AMajor/SoftEtherVPN
1
0
Fork 0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2026-04-18 04:53:10 +03:00
Code Releases Activity
2,107 Commits 5 Branches 27 Tags
acbc514b87f3a8fdffbb4042fb34e69c7dd21c6f
Commit Graph

620 Commits

Author SHA1 Message Date
Ilya Shipitsin
acbc514b87 Merge pull request #2170 from kanglongwei/branch2 
fix: #2166 L3KnownArp, delete entry from the incorrect list
 2025-10-28 21:44:25 +01:00
w00485423
ab245552b1 fix: #2165 memory leak 2025-10-13 20:05:28 +08:00
w00485423
fdcb0a207b fix: #2166 L3KnownArp, delete entry from the incorrect list 2025-10-10 21:20:30 +08:00
Evengard
8f0deb576c Incorrect variable used while iterating through sessions which makes the loop stuck 2024-08-25 15:36:50 +03:00
Ilia Shipitsin
6f57449164 src/Cedar/Proto_IKE.c: ignore packets with no IPSec SA 
many thanks to Jonathan Phillibert from Amazon Web Services
for investigating and reporting that responding to such packets
might lead to traffic amplification
 2024-06-22 18:53:35 +02:00
Ilya Shipitsin
bfaff4fdb0 Merge pull request #1994 from hiura2023/master 
Fix Virtual DHCP Server: Correct IP reassignment
 2024-05-27 13:13:40 +02:00
hiura
5a88b34ddb Fix Virtual DHCP Server: Correct IP reassignment 2024-05-08 10:55:00 +09:00
hiura2023
bcb896b178 Merge branch 'SoftEtherVPN:master' into master 2024-05-03 17:19:47 +09:00
hiura
6e5395cc8d Fix Virtual DHCP Server: Correct DHCP renewal request 2024-05-03 17:18:13 +09:00
Evengard
d568cc1727 Fix another memory access error again because of a missing MAC address in IPv6 headers 2024-04-27 21:57:36 +03:00
Evengard
c9b5e25c87 Fix memory access error when IPv6 prefix reading, should resolve #1972 2024-04-27 02:01:48 +03:00
hiura
7f074d0c0b Fix Virtual DHCP Server: Correct HDCP Sequence 2024-04-26 12:42:27 +09:00
Ilya Shipitsin
74f7269ef6 Merge pull request #1679 from tickerguy/tickerguy-patch-1 
BridgeUnix.c: Disable MTU changes on FreeBSD
 2024-04-19 16:46:16 +02:00
Ilya Shipitsin
41f83c9e32 Merge pull request #1840 from RoelvandeWiel/issue1838 
Changed 'settng' to 'setting' and regenerated the RPC docs
 2024-04-17 20:53:42 +02:00
Ilya Shipitsin
6582955cfa Update src/Cedar/Protocol.c 
Co-authored-by: Davide Beatrici <github@davidebeatrici.dev>
 2024-04-14 10:36:55 +02:00
Alexey Ivanov
71d71e51db OpenVPN certificate authorization with cn_username in 'email' format 2024-04-12 23:08:24 +05:00
hiura
e8c14cba68 Fix 'Session Timeouted.': Change the time for checking wether all the TCP connectins are alive or not. 2024-03-24 19:11:24 +09:00
hiura
64cb8e1eff Change bridge function: Make the NIC appear in the 'Local Bridge Settings' list No.2 2024-03-11 00:16:22 +09:00
hiura
645d5ebb55 Change bridge function: Make the NIC appear in the 'Local Bridge Settings' list regardless of a NULL character consisted in 'FriendlyName' 2024-03-06 11:33:56 +09:00
hiura
4e4bd79ad2 IPC.c:Cast the pointer to a defined size due to the error in compiling. 2024-02-20 12:01:35 +09:00
Ilya Shipitsin
9429243dbe Merge pull request #1906 from hiura2023/master 
Fix access violation: correct typing mistake in calling Debug().
 2023-11-01 10:26:37 +01:00
Daiyuu Nobori
6dbf7e9ae2 Showing an explanation of the purpose of the Developer Edition and the difference from the Stable Editon by Daiyuu Nobori 2023-10-09 17:14:32 +02:00
Daiyuu Nobori
54ae7f725b Add four new certificate hashes to the DDNS_CERT_HASH list by Daiyuu Nobori. These certificates will be used to University of Tsukuba's built-in "softether.net" DDNS server after year 2038. 2023-10-09 17:14:32 +02:00
Daiyuu Nobori
35077deaf1 Fix Vulnerability: CVE-2023-25774 TALOS-2023-1743 
SoftEther VPN vpnserver ConnectionAccept () denial of service vulnerability
 2023-10-09 17:13:57 +02:00
Daiyuu Nobori
3b932f5fee Fix Vulnerability: CVE-2023-27516 TALOS-2023-1754 and CVE-2023-32634 TALOS-2023-1755 
SoftEther VPN CiRpcAccepted () authentication bypass vulnerability
and SoftEther VPN CiRpcServerThread () MitM authentication bypass vulnerability
https://www.softether.org/9-about/News/904-SEVPN202301
https://jvn.jp/en/jp/JVN64316789/
 2023-10-07 04:42:41 +02:00
Daiyuu Nobori
c49e462ed1 Fix Vulnerability: CVE-2023-22325 TALOS-2023-1736 
SoftEther VPN DCRegister DDNS_RPC_MAX_RECV_SIZE denial of service vulnerability
https://www.softether.org/9-about/News/904-SEVPN202301
https://jvn.jp/en/jp/JVN64316789/
 2023-09-28 18:26:17 +09:00
Daiyuu Nobori
b8e542105f Fix Vulnerability: CVE-2023-27395 TALOS-2023-1735 
SoftEther VPN vpnserver WpcParsePacket () heap-based buffer overflow vulnerability
https://www.softether.org/9-about/News/904-SEVPN202301
https://jvn.jp/en/jp/JVN64316789/
 2023-09-28 18:24:12 +09:00
hiura
f57f05a599 Bind outgoing connection to a specific IP address (fix a bug) 2023-09-17 16:36:57 +09:00
Ilya Shipitsin
f736d18267 temporarily suppress clang warnings on "-Wincompatible-function-pointer-types" 2023-09-16 00:03:03 +02:00
Ilya Shipitsin
205a94cda2 Merge pull request #1867 from hiura2023/master 
Bind outgoing connection to a specific IP address
 2023-09-10 17:18:31 +02:00
Ilya Shipitsin
8f8677f164 set PPPSetStatus(p, PPP_STATUS_FAIL); in case of failure 2023-08-16 22:32:00 +02:00
Ilya Shipitsin
088b5c2df3 additional error handling if SSL_CTX_new failed 
this is a folloup to https://github.com/SoftEtherVPN/SoftEtherVPN/pull/1873
 2023-08-16 19:17:18 +02:00
hiura
c2fe874865 Bind outgoing connection to a specific IP address No.2 2023-08-08 18:14:22 +09:00
Ilya Shipitsin
f6f2660060 Merge pull request #1869 from metalefty/bsdunixvlan-group 
Cedar/VLanUnix: assign virtual interface to softether group
 2023-08-07 08:16:17 +02:00
Yihong Wu
adccc6b7d4 Merge pull request #1775 from domosekai/radius2 
Support more EAP methods for RADIUS auth
 2023-08-07 02:50:13 +09:00
Davide Beatrici
1493ccb44d Merge PR #1865: Fix build when NO_VLAN 2023-07-05 09:55:35 +02:00
Koichiro IWAO
49f8112d83 Cedar/VLanUnix: assign virtual interface to softether group 
Interface grouping is available on FreeBSD and OpenBSD. This will allow
you to enumerate only SoftEther virtual interfaces or exclude SoftEther
virtual interfaces, and be helpful when making custom scripts to start
DHCP client when virtual interface become up (=VPN connection
established) for example.

Usage examples as follows.

List all interfaces' names available on the system:
```
$ ifconfig -l
vtnet0 lo0 vpn_client0 vpn_client1 vpn_client2
```

Display a list of SoftEther virtual interfaces:
```
$ ifconfig -g softether
vpn_client0
vpn_client1
vpn_client2
```

Display details about SoftEther virtual interfaces that are up:
```
$ ifconfig -a -u -g softether
vpn_client0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: SoftEther Virtual Network Adapter
        options=80000<LINKSTATE>
        ether 5e:71:fa:f8:91:4a
        hwaddr 58:9c:fc:10:34:2a
        groups: tap softether
        media: Ethernet autoselect
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        Opened by PID 1445
```

Display details about interfaces except for SoftEther virtual interfaces:
```
$ ifconfig -a -G softether
vtnet0: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=80028<VLAN_MTU,JUMBO_MTU,LINKSTATE>
        ether 58:9c:fc:00:f0:23
        inet6 fe80::5a9c:fcff:fe00:f023%vtnet0 prefixlen 64 scopeid 0x1
        inet 192.168.96.7 netmask 0xffffff00 broadcast 192.168.96.255
        media: Ethernet autoselect (10Gbase-T <full-duplex>)
        status: active
        nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
        inet 127.0.0.1 netmask 0xff000000
        groups: lo
        nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
```
 2023-07-04 14:38:36 +09:00
hiura
e4330ca71a bind outgoing connection 2023-06-28 23:18:09 +09:00
Koichiro IWAO
0ab5199272 Fix build when NO_VLAN 
Occurred at:	 #670
Closes:		#1864

Tested build on FreeBSD with NO_VLAN by modifying CMakeLists.txt like this:

```diff
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index c49a3c78..1dad3691 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -93,6 +93,7 @@ if(UNIX)
if(${CMAKE_SYSTEM_NAME} STREQUAL "FreeBSD")
     add_definitions(-DUNIX_BSD -DBRIDGE_BPF)
+    add_definitions(-DNO_VLAN)
     include_directories(SYSTEM /usr/local/include)
     link_directories(SYSTEM /usr/local/lib)
   endif()
```
 2023-06-17 02:18:04 +09:00
Koichiro IWAO
41be858df0 Collect garbage at development 2023-06-17 01:54:36 +09:00
Koichiro IWAO
6665efb822 Remove unnecessary quotation to fix build 2023-06-15 10:17:33 +09:00
Koichiro IWAO
8826484245 Rename macro BRDEST -> BRIDGE for simplicity 
UNIX_VLAN_BRDEST_IFACE_PREFIX -> UNIX_VLAN_BRIDGE_IFACE_PREFIX
 2023-06-15 00:15:17 +09:00
Koichiro IWAO
09708bc8cb Cedar/BridgeUnix: make sure to destroy tap device for bridge on FreeBSD 
Also, rename NewTap/FreeTap to NewBridgeTap/FreeBridgeTap because these
functions are used to create/destroy tap device used for bridge
destination.
 2023-06-15 00:15:17 +09:00
Koichiro IWAO
696a9bc0a1 Cedar: Don't hardcode prefix for virtual brige destination 2023-06-15 00:15:17 +09:00
Koichiro IWAO
96e4fc040f Cedar/VLanUnix: add description to FreeBSD tap device 
$ ifconfig vpn_client
vpn_client: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: SoftEther Virtual Network Adapter
        options=80000<LINKSTATE>
        ether 5e:51:5e:48:ea:ef
        hwaddr 58:9c:fc:10:34:2a
        groups: tap
        media: Ethernet autoselect
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        Opened by PID 35981
 2023-06-01 16:50:30 +09:00
Koichiro IWAO
867c992111 Cedar/VLanUnix: use space after #ifdef 2023-06-01 15:18:13 +09:00
Koichiro IWAO
96b1961d78 Cedar/VLanUnix: add UnixDestroyTapDevice prototype declaration 2023-06-01 11:57:50 +09:00
Koichiro IWAO
939eb3130e Cedar/Client: Enable CtVLans{Up,Down} on FreeBSD 
The same trick also works on FreeBSD. There's no reason to limit it to
Linux.
 2023-05-31 17:48:31 +09:00
Koichiro IWAO
0ba7ad392e Cedar/VLanUnix: Enable UnixVLanSetState on FreeBSD 2023-05-31 17:48:31 +09:00
Koichiro IWAO
8482a52522 Cedar/VLanUnix: Make NicDelete work on FreeBSD 
In contrast to Linux, FreeBSD's tap devices are still plumbed after fd
closed. The tap device must be destroyed in addition to closing fd
to delete virtual network interfaces used for VPN connection.

NicDelete command now works properly and virtual network interfaces used
by vpnclient are cleaned up when shutting down vpnclient.
 2023-05-31 17:48:31 +09:00