PortsUDPSet: This command can be used to specify a single or multiple UDP ports the server should listen on. "0" can be specified to disable the UDP listener.
Administrator privileges are required to execute the command.
PortsUDPGet: This command can be used to retrieve the UDP ports the server is listening on.
The two commands replace the functionality that was previously provided by OpenVpnEnable and OpenVpnGet, respectively.
Originally, StrToPortList() returned NULL when it encountered a number equal to 0 or higher than 65535.
This commit adds a new parameter to the function called "limit_range":
- When its value is true, the function retains the original behavior.
- When its value is false, the function doesn't check whether the number is in the network port number range (1-65535).
The change is required because the command to set the UDP ports will allow to remove all ports by specifying "0" as the port number.
Now that Proto supports UDP, the server can handle multiple protocols on each UDP port.
The UDP ports are specified by the "OpenVPN_UdpPortList" configuration setting, because:
- OpenVPN is currently the only UDP protocol supported by SoftEther VPN to allow a custom port number.
- Before Proto was introduced, a unified interface for the protocols didn't exist; each protocol implementation had to create its own listener.
In preparation for the upcoming WireGuard implementation, this commit renames "OpenVPN_UdpPortList" to "PortsUDP", which should clarify that the setting is global.
The change is reflected in the code. Also, the ports are now stored in a LIST rather than a string. The conversion between string and LIST only happens when loading/saving the configuration.
The default UDP ports are now the same as the TCP ones (443, 992, 1194, 5555).
found by cppcheck
[src/Cedar/Command.c:23220] -> [src/Cedar/Command.c:23232]: (style) Variable 'len' is reassigned a value before the old one has been used.
This allows an OpenVPN client to bypass a firewall which is aware of the protocol and is able to block it.
The XOR mask set on the server has to be the same on the client, otherwise it will not be able to connect with certain obfuscation modes.
A special OpenVPN client built with the "XOR patch" is required in order to use this function, because it has never been merged in the official OpenVPN repository.
Two parameters are added to the server configuration: "OpenVPNObfuscationMethod" and "OpenVPNObfuscationMask".
Their value can be retrieved with "OpenVpnObfuscationGet" and set with "OpenVpnObfuscationEnable" in the VPN Command Line Management Utility.
- Hash() has been removed because it was ambiguous, Md5() and Sha0() are proper replacements.
- HMacMd5() and HMacSha1() now share a common implementation handled by the new Internal_HMac() function.
- NewMd() and MdProcess() now support plain hashing (without the key).
- NewMd(), SetMdKey() and MdProcess() now check the OpenSSL functions' return value and in case of failure a debug message is printed along with the error string, if available.
- SetMdKey()'s return value has been changed from void to bool, so that it's possible to know whether the function succeeded or not.
- MdProcess()' return value has been changed from void to UINT (unsigned int) and the function now returns the number of bytes written by HMAC_Final() or EVP_DigestFinal_ex().
found by coverity, cppcheck
[src/Cedar/Command.c:9378]: (style) Variable 'ret' is assigned a value that is never used.
[src/Cedar/Command.c:9999]: (style) The function 'CmdEvalNetworkAndSubnetMask6' is never used.
found by cppcheck and coverity
[src/Cedar/Command.c:523] -> [src/Cedar/Command.c:532]: (style) Variable 'ok' is reassigned a value before the old one has been used.
[src/Cedar/Command.c:776]: (style) Variable 'tick2' is assigned a value that is never used.
[src/Cedar/Command.c:2244]: (style) Variable 'halt_timeout' is assigned a value that is never used.
[src/Cedar/Command.c:2246]: (style) Variable 'check_clock_seed' is assigned a value that is never used.
[src/Cedar/Command.c:2247]: (style) Variable 'halting' is assigned a value that is never used.
[src/Cedar/Command.c:6904]: (style) Unused variable: tmp
[src/Cedar/Command.c:12217]: (style) Variable 'packet_log' is assigned a value that is never used.
[src/Cedar/Command.c:20825]: (style) Variable 'ret' is assigned a value that is never used.
[src/Cedar/Command.c:20883]: (style) Variable 'ret' is assigned a value that is never used.
[src/Cedar/Command.c:20927]: (style) Variable 'ret' is assigned a value that is never used.
[src/Cedar/Command.c:10022]: (style) The function 'CmdEvalIpAndMask46' is never used.
[src/Cedar/Command.c:10109]: (style) The function 'CmdEvalNetworkAndSubnetMask46' is never used.
[src/Cedar/Command.c:23025]: (style) The function 'CmdPrintRow' is never used.
[src/Cedar/Command.c:167]: (style) The function 'InRpcTtResult' is never used.
[src/Cedar/Command.c:148]: (style) The function 'OutRpcTtResult' is never used.
With server certificate validation enabled, vpnclient unconditionally
stopped connection on untrusted server certificate. Added account
configuration parameter to retry connection if server certivicate failed
validation.
On startup client creates TUN interface in UP state and kept it UP even
if connection to the server was lost. Creating interface in DOWN state,
turning it UP on successful (re-)connection to server and DOWN on either
disconnect or connection loss would enable DHCP client (say dhclient5)
to detect necessity for lease renewal.
Added a client configuration parameter to create TUN interface in DOWN
state and commands to enable, disable, and query the configuration
parameter.
Enabling the parameter causes client to put all unused TUN interfaces
DOWN, create new TUN interfaces in DOWN state, and turn TUN interfaces
corresponding to active sessions DOWN on connection loss or
disconnecting from server.
Disabling the parameter forces client to turn all TUN interfaces UP and
create new TUN interfaces in UP state.
Default value is 'Disable'.
