1
0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2024-12-26 18:19:53 +03:00
Commit Graph

1081 Commits

Author SHA1 Message Date
Koichiro IWAO
4fddb7681e
README: switch softether links to https [skip ci] 2019-12-28 23:14:46 +09:00
Koichiro IWAO
76c9678015
README: add installation for FreeBSD [skip ci] 2019-12-28 23:14:46 +09:00
Ilya Shipitsin
92c544cc1f
Merge pull request #1054 from metalefty/freebsd-ci
Merge pull request #1054: Further FreeBSD CI refinements
2019-12-24 11:49:13 +05:00
Koichiro IWAO
6b6c0ae636
FreeBSD CI: freebsd_instance cannot be omitted
also fix image_family name.
2019-12-24 14:57:33 +09:00
Koichiro IWAO
543a26c6a6
FreeBSD CI: simplify image specification
and use `pkg install -y` instead of ASSUE_ALWAYS_YES=TRUE.
2019-12-24 14:55:02 +09:00
Koichiro IWAO
d836904321
FreeBSD CI: also test with base OpenSSL 2019-12-24 14:55:01 +09:00
Koichiro IWAO
9556f09166
FreeBSD CI: use matrix to perform test
on multiple FreeBSD version and with multiple SSL libraries.
2019-12-24 14:54:59 +09:00
Ilya Shipitsin
0d79b3c3b5
Merge pull request #1049 from metalefty/freebsd-ci
Merge pull request #1049: Refine FreeBSD CI
2019-12-05 22:45:12 -08:00
Koichiro IWAO
1c07ddcb8d FreeBSD CI: perform memory leak test as well as Linux/Windows
and also move `vpncmd /tools /cmd:check` under .ci directory.
2019-12-06 15:28:38 +09:00
Koichiro IWAO
c38b0b0398 FreeBSD CI: also perform test on 11.3-STABLE
The official guide [1] says 11.3-RELEASE doesn't boot properly so
using 11.3-STABLE instead.

[1] https://cirrus-ci.org/guide/FreeBSD/
2019-12-06 13:20:16 +09:00
Koichiro IWAO
e4aff409f8 FreeBSD CI: switch to the latest 12.1-RELEASE 2019-12-06 13:20:16 +09:00
Koichiro IWAO
80ba3345d1 FreeBSD CI: perform self-check command after build 2019-12-06 13:20:16 +09:00
Koichiro IWAO
d1471048d9 FreeBSD CI: sysctl -n hw.ncpu is enough to get number of cpus
nproc can be installed as gncpu as a part of sysutils/coreutils but not
necessary for this case.
2019-12-06 13:20:16 +09:00
Koichiro IWAO
614f4db8a6 FreeBSD CI: GNU make is not necessary
test if build passes with BSD make
2019-12-06 13:20:16 +09:00
Ilya Shipitsin
a455dc7f0e
Merge pull request #1047 from metalefty/log-db-pid-dir
Merge pull request #1047: Make config(db), log, pid directory customizable
2019-12-04 08:18:11 -08:00
Koichiro IWAO
c8479e3011
CMake: make db, log, pid directory customizable 2019-12-04 23:59:18 +09:00
Koichiro IWAO
b1aae5080d
put chain_certs in dbdir 2019-12-04 23:59:13 +09:00
Koichiro IWAO
a69c4980d5
log eraser, log enumerator should refer logdir 2019-12-04 23:59:11 +09:00
Koichiro IWAO
c64674479d
separte log directory and database(config) directory
@ was an alias for exedir. To separate log directory and
database(config) directory, @ is now an alias for logdir and $ is an
alias for dbdir.
2019-12-04 23:59:09 +09:00
Koichiro IWAO
01abdedc45
put PID files under PidDir 2019-12-04 23:59:07 +09:00
Koichiro IWAO
18c9b74ff0
implement Get{Db,Log,Pid}{,W} function
DbDir  : directory to store files such as vpn_server.config and backups etc
LogDir : directory to write logs (sub directories is created in this dir)
PidDir : directory to put PID files such as .ctl-* .pid-* .VPN-*
2019-12-04 23:59:01 +09:00
Ilya Shipitsin
3a309c9f6e
Merge pull request #1041 from chipitsine/master
Merge PR #1041: 5.01.9672 release
2019-11-24 17:12:05 +01:00
Ilya Shipitsin
3b6c4d02ac 5.01.9672 release 2019-11-24 20:47:23 +05:00
Davide Beatrici
876ca4ef3e
Merge PR #1039: Port latest improvements from stable repository 2019-11-23 06:41:57 +01:00
dnobori
1d2a58b172 Cedar: handle UDP acceleration and R-UDP versions 2019-11-23 04:38:27 +01:00
Davide Beatrici
6b08a451da Mayaqua: implement R-UDP version 2, powered by ChaCha20-Poly1305 2019-11-23 04:38:20 +01:00
Davide Beatrici
2ea5c2a7b0 Cedar: implement UDP acceleration version 2, powered by ChaCha20-Poly1305 2019-11-23 04:23:56 +01:00
dnobori
82a81a3ce6 Cedar: serve new web management interface 2019-11-23 04:23:56 +01:00
dnobori
9aaa9a7f15 Cedar: implement detailed protocol info 2019-11-23 04:23:56 +01:00
dnobori
ab57ef3f54 Mayaqua: add Windows Server 2019 to the supported operating systems list 2019-11-23 04:23:56 +01:00
dnobori
76ae935172 Cedar: various fixes 2019-11-23 04:23:51 +01:00
Davide Beatrici
a676a0a6fd
Merge PR #1035: Cedar: add "DisableIPsecAggressiveMode" option 2019-11-18 07:31:27 +01:00
Daiyuu Nobori
76c330e74b Cedar: add "DisableIPsecAggressiveMode" option
Setting it to "true" mitigates CVE-2002-1623.
2019-11-18 06:16:49 +01:00
Davide Beatrici
4acd7ab98e
Merge PR #1022: Move generic proxy stuff from Cedar to Mayaqua 2019-11-01 09:35:18 +01:00
Davide Beatrici
7829fe2c59
Merge PR #1024: Make install dir for unit files configurable 2019-10-31 09:37:15 +01:00
Donald Buczek
12cbf34302 Make install dir for unit files configurable
Currently the systemd service unit files are installed
into /lib/systemd/system if that directory exists. This
might not be optimal for every user, e.g. when the build
system is not the target system or when building as an
unprivileged user using CMAKE_INSTALL_PREFIX.

Make this configurable by adding a cached cmake variable
CMAKE_INSTALL_SYSTEMD_UNITDIR. Usage:

- install unit files into /lib/systemd/system if it exists (old
behavior)

    cmake

- don't install unit files

   cmake -D CMAKE_INSTALL_SYSTEMD_UNITDIR=

- install into absolute path

   cmake -D CMAKE_INSTALL_SYSTEMD_UNITDIR=/path

- install into path relative to ${CMAKE_INSTALL_PREFIX}

   cmake -D CMAKE_INSTALL_SYSTEMD_UNITDIR=path
2019-10-30 11:33:08 +01:00
Davide Beatrici
63caa4b07f Protocol.c: adapt ClientConnectGetSocket() for new proxy functions
The function has been greatly improved, here are some of the changes:

- The required SESSION (c->Session) parameter is checked correctly: the function returns immediately in case it's NULL. Previously, the function didn't return in case the parameter was NULL; multiple checks were in place, but not in all instances where the parameter was dereferenced.
- The resolved IP address is cached with all proxy types.
- The "RestoreServerNameAndPort" variable is documented.
- The Debug() messages have been improved.
2019-10-30 01:39:11 +01:00
Davide Beatrici
3c21d982fc Wpc.c: adapt WpcSockConnectEx() for new proxy functions 2019-10-30 01:39:11 +01:00
Davide Beatrici
59dc26aa21 Protocol: add ProxyCodeToCedar()
This new function translates a proxy error code to a Cedar error code.
2019-10-30 01:39:11 +01:00
Davide Beatrici
b8f58a2f94 Move generic proxy stuff from Cedar to Mayaqua
This commit moves the generic (not related to our protocol) proxy stuff from Cedar to Mayaqua, in dedicated files.

The functions are refactored so that they all have the same arguments and follow the same logic.

Dedicated error codes are added, in order to indicate clearly why the function(s) failed.
2019-10-30 01:39:04 +01:00
Davide Beatrici
1e835e7ec2
Merge PR #1020: Proto_OpenVPN.c: improve OvsProcessData(), fix out-of-bounds access found by Coverity 2019-10-27 09:37:11 +01:00
Davide Beatrici
5d73cd878f Proto_OpenVPN.c: improve OvsProcessData(), fix out-of-bounds access found by Coverity
Coverity Scan detected an out-of-bounds access issue: OvsProcessData() checked whether the payload size was bigger than the size of the buffer, instead of checking whether the entire packet size (payload size + 2 bytes) was, resulting in an out-of-bounds access in case the payload size is bigger than 1998.

This commit also improves the variable names, the comments and adds two Debug() lines.
2019-10-27 09:01:56 +01:00
Davide Beatrici
7349c4b16a
Merge PR #1018: Proto_OpenVPN.c: fix segmentation fault in OvsProceccRecvPacket() 2019-10-26 00:53:27 +02:00
Davide Beatrici
16bde47763 Proto_OpenVPN.c: fix segmentation fault in OvsProceccRecvPacket()
OvsDecrypt() returns 0 when it fails, resulting in "size" rolling over with an end result of 4294967292.

This commit fixes the issue by checking whether "size" is greater than sizeof(UINT) before performing the subtraction.
2019-10-26 00:36:07 +02:00
Davide Beatrici
79a60bc5f0
Merge PR #1014: Addressing the OpenVPN UDP reflection amplification attack 2019-10-22 09:42:08 +02:00
Daiyuu Nobori
4d42f450b2 Addressing the UDP reflection amplification attack: https://github.com/SoftEtherVPN/SoftEtherVPN/issues/1001 2019-10-22 11:14:05 +09:00
Davide Beatrici
46d8da6744
Merge PR #1012: Mayaqua.h: include <stdarg.h> for "va_list" on Illumos 2019-10-21 22:08:09 +02:00
Davide Beatrici
51330fdb43 Mayaqua.h: include <stdarg.h> for "va_list" on Illumos 2019-10-21 21:44:38 +02:00
Davide Beatrici
5b15b12ea9
Merge PR #1011: Protocol.c: fix bug in ClientConnectGetSocket() causing custom HTTP header not to work 2019-10-21 21:38:34 +02:00
Davide Beatrici
12cc242529 Protocol.c: fix bug in ClientConnectGetSocket() causing custom HTTP header not to work
The bug was caused by a typo in the StrCpy() call: the source buffer was the same as the destination one, meaning that the function didn't do anything.
2019-10-21 20:26:56 +02:00