1
0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2024-12-28 02:50:33 +03:00
Commit Graph

765 Commits

Author SHA1 Message Date
Davide Beatrici
6b3ac84ba2 Cedar: remove old commands and unused variables 2020-07-28 00:57:37 +02:00
Davide Beatrici
18ad35ebfe Cedar/Admin: use Proto in StGetOpenVpnSstpConfig() and StSetOpenVpnSstpConfig()
For now Server Manager still uses the two RPC methods.
2020-07-28 00:57:36 +02:00
Davide Beatrici
b853140626 Cedar: use Proto API for protocol options 2020-07-28 00:57:36 +02:00
Davide Beatrici
5209b310e3 Cedar/Command: add ProtoOptionsGet and ProtoOptionsSet commands
ProtoOptionsGet command - Lists the options for the specified protocol
Help for command "ProtoOptionsGet"

Purpose:
  Lists the options for the specified protocol

Description:
  This command can be used to retrieve the options for a specific protocol.
  Detailed info (e.g. value type) will be shown.
  You can change an option's value with the ProtoOptionsSet command.

Usage:
  ProtoOptionsGet [protocol]

Parameters:
  protocol - Protocol name.

ProtoOptionsSet command - Sets an option's value for the specified protocol
Help for command "ProtoOptionsSet"

Purpose:
  Sets an option's value for the specified protocol

Description:
  This command can be used to change an option's value for a specific protocol.
  You can retrieve the options using the ProtoOptionsGet command.
  To execute this command, you must have VPN Server administrator privileges.

Usage:
  ProtoOptionsSet [protocol] [/NAME:option_name] [/VALUE:string/true/false]

Parameters:
  protocol - Protocol name.
  /NAME    - Option name.
  /VALUE   - Option value. Make sure to write a value that is accepted by the specified protocol!
2020-07-28 00:57:36 +02:00
Davide Beatrici
3a275d7257 Cedar/Admin: implement RPC methods to get/set Proto options 2020-07-28 00:57:36 +02:00
Davide Beatrici
aa65327e73 Mayaqua/Pack: add PackGetStrSize(), for strings with non-constant length 2020-07-28 00:57:36 +02:00
Davide Beatrici
b352aa4cc3 Cedar/Server: load and save Proto settings
Snippet from the server configuration:

declare root
{
...
	declare ServerConfiguration
	{
	...
		declare Proto
		{
			declare OpenVPN
			{
				string DefaultClientOption dev-type$20tun,link-mtu$201500,tun-mtu$201500,cipher$20AES-128-CBC,auth$20SHA1,keysize$20128,key-method$202,tls-client
				bool Enabled true
				bool Obfuscation false
				string ObfuscationMask $
				bool PushDummyIPv4AddressOnL2Mode true
			}
			declare SSTP
			{
				bool Enabled true
			}
		}
	...
	}
...
}
2020-07-28 00:57:36 +02:00
Davide Beatrici
6d85fffdb5 Cedar: introduce options API in Proto
PROTO_OPTION is a structure that describes an option (who would've guessed?).

It's designed in a way that allows it to occupy as low memory as possible, while providing great flexibility.

The idea is similar to the one implemented in LIST for trivial types, with the difference that PROTO_OPTION doesn't require casting due to the use of union.
2020-07-28 00:57:36 +02:00
Davide Beatrici
8685fe0da1 Cedar/Proto: introduce PROTO_CONTAINER, to store data for each implementation
ProtoImplDetect() is renamed to ProtoDetect(), because it now returns a pointer to a PROTO_CONTAINER (if successful).
2020-07-28 00:57:36 +02:00
Davide Beatrici
cd850c07ae Cedar: improve constness of PROTO_IMPL functions, move Name() at the top 2020-07-28 00:57:36 +02:00
Davide Beatrici
4b9c33cd30 Cedar/SW.c: disable "vpninstall" and "vpnweb" tasks
The reason why we don't build these two targets is that they're not used.

More specifically: they require proper configuration to work correctly, which is currently missing.

While vpninstall may be worth salvaging, vpnweb is definitely a relict of the past because it relies on ActiveX.
2020-07-27 20:59:40 +02:00
Davide Beatrici
78dad1d568 Mayaqua/Microsoft.h: rename "driver_installer.exe" to "vpndrvinst.exe"
vpndrvinst is the name of the target and thus the default output name, let's use it.

`vpndrvinst.exe" also sounds less fishy than "driver_installer.exe"...
2020-07-27 20:59:40 +02:00
Davide Beatrici
6a472d827a Mayaqua: remove all references to binaries with "_x64" and "_ia64" suffix
See the previous commit's message for details.
2020-07-27 20:59:40 +02:00
Davide Beatrici
a3eb115b0a Cedar: remove all references to binaries with "_x64" and "_ia64" suffix
BuildUtil compiles the project as 32 bit and 64 bit, before building the installer package.

64 bit binaries have the "_x64" suffix and are added to the package alongside the 32 bit ones (that have no suffix).

The CMake project compiles the binaries for a single architecture and they have no suffix.

We decided that providing two separate installers is the best solution.

As for the binaries with the "_ia64" suffix: they never existed during the this repository's lifespan.
2020-07-27 20:59:40 +02:00
Davide Beatrici
24d64222ea Cedar/SW.c: load "vpnsetup.exe" directly instead of expecting it to be in "hamcore.se2"
The MSBuild project built the binary into "src/bin/hamcore", causing it to be added to "hamcore.se2".

As hinted by the name of the file ("vpnsetup_nosign.exe"), it is not signed by BuildUtil, possibly to save time (the setup package is signed).

The CMake project builds the binary in the same directory as the other ones, allowing the setup to install them without the need to build a package.
2020-07-27 20:59:40 +02:00
Davide Beatrici
cc61c90372 Cedar/SW.c: remove "install_src.dat" file check
Previously, the file needed to be present in order for the setup to work.

This commit removes the requirement so that the setup can be ran from the build directory without the need to copy the file (which is now removed from the repository).
2020-07-27 20:59:40 +02:00
Davide Beatrici
35200a29ea CMake: build vpnsetup 2020-07-27 20:59:40 +02:00
Davide Beatrici
c084ce30f9 CMake: build vpndrvinst 2020-07-27 20:59:40 +02:00
Davide Beatrici
755e09e5c1 Don't include OpenSSL headers in vpndrvinst.c
The inclusion of the headers is probably a very old leftover, from when OpenSSL was not encapsulated into Mayaqua yet.

In fact, there was a "HAM_C" (defined in vpndrvinst.c) definition check in Mayaqua/Encrypt.h preventing the redefinition of OpenSSL types.
2020-07-27 20:59:40 +02:00
Daiyuu Nobori
588d7539f4 vpntest.c: add "setupapi" command to test SetupAPI (Windows only)
Co-authored-by: Davide Beatrici <git@davidebeatrici.dev>
2020-07-27 05:31:02 +02:00
Davide Beatrici
28d4a113dc CMake: add manifest for all targets that have it in the MSBuild project 2020-07-25 23:13:45 +02:00
Davide Beatrici
3732447571 CMake: specify "WIN32" for targets that have WinMain()
When "VPN_EXE" is defined, Mayaqua.h defines WinMain(), which handles arguments in a special way.

This commit passes "WIN32" to add_executable(), so that WinMain() is used as entry point instead of main().

The use of main() instead of WinMain() was causing service mode not to work due to the "/service" argument being discarded.
2020-07-25 23:13:38 +02:00
Davide Beatrici
369a8850c4 CMake: don't hardcode build directories
Our CMake project used to forcefully create and use two different build directories: "build" and "tmp".

This commit changes the behavior so that only the build directory CMake is ran in is used.

The "configure" script now runs CMake in "build" by default, instead of "tmp".
2020-07-20 18:31:41 +02:00
Daiyuu Nobori
844dcdb0af Remove all references to strtok() and wcstok(), implement and use alternatives
strtok() and wcstok() are considered unsafe functions.

A segmentation fault caused by the use of strtok() was recently reported.

Co-authored-by: Takuho NAKANO <takotakot@users.noreply.github.com>
2020-07-20 17:57:58 +02:00
Davide Beatrici
869496be3e Cedar: handle SSTP through Proto 2020-07-17 02:00:30 +02:00
Davide Beatrici
d917b2ac73 Cedar/Proto.c: check whether IsPacketForMe() is available before calling it
The SSTP implementation doesn't provide packet identification, because it's not required: the protocol is identified by the HTTP header it sends to the server.
2020-07-17 01:59:41 +02:00
Davide Beatrici
96a2d5a124 src/Cedar: pass client hostname and cipher to Init() function in PROTO_IMPL
The SSTP implementation must be aware of the cipher in order to be able to report it to the server's internals (i.e. IPC).
2020-07-17 01:59:22 +02:00
Davide Beatrici
3090688506 Cedar/Proto.c: support secure sockets
This is required for SSTP, because the connection is established through TLS/SSL.
2020-07-12 03:16:02 +02:00
Davide Beatrici
19dbdf46be Cedar: move buffer limit handling from ProtoHandleConnection() to protocol implementation
This allows greater control, required by SSTP: the limit only applies to data packets.
2020-07-12 03:09:12 +02:00
Davide Beatrici
eb5150a002 Cedar: change ProtoHandleConnection() so that it supports direct protocol specification 2020-07-12 03:05:51 +02:00
Davide Beatrici
6869955acc Cedar: fix server crash in CleanupSession()
"ClientOption", as the name implies, is only used in a client context.

The issue was introduced in 235bd07e67. Before that, an unrelated check prevented UnixVLanSetState() from being called in a server context.
2020-07-11 00:32:07 +02:00
Davide Beatrici
45399d9797 Cedar: fix ProtoSetUdpPorts() call in SiLoadServerCfg()
I accidentally passed the wrong variable in 4514ba5e2f.
2020-07-03 01:31:19 +02:00
Ron Isaacson
40ed982079 Fix systemd unit file generation 2020-06-30 01:22:37 -04:00
Ron Isaacson
6fe678fe84 Fix wrapper script generation 2020-06-29 23:04:35 -04:00
Davide Beatrici
235bd07e67 Cedar: remove "NicDownOnDisconnect" option
SoftEther VPN originally created the NIC in the UP state and never changed it, even when the the client was not connected.

The behavior was changed in 59e1483dbf, which also added the NicDownOnDisconnect option

The option was disabled by default for backwards compatibility with scripts that don't check whether the NIC is down, but it's not ideal.

This commit forces the correct behavior and removes the commands "TUNDownOnDisconnectEnable", "TUNDownOnDisconnectDisable" and "TUNDownOnDisconnectGet".
2020-06-27 22:47:04 +02:00
Ilya Shipitsin
47d08b055e
Merge pull request #1114 from takotakot/disable_sslv3
Disable SSLv3
2020-06-18 11:21:59 +05:00
Davide Beatrici
485a5922eb
Merge PR #1146: Cedar/Server.c: load UDP ports from configuration file and apply them 2020-06-10 10:00:10 +02:00
Davide Beatrici
4514ba5e2f Cedar/Server.c: load UDP ports from configuration file and apply them
Unfortunately I realized only now that I didn't add the code in c4ec63fe32.
2020-06-10 09:42:23 +02:00
Takuho NAKANO
5ebdb394fc Disable sslv3 2020-06-09 13:59:57 +09:00
Tetsuo Sugiyama
d726719602
Fixed that NewDhcpOption did not handle DHCP options longer than 255 bytes correctly 2020-05-22 11:05:36 +09:00
Davide Beatrici
c4838006b1 Cedar/SM.c: move UDP ports setting outside of the OpenVPN/SSTP dialog
This commit moves the UDP ports setting right below the TCP listeners and uses the new RPC methods to get and set them.
2020-05-20 20:18:51 +02:00
Davide Beatrici
c52e49de2d Cedar/SM: replace SmStrToPortList() with StrToPortList()
The function only called StrToPortList(), thus it can safely be replaced with the upstream function.
2020-05-20 20:18:51 +02:00
Davide Beatrici
9e6476c7b2 Cedar/Command: Implement PortsUDPGet and PortsUDPSet commands
PortsUDPSet: This command can be used to specify a single or multiple UDP ports the server should listen on. "0" can be specified to disable the UDP listener.
Administrator privileges are required to execute the command.

PortsUDPGet: This command can be used to retrieve the UDP ports the server is listening on.

The two commands replace the functionality that was previously provided by OpenVpnEnable and OpenVpnGet, respectively.
2020-05-20 20:17:53 +02:00
Davide Beatrici
37f28b4119 Cedar/Command: add "limit_range" parameter to StrToPortList()
Originally, StrToPortList() returned NULL when it encountered a number equal to 0 or higher than 65535.

This commit adds a new parameter to the function called "limit_range":

- When its value is true, the function retains the original behavior.
- When its value is false, the function doesn't check whether the number is in the network port number range (1-65535).

The change is required because the command to set the UDP ports will allow to remove all ports by specifying "0" as the port number.
2020-05-20 20:17:40 +02:00
Davide Beatrici
f1cb86d979 Cedar/Admin: implement new RPC methods to get/set the UDP ports 2020-05-20 20:17:34 +02:00
Davide Beatrici
c4ec63fe32 Rename "OpenVPN_UdpPortList" to "PortsUDP", store ports in a LIST
Now that Proto supports UDP, the server can handle multiple protocols on each UDP port.

The UDP ports are specified by the "OpenVPN_UdpPortList" configuration setting, because:

- OpenVPN is currently the only UDP protocol supported by SoftEther VPN to allow a custom port number.
- Before Proto was introduced, a unified interface for the protocols didn't exist; each protocol implementation had to create its own listener.

In preparation for the upcoming WireGuard implementation, this commit renames "OpenVPN_UdpPortList" to "PortsUDP", which should clarify that the setting is global.

The change is reflected in the code. Also, the ports are now stored in a LIST rather than a string. The conversion between string and LIST only happens when loading/saving the configuration.

The default UDP ports are now the same as the TCP ones (443, 992, 1194, 5555).
2020-05-20 03:16:19 +02:00
Evengard
b77dd167ff Fixes from review of PPP-IPv6 stack 2020-05-19 17:25:04 +03:00
Ilya Shipitsin
1a8e1385cf
Merge pull request #1125 from Evengard/ppp-ipv6
IPv6 support for the PPP stack
2020-05-19 17:09:09 +05:00
Ilya Shipitsin
e3e35f5a4c
Merge pull request #1122 from benrubson/ban
Log client IP in failed accesses
2020-05-13 15:35:45 +05:00
Ben RUBSON
5e1c728f92
Update strtable_tw.stb 2020-05-12 22:08:59 +02:00