Daiyuu Nobori
033647c8ac
Fix security issue: Fix the security of JSON-API. If the administrator password of the Virtual Hub is empty, JSON-API (which was added in 4.30 Build 9696 Beta) will not be able to access to the virtual hub with a empty password since this release. Because there are relatively many cases in which administrator password is empty for a virtual hub, being able to manage a virtual hub without a password using JSON-API was a security problem. In this release, this behavior has been changed so that JSON-API cannot be accessed in the Virtual Hub management mode until it is configured with non-empty password.
2020-04-06 00:44:14 +09:00
Davide Beatrici
b6ef9f88c9
src/Cedar/Proto_OpenVPN.c: push "block-outside-dns" to clients
...
From https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage :
--block-outside-dns
Block DNS servers on other network adapters to prevent DNS leaks.
This option prevents any application from accessing TCP or UDP port 53 except one inside the tunnel.
It uses Windows Filtering Platform (WFP) and works on Windows Vista or later.
This option is considered unknown on non-Windows platforms and unsupported on Windows XP, resulting in fatal error.
You may want to use --setenv opt or --ignore-unknown-option (not suitable for Windows XP) to ignore said error.
Note that pushing unknown options from server does not trigger fatal errors.
2020-04-04 08:37:19 +02:00
Ilya Shipitsin
c6f186bd73
Merge pull request #1084 from ffontaine/master
...
Only enable getifaddrs support when available
2020-04-03 17:45:19 +05:00
Ilya Shipitsin
84bd9abb30
Merge pull request #1072 from Evengard/ppp-ipv6
...
Rewriting the PPP stack
2020-04-02 20:29:51 +05:00
Ilya Shipitsin
5db21a1dc1
Merge pull request #1086 from jubnzv/sa-fixes
...
Fix some issues found with Cppcheck static analysis
2020-03-27 14:45:43 +05:00
Georgy Komarov
4772a508dc
sam: fix using pointer to local variable that is out of scope
2020-03-27 07:28:43 +03:00
Georgy Komarov
1416a693e7
protocol: fix uninitialized variable
...
Value of server_cert is undefined if `b = PackGetBuf(p, "Cert");` was
failed.
2020-03-27 07:25:45 +03:00
Ilya Shipitsin
22272ec838
Merge pull request #1085 from paulmenzel/remove-trailing-spaces-from-comments
...
Remove trailing spaces from comments
2020-03-25 16:48:57 +05:00
Paul Menzel
be3e45a4bf
hamcore: Remove trailing spaces from comments
2020-03-25 12:23:55 +01:00
Fabrice Fontaine
dcecd4c0d5
Only enable getifaddrs support when available
...
On uClibc, the ifaddrs.h support is optional. While the default
Buildroot uClibc configuration has it enabled, some external
toolchains may not. Therefore this patch detects that and adjusts
softether usage of ifaddrs accordingly.
Based on an initial patch from Bernd Kuhls.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[Retrieved from:
https://git.buildroot.net/buildroot/tree/package/softether/0009-uclibc-ai-addrconfig.patch ]
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
2020-03-21 17:57:37 +01:00
Ilya Shipitsin
60c1e2027d
Merge pull request #1082 from metalefty/freebsd-ci
...
FreeBSD CI: quit freebsd-11-3-snap
2020-03-20 19:35:58 +05:00
Koichiro IWAO
6399b0f852
FreeBSD CI: quit freebsd-11-3-snap
...
testing on a single FreeBSD version is enough. `-snap` images are
unstable to perform CI test.
2020-03-20 23:11:47 +09:00
Ilya Shipitsin
3b00d4c56b
Merge pull request #1081 from metalefty/describe_cmake_flags
...
Describe CMake options added by myself
2020-03-20 18:43:16 +05:00
Koichiro IWAO
5dde23cb55
add myself to AUTHORS
2020-03-20 21:44:09 +09:00
Koichiro IWAO
e6b8e6eee3
replace SoftEther project related http links with https
...
Outside links such as http://www.openssl.org and http links appear in
source code are untouched.
2020-03-20 21:27:51 +09:00
Koichiro IWAO
78b0684dd4
Document additional CMake options
...
Some CMake options are added by myself (#1047 #1079 ). So I should
describe in document.
2020-03-20 21:24:51 +09:00
Koichiro IWAO
a6652fead2
configure: respect environment CMAKE_FLAGS
2020-03-20 20:59:29 +09:00
Koichiro IWAO
c222ef525b
Update build requirements on Unix
2020-03-18 18:28:33 +09:00
Ilya Shipitsin
c3d56c2201
Merge pull request #1079 from metalefty/skip_cpu_features
...
allow to SKIP_CPU_FEATURES explicitly, not only autodetect
2020-03-18 11:59:02 +05:00
Ilya Shipitsin
7e5decb72a
Merge pull request #1078 from SoftEtherVPN/dependabot/npm_and_yarn/src/bin/hamcore/wwwroot/admin/default/acorn-6.4.1
...
Bump acorn from 6.1.1 to 6.4.1 in /src/bin/hamcore/wwwroot/admin/default
2020-03-18 11:58:37 +05:00
Koichiro IWAO
1e601ebf65
FreeBSD CI: quit CI test with "openssl111"
...
It is scheduled to be removed on or after 2020-03-31. "openssl" is now
updated to 1.1.1 and it alternates "openssl111" now.
2020-03-16 19:08:34 +09:00
Koichiro IWAO
f34d3c80b1
allow to SKIP_CPU_FEATURES explicitly, not only autodetect
...
Formerly, SKIP_CPU_FEATURES is automatically detected by system
processor. However, "^(armv7l|aarch64|s390x)$" does not cover all
processors that cpu_features should be skipped.
"armv6", "armv7", "mips", "mips64" on FreeBSD are examples [1]
that cpu_features is not correctly skipped.
This change intends to build SoftEther without any modifications on
CMakeLists.txt on such processors.
cmake . -DSKIP_CPU_FEATURES=1
[1] https://www.freebsd.org/platforms/
2020-03-16 18:50:55 +09:00
dependabot[bot]
c635cdd614
Bump acorn from 6.1.1 to 6.4.1 in /src/bin/hamcore/wwwroot/admin/default
...
Bumps [acorn](https://github.com/acornjs/acorn ) from 6.1.1 to 6.4.1.
- [Release notes](https://github.com/acornjs/acorn/releases )
- [Commits](https://github.com/acornjs/acorn/compare/6.1.1...6.4.1 )
Signed-off-by: dependabot[bot] <support@github.com>
2020-03-15 22:06:23 +00:00
Evengard
fa9e9d15a5
Removing unrelated changes as per review
2020-02-06 10:52:34 +03:00
Evengard
60e85afd1f
Apply reviewed code style
...
Co-Authored-By: Davide Beatrici <davidebeatrici@gmail.com>
2020-02-06 10:49:09 +03:00
Evengard
a6970e3e61
Merge branch 'master' into ppp-ipv6
2020-02-05 00:23:03 +03:00
Ilya Shipitsin
eeec9a82f6
Merge pull request #1062 from dnobori/200101_impr_url_log_spacing
...
Merge pull request #1062 : Improvement: Add a space character between URL and other tokens in the packet log format.
2020-01-01 17:53:27 +05:00
Ilya Shipitsin
1a5a11d146
Merge pull request #1063 from dnobori/200101_fix_securenat_ecn
...
Merge pull request #1063 : Bugfix: Fix the SecureNAT connection problem with ignoring TCP ECN bit enabled packets
2020-01-01 16:40:47 +05:00
Daiyuu Nobori
a49219db83
Merge branch 'master' of github.com:SoftEtherVPN/SoftEtherVPN into 200101_fix_securenat_ecn
2020-01-01 19:59:42 +09:00
Daiyuu Nobori
a4f87565ae
Bugfix: Fix the SecureNAT connection problem with ignoring TCP ECN bit enabled packets
2020-01-01 17:51:38 +09:00
Ilya Shipitsin
9487bc8d47
Merge pull request #1060 from dnobori/200101_fix_imperfect_lock
...
Merge pull request #1060 : src/Cedar/Hub.c: fix possible crash because of imperfect Virtual Hub FDB lock
2020-01-01 12:33:15 +05:00
Daiyuu Nobori
70564a8f52
Bugfix: Imperfect Virtual Hub FDB lock may cause process crush.
2020-01-01 15:52:47 +09:00
Ilya Shipitsin
bd558e8f0a
Merge pull request #1061 from dnobori/200101_fix_openvpn_cert_auth_crush
...
Merge pull request #1061 : src/Cedar/IPC.c: fix possible crash when using certificate authentication with OpenVPN
2020-01-01 11:33:23 +05:00
Daiyuu Nobori
17e7d65839
Improvement: Add a space character between URL and other tokens in the packet log format.
2020-01-01 11:00:51 +09:00
Daiyuu Nobori
e5d691977d
Bugfix: OpenVPN Certificate Authentication may cause process crush.
2020-01-01 10:59:24 +09:00
Daiyuu Nobori
f083c59905
Bugfix: Imperfect Virtual Hub FDB lock may cause process crush.
2020-01-01 10:57:51 +09:00
Ilya Shipitsin
41e023b369
Merge pull request #1058 from metalefty/readme-freebsd
...
Merge pull request #1058 : README: add installation for FreeBD etc
2019-12-28 20:10:07 +05:00
Ilya Shipitsin
a53be84e3a
Merge pull request #1057 from chipitsine/master
...
Merge pull request #1057 : pt-br translation
2019-12-28 19:45:36 +05:00
Koichiro IWAO
4fddb7681e
README: switch softether links to https [skip ci]
2019-12-28 23:14:46 +09:00
Koichiro IWAO
76c9678015
README: add installation for FreeBSD [skip ci]
2019-12-28 23:14:46 +09:00
FelipeL
6d3fef8da6
pt-br translation
2019-12-28 15:43:06 +05:00
Ilya Shipitsin
92c544cc1f
Merge pull request #1054 from metalefty/freebsd-ci
...
Merge pull request #1054 : Further FreeBSD CI refinements
2019-12-24 11:49:13 +05:00
Koichiro IWAO
6b6c0ae636
FreeBSD CI: freebsd_instance
cannot be omitted
...
also fix image_family name.
2019-12-24 14:57:33 +09:00
Koichiro IWAO
543a26c6a6
FreeBSD CI: simplify image specification
...
and use `pkg install -y` instead of ASSUE_ALWAYS_YES=TRUE.
2019-12-24 14:55:02 +09:00
Koichiro IWAO
d836904321
FreeBSD CI: also test with base OpenSSL
2019-12-24 14:55:01 +09:00
Koichiro IWAO
9556f09166
FreeBSD CI: use matrix to perform test
...
on multiple FreeBSD version and with multiple SSL libraries.
2019-12-24 14:54:59 +09:00
Ilya Shipitsin
0d79b3c3b5
Merge pull request #1049 from metalefty/freebsd-ci
...
Merge pull request #1049 : Refine FreeBSD CI
2019-12-05 22:45:12 -08:00
Koichiro IWAO
1c07ddcb8d
FreeBSD CI: perform memory leak test as well as Linux/Windows
...
and also move `vpncmd /tools /cmd:check` under .ci directory.
2019-12-06 15:28:38 +09:00
Koichiro IWAO
c38b0b0398
FreeBSD CI: also perform test on 11.3-STABLE
...
The official guide [1] says 11.3-RELEASE doesn't boot properly so
using 11.3-STABLE instead.
[1] https://cirrus-ci.org/guide/FreeBSD/
2019-12-06 13:20:16 +09:00
Koichiro IWAO
e4aff409f8
FreeBSD CI: switch to the latest 12.1-RELEASE
2019-12-06 13:20:16 +09:00