -715,7 +719,6 @@ namespace BuildUtil
 
 #if !BU_SOFTETHER
 #else
-			sr.WriteLine("\t@echo");
 			sr.WriteLine("\t@echo");
 			sr.WriteLine("\t@echo \"*** For Windows users ***\"");
 			sr.WriteLine("\t@echo \"You can download the SoftEther VPN Server Manager for Windows\"");
@@ -730,6 +733,30 @@ namespace BuildUtil
 			sr.WriteLine("\t@echo");
 #endif
 
+			sr.WriteLine("\t@echo");
+
+			sr.WriteLine("\t@echo");
+#if !BU_SOFTETHER
+			sr.WriteLine("\t@echo \"*** SoftEther VPN Server HTML5 Web Administration Console (NEW) ***\"");
+#else
+			sr.WriteLine("\t@echo \"*** PacketiX VPN Server HTML5 Web Administration Console (NEW) ***\"");
+#endif
+			sr.WriteLine("\t@echo \"This VPN Server / Bridge has the built-in HTML5 Web Administration Console.\"");
+			sr.WriteLine("\t@echo");
+			sr.WriteLine("\t@echo \"After you start the server daemon, you can open the HTML5 Web Administration Console is available at\"");
+			sr.WriteLine("\t@echo");
+#if !BU_SOFTETHER
+			sr.WriteLine("\t@echo \"https://127.0.0.1:8888/\"");
+			sr.WriteLine("\t@echo \"  or\"");
+			sr.WriteLine("\t@echo \"https://ip_address_of_the_vpn_server:8888/\"");
+#else
+			sr.WriteLine("\t@echo \"https://127.0.0.1:5555/\"");
+			sr.WriteLine("\t@echo \"or\"");
+			sr.WriteLine("\t@echo \"https://ip_address_of_the_vpn_server:5555/\"");
+#endif
+			sr.WriteLine("\t@echo");
+			sr.WriteLine("\t@echo \"This HTML5 page is obviously under construction, and your HTML5 development contribution is very appreciated.\"");
+			sr.WriteLine("\t@echo");
 
 			sr.WriteLine("\t@echo \"--------------------------------------------------------------------\"");
 			sr.WriteLine("\t@echo");

src/BuildUtil/VpnBuilder.cs

@@ -552,6 +552,24 @@ namespace BuildUtil
 			}
 		}
 
+		// Delete node_modules file
+		public static void DeleteNodeModulesFilesFromHamCoreBuilder(HamCoreBuilder b)
+		{
+			List<string> removeFiles = new List<string>();
+			foreach (HamCoreBuilderFileEntry f in b.FileList)
+			{
+				string name = f.Name;
+				if (name.IndexOf(@"\node_modules\", StringComparison.InvariantCultureIgnoreCase) != -1)
+				{
+					removeFiles.Add(name);
+				}
+			}
+			foreach (string file in removeFiles)
+			{
+				b.DeleteFile(file);
+			}
+		}
+
 		// Build Hamcore file
 		public static void BuildHamcore()
 		{
@@ -594,6 +612,7 @@ namespace BuildUtil
 			Con.WriteLine("* Building hamcore ...");
 
 			DeleteSVNFilesFromHamCoreBuilder(b);
+			DeleteNodeModulesFilesFromHamCoreBuilder(b);
 
 			try
 			{
@@ -619,6 +638,7 @@ namespace BuildUtil
 			}
 
 			DeleteSVNFilesFromHamCoreBuilder(b);
+			DeleteNodeModulesFilesFromHamCoreBuilder(b);
 
 			try
 			{

src/BuildUtil/VpnBuilderConfig.cs

@@ -421,7 +421,7 @@ namespace BuildUtil
 	{
 		// Windows
 		public static readonly OS Windows = new OS("windows", "Windows",
-			"Windows 98 / 98 SE / ME / NT 4.0 SP6a / 2000 SP4 / XP SP2, SP3 / Vista SP1, SP2 / 7 SP1 / 8 / 8.1 / 10 / Server 2003 SP2 / Server 2008 SP1, SP2 / Hyper-V Server 2008 / Server 2008 R2 SP1 / Hyper-V Server 2008 R2 / Server 2012 / Hyper-V Server 2012 / Server 2012 R2 / Hyper-V Server 2012 R2 / Server 2016",
+			"Windows 98 / 98 SE / ME / NT 4.0 SP6a / 2000 SP4 / XP SP2, SP3 / Vista SP1, SP2 / 7 SP1 / 8 / 8.1 / 10 / Server 2003 SP2 / Server 2008 SP1, SP2 / Hyper-V Server 2008 / Server 2008 R2 SP1 / Hyper-V Server 2008 R2 / Server 2012 / Hyper-V Server 2012 / Server 2012 R2 / Hyper-V Server 2012 R2 / Server 2016 / Server 2019",
 			new Cpu[]
 			{
 				CpuList.intel,

src/BuildUtil/Win32BuildUtil.cs

@@ -581,6 +581,16 @@ namespace BuildUtil
 						return false;
 					}
 
+					if (Str.InStr(srcPath, @"\node_modules\", false))
+					{
+						return false;
+					}
+
+					if (Str.InStr(srcPath, @"\wwwroot\", false))
+					{
+						return true;
+					}
+
 					foreach (string ext in exts)
 					{
 						if (srcPath.EndsWith(ext, StringComparison.InvariantCultureIgnoreCase))

src/Cedar/Admin.h

@@ -129,6 +129,8 @@ struct ADMIN
 	LIST *LogFileList;			// Accessible log file list
 	UINT ClientBuild;			// Build number of the client
 	RPC_WINVER ClientWinVer;	// Windows version of client
+	UINT MaxJsonRpcRecvSize;	// Max JSON-RPC Receive Size
+	char dummy1[MAX_HUBNAME_LEN + 1];	// hubname buffer (dummy)
 };
 
 // Test
@@ -215,7 +217,8 @@ struct RPC_INT
 // Set Password
 struct RPC_SET_PASSWORD
 {
-	UCHAR HashedPassword[SHA1_SIZE];	// Hashed password
+	UCHAR HashedPassword[SHA1_SIZE];	// Hashed password (for traditional RPC)
+	char PlainTextPassword[MAX_SIZE];	// Plaintext password (for JSON-RPC)
 };
 
 // Server farm configuration *
@@ -228,6 +231,7 @@ struct RPC_FARM
 	char ControllerName[MAX_HOST_NAME_LEN + 1];	// Controller name
 	UINT ControllerPort;				// Controller port
 	UCHAR MemberPassword[SHA1_SIZE];	// Member password
+	char MemberPasswordPlaintext[MAX_SIZE];	// Member password (plaintext)
 	UINT Weight;						// Performance ratio
 	bool ControllerOnly;				// Only controller function
 };
@@ -333,6 +337,7 @@ struct RPC_CREATE_HUB
 	char HubName[MAX_HUBNAME_LEN + 1];	// HUB Name
 	UCHAR HashedPassword[SHA1_SIZE];	// Administrative password
 	UCHAR SecurePassword[SHA1_SIZE];	// Administrator password
+	char AdminPasswordPlainText[MAX_SIZE];	// Password (plaintext)
 	bool Online;						// Online flag
 	RPC_HUB_OPTION HubOption;			// HUB options
 	UINT HubType;						// Type of HUB
@@ -650,6 +655,7 @@ struct RPC_ENUM_SESSION_ITEM
 	char RemoteHostname[MAX_HOST_NAME_LEN + 1];		// Remote server name
 	char Username[MAX_USERNAME_LEN + 1];			// User name
 	UINT Ip;										// IP address (IPv4)
+	IP ClientIP;									// IP address (IPv4 / IPv6)
 	char Hostname[MAX_HOST_NAME_LEN	+ 1];			// Host name
 	UINT MaxNumTcp;									// Maximum number of TCP connections
 	UINT CurrentNumTcp;								// Number of currentl TCP connections
@@ -666,6 +672,8 @@ struct RPC_ENUM_SESSION_ITEM
 	bool IsDormantEnabled;							// Is the dormant state enabled
 	bool IsDormant;									// Is in the dormant state
 	UINT64 LastCommDormant;							// Last comm interval in the dormant state
+	UINT64 CreatedTime;								// Creation date and time
+	UINT64 LastCommTime;							// Last communication date and time
 };
 
 // Disconnect the session
@@ -702,8 +710,9 @@ struct RPC_ENUM_IP_TABLE_ITEM
 {
 	UINT Key;										// Key
 	char SessionName[MAX_SESSION_NAME_LEN + 1];		// Session name
-	UINT Ip;										// IP address
+	UINT Ip;										// IPv4 address
 	IP IpV6;										// IPv6 address
+	IP IpAddress;									// IPv4 / IPv6 Address
 	bool DhcpAllocated;								// Assigned by the DHCP
 	UINT64 CreatedTime;								// Creation date and time
 	UINT64 UpdatedTime;								// Updating date
@@ -990,6 +999,11 @@ struct RPC_AZURE_STATUS
 };
 
 
+// Constants
+#define ADMIN_RPC_MAX_POST_SIZE_BY_SERVER_ADMIN		MAX_PACK_SIZE
+#define ADMIN_RPC_MAX_POST_SIZE_BY_HUB_ADMIN		(8 * 1024 * 1024)
+
+
 // Function prototype
 UINT AdminAccept(CONNECTION *c, PACK *p);
 void HashAdminPassword(void *hash, char *password);
@@ -1014,6 +1028,26 @@ BUF *DownloadFileFromServer(RPC *r, char *server_name, char *filepath, UINT tota
 bool CheckAdminSourceAddress(SOCK *sock, char *hubname);
 void SiEnumSessionMain(SERVER *s, RPC_ENUM_SESSION *t);
 bool SiIsEmptyPassword(void *hash_password);
+void JsonRpcProcPost(CONNECTION *c, SOCK *s, HTTP_HEADER *h, UINT post_data_size);
+void JsonRpcProcGet(CONNECTION *c, SOCK *s, HTTP_HEADER *h, char *url_target);
+void JsonRpcProcOptions(CONNECTION *c, SOCK *s, HTTP_HEADER *h, char *url_target);
+JSON_VALUE *JsonRpcProcRequestObject(ADMIN *admin, CONNECTION *c, SOCK *s, JSON_VALUE *json_req, char *method_name);
+JSON_VALUE *JsonRpcNewError(int code, wchar_t *message);
+JSON_VALUE *JsonRpcNewResponse(PACK *p);
+bool HttpParseBasicAuthHeader(HTTP_HEADER *h, char *username, UINT username_size, char *password, UINT password_size);
+ADMIN *JsonRpcAuthLogin(CEDAR *c, SOCK *sock, HTTP_HEADER *h);
+JSON_VALUE *QueryStringToJsonListValue(char *qs);
+JSON_VALUE *ConstructDummyJsonRpcRequest(char *method_name, JSON_VALUE *p);
+void AdminWebProcPost(CONNECTION *c, SOCK *s, HTTP_HEADER *h, UINT post_data_size, char *url_target);
+void AdminWebProcGet(CONNECTION *c, SOCK *s, HTTP_HEADER *h, char *url_target);
+bool AdminWebHandleFileRequest(ADMIN *a, CONNECTION *c, SOCK *s, HTTP_HEADER *h, char *url_src, char *query_string, char *virtual_root_dir, char *physical_root_dir);
+BUF *AdminWebProcessServerSideInclude(BUF *src_txt, char *filename, UINT depth);
+bool AdminWebSendBody(SOCK *s, UINT status_code, char *status_string, UCHAR *data, UINT data_size, char *content_type, char *add_header_name, char *add_header_value, HTTP_HEADER *request_headers);
+bool AdminWebSend404Error(SOCK *s, HTTP_HEADER *request_headers);
+bool AdminWebSend302Redirect(SOCK *s, char *url, char *query_string, HTTP_HEADER *request_headers);
+BUF *AdminWebTryFindAndReadFile(char *vroot, char *proot, char *url, char *ret_filename, UINT ret_filename_size, bool *is_index_html);
+BUF *AdminWebTryOneFile(char *filename, char *ret_filename, UINT ret_filename_size);
+bool AdminWebSendUnauthorized(SOCK *s, HTTP_HEADER *http_request_headers);
 
 UINT StTest(ADMIN *a, RPC_TEST *t);
 UINT StGetServerInfo(ADMIN *a, RPC_SERVER_INFO *t);
@@ -1387,7 +1421,7 @@ void OutRpcAccess(PACK *p, ACCESS *a);
 void InRpcEnumAccessList(RPC_ENUM_ACCESS_LIST *a, PACK *p);
 void OutRpcEnumAccessList(PACK *p, RPC_ENUM_ACCESS_LIST *a);
 void FreeRpcEnumAccessList(RPC_ENUM_ACCESS_LIST *a);
-void *InRpcAuthData(PACK *p, UINT *authtype);
+void *InRpcAuthData(PACK *p, UINT *authtype, char *username);
 void OutRpcAuthData(PACK *p, void *authdata, UINT authtype);
 void FreeRpcAuthData(void *authdata, UINT authtype);
 void InRpcSetUser(RPC_SET_USER *t, PACK *p);

src/Cedar/CM.c

@@ -9466,6 +9466,12 @@ void CmPrintStatusToListViewEx(LVB *b, RPC_CLIENT_GET_CONNECTION_STATUS *s, bool
 			LvInsertAdd(b, 0, NULL, 2, _UU("CM_ST_UNDERLAY_PROTOCOL"), tmp);
 		}
 
+		if (IsEmptyStr(s->ProtocolDetails) == false)
+		{
+			StrToUni(tmp, sizeof(tmp), s->ProtocolDetails);
+			LvInsertAdd(b, 0, NULL, 2, _UU("CM_ST_PROTOCOL_DETAILS"), tmp);
+		}
+
 		LvInsertAdd(b, 0, NULL, 2, _UU("CM_ST_UDP_ACCEL_ENABLED"), (s->IsUdpAccelerationEnabled ? _UU("CM_ST_YES") : _UU("CM_ST_NO")));
 		LvInsertAdd(b, 0, NULL, 2, _UU("CM_ST_UDP_ACCEL_USING"), (s->IsUsingUdpAcceleration ? _UU("CM_ST_YES") : _UU("CM_ST_NO")));
 

src/Cedar/Cedar.h

@@ -126,10 +126,10 @@
 
 
 // Version number
-#define	CEDAR_VER					429
+#define	CEDAR_VER					430
 
 // Build Number
-#define	CEDAR_BUILD					9680
+#define	CEDAR_BUILD					9695
 
 // Beta number
 //#define	BETA_NUMBER					3
@@ -149,11 +149,11 @@
 
 // Specifies the build date
 #define	BUILD_DATE_Y		2019
-#define	BUILD_DATE_M		2
+#define	BUILD_DATE_M		7
-#define	BUILD_DATE_D		28
+#define	BUILD_DATE_D		7
-#define	BUILD_DATE_HO		18
+#define	BUILD_DATE_HO		19
-#define	BUILD_DATE_MI		39
+#define	BUILD_DATE_MI		58
-#define	BUILD_DATE_SE		47
+#define	BUILD_DATE_SE		8
 
 // Tolerable time difference
 #define	ALLOW_TIMESTAMP_DIFF		(UINT64)(3 * 24 * 60 * 60 * 1000)
@@ -438,6 +438,7 @@
 #define	AUTHTYPE_ROOTCERT				3			// Root certificate which is issued by trusted Certificate Authority
 #define	AUTHTYPE_RADIUS					4			// Radius authentication
 #define	AUTHTYPE_NT						5			// Windows NT authentication
+#define	AUTHTYPE_OPENVPN_CERT    		98			// TLS client certificate authentication
 #define	AUTHTYPE_TICKET					99			// Ticket authentication
 
 // Constant of the client side

src/Cedar/CedarType.h

@@ -234,6 +234,9 @@ typedef struct BLACK BLACK;
 typedef struct SEND_SIGNATURE_PARAM SEND_SIGNATURE_PARAM;
 typedef struct UPDATE_CLIENT UPDATE_CLIENT;
 typedef struct UPDATE_CLIENT_SETTING UPDATE_CLIENT_SETTING;
+typedef struct HTTP_MIME_TYPE HTTP_MIME_TYPE;
+typedef struct WS WS;
+typedef struct WSP WSP;
 
 
 // ==============================================================
@@ -673,6 +676,7 @@ typedef struct IPC_ASYNC IPC_ASYNC;
 typedef struct IPC_PARAM IPC_PARAM;
 typedef struct IPC_DHCP_RELESAE_QUEUE IPC_DHCP_RELESAE_QUEUE;
 typedef struct IPC_MSCHAP_V2_AUTHINFO IPC_MSCHAP_V2_AUTHINFO;
+typedef struct IPC_SESSION_SHARED_BUFFER_DATA IPC_SESSION_SHARED_BUFFER_DATA;
 
 
 // ==============================================================

src/Cedar/Client.c

@@ -4083,14 +4083,16 @@ void OutRpcClientEnumCa(PACK *p, RPC_CLIENT_ENUM_CA *e)
 
 	PackAddNum(p, "NumItem", e->NumItem);
 
+	PackSetCurrentJsonGroupName(p, "CAList");
 	for (i = 0;i < e->NumItem;i++)
 	{
 		RPC_CLIENT_ENUM_CA_ITEM *item = e->Items[i];
 		PackAddIntEx(p, "Key", item->Key, i, e->NumItem);
 		PackAddUniStrEx(p, "SubjectName", item->SubjectName, i, e->NumItem);
 		PackAddUniStrEx(p, "IssuerName", item->IssuerName, i, e->NumItem);
-		PackAddInt64Ex(p, "Expires", item->Expires, i, e->NumItem);
+		PackAddTime64Ex(p, "Expires", item->Expires, i, e->NumItem);
 	}
+	PackSetCurrentJsonGroupName(p, NULL);
 }
 
 // RPC_GET_ISSUER
@@ -4361,6 +4363,7 @@ void OutRpcClientEnumSecure(PACK *p, RPC_CLIENT_ENUM_SECURE *e)
 
 	PackAddNum(p, "NumItem", e->NumItem);
 
+	PackSetCurrentJsonGroupName(p, "SecureDeviceList");
 	for (i = 0;i < e->NumItem;i++)
 	{
 		RPC_CLIENT_ENUM_SECURE_ITEM *item = e->Items[i];
@@ -4370,6 +4373,7 @@ void OutRpcClientEnumSecure(PACK *p, RPC_CLIENT_ENUM_SECURE *e)
 		PackAddStrEx(p, "DeviceName", item->DeviceName, i, e->NumItem);
 		PackAddStrEx(p, "Manufacturer", item->Manufacturer, i, e->NumItem);
 	}
+	PackSetCurrentJsonGroupName(p, NULL);
 }
 
 // RPC_USE_SECURE
@@ -4453,11 +4457,13 @@ void OutRpcEnumObjectInSecure(PACK *p, RPC_ENUM_OBJECT_IN_SECURE *e)
 	PackAddNum(p, "NumItem", e->NumItem);
 	PackAddInt(p, "hWnd", e->hWnd);
 
+	PackSetCurrentJsonGroupName(p, "ObjectList");
 	for (i = 0;i < e->NumItem;i++)
 	{
 		PackAddStrEx(p, "ItemName", e->ItemName[i], i, e->NumItem);
 		PackAddIntEx(p, "ItemType", e->ItemType[i], i, e->NumItem);
 	}
+	PackSetCurrentJsonGroupName(p, NULL);
 }
 
 // RPC_CLIENT_CREATE_VLAN
@@ -4577,6 +4583,7 @@ void OutRpcClientEnumVLan(PACK *p, RPC_CLIENT_ENUM_VLAN *v)
 
 	PackAddNum(p, "NumItem", v->NumItem);
 
+	PackSetCurrentJsonGroupName(p, "VLanList");
 	for (i = 0;i < v->NumItem;i++)
 	{
 		RPC_CLIENT_ENUM_VLAN_ITEM *item = v->Items[i];
@@ -4586,6 +4593,7 @@ void OutRpcClientEnumVLan(PACK *p, RPC_CLIENT_ENUM_VLAN *v)
 		PackAddStrEx(p, "MacAddress", item->MacAddress, i, v->NumItem);
 		PackAddStrEx(p, "Version", item->Version, i, v->NumItem);
 	}
+	PackSetCurrentJsonGroupName(p, NULL);
 }
 
 // CLIENT_OPTION
@@ -4651,10 +4659,10 @@ void OutRpcClientOption(PACK *p, CLIENT_OPTION *c)
 	PackAddInt(p, "NumRetry", c->NumRetry);
 	PackAddInt(p, "RetryInterval", c->RetryInterval);
 	PackAddInt(p, "MaxConnection", c->MaxConnection);
-	PackAddInt(p, "UseEncrypt", c->UseEncrypt);
+	PackAddBool(p, "UseEncrypt", c->UseEncrypt);
-	PackAddInt(p, "UseCompress", c->UseCompress);
+	PackAddBool(p, "UseCompress", c->UseCompress);
-	PackAddInt(p, "HalfConnection", c->HalfConnection);
+	PackAddBool(p, "HalfConnection", c->HalfConnection);
-	PackAddInt(p, "NoRoutingTracking", c->NoRoutingTracking);
+	PackAddBool(p, "NoRoutingTracking", c->NoRoutingTracking);
 	PackAddInt(p, "AdditionalConnectionInterval", c->AdditionalConnectionInterval);
 	PackAddInt(p, "ConnectionDisconnectSpan", c->ConnectionDisconnectSpan);
 	PackAddBool(p, "HideStatusWindow", c->HideStatusWindow);
@@ -4866,6 +4874,7 @@ void OutRpcClientEnumAccount(PACK *p, RPC_CLIENT_ENUM_ACCOUNT *e)
 
 	PackAddNum(p, "NumItem", e->NumItem);
 
+	PackSetCurrentJsonGroupName(p, "AccountList");
 	for (i = 0;i < e->NumItem;i++)
 	{
 		RPC_CLIENT_ENUM_ACCOUNT_ITEM *item = e->Items[i];
@@ -4881,10 +4890,11 @@ void OutRpcClientEnumAccount(PACK *p, RPC_CLIENT_ENUM_ACCOUNT *e)
 		PackAddBoolEx(p, "Connected", item->Connected, i, e->NumItem);
 		PackAddIntEx(p, "Port", item->Port, i, e->NumItem);
 		PackAddStrEx(p, "HubName", item->HubName, i, e->NumItem);
-		PackAddInt64Ex(p, "CreateDateTime", item->CreateDateTime, i, e->NumItem);
+		PackAddTime64Ex(p, "CreateDateTime", item->CreateDateTime, i, e->NumItem);
-		PackAddInt64Ex(p, "UpdateDateTime", item->UpdateDateTime, i, e->NumItem);
+		PackAddTime64Ex(p, "UpdateDateTime", item->UpdateDateTime, i, e->NumItem);
-		PackAddInt64Ex(p, "LastConnectDateTime", item->LastConnectDateTime, i, e->NumItem);
+		PackAddTime64Ex(p, "LastConnectDateTime", item->LastConnectDateTime, i, e->NumItem);
 	}
+	PackSetCurrentJsonGroupName(p, NULL);
 }
 
 // RPC_CLIENT_DELETE_ACCOUNT
@@ -4998,9 +5008,9 @@ void OutRpcClientGetAccount(PACK *p, RPC_CLIENT_GET_ACCOUNT *c)
 
 	PackAddData(p, "ShortcutKey", c->ShortcutKey, SHA1_SIZE);
 
-	PackAddInt64(p, "CreateDateTime", c->CreateDateTime);
+	PackAddTime64(p, "CreateDateTime", c->CreateDateTime);
-	PackAddInt64(p, "UpdateDateTime", c->UpdateDateTime);
+	PackAddTime64(p, "UpdateDateTime", c->UpdateDateTime);
-	PackAddInt64(p, "LastConnectDateTime", c->LastConnectDateTime);
+	PackAddTime64(p, "LastConnectDateTime", c->LastConnectDateTime);
 }
 
 // RPC_CLIENT_CONNECT
@@ -5103,6 +5113,7 @@ void InRpcClientGetConnectionStatus(RPC_CLIENT_GET_CONNECTION_STATUS *s, PACK *p
 	s->UseCompress = PackGetInt(p, "UseCompress") ? true : false;
 	s->IsRUDPSession = PackGetInt(p, "IsRUDPSession") ? true : false;
 	PackGetStr(p, "UnderlayProtocol", s->UnderlayProtocol, sizeof(s->UnderlayProtocol));
+	PackGetStr(p, "ProtocolDetails", s->ProtocolDetails, sizeof(s->ProtocolDetails));
 	s->IsUdpAccelerationEnabled = PackGetInt(p, "IsUdpAccelerationEnabled") ? true : false;
 	s->IsUsingUdpAcceleration = PackGetInt(p, "IsUsingUdpAcceleration") ? true : false;
 
@@ -5148,32 +5159,33 @@ void OutRpcClientGetConnectionStatus(PACK *p, RPC_CLIENT_GET_CONNECTION_STATUS *
 
 	PackAddData(p, "SessionKey", c->SessionKey, SHA1_SIZE);
 
-	PackAddInt(p, "Active", c->Active);
+	PackAddBool(p, "Active", c->Active);
-	PackAddInt(p, "Connected", c->Connected);
+	PackAddBool(p, "Connected", c->Connected);
 	PackAddInt(p, "SessionStatus", c->SessionStatus);
 	PackAddInt(p, "ServerPort", c->ServerPort);
 	PackAddInt(p, "ServerProductVer", c->ServerProductVer);
 	PackAddInt(p, "ServerProductBuild", c->ServerProductBuild);
 	PackAddInt(p, "NumConnectionsEatablished", c->NumConnectionsEatablished);
-	PackAddInt(p, "HalfConnection", c->HalfConnection);
+	PackAddBool(p, "HalfConnection", c->HalfConnection);
-	PackAddInt(p, "QoS", c->QoS);
+	PackAddBool(p, "QoS", c->QoS);
 	PackAddInt(p, "MaxTcpConnections", c->MaxTcpConnections);
 	PackAddInt(p, "NumTcpConnections", c->NumTcpConnections);
 	PackAddInt(p, "NumTcpConnectionsUpload", c->NumTcpConnectionsUpload);
 	PackAddInt(p, "NumTcpConnectionsDownload", c->NumTcpConnectionsDownload);
-	PackAddInt(p, "UseEncrypt", c->UseEncrypt);
+	PackAddBool(p, "UseEncrypt", c->UseEncrypt);
-	PackAddInt(p, "UseCompress", c->UseCompress);
+	PackAddBool(p, "UseCompress", c->UseCompress);
-	PackAddInt(p, "IsRUDPSession", c->IsRUDPSession);
+	PackAddBool(p, "IsRUDPSession", c->IsRUDPSession);
 	PackAddStr(p, "UnderlayProtocol", c->UnderlayProtocol);
-	PackAddInt(p, "IsUdpAccelerationEnabled", c->IsUdpAccelerationEnabled);
+	PackAddStr(p, "ProtocolDetails", c->ProtocolDetails);
-	PackAddInt(p, "IsUsingUdpAcceleration", c->IsUsingUdpAcceleration);
+	PackAddBool(p, "IsUdpAccelerationEnabled", c->IsUdpAccelerationEnabled);
+	PackAddBool(p, "IsUsingUdpAcceleration", c->IsUsingUdpAcceleration);
 
 	PackAddBool(p, "IsBridgeMode", c->IsBridgeMode);
 	PackAddBool(p, "IsMonitorMode", c->IsMonitorMode);
 
-	PackAddInt64(p, "StartTime", c->StartTime);
+	PackAddTime64(p, "StartTime", c->StartTime);
-	PackAddInt64(p, "FirstConnectionEstablisiedTime", c->FirstConnectionEstablisiedTime);
+	PackAddTime64(p, "FirstConnectionEstablisiedTime", c->FirstConnectionEstablisiedTime);
-	PackAddInt64(p, "CurrentConnectionEstablishTime", c->CurrentConnectionEstablishTime);
+	PackAddTime64(p, "CurrentConnectionEstablishTime", c->CurrentConnectionEstablishTime);
 	PackAddInt64(p, "TotalSendSize", c->TotalSendSize);
 	PackAddInt64(p, "TotalRecvSize", c->TotalRecvSize);
 	PackAddInt64(p, "TotalSendSizeReal", c->TotalSendSizeReal);
@@ -6124,9 +6136,23 @@ void CiGetSessionStatus(RPC_CLIENT_GET_CONNECTION_STATUS *st, SESSION *s)
 				st->IsRUDPSession = s->IsRUDPSession;
 				// Physical communication protocol
 				StrCpy(st->UnderlayProtocol, sizeof(st->UnderlayProtocol), s->UnderlayProtocol);
+				// Protocol details
+				StrCpy(st->ProtocolDetails, sizeof(st->ProtocolDetails), s->ProtocolDetails);
+				Trim(st->ProtocolDetails);
 				// UDP acceleration function
 				st->IsUdpAccelerationEnabled = s->UseUdpAcceleration;
 				st->IsUsingUdpAcceleration = s->IsUsingUdpAcceleration;
+				if (s->IpcSessionShared != NULL && IsEmptyStr(s->IpcSessionShared->ProtocolDetails) == false)
+				{
+					char tmp[256];
+					StrCpy(tmp, sizeof(tmp), s->IpcSessionShared->ProtocolDetails);
+					Trim(tmp);
+					StrCat(st->ProtocolDetails, sizeof(st->ProtocolDetails), " ");
+					StrCat(st->ProtocolDetails, sizeof(st->ProtocolDetails), tmp);
+
+					st->IsUdpAccelerationEnabled = s->IpcSessionShared->EnableUdpAccel;
+					st->IsUsingUdpAcceleration = s->IpcSessionShared->UsingUdpAccel;
+				}
 				// Session key
 				Copy(st->SessionKey, s->SessionKey, SHA1_SIZE);
 				// Policy

src/Cedar/Client.h

@@ -433,6 +433,7 @@ struct RPC_CLIENT_GET_CONNECTION_STATUS
 	bool UseCompress;						// Use of compression
 	bool IsRUDPSession;						// R-UDP session
 	char UnderlayProtocol[64];				// Physical communication protocol
+	char ProtocolDetails[256];				// Protocol Details
 	bool IsUdpAccelerationEnabled;			// The UDP acceleration is enabled
 	bool IsUsingUdpAcceleration;			// Using the UDP acceleration function
 	char SessionName[MAX_SESSION_NAME_LEN + 1];	// Session name

src/Cedar/Command.c

@@ -14494,6 +14494,12 @@ void CmdPrintStatusToListViewEx(CT *ct, RPC_CLIENT_GET_CONNECTION_STATUS *s, boo
 			CtInsert(ct, _UU("CM_ST_UNDERLAY_PROTOCOL"), tmp);
 		}
 
+		if (IsEmptyStr(s->ProtocolDetails) == false)
+		{
+			StrToUni(tmp, sizeof(tmp), s->ProtocolDetails);
+			CtInsert(ct, _UU("CM_ST_PROTOCOL_DETAILS"), tmp);
+		}
+
 		CtInsert(ct, _UU("CM_ST_UDP_ACCEL_ENABLED"), (s->IsUdpAccelerationEnabled ? _UU("CM_ST_YES") : _UU("CM_ST_NO")));
 		CtInsert(ct, _UU("CM_ST_UDP_ACCEL_USING"), (s->IsUsingUdpAcceleration ? _UU("CM_ST_YES") : _UU("CM_ST_NO")));
 
@@ -21663,6 +21669,9 @@ UINT PsLicenseAdd(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
 
 	FreeParamValueList(o);
 
+	c->Write(c, _UU("SM_LICENSE_WARNING"));
+	c->Write(c, L"\n");
+
 	return 0;
 }
 

src/Cedar/Connection.c

@@ -1267,6 +1267,8 @@ void ConnectionSend(CONNECTION *c, UINT64 now)
 										s->TotalSendSizeReal += b->Size;
 
 										c->CurrentSendQueueSize -= b->Size;
+
+										Free(new_buf);
 									}
 
 									FreeBlock(b);
@@ -1861,6 +1863,18 @@ void ConnectionReceive(CONNECTION *c, CANCEL *c1, CANCEL *c2)
 			{
 				TUBE *t = sock->BulkRecvTube;
 
+				//for testing purpose
+				//if (sock->test_tmp1 == 0) sock->test_tmp1 = now;
+				//if ((sock->test_tmp1 + 5000ULL) <= now)
+				//{
+				//	// bugbug
+				//	if (c->ServerMode == false)
+				//	{
+				//		WHERE;
+				//		Disconnect(sock);
+				//	}
+				//}
+
 				if (s->EnableBulkOnRUDP)
 				{
 					// R-UDP bulk transfer data reception
@@ -2789,6 +2803,8 @@ BLOCK *NewBlock(void *data, UINT size, int compress)
 
 	b = MallocFast(sizeof(BLOCK));
 
+	b->RawFlagRetUdpAccel = 0;
+
 	b->IsFlooding = false;
 
 	b->PriorityQoS = b->Ttl = b->Param1 = 0;

src/Cedar/Connection.h

@@ -252,6 +252,7 @@ struct BLOCK
 	UINT Ttl;						// TTL value (Used only in ICMP NAT of Virtual.c)
 	UINT Param1;					// Parameter 1
 	bool IsFlooding;				// Is flooding packet
+	UCHAR RawFlagRetUdpAccel;		// Raw flag returned by UDP accel
 };
 
 // Connection structure
@@ -305,6 +306,7 @@ struct CONNECTION
 	void *hWndForUI;				// Parent window
 	bool IsInProc;					// In-process
 	char InProcPrefix[64];			// Prefix
+	UINT InProcLayer;				// InProc layer
 	UINT AdditionalConnectionFailedCounter;		// Additional connection failure counter
 	UINT64 LastCounterResetTick;	// Time the counter was reset finally
 	bool WasSstp;					// Processed the SSTP
@@ -314,6 +316,9 @@ struct CONNECTION
 	UINT LastPacketQueueSize;		// The last queue size of packets
 	UINT LastRecvFifoTotalSize;		// The last RecvFifo total size
 	UINT LastRecvBlocksNum;			// The last ReceivedBlocks num
+	bool IsJsonRpc;					// Is JSON-RPC
+	bool JsonRpcAuthed;				// JSON-RPC Authed
+	LISTENER *Listener;				// Listener ref
 };
 
 

src/Cedar/DDNS.c

@@ -134,6 +134,9 @@ void DCGetStatus(DDNS_CLIENT *c, DDNS_CLIENT_STATUS *st)
 		Copy(&st->InternetSetting, &c->InternetSetting, sizeof(INTERNET_SETTING));
 	}
 	Unlock(c->Lock);
+
+	UniStrCpy(st->ErrStr_IPv4, sizeof(st->ErrStr_IPv4), _E(st->Err_IPv4));
+	UniStrCpy(st->ErrStr_IPv6, sizeof(st->ErrStr_IPv6), _E(st->Err_IPv6));
 }
 
 // Set the Internet settings

src/Cedar/DDNS.h

@@ -208,6 +208,8 @@ struct DDNS_REGISTER_PARAM
 struct DDNS_CLIENT_STATUS
 {
 	UINT Err_IPv4, Err_IPv6;				// Last error
+	wchar_t ErrStr_IPv4[MAX_SIZE];
+	wchar_t ErrStr_IPv6[MAX_SIZE];
 	char CurrentHostName[DDNS_MAX_HOSTNAME + 1];	// Current host name
 	char CurrentFqdn[MAX_SIZE];				// Current FQDN
 	char DnsSuffix[MAX_SIZE];				// DNS suffix

src/Cedar/EtherLog.c

@@ -662,6 +662,7 @@ void OutRpcEnumDevice(PACK *p, RPC_ENUM_DEVICE *t)
 
 	PackAddInt(p, "NumItem", t->NumItem);
 
+	PackSetCurrentJsonGroupName(p, "DeviceList");
 	for (i = 0;i < t->NumItem;i++)
 	{
 		RPC_ENUM_DEVICE_ITEM *d = &t->Items[i];
@@ -669,6 +670,7 @@ void OutRpcEnumDevice(PACK *p, RPC_ENUM_DEVICE *t)
 		PackAddStrEx(p, "DeviceName", d->DeviceName, i, t->NumItem);
 		PackAddBoolEx(p, "Active", d->Active, i, t->NumItem);
 	}
+	PackSetCurrentJsonGroupName(p, NULL);
 
 	PackAddBool(p, "IsLicenseSupported", t->IsLicenseSupported);
 }
@@ -709,7 +711,7 @@ void OutRpcElLicenseStatus(PACK *p, RPC_EL_LICENSE_STATUS *t)
 
 	PackAddBool(p, "Valid", t->Valid);
 	PackAddInt64(p, "SystemId", t->SystemId);
-	PackAddInt64(p, "SystemExpires", t->SystemExpires);
+	PackAddTime64(p, "SystemExpires", t->SystemExpires);
 }
 
 // Listener thread

src/Cedar/Hub.c

@@ -159,7 +159,7 @@ UINT num_admin_options = sizeof(admin_options) / sizeof(ADMIN_OPTION);
 
 
 // Create an EAP client for the specified Virtual Hub
-EAP_CLIENT *HubNewEapClient(CEDAR *cedar, char *hubname, char *client_ip_str, char *username)
+EAP_CLIENT *HubNewEapClient(CEDAR *cedar, char *hubname, char *client_ip_str, char *username, char *vpn_protocol_state_str)
 {
 	HUB *hub = NULL;
 	EAP_CLIENT *ret = NULL;
@@ -209,6 +209,11 @@ EAP_CLIENT *HubNewEapClient(CEDAR *cedar, char *hubname, char *client_ip_str, ch
 
 							if (eap != NULL)
 							{
+								if (IsEmptyStr(vpn_protocol_state_str) == false)
+								{
+									StrCpy(eap->In_VpnProtocolState, sizeof(eap->In_VpnProtocolState), vpn_protocol_state_str);
+								}
+
 								if (use_peap == false)
 								{
 									// EAP
@@ -778,6 +783,8 @@ void HubOptionStructToData(RPC_ADMIN_OPTION *ao, HUB_OPTION *o, char *hub_name)
 	{
 		ADMIN_OPTION *a = LIST_DATA(aol, i);
 
+		UniStrCpy(a->Descrption, sizeof(a->Descrption), GetHubAdminOptionHelpString(a->Name));
+
 		Copy(&ao->Items[i], a, sizeof(ADMIN_OPTION));
 
 		Free(a);

src/Cedar/Hub.h

@@ -384,6 +384,7 @@ struct ADMIN_OPTION
 {
 	char Name[MAX_ADMIN_OPTION_NAME_LEN + 1];	// Name
 	UINT Value;									// Data
+	wchar_t Descrption[MAX_SIZE];				// Descrption
 };
 
 // Certificate Revocation List entry
@@ -634,7 +635,7 @@ void CalcTrafficDiff(TRAFFIC *diff, TRAFFIC *old, TRAFFIC *current);
 bool CheckMaxLoggedPacketsPerMinute(SESSION *s, UINT max_packets, UINT64 now);
 void VgsSetUserAgentValue(char *str);
 void VgsSetEmbTag(bool b);
-EAP_CLIENT *HubNewEapClient(CEDAR *cedar, char *hubname, char *client_ip_str, char *username);
+EAP_CLIENT *HubNewEapClient(CEDAR *cedar, char *hubname, char *client_ip_str, char *username, char *vpn_protocol_state_str);
 
 #endif	// HUB_H
 

src/Cedar/IPsec_EtherIP.c

@@ -161,7 +161,7 @@ void EtherIPIpcConnectThread(THREAD *t, void *p)
 			&s->ClientIP, s->ClientPort,
 			&s->ServerIP, s->ServerPort,
 			tmp,
-			s->CryptName, true, mss, NULL);
+			s->CryptName, true, mss, NULL, NULL, IPC_LAYER_2);
 
 		if (ipc != NULL)
 		{

src/Cedar/IPsec_IPC.c

@@ -314,7 +314,7 @@ IPC *NewIPCByParam(CEDAR *cedar, IPC_PARAM *param, UINT *error_code)
 		param->UserName, param->Password, error_code, &param->ClientIp,
 		param->ClientPort, &param->ServerIp, param->ServerPort,
 		param->ClientHostname, param->CryptName,
-		param->BridgeMode, param->Mss, NULL);
+		param->BridgeMode, param->Mss, NULL, param->ClientCertificate, param->Layer);
 
 	return ipc;
 }
@@ -323,7 +323,8 @@ IPC *NewIPCByParam(CEDAR *cedar, IPC_PARAM *param, UINT *error_code)
 IPC *NewIPC(CEDAR *cedar, char *client_name, char *postfix, char *hubname, char *username, char *password,
 			UINT *error_code, IP *client_ip, UINT client_port, IP *server_ip, UINT server_port,
 			char *client_hostname, char *crypt_name,
-			bool bridge_mode, UINT mss, EAP_CLIENT *eap_client)
+			bool bridge_mode, UINT mss, EAP_CLIENT *eap_client, X *client_certificate,
+			UINT layer)
 {
 	IPC *ipc;
 	UINT dummy_int = 0;
@@ -338,6 +339,7 @@ IPC *NewIPC(CEDAR *cedar, char *client_name, char *postfix, char *hubname, char
 	NODE_INFO info;
 	BUF *b;
 	UCHAR mschap_v2_server_response_20[20];
+	UINT64 u64;
 	// Validate arguments
 	if (cedar == NULL || username == NULL || password == NULL || client_hostname == NULL)
 	{
@@ -371,6 +373,12 @@ IPC *NewIPC(CEDAR *cedar, char *client_name, char *postfix, char *hubname, char
 	ipc->Cedar = cedar;
 	AddRef(cedar->ref);
 
+	ipc->Layer = layer;
+	if (ipc->Layer == 0)
+	{
+		ipc->Layer = IPC_LAYER_2;
+	}
+
 	ipc->FlushList = NewTubeFlushList();
 
 	StrCpy(ipc->ClientHostname, sizeof(ipc->ClientHostname), client_hostname);
@@ -416,7 +424,14 @@ IPC *NewIPC(CEDAR *cedar, char *client_name, char *postfix, char *hubname, char
 	FreePack(p);
 
 	// Upload the authentication data
-	p = PackLoginWithPlainPassword(hubname, username, password);
+	if (client_certificate != NULL)
+	{
+		p = PackLoginWithOpenVPNCertificate(hubname, username, client_certificate);
+	}
+	else
+	{
+		p = PackLoginWithPlainPassword(hubname, username, password);
+	}
 	PackAddStr(p, "hello", client_name);
 	PackAddInt(p, "client_ver", cedar->Version);
 	PackAddInt(p, "client_build", cedar->Build);
@@ -451,6 +466,7 @@ IPC *NewIPC(CEDAR *cedar, char *client_name, char *postfix, char *hubname, char
 
 	PackAddStr(p, "inproc_postfix", postfix);
 	PackAddStr(p, "inproc_cryptname", crypt_name);
+	PackAddInt(p, "inproc_layer", ipc->Layer);
 
 	// Node information
 	Zero(&info, sizeof(info));
@@ -532,6 +548,10 @@ IPC *NewIPC(CEDAR *cedar, char *client_name, char *postfix, char *hubname, char
 
 	Debug("IPC: Session = %s, Connection = %s, Mac = %s\n", ipc->SessionName, ipc->ConnectionName, macstr);
 
+	u64 = PackGetInt64(p, "IpcSessionSharedBuffer");
+	ipc->IpcSessionSharedBuffer = (SHARED_BUFFER *)u64;
+	ipc->IpcSessionShared = ipc->IpcSessionSharedBuffer->Data;
+
 	FreePack(p);
 
 	ReleaseSock(a);
@@ -666,6 +686,8 @@ void FreeIPC(IPC *ipc)
 
 	ReleaseQueue(ipc->IPv4RecviedQueue);
 	
+	ReleaseSharedBuffer(ipc->IpcSessionSharedBuffer);
+
 	Free(ipc);
 }
 

src/Cedar/IPsec_IPC.h

@@ -119,6 +119,9 @@
 
 #define	IPC_PASSWORD_MSCHAPV2_TAG		"xH7DiNlurDhcYV4a:"
 
+#define IPC_LAYER_2						2
+#define IPC_LAYER_3						3
+
 // ARP table entry
 struct IPC_ARP
 {
@@ -138,6 +141,14 @@ struct IPC_DHCP_RELESAE_QUEUE
 	UCHAR MacAddress[6];
 };
 
+// IPC_SESSION_SHARED_BUFFER_DATA
+struct IPC_SESSION_SHARED_BUFFER_DATA
+{
+	char ProtocolDetails[256];		// Protocol Details
+	bool EnableUdpAccel;
+	bool UsingUdpAccel;
+};
+
 // IPC_PARAM
 struct IPC_PARAM
 {
@@ -156,6 +167,8 @@ struct IPC_PARAM
 	UINT Mss;
 	bool IsL3Mode;
 	bool IsOpenVPN;
+	X *ClientCertificate;
+	UINT Layer;
 };
 
 // IPC_ASYNC object
@@ -200,6 +213,9 @@ struct IPC
 	TUBE_FLUSH_LIST *FlushList;			// Tube Flush List
 	UCHAR MsChapV2_ServerResponse[20];	// Server response
 	DHCP_CLASSLESS_ROUTE_TABLE ClasslessRoute;	// Classless routing table
+	SHARED_BUFFER *IpcSessionSharedBuffer;	// A shared buffer between IPC and Session
+	IPC_SESSION_SHARED_BUFFER_DATA *IpcSessionShared;	// A shared data between IPC and Session
+	UINT Layer;
 };
 
 // MS-CHAPv2 authentication information
@@ -215,7 +231,8 @@ struct IPC_MSCHAP_V2_AUTHINFO
 IPC *NewIPC(CEDAR *cedar, char *client_name, char *postfix, char *hubname, char *username, char *password,
 			UINT *error_code, IP *client_ip, UINT client_port, IP *server_ip, UINT server_port,
 			char *client_hostname, char *crypt_name,
-			bool bridge_mode, UINT mss, EAP_CLIENT *eap_client);
+			bool bridge_mode, UINT mss, EAP_CLIENT *eap_client, X *client_certificate,
+			UINT layer);
 IPC *NewIPCByParam(CEDAR *cedar, IPC_PARAM *param, UINT *error_code);
 IPC *NewIPCBySock(CEDAR *cedar, SOCK *s, void *mac_address);
 void FreeIPC(IPC *ipc);

src/Cedar/IPsec_PPP.c

@@ -299,7 +299,7 @@ void PPPThread(THREAD *thread, void *param)
 
 						IPToStr(client_ip_tmp, sizeof(client_ip_tmp), &p->ClientIP);
 
-						eap = HubNewEapClient(p->Cedar, hub, client_ip_tmp, id);
+						eap = HubNewEapClient(p->Cedar, hub, client_ip_tmp, id, "L3:PPP");
 
 						if (eap)
 						{
@@ -1009,7 +1009,8 @@ PPP_PACKET *PPPProcessRequestPacket(PPP_SESSION *p, PPP_PACKET *req)
 					// Attempt to connect with IPC
 					ipc = NewIPC(p->Cedar, p->ClientSoftwareName, p->Postfix, hub, id, password,
 						&error_code, &p->ClientIP, p->ClientPort, &p->ServerIP, p->ServerPort,
-						p->ClientHostname, p->CryptName, false, p->AdjustMss, p->EapClient);
+						p->ClientHostname, p->CryptName, false, p->AdjustMss, p->EapClient, NULL,
+						IPC_LAYER_3);
 
 					if (ipc != NULL)
 					{
@@ -1142,7 +1143,8 @@ PPP_PACKET *PPPProcessRequestPacket(PPP_SESSION *p, PPP_PACKET *req)
 
 								ipc = NewIPC(p->Cedar, p->ClientSoftwareName, p->Postfix, hub, id, password,
 									&error_code, &p->ClientIP, p->ClientPort, &p->ServerIP, p->ServerPort,
-									p->ClientHostname, p->CryptName, false, p->AdjustMss, NULL);
+									p->ClientHostname, p->CryptName, false, p->AdjustMss, NULL, NULL,
+									IPC_LAYER_3);
 
 								if (ipc != NULL)
 								{

src/Cedar/Interop_OpenVPN.c

@@ -433,7 +433,8 @@ void OvsProcessRecvControlPacket(OPENVPN_SERVER *s, OPENVPN_SESSION *se, OPENVPN
 			// Create an SSL pipe
 			Lock(s->Cedar->lock);
 			{
-				c->SslPipe = NewSslPipe(true, s->Cedar->ServerX, s->Cedar->ServerK, s->Dh);
+				bool cert_verify = true;
+				c->SslPipe = NewSslPipeEx(true, s->Cedar->ServerX, s->Cedar->ServerK, s->Dh, cert_verify, &c->ClientCert);
 			}
 			Unlock(s->Cedar->lock);
 
@@ -703,8 +704,19 @@ void OvsBeginIPCAsyncConnectionIfEmpty(OPENVPN_SERVER *s, OPENVPN_SESSION *se, O
 			p.BridgeMode = true;
 		}
 
+		if (IsEmptyStr(c->ClientKey.Username) || IsEmptyStr(c->ClientKey.Password))
+		{
+			// OpenVPN X.509 certificate authentication is used only when no username / password is specified
+			if (c->ClientCert.X != NULL)
+			{
+				p.ClientCertificate = c->ClientCert.X;
+			}
+		}
+
 		p.IsOpenVPN = true;
 
+		p.Layer = (se->Mode == OPENVPN_MODE_L2) ? IPC_LAYER_2 : IPC_LAYER_3;
+
 		// Calculate the MSS
 		p.Mss = OvsCalcTcpMss(s, se, c);
 		Debug("MSS=%u\n", p.Mss);
@@ -771,6 +783,26 @@ void OvsSetupSessionParameters(OPENVPN_SERVER *s, OPENVPN_SESSION *se, OPENVPN_C
 
 	OvsLog(s, se, c, "LO_OPTION_STR_RECV", data->OptionString);
 
+	if (c->ClientCert.X != NULL)
+	{
+		if (c->ClientCert.X->subject_name != NULL)
+		{
+			OvsLog(s, se, c, "LO_CLIENT_CERT", c->ClientCert.X->subject_name->CommonName);
+		}
+		else
+		{
+			OvsLog(s, se, c, "LO_CLIENT_CERT", "(unknown CN)");
+		}
+	}
+	else if (!c->ClientCert.PreverifyErr)
+	{
+		OvsLog(s, se, c, "LO_CLIENT_NO_CERT");
+	}
+	else
+	{
+		OvsLog(s, se, c, "LO_CLIENT_UNVERIFIED_CERT", c->ClientCert.PreverifyErrMessage);
+	}
+
 	Zero(opt_str, sizeof(opt_str));
 	StrCpy(opt_str, sizeof(opt_str), data->OptionString);
 	if (s->Cedar != NULL && (IsEmptyStr(opt_str) || StartWith(opt_str, "V0 UNDEF") || InStr(opt_str, ",") == false))
@@ -1350,6 +1382,11 @@ void OvsFreeChannel(OPENVPN_CHANNEL *c)
 	FreeMd(c->MdRecv);
 	FreeMd(c->MdSend);
 
+	if (c->ClientCert.X != NULL)
+	{
+		FreeX(c->ClientCert.X);
+	}
+
 	Free(c);
 }
 

src/Cedar/Interop_OpenVPN.h

@@ -248,6 +248,7 @@ struct OPENVPN_CHANNEL
 	bool IsInitiatorServer;								// Whether the channel was started from the server side
 	bool RekeyInitiated;								// Whether re-keying has already started
 	UINT64 NextRekey;
+	struct SslClientCertInfo ClientCert;                // Client certificate and verification data
 };
 
 // OpenVPN session

src/Cedar/Listener.c

@@ -247,6 +247,9 @@ void TCPAcceptedThread(THREAD *t, void *param)
 	// Create a connection
 	c = NewServerConnection(r->Cedar, s, t);
 
+	AddRef(r->ref);
+	c->Listener = r;
+
 	// Register to Cedar as a transient connection
 	AddConnection(c->Cedar, c);
 
@@ -264,8 +267,11 @@ void TCPAcceptedThread(THREAD *t, void *param)
 	ConnectionAccept(c);
 	flag1 = c->flag1;
 
+
 	// Release
 	SLog(r->Cedar, "LS_CONNECTION_END_1", c->Name);
+	ReleaseListener(c->Listener);
+	c->Listener = NULL;
 	ReleaseConnection(c);
 
 	// Release

src/Cedar/Nat.c

@@ -895,18 +895,21 @@ void OutRpcEnumDhcp(PACK *p, RPC_ENUM_DHCP *t)
 	PackAddInt(p, "NumItem", t->NumItem);
 	PackAddStr(p, "HubName", t->HubName);
 
+	PackSetCurrentJsonGroupName(p, "DhcpTable");
+
 	for (i = 0;i < t->NumItem;i++)
 	{
 		RPC_ENUM_DHCP_ITEM *e = &t->Items[i];
 
 		PackAddIntEx(p, "Id", e->Id, i, t->NumItem);
-		PackAddInt64Ex(p, "LeasedTime", e->LeasedTime, i, t->NumItem);
+		PackAddTime64Ex(p, "LeasedTime", e->LeasedTime, i, t->NumItem);
-		PackAddInt64Ex(p, "ExpireTime", e->ExpireTime, i, t->NumItem);
+		PackAddTime64Ex(p, "ExpireTime", e->ExpireTime, i, t->NumItem);
 		PackAddDataEx(p, "MacAddress", e->MacAddress, 6, i, t->NumItem);
 		PackAddIp32Ex(p, "IpAddress", e->IpAddress, i, t->NumItem);
 		PackAddIntEx(p, "Mask", e->Mask, i, t->NumItem);
 		PackAddStrEx(p, "Hostname", e->Hostname, i, t->NumItem);
 	}
+	PackSetCurrentJsonGroupName(p, NULL);
 }
 void FreeRpcEnumDhcp(RPC_ENUM_DHCP *t)
 {
@@ -963,6 +966,8 @@ void OutRpcEnumNat(PACK *p, RPC_ENUM_NAT *t)
 
 	PackAddInt(p, "NumItem", t->NumItem);
 	PackAddStr(p, "HubName", t->HubName);
+
+	PackSetCurrentJsonGroupName(p, "NatTable");
 	for (i = 0;i < t->NumItem;i++)
 	{
 		RPC_ENUM_NAT_ITEM *e = &t->Items[i];
@@ -975,12 +980,13 @@ void OutRpcEnumNat(PACK *p, RPC_ENUM_NAT *t)
 		PackAddIp32Ex(p, "DestIp", e->DestIp, i, t->NumItem);
 		PackAddStrEx(p, "DestHost", e->DestHost, i, t->NumItem);
 		PackAddIntEx(p, "DestPort", e->DestPort, i, t->NumItem);
-		PackAddInt64Ex(p, "CreatedTime", e->CreatedTime, i, t->NumItem);
+		PackAddTime64Ex(p, "CreatedTime", e->CreatedTime, i, t->NumItem);
-		PackAddInt64Ex(p, "LastCommTime", e->LastCommTime, i, t->NumItem);
+		PackAddTime64Ex(p, "LastCommTime", e->LastCommTime, i, t->NumItem);
 		PackAddInt64Ex(p, "SendSize", e->SendSize, i, t->NumItem);
 		PackAddInt64Ex(p, "RecvSize", e->RecvSize, i, t->NumItem);
 		PackAddIntEx(p, "TcpStatus", e->TcpStatus, i, t->NumItem);
 	}
+	PackSetCurrentJsonGroupName(p, NULL);
 }
 void FreeRpcEnumNat(RPC_ENUM_NAT *t)
 {

src/Cedar/Protocol.h

@@ -105,6 +105,13 @@
 #ifndef	PROTOCOL_H
 #define	PROTOCOL_H
 
+// MIME types
+struct HTTP_MIME_TYPE
+{
+	char *Extension;
+	char *MimeType;
+};
+
 // The parameters that will be passed to the certificate confirmation thread
 struct CHECK_CERT_THREAD_PROC
 {
@@ -195,6 +202,73 @@ struct UPDATE_CLIENT
 #define	PROTO_SUPPRESS_CLIENT_UPDATE_NOTIFICATION_REGKEY	"Software\\" GC_REG_COMPANY_NAME "\\" CEDAR_PRODUCT_STR " VPN\\Client Update Notification"
 #define	PROTO_SUPPRESS_CLIENT_UPDATE_NOTIFICATION_REGVALUE	"Suppress"
 
+// WebSocket
+struct WS
+{
+	SOCK *Sock;
+	WSP *Wsp;
+	REF *Ref;
+	bool Disconnected;
+	UINT MaxBufferSize;
+	UCHAR TmpBuf[65536];
+};
+
+// WebSocket Protocol
+struct WSP
+{
+	UINT MaxBufferSize;
+	FIFO *PhysicalSendFifo;		// WSP -> Network
+	FIFO *PhysicalRecvFifo;		// WSP <- Network
+	FIFO *AppSendFifo;			// APP -> WSP
+	FIFO *AppRecvFifo;			// APP <- WSP
+	bool HasError;
+};
+
+// WebSocket constants
+#define WS_MAX_PAYLOAD_LEN_PER_FRAME	(8 * 1024 * 1024)
+#define WS_SEND_SINGLE_FRAGMENT_SIZE	(32 * 1024)
+
+#define WS_OPCODE_CONTINUE		0x00
+#define WS_OPCODE_TEXT			0x01
+#define WS_OPCODE_BIN			0x02
+#define WS_OPCODE_CLOSE			0x08
+#define WS_OPCODE_PING			0x09
+#define WS_OPCODE_PONG			0x0A
+
+// MVPN constants
+#define MVPN_VERSION_MIN			100
+#define MVPN_VERSION_CURRENT		100
+#define MVPN_MAX_AUTH_RETRY			10
+#define	MVPN_CLIENT_NAME			"Modern VPN Client"
+#define	NVPN_POSTFIX				"MVPN"
+
+// MVPN protocol constants
+#define MVPN_AUTHTYPE_ANONYMOUS				"anonymous"
+#define MVPN_AUTHTYPE_PASSWORD_PLAIN		"password_plain"
+#define MVPN_AUTHTYPE_PASSWORD_MSCHAPV2		"password_mschapv2"
+#define MVPN_AUTHTYPE_CERT					"x509cert"
+
+#define MVPN_HEARTBEAT_INTERVAL_DEFAULT		1234
+#define	MVPN_HEARTBEAT_INTERVAL_MIN			100
+#define	MVPN_HEARTBEAT_INTERVAL_MAX			15000
+
+#define MVPN_DISCONNECT_TIMEOUT_DEFAULT		15000
+#define MVPN_DISCONNECT_TIMEOUT_MIN			5000
+#define MVPN_DISCONNECT_TIMEOUT_MAX			60000
+
+#define MVPN_PACKET_MAGIC_NUMBER		0xCAFEBEEF
+#define MVPN_PACKET_TYPE_ETHERNET		0
+#define MVPN_PACKET_TYPE_IPV4			1
+#define MVPN_PACKET_TYPE_HEARTBEAT		254
+
+
+
+#define MVPN_AUTHTYPE_ALL_SUPPORTED			MVPN_AUTHTYPE_ANONYMOUS "," MVPN_AUTHTYPE_PASSWORD_PLAIN "," MVPN_AUTHTYPE_PASSWORD_MSCHAPV2 "," MVPN_AUTHTYPE_CERT
+
+
+
+
+
 // Function prototype
 UPDATE_CLIENT *NewUpdateClient(UPDATE_NOTIFY_PROC *cb, UPDATE_ISFOREGROUND_PROC *isforeground_cb, void *param, char *family_name, char *software_name, wchar_t *software_title, UINT my_build, UINT64 my_date, char *my_lang, UPDATE_CLIENT_SETTING *current_setting, char *client_id);
 void FreeUpdateClient(UPDATE_CLIENT *c);
@@ -233,6 +307,7 @@ PACK *PackLoginWithAnonymous(char *hubname, char *username);
 PACK *PackLoginWithPassword(char *hubname, char *username, void *secure_password);
 PACK *PackLoginWithPlainPassword(char *hubname, char *username, void *plain_password);
 PACK *PackLoginWithCert(char *hubname, char *username, X *x, void *sign, UINT sign_size);
+PACK *PackLoginWithOpenVPNCertificate(char *hubname, char *username, X *x);
 bool GetMethodFromPack(PACK *p, char *method, UINT size);
 bool GetHubnameAndUsernameFromPack(PACK *p, char *username, UINT username_size,
 								   char *hubname, UINT hubname_size);
@@ -302,6 +377,36 @@ X *FindCertIssuerFromCertList(LIST *o, X *x);
 bool TryGetRootCertChain(LIST *o, X *x, bool auto_save, X **found_root_x);
 bool TryGetParentCertFromCertList(LIST *o, X *x, LIST *found_chain);
 bool DownloadAndSaveIntermediateCertificatesIfNecessary(X *x);
+char *GetMimeTypeFromFileName(char *filename);
+
+void MvpnProcGet(CONNECTION *c, SOCK *s, HTTP_HEADER *h, char *url_target);
+bool MvpnSendReply(SOCK *s, UINT status_code, char *status_string, UCHAR *data, UINT data_size, char *content_type,
+						char *add_header_name, char *add_header_value, HTTP_HEADER *request_headers);
+void MvpnAccept(CONNECTION *c, SOCK *s);
+UINT MvpnDoAccept(CONNECTION *c, WS *w);
+
+
+WS *NewWs(SOCK *s);
+void ReleaseWs(WS *w);
+void CleanupWs(WS *w);
+UINT WsRecvSync(WS *w, void *data, UINT size);
+bool WsRecvSyncAll(WS *w, void *data, UINT size);
+bool WsSendSync(WS *w, void *data, UINT size);
+UINT WsRecvAsync(WS *w, void *data, UINT size);
+UINT WsSendAsync(WS *w, void *data, UINT size);
+bool WsTrySendAsync(WS *w);
+PACK *WsRecvPack(WS *w);
+bool WsSendPack(WS *w, PACK *p);
+PACK *WsNewErrorPack(UINT err);
+char *WsErrorCodeToString(UINT err);
+
+WSP *NewWsp();
+void FreeWsp(WSP *p);
+void WspTry(WSP *p);
+BLOCK *WspTryRecvNextFrame(WSP *p, UINT *read_buffer_size);
+void WspTrySendFrame(WSP *p, UCHAR opcode, void *data, UINT size);
+
+
 
 
 #endif	// PROTOCOL_H

src/Cedar/Radius.c

@@ -314,11 +314,11 @@ bool SendPeapRawPacket(EAP_CLIENT *e, UCHAR *peap_data, UINT peap_size)
 	fragments = NewListFast(NULL);
 	for (num = 0;;num++)
 	{
-		UCHAR tmp[1024];
+		UCHAR tmp[200];
 		EAP_PEAP *send_peap_message;
 		UINT sz;
 
-		sz = ReadBuf(buf, tmp, 1024);
+		sz = ReadBuf(buf, tmp, sizeof(tmp));
 
 		if (sz == 0)
 		{
@@ -690,6 +690,11 @@ void EapSetRadiusGeneralAttributes(RADIUS_PACKET *r, EAP_CLIENT *e)
 
 	Add(r->AvpList, NewRadiusAvp(RADIUS_ATTRIBUTE_NAS_ID, 0, 0, CEDAR_SERVER_STR, StrLen(CEDAR_SERVER_STR)));
 
+	if (IsEmptyStr(e->In_VpnProtocolState) == false)
+	{
+		Add(r->AvpList, NewRadiusAvp(RADIUS_ATTRIBUTE_PROXY_STATE, 0, 0, e->In_VpnProtocolState, StrLen(e->In_VpnProtocolState)));
+	}
+
 	ui = Endian32(2);
 	Add(r->AvpList, NewRadiusAvp(RADIUS_ATTRIBUTE_VENDOR_SPECIFIC, RADIUS_VENDOR_MICROSOFT,
 		RADIUS_MS_NETWORK_ACCESS_SERVER_TYPE, &ui, sizeof(UINT)));
@@ -1011,11 +1016,27 @@ RADIUS_PACKET *EapSendPacketAndRecvResponse(EAP_CLIENT *e, RADIUS_PACKET *r)
 						{
 							RADIUS_AVP *eap_msg = GetRadiusAvp(rp, RADIUS_ATTRIBUTE_EAP_MESSAGE);
 							RADIUS_AVP *vlan_avp = GetRadiusAvp(rp, RADIUS_ATTRIBUTE_VLAN_ID);
+							RADIUS_AVP *framed_interface_id_avp = GetRadiusAvp(rp, RADIUS_ATTRIBUTE_FRAMED_INTERFACE_ID);
 							if (eap_msg != NULL)
 							{
 								e->LastRecvEapId = ((EAP_MESSAGE *)(eap_msg->Data))->Id;
 							}
 
+							if (framed_interface_id_avp != NULL)
+							{
+								// FRAMED_INTERFACE_ID
+								char tmp_str[64];
+								UCHAR mac_address[6];
+
+								Zero(tmp_str, sizeof(tmp_str));
+								Copy(tmp_str, framed_interface_id_avp->Data, MIN(framed_interface_id_avp->DataSize, sizeof(tmp_str) - 1));
+
+								if (StrToMac(mac_address, tmp_str))
+								{
+									Copy(e->LastRecvVirtualMacAddress, mac_address, 6);
+								}
+							}
+
 							if (vlan_avp != NULL)
 							{
 								// VLAN ID
@@ -1746,6 +1767,11 @@ bool RadiusLogin(CONNECTION *c, char *server, UINT port, UCHAR *secret, UINT sec
 		// Try the EAP authentication for RADIUS first
 		EAP_CLIENT *eap = mschap.MsChapV2_EapClient;
 
+		if (IsEmptyStr(opt->In_VpnProtocolState) == false)
+		{
+			StrCpy(eap->In_VpnProtocolState, sizeof(eap->In_VpnProtocolState), opt->In_VpnProtocolState);
+		}
+
 		if (eap->PeapMode == false)
 		{
 			ret = EapClientSendMsChapv2AuthClientResponse(eap, mschap.MsChapV2_ClientResponse,
@@ -1766,6 +1792,8 @@ bool RadiusLogin(CONNECTION *c, char *server, UINT port, UCHAR *secret, UINT sec
 				opt->Out_VLanId = eap->LastRecvVLanId;
 			}
 
+			Copy(opt->Out_VirtualMacAddress, eap->LastRecvVirtualMacAddress, 6);
+
 			return true;
 		}
 		else
@@ -1880,31 +1908,31 @@ bool RadiusLogin(CONNECTION *c, char *server, UINT port, UCHAR *secret, UINT sec
 
 				// Service-Type
 				ui = Endian32(2);
-				RadiusAddValue(p, 6, 0, 0, &ui, sizeof(ui));
+				RadiusAddValue(p, RADIUS_ATTRIBUTE_SERVICE_TYPE, 0, 0, &ui, sizeof(ui));
 
 				// NAS-Port-Type
 				ui = Endian32(5);
-				RadiusAddValue(p, 61, 0, 0, &ui, sizeof(ui));
+				RadiusAddValue(p, RADIUS_ATTRIBUTE_NAS_PORT_TYPE, 0, 0, &ui, sizeof(ui));
 
 				// Tunnel-Type
 				ui = Endian32(1);
-				RadiusAddValue(p, 64, 0, 0, &ui, sizeof(ui));
+				RadiusAddValue(p, RADIUS_ATTRIBUTE_TUNNEL_TYPE, 0, 0, &ui, sizeof(ui));
 
 				// Tunnel-Medium-Type
 				ui = Endian32(1);
-				RadiusAddValue(p, 65, 0, 0, &ui, sizeof(ui));
+				RadiusAddValue(p, RADIUS_ATTRIBUTE_TUNNEL_MEDIUM_TYPE, 0, 0, &ui, sizeof(ui));
 
 				// Called-Station-ID - VPN Hub Name
 				if (IsEmptyStr(hubname) == false)
 				{
-					RadiusAddValue(p, 30, 0, 0, hubname, StrLen(hubname));
+					RadiusAddValue(p, RADIUS_ATTRIBUTE_CALLED_STATION_ID, 0, 0, hubname, StrLen(hubname));
 				}
 
 				// Calling-Station-Id
-				RadiusAddValue(p, 31, 0, 0, client_ip_str, StrLen(client_ip_str));
+				RadiusAddValue(p, RADIUS_ATTRIBUTE_CALLING_STATION_ID, 0, 0, client_ip_str, StrLen(client_ip_str));
 
 				// Tunnel-Client-Endpoint
-				RadiusAddValue(p, 66, 0, 0, client_ip_str, StrLen(client_ip_str));
+				RadiusAddValue(p, RADIUS_ATTRIBUTE_TUNNEL_CLIENT_ENDPOINT, 0, 0, client_ip_str, StrLen(client_ip_str));
 			}
 			else
 			{
@@ -1918,69 +1946,75 @@ bool RadiusLogin(CONNECTION *c, char *server, UINT port, UCHAR *secret, UINT sec
 				// Acct-Session-Id
 				us = Endian16(session_id % 254 + 1);
 				session_id++;
-				RadiusAddValue(p, 44, 0, 0, &us, sizeof(us));
+				RadiusAddValue(p, RADIUS_ATTRIBUTE_ACCT_SESSION_ID, 0, 0, &us, sizeof(us));
 
 				// NAS-IP-Address
 				if (c != NULL && c->FirstSock != NULL && c->FirstSock->IPv6 == false)
 				{
 					ui = IPToUINT(&c->FirstSock->LocalIP);
-					RadiusAddValue(p, 4, 0, 0, &ui, sizeof(ui));
+					RadiusAddValue(p, RADIUS_ATTRIBUTE_NAS_IP, 0, 0, &ui, sizeof(ui));
 				}
 
 				// Service-Type
 				ui = Endian32(2);
-				RadiusAddValue(p, 6, 0, 0, &ui, sizeof(ui));
+				RadiusAddValue(p, RADIUS_ATTRIBUTE_SERVICE_TYPE, 0, 0, &ui, sizeof(ui));
 
 				// MS-RAS-Vendor
-				ui = Endian32(311);
+				ui = Endian32(RADIUS_VENDOR_MICROSOFT);
-				RadiusAddValue(p, 26, 311, 9, &ui, sizeof(ui));
+				RadiusAddValue(p, RADIUS_ATTRIBUTE_VENDOR_SPECIFIC, RADIUS_VENDOR_MICROSOFT, RADIUS_MS_RAS_VENDOR, &ui, sizeof(ui));
 
 				// MS-RAS-Version
-				RadiusAddValue(p, 26, 311, 18, ms_ras_version, StrLen(ms_ras_version));
+				RadiusAddValue(p, RADIUS_ATTRIBUTE_VENDOR_SPECIFIC, RADIUS_VENDOR_MICROSOFT, RADIUS_MS_VERSION, ms_ras_version, StrLen(ms_ras_version));
 
 				// NAS-Port-Type
 				ui = Endian32(5);
-				RadiusAddValue(p, 61, 0, 0, &ui, sizeof(ui));
+				RadiusAddValue(p, RADIUS_ATTRIBUTE_NAS_PORT_TYPE, 0, 0, &ui, sizeof(ui));
 
 				// Tunnel-Type
 				ui = Endian32(1);
-				RadiusAddValue(p, 64, 0, 0, &ui, sizeof(ui));
+				RadiusAddValue(p, RADIUS_ATTRIBUTE_TUNNEL_TYPE, 0, 0, &ui, sizeof(ui));
 
 				// Tunnel-Medium-Type
 				ui = Endian32(1);
-				RadiusAddValue(p, 65, 0, 0, &ui, sizeof(ui));
+				RadiusAddValue(p, RADIUS_ATTRIBUTE_TUNNEL_MEDIUM_TYPE, 0, 0, &ui, sizeof(ui));
 
 				// Called-Station-ID - VPN Hub Name
 				if (IsEmptyStr(hubname) == false)
 				{
-					RadiusAddValue(p, 30, 0, 0, hubname, StrLen(hubname));
+					RadiusAddValue(p, RADIUS_ATTRIBUTE_CALLED_STATION_ID, 0, 0, hubname, StrLen(hubname));
 				}
 
 				// Calling-Station-Id
-				RadiusAddValue(p, 31, 0, 0, client_ip_str, StrLen(client_ip_str));
+				RadiusAddValue(p, RADIUS_ATTRIBUTE_CALLING_STATION_ID, 0, 0, client_ip_str, StrLen(client_ip_str));
 
 				// Tunnel-Client-Endpoint
-				RadiusAddValue(p, 66, 0, 0, client_ip_str, StrLen(client_ip_str));
+				RadiusAddValue(p, RADIUS_ATTRIBUTE_TUNNEL_CLIENT_ENDPOINT, 0, 0, client_ip_str, StrLen(client_ip_str));
 
 				// MS-RAS-Client-Version
-				RadiusAddValue(p, 26, 311, 35, ms_ras_version, StrLen(ms_ras_version));
+				RadiusAddValue(p, RADIUS_ATTRIBUTE_VENDOR_SPECIFIC, RADIUS_VENDOR_MICROSOFT, RADIUS_MS_RAS_CLIENT_VERSION, ms_ras_version, StrLen(ms_ras_version));
 
 				// MS-RAS-Client-Name
-				RadiusAddValue(p, 26, 311, 34, client_ip_str, StrLen(client_ip_str));
+				RadiusAddValue(p, RADIUS_ATTRIBUTE_VENDOR_SPECIFIC, RADIUS_VENDOR_MICROSOFT, RADIUS_MS_RAS_CLIENT_NAME, client_ip_str, StrLen(client_ip_str));
 
 				// MS-CHAP-Challenge
-				RadiusAddValue(p, 26, 311, 11, mschap.MsChapV2_ServerChallenge, sizeof(mschap.MsChapV2_ServerChallenge));
+				RadiusAddValue(p, RADIUS_ATTRIBUTE_VENDOR_SPECIFIC, RADIUS_VENDOR_MICROSOFT, RADIUS_MS_CHAP_CHALLENGE, mschap.MsChapV2_ServerChallenge, sizeof(mschap.MsChapV2_ServerChallenge));
 
 				// MS-CHAP2-Response
 				Zero(ms_chapv2_response, sizeof(ms_chapv2_response));
 				Copy(ms_chapv2_response + 2, mschap.MsChapV2_ClientChallenge, 16);
 				Copy(ms_chapv2_response + 2 + 16 + 8, mschap.MsChapV2_ClientResponse, 24);
-				RadiusAddValue(p, 26, 311, 25, ms_chapv2_response, sizeof(ms_chapv2_response));
+				RadiusAddValue(p, RADIUS_ATTRIBUTE_VENDOR_SPECIFIC, RADIUS_VENDOR_MICROSOFT, RADIUS_MS_CHAP2_RESPONSE, ms_chapv2_response, sizeof(ms_chapv2_response));
 
 				// NAS-ID
 				WriteBuf(p, nas_id->Buf, nas_id->Size);
 			}
 
+			if (IsEmptyStr(opt->In_VpnProtocolState) == false)
+			{
+				// Proxy state as protocol details
+				RadiusAddValue(p, RADIUS_ATTRIBUTE_PROXY_STATE, 0, 0, opt->In_VpnProtocolState, StrLen(opt->In_VpnProtocolState));
+			}
+
 			SeekBuf(p, 0, 0);
 
 			WRITE_USHORT(((UCHAR *)p->Buf) + 2, (USHORT)p->Size);
@@ -2071,6 +2105,9 @@ RECV_RETRY:
 					// Success
 					if (recv_buf[0] == 2)
 					{
+						LIST *o;
+						BUF *buf = NewBufFromMemory(recv_buf, recv_size);
+
 						ret = true;
 
 						if (is_mschap && mschap_v2_server_response_20 != NULL)
@@ -2108,12 +2145,26 @@ RECV_RETRY:
 							}
 						}
 
-						if (opt->In_CheckVLanId)
+						o = RadiusParseOptions(buf);
+						if (o != NULL)
 						{
-							BUF *buf = NewBufFromMemory(recv_buf, recv_size);
+							DHCP_OPTION *framed_interface_id_option = GetDhcpOption(o, RADIUS_ATTRIBUTE_FRAMED_INTERFACE_ID);
-							LIST *o = RadiusParseOptions(buf);
 
-							if (o != NULL)
+							if (framed_interface_id_option != NULL)
+							{
+								char tmp_str[64];
+								UCHAR mac_address[6];
+
+								Zero(tmp_str, sizeof(tmp_str));
+								Copy(tmp_str, framed_interface_id_option->Data, MIN(framed_interface_id_option->Size, sizeof(tmp_str) - 1));
+
+								if (StrToMac(mac_address, tmp_str))
+								{
+									Copy(opt->Out_VirtualMacAddress, mac_address, 6);
+								}
+							}
+
+							if (opt->In_CheckVLanId)
 							{
 								DHCP_OPTION *vlan_option = GetDhcpOption(o, RADIUS_ATTRIBUTE_VLAN_ID);
 
@@ -2132,9 +2183,10 @@ RECV_RETRY:
 								}
 							}
 
-							FreeBuf(buf);
 							FreeDhcpOptions(o);
 						}
+
+						FreeBuf(buf);
 					}
 					break;
 				}

src/Cedar/Radius.h

@@ -133,6 +133,7 @@
 #define	RADIUS_ATTRIBUTE_EAP_MESSAGE				79
 #define	RADIUS_ATTRIBUTE_EAP_AUTHENTICATOR			80
 #define	RADIUS_ATTRIBUTE_VLAN_ID					81
+#define RADIUS_ATTRIBUTE_FRAMED_INTERFACE_ID		96
 #define	RADIUS_MAX_NAS_ID_LEN						253
 
 // RADIUS codes
@@ -327,6 +328,9 @@ struct EAP_CLIENT
 	UCHAR RecvLastCode;
 
 	UINT LastRecvVLanId;
+	UCHAR LastRecvVirtualMacAddress[6];
+
+	char In_VpnProtocolState[64];
 };
 
 void FreeRadiusPacket(RADIUS_PACKET *p);
@@ -365,6 +369,8 @@ struct RADIUS_LOGIN_OPTION
 	UINT Out_VLanId;
 	bool Out_IsRadiusLogin;
 	char NasId[RADIUS_MAX_NAS_ID_LEN + 1];	// NAS-Identifier
+	char Out_VirtualMacAddress[6];
+	char In_VpnProtocolState[64];
 };
 
 // Function prototype

src/Cedar/Remote.c

@@ -112,6 +112,10 @@ void EndRpc(RPC *rpc)
 
 // Release the RPC
 void RpcFree(RPC *rpc)
+{
+	RpcFreeEx(rpc, false);
+}
+void RpcFreeEx(RPC *rpc, bool no_disconnect)
 {
 	// Validate arguments
 	if (rpc == NULL)
@@ -119,7 +123,11 @@ void RpcFree(RPC *rpc)
 		return;
 	}
 
-	Disconnect(rpc->Sock);
+	if (no_disconnect == false)
+	{
+		Disconnect(rpc->Sock);
+	}
+
 	ReleaseSock(rpc->Sock);
 
 	DeleteLock(rpc->Lock);

src/Cedar/Remote.h

@@ -139,6 +139,7 @@ bool RpcIsOk(PACK *p);
 UINT RpcGetError(PACK *p);
 void EndRpc(RPC *rpc);
 void RpcFree(RPC *rpc);
+void RpcFreeEx(RPC *rpc, bool no_disconnect);
 
 #endif	// REMOTE_H
 

src/Cedar/SM.c

@@ -3639,6 +3639,16 @@ void SmLicenseAddDlgOnOk(HWND hWnd, SM_SERVER *s)
 	{
 		RPC_TEST t;
 
+		if (s->LicenseWarnFlag == false)
+		{
+			if (MsgBoxEx(hWnd, MB_ICONINFORMATION | MB_OKCANCEL, _UU("SM_LICENSE_WARNING")) == IDCANCEL)
+			{
+				return;
+			}
+
+			s->LicenseWarnFlag = true;
+		}
+
 		Disable(hWnd, IDOK);
 		Disable(hWnd, IDCANCEL);
 

src/Cedar/SMInner.h

@@ -166,6 +166,7 @@ typedef struct SM_SERVER
 	bool VgsMessageDisplayed;	// Whether to have already displayed a message about VGS
 	WINUI_UPDATE *Update;		// Update notification
 	bool IsInClient;			// Within VPN Client mode
+	bool LicenseWarnFlag;
 } SM_SERVER;
 
 typedef void (SM_STATUS_INIT_PROC)(HWND hWnd, SM_SERVER *p, void *param);

src/Cedar/SW.c

@@ -5732,6 +5732,15 @@ UINT SwWelcomeDlg(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam, WIZARD *wiz
 			break;
 		}
 
+		if (MsIsKB3033929RequiredAndMissing())
+		{
+			// KB3033929 is missing
+			if (MsgBoxEx(hWnd, MB_ICONINFORMATION | MB_OKCANCEL, _UU("SW_KB3033929_REQUIRED")) == IDCANCEL)
+			{
+				break;
+			}
+		}
+
 		if (sw->DoubleClickBlocker)
 		{
 			break;

src/Cedar/Server.c

@@ -1115,52 +1115,72 @@ LIST *EnumLogFile(char *hubname)
 
 	// Enumerate in the packet_log
 	Format(tmp, sizeof(tmp), "%s/packet_log", exe_dir);
-	dir = EnumDir(tmp);
+
-	if (dir != NULL)
+	if (hubname == NULL)
 	{
-		UINT i;
+		dir = EnumDir(tmp);
-		for (i = 0;i < dir->NumFiles;i++)
+		if (dir != NULL)
 		{
-			DIRENT *e = dir->File[i];
+			UINT i;
-
+			for (i = 0;i < dir->NumFiles;i++)
-			if (e->Folder)
 			{
-				char dir_name[MAX_PATH];
+				DIRENT *e = dir->File[i];
 
-				if (hubname == NULL || StrCmpi(hubname, e->FileName) == 0)
+				if (e->Folder)
 				{
+					char dir_name[MAX_PATH];
+
 					Format(dir_name, sizeof(dir_name), "packet_log/%s", e->FileName);
+
 					EnumLogFileDir(o, dir_name);
 				}
 			}
-		}
 
-		FreeDir(dir);
+			FreeDir(dir);
+		}
+	}
+	else
+	{
+		char dir_name[MAX_PATH];
+
+		Format(dir_name, sizeof(dir_name), "packet_log/%s", hubname);
+
+		EnumLogFileDir(o, dir_name);
 	}
 
 	// Enumerate in the security_log
 	Format(tmp, sizeof(tmp), "%s/security_log", exe_dir);
-	dir = EnumDir(tmp);
+
-	if (dir != NULL)
+	if (hubname == NULL)
 	{
-		UINT i;
+		dir = EnumDir(tmp);
-		for (i = 0;i < dir->NumFiles;i++)
+		if (dir != NULL)
 		{
-			DIRENT *e = dir->File[i];
+			UINT i;
-
+			for (i = 0;i < dir->NumFiles;i++)
-			if (e->Folder)
 			{
-				char dir_name[MAX_PATH];
+				DIRENT *e = dir->File[i];
 
-				if (hubname == NULL || StrCmpi(hubname, e->FileName) == 0)
+				if (e->Folder)
 				{
+					char dir_name[MAX_PATH];
+
 					Format(dir_name, sizeof(dir_name), "security_log/%s", e->FileName);
+
 					EnumLogFileDir(o, dir_name);
 				}
 			}
-		}
 
-		FreeDir(dir);
+			FreeDir(dir);
+		}
+	}
+	else
+	{
+		char dir_name[MAX_PATH];
+
+		Format(dir_name, sizeof(dir_name), "security_log/%s", hubname);
+
+		EnumLogFileDir(o, dir_name);
 	}
 
 	return o;
@@ -1871,14 +1891,37 @@ void OutRpcCapsList(PACK *p, CAPSLIST *t)
 		return;
 	}
 
+	PackSetCurrentJsonGroupName(p, "CapsList");
 	for (i = 0;i < LIST_NUM(t->CapsList);i++)
 	{
 		char tmp[MAX_SIZE];
+		char ct_key[MAX_PATH];
+		wchar_t ct_description[MAX_PATH];
+		wchar_t *w;
 		CAPS *c = LIST_DATA(t->CapsList, i);
 
 		Format(tmp, sizeof(tmp), "caps_%s", c->Name);
+
+		Format(ct_key, sizeof(ct_key), "CT_%s", c->Name);
+
+		Zero(ct_description, sizeof(ct_description));
+		w = _UU(ct_key);
+		if (UniIsEmptyStr(w) == false)
+		{
+			UniStrCpy(ct_description, sizeof(ct_description), w);
+		}
+		else
+		{
+			StrToUni(ct_description, sizeof(ct_description), c->Name);
+		}
+
 		PackAddInt(p, tmp, c->Value);
+
+		PackAddStrEx(p, "CapsName", c->Name, i, LIST_NUM(t->CapsList));
+		PackAddIntEx(p, "CapsValue", c->Value, i, LIST_NUM(t->CapsList));
+		PackAddUniStrEx(p, "CapsDescrption", ct_description, i, LIST_NUM(t->CapsList));
 	}
+	PackSetCurrentJsonGroupName(p, NULL);
 }
 void FreeRpcCapsList(CAPSLIST *t)
 {
@@ -6167,6 +6210,9 @@ void SiLoadServerCfg(SERVER *s, FOLDER *f)
 		c->SslAcceptSettings.Tls_Disable1_2 = CfgGetBool(f, "Tls_Disable1_2");
 
 		s->StrictSyslogDatetimeFormat = CfgGetBool(f, "StrictSyslogDatetimeFormat");
+
+		// Disable JSON-RPC Web API
+		s->DisableJsonRpcWebApi = CfgGetBool(f, "DisableJsonRpcWebApi");
 	}
 	Unlock(c->lock);
 
@@ -6484,6 +6530,9 @@ void SiWriteServerCfg(FOLDER *f, SERVER *s)
 		CfgAddBool(f, "DisableSessionReconnect", GetGlobalServerFlag(GSF_DISABLE_SESSION_RECONNECT));
 
 		CfgAddBool(f, "StrictSyslogDatetimeFormat", s->StrictSyslogDatetimeFormat);
+
+		// Disable JSON-RPC Web API
+		CfgAddBool(f, "DisableJsonRpcWebApi", s->DisableJsonRpcWebApi);
 	}
 	Unlock(c->lock);
 }
@@ -7211,7 +7260,7 @@ FARM_MEMBER *SiGetNextFarmMember(SERVER *s, CONNECTION *c, HUB *h)
 				PackAddIntEx(p, "NumTcpConnections", f->NumTcpConnections, i, num);
 				PackAddIntEx(p, "NumHubs", LIST_NUM(f->HubList), i, num);
 				PackAddBoolEx(p, "Me", f->Me, i, num);
-				PackAddInt64Ex(p, "ConnectedTime", f->ConnectedTime, i, num);
+				PackAddTime64Ex(p, "ConnectedTime", f->ConnectedTime, i, num);
 				PackAddInt64Ex(p, "SystemId", f->SystemId, i, num);
 				PackAddBoolEx(p, "DoNotSelect", do_not_select, i, num);
 			}
@@ -7240,7 +7289,7 @@ FARM_MEMBER *SiGetNextFarmMember(SERVER *s, CONNECTION *c, HUB *h)
 			PackAddStr(p, "CipherName", c->CipherName);
 			PackAddStr(p, "ClientStr", c->ClientStr);
 			PackAddInt(p, "ClientVer", c->ClientVer);
-			PackAddInt64(p, "ConnectedTime", Tick64ToTime64(c->ConnectedTick));
+			PackAddTime64(p, "ConnectedTime", Tick64ToTime64(c->ConnectedTick));
 
 			PackAddStr(p, "HubName", h->Name);
 			PackAddBool(p, "StaticHub", h->Type == HUB_TYPE_FARM_STATIC);
@@ -7381,8 +7430,8 @@ void SiCalledEnumHub(SERVER *s, PACK *p, PACK *req)
 
 				PackAddIntEx(p, "NumIpTables", LIST_NUM(h->IpTable), i, num);
 
-				PackAddInt64Ex(p, "LastCommTime", h->LastCommTime, i, num);
+				PackAddTime64Ex(p, "LastCommTime", h->LastCommTime, i, num);
-				PackAddInt64Ex(p, "CreatedTime", h->CreatedTime, i, num);
+				PackAddTime64Ex(p, "CreatedTime", h->CreatedTime, i, num);
 			}
 			Unlock(h->lock);
 		}
@@ -10309,12 +10358,16 @@ void SiFarmServMain(SERVER *server, SOCK *sock, FARM_MEMBER *f)
 				}
 
 				// Receive
-				p = HttpServerRecv(sock);
+				p = HttpServerRecvEx(sock, FIRM_SERV_RECV_PACK_MAX_SIZE);
 
 				t->Response = p;
 				Set(t->CompleteEvent);
 
-				send_noop = false;
+				if (p == NULL)
+                {
+                    Disconnect(sock);
+                    goto DISCONNECTED;
+                }
 			}
 		}
 		while (t != NULL);

src/Cedar/Server.h

@@ -147,6 +147,8 @@ extern char *SERVER_CONFIG_FILE_NAME;
 #define	MEMBER_SELECTOR_CONNECT_TIMEOUT	2000
 #define	MEMBER_SELECTOR_DATA_TIMEOUT	5000
 
+#define FIRM_SERV_RECV_PACK_MAX_SIZE	(100 * 1024 * 1024)
+
 
 // Virtual HUB list hosted by each farm member
 struct HUB_LIST
@@ -360,6 +362,7 @@ struct SERVER
 	volatile UINT NatTGlobalUdpPort;	// NAT-T global UDP port
 
 	bool StrictSyslogDatetimeFormat;	// Make syslog datetime format strict RFC3164
+	bool DisableJsonRpcWebApi;					// Disable JSON-RPC Web API
 };
 
 
@@ -383,6 +386,7 @@ struct RPC_SESSION_STATUS
 	RPC_CLIENT_GET_CONNECTION_STATUS Status;		// Status
 	UINT ClientIp;									// Client IP address
 	UCHAR ClientIp6[16];							// Client IPv6 address
+	IP ClientIpAddress;								// Client IP address (IPv4/IPv6)
 	char ClientHostName[MAX_HOST_NAME_LEN + 1];		// Client host name
 	NODE_INFO NodeInfo;								// Node information
 };

src/Cedar/Session.c

@@ -1257,7 +1257,10 @@ void StopSessionEx(SESSION *s, bool no_wait)
 		// Client mode
 		if (s->Connection)
 		{
-			StopConnection(s->Connection, no_wait);
+			CONNECTION *c = s->Connection;
+			AddRef(c->ref);
+			StopConnection(c, no_wait);
+			ReleaseConnection(c);
 		}
 	}
 	else
@@ -1265,7 +1268,10 @@ void StopSessionEx(SESSION *s, bool no_wait)
 		// Server mode
 		if (s->Connection)
 		{
-			StopConnection(s->Connection, no_wait);
+			CONNECTION *c = s->Connection;
+			AddRef(c->ref);
+			StopConnection(c, no_wait);
+			ReleaseConnection(c);
 		}
 	}
 
@@ -1391,6 +1397,8 @@ void CleanupSession(SESSION *s)
 
 	DeleteCounter(s->LoggingRecordCount);
 
+	ReleaseSharedBuffer(s->IpcSessionSharedBuffer);
+
 	Free(s);
 }
 
@@ -2199,9 +2207,9 @@ void if_free(SESSION *s);
 // Create a server session
 SESSION *NewServerSession(CEDAR *cedar, CONNECTION *c, HUB *h, char *username, POLICY *policy)
 {
-	return NewServerSessionEx(cedar, c, h, username, policy, false);
+	return NewServerSessionEx(cedar, c, h, username, policy, false, NULL);
 }
-SESSION *NewServerSessionEx(CEDAR *cedar, CONNECTION *c, HUB *h, char *username, POLICY *policy, bool inproc_mode)
+SESSION *NewServerSessionEx(CEDAR *cedar, CONNECTION *c, HUB *h, char *username, POLICY *policy, bool inproc_mode, UCHAR *ipc_mac_address)
 {
 	SESSION *s;
 	char name[MAX_SIZE];
@@ -2322,28 +2330,35 @@ SESSION *NewServerSessionEx(CEDAR *cedar, CONNECTION *c, HUB *h, char *username,
 	// Generate a MAC address for IPC
 	if (s->InProcMode)
 	{
-		char tmp[MAX_SIZE];
+		if (ipc_mac_address != NULL)
-		char machine[MAX_SIZE];
+		{
-		UCHAR hash[SHA1_SIZE];
+			Copy(s->IpcMacAddress, ipc_mac_address, 6);
+		}
+		else
+		{
+			char tmp[MAX_SIZE];
+			char machine[MAX_SIZE];
+			UCHAR hash[SHA1_SIZE];
 
-		GetMachineName(machine, sizeof(machine));
+			GetMachineName(machine, sizeof(machine));
 
-		Format(tmp, sizeof(tmp), "%s@%s@%u", machine, h->Name, s->UniqueId);
+			Format(tmp, sizeof(tmp), "%s@%s@%u", machine, h->Name, s->UniqueId);
 
-		StrUpper(tmp);
+			StrUpper(tmp);
-		Trim(tmp);
+			Trim(tmp);
 
-		Hash(hash, tmp, StrLen(tmp), true);
+			Hash(hash, tmp, StrLen(tmp), true);
 
-		s->IpcMacAddress[0] = 0xCA;
+			s->IpcMacAddress[0] = 0xCA;
-		s->IpcMacAddress[1] = hash[1];
+			s->IpcMacAddress[1] = hash[1];
-		s->IpcMacAddress[2] = hash[2];
+			s->IpcMacAddress[2] = hash[2];
-		s->IpcMacAddress[3] = hash[3];
+			s->IpcMacAddress[3] = hash[3];
-		s->IpcMacAddress[4] = hash[4];
+			s->IpcMacAddress[4] = hash[4];
-		s->IpcMacAddress[5] = hash[5];
+			s->IpcMacAddress[5] = hash[5];
 
-		MacToStr(tmp, sizeof(tmp), s->IpcMacAddress);
+			MacToStr(tmp, sizeof(tmp), s->IpcMacAddress);
-		Debug("MAC Address for IPC: %s\n", tmp);
+			Debug("MAC Address for IPC: %s\n", tmp);
+		}
 	}
 
 	return s;

src/Cedar/Session.h

@@ -256,6 +256,7 @@ struct SESSION
 	UINT NumDisconnected;			// Number of socket disconnection
 	bool NoReconnectToSession;		// Disable to reconnect to the session
 	char UnderlayProtocol[64];		// Physical communication protocol
+	char ProtocolDetails[256];		// Protocol Details
 	UINT64 FirstConnectionEstablisiedTime;	// Connection completion time of the first connection
 	UINT64 CurrentConnectionEstablishTime;	// Completion time of this connection
 	UINT NumConnectionsEatablished;	// Number of connections established so far
@@ -265,10 +266,12 @@ struct SESSION
 	bool IsRUDPSession;				// Whether R-UDP session
 	UINT RUdpMss;					// The value of the MSS should be applied while the R-UDP is used
 	bool EnableBulkOnRUDP;			// Allow the bulk transfer in the R-UDP session
+	UINT BulkOnRUDPVersion;			// RUDP Bulk Version
 	bool EnableHMacOnBulkOfRUDP;	// Use the HMAC to sign the bulk transfer of R-UDP session
 	bool EnableUdpRecovery;			// Enable the R-UDP recovery
 
 	bool UseUdpAcceleration;		// Use of UDP acceleration mode
+	UINT UdpAccelerationVersion;		// UDP acceleration version
 	bool UseHMacOnUdpAcceleration;	// Use the HMAC in the UDP acceleration mode
 	UDP_ACCEL *UdpAccel;			// UDP acceleration
 	bool IsUsingUdpAcceleration;	// Flag of whether the UDP acceleration is used
@@ -308,6 +311,11 @@ struct SESSION
 	char FirstTimeHttpRedirectUrl[128];	// URL for redirection only the first time
 	UINT FirstTimeHttpAccessCheckIp;	// IP address for access checking
 
+	UCHAR BulkSendKey[RUDP_BULK_KEY_SIZE_MAX];	// RUDP Bulk Send Key
+	UINT BulkSendKeySize;						// RUDP Bulk Send Key size
+	UCHAR BulkRecvKey[RUDP_BULK_KEY_SIZE_MAX];	// RUDP Bulk Recv Key
+	UINT BulkRecvKeySize;						// RUDP Bulk Recv Key size
+
 	// To examine the maximum number of alowed logging target packets per minute
 	UINT64 MaxLoggedPacketsPerMinuteStartTick;	// Inspection start time
 	UINT CurrentNumPackets;				// Current number of packets
@@ -315,6 +323,9 @@ struct SESSION
 	// Measures for D-Link bug
 	UINT64 LastDLinkSTPPacketSendTick;	// Last D-Link STP packet transmission time
 	UCHAR LastDLinkSTPPacketDataHash[MD5_SIZE];	// Last D-Link STP packet hash
+
+	SHARED_BUFFER *IpcSessionSharedBuffer;	// A shared buffer between IPC and Session
+	IPC_SESSION_SHARED_BUFFER_DATA *IpcSessionShared;	// A shared data between IPC and Session
 };
 
 // Password dialog
@@ -396,7 +407,7 @@ SESSION *NewRpcSession(CEDAR *cedar, CLIENT_OPTION *option);
 SESSION *NewRpcSessionEx(CEDAR *cedar, CLIENT_OPTION *option, UINT *err, char *client_str);
 SESSION *NewRpcSessionEx2(CEDAR *cedar, CLIENT_OPTION *option, UINT *err, char *client_str, void *hWnd);
 SESSION *NewServerSession(CEDAR *cedar, CONNECTION *c, HUB *h, char *username, POLICY *policy);
-SESSION *NewServerSessionEx(CEDAR *cedar, CONNECTION *c, HUB *h, char *username, POLICY *policy, bool inproc_mode);
+SESSION *NewServerSessionEx(CEDAR *cedar, CONNECTION *c, HUB *h, char *username, POLICY *policy, bool inproc_mode, UCHAR *ipc_mac_address);
 void ClientThread(THREAD *t, void *param);
 void ReleaseSession(SESSION *s);
 void CleanupSession(SESSION *s);

src/Cedar/UdpAccel.c

@@ -350,7 +350,7 @@ void UdpAccelSendBlock(UDP_ACCEL *a, BLOCK *b)
 		return;
 	}
 
-	UdpAccelSend(a, b->Buf, b->Size, b->Compressed, a->MaxUdpPacketSize, b->PriorityQoS);
+	UdpAccelSend(a, b->Buf, b->Size, b->Compressed ? 1 : 0, a->MaxUdpPacketSize, b->PriorityQoS);
 }
 
 // Calculate the best MSS
@@ -382,7 +382,7 @@ UINT UdpAccelCalcMss(UDP_ACCEL *a)
 	if (a->PlainTextMode == false)
 	{
 		// IV
-		ret -= UDP_ACCELERATION_PACKET_IV_SIZE;
+		ret -= UDP_ACCELERATION_PACKET_IV_SIZE_V1;
 	}
 
 	// Cookie
@@ -403,7 +403,7 @@ UINT UdpAccelCalcMss(UDP_ACCEL *a)
 	if (a->PlainTextMode == false)
 	{
 		// Verify
-		ret -= UDP_ACCELERATION_PACKET_IV_SIZE;
+		ret -= UDP_ACCELERATION_PACKET_IV_SIZE_V1;
 	}
 
 	// Ethernet header (communication packets)
@@ -419,12 +419,12 @@ UINT UdpAccelCalcMss(UDP_ACCEL *a)
 }
 
 // Send
-void UdpAccelSend(UDP_ACCEL *a, UCHAR *data, UINT data_size, bool compressed, UINT max_size, bool high_priority)
+void UdpAccelSend(UDP_ACCEL *a, UCHAR *data, UINT data_size, UCHAR flag, UINT max_size, bool high_priority)
 {
 	UCHAR tmp[UDP_ACCELERATION_TMP_BUF_SIZE];
 	UCHAR *buf;
 	UINT size;
-	UCHAR key[UDP_ACCELERATION_PACKET_KEY_SIZE];
+	UCHAR key[UDP_ACCELERATION_PACKET_KEY_SIZE_V1];
 	UINT64 ui64;
 	USHORT us;
 	UCHAR c;
@@ -448,27 +448,40 @@ void UdpAccelSend(UDP_ACCEL *a, UCHAR *data, UINT data_size, bool compressed, UI
 	// IV
 	if (a->PlainTextMode == false)
 	{
-		// IV
+		if (a->Version == 2)
-		Copy(buf, a->NextIv, UDP_ACCELERATION_PACKET_IV_SIZE);
-
-		buf += UDP_ACCELERATION_PACKET_IV_SIZE;
-		size += UDP_ACCELERATION_PACKET_IV_SIZE;
-
-		// Calculate the key
-		UdpAccelCalcKey(key, a->MyKey, a->NextIv);
-
-		if (false)
 		{
-			char tmp1[256];
+			// Version 2.0
-			char tmp2[256];
+			// IV
-			char tmp3[256];
+			Copy(buf, a->NextIv_V2, UDP_ACCELERATION_PACKET_IV_SIZE_V2);
-			BinToStr(tmp1, sizeof(tmp1), a->MyKey, sizeof(a->MyKey));
+
-			BinToStr(tmp2, sizeof(tmp2), a->NextIv, UDP_ACCELERATION_PACKET_IV_SIZE);
+			buf += UDP_ACCELERATION_PACKET_IV_SIZE_V2;
-			BinToStr(tmp3, sizeof(tmp3), key, sizeof(key));
+			size += UDP_ACCELERATION_PACKET_IV_SIZE_V2;
-			Debug("My Key  : %s\n"
+		}
-				  "IV      : %s\n"
+		else
-				  "Comm Key: %s\n",
+		{
-				  tmp1, tmp2, tmp3);
+			// Version 1.0
+			// IV
+			Copy(buf, a->NextIv, UDP_ACCELERATION_PACKET_IV_SIZE_V1);
+
+			buf += UDP_ACCELERATION_PACKET_IV_SIZE_V1;
+			size += UDP_ACCELERATION_PACKET_IV_SIZE_V1;
+
+			// Calculate the key
+			UdpAccelCalcKey(key, a->MyKey, a->NextIv);
+
+			if (false)
+			{
+				char tmp1[256];
+				char tmp2[256];
+				char tmp3[256];
+				BinToStr(tmp1, sizeof(tmp1), a->MyKey, sizeof(a->MyKey));
+				BinToStr(tmp2, sizeof(tmp2), a->NextIv, UDP_ACCELERATION_PACKET_IV_SIZE_V1);
+				BinToStr(tmp3, sizeof(tmp3), key, sizeof(key));
+				Debug("My Key  : %s\n"
+					  "IV      : %s\n"
+					  "Comm Key: %s\n",
+					  tmp1, tmp2, tmp3);
+			}
 		}
 	}
 
@@ -496,8 +509,8 @@ void UdpAccelSend(UDP_ACCEL *a, UCHAR *data, UINT data_size, bool compressed, UI
 	buf += sizeof(USHORT);
 	size += sizeof(USHORT);
 
-	// Compress Flag
+	// Flag
-	c = (compressed ? 1 : 0);
+	c = flag;
 	Copy(buf, &c, sizeof(UCHAR));
 	buf += sizeof(UCHAR);
 	size += sizeof(UCHAR);
@@ -512,37 +525,74 @@ void UdpAccelSend(UDP_ACCEL *a, UCHAR *data, UINT data_size, bool compressed, UI
 
 	if (a->PlainTextMode == false)
 	{
-		static UCHAR zero[UDP_ACCELERATION_PACKET_IV_SIZE] = {0};
+		if (a->Version == 2)
-		CRYPT *c;
-
-		current_size = UDP_ACCELERATION_PACKET_IV_SIZE + sizeof(UINT) + sizeof(UINT64) * 2 +
-			sizeof(USHORT) + sizeof(UCHAR) + data_size + UDP_ACCELERATION_PACKET_IV_SIZE;
-
-		if (current_size < max_size)
 		{
+			// Ver 2
 			// Padding
-			UCHAR pad[UDP_ACCELERATION_MAX_PADDING_SIZE];
+			current_size = UDP_ACCELERATION_PACKET_IV_SIZE_V2 + sizeof(UINT) + sizeof(UINT64) * 2 +
-			UINT pad_size = MIN(max_size - current_size, UDP_ACCELERATION_MAX_PADDING_SIZE);
+				sizeof(USHORT) + sizeof(UCHAR) + data_size + UDP_ACCELERATION_PACKET_MAC_SIZE_V2;
-			pad_size = rand() % pad_size;
 
-			Zero(pad, sizeof(pad));
+			if (current_size < max_size)
-			Copy(buf, pad, pad_size);
+			{
-			buf += pad_size;
+				UCHAR pad[UDP_ACCELERATION_MAX_PADDING_SIZE];
-			size += pad_size;
+				UINT pad_size = MIN(max_size - current_size, UDP_ACCELERATION_MAX_PADDING_SIZE);
+				pad_size = rand() % pad_size;
+				Zero(pad, sizeof(pad));
+				Copy(buf, pad, pad_size);
+				buf += pad_size;
+				size += pad_size;
+			}
+
+			// Encryption by RFC 8439: ChaCha20-Poly1305-IETF Encryption with AEAD
+			Aead_ChaCha20Poly1305_Ietf_Encrypt(tmp + UDP_ACCELERATION_PACKET_IV_SIZE_V2,
+				tmp + UDP_ACCELERATION_PACKET_IV_SIZE_V2,
+				size - UDP_ACCELERATION_PACKET_IV_SIZE_V2,
+				a->MyKey_V2,
+				a->NextIv_V2,
+				NULL, 0);
+
+			// Next Iv
+			Copy(a->NextIv_V2,
+				tmp + UDP_ACCELERATION_PACKET_IV_SIZE_V2 + size - UDP_ACCELERATION_PACKET_IV_SIZE_V2 - UDP_ACCELERATION_PACKET_IV_SIZE_V2, UDP_ACCELERATION_PACKET_IV_SIZE_V2);
+
+			// MAC
+			size += UDP_ACCELERATION_PACKET_MAC_SIZE_V2;
 		}
+		else
+		{
+			// Ver 1
+			static UCHAR zero[UDP_ACCELERATION_PACKET_IV_SIZE_V1] = {0};
+			CRYPT *c;
 
-		// Verify
+			current_size = UDP_ACCELERATION_PACKET_IV_SIZE_V1 + sizeof(UINT) + sizeof(UINT64) * 2 +
-		Copy(buf, zero, UDP_ACCELERATION_PACKET_IV_SIZE);
+				sizeof(USHORT) + sizeof(UCHAR) + data_size + UDP_ACCELERATION_PACKET_IV_SIZE_V1;
-		buf += UDP_ACCELERATION_PACKET_IV_SIZE;
-		size += UDP_ACCELERATION_PACKET_IV_SIZE;
 
-		// Encryption
+			if (current_size < max_size)
-		c = NewCrypt(key, UDP_ACCELERATION_PACKET_KEY_SIZE);
+			{
-		Encrypt(c, tmp + UDP_ACCELERATION_PACKET_IV_SIZE, tmp + UDP_ACCELERATION_PACKET_IV_SIZE, size - UDP_ACCELERATION_PACKET_IV_SIZE);
+				// Padding
-		FreeCrypt(c);
+				UCHAR pad[UDP_ACCELERATION_MAX_PADDING_SIZE];
+				UINT pad_size = MIN(max_size - current_size, UDP_ACCELERATION_MAX_PADDING_SIZE);
+				pad_size = rand() % pad_size;
 
-		// Next Iv
+				Zero(pad, sizeof(pad));
-		Copy(a->NextIv, buf - UDP_ACCELERATION_PACKET_IV_SIZE, UDP_ACCELERATION_PACKET_IV_SIZE);
+				Copy(buf, pad, pad_size);
+				buf += pad_size;
+				size += pad_size;
+			}
+
+			// Verify
+			Copy(buf, zero, UDP_ACCELERATION_PACKET_IV_SIZE_V1);
+			buf += UDP_ACCELERATION_PACKET_IV_SIZE_V1;
+			size += UDP_ACCELERATION_PACKET_IV_SIZE_V1;
+
+			// Encryption
+			c = NewCrypt(key, UDP_ACCELERATION_PACKET_KEY_SIZE_V1);
+			Encrypt(c, tmp + UDP_ACCELERATION_PACKET_IV_SIZE_V1, tmp + UDP_ACCELERATION_PACKET_IV_SIZE_V1, size - UDP_ACCELERATION_PACKET_IV_SIZE_V1);
+			FreeCrypt(c);
+
+			// Next Iv
+			Copy(a->NextIv, buf - UDP_ACCELERATION_PACKET_IV_SIZE_V1, UDP_ACCELERATION_PACKET_IV_SIZE_V1);
+		}
 	}
 
 	// Send
@@ -667,7 +717,7 @@ bool UdpAccelIsSendReady(UDP_ACCEL *a, bool check_keepalive)
 // Process the received packet
 BLOCK *UdpAccelProcessRecvPacket(UDP_ACCEL *a, UCHAR *buf, UINT size, IP *src_ip, UINT src_port)
 {
-	UCHAR key[UDP_ACCELERATION_PACKET_KEY_SIZE];
+	UCHAR key[UDP_ACCELERATION_PACKET_KEY_SIZE_V1];
 	UCHAR *iv;
 	CRYPT *c;
 	UINT64 my_tick, your_tick;
@@ -676,6 +726,7 @@ BLOCK *UdpAccelProcessRecvPacket(UDP_ACCEL *a, UCHAR *buf, UINT size, IP *src_ip
 	UINT pad_size;
 	UCHAR *verify;
 	bool compress_flag;
+	UCHAR raw_flag;
 	BLOCK *b = NULL;
 	UINT cookie;
 	// Validate arguments
@@ -686,36 +737,66 @@ BLOCK *UdpAccelProcessRecvPacket(UDP_ACCEL *a, UCHAR *buf, UINT size, IP *src_ip
 
 	if (a->PlainTextMode == false)
 	{
-		// IV
+		if (a->Version == 2)
-		if (size < UDP_ACCELERATION_PACKET_IV_SIZE)
 		{
-			return NULL;
+			// Version 2.0
+			// IV
+			if (size < UDP_ACCELERATION_PACKET_IV_SIZE_V2)
+			{
+				return NULL;
+			}
+			iv = buf;
+			buf += UDP_ACCELERATION_PACKET_IV_SIZE_V2;
+			size -= UDP_ACCELERATION_PACKET_IV_SIZE_V2;
+
+			if (size < AEAD_CHACHA20_POLY1305_MAC_SIZE)
+			{
+				return NULL;
+			}
+
+			// Decryption by RFC 8439: ChaCha20-Poly1305-IETF Encryption with AEAD
+			if (Aead_ChaCha20Poly1305_Ietf_Decrypt(buf, buf, size, a->YourKey_V2,
+				iv, NULL, 0) == false)
+			{
+				return NULL;
+			}
+
+			size -= AEAD_CHACHA20_POLY1305_MAC_SIZE;
 		}
-		iv = buf;
+		else
-		buf += UDP_ACCELERATION_PACKET_IV_SIZE;
-		size -= UDP_ACCELERATION_PACKET_IV_SIZE;
-
-		// Calculate the key
-		UdpAccelCalcKey(key, a->YourKey, iv);
-
-		if (false)
 		{
-			char tmp1[256];
+			// Version 1.0
-			char tmp2[256];
+			// IV
-			char tmp3[256];
+			if (size < UDP_ACCELERATION_PACKET_IV_SIZE_V1)
-			BinToStr(tmp1, sizeof(tmp1), a->YourKey, sizeof(a->YourKey));
+			{
-			BinToStr(tmp2, sizeof(tmp2), iv, UDP_ACCELERATION_PACKET_IV_SIZE);
+				return NULL;
-			BinToStr(tmp3, sizeof(tmp3), key, sizeof(key));
+			}
-			Debug("Your Key: %s\n"
+			iv = buf;
-				  "IV      : %s\n"
+			buf += UDP_ACCELERATION_PACKET_IV_SIZE_V1;
-				  "Comm Key: %s\n",
+			size -= UDP_ACCELERATION_PACKET_IV_SIZE_V1;
-				tmp1, tmp2, tmp3);
-		}
 
-		// Decryption
+			// Calculate the key
-		c = NewCrypt(key, UDP_ACCELERATION_PACKET_KEY_SIZE);
+			UdpAccelCalcKey(key, a->YourKey, iv);
-		Encrypt(c, buf, buf, size);
+
-		FreeCrypt(c);
+			if (false)
+			{
+				char tmp1[256];
+				char tmp2[256];
+				char tmp3[256];
+				BinToStr(tmp1, sizeof(tmp1), a->YourKey, sizeof(a->YourKey));
+				BinToStr(tmp2, sizeof(tmp2), iv, UDP_ACCELERATION_PACKET_IV_SIZE_V1);
+				BinToStr(tmp3, sizeof(tmp3), key, sizeof(key));
+				Debug("Your Key: %s\n"
+					  "IV      : %s\n"
+					  "Comm Key: %s\n",
+					tmp1, tmp2, tmp3);
+			}
+
+			// Decryption
+			c = NewCrypt(key, UDP_ACCELERATION_PACKET_KEY_SIZE_V1);
+			Encrypt(c, buf, buf, size);
+			FreeCrypt(c);
+		}
 	}
 
 	// Cookie
@@ -759,12 +840,20 @@ BLOCK *UdpAccelProcessRecvPacket(UDP_ACCEL *a, UCHAR *buf, UINT size, IP *src_ip
 	buf += sizeof(USHORT);
 	size -= sizeof(USHORT);
 
-	// compress_flag
+	// flag
 	if (size < sizeof(UCHAR))
 	{
 		return NULL;
 	}
-	compress_flag = *((UCHAR *)buf);
+	if (a->ReadRawFlagMode == false)
+	{
+		compress_flag = *((UCHAR *)buf);
+	}
+	else
+	{
+		raw_flag = *((UCHAR *)buf);
+	}
+
 	buf += sizeof(UCHAR);
 	size -= sizeof(UCHAR);
 
@@ -783,26 +872,29 @@ BLOCK *UdpAccelProcessRecvPacket(UDP_ACCEL *a, UCHAR *buf, UINT size, IP *src_ip
 
 	if (a->PlainTextMode == false)
 	{
-		// padding
+		if (a->Version == 1)
-		if (size < UDP_ACCELERATION_PACKET_IV_SIZE)
 		{
-			return false;
+			// padding
-		}
+			if (size < UDP_ACCELERATION_PACKET_IV_SIZE_V1)
-		pad_size = size - UDP_ACCELERATION_PACKET_IV_SIZE;
+			{
-		buf += pad_size;
+				return false;
-		size -= pad_size;
+			}
+			pad_size = size - UDP_ACCELERATION_PACKET_IV_SIZE_V1;
+			buf += pad_size;
+			size -= pad_size;
 
-		// verify
+			// verify
-		if (size != UDP_ACCELERATION_PACKET_IV_SIZE)
+			if (size != UDP_ACCELERATION_PACKET_IV_SIZE_V1)
-		{
+			{
-			return NULL;
+				return NULL;
-		}
+			}
 
-		verify = buf;
+			verify = buf;
 
-		if (IsZero(verify, UDP_ACCELERATION_PACKET_IV_SIZE) == false)
+			if (IsZero(verify, UDP_ACCELERATION_PACKET_IV_SIZE_V1) == false)
-		{
+			{
-			return NULL;
+				return NULL;
+			}
 		}
 	}
 
@@ -819,7 +911,11 @@ BLOCK *UdpAccelProcessRecvPacket(UDP_ACCEL *a, UCHAR *buf, UINT size, IP *src_ip
 
 	if (inner_size >= 1)
 	{
-		b = NewBlock(Clone(inner_data, inner_size), inner_size, compress_flag ? -1 : 0);
+		b = NewBlock(Clone(inner_data, inner_size), inner_size, a->ReadRawFlagMode == false ? (compress_flag ? -1 : 0) : 0);
+		if (a->ReadRawFlagMode)
+		{
+			b->RawFlagRetUdpAccel = raw_flag;
+		}
 	}
 
 	if (a->LastSetSrcIpAndPortTick < a->LastRecvYourTick)
@@ -851,15 +947,15 @@ BLOCK *UdpAccelProcessRecvPacket(UDP_ACCEL *a, UCHAR *buf, UINT size, IP *src_ip
 // Calculate the key
 void UdpAccelCalcKey(UCHAR *key, UCHAR *common_key, UCHAR *iv)
 {
-	UCHAR tmp[UDP_ACCELERATION_COMMON_KEY_SIZE + UDP_ACCELERATION_PACKET_IV_SIZE];
+	UCHAR tmp[UDP_ACCELERATION_COMMON_KEY_SIZE_V1 + UDP_ACCELERATION_PACKET_IV_SIZE_V1];
 	// Validate arguments
 	if (key == NULL || common_key == NULL || iv == NULL)
 	{
 		return;
 	}
 
-	Copy(tmp, common_key, UDP_ACCELERATION_COMMON_KEY_SIZE);
+	Copy(tmp, common_key, UDP_ACCELERATION_COMMON_KEY_SIZE_V1);
-	Copy(tmp + UDP_ACCELERATION_COMMON_KEY_SIZE, iv, UDP_ACCELERATION_PACKET_IV_SIZE);
+	Copy(tmp + UDP_ACCELERATION_COMMON_KEY_SIZE_V1, iv, UDP_ACCELERATION_PACKET_IV_SIZE_V1);
 
 	HashSha1(key, tmp, sizeof(tmp));
 }
@@ -887,7 +983,9 @@ bool UdpAccelInitServer(UDP_ACCEL *a, UCHAR *client_key, IP *client_ip, UINT cli
 	}
 
 	IPToStr(tmp, sizeof(tmp), client_ip);
-	Debug("UdpAccelInitServer: client_ip=%s, client_port=%u, server_cookie=%u, client_cookie=%u\n", tmp, client_port,
+	Debug("UdpAccelInitServer: ver=%u, client_ip=%s, client_port=%u, server_cookie=%u, client_cookie=%u\n",
+		a->Version,
+		tmp, client_port,
 		a->MyCookie, a->YourCookie);
 
 	if (IsIP6(client_ip) != a->IsIPv6)
@@ -895,7 +993,14 @@ bool UdpAccelInitServer(UDP_ACCEL *a, UCHAR *client_key, IP *client_ip, UINT cli
 		return false;
 	}
 
-	Copy(a->YourKey, client_key, UDP_ACCELERATION_COMMON_KEY_SIZE);
+	if (a->Version == 2)
+	{
+		Copy(a->YourKey_V2, client_key, UDP_ACCELERATION_COMMON_KEY_SIZE_V2);
+	}
+	else
+	{
+		Copy(a->YourKey, client_key, UDP_ACCELERATION_COMMON_KEY_SIZE_V1);
+	}
 
 	Copy(&a->YourIp, client_ip, sizeof(IP));
 	Copy(&a->YourIp2, client_ip_2, sizeof(IP));
@@ -919,14 +1024,22 @@ bool UdpAccelInitClient(UDP_ACCEL *a, UCHAR *server_key, IP *server_ip, UINT ser
 	}
 
 	IPToStr(tmp, sizeof(tmp), server_ip);
-	Debug("UdpAccelInitClient: server_ip=%s, server_port=%u, server_cookie=%u, client_cookie=%u\n", tmp, server_port, server_cookie, client_cookie);
+	Debug("UdpAccelInitClient: ver = %u, server_ip=%s, server_port=%u, server_cookie=%u, client_cookie=%u\n",
+		a->Version, tmp, server_port, server_cookie, client_cookie);
 
 	if (IsIP6(server_ip) != a->IsIPv6)
 	{
 		return false;
 	}
 
-	Copy(a->YourKey, server_key, UDP_ACCELERATION_COMMON_KEY_SIZE);
+	if (a->Version == 2)
+	{
+		Copy(a->YourKey_V2, server_key, UDP_ACCELERATION_COMMON_KEY_SIZE_V2);
+	}
+	else
+	{
+		Copy(a->YourKey, server_key, UDP_ACCELERATION_COMMON_KEY_SIZE_V1);
+	}
 
 	Copy(&a->YourIp, server_ip, sizeof(IP));
 	Copy(&a->YourIp2, server_ip_2, sizeof(IP));
@@ -1008,6 +1121,8 @@ UDP_ACCEL *NewUdpAccel(CEDAR *cedar, IP *ip, bool client_mode, bool random_port,
 
 	a->NoNatT = no_nat_t;
 
+	a->Version = 1;
+
 
 	a->NatT_TranId = Rand64();
 
@@ -1021,6 +1136,8 @@ UDP_ACCEL *NewUdpAccel(CEDAR *cedar, IP *ip, bool client_mode, bool random_port,
 	a->UdpSock = s;
 	Rand(a->MyKey, sizeof(a->MyKey));
 	Rand(a->YourKey, sizeof(a->YourKey));
+	Rand(a->MyKey_V2, sizeof(a->MyKey_V2));
+	Rand(a->YourKey_V2, sizeof(a->YourKey_V2));
 
 	Copy(&a->MyIp, ip, sizeof(IP));
 	a->MyPort = s->LocalPort;
@@ -1035,6 +1152,7 @@ UDP_ACCEL *NewUdpAccel(CEDAR *cedar, IP *ip, bool client_mode, bool random_port,
 	a->RecvBlockQueue = NewQueue();
 
 	Rand(a->NextIv, sizeof(a->NextIv));
+	Rand(a->NextIv_V2, sizeof(a->NextIv_V2));
 
 	do
 	{

src/Cedar/UdpAccel.h

@@ -106,9 +106,14 @@
 #define	UDPACCEL_H
 
 // Constants
-#define	UDP_ACCELERATION_COMMON_KEY_SIZE	20			// Common key size
+#define	UDP_ACCELERATION_COMMON_KEY_SIZE_V1	20			// V1: Common key size
-#define	UDP_ACCELERATION_PACKET_KEY_SIZE	20			// Key size for the packet
+#define	UDP_ACCELERATION_PACKET_KEY_SIZE_V1	20			// V1: Key size for the packet
-#define	UDP_ACCELERATION_PACKET_IV_SIZE		20			// IV size for the packet
+#define	UDP_ACCELERATION_PACKET_IV_SIZE_V1	20			// V1: IV size for the packet
+
+#define	UDP_ACCELERATION_COMMON_KEY_SIZE_V2	128			// V2: Common key size
+#define	UDP_ACCELERATION_PACKET_IV_SIZE_V2	12			// V2: IV size for the packet
+#define UDP_ACCELERATION_PACKET_MAC_SIZE_V2	16			// V2: MAC size for the packet
+
 #define	UDP_ACCELERATION_TMP_BUF_SIZE		2048		// Temporary buffer size
 #define	UDP_ACCELERATION_WINDOW_SIZE_MSEC	(30 * 1000)	// Receive window size (in milliseconds)
 
@@ -142,8 +147,8 @@ struct UDP_ACCEL
 	bool ClientMode;									// Whether client mode
 	bool IsInCedarPortList;								// Whether included in the port list of the Cedar
 	UINT64 Now;											// Current time
-	UCHAR MyKey[UDP_ACCELERATION_COMMON_KEY_SIZE];		// Submit-direction common key
+	UCHAR MyKey[UDP_ACCELERATION_COMMON_KEY_SIZE_V1];		// Submit-direction common key
-	UCHAR YourKey[UDP_ACCELERATION_COMMON_KEY_SIZE];	// Receiving-direction common key
+	UCHAR YourKey[UDP_ACCELERATION_COMMON_KEY_SIZE_V1];	// Receiving-direction common key
 	SOCK *UdpSock;										// UDP socket
 	UINT MyPort;										// My port number
 	UINT YourPort;										// Port number of the other party
@@ -160,7 +165,7 @@ struct UDP_ACCEL
 	UINT64 LastSetSrcIpAndPortTick;						// Opponent's tick ??value at the time of storing the IP address and port number of the opponent at the end
 	UINT64 LastRecvTick;								// Tick when data has received at the end
 	UINT64 NextSendKeepAlive;							// Next time to send a KeepAlive packet
-	UCHAR NextIv[UDP_ACCELERATION_PACKET_IV_SIZE];		// IV to be used next
+	UCHAR NextIv[UDP_ACCELERATION_PACKET_IV_SIZE_V1];		// IV to be used next
 	UINT MyCookie;										// My cookie
 	UINT YourCookie;									// Cookie of the other party
 	bool Inited;										// Initialized flag
@@ -191,6 +196,11 @@ struct UDP_ACCEL
 	UCHAR UdpIpQueryPacketData[16];						// Query packet data (final transmission)
 	UINT UdpIpQueryPacketSize;							// Query packet data size (final transmission)
 	UCHAR UdpHostUniqueKey[SHA1_SIZE];					// Unique key for UDP self endpoint query
+	UINT Version;										// Version
+	UCHAR MyKey_V2[UDP_ACCELERATION_COMMON_KEY_SIZE_V2];	// Submit-direction common key (Ver 2)
+	UCHAR YourKey_V2[UDP_ACCELERATION_COMMON_KEY_SIZE_V2];	// Receiving-direction common key (Ver 2)
+	UCHAR NextIv_V2[UDP_ACCELERATION_PACKET_IV_SIZE_V2];	// IV to be used next (Ver 2)
+	bool ReadRawFlagMode;								// Read raw flag mode
 };
 
 // Function prototype
@@ -203,7 +213,7 @@ void UdpAccelSetTick(UDP_ACCEL *a, UINT64 tick64);
 BLOCK *UdpAccelProcessRecvPacket(UDP_ACCEL *a, UCHAR *buf, UINT size, IP *src_ip, UINT src_port);
 void UdpAccelCalcKey(UCHAR *key, UCHAR *common_key, UCHAR *iv);
 bool UdpAccelIsSendReady(UDP_ACCEL *a, bool check_keepalive);
-void UdpAccelSend(UDP_ACCEL *a, UCHAR *data, UINT data_size, bool compressed, UINT max_size, bool high_priority);
+void UdpAccelSend(UDP_ACCEL *a, UCHAR *data, UINT data_size, UCHAR flag, UINT max_size, bool high_priority);
 void UdpAccelSendBlock(UDP_ACCEL *a, BLOCK *b);
 UINT UdpAccelCalcMss(UDP_ACCEL *a);
 void NatT_GetIpThread(THREAD *thread, void *param);

src/Cedar/VLanWin32.c

@@ -367,8 +367,8 @@ void RouteTrackingMain(SESSION *s)
 			if (IPToUINT(&e->DestIP) == 0 &&
 				IPToUINT(&e->DestMask) == 0)
 			{
-				Debug("e->InterfaceID = %u, t->VLanInterfaceId = %u\n",
+				//Debug("e->InterfaceID = %u, t->VLanInterfaceId = %u\n",
-					e->InterfaceID, t->VLanInterfaceId);
+				//	e->InterfaceID, t->VLanInterfaceId);
 
 				if (e->InterfaceID == t->VLanInterfaceId)
 				{

src/CurrentBuild.txt

@@ -1,4 +1,4 @@
-BUILD_NUMBER 9680
+BUILD_NUMBER 9695
-VERSION 429
+VERSION 430
-BUILD_NAME rtm
+BUILD_NAME beta
-BUILD_DATE 20190228_183947
+BUILD_DATE 20190707_195808

src/Mayaqua/Encrypt.h

@@ -105,6 +105,10 @@
 #ifndef	ENCRYPT_H
 #define	ENCRYPT_H
 
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+//#define USE_OPENSSL_AEAD_CHACHA20POLY1305
+#endif
+
 // Function of OpenSSL
 void RAND_Init_For_SoftEther();
 void RAND_Free_For_SoftEther();
@@ -132,6 +136,12 @@ void RAND_Free_For_SoftEther();
 #define	AES_IV_SIZE					16			// AES IV size
 #define	AES_MAX_KEY_SIZE			32			// Maximum AES key size
 
+// RFC 8439: ChaCha20 and Poly1305 for IETF Protocols
+#define AEAD_CHACHA20_POLY1305_MAC_SIZE		16	// MAC size
+#define AEAD_CHACHA20_POLY1305_NONCE_SIZE	12	// Nonce size
+#define AEAD_CHACHA20_POLY1305_KEY_SIZE		32	// Key size
+
+
 // IANA definitions taken from IKEv1 Phase 1
 #define SHA1_160						2
 #define SHA2_256						4
@@ -574,6 +584,22 @@ BUF *EasyDecrypt(BUF *src_buf);
 
 void DisableIntelAesAccel();
 
+int GetSslClientCertIndex();
+
+void Aead_ChaCha20Poly1305_Ietf_Encrypt_Embedded(void *dst, void *src, UINT src_size, void *key, void *nonce, void *aad, UINT aad_size);
+bool Aead_ChaCha20Poly1305_Ietf_Decrypt_Embedded(void *dst, void *src, UINT src_size, void *key, void *nonce, void *aad, UINT aad_size);
+
+void Aead_ChaCha20Poly1305_Ietf_Encrypt_OpenSSL(void *dst, void *src, UINT src_size, void *key, void *nonce, void *aad, UINT aad_size);
+bool Aead_ChaCha20Poly1305_Ietf_Decrypt_OpenSSL(void *dst, void *src, UINT src_size, void *key, void *nonce, void *aad, UINT aad_size);
+
+void Aead_ChaCha20Poly1305_Ietf_Encrypt(void *dst, void *src, UINT src_size, void *key, void *nonce, void *aad, UINT aad_size);
+bool Aead_ChaCha20Poly1305_Ietf_Decrypt(void *dst, void *src, UINT src_size, void *key, void *nonce, void *aad, UINT aad_size);
+
+bool Aead_ChaCha20Poly1305_Ietf_IsOpenSSL();
+
+void Aead_ChaCha20Poly1305_Ietf_Test();
+
+
 #ifdef	ENCRYPT_C
 // Inner function
 

src/Mayaqua/FileIO.c

@@ -1292,6 +1292,12 @@ void BuildHamcore(char *dst_filename, char *src_dir, bool unix_only)
 				}
 			}
 
+			if (InStr(rpath, "\\node_modules\\"))
+			{
+				// Exclude node_modules in the hamcore\webroot
+				ok = false;
+			}
+
 			if (ok)
 			{
 				b = ReadDump(s);

src/Mayaqua/Kernel.c

@@ -1622,11 +1622,102 @@ void GetDateTimeStrMilli(char *str, UINT size, SYSTEMTIME *st)
 		st->wMilliseconds);
 }
 
+// Convert string RFC3339 format (example: 2017-09-27T18:25:55.434-9:00) to UINT64
+UINT64 DateTimeStrRFC3339ToSystemTime64(char *str)
+{
+	SYSTEMTIME st;
+	if (DateTimeStrRFC3339ToSystemTime(&st, str))
+	{
+		return SystemToUINT64(&st);
+	}
+	else
+	{
+		return 0;
+	}
+}
+
+// Convert string RFC3339 format (example: 2017-09-27T18:25:55.434-9:00) to SYSTEMTIME
+bool DateTimeStrRFC3339ToSystemTime(SYSTEMTIME *st, char *str)
+{
+	bool ok = false;
+	UINT index_plus;
+	char tmp[MAX_PATH];
+	Zero(st, sizeof(SYSTEMTIME));
+	if (st == NULL || str == NULL)
+	{
+		return false;
+	}
+
+	StrCpy(tmp, sizeof(tmp), str);
+
+	index_plus = SearchStrEx(tmp, "+", 0, false);
+	if (index_plus != INFINITE)
+	{
+		tmp[index_plus] = 0;
+	}
+
+	if (StrLen(tmp) >= 19)
+	{
+		if (tmp[4] == '-' && tmp[7] == '-' && tmp[10] == 'T' && tmp[13] == ':' &&
+			tmp[16] == ':')
+		{
+			char str_year[16], str_month[16], str_day[16], str_hour[16], str_minute[16],
+				 str_second[16], str_msec[16];
+
+			StrCpy(str_year, sizeof(str_year), tmp + 0);
+			str_year[4] = 0;
+
+			StrCpy(str_month, sizeof(str_month), tmp + 5);
+			str_month[2] = 0;
+
+			StrCpy(str_day, sizeof(str_day), tmp + 8);
+			str_day[2] = 0;
+
+			StrCpy(str_hour, sizeof(str_hour), tmp + 11);
+			str_hour[2] = 0;
+
+			StrCpy(str_minute, sizeof(str_minute), tmp + 14);
+			str_minute[2] = 0;
+
+			StrCpy(str_second, sizeof(str_second), tmp + 17);
+			str_second[2] = 0;
+
+			str_msec[0] = 0;
+
+			if (StrLen(tmp) >= 21 && tmp[19] == '.')
+			{
+				StrCpy(str_msec, sizeof(str_msec), tmp + 20);
+				str_msec[StrLen(tmp) - 21] = 0;
+				while (StrLen(str_msec) < 3)
+				{
+					StrCat(str_msec, sizeof(str_msec), "0");
+				}
+				str_msec[3] = 0;
+			}
+
+			st->wYear = ToInt(str_year);
+			st->wMonth = ToInt(str_month);
+			st->wDay = ToInt(str_day);
+			st->wHour = ToInt(str_hour);
+			st->wMinute = ToInt(str_minute);
+			st->wSecond = ToInt(str_second);
+			st->wMilliseconds = ToInt(str_msec);
+
+			NormalizeSystem(st);
+
+			ok = true;
+		}
+	}
+
+	return ok;
+}
+
 // Get the date and time string in RFC3339 format (example: 2017-09-27T18:25:55.434-9:00)
 void GetDateTimeStrRFC3339(char *str, UINT size, SYSTEMTIME *st, int timezone_min){
 	// Validate arguments
 	if (str == NULL || st == NULL)
 	{
+		ClearStr(str, size);
 		return;
 	}
 

src/Mayaqua/Kernel.h

@@ -240,6 +240,8 @@ void GetDateStrEx64(wchar_t *str, UINT size, UINT64 sec64, LOCALE *locale);
 void GetTimeStrMilli64(char *str, UINT size, UINT64 sec64);
 void GetTimeStr64(char *str, UINT size, UINT64 sec64);
 void GetDateTimeStrRFC3339(char *str, UINT size, SYSTEMTIME *st, int timezone_min);
+bool DateTimeStrRFC3339ToSystemTime(SYSTEMTIME *st, char *str);
+UINT64 DateTimeStrRFC3339ToSystemTime64(char *str);
 UINT64 SafeTime64(UINT64 sec64);
 bool Run(char *filename, char *arg, bool hide, bool wait);
 bool RunW(wchar_t *filename, wchar_t *arg, bool hide, bool wait);

src/Mayaqua/MayaType.h

@@ -136,7 +136,7 @@ typedef struct x509_crl_st X509_CRL;
 #define	BUF_SIZE			512
 
 // Support Windows OS list
-#define	SUPPORTED_WINDOWS_LIST		"Windows 98 / 98 SE / ME / NT 4.0 SP6a / 2000 SP4 / XP SP2, SP3 / Vista SP1, SP2 / 7 SP1 / 8 / 8.1 / 10 / Server 2003 SP2 / Server 2008 SP1, SP2 / Hyper-V Server 2008 / Server 2008 R2 SP1 / Hyper-V Server 2008 R2 / Server 2012 / Hyper-V Server 2012 / Server 2012 R2 / Hyper-V Server 2012 R2 / Server 2016"
+#define	SUPPORTED_WINDOWS_LIST		"Windows 98 / 98 SE / ME / NT 4.0 SP6a / 2000 SP4 / XP SP2, SP3 / Vista SP1, SP2 / 7 SP1 / 8 / 8.1 / 10 / Server 2003 SP2 / Server 2008 SP1, SP2 / Hyper-V Server 2008 / Server 2008 R2 SP1 / Hyper-V Server 2008 R2 / Server 2012 / Hyper-V Server 2012 / Server 2012 R2 / Hyper-V Server 2012 R2 / Server 2016 / Server 2019"
 
 // Infinite
 #ifndef	WINDOWS_H
@@ -421,6 +421,9 @@ typedef struct PRAND PRAND;
 // Str.h
 typedef struct TOKEN_LIST TOKEN_LIST;
 typedef struct INI_ENTRY INI_ENTRY;
+typedef struct JSON_OBJECT JSON_OBJECT;
+typedef struct JSON_ARRAY  JSON_ARRAY;
+typedef struct JSON_VALUE  JSON_VALUE;
 
 // Internat.h
 typedef struct UNI_TOKEN_LIST UNI_TOKEN_LIST;
@@ -457,6 +460,8 @@ typedef struct INSTANCE INSTANCE;
 typedef struct VALUE VALUE;
 typedef struct ELEMENT ELEMENT;
 typedef struct PACK PACK;
+typedef struct JSONPACKHINT JSONPACKHINT;
+typedef struct JSONPACKHINT_ITEM JSONPACKHINT_ITEM;
 
 // Cfg.h
 typedef struct FOLDER FOLDER;

src/Mayaqua/Memory.c

@@ -1646,6 +1646,48 @@ bool ReplaceListPointer(LIST *o, void *oldptr, void *newptr)
 	return false;
 }
 
+// New string list
+LIST *NewStrList()
+{
+	return NewListFast(CompareStr);
+}
+
+// Release string list
+void ReleaseStrList(LIST *o)
+{
+	UINT i;
+	if (o == NULL)
+	{
+		return;
+	}
+
+	for (i = 0;i < LIST_NUM(o);i++)
+	{
+		char *s = LIST_DATA(o, i);
+		Free(s);
+	}
+
+	ReleaseList(o);
+}
+
+// Add a string distinct to the string list
+bool AddStrToStrListDistinct(LIST *o, char *str)
+{
+	if (o == NULL || str == NULL)
+	{
+		return false;
+	}
+
+	if (IsInListStr(o, str) == false)
+	{
+		Add(o, CopyStr(str));
+
+		return true;
+	}
+
+	return false;
+}
+
 // Examine whether a string items are present in the list
 bool IsInListStr(LIST *o, char *str)
 {
@@ -3361,6 +3403,43 @@ void WriteBufBuf(BUF *b, BUF *bb)
 	WriteBuf(b, bb->Buf, bb->Size);
 }
 
+// Write the buffer (from the offset) to a buffer
+void WriteBufBufWithOffset(BUF *b, BUF *bb)
+{
+	// Validate arguments
+	if (b == NULL || bb == NULL)
+	{
+		return;
+	}
+
+	WriteBuf(b, ((UCHAR *)bb->Buf) + bb->Current, bb->Size - bb->Current);
+}
+
+// Skip UTF-8 BOM
+bool BufSkipUtf8Bom(BUF *b)
+{
+	if (b == NULL)
+	{
+		return false;
+	}
+
+	SeekBufToBegin(b);
+
+	if (b->Size >= 3)
+	{
+		UCHAR *data = b->Buf;
+
+		if (data[0] == 0xEF && data[1] == 0xBB && data[2] == 0xBF)
+		{
+			SeekBuf(b, 3, 1);
+
+			return true;
+		}
+	}
+
+	return false;
+}
+
 // Read into a buffer from the buffer
 BUF *ReadBufFromBuf(BUF *b, UINT size)
 {
@@ -4226,7 +4305,7 @@ void *InternalReAlloc(void *addr, UINT size)
 	}
 
 #ifndef	DONT_USE_KERNEL_STATUS
-	TrackChangeObjSize((DWORD)addr, size, (DWORD)new_addr);
+	TrackChangeObjSize(POINTER_TO_UINT64(addr), size, POINTER_TO_UINT64(new_addr));
 #endif	// DONT_USE_KERNEL_STATUS
 
 	return new_addr;

src/Mayaqua/Memory.h

@@ -305,7 +305,9 @@ BUF *NewBufFromMemory(void *buf, UINT size);
 void ClearBuf(BUF *b);
 void WriteBuf(BUF *b, void *buf, UINT size);
 void WriteBufBuf(BUF *b, BUF *bb);
+void WriteBufBufWithOffset(BUF *b, BUF *bb);
 UINT ReadBuf(BUF *b, void *buf, UINT size);
+bool BufSkipUtf8Bom(BUF *b);
 BUF *ReadBufFromBuf(BUF *b, UINT size);
 void AdjustBufSize(BUF *b, UINT new_size);
 void SeekBuf(BUF *b, UINT offset, int mode);
@@ -469,5 +471,9 @@ void CleanupSharedBuffer(SHARED_BUFFER *b);
 void AppendBufUtf8(BUF *b, wchar_t *str);
 void AppendBufStr(BUF *b, char *str);
 
+LIST *NewStrList();
+void ReleaseStrList(LIST *o);
+bool AddStrToStrListDistinct(LIST *o, char *str);
+
 #endif	// MEMORY_H
 

src/Mayaqua/Microsoft.c

@@ -3413,6 +3413,60 @@ HANDLE MsCreateUserToken()
 }
 
 
+// Check whether SHA-2 kernel mode signature is supported
+bool MsIsSha2KernelModeSignatureSupported()
+{
+	HINSTANCE hDll;
+	bool ret = false;
+
+	if (MsIsWindows8())
+	{
+		return true;
+	}
+
+	hDll = LoadLibrary("Wintrust.dll");
+	if (hDll == NULL)
+	{
+		return false;
+	}
+
+	if (GetProcAddress(hDll, "CryptCATAdminAcquireContext2") != NULL)
+	{
+		ret = true;
+	}
+
+	FreeLibrary(hDll);
+
+	return ret;
+}
+
+// Check whether KB3033929 is required
+bool MsIsKB3033929RequiredAndMissing()
+{
+	OS_INFO *info = GetOsInfo();
+
+	if (info == NULL)
+	{
+		return false;
+	}
+
+	if (OS_IS_WINDOWS_NT(info->OsType))
+	{
+		if (GET_KETA(info->OsType, 100) == 6)
+		{
+			if (MsIsX64())
+			{
+				if (MsIsSha2KernelModeSignatureSupported() == false)
+				{
+					return true;
+				}
+			}
+		}
+	}
+
+	return false;
+}
+
 // Check the digital signature of the file
 bool MsCheckFileDigitalSignature(HWND hWnd, char *name, bool *danger)
 {

src/Mayaqua/Microsoft.h

@@ -1017,6 +1017,9 @@ bool MsIsInfCatalogRequired();
 bool MsCheckFileDigitalSignature(HWND hWnd, char *name, bool *danger);
 bool MsCheckFileDigitalSignatureW(HWND hWnd, wchar_t *name, bool *danger);
 
+bool MsIsKB3033929RequiredAndMissing();
+bool MsIsSha2KernelModeSignatureSupported();
+
 
 bool MsGetProcessExeName(char *path, UINT size, UINT id);
 bool MsGetProcessExeNameW(wchar_t *path, UINT size, UINT id);

src/Mayaqua/Network.c

@@ -2651,70 +2651,128 @@ void RUDPBulkSend(RUDP_STACK *r, RUDP_SESSION *se, void *data, UINT data_size)
 	UCHAR crypt_key_src[SHA1_SIZE * 2];
 	UCHAR crypt_key[SHA1_SIZE];
 	UINT icmp_type;
-	UCHAR sign[SHA1_SIZE];
-	UCHAR iv[SHA1_SIZE + 1];
 	// Validate arguments
 	if (r == NULL || se == NULL || (data == NULL && data_size != 0))
 	{
 		return;
 	}
 
-	padding_size = Rand32() % 31 + 1;
+	if (se->BulkSendKey->Size == RUDP_BULK_KEY_SIZE_V2)
-
-	buf_size = SHA1_SIZE + SHA1_SIZE + sizeof(UINT64) + data_size + padding_size;
-	buf = Malloc(buf_size);
-
-	// SEQ NO
-	WRITE_UINT64(buf + SHA1_SIZE + SHA1_SIZE, se->BulkNextSeqNo);
-	se->BulkNextSeqNo++;
-
-	// Data
-	Copy(buf + SHA1_SIZE + SHA1_SIZE + sizeof(UINT64), data, data_size);
-
-	// Padding
-	for (i = 0;i < padding_size;i++)
 	{
-		buf[SHA1_SIZE + SHA1_SIZE + sizeof(UINT64) + data_size + i] = (UCHAR)padding_size;
+		// Ver 2
-	}
+		UCHAR iv[RUDP_BULK_IV_SIZE_V2];
 
-	// Encryption
+		padding_size = Rand32() % 31 + 1;
-	Copy(iv, se->BulkNextIv, SHA1_SIZE);
-	Copy(crypt_key_src + 0, se->BulkSendKey->Data, SHA1_SIZE);
-	Copy(crypt_key_src + SHA1_SIZE, iv, SHA1_SIZE);
-	HashSha1(crypt_key, crypt_key_src, SHA1_SIZE * 2);
-	c = NewCrypt(crypt_key, sizeof(crypt_key));
-	Encrypt(c, buf + SHA1_SIZE + SHA1_SIZE, buf + SHA1_SIZE + SHA1_SIZE, sizeof(UINT64) + data_size + padding_size);
-	FreeCrypt(c);
 
-	// IV
+		// Packet: IV + Encrypted(SEQ_NO + Data + padding) + MAC
-	Copy(buf + SHA1_SIZE, iv, SHA1_SIZE);
+		buf_size = RUDP_BULK_IV_SIZE_V2 + sizeof(UINT64) + data_size + padding_size + RUDP_BULK_MAC_SIZE_V2;
+		buf = Malloc(buf_size);
 
-	// Sign
+		// IV
-	if (se->UseHMac == false)
+		Copy(iv, se->BulkNextIv_V2, RUDP_BULK_IV_SIZE_V2);
-	{
+		Copy(buf, iv, RUDP_BULK_IV_SIZE_V2);
-		Copy(buf + 0, se->BulkSendKey->Data, SHA1_SIZE);
+
-		HashSha1(sign, buf, SHA1_SIZE + SHA1_SIZE + sizeof(UINT64) + data_size + padding_size);
+		// SEQ NO
-		Copy(buf + 0, sign, SHA1_SIZE);
+		WRITE_UINT64(buf + RUDP_BULK_IV_SIZE_V2, se->BulkNextSeqNo);
+		se->BulkNextSeqNo++;
+
+		// Data
+		Copy(buf + RUDP_BULK_IV_SIZE_V2 + sizeof(UINT64), data, data_size);
+
+		// Padding
+		for (i = 0;i < padding_size;i++)
+		{
+			buf[RUDP_BULK_IV_SIZE_V2 + sizeof(UINT64) + data_size + i] = (UCHAR)padding_size;
+		}
+
+		// Encryption
+		Aead_ChaCha20Poly1305_Ietf_Encrypt(buf + RUDP_BULK_IV_SIZE_V2,
+			buf + RUDP_BULK_IV_SIZE_V2,
+			sizeof(UINT64) + data_size + padding_size,
+			se->BulkSendKey->Data,
+			iv,
+			NULL,
+			0);
+
+		// Next IV
+		Copy(se->BulkNextIv_V2, buf + RUDP_BULK_IV_SIZE_V2 + sizeof(UINT64) + data_size + padding_size - RUDP_BULK_IV_SIZE_V2,
+			RUDP_BULK_IV_SIZE_V2);
+
+		if (r->Protocol == RUDP_PROTOCOL_ICMP)
+		{
+			icmp_type = se->Icmp_Type;
+		}
+		else if (r->Protocol == RUDP_PROTOCOL_DNS)
+		{
+			icmp_type = se->Dns_TranId;
+		}
+		RUDPSendPacket(r, &se->YourIp, se->YourPort, buf, buf_size, icmp_type);
+
+		Free(buf);
 	}
 	else
 	{
-		HMacSha1(buf + 0, se->BulkSendKey->Data, SHA1_SIZE, buf + SHA1_SIZE, SHA1_SIZE + sizeof(UINT64) + data_size + padding_size);
+		UCHAR sign[SHA1_SIZE];
-	}
+		UCHAR iv[SHA1_SIZE];
 
-	// Next IV
+		// Ver 1
-	Copy(se->BulkNextIv, buf + buf_size - SHA1_SIZE, SHA1_SIZE);
+		padding_size = Rand32() % 31 + 1;
 
-	if (r->Protocol == RUDP_PROTOCOL_ICMP)
+		buf_size = SHA1_SIZE + SHA1_SIZE + sizeof(UINT64) + data_size + padding_size;
-	{
+		buf = Malloc(buf_size);
-		icmp_type = se->Icmp_Type;
-	}
-	else if (r->Protocol == RUDP_PROTOCOL_DNS)
-	{
-		icmp_type = se->Dns_TranId;
-	}
-	RUDPSendPacket(r, &se->YourIp, se->YourPort, buf, buf_size, icmp_type);
 
-	Free(buf);
+		// SEQ NO
+		WRITE_UINT64(buf + SHA1_SIZE + SHA1_SIZE, se->BulkNextSeqNo);
+		se->BulkNextSeqNo++;
+
+		// Data
+		Copy(buf + SHA1_SIZE + SHA1_SIZE + sizeof(UINT64), data, data_size);
+
+		// Padding
+		for (i = 0;i < padding_size;i++)
+		{
+			buf[SHA1_SIZE + SHA1_SIZE + sizeof(UINT64) + data_size + i] = (UCHAR)padding_size;
+		}
+
+		// Encryption
+		Copy(iv, se->BulkNextIv, SHA1_SIZE);
+		Copy(crypt_key_src + 0, se->BulkSendKey->Data, SHA1_SIZE);
+		Copy(crypt_key_src + SHA1_SIZE, iv, SHA1_SIZE);
+		HashSha1(crypt_key, crypt_key_src, SHA1_SIZE * 2);
+		c = NewCrypt(crypt_key, sizeof(crypt_key));
+		Encrypt(c, buf + SHA1_SIZE + SHA1_SIZE, buf + SHA1_SIZE + SHA1_SIZE, sizeof(UINT64) + data_size + padding_size);
+		FreeCrypt(c);
+
+		// IV
+		Copy(buf + SHA1_SIZE, iv, SHA1_SIZE);
+
+		// Sign
+		if (se->UseHMac == false)
+		{
+			Copy(buf + 0, se->BulkSendKey->Data, SHA1_SIZE);
+			HashSha1(sign, buf, SHA1_SIZE + SHA1_SIZE + sizeof(UINT64) + data_size + padding_size);
+			Copy(buf + 0, sign, SHA1_SIZE);
+		}
+		else
+		{
+			HMacSha1(buf + 0, se->BulkSendKey->Data, SHA1_SIZE, buf + SHA1_SIZE, SHA1_SIZE + sizeof(UINT64) + data_size + padding_size);
+		}
+
+		// Next IV
+		Copy(se->BulkNextIv, buf + buf_size - SHA1_SIZE, SHA1_SIZE);
+
+		if (r->Protocol == RUDP_PROTOCOL_ICMP)
+		{
+			icmp_type = se->Icmp_Type;
+		}
+		else if (r->Protocol == RUDP_PROTOCOL_DNS)
+		{
+			icmp_type = se->Dns_TranId;
+		}
+		RUDPSendPacket(r, &se->YourIp, se->YourPort, buf, buf_size, icmp_type);
+
+		Free(buf);
+	}
 }
 
 // Start a socket for R-UDP Listening
@@ -2775,14 +2833,20 @@ SOCK *AcceptRUDP(SOCK *s)
 			{
 			case RUDP_PROTOCOL_UDP:
 				StrCpy(ret->UnderlayProtocol, sizeof(ret->UnderlayProtocol), SOCK_UNDERLAY_NAT_T);
+				AddProtocolDetailsStr(ret->ProtocolDetails, sizeof(ret->ProtocolDetails),
+					"RUDP/UDP");
 				break;
 
 			case RUDP_PROTOCOL_DNS:
 				StrCpy(ret->UnderlayProtocol, sizeof(ret->UnderlayProtocol), SOCK_UNDERLAY_DNS);
+				AddProtocolDetailsStr(ret->ProtocolDetails, sizeof(ret->ProtocolDetails),
+					"RUDP/DNS");
 				break;
 
 			case RUDP_PROTOCOL_ICMP:
 				StrCpy(ret->UnderlayProtocol, sizeof(ret->UnderlayProtocol), SOCK_UNDERLAY_ICMP);
+				AddProtocolDetailsStr(ret->ProtocolDetails, sizeof(ret->ProtocolDetails),
+					"RUDP/ICMP");
 				break;
 			}
 
@@ -2835,26 +2899,55 @@ bool RUDPCheckSignOfRecvPacket(RUDP_STACK *r, RUDP_SESSION *se, void *recv_data,
 	}
 
 	// Verification signature (bulk packet)
-	if (se->UseHMac == false)
+	if (se->BulkRecvKey->Size == RUDP_BULK_KEY_SIZE_V2)
 	{
-		Copy(sign, p, SHA1_SIZE);
+		// Ver 2
-		Copy(p, se->BulkRecvKey->Data, SHA1_SIZE);
+		UCHAR *iv = p;
-		HashSha1(sign2, p, recv_size);
+		// Packet: IV + Encrypted(SEQ_NO + Data + padding) + MAC
-		Copy(p, sign, SHA1_SIZE);
+		// IV
-
+		if (size < RUDP_BULK_IV_SIZE_V2)
-		if (Cmp(sign, sign2, SHA1_SIZE) == 0)
 		{
+			return false;
+		}
+		iv = p;
+		p += RUDP_BULK_IV_SIZE_V2;
+		size -= RUDP_BULK_IV_SIZE_V2;
+
+		// Decrypt
+		if (size < (RUDP_BULK_MAC_SIZE_V2 + 1))
+		{
+			return false;
+		}
+		if (Aead_ChaCha20Poly1305_Ietf_Decrypt(r->TmpBuf, p, size, se->BulkRecvKey->Data, iv, NULL, 0) == false)
+		{
+			return false;
+		}
+		return true;
+	}
+	else
+	{
+		// Ver 1
+		if (se->UseHMac == false)
+		{
+			Copy(sign, p, SHA1_SIZE);
+			Copy(p, se->BulkRecvKey->Data, SHA1_SIZE);
+			HashSha1(sign2, p, recv_size);
+			Copy(p, sign, SHA1_SIZE);
+
+			if (Cmp(sign, sign2, SHA1_SIZE) == 0)
+			{
+				return true;
+			}
+		}
+
+		HMacSha1(sign2, se->BulkRecvKey->Data, SHA1_SIZE, p + SHA1_SIZE, size - SHA1_SIZE);
+		if (Cmp(p, sign2, SHA1_SIZE) == 0)
+		{
+			se->UseHMac = true;
 			return true;
 		}
 	}
 
-	HMacSha1(sign2, se->BulkRecvKey->Data, SHA1_SIZE, p + SHA1_SIZE, size - SHA1_SIZE);
-	if (Cmp(p, sign2, SHA1_SIZE) == 0)
-	{
-		se->UseHMac = true;
-		return true;
-	}
-
 	return false;
 }
 
@@ -2886,15 +2979,76 @@ bool RUDPProcessBulkRecvPacket(RUDP_STACK *r, RUDP_SESSION *se, void *recv_data,
 		return false;
 	}
 
-	// Validate the signature
+	if (se->BulkRecvKey->Size == RUDP_BULK_KEY_SIZE_V2)
-	if (se->UseHMac == false)
 	{
-		Copy(sign, p, SHA1_SIZE);
+		// Ver 2
-		Copy(p, se->BulkRecvKey->Data, SHA1_SIZE);
+		// Packet: IV + Encrypted(SEQ_NO + Data + padding) + MAC
-		HashSha1(sign2, p, recv_size);
+		// IV
-		Copy(p, sign, SHA1_SIZE);
+		if (size < RUDP_BULK_IV_SIZE_V2)
+		{
+			WHERE;
+			return false;
+		}
+		iv = p;
+		p += RUDP_BULK_IV_SIZE_V2;
+		size -= RUDP_BULK_IV_SIZE_V2;
 
-		if (Cmp(sign, sign2, SHA1_SIZE) != 0)
+		// Decrypt
+		if (size < (RUDP_BULK_MAC_SIZE_V2 + 1))
+		{
+			WHERE;
+			return false;
+		}
+		if (Aead_ChaCha20Poly1305_Ietf_Decrypt(p, p, size, se->BulkRecvKey->Data, iv, NULL, 0) == false)
+		{
+			WHERE;
+			return false;
+		}
+
+		size -= RUDP_BULK_MAC_SIZE_V2;
+
+		// padlen
+		padlen = p[size - 1];
+		if (padlen == 0)
+		{
+			WHERE;
+			return false;
+		}
+		if (size < padlen)
+		{
+			WHERE;
+			return false;
+		}
+		size -= padlen;
+	}
+	else
+	{
+		// Validate the signature
+		if (se->UseHMac == false)
+		{
+			Copy(sign, p, SHA1_SIZE);
+			Copy(p, se->BulkRecvKey->Data, SHA1_SIZE);
+			HashSha1(sign2, p, recv_size);
+			Copy(p, sign, SHA1_SIZE);
+
+			if (Cmp(sign, sign2, SHA1_SIZE) != 0)
+			{
+				HMacSha1(sign2, se->BulkRecvKey->Data, SHA1_SIZE, p + SHA1_SIZE, recv_size - SHA1_SIZE);
+
+				if (Cmp(p, sign2, SHA1_SIZE) != 0)
+				{
+					return false;
+				}
+				else
+				{
+					se->UseHMac = true;
+				}
+			}
+			else
+			{
+			}
+		}
+		else
 		{
 			HMacSha1(sign2, se->BulkRecvKey->Data, SHA1_SIZE, p + SHA1_SIZE, recv_size - SHA1_SIZE);
 
@@ -2902,61 +3056,45 @@ bool RUDPProcessBulkRecvPacket(RUDP_STACK *r, RUDP_SESSION *se, void *recv_data,
 			{
 				return false;
 			}
-			else
-			{
-				se->UseHMac = true;
-			}
 		}
-		else
-		{
-		}
-	}
-	else
-	{
-		HMacSha1(sign2, se->BulkRecvKey->Data, SHA1_SIZE, p + SHA1_SIZE, recv_size - SHA1_SIZE);
 
-		if (Cmp(p, sign2, SHA1_SIZE) != 0)
+		p += SHA1_SIZE;
+		size -= SHA1_SIZE;
+
+		// IV
+		if (size < SHA1_SIZE)
 		{
 			return false;
 		}
-	}
+		iv = p;
+		p += SHA1_SIZE;
+		size -= SHA1_SIZE;
 
-	p += SHA1_SIZE;
+		// Decrypt
-	size -= SHA1_SIZE;
+		if (size < 1)
+		{
+			return false;
+		}
+		Copy(keygen + 0, se->BulkRecvKey->Data, SHA1_SIZE);
+		Copy(keygen + SHA1_SIZE, iv, SHA1_SIZE);
+		HashSha1(key, keygen, sizeof(keygen));
 
-	// IV
+		c = NewCrypt(key, sizeof(key));
-	if (size < SHA1_SIZE)
+		Encrypt(c, p, p, size);
-	{
+		FreeCrypt(c);
-		return false;
-	}
-	iv = p;
-	p += SHA1_SIZE;
-	size -= SHA1_SIZE;
 
-	// Decrypt
+		// padlen
-	if (size < 1)
+		padlen = p[size - 1];
-	{
+		if (padlen == 0)
-		return false;
+		{
+			return false;
+		}
+		if (size < padlen)
+		{
+			return false;
+		}
+		size -= padlen;
 	}
-	Copy(keygen + 0, se->BulkRecvKey->Data, SHA1_SIZE);
-	Copy(keygen + SHA1_SIZE, iv, SHA1_SIZE);
-	HashSha1(key, keygen, sizeof(keygen));
-
-	c = NewCrypt(key, sizeof(key));
-	Encrypt(c, p, p, size);
-	FreeCrypt(c);
-
-	// padlen
-	padlen = p[size - 1];
-	if (padlen == 0)
-	{
-		return false;
-	}
-	if (size < padlen)
-	{
-		return false;
-	}
-	size -= padlen;
 
 	// SEQ NO
 	seq_no = READ_UINT64(p);
@@ -3769,8 +3907,8 @@ RUDP_SESSION *RUDPNewSession(bool server_mode, IP *my_ip, UINT my_port, IP *your
 	RUDP_SESSION *se;
 	UCHAR key1[SHA1_SIZE];
 	UCHAR key2[SHA1_SIZE];
-	UCHAR bulk_send_key[SHA1_SIZE];
+	UCHAR bulk_send_key[RUDP_BULK_KEY_SIZE_MAX];
-	UCHAR bulk_recv_key[SHA1_SIZE];
+	UCHAR bulk_recv_key[RUDP_BULK_KEY_SIZE_MAX];
 	BUF *b;
 
 	se = ZeroMalloc(sizeof(RUDP_SESSION));
@@ -3856,6 +3994,8 @@ RUDP_SESSION *RUDPNewSession(bool server_mode, IP *my_ip, UINT my_port, IP *your
 	se->BulkRecvKey = NewSharedBuffer(bulk_recv_key, sizeof(bulk_recv_key));
 
 	Rand(se->BulkNextIv, sizeof(se->BulkNextIv));
+	Rand(se->BulkNextIv_V2, sizeof(se->BulkNextIv_V2));
+
 	se->BulkNextSeqNo = 1;
 
 	return se;
@@ -5806,8 +5946,53 @@ int cb_test(int a, X509_STORE_CTX *ctx)
 	return 1;
 }
 
+// Verify client SSL certificate during TLS handshake.
+//
+// (actually, only save the certificate for later authentication in Protocol.c)
+int SslCertVerifyCallback(int preverify_ok, X509_STORE_CTX *ctx)
+{
+	SSL *ssl;
+	struct SslClientCertInfo *clientcert;
+
+	ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
+	clientcert = SSL_get_ex_data(ssl, GetSslClientCertIndex());
+
+	if (clientcert != NULL)
+	{
+		clientcert->PreverifyErr = 0;
+		clientcert->PreverifyErrMessage[0] = '\0';
+		if (!preverify_ok)
+		{
+			char *msg;
+			clientcert->PreverifyErr = X509_STORE_CTX_get_error(ctx);
+			msg = (char *)X509_verify_cert_error_string(clientcert->PreverifyErr);
+			StrCpy(clientcert->PreverifyErrMessage, PREVERIFY_ERR_MESSAGE_SIZE, msg);
+			Debug("SslCertVerifyCallback preverify error: '%s'\n", msg);
+		}
+		else
+		{
+			if (ctx->cert != NULL)
+			{
+				X *tmpX = X509ToX(ctx->cert); // this only wraps ctx->cert, but we need to make a copy
+				X *copyX = CloneX(tmpX);
+				tmpX->do_not_free = true; // do not release inner X509 object
+				FreeX(tmpX);
+				clientcert->X = copyX;
+			}
+		}
+	}
+
+	return 1; /* allow the verification process to continue */
+}
+
 // Create a new SSL pipe
 SSL_PIPE *NewSslPipe(bool server_mode, X *x, K *k, DH_CTX *dh)
+{
+	return NewSslPipeEx(server_mode, x, k, dh, false, NULL);
+}
+
+// Create a new SSL pipe with extended options
+SSL_PIPE *NewSslPipeEx(bool server_mode, X *x, K *k, DH_CTX *dh, bool verify_peer, struct SslClientCertInfo *clientcert)
 {
 	SSL_PIPE *s;
 	SSL *ssl;
@@ -5832,7 +6017,10 @@ SSL_PIPE *NewSslPipe(bool server_mode, X *x, K *k, DH_CTX *dh)
 			SSL_CTX_set_ssl_version(ssl_ctx, SSLv23_client_method());
 		}
 
-		//SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, cb_test);
+		if (verify_peer)
+		{
+			SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, SslCertVerifyCallback);
+		}
 
 		if (dh != NULL)
 		{
@@ -5845,6 +6033,8 @@ SSL_PIPE *NewSslPipe(bool server_mode, X *x, K *k, DH_CTX *dh)
 		}
 
 		ssl = SSL_new(ssl_ctx);
+
+		SSL_set_ex_data(ssl, GetSslClientCertIndex(), clientcert);
 	}
 	Unlock(openssl_lock);
 
@@ -12654,6 +12844,50 @@ void InitSockSet(SOCKSET *set)
 	Zero(set, sizeof(SOCKSET));
 }
 
+// Receive data and discard all of them
+bool RecvAllWithDiscard(SOCK *sock, UINT size, bool secure)
+{
+	static UCHAR buffer[4096];
+	UINT recv_size, sz, ret;
+	if (sock == NULL)
+	{
+		return false;
+	}
+	if (size == 0)
+	{
+		return true;
+	}
+	if (sock->AsyncMode)
+	{
+		return false;
+	}
+
+	recv_size = 0;
+
+	while (true)
+	{
+		sz = MIN(size - recv_size, sizeof(buffer));
+		ret = Recv(sock, buffer, sz, secure);
+		if (ret == 0)
+		{
+			return false;
+		}
+		if (ret == SOCK_LATER)
+		{
+			// I suppose that this is safe because the RecvAll() function is used only 
+			// if the sock->AsyncMode == true. And the Recv() function may return
+			// SOCK_LATER only if the sock->AsyncMode == false. Therefore the call of 
+			// Recv() function in the RecvAll() function never returns SOCK_LATER.
+			return false;
+		}
+		recv_size += ret;
+		if (recv_size >= size)
+		{
+			return true;
+		}
+	}
+}
+
 // Receive all by TCP
 bool RecvAll(SOCK *sock, void *data, UINT size, bool secure)
 {
@@ -14024,6 +14258,8 @@ SOCK *Accept(SOCK *sock)
 
 	StrCpy(ret->UnderlayProtocol, sizeof(ret->UnderlayProtocol), SOCK_UNDERLAY_NATIVE_V4);
 
+	AddProtocolDetailsStr(ret->ProtocolDetails, sizeof(ret->ProtocolDetails), "IPv4");
+
 	return ret;
 }
 
@@ -14134,6 +14370,8 @@ SOCK *Accept6(SOCK *sock)
 
 	StrCpy(ret->UnderlayProtocol, sizeof(ret->UnderlayProtocol), SOCK_UNDERLAY_NATIVE_V6);
 
+	AddProtocolDetailsStr(ret->ProtocolDetails, sizeof(ret->ProtocolDetails), "IPv6");
+
 	return ret;
 }
 
@@ -15372,6 +15610,8 @@ SOCK *ConnectEx4(char *hostname, UINT port, UINT timeout, bool *cancel_flag, cha
 			if (nat_t_sock != NULL)
 			{
 				StrCpy(nat_t_sock->UnderlayProtocol, sizeof(nat_t_sock->UnderlayProtocol), SOCK_UNDERLAY_NAT_T);
+				AddProtocolDetailsStr(nat_t_sock->ProtocolDetails, sizeof(nat_t_sock->ProtocolDetails),
+					"RUDP");
 			}
 
 			Copy(ret_ip, &ip4, sizeof(IP));
@@ -15599,6 +15839,8 @@ SOCK *ConnectEx4(char *hostname, UINT port, UINT timeout, bool *cancel_flag, cha
 
 				StrCpy(p2.Result_Nat_T_Sock->UnderlayProtocol, sizeof(p2.Result_Nat_T_Sock->UnderlayProtocol),
 					SOCK_UNDERLAY_NAT_T);
+				AddProtocolDetailsStr(p2.Result_Nat_T_Sock->UnderlayProtocol, sizeof(p2.Result_Nat_T_Sock->UnderlayProtocol),
+					"RUDP/UDP");
 
 				Copy(ret_ip, &ip4, sizeof(IP));
 
@@ -15613,6 +15855,8 @@ SOCK *ConnectEx4(char *hostname, UINT port, UINT timeout, bool *cancel_flag, cha
 
 				StrCpy(p4.Result_Nat_T_Sock->UnderlayProtocol, sizeof(p4.Result_Nat_T_Sock->UnderlayProtocol),
 					SOCK_UNDERLAY_DNS);
+				AddProtocolDetailsStr(p4.Result_Nat_T_Sock->UnderlayProtocol, sizeof(p4.Result_Nat_T_Sock->UnderlayProtocol),
+					"RUDP/DNS");
 
 				Copy(ret_ip, &ip4, sizeof(IP));
 
@@ -15623,6 +15867,8 @@ SOCK *ConnectEx4(char *hostname, UINT port, UINT timeout, bool *cancel_flag, cha
 				// Use this if over ICMP success
 				StrCpy(p3.Result_Nat_T_Sock->UnderlayProtocol, sizeof(p3.Result_Nat_T_Sock->UnderlayProtocol),
 					SOCK_UNDERLAY_ICMP);
+				AddProtocolDetailsStr(p3.Result_Nat_T_Sock->UnderlayProtocol, sizeof(p3.Result_Nat_T_Sock->UnderlayProtocol),
+					"RUDP/ICMP");
 
 				Copy(ret_ip, &ip4, sizeof(IP));
 
@@ -15689,6 +15935,9 @@ SOCK *ConnectEx4(char *hostname, UINT port, UINT timeout, bool *cancel_flag, cha
 	StrCpy(sock->UnderlayProtocol, sizeof(sock->UnderlayProtocol),
 		(is_ipv6 ? SOCK_UNDERLAY_NATIVE_V6 : SOCK_UNDERLAY_NATIVE_V4));
 
+	AddProtocolDetailsStr(sock->ProtocolDetails, sizeof(sock->ProtocolDetails),
+		is_ipv6 ? "IPv6" : "IPv4");
+
 	// Host name resolution
 	if (no_get_hostname || (GetHostName(tmp, sizeof(tmp), &current_ip) == false))
 	{
@@ -15737,6 +15986,75 @@ SOCK *ConnectEx4(char *hostname, UINT port, UINT timeout, bool *cancel_flag, cha
 	return sock;
 }
 
+// Get the current accepting IPv4 address
+void TryGetCurrentAcceptingIPv4Address(IP *ip)
+{
+	SOCK *s = ConnectEx(UDP_NAT_T_GET_PRIVATE_IP_TCP_SERVER, 80, 2000);
+
+	if (s != NULL)
+	{
+		Disconnect(s);
+		ReleaseSock(s);
+	}
+
+	if (GetCurrentGlobalIP(ip, false))
+	{
+		return;
+	}
+
+	GetCurrentGlobalIPGuess(ip, false);
+}
+
+// Add a protocol details strings
+void AddProtocolDetailsStr(char *dst, UINT dst_size, char *str)
+{
+	TOKEN_LIST *t1, *t2;
+	UINT i, j;
+	if (dst == NULL || str == NULL)
+	{
+		return;
+	}
+
+	t1 = ParseTokenWithoutNullStr(dst, " ");
+	t2 = ParseTokenWithoutNullStr(str, " ");
+
+	for (i = 0;i < t2->NumTokens;i++)
+	{
+		bool exists = false;
+		for (j = 0;j < t1->NumTokens;j++)
+		{
+			if (StrCmpi(t1->Token[j], t2->Token[i]) == 0)
+			{
+				exists = true;
+				break;
+			}
+		}
+
+		if (exists == false)
+		{
+			StrCat(dst, dst_size, t2->Token[i]);
+			StrCat(dst, dst_size, " ");
+		}
+	}
+
+	FreeToken(t1);
+	FreeToken(t2);
+}
+void AddProtocolDetailsKeyValueStr(char *dst, UINT dst_size, char *key, char *value)
+{
+	char tmp[128];
+	StrCpy(tmp, sizeof(tmp), key);
+	StrCat(tmp, sizeof(tmp), "=");
+	StrCat(tmp, sizeof(tmp), value);
+	AddProtocolDetailsStr(dst, dst_size, tmp);
+}
+void AddProtocolDetailsKeyValueInt(char *dst, UINT dst_size, char *key, UINT value)
+{
+	char tmp[128];
+	ToStr(tmp, value);
+	AddProtocolDetailsKeyValueStr(dst, dst_size, key, tmp);
+}
+
 // Maximize the I/O buffer size of the socket
 void SetSocketSendRecvBufferSize(SOCKET s, UINT size)
 {
@@ -21029,6 +21347,8 @@ SOCK *AcceptReverse(SOCK *s)
 		{
 			StrCpy(ret->UnderlayProtocol, sizeof(ret->UnderlayProtocol), SOCK_UNDERLAY_AZURE);
 
+			AddProtocolDetailsStr(ret->ProtocolDetails, sizeof(ret->ProtocolDetails), "VPNAzure");
+
 			return ret;
 		}
 
@@ -21077,6 +21397,8 @@ SOCK *AcceptInProc(SOCK *s)
 		{
 			StrCpy(ret->UnderlayProtocol, sizeof(ret->UnderlayProtocol), SOCK_UNDERLAY_INPROC);
 
+			AddProtocolDetailsStr(ret->ProtocolDetails, sizeof(ret->ProtocolDetails), "InProc");
+
 			return ret;
 		}
 
@@ -21525,6 +21847,10 @@ void FlushTubeFlushList(TUBE_FLUSH_LIST *f)
 
 // The server receives a PACK from the client
 PACK *HttpServerRecv(SOCK *s)
+{
+	return HttpServerRecvEx(s, 0);
+}
+PACK *HttpServerRecvEx(SOCK *s, UINT max_data_size)
 {
 	BUF *b;
 	PACK *p;
@@ -21533,6 +21859,7 @@ PACK *HttpServerRecv(SOCK *s)
 	UCHAR *tmp;
 	HTTP_VALUE *v;
 	UINT num_noop = 0;
+	if (max_data_size == 0) max_data_size = HTTP_PACK_MAX_SIZE;
 	// Validate arguments
 	if (s == NULL)
 	{
@@ -21563,7 +21890,7 @@ START:
 	}
 
 	size = GetContentLength(h);
-	if (size == 0 || size > HTTP_PACK_MAX_SIZE)
+	if (size == 0 || (size > max_data_size))
 	{
 		FreeHttpHeader(h);
 		goto BAD_REQUEST;
@@ -21924,6 +22251,35 @@ bool HttpSendNotImplemented(SOCK *s, char *method, char *target, char *version)
 	return ret;
 }
 
+// Sending a HTTP body contents
+bool HttpSendBody(SOCK *s, void *data, UINT size, char *contents_type)
+{
+	HTTP_HEADER *h;
+	char date_str[MAX_SIZE];
+	bool ret;
+	if (s == NULL || (size != 0 && data == NULL))
+	{
+		return false;
+	}
+	if (contents_type == NULL)
+	{
+		contents_type = "application/octet-stream";
+	}
+	// Creating a header
+	h = NewHttpHeader("HTTP/1.1", "200", "OK");
+
+	GetHttpDateStr(date_str, sizeof(date_str), SystemTime64());
+	AddHttpValue(h, NewHttpValue("Date", date_str));
+	AddHttpValue(h, NewHttpValue("Content-Type", contents_type));
+	AddHttpValue(h, NewHttpValue("Cache-Control", "no-cache"));
+
+	ret = PostHttp(s, h, data, size);
+
+	FreeHttpHeader(h);
+
+	return ret;
+}
+
 // Sending a 404 Not Found error
 bool HttpSendNotFound(SOCK *s, char *target)
 {
@@ -22321,11 +22677,6 @@ HTTP_HEADER *RecvHttpHeader(SOCK *s)
 			// The colon does not exist
 			goto LABEL_ERROR;
 		}
-		if ((pos + 1) >= StrLen(str))
-		{
-			// There is no data
-			goto LABEL_ERROR;
-		}
 
 		// Divide into the name and the data
 		value_name = Malloc(pos + 1);

src/Mayaqua/Network.h

@@ -306,6 +306,7 @@ struct SOCK
 	UINT CurrentTtl;			// Current TTL value
 	RUDP_STACK *R_UDP_Stack;	// R-UDP stack
 	char UnderlayProtocol[64];	// Underlying protocol
+	char ProtocolDetails[256];		// Protocol Details
 	QUEUE *ReverseAcceptQueue;	// Accept queue for the reverse socket
 	EVENT *ReverseAcceptEvent;	// Accept event for the reverse socket
 	bool IsReverseAcceptedSocket;	// Whether it is a reverse socket
@@ -660,6 +661,12 @@ struct IPBLOCK
 #define	RUDP_TIMEOUT					12000		// Time-out of R-UDP communication
 #define	RUDP_DIRECT_CONNECT_TIMEOUT		5000		// R-UDP direct connection time-out
 #define	RUDP_MAX_SEGMENT_SIZE			512			// Maximum segment size
+#define	RUDP_BULK_KEY_SIZE_MAX			128			// Bulk key size Max
+
+#define	RUDP_BULK_KEY_SIZE_V2			32			// V2: Bulk key size
+#define RUDP_BULK_IV_SIZE_V2			12			// V2: Bulk IV size
+#define RUDP_BULK_MAC_SIZE_V2			16			// V2: Bulk MAC size
+
 // Maximum R-UDP packet size
 #define	RUDP_MAX_PACKET_SIZE			(RUDP_MAX_SEGMENT_SIZE + sizeof(UINT64) * RUDP_MAX_NUM_ACK + SHA1_SIZE * 2 + sizeof(UINT64) * 4 + sizeof(UINT) + 255)
 #define	RUDP_MAX_NUM_ACK				64			// Maximum number of ACKs
@@ -748,6 +755,7 @@ struct RUDP_SESSION
 	UINT64 BulkNextSeqNo;				// Next SEQ NO to the bulk send
 	bool FlushBulkSendTube;				// Flag to be Flush the bulk send Tube
 	UINT64 BulkRecvSeqNoMax;			// Highest sequence number received
+	UCHAR BulkNextIv_V2[RUDP_BULK_IV_SIZE_V2];		// Next IV to the bulk send (Ver 2)
 };
 
 // NAT Traversal Server Information
@@ -1045,11 +1053,13 @@ UINT GetContentLength(HTTP_HEADER *header);
 void GetHttpDateStr(char *str, UINT size, UINT64 t);
 bool HttpSendForbidden(SOCK *s, char *target, char *server_id);
 bool HttpSendNotFound(SOCK *s, char *target);
+bool HttpSendBody(SOCK *s, void *data, UINT size, char *contents_type);
 bool HttpSendNotImplemented(SOCK *s, char *method, char *target, char *version);
 bool HttpSendInvalidHostname(SOCK *s, char *method);
 bool HttpServerSend(SOCK *s, PACK *p);
 bool HttpClientSend(SOCK *s, PACK *p);
 PACK *HttpServerRecv(SOCK *s);
+PACK *HttpServerRecvEx(SOCK *s, UINT max_data_size);
 PACK *HttpClientRecv(SOCK *s);
 
 bool HttpSendServerError(SOCK *s, char *target);
@@ -1307,7 +1317,7 @@ bool SendAll(SOCK *sock, void *data, UINT size, bool secure);
 void SendAdd(SOCK *sock, void *data, UINT size);
 bool SendNow(SOCK *sock, int secure);
 bool RecvAll(SOCK *sock, void *data, UINT size, bool secure);
-bool RecvAllEx(SOCK *sock, void **data_new_ptr, UINT size, bool secure);
+bool RecvAllWithDiscard(SOCK *sock, UINT size, bool secure);
 void InitSockSet(SOCKSET *set);
 void AddSockSet(SOCKSET *set, SOCK *sock);
 CANCEL *NewCancel();
@@ -1433,6 +1443,10 @@ void DebugPrintRoute(ROUTE_ENTRY *e);
 void DebugPrintRouteTable(ROUTE_TABLE *r);
 bool IsIPv6LocalNetworkAddress(IP *ip);
 UINT GetNumWaitThread();
+void AddProtocolDetailsStr(char *dst, UINT dst_size, char *str);
+void AddProtocolDetailsKeyValueStr(char *dst, UINT dst_size, char *key, char *value);
+void AddProtocolDetailsKeyValueInt(char *dst, UINT dst_size, char *key, UINT value);
+void TryGetCurrentAcceptingIPv4Address(IP *ip);
 
 #ifdef	ENABLE_SSL_LOGGING
 void SockEnableSslLogging(SOCK *s);
@@ -1605,7 +1619,16 @@ void Win32WaitForTubes(TUBE **tubes, UINT num, UINT timeout);
 void UnixWaitForTubes(TUBE **tubes, UINT num, UINT timeout);
 #endif	// OS_WIN32
 
+#define PREVERIFY_ERR_MESSAGE_SIZE 100
+// Info on client certificate collected during TLS handshake
+struct SslClientCertInfo {
+	int PreverifyErr;
+	char PreverifyErrMessage[PREVERIFY_ERR_MESSAGE_SIZE];
+	X *X;
+};
+
 SSL_PIPE *NewSslPipe(bool server_mode, X *x, K *k, DH_CTX *dh);
+SSL_PIPE *NewSslPipeEx(bool server_mode, X *x, K *k, DH_CTX *dh, bool verify_peer, struct SslClientCertInfo *clientcert);
 void FreeSslPipe(SSL_PIPE *s);
 bool SyncSslPipe(SSL_PIPE *s);
 

src/Mayaqua/Pack.h

@@ -152,12 +152,40 @@ struct ELEMENT
 	UINT num_value;			// Number of values (>=1)
 	UINT type;				// Type
 	VALUE **values;			// List of pointers to the value
+	bool JsonHint_IsArray;
+	bool JsonHint_IsBool;
+	bool JsonHint_IsDateTime;
+	bool JsonHint_IsIP;
+	char JsonHint_GroupName[MAX_ELEMENT_NAME_LEN + 1];
 };
 
+
+
 // PACK object
 struct PACK
 {
 	LIST *elements;			// Element list
+	LIST *json_subitem_names;	// JSON sub-item names
+	char CurrentJsonHint_GroupName[MAX_ELEMENT_NAME_LEN + 1];
+};
+
+
+#define MAX_JSONPACK_HINT_ITEMS			64
+#define JSONPACK_HINT_TYPE_ARRAY		1
+
+// JSON/PACK converter hint element
+struct JSONPACKHINT_ITEM
+{
+	UINT Type;
+	char ArrayNumNameInPack[MAX_ELEMENT_NAME_LEN + 1];
+	char ArrayMembersInPack[MAX_SIZE + 1];
+};
+
+// JSON/PACK converter hint
+struct JSONPACKHINT
+{
+	UINT NumHints;
+	JSONPACKHINT_ITEM Hints[MAX_JSONPACK_HINT_ITEMS];
 };
 
 
@@ -198,21 +226,23 @@ TOKEN_LIST *GetPackElementNames(PACK *p);
 
 X *PackGetX(PACK *p, char *name);
 K *PackGetK(PACK *p, char *name);
-void PackAddX(PACK *p, char *name, X *x);
+ELEMENT *PackAddX(PACK *p, char *name, X *x);
-void PackAddK(PACK *p, char *name, K *k);
+ELEMENT *PackAddK(PACK *p, char *name, K *k);
-void PackAddStr(PACK *p, char *name, char *str);
+ELEMENT *PackAddStr(PACK *p, char *name, char *str);
-void PackAddStrEx(PACK *p, char *name, char *str, UINT index, UINT total);
+ELEMENT *PackAddStrEx(PACK *p, char *name, char *str, UINT index, UINT total);
-void PackAddUniStr(PACK *p, char *name, wchar_t *unistr);
+ELEMENT *PackAddUniStr(PACK *p, char *name, wchar_t *unistr);
-void PackAddUniStrEx(PACK *p, char *name, wchar_t *unistr, UINT index, UINT total);
+ELEMENT *PackAddUniStrEx(PACK *p, char *name, wchar_t *unistr, UINT index, UINT total);
-void PackAddInt(PACK *p, char *name, UINT i);
+ELEMENT *PackAddInt(PACK *p, char *name, UINT i);
-void PackAddNum(PACK *p, char *name, UINT num);
+ELEMENT *PackAddNum(PACK *p, char *name, UINT num);
-void PackAddIntEx(PACK *p, char *name, UINT i, UINT index, UINT total);
+ELEMENT *PackAddIntEx(PACK *p, char *name, UINT i, UINT index, UINT total);
-void PackAddInt64(PACK *p, char *name, UINT64 i);
+ELEMENT *PackAddInt64(PACK *p, char *name, UINT64 i);
-void PackAddInt64Ex(PACK *p, char *name, UINT64 i, UINT index, UINT total);
+ELEMENT *PackAddInt64Ex(PACK *p, char *name, UINT64 i, UINT index, UINT total);
-void PackAddData(PACK *p, char *name, void *data, UINT size);
+ELEMENT *PackAddTime64(PACK *p, char *name, UINT64 i);
-void PackAddDataEx(PACK *p, char *name, void *data, UINT size, UINT index, UINT total);
+ELEMENT *PackAddTime64Ex(PACK *p, char *name, UINT64 i, UINT index, UINT total);
-void PackAddBuf(PACK *p, char *name, BUF *b);
+ELEMENT *PackAddData(PACK *p, char *name, void *data, UINT size);
-void PackAddBufEx(PACK *p, char *name, BUF *b, UINT index, UINT total);
+ELEMENT *PackAddDataEx(PACK *p, char *name, void *data, UINT size, UINT index, UINT total);
+ELEMENT *PackAddBuf(PACK *p, char *name, BUF *b);
+ELEMENT *PackAddBufEx(PACK *p, char *name, BUF *b, UINT index, UINT total);
 bool PackGetStr(PACK *p, char *name, char *str, UINT size);
 bool PackGetStrEx(PACK *p, char *name, char *str, UINT size, UINT index);
 bool PackGetUniStr(PACK *p, char *name, wchar_t *unistr, UINT size);
@@ -231,23 +261,39 @@ bool PackGetDataEx(PACK *p, char *name, void *data, UINT index);
 BUF *PackGetBuf(PACK *p, char *name);
 BUF *PackGetBufEx(PACK *p, char *name, UINT index);
 bool PackGetBool(PACK *p, char *name);
-void PackAddBool(PACK *p, char *name, bool b);
+ELEMENT *PackAddBool(PACK *p, char *name, bool b);
-void PackAddBoolEx(PACK *p, char *name, bool b, UINT index, UINT total);
+ELEMENT *PackAddBoolEx(PACK *p, char *name, bool b, UINT index, UINT total);
 bool PackGetBoolEx(PACK *p, char *name, UINT index);
 void PackAddIp(PACK *p, char *name, IP *ip);
 void PackAddIpEx(PACK *p, char *name, IP *ip, UINT index, UINT total);
+void PackAddIpEx2(PACK *p, char *name, IP *ip, UINT index, UINT total, bool is_single);
 bool PackGetIp(PACK *p, char *name, IP *ip);
 bool PackGetIpEx(PACK *p, char *name, IP *ip, UINT index);
 UINT PackGetIp32(PACK *p, char *name);
 UINT PackGetIp32Ex(PACK *p, char *name, UINT index);
 void PackAddIp32(PACK *p, char *name, UINT ip32);
 void PackAddIp32Ex(PACK *p, char *name, UINT ip32, UINT index, UINT total);
-void PackAddIp6AddrEx(PACK *p, char *name, IPV6_ADDR *addr, UINT index, UINT total);
+void PackAddIp32Ex2(PACK *p, char *name, UINT ip32, UINT index, UINT total, bool is_single);
+ELEMENT *PackAddIp6AddrEx(PACK *p, char *name, IPV6_ADDR *addr, UINT index, UINT total);
 bool PackGetIp6AddrEx(PACK *p, char *name, IPV6_ADDR *addr, UINT index);
-void PackAddIp6Addr(PACK *p, char *name, IPV6_ADDR *addr);
+ELEMENT *PackAddIp6Addr(PACK *p, char *name, IPV6_ADDR *addr);
 bool PackGetIp6Addr(PACK *p, char *name, IPV6_ADDR *addr);
 bool PackGetData2(PACK *p, char *name, void *data, UINT size);
 bool PackGetDataEx2(PACK *p, char *name, void *data, UINT size, UINT index);
 bool PackIsValueExists(PACK *p, char *name);
+void PackSetCurrentJsonGroupName(PACK *p, char *json_group_name);
+ELEMENT *ElementNullSafe(ELEMENT *p);
+
+JSON_VALUE *PackToJson(PACK *p);
+char *PackToJsonStr(PACK *p);
+
+PACK *JsonToPack(JSON_VALUE *v);
+PACK *JsonStrToPack(char *str);
+
+void PackArrayElementToJsonArray(JSON_ARRAY *ja, PACK *p, ELEMENT *e, UINT index);
+void PackElementToJsonObject(JSON_OBJECT *o, PACK *p, ELEMENT *e, UINT index);
+char *DetermineJsonSuffixForPackElement(ELEMENT *e);
+bool JsonTryParseValueAddToPack(PACK *p, JSON_VALUE *v, char *v_name, UINT index, UINT total, bool is_single);
+
 
 #endif	// PACK_H

src/Mayaqua/Str.h

@@ -182,7 +182,9 @@ void BinToStrW(wchar_t *str, UINT str_size, void *data, UINT data_size);
 void PrintBin(void *data, UINT size);
 bool StartWith(char *str, char *key);
 bool EndWith(char *str, char *key);
+bool TrimEndWith(char *dst, UINT dst_size, char *str, char *key);
 UINT64 ToInt64(char *str);
+UINT64 Json_ToInt64Ex(char *str, char **endptr, bool *error);
 void ToStr64(char *str, UINT64 value);
 char *ReplaceFormatStringFor64(char *fmt);
 TOKEN_LIST *ParseCmdLine(char *str);
@@ -241,6 +243,259 @@ LIST *StrToIntList(char *str, bool sorted);
 void NormalizeIntListStr(char *dst, UINT dst_size, char *src, bool sorted, char *separate_str);
 void ClearStr(char *str, UINT str_size);
 void SetStrCaseAccordingToBits(char *str, UINT bits);
+char *UrlDecode(char *url_str);
+
+
+// *** JSON strings support
+// Original source code from Parson ( http://kgabis.github.com/parson/ )
+// Modified by dnobori
+/*
+Parson ( http://kgabis.github.com/parson/ )
+Copyright (c) 2012 - 2017 Krzysztof Gabis
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
+*/
+
+
+/* Type definitions */
+typedef union JSON_VALUE_UNION {
+	char        *string;
+	UINT64       number;
+	JSON_OBJECT *object;
+	JSON_ARRAY  *array;
+	int          boolean;
+	int          null;
+} JSON_VALUE_UNION;
+
+struct JSON_VALUE {
+	JSON_VALUE      *parent;
+	UINT  type;
+	JSON_VALUE_UNION value;
+};
+
+struct JSON_OBJECT {
+	JSON_VALUE  *wrapping_value;
+	char       **names;
+	JSON_VALUE **values;
+	UINT       count;
+	UINT       capacity;
+};
+
+struct JSON_ARRAY {
+	JSON_VALUE  *wrapping_value;
+	JSON_VALUE **items;
+	UINT       count;
+	UINT       capacity;
+};
+
+
+enum JSON_TYPES {
+	JSON_TYPE_ERROR = -1,
+	JSON_TYPE_NULL = 1,
+	JSON_TYPE_STRING = 2,
+	JSON_TYPE_NUMBER = 3,
+	JSON_TYPE_OBJECT = 4,
+	JSON_TYPE_ARRAY = 5,
+	JSON_TYPE_BOOL = 6
+};
+//typedef unsigned int UINT;
+
+enum JSON_RETS {
+	JSON_RET_OK = 0,
+	JSON_RET_ERROR = -1
+};
+
+typedef void * (*JSON_Malloc_Function)(UINT);
+typedef void(*JSON_Free_Function)(void *);
+
+/* Call only once, before calling any other function from parson API. If not called, malloc and free
+from stdlib will be used for all allocations */
+void JsonSetAllocationFunctions(JSON_Malloc_Function malloc_fun, JSON_Free_Function free_fun);
+
+/*  Parses first JSON value in a string, returns NULL in case of error */
+JSON_VALUE * JsonParseString(char *string);
+
+/*  Parses first JSON value in a string and ignores comments (/ * * / and //),
+returns NULL in case of error */
+JSON_VALUE * JsonParseStringWithComments(char *string);
+
+/* Serialization */
+UINT      JsonGetSerializationSize(JSON_VALUE *value); /* returns 0 on fail */
+UINT JsonSerializeToBuffer(JSON_VALUE *value, char *buf, UINT buf_size_in_bytes);
+char *      JsonSerializeToString(JSON_VALUE *value);
+
+/* Pretty serialization */
+UINT      JsonGetSerializationSizePretty(JSON_VALUE *value); /* returns 0 on fail */
+UINT JsonSerializeToBufferPretty(JSON_VALUE *value, char *buf, UINT buf_size_in_bytes);
+char *      JsonSerializeToStringPretty(JSON_VALUE *value);
+char *JsonToStr(JSON_VALUE *v);
+
+void        JsonFreeString(char *string); /* frees string from json_serialize_to_string and json_serialize_to_string_pretty */
+
+										  /* Comparing */
+int  JsonCmp(JSON_VALUE *a, JSON_VALUE *b);
+
+/* Validation
+This is *NOT* JSON Schema. It validates json by checking if object have identically
+named fields with matching types.
+For example schema {"name":"", "age":0} will validate
+{"name":"Joe", "age":25} and {"name":"Joe", "age":25, "gender":"m"},
+but not {"name":"Joe"} or {"name":"Joe", "age":"Cucumber"}.
+In case of arrays, only first value in schema is checked against all values in tested array.
+Empty objects ({}) validate all objects, empty arrays ([]) validate all arrays,
+null validates values of every type.
+*/
+UINT JsonValidate(JSON_VALUE *schema, JSON_VALUE *value);
+
+/*
+* JSON Object
+*/
+JSON_VALUE  * JsonGet(JSON_OBJECT *object, char *name);
+char  * JsonGetStr(JSON_OBJECT *object, char *name);
+JSON_OBJECT * JsonGetObj(JSON_OBJECT *object, char *name);
+JSON_ARRAY  * JsonGetArray(JSON_OBJECT *object, char *name);
+UINT64        JsonGetNumber(JSON_OBJECT *object, char *name); /* returns 0 on fail */
+bool          JsonGetBool(JSON_OBJECT *object, char *name); /* returns 0 on fail */
+
+															/* dotget functions enable addressing values with dot notation in nested objects,
+															just like in structs or c++/java/c# objects (e.g. objectA.objectB.value).
+															Because valid names in JSON can contain dots, some values may be inaccessible
+															this way. */
+JSON_VALUE  * JsonDotGet(JSON_OBJECT *object, char *name);
+char  * JsonDotGetStr(JSON_OBJECT *object, char *name);
+JSON_OBJECT * JsonDotGetObj(JSON_OBJECT *object, char *name);
+JSON_ARRAY  * JsonDotGetArray(JSON_OBJECT *object, char *name);
+UINT64        JsonDotGetNumber(JSON_OBJECT *object, char *name); /* returns 0 on fail */
+bool          JsonDotGetBool(JSON_OBJECT *object, char *name); /* returns -1 on fail */
+
+															   /* Functions to get available names */
+UINT        JsonGetCount(JSON_OBJECT *object);
+char  * JsonGetName(JSON_OBJECT *object, UINT index);
+JSON_VALUE  * JsonGetValueAt(JSON_OBJECT *object, UINT index);
+JSON_VALUE  * JsonGetWrappingValue(JSON_OBJECT *object);
+
+/* Functions to check if object has a value with a specific name. Returned value is 1 if object has
+* a value and 0 if it doesn't. dothas functions behave exactly like dotget functions. */
+int JsonIsExists(JSON_OBJECT *object, char *name);
+int JsonIsExistsWithValueType(JSON_OBJECT *object, char *name, UINT type);
+
+int JsonDotIsExists(JSON_OBJECT *object, char *name);
+int JsonDotIsExistsWithValueType(JSON_OBJECT *object, char *name, UINT type);
+
+/* Creates new name-value pair or frees and replaces old value with a new one.
+* json_object_set_value does not copy passed value so it shouldn't be freed afterwards. */
+UINT JsonSet(JSON_OBJECT *object, char *name, JSON_VALUE *value);
+UINT JsonSetStr(JSON_OBJECT *object, char *name, char *string);
+UINT JsonSetUniStr(JSON_OBJECT *object, char *name, wchar_t *string);
+UINT JsonSetNumber(JSON_OBJECT *object, char *name, UINT64 number);
+UINT JsonSetBool(JSON_OBJECT *object, char *name, int boolean);
+UINT JsonSetNull(JSON_OBJECT *object, char *name);
+UINT JsonSetData(JSON_OBJECT *object, char *name, void *data, UINT size);
+
+/* Works like dotget functions, but creates whole hierarchy if necessary.
+* json_object_dotset_value does not copy passed value so it shouldn't be freed afterwards. */
+UINT JsonDotSet(JSON_OBJECT *object, char *name, JSON_VALUE *value);
+UINT JsonDotSetStr(JSON_OBJECT *object, char *name, char *string);
+UINT JsonDotSetNumber(JSON_OBJECT *object, char *name, UINT64 number);
+UINT JsonDotSetBool(JSON_OBJECT *object, char *name, int boolean);
+UINT JsonDotSetNull(JSON_OBJECT *object, char *name);
+
+/* Frees and removes name-value pair */
+UINT JsonDelete(JSON_OBJECT *object, char *name);
+
+/* Works like dotget function, but removes name-value pair only on exact match. */
+UINT JsonDotDelete(JSON_OBJECT *object, char *key);
+
+/* Removes all name-value pairs in object */
+UINT JsonDeleteAll(JSON_OBJECT *object);
+
+/*
+*JSON Array
+*/
+JSON_VALUE  * JsonArrayGet(JSON_ARRAY *array, UINT index);
+char  * JsonArrayGetStr(JSON_ARRAY *array, UINT index);
+JSON_OBJECT * JsonArrayGetObj(JSON_ARRAY *array, UINT index);
+JSON_ARRAY  * JsonArrayGetArray(JSON_ARRAY *array, UINT index);
+UINT64        JsonArrayGetNumber(JSON_ARRAY *array, UINT index); /* returns 0 on fail */
+bool           JsonArrayGetBool(JSON_ARRAY *array, UINT index); /* returns 0 on fail */
+UINT        JsonArrayGetCount(JSON_ARRAY *array);
+JSON_VALUE  * JsonArrayGetWrappingValue(JSON_ARRAY *array);
+
+/* Frees and removes value at given index, does nothing and returns JSONFailure if index doesn't exist.
+* Order of values in array may change during execution.  */
+UINT JsonArrayDelete(JSON_ARRAY *array, UINT i);
+
+/* Frees and removes from array value at given index and replaces it with given one.
+* Does nothing and returns JSONFailure if index doesn't exist.
+* json_array_replace_value does not copy passed value so it shouldn't be freed afterwards. */
+UINT JsonArrayReplace(JSON_ARRAY *array, UINT i, JSON_VALUE *value);
+UINT JsonArrayReplaceStr(JSON_ARRAY *array, UINT i, char* string);
+UINT JsonArrayReplaceNumber(JSON_ARRAY *array, UINT i, UINT64 number);
+UINT JsonArrayReplaceBool(JSON_ARRAY *array, UINT i, int boolean);
+UINT JsonArrayReplaceNull(JSON_ARRAY *array, UINT i);
+
+/* Frees and removes all values from array */
+UINT JsonArrayDeleteAll(JSON_ARRAY *array);
+
+/* Appends new value at the end of array.
+* json_array_append_value does not copy passed value so it shouldn't be freed afterwards. */
+UINT JsonArrayAdd(JSON_ARRAY *array, JSON_VALUE *value);
+UINT JsonArrayAddStr(JSON_ARRAY *array, char *string);
+UINT JsonArrayAddUniStr(JSON_ARRAY *array, wchar_t *string);
+UINT JsonArrayAddNumber(JSON_ARRAY *array, UINT64 number);
+UINT JsonArrayAddData(JSON_ARRAY *array, void *data, UINT size);
+UINT JsonArrayAddBool(JSON_ARRAY *array, int boolean);
+UINT JsonArrayAddNull(JSON_ARRAY *array);
+
+
+/*
+*JSON Value
+*/
+JSON_VALUE * JsonNewObject(void);
+JSON_VALUE * JsonNewArray(void);
+JSON_VALUE * JsonNewStr(char *string); /* copies passed string */
+JSON_VALUE * JsonNewNumber(UINT64 number);
+JSON_VALUE * JsonNewBool(int boolean);
+JSON_VALUE * JsonNewNull(void);
+JSON_VALUE * JsonDeepCopy(JSON_VALUE *value);
+void         JsonFree(JSON_VALUE *value);
+
+UINT JsonValueGetType(JSON_VALUE *value);
+JSON_OBJECT *   JsonValueGetObject(JSON_VALUE *value);
+JSON_ARRAY  *   JsonValueGetArray(JSON_VALUE *value);
+char  *   JsonValueGetStr(JSON_VALUE *value);
+UINT64          JsonValueGetNumber(JSON_VALUE *value);
+bool            JsonValueGetBool(JSON_VALUE *value);
+JSON_VALUE  *   JsonValueGetParent(JSON_VALUE *value);
+
+/* Same as above, but shorter */
+UINT JsonType(JSON_VALUE *value);
+JSON_OBJECT *   JsonObject(JSON_VALUE *value);
+JSON_ARRAY  *   JsonArray(JSON_VALUE *value);
+char  *   JsonString(JSON_VALUE *value);
+UINT64          JsonNumber(JSON_VALUE *value);
+int             JsonBool(JSON_VALUE *value);
+
+void SystemTimeToJsonStr(char *dst, UINT size, SYSTEMTIME *t);
+void SystemTime64ToJsonStr(char *dst, UINT size, UINT64 t);
+
+JSON_VALUE *StrToJson(char *str);
 
 #endif	// STR_H
 

src/Mayaqua/Table.c

@@ -936,6 +936,8 @@ TABLE *ParseTableLine(char *line, char *prefix, UINT prefix_size, LIST *replace_
 			UniReplaceStrEx(tmp, tmp_size, tmp, (wchar_t *)r->name, r->unistr, false);
 		}
 
+		Free(unistr);
+
 		unistr = CopyUniStr(tmp);
 
 		Free(tmp);

src/Mayaqua/Unix.c

@@ -2508,6 +2508,23 @@ UINT UnixGetUID()
 	return (UINT)getuid();
 }
 
+void UnixPrintVpnServerUrlInfo()
+{
+	IP ip;
+
+	TryGetCurrentAcceptingIPv4Address(&ip);
+
+	Print("\nLet's get started by accessing to the following URL from your PC:\n\n"
+		"https://%r:%u/\n"
+		"  or\n"
+		"https://%r/\n\n"
+		"Note: IP address may vary. Specify your server's IP address.\n"
+		"A TLS certificate warning will appear because the server uses self signed certificate by default. That is natural. Continue with ignoring the TLS warning."
+		"\n\n",
+		&ip, GC_DEFAULT_PORT, &ip
+		);
+}
+
 // Start the service
 void UnixStartService(char *name)
 {
@@ -2547,6 +2564,12 @@ void UnixStartService(char *name)
 			UniPrint(_UU("UNIX_SVC_NONROOT"));
 		}
 
+		if (StrCmpi(name, "vpnserver") == 0 || StrCmpi(name, "vpnbridge") == 0)
+		{
+			// Print the IP address information
+			UnixPrintVpnServerUrlInfo();
+		}
+
 		FreeSingleInstance(inst);
 
 		// Create a child process

src/Mayaqua/Unix.h

@@ -250,6 +250,7 @@ void UnixDeleteCtlFile();
 void UnixStopThread(THREAD *t, void *param);
 UINT UnixGetUID();
 void UnixIgnoreSignalForThread(int sig);
+void UnixPrintVpnServerUrlInfo();
 
 bool UnixIsInVmMain();
 bool UnixIsInVm();

src/SEVPN.sln

@@ -16,7 +16,6 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "hamcore", "hamcore", "{2349
 		bin\hamcore\lang.config = bin\hamcore\lang.config
 		bin\hamcore\strtable_cn.stb = bin\hamcore\strtable_cn.stb
 		bin\hamcore\strtable_en.stb = bin\hamcore\strtable_en.stb
-		bin\hamcore\strtable_ja.stb = bin\hamcore\strtable_ja.stb
 		bin\hamcore\time.htm = bin\hamcore\time.htm
 		bin\hamcore\vpn16.exe = bin\hamcore\vpn16.exe
 	EndProjectSection
@@ -92,7 +91,6 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Cedar", "Cedar\Cedar.vcproj
 EndProject
 Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Ham", "Ham\Ham.vcproj", "{1ED5782B-1734-4FC6-AA9E-F7181CDBA8A7}"
 	ProjectSection(ProjectDependencies) = postProject
-		{DB2A0C4F-D685-41DD-91BA-06E9EEA381CF} = {DB2A0C4F-D685-41DD-91BA-06E9EEA381CF}
 		{2928D768-DEC3-40D3-8E51-26E364497C9B} = {2928D768-DEC3-40D3-8E51-26E364497C9B}
 		{384815C3-333C-4CEC-9DCD-B6AB2602EBB9} = {384815C3-333C-4CEC-9DCD-B6AB2602EBB9}
 	EndProjectSection

src/See/Packet.c

@@ -668,6 +668,8 @@ NTSTATUS NPF_IoControl(IN PDEVICE_OBJECT DeviceObject,IN PIRP Irp)
 	PUINT				pStats;
 	ULONG				Information = 0;
 
+	BOOLEAN check_ok;
+
     IF_LOUD(DbgPrint("NPF: IoControl\n");)
 		
 	IrpSp = IoGetCurrentIrpStackLocation(Irp);
@@ -686,22 +688,39 @@ NTSTATUS NPF_IoControl(IN PDEVICE_OBJECT DeviceObject,IN PIRP Irp)
 			EXIT_FAILURE(0);
 		}
 
-		pStats = (PUINT)(Irp->UserBuffer);
+		check_ok = TRUE;
-
+		__try
-		pStats[3] = 0;
-		pStats[0] = 0;
-		pStats[1] = 0;
-		pStats[2] = 0;		// Not yet supported
-
-		for(i = 0 ; i < NCpu ; i++)
 		{
-
+			ProbeForWrite(Irp->UserBuffer, IrpSp->Parameters.DeviceIoControl.OutputBufferLength, 1);
-			pStats[3] += Open->CpuData[i].Accepted;
+		}
-			pStats[0] += Open->CpuData[i].Received;
+		__except (EXCEPTION_EXECUTE_HANDLER)
-			pStats[1] += Open->CpuData[i].Dropped;
+		{
-			pStats[2] += 0;		// Not yet supported
+			check_ok = FALSE;
+		}
+
+		if (check_ok == FALSE)
+		{
+			EXIT_FAILURE(0);
+		}
+		else
+		{
+			pStats = (PUINT)(Irp->UserBuffer);
+
+			pStats[3] = 0;
+			pStats[0] = 0;
+			pStats[1] = 0;
+			pStats[2] = 0;		// Not yet supported
+
+			for(i = 0 ; i < NCpu ; i++)
+			{
+
+				pStats[3] += Open->CpuData[i].Accepted;
+				pStats[0] += Open->CpuData[i].Received;
+				pStats[1] += Open->CpuData[i].Dropped;
+				pStats[2] += 0;		// Not yet supported
+			}
+			EXIT_SUCCESS(4*sizeof(UINT));
 		}
-		EXIT_SUCCESS(4*sizeof(UINT));
 		
 		break;
 		
@@ -711,9 +730,26 @@ NTSTATUS NPF_IoControl(IN PDEVICE_OBJECT DeviceObject,IN PIRP Irp)
 			EXIT_FAILURE(0);
 		}
 
-		RtlCopyMemory(Irp->UserBuffer,(Open->ReadEventName.Buffer)+18,26);
+		check_ok = TRUE;
+		__try
+		{
+			ProbeForWrite(Irp->UserBuffer, IrpSp->Parameters.DeviceIoControl.OutputBufferLength, 1);
+		}
+		__except (EXCEPTION_EXECUTE_HANDLER)
+		{
+			check_ok = FALSE;
+		}
 
-		EXIT_SUCCESS(26);
+		if (check_ok == FALSE)
+		{
+			EXIT_FAILURE(0);
+		}
+		else
+		{
+			RtlCopyMemory(Irp->UserBuffer,(Open->ReadEventName.Buffer)+18,26);
+
+			EXIT_SUCCESS(26);
+		}
 
 		break;
 

src/WARNING.TXT

@@ -104,6 +104,25 @@ be disabled anytime by setting up so on the VPN-client side.
 
 
 2. VPN Software
+The notes in this section are not specific to SoftEther VPN or VPN Gate, but
+apply to general system software. SoftEther VPN Client, SoftEther VPN Server,
+SoftEther VPN Bridge, and VPN Gate Relay Service will be installed on your
+computer as system services. System services always run in the background.
+System services usually do not appear on the computer display. Then your
+computer system is booted, system services automatically start in the
+background even before you or other users log in. To check whether
+PacketiX-related system service is running, check the process list or the
+background service list of your OS (called as "Services" in Windows, or
+"Daemons" in UNIX.) You can activate, deactivate, start, or stop system
+services using the functions of the OS anytime. PacketiX-related GUI tools for
+managing system services communicate with these system services. After you
+terminate these management GUI tools, PacketiX-related system services will
+continue to run in the background. System services consume CPU time, computer
+power, memory and disk space. Because system services consume power, your
+electricity charges and amount of thermal of your computer increase as result.
+In addition, there is a possibility that the mechanical parts of the life of
+your computer is reduced.
+
 2.1. SoftEther VPN Client
 If you use SoftEther VPN Client on Windows, the Virtual Network Adapter device
 driver will be installed on Windows. The Virtual Network Adapter is

src/bin/hamcore/lang.config

@@ -1,17 +0,0 @@
-# PacketiX VPN / SoftEther VPN Language Setting File
-# 
-# Specify your preferred Language ID on this setting file.
-# The text messages will be displayed in the specified language.
-# 
-# Please note that you must restart a program to apply the modification of
-# this setting-file.
-# 
-# Only one line is acceptable. Any other lines are ignored.
-# 
-# The change of this file will effect after the next execution of a program.
-# 
-# Note for UNIX / Linux Users:
-#  You have to set the LANG environment variable if you want to display
-#  non-English characters. If no LANG environment is set, any multi-byte
-#  characters (i.e. Japanese or Chinese) will not be displayed correctly.
-# 

src/bin/hamcore/openvpn_sample.ovpn

@@ -100,38 +100,35 @@ persist-key
 persist-tun
 client
 verb 3
+
+###############################################################################
+# Authentication with credentials.
+# 
+# Comment the line out in case you want to use the certificate authentication.
+
 auth-user-pass
 
 
-###############################################################################
-# The certificate file of the destination VPN Server.
-# 
-# The CA certificate file is embedded in the inline format.
-# You can replace this CA contents if necessary.
-# Please note that if the server certificate is not a self-signed, you have to
-# specify the signer's root certificate (CA) here.
-
-<ca>
-$CA$
-</ca>
-
 
 ###############################################################################
-# The client certificate file (dummy).
+# Client certificate and key.
 # 
-# In some implementations of OpenVPN Client software
+# A pair of client certificate and private key is required in case you want to
-# (for example: OpenVPN Client for iOS),
+# use the certificate authentication.
-# a pair of client certificate and private key must be included on the
+# 
-# configuration file due to the limitation of the client.
+# To enable it, uncomment the lines below.
-# So this sample configuration file has a dummy pair of client certificate
+# Paste your certificate in the <cert> block and the key in the <key> one.
-# and private key as follows.
 
-<cert>
+;<cert>
-$CERT$
+;-----BEGIN CERTIFICATE-----
-</cert>
+;
+;-----END CERTIFICATE-----
+;</cert>
 
-<key>
+;<key>
-$KEY$
+;-----BEGIN RSA PRIVATE KEY-----
-</key>
+;
+;-----END RSA PRIVATE KEY-----
+;</key>
 
 

src/bin/hamcore/strtable_cn.stb

@@ -157,11 +157,11 @@ ERR_91						无法断开虚拟 3 层交换机会话。要删除会话，请停
 ERR_92						具有指定名称的虚拟 3 层交换机已存在。指定一个不同的名称。
 ERR_93						找不到指定的虚拟 3 层交换机。
 ERR_94						指定的名称无效。检查名称是否有不能使用的字符
-ERR_95						无法添加虚拟 3 层接口。
+ERR_95						无法添加虚拟 3 层接口。Please check that the parameters are valid. Also please make sure that the Virtual Layer 3 switch is stopped. Adding or deleting interfaces are unable when the Virtual Layer 3 switch is running.
-ERR_96						无法删除虚拟 3 层接口。
+ERR_96						无法删除虚拟 3 层接口。Please check that the parameters are valid. Also please make sure that the Virtual Layer 3 switch is stopped. Adding or deleting interfaces are unable when the Virtual Layer 3 switch is running.
 ERR_97						与指定虚拟 3 层交换接口的目标虚拟 HUB 连接的虚拟 3 层接口已在虚拟 3 层交换机中存在。不能在同一个虚拟 3 层交换机中定义超过一个连接到同一个虚拟 HUB 的虚拟 3 层接口。
-ERR_98						无法添加路由表项。
+ERR_98						无法添加路由表项。Please check that the parameters are valid. Also please make sure that the Virtual Layer 3 switch is stopped. Adding or deleting routing table entries are unable when the Virtual Layer 3 switch is running.
-ERR_99						无法删除路由表项。
+ERR_99						无法删除路由表项。Please check that the parameters are valid. Also please make sure that the Virtual Layer 3 switch is stopped. Adding or deleting routing table entries are unable when the Virtual Layer 3 switch is running.
 ERR_100						指定的路由表项已存在。
 ERR_101						客户端和服务器的时钟彼此不同步。检查时间设置。
 ERR_102						无法启动此虚拟 3 层交换机。 要启动虚拟 3 层交换机，必须在虚拟 3 层交换机定义至少一个虚拟接口。
@@ -1607,6 +1607,7 @@ SM_LICENSE_NUM_BRIDGE		允许并发 Bridge
 SM_NO_LICENSE_COLUMN		注意: 
 SM_NO_LICENSE				因为没有产品许可证注册，此 VPN Server 通信功能无法运行。
 SM_LICENSE_DELETE_MSG		你确定要从 VPN Server 删除选定的许可证吗?
+SM_LICENSE_WARNING			SoftEther provides Dynamic DNS, NAT Traversal and VPN Azure as academic experiment services. Therefore, there services can be used for free of charge.\r\n\r\nThese services are provided without any warranty. The services may be suspended or discontinued by technical or operational matters. In such occasions, users will not be able to use the services. A user have to understand such risks, and to acknowledge that such risks are borne by a user-self. SoftEther will never be liable to results or damages of use or unable-to-use of the service.
 SM_SYSLOG_0					禁用系统日志发送功能
 SM_SYSLOG_1					经由 Syslog 发送服务器端日志
 SM_SYSLOG_2					经由 Syslog 发送服务器端和虚拟 HUB 安全日志
@@ -1802,6 +1803,9 @@ LS_LICENSE_NOT_VPNSERVER	连接 "%S": 许可证错误。VPN Client 尝试连接
 LS_LICENSE_NOT_VPNCLUSTER	连接 "%S": 许可证错误。此 VPN Server 上注册的许可证是禁止使用当前群集功能的类型，且一个 VPN Client 已尝试在群集模式下连接。您必须重启 VPN Server。
 LS_LICENSE_VIOLATION		连接 "%S": VPN Server 发生违反许可证错误，不接受连接。
 LS_LICENSE_VIOLATION_DETECTED	发现许可证违反错误，一个不同的 VPN Server 与此服务端具有相同的服务端ID "%I64u"。可能是在群集中有两个或以上 VPN Server 正在使用相同的许可证。请检查每一个 VPN Server 的许可证信息。
+LS_API_AUTH_OK			HTTPS API client "%r:%u" (%S): Administration mode: "%S": The embedded HTTPS web server accepted the successful login. Username: "%S", Method: "%S", Path: "%S"
+LS_API_AUTH_ERROR		HTTPS API client "%r:%u" (%S): The embedded HTTPS web server refused a login attempt. Username: "%S", Method: "%S", Path: "%S"
+LS_API_RPC_CALL			HTTPS API client "%r:%u" (%S): The client called a JSON-API. Method: "%S", Returned error code: %u (0 = success), Returned error message: "%s"
 
 
 # (OpenVPN Logs)
@@ -1811,6 +1815,9 @@ LO_PREFIX_CHANNEL		OpenVPN 会话%u (%r:%u -> %r:%u) 通道 %u:
 LO_NEW_CHANNEL			已创创建一个新通道。
 LO_CHANNEL_ESTABLISHED_NEWKEY	通道已建立。(触发器: Re-key完成。)
 LO_OPTION_STR_RECV		接收到的选项字符串："%S"
+LO_CLIENT_CERT			Client certificate received (subject: CN="%s"), will use certificate authentication.
+LO_CLIENT_UNVERIFIED_CERT		Client certificate was provided but did not pass verification (error="%S"), will use password authentication.
+LO_CLIENT_NO_CERT		Client certificate is not provided, will use password authentication.
 LO_OPTION_STR_SEND		发送选项字符串："%S"
 LO_NEW_SESSION			已创建新的会话。协议：%S
 LO_INITIATE_REKEY			re-keying 进程已开始。
@@ -1907,6 +1914,7 @@ LH_AUTH_PASSWORD			密码验证
 LH_AUTH_PLAIN_PASSWORD		外部服务器身份验证
 LH_AUTH_CERT				证书验证
 LH_AUTH_TICKET				票证验证
+LH_AUTH_OPENVPN_CERT    OpenVPN certificate authentication
 LH_AUTH_RADIUS_NOT_SUPPORT	连接 "%S": 用户 "%S" 身份验证方法 RADIUS 或 Active Directory (NT 域)，但 VPN Server 是 "%S"，因为 RADIUS 或 Active Directory (NT 域)不能使用。连接被拒绝。
 LH_AUTH_RADIUS_NOT_SUPPORT_ON_OPEN_SOURCE	"%S" 的连接方法: 用户 "%S" 的身份验证方法被指定为 RADIUS 身份验证或 Active Directory 身份验证 (NT 域验证)。然而，这样一个外部用户身份验证功能尚未在 SoftEther VPN 的开源版本上实施。该连接将被拒绝。
 LH_AUTH_CERT_NOT_SUPPORT_ON_OPEN_SOURCE	"%S" 的连接方法: 用户 "%S" 的身份验证方法被指定为证书认证。然而，证书验证功能尚未在 SoftEther VPN 的开源版本上实施。该连接将被拒绝。
@@ -7013,6 +7021,7 @@ SW_WEB2_TITLE						指定文件夹
 SW_UNINSTALLINFO_URL					http://selinks.org/
 SW_UNINSTALLINFO_PUBLISHER				SoftEther VPN Project
 
+SW_KB3033929_REQUIRED						In Windows 7 and Windows Server 2008 R2, some SoftEther VPN functions require the Microsoft's Windows Update module KB3033929 installed.\r\n\r\nIf KB3033929 is not installed in your Windows, please install it from Windows Update or Microsoft website before installing SoftEther VPN.
 
 SW_COMPONENTS_ABOUT_TAG				关于 %s
 SW_COMPONENTS_REQUIRE_ADMIN			安装需要管理员权限
@@ -7055,7 +7064,7 @@ SW_INSTALLER_CACHE_IS_NOT_SIGNED	目前已安装 SoftEther VPN Client 的这台
 SW_FILE_NOT_FOUNT					没有找到文件 "%s"
 SW_WEB_FINISHED						Web安装工具已创建，并保存为 "%s"。\r\n\r\n请将 ZIP 文件解压缩，并将解压后的文件上传到 Web 服务器，编辑一个HTML文件和一个 inf 文件来适当替换URL。\r\n\r\n部署 Web 安装程序的解释说明在ZIP文件中描述。
 
-SW_VG_CONFIRM_MSG					您想用 SoftEther VPN 客户端安装并激活 VPN Gate P2P 中继功能的插件吗 ?\r\n\r\n本插件可以规避官方防火墙的限制实现通信的稳定性。同时 VPN Gate 的通信经常会消耗一定的网络带宽。所以不推荐在移动连接上使用 VPN Gate。\r\n\r\n请注意，一些国家和地区有规定禁止加密通信绕过官方防火墙。在这种情况下，请您不要在您的计算机上使用 VPN Gate 功能。VPN Gate 主要在日本使用。VPN Gate 仅仅是一个学术研究项目。VPN Gate 受日本法律管辖。使用此软件和服务期间，请您遵守本国相关的法律法规，这是您自己的责任。您将完全承担使用此软件和服务造成的任何损失和责任，不管在日本境内还是境外。
+SW_VG_CONFIRM_MSG					Do you really want to install and activate the VPN Gate P2P Relay Function plug-in module with SoftEther VPN Client?\r\n\r\nThis plug-in will realize the stability of communication to bypass the government censorship firewall. However, the communication of VPN Gate usually consumes some network bandwidth. VPN Gate is not recommended to be used in the mobile connections. \r\n\r\nPlease note that there are some countries and regions which have the regulation to forbid the encrypted communications to bypass government censorship firewalls. In such a case, you must not use the VPN Gate functions on your computer. VPN Gate is intended to be used mainly in Japan. VPN Gate is a research project for just academic purpose only. VPN Gate is governed under the Japanese laws. Other countries' laws are none of our concerns nor responsibilities. By using this software and service, you must observe all concerned laws and rules with your own responsibility. You will be completely liable to any damages and responsibilities which are results of using this software and service, regardless of either inside or outside of Japan's territory.\r\n\r\nVPN Gate Relay Service will be installed on your computer as system services. System services always run in the background. After you terminate these management GUI tools, this system service will continue to run in the background. System services consume CPU time, computer power, memory and disk space.
 
 
 

src/bin/hamcore/strtable_en.stb

@@ -157,11 +157,11 @@ ERR_91					Unable to disconnect the Virtual Layer 3 Switch session. To delete th
 ERR_92					A Virtual Layer 3 Switch with the specified name already exists. Specify a different name.
 ERR_93					Specified Virtual Layer 3 Switch not found.
 ERR_94					The specified name is invalid. Check if the name contains characters that cannot be used.
-ERR_95					Failed to add the Virtual Layer 3 interface.
+ERR_95					Failed to add the Virtual Layer 3 interface. Please check that the parameters are valid. Also please make sure that the Virtual Layer 3 switch is stopped. Adding or deleting interfaces are unable when the Virtual Layer 3 switch is running.
-ERR_96					Failed to delete the Virtual Layer 3 interface.
+ERR_96					Failed to delete the Virtual Layer 3 interface. Please check that the parameters are valid. Also please make sure that the Virtual Layer 3 switch is stopped. Adding or deleting interfaces are unable when the Virtual Layer 3 switch is running.
 ERR_97					The Virtual Layer 3 interface that is connecting to the destination Virtual Hub of the specified Virtual Layer 3 interface already exists in the Virtual Layer 3 Switch. No more than one Virtual Layer 3 interface that connects to the same Virtual Hub can be defined in a Virtual Layer 3 Switch.
-ERR_98					Failed to add routing table entry.
+ERR_98					Failed to add routing table entry. Please check that the parameters are valid. Also please make sure that the Virtual Layer 3 switch is stopped. Adding or deleting routing table entries are unable when the Virtual Layer 3 switch is running.
-ERR_99					Failed to delete routing table entry.
+ERR_99					Failed to delete routing table entry. Please check that the parameters are valid. Also please make sure that the Virtual Layer 3 switch is stopped. Adding or deleting routing table entries are unable when the Virtual Layer 3 switch is running.
 ERR_100					The specified routing table entry already exists.
 ERR_101					The client clock and the server clock are not synchronized with each other. Check the time settings.
 ERR_102					Unable to start this Virtual Layer 3 Switch. \r\n\r\nTo start the Virtual Layer 3 Switch, at least 1 virtual interface must be defined in the Virtual Layer 3 Switch.
@@ -1594,6 +1594,7 @@ SM_LICENSE_NUM_BRIDGE	Allowed Concurrent Bridges
 SM_NO_LICENSE_COLUMN	Caution: 
 SM_NO_LICENSE			Because there are no product licenses registered, this VPN Server's communication function doesn't operate.
 SM_LICENSE_DELETE_MSG	Are you sure you want to delete the selected license from the VPN Server?
+SM_LICENSE_WARNING		SoftEther provides Dynamic DNS, NAT Traversal and VPN Azure as academic experiment services. Therefore, there services can be used for free of charge.\r\n\r\nThese services are provided without any warranty. The services may be suspended or discontinued by technical or operational matters. In such occasions, users will not be able to use the services. A user have to understand such risks, and to acknowledge that such risks are borne by a user-self. SoftEther will never be liable to results or damages of use or unable-to-use of the service.
 SM_SYSLOG_0				Disable Syslog Send Function
 SM_SYSLOG_1				Send Server Logs by Syslog
 SM_SYSLOG_2				Send Server and Virtual Hub Security Logs by Syslog
@@ -1784,6 +1785,9 @@ LS_LICENSE_NOT_VPNSERVER	Connection "%S": License error occurred. The VPN Client
 LS_LICENSE_NOT_VPNCLUSTER	Connection "%S": License error occurred. The license registered on this VPN Server is of a type that prevents the use of the current clustering function and a VPN Client has attempted connection while operating in Cluster mode. You must restart the VPN Server.
 LS_LICENSE_VIOLATION		Connection "%S": A license violation has occurred on the VPN Server and connections are not being received.
 LS_LICENSE_VIOLATION_DETECTED	A license violation has been detected. A different VPN Server is operating with the same server ID "%I64u" as this VPN Server. It is possible that there are two or more VPN Servers in the cluster that are using the same license. Check the license information of each VPN Server.
+LS_API_AUTH_OK			HTTPS API client "%r:%u" (%S): Administration mode: "%S": The embedded HTTPS web server accepted the successful login. Username: "%S", Method: "%S", Path: "%S"
+LS_API_AUTH_ERROR		HTTPS API client "%r:%u" (%S): The embedded HTTPS web server refused a login attempt. Username: "%S", Method: "%S", Path: "%S"
+LS_API_RPC_CALL			HTTPS API client "%r:%u" (%S): The client called a JSON-API. Method: "%S", Returned error code: %u (0 = success), Returned error message: "%s"
 
 
 # (OpenVPN Logs)
@@ -1793,6 +1797,9 @@ LO_PREFIX_CHANNEL		OpenVPN Session %u (%r:%u -> %r:%u) Channel %u:
 LO_NEW_CHANNEL			A new channel is created.
 LO_CHANNEL_ESTABLISHED_NEWKEY	The channel is established. (Trigger: Re-key completion.)
 LO_OPTION_STR_RECV		Option Strings Received: "%S"
+LO_CLIENT_CERT			Client certificate received (subject: CN="%s"), will use certificate authentication.
+LO_CLIENT_UNVERIFIED_CERT		Client certificate was provided but did not pass verification (error="%S"), will use password authentication.
+LO_CLIENT_NO_CERT		Client certificate is not provided, will use password authentication.
 LO_OPTION_STR_SEND		Option Strings to Send: "%S"
 LO_NEW_SESSION			A new session is created. Protocol: %S
 LO_INITIATE_REKEY		The re-keying process is started.
@@ -1889,6 +1896,7 @@ LH_AUTH_PASSWORD		Password authentication
 LH_AUTH_PLAIN_PASSWORD	External server authentication
 LH_AUTH_CERT			Certificate authentication
 LH_AUTH_TICKET			Ticket authentication
+LH_AUTH_OPENVPN_CERT    OpenVPN certificate authentication
 LH_AUTH_RADIUS_NOT_SUPPORT	Connection "%S": The authentication method of the user "%S" has been specified as RADIUS Authentication or Active Directory Authentication (NT Domain Authentication). However, the edition of the VPN Server is "%S". This edition does not support RADIUS Authentication nor Active Directory Authentication (NT Domain Authentication). The connection will be denied.
 LH_AUTH_RADIUS_NOT_SUPPORT_ON_OPEN_SOURCE	Connection "%S": The authentication method of the user "%S" has been specified as RADIUS Authentication or Active Directory Authentication (NT Domain Authentication). However, such an external user-authentication function hasn't been implemented on the Open-Source version of SoftEther VPN yet. The connection will be denied.
 LH_AUTH_CERT_NOT_SUPPORT_ON_OPEN_SOURCE	Connection "%S": The authentication method of the user "%S" has been specified as Certificate Authentication. However, the Certificate Authentication function hasn't been implemented on the Open-Source version of SoftEther VPN yet. The connection will be denied.
@@ -5697,7 +5705,7 @@ CMD_UserRadiusSet_Prompt_ALIAS	Alias Name for Authentication (Optional):
 
 # UserNTLMSet コマンド
 CMD_UserNTLMSet			Set NT Domain Authentication for User Auth Type
-CMD_UserNTLMSet_Help	Use this to set NT Domain Authentication as the auth type for a user that is registered on the security account database of the currently managed Virtual Hub. When a user connects to a Virtual Hub using a user name that is set for NT Domain authentication, the user name and the user input password is sent to the Windows NT / 2000 / Server 2003 / Server 2008 / Server 2008 R2 / Server 2012 Domain Controller or Active Directory Server where the server checks the user name and password, then if the verification is successful, that user is allowed VPN connection. \nTo use NT Domain authentication, the VPN Server must be operating on a Windows NT 4.0, Windows 2000, Windows XP, Windows Vista, Windows Server 2008, Windows Server 2008 R2 or Windows Server 2012 operating system that is connected to that domain. For details please contact the VPN Server's administrator. \nTo get the list of currently registered users, use the UserList command. \nThis command cannot be run on VPN Bridge. \nYou cannot execute this command for Virtual Hubs of VPN Servers operating as a member server on a cluster.
+CMD_UserNTLMSet_Help	Use this to set NT Domain Authentication as the auth type for a user that is registered on the security account database of the currently managed Virtual Hub. When a user connects to a Virtual Hub using a user name that is set for NT Domain authentication, the user name and the user input password is sent to the Windows NT / 2000 / Server 2003 / Server 2008 / Server 2008 R2 / Server 2012 / Server 2012 R2 / Server 2016 / Server 2019 Domain Controller or Active Directory Server where the server checks the user name and password, then if the verification is successful, that user is allowed VPN connection. \nTo use NT Domain authentication, the VPN Server must be operating on a Windows operating system that is connected to that domain. For details please contact the VPN Server's administrator. \nTo get the list of currently registered users, use the UserList command. \nThis command cannot be run on VPN Bridge. \nYou cannot execute this command for Virtual Hubs of VPN Servers operating as a member server on a cluster.
 CMD_UserNTLMSet_Args	UserNTLMSet [name] [/ALIAS:alias_name]
 CMD_UserNTLMSet_[name]	Specify the user name of the user whose setting you want to change.
 CMD_UserNTLMSet_ALIAS	When this parameter is set, it is possible to make the user name sent to the NT Domain or Active Directory server different to the user name on the Virtual Hub. When this is not set, please specify /ALIAS:none (the user name on the Virtual Hub will be used). If the user name is "*", the /ALIAS parameter will be ignored. To read an explanation of the "*" user, please input UserCreate/HELP to display this information.
@@ -7006,6 +7014,8 @@ SW_WEB2_TITLE								Specify Files
 SW_UNINSTALLINFO_URL						http://selinks.org/
 SW_UNINSTALLINFO_PUBLISHER					SoftEther VPN Project
 
+SW_KB3033929_REQUIRED						In Windows 7 and Windows Server 2008 R2, some SoftEther VPN functions require the Microsoft's Windows Update module KB3033929 installed.\r\n\r\nIf KB3033929 is not installed in your Windows, please install it from Windows Update or Microsoft website before installing SoftEther VPN.
+
 
 SW_COMPONENTS_ABOUT_TAG						About %s
 SW_COMPONENTS_REQUIRE_ADMIN					Installation Requires Administrators Privileges
@@ -7048,7 +7058,7 @@ SW_INSTALLER_CACHE_IS_NOT_SIGNED			The currently installed SoftEther VPN Client
 SW_FILE_NOT_FOUNT							The file "%s" not found.
 SW_WEB_FINISHED								The Web Installer is created and saved as "%s".\r\n\r\nPlease extract inner files from the ZIP file, upload them into the Web server, and edit a HTML file and an inf file to replace URLs appropriately.\r\n\r\nThe explanation to deploy the Web Installer is described on the ZIP file.
 
-SW_VG_CONFIRM_MSG							Do you really want to install and activate the VPN Gate P2P Relay Function plug-in module with SoftEther VPN Client?\r\n\r\nThis plug-in will realize the stability of communication to bypass the government censorship firewall. However, the communication of VPN Gate usually consumes some network bandwidth. VPN Gate is not recommended to be used in the mobile connections. \r\n\r\nPlease note that there are some countries and regions which have the regulation to forbid the encrypted communications to bypass government censorship firewalls. In such a case, you must not use the VPN Gate functions on your computer. VPN Gate is intended to be used mainly in Japan. VPN Gate is a research project for just academic purpose only. VPN Gate is governed under the Japanese laws. Other countries' laws are none of our concerns nor responsibilities. By using this software and service, you must observe all concerned laws and rules with your own responsibility. You will be completely liable to any damages and responsibilities which are results of using this software and service, regardless of either inside or outside of Japan's territory.
+SW_VG_CONFIRM_MSG							Do you really want to install and activate the VPN Gate P2P Relay Function plug-in module with SoftEther VPN Client?\r\n\r\nThis plug-in will realize the stability of communication to bypass the government censorship firewall. However, the communication of VPN Gate usually consumes some network bandwidth. VPN Gate is not recommended to be used in the mobile connections. \r\n\r\nPlease note that there are some countries and regions which have the regulation to forbid the encrypted communications to bypass government censorship firewalls. In such a case, you must not use the VPN Gate functions on your computer. VPN Gate is intended to be used mainly in Japan. VPN Gate is a research project for just academic purpose only. VPN Gate is governed under the Japanese laws. Other countries' laws are none of our concerns nor responsibilities. By using this software and service, you must observe all concerned laws and rules with your own responsibility. You will be completely liable to any damages and responsibilities which are results of using this software and service, regardless of either inside or outside of Japan's territory.\r\n\r\nVPN Gate Relay Service will be installed on your computer as system services. System services always run in the background. After you terminate these management GUI tools, this system service will continue to run in the background. System services consume CPU time, computer power, memory and disk space.
 
 
 

src/bin/hamcore/strtable_ja.stb

@@ -159,11 +159,11 @@ ERR_91					仮想レイヤ 3 スイッチセッションは切断できません
 ERR_92					指定された名前の仮想レイヤ 3 スイッチは既に存在します。別の名前を指定してください。
 ERR_93					指定された名前の仮想レイヤ 3 スイッチが見つかりません。
 ERR_94					指定された名前が不正です。使用できない文字が含まれていないかどうかチェックしてください。
-ERR_95					仮想レイヤ 3 インターフェイスの追加に失敗しました。
+ERR_95					仮想レイヤ 3 インターフェイスの追加に失敗しました。パラメータが正しいかどうか確認してください。また、仮想レイヤ 3 スイッチが動作中の場合は、仮想レイヤ 3 インターフェイスの追加または削除はできません。仮想レイヤ 3 スイッチを停止してください。
-ERR_96					仮想レイヤ 3 インターフェイスの削除に失敗しました。
+ERR_96					仮想レイヤ 3 インターフェイスの削除に失敗しました。パラメータが正しいかどうか確認してください。また、仮想レイヤ 3 スイッチが動作中の場合は、仮想レイヤ 3 インターフェイスの追加または削除はできません。仮想レイヤ 3 スイッチを停止してください。
 ERR_97					指定された仮想レイヤ 3 インターフェイスの接続先仮想 HUB に接続している仮想レイヤ 3 インターフェイスが仮想レイヤ 3 スイッチの中に既に存在します。1 つの仮想レイヤ 3 スイッチの中では、同一の仮想 HUB に接続する仮想レイヤ 3 インターフェイスは 1 つしか定義できません。
-ERR_98					ルーティングテーブルの追加に失敗しました。
+ERR_98					ルーティングテーブルの追加に失敗しました。パラメータが正しいかどうか確認してください。また、仮想レイヤ 3 スイッチが動作中の場合は、ルーティングテーブルの追加または削除はできません。仮想レイヤ 3 スイッチを停止してください。
-ERR_99					ルーティングテーブルの削除に失敗しました。
+ERR_99					ルーティングテーブルの削除に失敗しました。パラメータが正しいかどうか確認してください。また、仮想レイヤ 3 スイッチが動作中の場合は、ルーティングテーブルの追加または削除はできません。仮想レイヤ 3 スイッチを停止してください。
 ERR_100					指定されたルーティングテーブルはすでに存在します。
 ERR_101					クライアントとサーバーの間の時計がずれています。時刻設定を確認してください。
 ERR_102					この仮想レイヤ 3 スイッチを開始できません。\r\n\r\n仮想レイヤ 3 スイッチを開始するには、最低でも 1 つの仮想インターフェイスが仮想レイヤ 3 スイッチ内に定義されている必要があります。
@@ -841,6 +841,7 @@ CM_ST_UDP_ACCEL_ENABLED	UDP 高速化機能をサポート
 CM_ST_UDP_ACCEL_USING	UDP 高速化機能を使用中
 CM_ST_RUDP				TCP over UDP (NAT Traversal)
 CM_ST_UNDERLAY_PROTOCOL	物理通信に使用中のプロトコル
+CM_ST_PROTOCOL_DETAILS	プロトコル詳細
 CM_ST_COMPRESS_TRUE		はい (約 %u %%)
 CM_ST_COMPRESS_FALSE	いいえ (圧縮無し)
 CM_ST_SESSION_NAME		セッション名
@@ -1598,6 +1599,7 @@ SM_LICENSE_NUM_BRIDGE	ブリッジ同時接続可能数
 SM_NO_LICENSE_COLUMN	ご注意: 
 SM_NO_LICENSE			製品ライセンスが 1 つも登録されていないため、この VPN Server の通信機能は動作しません。
 SM_LICENSE_DELETE_MSG	選択されたライセンスを VPN Server から削除しますか?
+SM_LICENSE_WARNING		ソフトイーサはダイナミック DNS、NAT トラバーサルおよびVPN Azure を学術実験目的で研究開発し、主にオープンソース版 SoftEther VPN ユーザーの方々によって利用していただくために実験目的で運営しています。そのため、これらのサービスはすべて無料でご利用いただけます。\r\n\r\nSoftEther VPN の「重要事項説明書」(インストール時に表示、またはバイナリファイルにテキストファイルて同梱) の 3.5 節に記載されているとおり、これらのサービスはすべて無料でご利用いただけますが、これらのサービスは一切の保証がない状態で提供されるものです。実験の休止、中止や実験中の技術的問題の発生によってサービスが中断する場合があります。その場合は、ユーザーはサービスを利用できなくなります。ユーザーはこのようなリスクがあること、およびそのリスクをユーザー自身が負担することを承諾いただいた上でこれらのサービスをご利用ください。実験の休止、中止や実験中の技術的問題の発生によってサービスが中断する場合があります。その場合は、ユーザーはサービスを利用できなくなります。\r\n\r\nこれらの学術実験サービスを商業用途などの高い安定性が求められる用途に使用されることは、禁止されていませんが、学術実験サービスに障害が発生した場合、安定性上の問題が発生するなどのリスクがあります。商業用途などの高い安定性が求められる用途においては、これらの学術実験サービスを使用しないでください。\r\n\r\n仮にお客様が SoftEther VPN ソフトウェアの商用製品を購入され、SoftEther VPN ソフトウェアのライセンス料金をお客様がすでにお支払いいただいている場合であっても、当該料金にはこれらのサービスの対価は含まれていません。これらのサービスが中断したり利用不能になったりした場合であっても、SoftEther VPN ソフトウェアのライセンス料金は一切返金されず、その他の損害賠償も提供されません。
 SM_SYSLOG_0				syslog 送信機能を使用しない
 SM_SYSLOG_1				サーバーログを syslog で送信
 SM_SYSLOG_2				サーバーおよび仮想 HUB セキュリティログを syslog で送信
@@ -1788,6 +1790,10 @@ LS_LICENSE_NOT_VPNSERVER	コネクション "%S": ライセンスエラーが発
 LS_LICENSE_NOT_VPNCLUSTER	コネクション "%S": ライセンスエラーが発生しました。この VPN Server には現在クラスタリング機能を使用できない種類のライセンスが登録されていますが、クラスタモードで動作中に VPN Client が接続しようとしました。VPN Server を再起動する必要があります。
 LS_LICENSE_VIOLATION		コネクション "%S": VPN Server でライセンス違反が発生しているため、接続を受け付けられません。
 LS_LICENSE_VIOLATION_DETECTED	ライセンス違反を検出しました。別の VPN Server が、この VPN Server と同じサーバー ID "%I64u" で動作しています。クラスタ内に同一のライセンスを使用した 2 台以上の VPN Server が存在する可能性があります。各 VPN Server のライセンス情報を確認してください。
+LS_API_AUTH_OK			HTTPS API クライアント "%r:%u" (%S): 管理モード: "%S" で組み込み HTTPS Web サーバーを用いてログインに成功しました。使用されたユーザー名: "%S", メソッド: "%S", パス: "%S"
+LS_API_AUTH_ERROR		HTTPS API クライアント "%r:%u" (%S): 組み込み HTTPS Web サーバーを用いてログインに失敗しました。使用されたユーザー名: "%S", メソッド: "%S", パス: "%S"
+LS_API_RPC_CALL			HTTPS API クライアント "%r:%u" (%S): JSON-API を呼び出しました。メソッド名: "%S", 結果エラーコード: %u (0 = 成功), 結果エラーメッセージ: "%s"
+
 
 
 # (OpenVPN ログ)
@@ -1797,6 +1803,9 @@ LO_PREFIX_CHANNEL		OpenVPN セッション %u (%r:%u -> %r:%u) チャネル %u:
 LO_NEW_CHANNEL			新しいチャネルを作成しました。
 LO_CHANNEL_ESTABLISHED_NEWKEY	チャネルが確立状態になりました (原因: リキーの完了)。
 LO_OPTION_STR_RECV		受信したオプション文字列: "%S"
+LO_CLIENT_CERT			Client certificate received (subject: CN="%s"), will use certificate authentication.
+LO_CLIENT_UNVERIFIED_CERT		Client certificate was provided but did not pass verification (error="%S"), will use password authentication.
+LO_CLIENT_NO_CERT		Client certificate is not provided, will use password authentication.
 LO_OPTION_STR_SEND		送信するオプション文字列: "%S"
 LO_NEW_SESSION			新しいセッションを作成しました。プロトコル: %S
 LO_INITIATE_REKEY		このチャネルのリキーを開始します。
@@ -1893,6 +1902,7 @@ LH_AUTH_PASSWORD		パスワード認証
 LH_AUTH_PLAIN_PASSWORD	外部サーバー認証
 LH_AUTH_CERT			証明書認証
 LH_AUTH_TICKET			チケット認証
+LH_AUTH_OPENVPN_CERT    OpenVPN 証明書認証
 LH_AUTH_RADIUS_NOT_SUPPORT	コネクション "%S": ユーザー "%S" の認証方法として RADIUS 認証または Active Directory 認証 (NT ドメイン認証) が指定されましたが、現在の VPN Server のエディションは "%S" であるため、RADIUS 認証または Active Directory 認証 (NT ドメイン認証) を使用することができません。接続は拒否されます。
 LH_AUTH_RADIUS_NOT_SUPPORT_ON_OPEN_SOURCE	コネクション "%S": ユーザー "%S" の認証方法として RADIUS 認証または Active Directory 認証 (NT ドメイン認証) が指定されましたが、RADIUS 認証または Active Directory 認証 (NT ドメイン認証) を使用することができません。この機能はオープンソース版 SoftEther VPN にはまだ実装されていません。接続は拒否されます。
 LH_AUTH_CERT_NOT_SUPPORT_ON_OPEN_SOURCE	コネクション "%S": ユーザー "%S" の認証方法として証明書認証が指定されましたが、証明書認証を使用することができません。この機能はオープンソース版 SoftEther VPN にはまだ実装されていません。接続は拒否されます。
@@ -1913,7 +1923,7 @@ LH_MAX_SESSION			コネクション "%S": 仮想 HUB が設定された最大セ
 LH_MAX_SESSION_CLIENT	コネクション "%S": 仮想 HUB が設定された最大クライアントセッション数 %u に達しています。新しいセッションは作成できません。
 LH_MAX_SESSION_BRIDGE	コネクション "%S": 仮想 HUB が設定された最大ブリッジセッション数 %u に達しています。新しいセッションは作成できません。
 LH_MAX_SESSION_2		コネクション "%S": VPN Server 上で管理することができる最大セッション数 %u に達しています。新しいセッションは作成できません。
-LH_NEW_SESSION			コネクション "%S": 新しいセッション "%S" が作成されました。(IP アドレス %S, ポート番号 %u, 物理レイヤのプロトコル: "%S")
+LH_NEW_SESSION			コネクション "%S": 新しいセッション "%S" が作成されました。(IP アドレス %S, ポート番号 %u, 物理レイヤのプロトコル: "%S", プロトコル詳細: "%S")
 LH_SET_SESSION			セッション "%S": パラメータが設定されました。最大 TCP コネクション数 %u, 暗号化の使用 %s, 圧縮の使用 %s, 半二重通信の使用 %s, タイムアウト %u 秒
 LH_NODE_INFO			セッション "%S": VPN Client の詳細: (%s)
 LH_VLAN_ID				セッション "%S": 割り当てられた VLAN ID: %u
@@ -7010,6 +7020,8 @@ SW_WEB2_TITLE								ファイルの指定
 SW_UNINSTALLINFO_URL						http://selinks.org/
 SW_UNINSTALLINFO_PUBLISHER					SoftEther VPN Project
 
+SW_KB3033929_REQUIRED						Windows 7 および Windows Server 2008 R2 では、SoftEther VPN の一部の機能を利用するためには、Microsoft 社の Windows Update プログラム KB3033929 がインストールされている必要があります。\r\n\r\nKB3033929 がインストールされていない場合は、SoftEther VPN をインストールする前に、Windows Update または Microsoft 社の Web サイトから KB3033929 をインストールをしてください。
+
 
 SW_COMPONENTS_ABOUT_TAG						「%s」とは
 SW_COMPONENTS_REQUIRE_ADMIN					インストールには管理者権限が必要です
@@ -7052,7 +7064,7 @@ SW_INSTALLER_CACHE_IS_NOT_SIGNED			現在のコンピュータにインストー
 SW_FILE_NOT_FOUNT							ファイル "%s" が見つかりません。
 SW_WEB_FINISHED								生成された Web インストーラを格納したファイル "%s" を保存しました。\r\n\r\nこの ZIP ファイルを展開し、中身のファイルを Web サーバーに設置して HTML ファイルや inf ファイル内の URL を適切に書き換えてください。\r\n\r\nWeb インストーラの配置方法に関する説明は ZIP ファイル内に記載されています。
 
-SW_VG_CONFIRM_MSG							SoftEther VPN Client に組み込まれた VPN Gate P2P 中継機能プラグインモジュール をインストールし有効化します。よろしいですか?\r\n\r\n本プラグインは、政府の検閲用ファイアウォールを回避するための通信の安定化を実現します。しかしながら、VPN Gate のためのネットワーク帯域の消費量が増加します。したがって、モバイル回線において VPN Gate 機能を使用することは推奨されていません。\r\n\r\n政府の検閲用ファイアウォールを回避する目的で暗号化された通信を行うことは、いくつかの国および地域では禁止されています。そのような場合は、VPN Gate 機能をコンピュータで使用してはいけません。VPN Gate は専ら日本国内における使用を想定し開発されています。VPN Gate は学術目的の研究プロジェクトです。VPN Gate は日本国の法令に基づいて提供されます。その他の国の法律については、VPN Gate Project は一切関知しておりません。本ソフトウェアおよびサービスを使用するにあたり、ユーザーはユーザー自身の責任において、適用されるすべての法令を遵守しなければなりません。使用場所が日本国内または国外のいずれであるかに係わらず、本ソフトウェアおよびサービスを使用したことによるすべての損害および責任はユーザーが負うこととなります。
+SW_VG_CONFIRM_MSG							SoftEther VPN Client に組み込まれた VPN Gate P2P 中継機能プラグインモジュール をインストールし有効化します。よろしいですか?\r\n\r\n本プラグインは、政府の検閲用ファイアウォールを回避するための通信の安定化を実現します。しかしながら、VPN Gate のためのネットワーク帯域の消費量が増加します。したがって、モバイル回線において VPN Gate 機能を使用することは推奨されていません。\r\n\r\n政府の検閲用ファイアウォールを回避する目的で暗号化された通信を行うことは、いくつかの国および地域では禁止されています。そのような場合は、VPN Gate 機能をコンピュータで使用してはいけません。VPN Gate は専ら日本国内における使用を想定し開発されています。VPN Gate は学術目的の研究プロジェクトです。VPN Gate は日本国の法令に基づいて提供されます。その他の国の法律については、VPN Gate Project は一切関知しておりません。本ソフトウェアおよびサービスを使用するにあたり、ユーザーはユーザー自身の責任において、適用されるすべての法令を遵守しなければなりません。使用場所が日本国内または国外のいずれであるかに係わらず、本ソフトウェアおよびサービスを使用したことによるすべての損害および責任はユーザーが負うこととなります。\r\n\r\nVPN Gate 中継サービスは、バックグラウンドで動作するシステムサービスとしてコンピュータにインストールされます。これらの管理 GUI ツールを終了しても、システムサービスは継続してバックグラウンドで動作し続けます。システムサービスは、CPU 時間、コンピュータの消費電力、メモリおよびディスクの容量を消費します。
 
 
 

src/bin/hamcore/warning_cn.txt

@@ -24,6 +24,8 @@ SoftEther VPN 具有 UDP 加速功能。如果一个 VPN 是由两个站点组
 
 
 2. VPN 软件
+The notes in this section are not specific to SoftEther VPN or VPN Gate, but apply to general system software. SoftEther VPN Client, SoftEther VPN Server, SoftEther VPN Bridge, and VPN Gate Relay Service will be installed on your computer as system services. System services always run in the background. System services usually do not appear on the computer display. Then your computer system is booted, system services automatically start in the background even before you or other users log in. To check whether PacketiX-related system service is running, check the process list or the background service list of your OS (called as "Services" in Windows, or "Daemons" in UNIX.) You can activate, deactivate, start, or stop system services using the functions of the OS anytime. PacketiX-related GUI tools for managing system services communicate with these system services. After you terminate these management GUI tools, PacketiX-related system services will continue to run in the background. System services consume CPU time, computer power, memory and disk space. Because system services consume power, your electricity charges and amount of thermal of your computer increase as result. In addition, there is a possibility that the mechanical parts of the life of your computer is reduced.
+
 2.1. SoftEther VPN 客户端
 如果您在 Windows 上使用 SoftEther VPN 客户端，虚拟网络适配器设备驱动程序将安装在 Windows 上。虚拟网络适配器作为一个内核模式驱动程序实施在 Windows 上。驱动程序是数字签名的，由 VeriSign ， Inc 所签发的证书，还由 Symantec Corporation (赛门铁克公司) 签署。问你要确保安装驱动程序的一条消息可能会弹出在屏幕上。如果可能的话， SoftEther VPN 客户端可能会响应消息。SoftEther VPN 客户端还优化了在 Windows 上 MMCSS (多媒体类计划程序服务) 的配置。您以后可以撤消 MMCSS 的优化。
 

src/bin/hamcore/warning_en.txt

@@ -24,6 +24,8 @@ SoftEther VPN has the UDP Acceleration Function. If a VPN consists of two sites
 
 
 2. VPN Software
+The notes in this section are not specific to SoftEther VPN or VPN Gate, but apply to general system software. SoftEther VPN Client, SoftEther VPN Server, SoftEther VPN Bridge, and VPN Gate Relay Service will be installed on your computer as system services. System services always run in the background. System services usually do not appear on the computer display. Then your computer system is booted, system services automatically start in the background even before you or other users log in. To check whether PacketiX-related system service is running, check the process list or the background service list of your OS (called as "Services" in Windows, or "Daemons" in UNIX.) You can activate, deactivate, start, or stop system services using the functions of the OS anytime. PacketiX-related GUI tools for managing system services communicate with these system services. After you terminate these management GUI tools, PacketiX-related system services will continue to run in the background. System services consume CPU time, computer power, memory and disk space. Because system services consume power, your electricity charges and amount of thermal of your computer increase as result. In addition, there is a possibility that the mechanical parts of the life of your computer is reduced.
+
 2.1. SoftEther VPN Client
 If you use SoftEther VPN Client on Windows, the Virtual Network Adapter device driver will be installed on Windows. The Virtual Network Adapter is implemented as a kernel-mode driver for Windows. The driver is digitally-signed by a certificate issued by VeriSign, Inc. and also sub-signed by Symantec Corporation. A message to ask you want to sure install the driver might be popped up on the screen. SoftEther VPN Client may response the message if possible. SoftEther VPN Client also optimizes the configuration of MMCSS (Multimedia Class Scheduler Service) on Windows. You can undo the optimizations of MMCSS afterwards.
 

src/bin/hamcore/warning_ja.txt

@@ -24,6 +24,8 @@ SoftEther VPN には UDP 高速化機能が搭載されています。VPN を構
 
 
 2. VPN ソフトウェアについて
+この節で述べる注意事項は、SoftEther VPN および VPN Gate 特有のものではなく、一般的なシステムソフトウェアに当てはまる事項です。VPN ソフトウェアを構成する SoftEther VPN Client, SoftEther VPN Server および SoftEther VPN Bridge ならびに VPN Gate 中継サービスは、バックグラウンドで動作するシステムサービスとしてコンピュータにインストールされます。システムサービスは、通常、ディスプレイに表示されません。また、システムを起動した際に自動的に、ユーザーによるログイン前であっても、バックグラウンドで動作を開始します。システムサービスが稼働しているかどうかを確認するためには、プロセス一覧を確認するか、お使いの OS のバックグラウンドサービス一覧 (Windows においては「サービス」、UNIX においては「デーモン」と呼称されます。) を確認してください。また、OS の有する機能を用いて、システムサービスを有効化、無効化、開始または停止することができます。システムサービスを管理するための GUI ツールは、システムサービスとの間で通信を行ないます。これらの管理 GUI ツールを終了しても、システムサービスは継続してバックグラウンドで動作し続けます。システムサービスは、CPU 時間、コンピュータの消費電力、メモリおよびディスクの容量を消費します。システムサービスは、電力を消費するため、コンピュータに係る電気料金や発熱が増加する可能性があります。さらに、コンピュータの機械部分の寿命が短くなる可能性もあります。
+
 2.1. SoftEther VPN Client
 SoftEther VPN Client を Windows で使用する場合は、仮想 LAN カードをコンピュータにインストールする必要があります。仮想 LAN カードは Windows 上で動作するカーネルモードドライバとして実装されています。当該ドライバは VeriSign 社の発行する証明書によってデジタル署名されており、Symantec 社による副署名もされています。ドライバのインストール時には本当にドライバをインストールするかどうかの確認メッセージが表示される場合があります。SoftEther VPN Client は可能な場合は自動的に当該確認メッセージに応答します。SoftEther VPN Client はインストール時に通信を最適化するため Windows の MMCSS (Multimedia Class Scheduler Service) の設定を最適化します。MMCSS の設定の最適化は後から元に戻すことができます。
 

src/bin/hamcore/wwwroot/admin/README.md

@@ -0,0 +1,22 @@
+# About "admin" directory (for developers)
+This `bin/hamcore/wwwroot/admin/` directory is the web contents root of the embedded HTML5 web administration console: `http://<vpn_server_host>:<port>/admin/`.
+
+Currently there is only the `default/` sub directory. It is corresponding to `http://<vpn_server_host>:<port>/admin/default/`.
+
+
+The `/admin/index.html` file always redirects all clients to the `/admin/default/`.
+
+
+If you are willing to develop the web-based administration console you have two choices:
+
+1. Modify and improve the `/admin/default/` project.
+
+
+2. Create your entirely new web project in the `/admin/NEW_PATH_HERE/` directory. You can choose the unique directory name instead of `NEW_PATH_HERE` on the above directory path.
+  
+
+If you want to create an independent new web project, the choice #2 is the best way. You can do anything freely in your new directory. In such a case, please edit the `/admin/index.html` not to redirect to the `/admin/default/index.html` automatically. Instead, put the list of the systems for each of sub directories in the `/admin/index.html` so that the user can choose which system to use.
+
+
+  
+

src/bin/hamcore/wwwroot/admin/default/.gitignore

@@ -0,0 +1 @@
+node_modules/

src/bin/hamcore/wwwroot/admin/default/.vscode/launch.json

@@ -0,0 +1,16 @@
+{
+    "version": "0.2.0",
+    "configurations": [
+        {
+            "type": "chrome",
+            "request": "launch",
+            "trace": true,
+            "sourceMaps": true,
+            "name": "Launch Chrome",
+            "preLaunchTask": "webpack build",
+            "file": "${workspaceFolder}/index.html",
+            "webRoot": "${workspaceFolder}",
+            "internalConsoleOptions": "openOnSessionStart"
+        }
+    ]
+}

src/bin/hamcore/wwwroot/admin/default/.vscode/settings.json

@@ -0,0 +1,5 @@
+{
+    "files.associations": {
+        "tsconfig_webpack.json": "jsonc"
+    }
+}

src/bin/hamcore/wwwroot/admin/default/.vscode/tasks.json

@@ -0,0 +1,45 @@
+{
+    "version": "2.0.0",
+    "tasks": [
+        {
+            "label": "webpack build",
+            "type": "npm",
+            "script": "build",
+            "problemMatcher": [],
+            "group": {
+                "kind": "build",
+                "isDefault": true
+            }
+        },
+        {
+            "label": "webpack watch",
+            "type": "npm",
+            "script": "watch",
+            "isBackground": true,
+            "problemMatcher": {
+                "pattern": {
+                    "regexp": "^$"
+                },
+                "background": {
+                    "activeOnStart": true,
+                    "beginsPattern": ".*Version: webpack.*",
+                    "endsPattern": ".*\\[built\\]"
+                },
+            }
+        },
+        {
+            "label": "tsc build",
+            "type": "typescript",
+            "tsconfig": "tsconfig.json",
+        },
+        {
+            "label": "tsc watch",
+            "type": "typescript",
+            "tsconfig": "tsconfig.json",
+            "option": "watch",
+            "problemMatcher": [
+                "$tsc-watch"
+            ]
+        }
+    ]
+}

src/bin/hamcore/wwwroot/admin/default/hub.html

@@ -0,0 +1,23 @@
+<!DOCTYPE html>
+<html>
+<!--#include file="include_head.html" -->
+    <body>
+<!--#include file="include_menu.html" -->
+<div class="container theme-showcase" role="main">
+        <H2><div id="HUB_NAME"></div></H2>
+
+        <button class="btn btn-lg btn-danger" onclick="JS.DeleteVirtualHub(location.search);">Delete this Virtual Hub</button>
+
+        <H3>List of Users</H3>
+        <ul id="USERS_LIST"></ul>
+
+        <H3>List of Active VPN Sessions</H3>
+        <ul id="SESSIONS_LIST"></ul>
+<!--#include file="include_footer.html" -->
+</div>
+    </body>
+    <script>
+        JS.HubAdminPage(location.search);
+    </script>
+</html>
+

src/bin/hamcore/wwwroot/admin/default/include_footer.html

@@ -0,0 +1,4 @@
+<p>　</p>
+<p>　</p>
+<hr />
+<p>Copyright (c) SoftEther VPN Project under the Apache License 2.0.</p>

src/bin/hamcore/wwwroot/admin/default/include_head.html

@@ -0,0 +1,9 @@
+<head>
+    <title>SoftEther VPN Server HTML5 Web Administration Console (Under construction!)</title>
+    <script src="out_webpack/bundle.js"></script>
+    <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js"></script>
+    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" crossorigin="anonymous">
+    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap-theme.min.css" crossorigin="anonymous">
+    <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" crossorigin="anonymous"></script>
+    <link href="theme.css" rel="stylesheet">
+</head>

src/bin/hamcore/wwwroot/admin/default/include_menu.html

@@ -0,0 +1,29 @@
+<!-- Fixed navbar -->
+<nav class="navbar navbar-inverse navbar-fixed-top">
+    <div class="container">
+        <div class="navbar-header">
+            <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar"
+                aria-expanded="false" aria-controls="navbar">
+                <span class="sr-only">Toggle navigation</span>
+                <span class="icon-bar"></span>
+                <span class="icon-bar"></span>
+                <span class="icon-bar"></span>
+            </button>
+            <a class="navbar-brand" href="./">SoftEther VPN Server Web Admin Console</a>
+        </div>
+        <div id="navbar" class="navbar-collapse collapse">
+            <ul class="nav navbar-nav">
+                <li><a href="/api/">JSON-RPC API Reference</a></li>
+                <li class="dropdown">
+                    <a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true"
+                        aria-expanded="false">About <span class="caret"></span></a>
+                    <ul class="dropdown-menu">
+                        <li><a href="https://github.com/SoftEtherVPN/SoftEtherVPN">SoftEther VPN on GitHub</a></li>
+                        <li><a href="https://www.softether.org/">SoftEther.org Web Site</a></li>
+                    </ul>
+                </li>
+            </ul>
+        </div>
+        <!--/.nav-collapse -->
+    </div>
+</nav>

src/bin/hamcore/wwwroot/admin/default/index.html

@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<html>
+<!--#include file="include_head.html" -->
+    <body>
+<!--#include file="include_menu.html" -->
+<div class="container theme-showcase" role="main">
+        <H2>SoftEther VPN Server HTML5 Ajax-based Web Administration Console<BR>(Under construction!)</H2>
+        <p>This is the sample of HTML5 Ajax-based VPN Server Web Administration Console.</p>
+        <p>The purpose of this HTML5 admin page is to make administrators easy to set up and manage the running VPN Servers.</p>
+        <h3>Authentication for this page</h3>
+        <p>You must supply the HTTP basic authentication credential as following.</p>
+        <ul>
+            <li>To login to the VPN server as the entire server administrator, specify empty or "administrator" as the username field,
+            and specify the server administrative password as the password field.</li>
+            <li>To login to a particular Virtual Hub as the hub administrator, specify the hub name as the username field, and specify
+            the hub administrative password as the password field.</li>
+        </ul>
+
+        <h3>Your HTML5 development contribution is very appreciated</h3>
+        <p>This HTML5 page is obviously under construction, and providing very minimum functions as sample.<BR>This initial page is written by Daiyuu Nobori (the core developer of SoftEther VPN). He is obviously lack of HTML5 development ability.<BR>Please kindly consider to contribute for <strong><a href="https://github.com/SoftEtherVPN/SoftEtherVPN/tree/master/src/bin/hamcore/wwwroot/admin/">SoftEther VPN's development on GitHub.</a></strong> Your code will help every people running SoftEther VPN Server.</p>
+
+        <p>This HTML5 page's JavaScript codes directly call <strong><a href="/api/">SoftEther VPN Server JSON-RPC API</a></strong> on the running VPN Server from the web browser.<BR>You can also call the <strong><a href="/api/">SoftEther VPN Server JSON-RPC API</a></strong> remotely from your original application. (JavaScript, TypeScript, C#, Java, Python, Ruby, etc.)</p>
+            <p><a href="/api/"><strong>The insanely kindness API reference</strong></a> is available.</p>
+
+        <H3>List of Virtual Hubs</H3>
+        <ul id="HUB_LIST"></ul>
+
+        <H3>Create new Virtual Hub</H3>
+        Virtual Hub Name:<BR>
+        <input id="NEW_HUB_NAME" /> <button class="btn btn-lg btn-primary" onclick="JS.CreateNewHub($('#NEW_HUB_NAME').val(), '#HUB_LIST')">Create</button>
+
+        <H3>VPN Server Information</H3>
+        <ul id="VPN_SERVER_INFO"></ul>
+
+        <H3>VPN Server Status</H3>
+        <ul id="VPN_SERVER_STATUS"></ul>
+<!--#include file="include_footer.html" -->
+        </div>
+    </body>
+    <script>
+        JS.ShowVpnServerInfo("#VPN_SERVER_INFO", "#VPN_SERVER_STATUS");
+        JS.ListVirtualHubs("#HUB_LIST");
+    </script>
+</html>
+

src/bin/hamcore/wwwroot/admin/default/out_webpack/ts/index.d.ts

@@ -0,0 +1,10 @@
+import "core-js/es/promise";
+import "core-js/es/string";
+import "whatwg-fetch";
+/** API test for 'Test', test RPC function */
+export declare function Test_Test(): Promise<void>;
+export declare function ListVirtualHubs(id: string): Promise<void>;
+export declare function ShowVpnServerInfo(idInfo: string, idStatus: string): Promise<void>;
+export declare function CreateNewHub(hubName: string, idList: string): Promise<void>;
+export declare function HubAdminPage(queryString: string): Promise<void>;
+//# sourceMappingURL=index.d.ts.map

src/bin/hamcore/wwwroot/admin/default/out_webpack/ts/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/ts/index.ts"],"names":[],"mappings":"AAOA,OAAO,oBAAoB,CAAC;AAC5B,OAAO,mBAAmB,CAAC;AAC3B,OAAO,cAAc,CAAC;AAwBtB,6CAA6C;AAC7C,wBAAsB,SAAS,IAAI,OAAO,CAAC,IAAI,CAAC,CAY/C;AAED,wBAAsB,eAAe,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAY/D;AAED,wBAAsB,iBAAiB,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAkBvF;AAED,wBAAsB,YAAY,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CA2BjF;AAED,wBAAsB,YAAY,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAiBrE"}

src/bin/hamcore/wwwroot/admin/default/out_webpack/ts/main.d.ts

@@ -0,0 +1,11 @@
+import "core-js/es/promise";
+import "core-js/es/string";
+import "whatwg-fetch";
+/** API test for 'Test', test RPC function */
+export declare function Test_Test(): Promise<void>;
+export declare function ListVirtualHubs(id: string): Promise<void>;
+export declare function ShowVpnServerInfo(idInfo: string, idStatus: string): Promise<void>;
+export declare function CreateNewHub(hubName: string, idList: string): Promise<void>;
+export declare function DeleteVirtualHub(queryString: string): Promise<void>;
+export declare function HubAdminPage(queryString: string): Promise<void>;
+//# sourceMappingURL=main.d.ts.map

src/bin/hamcore/wwwroot/admin/default/out_webpack/ts/main.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"main.d.ts","sourceRoot":"","sources":["../../src/ts/main.ts"],"names":[],"mappings":"AAOA,OAAO,oBAAoB,CAAC;AAC5B,OAAO,mBAAmB,CAAC;AAC3B,OAAO,cAAc,CAAC;AAwBtB,6CAA6C;AAC7C,wBAAsB,SAAS,IAAI,OAAO,CAAC,IAAI,CAAC,CAY/C;AAED,wBAAsB,eAAe,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAY/D;AAED,wBAAsB,iBAAiB,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAkBvF;AAED,wBAAsB,YAAY,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CA2BjF;AAcD,wBAAsB,gBAAgB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAsBzE;AAED,wBAAsB,YAAY,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAkDrE"}

src/bin/hamcore/wwwroot/admin/default/out_webpack/ts/vpnadmin.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=vpnadmin.d.ts.map

src/bin/hamcore/wwwroot/admin/default/out_webpack/ts/vpnadmin.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"vpnadmin.d.ts","sourceRoot":"","sources":["../../src/ts/vpnadmin.ts"],"names":[],"mappings":""}

src/bin/hamcore/wwwroot/admin/default/package.json

@@ -0,0 +1,27 @@
+{
+  "name": "default",
+  "version": "1.0.0",
+  "description": "",
+  "main": "index.js",
+  "scripts": {
+    "build": "node_modules/.bin/webpack -d",
+    "watch": "node_modules/.bin/webpack -d --watch"
+  },
+  "keywords": [],
+  "author": "",
+  "license": "ISC",
+  "devDependencies": {
+    "@types/jquery": "^3.3.29",
+    "jquery": "^3.4.1",
+    "ts-loader": "^6.0.1",
+    "tslint": "^5.16.0",
+    "typescript": "^3.4.5",
+    "vpnrpc": "^1.0.1",
+    "webpack": "^4.32.2",
+    "webpack-cli": "^3.3.2"
+  },
+  "dependencies": {
+    "core-js": "^3.1.3",
+    "whatwg-fetch": "^3.0.0"
+  }
+}

src/bin/hamcore/wwwroot/admin/default/src/ts/main.ts

@@ -0,0 +1,201 @@
+// Test sample code for SoftEther VPN Server JSON-RPC Stub
+// Runs on both web browsers and Node.js
+// 
+// Licensed under the Apache License 2.0
+// Copyright (c) 2014-2018 SoftEther VPN Project
+
+// On the web browser uncomment below imports as necessary to support old browsers.
+import "core-js/es/promise";
+import "core-js/es/string";
+import "whatwg-fetch";
+
+import $ = require('jquery');
+
+// Import the vpnrpc.ts RPC stub.
+import * as VPN from "vpnrpc/dist/vpnrpc";
+
+// Output JSON-RPC request / reply strings to the debug console.
+VPN.VpnServerRpc.SetDebugMode(true);
+
+let api: VPN.VpnServerRpc;
+// Creating the VpnServerRpc class instance here.
+if (VPN.VpnServerRpc.IsNodeJS() === false) // // Determine if this JavaScript environment is on the Node.js or not
+{
+    // On the web browser. We do not need to specify any hostname, port or credential as the web browser already knows it.
+    api = new VPN.VpnServerRpc();
+}
+else
+{
+    // On the Node.js. We need to specify the target VPN Server's hostname, port and credential.
+    api = new VPN.VpnServerRpc("127.0.0.1", 443, "", "PASSWORD_HERE", false);
+}
+
+
+/** API test for 'Test', test RPC function */
+export async function Test_Test(): Promise<void>
+{
+    console.log("Begin: Test_Test");
+    let a: VPN.VpnRpcTest = new VPN.VpnRpcTest(
+        {
+            IntValue_u32: 12345,
+        });
+    let b: VPN.VpnRpcTest = await api.Test(a);
+    console.log(b);
+    console.log("End: Test_Test");
+    console.log("-----");
+    console.log();
+}
+
+export async function ListVirtualHubs(id: string): Promise<void>
+{
+    let ul: JQuery<HTMLElement> = $(id);
+
+    ul.children().remove();
+
+    let hubList = await api.EnumHub();
+
+    hubList.HubList.forEach(hub =>
+    {
+        ul.append("<li><strong><a href='./hub.html?" + hub.HubName_str + "'>" + hub.HubName_str + "</a></strong><br>" + ConcatKeysToHtml(hub) + "</li>");
+    });
+}
+
+export async function ShowVpnServerInfo(idInfo: string, idStatus: string): Promise<void>
+{
+    let infoList = $(idInfo);
+    let statusList = $(idStatus);
+
+    let serverInfo = await api.GetServerInfo();
+
+    let serverStatus = await api.GetServerStatus();
+
+    Object.keys(serverInfo).forEach(key =>
+    {
+        infoList.append("<li>" + key + ": \"" + (<any>serverInfo)[key] + "\"</li>");
+    });
+
+    Object.keys(serverStatus).forEach(key =>
+    {
+        statusList.append("<li>" + key + ": \"" + (<any>serverStatus)[key] + "\"</li>");
+    });
+}
+
+export async function CreateNewHub(hubName: string, idList: string): Promise<void>
+{
+    if (hubName == null || hubName == "")
+    {
+        alert("Virtual Hub name is empty.");
+        return;
+    }
+
+    try
+    {
+        let param: VPN.VpnRpcCreateHub = new VPN.VpnRpcCreateHub(
+            {
+                HubName_str: hubName,
+                Online_bool: true,
+                HubType_u32: VPN.VpnRpcHubType.Standalone,
+            });
+        
+        await api.CreateHub(param);
+      
+        ListVirtualHubs(idList);
+
+        alert("The Virtual Hub '" + hubName + "' is created.");
+    }
+    catch (ex)
+    {
+        alert(ex);
+    }
+}
+
+function ConcatKeysToHtml(obj: any): string
+{
+    let ret: string = "";
+
+    Object.keys(obj).forEach(key =>
+    {
+        ret += key + ": \"" + (<any>obj)[key] + "\"<BR>";
+    });
+
+    return ret;
+}
+
+export async function DeleteVirtualHub(queryString: string): Promise<void>
+{
+    let hubNameInput = queryString;
+    if (hubNameInput.length >= 1 && hubNameInput.charAt(0) == "?") hubNameInput = hubNameInput.substring(1);
+
+    try
+    {
+        let deleteHubParam: VPN.VpnRpcDeleteHub = new VPN.VpnRpcDeleteHub(
+            {
+                HubName_str: hubNameInput,
+            });
+
+        await api.DeleteHub(deleteHubParam);
+
+        alert("The Virtual Hub '" + hubNameInput + "' is deleted.");
+
+        window.location.href = "./";
+    }
+    catch (ex)
+    {
+        alert(ex);
+    }
+}
+
+export async function HubAdminPage(queryString: string): Promise<void>
+{
+    let hubNameInput = queryString;
+    if (hubNameInput.length >= 1 && hubNameInput.charAt(0) == "?") hubNameInput = hubNameInput.substring(1);
+
+    try
+    {
+        let getHubParam: VPN.VpnRpcCreateHub = new VPN.VpnRpcCreateHub(
+            {
+                HubName_str: hubNameInput,
+            });
+        
+        let hubInfo = await api.GetHub(getHubParam);
+
+        $("#HUB_NAME").append("Virtual Hub \"" + hubInfo.HubName_str + "\"");
+
+        // User list
+        let enumUserParam: VPN.VpnRpcEnumUser = new VPN.VpnRpcEnumUser(
+            {
+                HubName_str: hubInfo.HubName_str,
+            });
+        
+        let enumUserRet = await api.EnumUser(enumUserParam);
+
+        let userListHtmlItem = $("#USERS_LIST");
+
+        enumUserRet.UserList.forEach(user =>
+        {
+            userListHtmlItem.append("<li><strong>" + user.Name_str + "</strong><BR>" + ConcatKeysToHtml(user) + "</li>");
+        });
+
+        // Sessions list
+        let enumSessionParam: VPN.VpnRpcEnumSession = new VPN.VpnRpcEnumSession(
+            {
+                HubName_str: hubInfo.HubName_str,
+            });
+
+        let enumSessionsRet = await api.EnumSession(enumSessionParam);
+
+        let sessionListHtmlItem = $("#SESSIONS_LIST");
+
+        enumSessionsRet.SessionList.forEach(session =>
+        {
+            sessionListHtmlItem.append("<li><strong>" + session.Name_str + "</strong><br>" + ConcatKeysToHtml(session) + "</li>");
+        });
+    }
+    catch (ex)
+    {
+        alert(ex);
+    }
+}
+
+
+