1
0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2024-11-25 19:09:52 +03:00
Commit Graph

496 Commits

Author SHA1 Message Date
Ilya Shipitsin
5c346ef96e remove dead code found by Coverity
2575        // Address
    at_least: At condition size < 1U, the value of size must be at least 1.
    cannot_single: At condition size < 1U, the value of size cannot be equal to 0.
    dead_error_condition: The condition size < 1U cannot be true.
2576        if (size < 1)
2577        {
    CID 287533 (#1 of 1): Logically dead code (DEADCODE)dead_error_line: Execution cannot reach this statement: goto LABEL_ERROR;.
2578                goto LABEL_ERROR;
2579        }
2021-02-24 00:35:17 +05:00
Ilya Shipitsin
2715d80e18 fix potential null pointer dereference found by Coverity
CID 355460 (#1 of 1): Dereference before null check (REVERSE_INULL)check_after_deref: Null-checking p suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
737                if (p == NULL)
738                {
739                        return false;
740                }
2021-02-24 00:26:44 +05:00
Ilya Shipitsin
a08857150b cleanup redundant check found by Coverity
CID 287561 (#1 of 1): Array compared against 0 (NO_EFFECT)array_null: Comparing an array to null is not useful: src == NULL, since the test will always evaluate as true.
    Was src formerly declared as a pointer?
3748        if (cedar == NULL || src == NULL || dst == NULL)
3749        {
3750                return false;
3751        }
2021-02-24 00:04:52 +05:00
Davide Beatrici
d53f80bfa6 Remove BuildUtil and all MSBuild projects, except the ones not in CMake yet
Since 35200a29ea we build complete installers using CMake, meaning that there's no need for BuildUtil anymore.

MSBuild projects that are not migrated to CMake yet are kept for reference.

This commit also updates BUILD_WINDOWS.md so that it mentions Visual Studio 2019 instead of 2017.
2021-02-19 21:17:01 +01:00
sl077
5611156ca8 Cedar/Proto.c: fix crash in ProtoHandleConnection()
The bug was introduced in 8685fe0da1.
2020-12-09 01:17:59 +01:00
Allen Cui
501fe217ff
Bug fix: Proxy button not enabled for SOCKS5
https://github.com/SoftEtherVPN/SoftEtherVPN/issues/1247
2020-12-08 14:12:21 +08:00
Tetsuo Sugiyama
5f6306d5e5
Fixed setting change trigger of keepalive function
To solve the problem that the escape condition of the loop that tries name resolution in UDP mode was reversed in the keep-alive function of the Internet connection, so the name resolution retry is set to 250 msec interval instead of the normal 60 second interval.
2020-11-17 12:23:14 +09:00
Davide Beatrici
fffed52f3b
Merge PR #1235: Manage security level 2020-10-31 22:12:08 +01:00
Takuho NAKANO
7fdacec2a6 Manage OpenSSL security level
Add SslAcceptSettings option Override_Security_Level and Override_Security_Level_Value
to allow user to choose.
2020-10-31 20:19:23 +01:00
Takuho NAKANO
190672bd84 Set RSA bits considering OpenSSL security Level 2020-10-31 20:11:11 +01:00
Ilya Shipitsin
bb2e2ff997 Cedar/Session.c: fix "use after free" in CleanupSession()
Fixes #1226.
2020-10-31 20:03:22 +01:00
Ilya Shipitsin
a2d15615f3
Merge pull request #1115 from takotakot/import_v4_change
Add Tls_Disable1_3 (Import v4 change)
2020-10-31 20:04:20 +03:00
Davide Beatrici
3c140dde8d
Merge PR #1218: Cedar: DHCP server now assigns static IPv4 address, if present in user note 2020-10-12 05:18:41 +02:00
PeTeeR
b890c7d813 Cedar: DHCP server now assigns static IPv4 address, if present in user note
This works for all VPN protocols.

In SessionMain(): for DHCPDISCOVER and DHCPREQUEST frames, write the static IP address (which is retrieved from the user notes) in the SIADDR field of DHCPHEADER.

In VirtualDhcpServer(): for DHCPDISCOVER and DHCPREQUEST frames, read the static IP address from the SIADDR field of DHCPHEADER and assign it to the client.
2020-10-12 04:56:33 +02:00
mcallist
1e164ecc4e Fix openssl engine's internationalisation
Only english yet
2020-10-09 09:30:50 +02:00
mcallist
51ffe4be2c Add accountcertget for openssl engine authentication type
retrigger build
2020-10-09 07:35:28 +02:00
mcallist
ff3910eb86 Openssl engine certificate authentication
TODO cert get, call finish engine, call init engine in another step, handle authentication, internatiolazion (help is needed)
2020-10-09 02:56:51 +02:00
Davide Beatrici
cc5d68a7c3 Cedar/Win32Com.cpp: fix non-const wchar_t array literal initialization error
error: cannot initialize a variable of type 'wchar_t *' with an lvalue of type 'const wchar_t [4]'
        wchar_t *protocol_str = (udp ? L"UDP" : L"TCP");
                 ^              ~~~~~~~~~~~~~~~~~~~~~~~
2020-08-16 00:58:18 +02:00
Davide Beatrici
69cd39616b Remove "UINT32" and "DWORD", use "UINT" everywhere for consistency 2020-08-15 09:18:27 +02:00
Davide Beatrici
e18bb465c9 Remove "CHAR", use lowercase everywhere for consistency
As a bonus we fix 3 cast warnings.
2020-08-15 09:18:27 +02:00
Davide Beatrici
337a04b758 Remove "BOOL", "TRUE" and "FALSE", use lowercase everywhere for consistency 2020-08-15 09:18:27 +02:00
Davide Beatrici
1c56562cc7 Remove "UINT_PTR" and "LONG_PTR", use original type everywhere 2020-08-15 09:18:21 +02:00
Davide Beatrici
5d782a67b4 Cedar/Proto_OpenVPN.c: remove redundant log messages
The "session created" and "session deleted" messages were useful when a single OPENVPN_SERVER object handled multiple UDP sessions.

Now that each session has its own OPENVPN_SERVER object and session creations/deletions are logged by PROTO, the messages are redundant.

In future we will change the OpenVPN implementation so that the multi-session handling code is deleted.

The messages were like this:

OpenVPN Module: The OpenVPN Server Module is starting.
OpenVPN Session 1 (192.168.122.211:47390 -> 0.0.0.0:1194): A new session is created. Protocol: UDP

OpenVPN Session 1 (192.168.122.211:47390 -> 0.0.0.0:1194): Deleting the session.
OpenVPN Module: The OpenVPN Server Module is stopped.
2020-08-06 22:24:45 +02:00
Davide Beatrici
cda0062367 Cedar/Proto: add ProtoLog(), write message to log on session creation/deletion
Example:

[OpenVPN] 192.168.122.100:47390 -> 0.0.0.0:1194 (UDP): Session created.
[OpenVPN] 192.168.122.100:47390 -> 0.0.0.0:1194 (UDP): Session deleted.

[OpenVPN] 192.168.122.100:49866 -> 192.168.122.1:1194 (TCP): Session created.
[OpenVPN] 192.168.122.100:49866 -> 192.168.122.1:1194 (TCP): Session deleted.
2020-08-06 22:24:24 +02:00
Davide Beatrici
a8c6a0c1b3 Cedar/Proto: rename "ProtoNewSession()" to "ProtoSessionNew()" and "ProtoDeleteSession()" to "ProtoSessionDelete()"
For consistency.

Also, the "proto" argument is now marked as const.
2020-08-06 02:41:13 +02:00
Davide Beatrici
ac1b045634 Cedar/Proto.c: fix session deletion not being triggered in certain cases
ProtoHandleDatagrams() takes care of deleting a session if marked as halted.
However, the check is performed when a packet for that session is received; that never happens if the remote host doesn't send at least a packet.

This commit fixes the issue by moving the check into the loop that iterates through all sessions.
2020-08-05 01:25:03 +02:00
Davide Beatrici
6b3ac84ba2 Cedar: remove old commands and unused variables 2020-07-28 00:57:37 +02:00
Davide Beatrici
18ad35ebfe Cedar/Admin: use Proto in StGetOpenVpnSstpConfig() and StSetOpenVpnSstpConfig()
For now Server Manager still uses the two RPC methods.
2020-07-28 00:57:36 +02:00
Davide Beatrici
b853140626 Cedar: use Proto API for protocol options 2020-07-28 00:57:36 +02:00
Davide Beatrici
5209b310e3 Cedar/Command: add ProtoOptionsGet and ProtoOptionsSet commands
ProtoOptionsGet command - Lists the options for the specified protocol
Help for command "ProtoOptionsGet"

Purpose:
  Lists the options for the specified protocol

Description:
  This command can be used to retrieve the options for a specific protocol.
  Detailed info (e.g. value type) will be shown.
  You can change an option's value with the ProtoOptionsSet command.

Usage:
  ProtoOptionsGet [protocol]

Parameters:
  protocol - Protocol name.

ProtoOptionsSet command - Sets an option's value for the specified protocol
Help for command "ProtoOptionsSet"

Purpose:
  Sets an option's value for the specified protocol

Description:
  This command can be used to change an option's value for a specific protocol.
  You can retrieve the options using the ProtoOptionsGet command.
  To execute this command, you must have VPN Server administrator privileges.

Usage:
  ProtoOptionsSet [protocol] [/NAME:option_name] [/VALUE:string/true/false]

Parameters:
  protocol - Protocol name.
  /NAME    - Option name.
  /VALUE   - Option value. Make sure to write a value that is accepted by the specified protocol!
2020-07-28 00:57:36 +02:00
Davide Beatrici
3a275d7257 Cedar/Admin: implement RPC methods to get/set Proto options 2020-07-28 00:57:36 +02:00
Davide Beatrici
b352aa4cc3 Cedar/Server: load and save Proto settings
Snippet from the server configuration:

declare root
{
...
	declare ServerConfiguration
	{
	...
		declare Proto
		{
			declare OpenVPN
			{
				string DefaultClientOption dev-type$20tun,link-mtu$201500,tun-mtu$201500,cipher$20AES-128-CBC,auth$20SHA1,keysize$20128,key-method$202,tls-client
				bool Enabled true
				bool Obfuscation false
				string ObfuscationMask $
				bool PushDummyIPv4AddressOnL2Mode true
			}
			declare SSTP
			{
				bool Enabled true
			}
		}
	...
	}
...
}
2020-07-28 00:57:36 +02:00
Davide Beatrici
6d85fffdb5 Cedar: introduce options API in Proto
PROTO_OPTION is a structure that describes an option (who would've guessed?).

It's designed in a way that allows it to occupy as low memory as possible, while providing great flexibility.

The idea is similar to the one implemented in LIST for trivial types, with the difference that PROTO_OPTION doesn't require casting due to the use of union.
2020-07-28 00:57:36 +02:00
Davide Beatrici
8685fe0da1 Cedar/Proto: introduce PROTO_CONTAINER, to store data for each implementation
ProtoImplDetect() is renamed to ProtoDetect(), because it now returns a pointer to a PROTO_CONTAINER (if successful).
2020-07-28 00:57:36 +02:00
Davide Beatrici
cd850c07ae Cedar: improve constness of PROTO_IMPL functions, move Name() at the top 2020-07-28 00:57:36 +02:00
Davide Beatrici
4b9c33cd30 Cedar/SW.c: disable "vpninstall" and "vpnweb" tasks
The reason why we don't build these two targets is that they're not used.

More specifically: they require proper configuration to work correctly, which is currently missing.

While vpninstall may be worth salvaging, vpnweb is definitely a relict of the past because it relies on ActiveX.
2020-07-27 20:59:40 +02:00
Davide Beatrici
6a472d827a Mayaqua: remove all references to binaries with "_x64" and "_ia64" suffix
See the previous commit's message for details.
2020-07-27 20:59:40 +02:00
Davide Beatrici
a3eb115b0a Cedar: remove all references to binaries with "_x64" and "_ia64" suffix
BuildUtil compiles the project as 32 bit and 64 bit, before building the installer package.

64 bit binaries have the "_x64" suffix and are added to the package alongside the 32 bit ones (that have no suffix).

The CMake project compiles the binaries for a single architecture and they have no suffix.

We decided that providing two separate installers is the best solution.

As for the binaries with the "_ia64" suffix: they never existed during the this repository's lifespan.
2020-07-27 20:59:40 +02:00
Davide Beatrici
24d64222ea Cedar/SW.c: load "vpnsetup.exe" directly instead of expecting it to be in "hamcore.se2"
The MSBuild project built the binary into "src/bin/hamcore", causing it to be added to "hamcore.se2".

As hinted by the name of the file ("vpnsetup_nosign.exe"), it is not signed by BuildUtil, possibly to save time (the setup package is signed).

The CMake project builds the binary in the same directory as the other ones, allowing the setup to install them without the need to build a package.
2020-07-27 20:59:40 +02:00
Davide Beatrici
cc61c90372 Cedar/SW.c: remove "install_src.dat" file check
Previously, the file needed to be present in order for the setup to work.

This commit removes the requirement so that the setup can be ran from the build directory without the need to copy the file (which is now removed from the repository).
2020-07-27 20:59:40 +02:00
dnobori
144392c587 Add Tls_Disable1_3
Add Tls_Disable1_3 like Tls_Disable1_2 etc.
This change is part of v4.34-9744-beta e3370fb62c31eb10d0d221e628161863358d4cc3 .
2020-07-19 12:25:47 +09:00
Davide Beatrici
869496be3e Cedar: handle SSTP through Proto 2020-07-17 02:00:30 +02:00
Davide Beatrici
d917b2ac73 Cedar/Proto.c: check whether IsPacketForMe() is available before calling it
The SSTP implementation doesn't provide packet identification, because it's not required: the protocol is identified by the HTTP header it sends to the server.
2020-07-17 01:59:41 +02:00
Davide Beatrici
96a2d5a124 src/Cedar: pass client hostname and cipher to Init() function in PROTO_IMPL
The SSTP implementation must be aware of the cipher in order to be able to report it to the server's internals (i.e. IPC).
2020-07-17 01:59:22 +02:00
Davide Beatrici
3090688506 Cedar/Proto.c: support secure sockets
This is required for SSTP, because the connection is established through TLS/SSL.
2020-07-12 03:16:02 +02:00
Davide Beatrici
19dbdf46be Cedar: move buffer limit handling from ProtoHandleConnection() to protocol implementation
This allows greater control, required by SSTP: the limit only applies to data packets.
2020-07-12 03:09:12 +02:00
Davide Beatrici
eb5150a002 Cedar: change ProtoHandleConnection() so that it supports direct protocol specification 2020-07-12 03:05:51 +02:00
Davide Beatrici
6869955acc Cedar: fix server crash in CleanupSession()
"ClientOption", as the name implies, is only used in a client context.

The issue was introduced in 235bd07e67. Before that, an unrelated check prevented UnixVLanSetState() from being called in a server context.
2020-07-11 00:32:07 +02:00
Davide Beatrici
45399d9797 Cedar: fix ProtoSetUdpPorts() call in SiLoadServerCfg()
I accidentally passed the wrong variable in 4514ba5e2f.
2020-07-03 01:31:19 +02:00
Davide Beatrici
235bd07e67 Cedar: remove "NicDownOnDisconnect" option
SoftEther VPN originally created the NIC in the UP state and never changed it, even when the the client was not connected.

The behavior was changed in 59e1483dbf, which also added the NicDownOnDisconnect option

The option was disabled by default for backwards compatibility with scripts that don't check whether the NIC is down, but it's not ideal.

This commit forces the correct behavior and removes the commands "TUNDownOnDisconnectEnable", "TUNDownOnDisconnectDisable" and "TUNDownOnDisconnectGet".
2020-06-27 22:47:04 +02:00
Davide Beatrici
4514ba5e2f Cedar/Server.c: load UDP ports from configuration file and apply them
Unfortunately I realized only now that I didn't add the code in c4ec63fe32.
2020-06-10 09:42:23 +02:00
Davide Beatrici
c4838006b1 Cedar/SM.c: move UDP ports setting outside of the OpenVPN/SSTP dialog
This commit moves the UDP ports setting right below the TCP listeners and uses the new RPC methods to get and set them.
2020-05-20 20:18:51 +02:00
Davide Beatrici
c52e49de2d Cedar/SM: replace SmStrToPortList() with StrToPortList()
The function only called StrToPortList(), thus it can safely be replaced with the upstream function.
2020-05-20 20:18:51 +02:00
Davide Beatrici
9e6476c7b2 Cedar/Command: Implement PortsUDPGet and PortsUDPSet commands
PortsUDPSet: This command can be used to specify a single or multiple UDP ports the server should listen on. "0" can be specified to disable the UDP listener.
Administrator privileges are required to execute the command.

PortsUDPGet: This command can be used to retrieve the UDP ports the server is listening on.

The two commands replace the functionality that was previously provided by OpenVpnEnable and OpenVpnGet, respectively.
2020-05-20 20:17:53 +02:00
Davide Beatrici
37f28b4119 Cedar/Command: add "limit_range" parameter to StrToPortList()
Originally, StrToPortList() returned NULL when it encountered a number equal to 0 or higher than 65535.

This commit adds a new parameter to the function called "limit_range":

- When its value is true, the function retains the original behavior.
- When its value is false, the function doesn't check whether the number is in the network port number range (1-65535).

The change is required because the command to set the UDP ports will allow to remove all ports by specifying "0" as the port number.
2020-05-20 20:17:40 +02:00
Davide Beatrici
f1cb86d979 Cedar/Admin: implement new RPC methods to get/set the UDP ports 2020-05-20 20:17:34 +02:00
Davide Beatrici
c4ec63fe32 Rename "OpenVPN_UdpPortList" to "PortsUDP", store ports in a LIST
Now that Proto supports UDP, the server can handle multiple protocols on each UDP port.

The UDP ports are specified by the "OpenVPN_UdpPortList" configuration setting, because:

- OpenVPN is currently the only UDP protocol supported by SoftEther VPN to allow a custom port number.
- Before Proto was introduced, a unified interface for the protocols didn't exist; each protocol implementation had to create its own listener.

In preparation for the upcoming WireGuard implementation, this commit renames "OpenVPN_UdpPortList" to "PortsUDP", which should clarify that the setting is global.

The change is reflected in the code. Also, the ports are now stored in a LIST rather than a string. The conversion between string and LIST only happens when loading/saving the configuration.

The default UDP ports are now the same as the TCP ones (443, 992, 1194, 5555).
2020-05-20 03:16:19 +02:00
Evengard
b77dd167ff Fixes from review of PPP-IPv6 stack 2020-05-19 17:25:04 +03:00
Ilya Shipitsin
1a8e1385cf
Merge pull request #1125 from Evengard/ppp-ipv6
IPv6 support for the PPP stack
2020-05-19 17:09:09 +05:00
Ilya Shipitsin
e3e35f5a4c
Merge pull request #1122 from benrubson/ban
Log client IP in failed accesses
2020-05-13 15:35:45 +05:00
Davide Beatrici
20bbe325fe Cedar/Proto.c: fix wrong NULL check in ProtoHandleDatagrams(), found by Coverity
*** CID 358434: Null pointer dereferences (REVERSE_INULL)
 /src/Cedar/Proto.c: 451 in ProtoHandleDatagrams()
 445   void ProtoHandleDatagrams(UDPLISTENER *listener, LIST *datagrams)
 446   {
 447       UINT i;
 448       HASH_LIST *sessions;
 449       PROTO *proto = listener->Param;
 450
 >>>   CID 358434: Null pointer dereferences (REVERSE_INULL)
 >>>   Null-checking "listener" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
 451       if (proto == NULL || listener == NULL || datagrams == NULL)
 452       {
 453           return;
 454       }
 455
 456       sessions = proto->Sessions;
2020-05-12 21:26:42 +02:00
Evengard
cbbac659a3 Fixing VS2015 quirks 2020-05-12 18:51:55 +03:00
Evengard
2cfe031398 Fixing most errors, the link on Windows is working and is stable 2020-05-12 18:10:06 +03:00
Evengard
a2a6502ab9 Numerous fixes. First working version. 2020-05-12 18:05:19 +03:00
Evengard
f2fee4d32c Preliminary implementation of IPv6CP and IPv6 for PPP (untested) 2020-05-12 18:05:18 +03:00
Evengard
f627b64264 Auto formatting with AStyle 2020-05-12 17:59:25 +03:00
Evengard
1d6a4d3ec8 Preliminary IPC IPv6 implementation (untested) 2020-05-12 17:59:24 +03:00
Ben RUBSON
3f16a7e704
Log client IP in failed accesses
to be able to feed tools such as Fail2Ban
2020-05-11 23:09:26 +02:00
Ben RUBSON
4e583e43f1
Increase Radius timeout
to make it 2FA friendly
2020-05-11 23:06:01 +02:00
Davide Beatrici
981b57ee28 Cedar/Server: set ports in Proto, remove OpenVPN UDP server leftovers
The setting's name is still "OpenVPN_UdpPortList".

We will change it as soon as there's another UDP protocol implemented in Proto.
2020-05-11 08:23:32 +02:00
Davide Beatrici
27f7d43ff7 Cedar/Proto_OpenVPN: remove UDP system, use the one provided by Proto
As a side effect, the DH parameter is now applied to the TCP server as well.

Previously, the default value was always used, ignoring the one from the configuration.
2020-05-11 08:23:29 +02:00
Davide Beatrici
a3aea00820 Cedar/Proto: implement UDP system
When a datagram is received, the matching session is looked up in a hash list; if it's not found, a new session is created.

This method allows to use a single UDP port for multiple protocols, as we do with TCP.

Also, each session has its own dedicated thread, used to process the received datagrams and generate the ones that are then sent through the UDP listener.

In addition to guaranteeing constant performance, separate threads also prevent a single one from blocking all sessions.
2020-05-11 08:22:44 +02:00
Davide Beatrici
667108319d Cedar: prepare Proto for UDP support
- An additional parameter is added to IsPacketForMe(), used to specify the protocol type (currently either TCP or UDP).
- SupportedModes() is dropped because it's now redundant.
- IsOk() and EstablishedSessions() are dropped because error checking should be handled by the implementation.
- ProtoImplDetect() now takes a buffer and its size rather than a SOCK, so that it can be used to detect UDP protocols.
- The OpenVPN toggle check is moved to ProtoImplDetect(), so that we don't have to duplicate it once UDP support is implemented.
2020-05-11 07:07:04 +02:00
Evengard
34dfc14549 Fixing errors discovered with Coverity. 2020-05-04 16:07:21 +03:00
Evengard
1fe863e866 Generate DHCP Client ID based on MAC all the time 2020-05-04 15:40:44 +03:00
Ilya Shipitsin
b41c17f45a
Merge pull request #1109 from Evengard/ppp-eap-tls
Implementation of EAP-TLS for PPP
2020-05-04 17:13:15 +05:00
Evengard
ca1c6a5f3f Fixing a use of unitialized variable as per CPPCHECK 2020-05-03 14:22:18 +03:00
Evengard
132926ee09 Fixing alignment of struct on GCC, changing the method to server one 2020-05-03 05:17:23 +03:00
Evengard
8a856e4672 Codestyle fixes 2020-05-02 21:08:19 +03:00
Evengard
39becfe4ab Some hacks to make Android VPN Client Pro working 2020-05-02 20:25:01 +03:00
Evengard
723f38e72f Fixing Linux... 2020-05-02 19:52:47 +03:00
Evengard
a2b7cb0148 Added possibility to load CA certificates from chain_certs folder to allow verifying the client certificates against it. 2020-05-02 19:52:46 +03:00
Evengard
24bd2b3198 Fixing up some errors 2020-05-02 19:52:46 +03:00
Evengard
9f2a5cecf3 Preliminary (untested) EAP-TLS implementation 2020-05-02 19:52:46 +03:00
Evengard
a65c436e8f Writing skeleton for EAP-TLS implementation 2020-05-02 19:52:45 +03:00
Evengard
aa0ec4343c Fixing errors as per static analysis 2020-05-02 19:52:45 +03:00
Evengard
1bdd9a92bc Adding timeout propagation from user policy in PPP sessions (including L2TP and SSTP). 2020-05-02 19:52:45 +03:00
Davide Beatrici
942051d3a8 Cedar: various improvements to Proto
The PROTO structure is now used to identify the system as a whole, rather than a single protocol. It's stored and initialized in Server.

ProtoCompare(), ProtoAdd() and ProtoDetected() are renamed to make the difference between PROTO and PROTO_IMPL more clear.

ProtoGet() and ProtoNum() are removed because the related list can now be accessed directly by Server.
2020-05-01 07:14:38 +02:00
Evengard
f20e99f8e4 Treating empty IPCP requests as IPCP requests with IP-Address option zeroed out 2020-04-25 20:59:08 +03:00
Evengard
b9109211d3 ACKing an empty LCP options list 2020-04-25 15:29:57 +03:00
Davide Beatrici
9073452b09
Merge PR #1092: src/Cedar/Proto_OpenVPN.c: push "block-outside-dns" to clients 2020-04-20 03:25:43 +02:00
Daiyuu Nobori
033647c8ac Fix security issue: Fix the security of JSON-API. If the administrator password of the Virtual Hub is empty, JSON-API (which was added in 4.30 Build 9696 Beta) will not be able to access to the virtual hub with a empty password since this release. Because there are relatively many cases in which administrator password is empty for a virtual hub, being able to manage a virtual hub without a password using JSON-API was a security problem. In this release, this behavior has been changed so that JSON-API cannot be accessed in the Virtual Hub management mode until it is configured with non-empty password. 2020-04-06 00:44:14 +09:00
Davide Beatrici
b6ef9f88c9 src/Cedar/Proto_OpenVPN.c: push "block-outside-dns" to clients
From https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage:

--block-outside-dns

Block DNS servers on other network adapters to prevent DNS leaks.
This option prevents any application from accessing TCP or UDP port 53 except one inside the tunnel.
It uses Windows Filtering Platform (WFP) and works on Windows Vista or later.
This option is considered unknown on non-Windows platforms and unsupported on Windows XP, resulting in fatal error.
You may want to use --setenv opt or --ignore-unknown-option (not suitable for Windows XP) to ignore said error.
Note that pushing unknown options from server does not trigger fatal errors.
2020-04-04 08:37:19 +02:00
Ilya Shipitsin
84bd9abb30
Merge pull request #1072 from Evengard/ppp-ipv6
Rewriting the PPP stack
2020-04-02 20:29:51 +05:00
Georgy Komarov
4772a508dc
sam: fix using pointer to local variable that is out of scope 2020-03-27 07:28:43 +03:00
Georgy Komarov
1416a693e7
protocol: fix uninitialized variable
Value of server_cert is undefined if `b = PackGetBuf(p, "Cert");` was
failed.
2020-03-27 07:25:45 +03:00
Evengard
fa9e9d15a5 Removing unrelated changes as per review 2020-02-06 10:52:34 +03:00
Evengard
60e85afd1f
Apply reviewed code style
Co-Authored-By: Davide Beatrici <davidebeatrici@gmail.com>
2020-02-06 10:49:09 +03:00
Evengard
a6970e3e61 Merge branch 'master' into ppp-ipv6 2020-02-05 00:23:03 +03:00
Ilya Shipitsin
eeec9a82f6
Merge pull request #1062 from dnobori/200101_impr_url_log_spacing
Merge pull request #1062: Improvement: Add a space character between URL and other tokens in the packet log format.
2020-01-01 17:53:27 +05:00