AMajor/SoftEtherVPN
1
0
Fork 0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2026-04-20 22:09:26 +03:00
Code Releases Activity

Compare commits

base: AMajor/SoftEtherVPN:5.02.5180
Branches Tags
AMajor/SoftEtherVPN:master AMajor/SoftEtherVPN:copilot/add-ikev2-support-ipsec-vpn AMajor/SoftEtherVPN:copilot/fix-vpn-server-access-issue AMajor/SoftEtherVPN:copilot/add-windows-arm64-docs AMajor/SoftEtherVPN:copilot/fix-false-positive-detection
AMajor/SoftEtherVPN:5.2.5188 AMajor/SoftEtherVPN:5.02.5187 AMajor/SoftEtherVPN:5.02.5186 AMajor/SoftEtherVPN:5.02.5185 AMajor/SoftEtherVPN:5.02.5184 AMajor/SoftEtherVPN:5.02.5183 AMajor/SoftEtherVPN:5.02.5182 AMajor/SoftEtherVPN:5.02.5181 AMajor/SoftEtherVPN:5.02.5180 AMajor/SoftEtherVPN:5.02.0 AMajor/SoftEtherVPN:5.01.9674 AMajor/SoftEtherVPN:5.01.9673 AMajor/SoftEtherVPN:5.01.9672 AMajor/SoftEtherVPN:5.01.9671 AMajor/SoftEtherVPN:5.01.9670 AMajor/SoftEtherVPN:5.01.9669 AMajor/SoftEtherVPN:5.01.9668 AMajor/SoftEtherVPN:5.01.9667 AMajor/SoftEtherVPN:5.01.9666 AMajor/SoftEtherVPN:5.01.9665 AMajor/SoftEtherVPN:5.01.9664 AMajor/SoftEtherVPN:5.01.9663 AMajor/SoftEtherVPN:5.01.9662 AMajor/SoftEtherVPN:5.01.9661 AMajor/SoftEtherVPN:5.01.9660 AMajor/SoftEtherVPN:5.01.9659 AMajor/SoftEtherVPN:5.01.9658
..
compare: AMajor/SoftEtherVPN:369f82794ce2d22f547cd9f99ee57ff28df002a3
Branches Tags
AMajor/SoftEtherVPN:master AMajor/SoftEtherVPN:copilot/add-ikev2-support-ipsec-vpn AMajor/SoftEtherVPN:copilot/fix-vpn-server-access-issue AMajor/SoftEtherVPN:copilot/add-windows-arm64-docs AMajor/SoftEtherVPN:copilot/fix-false-positive-detection
AMajor/SoftEtherVPN:5.2.5188 AMajor/SoftEtherVPN:5.02.5187 AMajor/SoftEtherVPN:5.02.5186 AMajor/SoftEtherVPN:5.02.5185 AMajor/SoftEtherVPN:5.02.5184 AMajor/SoftEtherVPN:5.02.5183 AMajor/SoftEtherVPN:5.02.5182 AMajor/SoftEtherVPN:5.02.5181 AMajor/SoftEtherVPN:5.02.5180 AMajor/SoftEtherVPN:5.02.0 AMajor/SoftEtherVPN:5.01.9674 AMajor/SoftEtherVPN:5.01.9673 AMajor/SoftEtherVPN:5.01.9672 AMajor/SoftEtherVPN:5.01.9671 AMajor/SoftEtherVPN:5.01.9670 AMajor/SoftEtherVPN:5.01.9669 AMajor/SoftEtherVPN:5.01.9668 AMajor/SoftEtherVPN:5.01.9667 AMajor/SoftEtherVPN:5.01.9666 AMajor/SoftEtherVPN:5.01.9665 AMajor/SoftEtherVPN:5.01.9664 AMajor/SoftEtherVPN:5.01.9663 AMajor/SoftEtherVPN:5.01.9662 AMajor/SoftEtherVPN:5.01.9661 AMajor/SoftEtherVPN:5.01.9660 AMajor/SoftEtherVPN:5.01.9659 AMajor/SoftEtherVPN:5.01.9658

562 Commits
5.02.5180 .. 369f82794c

Author SHA1 Message Date
Alexey Kryuchkov 369f82794c Merge a366bdbf02 into c2487c6b2e 2025-01-11 03:16:57 +08:00
Ilya Shipitsin c2487c6b2e Merge pull request #2086 from Mastemmah/ArtifactsPublising 
Adding artifact publishing for Linux
 2025-01-07 11:26:05 +01:00
Matt Rodak 817214da1f Adding artifact publishing for Linux 
Simple Workflow change to download deb packages created within the Linux workflow
 2025-01-07 00:13:06 +01:00
Ilya Shipitsin 015f93f7b7 Merge pull request #2082 from chipitsine/master 
stbchecker: modernize .net version
 2024-12-15 01:18:01 +01:00
Ilia Shipitsin cdd3bddcc6 stbchecker: modernize .net version 2024-12-15 00:55:46 +01:00
Ilya Shipitsin 0a1f0913d9 Merge pull request #2081 from chipitsine/master 
CI: modernize macos versions
 2024-12-15 00:49:45 +01:00
Ilia Shipitsin 18cbd4627a CI: modernize macos versions 2024-12-15 00:25:35 +01:00
Ilya Shipitsin e475d70c0b Merge pull request #2056 from nynauy/nynauy-systemd-patch 
Correct and simplify systemd service files
 2024-09-24 16:47:23 +02:00
Ilya Shipitsin e94240d9a0 Merge pull request #2033 from siddharth-narayan/nt-fix 
Fix "Not on NT" error message and add uihelp to vpncmd
 2024-09-21 21:59:10 +02:00
nynauy 023eb3465d Correct and simplify systemd service files 
Remove unnecessary wrappers and change to start services directly. Also remove misused "EnvironmentFile" and unrecommended "KillMode=process".
 2024-09-17 07:03:19 +08:00
Ilya Shipitsin 5d1ce1a2cd Merge pull request #2051 from chipitsine/master 
bump version for upcoming 5187 release
 2024-09-09 21:57:51 +02:00
Ilia Shipitsin d8569ad31a bump version for upcoming 5187 release 2024-09-09 21:12:38 +02:00
Ilya Shipitsin e3e0c33e3b Merge pull request #2044 from Evengard/fix2043 
Incorrect variable used while iterating through sessions which makes the loop stuck
 2024-09-09 21:06:40 +02:00
Ilya Shipitsin 9f01143c83 Merge pull request #2045 from SoftEtherVPN/dependabot/npm_and_yarn/src/bin/hamcore/wwwroot/admin/default/webpack-5.94.0 
Bump webpack from 5.76.0 to 5.94.0 in /src/bin/hamcore/wwwroot/admin/default
 2024-08-30 15:54:45 +02:00
dependabot[bot] 93df1ee631 Bump webpack in /src/bin/hamcore/wwwroot/admin/default 
Bumps [webpack](https://github.com/webpack/webpack) from 5.76.0 to 5.94.0.
- [Release notes](https://github.com/webpack/webpack/releases)
- [Commits](https://github.com/webpack/webpack/compare/v5.76.0...v5.94.0)

---
updated-dependencies:
- dependency-name: webpack
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-08-30 10:46:29 +00:00
Evengard 8f0deb576c Incorrect variable used while iterating through sessions which makes the loop stuck 2024-08-25 15:36:50 +03:00
siddharth-narayan 27d233a522 Merge branch 'SoftEtherVPN:master' into nt-fix 2024-08-15 04:28:13 -04:00
Siddharth 128fefc63e Add UI helper to vpncmd on Windows 2024-08-15 04:26:15 -04:00
Ilya Shipitsin 31fed5a28f Merge pull request #2036 from icy17/null-check3 
Fix potential NULL pointer dereference
 2024-08-14 22:08:43 +02:00
Ilya Shipitsin a8ce56b28b Merge pull request #2041 from e-kud/update-cmake 
Update minimal cmake version to 3.15
 2024-08-13 00:25:22 +02:00
Evgeny Kudryashov 08e24917b8 Update minimal cmake version to 3.15 
* 3.12 is required for add_compile_definitions
* 3.15 is required for CMP0091 policy
 2024-08-12 22:26:51 +02:00
icy17 e2017772c7 Fix potential NULL pointer dereference 2024-08-01 15:43:34 +08:00
Ilya Shipitsin a836b3bd5e Merge pull request #2022 from siddharth-narayan/built-in-post-quantum 
Add built in post quantum functionality
 2024-07-19 20:05:47 +02:00
Siddharth 3a25c6bf73 Fix incorrect "Not on NT" error messages 2024-07-17 15:16:11 -07:00
Siddharth 67fe99e1dc Move duplicated code to one place 2024-07-16 02:33:16 -04:00
Ilya Shipitsin 4e8f797036 Merge pull request #2019 from LinearAlpha/patch-1 
URL for Nightly builds  for windows is updated
 2024-07-10 21:43:09 +02:00
Ilia Shipitsin b1bdc03cd7 adjust nightly/releases links 2024-07-10 21:34:31 +02:00
Siddharth d4d20e4443 Remove testing code 2024-07-04 13:56:13 -04:00
Ilya Shipitsin c76f11a523 Merge pull request #2026 from siddharth-narayan/fedora-fix-engine 
Fix openssl engine support on Fedora Rawhide
 2024-07-04 19:26:11 +02:00
Siddharth a45219bb78 Revert "Fix engine include errors on Fedora Rawhide" 
This reverts commit 1d57ccf94a.
 2024-07-04 13:15:50 -04:00
siddharth-narayan 25585a1e3d Guard engine.h include 2024-07-04 13:05:30 -04:00
siddharth-narayan 4370efcc90 replace openssl-devel with openssl-devel-engine 2024-07-04 13:02:16 -04:00
Siddharth 1d57ccf94a Fix engine include errors on Fedora Rawhide 2024-07-04 06:55:06 -04:00
siddharth-narayan 04912037c0 Merge branch 'SoftEtherVPN:master' into built-in-post-quantum 2024-07-03 20:12:21 -04:00
Ilya Shipitsin b8fbb3e3d8 Merge pull request #2025 from chipitsine/fedora_pull_request 
CI: enable Fedora Rawgide on pull requests
 2024-07-03 23:43:19 +02:00
Ilia Shipitsin 98a8d5249d CI: enable Fedora Rawgide on pull requests 2024-07-03 23:21:44 +02:00
Ilya Shipitsin dd2a53e049 Merge pull request #2024 from chipitsine/master 
bump version for upcoming 5186 release
 2024-07-03 21:16:01 +02:00
Ilia Shipitsin 7ce9c088ff bump version for upcoming 5186 release 2024-07-03 19:20:14 +02:00
Siddharth 1f9ce6f9c2 Skip oqsprovider build when OpenSSL version is less than 3.0 2024-06-28 17:05:52 -04:00
Siddharth 28ded982a7 Remove empty OpenSSL version guard 2024-06-28 14:18:48 -04:00
siddharth-narayan de9c566f33 Merge branch 'SoftEtherVPN:master' into built-in-post-quantum 2024-06-28 13:43:55 -04:00
Siddharth 0af6c96d88 Skip tests for oqsprovider 2024-06-28 04:01:30 -04:00
Siddharth c2c1388f8c Update liboqs and oqs-provider git submodules 2024-06-28 04:00:51 -04:00
Siddharth d15f92c9b2 Make oqsprovider not build tests 2024-06-28 04:00:51 -04:00
Siddharth 7dc3f2240c Add liboqs with find_package 2024-06-26 20:55:09 -04:00
Ilya Shipitsin c2a7aa5481 Merge pull request from GHSA-j35p-p8pj-vqxq 
src/Cedar/Proto_IKE.c: ignore packets with no IPSec SA
 2024-06-22 18:57:28 +02:00
Ilia Shipitsin 6f57449164 src/Cedar/Proto_IKE.c: ignore packets with no IPSec SA 
many thanks to Jonathan Phillibert from Amazon Web Services
for investigating and reporting that responding to such packets
might lead to traffic amplification
 2024-06-22 18:53:35 +02:00
Minpyo Kim 48f6bc57cc URL for Nightly builds is updated 
Based on issue #1993, the build has been moved from Azure to Github.
 2024-06-22 23:43:23 +09:00
Siddharth eb66e7d360 That's not how you comment in C! 2024-06-21 15:16:27 -04:00
Siddharth 13e6369db3 Add liboqs because it isn't normally packaged 2024-06-21 15:14:49 -04:00
Siddharth 102485a4b8 Add oqsprovider statically (built in) by default 2024-06-20 22:08:38 -04:00
Ilya Shipitsin bc31a5cfd3 Merge pull request #2002 from siddharth-narayan/quantum-safe-key-agreement 
Add Post Quantum key agreement
 2024-06-18 22:41:52 +02:00
Siddharth 68964ab0d7 Guard variables with OpenSSL version 2024-06-18 16:09:10 -04:00
siddharth-narayan bf3c50fde4 Merge branch 'SoftEtherVPN:master' into quantum-safe-key-agreement 2024-06-18 14:55:45 -04:00
Siddharth b06486b37d Remove unecessary provider include 2024-06-18 00:01:58 -04:00
Ilya Shipitsin 26c61b3213 Merge pull request #2014 from SoftEtherVPN/dependabot/npm_and_yarn/src/bin/hamcore/wwwroot/admin/default/braces-3.0.3 
Bump braces from 3.0.2 to 3.0.3 in /src/bin/hamcore/wwwroot/admin/default
 2024-06-17 17:45:14 +02:00
Ilya Shipitsin 1bea86ef94 Merge pull request #2006 from hiura2023/master 
Change ssl error handler: Having to read all of the errors using ERR_get_error.
 2024-06-17 17:36:55 +02:00
dependabot[bot] 6825234e0a Bump braces in /src/bin/hamcore/wwwroot/admin/default 
Bumps [braces](https://github.com/micromatch/braces) from 3.0.2 to 3.0.3.
- [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md)
- [Commits](https://github.com/micromatch/braces/compare/3.0.2...3.0.3)

---
updated-dependencies:
- dependency-name: braces
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-06-17 15:36:07 +00:00
Ilya Shipitsin a794726a07 Merge pull request #2011 from SoftEtherVPN/dependabot/npm_and_yarn/developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-nodejs-package/braces-3.0.3 
Bump braces from 3.0.2 to 3.0.3 in /developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-nodejs-package
 2024-06-17 17:35:33 +02:00
dependabot[bot] dae352104c Bump braces 
Bumps [braces](https://github.com/micromatch/braces) from 3.0.2 to 3.0.3.
- [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md)
- [Commits](https://github.com/micromatch/braces/compare/3.0.2...3.0.3)

---
updated-dependencies:
- dependency-name: braces
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-06-16 09:58:05 +00:00
Ilya Shipitsin 4fe5352931 Merge pull request #2007 from metalefty/freebsd-ci 
CI: Update to FreeBSD 14.0-RELEASE
 2024-06-09 17:23:48 +02:00
Koichiro Iwao ebe52afa9a CI: Update to FreeBSD 14.0-RELEASE 
since FreeBSD 13.2 image is no longer available on the CI platform.
 2024-06-09 21:33:46 +09:00
hiura2023 c06e5ad1dd Merge branch 'SoftEtherVPN:master' into master 2024-06-08 02:30:04 +09:00
hiura b2ec1bd5dd Change ssl error handler: Having to read all of the errors using ERR_get_error 2024-06-08 02:28:28 +09:00
Ilya Shipitsin bfaff4fdb0 Merge pull request #1994 from hiura2023/master 
Fix Virtual DHCP Server: Correct IP reassignment
 2024-05-27 13:13:40 +02:00
hiura 08213b7f0e CHANGE ERROR HANDLER FOR SSL ERROR: Change of indent 2024-05-26 23:50:05 +09:00
hiura 98852b77d9 CHANGE ERROR HANDLER FOR SSL ERROR: 2024-05-26 23:36:21 +09:00
Ilya Shipitsin 645a078f8e Merge pull request #2003 from djony/master 
Minor russian traslation update
 2024-05-22 18:40:57 +02:00
djony af2196468a Update strtable_ru.stb 2024-05-22 17:40:11 +03:00
djony 42647480b0 Update strtable_ru.stb 2024-05-22 17:02:03 +03:00
djony 60496ac7fb Merge branch 'SoftEtherVPN:master' into master 2024-05-22 16:26:44 +03:00
siddharth-narayan 63ffab9ee4 Merge branch 'SoftEtherVPN:master' into quantum-safe-key-agreement 2024-05-20 23:20:52 -04:00
Siddharth 2fe4ca0f8c Fix incorrect PQ_GROUP_LIST string 2024-05-20 21:46:57 -04:00
Siddharth a50d8910ba Add PQ Groups and the provider for them 2024-05-20 19:48:23 -04:00
Ilya Shipitsin 315ffffeec Merge pull request #2001 from chipitsine/ci_drop_macos_11 
CI: drop macos-11
 2024-05-20 23:37:52 +02:00
Ilia Shipitsin 141060101d CI: drop macos-11 
more details: https://github.blog/changelog/2024-05-20-actions-upcoming-changes-to-github-hosted-macos-runners/
 2024-05-20 21:50:07 +02:00
hiura 5a88b34ddb Fix Virtual DHCP Server: Correct IP reassignment 2024-05-08 10:55:00 +09:00
Ilya Shipitsin 7006539732 Merge pull request #1992 from chipitsine/macos_14 
CI: add macos-14
 2024-05-04 22:16:00 +02:00
Ilya Shipitsin 8ad34b2012 Merge pull request #1991 from chipitsine/master 
bump version for upcoming 5185 release
 2024-05-04 22:04:21 +02:00
Ilia Shipitsin 186d48fba2 CI: add macos-14 2024-05-04 21:25:39 +02:00
Ilia Shipitsin 37231ac006 bump version for upcoming 5185 release 2024-05-04 21:23:00 +02:00
Ilya Shipitsin 9378c341f7 Merge pull request #1989 from hiura2023/master 
Fix Virtual DHCP Server: Correct DHCP Sequence
 2024-05-04 20:47:48 +02:00
Ilya Shipitsin 99e277aa71 Merge pull request #1986 from panakuma/fix-cmake-lib-dir 
Change var of CMAKE_INSTALL_RPATH
 2024-05-04 20:45:49 +02:00
hiura2023 bcb896b178 Merge branch 'SoftEtherVPN:master' into master 2024-05-03 17:19:47 +09:00
hiura 6e5395cc8d Fix Virtual DHCP Server: Correct DHCP renewal request 2024-05-03 17:18:13 +09:00
Ilya Shipitsin 9ce27f363e Merge pull request #1990 from SoftEtherVPN/fix1972 
Fix memory access error when IPv6 prefix reading, should resolve #1972
 2024-04-28 17:25:16 +02:00
Evengard d568cc1727 Fix another memory access error again because of a missing MAC address in IPv6 headers 2024-04-27 21:57:36 +03:00
Evengard c9b5e25c87 Fix memory access error when IPv6 prefix reading, should resolve #1972 2024-04-27 02:01:48 +03:00
hiura 7f074d0c0b Fix Virtual DHCP Server: Correct HDCP Sequence 2024-04-26 12:42:27 +09:00
panakuma f8c5fa5384 Change var of CMAKE_INSTALL_RPATH 2024-04-20 00:48:24 +09:00
Ilya Shipitsin 74f7269ef6 Merge pull request #1679 from tickerguy/tickerguy-patch-1 
BridgeUnix.c: Disable MTU changes on FreeBSD
 2024-04-19 16:46:16 +02:00
Ilya Shipitsin 41f83c9e32 Merge pull request #1840 from RoelvandeWiel/issue1838 
Changed 'settng' to 'setting' and regenerated the RPC docs
 2024-04-17 20:53:42 +02:00
Ilya Shipitsin f66866fda1 Merge pull request #1984 from chipitsine/prepare_5184 
bump version for upcoming 5184 release
 2024-04-17 14:54:54 +02:00
Ilia Shipitsin 071a87297b bump version for upcoming 5184 release 2024-04-17 13:20:04 +02:00
Ilya Shipitsin cd86bd810d Merge pull request #1983 from chipitsine/master 
cleanup deprecated CI
 2024-04-17 09:29:16 +02:00
Ilia Shipitsin 831905d281 doc: remove badges of deprecated CI 2024-04-17 09:18:00 +02:00
Ilia Shipitsin 5ee8e3f00c CI: cleanup azure pipeline helpers 2024-04-17 09:10:07 +02:00
Ilya Shipitsin 2f9f157a1e Merge pull request #1982 from chipitsine/master 
simplify windows CI, create windows installer automatically on release
 2024-04-17 08:32:17 +02:00
Ilya Shipitsin 5cf45ad62b Merge pull request #1981 from hiura2023/master 
Fix 'RemoveDefGwOnDhcpForLocalhost' function No.2: Change the minimum size of DHCP reply
 2024-04-16 22:31:21 +02:00
Ilia Shipitsin c838ba0009 CI: create windows installer on release 2024-04-16 22:26:51 +02:00
Ilia Shipitsin 9982e128ef CI: simplify GHA windows workflow 2024-04-16 22:26:00 +02:00
hiura2023 ac28302b59 Merge branch 'SoftEtherVPN:master' into master 2024-04-16 19:16:20 +09:00
hiura 9a009d750a Use macro 'MAX' instead of 'max' 2024-04-16 19:14:44 +09:00
hiura c36d7187a8 Fix 'RemoveDefGwOnDhcpForLocalhost' function No.2: Change the minimum size of DHCP reply 2024-04-16 10:30:10 +09:00
Ilya Shipitsin 465df16505 Merge pull request #1980 from Alexey-I/master 
OpenVPN certificate authorization with cn_username in 'email' format
 2024-04-14 10:58:27 +02:00
Ilya Shipitsin 723d8e0682 Merge pull request #1979 from chipitsine/master 
CI: drop app veyor in favour of GHA
 2024-04-14 10:37:35 +02:00
Ilya Shipitsin 6582955cfa Update src/Cedar/Protocol.c 
Co-authored-by: Davide Beatrici <github@davidebeatrici.dev>
 2024-04-14 10:36:55 +02:00
Alexey Ivanov 71d71e51db OpenVPN certificate authorization with cn_username in 'email' format 2024-04-12 23:08:24 +05:00
Ilia Shipitsin 74ea87d725 CI: drop app veyor in favour of GHA 2024-04-12 12:44:19 +02:00
Ilya Shipitsin ca832a9cef Merge pull request #1977 from chipitsine/master 
CI: move linux builds to GHA, drop ADO
 2024-04-10 21:33:16 +02:00
Ilia Shipitsin 23e9f74e7e CI: move linux builds to GHA, drop ADO 2024-04-07 17:16:45 +02:00
Ilya Shipitsin 7b9fd5bdcd Merge pull request #1976 from chipitsine/master 
Windows CI: migrate ADO --> Github Actions
 2024-04-06 23:42:06 +02:00
Ilya Shipitsin 53b7db3578 Merge pull request #1973 from hiura2023/master 
Fix "RemoveDefGwOnDhcpForLocalhost" function: Change to exclude unplugged device from MAC address list.
 2024-04-06 16:34:03 +02:00
Ilia Shipitsin 4c1eeb717b CI: harden artifacts upload 2024-04-05 22:15:35 +02:00
Ilia Shipitsin 7981e16e0b CI: add windows GitHub Actions 2024-04-05 22:09:39 +02:00
Ilia Shipitsin 62e7f0ba8a CI: adopt windows_build.bat for GitHub actions 2024-04-05 22:08:51 +02:00
hiura2023 2dbebe271d Merge branch 'SoftEtherVPN:master' into master 2024-03-31 23:10:42 +09:00
hiura eb793dc257 Merge branch 'master' of https://github.com/hiura2023/SoftEtherVPN 2024-03-31 23:08:12 +09:00
hiura 97203568e7 Fix 'RemoveDefGwOnDhcpForLocalhost' function: Change to exclude unplugged device from MAC address list. 2024-03-31 23:07:16 +09:00
Ilya Shipitsin 9c0b5f7001 Merge pull request #1970 from chipitsine/master 
bump version for upcoming 5183 release
 2024-03-26 09:04:38 +01:00
Ilya Shipitsin a39560749d Merge pull request #1969 from hiura2023/master 
Fix "Session Timeouted.":  Change the time for checking wether all the TCP connectins are alive or not.
 2024-03-24 20:21:24 +01:00
Ilya Shipitsin 495cddd518 bump version for upcoming 5183 release 2024-03-24 20:18:38 +01:00
hiura2023 0d9b4faae3 Merge branch 'SoftEtherVPN:master' into master 2024-03-24 19:13:07 +09:00
hiura e8c14cba68 Fix 'Session Timeouted.': Change the time for checking wether all the TCP connectins are alive or not. 2024-03-24 19:11:24 +09:00
Ilya Shipitsin ff37c35cfa Merge pull request #1966 from hiura2023/master 
Fix hamcore access: Correcting path separator for hamcore.
 2024-03-17 04:56:15 +01:00
hiura 56c12de929 Merge branch 'master' of https://github.com/hiura2023/SoftEtherVPN 2024-03-16 13:02:38 +09:00
hiura 2789b16c12 Fix hamcore access: Correcting path separator for hamcore. 2024-03-16 12:52:46 +09:00
Ilya Shipitsin f6c185f279 Merge pull request #1963 from hiura2023/master 
Change bridge function: Make the NIC appear in the "Local Bridge Settings" list
 2024-03-11 20:52:35 +01:00
hiura2023 44821c7130 Merge branch 'SoftEtherVPN:master' into master 2024-03-11 02:27:36 +09:00
hiura 64cb8e1eff Change bridge function: Make the NIC appear in the 'Local Bridge Settings' list No.2 2024-03-11 00:16:22 +09:00
Ilya Shipitsin fc7093ed36 Merge pull request #1965 from metalefty/issue-template 
New issue form
 2024-03-08 08:26:27 +01:00
Koichiro Iwao 370d83ffa0 Introduce new issue form 2024-03-08 14:16:59 +09:00
hiura 645d5ebb55 Change bridge function: Make the NIC appear in the 'Local Bridge Settings' list regardless of a NULL character consisted in 'FriendlyName' 2024-03-06 11:33:56 +09:00
Ilya Shipitsin 09b7e4f6e5 Merge pull request #1960 from libnumafly/patch-2 
Update BUILD_UNIX.md for fix location
 2024-02-26 21:49:46 +01:00
Kensei Sakai 0dfc82c14e Update BUILD_UNIX.md for fix location 
# Using SoftEther without installation
Correct location for build output dir.
 2024-02-27 03:27:20 +09:00
Ilya Shipitsin 48cb3fdebe Merge pull request #1958 from tew42/master 
Update BuildNumber to match (next) tagged release
 2024-02-24 22:45:10 +01:00
Thomas Winkler 913934f7c0 Update CMakeSettings.json with version bump (upcoming 5182) 2024-02-24 22:24:41 +01:00
Thomas Winkler 442885deb5 Update CMakeLists.txt with version bump (upcoming 5182) 2024-02-24 22:24:15 +01:00
Ilya Shipitsin d4dbf3cdc5 Merge pull request #1956 from chipitsine/ignore_vcpkg_installed 
add "vcpkg_installed" to gitignore
 2024-02-24 11:03:41 +01:00
Ilya Shipitsin b58d57ffeb Merge pull request #1954 from chipitsine/gcc_14_fix 
adjust types of variables found by gcc14
 2024-02-24 10:45:17 +01:00
Ilya Shipitsin 01b05af333 add "vcpkg_installed" to gitignore 2024-02-23 16:28:11 +01:00
Ilya Shipitsin 60ee463044 adjust types of variables 
gcc14 is not happy on "error: passing argument .. from incompatible pointer type [-Wincompatible-pointer-types]"
 2024-02-23 11:06:27 +01:00
Ilya Shipitsin 36456e63a6 Merge pull request #1953 from hiura2023/master 
IPC.c: Cast the pointer to a defined size due to the error in compiling.
 2024-02-21 21:49:53 +01:00
hiura 4e4bd79ad2 IPC.c:Cast the pointer to a defined size due to the error in compiling. 2024-02-20 12:01:35 +09:00
Ilya Shipitsin dc2b11918a Merge pull request #1933 from chipitsine/master 
CI: use OPENSSL_ROOT_DIR for cirrus-ci builds
 2023-12-03 14:08:34 +01:00
Ilya Shipitsin 7398bf2724 CI: use OPENSSL_ROOT_DIR for cirrus-ci builds 2023-12-02 22:30:26 +01:00
Ilya Shipitsin ff4b74afda Merge pull request #1929 from chipitsine/pr_1921_followup 
fix nullptr deref
 2023-12-01 17:18:40 +01:00
Ilya Shipitsin e6792d8893 fix nullptr deref 
Co-authored-by: icy17 <1061499390@qq.com>
 2023-11-19 10:57:28 +01:00
Ilya Shipitsin 8cde812157 Merge pull request #1924 from hiura2023/master 
Fix azure pipelines: Publish separate artifacts for both x64 and x86.
 2023-11-10 13:49:45 +01:00
hiura 3574f8aa98 Fix azure pipelines: Publish separate artifacts for both x64 and x86. 2023-11-02 18:42:12 +09:00
Ilya Shipitsin 9429243dbe Merge pull request #1906 from hiura2023/master 
Fix access violation: correct typing mistake in calling Debug().
 2023-11-01 10:26:37 +01:00
Yihong Wu 895c16e3e8 Revert "README.md: Add me to members" 
This reverts commit 1f40de2dda.
 2023-10-15 06:13:59 +00:00
Davide Beatrici 6a170ac691 Merge PR #1911: Fix 7 vulnerabilities, add softether.net after-2038 year certificate hash, add vpncmd message about Developer Edition 2023-10-09 18:01:47 +02:00
Daiyuu Nobori 6dbf7e9ae2 Showing an explanation of the purpose of the Developer Edition and the difference from the Stable Editon by Daiyuu Nobori 2023-10-09 17:14:32 +02:00
Daiyuu Nobori 54ae7f725b Add four new certificate hashes to the DDNS_CERT_HASH list by Daiyuu Nobori. These certificates will be used to University of Tsukuba's built-in "softether.net" DDNS server after year 2038. 2023-10-09 17:14:32 +02:00
Daiyuu Nobori 35077deaf1 Fix Vulnerability: CVE-2023-25774 TALOS-2023-1743 
SoftEther VPN vpnserver ConnectionAccept () denial of service vulnerability
 2023-10-09 17:13:57 +02:00
Daiyuu Nobori 3b932f5fee Fix Vulnerability: CVE-2023-27516 TALOS-2023-1754 and CVE-2023-32634 TALOS-2023-1755 
SoftEther VPN CiRpcAccepted () authentication bypass vulnerability
and SoftEther VPN CiRpcServerThread () MitM authentication bypass vulnerability
https://www.softether.org/9-about/News/904-SEVPN202301
https://jvn.jp/en/jp/JVN64316789/
 2023-10-07 04:42:41 +02:00
Daiyuu Nobori f4bbe476be Fix Vulnerability: CVE-2023-32275 TALOS-2023-1753 
SoftEther VPN CtEnumCa () information disclosure vulnerability
https://www.softether.org/9-about/News/904-SEVPN202301
https://jvn.jp/en/jp/JVN64316789/
 2023-10-07 04:42:41 +02:00
Daiyuu Nobori 2dec52b875 Heap area protection of memory has been enhanced. 
When memory is released and reallocated, a random security value called a canary is written to the before/after area of memory, and if the value has been modified, the process is terminated (restarted) for safety, assuming it is a buffer overflow of the memory area. This feature may effectively prevent confidentiality or integrity violations in the event that some heap area overflow vulnerability is discovered in this system in the future.
 2023-10-07 04:42:34 +02:00
Daiyuu Nobori c49e462ed1 Fix Vulnerability: CVE-2023-22325 TALOS-2023-1736 
SoftEther VPN DCRegister DDNS_RPC_MAX_RECV_SIZE denial of service vulnerability
https://www.softether.org/9-about/News/904-SEVPN202301
https://jvn.jp/en/jp/JVN64316789/
 2023-09-28 18:26:17 +09:00
Daiyuu Nobori b8e542105f Fix Vulnerability: CVE-2023-27395 TALOS-2023-1735 
SoftEther VPN vpnserver WpcParsePacket () heap-based buffer overflow vulnerability
https://www.softether.org/9-about/News/904-SEVPN202301
https://jvn.jp/en/jp/JVN64316789/
 2023-09-28 18:24:12 +09:00
Ilya Shipitsin 18dc2621ec Merge pull request #1905 from chipitsine/master 
fix windows build
 2023-09-17 21:02:58 +02:00
hiura f57f05a599 Bind outgoing connection to a specific IP address (fix a bug) 2023-09-17 16:36:57 +09:00
Ilya Shipitsin f736d18267 temporarily suppress clang warnings on "-Wincompatible-function-pointer-types" 2023-09-16 00:03:03 +02:00
Ilya Shipitsin 1be55ebb94 src/vpndrvinst/main.c: add missing header file 2023-09-16 00:02:29 +02:00
Ilya Shipitsin d8dec75bc5 Merge pull request #1903 from puripuri2100/fix-missing-arg-name 
Fix missing argument name in strtable file
 2023-09-15 14:27:22 +02:00
puripuri2100 fc2a33d1f3 fix missing arg 2023-09-15 09:39:11 +09:00
Ilya Shipitsin 68615fe64e Merge pull request #1902 from chipitsine/master 
add missing localization
 2023-09-13 12:21:02 +02:00
Ilya Shipitsin 2fd6c0b76a add missing localization 
this is a follow up of
https://github.com/SoftEtherVPN/SoftEtherVPN/pull/1867

English localization is added for now
 2023-09-12 22:43:01 +02:00
Ilya Shipitsin 6833a7a11d Merge pull request #1901 from hiura2023/master 
Bind outgoing connection to a specific IP address (avoid illegal access)
 2023-09-12 09:39:18 +02:00
hiura 643cbbbf88 Bind outgoing connection to a specific IP address (avoid illegal access) 2023-09-12 10:20:51 +09:00
Ilya Shipitsin 205a94cda2 Merge pull request #1867 from hiura2023/master 
Bind outgoing connection to a specific IP address
 2023-09-10 17:18:31 +02:00
Ilya Shipitsin 2868ff1ef6 Merge pull request #1897 from puripuri2100/fix_strtable_VpnAzureSetStatus 
fixed comments in strtable file
 2023-09-01 22:43:29 +02:00
puripuri2100 a9a93a2824 fixed VpnAzureSetStatus to VpnAzureSetEnable 2023-08-31 01:30:15 +09:00
Ilya Shipitsin 979eb803a6 Merge pull request #1894 from chipitsine/master 
CI: move stb check from travis-ci to GHA
 2023-08-27 21:23:50 +02:00
djony 5e63124bb5 Update strtable_ru.stb 2023-08-27 22:20:11 +03:00
Ilya Shipitsin 68e704097d fix another stb complaints 2023-08-27 21:11:53 +02:00
djony 716ae59f1f Update strtable_ru.stb 2023-08-27 22:11:51 +03:00
Ilya Shipitsin 8162ca3d12 Merge branch 'SoftEtherVPN:master' into master 2023-08-27 21:01:22 +02:00
Ilya Shipitsin d9686df302 Merge pull request #1895 from djony/master 
Update file strtable_ru.stb
 2023-08-27 21:00:43 +02:00
djony 8345deebe4 Add files via upload 2023-08-27 19:21:13 +03:00
Ilya Shipitsin 63595f79c5 fix some missing localization 2023-08-25 22:24:53 +02:00
Ilya Shipitsin 7fe3e6a800 CI: travis: cleanup stb check 2023-08-25 22:07:07 +02:00
Ilya Shipitsin 107c4ba362 CI: add stb check 2023-08-25 22:06:09 +02:00
Ilya Shipitsin aa65e11fc8 stbchecker: retarget against net7.0 2023-08-25 22:05:08 +02:00
Ilya Shipitsin 519d94f925 Merge pull request #1893 from djony/master 
Big Russian language update
 2023-08-24 22:53:55 +02:00
djony 950ecc186c Update strtable_ru.stb 2023-08-24 00:39:17 +03:00
djony 2abd9de923 Update strtable_ru.stb 2023-08-24 00:37:55 +03:00
Ilya Shipitsin 5d8ff7ed4f Merge pull request #1887 from chipitsine/master 
additional error handling if SSL_CTX_new failed
 2023-08-16 22:47:14 +02:00
Ilya Shipitsin 8f8677f164 set PPPSetStatus(p, PPP_STATUS_FAIL); in case of failure 2023-08-16 22:32:00 +02:00
Ilya Shipitsin 088b5c2df3 additional error handling if SSL_CTX_new failed 
this is a folloup to https://github.com/SoftEtherVPN/SoftEtherVPN/pull/1873
 2023-08-16 19:17:18 +02:00
Ilya Shipitsin acb6a53b31 Merge pull request #1884 from chipitsine/master 
CI: enable GHA macos builds
 2023-08-15 10:00:06 +02:00
Ilya Shipitsin e122e964f3 CI: cleanup osx travis-ci due to migration to GHA 2023-08-14 22:10:03 +02:00
Ilya Shipitsin df108b559d CI: enable macos builds 2023-08-14 22:03:38 +02:00
Ilya Shipitsin efac849ed7 Merge pull request #1883 from barracuda156/darwin 
Fix macOS build: add missing headers
 2023-08-14 19:58:06 +02:00
barracuda156 a80d3f2032 TunTap.h: fix for undefined u_char, u_short on MacOS 2023-08-14 15:54:56 +08:00
barracuda156 1cf2e7a8ea Network.h: include forgotten pthread.h for MacOS too 2023-08-14 15:40:53 +08:00
Ilya Shipitsin 137b8ef67a Merge pull request #1877 from chipitsine/master 
CI: get rid of travis-ci coverity wrapper
 2023-08-09 07:41:20 +02:00
hiura c2fe874865 Bind outgoing connection to a specific IP address No.2 2023-08-08 18:14:22 +09:00
Ilya Shipitsin 14fea1f4a2 CI: get rid of travis-ci coverity wrapper 2023-08-08 07:53:58 +02:00
Ilya Shipitsin f6f2660060 Merge pull request #1869 from metalefty/bsdunixvlan-group 
Cedar/VLanUnix: assign virtual interface to softether group
 2023-08-07 08:16:17 +02:00
Ilya Shipitsin 5d667e4261 Merge pull request #1876 from chipitsine/fedora_rawhide 
CI: introduce monthly Fedora Rawhide builds
 2023-08-06 23:29:32 +02:00
Yihong Wu adccc6b7d4 Merge pull request #1775 from domosekai/radius2 
Support more EAP methods for RADIUS auth
 2023-08-07 02:50:13 +09:00
Ilya Shipitsin a2aa254f11 CI: introduce monthly Fedora Rawhide builds 
Fedora Rawhide includes latest compilers
 2023-08-06 15:43:53 +02:00
Ilya Shipitsin c0440031e9 Merge pull request #1873 from icy17/master 
fix potential crash.
 2023-08-05 23:09:56 +02:00
icy17 07733b29cb fix potential crash. 2023-07-30 11:01:09 +00:00
Davide Beatrici eb785e08fe Merge PR #1866: Translate GenX25519/GetPublicX25519 command 2023-07-05 09:55:53 +02:00
Davide Beatrici 1493ccb44d Merge PR #1865: Fix build when NO_VLAN 2023-07-05 09:55:35 +02:00
Koichiro IWAO 49f8112d83 Cedar/VLanUnix: assign virtual interface to softether group 
Interface grouping is available on FreeBSD and OpenBSD. This will allow
you to enumerate only SoftEther virtual interfaces or exclude SoftEther
virtual interfaces, and be helpful when making custom scripts to start
DHCP client when virtual interface become up (=VPN connection
established) for example.

Usage examples as follows.

List all interfaces' names available on the system:
```
$ ifconfig -l
vtnet0 lo0 vpn_client0 vpn_client1 vpn_client2
```

Display a list of SoftEther virtual interfaces:
```
$ ifconfig -g softether
vpn_client0
vpn_client1
vpn_client2
```

Display details about SoftEther virtual interfaces that are up:
```
$ ifconfig -a -u -g softether
vpn_client0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: SoftEther Virtual Network Adapter
        options=80000<LINKSTATE>
        ether 5e:71:fa:f8:91:4a
        hwaddr 58:9c:fc:10:34:2a
        groups: tap softether
        media: Ethernet autoselect
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        Opened by PID 1445
```

Display details about interfaces except for SoftEther virtual interfaces:
```
$ ifconfig -a -G softether
vtnet0: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=80028<VLAN_MTU,JUMBO_MTU,LINKSTATE>
        ether 58:9c:fc:00:f0:23
        inet6 fe80::5a9c:fcff:fe00:f023%vtnet0 prefixlen 64 scopeid 0x1
        inet 192.168.96.7 netmask 0xffffff00 broadcast 192.168.96.255
        media: Ethernet autoselect (10Gbase-T <full-duplex>)
        status: active
        nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
        inet 127.0.0.1 netmask 0xff000000
        groups: lo
        nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
```
 2023-07-04 14:38:36 +09:00
Davide Beatrici 5633314981 Merge PR #1868: Fix build on __FreeBSD_version >= 140091 (LLVM 16) 2023-07-04 06:08:21 +02:00
Koichiro Iwao dcdbce63d5 Fix build on __FreeBSD_version >= 140091 (LLVM 16) 
Fails to build after:
https://cgit.freebsd.org/src/commit/?id=a681cba16d8967651a2146385ce44a2bfeb1c4c3

As the commit title is "Bump __FreeBSD_version for llvm 16.0.6 merge",
I suppose LLVM 16 is stricter than LLVM 15. It was building successfully
at least the previous week.

Build log: https://pkg-status.freebsd.org/beefy18/data/main-amd64-default/p4785b313b958_se8efee297c/logs/softether5-5.02.5180.335,2.log

```
[ 32%] Building C object src/Mayaqua/CMakeFiles/mayaqua.dir/Unix.c.o
cd /wrkdirs/usr/ports/security/softether5/work/.build/src/Mayaqua && /usr/bin/cc -DBRIDGE_BPF -DCPU_64 -DHAVE_SSL_CTX_SET_NUM_TICKETS -DNDEBUG -DOS_UNIX -DREENTRANT -DSE_DBDIR=\"/var/db/softether\" -DSE_LOGDIR=\"/var/log/softether\" -DSE_PIDDIR=\"/var/run/softether\" -DSE_TAGNAME=\"5.02.5180-335-g1c0bdb0c/freebsd\" -DTHREADSAFE -DTHREAD_SAFE -DUNIX -DUNIX_BSD -DVPN_SPEED -D_FILE_OFFSET_BITS=64 -D_REENTRANT -D_THREADSAFE -D_THREAD_SAFE -Dmayaqua_EXPORTS -I/wrkdirs/usr/ports/security/softether5/work/SoftEtherVPN-5.02.5180-335-g1c0bdb0c/src/. -I/wrkdirs/usr/ports/security/softether5/work/SoftEtherVPN-5.02.5180-335-g1c0bdb0c/src/Mayaqua/. -I/wrkdirs/usr/ports/security/softether5/work/SoftEtherVPN-5.02.5180-335-g1c0bdb0c/src/libhamcore/include -O2 -pipe  -I/usr/local/include/cpu_features -fstack-protector-strong -isystem /usr/local/include -fno-strict-aliasing -fsigned-char -O2 -pipe  -I/usr/local/include/cpu_features -fstack-protector-strong -isystem /usr/local/include -fno-strict-aliasing  -DNDEBUG -O2 -std=gnu99 -fPIC -pthread -MD -MT src/Mayaqua/CMakeFiles/mayaqua.dir/Unix.c.o -MF CMakeFiles/mayaqua.dir/Unix.c.o.d -o CMakeFiles/mayaqua.dir/Unix.c.o -c /wrkdirs/usr/ports/security/softether5/work/SoftEtherVPN-5.02.5180-335-g1c0bdb0c/src/Mayaqua/Unix.c
/wrkdirs/usr/ports/security/softether5/work/SoftEtherVPN-5.02.5180-335-g1c0bdb0c/src/Mayaqua/Unix.c:259:18: error: incompatible function pointer types assigning to 'void (*)(int, struct __siginfo *, void *)' from 'void *(int, siginfo_t *, void *)' (aka 'void *(int, struct __siginfo *, void *)') [-Wincompatible-function-pointer-types]
        sa.sa_sigaction = signal_received_for_ignore;
                        ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~
```
 2023-07-04 08:50:53 +09:00
Ilya Shipitsin 8ac021a38c Merge pull request #1863 from metalefty/bsdunixvlan-bridge 
FreeBSD: Make sure to destroy tap device for bridge
 2023-07-03 22:45:37 +02:00
hiura e4330ca71a bind outgoing connection 2023-06-28 23:18:09 +09:00
Koichiro Iwao 35b5d0640f Translate GenX25519/GetPublicX25519 command 2023-06-21 15:16:47 +09:00
Koichiro Iwao f88341ce40 Fix case of WireGuard 2023-06-21 15:11:38 +09:00
Koichiro IWAO 0ab5199272 Fix build when NO_VLAN 
Occurred at:	 #670
Closes:		#1864

Tested build on FreeBSD with NO_VLAN by modifying CMakeLists.txt like this:

```diff
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index c49a3c78..1dad3691 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -93,6 +93,7 @@ if(UNIX)
if(${CMAKE_SYSTEM_NAME} STREQUAL "FreeBSD")
     add_definitions(-DUNIX_BSD -DBRIDGE_BPF)
+    add_definitions(-DNO_VLAN)
     include_directories(SYSTEM /usr/local/include)
     link_directories(SYSTEM /usr/local/lib)
   endif()
```
 2023-06-17 02:18:04 +09:00
Koichiro IWAO 41be858df0 Collect garbage at development 2023-06-17 01:54:36 +09:00
Koichiro IWAO 6665efb822 Remove unnecessary quotation to fix build 2023-06-15 10:17:33 +09:00
Koichiro IWAO 8826484245 Rename macro BRDEST -> BRIDGE for simplicity 
UNIX_VLAN_BRDEST_IFACE_PREFIX -> UNIX_VLAN_BRIDGE_IFACE_PREFIX
 2023-06-15 00:15:17 +09:00
Koichiro IWAO 09708bc8cb Cedar/BridgeUnix: make sure to destroy tap device for bridge on FreeBSD 
Also, rename NewTap/FreeTap to NewBridgeTap/FreeBridgeTap because these
functions are used to create/destroy tap device used for bridge
destination.
 2023-06-15 00:15:17 +09:00
Koichiro IWAO 696a9bc0a1 Cedar: Don't hardcode prefix for virtual brige destination 2023-06-15 00:15:17 +09:00
Davide Beatrici 1c0bdb0c30 Merge PR #1860: Cedar/VLanUnix: add description to FreeBSD tap device 2023-06-08 19:09:02 +02:00
Alexey Kryuchkov a366bdbf02 Add server option 'JsonRpcWebApiAllowedSubnet' to restrict access to JSON-RPC API based on client IP address 2023-06-02 00:00:43 +03:00
Koichiro IWAO 96e4fc040f Cedar/VLanUnix: add description to FreeBSD tap device 
$ ifconfig vpn_client
vpn_client: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: SoftEther Virtual Network Adapter
        options=80000<LINKSTATE>
        ether 5e:51:5e:48:ea:ef
        hwaddr 58:9c:fc:10:34:2a
        groups: tap
        media: Ethernet autoselect
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        Opened by PID 35981
 2023-06-01 16:50:30 +09:00
Davide Beatrici 0f689d9dfc Merge PR #1859: FreeBSD: Improve client's virtual network interface handling 2023-06-01 09:38:26 +02:00
Koichiro IWAO 867c992111 Cedar/VLanUnix: use space after #ifdef 2023-06-01 15:18:13 +09:00
Koichiro IWAO 96b1961d78 Cedar/VLanUnix: add UnixDestroyTapDevice prototype declaration 2023-06-01 11:57:50 +09:00
Koichiro IWAO 939eb3130e Cedar/Client: Enable CtVLans{Up,Down} on FreeBSD 
The same trick also works on FreeBSD. There's no reason to limit it to
Linux.
 2023-05-31 17:48:31 +09:00
Koichiro IWAO 0ba7ad392e Cedar/VLanUnix: Enable UnixVLanSetState on FreeBSD 2023-05-31 17:48:31 +09:00
Koichiro IWAO 8482a52522 Cedar/VLanUnix: Make NicDelete work on FreeBSD 
In contrast to Linux, FreeBSD's tap devices are still plumbed after fd
closed. The tap device must be destroyed in addition to closing fd
to delete virtual network interfaces used for VPN connection.

NicDelete command now works properly and virtual network interfaces used
by vpnclient are cleaned up when shutting down vpnclient.
 2023-05-31 17:48:31 +09:00
Koichiro IWAO 9c33605f5e Cedar: Don't hardcode prefix for UNIX virtual network interface 2023-05-31 17:48:06 +09:00
Ilya Shipitsin 3c70698c35 Merge pull request #1845 from chipitsine/master 
introduce security policy, add security reporting link to README.md
 2023-05-21 19:16:44 +02:00
Ilya Shipitsin 56b4ebfa65 add github security reporting to README.md 2023-05-14 21:21:03 +02:00
Ilya Shipitsin c68d93c2e9 introduce security policy 2023-05-14 21:13:42 +02:00
Ilya Shipitsin 2fdd9ec4dc Merge pull request #1832 from chipitsine/master 
src/Cedar/Server.c: fix race condition
 2023-05-13 20:42:38 +02:00
Roel van de Wiel 36505e3896 Changed 'settng' to 'setting' and regenerated the RPC docs 2023-05-10 15:09:57 +02:00
Ilya Shipitsin 6ae786d542 Merge pull request #1833 from chipitsine/coverity_fix 
several potential null pointer dereferences fix
 2023-05-01 09:14:17 +02:00
Ilya Shipitsin c59df82666 src/Mayaqua/Secure.c: fix potential null pointer dereference 
found by coverity

   CID 343528 (#1 of 1): Dereference before null check (REVERSE_INULL)
   check_after_deref: Null-checking name suggests that it may be null,
   but it has already been dereferenced on all paths leading to the
   check.
   438        if (name == NULL || k == NULL || k->private_key == false)
   439        {
   440                sec->Error = SEC_ERROR_BAD_PARAMETER;
   441                return false;
   442        }
 2023-05-01 06:18:39 +02:00
Ilya Shipitsin db7d6c83d5 src/Mayaqua/Secure.c: fix potential null pointer dereference 
found by coverity

   CID 343537 (#1 of 1): Dereference before null check (REVERSE_INULL)
   check_after_deref: Null-checking name suggests that it may be null
   but it has already been dereferenced on all paths leading to the
   check.
   664        if (name == NULL)
   665        {
   666                sec->Error = SEC_ERROR_BAD_PARAMETER;
   667                return false;
   668        }
 2023-05-01 06:09:38 +02:00
Ilya Shipitsin a89adaebc3 src/Mayaqua/Secure.c: fix potential null pointer dereference 
found by coverity

 CID 343536 (#1 of 1): Dereference before null check (REVERSE_INULL)
 check_after_deref: Null-checking name suggests that it may be null, but
 it has already been dereferenced on all paths leading to the check.
 1339        if (name == NULL || data == NULL || size == 0)
 1340        {
 1341                sec->Error = SEC_ERROR_BAD_PARAMETER;
 1342                return false;
 1343        }
 2023-05-01 06:07:19 +02:00
Ilya Shipitsin c46871688b src/Cedar/Server.c: fix race condition 
=================================================================
==1505093==ERROR: AddressSanitizer: heap-use-after-free on address 0x607000366b88 at pc 0x7f72afadc34a bp 0x7f72990fa390 sp 0x7f72990fa388
READ of size 4 at 0x607000366b88 thread T22
    #0 0x7f72afadc349 in GetCaps /home/ilia/SoftEtherVPN/src/Cedar/Server.c:1861
    #1 0x7f72afadc382 in GetCapsInt /home/ilia/SoftEtherVPN/src/Cedar/Server.c:1802
    #2 0x7f72afaf72a5 in GetServerCapsInt /home/ilia/SoftEtherVPN/src/Cedar/Server.c:1098
    #3 0x7f72afaf7318 in GetServerCapsBool /home/ilia/SoftEtherVPN/src/Cedar/Server.c:1104
    #4 0x7f72afaf771e in SiWriteHubCfg /home/ilia/SoftEtherVPN/src/Cedar/Server.c:4887
    #5 0x7f72afaf771e in SiWriteHubCfg /home/ilia/SoftEtherVPN/src/Cedar/Server.c:4824
    #6 0x7f72afaf7c0b in SiWriteHubs /home/ilia/SoftEtherVPN/src/Cedar/Server.c:5548
    #7 0x7f72afaf7c0b in SiWriteHubs /home/ilia/SoftEtherVPN/src/Cedar/Server.c:5515
    #8 0x7f72afaf81d6 in SiWriteConfigurationToCfg /home/ilia/SoftEtherVPN/src/Cedar/Server.c:3166
    #9 0x7f72afaf86bc in SiWriteConfigurationFile /home/ilia/SoftEtherVPN/src/Cedar/Server.c:6593
    #10 0x7f72afaf86bc in SiWriteConfigurationFile /home/ilia/SoftEtherVPN/src/Cedar/Server.c:6569
    #11 0x7f72afaf8914 in SiSaverThread /home/ilia/SoftEtherVPN/src/Cedar/Server.c:6561
    #12 0x7f72afaf8914 in SiSaverThread /home/ilia/SoftEtherVPN/src/Cedar/Server.c:6547
    #13 0x7f72af6e0cfa in ThreadPoolProc /home/ilia/SoftEtherVPN/src/Mayaqua/Kernel.c:872
    #14 0x7f72af6e0cfa in ThreadPoolProc /home/ilia/SoftEtherVPN/src/Mayaqua/Kernel.c:827
    #15 0x7f72af76eeb4 in UnixDefaultThreadProc /home/ilia/SoftEtherVPN/src/Mayaqua/Unix.c:1604
    #16 0x7f72af4ffc56 in start_thread (/lib64/libc.so.6+0x8cc56) (BuildId: 6107835fa7d4725691b2b7f6aaee7abe09f493b2)
    #17 0x7f72af585a6f in __clone3 (/lib64/libc.so.6+0x112a6f) (BuildId: 6107835fa7d4725691b2b7f6aaee7abe09f493b2)

0x607000366b88 is located 24 bytes inside of 72-byte region [0x607000366b70,0x607000366bb8)
freed by thread T0 here:
    #0 0x7f72afed7fc8 in __interceptor_free.part.0 (/lib64/libasan.so.8+0xd7fc8) (BuildId: 9501248886f79bf1482f3e153f794be742818172)
    #1 0x7f72af76ed6f in UnixMemoryFree /home/ilia/SoftEtherVPN/src/Mayaqua/Unix.c:2072

previously allocated by thread T22 here:
    #0 0x7f72afed92ff in malloc (/lib64/libasan.so.8+0xd92ff) (BuildId: 9501248886f79bf1482f3e153f794be742818172)
    #1 0x7f72af76f35d in UnixMemoryAlloc /home/ilia/SoftEtherVPN/src/Mayaqua/Unix.c:2053

Thread T22 created by T0 here:
    #0 0x7f72afe48966 in pthread_create (/lib64/libasan.so.8+0x48966) (BuildId: 9501248886f79bf1482f3e153f794be742818172)
    #1 0x7f72af76f713 in UnixInitThread /home/ilia/SoftEtherVPN/src/Mayaqua/Unix.c:1683

SUMMARY: AddressSanitizer: heap-use-after-free /home/ilia/SoftEtherVPN/src/Cedar/Server.c:1861 in GetCaps
Shadow bytes around the buggy address:
  0x607000366900: 00 00 00 fa fa fa fa fa 00 00 00 00 00 00 00 00
  0x607000366980: 00 fa fa fa fa fa 00 00 00 00 00 00 00 00 00 fa
  0x607000366a00: fa fa fa fa 00 00 00 00 00 00 00 00 00 fa fa fa
  0x607000366a80: fa fa 00 00 00 00 00 00 00 00 00 fa fa fa fa fa
  0x607000366b00: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fd fd
=>0x607000366b80: fd[fd]fd fd fd fd fd fa fa fa fa fa fd fd fd fd
  0x607000366c00: fd fd fd fd fd fa fa fa fa fa fd fd fd fd fd fd
  0x607000366c80: fd fd fd fa fa fa fa fa fd fd fd fd fd fd fd fd
  0x607000366d00: fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x607000366d80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x607000366e00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
 2023-05-01 05:53:36 +02:00
Ilya Shipitsin aadc068964 Merge pull request #1831 from chipitsine/master 
src/Mayaqua/Unix.c: fix guarding
 2023-04-29 23:47:35 +02:00
Ilya Shipitsin 46e73e944f src/Mayaqua/Unix.c: fix guarding 
SoftEtherVPN/src/Mayaqua/Unix.c:51:25: warning: missing
terminating ' character
   51 | #include <sys/statvfs.h>'
 2023-04-29 22:31:55 +02:00
Ilya Shipitsin 8fc27da780 Merge pull request #1829 from chipitsine/master 
src/Mayaqua/Str.c: fix denial of service reported by Cisco Talos
 2023-04-22 08:26:47 +02:00
Ilya Shipitsin c983ebffc1 Merge pull request #1828 from chipitsine/cleanup_source_release_pipeline 
Cleanup source release pipeline
 2023-04-21 23:22:02 +02:00
Ilya Shipitsin df6df007a3 src/Mayaqua/Str.c: fix denial of service reported by Cisco Talos 
TALOS-2023-1741
CVE-2023-23581

SoftEther VPN vpnserver EnSafeHttpHeaderValueStr denial of service
vulnerability

A denial of service vulnerability exists in the vpnserver
EnSafeHttpHeaderValueStr functionality of SoftEther VPN 5.01.9674 and
5.02. A specially-crafted network packet can lead to denial of service.
 2023-04-21 22:38:22 +02:00
Ilya Shipitsin f7a2cc5a7d CI: modernize GH release creation 
details:
https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
 2023-04-21 22:27:47 +02:00
Ilya Shipitsin 544f03ec8b CI: drop AppVeyor source release creation in favour of GH Actions 2023-04-21 22:26:30 +02:00
Ilya Shipitsin 82ce34fccb Merge pull request #1824 from chipitsine/master 
src/Cedar/Proto_OpenVPN.c: fix denial of service found by Cisco Talos
 2023-04-17 00:22:03 +02:00
Ilya Shipitsin 6ff0ce7076 Merge pull request #1823 from chipitsine/bump_cirrus_ci 
CI: cirrus-ci: switch to freebsd-13.2
 2023-04-17 00:21:39 +02:00
Ilya Shipitsin d2e673a47d src/Cedar/Proto_OpenVPN.c: fix denial of service found by Cisco Talos 
specially crafted network packet lead to buffer overrun and process
crash. working exploit was provided by Cisco Talos team.

An integer underflow vulnerability exists in the vpnserver
OvsProcessData functionality of SoftEther VPN 5.01.9674 and 5.02. A
specially-crafted network packet can lead to denial of service. An
attacker can send a malicious packet to trigger this vulnerability.

The versions below were either tested or verified to be vulnerable by
Talos or confirmed to be vulnerable by the vendor.

SoftEther VPN 5.01.9674
SoftEther VPN 5.02
While 5.01.9674 is a development version, it is distributed at the time
of writing by Ubuntu and other Debian-based distributions.
 2023-04-16 23:06:30 +02:00
Ilya Shipitsin b3df7a0b90 CI: cirrus-ci: switch to freebsd-13.2 
openssl-devel has been renamed to openssl3{0,1}.
 2023-04-16 22:58:03 +02:00
Ilya Shipitsin 22c602f630 Merge pull request #1801 from chipitsine/master 
Windows: link MSVC runtime static
 2023-04-03 09:43:13 +02:00
Yihong Wu b4e26dec05 Merge pull request #1815 from domosekai/b64 
Mayaqua/Memory: Fix memory corruption in base64
 2023-04-01 13:16:39 +09:00
Yihong Wu df7ea3c54a Mayaqua/Memory: Fix memory corruption in base64 2023-03-31 09:14:39 +00:00
Ilya Shipitsin 423631100f Merge pull request #1802 from SoftEtherVPN/dependabot/npm_and_yarn/src/bin/hamcore/wwwroot/admin/default/webpack-5.76.0 
Bump webpack from 5.75.0 to 5.76.0 in /src/bin/hamcore/wwwroot/admin/default
 2023-03-15 13:32:01 +01:00
dependabot[bot] fb83ac08f2 Bump webpack in /src/bin/hamcore/wwwroot/admin/default 
Bumps [webpack](https://github.com/webpack/webpack) from 5.75.0 to 5.76.0.
- [Release notes](https://github.com/webpack/webpack/releases)
- [Commits](https://github.com/webpack/webpack/compare/v5.75.0...v5.76.0)

---
updated-dependencies:
- dependency-name: webpack
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-03-15 09:35:00 +00:00
Ilya Shipitsin e6123d36a0 Merge pull request #1782 from metalefty/adjust-version-string 
Cedar: Trim contiguous whitespaces in version string
 2023-03-12 08:32:55 +01:00
Ilya Shipitsin 0ff9d1a455 CI: Windows: use static link for MSVC runtime 2023-03-11 23:08:59 +01:00
Ilya Shipitsin 96ab969152 build: windows: link MSVC runtime statically 2023-03-11 21:52:11 +01:00
Ilya Shipitsin 1f3a730d0a .gitignore: do not count Visual Studio user settings 2023-03-11 21:48:31 +01:00
Ilya Shipitsin 21963c6c68 Merge pull request #1796 from SoftEtherVPN/dependabot/npm_and_yarn/src/bin/hamcore/wwwroot/admin/default/minimist-and-mkdirp-1.2.8 
Bump minimist and mkdirp in /src/bin/hamcore/wwwroot/admin/default
 2023-03-03 09:44:10 +06:00
dependabot[bot] 91053622ab Bump minimist and mkdirp in /src/bin/hamcore/wwwroot/admin/default 
Bumps [minimist](https://github.com/minimistjs/minimist) and [mkdirp](https://github.com/isaacs/node-mkdirp). These dependencies needed to be updated together.

Updates `minimist` from 0.0.8 to 1.2.8
- [Release notes](https://github.com/minimistjs/minimist/releases)
- [Changelog](https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md)
- [Commits](https://github.com/minimistjs/minimist/compare/v0.0.8...v1.2.8)

Updates `mkdirp` from 0.5.1 to 0.5.6
- [Release notes](https://github.com/isaacs/node-mkdirp/releases)
- [Changelog](https://github.com/isaacs/node-mkdirp/blob/main/CHANGELOG.md)
- [Commits](https://github.com/isaacs/node-mkdirp/compare/0.5.1...v0.5.6)

---
updated-dependencies:
- dependency-name: minimist
  dependency-type: indirect
- dependency-name: mkdirp
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-03-03 01:26:17 +00:00
Ilya Shipitsin 1519e23b3e Merge pull request #1795 from metalefty/se-vs-de 
README: SEvsDE: document AES-NI hardware acceleration support
 2023-03-02 16:28:35 +06:00
Koichiro IWAO f7d33568f3 README: SEvsDE: document AES-NI hardware acceleration support 
Stable Edition requires intel_aes_lib to enable AES-NI [1]. Developer
Edition depends on OpeSSL to use AES-NI. It is enabled by default as
long as processor supports it.

[1] https://github.com/SoftEtherVPN/SoftEtherVPN_Stable/blob/bf23fe0/src/Mayaqua/Encrypt.c#L145-L147
 2023-03-02 18:44:02 +09:00
Koichiro IWAO 1fe26ccb6c Cedar: Trim contiguous whitespaces in version string 
Before change, contiguous whitespaces appeared in version string.
This room is for beta string (such as Alpha, Beta) and beta number but
it looks a bit odd if the build is not alpha/beta/RC.

> Version 5.02 Build 5180 Alpha 3 (Japanese)
> Version 5.02 Build 5180 Beta 3 (Japanese)
> Version 5.02 Build 5180 Release Candidate 3 (Japanese)
> Version 5.02 Build 5180   (Japanese)
>                        ^^^

Now version string looks neat like this:

> Version 5.02 Build 5180 (Japanese)
> Version 5.02 Build 5180 Release Candidate 3 (Japanese)
 2023-03-01 16:14:04 +09:00
Ilya Shipitsin 8c64dc0cd7 Merge pull request #1781 from metalefty/vm-detection/freebsd-on-vm 
Mayaqua/Unix: Make VM detection work on FreeBSD
 2023-02-28 20:32:26 +06:00
Koichiro IWAO bedf1cd7e9 Mayaqua/Unix: Make VM detection work on FreeBSD 
This is just a cosmetic problem in the result of "Caps" command which
gets the list of server functions/capability.  There's no behavioural
change in SoftEtherVPN whether running on VM so far.
 2023-02-28 20:08:04 +09:00
Ilya Shipitsin d7c487619a Merge pull request #1780 from chipitsine/master 
CI: bump Ubuntu to newer version, install missing DCO dependencies
 2023-02-28 08:31:52 +06:00
Ilya Shipitsin 2b7b728077 CI: bump Ubuntu to newer version, install missing DCO dependencies 2023-02-27 20:51:23 +06:00
Yihong Wu cd2838795b Radius: Make sure MS-CHAP response matches the original username 2023-02-27 08:37:23 +00:00
Yihong Wu 4ff9c6393a Support all EAP methods for PPP sessions with RADIUS 2023-02-27 08:37:23 +00:00
Yihong Wu e81ecbb0ec Support EAP auth with RADIUS server for SEVPN 2023-02-24 13:05:34 +00:00
Yihong Wu e20fa9ec2e Merge pull request #1773 from domosekai/radius 
Cedar/Proto_PPP: Fix radius authentication
 2023-02-24 11:36:42 +08:00
Yihong Wu 1741dfdccc Cedar/Proto_PPP: Fix radius authentication 2023-02-23 13:03:10 +00:00
Yihong Wu d045d1eeb7 Merge pull request #1771 from ChurchillSD/master 
Fix Incorrect password hash on documentation
 2023-02-21 10:16:34 +08:00
Yihong Wu cc61b5b3c3 Merge pull request #1772 from domosekai/udp 
Mayaqua/Network: Fix empty packet being treated as error
 2023-02-21 10:14:36 +08:00
Yihong Wu eea1de3d25 Mayaqua/Network: Fix empty packet being treated as error 2023-02-19 05:41:55 +00:00
Hector 7e19bbc421 Fix Incorrect password hash on documentation 2023-02-17 11:30:55 +00:00
Yihong Wu d49b9f108b Merge pull request #1762 from Evengard/ppp-coverity-fixes 
Fixing up coverity report flags from #1760 and #1761
 2023-02-05 00:15:51 +09:00
Evengard c67d9ee201 Fixing up coverity report flags from #1760 and #1761 2023-02-04 17:47:20 +03:00
Yihong Wu 1062692d08 Merge pull request #1759 from domosekai/fixtls 
Fix thread safety after #1751
 2023-02-02 17:40:23 +09:00
Yihong Wu 025ebec4cc Fix thread safety after #1751 2023-02-02 06:53:30 +00:00
Ilya Shipitsin 11828be9e6 Merge pull request #1751 from Evengard/eap-tls-fixups 
TLS 1.3 for EAP-TLS, user search by certificate CN
 2023-02-01 09:47:38 +06:00
Evengard edcdc923ad Reworked EAP-TLS 1.3 to account for RFC9190, implemented searching by certificate instead of certificate CN 2023-01-31 20:33:18 +03:00
Yihong Wu 7c642c7d55 Merge pull request #1758 from domosekai/ipv6rs 
Cedar/IPC: Change IPv6 router lookup to non-blocking
 2023-01-31 19:52:10 +09:00
Yihong Wu 6ce91e9c81 Cedar/IPC: Change IPv6 router lookup to non-blocking 
Fix #1755
 2023-01-31 05:20:40 +00:00
Ilya Shipitsin 064d211fab Merge pull request #1757 from domosekai/domosekai-patch-1 
Cedar/Proto_PPP: Fix memory leak
 2023-01-31 01:52:07 +06:00
Yihong Wu 43aaca509d Cedar/Proto_PPP: Fix memory leak 2023-01-30 20:24:45 +09:00
Yihong Wu f4934abc9a Merge pull request #1755 from domosekai/ipv6cp 
Cedar/IPC: Improve IPv6CP configuration
 2023-01-29 03:34:56 +09:00
Yihong Wu 0cdf0eacbf Cedar/IPC: Improve IPv6CP configuration 2023-01-28 09:05:28 +00:00
Ilya Shipitsin 0e8174c6cf Merge pull request #1754 from libnumafly/patch-1 
add requirements package on Debian/Ubuntu
 2023-01-25 22:56:56 +06:00
Kensei Sakai 54593e8cac add requirements package on Debian/Ubuntu 
On Ubuntu Server 22.04 LTS (and newer?), the ./configure command fails because the 'pkgconf' package is not installed by default. Suggest that the 'pkgconf' package be installed in this command line.
 2023-01-26 01:35:37 +09:00
Evengard 26403c70e3 Reworking the EAP CN matching option from admin options to extended options 2023-01-24 12:18:20 +03:00
Evengard 0a60cdf141 Hiding the EAP-TLS match user by certificate behind an admin option, disabled by default 2023-01-24 11:48:49 +03:00
Evengard 149096e13c * Implementing user search by certificate common name. 
* Reworking EAP-TLS flow
* Implementing iterative TLS downgrade supporting PPPD TLS 1.3+Tickets, Windows TLS 1.3 w/o Tickets, VPN Client Pro TLS 1.2.
 2023-01-23 23:57:19 +03:00
Ilya Shipitsin 8362637353 Merge pull request #1749 from chipitsine/master 
src/Mayaqua/Unix.c: improve memory allocation handling according to Coverity
 2023-01-15 22:09:00 +06:00
Ilya Shipitsin c7766d072b src/Mayaqua/Unix.c: improve memory allocation handling according to Coverity 
1875        if (mutex == NULL)
1876        {
    CID 367204 (#1 of 1): Resource leak (RESOURCE_LEAK)4. leaked_storage: Variable lock going out of scope leaks the storage it points to.
1877                return NULL;
1878        }
 2023-01-15 13:30:37 +06:00
Ilya Shipitsin 8215de91f9 Merge pull request #1747 from chipitsine/master 
src/Cedar/Virtual.c: mute Coverity warning
 2023-01-14 23:46:27 +06:00
Ilya Shipitsin 6a5f4b0dfd src/Cedar/Virtual.c: mute Coverity warning 
4272                FreeBlock(block);
    CID 375153 (#1 of 1): Uninitialized scalar variable (UNINIT)44. uninit_use: Using uninitialized value send_size.
4273                if (send_size == 0)
 2023-01-14 21:38:28 +06:00
Yihong Wu 58c0e1ded4 Merge pull request #1740 from domosekai/cmake 
Mayaqua/CMakeLists: Fix win32 build without vcpkg
 2023-01-07 09:52:12 +08:00
Yihong Wu 6e48227d93 Update CMakeLists.txt 2023-01-07 10:27:47 +09:00
Yihong Wu 1b79df7954 Mayaqua/CMakeLists: Fix win32 build without vcpkg 2023-01-06 22:32:28 +09:00
Ilya Shipitsin cbb90c5f23 Merge pull request #1738 from SoftEtherVPN/dependabot/npm_and_yarn/src/bin/hamcore/wwwroot/admin/default/json5-and-ts-loader-and-webpack-and-webpack-cli--removed 
Bump json5, ts-loader, webpack and webpack-cli in /src/bin/hamcore/wwwroot/admin/default
 2023-01-01 19:40:00 +06:00
dependabot[bot] 2e8723b967 Bump json5, ts-loader, webpack and webpack-cli 
Removes [json5](https://github.com/json5/json5). It's no longer used after updating ancestor dependencies [json5](https://github.com/json5/json5), [ts-loader](https://github.com/TypeStrong/ts-loader), [webpack](https://github.com/webpack/webpack) and [webpack-cli](https://github.com/webpack/webpack-cli). These dependencies need to be updated together.


Removes `json5`

Updates `ts-loader` from 6.0.1 to 9.4.2
- [Release notes](https://github.com/TypeStrong/ts-loader/releases)
- [Changelog](https://github.com/TypeStrong/ts-loader/blob/main/CHANGELOG.md)
- [Commits](https://github.com/TypeStrong/ts-loader/compare/v6.0.1...v9.4.2)

Updates `webpack` from 4.32.2 to 5.75.0
- [Release notes](https://github.com/webpack/webpack/releases)
- [Commits](https://github.com/webpack/webpack/compare/v4.32.2...v5.75.0)

Updates `webpack-cli` from 3.3.12 to 5.0.1
- [Release notes](https://github.com/webpack/webpack-cli/releases)
- [Changelog](https://github.com/webpack/webpack-cli/blob/master/CHANGELOG.md)
- [Commits](https://github.com/webpack/webpack-cli/compare/v3.3.12...webpack-cli@5.0.1)

---
updated-dependencies:
- dependency-name: json5
  dependency-type: indirect
- dependency-name: ts-loader
  dependency-type: direct:development
- dependency-name: webpack
  dependency-type: direct:development
- dependency-name: webpack-cli
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-01 08:28:23 +00:00
Ilya Shipitsin 64396e2c05 Merge pull request #1737 from SoftEtherVPN/dependabot/npm_and_yarn/developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-nodejs-package/json5-and-ts-loader--removed 
Bump json5 and ts-loader in /developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-nodejs-package
 2023-01-01 14:27:25 +06:00
dependabot[bot] 89cc6ae717 Bump json5 and ts-loader 
Removes [json5](https://github.com/json5/json5). It's no longer used after updating ancestor dependency [ts-loader](https://github.com/TypeStrong/ts-loader). These dependencies need to be updated together.


Removes `json5`

Updates `ts-loader` from 6.0.1 to 9.4.2
- [Release notes](https://github.com/TypeStrong/ts-loader/releases)
- [Changelog](https://github.com/TypeStrong/ts-loader/blob/main/CHANGELOG.md)
- [Commits](https://github.com/TypeStrong/ts-loader/compare/v6.0.1...v9.4.2)

---
updated-dependencies:
- dependency-name: json5
  dependency-type: indirect
- dependency-name: ts-loader
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-01 08:00:19 +00:00
Ilya Shipitsin ec3769ba32 Merge pull request #1731 from chipitsine/master 
LibreSSL-3.7.0 compatibility
 2022-12-26 07:08:28 +06:00
Ilya Shipitsin 86e44e8d7b LibreSSL-3.7.0 compatibility 2022-12-25 11:35:29 +06:00
Ilya Shipitsin 260413d242 Merge pull request #1718 from SoftEtherVPN/dependabot/npm_and_yarn/src/bin/hamcore/wwwroot/admin/default/decode-uri-component-0.2.2 
Bump decode-uri-component from 0.2.0 to 0.2.2 in /src/bin/hamcore/wwwroot/admin/default
 2022-12-03 19:11:03 +05:00
dependabot[bot] 99374ba446 Bump decode-uri-component in /src/bin/hamcore/wwwroot/admin/default 
Bumps [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) from 0.2.0 to 0.2.2.
- [Release notes](https://github.com/SamVerschueren/decode-uri-component/releases)
- [Commits](https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.2)

---
updated-dependencies:
- dependency-name: decode-uri-component
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-12-03 13:51:53 +00:00
Davide Beatrici 23c3e1d9e5 README.md: Update OneDev URL 
https://code.onedev.io/onedev/server/~issues/458
 2022-11-29 02:08:17 +01:00
Yihong Wu 68283fca80 Merge pull request #1715 from domosekai/domosekai-patch-1 
Add build instruction for dynamic linking OpenSSL
 2022-11-27 19:52:10 +09:00
Yihong Wu d8e56f9dbc Add build instruction for dynamic linking OpenSSL 
Co-authored-by: Davide Beatrici <github@davidebeatrici.dev>
 2022-11-27 19:33:52 +09:00
Davide Beatrici dca2eaa370 Merge PR #1707: FreeBSD CI: Add test with OpenSSL 3.0.x 2022-11-22 19:33:27 +01:00
Koichiro IWAO c223fbe8a3 FreeBSD CI: Add test with OpenSSL 3.0.x 
As the stable version uses OpenSSL 3.0.x, it is nice to perform test
with OpenSSL 3.0.x as well.

Also, update FreeBSD to 13.1.
 2022-11-23 00:27:39 +09:00
Yihong Wu 334e8be915 Merge pull request #1703 from metalefty/shortcut_key_fix 
Cedar/CM.c: Fix wrong shortcut key assignment in the menu
 2022-11-17 16:18:42 +09:00
Koichiro IWAO e2ad7d5e8f Fix wrong shortcut key assignment 
Fixes #1702.
 2022-11-17 16:11:30 +09:00
Ilya Shipitsin 9eb9d57c27 Merge pull request #1700 from SoftEtherVPN/dependabot/npm_and_yarn/src/bin/hamcore/wwwroot/admin/default/kind-of-6.0.3 
Bump kind-of from 6.0.2 to 6.0.3 in /src/bin/hamcore/wwwroot/admin/default
 2022-11-12 21:00:03 +05:00
Ilya Shipitsin 28ec0d54b8 Merge pull request #1697 from SoftEtherVPN/dependabot/npm_and_yarn/src/bin/hamcore/wwwroot/admin/default/yargs-parser-13.1.2 
Bump yargs-parser from 11.1.1 to 13.1.2 in /src/bin/hamcore/wwwroot/admin/default
 2022-11-12 20:56:54 +05:00
dependabot[bot] 506677bf60 Bump kind-of in /src/bin/hamcore/wwwroot/admin/default 
Bumps [kind-of](https://github.com/jonschlinkert/kind-of) from 6.0.2 to 6.0.3.
- [Release notes](https://github.com/jonschlinkert/kind-of/releases)
- [Changelog](https://github.com/jonschlinkert/kind-of/blob/master/CHANGELOG.md)
- [Commits](https://github.com/jonschlinkert/kind-of/compare/6.0.2...6.0.3)

---
updated-dependencies:
- dependency-name: kind-of
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-11-12 15:42:01 +00:00
dependabot[bot] 6a1b55293c Bump yargs-parser in /src/bin/hamcore/wwwroot/admin/default 
Bumps [yargs-parser](https://github.com/yargs/yargs-parser) from 11.1.1 to 13.1.2.
- [Release notes](https://github.com/yargs/yargs-parser/releases)
- [Changelog](https://github.com/yargs/yargs-parser/blob/main/docs/CHANGELOG-full.md)
- [Commits](https://github.com/yargs/yargs-parser/commits)

---
updated-dependencies:
- dependency-name: yargs-parser
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-11-12 15:39:28 +00:00
Ilya Shipitsin 49c1a84752 Merge pull request #1699 from SoftEtherVPN/dependabot/npm_and_yarn/src/bin/hamcore/wwwroot/admin/default/serialize-javascript-and-terser-webpack-plugin-4.0.0 
Bump serialize-javascript and terser-webpack-plugin in /src/bin/hamcore/wwwroot/admin/default
 2022-11-12 20:35:18 +05:00
Ilya Shipitsin 34a9a7bc46 Merge pull request #1698 from SoftEtherVPN/dependabot/npm_and_yarn/src/bin/hamcore/wwwroot/admin/default/set-value-and-union-value-2.0.1 
Bump set-value and union-value in /src/bin/hamcore/wwwroot/admin/default
 2022-11-12 20:22:47 +05:00
Ilya Shipitsin bf9ebe21ff Merge pull request #1701 from chipitsine/master 
CI: install libcap-ng-dev as OpenVPN dependency
 2022-11-12 20:22:19 +05:00
dependabot[bot] e7980ae9b1 Bump serialize-javascript and terser-webpack-plugin 
Bumps [serialize-javascript](https://github.com/yahoo/serialize-javascript) and [terser-webpack-plugin](https://github.com/webpack-contrib/terser-webpack-plugin). These dependencies needed to be updated together.

Updates `serialize-javascript` from 1.7.0 to 4.0.0
- [Release notes](https://github.com/yahoo/serialize-javascript/releases)
- [Commits](https://github.com/yahoo/serialize-javascript/compare/v1.7.0...v4.0.0)

Updates `terser-webpack-plugin` from 1.3.0 to 1.4.5
- [Release notes](https://github.com/webpack-contrib/terser-webpack-plugin/releases)
- [Changelog](https://github.com/webpack-contrib/terser-webpack-plugin/blob/v1.4.5/CHANGELOG.md)
- [Commits](https://github.com/webpack-contrib/terser-webpack-plugin/compare/v1.3.0...v1.4.5)

---
updated-dependencies:
- dependency-name: serialize-javascript
  dependency-type: indirect
- dependency-name: terser-webpack-plugin
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-11-12 14:44:52 +00:00
dependabot[bot] 9f53cf5bdb Bump set-value and union-value in /src/bin/hamcore/wwwroot/admin/default 
Bumps [set-value](https://github.com/jonschlinkert/set-value) and [union-value](https://github.com/jonschlinkert/union-value). These dependencies needed to be updated together.

Updates `set-value` from 2.0.0 to 2.0.1
- [Release notes](https://github.com/jonschlinkert/set-value/releases)
- [Commits](https://github.com/jonschlinkert/set-value/compare/2.0.0...2.0.1)

Updates `union-value` from 1.0.0 to 1.0.1
- [Release notes](https://github.com/jonschlinkert/union-value/releases)
- [Commits](https://github.com/jonschlinkert/union-value/compare/1.0.0...1.0.1)

---
updated-dependencies:
- dependency-name: set-value
  dependency-type: indirect
- dependency-name: union-value
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-11-12 14:43:12 +00:00
Ilya Shipitsin 1027dbf385 CI: install libcap-ng-dev as OpenVPN dependency 2022-11-12 19:42:37 +05:00
Ilya Shipitsin 675b78e502 Merge pull request #1696 from SoftEtherVPN/dependabot/npm_and_yarn/developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-nodejs-package/minimatch-3.1.2 
Bump minimatch from 3.0.4 to 3.1.2 in /developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-nodejs-package
 2022-11-12 19:36:27 +05:00
Ilya Shipitsin c492276a94 Merge pull request #1695 from SoftEtherVPN/dependabot/npm_and_yarn/src/bin/hamcore/wwwroot/admin/default/glob-parent-and-watchpack-5.1.2 
Bump glob-parent and watchpack in /src/bin/hamcore/wwwroot/admin/default
 2022-11-12 19:36:00 +05:00
Ilya Shipitsin 661e61538e Merge pull request #1694 from SoftEtherVPN/dependabot/npm_and_yarn/src/bin/hamcore/wwwroot/admin/default/ansi-regex-3.0.1 
Bump ansi-regex from 3.0.0 to 3.0.1 in /src/bin/hamcore/wwwroot/admin/default
 2022-11-12 19:34:56 +05:00
Ilya Shipitsin b5a83cc208 Merge pull request #1691 from SoftEtherVPN/dependabot/npm_and_yarn/src/bin/hamcore/wwwroot/admin/default/loader-utils-1.4.2 
Bump loader-utils from 1.2.3 to 1.4.2 in /src/bin/hamcore/wwwroot/admin/default
 2022-11-12 19:34:07 +05:00
dependabot[bot] 7f65bae400 Bump minimatch 
Bumps [minimatch](https://github.com/isaacs/minimatch) from 3.0.4 to 3.1.2.
- [Release notes](https://github.com/isaacs/minimatch/releases)
- [Commits](https://github.com/isaacs/minimatch/compare/v3.0.4...v3.1.2)

---
updated-dependencies:
- dependency-name: minimatch
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-11-12 14:27:01 +00:00
Ilya Shipitsin 3781d0f91c Merge pull request #1690 from SoftEtherVPN/dependabot/npm_and_yarn/src/bin/hamcore/wwwroot/admin/default/minimatch-3.1.2 
Bump minimatch from 3.0.4 to 3.1.2 in /src/bin/hamcore/wwwroot/admin/default
 2022-11-12 19:26:36 +05:00
Ilya Shipitsin d76888434b Merge pull request #1692 from SoftEtherVPN/dependabot/npm_and_yarn/developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-nodejs-package/minimist-and-mkdirp-1.2.7 
Bump minimist and mkdirp in /developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-nodejs-package
 2022-11-12 19:26:00 +05:00
dependabot[bot] b6d2ec3b76 Bump glob-parent and watchpack in /src/bin/hamcore/wwwroot/admin/default 
Bumps [glob-parent](https://github.com/gulpjs/glob-parent) and [watchpack](https://github.com/webpack/watchpack). These dependencies needed to be updated together.

Updates `glob-parent` from 3.1.0 to 5.1.2
- [Release notes](https://github.com/gulpjs/glob-parent/releases)
- [Changelog](https://github.com/gulpjs/glob-parent/blob/main/CHANGELOG.md)
- [Commits](https://github.com/gulpjs/glob-parent/compare/v3.1.0...v5.1.2)

Updates `watchpack` from 1.6.0 to 1.7.5
- [Release notes](https://github.com/webpack/watchpack/releases)
- [Commits](https://github.com/webpack/watchpack/compare/v1.6.0...v1.7.5)

---
updated-dependencies:
- dependency-name: glob-parent
  dependency-type: indirect
- dependency-name: watchpack
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-11-12 09:32:44 +00:00
dependabot[bot] 4ebf713911 Bump ansi-regex in /src/bin/hamcore/wwwroot/admin/default 
Bumps [ansi-regex](https://github.com/chalk/ansi-regex) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/chalk/ansi-regex/releases)
- [Commits](https://github.com/chalk/ansi-regex/compare/v3.0.0...v3.0.1)

---
updated-dependencies:
- dependency-name: ansi-regex
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-11-12 09:31:04 +00:00
dependabot[bot] 4981008534 Bump minimist and mkdirp 
Bumps [minimist](https://github.com/minimistjs/minimist) and [mkdirp](https://github.com/isaacs/node-mkdirp). These dependencies needed to be updated together.

Updates `minimist` from 1.2.0 to 1.2.7
- [Release notes](https://github.com/minimistjs/minimist/releases)
- [Changelog](https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md)
- [Commits](https://github.com/minimistjs/minimist/compare/v1.2.0...v1.2.7)

Updates `mkdirp` from 0.5.1 to 0.5.6
- [Release notes](https://github.com/isaacs/node-mkdirp/releases)
- [Changelog](https://github.com/isaacs/node-mkdirp/blob/main/CHANGELOG.md)
- [Commits](https://github.com/isaacs/node-mkdirp/compare/0.5.1...v0.5.6)

---
updated-dependencies:
- dependency-name: minimist
  dependency-type: indirect
- dependency-name: mkdirp
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-11-12 09:15:56 +00:00
dependabot[bot] b5727b3525 Bump loader-utils in /src/bin/hamcore/wwwroot/admin/default 
Bumps [loader-utils](https://github.com/webpack/loader-utils) from 1.2.3 to 1.4.2.
- [Release notes](https://github.com/webpack/loader-utils/releases)
- [Changelog](https://github.com/webpack/loader-utils/blob/v1.4.2/CHANGELOG.md)
- [Commits](https://github.com/webpack/loader-utils/compare/v1.2.3...v1.4.2)

---
updated-dependencies:
- dependency-name: loader-utils
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-11-12 09:14:27 +00:00
dependabot[bot] 372759d2ad Bump minimatch in /src/bin/hamcore/wwwroot/admin/default 
Bumps [minimatch](https://github.com/isaacs/minimatch) from 3.0.4 to 3.1.2.
- [Release notes](https://github.com/isaacs/minimatch/releases)
- [Commits](https://github.com/isaacs/minimatch/compare/v3.0.4...v3.1.2)

---
updated-dependencies:
- dependency-name: minimatch
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-11-12 09:14:23 +00:00
Ilya Shipitsin 86e28db3d7 Merge pull request #1689 from SoftEtherVPN/dependabot/npm_and_yarn/developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-nodejs-package/loader-utils-1.4.2 
Bump loader-utils from 1.2.3 to 1.4.2 in /developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-nodejs-package
 2022-11-12 14:13:34 +05:00
dependabot[bot] 797696a9f4 Bump loader-utils 
Bumps [loader-utils](https://github.com/webpack/loader-utils) from 1.2.3 to 1.4.2.
- [Release notes](https://github.com/webpack/loader-utils/releases)
- [Changelog](https://github.com/webpack/loader-utils/blob/v1.4.2/CHANGELOG.md)
- [Commits](https://github.com/webpack/loader-utils/compare/v1.2.3...v1.4.2)

---
updated-dependencies:
- dependency-name: loader-utils
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-11-12 03:11:42 +00:00
tickerguy 0643ae70f5 Update BridgeUnix.c 
On FreeBSD the stock code will attempt to expand the interface MTU any time a packet is to be sent that exceeds the current MTU.  This results in a down/up on the interface that is wildly disruptive to existing services on that adapter and, eventually, is likely to run into MTU limits and start logging failures, even with jumbo-frame capable adapters.  Thus if compiling on a FreeBSD machine disable this capability.  Tested against 12.3-STABLE and 13.1-STABLE on v4.38-9760 from the FreeBSD ports tree but likely applies here as well; see bug report https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=267178
 2022-10-19 12:39:32 -04:00
Yihong Wu 8ae0a932da Merge pull request #1666 from domosekai/domosekai-patch-1 
Add edition comparison to README.md
 2022-09-27 11:41:53 +09:00
Yihong Wu bfee06d144 Add comparison with Stable Edition 2022-09-27 11:37:34 +09:00
Yihong Wu e4f9abba1c Merge pull request #1659 from domosekai/route6 2022-09-16 20:01:55 +09:00
Yihong Wu 05fa675d5a Exclude inactive routes in Windows routing management 2022-09-16 17:25:11 +09:00
Yihong Wu ac04c469c7 Merge pull request #1657 from domosekai/detail 2022-09-14 10:06:46 +09:00
Yihong Wu dc5da0c6a9 Zero out protocol strings when reconnecting 2022-09-13 19:14:33 +09:00
Davide Beatrici e85fc4435e README.md: Replace Codeberg with OneDev, update GitLab URL 2022-08-07 23:23:57 +02:00
Davide Beatrici cf38a3b6c2 Merge PR #1641: fix typo of disclaimers 2022-08-03 19:39:41 +02:00
Guest126 04569c81c7 fix typo 2022-08-03 23:30:05 +09:00
Ilya Shipitsin 6adc996bf9 Merge pull request #1627 from SoftEtherVPN/dependabot/npm_and_yarn/src/bin/hamcore/wwwroot/admin/default/terser-4.8.1 
Bump terser from 4.0.0 to 4.8.1 in /src/bin/hamcore/wwwroot/admin/default
 2022-07-22 15:22:21 +05:00
dependabot[bot] fa99fde893 Bump terser in /src/bin/hamcore/wwwroot/admin/default 
Bumps [terser](https://github.com/terser/terser) from 4.0.0 to 4.8.1.
- [Release notes](https://github.com/terser/terser/releases)
- [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/terser/terser/commits)

---
updated-dependencies:
- dependency-name: terser
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-07-20 08:39:28 +00:00
Ilya Shipitsin d854fd6baf Merge pull request #1618 from SoftEtherVPN/dependabot/nuget/developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-csharp/Newtonsoft.Json-13.0.1 
Bump Newtonsoft.Json from 11.0.2 to 13.0.1 in /developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-csharp
 2022-06-24 10:45:25 +05:00
Ilya Shipitsin ee1ecf8b42 Merge pull request #1617 from SoftEtherVPN/dependabot/nuget/developer_tools/vpnserver-jsonrpc-codegen/Newtonsoft.Json-13.0.1 
Bump Newtonsoft.Json from 11.0.2 to 13.0.1 in /developer_tools/vpnserver-jsonrpc-codegen
 2022-06-24 10:44:47 +05:00
dependabot[bot] 1ba86c0dc1 Bump Newtonsoft.Json 
Bumps [Newtonsoft.Json](https://github.com/JamesNK/Newtonsoft.Json) from 11.0.2 to 13.0.1.
- [Release notes](https://github.com/JamesNK/Newtonsoft.Json/releases)
- [Commits](https://github.com/JamesNK/Newtonsoft.Json/compare/11.0.2...13.0.1)

---
updated-dependencies:
- dependency-name: Newtonsoft.Json
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-22 21:07:32 +00:00
dependabot[bot] d8768367b9 Bump Newtonsoft.Json in /developer_tools/vpnserver-jsonrpc-codegen 
Bumps [Newtonsoft.Json](https://github.com/JamesNK/Newtonsoft.Json) from 11.0.2 to 13.0.1.
- [Release notes](https://github.com/JamesNK/Newtonsoft.Json/releases)
- [Commits](https://github.com/JamesNK/Newtonsoft.Json/compare/11.0.2...13.0.1)

---
updated-dependencies:
- dependency-name: Newtonsoft.Json
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-22 21:07:27 +00:00
Davide Beatrici a14d812dcb Merge PR #1610: Proto_OpenVPN: Set max allowed ACKs to 8 for P_ACK_V1 2022-06-14 04:53:56 +02:00
Yihong Wu 49ea58dd58 Merge pull request #1611 from domosekai/mss 
Adjust TCP MSS if UDP acceleration is enabled (even if inactive)
 2022-06-14 11:26:26 +09:00
Arne Schwabe 37aa1ba534 Proto_OpenVPN: Set max allowed ACKs to 8 for P_ACK_V1 
OpenVPN always allowed 8 ACKs in P_ACK_V1 packets but only used
up to 4 in other control packets. Since Softether drops all packets with
more than 4 ACKs it also drops legimate P_ACK_V1.

See also this issue: https://github.com/schwabe/ics-openvpn/issues/1486
 2022-06-14 00:06:02 +02:00
Yihong Wu 3ed7f7cbce Adjust TCP MSS if UDP acceleration is enabled (even if inactive) 2022-06-13 22:15:44 +09:00
Yihong Wu 209f60f079 Merge pull request #1604 from domosekai/docs 2022-05-29 10:47:59 +09:00
Yihong Wu 333cbb3f29 Update Windows build instructions 
Co-authored-by: Davide Beatrici <github@davidebeatrici.dev>
 2022-05-28 15:26:23 +09:00
Yihong Wu 5146bbbadc Remove vcpkg baseline as openssl build has been fixed upstream 2022-05-28 15:26:23 +09:00
Yihong Wu e74d9dec25 Merge pull request #1593 from domosekai/cm 2022-05-26 12:54:09 +09:00
Yihong Wu ad4ce138e9 Merge pull request #1594 from domosekai/tray 
Show connection names in tray tips
 2022-05-16 15:23:36 +09:00
Yihong Wu 34d443648b Merge pull request #1596 from domosekai/route 
Fix route tracking on x86 Windows
 2022-05-16 10:55:37 +09:00
Yihong Wu 27d7f4cfbe Fix route tracking on x86 Windows 2022-05-15 19:42:57 +09:00
Yihong Wu 4a3b4589c6 Show connection names in icon tips 2022-05-15 15:22:46 +08:00
Yihong Wu 53d8b10de2 Remove CM timer event to fix taskbar behavior on Win 11 2022-05-14 14:05:31 +08:00
Yihong Wu ca996ed89a Merge pull request #1522 from domosekai/tls 
Implement complete server certificate verification
 2022-05-12 23:38:38 +08:00
Davide Beatrici 0d075f0b42 Merge PR #1592: Fix invalid systemd TasksMax 2022-05-11 20:21:58 +02:00
Yihong Wu 8f3915417f Fix invalid systemd TasksMax 2022-05-11 18:23:48 +08:00
Davide Beatrici bf206bd7ad Merge PR #1589: Fix static route pushing to OpenVPN clients 2022-05-10 21:09:19 +02:00
Daehun Hyun cb6d9531b5 Fixed an issue where routing was not added when receiving DHCP static routing options. 2022-05-10 17:35:01 +09:00
Davide Beatrici 2f1bff96b2 Merge PR #1587: Implement additional option for PrivacyFilter Mode settings 2022-05-09 20:21:23 +02:00
sfreet 5a0227ba1d Allow packets if the both source and destination session users are the same, even in PrivacyFilter mode 2022-05-09 15:45:55 +09:00
Yihong Wu 4f9c75a3a7 Merge pull request #1582 from domosekai/vcpkg 
Add vcpkg manifest, VS presets and update build instruction for Windows
 2022-04-30 15:38:05 +08:00
Yihong Wu 0735af9fdf Warn user if vcpkg is not integrated with VS 2022-04-30 15:03:32 +08:00
Yihong Wu ca226cdc9d Add CMakeSettings.json to facilitate VS configuration 
Update build instructions for Windows
 2022-04-30 15:03:05 +08:00
Yihong Wu 900947bd08 Use vcpkg manifest and pin to OpenSSL 1.1.1 2022-04-30 15:03:05 +08:00
Yihong Wu 817ecf2348 Merge pull request #1583 from domosekai/domosekai-patch-1 
Fix Azure x86 environment inconsistency
 2022-04-29 16:07:45 +08:00
Yihong Wu a8be4c38e1 Fix inconsistent Azure environment and compiler 2022-04-29 13:43:22 +08:00
Yihong Wu c8dca265b4 Merge pull request #1576 from domosekai/ipv6 
Fix IPv6 ND for Windows 11 PPP clients
 2022-04-27 20:37:25 +08:00
Yihong Wu 4c2e0867e4 Merge pull request #1581 from domosekai/pkcs12 
Fix PKCS12 import under OpenSSL 3.0
 2022-04-27 09:59:10 +08:00
Yihong Wu b3afbe37e9 Load legacy provider under OpenSSL 3.0 2022-04-26 22:00:15 +08:00
Yihong Wu 3a91490b7f Merge pull request #1580 from updatede/patch-2 
Fix udp acceleration unusable on big endian system
 2022-04-26 10:18:04 +08:00
updatede b4bb90ec5b Fix udp acceleration unusable on big endian system 
On big endian system, while store 32 bits and 16bits number in memory of  UINT64 variable "tmp", first 4 bytes of it always be zero makes "cookie" and "size" always be zero, lead to udpaccel unusable.
 2022-04-25 18:16:50 +08:00
Yihong Wu 192d4938da Merge pull request #1578 from SoftEtherVPN/domosekai-vs2022 
Upgrade CI template for Visual Studio 2022
 2022-04-21 10:02:00 +08:00
Yihong Wu 43f0d3b4fa Upgrade CI template for Visual Studio 2022 2022-04-21 00:09:18 +08:00
Yihong Wu a742e2d193 Fix IPv6 ND for Windows 11 PPP clients 2022-04-08 00:37:38 +08:00
Yihong Wu fade8672c2 Merge pull request #1574 from domosekai/str 2022-04-02 11:21:47 +08:00
Yihong Wu 992a998a34 Add missing translation for protocol details 2022-04-01 22:18:54 +08:00
Yihong Wu 3c0e3fa49c Merge pull request #1564 from domosekai/bulk 2022-03-21 10:13:56 +08:00
Davide Beatrici c6334a44f9 Merge PR #1561: Bump tar from 4.4.8 to 4.4.19 2022-03-20 20:10:43 +01:00
Yihong Wu d86cf181bf Fix UDP bulk v2 and protocol display 2022-03-20 16:48:15 +08:00
dependabot[bot] e8b88fd225 Bump tar from 4.4.8 to 4.4.19 in /src/bin/hamcore/wwwroot/admin/default 
Bumps [tar](https://github.com/npm/node-tar) from 4.4.8 to 4.4.19.
- [Release notes](https://github.com/npm/node-tar/releases)
- [Changelog](https://github.com/npm/node-tar/blob/main/CHANGELOG.md)
- [Commits](https://github.com/npm/node-tar/compare/v4.4.8...v4.4.19)

---
updated-dependencies:
- dependency-name: tar
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-03-19 19:17:31 +00:00
Davide Beatrici 9764485774 Merge PR #1551: Bump ajv from 6.10.0 to 6.12.6 2022-03-19 20:16:53 +01:00
Davide Beatrici a52a3928db Merge PR #1556: Fix wrong endianness in InRpcNodeInfo() and OutRpcNodeInfo() 2022-02-22 19:47:09 +01:00
Daiyuu Nobori 32a970f976 Admin.c: Fix wrong endianness in InRpcNodeInfo() and OutRpcNodeInfo() 2022-02-22 19:38:34 +01:00
Daiyuu Nobori 56aedd6817 Memory: Add LittleEndian16(), LittleEndian32() and LittleEndian64() 2022-02-22 19:38:03 +01:00
dependabot[bot] b603d2658a Bump ajv from 6.10.0 to 6.12.6 in /src/bin/hamcore/wwwroot/admin/default 
Bumps [ajv](https://github.com/ajv-validator/ajv) from 6.10.0 to 6.12.6.
- [Release notes](https://github.com/ajv-validator/ajv/releases)
- [Commits](https://github.com/ajv-validator/ajv/compare/v6.10.0...v6.12.6)

---
updated-dependencies:
- dependency-name: ajv
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-02-12 02:08:14 +00:00
Yihong Wu 1e604407af Merge pull request #1533 from tew42/patch-2 
Readme - add info for Windows & macOS nightlies
 2022-02-03 16:45:26 +08:00
Yihong Wu 24926bcc17 Remove reference to macOS and Ubuntu 2022-02-01 12:39:32 +08:00
Ilya Shipitsin a4334753ad Merge pull request #1538 from hww3/hww3/illumos-headers 
Merge pull request #1538: Add missing headers required for solaris/illumos
 2022-01-07 11:13:16 +03:00
H William Welliver fd92c754fc Add missing headers required for solaris/illumos 2022-01-06 23:06:36 -05:00
Davide Beatrici 10b5034f0d FUNDING.yml: Remove Bountysource link 2022-01-03 03:17:56 +01:00
Yihong Wu 0a4455ac40 Add more TLS negotiation info in logging and UI 2021-12-29 17:41:29 +08:00
Yihong Wu f94ac6351e Implement complete server certificate verification 2021-12-29 17:41:29 +08:00
Ilya Shipitsin 034aae5a70 Merge pull request #1534 from weidi/master 
Merge pull request #1534: Fix build error on alpine
 2021-12-27 09:53:58 +03:00
weidi 879bd34af4 trigger alpine build action also on pull request 2021-12-27 07:26:34 +01:00
weidi a4d414891f Merge branch 'musl-workflow' 2021-12-26 21:35:56 +01:00
weidi 09dd8a8b07 endif UNIX_LINUX before BSD 2021-12-26 16:13:53 +01:00
weidi 3c7d78a1bf Merge branch 'SoftEtherVPN:master' into master 2021-12-26 11:51:55 +01:00
Yihong Wu adbbe94675 Merge pull request #1528 from updatede/patch-1 
Mayaqua/Network.h: Fix UDP acceleration under NAT-T connections
 2021-12-26 12:32:48 +08:00
Yihong Wu 1c1560f6ca Apply security level override in azure client mode 2021-12-26 12:12:00 +08:00
Yihong Wu 68dc4e23d8 Improve NAT-T hint string handling 2021-12-26 12:11:51 +08:00
Yihong Wu f6edb5e165 Fix a typo that causes CascadeList to show blank hub name 2021-12-26 12:03:59 +08:00
Yihong Wu a5565fce4b Fix cascade links may start before configuration is loaded 2021-12-26 12:03:59 +08:00
Yihong Wu d95d8ddefa Fix account name in wrong case after editing 2021-12-26 12:03:59 +08:00
Yihong Wu 5ecade7950 Merge pull request #1536 from domosekai/compat 2021-12-26 09:24:51 +08:00
weidi f3905cc421 Merge branch 'musl-workflow' of https://github.com/weidi/SoftEtherVPN into musl-workflow 2021-12-25 22:45:02 +01:00
Johannes Weidacher 3cdad95ee1 Add Musl build github workflow 2021-12-25 22:44:31 +01:00
weidi 1c3dc59892 fiexed configure step 2021-12-25 22:40:03 +01:00
weidi 529d2c232f use checkout@v1 to make submodules work 2021-12-25 22:37:34 +01:00
Johannes Weidacher 7f7d72cca9 Add Musl build github workflow 2021-12-25 22:26:43 +01:00
Johannes Weidacher e65cacdf96 Merge branch 'master' of https://github.com/weidi/SoftEtherVPN 2021-12-25 21:22:20 +01:00
Johannes Weidacher f1b464e84d fix alpine compile issue. 2021-12-25 21:22:06 +01:00
Johannes Weidacher 18598b5d96 Change ifdef for UNIX_LINUX Only 2021-12-25 15:36:52 +01:00
Yihong Wu 51585e63e3 Fix server manager setting compatibility since build 9658 2021-12-25 13:25:34 +08:00
weidi c72d4fddb8 Merge branch 'SoftEtherVPN:master' into master 2021-12-24 08:47:45 +01:00
Yihong Wu 82b6422821 Merge pull request #1532 from domosekai/init 2021-12-24 09:52:50 +08:00
Johannes Weidacher fc15d1ebd5 fix alpine compile issue. 2021-12-23 21:06:19 +01:00
Johannes Weidacher 73ffa10f50 Fix build error on alpine 2021-12-23 20:59:48 +01:00
tew42 a0f831c071 Readme - add info for Windows & macOS nightlies 
This would be a very useful link/info to include I think, or is there some reason not to?

Also a small update to clarify what can be found at softether-download.com
 2021-12-23 13:17:08 +01:00
Yihong Wu 77ee848caa Cedar/SM.c: Fix pointer usage before initialization 2021-12-23 17:23:15 +08:00
updatede 0b74a8e4ce Update Network.h 
Missing argument check lead to wrong value of IsIPv6 of struct UDP_ACCEL in NewUdpAccel(),  eventually lead to UdpAccelInitClient() fail.
 2021-12-22 13:19:50 +08:00
Yihong Wu 918fedb9d4 Merge pull request #1519 from domosekai/dns 
Fix DNS thread safety and other
 2021-12-13 13:51:04 +08:00
Yihong Wu fc94843579 Fix the creation of a zero IPv6 address 
Fix #1517
 2021-12-12 20:05:36 +08:00
Yihong Wu b91d9af5e3 Mayaqua/DNS: Fix memory safety in DNS operation threads 
Fix #1329
 2021-12-12 20:05:36 +08:00
Yihong Wu 2a40d21ef9 Merge pull request #1512 from domosekai/he 
Perform TCP connection via IPv6 and IPv4 in parallel threads
 2021-12-11 17:20:12 +08:00
Yihong Wu 02ee7b45d7 Save the correct server IP for route management 2021-12-10 16:53:28 +08:00
Yihong Wu 384ab07996 Perform TCP connection attempts via IPv6 and IPv4 in parallel 2021-12-10 16:18:45 +08:00
Yihong Wu e6bf956806 Return and cache all addresses from DNS resolver 2021-12-10 16:18:45 +08:00
Yihong Wu 528f313dbe Merge pull request #1511 from domosekai/ipstr 
Fix IPv6 address display in session info dialog
 2021-12-09 12:55:10 +08:00
Yihong Wu 5cac4481f0 Merge pull request #1513 from domosekai/rudp 
Restore R-UDP listener when ListenIP is ::
 2021-12-09 12:54:05 +08:00
Yihong Wu b4aad09f21 Restore R-UDP listener when ListenIP is :: 2021-12-07 21:55:41 +08:00
Yihong Wu 14f5854ecf Fix IPv6 address display in session info dialog 2021-12-07 15:48:32 +08:00
Yihong Wu a9239a6aab Merge pull request #1510 from domosekai/dns6 
Fix DNS resolution when no IPv6 address is configured on any interface
 2021-12-04 20:03:44 +08:00
Yihong Wu b178f26e52 Reduce redundant loop 
Co-authored-by: Davide Beatrici <github@davidebeatrici.dev>
 2021-12-04 16:16:22 +08:00
Yihong Wu 9692a8d961 Fix DNS resolution when no IPv6 address is configured 2021-12-03 14:18:43 +08:00
Yihong Wu 2d1c8765aa Merge pull request #1433 from domosekai/chain 
Support user-specified server trust chain
 2021-11-25 17:15:53 +08:00
Yihong Wu 8392ccd1fa Merge pull request #1391 from domosekai/master 2021-11-25 11:09:12 +08:00
Davide Beatrici 2955dc5580 Merge PR #1507: Change default hub option to allow default router in IPv6 RA 2021-11-24 00:22:04 +01:00
Davide Beatrici 235d5d1d0d Merge PR #1506: Cedar/Proto_PPP: Fix IPC DHCP renewal 2021-11-24 00:20:37 +01:00
Yihong Wu e095283641 Change default hub option to allow default router in IPv6 RA 2021-11-23 23:54:42 +08:00
Yihong Wu fb004345b4 Cedar/Proto_PPP: Fix IPC DHCP renewal 2021-11-23 19:48:46 +08:00
Ilya Shipitsin 9d4970841f Merge pull request #1491 from chipitsine/master 
Merge PR #1491: add "data-ciphers" to generated OpenVPN configs
 2021-10-03 12:47:25 +05:00
Ilya Shipitsin 4d594e00f8 add "data-ciphers" to generated OpenVPN configs 2021-10-02 15:00:20 +05:00
Davide Beatrici d7be057ae0 Merge PR #1489: Fix policy dialog and memory overrun 2021-09-30 21:23:17 +02:00
Yihong Wu 2990b5ae93 Fix memory overrun in policy copy 2021-09-30 19:36:36 +08:00
Yihong Wu 462ebfb960 Fix policy dialog 2021-09-30 16:59:22 +08:00
Davide Beatrici 6e7eba8e71 Merge PR #1486: Fix auto refreshing of client manager 2021-09-28 22:01:19 +02:00
Yihong Wu 8e292138b1 Update AUTHORS.TXT 2021-09-28 22:24:48 +08:00
Yihong Wu 582a739179 Fix auto refreshing of client manager 2021-09-28 20:15:41 +08:00
Yihong Wu 3a2d588722 Merge pull request #1483 from domosekai/ecc 
Support ECDSA certificates on server side and show parameters in dialog
 2021-09-25 20:58:18 +08:00
Yihong Wu 9c2a573cf2 Display key algorithm and parameters in cert dialog 2021-09-24 17:12:51 +08:00
Davide Beatrici 4657d7ee49 Merge PR #1484: Password change from client increments config file revision 2021-09-22 00:28:32 +02:00
Tetsuo Sugiyama c9508b7fb7 Password change from client increments config file revision 
Fixed an issue where changing the password from the client did not increment the revision of the server config file and the changes were not saved
 2021-09-21 18:28:17 +09:00
Yihong Wu 2853337b81 Allow ECDSA certificates on server side 2021-09-20 08:18:36 +00:00
Yihong Wu 03859eb515 Merge pull request #1443 from domosekai/win32 
Add IPv6 route management for Windows client
 2021-09-18 22:12:27 +08:00
Davide Beatrici a56cfac947 Merge PR #1482: Cedar/Protocol.c: Fix connection to server clusters 2021-09-18 10:34:20 +02:00
Yihong Wu 82af38c482 Cedar/Protocol.c: Fix connection to server clusters 2021-09-18 08:06:10 +00:00
Davide Beatrici f74c53b449 Merge PR #1480: CI: gitlab: remove broken tasks, leave only Illumos 2021-09-08 23:03:16 +02:00
Ilya Shipitsin f85dff25dc CI: gitlab: remove broken tasks, leave only Illumos 2021-09-08 21:15:13 +05:00
Ilya Shipitsin f301ba1e60 Merge pull request #1478 from chipitsine/master 
Merge PR #1478: BUILD: use rpath for locating dynamic libraries
 2021-09-08 10:53:49 +05:00
Ilya Shipitsin dcb1023999 BUILD: use rpath for locating dynamic libraries 2021-09-08 10:41:15 +05:00
Davide Beatrici 26c8fbe538 Merge PR #1476: openvpn live tests: change "remote" inplace 2021-08-30 08:16:50 +02:00
Ilya Shipitsin 115b8aab82 openvpn live tests: change "remote" inplace 
command line override is not very stable
 2021-08-30 09:46:45 +05:00
Davide Beatrici 3cc85c1d51 Merge PR #1474: enable Control-flow Enforcement Technology (CET) Shadow Stack mitigation 2021-08-27 21:06:08 +02:00
Ilya Shipitsin fc9286b11b enable Control-flow Enforcement Technology (CET) Shadow Stack mitigation 
for Windows binaries

found by BinSkim
 2021-08-27 12:43:42 +05:00
Davide Beatrici 224abd99b8 Merge PR #1472: Enable Control flow guard and Qspectre protection for windows binaries 2021-08-27 06:45:51 +02:00
Ilya Shipitsin 5adeeb75ea Enable Control flow guard and Qspectre protection for windows binaries 
found by BinSkim
 2021-08-26 23:09:13 +05:00
Davide Beatrici d0fe38384c Merge PR #1471: CI: Azure Pipelines: enable submodules checkout 2021-08-26 19:40:40 +02:00
Ilya Shipitsin 84bc94b232 CI: Azure Pipelines: enable submodules checkout 
it is better to have this enabled in yml, cause it allows to build
from forks easier
 2021-08-26 14:34:09 +05:00
Ilya Shipitsin 78e89eb3c7 Merge pull request #1460 from stevemuskiewicz/sm/rpm-fix-1457 
Merge PR #1460: Redo of PR #1402 with proper fix for #1457
 2021-08-19 19:11:47 +05:00
Steve Muskiewicz fcd00547aa Revert "reapply other RPM fixes from prior PR (service file updates and systemd path exclusions)" 
This reverts commit 0eb0152437.
 2021-08-19 09:50:30 -04:00
Steve Muskiewicz 0eb0152437 reapply other RPM fixes from prior PR (service file updates and systemd path exclusions) 2021-08-19 09:10:26 -04:00
Steve Muskiewicz 472dde05de apply permission fix suggested by @hornos (for #1457) 2021-08-19 08:14:50 -04:00
Ilya Shipitsin 1e6806bee7 Merge pull request #1456 from SoftEtherVPN/revert-1402-sm/rpm-pkg-fixes 
Merge PR #1456: Revert "RPM package and systemd service file fixes (for CentOS 8)"
 2021-08-16 16:09:39 +05:00
Ilya Shipitsin c01d8e6058 Revert "RPM package and systemd service file fixes (for CentOS 8)" 2021-08-16 16:06:34 +05:00
Ilya Shipitsin d061abae8f Merge PR #1454: Merge pull request #1454 from SoftEtherVPN/dependabot/npm_and_yarn/developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-nodejs-package/path-parse-1.0.7 
Bump path-parse from 1.0.6 to 1.0.7 in /developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-nodejs-package
 2021-08-16 11:33:54 +05:00
dependabot[bot] 888cf188bb Bump path-parse 
Bumps [path-parse](https://github.com/jbgutierrez/path-parse) from 1.0.6 to 1.0.7.
- [Release notes](https://github.com/jbgutierrez/path-parse/releases)
- [Commits](https://github.com/jbgutierrez/path-parse/commits/v1.0.7)

---
updated-dependencies:
- dependency-name: path-parse
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-08-16 06:32:50 +00:00
Ilya Shipitsin fbdd6f1f3c Merge pull request #1453 from SoftEtherVPN/dependabot/npm_and_yarn/src/bin/hamcore/wwwroot/admin/default/path-parse-1.0.7 
Merge PR #1453: Bump path-parse from 1.0.6 to 1.0.7 in /src/bin/hamcore/wwwroot/admin/default
 2021-08-16 11:32:13 +05:00
Ilya Shipitsin 024b68120d Merge pull request #1402 from stevemuskiewicz/sm/rpm-pkg-fixes 
Merge PR #1402: RPM package and systemd service file fixes (for CentOS 8)
 2021-08-16 11:31:13 +05:00
dependabot[bot] 2d00ab7dcc Bump path-parse in /src/bin/hamcore/wwwroot/admin/default 
Bumps [path-parse](https://github.com/jbgutierrez/path-parse) from 1.0.6 to 1.0.7.
- [Release notes](https://github.com/jbgutierrez/path-parse/releases)
- [Commits](https://github.com/jbgutierrez/path-parse/commits/v1.0.7)

---
updated-dependencies:
- dependency-name: path-parse
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-08-11 02:56:38 +00:00
Ilya Shipitsin 51a3346f70 Merge pull request #1451 from davidebeatrici/blake2-have-sse2-manual-definition 
CMake: Fix BLAKE2 build failure with MSVC due to it not defining __SSE2__
 2021-08-11 07:51:12 +05:00
Davide Beatrici 7f8e527883 CMake: Fix BLAKE2 build failure with MSVC due to it not defining __SSE2__ 2021-08-10 22:58:28 +02:00
Davide Beatrici 832c69add2 Merge PR #1449: CMake: Add build time check for EVP_PKEY_get_raw_public_key() availability 2021-08-09 04:41:54 +02:00
Davide Beatrici ffc095f95a CMake: Add build time check for EVP_PKEY_get_raw_public_key() availability 
We need the function since 9dbbfcd388, but unfortunately it's not provided by LibreSSL.

By introducing a build time check we inform the user about the issue explicitly instead of just letting compilation fail.
 2021-08-08 19:29:32 +02:00
Ilya Shipitsin b6d31af188 Merge pull request #1448 from neheb/eng 
fix compilation without OpenSSL engines
 2021-08-08 08:38:02 +05:00
Rosen Penev ee3bf7f507 fix compilation without OpenSSL engines 
Signed-off-by: Rosen Penev <rosenp@gmail.com>
 2021-08-07 20:05:04 -07:00
domosekai 9b3077d955 Store interface metric separately as it mau change 2021-08-02 16:18:37 +08:00
domosekai dd9c3546f7 Prevent IPv6 leak if only IPv4 default route is added 2021-08-02 16:18:37 +08:00
domosekai 4ddf39e760 Remove obsolete Win32 functions 2021-08-02 16:18:37 +08:00
domosekai ce0591d924 Add IPv6 route management for Windows client 2021-08-02 16:18:36 +08:00
Ilya Shipitsin 5a05e7a249 Merge pull request #1447 from chipitsine/drop_libressl_ci 
CI: cirrus: drop LibreSSL builds
 2021-08-01 21:39:17 +05:00
Ilya Shipitcin c3573561ed CI: cirrus: drop LibreSSL builds 
starting with 9dbbfcd388 we only support
OpenSSL-1.1.1, no LibreSSL for now. Let us drop LibreSSL builds for the
sake of simplicity
 2021-08-01 21:08:34 +05:00
Davide Beatrici 97a04888b7 Merge PR #1445: src/Cedar/SW.c: treat "0" build as legitimate 2021-08-01 12:42:43 +02:00
Ilya Shipitcin 37b5644291 src/Cedar/SW.c: treat "0" build as legitimate 
installers built for PR have "0" build. let us treat them as legitimate
 2021-08-01 12:26:51 +05:00
Davide Beatrici 101d79d7c3 Merge PR #1441: Mayaqua/Network.c: Fix race condition in TUBE operation 2021-07-23 19:42:13 +02:00
domosekai 9182a9b4e9 Mayaqua/Network.c: Fix race condition in TUBE operation 2021-07-22 11:59:15 +00:00
Davide Beatrici bf14817f1f Merge PR #1434: Cedar/Proto_PPP.c: Fix memory leak in EAP-MSCHAPv2 2021-07-21 23:54:59 +02:00
domosekai 8b87c9d4ef Cedar/Proto_PPP.c: Fix memory leak in EAP-MSCHAPv2 
Fixes: #1420 (Implement EAP-MSCHAPv2)
 2021-07-21 11:16:35 +00:00
domosekai 2761c1ca42 Support user-specified server trust chain 2021-07-21 07:02:42 +00:00
Yihong Wu 1f40de2dda README.md: Add me to members 2021-07-16 15:46:53 +08:00
Ilya Shipitsin ddf9e48c10 Merge pull request #1432 from domosekai/route 
Mayaqua/TcpIp.c: Fix building DHCP static routes in new format
 2021-07-14 17:41:01 +05:00
domosekai 1bb01e55e5 Mayaqua/TcpIp.c: Fix building DHCP static routes in new format 
Fixes: 1708998 (Change IP structure so that IPv4 addresses are stored in RFC3493 format)
 2021-07-14 08:11:05 +00:00
Ilya Shipitsin b531d8e234 Merge pull request #1429 from metalefty/typo 
Fix typo, fix case, and trivial translations
 2021-07-13 14:57:34 +05:00
Koichiro IWAO fce3592917 hamcore(ja,tw,cn): translate "Authentication" 
appeared in "OpenSSL Engine Authorization"
 2021-07-13 18:44:42 +09:00
Koichiro IWAO 410b7a959d Fix case of OpenSSL 2021-07-13 18:41:41 +09:00
Koichiro IWAO 1590e6afb3 Fix typo s/has beens/has been/g 2021-07-13 18:15:09 +09:00
Davide Beatrici 996f2f2aa0 Merge PR #1427: Cedar/IPC.c: Add hub release in NewIPC() 2021-07-12 23:20:53 +02:00
domosekai 7863ce8a8e Cedar/IPC.c: Add hub release in NewIPC() 2021-07-12 08:37:12 +00:00
Davide Beatrici 26a27553b2 Merge PR #1426: Mayaqua/Network.c: Create UDP listener for every interface if ListenIP is wildcard 2021-07-11 21:35:01 +02:00
domosekai a1dff0f594 Mayaqua/Network.c: Create UDP listener for every interface if ListenIP is wildcard 2021-07-11 16:15:29 +00:00
Ilya Shipitsin 7881f8657a Merge pull request #1420 from domosekai/eap 
Implement EAP-MSCHAPv2
 2021-07-10 23:27:10 +05:00
Ilya Shipitsin bd501ba9bf Merge pull request #1422 from domosekai/timeout 
Fix use-after-free timeout issue for L2TP and SSTP
 2021-07-10 22:34:57 +05:00
domosekai dfb105c2d7 Fix use-after-free timeout issue for L2TP and SSTP 2021-07-10 16:07:09 +00:00
domosekai 66dc5ee581 Cedar/Radius.c: Fix EAP Message buffer overflow 2021-07-10 08:15:03 +00:00
domosekai 56bd9733d6 Cedar/Proto_PPP.c: Use unified format for negative condition 2021-07-10 05:30:06 +00:00
domosekai eff784b624 Improve EAP behavior with RADIUS 2021-07-10 05:29:23 +00:00
domosekai 22a9231c33 Implement EAP-MSCHAPv2 2021-07-08 14:26:31 +00:00
Davide Beatrici a2f30c8aad Merge PR #1417: Mayaqua/Network.c: Fix L2TP/IPsec over IPv6 when listening on :: 2021-07-07 20:31:49 +02:00
domosekai 41b9973c24 Mayaqua/Network.c: Fix L2TP/IPsec over IPv6 when listening on :: 2021-07-07 17:37:06 +00:00
Ilya Shipitsin 60db1962f9 Merge pull request #1416 from domosekai/listener 
Fix TCP and UDP listener behavior
 2021-07-07 16:08:05 +05:00
domosekai 6e400c19af Fix TCP and UDP listener behavior 2021-07-07 10:50:23 +00:00
Ilya Shipitsin f2466eb919 Merge pull request #1415 from davidebeatrici/vpncmd-wireguard-keys 
Cedar/Command: Add GenX25519 and GetPublicX25519 commands
 2021-07-07 13:04:13 +05:00
Davide Beatrici c310163244 Cedar/Command: Add GenX25519 and GetPublicX25519 commands 
GenX25519 command - Create new X25519 keypair
Help for command "GenX25519"

Purpose:
  Create new X25519 keypair

Description:
  Use this to create a new X25519 keypair, which can be used for WireGuard.
  Both the private and public key will be shown.
  The public key can be shared and is used to identify a peer.
  Also, it can always be retrieved from the private key using the GetPublicX25519 command.
  The private key should be kept in a secure place and never be shared.
  It cannot be recovered once lost.

Usage:
  GenX25519

==========================================================================================

GetPublicX25519 command - Retrieve public X25519 key from a private one
Help for command "GetPublicX25519"

Purpose:
  Retrieve public X25519 key from a private one

Description:
  Use this if you have a private X25519 key and want to get its corresponding public key.

Usage:
  GetPublicX25519 [private]

Parameters:
  private - The private X25519 key you want to get the corresponding public key of.
 2021-07-07 08:43:41 +02:00
Davide Beatrici 9dbbfcd388 Mayaqua: Add new cryptographic functions for X25519/X448 keys management 
The files are created in a new folder to keep the source tree tidier.

Please note that only X25519/X448 keys are supported due to an OpenSSL limitation:
https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_new.html

We have functions that handle AES keys in Encrypt.c/.h.
Ideally we should move them into the new files.
 2021-07-07 08:11:08 +02:00
Davide Beatrici 4328e6e5ab CMake: Link Cedar to Mayaqua directly 
It's Cedar itself that depends on Mayaqua, not the executables.
 2021-07-07 08:08:12 +02:00
Davide Beatrici 505c854303 Merge PR #1414: Mayaqua/Network.c: Use int as boolean flags for socket options 2021-07-07 06:35:50 +02:00
domosekai 4efed994dc Mayaqua/Network.c: Use int as boolean flags for socket options 2021-07-07 03:07:06 +00:00
Davide Beatrici 513ad6e792 Merge PR #1410: Mayaqua/DNS.c: Fix DNS resolution in dual stack environment 2021-07-05 20:23:09 +02:00
Davide Beatrici 0d5b05ef02 Merge PR #1411: Cedar/Protocol.c: Use real server IP in creating node info under direct mode 2021-07-05 20:15:29 +02:00
domosekai bcba88ca73 Cedar/Protocol.c: Use real server IP in creating node info under direct mode 2021-07-05 12:17:57 +00:00
domosekai 883d4d4cd7 Mayaqua/DNS.c: Fix DNS resolution in dual stack environment 2021-07-05 11:10:03 +00:00
Davide Beatrici 4eae5820f6 Merge PR #1407: Cedar/Connection.c: Fix buffer overflow when inserting NAT-T information 2021-07-04 08:45:27 +02:00
domosekai f6adcd6bfc Cedar/Connection.c: Fix buffer overflow when inserting NAT-T information 2021-07-04 05:53:24 +00:00
Davide Beatrici dc296f1eff Merge PR #1406: Add WireGuard mention to README.md 2021-07-03 23:16:31 +02:00
David Refoua 43f8b5fc56 mention WireGuard on the README.md 
Now that SoftEther officially support WireGuard, it can also be mentioned on the README page.
 2021-07-04 01:07:55 +04:30
Ilya Shipitsin 08905e57a6 Merge pull request #1404 from davidebeatrici/base64-revamp 
Refactor Base64 functions, encode/decode using OpenSSL's EVP interface
 2021-07-02 13:23:10 +05:00
Davide Beatrici 233e28f38c Refactor Base64 functions, encode/decode using OpenSSL's EVP interface 
Our own implementation works fine, however we should use OpenSSL's one since we already link to the library.

Base64Decode() and Base64Encode() return the required buffer size when "dst" is NULL.

This allows to efficiently allocate a buffer, without wasting memory or risking an overflow.

Base64FromBin() and Base64ToBin() perform all steps, returning a heap-allocated buffer with the data in it.
 2021-07-02 09:24:41 +02:00
Steve Muskiewicz 8798978951 move CPACK_RPM_EXCLUDE_FROM_AUTO_FILELIST_ADDITION list appends inside RPM generator if block 2021-06-30 15:00:05 -04:00
Steve Muskiewicz af84a30adc Update softether-vpnserver.service files: 
* change `ReadOnlyDirectories` -> `ReadOnlyPaths` and `ReadWriteDirectories` -> `ReadWritePaths`

 * add `ReadWritePaths` for other necessary directories (this should address #1111)
 2021-06-30 11:48:45 -04:00
Steve Muskiewicz b64c15b097 Fixes for RPM packaging issues (on CentOS 8): 
* add "common" package provides for `libcedar.so()(64bit)` to allow `softether-vpnserver` package to install properly

* exclude `/lib/systemd/system` paths from RPM package file listing to prevent file conflicts when installing RPM (these paths already are "owned" by the systemd RPM)
 2021-06-30 11:43:58 -04:00
Ilya Shipitsin 03d67fd5b1 Merge pull request #1401 from davidebeatrici/admin-proto-alog-fix 
Use "%S" instead of "%s" for LA_SET_PORTS_UDP and LA_SET_PROTO_OPTIONS
 2021-06-27 22:24:42 +03:00
Davide Beatrici 46ca5f7b98 Use "%S" instead of "%s" for LA_SET_PORTS_UDP and LA_SET_PROTO_OPTIONS 
Turns out %S refers to ANSI/UTF-8 and %s to UTF-16.

This commit fixes a buffer overflow reported by AddressSanitizer and removes an unnecessary conversion to UTF-16.
 2021-06-27 21:08:26 +02:00
Ilya Shipitsin ce6ea9f781 Merge pull request #1400 from davidebeatrici/remove-hardcoded-build-number-checks 
Remove obsolete hardcoded build number checks
 2021-06-27 13:42:57 +03:00
Davide Beatrici 4221579e95 Remove obsolete hardcoded build number checks 
The open-source project began with version 1.00, build 9022.

With the exception of an informative message fallback for builds older than 9428 (2014), all checks were for closed-source builds.
 2021-06-27 07:21:06 +02:00
domosekai 65bcbc8db3 Mayaqua/Network.c: Fix EAP-TLS chain certificate verification 2021-06-21 14:41:22 +00:00
187 changed files with 16884 additions and 14872 deletions
Expand all files Collapse all files
.appveyor.yml
-40
View File
@@ -1,40 +0,0 @@
version: '{build}'
image: Ubuntu1804
configuration: Release
skip_branch_with_pr: true
clone_depth: 1
skip_commits:
files:
- .travis.yml
- .gitlab-ci.yml
- .azure-pipelines.yml
- .cirrus.yml
init:
- ps: Update-AppveyorBuild -Version "build-$env:APPVEYOR_BUILD_NUMBER-$($env:APPVEYOR_REPO_COMMIT.substring(0,7))"
install:
- sudo apt-get -y install libsodium-dev
before_build:
- sh: "if [ ${APPVEYOR_REPO_TAG} == \"true\" ]; then .ci/appveyor-create-release-tarball.sh\nfi"
- git submodule update --init --recursive
- ./configure
build_script:
- make package -C build -j $(nproc || sysctl -n hw.ncpu || echo 4)
- .ci/memory-leak-test.sh
test_script:
- .ci/appveyor-deb-install-test.sh
- sudo apt-get update && sudo apt-get -y install autoconf libtool liblzo2-dev libpam-dev fping unzip liblz4-dev # openvpn build deps
- sudo .ci/start-se-openvpn.sh
- sudo .ci/run-openvpn-tests.sh
deploy:
description: 'automatic release'
provider: GitHub
auth_token: $(github_token)
on:
APPVEYOR_REPO_TAG: true
.azure-pipelines.yml
-4
View File
@@ -1,4 +0,0 @@
jobs:
- template: .ci/azure-pipelines/linux.yml
- template: .ci/azure-pipelines/windows.yml
- template: .ci/azure-pipelines/macos.yml
.ci/appveyor-create-release-tarball.sh
-7
View File
@@ -1,7 +0,0 @@
#!/bin/bash
set -eux
tar --exclude=.git --transform "s//SoftEtherVPN-${APPVEYOR_REPO_TAG_NAME}\//" -czf /tmp/softether-vpn-src-${APPVEYOR_REPO_TAG_NAME}.tar.gz .
appveyor PushArtifact /tmp/softether-vpn-src-${APPVEYOR_REPO_TAG_NAME}.tar.gz
.ci/azure-pipelines/linux.yml
-17
View File
@@ -1,17 +0,0 @@
jobs:
- job: Ubuntu_x64
pool:
vmImage: ubuntu-18.04
steps:
- script: sudo apt update && sudo apt-get -y install cmake gcc g++ ninja-build libncurses5-dev libreadline-dev libsodium-dev libssl-dev make zlib1g-dev liblz4-dev
displayName: 'Prepare environment'
- script: "$(Build.SourcesDirectory)/.ci/azure-pipelines/linux_build.sh"
env:
SE_BUILD_NUMBER_TOKEN: $(BUILD_NUMBER_TOKEN)
displayName: 'Build'
- script: |
.ci/appveyor-deb-install-test.sh
sudo apt-get -y install autoconf libtool liblzo2-dev libpam-dev fping unzip # To build OpenVPN
sudo BUILD_BINARIESDIRECTORY=$BUILD_BINARIESDIRECTORY .ci/start-se-openvpn.sh
sudo BUILD_BINARIESDIRECTORY=$BUILD_BINARIESDIRECTORY .ci/run-openvpn-tests.sh
displayName: 'Test'
.ci/azure-pipelines/linux_build.sh
-15
View File
@@ -1,15 +0,0 @@
#!/bin/bash
if [[ "${#SE_BUILD_NUMBER_TOKEN}" -eq 64 ]]; then
VERSION=$(python3 "version.py")
BUILD_NUMBER=$(curl "https://softether.network/get-build-number?commit=${BUILD_SOURCEVERSION}&version=${VERSION}&token=${SE_BUILD_NUMBER_TOKEN}")
else
BUILD_NUMBER=0
fi
cd ${BUILD_BINARIESDIRECTORY}
cmake -G "Ninja" -DCMAKE_BUILD_TYPE=RelWithDebInfo -DBUILD_NUMBER=${BUILD_NUMBER} ${BUILD_SOURCESDIRECTORY}
cmake --build .
cpack -C Release -G DEB
.ci/azure-pipelines/macos.yml
-11
View File
@@ -1,11 +0,0 @@
jobs:
- job: macOS
pool:
vmImage: macOS-latest
steps:
- script: brew install pkg-config cmake ninja ncurses readline libsodium openssl zlib
displayName: 'Prepare environment'
- script: '$(Build.SourcesDirectory)/.ci/azure-pipelines/macos_build.sh'
env:
SE_BUILD_NUMBER_TOKEN: $(BUILD_NUMBER_TOKEN)
displayName: 'Build'
.ci/azure-pipelines/macos_build.sh
-13
View File
@@ -1,13 +0,0 @@
#!/bin/bash
if [[ "${#SE_BUILD_NUMBER_TOKEN}" -eq 64 ]]; then
VERSION=$(python3 "version.py")
BUILD_NUMBER=$(curl "https://softether.network/get-build-number?commit=${BUILD_SOURCEVERSION}&version=${VERSION}&token=${SE_BUILD_NUMBER_TOKEN}")
else
BUILD_NUMBER=0
fi
cd ${BUILD_BINARIESDIRECTORY}
cmake -G "Ninja" -DCMAKE_BUILD_TYPE=RelWithDebInfo -DBUILD_NUMBER=${BUILD_NUMBER} -DOPENSSL_ROOT_DIR="/usr/local/opt/openssl" ${BUILD_SOURCESDIRECTORY}
cmake --build .
.ci/azure-pipelines/windows-steps.yml
-45
View File
@@ -1,45 +0,0 @@
parameters:
- name: architecture
type: string
- name: compilerPath
type: string
- name: vcpkgTriplet
type: string
- name: vcvarsPath
type: string
steps:
- task: Cache@2
inputs:
key: '"vcpkg-installed-windows-${{parameters.architecture}}"'
path: 'C:/vcpkg/installed'
displayName: 'Environment storage'
- script: |
vcpkg install libsodium openssl zlib --triplet ${{parameters.vcpkgTriplet}}
workingDirectory: C:/vcpkg
displayName: 'Prepare environment'
- script: '$(Build.SourcesDirectory)/.ci/azure-pipelines/windows_build.bat'
env:
ARCHITECTURE: ${{parameters.architecture}}
COMPILER_PATH: ${{parameters.compilerPath}}
VCPKG_TRIPLET: ${{parameters.vcpkgTriplet}}
VCVARS_PATH: ${{parameters.vcvarsPath}}
SE_BUILD_NUMBER_TOKEN: $(BUILD_NUMBER_TOKEN)
displayName: 'Build'
- powershell: |
. .ci/appveyor-vpntest.ps1
displayName: 'Test'
- task: CopyFiles@2
inputs:
sourceFolder: '$(Build.BinariesDirectory)'
contents: '?(*.exe|*.se2|*.pdb)'
TargetFolder: '$(Build.StagingDirectory)/binaries'
flattenFolders: true
- task: PublishBuildArtifacts@1
inputs:
pathtoPublish: '$(Build.StagingDirectory)/binaries'
artifactName: 'Binaries'
- task: PublishBuildArtifacts@1
inputs:
pathtoPublish: '$(Build.StagingDirectory)/installers'
artifactName: 'Installers'
.ci/azure-pipelines/windows.yml
-21
View File
@@ -1,21 +0,0 @@
jobs:
- job: Windows_x64
pool:
vmImage: windows-latest
steps:
- template: "windows-steps.yml"
parameters:
architecture: "x64"
compilerPath: "C:/Program Files (x86)/Microsoft Visual Studio/2019/Enterprise/VC/Tools/Llvm/x64/bin/clang-cl.exe"
vcpkgTriplet: "x64-windows-static-md"
vcvarsPath: "C:/Program Files (x86)/Microsoft Visual Studio/2019/Enterprise/VC/Auxiliary/Build/vcvars64.bat"
- job: Windows_x86
pool:
vmImage: windows-latest
steps:
- template: "windows-steps.yml"
parameters:
architecture: "x86"
compilerPath: "C:/Program Files (x86)/Microsoft Visual Studio/2019/Enterprise/VC/Tools/Llvm/bin/clang-cl.exe"
vcpkgTriplet: "x86-windows-static-md"
vcvarsPath: "C:/Program Files (x86)/Microsoft Visual Studio/2019/Enterprise/VC/Auxiliary/Build/vcvarsamd64_x86.bat"
.ci/azure-pipelines/windows_build.bat
-26
View File
@@ -1,26 +0,0 @@
@echo on
:: The method we use to store a command's output into a variable:
:: https://stackoverflow.com/a/6362922
for /f "tokens=* USEBACKQ" %%g in (`python "version.py"`) do (set "VERSION=%%g")
:: https://stackoverflow.com/a/8566001
echo %SE_BUILD_NUMBER_TOKEN%> "%tmp%\length.txt"
for %%? in ("%tmp%\length.txt") do ( set /A SE_BUILD_NUMBER_TOKEN_LENGTH=%%~z? - 2 )
if %SE_BUILD_NUMBER_TOKEN_LENGTH% equ 64 (
for /f "tokens=* USEBACKQ" %%g in (`curl "https://softether.network/get-build-number?commit=%BUILD_SOURCEVERSION%&version=%VERSION%&token=%SE_BUILD_NUMBER_TOKEN%"`) do (set "BUILD_NUMBER=%%g")
) else (
set BUILD_NUMBER=0
)
cd %BUILD_BINARIESDIRECTORY%
call "%VCVARS_PATH%"
cmake -G "Ninja" -DCMAKE_TOOLCHAIN_FILE="C:\vcpkg\scripts\buildsystems\vcpkg.cmake" -DVCPKG_TARGET_TRIPLET=%VCPKG_TRIPLET% -DCMAKE_BUILD_TYPE=RelWithDebInfo -DCMAKE_C_COMPILER="%COMPILER_PATH%" -DCMAKE_CXX_COMPILER="%COMPILER_PATH%" -DBUILD_NUMBER=%BUILD_NUMBER% "%BUILD_SOURCESDIRECTORY%"
cmake --build .
mkdir "%BUILD_STAGINGDIRECTORY%\installers"
vpnsetup /SFXMODE:vpnclient /SFXOUT:"%BUILD_STAGINGDIRECTORY%\installers\softether-vpnclient-%VERSION%.%BUILD_NUMBER%.%ARCHITECTURE%.exe"
vpnsetup /SFXMODE:vpnserver_vpnbridge /SFXOUT:"%BUILD_STAGINGDIRECTORY%\installers\softether-vpnserver_vpnbridge-%VERSION%.%BUILD_NUMBER%.%ARCHITECTURE%.exe"
.ci/run-openvpn-tests.sh
+3 -1
View File
@@ -21,7 +21,7 @@ cat << EOF > tests/t_client.rc
CA_CERT=fake
TEST_RUN_LIST="1 2"
OPENVPN_BASE="--remote 127.0.0.1 --config $CONFIG --auth-user-pass /tmp/auth.txt"
OPENVPN_BASE="--config $CONFIG --auth-user-pass /tmp/auth.txt"
RUN_TITLE_1="testing udp/ipv4"
OPENVPN_CONF_1="--dev null --proto udp --port 1194 \$OPENVPN_BASE"
@@ -30,4 +30,6 @@ RUN_TITLE_2="testing tcp/ipv4"
OPENVPN_CONF_2="--dev null --proto tcp --port 1194 \$OPENVPN_BASE"
EOF
sed -i 's/^remote.*$/remote 127.0.0.1 1194/g' /tmp/*l3*ovpn
make test_scripts=t_client.sh check
.cirrus.yml
+4 -4
View File
@@ -2,16 +2,16 @@ FreeBSD_task:
matrix:
env:
SSL: openssl
OPENSSL_ROOT_DIR: /usr/local
env:
SSL: libressl
env:
SSL: libressl-devel
SSL: openssl32
OPENSSL_ROOT_DIR: /usr/local
env:
# base openssl
SSL:
matrix:
freebsd_instance:
image_family: freebsd-12-1
image_family: freebsd-14-0
prepare_script:
- pkg install -y pkgconf cmake git libsodium $SSL
- git submodule update --init --recursive
.github/ISSUE_TEMPLATE.md
-47
View File
@@ -1,47 +0,0 @@
Hi, there!
Thank you for using SoftEther.
Before you submit an issue, please read the following:
Is this a question?
- If the answer is "yes", then please ask your question on [www.vpnusers.com](http://www.vpnusers.com).
The issue section on GitHub is reserved for bugs and feature requests.
- If the answer is "no", please read the following:
We provide a template which is specifically made for bug reports, in order to be sure that the report includes enough details to be helpful.
Please use or adapt it as needed.
---
### Prerequisites
* [ ] Can you reproduce?
* [ ] Are you running the latest version of SoftEtherVPN?
**SoftEther version:**
**Component:** [Server, Client, Bridge, etc.]
**Operating system:** [Windows, Linux, BSD, macOS, etc.]
**Architecture:** [64 bit, 32 bit]
[In case it's a computer with known specs, such as the Raspberry Pi, you can specify it omitting the details.]
**Processor:** [Specify brand and model. Example: AMD Ryzen 7 1800x]
### Description
[Description of the bug]
**Expected behavior:**
[What you expected to happen]
**Actual behavior:**
[What actually happened]
### Steps to reproduce
1. [First step]
2. [Second step]
3. [And so on...]
.github/ISSUE_TEMPLATE/bug_report_or_issue_report.yml
+87
View File
@@ -0,0 +1,87 @@
name: Bug Report or Issue Report
description: File a bug report or an issue report
labels: "needs-triage"
body:
- type: markdown
attributes:
value: |
Thanks for taking the time to fill out this bug report!
We provide a template which is specifically made for bug reports, to be sure that the report includes enough details to be helpful.
- type: checkboxes
attributes:
label: Are you using SoftEther VPN 5.x?
description: |
This issue tracker is for SoftEther VPN Developer Edition versioned 5.x.
Please report issues about SoftEther VPN Stable Edition versioned 4.x through the correct path.
See also [the top of the issue tracker](https://github.com/SoftEtherVPN/SoftEtherVPN/issues/new/choose).
options:
- label: Yes, I'm using SoftEther VPN 5.x, not 4.x.
required: true
- type: input
attributes:
label: Version
description: |
The exact version you are using.
It would be very nice if you let us know version tag or commit hash.
placeholder: "5.02.5180 / 09b7e4f / 5.01.9674+git20200806+8181039+dfsg2-2build1"
- type: dropdown
attributes:
label: Component
description: Which component did you encounter an issue with?
multiple: true
options:
- VPN Server
- VPN Bridge
- VPN Client
- VPN Tools
- Other
validations:
required: true
- type: input
attributes:
label: Operating system & version
placeholder: "Windows 11 Pro 23H2 / Ubuntu 22.04 / FreeBSD 14.0 / macOS Sonoma / Independent"
description: |
Let us know about your operating system and version.
validations:
required: true
- type: input
attributes:
label: Architecture or Hardware model
placeholder: "amd64 / aarch64 / Raspberry Pi 4B+ / Apple M2"
description: |
Necessary if your issue is architecture-specific.
- type: textarea
attributes:
label: Steps to reproduce
placeholder: Having detailed steps helps us reproduce the bug.
validations:
required: true
- type: textarea
attributes:
label: ✔️ Expected Behavior
placeholder: What do you expect to happen?
validations:
required: false
- type: textarea
attributes:
label: ❌ Actual Behavior
placeholder: What happened actually?
validations:
required: false
- type: textarea
attributes:
label: Anything else?
description: |
Links? References?
Anything that will give us more context about the issue you are encountering!
.github/ISSUE_TEMPLATE/config.yml
+8
View File
@@ -0,0 +1,8 @@
contact_links:
- name: Are you using SoftEther VPN 4.x?
about: This repository is for SoftEther VPN 5.x Developer Edition, developed independently from SoftEther VPN 4.x. Visit vpnusers.com if you would like to report issues or ask questions about version 4.x!
url: https://www.vpnusers.com/
- name: Questions about SoftEtherVPN 5.x
about: Visit Discussions to ask community to help.
url: https://github.com/SoftEtherVPN/SoftEtherVPN/discussions/new?category=q-a
.github/workflows/build_source_release.yml
+1 -1
View File
@@ -26,7 +26,7 @@ jobs:
mv /tmp/$PKGNAME .
TARBALL=$PKGNAME.tar.xz
tar cJf $TARBALL $PKGNAME
echo "::set-output name=tarball::$TARBALL"
echo "tarball=$TARBALL" >> $GITHUB_OUTPUT
- name: upload tarball
uses: actions/upload-release-asset@v1
.github/workflows/coverity.yml
+23 -10
View File
@@ -5,16 +5,13 @@ on:
schedule:
- cron: "0 0 * * *"
permissions:
contents: read
jobs:
scan:
runs-on: ubuntu-latest
if: ${{ github.repository_owner == 'SoftEtherVPN' }}
env:
COVERITY_SCAN_PROJECT_NAME: 'SoftEtherVPN/SoftEtherVPN'
COVERITY_SCAN_BRANCH_PATTERN: '*'
COVERITY_SCAN_NOTIFICATION_EMAIL: 'chipitsine@gmail.com'
COVERITY_SCAN_BUILD_COMMAND_PREPEND: "./configure"
COVERITY_SCAN_BUILD_COMMAND: "make -C build"
steps:
- uses: actions/checkout@v2
with:
@@ -23,8 +20,24 @@ jobs:
run: |
sudo apt-get update
sudo apt-get install -y cmake gcc g++ libncurses5-dev libreadline-dev libssl-dev make zlib1g-dev libsodium-dev
- name: Run Coverity Scan
env:
COVERITY_SCAN_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
- name: Download Coverity build tool
run: |
curl -fsSL "https://scan.coverity.com/scripts/travisci_build_coverity_scan.sh" | bash || true
wget -c -N https://scan.coverity.com/download/linux64 --post-data "token=${{ secrets.COVERITY_SCAN_TOKEN }}&project=SoftEtherVPN%2FSoftEtherVPN" -O coverity_tool.tar.gz
mkdir coverity_tool
tar xzf coverity_tool.tar.gz --strip 1 -C coverity_tool
- name: Configure
run: |
./configure
- name: Build with Coverity build tool
run: |
export PATH=`pwd`/coverity_tool/bin:$PATH
cov-build --dir cov-int make -C build
- name: Submit build result to Coverity Scan
run: |
tar czvf cov.tar.gz cov-int
curl --form token=${{ secrets.COVERITY_SCAN_TOKEN }} \
--form email=chipitsine@gmail.com \
--form file=@cov.tar.gz \
--form version="Commit $GITHUB_SHA" \
--form description="Build submitted via CI" \
https://scan.coverity.com/builds?project=SoftEtherVPN%2FSoftEtherVPN
.github/workflows/fedora-rawhide.yml
+34
View File
@@ -0,0 +1,34 @@
name: Fedora/Rawhide
on:
schedule:
- cron: "0 0 25 * *"
push:
pull_request:
workflow_dispatch:
permissions:
contents: read
jobs:
build_and_test:
strategy:
matrix:
cc: [ gcc, clang ]
name: ${{ matrix.cc }}
runs-on: ubuntu-latest
container:
image: fedora:rawhide
steps:
- uses: actions/checkout@v1
with:
submodules: true
- name: Install dependencies
run: |
dnf -y install git cmake ncurses-devel openssl-devel-engine libsodium-devel readline-devel zlib-devel gcc-c++ clang
- name: Compile with ${{ matrix.cc }}
run: |
export CC=${{ matrix.cc }}
./configure
make -C build
.github/workflows/linux.yml
+41
View File
@@ -0,0 +1,41 @@
on: [push, pull_request]
permissions:
contents: read
jobs:
build_and_test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
submodules: true
- name: Install dependencies
run: sudo apt update && sudo apt-get -y install cmake gcc g++ ninja-build libncurses5-dev libreadline-dev libsodium-dev libssl-dev make zlib1g-dev liblz4-dev libnl-genl-3-dev
- name: Build
run: |
mkdir build
cd build
cmake -G "Ninja" -DCMAKE_BUILD_TYPE=RelWithDebInfo ..
cmake --build .
- name: Build deb packages
run: |
cd build
cpack -C Release -G DEB
- name: Upload DEB packages as artifacts
if: github.ref == 'refs/heads/master'
uses: actions/upload-artifact@v4
with:
name: deb-packages
path: build/*.deb
- name: Test
run: |
.ci/appveyor-deb-install-test.sh
sudo apt-get -y install autoconf libtool liblzo2-dev libpam-dev fping unzip libcap-ng-dev # To build OpenVPN
sudo .ci/start-se-openvpn.sh
sudo .ci/run-openvpn-tests.sh
.github/workflows/macos.yml
+28
View File
@@ -0,0 +1,28 @@
on: [push, pull_request, workflow_dispatch]
permissions:
contents: read
jobs:
build_and_test:
strategy:
matrix:
os: [macos-15, macos-14, macos-13]
name: ${{ matrix.os }}
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v1
with:
submodules: true
- name: Install dependencies
run: |
brew install libsodium
- name: Compile
run: |
./configure
make -C build
- name: Test
run: |
otool -L build/vpnserver
.ci/memory-leak-test.sh
.github/workflows/musl.yml
+23
View File
@@ -0,0 +1,23 @@
name: alpine/musl
on: [push, pull_request]
permissions:
contents: read
jobs:
musl:
name: gcc
runs-on: ubuntu-latest
container:
image: alpine:latest
steps:
- uses: actions/checkout@v1
with:
submodules: true
- name: Install dependencies
run: apk add binutils --no-cache build-base readline-dev openssl-dev ncurses-dev git cmake zlib-dev libsodium-dev gnu-libiconv
- name: Configure
run: ./configure
- name: make
run: make -C build
.github/workflows/stb_check.yml
+16
View File
@@ -0,0 +1,16 @@
on: [push, pull_request]
permissions:
contents: read
jobs:
check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
with:
submodules: true
- name: Check
run: |
cd developer_tools/stbchecker
dotnet run ../../src/bin/hamcore
.github/workflows/windows.yml
+63
View File
@@ -0,0 +1,63 @@
on: [push, pull_request]
permissions:
contents: read
jobs:
build_and_test:
strategy:
matrix:
platform: [
{ ARCHITECTURE: x86, COMPILER_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Tools/Llvm/bin/clang-cl.exe", VCPKG_TRIPLET: "x86-windows-static", VCVARS_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Auxiliary/Build/vcvars32.bat"},
{ ARCHITECTURE: x64, COMPILER_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Tools/Llvm/x64/bin/clang-cl.exe", VCPKG_TRIPLET: "x64-windows-static", VCVARS_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Auxiliary/Build/vcvars64.bat"}
]
runs-on: windows-latest
name: ${{ matrix.platform.ARCHITECTURE }}
steps:
- uses: actions/checkout@v4
with:
submodules: true
- name: Cache vcpkg
uses: actions/cache@v4
with:
path: 'build/vcpkg_installed/'
key: vcpkg-${{ matrix.platform.VCPKG_TRIPLET }}
- name: Set version variables
run: |
$v = python version.py
echo "VERSION=$v" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append
shell: pwsh
- name: Build
env:
ARCHITECTURE: ${{ matrix.platform.ARCHITECTURE }}
COMPILER_PATH: ${{ matrix.platform.COMPILER_PATH }}
VCPKG_TRIPLET: ${{ matrix.platform.VCPKG_TRIPLET }}
VCVARS_PATH: ${{ matrix.platform.VCVARS_PATH }}
run: |
set BUILD_NUMBER=0
mkdir build
cd build
call "%VCVARS_PATH%"
cmake -G "Ninja" -DCMAKE_TOOLCHAIN_FILE="C:\vcpkg\scripts\buildsystems\vcpkg.cmake" -DVCPKG_TARGET_TRIPLET=%VCPKG_TRIPLET% -DCMAKE_BUILD_TYPE=RelWithDebInfo -DCMAKE_C_COMPILER="%COMPILER_PATH%" -DCMAKE_CXX_COMPILER="%COMPILER_PATH%" -DBUILD_NUMBER=%BUILD_NUMBER% ..
cmake --build .
mkdir installers
vpnsetup /SFXMODE:vpnclient /SFXOUT:"installers\softether-vpnclient-%VERSION%.%BUILD_NUMBER%.%ARCHITECTURE%.exe"
vpnsetup /SFXMODE:vpnserver_vpnbridge /SFXOUT:"installers\softether-vpnserver_vpnbridge-%VERSION%.%BUILD_NUMBER%.%ARCHITECTURE%.exe"
shell: cmd
- name: Test
shell: powershell
run: |
. .ci/appveyor-vpntest.ps1
- uses: actions/upload-artifact@v4
with:
if-no-files-found: error
name: Binaries-${{ matrix.platform.ARCHITECTURE }}
path: |
build/*.exe
build/*.pdb
build/*.se2
- uses: actions/upload-artifact@v4
with:
if-no-files-found: error
name: Installers-${{ matrix.platform.ARCHITECTURE }}
path: build/installers
.github/workflows/windows_release.yml
+94
View File
@@ -0,0 +1,94 @@
name: "Release"
on:
push:
tags:
- '*'
concurrency:
group: "${{ github.workflow }}-${{ github.ref }}"
cancel-in-progress: true
permissions:
contents: write
jobs:
release:
runs-on: windows-latest
outputs:
upload_url: "${{ steps.create_release.outputs.upload_url }}"
steps:
- name: "Checkout repository"
uses: actions/checkout@v4
- name: "Create GitHub release"
id: create_release
uses: softprops/action-gh-release@v1
build-windows:
name: ${{ matrix.platform.ARCHITECTURE }}
runs-on: windows-latest
needs: ["release"]
strategy:
matrix:
platform: [
{ ARCHITECTURE: x86, COMPILER_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Tools/Llvm/bin/clang-cl.exe", VCPKG_TRIPLET: "x86-windows-static", VCVARS_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Auxiliary/Build/vcvars32.bat"},
{ ARCHITECTURE: x64, COMPILER_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Tools/Llvm/x64/bin/clang-cl.exe", VCPKG_TRIPLET: "x64-windows-static", VCVARS_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Auxiliary/Build/vcvars64.bat"}
]
steps:
- name: "Checkout repository"
uses: actions/checkout@v4
with:
submodules: true
- name: Cache vcpkg
uses: actions/cache@v4
with:
path: 'build/vcpkg_installed/'
key: vcpkg-release-${{ matrix.platform.VCPKG_TRIPLET }}
- name: Set version variables
run: |
$b=(Get-Content CMakeSettings.json | Out-String | ConvertFrom-Json).environments.BuildNumber
echo "BUILD_NUMBER=$b" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append
$v = python version.py
echo "VERSION=$v" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append
shell: pwsh
- name: Build
env:
ARCHITECTURE: ${{ matrix.platform.ARCHITECTURE }}
COMPILER_PATH: ${{ matrix.platform.COMPILER_PATH }}
VCPKG_TRIPLET: ${{ matrix.platform.VCPKG_TRIPLET }}
VCVARS_PATH: ${{ matrix.platform.VCVARS_PATH }}
run: |
mkdir build
cd build
call "%VCVARS_PATH%"
cmake -G "Ninja" -DCMAKE_TOOLCHAIN_FILE="C:\vcpkg\scripts\buildsystems\vcpkg.cmake" -DVCPKG_TARGET_TRIPLET=%VCPKG_TRIPLET% -DCMAKE_BUILD_TYPE=RelWithDebInfo -DCMAKE_C_COMPILER="%COMPILER_PATH%" -DCMAKE_CXX_COMPILER="%COMPILER_PATH%" -DBUILD_NUMBER=%BUILD_NUMBER% ..
cmake --build .
mkdir installers
vpnsetup /SFXMODE:vpnclient /SFXOUT:"installers\softether-vpnclient-%VERSION%.%BUILD_NUMBER%.%ARCHITECTURE%.exe"
vpnsetup /SFXMODE:vpnserver_vpnbridge /SFXOUT:"installers\softether-vpnserver_vpnbridge-%VERSION%.%BUILD_NUMBER%.%ARCHITECTURE%.exe"
shell: cmd
- name: dir
run: |
Get-ChildItem -Recurse build/installers
shell: pwsh
- name: "Upload softether-vpnclient"
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: "${{ github.token }}"
with:
upload_url: "${{ needs.release.outputs.upload_url }}"
asset_path: "build/installers/softether-vpnclient-${{ env.VERSION }}.${{ env.BUILD_NUMBER }}.${{ matrix.platform.ARCHITECTURE }}.exe"
asset_name: "softether-vpnclient-${{ env.VERSION }}.${{ env.BUILD_NUMBER }}.${{ matrix.platform.ARCHITECTURE }}.exe"
asset_content_type: "application/octet-stream"
- name: "Upload softether-vpnserver_vpnbridge"
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: "${{ github.token }}"
with:
upload_url: "${{ needs.release.outputs.upload_url }}"
asset_path: "build/installers/softether-vpnserver_vpnbridge-${{ env.VERSION }}.${{ env.BUILD_NUMBER }}.${{ matrix.platform.ARCHITECTURE }}.exe"
asset_name: "softether-vpnserver_vpnbridge-${{ env.VERSION }}.${{ env.BUILD_NUMBER }}.${{ matrix.platform.ARCHITECTURE }}.exe"
asset_content_type: "application/octet-stream"
.gitignore
+2 -1
View File
@@ -2,6 +2,7 @@
.cproject
.project
.settings/
.vs/
Makefile
/src/bin/*
!/src/bin/hamcore/
@@ -208,4 +209,4 @@ developer_tools/stbchecker/**/ASALocalRun/
developer_tools/stbchecker/**/*.binlog
developer_tools/stbchecker/**/*.nvuser
developer_tools/stbchecker/**/.mfractor/
/vcpkg_installed
.gitlab-ci.yml
-49
View File
@@ -1,32 +1,3 @@
.ubuntu: &ubuntu_def
variables:
CMAKE_VERSION: 3.9.6
except:
changes:
- .appveyor.yml
- .travis.yml
- .azure-pipelines.yml
- .cirrus.yml
before_script:
- REPOSITORY="$PWD" && cd ..
- apt-get update && apt-get install -y dpkg-dev wget g++ gcc libncurses5-dev libreadline-dev libsodium-dev libssl-dev make zlib1g-dev git file
- wget https://cmake.org/files/v${CMAKE_VERSION%.*}/cmake-${CMAKE_VERSION}.tar.gz && tar -xzf cmake-${CMAKE_VERSION}.tar.gz
- cd cmake-${CMAKE_VERSION} && ./bootstrap && make install
- cd "$REPOSITORY" && git submodule update --init --recursive
script:
- ./configure
- make package -C build
- dpkg -i build/softether-vpn*.deb
- .ci/memory-leak-test.sh
trusty:
<<: *ubuntu_def
image: ubuntu:trusty
precise:
<<: *ubuntu_def
image: ubuntu:precise
# illumos gitlab-runner maintained by @hww3
build_illumos:
only:
@@ -38,23 +9,3 @@ build_illumos:
- CMAKE_FLAGS="-DCMAKE_PREFIX_PATH=/opt/local -DCMAKE_CXX_FLAGS=-m64 -DCMAKE_C_FLAGS=-m64" ./configure
- gmake -C build
#
# flawfinder
# see https://docs.gitlab.com/ee/user/project/merge_requests/sast.html
#
sast:
image: docker:stable
variables:
DOCKER_DRIVER: overlay2
allow_failure: true
services:
- docker:stable-dind
script:
- export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')
- docker run
--env SAST_CONFIDENCE_LEVEL="${SAST_CONFIDENCE_LEVEL:-3}"
--volume "$PWD:/code"
--volume /var/run/docker.sock:/var/run/docker.sock
"registry.gitlab.com/gitlab-org/security-products/sast:$SP_VERSION" /app/bin/run /code
artifacts:
paths: [gl-sast-report.json]
.gitmodules
+6
View File
@@ -10,3 +10,9 @@
[submodule "src/libhamcore"]
path = src/libhamcore
url = https://github.com/SoftEtherVPN/libhamcore.git
[submodule "src/Mayaqua/3rdparty/oqs-provider"]
path = src/Mayaqua/3rdparty/oqs-provider
url = https://github.com/open-quantum-safe/oqs-provider.git
[submodule "src/Mayaqua/3rdparty/liboqs"]
path = src/Mayaqua/3rdparty/liboqs
url = https://github.com/open-quantum-safe/liboqs.git
.travis.yml
-19
View File
@@ -38,25 +38,6 @@ matrix:
before_install:
- sudo apt-get -y install libsodium-dev
- bash .ci/build-libressl.sh > build-deps.log 2>&1 || (cat build-deps.log && exit 1)
- env: LABEL="check stb files"
os: linux
language: csharp
mono: none
dotnet: 2.2.203
before_install:
- true
script:
- cd developer_tools/stbchecker
- dotnet run ../../src/bin/hamcore
- os: osx
compiler: clang
before_install:
- brew install libsodium
script:
- ./configure
- make -C build
- otool -L build/vpnserver
- .ci/memory-leak-test.sh
cache:
directories:
.vscode/settings.json
Vendored
+3
View File
@@ -0,0 +1,3 @@
{
"cmake.configureOnOpen": false
}
AUTHORS.TXT
+2
View File
@@ -52,6 +52,8 @@ DEVELOPMENT BOARD MEMBERS:
- Ilya Shipitsin
https://github.com/chipitsine
- Yihong Wu
https://github.com/domosekai
SPECIAL CONTRIBUTORS:
CMakeLists.txt
+19 -2
View File
@@ -1,9 +1,9 @@
cmake_minimum_required(VERSION 3.10)
cmake_minimum_required(VERSION 3.15)
set(BUILD_NUMBER CACHE STRING "The number of the current build.")
if ("${BUILD_NUMBER}" STREQUAL "")
set(BUILD_NUMBER "5180")
set(BUILD_NUMBER "5187")
endif()
if (BUILD_NUMBER LESS 5180)
@@ -13,6 +13,13 @@ if (BUILD_NUMBER LESS 5180)
"For detailed info: https://github.com/SoftEtherVPN/SoftEtherVPN/issues/1392#issuecomment-867348281")
endif()
#
# Link MSVC runtime statically
# this should be revisited after installer migration to MSI
#
cmake_policy(SET CMP0091 NEW)
set(CMAKE_MSVC_RUNTIME_LIBRARY "MultiThreaded$<$<CONFIG:Debug>:Debug>")
project("SoftEther VPN"
VERSION "5.02.${BUILD_NUMBER}"
LANGUAGES C
@@ -36,9 +43,19 @@ if(EXISTS "${TOP_DIRECTORY}/.git" AND NOT EXISTS "${TOP_DIRECTORY}/src/libhamcor
message (FATAL_ERROR "Submodules are not initialized. Run\n\tgit submodule update --init --recursive")
endif()
if(WIN32 AND VCPKG_TARGET_TRIPLET AND NOT DEFINED CMAKE_TOOLCHAIN_FILE)
message (FATAL_ERROR "vcpkg not installed or integrated with Visual Studio. Install it and run\n\tvcpkg integrate install")
endif()
if(UNIX)
include(GNUInstallDirs)
#
# use rpath for locating installed libraries
#
set(CMAKE_INSTALL_RPATH "${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_LIBDIR}")
set(CMAKE_INSTALL_RPATH_USE_LINK_PATH TRUE)
include(CheckIncludeFile)
Check_Include_File(sys/auxv.h HAVE_SYS_AUXV)
if(EXISTS "/lib/systemd/system")
CMakeSettings.json
+141
View File
@@ -0,0 +1,141 @@
{
"environments": [ { "BuildNumber": "5187" } ],
"configurations": [
{
"name": "x64-native",
"description": "Target x64 with 64-bit compiler",
"generator": "Ninja",
"configurationType": "RelWithDebInfo",
"inheritEnvironments": [ "clang_cl_x64_x64" ],
"buildRoot": "${projectDir}\\out\\build\\${name}",
"installRoot": "${projectDir}\\out\\install\\${name}",
"cmakeCommandArgs": "",
"buildCommandArgs": "",
"ctestCommandArgs": "",
"variables": [
{
"name": "BUILD_NUMBER",
"value": "${env.BuildNumber}",
"type": "STRING"
},
{
"name": "CMAKE_C_COMPILER",
"value": "${env.VCINSTALLDIR}Tools/Llvm/x64/bin/clang-cl.exe",
"type": "FILEPATH"
},
{
"name": "CMAKE_CXX_COMPILER",
"value": "${env.VCINSTALLDIR}Tools/Llvm/x64/bin/clang-cl.exe",
"type": "FILEPATH"
},
{
"name": "VCPKG_TARGET_TRIPLET",
"value": "x64-windows-static",
"type": "STRING"
}
]
},
{
"name": "x86-on-x64",
"description": "Target x86 with 64-bit compiler",
"generator": "Ninja",
"configurationType": "RelWithDebInfo",
"inheritEnvironments": [ "clang_cl_x86_x64" ],
"buildRoot": "${projectDir}\\out\\build\\${name}",
"installRoot": "${projectDir}\\out\\install\\${name}",
"cmakeCommandArgs": "",
"buildCommandArgs": "",
"ctestCommandArgs": "",
"variables": [
{
"name": "BUILD_NUMBER",
"value": "${env.BuildNumber}",
"type": "STRING"
},
{
"name": "CMAKE_C_COMPILER",
"value": "${env.VCINSTALLDIR}Tools/Llvm/x64/bin/clang-cl.exe",
"type": "FILEPATH"
},
{
"name": "CMAKE_CXX_COMPILER",
"value": "${env.VCINSTALLDIR}Tools/Llvm/x64/bin/clang-cl.exe",
"type": "FILEPATH"
},
{
"name": "VCPKG_TARGET_TRIPLET",
"value": "x86-windows-static",
"type": "STRING"
}
]
},
{
"name": "x64-on-x86",
"description": "Target x64 with 32-bit compiler",
"generator": "Ninja",
"configurationType": "RelWithDebInfo",
"inheritEnvironments": [ "clang_cl_x64" ],
"buildRoot": "${projectDir}\\out\\build\\${name}",
"installRoot": "${projectDir}\\out\\install\\${name}",
"cmakeCommandArgs": "",
"buildCommandArgs": "",
"ctestCommandArgs": "",
"variables": [
{
"name": "BUILD_NUMBER",
"value": "${env.BuildNumber}",
"type": "STRING"
},
{
"name": "CMAKE_C_COMPILER",
"value": "${env.VCINSTALLDIR}Tools/Llvm/bin/clang-cl.exe",
"type": "FILEPATH"
},
{
"name": "CMAKE_CXX_COMPILER",
"value": "${env.VCINSTALLDIR}Tools/Llvm/bin/clang-cl.exe",
"type": "FILEPATH"
},
{
"name": "VCPKG_TARGET_TRIPLET",
"value": "x64-windows-static",
"type": "STRING"
}
]
},
{
"name": "x86-native",
"description": "Target x86 with 32-bit compiler",
"generator": "Ninja",
"configurationType": "RelWithDebInfo",
"inheritEnvironments": [ "clang_cl_x86" ],
"buildRoot": "${projectDir}\\out\\build\\${name}",
"installRoot": "${projectDir}\\out\\install\\${name}",
"cmakeCommandArgs": "",
"buildCommandArgs": "",
"ctestCommandArgs": "",
"variables": [
{
"name": "BUILD_NUMBER",
"value": "${env.BuildNumber}",
"type": "STRING"
},
{
"name": "CMAKE_C_COMPILER",
"value": "${env.VCINSTALLDIR}Tools/Llvm/bin/clang-cl.exe",
"type": "FILEPATH"
},
{
"name": "CMAKE_CXX_COMPILER",
"value": "${env.VCINSTALLDIR}Tools/Llvm/bin/clang-cl.exe",
"type": "FILEPATH"
},
{
"name": "VCPKG_TARGET_TRIPLET",
"value": "x86-windows-static",
"type": "STRING"
}
]
}
]
}
FUNDING.yml
-1
View File
@@ -1,2 +1 @@
liberapay: softether
custom: https://salt.bountysource.com/teams/softether-vpn
README.md
+49 -21
View File
@@ -2,19 +2,17 @@
||Badges|
|---|---|
|AppVeyor|[![AppVeyor build status](https://ci.appveyor.com/api/projects/status/github/softethervpn/softethervpn?branch=master&svg=true)](https://ci.appveyor.com/project/softethervpn/softethervpn) |
|GitLab CI|[![GitLab CI build status](https://gitlab.com/SoftEther/SoftEtherVPN/badges/master/pipeline.svg)](https://gitlab.com/SoftEther/SoftEtherVPN/pipelines)|
|Coverity Scan|[![Coverity Scan build status](https://scan.coverity.com/projects/16304/badge.svg)](https://scan.coverity.com/projects/softethervpn-softethervpn)|
|Azure Pipelines|[![Azure Pipelines build status for Nightly](https://dev.azure.com/SoftEther-VPN/SoftEther%20VPN/_apis/build/status/6?api-version=6.0-preview.1)](https://dev.azure.com/SoftEther-VPN/SoftEther%20VPN/_build?definitionId=6)|
|Cirrus CI|[![Cirrus CI build status](https://api.cirrus-ci.com/github/SoftEtherVPN/SoftEtherVPN.svg)](https://cirrus-ci.com/github/SoftEtherVPN/SoftEtherVPN)|
- [SoftEther VPN](#softether-vpn)
- [BOARD MEMBERS OF THIS REPOSITORY](#board-members-of-this-repository)
- [SOFTETHER VPN ADVANTAGES](#softether-vpn-advantages)
- [Installation](#installation)
* [For Ubuntu](#for-ubuntu)
* [For FreeBSD](#for-freebsd)
* [From binary installers:](#from-binary-installers)
* [For Windows](#for-windows)
* [From binary installers (stable channel)](#from-binary-installers-stable-channel)
* [Build from Source code](#build-from-source-code)
- [About HTML5-based Modern Admin Console and JSON-RPC API Suite](#about-html5-based-modern-admin-console-and-json-rpc-api-suite)
* [Built-in SoftEther VPN Server HTML5 Ajax-based Web Administration Console](#built-in-softether-vpn-server-html5-ajax-based-web-administration-console)
@@ -34,6 +32,8 @@ Stable Edition is available on
https://github.com/SoftEtherVPN/SoftEtherVPN_Stable
which the non-developer user can stable use.
Please note that [some features](#comparison-with-stable-edition) are not available in Stable Edition.
Source code packages (.zip and .tar.gz) and binary files of Stable Edition are also available:
https://www.softether-download.com/
@@ -72,7 +72,7 @@ world's most powerful and easy-to-use multi-protocol VPN software.
SoftEther VPN runs on Windows, Linux, Mac, FreeBSD and Solaris.
SoftEther VPN supports most of widely-used VPN protocols
including SSL-VPN, OpenVPN, IPsec, L2TP, MS-SSTP, L2TPv3 and EtherIP
including SSL-VPN, WireGuard, OpenVPN, IPsec, L2TP, MS-SSTP, L2TPv3 and EtherIP
by the single SoftEther VPN Server program.
More details on https://www.softether.org/.
@@ -105,6 +105,7 @@ https://github.com/chipitsine
- Supporting all popular VPN protocols by the single VPN server:
SSL-VPN (HTTPS)
WireGuard
OpenVPN
IPsec
L2TP
@@ -139,17 +140,37 @@ https://github.com/chipitsine
releasing the build.
- More details at https://www.softether.org/.
# Comparison with Stable Edition
| Protocol | Stable Edition (SE) | Developer Edition (DE) | Comment |
| --- | --- | --- | --- |
| SSL-VPN | ✅ | ✅ | |
| OpenVPN | ✅ | ✅ | AEAD mode is supported in DE only. |
| IPsec | ✅ | ✅ | |
| L2TP | ✅ | ✅ | |
| MS-SSTP | ✅ | ✅ | |
| L2TPv3 | ✅ | ✅ | |
| EtherIP | ✅ | ✅ | |
| WireGuard | ❌ | ✅ | |
| IKEv2 | ❌ | ❌ | |
| Feature | Stable Edition (SE) | Developer Edition (DE) | Comment |
| --- | --- | --- | --- |
| Password Authentication | ✅ | ✅ | |
| RADIUS / NT Authentication | ✅ | ✅ | |
| Certificate Authentication | ⚠️ | ✅ | SE supports the feature in SSL-VPN only. |
| IPv6-capable VPN Tunnel | ⚠️ | ✅ | SE supports IPv6 in L2 VPN tunnels only. |
| IPv4 Route Management | ✅ | ✅ | Windows clients only |
| IPv6 Route Management | ❌ | ✅ | Windows clients only |
| TLS Server Verification | ⚠️ | ✅ | In SE you need to specify the exact certificate or CA to verify. DE can perform standard TLS verification and use the system CA store. |
| Dual-stack Name Resolution | ⚠️ | ✅ | SE attempts in IPv6 only after IPv4 has failed. |
| ECDSA Certificates Import | ❌ | ✅ | |
| Runs on Windows XP and Earlier | ✅ | ❌ | |
| Compatible with SoftEther VPN 1.0 | ✅ | ❌ | |
| AES-NI Hardware Acceleration | ⚠️ | ✅ | SE requires [intel_aes_lib](https://software.intel.com/sites/default/files/article/181731/intel-aesni-sample-library-v1.2.zip) to enable AES-NI, so x86 only. In DE, enabled by default as long as processor supports it (at least x86 and ARM). |
# Installation
## For Ubuntu
Launchpad PPA maintained by [Dmitry Verkhoturov](https://github.com/paskal):
[Daily builds](https://code.launchpad.net/~paskal-07/+archive/ubuntu/softethervpn) (latest released tag)
[Nightly builds](https://code.launchpad.net/~paskal-07/+archive/ubuntu/softethervpn-nightly)
## For FreeBSD
SoftEther VPN in FreeBSD Ports Collection is maintained by
@@ -178,7 +199,14 @@ sysrc softether_server_enable=yes
Also SoftEther VPN [Stable Edition](https://www.freshports.org/security/softether-devel/) and
[RTM version](https://www.freshports.org/security/softether/) are available on FreeBSD.
## From binary installers:
## For Windows
[Releases](https://github.com/SoftEtherVPN/SoftEtherVPN/releases)
[Nightly builds](https://github.com/SoftEtherVPN/SoftEtherVPN/actions/workflows/windows.yml)
(choose appropriate platform, then find binaries or installers as artifacts)
## From binary installers (stable channel)
Those can be found under https://www.softether-download.com/
There you can also find SoftEtherVPN source code in zip and tar formats.
@@ -236,19 +264,19 @@ SoftEther VPN Project distributes the up-to-date source code
on all the following open-source repositories:
- GitHub
https://github.com/SoftEtherVPN/SoftEtherVPN/
https://github.com/SoftEtherVPN/SoftEtherVPN
$ git clone https://github.com/SoftEtherVPN/SoftEtherVPN.git
- GitLab (mirrored from GitHub)
https://gitlab.com/SoftEther/SoftEtherVPN/
https://gitlab.com/SoftEther/VPN
$ git clone https://gitlab.com/SoftEther/SoftEtherVPN.git
$ git clone https://gitlab.com/SoftEther/VPN.git
- Codeberg (mirrored from GitHub)
https://codeberg.org/softether/vpn
- OneDev (mirrored from GitHub)
https://code.onedev.io/SoftEther/VPN
$ git clone https://codeberg.org/softether/vpn.git
$ git clone https://code.onedev.io/SoftEther/VPN.git
We hope that you can reach one of the above URLs at least!
@@ -261,7 +289,7 @@ Please send patches to us through GitHub.
# DEAR SECURITY EXPERTS
If you find a bug or a security vulnerability please kindly inform us
If you find a bug or a security vulnerability please [kindly inform](https://github.com/SoftEtherVPN/SoftEtherVPN/security/advisories/new) us
about the problem immediately so that we can fix the security problem
to protect a lot of users around the world as soon as possible.
SECURITY.md
+15
View File
@@ -0,0 +1,15 @@
# Security Policy
## Supported Versions
Use this section to tell people about which versions of your project are
currently being supported with security updates.
| Version | Supported |
| ------- | ------------------ |
| 5.x | :white_check_mark: |
## Reporting a Vulnerability
Please use [github security reporting](https://github.com/SoftEtherVPN/SoftEtherVPN/security/advisories/new)
developer_tools/stbchecker/stbchecker.csproj
+1 -1
View File
@@ -2,7 +2,7 @@
<PropertyGroup>
<OutputType>Exe</OutputType>
<TargetFramework>netcoreapp2.1</TargetFramework>
<TargetFramework>net8.0</TargetFramework>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|AnyCPU'">
developer_tools/vpnserver-jsonrpc-clients/README.html
+100 -99
View File
@@ -30,6 +30,7 @@
<ul>
<li>Older versions of SoftEther VPN before June 2019 don't support JSON-RPC APIs.</li>
<li>If you want to completely disable the JSON-RPC on your VPN Server, set the <code>DisableJsonRpcWebApi</code> variable to <code>true</code> on the <code>vpn_server.config</code>.</li>
<li>You may also restrict access to JSON-RPC API to a specific subnet, e.g. your internal network, by setting the <code>JsonRpcWebApiAllowedSubnet</code> variable to, for example, <code>192.168.0.0/16</code>.</li>
</ul>
<h3 id="json-rpc-specification">JSON-RPC specification</h3>
<p>You must use HTTPS 1.1 <code>POST</code> method to call each of JSON-RPC APIs.<br />
@@ -216,8 +217,8 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
<li><a href="#getspeciallistener">GetSpecialListener - Get Current Setting of the VPN over ICMP / VPN over DNS Function</a></li>
<li><a href="#getazurestatus">GetAzureStatus - Show the current status of VPN Azure function</a></li>
<li><a href="#setazurestatus">SetAzureStatus - Enable / Disable VPN Azure Function</a></li>
<li><a href="#getddnsinternetsettng">GetDDnsInternetSettng - Get the Proxy Settings for Connecting to the DDNS server</a></li>
<li><a href="#setddnsinternetsettng">SetDDnsInternetSettng - Set the Proxy Settings for Connecting to the DDNS server</a></li>
<li><a href="#getddnsinternetsetting">GetDDnsInternetSetting - Get the Proxy Settings for Connecting to the DDNS server</a></li>
<li><a href="#setddnsinternetsetting">SetDDnsInternetSetting - Set the Proxy Settings for Connecting to the DDNS server</a></li>
<li><a href="#setvgsconfig">SetVgsConfig - Set the VPN Gate Server Configuration</a></li>
<li><a href="#getvgsconfig">GetVgsConfig - Get the VPN Gate Server Configuration</a></li>
</ul>
@@ -305,7 +306,7 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
&quot;ServerBuildInt_u32&quot;: 0,
&quot;ServerHostName_str&quot;: &quot;serverhostname&quot;,
&quot;ServerType_u32&quot;: 0,
&quot;ServerBuildDate_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;ServerBuildDate_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;ServerFamilyName_str&quot;: &quot;serverfamilyname&quot;,
&quot;OsType_u32&quot;: 0,
&quot;OsServicePack_u32&quot;: 0,
@@ -460,9 +461,9 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
&quot;Send.BroadcastCount_u64&quot;: 0,
&quot;Send.UnicastBytes_u64&quot;: 0,
&quot;Send.UnicastCount_u64&quot;: 0,
&quot;CurrentTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;CurrentTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;CurrentTick_u64&quot;: 0,
&quot;StartTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;StartTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;TotalMemory_u64&quot;: 0,
&quot;UsedMemory_u64&quot;: 0,
&quot;FreeMemory_u64&quot;: 0,
@@ -1136,7 +1137,7 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
&quot;result&quot;: {
&quot;Id_u32&quot;: 0,
&quot;Controller_bool&quot;: false,
&quot;ConnectedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;ConnectedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;Ip_ip&quot;: &quot;192.168.0.1&quot;,
&quot;Hostname_str&quot;: &quot;hostname&quot;,
&quot;Point_u32&quot;: 0,
@@ -1283,7 +1284,7 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
{
&quot;Id_u32&quot;: 0,
&quot;Controller_bool&quot;: false,
&quot;ConnectedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;ConnectedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;Ip_ip&quot;: &quot;192.168.0.1&quot;,
&quot;Hostname_str&quot;: &quot;hostname&quot;,
&quot;Point_u32&quot;: 0,
@@ -1296,7 +1297,7 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
{
&quot;Id_u32&quot;: 0,
&quot;Controller_bool&quot;: false,
&quot;ConnectedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;ConnectedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;Ip_ip&quot;: &quot;192.168.0.1&quot;,
&quot;Hostname_str&quot;: &quot;hostname&quot;,
&quot;Point_u32&quot;: 0,
@@ -1309,7 +1310,7 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
{
&quot;Id_u32&quot;: 0,
&quot;Controller_bool&quot;: false,
&quot;ConnectedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;ConnectedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;Ip_ip&quot;: &quot;192.168.0.1&quot;,
&quot;Hostname_str&quot;: &quot;hostname&quot;,
&quot;Point_u32&quot;: 0,
@@ -1422,9 +1423,9 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
&quot;Port_u32&quot;: 0,
&quot;Online_bool&quot;: false,
&quot;LastError_u32&quot;: 0,
&quot;StartedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;FirstConnectedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;CurrentConnectedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;StartedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;FirstConnectedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;CurrentConnectedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;NumTry_u32&quot;: 0,
&quot;NumConnected_u32&quot;: 0,
&quot;NumFailed_u32&quot;: 0
@@ -1918,9 +1919,9 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
&quot;NumSessions_u32&quot;: 0,
&quot;NumMacTables_u32&quot;: 0,
&quot;NumIpTables_u32&quot;: 0,
&quot;LastCommTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;LastLoginTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;CreatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;LastCommTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;LastLoginTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;CreatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;NumLogin_u32&quot;: 0,
&quot;IsTrafficFilled_bool&quot;: false,
&quot;Ex.Recv.BroadcastBytes_u64&quot;: 0,
@@ -1941,9 +1942,9 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
&quot;NumSessions_u32&quot;: 0,
&quot;NumMacTables_u32&quot;: 0,
&quot;NumIpTables_u32&quot;: 0,
&quot;LastCommTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;LastLoginTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;CreatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;LastCommTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;LastLoginTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;CreatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;NumLogin_u32&quot;: 0,
&quot;IsTrafficFilled_bool&quot;: false,
&quot;Ex.Recv.BroadcastBytes_u64&quot;: 0,
@@ -1964,9 +1965,9 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
&quot;NumSessions_u32&quot;: 0,
&quot;NumMacTables_u32&quot;: 0,
&quot;NumIpTables_u32&quot;: 0,
&quot;LastCommTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;LastLoginTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;CreatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;LastCommTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;LastLoginTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;CreatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;NumLogin_u32&quot;: 0,
&quot;IsTrafficFilled_bool&quot;: false,
&quot;Ex.Recv.BroadcastBytes_u64&quot;: 0,
@@ -2309,7 +2310,7 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
&quot;Hostname_str&quot;: &quot;hostname&quot;,
&quot;Ip_ip&quot;: &quot;192.168.0.1&quot;,
&quot;Port_u32&quot;: 0,
&quot;ConnectedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;ConnectedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;Type_u32&quot;: 0
},
{
@@ -2317,7 +2318,7 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
&quot;Hostname_str&quot;: &quot;hostname&quot;,
&quot;Ip_ip&quot;: &quot;192.168.0.1&quot;,
&quot;Port_u32&quot;: 0,
&quot;ConnectedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;ConnectedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;Type_u32&quot;: 0
},
{
@@ -2325,7 +2326,7 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
&quot;Hostname_str&quot;: &quot;hostname&quot;,
&quot;Ip_ip&quot;: &quot;192.168.0.1&quot;,
&quot;Port_u32&quot;: 0,
&quot;ConnectedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;ConnectedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;Type_u32&quot;: 0
}
]
@@ -2450,7 +2451,7 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
&quot;Hostname_str&quot;: &quot;hostname&quot;,
&quot;Ip_ip&quot;: &quot;192.168.0.1&quot;,
&quot;Port_u32&quot;: 0,
&quot;ConnectedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;ConnectedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;ServerStr_str&quot;: &quot;serverstr&quot;,
&quot;ServerVer_u32&quot;: 0,
&quot;ServerBuild_u32&quot;: 0,
@@ -2620,9 +2621,9 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
&quot;Send.UnicastBytes_u64&quot;: 0,
&quot;Send.UnicastCount_u64&quot;: 0,
&quot;SecureNATEnabled_bool&quot;: false,
&quot;LastCommTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;LastLoginTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;CreatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;LastCommTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;LastLoginTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;CreatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;NumLogin_u32&quot;: 0
}
}
@@ -2992,19 +2993,19 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
&quot;Key_u32&quot;: 0,
&quot;SubjectName_utf&quot;: &quot;subjectname&quot;,
&quot;IssuerName_utf&quot;: &quot;issuername&quot;,
&quot;Expires_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;
&quot;Expires_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;
},
{
&quot;Key_u32&quot;: 0,
&quot;SubjectName_utf&quot;: &quot;subjectname&quot;,
&quot;IssuerName_utf&quot;: &quot;issuername&quot;,
&quot;Expires_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;
&quot;Expires_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;
},
{
&quot;Key_u32&quot;: 0,
&quot;SubjectName_utf&quot;: &quot;subjectname&quot;,
&quot;IssuerName_utf&quot;: &quot;issuername&quot;,
&quot;Expires_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;
&quot;Expires_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;
}
]
}
@@ -4348,7 +4349,7 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
&quot;Online_bool&quot;: false,
&quot;Connected_bool&quot;: false,
&quot;LastError_u32&quot;: 0,
&quot;ConnectedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;ConnectedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;Hostname_str&quot;: &quot;hostname&quot;,
&quot;TargetHubName_str&quot;: &quot;targethubname&quot;
},
@@ -4357,7 +4358,7 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
&quot;Online_bool&quot;: false,
&quot;Connected_bool&quot;: false,
&quot;LastError_u32&quot;: 0,
&quot;ConnectedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;ConnectedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;Hostname_str&quot;: &quot;hostname&quot;,
&quot;TargetHubName_str&quot;: &quot;targethubname&quot;
},
@@ -4366,7 +4367,7 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
&quot;Online_bool&quot;: false,
&quot;Connected_bool&quot;: false,
&quot;LastError_u32&quot;: 0,
&quot;ConnectedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;ConnectedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;Hostname_str&quot;: &quot;hostname&quot;,
&quot;TargetHubName_str&quot;: &quot;targethubname&quot;
}
@@ -4668,9 +4669,9 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
&quot;ServerProductBuild_u32&quot;: 0,
&quot;ServerX_bin&quot;: &quot;SGVsbG8gV29ybGQ=&quot;,
&quot;ClientX_bin&quot;: &quot;SGVsbG8gV29ybGQ=&quot;,
&quot;StartTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;FirstConnectionEstablisiedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;CurrentConnectionEstablishTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;StartTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;FirstConnectionEstablisiedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;CurrentConnectionEstablishTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;NumConnectionsEatablished_u32&quot;: 0,
&quot;HalfConnection_bool&quot;: false,
&quot;QoS_bool&quot;: false,
@@ -5996,7 +5997,7 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
&quot;Name_str&quot;: &quot;name&quot;,
&quot;Realname_utf&quot;: &quot;realname&quot;,
&quot;Note_utf&quot;: &quot;note&quot;,
&quot;ExpireTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;ExpireTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;AuthType_u32&quot;: 0,
&quot;Auth_Password_str&quot;: &quot;auth_password&quot;,
&quot;UserX_bin&quot;: &quot;SGVsbG8gV29ybGQ=&quot;,
@@ -6057,9 +6058,9 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
&quot;GroupName_str&quot;: &quot;groupname&quot;,
&quot;Realname_utf&quot;: &quot;realname&quot;,
&quot;Note_utf&quot;: &quot;note&quot;,
&quot;CreatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;UpdatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;ExpireTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;CreatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;UpdatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;ExpireTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;AuthType_u32&quot;: 0,
&quot;Auth_Password_str&quot;: &quot;auth_password&quot;,
&quot;UserX_bin&quot;: &quot;SGVsbG8gV29ybGQ=&quot;,
@@ -6247,7 +6248,7 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
<tr>
<td><code>Send.UnicastCount_u64</code></td>
<td><code>number</code> (uint64)</td>
<td>Unicast count (Send)</td>
<td>Unicast bytes (Send)</td>
</tr>
<tr>
<td><code>UsePolicy_bool</code></td>
@@ -6467,7 +6468,7 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
&quot;GroupName_str&quot;: &quot;groupname&quot;,
&quot;Realname_utf&quot;: &quot;realname&quot;,
&quot;Note_utf&quot;: &quot;note&quot;,
&quot;ExpireTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;ExpireTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;AuthType_u32&quot;: 0,
&quot;Auth_Password_str&quot;: &quot;auth_password&quot;,
&quot;UserX_bin&quot;: &quot;SGVsbG8gV29ybGQ=&quot;,
@@ -6528,9 +6529,9 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
&quot;GroupName_str&quot;: &quot;groupname&quot;,
&quot;Realname_utf&quot;: &quot;realname&quot;,
&quot;Note_utf&quot;: &quot;note&quot;,
&quot;CreatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;UpdatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;ExpireTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;CreatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;UpdatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;ExpireTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;AuthType_u32&quot;: 0,
&quot;Auth_Password_str&quot;: &quot;auth_password&quot;,
&quot;UserX_bin&quot;: &quot;SGVsbG8gV29ybGQ=&quot;,
@@ -6948,9 +6949,9 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
&quot;GroupName_str&quot;: &quot;groupname&quot;,
&quot;Realname_utf&quot;: &quot;realname&quot;,
&quot;Note_utf&quot;: &quot;note&quot;,
&quot;CreatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;UpdatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;ExpireTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;CreatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;UpdatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;ExpireTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;AuthType_u32&quot;: 0,
&quot;Auth_Password_str&quot;: &quot;auth_password&quot;,
&quot;UserX_bin&quot;: &quot;SGVsbG8gV29ybGQ=&quot;,
@@ -7419,11 +7420,11 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
&quot;Note_utf&quot;: &quot;note&quot;,
&quot;AuthType_u32&quot;: 0,
&quot;NumLogin_u32&quot;: 0,
&quot;LastLoginTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;LastLoginTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;DenyAccess_bool&quot;: false,
&quot;IsTrafficFilled_bool&quot;: false,
&quot;IsExpiresFilled_bool&quot;: false,
&quot;Expires_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;Expires_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;Ex.Recv.BroadcastBytes_u64&quot;: 0,
&quot;Ex.Recv.BroadcastCount_u64&quot;: 0,
&quot;Ex.Recv.UnicastBytes_u64&quot;: 0,
@@ -7440,11 +7441,11 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
&quot;Note_utf&quot;: &quot;note&quot;,
&quot;AuthType_u32&quot;: 0,
&quot;NumLogin_u32&quot;: 0,
&quot;LastLoginTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;LastLoginTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;DenyAccess_bool&quot;: false,
&quot;IsTrafficFilled_bool&quot;: false,
&quot;IsExpiresFilled_bool&quot;: false,
&quot;Expires_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;Expires_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;Ex.Recv.BroadcastBytes_u64&quot;: 0,
&quot;Ex.Recv.BroadcastCount_u64&quot;: 0,
&quot;Ex.Recv.UnicastBytes_u64&quot;: 0,
@@ -7461,11 +7462,11 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
&quot;Note_utf&quot;: &quot;note&quot;,
&quot;AuthType_u32&quot;: 0,
&quot;NumLogin_u32&quot;: 0,
&quot;LastLoginTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;LastLoginTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;DenyAccess_bool&quot;: false,
&quot;IsTrafficFilled_bool&quot;: false,
&quot;IsExpiresFilled_bool&quot;: false,
&quot;Expires_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;Expires_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;Ex.Recv.BroadcastBytes_u64&quot;: 0,
&quot;Ex.Recv.BroadcastCount_u64&quot;: 0,
&quot;Ex.Recv.UnicastBytes_u64&quot;: 0,
@@ -8907,8 +8908,8 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
&quot;Client_MonitorMode_bool&quot;: false,
&quot;VLanId_u32&quot;: 0,
&quot;UniqueId_bin&quot;: &quot;SGVsbG8gV29ybGQ=&quot;,
&quot;CreatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;LastCommTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;
&quot;CreatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;LastCommTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;
},
{
&quot;Name_str&quot;: &quot;name&quot;,
@@ -8929,8 +8930,8 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
&quot;Client_MonitorMode_bool&quot;: false,
&quot;VLanId_u32&quot;: 0,
&quot;UniqueId_bin&quot;: &quot;SGVsbG8gV29ybGQ=&quot;,
&quot;CreatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;LastCommTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;
&quot;CreatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;LastCommTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;
},
{
&quot;Name_str&quot;: &quot;name&quot;,
@@ -8951,8 +8952,8 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
&quot;Client_MonitorMode_bool&quot;: false,
&quot;VLanId_u32&quot;: 0,
&quot;UniqueId_bin&quot;: &quot;SGVsbG8gV29ybGQ=&quot;,
&quot;CreatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;LastCommTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;
&quot;CreatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;LastCommTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;
}
]
}
@@ -9117,9 +9118,9 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
&quot;ServerProductName_str&quot;: &quot;serverproductname&quot;,
&quot;ServerProductVer_u32&quot;: 0,
&quot;ServerProductBuild_u32&quot;: 0,
&quot;StartTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;FirstConnectionEstablisiedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;CurrentConnectionEstablishTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;StartTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;FirstConnectionEstablisiedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;CurrentConnectionEstablishTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;NumConnectionsEatablished_u32&quot;: 0,
&quot;HalfConnection_bool&quot;: false,
&quot;QoS_bool&quot;: false,
@@ -9496,8 +9497,8 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
&quot;Key_u32&quot;: 0,
&quot;SessionName_str&quot;: &quot;sessionname&quot;,
&quot;MacAddress_bin&quot;: &quot;SGVsbG8gV29ybGQ=&quot;,
&quot;CreatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;UpdatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;CreatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;UpdatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;RemoteItem_bool&quot;: false,
&quot;RemoteHostname_str&quot;: &quot;remotehostname&quot;,
&quot;VlanId_u32&quot;: 0
@@ -9506,8 +9507,8 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
&quot;Key_u32&quot;: 0,
&quot;SessionName_str&quot;: &quot;sessionname&quot;,
&quot;MacAddress_bin&quot;: &quot;SGVsbG8gV29ybGQ=&quot;,
&quot;CreatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;UpdatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;CreatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;UpdatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;RemoteItem_bool&quot;: false,
&quot;RemoteHostname_str&quot;: &quot;remotehostname&quot;,
&quot;VlanId_u32&quot;: 0
@@ -9516,8 +9517,8 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
&quot;Key_u32&quot;: 0,
&quot;SessionName_str&quot;: &quot;sessionname&quot;,
&quot;MacAddress_bin&quot;: &quot;SGVsbG8gV29ybGQ=&quot;,
&quot;CreatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;UpdatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;CreatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;UpdatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;RemoteItem_bool&quot;: false,
&quot;RemoteHostname_str&quot;: &quot;remotehostname&quot;,
&quot;VlanId_u32&quot;: 0
@@ -9663,8 +9664,8 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
&quot;SessionName_str&quot;: &quot;sessionname&quot;,
&quot;IpAddress_ip&quot;: &quot;192.168.0.1&quot;,
&quot;DhcpAllocated_bool&quot;: false,
&quot;CreatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;UpdatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;CreatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;UpdatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;RemoteItem_bool&quot;: false,
&quot;RemoteHostname_str&quot;: &quot;remotehostname&quot;
},
@@ -9673,8 +9674,8 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
&quot;SessionName_str&quot;: &quot;sessionname&quot;,
&quot;IpAddress_ip&quot;: &quot;192.168.0.1&quot;,
&quot;DhcpAllocated_bool&quot;: false,
&quot;CreatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;UpdatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;CreatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;UpdatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;RemoteItem_bool&quot;: false,
&quot;RemoteHostname_str&quot;: &quot;remotehostname&quot;
},
@@ -9683,8 +9684,8 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
&quot;SessionName_str&quot;: &quot;sessionname&quot;,
&quot;IpAddress_ip&quot;: &quot;192.168.0.1&quot;,
&quot;DhcpAllocated_bool&quot;: false,
&quot;CreatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;UpdatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;CreatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;UpdatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;RemoteItem_bool&quot;: false,
&quot;RemoteHostname_str&quot;: &quot;remotehostname&quot;
}
@@ -10376,8 +10377,8 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
&quot;DestIp_ip&quot;: &quot;192.168.0.1&quot;,
&quot;DestHost_str&quot;: &quot;desthost&quot;,
&quot;DestPort_u32&quot;: 0,
&quot;CreatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;LastCommTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;CreatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;LastCommTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;SendSize_u64&quot;: 0,
&quot;RecvSize_u64&quot;: 0,
&quot;TcpStatus_u32&quot;: 0
@@ -10391,8 +10392,8 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
&quot;DestIp_ip&quot;: &quot;192.168.0.1&quot;,
&quot;DestHost_str&quot;: &quot;desthost&quot;,
&quot;DestPort_u32&quot;: 0,
&quot;CreatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;LastCommTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;CreatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;LastCommTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;SendSize_u64&quot;: 0,
&quot;RecvSize_u64&quot;: 0,
&quot;TcpStatus_u32&quot;: 0
@@ -10406,8 +10407,8 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
&quot;DestIp_ip&quot;: &quot;192.168.0.1&quot;,
&quot;DestHost_str&quot;: &quot;desthost&quot;,
&quot;DestPort_u32&quot;: 0,
&quot;CreatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;LastCommTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;CreatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;LastCommTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;SendSize_u64&quot;: 0,
&quot;RecvSize_u64&quot;: 0,
&quot;TcpStatus_u32&quot;: 0
@@ -10527,8 +10528,8 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
&quot;DhcpTable&quot;: [
{
&quot;Id_u32&quot;: 0,
&quot;LeasedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;ExpireTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;LeasedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;ExpireTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;MacAddress_bin&quot;: &quot;SGVsbG8gV29ybGQ=&quot;,
&quot;IpAddress_ip&quot;: &quot;192.168.0.1&quot;,
&quot;Mask_u32&quot;: 0,
@@ -10536,8 +10537,8 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
},
{
&quot;Id_u32&quot;: 0,
&quot;LeasedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;ExpireTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;LeasedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;ExpireTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;MacAddress_bin&quot;: &quot;SGVsbG8gV29ybGQ=&quot;,
&quot;IpAddress_ip&quot;: &quot;192.168.0.1&quot;,
&quot;Mask_u32&quot;: 0,
@@ -10545,8 +10546,8 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
},
{
&quot;Id_u32&quot;: 0,
&quot;LeasedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;ExpireTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;,
&quot;LeasedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;ExpireTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;,
&quot;MacAddress_bin&quot;: &quot;SGVsbG8gV29ybGQ=&quot;,
&quot;IpAddress_ip&quot;: &quot;192.168.0.1&quot;,
&quot;Mask_u32&quot;: 0,
@@ -13090,19 +13091,19 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
&quot;ServerName_str&quot;: &quot;servername&quot;,
&quot;FilePath_str&quot;: &quot;filepath&quot;,
&quot;FileSize_u32&quot;: 0,
&quot;UpdatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;
&quot;UpdatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;
},
{
&quot;ServerName_str&quot;: &quot;servername&quot;,
&quot;FilePath_str&quot;: &quot;filepath&quot;,
&quot;FileSize_u32&quot;: 0,
&quot;UpdatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;
&quot;UpdatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;
},
{
&quot;ServerName_str&quot;: &quot;servername&quot;,
&quot;FilePath_str&quot;: &quot;filepath&quot;,
&quot;FileSize_u32&quot;: 0,
&quot;UpdatedTime_dt&quot;: &quot;2020-08-01T12:24:36.123&quot;
&quot;UpdatedTime_dt&quot;: &quot;2024-08-01T12:24:36.123&quot;
}
]
}
@@ -14508,15 +14509,15 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
</tbody>
</table>
<hr />
<p><a id="getddnsinternetsettng"></a></p>
<h2 id="getddnsinternetsettng-rpc-api-get-the-proxy-settings-for-connecting-to-the-ddns-server">&quot;GetDDnsInternetSettng&quot; RPC API - Get the Proxy Settings for Connecting to the DDNS server</h2>
<p><a id="getddnsinternetsetting"></a></p>
<h2 id="getddnsinternetsetting-rpc-api-get-the-proxy-settings-for-connecting-to-the-ddns-server">&quot;GetDDnsInternetSetting&quot; RPC API - Get the Proxy Settings for Connecting to the DDNS server</h2>
<h3 id="description-131">Description</h3>
<p>Get the Proxy Settings for Connecting to the DDNS server.</p>
<h3 id="input-json-rpc-format-131">Input JSON-RPC Format</h3>
<pre><code class="language-json">{
&quot;jsonrpc&quot;: &quot;2.0&quot;,
&quot;id&quot;: &quot;rpc_call_id&quot;,
&quot;method&quot;: &quot;GetDDnsInternetSettng&quot;,
&quot;method&quot;: &quot;GetDDnsInternetSetting&quot;,
&quot;params&quot;: {}
}
</code></pre>
@@ -14571,15 +14572,15 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
</tbody>
</table>
<hr />
<p><a id="setddnsinternetsettng"></a></p>
<h2 id="setddnsinternetsettng-rpc-api-set-the-proxy-settings-for-connecting-to-the-ddns-server">&quot;SetDDnsInternetSettng&quot; RPC API - Set the Proxy Settings for Connecting to the DDNS server</h2>
<p><a id="setddnsinternetsetting"></a></p>
<h2 id="setddnsinternetsetting-rpc-api-set-the-proxy-settings-for-connecting-to-the-ddns-server">&quot;SetDDnsInternetSetting&quot; RPC API - Set the Proxy Settings for Connecting to the DDNS server</h2>
<h3 id="description-132">Description</h3>
<p>Set the Proxy Settings for Connecting to the DDNS server.</p>
<h3 id="input-json-rpc-format-132">Input JSON-RPC Format</h3>
<pre><code class="language-json">{
&quot;jsonrpc&quot;: &quot;2.0&quot;,
&quot;id&quot;: &quot;rpc_call_id&quot;,
&quot;method&quot;: &quot;SetDDnsInternetSettng&quot;,
&quot;method&quot;: &quot;SetDDnsInternetSetting&quot;,
&quot;params&quot;: {
&quot;ProxyType_u32&quot;: 0,
&quot;ProxyHostName_str&quot;: &quot;proxyhostname&quot;,
@@ -14640,8 +14641,8 @@ All APIs are based on the <a href="https://www.jsonrpc.org/specification">JSON-R
</tbody>
</table>
<hr />
<p>Automatically generated at 2019-07-10 14:36:11 by vpnserver-jsonrpc-codegen.<br />
Copyright (c) 2014-2019 <a href="https://www.softether.org/">SoftEther VPN Project</a> under the Apache License 2.0.</p>
<p>Automatically generated at 2023-05-10 14:43:37 by vpnserver-jsonrpc-codegen.<br />
Copyright (c) 2014-2023 <a href="https://www.softether.org/">SoftEther VPN Project</a> under the Apache License 2.0.</p>
</article>
</body>
developer_tools/vpnserver-jsonrpc-clients/README.md
+107 -106
View File
@@ -25,6 +25,7 @@ https://<vpn_server_hostname>:<port>/api/
- Older versions of SoftEther VPN before June 2019 don't support JSON-RPC APIs.
- If you want to completely disable the JSON-RPC on your VPN Server, set the `DisableJsonRpcWebApi` variable to `true` on the `vpn_server.config`.
- You may also restrict access to JSON-RPC API to a specific subnet, e.g. your internal network, by setting the `JsonRpcWebApiAllowedSubnet` variable to, for example, `192.168.0.0/16`.
### JSON-RPC specification
@@ -208,8 +209,8 @@ Value | Description
- [GetSpecialListener - Get Current Setting of the VPN over ICMP / VPN over DNS Function](#getspeciallistener)
- [GetAzureStatus - Show the current status of VPN Azure function](#getazurestatus)
- [SetAzureStatus - Enable / Disable VPN Azure Function](#setazurestatus)
- [GetDDnsInternetSettng - Get the Proxy Settings for Connecting to the DDNS server](#getddnsinternetsettng)
- [SetDDnsInternetSettng - Set the Proxy Settings for Connecting to the DDNS server](#setddnsinternetsettng)
- [GetDDnsInternetSetting - Get the Proxy Settings for Connecting to the DDNS server](#getddnsinternetsetting)
- [SetDDnsInternetSetting - Set the Proxy Settings for Connecting to the DDNS server](#setddnsinternetsetting)
- [SetVgsConfig - Set the VPN Gate Server Configuration](#setvgsconfig)
- [GetVgsConfig - Get the VPN Gate Server Configuration](#getvgsconfig)
@@ -283,7 +284,7 @@ Get server information. This allows you to obtain the server information of the
"ServerBuildInt_u32": 0,
"ServerHostName_str": "serverhostname",
"ServerType_u32": 0,
"ServerBuildDate_dt": "2020-08-01T12:24:36.123",
"ServerBuildDate_dt": "2024-08-01T12:24:36.123",
"ServerFamilyName_str": "serverfamilyname",
"OsType_u32": 0,
"OsServicePack_u32": 0,
@@ -368,9 +369,9 @@ Get Current Server Status. This allows you to obtain in real-time the current st
"Send.BroadcastCount_u64": 0,
"Send.UnicastBytes_u64": 0,
"Send.UnicastCount_u64": 0,
"CurrentTime_dt": "2020-08-01T12:24:36.123",
"CurrentTime_dt": "2024-08-01T12:24:36.123",
"CurrentTick_u64": 0,
"StartTime_dt": "2020-08-01T12:24:36.123",
"StartTime_dt": "2024-08-01T12:24:36.123",
"TotalMemory_u64": 0,
"UsedMemory_u64": 0,
"FreeMemory_u64": 0,
@@ -768,7 +769,7 @@ Get Cluster Member Information. When the VPN Server is operating as a cluster co
"result": {
"Id_u32": 0,
"Controller_bool": false,
"ConnectedTime_dt": "2020-08-01T12:24:36.123",
"ConnectedTime_dt": "2024-08-01T12:24:36.123",
"Ip_ip": "192.168.0.1",
"Hostname_str": "hostname",
"Point_u32": 0,
@@ -849,7 +850,7 @@ Get List of Cluster Members. Use this API when the VPN Server is operating as a
{
"Id_u32": 0,
"Controller_bool": false,
"ConnectedTime_dt": "2020-08-01T12:24:36.123",
"ConnectedTime_dt": "2024-08-01T12:24:36.123",
"Ip_ip": "192.168.0.1",
"Hostname_str": "hostname",
"Point_u32": 0,
@@ -862,7 +863,7 @@ Get List of Cluster Members. Use this API when the VPN Server is operating as a
{
"Id_u32": 0,
"Controller_bool": false,
"ConnectedTime_dt": "2020-08-01T12:24:36.123",
"ConnectedTime_dt": "2024-08-01T12:24:36.123",
"Ip_ip": "192.168.0.1",
"Hostname_str": "hostname",
"Point_u32": 0,
@@ -875,7 +876,7 @@ Get List of Cluster Members. Use this API when the VPN Server is operating as a
{
"Id_u32": 0,
"Controller_bool": false,
"ConnectedTime_dt": "2020-08-01T12:24:36.123",
"ConnectedTime_dt": "2024-08-01T12:24:36.123",
"Ip_ip": "192.168.0.1",
"Hostname_str": "hostname",
"Point_u32": 0,
@@ -934,9 +935,9 @@ Get Connection Status to Cluster Controller. Use this API when the VPN Server is
"Port_u32": 0,
"Online_bool": false,
"LastError_u32": 0,
"StartedTime_dt": "2020-08-01T12:24:36.123",
"FirstConnectedTime_dt": "2020-08-01T12:24:36.123",
"CurrentConnectedTime_dt": "2020-08-01T12:24:36.123",
"StartedTime_dt": "2024-08-01T12:24:36.123",
"FirstConnectedTime_dt": "2024-08-01T12:24:36.123",
"CurrentConnectedTime_dt": "2024-08-01T12:24:36.123",
"NumTry_u32": 0,
"NumConnected_u32": 0,
"NumFailed_u32": 0
@@ -1278,9 +1279,9 @@ Get List of Virtual Hubs. Use this to get a list of existing Virtual Hubs on the
"NumSessions_u32": 0,
"NumMacTables_u32": 0,
"NumIpTables_u32": 0,
"LastCommTime_dt": "2020-08-01T12:24:36.123",
"LastLoginTime_dt": "2020-08-01T12:24:36.123",
"CreatedTime_dt": "2020-08-01T12:24:36.123",
"LastCommTime_dt": "2024-08-01T12:24:36.123",
"LastLoginTime_dt": "2024-08-01T12:24:36.123",
"CreatedTime_dt": "2024-08-01T12:24:36.123",
"NumLogin_u32": 0,
"IsTrafficFilled_bool": false,
"Ex.Recv.BroadcastBytes_u64": 0,
@@ -1301,9 +1302,9 @@ Get List of Virtual Hubs. Use this to get a list of existing Virtual Hubs on the
"NumSessions_u32": 0,
"NumMacTables_u32": 0,
"NumIpTables_u32": 0,
"LastCommTime_dt": "2020-08-01T12:24:36.123",
"LastLoginTime_dt": "2020-08-01T12:24:36.123",
"CreatedTime_dt": "2020-08-01T12:24:36.123",
"LastCommTime_dt": "2024-08-01T12:24:36.123",
"LastLoginTime_dt": "2024-08-01T12:24:36.123",
"CreatedTime_dt": "2024-08-01T12:24:36.123",
"NumLogin_u32": 0,
"IsTrafficFilled_bool": false,
"Ex.Recv.BroadcastBytes_u64": 0,
@@ -1324,9 +1325,9 @@ Get List of Virtual Hubs. Use this to get a list of existing Virtual Hubs on the
"NumSessions_u32": 0,
"NumMacTables_u32": 0,
"NumIpTables_u32": 0,
"LastCommTime_dt": "2020-08-01T12:24:36.123",
"LastLoginTime_dt": "2020-08-01T12:24:36.123",
"CreatedTime_dt": "2020-08-01T12:24:36.123",
"LastCommTime_dt": "2024-08-01T12:24:36.123",
"LastLoginTime_dt": "2024-08-01T12:24:36.123",
"CreatedTime_dt": "2024-08-01T12:24:36.123",
"NumLogin_u32": 0,
"IsTrafficFilled_bool": false,
"Ex.Recv.BroadcastBytes_u64": 0,
@@ -1525,7 +1526,7 @@ Get List of TCP Connections Connecting to the VPN Server. Use this to get a list
"Hostname_str": "hostname",
"Ip_ip": "192.168.0.1",
"Port_u32": 0,
"ConnectedTime_dt": "2020-08-01T12:24:36.123",
"ConnectedTime_dt": "2024-08-01T12:24:36.123",
"Type_u32": 0
},
{
@@ -1533,7 +1534,7 @@ Get List of TCP Connections Connecting to the VPN Server. Use this to get a list
"Hostname_str": "hostname",
"Ip_ip": "192.168.0.1",
"Port_u32": 0,
"ConnectedTime_dt": "2020-08-01T12:24:36.123",
"ConnectedTime_dt": "2024-08-01T12:24:36.123",
"Type_u32": 0
},
{
@@ -1541,7 +1542,7 @@ Get List of TCP Connections Connecting to the VPN Server. Use this to get a list
"Hostname_str": "hostname",
"Ip_ip": "192.168.0.1",
"Port_u32": 0,
"ConnectedTime_dt": "2020-08-01T12:24:36.123",
"ConnectedTime_dt": "2024-08-01T12:24:36.123",
"Type_u32": 0
}
]
@@ -1626,7 +1627,7 @@ Get Information of TCP Connections Connecting to the VPN Server. Use this to get
"Hostname_str": "hostname",
"Ip_ip": "192.168.0.1",
"Port_u32": 0,
"ConnectedTime_dt": "2020-08-01T12:24:36.123",
"ConnectedTime_dt": "2024-08-01T12:24:36.123",
"ServerStr_str": "serverstr",
"ServerVer_u32": 0,
"ServerBuild_u32": 0,
@@ -1736,9 +1737,9 @@ Get Current Status of Virtual Hub. Use this to get the current status of the Vir
"Send.UnicastBytes_u64": 0,
"Send.UnicastCount_u64": 0,
"SecureNATEnabled_bool": false,
"LastCommTime_dt": "2020-08-01T12:24:36.123",
"LastLoginTime_dt": "2020-08-01T12:24:36.123",
"CreatedTime_dt": "2020-08-01T12:24:36.123",
"LastCommTime_dt": "2024-08-01T12:24:36.123",
"LastLoginTime_dt": "2024-08-01T12:24:36.123",
"CreatedTime_dt": "2024-08-01T12:24:36.123",
"NumLogin_u32": 0
}
}
@@ -1948,19 +1949,19 @@ Get List of Trusted CA Certificates. Here you can manage the certificate authori
"Key_u32": 0,
"SubjectName_utf": "subjectname",
"IssuerName_utf": "issuername",
"Expires_dt": "2020-08-01T12:24:36.123"
"Expires_dt": "2024-08-01T12:24:36.123"
},
{
"Key_u32": 0,
"SubjectName_utf": "subjectname",
"IssuerName_utf": "issuername",
"Expires_dt": "2020-08-01T12:24:36.123"
"Expires_dt": "2024-08-01T12:24:36.123"
},
{
"Key_u32": 0,
"SubjectName_utf": "subjectname",
"IssuerName_utf": "issuername",
"Expires_dt": "2020-08-01T12:24:36.123"
"Expires_dt": "2024-08-01T12:24:36.123"
}
]
}
@@ -2352,7 +2353,7 @@ Name | Type | Description
`NoUdpAcceleration_bool` | `boolean` | Client Option Parameters: Do not use UDP acceleration mode if the value is true
`AuthType_u32` | `number` (enum) | Authentication type<BR>Values:<BR>`0`: Anonymous authentication<BR>`1`: SHA-0 hashed password authentication<BR>`2`: Plain password authentication<BR>`3`: Certificate authentication
`Username_str` | `string` (ASCII) | User name
`HashedPassword_bin` | `string` (Base64 binary) | SHA-0 Hashed password. Valid only if ClientAuth_AuthType_u32 == SHA0_Hashed_Password (1). The SHA-0 hashed password must be caluclated by the SHA0(UpperCase(username_ascii_string) + password_ascii_string).
`HashedPassword_bin` | `string` (Base64 binary) | SHA-0 Hashed password. Valid only if ClientAuth_AuthType_u32 == SHA0_Hashed_Password (1). The SHA-0 hashed password must be caluclated by the SHA0(password_ascii_string + UpperCase(username_ascii_string)).
`PlainPassword_str` | `string` (ASCII) | Plaintext Password. Valid only if ClientAuth_AuthType_u32 == PlainPassword (2).
`ClientX_bin` | `string` (Base64 binary) | Client certificate. Valid only if ClientAuth_AuthType_u32 == Cert (3).
`ClientK_bin` | `string` (Base64 binary) | Client private key of the certificate. Valid only if ClientAuth_AuthType_u32 == Cert (3).
@@ -2600,7 +2601,7 @@ Get List of Cascade Connections. Use this to get a list of Cascade Connections t
"Online_bool": false,
"Connected_bool": false,
"LastError_u32": 0,
"ConnectedTime_dt": "2020-08-01T12:24:36.123",
"ConnectedTime_dt": "2024-08-01T12:24:36.123",
"Hostname_str": "hostname",
"TargetHubName_str": "targethubname"
},
@@ -2609,7 +2610,7 @@ Get List of Cascade Connections. Use this to get a list of Cascade Connections t
"Online_bool": false,
"Connected_bool": false,
"LastError_u32": 0,
"ConnectedTime_dt": "2020-08-01T12:24:36.123",
"ConnectedTime_dt": "2024-08-01T12:24:36.123",
"Hostname_str": "hostname",
"TargetHubName_str": "targethubname"
},
@@ -2618,7 +2619,7 @@ Get List of Cascade Connections. Use this to get a list of Cascade Connections t
"Online_bool": false,
"Connected_bool": false,
"LastError_u32": 0,
"ConnectedTime_dt": "2020-08-01T12:24:36.123",
"ConnectedTime_dt": "2024-08-01T12:24:36.123",
"Hostname_str": "hostname",
"TargetHubName_str": "targethubname"
}
@@ -2834,9 +2835,9 @@ Get Current Cascade Connection Status. When a Cascade Connection registered on t
"ServerProductBuild_u32": 0,
"ServerX_bin": "SGVsbG8gV29ybGQ=",
"ClientX_bin": "SGVsbG8gV29ybGQ=",
"StartTime_dt": "2020-08-01T12:24:36.123",
"FirstConnectionEstablisiedTime_dt": "2020-08-01T12:24:36.123",
"CurrentConnectionEstablishTime_dt": "2020-08-01T12:24:36.123",
"StartTime_dt": "2024-08-01T12:24:36.123",
"FirstConnectionEstablisiedTime_dt": "2024-08-01T12:24:36.123",
"CurrentConnectionEstablishTime_dt": "2024-08-01T12:24:36.123",
"NumConnectionsEatablished_u32": 0,
"HalfConnection_bool": false,
"QoS_bool": false,
@@ -3566,7 +3567,7 @@ Create a user. Use this to create a new user in the security account database of
"Name_str": "name",
"Realname_utf": "realname",
"Note_utf": "note",
"ExpireTime_dt": "2020-08-01T12:24:36.123",
"ExpireTime_dt": "2024-08-01T12:24:36.123",
"AuthType_u32": 0,
"Auth_Password_str": "auth_password",
"UserX_bin": "SGVsbG8gV29ybGQ=",
@@ -3629,9 +3630,9 @@ Create a user. Use this to create a new user in the security account database of
"GroupName_str": "groupname",
"Realname_utf": "realname",
"Note_utf": "note",
"CreatedTime_dt": "2020-08-01T12:24:36.123",
"UpdatedTime_dt": "2020-08-01T12:24:36.123",
"ExpireTime_dt": "2020-08-01T12:24:36.123",
"CreatedTime_dt": "2024-08-01T12:24:36.123",
"UpdatedTime_dt": "2024-08-01T12:24:36.123",
"ExpireTime_dt": "2024-08-01T12:24:36.123",
"AuthType_u32": 0,
"Auth_Password_str": "auth_password",
"UserX_bin": "SGVsbG8gV29ybGQ=",
@@ -3779,7 +3780,7 @@ Change User Settings. Use this to change user settings that is registered on the
"GroupName_str": "groupname",
"Realname_utf": "realname",
"Note_utf": "note",
"ExpireTime_dt": "2020-08-01T12:24:36.123",
"ExpireTime_dt": "2024-08-01T12:24:36.123",
"AuthType_u32": 0,
"Auth_Password_str": "auth_password",
"UserX_bin": "SGVsbG8gV29ybGQ=",
@@ -3842,9 +3843,9 @@ Change User Settings. Use this to change user settings that is registered on the
"GroupName_str": "groupname",
"Realname_utf": "realname",
"Note_utf": "note",
"CreatedTime_dt": "2020-08-01T12:24:36.123",
"UpdatedTime_dt": "2020-08-01T12:24:36.123",
"ExpireTime_dt": "2020-08-01T12:24:36.123",
"CreatedTime_dt": "2024-08-01T12:24:36.123",
"UpdatedTime_dt": "2024-08-01T12:24:36.123",
"ExpireTime_dt": "2024-08-01T12:24:36.123",
"AuthType_u32": 0,
"Auth_Password_str": "auth_password",
"UserX_bin": "SGVsbG8gV29ybGQ=",
@@ -4004,9 +4005,9 @@ Get User Settings. Use this to get user settings information that is registered
"GroupName_str": "groupname",
"Realname_utf": "realname",
"Note_utf": "note",
"CreatedTime_dt": "2020-08-01T12:24:36.123",
"UpdatedTime_dt": "2020-08-01T12:24:36.123",
"ExpireTime_dt": "2020-08-01T12:24:36.123",
"CreatedTime_dt": "2024-08-01T12:24:36.123",
"UpdatedTime_dt": "2024-08-01T12:24:36.123",
"ExpireTime_dt": "2024-08-01T12:24:36.123",
"AuthType_u32": 0,
"Auth_Password_str": "auth_password",
"UserX_bin": "SGVsbG8gV29ybGQ=",
@@ -4207,11 +4208,11 @@ Get List of Users. Use this to get a list of users that are registered on the se
"Note_utf": "note",
"AuthType_u32": 0,
"NumLogin_u32": 0,
"LastLoginTime_dt": "2020-08-01T12:24:36.123",
"LastLoginTime_dt": "2024-08-01T12:24:36.123",
"DenyAccess_bool": false,
"IsTrafficFilled_bool": false,
"IsExpiresFilled_bool": false,
"Expires_dt": "2020-08-01T12:24:36.123",
"Expires_dt": "2024-08-01T12:24:36.123",
"Ex.Recv.BroadcastBytes_u64": 0,
"Ex.Recv.BroadcastCount_u64": 0,
"Ex.Recv.UnicastBytes_u64": 0,
@@ -4228,11 +4229,11 @@ Get List of Users. Use this to get a list of users that are registered on the se
"Note_utf": "note",
"AuthType_u32": 0,
"NumLogin_u32": 0,
"LastLoginTime_dt": "2020-08-01T12:24:36.123",
"LastLoginTime_dt": "2024-08-01T12:24:36.123",
"DenyAccess_bool": false,
"IsTrafficFilled_bool": false,
"IsExpiresFilled_bool": false,
"Expires_dt": "2020-08-01T12:24:36.123",
"Expires_dt": "2024-08-01T12:24:36.123",
"Ex.Recv.BroadcastBytes_u64": 0,
"Ex.Recv.BroadcastCount_u64": 0,
"Ex.Recv.UnicastBytes_u64": 0,
@@ -4249,11 +4250,11 @@ Get List of Users. Use this to get a list of users that are registered on the se
"Note_utf": "note",
"AuthType_u32": 0,
"NumLogin_u32": 0,
"LastLoginTime_dt": "2020-08-01T12:24:36.123",
"LastLoginTime_dt": "2024-08-01T12:24:36.123",
"DenyAccess_bool": false,
"IsTrafficFilled_bool": false,
"IsExpiresFilled_bool": false,
"Expires_dt": "2020-08-01T12:24:36.123",
"Expires_dt": "2024-08-01T12:24:36.123",
"Ex.Recv.BroadcastBytes_u64": 0,
"Ex.Recv.BroadcastCount_u64": 0,
"Ex.Recv.UnicastBytes_u64": 0,
@@ -4605,14 +4606,14 @@ Name | Type | Description
`Name_str` | `string` (ASCII) | The group name
`Realname_utf` | `string` (UTF8) | Optional real name (full name) of the group, allow using any Unicode characters
`Note_utf` | `string` (UTF8) | Optional, specify a description of the group
`Recv.BroadcastBytes_u64` | `number` (uint64) | Broadcast bytes (Recv)
`Recv.BroadcastCount_u64` | `number` (uint64) | Number of broadcast packets (Recv)
`Recv.UnicastBytes_u64` | `number` (uint64) | Unicast bytes (Recv)
`Recv.UnicastCount_u64` | `number` (uint64) | Unicast count (Recv)
`Send.BroadcastBytes_u64` | `number` (uint64) | Broadcast bytes (Send)
`Send.BroadcastCount_u64` | `number` (uint64) | Number of broadcast packets (Send)
`Recv.BroadcastBytes_u64` | `number` (uint64) | Number of broadcast packets (Recv)
`Recv.BroadcastCount_u64` | `number` (uint64) | Broadcast bytes (Recv)
`Recv.UnicastBytes_u64` | `number` (uint64) | Unicast count (Recv)
`Recv.UnicastCount_u64` | `number` (uint64) | Unicast bytes (Recv)
`Send.BroadcastBytes_u64` | `number` (uint64) | Number of broadcast packets (Send)
`Send.BroadcastCount_u64` | `number` (uint64) | Broadcast bytes (Send)
`Send.UnicastBytes_u64` | `number` (uint64) | Unicast bytes (Send)
`Send.UnicastCount_u64` | `number` (uint64) | Unicast count (Send)
`Send.UnicastCount_u64` | `number` (uint64) | Unicast bytes (Send)
`UsePolicy_bool` | `boolean` | The flag whether to use security policy
`policy:Access_bool` | `boolean` | Security policy: Allow Access. The users, which this policy value is true, have permission to make VPN connection to VPN Server.
`policy:DHCPFilter_bool` | `boolean` | Security policy: Filter DHCP Packets (IPv4). All IPv4 DHCP packets in sessions defined this policy will be filtered.
@@ -4939,8 +4940,8 @@ Get List of Connected VPN Sessions. Use this to get a list of the sessions conne
"Client_MonitorMode_bool": false,
"VLanId_u32": 0,
"UniqueId_bin": "SGVsbG8gV29ybGQ=",
"CreatedTime_dt": "2020-08-01T12:24:36.123",
"LastCommTime_dt": "2020-08-01T12:24:36.123"
"CreatedTime_dt": "2024-08-01T12:24:36.123",
"LastCommTime_dt": "2024-08-01T12:24:36.123"
},
{
"Name_str": "name",
@@ -4961,8 +4962,8 @@ Get List of Connected VPN Sessions. Use this to get a list of the sessions conne
"Client_MonitorMode_bool": false,
"VLanId_u32": 0,
"UniqueId_bin": "SGVsbG8gV29ybGQ=",
"CreatedTime_dt": "2020-08-01T12:24:36.123",
"LastCommTime_dt": "2020-08-01T12:24:36.123"
"CreatedTime_dt": "2024-08-01T12:24:36.123",
"LastCommTime_dt": "2024-08-01T12:24:36.123"
},
{
"Name_str": "name",
@@ -4983,8 +4984,8 @@ Get List of Connected VPN Sessions. Use this to get a list of the sessions conne
"Client_MonitorMode_bool": false,
"VLanId_u32": 0,
"UniqueId_bin": "SGVsbG8gV29ybGQ=",
"CreatedTime_dt": "2020-08-01T12:24:36.123",
"LastCommTime_dt": "2020-08-01T12:24:36.123"
"CreatedTime_dt": "2024-08-01T12:24:36.123",
"LastCommTime_dt": "2024-08-01T12:24:36.123"
}
]
}
@@ -5059,9 +5060,9 @@ Get Session Status. Use this to specify a session currently connected to the cur
"ServerProductName_str": "serverproductname",
"ServerProductVer_u32": 0,
"ServerProductBuild_u32": 0,
"StartTime_dt": "2020-08-01T12:24:36.123",
"FirstConnectionEstablisiedTime_dt": "2020-08-01T12:24:36.123",
"CurrentConnectionEstablishTime_dt": "2020-08-01T12:24:36.123",
"StartTime_dt": "2024-08-01T12:24:36.123",
"FirstConnectionEstablisiedTime_dt": "2024-08-01T12:24:36.123",
"CurrentConnectionEstablishTime_dt": "2024-08-01T12:24:36.123",
"NumConnectionsEatablished_u32": 0,
"HalfConnection_bool": false,
"QoS_bool": false,
@@ -5222,8 +5223,8 @@ Get the MAC Address Table Database. Use this to get the MAC address table databa
"Key_u32": 0,
"SessionName_str": "sessionname",
"MacAddress_bin": "SGVsbG8gV29ybGQ=",
"CreatedTime_dt": "2020-08-01T12:24:36.123",
"UpdatedTime_dt": "2020-08-01T12:24:36.123",
"CreatedTime_dt": "2024-08-01T12:24:36.123",
"UpdatedTime_dt": "2024-08-01T12:24:36.123",
"RemoteItem_bool": false,
"RemoteHostname_str": "remotehostname",
"VlanId_u32": 0
@@ -5232,8 +5233,8 @@ Get the MAC Address Table Database. Use this to get the MAC address table databa
"Key_u32": 0,
"SessionName_str": "sessionname",
"MacAddress_bin": "SGVsbG8gV29ybGQ=",
"CreatedTime_dt": "2020-08-01T12:24:36.123",
"UpdatedTime_dt": "2020-08-01T12:24:36.123",
"CreatedTime_dt": "2024-08-01T12:24:36.123",
"UpdatedTime_dt": "2024-08-01T12:24:36.123",
"RemoteItem_bool": false,
"RemoteHostname_str": "remotehostname",
"VlanId_u32": 0
@@ -5242,8 +5243,8 @@ Get the MAC Address Table Database. Use this to get the MAC address table databa
"Key_u32": 0,
"SessionName_str": "sessionname",
"MacAddress_bin": "SGVsbG8gV29ybGQ=",
"CreatedTime_dt": "2020-08-01T12:24:36.123",
"UpdatedTime_dt": "2020-08-01T12:24:36.123",
"CreatedTime_dt": "2024-08-01T12:24:36.123",
"UpdatedTime_dt": "2024-08-01T12:24:36.123",
"RemoteItem_bool": false,
"RemoteHostname_str": "remotehostname",
"VlanId_u32": 0
@@ -5337,8 +5338,8 @@ Get the IP Address Table Database. Use this to get the IP address table database
"SessionName_str": "sessionname",
"IpAddress_ip": "192.168.0.1",
"DhcpAllocated_bool": false,
"CreatedTime_dt": "2020-08-01T12:24:36.123",
"UpdatedTime_dt": "2020-08-01T12:24:36.123",
"CreatedTime_dt": "2024-08-01T12:24:36.123",
"UpdatedTime_dt": "2024-08-01T12:24:36.123",
"RemoteItem_bool": false,
"RemoteHostname_str": "remotehostname"
},
@@ -5347,8 +5348,8 @@ Get the IP Address Table Database. Use this to get the IP address table database
"SessionName_str": "sessionname",
"IpAddress_ip": "192.168.0.1",
"DhcpAllocated_bool": false,
"CreatedTime_dt": "2020-08-01T12:24:36.123",
"UpdatedTime_dt": "2020-08-01T12:24:36.123",
"CreatedTime_dt": "2024-08-01T12:24:36.123",
"UpdatedTime_dt": "2024-08-01T12:24:36.123",
"RemoteItem_bool": false,
"RemoteHostname_str": "remotehostname"
},
@@ -5357,8 +5358,8 @@ Get the IP Address Table Database. Use this to get the IP address table database
"SessionName_str": "sessionname",
"IpAddress_ip": "192.168.0.1",
"DhcpAllocated_bool": false,
"CreatedTime_dt": "2020-08-01T12:24:36.123",
"UpdatedTime_dt": "2020-08-01T12:24:36.123",
"CreatedTime_dt": "2024-08-01T12:24:36.123",
"UpdatedTime_dt": "2024-08-01T12:24:36.123",
"RemoteItem_bool": false,
"RemoteHostname_str": "remotehostname"
}
@@ -5778,8 +5779,8 @@ Get Virtual NAT Function Session Table of SecureNAT Function. Use this to get th
"DestIp_ip": "192.168.0.1",
"DestHost_str": "desthost",
"DestPort_u32": 0,
"CreatedTime_dt": "2020-08-01T12:24:36.123",
"LastCommTime_dt": "2020-08-01T12:24:36.123",
"CreatedTime_dt": "2024-08-01T12:24:36.123",
"LastCommTime_dt": "2024-08-01T12:24:36.123",
"SendSize_u64": 0,
"RecvSize_u64": 0,
"TcpStatus_u32": 0
@@ -5793,8 +5794,8 @@ Get Virtual NAT Function Session Table of SecureNAT Function. Use this to get th
"DestIp_ip": "192.168.0.1",
"DestHost_str": "desthost",
"DestPort_u32": 0,
"CreatedTime_dt": "2020-08-01T12:24:36.123",
"LastCommTime_dt": "2020-08-01T12:24:36.123",
"CreatedTime_dt": "2024-08-01T12:24:36.123",
"LastCommTime_dt": "2024-08-01T12:24:36.123",
"SendSize_u64": 0,
"RecvSize_u64": 0,
"TcpStatus_u32": 0
@@ -5808,8 +5809,8 @@ Get Virtual NAT Function Session Table of SecureNAT Function. Use this to get th
"DestIp_ip": "192.168.0.1",
"DestHost_str": "desthost",
"DestPort_u32": 0,
"CreatedTime_dt": "2020-08-01T12:24:36.123",
"LastCommTime_dt": "2020-08-01T12:24:36.123",
"CreatedTime_dt": "2024-08-01T12:24:36.123",
"LastCommTime_dt": "2024-08-01T12:24:36.123",
"SendSize_u64": 0,
"RecvSize_u64": 0,
"TcpStatus_u32": 0
@@ -5867,8 +5868,8 @@ Get Virtual DHCP Server Function Lease Table of SecureNAT Function. Use this to
"DhcpTable": [
{
"Id_u32": 0,
"LeasedTime_dt": "2020-08-01T12:24:36.123",
"ExpireTime_dt": "2020-08-01T12:24:36.123",
"LeasedTime_dt": "2024-08-01T12:24:36.123",
"ExpireTime_dt": "2024-08-01T12:24:36.123",
"MacAddress_bin": "SGVsbG8gV29ybGQ=",
"IpAddress_ip": "192.168.0.1",
"Mask_u32": 0,
@@ -5876,8 +5877,8 @@ Get Virtual DHCP Server Function Lease Table of SecureNAT Function. Use this to
},
{
"Id_u32": 0,
"LeasedTime_dt": "2020-08-01T12:24:36.123",
"ExpireTime_dt": "2020-08-01T12:24:36.123",
"LeasedTime_dt": "2024-08-01T12:24:36.123",
"ExpireTime_dt": "2024-08-01T12:24:36.123",
"MacAddress_bin": "SGVsbG8gV29ybGQ=",
"IpAddress_ip": "192.168.0.1",
"Mask_u32": 0,
@@ -5885,8 +5886,8 @@ Get Virtual DHCP Server Function Lease Table of SecureNAT Function. Use this to
},
{
"Id_u32": 0,
"LeasedTime_dt": "2020-08-01T12:24:36.123",
"ExpireTime_dt": "2020-08-01T12:24:36.123",
"LeasedTime_dt": "2024-08-01T12:24:36.123",
"ExpireTime_dt": "2024-08-01T12:24:36.123",
"MacAddress_bin": "SGVsbG8gV29ybGQ=",
"IpAddress_ip": "192.168.0.1",
"Mask_u32": 0,
@@ -7642,19 +7643,19 @@ Get List of Log Files. Use this to display a list of log files outputted by the
"ServerName_str": "servername",
"FilePath_str": "filepath",
"FileSize_u32": 0,
"UpdatedTime_dt": "2020-08-01T12:24:36.123"
"UpdatedTime_dt": "2024-08-01T12:24:36.123"
},
{
"ServerName_str": "servername",
"FilePath_str": "filepath",
"FileSize_u32": 0,
"UpdatedTime_dt": "2020-08-01T12:24:36.123"
"UpdatedTime_dt": "2024-08-01T12:24:36.123"
},
{
"ServerName_str": "servername",
"FilePath_str": "filepath",
"FileSize_u32": 0,
"UpdatedTime_dt": "2020-08-01T12:24:36.123"
"UpdatedTime_dt": "2024-08-01T12:24:36.123"
}
]
}
@@ -8642,8 +8643,8 @@ Name | Type | Description
`IsConnected_bool` | `boolean` | Whether connection to VPN Azure Cloud Server is established
***
<a id="getddnsinternetsettng"></a>
## "GetDDnsInternetSettng" RPC API - Get the Proxy Settings for Connecting to the DDNS server
<a id="getddnsinternetsetting"></a>
## "GetDDnsInternetSetting" RPC API - Get the Proxy Settings for Connecting to the DDNS server
### Description
Get the Proxy Settings for Connecting to the DDNS server.
@@ -8652,7 +8653,7 @@ Get the Proxy Settings for Connecting to the DDNS server.
{
"jsonrpc": "2.0",
"id": "rpc_call_id",
"method": "GetDDnsInternetSettng",
"method": "GetDDnsInternetSetting",
"params": {}
}
```
@@ -8683,8 +8684,8 @@ Name | Type | Description
`ProxyPassword_str` | `string` (ASCII) | Proxy server password
***
<a id="setddnsinternetsettng"></a>
## "SetDDnsInternetSettng" RPC API - Set the Proxy Settings for Connecting to the DDNS server
<a id="setddnsinternetsetting"></a>
## "SetDDnsInternetSetting" RPC API - Set the Proxy Settings for Connecting to the DDNS server
### Description
Set the Proxy Settings for Connecting to the DDNS server.
@@ -8693,7 +8694,7 @@ Set the Proxy Settings for Connecting to the DDNS server.
{
"jsonrpc": "2.0",
"id": "rpc_call_id",
"method": "SetDDnsInternetSettng",
"method": "SetDDnsInternetSetting",
"params": {
"ProxyType_u32": 0,
"ProxyHostName_str": "proxyhostname",
@@ -8730,6 +8731,6 @@ Name | Type | Description
`ProxyPassword_str` | `string` (ASCII) | Proxy server password
***
Automatically generated at 2019-07-10 14:36:11 by vpnserver-jsonrpc-codegen.
Copyright (c) 2014-2019 [SoftEther VPN Project](https://www.softether.org/) under the Apache License 2.0.
Automatically generated at 2023-05-10 14:43:37 by vpnserver-jsonrpc-codegen.
Copyright (c) 2014-2023 [SoftEther VPN Project](https://www.softether.org/) under the Apache License 2.0.
developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-csharp/rpc-stubs/JsonRpc.cs
+2 -2
View File
@@ -2,10 +2,10 @@
//
// JsonRpc.cs - JSON-RPC Client Utility Functions
//
// Automatically generated at 2019-07-10 14:36:11 by vpnserver-jsonrpc-codegen
// Automatically generated at 2023-05-10 14:43:37 by vpnserver-jsonrpc-codegen
//
// Licensed under the Apache License 2.0
// Copyright (c) 2014-2019 SoftEther VPN Project
// Copyright (c) 2014-2023 SoftEther VPN Project
using System;
using System.IO;
developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-csharp/rpc-stubs/VPNServerRpc.cs
+6 -6
View File
@@ -2,10 +2,10 @@
//
// VPNServerRpc.cs - SoftEther VPN Server's JSON-RPC Stubs
//
// Automatically generated at 2019-07-10 14:36:11 by vpnserver-jsonrpc-codegen
// Automatically generated at 2023-05-10 14:43:37 by vpnserver-jsonrpc-codegen
//
// Licensed under the Apache License 2.0
// Copyright (c) 2014-2019 SoftEther VPN Project
// Copyright (c) 2014-2023 SoftEther VPN Project
using System.Threading.Tasks;
using SoftEther.JsonRpc;
@@ -1357,22 +1357,22 @@ namespace SoftEther.VPNServerRpc
/// <summary>
/// Get the Proxy Settings for Connecting to the DDNS server (Async mode).
/// </summary>
public async Task<VpnInternetSetting> GetDDnsInternetSettngAsync() => await CallAsync<VpnInternetSetting>("GetDDnsInternetSettng", new VpnInternetSetting());
public async Task<VpnInternetSetting> GetDDnsInternetSettingAsync() => await CallAsync<VpnInternetSetting>("GetDDnsInternetSetting", new VpnInternetSetting());
/// <summary>
/// Get the Proxy Settings for Connecting to the DDNS server (Async mode).
/// </summary>
public VpnInternetSetting GetDDnsInternetSettng() => GetDDnsInternetSettngAsync().Result;
public VpnInternetSetting GetDDnsInternetSetting() => GetDDnsInternetSettingAsync().Result;
/// <summary>
/// Set the Proxy Settings for Connecting to the DDNS server (Async mode).
/// </summary>
public async Task<VpnInternetSetting> SetDDnsInternetSettngAsync(VpnInternetSetting input_param) => await CallAsync<VpnInternetSetting>("SetDDnsInternetSettng", input_param);
public async Task<VpnInternetSetting> SetDDnsInternetSettingAsync(VpnInternetSetting input_param) => await CallAsync<VpnInternetSetting>("SetDDnsInternetSetting", input_param);
/// <summary>
/// Set the Proxy Settings for Connecting to the DDNS server (Sync mode).
/// </summary>
public VpnInternetSetting SetDDnsInternetSettng(VpnInternetSetting input_param) => SetDDnsInternetSettngAsync(input_param).Result;
public VpnInternetSetting SetDDnsInternetSetting(VpnInternetSetting input_param) => SetDDnsInternetSettingAsync(input_param).Result;
/// <summary>
/// Set the VPN Gate Server Configuration (Async mode). This API is valid for Win32 binary distribution of the Stable Edition of SoftEther VPN Server.
developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-csharp/rpc-stubs/VPNServerRpcTypes.cs
+2 -2
View File
@@ -2,10 +2,10 @@
//
// VPNServerRpcTypes.cs - Data Type Definition for SoftEther VPN Server JSON-RPC Stubs
//
// Automatically generated at 2019-07-10 14:36:11 by vpnserver-jsonrpc-codegen
// Automatically generated at 2023-05-10 14:43:37 by vpnserver-jsonrpc-codegen
//
// Licensed under the Apache License 2.0
// Copyright (c) 2014-2019 SoftEther VPN Project
// Copyright (c) 2014-2023 SoftEther VPN Project
using System;
using Newtonsoft.Json;
developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-csharp/sample/Main.cs
+2 -2
View File
@@ -2,10 +2,10 @@
//
// Program.cs - The Main() entry point
//
// Automatically generated at 2019-07-10 14:36:11 by vpnserver-jsonrpc-codegen
// Automatically generated at 2023-05-10 14:43:37 by vpnserver-jsonrpc-codegen
//
// Licensed under the Apache License 2.0
// Copyright (c) 2014-2019 SoftEther VPN Project
// Copyright (c) 2014-2023 SoftEther VPN Project
class Program
{
developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-csharp/sample/VpnServerRpcTest.cs
+14 -14
View File
@@ -5,10 +5,10 @@
// This sample code shows how to call all available RPC functions.
// You can copy and paste test code to write your own C# codes.
//
// Automatically generated at 2019-07-10 14:36:11 by vpnserver-jsonrpc-codegen
// Automatically generated at 2023-05-10 14:43:37 by vpnserver-jsonrpc-codegen
//
// Licensed under the Apache License 2.0
// Copyright (c) 2014-2019 SoftEther VPN Project
// Copyright (c) 2014-2023 SoftEther VPN Project
using System;
using SoftEther.VPNServerRpc;
@@ -255,8 +255,8 @@ class VPNRPCTest
Test_GetOpenVpnSstpConfig();
Test_GetDDnsClientStatus();
Test_SetDDnsInternetSettng();
Test_GetDDnsInternetSettng();
Test_SetDDnsInternetSetting();
Test_GetDDnsInternetSetting();
Test_ChangeDDnsClientHostname();
Test_RegenerateServerCert();
@@ -3641,27 +3641,27 @@ class VPNRPCTest
}
/// <summary>
/// API test for 'GetDDnsInternetSettng', Get DDNS proxy configuration
/// API test for 'GetDDnsInternetSetting', Get DDNS proxy configuration
/// </summary>
public void Test_GetDDnsInternetSettng()
public void Test_GetDDnsInternetSetting()
{
Console.WriteLine("Begin: Test_GetDDnsInternetSettng");
Console.WriteLine("Begin: Test_GetDDnsInternetSetting");
VpnInternetSetting out_internet_setting = api.GetDDnsInternetSettng();
VpnInternetSetting out_internet_setting = api.GetDDnsInternetSetting();
print_object(out_internet_setting);
Console.WriteLine("End: Test_GetDDnsInternetSettng");
Console.WriteLine("End: Test_GetDDnsInternetSetting");
Console.WriteLine("-----");
Console.WriteLine();
}
/// <summary>
/// API test for 'SetDDnsInternetSettng', Set DDNS proxy configuration
/// API test for 'SetDDnsInternetSetting', Set DDNS proxy configuration
/// </summary>
public void Test_SetDDnsInternetSettng()
public void Test_SetDDnsInternetSetting()
{
Console.WriteLine("Begin: Test_SetDDnsInternetSettng");
Console.WriteLine("Begin: Test_SetDDnsInternetSetting");
VpnInternetSetting in_internet_setting = new VpnInternetSetting()
{
@@ -3671,11 +3671,11 @@ class VPNRPCTest
ProxyUsername_str = "neko",
ProxyPassword_str = "dog",
};
VpnInternetSetting out_internet_setting = api.SetDDnsInternetSettng(in_internet_setting);
VpnInternetSetting out_internet_setting = api.SetDDnsInternetSetting(in_internet_setting);
print_object(out_internet_setting);
Console.WriteLine("End: Test_SetDDnsInternetSettng");
Console.WriteLine("End: Test_SetDDnsInternetSetting");
Console.WriteLine("-----");
Console.WriteLine();
}
developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-csharp/vpnserver-jsonrpc-client-csharp.csproj
+1 -1
View File
@@ -8,7 +8,7 @@
<ItemGroup>
<PackageReference Include="Microsoft.CodeAnalysis.CSharp" Version="2.10.0" />
<PackageReference Include="Newtonsoft.Json" Version="11.0.2" />
<PackageReference Include="Newtonsoft.Json" Version="13.0.1" />
</ItemGroup>
</Project>
developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-nodejs-package/dist/sample.js
Vendored
+12 -12
View File
@@ -560,10 +560,10 @@ function Test_All() {
return [4 /*yield*/, Test_GetDDnsClientStatus()];
case 157:
_x.sent();
return [4 /*yield*/, Test_SetDDnsInternetSettng()];
return [4 /*yield*/, Test_SetDDnsInternetSetting()];
case 158:
_x.sent();
return [4 /*yield*/, Test_GetDDnsInternetSettng()];
return [4 /*yield*/, Test_GetDDnsInternetSetting()];
case 159:
_x.sent();
return [4 /*yield*/, Test_ChangeDDnsClientHostname()];
@@ -4047,19 +4047,19 @@ function Test_SetAzureStatus() {
});
});
}
/** API test for 'GetDDnsInternetSettng', Get DDNS proxy configuration */
function Test_GetDDnsInternetSettng() {
/** API test for 'GetDDnsInternetSetting', Get DDNS proxy configuration */
function Test_GetDDnsInternetSetting() {
return __awaiter(this, void 0, void 0, function () {
var out_internet_setting;
return __generator(this, function (_a) {
switch (_a.label) {
case 0:
console.log("Begin: Test_GetDDnsInternetSettng");
return [4 /*yield*/, api.GetDDnsInternetSettng()];
console.log("Begin: Test_GetDDnsInternetSetting");
return [4 /*yield*/, api.GetDDnsInternetSetting()];
case 1:
out_internet_setting = _a.sent();
console.log(out_internet_setting);
console.log("End: Test_GetDDnsInternetSettng");
console.log("End: Test_GetDDnsInternetSetting");
console.log("-----");
console.log();
return [2 /*return*/];
@@ -4067,14 +4067,14 @@ function Test_GetDDnsInternetSettng() {
});
});
}
/** API test for 'SetDDnsInternetSettng', Set DDNS proxy configuration */
function Test_SetDDnsInternetSettng() {
/** API test for 'SetDDnsInternetSetting', Set DDNS proxy configuration */
function Test_SetDDnsInternetSetting() {
return __awaiter(this, void 0, void 0, function () {
var in_internet_setting, out_internet_setting;
return __generator(this, function (_a) {
switch (_a.label) {
case 0:
console.log("Begin: Test_SetDDnsInternetSettng");
console.log("Begin: Test_SetDDnsInternetSetting");
in_internet_setting = new VPN.VpnInternetSetting({
ProxyType_u32: VPN.VpnRpcProxyType.Direct,
ProxyHostName_str: "1.2.3.4",
@@ -4082,11 +4082,11 @@ function Test_SetDDnsInternetSettng() {
ProxyUsername_str: "neko",
ProxyPassword_str: "dog"
});
return [4 /*yield*/, api.SetDDnsInternetSettng(in_internet_setting)];
return [4 /*yield*/, api.SetDDnsInternetSetting(in_internet_setting)];
case 1:
out_internet_setting = _a.sent();
console.log(out_internet_setting);
console.log("End: Test_SetDDnsInternetSettng");
console.log("End: Test_SetDDnsInternetSetting");
console.log("-----");
console.log();
return [2 /*return*/];
developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-nodejs-package/dist/vpnrpc.d.ts
Vendored
+2 -2
View File
@@ -278,9 +278,9 @@ export declare class VpnServerRpc {
/** Enable / Disable VPN Azure Function. Enable or disable the VPN Azure function. VPN Azure makes it easier to establish a VPN Session from your home PC to your office PC. While a VPN connection is established, you can access to any other servers on the private network of your company. You don't need a global IP address on the office PC (VPN Server). It can work behind firewalls or NATs. No network administrator's configuration required. You can use the built-in SSTP-VPN Client of Windows in your home PC. VPN Azure is a cloud VPN service operated by SoftEther Corporation. VPN Azure is free of charge and available to anyone. Visit http://www.vpnazure.net/ to see details and how-to-use instructions. The VPN Azure hostname is same to the hostname of the Dynamic DNS setting, but altering the domain suffix to "vpnazure.net". To change the hostname use the ChangeDDnsClientHostname API. To call this API, you must have VPN Server administrator privileges. This API cannot be invoked on VPN Bridge. You cannot execute this API for Virtual Hubs of VPN Servers operating as a cluster. */
SetAzureStatus: (in_param: VpnRpcAzureStatus) => Promise<VpnRpcAzureStatus>;
/** Get the Proxy Settings for Connecting to the DDNS server. */
GetDDnsInternetSettng: () => Promise<VpnInternetSetting>;
GetDDnsInternetSetting: () => Promise<VpnInternetSetting>;
/** Set the Proxy Settings for Connecting to the DDNS server. */
SetDDnsInternetSettng: (in_param: VpnInternetSetting) => Promise<VpnInternetSetting>;
SetDDnsInternetSetting: (in_param: VpnInternetSetting) => Promise<VpnInternetSetting>;
/** Set the VPN Gate Server Configuration. This API is valid for Win32 binary distribution of the Stable Edition of SoftEther VPN Server. */
SetVgsConfig: (in_param: VpnVgsConfig) => Promise<VpnVgsConfig>;
/** Get the VPN Gate Server Configuration. This API is valid for Win32 binary distribution of the Stable Edition of SoftEther VPN Server. */
developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-nodejs-package/dist/vpnrpc.js
Vendored
+4 -4
View File
@@ -599,12 +599,12 @@ var VpnServerRpc = /** @class */ (function () {
return _this.CallAsync("SetAzureStatus", in_param);
};
/** Get the Proxy Settings for Connecting to the DDNS server. */
this.GetDDnsInternetSettng = function () {
return _this.CallAsync("GetDDnsInternetSettng", new VpnInternetSetting());
this.GetDDnsInternetSetting = function () {
return _this.CallAsync("GetDDnsInternetSetting", new VpnInternetSetting());
};
/** Set the Proxy Settings for Connecting to the DDNS server. */
this.SetDDnsInternetSettng = function (in_param) {
return _this.CallAsync("SetDDnsInternetSettng", in_param);
this.SetDDnsInternetSetting = function (in_param) {
return _this.CallAsync("SetDDnsInternetSetting", in_param);
};
/** Set the VPN Gate Server Configuration. This API is valid for Win32 binary distribution of the Stable Edition of SoftEther VPN Server. */
this.SetVgsConfig = function (in_param) {
developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-nodejs-package/package-lock.json
Generated
+123 -173
View File
@@ -1,6 +1,6 @@
{
"name": "vpnrpc",
"version": "1.0.0",
"version": "1.0.1",
"lockfileVersion": 1,
"requires": true,
"dependencies": {
@@ -54,12 +54,6 @@
"integrity": "sha1-ibTRmasr7kneFk6gK4nORi1xt2c=",
"dev": true
},
"big.js": {
"version": "5.2.2",
"resolved": "https://registry.npmjs.org/big.js/-/big.js-5.2.2.tgz",
"integrity": "sha512-vyL2OymJxmarO8gxMr0mhChsO9QGwhynfuu4+MHTAW6czfq9humCB7rKpUjDd9YUiDPU4mzpyupFSvOClAwbmQ==",
"dev": true
},
"brace-expansion": {
"version": "1.1.11",
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
@@ -71,12 +65,23 @@
}
},
"braces": {
"version": "3.0.2",
"resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz",
"integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==",
"version": "3.0.3",
"resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz",
"integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==",
"dev": true,
"requires": {
"fill-range": "^7.0.1"
"fill-range": "^7.1.1"
},
"dependencies": {
"fill-range": {
"version": "7.1.1",
"resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz",
"integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==",
"dev": true,
"requires": {
"to-regex-range": "^5.0.1"
}
}
}
},
"builtin-modules": {
@@ -123,42 +128,20 @@
"integrity": "sha1-2Klr13/Wjfd5OnMDajug1UBdR3s=",
"dev": true
},
"core-util-is": {
"version": "1.0.2",
"resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.2.tgz",
"integrity": "sha1-tf1UIgqivFq1eqtxQMlAdUUDwac=",
"dev": true
},
"diff": {
"version": "3.5.0",
"resolved": "https://registry.npmjs.org/diff/-/diff-3.5.0.tgz",
"integrity": "sha512-A46qtFgd+g7pDZinpnwiRJtxbC1hpgf0uzP3iG89scHk0AUC7A1TGxf5OiiOUv/JMZR8GOt8hL900hV0bOy5xA==",
"dev": true
},
"emojis-list": {
"version": "2.1.0",
"resolved": "https://registry.npmjs.org/emojis-list/-/emojis-list-2.1.0.tgz",
"integrity": "sha1-TapNnbAPmBmIDHn6RXrlsJof04k=",
"dev": true
},
"enhanced-resolve": {
"version": "4.1.0",
"resolved": "https://registry.npmjs.org/enhanced-resolve/-/enhanced-resolve-4.1.0.tgz",
"integrity": "sha512-F/7vkyTtyc/llOIn8oWclcB25KdRaiPBpZYDgJHgh/UHtpgT2p2eldQgtQnLtUvfMKPKxbRaQM/hHkvLHt1Vng==",
"version": "5.12.0",
"resolved": "https://registry.npmjs.org/enhanced-resolve/-/enhanced-resolve-5.12.0.tgz",
"integrity": "sha512-QHTXI/sZQmko1cbDoNAa3mJ5qhWUUNAq3vR0/YiD379fWQrcfuoX1+HW2S0MTt7XmoPLapdaDKUtelUSPic7hQ==",
"dev": true,
"requires": {
"graceful-fs": "^4.1.2",
"memory-fs": "^0.4.0",
"tapable": "^1.0.0"
}
},
"errno": {
"version": "0.1.7",
"resolved": "https://registry.npmjs.org/errno/-/errno-0.1.7.tgz",
"integrity": "sha512-MfrRBDWzIWifgq6tJj60gkAwtLNb6sQPlcFrSOflcP1aFmmruKQ2wRnze/8V6kgyz7H3FF8Npzv78mZ7XLLflg==",
"dev": true,
"requires": {
"prr": "~1.0.1"
"graceful-fs": "^4.2.4",
"tapable": "^2.2.0"
}
},
"escape-string-regexp": {
@@ -179,15 +162,6 @@
"integrity": "sha1-Cr9PHKpbyx96nYrMbepPqqBLrJs=",
"dev": true
},
"fill-range": {
"version": "7.0.1",
"resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz",
"integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==",
"dev": true,
"requires": {
"to-regex-range": "^5.0.1"
}
},
"fs.realpath": {
"version": "1.0.0",
"resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz",
@@ -209,9 +183,9 @@
}
},
"graceful-fs": {
"version": "4.1.15",
"resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.1.15.tgz",
"integrity": "sha512-6uHUhOPEBgQ24HM+r6b/QwWfZq+yiFcipKFrOFiBEnWdy5sdzYoi+pJeQaPI5qOLRFqWmAXUPQNsielzdLoecA==",
"version": "4.2.10",
"resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.10.tgz",
"integrity": "sha512-9ByhssR2fPVsNZj478qUUbKfmL0+t5BDVyjShtyZZLiK7ZDAArFFfopyOTj0M05wE2tJPisA4iTnnXl2YoPvOA==",
"dev": true
},
"has-flag": {
@@ -242,12 +216,6 @@
"integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==",
"dev": true
},
"isarray": {
"version": "1.0.0",
"resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz",
"integrity": "sha1-u5NdSFgsuhaMBoNJV6VKPgcSTxE=",
"dev": true
},
"js-tokens": {
"version": "4.0.0",
"resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz",
@@ -264,76 +232,47 @@
"esprima": "^4.0.0"
}
},
"json5": {
"version": "1.0.1",
"resolved": "https://registry.npmjs.org/json5/-/json5-1.0.1.tgz",
"integrity": "sha512-aKS4WQjPenRxiQsC93MNfjx+nbF4PAdYzmd/1JIj8HYzqfbu86beTuNgXDzPknWk0n0uARlyewZo4s++ES36Ow==",
"lru-cache": {
"version": "6.0.0",
"resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz",
"integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==",
"dev": true,
"requires": {
"minimist": "^1.2.0"
}
},
"loader-utils": {
"version": "1.2.3",
"resolved": "https://registry.npmjs.org/loader-utils/-/loader-utils-1.2.3.tgz",
"integrity": "sha512-fkpz8ejdnEMG3s37wGL07iSBDg99O9D5yflE9RGNH3hRdx9SOwYfnGYdZOUIZitN8E+E2vkq3MUMYMvPYl5ZZA==",
"dev": true,
"requires": {
"big.js": "^5.2.2",
"emojis-list": "^2.0.0",
"json5": "^1.0.1"
}
},
"memory-fs": {
"version": "0.4.1",
"resolved": "https://registry.npmjs.org/memory-fs/-/memory-fs-0.4.1.tgz",
"integrity": "sha1-OpoguEYlI+RHz7x+i7gO1me/xVI=",
"dev": true,
"requires": {
"errno": "^0.1.3",
"readable-stream": "^2.0.1"
"yallist": "^4.0.0"
}
},
"micromatch": {
"version": "4.0.2",
"resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.2.tgz",
"integrity": "sha512-y7FpHSbMUMoyPbYUSzO6PaZ6FyRnQOpHuKwbo1G+Knck95XVU4QAiKdGEnj5wwoS7PlOgthX/09u5iFJ+aYf5Q==",
"version": "4.0.5",
"resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.5.tgz",
"integrity": "sha512-DMy+ERcEW2q8Z2Po+WNXuw3c5YaUSFjAO5GsJqfEl7UjvtIuFKO6ZrKvcItdy98dwFI2N1tg3zNIdKaQT+aNdA==",
"dev": true,
"requires": {
"braces": "^3.0.1",
"picomatch": "^2.0.5"
"braces": "^3.0.2",
"picomatch": "^2.3.1"
}
},
"minimatch": {
"version": "3.0.4",
"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.4.tgz",
"integrity": "sha512-yJHVQEhyqPLUTgt9B83PXu6W3rx4MvvHvSUvToogpwoGDOUQ+yDrR0HRot+yOCdCO7u4hX3pWft6kWBBcqh0UA==",
"version": "3.1.2",
"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
"integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
"dev": true,
"requires": {
"brace-expansion": "^1.1.7"
}
},
"minimist": {
"version": "1.2.0",
"resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.0.tgz",
"integrity": "sha1-o1AIsg9BOD7sH7kU9M1d95omQoQ=",
"version": "1.2.7",
"resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.7.tgz",
"integrity": "sha512-bzfL1YUZsP41gmu/qjrEk0Q6i2ix/cVeAhbCbqH9u3zYutS1cLg00qhrD0M2MVdCcx4Sc0UpP2eBWo9rotpq6g==",
"dev": true
},
"mkdirp": {
"version": "0.5.1",
"resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.1.tgz",
"integrity": "sha1-MAV0OOrGz3+MR2fzhkjWaX11yQM=",
"version": "0.5.6",
"resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.6.tgz",
"integrity": "sha512-FP+p8RB8OWpF3YZBCrP5gtADmtXApB5AMLn+vdyA+PyxCjrCs00mjyUozssO33cwDeT3wNGdLxJ5M//YqtHAJw==",
"dev": true,
"requires": {
"minimist": "0.0.8"
},
"dependencies": {
"minimist": {
"version": "0.0.8",
"resolved": "https://registry.npmjs.org/minimist/-/minimist-0.0.8.tgz",
"integrity": "sha1-hX/Kv8M5fSYluCKCYuhqp6ARsF0=",
"dev": true
}
"minimist": "^1.2.6"
}
},
"once": {
@@ -352,44 +291,17 @@
"dev": true
},
"path-parse": {
"version": "1.0.6",
"resolved": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.6.tgz",
"integrity": "sha512-GSmOT2EbHrINBf9SR7CDELwlJ8AENk3Qn7OikK4nFYAu3Ote2+JYNVvkpAEQm3/TLNEJFD/xZJjzyxg3KBWOzw==",
"version": "1.0.7",
"resolved": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz",
"integrity": "sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw==",
"dev": true
},
"picomatch": {
"version": "2.0.7",
"resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.0.7.tgz",
"integrity": "sha512-oLHIdio3tZ0qH76NybpeneBhYVj0QFTfXEFTc/B3zKQspYfYYkWYgFsmzo+4kvId/bQRcNkVeguI3y+CD22BtA==",
"version": "2.3.1",
"resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz",
"integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==",
"dev": true
},
"process-nextick-args": {
"version": "2.0.0",
"resolved": "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.0.tgz",
"integrity": "sha512-MtEC1TqN0EU5nephaJ4rAtThHtC86dNN9qCuEhtshvpVBkAW5ZO7BASN9REnF9eoXGcRub+pFuKEpOHE+HbEMw==",
"dev": true
},
"prr": {
"version": "1.0.1",
"resolved": "https://registry.npmjs.org/prr/-/prr-1.0.1.tgz",
"integrity": "sha1-0/wRS6BplaRexok/SEzrHXj19HY=",
"dev": true
},
"readable-stream": {
"version": "2.3.6",
"resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.6.tgz",
"integrity": "sha512-tQtKA9WIAhBF3+VLAseyMqZeBjW0AHJoxOtYqSUZNJxauErmLbVm2FW1y+J/YA9dUrAC39ITejlZWhVIwawkKw==",
"dev": true,
"requires": {
"core-util-is": "~1.0.0",
"inherits": "~2.0.3",
"isarray": "~1.0.0",
"process-nextick-args": "~2.0.0",
"safe-buffer": "~5.1.1",
"string_decoder": "~1.1.1",
"util-deprecate": "~1.0.1"
}
},
"resolve": {
"version": "1.11.0",
"resolved": "https://registry.npmjs.org/resolve/-/resolve-1.11.0.tgz",
@@ -399,17 +311,14 @@
"path-parse": "^1.0.6"
}
},
"safe-buffer": {
"version": "5.1.2",
"resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz",
"integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==",
"dev": true
},
"semver": {
"version": "6.1.0",
"resolved": "https://registry.npmjs.org/semver/-/semver-6.1.0.tgz",
"integrity": "sha512-kCqEOOHoBcFs/2Ccuk4Xarm/KiWRSLEX9CAZF8xkJ6ZPlIoTZ8V5f7J16vYLJqDbR7KrxTJpR2lqjIEm2Qx9cQ==",
"dev": true
"version": "7.3.8",
"resolved": "https://registry.npmjs.org/semver/-/semver-7.3.8.tgz",
"integrity": "sha512-NB1ctGL5rlHrPJtFDVIVzTyQylMLu9N9VICA6HSFJo8MCGVTMW6gfpicwKmmK/dAjTOrqu5l63JJOpDSrAis3A==",
"dev": true,
"requires": {
"lru-cache": "^6.0.0"
}
},
"sprintf-js": {
"version": "1.0.3",
@@ -417,15 +326,6 @@
"integrity": "sha1-BOaSb2YolTVPPdAVIDYzuFcpfiw=",
"dev": true
},
"string_decoder": {
"version": "1.1.1",
"resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz",
"integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==",
"dev": true,
"requires": {
"safe-buffer": "~5.1.0"
}
},
"supports-color": {
"version": "5.5.0",
"resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz",
@@ -436,9 +336,9 @@
}
},
"tapable": {
"version": "1.1.3",
"resolved": "https://registry.npmjs.org/tapable/-/tapable-1.1.3.tgz",
"integrity": "sha512-4WK/bYZmj8xLr+HUCODHGF1ZFzsYffasLUgEiMBY4fgtltdO6B4WJtlSbPaDTLpYTcGVwM2qLnFTICEcNxs3kA==",
"version": "2.2.1",
"resolved": "https://registry.npmjs.org/tapable/-/tapable-2.2.1.tgz",
"integrity": "sha512-GNzQvQTOIP6RyTfE2Qxb8ZVlNmw0n88vp1szwWRimP02mnTsx3Wtn5qRdqY9w2XduFNUgvOwhNnQsjwCp+kqaQ==",
"dev": true
},
"to-regex-range": {
@@ -451,16 +351,66 @@
}
},
"ts-loader": {
"version": "6.0.1",
"resolved": "https://registry.npmjs.org/ts-loader/-/ts-loader-6.0.1.tgz",
"integrity": "sha512-9H5ErTIw5t73sdSoFE0hX0RO45B7cdDA4pW1VIQ2wNFAhxSpZcAlv2fwMcfv6SAYLoI7uGwHuzC5dECzmzqtzA==",
"version": "9.4.2",
"resolved": "https://registry.npmjs.org/ts-loader/-/ts-loader-9.4.2.tgz",
"integrity": "sha512-OmlC4WVmFv5I0PpaxYb+qGeGOdm5giHU7HwDDUjw59emP2UYMHy9fFSDcYgSNoH8sXcj4hGCSEhlDZ9ULeDraA==",
"dev": true,
"requires": {
"chalk": "^2.3.0",
"enhanced-resolve": "^4.0.0",
"loader-utils": "^1.0.2",
"chalk": "^4.1.0",
"enhanced-resolve": "^5.0.0",
"micromatch": "^4.0.0",
"semver": "^6.0.0"
"semver": "^7.3.4"
},
"dependencies": {
"ansi-styles": {
"version": "4.3.0",
"resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
"integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
"dev": true,
"requires": {
"color-convert": "^2.0.1"
}
},
"chalk": {
"version": "4.1.2",
"resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
"integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
"dev": true,
"requires": {
"ansi-styles": "^4.1.0",
"supports-color": "^7.1.0"
}
},
"color-convert": {
"version": "2.0.1",
"resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
"integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
"dev": true,
"requires": {
"color-name": "~1.1.4"
}
},
"color-name": {
"version": "1.1.4",
"resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
"integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==",
"dev": true
},
"has-flag": {
"version": "4.0.0",
"resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
"integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
"dev": true
},
"supports-color": {
"version": "7.2.0",
"resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
"integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
"dev": true,
"requires": {
"has-flag": "^4.0.0"
}
}
}
},
"tslib": {
@@ -513,17 +463,17 @@
"integrity": "sha512-YycBxUb49UUhdNMU5aJ7z5Ej2XGmaIBL0x34vZ82fn3hGvD+bgrMrVDpatgz2f7YxUMJxMkbWxJZeAvDxVe7Vw==",
"dev": true
},
"util-deprecate": {
"version": "1.0.2",
"resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz",
"integrity": "sha1-RQ1Nyfpw3nMnYvvS1KKJgUGaDM8=",
"dev": true
},
"wrappy": {
"version": "1.0.2",
"resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz",
"integrity": "sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8=",
"dev": true
},
"yallist": {
"version": "4.0.0",
"resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz",
"integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==",
"dev": true
}
}
}
developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-nodejs-package/package.json
+1 -1
View File
@@ -23,7 +23,7 @@
"homepage": "https://github.com/SoftEtherVPN/SoftEtherVPN/tree/master/developer_tools/vpnserver-jsonrpc-clients/#readme",
"devDependencies": {
"@types/node": "^12.0.2",
"ts-loader": "^6.0.1",
"ts-loader": "^9.4.2",
"tslint": "^5.16.0",
"typescript": "^3.4.5"
}
developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-nodejs-package/src/sample.ts
+14 -14
View File
@@ -2,13 +2,13 @@
// Runs on both web browsers and Node.js
//
// sample.ts
// Automatically generated at 2019-07-10 14:36:11 by vpnserver-jsonrpc-codegen
// Automatically generated at 2023-05-10 14:43:37 by vpnserver-jsonrpc-codegen
//
// This sample code shows how to call all available RPC functions.
// You can copy and paste test code to write your own web browser TypeScript / JavaScript codes.
//
// Licensed under the Apache License 2.0
// Copyright (c) 2014-2019 SoftEther VPN Project
// Copyright (c) 2014-2023 SoftEther VPN Project
// On the web browser uncomment below imports as necessary to support old browsers.
// import "core-js/es6/promise";
@@ -216,8 +216,8 @@ async function Test_All(): Promise<void>
await Test_SetOpenVpnSstpConfig();
await Test_GetOpenVpnSstpConfig();
await Test_GetDDnsClientStatus();
await Test_SetDDnsInternetSettng();
await Test_GetDDnsInternetSettng();
await Test_SetDDnsInternetSetting();
await Test_GetDDnsInternetSetting();
await Test_ChangeDDnsClientHostname();
await Test_RegenerateServerCert();
await Test_MakeOpenVpnConfigFile();
@@ -2624,21 +2624,21 @@ async function Test_SetAzureStatus(): Promise<void>
console.log();
}
/** API test for 'GetDDnsInternetSettng', Get DDNS proxy configuration */
async function Test_GetDDnsInternetSettng(): Promise<void>
/** API test for 'GetDDnsInternetSetting', Get DDNS proxy configuration */
async function Test_GetDDnsInternetSetting(): Promise<void>
{
console.log("Begin: Test_GetDDnsInternetSettng");
let out_internet_setting: VPN.VpnInternetSetting = await api.GetDDnsInternetSettng();
console.log("Begin: Test_GetDDnsInternetSetting");
let out_internet_setting: VPN.VpnInternetSetting = await api.GetDDnsInternetSetting();
console.log(out_internet_setting);
console.log("End: Test_GetDDnsInternetSettng");
console.log("End: Test_GetDDnsInternetSetting");
console.log("-----");
console.log();
}
/** API test for 'SetDDnsInternetSettng', Set DDNS proxy configuration */
async function Test_SetDDnsInternetSettng(): Promise<void>
/** API test for 'SetDDnsInternetSetting', Set DDNS proxy configuration */
async function Test_SetDDnsInternetSetting(): Promise<void>
{
console.log("Begin: Test_SetDDnsInternetSettng");
console.log("Begin: Test_SetDDnsInternetSetting");
let in_internet_setting: VPN.VpnInternetSetting = new VPN.VpnInternetSetting(
{
ProxyType_u32: VPN.VpnRpcProxyType.Direct,
@@ -2647,9 +2647,9 @@ async function Test_SetDDnsInternetSettng(): Promise<void>
ProxyUsername_str: "neko",
ProxyPassword_str: "dog",
});
let out_internet_setting: VPN.VpnInternetSetting = await api.SetDDnsInternetSettng(in_internet_setting);
let out_internet_setting: VPN.VpnInternetSetting = await api.SetDDnsInternetSetting(in_internet_setting);
console.log(out_internet_setting);
console.log("End: Test_SetDDnsInternetSettng");
console.log("End: Test_SetDDnsInternetSetting");
console.log("-----");
console.log();
}
developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-nodejs-package/src/vpnrpc.ts
+6 -6
View File
@@ -1,10 +1,10 @@
// SoftEther VPN Server JSON-RPC Stub code for TypeScript
//
// vpnrpc.ts
// Automatically generated at 2019-07-10 14:36:11 by vpnserver-jsonrpc-codegen
// Automatically generated at 2023-05-10 14:43:37 by vpnserver-jsonrpc-codegen
//
// Licensed under the Apache License 2.0
// Copyright (c) 2014-2019 SoftEther VPN Project
// Copyright (c) 2014-2023 SoftEther VPN Project
// Trivial utility codes
@@ -856,15 +856,15 @@ export class VpnServerRpc
}
/** Get the Proxy Settings for Connecting to the DDNS server. */
public GetDDnsInternetSettng = (): Promise<VpnInternetSetting> =>
public GetDDnsInternetSetting = (): Promise<VpnInternetSetting> =>
{
return this.CallAsync<VpnInternetSetting>("GetDDnsInternetSettng", new VpnInternetSetting());
return this.CallAsync<VpnInternetSetting>("GetDDnsInternetSetting", new VpnInternetSetting());
}
/** Set the Proxy Settings for Connecting to the DDNS server. */
public SetDDnsInternetSettng = (in_param: VpnInternetSetting): Promise<VpnInternetSetting> =>
public SetDDnsInternetSetting = (in_param: VpnInternetSetting): Promise<VpnInternetSetting> =>
{
return this.CallAsync<VpnInternetSetting>("SetDDnsInternetSettng", in_param);
return this.CallAsync<VpnInternetSetting>("SetDDnsInternetSetting", in_param);
}
/** Set the VPN Gate Server Configuration. This API is valid for Win32 binary distribution of the Stable Edition of SoftEther VPN Server. */
developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-typescript/sample.ts
+14 -14
View File
@@ -2,13 +2,13 @@
// Runs on both web browsers and Node.js
//
// sample.ts
// Automatically generated at 2019-07-10 14:36:11 by vpnserver-jsonrpc-codegen
// Automatically generated at 2023-05-10 14:43:37 by vpnserver-jsonrpc-codegen
//
// This sample code shows how to call all available RPC functions.
// You can copy and paste test code to write your own web browser TypeScript / JavaScript codes.
//
// Licensed under the Apache License 2.0
// Copyright (c) 2014-2019 SoftEther VPN Project
// Copyright (c) 2014-2023 SoftEther VPN Project
// On the web browser uncomment below imports as necessary to support old browsers.
// import "core-js/es6/promise";
@@ -216,8 +216,8 @@ async function Test_All(): Promise<void>
await Test_SetOpenVpnSstpConfig();
await Test_GetOpenVpnSstpConfig();
await Test_GetDDnsClientStatus();
await Test_SetDDnsInternetSettng();
await Test_GetDDnsInternetSettng();
await Test_SetDDnsInternetSetting();
await Test_GetDDnsInternetSetting();
await Test_ChangeDDnsClientHostname();
await Test_RegenerateServerCert();
await Test_MakeOpenVpnConfigFile();
@@ -2624,21 +2624,21 @@ async function Test_SetAzureStatus(): Promise<void>
console.log();
}
/** API test for 'GetDDnsInternetSettng', Get DDNS proxy configuration */
async function Test_GetDDnsInternetSettng(): Promise<void>
/** API test for 'GetDDnsInternetSetting', Get DDNS proxy configuration */
async function Test_GetDDnsInternetSetting(): Promise<void>
{
console.log("Begin: Test_GetDDnsInternetSettng");
let out_internet_setting: VPN.VpnInternetSetting = await api.GetDDnsInternetSettng();
console.log("Begin: Test_GetDDnsInternetSetting");
let out_internet_setting: VPN.VpnInternetSetting = await api.GetDDnsInternetSetting();
console.log(out_internet_setting);
console.log("End: Test_GetDDnsInternetSettng");
console.log("End: Test_GetDDnsInternetSetting");
console.log("-----");
console.log();
}
/** API test for 'SetDDnsInternetSettng', Set DDNS proxy configuration */
async function Test_SetDDnsInternetSettng(): Promise<void>
/** API test for 'SetDDnsInternetSetting', Set DDNS proxy configuration */
async function Test_SetDDnsInternetSetting(): Promise<void>
{
console.log("Begin: Test_SetDDnsInternetSettng");
console.log("Begin: Test_SetDDnsInternetSetting");
let in_internet_setting: VPN.VpnInternetSetting = new VPN.VpnInternetSetting(
{
ProxyType_u32: VPN.VpnRpcProxyType.Direct,
@@ -2647,9 +2647,9 @@ async function Test_SetDDnsInternetSettng(): Promise<void>
ProxyUsername_str: "neko",
ProxyPassword_str: "dog",
});
let out_internet_setting: VPN.VpnInternetSetting = await api.SetDDnsInternetSettng(in_internet_setting);
let out_internet_setting: VPN.VpnInternetSetting = await api.SetDDnsInternetSetting(in_internet_setting);
console.log(out_internet_setting);
console.log("End: Test_SetDDnsInternetSettng");
console.log("End: Test_SetDDnsInternetSetting");
console.log("-----");
console.log();
}
developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-typescript/vpnrpc.ts
+6 -6
View File
@@ -1,10 +1,10 @@
// SoftEther VPN Server JSON-RPC Stub code for TypeScript
//
// vpnrpc.ts
// Automatically generated at 2019-07-10 14:36:11 by vpnserver-jsonrpc-codegen
// Automatically generated at 2023-05-10 14:43:37 by vpnserver-jsonrpc-codegen
//
// Licensed under the Apache License 2.0
// Copyright (c) 2014-2019 SoftEther VPN Project
// Copyright (c) 2014-2023 SoftEther VPN Project
// Trivial utility codes
@@ -856,15 +856,15 @@ export class VpnServerRpc
}
/** Get the Proxy Settings for Connecting to the DDNS server. */
public GetDDnsInternetSettng = (): Promise<VpnInternetSetting> =>
public GetDDnsInternetSetting = (): Promise<VpnInternetSetting> =>
{
return this.CallAsync<VpnInternetSetting>("GetDDnsInternetSettng", new VpnInternetSetting());
return this.CallAsync<VpnInternetSetting>("GetDDnsInternetSetting", new VpnInternetSetting());
}
/** Set the Proxy Settings for Connecting to the DDNS server. */
public SetDDnsInternetSettng = (in_param: VpnInternetSetting): Promise<VpnInternetSetting> =>
public SetDDnsInternetSetting = (in_param: VpnInternetSetting): Promise<VpnInternetSetting> =>
{
return this.CallAsync<VpnInternetSetting>("SetDDnsInternetSettng", in_param);
return this.CallAsync<VpnInternetSetting>("SetDDnsInternetSetting", in_param);
}
/** Set the VPN Gate Server Configuration. This API is valid for Win32 binary distribution of the Stable Edition of SoftEther VPN Server. */
developer_tools/vpnserver-jsonrpc-codegen/Templates/doc.txt
+1
View File
@@ -25,6 +25,7 @@ https://<vpn_server_hostname>:<port>/api/
- Older versions of SoftEther VPN before June 2019 don't support JSON-RPC APIs.
- If you want to completely disable the JSON-RPC on your VPN Server, set the `DisableJsonRpcWebApi` variable to `true` on the `vpn_server.config`.
- You may also restrict access to JSON-RPC API to a specific subnet, e.g. your internal network, by setting the `JsonRpcWebApiAllowedSubnet` variable to, for example, `192.168.0.0/16`.
### JSON-RPC specification
developer_tools/vpnserver-jsonrpc-codegen/VpnServerRpc/VPNServerRpc.cs
+4 -4
View File
@@ -1357,22 +1357,22 @@ namespace SoftEther.VPNServerRpc
/// <summary>
/// Get the Proxy Settings for Connecting to the DDNS server (Async mode).
/// </summary>
public async Task<VpnInternetSetting> GetDDnsInternetSettngAsync() => await CallAsync<VpnInternetSetting>("GetDDnsInternetSettng", new VpnInternetSetting());
public async Task<VpnInternetSetting> GetDDnsInternetSettingAsync() => await CallAsync<VpnInternetSetting>("GetDDnsInternetSetting", new VpnInternetSetting());
/// <summary>
/// Get the Proxy Settings for Connecting to the DDNS server (Async mode).
/// </summary>
public VpnInternetSetting GetDDnsInternetSettng() => GetDDnsInternetSettngAsync().Result;
public VpnInternetSetting GetDDnsInternetSetting() => GetDDnsInternetSettingAsync().Result;
/// <summary>
/// Set the Proxy Settings for Connecting to the DDNS server (Async mode).
/// </summary>
public async Task<VpnInternetSetting> SetDDnsInternetSettngAsync(VpnInternetSetting input_param) => await CallAsync<VpnInternetSetting>("SetDDnsInternetSettng", input_param);
public async Task<VpnInternetSetting> SetDDnsInternetSettingAsync(VpnInternetSetting input_param) => await CallAsync<VpnInternetSetting>("SetDDnsInternetSetting", input_param);
/// <summary>
/// Set the Proxy Settings for Connecting to the DDNS server (Sync mode).
/// </summary>
public VpnInternetSetting SetDDnsInternetSettng(VpnInternetSetting input_param) => SetDDnsInternetSettngAsync(input_param).Result;
public VpnInternetSetting SetDDnsInternetSetting(VpnInternetSetting input_param) => SetDDnsInternetSettingAsync(input_param).Result;
/// <summary>
/// Set the VPN Gate Server Configuration (Async mode). This API is valid for Win32 binary distribution of the Stable Edition of SoftEther VPN Server.
developer_tools/vpnserver-jsonrpc-codegen/VpnServerRpcTest/VpnServerRpcTest.cs
+12 -12
View File
@@ -255,8 +255,8 @@ class VPNRPCTest
Test_GetOpenVpnSstpConfig();
Test_GetDDnsClientStatus();
Test_SetDDnsInternetSettng();
Test_GetDDnsInternetSettng();
Test_SetDDnsInternetSetting();
Test_GetDDnsInternetSetting();
Test_ChangeDDnsClientHostname();
Test_RegenerateServerCert();
@@ -3641,27 +3641,27 @@ class VPNRPCTest
}
/// <summary>
/// API test for 'GetDDnsInternetSettng', Get DDNS proxy configuration
/// API test for 'GetDDnsInternetSetting', Get DDNS proxy configuration
/// </summary>
public void Test_GetDDnsInternetSettng()
public void Test_GetDDnsInternetSetting()
{
Console.WriteLine("Begin: Test_GetDDnsInternetSettng");
Console.WriteLine("Begin: Test_GetDDnsInternetSetting");
VpnInternetSetting out_internet_setting = api.GetDDnsInternetSettng();
VpnInternetSetting out_internet_setting = api.GetDDnsInternetSetting();
print_object(out_internet_setting);
Console.WriteLine("End: Test_GetDDnsInternetSettng");
Console.WriteLine("End: Test_GetDDnsInternetSetting");
Console.WriteLine("-----");
Console.WriteLine();
}
/// <summary>
/// API test for 'SetDDnsInternetSettng', Set DDNS proxy configuration
/// API test for 'SetDDnsInternetSetting', Set DDNS proxy configuration
/// </summary>
public void Test_SetDDnsInternetSettng()
public void Test_SetDDnsInternetSetting()
{
Console.WriteLine("Begin: Test_SetDDnsInternetSettng");
Console.WriteLine("Begin: Test_SetDDnsInternetSetting");
VpnInternetSetting in_internet_setting = new VpnInternetSetting()
{
@@ -3671,11 +3671,11 @@ class VPNRPCTest
ProxyUsername_str = "neko",
ProxyPassword_str = "dog",
};
VpnInternetSetting out_internet_setting = api.SetDDnsInternetSettng(in_internet_setting);
VpnInternetSetting out_internet_setting = api.SetDDnsInternetSetting(in_internet_setting);
print_object(out_internet_setting);
Console.WriteLine("End: Test_SetDDnsInternetSettng");
Console.WriteLine("End: Test_SetDDnsInternetSetting");
Console.WriteLine("-----");
Console.WriteLine();
}
developer_tools/vpnserver-jsonrpc-codegen/vpnserver-jsonrpc-codegen.csproj
+1 -1
View File
@@ -29,7 +29,7 @@
<ItemGroup>
<PackageReference Include="Markdig" Version="0.15.4" />
<PackageReference Include="Microsoft.CodeAnalysis.CSharp" Version="2.10.0" />
<PackageReference Include="Newtonsoft.Json" Version="11.0.2" />
<PackageReference Include="Newtonsoft.Json" Version="13.0.1" />
</ItemGroup>
</Project>
src/BUILD_UNIX.md
+2 -2
View File
@@ -38,7 +38,7 @@ sudo yum -y install cmake ncurses-devel openssl-devel libsodium-devel readline-d
## Install requirements on Debian/Ubuntu
```bash
sudo apt -y install cmake gcc g++ make libncurses5-dev libssl-dev libsodium-dev libreadline-dev zlib1g-dev
sudo apt -y install cmake gcc g++ make pkgconf libncurses5-dev libssl-dev libsodium-dev libreadline-dev zlib1g-dev
```
## Install requirements on macOS
@@ -228,7 +228,7 @@ You can write your own VPN Server management application in your favorite langua
You can use any SoftEtherVPN component (server, client, bridge) without installing it, if you wish so.
In this case please do not run the `make install` command after compiling the source code, and head directly to the **bin/** directory. There you will find the generated binaries for SoftEtherVPN and those could be used without installing SoftEtherVPN.
In this case please do not run the `make install` command after compiling the source code, and head directly to the **build/** directory. There you will find the generated binaries for SoftEtherVPN and those could be used without installing SoftEtherVPN.
************************************
Thank You Using SoftEther VPN !
src/BUILD_WINDOWS.md
+143 -19
View File
@@ -1,31 +1,155 @@
How to build SoftEther VPN for Windows
======================================
Full Build Instructions
-----------------------
There are several methods for using CMake but the easiest by far is through Visual Studio 2019 by importing the CMake project directly
There are several methods for using CMake but the easiest by far is through Visual Studio by importing the CMake project directly
into it. So that is what will be described below.
Requirements:
## Requirements
1. Download Visual Studio 2019 (Community Edition is fine).
2. During install, make sure to check "Desktop development with C++" under "Workloads".
3. Click on individual components and scroll until you see "Visual C++ tools for CMake" under the compilers section. Make sure this is checked.
4. Proceed with and finish Visual Studio 2019 installation.
5. Install the needed submodules to build the project, avoiding CMake telling you to do so with: `git submodule update --init --recursive`
- Visual Studio 2019 or 2022 (Community Edition is fine)
Building:
https://visualstudio.microsoft.com/downloads
Once both installs have finished, launch Visual Studio. Once its started go to the File menu click `Open --> CMake`. Then navigate to where you
cloned the project and open the `CMakeLists.txt` file in the projects root directory.
- Git for Windows (or other git tool)
Visual Studio will proceed to start the CMake configuration process and once its finished, you can simply go to toolbar and click `CMake -> Build All`.
https://gitforwindows.org/
Once it has finished, hopefully with no errors, look in the newly created `/build` directory in the project's folder. Inside are the development versions
of all the SoftEtherVPN components.
- vcpkg
Congrats, you now have a complete CMake development environment for SoftEtherVPN on Windows, enjoy and happy contributing!
https://github.com/microsoft/vcpkg
Download Links:
- Visual Studio 2019 from Microsoft: https://visualstudio.microsoft.com/downloads
## Installation
- Visual Studio
Download from the official site and run the installer.
Make sure to check **Desktop development with C++** under *Workloads* and **Clang C++ Tools for Windows** in *Optional* components.
- Git
Nothing special. Just follow the installer.
- vcpkg
Let's say you will install it to `C:\vcpkg`.
Open your preferred terminal and go to `C:\`. Then run these commands.
```
C:\> git clone https://github.com/microsoft/vcpkg
C:\> cd vcpkg
C:\vcpkg> bootstrap-vcpkg.bat
C:\vcpkg> vcpkg integrate install
```
## Update
- vcpkg
You are recommended to update vcpkg from time to time, so that the latest libraries are used in the build.
Go to the installation path, pull the latest repo and the binary:
```
C:\vcpkg> git pull
C:\vcpkg> bootstrap-vcpkg.bat
```
## Building
1. Launch Visual Studio
Choose either **Clone a repository** to clone from GitHub or **Open a local folder** if you already have a copy.
1. Open Terminal (*View -> Terminal*). Install the needed submodules to build the project, avoiding CMake telling you to do so with:
`git submodule update --init --recursive`
**Note**: This step is not necessary if you have chosen **Clone a repository** as Visual Studio automatically takes care of it.
1. Switch to folder view in the solution explorer
1. Select a configuration from the dropdown menu below the search box. The default configurations are:
- x64-native
Build x64 executables with 64-bit compiler (most common)
- x64-on-x86
Cross compile x64 executables with 32-bit compiler
- x86-native
Build x86 executables with 32-bit compiler
- x86-on-x64
Cross compile x86 executables with 64-bit compiler
On 64-bit Windows, all four configurations can be used. 32-bit platforms can only use 32-bit compiler.
1. Visual Studio will try generating CMake cache. If not, click **Project -> Configure Cache** or **Generate Cache**.
If CMake is busy, you will find **Generate Cache** greyed out. Wait until it finishes or click **Cancel CMake Cache Generation** to stop it.
The initial configuration will take a longer time since it needs to download and install dependencies.
1. When *CMake generation finished* is displayed, simply go to toolbar and click **Build -> Build All**.
1. Once building has finished, hopefully with no errors, look in the newly created `/build` directory in the project's folder.
Run `vpnsetup.exe` to install desired components.
1. Congrats, you now have a complete CMake development environment for SoftEtherVPN on Windows, enjoy and happy contributing!
## Notes
1. Build number
You can change the build number in `CMakeSettings.json`. Use any integer no less than 5180.
Delete and regenerate CMake cache after the change.
1. OpenSSL
The above instruction builds OpenSSL library statically in the SoftEther binaries,
so that when you distribute the installer to others they will not need to install OpenSSL separately.
However, the downside is that the OpenSSL library cannot be updated without a rebuild and reinstallation of SoftEther.
It's also possible to build OpenSSL library dynamically so that you can update OpenSSL without rebuilding SoftEther.
To achieve that, you need to remove `openssl` from `vcpkg.json` and install OpenSSL directly.
Installing from a package manager such as [Scoop](https://scoop.sh/) would make the subsequent updates easily.
However, you should avoid using [Winget](https://learn.microsoft.com/en-us/windows/package-manager/winget/)
for the time being because due to a bug it cannot detect the correct version of OpenSSL, causing endless updates.
If you install from Scoop, make sure to add the OpenSSL folder to the system's `PATH`.
As Scoop already adds it to the user's `PATH`, just copy the same location into the system environment variable(s).
SoftEther Client Service starts from the System account and will fail to start if OpenSSL is not in the global `PATH`.
Building should be straightforward. You can verify that the binaries are now linked against the locally installed OpenSSL
with tools like `ldd` (available from Git Bash):
```bash
$ ldd /c/Program\ Files/SoftEther\ VPN\ Client\ Developer\ Edition/vpnclient.exe
...
libcrypto-3-x64.dll => /c/Scoop/apps/openssl/current/bin/libcrypto-3-x64.dll (0x7ff8beb70000)
libssl-3-x64.dll => /c/Scoop/apps/openssl/current/bin/libssl-3-x64.dll (0x7ff8beaa0000)
...
```
1. 32-bit Windows
You don't need 32-bit Windows to build 32-bit executables. However, if 32-bit Windows is what you only have, things become a little complicated.
Visual Studio 2019 is the last version that works on 32-bit Windows. It does the job but its bundled CMake and Ninja are 64-bit versions.
After the installation of VS 2019, you need to download 32-bit CMake and Ninja and replace those that come with VS in:
```
C:\Program Files\Microsoft Visual Studio\2019\Community\Common7\IDE\CommonExtensions\Microsoft\CMake
```
Currently CMake has an official x86 installer but Ninja does not. You may need to download from a 3rd party or build from source.
src/CMakeLists.txt
+15
View File
@@ -60,6 +60,21 @@ include_directories(.)
if(WIN32)
add_definitions(-DWIN32 -D_WINDOWS -DOS_WIN32 -D_CRT_SECURE_NO_WARNINGS)
#
# https://msrc-blog.microsoft.com/2020/08/17/control-flow-guard-for-clang-llvm-and-rust/
#
message("Setting CONTROL FLOW GUARD")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /guard:cf")
set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} /guard:cf /DYNAMICBASE")
message("Setting QSPECTRE")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /Qspectre")
message("Setting CETCOMPAT")
set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} /CETCOMPAT")
endif()
if(UNIX)
src/Cedar/Account.c
+69 -40
View File
@@ -21,47 +21,47 @@
// Policy items
POLICY_ITEM policy_item[] =
{
// ID, Value, Omittable, Min, Max, Default, Unit name
// ID, Value, Omittable, Min, Max, Default, Unit name, Offset
// Ver 2.0
{0, false, false, 0, 0, 0, NULL}, // Access
{1, false, false, 0, 0, 0, NULL}, // DHCPFilter
{2, false, false, 0, 0, 0, NULL}, // DHCPNoServer
{3, false, false, 0, 0, 0, NULL}, // DHCPForce
{4, false, false, 0, 0, 0, NULL}, // NoBridge
{5, false, false, 0, 0, 0, NULL}, // NoRouting
{6, false, false, 0, 0, 0, NULL}, // CheckMac
{7, false, false, 0, 0, 0, NULL}, // CheckIP
{8, false, false, 0, 0, 0, NULL}, // ArpDhcpOnly
{9, false, false, 0, 0, 0, NULL}, // PrivacyFilter
{10, false, false, 0, 0, 0, NULL}, // NoServer
{11, false, false, 0, 0, 0, NULL}, // NoBroadcastLimiter
{12, false, false, 0, 0, 0, NULL}, // MonitorPort
{13, true, false, 1, 32, 32, "POL_INT_COUNT"}, // MaxConnection
{14, true, false, 5, 60, 20, "POL_INT_SEC"}, // TimeOut
{15, true, true, 1, 65535, 0, "POL_INT_COUNT"}, // MaxMac
{16, true, true, 1, 65535, 0, "POL_INT_COUNT"}, // MaxIP
{17, true, true, 1, 4294967295UL, 0, "POL_INT_BPS"}, // MaxUpload
{18, true, true, 1, 4294967295UL, 0, "POL_INT_BPS"}, // MaxDownload
{19, false, false, 0, 0, 0, NULL}, // FixPassword
{20, true, true, 1, 65535, 0, "POL_INT_COUNT"}, // MultiLogins
{21, false, false, 0, 0, 0, NULL}, // NoQoS
{0, false, false, 0, 0, 0, NULL, offsetof(POLICY, Access)}, // Access
{1, false, false, 0, 0, 0, NULL, offsetof(POLICY, DHCPFilter)}, // DHCPFilter
{2, false, false, 0, 0, 0, NULL, offsetof(POLICY, DHCPNoServer)}, // DHCPNoServer
{3, false, false, 0, 0, 0, NULL, offsetof(POLICY, DHCPForce)}, // DHCPForce
{4, false, false, 0, 0, 0, NULL, offsetof(POLICY, NoBridge)}, // NoBridge
{5, false, false, 0, 0, 0, NULL, offsetof(POLICY, NoRouting)}, // NoRouting
{6, false, false, 0, 0, 0, NULL, offsetof(POLICY, CheckMac)}, // CheckMac
{7, false, false, 0, 0, 0, NULL, offsetof(POLICY, CheckIP)}, // CheckIP
{8, false, false, 0, 0, 0, NULL, offsetof(POLICY, ArpDhcpOnly)}, // ArpDhcpOnly
{9, false, false, 0, 0, 0, NULL, offsetof(POLICY, PrivacyFilter)}, // PrivacyFilter
{10, false, false, 0, 0, 0, NULL, offsetof(POLICY, NoServer)}, // NoServer
{11, false, false, 0, 0, 0, NULL, offsetof(POLICY, NoBroadcastLimiter)}, // NoBroadcastLimiter
{12, false, false, 0, 0, 0, NULL, offsetof(POLICY, MonitorPort)}, // MonitorPort
{13, true, false, 1, 32, 32, "POL_INT_COUNT", offsetof(POLICY, MaxConnection)}, // MaxConnection
{14, true, false, 5, 60, 20, "POL_INT_SEC", offsetof(POLICY, TimeOut)}, // TimeOut
{15, true, true, 1, 65535, 0, "POL_INT_COUNT", offsetof(POLICY, MaxMac)}, // MaxMac
{16, true, true, 1, 65535, 0, "POL_INT_COUNT", offsetof(POLICY, MaxIP)}, // MaxIP
{17, true, true, 1, 4294967295UL, 0, "POL_INT_BPS", offsetof(POLICY, MaxUpload)}, // MaxUpload
{18, true, true, 1, 4294967295UL, 0, "POL_INT_BPS", offsetof(POLICY, MaxDownload)}, // MaxDownload
{19, false, false, 0, 0, 0, NULL, offsetof(POLICY, FixPassword)}, // FixPassword
{20, true, true, 1, 65535, 0, "POL_INT_COUNT", offsetof(POLICY, MultiLogins)}, // MultiLogins
{21, false, false, 0, 0, 0, NULL, offsetof(POLICY, NoQoS)}, // NoQoS
// Ver 3.0
{22, false, false, 0, 0, 0, NULL}, // RSandRAFilter
{23, false, false, 0, 0, 0, NULL}, // RAFilter
{24, false, false, 0, 0, 0, NULL}, // DHCPv6Filter
{25, false, false, 0, 0, 0, NULL}, // DHCPv6NoServer
{26, false, false, 0, 0, 0, NULL}, // NoRoutingV6
{27, false, false, 0, 0, 0, NULL}, // CheckIPv6
{28, false, false, 0, 0, 0, NULL}, // NoServerV6
{29, true, true, 1, 65535, 0, "POL_INT_COUNT"}, // MaxIPv6
{30, false, false, 0, 0, 0, NULL}, // NoSavePassword
{31, true, true, 1, 4294967295UL, 0, "POL_INT_SEC"}, // AutoDisconnect
{32, false, false, 0, 0, 0, NULL}, // FilterIPv4
{33, false, false, 0, 0, 0, NULL}, // FilterIPv6
{34, false, false, 0, 0, 0, NULL}, // FilterNonIP
{35, false, false, 0, 0, 0, NULL}, // NoIPv6DefaultRouterInRA
{36, false, false, 0, 0, 0, NULL}, // NoIPv6DefaultRouterInRAWhenIPv6
{37, true, true, 1, 4095, 0, "POL_INT_VLAN"}, // VLanId
{22, false, false, 0, 0, 0, NULL, offsetof(POLICY, RSandRAFilter)}, // RSandRAFilter
{23, false, false, 0, 0, 0, NULL, offsetof(POLICY, RAFilter)}, // RAFilter
{24, false, false, 0, 0, 0, NULL, offsetof(POLICY, DHCPv6Filter)}, // DHCPv6Filter
{25, false, false, 0, 0, 0, NULL, offsetof(POLICY, DHCPv6NoServer)}, // DHCPv6NoServer
{26, false, false, 0, 0, 0, NULL, offsetof(POLICY, NoRoutingV6)}, // NoRoutingV6
{27, false, false, 0, 0, 0, NULL, offsetof(POLICY, CheckIPv6)}, // CheckIPv6
{28, false, false, 0, 0, 0, NULL, offsetof(POLICY, NoServerV6)}, // NoServerV6
{29, true, true, 1, 65535, 0, "POL_INT_COUNT", offsetof(POLICY, MaxIPv6)}, // MaxIPv6
{30, false, false, 0, 0, 0, NULL, offsetof(POLICY, NoSavePassword)}, // NoSavePassword
{31, true, true, 1, 4294967295UL, 0, "POL_INT_SEC", offsetof(POLICY, AutoDisconnect)}, // AutoDisconnect
{32, false, false, 0, 0, 0, NULL, offsetof(POLICY, FilterIPv4)}, // FilterIPv4
{33, false, false, 0, 0, 0, NULL, offsetof(POLICY, FilterIPv6)}, // FilterIPv6
{34, false, false, 0, 0, 0, NULL, offsetof(POLICY, FilterNonIP)}, // FilterNonIP
{35, false, false, 0, 0, 0, NULL, offsetof(POLICY, NoIPv6DefaultRouterInRA)}, // NoIPv6DefaultRouterInRA
{36, false, false, 0, 0, 0, NULL, offsetof(POLICY, NoIPv6DefaultRouterInRAWhenIPv6)}, // NoIPv6DefaultRouterInRAWhenIPv6
{37, true, true, 1, 4095, 0, "POL_INT_VLAN", offsetof(POLICY, VLanId)}, // VLanId
};
// Format policy value
@@ -390,7 +390,7 @@ void OverwritePolicy(POLICY **target, POLICY *p)
}
else
{
Copy(*target, p, NUM_POLICY_ITEM_FOR_VER2 * sizeof(UINT));
Copy(*target, p, policy_item[NUM_POLICY_ITEM_FOR_VER2].Offset);
}
}
}
@@ -897,6 +897,35 @@ USER *AcGetUser(HUB *h, char *name)
return u;
}
USER* AcGetUserByCert(HUB *h, X *cert)
{
int i;
if (cert == NULL)
{
return NULL;
}
for (i = 0; i < LIST_NUM(h->HubDb->UserList); i++)
{
USER* u = LIST_DATA(h->HubDb->UserList, i);
if (u->AuthType == AUTHTYPE_USERCERT)
{
X* ucert = ((AUTHUSERCERT*)u->AuthData)->UserX;
if (ucert != NULL)
{
if (CompareX(cert, ucert))
{
AddRef(u->ref);
return u;
}
}
}
}
return NULL;
}
// Delete the user
bool AcDeleteUser(HUB *h, char *name)
{
src/Cedar/Account.h
+5 -3
View File
@@ -25,6 +25,7 @@ struct POLICY_ITEM
UINT MaxValue;
UINT DefaultValue;
char *FormatStr;
UINT Offset;
};
// Policy
@@ -144,17 +145,17 @@ struct AUTHNT
// Macro
#define POLICY_CURRENT_VERSION 3
#define NUM_POLICY_ITEM ((sizeof(POLICY) / sizeof(UINT)) - 1)
#define NUM_POLICY_ITEM_FOR_VER2 22
#define NUM_POLICY_ITEM_FOR_VER3 38
#define NUM_POLICY_ITEM NUM_POLICY_ITEM_FOR_VER3
#define IS_POLICY_FOR_VER2(index) (((index) >= 0) && ((index) < NUM_POLICY_ITEM_FOR_VER2))
#define IS_POLICY_FOR_VER3(index) (((index) >= 0) && ((index) < NUM_POLICY_ITEM_FOR_VER3))
#define IS_POLICY_FOR_CURRENT_VER(index, ver) ((ver) >= 3 ? IS_POLICY_FOR_VER3(index) : IS_POLICY_FOR_VER2(index))
#define POLICY_BOOL(p, i) (((bool *)(p))[(i)])
#define POLICY_INT(p, i) (((UINT *)(p))[(i)])
#define POLICY_BOOL(p, i) (*(bool *)((char *)p + policy_item[i].Offset))
#define POLICY_INT(p, i) (*(UINT *)((char *)p + policy_item[i].Offset))
extern POLICY_ITEM policy_item[];
@@ -176,6 +177,7 @@ void FreeAuthData(UINT authtype, void *authdata);
bool AcAddUser(HUB *h, USER *u);
bool AcAddGroup(HUB *h, USERGROUP *g);
USER *AcGetUser(HUB *h, char *name);
USER* AcGetUserByCert(HUB* h, X *cert);
USERGROUP *AcGetGroup(HUB *h, char *name);
bool AcIsUser(HUB *h, char *name);
bool AcIsGroup(HUB *h, char *name);
src/Cedar/Admin.c
+46 -126
View File
@@ -260,26 +260,6 @@ CAPSLIST *ScGetCapsEx(RPC *rpc)
AddCapsBool(t, "b_support_config_log", info.ServerType != SERVER_TYPE_FARM_MEMBER);
AddCapsBool(t, "b_support_autodelete", false);
}
else
{
// Success getting Caps
if (info.ServerBuildInt <= 4350)
{
if (is_bridge == false)
{
// b_support_cluster should be true for build 4300 or earlier
CAPS *caps = GetCaps(t, "b_support_cluster");
if (caps == NULL)
{
AddCapsBool(t, "b_support_cluster", true);
}
else
{
caps->Value = 1;
}
}
}
}
if (true)
{
@@ -746,9 +726,8 @@ void AdminWebProcPost(CONNECTION *c, SOCK *s, HTTP_HEADER *h, UINT post_data_siz
if (RecvAll(s, data, post_data_size, s->SecureMode))
{
c->JsonRpcAuthed = true;
#ifndef GC_SOFTETHER_OSS
RemoveDosEntry(c->Listener, s);
#endif // GC_SOFTETHER_OSS
// Divide url_target into URL and query string
StrCpy(url, sizeof(url), url_target);
@@ -787,9 +766,8 @@ void AdminWebProcGet(CONNECTION *c, SOCK *s, HTTP_HEADER *h, char *url_target)
}
c->JsonRpcAuthed = true;
#ifndef GC_SOFTETHER_OSS
RemoveDosEntry(c->Listener, s);
#endif // GC_SOFTETHER_OSS
// Divide url_target into URL and query string
StrCpy(url, sizeof(url), url_target);
@@ -959,30 +937,26 @@ bool HttpParseBasicAuthHeader(HTTP_HEADER *h, char *username, UINT username_size
{
if (StrCmpi(key, "Basic") == 0 && IsEmptyStr(value) == false)
{
UINT b64_dest_size = StrSize(value) * 2 + 256;
char *b64_dest = ZeroMalloc(b64_dest_size);
Decode64(b64_dest, value);
if (IsEmptyStr(b64_dest) == false)
char *str = Base64ToBin(NULL, value, StrLen(value));
if (str != NULL)
{
if (b64_dest[0] == ':')
if (str[0] == ':')
{
// Empty username
StrCpy(username, username_size, "");
StrCpy(password, password_size, b64_dest + 1);
StrCpy(password, password_size, str + 1);
ret = true;
}
else
{
if (GetKeyAndValue(b64_dest, username, username_size, password, password_size, ":"))
if (GetKeyAndValue(str, username, username_size, password, password_size, ":"))
{
ret = true;
}
}
}
Free(b64_dest);
Free(str);
}
}
}
}
@@ -1223,9 +1197,7 @@ void JsonRpcProcOptions(CONNECTION *c, SOCK *s, HTTP_HEADER *h, char *url_target
c->JsonRpcAuthed = true;
#ifndef GC_SOFTETHER_OSS
RemoveDosEntry(c->Listener, s);
#endif // GC_SOFTETHER_OSS
AdminWebSendBody(s, 200, "OK", NULL, 0, NULL, NULL, NULL, h);
}
@@ -1252,9 +1224,7 @@ void JsonRpcProcGet(CONNECTION *c, SOCK *s, HTTP_HEADER *h, char *url_target)
c->JsonRpcAuthed = true;
#ifndef GC_SOFTETHER_OSS
RemoveDosEntry(c->Listener, s);
#endif // GC_SOFTETHER_OSS
// Divide url_target into URL and query string
StrCpy(url, sizeof(url), url_target);
@@ -1381,9 +1351,7 @@ void JsonRpcProcPost(CONNECTION *c, SOCK *s, HTTP_HEADER *h, UINT post_data_size
c->JsonRpcAuthed = true;
#ifndef GC_SOFTETHER_OSS
RemoveDosEntry(c->Listener, s);
#endif // GC_SOFTETHER_OSS
if (json_req == NULL || json_req_object == NULL)
{
@@ -1668,8 +1636,8 @@ PACK *AdminDispatch(RPC *rpc, char *name, PACK *p)
DECLARE_RPC("GetSpecialListener", RPC_SPECIAL_LISTENER, StGetSpecialListener, InRpcSpecialListener, OutRpcSpecialListener)
DECLARE_RPC("GetAzureStatus", RPC_AZURE_STATUS, StGetAzureStatus, InRpcAzureStatus, OutRpcAzureStatus)
DECLARE_RPC("SetAzureStatus", RPC_AZURE_STATUS, StSetAzureStatus, InRpcAzureStatus, OutRpcAzureStatus)
DECLARE_RPC("GetDDnsInternetSettng", INTERNET_SETTING, StGetDDnsInternetSetting, InRpcInternetSetting, OutRpcInternetSetting)
DECLARE_RPC("SetDDnsInternetSettng", INTERNET_SETTING, StSetDDnsInternetSetting, InRpcInternetSetting, OutRpcInternetSetting)
DECLARE_RPC("GetDDnsInternetSetting", INTERNET_SETTING, StGetDDnsInternetSetting, InRpcInternetSetting, OutRpcInternetSetting)
DECLARE_RPC("SetDDnsInternetSetting", INTERNET_SETTING, StSetDDnsInternetSetting, InRpcInternetSetting, OutRpcInternetSetting)
// RPC function declaration: till here
@@ -1855,8 +1823,8 @@ DECLARE_SC("SetSpecialListener", RPC_SPECIAL_LISTENER, ScSetSpecialListener, InR
DECLARE_SC("GetSpecialListener", RPC_SPECIAL_LISTENER, ScGetSpecialListener, InRpcSpecialListener, OutRpcSpecialListener)
DECLARE_SC("GetAzureStatus", RPC_AZURE_STATUS, ScGetAzureStatus, InRpcAzureStatus, OutRpcAzureStatus)
DECLARE_SC("SetAzureStatus", RPC_AZURE_STATUS, ScSetAzureStatus, InRpcAzureStatus, OutRpcAzureStatus)
DECLARE_SC("GetDDnsInternetSettng", INTERNET_SETTING, ScGetDDnsInternetSetting, InRpcInternetSetting, OutRpcInternetSetting)
DECLARE_SC("SetDDnsInternetSettng", INTERNET_SETTING, ScSetDDnsInternetSetting, InRpcInternetSetting, OutRpcInternetSetting)
DECLARE_SC("GetDDnsInternetSetting", INTERNET_SETTING, ScGetDDnsInternetSetting, InRpcInternetSetting, OutRpcInternetSetting)
DECLARE_SC("SetDDnsInternetSetting", INTERNET_SETTING, ScSetDDnsInternetSetting, InRpcInternetSetting, OutRpcInternetSetting)
// RPC call function declaration: till here
// Setting VPN Gate Server Configuration
@@ -6550,8 +6518,6 @@ UINT StSetAccessList(ADMIN *a, RPC_ENUM_ACCESS_LIST *t)
UINT i;
bool no_jitter = false;
bool no_include = false;
UINT ret = ERR_NO_ERROR;
NO_SUPPORT_FOR_BRIDGE;
if (s->ServerType == SERVER_TYPE_FARM_MEMBER)
@@ -6594,60 +6560,20 @@ UINT StSetAccessList(ADMIN *a, RPC_ENUM_ACCESS_LIST *t)
}
LockList(h->AccessList);
{
UINT i;
if (a->ClientBuild != 0)
{
// Confirm whether the access list of form which cannot handle by the old client already exists
if (a->ClientBuild < 6560)
{
for (i = 0;i < LIST_NUM(h->AccessList);i++)
{
ACCESS *access = LIST_DATA(h->AccessList, i);
if (access->IsIPv6 ||
access->Jitter != 0 || access->Loss != 0 || access->Delay != 0)
{
ret = ERR_VERSION_INVALID;
break;
}
}
}
if (a->ClientBuild < 8234)
{
for (i = 0;i < LIST_NUM(h->AccessList);i++)
{
ACCESS *access = LIST_DATA(h->AccessList, i);
if (IsEmptyStr(access->RedirectUrl) == false)
{
ret = ERR_VERSION_INVALID;
break;
}
}
}
}
if (ret == ERR_NO_ERROR)
{
// Delete whole access list
for (i = 0;i < LIST_NUM(h->AccessList);i++)
for (i = 0; i < LIST_NUM(h->AccessList); ++i)
{
ACCESS *access = LIST_DATA(h->AccessList, i);
Free(access);
}
DeleteAll(h->AccessList);
}
}
if (ret == ERR_NO_ERROR)
{
ALog(a, h, "LA_SET_ACCESS_LIST", t->NumAccess);
// Add whole access list
for (i = 0;i < t->NumAccess;i++)
for (i = 0; i < t->NumAccess; ++i)
{
ACCESS *a = &t->Accesses[i];
@@ -6686,14 +6612,10 @@ UINT StSetAccessList(ADMIN *a, RPC_ENUM_ACCESS_LIST *t)
h->CurrentVersion++;
SiHubUpdateProc(h);
}
else
{
UnlockList(h->AccessList);
}
ReleaseHub(h);
return ret;
return ERR_NO_ERROR;
}
// Add access list entry
@@ -7420,6 +7342,7 @@ UINT StGetLink(ADMIN *a, RPC_CREATE_LINK *t)
Copy(&t->Policy, k->Policy, sizeof(POLICY));
t->CheckServerCert = k->CheckServerCert;
t->AddDefaultCA = k->AddDefaultCA;
t->ServerCert = CloneX(k->ServerCert);
}
Unlock(k->lock);
@@ -7524,7 +7447,7 @@ UINT StSetLink(ADMIN *a, RPC_CREATE_LINK *t)
if (t->Policy.Ver3 == false)
{
Copy(k->Policy, &t->Policy, sizeof(UINT) * NUM_POLICY_ITEM_FOR_VER2);
Copy(k->Policy, &t->Policy, policy_item[NUM_POLICY_ITEM_FOR_VER2].Offset);
}
else
{
@@ -7535,6 +7458,7 @@ UINT StSetLink(ADMIN *a, RPC_CREATE_LINK *t)
k->Option->RequireMonitorMode = false; // Disable monitor mode
k->CheckServerCert = t->CheckServerCert;
k->AddDefaultCA = t->AddDefaultCA;
k->ServerCert = CloneX(t->ServerCert);
}
Unlock(k->lock);
@@ -7631,6 +7555,7 @@ UINT StCreateLink(ADMIN *a, RPC_CREATE_LINK *t)
// setting of verifying server certification
//
k->CheckServerCert = t->CheckServerCert;
k->AddDefaultCA = t->AddDefaultCA;
k->ServerCert = CloneX(t->ServerCert);
// stay this off-line
@@ -7847,11 +7772,6 @@ UINT StAddCa(ADMIN *a, RPC_HUB_ADD_CA *t)
return ERR_INVALID_PARAMETER;
}
if (t->Cert->is_compatible_bit == false)
{
return ERR_NOT_RSA_1024;
}
CHECK_RIGHT;
LockHubList(c);
@@ -9516,11 +9436,6 @@ UINT StSetServerCert(ADMIN *a, RPC_KEY_PAIR *t)
return ERR_PROTOCOL_ERROR;
}
if (t->Cert->is_compatible_bit == false)
{
return ERR_NOT_RSA_1024;
}
if (CheckXandK(t->Cert, t->Key) == false)
{
return ERR_PROTOCOL_ERROR;
@@ -9535,7 +9450,7 @@ UINT StSetServerCert(ADMIN *a, RPC_KEY_PAIR *t)
}
}
SetCedarCert(c, t->Cert, t->Key);
SetCedarCertAndChain(c, t->Cert, t->Key, t->Chain);
ALog(a, NULL, "LA_SET_SERVER_CERT");
@@ -10143,8 +10058,7 @@ UINT StSetPortsUDP(ADMIN *a, RPC_PORTS *t)
LockList(server_ports);
{
char tmp[MAX_SIZE];
wchar_t str[MAX_SIZE];
char str[MAX_SIZE];
for (i = 0; i < LIST_NUM(server_ports); ++i)
{
@@ -10160,8 +10074,7 @@ UINT StSetPortsUDP(ADMIN *a, RPC_PORTS *t)
ProtoSetUdpPorts(a->Server->Proto, server_ports);
IntListToStr(tmp, sizeof(tmp), server_ports, ", ");
StrToUni(str, sizeof(str), tmp);
IntListToStr(str, sizeof(str), server_ports, ", ");
ALog(a, NULL, "LA_SET_PORTS_UDP", str);
}
UnlockList(server_ports);
@@ -13717,6 +13630,7 @@ void InRpcCreateLink(RPC_CREATE_LINK *t, PACK *p)
InRpcPolicy(&t->Policy, p);
t->CheckServerCert = PackGetBool(p, "CheckServerCert");
t->AddDefaultCA = PackGetBool(p, "AddDefaultCA");
b = PackGetBuf(p, "ServerCert");
if (b != NULL)
{
@@ -13739,6 +13653,7 @@ void OutRpcCreateLink(PACK *p, RPC_CREATE_LINK *t)
OutRpcPolicy(p, &t->Policy);
PackAddBool(p, "CheckServerCert", t->CheckServerCert);
PackAddBool(p, "AddDefaultCA", t->AddDefaultCA);
if (t->ServerCert != NULL)
{
BUF *b;
@@ -13784,12 +13699,14 @@ void InRpcEnumLink(RPC_ENUM_LINK *t, PACK *p)
PackGetUniStrEx(p, "AccountName", e->AccountName, sizeof(e->AccountName), i);
PackGetStrEx(p, "Hostname", e->Hostname, sizeof(e->Hostname), i);
PackGetStrEx(p, "ConnectedHubName", e->HubName, sizeof(e->HubName), i);
if (PackGetStrEx(p, "ConnectedHubName", e->HubName, sizeof(e->HubName), i) == false)
{
PackGetStrEx(p, "TargetHubName", e->HubName, sizeof(e->HubName), i);
}
e->Online = PackGetBoolEx(p, "Online", i);
e->ConnectedTime = PackGetInt64Ex(p, "ConnectedTime", i);
e->Connected = PackGetBoolEx(p, "Connected", i);
e->LastError = PackGetIntEx(p, "LastError", i);
PackGetStrEx(p, "LinkHubName", e->HubName, sizeof(e->HubName), i);
}
}
void OutRpcEnumLink(PACK *p, RPC_ENUM_LINK *t)
@@ -14637,6 +14554,7 @@ void InRpcKeyPair(RPC_KEY_PAIR *t, PACK *p)
}
t->Cert = PackGetX(p, "Cert");
t->Chain = PackGetXList(p, "Chain");
t->Key = PackGetK(p, "Key");
t->Flag1 = PackGetInt(p, "Flag1");
}
@@ -14649,12 +14567,14 @@ void OutRpcKeyPair(PACK *p, RPC_KEY_PAIR *t)
}
PackAddX(p, "Cert", t->Cert);
PackAddXList(p, "Chain", t->Chain);
PackAddK(p, "Key", t->Key);
PackAddInt(p, "Flag1", t->Flag1);
}
void FreeRpcKeyPair(RPC_KEY_PAIR *t)
{
FreeX(t->Cert);
FreeXList(t->Chain);
FreeK(t->Key);
}
@@ -14737,19 +14657,19 @@ void InRpcNodeInfo(NODE_INFO *t, PACK *p)
PackGetStr(p, "HubName", t->HubName, sizeof(t->HubName));
PackGetData2(p, "UniqueId", t->UniqueId, sizeof(t->UniqueId));
t->ClientProductVer = PackGetInt(p, "ClientProductVer");
t->ClientProductBuild = PackGetInt(p, "ClientProductBuild");
t->ServerProductVer = PackGetInt(p, "ServerProductVer");
t->ServerProductBuild = PackGetInt(p, "ServerProductBuild");
t->ClientProductVer = LittleEndian32(PackGetInt(p, "ClientProductVer"));
t->ClientProductBuild = LittleEndian32(PackGetInt(p, "ClientProductBuild"));
t->ServerProductVer = LittleEndian32(PackGetInt(p, "ServerProductVer"));
t->ServerProductBuild = LittleEndian32(PackGetInt(p, "ServerProductBuild"));
t->ClientIpAddress = PackGetIp32(p, "ClientIpAddress");
PackGetData2(p, "ClientIpAddress6", t->ClientIpAddress6, sizeof(t->ClientIpAddress6));
t->ClientPort = PackGetInt(p, "ClientPort");
t->ClientPort = LittleEndian32(PackGetInt(p, "ClientPort"));
t->ServerIpAddress = PackGetIp32(p, "ServerIpAddress");
PackGetData2(p, "ServerIpAddress6", t->ServerIpAddress6, sizeof(t->ServerIpAddress6));
t->ServerPort = PackGetInt(p, "ServerPort2");
t->ServerPort = LittleEndian32(PackGetInt(p, "ServerPort2"));
t->ProxyIpAddress = PackGetIp32(p, "ProxyIpAddress");
PackGetData2(p, "ProxyIpAddress6", t->ProxyIpAddress6, sizeof(t->ProxyIpAddress6));
t->ProxyPort = PackGetInt(p, "ProxyPort");
t->ProxyPort = LittleEndian32(PackGetInt(p, "ProxyPort"));
}
void OutRpcNodeInfo(PACK *p, NODE_INFO *t)
{
@@ -14770,19 +14690,19 @@ void OutRpcNodeInfo(PACK *p, NODE_INFO *t)
PackAddStr(p, "HubName", t->HubName);
PackAddData(p, "UniqueId", t->UniqueId, sizeof(t->UniqueId));
PackAddInt(p, "ClientProductVer", t->ClientProductVer);
PackAddInt(p, "ClientProductBuild", t->ClientProductBuild);
PackAddInt(p, "ServerProductVer", t->ServerProductVer);
PackAddInt(p, "ServerProductBuild", t->ServerProductBuild);
PackAddInt(p, "ClientProductVer", LittleEndian32(t->ClientProductVer));
PackAddInt(p, "ClientProductBuild", LittleEndian32(t->ClientProductBuild));
PackAddInt(p, "ServerProductVer", LittleEndian32(t->ServerProductVer));
PackAddInt(p, "ServerProductBuild", LittleEndian32(t->ServerProductBuild));
PackAddIp32(p, "ClientIpAddress", t->ClientIpAddress);
PackAddData(p, "ClientIpAddress6", t->ClientIpAddress6, sizeof(t->ClientIpAddress6));
PackAddInt(p, "ClientPort", t->ClientPort);
PackAddInt(p, "ClientPort", LittleEndian32(t->ClientPort));
PackAddIp32(p, "ServerIpAddress", t->ServerIpAddress);
PackAddData(p, "ServerIpAddress6", t->ServerIpAddress6, sizeof(t->ServerIpAddress6));
PackAddInt(p, "ServerPort2", t->ServerPort);
PackAddInt(p, "ServerPort2", LittleEndian32(t->ServerPort));
PackAddIp32(p, "ProxyIpAddress", t->ProxyIpAddress);
PackAddData(p, "ProxyIpAddress6", t->ProxyIpAddress6, sizeof(t->ProxyIpAddress6));
PackAddInt(p, "ProxyPort", t->ProxyPort);
PackAddInt(p, "ProxyPort", LittleEndian32(t->ProxyPort));
}
// RPC_SESSION_STATUS
src/Cedar/Admin.h
+2
View File
@@ -230,6 +230,7 @@ struct RPC_FARM_CONNECTION_STATUS
struct RPC_KEY_PAIR
{
X *Cert; // Certificate
LIST *Chain; // Trust chain
K *Key; // Secret key
UINT Flag1; // Flag1
};
@@ -435,6 +436,7 @@ struct RPC_CREATE_LINK
CLIENT_AUTH *ClientAuth; // Client authentication data
POLICY Policy; // Policy
bool CheckServerCert; // Validate the server certificate
bool AddDefaultCA; // Use default trust store
X *ServerCert; // Server certificate
};
src/Cedar/AzureClient.c
+16 -1
View File
@@ -9,6 +9,7 @@
#include "Cedar.h"
#include "Command.h"
#include "Logging.h"
#include "Wpc.h"
#include "Mayaqua/Encrypt.h"
@@ -19,6 +20,7 @@
#include "Mayaqua/Object.h"
#include "Mayaqua/Pack.h"
#include "Mayaqua/Str.h"
#include "Mayaqua/Table.h"
#include "Mayaqua/Tick64.h"
#include <stdlib.h>
@@ -80,6 +82,9 @@ void AcWaitForRequest(AZURE_CLIENT *ac, SOCK *s, AZURE_PARAM *param)
{
SOCK *ns;
Debug("Connect Request from %r:%u\n", &client_ip, client_port);
char ipstr[128];
IPToStr(ipstr, sizeof(ipstr), &client_ip);
SLog(ac->Cedar, "LS_AZURE_START", ipstr, client_port);
// Create new socket and connect VPN Azure Server
if (ac->DDnsStatusCopy.InternetSetting.ProxyType == PROXY_DIRECT)
@@ -103,7 +108,10 @@ void AcWaitForRequest(AZURE_CLIENT *ac, SOCK *s, AZURE_PARAM *param)
SetTimeout(ns, param->DataTimeout);
if (StartSSLEx(ns, NULL, NULL, 0, NULL))
UINT ssl_err = 0;
Copy(&ns->SslAcceptSettings, &ac->Cedar->SslAcceptSettings, sizeof(SSL_ACCEPT_SETTINGS));
if (StartSSLEx3(ns, NULL, NULL, NULL, 0, NULL, NULL, &ssl_err))
{
// Check certification
char server_cert_hash_str[MAX_SIZE];
@@ -157,6 +165,13 @@ void AcWaitForRequest(AZURE_CLIENT *ac, SOCK *s, AZURE_PARAM *param)
}
}
}
else
{
if (ssl_err != 0)
{
SLog(ac->Cedar, "LS_AZURE_SSL_ERROR", GetUniErrorStr(ssl_err), ssl_err);
}
}
ReleaseSock(ns);
}
src/Cedar/BridgeUnix.c
+14 -7
View File
@@ -29,11 +29,13 @@
#include <sys/ioctl.h>
#include <sys/stat.h>
#ifndef UNIX_OPENBSD
#if !defined(UNIX_OPENBSD) && !defined(UNIX_SOLARIS)
#include <net/ethernet.h>
#endif
#ifdef UNIX_SOLARIS
#include <stropts.h>
#include <sys/dlpi.h>
#include <sys/sockio.h>
#endif
@@ -49,7 +51,7 @@
#endif
#ifdef UNIX_LINUX
#include <linux/if_packet.h>
#include <netpacket/packet.h>
struct my_tpacket_auxdata
{
@@ -319,7 +321,7 @@ TOKEN_LIST *GetEthListLinux(bool enum_normal, bool enum_rawip)
{
if (IsInListStr(o, name) == false)
{
if (StartWith(name, "tap_") == false)
if (StartWith(name, UNIX_VLAN_BRIDGE_IFACE_PREFIX"_") == false)
{
Add(o, CopyStr(name));
}
@@ -504,7 +506,7 @@ ETH *OpenEthLinux(char *name, bool local, bool tapmode, char *tapaddr)
{
#ifndef NO_VLAN
// In tap mode
VLAN *v = NewTap(name, tapaddr, true);
VLAN *v = NewBridgeTap(name, tapaddr, true);
if (v == NULL)
{
return NULL;
@@ -803,7 +805,12 @@ bool EthIsChangeMtuSupported(ETH *e)
return false;
}
// FreeBSD seriously dislikes MTU changes; disable if compiled on that platform
#ifndef __FreeBSD__
return true;
#else
return false;
#endif
#else // defined(UNIX_LINUX) || defined(UNIX_BSD) || defined(UNIX_SOLARIS)
return false;
#endif // defined(UNIX_LINUX) || defined(UNIX_BSD) || defined(UNIX_SOLARIS)
@@ -1397,7 +1404,7 @@ ETH *OpenEthBSD(char *name, bool local, bool tapmode, char *tapaddr)
{
#ifndef NO_VLAN
// In tap mode
VLAN *v = NewTap(name, tapaddr, true);
VLAN *v = NewBridgeTap(name, tapaddr, true);
if (v == NULL)
{
return NULL;
@@ -1414,7 +1421,7 @@ ETH *OpenEthBSD(char *name, bool local, bool tapmode, char *tapaddr)
return e;
#else // NO_VLAN
return NULL:
return NULL;
#endif // NO_VLAN
}
@@ -1473,7 +1480,7 @@ void CloseEth(ETH *e)
if (e->Tap != NULL)
{
#ifndef NO_VLAN
FreeTap(e->Tap);
FreeBridgeTap(e->Tap);
#endif // NO_VLAN
}
src/Cedar/BridgeWin32.c
+10 -5
View File
@@ -1161,6 +1161,7 @@ void Win32EthMakeCombinedName(char *dst, UINT dst_size, char *nicname, char *gui
if (IsEmptyStr(guid) == false)
{
// Allow to combine "FriendlyName" consisting of a NULL character and ID.
Format(dst, dst_size, "%s(ID=%010u)", nicname, Win32EthGenIdFromGuid(guid));
}
else
@@ -1185,9 +1186,10 @@ UINT Win32EthGetNameAndIdFromCombinedName(char *name, UINT name_size, char *str)
len = StrLen(str);
if (len >= 16)
// Allow to combine "FriendlyName" consisting of a NULL character and ID beginning with "(ID=".
if (len >= 15)
{
StrCpy(id_str, sizeof(id_str), str + len - 16);
StrCpy(id_str, sizeof(id_str), str + len - 15);
if (StartWith(id_str, "(ID="))
{
@@ -1196,7 +1198,7 @@ UINT Win32EthGetNameAndIdFromCombinedName(char *name, UINT name_size, char *str)
char num[MAX_SIZE];
Zero(num, sizeof(num));
StrCpy(num, sizeof(num), id_str + 5);
StrCpy(num, sizeof(num), id_str + 4);
num[StrLen(num) - 1] = 0;
@@ -1204,7 +1206,7 @@ UINT Win32EthGetNameAndIdFromCombinedName(char *name, UINT name_size, char *str)
if (ret != 0)
{
name[len - 16] = 0;
name[len - 15] = 0;
}
}
}
@@ -1346,6 +1348,8 @@ TOKEN_LIST *GetEthListEx(UINT *total_num_including_hidden, bool enum_normal, boo
Debug("%s - %s\n", a->Guid, a->Title);
}
// Make sure that "FriendlyName" does not cosist a NULL character.
Debug("%s,- s=%d, t=%s, %s,\n", a->Guid, show, tmp, a->Title[0] == 0 ? "check=NG FriendlyName(Title) is NULL !" : "check=OK");
}
*total_num_including_hidden = ret->NumTokens;
@@ -1405,7 +1409,7 @@ LIST *GetEthAdapterListInternal()
UINT size;
char *buf;
UINT i, j;
char *qos_tag = " (Microsoft's Packet Scheduler)";
char *qos_tag = "(Microsoft's Packet Scheduler)"; // Allow to combine "FriendlyName" consisting of a NULL character and QOS tag.
SU *su = NULL;
LIST *su_adapter_list = NULL;
@@ -1660,6 +1664,7 @@ ANSI_STR:
}
else
{
// Allow to combine "FriendlyName" consisting of a NULL character and SEQ number.
Format(tmp, sizeof(tmp), "%s(%u)", a->Title, k + 1);
}
src/Cedar/CM.c
+164 -47
View File
@@ -410,7 +410,7 @@ void CmEasyDlgOnKey(HWND hWnd, CM_EASY_DLG *d, bool ctrl, bool alt, UINT key)
break;
case 'O':
// Option settings
Command(hWnd, CMD_TRAFFIC);
Command(hWnd, CMD_OPTION);
break;
case 'R':
// Certificate management
@@ -4251,9 +4251,6 @@ UINT CmMainWindowProc(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam, void *p
case WM_TIMER:
switch (wParam)
{
case 1:
CmSetForegroundProcessToCnService();
break;
case 2:
CmPollingTray(hWnd);
break;
@@ -5019,7 +5016,7 @@ void CmOnKey(HWND hWnd, bool ctrl, bool alt, UINT key)
break;
case 'O':
// Option settings
Command(hWnd, CMD_TRAFFIC);
Command(hWnd, CMD_OPTION);
break;
case 'R':
// Certificate management
@@ -5450,8 +5447,6 @@ void CmMainWindowOnCommandEx(HWND hWnd, WPARAM wParam, LPARAM lParam, bool easy)
CmStopUacHelper(helper);
Free(name);
CmRefresh(hWnd);
}
break;
case CMD_DELETE_VLAN:
@@ -5480,8 +5475,6 @@ void CmMainWindowOnCommandEx(HWND hWnd, WPARAM wParam, LPARAM lParam, bool easy)
}
Free(s);
}
CmRefresh(hWnd);
}
break;
case CMD_ENABLE_VLAN:
@@ -5501,8 +5494,6 @@ void CmMainWindowOnCommandEx(HWND hWnd, WPARAM wParam, LPARAM lParam, bool easy)
CALL(hWnd, CcEnableVLan(cm->Client, &c));
}
Free(s);
CmRefresh(hWnd);
}
}
break;
@@ -5523,8 +5514,6 @@ void CmMainWindowOnCommandEx(HWND hWnd, WPARAM wParam, LPARAM lParam, bool easy)
CALL(hWnd, CcDisableVLan(cm->Client, &c));
}
Free(s);
CmRefresh(hWnd);
}
}
break;
@@ -5560,8 +5549,6 @@ void CmMainWindowOnCommandEx(HWND hWnd, WPARAM wParam, LPARAM lParam, bool easy)
CmStopUacHelper(helper);
}
Free(s);
CmRefresh(hWnd);
}
}
break;
@@ -6032,6 +6019,7 @@ void CmExportAccount(HWND hWnd, wchar_t *account_name)
t.StartupAccount = a->Startup;
t.CheckServerCert = a->CheckServerCert;
t.RetryOnServerCert = a->RetryOnServerCert;
t.AddDefaultCA = a->AddDefaultCA;
t.ServerCert = a->ServerCert;
t.ClientOption->FromAdminPack = false;
@@ -6162,6 +6150,8 @@ void CmImportAccountMainEx(HWND hWnd, wchar_t *filename, bool overwrite)
t->ClientOption->RequireMonitorMode = old_option->RequireMonitorMode;
t->ClientOption->RequireBridgeRoutingMode = old_option->RequireBridgeRoutingMode;
t->ClientOption->DisableQoS = old_option->DisableQoS;
t->ClientOption->BindLocalIP = old_option->BindLocalIP;// Source IP address for outgoing connection
t->ClientOption->BindLocalPort = old_option->BindLocalPort;// Source port number for outgoing connection
// Inherit the authentication data
CiFreeClientAuth(t->ClientAuth);
@@ -6171,6 +6161,7 @@ void CmImportAccountMainEx(HWND hWnd, wchar_t *filename, bool overwrite)
t->StartupAccount = get.StartupAccount;
t->CheckServerCert = get.CheckServerCert;
t->RetryOnServerCert = get.RetryOnServerCert;
t->AddDefaultCA = get.AddDefaultCA;
if (t->ServerCert != NULL)
{
FreeX(t->ServerCert);
@@ -6280,6 +6271,7 @@ void CmCopyAccount(HWND hWnd, wchar_t *account_name)
}
c.CheckServerCert = a->CheckServerCert;
c.RetryOnServerCert = a->RetryOnServerCert;
c.AddDefaultCA = a->AddDefaultCA;
c.StartupAccount = false; // Don't copy the startup attribute
CALL(hWnd, CcCreateAccount(cm->Client, &c));
@@ -6466,9 +6458,55 @@ void CmDetailDlgUpdate(HWND hWnd, CM_ACCOUNT *a)
Disable(hWnd, R_BRIDGE);
Disable(hWnd, R_MONITOR);
Disable(hWnd, R_NO_ROUTING);
#if TYPE_BINDLOCALIP
Disable(hWnd, E_BIND_LOCALIP);// Source IP address for outgoing connection
Disable(hWnd, E_BIND_LOCALPORT);// Source port number for outgoing connection
#endif
}
}
#if TYPE_BINDLOCALIP
// Set the value of the IP type
void SetIp(HWND hWnd, UINT id, IP* ip)
{
char tmp[MAX_SIZE];
// Validate arguments
if (hWnd == NULL || ip == NULL)
{
return;
}
IPToStr(tmp, sizeof(tmp), ip);
SetTextA(hWnd, id, tmp);
}
// Get an IP address
bool GetIp(HWND hWnd, UINT id, IP* ip)
{
char tmp[MAX_SIZE];
// Validate arguments
if (hWnd == NULL || ip == NULL)
{
return false;
}
Zero(ip, sizeof(IP));
if (GetTxtA(hWnd, id, tmp, sizeof(tmp)) == false)
{
return false;
}
if (StrToIP(ip, tmp) == false)
{
return false;
}
return true;
}
#endif
// Advanced Settings dialog procedure
UINT CmDetailDlgProc(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam, void *param)
{
@@ -6505,6 +6543,11 @@ UINT CmDetailDlgProc(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam, void *pa
Check(hWnd, R_NO_ROUTING, a->ClientOption->NoRoutingTracking);
Check(hWnd, R_DISABLE_QOS, a->ClientOption->DisableQoS);
Check(hWnd, R_DISABLE_UDP, a->ClientOption->NoUdpAcceleration);
#if TYPE_BINDLOCALIP
SetIp(hWnd, E_BIND_LOCALIP, &a->ClientOption->BindLocalIP);// Source IP address for outgoing connection
SetIntEx(hWnd, E_BIND_LOCALPORT, a->ClientOption->BindLocalPort);// Source port number for outgoing connection
//Disable(hWnd, E_BIND_LOCALPORT); // You can not edit
#endif
// Select the Connection Mode
if (a->LinkMode == false)
@@ -6552,6 +6595,20 @@ UINT CmDetailDlgProc(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam, void *pa
Focus(hWnd, E_INTERVAL);
break;
}
#if TYPE_BINDLOCALIP
// Source IP address for outgoing connection
IP tmpIP;
if (GetIp(hWnd, E_BIND_LOCALIP, &tmpIP) == false)
{
FocusEx(hWnd, E_BIND_LOCALIP);
break;
}
// Source port number for outgoing connection
if ((GetInt(hWnd, E_BIND_LOCALPORT) < 0) || (GetInt(hWnd, E_BIND_LOCALPORT) > 65535)){
FocusEx(hWnd, E_BIND_LOCALPORT);
break;
}
#endif
a->ClientOption->MaxConnection = num;
a->ClientOption->AdditionalConnectionInterval = GetInt(hWnd, E_INTERVAL);
@@ -6569,6 +6626,10 @@ UINT CmDetailDlgProc(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam, void *pa
a->ClientOption->NoRoutingTracking = IsChecked(hWnd, R_NO_ROUTING);
a->ClientOption->DisableQoS = IsChecked(hWnd, R_DISABLE_QOS);
a->ClientOption->NoUdpAcceleration = IsChecked(hWnd, R_DISABLE_UDP);
#if TYPE_BINDLOCALIP
a->ClientOption->BindLocalIP = tmpIP;// Source IP address for outgoing connection
a->ClientOption->BindLocalPort = GetInt(hWnd, E_BIND_LOCALPORT);// Source port number for outgoing connection
#endif
if (a->LinkMode)
{
@@ -6659,6 +6720,7 @@ void CmEditAccountDlgUpdate(HWND hWnd, CM_ACCOUNT *a)
// Host name
GetTxtA(hWnd, E_HOSTNAME, a->ClientOption->Hostname, sizeof(a->ClientOption->Hostname));
Trim(a->ClientOption->Hostname);
a->ClientOption->HintStr[0] = 0;
if (InStr(a->ClientOption->Hostname, "/tcp"))
{
@@ -6695,9 +6757,13 @@ void CmEditAccountDlgUpdate(HWND hWnd, CM_ACCOUNT *a)
// To validate the server certificate
a->CheckServerCert = IsChecked(hWnd, R_CHECK_CERT);
// Trust default CA list
a->AddDefaultCA = IsChecked(hWnd, R_TRUST_DEFAULT);
if (a->NatMode)
{
Disable(hWnd, R_CHECK_CERT);
Disable(hWnd, R_TRUST_DEFAULT);
Disable(hWnd, B_TRUST);
}
@@ -7040,6 +7106,7 @@ void CmEditAccountDlgUpdate(HWND hWnd, CM_ACCOUNT *a)
SetEnable(hWnd, S_STATIC7, false);
SetEnable(hWnd, S_STATIC11, false);
SetEnable(hWnd, R_CHECK_CERT, false);
SetEnable(hWnd, R_TRUST_DEFAULT, false);
SetEnable(hWnd, B_TRUST, false);
SetEnable(hWnd, B_SERVER_CERT, false);
SetEnable(hWnd, B_VIEW_SERVER_CERT, false);
@@ -7101,10 +7168,17 @@ void CmEditAccountDlgInit(HWND hWnd, CM_ACCOUNT *a)
SetText(hWnd, E_ACCOUNT_NAME, a->ClientOption->AccountName);
// Host name
SetTextA(hWnd, E_HOSTNAME, a->ClientOption->Hostname);
StrCpy(a->old_server_name, sizeof(a->old_server_name), a->ClientOption->Hostname);
char hostname[MAX_SIZE];
StrCpy(hostname, sizeof(hostname), a->ClientOption->Hostname);
if (IsEmptyStr(a->ClientOption->HintStr) == false)
{
StrCat(hostname, sizeof(hostname), "/");
StrCat(hostname, sizeof(hostname), a->ClientOption->HintStr);
}
SetTextA(hWnd, E_HOSTNAME, hostname);
StrCpy(a->old_server_name, sizeof(a->old_server_name), hostname);
if (InStr(a->ClientOption->Hostname, "/tcp"))
if (InStr(hostname, "/tcp"))
{
Check(hWnd, R_DISABLE_NATT, true);
}
@@ -7134,6 +7208,9 @@ void CmEditAccountDlgInit(HWND hWnd, CM_ACCOUNT *a)
// Verify the server certificate
Check(hWnd, R_CHECK_CERT, a->CheckServerCert);
// Trust default CA list
Check(hWnd, R_TRUST_DEFAULT, a->AddDefaultCA);
// LAN card list
if (a->NatMode == false && a->LinkMode == false)
{
@@ -7366,6 +7443,7 @@ UINT CmEditAccountDlgProc(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam, voi
case R_HTTPS:
case R_SOCKS:
case R_CHECK_CERT:
case R_TRUST_DEFAULT:
case C_TYPE:
case E_USERNAME:
case E_PASSWORD:
@@ -8463,6 +8541,11 @@ bool CmLoadKExW(HWND hWnd, K **k, wchar_t *filename, UINT size)
// Read a set of certificate and private key
bool CmLoadXAndK(HWND hWnd, X **x, K **k)
{
return CmLoadXListAndK(hWnd, x, k, NULL);
}
// Read a set of certificate and private key and trust chain
bool CmLoadXListAndK(HWND hWnd, X **x, K **k, LIST **cc)
{
wchar_t *s;
bool is_p12;
@@ -8510,7 +8593,7 @@ START_FIRST:
}
if (IsEncryptedP12(p12) == false)
{
if (ParseP12(p12, x, k, NULL) == false)
if (ParseP12Ex(p12, x, k, cc, NULL) == false)
{
MsgBoxEx(hWnd, MB_ICONSTOP, _UU("DLG_BAD_P12_W"), tmp);
FreeP12(p12);
@@ -8529,7 +8612,7 @@ START_FIRST:
}
else
{
if (ParseP12(p12, x, k, password) == false)
if (ParseP12Ex(p12, x, k, cc, password) == false)
{
MsgBoxEx(hWnd, MB_ICONSTOP, _UU("DLG_BAD_P12_W"), tmp);
FreeP12(p12);
@@ -8542,6 +8625,10 @@ START_FIRST:
{
FreeX(*x);
FreeK(*k);
if (cc != NULL)
{
FreeXList(*cc);
}
FreeP12(p12);
FreeBuf(b);
if (MsgBox(hWnd, MB_ICONEXCLAMATION | MB_RETRYCANCEL, _UU("DLG_BAD_SIGNATURE")) == IDRETRY)
@@ -8550,6 +8637,11 @@ START_FIRST:
}
return false;
}
if (cc != NULL && LIST_NUM(*cc) == 0)
{
ReleaseList(*cc);
*cc = NULL;
}
FreeP12(p12);
FreeBuf(b);
return true;
@@ -8558,19 +8650,40 @@ START_FIRST:
{
// Processing of X509
BUF *b = ReadDumpW(tmp);
X *x509;
X *x509 = NULL;
K *key;
LIST *chain = NULL;
if (b == NULL)
{
MsgBoxEx(hWnd, MB_ICONSTOP, _UU("DLG_OPEN_FILE_ERROR_W"), tmp);
return false;
}
// DER-encoded X509 files can't hold multiple certificates
if (cc == NULL || IsBase64(b) == false)
{
x509 = BufToX(b, IsBase64(b));
}
else
{
chain = BufToXList(b, true);
if (LIST_NUM(chain) > 0)
{
x509 = LIST_DATA(chain, 0);
Delete(chain, x509);
if (LIST_NUM(chain) == 0)
{
ReleaseList(chain);
chain = NULL;
}
}
}
FreeBuf(b);
if (x509 == NULL)
{
MsgBoxEx(hWnd, MB_ICONSTOP, _UU("DLG_BAD_X509_W"), tmp);
FreeXList(chain);
return false;
}
@@ -8579,6 +8692,7 @@ START_FIRST:
if (s == NULL)
{
FreeX(x509);
FreeXList(chain);
return false;
}
UniStrCpy(tmp, sizeof(tmp), s);
@@ -8589,6 +8703,7 @@ START_FIRST:
{
MsgBoxEx(hWnd, MB_ICONSTOP, _UU("DLG_OPEN_FILE_ERROR_W"), tmp);
FreeX(x509);
FreeXList(chain);
return false;
}
@@ -8603,6 +8718,7 @@ START_FIRST:
{
FreeBuf(b);
FreeX(x509);
FreeXList(chain);
return false;
}
key = BufToK(b, true, IsBase64(b), pass);
@@ -8612,6 +8728,7 @@ START_FIRST:
{
FreeBuf(b);
FreeX(x509);
FreeXList(chain);
MsgBoxEx(hWnd, MB_ICONSTOP, _UU("DLG_BAD_KEY_W"), tmp);
return false;
}
@@ -8621,6 +8738,7 @@ START_FIRST:
FreeBuf(b);
FreeX(x509);
FreeK(key);
FreeXList(chain);
if (MsgBox(hWnd, MB_ICONEXCLAMATION | MB_RETRYCANCEL, _UU("DLG_BAD_SIGNATURE")) == IDRETRY)
{
goto START_FIRST;
@@ -8631,6 +8749,10 @@ START_FIRST:
FreeBuf(b);
*x = x509;
*k = key;
if (cc != NULL)
{
*cc = chain;
}
return true;
}
}
@@ -8728,6 +8850,7 @@ void CmEditAccountDlgOnOk(HWND hWnd, CM_ACCOUNT *a)
Copy(c.ClientOption, a->ClientOption, sizeof(CLIENT_OPTION));
c.ClientAuth = CopyClientAuth(a->ClientAuth);
c.CheckServerCert = a->CheckServerCert;
c.AddDefaultCA = a->AddDefaultCA;
if (a->ServerCert != NULL)
{
c.ServerCert = CloneX(a->ServerCert);
@@ -8781,6 +8904,7 @@ void CmEditAccountDlgOnOk(HWND hWnd, CM_ACCOUNT *a)
Copy(t.ClientOption, a->ClientOption, sizeof(CLIENT_OPTION));
t.ClientAuth = CopyClientAuth(a->ClientAuth);
t.CheckServerCert = a->CheckServerCert;
t.AddDefaultCA = a->AddDefaultCA;
t.ServerCert = CloneX(a->ServerCert);
// Save the settings for cascade connection
@@ -8973,6 +9097,7 @@ CM_ACCOUNT *CmGetExistAccountObject(HWND hWnd, wchar_t *account_name)
a->EditMode = true;
a->CheckServerCert = c.CheckServerCert;
a->RetryOnServerCert = c.RetryOnServerCert;
a->AddDefaultCA = c.AddDefaultCA;
a->Startup = c.StartupAccount;
if (c.ServerCert != NULL)
{
@@ -9003,6 +9128,7 @@ CM_ACCOUNT *CmCreateNewAccountObject(HWND hWnd)
a->EditMode = false;
a->CheckServerCert = false;
a->RetryOnServerCert = false;
a->AddDefaultCA = false;
a->Startup = false;
a->ClientOption = ZeroMalloc(sizeof(CLIENT_OPTION));
@@ -9518,7 +9644,11 @@ void CmPrintStatusToListViewEx(LVB *b, RPC_CLIENT_GET_CONNECTION_STATUS *s, bool
}
else
{
if (StrLen(s->CipherName) != 0)
if (StrLen(s->CipherName) != 0 && StrLen(s->ProtocolName) != 0)
{
UniFormat(tmp, sizeof(tmp), _UU("CM_ST_USE_ENCRYPT_TRUE3"), s->ProtocolName, s->CipherName);
}
else if (StrLen(s->CipherName) != 0)
{
UniFormat(tmp, sizeof(tmp), _UU("CM_ST_USE_ENCRYPT_TRUE"), s->CipherName);
}
@@ -10410,7 +10540,7 @@ void CmRefreshAccountListEx2(HWND hWnd, bool easy, bool style_changed)
UINT num = 0;
RPC_CLIENT_ENUM_ACCOUNT a;
UINT num_connecting = 0, num_connected = 0;
wchar_t tmp[MAX_SIZE];
wchar_t tooltip[MAX_SIZE];
wchar_t new_inserted_item[MAX_ACCOUNT_NAME_LEN + 1];
bool select_new_inserted_item = true;
// Validate arguments
@@ -10464,6 +10594,8 @@ void CmRefreshAccountListEx2(HWND hWnd, bool easy, bool style_changed)
select_new_inserted_item = false;
}
UniStrCpy(tooltip, sizeof(tooltip), _UU("CM_TRAY_INITING"));
// Enumerate the account list
if (CALL(hWnd, CcEnumAccount(cm->Client, &a)))
{
@@ -10587,10 +10719,16 @@ void CmRefreshAccountListEx2(HWND hWnd, bool easy, bool style_changed)
if (t->Connected)
{
num_connected++;
UniStrCat(tooltip, sizeof(tooltip), L"\r\n"L"\r\n");
UniStrCat(tooltip, sizeof(tooltip), t->AccountName);
UniStrCat(tooltip, sizeof(tooltip), _UU("CM_TRAY_CONNECTED"));
}
else
{
num_connecting++;
UniStrCat(tooltip, sizeof(tooltip), L"\r\n"L"\r\n");
UniStrCat(tooltip, sizeof(tooltip), t->AccountName);
UniStrCat(tooltip, sizeof(tooltip), _UU("CM_TRAY_CONNECTING"));
}
}
}
@@ -10643,22 +10781,8 @@ void CmRefreshAccountListEx2(HWND hWnd, bool easy, bool style_changed)
if (num_connecting == 0 && num_connected == 0)
{
// There is no connecting or connected account
UniStrCpy(tmp, sizeof(tmp), _UU("CM_TRAY_NOT_CONNECTED"));
}
else if (num_connected == 0)
{
// There is only connecting account
UniFormat(tmp, sizeof(tmp), _UU("CM_TRAY_CONNECTED_1"), num_connecting);
}
else if (num_connecting == 0)
{
// There is only connected account
UniFormat(tmp, sizeof(tmp), _UU("CM_TRAY_CONNECTED_2"), num_connected);
}
else
{
// There are both
UniFormat(tmp, sizeof(tmp), _UU("CM_TRAY_CONNECTED_0"), num_connected, num_connecting);
UniStrCat(tooltip, sizeof(tooltip), L"\r\n");
UniStrCat(tooltip, sizeof(tooltip), _UU("CM_TRAY_NOT_CONNECTED"));
}
if (num_connecting == 0 && num_connected == 0)
@@ -10680,7 +10804,7 @@ void CmRefreshAccountListEx2(HWND hWnd, bool easy, bool style_changed)
}
}
CmChangeTrayString(hWnd, tmp);
CmChangeTrayString(hWnd, tooltip);
}
Refresh(hWnd);
@@ -11207,7 +11331,6 @@ void CmMainWindowOnInit(HWND hWnd)
CmInitNotifyClientThread();
// Timer setting
SetTimer(hWnd, 1, 128, NULL);
SetTimer(hWnd, 6, 5000, NULL);
// Initialize the task tray
@@ -11844,7 +11967,6 @@ bool LoginCM()
// Try to login with an empty password first
bool bad_pass, no_remote;
wchar_t server_name[MAX_SIZE];
RPC_CLIENT_VERSION a;
RETRY:
if (cm->server_name != NULL)
@@ -11896,13 +12018,8 @@ RETRY:
}
}
Zero(&a, sizeof(a));
CcGetClientVersion(cm->Client, &a);
if (a.ClientBuildInt >= 5192)
{
cm->CmSettingSupported = true;
cm->CmEasyModeSupported = true;
}
return true;
}
src/Cedar/CMInner.h
+2
View File
@@ -140,6 +140,7 @@ typedef struct CM_ACCOUNT
bool Startup; // Startup account
bool CheckServerCert; // Check the server certificate
bool RetryOnServerCert; // Retry on invalid server certificate
bool AddDefaultCA; // Use default trust store
X *ServerCert; // Server certificate
char old_server_name[MAX_HOST_NAME_LEN + 1]; // Old server name
bool Inited; // Initialization flag
@@ -409,6 +410,7 @@ void CmEditAccountDlgInit(HWND hWnd, CM_ACCOUNT *a);
void CmEditAccountDlgOnOk(HWND hWnd, CM_ACCOUNT *a);
void CmEditAccountDlgStartEnumHub(HWND hWnd, CM_ACCOUNT *a);
bool CmLoadXAndK(HWND hWnd, X **x, K **k);
bool CmLoadXListAndK(HWND hWnd, X **x, K **k, LIST **cc);
bool CmLoadKEx(HWND hWnd, K **k, char *filename, UINT size);
bool CmLoadKExW(HWND hWnd, K **k, wchar_t *filename, UINT size);
bool CmLoadXFromFileOrSecureCard(HWND hWnd, X **x);
src/Cedar/CMakeLists.txt
+9 -1
View File
@@ -19,6 +19,8 @@ set_target_properties(cedar
RUNTIME_OUTPUT_DIRECTORY "${BUILD_DIRECTORY}"
)
target_link_libraries(cedar PUBLIC mayaqua)
cmake_host_system_information(RESULT HAS_SSE2 QUERY HAS_SSE2)
set(BLAKE2_SRC_PATH $<IF:$<BOOL:${HAS_SSE2}>,${TOP_DIRECTORY}/3rdparty/BLAKE2/sse,${TOP_DIRECTORY}/3rdparty/BLAKE2/ref>)
@@ -27,6 +29,12 @@ set(BLAKE2_SRC $<IF:$<BOOL:${HAS_SSE2}>,${BLAKE2_SRC_PATH}/blake2s.c,${BLAKE2_SR
target_include_directories(cedar PUBLIC ${BLAKE2_SRC_PATH})
target_sources(cedar PRIVATE ${BLAKE2_SRC})
if(HAS_SSE2)
# If SSE2 is enabled, a build failure occurs with MSVC because it doesn't define "__SSE2__".
# The fix consists in defining "HAVE_SSE2" manually, effectively overriding the check.
set_property(SOURCE ${BLAKE2_SRC} PROPERTY COMPILE_DEFINITIONS "HAVE_SSE2")
endif()
if(VCPKG_TARGET_TRIPLET)
find_package(unofficial-sodium CONFIG REQUIRED)
target_link_libraries(cedar PUBLIC unofficial-sodium::sodium)
@@ -93,6 +101,6 @@ if(UNIX)
install(TARGETS cedar
COMPONENT "common"
DESTINATION "${CMAKE_INSTALL_LIBDIR}"
PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ
PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE
)
endif()
src/Cedar/Cedar.c
+88 -2
View File
@@ -322,6 +322,34 @@ void DecrementNoSsl(CEDAR *c, IP *ip, UINT num_dec)
UnlockList(c->NonSslList);
}
// Check whether the specified IP address is in Non-SSL connection list
bool IsInNoSsl(CEDAR *c, IP *ip)
{
bool ret = false;
// Validate arguments
if (c == NULL || ip == NULL)
{
return false;
}
LockList(c->NonSslList);
{
NON_SSL *n = SearchNoSslList(c, ip);
if (n != NULL)
{
if (n->EntryExpires > Tick64() && n->Count > NON_SSL_MIN_COUNT)
{
n->EntryExpires = Tick64() + (UINT64)NON_SSL_ENTRY_EXPIRES;
ret = true;
}
}
}
UnlockList(c->NonSslList);
return ret;
}
// Add new entry to Non-SSL connection list
bool AddNoSsl(CEDAR *c, IP *ip)
{
@@ -704,6 +732,47 @@ void DelConnection(CEDAR *cedar, CONNECTION *c)
UnlockList(cedar->ConnectionList);
}
// Get the number of unestablished connections
UINT GetUnestablishedConnections(CEDAR *cedar)
{
UINT i, ret;
// Validate arguments
if (cedar == NULL)
{
return 0;
}
ret = 0;
LockList(cedar->ConnectionList);
{
for (i = 0;i < LIST_NUM(cedar->ConnectionList);i++)
{
CONNECTION *c = LIST_DATA(cedar->ConnectionList, i);
switch (c->Type)
{
case CONNECTION_TYPE_CLIENT:
case CONNECTION_TYPE_INIT:
case CONNECTION_TYPE_LOGIN:
case CONNECTION_TYPE_ADDITIONAL:
switch (c->Status)
{
case CONNECTION_STATUS_ACCEPTED:
case CONNECTION_STATUS_NEGOTIATION:
case CONNECTION_STATUS_USERAUTH:
ret++;
break;
}
break;
}
}
}
UnlockList(cedar->ConnectionList);
return ret + Count(cedar->AcceptingSockets);
}
// Add connection to Cedar
void AddConnection(CEDAR *cedar, CONNECTION *c)
{
@@ -1157,6 +1226,10 @@ void CleanupCedar(CEDAR *c)
{
FreeK(c->ServerK);
}
if (c->ServerChain)
{
FreeXList(c->ServerChain);
}
if (c->CipherList)
{
@@ -1386,6 +1459,10 @@ void FreeNetSvcList(CEDAR *cedar)
// Change certificate of Cedar
void SetCedarCert(CEDAR *c, X *server_x, K *server_k)
{
SetCedarCertAndChain(c, server_x, server_k, NULL);
}
void SetCedarCertAndChain(CEDAR *c, X *server_x, K *server_k, LIST *server_chain)
{
// Validate arguments
if (server_x == NULL || server_k == NULL)
@@ -1405,8 +1482,14 @@ void SetCedarCert(CEDAR *c, X *server_x, K *server_k)
FreeK(c->ServerK);
}
if (c->ServerChain != NULL)
{
FreeXList(c->ServerChain);
}
c->ServerX = CloneX(server_x);
c->ServerK = CloneK(server_k);
c->ServerChain = CloneXList(server_chain);
}
Unlock(c->lock);
}
@@ -1550,10 +1633,13 @@ CEDAR *NewCedar(X *server_x, K *server_k)
#endif // ALPHA_VERSION
ToStr(tmp2, c->Beta);
Format(tmp2, sizeof(tmp2), " %s %s ", beta_str, tmp2);
Format(tmp, sizeof(tmp), "Version %u.%02u Build %u %s %s (%s)",
Format(tmp, sizeof(tmp),
"Version %u.%02u Build %u"
"%s" // Alpha, Beta, Release Candidate or nothing
"(%s)", // Language
CEDAR_VERSION_MAJOR, CEDAR_VERSION_MINOR, CEDAR_VERSION_BUILD,
c->Beta == 0 ? "" : beta_str,
c->Beta == 0 ? " " : tmp2,
_SS("LANGSTR"));
Trim(tmp);
src/Cedar/Cedar.h
+12
View File
@@ -366,6 +366,7 @@
#define AUTHTYPE_ROOTCERT 3 // Root certificate which is issued by trusted Certificate Authority
#define AUTHTYPE_RADIUS 4 // Radius authentication
#define AUTHTYPE_NT 5 // Windows NT authentication
#define AUTHTYPE_EXTERNAL 96 // External authentication (completed)
#define AUTHTYPE_WIREGUARD_KEY 97 // WireGuard public key authentication
#define AUTHTYPE_OPENVPN_CERT 98 // TLS client certificate authentication
#define AUTHTYPE_TICKET 99 // Ticket authentication
@@ -675,6 +676,9 @@
//
//////////////////////////////////////////////////////////////////////
#define UNIX_VLAN_CLIENT_IFACE_PREFIX "vpn" // Prefix of UNIX virtual LAN card interface (used for client)
#define UNIX_VLAN_BRIDGE_IFACE_PREFIX "tap" // Prefix of UNIX virtual LAN card interface (used for bridge destination)
#ifndef UNIX_BSD
#define TAP_FILENAME_1 "/dev/net/tun"
#define TAP_FILENAME_2 "/dev/tun"
@@ -869,6 +873,10 @@
#define ERR_VPNGATE_INCLIENT_CANT_STOP 146 // Can not be stopped if operating within VPN Client mode
#define ERR_NOT_SUPPORTED_FUNCTION_ON_OPENSOURCE 147 // It is a feature that is not supported in the open source version
#define ERR_SUSPENDING 148 // System is suspending
#define ERR_HOSTNAME_MISMATCH 149 // SSL hostname mismatch
#define ERR_SSL_PROTOCOL_VERSION 150 // SSL version not supported
#define ERR_SSL_SHARED_CIPHER 151 // Can't find common cipher
#define ERR_SSL_HANDSHAKE 152 // Other SSL handshake error
////////////////////////////
@@ -930,6 +938,7 @@ struct CEDAR
COUNTER *ConnectionIncrement; // Connection increment counter
X *ServerX; // Server certificate
K *ServerK; // Private key of the server certificate
LIST *ServerChain; // Server trust chain
char UsernameHubSeparator; // Character which separates the username from the hub name
char *CipherList; // List of encryption algorithms
UINT Version; // Version information
@@ -1000,6 +1009,7 @@ CEDAR *NewCedar(X *server_x, K *server_k);
void CedarForceLink();
void SetCedarVpnBridge(CEDAR *c);
void SetCedarCert(CEDAR *c, X *server_x, K *server_k);
void SetCedarCertAndChain(CEDAR *c, X *server_x, K *server_k, LIST *server_chain);
void ReleaseCedar(CEDAR *c);
void CleanupCedar(CEDAR *c);
void StopCedar(CEDAR *c);
@@ -1012,6 +1022,7 @@ void DelHubEx(CEDAR *c, HUB *h, bool no_lock);
void StopAllHub(CEDAR *c);
void StopAllConnection(CEDAR *c);
void AddConnection(CEDAR *cedar, CONNECTION *c);
UINT GetUnestablishedConnections(CEDAR *cedar);
void DelConnection(CEDAR *cedar, CONNECTION *c);
void SetCedarCipherList(CEDAR *cedar, char *name);
void InitCedar();
@@ -1036,6 +1047,7 @@ bool AddNoSsl(CEDAR *c, IP *ip);
void DecrementNoSsl(CEDAR *c, IP *ip, UINT num_dec);
void DeleteOldNoSsl(CEDAR *c);
NON_SSL *SearchNoSslList(CEDAR *c, IP *ip);
bool IsInNoSsl(CEDAR *c, IP *ip);
void FreeTinyLog(TINY_LOG *t);
void WriteTinyLog(TINY_LOG *t, char *str);
TINY_LOG *NewTinyLog();
src/Cedar/Client.c
+129 -32
View File
@@ -22,6 +22,9 @@
#include "VLanWin32.h"
#include "Win32Com.h"
#include "WinUi.h"
#ifdef NO_VLAN
#include "NullLan.h"
#endif
#include "Mayaqua/Cfg.h"
#include "Mayaqua/Encrypt.h"
@@ -1957,6 +1960,7 @@ RPC_CLIENT_CREATE_ACCOUNT *CiCfgToAccount(BUF *b)
t->StartupAccount = a->StartupAccount;
t->CheckServerCert = a->CheckServerCert;
t->RetryOnServerCert = a->RetryOnServerCert;
t->AddDefaultCA = a->AddDefaultCA;
t->ServerCert = a->ServerCert;
Free(a);
@@ -1981,6 +1985,7 @@ BUF *CiAccountToCfg(RPC_CLIENT_CREATE_ACCOUNT *t)
a.ClientAuth = t->ClientAuth;
a.CheckServerCert = t->CheckServerCert;
a.RetryOnServerCert = t->RetryOnServerCert;
a.AddDefaultCA = t->AddDefaultCA;
a.ServerCert = t->ServerCert;
a.StartupAccount = t->StartupAccount;
@@ -4315,6 +4320,13 @@ void InRpcClientOption(CLIENT_OPTION *c, PACK *p)
PackGetUniStr(p, "AccountName", c->AccountName, sizeof(c->AccountName));
PackGetStr(p, "Hostname", c->Hostname, sizeof(c->Hostname));
// Extract hint string from hostname
UINT i = SearchStrEx(c->Hostname, "/", 0, false);
if (i != INFINITE)
{
StrCpy(c->HintStr, sizeof(c->HintStr), c->Hostname + i + 1);
c->Hostname[i] = 0;
}
c->Port = PackGetInt(p, "Port");
c->PortUDP = PackGetInt(p, "PortUDP");
c->ProxyType = PackGetInt(p, "ProxyType");
@@ -4333,6 +4345,9 @@ void InRpcClientOption(CLIENT_OPTION *c, PACK *p)
PackGetStr(p, "CustomHttpHeader", c->CustomHttpHeader, sizeof(c->CustomHttpHeader));
PackGetStr(p, "HubName", c->HubName, sizeof(c->HubName));
PackGetStr(p, "DeviceName", c->DeviceName, sizeof(c->DeviceName));
PackGetIp(p, "BindLocalIP", &c->BindLocalIP);// Source IP address for outgoing connection
c->BindLocalPort = PackGetInt(p, "BindLocalPort");// Source port nubmer for outgoing connection
c->UseEncrypt = PackGetInt(p, "UseEncrypt") ? true : false;
c->UseCompress = PackGetInt(p, "UseCompress") ? true : false;
c->HalfConnection = PackGetInt(p, "HalfConnection") ? true : false;
@@ -4352,7 +4367,20 @@ void OutRpcClientOption(PACK *p, CLIENT_OPTION *c)
}
PackAddUniStr(p, "AccountName", c->AccountName);
// Append hint string to hostname
if (IsEmptyStr(c->HintStr))
{
// No hint
PackAddStr(p, "Hostname", c->Hostname);
}
else
{
char hostname[MAX_SIZE];
StrCpy(hostname, sizeof(hostname), c->Hostname);
StrCat(hostname, sizeof(hostname), "/");
StrCat(hostname, sizeof(hostname), c->HintStr);
PackAddStr(p, "Hostname", hostname);
}
PackAddStr(p, "ProxyName", c->ProxyName);
PackAddStr(p, "ProxyUsername", c->ProxyUsername);
PackAddStr(p, "ProxyPassword", c->ProxyPassword);
@@ -4380,6 +4408,8 @@ void OutRpcClientOption(PACK *p, CLIENT_OPTION *c)
PackAddBool(p, "FromAdminPack", c->FromAdminPack);
PackAddBool(p, "NoUdpAcceleration", c->NoUdpAcceleration);
PackAddData(p, "HostUniqueKey", c->HostUniqueKey, SHA1_SIZE);
PackAddIp(p, "BindLocalIP", &c->BindLocalIP);// Source IP address for outgoing connection
PackAddInt(p, "BindLocalPort", c->BindLocalPort);// Source port number for outgoing connection
}
// CLIENT_AUTH
@@ -4522,6 +4552,7 @@ void InRpcClientCreateAccount(RPC_CLIENT_CREATE_ACCOUNT *c, PACK *p)
c->StartupAccount = PackGetInt(p, "StartupAccount") ? true : false;
c->CheckServerCert = PackGetInt(p, "CheckServerCert") ? true : false;
c->RetryOnServerCert = PackGetInt(p, "RetryOnServerCert") ? true : false;
c->AddDefaultCA = PackGetInt(p, "AddDefaultCA") ? true : false;
b = PackGetBuf(p, "ServerCert");
if (b != NULL)
{
@@ -4545,6 +4576,7 @@ void OutRpcClientCreateAccount(PACK *p, RPC_CLIENT_CREATE_ACCOUNT *c)
PackAddInt(p, "StartupAccount", c->StartupAccount);
PackAddInt(p, "CheckServerCert", c->CheckServerCert);
PackAddInt(p, "RetryOnServerCert", c->RetryOnServerCert);
PackAddInt(p, "AddDefaultCA", c->AddDefaultCA);
if (c->ServerCert != NULL)
{
b = XToBuf(c->ServerCert, false);
@@ -4695,6 +4727,7 @@ void InRpcClientGetAccount(RPC_CLIENT_GET_ACCOUNT *c, PACK *p)
c->StartupAccount = PackGetInt(p, "StartupAccount") ? true : false;
c->CheckServerCert = PackGetInt(p, "CheckServerCert") ? true : false;
c->RetryOnServerCert = PackGetInt(p, "RetryOnServerCert") ? true : false;
c->AddDefaultCA = PackGetInt(p, "AddDefaultCA") ? true : false;
b = PackGetBuf(p, "ServerCert");
if (b != NULL)
{
@@ -4724,6 +4757,7 @@ void OutRpcClientGetAccount(PACK *p, RPC_CLIENT_GET_ACCOUNT *c)
PackAddInt(p, "StartupAccount", c->StartupAccount);
PackAddInt(p, "CheckServerCert", c->CheckServerCert);
PackAddInt(p, "RetryOnServerCert", c->RetryOnServerCert);
PackAddInt(p, "AddDefaultCA", c->AddDefaultCA);
if (c->ServerCert != NULL)
{
@@ -4810,6 +4844,7 @@ void InRpcClientGetConnectionStatus(RPC_CLIENT_GET_CONNECTION_STATUS *s, PACK *p
PackGetStr(p, "ServerName", s->ServerName, sizeof(s->ServerName));
PackGetStr(p, "ServerProductName", s->ServerProductName, sizeof(s->ServerProductName));
PackGetStr(p, "ProtocolVersion", s->ProtocolName, sizeof(s->ProtocolName));
PackGetStr(p, "CipherName", s->CipherName, sizeof(s->CipherName));
PackGetStr(p, "SessionName", s->SessionName, sizeof(s->SessionName));
PackGetStr(p, "ConnectionName", s->ConnectionName, sizeof(s->ConnectionName));
@@ -4846,6 +4881,7 @@ void InRpcClientGetConnectionStatus(RPC_CLIENT_GET_CONNECTION_STATUS *s, PACK *p
s->UseCompress = PackGetInt(p, "UseCompress") ? true : false;
s->IsRUDPSession = PackGetInt(p, "IsRUDPSession") ? true : false;
PackGetStr(p, "UnderlayProtocol", s->UnderlayProtocol, sizeof(s->UnderlayProtocol));
PackGetStr(p, "ProtocolDetails", s->ProtocolDetails, sizeof(s->ProtocolDetails));
s->IsUdpAccelerationEnabled = PackGetInt(p, "IsUdpAccelerationEnabled") ? true : false;
s->IsUsingUdpAcceleration = PackGetInt(p, "IsUsingUdpAcceleration") ? true : false;
@@ -4885,6 +4921,7 @@ void OutRpcClientGetConnectionStatus(PACK *p, RPC_CLIENT_GET_CONNECTION_STATUS *
PackAddStr(p, "ServerName", c->ServerName);
PackAddStr(p, "ServerProductName", c->ServerProductName);
PackAddStr(p, "ProtocolVersion", c->ProtocolName);
PackAddStr(p, "CipherName", c->CipherName);
PackAddStr(p, "SessionName", c->SessionName);
PackAddStr(p, "ConnectionName", c->ConnectionName);
@@ -4908,6 +4945,7 @@ void OutRpcClientGetConnectionStatus(PACK *p, RPC_CLIENT_GET_CONNECTION_STATUS *
PackAddBool(p, "UseCompress", c->UseCompress);
PackAddBool(p, "IsRUDPSession", c->IsRUDPSession);
PackAddStr(p, "UnderlayProtocol", c->UnderlayProtocol);
PackAddStr(p, "ProtocolDetails", c->ProtocolDetails);
PackAddBool(p, "IsUdpAccelerationEnabled", c->IsUdpAccelerationEnabled);
PackAddBool(p, "IsUsingUdpAcceleration", c->IsUsingUdpAcceleration);
@@ -5117,6 +5155,22 @@ void CiRpcAccepted(CLIENT *c, SOCK *s)
retcode = 0;
}
if (retcode == 0)
{
if (IsLocalHostIP(&s->RemoteIP) == false)
{
// If the RPC client is from network check whether the password is empty
UCHAR empty_password_hash[20];
Sha0(empty_password_hash, "", 0);
if (Cmp(empty_password_hash, hashed_password, SHA1_SIZE) == 0 ||
IsZero(hashed_password, SHA1_SIZE))
{
// Regard it as incorrect password
retcode = 1;
}
}
}
Lock(c->lock);
{
if (c->Config.AllowRemoteConfig == false)
@@ -5220,14 +5274,21 @@ void CiRpcServerThread(THREAD *thread, void *param)
// Open the port
listener = NULL;
if (c->Config.DisableRpcDynamicPortListener == false)
{
for (i = CLIENT_CONFIG_PORT;i < (CLIENT_CONFIG_PORT + 5);i++)
{
listener = Listen(i);
listener = ListenEx(i, !c->Config.AllowRemoteConfig);
if (listener != NULL)
{
break;
}
}
}
else
{
listener = ListenEx(CLIENT_CONFIG_PORT, !c->Config.AllowRemoteConfig);
}
if (listener == NULL)
{
@@ -5410,7 +5471,7 @@ NOTIFY_CLIENT *CcConnectNotify(REMOTE_CLIENT *rc)
NOTIFY_CLIENT *n;
SOCK *s;
char tmp[MAX_SIZE];
bool rpc_mode = false;
UINT rpc_mode = 0;
UINT port;
// Validate arguments
if (rc == NULL || rc->Rpc == NULL || rc->Rpc->Sock == NULL)
@@ -5838,6 +5899,7 @@ void CiGetSessionStatus(RPC_CLIENT_GET_CONNECTION_STATUS *st, SESSION *s)
if (st->UseEncrypt)
{
StrCpy(st->CipherName, sizeof(st->CipherName), s->Connection->CipherName);
StrCpy(st->ProtocolName, sizeof(st->ProtocolName), s->Connection->SslVersion);
}
// Use of compression
st->UseCompress = s->UseCompress;
@@ -6493,9 +6555,7 @@ bool CtConnect(CLIENT *c, RPC_CLIENT_CONNECT *connect)
// Requires account and VLan lists of the CLIENT argument to be already locked
bool CtVLansDown(CLIENT *c)
{
#ifndef UNIX_LINUX
return true;
#else
#if defined(UNIX_LINUX) || defined(UNIX_BSD)
int i;
LIST *tmpVLanList;
UNIX_VLAN t, *r;
@@ -6537,6 +6597,8 @@ bool CtVLansDown(CLIENT *c)
ReleaseList(tmpVLanList);
return result;
#else
return true;
#endif
}
@@ -6544,9 +6606,7 @@ bool CtVLansDown(CLIENT *c)
// Requires VLan list of the CLIENT argument to be already locked
bool CtVLansUp(CLIENT *c)
{
#ifndef UNIX_LINUX
return true;
#else
#if defined(UNIX_LINUX) || defined(UNIX_BSD)
int i;
UNIX_VLAN *r;
@@ -6560,9 +6620,8 @@ bool CtVLansUp(CLIENT *c)
r = LIST_DATA(c->UnixVLanList, i);
UnixVLanSetState(r->Name, true);
}
return true;
#endif
return true;
}
// Get the account information
@@ -6597,6 +6656,9 @@ bool CtGetAccount(CLIENT *c, RPC_CLIENT_GET_ACCOUNT *a)
Lock(r->lock);
{
// Copy account name (restore the correct case)
UniStrCpy(a->AccountName, sizeof(a->AccountName), r->ClientOption->AccountName);
// Copy the client option
if (a->ClientOption != NULL)
{
@@ -6616,6 +6678,7 @@ bool CtGetAccount(CLIENT *c, RPC_CLIENT_GET_ACCOUNT *a)
a->CheckServerCert = r->CheckServerCert;
a->RetryOnServerCert = r->RetryOnServerCert;
a->AddDefaultCA = r->AddDefaultCA;
a->ServerCert = NULL;
if (r->ServerCert != NULL)
{
@@ -7027,6 +7090,12 @@ bool CtEnumAccount(CLIENT *c, RPC_CLIENT_ENUM_ACCOUNT *e)
// Server name
StrCpy(item->ServerName, sizeof(item->ServerName), a->ClientOption->Hostname);
// Append hint string to hostname
if (IsEmptyStr(a->ClientOption->HintStr) == false)
{
StrCat(item->ServerName, sizeof(item->ServerName), "/");
StrCat(item->ServerName, sizeof(item->ServerName), a->ClientOption->HintStr);
}
// Proxy type
item->ProxyType = a->ClientOption->ProxyType;
@@ -7109,14 +7178,6 @@ bool CtSetAccount(CLIENT *c, RPC_CLIENT_CREATE_ACCOUNT *a, bool inner)
}
}
if (a->ServerCert != NULL && a->ServerCert->is_compatible_bit == false)
{
// Server certificate is invalid
UnlockList(c->AccountList);
CiSetError(c, ERR_NOT_RSA_1024);
return false;
}
Lock(ret->lock);
{
@@ -7152,6 +7213,7 @@ bool CtSetAccount(CLIENT *c, RPC_CLIENT_CREATE_ACCOUNT *a, bool inner)
ret->CheckServerCert = a->CheckServerCert;
ret->RetryOnServerCert = a->RetryOnServerCert;
ret->AddDefaultCA = a->AddDefaultCA;
if (a->ServerCert != NULL)
{
@@ -7236,14 +7298,6 @@ bool CtCreateAccount(CLIENT *c, RPC_CLIENT_CREATE_ACCOUNT *a, bool inner)
}
}
if (a->ServerCert != NULL && a->ServerCert->is_compatible_bit == false)
{
// The server certificate is invalid
UnlockList(c->AccountList);
CiSetError(c, ERR_NOT_RSA_1024);
return false;
}
// Add a new account
new_account = ZeroMalloc(sizeof(ACCOUNT));
new_account->lock = NewLock();
@@ -7259,6 +7313,7 @@ bool CtCreateAccount(CLIENT *c, RPC_CLIENT_CREATE_ACCOUNT *a, bool inner)
new_account->CheckServerCert = a->CheckServerCert;
new_account->RetryOnServerCert = a->RetryOnServerCert;
new_account->AddDefaultCA = a->AddDefaultCA;
if (a->ServerCert != NULL)
{
new_account->ServerCert = CloneX(a->ServerCert);
@@ -8536,12 +8591,6 @@ bool CtAddCa(CLIENT *c, RPC_CERT *cert)
return false;
}
if (cert->x->is_compatible_bit == false)
{
CiSetError(c, ERR_NOT_RSA_1024);
return false;
}
AddCa(c->Cedar, cert->x);
CiSaveConfigurationFile(c);
@@ -9002,6 +9051,12 @@ void CiInitConfiguration(CLIENT *c)
c->Config.UseKeepConnect = false; // Don't use the connection maintenance function by default in the Client
// Eraser
c->Eraser = NewEraser(c->Logger, 0);
#ifdef OS_WIN32
c->Config.DisableRpcDynamicPortListener = false;
#else // OS_WIN32
c->Config.DisableRpcDynamicPortListener = true;
#endif // OS_WIN32
}
else
{
@@ -9148,6 +9203,19 @@ void CiLoadClientConfig(CLIENT_CONFIG *c, FOLDER *f)
c->AllowRemoteConfig = CfgGetBool(f, "AllowRemoteConfig");
c->KeepConnectInterval = MAKESURE(CfgGetInt(f, "KeepConnectInterval"), KEEP_INTERVAL_MIN, KEEP_INTERVAL_MAX);
c->NoChangeWcmNetworkSettingOnWindows8 = CfgGetBool(f, "NoChangeWcmNetworkSettingOnWindows8");
if (CfgIsItem(f, "DisableRpcDynamicPortListener"))
{
c->DisableRpcDynamicPortListener = CfgGetBool(f, "DisableRpcDynamicPortListener");
}
else
{
#ifdef OS_WIN32
c->DisableRpcDynamicPortListener = false;
#else // OS_WIN32
c->DisableRpcDynamicPortListener = true;
#endif // OS_WIN32
}
}
// Read the client authentication data
@@ -9241,6 +9309,13 @@ CLIENT_OPTION *CiLoadClientOption(FOLDER *f)
CfgGetUniStr(f, "AccountName", o->AccountName, sizeof(o->AccountName));
CfgGetStr(f, "Hostname", o->Hostname, sizeof(o->Hostname));
// Extract hint string from hostname
UINT i = SearchStrEx(o->Hostname, "/", 0, false);
if (i != INFINITE)
{
StrCpy(o->HintStr, sizeof(o->HintStr), o->Hostname + i + 1);
o->Hostname[i] = 0;
}
o->Port = CfgGetInt(f, "Port");
o->PortUDP = CfgGetInt(f, "PortUDP");
o->ProxyType = CfgGetInt(f, "ProxyType");
@@ -9271,6 +9346,8 @@ CLIENT_OPTION *CiLoadClientOption(FOLDER *f)
o->DisableQoS = CfgGetBool(f, "DisableQoS");
o->FromAdminPack = CfgGetBool(f, "FromAdminPack");
o->NoUdpAcceleration = CfgGetBool(f, "NoUdpAcceleration");
CfgGetIp(f, "BindLocalIP", &o->BindLocalIP);// Source IP address for outgoing connection
o->BindLocalPort = CfgGetInt(f, "BindLocalPort");// Source port number for outgoing connection
b = CfgGetBuf(f, "HostUniqueKey");
if (b != NULL)
@@ -9322,6 +9399,7 @@ ACCOUNT *CiLoadClientAccount(FOLDER *f)
a->StartupAccount = CfgGetBool(f, "StartupAccount");
a->CheckServerCert = CfgGetBool(f, "CheckServerCert");
a->RetryOnServerCert = CfgGetBool(f, "RetryOnServerCert");
a->AddDefaultCA = CfgGetBool(f, "AddDefaultCA");
a->CreateDateTime = CfgGetInt64(f, "CreateDateTime");
a->UpdateDateTime = CfgGetInt64(f, "UpdateDateTime");
a->LastConnectDateTime = CfgGetInt64(f, "LastConnectDateTime");
@@ -9712,6 +9790,7 @@ void CiWriteClientConfig(FOLDER *cc, CLIENT_CONFIG *config)
CfgAddBool(cc, "AllowRemoteConfig", config->AllowRemoteConfig);
CfgAddInt(cc, "KeepConnectInterval", config->KeepConnectInterval);
CfgAddBool(cc, "NoChangeWcmNetworkSettingOnWindows8", config->NoChangeWcmNetworkSettingOnWindows8);
CfgAddBool(cc, "DisableRpcDynamicPortListener", config->DisableRpcDynamicPortListener);
}
// Write the client authentication data
@@ -9783,7 +9862,20 @@ void CiWriteClientOption(FOLDER *f, CLIENT_OPTION *o)
}
CfgAddUniStr(f, "AccountName", o->AccountName);
// Append hint string to hostname
if (IsEmptyStr(o->HintStr))
{
// No hint
CfgAddStr(f, "Hostname", o->Hostname);
}
else
{
char hostname[MAX_SIZE];
StrCpy(hostname, sizeof(hostname), o->Hostname);
StrCat(hostname, sizeof(hostname), "/");
StrCat(hostname, sizeof(hostname), o->HintStr);
CfgAddStr(f, "Hostname", hostname);
}
CfgAddInt(f, "Port", o->Port);
CfgAddInt(f, "PortUDP", o->PortUDP);
CfgAddInt(f, "ProxyType", o->ProxyType);
@@ -9811,6 +9903,8 @@ void CiWriteClientOption(FOLDER *f, CLIENT_OPTION *o)
CfgAddBool(f, "RequireBridgeRoutingMode", o->RequireBridgeRoutingMode);
CfgAddBool(f, "DisableQoS", o->DisableQoS);
CfgAddBool(f, "NoUdpAcceleration", o->NoUdpAcceleration);
CfgAddIp(f, "BindLocalIP", &o->BindLocalIP);// Source IP address for outgoing connection
CfgAddInt(f, "BindLocalPort", o->BindLocalPort);// Source port number for outgoing connection
if (o->FromAdminPack)
{
@@ -9947,6 +10041,9 @@ void CiWriteAccountData(FOLDER *f, ACCOUNT *a)
// Retry on invalid server certificate flag
CfgAddBool(f, "RetryOnServerCert", a->RetryOnServerCert);
// Add default SSL trust store
CfgAddBool(f, "AddDefaultCA", a->AddDefaultCA);
// Date and time
CfgAddInt64(f, "CreateDateTime", a->CreateDateTime);
CfgAddInt64(f, "UpdateDateTime", a->UpdateDateTime);
src/Cedar/Client.h
+4
View File
@@ -61,6 +61,7 @@ struct ACCOUNT
CLIENT_AUTH *ClientAuth; // Client authentication data
bool CheckServerCert; // Check the server certificate
bool RetryOnServerCert; // Retry on invalid server certificate
bool AddDefaultCA; // Use default trust store
X *ServerCert; // Server certificate
bool StartupAccount; // Start-up account
UCHAR ShortcutKey[SHA1_SIZE]; // Key
@@ -86,6 +87,7 @@ struct CLIENT_CONFIG
UINT KeepConnectProtocol; // Protocol
UINT KeepConnectInterval; // Interval
bool NoChangeWcmNetworkSettingOnWindows8; // Don't change the WCM network settings on Windows 8
bool DisableRpcDynamicPortListener;
};
// Version acquisition
@@ -239,6 +241,7 @@ struct RPC_CLIENT_CREATE_ACCOUNT
bool StartupAccount; // Startup account
bool CheckServerCert; // Checking of the server certificate
bool RetryOnServerCert; // Retry on invalid server certificate
bool AddDefaultCA; // Use default trust store
X *ServerCert; // Server certificate
UCHAR ShortcutKey[SHA1_SIZE]; // Shortcut Key
};
@@ -292,6 +295,7 @@ struct RPC_CLIENT_GET_ACCOUNT
bool StartupAccount; // Startup account
bool CheckServerCert; // Check the server certificate
bool RetryOnServerCert; // Retry on invalid server certificate
bool AddDefaultCA; // Use default trust store
X *ServerCert; // Server certificate
UCHAR ShortcutKey[SHA1_SIZE]; // Shortcut Key
UINT64 CreateDateTime; // Creation date and time (Ver 3.0 or later)
src/Cedar/Command.c
+544 -238
View File
File diff suppressed because it is too large Load Diff
src/Cedar/Command.h
+8
View File
@@ -236,6 +236,7 @@ bool CmdEvalPortList(CONSOLE *c, wchar_t *str, void *param);
wchar_t *PsClusterSettingMemberPromptPorts(CONSOLE *c, void *param);
K *CmdLoadKey(CONSOLE *c, wchar_t *filename);
bool CmdLoadCertAndKey(CONSOLE *c, X **xx, K **kk, wchar_t *cert_filename, wchar_t *key_filename);
bool CmdLoadCertChainAndKey(CONSOLE *c, X **xx, K **kk, LIST **cc, wchar_t *cert_filename, wchar_t *key_filename);
bool CmdEvalTcpOrUdp(CONSOLE *c, wchar_t *str, void *param);
wchar_t *GetConnectionTypeStr(UINT type);
bool CmdEvalHostAndSubnetMask4(CONSOLE *c, wchar_t *str, void *param);
@@ -307,6 +308,8 @@ UINT PtConnect(CONSOLE *c, wchar_t *cmdline);
PT *NewPt(CONSOLE *c, wchar_t *cmdline);
void FreePt(PT *pt);
void PtMain(PT *pt);
UINT PtGenX25519(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
UINT PtGetPublicX25519(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
UINT PtMakeCert(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
UINT PtMakeCert2048(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
UINT PtTrafficClient(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
@@ -339,6 +342,7 @@ UINT PcNicDisable(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
UINT PcNicList(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
UINT PcAccountList(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
UINT PcAccountCreate(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
void SetRpcClientCreateAccountFromGetAccount(RPC_CLIENT_CREATE_ACCOUNT *c, RPC_CLIENT_GET_ACCOUNT *t);
UINT PcAccountSet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
UINT PcAccountGet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
UINT PcAccountDelete(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
@@ -362,6 +366,8 @@ UINT PcAccountServerCertEnable(CONSOLE *c, char *cmd_name, wchar_t *str, void *p
UINT PcAccountServerCertDisable(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
UINT PcAccountRetryOnServerCertEnable(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
UINT PcAccountRetryOnServerCertDisable(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
UINT PcAccountDefaultCAEnable(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
UINT PcAccountDefaultCADisable(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
UINT PcAccountServerCertSet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
UINT PcAccountServerCertDelete(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
UINT PcAccountServerCertGet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
@@ -507,6 +513,8 @@ UINT PsCascadeProxySocks(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
UINT PsCascadeProxySocks5(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
UINT PsCascadeServerCertEnable(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
UINT PsCascadeServerCertDisable(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
UINT PsCascadeDefaultCAEnable(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
UINT PsCascadeDefaultCADisable(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
UINT PsCascadeServerCertSet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
UINT PsCascadeServerCertDelete(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
UINT PsCascadeServerCertGet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
src/Cedar/Connection.c
+23 -4
View File
@@ -28,6 +28,7 @@
#include "Mayaqua/Object.h"
#include "Mayaqua/Pack.h"
#include "Mayaqua/Str.h"
#include "Mayaqua/Table.h"
#include "Mayaqua/Tick64.h"
#include <stdlib.h>
@@ -909,20 +910,24 @@ void SendKeepAlive(CONNECTION *c, TCPSOCK *ts)
if (s->UseUdpAcceleration && udp_accel != NULL)
{
UINT required_size = 0;
if (udp_accel->MyPortNatT != 0)
{
size = MAX(size, (StrLen(UDP_NAT_T_PORT_SIGNATURE_IN_KEEP_ALIVE) + sizeof(USHORT)));
required_size += StrLen(UDP_NAT_T_PORT_SIGNATURE_IN_KEEP_ALIVE) + sizeof(USHORT);
insert_natt_port = true;
}
if (IsZeroIP(&udp_accel->MyIpNatT) == false)
{
size = MAX(size, (StrLen(UDP_NAT_T_IP_SIGNATURE_IN_KEEP_ALIVE) + sizeof(udp_accel->MyIpNatT.address)));
required_size += StrLen(UDP_NAT_T_IP_SIGNATURE_IN_KEEP_ALIVE) + sizeof(udp_accel->MyIpNatT.address);
insert_natt_ip = true;
}
size = MAX(size, required_size);
}
buf = MallocFast(size);
@@ -2986,6 +2991,7 @@ void ConnectionAccept(CONNECTION *c)
SOCK *s;
X *x;
K *k;
LIST *chain;
char tmp[128];
UINT initial_timeout = CONNECTING_TIMEOUT;
UCHAR ctoken_hash[SHA1_SIZE];
@@ -3036,26 +3042,34 @@ void ConnectionAccept(CONNECTION *c)
x = CloneX(c->Cedar->ServerX);
k = CloneK(c->Cedar->ServerK);
chain = CloneXList(c->Cedar->ServerChain);
}
Unlock(c->Cedar->lock);
// Start the SSL communication
Copy(&s->SslAcceptSettings, &c->Cedar->SslAcceptSettings, sizeof(SSL_ACCEPT_SETTINGS));
if (StartSSL(s, x, k) == false)
UINT ssl_err = 0;
if (StartSSLEx3(s, x, k, chain, 0, NULL, NULL, &ssl_err) == false)
{
// Failed
AddNoSsl(c->Cedar, &s->RemoteIP);
Debug("ConnectionAccept(): StartSSL() failed\n");
if (ssl_err != 0)
{
SLog(c->Cedar, "LS_SSL_START_ERROR", c->Name, GetUniErrorStr(ssl_err), ssl_err);
}
FreeX(x);
FreeK(k);
FreeXList(chain);
goto FINAL;
}
FreeX(x);
FreeK(k);
FreeXList(chain);
SLog(c->Cedar, "LS_SSL_START", c->Name, s->CipherName);
SLog(c->Cedar, "LS_SSL_START", c->Name, s->SslVersion, s->CipherName);
Copy(c->CToken_Hash, ctoken_hash, SHA1_SIZE);
@@ -3391,6 +3405,11 @@ void CleanupConnection(CONNECTION *c)
Free(c->CipherName);
}
if (c->SslVersion != NULL)
{
Free(c->SslVersion);
}
Free(c);
}
src/Cedar/Connection.h
+20 -1
View File
@@ -58,8 +58,11 @@ struct RC4_KEY_PAIR
UCHAR ServerToClientKey[16];
UCHAR ClientToServerKey[16];
};
#define TYPE_BINDLOCALIP 1 // Enable HMI user to edit Source IP address & Source port number for outgoing connection
// Client Options
// Do not change item size or order and only add new items at the end!
// See comments in struct SETTING (SMInner.h)
struct CLIENT_OPTION
{
wchar_t AccountName[MAX_ACCOUNT_NAME_LEN + 1]; // Connection setting name
@@ -71,26 +74,41 @@ struct CLIENT_OPTION
UINT ProxyPort; // Port number of the proxy server
char ProxyUsername[PROXY_MAX_USERNAME_LEN + 1]; // Maximum user name length
char ProxyPassword[PROXY_MAX_PASSWORD_LEN + 1]; // Maximum password length
char CustomHttpHeader[HTTP_CUSTOM_HEADER_MAX_SIZE + 1]; // Custom HTTP proxy header
UINT NumRetry; // Automatic retries
UINT RetryInterval; // Retry interval
char HubName[MAX_HUBNAME_LEN + 1]; // HUB name
UINT MaxConnection; // Maximum number of concurrent TCP connections
bool UseEncrypt; // Use encrypted communication
char pad1[3];
bool UseCompress; // Use data compression
char pad2[3];
bool HalfConnection; // Use half connection in TCP
char pad3[3];
bool NoRoutingTracking; // Disable the routing tracking
char pad4[3];
char DeviceName[MAX_DEVICE_NAME_LEN + 1]; // VLAN device name
UINT AdditionalConnectionInterval; // Connection attempt interval when additional connection establish
UINT ConnectionDisconnectSpan; // Disconnection interval
bool HideStatusWindow; // Hide the status window
char pad5[3];
bool HideNicInfoWindow; // Hide the NIC status window
char pad6[3];
bool RequireMonitorMode; // Monitor port mode
char pad7[3];
bool RequireBridgeRoutingMode; // Bridge or routing mode
char pad8[3];
bool DisableQoS; // Disable the VoIP / QoS function
char pad9[3];
bool FromAdminPack; // For Administration Pack
char pad10[3];
char pad11[4]; // Removed bool
bool NoUdpAcceleration; // Do not use UDP acceleration mode
char pad12[3];
UCHAR HostUniqueKey[SHA1_SIZE]; // Host unique key
char CustomHttpHeader[HTTP_CUSTOM_HEADER_MAX_SIZE]; // Custom HTTP proxy header
char HintStr[MAX_HOST_NAME_LEN + 1]; // Hint string for NAT-T
IP BindLocalIP; // Source IP address for outgoing connection
UINT BindLocalPort; // Source port number for outgoing connection
};
// Client authentication data
@@ -208,6 +226,7 @@ struct CONNECTION
X *ServerX; // Server certificate
X *ClientX; // Client certificate
char *CipherName; // Encryption algorithm name
char *SslVersion; // SSL protocol version
UINT64 ConnectedTick; // Time it is connected
IP ClientIp; // Client IP address
char ClientHostname[MAX_HOST_NAME_LEN + 1]; // Client host name
src/Cedar/DDNS.c
-4
View File
@@ -541,13 +541,9 @@ UINT DCRegister(DDNS_CLIENT *c, bool ipv6, DDNS_REGISTER_PARAM *p, char *replace
}
}
Format(url2, sizeof(url2), "%s?v=%I64u", url, Rand64());
Format(url3, sizeof(url3), url2, key_hash_str[2], key_hash_str[3]);
ReplaceStr(url3, sizeof(url3), url3, "https://", "http://");
ReplaceStr(url3, sizeof(url3), url3, ".servers", ".open.servers");
cert_hash = StrToBin(DDNS_CERT_HASH);
src/Cedar/DDNS.h
+6 -2
View File
@@ -18,7 +18,11 @@
"439BAFA75A6EE5671FC9F9A02D34FF29881761A0" \
"EFAC5FA0CDD14E0F864EED58A73C35D7E33B62F3" \
"74DF99D4B1B5F0488A388B50D347D26013DC67A5" \
"6EBB39AFCA8C900635CFC11218CF293A612457E4"
"6EBB39AFCA8C900635CFC11218CF293A612457E4" \
"05A9386C5E2B233F7BAB2479620EAAA2793709ED" \
"A811C64BB715351E36B6C1E022648D8BE0ACD128" \
"BD264DB3B0B1B3ABA0AF3074AA574ED1EF3B42D7" \
"9AB61D691536645DD55A8730FC6D2CDF33C8C73F"
#define DDNS_SNI_VER_STRING "DDNS"
@@ -43,7 +47,7 @@
#define DDNS_URL2_V4_ALT "http://get-my-ip.ddns.uxcom.jp/ddns/getmyip.ashx"
#define DDNS_URL2_V6_ALT "http://get-my-ip-v6.ddns.uxcom.jp/ddns/getmyip.ashx"
#define DDNS_RPC_MAX_RECV_SIZE DYN32(DDNS_RPC_MAX_RECV_SIZE, (128 * 1024 * 1024))
#define DDNS_RPC_MAX_RECV_SIZE DYN32(DDNS_RPC_MAX_RECV_SIZE, (38 * 1024 * 1024))
// Connection Timeout
#define DDNS_CONNECT_TIMEOUT DYN32(DDNS_CONNECT_TIMEOUT, (15 * 1000))
src/Cedar/Hub.c
+34 -6
View File
@@ -91,7 +91,8 @@ UINT num_admin_options = sizeof(admin_options) / sizeof(ADMIN_OPTION);
// Create an EAP client for the specified Virtual Hub
EAP_CLIENT *HubNewEapClient(CEDAR *cedar, char *hubname, char *client_ip_str, char *username, char *vpn_protocol_state_str)
EAP_CLIENT *HubNewEapClient(CEDAR *cedar, char *hubname, char *client_ip_str, char *username, char *vpn_protocol_state_str, bool proxy_only,
PPP_LCP **response, UCHAR last_recv_eapid)
{
HUB *hub = NULL;
EAP_CLIENT *ret = NULL;
@@ -137,7 +138,7 @@ EAP_CLIENT *HubNewEapClient(CEDAR *cedar, char *hubname, char *client_ip_str, ch
if (GetIP(&ip, radius_servers_list->Token[i]))
{
eap = NewEapClient(&ip, radius_port, radius_secret, radius_retry_interval,
RADIUS_INITIAL_EAP_TIMEOUT, client_ip_str, username, hubname);
RADIUS_INITIAL_EAP_TIMEOUT, client_ip_str, username, hubname, last_recv_eapid);
if (eap != NULL)
{
@@ -146,7 +147,19 @@ EAP_CLIENT *HubNewEapClient(CEDAR *cedar, char *hubname, char *client_ip_str, ch
StrCpy(eap->In_VpnProtocolState, sizeof(eap->In_VpnProtocolState), vpn_protocol_state_str);
}
if (use_peap == false)
if (proxy_only && response != NULL)
{
// EAP proxy for EAP-capable clients
PPP_LCP *lcp = EapClientSendEapIdentity(eap);
if (lcp != NULL)
{
*response = lcp;
eap->GiveupTimeout = RADIUS_RETRY_TIMEOUT;
ret = eap;
finish = true;
}
}
else if (use_peap == false)
{
// EAP
if (EapClientSendMsChapv2AuthRequest(eap))
@@ -606,6 +619,7 @@ void DataToHubOptionStruct(HUB_OPTION *o, RPC_ADMIN_OPTION *ao)
GetHubAdminOptionDataAndSet(ao, "DoNotSaveHeavySecurityLogs", o->DoNotSaveHeavySecurityLogs);
GetHubAdminOptionDataAndSet(ao, "DropBroadcastsInPrivacyFilterMode", o->DropBroadcastsInPrivacyFilterMode);
GetHubAdminOptionDataAndSet(ao, "DropArpInPrivacyFilterMode", o->DropArpInPrivacyFilterMode);
GetHubAdminOptionDataAndSet(ao, "AllowSameUserInPrivacyFilterMode", o->AllowSameUserInPrivacyFilterMode);
GetHubAdminOptionDataAndSet(ao, "SuppressClientUpdateNotification", o->SuppressClientUpdateNotification);
GetHubAdminOptionDataAndSet(ao, "FloodingSendQueueBufferQuota", o->FloodingSendQueueBufferQuota);
GetHubAdminOptionDataAndSet(ao, "AssignVLanIdByRadiusAttribute", o->AssignVLanIdByRadiusAttribute);
@@ -615,6 +629,7 @@ void DataToHubOptionStruct(HUB_OPTION *o, RPC_ADMIN_OPTION *ao)
GetHubAdminOptionDataAndSet(ao, "NoPhysicalIPOnPacketLog", o->NoPhysicalIPOnPacketLog);
GetHubAdminOptionDataAndSet(ao, "UseHubNameAsDhcpUserClassOption", o->UseHubNameAsDhcpUserClassOption);
GetHubAdminOptionDataAndSet(ao, "UseHubNameAsRadiusNasId", o->UseHubNameAsRadiusNasId);
GetHubAdminOptionDataAndSet(ao, "AllowEapMatchUserByCert", o->AllowEapMatchUserByCert);
}
// Convert the contents of the HUB_OPTION to data
@@ -679,6 +694,7 @@ void HubOptionStructToData(RPC_ADMIN_OPTION *ao, HUB_OPTION *o, char *hub_name)
Add(aol, NewAdminOption("DoNotSaveHeavySecurityLogs", o->DoNotSaveHeavySecurityLogs));
Add(aol, NewAdminOption("DropBroadcastsInPrivacyFilterMode", o->DropBroadcastsInPrivacyFilterMode));
Add(aol, NewAdminOption("DropArpInPrivacyFilterMode", o->DropArpInPrivacyFilterMode));
Add(aol, NewAdminOption("AllowSameUserInPrivacyFilterMode", o->AllowSameUserInPrivacyFilterMode));
Add(aol, NewAdminOption("SuppressClientUpdateNotification", o->SuppressClientUpdateNotification));
Add(aol, NewAdminOption("FloodingSendQueueBufferQuota", o->FloodingSendQueueBufferQuota));
Add(aol, NewAdminOption("AssignVLanIdByRadiusAttribute", o->AssignVLanIdByRadiusAttribute));
@@ -688,6 +704,7 @@ void HubOptionStructToData(RPC_ADMIN_OPTION *ao, HUB_OPTION *o, char *hub_name)
Add(aol, NewAdminOption("NoPhysicalIPOnPacketLog", o->NoPhysicalIPOnPacketLog));
Add(aol, NewAdminOption("UseHubNameAsDhcpUserClassOption", o->UseHubNameAsDhcpUserClassOption));
Add(aol, NewAdminOption("UseHubNameAsRadiusNasId", o->UseHubNameAsRadiusNasId));
Add(aol, NewAdminOption("AllowEapMatchUserByCert", o->AllowEapMatchUserByCert));
Zero(ao, sizeof(RPC_ADMIN_OPTION));
@@ -3562,7 +3579,7 @@ bool HubPaPutPacket(SESSION *s, void *data, UINT size)
target_mss = MIN(target_mss, session_mss);
if (s->IsUsingUdpAcceleration && s->UdpAccelMss != 0)
if (s->UseUdpAcceleration && s->UdpAccelMss != 0)
{
// If the link is established with UDP acceleration function, use optimum value of the UDP acceleration function
target_mss = MIN(target_mss, s->UdpAccelMss);
@@ -3915,6 +3932,7 @@ void StorePacket(HUB *hub, SESSION *s, PKT *packet)
bool no_heavy = false;
bool drop_broadcast_packet_privacy = false;
bool drop_arp_packet_privacy = false;
bool allow_same_user_packet_privacy = false;
UINT tcp_queue_quota = 0;
UINT64 dormant_interval = 0;
// Validate arguments
@@ -3939,6 +3957,7 @@ void StorePacket(HUB *hub, SESSION *s, PKT *packet)
no_heavy = hub->Option->DoNotSaveHeavySecurityLogs;
drop_broadcast_packet_privacy = hub->Option->DropBroadcastsInPrivacyFilterMode;
drop_arp_packet_privacy = hub->Option->DropArpInPrivacyFilterMode;
allow_same_user_packet_privacy = hub->Option->AllowSameUserInPrivacyFilterMode;
tcp_queue_quota = hub->Option->FloodingSendQueueBufferQuota;
if (hub->Option->DetectDormantSessionInterval != 0)
{
@@ -4839,10 +4858,14 @@ UPDATE_FDB:
{
// Privacy filter
if (drop_arp_packet_privacy || packet->TypeL3 != L3_ARPV4)
{
// Do not block sessions owned by the same user, if the corresponding option is enabled.
if (allow_same_user_packet_privacy == false || StrCmp(s->Username, dest_session->Username))
{
goto DISCARD_UNICAST_PACKET;
}
}
}
if (s != NULL)
{
@@ -5056,10 +5079,14 @@ DISCARD_UNICAST_PACKET:
{
// Privacy filter
if (drop_arp_packet_privacy || packet->TypeL3 != L3_ARPV4)
{
// Do not block sessions owned by the same user, if the corresponding option is enabled.
if (allow_same_user_packet_privacy == false || StrCmp(s->Username, dest_session->Username))
{
discard = true;
}
}
}
if (s != NULL)
{
@@ -5350,7 +5377,7 @@ void StorePacketToHubPa(HUB_PA *dest, SESSION *src, void *data, UINT size, PKT *
if (src != NULL && dest->Session != NULL && src->Hub != NULL && src->Hub->Option != NULL)
{
if (dest->Session->AdjustMss != 0 ||
(dest->Session->IsUsingUdpAcceleration && dest->Session->UdpAccelMss != 0) ||
(dest->Session->UseUdpAcceleration && dest->Session->UdpAccelMss != 0) ||
(dest->Session->IsRUDPSession && dest->Session->RUdpMss != 0))
{
if (src->Hub->Option->DisableAdjustTcpMss == false)
@@ -5362,7 +5389,7 @@ void StorePacketToHubPa(HUB_PA *dest, SESSION *src, void *data, UINT size, PKT *
target_mss = MIN(target_mss, dest->Session->AdjustMss);
}
if (dest->Session->IsUsingUdpAcceleration && dest->Session->UdpAccelMss != 0)
if (dest->Session->UseUdpAcceleration && dest->Session->UdpAccelMss != 0)
{
target_mss = MIN(target_mss, dest->Session->UdpAccelMss);
}
@@ -6955,6 +6982,7 @@ HUB *NewHub(CEDAR *cedar, char *HubName, HUB_OPTION *option)
h->Option->DropBroadcastsInPrivacyFilterMode = true;
h->Option->DropArpInPrivacyFilterMode = true;
h->Option->AllowSameUserInPrivacyFilterMode = false;
Rand(h->HubSignature, sizeof(h->HubSignature));
src/Cedar/Hub.h
+4 -1
View File
@@ -172,6 +172,7 @@ struct HUB_OPTION
bool DoNotSaveHeavySecurityLogs; // Do not take heavy security log
bool DropBroadcastsInPrivacyFilterMode; // Drop broadcasting packets if the both source and destination session is PrivacyFilter mode
bool DropArpInPrivacyFilterMode; // Drop ARP packets if the both source and destination session is PrivacyFilter mode
bool AllowSameUserInPrivacyFilterMode; // Allow packets if both the source and destination session user are the same
bool SuppressClientUpdateNotification; // Suppress the update notification function on the VPN Client
UINT FloodingSendQueueBufferQuota; // The global quota of send queues of flooding packets
bool AssignVLanIdByRadiusAttribute; // Assign the VLAN ID for the VPN session, by the attribute value of RADIUS
@@ -181,6 +182,7 @@ struct HUB_OPTION
bool NoPhysicalIPOnPacketLog; // Disable saving physical IP address on the packet log
bool UseHubNameAsDhcpUserClassOption; // Add HubName to DHCP request as User-Class option
bool UseHubNameAsRadiusNasId; // Add HubName to Radius request as NAS-Identifier attrioption
bool AllowEapMatchUserByCert; // Allow matching EAP Identity with user certificate CNs
};
// MAC table entry
@@ -535,7 +537,8 @@ bool IsUserMatchInUserList(LIST *o, char *filename, UINT64 user_hash);
bool IsUserMatchInUserListWithCacheExpires(LIST *o, char *filename, UINT64 user_hash, UINT64 lifetime);
bool IsUserMatchInUserListWithCacheExpiresAcl(LIST *o, char *name_in_acl, UINT64 user_hash, UINT64 lifetime);
bool CheckMaxLoggedPacketsPerMinute(SESSION *s, UINT max_packets, UINT64 now);
EAP_CLIENT *HubNewEapClient(CEDAR *cedar, char *hubname, char *client_ip_str, char *username, char *vpn_protocol_state_str);
EAP_CLIENT *HubNewEapClient(CEDAR *cedar, char *hubname, char *client_ip_str, char *username, char *vpn_protocol_state_str, bool proxy_only,
PPP_LCP **response, UCHAR last_recv_eapid);
#endif // HUB_H
src/Cedar/IPC.c
+132 -43
View File
@@ -244,7 +244,8 @@ IPC *NewIPCByParam(CEDAR *cedar, IPC_PARAM *param, UINT *error_code)
param->UserName, param->Password, param->WgKey, error_code,
&param->ClientIp, param->ClientPort, &param->ServerIp, param->ServerPort,
param->ClientHostname, param->CryptName,
param->BridgeMode, param->Mss, NULL, param->ClientCertificate, param->Layer);
param->BridgeMode, param->Mss, NULL, param->ClientCertificate, param->RadiusOK,
param->Layer);
return ipc;
}
@@ -253,7 +254,7 @@ IPC *NewIPCByParam(CEDAR *cedar, IPC_PARAM *param, UINT *error_code)
IPC *NewIPC(CEDAR *cedar, char *client_name, char *postfix, char *hubname, char *username, char *password, char *wg_key,
UINT *error_code, IP *client_ip, UINT client_port, IP *server_ip, UINT server_port,
char *client_hostname, char *crypt_name,
bool bridge_mode, UINT mss, EAP_CLIENT *eap_client, X *client_certificate,
bool bridge_mode, UINT mss, EAP_CLIENT *eap_client, X *client_certificate, bool external_auth,
UINT layer)
{
IPC *ipc;
@@ -360,6 +361,10 @@ IPC *NewIPC(CEDAR *cedar, char *client_name, char *postfix, char *hubname, char
{
p = PackLoginWithOpenVPNCertificate(hubname, username, client_certificate);
}
else if (external_auth)
{
p = PackLoginWithExternal(hubname, username);
}
else
{
p = PackLoginWithPlainPassword(hubname, username, password);
@@ -497,6 +502,8 @@ IPC *NewIPC(CEDAR *cedar, char *client_name, char *postfix, char *hubname, char
ZeroIP4(&ipc->BroadcastAddress);
}
ReleaseHub(hub);
ZeroIP4(&ipc->ClientIPAddress);
MacToStr(macstr, sizeof(macstr), ipc->MacAddress);
@@ -1501,6 +1508,7 @@ void IPCProcessL3EventsEx(IPC *ipc, UINT64 now)
if (p->IPv6HeaderPacketInfo.Protocol == IP_PROTO_ICMPV6)
{
IP icmpHeaderAddr;
UINT header_size = 0;
// We need to parse the Router Advertisement and Neighbor Advertisement messages
// to build the Neighbor Discovery Table (aka ARP table for IPv6)
switch (p->ICMPv6HeaderPacketInfo.Type)
@@ -1509,7 +1517,11 @@ void IPCProcessL3EventsEx(IPC *ipc, UINT64 now)
// We save the router advertisement data for later use
IPCIPv6AddRouterPrefixes(ipc, &p->ICMPv6HeaderPacketInfo.OptionList, src_mac, &ip_src);
IPCIPv6AssociateOnNDTEx(ipc, &ip_src, src_mac, true);
if (p->ICMPv6HeaderPacketInfo.OptionList.SourceLinkLayer != NULL) {
IPCIPv6AssociateOnNDTEx(ipc, &ip_src, p->ICMPv6HeaderPacketInfo.OptionList.SourceLinkLayer->Address, true);
}
ndtProcessed = true;
header_size = sizeof(ICMPV6_ROUTER_ADVERTISEMENT_HEADER);
break;
case ICMPV6_TYPE_NEIGHBOR_ADVERTISEMENT:
// We save the neighbor advertisements into NDT
@@ -1517,7 +1529,77 @@ void IPCProcessL3EventsEx(IPC *ipc, UINT64 now)
IPCIPv6AssociateOnNDTEx(ipc, &icmpHeaderAddr, src_mac, true);
IPCIPv6AssociateOnNDTEx(ipc, &ip_src, src_mac, true);
ndtProcessed = true;
header_size = sizeof(ICMPV6_NEIGHBOR_ADVERTISEMENT_HEADER);
break;
case ICMPV6_TYPE_NEIGHBOR_SOLICIATION:
header_size = sizeof(ICMPV6_NEIGHBOR_SOLICIATION_HEADER);
break;
}
// Remove link-layer address options for Windows clients (required on Windows 11)
if (header_size > 0)
{
//UCHAR *src = p->ICMPv6HeaderPacketInfo.Headers.HeaderPointer + header_size;
UCHAR* src = (UCHAR *)p->ICMPv6HeaderPacketInfo.Headers.HeaderPointer + header_size;// Cast the pointer to UCHAR *.
UINT opt_size = p->ICMPv6HeaderPacketInfo.DataSize - header_size;
UCHAR *dst = src;
UINT removed = 0;
while (opt_size > sizeof(ICMPV6_OPTION))
{
ICMPV6_OPTION *option_header;
UINT header_total_size;
option_header = (ICMPV6_OPTION *)src;
// Calculate the entire header size
header_total_size = option_header->Length * 8;
if (header_total_size == 0)
{
// The size is zero
break;
}
if (opt_size < header_total_size)
{
// Size shortage
break;
}
switch (option_header->Type)
{
case ICMPV6_OPTION_TYPE_SOURCE_LINK_LAYER:
case ICMPV6_OPTION_TYPE_TARGET_LINK_LAYER:
// Skip source or target link-layer option
removed += header_total_size;
break;
default:
// Copy options other than source link-layer
if (src != dst)
{
UCHAR *tmp = Clone(src, header_total_size);
Copy(dst, tmp, header_total_size);
Free(tmp);
}
dst += header_total_size;
}
src += header_total_size;
opt_size -= header_total_size;
}
// Recalculate length and checksum if modified
if (removed > 0)
{
size -= removed;
p->L3.IPv6Header->PayloadLength = Endian16(size - sizeof(IPV6_HEADER));
p->L4.ICMPHeader->Checksum = 0;
p->L4.ICMPHeader->Checksum =
CalcChecksumForIPv6(&p->L3.IPv6Header->SrcAddress,
&p->L3.IPv6Header->DestAddress, IP_PROTO_ICMPV6,
p->L4.ICMPHeader, size - sizeof(IPV6_HEADER), 0);
Copy(data, b->Buf + 14, size);
}
}
}
@@ -2054,7 +2136,7 @@ void IPCIPv6Init(IPC *ipc)
ipc->IPv6RouterAdvs = NewList(NULL);
ipc->IPv6ClientEUI = 0;
ipc->IPv6ServerEUI = 0;
GenerateEui64Address6((UCHAR *)&ipc->IPv6ServerEUI, ipc->MacAddress);
ipc->IPv6State = IPC_PROTO_STATUS_CLOSED;
}
@@ -2274,7 +2356,14 @@ void IPCIPv6AddRouterPrefixes(IPC *ipc, ICMPV6_OPTION_LIST *recvPrefix, UCHAR *m
IntToSubnetMask6(&newRA->RoutedMask, recvPrefix->Prefix[i]->SubnetLength);
CopyIP(&newRA->RouterAddress, ip);
Copy(newRA->RouterMacAddress, macAddress, 6);
if (recvPrefix->SourceLinkLayer != NULL)
{
Copy(newRA->RouterLinkLayerAddress, recvPrefix->SourceLinkLayer->Address, 6);
}
else
{
Zero(newRA->RouterLinkLayerAddress, 6);
}
Add(ipc->IPv6RouterAdvs, newRA);
}
}
@@ -2290,6 +2379,15 @@ bool IPCIPv6CheckUnicastFromRouterPrefix(IPC *ipc, IP *ip, IPC_IPV6_ROUTER_ADVER
UINT i;
IPC_IPV6_ROUTER_ADVERTISEMENT *matchingRA = NULL;
bool isInPrefix = false;
if (LIST_NUM(ipc->IPv6RouterAdvs) == 0)
{
// We have a unicast packet but we haven't got any RAs.
// The client is probably misconfigured in IPv6. We send non-blocking RS at best effort.
IPCSendIPv6RouterSoliciation(ipc, false);
return false;
}
for (i = 0; i < LIST_NUM(ipc->IPv6RouterAdvs); i++)
{
IPC_IPV6_ROUTER_ADVERTISEMENT *ra = LIST_DATA(ipc->IPv6RouterAdvs, i);
@@ -2309,22 +2407,8 @@ bool IPCIPv6CheckUnicastFromRouterPrefix(IPC *ipc, IP *ip, IPC_IPV6_ROUTER_ADVER
return isInPrefix;
}
// Send router solicitation and then eventually populate the info from Router Advertisements
UINT64 IPCIPv6GetServerEui(IPC *ipc)
{
// It is already configured, nothing to do here
if (ipc->IPv6ServerEUI != 0)
{
return ipc->IPv6ServerEUI;
}
// If we don't have a valid client EUI, we can't generate a correct link local
if (ipc->IPv6ClientEUI == 0)
{
return ipc->IPv6ServerEUI;
}
if (LIST_NUM(ipc->IPv6RouterAdvs) == 0)
// Send router solicitation to find a router
bool IPCSendIPv6RouterSoliciation(IPC *ipc, bool blocking)
{
IP destIP;
IPV6_ADDR destV6;
@@ -2334,6 +2418,12 @@ UINT64 IPCIPv6GetServerEui(IPC *ipc)
UINT64 giveup_time = Tick64() + (UINT64)(IPC_IPV6_RA_MAX_RETRIES * IPC_IPV6_RA_INTERVAL);
UINT64 timeout_retry = 0;
// If we don't have a valid client EUI, we can't generate a correct link local
if (ipc->IPv6ClientEUI == 0)
{
return false;
}
Zero(&linkLocal, sizeof(IPV6_ADDR));
// Generate link local from client's EUI
@@ -2352,6 +2442,12 @@ UINT64 IPCIPv6GetServerEui(IPC *ipc)
packet = BuildICMPv6RouterSoliciation(&linkLocal, &destV6, ipc->MacAddress, 0);
if (blocking == false) {
IPCIPv6SendWithDestMacAddr(ipc, packet->Buf, packet->Size, destMacAddress);
FreeBuf(packet);
return false;
}
while (LIST_NUM(ipc->IPv6RouterAdvs) == 0)
{
UINT64 now = Tick64();
@@ -2366,7 +2462,8 @@ UINT64 IPCIPv6GetServerEui(IPC *ipc)
if (Tick64() >= giveup_time)
{
// We failed to receive any router advertisements
break;
FreeBuf(packet);
return false;
}
// The processing should populate the received RAs by itself
@@ -2374,26 +2471,7 @@ UINT64 IPCIPv6GetServerEui(IPC *ipc)
}
FreeBuf(packet);
}
// Populating the IPv6 Server EUI for IPV6CP
if (LIST_NUM(ipc->IPv6RouterAdvs) > 0)
{
IPC_IPV6_ROUTER_ADVERTISEMENT *ra = LIST_DATA(ipc->IPv6RouterAdvs, 0);
Copy(&ipc->IPv6ServerEUI, &ra->RouterAddress.address[8], sizeof(ipc->IPv6ServerEUI));
}
// If it is still not defined, let's just generate something random
while (ipc->IPv6ServerEUI == 0)
{
ipc->IPv6ServerEUI = Rand64();
if (ipc->IPv6ClientEUI == ipc->IPv6ServerEUI)
{
ipc->IPv6ServerEUI = 0;
}
}
return ipc->IPv6ServerEUI;
return true;
}
// Data flow
@@ -2481,10 +2559,20 @@ void IPCIPv6SendWithDestMacAddr(IPC *ipc, void *data, UINT size, UCHAR *dest_mac
BUF *buf;
BUF *optBuf;
BUF *packet;
UINT header_size = 0;
// We need to rebuild the packet to
switch (p->ICMPv6HeaderPacketInfo.Type)
{
case ICMPV6_TYPE_ROUTER_SOLICIATION:
header_size = sizeof(ICMPV6_ROUTER_SOLICIATION_HEADER);
if (p->ICMPv6HeaderPacketInfo.OptionList.SourceLinkLayer == NULL)
{
p->ICMPv6HeaderPacketInfo.OptionList.SourceLinkLayer = &linkLayer;
}
Copy(p->ICMPv6HeaderPacketInfo.OptionList.SourceLinkLayer->Address, ipc->MacAddress, 6);
break;
case ICMPV6_TYPE_NEIGHBOR_SOLICIATION:
header_size = sizeof(ICMPV6_NEIGHBOR_SOLICIATION_HEADER);
if (p->ICMPv6HeaderPacketInfo.OptionList.SourceLinkLayer == NULL)
{
p->ICMPv6HeaderPacketInfo.OptionList.SourceLinkLayer = &linkLayer;
@@ -2492,6 +2580,7 @@ void IPCIPv6SendWithDestMacAddr(IPC *ipc, void *data, UINT size, UCHAR *dest_mac
Copy(p->ICMPv6HeaderPacketInfo.OptionList.SourceLinkLayer->Address, ipc->MacAddress, 6);
break;
case ICMPV6_TYPE_NEIGHBOR_ADVERTISEMENT:
header_size = sizeof(ICMPV6_NEIGHBOR_ADVERTISEMENT_HEADER);
if (p->ICMPv6HeaderPacketInfo.OptionList.TargetLinkLayer == NULL)
{
p->ICMPv6HeaderPacketInfo.OptionList.TargetLinkLayer = &linkLayer;
@@ -2501,12 +2590,12 @@ void IPCIPv6SendWithDestMacAddr(IPC *ipc, void *data, UINT size, UCHAR *dest_mac
}
switch (p->ICMPv6HeaderPacketInfo.Type)
{
case ICMPV6_TYPE_ROUTER_SOLICIATION:
case ICMPV6_TYPE_NEIGHBOR_SOLICIATION:
case ICMPV6_TYPE_NEIGHBOR_ADVERTISEMENT:
optBuf = BuildICMPv6Options(&p->ICMPv6HeaderPacketInfo.OptionList);
buf = NewBuf();
WriteBuf(buf, p->ICMPv6HeaderPacketInfo.Headers.HeaderPointer,
p->ICMPv6HeaderPacketInfo.Type == ICMPV6_TYPE_NEIGHBOR_SOLICIATION ? sizeof(ICMPV6_NEIGHBOR_SOLICIATION_HEADER) : sizeof(ICMPV6_NEIGHBOR_ADVERTISEMENT_HEADER));
WriteBuf(buf, p->ICMPv6HeaderPacketInfo.Headers.HeaderPointer, header_size);
WriteBufBuf(buf, optBuf);
packet = BuildICMPv6(&p->IPv6HeaderPacketInfo.IPv6Header->SrcAddress,
&p->IPv6HeaderPacketInfo.IPv6Header->DestAddress,
@@ -2577,7 +2666,7 @@ void IPCIPv6SendUnicast(IPC *ipc, void *data, UINT size, IP *next_ip)
}
destMac = ra.RouterMacAddress;
if (!IsMacUnicast(destMac) && !IsMacInvalid(ra.RouterMacAddress))
if (!IsMacUnicast(destMac) && !IsMacInvalid(ra.RouterLinkLayerAddress))
{
destMac = ra.RouterLinkLayerAddress;
}
src/Cedar/IPC.h
+4 -3
View File
@@ -91,6 +91,7 @@ struct IPC_PARAM
UINT Mss;
bool IsL3Mode;
X *ClientCertificate;
bool RadiusOK;
UINT Layer;
};
@@ -155,7 +156,7 @@ struct IPC
LIST *IPv6NeighborTable; // Neighbor Discovery Table
LIST *IPv6RouterAdvs; // Router offered prefixes
UINT64 IPv6ClientEUI; // The EUI of the client (for the SLAAC autoconf)
UINT64 IPv6ServerEUI; // The EUI of the server (from the RA discovery)
UINT64 IPv6ServerEUI; // The EUI of the server (from the IPC Mac address)
};
// MS-CHAPv2 authentication information
@@ -180,7 +181,7 @@ struct IPC_IPV6_ROUTER_ADVERTISEMENT
IPC *NewIPC(CEDAR *cedar, char *client_name, char *postfix, char *hubname, char *username, char *password, char *wg_key,
UINT *error_code, IP *client_ip, UINT client_port, IP *server_ip, UINT server_port,
char *client_hostname, char *crypt_name,
bool bridge_mode, UINT mss, EAP_CLIENT *eap_client, X *client_certificate,
bool bridge_mode, UINT mss, EAP_CLIENT *eap_client, X *client_certificate, bool external_auth,
UINT layer);
IPC *NewIPCByParam(CEDAR *cedar, IPC_PARAM *param, UINT *error_code);
IPC *NewIPCBySock(CEDAR *cedar, SOCK *s, void *mac_address);
@@ -233,7 +234,7 @@ bool IPCIPv6CheckExistingLinkLocal(IPC *ipc, UINT64 eui);
// RA
void IPCIPv6AddRouterPrefixes(IPC *ipc, ICMPV6_OPTION_LIST *recvPrefix, UCHAR *macAddress, IP *ip);
bool IPCIPv6CheckUnicastFromRouterPrefix(IPC *ipc, IP *ip, IPC_IPV6_ROUTER_ADVERTISEMENT *matchedRA);
UINT64 IPCIPv6GetServerEui(IPC *ipc);
bool IPCSendIPv6RouterSoliciation(IPC *ipc, bool blocking);
// Data flow
BLOCK *IPCIPv6Recv(IPC *ipc);
void IPCIPv6Send(IPC *ipc, void *data, UINT size);
src/Cedar/Link.h
+1
View File
@@ -31,6 +31,7 @@ struct LINK
UINT CurrentSendPacketQueueSize; // Current send packet queue size
UINT LastError; // Last error
bool CheckServerCert; // To check the server certificate
bool AddDefaultCA; // Use default trust store
X *ServerCert; // Server certificate
bool LockFlag; // Lock flag
bool *StopAllLinkFlag; // Stop all link flag
src/Cedar/Listener.c
+224
View File
@@ -17,6 +17,7 @@
#include "Mayaqua/Memory.h"
#include "Mayaqua/Object.h"
#include "Mayaqua/Str.h"
#include "Mayaqua/Tick64.h"
static bool disable_dos = false;
static UINT max_connections_per_ip = DEFAULT_MAX_CONNECTIONS_PER_IP;
@@ -181,6 +182,11 @@ void TCPAcceptedThread(THREAD *t, void *param)
ConnectionAccept(c);
flag1 = c->flag1;
if (c->JsonRpcAuthed)
{
RemoveDosEntry(r, s);
}
// Release
SLog(r->Cedar, "LS_CONNECTION_END_1", c->Name);
ReleaseListener(c->Listener);
@@ -221,6 +227,46 @@ void TCPAccepted(LISTENER *r, SOCK *s)
num_clients_from_this_ip = GetNumIpClient(&s->RemoteIP);
#ifdef USE_DOS_ATTACK_DETECTION
if (disable_dos == false && r->DisableDos == false && r->Protocol != LISTENER_INPROC)
{
UINT max_uec, now_uec;
// DOS attack check
if (CheckDosAttack(r, s) == false)
{
Debug("DOS Attack 1 !!\n");
IPToStr(tmp, sizeof(tmp), &s->RemoteIP);
SLog(r->Cedar, "LS_LISTENER_DOS", r->Port, tmp, s->RemotePort);
return;
}
if (StrCmpi(s->UnderlayProtocol, SOCK_UNDERLAY_NATIVE_V6) == 0 ||
StrCmpi(s->UnderlayProtocol, SOCK_UNDERLAY_NATIVE_V4) == 0)
{
if (IsInNoSsl(r->Cedar, &s->RemoteIP))
{
Debug("DOS Attack 2 !!\n");
IPToStr(tmp, sizeof(tmp), &s->RemoteIP);
SLog(r->Cedar, "LS_LISTENER_DOS", r->Port, tmp, s->RemotePort);
return;
}
}
if (num_clients_from_this_ip > GetMaxConnectionsPerIp())
{
Debug("DOS Attack 3 !!\n");
IPToStr(tmp, sizeof(tmp), &s->RemoteIP);
SLog(r->Cedar, "LS_LISTENER_DOS", r->Port, tmp, s->RemotePort);
return;
}
max_uec = GetMaxUnestablishedConnections();
now_uec = GetUnestablishedConnections(cedar);
if (now_uec > max_uec)
{
Debug("DOS Attack 4 !!\n");
SLog(r->Cedar, "LS_LISTENER_MAXUEC", max_uec, now_uec);
return;
}
}
#endif // USE_DOS_ATTACK_DETECTION
IPToStr(tmp, sizeof(tmp), &s->RemoteIP);
@@ -239,6 +285,169 @@ void TCPAccepted(LISTENER *r, SOCK *s)
ReleaseThread(t);
}
// Remove a DOS entry
bool RemoveDosEntry(LISTENER *r, SOCK *s)
{
DOS *d;
bool ok = false;
// Validate arguments
if (r == NULL || s == NULL)
{
return false;
}
LockList(r->DosList);
{
// Delete old entries from the DOS attack list
RefreshDosList(r);
// Search the table
d = SearchDosList(r, &s->RemoteIP);
if (d != NULL)
{
Delete(r->DosList, d);
Free(d);
ok = true;
}
}
UnlockList(r->DosList);
return ok;
}
// Check whether this is a DOS attack
bool CheckDosAttack(LISTENER *r, SOCK *s)
{
DOS *d;
bool ok = true;
// Validate arguments
if (r == NULL || s == NULL)
{
return false;
}
LockList(r->DosList);
{
// Delete old entries from the DOS attack list
RefreshDosList(r);
// Search the table
d = SearchDosList(r, &s->RemoteIP);
if (d != NULL)
{
// There is a entry already
// This should mean being under a DOS attack
d->LastConnectedTick = Tick64();
d->CurrentExpireSpan = MIN(d->CurrentExpireSpan * (UINT64)2, DOS_TABLE_EXPIRES_MAX);
d->AccessCount++;
if (d->AccessCount > DOS_TABLE_MAX_LIMIT_PER_IP)
{
ok = false;
}
}
else
{
// Create a new entry
d = ZeroMalloc(sizeof(DOS));
d->CurrentExpireSpan = (UINT64)DOS_TABLE_EXPIRES_FIRST;
d->FirstConnectedTick = d->LastConnectedTick = Tick64();
d->AccessCount = 1;
d->DeleteEntryTick = d->FirstConnectedTick + (UINT64)DOS_TABLE_EXPIRES_TOTAL;
Copy(&d->IpAddress, &s->RemoteIP, sizeof(IP));
Add(r->DosList, d);
}
}
UnlockList(r->DosList);
return ok;
}
// Delete old entries from the DOS attack list
void RefreshDosList(LISTENER *r)
{
// Validate arguments
if (r == NULL)
{
return;
}
if (r->DosListLastRefreshTime == 0 ||
(r->DosListLastRefreshTime + (UINT64)DOS_TABLE_REFRESH_INTERVAL) <= Tick64())
{
UINT i;
LIST *o;
r->DosListLastRefreshTime = Tick64();
o = NewListFast(NULL);
for (i = 0;i < LIST_NUM(r->DosList);i++)
{
DOS *d = LIST_DATA(r->DosList, i);
if ((d->LastConnectedTick + d->CurrentExpireSpan) <= Tick64() ||
(d->DeleteEntryTick <= Tick64()))
{
Add(o, d);
}
}
for (i = 0;i < LIST_NUM(o);i++)
{
DOS *d = LIST_DATA(o, i);
Delete(r->DosList, d);
Free(d);
}
ReleaseList(o);
}
}
// Search the DOS attack list by the IP address
DOS *SearchDosList(LISTENER *r, IP *ip)
{
DOS *d, t;
// Validate arguments
if (r == NULL || ip == NULL)
{
return NULL;
}
Copy(&t.IpAddress, ip, sizeof(IP));
d = Search(r->DosList, &t);
if (d != NULL)
{
if ((d->LastConnectedTick + d->CurrentExpireSpan) <= Tick64() ||
(d->DeleteEntryTick <= Tick64()))
{
// Delete old entries
Delete(r->DosList, d);
Free(d);
return NULL;
}
}
return d;
}
// Comparison of DOS attack list entries
int CompareDos(void *p1, void *p2)
{
DOS *d1, *d2;
if (p1 == NULL || p2 == NULL)
{
return 0;
}
d1 = *(DOS **)p1;
d2 = *(DOS **)p2;
if (d1 == NULL || d2 == NULL)
{
return 0;
}
return CmpIpAddr(&d1->IpAddress, &d2->IpAddress);
}
// UDP listener main loop
void ListenerUDPMainLoop(LISTENER *r)
@@ -385,9 +594,16 @@ void ListenerTCPMainLoop(LISTENER *r)
}
}
else
{
if (r->Cedar->Server == NULL)
{
s = ListenEx6(r->Port, r->LocalOnly);
}
else
{
s = ListenEx63(r->Port, r->LocalOnly, false, &r->Cedar->Server->ListenIP);
}
}
}
else if (r->Protocol == LISTENER_INPROC)
{
@@ -646,6 +862,13 @@ void CleanupListener(LISTENER *r)
return;
}
// Release the DOS attack list
for (i = 0;i < LIST_NUM(r->DosList);i++)
{
DOS *d = LIST_DATA(r->DosList, i);
Free(d);
}
ReleaseList(r->DosList);
if (r->Sock != NULL)
{
@@ -795,6 +1018,7 @@ LISTENER *NewListenerEx5(CEDAR *cedar, UINT proto, UINT port, THREAD_PROC *proc,
r->Port = port;
r->Event = NewEvent();
r->DosList = NewList(CompareDos);
r->LocalOnly = local_only;
r->ShadowIPv6 = shadow_ipv6;
src/Cedar/Listener.h
+19
View File
@@ -10,12 +10,24 @@
#include "CedarType.h"
#include "Mayaqua/MayaType.h"
#include "Mayaqua/Kernel.h"
#include "Mayaqua/Network.h"
// Function to call when receiving a new connection
typedef void (NEW_CONNECTION_PROC)(CONNECTION *c);
// DOS attack list
struct DOS
{
IP IpAddress; // IP address
UINT64 FirstConnectedTick; // Time which a client connects at the first time
UINT64 LastConnectedTick; // Time which a client connected at the last time
UINT64 CurrentExpireSpan; // Current time-out period of this record
UINT64 DeleteEntryTick; // Time planned to delete this entry
UINT AccessCount; // The number of accesses
};
// Listener structure
struct LISTENER
@@ -31,6 +43,8 @@ struct LISTENER
volatile bool Halt; // Halting flag
UINT Status; // State
LIST *DosList; // DOS attack list
UINT64 DosListLastRefreshTime; // Time that the DOS list is refreshed at the last
THREAD_PROC *ThreadProc; // Thread procedure
void *ThreadParam; // Thread parameters
@@ -105,6 +119,11 @@ void FreeDynamicListener(DYNAMIC_LISTENER *d);
bool ListenerRUDPRpcRecvProc(RUDP_STACK *r, UDPPACKET *p);
void ListenerSetProcRecvRpcEnable(bool b);
int CompareDos(void *p1, void *p2);
DOS *SearchDosList(LISTENER *r, IP *ip);
void RefreshDosList(LISTENER *r);
bool CheckDosAttack(LISTENER *r, SOCK *s);
bool RemoveDosEntry(LISTENER *r, SOCK *s);
#endif // LISTENER_H
src/Cedar/Proto_EtherIP.c
+1 -1
View File
@@ -75,7 +75,7 @@ void EtherIPIpcConnectThread(THREAD *t, void *p)
&s->ClientIP, s->ClientPort,
&s->ServerIP, s->ServerPort,
tmp,
s->CryptName, true, mss, NULL, NULL, IPC_LAYER_2);
s->CryptName, true, mss, NULL, NULL, false, IPC_LAYER_2);
if (ipc != NULL)
{
src/Cedar/Proto_IKE.c
+4 -30
View File
@@ -463,39 +463,13 @@ void ProcIPsecEspPacketRecv(IKE_SERVER *ike, UDPPACKET *p)
seq = READ_UINT(src + sizeof(UINT));
// Search and retrieve the IPsec SA from SPI
// thank to @phillibert report, responding to bad SA might lead to amplification
// according to RFC4303 we should drop such packets
ipsec_sa = SearchClientToServerIPsecSaBySpi(ike, spi);
if (ipsec_sa == NULL)
{
// Invalid SPI
UINT64 init_cookie = Rand64();
UINT64 resp_cookie = 0;
IKE_CLIENT *c = NULL;
IKE_CLIENT t;
Copy(&t.ClientIP, &p->SrcIP, sizeof(IP));
t.ClientPort = p->SrcPort;
Copy(&t.ServerIP, &p->DstIP, sizeof(IP));
t.ServerPort = p->DestPort;
t.CurrentIkeSa = NULL;
if (p->DestPort == IPSEC_PORT_IPSEC_ESP_RAW)
{
t.ClientPort = t.ServerPort = IPSEC_PORT_IPSEC_ISAKMP;
}
c = Search(ike->ClientList, &t);
if (c != NULL && c->CurrentIkeSa != NULL)
{
init_cookie = c->CurrentIkeSa->InitiatorCookie;
resp_cookie = c->CurrentIkeSa->ResponderCookie;
}
SendInformationalExchangePacketEx(ike, (c == NULL ? &t : c), IkeNewNoticeErrorInvalidSpiPayload(spi), false,
init_cookie, resp_cookie);
SendDeleteIPsecSaPacket(ike, (c == NULL ? &t : c), spi);
return;
}
src/Cedar/Proto_L2TP.c
+5 -8
View File
@@ -2008,7 +2008,6 @@ UINT CalcL2TPMss(L2TP_SERVER *l2tp, L2TP_TUNNEL *t, L2TP_SESSION *s)
// Start the L2TP thread
void StartL2TPThread(L2TP_SERVER *l2tp, L2TP_TUNNEL *t, L2TP_SESSION *s)
{
PPP_SESSION* underlyingSession;
// Validate arguments
if (l2tp == NULL || t == NULL || s == NULL)
{
@@ -2037,11 +2036,9 @@ void StartL2TPThread(L2TP_SERVER *l2tp, L2TP_TUNNEL *t, L2TP_SESSION *s)
}
// Create a PPP thread
underlyingSession = NewPPPSession(l2tp->Cedar, &t->ClientIp, t->ClientPort, &t->ServerIp, t->ServerPort,
s->Thread = NewPPPSession(l2tp->Cedar, &t->ClientIp, t->ClientPort, &t->ServerIp, t->ServerPort,
s->TubeSend, s->TubeRecv, L2TP_IPC_POSTFIX, tmp, t->HostName, l2tp->CryptName,
CalcL2TPMss(l2tp, t, s));
s->Thread = underlyingSession->SessionThread;
s->PPPSession = underlyingSession;
}
}
@@ -2141,13 +2138,13 @@ void L2TPProcessInterrupts(L2TP_SERVER *l2tp)
UINT64 l2tpTimeout = L2TP_TUNNEL_TIMEOUT;
// If we got on ANY session a higher timeout than the default L2TP tunnel timeout, increase it
for (i = 0; i < LIST_NUM(t->SessionList); i++)
for (j = 0; j < LIST_NUM(t->SessionList); j++)
{
L2TP_SESSION* s = LIST_DATA(t->SessionList, i);
L2TP_SESSION* s = LIST_DATA(t->SessionList, j);
if (s->PPPSession != NULL && s->PPPSession->DataTimeout > l2tpTimeout)
if (s->TubeRecv != NULL && s->TubeRecv->DataTimeout > l2tpTimeout)
{
l2tpTimeout = s->PPPSession->DataTimeout;
l2tpTimeout = s->TubeRecv->DataTimeout;
}
}
src/Cedar/Proto_L2TP.h
-1
View File
@@ -171,7 +171,6 @@ struct L2TP_SESSION
UINT64 DisconnectTimeout; // Disconnection completion time-out
bool HasThread; // Whether have a thread
THREAD *Thread; // Thread
PPP_SESSION* PPPSession; // Underlying PPP session
TUBE *TubeSend; // Tube of PPP to L2TP direction
TUBE *TubeRecv; // Tube of L2TP to PPP direction
UINT PseudowireType; // Type of L2TPv3 virtual line
src/Cedar/Proto_OpenVPN.c
+12 -4
View File
@@ -147,7 +147,7 @@ bool OvsProcessData(void *param, TCP_RAW_DATA *in, FIFO *out)
payload_size = READ_USHORT(FifoPtr(fifo));
packet_size = payload_size + sizeof(USHORT);
if (payload_size == 0 || packet_size > sizeof(buf))
if (payload_size == 0 || payload_size > (sizeof(buf) - sizeof(USHORT)))
{
ret = false;
Debug("OvsProcessData(): Invalid payload size: %u bytes\n", payload_size);
@@ -824,6 +824,10 @@ void OvsProcessRecvControlPacket(OPENVPN_SERVER *s, OPENVPN_SESSION *se, OPENVPN
}
c->SslPipe = NewSslPipeEx(true, s->Cedar->ServerX, s->Cedar->ServerK, s->Dh, true, &c->ClientCert);
if (c->SslPipe == NULL)
{
return;
}
}
Unlock(s->Cedar->lock);
@@ -1902,6 +1906,10 @@ BUF *OvsBuildPacket(OPENVPN_PACKET *p)
// NumAck
num_ack = MIN(p->NumAck, OPENVPN_MAX_NUMACK);
if (p->OpCode != OPENVPN_P_ACK_V1)
{
num_ack = MIN(num_ack, OPENVPN_MAX_NUMACK_NONACK);
}
WriteBufChar(b, (UCHAR)num_ack);
if (p->NumAck >= 1)
@@ -1982,7 +1990,7 @@ OPENVPN_PACKET *OvsParsePacket(UCHAR *data, UINT size)
ret->NumAck = uc;
if (ret->NumAck > 4)
if (ret->NumAck > OPENVPN_MAX_NUMACK)
{
goto LABEL_ERROR;
}
@@ -2486,8 +2494,8 @@ void OvsRecvPacket(OPENVPN_SERVER *s, LIST *recv_packet_list, UINT protocol)
if (r->Exists)
{
Format(l3_options, sizeof(l3_options),
",route %r %r vpn_gateway",
&r->Network, &r->SubnetMask);
",route %r %r %r",
&r->Network, &r->SubnetMask, &r->Gateway);
StrCat(option_str, sizeof(option_str), l3_options);
}
src/Cedar/Proto_OpenVPN.h
+2 -1
View File
@@ -14,7 +14,8 @@
#define OPENVPN_UDP_PORT 1194 // OpenVPN default UDP port number
#define OPENVPN_UDP_PORT_INCLUDE 1195 // OpenVPN default UDP port number (Operating within the client)
#define OPENVPN_MAX_NUMACK 4 // The maximum number of ACKs
#define OPENVPN_MAX_NUMACK 8 // The maximum number of ACKs
#define OPENVPN_MAX_NUMACK_NONACK 4 // The maximum number of ACKs in != P_ACK_V1
#define OPENVPN_NUM_CHANNELS 8 // Maximum number of channels during a session
#define OPENVPN_CONTROL_PACKET_RESEND_INTERVAL 500 // Control packet retransmission interval
#define OPENVPN_CONTROL_PACKET_MAX_DATASIZE 1200 // Maximum data size that can be stored in one control packet
src/Cedar/Proto_PPP.c
+647 -186
View File
File diff suppressed because it is too large Load Diff
src/Cedar/Proto_PPP.h
+14 -7
View File
@@ -9,6 +9,7 @@
#define PROTO_PPP_H
#include "CedarType.h"
#include "Proto_IPsec.h"
#include "Mayaqua/TcpIp.h"
@@ -111,6 +112,7 @@
#define PPP_EAP_TYPE_NOTIFICATION 2
#define PPP_EAP_TYPE_NAK 3
#define PPP_EAP_TYPE_TLS 13
#define PPP_EAP_TYPE_MSCHAPV2 26
// EAP-TLS Flags
#define PPP_EAP_TLS_FLAG_NONE 0
@@ -228,6 +230,8 @@ struct PPP_EAP_TLS_CONTEXT
UCHAR *CachedBufferRecvPntr;
UCHAR *CachedBufferSend;
UCHAR *CachedBufferSendPntr;
bool DisableTls13;
int Tls13SessionTicketsCount;
};
// PPP request resend
@@ -290,7 +294,7 @@ struct PPP_SESSION
UINT MsChapV2_ErrorCode; // Authentication failure error code of MS-CHAPv2
UINT MsChapV2_PacketId; // MS-CHAPv2 Packet ID
bool MsChapV2_UseDoubleMsChapV2; // Use the double-MSCHAPv2 technique
bool UseEapRadius; // Use EAP for RADIUS authentication
EAP_CLIENT *EapClient; // EAP client
UCHAR ServerInterfaceId[8]; // Server IPv6CP Interface Identifier
@@ -301,7 +305,8 @@ struct PPP_SESSION
// EAP contexts
UINT Eap_Protocol; // Current EAP Protocol used
UINT Eap_PacketId; // EAP Packet ID;
UCHAR Eap_Identity[MAX_SIZE]; // Received from client identity
ETHERIP_ID Eap_Identity; // Received from client identity
bool Eap_MatchUserByCert; // Attempt to match the user from it's certificate during EAP-TLS, ignoring the EAP-identification
PPP_EAP_TLS_CONTEXT Eap_TlsCtx; // Context information for EAP TLS. May be possibly reused for EAP TTLS?
LIST *SentReqPacketList; // Sent requests list
@@ -313,8 +318,6 @@ struct PPP_SESSION
UINT64 DataTimeout;
UINT64 UserConnectionTimeout;
UINT64 UserConnectionTick;
THREAD *SessionThread; // Thread of the PPP session
};
@@ -325,7 +328,7 @@ struct PPP_SESSION
void PPPThread(THREAD *thread, void *param);
// Entry point
PPP_SESSION *NewPPPSession(CEDAR *cedar, IP *client_ip, UINT client_port, IP *server_ip, UINT server_port, TUBE *send_tube, TUBE *recv_tube, char *postfix, char *client_software_name, char *client_hostname, char *crypt_name, UINT adjust_mss);
THREAD *NewPPPSession(CEDAR *cedar, IP *client_ip, UINT client_port, IP *server_ip, UINT server_port, TUBE *send_tube, TUBE *recv_tube, char *postfix, char *client_software_name, char *client_hostname, char *crypt_name, UINT adjust_mss);
// PPP processing functions
bool PPPRejectUnsupportedPacket(PPP_SESSION *p, PPP_PACKET *pp);
@@ -336,9 +339,11 @@ bool PPPSendEchoRequest(PPP_SESSION *p);
bool PPPProcessResponsePacket(PPP_SESSION *p, PPP_PACKET *pp, PPP_PACKET *req);
bool PPPProcessLCPResponsePacket(PPP_SESSION *p, PPP_PACKET *pp, PPP_PACKET *req);
bool PPPProcessCHAPResponsePacket(PPP_SESSION *p, PPP_PACKET *pp, PPP_PACKET *req);
bool PPPProcessCHAPResponsePacketEx(PPP_SESSION *p, PPP_PACKET *pp, PPP_PACKET *req, PPP_LCP *chap, bool use_eap);
bool PPPProcessIPCPResponsePacket(PPP_SESSION *p, PPP_PACKET *pp, PPP_PACKET *req);
bool PPPProcessEAPResponsePacket(PPP_SESSION *p, PPP_PACKET *pp, PPP_PACKET *req);
bool PPPProcessIPv6CPResponsePacket(PPP_SESSION *p, PPP_PACKET *pp, PPP_PACKET *req);
bool PPPProcessEapResponseForRadius(PPP_SESSION *p, PPP_EAP *eap_packet, UINT eap_datasize);
// Request packets
bool PPPProcessRequestPacket(PPP_SESSION *p, PPP_PACKET *pp);
bool PPPProcessLCPRequestPacket(PPP_SESSION *p, PPP_PACKET *pp);
@@ -375,7 +380,8 @@ PPP_OPTION *NewPPPOption(UCHAR type, void *data, UINT size);
// Packet parse utilities
PPP_PACKET *ParsePPPPacket(void *data, UINT size);
PPP_LCP *PPPParseLCP(USHORT protocol, void *data, UINT size);
bool PPPParseMSCHAP2ResponsePacket(PPP_SESSION *p, PPP_PACKET *req);
bool PPPParseMSCHAP2ResponsePacket(PPP_SESSION *p, PPP_PACKET *pp);
bool PPPParseMSCHAP2ResponsePacketEx(PPP_SESSION *p, PPP_LCP *lcp, bool use_eap);
// Packet building utilities
BUF *BuildPPPPacketData(PPP_PACKET *pp);
BUF *BuildLCPData(PPP_LCP *c);
@@ -386,7 +392,7 @@ bool PPPSetIPOptionToLCP(PPP_IPOPTION *o, PPP_LCP *c, bool only_modify);
bool PPPGetIPAddressValueFromLCP(PPP_LCP *c, UINT type, IP *ip);
bool PPPSetIPAddressValueToLCP(PPP_LCP *c, UINT type, IP *ip, bool only_modify);
// EAP packet utilities
bool PPPProcessEAPTlsResponse(PPP_SESSION *p, PPP_EAP *eap_packet, UINT eapTlsSize);
bool PPPProcessEAPTlsResponse(PPP_SESSION *p, PPP_EAP *eap_packet, UINT eapSize);
PPP_LCP *BuildEAPPacketEx(UCHAR code, UCHAR id, UCHAR type, UINT datasize);
PPP_LCP *BuildEAPTlsPacketEx(UCHAR code, UCHAR id, UCHAR type, UINT datasize, UCHAR flags);
PPP_LCP *BuildEAPTlsRequest(UCHAR id, UINT datasize, UCHAR flags);
@@ -408,6 +414,7 @@ bool PPPParseUsername(CEDAR *cedar, char *src, ETHERIP_ID *dst);
void GenerateNtPasswordHash(UCHAR *dst, char *password);
void GenerateNtPasswordHashHash(UCHAR *dst_hash, UCHAR *src_hash);
void MsChapV2Server_GenerateChallenge(UCHAR *dst);
void MsChapV2Client_GenerateChallenge(UCHAR *dst);
void MsChapV2_GenerateChallenge8(UCHAR *dst, UCHAR *client_challenge, UCHAR *server_challenge, char *username);
void MsChapV2Client_GenerateResponse(UCHAR *dst, UCHAR *challenge8, UCHAR *nt_password_hash);
void MsChapV2Server_GenerateResponse(UCHAR *dst, UCHAR *nt_password_hash_hash, UCHAR *client_response, UCHAR *challenge8);
src/Cedar/Proto_SSTP.c
+3 -7
View File
@@ -275,8 +275,6 @@ void SstpProcessControlPacket(SSTP_SERVER *s, SSTP_PACKET *p)
// Process the SSTP received data packet
void SstpProcessDataPacket(SSTP_SERVER *s, SSTP_PACKET *p)
{
PPP_SESSION *underlyingSession;
// Validate arguments
if (s == NULL || p == NULL || p->IsControl)
{
@@ -288,11 +286,9 @@ void SstpProcessDataPacket(SSTP_SERVER *s, SSTP_PACKET *p)
if (s->PPPThread == NULL)
{
// Create a thread to initialize the new PPP module
underlyingSession = NewPPPSession(s->Cedar, &s->ClientIp, s->ClientPort, &s->ServerIp, s->ServerPort,
s->PPPThread = NewPPPSession(s->Cedar, &s->ClientIp, s->ClientPort, &s->ServerIp, s->ServerPort,
s->TubeSend, s->TubeRecv, SSTP_IPC_POSTFIX, SSTP_IPC_CLIENT_NAME,
s->ClientHostName, s->ClientCipherName, 0);
s->PPPSession = underlyingSession;
s->PPPThread = underlyingSession->SessionThread;
}
// Pass the received data to the PPP module
@@ -444,9 +440,9 @@ void SstpProcessInterrupt(SSTP_SERVER *s)
}
}
if (s->PPPSession != NULL && s->PPPSession->DataTimeout > sstpTimeout)
if (s->TubeRecv != NULL && s->TubeRecv->DataTimeout > sstpTimeout)
{
sstpTimeout = s->PPPSession->DataTimeout;
sstpTimeout = s->TubeRecv->DataTimeout;
}
if ((s->LastRecvTick + sstpTimeout) <= s->Now)
src/Cedar/Proto_SSTP.h
-1
View File
@@ -119,7 +119,6 @@ struct SSTP_SERVER
UINT64 LastRecvTick; // Tick when some data has received at the end
bool FlushRecvTube; // Flag whether to flush the reception tube
UINT EstablishedCount; // Number of session establishment
PPP_SESSION *PPPSession; // Underlying PPP Session
};
src/Cedar/Protocol.c
+301 -173
View File
@@ -940,6 +940,7 @@ UINT ChangePasswordAccept(CONNECTION *c, PACK *p)
{
Copy(pw->HashedKey, new_password, SHA1_SIZE);
Copy(pw->NtLmSecureHash, new_password_ntlm, MD5_SIZE);
IncrementServerConfigRevision(cedar->Server);
}
HLog(hub, "LH_CHANGE_PASSWORD_5", c->Name, username);
}
@@ -1572,6 +1573,12 @@ bool ServerAccept(CONNECTION *c)
c->CipherName = NULL;
if (c->SslVersion != NULL)
{
Free(c->SslVersion);
}
c->SslVersion = NULL;
if (IsEmptyStr(tmp) == false)
{
c->CipherName = CopyStr(tmp);
@@ -1591,11 +1598,22 @@ bool ServerAccept(CONNECTION *c)
}
c->CipherName = NULL;
if (c->SslVersion != NULL)
{
Free(c->SslVersion);
}
c->SslVersion = NULL;
if (c->FirstSock != NULL && IsEmptyStr(c->FirstSock->CipherName) == false)
{
c->CipherName = CopyStr(c->FirstSock->CipherName);
}
if (c->FirstSock != NULL && IsEmptyStr(c->FirstSock->SslVersion) == false)
{
c->SslVersion = CopyStr(c->FirstSock->SslVersion);
}
Format(radius_login_opt.In_VpnProtocolState, sizeof(radius_login_opt.In_VpnProtocolState),
"L%u:%s", IPC_LAYER_2, "SEVPN");
}
@@ -1684,6 +1702,9 @@ bool ServerAccept(CONNECTION *c)
case CLIENT_AUTHTYPE_CERT:
authtype_str = _UU("LH_AUTH_CERT");
break;
case AUTHTYPE_EXTERNAL:
authtype_str = _UU("LH_AUTH_EXTERNAL");
break;
case AUTHTYPE_WIREGUARD_KEY:
authtype_str = _UU("LH_AUTH_WIREGUARD_KEY");
break;
@@ -1811,6 +1832,11 @@ bool ServerAccept(CONNECTION *c)
// Anonymous authentication (this have been already attempted)
break;
case AUTHTYPE_EXTERNAL:
// External authentication already completed
auth_ret = true;
break;
case AUTHTYPE_TICKET:
// Ticket authentication
if (PackGetDataSize(p, "ticket") == SHA1_SIZE)
@@ -1896,7 +1922,7 @@ bool ServerAccept(CONNECTION *c)
if (auth_ret == false)
{
// Attempt external authentication registered users
// Attempt external authentication
bool fail_ext_user_auth = false;
if (GetGlobalServerFlag(GSF_DISABLE_RADIUS_AUTH) != 0)
{
@@ -1905,7 +1931,7 @@ bool ServerAccept(CONNECTION *c)
if (fail_ext_user_auth == false)
{
auth_ret = SamAuthUserByPlainPassword(c, hub, username, plain_password, false, mschap_v2_server_response_20, &radius_login_opt);
auth_ret = SamAuthUserByPlainPassword(c, hub, username, plain_password, true, mschap_v2_server_response_20, &radius_login_opt);
}
if (auth_ret && pol == NULL)
@@ -1914,37 +1940,6 @@ bool ServerAccept(CONNECTION *c)
}
}
if (auth_ret == false)
{
// Attempt external authentication asterisk user
bool b = false;
bool fail_ext_user_auth = false;
if (GetGlobalServerFlag(GSF_DISABLE_RADIUS_AUTH) != 0)
{
fail_ext_user_auth = true;
}
if (fail_ext_user_auth == false)
{
AcLock(hub);
{
b = AcIsUser(hub, "*");
}
AcUnlock(hub);
// If there is asterisk user, log on as the user
if (b)
{
auth_ret = SamAuthUserByPlainPassword(c, hub, username, plain_password, true, mschap_v2_server_response_20, &radius_login_opt);
if (auth_ret && pol == NULL)
{
pol = SamGetUserPolicy(hub, "*");
}
}
}
}
if (pol != NULL)
{
no_save_password = pol->NoSavePassword;
@@ -2385,23 +2380,6 @@ bool ServerAccept(CONNECTION *c)
goto CLEANUP;
}
if ((policy->NoSavePassword) || (policy->AutoDisconnect != 0))
{
if (c->ClientBuild < 6560 && InStrEx(c->ClientStr, "client", false))
{
// If NoSavePassword policy is specified,
// only supported client can connect
HLog(hub, "LH_CLIENT_VERSION_OLD", c->Name, c->ClientBuild, 6560);
Unlock(hub->lock);
ReleaseHub(hub);
c->Err = ERR_VERSION_INVALID;
error_detail = "ERR_VERSION_INVALID";
Free(policy);
goto CLEANUP;
}
}
if (user_expires != 0 && user_expires <= SystemTime64())
{
// User expired
@@ -2956,6 +2934,8 @@ bool ServerAccept(CONNECTION *c)
rudp_bulk_version = 2;
}
s->BulkOnRUDPVersion = rudp_bulk_version;
if (s->EnableBulkOnRUDP)
{
AddProtocolDetailsKeyValueInt(s->ProtocolDetails, sizeof(s->ProtocolDetails), "RUDP_Bulk_Ver", s->BulkOnRUDPVersion);
@@ -3217,7 +3197,7 @@ bool ServerAccept(CONNECTION *c)
#endif // OS_WIN32
tmp2 = ZeroMalloc(tmp2_size);
UniFormat(tmp2, tmp2_size, _UU(c->ClientBuild >= 9428 ? "NATT_MSG" : "NATT_MSG2"), local_name);
UniFormat(tmp2, tmp2_size, _UU("NATT_MSG"), local_name);
UniStrCat(tmp, tmpsize, tmp2);
@@ -3843,7 +3823,18 @@ void CreateNodeInfo(NODE_INFO *info, CONNECTION *c)
// Server host name
StrCpy(info->ServerHostname, sizeof(info->ServerHostname), c->ServerName);
// Server IP address
if (GetIP(&ip, info->ServerHostname))
if (s->ClientOption->ProxyType == PROXY_DIRECT)
{
if (IsIP6(&c->FirstSock->RemoteIP) == false)
{
info->ServerIpAddress = IPToUINT(&c->FirstSock->RemoteIP);
}
else
{
Copy(info->ServerIpAddress6, c->FirstSock->RemoteIP.address, sizeof(info->ServerIpAddress6));
}
}
else if (GetIP(&ip, info->ServerHostname))
{
if (IsIP6(&ip) == false)
{
@@ -4300,7 +4291,6 @@ bool ClientCheckServerCert(CONNECTION *c, bool *expired)
X *x;
CHECK_CERT_THREAD_PROC *p;
THREAD *thread;
CEDAR *cedar;
bool ret;
UINT64 start;
// Validate arguments
@@ -4315,32 +4305,11 @@ bool ClientCheckServerCert(CONNECTION *c, bool *expired)
}
auth = c->Session->ClientAuth;
cedar = c->Cedar;
if (auth->CheckCertProc == NULL && c->Session->LinkModeClient == false)
{
// No checking function
return true;
}
if (c->Session->LinkModeClient && c->Session->Link->CheckServerCert == false)
{
// It's in cascade connection mode, but do not check the server certificate
return true;
}
if (c->UseTicket)
{
// Check the certificate of the redirected VPN server
if (CompareX(c->FirstSock->RemoteX, c->ServerX) == false)
if (auth->CheckCertProc == NULL)
{
return false;
}
else
{
return true;
}
}
x = CloneX(c->FirstSock->RemoteX);
if (x == NULL)
@@ -4349,63 +4318,6 @@ bool ClientCheckServerCert(CONNECTION *c, bool *expired)
return false;
}
if (CheckXDateNow(x))
{
// Check whether it is signed by the root certificate to trust
if (c->Session->LinkModeClient == false)
{
// Normal VPN Client mode
if (CheckSignatureByCa(cedar, x))
{
// This certificate can be trusted because it is signed
FreeX(x);
return true;
}
}
else
{
// Cascade connection mode
if (CheckSignatureByCaLinkMode(c->Session, x))
{
// This certificate can be trusted because it is signed
FreeX(x);
return true;
}
}
}
if (c->Session->LinkModeClient)
{
if (CheckXDateNow(x))
{
Lock(c->Session->Link->lock);
{
if (c->Session->Link->ServerCert != NULL)
{
if (CompareX(c->Session->Link->ServerCert, x))
{
Unlock(c->Session->Link->lock);
// Exactly match the certificate that is registered in the cascade configuration
FreeX(x);
return true;
}
}
}
Unlock(c->Session->Link->lock);
}
else
{
if (expired != NULL)
{
*expired = true;
}
}
// Verification failure at this point in the case of cascade connection mode
FreeX(x);
return false;
}
p = ZeroMalloc(sizeof(CHECK_CERT_THREAD_PROC));
p->ServerX = x;
p->CheckCertProc = auth->CheckCertProc;
@@ -4423,7 +4335,8 @@ bool ClientCheckServerCert(CONNECTION *c, bool *expired)
{
// Send a NOOP periodically for disconnection prevention
start = Tick64();
ClientUploadNoop(c);
// Do not send because we now ask for user permission before sending signature
//ClientUploadNoop(c);
}
if (p->UserSelected)
{
@@ -4482,10 +4395,43 @@ REDIRECTED:
s = ClientConnectToServer(c);
if (s == NULL)
{
// Do not retry if untrusted or hostname mismatched
if (c->Session->LinkModeClient == false && (c->Err == ERR_CERT_NOT_TRUSTED || c->Err == ERR_HOSTNAME_MISMATCH)
&& (c->Session->Account == NULL || ! c->Session->Account->RetryOnServerCert))
{
c->Session->ForceStopFlag = true;
}
PrintStatus(sess, L"free");
return false;
}
PrintStatus(sess, _UU("STATUS_5"));
// Prompt user whether to continue on verification errors
if ((c->Err == ERR_CERT_NOT_TRUSTED || c->Err == ERR_HOSTNAME_MISMATCH || c->Err == ERR_SERVER_CERT_EXPIRES) && ClientCheckServerCert(c, &expired) == false)
{
if (expired)
{
c->Err = ERR_SERVER_CERT_EXPIRES;
}
// Do not retry if untrusted or hostname mismatched
if (c->Session->LinkModeClient == false && (c->Err == ERR_CERT_NOT_TRUSTED || c->Err == ERR_HOSTNAME_MISMATCH)
&& (c->Session->Account == NULL || ! c->Session->Account->RetryOnServerCert))
{
c->Session->ForceStopFlag = true;
}
goto CLEANUP;
}
// Check the certificate of the redirected VPN server
if (c->UseTicket && CompareX(s->RemoteX, c->ServerX) == false)
{
c->Err = ERR_CERT_NOT_TRUSTED;
goto CLEANUP;
}
Copy(&server_ip, &s->RemoteIP, sizeof(IP));
if (c->Halt)
@@ -4537,8 +4483,6 @@ REDIRECTED:
goto CLEANUP;
}
PrintStatus(sess, _UU("STATUS_5"));
// Receive a Hello packet
Debug("Downloading Hello...\n");
if (ClientDownloadHello(c, s) == false)
@@ -4574,27 +4518,6 @@ REDIRECTED:
// During user authentication
c->Session->ClientStatus = CLIENT_STATUS_AUTH;
// Verify the server certificate by the client
if (ClientCheckServerCert(c, &expired) == false)
{
if (expired == false)
{
c->Err = ERR_CERT_NOT_TRUSTED;
}
else
{
c->Err = ERR_SERVER_CERT_EXPIRES;
}
if (c->Session->LinkModeClient == false && c->Err == ERR_CERT_NOT_TRUSTED
&& (c->Session->Account == NULL || ! c->Session->Account->RetryOnServerCert))
{
c->Session->ForceStopFlag = true;
}
goto CLEANUP;
}
PrintStatus(sess, _UU("STATUS_6"));
// Send the authentication data
@@ -5048,6 +4971,13 @@ REDIRECTED:
}
c->CipherName = CopyStr(c->FirstSock->CipherName);
if (c->SslVersion != NULL)
{
Free(c->SslVersion);
}
c->SslVersion = CopyStr(c->FirstSock->SslVersion);
}
Unlock(c->lock);
@@ -5810,6 +5740,7 @@ bool ServerDownloadSignature(CONNECTION *c, char **error_detail_str)
UINT num = 0, max = 19;
SERVER *server;
char *vpn_http_target = HTTP_VPN_TARGET2;
bool disableJsonRpcWebApi;
// Validate arguments
if (c == NULL)
{
@@ -5820,6 +5751,15 @@ bool ServerDownloadSignature(CONNECTION *c, char **error_detail_str)
s = c->FirstSock;
disableJsonRpcWebApi = server->DisableJsonRpcWebApi;
if (!disableJsonRpcWebApi && !IsZeroIP(&server->JsonRpcWebApiAllowedSubnetAddr)
&& !IsZeroIP(&server->JsonRpcWebApiAllowedSubnetMask)) {
// restrict JSON-RPC Web API to specified subnet only
if (!IsInSameNetwork(&s->RemoteIP, &server->JsonRpcWebApiAllowedSubnetAddr, &server->JsonRpcWebApiAllowedSubnetMask)) {
disableJsonRpcWebApi = true;
}
}
while (true)
{
bool not_found_error = false;
@@ -5852,7 +5792,7 @@ bool ServerDownloadSignature(CONNECTION *c, char **error_detail_str)
// Receive the data since it's POST
data_size = GetContentLength(h);
if (server->DisableJsonRpcWebApi == false)
if (disableJsonRpcWebApi == false)
{
if (StrCmpi(h->Target, "/api") == 0 || StrCmpi(h->Target, "/api/") == 0)
{
@@ -5938,7 +5878,7 @@ bool ServerDownloadSignature(CONNECTION *c, char **error_detail_str)
}
else if (StrCmpi(h->Method, "OPTIONS") == 0)
{
if (server->DisableJsonRpcWebApi == false)
if (disableJsonRpcWebApi == false)
{
if (StrCmpi(h->Target, "/api") == 0 || StrCmpi(h->Target, "/api/") == 0 || StartWith(h->Target, "/admin"))
{
@@ -6009,7 +5949,7 @@ bool ServerDownloadSignature(CONNECTION *c, char **error_detail_str)
BUF *b = NULL;
*error_detail_str = "HTTP_ROOT";
if (server->DisableJsonRpcWebApi == false)
if (disableJsonRpcWebApi == false)
{
b = ReadDump("|wwwroot/index.html");
}
@@ -6089,7 +6029,7 @@ bool ServerDownloadSignature(CONNECTION *c, char **error_detail_str)
if (b == false)
{
if (server->DisableJsonRpcWebApi == false)
if (disableJsonRpcWebApi == false)
{
if (StartWith(h->Target, "/api?") || StartWith(h->Target, "/api/") || StrCmpi(h->Target, "/api") == 0)
{
@@ -6223,16 +6163,29 @@ SOCK *ClientConnectToServer(CONNECTION *c)
SetTimeout(s, CONNECTING_TIMEOUT);
// Start the SSL communication
if (StartSSLEx(s, x, k, 0, c->ServerName) == false)
UINT err = 0;
if (StartSSLEx3(s, x, k, NULL, 0, c->ServerName, c->Session->SslOption, &err) == false)
{
// SSL communication start failure
Disconnect(s);
ReleaseSock(s);
c->FirstSock = NULL;
if (err != 0)
{
c->Err = err;
}
else
{
c->Err = ERR_SERVER_IS_NOT_VPN;
}
return NULL;
}
if (err != 0)
{
c->Err = err;
}
if (s->RemoteX == NULL)
{
// SSL communication start failure
@@ -6243,6 +6196,8 @@ SOCK *ClientConnectToServer(CONNECTION *c)
return NULL;
}
CLog(c->Cedar->Client, "LC_SSL_CONNECTED", c->Session->ClientOption->AccountName, s->SslVersion, s->CipherName);
return s;
}
@@ -6251,6 +6206,8 @@ SOCK *ClientConnectGetSocket(CONNECTION *c, bool additional_connect)
{
volatile bool *cancel_flag = NULL;
char hostname[MAX_HOST_NAME_LEN];
char localaddr[MAX_HOST_NAME_LEN];
bool save_resolved_ip = false;
CLIENT_OPTION *o;
SESSION *sess;
@@ -6282,7 +6239,7 @@ SOCK *ClientConnectGetSocket(CONNECTION *c, bool additional_connect)
c->ServerPort = o->Port;
}
if (IsZeroIP(&sess->ServerIP_CacheForNextConnect) == false)
if (additional_connect && IsZeroIP(&sess->ServerIP_CacheForNextConnect) == false)
{
IPToStr(hostname, sizeof(hostname), &sess->ServerIP_CacheForNextConnect);
Debug("ClientConnectGetSocket(): Using cached IP address %s\n", hostname);
@@ -6302,6 +6259,7 @@ SOCK *ClientConnectGetSocket(CONNECTION *c, bool additional_connect)
if (o->ProxyType == PROXY_DIRECT)
{
UINT ssl_err = 0;
UINT nat_t_err = 0;
wchar_t tmp[MAX_SIZE];
UniFormat(tmp, sizeof(tmp), _UU("STATUS_4"), hostname);
@@ -6309,11 +6267,50 @@ SOCK *ClientConnectGetSocket(CONNECTION *c, bool additional_connect)
if (o->PortUDP == 0)
{
IP *localIP;
UINT localport;
// Top of Bind outgoing connection
// Decide the binding operation which is explicitly executed on the client-side
// In the case of first TCP/IP connection
if (additional_connect == false) {
if (sess->ClientOption->NoRoutingTracking == false) {
localIP = BIND_LOCALIP_NULL; // Specify not to bind
}
else {
// Nonzero address is for source IP address to bind. Zero address is for dummy not to bind.
if (IsZeroIP(&sess->ClientOption->BindLocalIP) == true) {
localIP = BIND_LOCALIP_NULL;
}
else {
localIP = &sess->ClientOption->BindLocalIP;
}
Debug("ClientConnectGetSocket(): Source IP address %r and source port number %d for binding\n"
, &sess->ClientOption->BindLocalIP, sess->ClientOption->BindLocalPort);
}
}
// In the case of second and subsequent TCP/IP connections
else {
// Bind the socket to the actual local IP address of first TCP / IP connection
localIP = &sess->LocalIP_CacheForNextConnect;
//localIP = BIND_LOCALIP_NULL; // Specify not to bind for test
}
if (sess->ClientOption->BindLocalPort == 0) {
localport = BIND_LOCALPORT_NULL;
}
else {
localport = sess->ClientOption->BindLocalPort + Count(sess->Connection->CurrentNumConnection) - 1;
Debug("ClientConnectGetSocket(): Additional source port number %u\n", localport);
}
// Bottom of Bind outgoing connection
// If additional_connect == false, enable trying to NAT-T connection
// If additional_connect == true, follow the IsRUDPSession setting in this session
sock = TcpIpConnectEx(hostname, c->ServerPort,
// In additional connect or redirect we do not need ssl verification as the certificate is always compared with a saved one
sock = BindTcpIpConnectEx2(localIP, localport, hostname, c->ServerPort,
(bool *)cancel_flag, c->hWndForUI, &nat_t_err, (additional_connect ? (!sess->IsRUDPSession) : false),
true, &resolved_ip);
true, ((additional_connect || c->UseTicket) ? NULL : sess->SslOption), &ssl_err, o->HintStr, &resolved_ip);
}
else
{
@@ -6335,9 +6332,16 @@ SOCK *ClientConnectGetSocket(CONNECTION *c, bool additional_connect)
{
// Connection failure
if (nat_t_err != RUDP_ERROR_NAT_T_TWO_OR_MORE)
{
if (ssl_err != 0)
{
c->Err = ssl_err;
}
else
{
c->Err = ERR_CONNECT_FAILED;
}
}
else
{
c->Err = ERR_NAT_T_TWO_OR_MORE;
@@ -6345,6 +6349,11 @@ SOCK *ClientConnectGetSocket(CONNECTION *c, bool additional_connect)
return NULL;
}
if (ssl_err != 0)
{
c->Err = ssl_err;
}
}
else
{
@@ -6369,6 +6378,33 @@ SOCK *ClientConnectGetSocket(CONNECTION *c, bool additional_connect)
StrCpy(in.HttpCustomHeader, sizeof(in.HttpCustomHeader), o->CustomHttpHeader);
StrCpy(in.HttpUserAgent, sizeof(in.HttpUserAgent), c->Cedar->HttpUserAgent);
// Top of Bind outgoing connection
// In the case of first TCP/IP connection
if (additional_connect == false) {
if (sess->ClientOption->NoRoutingTracking == false) {
in.BindLocalIP = BIND_LOCALIP_NULL; // Specify not to bind
}
else {
if (IsZeroIP(&sess->ClientOption->BindLocalIP) == true) {
in.BindLocalIP = BIND_LOCALIP_NULL;
}
else {
in.BindLocalIP = &sess->ClientOption->BindLocalIP;
}
}
}
// In the case of second and subsequent TCP/IP connections
else {
in.BindLocalIP = &sess->LocalIP_CacheForNextConnect;
}
if (sess->ClientOption->BindLocalPort == 0) {
in.BindLocalPort = BIND_LOCALPORT_NULL;
}
else {
in.BindLocalPort = sess->ClientOption->BindLocalPort + Count(sess->Connection->CurrentNumConnection) - 1;
}
// Bottom of Bind outgoing connection
#ifdef OS_WIN32
in.Hwnd = c->hWndForUI;
#endif
@@ -6379,13 +6415,16 @@ SOCK *ClientConnectGetSocket(CONNECTION *c, bool additional_connect)
switch (o->ProxyType)
{
case PROXY_HTTP:
ret = ProxyHttpConnect(&out, &in, cancel_flag);
// ret = ProxyHttpConnect(&out, &in, cancel_flag);
ret = BindProxyHttpConnect(&out, &in, cancel_flag); // Bind outgoing connection
break;
case PROXY_SOCKS:
ret = ProxySocks4Connect(&out, &in, cancel_flag);
// ret = ProxySocks4Connect(&out, &in, cancel_flag);
ret = BindProxySocks4Connect(&out, &in, cancel_flag); // Bind outgoing connection
break;
case PROXY_SOCKS5:
ret = ProxySocks5Connect(&out, &in, cancel_flag);
// ret = ProxySocks5Connect(&out, &in, cancel_flag);
ret = BindProxySocks5Connect(&out, &in, cancel_flag); // Bind outgoing connection
break;
default:
c->Err = ERR_INTERNAL_ERROR;
@@ -6408,7 +6447,7 @@ SOCK *ClientConnectGetSocket(CONNECTION *c, bool additional_connect)
if (additional_connect == false || IsZeroIP(&sock->RemoteIP))
{
if (((sock->IsRUDPSocket || sock->IPv6) && IsZeroIP(&sock->RemoteIP) == false && o->ProxyType == PROXY_DIRECT) || GetIP(&c->Session->ServerIP, hostname) == false)
if (IsZeroIP(&sock->RemoteIP) == false || (sock->IPv6 && GetIP6(&c->Session->ServerIP, hostname) == false) || (sock->IPv6 == false && GetIP4(&c->Session->ServerIP, hostname) == false))
{
Copy(&c->Session->ServerIP, &sock->RemoteIP, sizeof(c->Session->ServerIP));
}
@@ -6420,6 +6459,25 @@ SOCK *ClientConnectGetSocket(CONNECTION *c, bool additional_connect)
Debug("ClientConnectGetSocket(): Saved %s IP address %r for future connections.\n", hostname, &resolved_ip);
}
// Top of Bind outgoing connection
IPToStr(localaddr, sizeof(localaddr), &sock->LocalIP);
// In the case of first TCP/IP connection, save the local IP address
if (additional_connect == false) {
c->Session->LocalIP_CacheForNextConnect = sock->LocalIP;
Debug("ClientConnectGetSocket(): Saved local IP address %r for future connections.\n", &sock->LocalIP);
}
// In the case of second and subsequent TCP/IP connections, check to see whether or not the local IP address is same as the first one
else {
if (memcmp(sock->LocalIP.address, c->Session->LocalIP_CacheForNextConnect.address, sizeof(sock->LocalIP.address)) == 0) {
Debug("ClientConnectGetSocket(): Binded local IP address %s OK\n", localaddr);
}
else {
Debug("ClientConnectGetSocket(): Binded local IP address %s NG\n", localaddr);
}
}
// Bottom of Bind outgoing connection
return sock;
}
@@ -6449,23 +6507,60 @@ UINT ProxyCodeToCedar(UINT code)
// TCP connection function
SOCK *TcpConnectEx3(char *hostname, UINT port, UINT timeout, bool *cancel_flag, void *hWnd, bool no_nat_t, UINT *nat_t_error_code, bool try_start_ssl, IP *ret_ip)
{
return BindTcpConnectEx3(BIND_LOCALIP_NULL, BIND_LOCALPORT_NULL, hostname, port, timeout, cancel_flag, hWnd, no_nat_t, nat_t_error_code, try_start_ssl, ret_ip);
}
SOCK *TcpConnectEx4(char * hostname, UINT port, UINT timeout, bool * cancel_flag, void *hWnd, bool no_nat_t, UINT *nat_t_error_code, bool try_start_ssl, SSL_VERIFY_OPTION *ssl_option, UINT *ssl_err, char *hint_str, IP *ret_ip)
{
return BindTcpConnectEx4(BIND_LOCALIP_NULL, BIND_LOCALPORT_NULL, hostname, port, timeout, cancel_flag, hWnd, no_nat_t, nat_t_error_code, try_start_ssl, ssl_option, ssl_err, hint_str, ret_ip);
}
// Connect with TCP/IP
SOCK *TcpIpConnectEx(char *hostname, UINT port, bool *cancel_flag, void *hWnd, UINT *nat_t_error_code, bool no_nat_t, bool try_start_ssl, IP *ret_ip)
{
return BindTcpIpConnectEx(BIND_LOCALIP_NULL, BIND_LOCALPORT_NULL, hostname, port, cancel_flag, hWnd, nat_t_error_code, no_nat_t, try_start_ssl, ret_ip);
}
SOCK *TcpIpConnectEx2(char * hostname, UINT port, bool * cancel_flag, void *hWnd, UINT *nat_t_error_code, bool no_nat_t, bool try_start_ssl, SSL_VERIFY_OPTION *ssl_option, UINT *ssl_err, char *hint_str, IP *ret_ip)
{
return BindTcpIpConnectEx2(BIND_LOCALIP_NULL, BIND_LOCALPORT_NULL, hostname, port, cancel_flag, hWnd, nat_t_error_code, no_nat_t, try_start_ssl, ssl_option, ssl_err, hint_str, ret_ip);
}
// TCP connection function
//SOCK* TcpConnectEx3(char* hostname, UINT port, UINT timeout, bool* cancel_flag, void* hWnd, bool no_nat_t, UINT* nat_t_error_code, bool try_start_ssl, IP* ret_ip)
SOCK *BindTcpConnectEx3(IP *localIP, UINT localport, char *hostname, UINT port, UINT timeout, bool *cancel_flag, void *hWnd, bool no_nat_t, UINT *nat_t_error_code, bool try_start_ssl, IP *ret_ip)
{
// return TcpConnectEx4(hostname, port, timeout, cancel_flag, hWnd, no_nat_t, nat_t_error_code, try_start_ssl, NULL, NULL, NULL, ret_ip);
return BindTcpConnectEx4(localIP, localport, hostname, port, timeout, cancel_flag, hWnd, no_nat_t, nat_t_error_code, try_start_ssl, NULL, NULL, NULL, ret_ip);
}
//SOCK *TcpConnectEx4(char *hostname, UINT port, UINT timeout, bool *cancel_flag, void *hWnd, bool no_nat_t, UINT *nat_t_error_code, bool try_start_ssl, SSL_VERIFY_OPTION *ssl_option, UINT *ssl_err, char *hint_str, IP *ret_ip)
SOCK *BindTcpConnectEx4(IP *localIP, UINT localport, char *hostname, UINT port, UINT timeout, bool *cancel_flag, void *hWnd, bool no_nat_t, UINT *nat_t_error_code, bool try_start_ssl, SSL_VERIFY_OPTION *ssl_option, UINT *ssl_err, char *hint_str, IP *ret_ip)
{
#ifdef OS_WIN32
if (hWnd == NULL)
{
#endif // OS_WIN32
return ConnectEx4(hostname, port, timeout, cancel_flag, (no_nat_t ? NULL : VPN_RUDP_SVC_NAME), nat_t_error_code, try_start_ssl, true, ret_ip);
// return ConnectEx5(hostname, port, timeout, cancel_flag, (no_nat_t ? NULL : VPN_RUDP_SVC_NAME), nat_t_error_code, try_start_ssl, true, ssl_option, ssl_err, hint_str, ret_ip);
return BindConnectEx5(localIP, localport, hostname, port, timeout, cancel_flag, (no_nat_t ? NULL : VPN_RUDP_SVC_NAME), nat_t_error_code, try_start_ssl, true, ssl_option, ssl_err, hint_str, ret_ip);
#ifdef OS_WIN32
}
else
{
return WinConnectEx3((HWND)hWnd, hostname, port, timeout, 0, NULL, NULL, nat_t_error_code, (no_nat_t ? NULL : VPN_RUDP_SVC_NAME), try_start_ssl);
return WinConnectEx4((HWND)hWnd, hostname, port, timeout, 0, NULL, NULL, nat_t_error_code, (no_nat_t ? NULL : VPN_RUDP_SVC_NAME), try_start_ssl, ssl_option, ssl_err, hint_str);
}
#endif // OS_WIN32
}
// Connect with TCP/IP
SOCK *TcpIpConnectEx(char *hostname, UINT port, bool *cancel_flag, void *hWnd, UINT *nat_t_error_code, bool no_nat_t, bool try_start_ssl, IP *ret_ip)
//SOCK *TcpIpConnectEx(char *hostname, UINT port, bool *cancel_flag, void *hWnd, UINT *nat_t_error_code, bool no_nat_t, bool try_start_ssl, IP *ret_ip)
SOCK *BindTcpIpConnectEx(IP *localIP, UINT localport, char *hostname, UINT port, bool *cancel_flag, void *hWnd, UINT *nat_t_error_code, bool no_nat_t, bool try_start_ssl, IP *ret_ip)
{
// return TcpIpConnectEx2(hostname, port, cancel_flag, hWnd, nat_t_error_code, no_nat_t, try_start_ssl, NULL, NULL, NULL, ret_ip);
return BindTcpIpConnectEx2(localIP, localport, hostname, port, cancel_flag, hWnd, nat_t_error_code, no_nat_t, try_start_ssl, NULL, NULL, NULL, ret_ip);
}
//SOCK *TcpIpConnectEx2(char *hostname, UINT port, bool *cancel_flag, void *hWnd, UINT *nat_t_error_code, bool no_nat_t, bool try_start_ssl, SSL_VERIFY_OPTION *ssl_option, UINT *ssl_err, char *hint_str, IP *ret_ip)
SOCK *BindTcpIpConnectEx2(IP *localIP, UINT localport, char *hostname, UINT port, bool *cancel_flag, void *hWnd, UINT *nat_t_error_code, bool no_nat_t, bool try_start_ssl, SSL_VERIFY_OPTION *ssl_option, UINT *ssl_err, char *hint_str, IP *ret_ip)
{
SOCK *s = NULL;
UINT dummy_int = 0;
@@ -6480,7 +6575,8 @@ SOCK *TcpIpConnectEx(char *hostname, UINT port, bool *cancel_flag, void *hWnd, U
return NULL;
}
s = TcpConnectEx3(hostname, port, 0, cancel_flag, hWnd, no_nat_t, nat_t_error_code, try_start_ssl, ret_ip);
// s = TcpConnectEx4(hostname, port, 0, cancel_flag, hWnd, no_nat_t, nat_t_error_code, try_start_ssl, ssl_option, ssl_err, hint_str, ret_ip);
s = BindTcpConnectEx4(localIP, localport, hostname, port, 0, cancel_flag, hWnd, no_nat_t, nat_t_error_code, try_start_ssl, ssl_option, ssl_err, hint_str, ret_ip);
if (s == NULL)
{
return NULL;
@@ -6687,7 +6783,6 @@ PACK *PackLoginWithOpenVPNCertificate(char *hubname, char *username, X *x)
p = NewPack();
PackAddStr(p, "method", "login");
PackAddStr(p, "hubname", hubname);
if (IsEmptyStr(username))
{
@@ -6696,12 +6791,26 @@ PACK *PackLoginWithOpenVPNCertificate(char *hubname, char *username, X *x)
FreePack(p);
return NULL;
}
UniToStr(cn_username, sizeof(cn_username), x->subject_name->CommonName);
if (strchr(cn_username, '@') != NULL)
{
PackAddStr(p, "username", strtok(cn_username, "@"));
PackAddStr(p, "hubname", strtok(NULL, ""));
}
else
{
PackAddStr(p, "username", cn_username);
PackAddStr(p, "hubname", hubname);
}
}
else
{
PackAddStr(p, "username", username);
PackAddStr(p, "hubname", hubname);
}
PackAddInt(p, "authtype", AUTHTYPE_OPENVPN_CERT);
@@ -6752,6 +6861,25 @@ PACK *PackLoginWithAnonymous(char *hubname, char *username)
return p;
}
// Create a packet for external login
PACK *PackLoginWithExternal(char *hubname, char *username)
{
PACK *p;
// Validate arguments
if (hubname == NULL || username == NULL)
{
return NULL;
}
p = NewPack();
PackAddStr(p, "method", "login");
PackAddStr(p, "hubname", hubname);
PackAddStr(p, "username", username);
PackAddInt(p, "authtype", AUTHTYPE_EXTERNAL);
return p;
}
// Create a packet for the additional connection
PACK *PackAdditionalConnect(UCHAR *session_key)
{
src/Cedar/Protocol.h
+12
View File
@@ -114,6 +114,12 @@ bool ServerAccept(CONNECTION *c);
bool ClientConnect(CONNECTION *c);
SOCK *ClientConnectToServer(CONNECTION *c);
SOCK *TcpIpConnectEx(char *hostname, UINT port, bool *cancel_flag, void *hWnd, UINT *nat_t_error_code, bool no_nat_t, bool try_start_ssl, IP *ret_ip);
SOCK *TcpIpConnectEx2(char *hostname, UINT port, bool *cancel_flag, void *hWnd, UINT *nat_t_error_code, bool no_nat_t, bool try_start_ssl, SSL_VERIFY_OPTION *ssl_option, UINT *ssl_err, char *hint_str, IP *ret_ip);
// New function named with prefix "Bind" binds outgoing connection to a specific address. New one is wrapped in original one.
SOCK* BindTcpIpConnectEx(IP *localIP, UINT localport, char *hostname, UINT port, bool *cancel_flag, void *hWnd, UINT *nat_t_error_code, bool no_nat_t, bool try_start_ssl, IP *ret_ip);
SOCK* BindTcpIpConnectEx2(IP *localIP, UINT localport, char *hostname, UINT port, bool *cancel_flag, void *hWnd, UINT *nat_t_error_code, bool no_nat_t, bool try_start_ssl, SSL_VERIFY_OPTION *ssl_option, UINT *ssl_err, char *hint_str, IP *ret_ip);
bool ClientUploadSignature(SOCK *s);
bool ClientDownloadHello(CONNECTION *c, SOCK *s);
bool ServerDownloadSignature(CONNECTION *c, char **error_detail_str);
@@ -121,6 +127,11 @@ bool ServerUploadHello(CONNECTION *c);
bool ClientUploadAuth(CONNECTION *c);
SOCK *ClientConnectGetSocket(CONNECTION *c, bool additional_connect);
SOCK *TcpConnectEx3(char *hostname, UINT port, UINT timeout, bool *cancel_flag, void *hWnd, bool no_nat_t, UINT *nat_t_error_code, bool try_start_ssl, IP *ret_ip);
SOCK *TcpConnectEx4(char *hostname, UINT port, UINT timeout, bool *cancel_flag, void *hWnd, bool no_nat_t, UINT *nat_t_error_code, bool try_start_ssl, SSL_VERIFY_OPTION *ssl_option, UINT *ssl_err, char *hint_str, IP *ret_ip);
// New function named with prefix "Bind" binds outgoing connection to a specific address. New one is wrapped in original one.
SOCK* BindTcpConnectEx3(IP *localIP, UINT localport, char *hostname, UINT port, UINT timeout, bool *cancel_flag, void *hWnd, bool no_nat_t, UINT *nat_t_error_code, bool try_start_ssl, IP *ret_ip);
SOCK* BindTcpConnectEx4(IP *localIP, UINT localport, char *hostname, UINT port, UINT timeout, bool *cancel_flag, void *hWnd, bool no_nat_t, UINT *nat_t_error_code, bool try_start_ssl, SSL_VERIFY_OPTION *ssl_option, UINT *ssl_err, char *hint_str, IP *ret_ip);
UINT ProxyCodeToCedar(UINT code);
@@ -132,6 +143,7 @@ void PackAddPolicy(PACK *p, POLICY *y);
PACK *PackWelcome(SESSION *s);
PACK *PackHello(void *random, UINT ver, UINT build, char *server_str);
bool GetHello(PACK *p, void *random, UINT *ver, UINT *build, char *server_str, UINT server_str_size);
PACK *PackLoginWithExternal(char *hubname, char *username);
PACK *PackLoginWithAnonymous(char *hubname, char *username);
PACK *PackLoginWithPassword(char *hubname, char *username, void *secure_password);
PACK *PackLoginWithPlainPassword(char *hubname, char *username, void *plain_password);
src/Cedar/Radius.c
+173 -29
View File
@@ -10,6 +10,7 @@
#include "Connection.h"
#include "IPC.h"
#include "Server.h"
#include "Proto_PPP.h"
#include "Mayaqua/DNS.h"
#include "Mayaqua/Internat.h"
@@ -19,7 +20,7 @@
#include "Mayaqua/Tick64.h"
// send PEAP-MSCHAPv2 auth client response
bool PeapClientSendMsChapv2AuthClientResponse(EAP_CLIENT *e, UCHAR *client_response, UCHAR *client_challenge)
bool PeapClientSendMsChapv2AuthClientResponse(EAP_CLIENT *e, UCHAR *client_response, UCHAR *client_challenge, char *username)
{
bool ret = false;
EAP_MSCHAPV2_RESPONSE msg1;
@@ -37,13 +38,13 @@ bool PeapClientSendMsChapv2AuthClientResponse(EAP_CLIENT *e, UCHAR *client_respo
msg1.Type = EAP_TYPE_MS_AUTH;
msg1.Chap_Opcode = EAP_MSCHAPV2_OP_RESPONSE;
msg1.Chap_Id = e->MsChapV2Challenge.Chap_Id;
msg1.Chap_Len = Endian16(54 + StrLen(e->Username));
msg1.Chap_Len = Endian16(54 + StrLen(username));
msg1.Chap_ValueSize = 49;
Copy(msg1.Chap_PeerChallenge, client_challenge, 16);
Copy(msg1.Chap_NtResponse, client_response, 24);
Copy(msg1.Chap_Name, e->Username, MIN(StrLen(e->Username), 255));
Copy(msg1.Chap_Name, username, MIN(StrLen(username), 255));
if (SendPeapPacket(e, &msg1, 59 + StrLen(e->Username)) &&
if (SendPeapPacket(e, &msg1, 59 + StrLen(username)) &&
GetRecvPeapMessage(e, &msg2))
{
if (msg2.Type == EAP_TYPE_MS_AUTH &&
@@ -300,7 +301,7 @@ bool SendPeapRawPacket(EAP_CLIENT *e, UCHAR *peap_data, UINT peap_size)
Add(send_packet->AvpList, eap_avp);
response_packet = EapSendPacketAndRecvResponse(e, send_packet);
response_packet = EapSendPacketAndRecvResponse(e, send_packet, true);
if (response_packet != NULL)
{
@@ -416,6 +417,11 @@ bool StartPeapSslClient(EAP_CLIENT *e)
}
e->SslPipe = NewSslPipe(false, NULL, NULL, NULL);
if (e->SslPipe == NULL)
{
return false;
}
send_fifo = e->SslPipe->RawOut->RecvFifo;
recv_fifo = e->SslPipe->RawIn->SendFifo;
@@ -502,7 +508,7 @@ bool StartPeapClient(EAP_CLIENT *e)
Copy(eap1->Data, e->Username, StrLen(e->Username));
Add(request1->AvpList, NewRadiusAvp(RADIUS_ATTRIBUTE_EAP_MESSAGE, 0, 0, eap1, StrLen(e->Username) + 5));
response1 = EapSendPacketAndRecvResponse(e, request1);
response1 = EapSendPacketAndRecvResponse(e, request1, true);
if (response1 != NULL)
{
@@ -532,7 +538,7 @@ bool StartPeapClient(EAP_CLIENT *e)
Add(request2->AvpList, NewRadiusAvp(RADIUS_ATTRIBUTE_EAP_MESSAGE, 0, 0, eap2, 6));
response2 = EapSendPacketAndRecvResponse(e, request2);
response2 = EapSendPacketAndRecvResponse(e, request2, true);
if (response2 != NULL && response2->Parse_EapMessage_DataSize != 0 && response2->Parse_EapMessage != NULL)
{
@@ -632,7 +638,7 @@ void EapSetRadiusGeneralAttributes(RADIUS_PACKET *r, EAP_CLIENT *e)
}
// Send a MSCHAPv2 client auth response1
bool EapClientSendMsChapv2AuthClientResponse(EAP_CLIENT *e, UCHAR *client_response, UCHAR *client_challenge)
bool EapClientSendMsChapv2AuthClientResponse(EAP_CLIENT *e, UCHAR *client_response, UCHAR *client_challenge, char *username)
{
bool ret = false;
RADIUS_PACKET *request1 = NULL;
@@ -657,20 +663,20 @@ bool EapClientSendMsChapv2AuthClientResponse(EAP_CLIENT *e, UCHAR *client_respon
eap1 = ZeroMalloc(sizeof(EAP_MSCHAPV2_RESPONSE));
eap1->Code = EAP_CODE_RESPONSE;
eap1->Id = e->NextEapId++;
eap1->Len = Endian16(59 + StrLen(e->Username));
eap1->Id = e->LastRecvEapId;
eap1->Len = Endian16(59 + StrLen(username));
eap1->Type = EAP_TYPE_MS_AUTH;
eap1->Chap_Opcode = EAP_MSCHAPV2_OP_RESPONSE;
eap1->Chap_Id = e->MsChapV2Challenge.Chap_Id;
eap1->Chap_Len = Endian16(54 + StrLen(e->Username));
eap1->Chap_Len = Endian16(54 + StrLen(username));
eap1->Chap_ValueSize = 49;
Copy(eap1->Chap_PeerChallenge, client_challenge, 16);
Copy(eap1->Chap_NtResponse, client_response, 24);
Copy(eap1->Chap_Name, e->Username, MIN(StrLen(e->Username), 255));
Copy(eap1->Chap_Name, username, MIN(StrLen(username), 255));
Add(request1->AvpList, NewRadiusAvp(RADIUS_ATTRIBUTE_EAP_MESSAGE, 0, 0, eap1, StrLen(e->Username) + 59));
Add(request1->AvpList, NewRadiusAvp(RADIUS_ATTRIBUTE_EAP_MESSAGE, 0, 0, eap1, StrLen(username) + 59));
response1 = EapSendPacketAndRecvResponse(e, request1);
response1 = EapSendPacketAndRecvResponse(e, request1, false);
if (response1 != NULL)
{
@@ -713,14 +719,14 @@ bool EapClientSendMsChapv2AuthClientResponse(EAP_CLIENT *e, UCHAR *client_respon
eap2 = ZeroMalloc(sizeof(EAP_MSCHAPV2_SUCCESS_CLIENT));
eap2->Code = EAP_CODE_RESPONSE;
eap2->Id = e->NextEapId++;
eap2->Id = e->LastRecvEapId;
eap2->Len = Endian16(6);
eap2->Type = EAP_TYPE_MS_AUTH;
eap2->Chap_Opcode = EAP_MSCHAPV2_OP_SUCCESS;
Add(request2->AvpList, NewRadiusAvp(RADIUS_ATTRIBUTE_EAP_MESSAGE, 0, 0, eap2, 6));
response2 = EapSendPacketAndRecvResponse(e, request2);
response2 = EapSendPacketAndRecvResponse(e, request2, false);
if (response2 != NULL)
{
@@ -770,13 +776,13 @@ bool EapClientSendMsChapv2AuthRequest(EAP_CLIENT *e)
eap1 = ZeroMalloc(sizeof(EAP_MESSAGE));
eap1->Code = EAP_CODE_RESPONSE;
eap1->Id = e->NextEapId++;
eap1->Id = e->LastRecvEapId;
eap1->Len = Endian16(StrLen(e->Username) + 5);
eap1->Type = EAP_TYPE_IDENTITY;
Copy(eap1->Data, e->Username, StrLen(e->Username));
Add(request1->AvpList, NewRadiusAvp(RADIUS_ATTRIBUTE_EAP_MESSAGE, 0, 0, eap1, StrLen(e->Username) + 5));
response1 = EapSendPacketAndRecvResponse(e, request1);
response1 = EapSendPacketAndRecvResponse(e, request1, false);
if (response1 != NULL)
{
@@ -799,14 +805,14 @@ bool EapClientSendMsChapv2AuthRequest(EAP_CLIENT *e)
eap2 = ZeroMalloc(sizeof(EAP_MESSAGE));
eap2->Code = EAP_CODE_RESPONSE;
eap2->Id = e->NextEapId++;
eap2->Id = e->LastRecvEapId;
eap2->Len = Endian16(6);
eap2->Type = EAP_TYPE_LEGACY_NAK;
eap2->Data[0] = EAP_TYPE_MS_AUTH;
Add(request2->AvpList, NewRadiusAvp(RADIUS_ATTRIBUTE_EAP_MESSAGE, 0, 0, eap2, 6));
response2 = EapSendPacketAndRecvResponse(e, request2);
response2 = EapSendPacketAndRecvResponse(e, request2, false);
if (response2 != NULL && response2->Parse_EapMessage_DataSize != 0 && response2->Parse_EapMessage != NULL)
{
@@ -849,8 +855,141 @@ LABEL_PARSE_EAP:
return ret;
}
// Send a EAP identity request to Radius
PPP_LCP *EapClientSendEapIdentity(EAP_CLIENT *e)
{
PPP_LCP *lcp = NULL;
RADIUS_PACKET *request = NULL;
RADIUS_PACKET *response = NULL;
EAP_MESSAGE *eap1 = NULL;
if (e == NULL)
{
return NULL;
}
request = NewRadiusPacket(RADIUS_CODE_ACCESS_REQUEST, e->NextRadiusPacketId++);
EapSetRadiusGeneralAttributes(request, e);
eap1 = ZeroMalloc(sizeof(EAP_MESSAGE));
eap1->Code = EAP_CODE_RESPONSE;
eap1->Id = e->LastRecvEapId;
eap1->Len = Endian16(StrLen(e->Username) + 5);
eap1->Type = EAP_TYPE_IDENTITY;
Copy(eap1->Data, e->Username, StrLen(e->Username));
Add(request->AvpList, NewRadiusAvp(RADIUS_ATTRIBUTE_EAP_MESSAGE, 0, 0, eap1, StrLen(e->Username) + 5));
Debug("Radius proxy: send access-request %d with EAP code %d id %d type %d datasize %d\n",
request->PacketId, eap1->Code, eap1->Id, eap1->Type, StrLen(e->Username));
response = EapSendPacketAndRecvResponse(e, request, false);
if (response != NULL)
{
if (response->Parse_EapMessage_DataSize >= 5 && response->Parse_EapMessage != NULL)
{
EAP_MESSAGE *eap2 = response->Parse_EapMessage;
UINT datasize = response->Parse_EapMessage_DataSize - 5;
lcp = BuildEAPPacketEx(eap2->Code, eap2->Id, eap2->Type, datasize);
PPP_EAP *eap_packet = lcp->Data;
Copy(eap_packet->Data, eap2->Data, datasize);
Debug("Radius proxy: received access-challenge %d with EAP code %d id %d type %d datasize %d\n",
response->PacketId, eap2->Code, eap2->Id, eap2->Type, datasize);
}
}
FreeRadiusPacket(request);
FreeRadiusPacket(response);
Free(eap1);
return lcp;
}
// Send generic EAP Radius request (client EAP response) and get reply
PPP_LCP *EapClientSendEapRequest(EAP_CLIENT *e, PPP_EAP *eap_request, UINT request_datasize)
{
PPP_LCP *lcp = NULL;
RADIUS_PACKET *request = NULL;
RADIUS_PACKET *response = NULL;
EAP_MESSAGE *eap1 = NULL;
UCHAR *pos;
UINT remaining;
if (e == NULL || eap_request == NULL)
{
return NULL;
}
request = NewRadiusPacket(RADIUS_CODE_ACCESS_REQUEST, e->NextRadiusPacketId++);
EapSetRadiusGeneralAttributes(request, e);
if (e->LastStateSize != 0)
{
Add(request->AvpList, NewRadiusAvp(RADIUS_ATTRIBUTE_STATE, 0, 0,
e->LastState, e->LastStateSize));
}
eap1 = ZeroMalloc(sizeof(EAP_MESSAGE));
eap1->Code = EAP_CODE_RESPONSE;
eap1->Id = e->LastRecvEapId;
eap1->Len = Endian16(request_datasize + 5);
eap1->Type = eap_request->Type;
Copy(eap1->Data, eap_request->Data, request_datasize);
// Fragmentation
pos = (UCHAR *)eap1;
remaining = request_datasize + 5;
while (remaining > 0)
{
UINT size = MIN(253, remaining);
Add(request->AvpList, NewRadiusAvp(RADIUS_ATTRIBUTE_EAP_MESSAGE, 0, 0, pos, size));
pos += size;
remaining -= size;
}
Debug("Radius proxy: send access-request %d with EAP code %d id %d type %d datasize %d\n",
request->PacketId, eap1->Code, eap1->Id, eap1->Type, request_datasize);
response = EapSendPacketAndRecvResponse(e, request, false);
if (response != NULL)
{
switch (response->Code)
{
case RADIUS_CODE_ACCESS_CHALLENGE:
if (response->Parse_EapMessage_DataSize >= 5 && response->Parse_EapMessage != NULL)
{
EAP_MESSAGE *eap2 = response->Parse_EapMessage;
UINT datasize = response->Parse_EapMessage_DataSize - 5;
lcp = BuildEAPPacketEx(eap2->Code, eap2->Id, eap2->Type, datasize);
PPP_EAP *eap_packet = lcp->Data;
Copy(eap_packet->Data, eap2->Data, datasize);
Debug("Radius proxy: received access-challenge %d with EAP code %d id %d type %d datasize %d\n",
response->PacketId, eap2->Code, eap2->Id, eap2->Type, datasize);
}
else
{
Debug("Radius proxy error: received access-challenge %d without EAP\n", response->PacketId);
lcp = NewPPPLCP(PPP_EAP_CODE_FAILURE, e->LastRecvEapId);
}
break;
case RADIUS_CODE_ACCESS_ACCEPT:
Debug("Radius proxy: received access-accept %d\n", response->PacketId);
lcp = NewPPPLCP(PPP_EAP_CODE_SUCCESS, e->LastRecvEapId);
break;
case RADIUS_CODE_ACCESS_REJECT:
default:
Debug("Radius proxy: received access-reject %d\n", response->PacketId);
lcp = NewPPPLCP(PPP_EAP_CODE_FAILURE, e->LastRecvEapId);
break;
}
}
FreeRadiusPacket(request);
FreeRadiusPacket(response);
Free(eap1);
return lcp;
}
// Send a packet and recv a response
RADIUS_PACKET *EapSendPacketAndRecvResponse(EAP_CLIENT *e, RADIUS_PACKET *r)
RADIUS_PACKET *EapSendPacketAndRecvResponse(EAP_CLIENT *e, RADIUS_PACKET *r, bool parse_inner)
{
SOCKSET set;
UINT64 giveup_tick = 0;
@@ -990,7 +1129,7 @@ RADIUS_PACKET *EapSendPacketAndRecvResponse(EAP_CLIENT *e, RADIUS_PACKET *r)
{
EAP_MESSAGE *eap_msg = (EAP_MESSAGE *)rp->Parse_EapMessage;
if (eap_msg->Type == EAP_TYPE_PEAP)
if (parse_inner && eap_msg->Type == EAP_TYPE_PEAP)
{
EAP_PEAP *peap_message = (EAP_PEAP *)eap_msg;
@@ -1069,7 +1208,8 @@ RADIUS_PACKET *EapSendPacketAndRecvResponse(EAP_CLIENT *e, RADIUS_PACKET *r)
is_finish = true;
Free(rp->Parse_EapMessage);
rp->Parse_EapMessage = Clone(e->PEAP_CurrentReceivingMsg->Buf, e->PEAP_CurrentReceivingMsg->Size);
rp->Parse_EapMessage = ZeroMalloc(sizeof(EAP_MESSAGE));
Copy(rp->Parse_EapMessage, e->PEAP_CurrentReceivingMsg->Buf, e->PEAP_CurrentReceivingMsg->Size);
rp->Parse_EapMessage_DataSize = e->PEAP_CurrentReceivingMsg->Size;
}
}
@@ -1165,7 +1305,8 @@ bool EapSendPacket(EAP_CLIENT *e, RADIUS_PACKET *r)
}
// New EAP client
EAP_CLIENT *NewEapClient(IP *server_ip, UINT server_port, char *shared_secret, UINT resend_timeout, UINT giveup_timeout, char *client_ip_str, char *username, char *hubname)
EAP_CLIENT *NewEapClient(IP *server_ip, UINT server_port, char *shared_secret, UINT resend_timeout, UINT giveup_timeout, char *client_ip_str,
char *username, char *hubname, UCHAR last_recv_eapid)
{
EAP_CLIENT *e;
if (server_ip == NULL)
@@ -1197,7 +1338,7 @@ EAP_CLIENT *NewEapClient(IP *server_ip, UINT server_port, char *shared_secret, U
StrCpy(e->CalledStationStr, sizeof(e->CalledStationStr), hubname);
StrCpy(e->ClientIpStr, sizeof(e->ClientIpStr), client_ip_str);
StrCpy(e->Username, sizeof(e->Username), username);
e->LastRecvEapId = 0;
e->LastRecvEapId = last_recv_eapid;
e->PEAP_CurrentReceivingMsg = NewBuf();
@@ -1508,7 +1649,8 @@ RADIUS_PACKET *ParseRadiusPacket(void *data, UINT size)
{
if (p->Parse_EapMessage == NULL)
{
EAP_MESSAGE *eap = Clone(a.Data, a.DataSize);
EAP_MESSAGE *eap = ZeroMalloc(sizeof(EAP_MESSAGE));
Copy(eap, a.Data, a.DataSize);
p->Parse_EapMessage_DataSize = sz_tmp;
@@ -1603,7 +1745,8 @@ RADIUS_PACKET *ParseRadiusPacket(void *data, UINT size)
p->Parse_EapMessage_DataSize = b->Size;
p->Parse_EapMessage_DataSize = MIN(p->Parse_EapMessage_DataSize, 1500);
p->Parse_EapMessage = Clone(b->Buf, p->Parse_EapMessage_DataSize);
p->Parse_EapMessage = ZeroMalloc(sizeof(EAP_MESSAGE));
Copy(p->Parse_EapMessage, b->Buf, p->Parse_EapMessage_DataSize);
}
FreeBuf(b);
@@ -1676,15 +1819,16 @@ bool RadiusLogin(CONNECTION *c, char *server, UINT port, UCHAR *secret, UINT sec
StrCpy(eap->In_VpnProtocolState, sizeof(eap->In_VpnProtocolState), opt->In_VpnProtocolState);
}
// Use the username known to the client instead of parsed by us, or response may be invalid
if (eap->PeapMode == false)
{
ret = EapClientSendMsChapv2AuthClientResponse(eap, mschap.MsChapV2_ClientResponse,
mschap.MsChapV2_ClientChallenge);
mschap.MsChapV2_ClientChallenge, mschap.MsChapV2_PPPUsername);
}
else
{
ret = PeapClientSendMsChapv2AuthClientResponse(eap, mschap.MsChapV2_ClientResponse,
mschap.MsChapV2_ClientChallenge);
mschap.MsChapV2_ClientChallenge, mschap.MsChapV2_PPPUsername);
}
if (ret)

Some files were not shown because too many files have changed in this diff Show More