Remove build_test artifacts from git tracking

Co-authored-by: chipitsine <2217296+chipitsine@users.noreply.github.com>

.ci/azure-pipelines/linux_build.sh

@@ -1,15 +0,0 @@
-#!/bin/bash
-
-if [[ "${#SE_BUILD_NUMBER_TOKEN}" -eq 64 ]]; then
-	VERSION=$(python3 "version.py")
-	BUILD_NUMBER=$(curl "https://softether.network/get-build-number?commit=${BUILD_SOURCEVERSION}&version=${VERSION}&token=${SE_BUILD_NUMBER_TOKEN}")
-else
-	BUILD_NUMBER=0
-fi
-
-cd ${BUILD_BINARIESDIRECTORY}
-
-cmake -G "Ninja" -DCMAKE_BUILD_TYPE=RelWithDebInfo -DBUILD_NUMBER=${BUILD_NUMBER} ${BUILD_SOURCESDIRECTORY}
-cmake --build .
-
-cpack -C Release -G DEB 

.ci/azure-pipelines/macos_build.sh

@@ -1,13 +0,0 @@
-#!/bin/bash
-
-if [[ "${#SE_BUILD_NUMBER_TOKEN}" -eq 64 ]]; then
-	VERSION=$(python3 "version.py")
-	BUILD_NUMBER=$(curl "https://softether.network/get-build-number?commit=${BUILD_SOURCEVERSION}&version=${VERSION}&token=${SE_BUILD_NUMBER_TOKEN}")
-else
-	BUILD_NUMBER=0
-fi
-
-cd ${BUILD_BINARIESDIRECTORY}
-
-cmake -G "Ninja" -DCMAKE_BUILD_TYPE=RelWithDebInfo -DBUILD_NUMBER=${BUILD_NUMBER} -DOPENSSL_ROOT_DIR="/usr/local/opt/openssl" ${BUILD_SOURCESDIRECTORY}
-cmake --build .

.ci/azure-pipelines/windows_build.bat

@@ -1,33 +0,0 @@
-@echo on
-
-:: The method we use to store a command's output into a variable:
-:: https://stackoverflow.com/a/6362922
-for /f "tokens=* USEBACKQ" %%g in (`python "version.py"`) do (set "VERSION=%%g")
-
-:: https://stackoverflow.com/a/8566001
-echo %SE_BUILD_NUMBER_TOKEN%> "%tmp%\length.txt"
-for %%? in ("%tmp%\length.txt") do ( set /A SE_BUILD_NUMBER_TOKEN_LENGTH=%%~z? - 2 )
-
-if %SE_BUILD_NUMBER_TOKEN_LENGTH% equ 64 (
-	for /f "tokens=* USEBACKQ" %%g in (`curl "https://softether.network/get-build-number?commit=%BUILD_SOURCEVERSION%&version=%VERSION%&token=%SE_BUILD_NUMBER_TOKEN%"`) do (set "BUILD_NUMBER=%%g")
-) else (
-	set BUILD_NUMBER=0
-)
-
-
-if "%BUILD_BINARIESDIRECTORY%"=="" (set BUILD_BINARIESDIRECTORY=build)
-if "%BUILD_SOURCESDIRECTORY%"=="" (set BUILD_SOURCESDIRECTORY=%cd%)
-
-if not exist %BUILD_BINARIESDIRECTORY% mkdir %BUILD_BINARIESDIRECTORY%
-
-cd %BUILD_BINARIESDIRECTORY%
-
-call "%VCVARS_PATH%"
-
-cmake -G "Ninja" -DCMAKE_TOOLCHAIN_FILE="C:\vcpkg\scripts\buildsystems\vcpkg.cmake" -DVCPKG_TARGET_TRIPLET=%VCPKG_TRIPLET% -DCMAKE_BUILD_TYPE=RelWithDebInfo -DCMAKE_C_COMPILER="%COMPILER_PATH%" -DCMAKE_CXX_COMPILER="%COMPILER_PATH%" -DBUILD_NUMBER=%BUILD_NUMBER% "%BUILD_SOURCESDIRECTORY%"
-cmake --build .
-
-if "%BUILD_STAGINGDIRECTORY%"=="" (set BUILD_STAGINGDIRECTORY=%cd%)
-mkdir "%BUILD_STAGINGDIRECTORY%\installers"
-vpnsetup /SFXMODE:vpnclient /SFXOUT:"%BUILD_STAGINGDIRECTORY%\installers\softether-vpnclient-%VERSION%.%BUILD_NUMBER%.%ARCHITECTURE%.exe"
-vpnsetup /SFXMODE:vpnserver_vpnbridge /SFXOUT:"%BUILD_STAGINGDIRECTORY%\installers\softether-vpnserver_vpnbridge-%VERSION%.%BUILD_NUMBER%.%ARCHITECTURE%.exe"

.cirrus.yml

@@ -4,19 +4,19 @@ FreeBSD_task:
       SSL: openssl
       OPENSSL_ROOT_DIR: /usr/local
     env:
-      SSL: openssl32
+      SSL: openssl36
       OPENSSL_ROOT_DIR: /usr/local
     env:
       # base openssl
       SSL:
   matrix:
     freebsd_instance:
-      image_family: freebsd-13-2
+      image_family: freebsd-14-3
   prepare_script:
-    - pkg install -y pkgconf cmake git libsodium $SSL
+    - pkg install -y pkgconf cmake git libsodium cpu_features $SSL
     - git submodule update --init --recursive
   configure_script:
-    - ./configure
+    - CMAKE_FLAGS="-DUSE_SYSTEM_CPU_FEATURES=1" CFLAGS="-I/usr/local/include/cpu_features" ./configure
   build_script:
     - make -j $(sysctl -n hw.ncpu || echo 4) -C build
   test_script:

.github/ISSUE_TEMPLATE/bug_report_or_issue_report.yml

@@ -8,6 +8,8 @@ body:
         Thanks for taking the time to fill out this bug report!         
         We provide a template which is specifically made for bug reports, to be sure that the report includes enough details to be helpful.
         
+        **⚠️ Antivirus False Positive?** If you're reporting an antivirus detection issue, please see [ANTIVIRUS.md](https://github.com/SoftEtherVPN/SoftEtherVPN/blob/master/ANTIVIRUS.md) first. Antivirus false positives should be reported to the antivirus vendor, not as bugs in SoftEther VPN.
+  
   - type: checkboxes
     attributes:
       label: Are you using SoftEther VPN 5.x?

.github/ISSUE_TEMPLATE/config.yml

@@ -1,4 +1,8 @@
 contact_links:
+  - name: Antivirus False Positive Detection
+    about: If antivirus software is flagging SoftEther VPN as malicious, this is a false positive. See our documentation for solutions and how to report to antivirus vendors.
+    url: https://github.com/SoftEtherVPN/SoftEtherVPN/blob/master/ANTIVIRUS.md
+
   - name: Are you using SoftEther VPN 4.x?
     about: This repository is for SoftEther VPN 5.x Developer Edition, developed independently from SoftEther VPN 4.x. Visit vpnusers.com if you would like to report issues or ask questions about version 4.x!
     url: https://www.vpnusers.com/

.github/workflows/coverity.yml

@@ -4,6 +4,7 @@ name: Coverity
 on:
   schedule:
   - cron: "0 0 * * *"
+  workflow_dispatch:
 
 permissions:
   contents: read
@@ -11,7 +12,7 @@ permissions:
 jobs:
   scan:
     runs-on: ubuntu-latest
-    if: ${{ github.repository_owner == 'SoftEtherVPN' }}
+    if: ${{ github.repository_owner == 'SoftEtherVPN' || github.event_name == 'workflow_dispatch' }}
     steps:
     - uses: actions/checkout@v2
       with:

.github/workflows/docker-aio.yml

@@ -0,0 +1,98 @@
+name: docker-aio
+
+on:
+  push:
+    branches: 
+      - 'master'
+    tags:
+      - '*'
+  pull_request:
+  workflow_dispatch:
+
+jobs:
+  docker:
+    name: docker-aio
+    runs-on: ubuntu-latest
+    if: ${{ github.repository_owner == 'SoftEtherVPN' }}
+    steps:
+      -
+        name: Docker meta vpnserver
+        id: metavpnserver
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ github.repository_owner }}/vpnserver
+          tags: |
+            type=raw,value=latest,enable={{is_default_branch}}
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+      - 
+        name: Docker meta vpnclient
+        id: metavpnclient
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ github.repository_owner }}/vpnclient
+          tags: |
+            type=raw,value=latest,enable={{is_default_branch}}
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+      - 
+        name: Docker meta vpnbridge
+        id: metavpnbridge
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ github.repository_owner }}/vpnbridge
+          tags: |
+            type=raw,value=latest,enable={{is_default_branch}}
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+      -
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+        with:
+          image: tonistiigi/binfmt:qemu-v9.2.0
+#
+# TODO: unpin qemu version after default is updated
+#
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      -
+        name: Login to DockerHub
+        if: ${{ github.event_name != 'pull_request' }}
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      -
+        name: Build and push vpnserver
+        uses: docker/build-push-action@v6
+        with:
+          file: ./Dockerfile
+          target: vpnserver
+          push: ${{ github.event_name != 'pull_request' }}
+          platforms: linux/amd64,linux/arm64
+          tags: ${{ steps.metavpnserver.outputs.tags }}
+          labels: ${{ steps.metavpnserver.outputs.labels }}
+      -
+        name: Build and push vpnclient
+        uses: docker/build-push-action@v6
+        with:
+          file: ./Dockerfile
+          target: vpnclient
+          push: ${{ github.event_name != 'pull_request' }}
+          platforms: linux/amd64,linux/arm64
+          tags: ${{ steps.metavpnclient.outputs.tags }}
+          labels: ${{ steps.metavpnclient.outputs.labels }}
+      -
+        name: Build and push vpnbridge
+        uses: docker/build-push-action@v6
+        with:
+          file: ./Dockerfile
+          target: vpnbridge
+          push: ${{ github.event_name != 'pull_request' }}
+          platforms: linux/amd64,linux/arm64
+          tags: ${{ steps.metavpnbridge.outputs.tags }}
+          labels: ${{ steps.metavpnbridge.outputs.labels }}

.github/workflows/fedora-rawhide.yml

@@ -4,6 +4,7 @@ on:
   schedule:
     - cron: "0 0 25 * *"
   push:
+  pull_request:
   workflow_dispatch:
 
 permissions:
@@ -24,10 +25,10 @@ jobs:
         submodules: true
     - name: Install dependencies
       run: |
-        dnf -y install git cmake ncurses-devel openssl-devel libsodium-devel readline-devel zlib-devel gcc-c++ clang
+        dnf -y install git cmake ncurses-devel openssl-devel-engine libsodium-devel readline-devel zlib-devel gcc-c++ clang google-cpu_features-devel
     - name: Compile with ${{ matrix.cc }}
       run: |
         export CC=${{ matrix.cc }}
-        ./configure
+        CMAKE_FLAGS="-DUSE_SYSTEM_CPU_FEATURES=1" CFLAGS="-I/usr/include/cpu_features" ./configure
         make -C build
 

.github/workflows/linux.yml

@@ -26,6 +26,13 @@ jobs:
         cd build
         cpack -C Release -G DEB 
 
+    - name: Upload DEB packages as artifacts
+      if: github.ref == 'refs/heads/master'
+      uses: actions/upload-artifact@v4
+      with:
+        name: deb-packages
+        path: build/*.deb
+
     - name: Test
       run: |
        .ci/appveyor-deb-install-test.sh

.github/workflows/macos.yml

@@ -7,7 +7,7 @@ jobs:
   build_and_test:
     strategy:
       matrix:
-        os: [macos-13, macos-12, macos-11]
+        os: [macos-26, macos-15, macos-14]
     name: ${{ matrix.os }}
     runs-on: ${{ matrix.os }}
     steps:

.github/workflows/windows.yml

@@ -8,10 +8,11 @@ jobs:
     strategy:
       matrix:
         platform: [
-          { ARCHITECTURE: x86, COMPILER_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Tools/Llvm/bin/clang-cl.exe",     VCPKG_TRIPLET: "x86-windows-static", VCVARS_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Auxiliary/Build/vcvars32.bat"},
-          { ARCHITECTURE: x64, COMPILER_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Tools/Llvm/x64/bin/clang-cl.exe", VCPKG_TRIPLET: "x64-windows-static", VCVARS_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Auxiliary/Build/vcvars64.bat"}
+          { ARCHITECTURE: x86, COMPILER_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Tools/Llvm/bin/clang-cl.exe",     VCPKG_TRIPLET: "x86-windows-static", VCVARS_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Auxiliary/Build/vcvars32.bat", RUNNER: "windows-latest", CMAKE_EXTRA_FLAGS: ""},
+          { ARCHITECTURE: x64, COMPILER_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Tools/Llvm/x64/bin/clang-cl.exe", VCPKG_TRIPLET: "x64-windows-static", VCVARS_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Auxiliary/Build/vcvars64.bat", RUNNER: "windows-latest", CMAKE_EXTRA_FLAGS: ""},
+          { ARCHITECTURE: arm64, COMPILER_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Tools/Llvm/ARM64/bin/clang-cl.exe", VCPKG_TRIPLET: "arm64-windows-static", VCVARS_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Auxiliary/Build/vcvarsarm64.bat", RUNNER: "windows-11-arm", CMAKE_EXTRA_FLAGS: "-DOQS_PERMIT_UNSUPPORTED_ARCHITECTURE=ON"}
         ]
-    runs-on: windows-latest
+    runs-on: ${{ matrix.platform.RUNNER }}
     name: ${{ matrix.platform.ARCHITECTURE }}
     steps:
     - uses: actions/checkout@v4
@@ -22,13 +23,29 @@ jobs:
       with:
         path: 'build/vcpkg_installed/'
         key: vcpkg-${{ matrix.platform.VCPKG_TRIPLET }}
+    - name: Set version variables
+      run: |
+        $v = python version.py
+        echo "VERSION=$v" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append
+      shell: pwsh
     - name: Build
       env:
         ARCHITECTURE: ${{ matrix.platform.ARCHITECTURE }}
         COMPILER_PATH: ${{ matrix.platform.COMPILER_PATH }}
         VCPKG_TRIPLET: ${{ matrix.platform.VCPKG_TRIPLET }}
         VCVARS_PATH: ${{ matrix.platform.VCVARS_PATH }}
-      run: .ci/azure-pipelines/windows_build.bat
+        CMAKE_EXTRA_FLAGS: ${{ matrix.platform.CMAKE_EXTRA_FLAGS }}
+      run: |
+        set BUILD_NUMBER=0
+        mkdir build
+        cd build
+        call "%VCVARS_PATH%"
+        cmake -G "Ninja" -DCMAKE_TOOLCHAIN_FILE="C:\vcpkg\scripts\buildsystems\vcpkg.cmake" -DVCPKG_TARGET_TRIPLET=%VCPKG_TRIPLET% -DCMAKE_BUILD_TYPE=RelWithDebInfo -DCMAKE_C_COMPILER="%COMPILER_PATH%" -DCMAKE_CXX_COMPILER="%COMPILER_PATH%" -DBUILD_NUMBER=%BUILD_NUMBER% %CMAKE_EXTRA_FLAGS% ..
+        cmake --build .
+        mkdir installers
+        vpnsetup /SFXMODE:vpnclient /SFXOUT:"installers\softether-vpnclient-%VERSION%.%BUILD_NUMBER%.%ARCHITECTURE%.exe"
+        vpnsetup /SFXMODE:vpnserver_vpnbridge /SFXOUT:"installers\softether-vpnserver_vpnbridge-%VERSION%.%BUILD_NUMBER%.%ARCHITECTURE%.exe"
+      shell: cmd
     - name: Test
       shell: powershell
       run: |

.github/workflows/windows_release.yml

@@ -0,0 +1,96 @@
+name: "Release"
+
+on:
+  push:
+    tags:
+      - '*'
+
+concurrency:
+  group: "${{ github.workflow }}-${{ github.ref }}"
+  cancel-in-progress: true
+
+permissions:
+  contents: write
+
+jobs:
+  release:
+    runs-on: windows-latest
+    outputs:
+      upload_url: "${{ steps.create_release.outputs.upload_url }}"
+    steps:
+      - name: "Checkout repository"
+        uses: actions/checkout@v4
+
+      - name: "Create GitHub release"
+        id: create_release
+        uses: softprops/action-gh-release@v1
+  build-windows:
+    name: ${{ matrix.platform.ARCHITECTURE }}
+    runs-on: ${{ matrix.platform.RUNNER }}
+    needs: ["release"]
+    strategy:
+      matrix:
+        platform: [
+          { ARCHITECTURE: x86, COMPILER_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Tools/Llvm/bin/clang-cl.exe",     VCPKG_TRIPLET: "x86-windows-static", VCVARS_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Auxiliary/Build/vcvars32.bat", RUNNER: "windows-latest", CMAKE_EXTRA_FLAGS: ""},
+          { ARCHITECTURE: x64, COMPILER_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Tools/Llvm/x64/bin/clang-cl.exe", VCPKG_TRIPLET: "x64-windows-static", VCVARS_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Auxiliary/Build/vcvars64.bat", RUNNER: "windows-latest", CMAKE_EXTRA_FLAGS: ""},
+          { ARCHITECTURE: arm64, COMPILER_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Tools/Llvm/ARM64/bin/clang-cl.exe", VCPKG_TRIPLET: "arm64-windows-static", VCVARS_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Auxiliary/Build/vcvarsarm64.bat", RUNNER: "windows-11-arm", CMAKE_EXTRA_FLAGS: "-DOQS_PERMIT_UNSUPPORTED_ARCHITECTURE=ON"}
+        ]
+    steps:
+      - name: "Checkout repository"
+        uses: actions/checkout@v4
+        with:
+          submodules: true
+      - name: Cache vcpkg
+        uses: actions/cache@v4
+        with:
+          path: 'build/vcpkg_installed/'
+          key: vcpkg-release-${{ matrix.platform.VCPKG_TRIPLET }}
+      - name: Set version variables
+        run: |
+          $b=(Get-Content CMakeSettings.json | Out-String | ConvertFrom-Json).environments.BuildNumber		
+          echo "BUILD_NUMBER=$b" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append
+          $v = python version.py
+          echo "VERSION=$v" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append
+        shell: pwsh
+      - name: Build
+        env:
+          ARCHITECTURE: ${{ matrix.platform.ARCHITECTURE }}
+          COMPILER_PATH: ${{ matrix.platform.COMPILER_PATH }}
+          VCPKG_TRIPLET: ${{ matrix.platform.VCPKG_TRIPLET }}
+          VCVARS_PATH: ${{ matrix.platform.VCVARS_PATH }}
+          CMAKE_EXTRA_FLAGS: ${{ matrix.platform.CMAKE_EXTRA_FLAGS }}
+        run: |
+          mkdir build
+          cd build
+          call "%VCVARS_PATH%"
+          cmake -G "Ninja" -DCMAKE_TOOLCHAIN_FILE="C:\vcpkg\scripts\buildsystems\vcpkg.cmake" -DVCPKG_TARGET_TRIPLET=%VCPKG_TRIPLET% -DCMAKE_BUILD_TYPE=RelWithDebInfo -DCMAKE_C_COMPILER="%COMPILER_PATH%" -DCMAKE_CXX_COMPILER="%COMPILER_PATH%" -DBUILD_NUMBER=%BUILD_NUMBER% %CMAKE_EXTRA_FLAGS% ..
+          cmake --build .
+          mkdir installers
+          vpnsetup /SFXMODE:vpnclient /SFXOUT:"installers\softether-vpnclient-%VERSION%.%BUILD_NUMBER%.%ARCHITECTURE%.exe"
+          vpnsetup /SFXMODE:vpnserver_vpnbridge /SFXOUT:"installers\softether-vpnserver_vpnbridge-%VERSION%.%BUILD_NUMBER%.%ARCHITECTURE%.exe"
+        shell: cmd
+
+      - name: dir
+        run: |
+          Get-ChildItem -Recurse build/installers
+        shell: pwsh
+
+      - name: "Upload softether-vpnclient"
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: "${{ github.token }}"
+        with:
+          upload_url: "${{ needs.release.outputs.upload_url }}"
+          asset_path: "build/installers/softether-vpnclient-${{ env.VERSION }}.${{ env.BUILD_NUMBER }}.${{ matrix.platform.ARCHITECTURE }}.exe"
+          asset_name: "softether-vpnclient-${{ env.VERSION }}.${{ env.BUILD_NUMBER }}.${{ matrix.platform.ARCHITECTURE }}.exe"
+          asset_content_type: "application/octet-stream"
+      - name: "Upload softether-vpnserver_vpnbridge"
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: "${{ github.token }}"
+        with:
+          upload_url: "${{ needs.release.outputs.upload_url }}"
+          asset_path: "build/installers/softether-vpnserver_vpnbridge-${{ env.VERSION }}.${{ env.BUILD_NUMBER }}.${{ matrix.platform.ARCHITECTURE }}.exe"
+          asset_name: "softether-vpnserver_vpnbridge-${{ env.VERSION }}.${{ env.BUILD_NUMBER }}.${{ matrix.platform.ARCHITECTURE }}.exe"
+          asset_content_type: "application/octet-stream"
+

.gitignore

@@ -210,3 +210,9 @@ developer_tools/stbchecker/**/*.binlog
 developer_tools/stbchecker/**/*.nvuser
 developer_tools/stbchecker/**/.mfractor/
 /vcpkg_installed
+
+# Build directories
+/_codeql_build_dir/
+/_codeql_detected_source_root
+/build/
+/build_test/

.gitmodules

@@ -10,3 +10,9 @@
 [submodule "src/libhamcore"]
 	path = src/libhamcore
 	url = https://github.com/SoftEtherVPN/libhamcore.git
+[submodule "src/Mayaqua/3rdparty/oqs-provider"]
+	path = src/Mayaqua/3rdparty/oqs-provider
+	url = https://github.com/open-quantum-safe/oqs-provider.git
+[submodule "src/Mayaqua/3rdparty/liboqs"]
+	path = src/Mayaqua/3rdparty/liboqs
+	url = https://github.com/open-quantum-safe/liboqs.git

ANTIVIRUS.md

@@ -0,0 +1,338 @@
+# Antivirus False Positive Detection
+
+## Overview
+
+Some antivirus software, including Microsoft Defender, may incorrectly flag SoftEther VPN executables as malicious software. This is a **false positive** detection. SoftEther VPN is legitimate, open-source software that has been developed and maintained since 2013 by researchers at the University of Tsukuba, Japan.
+
+## Why Does This Happen?
+
+Antivirus software uses heuristic analysis to detect potentially malicious behavior. VPN software like SoftEther VPN performs operations that can appear suspicious to antivirus programs, including:
+
+- **Network tunneling and traffic interception**: VPN software creates virtual network adapters and intercepts network traffic to secure it
+- **Low-level network operations**: Packet filtering, protocol handling, and kernel-mode operations
+- **Service installation**: VPN clients install system services that run with elevated privileges
+- **Registry modifications**: Required for Windows integration and auto-start functionality
+- **Dynamic code execution**: Network protocol implementations may use techniques that appear similar to malicious software
+
+These are **normal and necessary operations** for any VPN software, but they can trigger heuristic-based detection algorithms.
+
+## Microsoft Defender Specific Issue
+
+### Affected Components
+
+Microsoft Defender may flag the following SoftEther VPN 5.x components as `Trojan:Win32/KepavII!rfn`:
+
+- `vpnclient.exe` - VPN Client executable
+- `vpnserver.exe` - VPN Server executable  
+- `vpnbridge.exe` - VPN Bridge executable
+- `vpncmd.exe` - VPN Command-line utility
+- Start menu shortcuts
+- Registry entries
+- Windows services (`SEVPNCLIENTDEV`, `SEVPNSERVERDEV`, etc.)
+
+### Detection Details
+
+```
+Detected: Trojan:Win32/KepavII!rfn
+Status: Quarantined
+Description: "This program is dangerous and executes commands from an attacker."
+```
+
+**This is a false positive.** The detection is based on behavioral heuristics, not actual malicious code.
+
+## Solutions and Workarounds
+
+### Option 1: Add Exclusions (Recommended for Users)
+
+The recommended approach is to add SoftEther VPN directories to Microsoft Defender's exclusion list:
+
+#### Step-by-Step Instructions:
+
+1. **Open Windows Security**
+   - Press `Windows Key + I` to open Settings
+   - Navigate to **Privacy & Security** → **Windows Security**
+   - Click **Virus & threat protection**
+
+2. **Access Exclusion Settings**
+   - Scroll down to **Virus & threat protection settings**
+   - Click **Manage settings**
+   - Scroll down to **Exclusions**
+   - Click **Add or remove exclusions**
+
+3. **Add SoftEther VPN Directories**
+   
+   Click **Add an exclusion** → **Folder** and add these paths:
+   
+   - `C:\Program Files\SoftEther VPN Client`
+   - `C:\Program Files\SoftEther VPN Client Developer Edition`
+   - `C:\Program Files\SoftEther VPN Server`
+   - `C:\Program Files\SoftEther VPN Server Manager`
+   - `C:\Program Files\SoftEther VPN Server Manager Developer Edition`
+   - `C:\Program Files\SoftEther VPN Server Developer Edition`
+   - `C:\ProgramData\SoftEther VPN Client`
+   - `C:\ProgramData\SoftEther VPN Server`
+   
+   **Note**: Add only the directories that correspond to the SoftEther VPN components you have installed.
+
+4. **Restore Quarantined Files** (if needed)
+   - Go back to **Virus & threat protection**
+   - Click **Protection history**
+   - Find the quarantined SoftEther VPN files
+   - Click **Actions** → **Restore**
+
+5. **Reinstall if Necessary**
+   - If files were deleted, you may need to reinstall SoftEther VPN
+   - The exclusions will prevent future detections
+
+### Option 2: Report False Positive to Microsoft
+
+Help improve Microsoft Defender by reporting the false positive:
+
+1. **Submit to Microsoft Defender Security Intelligence**
+   - Visit: https://www.microsoft.com/en-us/wdsi/filesubmission
+   - Select **File** submission type
+   - Choose **Software developer** as your role
+   - Submit the falsely detected SoftEther VPN executable files
+   - Provide details: "False positive detection of SoftEther VPN, open-source VPN software"
+
+2. **Include Information**
+   - Product Name: SoftEther VPN
+   - Vendor: SoftEther Project at University of Tsukuba
+   - Official Website: https://www.softether.org/
+   - GitHub Repository: https://github.com/SoftEtherVPN/SoftEtherVPN
+   - License: Apache License 2.0
+
+Microsoft typically reviews submissions within a few days and updates their definitions if confirmed as a false positive.
+
+### Option 3: Use Alternative Antivirus Software
+
+If Microsoft Defender continues to cause issues:
+
+1. Consider using alternative antivirus software that doesn't flag SoftEther VPN
+2. Some users report fewer false positives with third-party antivirus solutions
+3. Ensure any alternative antivirus is from a reputable vendor
+
+## For IT Administrators
+
+### Group Policy Configuration
+
+To deploy exclusions across an organization using Group Policy:
+
+1. **Open Group Policy Management Console**
+   ```
+   gpmc.msc
+   ```
+
+2. **Navigate to Windows Defender Antivirus Settings**
+   ```
+   Computer Configuration → Policies → Administrative Templates 
+   → Windows Components → Microsoft Defender Antivirus → Exclusions
+   ```
+
+3. **Configure Path Exclusions**
+   - Enable **Path Exclusions**
+   - Add the SoftEther VPN installation directories
+
+4. **Update Group Policy**
+   ```powershell
+   gpupdate /force
+   ```
+
+### PowerShell Exclusion Script
+
+For automated deployment, use this PowerShell script (requires Administrator privileges):
+
+```powershell
+# Add Windows Defender exclusions for SoftEther VPN
+# Requires Administrator privileges
+
+$exclusionPaths = @(
+    "C:\Program Files\SoftEther VPN Client",
+    "C:\Program Files\SoftEther VPN Client Developer Edition",
+    "C:\Program Files\SoftEther VPN Server",
+    "C:\Program Files\SoftEther VPN Server Manager",
+    "C:\Program Files\SoftEther VPN Server Manager Developer Edition",
+    "C:\Program Files\SoftEther VPN Server Developer Edition",
+    "C:\ProgramData\SoftEther VPN Client",
+    "C:\ProgramData\SoftEther VPN Server"
+)
+
+# Check if running as Administrator
+$isAdmin = ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)
+
+if (-not $isAdmin) {
+    Write-Error "This script requires Administrator privileges. Please run PowerShell as Administrator."
+    exit 1
+}
+
+# Check if Windows Defender module is available
+if (-not (Get-Module -ListAvailable -Name Defender)) {
+    Write-Error "Windows Defender PowerShell module is not available on this system."
+    exit 1
+}
+
+$successCount = 0
+$errorCount = 0
+
+foreach ($path in $exclusionPaths) {
+    if (Test-Path $path) {
+        try {
+            Add-MpPreference -ExclusionPath $path -ErrorAction Stop
+            Write-Host "✓ Added exclusion: $path" -ForegroundColor Green
+            $successCount++
+        }
+        catch {
+            Write-Warning "✗ Failed to add exclusion for: $path"
+            Write-Warning "  Error: $($_.Exception.Message)"
+            $errorCount++
+        }
+    }
+    else {
+        Write-Host "- Skipped (not found): $path" -ForegroundColor Gray
+    }
+}
+
+Write-Host "`nSummary:" -ForegroundColor Cyan
+Write-Host "  Successfully added: $successCount exclusion(s)" -ForegroundColor Green
+if ($errorCount -gt 0) {
+    Write-Host "  Failed: $errorCount exclusion(s)" -ForegroundColor Red
+}
+Write-Host "`nSoftEther VPN exclusions configured." -ForegroundColor Cyan
+```
+
+Save as `Add-SoftEtherVPN-Exclusions.ps1` and run as Administrator.
+
+## Verification of Software Authenticity
+
+### Open Source Verification
+
+SoftEther VPN is **fully open source** and can be verified:
+
+1. **Source Code Review**
+   - Complete source code: https://github.com/SoftEtherVPN/SoftEtherVPN
+   - All commits are publicly visible
+   - Community peer-reviewed code
+
+2. **Build from Source**
+   - You can compile SoftEther VPN yourself from source
+   - See: [BUILD_WINDOWS.md](src/BUILD_WINDOWS.md) and [BUILD_UNIX.md](src/BUILD_UNIX.md)
+   - Self-compiled builds may have fewer false positive issues
+
+3. **Community Trust**
+   - Active development since 2013
+   - Over 11,000+ GitHub stars
+   - Used by organizations and individuals worldwide
+   - Peer-reviewed academic research project
+
+### Official Distributions
+
+Always download SoftEther VPN from official sources:
+
+- **Official Website**: https://www.softether.org/
+- **GitHub Releases**: https://github.com/SoftEtherVPN/SoftEtherVPN/releases
+- **Official Download Site**: https://www.softether-download.com/
+
+**Warning**: Do not download SoftEther VPN from third-party websites or unofficial sources.
+
+## Technical Background
+
+### Why VPN Software Triggers Detection
+
+VPN software implements functionality that overlaps with techniques used by some malware:
+
+1. **Kernel-mode drivers**: Required for creating virtual network adapters
+2. **Network traffic interception**: Core VPN functionality to encrypt traffic
+3. **Process injection**: Some VPN implementations inject into other processes
+4. **Privilege escalation**: VPN services need administrative rights
+5. **Persistent system changes**: Auto-start configuration, service installation
+
+These are **legitimate techniques** when used by trusted VPN software.
+
+### False Positive Rate
+
+False positives are common in the VPN and security software industry. Other legitimate VPN and security tools have faced similar issues:
+
+- OpenVPN has been flagged by various antivirus vendors
+- WireGuard implementations have triggered false positives
+- Many security research tools face similar challenges
+
+## Code Signing Status
+
+**Note**: The official SoftEther VPN releases may not include code signing certificates. Code signing certificates require:
+
+- Annual fees (typically $300-500+ per year)
+- Corporate entity for Extended Validation (EV) certificates
+- Hardware security modules (HSM) for EV certificate storage
+
+As an open-source project with limited funding, SoftEther VPN prioritizes development over expensive code signing infrastructure. However, this doesn't make the software any less safe - all source code is publicly auditable.
+
+Users who require signed binaries can:
+1. Build from source and sign with their own certificates
+2. Work with their organization to sign the binaries
+3. Use alternative verification methods (source code review, checksums, etc.)
+
+## Best Practices
+
+1. **Keep Antivirus Updated**: Ensure Microsoft Defender definitions are current
+2. **Monitor Protection History**: Regularly check if SoftEther VPN is being flagged
+3. **Subscribe to Updates**: Follow SoftEther VPN releases for security updates
+4. **Report False Positives**: Help the community by reporting detections to Microsoft
+5. **Use Official Builds**: Only download from official sources
+
+## Additional Resources
+
+- **SoftEther VPN Official Website**: https://www.softether.org/
+- **GitHub Repository**: https://github.com/SoftEtherVPN/SoftEtherVPN
+- **Security Policy**: [SECURITY.md](SECURITY.md)
+- **Microsoft Defender Submission Portal**: https://www.microsoft.com/en-us/wdsi/filesubmission
+- **Build Instructions**: [BUILD_WINDOWS.md](src/BUILD_WINDOWS.md)
+
+## Frequently Asked Questions
+
+### Q: Is SoftEther VPN safe to use?
+
+**A**: Yes. SoftEther VPN is legitimate, open-source software developed by researchers at the University of Tsukuba, Japan. The detection is a false positive. All source code is publicly available for review at https://github.com/SoftEtherVPN/SoftEtherVPN
+
+### Q: Why don't you just fix the code to not trigger antivirus?
+
+**A**: The detection is based on legitimate VPN operations, not malicious code. Changing how VPN functionality works to avoid heuristic detection would compromise the software's core purpose. The correct solution is to report false positives to antivirus vendors and add exclusions.
+
+### Q: Will adding exclusions make my computer less secure?
+
+**A**: Exclusions for trusted software from official sources don't significantly reduce security. Only add exclusions for software you trust and have downloaded from official sources. SoftEther VPN is open-source and can be verified.
+
+### Q: Can I use SoftEther VPN without adding exclusions?
+
+**A**: Not reliably with Microsoft Defender. The antivirus will quarantine executables and prevent the VPN from functioning. Exclusions are necessary unless Microsoft updates their detection definitions.
+
+### Q: How do I know my downloaded file is authentic?
+
+**A**: 
+1. Only download from https://github.com/SoftEtherVPN/SoftEtherVPN/releases or https://www.softether.org/
+2. Verify the file hash/checksum if provided
+3. Review the source code on GitHub
+4. Build from source yourself for maximum assurance
+
+### Q: Is this issue specific to SoftEther VPN?
+
+**A**: No. Many VPN applications and security tools face false positive detections. OpenVPN, WireGuard implementations, and other network security tools have similar issues with various antivirus vendors.
+
+### Q: Will this be fixed in a future version?
+
+**A**: The SoftEther VPN project continues to work on this issue. However, heuristic-based detection is challenging to avoid without compromising functionality. The best approach is to:
+1. Report false positives to Microsoft
+2. Use exclusions as needed
+3. Build from source if your organization requires it
+
+## Contributing
+
+If you have additional solutions or workarounds that have worked for you, please contribute to this documentation:
+
+1. Fork the repository: https://github.com/SoftEtherVPN/SoftEtherVPN
+2. Edit this file: `ANTIVIRUS.md`
+3. Submit a pull request with your improvements
+
+---
+
+**Applies to**: SoftEther VPN 5.x (Developer Edition)  
+**Related Issue**: False positive detection by Microsoft Defender as Trojan:Win32/KepavII!rfn

CMakeLists.txt

@@ -1,9 +1,9 @@
-cmake_minimum_required(VERSION 3.10)
+cmake_minimum_required(VERSION 3.15)
 
 set(BUILD_NUMBER CACHE STRING "The number of the current build.")
 
 if ("${BUILD_NUMBER}" STREQUAL "")
-	set(BUILD_NUMBER "5183")
+	set(BUILD_NUMBER "5187")
 endif()
 
 if (BUILD_NUMBER LESS 5180)
@@ -53,7 +53,7 @@ if(UNIX)
   #
   # use rpath for locating installed libraries
   #
-  set(CMAKE_INSTALL_RPATH "${CMAKE_INSTALL_PREFIX}/lib")
+  set(CMAKE_INSTALL_RPATH "${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_LIBDIR}")
   set(CMAKE_INSTALL_RPATH_USE_LINK_PATH TRUE)
 
   include(CheckIncludeFile)

CMakeSettings.json

@@ -1,5 +1,5 @@
 {
-  "environments": [ { "BuildNumber": "5183" } ],
+  "environments": [ { "BuildNumber": "5187" } ],
   "configurations": [
     {
       "name": "x64-native",
@@ -136,6 +136,78 @@
           "type": "STRING"
         }
       ]
+    },
+    {
+      "name": "arm64-on-x64",
+      "description": "Cross compile Windows ARM64 on x64",
+      "generator": "Ninja",
+      "configurationType": "RelWithDebInfo",
+      "inheritEnvironments": ["msvc_arm64_x64"],
+      "buildRoot": "${projectDir}\\out\\build\\${name}",
+      "installRoot": "${projectDir}\\out\\install\\${name}",
+      "variables": [
+        {
+          "name": "BUILD_NUMBER",
+          "value": "${env.BuildNumber}",
+          "type": "STRING"
+        },
+        {
+          "name": "CMAKE_SYSTEM_NAME",
+          "value": "Windows",
+          "type": "STRING"
+        },
+        {
+          "name": "CMAKE_SYSTEM_PROCESSOR",
+          "value": "arm64",
+          "type": "STRING"
+        },
+        {
+          "name": "CMAKE_C_COMPILER",
+          "value": "${env.VCINSTALLDIR}Tools/Llvm/bin/clang-cl.exe",
+          "type": "FILEPATH"
+        },
+        {
+          "name": "CMAKE_CXX_COMPILER",
+          "value": "${env.VCINSTALLDIR}Tools/Llvm/bin/clang-cl.exe",
+          "type": "FILEPATH"
+        },
+        {
+          "name": "CMAKE_C_COMPILER_TARGET",
+          "value": "arm64-windows-msvc",
+          "type": "STRING"
+        },
+        {
+          "name": "CMAKE_CXX_COMPILER_TARGET",
+          "value": "arm64-windows-msvc",
+          "type": "STRING"
+        },
+        {
+          "name": "CMAKE_EXE_LINKER_FLAGS",
+          "value": "/machine:ARM64",
+          "type": "STRING"
+        },
+        {
+          "name": "VCPKG_TARGET_TRIPLET",
+          "value": "arm64-windows-static",
+          "type": "STRING"
+        },
+        {
+          "name": "CMAKE_STATIC_LINKER_FLAGS",
+          "value": "/machine:ARM64",
+          "type": "STRING"
+        },
+        {
+          "name": "CMAKE_SHARED_LINKER_FLAGS",
+          "value": "/machine:ARM64",
+          "type": "STRING"
+        },
+        {
+          "name": "IS_CROSS_COMPILATION",
+          "value": "arm64-on-x64",
+          "type": "STRING"
+
+        }
+      ]
     }
   ]
 }

ContainerREADME.md

@@ -0,0 +1,104 @@
+# SoftetherVPN Container images
+
+This container is designed to be as small as possible and host a SoftEther VPN Server, Bridge or Client.
+It´s based on Alpine so resulting Image is kept as small as 15MB!
+
+## Not working 
+
+* bridging to a physical Ethernet adapter 
+
+## working
+
+* OpenVPN
+* L2tp
+* SSL 
+* SecureNAT
+* Wireguard (not with the "stable" tag)
+
+
+
+## Available Tags
+
+
+|Image|Description|
+|---|---|
+|softethervpn/vpnserver:stable|Latest stable release from https://github.com/SoftEtherVPN/SoftEtherVPN_Stable|
+|softethervpn/vpnserver:v4.39-9772-beta|Tagged build|
+|softethervpn/vpnserver:latest|Latest commits from https://github.com/SoftEtherVPN/SoftEtherVPN|
+
+
+You should always specify your wanted version like `softethervpn/vpnserver:5.02.5180`
+
+## Usage docker run
+
+This will keep your config and Logfiles in the docker volume `softetherdata`
+
+`docker run -d --rm --name softether-vpn-server -v softetherdata:/var/lib/softether -v softetherlogs:/var/log/softether -p 443:443/tcp -p 992:992/tcp -p 1194:1194/udp -p 5555:5555/tcp -p 500:500/udp -p 4500:4500/udp -p 1701:1701/udp --cap-add NET_ADMIN softethervpn/vpnserver:stable`
+
+## Port requirements
+
+As there are different operating modes for SoftetherVPN there is a variety of ports that might or might not be needed.
+For operation with Softether Clients at least 443, 992 or 5555 is needed.
+See https://www.softether.org/4-docs/1-manual/1/1.6 for reference on the Softether ports.
+Others are commented out in the docker-compose example.
+
+## Usage docker-compose
+
+The same command can be achieved by docker-compose, the docker compose file is in the repository.
+You can specify the respective docker-compose.yaml like so: 
+
+`docker-compose -f docker-compose.vpnclient.yaml up -d`
+
+By default the docker-compose.yaml is used: 
+
+```
+version: '3'
+
+services:
+  softether:
+    image: softethervpn/vpnserver:latest
+    cap_add:
+      - NET_ADMIN
+    restart: always
+    ports:
+      #- 53:53         #DNS tunneling
+      - 443:443         #Management and HTTPS tunneling
+      #- 992:992         #HTTPS tunneling
+      #- 1194:1194/udp #OpenVPN 
+      #- 5555:5555       #HTTPS tunneling
+      #- 500:500/udp   #IPsec/L2TP
+      #- 4500:4500/udp #IPsec/L2TP
+      #- 1701:1701/udp #IPsec/L2TP
+    volumes:
+      - "/etc/localtime:/etc/localtime:ro"
+      - "/etc/timezone:/etc/timezone:ro"
+      - "./softether_data:/var/lib/softether"
+      - "./softether_log:/var/log/softether"
+      # - "./adminip.txt:/var/lib/softether/adminip.txt:ro"
+```
+
+### Use vpncmd
+
+With newer releases vpncmd is directly in the container so you can use it to configure vpn. You can can run it once the container is running :
+
+`docker exec -it softether-vpn-server vpncmd localhost`
+example to configure a vpnclient
+
+```
+docker exec -it softether-vpn-server vpncmd localhost /client
+
+VPN Client> AccountSet homevpn /SERVER:192.168.1.1:443 /HUB:VPN
+VPN Client> AccountPasswordSet homevpn /PASSWORD:verysecurepassword /TYPE:standard
+VPN Client> AccountConnect homevpn
+
+#Automatically connect once container starts
+VPN Client> AccountStartupSet homevpn
+
+#Checking State
+VPN Client> AccountStatusGet homevpn
+
+```
+
+## Building 
+
+` docker build --target vpnclient -t softethevpn:latest .`

Dockerfile

@@ -0,0 +1,54 @@
+FROM alpine AS builder
+RUN mkdir /usr/local/src && apk add binutils --no-cache\
+        linux-headers \
+	build-base \
+        readline-dev \
+        openssl-dev \
+        ncurses-dev \
+        git \
+        cmake \
+        zlib-dev \
+        libsodium-dev \
+        gnu-libiconv 
+
+ENV LD_PRELOAD=/usr/lib/preloadable_libiconv.so
+ADD ./ /usr/local/src/SoftEtherVPN/
+WORKDIR /usr/local/src
+ENV USE_MUSL=YES
+ENV CMAKE_FLAGS="-DSE_PIDDIR=/run/softether -DSE_LOGDIR=/var/log/softether -DSE_DBDIR=/var/lib/softether"
+RUN cd SoftEtherVPN &&\
+        ./configure &&\
+	make -j $(getconf _NPROCESSORS_ONLN) -C build
+
+FROM alpine AS base
+RUN apk add --no-cache readline \
+        openssl \
+        libsodium \
+        gnu-libiconv \
+        iptables
+ENV LD_PRELOAD=/usr/lib/preloadable_libiconv.so
+WORKDIR /usr/local/bin
+VOLUME /var/log/softether
+VOLUME /var/lib/softether
+VOLUME /run/softether
+COPY --from=builder /usr/local/src/SoftEtherVPN/build/vpncmd /usr/local/src/SoftEtherVPN/build/hamcore.se2 ./
+COPY --from=builder /usr/local/src/SoftEtherVPN/build/libcedar.so /usr/local/src/SoftEtherVPN/build/libmayaqua.so /usr/local/lib/
+
+
+FROM base AS vpnserver
+COPY --from=builder /usr/local/src/SoftEtherVPN/build/vpnserver ./
+RUN ./vpnserver --help
+EXPOSE 443/tcp 992/tcp 1194/tcp 1194/udp 5555/tcp 500/udp 4500/udp
+CMD ["/usr/local/bin/vpnserver", "execsvc"]
+
+
+FROM base AS vpnclient
+COPY --from=builder /usr/local/src/SoftEtherVPN/build/vpnclient ./
+RUN ./vpnclient --help
+CMD ["/usr/local/bin/vpnclient", "execsvc"]
+
+
+FROM base AS vpnbridge
+COPY --from=builder /usr/local/src/SoftEtherVPN/build/vpnbridge ./
+RUN ./vpnbridge --help
+CMD ["/usr/local/bin/vpnbridge", "execsvc"]

README.md

@@ -2,10 +2,8 @@
 
 ||Badges|
 |---|---|
-|AppVeyor|[![AppVeyor build status](https://ci.appveyor.com/api/projects/status/github/softethervpn/softethervpn?branch=master&svg=true)](https://ci.appveyor.com/project/softethervpn/softethervpn) |
 |GitLab CI|[![GitLab CI build status](https://gitlab.com/SoftEther/SoftEtherVPN/badges/master/pipeline.svg)](https://gitlab.com/SoftEther/SoftEtherVPN/pipelines)|
 |Coverity Scan|[![Coverity Scan build status](https://scan.coverity.com/projects/16304/badge.svg)](https://scan.coverity.com/projects/softethervpn-softethervpn)|
-|Azure Pipelines|[![Azure Pipelines build status for Nightly](https://dev.azure.com/SoftEther-VPN/SoftEther%20VPN/_apis/build/status/6?api-version=6.0-preview.1)](https://dev.azure.com/SoftEther-VPN/SoftEther%20VPN/_build?definitionId=6)|
 |Cirrus CI|[![Cirrus CI build status](https://api.cirrus-ci.com/github/SoftEtherVPN/SoftEtherVPN.svg)](https://cirrus-ci.com/github/SoftEtherVPN/SoftEtherVPN)|
 
 - [SoftEther VPN](#softether-vpn)
@@ -16,6 +14,7 @@
   * [For Windows](#for-windows)
   * [From binary installers (stable channel)](#from-binary-installers-stable-channel)
   * [Build from Source code](#build-from-source-code)
+- [Antivirus False Positive Detection](ANTIVIRUS.md)
 - [About HTML5-based Modern Admin Console and JSON-RPC API Suite](#about-html5-based-modern-admin-console-and-json-rpc-api-suite)
   * [Built-in SoftEther VPN Server HTML5 Ajax-based Web Administration Console](#built-in-softether-vpn-server-html5-ajax-based-web-administration-console)
   * [Built-in SoftEther Server VPN JSON-RPC API Suite](#built-in-softether-server-vpn-json-rpc-api-suite)
@@ -203,14 +202,22 @@ Also SoftEther VPN [Stable Edition](https://www.freshports.org/security/softethe
 
 ## For Windows
 
-[Nightly builds](https://dev.azure.com/SoftEther-VPN/SoftEther%20VPN/_build?definitionId=6)
+[Releases](https://github.com/SoftEtherVPN/SoftEtherVPN/releases)
+
+[Nightly builds](https://github.com/SoftEtherVPN/SoftEtherVPN/actions/workflows/windows.yml)
 (choose appropriate platform, then find binaries or installers as artifacts)
 
+**⚠️ Important for Windows Users**: Some antivirus software (including Microsoft Defender) may incorrectly flag SoftEther VPN as malicious. This is a **false positive**. See [ANTIVIRUS.md](ANTIVIRUS.md) for detailed information and solutions.
+
 ## From binary installers (stable channel)
 
 Those can be found under https://www.softether-download.com/
 There you can also find SoftEtherVPN source code in zip and tar formats.
 
+## Docker Container Image
+
+Please look at the [ContainerREADME.md](ContainerREADME.md)
+
 ## Build from Source code
 
 see [BUILD_UNIX](src/BUILD_UNIX.md) or [BUILD_WINDOWS](src/BUILD_WINDOWS.md)
@@ -286,6 +293,8 @@ We hope that you can reach one of the above URLs at least!
 Your contribution to SoftEther VPN Project is much appreciated.
 Please send patches to us through GitHub.
 
+Here you find how to submit new translation: [TRANSLATION_GUIDE.md](TRANSLATION_GUIDE.md)
+
 
 # DEAR SECURITY EXPERTS
 

SECURITY.md

@@ -13,3 +13,14 @@ currently being supported with security updates.
 ## Reporting a Vulnerability
 
 Please use [github security reporting](https://github.com/SoftEtherVPN/SoftEtherVPN/security/advisories/new)
+
+## Antivirus False Positive Detection
+
+Some antivirus software may incorrectly flag SoftEther VPN executables as malicious. This is a **false positive** and not a security vulnerability.
+
+**If you encounter antivirus warnings:**
+- See [ANTIVIRUS.md](ANTIVIRUS.md) for detailed information and solutions
+- Report false positives to your antivirus vendor
+- Verify downloads are from official sources only
+
+**SoftEther VPN is safe**: All source code is publicly available and can be reviewed at https://github.com/SoftEtherVPN/SoftEtherVPN

SoftEtherVPN-iOS/SoftEtherVPN-iOS/Protocol/SecureConnection.swift

@@ -0,0 +1,118 @@
+import Foundation
+import Network
+import Security
+
+/// SecureConnection handles the TLS connection with the SoftEther VPN server
+class SecureConnection {
+    
+    // MARK: - Properties
+    
+    private var connection: NWConnection?
+    private let host: String
+    private let port: UInt16
+    private let queue = DispatchQueue(label: "com.softether.connection", qos: .userInitiated)
+    
+    // MARK: - Initialization
+    
+    /// Initialize a secure connection
+    /// - Parameters:
+    ///   - host: Server hostname or IP address
+    ///   - port: Server port number
+    init(host: String, port: UInt16) {
+        self.host = host
+        self.port = port
+    }
+    
+    // MARK: - Public Methods
+    
+    /// Connect to the server using TLS
+    /// - Parameter completion: Callback with connection result
+    func connect(completion: @escaping (Bool, Error?) -> Void) {
+        let hostEndpoint = NWEndpoint.Host(host)
+        let portEndpoint = NWEndpoint.Port(rawValue: port)!
+        
+        // Create TLS parameters
+        let tlsOptions = NWProtocolTLS.Options()
+        
+        // Configure TLS for maximum compatibility with SoftEther
+        let securityOptions = tlsOptions.securityProtocolOptions
+        sec_protocol_options_set_tls_min_version(securityOptions, .TLSv12)
+        sec_protocol_options_set_tls_max_version(securityOptions, .TLSv13)
+        
+        // Allow all cipher suites for compatibility
+        sec_protocol_options_set_cipher_suites(securityOptions, nil, 0)
+        
+        // Disable certificate validation for initial development (ENABLE IN PRODUCTION)
+        sec_protocol_options_set_verify_block(securityOptions, { (_, _, trustResult, _) in
+            return true // Accept all certificates for testing
+        }, queue)
+        
+        // Create TCP options with TLS
+        let tcpOptions = NWProtocolTCP.Options()
+        tcpOptions.enableKeepalive = true
+        tcpOptions.keepaliveIdle = 30
+        
+        // Create connection parameters
+        let parameters = NWParameters(tls: tlsOptions, tcp: tcpOptions)
+        
+        // Create the connection
+        connection = NWConnection(host: hostEndpoint, port: portEndpoint, using: parameters)
+        
+        // Set up state handling
+        connection?.stateUpdateHandler = { [weak self] state in
+            switch state {
+            case .ready:
+                completion(true, nil)
+            case .failed(let error):
+                self?.disconnect()
+                completion(false, error)
+            case .cancelled:
+                completion(false, NSError(domain: "SoftEtherError", code: 1000, userInfo: [NSLocalizedDescriptionKey: "Connection cancelled"]))
+            default:
+                break
+            }
+        }
+        
+        // Start the connection
+        connection?.start(queue: queue)
+    }
+    
+    /// Disconnect from the server
+    func disconnect() {
+        connection?.cancel()
+        connection = nil
+    }
+    
+    /// Send data to the server
+    /// - Parameters:
+    ///   - data: Data to send
+    ///   - completion: Callback with error if any
+    func send(data: Data, completion: @escaping (Error?) -> Void) {
+        guard let connection = connection, connection.state == .ready else {
+            completion(NSError(domain: "SoftEtherError", code: 1001, userInfo: [NSLocalizedDescriptionKey: "Connection not ready"]))
+            return
+        }
+        
+        connection.send(content: data, completion: .contentProcessed { error in
+            completion(error)
+        })
+    }
+    
+    /// Receive data from the server
+    /// - Parameter completion: Callback with received data and error if any
+    func receive(completion: @escaping (Data?, Error?) -> Void) {
+        guard let connection = connection, connection.state == .ready else {
+            completion(nil, NSError(domain: "SoftEtherError", code: 1001, userInfo: [NSLocalizedDescriptionKey: "Connection not ready"]))
+            return
+        }
+        
+        connection.receive(minimumIncompleteLength: 1, maximumLength: 65536) { data, _, isComplete, error in
+            completion(data, error)
+            
+            if isComplete {
+                // Connection was closed by the peer
+                self.disconnect()
+            }
+        }
+    }
+}

SoftEtherVPN-iOS/SoftEtherVPN-iOS/Protocol/SoftEtherClientSignature.swift

@@ -0,0 +1,90 @@
+import Foundation
+
+/// Handles the specific client signature format that SoftEther expects
+class SoftEtherClientSignature {
+    
+    // MARK: - Constants
+    
+    private enum Constants {
+        static let clientBuildNumber: UInt32 = 5187
+        static let clientVersion: UInt32 = 5_02_0000 + clientBuildNumber
+        static let clientString = "SoftEther VPN Client"
+        static let softEtherMagic: [UInt8] = [0x5E, 0x68] // 'Se' in hex
+        
+        // Protocol identification constants from SoftEther source
+        static let cedar = "CEDAR"
+        static let sessionKey = "sessionkey"
+        static let protocol1 = "PROTOCOL"
+        static let protocol2 = "PROTOCOL2"
+    }
+    
+    // MARK: - Public Methods
+    
+    /// Generate the client signature packet that identifies this client as a legitimate SoftEther VPN client
+    /// - Returns: Data containing the formatted client signature
+    static func generateSignature() -> Data {
+        var data = Data()
+        
+        // 1. Add SoftEther magic bytes
+        data.append(contentsOf: Constants.softEtherMagic)
+        
+        // 2. Add client version in network byte order (big endian)
+        data.appendUInt32(Constants.clientVersion)
+        
+        // 3. Add client build number in network byte order
+        data.appendUInt32(Constants.clientBuildNumber)
+        
+        // 4. Add cedar protocol identifier
+        if let cedarData = Constants.cedar.data(using: .ascii) {
+            data.append(cedarData)
+            data.append(0) // null terminator
+        }
+        
+        // 5. Add client string with null terminator
+        if let clientString = (Constants.clientString + "\0").data(using: .ascii) {
+            data.append(clientString)
+        }
+        
+        // 6. Add protocol identifiers
+        if let protocolData = (Constants.protocol1 + "\0").data(using: .ascii) {
+            data.append(protocolData)
+        }
+        
+        if let protocol2Data = (Constants.protocol2 + "\0").data(using: .ascii) {
+            data.append(protocol2Data)
+        }
+        
+        // 7. Add session key marker
+        if let sessionKeyData = (Constants.sessionKey + "\0").data(using: .ascii) {
+            data.append(sessionKeyData)
+        }
+        
+        // 8. Add random data for session key (typically 20 bytes)
+        let randomSessionKey = SoftEtherCrypto.randomBytes(count: 20)
+        data.append(randomSessionKey)
+        
+        // 9. Calculate and append SHA-1 hash of the entire data for integrity verification
+        let hash = SoftEtherCrypto.sha1(data)
+        data.append(hash)
+        
+        return data
+    }
+    
+    /// Verify a server response to the client signature
+    /// - Parameter data: Response data from server
+    /// - Returns: True if valid response, false otherwise
+    static func verifyServerResponse(_ data: Data) -> Bool {
+        // Basic validation - a real implementation would parse and validate the server response format
+        // This is a minimal check to see if we have enough data and it starts with the magic bytes
+        guard data.count >= 8 else {
+            return false
+        }
+        
+        // Check if response starts with SoftEther magic bytes
+        if data[0] == Constants.softEtherMagic[0] && data[1] == Constants.softEtherMagic[1] {
+            return true
+        }
+        
+        return false
+    }
+}

SoftEtherVPN-iOS/SoftEtherVPN-iOS/Protocol/SoftEtherCrypto.swift

@@ -0,0 +1,97 @@
+import Foundation
+import CryptoKit
+
+/// Handles encryption operations for SoftEther protocol
+class SoftEtherCrypto {
+    
+    // MARK: - Constants
+    
+    private enum Constants {
+        static let sha1Size = 20
+        static let md5Size = 16
+    }
+    
+    // MARK: - Public Methods
+    
+    /// Generate secure random bytes
+    /// - Parameter count: Number of random bytes to generate
+    /// - Returns: Data containing random bytes
+    static func randomBytes(count: Int) -> Data {
+        var data = Data(count: count)
+        _ = data.withUnsafeMutableBytes { 
+            SecRandomCopyBytes(kSecRandomDefault, count, $0.baseAddress!)
+        }
+        return data
+    }
+    
+    /// Calculate SHA-1 hash
+    /// - Parameter data: Input data
+    /// - Returns: SHA-1 hash of the input data
+    static func sha1(_ data: Data) -> Data {
+        let digest = SHA1.hash(data: data)
+        return Data(digest)
+    }
+    
+    /// Calculate MD5 hash
+    /// - Parameter data: Input data
+    /// - Returns: MD5 hash of the input data
+    static func md5(_ data: Data) -> Data {
+        let digest = Insecure.MD5.hash(data: data)
+        return Data(digest)
+    }
+    
+    /// Encrypt data using RC4 algorithm (for SoftEther compatibility)
+    /// - Parameters:
+    ///   - data: Data to encrypt
+    ///   - key: Encryption key
+    /// - Returns: Encrypted data
+    static func rc4Encrypt(data: Data, key: Data) -> Data {
+        let rc4 = RC4(key: key)
+        return rc4.process(data)
+    }
+    
+    /// Decrypt data using RC4 algorithm (for SoftEther compatibility)
+    /// - Parameters:
+    ///   - data: Data to decrypt
+    ///   - key: Decryption key
+    /// - Returns: Decrypted data
+    static func rc4Decrypt(data: Data, key: Data) -> Data {
+        // RC4 is symmetric, so encryption and decryption are the same operation
+        return rc4Encrypt(data: data, key: key)
+    }
+}
+
+/// Simple RC4 implementation for SoftEther compatibility
+/// Note: RC4 is considered insecure, but SoftEther uses it in parts of its protocol
+private class RC4 {
+    private var state: [UInt8]
+    
+    init(key: Data) {
+        state = Array(0...255)
+        var j: Int = 0
+        
+        // Key scheduling algorithm
+        for i in 0..<256 {
+            let keyByte = key[i % key.count]
+            j = (j + Int(state[i]) + Int(keyByte)) & 0xFF
+            state.swapAt(i, j)
+        }
+    }
+    
+    func process(_ data: Data) -> Data {
+        var result = Data(count: data.count)
+        var i: Int = 0
+        var j: Int = 0
+        
+        // Generate keystream and XOR with plaintext
+        for k in 0..<data.count {
+            i = (i + 1) & 0xFF
+            j = (j + Int(state[i])) & 0xFF
+            state.swapAt(i, j)
+            let keyStreamByte = state[(Int(state[i]) + Int(state[j])) & 0xFF]
+            result[k] = data[k] ^ keyStreamByte
+        }
+        
+        return result
+    }
+}

SoftEtherVPN-iOS/SoftEtherVPN-iOS/Protocol/SoftEtherPacket.swift

@@ -0,0 +1,123 @@
+import Foundation
+
+/// Handles the SoftEther packet structure for communication
+class SoftEtherPacket {
+    
+    // MARK: - Constants
+    
+    private enum PacketType: UInt32 {
+        case clientSignature = 0x01
+        case serverResponse = 0x02
+        case sessionRequest = 0x03
+        case sessionResponse = 0x04
+        case data = 0x05
+        case keepAlive = 0x06
+    }
+    
+    private enum Constants {
+        static let headerSize: UInt32 = 16
+        static let maxPacketSize: UInt32 = 1024 * 1024 // 1MB
+    }
+    
+    // MARK: - Properties
+    
+    private var packetType: PacketType
+    private var packetId: UInt32
+    private var packetData: Data
+    
+    // MARK: - Initialization
+    
+    /// Initialize a packet with type, ID and data
+    /// - Parameters:
+    ///   - type: Packet type
+    ///   - id: Packet ID
+    ///   - data: Packet payload
+    init(type: UInt32, id: UInt32, data: Data) {
+        self.packetType = PacketType(rawValue: type) ?? .data
+        self.packetId = id
+        self.packetData = data
+    }
+    
+    /// Initialize a packet from raw data
+    /// - Parameter data: Raw packet data
+    init?(fromData data: Data) {
+        guard data.count >= Int(Constants.headerSize) else {
+            return nil
+        }
+        
+        // Parse header
+        let typeValue = data.readUInt32(at: 0)
+        self.packetId = data.readUInt32(at: 4)
+        let dataSize = data.readUInt32(at: 8)
+        
+        // Validate packet
+        guard let type = PacketType(rawValue: typeValue),
+              dataSize <= Constants.maxPacketSize,
+              data.count >= Int(Constants.headerSize + dataSize) else {
+            return nil
+        }
+        
+        self.packetType = type
+        
+        // Extract payload
+        let startIndex = Int(Constants.headerSize)
+        let endIndex = startIndex + Int(dataSize)
+        self.packetData = data.subdata(in: startIndex..<endIndex)
+    }
+    
+    // MARK: - Public Methods
+    
+    /// Serialize the packet to binary data format
+    /// - Returns: Serialized packet data
+    func serialize() -> Data {
+        var result = Data(capacity: Int(Constants.headerSize) + packetData.count)
+        
+        // Write header
+        result.appendUInt32(packetType.rawValue)
+        result.appendUInt32(packetId)
+        result.appendUInt32(UInt32(packetData.count))
+        result.appendUInt32(0) // Reserved
+        
+        // Write payload
+        result.append(packetData)
+        
+        return result
+    }
+    
+    /// Get the packet type
+    /// - Returns: Packet type
+    func getType() -> UInt32 {
+        return packetType.rawValue
+    }
+    
+    /// Get the packet ID
+    /// - Returns: Packet ID
+    func getId() -> UInt32 {
+        return packetId
+    }
+    
+    /// Get the packet payload
+    /// - Returns: Packet payload data
+    func getData() -> Data {
+        return packetData
+    }
+}
+
+// MARK: - Extensions
+
+extension Data {
+    /// Read a UInt32 value from the data at specified offset
+    /// - Parameter offset: Offset to read from
+    /// - Returns: UInt32 value in big-endian order
+    func readUInt32(at offset: Int) -> UInt32 {
+        let slice = self.subdata(in: offset..<(offset + 4))
+        return slice.withUnsafeBytes { $0.load(as: UInt32.self).bigEndian }
+    }
+    
+    /// Append a UInt32 value to the data in big-endian order
+    /// - Parameter value: UInt32 value to append
+    mutating func appendUInt32(_ value: UInt32) {
+        var bigEndian = value.bigEndian
+        append(UnsafeBufferPointer(start: &bigEndian, count: 1))
+    }
+}

SoftEtherVPN-iOS/SoftEtherVPN-iOS/Protocol/SoftEtherProtocol.swift

@@ -0,0 +1,184 @@
+import Foundation
+import Network
+import Security
+import CryptoKit
+
+/// SoftEtherProtocol manages the communication between iOS client and SoftEther VPN server
+class SoftEtherProtocol {
+    
+    // MARK: - Properties
+    
+    private var secureConnection: SecureConnection?
+    private var isConnected = false
+    private var host: String = ""
+    private var port: UInt16 = 443
+    private var nextPacketId: UInt32 = 1
+    
+    // MARK: - Public Methods
+    
+    /// Connect to a SoftEther VPN server
+    /// - Parameters:
+    ///   - host: The server hostname or IP address
+    ///   - port: The server port (default: 443)
+    ///   - completion: Callback with connection result
+    public func connect(to host: String, port: UInt16 = 443, completion: @escaping (Bool, Error?) -> Void) {
+        self.host = host
+        self.port = port
+        
+        // Create a secure connection
+        secureConnection = SecureConnection(host: host, port: port)
+        
+        // Connect using TLS
+        secureConnection?.connect { [weak self] success, error in
+            guard let self = self, success else {
+                completion(false, error ?? NSError(domain: "SoftEtherError", code: 1, userInfo: [NSLocalizedDescriptionKey: "TLS connection failed"]))
+                return
+            }
+            
+            // After successful TLS connection, send the client signature
+            self.sendClientSignature { success, error in
+                if success {
+                    self.isConnected = true
+                }
+                completion(success, error)
+            }
+        }
+    }
+    
+    /// Disconnect from the server
+    public func disconnect() {
+        secureConnection?.disconnect()
+        isConnected = false
+    }
+    
+    // MARK: - Private Methods
+    
+    /// Send the SoftEther client signature to identify as a legitimate client
+    /// - Parameter completion: Callback with result
+    private func sendClientSignature(completion: @escaping (Bool, Error?) -> Void) {
+        // Generate client signature using our specialized class
+        let signatureData = SoftEtherClientSignature.generateSignature()
+        
+        // Create a packet with the signature data
+        let packetId = self.nextPacketId
+        self.nextPacketId += 1
+        
+        let packet = SoftEtherPacket(type: 0x01, id: packetId, data: signatureData)
+        let packetData = packet.serialize()
+        
+        print("Sending client signature packet: \(packetData.count) bytes")
+        
+        // Send the packet
+        secureConnection?.send(data: packetData) { [weak self] error in
+            guard let self = self else { return }
+            
+            if let error = error {
+                print("Error sending client signature: \(error)")
+                completion(false, error)
+                return
+            }
+            
+            // After sending signature, wait for server response
+            self.receiveServerResponse { success, error in
+                completion(success, error)
+            }
+        }
+    }
+    
+    /// Receive and process server response after sending signature
+    /// - Parameter completion: Callback with result
+    private func receiveServerResponse(completion: @escaping (Bool, Error?) -> Void) {
+        secureConnection?.receive { data, error in
+            if let error = error {
+                print("Error receiving server response: \(error)")
+                completion(false, error)
+                return
+            }
+            
+            guard let data = data, data.count > 4 else {
+                let error = NSError(domain: "SoftEtherError", code: 2, userInfo: [NSLocalizedDescriptionKey: "Invalid server response"])
+                print("Invalid server response: insufficient data")
+                completion(false, error)
+                return
+            }
+            
+            print("Received server response: \(data.count) bytes")
+            
+            // Parse the response packet
+            guard let packet = SoftEtherPacket(fromData: data) else {
+                let error = NSError(domain: "SoftEtherError", code: 3, userInfo: [NSLocalizedDescriptionKey: "Invalid packet format"])
+                print("Could not parse server response packet")
+                completion(false, error)
+                return
+            }
+            
+            // Verify the response
+            let packetData = packet.getData()
+            let isValid = SoftEtherClientSignature.verifyServerResponse(packetData)
+            
+            if isValid {
+                print("Server accepted our client signature")
+                completion(true, nil)
+            } else {
+                print("Server rejected our client signature")
+                let error = NSError(domain: "SoftEtherError", code: 4, userInfo: [NSLocalizedDescriptionKey: "Server rejected client signature"])
+                completion(false, error)
+            }
+        }
+    }
+    
+    /// Send a data packet to the server
+    /// - Parameters:
+    ///   - data: Data to send
+    ///   - completion: Callback with result
+    func sendData(data: Data, completion: @escaping (Bool, Error?) -> Void) {
+        guard isConnected else {
+            completion(false, NSError(domain: "SoftEtherError", code: 5, userInfo: [NSLocalizedDescriptionKey: "Not connected to server"]))
+            return
+        }
+        
+        let packetId = self.nextPacketId
+        self.nextPacketId += 1
+        
+        let packet = SoftEtherPacket(type: 0x05, id: packetId, data: data)
+        let packetData = packet.serialize()
+        
+        secureConnection?.send(data: packetData) { error in
+            if let error = error {
+                completion(false, error)
+                return
+            }
+            
+            completion(true, nil)
+        }
+    }
+    
+    /// Receive data from the server
+    /// - Parameter completion: Callback with received data and result
+    func receiveData(completion: @escaping (Data?, Bool, Error?) -> Void) {
+        guard isConnected else {
+            completion(nil, false, NSError(domain: "SoftEtherError", code: 5, userInfo: [NSLocalizedDescriptionKey: "Not connected to server"]))
+            return
+        }
+        
+        secureConnection?.receive { data, error in
+            if let error = error {
+                completion(nil, false, error)
+                return
+            }
+            
+            guard let data = data, data.count > 4 else {
+                completion(nil, false, NSError(domain: "SoftEtherError", code: 2, userInfo: [NSLocalizedDescriptionKey: "Invalid server response"]))
+                return
+            }
+            
+            // Parse the packet
+            guard let packet = SoftEtherPacket(fromData: data) else {
+                completion(nil, false, NSError(domain: "SoftEtherError", code: 3, userInfo: [NSLocalizedDescriptionKey: "Invalid packet format"]))
+                return
+            }
+            
+            completion(packet.getData(), true, nil)
+        }
+    }
+}

SoftEtherVPN-iOS/SoftEtherVPN-iOS/SoftEtherVPNClient.swift

@@ -0,0 +1,149 @@
+import Foundation
+import UIKit
+
+/// SoftEtherVPNClient provides a simple interface for connecting to SoftEther VPN servers
+public class SoftEtherVPNClient {
+    
+    // MARK: - Properties
+    
+    private let protocol: SoftEtherProtocol
+    private var connectionState: ConnectionState = .disconnected
+    
+    // MARK: - Public Types
+    
+    /// Connection states for the VPN client
+    public enum ConnectionState {
+        case disconnected
+        case connecting
+        case connected
+        case disconnecting
+        case error(Error)
+    }
+    
+    /// Connection delegate to receive state updates
+    public protocol ConnectionDelegate: AnyObject {
+        func connectionStateDidChange(_ state: ConnectionState)
+    }
+    
+    /// Weak reference to the delegate
+    public weak var delegate: ConnectionDelegate?
+    
+    // MARK: - Initialization
+    
+    public init() {
+        self.protocol = SoftEtherProtocol()
+    }
+    
+    // MARK: - Public Methods
+    
+    /// Connect to a SoftEther VPN server
+    /// - Parameters:
+    ///   - host: Server hostname or IP address
+    ///   - port: Server port (default: 443)
+    ///   - completion: Optional completion handler
+    public func connect(to host: String, port: UInt16 = 443, completion: ((Bool, Error?) -> Void)? = nil) {
+        // Update state
+        connectionState = .connecting
+        delegate?.connectionStateDidChange(connectionState)
+        
+        // Connect using the protocol implementation
+        protocol.connect(to: host, port: port) { [weak self] success, error in
+            guard let self = self else { return }
+            
+            if success {
+                self.connectionState = .connected
+            } else if let error = error {
+                self.connectionState = .error(error)
+            } else {
+                self.connectionState = .disconnected
+            }
+            
+            self.delegate?.connectionStateDidChange(self.connectionState)
+            completion?(success, error)
+        }
+    }
+    
+    /// Disconnect from the server
+    /// - Parameter completion: Optional completion handler
+    public func disconnect(completion: (() -> Void)? = nil) {
+        // Update state
+        connectionState = .disconnecting
+        delegate?.connectionStateDidChange(connectionState)
+        
+        // Disconnect
+        protocol.disconnect()
+        
+        // Update state again
+        connectionState = .disconnected
+        delegate?.connectionStateDidChange(connectionState)
+        
+        completion?()
+    }
+    
+    /// Get the current connection state
+    /// - Returns: Current ConnectionState
+    public func getConnectionState() -> ConnectionState {
+        return connectionState
+    }
+    
+    /// Check if currently connected
+    /// - Returns: True if connected, false otherwise
+    public func isConnected() -> Bool {
+        if case .connected = connectionState {
+            return true
+        }
+        return false
+    }
+    
+    // MARK: - Example Usage
+    
+    /// Example showing how to use this class in a view controller
+    public static func exampleUsage() -> String {
+        return """
+        // In your view controller:
+        
+        private let vpnClient = SoftEtherVPNClient()
+        
+        override func viewDidLoad() {
+            super.viewDidLoad()
+            
+            // Set delegate
+            vpnClient.delegate = self
+        }
+        
+        @IBAction func connectButtonTapped(_ sender: UIButton) {
+            if vpnClient.isConnected() {
+                vpnClient.disconnect()
+            } else {
+                vpnClient.connect(to: "vpn.example.com") { success, error in
+                    if !success {
+                        print("Failed to connect: \\(error?.localizedDescription ?? "Unknown error")")
+                    }
+                }
+            }
+        }
+        
+        // MARK: - ConnectionDelegate
+        
+        extension YourViewController: SoftEtherVPNClient.ConnectionDelegate {
+            func connectionStateDidChange(_ state: SoftEtherVPNClient.ConnectionState) {
+                switch state {
+                case .connected:
+                    connectButton.setTitle("Disconnect", for: .normal)
+                    statusLabel.text = "Connected"
+                case .connecting:
+                    statusLabel.text = "Connecting..."
+                case .disconnecting:
+                    statusLabel.text = "Disconnecting..."
+                case .disconnected:
+                    connectButton.setTitle("Connect", for: .normal)
+                    statusLabel.text = "Disconnected"
+                case .error(let error):
+                    statusLabel.text = "Error: \\(error.localizedDescription)"
+                    connectButton.setTitle("Connect", for: .normal)
+                }
+            }
+        }
+        """
+    }
+}

WINDOWS_README.txt

@@ -0,0 +1,116 @@
+================================================================================
+SoftEther VPN - Windows Installation Notes
+================================================================================
+
+Thank you for installing SoftEther VPN!
+
+SoftEther VPN is legitimate, open-source VPN software developed by researchers
+at the University of Tsukuba, Japan. It has been in active development since
+2013 and is used by organizations and individuals worldwide.
+
+================================================================================
+IMPORTANT: Antivirus False Positive Warning
+================================================================================
+
+Some antivirus software (including Microsoft Defender) may incorrectly flag
+SoftEther VPN executables as malicious. This is a FALSE POSITIVE detection.
+
+WHY THIS HAPPENS:
+-----------------
+VPN software performs operations that can appear suspicious to antivirus
+programs:
+  - Network tunneling and traffic interception
+  - Low-level network operations
+  - Service installation with elevated privileges
+  - Registry modifications for Windows integration
+
+These are NORMAL and NECESSARY operations for any VPN software.
+
+IF MICROSOFT DEFENDER QUARANTINES SOFTETHER VPN:
+------------------------------------------------
+
+1. Add Exclusions to Microsoft Defender:
+   
+   a) Open Windows Security (Windows Key + I -> Privacy & Security -> 
+      Windows Security -> Virus & threat protection)
+   
+   b) Click "Manage settings" under Virus & threat protection settings
+   
+   c) Scroll down to "Exclusions" and click "Add or remove exclusions"
+   
+   d) Click "Add an exclusion" -> "Folder" and add:
+      
+      C:\Program Files\SoftEther VPN Client
+      C:\Program Files\SoftEther VPN Client Developer Edition
+      C:\Program Files\SoftEther VPN Server
+      C:\Program Files\SoftEther VPN Server Developer Edition
+      
+      (Add only the folders that exist for your installation)
+
+2. Restore Quarantined Files:
+   
+   a) Go to "Virus & threat protection" -> "Protection history"
+   b) Find quarantined SoftEther VPN files
+   c) Click "Actions" -> "Restore"
+
+3. Reinstall if Necessary:
+   
+   If files were deleted, reinstall SoftEther VPN. The exclusions will
+   prevent future detections.
+
+REPORT FALSE POSITIVE TO MICROSOFT:
+------------------------------------
+
+Help improve Microsoft Defender by reporting the false positive:
+
+  Visit: https://www.microsoft.com/en-us/wdsi/filesubmission
+  
+  Submit the flagged file and indicate it's a false positive detection
+  of SoftEther VPN, open-source software from the University of Tsukuba.
+
+MORE INFORMATION:
+-----------------
+
+For detailed documentation about this issue and additional solutions, see:
+
+  https://github.com/SoftEtherVPN/SoftEtherVPN/blob/master/ANTIVIRUS.md
+
+VERIFY AUTHENTICITY:
+--------------------
+
+SoftEther VPN is open source. You can verify the software by:
+
+  - Reviewing source code: https://github.com/SoftEtherVPN/SoftEtherVPN
+  - Official website: https://www.softether.org/
+  - Only download from official sources
+
+WARNING: Do not download SoftEther VPN from third-party websites.
+
+================================================================================
+Getting Started
+================================================================================
+
+After adding antivirus exclusions (if needed):
+
+1. Launch "SoftEther VPN Client Manager" from the Start Menu
+2. Configure your VPN connection settings
+3. Connect to your VPN server
+
+For detailed documentation, visit: https://www.softether.org/
+
+================================================================================
+Support
+================================================================================
+
+Official Website: https://www.softether.org/
+GitHub Repository: https://github.com/SoftEtherVPN/SoftEtherVPN
+Security Issues: https://github.com/SoftEtherVPN/SoftEtherVPN/security
+
+================================================================================
+
+SoftEther VPN is licensed under the Apache License 2.0
+Copyright (c) SoftEther VPN Project at University of Tsukuba, Japan
+
+Thank you for using SoftEther VPN!
+
+================================================================================

description

@@ -2,4 +2,4 @@ SoftEther VPN ("SoftEther" means "Software Ethernet") is an open-source cross-pl
 Its protocol is very fast and it can be used in very restricted environments, as it's able to transfer packets over DNS and ICMP.
 The server includes a free Dynamic DNS service, which can be used to access the server even if the public IP address changes.
 A NAT-Traversal function is also available, very useful in case the required ports cannot be opened on the firewall.
-The supported third party protocols are OpenVPN, L2TP/IPSec and SSTP.
+The supported third party protocols are OpenVPN, L2TP/IPSec, SSTP and WireGuard.

developer_tools/stbchecker/stbchecker.csproj

@@ -2,7 +2,7 @@
 
   <PropertyGroup>
     <OutputType>Exe</OutputType>
-    <TargetFramework>net7.0</TargetFramework>
+    <TargetFramework>net8.0</TargetFramework>
   </PropertyGroup>
 
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|AnyCPU'">

developer_tools/vpnserver-jsonrpc-clients/README.html

@@ -216,8 +216,8 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
 <li><a href="#getspeciallistener">GetSpecialListener - Get Current Setting of the VPN over ICMP / VPN over DNS Function</a></li>
 <li><a href="#getazurestatus">GetAzureStatus - Show the current status of VPN Azure function</a></li>
 <li><a href="#setazurestatus">SetAzureStatus - Enable / Disable VPN Azure Function</a></li>
-<li><a href="#getddnsinternetsettng">GetDDnsInternetSettng - Get the Proxy Settings for Connecting to the DDNS server</a></li>
-<li><a href="#setddnsinternetsettng">SetDDnsInternetSettng - Set the Proxy Settings for Connecting to the DDNS server</a></li>
+<li><a href="#getddnsinternetsetting">GetDDnsInternetSetting - Get the Proxy Settings for Connecting to the DDNS server</a></li>
+<li><a href="#setddnsinternetsetting">SetDDnsInternetSetting - Set the Proxy Settings for Connecting to the DDNS server</a></li>
 <li><a href="#setvgsconfig">SetVgsConfig - Set the VPN Gate Server Configuration</a></li>
 <li><a href="#getvgsconfig">GetVgsConfig - Get the VPN Gate Server Configuration</a></li>
 </ul>
@@ -305,7 +305,7 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
     &quot;ServerBuildInt_u32&quot;: 0,
     &quot;ServerHostName_str&quot;: &quot;serverhostname&quot;,
     &quot;ServerType_u32&quot;: 0,
-    &quot;ServerBuildDate_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+    &quot;ServerBuildDate_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
     &quot;ServerFamilyName_str&quot;: &quot;serverfamilyname&quot;,
     &quot;OsType_u32&quot;: 0,
     &quot;OsServicePack_u32&quot;: 0,
@@ -460,9 +460,9 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
     &quot;Send.BroadcastCount_u64&quot;: 0,
     &quot;Send.UnicastBytes_u64&quot;: 0,
     &quot;Send.UnicastCount_u64&quot;: 0,
-    &quot;CurrentTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+    &quot;CurrentTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
     &quot;CurrentTick_u64&quot;: 0,
-    &quot;StartTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+    &quot;StartTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
     &quot;TotalMemory_u64&quot;: 0,
     &quot;UsedMemory_u64&quot;: 0,
     &quot;FreeMemory_u64&quot;: 0,
@@ -1136,7 +1136,7 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
   &quot;result&quot;: {
     &quot;Id_u32&quot;: 0,
     &quot;Controller_bool&quot;: false,
-    &quot;ConnectedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+    &quot;ConnectedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
     &quot;Ip_ip&quot;: &quot;192.168.0.1&quot;,
     &quot;Hostname_str&quot;: &quot;hostname&quot;,
     &quot;Point_u32&quot;: 0,
@@ -1283,7 +1283,7 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
       {
         &quot;Id_u32&quot;: 0,
         &quot;Controller_bool&quot;: false,
-        &quot;ConnectedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+        &quot;ConnectedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
         &quot;Ip_ip&quot;: &quot;192.168.0.1&quot;,
         &quot;Hostname_str&quot;: &quot;hostname&quot;,
         &quot;Point_u32&quot;: 0,
@@ -1296,7 +1296,7 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
       {
         &quot;Id_u32&quot;: 0,
         &quot;Controller_bool&quot;: false,
-        &quot;ConnectedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+        &quot;ConnectedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
         &quot;Ip_ip&quot;: &quot;192.168.0.1&quot;,
         &quot;Hostname_str&quot;: &quot;hostname&quot;,
         &quot;Point_u32&quot;: 0,
@@ -1309,7 +1309,7 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
       {
         &quot;Id_u32&quot;: 0,
         &quot;Controller_bool&quot;: false,
-        &quot;ConnectedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+        &quot;ConnectedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
         &quot;Ip_ip&quot;: &quot;192.168.0.1&quot;,
         &quot;Hostname_str&quot;: &quot;hostname&quot;,
         &quot;Point_u32&quot;: 0,
@@ -1422,9 +1422,9 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
     &quot;Port_u32&quot;: 0,
     &quot;Online_bool&quot;: false,
     &quot;LastError_u32&quot;: 0,
-    &quot;StartedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-    &quot;FirstConnectedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-    &quot;CurrentConnectedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+    &quot;StartedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+    &quot;FirstConnectedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+    &quot;CurrentConnectedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
     &quot;NumTry_u32&quot;: 0,
     &quot;NumConnected_u32&quot;: 0,
     &quot;NumFailed_u32&quot;: 0
@@ -1918,9 +1918,9 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
         &quot;NumSessions_u32&quot;: 0,
         &quot;NumMacTables_u32&quot;: 0,
         &quot;NumIpTables_u32&quot;: 0,
-        &quot;LastCommTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-        &quot;LastLoginTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-        &quot;CreatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+        &quot;LastCommTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+        &quot;LastLoginTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+        &quot;CreatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
         &quot;NumLogin_u32&quot;: 0,
         &quot;IsTrafficFilled_bool&quot;: false,
         &quot;Ex.Recv.BroadcastBytes_u64&quot;: 0,
@@ -1941,9 +1941,9 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
         &quot;NumSessions_u32&quot;: 0,
         &quot;NumMacTables_u32&quot;: 0,
         &quot;NumIpTables_u32&quot;: 0,
-        &quot;LastCommTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-        &quot;LastLoginTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-        &quot;CreatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+        &quot;LastCommTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+        &quot;LastLoginTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+        &quot;CreatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
         &quot;NumLogin_u32&quot;: 0,
         &quot;IsTrafficFilled_bool&quot;: false,
         &quot;Ex.Recv.BroadcastBytes_u64&quot;: 0,
@@ -1964,9 +1964,9 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
         &quot;NumSessions_u32&quot;: 0,
         &quot;NumMacTables_u32&quot;: 0,
         &quot;NumIpTables_u32&quot;: 0,
-        &quot;LastCommTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-        &quot;LastLoginTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-        &quot;CreatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+        &quot;LastCommTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+        &quot;LastLoginTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+        &quot;CreatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
         &quot;NumLogin_u32&quot;: 0,
         &quot;IsTrafficFilled_bool&quot;: false,
         &quot;Ex.Recv.BroadcastBytes_u64&quot;: 0,
@@ -2309,7 +2309,7 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
         &quot;Hostname_str&quot;: &quot;hostname&quot;,
         &quot;Ip_ip&quot;: &quot;192.168.0.1&quot;,
         &quot;Port_u32&quot;: 0,
-        &quot;ConnectedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+        &quot;ConnectedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
         &quot;Type_u32&quot;: 0
       },
       {
@@ -2317,7 +2317,7 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
         &quot;Hostname_str&quot;: &quot;hostname&quot;,
         &quot;Ip_ip&quot;: &quot;192.168.0.1&quot;,
         &quot;Port_u32&quot;: 0,
-        &quot;ConnectedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+        &quot;ConnectedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
         &quot;Type_u32&quot;: 0
       },
       {
@@ -2325,7 +2325,7 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
         &quot;Hostname_str&quot;: &quot;hostname&quot;,
         &quot;Ip_ip&quot;: &quot;192.168.0.1&quot;,
         &quot;Port_u32&quot;: 0,
-        &quot;ConnectedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+        &quot;ConnectedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
         &quot;Type_u32&quot;: 0
       }
     ]
@@ -2450,7 +2450,7 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
     &quot;Hostname_str&quot;: &quot;hostname&quot;,
     &quot;Ip_ip&quot;: &quot;192.168.0.1&quot;,
     &quot;Port_u32&quot;: 0,
-    &quot;ConnectedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+    &quot;ConnectedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
     &quot;ServerStr_str&quot;: &quot;serverstr&quot;,
     &quot;ServerVer_u32&quot;: 0,
     &quot;ServerBuild_u32&quot;: 0,
@@ -2620,9 +2620,9 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
     &quot;Send.UnicastBytes_u64&quot;: 0,
     &quot;Send.UnicastCount_u64&quot;: 0,
     &quot;SecureNATEnabled_bool&quot;: false,
-    &quot;LastCommTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-    &quot;LastLoginTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-    &quot;CreatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+    &quot;LastCommTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+    &quot;LastLoginTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+    &quot;CreatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
     &quot;NumLogin_u32&quot;: 0
   }
 }
@@ -2992,19 +2992,19 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
         &quot;Key_u32&quot;: 0,
         &quot;SubjectName_utf&quot;: &quot;subjectname&quot;,
         &quot;IssuerName_utf&quot;: &quot;issuername&quot;,
-        &quot;Expires_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;
+        &quot;Expires_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;
       },
       {
         &quot;Key_u32&quot;: 0,
         &quot;SubjectName_utf&quot;: &quot;subjectname&quot;,
         &quot;IssuerName_utf&quot;: &quot;issuername&quot;,
-        &quot;Expires_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;
+        &quot;Expires_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;
       },
       {
         &quot;Key_u32&quot;: 0,
         &quot;SubjectName_utf&quot;: &quot;subjectname&quot;,
         &quot;IssuerName_utf&quot;: &quot;issuername&quot;,
-        &quot;Expires_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;
+        &quot;Expires_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;
       }
     ]
   }
@@ -4348,7 +4348,7 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
         &quot;Online_bool&quot;: false,
         &quot;Connected_bool&quot;: false,
         &quot;LastError_u32&quot;: 0,
-        &quot;ConnectedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+        &quot;ConnectedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
         &quot;Hostname_str&quot;: &quot;hostname&quot;,
         &quot;TargetHubName_str&quot;: &quot;targethubname&quot;
       },
@@ -4357,7 +4357,7 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
         &quot;Online_bool&quot;: false,
         &quot;Connected_bool&quot;: false,
         &quot;LastError_u32&quot;: 0,
-        &quot;ConnectedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+        &quot;ConnectedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
         &quot;Hostname_str&quot;: &quot;hostname&quot;,
         &quot;TargetHubName_str&quot;: &quot;targethubname&quot;
       },
@@ -4366,7 +4366,7 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
         &quot;Online_bool&quot;: false,
         &quot;Connected_bool&quot;: false,
         &quot;LastError_u32&quot;: 0,
-        &quot;ConnectedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+        &quot;ConnectedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
         &quot;Hostname_str&quot;: &quot;hostname&quot;,
         &quot;TargetHubName_str&quot;: &quot;targethubname&quot;
       }
@@ -4668,9 +4668,9 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
     &quot;ServerProductBuild_u32&quot;: 0,
     &quot;ServerX_bin&quot;: &quot;SGVsbG8gV29ybGQ=&quot;,
     &quot;ClientX_bin&quot;: &quot;SGVsbG8gV29ybGQ=&quot;,
-    &quot;StartTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-    &quot;FirstConnectionEstablisiedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-    &quot;CurrentConnectionEstablishTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+    &quot;StartTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+    &quot;FirstConnectionEstablisiedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+    &quot;CurrentConnectionEstablishTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
     &quot;NumConnectionsEatablished_u32&quot;: 0,
     &quot;HalfConnection_bool&quot;: false,
     &quot;QoS_bool&quot;: false,
@@ -5996,7 +5996,7 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
     &quot;Name_str&quot;: &quot;name&quot;,
     &quot;Realname_utf&quot;: &quot;realname&quot;,
     &quot;Note_utf&quot;: &quot;note&quot;,
-    &quot;ExpireTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+    &quot;ExpireTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
     &quot;AuthType_u32&quot;: 0,
     &quot;Auth_Password_str&quot;: &quot;auth_password&quot;,
     &quot;UserX_bin&quot;: &quot;SGVsbG8gV29ybGQ=&quot;,
@@ -6057,9 +6057,9 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
     &quot;GroupName_str&quot;: &quot;groupname&quot;,
     &quot;Realname_utf&quot;: &quot;realname&quot;,
     &quot;Note_utf&quot;: &quot;note&quot;,
-    &quot;CreatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-    &quot;UpdatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-    &quot;ExpireTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+    &quot;CreatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+    &quot;UpdatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+    &quot;ExpireTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
     &quot;AuthType_u32&quot;: 0,
     &quot;Auth_Password_str&quot;: &quot;auth_password&quot;,
     &quot;UserX_bin&quot;: &quot;SGVsbG8gV29ybGQ=&quot;,
@@ -6247,7 +6247,7 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
 <tr>
 <td><code>Send.UnicastCount_u64</code></td>
 <td><code>number</code> (uint64)</td>
-<td>Unicast count (Send)</td>
+<td>Unicast bytes (Send)</td>
 </tr>
 <tr>
 <td><code>UsePolicy_bool</code></td>
@@ -6467,7 +6467,7 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
     &quot;GroupName_str&quot;: &quot;groupname&quot;,
     &quot;Realname_utf&quot;: &quot;realname&quot;,
     &quot;Note_utf&quot;: &quot;note&quot;,
-    &quot;ExpireTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+    &quot;ExpireTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
     &quot;AuthType_u32&quot;: 0,
     &quot;Auth_Password_str&quot;: &quot;auth_password&quot;,
     &quot;UserX_bin&quot;: &quot;SGVsbG8gV29ybGQ=&quot;,
@@ -6528,9 +6528,9 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
     &quot;GroupName_str&quot;: &quot;groupname&quot;,
     &quot;Realname_utf&quot;: &quot;realname&quot;,
     &quot;Note_utf&quot;: &quot;note&quot;,
-    &quot;CreatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-    &quot;UpdatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-    &quot;ExpireTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+    &quot;CreatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+    &quot;UpdatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+    &quot;ExpireTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
     &quot;AuthType_u32&quot;: 0,
     &quot;Auth_Password_str&quot;: &quot;auth_password&quot;,
     &quot;UserX_bin&quot;: &quot;SGVsbG8gV29ybGQ=&quot;,
@@ -6948,9 +6948,9 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
     &quot;GroupName_str&quot;: &quot;groupname&quot;,
     &quot;Realname_utf&quot;: &quot;realname&quot;,
     &quot;Note_utf&quot;: &quot;note&quot;,
-    &quot;CreatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-    &quot;UpdatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-    &quot;ExpireTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+    &quot;CreatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+    &quot;UpdatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+    &quot;ExpireTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
     &quot;AuthType_u32&quot;: 0,
     &quot;Auth_Password_str&quot;: &quot;auth_password&quot;,
     &quot;UserX_bin&quot;: &quot;SGVsbG8gV29ybGQ=&quot;,
@@ -7419,11 +7419,11 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
         &quot;Note_utf&quot;: &quot;note&quot;,
         &quot;AuthType_u32&quot;: 0,
         &quot;NumLogin_u32&quot;: 0,
-        &quot;LastLoginTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+        &quot;LastLoginTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
         &quot;DenyAccess_bool&quot;: false,
         &quot;IsTrafficFilled_bool&quot;: false,
         &quot;IsExpiresFilled_bool&quot;: false,
-        &quot;Expires_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+        &quot;Expires_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
         &quot;Ex.Recv.BroadcastBytes_u64&quot;: 0,
         &quot;Ex.Recv.BroadcastCount_u64&quot;: 0,
         &quot;Ex.Recv.UnicastBytes_u64&quot;: 0,
@@ -7440,11 +7440,11 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
         &quot;Note_utf&quot;: &quot;note&quot;,
         &quot;AuthType_u32&quot;: 0,
         &quot;NumLogin_u32&quot;: 0,
-        &quot;LastLoginTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+        &quot;LastLoginTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
         &quot;DenyAccess_bool&quot;: false,
         &quot;IsTrafficFilled_bool&quot;: false,
         &quot;IsExpiresFilled_bool&quot;: false,
-        &quot;Expires_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+        &quot;Expires_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
         &quot;Ex.Recv.BroadcastBytes_u64&quot;: 0,
         &quot;Ex.Recv.BroadcastCount_u64&quot;: 0,
         &quot;Ex.Recv.UnicastBytes_u64&quot;: 0,
@@ -7461,11 +7461,11 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
         &quot;Note_utf&quot;: &quot;note&quot;,
         &quot;AuthType_u32&quot;: 0,
         &quot;NumLogin_u32&quot;: 0,
-        &quot;LastLoginTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+        &quot;LastLoginTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
         &quot;DenyAccess_bool&quot;: false,
         &quot;IsTrafficFilled_bool&quot;: false,
         &quot;IsExpiresFilled_bool&quot;: false,
-        &quot;Expires_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+        &quot;Expires_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
         &quot;Ex.Recv.BroadcastBytes_u64&quot;: 0,
         &quot;Ex.Recv.BroadcastCount_u64&quot;: 0,
         &quot;Ex.Recv.UnicastBytes_u64&quot;: 0,
@@ -8907,8 +8907,8 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
         &quot;Client_MonitorMode_bool&quot;: false,
         &quot;VLanId_u32&quot;: 0,
         &quot;UniqueId_bin&quot;: &quot;SGVsbG8gV29ybGQ=&quot;,
-        &quot;CreatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-        &quot;LastCommTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;
+        &quot;CreatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+        &quot;LastCommTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;
       },
       {
         &quot;Name_str&quot;: &quot;name&quot;,
@@ -8929,8 +8929,8 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
         &quot;Client_MonitorMode_bool&quot;: false,
         &quot;VLanId_u32&quot;: 0,
         &quot;UniqueId_bin&quot;: &quot;SGVsbG8gV29ybGQ=&quot;,
-        &quot;CreatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-        &quot;LastCommTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;
+        &quot;CreatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+        &quot;LastCommTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;
       },
       {
         &quot;Name_str&quot;: &quot;name&quot;,
@@ -8951,8 +8951,8 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
         &quot;Client_MonitorMode_bool&quot;: false,
         &quot;VLanId_u32&quot;: 0,
         &quot;UniqueId_bin&quot;: &quot;SGVsbG8gV29ybGQ=&quot;,
-        &quot;CreatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-        &quot;LastCommTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;
+        &quot;CreatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+        &quot;LastCommTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;
       }
     ]
   }
@@ -9117,9 +9117,9 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
     &quot;ServerProductName_str&quot;: &quot;serverproductname&quot;,
     &quot;ServerProductVer_u32&quot;: 0,
     &quot;ServerProductBuild_u32&quot;: 0,
-    &quot;StartTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-    &quot;FirstConnectionEstablisiedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-    &quot;CurrentConnectionEstablishTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+    &quot;StartTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+    &quot;FirstConnectionEstablisiedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+    &quot;CurrentConnectionEstablishTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
     &quot;NumConnectionsEatablished_u32&quot;: 0,
     &quot;HalfConnection_bool&quot;: false,
     &quot;QoS_bool&quot;: false,
@@ -9496,8 +9496,8 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
         &quot;Key_u32&quot;: 0,
         &quot;SessionName_str&quot;: &quot;sessionname&quot;,
         &quot;MacAddress_bin&quot;: &quot;SGVsbG8gV29ybGQ=&quot;,
-        &quot;CreatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-        &quot;UpdatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+        &quot;CreatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+        &quot;UpdatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
         &quot;RemoteItem_bool&quot;: false,
         &quot;RemoteHostname_str&quot;: &quot;remotehostname&quot;,
         &quot;VlanId_u32&quot;: 0
@@ -9506,8 +9506,8 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
         &quot;Key_u32&quot;: 0,
         &quot;SessionName_str&quot;: &quot;sessionname&quot;,
         &quot;MacAddress_bin&quot;: &quot;SGVsbG8gV29ybGQ=&quot;,
-        &quot;CreatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-        &quot;UpdatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+        &quot;CreatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+        &quot;UpdatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
         &quot;RemoteItem_bool&quot;: false,
         &quot;RemoteHostname_str&quot;: &quot;remotehostname&quot;,
         &quot;VlanId_u32&quot;: 0
@@ -9516,8 +9516,8 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
         &quot;Key_u32&quot;: 0,
         &quot;SessionName_str&quot;: &quot;sessionname&quot;,
         &quot;MacAddress_bin&quot;: &quot;SGVsbG8gV29ybGQ=&quot;,
-        &quot;CreatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-        &quot;UpdatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+        &quot;CreatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+        &quot;UpdatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
         &quot;RemoteItem_bool&quot;: false,
         &quot;RemoteHostname_str&quot;: &quot;remotehostname&quot;,
         &quot;VlanId_u32&quot;: 0
@@ -9663,8 +9663,8 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
         &quot;SessionName_str&quot;: &quot;sessionname&quot;,
         &quot;IpAddress_ip&quot;: &quot;192.168.0.1&quot;,
         &quot;DhcpAllocated_bool&quot;: false,
-        &quot;CreatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-        &quot;UpdatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+        &quot;CreatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+        &quot;UpdatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
         &quot;RemoteItem_bool&quot;: false,
         &quot;RemoteHostname_str&quot;: &quot;remotehostname&quot;
       },
@@ -9673,8 +9673,8 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
         &quot;SessionName_str&quot;: &quot;sessionname&quot;,
         &quot;IpAddress_ip&quot;: &quot;192.168.0.1&quot;,
         &quot;DhcpAllocated_bool&quot;: false,
-        &quot;CreatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-        &quot;UpdatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+        &quot;CreatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+        &quot;UpdatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
         &quot;RemoteItem_bool&quot;: false,
         &quot;RemoteHostname_str&quot;: &quot;remotehostname&quot;
       },
@@ -9683,8 +9683,8 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
         &quot;SessionName_str&quot;: &quot;sessionname&quot;,
         &quot;IpAddress_ip&quot;: &quot;192.168.0.1&quot;,
         &quot;DhcpAllocated_bool&quot;: false,
-        &quot;CreatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-        &quot;UpdatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+        &quot;CreatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+        &quot;UpdatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
         &quot;RemoteItem_bool&quot;: false,
         &quot;RemoteHostname_str&quot;: &quot;remotehostname&quot;
       }
@@ -10376,8 +10376,8 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
         &quot;DestIp_ip&quot;: &quot;192.168.0.1&quot;,
         &quot;DestHost_str&quot;: &quot;desthost&quot;,
         &quot;DestPort_u32&quot;: 0,
-        &quot;CreatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-        &quot;LastCommTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+        &quot;CreatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+        &quot;LastCommTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
         &quot;SendSize_u64&quot;: 0,
         &quot;RecvSize_u64&quot;: 0,
         &quot;TcpStatus_u32&quot;: 0
@@ -10391,8 +10391,8 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
         &quot;DestIp_ip&quot;: &quot;192.168.0.1&quot;,
         &quot;DestHost_str&quot;: &quot;desthost&quot;,
         &quot;DestPort_u32&quot;: 0,
-        &quot;CreatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-        &quot;LastCommTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+        &quot;CreatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+        &quot;LastCommTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
         &quot;SendSize_u64&quot;: 0,
         &quot;RecvSize_u64&quot;: 0,
         &quot;TcpStatus_u32&quot;: 0
@@ -10406,8 +10406,8 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
         &quot;DestIp_ip&quot;: &quot;192.168.0.1&quot;,
         &quot;DestHost_str&quot;: &quot;desthost&quot;,
         &quot;DestPort_u32&quot;: 0,
-        &quot;CreatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-        &quot;LastCommTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+        &quot;CreatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+        &quot;LastCommTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
         &quot;SendSize_u64&quot;: 0,
         &quot;RecvSize_u64&quot;: 0,
         &quot;TcpStatus_u32&quot;: 0
@@ -10527,8 +10527,8 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
     &quot;DhcpTable&quot;: [
       {
         &quot;Id_u32&quot;: 0,
-        &quot;LeasedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-        &quot;ExpireTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+        &quot;LeasedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+        &quot;ExpireTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
         &quot;MacAddress_bin&quot;: &quot;SGVsbG8gV29ybGQ=&quot;,
         &quot;IpAddress_ip&quot;: &quot;192.168.0.1&quot;,
         &quot;Mask_u32&quot;: 0,
@@ -10536,8 +10536,8 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
       },
       {
         &quot;Id_u32&quot;: 0,
-        &quot;LeasedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-        &quot;ExpireTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+        &quot;LeasedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+        &quot;ExpireTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
         &quot;MacAddress_bin&quot;: &quot;SGVsbG8gV29ybGQ=&quot;,
         &quot;IpAddress_ip&quot;: &quot;192.168.0.1&quot;,
         &quot;Mask_u32&quot;: 0,
@@ -10545,8 +10545,8 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
       },
       {
         &quot;Id_u32&quot;: 0,
-        &quot;LeasedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-        &quot;ExpireTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+        &quot;LeasedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+        &quot;ExpireTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
         &quot;MacAddress_bin&quot;: &quot;SGVsbG8gV29ybGQ=&quot;,
         &quot;IpAddress_ip&quot;: &quot;192.168.0.1&quot;,
         &quot;Mask_u32&quot;: 0,
@@ -13090,19 +13090,19 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
         &quot;ServerName_str&quot;: &quot;servername&quot;,
         &quot;FilePath_str&quot;: &quot;filepath&quot;,
         &quot;FileSize_u32&quot;: 0,
-        &quot;UpdatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;
+        &quot;UpdatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;
       },
       {
         &quot;ServerName_str&quot;: &quot;servername&quot;,
         &quot;FilePath_str&quot;: &quot;filepath&quot;,
         &quot;FileSize_u32&quot;: 0,
-        &quot;UpdatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;
+        &quot;UpdatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;
       },
       {
         &quot;ServerName_str&quot;: &quot;servername&quot;,
         &quot;FilePath_str&quot;: &quot;filepath&quot;,
         &quot;FileSize_u32&quot;: 0,
-        &quot;UpdatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;
+        &quot;UpdatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;
       }
     ]
   }
@@ -14508,15 +14508,15 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
 </tbody>
 </table>
 <hr />
-<p><a id="getddnsinternetsettng"></a></p>
-<h2 id="getddnsinternetsettng-rpc-api-get-the-proxy-settings-for-connecting-to-the-ddns-server">&quot;GetDDnsInternetSettng&quot; RPC API - Get the Proxy Settings for Connecting to the DDNS server</h2>
+<p><a id="getddnsinternetsetting"></a></p>
+<h2 id="getddnsinternetsetting-rpc-api-get-the-proxy-settings-for-connecting-to-the-ddns-server">&quot;GetDDnsInternetSetting&quot; RPC API - Get the Proxy Settings for Connecting to the DDNS server</h2>
 <h3 id="description-131">Description</h3>
 <p>Get the Proxy Settings for Connecting to the DDNS server.</p>
 <h3 id="input-json-rpc-format-131">Input JSON-RPC Format</h3>
 <pre><code class="language-json">{
   &quot;jsonrpc&quot;: &quot;2.0&quot;,
   &quot;id&quot;: &quot;rpc_call_id&quot;,
-  &quot;method&quot;: &quot;GetDDnsInternetSettng&quot;,
+  &quot;method&quot;: &quot;GetDDnsInternetSetting&quot;,
   &quot;params&quot;: {}
 }
 </code></pre>
@@ -14571,15 +14571,15 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
 </tbody>
 </table>
 <hr />
-<p><a id="setddnsinternetsettng"></a></p>
-<h2 id="setddnsinternetsettng-rpc-api-set-the-proxy-settings-for-connecting-to-the-ddns-server">&quot;SetDDnsInternetSettng&quot; RPC API - Set the Proxy Settings for Connecting to the DDNS server</h2>
+<p><a id="setddnsinternetsetting"></a></p>
+<h2 id="setddnsinternetsetting-rpc-api-set-the-proxy-settings-for-connecting-to-the-ddns-server">&quot;SetDDnsInternetSetting&quot; RPC API - Set the Proxy Settings for Connecting to the DDNS server</h2>
 <h3 id="description-132">Description</h3>
 <p>Set the Proxy Settings for Connecting to the DDNS server.</p>
 <h3 id="input-json-rpc-format-132">Input JSON-RPC Format</h3>
 <pre><code class="language-json">{
   &quot;jsonrpc&quot;: &quot;2.0&quot;,
   &quot;id&quot;: &quot;rpc_call_id&quot;,
-  &quot;method&quot;: &quot;SetDDnsInternetSettng&quot;,
+  &quot;method&quot;: &quot;SetDDnsInternetSetting&quot;,
   &quot;params&quot;: {
     &quot;ProxyType_u32&quot;: 0,
     &quot;ProxyHostName_str&quot;: &quot;proxyhostname&quot;,
@@ -14640,8 +14640,8 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
 </tbody>
 </table>
 <hr />
-<p>Automatically generated at 2019-07-10 14:36:11 by vpnserver-jsonrpc-codegen.<br />
-Copyright (c) 2014-2019 <a href="https://www.softether.org/">SoftEther VPN Project</a> under the Apache License 2.0.</p>
+<p>Automatically generated at 2023-05-10 14:43:37 by vpnserver-jsonrpc-codegen.<br />
+Copyright (c) 2014-2023 <a href="https://www.softether.org/">SoftEther VPN Project</a> under the Apache License 2.0.</p>
 
 	</article>
 </body>

developer_tools/vpnserver-jsonrpc-clients/README.md

@@ -208,8 +208,8 @@ Value | Description
 - [GetSpecialListener - Get Current Setting of the VPN over ICMP / VPN over DNS Function](#getspeciallistener)
 - [GetAzureStatus - Show the current status of VPN Azure function](#getazurestatus)
 - [SetAzureStatus - Enable / Disable VPN Azure Function](#setazurestatus)
-- [GetDDnsInternetSettng - Get the Proxy Settings for Connecting to the DDNS server](#getddnsinternetsettng)
-- [SetDDnsInternetSettng - Set the Proxy Settings for Connecting to the DDNS server](#setddnsinternetsettng)
+- [GetDDnsInternetSetting - Get the Proxy Settings for Connecting to the DDNS server](#getddnsinternetsetting)
+- [SetDDnsInternetSetting - Set the Proxy Settings for Connecting to the DDNS server](#setddnsinternetsetting)
 - [SetVgsConfig - Set the VPN Gate Server Configuration](#setvgsconfig)
 - [GetVgsConfig - Get the VPN Gate Server Configuration](#getvgsconfig)
 
@@ -283,7 +283,7 @@ Get server information. This allows you to obtain the server information of the
     "ServerBuildInt_u32": 0,
     "ServerHostName_str": "serverhostname",
     "ServerType_u32": 0,
-    "ServerBuildDate_dt": "2020-08-01T12:24:36.123",
+    "ServerBuildDate_dt": "2024-08-01T12:24:36.123",
     "ServerFamilyName_str": "serverfamilyname",
     "OsType_u32": 0,
     "OsServicePack_u32": 0,
@@ -368,9 +368,9 @@ Get Current Server Status. This allows you to obtain in real-time the current st
     "Send.BroadcastCount_u64": 0,
     "Send.UnicastBytes_u64": 0,
     "Send.UnicastCount_u64": 0,
-    "CurrentTime_dt": "2020-08-01T12:24:36.123",
+    "CurrentTime_dt": "2024-08-01T12:24:36.123",
     "CurrentTick_u64": 0,
-    "StartTime_dt": "2020-08-01T12:24:36.123",
+    "StartTime_dt": "2024-08-01T12:24:36.123",
     "TotalMemory_u64": 0,
     "UsedMemory_u64": 0,
     "FreeMemory_u64": 0,
@@ -768,7 +768,7 @@ Get Cluster Member Information. When the VPN Server is operating as a cluster co
   "result": {
     "Id_u32": 0,
     "Controller_bool": false,
-    "ConnectedTime_dt": "2020-08-01T12:24:36.123",
+    "ConnectedTime_dt": "2024-08-01T12:24:36.123",
     "Ip_ip": "192.168.0.1",
     "Hostname_str": "hostname",
     "Point_u32": 0,
@@ -849,7 +849,7 @@ Get List of Cluster Members. Use this API when the VPN Server is operating as a
       {
         "Id_u32": 0,
         "Controller_bool": false,
-        "ConnectedTime_dt": "2020-08-01T12:24:36.123",
+        "ConnectedTime_dt": "2024-08-01T12:24:36.123",
         "Ip_ip": "192.168.0.1",
         "Hostname_str": "hostname",
         "Point_u32": 0,
@@ -862,7 +862,7 @@ Get List of Cluster Members. Use this API when the VPN Server is operating as a
       {
         "Id_u32": 0,
         "Controller_bool": false,
-        "ConnectedTime_dt": "2020-08-01T12:24:36.123",
+        "ConnectedTime_dt": "2024-08-01T12:24:36.123",
         "Ip_ip": "192.168.0.1",
         "Hostname_str": "hostname",
         "Point_u32": 0,
@@ -875,7 +875,7 @@ Get List of Cluster Members. Use this API when the VPN Server is operating as a
       {
         "Id_u32": 0,
         "Controller_bool": false,
-        "ConnectedTime_dt": "2020-08-01T12:24:36.123",
+        "ConnectedTime_dt": "2024-08-01T12:24:36.123",
         "Ip_ip": "192.168.0.1",
         "Hostname_str": "hostname",
         "Point_u32": 0,
@@ -934,9 +934,9 @@ Get Connection Status to Cluster Controller. Use this API when the VPN Server is
     "Port_u32": 0,
     "Online_bool": false,
     "LastError_u32": 0,
-    "StartedTime_dt": "2020-08-01T12:24:36.123",
-    "FirstConnectedTime_dt": "2020-08-01T12:24:36.123",
-    "CurrentConnectedTime_dt": "2020-08-01T12:24:36.123",
+    "StartedTime_dt": "2024-08-01T12:24:36.123",
+    "FirstConnectedTime_dt": "2024-08-01T12:24:36.123",
+    "CurrentConnectedTime_dt": "2024-08-01T12:24:36.123",
     "NumTry_u32": 0,
     "NumConnected_u32": 0,
     "NumFailed_u32": 0
@@ -1278,9 +1278,9 @@ Get List of Virtual Hubs. Use this to get a list of existing Virtual Hubs on the
         "NumSessions_u32": 0,
         "NumMacTables_u32": 0,
         "NumIpTables_u32": 0,
-        "LastCommTime_dt": "2020-08-01T12:24:36.123",
-        "LastLoginTime_dt": "2020-08-01T12:24:36.123",
-        "CreatedTime_dt": "2020-08-01T12:24:36.123",
+        "LastCommTime_dt": "2024-08-01T12:24:36.123",
+        "LastLoginTime_dt": "2024-08-01T12:24:36.123",
+        "CreatedTime_dt": "2024-08-01T12:24:36.123",
         "NumLogin_u32": 0,
         "IsTrafficFilled_bool": false,
         "Ex.Recv.BroadcastBytes_u64": 0,
@@ -1301,9 +1301,9 @@ Get List of Virtual Hubs. Use this to get a list of existing Virtual Hubs on the
         "NumSessions_u32": 0,
         "NumMacTables_u32": 0,
         "NumIpTables_u32": 0,
-        "LastCommTime_dt": "2020-08-01T12:24:36.123",
-        "LastLoginTime_dt": "2020-08-01T12:24:36.123",
-        "CreatedTime_dt": "2020-08-01T12:24:36.123",
+        "LastCommTime_dt": "2024-08-01T12:24:36.123",
+        "LastLoginTime_dt": "2024-08-01T12:24:36.123",
+        "CreatedTime_dt": "2024-08-01T12:24:36.123",
         "NumLogin_u32": 0,
         "IsTrafficFilled_bool": false,
         "Ex.Recv.BroadcastBytes_u64": 0,
@@ -1324,9 +1324,9 @@ Get List of Virtual Hubs. Use this to get a list of existing Virtual Hubs on the
         "NumSessions_u32": 0,
         "NumMacTables_u32": 0,
         "NumIpTables_u32": 0,
-        "LastCommTime_dt": "2020-08-01T12:24:36.123",
-        "LastLoginTime_dt": "2020-08-01T12:24:36.123",
-        "CreatedTime_dt": "2020-08-01T12:24:36.123",
+        "LastCommTime_dt": "2024-08-01T12:24:36.123",
+        "LastLoginTime_dt": "2024-08-01T12:24:36.123",
+        "CreatedTime_dt": "2024-08-01T12:24:36.123",
         "NumLogin_u32": 0,
         "IsTrafficFilled_bool": false,
         "Ex.Recv.BroadcastBytes_u64": 0,
@@ -1525,7 +1525,7 @@ Get List of TCP Connections Connecting to the VPN Server. Use this to get a list
         "Hostname_str": "hostname",
         "Ip_ip": "192.168.0.1",
         "Port_u32": 0,
-        "ConnectedTime_dt": "2020-08-01T12:24:36.123",
+        "ConnectedTime_dt": "2024-08-01T12:24:36.123",
         "Type_u32": 0
       },
       {
@@ -1533,7 +1533,7 @@ Get List of TCP Connections Connecting to the VPN Server. Use this to get a list
         "Hostname_str": "hostname",
         "Ip_ip": "192.168.0.1",
         "Port_u32": 0,
-        "ConnectedTime_dt": "2020-08-01T12:24:36.123",
+        "ConnectedTime_dt": "2024-08-01T12:24:36.123",
         "Type_u32": 0
       },
       {
@@ -1541,7 +1541,7 @@ Get List of TCP Connections Connecting to the VPN Server. Use this to get a list
         "Hostname_str": "hostname",
         "Ip_ip": "192.168.0.1",
         "Port_u32": 0,
-        "ConnectedTime_dt": "2020-08-01T12:24:36.123",
+        "ConnectedTime_dt": "2024-08-01T12:24:36.123",
         "Type_u32": 0
       }
     ]
@@ -1626,7 +1626,7 @@ Get Information of TCP Connections Connecting to the VPN Server. Use this to get
     "Hostname_str": "hostname",
     "Ip_ip": "192.168.0.1",
     "Port_u32": 0,
-    "ConnectedTime_dt": "2020-08-01T12:24:36.123",
+    "ConnectedTime_dt": "2024-08-01T12:24:36.123",
     "ServerStr_str": "serverstr",
     "ServerVer_u32": 0,
     "ServerBuild_u32": 0,
@@ -1736,9 +1736,9 @@ Get Current Status of Virtual Hub. Use this to get the current status of the Vir
     "Send.UnicastBytes_u64": 0,
     "Send.UnicastCount_u64": 0,
     "SecureNATEnabled_bool": false,
-    "LastCommTime_dt": "2020-08-01T12:24:36.123",
-    "LastLoginTime_dt": "2020-08-01T12:24:36.123",
-    "CreatedTime_dt": "2020-08-01T12:24:36.123",
+    "LastCommTime_dt": "2024-08-01T12:24:36.123",
+    "LastLoginTime_dt": "2024-08-01T12:24:36.123",
+    "CreatedTime_dt": "2024-08-01T12:24:36.123",
     "NumLogin_u32": 0
   }
 }
@@ -1948,19 +1948,19 @@ Get List of Trusted CA Certificates. Here you can manage the certificate authori
         "Key_u32": 0,
         "SubjectName_utf": "subjectname",
         "IssuerName_utf": "issuername",
-        "Expires_dt": "2020-08-01T12:24:36.123"
+        "Expires_dt": "2024-08-01T12:24:36.123"
       },
       {
         "Key_u32": 0,
         "SubjectName_utf": "subjectname",
         "IssuerName_utf": "issuername",
-        "Expires_dt": "2020-08-01T12:24:36.123"
+        "Expires_dt": "2024-08-01T12:24:36.123"
       },
       {
         "Key_u32": 0,
         "SubjectName_utf": "subjectname",
         "IssuerName_utf": "issuername",
-        "Expires_dt": "2020-08-01T12:24:36.123"
+        "Expires_dt": "2024-08-01T12:24:36.123"
       }
     ]
   }
@@ -2210,7 +2210,7 @@ Name | Type | Description
 `NoUdpAcceleration_bool` | `boolean` | Client Option Parameters: Do not use UDP acceleration mode if the value is true
 `AuthType_u32` | `number` (enum) | Authentication type<BR>Values:<BR>`0`: Anonymous authentication<BR>`1`: SHA-0 hashed password authentication<BR>`2`: Plain password authentication<BR>`3`: Certificate authentication
 `Username_str` | `string` (ASCII) | User name
-`HashedPassword_bin` | `string` (Base64 binary) | SHA-0 Hashed password. Valid only if ClientAuth_AuthType_u32 == SHA0_Hashed_Password (1). The SHA-0 hashed password must be caluclated by the SHA0(password_ascii_string + UpperCase(username_ascii_string)).
+`HashedPassword_bin` | `string` (Base64 binary) | SHA-0 Hashed password. Valid only if ClientAuth_AuthType_u32 == SHA0_Hashed_Password (1). The SHA-0 hashed password must be caluclated by the SHA0(UpperCase(username_ascii_string) + password_ascii_string).
 `PlainPassword_str` | `string` (ASCII) | Plaintext Password. Valid only if ClientAuth_AuthType_u32 == PlainPassword (2).
 `ClientX_bin` | `string` (Base64 binary) | Client certificate. Valid only if ClientAuth_AuthType_u32 == Cert (3).
 `ClientK_bin` | `string` (Base64 binary) | Client private key of the certificate. Valid only if ClientAuth_AuthType_u32 == Cert (3).
@@ -2537,7 +2537,7 @@ Name | Type | Description
 `NoUdpAcceleration_bool` | `boolean` | Client Option Parameters: Do not use UDP acceleration mode if the value is true
 `AuthType_u32` | `number` (enum) | Authentication type<BR>Values:<BR>`0`: Anonymous authentication<BR>`1`: SHA-0 hashed password authentication<BR>`2`: Plain password authentication<BR>`3`: Certificate authentication
 `Username_str` | `string` (ASCII) | User name
-`HashedPassword_bin` | `string` (Base64 binary) | SHA-0 Hashed password. Valid only if ClientAuth_AuthType_u32 == SHA0_Hashed_Password (1). The SHA-0 hashed password must be caluclated by the SHA0(password_ascii_string + UpperCase(username_ascii_string)).
+`HashedPassword_bin` | `string` (Base64 binary) | SHA-0 Hashed password. Valid only if ClientAuth_AuthType_u32 == SHA0_Hashed_Password (1). The SHA-0 hashed password must be caluclated by the SHA0(UpperCase(username_ascii_string) + password_ascii_string).
 `PlainPassword_str` | `string` (ASCII) | Plaintext Password. Valid only if ClientAuth_AuthType_u32 == PlainPassword (2).
 `ClientX_bin` | `string` (Base64 binary) | Client certificate. Valid only if ClientAuth_AuthType_u32 == Cert (3).
 `ClientK_bin` | `string` (Base64 binary) | Client private key of the certificate. Valid only if ClientAuth_AuthType_u32 == Cert (3).
@@ -2600,7 +2600,7 @@ Get List of Cascade Connections. Use this to get a list of Cascade Connections t
         "Online_bool": false,
         "Connected_bool": false,
         "LastError_u32": 0,
-        "ConnectedTime_dt": "2020-08-01T12:24:36.123",
+        "ConnectedTime_dt": "2024-08-01T12:24:36.123",
         "Hostname_str": "hostname",
         "TargetHubName_str": "targethubname"
       },
@@ -2609,7 +2609,7 @@ Get List of Cascade Connections. Use this to get a list of Cascade Connections t
         "Online_bool": false,
         "Connected_bool": false,
         "LastError_u32": 0,
-        "ConnectedTime_dt": "2020-08-01T12:24:36.123",
+        "ConnectedTime_dt": "2024-08-01T12:24:36.123",
         "Hostname_str": "hostname",
         "TargetHubName_str": "targethubname"
       },
@@ -2618,7 +2618,7 @@ Get List of Cascade Connections. Use this to get a list of Cascade Connections t
         "Online_bool": false,
         "Connected_bool": false,
         "LastError_u32": 0,
-        "ConnectedTime_dt": "2020-08-01T12:24:36.123",
+        "ConnectedTime_dt": "2024-08-01T12:24:36.123",
         "Hostname_str": "hostname",
         "TargetHubName_str": "targethubname"
       }
@@ -2834,9 +2834,9 @@ Get Current Cascade Connection Status. When a Cascade Connection registered on t
     "ServerProductBuild_u32": 0,
     "ServerX_bin": "SGVsbG8gV29ybGQ=",
     "ClientX_bin": "SGVsbG8gV29ybGQ=",
-    "StartTime_dt": "2020-08-01T12:24:36.123",
-    "FirstConnectionEstablisiedTime_dt": "2020-08-01T12:24:36.123",
-    "CurrentConnectionEstablishTime_dt": "2020-08-01T12:24:36.123",
+    "StartTime_dt": "2024-08-01T12:24:36.123",
+    "FirstConnectionEstablisiedTime_dt": "2024-08-01T12:24:36.123",
+    "CurrentConnectionEstablishTime_dt": "2024-08-01T12:24:36.123",
     "NumConnectionsEatablished_u32": 0,
     "HalfConnection_bool": false,
     "QoS_bool": false,
@@ -3566,7 +3566,7 @@ Create a user. Use this to create a new user in the security account database of
     "Name_str": "name",
     "Realname_utf": "realname",
     "Note_utf": "note",
-    "ExpireTime_dt": "2020-08-01T12:24:36.123",
+    "ExpireTime_dt": "2024-08-01T12:24:36.123",
     "AuthType_u32": 0,
     "Auth_Password_str": "auth_password",
     "UserX_bin": "SGVsbG8gV29ybGQ=",
@@ -3629,9 +3629,9 @@ Create a user. Use this to create a new user in the security account database of
     "GroupName_str": "groupname",
     "Realname_utf": "realname",
     "Note_utf": "note",
-    "CreatedTime_dt": "2020-08-01T12:24:36.123",
-    "UpdatedTime_dt": "2020-08-01T12:24:36.123",
-    "ExpireTime_dt": "2020-08-01T12:24:36.123",
+    "CreatedTime_dt": "2024-08-01T12:24:36.123",
+    "UpdatedTime_dt": "2024-08-01T12:24:36.123",
+    "ExpireTime_dt": "2024-08-01T12:24:36.123",
     "AuthType_u32": 0,
     "Auth_Password_str": "auth_password",
     "UserX_bin": "SGVsbG8gV29ybGQ=",
@@ -3779,7 +3779,7 @@ Change User Settings. Use this to change user settings that is registered on the
     "GroupName_str": "groupname",
     "Realname_utf": "realname",
     "Note_utf": "note",
-    "ExpireTime_dt": "2020-08-01T12:24:36.123",
+    "ExpireTime_dt": "2024-08-01T12:24:36.123",
     "AuthType_u32": 0,
     "Auth_Password_str": "auth_password",
     "UserX_bin": "SGVsbG8gV29ybGQ=",
@@ -3842,9 +3842,9 @@ Change User Settings. Use this to change user settings that is registered on the
     "GroupName_str": "groupname",
     "Realname_utf": "realname",
     "Note_utf": "note",
-    "CreatedTime_dt": "2020-08-01T12:24:36.123",
-    "UpdatedTime_dt": "2020-08-01T12:24:36.123",
-    "ExpireTime_dt": "2020-08-01T12:24:36.123",
+    "CreatedTime_dt": "2024-08-01T12:24:36.123",
+    "UpdatedTime_dt": "2024-08-01T12:24:36.123",
+    "ExpireTime_dt": "2024-08-01T12:24:36.123",
     "AuthType_u32": 0,
     "Auth_Password_str": "auth_password",
     "UserX_bin": "SGVsbG8gV29ybGQ=",
@@ -4004,9 +4004,9 @@ Get User Settings. Use this to get user settings information that is registered
     "GroupName_str": "groupname",
     "Realname_utf": "realname",
     "Note_utf": "note",
-    "CreatedTime_dt": "2020-08-01T12:24:36.123",
-    "UpdatedTime_dt": "2020-08-01T12:24:36.123",
-    "ExpireTime_dt": "2020-08-01T12:24:36.123",
+    "CreatedTime_dt": "2024-08-01T12:24:36.123",
+    "UpdatedTime_dt": "2024-08-01T12:24:36.123",
+    "ExpireTime_dt": "2024-08-01T12:24:36.123",
     "AuthType_u32": 0,
     "Auth_Password_str": "auth_password",
     "UserX_bin": "SGVsbG8gV29ybGQ=",
@@ -4207,11 +4207,11 @@ Get List of Users. Use this to get a list of users that are registered on the se
         "Note_utf": "note",
         "AuthType_u32": 0,
         "NumLogin_u32": 0,
-        "LastLoginTime_dt": "2020-08-01T12:24:36.123",
+        "LastLoginTime_dt": "2024-08-01T12:24:36.123",
         "DenyAccess_bool": false,
         "IsTrafficFilled_bool": false,
         "IsExpiresFilled_bool": false,
-        "Expires_dt": "2020-08-01T12:24:36.123",
+        "Expires_dt": "2024-08-01T12:24:36.123",
         "Ex.Recv.BroadcastBytes_u64": 0,
         "Ex.Recv.BroadcastCount_u64": 0,
         "Ex.Recv.UnicastBytes_u64": 0,
@@ -4228,11 +4228,11 @@ Get List of Users. Use this to get a list of users that are registered on the se
         "Note_utf": "note",
         "AuthType_u32": 0,
         "NumLogin_u32": 0,
-        "LastLoginTime_dt": "2020-08-01T12:24:36.123",
+        "LastLoginTime_dt": "2024-08-01T12:24:36.123",
         "DenyAccess_bool": false,
         "IsTrafficFilled_bool": false,
         "IsExpiresFilled_bool": false,
-        "Expires_dt": "2020-08-01T12:24:36.123",
+        "Expires_dt": "2024-08-01T12:24:36.123",
         "Ex.Recv.BroadcastBytes_u64": 0,
         "Ex.Recv.BroadcastCount_u64": 0,
         "Ex.Recv.UnicastBytes_u64": 0,
@@ -4249,11 +4249,11 @@ Get List of Users. Use this to get a list of users that are registered on the se
         "Note_utf": "note",
         "AuthType_u32": 0,
         "NumLogin_u32": 0,
-        "LastLoginTime_dt": "2020-08-01T12:24:36.123",
+        "LastLoginTime_dt": "2024-08-01T12:24:36.123",
         "DenyAccess_bool": false,
         "IsTrafficFilled_bool": false,
         "IsExpiresFilled_bool": false,
-        "Expires_dt": "2020-08-01T12:24:36.123",
+        "Expires_dt": "2024-08-01T12:24:36.123",
         "Ex.Recv.BroadcastBytes_u64": 0,
         "Ex.Recv.BroadcastCount_u64": 0,
         "Ex.Recv.UnicastBytes_u64": 0,
@@ -4605,14 +4605,14 @@ Name | Type | Description
 `Name_str` | `string` (ASCII) | The group name
 `Realname_utf` | `string` (UTF8) | Optional real name (full name) of the group, allow using any Unicode characters
 `Note_utf` | `string` (UTF8) | Optional, specify a description of the group
-`Recv.BroadcastBytes_u64` | `number` (uint64) | Broadcast bytes (Recv)
-`Recv.BroadcastCount_u64` | `number` (uint64) | Number of broadcast packets (Recv)
-`Recv.UnicastBytes_u64` | `number` (uint64) | Unicast bytes (Recv)
-`Recv.UnicastCount_u64` | `number` (uint64) | Unicast count (Recv)
-`Send.BroadcastBytes_u64` | `number` (uint64) | Broadcast bytes (Send)
-`Send.BroadcastCount_u64` | `number` (uint64) | Number of broadcast packets (Send)
+`Recv.BroadcastBytes_u64` | `number` (uint64) | Number of broadcast packets (Recv)
+`Recv.BroadcastCount_u64` | `number` (uint64) | Broadcast bytes (Recv)
+`Recv.UnicastBytes_u64` | `number` (uint64) | Unicast count (Recv)
+`Recv.UnicastCount_u64` | `number` (uint64) | Unicast bytes (Recv)
+`Send.BroadcastBytes_u64` | `number` (uint64) | Number of broadcast packets (Send)
+`Send.BroadcastCount_u64` | `number` (uint64) | Broadcast bytes (Send)
 `Send.UnicastBytes_u64` | `number` (uint64) | Unicast bytes (Send)
-`Send.UnicastCount_u64` | `number` (uint64) | Unicast count (Send)
+`Send.UnicastCount_u64` | `number` (uint64) | Unicast bytes (Send)
 `UsePolicy_bool` | `boolean` | The flag whether to use security policy
 `policy:Access_bool` | `boolean` | Security policy: Allow Access. The users, which this policy value is true, have permission to make VPN connection to VPN Server.
 `policy:DHCPFilter_bool` | `boolean` | Security policy: Filter DHCP Packets (IPv4). All IPv4 DHCP packets in sessions defined this policy will be filtered.
@@ -4939,8 +4939,8 @@ Get List of Connected VPN Sessions. Use this to get a list of the sessions conne
         "Client_MonitorMode_bool": false,
         "VLanId_u32": 0,
         "UniqueId_bin": "SGVsbG8gV29ybGQ=",
-        "CreatedTime_dt": "2020-08-01T12:24:36.123",
-        "LastCommTime_dt": "2020-08-01T12:24:36.123"
+        "CreatedTime_dt": "2024-08-01T12:24:36.123",
+        "LastCommTime_dt": "2024-08-01T12:24:36.123"
       },
       {
         "Name_str": "name",
@@ -4961,8 +4961,8 @@ Get List of Connected VPN Sessions. Use this to get a list of the sessions conne
         "Client_MonitorMode_bool": false,
         "VLanId_u32": 0,
         "UniqueId_bin": "SGVsbG8gV29ybGQ=",
-        "CreatedTime_dt": "2020-08-01T12:24:36.123",
-        "LastCommTime_dt": "2020-08-01T12:24:36.123"
+        "CreatedTime_dt": "2024-08-01T12:24:36.123",
+        "LastCommTime_dt": "2024-08-01T12:24:36.123"
       },
       {
         "Name_str": "name",
@@ -4983,8 +4983,8 @@ Get List of Connected VPN Sessions. Use this to get a list of the sessions conne
         "Client_MonitorMode_bool": false,
         "VLanId_u32": 0,
         "UniqueId_bin": "SGVsbG8gV29ybGQ=",
-        "CreatedTime_dt": "2020-08-01T12:24:36.123",
-        "LastCommTime_dt": "2020-08-01T12:24:36.123"
+        "CreatedTime_dt": "2024-08-01T12:24:36.123",
+        "LastCommTime_dt": "2024-08-01T12:24:36.123"
       }
     ]
   }
@@ -5059,9 +5059,9 @@ Get Session Status. Use this to specify a session currently connected to the cur
     "ServerProductName_str": "serverproductname",
     "ServerProductVer_u32": 0,
     "ServerProductBuild_u32": 0,
-    "StartTime_dt": "2020-08-01T12:24:36.123",
-    "FirstConnectionEstablisiedTime_dt": "2020-08-01T12:24:36.123",
-    "CurrentConnectionEstablishTime_dt": "2020-08-01T12:24:36.123",
+    "StartTime_dt": "2024-08-01T12:24:36.123",
+    "FirstConnectionEstablisiedTime_dt": "2024-08-01T12:24:36.123",
+    "CurrentConnectionEstablishTime_dt": "2024-08-01T12:24:36.123",
     "NumConnectionsEatablished_u32": 0,
     "HalfConnection_bool": false,
     "QoS_bool": false,
@@ -5222,8 +5222,8 @@ Get the MAC Address Table Database. Use this to get the MAC address table databa
         "Key_u32": 0,
         "SessionName_str": "sessionname",
         "MacAddress_bin": "SGVsbG8gV29ybGQ=",
-        "CreatedTime_dt": "2020-08-01T12:24:36.123",
-        "UpdatedTime_dt": "2020-08-01T12:24:36.123",
+        "CreatedTime_dt": "2024-08-01T12:24:36.123",
+        "UpdatedTime_dt": "2024-08-01T12:24:36.123",
         "RemoteItem_bool": false,
         "RemoteHostname_str": "remotehostname",
         "VlanId_u32": 0
@@ -5232,8 +5232,8 @@ Get the MAC Address Table Database. Use this to get the MAC address table databa
         "Key_u32": 0,
         "SessionName_str": "sessionname",
         "MacAddress_bin": "SGVsbG8gV29ybGQ=",
-        "CreatedTime_dt": "2020-08-01T12:24:36.123",
-        "UpdatedTime_dt": "2020-08-01T12:24:36.123",
+        "CreatedTime_dt": "2024-08-01T12:24:36.123",
+        "UpdatedTime_dt": "2024-08-01T12:24:36.123",
         "RemoteItem_bool": false,
         "RemoteHostname_str": "remotehostname",
         "VlanId_u32": 0
@@ -5242,8 +5242,8 @@ Get the MAC Address Table Database. Use this to get the MAC address table databa
         "Key_u32": 0,
         "SessionName_str": "sessionname",
         "MacAddress_bin": "SGVsbG8gV29ybGQ=",
-        "CreatedTime_dt": "2020-08-01T12:24:36.123",
-        "UpdatedTime_dt": "2020-08-01T12:24:36.123",
+        "CreatedTime_dt": "2024-08-01T12:24:36.123",
+        "UpdatedTime_dt": "2024-08-01T12:24:36.123",
         "RemoteItem_bool": false,
         "RemoteHostname_str": "remotehostname",
         "VlanId_u32": 0
@@ -5337,8 +5337,8 @@ Get the IP Address Table Database. Use this to get the IP address table database
         "SessionName_str": "sessionname",
         "IpAddress_ip": "192.168.0.1",
         "DhcpAllocated_bool": false,
-        "CreatedTime_dt": "2020-08-01T12:24:36.123",
-        "UpdatedTime_dt": "2020-08-01T12:24:36.123",
+        "CreatedTime_dt": "2024-08-01T12:24:36.123",
+        "UpdatedTime_dt": "2024-08-01T12:24:36.123",
         "RemoteItem_bool": false,
         "RemoteHostname_str": "remotehostname"
       },
@@ -5347,8 +5347,8 @@ Get the IP Address Table Database. Use this to get the IP address table database
         "SessionName_str": "sessionname",
         "IpAddress_ip": "192.168.0.1",
         "DhcpAllocated_bool": false,
-        "CreatedTime_dt": "2020-08-01T12:24:36.123",
-        "UpdatedTime_dt": "2020-08-01T12:24:36.123",
+        "CreatedTime_dt": "2024-08-01T12:24:36.123",
+        "UpdatedTime_dt": "2024-08-01T12:24:36.123",
         "RemoteItem_bool": false,
         "RemoteHostname_str": "remotehostname"
       },
@@ -5357,8 +5357,8 @@ Get the IP Address Table Database. Use this to get the IP address table database
         "SessionName_str": "sessionname",
         "IpAddress_ip": "192.168.0.1",
         "DhcpAllocated_bool": false,
-        "CreatedTime_dt": "2020-08-01T12:24:36.123",
-        "UpdatedTime_dt": "2020-08-01T12:24:36.123",
+        "CreatedTime_dt": "2024-08-01T12:24:36.123",
+        "UpdatedTime_dt": "2024-08-01T12:24:36.123",
         "RemoteItem_bool": false,
         "RemoteHostname_str": "remotehostname"
       }
@@ -5778,8 +5778,8 @@ Get Virtual NAT Function Session Table of SecureNAT Function. Use this to get th
         "DestIp_ip": "192.168.0.1",
         "DestHost_str": "desthost",
         "DestPort_u32": 0,
-        "CreatedTime_dt": "2020-08-01T12:24:36.123",
-        "LastCommTime_dt": "2020-08-01T12:24:36.123",
+        "CreatedTime_dt": "2024-08-01T12:24:36.123",
+        "LastCommTime_dt": "2024-08-01T12:24:36.123",
         "SendSize_u64": 0,
         "RecvSize_u64": 0,
         "TcpStatus_u32": 0
@@ -5793,8 +5793,8 @@ Get Virtual NAT Function Session Table of SecureNAT Function. Use this to get th
         "DestIp_ip": "192.168.0.1",
         "DestHost_str": "desthost",
         "DestPort_u32": 0,
-        "CreatedTime_dt": "2020-08-01T12:24:36.123",
-        "LastCommTime_dt": "2020-08-01T12:24:36.123",
+        "CreatedTime_dt": "2024-08-01T12:24:36.123",
+        "LastCommTime_dt": "2024-08-01T12:24:36.123",
         "SendSize_u64": 0,
         "RecvSize_u64": 0,
         "TcpStatus_u32": 0
@@ -5808,8 +5808,8 @@ Get Virtual NAT Function Session Table of SecureNAT Function. Use this to get th
         "DestIp_ip": "192.168.0.1",
         "DestHost_str": "desthost",
         "DestPort_u32": 0,
-        "CreatedTime_dt": "2020-08-01T12:24:36.123",
-        "LastCommTime_dt": "2020-08-01T12:24:36.123",
+        "CreatedTime_dt": "2024-08-01T12:24:36.123",
+        "LastCommTime_dt": "2024-08-01T12:24:36.123",
         "SendSize_u64": 0,
         "RecvSize_u64": 0,
         "TcpStatus_u32": 0
@@ -5867,8 +5867,8 @@ Get Virtual DHCP Server Function Lease Table of SecureNAT Function. Use this to
     "DhcpTable": [
       {
         "Id_u32": 0,
-        "LeasedTime_dt": "2020-08-01T12:24:36.123",
-        "ExpireTime_dt": "2020-08-01T12:24:36.123",
+        "LeasedTime_dt": "2024-08-01T12:24:36.123",
+        "ExpireTime_dt": "2024-08-01T12:24:36.123",
         "MacAddress_bin": "SGVsbG8gV29ybGQ=",
         "IpAddress_ip": "192.168.0.1",
         "Mask_u32": 0,
@@ -5876,8 +5876,8 @@ Get Virtual DHCP Server Function Lease Table of SecureNAT Function. Use this to
       },
       {
         "Id_u32": 0,
-        "LeasedTime_dt": "2020-08-01T12:24:36.123",
-        "ExpireTime_dt": "2020-08-01T12:24:36.123",
+        "LeasedTime_dt": "2024-08-01T12:24:36.123",
+        "ExpireTime_dt": "2024-08-01T12:24:36.123",
         "MacAddress_bin": "SGVsbG8gV29ybGQ=",
         "IpAddress_ip": "192.168.0.1",
         "Mask_u32": 0,
@@ -5885,8 +5885,8 @@ Get Virtual DHCP Server Function Lease Table of SecureNAT Function. Use this to
       },
       {
         "Id_u32": 0,
-        "LeasedTime_dt": "2020-08-01T12:24:36.123",
-        "ExpireTime_dt": "2020-08-01T12:24:36.123",
+        "LeasedTime_dt": "2024-08-01T12:24:36.123",
+        "ExpireTime_dt": "2024-08-01T12:24:36.123",
         "MacAddress_bin": "SGVsbG8gV29ybGQ=",
         "IpAddress_ip": "192.168.0.1",
         "Mask_u32": 0,
@@ -7642,19 +7642,19 @@ Get List of Log Files. Use this to display a list of log files outputted by the
         "ServerName_str": "servername",
         "FilePath_str": "filepath",
         "FileSize_u32": 0,
-        "UpdatedTime_dt": "2020-08-01T12:24:36.123"
+        "UpdatedTime_dt": "2024-08-01T12:24:36.123"
       },
       {
         "ServerName_str": "servername",
         "FilePath_str": "filepath",
         "FileSize_u32": 0,
-        "UpdatedTime_dt": "2020-08-01T12:24:36.123"
+        "UpdatedTime_dt": "2024-08-01T12:24:36.123"
       },
       {
         "ServerName_str": "servername",
         "FilePath_str": "filepath",
         "FileSize_u32": 0,
-        "UpdatedTime_dt": "2020-08-01T12:24:36.123"
+        "UpdatedTime_dt": "2024-08-01T12:24:36.123"
       }
     ]
   }
@@ -8642,8 +8642,8 @@ Name | Type | Description
 `IsConnected_bool` | `boolean` | Whether connection to VPN Azure Cloud Server is established
 
 ***
-<a id="getddnsinternetsettng"></a>
-## "GetDDnsInternetSettng" RPC API - Get the Proxy Settings for Connecting to the DDNS server
+<a id="getddnsinternetsetting"></a>
+## "GetDDnsInternetSetting" RPC API - Get the Proxy Settings for Connecting to the DDNS server
 ### Description
 Get the Proxy Settings for Connecting to the DDNS server.
 
@@ -8652,7 +8652,7 @@ Get the Proxy Settings for Connecting to the DDNS server.
 {
   "jsonrpc": "2.0",
   "id": "rpc_call_id",
-  "method": "GetDDnsInternetSettng",
+  "method": "GetDDnsInternetSetting",
   "params": {}
 }
 ```
@@ -8683,8 +8683,8 @@ Name | Type | Description
 `ProxyPassword_str` | `string` (ASCII) | Proxy server password
 
 ***
-<a id="setddnsinternetsettng"></a>
-## "SetDDnsInternetSettng" RPC API - Set the Proxy Settings for Connecting to the DDNS server
+<a id="setddnsinternetsetting"></a>
+## "SetDDnsInternetSetting" RPC API - Set the Proxy Settings for Connecting to the DDNS server
 ### Description
 Set the Proxy Settings for Connecting to the DDNS server.
 
@@ -8693,7 +8693,7 @@ Set the Proxy Settings for Connecting to the DDNS server.
 {
   "jsonrpc": "2.0",
   "id": "rpc_call_id",
-  "method": "SetDDnsInternetSettng",
+  "method": "SetDDnsInternetSetting",
   "params": {
     "ProxyType_u32": 0,
     "ProxyHostName_str": "proxyhostname",
@@ -8730,6 +8730,6 @@ Name | Type | Description
 `ProxyPassword_str` | `string` (ASCII) | Proxy server password
 
 ***
-Automatically generated at 2019-07-10 14:36:11 by vpnserver-jsonrpc-codegen.  
-Copyright (c) 2014-2019 [SoftEther VPN Project](https://www.softether.org/) under the Apache License 2.0.  
+Automatically generated at 2023-05-10 14:43:37 by vpnserver-jsonrpc-codegen.  
+Copyright (c) 2014-2023 [SoftEther VPN Project](https://www.softether.org/) under the Apache License 2.0.  
 

developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-csharp/rpc-stubs/JsonRpc.cs

@@ -2,10 +2,10 @@
 // 
 // JsonRpc.cs - JSON-RPC Client Utility Functions
 //
-// Automatically generated at 2019-07-10 14:36:11 by vpnserver-jsonrpc-codegen
+// Automatically generated at 2023-05-10 14:43:37 by vpnserver-jsonrpc-codegen
 //
 // Licensed under the Apache License 2.0
-// Copyright (c) 2014-2019 SoftEther VPN Project
+// Copyright (c) 2014-2023 SoftEther VPN Project
 
 using System;
 using System.IO;

developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-csharp/rpc-stubs/VPNServerRpc.cs

@@ -2,10 +2,10 @@
 // 
 // VPNServerRpc.cs - SoftEther VPN Server's JSON-RPC Stubs
 //
-// Automatically generated at 2019-07-10 14:36:11 by vpnserver-jsonrpc-codegen
+// Automatically generated at 2023-05-10 14:43:37 by vpnserver-jsonrpc-codegen
 //
 // Licensed under the Apache License 2.0
-// Copyright (c) 2014-2019 SoftEther VPN Project
+// Copyright (c) 2014-2023 SoftEther VPN Project
 
 using System.Threading.Tasks;
 using SoftEther.JsonRpc;
@@ -1357,22 +1357,22 @@ namespace SoftEther.VPNServerRpc
         /// <summary>
         /// Get the Proxy Settings for Connecting to the DDNS server (Async mode).
         /// </summary>
-        public async Task<VpnInternetSetting> GetDDnsInternetSettngAsync() => await CallAsync<VpnInternetSetting>("GetDDnsInternetSettng", new VpnInternetSetting());
+        public async Task<VpnInternetSetting> GetDDnsInternetSettingAsync() => await CallAsync<VpnInternetSetting>("GetDDnsInternetSetting", new VpnInternetSetting());
 
         /// <summary>
         /// Get the Proxy Settings for Connecting to the DDNS server (Async mode).
         /// </summary>
-        public VpnInternetSetting GetDDnsInternetSettng() => GetDDnsInternetSettngAsync().Result;
+        public VpnInternetSetting GetDDnsInternetSetting() => GetDDnsInternetSettingAsync().Result;
 
         /// <summary>
         /// Set the Proxy Settings for Connecting to the DDNS server (Async mode).
         /// </summary>
-        public async Task<VpnInternetSetting> SetDDnsInternetSettngAsync(VpnInternetSetting input_param) => await CallAsync<VpnInternetSetting>("SetDDnsInternetSettng", input_param);
+        public async Task<VpnInternetSetting> SetDDnsInternetSettingAsync(VpnInternetSetting input_param) => await CallAsync<VpnInternetSetting>("SetDDnsInternetSetting", input_param);
 
         /// <summary>
         /// Set the Proxy Settings for Connecting to the DDNS server (Sync mode).
         /// </summary>
-        public VpnInternetSetting SetDDnsInternetSettng(VpnInternetSetting input_param) => SetDDnsInternetSettngAsync(input_param).Result;
+        public VpnInternetSetting SetDDnsInternetSetting(VpnInternetSetting input_param) => SetDDnsInternetSettingAsync(input_param).Result;
 
         /// <summary>
         /// Set the VPN Gate Server Configuration (Async mode). This API is valid for Win32 binary distribution of the Stable Edition of SoftEther VPN Server.

developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-csharp/rpc-stubs/VPNServerRpcTypes.cs

@@ -2,10 +2,10 @@
 // 
 // VPNServerRpcTypes.cs - Data Type Definition for SoftEther VPN Server JSON-RPC Stubs
 //
-// Automatically generated at 2019-07-10 14:36:11 by vpnserver-jsonrpc-codegen
+// Automatically generated at 2023-05-10 14:43:37 by vpnserver-jsonrpc-codegen
 //
 // Licensed under the Apache License 2.0
-// Copyright (c) 2014-2019 SoftEther VPN Project
+// Copyright (c) 2014-2023 SoftEther VPN Project
 
 using System;
 using Newtonsoft.Json;

developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-csharp/sample/Main.cs

@@ -2,10 +2,10 @@
 // 
 // Program.cs - The Main() entry point
 //
-// Automatically generated at 2019-07-10 14:36:11 by vpnserver-jsonrpc-codegen
+// Automatically generated at 2023-05-10 14:43:37 by vpnserver-jsonrpc-codegen
 //
 // Licensed under the Apache License 2.0
-// Copyright (c) 2014-2019 SoftEther VPN Project
+// Copyright (c) 2014-2023 SoftEther VPN Project
 
 class Program
 {

developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-csharp/sample/VpnServerRpcTest.cs

@@ -5,10 +5,10 @@
 // This sample code shows how to call all available RPC functions.
 // You can copy and paste test code to write your own C# codes.
 //
-// Automatically generated at 2019-07-10 14:36:11 by vpnserver-jsonrpc-codegen
+// Automatically generated at 2023-05-10 14:43:37 by vpnserver-jsonrpc-codegen
 //
 // Licensed under the Apache License 2.0
-// Copyright (c) 2014-2019 SoftEther VPN Project
+// Copyright (c) 2014-2023 SoftEther VPN Project
 
 using System;
 using SoftEther.VPNServerRpc;
@@ -255,8 +255,8 @@ class VPNRPCTest
         Test_GetOpenVpnSstpConfig();
 
         Test_GetDDnsClientStatus();
-        Test_SetDDnsInternetSettng();
-        Test_GetDDnsInternetSettng();
+        Test_SetDDnsInternetSetting();
+        Test_GetDDnsInternetSetting();
 
         Test_ChangeDDnsClientHostname();
         Test_RegenerateServerCert();
@@ -3641,27 +3641,27 @@ class VPNRPCTest
     }
 
     /// <summary>
-    /// API test for 'GetDDnsInternetSettng', Get DDNS proxy configuration
+    /// API test for 'GetDDnsInternetSetting', Get DDNS proxy configuration
     /// </summary>
-    public void Test_GetDDnsInternetSettng()
+    public void Test_GetDDnsInternetSetting()
     {
-        Console.WriteLine("Begin: Test_GetDDnsInternetSettng");
+        Console.WriteLine("Begin: Test_GetDDnsInternetSetting");
 
-        VpnInternetSetting out_internet_setting = api.GetDDnsInternetSettng();
+        VpnInternetSetting out_internet_setting = api.GetDDnsInternetSetting();
 
         print_object(out_internet_setting);
 
-        Console.WriteLine("End: Test_GetDDnsInternetSettng");
+        Console.WriteLine("End: Test_GetDDnsInternetSetting");
         Console.WriteLine("-----");
         Console.WriteLine();
     }
 
     /// <summary>
-    /// API test for 'SetDDnsInternetSettng', Set DDNS proxy configuration
+    /// API test for 'SetDDnsInternetSetting', Set DDNS proxy configuration
     /// </summary>
-    public void Test_SetDDnsInternetSettng()
+    public void Test_SetDDnsInternetSetting()
     {
-        Console.WriteLine("Begin: Test_SetDDnsInternetSettng");
+        Console.WriteLine("Begin: Test_SetDDnsInternetSetting");
 
         VpnInternetSetting in_internet_setting = new VpnInternetSetting()
         {
@@ -3671,11 +3671,11 @@ class VPNRPCTest
             ProxyUsername_str = "neko",
             ProxyPassword_str = "dog",
         };
-        VpnInternetSetting out_internet_setting = api.SetDDnsInternetSettng(in_internet_setting);
+        VpnInternetSetting out_internet_setting = api.SetDDnsInternetSetting(in_internet_setting);
 
         print_object(out_internet_setting);
 
-        Console.WriteLine("End: Test_SetDDnsInternetSettng");
+        Console.WriteLine("End: Test_SetDDnsInternetSetting");
         Console.WriteLine("-----");
         Console.WriteLine();
     }

developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-nodejs-package/dist/sample.js

@@ -560,10 +560,10 @@ function Test_All() {
                     return [4 /*yield*/, Test_GetDDnsClientStatus()];
                 case 157:
                     _x.sent();
-                    return [4 /*yield*/, Test_SetDDnsInternetSettng()];
+                    return [4 /*yield*/, Test_SetDDnsInternetSetting()];
                 case 158:
                     _x.sent();
-                    return [4 /*yield*/, Test_GetDDnsInternetSettng()];
+                    return [4 /*yield*/, Test_GetDDnsInternetSetting()];
                 case 159:
                     _x.sent();
                     return [4 /*yield*/, Test_ChangeDDnsClientHostname()];
@@ -4047,19 +4047,19 @@ function Test_SetAzureStatus() {
         });
     });
 }
-/** API test for 'GetDDnsInternetSettng', Get DDNS proxy configuration */
-function Test_GetDDnsInternetSettng() {
+/** API test for 'GetDDnsInternetSetting', Get DDNS proxy configuration */
+function Test_GetDDnsInternetSetting() {
     return __awaiter(this, void 0, void 0, function () {
         var out_internet_setting;
         return __generator(this, function (_a) {
             switch (_a.label) {
                 case 0:
-                    console.log("Begin: Test_GetDDnsInternetSettng");
-                    return [4 /*yield*/, api.GetDDnsInternetSettng()];
+                    console.log("Begin: Test_GetDDnsInternetSetting");
+                    return [4 /*yield*/, api.GetDDnsInternetSetting()];
                 case 1:
                     out_internet_setting = _a.sent();
                     console.log(out_internet_setting);
-                    console.log("End: Test_GetDDnsInternetSettng");
+                    console.log("End: Test_GetDDnsInternetSetting");
                     console.log("-----");
                     console.log();
                     return [2 /*return*/];
@@ -4067,14 +4067,14 @@ function Test_GetDDnsInternetSettng() {
         });
     });
 }
-/** API test for 'SetDDnsInternetSettng', Set DDNS proxy configuration */
-function Test_SetDDnsInternetSettng() {
+/** API test for 'SetDDnsInternetSetting', Set DDNS proxy configuration */
+function Test_SetDDnsInternetSetting() {
     return __awaiter(this, void 0, void 0, function () {
         var in_internet_setting, out_internet_setting;
         return __generator(this, function (_a) {
             switch (_a.label) {
                 case 0:
-                    console.log("Begin: Test_SetDDnsInternetSettng");
+                    console.log("Begin: Test_SetDDnsInternetSetting");
                     in_internet_setting = new VPN.VpnInternetSetting({
                         ProxyType_u32: VPN.VpnRpcProxyType.Direct,
                         ProxyHostName_str: "1.2.3.4",
@@ -4082,11 +4082,11 @@ function Test_SetDDnsInternetSettng() {
                         ProxyUsername_str: "neko",
                         ProxyPassword_str: "dog"
                     });
-                    return [4 /*yield*/, api.SetDDnsInternetSettng(in_internet_setting)];
+                    return [4 /*yield*/, api.SetDDnsInternetSetting(in_internet_setting)];
                 case 1:
                     out_internet_setting = _a.sent();
                     console.log(out_internet_setting);
-                    console.log("End: Test_SetDDnsInternetSettng");
+                    console.log("End: Test_SetDDnsInternetSetting");
                     console.log("-----");
                     console.log();
                     return [2 /*return*/];

developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-nodejs-package/dist/vpnrpc.d.ts

@@ -278,9 +278,9 @@ export declare class VpnServerRpc {
     /** Enable / Disable VPN Azure Function. Enable or disable the VPN Azure function. VPN Azure makes it easier to establish a VPN Session from your home PC to your office PC. While a VPN connection is established, you can access to any other servers on the private network of your company. You don't need a global IP address on the office PC (VPN Server). It can work behind firewalls or NATs. No network administrator's configuration required. You can use the built-in SSTP-VPN Client of Windows in your home PC. VPN Azure is a cloud VPN service operated by SoftEther Corporation. VPN Azure is free of charge and available to anyone. Visit http://www.vpnazure.net/ to see details and how-to-use instructions. The VPN Azure hostname is same to the hostname of the Dynamic DNS setting, but altering the domain suffix to "vpnazure.net". To change the hostname use the ChangeDDnsClientHostname API. To call this API, you must have VPN Server administrator privileges. This API cannot be invoked on VPN Bridge. You cannot execute this API for Virtual Hubs of VPN Servers operating as a cluster. */
     SetAzureStatus: (in_param: VpnRpcAzureStatus) => Promise<VpnRpcAzureStatus>;
     /** Get the Proxy Settings for Connecting to the DDNS server. */
-    GetDDnsInternetSettng: () => Promise<VpnInternetSetting>;
+    GetDDnsInternetSetting: () => Promise<VpnInternetSetting>;
     /** Set the Proxy Settings for Connecting to the DDNS server. */
-    SetDDnsInternetSettng: (in_param: VpnInternetSetting) => Promise<VpnInternetSetting>;
+    SetDDnsInternetSetting: (in_param: VpnInternetSetting) => Promise<VpnInternetSetting>;
     /** Set the VPN Gate Server Configuration. This API is valid for Win32 binary distribution of the Stable Edition of SoftEther VPN Server. */
     SetVgsConfig: (in_param: VpnVgsConfig) => Promise<VpnVgsConfig>;
     /** Get the VPN Gate Server Configuration. This API is valid for Win32 binary distribution of the Stable Edition of SoftEther VPN Server. */

developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-nodejs-package/dist/vpnrpc.js

@@ -599,12 +599,12 @@ var VpnServerRpc = /** @class */ (function () {
             return _this.CallAsync("SetAzureStatus", in_param);
         };
         /** Get the Proxy Settings for Connecting to the DDNS server. */
-        this.GetDDnsInternetSettng = function () {
-            return _this.CallAsync("GetDDnsInternetSettng", new VpnInternetSetting());
+        this.GetDDnsInternetSetting = function () {
+            return _this.CallAsync("GetDDnsInternetSetting", new VpnInternetSetting());
         };
         /** Set the Proxy Settings for Connecting to the DDNS server. */
-        this.SetDDnsInternetSettng = function (in_param) {
-            return _this.CallAsync("SetDDnsInternetSettng", in_param);
+        this.SetDDnsInternetSetting = function (in_param) {
+            return _this.CallAsync("SetDDnsInternetSetting", in_param);
         };
         /** Set the VPN Gate Server Configuration. This API is valid for Win32 binary distribution of the Stable Edition of SoftEther VPN Server. */
         this.SetVgsConfig = function (in_param) {

developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-nodejs-package/package-lock.json

@@ -65,12 +65,23 @@
       }
     },
     "braces": {
-      "version": "3.0.2",
-      "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz",
-      "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==",
+      "version": "3.0.3",
+      "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz",
+      "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==",
       "dev": true,
       "requires": {
-        "fill-range": "^7.0.1"
+        "fill-range": "^7.1.1"
+      },
+      "dependencies": {
+        "fill-range": {
+          "version": "7.1.1",
+          "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz",
+          "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==",
+          "dev": true,
+          "requires": {
+            "to-regex-range": "^5.0.1"
+          }
+        }
       }
     },
     "builtin-modules": {
@@ -151,15 +162,6 @@
       "integrity": "sha1-Cr9PHKpbyx96nYrMbepPqqBLrJs=",
       "dev": true
     },
-    "fill-range": {
-      "version": "7.0.1",
-      "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz",
-      "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==",
-      "dev": true,
-      "requires": {
-        "to-regex-range": "^5.0.1"
-      }
-    },
     "fs.realpath": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz",

developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-nodejs-package/src/sample.ts

@@ -2,13 +2,13 @@
 // Runs on both web browsers and Node.js
 // 
 // sample.ts
-// Automatically generated at 2019-07-10 14:36:11 by vpnserver-jsonrpc-codegen
+// Automatically generated at 2023-05-10 14:43:37 by vpnserver-jsonrpc-codegen
 // 
 // This sample code shows how to call all available RPC functions.
 // You can copy and paste test code to write your own web browser TypeScript / JavaScript codes.
 //
 // Licensed under the Apache License 2.0
-// Copyright (c) 2014-2019 SoftEther VPN Project
+// Copyright (c) 2014-2023 SoftEther VPN Project
 
 // On the web browser uncomment below imports as necessary to support old browsers.
 // import "core-js/es6/promise";
@@ -216,8 +216,8 @@ async function Test_All(): Promise<void>
     await Test_SetOpenVpnSstpConfig();
     await Test_GetOpenVpnSstpConfig();
     await Test_GetDDnsClientStatus();
-    await Test_SetDDnsInternetSettng();
-    await Test_GetDDnsInternetSettng();
+    await Test_SetDDnsInternetSetting();
+    await Test_GetDDnsInternetSetting();
     await Test_ChangeDDnsClientHostname();
     await Test_RegenerateServerCert();
     await Test_MakeOpenVpnConfigFile();
@@ -2624,21 +2624,21 @@ async function Test_SetAzureStatus(): Promise<void>
     console.log();
 }
 
-/** API test for 'GetDDnsInternetSettng', Get DDNS proxy configuration */
-async function Test_GetDDnsInternetSettng(): Promise<void>
+/** API test for 'GetDDnsInternetSetting', Get DDNS proxy configuration */
+async function Test_GetDDnsInternetSetting(): Promise<void>
 {
-    console.log("Begin: Test_GetDDnsInternetSettng");
-    let out_internet_setting: VPN.VpnInternetSetting = await api.GetDDnsInternetSettng();
+    console.log("Begin: Test_GetDDnsInternetSetting");
+    let out_internet_setting: VPN.VpnInternetSetting = await api.GetDDnsInternetSetting();
     console.log(out_internet_setting);
-    console.log("End: Test_GetDDnsInternetSettng");
+    console.log("End: Test_GetDDnsInternetSetting");
     console.log("-----");
     console.log();
 }
 
-/** API test for 'SetDDnsInternetSettng', Set DDNS proxy configuration */
-async function Test_SetDDnsInternetSettng(): Promise<void>
+/** API test for 'SetDDnsInternetSetting', Set DDNS proxy configuration */
+async function Test_SetDDnsInternetSetting(): Promise<void>
 {
-    console.log("Begin: Test_SetDDnsInternetSettng");
+    console.log("Begin: Test_SetDDnsInternetSetting");
     let in_internet_setting: VPN.VpnInternetSetting = new VPN.VpnInternetSetting(
     {
         ProxyType_u32: VPN.VpnRpcProxyType.Direct,
@@ -2647,9 +2647,9 @@ async function Test_SetDDnsInternetSettng(): Promise<void>
         ProxyUsername_str: "neko",
         ProxyPassword_str: "dog",
     });
-    let out_internet_setting: VPN.VpnInternetSetting = await api.SetDDnsInternetSettng(in_internet_setting);
+    let out_internet_setting: VPN.VpnInternetSetting = await api.SetDDnsInternetSetting(in_internet_setting);
     console.log(out_internet_setting);
-    console.log("End: Test_SetDDnsInternetSettng");
+    console.log("End: Test_SetDDnsInternetSetting");
     console.log("-----");
     console.log();
 }

developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-nodejs-package/src/vpnrpc.ts

@@ -1,10 +1,10 @@
 // SoftEther VPN Server JSON-RPC Stub code for TypeScript
 // 
 // vpnrpc.ts
-// Automatically generated at 2019-07-10 14:36:11 by vpnserver-jsonrpc-codegen
+// Automatically generated at 2023-05-10 14:43:37 by vpnserver-jsonrpc-codegen
 //
 // Licensed under the Apache License 2.0
-// Copyright (c) 2014-2019 SoftEther VPN Project
+// Copyright (c) 2014-2023 SoftEther VPN Project
 
 
 // Trivial utility codes
@@ -856,15 +856,15 @@ export class VpnServerRpc
     }
     
     /** Get the Proxy Settings for Connecting to the DDNS server. */
-    public GetDDnsInternetSettng = (): Promise<VpnInternetSetting> =>
+    public GetDDnsInternetSetting = (): Promise<VpnInternetSetting> =>
     {
-        return this.CallAsync<VpnInternetSetting>("GetDDnsInternetSettng", new VpnInternetSetting());
+        return this.CallAsync<VpnInternetSetting>("GetDDnsInternetSetting", new VpnInternetSetting());
     }
     
     /** Set the Proxy Settings for Connecting to the DDNS server. */
-    public SetDDnsInternetSettng = (in_param: VpnInternetSetting): Promise<VpnInternetSetting> =>
+    public SetDDnsInternetSetting = (in_param: VpnInternetSetting): Promise<VpnInternetSetting> =>
     {
-        return this.CallAsync<VpnInternetSetting>("SetDDnsInternetSettng", in_param);
+        return this.CallAsync<VpnInternetSetting>("SetDDnsInternetSetting", in_param);
     }
     
     /** Set the VPN Gate Server Configuration. This API is valid for Win32 binary distribution of the Stable Edition of SoftEther VPN Server. */

developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-typescript/sample.ts

@@ -2,13 +2,13 @@
 // Runs on both web browsers and Node.js
 // 
 // sample.ts
-// Automatically generated at 2019-07-10 14:36:11 by vpnserver-jsonrpc-codegen
+// Automatically generated at 2023-05-10 14:43:37 by vpnserver-jsonrpc-codegen
 // 
 // This sample code shows how to call all available RPC functions.
 // You can copy and paste test code to write your own web browser TypeScript / JavaScript codes.
 //
 // Licensed under the Apache License 2.0
-// Copyright (c) 2014-2019 SoftEther VPN Project
+// Copyright (c) 2014-2023 SoftEther VPN Project
 
 // On the web browser uncomment below imports as necessary to support old browsers.
 // import "core-js/es6/promise";
@@ -216,8 +216,8 @@ async function Test_All(): Promise<void>
     await Test_SetOpenVpnSstpConfig();
     await Test_GetOpenVpnSstpConfig();
     await Test_GetDDnsClientStatus();
-    await Test_SetDDnsInternetSettng();
-    await Test_GetDDnsInternetSettng();
+    await Test_SetDDnsInternetSetting();
+    await Test_GetDDnsInternetSetting();
     await Test_ChangeDDnsClientHostname();
     await Test_RegenerateServerCert();
     await Test_MakeOpenVpnConfigFile();
@@ -2624,21 +2624,21 @@ async function Test_SetAzureStatus(): Promise<void>
     console.log();
 }
 
-/** API test for 'GetDDnsInternetSettng', Get DDNS proxy configuration */
-async function Test_GetDDnsInternetSettng(): Promise<void>
+/** API test for 'GetDDnsInternetSetting', Get DDNS proxy configuration */
+async function Test_GetDDnsInternetSetting(): Promise<void>
 {
-    console.log("Begin: Test_GetDDnsInternetSettng");
-    let out_internet_setting: VPN.VpnInternetSetting = await api.GetDDnsInternetSettng();
+    console.log("Begin: Test_GetDDnsInternetSetting");
+    let out_internet_setting: VPN.VpnInternetSetting = await api.GetDDnsInternetSetting();
     console.log(out_internet_setting);
-    console.log("End: Test_GetDDnsInternetSettng");
+    console.log("End: Test_GetDDnsInternetSetting");
     console.log("-----");
     console.log();
 }
 
-/** API test for 'SetDDnsInternetSettng', Set DDNS proxy configuration */
-async function Test_SetDDnsInternetSettng(): Promise<void>
+/** API test for 'SetDDnsInternetSetting', Set DDNS proxy configuration */
+async function Test_SetDDnsInternetSetting(): Promise<void>
 {
-    console.log("Begin: Test_SetDDnsInternetSettng");
+    console.log("Begin: Test_SetDDnsInternetSetting");
     let in_internet_setting: VPN.VpnInternetSetting = new VPN.VpnInternetSetting(
     {
         ProxyType_u32: VPN.VpnRpcProxyType.Direct,
@@ -2647,9 +2647,9 @@ async function Test_SetDDnsInternetSettng(): Promise<void>
         ProxyUsername_str: "neko",
         ProxyPassword_str: "dog",
     });
-    let out_internet_setting: VPN.VpnInternetSetting = await api.SetDDnsInternetSettng(in_internet_setting);
+    let out_internet_setting: VPN.VpnInternetSetting = await api.SetDDnsInternetSetting(in_internet_setting);
     console.log(out_internet_setting);
-    console.log("End: Test_SetDDnsInternetSettng");
+    console.log("End: Test_SetDDnsInternetSetting");
     console.log("-----");
     console.log();
 }

developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-typescript/vpnrpc.ts

@@ -1,10 +1,10 @@
 // SoftEther VPN Server JSON-RPC Stub code for TypeScript
 // 
 // vpnrpc.ts
-// Automatically generated at 2019-07-10 14:36:11 by vpnserver-jsonrpc-codegen
+// Automatically generated at 2023-05-10 14:43:37 by vpnserver-jsonrpc-codegen
 //
 // Licensed under the Apache License 2.0
-// Copyright (c) 2014-2019 SoftEther VPN Project
+// Copyright (c) 2014-2023 SoftEther VPN Project
 
 
 // Trivial utility codes
@@ -856,15 +856,15 @@ export class VpnServerRpc
     }
     
     /** Get the Proxy Settings for Connecting to the DDNS server. */
-    public GetDDnsInternetSettng = (): Promise<VpnInternetSetting> =>
+    public GetDDnsInternetSetting = (): Promise<VpnInternetSetting> =>
     {
-        return this.CallAsync<VpnInternetSetting>("GetDDnsInternetSettng", new VpnInternetSetting());
+        return this.CallAsync<VpnInternetSetting>("GetDDnsInternetSetting", new VpnInternetSetting());
     }
     
     /** Set the Proxy Settings for Connecting to the DDNS server. */
-    public SetDDnsInternetSettng = (in_param: VpnInternetSetting): Promise<VpnInternetSetting> =>
+    public SetDDnsInternetSetting = (in_param: VpnInternetSetting): Promise<VpnInternetSetting> =>
     {
-        return this.CallAsync<VpnInternetSetting>("SetDDnsInternetSettng", in_param);
+        return this.CallAsync<VpnInternetSetting>("SetDDnsInternetSetting", in_param);
     }
     
     /** Set the VPN Gate Server Configuration. This API is valid for Win32 binary distribution of the Stable Edition of SoftEther VPN Server. */

developer_tools/vpnserver-jsonrpc-codegen/VpnServerRpc/VPNServerRpc.cs

@@ -1357,22 +1357,22 @@ namespace SoftEther.VPNServerRpc
         /// <summary>
         /// Get the Proxy Settings for Connecting to the DDNS server (Async mode).
         /// </summary>
-        public async Task<VpnInternetSetting> GetDDnsInternetSettngAsync() => await CallAsync<VpnInternetSetting>("GetDDnsInternetSettng", new VpnInternetSetting());
+        public async Task<VpnInternetSetting> GetDDnsInternetSettingAsync() => await CallAsync<VpnInternetSetting>("GetDDnsInternetSetting", new VpnInternetSetting());
 
         /// <summary>
         /// Get the Proxy Settings for Connecting to the DDNS server (Async mode).
         /// </summary>
-        public VpnInternetSetting GetDDnsInternetSettng() => GetDDnsInternetSettngAsync().Result;
+        public VpnInternetSetting GetDDnsInternetSetting() => GetDDnsInternetSettingAsync().Result;
 
         /// <summary>
         /// Set the Proxy Settings for Connecting to the DDNS server (Async mode).
         /// </summary>
-        public async Task<VpnInternetSetting> SetDDnsInternetSettngAsync(VpnInternetSetting input_param) => await CallAsync<VpnInternetSetting>("SetDDnsInternetSettng", input_param);
+        public async Task<VpnInternetSetting> SetDDnsInternetSettingAsync(VpnInternetSetting input_param) => await CallAsync<VpnInternetSetting>("SetDDnsInternetSetting", input_param);
 
         /// <summary>
         /// Set the Proxy Settings for Connecting to the DDNS server (Sync mode).
         /// </summary>
-        public VpnInternetSetting SetDDnsInternetSettng(VpnInternetSetting input_param) => SetDDnsInternetSettngAsync(input_param).Result;
+        public VpnInternetSetting SetDDnsInternetSetting(VpnInternetSetting input_param) => SetDDnsInternetSettingAsync(input_param).Result;
 
         /// <summary>
         /// Set the VPN Gate Server Configuration (Async mode). This API is valid for Win32 binary distribution of the Stable Edition of SoftEther VPN Server.

developer_tools/vpnserver-jsonrpc-codegen/VpnServerRpcTest/VpnServerRpcTest.cs

@@ -255,8 +255,8 @@ class VPNRPCTest
         Test_GetOpenVpnSstpConfig();
 
         Test_GetDDnsClientStatus();
-        Test_SetDDnsInternetSettng();
-        Test_GetDDnsInternetSettng();
+        Test_SetDDnsInternetSetting();
+        Test_GetDDnsInternetSetting();
 
         Test_ChangeDDnsClientHostname();
         Test_RegenerateServerCert();
@@ -3641,27 +3641,27 @@ class VPNRPCTest
     }
 
     /// <summary>
-    /// API test for 'GetDDnsInternetSettng', Get DDNS proxy configuration
+    /// API test for 'GetDDnsInternetSetting', Get DDNS proxy configuration
     /// </summary>
-    public void Test_GetDDnsInternetSettng()
+    public void Test_GetDDnsInternetSetting()
     {
-        Console.WriteLine("Begin: Test_GetDDnsInternetSettng");
+        Console.WriteLine("Begin: Test_GetDDnsInternetSetting");
 
-        VpnInternetSetting out_internet_setting = api.GetDDnsInternetSettng();
+        VpnInternetSetting out_internet_setting = api.GetDDnsInternetSetting();
 
         print_object(out_internet_setting);
 
-        Console.WriteLine("End: Test_GetDDnsInternetSettng");
+        Console.WriteLine("End: Test_GetDDnsInternetSetting");
         Console.WriteLine("-----");
         Console.WriteLine();
     }
 
     /// <summary>
-    /// API test for 'SetDDnsInternetSettng', Set DDNS proxy configuration
+    /// API test for 'SetDDnsInternetSetting', Set DDNS proxy configuration
     /// </summary>
-    public void Test_SetDDnsInternetSettng()
+    public void Test_SetDDnsInternetSetting()
     {
-        Console.WriteLine("Begin: Test_SetDDnsInternetSettng");
+        Console.WriteLine("Begin: Test_SetDDnsInternetSetting");
 
         VpnInternetSetting in_internet_setting = new VpnInternetSetting()
         {
@@ -3671,11 +3671,11 @@ class VPNRPCTest
             ProxyUsername_str = "neko",
             ProxyPassword_str = "dog",
         };
-        VpnInternetSetting out_internet_setting = api.SetDDnsInternetSettng(in_internet_setting);
+        VpnInternetSetting out_internet_setting = api.SetDDnsInternetSetting(in_internet_setting);
 
         print_object(out_internet_setting);
 
-        Console.WriteLine("End: Test_SetDDnsInternetSettng");
+        Console.WriteLine("End: Test_SetDDnsInternetSetting");
         Console.WriteLine("-----");
         Console.WriteLine();
     }

docker-compose.vpnclient.yaml

@@ -0,0 +1,16 @@
+version: '3'
+
+services:
+  softether:
+    image: softethervpn/vpnclient:latest
+    devices:
+      - /dev/net/tun:/dev/net/tun
+    cap_add:
+      - NET_ADMIN
+    restart: always
+    volumes:
+      - "/etc/localtime:/etc/localtime:ro"
+      - "/etc/timezone:/etc/timezone:ro"
+      - "./softether_data:/var/lib/softether"
+      - "./softether_log:/var/log/softether"
+      # - "./adminip.txt:/var/lib/softether/adminip.txt:ro"

docker-compose.yaml

@@ -0,0 +1,22 @@
+services:
+  softether:
+    image: softethervpn/vpnserver:latest
+    hostname: softethervpnserver
+    cap_add:
+      - NET_ADMIN
+    restart: always
+    ports:
+      #- 53:53         #DNS tunneling
+      - 443:443         #Management and HTTPS tunneling
+      - 992:992         #HTTPS tunneling
+      #- 1194:1194/udp #OpenVPN 
+      #- 5555:5555       #HTTPS tunneling
+      #- 500:500/udp   #IPsec/L2TP
+      #- 4500:4500/udp #IPsec/L2TP
+      #- 1701:1701/udp #IPsec/L2TP
+    volumes:
+      - "/etc/localtime:/etc/localtime:ro"
+      - "/etc/timezone:/etc/timezone:ro"
+      - "./softether_data:/var/lib/softether"
+      - "./softether_log:/var/log/softether"
+      # - "./adminip.txt:/var/lib/softether/adminip.txt:ro"

src/BUILD_WINDOWS.md

@@ -88,6 +88,10 @@ into it. So that is what will be described below.
 
      Cross compile x86 executables with 64-bit compiler
     
+    - arm64-on-x64
+
+     Cross compile arm64 executables with x64t compiler
+
    On 64-bit Windows, all four configurations can be used. 32-bit platforms can only use 32-bit compiler.
 
 1. Visual Studio will try generating CMake cache. If not, click **Project -> Configure Cache** or **Generate Cache**.

src/BUILD_WinArm64.md

@@ -0,0 +1,52 @@
+# How to build and install SoftEther VPN on Windows ARM64
+
+This document describes how to build SoftEther VPN for Windows ARM64 and how to install the VPN Client and Neo6 virtual network adapter on Windows on ARM devices.
+
+
+## Requirements
+
+
+- Build host: Windows x64
+
+- Target device: Windows 10 / Windows 11 ARM64
+
+
+## Building 
+ 
+    **Notes before building**: ARM64 builds are cross-compiled from an x64 Windows host. An existing x64-native build is required to generate hamcore.se2.
+1. Follow [BUILD_WINDOWS.md](BUILD_WINDOWS.md##Building)
+
+1. Build x64 (Native): From the build menu, select x64-on-x64. Complete the build successfully. This build is required to generate shared resources
+
+1. Build ARM64 (Cross-Compiled): From the same build menu, select arm64-on-x64. 
+Build the ARM64 version of SoftEther VPN.
+
+1. Building the Neo6 Virtual Network Adapter (ARM64)
+
+    Open the following project in Visual Studio:
+    ```
+    .\src\Neo6\Neo6.vcxproj 
+    ```
+   
+    SoftEther VPN Client uses the Neo6 virtual network adapter.
+
+
+    Driver Output Files
+    The ARM64 driver package includes:
+    ```
+    Neo6_arm64_VPN.sys
+    Neo6_arm64_VPN.inf
+    ```
+    Driver Signing and Installation (Windows ARM64)
+    ```
+    Enable test-signing mode: bcdedit /set testsigning on
+    Reboot the system.
+    Testing signing:
+    Install the Neo6 ARM64 driver.
+    ```
+# Summary
+
+SoftEther VPN can be cross-compiled for Windows ARM64 on an x64 host
+VPN Client works natively on Windows on ARM
+Neo6 ARM64 driver requires Microsoft signing for production use
+Test-signing is suitable for local development only

src/CMakeLists.txt

@@ -1,4 +1,4 @@
-if(UNIX)
+if(UNIX)
   # Creates wrapper scripts and installs them in the user's binaries directory, which is usually "/usr/local/bin".
   # This is required because symlinks use the folder they are in as working directory.
   #
@@ -59,6 +59,12 @@ add_definitions(-D_REENTRANT -DREENTRANT -D_THREAD_SAFE -D_THREADSAFE -DTHREAD_S
 include_directories(.)
 
 if(WIN32)
+  if(IS_CROSS_COMPILATION MATCHES "arm64-on-x64")
+    set(CMAKE_SYSTEM_PROCESSOR "arm64")
+  else()
+    message("Setting QSPECTRE")
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /Qspectre")
+  endif()
   add_definitions(-DWIN32 -D_WINDOWS -DOS_WIN32 -D_CRT_SECURE_NO_WARNINGS)
 
   #
@@ -69,9 +75,6 @@ if(WIN32)
   set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /guard:cf")
   set(CMAKE_EXE_LINKER_FLAGS  "${CMAKE_EXE_LINKER_FLAGS} /guard:cf /DYNAMICBASE")
 
-  message("Setting QSPECTRE")
-  set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /Qspectre")
-
   message("Setting CETCOMPAT")
   set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} /CETCOMPAT")
 
@@ -127,6 +130,9 @@ if(UNIX)
   if(SE_PIDDIR)
     add_definitions(-DSE_PIDDIR="${SE_PIDDIR}")
   endif()
+
+  # Use system libraries instead of bundled
+  set(USE_SYSTEM_CPU_FEATURES false CACHE BOOL "Use system cpu_features")
 endif()
 
 # Cedar communication module
@@ -161,15 +167,45 @@ add_custom_target(hamcore-archive-build
   ALL
   DEPENDS "${BUILD_DIRECTORY}/hamcore.se2"
 )
+if(IS_CROSS_COMPILATION MATCHES "arm64-on-x64")
+    file(TO_CMAKE_PATH "${TOP_DIRECTORY}" TOP_DIRECTORY_NORM)
+    set(X64_HAMCORE_BUILDER
+      "${TOP_DIRECTORY_NORM}/out/build/x64-native/src/hamcorebuilder/hamcorebuilder.exe"
+    )
+    if(EXISTS "${X64_HAMCORE_BUILDER}")
+      message(STATUS "file exist (from TOP_DIRECTORY)")
+    endif()
 
-add_custom_command(
-  COMMENT "Building hamcore.se2 archive file..."
-  COMMAND hamcorebuilder "hamcore.se2" "${TOP_DIRECTORY}/src/bin/hamcore"
-  DEPENDS hamcorebuilder "${TOP_DIRECTORY}/src/bin/hamcore/"
-  OUTPUT "${BUILD_DIRECTORY}/hamcore.se2"
-  WORKING_DIRECTORY "${BUILD_DIRECTORY}"
-  VERBATIM
-)
+  # support cross compile, when you compile ARM64 version on X64 Platform
+  if(EXISTS "${X64_HAMCORE_BUILDER}")
+    message("X64_HAMCORE_BUILDER found: ${X64_HAMCORE_BUILDER}")
+  elseif(EXISTS("${TOP_DIRECTORY}/out/build/x64-native/src/hamcorebuilder/hamcorebuilder.exe"))
+    set(X64_HAMCORE_BUILDER "${TOP_DIRECTORY}/out/build/x64-native/src/hamcorebuilder/hamcorebuilder.exe")
+  else()
+	message("${TOP_DIRECTORY}/out/build/x64-native/src/hamcorebuilder/hamcorebuilder.exe")
+    message(FATAL_ERROR "X64_HAMCORE_BUILDER not found: ${X64_HAMCORE_BUILDER}, pls build x64-native version first")
+  endif()
+  message(STATUS "X64_HAMCORE_BUILDER = ${X64_HAMCORE_BUILDER}")
+
+  add_custom_command(
+    COMMENT "Building hamcore.se2 archive file..."
+    COMMAND ${X64_HAMCORE_BUILDER} "hamcore.se2" "${TOP_DIRECTORY}/src/bin/hamcore"
+    DEPENDS ${X64_HAMCORE_BUILDER} "${TOP_DIRECTORY}/src/bin/hamcore/"
+    OUTPUT "${BUILD_DIRECTORY}/hamcore.se2"
+    WORKING_DIRECTORY "${BUILD_DIRECTORY}"
+    VERBATIM
+  )
+
+else()
+  add_custom_command(
+      COMMENT "Building hamcore.se2 archive file..."
+      COMMAND hamcorebuilder "hamcore.se2" "${TOP_DIRECTORY}/src/bin/hamcore"
+      DEPENDS hamcorebuilder "${TOP_DIRECTORY}/src/bin/hamcore/"
+      OUTPUT "${BUILD_DIRECTORY}/hamcore.se2"
+      WORKING_DIRECTORY "${BUILD_DIRECTORY}"
+      VERBATIM
+  )
+endif()
 
 if(WIN32)
   # PenCore

src/Cedar/Admin.c

@@ -1636,8 +1636,8 @@ PACK *AdminDispatch(RPC *rpc, char *name, PACK *p)
 	DECLARE_RPC("GetSpecialListener", RPC_SPECIAL_LISTENER, StGetSpecialListener, InRpcSpecialListener, OutRpcSpecialListener)
 	DECLARE_RPC("GetAzureStatus", RPC_AZURE_STATUS, StGetAzureStatus, InRpcAzureStatus, OutRpcAzureStatus)
 	DECLARE_RPC("SetAzureStatus", RPC_AZURE_STATUS, StSetAzureStatus, InRpcAzureStatus, OutRpcAzureStatus)
-	DECLARE_RPC("GetDDnsInternetSettng", INTERNET_SETTING, StGetDDnsInternetSetting, InRpcInternetSetting, OutRpcInternetSetting)
-	DECLARE_RPC("SetDDnsInternetSettng", INTERNET_SETTING, StSetDDnsInternetSetting, InRpcInternetSetting, OutRpcInternetSetting)
+	DECLARE_RPC("GetDDnsInternetSetting", INTERNET_SETTING, StGetDDnsInternetSetting, InRpcInternetSetting, OutRpcInternetSetting)
+	DECLARE_RPC("SetDDnsInternetSetting", INTERNET_SETTING, StSetDDnsInternetSetting, InRpcInternetSetting, OutRpcInternetSetting)
 	// RPC function declaration: till here
 
 
@@ -1823,8 +1823,8 @@ DECLARE_SC("SetSpecialListener", RPC_SPECIAL_LISTENER, ScSetSpecialListener, InR
 DECLARE_SC("GetSpecialListener", RPC_SPECIAL_LISTENER, ScGetSpecialListener, InRpcSpecialListener, OutRpcSpecialListener)
 DECLARE_SC("GetAzureStatus", RPC_AZURE_STATUS, ScGetAzureStatus, InRpcAzureStatus, OutRpcAzureStatus)
 DECLARE_SC("SetAzureStatus", RPC_AZURE_STATUS, ScSetAzureStatus, InRpcAzureStatus, OutRpcAzureStatus)
-DECLARE_SC("GetDDnsInternetSettng", INTERNET_SETTING, ScGetDDnsInternetSetting, InRpcInternetSetting, OutRpcInternetSetting)
-DECLARE_SC("SetDDnsInternetSettng", INTERNET_SETTING, ScSetDDnsInternetSetting, InRpcInternetSetting, OutRpcInternetSetting)
+DECLARE_SC("GetDDnsInternetSetting", INTERNET_SETTING, ScGetDDnsInternetSetting, InRpcInternetSetting, OutRpcInternetSetting)
+DECLARE_SC("SetDDnsInternetSetting", INTERNET_SETTING, ScSetDDnsInternetSetting, InRpcInternetSetting, OutRpcInternetSetting)
 // RPC call function declaration: till here
 
 // Setting VPN Gate Server Configuration
@@ -8739,7 +8739,7 @@ UINT StSetHubRadius(ADMIN *a, RPC_RADIUS *t)
 	}
 
 	//SetRadiusServer(h, t->RadiusServerName, t->RadiusPort, t->RadiusSecret);
-	SetRadiusServerEx(h, t->RadiusServerName, t->RadiusPort, t->RadiusSecret, t->RadiusRetryInterval);
+	SetRadiusServerEx2(h, t->RadiusServerName, t->RadiusPort, t->RadiusSecret, t->RadiusRetryInterval, t->RadiusRetryTimeout);
 
 	ALog(a, h, "LA_SET_HUB_RADIUS");
 
@@ -8778,8 +8778,8 @@ UINT StGetHubRadius(ADMIN *a, RPC_RADIUS *t)
 	Zero(t, sizeof(RPC_RADIUS));
 	//GetRadiusServer(h, t->RadiusServerName, sizeof(t->RadiusServerName),
 	//	&t->RadiusPort, t->RadiusSecret, sizeof(t->RadiusSecret));
-	GetRadiusServerEx(h, t->RadiusServerName, sizeof(t->RadiusServerName),
-		&t->RadiusPort, t->RadiusSecret, sizeof(t->RadiusSecret), &t->RadiusRetryInterval);
+	GetRadiusServerEx2(h, t->RadiusServerName, sizeof(t->RadiusServerName),
+		&t->RadiusPort, t->RadiusSecret, sizeof(t->RadiusSecret), &t->RadiusRetryInterval, &t->RadiusRetryTimeout);
 
 	ReleaseHub(h);
 
@@ -13031,6 +13031,7 @@ void InRpcRadius(RPC_RADIUS *t, PACK *p)
 	PackGetStr(p, "HubName", t->HubName, sizeof(t->HubName));
 	PackGetStr(p, "RadiusSecret", t->RadiusSecret, sizeof(t->RadiusSecret));
 	t->RadiusRetryInterval = PackGetInt(p, "RadiusRetryInterval");
+	t->RadiusRetryTimeout = PackGetInt(p, "RadiusRetryTimeout");
 }
 void OutRpcRadius(PACK *p, RPC_RADIUS *t)
 {
@@ -13045,6 +13046,7 @@ void OutRpcRadius(PACK *p, RPC_RADIUS *t)
 	PackAddStr(p, "HubName", t->HubName);
 	PackAddStr(p, "RadiusSecret", t->RadiusSecret);
 	PackAddInt(p, "RadiusRetryInterval", t->RadiusRetryInterval);
+	PackAddInt(p, "RadiusRetryTimeout", t->RadiusRetryTimeout);
 }
 
 // RPC_HUB

src/Cedar/Admin.h

@@ -259,6 +259,7 @@ struct RPC_RADIUS
 	UINT RadiusPort;					// Radius port number
 	char RadiusSecret[MAX_PASSWORD_LEN + 1];	// Secret key
 	UINT RadiusRetryInterval;			// Radius retry interval
+	UINT RadiusRetryTimeout;			// Radius retry timeout
 };
 
 // Specify the HUB

src/Cedar/BridgeUnix.c

@@ -805,7 +805,12 @@ bool EthIsChangeMtuSupported(ETH *e)
 		return false;
 	}
 
+// FreeBSD seriously dislikes MTU changes; disable if compiled on that platform
+#ifndef	__FreeBSD__
 	return true;
+#else
+	return false;
+#endif
 #else	// defined(UNIX_LINUX) || defined(UNIX_BSD) || defined(UNIX_SOLARIS)
 	return false;
 #endif	// defined(UNIX_LINUX) || defined(UNIX_BSD) || defined(UNIX_SOLARIS)

src/Cedar/CMakeLists.txt

@@ -12,6 +12,15 @@ else()
   add_library(cedar SHARED ${SOURCES_CEDAR} ${SOURCES_CEDAR_CPP} ${HEADERS_CEDAR})
 endif()
 
+if(MSVC)
+  target_compile_options(cedar PRIVATE /EHsc)
+elseif(CMAKE_CXX_COMPILER_ID STREQUAL "Clang")
+  if(CMAKE_CXX_COMPILER_FRONTEND_VARIANT STREQUAL "MSVC")
+    target_compile_options(cedar PRIVATE /EHsc)
+  else()
+    target_compile_options(cedar PRIVATE -fexceptions)
+  endif()
+endif()
 set_target_properties(cedar
   PROPERTIES
   ARCHIVE_OUTPUT_DIRECTORY "${BUILD_DIRECTORY}"
@@ -22,19 +31,22 @@ set_target_properties(cedar
 target_link_libraries(cedar PUBLIC mayaqua)
 
 cmake_host_system_information(RESULT HAS_SSE2 QUERY HAS_SSE2)
-
-set(BLAKE2_SRC_PATH $<IF:$<BOOL:${HAS_SSE2}>,${TOP_DIRECTORY}/3rdparty/BLAKE2/sse,${TOP_DIRECTORY}/3rdparty/BLAKE2/ref>)
-set(BLAKE2_SRC $<IF:$<BOOL:${HAS_SSE2}>,${BLAKE2_SRC_PATH}/blake2s.c,${BLAKE2_SRC_PATH}/blake2s-ref.c>)
-
+if(CMAKE_SYSTEM_PROCESSOR MATCHES "arm64|aarch64|arm64v8|ARM64")
+  message(STATUS "Target architecture is ARM64")
+  set(BLAKE2_SRC_PATH "${TOP_DIRECTORY}/3rdparty/BLAKE2/neon")
+  set(BLAKE2_SRC "${BLAKE2_SRC_PATH}/blake2s-neon.c")
+else()
+  set(BLAKE2_SRC_PATH $<IF:$<BOOL:${HAS_SSE2}>,${TOP_DIRECTORY}/3rdparty/BLAKE2/sse,${TOP_DIRECTORY}/3rdparty/BLAKE2/ref>)
+  set(BLAKE2_SRC $<IF:$<BOOL:${HAS_SSE2}>,${BLAKE2_SRC_PATH}/blake2s.c,${BLAKE2_SRC_PATH}/blake2s-ref.c>)
+  if(HAS_SSE2)
+    # If SSE2 is enabled, a build failure occurs with MSVC because it doesn't define "__SSE2__".
+    # The fix consists in defining "HAVE_SSE2" manually, effectively overriding the check.
+    set_property(SOURCE ${BLAKE2_SRC} PROPERTY COMPILE_DEFINITIONS "HAVE_SSE2")
+  endif()
+endif()
 target_include_directories(cedar PUBLIC ${BLAKE2_SRC_PATH})
 target_sources(cedar PRIVATE ${BLAKE2_SRC})
 
-if(HAS_SSE2)
-  # If SSE2 is enabled, a build failure occurs with MSVC because it doesn't define "__SSE2__".
-  # The fix consists in defining "HAVE_SSE2" manually, effectively overriding the check.
-  set_property(SOURCE ${BLAKE2_SRC} PROPERTY COMPILE_DEFINITIONS "HAVE_SSE2")
-endif()
-
 if(VCPKG_TARGET_TRIPLET)
   find_package(unofficial-sodium CONFIG REQUIRED)
   target_link_libraries(cedar PUBLIC unofficial-sodium::sodium)

src/Cedar/Command.c

@@ -99,6 +99,8 @@ void CheckNetworkAcceptThread(THREAD *thread, void *param)
 
 	Disconnect(s);
 	ReleaseSock(s);
+
+	Free(c);
 }
 
 
@@ -155,15 +157,15 @@ void CheckNetworkListenThread(THREAD *thread, void *param)
 		}
 		else
 		{
-			CHECK_NETWORK_2 c;
+			CHECK_NETWORK_2 *c;
 			THREAD *t;
 
-			Zero(&c, sizeof(c));
-			c.s = new_sock;
-			c.k = pri;
-			c.x = x;
+			c = ZeroMalloc(sizeof(CHECK_NETWORK_2));
+			c->s = new_sock;
+			c->k = pri;
+			c->x = x;
 
-			t = NewThread(CheckNetworkAcceptThread, &c);
+			t = NewThread(CheckNetworkAcceptThread, c);
 			Insert(o, t);
 		}
 	}
@@ -11789,6 +11791,9 @@ UINT PsRadiusServerSet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
 		{"[server_name:port]", CmdPrompt, _UU("CMD_RadiusServerSet_Prompt_Host"), CmdEvalNotEmpty, NULL},
 		{"SECRET", CmdPromptChoosePassword, _UU("CMD_RadiusServerSet_Prompt_Secret"), NULL, NULL},
 		{"RETRY_INTERVAL", CmdPrompt, _UU("CMD_RadiusServerSet_Prompt_RetryInterval"), CmdEvalMinMax, &minmax},
+		
+		// Support for setting timeout through commandline not added
+		// {"RETRY_TIMEOUT", CmdPrompt, _UU("CMD_RadiusServerSet_Prompt_RetryTimeout"), CmdEvalMinMax, &minmax},
 	};
 
 	// If virtual HUB is not selected, it's an error
@@ -11813,6 +11818,7 @@ UINT PsRadiusServerSet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
 		StrCpy(t.RadiusServerName, sizeof(t.RadiusServerName), host);
 		StrCpy(t.RadiusSecret, sizeof(t.RadiusSecret), GetParamStr(o, "SECRET"));
 		t.RadiusRetryInterval = GetParamInt(o, "RETRY_INTERVAL");
+		// t.RadiusRetryTimeout = GetParamInt(o, "RETRY_TIMEOUT");
 
 		Free(host);
 
@@ -11936,6 +11942,9 @@ UINT PsRadiusServerGet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
 
 			UniToStri(tmp, t.RadiusRetryInterval);
 			CtInsert(ct, _UU("CMD_RadiusServerGet_RetryInterval"), tmp);
+
+			UniToStri(tmp, t.RadiusRetryTimeout);
+			CtInsert(ct, _UU("CMD_RadiusServerGet_RetryTimeout"), tmp);
 		}
 
 		CtFree(ct, c);

src/Cedar/Console.c

@@ -1938,6 +1938,7 @@ bool PasswordPrompt(char *password, UINT size)
 		c = _getch();
 #else	// OS_WIN32
 		c = getc(stdin);
+PROCESS_CH:
 #endif	// OS_WIN32
 
 		if (c >= 0x20 && c <= 0x7E)
@@ -1952,6 +1953,7 @@ bool PasswordPrompt(char *password, UINT size)
 		else if (c == 0x03)
 		{
 			// Break
+			RestoreConsole(console);
 			exit(0);
 		}
 		else if (c == 0x04 || c == 0x1a || c == 0x0D || c==0x0A)
@@ -1977,7 +1979,47 @@ bool PasswordPrompt(char *password, UINT size)
 				goto BACKSPACE;
 			}
 		}
-		else if (c == 0x08)
+#ifdef OS_UNIX	// OS_UNIX
+		else if (c == 0x1B)
+		{
+			c = getc(stdin);
+			if (c != 0x5B && c != 0x4F)
+			{
+				// ESC key
+				goto PROCESS_CH;
+			}
+
+			c = getc(stdin);
+			if (c == 0x44)
+			{
+				// Left arrow key
+				goto BACKSPACE;
+			}
+			else if (c == 0x33)
+			{
+				c = getc(stdin);
+				if (c == 0x7E)
+				{
+					// Delete key
+					goto BACKSPACE;
+				}
+			}
+
+			// Drain remaining sequence bytes (most are <= 6)
+			for (int i = 0; i < 6; i++)
+			{
+				if (c >= 0x40 && c <= 0x7E)
+				{
+					// End of sequence
+					break;
+				}
+				c = getc(stdin);
+			}
+
+			continue;
+		}
+#endif	// OS_UNIX
+		else if (c == 0x08 || c == 0x7F)
 		{
 BACKSPACE:
 			// Backspace

src/Cedar/Hub.c

@@ -99,6 +99,7 @@ EAP_CLIENT *HubNewEapClient(CEDAR *cedar, char *hubname, char *client_ip_str, ch
 	char radius_servers[MAX_PATH] = {0};
 	UINT radius_port = 0;
 	UINT radius_retry_interval = 0;
+	UINT radius_retry_timeout = 0;
 	char radius_secret[MAX_PATH] = {0};
 	char radius_suffix_filter[MAX_PATH] = {0};
 	if (cedar == NULL || hubname == NULL || client_ip_str == NULL || username == NULL)
@@ -115,8 +116,8 @@ EAP_CLIENT *HubNewEapClient(CEDAR *cedar, char *hubname, char *client_ip_str, ch
 
 	if (hub != NULL)
 	{
-		if (GetRadiusServerEx2(hub, radius_servers, sizeof(radius_servers), &radius_port, radius_secret,
-			sizeof(radius_secret), &radius_retry_interval, radius_suffix_filter, sizeof(radius_suffix_filter)))
+		if (GetRadiusServerEx3(hub, radius_servers, sizeof(radius_servers), &radius_port, radius_secret,
+			sizeof(radius_secret), &radius_retry_interval, &radius_retry_timeout, radius_suffix_filter, sizeof(radius_suffix_filter)))
 		{
 			bool use_peap = hub->RadiusUsePeapInsteadOfEap;
 
@@ -630,6 +631,7 @@ void DataToHubOptionStruct(HUB_OPTION *o, RPC_ADMIN_OPTION *ao)
 	GetHubAdminOptionDataAndSet(ao, "UseHubNameAsDhcpUserClassOption", o->UseHubNameAsDhcpUserClassOption);
 	GetHubAdminOptionDataAndSet(ao, "UseHubNameAsRadiusNasId", o->UseHubNameAsRadiusNasId);
 	GetHubAdminOptionDataAndSet(ao, "AllowEapMatchUserByCert", o->AllowEapMatchUserByCert);
+	GetHubAdminOptionDataAndSet(ao, "DhcpDiscoverTimeoutMs", o->DhcpDiscoverTimeoutMs);
 }
 
 // Convert the contents of the HUB_OPTION to data
@@ -705,6 +707,7 @@ void HubOptionStructToData(RPC_ADMIN_OPTION *ao, HUB_OPTION *o, char *hub_name)
 	Add(aol, NewAdminOption("UseHubNameAsDhcpUserClassOption", o->UseHubNameAsDhcpUserClassOption));
 	Add(aol, NewAdminOption("UseHubNameAsRadiusNasId", o->UseHubNameAsRadiusNasId));
 	Add(aol, NewAdminOption("AllowEapMatchUserByCert", o->AllowEapMatchUserByCert));
+	Add(aol, NewAdminOption("DhcpDiscoverTimeoutMs", o->DhcpDiscoverTimeoutMs));
 
 	Zero(ao, sizeof(RPC_ADMIN_OPTION));
 
@@ -6413,17 +6416,23 @@ void ReleaseHub(HUB *h)
 bool GetRadiusServer(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size)
 {
 	UINT interval;
+	
 	return GetRadiusServerEx(hub, name, size, port, secret, secret_size, &interval);
 }
-bool GetRadiusServerEx(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size, UINT *interval)
-{
-	return GetRadiusServerEx2(hub, name, size, port, secret, secret_size, interval, NULL, 0);
+bool GetRadiusServerEx(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size, UINT *interval) {
+	UINT timeout;
+
+	return GetRadiusServerEx2(hub, name, size, port, secret, secret_size, interval, &timeout);
 }
-bool GetRadiusServerEx2(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size, UINT *interval, char *suffix_filter, UINT suffix_filter_size)
+bool GetRadiusServerEx2(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size, UINT *interval, UINT *timeout)
+{
+	return GetRadiusServerEx3(hub, name, size, port, secret, secret_size, interval, timeout, NULL, 0);
+}
+bool GetRadiusServerEx3(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size, UINT *interval, UINT *timeout, char *suffix_filter, UINT suffix_filter_size)
 {
 	bool ret = false;
 	// Validate arguments
-	if (hub == NULL || name == NULL || port == NULL || secret == NULL || interval == NULL)
+	if (hub == NULL || name == NULL || port == NULL || secret == NULL || interval == NULL || timeout == NULL)
 	{
 		return false;
 	}
@@ -6437,6 +6446,7 @@ bool GetRadiusServerEx2(HUB *hub, char *name, UINT size, UINT *port, char *secre
 			StrCpy(name, size, hub->RadiusServerName);
 			*port = hub->RadiusServerPort;
 			*interval = hub->RadiusRetryInterval;
+			*timeout = hub->RadiusRetryTimeout;
 
 			tmp_size = hub->RadiusSecret->Size + 1;
 			tmp = ZeroMalloc(tmp_size);
@@ -6463,6 +6473,10 @@ void SetRadiusServer(HUB *hub, char *name, UINT port, char *secret)
 	SetRadiusServerEx(hub, name, port, secret, RADIUS_RETRY_INTERVAL);
 }
 void SetRadiusServerEx(HUB *hub, char *name, UINT port, char *secret, UINT interval)
+{
+	SetRadiusServerEx2(hub, name, port, secret, interval, RADIUS_RETRY_TIMEOUT);
+}
+void SetRadiusServerEx2(HUB *hub, char *name, UINT port, char *secret, UINT interval, UINT timeout)
 {
 	// Validate arguments
 	if (hub == NULL)
@@ -6482,19 +6496,28 @@ void SetRadiusServerEx(HUB *hub, char *name, UINT port, char *secret, UINT inter
 			hub->RadiusServerName = NULL;
 			hub->RadiusServerPort = 0;
 			hub->RadiusRetryInterval = RADIUS_RETRY_INTERVAL;
+			hub->RadiusRetryTimeout = RADIUS_RETRY_TIMEOUT;
+
 			FreeBuf(hub->RadiusSecret);
 		}
 		else
 		{
 			hub->RadiusServerName = CopyStr(name);
 			hub->RadiusServerPort = port;
+
+			if (timeout == 0) {
+				timeout = RADIUS_RETRY_TIMEOUT;
+			}
+			hub->RadiusRetryTimeout = timeout;
+
 			if (interval == 0)
 			{
-				hub->RadiusRetryInterval = RADIUS_RETRY_INTERVAL;
+				hub->RadiusRetryInterval = RADIUS_RETRY_INTERVAL; ///What happens here is that RADIUS_RETRY_TIMEOUT is not configurable, and RADIUS_RETRY_INTERVAL is set to the timeout if it's larger.
 			}
-			else if (interval > RADIUS_RETRY_TIMEOUT)
+			
+			if (interval > timeout)
 			{
-				hub->RadiusRetryInterval = RADIUS_RETRY_TIMEOUT;
+				hub->RadiusRetryInterval = timeout;
 			}
 			else
 			{

src/Cedar/Hub.h

@@ -30,6 +30,9 @@
 // Default flooding queue length
 #define	DEFAULT_FLOODING_QUEUE_LENGTH				(32 * 1024 * 1024)
 
+// Default DHCP Discover Timeout
+#define	DEFAULT_DHCP_DISCOVER_TIMEOUT				(5 * 1000)
+
 // SoftEther link control packet
 struct SE_LINK
 {
@@ -183,6 +186,7 @@ struct HUB_OPTION
 	bool UseHubNameAsDhcpUserClassOption;	// Add HubName to DHCP request as User-Class option
 	bool UseHubNameAsRadiusNasId;		// Add HubName to Radius request as NAS-Identifier attrioption
 	bool AllowEapMatchUserByCert;		// Allow matching EAP Identity with user certificate CNs
+	UINT DhcpDiscoverTimeoutMs;			// Timeout to wait for DHCP server response on DISCOVER request
 };
 
 // MAC table entry
@@ -337,6 +341,7 @@ struct HUB
 	char *RadiusServerName;				// Radius server name
 	UINT RadiusServerPort;				// Radius server port number
 	UINT RadiusRetryInterval;			// Radius retry interval
+	UINT RadiusRetryTimeout;			// Radius timeout, it will no longer retry
 	BUF *RadiusSecret;					// Radius shared key
 	char RadiusSuffixFilter[MAX_SIZE];	// Radius suffix filter
 	char RadiusRealm[MAX_SIZE];			// Radius realm (optional)
@@ -478,9 +483,11 @@ void GetAccessListStr(char *str, UINT size, ACCESS *a);
 void DeleteOldIpTableEntry(LIST *o);
 void SetRadiusServer(HUB *hub, char *name, UINT port, char *secret);
 void SetRadiusServerEx(HUB *hub, char *name, UINT port, char *secret, UINT interval);
+void SetRadiusServerEx2(HUB *hub, char *name, UINT port, char *secret, UINT interval, UINT timeout);
 bool GetRadiusServer(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size);
 bool GetRadiusServerEx(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size, UINT *interval);
-bool GetRadiusServerEx2(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size, UINT *interval, char *suffix_filter, UINT suffix_filter_size);
+bool GetRadiusServerEx2(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size, UINT *interval, UINT *timeout);
+bool GetRadiusServerEx3(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size, UINT *interval, UINT *timeout, char *suffix_filter, UINT suffix_filter_size);
 int CompareCert(void *p1, void *p2);
 void GetHubLogSetting(HUB *h, HUB_LOG *setting);
 void SetHubLogSetting(HUB *h, HUB_LOG *setting);

src/Cedar/IPC.c

@@ -493,12 +493,14 @@ IPC *NewIPC(CEDAR *cedar, char *client_name, char *postfix, char *hubname, char
 	{
 		UINTToIP(&ipc->DefaultGateway, hub->Option->DefaultGateway);
 		UINTToIP(&ipc->SubnetMask, hub->Option->DefaultSubnet);
+		ipc->DhcpDiscoverTimeoutMs = hub->Option->DhcpDiscoverTimeoutMs;
 		GetBroadcastAddress4(&ipc->BroadcastAddress, &ipc->DefaultGateway, &ipc->SubnetMask);
 	}
 	else
 	{
 		ZeroIP4(&ipc->DefaultGateway);
 		ZeroIP4(&ipc->SubnetMask);
+		ipc->DhcpDiscoverTimeoutMs = DEFAULT_DHCP_DISCOVER_TIMEOUT;
 		ZeroIP4(&ipc->BroadcastAddress);
 	}
 
@@ -565,6 +567,9 @@ IPC *NewIPCBySock(CEDAR *cedar, SOCK *s, void *mac_address)
 	ipc->Sock = s;
 	AddRef(s->ref);
 
+	// Initialize to pass the validity check on the source IP address performed by IPCSendIPv4()
+	ZeroIP4(&ipc->ClientIPAddress);
+
 	Copy(ipc->MacAddress, mac_address, 6);
 
 	ipc->Interrupt = NewInterruptManager();
@@ -793,7 +798,8 @@ bool IPCDhcpAllocateIP(IPC *ipc, DHCP_OPTION_LIST *opt, TUBE *discon_poll_tube)
 	StrCpy(req.Hostname, sizeof(req.Hostname), ipc->ClientHostname);
 	IPCDhcpSetConditionalUserClass(ipc, &req);
 
-	d = IPCSendDhcpRequest(ipc, NULL, tran_id, &req, DHCP_OFFER, IPC_DHCP_TIMEOUT, discon_poll_tube);
+	UINT discoverTimeout = ipc->DhcpDiscoverTimeoutMs > 0 ? ipc->DhcpDiscoverTimeoutMs : DEFAULT_DHCP_DISCOVER_TIMEOUT;
+	d = IPCSendDhcpRequest(ipc, NULL, tran_id, &req, DHCP_OFFER, discoverTimeout, discon_poll_tube);
 	if (d == NULL)
 	{
 		return false;
@@ -896,7 +902,7 @@ DHCPV4_DATA *IPCSendDhcpRequest(IPC *ipc, IP *dest_ip, UINT tran_id, DHCP_OPTION
 	}
 
 	// Retransmission interval
-	resend_interval = MAX(1, (timeout / 3) - 100);
+	resend_interval = MIN(IPC_DHCP_MAX_RESEND_INTERVAL, MAX(1, (timeout / 3) - 100));
 
 	// Time-out time
 	giveup_time = Tick64() + (UINT64)timeout;
@@ -1517,7 +1523,9 @@ void IPCProcessL3EventsEx(IPC *ipc, UINT64 now)
 									// We save the router advertisement data for later use
 									IPCIPv6AddRouterPrefixes(ipc, &p->ICMPv6HeaderPacketInfo.OptionList, src_mac, &ip_src);
 									IPCIPv6AssociateOnNDTEx(ipc, &ip_src, src_mac, true);
-									IPCIPv6AssociateOnNDTEx(ipc, &ip_src, p->ICMPv6HeaderPacketInfo.OptionList.SourceLinkLayer->Address, true);
+									if (p->ICMPv6HeaderPacketInfo.OptionList.SourceLinkLayer != NULL) {
+										IPCIPv6AssociateOnNDTEx(ipc, &ip_src, p->ICMPv6HeaderPacketInfo.OptionList.SourceLinkLayer->Address, true);
+									}
 									ndtProcessed = true;
 									header_size = sizeof(ICMPV6_ROUTER_ADVERTISEMENT_HEADER);
 									break;
@@ -2354,7 +2362,14 @@ void IPCIPv6AddRouterPrefixes(IPC *ipc, ICMPV6_OPTION_LIST *recvPrefix, UCHAR *m
 				IntToSubnetMask6(&newRA->RoutedMask, recvPrefix->Prefix[i]->SubnetLength);
 				CopyIP(&newRA->RouterAddress, ip);
 				Copy(newRA->RouterMacAddress, macAddress, 6);
-				Copy(newRA->RouterLinkLayerAddress, recvPrefix->SourceLinkLayer->Address, 6);
+				if (recvPrefix->SourceLinkLayer != NULL)
+				{
+					Copy(newRA->RouterLinkLayerAddress, recvPrefix->SourceLinkLayer->Address, 6);
+				}
+				else
+				{
+					Zero(newRA->RouterLinkLayerAddress, 6);
+				}
 				Add(ipc->IPv6RouterAdvs, newRA);
 			}
 		}
@@ -2657,7 +2672,7 @@ void IPCIPv6SendUnicast(IPC *ipc, void *data, UINT size, IP *next_ip)
 		}
 
 		destMac = ra.RouterMacAddress;
-		if (!IsMacUnicast(destMac) && !IsMacInvalid(ra.RouterMacAddress))
+		if (!IsMacUnicast(destMac) && !IsMacInvalid(ra.RouterLinkLayerAddress))
 		{
 			destMac = ra.RouterLinkLayerAddress;
 		}

src/Cedar/IPC.h

@@ -19,6 +19,7 @@
 #define	IPC_DHCP_TIMEOUT				(5 * 1000)
 #define	IPC_DHCP_MIN_LEASE				5
 #define	IPC_DHCP_DEFAULT_LEASE			3600
+#define	IPC_DHCP_MAX_RESEND_INTERVAL	(3 * 1000)
 
 #define	IPC_MAX_PACKET_QUEUE_LEN		10000
 
@@ -149,6 +150,7 @@ struct IPC
 	SHARED_BUFFER *IpcSessionSharedBuffer;	// A shared buffer between IPC and Session
 	IPC_SESSION_SHARED_BUFFER_DATA *IpcSessionShared;	// Shared data between IPC and Session
 	UINT Layer;
+	UINT DhcpDiscoverTimeoutMs;			// Timeut to wait for DHCP server response on DISCOVER request
 
 	// IPv6 stuff
 	QUEUE *IPv6ReceivedQueue;			// IPv6 reception queue

src/Cedar/Layer3.c

@@ -457,10 +457,10 @@ void L3KnownArp(L3IF *f, UINT ip, UCHAR *mac)
 	// Delete an ARP query entry to this IP address
 	Zero(&t, sizeof(t));
 	t.IpAddress = ip;
-	w = Search(f->IpWaitList, &t);
+	w = Search(f->ArpWaitTable, &t);
 	if (w != NULL)
 	{
-		Delete(f->IpWaitList, w);
+		Delete(f->ArpWaitTable, w);
 		Free(w);
 	}
 

src/Cedar/Proto_IKE.c

@@ -11,6 +11,7 @@
 #include "Connection.h"
 #include "Logging.h"
 #include "Proto_EtherIP.h"
+#include "Proto_IKEv2.h"
 #include "Proto_IPsec.h"
 #include "Proto_L2TP.h"
 #include "Server.h"
@@ -35,40 +36,57 @@ void ProcIKEPacketRecv(IKE_SERVER *ike, UDPPACKET *p)
 
 	if (p->Type == IKE_UDP_TYPE_ISAKMP)
 	{
-		// ISAKMP (IKE) packet
-		IKE_PACKET *header;
+		IKE_HEADER *raw_hdr;
 
-		header = ParseIKEPacketHeader(p);
-		if (header == NULL)
+		// Check packet is large enough for the IKE header
+		if (p->Size < sizeof(IKE_HEADER))
 		{
 			return;
 		}
 
-		//Debug("InitiatorCookie: %I64u, ResponderCookie: %I64u\n", header->InitiatorCookie, header->ResponderCookie);
+		raw_hdr = (IKE_HEADER *)p->Data;
 
-		switch (header->ExchangeType)
+		// Dispatch IKEv2 packets by version field
+		if (raw_hdr->Version == IKEv2_VERSION)
 		{
-		case IKE_EXCHANGE_TYPE_MAIN:	// Main mode
-			ProcIkeMainModePacketRecv(ike, p, header);
-			break;
-
-		case IKE_EXCHANGE_TYPE_AGGRESSIVE:	// Aggressive mode
-			if (ike->Cedar->Server->DisableIPsecAggressiveMode == false)
-			{
-				ProcIkeAggressiveModePacketRecv(ike, p, header);
-			}
-			break;
-
-		case IKE_EXCHANGE_TYPE_QUICK:	// Quick mode
-			ProcIkeQuickModePacketRecv(ike, p, header);
-			break;
-
-		case IKE_EXCHANGE_TYPE_INFORMATION:	// Information exchange
-			ProcIkeInformationalExchangePacketRecv(ike, p, header);
-			break;
+			ProcIKEv2PacketRecv(ike, p);
+			return;
 		}
 
-		IkeFree(header);
+		// IKEv1 / ISAKMP packet
+		{
+			IKE_PACKET *header;
+
+			header = ParseIKEPacketHeader(p);
+			if (header == NULL)
+			{
+				return;
+			}
+
+			switch (header->ExchangeType)
+			{
+			case IKE_EXCHANGE_TYPE_MAIN:	// Main mode
+				ProcIkeMainModePacketRecv(ike, p, header);
+				break;
+
+			case IKE_EXCHANGE_TYPE_AGGRESSIVE:	// Aggressive mode
+				if (ike->Cedar->Server->DisableIPsecAggressiveMode == false)
+				{
+					ProcIkeAggressiveModePacketRecv(ike, p, header);
+				}
+				break;
+
+			case IKE_EXCHANGE_TYPE_QUICK:	// Quick mode
+				ProcIkeQuickModePacketRecv(ike, p, header);
+				break;
+
+			case IKE_EXCHANGE_TYPE_INFORMATION:	// Information exchange
+				ProcIkeInformationalExchangePacketRecv(ike, p, header);
+				break;
+			}
+
+			IkeFree(header);
+		}
 	}
 	else if (p->Type == IKE_UDP_TYPE_ESP)
 	{
@@ -463,39 +481,13 @@ void ProcIPsecEspPacketRecv(IKE_SERVER *ike, UDPPACKET *p)
 	seq = READ_UINT(src + sizeof(UINT));
 
 	// Search and retrieve the IPsec SA from SPI
+
+	// thank to @phillibert report, responding to bad SA might lead to amplification
+	// according to RFC4303 we should drop such packets
+
 	ipsec_sa = SearchClientToServerIPsecSaBySpi(ike, spi);
 	if (ipsec_sa == NULL)
 	{
-		// Invalid SPI
-		UINT64 init_cookie = Rand64();
-		UINT64 resp_cookie = 0;
-		IKE_CLIENT *c = NULL;
-		IKE_CLIENT t;
-
-
-		Copy(&t.ClientIP, &p->SrcIP, sizeof(IP));
-		t.ClientPort = p->SrcPort;
-		Copy(&t.ServerIP, &p->DstIP, sizeof(IP));
-		t.ServerPort = p->DestPort;
-		t.CurrentIkeSa = NULL;
-
-		if (p->DestPort == IPSEC_PORT_IPSEC_ESP_RAW)
-		{
-			t.ClientPort = t.ServerPort = IPSEC_PORT_IPSEC_ISAKMP;
-		}
-
-		c = Search(ike->ClientList, &t);
-
-		if (c != NULL && c->CurrentIkeSa != NULL)
-		{
-			init_cookie = c->CurrentIkeSa->InitiatorCookie;
-			resp_cookie = c->CurrentIkeSa->ResponderCookie;
-		}
-
-		SendInformationalExchangePacketEx(ike, (c == NULL ? &t : c), IkeNewNoticeErrorInvalidSpiPayload(spi), false,
-			init_cookie, resp_cookie);
-
-		SendDeleteIPsecSaPacket(ike, (c == NULL ? &t : c), spi);
 		return;
 	}
 
@@ -5671,6 +5663,9 @@ void ProcessIKEInterrupts(IKE_SERVER *ike)
 	}
 	while (ike->StateHasChanged);
 
+	// IKEv2 interrupt processing
+	ProcessIKEv2Interrupts(ike);
+
 	// Maintenance of the thread list
 	MaintainThreadList(ike->ThreadList);
 	/*Debug("ike->ThreadList: %u\n", LIST_NUM(ike->ThreadList));
@@ -5849,6 +5844,17 @@ void FreeIKEServer(IKE_SERVER *ike)
 
 	ReleaseList(ike->ClientList);
 
+	// Free IKEv2 SAs
+	{
+		UINT j;
+		for (j = 0; j < LIST_NUM(ike->IKEv2SaList); j++)
+		{
+			IKEv2_SA *sa2 = LIST_DATA(ike->IKEv2SaList, j);
+			IKEv2FreeSA(ike, sa2);
+		}
+	}
+	ReleaseList(ike->IKEv2SaList);
+
 	ReleaseSockEvent(ike->SockEvent);
 
 	IPsecLog(ike, NULL, NULL, NULL, "LI_STOP");
@@ -5895,6 +5901,8 @@ IKE_SERVER *NewIKEServer(CEDAR *cedar, IPSEC_SERVER *ipsec)
 
 	ike->ThreadList = NewThreadList();
 
+	ike->IKEv2SaList = NewList(CmpIKEv2SA);
+
 	IPsecLog(ike, NULL, NULL, NULL, "LI_START");
 
 	return ike;

src/Cedar/Proto_IKE.h

@@ -268,6 +268,10 @@ struct IKE_SERVER
 
 	// Setting data
 	char Secret[MAX_SIZE];						// Pre-shared key
+
+	// IKEv2 state
+	LIST *IKEv2SaList;							// IKEv2 SA list
+	UINT CurrentIKEv2SaId;						// IKEv2 SA ID counter
 };
 
 

src/Cedar/Proto_IKEv2.h

@@ -0,0 +1,292 @@
+// SoftEther VPN Source Code - Developer Edition Master Branch
+// Cedar Communication Module
+
+
+// Proto_IKEv2.h
+// Header for IKEv2 (RFC 7296) implementation
+
+#ifndef PROTO_IKEV2_H
+#define PROTO_IKEV2_H
+
+#include "Proto_IKE.h"
+#include "Proto_IkePacket.h"
+
+//// IKEv2 Header Flags (RFC 7296 Section 3.1)
+#define IKEv2_FLAG_RESPONSE       0x20
+#define IKEv2_FLAG_VERSION        0x10
+#define IKEv2_FLAG_INITIATOR      0x08
+
+//// IKEv2 Payload Types (RFC 7296 Section 3.3)
+#define IKEv2_PAYLOAD_NONE        0
+#define IKEv2_PAYLOAD_SA          33
+#define IKEv2_PAYLOAD_KE          34
+#define IKEv2_PAYLOAD_IDi         35
+#define IKEv2_PAYLOAD_IDr         36
+#define IKEv2_PAYLOAD_CERT        37
+#define IKEv2_PAYLOAD_CERTREQ     38
+#define IKEv2_PAYLOAD_AUTH        39
+#define IKEv2_PAYLOAD_NONCE       40
+#define IKEv2_PAYLOAD_NOTIFY      41
+#define IKEv2_PAYLOAD_DELETE      42
+#define IKEv2_PAYLOAD_VENDOR      43
+#define IKEv2_PAYLOAD_TSi         44
+#define IKEv2_PAYLOAD_TSr         45
+#define IKEv2_PAYLOAD_SK          46
+#define IKEv2_PAYLOAD_CP          47
+#define IKEv2_PAYLOAD_EAP         48
+
+//// IKEv2 Transform Types
+#define IKEv2_TF_ENCR             1
+#define IKEv2_TF_PRF              2
+#define IKEv2_TF_INTEG            3
+#define IKEv2_TF_DH               4
+#define IKEv2_TF_ESN              5
+
+//// IKEv2 Encryption Algorithm IDs
+#define IKEv2_ENCR_3DES           3
+#define IKEv2_ENCR_AES_CBC        12
+
+//// IKEv2 PRF Algorithm IDs
+#define IKEv2_PRF_HMAC_MD5        1
+#define IKEv2_PRF_HMAC_SHA1       2
+#define IKEv2_PRF_HMAC_SHA2_256   5
+#define IKEv2_PRF_HMAC_SHA2_384   6
+#define IKEv2_PRF_HMAC_SHA2_512   7
+
+//// IKEv2 Integrity Algorithm IDs
+#define IKEv2_INTEG_HMAC_MD5_96        1   // key=16,  icv=12
+#define IKEv2_INTEG_HMAC_SHA1_96       2   // key=20,  icv=12
+#define IKEv2_INTEG_HMAC_SHA2_256_128  12  // key=32,  icv=16
+#define IKEv2_INTEG_HMAC_SHA2_384_192  13  // key=48,  icv=24
+#define IKEv2_INTEG_HMAC_SHA2_512_256  14  // key=64,  icv=32
+
+//// IKEv2 DH Groups (same wire values as IKEv1)
+#define IKEv2_DH_1024_MODP        2
+#define IKEv2_DH_1536_MODP        5
+#define IKEv2_DH_2048_MODP        14
+#define IKEv2_DH_3072_MODP        15
+#define IKEv2_DH_4096_MODP        16
+
+//// IKEv2 ESN Values
+#define IKEv2_ESN_NO_ESN          0
+#define IKEv2_ESN_YES             1
+
+//// IKEv2 Notify Message Types (error types < 16384)
+#define IKEv2_NOTIFY_UNSUPPORTED_CRITICAL_PAYLOAD  1
+#define IKEv2_NOTIFY_INVALID_IKE_SPI               4
+#define IKEv2_NOTIFY_INVALID_MAJOR_VERSION         5
+#define IKEv2_NOTIFY_INVALID_SYNTAX                7
+#define IKEv2_NOTIFY_INVALID_MESSAGE_ID            9
+#define IKEv2_NOTIFY_INVALID_SPI                   11
+#define IKEv2_NOTIFY_NO_PROPOSAL_CHOSEN            14
+#define IKEv2_NOTIFY_INVALID_KE_PAYLOAD            17
+#define IKEv2_NOTIFY_AUTHENTICATION_FAILED         24
+#define IKEv2_NOTIFY_TS_UNACCEPTABLE               38
+
+//// IKEv2 Notify status types (>= 16384)
+#define IKEv2_NOTIFY_NAT_DETECTION_SOURCE_IP       16388
+#define IKEv2_NOTIFY_NAT_DETECTION_DESTINATION_IP  16389
+#define IKEv2_NOTIFY_USE_TRANSPORT_MODE            16391
+#define IKEv2_NOTIFY_ESP_TFC_PADDING_NOT_SUPPORTED 16394
+
+//// IKEv2 ID Types
+#define IKEv2_ID_IPV4_ADDR        1
+#define IKEv2_ID_FQDN             2
+#define IKEv2_ID_RFC822_ADDR      3
+#define IKEv2_ID_IPV6_ADDR        5
+#define IKEv2_ID_KEY_ID           11
+
+//// IKEv2 Authentication Methods
+#define IKEv2_AUTH_RSA_SIGN       1
+#define IKEv2_AUTH_PSK            2
+
+//// IKEv2 Traffic Selector Types
+#define IKEv2_TS_IPV4_ADDR_RANGE  7
+#define IKEv2_TS_IPV6_ADDR_RANGE  8
+
+//// IKEv2 Protocol IDs
+#define IKEv2_PROTO_IKE           1
+#define IKEv2_PROTO_AH            2
+#define IKEv2_PROTO_ESP           3
+
+//// SA states
+#define IKEv2_SA_STATE_HALF_OPEN  0
+#define IKEv2_SA_STATE_ESTABLISHED 1
+
+//// Sizes and limits
+#define IKEv2_MAX_KEYMAT_SIZE     128
+#define IKEv2_NONCE_SIZE          32
+#define IKEv2_NONCE_MIN_SIZE      16
+#define IKEv2_NONCE_MAX_SIZE      256
+#define IKEv2_PSK_PAD             "Key Pad for IKEv2"
+#define IKEv2_PSK_PAD_LEN         17
+
+//// Timeouts
+#define IKEv2_SA_TIMEOUT_HALF_OPEN    30000
+#define IKEv2_SA_TIMEOUT_ESTABLISHED  (86400ULL * 1000)
+#define IKEv2_SA_RESEND_INTERVAL      2000
+#define IKEv2_CHILD_SA_LIFETIME_SECS  3600
+
+
+//// Structures
+
+// Negotiated IKE SA transform parameters
+struct IKEv2_IKETF
+{
+    UINT EncrAlg;        // Encryption algorithm
+    UINT EncrKeyLen;     // Encryption key length (bytes)
+    UINT PrfAlg;         // PRF algorithm
+    UINT IntegAlg;       // Integrity algorithm
+    UINT DhGroup;        // DH group number
+    UINT BlockSize;      // Cipher block size (bytes)
+    UINT PrfKeyLen;      // PRF key length (bytes)
+    UINT PrfOutLen;      // PRF output length (bytes)
+    UINT IntegKeyLen;    // Integrity key length (bytes)
+    UINT IntegIcvLen;    // Integrity ICV length (bytes)
+};
+typedef struct IKEv2_IKETF IKEv2_IKETF;
+
+// Negotiated Child SA transform parameters
+struct IKEv2_CHILDTF
+{
+    UINT EncrAlg;        // Encryption algorithm
+    UINT EncrKeyLen;     // Encryption key length (bytes)
+    UINT IntegAlg;       // Integrity algorithm
+    UINT IntegKeyLen;    // Integrity key length (bytes)
+    UINT IntegIcvLen;    // Integrity ICV length (bytes)
+    UINT DhGroup;        // DH group (0 if none)
+    bool UseTransport;   // True = transport mode
+    UINT BlockSize;      // Cipher block size
+};
+typedef struct IKEv2_CHILDTF IKEv2_CHILDTF;
+
+// IKEv2 SA (one per IKEv2 connection attempt)
+struct IKEv2_SA
+{
+    UINT         Id;
+    UINT64       InitiatorSPI;
+    UINT64       ResponderSPI;
+
+    IP           ClientIP;
+    UINT         ClientPort;
+    IP           ServerIP;
+    UINT         ServerPort;
+    bool         IsNatT;
+
+    UINT         State;
+    bool         Deleting;
+    UINT64       FirstCommTick;
+    UINT64       LastCommTick;
+
+    IKEv2_IKETF  Transform;
+
+    // Nonces
+    BUF         *Ni;
+    BUF         *Nr;
+
+    // DH
+    DH_CTX      *Dh;
+    BUF         *GxI;     // initiator KE value
+    BUF         *GxR;     // responder KE value (our public key)
+
+    // Derived IKE SA keys  (max 64 bytes each)
+    UCHAR        SK_d [IKEv2_MAX_KEYMAT_SIZE];
+    UCHAR        SK_ai[IKEv2_MAX_KEYMAT_SIZE];
+    UCHAR        SK_ar[IKEv2_MAX_KEYMAT_SIZE];
+    UCHAR        SK_ei[IKEv2_MAX_KEYMAT_SIZE];
+    UCHAR        SK_er[IKEv2_MAX_KEYMAT_SIZE];
+    UCHAR        SK_pi[IKEv2_MAX_KEYMAT_SIZE];
+    UCHAR        SK_pr[IKEv2_MAX_KEYMAT_SIZE];
+
+    // Crypto key objects for SK payload
+    IKE_CRYPTO_KEY *EncKeyI;   // key for SK_ei (decrypt received)
+    IKE_CRYPTO_KEY *EncKeyR;   // key for SK_er (encrypt sent)
+
+    // Original IKE_SA_INIT messages for AUTH
+    BUF         *InitMsg;   // IKE_SA_INIT request (from initiator)
+    BUF         *RespMsg;   // IKE_SA_INIT response (from us)
+
+    // Initiator identity from IKE_AUTH
+    UCHAR        IDi_Type;
+    BUF         *IDi_Data;
+
+    // Responder identity (from initiator's optional IDr payload, echoed back)
+    UCHAR        IDr_Type;
+    BUF         *IDr_Data;
+
+    // Message ID tracking
+    UINT         NextExpectedMsgId;
+
+    // Retransmission: cache last response
+    BUF         *LastResponse;
+    UINT         LastRespMsgId;
+    UINT64       LastRespTick;
+    UINT         NumResends;
+
+    // Pointer to IKEv1 IKE_CLIENT created after AUTH
+    IKE_CLIENT  *IkeClient;
+};
+typedef struct IKEv2_SA IKEv2_SA;
+
+
+//// Function prototypes
+
+void  ProcIKEv2PacketRecv(IKE_SERVER *ike, UDPPACKET *p);
+void  ProcessIKEv2Interrupts(IKE_SERVER *ike);
+
+IKEv2_SA *IKEv2NewSA(IKE_SERVER *ike);
+void  IKEv2FreeSA(IKE_SERVER *ike, IKEv2_SA *sa);
+void  IKEv2MarkDeleting(IKE_SERVER *ike, IKEv2_SA *sa);
+void  IKEv2PurgeDeleting(IKE_SERVER *ike);
+IKEv2_SA *IKEv2FindByInitSPI(IKE_SERVER *ike, UINT64 init_spi, IP *client_ip, UINT client_port);
+IKEv2_SA *IKEv2FindBySPIPair(IKE_SERVER *ike, UINT64 init_spi, UINT64 resp_spi);
+int   CmpIKEv2SA(void *p1, void *p2);
+
+void  IKEv2ProcSAInit(IKE_SERVER *ike, UDPPACKET *p, IKE_HEADER *hdr);
+void  IKEv2ProcAuth(IKE_SERVER *ike, UDPPACKET *p, IKE_HEADER *hdr, IKEv2_SA *sa,
+                    void *payload_data, UINT payload_size, UCHAR first_payload);
+void  IKEv2ProcInformational(IKE_SERVER *ike, UDPPACKET *p, IKE_HEADER *hdr, IKEv2_SA *sa,
+                              void *payload_data, UINT payload_size);
+
+bool  IKEv2DeriveKeys(IKE_SERVER *ike, IKEv2_SA *sa);
+void  IKEv2PRF(UINT prf_alg, void *key, UINT key_len,
+               void *data, UINT data_len, void *out);
+void  IKEv2PRFPlus(UINT prf_alg, void *key, UINT key_len,
+                   void *seed, UINT seed_len, void *out, UINT out_len);
+
+bool  IKEv2VerifyAuth(IKE_SERVER *ike, IKEv2_SA *sa,
+                      UCHAR auth_method, void *auth_data, UINT auth_len);
+void  IKEv2ComputeOurAuth(IKE_SERVER *ike, IKEv2_SA *sa, void *out, UINT *out_len);
+
+bool  IKEv2CreateChildSAForClient(IKE_SERVER *ike, IKEv2_SA *sa,
+                                   IKEv2_CHILDTF *ctf, UINT spi_i, UINT spi_r,
+                                   BUF *ni, BUF *nr);
+
+bool  IKEv2ParseSAProposalIKE(void *data, UINT size, IKEv2_IKETF *out);
+bool  IKEv2ParseSAProposalChild(void *data, UINT size, IKEv2_CHILDTF *out, UINT *out_spi_i);
+UINT  IKEv2BuildSAProposalIKE(IKEv2_SA *sa, void *buf, UINT buf_size);
+UINT  IKEv2BuildSAProposalChild(IKEv2_CHILDTF *ctf, UINT spi_r, void *buf, UINT buf_size);
+
+void  IKEv2SendResponse(IKE_SERVER *ike, IKEv2_SA *sa, IKE_HEADER *req_hdr,
+                        UCHAR exchange_type, void *payloads, UINT payloads_size,
+                        bool encrypt);
+void  IKEv2SendNotifyError(IKE_SERVER *ike, UDPPACKET *p, IKE_HEADER *hdr,
+                            UINT64 resp_spi, USHORT notify_type);
+
+BUF  *IKEv2EncryptSK(IKE_SERVER *ike, IKEv2_SA *sa, UCHAR next_payload,
+                      void *inner, UINT inner_size);
+BUF  *IKEv2DecryptSK(IKE_SERVER *ike, IKEv2_SA *sa, bool is_init_sending,
+                      void *sk_data, UINT sk_size);
+
+UINT  IKEv2PrfKeyLen(UINT prf_alg);
+UINT  IKEv2PrfOutLen(UINT prf_alg);
+UINT  IKEv2IntegKeyLen(UINT integ_alg);
+UINT  IKEv2IntegIcvLen(UINT integ_alg);
+UINT  IKEv2EncrKeyLen(UINT encr_alg, UINT requested);
+UINT  IKEv2EncrBlockSize(UINT encr_alg);
+IKE_HASH   *IKEv2GetHashForPrf(IKE_SERVER *ike, UINT prf_alg);
+IKE_HASH   *IKEv2GetHashForInteg(IKE_SERVER *ike, UINT integ_alg);
+IKE_CRYPTO *IKEv2GetCrypto(IKE_SERVER *ike, UINT encr_alg);
+IKE_DH     *IKEv2GetDh(IKE_SERVER *ike, UINT dh_group);
+
+#endif // PROTO_IKEV2_H

src/Cedar/Proto_L2TP.c

@@ -2138,9 +2138,9 @@ void L2TPProcessInterrupts(L2TP_SERVER *l2tp)
 		UINT64 l2tpTimeout = L2TP_TUNNEL_TIMEOUT;
 
 		// If we got on ANY session a higher timeout than the default L2TP tunnel timeout, increase it
-		for (i = 0; i < LIST_NUM(t->SessionList); i++)
+		for (j = 0; j < LIST_NUM(t->SessionList); j++)
 		{
-			L2TP_SESSION* s = LIST_DATA(t->SessionList, i);
+			L2TP_SESSION* s = LIST_DATA(t->SessionList, j);
 
 			if (s->TubeRecv != NULL && s->TubeRecv->DataTimeout > l2tpTimeout)
 			{

src/Cedar/Proto_OpenVPN.c

@@ -2562,9 +2562,16 @@ void OvsRecvPacket(OPENVPN_SERVER *s, LIST *recv_packet_list, UINT protocol)
 								Debug("OpenVPN Channel %u Failed.\n", j);
 								OvsLog(s, se, c, "LO_CHANNEL_FAILED");
 
-								// Return the AUTH_FAILED
-								str = "AUTH_FAILED";
-								WriteFifo(c->SslPipe->SslInOut->SendFifo, str, StrSize(str));
+								if ((se->IpcAsync->ErrorCode == ERR_AUTHTYPE_NOT_SUPPORTED) ||
+									(se->IpcAsync->ErrorCode == ERR_AUTH_FAILED) ||
+									(se->IpcAsync->ErrorCode == ERR_PROXY_AUTH_FAILED) ||
+									(se->IpcAsync->ErrorCode == ERR_USER_AUTHTYPE_NOT_PASSWORD) ||
+									(se->IpcAsync->ErrorCode == ERR_NOT_SUPPORTED_AUTH_ON_OPENSOURCE))
+								{
+									// Return the AUTH_FAILED
+									str = "AUTH_FAILED";
+									WriteFifo(c->SslPipe->SslInOut->SendFifo, str, StrSize(str));
+								}
 
 								s->SessionEstablishedCount++;
 

src/Cedar/Protocol.c

@@ -5429,7 +5429,7 @@ void ClientUploadNoop(CONNECTION *c)
 	}
 
 	p = PackError(0);
-	PackAddInt(p, "noop", 1);
+	PackAddInt(p, "noop", NOOP);
 	(void)HttpClientSend(c->FirstSock, p);
 	FreePack(p);
 
@@ -5440,6 +5440,24 @@ void ClientUploadNoop(CONNECTION *c)
 	}
 }
 
+void ServerUploadNoop(CONNECTION *c)
+{
+	PACK *p;
+	// Validate arguments
+	if (c == NULL)
+	{
+		return;
+	}
+
+	p = PackError(0);
+	PackAddInt(p, "noop", NOOP_IGNORE);
+	(void)HttpServerSend(c->FirstSock, p);
+	FreePack(p);
+
+	// Client can't re-respond to an HTTP "response" 
+	// so we don't wait for it on the server side
+}
+
 // Add client version information to the PACK
 void PackAddClientVersion(PACK *p, CONNECTION *c)
 {
@@ -5843,7 +5861,6 @@ bool ServerDownloadSignature(CONNECTION *c, char **error_detail_str)
 				// Target is invalid
 				HttpSendNotFound(s, h->Target);
 				Free(data);
-				FreeHttpHeader(h);
 				*error_detail_str = "POST_Target_Wrong";
 			}
 			else
@@ -5861,10 +5878,10 @@ bool ServerDownloadSignature(CONNECTION *c, char **error_detail_str)
 				{
 					// WaterMark is incorrect
 					HttpSendForbidden(s, h->Target, NULL);
-					FreeHttpHeader(h);
 					*error_detail_str = "POST_WaterMark_Error";
 				}
 			}
+			FreeHttpHeader(h);
 		}
 		else if (StrCmpi(h->Method, "OPTIONS") == 0)
 		{
@@ -5884,6 +5901,7 @@ bool ServerDownloadSignature(CONNECTION *c, char **error_detail_str)
 					continue;
 				}
 			}
+			FreeHttpHeader(h);
 		}
 		else if (StrCmpi(h->Method, "SSTP_DUPLEX_POST") == 0 && (ProtoEnabled(server->Proto, "SSTP") || s->IsReverseAcceptedSocket) && GetServerCapsBool(server, "b_support_sstp"))
 		{

src/Cedar/Protocol.h

@@ -169,6 +169,7 @@ bool GetSessionKeyFromPack(PACK *p, UCHAR *session_key, UINT *session_key_32);
 void CreateNodeInfo(NODE_INFO *info, CONNECTION *c);
 UINT SecureSign(SECURE_SIGN *sign, UINT device_id, char *pin);
 void ClientUploadNoop(CONNECTION *c);
+void ServerUploadNoop(CONNECTION *c);
 bool ClientCheckServerCert(CONNECTION *c, bool *expired);
 void ClientCheckServerCertThread(THREAD *thread, void *param);
 bool ClientSecureSign(CONNECTION *c, UCHAR *sign, UCHAR *random, X **x);

src/Cedar/Radius.c

@@ -7,6 +7,7 @@
 
 #include "Radius.h"
 
+#include "Protocol.h"
 #include "Connection.h"
 #include "IPC.h"
 #include "Server.h"
@@ -1767,7 +1768,7 @@ LABEL_ERROR:
 ////////// Classical implementation
 
 // Attempts Radius authentication (with specifying retry interval and multiple server)
-bool RadiusLogin(CONNECTION *c, char *server, UINT port, UCHAR *secret, UINT secret_size, wchar_t *username, char *password, UINT interval, UCHAR *mschap_v2_server_response_20,
+bool RadiusLogin(CONNECTION *c, char *server, UINT port, UCHAR *secret, UINT secret_size, wchar_t *username, char *password, UINT interval, UINT timeout, UCHAR *mschap_v2_server_response_20,
 				 RADIUS_LOGIN_OPTION *opt, char *hubname)
 {
 	UCHAR random[MD5_SIZE];
@@ -2072,14 +2073,22 @@ bool RadiusLogin(CONNECTION *c, char *server, UINT port, UCHAR *secret, UINT sec
 
 			// Transmission process start
 			start = Tick64();
+
+			// Limit timeout to be larger than hardcoded timeout
+			// Limit interval to be larger than the hardcoded interval and less than timeout
+			if (timeout < RADIUS_RETRY_TIMEOUT) {
+				timeout = RADIUS_RETRY_TIMEOUT;
+			}
+			
 			if(interval < RADIUS_RETRY_INTERVAL)
 			{
 				interval = RADIUS_RETRY_INTERVAL;
 			}
-			else if(interval > RADIUS_RETRY_TIMEOUT)
+			else if(interval > timeout)
 			{
-				interval = RADIUS_RETRY_TIMEOUT;
+				interval = timeout;
 			}
+
 			next_send_time = start + (UINT64)interval;
 
 			while (true)
@@ -2099,6 +2108,8 @@ SEND_RETRY:
 				next_send_time = Tick64() + (UINT64)interval;
 
 RECV_RETRY:
+				ServerUploadNoop(c);				
+				
 				now = Tick64();
 				if (next_send_time <= now)
 				{
@@ -2109,7 +2120,7 @@ RECV_RETRY:
 					goto SEND_RETRY;
 				}
 
-				if ((start + RADIUS_RETRY_TIMEOUT) < now)
+				if ((start + timeout) < now)
 				{
 					// Time-out
 					break;

src/Cedar/Radius.h

@@ -283,7 +283,7 @@ struct RADIUS_LOGIN_OPTION
 };
 
 // Function prototype
-bool RadiusLogin(CONNECTION *c, char *server, UINT port, UCHAR *secret, UINT secret_size, wchar_t *username, char *password, UINT interval, UCHAR *mschap_v2_server_response_20,
+bool RadiusLogin(CONNECTION *c, char *server, UINT port, UCHAR *secret, UINT secret_size, wchar_t *username, char *password, UINT interval, UINT timeout, UCHAR *mschap_v2_server_response_20,
 				 RADIUS_LOGIN_OPTION *opt, char *hubname);
 BUF *RadiusEncryptPassword(char *password, UCHAR *random, UCHAR *secret, UINT secret_size);
 BUF *RadiusCreateUserName(wchar_t *username);

src/Cedar/Sam.c

@@ -516,6 +516,7 @@ bool SamAuthUserByPlainPassword(CONNECTION *c, HUB *hub, char *username, char *p
 			char suffix_filter[MAX_SIZE];
 			wchar_t suffix_filter_w[MAX_SIZE];
 			UINT interval;
+			UINT timeout;
 			EAP_CLIENT *eap = NULL;
 			char password1[MAX_SIZE];
 			UCHAR client_challenge[16];
@@ -586,7 +587,7 @@ bool SamAuthUserByPlainPassword(CONNECTION *c, HUB *hub, char *username, char *p
 			}
 
 			// Get the Radius server information
-			if (GetRadiusServerEx2(hub, radius_server_addr, sizeof(radius_server_addr), &radius_server_port, radius_secret, sizeof(radius_secret), &interval, suffix_filter, sizeof(suffix_filter)))
+			if (GetRadiusServerEx3(hub, radius_server_addr, sizeof(radius_server_addr), &radius_server_port, radius_secret, sizeof(radius_secret), &interval, &timeout, suffix_filter, sizeof(suffix_filter)))
 			{
 				Unlock(hub->lock);
 
@@ -597,7 +598,7 @@ bool SamAuthUserByPlainPassword(CONNECTION *c, HUB *hub, char *username, char *p
 					// Attempt to login
 					b = RadiusLogin(c, radius_server_addr, radius_server_port,
 						radius_secret, StrLen(radius_secret),
-						name, password, interval, mschap_v2_server_response_20, opt, hub->Name);
+						name, password, interval, timeout, mschap_v2_server_response_20, opt, hub->Name);
 
 					if (b)
 					{

src/Cedar/Server.c

@@ -2337,6 +2337,7 @@ void SiSetDefaultHubOption(HUB_OPTION *o)
 	o->AccessListIncludeFileCacheLifetime = ACCESS_LIST_INCLUDE_FILE_CACHE_LIFETIME;
 	o->RemoveDefGwOnDhcpForLocalhost = true;
 	o->FloodingSendQueueBufferQuota = DEFAULT_FLOODING_QUEUE_LENGTH;
+	o->DhcpDiscoverTimeoutMs = DEFAULT_DHCP_DISCOVER_TIMEOUT;
 }
 
 // Create a default virtual HUB
@@ -3942,6 +3943,11 @@ void SiLoadHubOptionCfg(FOLDER *f, HUB_OPTION *o)
 	o->UseHubNameAsDhcpUserClassOption = CfgGetBool(f, "UseHubNameAsDhcpUserClassOption");
 	o->UseHubNameAsRadiusNasId = CfgGetBool(f, "UseHubNameAsRadiusNasId");
 	o->AllowEapMatchUserByCert = CfgGetBool(f, "AllowEapMatchUserByCert");
+	o->DhcpDiscoverTimeoutMs = CfgGetInt(f, "DhcpDiscoverTimeoutMs");
+	if (o->DhcpDiscoverTimeoutMs == 0)
+	{
+		o->DhcpDiscoverTimeoutMs = DEFAULT_DHCP_DISCOVER_TIMEOUT;
+	}
 
 	// Enabled by default
 	if (CfgIsItem(f, "ManageOnlyPrivateIP"))
@@ -4048,6 +4054,7 @@ void SiWriteHubOptionCfg(FOLDER *f, HUB_OPTION *o)
 	CfgAddBool(f, "UseHubNameAsDhcpUserClassOption", o->UseHubNameAsDhcpUserClassOption);
 	CfgAddBool(f, "UseHubNameAsRadiusNasId", o->UseHubNameAsRadiusNasId);
 	CfgAddBool(f, "AllowEapMatchUserByCert", o->AllowEapMatchUserByCert);
+	CfgAddInt(f, "DhcpDiscoverTimeoutMs", o->DhcpDiscoverTimeoutMs);
 }
 
 // Write the user
@@ -4848,6 +4855,7 @@ void SiWriteHubCfg(FOLDER *f, HUB *h)
 		}
 		CfgAddInt(f, "RadiusServerPort", h->RadiusServerPort);
 		CfgAddInt(f, "RadiusRetryInterval", h->RadiusRetryInterval);
+		CfgAddInt(f, "RadiusRetryTimeout", h->RadiusRetryTimeout);
 		CfgAddStr(f, "RadiusSuffixFilter", h->RadiusSuffixFilter);
 		CfgAddStr(f, "RadiusRealm", h->RadiusRealm);
 
@@ -5013,9 +5021,11 @@ void SiLoadHubCfg(SERVER *s, FOLDER *f, char *name)
 			BUF *secret;
 			UINT port;
 			UINT interval;
+			UINT timeout;
 
 			port = CfgGetInt(f, "RadiusServerPort");
 			interval = CfgGetInt(f, "RadiusRetryInterval");
+			timeout = CfgGetInt(f, "RadiusRetryTimeout");
 
 			CfgGetStr(f, "RadiusSuffixFilter", h->RadiusSuffixFilter, sizeof(h->RadiusSuffixFilter));
 			CfgGetStr(f, "RadiusRealm", h->RadiusRealm, sizeof(h->RadiusRealm));
@@ -5028,6 +5038,10 @@ void SiLoadHubCfg(SERVER *s, FOLDER *f, char *name)
 				interval = RADIUS_RETRY_INTERVAL;
 			}
 
+			if (timeout == 0) {
+				timeout = RADIUS_RETRY_TIMEOUT;
+			}
+
 			if (port != 0 && CfgGetStr(f, "RadiusServerName", name, sizeof(name)))
 			{
 				secret = CfgGetBuf(f, "RadiusSecret");
@@ -5041,7 +5055,7 @@ void SiLoadHubCfg(SERVER *s, FOLDER *f, char *name)
 					}
 					secret_str[sizeof(secret_str) - 1] = 0;
 					//SetRadiusServer(h, name, port, secret_str);
-					SetRadiusServerEx(h, name, port, secret_str, interval);
+					SetRadiusServerEx2(h, name, port, secret_str, interval, timeout);
 					FreeBuf(secret);
 				}
 			}
@@ -7533,6 +7547,11 @@ void SiCalledUpdateHub(SERVER *s, PACK *p)
 	o.UseHubNameAsDhcpUserClassOption = PackGetBool(p, "UseHubNameAsDhcpUserClassOption");
 	o.UseHubNameAsRadiusNasId = PackGetBool(p, "UseHubNameAsRadiusNasId");
 	o.AllowEapMatchUserByCert = PackGetBool(p, "AllowEapMatchUserByCert");
+	o.DhcpDiscoverTimeoutMs = PackGetInt(p, "DhcpDiscoverTimeoutMs");
+	if (o.DhcpDiscoverTimeoutMs == 0)
+	{
+		o.DhcpDiscoverTimeoutMs = DEFAULT_DHCP_DISCOVER_TIMEOUT;
+	}
 
 	save_packet_log = PackGetInt(p, "SavePacketLog");
 	packet_log_switch_type = PackGetInt(p, "PacketLogSwitchType");
@@ -9368,6 +9387,7 @@ void SiPackAddCreateHub(PACK *p, HUB *h)
 	PackAddBool(p, "UseHubNameAsDhcpUserClassOption", h->Option->UseHubNameAsDhcpUserClassOption);
 	PackAddBool(p, "UseHubNameAsRadiusNasId", h->Option->UseHubNameAsRadiusNasId);
 	PackAddBool(p, "AllowEapMatchUserByCert", h->Option->AllowEapMatchUserByCert);
+	PackAddInt(p, "DhcpDiscoverTimeoutMs", h->Option->DhcpDiscoverTimeoutMs);
 
 	SiAccessListToPack(p, h->AccessList);
 

src/Cedar/Virtual.c

@@ -2815,6 +2815,7 @@ void NativeNatThread(THREAD *thread, void *param)
 		if (a != NULL)
 		{
 			char macstr[64];
+			IP dhcp_ip;
 			// Acquisition success
 			Debug("NnGetNextInterface Ok: %s\n", a->DeviceName);
 
@@ -2842,9 +2843,10 @@ void NativeNatThread(THREAD *thread, void *param)
 
 			Debug("NnMainLoop Start.\n");
 			MacToStr(macstr, sizeof(macstr), a->Ipc->MacAddress);
+			UINTToIP(&dhcp_ip, a->CurrentDhcpOptionList.ServerAddress);
 			NLog(t->v, "LH_KERNEL_MODE_START", a->DeviceName,
 			     &a->Ipc->ClientIPAddress, &a->Ipc->SubnetMask, &a->Ipc->DefaultGateway, &a->Ipc->BroadcastAddress,
-			     macstr, &a->CurrentDhcpOptionList.ServerAddress, &a->DnsServerIP);
+				macstr, &dhcp_ip, &a->DnsServerIP);
 			NnMainLoop(t, a);
 			Debug("NnMainLoop End.\n");
 
@@ -9340,20 +9342,48 @@ UINT ServeDhcpDiscoverEx(VH *v, UCHAR *mac, UINT request_ip, bool is_static_ip)
 		return 0;
 	}
 
+	UINT ret = 0;
 	DHCP_LEASE *d = SearchDhcpLeaseByIp(v, request_ip);
+
 	if (d != NULL)
 	{
-		// The requested IP address is used already
-		return 0;
+		// If an entry for the same IP address already exists,
+		// check whether it is a request from the same MAC address
+		if (Cmp(mac, d->MacAddress, 6) == 0)
+		{
+			// Examine whether the specified IP address is within the range of static assignment
+			if (Endian32(v->DhcpIpStart) > Endian32(request_ip) ||
+				Endian32(request_ip) > Endian32(v->DhcpIpEnd))
+			{
+				// Accept if within the range of static assignment
+				ret = request_ip;
+			}
+		}
+		else {
+			// Duplicated IPV4 address found. The specified IP address is not available for use
+			char ipstr[MAX_HOST_NAME_LEN + 1] = { 0 };
+			char macstr[128] = { 0 };
+			IPToStr32(ipstr, sizeof(ipstr), request_ip);
+			MacToStr(macstr, sizeof(macstr), d->MacAddress);
+			Debug("Virtual DHC Server: Duplicated IP address detected. Static IP: %s, with the MAC: %s\n", ipstr, macstr);
+		}
 	}
-
-	// For static IP, the requested IP address must NOT be within the range of the DHCP pool
-	if (Endian32(request_ip) < Endian32(v->DhcpIpStart) || Endian32(request_ip) > Endian32(v->DhcpIpEnd))
+	else
 	{
-		return request_ip;
+		// Examine whether the specified IP address is within the range of static assignment
+		if (Endian32(v->DhcpIpStart) > Endian32(request_ip) ||
+			Endian32(request_ip) > Endian32(v->DhcpIpEnd))
+		{
+			// Accept if within the range of static assignment
+			ret = request_ip;
+		}
+		else
+		{
+			// The specified IP address is not available for use
+		}
 	}
 
-	return 0;
+	return ret;
 }
 
 // Take an appropriate IP addresses that can be assigned newly
@@ -9540,6 +9570,11 @@ void VirtualDhcpServer(VH *v, PKT *p)
 			{
 				ip = ServeDhcpRequestEx(v, p->MacAddressSrc, opt->RequestedIp, ip_static);
 			}
+			// If the IP address in user's note is changed, then reply to DHCP_REQUEST with DHCP_NAK
+			if (p->L3.IPv4Header->SrcIP && ip != p->L3.IPv4Header->SrcIP)
+			{
+				ip = 0;
+			}
 		}
 
 		if (ip != 0 || opt->Opcode == DHCP_INFORM)
@@ -9552,6 +9587,14 @@ void VirtualDhcpServer(VH *v, PKT *p)
 				char client_mac[MAX_SIZE];
 				char client_ip[MAX_SIZE];
 
+				// If there is any entry with the same MAC address, then remove it
+				d = SearchDhcpLeaseByMac(v, p->MacAddressSrc);
+				if (d != NULL)
+				{
+					FreeDhcpLease(d);
+					Delete(v->DhcpLeaseList, d);
+				}
+
 				// Remove old records with the same IP address
 				d = SearchDhcpLeaseByIp(v, ip);
 				if (d != NULL)
@@ -9710,36 +9753,40 @@ void VirtualDhcpServer(VH *v, PKT *p)
 		}
 		else
 		{
-			// There is no IP address that can be provided
-			DHCP_OPTION_LIST ret;
-			LIST *o;
-			Zero(&ret, sizeof(ret));
-
-			ret.Opcode = DHCP_NACK;
-			ret.ServerAddress = v->HostIP;
-			StrCpy(ret.DomainName, sizeof(ret.DomainName), v->DhcpDomain);
-			ret.SubnetMask = v->DhcpMask;
-
-			// Build the DHCP option
-			o = BuildDhcpOption(&ret);
-			if (o != NULL)
+			// Reply of DHCP_REQUEST must be either DHCP_ACK or DHCP_NAK
+			if (opt->Opcode == DHCP_REQUEST)
 			{
-				BUF *b = BuildDhcpOptionsBuf(o);
-				if (b != NULL)
-				{
-					UINT dest_ip = p->L3.IPv4Header->SrcIP;
-					if (dest_ip == 0)
-					{
-						dest_ip = 0xffffffff;
-					}
-					// Transmission
-					VirtualDhcpSend(v, tran_id, dest_ip, Endian16(p->L4.UDPHeader->SrcPort),
-					                ip, dhcp->ClientMacAddress, b, dhcp->HardwareType, dhcp->HardwareAddressSize);
+				// There is no IP address that can be provided
+				DHCP_OPTION_LIST ret;
+				LIST *o;
+				Zero(&ret, sizeof(ret));
 
-					// Release the memory
-					FreeBuf(b);
+				ret.Opcode = DHCP_NACK;
+				ret.ServerAddress = v->HostIP;
+				StrCpy(ret.DomainName, sizeof(ret.DomainName), v->DhcpDomain);
+				ret.SubnetMask = v->DhcpMask;
+
+				// Build the DHCP option
+				o = BuildDhcpOption(&ret);
+				if (o != NULL)
+				{
+					BUF *b = BuildDhcpOptionsBuf(o);
+					if (b != NULL)
+					{
+						UINT dest_ip = p->L3.IPv4Header->SrcIP;
+						if (dest_ip == 0)
+						{
+							dest_ip = 0xffffffff;
+						}
+						// Transmission
+						VirtualDhcpSend(v, tran_id, dest_ip, Endian16(p->L4.UDPHeader->SrcPort),
+							ip, dhcp->ClientMacAddress, b, dhcp->HardwareType, dhcp->HardwareAddressSize);
+
+						// Release the memory
+						FreeBuf(b);
+					}
+					FreeDhcpOptions(o);
 				}
-				FreeDhcpOptions(o);
 			}
 		}
 	}

src/Mayaqua/3rdparty/Findliboqs.cmake

@@ -0,0 +1,2 @@
+set(oqs_FOUND TRUE)
+add_library(OQS::oqs ALIAS oqs)

src/Mayaqua/CMakeLists.txt

@@ -18,6 +18,48 @@ set_target_properties(mayaqua
 
 find_package(OpenSSL REQUIRED)
 
+if(OPENSSL_VERSION VERSION_GREATER_EQUAL "3")
+  set(OQS_ENABLE ON CACHE BOOL "By setting this to OFF, Open Quantum Safe algorithms will not be built in")
+else()
+  # Disable oqsprovider when OpenSSL version < 3
+  set(OQS_ENABLE OFF)
+endif()
+
+if(OQS_ENABLE)
+  set(OQS_BUILD_ONLY_LIB ON CACHE BOOL "Set liboqs to build only the library (no tests)")
+  set(BUILD_TESTING OFF CACHE BOOL "By setting this to OFF, no tests or examples will be compiled.")
+  set(OQS_PROVIDER_BUILD_STATIC ON CACHE BOOL "Build a static library instead of a shared library") # Build oqsprovider as a static library (defaults to shared)
+  list(PREPEND CMAKE_MODULE_PATH "${CMAKE_SOURCE_DIR}/src/Mayaqua/3rdparty/")
+
+    # Disable all other KEM families
+  set(OQS_ENABLE_KEM_FRODOKEM OFF)
+  set(OQS_ENABLE_KEM_NTRUPRIME OFF)
+  set(OQS_ENABLE_KEM_NTRU OFF)
+  set(OQS_ENABLE_KEM_CLASSIC_MCELIECE OFF)
+  set(OQS_ENABLE_KEM_HQC OFF)
+  set(OQS_ENABLE_KEM_BIKE OFF)
+
+  # Disable all SIG families
+  set(OQS_ENABLE_SIG_ML_DSA OFF)
+  set(OQS_ENABLE_SIG_FALCON OFF)
+  set(OQS_ENABLE_SIG_DILITHIUM OFF)
+  set(OQS_ENABLE_SIG_SPHINCS OFF)
+  set(OQS_ENABLE_SIG_MAYO OFF)
+  set(OQS_ENABLE_SIG_CROSS OFF)
+  set(OQS_ENABLE_SIG_UOV OFF)
+  set(OQS_ENABLE_SIG_SNOVA OFF)
+  set(OQS_ENABLE_SIG_SLH_DSA OFF)
+
+  add_subdirectory(3rdparty/liboqs)
+  add_subdirectory(3rdparty/oqs-provider)
+
+  target_include_directories(oqsprovider PUBLIC ${CMAKE_CURRENT_BINARY_DIR}/3rdparty/liboqs/include)
+  set_property(TARGET oqsprovider PROPERTY POSITION_INDEPENDENT_CODE ON)
+  target_link_libraries(mayaqua PRIVATE oqsprovider)
+else()
+  add_definitions(-DSKIP_OQS_PROVIDER)
+endif()
+
 include(CheckSymbolExists)
 
 set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
@@ -93,11 +135,26 @@ if(UNIX)
       $<$<BOOL:${LIB_RT}>:${LIB_RT}>
   )
 
-  if (CMAKE_SYSTEM_PROCESSOR MATCHES "^(armv7l|aarch64|s390x)$" OR NOT HAVE_SYS_AUXV OR SKIP_CPU_FEATURES)
+  if (NOT HAVE_SYS_AUXV OR SKIP_CPU_FEATURES)
     add_definitions(-DSKIP_CPU_FEATURES)
+  elseif(${CMAKE_SYSTEM_NAME} STREQUAL "FreeBSD" AND NOT CMAKE_SYSTEM_PROCESSOR MATCHES "^(amd64|i386)")
+    message("cpu_features is not available on FreeBSD/${CMAKE_SYSTEM_PROCESSOR}")
+    add_definitions(-DSKIP_CPU_FEATURES)
+  elseif(${CMAKE_SYSTEM_NAME} STREQUAL "Darwin" AND NOT CMAKE_SYSTEM_NAME MATCHES "^(arm64|x86_64)")
+    # macOS runs only on Intel or ARM architecrues, should not reach here
+    add_definitions(-DSKIP_CPU_FEATURES)
+  elseif(${CMAKE_SYSTEM_NAME} STREQUAL "SunOS" OR ${CMAKE_SYSTEM_NAME} STREQUAL "OpenBSD")
+    message("cpu_features is not available on ${CMAKE_SYSTEM_NAME}")
+    add_definitions(-DSKIP_CPU_FEATURES)
+  elseif(USE_SYSTEM_CPU_FEATURES)
+    CHECK_INCLUDE_FILE(cpu_features_macros.h HAVE_CPU_FEATURES)
+    message("-- Using system's cpu_features")
+    target_link_libraries(mayaqua PRIVATE cpu_features)
   else()
+    message("-- Using bundled cpu_features")
+    set(BUILD_SHARED_LIBS OFF)
+    set(CMAKE_POSITION_INDEPENDENT_CODE ON)
     add_subdirectory(3rdparty/cpu_features)
-    set_property(TARGET cpu_features PROPERTY POSITION_INDEPENDENT_CODE ON)
     target_link_libraries(mayaqua PRIVATE cpu_features)
   endif()
 

src/Mayaqua/Encrypt.c

@@ -20,7 +20,9 @@
 #include <openssl/ssl.h>
 #include <openssl/err.h>
 #include <openssl/rand.h>
+#ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
+#endif
 #include <openssl/bio.h>
 #include <openssl/x509.h>
 #include <openssl/pkcs7.h>
@@ -40,6 +42,10 @@
 #include <openssl/x509v3.h>
 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
 #include <openssl/provider.h>
+// Static oqsprovider initialization function
+#ifndef SKIP_OQS_PROVIDER
+	extern OSSL_provider_init_fn oqs_provider_init;
+#endif
 #endif
 
 #ifdef _MSC_VER
@@ -88,6 +94,7 @@ int ssl_clientcert_index = 0;
 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
 static OSSL_PROVIDER *ossl_provider_legacy = NULL;
 static OSSL_PROVIDER *ossl_provider_default = NULL;
+static OSSL_PROVIDER *ossl_provider_oqsprovider = NULL;
 #endif
 
 LOCK **ssl_lock_obj = NULL;
@@ -344,6 +351,11 @@ MD *NewMdEx(char *name, bool hmac)
 #else
 		m->Ctx = EVP_MD_CTX_create();
 #endif
+		if (m->Ctx == NULL)
+		{
+			return NULL;
+		}
+
 		if (EVP_DigestInit_ex(m->Ctx, m->Md, NULL) == false)
 		{
 			Debug("NewMdEx(): EVP_DigestInit_ex() failed with error: %s\n", OpenSSL_Error());
@@ -3974,6 +3986,12 @@ void FreeCryptLibrary()
 		OSSL_PROVIDER_unload(ossl_provider_legacy);
 		ossl_provider_legacy = NULL;
 	}
+
+	if (ossl_provider_oqsprovider != NULL)
+	{
+		OSSL_PROVIDER_unload(ossl_provider_oqsprovider);
+		ossl_provider_oqsprovider = NULL;
+	}
 #endif
 }
 
@@ -3996,6 +4014,13 @@ void InitCryptLibrary()
 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
 	ossl_provider_default = OSSL_PROVIDER_load(NULL, "legacy");
 	ossl_provider_legacy = OSSL_PROVIDER_load(NULL, "default");
+
+	char *oqs_provider_name = "oqsprovider";
+	#ifndef SKIP_OQS_PROVIDER
+		// Registers "oqsprovider" as a provider -- necessary because oqsprovider is built in now.
+		OSSL_PROVIDER_add_builtin(NULL, oqs_provider_name, oqs_provider_init); 
+	#endif
+	ossl_provider_oqsprovider = OSSL_PROVIDER_load(NULL, oqs_provider_name);
 #endif
 
 	ssl_clientcert_index = SSL_get_ex_new_index(0, "struct SslClientCertInfo *", NULL, NULL, NULL);
@@ -4437,9 +4462,13 @@ bool IsAesNiSupported()
 
 	// Unfortunately OpenSSL doesn't provide a function to do it
 #ifdef _MSC_VER
-	int regs[4]; // EAX, EBX, ECX, EDX
-	__cpuid(regs, 1);
-	supported = (regs[2] >> 25) & 1;
+  #if defined(_M_X64) || defined(_M_IX86)
+    int regs[4]; // EAX, EBX, ECX, EDX
+    __cpuid(regs, 1);
+    supported = (regs[2] >> 25) & 1;
+  #elif defined(_M_ARM64)
+	return IsProcessorFeaturePresent(PF_ARM_V8_CRYPTO_INSTRUCTIONS_AVAILABLE);
+  #endif
 #else // _MSC_VER
 	#if defined(CPU_FEATURES_ARCH_X86)
 		const X86Features features = GetX86Info().features;
@@ -4584,6 +4613,11 @@ DH_CTX *DhNew(char *prime, UINT g)
 	dh = ZeroMalloc(sizeof(DH_CTX));
 
 	dh->dh = DH_new();
+	if (dh->dh == NULL)
+	{
+		return NULL;
+	}
+	
 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
 	dhp = BinToBigNum(buf->Buf, buf->Size);
 	dhg = BN_new();
@@ -4727,7 +4761,7 @@ static void MY_SHA0_Transform(MY_SHA0_CTX* ctx) {
 	UCHAR* p = ctx->buf;
 	int t;
 	for(t = 0; t < 16; ++t) {
-		UINT tmp =  *p++ << 24;
+		UINT tmp =  (UINT)*p++ << 24;
 		tmp |= *p++ << 16;
 		tmp |= *p++ << 8;
 		tmp |= *p++;

src/Mayaqua/HTTP.c

@@ -1207,12 +1207,14 @@ PACK *HttpClientRecv(SOCK *s)
 	UINT size;
 	UCHAR *tmp;
 	HTTP_VALUE *v;
+	UINT num_noop = 0;
 	// Validate arguments
 	if (s == NULL)
 	{
 		return NULL;
 	}
 
+START:
 	h = RecvHttpHeader(s);
 	if (h == NULL)
 	{
@@ -1257,6 +1259,22 @@ PACK *HttpClientRecv(SOCK *s)
 	p = BufToPack(b);
 	FreeBuf(b);
 
+	// Client shouldn't receive a noop other than NOOP_IGNORE
+	// because it can't respond without a full new HTTP request
+	UINT noop = PackGetInt(p, "noop");
+	if (noop == NOOP_IGNORE) {
+		Debug("recv: noop ignore\n");
+		FreePack(p);
+
+		num_noop++;
+
+		if (num_noop > MAX_NOOP_PER_SESSION)
+		{
+			return NULL;
+		}
+
+		goto START;
+	}
 	return p;
 }
 
@@ -1365,13 +1383,14 @@ START:
 	FreeBuf(b);
 
 	// Determine whether it's a NOOP
-	if (PackGetInt(p, "noop") != 0)
+	UINT noop = PackGetInt(p, "noop");
+	if (noop == NOOP)
 	{
 		Debug("recv: noop\n");
 		FreePack(p);
 
 		p = PackError(0);
-		PackAddInt(p, "noop", 1);
+		PackAddInt(p, "noop", NOOP_IGNORE);
 		if (HttpServerSend(s, p) == false)
 		{
 			FreePack(p);
@@ -1387,6 +1406,11 @@ START:
 			return NULL;
 		}
 
+		goto START;
+	} else if (noop == NOOP_IGNORE) {
+		Debug("recv: noop ignore\n");
+		FreePack(p);
+
 		goto START;
 	}
 

src/Mayaqua/Kernel.c

@@ -63,7 +63,7 @@ static int ydays[] =
 	0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334, 365
 };
 
-static UINT current_num_thread = 0;
+static COUNTER *current_num_thread = NULL;
 static UINT cached_number_of_cpus = 0;
 
 
@@ -776,6 +776,7 @@ void InitThreading()
 {
 	thread_pool = NewSk();
 	thread_count = NewCounter();
+	current_num_thread = NewCounter();
 }
 
 // Release of thread pool
@@ -821,6 +822,9 @@ void FreeThreading()
 
 	DeleteCounter(thread_count);
 	thread_count = NULL;
+
+	DeleteCounter(current_num_thread);
+	current_num_thread = NULL;
 }
 
 // Thread pool procedure
@@ -1028,9 +1032,9 @@ THREAD *NewThreadNamed(THREAD_PROC *thread_proc, void *param, char *name)
 
 	Wait(pd->InitFinishEvent, INFINITE);
 
-	current_num_thread++;
+	Inc(current_num_thread);
 
-//	Debug("current_num_thread = %u\n", current_num_thread);
+//	Debug("current_num_thread = %u\n", Count(current_num_thread));
 
 	return ret;
 }
@@ -1055,8 +1059,8 @@ void CleanupThread(THREAD *t)
 
 	Free(t);
 
-	current_num_thread--;
-	//Debug("current_num_thread = %u\n", current_num_thread);
+	Dec(current_num_thread);
+	//Debug("current_num_thread = %u\n", Count(current_num_thread));
 }
 
 // Release thread (pool)

src/Mayaqua/Mayaqua.h

@@ -72,11 +72,26 @@ int PASCAL WinMain(HINSTANCE hInst, HINSTANCE hPrev, char *CmdLine, int CmdShow)
 
 // Compiler dependent
 #ifndef	OS_WIN32
-// Gcc compiler
+// GCC or Clang compiler
 #define	GCC_PACKED		__attribute__ ((__packed__))
+// Clang compiler
+#if defined(__has_feature)
+#if __has_feature(thread_sanitizer)
+#define ATTRIBUTE_NO_TSAN			__attribute__((no_sanitize("thread")))
+#endif	// __has_feature(thread_sanitizer)
+#endif	// __has_feature
+// GCC compiler
+#if defined(__SANITIZE_THREAD__) && !defined(ATTRIBUTE_NO_TSAN)
+#define ATTRIBUTE_NO_TSAN			__attribute__((no_sanitize("thread")))
+#endif	// __SANITIZE_THREAD__
+// Other or older Clang/GCC compiler
+#ifndef ATTRIBUTE_NO_TSAN
+#define ATTRIBUTE_NO_TSAN
+#endif	// ATTRIBUTE_NO_TSAN
 #else	// OS_WIN32
 // VC++ compiler
 #define	GCC_PACKED
+#define ATTRIBUTE_NO_TSAN
 #endif	// OS_WIN32
 
 // Macro that displays the current file name and line number

src/Mayaqua/Microsoft.c

@@ -4259,7 +4259,7 @@ UINT MsService(char *name, SERVICE_FUNCTION *start, SERVICE_FUNCTION *stop, UINT
 
 		if ((mode == SVC_MODE_INSTALL || mode == SVC_MODE_UNINSTALL || mode == SVC_MODE_START ||
 			mode == SVC_MODE_STOP || mode == SVC_MODE_SERVICE) &&
-			(ms->IsNt == false))
+			(IsNt() == false))
 		{
 			// Tried to use the command for the NT in non-WindowsNT system
 			MsgBox(NULL, MB_ICONSTOP, _UU("SVC_NT_ONLY"));

src/Mayaqua/Microsoft.h

@@ -170,7 +170,6 @@ typedef struct MS
 {
 	HINSTANCE hInst;
 	HINSTANCE hKernel32;
-	bool IsNt;
 	bool IsAdmin;
 	HANDLE hCurrentProcess;
 	UINT CurrentProcessId;

src/Mayaqua/Network.c

@@ -11860,6 +11860,12 @@ bool StartSSLEx3(SOCK *sock, X *x, K *priv, LIST *chain, UINT ssl_timeout, char
 #endif
 
 		sock->ssl = SSL_new(ssl_ctx);
+
+		if (sock->ssl == NULL)
+		{
+			return false;
+		}
+
 		SSL_set_fd(sock->ssl, (int)sock->socket);
 
 #ifdef	SSL_CTRL_SET_TLSEXT_HOSTNAME
@@ -11905,6 +11911,10 @@ bool StartSSLEx3(SOCK *sock, X *x, K *priv, LIST *chain, UINT ssl_timeout, char
 		Unlock(openssl_lock);
 	}
 
+	#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+		SSL_set1_groups_list(sock->ssl, PQ_GROUP_LIST);
+	#endif
+	
 	if (sock->ServerMode)
 	{
 //		Lock(ssl_connect_lock);
@@ -12285,9 +12295,15 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size)
 				Debug("%s %u SecureRecv() Disconnect\n", __FILE__, __LINE__);
 				return 0;
 			}
+			ERR_clear_error();
 			ret = SSL_peek(ssl, &c, sizeof(c));
 		}
 		Unlock(sock->ssl_lock);
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
+		// 2021/09/10: After OpenSSL 3.x.x, both 0 and negative values might mean retryable.
+		// See: https://github.com/openssl/openssl/blob/435981cbadad2c58c35bacd30ca5d8b4c9bea72f/doc/man3/SSL_read.pod
+		// > Old documentation indicated a difference between 0 and -1, and that -1 was retryable.
+		// > You should instead call SSL_get_error() to find out if it's retryable.
 		if (ret == 0)
 		{
 			// The communication have been disconnected
@@ -12295,7 +12311,8 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size)
 			Debug("%s %u SecureRecv() Disconnect\n", __FILE__, __LINE__);
 			return 0;
 		}
-		if (ret < 0)
+#endif
+		if (ret <= 0)
 		{
 			// An error has occurred
 			e = SSL_get_error(ssl, ret);
@@ -12303,14 +12320,18 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size)
 			{
 				if (e == SSL_ERROR_SSL
 #if OPENSSL_VERSION_NUMBER < 0x10100000L
-				        &&
-				        sock->ssl->s3->send_alert[0] == SSL3_AL_FATAL &&
-				        sock->ssl->s3->send_alert[0] != sock->Ssl_Init_Async_SendAlert[0] &&
-				        sock->ssl->s3->send_alert[1] != sock->Ssl_Init_Async_SendAlert[1]
+					&&
+					sock->ssl->s3->send_alert[0] == SSL3_AL_FATAL &&
+					sock->ssl->s3->send_alert[0] != sock->Ssl_Init_Async_SendAlert[0] &&
+					sock->ssl->s3->send_alert[1] != sock->Ssl_Init_Async_SendAlert[1]
 #endif
-				   )
+					)
 				{
-					Debug("%s %u SSL Fatal Error on ASYNC socket !!!\n", __FILE__, __LINE__);
+					UINT ssl_err_no;
+					while (ssl_err_no = ERR_get_error()){
+						Debug("%s %u SSL_ERROR_SSL on ASYNC socket !!! ssl_err_no = %u: '%s'\n", __FILE__, __LINE__, ssl_err_no, ERR_error_string(ssl_err_no, NULL));
+					};
+
 					Disconnect(sock);
 					return 0;
 				}
@@ -12337,14 +12358,15 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size)
 		}
 #endif	// OS_UNIX
 
-// Run the time-out thread for SOLARIS
+		// Run the time-out thread for SOLARIS
 #ifdef UNIX_SOLARIS
 		ttparam = NewSocketTimeout(sock);
 #endif // UNIX_SOLARIS
 
+		ERR_clear_error();
 		ret = SSL_read(ssl, data, size);
 
-// Stop the timeout thread
+		// Stop the timeout thread
 #ifdef UNIX_SOLARIS
 		FreeSocketTimeout(ttparam);
 #endif // UNIX_SOLARIS
@@ -12357,7 +12379,11 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size)
 		}
 #endif	// OS_UNIX
 
-		if (ret < 0)
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
+		if (ret < 0) // OpenSSL version < 3.0.0
+#else
+		if (ret <= 0) // OpenSSL version >= 3.0.0
+#endif
 		{
 			e = SSL_get_error(ssl, ret);
 		}
@@ -12380,6 +12406,12 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size)
 
 		return (UINT)ret;
 	}
+
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
+	// 2021/09/10: After OpenSSL 3.x.x, both 0 and negative values might mean retryable.
+	// See: https://github.com/openssl/openssl/blob/435981cbadad2c58c35bacd30ca5d8b4c9bea72f/doc/man3/SSL_read.pod
+	// > Old documentation indicated a difference between 0 and -1, and that -1 was retryable.
+	// > You should instead call SSL_get_error() to find out if it's retryable.
 	if (ret == 0)
 	{
 		// Disconnect the communication
@@ -12387,20 +12419,26 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size)
 		//Debug("%s %u SecureRecv() Disconnect\n", __FILE__, __LINE__);
 		return 0;
 	}
+#endif
+
 	if (sock->AsyncMode)
 	{
 		if (e == SSL_ERROR_WANT_READ || e == SSL_ERROR_WANT_WRITE || e == SSL_ERROR_SSL)
 		{
 			if (e == SSL_ERROR_SSL
 #if OPENSSL_VERSION_NUMBER < 0x10100000L
-			        &&
-			        sock->ssl->s3->send_alert[0] == SSL3_AL_FATAL &&
-			        sock->ssl->s3->send_alert[0] != sock->Ssl_Init_Async_SendAlert[0] &&
-			        sock->ssl->s3->send_alert[1] != sock->Ssl_Init_Async_SendAlert[1]
+				&&
+				sock->ssl->s3->send_alert[0] == SSL3_AL_FATAL &&
+				sock->ssl->s3->send_alert[0] != sock->Ssl_Init_Async_SendAlert[0] &&
+				sock->ssl->s3->send_alert[1] != sock->Ssl_Init_Async_SendAlert[1]
 #endif
-			   )
+				)
 			{
-				Debug("%s %u SSL Fatal Error on ASYNC socket !!!\n", __FILE__, __LINE__);
+				UINT ssl_err_no;
+				while (ssl_err_no = ERR_get_error()) {
+					Debug("%s %u SSL_ERROR_SSL on ASYNC socket !!! ssl_err_no = %u: '%s'\n", __FILE__, __LINE__, ssl_err_no, ERR_error_string(ssl_err_no, NULL));
+				};
+
 				Disconnect(sock);
 				return 0;
 			}
@@ -12409,8 +12447,8 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size)
 			return SOCK_LATER;
 		}
 	}
+	Debug("%s %u e=%u SecureRecv() Disconnect\n", __FILE__, __LINE__, e);
 	Disconnect(sock);
-	Debug("%s %u SecureRecv() Disconnect\n", __FILE__, __LINE__);
 	return 0;
 }
 
@@ -12437,8 +12475,13 @@ UINT SecureSend(SOCK *sock, void *data, UINT size)
 			return 0;
 		}
 
+		ERR_clear_error();
 		ret = SSL_write(ssl, data, size);
-		if (ret < 0)
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
+		if (ret < 0) // OpenSSL version < 3.0.0
+#else
+		if (ret <= 0) // OpenSSL version >= 3.0.0
+#endif
 		{
 			e = SSL_get_error(ssl, ret);
 		}
@@ -12460,6 +12503,8 @@ UINT SecureSend(SOCK *sock, void *data, UINT size)
 		sock->WriteBlocked = false;
 		return (UINT)ret;
 	}
+
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
 	if (ret == 0)
 	{
 		// Disconnect
@@ -12467,18 +12512,29 @@ UINT SecureSend(SOCK *sock, void *data, UINT size)
 		Disconnect(sock);
 		return 0;
 	}
+#endif
 
 	if (sock->AsyncMode)
 	{
 		// Confirmation of the error value
 		if (e == SSL_ERROR_WANT_READ || e == SSL_ERROR_WANT_WRITE || e == SSL_ERROR_SSL)
 		{
+			if (e == SSL_ERROR_SSL)
+			{
+				UINT ssl_err_no;
+				while (ssl_err_no = ERR_get_error()) {
+					Debug("%s %u SSL_ERROR_SSL on ASYNC socket !!! ssl_err_no = %u: '%s'\n", __FILE__, __LINE__, ssl_err_no, ERR_error_string(ssl_err_no, NULL));
+				};
+
+				Disconnect(sock);
+				return 0;
+			}
+
 			sock->WriteBlocked = true;
 			return SOCK_LATER;
 		}
-		Debug("%s %u e=%u\n", __FILE__, __LINE__, e);
 	}
-	//Debug("%s %u SecureSend() Disconnect\n", __FILE__, __LINE__);
+	Debug("%s %u e=%u SecureSend() Disconnect\n", __FILE__, __LINE__, e);
 	Disconnect(sock);
 	return 0;
 }
@@ -16200,6 +16256,12 @@ UINT GetOSSecurityLevel()
 	UINT security_level_new = 0, security_level_set_ssl_version = 0;
 	struct ssl_ctx_st *ctx = SSL_CTX_new(SSLv23_method());
 
+	if (ctx == NULL)
+	{
+		return security_level_new;
+	}
+
+
 #if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
 	security_level_new = SSL_CTX_get_security_level(ctx);
 #endif

src/Mayaqua/Network.h

@@ -59,6 +59,10 @@ struct DYN_VALUE
 
 #define	DEFAULT_CIPHER_LIST			"ECDHE+AESGCM:ECDHE+CHACHA20:DHE+AESGCM:DHE+CHACHA20:ECDHE+AES256:DHE+AES256:RSA+AES"
 
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+#define PQ_GROUP_LIST				"X25519MLKEM768:p521_kyber1024:x25519_kyber768:P-521:X25519:P-256"
+#endif
+
 // SSL logging function
 //#define	ENABLE_SSL_LOGGING
 #define	SSL_LOGGING_DIRNAME			"@ssl_log"
@@ -877,8 +881,6 @@ struct SSL_VERIFY_OPTION
 	X *SavedCert;					// Saved server certificate
 };
 
-#define	SSL_DEFAULT_CONNECT_TIMEOUT		(15 * 1000)		// SSL default timeout
-
 // Header for TCP Pair
 struct TCP_PAIR_HEADER
 {

src/Mayaqua/Pack.h

@@ -38,6 +38,8 @@
 
 // The number of allowable NOOP
 #define	MAX_NOOP_PER_SESSION	30
+#define NOOP 1
+#define NOOP_IGNORE 2 // A noop, but don't send a response noop
 
 // VALUE object
 struct VALUE

src/Mayaqua/Table.c

@@ -470,6 +470,7 @@ LIST *LoadLangList()
 	b = ReadDump(filename);
 	if (b == NULL)
 	{
+		FreeLangList(o);
 		return NULL;
 	}
 

src/Mayaqua/TcpIp.c

@@ -2057,43 +2057,15 @@ bool ParsePacketL2Ex(PKT *p, UCHAR *buf, UINT size, bool no_l3, bool no_l3_l4_ex
 
 	if (type_id_16 > 1500)
 	{
-		// Ordinary Ethernet frame
-		switch (type_id_16)
+		if (type_id_16 == MAC_PROTO_TAGVLAN)
 		{
-		case MAC_PROTO_ARPV4:	// ARPv4
-			if (no_l3 || no_l3_l4_except_icmpv6)
-			{
-				return true;
-			}
-
-			return ParsePacketARPv4(p, buf, size);
-
-		case MAC_PROTO_IPV4:	// IPv4
-			if (no_l3 || no_l3_l4_except_icmpv6)
-			{
-				return true;
-			}
-
-			return ParsePacketIPv4(p, buf, size);
-
-		case MAC_PROTO_IPV6:	// IPv6
-			if (no_l3)
-			{
-				return true;
-			}
-
-			return ParsePacketIPv6(p, buf, size, no_l3_l4_except_icmpv6);
-
-		default:				// Unknown
-			if (type_id_16 == p->VlanTypeID)
-			{
-				// VLAN
-				return ParsePacketTAGVLAN(p, buf, size);
-			}
-			else
-			{
-				return true;
-			}
+			// Parse VLAN frame
+			return ParsePacketTAGVLAN(p, buf, size, no_l3, no_l3_l4_except_icmpv6);
+		}
+		else
+		{
+			// Parse Ordinary Ethernet frame
+			return ParsePacketL3(p, buf, size, type_id_16, no_l3, no_l3_l4_except_icmpv6);
 		}
 	}
 	else
@@ -2128,10 +2100,44 @@ bool ParsePacketL2Ex(PKT *p, UCHAR *buf, UINT size, bool no_l3, bool no_l3_l4_ex
 	}
 }
 
+bool ParsePacketL3(PKT *p, UCHAR *buf, UINT size, USHORT proto, bool no_l3, bool no_l3_l4_except_icmpv6)
+{
+	switch (proto)
+		{
+		case MAC_PROTO_ARPV4:	// ARPv4
+			if (no_l3 || no_l3_l4_except_icmpv6)
+			{
+				return true;
+			}
+
+			return ParsePacketARPv4(p, buf, size);
+
+		case MAC_PROTO_IPV4:	// IPv4
+			if (no_l3 || no_l3_l4_except_icmpv6)
+			{
+				return true;
+			}
+
+			return ParsePacketIPv4(p, buf, size);
+
+		case MAC_PROTO_IPV6:	// IPv6
+			if (no_l3)
+			{
+				return true;
+			}
+
+			return ParsePacketIPv6(p, buf, size, no_l3_l4_except_icmpv6);
+
+		default:				// Unknown
+			return true;
+		}
+}
+
 // TAG VLAN parsing
-bool ParsePacketTAGVLAN(PKT *p, UCHAR *buf, UINT size)
+bool ParsePacketTAGVLAN(PKT *p, UCHAR *buf, UINT size, bool no_l3, bool no_l3_l4_except_icmpv6)
 {
 	USHORT vlan_ushort;
+	USHORT proto_ushort;
 	// Validate arguments
 	if (p == NULL || buf == NULL)
 	{
@@ -2151,12 +2157,17 @@ bool ParsePacketTAGVLAN(PKT *p, UCHAR *buf, UINT size)
 	buf += sizeof(TAGVLAN_HEADER);
 	size -= sizeof(TAGVLAN_HEADER);
 
-	vlan_ushort = READ_USHORT(p->L3.TagVlanHeader->Data);
+	vlan_ushort = READ_USHORT(p->L3.TagVlanHeader->TagID);
 	vlan_ushort = vlan_ushort & 0xFFF;
 
 	p->VlanId = vlan_ushort;
 
-	return true;
+	proto_ushort = READ_USHORT(p->L3.TagVlanHeader->Protocol);
+	proto_ushort = proto_ushort & 0xFFFF;
+
+	
+	// Parse the L3 packet
+	return ParsePacketL3(p, buf, size, proto_ushort, no_l3, no_l3_l4_except_icmpv6);
 }
 
 // BPDU Parsing
@@ -4168,6 +4179,7 @@ BUF *DhcpModify(DHCP_MODIFY_OPTION *m, void *data, UINT size)
 	LIST *opt_list2 = NULL;
 	UINT src_size = size;
 	UINT i;
+	UINT dhcp_min_size;
 	// Validate arguments
 	if (m == NULL || data == NULL || size == 0)
 	{
@@ -4270,11 +4282,13 @@ BUF *DhcpModify(DHCP_MODIFY_OPTION *m, void *data, UINT size)
 		// Rewrite if anything changes. Do not rewrite if there is no change
 		ret_ok = true;
 
-		if (ret->Size < DHCP_MIN_SIZE)
+		// If src_size is greater than DHCP_MIN_SIZE, then use the src_size as minimum size of DHCP.
+		dhcp_min_size = MAX(src_size, DHCP_MIN_SIZE);
+		if (ret->Size < dhcp_min_size)
 		{
 			// Padding
 			UCHAR *pad_buf;
-			UINT pad_size = DHCP_MIN_SIZE - ret->Size;
+			UINT pad_size = dhcp_min_size - ret->Size;
 
 			pad_buf = ZeroMalloc(pad_size);
 

src/Mayaqua/TcpIp.h

@@ -87,7 +87,8 @@ struct ARPV4_HEADER
 // Tagged VLAN header
 struct TAGVLAN_HEADER
 {
-	UCHAR Data[2];					// Data
+	UCHAR TagID[2];					// TagID
+	UCHAR Protocol[2];				// Protocol
 } GCC_PACKED;
 
 // IPv4 header
@@ -650,6 +651,15 @@ struct IKE_HEADER
 #define IKE_EXCHANGE_TYPE_INFORMATION		5	// Information exchange
 #define IKE_EXCHANGE_TYPE_QUICK				32	// Quick mode
 
+// IKEv2 version identifier (in the Version field of IKE_HEADER)
+#define IKEv2_VERSION					0x20	// 2.0
+
+// IKEv2 exchange types (RFC 7296)
+#define IKEv2_EXCHANGE_IKE_SA_INIT		34
+#define IKEv2_EXCHANGE_IKE_AUTH			35
+#define IKEv2_EXCHANGE_CREATE_CHILD_SA	36
+#define IKEv2_EXCHANGE_INFORMATIONAL	37
+
 // DHCPv4 data
 struct DHCPV4_DATA
 {
@@ -762,10 +772,11 @@ void FreePacketTCPv4(PKT *p);
 void FreePacketICMPv4(PKT *p);
 void FreePacketDHCPv4(PKT *p);
 bool ParsePacketL2Ex(PKT *p, UCHAR *buf, UINT size, bool no_l3, bool no_l3_l4_except_icmpv6);
+bool ParsePacketL3(PKT *p, UCHAR *buf, UINT size, USHORT proto, bool no_l3, bool no_l3_l4_except_icmpv6);
 bool ParsePacketARPv4(PKT *p, UCHAR *buf, UINT size);
 bool ParsePacketIPv4(PKT *p, UCHAR *buf, UINT size);
 bool ParsePacketBPDU(PKT *p, UCHAR *buf, UINT size);
-bool ParsePacketTAGVLAN(PKT *p, UCHAR *buf, UINT size);
+bool ParsePacketTAGVLAN(PKT *p, UCHAR *buf, UINT size, bool no_l3, bool no_l3_l4_except_icmpv6);
 bool ParseICMPv4(PKT *p, UCHAR *buf, UINT size);
 bool ParseICMPv6(PKT *p, UCHAR *buf, UINT size);
 bool ParseTCP(PKT *p, UCHAR *buf, UINT size);

src/Mayaqua/Unix.c

@@ -2140,9 +2140,13 @@ void UnixMemoryFree(void *addr)
 // SIGCHLD handler
 void UnixSigChldHandler(int sig)
 {
+	int old_errno = errno;
+
 	// Recall the zombie processes
 	while (waitpid(-1, NULL, WNOHANG) > 0);
 	signal(SIGCHLD, UnixSigChldHandler);
+
+	errno = old_errno;
 }
 
 // Disable core dump

src/Neo6/NDIS6.c

@@ -5,7 +5,8 @@
 // NDIS6.c
 // Windows NDIS 6.2 Routine
 
-#include <GlobalConst.h>
+//#include <GlobalConst.h>
+#include "GlobalConst.h"
 
 #define	NEO_DEVICE_DRIVER
 

src/Neo6/NDIS6.h

@@ -9,25 +9,37 @@
 #define	NDIS5_H
 
 // Win32 DDK related
-#ifndef	CPU_64
-#define	_X86_
-#else	// CPU_64
-#ifndef	NEO_IA64
-#define	_AMD64_
-#define	AMD64
-#else	// NEO_IA64
-#define	_IA64_
-#define	IA64
-#endif	// NEO_IA64
-#endif	// CPU_64
+#ifndef CPU_64
+#define _X86_
+#else // CPU_64
+#ifdef CPU_ARM64
+//#define _ARM64_
+//#define ARM64
+#elif defined(NEO_IA64)
+#define _IA64_
+#define IA64
+#else
+#define _AMD64_
+#define AMD64
+#endif
+#endif // CPU_64
 #define	NDIS_MINIPORT_DRIVER
-// NDIS 6.2
-#define	NDIS620_MINIPORT
-#define	NDIS_SUPPORT_NDIS61			1
-#define	NDIS_SUPPORT_NDIS620		1
-#define NEO_NDIS_MAJOR_VERSION		6
-#define NEO_NDIS_MINOR_VERSION		20
-#define	NDIS_WDM					1
+#ifdef CPU_ARM64
+	#define NDIS640_MINIPORT 
+	#define NDIS_MINIPORT_MINIMUM_MAJOR_VERSION 6
+	#define NDIS_MINIPORT_MINIMUM_MINOR_VERSION 40
+	#define NEO_NDIS_MAJOR_VERSION 6
+	#define NEO_NDIS_MINOR_VERSION 40
+#else
+	// NDIS 6.2
+	#define	NDIS620_MINIPORT
+	#define	NDIS_SUPPORT_NDIS61			1
+	#define	NDIS_SUPPORT_NDIS620		1
+	#define NEO_NDIS_MAJOR_VERSION		6
+	#define NEO_NDIS_MINOR_VERSION		20
+	#define	NDIS_WDM					1
+#endif
+
 
 #include <wdm.h>
 #include <ndis.h>

src/Neo6/Neo6.vcxproj

@@ -0,0 +1,107 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Release|ARM64">
+      <Configuration>Release</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <VCProjectVersion>17.0</VCProjectVersion>
+    <ProjectGuid>{F7679B65-2FEC-469A-8BAC-B07BF4439422}</ProjectGuid>
+    <RootNamespace>Neo6</RootNamespace>
+    <Keyword>Win32Proj</Keyword>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="Configuration">
+      <TargetVersion>Windows10</TargetVersion>
+      <UseDebugLibraries>false</UseDebugLibraries>
+      <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
+      <ConfigurationType>Driver</ConfigurationType>
+      <DriverType>KMDF</DriverType>
+      <DriverTargetPlatform>Universal</DriverTargetPlatform>
+      <TargetName>Neo6_arm64_unsigned</TargetName>
+      <TargetExt>.sys</TargetExt>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup>
+    <_ProjectFileVersion>17.0.36310.24</_ProjectFileVersion>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <IntDir>$(Platform)_$(Configuration)\</IntDir>
+    <IgnoreImportLibrary>true</IgnoreImportLibrary>
+    <LinkIncremental>false</LinkIncremental>
+    <GenerateManifest>false</GenerateManifest>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <Midl />
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>Default</InlineFunctionExpansion>
+      <IntrinsicFunctions>false</IntrinsicFunctions>
+      <FavorSizeOrSpeed>Neither</FavorSizeOrSpeed>
+      <TreatWarningAsError>false</TreatWarningAsError>
+      <AdditionalIncludeDirectories>$(ProjectDir)\..\;$(SolutionDir);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>ARM64;_ARM64_;CPU_64;WIN32;CPU_ARM64;NDEBUG;_WINDOWS;_USRDLL;NEO_EXPORTS;VPN_SPEED;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>false</StringPooling>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <StructMemberAlignment>8Bytes</StructMemberAlignment>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>false</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+
+      <CompileAs>CompileAsC</CompileAs>
+      <DisableSpecificWarnings>4996;%(DisableSpecificWarnings)</DisableSpecificWarnings>
+    </ClCompile>
+    <!-- <PreLinkEvent>
+      <Command>$(SolutionDir)bin\BuildUtil.exe /CMD:GenerateVersionResource "$(TargetPath)" /OUT:"$(SolutionDir)tmp\VersionResources\$(ProjectName)_$(Platform).res" /PRODUCT:"SoftEther VPN"</Command>
+    </PreLinkEvent> -->
+    <ProjectReference>
+      <LinkLibraryDependencies>false</LinkLibraryDependencies>
+    </ProjectReference>
+    <Link>
+      <OutputFile>$(OutDir)Neo6_arm64_unsigned.sys</OutputFile>
+      <AdditionalLibraryDirectories>%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
+      <AdditionalDependencies>ntoskrnl.lib;wdm.lib;hal.lib;;ucrt.lib;ndis.lib;wdmsec.lib;ntdll.lib;Kernel32.lib;fwpkclnt.lib;libcntpr.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <!-- <ImportLibrary>$(SolutionDir)tmp\lib\$(Platform)_$(Configuration)\$(ProjectName).lib</ImportLibrary> -->
+      <TargetMachine>MachineARM64</TargetMachine>
+    </Link>
+    <!-- <PostBuildEvent>
+      <Command>$(SolutionDir)bin\BuildUtil.exe /CMD:SignCode "$(TargetPath)" /DEST:"$(TargetDir)Neo6_ARM64.sys" /COMMENT:"VPN Software" /KERNEL:yes /CERTID:0 /SHAMODE:0
+      $(SolutionDir)bin\BuildUtil.exe /CMD:SignCode "$(TargetPath)" /DEST:"$(TargetDir)Neo6_ARM64_win10.sys" /COMMENT:"VPN Software" /KERNEL:yes /CERTID:0 /SHAMODE:2
+      </Command>
+    </PostBuildEvent> -->
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="NDIS6.c" />
+    <ClCompile Include="Neo6.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="NDIS6.h" />
+    <ClInclude Include="Neo6.h" />
+    <ClInclude Include="resource.h" />
+  </ItemGroup>
+  <ItemGroup>
+    <ResourceCompile Include="Neo6.rc" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>

src/bin/hamcore/DriverPackages/Neo6_Win10/arm64/Neo6_arm64_VPN.inf

@@ -0,0 +1,114 @@
+; VPN Client Device Driver for Windows 2000 and Greater
+; 
+; Copyright (c) SoftEther Corporation. All Rights Reserved.
+; http://www.softether.co.jp/
+; 
+; BUILD 9658
+
+[Version]
+Signature					= "$Windows NT$"
+Class						= Net
+ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
+Provider					= %CompanyName%
+DriverVer					= 02/04/2018, 4.25.0.9658
+CatalogFile.NT				= Neo6_arm64_VPN.cat
+
+[Manufacturer]
+%CompanyName% 				= SoftEther, NTarm64
+
+[SourceDisksNames]
+1=%DiskDescription%, "", , 
+
+[SourceDisksFiles]
+Neo6_arm64_VPN.sys	= 1
+
+[DestinationDirs]
+DefaultDestDir				= 12
+Neo.CopyFiles.Sys			= 12
+
+[Neo.CopyFiles.Sys]
+Neo6_arm64_VPN.sys, , , 2
+
+[SoftEther.NTarm64]
+%NeoAdapter.DeviceDesc%	= NeoAdapter.Install, NeoAdapter_VPN
+
+[NeoAdapter.Install]
+Characteristics				= 0x1
+AddReg						= Neo.Reg, NeoAdapter.Ndi
+CopyFiles					= Neo.CopyFiles.Sys
+*IfType						= 53
+*MediaType					= 0
+*PhysicalMediaType			= 0
+
+[NeoAdapter.Install.Services]
+AddService					= %Neo.Service.Name%, 2, Neo.Service, Neo.EventLog, , %Neo, EventLog.Name%
+
+[NeoAdapter.Ndi]
+HKR, , NetworkAddress, 0, %DefaultAddress%
+HKR, Ndi, DeviceID, , "NeoAdapter_VPN"
+HKR, , DevLoader, , ndis
+HKR, , DeviceVxDs, , Neo6_arm64_VPN.sys
+HKR, NDIS, LogDriverName, , "Neo_VPN"
+HKR, NDIS, MajorNdisVersion, 1, 5
+HKR, NDIS, MinorNdisVersion, 1, 0
+HKR, Ndi\Interfaces, DefUpper, , "ndis5"
+HKR, Ndi\Interfaces, UpperRange, , "ndis5"
+HKR, Ndi\Interfaces, LowerRange, , "ethernet"
+HKR, Ndi\Interfaces, DefLower, , "ethernet"
+HKR, Ndi\Install, ndis5, , "Neo.CopyFiles.Sys"
+HKR, Ndi\Params\NetworkAddress, ParamDesc, 0, %NetworkAddress%
+HKR, Ndi\Params\NetworkAddress, type, 0, "edit"
+HKR, Ndi\Params\NetworkAddress, LimitText, 0, "12"
+HKR, Ndi\Params\NetworkAddress, UpperCase, 0, "1"
+HKR, Ndi\Params\NetworkAddress, default, 0, %DefaultAddress%
+HKR, Ndi\Params\NetworkAddress, optional, 0, "0"
+HKR, Ndi\Params\MaxSpeed, ParamDesc, 0, %MaxSpeed%
+HKR, Ndi\Params\MaxSpeed, type, 0, "int"
+HKR, Ndi\Params\MaxSpeed, default, 0, "100"
+HKR, Ndi\Params\MaxSpeed, min, 0, "0"
+HKR, Ndi\Params\MaxSpeed, max, 0, "2000"
+HKR, Ndi\Params\MaxSpeed, step, 0, "1"
+HKR, Ndi\Params\MaxSpeed, Base, 0, "10"
+HKR, Ndi\Params\KeepLink, ParamDesc, 0, %KeepLink%
+HKR, Ndi\Params\KeepLink, type, 0, "enum"
+HKR, Ndi\Params\KeepLink\enum, "1", 0, %On%
+HKR, Ndi\Params\KeepLink\enum, "0", 0, %Off%
+HKR, Ndi\Params\KeepLink, default, 0, "0"
+
+
+[Neo.Service]
+DisplayName					= %Neo.Service.DispName%
+Description					= %Neo.Service.Desc%
+ServiceType					= 1
+StartType					= 3
+ErrorControl				= 1
+ServiceBinary				= %12%\Neo6_arm64_VPN.sys
+LoadOrderGroup				= NDIS
+
+[Neo.Reg]
+HKR, Ndi, Service, 0, Neo.Service.Name
+HKR, Ndi\Interfaces, LowerRange, 0, "ethernet"
+HKR, Ndi\Interfaces, UpperRange, 0, "ndis5"
+
+[Neo.EventLog]
+HKR, , EventMessageFile, 0x00020000, "%11%\IoLogMsg.dll;%12%\Neo6_arm64_VPN.sys"
+HKR, , TypesSupported, 0x00010001, 7
+
+[Strings]
+CompanyName					= "SoftEther Corporation"
+DiskDescription				= "VPN Client Device Driver Install Disk"
+Neo.Service.Name			= "Neo_VPN"
+Neo.Service.DispName		= "VPN Client Device Driver - VPN"
+Neo.Service.Desc			= "VPN Client Adapter - VPN"
+NeoAdapter.DeviceDesc		= "VPN Client Adapter - VPN"
+Neo.EventLog.Name			= "Neo"
+NetworkAddress				= "MAC Address"
+DefaultAddress				= "000001000001"
+MaxSpeed					= "Indicate Speed (Mbps)"
+KeepLink					= "Keep Link"
+On							= "On"
+Off							= "Off"
+
+
+; Auto Generated 20180205_163621.454
+