1
0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2024-11-22 17:39:53 +03:00
Commit Graph

1211 Commits

Author SHA1 Message Date
Evengard
1d6a4d3ec8 Preliminary IPC IPv6 implementation (untested) 2020-05-12 17:59:24 +03:00
Ben RUBSON
3b7dd25b65
Log client IP in failed accesses 2020-05-11 23:10:40 +02:00
Ben RUBSON
3f16a7e704
Log client IP in failed accesses
to be able to feed tools such as Fail2Ban
2020-05-11 23:09:26 +02:00
Ben RUBSON
4e583e43f1
Increase Radius timeout
to make it 2FA friendly
2020-05-11 23:06:01 +02:00
Davide Beatrici
8fdf7302a5
Merge PR #1120: Cedar: implement UDP system in Proto 2020-05-11 19:58:13 +02:00
Davide Beatrici
981b57ee28 Cedar/Server: set ports in Proto, remove OpenVPN UDP server leftovers
The setting's name is still "OpenVPN_UdpPortList".

We will change it as soon as there's another UDP protocol implemented in Proto.
2020-05-11 08:23:32 +02:00
Davide Beatrici
27f7d43ff7 Cedar/Proto_OpenVPN: remove UDP system, use the one provided by Proto
As a side effect, the DH parameter is now applied to the TCP server as well.

Previously, the default value was always used, ignoring the one from the configuration.
2020-05-11 08:23:29 +02:00
Davide Beatrici
a3aea00820 Cedar/Proto: implement UDP system
When a datagram is received, the matching session is looked up in a hash list; if it's not found, a new session is created.

This method allows to use a single UDP port for multiple protocols, as we do with TCP.

Also, each session has its own dedicated thread, used to process the received datagrams and generate the ones that are then sent through the UDP listener.

In addition to guaranteeing constant performance, separate threads also prevent a single one from blocking all sessions.
2020-05-11 08:22:44 +02:00
Davide Beatrici
0570f7d31c Mayaqua/Network: add StopUdpListener()
This allows to stop a UDP listener without deleting it.

It's especially useful when no datagrams should be received anymore, but there are other threads accessing the listener.
2020-05-11 07:50:55 +02:00
Davide Beatrici
667108319d Cedar: prepare Proto for UDP support
- An additional parameter is added to IsPacketForMe(), used to specify the protocol type (currently either TCP or UDP).
- SupportedModes() is dropped because it's now redundant.
- IsOk() and EstablishedSessions() are dropped because error checking should be handled by the implementation.
- ProtoImplDetect() now takes a buffer and its size rather than a SOCK, so that it can be used to detect UDP protocols.
- The OpenVPN toggle check is moved to ProtoImplDetect(), so that we don't have to duplicate it once UDP support is implemented.
2020-05-11 07:07:04 +02:00
Ilya Shipitsin
7e8b3c0b39
Merge pull request #1112 from Evengard/making-unique-clientid-dhcp
Make DHCP Client ID more unique
2020-05-05 16:00:23 +05:00
Evengard
34dfc14549 Fixing errors discovered with Coverity. 2020-05-04 16:07:21 +03:00
Evengard
1fe863e866 Generate DHCP Client ID based on MAC all the time 2020-05-04 15:40:44 +03:00
Ilya Shipitsin
b41c17f45a
Merge pull request #1109 from Evengard/ppp-eap-tls
Implementation of EAP-TLS for PPP
2020-05-04 17:13:15 +05:00
Evengard
ca1c6a5f3f Fixing a use of unitialized variable as per CPPCHECK 2020-05-03 14:22:18 +03:00
Evengard
8fb456f6a6 Fixing a memory leak in SslCertVerifyCallback because of a duplicated callback 2020-05-03 05:36:01 +03:00
Evengard
132926ee09 Fixing alignment of struct on GCC, changing the method to server one 2020-05-03 05:17:23 +03:00
Evengard
8a856e4672 Codestyle fixes 2020-05-02 21:08:19 +03:00
Davide Beatrici
e6803a1fab
Merge PR #1108: Cedar: various improvements to Proto 2020-05-02 19:52:31 +02:00
Evengard
9180e065a0 Some weirdness fixes 2020-05-02 20:29:31 +03:00
Evengard
39becfe4ab Some hacks to make Android VPN Client Pro working 2020-05-02 20:25:01 +03:00
Evengard
723f38e72f Fixing Linux... 2020-05-02 19:52:47 +03:00
Evengard
a2b7cb0148 Added possibility to load CA certificates from chain_certs folder to allow verifying the client certificates against it. 2020-05-02 19:52:46 +03:00
Evengard
24bd2b3198 Fixing up some errors 2020-05-02 19:52:46 +03:00
Evengard
9f2a5cecf3 Preliminary (untested) EAP-TLS implementation 2020-05-02 19:52:46 +03:00
Evengard
a65c436e8f Writing skeleton for EAP-TLS implementation 2020-05-02 19:52:45 +03:00
Evengard
aa0ec4343c Fixing errors as per static analysis 2020-05-02 19:52:45 +03:00
Evengard
1bdd9a92bc Adding timeout propagation from user policy in PPP sessions (including L2TP and SSTP). 2020-05-02 19:52:45 +03:00
Davide Beatrici
942051d3a8 Cedar: various improvements to Proto
The PROTO structure is now used to identify the system as a whole, rather than a single protocol. It's stored and initialized in Server.

ProtoCompare(), ProtoAdd() and ProtoDetected() are renamed to make the difference between PROTO and PROTO_IMPL more clear.

ProtoGet() and ProtoNum() are removed because the related list can now be accessed directly by Server.
2020-05-01 07:14:38 +02:00
Ilya Shipitsin
039cd8edf0
Merge pull request #1107 from chipitsine/master
5.01.9674 release
2020-04-30 13:26:45 +05:00
Ilya Shipitsin
e025762a52
Merge pull request #1106 from SoftEtherVPN/dependabot/npm_and_yarn/src/bin/hamcore/wwwroot/admin/default/jquery-3.5.0
Bump jquery from 3.4.1 to 3.5.0 in /src/bin/hamcore/wwwroot/admin/default
2020-04-30 12:42:35 +05:00
Ilya Shipitsin
a902d3eed9 5.01.9674 release 2020-04-30 12:02:05 +05:00
dependabot[bot]
44f731f781
Bump jquery in /src/bin/hamcore/wwwroot/admin/default
Bumps [jquery](https://github.com/jquery/jquery) from 3.4.1 to 3.5.0.
- [Release notes](https://github.com/jquery/jquery/releases)
- [Commits](https://github.com/jquery/jquery/compare/3.4.1...3.5.0)

Signed-off-by: dependabot[bot] <support@github.com>
2020-04-30 06:12:25 +00:00
Ilya Shipitsin
14e9c7299d
Merge pull request #1104 from Evengard/fixup-ppp-unices
Fixup ppp unices
2020-04-26 17:26:16 +05:00
Evengard
f20e99f8e4 Treating empty IPCP requests as IPCP requests with IP-Address option zeroed out 2020-04-25 20:59:08 +03:00
Evengard
b9109211d3 ACKing an empty LCP options list 2020-04-25 15:29:57 +03:00
Davide Beatrici
9073452b09
Merge PR #1092: src/Cedar/Proto_OpenVPN.c: push "block-outside-dns" to clients 2020-04-20 03:25:43 +02:00
Ilya Shipitsin
bf65ef290a
Merge pull request #1098 from chipitsine/master
5.01.9673 release
2020-04-18 11:30:53 +05:00
Ilya Shipitsin
70a7c4596d 5.01.9673 release 2020-04-18 00:47:47 +05:00
Davide Beatrici
16cdf62cc6
Merge PR #1093: Fix security issue: Fix the security of JSON-API 2020-04-05 20:49:11 +02:00
Daiyuu Nobori
033647c8ac Fix security issue: Fix the security of JSON-API. If the administrator password of the Virtual Hub is empty, JSON-API (which was added in 4.30 Build 9696 Beta) will not be able to access to the virtual hub with a empty password since this release. Because there are relatively many cases in which administrator password is empty for a virtual hub, being able to manage a virtual hub without a password using JSON-API was a security problem. In this release, this behavior has been changed so that JSON-API cannot be accessed in the Virtual Hub management mode until it is configured with non-empty password. 2020-04-06 00:44:14 +09:00
Davide Beatrici
b6ef9f88c9 src/Cedar/Proto_OpenVPN.c: push "block-outside-dns" to clients
From https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage:

--block-outside-dns

Block DNS servers on other network adapters to prevent DNS leaks.
This option prevents any application from accessing TCP or UDP port 53 except one inside the tunnel.
It uses Windows Filtering Platform (WFP) and works on Windows Vista or later.
This option is considered unknown on non-Windows platforms and unsupported on Windows XP, resulting in fatal error.
You may want to use --setenv opt or --ignore-unknown-option (not suitable for Windows XP) to ignore said error.
Note that pushing unknown options from server does not trigger fatal errors.
2020-04-04 08:37:19 +02:00
Ilya Shipitsin
c6f186bd73
Merge pull request #1084 from ffontaine/master
Only enable getifaddrs support when available
2020-04-03 17:45:19 +05:00
Ilya Shipitsin
84bd9abb30
Merge pull request #1072 from Evengard/ppp-ipv6
Rewriting the PPP stack
2020-04-02 20:29:51 +05:00
Ilya Shipitsin
5db21a1dc1
Merge pull request #1086 from jubnzv/sa-fixes
Fix some issues found with Cppcheck static analysis
2020-03-27 14:45:43 +05:00
Georgy Komarov
4772a508dc
sam: fix using pointer to local variable that is out of scope 2020-03-27 07:28:43 +03:00
Georgy Komarov
1416a693e7
protocol: fix uninitialized variable
Value of server_cert is undefined if `b = PackGetBuf(p, "Cert");` was
failed.
2020-03-27 07:25:45 +03:00
Ilya Shipitsin
22272ec838
Merge pull request #1085 from paulmenzel/remove-trailing-spaces-from-comments
Remove trailing spaces from comments
2020-03-25 16:48:57 +05:00
Paul Menzel
be3e45a4bf hamcore: Remove trailing spaces from comments 2020-03-25 12:23:55 +01:00
Fabrice Fontaine
dcecd4c0d5 Only enable getifaddrs support when available
On uClibc, the ifaddrs.h support is optional. While the default
Buildroot uClibc configuration has it enabled, some external
toolchains may not. Therefore this patch detects that and adjusts
softether usage of ifaddrs accordingly.

Based on an initial patch from Bernd Kuhls.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[Retrieved from:
https://git.buildroot.net/buildroot/tree/package/softether/0009-uclibc-ai-addrconfig.patch]
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
2020-03-21 17:57:37 +01:00