Merge pull request #2126 from kiraware/fix-indonesian-translation

Fix Indonesian translation with printf formatting

.appveyor.yml

@@ -1,40 +0,0 @@
-version: '{build}'
-
-image: Ubuntu1804
-
-configuration: Release
-
-skip_branch_with_pr: true
-clone_depth: 1
-
-skip_commits:
-  files:
-    - .travis.yml
-    - .gitlab-ci.yml
-    - .azure-pipelines.yml
-    - .cirrus.yml
-
-init:
-  - ps: Update-AppveyorBuild -Version "build-$env:APPVEYOR_BUILD_NUMBER-$($env:APPVEYOR_REPO_COMMIT.substring(0,7))"
-
-install:
-  - sudo apt-get -y install libsodium-dev
-before_build:
-  - sh: "if [ ${APPVEYOR_REPO_TAG} == \"true\" ]; then .ci/appveyor-create-release-tarball.sh\nfi"
-  - git submodule update --init --recursive
-  - ./configure
-build_script:
-  - make package -C build -j $(nproc || sysctl -n hw.ncpu || echo 4)
-  - .ci/memory-leak-test.sh
-test_script:
-  - .ci/appveyor-deb-install-test.sh
-  - sudo apt-get update && sudo apt-get -y install autoconf libtool liblzo2-dev libpam-dev fping unzip liblz4-dev # openvpn build deps
-  - sudo .ci/start-se-openvpn.sh
-  - sudo .ci/run-openvpn-tests.sh
-
-deploy:
-  description: 'automatic release'
-  provider: GitHub
-  auth_token: $(github_token)
-  on:
-    APPVEYOR_REPO_TAG: true

.azure-pipelines.yml

@@ -1,4 +0,0 @@
-jobs:
-  - template: .ci/azure-pipelines/linux.yml
-  - template: .ci/azure-pipelines/windows.yml
-  - template: .ci/azure-pipelines/macos.yml

.ci/appveyor-create-release-tarball.sh

@@ -1,7 +0,0 @@
-#!/bin/bash
-
-set -eux
-
-tar --exclude=.git --transform "s//SoftEtherVPN-${APPVEYOR_REPO_TAG_NAME}\//" -czf /tmp/softether-vpn-src-${APPVEYOR_REPO_TAG_NAME}.tar.gz . 
-appveyor PushArtifact /tmp/softether-vpn-src-${APPVEYOR_REPO_TAG_NAME}.tar.gz
-

.ci/azure-pipelines/linux.yml

@@ -1,17 +0,0 @@
-jobs:
-- job: Ubuntu_x64
-  pool:
-    vmImage: ubuntu-18.04
-  steps:
-  - script: sudo apt update && sudo apt-get -y install cmake gcc g++ ninja-build libncurses5-dev libreadline-dev libsodium-dev libssl-dev make zlib1g-dev liblz4-dev
-    displayName: 'Prepare environment'
-  - script: "$(Build.SourcesDirectory)/.ci/azure-pipelines/linux_build.sh"
-    env:
-      SE_BUILD_NUMBER_TOKEN: $(BUILD_NUMBER_TOKEN)
-    displayName: 'Build'
-  - script: |
-      .ci/appveyor-deb-install-test.sh
-      sudo apt-get -y install autoconf libtool liblzo2-dev libpam-dev fping unzip # To build OpenVPN
-      sudo BUILD_BINARIESDIRECTORY=$BUILD_BINARIESDIRECTORY .ci/start-se-openvpn.sh
-      sudo BUILD_BINARIESDIRECTORY=$BUILD_BINARIESDIRECTORY .ci/run-openvpn-tests.sh
-    displayName: 'Test'

.ci/azure-pipelines/linux_build.sh

@@ -1,15 +0,0 @@
-#!/bin/bash
-
-if [[ "${#SE_BUILD_NUMBER_TOKEN}" -eq 64 ]]; then
-	VERSION=$(python3 "version.py")
-	BUILD_NUMBER=$(curl "https://softether.network/get-build-number?commit=${BUILD_SOURCEVERSION}&version=${VERSION}&token=${SE_BUILD_NUMBER_TOKEN}")
-else
-	BUILD_NUMBER=0
-fi
-
-cd ${BUILD_BINARIESDIRECTORY}
-
-cmake -G "Ninja" -DCMAKE_BUILD_TYPE=RelWithDebInfo -DBUILD_NUMBER=${BUILD_NUMBER} ${BUILD_SOURCESDIRECTORY}
-cmake --build .
-
-cpack -C Release -G DEB 

.ci/azure-pipelines/macos.yml

@@ -1,11 +0,0 @@
-jobs:
-- job: macOS
-  pool:
-    vmImage: macOS-latest
-  steps:
-  - script: brew install pkg-config cmake ninja ncurses readline libsodium openssl zlib
-    displayName: 'Prepare environment'
-  - script: '$(Build.SourcesDirectory)/.ci/azure-pipelines/macos_build.sh'
-    env:
-      SE_BUILD_NUMBER_TOKEN: $(BUILD_NUMBER_TOKEN)
-    displayName: 'Build'

.ci/azure-pipelines/macos_build.sh

@@ -1,13 +0,0 @@
-#!/bin/bash
-
-if [[ "${#SE_BUILD_NUMBER_TOKEN}" -eq 64 ]]; then
-	VERSION=$(python3 "version.py")
-	BUILD_NUMBER=$(curl "https://softether.network/get-build-number?commit=${BUILD_SOURCEVERSION}&version=${VERSION}&token=${SE_BUILD_NUMBER_TOKEN}")
-else
-	BUILD_NUMBER=0
-fi
-
-cd ${BUILD_BINARIESDIRECTORY}
-
-cmake -G "Ninja" -DCMAKE_BUILD_TYPE=RelWithDebInfo -DBUILD_NUMBER=${BUILD_NUMBER} -DOPENSSL_ROOT_DIR="/usr/local/opt/openssl" ${BUILD_SOURCESDIRECTORY}
-cmake --build .

.ci/azure-pipelines/windows-steps.yml

@@ -1,45 +0,0 @@
-parameters:
-- name: architecture
-  type: string
-- name: compilerPath
-  type: string
-- name: vcpkgTriplet
-  type: string
-- name: vcvarsPath
-  type: string
-
-steps:
-- task: Cache@2
-  inputs:
-    key: '"vcpkg-installed-windows-${{parameters.architecture}}"'
-    path: 'C:/vcpkg/installed'
-  displayName: 'Environment storage'
-- script: |
-    vcpkg install libsodium openssl zlib --triplet ${{parameters.vcpkgTriplet}}
-  workingDirectory: C:/vcpkg
-  displayName: 'Prepare environment'
-- script: '$(Build.SourcesDirectory)/.ci/azure-pipelines/windows_build.bat'
-  env:
-    ARCHITECTURE: ${{parameters.architecture}}
-    COMPILER_PATH: ${{parameters.compilerPath}}
-    VCPKG_TRIPLET: ${{parameters.vcpkgTriplet}}
-    VCVARS_PATH: ${{parameters.vcvarsPath}}
-    SE_BUILD_NUMBER_TOKEN: $(BUILD_NUMBER_TOKEN)
-  displayName: 'Build'
-- powershell: |
-    . .ci/appveyor-vpntest.ps1
-  displayName: 'Test'
-- task: CopyFiles@2
-  inputs:
-    sourceFolder: '$(Build.BinariesDirectory)'
-    contents: '?(*.exe|*.se2|*.pdb)'
-    TargetFolder: '$(Build.StagingDirectory)/binaries'
-    flattenFolders: true
-- task: PublishBuildArtifacts@1
-  inputs:
-    pathtoPublish: '$(Build.StagingDirectory)/binaries'
-    artifactName: 'Binaries'
-- task: PublishBuildArtifacts@1
-  inputs:
-    pathtoPublish: '$(Build.StagingDirectory)/installers'
-    artifactName: 'Installers'

.ci/azure-pipelines/windows.yml

@@ -1,21 +0,0 @@
-jobs:
-- job: Windows_x64
-  pool:
-    vmImage: windows-latest
-  steps:
-  - template: "windows-steps.yml"
-    parameters:
-      architecture: "x64"
-      compilerPath: "C:/Program Files (x86)/Microsoft Visual Studio/2019/Enterprise/VC/Tools/Llvm/x64/bin/clang-cl.exe"
-      vcpkgTriplet: "x64-windows-static-md"
-      vcvarsPath: "C:/Program Files (x86)/Microsoft Visual Studio/2019/Enterprise/VC/Auxiliary/Build/vcvars64.bat"
-- job: Windows_x86
-  pool:
-    vmImage: windows-latest
-  steps:
-  - template: "windows-steps.yml"
-    parameters:
-      architecture: "x86"
-      compilerPath: "C:/Program Files (x86)/Microsoft Visual Studio/2019/Enterprise/VC/Tools/Llvm/bin/clang-cl.exe"
-      vcpkgTriplet: "x86-windows-static-md"
-      vcvarsPath: "C:/Program Files (x86)/Microsoft Visual Studio/2019/Enterprise/VC/Auxiliary/Build/vcvarsamd64_x86.bat"

.ci/azure-pipelines/windows_build.bat

@@ -1,26 +0,0 @@
-@echo on
-
-:: The method we use to store a command's output into a variable:
-:: https://stackoverflow.com/a/6362922
-for /f "tokens=* USEBACKQ" %%g in (`python "version.py"`) do (set "VERSION=%%g")
-
-:: https://stackoverflow.com/a/8566001
-echo %SE_BUILD_NUMBER_TOKEN%> "%tmp%\length.txt"
-for %%? in ("%tmp%\length.txt") do ( set /A SE_BUILD_NUMBER_TOKEN_LENGTH=%%~z? - 2 )
-
-if %SE_BUILD_NUMBER_TOKEN_LENGTH% equ 64 (
-	for /f "tokens=* USEBACKQ" %%g in (`curl "https://softether.network/get-build-number?commit=%BUILD_SOURCEVERSION%&version=%VERSION%&token=%SE_BUILD_NUMBER_TOKEN%"`) do (set "BUILD_NUMBER=%%g")
-) else (
-	set BUILD_NUMBER=0
-)
-
-cd %BUILD_BINARIESDIRECTORY%
-
-call "%VCVARS_PATH%"
-
-cmake -G "Ninja" -DCMAKE_TOOLCHAIN_FILE="C:\vcpkg\scripts\buildsystems\vcpkg.cmake" -DVCPKG_TARGET_TRIPLET=%VCPKG_TRIPLET% -DCMAKE_BUILD_TYPE=RelWithDebInfo -DCMAKE_C_COMPILER="%COMPILER_PATH%" -DCMAKE_CXX_COMPILER="%COMPILER_PATH%" -DBUILD_NUMBER=%BUILD_NUMBER% "%BUILD_SOURCESDIRECTORY%"
-cmake --build .
-
-mkdir "%BUILD_STAGINGDIRECTORY%\installers"
-vpnsetup /SFXMODE:vpnclient /SFXOUT:"%BUILD_STAGINGDIRECTORY%\installers\softether-vpnclient-%VERSION%.%BUILD_NUMBER%.%ARCHITECTURE%.exe"
-vpnsetup /SFXMODE:vpnserver_vpnbridge /SFXOUT:"%BUILD_STAGINGDIRECTORY%\installers\softether-vpnserver_vpnbridge-%VERSION%.%BUILD_NUMBER%.%ARCHITECTURE%.exe"

.ci/run-openvpn-tests.sh

@@ -21,7 +21,7 @@ cat << EOF > tests/t_client.rc
 CA_CERT=fake
 TEST_RUN_LIST="1 2"
 
-OPENVPN_BASE="--remote 127.0.0.1 --config $CONFIG --auth-user-pass /tmp/auth.txt"
+OPENVPN_BASE="--config $CONFIG --auth-user-pass /tmp/auth.txt"
 
 RUN_TITLE_1="testing udp/ipv4"
 OPENVPN_CONF_1="--dev null --proto udp --port 1194 \$OPENVPN_BASE"
@@ -30,4 +30,6 @@ RUN_TITLE_2="testing tcp/ipv4"
 OPENVPN_CONF_2="--dev null --proto tcp --port 1194 \$OPENVPN_BASE"
 EOF
 
+sed -i 's/^remote.*$/remote 127.0.0.1 1194/g' /tmp/*l3*ovpn
+
 make test_scripts=t_client.sh check

.cirrus.yml

@@ -2,21 +2,21 @@ FreeBSD_task:
   matrix:
     env:
       SSL: openssl
+      OPENSSL_ROOT_DIR: /usr/local
     env:
-      SSL: libressl
-    env:
-      SSL: libressl-devel
+      SSL: openssl32
+      OPENSSL_ROOT_DIR: /usr/local
     env:
       # base openssl
       SSL:
   matrix:
     freebsd_instance:
-      image_family: freebsd-12-1
+      image_family: freebsd-14-2
   prepare_script:
-    - pkg install -y pkgconf cmake git libsodium $SSL
+    - pkg install -y pkgconf cmake git libsodium cpu_features $SSL
     - git submodule update --init --recursive
   configure_script:
-    - ./configure
+    - CMAKE_FLAGS="-DUSE_SYSTEM_CPU_FEATURES=1" CFLAGS="-I/usr/local/include/cpu_features" ./configure
   build_script:
     - make -j $(sysctl -n hw.ncpu || echo 4) -C build
   test_script:

.github/ISSUE_TEMPLATE.md

@@ -1,47 +0,0 @@
-Hi, there!
-
-Thank you for using SoftEther.
-
-Before you submit an issue, please read the following:
-
-Is this a question?
-
-- If the answer is "yes", then please ask your question on [www.vpnusers.com](http://www.vpnusers.com).
-The issue section on GitHub is reserved for bugs and feature requests.
-
-- If the answer is "no", please read the following:
-
-We provide a template which is specifically made for bug reports, in order to be sure that the report includes enough details to be helpful.
-
-Please use or adapt it as needed.
-
----
-
-### Prerequisites
-
-* [ ] Can you reproduce?
-* [ ] Are you running the latest version of SoftEtherVPN?
-
-**SoftEther version:**
-**Component:** [Server, Client, Bridge, etc.]
-**Operating system:** [Windows, Linux, BSD, macOS, etc.]
-**Architecture:** [64 bit, 32 bit]
-
-[In case it's a computer with known specs, such as the Raspberry Pi, you can specify it omitting the details.]
-**Processor:** [Specify brand and model. Example: AMD Ryzen 7 1800x]
-
-### Description
-
-[Description of the bug]
-
-**Expected behavior:**
-[What you expected to happen]
-
-**Actual behavior:**
-[What actually happened]
-
-### Steps to reproduce
-
-1. [First step]
-2. [Second step]
-3. [And so on...]

.github/ISSUE_TEMPLATE/bug_report_or_issue_report.yml

@@ -0,0 +1,87 @@
+name: Bug Report or Issue Report
+description: File a bug report or an issue report
+labels: "needs-triage"
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to fill out this bug report!         
+        We provide a template which is specifically made for bug reports, to be sure that the report includes enough details to be helpful.
+  
+  - type: checkboxes
+    attributes:
+      label: Are you using SoftEther VPN 5.x?
+      description: |
+        This issue tracker is for SoftEther VPN Developer Edition versioned 5.x.
+        Please report issues about SoftEther VPN Stable Edition versioned 4.x through the correct path.
+        See also [the top  of the issue tracker](https://github.com/SoftEtherVPN/SoftEtherVPN/issues/new/choose).
+      options:
+        - label: Yes, I'm using SoftEther VPN 5.x, not 4.x.
+          required: true
+
+  - type: input
+    attributes:
+      label: Version
+      description: |
+          The exact version you are using.
+          It would be very nice if you let us know version tag or commit hash.
+      placeholder: "5.02.5180 / 09b7e4f / 5.01.9674+git20200806+8181039+dfsg2-2build1"
+    
+  - type: dropdown
+    attributes:
+      label: Component
+      description: Which component did you encounter an issue with?
+      multiple: true
+      options:
+        - VPN Server
+        - VPN Bridge
+        - VPN Client
+        - VPN Tools
+        - Other
+    validations:
+      required: true
+
+  - type: input
+    attributes:
+      label: Operating system & version
+      placeholder: "Windows 11 Pro 23H2 / Ubuntu 22.04 / FreeBSD 14.0 / macOS Sonoma / Independent"
+      description: |
+        Let us know about your operating system and version.
+    validations:
+      required: true
+      
+  - type: input
+    attributes:
+      label: Architecture or Hardware model
+      placeholder: "amd64 / aarch64 / Raspberry Pi 4B+ / Apple M2"
+      description: |
+        Necessary if your issue is architecture-specific.
+
+  - type: textarea
+    attributes:
+      label: Steps to reproduce
+      placeholder: Having detailed steps helps us reproduce the bug.
+    validations:
+      required: true
+      
+  - type: textarea
+    attributes:
+      label: ✔️ Expected Behavior
+      placeholder: What do you expect to happen?
+    validations:
+      required: false
+      
+  - type: textarea
+    attributes:
+      label: ❌ Actual Behavior
+      placeholder: What happened actually?
+    validations:
+      required: false
+      
+  - type: textarea
+    attributes:
+      label: Anything else?
+      description: |
+        Links? References?  
+        Anything that will give us more context about the issue you are encountering!
+  

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,8 @@
+contact_links:
+  - name: Are you using SoftEther VPN 4.x?
+    about: This repository is for SoftEther VPN 5.x Developer Edition, developed independently from SoftEther VPN 4.x. Visit vpnusers.com if you would like to report issues or ask questions about version 4.x!
+    url: https://www.vpnusers.com/
+
+  - name: Questions about SoftEtherVPN 5.x
+    about: Visit Discussions to ask community to help.
+    url: https://github.com/SoftEtherVPN/SoftEtherVPN/discussions/new?category=q-a

.github/workflows/build_source_release.yml

@@ -26,7 +26,7 @@ jobs:
         mv /tmp/$PKGNAME .
         TARBALL=$PKGNAME.tar.xz
         tar cJf $TARBALL $PKGNAME
-        echo "::set-output name=tarball::$TARBALL"
+        echo "tarball=$TARBALL" >> $GITHUB_OUTPUT
 
     - name: upload tarball
       uses: actions/upload-release-asset@v1

.github/workflows/coverity.yml

@@ -5,16 +5,13 @@ on:
   schedule:
   - cron: "0 0 * * *"
 
+permissions:
+  contents: read
+
 jobs:
   scan:
     runs-on: ubuntu-latest
     if: ${{ github.repository_owner == 'SoftEtherVPN' }}
-    env:
-      COVERITY_SCAN_PROJECT_NAME: 'SoftEtherVPN/SoftEtherVPN'
-      COVERITY_SCAN_BRANCH_PATTERN: '*'
-      COVERITY_SCAN_NOTIFICATION_EMAIL: 'chipitsine@gmail.com'
-      COVERITY_SCAN_BUILD_COMMAND_PREPEND: "./configure"
-      COVERITY_SCAN_BUILD_COMMAND: "make -C build"
     steps:
     - uses: actions/checkout@v2
       with:
@@ -23,8 +20,24 @@ jobs:
       run: |
         sudo apt-get update
         sudo apt-get install -y cmake gcc g++ libncurses5-dev libreadline-dev libssl-dev make zlib1g-dev libsodium-dev
-    - name: Run Coverity Scan
-      env:
-        COVERITY_SCAN_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
+    - name: Download Coverity build tool
       run: |
-        curl -fsSL "https://scan.coverity.com/scripts/travisci_build_coverity_scan.sh" | bash || true
+        wget -c -N https://scan.coverity.com/download/linux64 --post-data "token=${{ secrets.COVERITY_SCAN_TOKEN }}&project=SoftEtherVPN%2FSoftEtherVPN" -O coverity_tool.tar.gz
+        mkdir coverity_tool
+        tar xzf coverity_tool.tar.gz --strip 1 -C coverity_tool
+    - name: Configure
+      run: |
+        ./configure
+    - name: Build with Coverity build tool
+      run: |
+        export PATH=`pwd`/coverity_tool/bin:$PATH
+        cov-build --dir cov-int make -C build
+    - name: Submit build result to Coverity Scan
+      run: |
+        tar czvf cov.tar.gz cov-int
+        curl --form token=${{ secrets.COVERITY_SCAN_TOKEN }} \
+          --form email=chipitsine@gmail.com \
+          --form file=@cov.tar.gz \
+          --form version="Commit $GITHUB_SHA" \
+          --form description="Build submitted via CI" \
+          https://scan.coverity.com/builds?project=SoftEtherVPN%2FSoftEtherVPN

.github/workflows/docker-aio.yml

@@ -0,0 +1,98 @@
+name: docker-aio
+
+on:
+  push:
+    branches: 
+      - 'master'
+    tags:
+      - '*'
+  pull_request:
+  workflow_dispatch:
+
+jobs:
+  docker:
+    name: docker-aio
+    runs-on: ubuntu-latest
+    if: ${{ github.repository_owner == 'SoftEtherVPN' }}
+    steps:
+      -
+        name: Docker meta vpnserver
+        id: metavpnserver
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ github.repository_owner }}/vpnserver
+          tags: |
+            type=raw,value=latest,enable={{is_default_branch}}
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+      - 
+        name: Docker meta vpnclient
+        id: metavpnclient
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ github.repository_owner }}/vpnclient
+          tags: |
+            type=raw,value=latest,enable={{is_default_branch}}
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+      - 
+        name: Docker meta vpnbridge
+        id: metavpnbridge
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ github.repository_owner }}/vpnbridge
+          tags: |
+            type=raw,value=latest,enable={{is_default_branch}}
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+      -
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+        with:
+          image: tonistiigi/binfmt:qemu-v9.2.0
+#
+# TODO: unpin qemu version after default is updated
+#
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      -
+        name: Login to DockerHub
+        if: ${{ github.event_name != 'pull_request' }}
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      -
+        name: Build and push vpnserver
+        uses: docker/build-push-action@v6
+        with:
+          file: ./Dockerfile
+          target: vpnserver
+          push: ${{ github.event_name != 'pull_request' }}
+          platforms: linux/amd64,linux/arm64
+          tags: ${{ steps.metavpnserver.outputs.tags }}
+          labels: ${{ steps.metavpnserver.outputs.labels }}
+      -
+        name: Build and push vpnclient
+        uses: docker/build-push-action@v6
+        with:
+          file: ./Dockerfile
+          target: vpnclient
+          push: ${{ github.event_name != 'pull_request' }}
+          platforms: linux/amd64,linux/arm64
+          tags: ${{ steps.metavpnclient.outputs.tags }}
+          labels: ${{ steps.metavpnclient.outputs.labels }}
+      -
+        name: Build and push vpnbridge
+        uses: docker/build-push-action@v6
+        with:
+          file: ./Dockerfile
+          target: vpnbridge
+          push: ${{ github.event_name != 'pull_request' }}
+          platforms: linux/amd64,linux/arm64
+          tags: ${{ steps.metavpnbridge.outputs.tags }}
+          labels: ${{ steps.metavpnbridge.outputs.labels }}

.github/workflows/fedora-rawhide.yml

@@ -0,0 +1,34 @@
+name: Fedora/Rawhide
+
+on:
+  schedule:
+    - cron: "0 0 25 * *"
+  push:
+  pull_request:
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  build_and_test:
+    strategy:
+      matrix:
+        cc: [ gcc, clang ]
+    name: ${{ matrix.cc }}
+    runs-on: ubuntu-latest
+    container:
+      image: fedora:rawhide
+    steps:
+    - uses: actions/checkout@v1
+      with:
+        submodules: true
+    - name: Install dependencies
+      run: |
+        dnf -y install git cmake ncurses-devel openssl-devel-engine libsodium-devel readline-devel zlib-devel gcc-c++ clang google-cpu_features-devel
+    - name: Compile with ${{ matrix.cc }}
+      run: |
+        export CC=${{ matrix.cc }}
+        CMAKE_FLAGS="-DUSE_SYSTEM_CPU_FEATURES=1" CFLAGS="-I/usr/include/cpu_features" ./configure
+        make -C build
+

.github/workflows/linux.yml

@@ -0,0 +1,41 @@
+on: [push, pull_request]
+
+permissions:
+  contents: read
+
+jobs:
+  build_and_test:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        submodules: true
+
+    - name: Install dependencies
+      run: sudo apt update && sudo apt-get -y install cmake gcc g++ ninja-build libncurses5-dev libreadline-dev libsodium-dev libssl-dev make zlib1g-dev liblz4-dev libnl-genl-3-dev 
+
+    - name: Build
+      run: |
+        mkdir build
+        cd build
+        cmake -G "Ninja" -DCMAKE_BUILD_TYPE=RelWithDebInfo ..
+        cmake --build .
+
+    - name: Build deb packages
+      run: |
+        cd build
+        cpack -C Release -G DEB 
+
+    - name: Upload DEB packages as artifacts
+      if: github.ref == 'refs/heads/master'
+      uses: actions/upload-artifact@v4
+      with:
+        name: deb-packages
+        path: build/*.deb
+
+    - name: Test
+      run: |
+       .ci/appveyor-deb-install-test.sh
+       sudo apt-get -y install autoconf libtool liblzo2-dev libpam-dev fping unzip libcap-ng-dev # To build OpenVPN
+       sudo .ci/start-se-openvpn.sh
+       sudo .ci/run-openvpn-tests.sh

.github/workflows/macos.yml

@@ -0,0 +1,28 @@
+on: [push, pull_request, workflow_dispatch]
+
+permissions:
+  contents: read
+
+jobs:
+  build_and_test:
+    strategy:
+      matrix:
+        os: [macos-15, macos-14, macos-13]
+    name: ${{ matrix.os }}
+    runs-on: ${{ matrix.os }}
+    steps:
+    - uses: actions/checkout@v1
+      with:
+        submodules: true
+    - name: Install dependencies
+      run: |
+        brew install libsodium
+    - name: Compile 
+      run: |
+        ./configure
+        make -C build
+    - name: Test 
+      run: |
+        otool -L build/vpnserver
+        .ci/memory-leak-test.sh
+

.github/workflows/musl.yml

@@ -0,0 +1,23 @@
+name: alpine/musl
+
+on: [push, pull_request]
+
+permissions:
+  contents: read
+
+jobs:
+  musl:
+      name: gcc
+      runs-on: ubuntu-latest
+      container:
+        image: alpine:latest
+      steps:
+      - uses: actions/checkout@v1
+        with:
+          submodules: true
+      - name: Install dependencies
+        run: apk add binutils --no-cache build-base readline-dev openssl-dev ncurses-dev git cmake zlib-dev libsodium-dev gnu-libiconv 
+      - name: Configure
+        run: ./configure
+      - name: make 
+        run: make -C build

.github/workflows/stb_check.yml

@@ -0,0 +1,16 @@
+on: [push, pull_request]
+
+permissions:
+  contents: read
+
+jobs:
+  check:
+      runs-on: ubuntu-latest
+      steps:
+      - uses: actions/checkout@v1
+        with:
+          submodules: true
+      - name: Check
+        run: |
+          cd developer_tools/stbchecker
+          dotnet run ../../src/bin/hamcore

.github/workflows/windows.yml

@@ -0,0 +1,63 @@
+on: [push, pull_request]
+
+permissions:
+  contents: read
+
+jobs:
+  build_and_test:
+    strategy:
+      matrix:
+        platform: [
+          { ARCHITECTURE: x86, COMPILER_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Tools/Llvm/bin/clang-cl.exe",     VCPKG_TRIPLET: "x86-windows-static", VCVARS_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Auxiliary/Build/vcvars32.bat"},
+          { ARCHITECTURE: x64, COMPILER_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Tools/Llvm/x64/bin/clang-cl.exe", VCPKG_TRIPLET: "x64-windows-static", VCVARS_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Auxiliary/Build/vcvars64.bat"}
+        ]
+    runs-on: windows-latest
+    name: ${{ matrix.platform.ARCHITECTURE }}
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        submodules: true
+    - name: Cache vcpkg
+      uses: actions/cache@v4
+      with:
+        path: 'build/vcpkg_installed/'
+        key: vcpkg-${{ matrix.platform.VCPKG_TRIPLET }}
+    - name: Set version variables
+      run: |
+        $v = python version.py
+        echo "VERSION=$v" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append
+      shell: pwsh
+    - name: Build
+      env:
+        ARCHITECTURE: ${{ matrix.platform.ARCHITECTURE }}
+        COMPILER_PATH: ${{ matrix.platform.COMPILER_PATH }}
+        VCPKG_TRIPLET: ${{ matrix.platform.VCPKG_TRIPLET }}
+        VCVARS_PATH: ${{ matrix.platform.VCVARS_PATH }}
+      run: |
+        set BUILD_NUMBER=0
+        mkdir build
+        cd build
+        call "%VCVARS_PATH%"
+        cmake -G "Ninja" -DCMAKE_TOOLCHAIN_FILE="C:\vcpkg\scripts\buildsystems\vcpkg.cmake" -DVCPKG_TARGET_TRIPLET=%VCPKG_TRIPLET% -DCMAKE_BUILD_TYPE=RelWithDebInfo -DCMAKE_C_COMPILER="%COMPILER_PATH%" -DCMAKE_CXX_COMPILER="%COMPILER_PATH%" -DBUILD_NUMBER=%BUILD_NUMBER% ..
+        cmake --build .
+        mkdir installers
+        vpnsetup /SFXMODE:vpnclient /SFXOUT:"installers\softether-vpnclient-%VERSION%.%BUILD_NUMBER%.%ARCHITECTURE%.exe"
+        vpnsetup /SFXMODE:vpnserver_vpnbridge /SFXOUT:"installers\softether-vpnserver_vpnbridge-%VERSION%.%BUILD_NUMBER%.%ARCHITECTURE%.exe"
+      shell: cmd
+    - name: Test
+      shell: powershell
+      run: |
+        . .ci/appveyor-vpntest.ps1
+    - uses: actions/upload-artifact@v4
+      with:
+        if-no-files-found: error
+        name: Binaries-${{ matrix.platform.ARCHITECTURE }}
+        path: |
+          build/*.exe
+          build/*.pdb
+          build/*.se2
+    - uses: actions/upload-artifact@v4
+      with:
+        if-no-files-found: error
+        name: Installers-${{ matrix.platform.ARCHITECTURE }}
+        path: build/installers

.github/workflows/windows_release.yml

@@ -0,0 +1,94 @@
+name: "Release"
+
+on:
+  push:
+    tags:
+      - '*'
+
+concurrency:
+  group: "${{ github.workflow }}-${{ github.ref }}"
+  cancel-in-progress: true
+
+permissions:
+  contents: write
+
+jobs:
+  release:
+    runs-on: windows-latest
+    outputs:
+      upload_url: "${{ steps.create_release.outputs.upload_url }}"
+    steps:
+      - name: "Checkout repository"
+        uses: actions/checkout@v4
+
+      - name: "Create GitHub release"
+        id: create_release
+        uses: softprops/action-gh-release@v1
+  build-windows:
+    name: ${{ matrix.platform.ARCHITECTURE }}
+    runs-on: windows-latest
+    needs: ["release"]
+    strategy:
+      matrix:
+        platform: [
+          { ARCHITECTURE: x86, COMPILER_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Tools/Llvm/bin/clang-cl.exe",     VCPKG_TRIPLET: "x86-windows-static", VCVARS_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Auxiliary/Build/vcvars32.bat"},
+          { ARCHITECTURE: x64, COMPILER_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Tools/Llvm/x64/bin/clang-cl.exe", VCPKG_TRIPLET: "x64-windows-static", VCVARS_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Auxiliary/Build/vcvars64.bat"}
+        ]
+    steps:
+      - name: "Checkout repository"
+        uses: actions/checkout@v4
+        with:
+          submodules: true
+      - name: Cache vcpkg
+        uses: actions/cache@v4
+        with:
+          path: 'build/vcpkg_installed/'
+          key: vcpkg-release-${{ matrix.platform.VCPKG_TRIPLET }}
+      - name: Set version variables
+        run: |
+          $b=(Get-Content CMakeSettings.json | Out-String | ConvertFrom-Json).environments.BuildNumber		
+          echo "BUILD_NUMBER=$b" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append
+          $v = python version.py
+          echo "VERSION=$v" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append
+        shell: pwsh
+      - name: Build
+        env:
+          ARCHITECTURE: ${{ matrix.platform.ARCHITECTURE }}
+          COMPILER_PATH: ${{ matrix.platform.COMPILER_PATH }}
+          VCPKG_TRIPLET: ${{ matrix.platform.VCPKG_TRIPLET }}
+          VCVARS_PATH: ${{ matrix.platform.VCVARS_PATH }}
+        run: |
+          mkdir build
+          cd build
+          call "%VCVARS_PATH%"
+          cmake -G "Ninja" -DCMAKE_TOOLCHAIN_FILE="C:\vcpkg\scripts\buildsystems\vcpkg.cmake" -DVCPKG_TARGET_TRIPLET=%VCPKG_TRIPLET% -DCMAKE_BUILD_TYPE=RelWithDebInfo -DCMAKE_C_COMPILER="%COMPILER_PATH%" -DCMAKE_CXX_COMPILER="%COMPILER_PATH%" -DBUILD_NUMBER=%BUILD_NUMBER% ..
+          cmake --build .
+          mkdir installers
+          vpnsetup /SFXMODE:vpnclient /SFXOUT:"installers\softether-vpnclient-%VERSION%.%BUILD_NUMBER%.%ARCHITECTURE%.exe"
+          vpnsetup /SFXMODE:vpnserver_vpnbridge /SFXOUT:"installers\softether-vpnserver_vpnbridge-%VERSION%.%BUILD_NUMBER%.%ARCHITECTURE%.exe"
+        shell: cmd
+
+      - name: dir
+        run: |
+          Get-ChildItem -Recurse build/installers
+        shell: pwsh
+
+      - name: "Upload softether-vpnclient"
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: "${{ github.token }}"
+        with:
+          upload_url: "${{ needs.release.outputs.upload_url }}"
+          asset_path: "build/installers/softether-vpnclient-${{ env.VERSION }}.${{ env.BUILD_NUMBER }}.${{ matrix.platform.ARCHITECTURE }}.exe"
+          asset_name: "softether-vpnclient-${{ env.VERSION }}.${{ env.BUILD_NUMBER }}.${{ matrix.platform.ARCHITECTURE }}.exe"
+          asset_content_type: "application/octet-stream"
+      - name: "Upload softether-vpnserver_vpnbridge"
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: "${{ github.token }}"
+        with:
+          upload_url: "${{ needs.release.outputs.upload_url }}"
+          asset_path: "build/installers/softether-vpnserver_vpnbridge-${{ env.VERSION }}.${{ env.BUILD_NUMBER }}.${{ matrix.platform.ARCHITECTURE }}.exe"
+          asset_name: "softether-vpnserver_vpnbridge-${{ env.VERSION }}.${{ env.BUILD_NUMBER }}.${{ matrix.platform.ARCHITECTURE }}.exe"
+          asset_content_type: "application/octet-stream"
+

.gitignore

@@ -2,6 +2,7 @@
 .cproject
 .project
 .settings/
+.vs/
 Makefile
 /src/bin/*
 !/src/bin/hamcore/
@@ -208,4 +209,4 @@ developer_tools/stbchecker/**/ASALocalRun/
 developer_tools/stbchecker/**/*.binlog
 developer_tools/stbchecker/**/*.nvuser
 developer_tools/stbchecker/**/.mfractor/
-
+/vcpkg_installed

.gitlab-ci.yml

@@ -1,32 +1,3 @@
-.ubuntu: &ubuntu_def
-  variables:
-    CMAKE_VERSION: 3.9.6
-  except:
-    changes:
-      - .appveyor.yml
-      - .travis.yml
-      - .azure-pipelines.yml
-      - .cirrus.yml
-  before_script:
-    - REPOSITORY="$PWD" && cd ..
-    - apt-get update && apt-get install -y dpkg-dev wget g++ gcc libncurses5-dev libreadline-dev libsodium-dev libssl-dev make zlib1g-dev git file
-    - wget https://cmake.org/files/v${CMAKE_VERSION%.*}/cmake-${CMAKE_VERSION}.tar.gz && tar -xzf cmake-${CMAKE_VERSION}.tar.gz
-    - cd cmake-${CMAKE_VERSION} && ./bootstrap && make install
-    - cd "$REPOSITORY" && git submodule update --init --recursive
-  script:
-    - ./configure
-    - make package -C build
-    - dpkg -i build/softether-vpn*.deb
-    - .ci/memory-leak-test.sh
-
-trusty:      
-  <<: *ubuntu_def
-  image: ubuntu:trusty
-
-precise:
-  <<: *ubuntu_def
-  image: ubuntu:precise
-
 # illumos gitlab-runner maintained by @hww3
 build_illumos:
   only:
@@ -38,23 +9,3 @@ build_illumos:
     - CMAKE_FLAGS="-DCMAKE_PREFIX_PATH=/opt/local -DCMAKE_CXX_FLAGS=-m64 -DCMAKE_C_FLAGS=-m64" ./configure
     - gmake -C build
 
-#
-# flawfinder
-# see https://docs.gitlab.com/ee/user/project/merge_requests/sast.html
-#
-sast:
-  image: docker:stable
-  variables:
-    DOCKER_DRIVER: overlay2
-  allow_failure: true
-  services:
-    - docker:stable-dind
-  script:
-    - export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')
-    - docker run
-        --env SAST_CONFIDENCE_LEVEL="${SAST_CONFIDENCE_LEVEL:-3}"
-        --volume "$PWD:/code"
-        --volume /var/run/docker.sock:/var/run/docker.sock
-        "registry.gitlab.com/gitlab-org/security-products/sast:$SP_VERSION" /app/bin/run /code
-  artifacts:
-    paths: [gl-sast-report.json]

.gitmodules

@@ -10,3 +10,9 @@
 [submodule "src/libhamcore"]
 	path = src/libhamcore
 	url = https://github.com/SoftEtherVPN/libhamcore.git
+[submodule "src/Mayaqua/3rdparty/oqs-provider"]
+	path = src/Mayaqua/3rdparty/oqs-provider
+	url = https://github.com/open-quantum-safe/oqs-provider.git
+[submodule "src/Mayaqua/3rdparty/liboqs"]
+	path = src/Mayaqua/3rdparty/liboqs
+	url = https://github.com/open-quantum-safe/liboqs.git

.travis.yml

@@ -38,25 +38,6 @@ matrix:
       before_install:
         - sudo apt-get -y install libsodium-dev
         - bash .ci/build-libressl.sh > build-deps.log 2>&1 || (cat build-deps.log && exit 1)
-    - env: LABEL="check stb files"
-      os: linux
-      language: csharp
-      mono: none
-      dotnet: 2.2.203
-      before_install:
-        - true
-      script:
-        - cd developer_tools/stbchecker
-        - dotnet run ../../src/bin/hamcore
-    - os: osx
-      compiler: clang
-      before_install:
-        - brew install libsodium
-      script:
-        - ./configure
-        - make -C build
-        - otool -L build/vpnserver
-        - .ci/memory-leak-test.sh
 
 cache:
   directories:

.vscode/settings.json

@@ -0,0 +1,3 @@
+{
+    "cmake.configureOnOpen": false
+}

AUTHORS.TXT

@@ -52,6 +52,8 @@ DEVELOPMENT BOARD MEMBERS:
   - Ilya Shipitsin
     https://github.com/chipitsine
 
+  - Yihong Wu
+    https://github.com/domosekai
 
 SPECIAL CONTRIBUTORS:
 

CMakeLists.txt

@@ -1,9 +1,9 @@
-cmake_minimum_required(VERSION 3.10)
+cmake_minimum_required(VERSION 3.15)
 
 set(BUILD_NUMBER CACHE STRING "The number of the current build.")
 
 if ("${BUILD_NUMBER}" STREQUAL "")
-	set(BUILD_NUMBER "5180")
+	set(BUILD_NUMBER "5187")
 endif()
 
 if (BUILD_NUMBER LESS 5180)
@@ -13,6 +13,13 @@ if (BUILD_NUMBER LESS 5180)
 		"For detailed info: https://github.com/SoftEtherVPN/SoftEtherVPN/issues/1392#issuecomment-867348281")
 endif()
 
+#
+# Link MSVC runtime statically
+# this should be revisited after installer migration to MSI
+#
+cmake_policy(SET CMP0091 NEW)
+set(CMAKE_MSVC_RUNTIME_LIBRARY "MultiThreaded$<$<CONFIG:Debug>:Debug>")
+
 project("SoftEther VPN"
   VERSION "5.02.${BUILD_NUMBER}"
   LANGUAGES C
@@ -36,9 +43,19 @@ if(EXISTS "${TOP_DIRECTORY}/.git" AND NOT EXISTS "${TOP_DIRECTORY}/src/libhamcor
     message (FATAL_ERROR "Submodules are not initialized. Run\n\tgit submodule update --init --recursive")
 endif()
 
+if(WIN32 AND VCPKG_TARGET_TRIPLET AND NOT DEFINED CMAKE_TOOLCHAIN_FILE)
+  message (FATAL_ERROR "vcpkg not installed or integrated with Visual Studio. Install it and run\n\tvcpkg integrate install")
+endif()
+
 if(UNIX)
   include(GNUInstallDirs)
 
+  #
+  # use rpath for locating installed libraries
+  #
+  set(CMAKE_INSTALL_RPATH "${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_LIBDIR}")
+  set(CMAKE_INSTALL_RPATH_USE_LINK_PATH TRUE)
+
   include(CheckIncludeFile)
   Check_Include_File(sys/auxv.h HAVE_SYS_AUXV)
   if(EXISTS "/lib/systemd/system")

CMakeSettings.json

@@ -0,0 +1,141 @@
+{
+  "environments": [ { "BuildNumber": "5187" } ],
+  "configurations": [
+    {
+      "name": "x64-native",
+      "description": "Target x64 with 64-bit compiler",
+      "generator": "Ninja",
+      "configurationType": "RelWithDebInfo",
+      "inheritEnvironments": [ "clang_cl_x64_x64" ],
+      "buildRoot": "${projectDir}\\out\\build\\${name}",
+      "installRoot": "${projectDir}\\out\\install\\${name}",
+      "cmakeCommandArgs": "",
+      "buildCommandArgs": "",
+      "ctestCommandArgs": "",
+      "variables": [
+        {
+          "name": "BUILD_NUMBER",
+          "value": "${env.BuildNumber}",
+          "type": "STRING"
+        },
+        {
+          "name": "CMAKE_C_COMPILER",
+          "value": "${env.VCINSTALLDIR}Tools/Llvm/x64/bin/clang-cl.exe",
+          "type": "FILEPATH"
+        },
+        {
+          "name": "CMAKE_CXX_COMPILER",
+          "value": "${env.VCINSTALLDIR}Tools/Llvm/x64/bin/clang-cl.exe",
+          "type": "FILEPATH"
+        },
+        {
+          "name": "VCPKG_TARGET_TRIPLET",
+          "value": "x64-windows-static",
+          "type": "STRING"
+        }
+      ]
+    },
+    {
+      "name": "x86-on-x64",
+      "description": "Target x86 with 64-bit compiler",
+      "generator": "Ninja",
+      "configurationType": "RelWithDebInfo",
+      "inheritEnvironments": [ "clang_cl_x86_x64" ],
+      "buildRoot": "${projectDir}\\out\\build\\${name}",
+      "installRoot": "${projectDir}\\out\\install\\${name}",
+      "cmakeCommandArgs": "",
+      "buildCommandArgs": "",
+      "ctestCommandArgs": "",
+      "variables": [
+        {
+          "name": "BUILD_NUMBER",
+          "value": "${env.BuildNumber}",
+          "type": "STRING"
+        },
+        {
+          "name": "CMAKE_C_COMPILER",
+          "value": "${env.VCINSTALLDIR}Tools/Llvm/x64/bin/clang-cl.exe",
+          "type": "FILEPATH"
+        },
+        {
+          "name": "CMAKE_CXX_COMPILER",
+          "value": "${env.VCINSTALLDIR}Tools/Llvm/x64/bin/clang-cl.exe",
+          "type": "FILEPATH"
+        },
+        {
+          "name": "VCPKG_TARGET_TRIPLET",
+          "value": "x86-windows-static",
+          "type": "STRING"
+        }
+      ]
+    },
+    {
+      "name": "x64-on-x86",
+      "description": "Target x64 with 32-bit compiler",
+      "generator": "Ninja",
+      "configurationType": "RelWithDebInfo",
+      "inheritEnvironments": [ "clang_cl_x64" ],
+      "buildRoot": "${projectDir}\\out\\build\\${name}",
+      "installRoot": "${projectDir}\\out\\install\\${name}",
+      "cmakeCommandArgs": "",
+      "buildCommandArgs": "",
+      "ctestCommandArgs": "",
+      "variables": [
+        {
+          "name": "BUILD_NUMBER",
+          "value": "${env.BuildNumber}",
+          "type": "STRING"
+        },
+        {
+          "name": "CMAKE_C_COMPILER",
+          "value": "${env.VCINSTALLDIR}Tools/Llvm/bin/clang-cl.exe",
+          "type": "FILEPATH"
+        },
+        {
+          "name": "CMAKE_CXX_COMPILER",
+          "value": "${env.VCINSTALLDIR}Tools/Llvm/bin/clang-cl.exe",
+          "type": "FILEPATH"
+        },
+        {
+          "name": "VCPKG_TARGET_TRIPLET",
+          "value": "x64-windows-static",
+          "type": "STRING"
+        }
+      ]
+    },
+    {
+      "name": "x86-native",
+      "description": "Target x86 with 32-bit compiler",
+      "generator": "Ninja",
+      "configurationType": "RelWithDebInfo",
+      "inheritEnvironments": [ "clang_cl_x86" ],
+      "buildRoot": "${projectDir}\\out\\build\\${name}",
+      "installRoot": "${projectDir}\\out\\install\\${name}",
+      "cmakeCommandArgs": "",
+      "buildCommandArgs": "",
+      "ctestCommandArgs": "",
+      "variables": [
+        {
+          "name": "BUILD_NUMBER",
+          "value": "${env.BuildNumber}",
+          "type": "STRING"
+        },
+        {
+          "name": "CMAKE_C_COMPILER",
+          "value": "${env.VCINSTALLDIR}Tools/Llvm/bin/clang-cl.exe",
+          "type": "FILEPATH"
+        },
+        {
+          "name": "CMAKE_CXX_COMPILER",
+          "value": "${env.VCINSTALLDIR}Tools/Llvm/bin/clang-cl.exe",
+          "type": "FILEPATH"
+        },
+        {
+          "name": "VCPKG_TARGET_TRIPLET",
+          "value": "x86-windows-static",
+          "type": "STRING"
+        }
+      ]
+    }
+  ]
+}

ContainerREADME.md

@@ -0,0 +1,104 @@
+# SoftetherVPN Container images
+
+This container is designed to be as small as possible and host a SoftEther VPN Server, Bridge or Client.
+It´s based on Alpine so resulting Image is kept as small as 15MB!
+
+## Not working 
+
+* bridging to a physical Ethernet adapter 
+
+## working
+
+* OpenVPN
+* L2tp
+* SSL 
+* SecureNAT
+* Wireguard (not with the "stable" tag)
+
+
+
+## Available Tags
+
+
+|Image|Description|
+|---|---|
+|softethervpn/vpnserver:stable|Latest stable release from https://github.com/SoftEtherVPN/SoftEtherVPN_Stable|
+|softethervpn/vpnserver:v4.39-9772-beta|Tagged build|
+|softethervpn/vpnserver:latest|Latest commits from https://github.com/SoftEtherVPN/SoftEtherVPN|
+
+
+You should always specify your wanted version like `softethervpn/vpnserver:5.02.5180`
+
+## Usage docker run
+
+This will keep your config and Logfiles in the docker volume `softetherdata`
+
+`docker run -d --rm --name softether-vpn-server -v softetherdata:/var/lib/softether -v softetherlogs:/var/log/softether -p 443:443/tcp -p 992:992/tcp -p 1194:1194/udp -p 5555:5555/tcp -p 500:500/udp -p 4500:4500/udp -p 1701:1701/udp --cap-add NET_ADMIN softethervpn/vpnserver:stable`
+
+## Port requirements
+
+As there are different operating modes for SoftetherVPN there is a variety of ports that might or might not be needed.
+For operation with Softether Clients at least 443, 992 or 5555 is needed.
+See https://www.softether.org/4-docs/1-manual/1/1.6 for reference on the Softether ports.
+Others are commented out in the docker-compose example.
+
+## Usage docker-compose
+
+The same command can be achieved by docker-compose, the docker compose file is in the repository.
+You can specify the respective docker-compose.yaml like so: 
+
+`docker-compose -f docker-compose.vpnclient.yaml up -d`
+
+By default the docker-compose.yaml is used: 
+
+```
+version: '3'
+
+services:
+  softether:
+    image: softethervpn/vpnserver:latest
+    cap_add:
+      - NET_ADMIN
+    restart: always
+    ports:
+      #- 53:53         #DNS tunneling
+      - 443:443         #Management and HTTPS tunneling
+      #- 992:992         #HTTPS tunneling
+      #- 1194:1194/udp #OpenVPN 
+      #- 5555:5555       #HTTPS tunneling
+      #- 500:500/udp   #IPsec/L2TP
+      #- 4500:4500/udp #IPsec/L2TP
+      #- 1701:1701/udp #IPsec/L2TP
+    volumes:
+      - "/etc/localtime:/etc/localtime:ro"
+      - "/etc/timezone:/etc/timezone:ro"
+      - "./softether_data:/var/lib/softether"
+      - "./softether_log:/var/log/softether"
+      # - "./adminip.txt:/var/lib/softether/adminip.txt:ro"
+```
+
+### Use vpncmd
+
+With newer releases vpncmd is directly in the container so you can use it to configure vpn. You can can run it once the container is running :
+
+`docker exec -it softether-vpn-server vpncmd localhost`
+example to configure a vpnclient
+
+```
+docker exec -it softether-vpn-server vpncmd localhost /client
+
+VPN Client> AccountSet homevpn /SERVER:192.168.1.1:443 /HUB:VPN
+VPN Client> AccountPasswordSet homevpn /PASSWORD:verysecurepassword /TYPE:standard
+VPN Client> AccountConnect homevpn
+
+#Automatically connect once container starts
+VPN Client> AccountStartupSet homevpn
+
+#Checking State
+VPN Client> AccountStatusGet homevpn
+
+```
+
+## Building 
+
+` docker build --target vpnclient -t softethevpn:latest .`

Dockerfile

@@ -0,0 +1,51 @@
+FROM alpine AS builder
+RUN mkdir /usr/local/src && apk add binutils --no-cache\
+        linux-headers \
+	build-base \
+        readline-dev \
+        openssl-dev \
+        ncurses-dev \
+        git \
+        cmake \
+        zlib-dev \
+        libsodium-dev \
+        gnu-libiconv 
+
+ENV LD_PRELOAD=/usr/lib/preloadable_libiconv.so
+ADD ./ /usr/local/src/SoftEtherVPN/
+WORKDIR /usr/local/src
+ENV USE_MUSL=YES
+ENV CMAKE_FLAGS="-DSE_PIDDIR=/run/softether -DSE_LOGDIR=/var/log/softether -DSE_DBDIR=/var/lib/softether"
+RUN cd SoftEtherVPN &&\
+        ./configure &&\
+	make -j $(getconf _NPROCESSORS_ONLN) -C build
+
+FROM alpine AS base
+RUN apk add --no-cache readline \
+        openssl \
+        libsodium \
+        gnu-libiconv \
+        iptables
+ENV LD_PRELOAD=/usr/lib/preloadable_libiconv.so
+WORKDIR /usr/local/bin
+VOLUME /var/log/softether
+VOLUME /var/lib/softether
+VOLUME /run/softether
+COPY --from=builder /usr/local/src/SoftEtherVPN/build/vpncmd /usr/local/src/SoftEtherVPN/build/hamcore.se2 ./
+COPY --from=builder /usr/local/src/SoftEtherVPN/build/libcedar.so /usr/local/src/SoftEtherVPN/build/libmayaqua.so /usr/local/lib/
+
+
+FROM base AS vpnserver
+COPY --from=builder /usr/local/src/SoftEtherVPN/build/vpnserver ./
+EXPOSE 443/tcp 992/tcp 1194/tcp 1194/udp 5555/tcp 500/udp 4500/udp
+CMD ["/usr/local/bin/vpnserver", "execsvc"]
+
+
+FROM base AS vpnclient
+COPY --from=builder /usr/local/src/SoftEtherVPN/build/vpnclient ./
+CMD ["/usr/local/bin/vpnclient", "execsvc"]
+
+
+FROM base AS vpnbridge
+COPY --from=builder /usr/local/src/SoftEtherVPN/build/vpnbridge ./
+CMD ["/usr/local/bin/vpnbridge", "execsvc"]

FUNDING.yml

@@ -1,2 +1 @@
 liberapay: softether
-custom: https://salt.bountysource.com/teams/softether-vpn

README.md

@@ -2,19 +2,17 @@
 
 ||Badges|
 |---|---|
-|AppVeyor|[![AppVeyor build status](https://ci.appveyor.com/api/projects/status/github/softethervpn/softethervpn?branch=master&svg=true)](https://ci.appveyor.com/project/softethervpn/softethervpn) |
 |GitLab CI|[![GitLab CI build status](https://gitlab.com/SoftEther/SoftEtherVPN/badges/master/pipeline.svg)](https://gitlab.com/SoftEther/SoftEtherVPN/pipelines)|
 |Coverity Scan|[![Coverity Scan build status](https://scan.coverity.com/projects/16304/badge.svg)](https://scan.coverity.com/projects/softethervpn-softethervpn)|
-|Azure Pipelines|[![Azure Pipelines build status for Nightly](https://dev.azure.com/SoftEther-VPN/SoftEther%20VPN/_apis/build/status/6?api-version=6.0-preview.1)](https://dev.azure.com/SoftEther-VPN/SoftEther%20VPN/_build?definitionId=6)|
 |Cirrus CI|[![Cirrus CI build status](https://api.cirrus-ci.com/github/SoftEtherVPN/SoftEtherVPN.svg)](https://cirrus-ci.com/github/SoftEtherVPN/SoftEtherVPN)|
 
 - [SoftEther VPN](#softether-vpn)
 - [BOARD MEMBERS OF THIS REPOSITORY](#board-members-of-this-repository)
 - [SOFTETHER VPN ADVANTAGES](#softether-vpn-advantages)
 - [Installation](#installation)
-  * [For Ubuntu](#for-ubuntu)
   * [For FreeBSD](#for-freebsd)
-  * [From binary installers:](#from-binary-installers)
+  * [For Windows](#for-windows)
+  * [From binary installers (stable channel)](#from-binary-installers-stable-channel)
   * [Build from Source code](#build-from-source-code)
 - [About HTML5-based Modern Admin Console and JSON-RPC API Suite](#about-html5-based-modern-admin-console-and-json-rpc-api-suite)
   * [Built-in SoftEther VPN Server HTML5 Ajax-based Web Administration Console](#built-in-softether-vpn-server-html5-ajax-based-web-administration-console)
@@ -34,6 +32,8 @@ Stable Edition is available on
 https://github.com/SoftEtherVPN/SoftEtherVPN_Stable
 which the non-developer user can stable use.
 
+Please note that [some features](#comparison-with-stable-edition) are not available in Stable Edition.
+
 Source code packages (.zip and .tar.gz) and binary files of Stable Edition are also available:  
 https://www.softether-download.com/
 
@@ -72,7 +72,7 @@ world's most powerful and easy-to-use multi-protocol VPN software.
 SoftEther VPN runs on Windows, Linux, Mac, FreeBSD and Solaris.
 
 SoftEther VPN supports most of widely-used VPN protocols
-including SSL-VPN, OpenVPN, IPsec, L2TP, MS-SSTP, L2TPv3 and EtherIP
+including SSL-VPN, WireGuard, OpenVPN, IPsec, L2TP, MS-SSTP, L2TPv3 and EtherIP
 by the single SoftEther VPN Server program.
 
 More details on https://www.softether.org/.
@@ -105,6 +105,7 @@ https://github.com/chipitsine
 
 - Supporting all popular VPN protocols by the single VPN server:
   SSL-VPN (HTTPS)
+  WireGuard
   OpenVPN
   IPsec
   L2TP
@@ -139,17 +140,37 @@ https://github.com/chipitsine
   releasing the build.
 - More details at https://www.softether.org/.
 
+# Comparison with Stable Edition
+
+| Protocol | Stable Edition (SE) | Developer Edition (DE) | Comment |
+| --- | --- | --- | --- |
+| SSL-VPN | ✅ | ✅ | |
+| OpenVPN | ✅ | ✅ | AEAD mode is supported in DE only. |
+| IPsec | ✅ | ✅ | |
+| L2TP | ✅ | ✅ | |
+| MS-SSTP | ✅ | ✅ | |
+| L2TPv3 | ✅ | ✅ | |
+| EtherIP | ✅ | ✅ | |
+| WireGuard | ❌ | ✅ | |
+| IKEv2 | ❌ | ❌ | |
+
+| Feature | Stable Edition (SE) | Developer Edition (DE) | Comment |
+| --- | --- | --- | --- |
+| Password Authentication | ✅ | ✅ | |
+| RADIUS / NT Authentication | ✅ | ✅ | |
+| Certificate Authentication | ⚠️ | ✅ | SE supports the feature in SSL-VPN only. |
+| IPv6-capable VPN Tunnel | ⚠️ | ✅ | SE supports IPv6 in L2 VPN tunnels only. |
+| IPv4 Route Management | ✅ | ✅ | Windows clients only |
+| IPv6 Route Management | ❌ | ✅ | Windows clients only |
+| TLS Server Verification | ⚠️ | ✅ | In SE you need to specify the exact certificate or CA to verify. DE can perform standard TLS verification and use the system CA store. |
+| Dual-stack Name Resolution | ⚠️ | ✅ | SE attempts in IPv6 only after IPv4 has failed. |
+| ECDSA Certificates Import | ❌ | ✅ | |
+| Runs on Windows XP and Earlier | ✅ | ❌ | |
+| Compatible with SoftEther VPN 1.0 | ✅ | ❌ | |
+| AES-NI Hardware Acceleration | ⚠️ |  ✅ | SE requires [intel_aes_lib](https://software.intel.com/sites/default/files/article/181731/intel-aesni-sample-library-v1.2.zip) to enable AES-NI, so x86 only. In DE, enabled by default as long as processor supports it (at least x86 and ARM). |
 
 # Installation
 
-## For Ubuntu
-
-Launchpad PPA maintained by [Dmitry Verkhoturov](https://github.com/paskal):
-
-[Daily builds](https://code.launchpad.net/~paskal-07/+archive/ubuntu/softethervpn) (latest released tag)
-
-[Nightly builds](https://code.launchpad.net/~paskal-07/+archive/ubuntu/softethervpn-nightly)
-
 ## For FreeBSD
 
 SoftEther VPN in FreeBSD Ports Collection is maintained by
@@ -178,11 +199,22 @@ sysrc softether_server_enable=yes
 Also SoftEther VPN [Stable Edition](https://www.freshports.org/security/softether-devel/) and
 [RTM version](https://www.freshports.org/security/softether/) are available on FreeBSD.
 
-## From binary installers:
+## For Windows
+
+[Releases](https://github.com/SoftEtherVPN/SoftEtherVPN/releases)
+
+[Nightly builds](https://github.com/SoftEtherVPN/SoftEtherVPN/actions/workflows/windows.yml)
+(choose appropriate platform, then find binaries or installers as artifacts)
+
+## From binary installers (stable channel)
 
 Those can be found under https://www.softether-download.com/
 There you can also find SoftEtherVPN source code in zip and tar formats.
 
+## Docker Container Image
+
+Please look at the [ContainerREADME.md](ContainerREADME.md)
+
 ## Build from Source code
 
 see [BUILD_UNIX](src/BUILD_UNIX.md) or [BUILD_WINDOWS](src/BUILD_WINDOWS.md)
@@ -236,19 +268,19 @@ SoftEther VPN Project distributes the up-to-date source code
 on all the following open-source repositories:
 
   - GitHub
-    https://github.com/SoftEtherVPN/SoftEtherVPN/
+    https://github.com/SoftEtherVPN/SoftEtherVPN
 
         $ git clone https://github.com/SoftEtherVPN/SoftEtherVPN.git
 
   - GitLab (mirrored from GitHub)
-    https://gitlab.com/SoftEther/SoftEtherVPN/
+    https://gitlab.com/SoftEther/VPN
 
-        $ git clone https://gitlab.com/SoftEther/SoftEtherVPN.git
+        $ git clone https://gitlab.com/SoftEther/VPN.git
 
-  - Codeberg (mirrored from GitHub)
-    https://codeberg.org/softether/vpn
+  - OneDev (mirrored from GitHub)
+    https://code.onedev.io/SoftEther/VPN
 
-        $ git clone https://codeberg.org/softether/vpn.git
+        $ git clone https://code.onedev.io/SoftEther/VPN.git
 
 We hope that you can reach one of the above URLs at least!
 
@@ -261,7 +293,7 @@ Please send patches to us through GitHub.
 
 # DEAR SECURITY EXPERTS
 
-If you find a bug or a security vulnerability please kindly inform us
+If you find a bug or a security vulnerability please [kindly inform](https://github.com/SoftEtherVPN/SoftEtherVPN/security/advisories/new) us
 about the problem immediately so that we can fix the security problem
 to protect a lot of users around the world as soon as possible.
 

SECURITY.md

@@ -0,0 +1,15 @@
+# Security Policy
+
+## Supported Versions
+
+Use this section to tell people about which versions of your project are
+currently being supported with security updates.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 5.x     | :white_check_mark: |
+
+
+## Reporting a Vulnerability
+
+Please use [github security reporting](https://github.com/SoftEtherVPN/SoftEtherVPN/security/advisories/new)

SoftEtherVPN-iOS/SoftEtherVPN-iOS/Protocol/SecureConnection.swift

@@ -0,0 +1,118 @@
+import Foundation
+import Network
+import Security
+
+/// SecureConnection handles the TLS connection with the SoftEther VPN server
+class SecureConnection {
+    
+    // MARK: - Properties
+    
+    private var connection: NWConnection?
+    private let host: String
+    private let port: UInt16
+    private let queue = DispatchQueue(label: "com.softether.connection", qos: .userInitiated)
+    
+    // MARK: - Initialization
+    
+    /// Initialize a secure connection
+    /// - Parameters:
+    ///   - host: Server hostname or IP address
+    ///   - port: Server port number
+    init(host: String, port: UInt16) {
+        self.host = host
+        self.port = port
+    }
+    
+    // MARK: - Public Methods
+    
+    /// Connect to the server using TLS
+    /// - Parameter completion: Callback with connection result
+    func connect(completion: @escaping (Bool, Error?) -> Void) {
+        let hostEndpoint = NWEndpoint.Host(host)
+        let portEndpoint = NWEndpoint.Port(rawValue: port)!
+        
+        // Create TLS parameters
+        let tlsOptions = NWProtocolTLS.Options()
+        
+        // Configure TLS for maximum compatibility with SoftEther
+        let securityOptions = tlsOptions.securityProtocolOptions
+        sec_protocol_options_set_tls_min_version(securityOptions, .TLSv12)
+        sec_protocol_options_set_tls_max_version(securityOptions, .TLSv13)
+        
+        // Allow all cipher suites for compatibility
+        sec_protocol_options_set_cipher_suites(securityOptions, nil, 0)
+        
+        // Disable certificate validation for initial development (ENABLE IN PRODUCTION)
+        sec_protocol_options_set_verify_block(securityOptions, { (_, _, trustResult, _) in
+            return true // Accept all certificates for testing
+        }, queue)
+        
+        // Create TCP options with TLS
+        let tcpOptions = NWProtocolTCP.Options()
+        tcpOptions.enableKeepalive = true
+        tcpOptions.keepaliveIdle = 30
+        
+        // Create connection parameters
+        let parameters = NWParameters(tls: tlsOptions, tcp: tcpOptions)
+        
+        // Create the connection
+        connection = NWConnection(host: hostEndpoint, port: portEndpoint, using: parameters)
+        
+        // Set up state handling
+        connection?.stateUpdateHandler = { [weak self] state in
+            switch state {
+            case .ready:
+                completion(true, nil)
+            case .failed(let error):
+                self?.disconnect()
+                completion(false, error)
+            case .cancelled:
+                completion(false, NSError(domain: "SoftEtherError", code: 1000, userInfo: [NSLocalizedDescriptionKey: "Connection cancelled"]))
+            default:
+                break
+            }
+        }
+        
+        // Start the connection
+        connection?.start(queue: queue)
+    }
+    
+    /// Disconnect from the server
+    func disconnect() {
+        connection?.cancel()
+        connection = nil
+    }
+    
+    /// Send data to the server
+    /// - Parameters:
+    ///   - data: Data to send
+    ///   - completion: Callback with error if any
+    func send(data: Data, completion: @escaping (Error?) -> Void) {
+        guard let connection = connection, connection.state == .ready else {
+            completion(NSError(domain: "SoftEtherError", code: 1001, userInfo: [NSLocalizedDescriptionKey: "Connection not ready"]))
+            return
+        }
+        
+        connection.send(content: data, completion: .contentProcessed { error in
+            completion(error)
+        })
+    }
+    
+    /// Receive data from the server
+    /// - Parameter completion: Callback with received data and error if any
+    func receive(completion: @escaping (Data?, Error?) -> Void) {
+        guard let connection = connection, connection.state == .ready else {
+            completion(nil, NSError(domain: "SoftEtherError", code: 1001, userInfo: [NSLocalizedDescriptionKey: "Connection not ready"]))
+            return
+        }
+        
+        connection.receive(minimumIncompleteLength: 1, maximumLength: 65536) { data, _, isComplete, error in
+            completion(data, error)
+            
+            if isComplete {
+                // Connection was closed by the peer
+                self.disconnect()
+            }
+        }
+    }
+}

SoftEtherVPN-iOS/SoftEtherVPN-iOS/Protocol/SoftEtherClientSignature.swift

@@ -0,0 +1,90 @@
+import Foundation
+
+/// Handles the specific client signature format that SoftEther expects
+class SoftEtherClientSignature {
+    
+    // MARK: - Constants
+    
+    private enum Constants {
+        static let clientBuildNumber: UInt32 = 5187
+        static let clientVersion: UInt32 = 5_02_0000 + clientBuildNumber
+        static let clientString = "SoftEther VPN Client"
+        static let softEtherMagic: [UInt8] = [0x5E, 0x68] // 'Se' in hex
+        
+        // Protocol identification constants from SoftEther source
+        static let cedar = "CEDAR"
+        static let sessionKey = "sessionkey"
+        static let protocol1 = "PROTOCOL"
+        static let protocol2 = "PROTOCOL2"
+    }
+    
+    // MARK: - Public Methods
+    
+    /// Generate the client signature packet that identifies this client as a legitimate SoftEther VPN client
+    /// - Returns: Data containing the formatted client signature
+    static func generateSignature() -> Data {
+        var data = Data()
+        
+        // 1. Add SoftEther magic bytes
+        data.append(contentsOf: Constants.softEtherMagic)
+        
+        // 2. Add client version in network byte order (big endian)
+        data.appendUInt32(Constants.clientVersion)
+        
+        // 3. Add client build number in network byte order
+        data.appendUInt32(Constants.clientBuildNumber)
+        
+        // 4. Add cedar protocol identifier
+        if let cedarData = Constants.cedar.data(using: .ascii) {
+            data.append(cedarData)
+            data.append(0) // null terminator
+        }
+        
+        // 5. Add client string with null terminator
+        if let clientString = (Constants.clientString + "\0").data(using: .ascii) {
+            data.append(clientString)
+        }
+        
+        // 6. Add protocol identifiers
+        if let protocolData = (Constants.protocol1 + "\0").data(using: .ascii) {
+            data.append(protocolData)
+        }
+        
+        if let protocol2Data = (Constants.protocol2 + "\0").data(using: .ascii) {
+            data.append(protocol2Data)
+        }
+        
+        // 7. Add session key marker
+        if let sessionKeyData = (Constants.sessionKey + "\0").data(using: .ascii) {
+            data.append(sessionKeyData)
+        }
+        
+        // 8. Add random data for session key (typically 20 bytes)
+        let randomSessionKey = SoftEtherCrypto.randomBytes(count: 20)
+        data.append(randomSessionKey)
+        
+        // 9. Calculate and append SHA-1 hash of the entire data for integrity verification
+        let hash = SoftEtherCrypto.sha1(data)
+        data.append(hash)
+        
+        return data
+    }
+    
+    /// Verify a server response to the client signature
+    /// - Parameter data: Response data from server
+    /// - Returns: True if valid response, false otherwise
+    static func verifyServerResponse(_ data: Data) -> Bool {
+        // Basic validation - a real implementation would parse and validate the server response format
+        // This is a minimal check to see if we have enough data and it starts with the magic bytes
+        guard data.count >= 8 else {
+            return false
+        }
+        
+        // Check if response starts with SoftEther magic bytes
+        if data[0] == Constants.softEtherMagic[0] && data[1] == Constants.softEtherMagic[1] {
+            return true
+        }
+        
+        return false
+    }
+}

SoftEtherVPN-iOS/SoftEtherVPN-iOS/Protocol/SoftEtherCrypto.swift

@@ -0,0 +1,97 @@
+import Foundation
+import CryptoKit
+
+/// Handles encryption operations for SoftEther protocol
+class SoftEtherCrypto {
+    
+    // MARK: - Constants
+    
+    private enum Constants {
+        static let sha1Size = 20
+        static let md5Size = 16
+    }
+    
+    // MARK: - Public Methods
+    
+    /// Generate secure random bytes
+    /// - Parameter count: Number of random bytes to generate
+    /// - Returns: Data containing random bytes
+    static func randomBytes(count: Int) -> Data {
+        var data = Data(count: count)
+        _ = data.withUnsafeMutableBytes { 
+            SecRandomCopyBytes(kSecRandomDefault, count, $0.baseAddress!)
+        }
+        return data
+    }
+    
+    /// Calculate SHA-1 hash
+    /// - Parameter data: Input data
+    /// - Returns: SHA-1 hash of the input data
+    static func sha1(_ data: Data) -> Data {
+        let digest = SHA1.hash(data: data)
+        return Data(digest)
+    }
+    
+    /// Calculate MD5 hash
+    /// - Parameter data: Input data
+    /// - Returns: MD5 hash of the input data
+    static func md5(_ data: Data) -> Data {
+        let digest = Insecure.MD5.hash(data: data)
+        return Data(digest)
+    }
+    
+    /// Encrypt data using RC4 algorithm (for SoftEther compatibility)
+    /// - Parameters:
+    ///   - data: Data to encrypt
+    ///   - key: Encryption key
+    /// - Returns: Encrypted data
+    static func rc4Encrypt(data: Data, key: Data) -> Data {
+        let rc4 = RC4(key: key)
+        return rc4.process(data)
+    }
+    
+    /// Decrypt data using RC4 algorithm (for SoftEther compatibility)
+    /// - Parameters:
+    ///   - data: Data to decrypt
+    ///   - key: Decryption key
+    /// - Returns: Decrypted data
+    static func rc4Decrypt(data: Data, key: Data) -> Data {
+        // RC4 is symmetric, so encryption and decryption are the same operation
+        return rc4Encrypt(data: data, key: key)
+    }
+}
+
+/// Simple RC4 implementation for SoftEther compatibility
+/// Note: RC4 is considered insecure, but SoftEther uses it in parts of its protocol
+private class RC4 {
+    private var state: [UInt8]
+    
+    init(key: Data) {
+        state = Array(0...255)
+        var j: Int = 0
+        
+        // Key scheduling algorithm
+        for i in 0..<256 {
+            let keyByte = key[i % key.count]
+            j = (j + Int(state[i]) + Int(keyByte)) & 0xFF
+            state.swapAt(i, j)
+        }
+    }
+    
+    func process(_ data: Data) -> Data {
+        var result = Data(count: data.count)
+        var i: Int = 0
+        var j: Int = 0
+        
+        // Generate keystream and XOR with plaintext
+        for k in 0..<data.count {
+            i = (i + 1) & 0xFF
+            j = (j + Int(state[i])) & 0xFF
+            state.swapAt(i, j)
+            let keyStreamByte = state[(Int(state[i]) + Int(state[j])) & 0xFF]
+            result[k] = data[k] ^ keyStreamByte
+        }
+        
+        return result
+    }
+}

SoftEtherVPN-iOS/SoftEtherVPN-iOS/Protocol/SoftEtherPacket.swift

@@ -0,0 +1,123 @@
+import Foundation
+
+/// Handles the SoftEther packet structure for communication
+class SoftEtherPacket {
+    
+    // MARK: - Constants
+    
+    private enum PacketType: UInt32 {
+        case clientSignature = 0x01
+        case serverResponse = 0x02
+        case sessionRequest = 0x03
+        case sessionResponse = 0x04
+        case data = 0x05
+        case keepAlive = 0x06
+    }
+    
+    private enum Constants {
+        static let headerSize: UInt32 = 16
+        static let maxPacketSize: UInt32 = 1024 * 1024 // 1MB
+    }
+    
+    // MARK: - Properties
+    
+    private var packetType: PacketType
+    private var packetId: UInt32
+    private var packetData: Data
+    
+    // MARK: - Initialization
+    
+    /// Initialize a packet with type, ID and data
+    /// - Parameters:
+    ///   - type: Packet type
+    ///   - id: Packet ID
+    ///   - data: Packet payload
+    init(type: UInt32, id: UInt32, data: Data) {
+        self.packetType = PacketType(rawValue: type) ?? .data
+        self.packetId = id
+        self.packetData = data
+    }
+    
+    /// Initialize a packet from raw data
+    /// - Parameter data: Raw packet data
+    init?(fromData data: Data) {
+        guard data.count >= Int(Constants.headerSize) else {
+            return nil
+        }
+        
+        // Parse header
+        let typeValue = data.readUInt32(at: 0)
+        self.packetId = data.readUInt32(at: 4)
+        let dataSize = data.readUInt32(at: 8)
+        
+        // Validate packet
+        guard let type = PacketType(rawValue: typeValue),
+              dataSize <= Constants.maxPacketSize,
+              data.count >= Int(Constants.headerSize + dataSize) else {
+            return nil
+        }
+        
+        self.packetType = type
+        
+        // Extract payload
+        let startIndex = Int(Constants.headerSize)
+        let endIndex = startIndex + Int(dataSize)
+        self.packetData = data.subdata(in: startIndex..<endIndex)
+    }
+    
+    // MARK: - Public Methods
+    
+    /// Serialize the packet to binary data format
+    /// - Returns: Serialized packet data
+    func serialize() -> Data {
+        var result = Data(capacity: Int(Constants.headerSize) + packetData.count)
+        
+        // Write header
+        result.appendUInt32(packetType.rawValue)
+        result.appendUInt32(packetId)
+        result.appendUInt32(UInt32(packetData.count))
+        result.appendUInt32(0) // Reserved
+        
+        // Write payload
+        result.append(packetData)
+        
+        return result
+    }
+    
+    /// Get the packet type
+    /// - Returns: Packet type
+    func getType() -> UInt32 {
+        return packetType.rawValue
+    }
+    
+    /// Get the packet ID
+    /// - Returns: Packet ID
+    func getId() -> UInt32 {
+        return packetId
+    }
+    
+    /// Get the packet payload
+    /// - Returns: Packet payload data
+    func getData() -> Data {
+        return packetData
+    }
+}
+
+// MARK: - Extensions
+
+extension Data {
+    /// Read a UInt32 value from the data at specified offset
+    /// - Parameter offset: Offset to read from
+    /// - Returns: UInt32 value in big-endian order
+    func readUInt32(at offset: Int) -> UInt32 {
+        let slice = self.subdata(in: offset..<(offset + 4))
+        return slice.withUnsafeBytes { $0.load(as: UInt32.self).bigEndian }
+    }
+    
+    /// Append a UInt32 value to the data in big-endian order
+    /// - Parameter value: UInt32 value to append
+    mutating func appendUInt32(_ value: UInt32) {
+        var bigEndian = value.bigEndian
+        append(UnsafeBufferPointer(start: &bigEndian, count: 1))
+    }
+}

SoftEtherVPN-iOS/SoftEtherVPN-iOS/Protocol/SoftEtherProtocol.swift

@@ -0,0 +1,184 @@
+import Foundation
+import Network
+import Security
+import CryptoKit
+
+/// SoftEtherProtocol manages the communication between iOS client and SoftEther VPN server
+class SoftEtherProtocol {
+    
+    // MARK: - Properties
+    
+    private var secureConnection: SecureConnection?
+    private var isConnected = false
+    private var host: String = ""
+    private var port: UInt16 = 443
+    private var nextPacketId: UInt32 = 1
+    
+    // MARK: - Public Methods
+    
+    /// Connect to a SoftEther VPN server
+    /// - Parameters:
+    ///   - host: The server hostname or IP address
+    ///   - port: The server port (default: 443)
+    ///   - completion: Callback with connection result
+    public func connect(to host: String, port: UInt16 = 443, completion: @escaping (Bool, Error?) -> Void) {
+        self.host = host
+        self.port = port
+        
+        // Create a secure connection
+        secureConnection = SecureConnection(host: host, port: port)
+        
+        // Connect using TLS
+        secureConnection?.connect { [weak self] success, error in
+            guard let self = self, success else {
+                completion(false, error ?? NSError(domain: "SoftEtherError", code: 1, userInfo: [NSLocalizedDescriptionKey: "TLS connection failed"]))
+                return
+            }
+            
+            // After successful TLS connection, send the client signature
+            self.sendClientSignature { success, error in
+                if success {
+                    self.isConnected = true
+                }
+                completion(success, error)
+            }
+        }
+    }
+    
+    /// Disconnect from the server
+    public func disconnect() {
+        secureConnection?.disconnect()
+        isConnected = false
+    }
+    
+    // MARK: - Private Methods
+    
+    /// Send the SoftEther client signature to identify as a legitimate client
+    /// - Parameter completion: Callback with result
+    private func sendClientSignature(completion: @escaping (Bool, Error?) -> Void) {
+        // Generate client signature using our specialized class
+        let signatureData = SoftEtherClientSignature.generateSignature()
+        
+        // Create a packet with the signature data
+        let packetId = self.nextPacketId
+        self.nextPacketId += 1
+        
+        let packet = SoftEtherPacket(type: 0x01, id: packetId, data: signatureData)
+        let packetData = packet.serialize()
+        
+        print("Sending client signature packet: \(packetData.count) bytes")
+        
+        // Send the packet
+        secureConnection?.send(data: packetData) { [weak self] error in
+            guard let self = self else { return }
+            
+            if let error = error {
+                print("Error sending client signature: \(error)")
+                completion(false, error)
+                return
+            }
+            
+            // After sending signature, wait for server response
+            self.receiveServerResponse { success, error in
+                completion(success, error)
+            }
+        }
+    }
+    
+    /// Receive and process server response after sending signature
+    /// - Parameter completion: Callback with result
+    private func receiveServerResponse(completion: @escaping (Bool, Error?) -> Void) {
+        secureConnection?.receive { data, error in
+            if let error = error {
+                print("Error receiving server response: \(error)")
+                completion(false, error)
+                return
+            }
+            
+            guard let data = data, data.count > 4 else {
+                let error = NSError(domain: "SoftEtherError", code: 2, userInfo: [NSLocalizedDescriptionKey: "Invalid server response"])
+                print("Invalid server response: insufficient data")
+                completion(false, error)
+                return
+            }
+            
+            print("Received server response: \(data.count) bytes")
+            
+            // Parse the response packet
+            guard let packet = SoftEtherPacket(fromData: data) else {
+                let error = NSError(domain: "SoftEtherError", code: 3, userInfo: [NSLocalizedDescriptionKey: "Invalid packet format"])
+                print("Could not parse server response packet")
+                completion(false, error)
+                return
+            }
+            
+            // Verify the response
+            let packetData = packet.getData()
+            let isValid = SoftEtherClientSignature.verifyServerResponse(packetData)
+            
+            if isValid {
+                print("Server accepted our client signature")
+                completion(true, nil)
+            } else {
+                print("Server rejected our client signature")
+                let error = NSError(domain: "SoftEtherError", code: 4, userInfo: [NSLocalizedDescriptionKey: "Server rejected client signature"])
+                completion(false, error)
+            }
+        }
+    }
+    
+    /// Send a data packet to the server
+    /// - Parameters:
+    ///   - data: Data to send
+    ///   - completion: Callback with result
+    func sendData(data: Data, completion: @escaping (Bool, Error?) -> Void) {
+        guard isConnected else {
+            completion(false, NSError(domain: "SoftEtherError", code: 5, userInfo: [NSLocalizedDescriptionKey: "Not connected to server"]))
+            return
+        }
+        
+        let packetId = self.nextPacketId
+        self.nextPacketId += 1
+        
+        let packet = SoftEtherPacket(type: 0x05, id: packetId, data: data)
+        let packetData = packet.serialize()
+        
+        secureConnection?.send(data: packetData) { error in
+            if let error = error {
+                completion(false, error)
+                return
+            }
+            
+            completion(true, nil)
+        }
+    }
+    
+    /// Receive data from the server
+    /// - Parameter completion: Callback with received data and result
+    func receiveData(completion: @escaping (Data?, Bool, Error?) -> Void) {
+        guard isConnected else {
+            completion(nil, false, NSError(domain: "SoftEtherError", code: 5, userInfo: [NSLocalizedDescriptionKey: "Not connected to server"]))
+            return
+        }
+        
+        secureConnection?.receive { data, error in
+            if let error = error {
+                completion(nil, false, error)
+                return
+            }
+            
+            guard let data = data, data.count > 4 else {
+                completion(nil, false, NSError(domain: "SoftEtherError", code: 2, userInfo: [NSLocalizedDescriptionKey: "Invalid server response"]))
+                return
+            }
+            
+            // Parse the packet
+            guard let packet = SoftEtherPacket(fromData: data) else {
+                completion(nil, false, NSError(domain: "SoftEtherError", code: 3, userInfo: [NSLocalizedDescriptionKey: "Invalid packet format"]))
+                return
+            }
+            
+            completion(packet.getData(), true, nil)
+        }
+    }
+}

SoftEtherVPN-iOS/SoftEtherVPN-iOS/SoftEtherVPNClient.swift

@@ -0,0 +1,149 @@
+import Foundation
+import UIKit
+
+/// SoftEtherVPNClient provides a simple interface for connecting to SoftEther VPN servers
+public class SoftEtherVPNClient {
+    
+    // MARK: - Properties
+    
+    private let protocol: SoftEtherProtocol
+    private var connectionState: ConnectionState = .disconnected
+    
+    // MARK: - Public Types
+    
+    /// Connection states for the VPN client
+    public enum ConnectionState {
+        case disconnected
+        case connecting
+        case connected
+        case disconnecting
+        case error(Error)
+    }
+    
+    /// Connection delegate to receive state updates
+    public protocol ConnectionDelegate: AnyObject {
+        func connectionStateDidChange(_ state: ConnectionState)
+    }
+    
+    /// Weak reference to the delegate
+    public weak var delegate: ConnectionDelegate?
+    
+    // MARK: - Initialization
+    
+    public init() {
+        self.protocol = SoftEtherProtocol()
+    }
+    
+    // MARK: - Public Methods
+    
+    /// Connect to a SoftEther VPN server
+    /// - Parameters:
+    ///   - host: Server hostname or IP address
+    ///   - port: Server port (default: 443)
+    ///   - completion: Optional completion handler
+    public func connect(to host: String, port: UInt16 = 443, completion: ((Bool, Error?) -> Void)? = nil) {
+        // Update state
+        connectionState = .connecting
+        delegate?.connectionStateDidChange(connectionState)
+        
+        // Connect using the protocol implementation
+        protocol.connect(to: host, port: port) { [weak self] success, error in
+            guard let self = self else { return }
+            
+            if success {
+                self.connectionState = .connected
+            } else if let error = error {
+                self.connectionState = .error(error)
+            } else {
+                self.connectionState = .disconnected
+            }
+            
+            self.delegate?.connectionStateDidChange(self.connectionState)
+            completion?(success, error)
+        }
+    }
+    
+    /// Disconnect from the server
+    /// - Parameter completion: Optional completion handler
+    public func disconnect(completion: (() -> Void)? = nil) {
+        // Update state
+        connectionState = .disconnecting
+        delegate?.connectionStateDidChange(connectionState)
+        
+        // Disconnect
+        protocol.disconnect()
+        
+        // Update state again
+        connectionState = .disconnected
+        delegate?.connectionStateDidChange(connectionState)
+        
+        completion?()
+    }
+    
+    /// Get the current connection state
+    /// - Returns: Current ConnectionState
+    public func getConnectionState() -> ConnectionState {
+        return connectionState
+    }
+    
+    /// Check if currently connected
+    /// - Returns: True if connected, false otherwise
+    public func isConnected() -> Bool {
+        if case .connected = connectionState {
+            return true
+        }
+        return false
+    }
+    
+    // MARK: - Example Usage
+    
+    /// Example showing how to use this class in a view controller
+    public static func exampleUsage() -> String {
+        return """
+        // In your view controller:
+        
+        private let vpnClient = SoftEtherVPNClient()
+        
+        override func viewDidLoad() {
+            super.viewDidLoad()
+            
+            // Set delegate
+            vpnClient.delegate = self
+        }
+        
+        @IBAction func connectButtonTapped(_ sender: UIButton) {
+            if vpnClient.isConnected() {
+                vpnClient.disconnect()
+            } else {
+                vpnClient.connect(to: "vpn.example.com") { success, error in
+                    if !success {
+                        print("Failed to connect: \\(error?.localizedDescription ?? "Unknown error")")
+                    }
+                }
+            }
+        }
+        
+        // MARK: - ConnectionDelegate
+        
+        extension YourViewController: SoftEtherVPNClient.ConnectionDelegate {
+            func connectionStateDidChange(_ state: SoftEtherVPNClient.ConnectionState) {
+                switch state {
+                case .connected:
+                    connectButton.setTitle("Disconnect", for: .normal)
+                    statusLabel.text = "Connected"
+                case .connecting:
+                    statusLabel.text = "Connecting..."
+                case .disconnecting:
+                    statusLabel.text = "Disconnecting..."
+                case .disconnected:
+                    connectButton.setTitle("Connect", for: .normal)
+                    statusLabel.text = "Disconnected"
+                case .error(let error):
+                    statusLabel.text = "Error: \\(error.localizedDescription)"
+                    connectButton.setTitle("Connect", for: .normal)
+                }
+            }
+        }
+        """
+    }
+}

description

@@ -2,4 +2,4 @@ SoftEther VPN ("SoftEther" means "Software Ethernet") is an open-source cross-pl
 Its protocol is very fast and it can be used in very restricted environments, as it's able to transfer packets over DNS and ICMP.
 The server includes a free Dynamic DNS service, which can be used to access the server even if the public IP address changes.
 A NAT-Traversal function is also available, very useful in case the required ports cannot be opened on the firewall.
-The supported third party protocols are OpenVPN, L2TP/IPSec and SSTP.
+The supported third party protocols are OpenVPN, L2TP/IPSec, SSTP and WireGuard.

developer_tools/stbchecker/stbchecker.csproj

@@ -2,7 +2,7 @@
 
   <PropertyGroup>
     <OutputType>Exe</OutputType>
-    <TargetFramework>netcoreapp2.1</TargetFramework>
+    <TargetFramework>net8.0</TargetFramework>
   </PropertyGroup>
 
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|AnyCPU'">

developer_tools/vpnserver-jsonrpc-clients/README.html

@@ -216,8 +216,8 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
 <li><a href="#getspeciallistener">GetSpecialListener - Get Current Setting of the VPN over ICMP / VPN over DNS Function</a></li>
 <li><a href="#getazurestatus">GetAzureStatus - Show the current status of VPN Azure function</a></li>
 <li><a href="#setazurestatus">SetAzureStatus - Enable / Disable VPN Azure Function</a></li>
-<li><a href="#getddnsinternetsettng">GetDDnsInternetSettng - Get the Proxy Settings for Connecting to the DDNS server</a></li>
-<li><a href="#setddnsinternetsettng">SetDDnsInternetSettng - Set the Proxy Settings for Connecting to the DDNS server</a></li>
+<li><a href="#getddnsinternetsetting">GetDDnsInternetSetting - Get the Proxy Settings for Connecting to the DDNS server</a></li>
+<li><a href="#setddnsinternetsetting">SetDDnsInternetSetting - Set the Proxy Settings for Connecting to the DDNS server</a></li>
 <li><a href="#setvgsconfig">SetVgsConfig - Set the VPN Gate Server Configuration</a></li>
 <li><a href="#getvgsconfig">GetVgsConfig - Get the VPN Gate Server Configuration</a></li>
 </ul>
@@ -305,7 +305,7 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
     &quot;ServerBuildInt_u32&quot;: 0,
     &quot;ServerHostName_str&quot;: &quot;serverhostname&quot;,
     &quot;ServerType_u32&quot;: 0,
-    &quot;ServerBuildDate_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+    &quot;ServerBuildDate_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
     &quot;ServerFamilyName_str&quot;: &quot;serverfamilyname&quot;,
     &quot;OsType_u32&quot;: 0,
     &quot;OsServicePack_u32&quot;: 0,
@@ -460,9 +460,9 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
     &quot;Send.BroadcastCount_u64&quot;: 0,
     &quot;Send.UnicastBytes_u64&quot;: 0,
     &quot;Send.UnicastCount_u64&quot;: 0,
-    &quot;CurrentTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+    &quot;CurrentTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
     &quot;CurrentTick_u64&quot;: 0,
-    &quot;StartTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+    &quot;StartTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
     &quot;TotalMemory_u64&quot;: 0,
     &quot;UsedMemory_u64&quot;: 0,
     &quot;FreeMemory_u64&quot;: 0,
@@ -1136,7 +1136,7 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
   &quot;result&quot;: {
     &quot;Id_u32&quot;: 0,
     &quot;Controller_bool&quot;: false,
-    &quot;ConnectedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+    &quot;ConnectedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
     &quot;Ip_ip&quot;: &quot;192.168.0.1&quot;,
     &quot;Hostname_str&quot;: &quot;hostname&quot;,
     &quot;Point_u32&quot;: 0,
@@ -1283,7 +1283,7 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
       {
         &quot;Id_u32&quot;: 0,
         &quot;Controller_bool&quot;: false,
-        &quot;ConnectedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+        &quot;ConnectedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
         &quot;Ip_ip&quot;: &quot;192.168.0.1&quot;,
         &quot;Hostname_str&quot;: &quot;hostname&quot;,
         &quot;Point_u32&quot;: 0,
@@ -1296,7 +1296,7 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
       {
         &quot;Id_u32&quot;: 0,
         &quot;Controller_bool&quot;: false,
-        &quot;ConnectedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+        &quot;ConnectedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
         &quot;Ip_ip&quot;: &quot;192.168.0.1&quot;,
         &quot;Hostname_str&quot;: &quot;hostname&quot;,
         &quot;Point_u32&quot;: 0,
@@ -1309,7 +1309,7 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
       {
         &quot;Id_u32&quot;: 0,
         &quot;Controller_bool&quot;: false,
-        &quot;ConnectedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+        &quot;ConnectedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
         &quot;Ip_ip&quot;: &quot;192.168.0.1&quot;,
         &quot;Hostname_str&quot;: &quot;hostname&quot;,
         &quot;Point_u32&quot;: 0,
@@ -1422,9 +1422,9 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
     &quot;Port_u32&quot;: 0,
     &quot;Online_bool&quot;: false,
     &quot;LastError_u32&quot;: 0,
-    &quot;StartedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-    &quot;FirstConnectedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-    &quot;CurrentConnectedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+    &quot;StartedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+    &quot;FirstConnectedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+    &quot;CurrentConnectedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
     &quot;NumTry_u32&quot;: 0,
     &quot;NumConnected_u32&quot;: 0,
     &quot;NumFailed_u32&quot;: 0
@@ -1918,9 +1918,9 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
         &quot;NumSessions_u32&quot;: 0,
         &quot;NumMacTables_u32&quot;: 0,
         &quot;NumIpTables_u32&quot;: 0,
-        &quot;LastCommTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-        &quot;LastLoginTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-        &quot;CreatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+        &quot;LastCommTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+        &quot;LastLoginTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+        &quot;CreatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
         &quot;NumLogin_u32&quot;: 0,
         &quot;IsTrafficFilled_bool&quot;: false,
         &quot;Ex.Recv.BroadcastBytes_u64&quot;: 0,
@@ -1941,9 +1941,9 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
         &quot;NumSessions_u32&quot;: 0,
         &quot;NumMacTables_u32&quot;: 0,
         &quot;NumIpTables_u32&quot;: 0,
-        &quot;LastCommTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-        &quot;LastLoginTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-        &quot;CreatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+        &quot;LastCommTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+        &quot;LastLoginTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+        &quot;CreatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
         &quot;NumLogin_u32&quot;: 0,
         &quot;IsTrafficFilled_bool&quot;: false,
         &quot;Ex.Recv.BroadcastBytes_u64&quot;: 0,
@@ -1964,9 +1964,9 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
         &quot;NumSessions_u32&quot;: 0,
         &quot;NumMacTables_u32&quot;: 0,
         &quot;NumIpTables_u32&quot;: 0,
-        &quot;LastCommTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-        &quot;LastLoginTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-        &quot;CreatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+        &quot;LastCommTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+        &quot;LastLoginTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+        &quot;CreatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
         &quot;NumLogin_u32&quot;: 0,
         &quot;IsTrafficFilled_bool&quot;: false,
         &quot;Ex.Recv.BroadcastBytes_u64&quot;: 0,
@@ -2309,7 +2309,7 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
         &quot;Hostname_str&quot;: &quot;hostname&quot;,
         &quot;Ip_ip&quot;: &quot;192.168.0.1&quot;,
         &quot;Port_u32&quot;: 0,
-        &quot;ConnectedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+        &quot;ConnectedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
         &quot;Type_u32&quot;: 0
       },
       {
@@ -2317,7 +2317,7 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
         &quot;Hostname_str&quot;: &quot;hostname&quot;,
         &quot;Ip_ip&quot;: &quot;192.168.0.1&quot;,
         &quot;Port_u32&quot;: 0,
-        &quot;ConnectedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+        &quot;ConnectedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
         &quot;Type_u32&quot;: 0
       },
       {
@@ -2325,7 +2325,7 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
         &quot;Hostname_str&quot;: &quot;hostname&quot;,
         &quot;Ip_ip&quot;: &quot;192.168.0.1&quot;,
         &quot;Port_u32&quot;: 0,
-        &quot;ConnectedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+        &quot;ConnectedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
         &quot;Type_u32&quot;: 0
       }
     ]
@@ -2450,7 +2450,7 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
     &quot;Hostname_str&quot;: &quot;hostname&quot;,
     &quot;Ip_ip&quot;: &quot;192.168.0.1&quot;,
     &quot;Port_u32&quot;: 0,
-    &quot;ConnectedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+    &quot;ConnectedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
     &quot;ServerStr_str&quot;: &quot;serverstr&quot;,
     &quot;ServerVer_u32&quot;: 0,
     &quot;ServerBuild_u32&quot;: 0,
@@ -2620,9 +2620,9 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
     &quot;Send.UnicastBytes_u64&quot;: 0,
     &quot;Send.UnicastCount_u64&quot;: 0,
     &quot;SecureNATEnabled_bool&quot;: false,
-    &quot;LastCommTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-    &quot;LastLoginTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-    &quot;CreatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+    &quot;LastCommTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+    &quot;LastLoginTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+    &quot;CreatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
     &quot;NumLogin_u32&quot;: 0
   }
 }
@@ -2992,19 +2992,19 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
         &quot;Key_u32&quot;: 0,
         &quot;SubjectName_utf&quot;: &quot;subjectname&quot;,
         &quot;IssuerName_utf&quot;: &quot;issuername&quot;,
-        &quot;Expires_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;
+        &quot;Expires_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;
       },
       {
         &quot;Key_u32&quot;: 0,
         &quot;SubjectName_utf&quot;: &quot;subjectname&quot;,
         &quot;IssuerName_utf&quot;: &quot;issuername&quot;,
-        &quot;Expires_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;
+        &quot;Expires_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;
       },
       {
         &quot;Key_u32&quot;: 0,
         &quot;SubjectName_utf&quot;: &quot;subjectname&quot;,
         &quot;IssuerName_utf&quot;: &quot;issuername&quot;,
-        &quot;Expires_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;
+        &quot;Expires_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;
       }
     ]
   }
@@ -4348,7 +4348,7 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
         &quot;Online_bool&quot;: false,
         &quot;Connected_bool&quot;: false,
         &quot;LastError_u32&quot;: 0,
-        &quot;ConnectedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+        &quot;ConnectedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
         &quot;Hostname_str&quot;: &quot;hostname&quot;,
         &quot;TargetHubName_str&quot;: &quot;targethubname&quot;
       },
@@ -4357,7 +4357,7 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
         &quot;Online_bool&quot;: false,
         &quot;Connected_bool&quot;: false,
         &quot;LastError_u32&quot;: 0,
-        &quot;ConnectedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+        &quot;ConnectedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
         &quot;Hostname_str&quot;: &quot;hostname&quot;,
         &quot;TargetHubName_str&quot;: &quot;targethubname&quot;
       },
@@ -4366,7 +4366,7 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
         &quot;Online_bool&quot;: false,
         &quot;Connected_bool&quot;: false,
         &quot;LastError_u32&quot;: 0,
-        &quot;ConnectedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+        &quot;ConnectedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
         &quot;Hostname_str&quot;: &quot;hostname&quot;,
         &quot;TargetHubName_str&quot;: &quot;targethubname&quot;
       }
@@ -4668,9 +4668,9 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
     &quot;ServerProductBuild_u32&quot;: 0,
     &quot;ServerX_bin&quot;: &quot;SGVsbG8gV29ybGQ=&quot;,
     &quot;ClientX_bin&quot;: &quot;SGVsbG8gV29ybGQ=&quot;,
-    &quot;StartTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-    &quot;FirstConnectionEstablisiedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-    &quot;CurrentConnectionEstablishTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+    &quot;StartTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+    &quot;FirstConnectionEstablisiedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+    &quot;CurrentConnectionEstablishTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
     &quot;NumConnectionsEatablished_u32&quot;: 0,
     &quot;HalfConnection_bool&quot;: false,
     &quot;QoS_bool&quot;: false,
@@ -5996,7 +5996,7 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
     &quot;Name_str&quot;: &quot;name&quot;,
     &quot;Realname_utf&quot;: &quot;realname&quot;,
     &quot;Note_utf&quot;: &quot;note&quot;,
-    &quot;ExpireTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+    &quot;ExpireTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
     &quot;AuthType_u32&quot;: 0,
     &quot;Auth_Password_str&quot;: &quot;auth_password&quot;,
     &quot;UserX_bin&quot;: &quot;SGVsbG8gV29ybGQ=&quot;,
@@ -6057,9 +6057,9 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
     &quot;GroupName_str&quot;: &quot;groupname&quot;,
     &quot;Realname_utf&quot;: &quot;realname&quot;,
     &quot;Note_utf&quot;: &quot;note&quot;,
-    &quot;CreatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-    &quot;UpdatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-    &quot;ExpireTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+    &quot;CreatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+    &quot;UpdatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+    &quot;ExpireTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
     &quot;AuthType_u32&quot;: 0,
     &quot;Auth_Password_str&quot;: &quot;auth_password&quot;,
     &quot;UserX_bin&quot;: &quot;SGVsbG8gV29ybGQ=&quot;,
@@ -6247,7 +6247,7 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
 <tr>
 <td><code>Send.UnicastCount_u64</code></td>
 <td><code>number</code> (uint64)</td>
-<td>Unicast count (Send)</td>
+<td>Unicast bytes (Send)</td>
 </tr>
 <tr>
 <td><code>UsePolicy_bool</code></td>
@@ -6467,7 +6467,7 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
     &quot;GroupName_str&quot;: &quot;groupname&quot;,
     &quot;Realname_utf&quot;: &quot;realname&quot;,
     &quot;Note_utf&quot;: &quot;note&quot;,
-    &quot;ExpireTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+    &quot;ExpireTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
     &quot;AuthType_u32&quot;: 0,
     &quot;Auth_Password_str&quot;: &quot;auth_password&quot;,
     &quot;UserX_bin&quot;: &quot;SGVsbG8gV29ybGQ=&quot;,
@@ -6528,9 +6528,9 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
     &quot;GroupName_str&quot;: &quot;groupname&quot;,
     &quot;Realname_utf&quot;: &quot;realname&quot;,
     &quot;Note_utf&quot;: &quot;note&quot;,
-    &quot;CreatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-    &quot;UpdatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-    &quot;ExpireTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+    &quot;CreatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+    &quot;UpdatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+    &quot;ExpireTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
     &quot;AuthType_u32&quot;: 0,
     &quot;Auth_Password_str&quot;: &quot;auth_password&quot;,
     &quot;UserX_bin&quot;: &quot;SGVsbG8gV29ybGQ=&quot;,
@@ -6948,9 +6948,9 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
     &quot;GroupName_str&quot;: &quot;groupname&quot;,
     &quot;Realname_utf&quot;: &quot;realname&quot;,
     &quot;Note_utf&quot;: &quot;note&quot;,
-    &quot;CreatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-    &quot;UpdatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-    &quot;ExpireTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+    &quot;CreatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+    &quot;UpdatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+    &quot;ExpireTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
     &quot;AuthType_u32&quot;: 0,
     &quot;Auth_Password_str&quot;: &quot;auth_password&quot;,
     &quot;UserX_bin&quot;: &quot;SGVsbG8gV29ybGQ=&quot;,
@@ -7419,11 +7419,11 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
         &quot;Note_utf&quot;: &quot;note&quot;,
         &quot;AuthType_u32&quot;: 0,
         &quot;NumLogin_u32&quot;: 0,
-        &quot;LastLoginTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+        &quot;LastLoginTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
         &quot;DenyAccess_bool&quot;: false,
         &quot;IsTrafficFilled_bool&quot;: false,
         &quot;IsExpiresFilled_bool&quot;: false,
-        &quot;Expires_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+        &quot;Expires_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
         &quot;Ex.Recv.BroadcastBytes_u64&quot;: 0,
         &quot;Ex.Recv.BroadcastCount_u64&quot;: 0,
         &quot;Ex.Recv.UnicastBytes_u64&quot;: 0,
@@ -7440,11 +7440,11 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
         &quot;Note_utf&quot;: &quot;note&quot;,
         &quot;AuthType_u32&quot;: 0,
         &quot;NumLogin_u32&quot;: 0,
-        &quot;LastLoginTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+        &quot;LastLoginTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
         &quot;DenyAccess_bool&quot;: false,
         &quot;IsTrafficFilled_bool&quot;: false,
         &quot;IsExpiresFilled_bool&quot;: false,
-        &quot;Expires_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+        &quot;Expires_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
         &quot;Ex.Recv.BroadcastBytes_u64&quot;: 0,
         &quot;Ex.Recv.BroadcastCount_u64&quot;: 0,
         &quot;Ex.Recv.UnicastBytes_u64&quot;: 0,
@@ -7461,11 +7461,11 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
         &quot;Note_utf&quot;: &quot;note&quot;,
         &quot;AuthType_u32&quot;: 0,
         &quot;NumLogin_u32&quot;: 0,
-        &quot;LastLoginTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+        &quot;LastLoginTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
         &quot;DenyAccess_bool&quot;: false,
         &quot;IsTrafficFilled_bool&quot;: false,
         &quot;IsExpiresFilled_bool&quot;: false,
-        &quot;Expires_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+        &quot;Expires_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
         &quot;Ex.Recv.BroadcastBytes_u64&quot;: 0,
         &quot;Ex.Recv.BroadcastCount_u64&quot;: 0,
         &quot;Ex.Recv.UnicastBytes_u64&quot;: 0,
@@ -8907,8 +8907,8 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
         &quot;Client_MonitorMode_bool&quot;: false,
         &quot;VLanId_u32&quot;: 0,
         &quot;UniqueId_bin&quot;: &quot;SGVsbG8gV29ybGQ=&quot;,
-        &quot;CreatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-        &quot;LastCommTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;
+        &quot;CreatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+        &quot;LastCommTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;
       },
       {
         &quot;Name_str&quot;: &quot;name&quot;,
@@ -8929,8 +8929,8 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
         &quot;Client_MonitorMode_bool&quot;: false,
         &quot;VLanId_u32&quot;: 0,
         &quot;UniqueId_bin&quot;: &quot;SGVsbG8gV29ybGQ=&quot;,
-        &quot;CreatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-        &quot;LastCommTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;
+        &quot;CreatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+        &quot;LastCommTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;
       },
       {
         &quot;Name_str&quot;: &quot;name&quot;,
@@ -8951,8 +8951,8 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
         &quot;Client_MonitorMode_bool&quot;: false,
         &quot;VLanId_u32&quot;: 0,
         &quot;UniqueId_bin&quot;: &quot;SGVsbG8gV29ybGQ=&quot;,
-        &quot;CreatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-        &quot;LastCommTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;
+        &quot;CreatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+        &quot;LastCommTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;
       }
     ]
   }
@@ -9117,9 +9117,9 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
     &quot;ServerProductName_str&quot;: &quot;serverproductname&quot;,
     &quot;ServerProductVer_u32&quot;: 0,
     &quot;ServerProductBuild_u32&quot;: 0,
-    &quot;StartTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-    &quot;FirstConnectionEstablisiedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-    &quot;CurrentConnectionEstablishTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+    &quot;StartTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+    &quot;FirstConnectionEstablisiedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+    &quot;CurrentConnectionEstablishTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
     &quot;NumConnectionsEatablished_u32&quot;: 0,
     &quot;HalfConnection_bool&quot;: false,
     &quot;QoS_bool&quot;: false,
@@ -9496,8 +9496,8 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
         &quot;Key_u32&quot;: 0,
         &quot;SessionName_str&quot;: &quot;sessionname&quot;,
         &quot;MacAddress_bin&quot;: &quot;SGVsbG8gV29ybGQ=&quot;,
-        &quot;CreatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-        &quot;UpdatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+        &quot;CreatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+        &quot;UpdatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
         &quot;RemoteItem_bool&quot;: false,
         &quot;RemoteHostname_str&quot;: &quot;remotehostname&quot;,
         &quot;VlanId_u32&quot;: 0
@@ -9506,8 +9506,8 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
         &quot;Key_u32&quot;: 0,
         &quot;SessionName_str&quot;: &quot;sessionname&quot;,
         &quot;MacAddress_bin&quot;: &quot;SGVsbG8gV29ybGQ=&quot;,
-        &quot;CreatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-        &quot;UpdatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+        &quot;CreatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+        &quot;UpdatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
         &quot;RemoteItem_bool&quot;: false,
         &quot;RemoteHostname_str&quot;: &quot;remotehostname&quot;,
         &quot;VlanId_u32&quot;: 0
@@ -9516,8 +9516,8 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
         &quot;Key_u32&quot;: 0,
         &quot;SessionName_str&quot;: &quot;sessionname&quot;,
         &quot;MacAddress_bin&quot;: &quot;SGVsbG8gV29ybGQ=&quot;,
-        &quot;CreatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-        &quot;UpdatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+        &quot;CreatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+        &quot;UpdatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
         &quot;RemoteItem_bool&quot;: false,
         &quot;RemoteHostname_str&quot;: &quot;remotehostname&quot;,
         &quot;VlanId_u32&quot;: 0
@@ -9663,8 +9663,8 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
         &quot;SessionName_str&quot;: &quot;sessionname&quot;,
         &quot;IpAddress_ip&quot;: &quot;192.168.0.1&quot;,
         &quot;DhcpAllocated_bool&quot;: false,
-        &quot;CreatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-        &quot;UpdatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+        &quot;CreatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+        &quot;UpdatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
         &quot;RemoteItem_bool&quot;: false,
         &quot;RemoteHostname_str&quot;: &quot;remotehostname&quot;
       },
@@ -9673,8 +9673,8 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
         &quot;SessionName_str&quot;: &quot;sessionname&quot;,
         &quot;IpAddress_ip&quot;: &quot;192.168.0.1&quot;,
         &quot;DhcpAllocated_bool&quot;: false,
-        &quot;CreatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-        &quot;UpdatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+        &quot;CreatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+        &quot;UpdatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
         &quot;RemoteItem_bool&quot;: false,
         &quot;RemoteHostname_str&quot;: &quot;remotehostname&quot;
       },
@@ -9683,8 +9683,8 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
         &quot;SessionName_str&quot;: &quot;sessionname&quot;,
         &quot;IpAddress_ip&quot;: &quot;192.168.0.1&quot;,
         &quot;DhcpAllocated_bool&quot;: false,
-        &quot;CreatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-        &quot;UpdatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+        &quot;CreatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+        &quot;UpdatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
         &quot;RemoteItem_bool&quot;: false,
         &quot;RemoteHostname_str&quot;: &quot;remotehostname&quot;
       }
@@ -10376,8 +10376,8 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
         &quot;DestIp_ip&quot;: &quot;192.168.0.1&quot;,
         &quot;DestHost_str&quot;: &quot;desthost&quot;,
         &quot;DestPort_u32&quot;: 0,
-        &quot;CreatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-        &quot;LastCommTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+        &quot;CreatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+        &quot;LastCommTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
         &quot;SendSize_u64&quot;: 0,
         &quot;RecvSize_u64&quot;: 0,
         &quot;TcpStatus_u32&quot;: 0
@@ -10391,8 +10391,8 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
         &quot;DestIp_ip&quot;: &quot;192.168.0.1&quot;,
         &quot;DestHost_str&quot;: &quot;desthost&quot;,
         &quot;DestPort_u32&quot;: 0,
-        &quot;CreatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-        &quot;LastCommTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+        &quot;CreatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+        &quot;LastCommTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
         &quot;SendSize_u64&quot;: 0,
         &quot;RecvSize_u64&quot;: 0,
         &quot;TcpStatus_u32&quot;: 0
@@ -10406,8 +10406,8 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
         &quot;DestIp_ip&quot;: &quot;192.168.0.1&quot;,
         &quot;DestHost_str&quot;: &quot;desthost&quot;,
         &quot;DestPort_u32&quot;: 0,
-        &quot;CreatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-        &quot;LastCommTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+        &quot;CreatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+        &quot;LastCommTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
         &quot;SendSize_u64&quot;: 0,
         &quot;RecvSize_u64&quot;: 0,
         &quot;TcpStatus_u32&quot;: 0
@@ -10527,8 +10527,8 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
     &quot;DhcpTable&quot;: [
       {
         &quot;Id_u32&quot;: 0,
-        &quot;LeasedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-        &quot;ExpireTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+        &quot;LeasedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+        &quot;ExpireTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
         &quot;MacAddress_bin&quot;: &quot;SGVsbG8gV29ybGQ=&quot;,
         &quot;IpAddress_ip&quot;: &quot;192.168.0.1&quot;,
         &quot;Mask_u32&quot;: 0,
@@ -10536,8 +10536,8 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
       },
       {
         &quot;Id_u32&quot;: 0,
-        &quot;LeasedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-        &quot;ExpireTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+        &quot;LeasedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+        &quot;ExpireTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
         &quot;MacAddress_bin&quot;: &quot;SGVsbG8gV29ybGQ=&quot;,
         &quot;IpAddress_ip&quot;: &quot;192.168.0.1&quot;,
         &quot;Mask_u32&quot;: 0,
@@ -10545,8 +10545,8 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
       },
       {
         &quot;Id_u32&quot;: 0,
-        &quot;LeasedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
-        &quot;ExpireTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
+        &quot;LeasedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
+        &quot;ExpireTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
         &quot;MacAddress_bin&quot;: &quot;SGVsbG8gV29ybGQ=&quot;,
         &quot;IpAddress_ip&quot;: &quot;192.168.0.1&quot;,
         &quot;Mask_u32&quot;: 0,
@@ -13090,19 +13090,19 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
         &quot;ServerName_str&quot;: &quot;servername&quot;,
         &quot;FilePath_str&quot;: &quot;filepath&quot;,
         &quot;FileSize_u32&quot;: 0,
-        &quot;UpdatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;
+        &quot;UpdatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;
       },
       {
         &quot;ServerName_str&quot;: &quot;servername&quot;,
         &quot;FilePath_str&quot;: &quot;filepath&quot;,
         &quot;FileSize_u32&quot;: 0,
-        &quot;UpdatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;
+        &quot;UpdatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;
       },
       {
         &quot;ServerName_str&quot;: &quot;servername&quot;,
         &quot;FilePath_str&quot;: &quot;filepath&quot;,
         &quot;FileSize_u32&quot;: 0,
-        &quot;UpdatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;
+        &quot;UpdatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;
       }
     ]
   }
@@ -14508,15 +14508,15 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
 </tbody>
 </table>
 <hr />
-<p><a id="getddnsinternetsettng"></a></p>
-<h2 id="getddnsinternetsettng-rpc-api-get-the-proxy-settings-for-connecting-to-the-ddns-server">&quot;GetDDnsInternetSettng&quot; RPC API - Get the Proxy Settings for Connecting to the DDNS server</h2>
+<p><a id="getddnsinternetsetting"></a></p>
+<h2 id="getddnsinternetsetting-rpc-api-get-the-proxy-settings-for-connecting-to-the-ddns-server">&quot;GetDDnsInternetSetting&quot; RPC API - Get the Proxy Settings for Connecting to the DDNS server</h2>
 <h3 id="description-131">Description</h3>
 <p>Get the Proxy Settings for Connecting to the DDNS server.</p>
 <h3 id="input-json-rpc-format-131">Input JSON-RPC Format</h3>
 <pre><code class="language-json">{
   &quot;jsonrpc&quot;: &quot;2.0&quot;,
   &quot;id&quot;: &quot;rpc_call_id&quot;,
-  &quot;method&quot;: &quot;GetDDnsInternetSettng&quot;,
+  &quot;method&quot;: &quot;GetDDnsInternetSetting&quot;,
   &quot;params&quot;: {}
 }
 </code></pre>
@@ -14571,15 +14571,15 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
 </tbody>
 </table>
 <hr />
-<p><a id="setddnsinternetsettng"></a></p>
-<h2 id="setddnsinternetsettng-rpc-api-set-the-proxy-settings-for-connecting-to-the-ddns-server">&quot;SetDDnsInternetSettng&quot; RPC API - Set the Proxy Settings for Connecting to the DDNS server</h2>
+<p><a id="setddnsinternetsetting"></a></p>
+<h2 id="setddnsinternetsetting-rpc-api-set-the-proxy-settings-for-connecting-to-the-ddns-server">&quot;SetDDnsInternetSetting&quot; RPC API - Set the Proxy Settings for Connecting to the DDNS server</h2>
 <h3 id="description-132">Description</h3>
 <p>Set the Proxy Settings for Connecting to the DDNS server.</p>
 <h3 id="input-json-rpc-format-132">Input JSON-RPC Format</h3>
 <pre><code class="language-json">{
   &quot;jsonrpc&quot;: &quot;2.0&quot;,
   &quot;id&quot;: &quot;rpc_call_id&quot;,
-  &quot;method&quot;: &quot;SetDDnsInternetSettng&quot;,
+  &quot;method&quot;: &quot;SetDDnsInternetSetting&quot;,
   &quot;params&quot;: {
     &quot;ProxyType_u32&quot;: 0,
     &quot;ProxyHostName_str&quot;: &quot;proxyhostname&quot;,
@@ -14640,8 +14640,8 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
 </tbody>
 </table>
 <hr />
-<p>Automatically generated at 2019-07-10 14:36:11 by vpnserver-jsonrpc-codegen.<br />
-Copyright (c) 2014-2019 <a href="https://www.softether.org/">SoftEther VPN Project</a> under the Apache License 2.0.</p>
+<p>Automatically generated at 2023-05-10 14:43:37 by vpnserver-jsonrpc-codegen.<br />
+Copyright (c) 2014-2023 <a href="https://www.softether.org/">SoftEther VPN Project</a> under the Apache License 2.0.</p>
 
 	</article>
 </body>

developer_tools/vpnserver-jsonrpc-clients/README.md

@@ -208,8 +208,8 @@ Value | Description
 - [GetSpecialListener - Get Current Setting of the VPN over ICMP / VPN over DNS Function](#getspeciallistener)
 - [GetAzureStatus - Show the current status of VPN Azure function](#getazurestatus)
 - [SetAzureStatus - Enable / Disable VPN Azure Function](#setazurestatus)
-- [GetDDnsInternetSettng - Get the Proxy Settings for Connecting to the DDNS server](#getddnsinternetsettng)
-- [SetDDnsInternetSettng - Set the Proxy Settings for Connecting to the DDNS server](#setddnsinternetsettng)
+- [GetDDnsInternetSetting - Get the Proxy Settings for Connecting to the DDNS server](#getddnsinternetsetting)
+- [SetDDnsInternetSetting - Set the Proxy Settings for Connecting to the DDNS server](#setddnsinternetsetting)
 - [SetVgsConfig - Set the VPN Gate Server Configuration](#setvgsconfig)
 - [GetVgsConfig - Get the VPN Gate Server Configuration](#getvgsconfig)
 
@@ -283,7 +283,7 @@ Get server information. This allows you to obtain the server information of the
     "ServerBuildInt_u32": 0,
     "ServerHostName_str": "serverhostname",
     "ServerType_u32": 0,
-    "ServerBuildDate_dt": "2020-08-01T12:24:36.123",
+    "ServerBuildDate_dt": "2024-08-01T12:24:36.123",
     "ServerFamilyName_str": "serverfamilyname",
     "OsType_u32": 0,
     "OsServicePack_u32": 0,
@@ -368,9 +368,9 @@ Get Current Server Status. This allows you to obtain in real-time the current st
     "Send.BroadcastCount_u64": 0,
     "Send.UnicastBytes_u64": 0,
     "Send.UnicastCount_u64": 0,
-    "CurrentTime_dt": "2020-08-01T12:24:36.123",
+    "CurrentTime_dt": "2024-08-01T12:24:36.123",
     "CurrentTick_u64": 0,
-    "StartTime_dt": "2020-08-01T12:24:36.123",
+    "StartTime_dt": "2024-08-01T12:24:36.123",
     "TotalMemory_u64": 0,
     "UsedMemory_u64": 0,
     "FreeMemory_u64": 0,
@@ -768,7 +768,7 @@ Get Cluster Member Information. When the VPN Server is operating as a cluster co
   "result": {
     "Id_u32": 0,
     "Controller_bool": false,
-    "ConnectedTime_dt": "2020-08-01T12:24:36.123",
+    "ConnectedTime_dt": "2024-08-01T12:24:36.123",
     "Ip_ip": "192.168.0.1",
     "Hostname_str": "hostname",
     "Point_u32": 0,
@@ -849,7 +849,7 @@ Get List of Cluster Members. Use this API when the VPN Server is operating as a
       {
         "Id_u32": 0,
         "Controller_bool": false,
-        "ConnectedTime_dt": "2020-08-01T12:24:36.123",
+        "ConnectedTime_dt": "2024-08-01T12:24:36.123",
         "Ip_ip": "192.168.0.1",
         "Hostname_str": "hostname",
         "Point_u32": 0,
@@ -862,7 +862,7 @@ Get List of Cluster Members. Use this API when the VPN Server is operating as a
       {
         "Id_u32": 0,
         "Controller_bool": false,
-        "ConnectedTime_dt": "2020-08-01T12:24:36.123",
+        "ConnectedTime_dt": "2024-08-01T12:24:36.123",
         "Ip_ip": "192.168.0.1",
         "Hostname_str": "hostname",
         "Point_u32": 0,
@@ -875,7 +875,7 @@ Get List of Cluster Members. Use this API when the VPN Server is operating as a
       {
         "Id_u32": 0,
         "Controller_bool": false,
-        "ConnectedTime_dt": "2020-08-01T12:24:36.123",
+        "ConnectedTime_dt": "2024-08-01T12:24:36.123",
         "Ip_ip": "192.168.0.1",
         "Hostname_str": "hostname",
         "Point_u32": 0,
@@ -934,9 +934,9 @@ Get Connection Status to Cluster Controller. Use this API when the VPN Server is
     "Port_u32": 0,
     "Online_bool": false,
     "LastError_u32": 0,
-    "StartedTime_dt": "2020-08-01T12:24:36.123",
-    "FirstConnectedTime_dt": "2020-08-01T12:24:36.123",
-    "CurrentConnectedTime_dt": "2020-08-01T12:24:36.123",
+    "StartedTime_dt": "2024-08-01T12:24:36.123",
+    "FirstConnectedTime_dt": "2024-08-01T12:24:36.123",
+    "CurrentConnectedTime_dt": "2024-08-01T12:24:36.123",
     "NumTry_u32": 0,
     "NumConnected_u32": 0,
     "NumFailed_u32": 0
@@ -1278,9 +1278,9 @@ Get List of Virtual Hubs. Use this to get a list of existing Virtual Hubs on the
         "NumSessions_u32": 0,
         "NumMacTables_u32": 0,
         "NumIpTables_u32": 0,
-        "LastCommTime_dt": "2020-08-01T12:24:36.123",
-        "LastLoginTime_dt": "2020-08-01T12:24:36.123",
-        "CreatedTime_dt": "2020-08-01T12:24:36.123",
+        "LastCommTime_dt": "2024-08-01T12:24:36.123",
+        "LastLoginTime_dt": "2024-08-01T12:24:36.123",
+        "CreatedTime_dt": "2024-08-01T12:24:36.123",
         "NumLogin_u32": 0,
         "IsTrafficFilled_bool": false,
         "Ex.Recv.BroadcastBytes_u64": 0,
@@ -1301,9 +1301,9 @@ Get List of Virtual Hubs. Use this to get a list of existing Virtual Hubs on the
         "NumSessions_u32": 0,
         "NumMacTables_u32": 0,
         "NumIpTables_u32": 0,
-        "LastCommTime_dt": "2020-08-01T12:24:36.123",
-        "LastLoginTime_dt": "2020-08-01T12:24:36.123",
-        "CreatedTime_dt": "2020-08-01T12:24:36.123",
+        "LastCommTime_dt": "2024-08-01T12:24:36.123",
+        "LastLoginTime_dt": "2024-08-01T12:24:36.123",
+        "CreatedTime_dt": "2024-08-01T12:24:36.123",
         "NumLogin_u32": 0,
         "IsTrafficFilled_bool": false,
         "Ex.Recv.BroadcastBytes_u64": 0,
@@ -1324,9 +1324,9 @@ Get List of Virtual Hubs. Use this to get a list of existing Virtual Hubs on the
         "NumSessions_u32": 0,
         "NumMacTables_u32": 0,
         "NumIpTables_u32": 0,
-        "LastCommTime_dt": "2020-08-01T12:24:36.123",
-        "LastLoginTime_dt": "2020-08-01T12:24:36.123",
-        "CreatedTime_dt": "2020-08-01T12:24:36.123",
+        "LastCommTime_dt": "2024-08-01T12:24:36.123",
+        "LastLoginTime_dt": "2024-08-01T12:24:36.123",
+        "CreatedTime_dt": "2024-08-01T12:24:36.123",
         "NumLogin_u32": 0,
         "IsTrafficFilled_bool": false,
         "Ex.Recv.BroadcastBytes_u64": 0,
@@ -1525,7 +1525,7 @@ Get List of TCP Connections Connecting to the VPN Server. Use this to get a list
         "Hostname_str": "hostname",
         "Ip_ip": "192.168.0.1",
         "Port_u32": 0,
-        "ConnectedTime_dt": "2020-08-01T12:24:36.123",
+        "ConnectedTime_dt": "2024-08-01T12:24:36.123",
         "Type_u32": 0
       },
       {
@@ -1533,7 +1533,7 @@ Get List of TCP Connections Connecting to the VPN Server. Use this to get a list
         "Hostname_str": "hostname",
         "Ip_ip": "192.168.0.1",
         "Port_u32": 0,
-        "ConnectedTime_dt": "2020-08-01T12:24:36.123",
+        "ConnectedTime_dt": "2024-08-01T12:24:36.123",
         "Type_u32": 0
       },
       {
@@ -1541,7 +1541,7 @@ Get List of TCP Connections Connecting to the VPN Server. Use this to get a list
         "Hostname_str": "hostname",
         "Ip_ip": "192.168.0.1",
         "Port_u32": 0,
-        "ConnectedTime_dt": "2020-08-01T12:24:36.123",
+        "ConnectedTime_dt": "2024-08-01T12:24:36.123",
         "Type_u32": 0
       }
     ]
@@ -1626,7 +1626,7 @@ Get Information of TCP Connections Connecting to the VPN Server. Use this to get
     "Hostname_str": "hostname",
     "Ip_ip": "192.168.0.1",
     "Port_u32": 0,
-    "ConnectedTime_dt": "2020-08-01T12:24:36.123",
+    "ConnectedTime_dt": "2024-08-01T12:24:36.123",
     "ServerStr_str": "serverstr",
     "ServerVer_u32": 0,
     "ServerBuild_u32": 0,
@@ -1736,9 +1736,9 @@ Get Current Status of Virtual Hub. Use this to get the current status of the Vir
     "Send.UnicastBytes_u64": 0,
     "Send.UnicastCount_u64": 0,
     "SecureNATEnabled_bool": false,
-    "LastCommTime_dt": "2020-08-01T12:24:36.123",
-    "LastLoginTime_dt": "2020-08-01T12:24:36.123",
-    "CreatedTime_dt": "2020-08-01T12:24:36.123",
+    "LastCommTime_dt": "2024-08-01T12:24:36.123",
+    "LastLoginTime_dt": "2024-08-01T12:24:36.123",
+    "CreatedTime_dt": "2024-08-01T12:24:36.123",
     "NumLogin_u32": 0
   }
 }
@@ -1948,19 +1948,19 @@ Get List of Trusted CA Certificates. Here you can manage the certificate authori
         "Key_u32": 0,
         "SubjectName_utf": "subjectname",
         "IssuerName_utf": "issuername",
-        "Expires_dt": "2020-08-01T12:24:36.123"
+        "Expires_dt": "2024-08-01T12:24:36.123"
       },
       {
         "Key_u32": 0,
         "SubjectName_utf": "subjectname",
         "IssuerName_utf": "issuername",
-        "Expires_dt": "2020-08-01T12:24:36.123"
+        "Expires_dt": "2024-08-01T12:24:36.123"
       },
       {
         "Key_u32": 0,
         "SubjectName_utf": "subjectname",
         "IssuerName_utf": "issuername",
-        "Expires_dt": "2020-08-01T12:24:36.123"
+        "Expires_dt": "2024-08-01T12:24:36.123"
       }
     ]
   }
@@ -2352,7 +2352,7 @@ Name | Type | Description
 `NoUdpAcceleration_bool` | `boolean` | Client Option Parameters: Do not use UDP acceleration mode if the value is true
 `AuthType_u32` | `number` (enum) | Authentication type<BR>Values:<BR>`0`: Anonymous authentication<BR>`1`: SHA-0 hashed password authentication<BR>`2`: Plain password authentication<BR>`3`: Certificate authentication
 `Username_str` | `string` (ASCII) | User name
-`HashedPassword_bin` | `string` (Base64 binary) | SHA-0 Hashed password. Valid only if ClientAuth_AuthType_u32 == SHA0_Hashed_Password (1). The SHA-0 hashed password must be caluclated by the SHA0(UpperCase(username_ascii_string) + password_ascii_string).
+`HashedPassword_bin` | `string` (Base64 binary) | SHA-0 Hashed password. Valid only if ClientAuth_AuthType_u32 == SHA0_Hashed_Password (1). The SHA-0 hashed password must be caluclated by the SHA0(password_ascii_string + UpperCase(username_ascii_string)).
 `PlainPassword_str` | `string` (ASCII) | Plaintext Password. Valid only if ClientAuth_AuthType_u32 == PlainPassword (2).
 `ClientX_bin` | `string` (Base64 binary) | Client certificate. Valid only if ClientAuth_AuthType_u32 == Cert (3).
 `ClientK_bin` | `string` (Base64 binary) | Client private key of the certificate. Valid only if ClientAuth_AuthType_u32 == Cert (3).
@@ -2600,7 +2600,7 @@ Get List of Cascade Connections. Use this to get a list of Cascade Connections t
         "Online_bool": false,
         "Connected_bool": false,
         "LastError_u32": 0,
-        "ConnectedTime_dt": "2020-08-01T12:24:36.123",
+        "ConnectedTime_dt": "2024-08-01T12:24:36.123",
         "Hostname_str": "hostname",
         "TargetHubName_str": "targethubname"
       },
@@ -2609,7 +2609,7 @@ Get List of Cascade Connections. Use this to get a list of Cascade Connections t
         "Online_bool": false,
         "Connected_bool": false,
         "LastError_u32": 0,
-        "ConnectedTime_dt": "2020-08-01T12:24:36.123",
+        "ConnectedTime_dt": "2024-08-01T12:24:36.123",
         "Hostname_str": "hostname",
         "TargetHubName_str": "targethubname"
       },
@@ -2618,7 +2618,7 @@ Get List of Cascade Connections. Use this to get a list of Cascade Connections t
         "Online_bool": false,
         "Connected_bool": false,
         "LastError_u32": 0,
-        "ConnectedTime_dt": "2020-08-01T12:24:36.123",
+        "ConnectedTime_dt": "2024-08-01T12:24:36.123",
         "Hostname_str": "hostname",
         "TargetHubName_str": "targethubname"
       }
@@ -2834,9 +2834,9 @@ Get Current Cascade Connection Status. When a Cascade Connection registered on t
     "ServerProductBuild_u32": 0,
     "ServerX_bin": "SGVsbG8gV29ybGQ=",
     "ClientX_bin": "SGVsbG8gV29ybGQ=",
-    "StartTime_dt": "2020-08-01T12:24:36.123",
-    "FirstConnectionEstablisiedTime_dt": "2020-08-01T12:24:36.123",
-    "CurrentConnectionEstablishTime_dt": "2020-08-01T12:24:36.123",
+    "StartTime_dt": "2024-08-01T12:24:36.123",
+    "FirstConnectionEstablisiedTime_dt": "2024-08-01T12:24:36.123",
+    "CurrentConnectionEstablishTime_dt": "2024-08-01T12:24:36.123",
     "NumConnectionsEatablished_u32": 0,
     "HalfConnection_bool": false,
     "QoS_bool": false,
@@ -3566,7 +3566,7 @@ Create a user. Use this to create a new user in the security account database of
     "Name_str": "name",
     "Realname_utf": "realname",
     "Note_utf": "note",
-    "ExpireTime_dt": "2020-08-01T12:24:36.123",
+    "ExpireTime_dt": "2024-08-01T12:24:36.123",
     "AuthType_u32": 0,
     "Auth_Password_str": "auth_password",
     "UserX_bin": "SGVsbG8gV29ybGQ=",
@@ -3629,9 +3629,9 @@ Create a user. Use this to create a new user in the security account database of
     "GroupName_str": "groupname",
     "Realname_utf": "realname",
     "Note_utf": "note",
-    "CreatedTime_dt": "2020-08-01T12:24:36.123",
-    "UpdatedTime_dt": "2020-08-01T12:24:36.123",
-    "ExpireTime_dt": "2020-08-01T12:24:36.123",
+    "CreatedTime_dt": "2024-08-01T12:24:36.123",
+    "UpdatedTime_dt": "2024-08-01T12:24:36.123",
+    "ExpireTime_dt": "2024-08-01T12:24:36.123",
     "AuthType_u32": 0,
     "Auth_Password_str": "auth_password",
     "UserX_bin": "SGVsbG8gV29ybGQ=",
@@ -3779,7 +3779,7 @@ Change User Settings. Use this to change user settings that is registered on the
     "GroupName_str": "groupname",
     "Realname_utf": "realname",
     "Note_utf": "note",
-    "ExpireTime_dt": "2020-08-01T12:24:36.123",
+    "ExpireTime_dt": "2024-08-01T12:24:36.123",
     "AuthType_u32": 0,
     "Auth_Password_str": "auth_password",
     "UserX_bin": "SGVsbG8gV29ybGQ=",
@@ -3842,9 +3842,9 @@ Change User Settings. Use this to change user settings that is registered on the
     "GroupName_str": "groupname",
     "Realname_utf": "realname",
     "Note_utf": "note",
-    "CreatedTime_dt": "2020-08-01T12:24:36.123",
-    "UpdatedTime_dt": "2020-08-01T12:24:36.123",
-    "ExpireTime_dt": "2020-08-01T12:24:36.123",
+    "CreatedTime_dt": "2024-08-01T12:24:36.123",
+    "UpdatedTime_dt": "2024-08-01T12:24:36.123",
+    "ExpireTime_dt": "2024-08-01T12:24:36.123",
     "AuthType_u32": 0,
     "Auth_Password_str": "auth_password",
     "UserX_bin": "SGVsbG8gV29ybGQ=",
@@ -4004,9 +4004,9 @@ Get User Settings. Use this to get user settings information that is registered
     "GroupName_str": "groupname",
     "Realname_utf": "realname",
     "Note_utf": "note",
-    "CreatedTime_dt": "2020-08-01T12:24:36.123",
-    "UpdatedTime_dt": "2020-08-01T12:24:36.123",
-    "ExpireTime_dt": "2020-08-01T12:24:36.123",
+    "CreatedTime_dt": "2024-08-01T12:24:36.123",
+    "UpdatedTime_dt": "2024-08-01T12:24:36.123",
+    "ExpireTime_dt": "2024-08-01T12:24:36.123",
     "AuthType_u32": 0,
     "Auth_Password_str": "auth_password",
     "UserX_bin": "SGVsbG8gV29ybGQ=",
@@ -4207,11 +4207,11 @@ Get List of Users. Use this to get a list of users that are registered on the se
         "Note_utf": "note",
         "AuthType_u32": 0,
         "NumLogin_u32": 0,
-        "LastLoginTime_dt": "2020-08-01T12:24:36.123",
+        "LastLoginTime_dt": "2024-08-01T12:24:36.123",
         "DenyAccess_bool": false,
         "IsTrafficFilled_bool": false,
         "IsExpiresFilled_bool": false,
-        "Expires_dt": "2020-08-01T12:24:36.123",
+        "Expires_dt": "2024-08-01T12:24:36.123",
         "Ex.Recv.BroadcastBytes_u64": 0,
         "Ex.Recv.BroadcastCount_u64": 0,
         "Ex.Recv.UnicastBytes_u64": 0,
@@ -4228,11 +4228,11 @@ Get List of Users. Use this to get a list of users that are registered on the se
         "Note_utf": "note",
         "AuthType_u32": 0,
         "NumLogin_u32": 0,
-        "LastLoginTime_dt": "2020-08-01T12:24:36.123",
+        "LastLoginTime_dt": "2024-08-01T12:24:36.123",
         "DenyAccess_bool": false,
         "IsTrafficFilled_bool": false,
         "IsExpiresFilled_bool": false,
-        "Expires_dt": "2020-08-01T12:24:36.123",
+        "Expires_dt": "2024-08-01T12:24:36.123",
         "Ex.Recv.BroadcastBytes_u64": 0,
         "Ex.Recv.BroadcastCount_u64": 0,
         "Ex.Recv.UnicastBytes_u64": 0,
@@ -4249,11 +4249,11 @@ Get List of Users. Use this to get a list of users that are registered on the se
         "Note_utf": "note",
         "AuthType_u32": 0,
         "NumLogin_u32": 0,
-        "LastLoginTime_dt": "2020-08-01T12:24:36.123",
+        "LastLoginTime_dt": "2024-08-01T12:24:36.123",
         "DenyAccess_bool": false,
         "IsTrafficFilled_bool": false,
         "IsExpiresFilled_bool": false,
-        "Expires_dt": "2020-08-01T12:24:36.123",
+        "Expires_dt": "2024-08-01T12:24:36.123",
         "Ex.Recv.BroadcastBytes_u64": 0,
         "Ex.Recv.BroadcastCount_u64": 0,
         "Ex.Recv.UnicastBytes_u64": 0,
@@ -4605,14 +4605,14 @@ Name | Type | Description
 `Name_str` | `string` (ASCII) | The group name
 `Realname_utf` | `string` (UTF8) | Optional real name (full name) of the group, allow using any Unicode characters
 `Note_utf` | `string` (UTF8) | Optional, specify a description of the group
-`Recv.BroadcastBytes_u64` | `number` (uint64) | Broadcast bytes (Recv)
-`Recv.BroadcastCount_u64` | `number` (uint64) | Number of broadcast packets (Recv)
-`Recv.UnicastBytes_u64` | `number` (uint64) | Unicast bytes (Recv)
-`Recv.UnicastCount_u64` | `number` (uint64) | Unicast count (Recv)
-`Send.BroadcastBytes_u64` | `number` (uint64) | Broadcast bytes (Send)
-`Send.BroadcastCount_u64` | `number` (uint64) | Number of broadcast packets (Send)
+`Recv.BroadcastBytes_u64` | `number` (uint64) | Number of broadcast packets (Recv)
+`Recv.BroadcastCount_u64` | `number` (uint64) | Broadcast bytes (Recv)
+`Recv.UnicastBytes_u64` | `number` (uint64) | Unicast count (Recv)
+`Recv.UnicastCount_u64` | `number` (uint64) | Unicast bytes (Recv)
+`Send.BroadcastBytes_u64` | `number` (uint64) | Number of broadcast packets (Send)
+`Send.BroadcastCount_u64` | `number` (uint64) | Broadcast bytes (Send)
 `Send.UnicastBytes_u64` | `number` (uint64) | Unicast bytes (Send)
-`Send.UnicastCount_u64` | `number` (uint64) | Unicast count (Send)
+`Send.UnicastCount_u64` | `number` (uint64) | Unicast bytes (Send)
 `UsePolicy_bool` | `boolean` | The flag whether to use security policy
 `policy:Access_bool` | `boolean` | Security policy: Allow Access. The users, which this policy value is true, have permission to make VPN connection to VPN Server.
 `policy:DHCPFilter_bool` | `boolean` | Security policy: Filter DHCP Packets (IPv4). All IPv4 DHCP packets in sessions defined this policy will be filtered.
@@ -4939,8 +4939,8 @@ Get List of Connected VPN Sessions. Use this to get a list of the sessions conne
         "Client_MonitorMode_bool": false,
         "VLanId_u32": 0,
         "UniqueId_bin": "SGVsbG8gV29ybGQ=",
-        "CreatedTime_dt": "2020-08-01T12:24:36.123",
-        "LastCommTime_dt": "2020-08-01T12:24:36.123"
+        "CreatedTime_dt": "2024-08-01T12:24:36.123",
+        "LastCommTime_dt": "2024-08-01T12:24:36.123"
       },
       {
         "Name_str": "name",
@@ -4961,8 +4961,8 @@ Get List of Connected VPN Sessions. Use this to get a list of the sessions conne
         "Client_MonitorMode_bool": false,
         "VLanId_u32": 0,
         "UniqueId_bin": "SGVsbG8gV29ybGQ=",
-        "CreatedTime_dt": "2020-08-01T12:24:36.123",
-        "LastCommTime_dt": "2020-08-01T12:24:36.123"
+        "CreatedTime_dt": "2024-08-01T12:24:36.123",
+        "LastCommTime_dt": "2024-08-01T12:24:36.123"
       },
       {
         "Name_str": "name",
@@ -4983,8 +4983,8 @@ Get List of Connected VPN Sessions. Use this to get a list of the sessions conne
         "Client_MonitorMode_bool": false,
         "VLanId_u32": 0,
         "UniqueId_bin": "SGVsbG8gV29ybGQ=",
-        "CreatedTime_dt": "2020-08-01T12:24:36.123",
-        "LastCommTime_dt": "2020-08-01T12:24:36.123"
+        "CreatedTime_dt": "2024-08-01T12:24:36.123",
+        "LastCommTime_dt": "2024-08-01T12:24:36.123"
       }
     ]
   }
@@ -5059,9 +5059,9 @@ Get Session Status. Use this to specify a session currently connected to the cur
     "ServerProductName_str": "serverproductname",
     "ServerProductVer_u32": 0,
     "ServerProductBuild_u32": 0,
-    "StartTime_dt": "2020-08-01T12:24:36.123",
-    "FirstConnectionEstablisiedTime_dt": "2020-08-01T12:24:36.123",
-    "CurrentConnectionEstablishTime_dt": "2020-08-01T12:24:36.123",
+    "StartTime_dt": "2024-08-01T12:24:36.123",
+    "FirstConnectionEstablisiedTime_dt": "2024-08-01T12:24:36.123",
+    "CurrentConnectionEstablishTime_dt": "2024-08-01T12:24:36.123",
     "NumConnectionsEatablished_u32": 0,
     "HalfConnection_bool": false,
     "QoS_bool": false,
@@ -5222,8 +5222,8 @@ Get the MAC Address Table Database. Use this to get the MAC address table databa
         "Key_u32": 0,
         "SessionName_str": "sessionname",
         "MacAddress_bin": "SGVsbG8gV29ybGQ=",
-        "CreatedTime_dt": "2020-08-01T12:24:36.123",
-        "UpdatedTime_dt": "2020-08-01T12:24:36.123",
+        "CreatedTime_dt": "2024-08-01T12:24:36.123",
+        "UpdatedTime_dt": "2024-08-01T12:24:36.123",
         "RemoteItem_bool": false,
         "RemoteHostname_str": "remotehostname",
         "VlanId_u32": 0
@@ -5232,8 +5232,8 @@ Get the MAC Address Table Database. Use this to get the MAC address table databa
         "Key_u32": 0,
         "SessionName_str": "sessionname",
         "MacAddress_bin": "SGVsbG8gV29ybGQ=",
-        "CreatedTime_dt": "2020-08-01T12:24:36.123",
-        "UpdatedTime_dt": "2020-08-01T12:24:36.123",
+        "CreatedTime_dt": "2024-08-01T12:24:36.123",
+        "UpdatedTime_dt": "2024-08-01T12:24:36.123",
         "RemoteItem_bool": false,
         "RemoteHostname_str": "remotehostname",
         "VlanId_u32": 0
@@ -5242,8 +5242,8 @@ Get the MAC Address Table Database. Use this to get the MAC address table databa
         "Key_u32": 0,
         "SessionName_str": "sessionname",
         "MacAddress_bin": "SGVsbG8gV29ybGQ=",
-        "CreatedTime_dt": "2020-08-01T12:24:36.123",
-        "UpdatedTime_dt": "2020-08-01T12:24:36.123",
+        "CreatedTime_dt": "2024-08-01T12:24:36.123",
+        "UpdatedTime_dt": "2024-08-01T12:24:36.123",
         "RemoteItem_bool": false,
         "RemoteHostname_str": "remotehostname",
         "VlanId_u32": 0
@@ -5337,8 +5337,8 @@ Get the IP Address Table Database. Use this to get the IP address table database
         "SessionName_str": "sessionname",
         "IpAddress_ip": "192.168.0.1",
         "DhcpAllocated_bool": false,
-        "CreatedTime_dt": "2020-08-01T12:24:36.123",
-        "UpdatedTime_dt": "2020-08-01T12:24:36.123",
+        "CreatedTime_dt": "2024-08-01T12:24:36.123",
+        "UpdatedTime_dt": "2024-08-01T12:24:36.123",
         "RemoteItem_bool": false,
         "RemoteHostname_str": "remotehostname"
       },
@@ -5347,8 +5347,8 @@ Get the IP Address Table Database. Use this to get the IP address table database
         "SessionName_str": "sessionname",
         "IpAddress_ip": "192.168.0.1",
         "DhcpAllocated_bool": false,
-        "CreatedTime_dt": "2020-08-01T12:24:36.123",
-        "UpdatedTime_dt": "2020-08-01T12:24:36.123",
+        "CreatedTime_dt": "2024-08-01T12:24:36.123",
+        "UpdatedTime_dt": "2024-08-01T12:24:36.123",
         "RemoteItem_bool": false,
         "RemoteHostname_str": "remotehostname"
       },
@@ -5357,8 +5357,8 @@ Get the IP Address Table Database. Use this to get the IP address table database
         "SessionName_str": "sessionname",
         "IpAddress_ip": "192.168.0.1",
         "DhcpAllocated_bool": false,
-        "CreatedTime_dt": "2020-08-01T12:24:36.123",
-        "UpdatedTime_dt": "2020-08-01T12:24:36.123",
+        "CreatedTime_dt": "2024-08-01T12:24:36.123",
+        "UpdatedTime_dt": "2024-08-01T12:24:36.123",
         "RemoteItem_bool": false,
         "RemoteHostname_str": "remotehostname"
       }
@@ -5778,8 +5778,8 @@ Get Virtual NAT Function Session Table of SecureNAT Function. Use this to get th
         "DestIp_ip": "192.168.0.1",
         "DestHost_str": "desthost",
         "DestPort_u32": 0,
-        "CreatedTime_dt": "2020-08-01T12:24:36.123",
-        "LastCommTime_dt": "2020-08-01T12:24:36.123",
+        "CreatedTime_dt": "2024-08-01T12:24:36.123",
+        "LastCommTime_dt": "2024-08-01T12:24:36.123",
         "SendSize_u64": 0,
         "RecvSize_u64": 0,
         "TcpStatus_u32": 0
@@ -5793,8 +5793,8 @@ Get Virtual NAT Function Session Table of SecureNAT Function. Use this to get th
         "DestIp_ip": "192.168.0.1",
         "DestHost_str": "desthost",
         "DestPort_u32": 0,
-        "CreatedTime_dt": "2020-08-01T12:24:36.123",
-        "LastCommTime_dt": "2020-08-01T12:24:36.123",
+        "CreatedTime_dt": "2024-08-01T12:24:36.123",
+        "LastCommTime_dt": "2024-08-01T12:24:36.123",
         "SendSize_u64": 0,
         "RecvSize_u64": 0,
         "TcpStatus_u32": 0
@@ -5808,8 +5808,8 @@ Get Virtual NAT Function Session Table of SecureNAT Function. Use this to get th
         "DestIp_ip": "192.168.0.1",
         "DestHost_str": "desthost",
         "DestPort_u32": 0,
-        "CreatedTime_dt": "2020-08-01T12:24:36.123",
-        "LastCommTime_dt": "2020-08-01T12:24:36.123",
+        "CreatedTime_dt": "2024-08-01T12:24:36.123",
+        "LastCommTime_dt": "2024-08-01T12:24:36.123",
         "SendSize_u64": 0,
         "RecvSize_u64": 0,
         "TcpStatus_u32": 0
@@ -5867,8 +5867,8 @@ Get Virtual DHCP Server Function Lease Table of SecureNAT Function. Use this to
     "DhcpTable": [
       {
         "Id_u32": 0,
-        "LeasedTime_dt": "2020-08-01T12:24:36.123",
-        "ExpireTime_dt": "2020-08-01T12:24:36.123",
+        "LeasedTime_dt": "2024-08-01T12:24:36.123",
+        "ExpireTime_dt": "2024-08-01T12:24:36.123",
         "MacAddress_bin": "SGVsbG8gV29ybGQ=",
         "IpAddress_ip": "192.168.0.1",
         "Mask_u32": 0,
@@ -5876,8 +5876,8 @@ Get Virtual DHCP Server Function Lease Table of SecureNAT Function. Use this to
       },
       {
         "Id_u32": 0,
-        "LeasedTime_dt": "2020-08-01T12:24:36.123",
-        "ExpireTime_dt": "2020-08-01T12:24:36.123",
+        "LeasedTime_dt": "2024-08-01T12:24:36.123",
+        "ExpireTime_dt": "2024-08-01T12:24:36.123",
         "MacAddress_bin": "SGVsbG8gV29ybGQ=",
         "IpAddress_ip": "192.168.0.1",
         "Mask_u32": 0,
@@ -5885,8 +5885,8 @@ Get Virtual DHCP Server Function Lease Table of SecureNAT Function. Use this to
       },
       {
         "Id_u32": 0,
-        "LeasedTime_dt": "2020-08-01T12:24:36.123",
-        "ExpireTime_dt": "2020-08-01T12:24:36.123",
+        "LeasedTime_dt": "2024-08-01T12:24:36.123",
+        "ExpireTime_dt": "2024-08-01T12:24:36.123",
         "MacAddress_bin": "SGVsbG8gV29ybGQ=",
         "IpAddress_ip": "192.168.0.1",
         "Mask_u32": 0,
@@ -7642,19 +7642,19 @@ Get List of Log Files. Use this to display a list of log files outputted by the
         "ServerName_str": "servername",
         "FilePath_str": "filepath",
         "FileSize_u32": 0,
-        "UpdatedTime_dt": "2020-08-01T12:24:36.123"
+        "UpdatedTime_dt": "2024-08-01T12:24:36.123"
       },
       {
         "ServerName_str": "servername",
         "FilePath_str": "filepath",
         "FileSize_u32": 0,
-        "UpdatedTime_dt": "2020-08-01T12:24:36.123"
+        "UpdatedTime_dt": "2024-08-01T12:24:36.123"
       },
       {
         "ServerName_str": "servername",
         "FilePath_str": "filepath",
         "FileSize_u32": 0,
-        "UpdatedTime_dt": "2020-08-01T12:24:36.123"
+        "UpdatedTime_dt": "2024-08-01T12:24:36.123"
       }
     ]
   }
@@ -8642,8 +8642,8 @@ Name | Type | Description
 `IsConnected_bool` | `boolean` | Whether connection to VPN Azure Cloud Server is established
 
 ***
-<a id="getddnsinternetsettng"></a>
-## "GetDDnsInternetSettng" RPC API - Get the Proxy Settings for Connecting to the DDNS server
+<a id="getddnsinternetsetting"></a>
+## "GetDDnsInternetSetting" RPC API - Get the Proxy Settings for Connecting to the DDNS server
 ### Description
 Get the Proxy Settings for Connecting to the DDNS server.
 
@@ -8652,7 +8652,7 @@ Get the Proxy Settings for Connecting to the DDNS server.
 {
   "jsonrpc": "2.0",
   "id": "rpc_call_id",
-  "method": "GetDDnsInternetSettng",
+  "method": "GetDDnsInternetSetting",
   "params": {}
 }
 ```
@@ -8683,8 +8683,8 @@ Name | Type | Description
 `ProxyPassword_str` | `string` (ASCII) | Proxy server password
 
 ***
-<a id="setddnsinternetsettng"></a>
-## "SetDDnsInternetSettng" RPC API - Set the Proxy Settings for Connecting to the DDNS server
+<a id="setddnsinternetsetting"></a>
+## "SetDDnsInternetSetting" RPC API - Set the Proxy Settings for Connecting to the DDNS server
 ### Description
 Set the Proxy Settings for Connecting to the DDNS server.
 
@@ -8693,7 +8693,7 @@ Set the Proxy Settings for Connecting to the DDNS server.
 {
   "jsonrpc": "2.0",
   "id": "rpc_call_id",
-  "method": "SetDDnsInternetSettng",
+  "method": "SetDDnsInternetSetting",
   "params": {
     "ProxyType_u32": 0,
     "ProxyHostName_str": "proxyhostname",
@@ -8730,6 +8730,6 @@ Name | Type | Description
 `ProxyPassword_str` | `string` (ASCII) | Proxy server password
 
 ***
-Automatically generated at 2019-07-10 14:36:11 by vpnserver-jsonrpc-codegen.  
-Copyright (c) 2014-2019 [SoftEther VPN Project](https://www.softether.org/) under the Apache License 2.0.  
+Automatically generated at 2023-05-10 14:43:37 by vpnserver-jsonrpc-codegen.  
+Copyright (c) 2014-2023 [SoftEther VPN Project](https://www.softether.org/) under the Apache License 2.0.  
 

developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-csharp/rpc-stubs/JsonRpc.cs

@@ -2,10 +2,10 @@
 // 
 // JsonRpc.cs - JSON-RPC Client Utility Functions
 //
-// Automatically generated at 2019-07-10 14:36:11 by vpnserver-jsonrpc-codegen
+// Automatically generated at 2023-05-10 14:43:37 by vpnserver-jsonrpc-codegen
 //
 // Licensed under the Apache License 2.0
-// Copyright (c) 2014-2019 SoftEther VPN Project
+// Copyright (c) 2014-2023 SoftEther VPN Project
 
 using System;
 using System.IO;

developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-csharp/rpc-stubs/VPNServerRpc.cs

@@ -2,10 +2,10 @@
 // 
 // VPNServerRpc.cs - SoftEther VPN Server's JSON-RPC Stubs
 //
-// Automatically generated at 2019-07-10 14:36:11 by vpnserver-jsonrpc-codegen
+// Automatically generated at 2023-05-10 14:43:37 by vpnserver-jsonrpc-codegen
 //
 // Licensed under the Apache License 2.0
-// Copyright (c) 2014-2019 SoftEther VPN Project
+// Copyright (c) 2014-2023 SoftEther VPN Project
 
 using System.Threading.Tasks;
 using SoftEther.JsonRpc;
@@ -1357,22 +1357,22 @@ namespace SoftEther.VPNServerRpc
         /// <summary>
         /// Get the Proxy Settings for Connecting to the DDNS server (Async mode).
         /// </summary>
-        public async Task<VpnInternetSetting> GetDDnsInternetSettngAsync() => await CallAsync<VpnInternetSetting>("GetDDnsInternetSettng", new VpnInternetSetting());
+        public async Task<VpnInternetSetting> GetDDnsInternetSettingAsync() => await CallAsync<VpnInternetSetting>("GetDDnsInternetSetting", new VpnInternetSetting());
 
         /// <summary>
         /// Get the Proxy Settings for Connecting to the DDNS server (Async mode).
         /// </summary>
-        public VpnInternetSetting GetDDnsInternetSettng() => GetDDnsInternetSettngAsync().Result;
+        public VpnInternetSetting GetDDnsInternetSetting() => GetDDnsInternetSettingAsync().Result;
 
         /// <summary>
         /// Set the Proxy Settings for Connecting to the DDNS server (Async mode).
         /// </summary>
-        public async Task<VpnInternetSetting> SetDDnsInternetSettngAsync(VpnInternetSetting input_param) => await CallAsync<VpnInternetSetting>("SetDDnsInternetSettng", input_param);
+        public async Task<VpnInternetSetting> SetDDnsInternetSettingAsync(VpnInternetSetting input_param) => await CallAsync<VpnInternetSetting>("SetDDnsInternetSetting", input_param);
 
         /// <summary>
         /// Set the Proxy Settings for Connecting to the DDNS server (Sync mode).
         /// </summary>
-        public VpnInternetSetting SetDDnsInternetSettng(VpnInternetSetting input_param) => SetDDnsInternetSettngAsync(input_param).Result;
+        public VpnInternetSetting SetDDnsInternetSetting(VpnInternetSetting input_param) => SetDDnsInternetSettingAsync(input_param).Result;
 
         /// <summary>
         /// Set the VPN Gate Server Configuration (Async mode). This API is valid for Win32 binary distribution of the Stable Edition of SoftEther VPN Server.

developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-csharp/rpc-stubs/VPNServerRpcTypes.cs

@@ -2,10 +2,10 @@
 // 
 // VPNServerRpcTypes.cs - Data Type Definition for SoftEther VPN Server JSON-RPC Stubs
 //
-// Automatically generated at 2019-07-10 14:36:11 by vpnserver-jsonrpc-codegen
+// Automatically generated at 2023-05-10 14:43:37 by vpnserver-jsonrpc-codegen
 //
 // Licensed under the Apache License 2.0
-// Copyright (c) 2014-2019 SoftEther VPN Project
+// Copyright (c) 2014-2023 SoftEther VPN Project
 
 using System;
 using Newtonsoft.Json;

developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-csharp/sample/Main.cs

@@ -2,10 +2,10 @@
 // 
 // Program.cs - The Main() entry point
 //
-// Automatically generated at 2019-07-10 14:36:11 by vpnserver-jsonrpc-codegen
+// Automatically generated at 2023-05-10 14:43:37 by vpnserver-jsonrpc-codegen
 //
 // Licensed under the Apache License 2.0
-// Copyright (c) 2014-2019 SoftEther VPN Project
+// Copyright (c) 2014-2023 SoftEther VPN Project
 
 class Program
 {

developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-csharp/sample/VpnServerRpcTest.cs

@@ -5,10 +5,10 @@
 // This sample code shows how to call all available RPC functions.
 // You can copy and paste test code to write your own C# codes.
 //
-// Automatically generated at 2019-07-10 14:36:11 by vpnserver-jsonrpc-codegen
+// Automatically generated at 2023-05-10 14:43:37 by vpnserver-jsonrpc-codegen
 //
 // Licensed under the Apache License 2.0
-// Copyright (c) 2014-2019 SoftEther VPN Project
+// Copyright (c) 2014-2023 SoftEther VPN Project
 
 using System;
 using SoftEther.VPNServerRpc;
@@ -255,8 +255,8 @@ class VPNRPCTest
         Test_GetOpenVpnSstpConfig();
 
         Test_GetDDnsClientStatus();
-        Test_SetDDnsInternetSettng();
-        Test_GetDDnsInternetSettng();
+        Test_SetDDnsInternetSetting();
+        Test_GetDDnsInternetSetting();
 
         Test_ChangeDDnsClientHostname();
         Test_RegenerateServerCert();
@@ -3641,27 +3641,27 @@ class VPNRPCTest
     }
 
     /// <summary>
-    /// API test for 'GetDDnsInternetSettng', Get DDNS proxy configuration
+    /// API test for 'GetDDnsInternetSetting', Get DDNS proxy configuration
     /// </summary>
-    public void Test_GetDDnsInternetSettng()
+    public void Test_GetDDnsInternetSetting()
     {
-        Console.WriteLine("Begin: Test_GetDDnsInternetSettng");
+        Console.WriteLine("Begin: Test_GetDDnsInternetSetting");
 
-        VpnInternetSetting out_internet_setting = api.GetDDnsInternetSettng();
+        VpnInternetSetting out_internet_setting = api.GetDDnsInternetSetting();
 
         print_object(out_internet_setting);
 
-        Console.WriteLine("End: Test_GetDDnsInternetSettng");
+        Console.WriteLine("End: Test_GetDDnsInternetSetting");
         Console.WriteLine("-----");
         Console.WriteLine();
     }
 
     /// <summary>
-    /// API test for 'SetDDnsInternetSettng', Set DDNS proxy configuration
+    /// API test for 'SetDDnsInternetSetting', Set DDNS proxy configuration
     /// </summary>
-    public void Test_SetDDnsInternetSettng()
+    public void Test_SetDDnsInternetSetting()
     {
-        Console.WriteLine("Begin: Test_SetDDnsInternetSettng");
+        Console.WriteLine("Begin: Test_SetDDnsInternetSetting");
 
         VpnInternetSetting in_internet_setting = new VpnInternetSetting()
         {
@@ -3671,11 +3671,11 @@ class VPNRPCTest
             ProxyUsername_str = "neko",
             ProxyPassword_str = "dog",
         };
-        VpnInternetSetting out_internet_setting = api.SetDDnsInternetSettng(in_internet_setting);
+        VpnInternetSetting out_internet_setting = api.SetDDnsInternetSetting(in_internet_setting);
 
         print_object(out_internet_setting);
 
-        Console.WriteLine("End: Test_SetDDnsInternetSettng");
+        Console.WriteLine("End: Test_SetDDnsInternetSetting");
         Console.WriteLine("-----");
         Console.WriteLine();
     }

developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-csharp/vpnserver-jsonrpc-client-csharp.csproj

@@ -8,7 +8,7 @@
 
   <ItemGroup>
     <PackageReference Include="Microsoft.CodeAnalysis.CSharp" Version="2.10.0" />
-    <PackageReference Include="Newtonsoft.Json" Version="11.0.2" />
+    <PackageReference Include="Newtonsoft.Json" Version="13.0.1" />
   </ItemGroup>
 
 </Project>

developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-nodejs-package/dist/sample.js

@@ -560,10 +560,10 @@ function Test_All() {
                     return [4 /*yield*/, Test_GetDDnsClientStatus()];
                 case 157:
                     _x.sent();
-                    return [4 /*yield*/, Test_SetDDnsInternetSettng()];
+                    return [4 /*yield*/, Test_SetDDnsInternetSetting()];
                 case 158:
                     _x.sent();
-                    return [4 /*yield*/, Test_GetDDnsInternetSettng()];
+                    return [4 /*yield*/, Test_GetDDnsInternetSetting()];
                 case 159:
                     _x.sent();
                     return [4 /*yield*/, Test_ChangeDDnsClientHostname()];
@@ -4047,19 +4047,19 @@ function Test_SetAzureStatus() {
         });
     });
 }
-/** API test for 'GetDDnsInternetSettng', Get DDNS proxy configuration */
-function Test_GetDDnsInternetSettng() {
+/** API test for 'GetDDnsInternetSetting', Get DDNS proxy configuration */
+function Test_GetDDnsInternetSetting() {
     return __awaiter(this, void 0, void 0, function () {
         var out_internet_setting;
         return __generator(this, function (_a) {
             switch (_a.label) {
                 case 0:
-                    console.log("Begin: Test_GetDDnsInternetSettng");
-                    return [4 /*yield*/, api.GetDDnsInternetSettng()];
+                    console.log("Begin: Test_GetDDnsInternetSetting");
+                    return [4 /*yield*/, api.GetDDnsInternetSetting()];
                 case 1:
                     out_internet_setting = _a.sent();
                     console.log(out_internet_setting);
-                    console.log("End: Test_GetDDnsInternetSettng");
+                    console.log("End: Test_GetDDnsInternetSetting");
                     console.log("-----");
                     console.log();
                     return [2 /*return*/];
@@ -4067,14 +4067,14 @@ function Test_GetDDnsInternetSettng() {
         });
     });
 }
-/** API test for 'SetDDnsInternetSettng', Set DDNS proxy configuration */
-function Test_SetDDnsInternetSettng() {
+/** API test for 'SetDDnsInternetSetting', Set DDNS proxy configuration */
+function Test_SetDDnsInternetSetting() {
     return __awaiter(this, void 0, void 0, function () {
         var in_internet_setting, out_internet_setting;
         return __generator(this, function (_a) {
             switch (_a.label) {
                 case 0:
-                    console.log("Begin: Test_SetDDnsInternetSettng");
+                    console.log("Begin: Test_SetDDnsInternetSetting");
                     in_internet_setting = new VPN.VpnInternetSetting({
                         ProxyType_u32: VPN.VpnRpcProxyType.Direct,
                         ProxyHostName_str: "1.2.3.4",
@@ -4082,11 +4082,11 @@ function Test_SetDDnsInternetSettng() {
                         ProxyUsername_str: "neko",
                         ProxyPassword_str: "dog"
                     });
-                    return [4 /*yield*/, api.SetDDnsInternetSettng(in_internet_setting)];
+                    return [4 /*yield*/, api.SetDDnsInternetSetting(in_internet_setting)];
                 case 1:
                     out_internet_setting = _a.sent();
                     console.log(out_internet_setting);
-                    console.log("End: Test_SetDDnsInternetSettng");
+                    console.log("End: Test_SetDDnsInternetSetting");
                     console.log("-----");
                     console.log();
                     return [2 /*return*/];

developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-nodejs-package/dist/vpnrpc.d.ts

@@ -278,9 +278,9 @@ export declare class VpnServerRpc {
     /** Enable / Disable VPN Azure Function. Enable or disable the VPN Azure function. VPN Azure makes it easier to establish a VPN Session from your home PC to your office PC. While a VPN connection is established, you can access to any other servers on the private network of your company. You don't need a global IP address on the office PC (VPN Server). It can work behind firewalls or NATs. No network administrator's configuration required. You can use the built-in SSTP-VPN Client of Windows in your home PC. VPN Azure is a cloud VPN service operated by SoftEther Corporation. VPN Azure is free of charge and available to anyone. Visit http://www.vpnazure.net/ to see details and how-to-use instructions. The VPN Azure hostname is same to the hostname of the Dynamic DNS setting, but altering the domain suffix to "vpnazure.net". To change the hostname use the ChangeDDnsClientHostname API. To call this API, you must have VPN Server administrator privileges. This API cannot be invoked on VPN Bridge. You cannot execute this API for Virtual Hubs of VPN Servers operating as a cluster. */
     SetAzureStatus: (in_param: VpnRpcAzureStatus) => Promise<VpnRpcAzureStatus>;
     /** Get the Proxy Settings for Connecting to the DDNS server. */
-    GetDDnsInternetSettng: () => Promise<VpnInternetSetting>;
+    GetDDnsInternetSetting: () => Promise<VpnInternetSetting>;
     /** Set the Proxy Settings for Connecting to the DDNS server. */
-    SetDDnsInternetSettng: (in_param: VpnInternetSetting) => Promise<VpnInternetSetting>;
+    SetDDnsInternetSetting: (in_param: VpnInternetSetting) => Promise<VpnInternetSetting>;
     /** Set the VPN Gate Server Configuration. This API is valid for Win32 binary distribution of the Stable Edition of SoftEther VPN Server. */
     SetVgsConfig: (in_param: VpnVgsConfig) => Promise<VpnVgsConfig>;
     /** Get the VPN Gate Server Configuration. This API is valid for Win32 binary distribution of the Stable Edition of SoftEther VPN Server. */

developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-nodejs-package/dist/vpnrpc.js

@@ -599,12 +599,12 @@ var VpnServerRpc = /** @class */ (function () {
             return _this.CallAsync("SetAzureStatus", in_param);
         };
         /** Get the Proxy Settings for Connecting to the DDNS server. */
-        this.GetDDnsInternetSettng = function () {
-            return _this.CallAsync("GetDDnsInternetSettng", new VpnInternetSetting());
+        this.GetDDnsInternetSetting = function () {
+            return _this.CallAsync("GetDDnsInternetSetting", new VpnInternetSetting());
         };
         /** Set the Proxy Settings for Connecting to the DDNS server. */
-        this.SetDDnsInternetSettng = function (in_param) {
-            return _this.CallAsync("SetDDnsInternetSettng", in_param);
+        this.SetDDnsInternetSetting = function (in_param) {
+            return _this.CallAsync("SetDDnsInternetSetting", in_param);
         };
         /** Set the VPN Gate Server Configuration. This API is valid for Win32 binary distribution of the Stable Edition of SoftEther VPN Server. */
         this.SetVgsConfig = function (in_param) {

developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-nodejs-package/package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "vpnrpc",
-  "version": "1.0.0",
+  "version": "1.0.1",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {
@@ -54,12 +54,6 @@
       "integrity": "sha1-ibTRmasr7kneFk6gK4nORi1xt2c=",
       "dev": true
     },
-    "big.js": {
-      "version": "5.2.2",
-      "resolved": "https://registry.npmjs.org/big.js/-/big.js-5.2.2.tgz",
-      "integrity": "sha512-vyL2OymJxmarO8gxMr0mhChsO9QGwhynfuu4+MHTAW6czfq9humCB7rKpUjDd9YUiDPU4mzpyupFSvOClAwbmQ==",
-      "dev": true
-    },
     "brace-expansion": {
       "version": "1.1.11",
       "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
@@ -71,12 +65,23 @@
       }
     },
     "braces": {
-      "version": "3.0.2",
-      "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz",
-      "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==",
+      "version": "3.0.3",
+      "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz",
+      "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==",
       "dev": true,
       "requires": {
-        "fill-range": "^7.0.1"
+        "fill-range": "^7.1.1"
+      },
+      "dependencies": {
+        "fill-range": {
+          "version": "7.1.1",
+          "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz",
+          "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==",
+          "dev": true,
+          "requires": {
+            "to-regex-range": "^5.0.1"
+          }
+        }
       }
     },
     "builtin-modules": {
@@ -123,42 +128,20 @@
       "integrity": "sha1-2Klr13/Wjfd5OnMDajug1UBdR3s=",
       "dev": true
     },
-    "core-util-is": {
-      "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.2.tgz",
-      "integrity": "sha1-tf1UIgqivFq1eqtxQMlAdUUDwac=",
-      "dev": true
-    },
     "diff": {
       "version": "3.5.0",
       "resolved": "https://registry.npmjs.org/diff/-/diff-3.5.0.tgz",
       "integrity": "sha512-A46qtFgd+g7pDZinpnwiRJtxbC1hpgf0uzP3iG89scHk0AUC7A1TGxf5OiiOUv/JMZR8GOt8hL900hV0bOy5xA==",
       "dev": true
     },
-    "emojis-list": {
-      "version": "2.1.0",
-      "resolved": "https://registry.npmjs.org/emojis-list/-/emojis-list-2.1.0.tgz",
-      "integrity": "sha1-TapNnbAPmBmIDHn6RXrlsJof04k=",
-      "dev": true
-    },
     "enhanced-resolve": {
-      "version": "4.1.0",
-      "resolved": "https://registry.npmjs.org/enhanced-resolve/-/enhanced-resolve-4.1.0.tgz",
-      "integrity": "sha512-F/7vkyTtyc/llOIn8oWclcB25KdRaiPBpZYDgJHgh/UHtpgT2p2eldQgtQnLtUvfMKPKxbRaQM/hHkvLHt1Vng==",
+      "version": "5.12.0",
+      "resolved": "https://registry.npmjs.org/enhanced-resolve/-/enhanced-resolve-5.12.0.tgz",
+      "integrity": "sha512-QHTXI/sZQmko1cbDoNAa3mJ5qhWUUNAq3vR0/YiD379fWQrcfuoX1+HW2S0MTt7XmoPLapdaDKUtelUSPic7hQ==",
       "dev": true,
       "requires": {
-        "graceful-fs": "^4.1.2",
-        "memory-fs": "^0.4.0",
-        "tapable": "^1.0.0"
-      }
-    },
-    "errno": {
-      "version": "0.1.7",
-      "resolved": "https://registry.npmjs.org/errno/-/errno-0.1.7.tgz",
-      "integrity": "sha512-MfrRBDWzIWifgq6tJj60gkAwtLNb6sQPlcFrSOflcP1aFmmruKQ2wRnze/8V6kgyz7H3FF8Npzv78mZ7XLLflg==",
-      "dev": true,
-      "requires": {
-        "prr": "~1.0.1"
+        "graceful-fs": "^4.2.4",
+        "tapable": "^2.2.0"
       }
     },
     "escape-string-regexp": {
@@ -179,15 +162,6 @@
       "integrity": "sha1-Cr9PHKpbyx96nYrMbepPqqBLrJs=",
       "dev": true
     },
-    "fill-range": {
-      "version": "7.0.1",
-      "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz",
-      "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==",
-      "dev": true,
-      "requires": {
-        "to-regex-range": "^5.0.1"
-      }
-    },
     "fs.realpath": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz",
@@ -209,9 +183,9 @@
       }
     },
     "graceful-fs": {
-      "version": "4.1.15",
-      "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.1.15.tgz",
-      "integrity": "sha512-6uHUhOPEBgQ24HM+r6b/QwWfZq+yiFcipKFrOFiBEnWdy5sdzYoi+pJeQaPI5qOLRFqWmAXUPQNsielzdLoecA==",
+      "version": "4.2.10",
+      "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.10.tgz",
+      "integrity": "sha512-9ByhssR2fPVsNZj478qUUbKfmL0+t5BDVyjShtyZZLiK7ZDAArFFfopyOTj0M05wE2tJPisA4iTnnXl2YoPvOA==",
       "dev": true
     },
     "has-flag": {
@@ -242,12 +216,6 @@
       "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==",
       "dev": true
     },
-    "isarray": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz",
-      "integrity": "sha1-u5NdSFgsuhaMBoNJV6VKPgcSTxE=",
-      "dev": true
-    },
     "js-tokens": {
       "version": "4.0.0",
       "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz",
@@ -264,76 +232,47 @@
         "esprima": "^4.0.0"
       }
     },
-    "json5": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/json5/-/json5-1.0.1.tgz",
-      "integrity": "sha512-aKS4WQjPenRxiQsC93MNfjx+nbF4PAdYzmd/1JIj8HYzqfbu86beTuNgXDzPknWk0n0uARlyewZo4s++ES36Ow==",
+    "lru-cache": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz",
+      "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==",
       "dev": true,
       "requires": {
-        "minimist": "^1.2.0"
-      }
-    },
-    "loader-utils": {
-      "version": "1.2.3",
-      "resolved": "https://registry.npmjs.org/loader-utils/-/loader-utils-1.2.3.tgz",
-      "integrity": "sha512-fkpz8ejdnEMG3s37wGL07iSBDg99O9D5yflE9RGNH3hRdx9SOwYfnGYdZOUIZitN8E+E2vkq3MUMYMvPYl5ZZA==",
-      "dev": true,
-      "requires": {
-        "big.js": "^5.2.2",
-        "emojis-list": "^2.0.0",
-        "json5": "^1.0.1"
-      }
-    },
-    "memory-fs": {
-      "version": "0.4.1",
-      "resolved": "https://registry.npmjs.org/memory-fs/-/memory-fs-0.4.1.tgz",
-      "integrity": "sha1-OpoguEYlI+RHz7x+i7gO1me/xVI=",
-      "dev": true,
-      "requires": {
-        "errno": "^0.1.3",
-        "readable-stream": "^2.0.1"
+        "yallist": "^4.0.0"
       }
     },
     "micromatch": {
-      "version": "4.0.2",
-      "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.2.tgz",
-      "integrity": "sha512-y7FpHSbMUMoyPbYUSzO6PaZ6FyRnQOpHuKwbo1G+Knck95XVU4QAiKdGEnj5wwoS7PlOgthX/09u5iFJ+aYf5Q==",
+      "version": "4.0.5",
+      "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.5.tgz",
+      "integrity": "sha512-DMy+ERcEW2q8Z2Po+WNXuw3c5YaUSFjAO5GsJqfEl7UjvtIuFKO6ZrKvcItdy98dwFI2N1tg3zNIdKaQT+aNdA==",
       "dev": true,
       "requires": {
-        "braces": "^3.0.1",
-        "picomatch": "^2.0.5"
+        "braces": "^3.0.2",
+        "picomatch": "^2.3.1"
       }
     },
     "minimatch": {
-      "version": "3.0.4",
-      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.4.tgz",
-      "integrity": "sha512-yJHVQEhyqPLUTgt9B83PXu6W3rx4MvvHvSUvToogpwoGDOUQ+yDrR0HRot+yOCdCO7u4hX3pWft6kWBBcqh0UA==",
+      "version": "3.1.2",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
+      "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
       "dev": true,
       "requires": {
         "brace-expansion": "^1.1.7"
       }
     },
     "minimist": {
-      "version": "1.2.0",
-      "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.0.tgz",
-      "integrity": "sha1-o1AIsg9BOD7sH7kU9M1d95omQoQ=",
+      "version": "1.2.7",
+      "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.7.tgz",
+      "integrity": "sha512-bzfL1YUZsP41gmu/qjrEk0Q6i2ix/cVeAhbCbqH9u3zYutS1cLg00qhrD0M2MVdCcx4Sc0UpP2eBWo9rotpq6g==",
       "dev": true
     },
     "mkdirp": {
-      "version": "0.5.1",
-      "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.1.tgz",
-      "integrity": "sha1-MAV0OOrGz3+MR2fzhkjWaX11yQM=",
+      "version": "0.5.6",
+      "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.6.tgz",
+      "integrity": "sha512-FP+p8RB8OWpF3YZBCrP5gtADmtXApB5AMLn+vdyA+PyxCjrCs00mjyUozssO33cwDeT3wNGdLxJ5M//YqtHAJw==",
       "dev": true,
       "requires": {
-        "minimist": "0.0.8"
-      },
-      "dependencies": {
-        "minimist": {
-          "version": "0.0.8",
-          "resolved": "https://registry.npmjs.org/minimist/-/minimist-0.0.8.tgz",
-          "integrity": "sha1-hX/Kv8M5fSYluCKCYuhqp6ARsF0=",
-          "dev": true
-        }
+        "minimist": "^1.2.6"
       }
     },
     "once": {
@@ -352,44 +291,17 @@
       "dev": true
     },
     "path-parse": {
-      "version": "1.0.6",
-      "resolved": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.6.tgz",
-      "integrity": "sha512-GSmOT2EbHrINBf9SR7CDELwlJ8AENk3Qn7OikK4nFYAu3Ote2+JYNVvkpAEQm3/TLNEJFD/xZJjzyxg3KBWOzw==",
+      "version": "1.0.7",
+      "resolved": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz",
+      "integrity": "sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw==",
       "dev": true
     },
     "picomatch": {
-      "version": "2.0.7",
-      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.0.7.tgz",
-      "integrity": "sha512-oLHIdio3tZ0qH76NybpeneBhYVj0QFTfXEFTc/B3zKQspYfYYkWYgFsmzo+4kvId/bQRcNkVeguI3y+CD22BtA==",
+      "version": "2.3.1",
+      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz",
+      "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==",
       "dev": true
     },
-    "process-nextick-args": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.0.tgz",
-      "integrity": "sha512-MtEC1TqN0EU5nephaJ4rAtThHtC86dNN9qCuEhtshvpVBkAW5ZO7BASN9REnF9eoXGcRub+pFuKEpOHE+HbEMw==",
-      "dev": true
-    },
-    "prr": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/prr/-/prr-1.0.1.tgz",
-      "integrity": "sha1-0/wRS6BplaRexok/SEzrHXj19HY=",
-      "dev": true
-    },
-    "readable-stream": {
-      "version": "2.3.6",
-      "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.6.tgz",
-      "integrity": "sha512-tQtKA9WIAhBF3+VLAseyMqZeBjW0AHJoxOtYqSUZNJxauErmLbVm2FW1y+J/YA9dUrAC39ITejlZWhVIwawkKw==",
-      "dev": true,
-      "requires": {
-        "core-util-is": "~1.0.0",
-        "inherits": "~2.0.3",
-        "isarray": "~1.0.0",
-        "process-nextick-args": "~2.0.0",
-        "safe-buffer": "~5.1.1",
-        "string_decoder": "~1.1.1",
-        "util-deprecate": "~1.0.1"
-      }
-    },
     "resolve": {
       "version": "1.11.0",
       "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.11.0.tgz",
@@ -399,17 +311,14 @@
         "path-parse": "^1.0.6"
       }
     },
-    "safe-buffer": {
-      "version": "5.1.2",
-      "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz",
-      "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==",
-      "dev": true
-    },
     "semver": {
-      "version": "6.1.0",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-6.1.0.tgz",
-      "integrity": "sha512-kCqEOOHoBcFs/2Ccuk4Xarm/KiWRSLEX9CAZF8xkJ6ZPlIoTZ8V5f7J16vYLJqDbR7KrxTJpR2lqjIEm2Qx9cQ==",
-      "dev": true
+      "version": "7.3.8",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.3.8.tgz",
+      "integrity": "sha512-NB1ctGL5rlHrPJtFDVIVzTyQylMLu9N9VICA6HSFJo8MCGVTMW6gfpicwKmmK/dAjTOrqu5l63JJOpDSrAis3A==",
+      "dev": true,
+      "requires": {
+        "lru-cache": "^6.0.0"
+      }
     },
     "sprintf-js": {
       "version": "1.0.3",
@@ -417,15 +326,6 @@
       "integrity": "sha1-BOaSb2YolTVPPdAVIDYzuFcpfiw=",
       "dev": true
     },
-    "string_decoder": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz",
-      "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==",
-      "dev": true,
-      "requires": {
-        "safe-buffer": "~5.1.0"
-      }
-    },
     "supports-color": {
       "version": "5.5.0",
       "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz",
@@ -436,9 +336,9 @@
       }
     },
     "tapable": {
-      "version": "1.1.3",
-      "resolved": "https://registry.npmjs.org/tapable/-/tapable-1.1.3.tgz",
-      "integrity": "sha512-4WK/bYZmj8xLr+HUCODHGF1ZFzsYffasLUgEiMBY4fgtltdO6B4WJtlSbPaDTLpYTcGVwM2qLnFTICEcNxs3kA==",
+      "version": "2.2.1",
+      "resolved": "https://registry.npmjs.org/tapable/-/tapable-2.2.1.tgz",
+      "integrity": "sha512-GNzQvQTOIP6RyTfE2Qxb8ZVlNmw0n88vp1szwWRimP02mnTsx3Wtn5qRdqY9w2XduFNUgvOwhNnQsjwCp+kqaQ==",
       "dev": true
     },
     "to-regex-range": {
@@ -451,16 +351,66 @@
       }
     },
     "ts-loader": {
-      "version": "6.0.1",
-      "resolved": "https://registry.npmjs.org/ts-loader/-/ts-loader-6.0.1.tgz",
-      "integrity": "sha512-9H5ErTIw5t73sdSoFE0hX0RO45B7cdDA4pW1VIQ2wNFAhxSpZcAlv2fwMcfv6SAYLoI7uGwHuzC5dECzmzqtzA==",
+      "version": "9.4.2",
+      "resolved": "https://registry.npmjs.org/ts-loader/-/ts-loader-9.4.2.tgz",
+      "integrity": "sha512-OmlC4WVmFv5I0PpaxYb+qGeGOdm5giHU7HwDDUjw59emP2UYMHy9fFSDcYgSNoH8sXcj4hGCSEhlDZ9ULeDraA==",
       "dev": true,
       "requires": {
-        "chalk": "^2.3.0",
-        "enhanced-resolve": "^4.0.0",
-        "loader-utils": "^1.0.2",
+        "chalk": "^4.1.0",
+        "enhanced-resolve": "^5.0.0",
         "micromatch": "^4.0.0",
-        "semver": "^6.0.0"
+        "semver": "^7.3.4"
+      },
+      "dependencies": {
+        "ansi-styles": {
+          "version": "4.3.0",
+          "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+          "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+          "dev": true,
+          "requires": {
+            "color-convert": "^2.0.1"
+          }
+        },
+        "chalk": {
+          "version": "4.1.2",
+          "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
+          "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
+          "dev": true,
+          "requires": {
+            "ansi-styles": "^4.1.0",
+            "supports-color": "^7.1.0"
+          }
+        },
+        "color-convert": {
+          "version": "2.0.1",
+          "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+          "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+          "dev": true,
+          "requires": {
+            "color-name": "~1.1.4"
+          }
+        },
+        "color-name": {
+          "version": "1.1.4",
+          "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+          "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==",
+          "dev": true
+        },
+        "has-flag": {
+          "version": "4.0.0",
+          "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+          "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+          "dev": true
+        },
+        "supports-color": {
+          "version": "7.2.0",
+          "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+          "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+          "dev": true,
+          "requires": {
+            "has-flag": "^4.0.0"
+          }
+        }
       }
     },
     "tslib": {
@@ -513,17 +463,17 @@
       "integrity": "sha512-YycBxUb49UUhdNMU5aJ7z5Ej2XGmaIBL0x34vZ82fn3hGvD+bgrMrVDpatgz2f7YxUMJxMkbWxJZeAvDxVe7Vw==",
       "dev": true
     },
-    "util-deprecate": {
-      "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz",
-      "integrity": "sha1-RQ1Nyfpw3nMnYvvS1KKJgUGaDM8=",
-      "dev": true
-    },
     "wrappy": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz",
       "integrity": "sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8=",
       "dev": true
+    },
+    "yallist": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz",
+      "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==",
+      "dev": true
     }
   }
 }

developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-nodejs-package/package.json

@@ -23,7 +23,7 @@
   "homepage": "https://github.com/SoftEtherVPN/SoftEtherVPN/tree/master/developer_tools/vpnserver-jsonrpc-clients/#readme",
   "devDependencies": {
     "@types/node": "^12.0.2",
-    "ts-loader": "^6.0.1",
+    "ts-loader": "^9.4.2",
     "tslint": "^5.16.0",
     "typescript": "^3.4.5"
   }

developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-nodejs-package/src/sample.ts

@@ -2,13 +2,13 @@
 // Runs on both web browsers and Node.js
 // 
 // sample.ts
-// Automatically generated at 2019-07-10 14:36:11 by vpnserver-jsonrpc-codegen
+// Automatically generated at 2023-05-10 14:43:37 by vpnserver-jsonrpc-codegen
 // 
 // This sample code shows how to call all available RPC functions.
 // You can copy and paste test code to write your own web browser TypeScript / JavaScript codes.
 //
 // Licensed under the Apache License 2.0
-// Copyright (c) 2014-2019 SoftEther VPN Project
+// Copyright (c) 2014-2023 SoftEther VPN Project
 
 // On the web browser uncomment below imports as necessary to support old browsers.
 // import "core-js/es6/promise";
@@ -216,8 +216,8 @@ async function Test_All(): Promise<void>
     await Test_SetOpenVpnSstpConfig();
     await Test_GetOpenVpnSstpConfig();
     await Test_GetDDnsClientStatus();
-    await Test_SetDDnsInternetSettng();
-    await Test_GetDDnsInternetSettng();
+    await Test_SetDDnsInternetSetting();
+    await Test_GetDDnsInternetSetting();
     await Test_ChangeDDnsClientHostname();
     await Test_RegenerateServerCert();
     await Test_MakeOpenVpnConfigFile();
@@ -2624,21 +2624,21 @@ async function Test_SetAzureStatus(): Promise<void>
     console.log();
 }
 
-/** API test for 'GetDDnsInternetSettng', Get DDNS proxy configuration */
-async function Test_GetDDnsInternetSettng(): Promise<void>
+/** API test for 'GetDDnsInternetSetting', Get DDNS proxy configuration */
+async function Test_GetDDnsInternetSetting(): Promise<void>
 {
-    console.log("Begin: Test_GetDDnsInternetSettng");
-    let out_internet_setting: VPN.VpnInternetSetting = await api.GetDDnsInternetSettng();
+    console.log("Begin: Test_GetDDnsInternetSetting");
+    let out_internet_setting: VPN.VpnInternetSetting = await api.GetDDnsInternetSetting();
     console.log(out_internet_setting);
-    console.log("End: Test_GetDDnsInternetSettng");
+    console.log("End: Test_GetDDnsInternetSetting");
     console.log("-----");
     console.log();
 }
 
-/** API test for 'SetDDnsInternetSettng', Set DDNS proxy configuration */
-async function Test_SetDDnsInternetSettng(): Promise<void>
+/** API test for 'SetDDnsInternetSetting', Set DDNS proxy configuration */
+async function Test_SetDDnsInternetSetting(): Promise<void>
 {
-    console.log("Begin: Test_SetDDnsInternetSettng");
+    console.log("Begin: Test_SetDDnsInternetSetting");
     let in_internet_setting: VPN.VpnInternetSetting = new VPN.VpnInternetSetting(
     {
         ProxyType_u32: VPN.VpnRpcProxyType.Direct,
@@ -2647,9 +2647,9 @@ async function Test_SetDDnsInternetSettng(): Promise<void>
         ProxyUsername_str: "neko",
         ProxyPassword_str: "dog",
     });
-    let out_internet_setting: VPN.VpnInternetSetting = await api.SetDDnsInternetSettng(in_internet_setting);
+    let out_internet_setting: VPN.VpnInternetSetting = await api.SetDDnsInternetSetting(in_internet_setting);
     console.log(out_internet_setting);
-    console.log("End: Test_SetDDnsInternetSettng");
+    console.log("End: Test_SetDDnsInternetSetting");
     console.log("-----");
     console.log();
 }

developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-nodejs-package/src/vpnrpc.ts

@@ -1,10 +1,10 @@
 // SoftEther VPN Server JSON-RPC Stub code for TypeScript
 // 
 // vpnrpc.ts
-// Automatically generated at 2019-07-10 14:36:11 by vpnserver-jsonrpc-codegen
+// Automatically generated at 2023-05-10 14:43:37 by vpnserver-jsonrpc-codegen
 //
 // Licensed under the Apache License 2.0
-// Copyright (c) 2014-2019 SoftEther VPN Project
+// Copyright (c) 2014-2023 SoftEther VPN Project
 
 
 // Trivial utility codes
@@ -856,15 +856,15 @@ export class VpnServerRpc
     }
     
     /** Get the Proxy Settings for Connecting to the DDNS server. */
-    public GetDDnsInternetSettng = (): Promise<VpnInternetSetting> =>
+    public GetDDnsInternetSetting = (): Promise<VpnInternetSetting> =>
     {
-        return this.CallAsync<VpnInternetSetting>("GetDDnsInternetSettng", new VpnInternetSetting());
+        return this.CallAsync<VpnInternetSetting>("GetDDnsInternetSetting", new VpnInternetSetting());
     }
     
     /** Set the Proxy Settings for Connecting to the DDNS server. */
-    public SetDDnsInternetSettng = (in_param: VpnInternetSetting): Promise<VpnInternetSetting> =>
+    public SetDDnsInternetSetting = (in_param: VpnInternetSetting): Promise<VpnInternetSetting> =>
     {
-        return this.CallAsync<VpnInternetSetting>("SetDDnsInternetSettng", in_param);
+        return this.CallAsync<VpnInternetSetting>("SetDDnsInternetSetting", in_param);
     }
     
     /** Set the VPN Gate Server Configuration. This API is valid for Win32 binary distribution of the Stable Edition of SoftEther VPN Server. */

developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-typescript/sample.ts

@@ -2,13 +2,13 @@
 // Runs on both web browsers and Node.js
 // 
 // sample.ts
-// Automatically generated at 2019-07-10 14:36:11 by vpnserver-jsonrpc-codegen
+// Automatically generated at 2023-05-10 14:43:37 by vpnserver-jsonrpc-codegen
 // 
 // This sample code shows how to call all available RPC functions.
 // You can copy and paste test code to write your own web browser TypeScript / JavaScript codes.
 //
 // Licensed under the Apache License 2.0
-// Copyright (c) 2014-2019 SoftEther VPN Project
+// Copyright (c) 2014-2023 SoftEther VPN Project
 
 // On the web browser uncomment below imports as necessary to support old browsers.
 // import "core-js/es6/promise";
@@ -216,8 +216,8 @@ async function Test_All(): Promise<void>
     await Test_SetOpenVpnSstpConfig();
     await Test_GetOpenVpnSstpConfig();
     await Test_GetDDnsClientStatus();
-    await Test_SetDDnsInternetSettng();
-    await Test_GetDDnsInternetSettng();
+    await Test_SetDDnsInternetSetting();
+    await Test_GetDDnsInternetSetting();
     await Test_ChangeDDnsClientHostname();
     await Test_RegenerateServerCert();
     await Test_MakeOpenVpnConfigFile();
@@ -2624,21 +2624,21 @@ async function Test_SetAzureStatus(): Promise<void>
     console.log();
 }
 
-/** API test for 'GetDDnsInternetSettng', Get DDNS proxy configuration */
-async function Test_GetDDnsInternetSettng(): Promise<void>
+/** API test for 'GetDDnsInternetSetting', Get DDNS proxy configuration */
+async function Test_GetDDnsInternetSetting(): Promise<void>
 {
-    console.log("Begin: Test_GetDDnsInternetSettng");
-    let out_internet_setting: VPN.VpnInternetSetting = await api.GetDDnsInternetSettng();
+    console.log("Begin: Test_GetDDnsInternetSetting");
+    let out_internet_setting: VPN.VpnInternetSetting = await api.GetDDnsInternetSetting();
     console.log(out_internet_setting);
-    console.log("End: Test_GetDDnsInternetSettng");
+    console.log("End: Test_GetDDnsInternetSetting");
     console.log("-----");
     console.log();
 }
 
-/** API test for 'SetDDnsInternetSettng', Set DDNS proxy configuration */
-async function Test_SetDDnsInternetSettng(): Promise<void>
+/** API test for 'SetDDnsInternetSetting', Set DDNS proxy configuration */
+async function Test_SetDDnsInternetSetting(): Promise<void>
 {
-    console.log("Begin: Test_SetDDnsInternetSettng");
+    console.log("Begin: Test_SetDDnsInternetSetting");
     let in_internet_setting: VPN.VpnInternetSetting = new VPN.VpnInternetSetting(
     {
         ProxyType_u32: VPN.VpnRpcProxyType.Direct,
@@ -2647,9 +2647,9 @@ async function Test_SetDDnsInternetSettng(): Promise<void>
         ProxyUsername_str: "neko",
         ProxyPassword_str: "dog",
     });
-    let out_internet_setting: VPN.VpnInternetSetting = await api.SetDDnsInternetSettng(in_internet_setting);
+    let out_internet_setting: VPN.VpnInternetSetting = await api.SetDDnsInternetSetting(in_internet_setting);
     console.log(out_internet_setting);
-    console.log("End: Test_SetDDnsInternetSettng");
+    console.log("End: Test_SetDDnsInternetSetting");
     console.log("-----");
     console.log();
 }

developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-typescript/vpnrpc.ts

@@ -1,10 +1,10 @@
 // SoftEther VPN Server JSON-RPC Stub code for TypeScript
 // 
 // vpnrpc.ts
-// Automatically generated at 2019-07-10 14:36:11 by vpnserver-jsonrpc-codegen
+// Automatically generated at 2023-05-10 14:43:37 by vpnserver-jsonrpc-codegen
 //
 // Licensed under the Apache License 2.0
-// Copyright (c) 2014-2019 SoftEther VPN Project
+// Copyright (c) 2014-2023 SoftEther VPN Project
 
 
 // Trivial utility codes
@@ -856,15 +856,15 @@ export class VpnServerRpc
     }
     
     /** Get the Proxy Settings for Connecting to the DDNS server. */
-    public GetDDnsInternetSettng = (): Promise<VpnInternetSetting> =>
+    public GetDDnsInternetSetting = (): Promise<VpnInternetSetting> =>
     {
-        return this.CallAsync<VpnInternetSetting>("GetDDnsInternetSettng", new VpnInternetSetting());
+        return this.CallAsync<VpnInternetSetting>("GetDDnsInternetSetting", new VpnInternetSetting());
     }
     
     /** Set the Proxy Settings for Connecting to the DDNS server. */
-    public SetDDnsInternetSettng = (in_param: VpnInternetSetting): Promise<VpnInternetSetting> =>
+    public SetDDnsInternetSetting = (in_param: VpnInternetSetting): Promise<VpnInternetSetting> =>
     {
-        return this.CallAsync<VpnInternetSetting>("SetDDnsInternetSettng", in_param);
+        return this.CallAsync<VpnInternetSetting>("SetDDnsInternetSetting", in_param);
     }
     
     /** Set the VPN Gate Server Configuration. This API is valid for Win32 binary distribution of the Stable Edition of SoftEther VPN Server. */

developer_tools/vpnserver-jsonrpc-codegen/VpnServerRpc/VPNServerRpc.cs

@@ -1357,22 +1357,22 @@ namespace SoftEther.VPNServerRpc
         /// <summary>
         /// Get the Proxy Settings for Connecting to the DDNS server (Async mode).
         /// </summary>
-        public async Task<VpnInternetSetting> GetDDnsInternetSettngAsync() => await CallAsync<VpnInternetSetting>("GetDDnsInternetSettng", new VpnInternetSetting());
+        public async Task<VpnInternetSetting> GetDDnsInternetSettingAsync() => await CallAsync<VpnInternetSetting>("GetDDnsInternetSetting", new VpnInternetSetting());
 
         /// <summary>
         /// Get the Proxy Settings for Connecting to the DDNS server (Async mode).
         /// </summary>
-        public VpnInternetSetting GetDDnsInternetSettng() => GetDDnsInternetSettngAsync().Result;
+        public VpnInternetSetting GetDDnsInternetSetting() => GetDDnsInternetSettingAsync().Result;
 
         /// <summary>
         /// Set the Proxy Settings for Connecting to the DDNS server (Async mode).
         /// </summary>
-        public async Task<VpnInternetSetting> SetDDnsInternetSettngAsync(VpnInternetSetting input_param) => await CallAsync<VpnInternetSetting>("SetDDnsInternetSettng", input_param);
+        public async Task<VpnInternetSetting> SetDDnsInternetSettingAsync(VpnInternetSetting input_param) => await CallAsync<VpnInternetSetting>("SetDDnsInternetSetting", input_param);
 
         /// <summary>
         /// Set the Proxy Settings for Connecting to the DDNS server (Sync mode).
         /// </summary>
-        public VpnInternetSetting SetDDnsInternetSettng(VpnInternetSetting input_param) => SetDDnsInternetSettngAsync(input_param).Result;
+        public VpnInternetSetting SetDDnsInternetSetting(VpnInternetSetting input_param) => SetDDnsInternetSettingAsync(input_param).Result;
 
         /// <summary>
         /// Set the VPN Gate Server Configuration (Async mode). This API is valid for Win32 binary distribution of the Stable Edition of SoftEther VPN Server.

developer_tools/vpnserver-jsonrpc-codegen/VpnServerRpcTest/VpnServerRpcTest.cs

@@ -255,8 +255,8 @@ class VPNRPCTest
         Test_GetOpenVpnSstpConfig();
 
         Test_GetDDnsClientStatus();
-        Test_SetDDnsInternetSettng();
-        Test_GetDDnsInternetSettng();
+        Test_SetDDnsInternetSetting();
+        Test_GetDDnsInternetSetting();
 
         Test_ChangeDDnsClientHostname();
         Test_RegenerateServerCert();
@@ -3641,27 +3641,27 @@ class VPNRPCTest
     }
 
     /// <summary>
-    /// API test for 'GetDDnsInternetSettng', Get DDNS proxy configuration
+    /// API test for 'GetDDnsInternetSetting', Get DDNS proxy configuration
     /// </summary>
-    public void Test_GetDDnsInternetSettng()
+    public void Test_GetDDnsInternetSetting()
     {
-        Console.WriteLine("Begin: Test_GetDDnsInternetSettng");
+        Console.WriteLine("Begin: Test_GetDDnsInternetSetting");
 
-        VpnInternetSetting out_internet_setting = api.GetDDnsInternetSettng();
+        VpnInternetSetting out_internet_setting = api.GetDDnsInternetSetting();
 
         print_object(out_internet_setting);
 
-        Console.WriteLine("End: Test_GetDDnsInternetSettng");
+        Console.WriteLine("End: Test_GetDDnsInternetSetting");
         Console.WriteLine("-----");
         Console.WriteLine();
     }
 
     /// <summary>
-    /// API test for 'SetDDnsInternetSettng', Set DDNS proxy configuration
+    /// API test for 'SetDDnsInternetSetting', Set DDNS proxy configuration
     /// </summary>
-    public void Test_SetDDnsInternetSettng()
+    public void Test_SetDDnsInternetSetting()
     {
-        Console.WriteLine("Begin: Test_SetDDnsInternetSettng");
+        Console.WriteLine("Begin: Test_SetDDnsInternetSetting");
 
         VpnInternetSetting in_internet_setting = new VpnInternetSetting()
         {
@@ -3671,11 +3671,11 @@ class VPNRPCTest
             ProxyUsername_str = "neko",
             ProxyPassword_str = "dog",
         };
-        VpnInternetSetting out_internet_setting = api.SetDDnsInternetSettng(in_internet_setting);
+        VpnInternetSetting out_internet_setting = api.SetDDnsInternetSetting(in_internet_setting);
 
         print_object(out_internet_setting);
 
-        Console.WriteLine("End: Test_SetDDnsInternetSettng");
+        Console.WriteLine("End: Test_SetDDnsInternetSetting");
         Console.WriteLine("-----");
         Console.WriteLine();
     }

developer_tools/vpnserver-jsonrpc-codegen/vpnserver-jsonrpc-codegen.csproj

@@ -29,7 +29,7 @@
   <ItemGroup>
     <PackageReference Include="Markdig" Version="0.15.4" />
     <PackageReference Include="Microsoft.CodeAnalysis.CSharp" Version="2.10.0" />
-    <PackageReference Include="Newtonsoft.Json" Version="11.0.2" />
+    <PackageReference Include="Newtonsoft.Json" Version="13.0.1" />
   </ItemGroup>
 
 </Project>

docker-compose.vpnclient.yaml

@@ -0,0 +1,16 @@
+version: '3'
+
+services:
+  softether:
+    image: softethervpn/vpnclient:latest
+    devices:
+      - /dev/net/tun:/dev/net/tun
+    cap_add:
+      - NET_ADMIN
+    restart: always
+    volumes:
+      - "/etc/localtime:/etc/localtime:ro"
+      - "/etc/timezone:/etc/timezone:ro"
+      - "./softether_data:/var/lib/softether"
+      - "./softether_log:/var/log/softether"
+      # - "./adminip.txt:/var/lib/softether/adminip.txt:ro"

docker-compose.yaml

@@ -0,0 +1,22 @@
+services:
+  softether:
+    image: softethervpn/vpnserver:latest
+    hostname: softethervpnserver
+    cap_add:
+      - NET_ADMIN
+    restart: always
+    ports:
+      #- 53:53         #DNS tunneling
+      - 443:443         #Management and HTTPS tunneling
+      - 992:992         #HTTPS tunneling
+      #- 1194:1194/udp #OpenVPN 
+      #- 5555:5555       #HTTPS tunneling
+      #- 500:500/udp   #IPsec/L2TP
+      #- 4500:4500/udp #IPsec/L2TP
+      #- 1701:1701/udp #IPsec/L2TP
+    volumes:
+      - "/etc/localtime:/etc/localtime:ro"
+      - "/etc/timezone:/etc/timezone:ro"
+      - "./softether_data:/var/lib/softether"
+      - "./softether_log:/var/log/softether"
+      # - "./adminip.txt:/var/lib/softether/adminip.txt:ro"

src/BUILD_UNIX.md

@@ -38,7 +38,7 @@ sudo yum -y install cmake ncurses-devel openssl-devel libsodium-devel readline-d
 
 ## Install requirements on Debian/Ubuntu
 ```bash
-sudo apt -y install cmake gcc g++ make libncurses5-dev libssl-dev libsodium-dev libreadline-dev zlib1g-dev
+sudo apt -y install cmake gcc g++ make pkgconf libncurses5-dev libssl-dev libsodium-dev libreadline-dev zlib1g-dev
 ```
 
 ## Install requirements on macOS
@@ -228,7 +228,7 @@ You can write your own VPN Server management application in your favorite langua
 
 You can use any SoftEtherVPN component (server, client, bridge) without installing it, if you wish so.
 
-In this case please do not run the `make install` command after compiling the source code, and head directly to the **bin/** directory. There you will find the generated binaries for SoftEtherVPN and those could be used without installing SoftEtherVPN.
+In this case please do not run the `make install` command after compiling the source code, and head directly to the **build/** directory. There you will find the generated binaries for SoftEtherVPN and those could be used without installing SoftEtherVPN.
 
 ************************************
 Thank You Using SoftEther VPN !

src/BUILD_WINDOWS.md

@@ -1,31 +1,155 @@
 How to build SoftEther VPN for Windows
 ======================================
 
-Full Build Instructions
------------------------
-
-There are several methods for using CMake but the easiest by far is through Visual Studio 2019 by importing the CMake project directly
+There are several methods for using CMake but the easiest by far is through Visual Studio by importing the CMake project directly
 into it. So that is what will be described below.
 
-Requirements:
+## Requirements
 
-1. Download Visual Studio 2019 (Community Edition is fine).
-2. During install, make sure to check "Desktop development with C++" under "Workloads".
-3. Click on individual components and scroll until you see "Visual C++ tools for CMake" under the compilers section. Make sure this is checked.
-4. Proceed with and finish Visual Studio 2019 installation.
-5. Install the needed submodules to build the project, avoiding CMake telling you to do so with: `git submodule update --init --recursive`
+- Visual Studio 2019 or 2022 (Community Edition is fine)
 
-Building:
+  https://visualstudio.microsoft.com/downloads
 
-Once both installs have finished, launch Visual Studio. Once its started go to the File menu click `Open --> CMake`. Then navigate to where you
-cloned the project and open the `CMakeLists.txt` file in the projects root directory.
+- Git for Windows (or other git tool)
 
-Visual Studio will proceed to start the CMake configuration process and once its finished, you can simply go to toolbar and click `CMake -> Build All`.
+  https://gitforwindows.org/
 
-Once it has finished, hopefully with no errors, look in the newly created `/build` directory in the project's folder. Inside are the development versions
-of all the SoftEtherVPN components.
+- vcpkg
 
-Congrats, you now have a complete CMake development environment for SoftEtherVPN on Windows, enjoy and happy contributing!
+  https://github.com/microsoft/vcpkg
 
-Download Links:
-- Visual Studio 2019 from Microsoft: https://visualstudio.microsoft.com/downloads
+## Installation
+
+- Visual Studio
+
+  Download from the official site and run the installer.
+
+  Make sure to check **Desktop development with C++** under *Workloads* and **Clang C++ Tools for Windows** in *Optional* components.
+
+- Git
+
+  Nothing special. Just follow the installer.
+
+- vcpkg
+
+  Let's say you will install it to `C:\vcpkg`.
+
+  Open your preferred terminal and go to `C:\`. Then run these commands.
+
+  ```
+  C:\> git clone https://github.com/microsoft/vcpkg
+  C:\> cd vcpkg
+  C:\vcpkg> bootstrap-vcpkg.bat
+  C:\vcpkg> vcpkg integrate install
+  ```
+
+## Update
+
+- vcpkg
+
+  You are recommended to update vcpkg from time to time, so that the latest libraries are used in the build.
+
+  Go to the installation path, pull the latest repo and the binary:
+
+  ```
+  C:\vcpkg> git pull
+  C:\vcpkg> bootstrap-vcpkg.bat
+  ```
+  
+## Building
+
+1. Launch Visual Studio
+
+   Choose either **Clone a repository** to clone from GitHub or **Open a local folder** if you already have a copy.
+
+1. Open Terminal (*View -> Terminal*). Install the needed submodules to build the project, avoiding CMake telling you to do so with:
+
+   `git submodule update --init --recursive`
+
+   **Note**: This step is not necessary if you have chosen **Clone a repository** as Visual Studio automatically takes care of it.
+
+1. Switch to folder view in the solution explorer
+
+1. Select a configuration from the dropdown menu below the search box. The default configurations are:
+
+   - x64-native
+
+     Build x64 executables with 64-bit compiler (most common)
+
+   - x64-on-x86
+
+     Cross compile x64 executables with 32-bit compiler
+
+   - x86-native
+
+     Build x86 executables with 32-bit compiler
+
+   - x86-on-x64
+
+     Cross compile x86 executables with 64-bit compiler
+
+   On 64-bit Windows, all four configurations can be used. 32-bit platforms can only use 32-bit compiler.
+
+1. Visual Studio will try generating CMake cache. If not, click **Project -> Configure Cache** or **Generate Cache**.
+
+   If CMake is busy, you will find **Generate Cache** greyed out. Wait until it finishes or click **Cancel CMake Cache Generation** to stop it.
+
+   The initial configuration will take a longer time since it needs to download and install dependencies.
+
+1. When *CMake generation finished* is displayed, simply go to toolbar and click **Build -> Build All**.
+
+1. Once building has finished, hopefully with no errors, look in the newly created `/build` directory in the project's folder.
+
+   Run `vpnsetup.exe` to install desired components.
+
+1. Congrats, you now have a complete CMake development environment for SoftEtherVPN on Windows, enjoy and happy contributing!
+
+## Notes
+
+1. Build number
+
+   You can change the build number in `CMakeSettings.json`. Use any integer no less than 5180.
+
+   Delete and regenerate CMake cache after the change.
+
+1. OpenSSL
+
+   The above instruction builds OpenSSL library statically in the SoftEther binaries,
+   so that when you distribute the installer to others they will not need to install OpenSSL separately.
+   However, the downside is that the OpenSSL library cannot be updated without a rebuild and reinstallation of SoftEther.
+   
+   It's also possible to build OpenSSL library dynamically so that you can update OpenSSL without rebuilding SoftEther.
+   To achieve that, you need to remove `openssl` from `vcpkg.json` and install OpenSSL directly.
+   
+   Installing from a package manager such as [Scoop](https://scoop.sh/) would make the subsequent updates easily.
+   However, you should avoid using [Winget](https://learn.microsoft.com/en-us/windows/package-manager/winget/)
+   for the time being because due to a bug it cannot detect the correct version of OpenSSL, causing endless updates.
+   
+   If you install from Scoop, make sure to add the OpenSSL folder to the system's `PATH`.
+   As Scoop already adds it to the user's `PATH`, just copy the same location into the system environment variable(s).
+   SoftEther Client Service starts from the System account and will fail to start if OpenSSL is not in the global `PATH`.
+   
+   Building should be straightforward. You can verify that the binaries are now linked against the locally installed OpenSSL
+   with tools like `ldd` (available from Git Bash):
+
+   ```bash
+   $ ldd /c/Program\ Files/SoftEther\ VPN\ Client\ Developer\ Edition/vpnclient.exe
+        ...
+        libcrypto-3-x64.dll => /c/Scoop/apps/openssl/current/bin/libcrypto-3-x64.dll (0x7ff8beb70000)
+        libssl-3-x64.dll => /c/Scoop/apps/openssl/current/bin/libssl-3-x64.dll (0x7ff8beaa0000)
+        ...
+   ```
+
+1. 32-bit Windows
+
+   You don't need 32-bit Windows to build 32-bit executables. However, if 32-bit Windows is what you only have, things become a little complicated.
+
+   Visual Studio 2019 is the last version that works on 32-bit Windows. It does the job but its bundled CMake and Ninja are 64-bit versions.
+
+   After the installation of VS 2019, you need to download 32-bit CMake and Ninja and replace those that come with VS in:
+
+   ```
+   C:\Program Files\Microsoft Visual Studio\2019\Community\Common7\IDE\CommonExtensions\Microsoft\CMake
+   ```
+
+   Currently CMake has an official x86 installer but Ninja does not. You may need to download from a 3rd party or build from source.

src/CMakeLists.txt

@@ -60,6 +60,21 @@ include_directories(.)
 
 if(WIN32)
   add_definitions(-DWIN32 -D_WINDOWS -DOS_WIN32 -D_CRT_SECURE_NO_WARNINGS)
+
+  #
+  # https://msrc-blog.microsoft.com/2020/08/17/control-flow-guard-for-clang-llvm-and-rust/
+  #
+
+  message("Setting CONTROL FLOW GUARD") 
+  set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /guard:cf")
+  set(CMAKE_EXE_LINKER_FLAGS  "${CMAKE_EXE_LINKER_FLAGS} /guard:cf /DYNAMICBASE")
+
+  message("Setting QSPECTRE")
+  set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /Qspectre")
+
+  message("Setting CETCOMPAT")
+  set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} /CETCOMPAT")
+
 endif()
 
 if(UNIX)
@@ -112,6 +127,9 @@ if(UNIX)
   if(SE_PIDDIR)
     add_definitions(-DSE_PIDDIR="${SE_PIDDIR}")
   endif()
+
+  # Use system libraries instead of bundled
+  set(USE_SYSTEM_CPU_FEATURES false CACHE BOOL "Use system cpu_features")
 endif()
 
 # Cedar communication module

src/Cedar/Account.c

@@ -21,47 +21,47 @@
 // Policy items
 POLICY_ITEM policy_item[] =
 {
-//  ID,     Value,  Omittable, Min, Max, Default, Unit name
+//  ID,     Value,  Omittable, Min, Max, Default, Unit name, Offset
 // Ver 2.0
-	{0,		false,	false,	0,	0,	0,		NULL},			// Access
-	{1,		false,	false,	0,	0,	0,		NULL},			// DHCPFilter
-	{2,		false,	false,	0,	0,	0,		NULL},			// DHCPNoServer
-	{3,		false,	false,	0,	0,	0,		NULL},			// DHCPForce
-	{4,		false,	false,	0,	0,	0,		NULL},			// NoBridge
-	{5,		false,	false,	0,	0,	0,		NULL},			// NoRouting
-	{6,		false,	false,	0,	0,	0,		NULL},			// CheckMac
-	{7,		false,	false,	0,	0,	0,		NULL},			// CheckIP
-	{8,		false,	false,	0,	0,	0,		NULL},			// ArpDhcpOnly
-	{9,		false,	false,	0,	0,	0,		NULL},			// PrivacyFilter
-	{10,	false,	false,	0,	0,	0,		NULL},			// NoServer
-	{11,	false,	false,	0,	0,	0,		NULL},			// NoBroadcastLimiter
-	{12,	false,	false,	0,	0,	0,		NULL},			// MonitorPort
-	{13,	true,	false,	1,	32,	32,		"POL_INT_COUNT"},	// MaxConnection
-	{14,	true,	false,	5,	60,	20,		"POL_INT_SEC"},	// TimeOut
-	{15,	true,	true,	1,	65535,	0,	"POL_INT_COUNT"},	// MaxMac
-	{16,	true,	true,	1,	65535,	0,	"POL_INT_COUNT"},	// MaxIP
-	{17,	true,	true,	1,	4294967295UL,	0,	"POL_INT_BPS"},	// MaxUpload
-	{18,	true,	true,	1,	4294967295UL,	0,	"POL_INT_BPS"},	// MaxDownload
-	{19,	false,	false,	0,	0,	0,		NULL},			// FixPassword
-	{20,	true,	true,	1,	65535,	0,	"POL_INT_COUNT"},	// MultiLogins
-	{21,	false,	false,	0,	0,	0,		NULL},			// NoQoS
+	{0,		false,	false,	0,	0,	0,		NULL,		offsetof(POLICY, Access)},								// Access
+	{1,		false,	false,	0,	0,	0,		NULL,		offsetof(POLICY, DHCPFilter)},							// DHCPFilter
+	{2,		false,	false,	0,	0,	0,		NULL,		offsetof(POLICY, DHCPNoServer)},						// DHCPNoServer
+	{3,		false,	false,	0,	0,	0,		NULL,		offsetof(POLICY, DHCPForce)},							// DHCPForce
+	{4,		false,	false,	0,	0,	0,		NULL,		offsetof(POLICY, NoBridge)},							// NoBridge
+	{5,		false,	false,	0,	0,	0,		NULL,		offsetof(POLICY, NoRouting)},							// NoRouting
+	{6,		false,	false,	0,	0,	0,		NULL,		offsetof(POLICY, CheckMac)},							// CheckMac
+	{7,		false,	false,	0,	0,	0,		NULL,		offsetof(POLICY, CheckIP)},								// CheckIP
+	{8,		false,	false,	0,	0,	0,		NULL,		offsetof(POLICY, ArpDhcpOnly)},							// ArpDhcpOnly
+	{9,		false,	false,	0,	0,	0,		NULL,		offsetof(POLICY, PrivacyFilter)},						// PrivacyFilter
+	{10,	false,	false,	0,	0,	0,		NULL,		offsetof(POLICY, NoServer)},							// NoServer
+	{11,	false,	false,	0,	0,	0,		NULL,		offsetof(POLICY, NoBroadcastLimiter)},					// NoBroadcastLimiter
+	{12,	false,	false,	0,	0,	0,		NULL,		offsetof(POLICY, MonitorPort)},							// MonitorPort
+	{13,	true,	false,	1,	32,	32,		"POL_INT_COUNT",		offsetof(POLICY, MaxConnection)},			// MaxConnection
+	{14,	true,	false,	5,	60,	20,		"POL_INT_SEC",			offsetof(POLICY, TimeOut)},					// TimeOut
+	{15,	true,	true,	1,	65535,	0,	"POL_INT_COUNT",		offsetof(POLICY, MaxMac)},					// MaxMac
+	{16,	true,	true,	1,	65535,	0,	"POL_INT_COUNT",		offsetof(POLICY, MaxIP)},					// MaxIP
+	{17,	true,	true,	1,	4294967295UL,	0,	"POL_INT_BPS",	offsetof(POLICY, MaxUpload)},				// MaxUpload
+	{18,	true,	true,	1,	4294967295UL,	0,	"POL_INT_BPS",	offsetof(POLICY, MaxDownload)},				// MaxDownload
+	{19,	false,	false,	0,	0,	0,		NULL,		offsetof(POLICY, FixPassword)},							// FixPassword
+	{20,	true,	true,	1,	65535,	0,	"POL_INT_COUNT",		offsetof(POLICY, MultiLogins)},				// MultiLogins
+	{21,	false,	false,	0,	0,	0,		NULL,		offsetof(POLICY, NoQoS)},								// NoQoS
 // Ver 3.0
-	{22,	false,	false,	0,	0,	0,		NULL},			// RSandRAFilter
-	{23,	false,	false,	0,	0,	0,		NULL},			// RAFilter
-	{24,	false,	false,	0,	0,	0,		NULL},			// DHCPv6Filter
-	{25,	false,	false,	0,	0,	0,		NULL},			// DHCPv6NoServer
-	{26,	false,	false,	0,	0,	0,		NULL},			// NoRoutingV6
-	{27,	false,	false,	0,	0,	0,		NULL},			// CheckIPv6
-	{28,	false,	false,	0,	0,	0,		NULL},			// NoServerV6
-	{29,	true,	true,	1,	65535,	0,	"POL_INT_COUNT"},	// MaxIPv6
-	{30,	false,	false,	0,	0,	0,		NULL},			// NoSavePassword
-	{31,	true,	true,	1,	4294967295UL,	0,	"POL_INT_SEC"},	// AutoDisconnect
-	{32,	false,	false,	0,	0,	0,		NULL},			// FilterIPv4
-	{33,	false,	false,	0,	0,	0,		NULL},			// FilterIPv6
-	{34,	false,	false,	0,	0,	0,		NULL},			// FilterNonIP
-	{35,	false,	false,	0,	0,	0,		NULL},			// NoIPv6DefaultRouterInRA
-	{36,	false,	false,	0,	0,	0,		NULL},			// NoIPv6DefaultRouterInRAWhenIPv6
-	{37,	true,	true,	1,	4095,	0,	"POL_INT_VLAN"},	// VLanId
+	{22,	false,	false,	0,	0,	0,		NULL,		offsetof(POLICY, RSandRAFilter)},						// RSandRAFilter
+	{23,	false,	false,	0,	0,	0,		NULL,		offsetof(POLICY, RAFilter)},							// RAFilter
+	{24,	false,	false,	0,	0,	0,		NULL,		offsetof(POLICY, DHCPv6Filter)},						// DHCPv6Filter
+	{25,	false,	false,	0,	0,	0,		NULL,		offsetof(POLICY, DHCPv6NoServer)},						// DHCPv6NoServer
+	{26,	false,	false,	0,	0,	0,		NULL,		offsetof(POLICY, NoRoutingV6)},							// NoRoutingV6
+	{27,	false,	false,	0,	0,	0,		NULL,		offsetof(POLICY, CheckIPv6)},							// CheckIPv6
+	{28,	false,	false,	0,	0,	0,		NULL,		offsetof(POLICY, NoServerV6)},							// NoServerV6
+	{29,	true,	true,	1,	65535,	0,	"POL_INT_COUNT",		offsetof(POLICY, MaxIPv6)},					// MaxIPv6
+	{30,	false,	false,	0,	0,	0,		NULL,		offsetof(POLICY, NoSavePassword)},						// NoSavePassword
+	{31,	true,	true,	1,	4294967295UL,	0,	"POL_INT_SEC",	offsetof(POLICY, AutoDisconnect)},			// AutoDisconnect
+	{32,	false,	false,	0,	0,	0,		NULL,		offsetof(POLICY, FilterIPv4)},							// FilterIPv4
+	{33,	false,	false,	0,	0,	0,		NULL,		offsetof(POLICY, FilterIPv6)},							// FilterIPv6
+	{34,	false,	false,	0,	0,	0,		NULL,		offsetof(POLICY, FilterNonIP)},							// FilterNonIP
+	{35,	false,	false,	0,	0,	0,		NULL,		offsetof(POLICY, NoIPv6DefaultRouterInRA)},				// NoIPv6DefaultRouterInRA
+	{36,	false,	false,	0,	0,	0,		NULL,		offsetof(POLICY, NoIPv6DefaultRouterInRAWhenIPv6)},		// NoIPv6DefaultRouterInRAWhenIPv6
+	{37,	true,	true,	1,	4095,	0,	"POL_INT_VLAN",			offsetof(POLICY, VLanId)},					// VLanId
 };
 
 // Format policy value
@@ -390,7 +390,7 @@ void OverwritePolicy(POLICY **target, POLICY *p)
 			}
 			else
 			{
-				Copy(*target, p, NUM_POLICY_ITEM_FOR_VER2 * sizeof(UINT));
+				Copy(*target, p, policy_item[NUM_POLICY_ITEM_FOR_VER2].Offset);
 			}
 		}
 	}
@@ -897,6 +897,35 @@ USER *AcGetUser(HUB *h, char *name)
 	return u;
 }
 
+USER* AcGetUserByCert(HUB *h, X *cert)
+{
+	int i;
+
+	if (cert == NULL)
+	{
+		return NULL;
+	}
+
+	for (i = 0; i < LIST_NUM(h->HubDb->UserList); i++)
+	{
+		USER* u = LIST_DATA(h->HubDb->UserList, i);
+		if (u->AuthType == AUTHTYPE_USERCERT)
+		{
+			X* ucert = ((AUTHUSERCERT*)u->AuthData)->UserX;
+			if (ucert != NULL)
+			{
+				if (CompareX(cert, ucert))
+				{
+					AddRef(u->ref);
+					return u;
+				}
+			}
+		}
+	}
+
+	return NULL;
+}
+
 // Delete the user
 bool AcDeleteUser(HUB *h, char *name)
 {

src/Cedar/Account.h

@@ -25,6 +25,7 @@ struct POLICY_ITEM
 	UINT MaxValue;
 	UINT DefaultValue;
 	char *FormatStr;
+	UINT Offset;
 };
 
 // Policy
@@ -144,17 +145,17 @@ struct AUTHNT
 
 // Macro
 #define	POLICY_CURRENT_VERSION		3
-#define	NUM_POLICY_ITEM		((sizeof(POLICY) / sizeof(UINT)) - 1)
 #define	NUM_POLICY_ITEM_FOR_VER2	22
 #define	NUM_POLICY_ITEM_FOR_VER3	38
+#define	NUM_POLICY_ITEM				NUM_POLICY_ITEM_FOR_VER3
 
 #define	IS_POLICY_FOR_VER2(index)	(((index) >= 0) && ((index) < NUM_POLICY_ITEM_FOR_VER2))
 #define	IS_POLICY_FOR_VER3(index)	(((index) >= 0) && ((index) < NUM_POLICY_ITEM_FOR_VER3))
 
 #define	IS_POLICY_FOR_CURRENT_VER(index, ver)	((ver) >= 3 ? IS_POLICY_FOR_VER3(index) : IS_POLICY_FOR_VER2(index))
 
-#define	POLICY_BOOL(p, i)	(((bool *)(p))[(i)])
-#define	POLICY_INT(p, i)	(((UINT *)(p))[(i)])
+#define	POLICY_BOOL(p, i)	(*(bool *)((char *)p + policy_item[i].Offset))
+#define	POLICY_INT(p, i)	(*(UINT *)((char *)p + policy_item[i].Offset))
 
 extern POLICY_ITEM policy_item[];
 
@@ -176,6 +177,7 @@ void FreeAuthData(UINT authtype, void *authdata);
 bool AcAddUser(HUB *h, USER *u);
 bool AcAddGroup(HUB *h, USERGROUP *g);
 USER *AcGetUser(HUB *h, char *name);
+USER* AcGetUserByCert(HUB* h, X *cert);
 USERGROUP *AcGetGroup(HUB *h, char *name);
 bool AcIsUser(HUB *h, char *name);
 bool AcIsGroup(HUB *h, char *name);

src/Cedar/Admin.c

@@ -260,26 +260,6 @@ CAPSLIST *ScGetCapsEx(RPC *rpc)
 		AddCapsBool(t, "b_support_config_log", info.ServerType != SERVER_TYPE_FARM_MEMBER);
 		AddCapsBool(t, "b_support_autodelete", false);
 	}
-	else
-	{
-		// Success getting Caps
-		if (info.ServerBuildInt <= 4350)
-		{
-			if (is_bridge == false)
-			{
-				// b_support_cluster should be true for build 4300 or earlier
-				CAPS *caps = GetCaps(t, "b_support_cluster");
-				if (caps == NULL)
-				{
-					AddCapsBool(t, "b_support_cluster", true);
-				}
-				else
-				{
-					caps->Value = 1;
-				}
-			}
-		}
-	}
 
 	if (true)
 	{
@@ -746,9 +726,8 @@ void AdminWebProcPost(CONNECTION *c, SOCK *s, HTTP_HEADER *h, UINT post_data_siz
 	if (RecvAll(s, data, post_data_size, s->SecureMode))
 	{
 		c->JsonRpcAuthed = true;
-#ifndef	GC_SOFTETHER_OSS
+
 		RemoveDosEntry(c->Listener, s);
-#endif	// GC_SOFTETHER_OSS
 
 		// Divide url_target into URL and query string
 		StrCpy(url, sizeof(url), url_target);
@@ -787,9 +766,8 @@ void AdminWebProcGet(CONNECTION *c, SOCK *s, HTTP_HEADER *h, char *url_target)
 	}
 
 	c->JsonRpcAuthed = true;
-#ifndef	GC_SOFTETHER_OSS
+
 	RemoveDosEntry(c->Listener, s);
-#endif	// GC_SOFTETHER_OSS
 
 	// Divide url_target into URL and query string
 	StrCpy(url, sizeof(url), url_target);
@@ -959,30 +937,26 @@ bool HttpParseBasicAuthHeader(HTTP_HEADER *h, char *username, UINT username_size
 		{
 			if (StrCmpi(key, "Basic") == 0 && IsEmptyStr(value) == false)
 			{
-				UINT b64_dest_size = StrSize(value) * 2 + 256;
-				char *b64_dest = ZeroMalloc(b64_dest_size);
-
-				Decode64(b64_dest, value);
-
-				if (IsEmptyStr(b64_dest) == false)
+				char *str = Base64ToBin(NULL, value, StrLen(value));
+				if (str != NULL)
 				{
-					if (b64_dest[0] == ':')
+					if (str[0] == ':')
 					{
 						// Empty username
 						StrCpy(username, username_size, "");
-						StrCpy(password, password_size, b64_dest + 1);
+						StrCpy(password, password_size, str + 1);
 						ret = true;
 					}
 					else
 					{
-						if (GetKeyAndValue(b64_dest, username, username_size, password, password_size, ":"))
+						if (GetKeyAndValue(str, username, username_size, password, password_size, ":"))
 						{
 							ret = true;
 						}
 					}
-				}
 
-				Free(b64_dest);
+					Free(str);
+				}
 			}
 		}
 	}
@@ -1223,9 +1197,7 @@ void JsonRpcProcOptions(CONNECTION *c, SOCK *s, HTTP_HEADER *h, char *url_target
 
 	c->JsonRpcAuthed = true;
 
-#ifndef	GC_SOFTETHER_OSS
 	RemoveDosEntry(c->Listener, s);
-#endif	// GC_SOFTETHER_OSS
 
 	AdminWebSendBody(s, 200, "OK", NULL, 0, NULL, NULL, NULL, h);
 }
@@ -1252,9 +1224,7 @@ void JsonRpcProcGet(CONNECTION *c, SOCK *s, HTTP_HEADER *h, char *url_target)
 
 	c->JsonRpcAuthed = true;
 
-#ifndef	GC_SOFTETHER_OSS
 	RemoveDosEntry(c->Listener, s);
-#endif	// GC_SOFTETHER_OSS
 
 	// Divide url_target into URL and query string
 	StrCpy(url, sizeof(url), url_target);
@@ -1381,9 +1351,7 @@ void JsonRpcProcPost(CONNECTION *c, SOCK *s, HTTP_HEADER *h, UINT post_data_size
 
 		c->JsonRpcAuthed = true;
 
-#ifndef	GC_SOFTETHER_OSS
 		RemoveDosEntry(c->Listener, s);
-#endif	// GC_SOFTETHER_OSS
 
 		if (json_req == NULL || json_req_object == NULL)
 		{
@@ -1668,8 +1636,8 @@ PACK *AdminDispatch(RPC *rpc, char *name, PACK *p)
 	DECLARE_RPC("GetSpecialListener", RPC_SPECIAL_LISTENER, StGetSpecialListener, InRpcSpecialListener, OutRpcSpecialListener)
 	DECLARE_RPC("GetAzureStatus", RPC_AZURE_STATUS, StGetAzureStatus, InRpcAzureStatus, OutRpcAzureStatus)
 	DECLARE_RPC("SetAzureStatus", RPC_AZURE_STATUS, StSetAzureStatus, InRpcAzureStatus, OutRpcAzureStatus)
-	DECLARE_RPC("GetDDnsInternetSettng", INTERNET_SETTING, StGetDDnsInternetSetting, InRpcInternetSetting, OutRpcInternetSetting)
-	DECLARE_RPC("SetDDnsInternetSettng", INTERNET_SETTING, StSetDDnsInternetSetting, InRpcInternetSetting, OutRpcInternetSetting)
+	DECLARE_RPC("GetDDnsInternetSetting", INTERNET_SETTING, StGetDDnsInternetSetting, InRpcInternetSetting, OutRpcInternetSetting)
+	DECLARE_RPC("SetDDnsInternetSetting", INTERNET_SETTING, StSetDDnsInternetSetting, InRpcInternetSetting, OutRpcInternetSetting)
 	// RPC function declaration: till here
 
 
@@ -1855,8 +1823,8 @@ DECLARE_SC("SetSpecialListener", RPC_SPECIAL_LISTENER, ScSetSpecialListener, InR
 DECLARE_SC("GetSpecialListener", RPC_SPECIAL_LISTENER, ScGetSpecialListener, InRpcSpecialListener, OutRpcSpecialListener)
 DECLARE_SC("GetAzureStatus", RPC_AZURE_STATUS, ScGetAzureStatus, InRpcAzureStatus, OutRpcAzureStatus)
 DECLARE_SC("SetAzureStatus", RPC_AZURE_STATUS, ScSetAzureStatus, InRpcAzureStatus, OutRpcAzureStatus)
-DECLARE_SC("GetDDnsInternetSettng", INTERNET_SETTING, ScGetDDnsInternetSetting, InRpcInternetSetting, OutRpcInternetSetting)
-DECLARE_SC("SetDDnsInternetSettng", INTERNET_SETTING, ScSetDDnsInternetSetting, InRpcInternetSetting, OutRpcInternetSetting)
+DECLARE_SC("GetDDnsInternetSetting", INTERNET_SETTING, ScGetDDnsInternetSetting, InRpcInternetSetting, OutRpcInternetSetting)
+DECLARE_SC("SetDDnsInternetSetting", INTERNET_SETTING, ScSetDDnsInternetSetting, InRpcInternetSetting, OutRpcInternetSetting)
 // RPC call function declaration: till here
 
 // Setting VPN Gate Server Configuration
@@ -6550,8 +6518,6 @@ UINT StSetAccessList(ADMIN *a, RPC_ENUM_ACCESS_LIST *t)
 	UINT i;
 	bool no_jitter = false;
 	bool no_include = false;
-	UINT ret = ERR_NO_ERROR;
-
 
 	NO_SUPPORT_FOR_BRIDGE;
 	if (s->ServerType == SERVER_TYPE_FARM_MEMBER)
@@ -6595,59 +6561,19 @@ UINT StSetAccessList(ADMIN *a, RPC_ENUM_ACCESS_LIST *t)
 
 	LockList(h->AccessList);
 	{
-		UINT i;
-
-		if (a->ClientBuild != 0)
+		// Delete whole access list
+		for (i = 0; i < LIST_NUM(h->AccessList); ++i)
 		{
-			// Confirm whether the access list of form which cannot handle by the old client already exists
-			if (a->ClientBuild < 6560)
-			{
-				for (i = 0;i < LIST_NUM(h->AccessList);i++)
-				{
-					ACCESS *access = LIST_DATA(h->AccessList, i);
-					if (access->IsIPv6 ||
-						access->Jitter != 0 || access->Loss != 0 || access->Delay != 0)
-					{
-						ret = ERR_VERSION_INVALID;
-						break;
-					}
-				}
-			}
-
-			if (a->ClientBuild < 8234)
-			{
-				for (i = 0;i < LIST_NUM(h->AccessList);i++)
-				{
-					ACCESS *access = LIST_DATA(h->AccessList, i);
-
-					if (IsEmptyStr(access->RedirectUrl) == false)
-					{
-						ret = ERR_VERSION_INVALID;
-						break;
-					}
-				}
-			}
+			ACCESS *access = LIST_DATA(h->AccessList, i);
+			Free(access);
 		}
 
-		if (ret == ERR_NO_ERROR)
-		{
-			// Delete whole access list
-			for (i = 0;i < LIST_NUM(h->AccessList);i++)
-			{
-				ACCESS *access = LIST_DATA(h->AccessList, i);
-				Free(access);
-			}
+		DeleteAll(h->AccessList);
 
-			DeleteAll(h->AccessList);
-		}
-	}
-
-	if (ret == ERR_NO_ERROR)
-	{
 		ALog(a, h, "LA_SET_ACCESS_LIST", t->NumAccess);
 
 		// Add whole access list
-		for (i = 0;i < t->NumAccess;i++)
+		for (i = 0; i < t->NumAccess; ++i)
 		{
 			ACCESS *a = &t->Accesses[i];
 
@@ -6686,14 +6612,10 @@ UINT StSetAccessList(ADMIN *a, RPC_ENUM_ACCESS_LIST *t)
 		h->CurrentVersion++;
 		SiHubUpdateProc(h);
 	}
-	else
-	{
-		UnlockList(h->AccessList);
-	}
 
 	ReleaseHub(h);
 
-	return ret;
+	return ERR_NO_ERROR;
 }
 
 // Add access list entry
@@ -7420,6 +7342,7 @@ UINT StGetLink(ADMIN *a, RPC_CREATE_LINK *t)
 		Copy(&t->Policy, k->Policy, sizeof(POLICY));
 
 		t->CheckServerCert = k->CheckServerCert;
+		t->AddDefaultCA = k->AddDefaultCA;
 		t->ServerCert = CloneX(k->ServerCert);
 	}
 	Unlock(k->lock);
@@ -7524,7 +7447,7 @@ UINT StSetLink(ADMIN *a, RPC_CREATE_LINK *t)
 
 		if (t->Policy.Ver3 == false)
 		{
-			Copy(k->Policy, &t->Policy, sizeof(UINT) * NUM_POLICY_ITEM_FOR_VER2);
+			Copy(k->Policy, &t->Policy, policy_item[NUM_POLICY_ITEM_FOR_VER2].Offset);
 		}
 		else
 		{
@@ -7535,6 +7458,7 @@ UINT StSetLink(ADMIN *a, RPC_CREATE_LINK *t)
 		k->Option->RequireMonitorMode = false;	// Disable monitor mode
 
 		k->CheckServerCert = t->CheckServerCert;
+		k->AddDefaultCA = t->AddDefaultCA;
 		k->ServerCert = CloneX(t->ServerCert);
 	}
 	Unlock(k->lock);
@@ -7631,6 +7555,7 @@ UINT StCreateLink(ADMIN *a, RPC_CREATE_LINK *t)
 		// setting of verifying server certification
 		// 
 		k->CheckServerCert = t->CheckServerCert;
+		k->AddDefaultCA = t->AddDefaultCA;
 		k->ServerCert = CloneX(t->ServerCert);
 
 		// stay this off-line
@@ -7847,11 +7772,6 @@ UINT StAddCa(ADMIN *a, RPC_HUB_ADD_CA *t)
 		return ERR_INVALID_PARAMETER;
 	}
 
-	if (t->Cert->is_compatible_bit == false)
-	{
-		return ERR_NOT_RSA_1024;
-	}
-
 	CHECK_RIGHT;
 
 	LockHubList(c);
@@ -9516,11 +9436,6 @@ UINT StSetServerCert(ADMIN *a, RPC_KEY_PAIR *t)
 		return ERR_PROTOCOL_ERROR;
 	}
 
-	if (t->Cert->is_compatible_bit == false)
-	{
-		return ERR_NOT_RSA_1024;
-	}
-
 	if (CheckXandK(t->Cert, t->Key) == false)
 	{
 		return ERR_PROTOCOL_ERROR;
@@ -9535,7 +9450,7 @@ UINT StSetServerCert(ADMIN *a, RPC_KEY_PAIR *t)
 		}
 	}
 
-	SetCedarCert(c, t->Cert, t->Key);
+	SetCedarCertAndChain(c, t->Cert, t->Key, t->Chain);
 
 	ALog(a, NULL, "LA_SET_SERVER_CERT");
 
@@ -10143,8 +10058,7 @@ UINT StSetPortsUDP(ADMIN *a, RPC_PORTS *t)
 
 	LockList(server_ports);
 	{
-		char tmp[MAX_SIZE];
-		wchar_t str[MAX_SIZE];
+		char str[MAX_SIZE];
 
 		for (i = 0; i < LIST_NUM(server_ports); ++i)
 		{
@@ -10160,8 +10074,7 @@ UINT StSetPortsUDP(ADMIN *a, RPC_PORTS *t)
 
 		ProtoSetUdpPorts(a->Server->Proto, server_ports);
 
-		IntListToStr(tmp, sizeof(tmp), server_ports, ", ");
-		StrToUni(str, sizeof(str), tmp);
+		IntListToStr(str, sizeof(str), server_ports, ", ");
 		ALog(a, NULL, "LA_SET_PORTS_UDP", str);
 	}
 	UnlockList(server_ports);
@@ -13717,6 +13630,7 @@ void InRpcCreateLink(RPC_CREATE_LINK *t, PACK *p)
 	InRpcPolicy(&t->Policy, p);
 
 	t->CheckServerCert = PackGetBool(p, "CheckServerCert");
+	t->AddDefaultCA = PackGetBool(p, "AddDefaultCA");
 	b = PackGetBuf(p, "ServerCert");
 	if (b != NULL)
 	{
@@ -13739,6 +13653,7 @@ void OutRpcCreateLink(PACK *p, RPC_CREATE_LINK *t)
 	OutRpcPolicy(p, &t->Policy);
 
 	PackAddBool(p, "CheckServerCert", t->CheckServerCert);
+	PackAddBool(p, "AddDefaultCA", t->AddDefaultCA);
 	if (t->ServerCert != NULL)
 	{
 		BUF *b;
@@ -13784,12 +13699,14 @@ void InRpcEnumLink(RPC_ENUM_LINK *t, PACK *p)
 
 		PackGetUniStrEx(p, "AccountName", e->AccountName, sizeof(e->AccountName), i);
 		PackGetStrEx(p, "Hostname", e->Hostname, sizeof(e->Hostname), i);
-		PackGetStrEx(p, "ConnectedHubName", e->HubName, sizeof(e->HubName), i);
+		if (PackGetStrEx(p, "ConnectedHubName", e->HubName, sizeof(e->HubName), i) == false)
+		{
+			PackGetStrEx(p, "TargetHubName", e->HubName, sizeof(e->HubName), i);
+		}
 		e->Online = PackGetBoolEx(p, "Online", i);
 		e->ConnectedTime = PackGetInt64Ex(p, "ConnectedTime", i);
 		e->Connected = PackGetBoolEx(p, "Connected", i);
 		e->LastError = PackGetIntEx(p, "LastError", i);
-		PackGetStrEx(p, "LinkHubName", e->HubName, sizeof(e->HubName), i);
 	}
 }
 void OutRpcEnumLink(PACK *p, RPC_ENUM_LINK *t)
@@ -14637,6 +14554,7 @@ void InRpcKeyPair(RPC_KEY_PAIR *t, PACK *p)
 	}
 
 	t->Cert = PackGetX(p, "Cert");
+	t->Chain = PackGetXList(p, "Chain");
 	t->Key = PackGetK(p, "Key");
 	t->Flag1 = PackGetInt(p, "Flag1");
 }
@@ -14649,12 +14567,14 @@ void OutRpcKeyPair(PACK *p, RPC_KEY_PAIR *t)
 	}
 
 	PackAddX(p, "Cert", t->Cert);
+	PackAddXList(p, "Chain", t->Chain);
 	PackAddK(p, "Key", t->Key);
 	PackAddInt(p, "Flag1", t->Flag1);
 }
 void FreeRpcKeyPair(RPC_KEY_PAIR *t)
 {
 	FreeX(t->Cert);
+	FreeXList(t->Chain);
 	FreeK(t->Key);
 }
 
@@ -14737,19 +14657,19 @@ void InRpcNodeInfo(NODE_INFO *t, PACK *p)
 	PackGetStr(p, "HubName", t->HubName, sizeof(t->HubName));
 	PackGetData2(p, "UniqueId", t->UniqueId, sizeof(t->UniqueId));
 
-	t->ClientProductVer = PackGetInt(p, "ClientProductVer");
-	t->ClientProductBuild = PackGetInt(p, "ClientProductBuild");
-	t->ServerProductVer = PackGetInt(p, "ServerProductVer");
-	t->ServerProductBuild = PackGetInt(p, "ServerProductBuild");
+	t->ClientProductVer = LittleEndian32(PackGetInt(p, "ClientProductVer"));
+	t->ClientProductBuild = LittleEndian32(PackGetInt(p, "ClientProductBuild"));
+	t->ServerProductVer = LittleEndian32(PackGetInt(p, "ServerProductVer"));
+	t->ServerProductBuild = LittleEndian32(PackGetInt(p, "ServerProductBuild"));
 	t->ClientIpAddress = PackGetIp32(p, "ClientIpAddress");
 	PackGetData2(p, "ClientIpAddress6", t->ClientIpAddress6, sizeof(t->ClientIpAddress6));
-	t->ClientPort = PackGetInt(p, "ClientPort");
+	t->ClientPort = LittleEndian32(PackGetInt(p, "ClientPort"));
 	t->ServerIpAddress = PackGetIp32(p, "ServerIpAddress");
 	PackGetData2(p, "ServerIpAddress6", t->ServerIpAddress6, sizeof(t->ServerIpAddress6));
-	t->ServerPort = PackGetInt(p, "ServerPort2");
+	t->ServerPort = LittleEndian32(PackGetInt(p, "ServerPort2"));
 	t->ProxyIpAddress = PackGetIp32(p, "ProxyIpAddress");
 	PackGetData2(p, "ProxyIpAddress6", t->ProxyIpAddress6, sizeof(t->ProxyIpAddress6));
-	t->ProxyPort = PackGetInt(p, "ProxyPort");
+	t->ProxyPort = LittleEndian32(PackGetInt(p, "ProxyPort"));
 }
 void OutRpcNodeInfo(PACK *p, NODE_INFO *t)
 {
@@ -14770,19 +14690,19 @@ void OutRpcNodeInfo(PACK *p, NODE_INFO *t)
 	PackAddStr(p, "HubName", t->HubName);
 	PackAddData(p, "UniqueId", t->UniqueId, sizeof(t->UniqueId));
 
-	PackAddInt(p, "ClientProductVer", t->ClientProductVer);
-	PackAddInt(p, "ClientProductBuild", t->ClientProductBuild);
-	PackAddInt(p, "ServerProductVer", t->ServerProductVer);
-	PackAddInt(p, "ServerProductBuild", t->ServerProductBuild);
+	PackAddInt(p, "ClientProductVer", LittleEndian32(t->ClientProductVer));
+	PackAddInt(p, "ClientProductBuild", LittleEndian32(t->ClientProductBuild));
+	PackAddInt(p, "ServerProductVer", LittleEndian32(t->ServerProductVer));
+	PackAddInt(p, "ServerProductBuild", LittleEndian32(t->ServerProductBuild));
 	PackAddIp32(p, "ClientIpAddress", t->ClientIpAddress);
 	PackAddData(p, "ClientIpAddress6", t->ClientIpAddress6, sizeof(t->ClientIpAddress6));
-	PackAddInt(p, "ClientPort", t->ClientPort);
+	PackAddInt(p, "ClientPort", LittleEndian32(t->ClientPort));
 	PackAddIp32(p, "ServerIpAddress", t->ServerIpAddress);
 	PackAddData(p, "ServerIpAddress6", t->ServerIpAddress6, sizeof(t->ServerIpAddress6));
-	PackAddInt(p, "ServerPort2", t->ServerPort);
+	PackAddInt(p, "ServerPort2", LittleEndian32(t->ServerPort));
 	PackAddIp32(p, "ProxyIpAddress", t->ProxyIpAddress);
 	PackAddData(p, "ProxyIpAddress6", t->ProxyIpAddress6, sizeof(t->ProxyIpAddress6));
-	PackAddInt(p, "ProxyPort", t->ProxyPort);
+	PackAddInt(p, "ProxyPort", LittleEndian32(t->ProxyPort));
 }
 
 // RPC_SESSION_STATUS

src/Cedar/Admin.h

@@ -230,6 +230,7 @@ struct RPC_FARM_CONNECTION_STATUS
 struct RPC_KEY_PAIR
 {
 	X *Cert;							// Certificate
+	LIST *Chain;						// Trust chain
 	K *Key;								// Secret key
 	UINT Flag1;							// Flag1
 };
@@ -435,6 +436,7 @@ struct RPC_CREATE_LINK
 	CLIENT_AUTH *ClientAuth;			// Client authentication data
 	POLICY Policy;						// Policy
 	bool CheckServerCert;				// Validate the server certificate
+	bool AddDefaultCA;					// Use default trust store
 	X *ServerCert;						// Server certificate
 };
 

src/Cedar/AzureClient.c

@@ -9,6 +9,7 @@
 
 #include "Cedar.h"
 #include "Command.h"
+#include "Logging.h"
 #include "Wpc.h"
 
 #include "Mayaqua/Encrypt.h"
@@ -19,6 +20,7 @@
 #include "Mayaqua/Object.h"
 #include "Mayaqua/Pack.h"
 #include "Mayaqua/Str.h"
+#include "Mayaqua/Table.h"
 #include "Mayaqua/Tick64.h"
 
 #include <stdlib.h>
@@ -80,6 +82,9 @@ void AcWaitForRequest(AZURE_CLIENT *ac, SOCK *s, AZURE_PARAM *param)
 						{
 							SOCK *ns;
 							Debug("Connect Request from %r:%u\n", &client_ip, client_port);
+							char ipstr[128];
+							IPToStr(ipstr, sizeof(ipstr), &client_ip);
+							SLog(ac->Cedar, "LS_AZURE_START", ipstr, client_port);
 
 							// Create new socket and connect VPN Azure Server
 							if (ac->DDnsStatusCopy.InternetSetting.ProxyType == PROXY_DIRECT)
@@ -103,7 +108,10 @@ void AcWaitForRequest(AZURE_CLIENT *ac, SOCK *s, AZURE_PARAM *param)
 
 								SetTimeout(ns, param->DataTimeout);
 
-								if (StartSSLEx(ns, NULL, NULL, 0, NULL))
+								UINT ssl_err = 0;
+								Copy(&ns->SslAcceptSettings, &ac->Cedar->SslAcceptSettings, sizeof(SSL_ACCEPT_SETTINGS));
+
+								if (StartSSLEx3(ns, NULL, NULL, NULL, 0, NULL, NULL, &ssl_err))
 								{
 									// Check certification
 									char server_cert_hash_str[MAX_SIZE];
@@ -157,6 +165,13 @@ void AcWaitForRequest(AZURE_CLIENT *ac, SOCK *s, AZURE_PARAM *param)
 										}
 									}
 								}
+								else
+								{
+									if (ssl_err != 0)
+									{
+										SLog(ac->Cedar, "LS_AZURE_SSL_ERROR", GetUniErrorStr(ssl_err), ssl_err);
+									}
+								}
 
 								ReleaseSock(ns);
 							}

src/Cedar/BridgeUnix.c

@@ -29,11 +29,13 @@
 #include <sys/ioctl.h>
 #include <sys/stat.h>
 
-#ifndef UNIX_OPENBSD
+#if !defined(UNIX_OPENBSD) && !defined(UNIX_SOLARIS)
 #include <net/ethernet.h>
 #endif
 
 #ifdef UNIX_SOLARIS
+#include <stropts.h>
+#include <sys/dlpi.h>
 #include <sys/sockio.h>
 #endif
 
@@ -49,7 +51,7 @@
 #endif
 
 #ifdef UNIX_LINUX
-#include <linux/if_packet.h>
+#include <netpacket/packet.h>
 
 struct my_tpacket_auxdata
 {
@@ -319,7 +321,7 @@ TOKEN_LIST *GetEthListLinux(bool enum_normal, bool enum_rawip)
 					{
 						if (IsInListStr(o, name) == false)
 						{
-							if (StartWith(name, "tap_") == false)
+							if (StartWith(name, UNIX_VLAN_BRIDGE_IFACE_PREFIX"_") == false)
 							{
 								Add(o, CopyStr(name));
 							}
@@ -504,7 +506,7 @@ ETH *OpenEthLinux(char *name, bool local, bool tapmode, char *tapaddr)
 	{
 #ifndef	NO_VLAN
 		// In tap mode
-		VLAN *v = NewTap(name, tapaddr, true);
+		VLAN *v = NewBridgeTap(name, tapaddr, true);
 		if (v == NULL)
 		{
 			return NULL;
@@ -803,7 +805,12 @@ bool EthIsChangeMtuSupported(ETH *e)
 		return false;
 	}
 
+// FreeBSD seriously dislikes MTU changes; disable if compiled on that platform
+#ifndef	__FreeBSD__
 	return true;
+#else
+	return false;
+#endif
 #else	// defined(UNIX_LINUX) || defined(UNIX_BSD) || defined(UNIX_SOLARIS)
 	return false;
 #endif	// defined(UNIX_LINUX) || defined(UNIX_BSD) || defined(UNIX_SOLARIS)
@@ -1397,7 +1404,7 @@ ETH *OpenEthBSD(char *name, bool local, bool tapmode, char *tapaddr)
 	{
 #ifndef	NO_VLAN
 		// In tap mode
-		VLAN *v = NewTap(name, tapaddr, true);
+		VLAN *v = NewBridgeTap(name, tapaddr, true);
 		if (v == NULL)
 		{
 			return NULL;
@@ -1414,7 +1421,7 @@ ETH *OpenEthBSD(char *name, bool local, bool tapmode, char *tapaddr)
 
 		return e;
 #else	// NO_VLAN
-return NULL:
+	return NULL;
 #endif	// NO_VLAN
 	}
 
@@ -1473,7 +1480,7 @@ void CloseEth(ETH *e)
 	if (e->Tap != NULL)
 	{
 #ifndef	NO_VLAN
-		FreeTap(e->Tap);
+		FreeBridgeTap(e->Tap);
 #endif	// NO_VLAN
 	}
 

src/Cedar/BridgeWin32.c

@@ -1161,7 +1161,8 @@ void Win32EthMakeCombinedName(char *dst, UINT dst_size, char *nicname, char *gui
 
 	if (IsEmptyStr(guid) == false)
 	{
-		Format(dst, dst_size, "%s (ID=%010u)", nicname, Win32EthGenIdFromGuid(guid));
+		// Allow to combine "FriendlyName" consisting of a NULL character and ID.
+		Format(dst, dst_size, "%s(ID=%010u)", nicname, Win32EthGenIdFromGuid(guid));
 	}
 	else
 	{
@@ -1185,18 +1186,19 @@ UINT Win32EthGetNameAndIdFromCombinedName(char *name, UINT name_size, char *str)
 
 	len = StrLen(str);
 
-	if (len >= 16)
+	// Allow to combine "FriendlyName" consisting of a NULL character and ID beginning with "(ID=".
+	if (len >= 15)
 	{
-		StrCpy(id_str, sizeof(id_str), str + len - 16);
+		StrCpy(id_str, sizeof(id_str), str + len - 15);
 
-		if (StartWith(id_str, " (ID="))
+		if (StartWith(id_str, "(ID="))
 		{
 			if (EndWith(id_str, ")"))
 			{
 				char num[MAX_SIZE];
 
 				Zero(num, sizeof(num));
-				StrCpy(num, sizeof(num), id_str + 5);
+				StrCpy(num, sizeof(num), id_str + 4);
 
 				num[StrLen(num) - 1] = 0;
 
@@ -1204,7 +1206,7 @@ UINT Win32EthGetNameAndIdFromCombinedName(char *name, UINT name_size, char *str)
 
 				if (ret != 0)
 				{
-					name[len - 16] = 0;
+					name[len - 15] = 0;
 				}
 			}
 		}
@@ -1346,6 +1348,8 @@ TOKEN_LIST *GetEthListEx(UINT *total_num_including_hidden, bool enum_normal, boo
 
 			Debug("%s - %s\n", a->Guid, a->Title);
 		}
+		// Make sure that "FriendlyName" does not cosist a NULL character.
+		Debug("%s,- s=%d, t=%s, %s,\n", a->Guid, show, tmp, a->Title[0] == 0 ? "check=NG FriendlyName(Title) is NULL !" : "check=OK");
 	}
 
 	*total_num_including_hidden = ret->NumTokens;
@@ -1405,7 +1409,7 @@ LIST *GetEthAdapterListInternal()
 	UINT size;
 	char *buf;
 	UINT i, j;
-	char *qos_tag = " (Microsoft's Packet Scheduler)";
+	char *qos_tag = "(Microsoft's Packet Scheduler)";	// Allow to combine "FriendlyName" consisting of a NULL character and QOS tag.
 	SU *su = NULL;
 	LIST *su_adapter_list = NULL;
 
@@ -1660,7 +1664,8 @@ ANSI_STR:
 				}
 				else
 				{
-					Format(tmp, sizeof(tmp), "%s (%u)", a->Title, k + 1);
+					// Allow to combine "FriendlyName" consisting of a NULL character and SEQ number.
+					Format(tmp, sizeof(tmp), "%s(%u)", a->Title, k + 1);
 				}
 
 				ok = true;

src/Cedar/CM.c

@@ -410,7 +410,7 @@ void CmEasyDlgOnKey(HWND hWnd, CM_EASY_DLG *d, bool ctrl, bool alt, UINT key)
 			break;
 		case 'O':
 			// Option settings
-			Command(hWnd, CMD_TRAFFIC);
+			Command(hWnd, CMD_OPTION);
 			break;
 		case 'R':
 			// Certificate management
@@ -4251,9 +4251,6 @@ UINT CmMainWindowProc(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam, void *p
 	case WM_TIMER:
 		switch (wParam)
 		{
-		case 1:
-			CmSetForegroundProcessToCnService();
-			break;
 		case 2:
 			CmPollingTray(hWnd);
 			break;
@@ -5019,7 +5016,7 @@ void CmOnKey(HWND hWnd, bool ctrl, bool alt, UINT key)
 			break;
 		case 'O':
 			// Option settings
-			Command(hWnd, CMD_TRAFFIC);
+			Command(hWnd, CMD_OPTION);
 			break;
 		case 'R':
 			// Certificate management
@@ -5450,8 +5447,6 @@ void CmMainWindowOnCommandEx(HWND hWnd, WPARAM wParam, LPARAM lParam, bool easy)
 			CmStopUacHelper(helper);
 
 			Free(name);
-
-			CmRefresh(hWnd);
 		}
 		break;
 	case CMD_DELETE_VLAN:
@@ -5480,8 +5475,6 @@ void CmMainWindowOnCommandEx(HWND hWnd, WPARAM wParam, LPARAM lParam, bool easy)
 				}
 				Free(s);
 			}
-
-			CmRefresh(hWnd);
 		}
 		break;
 	case CMD_ENABLE_VLAN:
@@ -5501,8 +5494,6 @@ void CmMainWindowOnCommandEx(HWND hWnd, WPARAM wParam, LPARAM lParam, bool easy)
 					CALL(hWnd, CcEnableVLan(cm->Client, &c));
 				}
 				Free(s);
-
-				CmRefresh(hWnd);
 			}
 		}
 		break;
@@ -5523,8 +5514,6 @@ void CmMainWindowOnCommandEx(HWND hWnd, WPARAM wParam, LPARAM lParam, bool easy)
 					CALL(hWnd, CcDisableVLan(cm->Client, &c));
 				}
 				Free(s);
-
-				CmRefresh(hWnd);
 			}
 		}
 		break;
@@ -5560,8 +5549,6 @@ void CmMainWindowOnCommandEx(HWND hWnd, WPARAM wParam, LPARAM lParam, bool easy)
 					CmStopUacHelper(helper);
 				}
 				Free(s);
-
-				CmRefresh(hWnd);
 			}
 		}
 		break;
@@ -6032,6 +6019,7 @@ void CmExportAccount(HWND hWnd, wchar_t *account_name)
 		t.StartupAccount = a->Startup;
 		t.CheckServerCert = a->CheckServerCert;
 		t.RetryOnServerCert = a->RetryOnServerCert;
+		t.AddDefaultCA = a->AddDefaultCA;
 		t.ServerCert = a->ServerCert;
 		t.ClientOption->FromAdminPack = false;
 
@@ -6162,6 +6150,8 @@ void CmImportAccountMainEx(HWND hWnd, wchar_t *filename, bool overwrite)
 					t->ClientOption->RequireMonitorMode = old_option->RequireMonitorMode;
 					t->ClientOption->RequireBridgeRoutingMode = old_option->RequireBridgeRoutingMode;
 					t->ClientOption->DisableQoS = old_option->DisableQoS;
+					t->ClientOption->BindLocalIP = old_option->BindLocalIP;// Source IP address for outgoing connection
+					t->ClientOption->BindLocalPort = old_option->BindLocalPort;// Source port number for outgoing connection
 
 					// Inherit the authentication data
 					CiFreeClientAuth(t->ClientAuth);
@@ -6171,6 +6161,7 @@ void CmImportAccountMainEx(HWND hWnd, wchar_t *filename, bool overwrite)
 					t->StartupAccount = get.StartupAccount;
 					t->CheckServerCert = get.CheckServerCert;
 					t->RetryOnServerCert = get.RetryOnServerCert;
+					t->AddDefaultCA = get.AddDefaultCA;
 					if (t->ServerCert != NULL)
 					{
 						FreeX(t->ServerCert);
@@ -6280,6 +6271,7 @@ void CmCopyAccount(HWND hWnd, wchar_t *account_name)
 	}
 	c.CheckServerCert = a->CheckServerCert;
 	c.RetryOnServerCert = a->RetryOnServerCert;
+	c.AddDefaultCA = a->AddDefaultCA;
 	c.StartupAccount = false;		// Don't copy the startup attribute
 
 	CALL(hWnd, CcCreateAccount(cm->Client, &c));
@@ -6466,9 +6458,55 @@ void CmDetailDlgUpdate(HWND hWnd, CM_ACCOUNT *a)
 		Disable(hWnd, R_BRIDGE);
 		Disable(hWnd, R_MONITOR);
 		Disable(hWnd, R_NO_ROUTING);
+#if TYPE_BINDLOCALIP
+		Disable(hWnd, E_BIND_LOCALIP);// Source IP address for outgoing connection
+		Disable(hWnd, E_BIND_LOCALPORT);// Source port number for outgoing connection
+#endif
+
 	}
 }
 
+#if TYPE_BINDLOCALIP
+// Set the value of the IP type
+void SetIp(HWND hWnd, UINT id, IP* ip)
+{
+	char tmp[MAX_SIZE];
+	// Validate arguments
+	if (hWnd == NULL || ip == NULL)
+	{
+		return;
+	}
+
+	IPToStr(tmp, sizeof(tmp), ip);
+	SetTextA(hWnd, id, tmp);
+}
+
+// Get an IP address
+bool GetIp(HWND hWnd, UINT id, IP* ip)
+{
+	char tmp[MAX_SIZE];
+	// Validate arguments
+	if (hWnd == NULL || ip == NULL)
+	{
+		return false;
+	}
+
+	Zero(ip, sizeof(IP));
+
+	if (GetTxtA(hWnd, id, tmp, sizeof(tmp)) == false)
+	{
+		return false;
+	}
+
+	if (StrToIP(ip, tmp) == false)
+	{
+		return false;
+	}
+
+	return true;
+}
+#endif
+
 // Advanced Settings dialog procedure
 UINT CmDetailDlgProc(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam, void *param)
 {
@@ -6505,6 +6543,11 @@ UINT CmDetailDlgProc(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam, void *pa
 		Check(hWnd, R_NO_ROUTING, a->ClientOption->NoRoutingTracking);
 		Check(hWnd, R_DISABLE_QOS, a->ClientOption->DisableQoS);
 		Check(hWnd, R_DISABLE_UDP, a->ClientOption->NoUdpAcceleration);
+#if TYPE_BINDLOCALIP
+		SetIp(hWnd, E_BIND_LOCALIP, &a->ClientOption->BindLocalIP);// Source IP address for outgoing connection
+		SetIntEx(hWnd, E_BIND_LOCALPORT, a->ClientOption->BindLocalPort);// Source port number for outgoing connection
+		//Disable(hWnd, E_BIND_LOCALPORT);	// You can not edit
+#endif
 
 		// Select the Connection Mode
 		if (a->LinkMode == false)
@@ -6552,6 +6595,20 @@ UINT CmDetailDlgProc(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam, void *pa
 				Focus(hWnd, E_INTERVAL);
 				break;
 			}
+#if TYPE_BINDLOCALIP
+			// Source IP address for outgoing connection
+			IP tmpIP;
+			if (GetIp(hWnd, E_BIND_LOCALIP, &tmpIP) == false)
+			{
+				FocusEx(hWnd, E_BIND_LOCALIP);
+				break;
+			}
+			// Source port number for outgoing connection
+			if ((GetInt(hWnd, E_BIND_LOCALPORT) < 0) || (GetInt(hWnd, E_BIND_LOCALPORT) > 65535)){
+				FocusEx(hWnd, E_BIND_LOCALPORT);
+				break;
+			}
+#endif
 
 			a->ClientOption->MaxConnection = num;
 			a->ClientOption->AdditionalConnectionInterval = GetInt(hWnd, E_INTERVAL);
@@ -6569,6 +6626,10 @@ UINT CmDetailDlgProc(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam, void *pa
 			a->ClientOption->NoRoutingTracking = IsChecked(hWnd, R_NO_ROUTING);
 			a->ClientOption->DisableQoS = IsChecked(hWnd, R_DISABLE_QOS);
 			a->ClientOption->NoUdpAcceleration = IsChecked(hWnd, R_DISABLE_UDP);
+#if TYPE_BINDLOCALIP
+			a->ClientOption->BindLocalIP = tmpIP;// Source IP address for outgoing connection
+			a->ClientOption->BindLocalPort = GetInt(hWnd, E_BIND_LOCALPORT);// Source port number for outgoing connection
+#endif
 
 			if (a->LinkMode)
 			{
@@ -6659,6 +6720,7 @@ void CmEditAccountDlgUpdate(HWND hWnd, CM_ACCOUNT *a)
 	// Host name
 	GetTxtA(hWnd, E_HOSTNAME, a->ClientOption->Hostname, sizeof(a->ClientOption->Hostname));
 	Trim(a->ClientOption->Hostname);
+	a->ClientOption->HintStr[0] = 0;
 
 	if (InStr(a->ClientOption->Hostname, "/tcp"))
 	{
@@ -6695,9 +6757,13 @@ void CmEditAccountDlgUpdate(HWND hWnd, CM_ACCOUNT *a)
 	// To validate the server certificate
 	a->CheckServerCert = IsChecked(hWnd, R_CHECK_CERT);
 
+	// Trust default CA list
+	a->AddDefaultCA = IsChecked(hWnd, R_TRUST_DEFAULT);
+
 	if (a->NatMode)
 	{
 		Disable(hWnd, R_CHECK_CERT);
+		Disable(hWnd, R_TRUST_DEFAULT);
 		Disable(hWnd, B_TRUST);
 	}
 
@@ -7040,6 +7106,7 @@ void CmEditAccountDlgUpdate(HWND hWnd, CM_ACCOUNT *a)
 		SetEnable(hWnd, S_STATIC7, false);
 		SetEnable(hWnd, S_STATIC11, false);
 		SetEnable(hWnd, R_CHECK_CERT, false);
+		SetEnable(hWnd, R_TRUST_DEFAULT, false);
 		SetEnable(hWnd, B_TRUST, false);
 		SetEnable(hWnd, B_SERVER_CERT, false);
 		SetEnable(hWnd, B_VIEW_SERVER_CERT, false);
@@ -7101,10 +7168,17 @@ void CmEditAccountDlgInit(HWND hWnd, CM_ACCOUNT *a)
 	SetText(hWnd, E_ACCOUNT_NAME, a->ClientOption->AccountName);
 
 	// Host name
-	SetTextA(hWnd, E_HOSTNAME, a->ClientOption->Hostname);
-	StrCpy(a->old_server_name, sizeof(a->old_server_name), a->ClientOption->Hostname);
+	char hostname[MAX_SIZE];
+	StrCpy(hostname, sizeof(hostname), a->ClientOption->Hostname);
+	if (IsEmptyStr(a->ClientOption->HintStr) == false)
+	{
+		StrCat(hostname, sizeof(hostname), "/");
+		StrCat(hostname, sizeof(hostname), a->ClientOption->HintStr);
+	}
+	SetTextA(hWnd, E_HOSTNAME, hostname);
+	StrCpy(a->old_server_name, sizeof(a->old_server_name), hostname);
 
-	if (InStr(a->ClientOption->Hostname, "/tcp"))
+	if (InStr(hostname, "/tcp"))
 	{
 		Check(hWnd, R_DISABLE_NATT, true);
 	}
@@ -7134,6 +7208,9 @@ void CmEditAccountDlgInit(HWND hWnd, CM_ACCOUNT *a)
 	// Verify the server certificate
 	Check(hWnd, R_CHECK_CERT, a->CheckServerCert);
 
+	// Trust default CA list
+	Check(hWnd, R_TRUST_DEFAULT, a->AddDefaultCA);
+
 	// LAN card list
 	if (a->NatMode == false && a->LinkMode == false)
 	{
@@ -7366,6 +7443,7 @@ UINT CmEditAccountDlgProc(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam, voi
 		case R_HTTPS:
 		case R_SOCKS:
 		case R_CHECK_CERT:
+		case R_TRUST_DEFAULT:
 		case C_TYPE:
 		case E_USERNAME:
 		case E_PASSWORD:
@@ -8463,6 +8541,11 @@ bool CmLoadKExW(HWND hWnd, K **k, wchar_t *filename, UINT size)
 
 // Read a set of certificate and private key
 bool CmLoadXAndK(HWND hWnd, X **x, K **k)
+{
+	return CmLoadXListAndK(hWnd, x, k, NULL);
+}
+// Read a set of certificate and private key and trust chain
+bool CmLoadXListAndK(HWND hWnd, X **x, K **k, LIST **cc)
 {
 	wchar_t *s;
 	bool is_p12;
@@ -8510,7 +8593,7 @@ START_FIRST:
 		}
 		if (IsEncryptedP12(p12) == false)
 		{
-			if (ParseP12(p12, x, k, NULL) == false)
+			if (ParseP12Ex(p12, x, k, cc, NULL) == false)
 			{
 				MsgBoxEx(hWnd, MB_ICONSTOP, _UU("DLG_BAD_P12_W"), tmp);
 				FreeP12(p12);
@@ -8529,7 +8612,7 @@ START_FIRST:
 			}
 			else
 			{
-				if (ParseP12(p12, x, k, password) == false)
+				if (ParseP12Ex(p12, x, k, cc, password) == false)
 				{
 					MsgBoxEx(hWnd, MB_ICONSTOP, _UU("DLG_BAD_P12_W"), tmp);
 					FreeP12(p12);
@@ -8542,6 +8625,10 @@ START_FIRST:
 		{
 			FreeX(*x);
 			FreeK(*k);
+			if (cc != NULL)
+			{
+				FreeXList(*cc);
+			}
 			FreeP12(p12);
 			FreeBuf(b);
 			if (MsgBox(hWnd, MB_ICONEXCLAMATION | MB_RETRYCANCEL, _UU("DLG_BAD_SIGNATURE")) == IDRETRY)
@@ -8550,6 +8637,11 @@ START_FIRST:
 			}
 			return false;
 		}
+		if (cc != NULL && LIST_NUM(*cc) == 0)
+		{
+			ReleaseList(*cc);
+			*cc = NULL;
+		}
 		FreeP12(p12);
 		FreeBuf(b);
 		return true;
@@ -8558,19 +8650,40 @@ START_FIRST:
 	{
 		// Processing of X509
 		BUF *b = ReadDumpW(tmp);
-		X *x509;
+		X *x509 = NULL;
 		K *key;
+		LIST *chain = NULL;
 		if (b == NULL)
 		{
 			MsgBoxEx(hWnd, MB_ICONSTOP, _UU("DLG_OPEN_FILE_ERROR_W"), tmp);
 			return false;
 		}
 
-		x509 = BufToX(b, IsBase64(b));
+		// DER-encoded X509 files can't hold multiple certificates
+		if (cc == NULL || IsBase64(b) == false)
+		{
+			x509 = BufToX(b, IsBase64(b));
+		}
+		else
+		{
+			chain = BufToXList(b, true);
+			if (LIST_NUM(chain) > 0)
+			{
+				x509 = LIST_DATA(chain, 0);
+				Delete(chain, x509);
+
+				if (LIST_NUM(chain) == 0)
+				{
+					ReleaseList(chain);
+					chain = NULL;
+				}
+			}
+		}
 		FreeBuf(b);
 		if (x509 == NULL)
 		{
 			MsgBoxEx(hWnd, MB_ICONSTOP, _UU("DLG_BAD_X509_W"), tmp);
+			FreeXList(chain);
 			return false;
 		}
 
@@ -8579,6 +8692,7 @@ START_FIRST:
 		if (s == NULL)
 		{
 			FreeX(x509);
+			FreeXList(chain);
 			return false;
 		}
 		UniStrCpy(tmp, sizeof(tmp), s);
@@ -8589,6 +8703,7 @@ START_FIRST:
 		{
 			MsgBoxEx(hWnd, MB_ICONSTOP, _UU("DLG_OPEN_FILE_ERROR_W"), tmp);
 			FreeX(x509);
+			FreeXList(chain);
 			return false;
 		}
 
@@ -8603,6 +8718,7 @@ START_FIRST:
 			{
 				FreeBuf(b);
 				FreeX(x509);
+				FreeXList(chain);
 				return false;
 			}
 			key = BufToK(b, true, IsBase64(b), pass);
@@ -8612,6 +8728,7 @@ START_FIRST:
 		{
 			FreeBuf(b);
 			FreeX(x509);
+			FreeXList(chain);
 			MsgBoxEx(hWnd, MB_ICONSTOP, _UU("DLG_BAD_KEY_W"), tmp);
 			return false;
 		}
@@ -8621,6 +8738,7 @@ START_FIRST:
 			FreeBuf(b);
 			FreeX(x509);
 			FreeK(key);
+			FreeXList(chain);
 			if (MsgBox(hWnd, MB_ICONEXCLAMATION | MB_RETRYCANCEL, _UU("DLG_BAD_SIGNATURE")) == IDRETRY)
 			{
 				goto START_FIRST;
@@ -8631,6 +8749,10 @@ START_FIRST:
 		FreeBuf(b);
 		*x = x509;
 		*k = key;
+		if (cc != NULL)
+		{
+			*cc = chain;
+		}
 		return true;
 	}
 }
@@ -8728,6 +8850,7 @@ void CmEditAccountDlgOnOk(HWND hWnd, CM_ACCOUNT *a)
 		Copy(c.ClientOption, a->ClientOption, sizeof(CLIENT_OPTION));
 		c.ClientAuth = CopyClientAuth(a->ClientAuth);
 		c.CheckServerCert = a->CheckServerCert;
+		c.AddDefaultCA = a->AddDefaultCA;
 		if (a->ServerCert != NULL)
 		{
 			c.ServerCert = CloneX(a->ServerCert);
@@ -8781,6 +8904,7 @@ void CmEditAccountDlgOnOk(HWND hWnd, CM_ACCOUNT *a)
 			Copy(t.ClientOption, a->ClientOption, sizeof(CLIENT_OPTION));
 			t.ClientAuth = CopyClientAuth(a->ClientAuth);
 			t.CheckServerCert = a->CheckServerCert;
+			t.AddDefaultCA = a->AddDefaultCA;
 			t.ServerCert = CloneX(a->ServerCert);
 
 			// Save the settings for cascade connection
@@ -8973,6 +9097,7 @@ CM_ACCOUNT *CmGetExistAccountObject(HWND hWnd, wchar_t *account_name)
 	a->EditMode = true;
 	a->CheckServerCert = c.CheckServerCert;
 	a->RetryOnServerCert = c.RetryOnServerCert;
+	a->AddDefaultCA = c.AddDefaultCA;
 	a->Startup = c.StartupAccount;
 	if (c.ServerCert != NULL)
 	{
@@ -9003,6 +9128,7 @@ CM_ACCOUNT *CmCreateNewAccountObject(HWND hWnd)
 	a->EditMode = false;
 	a->CheckServerCert = false;
 	a->RetryOnServerCert = false;
+	a->AddDefaultCA = false;
 	a->Startup = false;
 	a->ClientOption = ZeroMalloc(sizeof(CLIENT_OPTION));
 
@@ -9518,7 +9644,11 @@ void CmPrintStatusToListViewEx(LVB *b, RPC_CLIENT_GET_CONNECTION_STATUS *s, bool
 		}
 		else
 		{
-			if (StrLen(s->CipherName) != 0)
+			if (StrLen(s->CipherName) != 0 && StrLen(s->ProtocolName) != 0)
+			{
+				UniFormat(tmp, sizeof(tmp), _UU("CM_ST_USE_ENCRYPT_TRUE3"), s->ProtocolName, s->CipherName);
+			}
+			else if (StrLen(s->CipherName) != 0)
 			{
 				UniFormat(tmp, sizeof(tmp), _UU("CM_ST_USE_ENCRYPT_TRUE"), s->CipherName);
 			}
@@ -10410,7 +10540,7 @@ void CmRefreshAccountListEx2(HWND hWnd, bool easy, bool style_changed)
 	UINT num = 0;
 	RPC_CLIENT_ENUM_ACCOUNT a;
 	UINT num_connecting = 0, num_connected = 0;
-	wchar_t tmp[MAX_SIZE];
+	wchar_t tooltip[MAX_SIZE];
 	wchar_t new_inserted_item[MAX_ACCOUNT_NAME_LEN + 1];
 	bool select_new_inserted_item = true;
 	// Validate arguments
@@ -10464,6 +10594,8 @@ void CmRefreshAccountListEx2(HWND hWnd, bool easy, bool style_changed)
 		select_new_inserted_item = false;
 	}
 
+	UniStrCpy(tooltip, sizeof(tooltip), _UU("CM_TRAY_INITING"));
+
 	// Enumerate the account list
 	if (CALL(hWnd, CcEnumAccount(cm->Client, &a)))
 	{
@@ -10587,10 +10719,16 @@ void CmRefreshAccountListEx2(HWND hWnd, bool easy, bool style_changed)
 				if (t->Connected)
 				{
 					num_connected++;
+					UniStrCat(tooltip, sizeof(tooltip), L"\r\n"L"\r\n");
+					UniStrCat(tooltip, sizeof(tooltip), t->AccountName);
+					UniStrCat(tooltip, sizeof(tooltip), _UU("CM_TRAY_CONNECTED"));
 				}
 				else
 				{
 					num_connecting++;
+					UniStrCat(tooltip, sizeof(tooltip), L"\r\n"L"\r\n");
+					UniStrCat(tooltip, sizeof(tooltip), t->AccountName);
+					UniStrCat(tooltip, sizeof(tooltip), _UU("CM_TRAY_CONNECTING"));
 				}
 			}
 		}
@@ -10643,22 +10781,8 @@ void CmRefreshAccountListEx2(HWND hWnd, bool easy, bool style_changed)
 		if (num_connecting == 0 && num_connected == 0)
 		{
 			// There is no connecting or connected account
-			UniStrCpy(tmp, sizeof(tmp), _UU("CM_TRAY_NOT_CONNECTED"));
-		}
-		else if (num_connected == 0)
-		{
-			// There is only connecting account
-			UniFormat(tmp, sizeof(tmp), _UU("CM_TRAY_CONNECTED_1"), num_connecting);
-		}
-		else if (num_connecting == 0)
-		{
-			// There is only connected account
-			UniFormat(tmp, sizeof(tmp), _UU("CM_TRAY_CONNECTED_2"), num_connected);
-		}
-		else
-		{
-			// There are both
-			UniFormat(tmp, sizeof(tmp), _UU("CM_TRAY_CONNECTED_0"), num_connected, num_connecting);
+			UniStrCat(tooltip, sizeof(tooltip), L"\r\n");
+			UniStrCat(tooltip, sizeof(tooltip), _UU("CM_TRAY_NOT_CONNECTED"));
 		}
 
 		if (num_connecting == 0 && num_connected == 0)
@@ -10680,7 +10804,7 @@ void CmRefreshAccountListEx2(HWND hWnd, bool easy, bool style_changed)
 			}
 		}
 
-		CmChangeTrayString(hWnd, tmp);
+		CmChangeTrayString(hWnd, tooltip);
 	}
 
 	Refresh(hWnd);
@@ -11207,7 +11331,6 @@ void CmMainWindowOnInit(HWND hWnd)
 	CmInitNotifyClientThread();
 
 	// Timer setting
-	SetTimer(hWnd, 1, 128, NULL);
 	SetTimer(hWnd, 6, 5000, NULL);
 
 	// Initialize the task tray
@@ -11844,7 +11967,6 @@ bool LoginCM()
 	// Try to login with an empty password first
 	bool bad_pass, no_remote;
 	wchar_t server_name[MAX_SIZE];
-	RPC_CLIENT_VERSION a;
 
 RETRY:
 	if (cm->server_name != NULL)
@@ -11896,13 +12018,8 @@ RETRY:
 		}
 	}
 
-	Zero(&a, sizeof(a));
-	CcGetClientVersion(cm->Client, &a);
-	if (a.ClientBuildInt >= 5192)
-	{
-		cm->CmSettingSupported = true;
-		cm->CmEasyModeSupported = true;
-	}
+	cm->CmSettingSupported = true;
+	cm->CmEasyModeSupported = true;
 
 	return true;
 }

src/Cedar/CMInner.h

@@ -140,6 +140,7 @@ typedef struct CM_ACCOUNT
 	bool Startup;						// Startup account
 	bool CheckServerCert;				// Check the server certificate
 	bool RetryOnServerCert;				// Retry on invalid server certificate
+	bool AddDefaultCA;					// Use default trust store
 	X *ServerCert;						// Server certificate
 	char old_server_name[MAX_HOST_NAME_LEN + 1];	// Old server name
 	bool Inited;						// Initialization flag
@@ -409,6 +410,7 @@ void CmEditAccountDlgInit(HWND hWnd, CM_ACCOUNT *a);
 void CmEditAccountDlgOnOk(HWND hWnd, CM_ACCOUNT *a);
 void CmEditAccountDlgStartEnumHub(HWND hWnd, CM_ACCOUNT *a);
 bool CmLoadXAndK(HWND hWnd, X **x, K **k);
+bool CmLoadXListAndK(HWND hWnd, X **x, K **k, LIST **cc);
 bool CmLoadKEx(HWND hWnd, K **k, char *filename, UINT size);
 bool CmLoadKExW(HWND hWnd, K **k, wchar_t *filename, UINT size);
 bool CmLoadXFromFileOrSecureCard(HWND hWnd, X **x);

src/Cedar/CMakeLists.txt

@@ -19,6 +19,8 @@ set_target_properties(cedar
   RUNTIME_OUTPUT_DIRECTORY "${BUILD_DIRECTORY}"
 )
 
+target_link_libraries(cedar PUBLIC mayaqua)
+
 cmake_host_system_information(RESULT HAS_SSE2 QUERY HAS_SSE2)
 
 set(BLAKE2_SRC_PATH $<IF:$<BOOL:${HAS_SSE2}>,${TOP_DIRECTORY}/3rdparty/BLAKE2/sse,${TOP_DIRECTORY}/3rdparty/BLAKE2/ref>)
@@ -27,6 +29,12 @@ set(BLAKE2_SRC $<IF:$<BOOL:${HAS_SSE2}>,${BLAKE2_SRC_PATH}/blake2s.c,${BLAKE2_SR
 target_include_directories(cedar PUBLIC ${BLAKE2_SRC_PATH})
 target_sources(cedar PRIVATE ${BLAKE2_SRC})
 
+if(HAS_SSE2)
+  # If SSE2 is enabled, a build failure occurs with MSVC because it doesn't define "__SSE2__".
+  # The fix consists in defining "HAVE_SSE2" manually, effectively overriding the check.
+  set_property(SOURCE ${BLAKE2_SRC} PROPERTY COMPILE_DEFINITIONS "HAVE_SSE2")
+endif()
+
 if(VCPKG_TARGET_TRIPLET)
   find_package(unofficial-sodium CONFIG REQUIRED)
   target_link_libraries(cedar PUBLIC unofficial-sodium::sodium)
@@ -93,6 +101,6 @@ if(UNIX)
   install(TARGETS cedar
     COMPONENT "common"
     DESTINATION "${CMAKE_INSTALL_LIBDIR}"
-    PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ
+    PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE
   )
 endif()

src/Cedar/Cedar.c

@@ -322,6 +322,34 @@ void DecrementNoSsl(CEDAR *c, IP *ip, UINT num_dec)
 	UnlockList(c->NonSslList);
 }
 
+// Check whether the specified IP address is in Non-SSL connection list
+bool IsInNoSsl(CEDAR *c, IP *ip)
+{
+	bool ret = false;
+	// Validate arguments
+	if (c == NULL || ip == NULL)
+	{
+		return false;
+	}
+
+	LockList(c->NonSslList);
+	{
+		NON_SSL *n = SearchNoSslList(c, ip);
+
+		if (n != NULL)
+		{
+			if (n->EntryExpires > Tick64() && n->Count > NON_SSL_MIN_COUNT)
+			{
+				n->EntryExpires = Tick64() + (UINT64)NON_SSL_ENTRY_EXPIRES;
+				ret = true;
+			}
+		}
+	}
+	UnlockList(c->NonSslList);
+
+	return ret;
+}
+
 // Add new entry to Non-SSL connection list
 bool AddNoSsl(CEDAR *c, IP *ip)
 {
@@ -704,6 +732,47 @@ void DelConnection(CEDAR *cedar, CONNECTION *c)
 	UnlockList(cedar->ConnectionList);
 }
 
+// Get the number of unestablished connections
+UINT GetUnestablishedConnections(CEDAR *cedar)
+{
+	UINT i, ret;
+	// Validate arguments
+	if (cedar == NULL)
+	{
+		return 0;
+	}
+
+	ret = 0;
+
+	LockList(cedar->ConnectionList);
+	{
+		for (i = 0;i < LIST_NUM(cedar->ConnectionList);i++)
+		{
+			CONNECTION *c = LIST_DATA(cedar->ConnectionList, i);
+
+			switch (c->Type)
+			{
+			case CONNECTION_TYPE_CLIENT:
+			case CONNECTION_TYPE_INIT:
+			case CONNECTION_TYPE_LOGIN:
+			case CONNECTION_TYPE_ADDITIONAL:
+				switch (c->Status)
+				{
+				case CONNECTION_STATUS_ACCEPTED:
+				case CONNECTION_STATUS_NEGOTIATION:
+				case CONNECTION_STATUS_USERAUTH:
+					ret++;
+					break;
+				}
+				break;
+			}
+		}
+	}
+	UnlockList(cedar->ConnectionList);
+
+	return ret + Count(cedar->AcceptingSockets);
+}
+
 // Add connection to Cedar
 void AddConnection(CEDAR *cedar, CONNECTION *c)
 {
@@ -1157,6 +1226,10 @@ void CleanupCedar(CEDAR *c)
 	{
 		FreeK(c->ServerK);
 	}
+	if (c->ServerChain)
+	{
+		FreeXList(c->ServerChain);
+	}
 
 	if (c->CipherList)
 	{
@@ -1386,6 +1459,10 @@ void FreeNetSvcList(CEDAR *cedar)
 
 // Change certificate of Cedar
 void SetCedarCert(CEDAR *c, X *server_x, K *server_k)
+{
+	SetCedarCertAndChain(c, server_x, server_k, NULL);
+}
+void SetCedarCertAndChain(CEDAR *c, X *server_x, K *server_k, LIST *server_chain)
 {
 	// Validate arguments
 	if (server_x == NULL || server_k == NULL)
@@ -1405,8 +1482,14 @@ void SetCedarCert(CEDAR *c, X *server_x, K *server_k)
 			FreeK(c->ServerK);
 		}
 
+		if (c->ServerChain != NULL)
+		{
+			FreeXList(c->ServerChain);
+		}
+
 		c->ServerX = CloneX(server_x);
 		c->ServerK = CloneK(server_k);
+		c->ServerChain = CloneXList(server_chain);
 	}
 	Unlock(c->lock);
 }
@@ -1550,11 +1633,14 @@ CEDAR *NewCedar(X *server_x, K *server_k)
 #endif	// ALPHA_VERSION
 
 	ToStr(tmp2, c->Beta);
+	Format(tmp2, sizeof(tmp2), " %s %s ", beta_str, tmp2);
 
-	Format(tmp, sizeof(tmp), "Version %u.%02u Build %u %s %s (%s)",
+	Format(tmp, sizeof(tmp),
+		"Version %u.%02u Build %u"
+		"%s"    // Alpha, Beta, Release Candidate or nothing
+		"(%s)", // Language
 		CEDAR_VERSION_MAJOR, CEDAR_VERSION_MINOR, CEDAR_VERSION_BUILD,
-		c->Beta == 0 ? "" : beta_str,
-		c->Beta == 0 ? "" : tmp2,
+		c->Beta == 0 ? " " : tmp2,
 		_SS("LANGSTR"));
 	Trim(tmp);
 

src/Cedar/Cedar.h

@@ -366,6 +366,7 @@
 #define	AUTHTYPE_ROOTCERT				3			// Root certificate which is issued by trusted Certificate Authority
 #define	AUTHTYPE_RADIUS					4			// Radius authentication
 #define	AUTHTYPE_NT						5			// Windows NT authentication
+#define AUTHTYPE_EXTERNAL				96			// External authentication (completed)
 #define	AUTHTYPE_WIREGUARD_KEY			97			// WireGuard public key authentication
 #define	AUTHTYPE_OPENVPN_CERT    		98			// TLS client certificate authentication
 #define	AUTHTYPE_TICKET					99			// Ticket authentication
@@ -675,6 +676,9 @@
 // 
 //////////////////////////////////////////////////////////////////////
 
+#define	UNIX_VLAN_CLIENT_IFACE_PREFIX		"vpn"			// Prefix of UNIX virtual LAN card interface (used for client)
+#define	UNIX_VLAN_BRIDGE_IFACE_PREFIX		"tap"			// Prefix of UNIX virtual LAN card interface (used for bridge destination)
+
 #ifndef	UNIX_BSD
 #define	TAP_FILENAME_1				"/dev/net/tun"
 #define	TAP_FILENAME_2				"/dev/tun"
@@ -869,6 +873,10 @@
 #define	ERR_VPNGATE_INCLIENT_CANT_STOP	146	// Can not be stopped if operating within VPN Client mode
 #define	ERR_NOT_SUPPORTED_FUNCTION_ON_OPENSOURCE	147	// It is a feature that is not supported in the open source version
 #define	ERR_SUSPENDING					148	// System is suspending
+#define ERR_HOSTNAME_MISMATCH			149	// SSL hostname mismatch
+#define ERR_SSL_PROTOCOL_VERSION		150 // SSL version not supported
+#define ERR_SSL_SHARED_CIPHER			151 // Can't find common cipher
+#define ERR_SSL_HANDSHAKE				152 // Other SSL handshake error
 
 
 ////////////////////////////
@@ -930,6 +938,7 @@ struct CEDAR
 	COUNTER *ConnectionIncrement;	// Connection increment counter
 	X *ServerX;						// Server certificate
 	K *ServerK;						// Private key of the server certificate
+	LIST *ServerChain;				// Server trust chain
 	char UsernameHubSeparator;		// Character which separates the username from the hub name
 	char *CipherList;				// List of encryption algorithms
 	UINT Version;					// Version information
@@ -1000,6 +1009,7 @@ CEDAR *NewCedar(X *server_x, K *server_k);
 void CedarForceLink();
 void SetCedarVpnBridge(CEDAR *c);
 void SetCedarCert(CEDAR *c, X *server_x, K *server_k);
+void SetCedarCertAndChain(CEDAR *c, X *server_x, K *server_k, LIST *server_chain);
 void ReleaseCedar(CEDAR *c);
 void CleanupCedar(CEDAR *c);
 void StopCedar(CEDAR *c);
@@ -1012,6 +1022,7 @@ void DelHubEx(CEDAR *c, HUB *h, bool no_lock);
 void StopAllHub(CEDAR *c);
 void StopAllConnection(CEDAR *c);
 void AddConnection(CEDAR *cedar, CONNECTION *c);
+UINT GetUnestablishedConnections(CEDAR *cedar);
 void DelConnection(CEDAR *cedar, CONNECTION *c);
 void SetCedarCipherList(CEDAR *cedar, char *name);
 void InitCedar();
@@ -1036,6 +1047,7 @@ bool AddNoSsl(CEDAR *c, IP *ip);
 void DecrementNoSsl(CEDAR *c, IP *ip, UINT num_dec);
 void DeleteOldNoSsl(CEDAR *c);
 NON_SSL *SearchNoSslList(CEDAR *c, IP *ip);
+bool IsInNoSsl(CEDAR *c, IP *ip);
 void FreeTinyLog(TINY_LOG *t);
 void WriteTinyLog(TINY_LOG *t, char *str);
 TINY_LOG *NewTinyLog();

src/Cedar/Client.c

@@ -22,6 +22,9 @@
 #include "VLanWin32.h"
 #include "Win32Com.h"
 #include "WinUi.h"
+#ifdef	NO_VLAN
+#include "NullLan.h"
+#endif
 
 #include "Mayaqua/Cfg.h"
 #include "Mayaqua/Encrypt.h"
@@ -1957,6 +1960,7 @@ RPC_CLIENT_CREATE_ACCOUNT *CiCfgToAccount(BUF *b)
 	t->StartupAccount = a->StartupAccount;
 	t->CheckServerCert = a->CheckServerCert;
 	t->RetryOnServerCert = a->RetryOnServerCert;
+	t->AddDefaultCA = a->AddDefaultCA;
 	t->ServerCert = a->ServerCert;
 	Free(a);
 
@@ -1981,6 +1985,7 @@ BUF *CiAccountToCfg(RPC_CLIENT_CREATE_ACCOUNT *t)
 	a.ClientAuth = t->ClientAuth;
 	a.CheckServerCert = t->CheckServerCert;
 	a.RetryOnServerCert = t->RetryOnServerCert;
+	a.AddDefaultCA = t->AddDefaultCA;
 	a.ServerCert = t->ServerCert;
 	a.StartupAccount = t->StartupAccount;
 
@@ -4315,6 +4320,13 @@ void InRpcClientOption(CLIENT_OPTION *c, PACK *p)
 
 	PackGetUniStr(p, "AccountName", c->AccountName, sizeof(c->AccountName));
 	PackGetStr(p, "Hostname", c->Hostname, sizeof(c->Hostname));
+	// Extract hint string from hostname
+	UINT i = SearchStrEx(c->Hostname, "/", 0, false);
+	if (i != INFINITE)
+	{
+		StrCpy(c->HintStr, sizeof(c->HintStr), c->Hostname + i + 1);
+		c->Hostname[i] = 0;
+	}
 	c->Port = PackGetInt(p, "Port");
 	c->PortUDP = PackGetInt(p, "PortUDP");
 	c->ProxyType = PackGetInt(p, "ProxyType");
@@ -4333,6 +4345,9 @@ void InRpcClientOption(CLIENT_OPTION *c, PACK *p)
 	PackGetStr(p, "CustomHttpHeader", c->CustomHttpHeader, sizeof(c->CustomHttpHeader));
 	PackGetStr(p, "HubName", c->HubName, sizeof(c->HubName));
 	PackGetStr(p, "DeviceName", c->DeviceName, sizeof(c->DeviceName));
+	PackGetIp(p, "BindLocalIP", &c->BindLocalIP);// Source IP address for outgoing connection
+	c->BindLocalPort = PackGetInt(p, "BindLocalPort");// Source port nubmer for outgoing connection
+
 	c->UseEncrypt = PackGetInt(p, "UseEncrypt") ? true : false;
 	c->UseCompress = PackGetInt(p, "UseCompress") ? true : false;
 	c->HalfConnection = PackGetInt(p, "HalfConnection") ? true : false;
@@ -4352,7 +4367,20 @@ void OutRpcClientOption(PACK *p, CLIENT_OPTION *c)
 	}
 
 	PackAddUniStr(p, "AccountName", c->AccountName);
-	PackAddStr(p, "Hostname", c->Hostname);
+	// Append hint string to hostname
+	if (IsEmptyStr(c->HintStr))
+	{
+		// No hint
+		PackAddStr(p, "Hostname", c->Hostname);
+	}
+	else
+	{
+		char hostname[MAX_SIZE];
+		StrCpy(hostname, sizeof(hostname), c->Hostname);
+		StrCat(hostname, sizeof(hostname), "/");
+		StrCat(hostname, sizeof(hostname), c->HintStr);
+		PackAddStr(p, "Hostname", hostname);
+	}
 	PackAddStr(p, "ProxyName", c->ProxyName);
 	PackAddStr(p, "ProxyUsername", c->ProxyUsername);
 	PackAddStr(p, "ProxyPassword", c->ProxyPassword);
@@ -4380,6 +4408,8 @@ void OutRpcClientOption(PACK *p, CLIENT_OPTION *c)
 	PackAddBool(p, "FromAdminPack", c->FromAdminPack);
 	PackAddBool(p, "NoUdpAcceleration", c->NoUdpAcceleration);
 	PackAddData(p, "HostUniqueKey", c->HostUniqueKey, SHA1_SIZE);
+	PackAddIp(p, "BindLocalIP", &c->BindLocalIP);// Source IP address for outgoing connection
+	PackAddInt(p, "BindLocalPort", c->BindLocalPort);// Source port number for outgoing connection
 }
 
 // CLIENT_AUTH
@@ -4522,6 +4552,7 @@ void InRpcClientCreateAccount(RPC_CLIENT_CREATE_ACCOUNT *c, PACK *p)
 	c->StartupAccount = PackGetInt(p, "StartupAccount") ? true : false;
 	c->CheckServerCert = PackGetInt(p, "CheckServerCert") ? true : false;
 	c->RetryOnServerCert = PackGetInt(p, "RetryOnServerCert") ? true : false;
+	c->AddDefaultCA = PackGetInt(p, "AddDefaultCA") ? true : false;
 	b = PackGetBuf(p, "ServerCert");
 	if (b != NULL)
 	{
@@ -4545,6 +4576,7 @@ void OutRpcClientCreateAccount(PACK *p, RPC_CLIENT_CREATE_ACCOUNT *c)
 	PackAddInt(p, "StartupAccount", c->StartupAccount);
 	PackAddInt(p, "CheckServerCert", c->CheckServerCert);
 	PackAddInt(p, "RetryOnServerCert", c->RetryOnServerCert);
+	PackAddInt(p, "AddDefaultCA", c->AddDefaultCA);
 	if (c->ServerCert != NULL)
 	{
 		b = XToBuf(c->ServerCert, false);
@@ -4695,6 +4727,7 @@ void InRpcClientGetAccount(RPC_CLIENT_GET_ACCOUNT *c, PACK *p)
 	c->StartupAccount = PackGetInt(p, "StartupAccount") ? true : false;
 	c->CheckServerCert = PackGetInt(p, "CheckServerCert") ? true : false;
 	c->RetryOnServerCert = PackGetInt(p, "RetryOnServerCert") ? true : false;
+	c->AddDefaultCA = PackGetInt(p, "AddDefaultCA") ? true : false;
 	b = PackGetBuf(p, "ServerCert");
 	if (b != NULL)
 	{
@@ -4724,6 +4757,7 @@ void OutRpcClientGetAccount(PACK *p, RPC_CLIENT_GET_ACCOUNT *c)
 	PackAddInt(p, "StartupAccount", c->StartupAccount);
 	PackAddInt(p, "CheckServerCert", c->CheckServerCert);
 	PackAddInt(p, "RetryOnServerCert", c->RetryOnServerCert);
+	PackAddInt(p, "AddDefaultCA", c->AddDefaultCA);
 
 	if (c->ServerCert != NULL)
 	{
@@ -4810,6 +4844,7 @@ void InRpcClientGetConnectionStatus(RPC_CLIENT_GET_CONNECTION_STATUS *s, PACK *p
 
 	PackGetStr(p, "ServerName", s->ServerName, sizeof(s->ServerName));
 	PackGetStr(p, "ServerProductName", s->ServerProductName, sizeof(s->ServerProductName));
+	PackGetStr(p, "ProtocolVersion", s->ProtocolName, sizeof(s->ProtocolName));
 	PackGetStr(p, "CipherName", s->CipherName, sizeof(s->CipherName));
 	PackGetStr(p, "SessionName", s->SessionName, sizeof(s->SessionName));
 	PackGetStr(p, "ConnectionName", s->ConnectionName, sizeof(s->ConnectionName));
@@ -4846,6 +4881,7 @@ void InRpcClientGetConnectionStatus(RPC_CLIENT_GET_CONNECTION_STATUS *s, PACK *p
 	s->UseCompress = PackGetInt(p, "UseCompress") ? true : false;
 	s->IsRUDPSession = PackGetInt(p, "IsRUDPSession") ? true : false;
 	PackGetStr(p, "UnderlayProtocol", s->UnderlayProtocol, sizeof(s->UnderlayProtocol));
+	PackGetStr(p, "ProtocolDetails", s->ProtocolDetails, sizeof(s->ProtocolDetails));
 	s->IsUdpAccelerationEnabled = PackGetInt(p, "IsUdpAccelerationEnabled") ? true : false;
 	s->IsUsingUdpAcceleration = PackGetInt(p, "IsUsingUdpAcceleration") ? true : false;
 
@@ -4885,6 +4921,7 @@ void OutRpcClientGetConnectionStatus(PACK *p, RPC_CLIENT_GET_CONNECTION_STATUS *
 
 	PackAddStr(p, "ServerName", c->ServerName);
 	PackAddStr(p, "ServerProductName", c->ServerProductName);
+	PackAddStr(p, "ProtocolVersion", c->ProtocolName);
 	PackAddStr(p, "CipherName", c->CipherName);
 	PackAddStr(p, "SessionName", c->SessionName);
 	PackAddStr(p, "ConnectionName", c->ConnectionName);
@@ -4908,6 +4945,7 @@ void OutRpcClientGetConnectionStatus(PACK *p, RPC_CLIENT_GET_CONNECTION_STATUS *
 	PackAddBool(p, "UseCompress", c->UseCompress);
 	PackAddBool(p, "IsRUDPSession", c->IsRUDPSession);
 	PackAddStr(p, "UnderlayProtocol", c->UnderlayProtocol);
+	PackAddStr(p, "ProtocolDetails", c->ProtocolDetails);
 	PackAddBool(p, "IsUdpAccelerationEnabled", c->IsUdpAccelerationEnabled);
 	PackAddBool(p, "IsUsingUdpAcceleration", c->IsUsingUdpAcceleration);
 
@@ -5117,6 +5155,22 @@ void CiRpcAccepted(CLIENT *c, SOCK *s)
 		retcode = 0;
 	}
 
+	if (retcode == 0)
+	{
+		if (IsLocalHostIP(&s->RemoteIP) == false)
+		{
+			// If the RPC client is from network check whether the password is empty
+			UCHAR empty_password_hash[20];
+			Sha0(empty_password_hash, "", 0);
+			if (Cmp(empty_password_hash, hashed_password, SHA1_SIZE) == 0 ||
+				IsZero(hashed_password, SHA1_SIZE))
+			{
+				// Regard it as incorrect password
+				retcode = 1;
+			}
+		}
+	}
+
 	Lock(c->lock);
 	{
 		if (c->Config.AllowRemoteConfig == false)
@@ -5220,14 +5274,21 @@ void CiRpcServerThread(THREAD *thread, void *param)
 
 	// Open the port
 	listener = NULL;
-	for (i = CLIENT_CONFIG_PORT;i < (CLIENT_CONFIG_PORT + 5);i++)
+	if (c->Config.DisableRpcDynamicPortListener == false)
 	{
-		listener = Listen(i);
-		if (listener != NULL)
+		for (i = CLIENT_CONFIG_PORT;i < (CLIENT_CONFIG_PORT + 5);i++)
 		{
-			break;
+			listener = ListenEx(i, !c->Config.AllowRemoteConfig);
+			if (listener != NULL)
+			{
+				break;
+			}
 		}
 	}
+	else
+	{
+		listener = ListenEx(CLIENT_CONFIG_PORT, !c->Config.AllowRemoteConfig);
+	}
 
 	if (listener == NULL)
 	{
@@ -5410,7 +5471,7 @@ NOTIFY_CLIENT *CcConnectNotify(REMOTE_CLIENT *rc)
 	NOTIFY_CLIENT *n;
 	SOCK *s;
 	char tmp[MAX_SIZE];
-	bool rpc_mode = false;
+	UINT rpc_mode = 0;
 	UINT port;
 	// Validate arguments
 	if (rc == NULL || rc->Rpc == NULL || rc->Rpc->Sock == NULL)
@@ -5838,6 +5899,7 @@ void CiGetSessionStatus(RPC_CLIENT_GET_CONNECTION_STATUS *st, SESSION *s)
 				if (st->UseEncrypt)
 				{
 					StrCpy(st->CipherName, sizeof(st->CipherName), s->Connection->CipherName);
+					StrCpy(st->ProtocolName, sizeof(st->ProtocolName), s->Connection->SslVersion);
 				}
 				// Use of compression
 				st->UseCompress = s->UseCompress;
@@ -6447,9 +6509,9 @@ bool CtConnect(CLIENT *c, RPC_CLIENT_CONNECT *connect)
 						// Register a procedure for secure device authentication
 						r->ClientAuth->SecureSignProc = CiSecureSignProc;
 					}
-          else if (r->ClientAuth->AuthType == CLIENT_AUTHTYPE_OPENSSLENGINE)
+					else if (r->ClientAuth->AuthType == CLIENT_AUTHTYPE_OPENSSLENGINE)
 					{
-              /* r->ClientAuth->ClientK = OpensslEngineToK("asdf"); */
+						/* r->ClientAuth->ClientK = OpensslEngineToK("asdf"); */
 						r->ClientAuth->SecureSignProc = NULL;
 					}
 					else
@@ -6493,9 +6555,7 @@ bool CtConnect(CLIENT *c, RPC_CLIENT_CONNECT *connect)
 // Requires account and VLan lists of the CLIENT argument to be already locked
 bool CtVLansDown(CLIENT *c)
 {
-#ifndef UNIX_LINUX
-	return true;
-#else
+#if defined(UNIX_LINUX) || defined(UNIX_BSD)
 	int i;
 	LIST *tmpVLanList;
 	UNIX_VLAN t, *r;
@@ -6537,6 +6597,8 @@ bool CtVLansDown(CLIENT *c)
 
 	ReleaseList(tmpVLanList);
 	return result;
+#else
+	return true;
 #endif
 }
 
@@ -6544,9 +6606,7 @@ bool CtVLansDown(CLIENT *c)
 // Requires VLan list of the CLIENT argument to be already locked
 bool CtVLansUp(CLIENT *c)
 {
-#ifndef UNIX_LINUX
-	return true;
-#else
+#if defined(UNIX_LINUX) || defined(UNIX_BSD)
 	int i;
 	UNIX_VLAN *r;
 
@@ -6560,9 +6620,8 @@ bool CtVLansUp(CLIENT *c)
 		r = LIST_DATA(c->UnixVLanList, i);
 		UnixVLanSetState(r->Name, true);
 	}
-
-	return true;
 #endif
+	return true;
 }
 
 // Get the account information
@@ -6597,6 +6656,9 @@ bool CtGetAccount(CLIENT *c, RPC_CLIENT_GET_ACCOUNT *a)
 
 		Lock(r->lock);
 		{
+			// Copy account name (restore the correct case)
+			UniStrCpy(a->AccountName, sizeof(a->AccountName), r->ClientOption->AccountName);
+
 			// Copy the client option
 			if (a->ClientOption != NULL)
 			{
@@ -6616,6 +6678,7 @@ bool CtGetAccount(CLIENT *c, RPC_CLIENT_GET_ACCOUNT *a)
 
 			a->CheckServerCert = r->CheckServerCert;
 			a->RetryOnServerCert = r->RetryOnServerCert;
+			a->AddDefaultCA = r->AddDefaultCA;
 			a->ServerCert = NULL;
 			if (r->ServerCert != NULL)
 			{
@@ -7027,6 +7090,12 @@ bool CtEnumAccount(CLIENT *c, RPC_CLIENT_ENUM_ACCOUNT *e)
 
 			// Server name
 			StrCpy(item->ServerName, sizeof(item->ServerName), a->ClientOption->Hostname);
+			// Append hint string to hostname
+			if (IsEmptyStr(a->ClientOption->HintStr) == false)
+			{
+				StrCat(item->ServerName, sizeof(item->ServerName), "/");
+				StrCat(item->ServerName, sizeof(item->ServerName), a->ClientOption->HintStr);
+			}
 
 			// Proxy type
 			item->ProxyType = a->ClientOption->ProxyType;
@@ -7109,14 +7178,6 @@ bool CtSetAccount(CLIENT *c, RPC_CLIENT_CREATE_ACCOUNT *a, bool inner)
 			}
 		}
 
-		if (a->ServerCert != NULL && a->ServerCert->is_compatible_bit == false)
-		{
-			// Server certificate is invalid
-			UnlockList(c->AccountList);
-			CiSetError(c, ERR_NOT_RSA_1024);
-			return false;
-		}
-
 		Lock(ret->lock);
 		{
 
@@ -7152,6 +7213,7 @@ bool CtSetAccount(CLIENT *c, RPC_CLIENT_CREATE_ACCOUNT *a, bool inner)
 
 			ret->CheckServerCert = a->CheckServerCert;
 			ret->RetryOnServerCert = a->RetryOnServerCert;
+			ret->AddDefaultCA = a->AddDefaultCA;
 
 			if (a->ServerCert != NULL)
 			{
@@ -7236,14 +7298,6 @@ bool CtCreateAccount(CLIENT *c, RPC_CLIENT_CREATE_ACCOUNT *a, bool inner)
 			}
 		}
 
-		if (a->ServerCert != NULL && a->ServerCert->is_compatible_bit == false)
-		{
-			// The server certificate is invalid
-			UnlockList(c->AccountList);
-			CiSetError(c, ERR_NOT_RSA_1024);
-			return false;
-		}
-
 		// Add a new account
 		new_account = ZeroMalloc(sizeof(ACCOUNT));
 		new_account->lock = NewLock();
@@ -7259,6 +7313,7 @@ bool CtCreateAccount(CLIENT *c, RPC_CLIENT_CREATE_ACCOUNT *a, bool inner)
 
 		new_account->CheckServerCert = a->CheckServerCert;
 		new_account->RetryOnServerCert = a->RetryOnServerCert;
+		new_account->AddDefaultCA = a->AddDefaultCA;
 		if (a->ServerCert != NULL)
 		{
 			new_account->ServerCert = CloneX(a->ServerCert);
@@ -8536,12 +8591,6 @@ bool CtAddCa(CLIENT *c, RPC_CERT *cert)
 		return false;
 	}
 
-	if (cert->x->is_compatible_bit == false)
-	{
-		CiSetError(c, ERR_NOT_RSA_1024);
-		return false;
-	}
-
 	AddCa(c->Cedar, cert->x);
 
 	CiSaveConfigurationFile(c);
@@ -9002,6 +9051,12 @@ void CiInitConfiguration(CLIENT *c)
 		c->Config.UseKeepConnect = false;	// Don't use the connection maintenance function by default in the Client
 		// Eraser
 		c->Eraser = NewEraser(c->Logger, 0);
+
+#ifdef	OS_WIN32
+		c->Config.DisableRpcDynamicPortListener = false;
+#else	// OS_WIN32
+		c->Config.DisableRpcDynamicPortListener = true;
+#endif	// OS_WIN32
 	}
 	else
 	{
@@ -9148,6 +9203,19 @@ void CiLoadClientConfig(CLIENT_CONFIG *c, FOLDER *f)
 	c->AllowRemoteConfig = CfgGetBool(f, "AllowRemoteConfig");
 	c->KeepConnectInterval = MAKESURE(CfgGetInt(f, "KeepConnectInterval"), KEEP_INTERVAL_MIN, KEEP_INTERVAL_MAX);
 	c->NoChangeWcmNetworkSettingOnWindows8 = CfgGetBool(f, "NoChangeWcmNetworkSettingOnWindows8");
+
+	if (CfgIsItem(f, "DisableRpcDynamicPortListener"))
+	{
+		c->DisableRpcDynamicPortListener = CfgGetBool(f, "DisableRpcDynamicPortListener");
+	}
+	else
+	{
+#ifdef	OS_WIN32
+		c->DisableRpcDynamicPortListener = false;
+#else	// OS_WIN32
+		c->DisableRpcDynamicPortListener = true;
+#endif	// OS_WIN32
+	}
 }
 
 // Read the client authentication data
@@ -9241,6 +9309,13 @@ CLIENT_OPTION *CiLoadClientOption(FOLDER *f)
 
 	CfgGetUniStr(f, "AccountName", o->AccountName, sizeof(o->AccountName));
 	CfgGetStr(f, "Hostname", o->Hostname, sizeof(o->Hostname));
+	// Extract hint string from hostname
+	UINT i = SearchStrEx(o->Hostname, "/", 0, false);
+	if (i != INFINITE)
+	{
+		StrCpy(o->HintStr, sizeof(o->HintStr), o->Hostname + i + 1);
+		o->Hostname[i] = 0;
+	}
 	o->Port = CfgGetInt(f, "Port");
 	o->PortUDP = CfgGetInt(f, "PortUDP");
 	o->ProxyType = CfgGetInt(f, "ProxyType");
@@ -9271,7 +9346,9 @@ CLIENT_OPTION *CiLoadClientOption(FOLDER *f)
 	o->DisableQoS = CfgGetBool(f, "DisableQoS");
 	o->FromAdminPack = CfgGetBool(f, "FromAdminPack");
 	o->NoUdpAcceleration = CfgGetBool(f, "NoUdpAcceleration");
-	
+	CfgGetIp(f, "BindLocalIP", &o->BindLocalIP);// Source IP address for outgoing connection
+	o->BindLocalPort = CfgGetInt(f, "BindLocalPort");// Source port number for outgoing connection
+
 	b = CfgGetBuf(f, "HostUniqueKey");
 	if (b != NULL)
 	{
@@ -9322,6 +9399,7 @@ ACCOUNT *CiLoadClientAccount(FOLDER *f)
 	a->StartupAccount = CfgGetBool(f, "StartupAccount");
 	a->CheckServerCert = CfgGetBool(f, "CheckServerCert");
 	a->RetryOnServerCert = CfgGetBool(f, "RetryOnServerCert");
+	a->AddDefaultCA = CfgGetBool(f, "AddDefaultCA");
 	a->CreateDateTime = CfgGetInt64(f, "CreateDateTime");
 	a->UpdateDateTime = CfgGetInt64(f, "UpdateDateTime");
 	a->LastConnectDateTime = CfgGetInt64(f, "LastConnectDateTime");
@@ -9712,6 +9790,7 @@ void CiWriteClientConfig(FOLDER *cc, CLIENT_CONFIG *config)
 	CfgAddBool(cc, "AllowRemoteConfig", config->AllowRemoteConfig);
 	CfgAddInt(cc, "KeepConnectInterval", config->KeepConnectInterval);
 	CfgAddBool(cc, "NoChangeWcmNetworkSettingOnWindows8", config->NoChangeWcmNetworkSettingOnWindows8);
+	CfgAddBool(cc, "DisableRpcDynamicPortListener", config->DisableRpcDynamicPortListener);
 }
 
 // Write the client authentication data
@@ -9783,7 +9862,20 @@ void CiWriteClientOption(FOLDER *f, CLIENT_OPTION *o)
 	}
 
 	CfgAddUniStr(f, "AccountName", o->AccountName);
-	CfgAddStr(f, "Hostname", o->Hostname);
+	// Append hint string to hostname
+	if (IsEmptyStr(o->HintStr))
+	{
+		// No hint
+		CfgAddStr(f, "Hostname", o->Hostname);
+	}
+	else
+	{
+		char hostname[MAX_SIZE];
+		StrCpy(hostname, sizeof(hostname), o->Hostname);
+		StrCat(hostname, sizeof(hostname), "/");
+		StrCat(hostname, sizeof(hostname), o->HintStr);
+		CfgAddStr(f, "Hostname", hostname);
+	}
 	CfgAddInt(f, "Port", o->Port);
 	CfgAddInt(f, "PortUDP", o->PortUDP);
 	CfgAddInt(f, "ProxyType", o->ProxyType);
@@ -9811,6 +9903,8 @@ void CiWriteClientOption(FOLDER *f, CLIENT_OPTION *o)
 	CfgAddBool(f, "RequireBridgeRoutingMode", o->RequireBridgeRoutingMode);
 	CfgAddBool(f, "DisableQoS", o->DisableQoS);
 	CfgAddBool(f, "NoUdpAcceleration", o->NoUdpAcceleration);
+	CfgAddIp(f, "BindLocalIP", &o->BindLocalIP);// Source IP address for outgoing connection
+	CfgAddInt(f, "BindLocalPort", o->BindLocalPort);// Source port number for outgoing connection
 
 	if (o->FromAdminPack)
 	{
@@ -9947,6 +10041,9 @@ void CiWriteAccountData(FOLDER *f, ACCOUNT *a)
 	// Retry on invalid server certificate flag
 	CfgAddBool(f, "RetryOnServerCert", a->RetryOnServerCert);
 
+	// Add default SSL trust store
+	CfgAddBool(f, "AddDefaultCA", a->AddDefaultCA);
+
 	// Date and time
 	CfgAddInt64(f, "CreateDateTime", a->CreateDateTime);
 	CfgAddInt64(f, "UpdateDateTime", a->UpdateDateTime);

src/Cedar/Client.h

@@ -61,6 +61,7 @@ struct ACCOUNT
 	CLIENT_AUTH *ClientAuth;				// Client authentication data
 	bool CheckServerCert;					// Check the server certificate
 	bool RetryOnServerCert;					// Retry on invalid server certificate
+	bool AddDefaultCA;						// Use default trust store
 	X *ServerCert;							// Server certificate
 	bool StartupAccount;					// Start-up account
 	UCHAR ShortcutKey[SHA1_SIZE];			// Key
@@ -86,6 +87,7 @@ struct CLIENT_CONFIG
 	UINT KeepConnectProtocol;				// Protocol
 	UINT KeepConnectInterval;				// Interval
 	bool NoChangeWcmNetworkSettingOnWindows8;	// Don't change the WCM network settings on Windows 8
+	bool DisableRpcDynamicPortListener;
 };
 
 // Version acquisition
@@ -239,6 +241,7 @@ struct RPC_CLIENT_CREATE_ACCOUNT
 	bool StartupAccount;					// Startup account
 	bool CheckServerCert;					// Checking of the server certificate
 	bool RetryOnServerCert;					// Retry on invalid server certificate
+	bool AddDefaultCA;						// Use default trust store
 	X *ServerCert;							// Server certificate
 	UCHAR ShortcutKey[SHA1_SIZE];			// Shortcut Key
 };
@@ -292,6 +295,7 @@ struct RPC_CLIENT_GET_ACCOUNT
 	bool StartupAccount;					// Startup account
 	bool CheckServerCert;					// Check the server certificate
 	bool RetryOnServerCert;					// Retry on invalid server certificate
+	bool AddDefaultCA;						// Use default trust store
 	X *ServerCert;							// Server certificate
 	UCHAR ShortcutKey[SHA1_SIZE];			// Shortcut Key
 	UINT64 CreateDateTime;					// Creation date and time (Ver 3.0 or later)

src/Cedar/Command.h

@@ -236,6 +236,7 @@ bool CmdEvalPortList(CONSOLE *c, wchar_t *str, void *param);
 wchar_t *PsClusterSettingMemberPromptPorts(CONSOLE *c, void *param);
 K *CmdLoadKey(CONSOLE *c, wchar_t *filename);
 bool CmdLoadCertAndKey(CONSOLE *c, X **xx, K **kk, wchar_t *cert_filename, wchar_t *key_filename);
+bool CmdLoadCertChainAndKey(CONSOLE *c, X **xx, K **kk, LIST **cc, wchar_t *cert_filename, wchar_t *key_filename);
 bool CmdEvalTcpOrUdp(CONSOLE *c, wchar_t *str, void *param);
 wchar_t *GetConnectionTypeStr(UINT type);
 bool CmdEvalHostAndSubnetMask4(CONSOLE *c, wchar_t *str, void *param);
@@ -307,6 +308,8 @@ UINT PtConnect(CONSOLE *c, wchar_t *cmdline);
 PT *NewPt(CONSOLE *c, wchar_t *cmdline);
 void FreePt(PT *pt);
 void PtMain(PT *pt);
+UINT PtGenX25519(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
+UINT PtGetPublicX25519(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
 UINT PtMakeCert(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
 UINT PtMakeCert2048(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
 UINT PtTrafficClient(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
@@ -339,6 +342,7 @@ UINT PcNicDisable(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
 UINT PcNicList(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
 UINT PcAccountList(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
 UINT PcAccountCreate(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
+void SetRpcClientCreateAccountFromGetAccount(RPC_CLIENT_CREATE_ACCOUNT *c, RPC_CLIENT_GET_ACCOUNT *t);
 UINT PcAccountSet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
 UINT PcAccountGet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
 UINT PcAccountDelete(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
@@ -362,6 +366,8 @@ UINT PcAccountServerCertEnable(CONSOLE *c, char *cmd_name, wchar_t *str, void *p
 UINT PcAccountServerCertDisable(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
 UINT PcAccountRetryOnServerCertEnable(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
 UINT PcAccountRetryOnServerCertDisable(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
+UINT PcAccountDefaultCAEnable(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
+UINT PcAccountDefaultCADisable(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
 UINT PcAccountServerCertSet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
 UINT PcAccountServerCertDelete(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
 UINT PcAccountServerCertGet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
@@ -507,6 +513,8 @@ UINT PsCascadeProxySocks(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
 UINT PsCascadeProxySocks5(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
 UINT PsCascadeServerCertEnable(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
 UINT PsCascadeServerCertDisable(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
+UINT PsCascadeDefaultCAEnable(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
+UINT PsCascadeDefaultCADisable(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
 UINT PsCascadeServerCertSet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
 UINT PsCascadeServerCertDelete(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
 UINT PsCascadeServerCertGet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);

src/Cedar/Connection.c

@@ -28,6 +28,7 @@
 #include "Mayaqua/Object.h"
 #include "Mayaqua/Pack.h"
 #include "Mayaqua/Str.h"
+#include "Mayaqua/Table.h"
 #include "Mayaqua/Tick64.h"
 
 #include <stdlib.h>
@@ -909,20 +910,24 @@ void SendKeepAlive(CONNECTION *c, TCPSOCK *ts)
 
 	if (s->UseUdpAcceleration && udp_accel != NULL)
 	{
+		UINT required_size = 0;
+
 		if (udp_accel->MyPortNatT != 0)
 		{
-			size = MAX(size, (StrLen(UDP_NAT_T_PORT_SIGNATURE_IN_KEEP_ALIVE) + sizeof(USHORT)));
+			required_size += StrLen(UDP_NAT_T_PORT_SIGNATURE_IN_KEEP_ALIVE) + sizeof(USHORT);
 
 			insert_natt_port = true;
 		}
 
 		if (IsZeroIP(&udp_accel->MyIpNatT) == false)
 		{
-			size = MAX(size, (StrLen(UDP_NAT_T_IP_SIGNATURE_IN_KEEP_ALIVE) + sizeof(udp_accel->MyIpNatT.address)));
+			required_size += StrLen(UDP_NAT_T_IP_SIGNATURE_IN_KEEP_ALIVE) + sizeof(udp_accel->MyIpNatT.address);
 
 			insert_natt_ip = true;
 		}
 
+		size = MAX(size, required_size);
+
 	}
 
 	buf = MallocFast(size);
@@ -2986,6 +2991,7 @@ void ConnectionAccept(CONNECTION *c)
 	SOCK *s;
 	X *x;
 	K *k;
+	LIST *chain;
 	char tmp[128];
 	UINT initial_timeout = CONNECTING_TIMEOUT;
 	UCHAR ctoken_hash[SHA1_SIZE];
@@ -3036,26 +3042,34 @@ void ConnectionAccept(CONNECTION *c)
 
 		x = CloneX(c->Cedar->ServerX);
 		k = CloneK(c->Cedar->ServerK);
+		chain = CloneXList(c->Cedar->ServerChain);
 	}
 	Unlock(c->Cedar->lock);
 
 	// Start the SSL communication
 	Copy(&s->SslAcceptSettings, &c->Cedar->SslAcceptSettings, sizeof(SSL_ACCEPT_SETTINGS));
-	if (StartSSL(s, x, k) == false)
+	UINT ssl_err = 0;
+	if (StartSSLEx3(s, x, k, chain, 0, NULL, NULL, &ssl_err) == false)
 	{
 		// Failed
 		AddNoSsl(c->Cedar, &s->RemoteIP);
 		Debug("ConnectionAccept(): StartSSL() failed\n");
+		if (ssl_err != 0)
+		{
+			SLog(c->Cedar, "LS_SSL_START_ERROR", c->Name, GetUniErrorStr(ssl_err), ssl_err);
+		}
 		FreeX(x);
 		FreeK(k);
+		FreeXList(chain);
 
 		goto FINAL;
 	}
 
 	FreeX(x);
 	FreeK(k);
+	FreeXList(chain);
 
-	SLog(c->Cedar, "LS_SSL_START", c->Name, s->CipherName);
+	SLog(c->Cedar, "LS_SSL_START", c->Name, s->SslVersion, s->CipherName);
 
 	Copy(c->CToken_Hash, ctoken_hash, SHA1_SIZE);
 
@@ -3391,6 +3405,11 @@ void CleanupConnection(CONNECTION *c)
 		Free(c->CipherName);
 	}
 
+	if (c->SslVersion != NULL)
+	{
+		Free(c->SslVersion);
+	}
+
 	Free(c);
 }
 

src/Cedar/Connection.h

@@ -58,8 +58,11 @@ struct RC4_KEY_PAIR
 	UCHAR ServerToClientKey[16];
 	UCHAR ClientToServerKey[16];
 };
+#define	TYPE_BINDLOCALIP	1	//  Enable HMI user to edit Source IP address & Source port number for outgoing connection
 
 // Client Options
+// Do not change item size or order and only add new items at the end!
+// See comments in struct SETTING (SMInner.h)
 struct CLIENT_OPTION
 {
 	wchar_t AccountName[MAX_ACCOUNT_NAME_LEN + 1];			// Connection setting name
@@ -71,26 +74,41 @@ struct CLIENT_OPTION
 	UINT ProxyPort;											// Port number of the proxy server
 	char ProxyUsername[PROXY_MAX_USERNAME_LEN + 1];			// Maximum user name length
 	char ProxyPassword[PROXY_MAX_PASSWORD_LEN + 1];			// Maximum password length
-	char CustomHttpHeader[HTTP_CUSTOM_HEADER_MAX_SIZE + 1];	// Custom HTTP proxy header
 	UINT NumRetry;											// Automatic retries
 	UINT RetryInterval;										// Retry interval
 	char HubName[MAX_HUBNAME_LEN + 1];						// HUB name
 	UINT MaxConnection;										// Maximum number of concurrent TCP connections
 	bool UseEncrypt;										// Use encrypted communication
+	char pad1[3];
 	bool UseCompress;										// Use data compression
+	char pad2[3];
 	bool HalfConnection;									// Use half connection in TCP
+	char pad3[3];
 	bool NoRoutingTracking;									// Disable the routing tracking
+	char pad4[3];
 	char DeviceName[MAX_DEVICE_NAME_LEN + 1];				// VLAN device name
 	UINT AdditionalConnectionInterval;						// Connection attempt interval when additional connection establish
 	UINT ConnectionDisconnectSpan;							// Disconnection interval
 	bool HideStatusWindow;									// Hide the status window
+	char pad5[3];
 	bool HideNicInfoWindow;									// Hide the NIC status window
+	char pad6[3];
 	bool RequireMonitorMode;								// Monitor port mode
+	char pad7[3];
 	bool RequireBridgeRoutingMode;							// Bridge or routing mode
+	char pad8[3];
 	bool DisableQoS;										// Disable the VoIP / QoS function
+	char pad9[3];
 	bool FromAdminPack;										// For Administration Pack
+	char pad10[3];
+	char pad11[4];											// Removed bool
 	bool NoUdpAcceleration;									// Do not use UDP acceleration mode
+	char pad12[3];
 	UCHAR HostUniqueKey[SHA1_SIZE];							// Host unique key
+	char CustomHttpHeader[HTTP_CUSTOM_HEADER_MAX_SIZE];		// Custom HTTP proxy header
+	char HintStr[MAX_HOST_NAME_LEN + 1];					// Hint string for NAT-T
+	IP   BindLocalIP;										// Source IP address for outgoing connection
+	UINT BindLocalPort;										// Source port number for outgoing connection
 };
 
 // Client authentication data
@@ -208,6 +226,7 @@ struct CONNECTION
 	X *ServerX;						// Server certificate
 	X *ClientX;						// Client certificate
 	char *CipherName;				// Encryption algorithm name
+	char *SslVersion;				// SSL protocol version
 	UINT64 ConnectedTick;			// Time it is connected
 	IP ClientIp;					// Client IP address
 	char ClientHostname[MAX_HOST_NAME_LEN + 1];	// Client host name

src/Cedar/DDNS.c

@@ -541,13 +541,9 @@ UINT DCRegister(DDNS_CLIENT *c, bool ipv6, DDNS_REGISTER_PARAM *p, char *replace
 		}
 	}
 
-
-
 	Format(url2, sizeof(url2), "%s?v=%I64u", url, Rand64());
 	Format(url3, sizeof(url3), url2, key_hash_str[2], key_hash_str[3]);
 
-	ReplaceStr(url3, sizeof(url3), url3, "https://", "http://");
-
 	ReplaceStr(url3, sizeof(url3), url3, ".servers", ".open.servers");
 
 	cert_hash = StrToBin(DDNS_CERT_HASH);

src/Cedar/DDNS.h

@@ -18,7 +18,11 @@
 							"439BAFA75A6EE5671FC9F9A02D34FF29881761A0" \
 							"EFAC5FA0CDD14E0F864EED58A73C35D7E33B62F3" \
 							"74DF99D4B1B5F0488A388B50D347D26013DC67A5" \
-							"6EBB39AFCA8C900635CFC11218CF293A612457E4"
+							"6EBB39AFCA8C900635CFC11218CF293A612457E4" \
+							"05A9386C5E2B233F7BAB2479620EAAA2793709ED" \
+							"A811C64BB715351E36B6C1E022648D8BE0ACD128" \
+							"BD264DB3B0B1B3ABA0AF3074AA574ED1EF3B42D7" \
+							"9AB61D691536645DD55A8730FC6D2CDF33C8C73F"
 
 #define	DDNS_SNI_VER_STRING		"DDNS"
 
@@ -43,7 +47,7 @@
 #define	DDNS_URL2_V4_ALT	"http://get-my-ip.ddns.uxcom.jp/ddns/getmyip.ashx"
 #define	DDNS_URL2_V6_ALT	"http://get-my-ip-v6.ddns.uxcom.jp/ddns/getmyip.ashx"
 
-#define	DDNS_RPC_MAX_RECV_SIZE				DYN32(DDNS_RPC_MAX_RECV_SIZE, (128 * 1024 * 1024))
+#define	DDNS_RPC_MAX_RECV_SIZE				DYN32(DDNS_RPC_MAX_RECV_SIZE, (38 * 1024 * 1024))
 
 // Connection Timeout
 #define	DDNS_CONNECT_TIMEOUT		DYN32(DDNS_CONNECT_TIMEOUT, (15 * 1000))

src/Cedar/Hub.c

@@ -91,7 +91,8 @@ UINT num_admin_options = sizeof(admin_options) / sizeof(ADMIN_OPTION);
 
 
 // Create an EAP client for the specified Virtual Hub
-EAP_CLIENT *HubNewEapClient(CEDAR *cedar, char *hubname, char *client_ip_str, char *username, char *vpn_protocol_state_str)
+EAP_CLIENT *HubNewEapClient(CEDAR *cedar, char *hubname, char *client_ip_str, char *username, char *vpn_protocol_state_str, bool proxy_only, 
+							PPP_LCP **response, UCHAR last_recv_eapid)
 {
 	HUB *hub = NULL;
 	EAP_CLIENT *ret = NULL;
@@ -137,7 +138,7 @@ EAP_CLIENT *HubNewEapClient(CEDAR *cedar, char *hubname, char *client_ip_str, ch
 						if (GetIP(&ip, radius_servers_list->Token[i]))
 						{
 							eap = NewEapClient(&ip, radius_port, radius_secret, radius_retry_interval,
-								RADIUS_INITIAL_EAP_TIMEOUT, client_ip_str, username, hubname);
+								RADIUS_INITIAL_EAP_TIMEOUT, client_ip_str, username, hubname, last_recv_eapid);
 
 							if (eap != NULL)
 							{
@@ -146,7 +147,19 @@ EAP_CLIENT *HubNewEapClient(CEDAR *cedar, char *hubname, char *client_ip_str, ch
 									StrCpy(eap->In_VpnProtocolState, sizeof(eap->In_VpnProtocolState), vpn_protocol_state_str);
 								}
 
-								if (use_peap == false)
+								if (proxy_only && response != NULL)
+								{
+									// EAP proxy for EAP-capable clients
+									PPP_LCP *lcp = EapClientSendEapIdentity(eap);
+									if (lcp != NULL)
+									{
+										*response = lcp;
+										eap->GiveupTimeout = RADIUS_RETRY_TIMEOUT;
+										ret = eap;
+										finish = true;
+									}
+								}
+								else if (use_peap == false)
 								{
 									// EAP
 									if (EapClientSendMsChapv2AuthRequest(eap))
@@ -606,6 +619,7 @@ void DataToHubOptionStruct(HUB_OPTION *o, RPC_ADMIN_OPTION *ao)
 	GetHubAdminOptionDataAndSet(ao, "DoNotSaveHeavySecurityLogs", o->DoNotSaveHeavySecurityLogs);
 	GetHubAdminOptionDataAndSet(ao, "DropBroadcastsInPrivacyFilterMode", o->DropBroadcastsInPrivacyFilterMode);
 	GetHubAdminOptionDataAndSet(ao, "DropArpInPrivacyFilterMode", o->DropArpInPrivacyFilterMode);
+	GetHubAdminOptionDataAndSet(ao, "AllowSameUserInPrivacyFilterMode", o->AllowSameUserInPrivacyFilterMode);
 	GetHubAdminOptionDataAndSet(ao, "SuppressClientUpdateNotification", o->SuppressClientUpdateNotification);
 	GetHubAdminOptionDataAndSet(ao, "FloodingSendQueueBufferQuota", o->FloodingSendQueueBufferQuota);
 	GetHubAdminOptionDataAndSet(ao, "AssignVLanIdByRadiusAttribute", o->AssignVLanIdByRadiusAttribute);
@@ -615,6 +629,7 @@ void DataToHubOptionStruct(HUB_OPTION *o, RPC_ADMIN_OPTION *ao)
 	GetHubAdminOptionDataAndSet(ao, "NoPhysicalIPOnPacketLog", o->NoPhysicalIPOnPacketLog);
 	GetHubAdminOptionDataAndSet(ao, "UseHubNameAsDhcpUserClassOption", o->UseHubNameAsDhcpUserClassOption);
 	GetHubAdminOptionDataAndSet(ao, "UseHubNameAsRadiusNasId", o->UseHubNameAsRadiusNasId);
+	GetHubAdminOptionDataAndSet(ao, "AllowEapMatchUserByCert", o->AllowEapMatchUserByCert);
 }
 
 // Convert the contents of the HUB_OPTION to data
@@ -679,6 +694,7 @@ void HubOptionStructToData(RPC_ADMIN_OPTION *ao, HUB_OPTION *o, char *hub_name)
 	Add(aol, NewAdminOption("DoNotSaveHeavySecurityLogs", o->DoNotSaveHeavySecurityLogs));
 	Add(aol, NewAdminOption("DropBroadcastsInPrivacyFilterMode", o->DropBroadcastsInPrivacyFilterMode));
 	Add(aol, NewAdminOption("DropArpInPrivacyFilterMode", o->DropArpInPrivacyFilterMode));
+	Add(aol, NewAdminOption("AllowSameUserInPrivacyFilterMode", o->AllowSameUserInPrivacyFilterMode));
 	Add(aol, NewAdminOption("SuppressClientUpdateNotification", o->SuppressClientUpdateNotification));
 	Add(aol, NewAdminOption("FloodingSendQueueBufferQuota", o->FloodingSendQueueBufferQuota));
 	Add(aol, NewAdminOption("AssignVLanIdByRadiusAttribute", o->AssignVLanIdByRadiusAttribute));
@@ -688,6 +704,7 @@ void HubOptionStructToData(RPC_ADMIN_OPTION *ao, HUB_OPTION *o, char *hub_name)
 	Add(aol, NewAdminOption("NoPhysicalIPOnPacketLog", o->NoPhysicalIPOnPacketLog));
 	Add(aol, NewAdminOption("UseHubNameAsDhcpUserClassOption", o->UseHubNameAsDhcpUserClassOption));
 	Add(aol, NewAdminOption("UseHubNameAsRadiusNasId", o->UseHubNameAsRadiusNasId));
+	Add(aol, NewAdminOption("AllowEapMatchUserByCert", o->AllowEapMatchUserByCert));
 
 	Zero(ao, sizeof(RPC_ADMIN_OPTION));
 
@@ -3562,7 +3579,7 @@ bool HubPaPutPacket(SESSION *s, void *data, UINT size)
 
 		target_mss = MIN(target_mss, session_mss);
 
-		if (s->IsUsingUdpAcceleration && s->UdpAccelMss != 0)
+		if (s->UseUdpAcceleration && s->UdpAccelMss != 0)
 		{
 			// If the link is established with UDP acceleration function, use optimum value of the UDP acceleration function
 			target_mss = MIN(target_mss, s->UdpAccelMss);
@@ -3915,6 +3932,7 @@ void StorePacket(HUB *hub, SESSION *s, PKT *packet)
 	bool no_heavy = false;
 	bool drop_broadcast_packet_privacy = false;
 	bool drop_arp_packet_privacy = false;
+	bool allow_same_user_packet_privacy = false;
 	UINT tcp_queue_quota = 0;
 	UINT64 dormant_interval = 0;
 	// Validate arguments
@@ -3939,6 +3957,7 @@ void StorePacket(HUB *hub, SESSION *s, PKT *packet)
 		no_heavy = hub->Option->DoNotSaveHeavySecurityLogs;
 		drop_broadcast_packet_privacy = hub->Option->DropBroadcastsInPrivacyFilterMode;
 		drop_arp_packet_privacy = hub->Option->DropArpInPrivacyFilterMode;
+		allow_same_user_packet_privacy = hub->Option->AllowSameUserInPrivacyFilterMode;
 		tcp_queue_quota = hub->Option->FloodingSendQueueBufferQuota;
 		if (hub->Option->DetectDormantSessionInterval != 0)
 		{
@@ -4840,7 +4859,11 @@ UPDATE_FDB:
 							// Privacy filter
 							if (drop_arp_packet_privacy || packet->TypeL3 != L3_ARPV4)
 							{
-								goto DISCARD_UNICAST_PACKET;
+								// Do not block sessions owned by the same user, if the corresponding option is enabled.
+								if (allow_same_user_packet_privacy == false || StrCmp(s->Username, dest_session->Username))
+								{
+									goto DISCARD_UNICAST_PACKET;
+								}
 							}
 						}
 
@@ -5057,7 +5080,11 @@ DISCARD_UNICAST_PACKET:
 									// Privacy filter
 									if (drop_arp_packet_privacy || packet->TypeL3 != L3_ARPV4)
 									{
-										discard = true;
+										// Do not block sessions owned by the same user, if the corresponding option is enabled.
+										if (allow_same_user_packet_privacy == false || StrCmp(s->Username, dest_session->Username))
+										{
+											discard = true;
+										}
 									}
 								}
 
@@ -5350,7 +5377,7 @@ void StorePacketToHubPa(HUB_PA *dest, SESSION *src, void *data, UINT size, PKT *
 	if (src != NULL && dest->Session != NULL && src->Hub != NULL && src->Hub->Option != NULL)
 	{
 		if (dest->Session->AdjustMss != 0 ||
-			(dest->Session->IsUsingUdpAcceleration && dest->Session->UdpAccelMss != 0) ||
+			(dest->Session->UseUdpAcceleration && dest->Session->UdpAccelMss != 0) ||
 			(dest->Session->IsRUDPSession && dest->Session->RUdpMss != 0))
 		{
 			if (src->Hub->Option->DisableAdjustTcpMss == false)
@@ -5362,7 +5389,7 @@ void StorePacketToHubPa(HUB_PA *dest, SESSION *src, void *data, UINT size, PKT *
 					target_mss = MIN(target_mss, dest->Session->AdjustMss);
 				}
 
-				if (dest->Session->IsUsingUdpAcceleration && dest->Session->UdpAccelMss != 0)
+				if (dest->Session->UseUdpAcceleration && dest->Session->UdpAccelMss != 0)
 				{
 					target_mss = MIN(target_mss, dest->Session->UdpAccelMss);
 				}
@@ -6955,6 +6982,7 @@ HUB *NewHub(CEDAR *cedar, char *HubName, HUB_OPTION *option)
 
 	h->Option->DropBroadcastsInPrivacyFilterMode = true;
 	h->Option->DropArpInPrivacyFilterMode = true;
+	h->Option->AllowSameUserInPrivacyFilterMode = false;
 
 	Rand(h->HubSignature, sizeof(h->HubSignature));
 

src/Cedar/Hub.h

@@ -172,6 +172,7 @@ struct HUB_OPTION
 	bool DoNotSaveHeavySecurityLogs;	// Do not take heavy security log
 	bool DropBroadcastsInPrivacyFilterMode;	// Drop broadcasting packets if the both source and destination session is PrivacyFilter mode
 	bool DropArpInPrivacyFilterMode;	// Drop ARP packets if the both source and destination session is PrivacyFilter mode
+	bool AllowSameUserInPrivacyFilterMode;	// Allow packets if both the source and destination session user are the same
 	bool SuppressClientUpdateNotification;	// Suppress the update notification function on the VPN Client
 	UINT FloodingSendQueueBufferQuota;	// The global quota of send queues of flooding packets
 	bool AssignVLanIdByRadiusAttribute;	// Assign the VLAN ID for the VPN session, by the attribute value of RADIUS
@@ -181,6 +182,7 @@ struct HUB_OPTION
 	bool NoPhysicalIPOnPacketLog;		// Disable saving physical IP address on the packet log
 	bool UseHubNameAsDhcpUserClassOption;	// Add HubName to DHCP request as User-Class option
 	bool UseHubNameAsRadiusNasId;		// Add HubName to Radius request as NAS-Identifier attrioption
+	bool AllowEapMatchUserByCert;		// Allow matching EAP Identity with user certificate CNs
 };
 
 // MAC table entry
@@ -535,7 +537,8 @@ bool IsUserMatchInUserList(LIST *o, char *filename, UINT64 user_hash);
 bool IsUserMatchInUserListWithCacheExpires(LIST *o, char *filename, UINT64 user_hash, UINT64 lifetime);
 bool IsUserMatchInUserListWithCacheExpiresAcl(LIST *o, char *name_in_acl, UINT64 user_hash, UINT64 lifetime);
 bool CheckMaxLoggedPacketsPerMinute(SESSION *s, UINT max_packets, UINT64 now);
-EAP_CLIENT *HubNewEapClient(CEDAR *cedar, char *hubname, char *client_ip_str, char *username, char *vpn_protocol_state_str);
+EAP_CLIENT *HubNewEapClient(CEDAR *cedar, char *hubname, char *client_ip_str, char *username, char *vpn_protocol_state_str, bool proxy_only, 
+							PPP_LCP **response, UCHAR last_recv_eapid);
 
 #endif	// HUB_H
 

src/Cedar/IPC.c

@@ -244,7 +244,8 @@ IPC *NewIPCByParam(CEDAR *cedar, IPC_PARAM *param, UINT *error_code)
 	             param->UserName, param->Password, param->WgKey, error_code,
 	             &param->ClientIp, param->ClientPort, &param->ServerIp, param->ServerPort,
 	             param->ClientHostname, param->CryptName,
-	             param->BridgeMode, param->Mss, NULL, param->ClientCertificate, param->Layer);
+	             param->BridgeMode, param->Mss, NULL, param->ClientCertificate, param->RadiusOK,
+				 param->Layer);
 
 	return ipc;
 }
@@ -253,7 +254,7 @@ IPC *NewIPCByParam(CEDAR *cedar, IPC_PARAM *param, UINT *error_code)
 IPC *NewIPC(CEDAR *cedar, char *client_name, char *postfix, char *hubname, char *username, char *password, char *wg_key,
             UINT *error_code, IP *client_ip, UINT client_port, IP *server_ip, UINT server_port,
             char *client_hostname, char *crypt_name,
-            bool bridge_mode, UINT mss, EAP_CLIENT *eap_client, X *client_certificate,
+            bool bridge_mode, UINT mss, EAP_CLIENT *eap_client, X *client_certificate, bool external_auth,
             UINT layer)
 {
 	IPC *ipc;
@@ -360,6 +361,10 @@ IPC *NewIPC(CEDAR *cedar, char *client_name, char *postfix, char *hubname, char
 	{
 		p = PackLoginWithOpenVPNCertificate(hubname, username, client_certificate);
 	}
+	else if (external_auth)
+	{
+		p = PackLoginWithExternal(hubname, username);
+	}
 	else
 	{
 		p = PackLoginWithPlainPassword(hubname, username, password);
@@ -497,6 +502,8 @@ IPC *NewIPC(CEDAR *cedar, char *client_name, char *postfix, char *hubname, char
 		ZeroIP4(&ipc->BroadcastAddress);
 	}
 
+	ReleaseHub(hub);
+
 	ZeroIP4(&ipc->ClientIPAddress);
 
 	MacToStr(macstr, sizeof(macstr), ipc->MacAddress);
@@ -1501,6 +1508,7 @@ void IPCProcessL3EventsEx(IPC *ipc, UINT64 now)
 							if (p->IPv6HeaderPacketInfo.Protocol == IP_PROTO_ICMPV6)
 							{
 								IP icmpHeaderAddr;
+								UINT header_size = 0;
 								// We need to parse the Router Advertisement and Neighbor Advertisement messages
 								// to build the Neighbor Discovery Table (aka ARP table for IPv6)
 								switch (p->ICMPv6HeaderPacketInfo.Type)
@@ -1509,7 +1517,11 @@ void IPCProcessL3EventsEx(IPC *ipc, UINT64 now)
 									// We save the router advertisement data for later use
 									IPCIPv6AddRouterPrefixes(ipc, &p->ICMPv6HeaderPacketInfo.OptionList, src_mac, &ip_src);
 									IPCIPv6AssociateOnNDTEx(ipc, &ip_src, src_mac, true);
-									IPCIPv6AssociateOnNDTEx(ipc, &ip_src, p->ICMPv6HeaderPacketInfo.OptionList.SourceLinkLayer->Address, true);
+									if (p->ICMPv6HeaderPacketInfo.OptionList.SourceLinkLayer != NULL) {
+										IPCIPv6AssociateOnNDTEx(ipc, &ip_src, p->ICMPv6HeaderPacketInfo.OptionList.SourceLinkLayer->Address, true);
+									}
+									ndtProcessed = true;
+									header_size = sizeof(ICMPV6_ROUTER_ADVERTISEMENT_HEADER);
 									break;
 								case ICMPV6_TYPE_NEIGHBOR_ADVERTISEMENT:
 									// We save the neighbor advertisements into NDT
@@ -1517,7 +1529,77 @@ void IPCProcessL3EventsEx(IPC *ipc, UINT64 now)
 									IPCIPv6AssociateOnNDTEx(ipc, &icmpHeaderAddr, src_mac, true);
 									IPCIPv6AssociateOnNDTEx(ipc, &ip_src, src_mac, true);
 									ndtProcessed = true;
+									header_size = sizeof(ICMPV6_NEIGHBOR_ADVERTISEMENT_HEADER);
 									break;
+								case ICMPV6_TYPE_NEIGHBOR_SOLICIATION:
+									header_size = sizeof(ICMPV6_NEIGHBOR_SOLICIATION_HEADER);
+									break;
+								}
+
+								// Remove link-layer address options for Windows clients (required on Windows 11)
+								if (header_size > 0)
+								{
+									//UCHAR *src = p->ICMPv6HeaderPacketInfo.Headers.HeaderPointer + header_size;
+									UCHAR* src = (UCHAR *)p->ICMPv6HeaderPacketInfo.Headers.HeaderPointer + header_size;// Cast the pointer to UCHAR *.
+									UINT opt_size = p->ICMPv6HeaderPacketInfo.DataSize - header_size;
+									UCHAR *dst = src;
+									UINT removed = 0;
+
+									while (opt_size > sizeof(ICMPV6_OPTION))
+									{
+										ICMPV6_OPTION *option_header;
+										UINT header_total_size;
+
+										option_header = (ICMPV6_OPTION *)src;
+										// Calculate the entire header size
+										header_total_size = option_header->Length * 8;
+										if (header_total_size == 0)
+										{
+											// The size is zero
+											break;
+										}
+										if (opt_size < header_total_size)
+										{
+											// Size shortage
+											break;
+										}
+
+										switch (option_header->Type)
+										{
+										case ICMPV6_OPTION_TYPE_SOURCE_LINK_LAYER:
+										case ICMPV6_OPTION_TYPE_TARGET_LINK_LAYER:
+											// Skip source or target link-layer option
+											removed += header_total_size;
+											break;
+										default:
+											// Copy options other than source link-layer
+											if (src != dst)
+											{
+												UCHAR *tmp = Clone(src, header_total_size);
+												Copy(dst, tmp, header_total_size);
+												Free(tmp);
+											}
+											dst += header_total_size;
+										}
+
+										src += header_total_size;
+										opt_size -= header_total_size;
+
+									}
+
+									// Recalculate length and checksum if modified
+									if (removed > 0)
+									{
+										size -= removed;
+										p->L3.IPv6Header->PayloadLength = Endian16(size - sizeof(IPV6_HEADER));
+										p->L4.ICMPHeader->Checksum = 0;
+										p->L4.ICMPHeader->Checksum =
+											CalcChecksumForIPv6(&p->L3.IPv6Header->SrcAddress,
+												&p->L3.IPv6Header->DestAddress, IP_PROTO_ICMPV6,
+												p->L4.ICMPHeader, size - sizeof(IPV6_HEADER), 0);
+										Copy(data, b->Buf + 14, size);
+									}
+
 								}
 							}
 
@@ -2054,7 +2136,7 @@ void IPCIPv6Init(IPC *ipc)
 	ipc->IPv6RouterAdvs = NewList(NULL);
 
 	ipc->IPv6ClientEUI = 0;
-	ipc->IPv6ServerEUI = 0;
+	GenerateEui64Address6((UCHAR *)&ipc->IPv6ServerEUI, ipc->MacAddress);
 
 	ipc->IPv6State = IPC_PROTO_STATUS_CLOSED;
 }
@@ -2274,7 +2356,14 @@ void IPCIPv6AddRouterPrefixes(IPC *ipc, ICMPV6_OPTION_LIST *recvPrefix, UCHAR *m
 				IntToSubnetMask6(&newRA->RoutedMask, recvPrefix->Prefix[i]->SubnetLength);
 				CopyIP(&newRA->RouterAddress, ip);
 				Copy(newRA->RouterMacAddress, macAddress, 6);
-				Copy(newRA->RouterLinkLayerAddress, recvPrefix->SourceLinkLayer->Address, 6);
+				if (recvPrefix->SourceLinkLayer != NULL)
+				{
+					Copy(newRA->RouterLinkLayerAddress, recvPrefix->SourceLinkLayer->Address, 6);
+				}
+				else
+				{
+					Zero(newRA->RouterLinkLayerAddress, 6);
+				}
 				Add(ipc->IPv6RouterAdvs, newRA);
 			}
 		}
@@ -2290,6 +2379,15 @@ bool IPCIPv6CheckUnicastFromRouterPrefix(IPC *ipc, IP *ip, IPC_IPV6_ROUTER_ADVER
 	UINT i;
 	IPC_IPV6_ROUTER_ADVERTISEMENT *matchingRA = NULL;
 	bool isInPrefix = false;
+
+	if (LIST_NUM(ipc->IPv6RouterAdvs) == 0)
+	{
+		// We have a unicast packet but we haven't got any RAs.
+		// The client is probably misconfigured in IPv6. We send non-blocking RS at best effort.
+		IPCSendIPv6RouterSoliciation(ipc, false);
+		return false;
+	}
+
 	for (i = 0; i < LIST_NUM(ipc->IPv6RouterAdvs); i++)
 	{
 		IPC_IPV6_ROUTER_ADVERTISEMENT *ra = LIST_DATA(ipc->IPv6RouterAdvs, i);
@@ -2309,91 +2407,71 @@ bool IPCIPv6CheckUnicastFromRouterPrefix(IPC *ipc, IP *ip, IPC_IPV6_ROUTER_ADVER
 	return isInPrefix;
 }
 
-// Send router solicitation and then eventually populate the info from Router Advertisements
-UINT64 IPCIPv6GetServerEui(IPC *ipc)
+// Send router solicitation to find a router
+bool IPCSendIPv6RouterSoliciation(IPC *ipc, bool blocking)
 {
-	// It is already configured, nothing to do here
-	if (ipc->IPv6ServerEUI != 0)
-	{
-		return ipc->IPv6ServerEUI;
-	}
+	IP destIP;
+	IPV6_ADDR destV6;
+	UCHAR destMacAddress[6];
+	IPV6_ADDR linkLocal;
+	BUF *packet;
+	UINT64 giveup_time = Tick64() + (UINT64)(IPC_IPV6_RA_MAX_RETRIES * IPC_IPV6_RA_INTERVAL);
+	UINT64 timeout_retry = 0;
 
 	// If we don't have a valid client EUI, we can't generate a correct link local
 	if (ipc->IPv6ClientEUI == 0)
 	{
-		return ipc->IPv6ServerEUI;
+		return false;
 	}
 
-	if (LIST_NUM(ipc->IPv6RouterAdvs) == 0)
-	{
-		IP destIP;
-		IPV6_ADDR destV6;
-		UCHAR destMacAddress[6];
-		IPV6_ADDR linkLocal;
-		BUF *packet;
-		UINT64 giveup_time = Tick64() + (UINT64)(IPC_IPV6_RA_MAX_RETRIES * IPC_IPV6_RA_INTERVAL);
-		UINT64 timeout_retry = 0;
+	Zero(&linkLocal, sizeof(IPV6_ADDR));
 
-		Zero(&linkLocal, sizeof(IPV6_ADDR));
+	// Generate link local from client's EUI
+	linkLocal.Value[0] = 0xFE;
+	linkLocal.Value[1] = 0x80;
+	Copy(&linkLocal.Value[8], &ipc->IPv6ClientEUI, sizeof(UINT64));
 
-		// Generate link local from client's EUI
-		linkLocal.Value[0] = 0xFE;
-		linkLocal.Value[1] = 0x80;
-		Copy(&linkLocal.Value[8], &ipc->IPv6ClientEUI, sizeof(UINT64));
+	GetAllRouterMulticastAddress6(&destIP);
 
-		GetAllRouterMulticastAddress6(&destIP);
+	// Generate the MAC address from the multicast address
+	destMacAddress[0] = 0x33;
+	destMacAddress[1] = 0x33;
+	Copy(&destMacAddress[2], &destIP.address[12], sizeof(UINT));
 
-		// Generate the MAC address from the multicast address
-		destMacAddress[0] = 0x33;
-		destMacAddress[1] = 0x33;
-		Copy(&destMacAddress[2], &destIP.address[12], sizeof(UINT));
+	IPToIPv6Addr(&destV6, &destIP);
 
-		IPToIPv6Addr(&destV6, &destIP);
-
-		packet = BuildICMPv6RouterSoliciation(&linkLocal, &destV6, ipc->MacAddress, 0);
-
-		while (LIST_NUM(ipc->IPv6RouterAdvs) == 0)
-		{
-			UINT64 now = Tick64();
-			if (now >= timeout_retry)
-			{
-				timeout_retry = now + (UINT64)IPC_IPV6_RA_INTERVAL;
-				IPCIPv6SendWithDestMacAddr(ipc, packet->Buf, packet->Size, destMacAddress);
-			}
-
-			AddInterrupt(ipc->Interrupt, timeout_retry);
-
-			if (Tick64() >= giveup_time)
-			{
-				// We failed to receive any router advertisements
-				break;
-			}
-
-			// The processing should populate the received RAs by itself
-			IPCProcessL3Events(ipc);
-		}
+	packet = BuildICMPv6RouterSoliciation(&linkLocal, &destV6, ipc->MacAddress, 0);
 
+	if (blocking == false) {
+		IPCIPv6SendWithDestMacAddr(ipc, packet->Buf, packet->Size, destMacAddress);
 		FreeBuf(packet);
+		return false;
 	}
 
-	// Populating the IPv6 Server EUI for IPV6CP
-	if (LIST_NUM(ipc->IPv6RouterAdvs) > 0)
+	while (LIST_NUM(ipc->IPv6RouterAdvs) == 0)
 	{
-		IPC_IPV6_ROUTER_ADVERTISEMENT *ra = LIST_DATA(ipc->IPv6RouterAdvs, 0);
-		Copy(&ipc->IPv6ServerEUI, &ra->RouterAddress.address[8], sizeof(ipc->IPv6ServerEUI));
-	}
-
-	// If it is still not defined, let's just generate something random
-	while (ipc->IPv6ServerEUI == 0)
-	{
-		ipc->IPv6ServerEUI = Rand64();
-		if (ipc->IPv6ClientEUI == ipc->IPv6ServerEUI)
+		UINT64 now = Tick64();
+		if (now >= timeout_retry)
 		{
-			ipc->IPv6ServerEUI = 0;
+			timeout_retry = now + (UINT64)IPC_IPV6_RA_INTERVAL;
+			IPCIPv6SendWithDestMacAddr(ipc, packet->Buf, packet->Size, destMacAddress);
 		}
+
+		AddInterrupt(ipc->Interrupt, timeout_retry);
+
+		if (Tick64() >= giveup_time)
+		{
+			// We failed to receive any router advertisements
+			FreeBuf(packet);
+			return false;
+		}
+
+		// The processing should populate the received RAs by itself
+		IPCProcessL3Events(ipc);
 	}
 
-	return ipc->IPv6ServerEUI;
+	FreeBuf(packet);
+	return true;
 }
 
 // Data flow
@@ -2481,10 +2559,20 @@ void IPCIPv6SendWithDestMacAddr(IPC *ipc, void *data, UINT size, UCHAR *dest_mac
 			BUF *buf;
 			BUF *optBuf;
 			BUF *packet;
+			UINT header_size = 0;
 			// We need to rebuild the packet to
 			switch (p->ICMPv6HeaderPacketInfo.Type)
 			{
+			case ICMPV6_TYPE_ROUTER_SOLICIATION:
+				header_size = sizeof(ICMPV6_ROUTER_SOLICIATION_HEADER);
+				if (p->ICMPv6HeaderPacketInfo.OptionList.SourceLinkLayer == NULL)
+				{
+					p->ICMPv6HeaderPacketInfo.OptionList.SourceLinkLayer = &linkLayer;
+				}
+				Copy(p->ICMPv6HeaderPacketInfo.OptionList.SourceLinkLayer->Address, ipc->MacAddress, 6);
+				break;
 			case ICMPV6_TYPE_NEIGHBOR_SOLICIATION:
+				header_size = sizeof(ICMPV6_NEIGHBOR_SOLICIATION_HEADER);
 				if (p->ICMPv6HeaderPacketInfo.OptionList.SourceLinkLayer == NULL)
 				{
 					p->ICMPv6HeaderPacketInfo.OptionList.SourceLinkLayer = &linkLayer;
@@ -2492,6 +2580,7 @@ void IPCIPv6SendWithDestMacAddr(IPC *ipc, void *data, UINT size, UCHAR *dest_mac
 				Copy(p->ICMPv6HeaderPacketInfo.OptionList.SourceLinkLayer->Address, ipc->MacAddress, 6);
 				break;
 			case ICMPV6_TYPE_NEIGHBOR_ADVERTISEMENT:
+				header_size = sizeof(ICMPV6_NEIGHBOR_ADVERTISEMENT_HEADER);
 				if (p->ICMPv6HeaderPacketInfo.OptionList.TargetLinkLayer == NULL)
 				{
 					p->ICMPv6HeaderPacketInfo.OptionList.TargetLinkLayer = &linkLayer;
@@ -2501,12 +2590,12 @@ void IPCIPv6SendWithDestMacAddr(IPC *ipc, void *data, UINT size, UCHAR *dest_mac
 			}
 			switch (p->ICMPv6HeaderPacketInfo.Type)
 			{
+			case ICMPV6_TYPE_ROUTER_SOLICIATION:
 			case ICMPV6_TYPE_NEIGHBOR_SOLICIATION:
 			case ICMPV6_TYPE_NEIGHBOR_ADVERTISEMENT:
 				optBuf = BuildICMPv6Options(&p->ICMPv6HeaderPacketInfo.OptionList);
 				buf = NewBuf();
-				WriteBuf(buf, p->ICMPv6HeaderPacketInfo.Headers.HeaderPointer,
-				         p->ICMPv6HeaderPacketInfo.Type == ICMPV6_TYPE_NEIGHBOR_SOLICIATION ? sizeof(ICMPV6_NEIGHBOR_SOLICIATION_HEADER) : sizeof(ICMPV6_NEIGHBOR_ADVERTISEMENT_HEADER));
+				WriteBuf(buf, p->ICMPv6HeaderPacketInfo.Headers.HeaderPointer, header_size);
 				WriteBufBuf(buf, optBuf);
 				packet = BuildICMPv6(&p->IPv6HeaderPacketInfo.IPv6Header->SrcAddress,
 				                     &p->IPv6HeaderPacketInfo.IPv6Header->DestAddress,
@@ -2577,7 +2666,7 @@ void IPCIPv6SendUnicast(IPC *ipc, void *data, UINT size, IP *next_ip)
 		}
 
 		destMac = ra.RouterMacAddress;
-		if (!IsMacUnicast(destMac) && !IsMacInvalid(ra.RouterMacAddress))
+		if (!IsMacUnicast(destMac) && !IsMacInvalid(ra.RouterLinkLayerAddress))
 		{
 			destMac = ra.RouterLinkLayerAddress;
 		}

src/Cedar/IPC.h

@@ -91,6 +91,7 @@ struct IPC_PARAM
 	UINT Mss;
 	bool IsL3Mode;
 	X *ClientCertificate;
+	bool RadiusOK;
 	UINT Layer;
 };
 
@@ -155,7 +156,7 @@ struct IPC
 	LIST *IPv6NeighborTable;			// Neighbor Discovery Table
 	LIST *IPv6RouterAdvs;				// Router offered prefixes
 	UINT64 IPv6ClientEUI;				// The EUI of the client (for the SLAAC autoconf)
-	UINT64 IPv6ServerEUI;				// The EUI of the server (from the RA discovery)
+	UINT64 IPv6ServerEUI;				// The EUI of the server (from the IPC Mac address)
 };
 
 // MS-CHAPv2 authentication information
@@ -180,7 +181,7 @@ struct IPC_IPV6_ROUTER_ADVERTISEMENT
 IPC *NewIPC(CEDAR *cedar, char *client_name, char *postfix, char *hubname, char *username, char *password, char *wg_key,
             UINT *error_code, IP *client_ip, UINT client_port, IP *server_ip, UINT server_port,
             char *client_hostname, char *crypt_name,
-            bool bridge_mode, UINT mss, EAP_CLIENT *eap_client, X *client_certificate,
+            bool bridge_mode, UINT mss, EAP_CLIENT *eap_client, X *client_certificate, bool external_auth,
             UINT layer);
 IPC *NewIPCByParam(CEDAR *cedar, IPC_PARAM *param, UINT *error_code);
 IPC *NewIPCBySock(CEDAR *cedar, SOCK *s, void *mac_address);
@@ -233,7 +234,7 @@ bool IPCIPv6CheckExistingLinkLocal(IPC *ipc, UINT64 eui);
 // RA
 void IPCIPv6AddRouterPrefixes(IPC *ipc, ICMPV6_OPTION_LIST *recvPrefix, UCHAR *macAddress, IP *ip);
 bool IPCIPv6CheckUnicastFromRouterPrefix(IPC *ipc, IP *ip, IPC_IPV6_ROUTER_ADVERTISEMENT *matchedRA);
-UINT64 IPCIPv6GetServerEui(IPC *ipc);
+bool IPCSendIPv6RouterSoliciation(IPC *ipc, bool blocking);
 // Data flow
 BLOCK *IPCIPv6Recv(IPC *ipc);
 void IPCIPv6Send(IPC *ipc, void *data, UINT size);

src/Cedar/Link.h

@@ -31,6 +31,7 @@ struct LINK
 	UINT CurrentSendPacketQueueSize;	// Current send packet queue size
 	UINT LastError;					// Last error
 	bool CheckServerCert;			// To check the server certificate
+	bool AddDefaultCA;				// Use default trust store
 	X *ServerCert;					// Server certificate
 	bool LockFlag;					// Lock flag
 	bool *StopAllLinkFlag;			// Stop all link flag

src/Cedar/Listener.c

@@ -17,6 +17,7 @@
 #include "Mayaqua/Memory.h"
 #include "Mayaqua/Object.h"
 #include "Mayaqua/Str.h"
+#include "Mayaqua/Tick64.h"
 
 static bool disable_dos = false;
 static UINT max_connections_per_ip = DEFAULT_MAX_CONNECTIONS_PER_IP;
@@ -181,6 +182,11 @@ void TCPAcceptedThread(THREAD *t, void *param)
 	ConnectionAccept(c);
 	flag1 = c->flag1;
 
+	if (c->JsonRpcAuthed)
+	{
+		RemoveDosEntry(r, s);
+	}
+
 	// Release
 	SLog(r->Cedar, "LS_CONNECTION_END_1", c->Name);
 	ReleaseListener(c->Listener);
@@ -221,6 +227,46 @@ void TCPAccepted(LISTENER *r, SOCK *s)
 
 	num_clients_from_this_ip = GetNumIpClient(&s->RemoteIP);
 
+#ifdef	USE_DOS_ATTACK_DETECTION
+	if (disable_dos == false && r->DisableDos == false && r->Protocol != LISTENER_INPROC)
+	{
+		UINT max_uec, now_uec;
+		// DOS attack check
+		if (CheckDosAttack(r, s) == false)
+		{
+			Debug("DOS Attack 1 !!\n");
+			IPToStr(tmp, sizeof(tmp), &s->RemoteIP);
+			SLog(r->Cedar, "LS_LISTENER_DOS", r->Port, tmp, s->RemotePort);
+			return;
+		}
+		if (StrCmpi(s->UnderlayProtocol, SOCK_UNDERLAY_NATIVE_V6) == 0 ||
+			StrCmpi(s->UnderlayProtocol, SOCK_UNDERLAY_NATIVE_V4) == 0)
+		{
+			if (IsInNoSsl(r->Cedar, &s->RemoteIP))
+			{
+				Debug("DOS Attack 2 !!\n");
+				IPToStr(tmp, sizeof(tmp), &s->RemoteIP);
+				SLog(r->Cedar, "LS_LISTENER_DOS", r->Port, tmp, s->RemotePort);
+				return;
+			}
+		}
+		if (num_clients_from_this_ip > GetMaxConnectionsPerIp())
+		{
+			Debug("DOS Attack 3 !!\n");
+			IPToStr(tmp, sizeof(tmp), &s->RemoteIP);
+			SLog(r->Cedar, "LS_LISTENER_DOS", r->Port, tmp, s->RemotePort);
+			return;
+		}
+		max_uec = GetMaxUnestablishedConnections();
+		now_uec = GetUnestablishedConnections(cedar);
+		if (now_uec > max_uec)
+		{
+			Debug("DOS Attack 4 !!\n");
+			SLog(r->Cedar, "LS_LISTENER_MAXUEC", max_uec, now_uec);
+			return;
+		}
+	}
+#endif	// USE_DOS_ATTACK_DETECTION
 
 	IPToStr(tmp, sizeof(tmp), &s->RemoteIP);
 
@@ -239,6 +285,169 @@ void TCPAccepted(LISTENER *r, SOCK *s)
 	ReleaseThread(t);
 }
 
+// Remove a DOS entry
+bool RemoveDosEntry(LISTENER *r, SOCK *s)
+{
+	DOS *d;
+	bool ok = false;
+	// Validate arguments
+	if (r == NULL || s == NULL)
+	{
+		return false;
+	}
+
+	LockList(r->DosList);
+	{
+		// Delete old entries from the DOS attack list
+		RefreshDosList(r);
+
+		// Search the table
+		d = SearchDosList(r, &s->RemoteIP);
+
+		if (d != NULL)
+		{
+			Delete(r->DosList, d);
+			Free(d);
+			ok = true;
+		}
+	}
+	UnlockList(r->DosList);
+
+	return ok;
+}
+
+// Check whether this is a DOS attack
+bool CheckDosAttack(LISTENER *r, SOCK *s)
+{
+	DOS *d;
+	bool ok = true;
+	// Validate arguments
+	if (r == NULL || s == NULL)
+	{
+		return false;
+	}
+
+	LockList(r->DosList);
+	{
+		// Delete old entries from the DOS attack list
+		RefreshDosList(r);
+
+		// Search the table
+		d = SearchDosList(r, &s->RemoteIP);
+
+		if (d != NULL)
+		{
+			// There is a entry already
+			// This should mean being under a DOS attack
+			d->LastConnectedTick = Tick64();
+			d->CurrentExpireSpan = MIN(d->CurrentExpireSpan * (UINT64)2, DOS_TABLE_EXPIRES_MAX);
+			d->AccessCount++;
+			if (d->AccessCount > DOS_TABLE_MAX_LIMIT_PER_IP)
+			{
+				ok = false;
+			}
+		}
+		else
+		{
+			// Create a new entry
+			d = ZeroMalloc(sizeof(DOS));
+			d->CurrentExpireSpan = (UINT64)DOS_TABLE_EXPIRES_FIRST;
+			d->FirstConnectedTick = d->LastConnectedTick = Tick64();
+			d->AccessCount = 1;
+			d->DeleteEntryTick = d->FirstConnectedTick + (UINT64)DOS_TABLE_EXPIRES_TOTAL;
+			Copy(&d->IpAddress, &s->RemoteIP, sizeof(IP));
+			Add(r->DosList, d);
+		}
+	}
+	UnlockList(r->DosList);
+
+	return ok;
+}
+
+// Delete old entries from the DOS attack list
+void RefreshDosList(LISTENER *r)
+{
+	// Validate arguments
+	if (r == NULL)
+	{
+		return;
+	}
+
+	if (r->DosListLastRefreshTime == 0 ||
+		(r->DosListLastRefreshTime + (UINT64)DOS_TABLE_REFRESH_INTERVAL) <= Tick64())
+	{
+		UINT i;
+		LIST *o;
+		r->DosListLastRefreshTime = Tick64();
+
+		o = NewListFast(NULL);
+		for (i = 0;i < LIST_NUM(r->DosList);i++)
+		{
+			DOS *d = LIST_DATA(r->DosList, i);
+			if ((d->LastConnectedTick + d->CurrentExpireSpan) <= Tick64() ||
+				(d->DeleteEntryTick <= Tick64()))
+			{
+				Add(o, d);
+			}
+		}
+
+		for (i = 0;i < LIST_NUM(o);i++)
+		{
+			DOS *d = LIST_DATA(o, i);
+			Delete(r->DosList, d);
+			Free(d);
+		}
+
+		ReleaseList(o);
+	}
+}
+
+// Search the DOS attack list by the IP address
+DOS *SearchDosList(LISTENER *r, IP *ip)
+{
+	DOS *d, t;
+	// Validate arguments
+	if (r == NULL || ip == NULL)
+	{
+		return NULL;
+	}
+
+	Copy(&t.IpAddress, ip, sizeof(IP));
+
+	d = Search(r->DosList, &t);
+
+	if (d != NULL)
+	{
+		if ((d->LastConnectedTick + d->CurrentExpireSpan) <= Tick64() ||
+			(d->DeleteEntryTick <= Tick64()))
+		{
+			// Delete old entries
+			Delete(r->DosList, d);
+			Free(d);
+			return NULL;
+		}
+	}
+
+	return d;
+}
+
+// Comparison of DOS attack list entries
+int CompareDos(void *p1, void *p2)
+{
+	DOS *d1, *d2;
+	if (p1 == NULL || p2 == NULL)
+	{
+		return 0;
+	}
+	d1 = *(DOS **)p1;
+	d2 = *(DOS **)p2;
+	if (d1 == NULL || d2 == NULL)
+	{
+		return 0;
+	}
+
+	return CmpIpAddr(&d1->IpAddress, &d2->IpAddress);
+}
 
 // UDP listener main loop
 void ListenerUDPMainLoop(LISTENER *r)
@@ -386,7 +595,14 @@ void ListenerTCPMainLoop(LISTENER *r)
 				}
 				else
 				{
-					s = ListenEx6(r->Port, r->LocalOnly);
+					if (r->Cedar->Server == NULL)
+					{
+						s = ListenEx6(r->Port, r->LocalOnly);
+					}
+					else
+					{
+						s = ListenEx63(r->Port, r->LocalOnly, false, &r->Cedar->Server->ListenIP);
+					}
 				}
 			}
 			else if (r->Protocol == LISTENER_INPROC)
@@ -646,6 +862,13 @@ void CleanupListener(LISTENER *r)
 		return;
 	}
 
+	// Release the DOS attack list
+	for (i = 0;i < LIST_NUM(r->DosList);i++)
+	{
+		DOS *d = LIST_DATA(r->DosList, i);
+		Free(d);
+	}
+	ReleaseList(r->DosList);
 
 	if (r->Sock != NULL)
 	{
@@ -795,6 +1018,7 @@ LISTENER *NewListenerEx5(CEDAR *cedar, UINT proto, UINT port, THREAD_PROC *proc,
 	r->Port = port;
 	r->Event = NewEvent();
 
+	r->DosList = NewList(CompareDos);
 
 	r->LocalOnly = local_only;
 	r->ShadowIPv6 = shadow_ipv6;

src/Cedar/Listener.h

@@ -10,12 +10,24 @@
 
 #include "CedarType.h"
 
+#include "Mayaqua/MayaType.h"
 #include "Mayaqua/Kernel.h"
+#include "Mayaqua/Network.h"
 
 // Function to call when receiving a new connection
 typedef void (NEW_CONNECTION_PROC)(CONNECTION *c);
 
 
+// DOS attack list
+struct DOS
+{
+	IP IpAddress;					// IP address
+	UINT64 FirstConnectedTick;		// Time which a client connects at the first time
+	UINT64 LastConnectedTick;		// Time which a client connected at the last time
+	UINT64 CurrentExpireSpan;		// Current time-out period of this record
+	UINT64 DeleteEntryTick;			// Time planned to delete this entry
+	UINT AccessCount;				// The number of accesses
+};
 
 // Listener structure
 struct LISTENER
@@ -31,6 +43,8 @@ struct LISTENER
 	volatile bool Halt;				// Halting flag
 	UINT Status;					// State
 
+	LIST *DosList;					// DOS attack list
+	UINT64 DosListLastRefreshTime;	// Time that the DOS list is refreshed at the last
 
 	THREAD_PROC *ThreadProc;		// Thread procedure
 	void *ThreadParam;				// Thread parameters
@@ -105,6 +119,11 @@ void FreeDynamicListener(DYNAMIC_LISTENER *d);
 bool ListenerRUDPRpcRecvProc(RUDP_STACK *r, UDPPACKET *p);
 void ListenerSetProcRecvRpcEnable(bool b);
 
+int CompareDos(void *p1, void *p2);
+DOS *SearchDosList(LISTENER *r, IP *ip);
+void RefreshDosList(LISTENER *r);
+bool CheckDosAttack(LISTENER *r, SOCK *s);
+bool RemoveDosEntry(LISTENER *r, SOCK *s);
 
 #endif	// LISTENER_H
 

src/Cedar/Proto_EtherIP.c

@@ -75,7 +75,7 @@ void EtherIPIpcConnectThread(THREAD *t, void *p)
 			&s->ClientIP, s->ClientPort,
 			&s->ServerIP, s->ServerPort,
 			tmp,
-			s->CryptName, true, mss, NULL, NULL, IPC_LAYER_2);
+			s->CryptName, true, mss, NULL, NULL, false, IPC_LAYER_2);
 
 		if (ipc != NULL)
 		{

src/Cedar/Proto_IKE.c

@@ -463,39 +463,13 @@ void ProcIPsecEspPacketRecv(IKE_SERVER *ike, UDPPACKET *p)
 	seq = READ_UINT(src + sizeof(UINT));
 
 	// Search and retrieve the IPsec SA from SPI
+
+	// thank to @phillibert report, responding to bad SA might lead to amplification
+	// according to RFC4303 we should drop such packets
+
 	ipsec_sa = SearchClientToServerIPsecSaBySpi(ike, spi);
 	if (ipsec_sa == NULL)
 	{
-		// Invalid SPI
-		UINT64 init_cookie = Rand64();
-		UINT64 resp_cookie = 0;
-		IKE_CLIENT *c = NULL;
-		IKE_CLIENT t;
-
-
-		Copy(&t.ClientIP, &p->SrcIP, sizeof(IP));
-		t.ClientPort = p->SrcPort;
-		Copy(&t.ServerIP, &p->DstIP, sizeof(IP));
-		t.ServerPort = p->DestPort;
-		t.CurrentIkeSa = NULL;
-
-		if (p->DestPort == IPSEC_PORT_IPSEC_ESP_RAW)
-		{
-			t.ClientPort = t.ServerPort = IPSEC_PORT_IPSEC_ISAKMP;
-		}
-
-		c = Search(ike->ClientList, &t);
-
-		if (c != NULL && c->CurrentIkeSa != NULL)
-		{
-			init_cookie = c->CurrentIkeSa->InitiatorCookie;
-			resp_cookie = c->CurrentIkeSa->ResponderCookie;
-		}
-
-		SendInformationalExchangePacketEx(ike, (c == NULL ? &t : c), IkeNewNoticeErrorInvalidSpiPayload(spi), false,
-			init_cookie, resp_cookie);
-
-		SendDeleteIPsecSaPacket(ike, (c == NULL ? &t : c), spi);
 		return;
 	}