1
0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2025-07-07 00:04:57 +03:00
Commit Graph

676 Commits

Author SHA1 Message Date
44f731f781 Bump jquery in /src/bin/hamcore/wwwroot/admin/default
Bumps [jquery](https://github.com/jquery/jquery) from 3.4.1 to 3.5.0.
- [Release notes](https://github.com/jquery/jquery/releases)
- [Commits](https://github.com/jquery/jquery/compare/3.4.1...3.5.0)

Signed-off-by: dependabot[bot] <support@github.com>
2020-04-30 06:12:25 +00:00
f20e99f8e4 Treating empty IPCP requests as IPCP requests with IP-Address option zeroed out 2020-04-25 20:59:08 +03:00
b9109211d3 ACKing an empty LCP options list 2020-04-25 15:29:57 +03:00
9073452b09 Merge PR #1092: src/Cedar/Proto_OpenVPN.c: push "block-outside-dns" to clients 2020-04-20 03:25:43 +02:00
70a7c4596d 5.01.9673 release 2020-04-18 00:47:47 +05:00
033647c8ac Fix security issue: Fix the security of JSON-API. If the administrator password of the Virtual Hub is empty, JSON-API (which was added in 4.30 Build 9696 Beta) will not be able to access to the virtual hub with a empty password since this release. Because there are relatively many cases in which administrator password is empty for a virtual hub, being able to manage a virtual hub without a password using JSON-API was a security problem. In this release, this behavior has been changed so that JSON-API cannot be accessed in the Virtual Hub management mode until it is configured with non-empty password. 2020-04-06 00:44:14 +09:00
b6ef9f88c9 src/Cedar/Proto_OpenVPN.c: push "block-outside-dns" to clients
From https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage:

--block-outside-dns

Block DNS servers on other network adapters to prevent DNS leaks.
This option prevents any application from accessing TCP or UDP port 53 except one inside the tunnel.
It uses Windows Filtering Platform (WFP) and works on Windows Vista or later.
This option is considered unknown on non-Windows platforms and unsupported on Windows XP, resulting in fatal error.
You may want to use --setenv opt or --ignore-unknown-option (not suitable for Windows XP) to ignore said error.
Note that pushing unknown options from server does not trigger fatal errors.
2020-04-04 08:37:19 +02:00
c6f186bd73 Merge pull request #1084 from ffontaine/master
Only enable getifaddrs support when available
2020-04-03 17:45:19 +05:00
84bd9abb30 Merge pull request #1072 from Evengard/ppp-ipv6
Rewriting the PPP stack
2020-04-02 20:29:51 +05:00
4772a508dc sam: fix using pointer to local variable that is out of scope 2020-03-27 07:28:43 +03:00
1416a693e7 protocol: fix uninitialized variable
Value of server_cert is undefined if `b = PackGetBuf(p, "Cert");` was
failed.
2020-03-27 07:25:45 +03:00
be3e45a4bf hamcore: Remove trailing spaces from comments 2020-03-25 12:23:55 +01:00
dcecd4c0d5 Only enable getifaddrs support when available
On uClibc, the ifaddrs.h support is optional. While the default
Buildroot uClibc configuration has it enabled, some external
toolchains may not. Therefore this patch detects that and adjusts
softether usage of ifaddrs accordingly.

Based on an initial patch from Bernd Kuhls.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[Retrieved from:
https://git.buildroot.net/buildroot/tree/package/softether/0009-uclibc-ai-addrconfig.patch]
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
2020-03-21 17:57:37 +01:00
3b00d4c56b Merge pull request #1081 from metalefty/describe_cmake_flags
Describe CMake options added by myself
2020-03-20 18:43:16 +05:00
e6b8e6eee3 replace SoftEther project related http links with https
Outside links such as http://www.openssl.org and http links appear in
source code are untouched.
2020-03-20 21:27:51 +09:00
78b0684dd4 Document additional CMake options
Some CMake options are added by myself (#1047 #1079). So I should
describe in document.
2020-03-20 21:24:51 +09:00
c222ef525b Update build requirements on Unix 2020-03-18 18:28:33 +09:00
c3d56c2201 Merge pull request #1079 from metalefty/skip_cpu_features
allow to SKIP_CPU_FEATURES explicitly, not only autodetect
2020-03-18 11:59:02 +05:00
f34d3c80b1 allow to SKIP_CPU_FEATURES explicitly, not only autodetect
Formerly, SKIP_CPU_FEATURES is automatically detected by system
processor. However, "^(armv7l|aarch64|s390x)$" does not cover all
processors that cpu_features should be skipped.

"armv6", "armv7", "mips", "mips64" on FreeBSD are examples [1]
that cpu_features is not correctly skipped.

This change intends to build SoftEther without any modifications on
CMakeLists.txt on such processors.

    cmake . -DSKIP_CPU_FEATURES=1

[1] https://www.freebsd.org/platforms/
2020-03-16 18:50:55 +09:00
c635cdd614 Bump acorn from 6.1.1 to 6.4.1 in /src/bin/hamcore/wwwroot/admin/default
Bumps [acorn](https://github.com/acornjs/acorn) from 6.1.1 to 6.4.1.
- [Release notes](https://github.com/acornjs/acorn/releases)
- [Commits](https://github.com/acornjs/acorn/compare/6.1.1...6.4.1)

Signed-off-by: dependabot[bot] <support@github.com>
2020-03-15 22:06:23 +00:00
fa9e9d15a5 Removing unrelated changes as per review 2020-02-06 10:52:34 +03:00
60e85afd1f Apply reviewed code style
Co-Authored-By: Davide Beatrici <davidebeatrici@gmail.com>
2020-02-06 10:49:09 +03:00
a6970e3e61 Merge branch 'master' into ppp-ipv6 2020-02-05 00:23:03 +03:00
eeec9a82f6 Merge pull request #1062 from dnobori/200101_impr_url_log_spacing
Merge pull request #1062: Improvement: Add a space character between URL and other tokens in the packet log format.
2020-01-01 17:53:27 +05:00
a49219db83 Merge branch 'master' of github.com:SoftEtherVPN/SoftEtherVPN into 200101_fix_securenat_ecn 2020-01-01 19:59:42 +09:00
a4f87565ae Bugfix: Fix the SecureNAT connection problem with ignoring TCP ECN bit enabled packets 2020-01-01 17:51:38 +09:00
9487bc8d47 Merge pull request #1060 from dnobori/200101_fix_imperfect_lock
Merge pull request #1060: src/Cedar/Hub.c: fix possible crash because of imperfect Virtual Hub FDB lock
2020-01-01 12:33:15 +05:00
70564a8f52 Bugfix: Imperfect Virtual Hub FDB lock may cause process crush. 2020-01-01 15:52:47 +09:00
17e7d65839 Improvement: Add a space character between URL and other tokens in the packet log format. 2020-01-01 11:00:51 +09:00
e5d691977d Bugfix: OpenVPN Certificate Authentication may cause process crush. 2020-01-01 10:59:24 +09:00
f083c59905 Bugfix: Imperfect Virtual Hub FDB lock may cause process crush. 2020-01-01 10:57:51 +09:00
6d3fef8da6 pt-br translation 2019-12-28 15:43:06 +05:00
c8479e3011 CMake: make db, log, pid directory customizable 2019-12-04 23:59:18 +09:00
b1aae5080d put chain_certs in dbdir 2019-12-04 23:59:13 +09:00
a69c4980d5 log eraser, log enumerator should refer logdir 2019-12-04 23:59:11 +09:00
c64674479d separte log directory and database(config) directory
@ was an alias for exedir. To separate log directory and
database(config) directory, @ is now an alias for logdir and $ is an
alias for dbdir.
2019-12-04 23:59:09 +09:00
01abdedc45 put PID files under PidDir 2019-12-04 23:59:07 +09:00
18c9b74ff0 implement Get{Db,Log,Pid}{,W} function
DbDir  : directory to store files such as vpn_server.config and backups etc
LogDir : directory to write logs (sub directories is created in this dir)
PidDir : directory to put PID files such as .ctl-* .pid-* .VPN-*
2019-12-04 23:59:01 +09:00
3b6c4d02ac 5.01.9672 release 2019-11-24 20:47:23 +05:00
1d2a58b172 Cedar: handle UDP acceleration and R-UDP versions 2019-11-23 04:38:27 +01:00
6b08a451da Mayaqua: implement R-UDP version 2, powered by ChaCha20-Poly1305 2019-11-23 04:38:20 +01:00
2ea5c2a7b0 Cedar: implement UDP acceleration version 2, powered by ChaCha20-Poly1305 2019-11-23 04:23:56 +01:00
82a81a3ce6 Cedar: serve new web management interface 2019-11-23 04:23:56 +01:00
9aaa9a7f15 Cedar: implement detailed protocol info 2019-11-23 04:23:56 +01:00
ab57ef3f54 Mayaqua: add Windows Server 2019 to the supported operating systems list 2019-11-23 04:23:56 +01:00
76ae935172 Cedar: various fixes 2019-11-23 04:23:51 +01:00
76c330e74b Cedar: add "DisableIPsecAggressiveMode" option
Setting it to "true" mitigates CVE-2002-1623.
2019-11-18 06:16:49 +01:00
4acd7ab98e Merge PR #1022: Move generic proxy stuff from Cedar to Mayaqua 2019-11-01 09:35:18 +01:00
12cbf34302 Make install dir for unit files configurable
Currently the systemd service unit files are installed
into /lib/systemd/system if that directory exists. This
might not be optimal for every user, e.g. when the build
system is not the target system or when building as an
unprivileged user using CMAKE_INSTALL_PREFIX.

Make this configurable by adding a cached cmake variable
CMAKE_INSTALL_SYSTEMD_UNITDIR. Usage:

- install unit files into /lib/systemd/system if it exists (old
behavior)

    cmake

- don't install unit files

   cmake -D CMAKE_INSTALL_SYSTEMD_UNITDIR=

- install into absolute path

   cmake -D CMAKE_INSTALL_SYSTEMD_UNITDIR=/path

- install into path relative to ${CMAKE_INSTALL_PREFIX}

   cmake -D CMAKE_INSTALL_SYSTEMD_UNITDIR=path
2019-10-30 11:33:08 +01:00
63caa4b07f Protocol.c: adapt ClientConnectGetSocket() for new proxy functions
The function has been greatly improved, here are some of the changes:

- The required SESSION (c->Session) parameter is checked correctly: the function returns immediately in case it's NULL. Previously, the function didn't return in case the parameter was NULL; multiple checks were in place, but not in all instances where the parameter was dereferenced.
- The resolved IP address is cached with all proxy types.
- The "RestoreServerNameAndPort" variable is documented.
- The Debug() messages have been improved.
2019-10-30 01:39:11 +01:00