├── .gitattributes ├── .gitignore ├── .gitmodules ├── .mailmap ├── .svncommitters ├── .travis.yml ├── .travis ├── build-check.sh ├── build-deps.sh └── coverity.sh ├── AUTHORS ├── CONTRIBUTING.rst ├── COPYING ├── COPYRIGHT.GPL ├── ChangeLog ├── Changes.rst ├── INSTALL ├── Makefile.am ├── NEWS ├── PORTS ├── README ├── README.IPv6 ├── README.ec ├── README.mbedtls ├── README.md ├── SECURITY.md ├── TODO.IPv6 ├── build ├── Makefile.am ├── ltrc.inc └── msvc │ ├── Makefile.am │ └── msvc-generate │ ├── Makefile.am │ ├── Makefile.mak │ ├── msvc-generate.js │ ├── msvc-generate.vcxproj │ └── version.m4.in ├── compat.m4 ├── config-msvc-version.h.in ├── config-msvc.h ├── configure.ac ├── contrib ├── OCSP_check │ └── OCSP_check.sh ├── README ├── multilevel-init.patch ├── openvpn-fwmarkroute-1.00 │ ├── README │ ├── fwmarkroute.down │ └── fwmarkroute.up └── pull-resolv-conf │ ├── client.down │ └── client.up ├── debug ├── doval ├── dovalns └── valgrind-suppress ├── dev-tools ├── reformat-all.sh ├── reformat-patches │ ├── after_include_openvpn-plugin.h.in.patch │ └── before_include_openvpn-plugin.h.in.patch ├── special-files.lst ├── uncrustify.conf └── update-copyright.sh ├── distro ├── Makefile.am └── systemd │ ├── Makefile.am │ ├── README.systemd │ ├── openvpn-client@.service.in │ ├── openvpn-server@.service.in │ └── tmpfiles-openvpn.conf ├── doc ├── Makefile.am ├── README.plugins ├── android.txt ├── doxygen │ ├── doc_compression.h │ ├── doc_control_processor.h │ ├── doc_control_tls.h │ ├── doc_data_control.h │ ├── doc_data_crypto.h │ ├── doc_eventloop.h │ ├── doc_external_multiplexer.h │ ├── doc_fragmentation.h │ ├── doc_internal_multiplexer.h │ ├── doc_key_generation.h │ ├── doc_mainpage.h │ ├── doc_memory_management.h │ ├── doc_protocol_overview.h │ ├── doc_reliable.h │ ├── doc_tunnel_state.h │ └── openvpn.doxyfile ├── interactive-service-notes.rst ├── keying-material-exporter.txt ├── management-notes.txt └── openvpn.8 ├── include ├── Makefile.am ├── openvpn-msg.h └── openvpn-plugin.h.in ├── m4 ├── .keep ├── ax_emptyarray.m4 ├── ax_socklen_t.m4 ├── ax_varargs.m4 └── pkg.m4 ├── msvc-build.bat ├── msvc-dev.bat ├── msvc-env.bat ├── openvpn.sln ├── sample ├── Makefile.am ├── sample-config-files │ ├── README │ ├── client.conf │ ├── firewall.sh │ ├── home.up │ ├── loopback-client │ ├── loopback-server │ ├── office.up │ ├── openvpn-shutdown.sh │ ├── openvpn-startup.sh │ ├── server.conf │ ├── static-home.conf │ ├── static-office.conf │ ├── tls-home.conf │ ├── tls-office.conf │ ├── xinetd-client-config │ └── xinetd-server-config ├── sample-keys │ ├── README │ ├── ca.crt │ ├── ca.key │ ├── client-ec.crt │ ├── client-ec.key │ ├── client-pass.key │ ├── client.crt │ ├── client.key │ ├── client.p12 │ ├── dh2048.pem │ ├── gen-sample-keys.sh │ ├── openssl.cnf │ ├── server-ec.crt │ ├── server-ec.key │ ├── server.crt │ ├── server.key │ └── ta.key ├── sample-plugins │ ├── defer │ │ ├── README │ │ ├── build │ │ ├── simple.c │ │ ├── simple.def │ │ └── winbuild │ ├── keying-material-exporter-demo │ │ ├── README │ │ ├── build │ │ ├── client.ovpn │ │ ├── http-client.py │ │ ├── http-server.py │ │ ├── keyingmaterialexporter.c │ │ └── server.ovpn │ ├── log │ │ ├── build │ │ ├── log.c │ │ ├── log_v3.c │ │ └── winbuild │ └── simple │ │ ├── README │ │ ├── base64.c │ │ ├── build │ │ ├── simple.c │ │ ├── simple.def │ │ └── winbuild ├── sample-scripts │ ├── auth-pam.pl │ ├── bridge-start │ ├── bridge-stop │ ├── ucn.pl │ └── verify-cn └── sample-windows │ └── sample.ovpn ├── src ├── Makefile.am ├── compat │ ├── Makefile.am │ ├── compat-basename.c │ ├── compat-daemon.c │ ├── compat-dirname.c │ ├── compat-gettimeofday.c │ ├── compat-inet_ntop.c │ ├── compat-inet_pton.c │ ├── compat-lz4.c │ ├── compat-lz4.h │ ├── compat-versionhelpers.h │ ├── compat.h │ ├── compat.vcxproj │ └── compat.vcxproj.filters ├── openvpn │ ├── Makefile.am │ ├── argv.c │ ├── argv.h │ ├── base64.c │ ├── base64.h │ ├── basic.h │ ├── block_dns.c │ ├── block_dns.h │ ├── buffer.c │ ├── buffer.h │ ├── circ_list.h │ ├── clinat.c │ ├── clinat.h │ ├── common.h │ ├── comp-lz4.c │ ├── comp-lz4.h │ ├── comp.c │ ├── comp.h │ ├── compstub.c │ ├── console.c │ ├── console.h │ ├── console_builtin.c │ ├── console_systemd.c │ ├── crypto.c │ ├── crypto.h │ ├── crypto_backend.h │ ├── crypto_mbedtls.c │ ├── crypto_mbedtls.h │ ├── crypto_openssl.c │ ├── crypto_openssl.h │ ├── cryptoapi.c │ ├── cryptoapi.h │ ├── dhcp.c │ ├── dhcp.h │ ├── errlevel.h │ ├── error.c │ ├── error.h │ ├── event.c │ ├── event.h │ ├── fdmisc.c │ ├── fdmisc.h │ ├── forward-inline.h │ ├── forward.c │ ├── forward.h │ ├── fragment.c │ ├── fragment.h │ ├── gremlin.c │ ├── gremlin.h │ ├── helper.c │ ├── helper.h │ ├── httpdigest.c │ ├── httpdigest.h │ ├── init.c │ ├── init.h │ ├── integer.h │ ├── interval.c │ ├── interval.h │ ├── list.c │ ├── list.h │ ├── lladdr.c │ ├── lladdr.h │ ├── lzo.c │ ├── lzo.h │ ├── manage.c │ ├── manage.h │ ├── mbuf.c │ ├── mbuf.h │ ├── memdbg.h │ ├── misc.c │ ├── misc.h │ ├── mroute.c │ ├── mroute.h │ ├── mss.c │ ├── mss.h │ ├── mstats.c │ ├── mstats.h │ ├── mtcp.c │ ├── mtcp.h │ ├── mtu.c │ ├── mtu.h │ ├── mudp.c │ ├── mudp.h │ ├── multi.c │ ├── multi.h │ ├── ntlm.c │ ├── ntlm.h │ ├── occ-inline.h │ ├── occ.c │ ├── occ.h │ ├── openssl_compat.h │ ├── openvpn.c │ ├── openvpn.h │ ├── openvpn.vcxproj │ ├── openvpn.vcxproj.filters │ ├── openvpn_win32_resources.rc │ ├── options.c │ ├── options.h │ ├── otime.c │ ├── otime.h │ ├── packet_id.c │ ├── packet_id.h │ ├── perf.c │ ├── perf.h │ ├── pf-inline.h │ ├── pf.c │ ├── pf.h │ ├── ping-inline.h │ ├── ping.c │ ├── ping.h │ ├── pkcs11.c │ ├── pkcs11.h │ ├── pkcs11_backend.h │ ├── pkcs11_mbedtls.c │ ├── pkcs11_openssl.c │ ├── platform.c │ ├── platform.h │ ├── plugin.c │ ├── plugin.h │ ├── pool.c │ ├── pool.h │ ├── proto.c │ ├── proto.h │ ├── proxy.c │ ├── proxy.h │ ├── ps.c │ ├── ps.h │ ├── push.c │ ├── push.h │ ├── pushlist.h │ ├── reliable.c │ ├── reliable.h │ ├── route.c │ ├── route.h │ ├── schedule.c │ ├── schedule.h │ ├── session_id.c │ ├── session_id.h │ ├── shaper.c │ ├── shaper.h │ ├── sig.c │ ├── sig.h │ ├── socket.c │ ├── socket.h │ ├── socks.c │ ├── socks.h │ ├── ssl.c │ ├── ssl.h │ ├── ssl_backend.h │ ├── ssl_common.h │ ├── ssl_mbedtls.c │ ├── ssl_mbedtls.h │ ├── ssl_openssl.c │ ├── ssl_openssl.h │ ├── ssl_verify.c │ ├── ssl_verify.h │ ├── ssl_verify_backend.h │ ├── ssl_verify_mbedtls.c │ ├── ssl_verify_mbedtls.h │ ├── ssl_verify_openssl.c │ ├── ssl_verify_openssl.h │ ├── status.c │ ├── status.h │ ├── syshead.h │ ├── tls_crypt.c │ ├── tls_crypt.h │ ├── tun.c │ ├── tun.h │ ├── win32.c │ └── win32.h ├── openvpnserv │ ├── Makefile.am │ ├── automatic.c │ ├── common.c │ ├── interactive.c │ ├── openvpnserv.vcxproj │ ├── openvpnserv.vcxproj.filters │ ├── openvpnserv_resources.rc │ ├── service.c │ ├── service.h │ ├── validate.c │ └── validate.h └── plugins │ ├── Makefile.am │ ├── auth-pam │ ├── Makefile.am │ ├── README.auth-pam │ ├── auth-pam.c │ ├── auth-pam.exports │ ├── pamdl.c │ ├── pamdl.h │ ├── utils.c │ └── utils.h │ └── down-root │ ├── Makefile.am │ ├── README.down-root │ ├── down-root.c │ └── down-root.exports ├── tests ├── Makefile.am ├── t_client.rc-sample ├── t_client.sh.in ├── t_cltsrv-down.sh ├── t_cltsrv.sh ├── t_lpback.sh ├── unit_tests │ ├── Makefile.am │ ├── README.md │ ├── example_test │ │ ├── Makefile.am │ │ ├── README.md │ │ ├── test.c │ │ └── test2.c │ ├── openvpn │ │ ├── Makefile.am │ │ ├── mock_msg.c │ │ ├── mock_msg.h │ │ ├── test_argv.c │ │ ├── test_buffer.c │ │ ├── test_packet_id.c │ │ └── test_tls_crypt.c │ └── plugins │ │ ├── Makefile.am │ │ └── auth-pam │ │ ├── Makefile.am │ │ └── test_search_and_replace.c └── update_t_client_ips.sh ├── vendor ├── Makefile.am └── README.md ├── version.m4 └── version.sh.in /.gitattributes: -------------------------------------------------------------------------------- 1 | *.c eol=lf 2 | *.h eol=lf 3 | *.rc eol=lf 4 | *.txt eol=lf 5 | *.bat eol=lf 6 | *.vc*proj* eol=crlf 7 | *.sln eol=crlf 8 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *.[oa] 2 | *.l[oa] 3 | *.dll 4 | *.exe 5 | *.exe.* 6 | *.obj 7 | *.pyc 8 | *.so 9 | *~ 10 | *.idb 11 | *.suo 12 | *.ncb 13 | *.vcproj.* 14 | *.vcxproj.user 15 | *.sln.cache 16 | *.log 17 | Release 18 | Debug 19 | Win32-Output 20 | .vs 21 | .deps 22 | .libs 23 | Makefile 24 | Makefile.in 25 | aclocal.m4 26 | autodefs.h 27 | autom4te.cache 28 | config.guess 29 | config.h 30 | config.h.in 31 | config.log 32 | config.status 33 | config.sub 34 | configure 35 | configure.h 36 | depcomp 37 | doxygen/ 38 | stamp-h1 39 | install-sh 40 | missing 41 | ltmain.sh 42 | libtool 43 | m4/libtool.m4 44 | m4/ltoptions.m4 45 | m4/ltsugar.m4 46 | m4/ltversion.m4 47 | m4/lt~obsolete.m4 48 | 49 | version.sh 50 | msvc-env-local.bat 51 | config-msvc-local.h 52 | config-msvc-version.h 53 | doc/openvpn.8.html 54 | distro/systemd/*.service 55 | sample/sample-keys/sample-ca/ 56 | vendor/cmocka_build 57 | vendor/dist 58 | build/msvc/msvc-generate/version.m4 59 | 60 | tests/t_client.sh 61 | tests/t_client-*-20??????-??????/ 62 | t_client.rc 63 | t_client_ips.rc 64 | tests/unit_tests/**/*_testdriver 65 | 66 | src/openvpn/openvpn 67 | include/openvpn-plugin.h 68 | config-version.h 69 | nbproject 70 | test-driver 71 | compile 72 | stamp-h2 73 | -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "vendor/cmocka"] 2 | path = vendor/cmocka 3 | url = https://git.cryptomilk.org/projects/cmocka.git 4 | branch = master 5 | -------------------------------------------------------------------------------- /.mailmap: -------------------------------------------------------------------------------- 1 | Adriaan de Jong 2 | David Sommerseth 3 | Gert Doering 4 | Gert Doering 5 | Gert Doering 6 | Gert Doering 7 | James Yonan 8 | Jan Just Keijser 9 | JuanJo Ciarlante 10 | Karl O. Pinc 11 | Robert Fischer 12 | Samuli Seppänen 13 | Seth Mos 14 | -------------------------------------------------------------------------------- /.svncommitters: -------------------------------------------------------------------------------- 1 | james = James Yonan 2 | -------------------------------------------------------------------------------- /.travis/build-check.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -eux 3 | 4 | if [ "${TRAVIS_OS_NAME}" = "linux" ]; then 5 | export LD_LIBRARY_PATH="${PREFIX}/lib:${LD_LIBRARY_PATH:-}" 6 | fi 7 | 8 | if [ "${TRAVIS_OS_NAME}" = "osx" ]; then 9 | export DYLD_LIBRARY_PATH="${PREFIX}/lib:${DYLD_LIBRARY_PATH:-}" 10 | fi 11 | 12 | autoreconf -vi 13 | 14 | if [ -z ${CHOST+x} ]; then 15 | ./configure --with-crypto-library="${SSLLIB}" ${EXTRA_CONFIG:-} || (cat config.log && exit 1) 16 | make -j$JOBS 17 | src/openvpn/openvpn --version || true 18 | if [ "${TRAVIS_OS_NAME}" = "linux" ]; then ldd src/openvpn/openvpn; fi 19 | if [ "${TRAVIS_OS_NAME}" = "osx" ]; then otool -L src/openvpn/openvpn; fi 20 | make check 21 | ${EXTRA_SCRIPT:-} 22 | else 23 | export TAP_CFLAGS="-I${PWD}/tap-windows-${TAP_WINDOWS_VERSION}/include" 24 | export LZO_CFLAGS="-I${PREFIX}/include" 25 | export LZO_LIBS="-L${PREFIX}/lib -llzo2" 26 | export PKCS11_HELPER_LIBS="-L${PREFIX}/lib -lpkcs11-helper" 27 | export PKCS11_HELPER_CFLAGS="-I${PREFIX}/include" 28 | ./configure --with-crypto-library="${SSLLIB}" --host=${CHOST} --build=x86_64-pc-linux-gnu --enable-pkcs11 --disable-plugins || (cat config.log && exit 1) 29 | make -j${JOBS} 30 | fi 31 | -------------------------------------------------------------------------------- /.travis/coverity.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -eu 3 | 4 | RUN_COVERITY="${RUN_COVERITY:-0}" 5 | 6 | export COVERITY_SCAN_PROJECT_NAME="OpenVPN/openvpn" 7 | export COVERITY_SCAN_BRANCH_PATTERN="release\/2.4" 8 | export COVERITY_SCAN_NOTIFICATION_EMAIL="scan-reports@openvpn.net" 9 | export COVERITY_SCAN_BUILD_COMMAND_PREPEND="autoreconf -vi && ./configure --enable-iproute2 && make clean" 10 | export COVERITY_SCAN_BUILD_COMMAND="make" 11 | 12 | if [ "${RUN_COVERITY}" = "1" ]; then 13 | # Ignore exit code, script exits with 1 if we're not on the right branch 14 | curl -s "https://scan.coverity.com/scripts/travisci_build_coverity_scan.sh" | bash || true 15 | else 16 | echo "Skipping coverity scan because \$RUN_COVERITY != \"1\"" 17 | fi 18 | -------------------------------------------------------------------------------- /AUTHORS: -------------------------------------------------------------------------------- 1 | James Yonan 2 | -------------------------------------------------------------------------------- /CONTRIBUTING.rst: -------------------------------------------------------------------------------- 1 | CONTRIBUTING TO THE OPENVPN PROJECT 2 | =================================== 3 | 4 | Patches should be written against the Git "master" branch. Some patches may get 5 | backported to a release branch. 6 | 7 | The preferred procedure to send patches to the "openvpn-devel" mailing list: 8 | 9 | - https://lists.sourceforge.net/lists/listinfo/openvpn-devel 10 | 11 | While we do not merge GitHub pull requests as-is, we do allow their use for code 12 | review purposes. After the patch has been ACKed (reviewed and accepted), it must 13 | be sent to the mailing list. This last step does not necessarily need to be done 14 | by the patch author, although that is definitely recommended. 15 | 16 | When sending patches to "openvpn-devel" the subject line should be prefixed with 17 | [PATCH]. To avoid merging issues the patches should be generated with 18 | git-format-patch or sent using git-send-email. Try to split large patches into 19 | small, atomic pieces to make reviews easier. 20 | 21 | If you want quick feedback on a patch before sending it to openvpn-devel mailing 22 | list, you can visit the #openvpn-devel channel on irc.freenode.net. Note that 23 | you need to be logged in to Freenode to join the channel: 24 | 25 | - http://freenode.net/faq.shtml#nicksetup 26 | 27 | More detailed contribution instructions are available here: 28 | 29 | - https://community.openvpn.net/openvpn/wiki/DeveloperDocumentation 30 | 31 | Note that the process for contributing to other OpenVPN projects such as 32 | openvpn-build, openvpn-gui, tap-windows6 and easy-rsa may differ from what was 33 | described above. Please refer to the contribution instructions of each 34 | respective project. 35 | -------------------------------------------------------------------------------- /NEWS: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/openvpn/61f1d034e64e2f8d5e5d04173edb7e1e62c3fae9/NEWS -------------------------------------------------------------------------------- /README: -------------------------------------------------------------------------------- 1 | OpenVPN -- A Secure tunneling daemon 2 | 3 | Copyright (C) 2002-2018 OpenVPN Inc. This program is free software; 4 | you can redistribute it and/or modify 5 | it under the terms of the GNU General Public License version 2 6 | as published by the Free Software Foundation. 7 | 8 | ************************************************************************* 9 | 10 | To get the latest release of OpenVPN, go to: 11 | 12 | https://openvpn.net/index.php/download/community-downloads.html 13 | 14 | To Build and Install, 15 | 16 | tar -zxf openvpn-.tar.gz 17 | cd openvpn- 18 | ./configure 19 | make 20 | make install 21 | 22 | or see the file INSTALL for more info. 23 | 24 | ************************************************************************* 25 | 26 | For detailed information on OpenVPN, including examples, see the man page 27 | http://openvpn.net/man.html 28 | 29 | For a sample VPN configuration, see 30 | http://openvpn.net/howto.html 31 | 32 | To report an issue, see 33 | https://community.openvpn.net/openvpn/report 34 | 35 | For a description of OpenVPN's underlying protocol, 36 | see the file ssl.h included in the source distribution. 37 | 38 | ************************************************************************* 39 | 40 | Other Files & Directories: 41 | 42 | * configure.ac -- script to rebuild our configure 43 | script and makefile. 44 | 45 | * sample/sample-scripts/verify-cn 46 | 47 | A sample perl script which can be used with OpenVPN's 48 | --tls-verify option to provide a customized authentication 49 | test on embedded X509 certificate fields. 50 | 51 | * sample/sample-keys/ 52 | 53 | Sample RSA keys and certificates. DON'T USE THESE FILES 54 | FOR ANYTHING OTHER THAN TESTING BECAUSE THEY ARE TOTALLY INSECURE. 55 | 56 | * sample/sample-config-files/ 57 | 58 | A collection of OpenVPN config files and scripts from 59 | the HOWTO at http://openvpn.net/howto.html 60 | 61 | ************************************************************************* 62 | 63 | Note that easy-rsa and tap-windows are now maintained in their own subprojects. 64 | Their source code is available here: 65 | 66 | https://github.com/OpenVPN/easy-rsa 67 | https://github.com/OpenVPN/tap-windows 68 | 69 | The old cross-compilation environment (domake-win) and the Python-based 70 | buildsystem have been replaced with openvpn-build: 71 | 72 | https://github.com/OpenVPN/openvpn-build 73 | 74 | See the INSTALL file for usage information. 75 | -------------------------------------------------------------------------------- /README.IPv6: -------------------------------------------------------------------------------- 1 | Since 2.3.0, OpenVPN officially supports IPv6, and all widely used 2 | patches floating around for older versions have been integrated. 3 | 4 | IPv6 payload support 5 | -------------------- 6 | 7 | This is for "IPv6 inside OpenVPN", with server-pushed IPv6 configuration 8 | on the client, and support for IPv6 configuration on the tun/tap interface 9 | from within the openvpn config. 10 | 11 | The code in 2.3.0 supersedes the IPv6 payload patches from Gert Doering, 12 | formerly located at http://www.greenie.net/ipv6/openvpn.html 13 | 14 | 15 | The following options have been added to handle IPv6 configuration, 16 | analogous to their IPv4 counterparts (--server <-> --server-ipv6, etc.) 17 | 18 | - server-ipv6 19 | - ifconfig-ipv6 20 | - ifconfig-ipv6-pool 21 | - ifconfig-ipv6-push 22 | - route-ipv6 23 | - iroute-ipv6 24 | 25 | see "man openvpn" for details how they are used. 26 | 27 | 28 | 29 | IPv6 transport support 30 | ---------------------- 31 | 32 | This is to enable OpenVPN peers or client/servers to talk to each other 33 | over an IPv6 network ("OpenVPN over IPv6"). 34 | 35 | The code in 2.3.0 supersedes the IPv6 transport patches from JuanJo Ciarlante, 36 | formerly located at http://github.com/jjo/openvpn-ipv6 37 | 38 | OpenVPN 2.4.0 includes a big overhaul of the IPv6 transport patches 39 | originally implemented for the Android client (ics-openvpn) 40 | 41 | IPv4/IPv6 transport is automatically is selected when resolving addresses. 42 | Use a 6 or 4 suffix to force IPv6/IPv4: 43 | 44 | --proto udp6 45 | --proto tcp4 46 | --proto tcp6-client 47 | --proto tcp4-server 48 | --proto tcp6 --client / --proto tcp6 --server 49 | 50 | On systems that allow IPv4 connections on IPv6 sockets 51 | (all systems supporting IPV6_V6ONLY setsockopt), an OpenVPN server can 52 | handle IPv4 connections on the IPv6 socket as well, making it a true 53 | dual-stacked server. Use bind ipv6only to disable this behaviour. 54 | 55 | On other systems, as of 2.3.0, you need to run separate server instances 56 | for IPv4 and IPv6. 57 | -------------------------------------------------------------------------------- /README.ec: -------------------------------------------------------------------------------- 1 | Since 2.4.0, OpenVPN has official support for elliptic curve crypto. Elliptic 2 | curves are an alternative to RSA for asymmetric encryption. 3 | 4 | Elliptic curve crypto ('ECC') can be used for the ('TLS') control channel only 5 | in OpenVPN; the data channel (encrypting the actual network traffic) uses 6 | symmetric encryption. ECC can be used in TLS for authentication (ECDSA) and key 7 | exchange (ECDH). 8 | 9 | Key exchange (ECDH) 10 | ------------------- 11 | OpenVPN 2.4.0 and newer automatically initialize ECDH parameters. When ECDSA is 12 | used for authentication, the curve used for the server certificate will be used 13 | for ECDH too. When autodetection fails (e.g. when using RSA certificates) 14 | OpenVPN lets the crypto library decide if possible, or falls back to the 15 | secp384r1 curve. 16 | 17 | An administrator can force an OpenVPN/OpenSSL server to use a specific curve 18 | using the --ecdh-curve option with one of the curves listed as 19 | available by the --show-curves option. Clients will use the same curve as 20 | selected by the server. 21 | 22 | Note that not all curves listed by --show-curves are available for use with TLS; 23 | in that case connecting will fail with a 'no shared cipher' TLS error. 24 | 25 | Authentication (ECDSA) 26 | ---------------------- 27 | Since OpenVPN 2.4.0, using ECDSA certificates works 'out of the box'. Which 28 | specific curves and cipher suites are available depends on your version and 29 | configuration of the crypto library. The crypto library will automatically 30 | select a cipher suite for the TLS control channel. 31 | 32 | Support for generating an ECDSA certificate chain is available in EasyRSA (in 33 | spite of it's name) since EasyRSA 3.0. The parameters you're looking for are 34 | '--use-algo=ec' and '--curve='. See the EasyRSA documentation for 35 | more details on generating ECDSA certificates. 36 | -------------------------------------------------------------------------------- /README.mbedtls: -------------------------------------------------------------------------------- 1 | This version of OpenVPN has mbed TLS support. To enable follow the following 2 | instructions: 3 | 4 | To Build and Install, 5 | 6 | ./configure --with-crypto-library=mbedtls 7 | make 8 | make install 9 | 10 | This version depends on mbed TLS 2.0 (and requires at least 2.0.0). 11 | 12 | ************************************************************************* 13 | 14 | Due to limitations in the mbed TLS library, the following features are missing 15 | in the mbed TLS version of OpenVPN: 16 | 17 | * PKCS#12 file support 18 | * --capath support - Loading certificate authorities from a directory 19 | * Windows CryptoAPI support 20 | * X.509 alternative username fields (must be "CN") 21 | 22 | Plugin/Script features: 23 | 24 | * X.509 subject line has a different format than the OpenSSL subject line 25 | * X.509 certificate export does not work 26 | * X.509 certificate tracking 27 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Please see [our main PQCrypto-VPN repository](https://github.com/microsoft/PQCrypto-VPN) for information about this fork, how to contribute, and how to contact the team. -------------------------------------------------------------------------------- /build/Makefile.am: -------------------------------------------------------------------------------- 1 | # 2 | # OpenVPN -- An application to securely tunnel IP networks 3 | # over a single UDP port, with support for SSL/TLS-based 4 | # session authentication and key exchange, 5 | # packet encryption, packet authentication, and 6 | # packet compression. 7 | # 8 | # Copyright (C) 2002-2018 OpenVPN Inc 9 | # 10 | 11 | MAINTAINERCLEANFILES = \ 12 | $(srcdir)/Makefile.in 13 | 14 | EXTRA_DIST = \ 15 | ltrc.inc 16 | 17 | SUBDIRS = msvc 18 | -------------------------------------------------------------------------------- /build/ltrc.inc: -------------------------------------------------------------------------------- 1 | # 2 | # OpenVPN -- An application to securely tunnel IP networks 3 | # over a single UDP port, with support for SSL/TLS-based 4 | # session authentication and key exchange, 5 | # packet encryption, packet authentication, and 6 | # packet compression. 7 | # 8 | # Copyright (C) 2008-2012 Alon Bar-Lev 9 | # 10 | # Required to build Windows resource file 11 | 12 | RCCOMPILE = $(RC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ 13 | $(AM_CPPFLAGS) $(CPPFLAGS) 14 | LTRCCOMPILE = $(LIBTOOL) --mode=compile --tag=RC $(RCCOMPILE) 15 | 16 | .rc.lo: 17 | $(LTRCCOMPILE) -i "$<" -o "$@" 18 | 19 | .rc.o: 20 | $(RCCOMPILE) -i "$<" -o "$@" 21 | 22 | .mc.rc: 23 | $(WINDMC) "$<" 24 | -------------------------------------------------------------------------------- /build/msvc/Makefile.am: -------------------------------------------------------------------------------- 1 | # 2 | # OpenVPN -- An application to securely tunnel IP networks 3 | # over a single UDP port, with support for SSL/TLS-based 4 | # session authentication and key exchange, 5 | # packet encryption, packet authentication, and 6 | # packet compression. 7 | # 8 | # Copyright (C) 2002-2018 OpenVPN Inc 9 | # Copyright (C) 2006-2012 Alon Bar-Lev 10 | # 11 | 12 | MAINTAINERCLEANFILES = \ 13 | $(srcdir)/Makefile.in 14 | 15 | SUBDIRS = msvc-generate 16 | -------------------------------------------------------------------------------- /build/msvc/msvc-generate/Makefile.am: -------------------------------------------------------------------------------- 1 | # 2 | # OpenVPN -- An application to securely tunnel IP networks 3 | # over a single UDP port, with support for SSL/TLS-based 4 | # session authentication and key exchange, 5 | # packet encryption, packet authentication, and 6 | # packet compression. 7 | # 8 | # Copyright (C) 2002-2018 OpenVPN Inc 9 | # Copyright (C) 2006-2012 Alon Bar-Lev 10 | # 11 | 12 | MAINTAINERCLEANFILES = \ 13 | $(srcdir)/Makefile.in 14 | 15 | dist_noinst_DATA = \ 16 | msvc-generate.vcxproj \ 17 | Makefile.mak \ 18 | msvc-generate.js 19 | -------------------------------------------------------------------------------- /build/msvc/msvc-generate/Makefile.mak: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2008-2012 Alon Bar-Lev 2 | 3 | CONFIG=$(SOURCEBASE)/version.m4 4 | 5 | INPUT_MSVC_VER=$(SOURCEBASE)/config-msvc-version.h.in 6 | OUTPUT_MSVC_VER=$(SOURCEBASE)/config-msvc-version.h 7 | 8 | INPUT_PLUGIN=$(SOURCEBASE)/include/openvpn-plugin.h.in 9 | OUTPUT_PLUGIN=$(SOURCEBASE)/include/openvpn-plugin.h 10 | 11 | INPUT_PLUGIN_CONFIG=version.m4.in 12 | OUTPUT_PLUGIN_CONFIG=version.m4 13 | 14 | all: $(OUTPUT_MSVC_VER) $(OUTPUT_PLUGIN) 15 | 16 | $(OUTPUT_MSVC_VER): $(INPUT_MSVC_VER) $(CONFIG) 17 | cscript //nologo msvc-generate.js --config="$(CONFIG)" --input="$(INPUT_MSVC_VER)" --output="$(OUTPUT_MSVC_VER)" 18 | 19 | $(OUTPUT_PLUGIN_CONFIG): $(INPUT_PLUGIN_CONFIG) 20 | cscript //nologo msvc-generate.js --config="$(CONFIG)" --input="$(INPUT_PLUGIN_CONFIG)" --output="$(OUTPUT_PLUGIN_CONFIG)" 21 | 22 | $(OUTPUT_PLUGIN): $(INPUT_PLUGIN) $(OUTPUT_PLUGIN_CONFIG) 23 | cscript //nologo msvc-generate.js --config="$(OUTPUT_PLUGIN_CONFIG)" --input="$(INPUT_PLUGIN)" --output="$(OUTPUT_PLUGIN)" 24 | 25 | clean: 26 | -del "$(OUTPUT_MSVC_VER)" 27 | -del "$(OUTPUT_PLUGIN)" 28 | -del "$(OUTPUT_PLUGIN_CONFIG)" 29 | -------------------------------------------------------------------------------- /build/msvc/msvc-generate/version.m4.in: -------------------------------------------------------------------------------- 1 | define([OPENVPN_VERSION_MAJOR], [@PRODUCT_VERSION_MAJOR@]) 2 | define([OPENVPN_VERSION_MINOR], [@PRODUCT_VERSION_MINOR@]) 3 | define([OPENVPN_VERSION_PATCH], [@PRODUCT_VERSION_PATCH@]) 4 | -------------------------------------------------------------------------------- /compat.m4: -------------------------------------------------------------------------------- 1 | dnl OpenVPN -- An application to securely tunnel IP networks 2 | dnl over a single UDP port, with support for SSL/TLS-based 3 | dnl session authentication and key exchange, 4 | dnl packet encryption, packet authentication, and 5 | dnl packet compression. 6 | dnl 7 | dnl Copyright (C) 2008-2012 Alon Bar-Lev 8 | dnl 9 | dnl This program is free software; you can redistribute it and/or modify 10 | dnl it under the terms of the GNU General Public License as published by 11 | dnl the Free Software Foundation; either version 2 of the License, or 12 | dnl (at your option) any later version. 13 | dnl 14 | dnl This program is distributed in the hope that it will be useful, 15 | dnl but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | dnl GNU General Public License for more details. 18 | dnl 19 | dnl You should have received a copy of the GNU General Public License along 20 | dnl with this program; if not, write to the Free Software Foundation, Inc., 21 | dnl 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 22 | 23 | dnl Compatibility layer for /dev/null`; do 25 | + for pidf in `find $piddir -name "*.pid" 2>/dev/null`; do 26 | if [ -s $pidf ]; then 27 | kill `cat $pidf` >/dev/null 2>&1 28 | fi 29 | @@ -116,12 +116,12 @@ 30 | sleep 2 31 | fi 32 | 33 | - rm -f $piddir/*.pid $piddir/*/*.pid 34 | + find $piddir -name "*.pid"|xargs rm -f 35 | 36 | # Start every .conf in $work and run .sh if exists 37 | errors=0 38 | successes=0 39 | - for c in `/bin/ls *.conf */*.conf 2>/dev/null`; do 40 | + for c in `find * -name "*.conf" 2>/dev/null`; do 41 | bn=${c%%.conf} 42 | if [ -f "$bn.sh" ]; then 43 | . $bn.sh 44 | @@ -147,7 +147,7 @@ 45 | ;; 46 | stop) 47 | echo -n $"Shutting down openvpn: " 48 | - for pidf in `/bin/ls $piddir/*.pid $piddir/*/*.pid 2>/dev/null`; do 49 | + for pidf in `find $piddir -name "*.pid" 2>/dev/null`; do 50 | if [ -s $pidf ]; then 51 | kill `cat $pidf` >/dev/null 2>&1 52 | fi 53 | @@ -163,7 +163,7 @@ 54 | ;; 55 | reload) 56 | if [ -f $lock ]; then 57 | - for pidf in `/bin/ls $piddir/*.pid $piddir/*/*.pid 2>/dev/null`; do 58 | + for pidf in `find $piddir -name "*.pid" 2>/dev/null`; do 59 | if [ -s $pidf ]; then 60 | kill -HUP `cat $pidf` >/dev/null 2>&1 61 | fi 62 | @@ -175,7 +175,7 @@ 63 | ;; 64 | reopen) 65 | if [ -f $lock ]; then 66 | - for pidf in `/bin/ls $piddir/*.pid $piddir/*/*.pid 2>/dev/null`; do 67 | + for pidf in `find $piddir -name "*.pid" 2>/dev/null`; do 68 | if [ -s $pidf ]; then 69 | kill -USR1 `cat $pidf` >/dev/null 2>&1 70 | fi 71 | @@ -195,7 +195,7 @@ 72 | ;; 73 | status) 74 | if [ -f $lock ]; then 75 | - for pidf in `/bin/ls $piddir/*.pid $piddir/*/*.pid 2>/dev/null`; do 76 | + for pidf in `find $piddir -name "*.pid" 2>/dev/null`; do 77 | if [ -s $pidf ]; then 78 | kill -USR2 `cat $pidf` >/dev/null 2>&1 79 | fi 80 | -------------------------------------------------------------------------------- /contrib/openvpn-fwmarkroute-1.00/README: -------------------------------------------------------------------------------- 1 | OpenVPN fwmark Routing 2 | Sean Reifschneider, 3 | Thursday November 27, 2003 4 | ========================== 5 | 6 | These scripts can be used with OpenVPN up and down scripts to set up 7 | routing on a Linux system such that the VPN traffic is sent via normal 8 | network connectivity, but other traffic to that network runs over the VPN. 9 | The idea is to allow encryption of data to the network the remote host is 10 | on, without interfering with the VPN traffic. You can't simply add a route 11 | to the remote network, becaues that will cause the VPN traffic to also try 12 | to run over the VPN, and breaks the VPN. 13 | 14 | These scripts use the Linux "fwmark" iptables rules to specify routing 15 | based not only on IP address, but also by port and protocol. This allows 16 | you to effectively say "if the packet is to this IP address on this port 17 | using this protocol, then use the normal default gateway, otherwise use the 18 | VPN gateway. 19 | 20 | This is set up on the client VPN system, not the VPN server. These scripts 21 | also set up all ICMP echo-responses to run across the VPN. You can 22 | comment the lines in the scripts to disable this, but I find this useful 23 | at coffee shops which have networks that block ICMP. 24 | 25 | To configure this, you need to set up these scripts as your up and down 26 | scripts in the config file. You will need to set these values in the 27 | config file: 28 | 29 | up /etc/openvpn/fwmarkroute.up 30 | down /etc/openvpn/fwmarkroute.down 31 | up-restart 32 | up-delay 33 | 34 | setenv remote_netmask_bits 24 35 | 36 | Note: For this to work, you can't set the "user" or "group" config options, 37 | because then the scripts will not run as root. 38 | 39 | The last setting allows you to control the size of the network the remote 40 | system is on. The remote end has to be set up to route, probably with 41 | masquerading or NAT. The network this netmask relates to is calculated 42 | using the value of "remote" in the conf file. 43 | 44 | Sean 45 | -------------------------------------------------------------------------------- /contrib/openvpn-fwmarkroute-1.00/fwmarkroute.down: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Bring down vpn routing. 4 | 5 | # calculate the network address 6 | remote_network=`ipcalc -n "$remote"/"$remote_netmask_bits"` 7 | remote_network="${remote_network#*=}" 8 | 9 | # clear routing via VPN 10 | ip route del "$remote_network"/"$remote_netmask_bits" via "$5" table vpn.out 11 | ip route del table vpnonly.out via "$5" 12 | iptables -D OUTPUT -t mangle -p "$proto" \ 13 | -d "$remote_network"/"$remote_netmask_bits" \ 14 | --dport "$remote_port" -j ACCEPT 15 | iptables -D OUTPUT -t mangle -d "$remote" -j MARK --set-mark 2 16 | 17 | # undo the ICMP ping tunneling 18 | iptables -D OUTPUT -t mangle --protocol icmp --icmp-type echo-request \ 19 | -j MARK --set-mark 3 20 | 21 | # flush route cache 22 | ip route flush cache 23 | -------------------------------------------------------------------------------- /contrib/openvpn-fwmarkroute-1.00/fwmarkroute.up: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Bring up vpn routing. 4 | 5 | # calculate the network address 6 | remote_network=`ipcalc -n "$remote"/"$remote_netmask_bits"` 7 | remote_network="${remote_network#*=}" 8 | 9 | # add the stuff that doesn't change if it's not already there 10 | grep -q '^202 ' /etc/iproute2/rt_tables 11 | if [ "$?" -ne 0 ] 12 | then 13 | echo 202 vpn.out >> /etc/iproute2/rt_tables 14 | fi 15 | grep -q '^203 ' /etc/iproute2/rt_tables 16 | if [ "$?" -ne 0 ] 17 | then 18 | echo 203 vpnonly.out >> /etc/iproute2/rt_tables 19 | fi 20 | ip rule ls | grep -q 'lookup vpn.out *$' 21 | if [ "$?" -ne 0 ] 22 | then 23 | ip rule add fwmark 2 table vpn.out 24 | fi 25 | ip rule ls | grep -q 'lookup vpnonly.out *$' 26 | if [ "$?" -ne 0 ] 27 | then 28 | ip rule add fwmark 3 table vpnonly.out 29 | fi 30 | 31 | # route VPN traffic using the normal table 32 | iptables -A OUTPUT -t mangle -p "$proto" -d "$remote" --dport "$remote_port" \ 33 | -j ACCEPT 34 | 35 | # route all other traffic to that host via VPN 36 | iptables -A OUTPUT -t mangle -d "$remote_network"/"$remote_netmask_bits" \ 37 | -j MARK --set-mark 2 38 | 39 | # route all ICMP pings over the VPN 40 | iptables -A OUTPUT -t mangle --protocol icmp --icmp-type echo-request \ 41 | -j MARK --set-mark 3 42 | 43 | # NAT traffic going over the VPN, so it doesn't have an unknown address 44 | iptables -t nat -A POSTROUTING -o "$1" -j SNAT --to-source "$4" 45 | 46 | # add routing commands 47 | ip route add "$remote_network"/"$remote_netmask_bits" via "$5" table vpn.out 48 | ip route add table vpnonly.out via "$5" 49 | ip route flush cache 50 | -------------------------------------------------------------------------------- /contrib/pull-resolv-conf/client.down: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Copyright (c) 2005-2018 OpenVPN Inc 4 | # Licensed under the GPL version 2 5 | 6 | # First version by Jesse Adelman 7 | # someone at boldandbusted dink com 8 | # http://www.boldandbusted.com/ 9 | 10 | # PURPOSE: This script automatically removes the /etc/resolv.conf entries previously 11 | # set by the companion script "client.up". 12 | 13 | # INSTALL NOTES: 14 | # Place this in /etc/openvpn/client.down 15 | # Then, add the following to your /etc/openvpn/.conf: 16 | # client 17 | # up /etc/openvpn/client.up 18 | # down /etc/openvpn/client.down 19 | # Next, "chmod a+x /etc/openvpn/client.down" 20 | 21 | # USAGE NOTES: 22 | # Note that this script is best served with the companion "client.up" 23 | # script. 24 | 25 | # Tested under Debian lenny with OpenVPN 2.1_rc11 26 | # It should work with any UNIX with a POSIX sh, /etc/resolv.conf or resolvconf 27 | 28 | # This runs with the context of the OpenVPN UID/GID 29 | # at the time of execution. This generally means that 30 | # the client "up" script will run fine, but the "down" script 31 | # will require the use of the OpenVPN "down-root" plugin 32 | # which is in the plugins/ directory of the OpenVPN source tree 33 | # The config example above would have to be changed to: 34 | # client 35 | # up /etc/openvpn/client.up 36 | # plugin openvpn-plugin-down-root.so "/etc/openvpn/client.down" 37 | 38 | # A horrid work around, from a security perspective, 39 | # is to run OpenVPN as root. THIS IS NOT RECOMMENDED. You have 40 | # been WARNED. 41 | PATH=/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin 42 | 43 | if type resolvconf >/dev/null 2>&1; then 44 | resolvconf -d "${dev}" -f 45 | elif [ -e /etc/resolv.conf.ovpnsave ] ; then 46 | # cp + rm rather than mv in case it's a symlink 47 | cp /etc/resolv.conf.ovpnsave /etc/resolv.conf 48 | rm -f /etc/resolv.conf.ovpnsave 49 | fi 50 | 51 | exit 0 52 | -------------------------------------------------------------------------------- /debug/doval: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | PROGDIR=`dirname $0` 3 | unset LD_LIBRARY_PATH 4 | valgrind --tool=memcheck --error-limit=no --suppressions=$PROGDIR/debug/valgrind-suppress --gen-suppressions=all --leak-check=full --show-reachable=yes --num-callers=32 $PROGDIR/openvpn "$@" 5 | -------------------------------------------------------------------------------- /debug/dovalns: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | valgrind --tool=memcheck --error-limit=no --gen-suppressions=all --leak-check=full --show-reachable=yes --num-callers=32 $* 3 | -------------------------------------------------------------------------------- /dev-tools/reformat-patches/after_include_openvpn-plugin.h.in.patch: -------------------------------------------------------------------------------- 1 | diff --git a/include/openvpn-plugin.h.in b/include/openvpn-plugin.h.in 2 | index 05bffab..05b4b6a 100644 3 | --- a/include/openvpn-plugin.h.in 4 | +++ b/include/openvpn-plugin.h.in 5 | @@ -169,7 +169,7 @@ typedef void *openvpn_plugin_handle_t; 6 | /* 7 | * We are compiling OpenVPN. 8 | */ 9 | -/* #define OPENVPN_PLUGIN_DEF typedef */ 10 | +#define OPENVPN_PLUGIN_DEF typedef 11 | #define OPENVPN_PLUGIN_FUNC(name) (*name) 12 | 13 | #else /* ifdef OPENVPN_PLUGIN_H */ 14 | -------------------------------------------------------------------------------- /dev-tools/reformat-patches/before_include_openvpn-plugin.h.in.patch: -------------------------------------------------------------------------------- 1 | diff --git a/include/openvpn-plugin.h.in b/include/openvpn-plugin.h.in 2 | index 34ad18b..f4c5472 100644 3 | --- a/include/openvpn-plugin.h.in 4 | +++ b/include/openvpn-plugin.h.in 5 | @@ -169,7 +169,7 @@ typedef void *openvpn_plugin_handle_t; 6 | /* 7 | * We are compiling OpenVPN. 8 | */ 9 | -#define OPENVPN_PLUGIN_DEF typedef 10 | +// #define OPENVPN_PLUGIN_DEF typedef 11 | #define OPENVPN_PLUGIN_FUNC(name) (*name) 12 | 13 | #else 14 | -------------------------------------------------------------------------------- /dev-tools/special-files.lst: -------------------------------------------------------------------------------- 1 | E:doc/doxygen/doc_key_generation.h # @verbatim section gets mistreated, exclude it 2 | E:src/compat/compat-lz4.c # Preserve LZ4 upstream formatting 3 | E:src/compat/compat-lz4.h # Preserve LZ4 upstream formatting 4 | P:include/openvpn-plugin.h.in # uncrustify segfaults, patch it before+after 5 | -------------------------------------------------------------------------------- /dev-tools/uncrustify.conf: -------------------------------------------------------------------------------- 1 | # Use Allman-style 2 | indent_columns=4 3 | indent_braces=false 4 | indent_else_if=false 5 | indent_switch_case=4 6 | indent_label=1 7 | nl_if_brace=add 8 | nl_brace_else=add 9 | nl_elseif_brace=add 10 | nl_else_brace=add 11 | nl_else_if=remove 12 | nl_for_brace=add 13 | nl_while_brace=add 14 | nl_switch_brace=add 15 | nl_fdef_brace=add 16 | nl_do_brace=add 17 | sp_func_proto_paren=Remove 18 | sp_func_def_paren=Remove 19 | sp_func_call_paren=Remove 20 | sp_sizeof_paren=Remove 21 | 22 | # No tabs, spaces only 23 | indent_with_tabs=0 24 | align_with_tabs=false 25 | cmt_convert_tab_to_spaces=true 26 | 27 | # Do not put spaces between the # and preprocessor statements 28 | pp_space=remove 29 | 30 | # Various whitespace fiddling 31 | sp_assign=add 32 | sp_before_sparen=add 33 | sp_inside_sparen=remove 34 | sp_cond_colon=add 35 | sp_cond_question=add 36 | sp_bool=add 37 | sp_else_brace=add 38 | sp_brace_else=add 39 | pos_arith=Lead 40 | pos_bool=Lead 41 | nl_func_type_name=add 42 | nl_before_case=true 43 | nl_assign_leave_one_liners=true 44 | nl_enum_leave_one_liners=true 45 | nl_brace_fparen=add 46 | nl_max=4 47 | nl_after_func_proto=2 48 | 49 | # Always use scoping braces for conditionals 50 | mod_full_brace_if=add 51 | mod_full_brace_if_chain=false 52 | mod_full_brace_while=add 53 | mod_full_brace_for=add 54 | mod_full_brace_do=add 55 | 56 | # Annotate #else and #endif statements 57 | mod_add_long_ifdef_endif_comment=20 58 | mod_add_long_ifdef_else_comment=5 59 | 60 | # Misc cleanup 61 | mod_remove_extra_semicolon=true 62 | 63 | # Use C-style comments (/* .. */) 64 | cmt_c_nl_end=true 65 | cmt_star_cont=true 66 | cmt_cpp_to_c=true 67 | 68 | # Use "char **a"-style pointer stars/dereferences 69 | sp_before_ptr_star=Add 70 | sp_between_ptr_star=Remove 71 | sp_after_ptr_star=Remove 72 | sp_before_byref=Add 73 | sp_after_byref=Remove 74 | -------------------------------------------------------------------------------- /dev-tools/update-copyright.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # update-copyright-sh - Simple tool to update the Copyright lines 3 | # in all files checked into git 4 | # 5 | # Copyright (C) 2016-2018 David Sommerseth 6 | # 7 | # This program is free software; you can redistribute it and/or 8 | # modify it under the terms of the GNU General Public License 9 | # as published by the Free Software Foundation; either version 2 10 | # of the License. 11 | # 12 | # This program is distributed in the hope that it will be useful, 13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | # GNU General Public License for more details. 16 | # 17 | # You should have received a copy of the GNU General Public License 18 | # along with this program; if not, write to the Free Software 19 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 20 | # 21 | 22 | # Basic shell sanity 23 | set -eu 24 | 25 | # Simple argument control 26 | if [ $# -ne 1 ]; then 27 | echo "Usage: $0 " 28 | exit 1 29 | fi 30 | 31 | # Only update Copyright lines with these owners 32 | # The 'or' operator is GNU sed specific, and must be \| 33 | UPDATE_COPYRIGHT_LINES="@openvpn\.net\|@fox-it\.com\|@sophos.com\|@eurephia\.net\|@greenie\.muc\.de" 34 | COPY_YEAR="$1" 35 | 36 | cd "$(git rev-parse --show-toplevel)" 37 | for file in $(git ls-files | grep -v vendor/); 38 | do 39 | echo -n "Updating $file ..." 40 | # The first sed operation covers 20xx-20yy copyright lines, 41 | # The second sed operation changes 20xx -> 20xx-20yy 42 | sed -e "/$UPDATE_COPYRIGHT_LINES/s/\(Copyright (C) 20..-\)\(20..\)[[:blank:]]\+/\1$COPY_YEAR /" \ 43 | -e "/$UPDATE_COPYRIGHT_LINES/s/\(Copyright (C) \)\(20..\)[[:blank:]]\+/\1\2-$COPY_YEAR /" \ 44 | -i $file 45 | echo " Done" 46 | done 47 | echo 48 | echo "** All files updated with $COPY_YEAR as the ending copyright year" 49 | echo 50 | exit 0 51 | -------------------------------------------------------------------------------- /distro/Makefile.am: -------------------------------------------------------------------------------- 1 | # 2 | # OpenVPN -- An application to securely tunnel IP networks 3 | # over a single UDP port, with support for SSL/TLS-based 4 | # session authentication and key exchange, 5 | # packet encryption, packet authentication, and 6 | # packet compression. 7 | # 8 | # Copyright (C) 2002-2018 OpenVPN Inc 9 | # Copyright (C) 2006-2012 Alon Bar-Lev 10 | # 11 | 12 | MAINTAINERCLEANFILES = \ 13 | $(srcdir)/Makefile.in 14 | 15 | SUBDIRS = systemd 16 | -------------------------------------------------------------------------------- /distro/systemd/Makefile.am: -------------------------------------------------------------------------------- 1 | # 2 | # OpenVPN -- An application to securely tunnel IP networks 3 | # over a single UDP port, with support for SSL/TLS-based 4 | # session authentication and key exchange, 5 | # packet encryption, packet authentication, and 6 | # packet compression. 7 | # 8 | # Copyright (C) 2017-2018 OpenVPN Inc 9 | # 10 | 11 | %.service: %.service.in Makefile 12 | $(AM_V_GEN)sed -e 's|\@sbindir\@|$(sbindir)|' \ 13 | $< > $@.tmp && mv $@.tmp $@ 14 | 15 | EXTRA_DIST = \ 16 | tmpfiles-openvpn.conf \ 17 | openvpn-client@.service.in \ 18 | openvpn-server@.service.in 19 | 20 | if ENABLE_SYSTEMD 21 | systemdunit_DATA = \ 22 | openvpn-client@.service \ 23 | openvpn-server@.service 24 | tmpfiles_DATA = \ 25 | tmpfiles-openvpn.conf 26 | dist_doc_DATA = \ 27 | README.systemd 28 | 29 | install-data-hook: 30 | mv $(DESTDIR)$(tmpfilesdir)/tmpfiles-openvpn.conf $(DESTDIR)$(tmpfilesdir)/openvpn.conf 31 | endif 32 | 33 | MAINTAINERCLEANFILES = \ 34 | $(srcdir)/Makefile.in 35 | -------------------------------------------------------------------------------- /distro/systemd/README.systemd: -------------------------------------------------------------------------------- 1 | OpenVPN and systemd 2 | =================== 3 | 4 | As of OpenVPN v2.4, upstream is shipping systemd unit files to provide a 5 | fine grained control of each OpenVPN configuration as well as trying to 6 | restrict the capabilities the OpenVPN process have on a system. 7 | 8 | 9 | Configuration profile types 10 | --------------------------- 11 | These new unit files separates between client and server profiles. The 12 | configuration files are kept in separate directories, to provide clarity 13 | of the profile they run under. 14 | 15 | Typically the client profile cannot bind to any ports below port 1024 16 | and the client configuration is always started with --nobind. 17 | 18 | The server profile is allowed to bind to any ports. In addition it enables 19 | a client status file, usually found in the /run/openvpn-server directory. 20 | The status format is set to version 2 by default. These settings may be 21 | overridden by adding --status and/or --status-version in the OpenVPN 22 | configuration file. 23 | 24 | Neither of these profiles makes use of PID files, but OpenVPN reports back to 25 | systemd its PID once it has initialized. 26 | 27 | For configuration using a peer-to-peer mode (not using --mode server on one 28 | of the sides) it is recommended to use the client profile. 29 | 30 | 31 | Configuration files 32 | ------------------- 33 | These new unit files expects client configuration files to be made available 34 | in /etc/openvpn/client. Similar for the server configurations, it is expected 35 | to be found in /etc/openvpn/server. The configuration files must have a .conf 36 | file extension. 37 | 38 | 39 | Managing VPN tunnels 40 | -------------------- 41 | Use the normal systemctl tool to start, stop VPN tunnels, as well as enable 42 | and disable tunnels at boot time. The syntax is: 43 | 44 | - client configurations: 45 | # systemctl $OPER openvpn-client@$CONFIGNAME 46 | 47 | - server configurations: 48 | # systemctl $OPER openvpn-server@$CONFIGNAME 49 | 50 | Similarly, to view the OpenVPN journal log use a similar syntax: 51 | 52 | # journalctl -u openvpn-client@$CONFIGNAME 53 | or 54 | # journalctl -u openvpn-server@$CONFIGNAME 55 | 56 | * Examples 57 | Say your server configuration is /etc/openvpn/server/tun0.conf, you 58 | start this VPN service like this: 59 | 60 | # systemctl start openvpn-server@tun0 61 | 62 | A client configuration file in /etc/openvpn/client/corpvpn.conf is 63 | started like this: 64 | 65 | # systemctl start openvpn-client@corpvpn 66 | 67 | To view the server configuration's journal only listing entries from 68 | yesterday and until today: 69 | 70 | # journalctl --since yesterday -u openvpn-server@tun0 71 | -------------------------------------------------------------------------------- /distro/systemd/openvpn-client@.service.in: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=OpenVPN tunnel for %I 3 | After=syslog.target network-online.target 4 | Wants=network-online.target 5 | Documentation=man:openvpn(8) 6 | Documentation=https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage 7 | Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO 8 | 9 | [Service] 10 | Type=notify 11 | PrivateTmp=true 12 | WorkingDirectory=/etc/openvpn/client 13 | ExecStart=@sbindir@/openvpn --suppress-timestamps --nobind --config %i.conf 14 | CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE 15 | LimitNPROC=10 16 | DeviceAllow=/dev/null rw 17 | DeviceAllow=/dev/net/tun rw 18 | ProtectSystem=true 19 | ProtectHome=true 20 | KillMode=process 21 | 22 | [Install] 23 | WantedBy=multi-user.target 24 | -------------------------------------------------------------------------------- /distro/systemd/openvpn-server@.service.in: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=OpenVPN service for %I 3 | After=syslog.target network-online.target 4 | Wants=network-online.target 5 | Documentation=man:openvpn(8) 6 | Documentation=https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage 7 | Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO 8 | 9 | [Service] 10 | Type=notify 11 | PrivateTmp=true 12 | WorkingDirectory=/etc/openvpn/server 13 | ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --config %i.conf 14 | CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_AUDIT_WRITE 15 | LimitNPROC=10 16 | DeviceAllow=/dev/null rw 17 | DeviceAllow=/dev/net/tun rw 18 | ProtectSystem=true 19 | ProtectHome=true 20 | KillMode=process 21 | RestartSec=5s 22 | Restart=on-failure 23 | 24 | [Install] 25 | WantedBy=multi-user.target 26 | -------------------------------------------------------------------------------- /distro/systemd/tmpfiles-openvpn.conf: -------------------------------------------------------------------------------- 1 | d /run/openvpn-client 0710 root root - 2 | d /run/openvpn-server 0710 root root - 3 | -------------------------------------------------------------------------------- /doc/Makefile.am: -------------------------------------------------------------------------------- 1 | # 2 | # OpenVPN -- An application to securely tunnel IP networks 3 | # over a single UDP port, with support for SSL/TLS-based 4 | # session authentication and key exchange, 5 | # packet encryption, packet authentication, and 6 | # packet compression. 7 | # 8 | # Copyright (C) 2002-2018 OpenVPN Inc 9 | # Copyright (C) 2006-2012 Alon Bar-Lev 10 | # 11 | 12 | MAINTAINERCLEANFILES = \ 13 | $(srcdir)/Makefile.in 14 | 15 | CLEANFILES = openvpn.8.html 16 | 17 | dist_doc_DATA = \ 18 | management-notes.txt 19 | 20 | dist_noinst_DATA = \ 21 | README.plugins interactive-service-notes.rst 22 | 23 | if WIN32 24 | dist_noinst_DATA += openvpn.8 25 | nodist_html_DATA = openvpn.8.html 26 | openvpn.8.html: $(srcdir)/openvpn.8 27 | $(MAN2HTML) < $(srcdir)/openvpn.8 > openvpn.8.html 28 | else 29 | dist_man_MANS = openvpn.8 30 | endif 31 | 32 | -------------------------------------------------------------------------------- /doc/README.plugins: -------------------------------------------------------------------------------- 1 | OpenVPN Plugins 2 | --------------- 3 | 4 | Starting with OpenVPN 2.0-beta17, compiled plugin modules are 5 | supported on any *nix OS which includes libdl or on Windows. 6 | One or more modules may be loaded into OpenVPN using 7 | the --plugin directive, and each plugin module is capable of 8 | intercepting any of the script callbacks which OpenVPN supports: 9 | 10 | (1) up 11 | (2) down 12 | (3) route-up 13 | (4) ipchange 14 | (5) tls-verify 15 | (6) auth-user-pass-verify 16 | (7) client-connect 17 | (8) client-disconnect 18 | (9) learn-address 19 | 20 | See the openvpn-plugin.h file in the top-level directory of the 21 | OpenVPN source distribution for more detailed information 22 | on the plugin interface. 23 | 24 | Included Plugins 25 | ---------------- 26 | 27 | auth-pam -- Authenticate using PAM and a split privilege 28 | execution model which functions even if 29 | root privileges or the execution environment 30 | have been altered with --user/--group/--chroot. 31 | Tested on Linux only. 32 | 33 | down-root -- Enable the running of down scripts with root privileges 34 | even if --user/--group/--chroot have been used 35 | to drop root privileges or change the execution 36 | environment. Not applicable on Windows. 37 | 38 | examples -- A simple example that demonstrates a portable 39 | plugin, i.e. one which can be built for *nix 40 | or Windows from the same source. 41 | 42 | Building Plugins 43 | ---------------- 44 | 45 | cd to the top-level directory of a plugin, and use the 46 | "make" command to build it. The examples plugin is 47 | built using a build script, not a makefile. 48 | -------------------------------------------------------------------------------- /doc/doxygen/doc_external_multiplexer.h: -------------------------------------------------------------------------------- 1 | /* 2 | * OpenVPN -- An application to securely tunnel IP networks 3 | * over a single TCP/UDP port, with support for SSL/TLS-based 4 | * session authentication and key exchange, 5 | * packet encryption, packet authentication, and 6 | * packet compression. 7 | * 8 | * Copyright (C) 2010-2018 Fox Crypto B.V. 9 | * 10 | * 11 | * This program is free software; you can redistribute it and/or modify 12 | * it under the terms of the GNU General Public License version 2 13 | * as published by the Free Software Foundation. 14 | * 15 | * This program is distributed in the hope that it will be useful, 16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18 | * GNU General Public License for more details. 19 | * 20 | * You should have received a copy of the GNU General Public License along 21 | * with this program; if not, write to the Free Software Foundation, Inc., 22 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 23 | */ 24 | 25 | /** 26 | * @file 27 | * External Multiplexer module documentation file. 28 | */ 29 | 30 | /** 31 | * @addtogroup external_multiplexer External Multiplexer module 32 | * 33 | * The External Multiplexer is the link between the external network 34 | * interface and the other OpenVPN modules. It reads packets from the 35 | * external network interface, determines which remote OpenVPN peer and 36 | * VPN tunnel they are associated with, and whether they are data channel 37 | * or control channel packets. It then passes the packets on to the 38 | * appropriate processing module. 39 | * 40 | * This module also handles packets traveling in the reverse direction, 41 | * which have been generated by the local control channel or which have 42 | * already been processed by the \link data_control Data Channel Control 43 | * module\endlink and are destined for a remote host reachable through a 44 | * VPN tunnel. 45 | */ 46 | -------------------------------------------------------------------------------- /doc/doxygen/doc_internal_multiplexer.h: -------------------------------------------------------------------------------- 1 | /* 2 | * OpenVPN -- An application to securely tunnel IP networks 3 | * over a single TCP/UDP port, with support for SSL/TLS-based 4 | * session authentication and key exchange, 5 | * packet encryption, packet authentication, and 6 | * packet compression. 7 | * 8 | * Copyright (C) 2010-2018 Fox Crypto B.V. 9 | * 10 | * 11 | * This program is free software; you can redistribute it and/or modify 12 | * it under the terms of the GNU General Public License version 2 13 | * as published by the Free Software Foundation. 14 | * 15 | * This program is distributed in the hope that it will be useful, 16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18 | * GNU General Public License for more details. 19 | * 20 | * You should have received a copy of the GNU General Public License along 21 | * with this program; if not, write to the Free Software Foundation, Inc., 22 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 23 | */ 24 | 25 | /** 26 | * @file 27 | * Internal Multiplexer module documentation file. 28 | */ 29 | 30 | /** 31 | * @addtogroup internal_multiplexer Internal Multiplexer module 32 | * 33 | * The Internal Multiplexer is the link between the virtual tun/tap 34 | * network interface and the \link data_control Data Channel Control 35 | * module\endlink. It reads packets from the virtual network interface, 36 | * determines for which remote OpenVPN peer they are destined, and then 37 | * passes the packets on to the Data Channel Control module together with 38 | * information about their destination VPN tunnel instance. 39 | * 40 | * This module also handles packets traveling in the reverse direction, 41 | * which have already been processed by the Data Channel Control module 42 | * and are destined for a locally reachable host. 43 | */ 44 | -------------------------------------------------------------------------------- /doc/doxygen/doc_reliable.h: -------------------------------------------------------------------------------- 1 | /* 2 | * OpenVPN -- An application to securely tunnel IP networks 3 | * over a single TCP/UDP port, with support for SSL/TLS-based 4 | * session authentication and key exchange, 5 | * packet encryption, packet authentication, and 6 | * packet compression. 7 | * 8 | * Copyright (C) 2010-2018 Fox Crypto B.V. 9 | * 10 | * 11 | * This program is free software; you can redistribute it and/or modify 12 | * it under the terms of the GNU General Public License version 2 13 | * as published by the Free Software Foundation. 14 | * 15 | * This program is distributed in the hope that it will be useful, 16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18 | * GNU General Public License for more details. 19 | * 20 | * You should have received a copy of the GNU General Public License along 21 | * with this program; if not, write to the Free Software Foundation, Inc., 22 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 23 | */ 24 | 25 | /** 26 | * @file 27 | * Reliability Layer module documentation file. 28 | */ 29 | 30 | /** 31 | * @defgroup reliable Reliability Layer module 32 | * 33 | * The Reliability Layer is part of OpenVPN's control channel. It 34 | * provides a reliable and sequential transport mechanism for control 35 | * channel messages between OpenVPN peers. This module forms the 36 | * interface between the \link external_multiplexer External 37 | * Multiplexer\endlink and the \link control_tls Control Channel TLS 38 | * module\endlink. 39 | * 40 | * @par UDP or TCP as VPN tunnel transport 41 | * 42 | * This is especially important when OpenVPN is configured to communicate 43 | * over UDP, because UDP does not offer a reliable and sequential 44 | * transport. OpenVPN endpoints can also communicate over TCP which does 45 | * provide a reliable and sequential transport. In both cases, using UDP 46 | * or TCP as an external transport, the internal Reliability Layer is 47 | * active. 48 | */ 49 | -------------------------------------------------------------------------------- /include/Makefile.am: -------------------------------------------------------------------------------- 1 | # 2 | # OpenVPN -- An application to securely tunnel IP networks 3 | # over a single UDP port, with support for SSL/TLS-based 4 | # session authentication and key exchange, 5 | # packet encryption, packet authentication, and 6 | # packet compression. 7 | # 8 | # Copyright (C) 2002-2018 OpenVPN Inc 9 | # Copyright (C) 2006-2012 Alon Bar-Lev 10 | # 11 | 12 | MAINTAINERCLEANFILES = \ 13 | $(srcdir)/Makefile.in \ 14 | $(srcdir)/openvpn-plugin.h.in 15 | 16 | include_HEADERS = \ 17 | openvpn-plugin.h \ 18 | openvpn-msg.h 19 | -------------------------------------------------------------------------------- /m4/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/openvpn/61f1d034e64e2f8d5e5d04173edb7e1e62c3fae9/m4/.keep -------------------------------------------------------------------------------- /m4/ax_emptyarray.m4: -------------------------------------------------------------------------------- 1 | dnl @synopsis AX_EMPTY_ARRAY 2 | dnl 3 | dnl Define EMPTY_ARRAY_SIZE to be either "0" 4 | dnl or "" depending on which syntax the compiler 5 | dnl prefers for empty arrays in structs. 6 | dnl 7 | dnl @version 8 | dnl @author James Yonan 9 | AC_DEFUN([AX_EMPTY_ARRAY], [ 10 | AS_VAR_PUSHDEF([VAR],[ax_cv_c_empty_array])dnl 11 | AC_CACHE_CHECK( 12 | [for C compiler empty array size], 13 | [VAR], 14 | [AC_COMPILE_IFELSE( 15 | [AC_LANG_PROGRAM( 16 | , 17 | [[ 18 | struct { int foo; int bar[0]; } mystruct; 19 | ]] 20 | )], 21 | [VAR=0], 22 | [AC_COMPILE_IFELSE( 23 | [AC_LANG_PROGRAM( 24 | , 25 | [[ 26 | struct { int foo; int bar[]; } mystruct; 27 | ]] 28 | )], 29 | [VAR=], 30 | [AC_MSG_ERROR([C compiler is unable to creaty empty arrays])] 31 | )] 32 | )] 33 | )dnl 34 | AC_DEFINE_UNQUOTED( 35 | [EMPTY_ARRAY_SIZE], 36 | [$VAR], 37 | [Dimension to use for empty array declaration] 38 | )dnl 39 | AS_VAR_POPDEF([VAR])dnl 40 | ]) 41 | -------------------------------------------------------------------------------- /m4/ax_socklen_t.m4: -------------------------------------------------------------------------------- 1 | dnl -- The following is base of curl's acinclude.m4 -- 2 | dnl Check for socklen_t: historically on BSD it is an int, and in 3 | dnl POSIX 1g it is a type of its own, but some platforms use different 4 | dnl types for the argument to getsockopt, getpeername, etc. So we 5 | dnl have to test to find something that will work. 6 | AC_DEFUN([AX_TYPE_SOCKLEN_T], [ 7 | AC_CHECK_TYPE( 8 | [socklen_t], 9 | , 10 | [ 11 | AS_VAR_PUSHDEF([VAR],[ax_cv_socklen_t_equiv])dnl 12 | AC_CACHE_CHECK( 13 | [for socklen_t equivalent], 14 | [VAR], 15 | [ 16 | #AS_CASE is not supported on 28 | #include 29 | int getpeername (int, $arg2 *, $t *); 30 | ]], 31 | [[ 32 | $t len; 33 | getpeername(0,0,&len); 34 | ]] 35 | )], 36 | [VAR="$t"; break] 37 | ) 38 | done 39 | test -n "$VAR" && break 40 | done 41 | ;; 42 | esac 43 | ] 44 | AS_VAR_IF( 45 | [VAR], 46 | [], 47 | [AC_MSG_ERROR([Cannot find a type to use in place of socklen_t])], 48 | [AC_DEFINE_UNQUOTED( 49 | [socklen_t], 50 | [$VAR], 51 | [type to use in place of socklen_t if not defined] 52 | )] 53 | ) 54 | ) 55 | ], 56 | [[ 57 | #include 58 | #ifdef _WIN32 59 | #include 60 | #else 61 | #include 62 | #endif 63 | ]] 64 | ) 65 | ]) 66 | -------------------------------------------------------------------------------- /m4/ax_varargs.m4: -------------------------------------------------------------------------------- 1 | dnl @synopsis AX_CPP_VARARG_MACRO_GCC 2 | dnl 3 | dnl Test if the preprocessor understands GNU GCC-style vararg macros. 4 | dnl If it does, defines HAVE_CPP_VARARG_MACRO_GCC to 1. 5 | dnl 6 | dnl @version 7 | dnl @author James Yonan , Matthias Andree 8 | AC_DEFUN([AX_CPP_VARARG_MACRO_GCC], [dnl 9 | AS_VAR_PUSHDEF([VAR], [ax_cv_cpp_vararg_macro_gcc])dnl 10 | AC_CACHE_CHECK( 11 | [for GNU GCC vararg macro support], 12 | [VAR], 13 | [AC_COMPILE_IFELSE( 14 | [AC_LANG_PROGRAM( 15 | [[ 16 | #define macro(a, b...) func(a, b) 17 | int func(int a, int b, int c); 18 | ]], 19 | [[ 20 | int i = macro(1, 2, 3); 21 | ]] 22 | )], 23 | [VAR=yes], 24 | [VAR=no] 25 | )] 26 | )dnl 27 | 28 | AS_VAR_IF( 29 | [VAR], 30 | [yes], 31 | [AC_DEFINE( 32 | [HAVE_CPP_VARARG_MACRO_GCC], 33 | [1], 34 | [Define to 1 if your compiler supports GNU GCC-style variadic macros] 35 | )] 36 | )dnl 37 | AS_VAR_POPDEF([VAR])dnl 38 | ]) 39 | 40 | dnl @synopsis AX_CPP_VARARG_MACRO_ISO 41 | dnl 42 | dnl Test if the preprocessor understands ISO C 1999 vararg macros. 43 | dnl If it does, defines HAVE_CPP_VARARG_MACRO_ISO to 1. 44 | dnl 45 | dnl @version 46 | dnl @author James Yonan , Matthias Andree 47 | AC_DEFUN([AX_CPP_VARARG_MACRO_ISO], [dnl 48 | AS_VAR_PUSHDEF([VAR],[ax_cv_cpp_vararg_macro_iso])dnl 49 | AC_CACHE_CHECK( 50 | [for ISO C 1999 vararg macro support], 51 | [VAR], 52 | [AC_COMPILE_IFELSE( 53 | [AC_LANG_PROGRAM( 54 | [[ 55 | #define macro(a, ...) func(a, __VA_ARGS__) 56 | int func(int a, int b, int c); 57 | ]], 58 | [[ 59 | int i = macro(1, 2, 3); 60 | ]] 61 | )], 62 | [VAR=yes], 63 | [VAR=no] 64 | )] 65 | )dnl 66 | 67 | AS_VAR_IF( 68 | [VAR], 69 | [yes], 70 | [AC_DEFINE( 71 | [HAVE_CPP_VARARG_MACRO_ISO], 72 | [1], 73 | [Define to 1 if your compiler supports ISO C99 variadic macros] 74 | )] 75 | )dnl 76 | AS_VAR_POPDEF([VAR])dnl 77 | ]) 78 | -------------------------------------------------------------------------------- /msvc-build.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | rem Copyright (C) 2008-2012 Alon Bar-Lev 3 | 4 | @rem this stupid command needed for SetEnv.cmd to operate 5 | setlocal ENABLEDELAYEDEXPANSION 6 | 7 | cd /d %0\.. 8 | call msvc-env.bat 9 | 10 | set PLATFORMS=Win32 11 | set CONFIGURATIONS=Release 12 | 13 | if exist "%VCHOME%\vcvarsall.bat" ( 14 | call "%VCHOME%\vcvarsall.bat" 15 | ) else if exist "%VCHOME%\bin\vcvars32.bat" ( 16 | call "%VCHOME%\bin\vcvars32.bat" 17 | ) else ( 18 | echo Cannot detect visual studio 19 | goto error 20 | ) 21 | 22 | msbuild /help > nul 2>&1 23 | if errorlevel 1 set DO_VCBUILD=1 24 | 25 | for %%p in (%PLATFORMS%) do ( 26 | for %%c in (%CONFIGURATIONS%) do ( 27 | rmdir /q /s %SOURCEBASE%\%%p\%%c > nul 2>&1 28 | 29 | if "%DO_VCBUILD%" NEQ "" ( 30 | vcbuild /errfile:error.log /showenv "%SOLUTION%" /rebuild /platform:%%p "%%c|%%p" 31 | for %%f in (error.log) do if %%~zf GTR 0 goto error 32 | ) else ( 33 | msbuild "%SOLUTION%" /p:Configuration="%%c" /p:Platform="%%p" 34 | if errorlevel 1 goto error 35 | ) 36 | ) 37 | ) 38 | 39 | exit /b 0 40 | goto end 41 | 42 | :error 43 | exit /b 1 44 | goto end 45 | 46 | :end 47 | 48 | endlocal 49 | -------------------------------------------------------------------------------- /msvc-dev.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | 3 | setlocal 4 | cd /d %0\.. 5 | call msvc-env.bat 6 | 7 | if exist "%VSHOME%\Common7\IDE\VCExpress.exe" ( 8 | set IDE=%VSHOME%\Common7\IDE\VCExpress.exe 9 | ) else if exist "%VSHOME%\Common7\IDE\devenv.exe" ( 10 | set IDE=%VSHOME%\Common7\IDE\devenv.exe 11 | ) else ( 12 | echo "Cannot detect visual studio environment" 13 | goto error 14 | ) 15 | start "" "%IDE%" "%SOLUTION%" 16 | 17 | exit /b 0 18 | goto end 19 | 20 | :error 21 | exit /b 1 22 | goto end 23 | 24 | :end 25 | 26 | endlocal 27 | -------------------------------------------------------------------------------- /msvc-env.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | 3 | rem Put your own settings at msvc-env-local.bat 4 | if exist msvc-env-local.bat call msvc-env-local.bat 5 | 6 | if "%ProgramFiles(x86)%"=="" set ProgramFiles(x86)=%ProgramFiles% 7 | if "%VSCOMNTOOLS%"=="" SET VSCOMNTOOLS=%ProgramFiles(x86)%\Microsoft Visual Studio 10.0\Common7\Tools 8 | if "%VSCOMNTOOLS%"=="" SET VSCOMNTOOLS=%ProgramFiles(x86)%\Microsoft Visual Studio 9.0\Common7\Tools 9 | if "%VSHOME%"=="" SET VSHOME=%VSCOMNTOOLS%\..\.. 10 | if "%VCHOME%"=="" SET VCHOME=%VSHOME%\VC 11 | 12 | set SOURCEBASE=%cd% 13 | set SOLUTION=openvpn.sln 14 | set CPPFLAGS=%CPPFLAGS%;_CRT_SECURE_NO_WARNINGS;WIN32_LEAN_AND_MEAN;_CRT_NONSTDC_NO_WARNINGS;_CRT_SECURE_NO_WARNINGS 15 | set CPPFLAGS=%CPPFLAGS%;NTDDI_VERSION=NTDDI_VISTA;_WIN32_WINNT=_WIN32_WINNT_VISTA 16 | set CPPFLAGS=%CPPFLAGS%;_USE_32BIT_TIME_T 17 | set CPPFLAGS=%CPPFLAGS%;%EXTRA_CPPFLAGS% 18 | 19 | if exist config-msvc-local.h set CPPFLAGS="%CPPFLAGS%;HAVE_CONFIG_MSVC_LOCAL_H" 20 | 21 | if "%OPENVPN_DEPROOT%" == "" set OPENVPN_DEPROOT=c:\Temp\openvpn-deps 22 | if "%OPENSSL_HOME%" == "" set OPENSSL_HOME=%OPENVPN_DEPROOT% 23 | if "%LZO_HOME%" == "" set LZO_HOME=%OPENVPN_DEPROOT% 24 | if "%PKCS11H_HOME%" == "" set PKCS11H_HOME=%OPENVPN_DEPROOT% 25 | if "%TAP_WINDOWS_HOME%" == "" set TAP_WINDOWS_HOME=%OPENVPN_DEPROOT% 26 | 27 | if not exist "%OPENSSL_HOME%" echo WARNING: openssl '%OPENSSL_HOME%' does not exist 28 | if not exist "%LZO_HOME%" echo WARNING: lzo '%LZO_HOME%' does not exist 29 | if not exist "%PKCS11H_HOME%" echo WARNING: pkcs11-helper '%PKCS11H_HOME%' does not exist 30 | if not exist "%TAP_WINDOWS_HOME%" echo WARNING: tap-windows '%TAP_WINDOWS_HOME%' does not exist 31 | -------------------------------------------------------------------------------- /openvpn.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 11.00 3 | # Visual C++ Express 2010 4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "openvpnserv", "src\openvpnserv\openvpnserv.vcxproj", "{9C91EE0B-817D-420A-A1E6-15A5A9D98BAD}" 5 | EndProject 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "openvpn", "src\openvpn\openvpn.vcxproj", "{29DF226E-4D4E-440F-ADAF-5829CFD4CA94}" 7 | EndProject 8 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "msvc-generate", "build\msvc\msvc-generate\msvc-generate.vcxproj", "{8598C2C8-34C4-47A1-99B0-7C295A890615}" 9 | EndProject 10 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "compat", "src\compat\compat.vcxproj", "{4B2E2719-E661-45D7-9203-F6F456B22F19}" 11 | EndProject 12 | Global 13 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 14 | Debug|Win32 = Debug|Win32 15 | Release|Win32 = Release|Win32 16 | EndGlobalSection 17 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 18 | {9C91EE0B-817D-420A-A1E6-15A5A9D98BAD}.Debug|Win32.ActiveCfg = Debug|Win32 19 | {9C91EE0B-817D-420A-A1E6-15A5A9D98BAD}.Debug|Win32.Build.0 = Debug|Win32 20 | {9C91EE0B-817D-420A-A1E6-15A5A9D98BAD}.Release|Win32.ActiveCfg = Release|Win32 21 | {9C91EE0B-817D-420A-A1E6-15A5A9D98BAD}.Release|Win32.Build.0 = Release|Win32 22 | {29DF226E-4D4E-440F-ADAF-5829CFD4CA94}.Debug|Win32.ActiveCfg = Debug|Win32 23 | {29DF226E-4D4E-440F-ADAF-5829CFD4CA94}.Debug|Win32.Build.0 = Debug|Win32 24 | {29DF226E-4D4E-440F-ADAF-5829CFD4CA94}.Release|Win32.ActiveCfg = Release|Win32 25 | {29DF226E-4D4E-440F-ADAF-5829CFD4CA94}.Release|Win32.Build.0 = Release|Win32 26 | {8598C2C8-34C4-47A1-99B0-7C295A890615}.Debug|Win32.ActiveCfg = Debug|Win32 27 | {8598C2C8-34C4-47A1-99B0-7C295A890615}.Debug|Win32.Build.0 = Debug|Win32 28 | {8598C2C8-34C4-47A1-99B0-7C295A890615}.Release|Win32.ActiveCfg = Release|Win32 29 | {8598C2C8-34C4-47A1-99B0-7C295A890615}.Release|Win32.Build.0 = Release|Win32 30 | {4B2E2719-E661-45D7-9203-F6F456B22F19}.Debug|Win32.ActiveCfg = Debug|Win32 31 | {4B2E2719-E661-45D7-9203-F6F456B22F19}.Debug|Win32.Build.0 = Debug|Win32 32 | {4B2E2719-E661-45D7-9203-F6F456B22F19}.Release|Win32.ActiveCfg = Release|Win32 33 | {4B2E2719-E661-45D7-9203-F6F456B22F19}.Release|Win32.Build.0 = Release|Win32 34 | EndGlobalSection 35 | GlobalSection(SolutionProperties) = preSolution 36 | HideSolutionNode = FALSE 37 | EndGlobalSection 38 | EndGlobal 39 | -------------------------------------------------------------------------------- /sample/Makefile.am: -------------------------------------------------------------------------------- 1 | # 2 | # OpenVPN -- An application to securely tunnel IP networks 3 | # over a single UDP port, with support for SSL/TLS-based 4 | # session authentication and key exchange, 5 | # packet encryption, packet authentication, and 6 | # packet compression. 7 | # 8 | # Copyright (C) 2002-2018 OpenVPN Inc 9 | # Copyright (C) 2006-2012 Alon Bar-Lev 10 | # 11 | 12 | MAINTAINERCLEANFILES = \ 13 | $(srcdir)/Makefile.in 14 | 15 | EXTRA_DIST = \ 16 | sample-plugins \ 17 | sample-config-files \ 18 | sample-windows \ 19 | sample-keys \ 20 | sample-scripts 21 | 22 | if WIN32 23 | sample_DATA = \ 24 | client.ovpn \ 25 | server.ovpn \ 26 | sample-windows/sample.ovpn 27 | 28 | client.ovpn: sample-config-files/client.conf 29 | -rm -f client.ovpn 30 | cp "$(srcdir)/sample-config-files/client.conf" client.ovpn 31 | server.ovpn: sample-config-files/server.conf 32 | -rm -f server.ovpn 33 | cp "$(srcdir)/sample-config-files/server.conf" server.ovpn 34 | endif 35 | -------------------------------------------------------------------------------- /sample/sample-config-files/README: -------------------------------------------------------------------------------- 1 | Sample OpenVPN Configuration Files. 2 | 3 | These files are part of the OpenVPN HOWTO 4 | which is located at: 5 | 6 | http://openvpn.net/howto.html 7 | -------------------------------------------------------------------------------- /sample/sample-config-files/home.up: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | route add -net 10.0.0.0 netmask 255.255.255.0 gw $5 3 | -------------------------------------------------------------------------------- /sample/sample-config-files/loopback-client: -------------------------------------------------------------------------------- 1 | # Perform a TLS loopback test -- client side. 2 | # 3 | # This test performs a TLS negotiation once every 10 seconds, 4 | # and will terminate after 2 minutes. 5 | # 6 | # From the root directory of the OpenVPN distribution, 7 | # after openvpn has been built, run: 8 | # 9 | # ./openvpn --config sample-config-files/loopback-client (In one window) 10 | # ./openvpn --config sample-config-files/loopback-server (Simultaneously in another window) 11 | 12 | rport 16000 13 | lport 16001 14 | remote localhost 15 | local localhost 16 | dev null 17 | verb 3 18 | reneg-sec 10 19 | tls-client 20 | remote-cert-tls server 21 | ca sample-keys/ca.crt 22 | key sample-keys/client.key 23 | cert sample-keys/client.crt 24 | tls-auth sample-keys/ta.key 1 25 | ping 1 26 | inactive 120 10000000 27 | -------------------------------------------------------------------------------- /sample/sample-config-files/loopback-server: -------------------------------------------------------------------------------- 1 | # Perform a TLS loopback test -- server side. 2 | # 3 | # This test performs a TLS negotiation once every 10 seconds, 4 | # and will terminate after 2 minutes. 5 | # 6 | # From the root directory of the OpenVPN distribution, 7 | # after openvpn has been built, run: 8 | # 9 | # ./openvpn --config sample-config-files/loopback-client (In one window) 10 | # ./openvpn --config sample-config-files/loopback-server (Simultaneously in another window) 11 | 12 | rport 16001 13 | lport 16000 14 | remote localhost 15 | local localhost 16 | dev null 17 | verb 3 18 | reneg-sec 10 19 | tls-server 20 | dh sample-keys/dh2048.pem 21 | ca sample-keys/ca.crt 22 | key sample-keys/server.key 23 | cert sample-keys/server.crt 24 | tls-auth sample-keys/ta.key 0 25 | ping 1 26 | inactive 120 10000000 27 | -------------------------------------------------------------------------------- /sample/sample-config-files/office.up: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | route add -net 10.0.1.0 netmask 255.255.255.0 gw $5 3 | -------------------------------------------------------------------------------- /sample/sample-config-files/openvpn-shutdown.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # stop all openvpn processes 4 | 5 | killall -TERM openvpn 6 | -------------------------------------------------------------------------------- /sample/sample-config-files/openvpn-startup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # A sample OpenVPN startup script 4 | # for Linux. 5 | 6 | # openvpn config file directory 7 | dir=/etc/openvpn 8 | 9 | # load the firewall 10 | $dir/firewall.sh 11 | 12 | # load TUN/TAP kernel module 13 | modprobe tun 14 | 15 | # enable IP forwarding 16 | echo 1 > /proc/sys/net/ipv4/ip_forward 17 | 18 | # Invoke openvpn for each VPN tunnel 19 | # in daemon mode. Alternatively, 20 | # you could remove "--daemon" from 21 | # the command line and add "daemon" 22 | # to the config file. 23 | # 24 | # Each tunnel should run on a separate 25 | # UDP port. Use the "port" option 26 | # to control this. Like all of 27 | # OpenVPN's options, you can 28 | # specify "--port 8000" on the command 29 | # line or "port 8000" in the config 30 | # file. 31 | 32 | openvpn --cd $dir --daemon --config vpn1.conf 33 | openvpn --cd $dir --daemon --config vpn2.conf 34 | openvpn --cd $dir --daemon --config vpn2.conf 35 | -------------------------------------------------------------------------------- /sample/sample-config-files/static-home.conf: -------------------------------------------------------------------------------- 1 | # 2 | # Sample OpenVPN configuration file for 3 | # home using a pre-shared static key. 4 | # 5 | # '#' or ';' may be used to delimit comments. 6 | 7 | # Use a dynamic tun device. 8 | # For Linux 2.2 or non-Linux OSes, 9 | # you may want to use an explicit 10 | # unit number such as "tun1". 11 | # OpenVPN also supports virtual 12 | # ethernet "tap" devices. 13 | dev tun 14 | 15 | # Our OpenVPN peer is the office gateway. 16 | remote 1.2.3.4 17 | 18 | # 10.1.0.2 is our local VPN endpoint (home). 19 | # 10.1.0.1 is our remote VPN endpoint (office). 20 | ifconfig 10.1.0.2 10.1.0.1 21 | 22 | # Our up script will establish routes 23 | # once the VPN is alive. 24 | up ./home.up 25 | 26 | # Our pre-shared static key 27 | secret static.key 28 | 29 | # Cipher to use 30 | cipher AES-256-CBC 31 | 32 | # OpenVPN 2.0 uses UDP port 1194 by default 33 | # (official port assignment by iana.org 11/04). 34 | # OpenVPN 1.x uses UDP port 5000 by default. 35 | # Each OpenVPN tunnel must use 36 | # a different port number. 37 | # lport or rport can be used 38 | # to denote different ports 39 | # for local and remote. 40 | ; port 1194 41 | 42 | # Downgrade UID and GID to 43 | # "nobody" after initialization 44 | # for extra security. 45 | ; user nobody 46 | ; group nobody 47 | 48 | # If you built OpenVPN with 49 | # LZO compression, uncomment 50 | # out the following line. 51 | ; comp-lzo 52 | 53 | # Send a UDP ping to remote once 54 | # every 15 seconds to keep 55 | # stateful firewall connection 56 | # alive. Uncomment this 57 | # out if you are using a stateful 58 | # firewall. 59 | ; ping 15 60 | 61 | # Uncomment this section for a more reliable detection when a system 62 | # loses its connection. For example, dial-ups or laptops that 63 | # travel to other locations. 64 | ; ping 15 65 | ; ping-restart 45 66 | ; ping-timer-rem 67 | ; persist-tun 68 | ; persist-key 69 | 70 | # Verbosity level. 71 | # 0 -- quiet except for fatal errors. 72 | # 1 -- mostly quiet, but display non-fatal network errors. 73 | # 3 -- medium output, good for normal operation. 74 | # 9 -- verbose, good for troubleshooting 75 | verb 3 76 | -------------------------------------------------------------------------------- /sample/sample-config-files/static-office.conf: -------------------------------------------------------------------------------- 1 | # 2 | # Sample OpenVPN configuration file for 3 | # office using a pre-shared static key. 4 | # 5 | # '#' or ';' may be used to delimit comments. 6 | 7 | # Use a dynamic tun device. 8 | # For Linux 2.2 or non-Linux OSes, 9 | # you may want to use an explicit 10 | # unit number such as "tun1". 11 | # OpenVPN also supports virtual 12 | # ethernet "tap" devices. 13 | dev tun 14 | 15 | # 10.1.0.1 is our local VPN endpoint (office). 16 | # 10.1.0.2 is our remote VPN endpoint (home). 17 | ifconfig 10.1.0.1 10.1.0.2 18 | 19 | # Our up script will establish routes 20 | # once the VPN is alive. 21 | up ./office.up 22 | 23 | # Our pre-shared static key 24 | secret static.key 25 | 26 | # Cipher to use 27 | cipher AES-256-CBC 28 | 29 | # OpenVPN 2.0 uses UDP port 1194 by default 30 | # (official port assignment by iana.org 11/04). 31 | # OpenVPN 1.x uses UDP port 5000 by default. 32 | # Each OpenVPN tunnel must use 33 | # a different port number. 34 | # lport or rport can be used 35 | # to denote different ports 36 | # for local and remote. 37 | ; port 1194 38 | 39 | # Downgrade UID and GID to 40 | # "nobody" after initialization 41 | # for extra security. 42 | ; user nobody 43 | ; group nobody 44 | 45 | # If you built OpenVPN with 46 | # LZO compression, uncomment 47 | # out the following line. 48 | ; comp-lzo 49 | 50 | # Send a UDP ping to remote once 51 | # every 15 seconds to keep 52 | # stateful firewall connection 53 | # alive. Uncomment this 54 | # out if you are using a stateful 55 | # firewall. 56 | ; ping 15 57 | 58 | # Uncomment this section for a more reliable detection when a system 59 | # loses its connection. For example, dial-ups or laptops that 60 | # travel to other locations. 61 | ; ping 15 62 | ; ping-restart 45 63 | ; ping-timer-rem 64 | ; persist-tun 65 | ; persist-key 66 | 67 | # Verbosity level. 68 | # 0 -- quiet except for fatal errors. 69 | # 1 -- mostly quiet, but display non-fatal network errors. 70 | # 3 -- medium output, good for normal operation. 71 | # 9 -- verbose, good for troubleshooting 72 | verb 3 73 | -------------------------------------------------------------------------------- /sample/sample-config-files/tls-home.conf: -------------------------------------------------------------------------------- 1 | # 2 | # Sample OpenVPN configuration file for 3 | # home using SSL/TLS mode and RSA certificates/keys. 4 | # 5 | # '#' or ';' may be used to delimit comments. 6 | 7 | # Use a dynamic tun device. 8 | # For Linux 2.2 or non-Linux OSes, 9 | # you may want to use an explicit 10 | # unit number such as "tun1". 11 | # OpenVPN also supports virtual 12 | # ethernet "tap" devices. 13 | dev tun 14 | 15 | # Our OpenVPN peer is the office gateway. 16 | remote 1.2.3.4 17 | 18 | # 10.1.0.2 is our local VPN endpoint (home). 19 | # 10.1.0.1 is our remote VPN endpoint (office). 20 | ifconfig 10.1.0.2 10.1.0.1 21 | 22 | # Our up script will establish routes 23 | # once the VPN is alive. 24 | up ./home.up 25 | 26 | # In SSL/TLS key exchange, Office will 27 | # assume server role and Home 28 | # will assume client role. 29 | tls-client 30 | 31 | # Certificate Authority file 32 | ca my-ca.crt 33 | 34 | # Our certificate/public key 35 | cert home.crt 36 | 37 | # Our private key 38 | key home.key 39 | 40 | # OpenVPN 2.0 uses UDP port 1194 by default 41 | # (official port assignment by iana.org 11/04). 42 | # OpenVPN 1.x uses UDP port 5000 by default. 43 | # Each OpenVPN tunnel must use 44 | # a different port number. 45 | # lport or rport can be used 46 | # to denote different ports 47 | # for local and remote. 48 | ; port 1194 49 | 50 | # Downgrade UID and GID to 51 | # "nobody" after initialization 52 | # for extra security. 53 | ; user nobody 54 | ; group nobody 55 | 56 | # If you built OpenVPN with 57 | # LZO compression, uncomment 58 | # out the following line. 59 | ; comp-lzo 60 | 61 | # Send a UDP ping to remote once 62 | # every 15 seconds to keep 63 | # stateful firewall connection 64 | # alive. Uncomment this 65 | # out if you are using a stateful 66 | # firewall. 67 | ; ping 15 68 | 69 | # Uncomment this section for a more reliable detection when a system 70 | # loses its connection. For example, dial-ups or laptops that 71 | # travel to other locations. 72 | ; ping 15 73 | ; ping-restart 45 74 | ; ping-timer-rem 75 | ; persist-tun 76 | ; persist-key 77 | 78 | # Verbosity level. 79 | # 0 -- quiet except for fatal errors. 80 | # 1 -- mostly quiet, but display non-fatal network errors. 81 | # 3 -- medium output, good for normal operation. 82 | # 9 -- verbose, good for troubleshooting 83 | verb 3 84 | -------------------------------------------------------------------------------- /sample/sample-config-files/tls-office.conf: -------------------------------------------------------------------------------- 1 | # 2 | # Sample OpenVPN configuration file for 3 | # office using SSL/TLS mode and RSA certificates/keys. 4 | # 5 | # '#' or ';' may be used to delimit comments. 6 | 7 | # Use a dynamic tun device. 8 | # For Linux 2.2 or non-Linux OSes, 9 | # you may want to use an explicit 10 | # unit number such as "tun1". 11 | # OpenVPN also supports virtual 12 | # ethernet "tap" devices. 13 | dev tun 14 | 15 | # 10.1.0.1 is our local VPN endpoint (office). 16 | # 10.1.0.2 is our remote VPN endpoint (home). 17 | ifconfig 10.1.0.1 10.1.0.2 18 | 19 | # Our up script will establish routes 20 | # once the VPN is alive. 21 | up ./office.up 22 | 23 | # In SSL/TLS key exchange, Office will 24 | # assume server role and Home 25 | # will assume client role. 26 | tls-server 27 | 28 | # Diffie-Hellman Parameters (tls-server only) 29 | dh dh2048.pem 30 | 31 | # Certificate Authority file 32 | ca my-ca.crt 33 | 34 | # Our certificate/public key 35 | cert office.crt 36 | 37 | # Our private key 38 | key office.key 39 | 40 | # OpenVPN 2.0 uses UDP port 1194 by default 41 | # (official port assignment by iana.org 11/04). 42 | # OpenVPN 1.x uses UDP port 5000 by default. 43 | # Each OpenVPN tunnel must use 44 | # a different port number. 45 | # lport or rport can be used 46 | # to denote different ports 47 | # for local and remote. 48 | ; port 1194 49 | 50 | # Downgrade UID and GID to 51 | # "nobody" after initialization 52 | # for extra security. 53 | ; user nobody 54 | ; group nobody 55 | 56 | # If you built OpenVPN with 57 | # LZO compression, uncomment 58 | # out the following line. 59 | ; comp-lzo 60 | 61 | # Send a UDP ping to remote once 62 | # every 15 seconds to keep 63 | # stateful firewall connection 64 | # alive. Uncomment this 65 | # out if you are using a stateful 66 | # firewall. 67 | ; ping 15 68 | 69 | # Uncomment this section for a more reliable detection when a system 70 | # loses its connection. For example, dial-ups or laptops that 71 | # travel to other locations. 72 | ; ping 15 73 | ; ping-restart 45 74 | ; ping-timer-rem 75 | ; persist-tun 76 | ; persist-key 77 | 78 | # Verbosity level. 79 | # 0 -- quiet except for fatal errors. 80 | # 1 -- mostly quiet, but display non-fatal network errors. 81 | # 3 -- medium output, good for normal operation. 82 | # 9 -- verbose, good for troubleshooting 83 | verb 3 84 | -------------------------------------------------------------------------------- /sample/sample-config-files/xinetd-client-config: -------------------------------------------------------------------------------- 1 | # This OpenVPN config file 2 | # is the client side counterpart 3 | # of xinetd-server-config 4 | 5 | dev tun 6 | ifconfig 10.4.0.1 10.4.0.2 7 | remote my-server 8 | port 1194 9 | user nobody 10 | secret /root/openvpn/key 11 | inactive 600 12 | -------------------------------------------------------------------------------- /sample/sample-config-files/xinetd-server-config: -------------------------------------------------------------------------------- 1 | # An xinetd configuration file for OpenVPN. 2 | # 3 | # This file should be renamed to openvpn or something suitably 4 | # descriptive and copied to the /etc/xinetd.d directory. 5 | # xinetd can then be made aware of this file by restarting 6 | # it or sending it a SIGHUP signal. 7 | # 8 | # For each potential incoming client, create a separate version 9 | # of this configuration file on a unique port number. Also note 10 | # that the key file and ifconfig endpoints should be unique for 11 | # each client. This configuration assumes that the OpenVPN 12 | # executable and key live in /root/openvpn. Change this to fit 13 | # your environment. 14 | 15 | service openvpn_1 16 | { 17 | type = UNLISTED 18 | port = 1194 19 | socket_type = dgram 20 | protocol = udp 21 | wait = yes 22 | user = root 23 | server = /root/openvpn/openvpn 24 | server_args = --inetd --dev tun --ifconfig 10.4.0.2 10.4.0.1 --secret /root/openvpn/key --inactive 600 --user nobody 25 | } 26 | -------------------------------------------------------------------------------- /sample/sample-keys/README: -------------------------------------------------------------------------------- 1 | Sample RSA and EC keys. 2 | 3 | Run ./gen-sample-keys.sh to generate fresh test keys. 4 | 5 | See the examples section of the man page for usage examples. 6 | 7 | NOTE: THESE KEYS ARE FOR TESTING PURPOSES ONLY. 8 | DON'T USE THEM FOR ANY REAL WORK BECAUSE 9 | THEY ARE TOTALLY INSECURE! 10 | 11 | ca.{crt,key} -- sample CA key/cert 12 | server.{crt,key} -- sample server key/cert 13 | client.{crt,key} -- sample client key/cert 14 | client-pass.key -- sample client key with password-encrypted key 15 | password = "password" 16 | client.p12 -- sample client pkcs12 bundle 17 | password = "password" 18 | client-ec.{crt,key} -- sample elliptic curve client key/cert 19 | server-ec.{crt,key} -- sample elliptic curve server key/cert 20 | -------------------------------------------------------------------------------- /sample/sample-keys/ca.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIGKDCCBBCgAwIBAgIJAKFO3vqQ8q6BMA0GCSqGSIb3DQEBCwUAMGYxCzAJBgNV 3 | BAYTAktHMQswCQYDVQQIEwJOQTEQMA4GA1UEBxMHQklTSEtFSzEVMBMGA1UEChMM 4 | T3BlblZQTi1URVNUMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4w 5 | HhcNMTQxMDIyMjE1OTUyWhcNMjQxMDE5MjE1OTUyWjBmMQswCQYDVQQGEwJLRzEL 6 | MAkGA1UECBMCTkExEDAOBgNVBAcTB0JJU0hLRUsxFTATBgNVBAoTDE9wZW5WUE4t 7 | VEVTVDEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMIICIjANBgkq 8 | hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAsJVPCqt3vtoDW2U0DII1QIh2Qs0dqh88 9 | 8nivxAIm2LTq93e9fJhsq3P/UVYAYSeCIrekXypR0EQgSgcNTvGBMe20BoHO5yvb 10 | GjKPmjfLj6XRotCOGy8EDl/hLgRY9efiA8wsVfuvF2q/FblyJQPR/gPiDtTmUiqF 11 | qXa7AJmMrqFsnWppOuGd7Qc6aTsae4TF1e/gUTCTraa7NeHowDaKhdyFmEEnCYR5 12 | CeUsx2JlFWAH8PCrxBpHYbmGyvS0kH3+rQkaSM/Pzc2bS4ayHaOYRK5XsGq8XiNG 13 | KTTLnSaCdPeHsI+3xMHmEh+u5Og2DFGgvyD22gde6W2ezvEKCUDrzR7bsnYqqyUy 14 | n7LxnkPXGyvR52T06G8KzLKQRmDlPIXhzKMO07qkHmIonXTdF7YI1azwHpAtN4dS 15 | rUe1bvjiTSoEsQPfOAyvD0RMK/CBfgEZUzAB50e/IlbZ84c0DJfUMOm4xCyft1HF 16 | YpYeyCf5dxoIjweCPOoP426+aTXM7kqq0ieIr6YxnKV6OGGLKEY+VNZh1DS7enqV 17 | HP5i8eimyuUYPoQhbK9xtDGMgghnc6Hn8BldPMcvz98HdTEH4rBfA3yNuCxLSNow 18 | 4jJuLjNXh2QeiUtWtkXja7ec+P7VqKTduJoRaX7cs+8E3ImigiRnvmK+npk7Nt1y 19 | YE9hBRhSoLsCAwEAAaOB2DCB1TAdBgNVHQ4EFgQUK0DlyX319JY46S/jL9lAZMmO 20 | BZswgZgGA1UdIwSBkDCBjYAUK0DlyX319JY46S/jL9lAZMmOBZuhaqRoMGYxCzAJ 21 | BgNVBAYTAktHMQswCQYDVQQIEwJOQTEQMA4GA1UEBxMHQklTSEtFSzEVMBMGA1UE 22 | ChMMT3BlblZQTi1URVNUMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21h 23 | aW6CCQChTt76kPKugTAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG 24 | 9w0BAQsFAAOCAgEABc77f4C4P8fIS+V8qCJmVNSDU44UZBc+D+J6ZTgW8JeOHUIj 25 | Bh++XDg3gwat7pIWQ8AU5R7h+fpBI9n3dadyIsMHGwSogHY9Gw7di2RVtSFajEth 26 | rvrq0JbzpwoYedMh84sJ2qI/DGKW9/Is9+O52fR+3z3dY3gNRDPQ5675BQ5CQW9I 27 | AJgLOqzD8Q0qrXYi7HaEqzNx6p7RDTuhFgvTd+vS5d5+28Z5fm2umnq+GKHF8W5P 28 | ylp2Js119FTVO7brusAMKPe5emc7tC2ov8OFFemQvfHR41PLryap2VD81IOgmt/J 29 | kX/j/y5KGux5HZ3lxXqdJbKcAq4NKYQT0mCkRD4l6szaCEJ+k0SiM9DdTcBDefhR 30 | 9q+pCOyMh7d8QjQ1075mF7T+PGkZQUW1DUjEfrZhICnKgq+iEoUmM0Ee5WtRqcnu 31 | 5BTGQ2mSfc6rV+Vr+eYXqcg7Nxb3vFXYSTod1UhefonVqwdmyJ2sC79zp36Tbo2+ 32 | 65NW2WJK7KzPUyOJU0U9bcu0utvDOvGWmG+aHbymJgcoFzvZmlXqMXn97pSFn4jV 33 | y3SLRgJXOw1QLXL2Y5abcuoBVr4gCOxxk2vBeVxOMRXNqSWZOFIF1bu/PxuDA+Sa 34 | hEi44aHbPXt9opdssz/hdGfd8Wo7vEJrbg7c6zR6C/Akav1Rzy9oohIdgOw= 35 | -----END CERTIFICATE----- 36 | -------------------------------------------------------------------------------- /sample/sample-keys/client-ec.key: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIGEAgEAMBAGByqGSM49AgEGBSuBBAAKBG0wawIBAQQg2RVk/d0yok086M9bLPIi 3 | eu4DfcBUwphOnkje1/7VSY+hRANCAAQ7zmJdb4eCdSTCWPUOiE1XDQaycYiHWBm7 4 | 3l9/UmJRokiRg0iRkD6HAg8VUflolxIK/dI8h4NLZVQARI0odkkF 5 | -----END PRIVATE KEY----- 6 | -------------------------------------------------------------------------------- /sample/sample-keys/client-pass.key: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | Proc-Type: 4,ENCRYPTED 3 | DEK-Info: AES-256-CBC,ECC1F209896FC2621233FFF6F1FFD045 4 | 5 | i6t7VKTyNNELTvrBO464e02nFg9rvYwumxd0sfqcPtaKmRK2mrZmEd/Xh0Nv1WyB 6 | PyuJo78qQixAtxObRbkSNINzTr5C8IDrE6+wQYCJinvO54U0o+ksv0tsyLngz1cb 7 | is8ZqHXrRgJ3qGFQWmFRtFKFQvSXOTDX3fLkEB53HfeblQCxBCnJ82Sp7ivnVR/j 8 | Q8qQRy1RMbzIN0trEGf0Zi4tHEvXL1u7Y+olQzSlmWWaQt20hhXUOMLhMtlRsAo7 9 | AwjlE94JjAfJ1q1dwIcRN4c9Lk8GkiX6w7nDpRACDpk2S8ifCqi69eGe4+g7owhL 10 | 74bgs64PmM9a2sNXy1v6WE3c/t6sSrZiMvrGsqMo4sBlrQ9WXe0Naon7heBkPcdS 11 | px0YJjnyBXHMIH+ASmALSJ5JXq9vt2xRFf0dOsGapxhP+7bZJ5Pwyk/yUu5uHFbM 12 | /aBemlrZJzlKeYiiwpwx2whQAtDwN41zMG+r27EzSU/AaDV40NPiwwycpWt/Bp1e 13 | z1ag0JuS0an+PK4jmREtzT5U5BeAVM91x8YttOPpmUIpahAa1zwdYPRAIkbmPJ4z 14 | ZH+9YoPH4hoBQKdIhshYktjdI++xNiKXAUGUz5YoX8S68SsLdmKvhnQ7fu5VvOkA 15 | 2pb7taXGy7zfn+a/fWauhuceV9HPlAXMIu3GsssODoNly3vpcFeiMySKppygJ3Eg 16 | A3o9n8UepD+jXflKG/R/t7U3hT6LqSIvQWqBqYMEVFMCNzSsJ/ce/4veFvx343zT 17 | qdxuzYqyiXM74cynpfqHdVa9SFICTesNdVDI0FdOXhSQ4bHJc7Xp9FFJdS0lMRw4 18 | ACwKxvs8lo4Gx1WFyCqH5OxosKtDHQYzdUJfSWVJlhhOFR3GncR9qSe3O5fkhJfs 19 | TALnC+xTJyCkSB2k0/bxVLIhlkPdCwzsrN/B6X2CDBdg0mQIo0LaPzGF8VneM20d 20 | XebYn751XSiL3HKyq8G5AEFwj9AO3Q8gKuP2fPoWdngJ2GT+mt1m2fIw9Igu39J0 21 | ZMegyUN0wSIiA5AkgryK9U+PJEiJmLzOJ/NGr7E5tPF18eZWapK4KZ8TXC4RNiye 22 | g+apGa+xZJz2VQp/Mrcdj9D4UDJFQjrvKaS0PXJDoYUXFBoMv3rxijzRVxlhhuJY 23 | yZ0At+UqZD5wpuWW6DRrgJIpy0HNhbaLmgsU0Co0HKviB0x8hvMJbi/uCoPTOdPz 24 | sPB7CN2i3oXe7xw1HfSTSFWb4leqjlKwNgfV42ox0QUjkkADeeuY+56g/B2+QmdE 25 | vXrc6sDwfNUwRUzeMn8yfum/aW1y/wrqF/qPTBQqFd85vlzS+NfXIKDg04cAljTu 26 | +2BLzvizh9Bb68iG4PykNXbjbAir1EbQG1tCzq1eKhERjgrxdv6+XqAmvchMCeL5 27 | L6hvfQFBPCo/4xnMpU5wooFarO/kGdKlGr5rXOydgfL618Td18BIX+FHQFb3zzVU 28 | y2NR4++DslJAZgAU+512zzpW1m3JtaRoyqyoLE2YFPlW804Xc1PBB3Ix6Wyzcegy 29 | D4qMk5qxjBkXEsBBSCYfVbWoMBeMhnvxkz0b9wkPtAW/jEJCB2Kkn/5yMC0DkePO 30 | -----END RSA PRIVATE KEY----- 31 | -------------------------------------------------------------------------------- /sample/sample-keys/client.key: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDsZY/pEsIaW+ZW 3 | KgipgjotRHijADuwn+cnEECT7/HMPqCqBKKAGxOp5v6B1nCQqNjU3jDYNQDSvmLw 4 | SNr8FY3Exm0LmfErgwAK0yojC+XN+TXfQ2EVcq2VmPZzIUFeoN1HJ6DVmtRBqBwd 5 | VyBxF4/3KJ4+B87s1Q5CTx50R45HndIUKCcsFBD10Za1k3SE7/kE3o1Kb993q+rR 6 | WNNE/loEAf8Gepf3/eNXSOHw30ATn2YjWuNVVD1UOe4A+RLx0t90LrrX8I3G3RhY 7 | HJMiC3X6qNbgtS8tudT+uU+G4nVIFmD7P8m0MEIp+zuzK7lZgWpG80WDv/3VGv83 8 | DG9b/WHxAgMBAAECggEBAIOdaCpUD02trOh8LqZxowJhBOl7z7/ex0uweMPk67LT 9 | i5AdVHwOlzwZJ8oSIknoOBEMRBWcLQEojt1JMuL2/R95emzjIKshHHzqZKNulFvB 10 | TIUpdnwChTKtH0mqUkLlPU3Ienty4IpNlpmfUKimfbkWHERdBJBHbtDsTABhdo3X 11 | 9pCF/yRKqJS2Fy/Mkl3gv1y/NB1OL4Jhl7vQbf+kmgfQN2qdOVe2BOKQ8NlPUDmE 12 | /1XNIDaE3s6uvUaoFfwowzsCCwN2/8QrRMMKkjvV+lEVtNmQdYxj5Xj5IwS0vkK0 13 | 6icsngW87cpZxxc1zsRWcSTloy5ohub4FgKhlolmigECgYEA+cBlxzLvaMzMlBQY 14 | kCac9KQMvVL+DIFHlZA5i5L/9pRVp4JJwj3GUoehFJoFhsxnKr8HZyLwBKlCmUVm 15 | VxnshRWiAU18emUmeAtSGawlAS3QXhikVZDdd/L20YusLT+DXV81wlKR97/r9+17 16 | klQOLkSdPm9wcMDOWMNHX8bUg8kCgYEA8k+hQv6+TR/+Beao2IIctFtw/EauaJiJ 17 | wW5ql1cpCLPMAOQUvjs0Km3zqctfBF8mUjdkcyJ4uhL9FZtfywY22EtRIXOJ/8VR 18 | we65mVo6RLR8YVM54sihanuFOnlyF9LIBWB+9pUfh1/Y7DSebh7W73uxhAxQhi3Y 19 | QwfIQIFd8OkCgYBalH4VXhLYhpaYCiXSej6ot6rrK2N6c5Tb2MAWMA1nh+r84tMP 20 | gMoh+pDgYPAqMI4mQbxUmqZEeoLuBe6VHpDav7rPECRaW781AJ4ZM4cEQ3Jz/inz 21 | 4qOAMn10CF081/Ez9ykPPlU0bsYNWHNd4eB2xWnmUBKOwk7UgJatVPaUiQKBgQCI 22 | f18CVGpzG9CHFnaK8FCnMNOm6VIaTcNcGY0mD81nv5Dt943P054BQMsAHTY7SjZW 23 | HioRyZtkhonXAB2oSqnekh7zzxgv4sG5k3ct8evdBCcE1FNJc2eqikZ0uDETRoOy 24 | s7cRxNNr+QxDkyikM+80HOPU1PMPgwfOSrX90GJQ8QKBgEBKohGMV/sNa4t14Iau 25 | qO8aagoqh/68K9GFXljsl3/iCSa964HIEREtW09Qz1w3dotEgp2w8bsDa+OwWrLy 26 | 0SY7T5jRViM3cDWRlUBLrGGiL0FiwsfqiRiji60y19erJgrgyGVIb1kIgIBRkgFM 27 | 2MMweASzTmZcri4PA/5C0HYb 28 | -----END PRIVATE KEY----- 29 | -------------------------------------------------------------------------------- /sample/sample-keys/client.p12: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/openvpn/61f1d034e64e2f8d5e5d04173edb7e1e62c3fae9/sample/sample-keys/client.p12 -------------------------------------------------------------------------------- /sample/sample-keys/dh2048.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN DH PARAMETERS----- 2 | MIIBCAKCAQEArdnA32xujHPlPI+jPffHSoMUZ+b5gRz1H1Lw9//Gugm5TAsRiYrB 3 | t2BDSsMKvAjyqN+i5SJv4TOk98kRRKB27iPvyXmiL945VaDQl/UehCySjYlGFUjW 4 | 9nuo+JwQxeSbw0TLiSYoYJZQ8X1CxPl9mgJl277O4cW1Gc8I/bWa+ipU/4K5wv3h 5 | GI8nt+6A0jN3M/KebotMP101G4k0l0qsY4oRMTmP+z3oAP0qU9NZ1jiuMFVzRlNp 6 | 5FdYF7ctrH+tBF+QmyT4SRKSED4wE4oX6gp420NaBhIEQifIj75wlMDtxQlpkN+x 7 | QkjsEbPlaPKHGQ4uupssChVUi8IM2yq5EwIBAg== 8 | -----END DH PARAMETERS----- 9 | -------------------------------------------------------------------------------- /sample/sample-keys/server-ec.key: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIGEAgEAMBAGByqGSM49AgEGBSuBBAAKBG0wawIBAQQgLHGYqSlzoRaogmJfrC+E 3 | ozTothB9bORaQ1C/3FmeQ6ehRANCAAQhCawn5gA6V/T2x3ipsfTX10VZOeSj0yyU 4 | +WFK5rnph1fID4gDoFbuNOfkTiBjbMFuwQSsuS+pdmnTfUn/8TTL 5 | -----END PRIVATE KEY----- 6 | -------------------------------------------------------------------------------- /sample/sample-keys/server.key: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCluKLuzrGmD2qy 3 | n9MiF3neCZhxePqnzjZRVFfHMZlW0YrWxf1S5ogOe/nqJ3q/PxTsqtL/i1ZYrMpR 4 | d8U8tuSDbyIGLVvr51nUq0LI1amHc7NzNlEvpdCQoodkVGwS07h2R2mvro8As3C5 5 | 52c/jGo9eV+BJ6MOqqc9gUgQsRhsOC6PenvFPSHI+aB/FyuIT7ry7G0kjmzxClzZ 6 | W7Gw/EnLStJYxiolsJeEw57/NIwQRn8P+zxZeqYpDK6OUDryU4RALdWRewo3joJ3 7 | zmYvNHdcpUU7ABmnB9GS5ma5O07pY/wzmBquewh9Ct96uqpZbYaCCmQr2lmnTE7v 8 | Pb0EoksxAgMBAAECggEAPMOMin+jR75TYxeTNObiunVOPh0b2zeTVxLT9KfND7ZZ 9 | cBK8pg79SEJRCnhbW5BnvbeNEkIm8PC6ZlDCM1bkRwUStq0fDUqQ95esLzOYq5/S 10 | 5qW98viblszhU/pYfja/Zi8dI1uf96PT63Zbt0NnGQ9N42+DLDeKhtTGdchZqiQA 11 | LeSR0bQanY4tUUtCNYvBT8E3pzhoIsUzVwzIK53oovRpcOX3pMXVYZsmNhXdFFRy 12 | YkjMXpj7fGyaAJK0QsC+PsgrKuhXDzDttsG2lI/mq9+7RXB3d/pzhmBVWynVH2lw 13 | iQ7ONkSz7akDz/4I4WmxJep+FfQJYgK6rnLAlQqauQKBgQDammSAprnvDvNhSEp8 14 | W+xt7jQnFqaENbGgP0/D/OZMXc4khgexqlKFmSnBCRDmQ6JvLTWqDXC4+aqAbFQz 15 | zAIjiKaT+so8xvFRob+rBMJY5JLYKNa+zUUanfORUNYLFJPvFqnrWGaJ9uufdaM7 16 | 0a5bu95PN74NXee3DBbpBv8HLwKBgQDCEk+IjNbjMT+Neq0ywUeM5rFrUKi92abe 17 | AgsVpjbighRV+6jA2lZFJcize+xYJ9wiOR1/TEI9PZ2OtBkqpwVdvTEHTagRLcvd 18 | NfGcptREDnNLoNWA22buQpztiEduutACWQsrd+JQmqbUicUdW4zw86/oCMbYCW3V 19 | QmYOLns7nwKBgHHUX20WZE91S4pmqFKlUzHTDdkk1ESX6Qx2q0R01j8BwawHFs6O 20 | 0DW9EZ7w55nfsh+OPRl1sjK/3ubMgfQO0TZLm+IGf3Sya0qEnVeiPMkpDMX+TgRA 21 | wzEe+ou6uho+9uFSvdxMxeglaYA5M2ycvNwLsbEyZ4ZyVYxdgTiKahYFAoGAcIfP 22 | iD0qKQiYcj/tB94cz+3AeJqHjbYT1O1YYhBECOkmQ4kuG80+cs/q5W/45lEOiuWV 23 | Xgfo7Lu6jVGOujWoneci87oqtvNYH4e09oGh2WiLoBG9Wv9dWtBTUERSLzmxfXsG 24 | SAk2uEhEbj8IhfJc8iZLHH9iVUh6YEslBBodqL8CgYEAlAhvcqAvw5SzsfBR5Mcu 25 | 4Nql6mXEVhHCvS4hdFCGaNF0z9A6eBORKJpdLWnqhpquDQDsghWE+Ga4QKSNFIi1 26 | fnAaykmZuY3ToqNOIaVlYM6HpMEz0wHQbTWfDLGcTFcElLZgMAk7VlDyiYVOco+E 27 | QX9lXOO1PGpLzXhlDxSe63Y= 28 | -----END PRIVATE KEY----- 29 | -------------------------------------------------------------------------------- /sample/sample-keys/ta.key: -------------------------------------------------------------------------------- 1 | # 2 | # 2048 bit OpenVPN static key 3 | # 4 | -----BEGIN OpenVPN Static key V1----- 5 | a863b1cbdb911ff4ef3360ce135157e7 6 | 241a465f5045f51cf9a92ebc24da34fd 7 | 5fc48456778c977e374d55a8a7298aef 8 | 40d0ab0c60b5e09838510526b73473a0 9 | 8da46a8c352572dd86d4a871700a915b 10 | 6aaa58a9dac560db2dfdd7ef15a202e1 11 | fca6913d7ee79c678c5798fbf7bd920c 12 | caa7a64720908da7254598b052d07f55 13 | 5e31dc5721932cffbdd8965d04107415 14 | 46c86823da18b66aab347e4522cc05ff 15 | 634968889209c96b1024909cd4ce574c 16 | f829aa9c17d5df4a66043182ee23635d 17 | 8cabf5a7ba02345ad94a3aa25a63d55c 18 | e13f4ad235a0825e3fe17f9419baff1c 19 | e73ad1dd652f1e48c7102fe8ee181e54 20 | 10a160ae255f63fd01db1f29e6efcb8e 21 | -----END OpenVPN Static key V1----- 22 | -------------------------------------------------------------------------------- /sample/sample-plugins/defer/README: -------------------------------------------------------------------------------- 1 | OpenVPN plugin examples. 2 | 3 | Examples provided: 4 | 5 | simple.c -- using the --auth-user-pass-verify callback, 6 | test deferred authentication. 7 | 8 | To build: 9 | 10 | ./build simple (Linux/BSD/etc.) 11 | ./winbuild simple (MinGW on Windows) 12 | 13 | To use in OpenVPN, add to config file: 14 | 15 | plugin simple.so (Linux/BSD/etc.) 16 | plugin simple.dll (MinGW on Windows) 17 | -------------------------------------------------------------------------------- /sample/sample-plugins/defer/build: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # 4 | # Build an OpenVPN plugin module on *nix. The argument should 5 | # be the base name of the C source file (without the .c). 6 | # 7 | 8 | # This directory is where we will look for openvpn-plugin.h 9 | CPPFLAGS="${CPPFLAGS:--I../../../include}" 10 | 11 | CC="${CC:-gcc}" 12 | CFLAGS="${CFLAGS:--O2 -Wall -g}" 13 | 14 | $CC $CPPFLAGS $CFLAGS -fPIC -c $1.c && \ 15 | $CC $CFLAGS -fPIC -shared ${LDFLAGS} -Wl,-soname,$1.so -o $1.so $1.o -lc 16 | -------------------------------------------------------------------------------- /sample/sample-plugins/defer/simple.def: -------------------------------------------------------------------------------- 1 | LIBRARY OpenVPN_PLUGIN_SAMPLE 2 | DESCRIPTION "Sample OpenVPN plug-in module." 3 | EXPORTS 4 | openvpn_plugin_open_v1 @1 5 | openvpn_plugin_func_v1 @2 6 | openvpn_plugin_close_v1 @3 7 | -------------------------------------------------------------------------------- /sample/sample-plugins/defer/winbuild: -------------------------------------------------------------------------------- 1 | # 2 | # Build an OpenVPN plugin module on Windows/MinGW. 3 | # The argument should be the base name of the C source file 4 | # (without the .c). 5 | # 6 | 7 | # This directory is where we will look for openvpn-plugin.h 8 | INCLUDE="-I../../../build" 9 | 10 | CC_FLAGS="-O2 -Wall" 11 | 12 | gcc -DBUILD_DLL $CC_FLAGS $INCLUDE -c $1.c 13 | gcc --disable-stdcall-fixup -mdll -DBUILD_DLL -o junk.tmp -Wl,--base-file,base.tmp $1.o 14 | rm junk.tmp 15 | dlltool --dllname $1.dll --base-file base.tmp --output-exp temp.exp --input-def $1.def 16 | rm base.tmp 17 | gcc --enable-stdcall-fixup -mdll -DBUILD_DLL -o $1.dll $1.o -Wl,temp.exp 18 | rm temp.exp 19 | -------------------------------------------------------------------------------- /sample/sample-plugins/keying-material-exporter-demo/README: -------------------------------------------------------------------------------- 1 | OpenVPN plugin examples. Daniel Kubec 2 | 3 | Examples provided: 4 | 5 | keyingmaterialexporter.c -- Example based on TLS Keying Material Exporters over HTTP [RFC-5705] 6 | (openvpn/doc/keying-material-exporter.txt) 7 | 8 | This example demonstrates authenticating a user over HTTP who have already 9 | established an OpenVPN connecting using the --keying-material-exporter 10 | feature. 11 | 12 | Requires: 13 | OpenVPN RFC-5705 Support, OpenSSL >= 1.0.1 14 | 15 | Files: 16 | http-server.py -- Example HTTP Server listen 0.0.0.0:8080 17 | http-client.py -- Example HTTP Client connect 10.8.0.1:8080 [GET /$SESSIONID] 18 | 19 | server.ovpn -- Example HTTP SSO VPN Server configuration 20 | client.ovpn -- Example HTTP SSO VPN Client configuration 21 | 22 | keyingmaterialexporter.c, 23 | keyingmaterialexporter.so -- Example OpenVPN Client and Server plugin 24 | 25 | To build: 26 | ./build keyingmaterialexporter 27 | 28 | To use in OpenVPN: 29 | 30 | Enter openvpn/sample/sample-plugins/keyingmaterialexporter directory 31 | and in separate terminals, start these four processes: 32 | 33 | $ openvpn --config ./server.ovpn 34 | $ openvpn --config ./client.ovpn 35 | $ ./http-server.py 36 | $ ./http-client.py 37 | 38 | Test: 39 | 40 | openvpn --config ./server.ovpn 41 | ############################## 42 | 43 | PLUGIN SSO: app session created 44 | PLUGIN_CALL: POST ./keyingmaterialexporter.so/PLUGIN_TLS_VERIFY status=0 45 | PLUGIN SSO: app session key: a5885abc84d361803f58ede1ef9c0adf99e720cd 46 | PLUGIN SSO: app session file: /tmp/openvpn_sso_a5885abc84d361803f58ede1ef9c0adf99e720cd 47 | PLUGIN SSO: app session user: Test-Client 48 | 49 | openvpn --config ./client.ovpn 50 | ############################## 51 | PLUGIN SSO: app session created 52 | PLUGIN_CALL: POST ./keyingmaterialexporter.so/PLUGIN_TLS_VERIFY status=0 53 | PLUGIN SSO: app session key: a5885abc84d361803f58ede1ef9c0adf99e720cd 54 | PLUGIN SSO: app session file: /tmp/openvpn_sso_user 55 | PLUGIN_CALL: POST ./keyingmaterialexporter.so/PLUGIN_TLS_FINAL status=0 56 | 57 | HTTP_SERVER: 58 | http-server.py 59 | ################ 60 | http server started 61 | session file: /tmp/openvpn_sso_a5885abc84d361803f58ede1ef9c0adf99e720cd 62 | 10.8.0.1 - - [02/Apr/2015 15:03:33] "GET /a5885abc84d361803f58ede1ef9c0adf99e720cd HTTP/1.1" 200 - 63 | session user: Test-Client 64 | session key: a5885abc84d361803f58ede1ef9c0adf99e720cd 65 | 66 | HTTP_SERVER: 67 | http-client.py 68 |

Greetings Test-Client. You are authorized

69 | -------------------------------------------------------------------------------- /sample/sample-plugins/keying-material-exporter-demo/build: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # 4 | # Build an OpenVPN plugin module on *nix. The argument should 5 | # be the base name of the C source file (without the .c). 6 | # 7 | 8 | # This directory is where we will look for openvpn-plugin.h 9 | CPPFLAGS="${CPPFLAGS:--I../../..}" 10 | 11 | CC="${CC:-gcc}" 12 | CFLAGS="${CFLAGS:--O2 -Wall -g}" 13 | 14 | $CC $CPPFLAGS $CFLAGS -fPIC -c $1.c && \ 15 | $CC $CFLAGS -fPIC -shared $LDFLAGS -Wl,-soname,$1.so -o $1.so $1.o -lc 16 | -------------------------------------------------------------------------------- /sample/sample-plugins/keying-material-exporter-demo/client.ovpn: -------------------------------------------------------------------------------- 1 | tls-client 2 | pull 3 | 4 | keying-material-exporter "EXPORTER_SSO_TEST" 16 5 | reneg-sec 0 6 | 7 | ca ../../sample-keys/ca.crt 8 | cert ../../sample-keys/client.crt 9 | key ../../sample-keys/client.key 10 | 11 | plugin ./keyingmaterialexporter.so 12 | 13 | remote 127.0.0.1 1194 14 | proto udp 15 | dev tun 16 | nobind 17 | 18 | verb 4 19 | -------------------------------------------------------------------------------- /sample/sample-plugins/keying-material-exporter-demo/http-client.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | import sys 3 | import os 4 | import httplib 5 | 6 | f = '/tmp/openvpn_sso_user' 7 | with open (f, "r") as myfile: 8 | session_key = myfile.read().replace('\n', '') 9 | 10 | conn = httplib.HTTPConnection("10.8.0.1:8080") 11 | conn.request("GET", "/" + session_key) 12 | r1 = conn.getresponse() 13 | 14 | if r1.status == 200: 15 | body = r1.read().rstrip() 16 | print body 17 | elif r1.status == 404: 18 | print "Authentication failed" 19 | else: 20 | print r1.status, r1.reason 21 | -------------------------------------------------------------------------------- /sample/sample-plugins/keying-material-exporter-demo/http-server.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | from BaseHTTPServer import BaseHTTPRequestHandler, HTTPServer 3 | import os 4 | 5 | class ExampleHTTPRequestHandler(BaseHTTPRequestHandler): 6 | 7 | def do_GET(self): 8 | session_key = os.path.basename(self.path) 9 | file = '/tmp/openvpn_sso_' + session_key 10 | print 'session file: ' + file 11 | try: 12 | f = open(file) 13 | #send code 200 response 14 | self.send_response(200) 15 | #send header first 16 | self.send_header('Content-type','text-html') 17 | self.end_headers() 18 | #send file content to client 19 | user = f.read().rstrip() 20 | print 'session user: ' + user 21 | print 'session key: ' + session_key 22 | self.wfile.write('

Greetings ' + user \ 23 | + '. You are authorized' \ 24 | '

' \ 25 | '') 26 | f.close() 27 | return 28 | except IOError: 29 | self.send_error(404, 'authentication failed') 30 | 31 | def run(): 32 | #ip and port of servr 33 | #by default http server port is 80 34 | server_address = ('0.0.0.0', 8080) 35 | httpd = HTTPServer(server_address, ExampleHTTPRequestHandler) 36 | print('http server started') 37 | httpd.serve_forever() 38 | print('http server stopped') 39 | 40 | if __name__ == '__main__': 41 | run() 42 | -------------------------------------------------------------------------------- /sample/sample-plugins/keying-material-exporter-demo/server.ovpn: -------------------------------------------------------------------------------- 1 | tls-server 2 | reneg-sec 0 3 | 4 | keying-material-exporter "EXPORTER_SSO_TEST" 16 5 | duplicate-cn 6 | 7 | plugin ./keyingmaterialexporter.so 8 | ca ../../sample-keys/ca.crt 9 | cert ../../sample-keys/server.crt 10 | key ../../sample-keys/server.key 11 | dh ../../sample-keys/dh2048.pem 12 | 13 | server 10.8.0.0 255.255.255.0 14 | port 1194 15 | proto udp 16 | dev tun 17 | 18 | verb 4 19 | -------------------------------------------------------------------------------- /sample/sample-plugins/log/build: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # 4 | # Build an OpenVPN plugin module on *nix. The argument should 5 | # be the base name of the C source file (without the .c). 6 | # 7 | 8 | # This directory is where we will look for openvpn-plugin.h 9 | CPPFLAGS="${CPPFLAGS:--I../../../include}" 10 | 11 | CC="${CC:-gcc}" 12 | CFLAGS="${CFLAGS:--O2 -Wall -g}" 13 | 14 | $CC $CPPFLAGS $CFLAGS -fPIC -c $1.c && \ 15 | $CC $CFLAGS -fPIC -shared $LDFLAGS -Wl,-soname,$1.so -o $1.so $1.o -lc 16 | -------------------------------------------------------------------------------- /sample/sample-plugins/log/winbuild: -------------------------------------------------------------------------------- 1 | # 2 | # Build an OpenVPN plugin module on Windows/MinGW. 3 | # The argument should be the base name of the C source file 4 | # (without the .c). 5 | # 6 | 7 | # This directory is where we will look for openvpn-plugin.h 8 | INCLUDE="-I../../../include" 9 | 10 | CC_FLAGS="-O2 -Wall" 11 | 12 | gcc -DBUILD_DLL $CC_FLAGS $INCLUDE -c $1.c 13 | gcc --disable-stdcall-fixup -mdll -DBUILD_DLL -o junk.tmp -Wl,--base-file,base.tmp $1.o 14 | rm junk.tmp 15 | dlltool --dllname $1.dll --base-file base.tmp --output-exp temp.exp --input-def $1.def 16 | rm base.tmp 17 | gcc --enable-stdcall-fixup -mdll -DBUILD_DLL -o $1.dll $1.o -Wl,temp.exp 18 | rm temp.exp 19 | -------------------------------------------------------------------------------- /sample/sample-plugins/simple/README: -------------------------------------------------------------------------------- 1 | OpenVPN plugin examples. 2 | 3 | Examples provided: 4 | 5 | simple.c -- using the --auth-user-pass-verify callback, verify 6 | that the username/password is "foo"/"bar". 7 | 8 | To build: 9 | 10 | ./build simple (Linux/BSD/etc.) 11 | ./winbuild simple (MinGW on Windows) 12 | 13 | To use in OpenVPN, add to config file: 14 | 15 | plugin simple.so (Linux/BSD/etc.) 16 | plugin simple.dll (MinGW on Windows) 17 | -------------------------------------------------------------------------------- /sample/sample-plugins/simple/build: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # 4 | # Build an OpenVPN plugin module on *nix. The argument should 5 | # be the base name of the C source file (without the .c). 6 | # 7 | 8 | # This directory is where we will look for openvpn-plugin.h 9 | CPPFLAGS="${CPPFLAGS:--I../../..}" 10 | 11 | CC="${CC:-gcc}" 12 | CFLAGS="${CFLAGS:--O2 -Wall -g}" 13 | 14 | $CC $CPPFLAGS $CFLAGS -fPIC -c $1.c && \ 15 | $CC $CFLAGS -fPIC -shared $LDFLAGS -Wl,-soname,$1.so -o $1.so $1.o -lc 16 | -------------------------------------------------------------------------------- /sample/sample-plugins/simple/simple.def: -------------------------------------------------------------------------------- 1 | LIBRARY OpenVPN_PLUGIN_SAMPLE 2 | DESCRIPTION "Sample OpenVPN plug-in module." 3 | EXPORTS 4 | openvpn_plugin_open_v1 @1 5 | openvpn_plugin_func_v1 @2 6 | openvpn_plugin_close_v1 @3 7 | -------------------------------------------------------------------------------- /sample/sample-plugins/simple/winbuild: -------------------------------------------------------------------------------- 1 | # 2 | # Build an OpenVPN plugin module on Windows/MinGW. 3 | # The argument should be the base name of the C source file 4 | # (without the .c). 5 | # 6 | 7 | # This directory is where we will look for openvpn-plugin.h 8 | INCLUDE="-I../../../include" 9 | 10 | CC_FLAGS="-O2 -Wall" 11 | 12 | gcc -DBUILD_DLL $CC_FLAGS $INCLUDE -c $1.c 13 | gcc --disable-stdcall-fixup -mdll -DBUILD_DLL -o junk.tmp -Wl,--base-file,base.tmp $1.o 14 | rm junk.tmp 15 | dlltool --dllname $1.dll --base-file base.tmp --output-exp temp.exp --input-def $1.def 16 | rm base.tmp 17 | gcc --enable-stdcall-fixup -mdll -DBUILD_DLL -o $1.dll $1.o -Wl,temp.exp 18 | rm temp.exp 19 | -------------------------------------------------------------------------------- /sample/sample-scripts/bridge-start: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | ################################# 4 | # Set up Ethernet bridge on Linux 5 | # Requires: bridge-utils 6 | ################################# 7 | 8 | # Define Bridge Interface 9 | br="br0" 10 | 11 | # Define list of TAP interfaces to be bridged, 12 | # for example tap="tap0 tap1 tap2". 13 | tap="tap0" 14 | 15 | # Define physical ethernet interface to be bridged 16 | # with TAP interface(s) above. 17 | eth="eth0" 18 | eth_ip="192.168.8.4" 19 | eth_netmask="255.255.255.0" 20 | eth_broadcast="192.168.8.255" 21 | 22 | for t in $tap; do 23 | openvpn --mktun --dev $t 24 | done 25 | 26 | brctl addbr $br 27 | brctl addif $br $eth 28 | 29 | for t in $tap; do 30 | brctl addif $br $t 31 | done 32 | 33 | for t in $tap; do 34 | ifconfig $t 0.0.0.0 promisc up 35 | done 36 | 37 | ifconfig $eth 0.0.0.0 promisc up 38 | 39 | ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast 40 | -------------------------------------------------------------------------------- /sample/sample-scripts/bridge-stop: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | #################################### 4 | # Tear Down Ethernet bridge on Linux 5 | #################################### 6 | 7 | # Define Bridge Interface 8 | br="br0" 9 | 10 | # Define list of TAP interfaces to be bridged together 11 | tap="tap0" 12 | 13 | ifconfig $br down 14 | brctl delbr $br 15 | 16 | for t in $tap; do 17 | openvpn --rmtun --dev $t 18 | done 19 | -------------------------------------------------------------------------------- /sample/sample-scripts/ucn.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl -t 2 | 3 | # OpenVPN --auth-user-pass-verify script. 4 | # Only authenticate if username equals common_name. 5 | # In OpenVPN config file: 6 | # auth-user-pass-verify ./ucn.pl via-env 7 | 8 | $username = $ENV{'username'}; 9 | $common_name = $ENV{'common_name'}; 10 | 11 | exit !(length($username) > 0 && length($common_name) > 0 && $username eq $common_name); 12 | -------------------------------------------------------------------------------- /sample/sample-scripts/verify-cn: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | # verify-cn -- a sample OpenVPN tls-verify script 4 | # 5 | # Return 0 if cn matches the common name component of 6 | # subject, 1 otherwise. 7 | # 8 | # For example in OpenVPN, you could use the directive: 9 | # 10 | # tls-verify "./verify-cn /etc/openvpn/allowed_clients" 11 | # 12 | # This would cause the connection to be dropped unless 13 | # the client common name is listed on a line in the 14 | # allowed_clients file. 15 | 16 | die "usage: verify-cn cnfile certificate_depth subject" if (@ARGV != 3); 17 | 18 | # Parse out arguments: 19 | # cnfile -- The file containing the list of common names, one per 20 | # line, which the client is required to have, 21 | # taken from the argument to the tls-verify directive 22 | # in the OpenVPN config file. 23 | # The file can have blank lines and comment lines that begin 24 | # with the # character. 25 | # depth -- The current certificate chain depth. In a typical 26 | # bi-level chain, the root certificate will be at level 27 | # 1 and the client certificate will be at level 0. 28 | # This script will be called separately for each level. 29 | # x509 -- the X509 subject string as extracted by OpenVPN from 30 | # the client's provided certificate. 31 | ($cnfile, $depth, $x509) = @ARGV; 32 | 33 | if ($depth == 0) { 34 | # If depth is zero, we know that this is the final 35 | # certificate in the chain (i.e. the client certificate), 36 | # and the one we are interested in examining. 37 | # If so, parse out the common name substring in 38 | # the X509 subject string. 39 | 40 | if ($x509 =~ / CN=([^,]+)/) { 41 | $cn = $1; 42 | # Accept the connection if the X509 common name 43 | # string matches the passed cn argument. 44 | open(FH, '<', $cnfile) or exit 1; # can't open, nobody authenticates! 45 | while (defined($line = )) { 46 | if ($line !~ /^[[:space:]]*(#|$)/o) { 47 | chop($line); 48 | if ($line eq $cn) { 49 | exit 0; 50 | } 51 | } 52 | } 53 | close(FH); 54 | } 55 | 56 | # Authentication failed -- Either we could not parse 57 | # the X509 subject string, or the common name in the 58 | # subject string didn't match the passed cn argument. 59 | exit 1; 60 | } 61 | 62 | # If depth is nonzero, tell OpenVPN to continue processing 63 | # the certificate chain. 64 | exit 0; 65 | -------------------------------------------------------------------------------- /src/Makefile.am: -------------------------------------------------------------------------------- 1 | # 2 | # OpenVPN -- An application to securely tunnel IP networks 3 | # over a single UDP port, with support for SSL/TLS-based 4 | # session authentication and key exchange, 5 | # packet encryption, packet authentication, and 6 | # packet compression. 7 | # 8 | # Copyright (C) 2002-2018 OpenVPN Inc 9 | # Copyright (C) 2006-2012 Alon Bar-Lev 10 | # 11 | 12 | MAINTAINERCLEANFILES = \ 13 | $(srcdir)/Makefile.in 14 | 15 | SUBDIRS = compat openvpn openvpnserv plugins 16 | -------------------------------------------------------------------------------- /src/compat/Makefile.am: -------------------------------------------------------------------------------- 1 | # 2 | # OpenVPN -- An application to securely tunnel IP networks 3 | # over a single UDP port, with support for SSL/TLS-based 4 | # session authentication and key exchange, 5 | # packet encryption, packet authentication, and 6 | # packet compression. 7 | # 8 | # Copyright (C) 2002-2018 OpenVPN Inc 9 | # Copyright (C) 2006-2012 Alon Bar-Lev 10 | # 11 | 12 | MAINTAINERCLEANFILES = \ 13 | $(srcdir)/Makefile.in 14 | 15 | EXTRA_DIST = \ 16 | compat.vcxproj \ 17 | compat.vcxproj.filters 18 | 19 | noinst_LTLIBRARIES = libcompat.la 20 | 21 | libcompat_la_SOURCES = \ 22 | compat.h \ 23 | compat-dirname.c \ 24 | compat-basename.c \ 25 | compat-gettimeofday.c \ 26 | compat-daemon.c \ 27 | compat-inet_ntop.c \ 28 | compat-inet_pton.c \ 29 | compat-lz4.c compat-lz4.h \ 30 | compat-versionhelpers.h 31 | -------------------------------------------------------------------------------- /src/compat/compat-basename.c: -------------------------------------------------------------------------------- 1 | /* 2 | * OpenVPN -- An application to securely tunnel IP networks 3 | * over a single UDP port, with support for SSL/TLS-based 4 | * session authentication and key exchange, 5 | * packet encryption, packet authentication, and 6 | * packet compression. 7 | * 8 | * Copyright (C) 2011 - David Sommerseth 9 | * 10 | * This program is free software; you can redistribute it and/or modify 11 | * it under the terms of the GNU General Public License version 2 12 | * as published by the Free Software Foundation. 13 | * 14 | * This program is distributed in the hope that it will be useful, 15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | * GNU General Public License for more details. 18 | * 19 | * You should have received a copy of the GNU General Public License along 20 | * with this program; if not, write to the Free Software Foundation, Inc., 21 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 22 | */ 23 | 24 | #ifdef HAVE_CONFIG_H 25 | #include "config.h" 26 | #elif defined(_MSC_VER) 27 | #include "config-msvc.h" 28 | #endif 29 | 30 | #ifndef HAVE_BASENAME 31 | 32 | #include "compat.h" 33 | #include 34 | 35 | /* Modified version based on glibc-2.14.1 by Roland McGrath 36 | * This version is extended to handle both / and \ in path names 37 | */ 38 | char * 39 | basename(char *filename) 40 | { 41 | char *p = strrchr(filename, '/'); 42 | if (!p) 43 | { 44 | /* If NULL, check for \ instead ... might be Windows a path */ 45 | p = strrchr(filename, '\\'); 46 | } 47 | return p ? p + 1 : (char *) filename; 48 | } 49 | 50 | #endif /* HAVE_BASENAME */ 51 | -------------------------------------------------------------------------------- /src/compat/compat-inet_ntop.c: -------------------------------------------------------------------------------- 1 | /* 2 | * OpenVPN -- An application to securely tunnel IP networks 3 | * over a single UDP port, with support for SSL/TLS-based 4 | * session authentication and key exchange, 5 | * packet encryption, packet authentication, and 6 | * packet compression. 7 | * 8 | * Copyright (C) 2011 - David Sommerseth 9 | * 10 | * This program is free software; you can redistribute it and/or modify 11 | * it under the terms of the GNU General Public License version 2 12 | * as published by the Free Software Foundation. 13 | * 14 | * This program is distributed in the hope that it will be useful, 15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | * GNU General Public License for more details. 18 | * 19 | * You should have received a copy of the GNU General Public License along 20 | * with this program; if not, write to the Free Software Foundation, Inc., 21 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 22 | */ 23 | 24 | #ifdef HAVE_CONFIG_H 25 | #include "config.h" 26 | #elif defined(_MSC_VER) 27 | #include "config-msvc.h" 28 | #endif 29 | 30 | #ifndef HAVE_INET_NTOP 31 | 32 | #include "compat.h" 33 | 34 | #ifdef _WIN32 35 | 36 | #include 37 | 38 | /* 39 | * inet_ntop() and inet_pton() wrap-implementations using 40 | * WSAAddressToString() and WSAStringToAddress() functions 41 | * 42 | * this is needed as long as we support running OpenVPN on WinXP 43 | */ 44 | 45 | const char * 46 | inet_ntop(int af, const void *src, char *dst, socklen_t size) 47 | { 48 | struct sockaddr_storage ss; 49 | unsigned long s = size; 50 | 51 | ZeroMemory(&ss, sizeof(ss)); 52 | ss.ss_family = af; 53 | 54 | switch (af) 55 | { 56 | case AF_INET: 57 | ((struct sockaddr_in *)&ss)->sin_addr = *(struct in_addr *)src; 58 | break; 59 | 60 | case AF_INET6: 61 | ((struct sockaddr_in6 *)&ss)->sin6_addr = *(struct in6_addr *)src; 62 | break; 63 | 64 | default: 65 | return NULL; 66 | } 67 | /* cannot direclty use &size because of strict aliasing rules */ 68 | return (WSAAddressToString((struct sockaddr *)&ss, sizeof(ss), NULL, dst, &s) == 0) ? 69 | dst : NULL; 70 | } 71 | 72 | #else /* ifdef _WIN32 */ 73 | 74 | #error no emulation for inet_ntop 75 | 76 | #endif /* ifdef _WIN32 */ 77 | 78 | #endif /* ifndef HAVE_INET_NTOP */ 79 | -------------------------------------------------------------------------------- /src/compat/compat-inet_pton.c: -------------------------------------------------------------------------------- 1 | /* 2 | * OpenVPN -- An application to securely tunnel IP networks 3 | * over a single UDP port, with support for SSL/TLS-based 4 | * session authentication and key exchange, 5 | * packet encryption, packet authentication, and 6 | * packet compression. 7 | * 8 | * Copyright (C) 2011 - David Sommerseth 9 | * 10 | * This program is free software; you can redistribute it and/or modify 11 | * it under the terms of the GNU General Public License version 2 12 | * as published by the Free Software Foundation. 13 | * 14 | * This program is distributed in the hope that it will be useful, 15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | * GNU General Public License for more details. 18 | * 19 | * You should have received a copy of the GNU General Public License along 20 | * with this program; if not, write to the Free Software Foundation, Inc., 21 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 22 | */ 23 | 24 | #ifdef HAVE_CONFIG_H 25 | #include "config.h" 26 | #elif defined(_MSC_VER) 27 | #include "config-msvc.h" 28 | #endif 29 | 30 | #ifndef HAVE_INET_PTON 31 | 32 | #include "compat.h" 33 | 34 | #ifdef _WIN32 35 | 36 | #include 37 | #include 38 | 39 | /* 40 | * inet_ntop() and inet_pton() wrap-implementations using 41 | * WSAAddressToString() and WSAStringToAddress() functions 42 | * 43 | * this is needed as long as we support running OpenVPN on WinXP 44 | */ 45 | 46 | 47 | int 48 | inet_pton(int af, const char *src, void *dst) 49 | { 50 | struct sockaddr_storage ss; 51 | int size = sizeof(ss); 52 | char src_copy[INET6_ADDRSTRLEN+1]; 53 | 54 | ZeroMemory(&ss, sizeof(ss)); 55 | /* stupid non-const API */ 56 | strncpy(src_copy, src, INET6_ADDRSTRLEN+1); 57 | src_copy[INET6_ADDRSTRLEN] = 0; 58 | 59 | if (WSAStringToAddress(src_copy, af, NULL, (struct sockaddr *)&ss, &size) == 0) 60 | { 61 | switch (af) 62 | { 63 | case AF_INET: 64 | *(struct in_addr *)dst = ((struct sockaddr_in *)&ss)->sin_addr; 65 | return 1; 66 | 67 | case AF_INET6: 68 | *(struct in6_addr *)dst = ((struct sockaddr_in6 *)&ss)->sin6_addr; 69 | return 1; 70 | } 71 | } 72 | return 0; 73 | } 74 | 75 | #else /* ifdef _WIN32 */ 76 | 77 | #error no emulation for inet_ntop 78 | 79 | #endif /* ifdef _WIN32 */ 80 | 81 | #endif /* ifndef HAVE_INET_PTON */ 82 | -------------------------------------------------------------------------------- /src/compat/compat.h: -------------------------------------------------------------------------------- 1 | /* 2 | * OpenVPN -- An application to securely tunnel IP networks 3 | * over a single UDP port, with support for SSL/TLS-based 4 | * session authentication and key exchange, 5 | * packet encryption, packet authentication, and 6 | * packet compression. 7 | * 8 | * Copyright (C) 2011 - David Sommerseth 9 | * 10 | * This program is free software; you can redistribute it and/or modify 11 | * it under the terms of the GNU General Public License version 2 12 | * as published by the Free Software Foundation. 13 | * 14 | * This program is distributed in the hope that it will be useful, 15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | * GNU General Public License for more details. 18 | * 19 | * You should have received a copy of the GNU General Public License along 20 | * with this program; if not, write to the Free Software Foundation, Inc., 21 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 22 | */ 23 | 24 | #ifndef COMPAT_H 25 | #define COMPAT_H 26 | 27 | #ifdef HAVE_WINSOCK2_H 28 | #include 29 | #endif 30 | 31 | #ifdef HAVE_WS2TCPIP_H 32 | #include 33 | #endif 34 | 35 | #ifdef HAVE_SYS_TIME_H 36 | #include 37 | #endif 38 | 39 | #ifdef HAVE_SYS_SOCKET_H 40 | #include 41 | #endif 42 | 43 | #ifndef HAVE_DIRNAME 44 | char *dirname(char *str); 45 | 46 | #endif /* HAVE_DIRNAME */ 47 | 48 | #ifndef HAVE_BASENAME 49 | char *basename(char *str); 50 | 51 | #endif /* HAVE_BASENAME */ 52 | 53 | #ifndef HAVE_GETTIMEOFDAY 54 | int gettimeofday(struct timeval *tv, void *tz); 55 | 56 | #endif 57 | 58 | #ifndef HAVE_DAEMON 59 | int daemon(int nochdir, int noclose); 60 | 61 | #endif 62 | 63 | #ifndef HAVE_INET_NTOP 64 | const char *inet_ntop(int af, const void *src, char *dst, socklen_t size); 65 | 66 | #endif 67 | 68 | #ifndef HAVE_INET_PTON 69 | int inet_pton(int af, const char *src, void *dst); 70 | 71 | #endif 72 | 73 | #endif /* COMPAT_H */ 74 | -------------------------------------------------------------------------------- /src/compat/compat.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav 15 | 16 | 17 | 18 | 19 | Source Files 20 | 21 | 22 | Source Files 23 | 24 | 25 | Source Files 26 | 27 | 28 | Source Files 29 | 30 | 31 | Source Files 32 | 33 | 34 | Source Files 35 | 36 | 37 | Source Files 38 | 39 | 40 | 41 | 42 | Header Files 43 | 44 | 45 | -------------------------------------------------------------------------------- /src/openvpn/argv.h: -------------------------------------------------------------------------------- 1 | /* 2 | * OpenVPN -- An application to securely tunnel IP networks 3 | * over a single TCP/UDP port, with support for SSL/TLS-based 4 | * session authentication and key exchange, 5 | * packet encryption, packet authentication, and 6 | * packet compression. 7 | * 8 | * Copyright (C) 2002-2018 OpenVPN Inc 9 | * 10 | * This program is free software; you can redistribute it and/or modify 11 | * it under the terms of the GNU General Public License version 2 12 | * as published by the Free Software Foundation. 13 | * 14 | * This program is distributed in the hope that it will be useful, 15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | * GNU General Public License for more details. 18 | * 19 | * You should have received a copy of the GNU General Public License along 20 | * with this program; if not, write to the Free Software Foundation, Inc., 21 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 22 | * 23 | * 24 | * A printf-like function (that only recognizes a subset of standard printf 25 | * format operators) that prints arguments to an argv list instead 26 | * of a standard string. This is used to build up argv arrays for passing 27 | * to execve. 28 | */ 29 | 30 | #ifndef ARGV_H 31 | #define ARGV_H 32 | 33 | #include "buffer.h" 34 | 35 | struct argv { 36 | size_t capacity; 37 | size_t argc; 38 | char **argv; 39 | }; 40 | 41 | struct argv argv_new(void); 42 | 43 | void argv_reset(struct argv *a); 44 | 45 | const char *argv_str(const struct argv *a, struct gc_arena *gc, const unsigned int flags); 46 | 47 | struct argv argv_insert_head(const struct argv *a, const char *head); 48 | 49 | void argv_msg(const int msglev, const struct argv *a); 50 | 51 | void argv_msg_prefix(const int msglev, const struct argv *a, const char *prefix); 52 | 53 | void argv_parse_cmd(struct argv *a, const char *s); 54 | 55 | void argv_printf(struct argv *a, const char *format, ...) 56 | #ifdef __GNUC__ 57 | #if __USE_MINGW_ANSI_STDIO 58 | __attribute__ ((format(gnu_printf, 2, 3))) 59 | #else 60 | __attribute__ ((format(__printf__, 2, 3))) 61 | #endif 62 | #endif 63 | ; 64 | 65 | void argv_printf_cat(struct argv *a, const char *format, ...) 66 | #ifdef __GNUC__ 67 | #if __USE_MINGW_ANSI_STDIO 68 | __attribute__ ((format(gnu_printf, 2, 3))) 69 | #else 70 | __attribute__ ((format(__printf__, 2, 3))) 71 | #endif 72 | #endif 73 | ; 74 | 75 | #endif /* ifndef ARGV_H */ 76 | -------------------------------------------------------------------------------- /src/openvpn/base64.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan 3 | * (Royal Institute of Technology, Stockholm, Sweden). 4 | * All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions 8 | * are met: 9 | * 10 | * 1. Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions and the following disclaimer. 12 | * 13 | * 2. Redistributions in binary form must reproduce the above copyright 14 | * notice, this list of conditions and the following disclaimer in the 15 | * documentation and/or other materials provided with the distribution. 16 | * 17 | * 3. Neither the name of the Institute nor the names of its contributors 18 | * may be used to endorse or promote products derived from this software 19 | * without specific prior written permission. 20 | * 21 | * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 22 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 | * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 25 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 | * SUCH DAMAGE. 32 | */ 33 | 34 | #ifndef _BASE64_H_ 35 | #define _BASE64_H_ 36 | 37 | int openvpn_base64_encode(const void *data, int size, char **str); 38 | 39 | int openvpn_base64_decode(const char *str, void *data, int size); 40 | 41 | #endif 42 | -------------------------------------------------------------------------------- /src/openvpn/basic.h: -------------------------------------------------------------------------------- 1 | /* 2 | * OpenVPN -- An application to securely tunnel IP networks 3 | * over a single UDP port, with support for SSL/TLS-based 4 | * session authentication and key exchange, 5 | * packet encryption, packet authentication, and 6 | * packet compression. 7 | * 8 | * Copyright (C) 2002-2018 OpenVPN Inc 9 | * 10 | * This program is free software; you can redistribute it and/or modify 11 | * it under the terms of the GNU General Public License version 2 12 | * as published by the Free Software Foundation. 13 | * 14 | * This program is distributed in the hope that it will be useful, 15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | * GNU General Public License for more details. 18 | * 19 | * You should have received a copy of the GNU General Public License along 20 | * with this program; if not, write to the Free Software Foundation, Inc., 21 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 22 | */ 23 | 24 | #ifndef BASIC_H 25 | #define BASIC_H 26 | 27 | #define BOOL_CAST(x) ((x) ? (true) : (false)) 28 | 29 | /* size of an array */ 30 | #define SIZE(x) (sizeof(x)/sizeof(x[0])) 31 | 32 | /* clear an object (may be optimized away, use secure_memzero() to erase secrets) */ 33 | #define CLEAR(x) memset(&(x), 0, sizeof(x)) 34 | 35 | #define IPV4_NETMASK_HOST 0xffffffffU 36 | 37 | #endif 38 | -------------------------------------------------------------------------------- /src/openvpn/block_dns.h: -------------------------------------------------------------------------------- 1 | /* 2 | * OpenVPN -- An application to securely tunnel IP networks 3 | * over a single TCP/UDP port, with support for SSL/TLS-based 4 | * session authentication and key exchange, 5 | * packet encryption, packet authentication, and 6 | * packet compression. 7 | * 8 | * Copyright (C) 2016 Selva Nair 9 | * 10 | * This program is free software; you can redistribute it and/or modify 11 | * it under the terms of the GNU General Public License version 2 12 | * as published by the Free Software Foundation. 13 | * 14 | * This program is distributed in the hope that it will be useful, 15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | * GNU General Public License for more details. 18 | * 19 | * You should have received a copy of the GNU General Public License along 20 | * with this program; if not, write to the Free Software Foundation, Inc., 21 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 22 | */ 23 | 24 | #ifdef _WIN32 25 | 26 | #ifndef OPENVPN_BLOCK_DNS_H 27 | #define OPENVPN_BLOCK_DNS_H 28 | 29 | /* Any value less than 5 should work fine. 3 is chosen without any real reason. */ 30 | #define BLOCK_DNS_IFACE_METRIC 3 31 | 32 | typedef void (*block_dns_msg_handler_t) (DWORD err, const char *msg); 33 | 34 | DWORD 35 | delete_block_dns_filters(HANDLE engine); 36 | 37 | DWORD 38 | add_block_dns_filters(HANDLE *engine, int iface_index, const WCHAR *exe_path, 39 | block_dns_msg_handler_t msg_handler_callback); 40 | 41 | /** 42 | * Return interface metric value for the specified interface index. 43 | * 44 | * @param index The index of TAP adapter. 45 | * @param family Address family (AF_INET for IPv4 and AF_INET6 for IPv6). 46 | * @param is_auto On return set to true if automatic metric is in use. 47 | * Unused if NULL. 48 | * 49 | * @return positive interface metric on success or -1 on error 50 | */ 51 | int 52 | get_interface_metric(const NET_IFINDEX index, const ADDRESS_FAMILY family, int *is_auto); 53 | 54 | /** 55 | * Sets interface metric value for specified interface index. 56 | * 57 | * @param index The index of TAP adapter 58 | * @param family Address family (AF_INET for IPv4 and AF_INET6 for IPv6) 59 | * @param metric Metric value. 0 for automatic metric 60 | * 61 | * @return 0 on success, a non-zero status code of the last failed action on failure. 62 | */ 63 | 64 | DWORD 65 | set_interface_metric(const NET_IFINDEX index, const ADDRESS_FAMILY family, 66 | const ULONG metric); 67 | 68 | #endif 69 | #endif 70 | -------------------------------------------------------------------------------- /src/openvpn/circ_list.h: -------------------------------------------------------------------------------- 1 | /* 2 | * OpenVPN -- An application to securely tunnel IP networks 3 | * over a single UDP port, with support for SSL/TLS-based 4 | * session authentication and key exchange, 5 | * packet encryption, packet authentication, and 6 | * packet compression. 7 | * 8 | * Copyright (C) 2002-2018 OpenVPN Inc 9 | * 10 | * This program is free software; you can redistribute it and/or modify 11 | * it under the terms of the GNU General Public License version 2 12 | * as published by the Free Software Foundation. 13 | * 14 | * This program is distributed in the hope that it will be useful, 15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | * GNU General Public License for more details. 18 | * 19 | * You should have received a copy of the GNU General Public License along 20 | * with this program; if not, write to the Free Software Foundation, Inc., 21 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 22 | */ 23 | 24 | #ifndef CIRC_LIST_H 25 | #define CIRC_LIST_H 26 | 27 | #include "basic.h" 28 | #include "integer.h" 29 | #include "error.h" 30 | 31 | #define CIRC_LIST(name, type) \ 32 | struct name { \ 33 | int x_head; \ 34 | int x_size; \ 35 | int x_cap; \ 36 | int x_sizeof; \ 37 | type x_list[EMPTY_ARRAY_SIZE]; \ 38 | } 39 | 40 | #define CIRC_LIST_PUSH(obj, item) \ 41 | { \ 42 | (obj)->x_head = modulo_add((obj)->x_head, -1, (obj)->x_cap); \ 43 | (obj)->x_list[(obj)->x_head] = (item); \ 44 | (obj)->x_size = min_int((obj)->x_size + 1, (obj)->x_cap); \ 45 | } 46 | 47 | #define CIRC_LIST_SIZE(obj) \ 48 | ((obj)->x_size) 49 | 50 | #define CIRC_LIST_INDEX(obj, index) \ 51 | modulo_add((obj)->x_head, \ 52 | index_verify((index), (obj)->x_size, __FILE__, __LINE__), \ 53 | (obj)->x_cap) 54 | 55 | #define CIRC_LIST_ITEM(obj, index) \ 56 | ((obj)->x_list[CIRC_LIST_INDEX((obj), (index))]) 57 | 58 | #define CIRC_LIST_RESET(obj) \ 59 | { \ 60 | (obj)->x_head = 0; \ 61 | (obj)->x_size = 0; \ 62 | } 63 | 64 | #define CIRC_LIST_ALLOC(dest, list_type, size) \ 65 | { \ 66 | const int so = sizeof(list_type) + sizeof((dest)->x_list[0]) * (size); \ 67 | (dest) = (list_type *) malloc(so); \ 68 | check_malloc_return(dest); \ 69 | memset((dest), 0, so); \ 70 | (dest)->x_cap = size; \ 71 | (dest)->x_sizeof = so; \ 72 | } 73 | 74 | #define CIRC_LIST_FREE(dest) \ 75 | free(dest) 76 | 77 | #endif /* ifndef CIRC_LIST_H */ 78 | -------------------------------------------------------------------------------- /src/openvpn/clinat.h: -------------------------------------------------------------------------------- 1 | /* 2 | * OpenVPN -- An application to securely tunnel IP networks 3 | * over a single TCP/UDP port, with support for SSL/TLS-based 4 | * session authentication and key exchange, 5 | * packet encryption, packet authentication, and 6 | * packet compression. 7 | * 8 | * Copyright (C) 2002-2018 OpenVPN Inc 9 | * 10 | * This program is free software; you can redistribute it and/or modify 11 | * it under the terms of the GNU General Public License version 2 12 | * as published by the Free Software Foundation. 13 | * 14 | * This program is distributed in the hope that it will be useful, 15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | * GNU General Public License for more details. 18 | * 19 | * You should have received a copy of the GNU General Public License along 20 | * with this program; if not, write to the Free Software Foundation, Inc., 21 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 22 | */ 23 | 24 | #if !defined(CLINAT_H) 25 | #define CLINAT_H 26 | 27 | #include "buffer.h" 28 | 29 | #define MAX_CLIENT_NAT 64 30 | 31 | #define CN_OUTGOING 0 32 | #define CN_INCOMING 1 33 | 34 | struct client_nat_entry { 35 | #define CN_SNAT 0 36 | #define CN_DNAT 1 37 | int type; 38 | in_addr_t network; 39 | in_addr_t netmask; 40 | in_addr_t foreign_network; 41 | }; 42 | 43 | struct client_nat_option_list { 44 | int n; 45 | struct client_nat_entry entries[MAX_CLIENT_NAT]; 46 | }; 47 | 48 | struct client_nat_option_list *new_client_nat_list(struct gc_arena *gc); 49 | 50 | struct client_nat_option_list *clone_client_nat_option_list(const struct client_nat_option_list *src, struct gc_arena *gc); 51 | 52 | void copy_client_nat_option_list(struct client_nat_option_list *dest, const struct client_nat_option_list *src); 53 | 54 | void print_client_nat_list(const struct client_nat_option_list *list, int msglevel); 55 | 56 | void add_client_nat_to_option_list(struct client_nat_option_list *dest, 57 | const char *type, 58 | const char *network, 59 | const char *netmask, 60 | const char *foreign_network, 61 | int msglevel); 62 | 63 | void client_nat_transform(const struct client_nat_option_list *list, 64 | struct buffer *ipbuf, 65 | const int direction); 66 | 67 | #endif /* if !defined(CLINAT_H) */ 68 | -------------------------------------------------------------------------------- /src/openvpn/comp-lz4.h: -------------------------------------------------------------------------------- 1 | /* 2 | * OpenVPN -- An application to securely tunnel IP networks 3 | * over a single UDP port, with support for SSL/TLS-based 4 | * session authentication and key exchange, 5 | * packet encryption, packet authentication, and 6 | * packet compression. 7 | * 8 | * Copyright (C) 2002-2018 OpenVPN Inc 9 | * Copyright (C) 2013-2018 Gert Doering 10 | * 11 | * This program is free software; you can redistribute it and/or modify 12 | * it under the terms of the GNU General Public License version 2 13 | * as published by the Free Software Foundation. 14 | * 15 | * This program is distributed in the hope that it will be useful, 16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18 | * GNU General Public License for more details. 19 | * 20 | * You should have received a copy of the GNU General Public License along 21 | * with this program; if not, write to the Free Software Foundation, Inc., 22 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 23 | */ 24 | 25 | #ifndef OPENVPN_COMP_LZ4_H 26 | #define OPENVPN_COMP_LZ4_H 27 | 28 | #if defined(ENABLE_LZ4) 29 | 30 | #include "buffer.h" 31 | 32 | extern const struct compress_alg lz4_alg; 33 | extern const struct compress_alg lz4v2_alg; 34 | 35 | struct lz4_workspace 36 | { 37 | int dummy; 38 | }; 39 | 40 | #endif /* ENABLE_LZ4 */ 41 | #endif 42 | -------------------------------------------------------------------------------- /src/openvpn/console.c: -------------------------------------------------------------------------------- 1 | /* 2 | * OpenVPN -- An application to securely tunnel IP networks 3 | * over a single UDP port, with support for SSL/TLS-based 4 | * session authentication and key exchange, 5 | * packet encryption, packet authentication, and 6 | * packet compression. 7 | * 8 | * Copyright (C) 2002-2018 OpenVPN Inc 9 | * Copyright (C) 2014-2015 David Sommerseth 10 | * Copyright (C) 2016-2018 David Sommerseth 11 | * 12 | * This program is free software; you can redistribute it and/or modify 13 | * it under the terms of the GNU General Public License version 2 14 | * as published by the Free Software Foundation. 15 | * 16 | * This program is distributed in the hope that it will be useful, 17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 19 | * GNU General Public License for more details. 20 | * 21 | * You should have received a copy of the GNU General Public License along 22 | * with this program; if not, write to the Free Software Foundation, Inc., 23 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 24 | */ 25 | 26 | #ifdef HAVE_CONFIG_H 27 | #include "config.h" 28 | #elif defined(_MSC_VER) 29 | #include "config-msvc.h" 30 | #endif 31 | 32 | #include "syshead.h" 33 | #include "console.h" 34 | #include "error.h" 35 | #include "buffer.h" 36 | #include "misc.h" 37 | 38 | #ifdef ENABLE_SYSTEMD 39 | #include 40 | #endif 41 | 42 | 43 | struct _query_user query_user[QUERY_USER_NUMSLOTS]; /* GLOBAL */ 44 | 45 | 46 | void 47 | query_user_clear(void) 48 | { 49 | int i; 50 | 51 | for (i = 0; i < QUERY_USER_NUMSLOTS; i++) 52 | { 53 | CLEAR(query_user[i]); 54 | } 55 | } 56 | 57 | 58 | void 59 | query_user_add(char *prompt, size_t prompt_len, 60 | char *resp, size_t resp_len, 61 | bool echo) 62 | { 63 | int i; 64 | 65 | /* Ensure input is sane. All these must be present otherwise it is 66 | * a programming error. 67 | */ 68 | ASSERT( prompt_len > 0 && prompt != NULL && resp_len > 0 && resp != NULL ); 69 | 70 | /* Seek to the last unused slot */ 71 | for (i = 0; i < QUERY_USER_NUMSLOTS; i++) 72 | { 73 | if (query_user[i].prompt == NULL) 74 | { 75 | break; 76 | } 77 | } 78 | ASSERT( i < QUERY_USER_NUMSLOTS ); /* Unlikely, but we want to panic if it happens */ 79 | 80 | /* Save the information needed for the user interaction */ 81 | query_user[i].prompt = prompt; 82 | query_user[i].prompt_len = prompt_len; 83 | query_user[i].response = resp; 84 | query_user[i].response_len = resp_len; 85 | query_user[i].echo = echo; 86 | } 87 | -------------------------------------------------------------------------------- /src/openvpn/cryptoapi.h: -------------------------------------------------------------------------------- 1 | #ifndef _CRYPTOAPI_H_ 2 | #define _CRYPTOAPI_H_ 3 | 4 | int SSL_CTX_use_CryptoAPI_certificate(SSL_CTX *ssl_ctx, const char *cert_prop); 5 | 6 | 7 | #endif /* !_CRYPTOAPI_H_ */ 8 | -------------------------------------------------------------------------------- /src/openvpn/fdmisc.c: -------------------------------------------------------------------------------- 1 | /* 2 | * OpenVPN -- An application to securely tunnel IP networks 3 | * over a single UDP port, with support for SSL/TLS-based 4 | * session authentication and key exchange, 5 | * packet encryption, packet authentication, and 6 | * packet compression. 7 | * 8 | * Copyright (C) 2002-2018 OpenVPN Inc 9 | * 10 | * This program is free software; you can redistribute it and/or modify 11 | * it under the terms of the GNU General Public License version 2 12 | * as published by the Free Software Foundation. 13 | * 14 | * This program is distributed in the hope that it will be useful, 15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | * GNU General Public License for more details. 18 | * 19 | * You should have received a copy of the GNU General Public License along 20 | * with this program; if not, write to the Free Software Foundation, Inc., 21 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 22 | */ 23 | 24 | #ifdef HAVE_CONFIG_H 25 | #include "config.h" 26 | #elif defined(_MSC_VER) 27 | #include "config-msvc.h" 28 | #endif 29 | 30 | #include "syshead.h" 31 | 32 | #include "fdmisc.h" 33 | #include "error.h" 34 | 35 | #include "memdbg.h" 36 | 37 | /* Set a file descriptor to non-blocking */ 38 | bool 39 | set_nonblock_action(int fd) 40 | { 41 | #ifdef _WIN32 42 | u_long arg = 1; 43 | if (ioctlsocket(fd, FIONBIO, &arg)) 44 | { 45 | return false; 46 | } 47 | #else /* ifdef _WIN32 */ 48 | if (fcntl(fd, F_SETFL, O_NONBLOCK) < 0) 49 | { 50 | return false; 51 | } 52 | #endif 53 | return true; 54 | } 55 | 56 | /* Set a file descriptor to not be passed across execs */ 57 | bool 58 | set_cloexec_action(int fd) 59 | { 60 | #ifndef _WIN32 61 | if (fcntl(fd, F_SETFD, FD_CLOEXEC) < 0) 62 | { 63 | return false; 64 | } 65 | #endif 66 | return true; 67 | } 68 | 69 | /* Set a file descriptor to non-blocking */ 70 | void 71 | set_nonblock(int fd) 72 | { 73 | if (!set_nonblock_action(fd)) 74 | { 75 | msg(M_ERR, "Set socket to non-blocking mode failed"); 76 | } 77 | } 78 | 79 | /* Set a file descriptor to not be passed across execs */ 80 | void 81 | set_cloexec(int fd) 82 | { 83 | if (!set_cloexec_action(fd)) 84 | { 85 | msg(M_ERR, "Set FD_CLOEXEC flag on file descriptor failed"); 86 | } 87 | } 88 | -------------------------------------------------------------------------------- /src/openvpn/fdmisc.h: -------------------------------------------------------------------------------- 1 | /* 2 | * OpenVPN -- An application to securely tunnel IP networks 3 | * over a single UDP port, with support for SSL/TLS-based 4 | * session authentication and key exchange, 5 | * packet encryption, packet authentication, and 6 | * packet compression. 7 | * 8 | * Copyright (C) 2002-2018 OpenVPN Inc 9 | * 10 | * This program is free software; you can redistribute it and/or modify 11 | * it under the terms of the GNU General Public License version 2 12 | * as published by the Free Software Foundation. 13 | * 14 | * This program is distributed in the hope that it will be useful, 15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | * GNU General Public License for more details. 18 | * 19 | * You should have received a copy of the GNU General Public License along 20 | * with this program; if not, write to the Free Software Foundation, Inc., 21 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 22 | */ 23 | 24 | #ifndef FD_MISC_H 25 | #define FD_MISC_H 26 | 27 | #include "basic.h" 28 | #include "error.h" 29 | #include "syshead.h" 30 | 31 | bool set_nonblock_action(int fd); 32 | 33 | bool set_cloexec_action(int fd); 34 | 35 | void set_nonblock(int fd); 36 | 37 | void set_cloexec(int fd); 38 | 39 | static inline void 40 | openvpn_fd_set(int fd, fd_set *setp) 41 | { 42 | #ifndef _WIN32 /* The Windows FD_SET() implementation does not overflow */ 43 | ASSERT(fd >= 0 && fd < FD_SETSIZE); 44 | #endif 45 | FD_SET(fd, setp); 46 | } 47 | #undef FD_SET /* prevent direct use of FD_SET() */ 48 | 49 | #endif /* FD_MISC_H */ 50 | -------------------------------------------------------------------------------- /src/openvpn/gremlin.h: -------------------------------------------------------------------------------- 1 | /* 2 | * OpenVPN -- An application to securely tunnel IP networks 3 | * over a single UDP port, with support for SSL/TLS-based 4 | * session authentication and key exchange, 5 | * packet encryption, packet authentication, and 6 | * packet compression. 7 | * 8 | * Copyright (C) 2002-2018 OpenVPN Inc 9 | * 10 | * This program is free software; you can redistribute it and/or modify 11 | * it under the terms of the GNU General Public License version 2 12 | * as published by the Free Software Foundation. 13 | * 14 | * This program is distributed in the hope that it will be useful, 15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | * GNU General Public License for more details. 18 | * 19 | * You should have received a copy of the GNU General Public License along 20 | * with this program; if not, write to the Free Software Foundation, Inc., 21 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 22 | */ 23 | 24 | #ifndef GREMLIN_H 25 | #define GREMLIN_H 26 | 27 | #ifdef ENABLE_DEBUG 28 | 29 | /* 30 | * Gremlin options, presented as bitmask argument to --gremlin directive 31 | */ 32 | 33 | #define GREMLIN_CONNECTION_FLOOD_SHIFT (0) 34 | #define GREMLIN_CONNECTION_FLOOD_MASK (0x07) 35 | 36 | #define GREMLIN_PACKET_FLOOD_SHIFT (3) 37 | #define GREMLIN_PACKET_FLOOD_MASK (0x03) 38 | 39 | #define GREMLIN_CORRUPT_SHIFT (5) 40 | #define GREMLIN_CORRUPT_MASK (0x03) 41 | 42 | #define GREMLIN_UP_DOWN_SHIFT (7) 43 | #define GREMLIN_UP_DOWN_MASK (0x03) 44 | 45 | /* 512:1/500 1024:1/100 1536:1/50 */ 46 | 47 | #define GREMLIN_DROP_SHIFT (9) 48 | #define GREMLIN_DROP_MASK (0x03) 49 | 50 | /* extract gremlin parms */ 51 | 52 | #define GREMLIN_CONNECTION_FLOOD_LEVEL(x) (((x)>>GREMLIN_CONNECTION_FLOOD_SHIFT) & GREMLIN_CONNECTION_FLOOD_MASK) 53 | #define GREMLIN_PACKET_FLOOD_LEVEL(x) (((x)>>GREMLIN_PACKET_FLOOD_SHIFT) & GREMLIN_PACKET_FLOOD_MASK) 54 | #define GREMLIN_CORRUPT_LEVEL(x) (((x)>>GREMLIN_CORRUPT_SHIFT) & GREMLIN_CORRUPT_MASK) 55 | #define GREMLIN_UP_DOWN_LEVEL(x) (((x)>>GREMLIN_UP_DOWN_SHIFT) & GREMLIN_UP_DOWN_MASK) 56 | #define GREMLIN_DROP_LEVEL(x) (((x)>>GREMLIN_DROP_SHIFT) & GREMLIN_DROP_MASK) 57 | 58 | #include "buffer.h" 59 | 60 | struct packet_flood_parms 61 | { 62 | int n_packets; 63 | int packet_size; 64 | }; 65 | 66 | bool ask_gremlin(int flags); 67 | 68 | void corrupt_gremlin(struct buffer *buf, int flags); 69 | 70 | struct packet_flood_parms get_packet_flood_parms(int level); 71 | 72 | #endif /* ifdef ENABLE_DEBUG */ 73 | #endif /* ifndef GREMLIN_H */ 74 | -------------------------------------------------------------------------------- /src/openvpn/helper.h: -------------------------------------------------------------------------------- 1 | /* 2 | * OpenVPN -- An application to securely tunnel IP networks 3 | * over a single TCP/UDP port, with support for SSL/TLS-based 4 | * session authentication and key exchange, 5 | * packet encryption, packet authentication, and 6 | * packet compression. 7 | * 8 | * Copyright (C) 2002-2018 OpenVPN Inc 9 | * 10 | * This program is free software; you can redistribute it and/or modify 11 | * it under the terms of the GNU General Public License version 2 12 | * as published by the Free Software Foundation. 13 | * 14 | * This program is distributed in the hope that it will be useful, 15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | * GNU General Public License for more details. 18 | * 19 | * You should have received a copy of the GNU General Public License along 20 | * with this program; if not, write to the Free Software Foundation, Inc., 21 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 22 | */ 23 | 24 | /* 25 | * Process helper directives such as server, client, and keepalive. 26 | */ 27 | 28 | #ifndef HELPER_H 29 | #define HELPER_H 30 | 31 | #include "options.h" 32 | 33 | void helper_keepalive(struct options *o); 34 | 35 | void helper_client_server(struct options *o); 36 | 37 | void helper_tcp_nodelay(struct options *o); 38 | 39 | #endif 40 | -------------------------------------------------------------------------------- /src/openvpn/httpdigest.h: -------------------------------------------------------------------------------- 1 | /* 2 | * OpenVPN -- An application to securely tunnel IP networks 3 | * over a single TCP/UDP port, with support for SSL/TLS-based 4 | * session authentication and key exchange, 5 | * packet encryption, packet authentication, and 6 | * packet compression. 7 | * 8 | * Copyright (C) 2002-2018 OpenVPN Inc 9 | * 10 | * This program is free software; you can redistribute it and/or modify 11 | * it under the terms of the GNU General Public License version 2 12 | * as published by the Free Software Foundation. 13 | * 14 | * This program is distributed in the hope that it will be useful, 15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | * GNU General Public License for more details. 18 | * 19 | * You should have received a copy of the GNU General Public License along 20 | * with this program; if not, write to the Free Software Foundation, Inc., 21 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 22 | */ 23 | 24 | #if PROXY_DIGEST_AUTH 25 | 26 | #define HASHLEN 16 27 | typedef unsigned char HASH[HASHLEN]; 28 | #define HASHHEXLEN 32 29 | typedef unsigned char HASHHEX[HASHHEXLEN+1]; 30 | #undef IN 31 | #undef OUT 32 | #define IN const 33 | #define OUT 34 | 35 | /* calculate H(A1) as per HTTP Digest spec */ 36 | void DigestCalcHA1( 37 | IN char *pszAlg, 38 | IN char *pszUserName, 39 | IN char *pszRealm, 40 | IN char *pszPassword, 41 | IN char *pszNonce, 42 | IN char *pszCNonce, 43 | OUT HASHHEX SessionKey 44 | ); 45 | 46 | /* calculate request-digest/response-digest as per HTTP Digest spec */ 47 | void DigestCalcResponse( 48 | IN HASHHEX HA1, /* H(A1) */ 49 | IN char *pszNonce, /* nonce from server */ 50 | IN char *pszNonceCount, /* 8 hex digits */ 51 | IN char *pszCNonce, /* client nonce */ 52 | IN char *pszQop, /* qop-value: "", "auth", "auth-int" */ 53 | IN char *pszMethod, /* method from the request */ 54 | IN char *pszDigestUri, /* requested URL */ 55 | IN HASHHEX HEntity, /* H(entity body) if qop="auth-int" */ 56 | OUT HASHHEX Response /* request-digest or response-digest */ 57 | ); 58 | 59 | #endif /* if PROXY_DIGEST_AUTH */ 60 | -------------------------------------------------------------------------------- /src/openvpn/interval.c: -------------------------------------------------------------------------------- 1 | /* 2 | * OpenVPN -- An application to securely tunnel IP networks 3 | * over a single TCP/UDP port, with support for SSL/TLS-based 4 | * session authentication and key exchange, 5 | * packet encryption, packet authentication, and 6 | * packet compression. 7 | * 8 | * Copyright (C) 2002-2018 OpenVPN Inc 9 | * 10 | * This program is free software; you can redistribute it and/or modify 11 | * it under the terms of the GNU General Public License version 2 12 | * as published by the Free Software Foundation. 13 | * 14 | * This program is distributed in the hope that it will be useful, 15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | * GNU General Public License for more details. 18 | * 19 | * You should have received a copy of the GNU General Public License along 20 | * with this program; if not, write to the Free Software Foundation, Inc., 21 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 22 | */ 23 | 24 | #ifdef HAVE_CONFIG_H 25 | #include "config.h" 26 | #elif defined(_MSC_VER) 27 | #include "config-msvc.h" 28 | #endif 29 | 30 | #include "syshead.h" 31 | 32 | #include "interval.h" 33 | 34 | #include "memdbg.h" 35 | 36 | void 37 | interval_init(struct interval *top, int horizon, int refresh) 38 | { 39 | CLEAR(*top); 40 | top->refresh = refresh; 41 | top->horizon = horizon; 42 | } 43 | 44 | bool 45 | event_timeout_trigger(struct event_timeout *et, 46 | struct timeval *tv, 47 | const int et_const_retry) 48 | { 49 | bool ret = false; 50 | const time_t local_now = now; 51 | 52 | if (et->defined) 53 | { 54 | time_t wakeup = et->last - local_now + et->n; 55 | if (wakeup <= 0) 56 | { 57 | #if INTERVAL_DEBUG 58 | dmsg(D_INTERVAL, "EVENT event_timeout_trigger (%d) etcr=%d", et->n, 59 | et_const_retry); 60 | #endif 61 | if (et_const_retry < 0) 62 | { 63 | et->last = local_now; 64 | wakeup = et->n; 65 | ret = true; 66 | } 67 | else 68 | { 69 | wakeup = et_const_retry; 70 | } 71 | } 72 | 73 | if (tv && wakeup < tv->tv_sec) 74 | { 75 | #if INTERVAL_DEBUG 76 | dmsg(D_INTERVAL, "EVENT event_timeout_wakeup (%d/%d) etcr=%d", 77 | (int) wakeup, et->n, et_const_retry); 78 | #endif 79 | tv->tv_sec = wakeup; 80 | tv->tv_usec = 0; 81 | } 82 | } 83 | return ret; 84 | } 85 | -------------------------------------------------------------------------------- /src/openvpn/lladdr.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Support routine for configuring link layer address 3 | */ 4 | 5 | #ifdef HAVE_CONFIG_H 6 | #include "config.h" 7 | #elif defined(_MSC_VER) 8 | #include "config-msvc.h" 9 | #endif 10 | 11 | #include "syshead.h" 12 | #include "error.h" 13 | #include "misc.h" 14 | 15 | int 16 | set_lladdr(const char *ifname, const char *lladdr, 17 | const struct env_set *es) 18 | { 19 | struct argv argv = argv_new(); 20 | int r; 21 | 22 | if (!ifname || !lladdr) 23 | { 24 | return -1; 25 | } 26 | 27 | #if defined(TARGET_LINUX) 28 | #ifdef ENABLE_IPROUTE 29 | argv_printf(&argv, 30 | "%s link set addr %s dev %s", 31 | iproute_path, lladdr, ifname); 32 | #else 33 | argv_printf(&argv, 34 | "%s %s hw ether %s", 35 | IFCONFIG_PATH, 36 | ifname, lladdr); 37 | #endif 38 | #elif defined(TARGET_SOLARIS) 39 | argv_printf(&argv, 40 | "%s %s ether %s", 41 | IFCONFIG_PATH, 42 | ifname, lladdr); 43 | #elif defined(TARGET_OPENBSD) 44 | argv_printf(&argv, 45 | "%s %s lladdr %s", 46 | IFCONFIG_PATH, 47 | ifname, lladdr); 48 | #elif defined(TARGET_DARWIN) 49 | argv_printf(&argv, 50 | "%s %s lladdr %s", 51 | IFCONFIG_PATH, 52 | ifname, lladdr); 53 | #elif defined(TARGET_FREEBSD) 54 | argv_printf(&argv, 55 | "%s %s ether %s", 56 | IFCONFIG_PATH, 57 | ifname, lladdr); 58 | #else /* if defined(TARGET_LINUX) */ 59 | msg(M_WARN, "Sorry, but I don't know how to configure link layer addresses on this operating system."); 60 | return -1; 61 | #endif /* if defined(TARGET_LINUX) */ 62 | 63 | argv_msg(M_INFO, &argv); 64 | r = openvpn_execve_check(&argv, es, M_WARN, "ERROR: Unable to set link layer address."); 65 | if (r) 66 | { 67 | msg(M_INFO, "TUN/TAP link layer address set to %s", lladdr); 68 | } 69 | 70 | argv_reset(&argv); 71 | return r; 72 | } 73 | -------------------------------------------------------------------------------- /src/openvpn/lladdr.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Support routine for configuring link layer address 3 | */ 4 | 5 | #include "misc.h" 6 | 7 | int set_lladdr(const char *ifname, const char *lladdr, 8 | const struct env_set *es); 9 | -------------------------------------------------------------------------------- /src/openvpn/mss.h: -------------------------------------------------------------------------------- 1 | /* 2 | * OpenVPN -- An application to securely tunnel IP networks 3 | * over a single TCP/UDP port, with support for SSL/TLS-based 4 | * session authentication and key exchange, 5 | * packet encryption, packet authentication, and 6 | * packet compression. 7 | * 8 | * Copyright (C) 2002-2018 OpenVPN Inc 9 | * 10 | * This program is free software; you can redistribute it and/or modify 11 | * it under the terms of the GNU General Public License version 2 12 | * as published by the Free Software Foundation. 13 | * 14 | * This program is distributed in the hope that it will be useful, 15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | * GNU General Public License for more details. 18 | * 19 | * You should have received a copy of the GNU General Public License along 20 | * with this program; if not, write to the Free Software Foundation, Inc., 21 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 22 | */ 23 | 24 | #ifndef MSS_H 25 | #define MSS_H 26 | 27 | #include "proto.h" 28 | #include "error.h" 29 | 30 | void mss_fixup_ipv4(struct buffer *buf, int maxmss); 31 | 32 | void mss_fixup_ipv6(struct buffer *buf, int maxmss); 33 | 34 | void mss_fixup_dowork(struct buffer *buf, uint16_t maxmss); 35 | 36 | #endif 37 | -------------------------------------------------------------------------------- /src/openvpn/mstats.h: -------------------------------------------------------------------------------- 1 | /* 2 | * OpenVPN -- An application to securely tunnel IP networks 3 | * over a single TCP/UDP port, with support for SSL/TLS-based 4 | * session authentication and key exchange, 5 | * packet encryption, packet authentication, and 6 | * packet compression. 7 | * 8 | * Copyright (C) 2002-2018 OpenVPN Inc 9 | * 10 | * This program is free software; you can redistribute it and/or modify 11 | * it under the terms of the GNU General Public License version 2 12 | * as published by the Free Software Foundation. 13 | * 14 | * This program is distributed in the hope that it will be useful, 15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | * GNU General Public License for more details. 18 | * 19 | * You should have received a copy of the GNU General Public License along 20 | * with this program; if not, write to the Free Software Foundation, Inc., 21 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 22 | */ 23 | 24 | /* 25 | * Maintain usage stats in a memory-mapped file 26 | */ 27 | 28 | #if !defined(OPENVPN_MEMSTATS_H) && defined(ENABLE_MEMSTATS) 29 | #define OPENVPN_MEMSTATS_H 30 | 31 | #include "basic.h" 32 | 33 | /* this struct is mapped to the file */ 34 | struct mmap_stats { 35 | counter_type link_read_bytes; /* counter_type can be assumed to be a uint64_t */ 36 | counter_type link_write_bytes; 37 | int n_clients; 38 | 39 | #define MSTATS_UNDEF 0 40 | #define MSTATS_ACTIVE 1 41 | #define MSTATS_EXPIRED 2 42 | int state; 43 | }; 44 | 45 | extern volatile struct mmap_stats *mmap_stats; /* GLOBAL */ 46 | 47 | void mstats_open(const char *fn); 48 | 49 | void mstats_close(void); 50 | 51 | #endif /* if !defined(OPENVPN_MEMSTATS_H) && defined(ENABLE_MEMSTATS) */ 52 | -------------------------------------------------------------------------------- /src/openvpn/mtcp.h: -------------------------------------------------------------------------------- 1 | /* 2 | * OpenVPN -- An application to securely tunnel IP networks 3 | * over a single TCP/UDP port, with support for SSL/TLS-based 4 | * session authentication and key exchange, 5 | * packet encryption, packet authentication, and 6 | * packet compression. 7 | * 8 | * Copyright (C) 2002-2018 OpenVPN Inc 9 | * 10 | * This program is free software; you can redistribute it and/or modify 11 | * it under the terms of the GNU General Public License version 2 12 | * as published by the Free Software Foundation. 13 | * 14 | * This program is distributed in the hope that it will be useful, 15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | * GNU General Public License for more details. 18 | * 19 | * You should have received a copy of the GNU General Public License along 20 | * with this program; if not, write to the Free Software Foundation, Inc., 21 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 22 | */ 23 | 24 | /* 25 | * TCP specific code for --mode server 26 | */ 27 | 28 | #ifndef MTCP_H 29 | #define MTCP_H 30 | 31 | #if P2MP_SERVER 32 | 33 | #include "event.h" 34 | 35 | /* 36 | * Extra state info needed for TCP mode 37 | */ 38 | struct multi_tcp 39 | { 40 | struct event_set *es; 41 | struct event_set_return *esr; 42 | int n_esr; 43 | int maxevents; 44 | unsigned int tun_rwflags; 45 | #ifdef ENABLE_MANAGEMENT 46 | unsigned int management_persist_flags; 47 | #endif 48 | }; 49 | 50 | struct multi_instance; 51 | struct context; 52 | 53 | struct multi_tcp *multi_tcp_init(int maxevents, int *maxclients); 54 | 55 | void multi_tcp_free(struct multi_tcp *mtcp); 56 | 57 | void multi_tcp_dereference_instance(struct multi_tcp *mtcp, struct multi_instance *mi); 58 | 59 | bool multi_tcp_instance_specific_init(struct multi_context *m, struct multi_instance *mi); 60 | 61 | void multi_tcp_instance_specific_free(struct multi_instance *mi); 62 | 63 | void multi_tcp_link_out_deferred(struct multi_context *m, struct multi_instance *mi); 64 | 65 | 66 | /**************************************************************************/ 67 | /** 68 | * Main event loop for OpenVPN in TCP server mode. 69 | * @ingroup eventloop 70 | * 71 | * @param top - Top-level context structure. 72 | */ 73 | void tunnel_server_tcp(struct context *top); 74 | 75 | 76 | void multi_tcp_delete_event(struct multi_tcp *mtcp, event_t event); 77 | 78 | #endif /* if P2MP_SERVER */ 79 | #endif /* ifndef MTCP_H */ 80 | -------------------------------------------------------------------------------- /src/openvpn/mudp.h: -------------------------------------------------------------------------------- 1 | /* 2 | * OpenVPN -- An application to securely tunnel IP networks 3 | * over a single TCP/UDP port, with support for SSL/TLS-based 4 | * session authentication and key exchange, 5 | * packet encryption, packet authentication, and 6 | * packet compression. 7 | * 8 | * Copyright (C) 2002-2018 OpenVPN Inc 9 | * 10 | * This program is free software; you can redistribute it and/or modify 11 | * it under the terms of the GNU General Public License version 2 12 | * as published by the Free Software Foundation. 13 | * 14 | * This program is distributed in the hope that it will be useful, 15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | * GNU General Public License for more details. 18 | * 19 | * You should have received a copy of the GNU General Public License along 20 | * with this program; if not, write to the Free Software Foundation, Inc., 21 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 22 | */ 23 | 24 | /* 25 | * UDP specific code for --mode server 26 | */ 27 | 28 | #ifndef MUDP_H 29 | #define MUDP_H 30 | 31 | #if P2MP_SERVER 32 | 33 | struct context; 34 | struct multi_context; 35 | 36 | 37 | /**************************************************************************/ 38 | /** 39 | * Main event loop wrapper function for OpenVPN in UDP server mode. 40 | * @ingroup eventloop 41 | * 42 | * This function simply calls \c tunnel_server_udp_single_threaded(). 43 | * 44 | * @param top - Top-level context structure. 45 | */ 46 | void tunnel_server_udp(struct context *top); 47 | 48 | 49 | /**************************************************************************/ 50 | /** 51 | * Get, and if necessary create, the multi_instance associated with a 52 | * packet's source address. 53 | * @ingroup external_multiplexer 54 | * 55 | * This function extracts the source address of a recently read packet 56 | * from \c m->top.c2.from and uses that source address as a hash key for 57 | * the hash table \c m->hash. If an entry exists, this function returns 58 | * it. If no entry exists, this function handles its creation, and if 59 | * successful, returns the newly created instance. 60 | * 61 | * @param m - The single multi_context structure. 62 | * 63 | * @return A pointer to a multi_instance if one already existed for the 64 | * packet's source address or if one was a newly created successfully. 65 | * NULL if one did not yet exist and a new one was not created. 66 | */ 67 | struct multi_instance *multi_get_create_instance_udp(struct multi_context *m, bool *floated); 68 | 69 | #endif 70 | #endif 71 | -------------------------------------------------------------------------------- /src/openvpn/ntlm.h: -------------------------------------------------------------------------------- 1 | #ifndef NTLM_H 2 | #define NTLM_H 3 | 4 | #if NTLM 5 | 6 | const char *ntlm_phase_1(const struct http_proxy_info *p, struct gc_arena *gc); 7 | 8 | const char *ntlm_phase_3(const struct http_proxy_info *p, const char *phase_2, struct gc_arena *gc); 9 | 10 | #endif 11 | 12 | #endif 13 | -------------------------------------------------------------------------------- /src/openvpn/openvpn_win32_resources.rc: -------------------------------------------------------------------------------- 1 | #ifdef HAVE_CONFIG_H 2 | #include 3 | #else 4 | #include 5 | #endif 6 | #include 7 | 8 | #pragma code_page(65001) /* UTF8 */ 9 | 10 | LANGUAGE LANG_NEUTRAL, SUBLANG_NEUTRAL 11 | 12 | VS_VERSION_INFO VERSIONINFO 13 | FILEVERSION OPENVPN_VERSION_RESOURCE 14 | PRODUCTVERSION OPENVPN_VERSION_RESOURCE 15 | FILEFLAGSMASK 0x3fL 16 | #ifdef _DEBUG 17 | FILEFLAGS 0x1L 18 | #else 19 | FILEFLAGS 0x0L 20 | #endif 21 | FILEOS 0x40004L 22 | FILETYPE VFT_APP 23 | FILESUBTYPE 0x0L 24 | BEGIN 25 | BLOCK "StringFileInfo" 26 | BEGIN 27 | BLOCK "040904b0" 28 | BEGIN 29 | VALUE "CompanyName", "The OpenVPN Project" 30 | VALUE "FileDescription", "OpenVPN Daemon" 31 | VALUE "FileVersion", PACKAGE_VERSION ".0" 32 | VALUE "InternalName", "OpenVPN" 33 | VALUE "LegalCopyright", "Copyright © The OpenVPN Project" 34 | VALUE "OriginalFilename", "openvpn.exe" 35 | VALUE "ProductName", "OpenVPN" 36 | VALUE "ProductVersion", PACKAGE_VERSION ".0" 37 | END 38 | END 39 | BLOCK "VarFileInfo" 40 | BEGIN 41 | VALUE "Translation", 0x409, 1200 42 | END 43 | END 44 | -------------------------------------------------------------------------------- /src/openvpn/pf-inline.h: -------------------------------------------------------------------------------- 1 | /* 2 | * OpenVPN -- An application to securely tunnel IP networks 3 | * over a single TCP/UDP port, with support for SSL/TLS-based 4 | * session authentication and key exchange, 5 | * packet encryption, packet authentication, and 6 | * packet compression. 7 | * 8 | * Copyright (C) 2002-2018 OpenVPN Inc 9 | * 10 | * This program is free software; you can redistribute it and/or modify 11 | * it under the terms of the GNU General Public License version 2 12 | * as published by the Free Software Foundation. 13 | * 14 | * This program is distributed in the hope that it will be useful, 15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | * GNU General Public License for more details. 18 | * 19 | * You should have received a copy of the GNU General Public License along 20 | * with this program; if not, write to the Free Software Foundation, Inc., 21 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 22 | */ 23 | 24 | #if defined(ENABLE_PF) && !defined(PF_INLINE_H) 25 | #define PF_INLINE_H 26 | 27 | /* 28 | * Inline functions 29 | */ 30 | 31 | #define PCT_SRC 1 32 | #define PCT_DEST 2 33 | static inline bool 34 | pf_c2c_test(const struct context *src, const struct context *dest, const char *prefix) 35 | { 36 | bool pf_cn_test(struct pf_set *pfs, const struct tls_multi *tm, const int type, const char *prefix); 37 | 38 | return (!src->c2.pf.enabled || pf_cn_test(src->c2.pf.pfs, dest->c2.tls_multi, PCT_DEST, prefix)) 39 | && (!dest->c2.pf.enabled || pf_cn_test(dest->c2.pf.pfs, src->c2.tls_multi, PCT_SRC, prefix)); 40 | } 41 | 42 | static inline bool 43 | pf_addr_test(const struct context *src, const struct mroute_addr *dest, const char *prefix) 44 | { 45 | bool pf_addr_test_dowork(const struct context *src, const struct mroute_addr *dest, const char *prefix); 46 | 47 | if (src->c2.pf.enabled) 48 | { 49 | return pf_addr_test_dowork(src, dest, prefix); 50 | } 51 | else 52 | { 53 | return true; 54 | } 55 | } 56 | 57 | static inline bool 58 | pf_kill_test(const struct pf_set *pfs) 59 | { 60 | return pfs->kill; 61 | } 62 | 63 | #endif /* if defined(ENABLE_PF) && !defined(PF_INLINE_H) */ 64 | -------------------------------------------------------------------------------- /src/openvpn/ping-inline.h: -------------------------------------------------------------------------------- 1 | /* 2 | * OpenVPN -- An application to securely tunnel IP networks 3 | * over a single TCP/UDP port, with support for SSL/TLS-based 4 | * session authentication and key exchange, 5 | * packet encryption, packet authentication, and 6 | * packet compression. 7 | * 8 | * Copyright (C) 2002-2018 OpenVPN Inc 9 | * 10 | * This program is free software; you can redistribute it and/or modify 11 | * it under the terms of the GNU General Public License version 2 12 | * as published by the Free Software Foundation. 13 | * 14 | * This program is distributed in the hope that it will be useful, 15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | * GNU General Public License for more details. 18 | * 19 | * You should have received a copy of the GNU General Public License along 20 | * with this program; if not, write to the Free Software Foundation, Inc., 21 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 22 | */ 23 | 24 | #ifndef PING_INLINE_H 25 | #define PING_INLINE_H 26 | 27 | /* 28 | * Should we exit or restart due to ping (or other authenticated packet) 29 | * not received in n seconds? 30 | */ 31 | static inline void 32 | check_ping_restart(struct context *c) 33 | { 34 | void check_ping_restart_dowork(struct context *c); 35 | 36 | if (c->options.ping_rec_timeout 37 | && event_timeout_trigger(&c->c2.ping_rec_interval, 38 | &c->c2.timeval, 39 | (!c->options.ping_timer_remote 40 | || link_socket_actual_defined(&c->c1.link_socket_addr.actual)) 41 | ? ETT_DEFAULT : 15)) 42 | { 43 | check_ping_restart_dowork(c); 44 | } 45 | } 46 | 47 | /* 48 | * Should we ping the remote? 49 | */ 50 | static inline void 51 | check_ping_send(struct context *c) 52 | { 53 | void check_ping_send_dowork(struct context *c); 54 | 55 | if (c->options.ping_send_timeout 56 | && event_timeout_trigger(&c->c2.ping_send_interval, 57 | &c->c2.timeval, 58 | !TO_LINK_DEF(c) ? ETT_DEFAULT : 1)) 59 | { 60 | check_ping_send_dowork(c); 61 | } 62 | } 63 | 64 | #endif /* ifndef PING_INLINE_H */ 65 | -------------------------------------------------------------------------------- /src/openvpn/ping.h: -------------------------------------------------------------------------------- 1 | /* 2 | * OpenVPN -- An application to securely tunnel IP networks 3 | * over a single TCP/UDP port, with support for SSL/TLS-based 4 | * session authentication and key exchange, 5 | * packet encryption, packet authentication, and 6 | * packet compression. 7 | * 8 | * Copyright (C) 2002-2018 OpenVPN Inc 9 | * 10 | * This program is free software; you can redistribute it and/or modify 11 | * it under the terms of the GNU General Public License version 2 12 | * as published by the Free Software Foundation. 13 | * 14 | * This program is distributed in the hope that it will be useful, 15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | * GNU General Public License for more details. 18 | * 19 | * You should have received a copy of the GNU General Public License along 20 | * with this program; if not, write to the Free Software Foundation, Inc., 21 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 22 | */ 23 | 24 | #ifndef PING_H 25 | #define PING_H 26 | 27 | #include "init.h" 28 | #include "forward.h" 29 | 30 | /* 31 | * Initial default --ping-restart before --pull 32 | */ 33 | #define PRE_PULL_INITIAL_PING_RESTART 120 /* in seconds */ 34 | 35 | extern const uint8_t ping_string[]; 36 | 37 | /* PING_STRING_SIZE must be sizeof (ping_string) */ 38 | #define PING_STRING_SIZE 16 39 | 40 | static inline bool 41 | is_ping_msg(const struct buffer *buf) 42 | { 43 | return buf_string_match(buf, ping_string, PING_STRING_SIZE); 44 | } 45 | 46 | #endif 47 | -------------------------------------------------------------------------------- /src/openvpn/pkcs11.h: -------------------------------------------------------------------------------- 1 | /* 2 | * OpenVPN -- An application to securely tunnel IP networks 3 | * over a single TCP/UDP port, with support for SSL/TLS-based 4 | * session authentication and key exchange, 5 | * packet encryption, packet authentication, and 6 | * packet compression. 7 | * 8 | * Copyright (C) 2002-2018 OpenVPN Inc 9 | * 10 | * This program is free software; you can redistribute it and/or modify 11 | * it under the terms of the GNU General Public License version 2 12 | * as published by the Free Software Foundation. 13 | * 14 | * This program is distributed in the hope that it will be useful, 15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | * GNU General Public License for more details. 18 | * 19 | * You should have received a copy of the GNU General Public License along 20 | * with this program; if not, write to the Free Software Foundation, Inc., 21 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 22 | */ 23 | 24 | #ifndef OPENVPN_PKCS11_H 25 | #define OPENVPN_PKCS11_H 26 | 27 | #if defined(ENABLE_PKCS11) 28 | 29 | #include "ssl_common.h" 30 | 31 | bool 32 | pkcs11_initialize( 33 | const bool fProtectedAuthentication, 34 | const int nPINCachePeriod 35 | ); 36 | 37 | void 38 | pkcs11_terminate(); 39 | 40 | bool 41 | pkcs11_addProvider( 42 | const char *const provider, 43 | const bool fProtectedAuthentication, 44 | const unsigned private_mode, 45 | const bool fCertIsPrivate 46 | ); 47 | 48 | int 49 | pkcs11_logout(); 50 | 51 | int 52 | pkcs11_management_id_count(); 53 | 54 | bool 55 | pkcs11_management_id_get( 56 | const int index, 57 | char **id, 58 | char **base64 59 | ); 60 | 61 | int 62 | tls_ctx_use_pkcs11( 63 | struct tls_root_ctx *const ssl_ctx, 64 | bool pkcs11_id_management, 65 | const char *const pkcs11_id 66 | ); 67 | 68 | void 69 | show_pkcs11_ids( 70 | const char *const provider, 71 | bool cert_private 72 | ); 73 | 74 | #endif /* ENABLE_PKCS11 */ 75 | 76 | #endif /* OPENVPN_PKCS11H_H */ 77 | -------------------------------------------------------------------------------- /src/openvpn/ps.h: -------------------------------------------------------------------------------- 1 | /* 2 | * OpenVPN -- An application to securely tunnel IP networks 3 | * over a single TCP/UDP port, with support for SSL/TLS-based 4 | * session authentication and key exchange, 5 | * packet encryption, packet authentication, and 6 | * packet compression. 7 | * 8 | * Copyright (C) 2002-2018 OpenVPN Inc 9 | * 10 | * This program is free software; you can redistribute it and/or modify 11 | * it under the terms of the GNU General Public License version 2 12 | * as published by the Free Software Foundation. 13 | * 14 | * This program is distributed in the hope that it will be useful, 15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | * GNU General Public License for more details. 18 | * 19 | * You should have received a copy of the GNU General Public License along 20 | * with this program; if not, write to the Free Software Foundation, Inc., 21 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 22 | */ 23 | 24 | #ifndef PS_H 25 | #define PS_H 26 | 27 | #if PORT_SHARE 28 | 29 | #include "basic.h" 30 | #include "buffer.h" 31 | #include "ssl.h" 32 | 33 | typedef void (*post_fork_cleanup_func_t)(void *arg); 34 | 35 | struct port_share { 36 | /* Foreground's socket to background process */ 37 | socket_descriptor_t foreground_fd; 38 | 39 | /* Process ID of background process */ 40 | pid_t background_pid; 41 | }; 42 | 43 | extern struct port_share *port_share; 44 | 45 | struct port_share *port_share_open(const char *host, 46 | const char *port, 47 | const int max_initial_buf, 48 | const char *journal_dir); 49 | 50 | void port_share_close(struct port_share *ps); 51 | 52 | void port_share_abort(struct port_share *ps); 53 | 54 | bool is_openvpn_protocol(const struct buffer *buf); 55 | 56 | void port_share_redirect(struct port_share *ps, const struct buffer *head, socket_descriptor_t sd); 57 | 58 | #endif /* if PORT_SHARE */ 59 | #endif /* ifndef PS_H */ 60 | -------------------------------------------------------------------------------- /src/openvpn/pushlist.h: -------------------------------------------------------------------------------- 1 | /* 2 | * OpenVPN -- An application to securely tunnel IP networks 3 | * over a single TCP/UDP port, with support for SSL/TLS-based 4 | * session authentication and key exchange, 5 | * packet encryption, packet authentication, and 6 | * packet compression. 7 | * 8 | * Copyright (C) 2002-2018 OpenVPN Inc 9 | * 10 | * This program is free software; you can redistribute it and/or modify 11 | * it under the terms of the GNU General Public License version 2 12 | * as published by the Free Software Foundation. 13 | * 14 | * This program is distributed in the hope that it will be useful, 15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | * GNU General Public License for more details. 18 | * 19 | * You should have received a copy of the GNU General Public License along 20 | * with this program; if not, write to the Free Software Foundation, Inc., 21 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 22 | */ 23 | 24 | #if !defined(PUSHLIST_H) && P2MP && P2MP_SERVER 25 | #define PUSHLIST_H 26 | 27 | /* parameters to be pushed to peer */ 28 | 29 | struct push_entry { 30 | struct push_entry *next; 31 | bool enable; 32 | const char *option; 33 | }; 34 | 35 | struct push_list { 36 | struct push_entry *head; 37 | struct push_entry *tail; 38 | }; 39 | 40 | 41 | #endif 42 | -------------------------------------------------------------------------------- /src/openvpn/session_id.c: -------------------------------------------------------------------------------- 1 | /* 2 | * OpenVPN -- An application to securely tunnel IP networks 3 | * over a single UDP port, with support for SSL/TLS-based 4 | * session authentication and key exchange, 5 | * packet encryption, packet authentication, and 6 | * packet compression. 7 | * 8 | * Copyright (C) 2002-2018 OpenVPN Inc 9 | * 10 | * This program is free software; you can redistribute it and/or modify 11 | * it under the terms of the GNU General Public License version 2 12 | * as published by the Free Software Foundation. 13 | * 14 | * This program is distributed in the hope that it will be useful, 15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | * GNU General Public License for more details. 18 | * 19 | * You should have received a copy of the GNU General Public License along 20 | * with this program; if not, write to the Free Software Foundation, Inc., 21 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 22 | */ 23 | 24 | /* 25 | * Each session is identified by a random 8-byte session identifier. 26 | * 27 | * For efficiency, the session id is only transmitted over the control 28 | * channel (which only sees traffic occasionally when keys are being 29 | * negotiated). The data channel sees a smaller version of the session-id -- 30 | * it is called the key_id and is currently 2 bits long. 31 | */ 32 | 33 | #ifdef HAVE_CONFIG_H 34 | #include "config.h" 35 | #elif defined(_MSC_VER) 36 | #include "config-msvc.h" 37 | #endif 38 | 39 | #include "syshead.h" 40 | 41 | #ifdef ENABLE_CRYPTO 42 | 43 | #include "error.h" 44 | #include "common.h" 45 | #include "crypto.h" 46 | #include "session_id.h" 47 | 48 | #include "memdbg.h" 49 | 50 | const struct session_id x_session_id_zero; 51 | 52 | void 53 | session_id_random(struct session_id *sid) 54 | { 55 | prng_bytes(sid->id, SID_SIZE); 56 | } 57 | 58 | const char * 59 | session_id_print(const struct session_id *sid, struct gc_arena *gc) 60 | { 61 | return format_hex(sid->id, SID_SIZE, 0, gc); 62 | } 63 | 64 | #else /* ifdef ENABLE_CRYPTO */ 65 | static void 66 | dummy(void) 67 | { 68 | } 69 | #endif /* ENABLE_CRYPTO */ 70 | -------------------------------------------------------------------------------- /src/openvpn/session_id.h: -------------------------------------------------------------------------------- 1 | /* 2 | * OpenVPN -- An application to securely tunnel IP networks 3 | * over a single UDP port, with support for SSL/TLS-based 4 | * session authentication and key exchange, 5 | * packet encryption, packet authentication, and 6 | * packet compression. 7 | * 8 | * Copyright (C) 2002-2018 OpenVPN Inc 9 | * 10 | * This program is free software; you can redistribute it and/or modify 11 | * it under the terms of the GNU General Public License version 2 12 | * as published by the Free Software Foundation. 13 | * 14 | * This program is distributed in the hope that it will be useful, 15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | * GNU General Public License for more details. 18 | * 19 | * You should have received a copy of the GNU General Public License along 20 | * with this program; if not, write to the Free Software Foundation, Inc., 21 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 22 | */ 23 | 24 | /* 25 | * Each session is identified by a random 8-byte session identifier. 26 | * 27 | * For efficiency, the session id is only transmitted over the control 28 | * channel (which only sees traffic occasionally when keys are being 29 | * negotiated). 30 | */ 31 | 32 | #ifdef ENABLE_CRYPTO 33 | 34 | #ifndef SESSION_ID_H 35 | #define SESSION_ID_H 36 | 37 | #include "basic.h" 38 | #include "buffer.h" 39 | 40 | struct session_id 41 | { 42 | uint8_t id[8]; 43 | }; 44 | 45 | extern const struct session_id x_session_id_zero; 46 | 47 | #define SID_SIZE (sizeof(x_session_id_zero.id)) 48 | 49 | static inline bool 50 | session_id_equal(const struct session_id *sid1, 51 | const struct session_id *sid2) 52 | { 53 | return !memcmp(sid1->id, sid2->id, SID_SIZE); 54 | } 55 | 56 | static inline bool 57 | session_id_defined(const struct session_id *sid1) 58 | { 59 | return memcmp(sid1->id, &x_session_id_zero.id, SID_SIZE) != 0; 60 | } 61 | 62 | static inline bool 63 | session_id_read(struct session_id *sid, struct buffer *buf) 64 | { 65 | return buf_read(buf, sid->id, SID_SIZE); 66 | } 67 | 68 | static inline bool 69 | session_id_write_prepend(const struct session_id *sid, struct buffer *buf) 70 | { 71 | return buf_write_prepend(buf, sid->id, SID_SIZE); 72 | } 73 | 74 | static inline bool 75 | session_id_write(const struct session_id *sid, struct buffer *buf) 76 | { 77 | return buf_write(buf, sid->id, SID_SIZE); 78 | } 79 | 80 | void session_id_random(struct session_id *sid); 81 | 82 | const char *session_id_print(const struct session_id *sid, struct gc_arena *gc); 83 | 84 | #endif /* SESSION_ID_H */ 85 | #endif /* ENABLE_CRYPTO */ 86 | -------------------------------------------------------------------------------- /src/openvpn/ssl_openssl.h: -------------------------------------------------------------------------------- 1 | /* 2 | * OpenVPN -- An application to securely tunnel IP networks 3 | * over a single TCP/UDP port, with support for SSL/TLS-based 4 | * session authentication and key exchange, 5 | * packet encryption, packet authentication, and 6 | * packet compression. 7 | * 8 | * Copyright (C) 2002-2018 OpenVPN Inc 9 | * Copyright (C) 2010-2018 Fox Crypto B.V. 10 | * 11 | * This program is free software; you can redistribute it and/or modify 12 | * it under the terms of the GNU General Public License version 2 13 | * as published by the Free Software Foundation. 14 | * 15 | * This program is distributed in the hope that it will be useful, 16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18 | * GNU General Public License for more details. 19 | * 20 | * You should have received a copy of the GNU General Public License along 21 | * with this program; if not, write to the Free Software Foundation, Inc., 22 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 23 | */ 24 | 25 | /** 26 | * @file Control Channel OpenSSL Backend 27 | */ 28 | 29 | #ifndef SSL_OPENSSL_H_ 30 | #define SSL_OPENSSL_H_ 31 | 32 | #include 33 | 34 | /** 35 | * SSL_OP_NO_TICKET tells OpenSSL to disable "stateless session resumption", 36 | * as this is something we do not want nor need, but could potentially be 37 | * used for a future attack. For compatibility reasons we keep building if the 38 | * OpenSSL version is too old (pre-0.9.8f) to support stateless session 39 | * resumption (and the accompanying SSL_OP_NO_TICKET flag). 40 | */ 41 | #ifndef SSL_OP_NO_TICKET 42 | #define SSL_OP_NO_TICKET 0 43 | #endif 44 | 45 | /** 46 | * Structure that wraps the TLS context. Contents differ depending on the 47 | * SSL library used. 48 | */ 49 | struct tls_root_ctx { 50 | SSL_CTX *ctx; 51 | time_t crl_last_mtime; 52 | off_t crl_last_size; 53 | }; 54 | 55 | struct key_state_ssl { 56 | SSL *ssl; /* SSL object -- new obj created for each new key */ 57 | BIO *ssl_bio; /* read/write plaintext from here */ 58 | BIO *ct_in; /* write ciphertext to here */ 59 | BIO *ct_out; /* read ciphertext from here */ 60 | }; 61 | 62 | /** 63 | * Allocate space in SSL objects in which to store a struct tls_session 64 | * pointer back to parent. 65 | */ 66 | extern int mydata_index; /* GLOBAL */ 67 | 68 | void openssl_set_mydata_index(void); 69 | 70 | #endif /* SSL_OPENSSL_H_ */ 71 | -------------------------------------------------------------------------------- /src/openvpnserv/Makefile.am: -------------------------------------------------------------------------------- 1 | # 2 | # OpenVPN -- An application to securely tunnel IP networks 3 | # over a single UDP port, with support for SSL/TLS-based 4 | # session authentication and key exchange, 5 | # packet encryption, packet authentication, and 6 | # packet compression. 7 | # 8 | # Copyright (C) 2002-2018 OpenVPN Inc 9 | # Copyright (C) 2006-2012 Alon Bar-Lev 10 | # 11 | 12 | include $(top_srcdir)/build/ltrc.inc 13 | 14 | MAINTAINERCLEANFILES = $(srcdir)/Makefile.in 15 | 16 | EXTRA_DIST = \ 17 | openvpnserv.vcxproj \ 18 | openvpnserv.vcxproj.filters 19 | 20 | AM_CPPFLAGS = \ 21 | -I$(top_srcdir)/include -I$(top_srcdir)/src/openvpn -I$(top_srcdir)/src/compat 22 | 23 | if WIN32 24 | sbin_PROGRAMS = openvpnserv 25 | openvpnserv_CFLAGS = \ 26 | -municode -D_UNICODE \ 27 | -UNTDDI_VERSION -U_WIN32_WINNT \ 28 | -D_WIN32_WINNT=_WIN32_WINNT_VISTA 29 | openvpnserv_LDADD = -ladvapi32 -luserenv -liphlpapi -lfwpuclnt -lrpcrt4 -lshlwapi -lnetapi32 -lws2_32 -lntdll 30 | endif 31 | 32 | openvpnserv_SOURCES = \ 33 | common.c \ 34 | automatic.c \ 35 | interactive.c \ 36 | service.c service.h \ 37 | validate.c validate.h \ 38 | $(top_srcdir)/src/openvpn/block_dns.c $(top_srcdir)/src/openvpn/block_dns.h \ 39 | openvpnserv_resources.rc 40 | -------------------------------------------------------------------------------- /src/openvpnserv/openvpnserv.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav 15 | 16 | 17 | 18 | 19 | Source Files 20 | 21 | 22 | Source Files 23 | 24 | 25 | 26 | 27 | Header Files 28 | 29 | 30 | 31 | 32 | Resource Files 33 | 34 | 35 | -------------------------------------------------------------------------------- /src/openvpnserv/openvpnserv_resources.rc: -------------------------------------------------------------------------------- 1 | #ifdef HAVE_CONFIG_H 2 | #include 3 | #else 4 | #include 5 | #endif 6 | #include 7 | 8 | #pragma code_page(65001) /* UTF8 */ 9 | 10 | LANGUAGE LANG_NEUTRAL, SUBLANG_NEUTRAL 11 | 12 | VS_VERSION_INFO VERSIONINFO 13 | FILEVERSION OPENVPN_VERSION_RESOURCE 14 | PRODUCTVERSION OPENVPN_VERSION_RESOURCE 15 | FILEFLAGSMASK 0x3fL 16 | #ifdef _DEBUG 17 | FILEFLAGS 0x1L 18 | #else 19 | FILEFLAGS 0x0L 20 | #endif 21 | FILEOS 0x40004L 22 | FILETYPE VFT_APP 23 | FILESUBTYPE 0x0L 24 | BEGIN 25 | BLOCK "StringFileInfo" 26 | BEGIN 27 | BLOCK "040904b0" 28 | BEGIN 29 | VALUE "CompanyName", "The OpenVPN Project" 30 | VALUE "FileDescription", "OpenVPN Service" 31 | VALUE "FileVersion", PACKAGE_VERSION ".0" 32 | VALUE "InternalName", "OpenVPN" 33 | VALUE "LegalCopyright", "Copyright © The OpenVPN Project" 34 | VALUE "OriginalFilename", "openvpnserv.exe" 35 | VALUE "ProductName", "OpenVPN" 36 | VALUE "ProductVersion", PACKAGE_VERSION ".0" 37 | END 38 | END 39 | BLOCK "VarFileInfo" 40 | BEGIN 41 | VALUE "Translation", 0x409, 1200 42 | END 43 | END 44 | -------------------------------------------------------------------------------- /src/openvpnserv/validate.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * OpenVPN -- An application to securely tunnel IP networks 4 | * over a single TCP/UDP port, with support for SSL/TLS-based 5 | * session authentication and key exchange, 6 | * packet encryption, packet authentication, and 7 | * packet compression. 8 | * 9 | * Copyright (C) 2016 Selva Nair 10 | * 11 | * This program is free software; you can redistribute it and/or modify 12 | * it under the terms of the GNU General Public License version 2 13 | * as published by the Free Software Foundation. 14 | * 15 | * This program is distributed in the hope that it will be useful, 16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18 | * GNU General Public License for more details. 19 | * 20 | * You should have received a copy of the GNU General Public License along 21 | * with this program; if not, write to the Free Software Foundation, Inc., 22 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 23 | */ 24 | 25 | #ifndef VALIDATE_H 26 | #define VALIDATE_H 27 | 28 | #include "service.h" 29 | 30 | /* Authorized groups who can use any options and config locations */ 31 | #define SYSTEM_ADMIN_GROUP TEXT("Administrators") 32 | #define OVPN_ADMIN_GROUP TEXT("OpenVPN Administrators") 33 | /* The last one may be reset in registry: HKLM\Software\OpenVPN\ovpn_admin_group */ 34 | 35 | BOOL 36 | IsAuthorizedUser(PSID sid, const HANDLE token, const WCHAR *ovpn_admin_group); 37 | 38 | BOOL 39 | CheckOption(const WCHAR *workdir, int narg, WCHAR *argv[], const settings_t *s); 40 | 41 | static inline BOOL 42 | IsOption(const WCHAR *o) 43 | { 44 | return (wcsncmp(o, L"--", 2) == 0); 45 | } 46 | 47 | #endif /* ifndef VALIDATE_H */ 48 | -------------------------------------------------------------------------------- /src/plugins/Makefile.am: -------------------------------------------------------------------------------- 1 | # 2 | # OpenVPN -- An application to securely tunnel IP networks 3 | # over a single UDP port, with support for SSL/TLS-based 4 | # session authentication and key exchange, 5 | # packet encryption, packet authentication, and 6 | # packet compression. 7 | # 8 | # Copyright (C) 2002-2018 OpenVPN Inc 9 | # Copyright (C) 2006-2012 Alon Bar-Lev 10 | # 11 | 12 | MAINTAINERCLEANFILES = \ 13 | $(srcdir)/Makefile.in 14 | 15 | SUBDIRS = auth-pam down-root 16 | -------------------------------------------------------------------------------- /src/plugins/auth-pam/Makefile.am: -------------------------------------------------------------------------------- 1 | # 2 | # OpenVPN (TM) PAM Auth Plugin -- OpenVPN Plugin 3 | # 4 | # Copyright (C) 2012 Alon Bar-Lev 5 | # 6 | 7 | MAINTAINERCLEANFILES = \ 8 | $(srcdir)/Makefile.in 9 | 10 | AM_CFLAGS = \ 11 | -I$(top_srcdir)/include \ 12 | $(PLUGIN_AUTH_PAM_CFLAGS) \ 13 | $(OPTIONAL_CRYPTO_CFLAGS) 14 | 15 | if ENABLE_PLUGIN_AUTH_PAM 16 | plugin_LTLIBRARIES = openvpn-plugin-auth-pam.la 17 | dist_doc_DATA = README.auth-pam 18 | endif 19 | 20 | openvpn_plugin_auth_pam_la_SOURCES = \ 21 | utils.c \ 22 | auth-pam.c \ 23 | pamdl.c pamdl.h \ 24 | auth-pam.exports 25 | openvpn_plugin_auth_pam_la_LIBADD = \ 26 | $(PLUGIN_AUTH_PAM_LIBS) 27 | openvpn_plugin_auth_pam_la_LDFLAGS = $(AM_LDFLAGS) \ 28 | -export-symbols "$(srcdir)/auth-pam.exports" \ 29 | -module -shared -avoid-version -no-undefined 30 | -------------------------------------------------------------------------------- /src/plugins/auth-pam/auth-pam.exports: -------------------------------------------------------------------------------- 1 | openvpn_plugin_open_v3 2 | openvpn_plugin_func_v1 3 | openvpn_plugin_close_v1 4 | openvpn_plugin_abort_v1 5 | -------------------------------------------------------------------------------- /src/plugins/auth-pam/pamdl.h: -------------------------------------------------------------------------------- 1 | #ifdef USE_PAM_DLOPEN 2 | /* Dynamically load and unload the PAM library */ 3 | int dlopen_pam(const char *so); 4 | 5 | void dlclose_pam(void); 6 | 7 | #endif 8 | -------------------------------------------------------------------------------- /src/plugins/auth-pam/utils.h: -------------------------------------------------------------------------------- 1 | /* 2 | * OpenVPN -- An application to securely tunnel IP networks 3 | * over a single TCP/UDP port, with support for SSL/TLS-based 4 | * session authentication and key exchange, 5 | * packet encryption, packet authentication, and 6 | * packet compression. 7 | * 8 | * Copyright (C) 2002-2018 OpenVPN Inc 9 | * 10 | * This program is free software; you can redistribute it and/or modify 11 | * it under the terms of the GNU General Public License version 2 12 | * as published by the Free Software Foundation. 13 | * 14 | * This program is distributed in the hope that it will be useful, 15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | * GNU General Public License for more details. 18 | * 19 | * You should have received a copy of the GNU General Public License along 20 | * with this program; if not, write to the Free Software Foundation, Inc., 21 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 22 | */ 23 | 24 | #ifndef _PLUGIN_AUTH_PAM_UTILS__H 25 | #define _PLUGIN_AUTH_PAM_UTILS__H 26 | 27 | /** 28 | * Read 'tosearch', replace all occurences of 'searchfor' with 'replacewith' and return 29 | * a pointer to the NEW string. Does not modify the input strings. Will not enter an 30 | * infinite loop with clever 'searchfor' and 'replacewith' strings. 31 | * 32 | * @author Daniel Johnson - Progman2000@usa.net / djohnson@progman.us 33 | * 34 | * @param tosearch haystack to search in 35 | * @param searchfor needle to search for in the haystack 36 | * @param replacewith when a match is found, replace needle with this string 37 | * 38 | * @return Retuns NULL when any parameter is NULL or the worst-case result is to large ( >= SIZE_MAX). 39 | * Otherwise it returns a pointer to a new buffer containing the modified input 40 | */ 41 | char * 42 | searchandreplace(const char *tosearch, const char *searchfor, const char *replacewith); 43 | 44 | /** 45 | * Given an environmental variable name, search 46 | * the envp array for its value 47 | * 48 | * @param name Environment variable to look up 49 | * @param envp Environment variable table with all key/value pairs 50 | * 51 | * @return Returns a pointer to the value of the enviroment variable if found, otherwise NULL is returned. 52 | */ 53 | const char * 54 | get_env(const char *name, const char *envp[]); 55 | 56 | /** 57 | * Return the length of a string array 58 | * 59 | * @param array Pointer to the array to calculate size of 60 | * 61 | */ 62 | int 63 | string_array_len(const char *array[]); 64 | 65 | #endif 66 | -------------------------------------------------------------------------------- /src/plugins/down-root/Makefile.am: -------------------------------------------------------------------------------- 1 | # 2 | # OpenVPN (TM) Down Root Plugin -- OpenVPN Plugin 3 | # 4 | # Copyright (C) 2012 Alon Bar-Lev 5 | # 6 | 7 | MAINTAINERCLEANFILES = \ 8 | $(srcdir)/Makefile.in 9 | 10 | AM_CFLAGS = \ 11 | -I$(top_srcdir)/include \ 12 | $(OPTIONAL_CRYPTO_CFLAGS) 13 | 14 | if ENABLE_PLUGIN_DOWN_ROOT 15 | plugin_LTLIBRARIES = openvpn-plugin-down-root.la 16 | dist_doc_DATA = README.down-root 17 | endif 18 | 19 | openvpn_plugin_down_root_la_SOURCES = \ 20 | down-root.c \ 21 | down-root.exports 22 | openvpn_plugin_down_root_la_LDFLAGS = $(AM_LDFLAGS) \ 23 | -export-symbols "$(srcdir)/down-root.exports" \ 24 | -module -shared -avoid-version -no-undefined 25 | -------------------------------------------------------------------------------- /src/plugins/down-root/README.down-root: -------------------------------------------------------------------------------- 1 | down-root -- an OpenVPN Plugin Module 2 | 3 | SYNOPSIS 4 | 5 | The down-root module allows an OpenVPN configuration to 6 | call a down script with root privileges, even when privileges 7 | have been dropped using --user/--group/--chroot. 8 | 9 | This module uses a split privilege execution model which will 10 | fork() before OpenVPN drops root privileges, at the point where 11 | the --up script is usually called. The module will then remain 12 | in a wait state until it receives a message from OpenVPN via 13 | pipe to execute the down script. Thus, the down script will be 14 | run in the same execution environment as the up script. 15 | 16 | BUILD 17 | 18 | Build this module with the "make" command. The plugin 19 | module will be named openvpn-down-root.so 20 | 21 | USAGE 22 | 23 | To use this module, add to your OpenVPN config file: 24 | 25 | plugin openvpn-down-root.so "command ..." 26 | 27 | CAVEATS 28 | 29 | This module will only work on *nix systems, not Windows. 30 | -------------------------------------------------------------------------------- /src/plugins/down-root/down-root.exports: -------------------------------------------------------------------------------- 1 | openvpn_plugin_open_v1 2 | openvpn_plugin_func_v1 3 | openvpn_plugin_close_v1 4 | openvpn_plugin_abort_v1 5 | -------------------------------------------------------------------------------- /tests/Makefile.am: -------------------------------------------------------------------------------- 1 | # 2 | # OpenVPN -- An application to securely tunnel IP networks 3 | # over a single UDP port, with support for SSL/TLS-based 4 | # session authentication and key exchange, 5 | # packet encryption, packet authentication, and 6 | # packet compression. 7 | # 8 | # Copyright (C) 2002-2018 OpenVPN Inc 9 | # Copyright (C) 2006-2012 Alon Bar-Lev 10 | # 11 | 12 | MAINTAINERCLEANFILES = \ 13 | $(srcdir)/Makefile.in 14 | 15 | SUBDIRS = unit_tests 16 | 17 | test_scripts = t_client.sh 18 | if ENABLE_CRYPTO 19 | test_scripts += t_lpback.sh t_cltsrv.sh 20 | endif 21 | 22 | TESTS_ENVIRONMENT = top_srcdir="$(top_srcdir)" 23 | TESTS = $(test_scripts) 24 | 25 | dist_noinst_SCRIPTS = \ 26 | $(test_scripts) \ 27 | t_cltsrv-down.sh \ 28 | update_t_client_ips.sh 29 | 30 | dist_noinst_DATA = \ 31 | t_client.rc-sample 32 | -------------------------------------------------------------------------------- /tests/t_cltsrv-down.sh: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | echo "${role}:${signal}" >&3 3 | -------------------------------------------------------------------------------- /tests/t_lpback.sh: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | # 3 | # t_lpback.sh - script to test OpenVPN's crypto loopback 4 | # Copyright (C) 2005 Matthias Andree 5 | # Copyright (C) 2014 Steffan Karger 6 | # 7 | # This program is free software; you can redistribute it and/or 8 | # modify it under the terms of the GNU General Public License 9 | # as published by the Free Software Foundation; either version 2 10 | # of the License, or (at your option) any later version. 11 | # 12 | # This program is distributed in the hope that it will be useful, 13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | # GNU General Public License for more details. 16 | # 17 | # You should have received a copy of the GNU General Public License 18 | # along with this program; if not, write to the Free Software 19 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 20 | # 02110-1301, USA. 21 | 22 | set -eu 23 | top_builddir="${top_builddir:-..}" 24 | trap "rm -f key.$$ log.$$ ; trap 0 ; exit 77" 1 2 15 25 | trap "rm -f key.$$ log.$$ ; exit 1" 0 3 26 | 27 | # Get list of supported ciphers from openvpn --show-ciphers output 28 | CIPHERS=$(${top_builddir}/src/openvpn/openvpn --show-ciphers | \ 29 | sed -e '/The following/,/^$/d' -e s'/ .*//' -e '/^[[:space:]]*$/d') 30 | 31 | # SK, 2014-06-04: currently the DES-EDE3-CFB1 implementation of OpenSSL is 32 | # broken (see http://rt.openssl.org/Ticket/Display.html?id=2867), so exclude 33 | # that cipher from this test. 34 | # GD, 2014-07-06 so is DES-CFB1 35 | # GD, 2014-07-06 do not test RC5-* either (fails on NetBSD w/o libcrypto_rc5) 36 | CIPHERS=$(echo "$CIPHERS" | egrep -v '^(DES-EDE3-CFB1|DES-CFB1|RC5-)' ) 37 | 38 | # Also test cipher 'none' 39 | CIPHERS=${CIPHERS}$(printf "\nnone") 40 | 41 | "${top_builddir}/src/openvpn/openvpn" --genkey --secret key.$$ 42 | set +e 43 | 44 | e=0 45 | for cipher in ${CIPHERS} 46 | do 47 | echo -n "Testing cipher ${cipher}... " 48 | ( "${top_builddir}/src/openvpn/openvpn" --test-crypto --secret key.$$ --cipher ${cipher} ) >log.$$ 2>&1 49 | if [ $? != 0 ] ; then 50 | echo "FAILED" 51 | cat log.$$ 52 | e=1 53 | else 54 | echo "OK" 55 | fi 56 | done 57 | 58 | rm key.$$ log.$$ 59 | trap 0 60 | exit $e 61 | -------------------------------------------------------------------------------- /tests/unit_tests/Makefile.am: -------------------------------------------------------------------------------- 1 | AUTOMAKE_OPTIONS = foreign 2 | 3 | if CMOCKA_INITIALIZED 4 | SUBDIRS = example_test openvpn plugins 5 | endif 6 | -------------------------------------------------------------------------------- /tests/unit_tests/README.md: -------------------------------------------------------------------------------- 1 | Unit Tests 2 | =========== 3 | 4 | This directory contains unit tests for openvpn. New features/bugfixes should be written in a test friendly way and come with corresponding tests. 5 | 6 | Run tests 7 | ---------- 8 | 9 | Tests are run by `make check`. A failed tests stops test execution. To run all 10 | tests regardless of errors call `make -k check`. 11 | 12 | Add new tests to existing test suite 13 | ------------------------------------- 14 | 15 | Test suites are organized in directories. [example_test/](example_test/) is an example 16 | for a test suite with two test executables. Feel free to use it as a template for new tests. 17 | 18 | Test suites 19 | -------------------- 20 | 21 | Test suites live inside a subdirectory of `$ROOT/tests/unit_tests`, e.g. `$ROOT/tests/unit_tests/my_feature`. 22 | 23 | Test suites are configured by a `Makefile.am`. Tests are executed by testdrivers. One testsuite can contain more than one testdriver. 24 | 25 | ### Hints 26 | * Name suites & testdrivers in a way that the name of the driver says something about which component/feature is tested 27 | * Name the testdriver executable `*_testdriver`. This way it gets picked up by the default `.gitignore` 28 | * If this is not feasible: Add all output to a `.gitignore`* Use descriptive test names: `coffee_brewing__with_no_beans__fails` vs. `test34` 29 | * Testing a configurable feature? Wrap test execution with a conditional (see [auth_pam](plugins/auth-pam/Makefile.am) for an example) 30 | * Add multiple test-drivers when one testdriver looks crowded with tests 31 | 32 | ### New Test Suites 33 | 1. Organize tests in folders for features. 34 | 2. Add the new test directory to `SUBDIRS` in `Makefile.am` 35 | 3. Edit `configure.ac` and add the new `Makefile` to `AC_CONFIG_FILES` 36 | 4. Run `./configure`, and *enable* the feature you'd like to test 37 | 5. Make sure that `make check` runs your tests 38 | 6. Check: Would a stranger be able to easily find your tests by you looking at the test output? 39 | 7. Run `./configure`, and *disable* the feature you'd like to test 40 | 8. Make sure that `make check` does *not run* your tests 41 | -------------------------------------------------------------------------------- /tests/unit_tests/example_test/Makefile.am: -------------------------------------------------------------------------------- 1 | AUTOMAKE_OPTIONS = foreign 2 | 3 | check_PROGRAMS = example_testdriver example2_testdriver 4 | 5 | TESTS = $(check_PROGRAMS) 6 | 7 | example_testdriver_CFLAGS = @TEST_CFLAGS@ 8 | example_testdriver_LDFLAGS = @TEST_LDFLAGS@ 9 | example_testdriver_SOURCES = test.c 10 | 11 | example2_testdriver_CFLAGS = @TEST_CFLAGS@ 12 | example2_testdriver_LDFLAGS = @TEST_LDFLAGS@ 13 | example2_testdriver_SOURCES = test2.c 14 | -------------------------------------------------------------------------------- /tests/unit_tests/example_test/README.md: -------------------------------------------------------------------------------- 1 | This test only checks that test compilation works. This example contains two test executables. 2 | 3 | These tests can be used as template for 'real' tests. 4 | -------------------------------------------------------------------------------- /tests/unit_tests/example_test/test.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | 9 | static int 10 | setup(void **state) { 11 | int *answer = malloc(sizeof(int)); 12 | 13 | *answer = 42; 14 | *state = answer; 15 | 16 | return 0; 17 | } 18 | 19 | static int 20 | teardown(void **state) { 21 | free(*state); 22 | 23 | return 0; 24 | } 25 | 26 | static void 27 | null_test_success(void **state) { 28 | (void) state; 29 | } 30 | 31 | static void 32 | int_test_success(void **state) { 33 | int *answer = *state; 34 | assert_int_equal(*answer, 42); 35 | } 36 | 37 | static void 38 | failing_test(void **state) { 39 | /* This tests fails to test that make check fails */ 40 | assert_int_equal(0, 42); 41 | } 42 | 43 | int 44 | main(void) { 45 | const struct CMUnitTest tests[] = { 46 | cmocka_unit_test(null_test_success), 47 | cmocka_unit_test_setup_teardown(int_test_success, setup, teardown), 48 | /* cmocka_unit_test(failing_test), */ 49 | }; 50 | 51 | return cmocka_run_group_tests_name("success_test", tests, NULL, NULL); 52 | } 53 | -------------------------------------------------------------------------------- /tests/unit_tests/example_test/test2.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | 9 | 10 | static void 11 | test_true(void **state) { 12 | (void) state; 13 | } 14 | 15 | 16 | int 17 | main(void) { 18 | const struct CMUnitTest tests[] = { 19 | cmocka_unit_test(test_true), 20 | }; 21 | 22 | return cmocka_run_group_tests_name("success_test2", tests, NULL, NULL); 23 | } 24 | -------------------------------------------------------------------------------- /tests/unit_tests/openvpn/Makefile.am: -------------------------------------------------------------------------------- 1 | AUTOMAKE_OPTIONS = foreign 2 | 3 | check_PROGRAMS= 4 | 5 | if HAVE_LD_WRAP_SUPPORT 6 | check_PROGRAMS += argv_testdriver buffer_testdriver 7 | endif 8 | 9 | if ENABLE_CRYPTO 10 | check_PROGRAMS += packet_id_testdriver tls_crypt_testdriver 11 | endif 12 | 13 | TESTS = $(check_PROGRAMS) 14 | 15 | openvpn_includedir = $(top_srcdir)/include 16 | openvpn_srcdir = $(top_srcdir)/src/openvpn 17 | compat_srcdir = $(top_srcdir)/src/compat 18 | 19 | argv_testdriver_CFLAGS = @TEST_CFLAGS@ -I$(openvpn_srcdir) -I$(compat_srcdir) \ 20 | $(OPTIONAL_CRYPTO_CFLAGS) 21 | argv_testdriver_LDFLAGS = @TEST_LDFLAGS@ -L$(openvpn_srcdir) -Wl,--wrap=parse_line \ 22 | $(OPTIONAL_CRYPTO_LIBS) 23 | argv_testdriver_SOURCES = test_argv.c mock_msg.c mock_msg.h \ 24 | $(openvpn_srcdir)/platform.c \ 25 | $(openvpn_srcdir)/buffer.c \ 26 | $(openvpn_srcdir)/argv.c 27 | 28 | buffer_testdriver_CFLAGS = @TEST_CFLAGS@ -I$(openvpn_srcdir) -I$(compat_srcdir) 29 | buffer_testdriver_LDFLAGS = @TEST_LDFLAGS@ -L$(openvpn_srcdir) -Wl,--wrap=parse_line 30 | buffer_testdriver_SOURCES = test_buffer.c mock_msg.c mock_msg.h \ 31 | $(openvpn_srcdir)/buffer.c \ 32 | $(openvpn_srcdir)/platform.c 33 | 34 | packet_id_testdriver_CFLAGS = @TEST_CFLAGS@ \ 35 | -I$(openvpn_includedir) -I$(compat_srcdir) -I$(openvpn_srcdir) \ 36 | $(OPTIONAL_CRYPTO_CFLAGS) 37 | packet_id_testdriver_LDFLAGS = @TEST_LDFLAGS@ \ 38 | $(OPTIONAL_CRYPTO_LIBS) 39 | packet_id_testdriver_SOURCES = test_packet_id.c mock_msg.c mock_msg.h \ 40 | $(openvpn_srcdir)/buffer.c \ 41 | $(openvpn_srcdir)/otime.c \ 42 | $(openvpn_srcdir)/packet_id.c \ 43 | $(openvpn_srcdir)/platform.c 44 | 45 | tls_crypt_testdriver_CFLAGS = @TEST_CFLAGS@ \ 46 | -I$(openvpn_includedir) -I$(compat_srcdir) -I$(openvpn_srcdir) \ 47 | $(OPTIONAL_CRYPTO_CFLAGS) 48 | tls_crypt_testdriver_LDFLAGS = @TEST_LDFLAGS@ \ 49 | $(OPTIONAL_CRYPTO_LIBS) 50 | tls_crypt_testdriver_SOURCES = test_tls_crypt.c mock_msg.c mock_msg.h \ 51 | $(openvpn_srcdir)/buffer.c \ 52 | $(openvpn_srcdir)/crypto.c \ 53 | $(openvpn_srcdir)/crypto_mbedtls.c \ 54 | $(openvpn_srcdir)/crypto_openssl.c \ 55 | $(openvpn_srcdir)/otime.c \ 56 | $(openvpn_srcdir)/packet_id.c \ 57 | $(openvpn_srcdir)/platform.c 58 | -------------------------------------------------------------------------------- /tests/unit_tests/openvpn/mock_msg.c: -------------------------------------------------------------------------------- 1 | /* 2 | * OpenVPN -- An application to securely tunnel IP networks 3 | * over a single UDP port, with support for SSL/TLS-based 4 | * session authentication and key exchange, 5 | * packet encryption, packet authentication, and 6 | * packet compression. 7 | * 8 | * Copyright (C) 2016-2018 Fox Crypto B.V. 9 | * 10 | * This program is free software; you can redistribute it and/or modify 11 | * it under the terms of the GNU General Public License version 2 12 | * as published by the Free Software Foundation. 13 | * 14 | * This program is distributed in the hope that it will be useful, 15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | * GNU General Public License for more details. 18 | * 19 | * You should have received a copy of the GNU General Public License along 20 | * with this program; if not, write to the Free Software Foundation, Inc., 21 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 22 | */ 23 | 24 | #ifdef HAVE_CONFIG_H 25 | #include "config.h" 26 | #elif defined(_MSC_VER) 27 | #include "config-msvc.h" 28 | #endif 29 | 30 | #include 31 | #include 32 | #include 33 | #include 34 | #include 35 | #include 36 | 37 | 38 | #include "errlevel.h" 39 | #include "error.h" 40 | 41 | unsigned int x_debug_level = 0; /* Default to (almost) no debugging output */ 42 | bool fatal_error_triggered = false; 43 | 44 | void 45 | mock_set_debug_level(int level) 46 | { 47 | x_debug_level = level; 48 | } 49 | 50 | void 51 | x_msg_va(const unsigned int flags, const char *format, 52 | va_list arglist) 53 | { 54 | if (flags & M_FATAL) 55 | { 56 | fatal_error_triggered = true; 57 | printf("FATAL ERROR:"); 58 | } 59 | vprintf(format, arglist); 60 | printf("\n"); 61 | } 62 | 63 | void 64 | x_msg(const unsigned int flags, const char *format, ...) 65 | { 66 | va_list arglist; 67 | va_start(arglist, format); 68 | x_msg_va(flags, format, arglist); 69 | va_end(arglist); 70 | } 71 | 72 | void 73 | assert_failed(const char *filename, int line, const char *condition) 74 | { 75 | mock_assert(false, condition ? condition : "", filename, line); 76 | /* Keep compiler happy. Should not happen, mock_assert() does not return */ 77 | exit(1); 78 | } 79 | 80 | /* 81 | * Fail memory allocation. Don't use msg() because it tries 82 | * to allocate memory as part of its operation. 83 | */ 84 | void 85 | out_of_memory(void) 86 | { 87 | fprintf(stderr, "Out of Memory\n"); 88 | exit(1); 89 | } 90 | 91 | bool 92 | dont_mute(unsigned int flags) 93 | { 94 | return true; 95 | } 96 | -------------------------------------------------------------------------------- /tests/unit_tests/openvpn/mock_msg.h: -------------------------------------------------------------------------------- 1 | /* 2 | * OpenVPN -- An application to securely tunnel IP networks 3 | * over a single UDP port, with support for SSL/TLS-based 4 | * session authentication and key exchange, 5 | * packet encryption, packet authentication, and 6 | * packet compression. 7 | * 8 | * Copyright (C) 2016-2018 Fox Crypto B.V. 9 | * 10 | * This program is free software; you can redistribute it and/or modify 11 | * it under the terms of the GNU General Public License version 2 12 | * as published by the Free Software Foundation. 13 | * 14 | * This program is distributed in the hope that it will be useful, 15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | * GNU General Public License for more details. 18 | * 19 | * You should have received a copy of the GNU General Public License along 20 | * with this program; if not, write to the Free Software Foundation, Inc., 21 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 22 | */ 23 | 24 | #ifndef MOCK_MSG_H 25 | #define MOCK_MSG_H 26 | 27 | /** 28 | * Mock debug level defaults to 0, which gives clean(-ish) test reports. Call 29 | * this function from your test driver to increase debug output when you 30 | * need debug output. 31 | */ 32 | void mock_set_debug_level(int level); 33 | 34 | #endif /* MOCK_MSG */ 35 | -------------------------------------------------------------------------------- /tests/unit_tests/plugins/Makefile.am: -------------------------------------------------------------------------------- 1 | AUTOMAKE_OPTIONS = foreign 2 | 3 | SUBDIRS = auth-pam 4 | -------------------------------------------------------------------------------- /tests/unit_tests/plugins/auth-pam/Makefile.am: -------------------------------------------------------------------------------- 1 | AUTOMAKE_OPTIONS = foreign 2 | 3 | if ENABLE_PLUGIN_AUTH_PAM 4 | check_PROGRAMS = auth_pam_testdriver 5 | TESTS = $(check_PROGRAMS) 6 | endif 7 | 8 | sut_sourcedir = $(top_srcdir)/src/plugins/auth-pam 9 | 10 | auth_pam_testdriver_SOURCES = test_search_and_replace.c $(sut_sourcedir)/utils.h $(sut_sourcedir)/utils.c 11 | auth_pam_testdriver_CFLAGS = @TEST_CFLAGS@ -I$(sut_sourcedir) 12 | auth_pam_testdriver_LDFLAGS = @TEST_LDFLAGS@ 13 | -------------------------------------------------------------------------------- /tests/unit_tests/plugins/auth-pam/test_search_and_replace.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | 9 | #include "utils.h" 10 | 11 | static void 12 | pass_any_null_param__returns_null() { 13 | 14 | char DUMMY[] = "DUMMY"; 15 | 16 | assert_null(searchandreplace(NULL,DUMMY,DUMMY)); 17 | assert_null(searchandreplace(DUMMY,NULL,DUMMY)); 18 | assert_null(searchandreplace(DUMMY,DUMMY,NULL)); 19 | } 20 | 21 | static void 22 | pass_any_empty_string__returns_null() { 23 | 24 | char DUMMY[] = "DUMMY"; 25 | char EMPTY[] = ""; 26 | 27 | assert_null(searchandreplace(EMPTY,DUMMY,DUMMY)); 28 | assert_null(searchandreplace(DUMMY,EMPTY,DUMMY)); 29 | assert_null(searchandreplace(DUMMY,DUMMY,EMPTY)); 30 | } 31 | 32 | static void 33 | replace_single_char__one_time__match_is_replaced() { 34 | char *replaced = searchandreplace("X","X","Y"); 35 | 36 | assert_non_null(replaced); 37 | assert_string_equal("Y", replaced); 38 | 39 | free(replaced); 40 | } 41 | 42 | static void 43 | replace_single_char__multiple_times__match_all_matches_are_replaced() { 44 | char *replaced = searchandreplace("XaX","X","Y"); 45 | 46 | assert_non_null(replaced); 47 | assert_string_equal("YaY", replaced); 48 | 49 | free(replaced); 50 | } 51 | 52 | static void 53 | replace_longer_text__multiple_times__match_all_matches_are_replaced() { 54 | char *replaced = searchandreplace("XXaXX","XX","YY"); 55 | 56 | assert_non_null(replaced); 57 | assert_string_equal("YYaYY", replaced); 58 | 59 | free(replaced); 60 | } 61 | 62 | static void 63 | pattern_not_found__returns_original() { 64 | char *replaced = searchandreplace("abc","X","Y"); 65 | 66 | assert_non_null(replaced); 67 | assert_string_equal("abc", replaced); 68 | 69 | free(replaced); 70 | } 71 | 72 | 73 | int 74 | main(void) { 75 | const struct CMUnitTest tests[] = { 76 | cmocka_unit_test(pass_any_null_param__returns_null), 77 | cmocka_unit_test(pass_any_empty_string__returns_null), 78 | cmocka_unit_test(replace_single_char__one_time__match_is_replaced), 79 | cmocka_unit_test(replace_single_char__multiple_times__match_all_matches_are_replaced), 80 | cmocka_unit_test(replace_longer_text__multiple_times__match_all_matches_are_replaced), 81 | cmocka_unit_test(pattern_not_found__returns_original), 82 | }; 83 | 84 | return cmocka_run_group_tests_name("searchandreplace", tests, NULL, NULL); 85 | } 86 | -------------------------------------------------------------------------------- /tests/update_t_client_ips.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # This --up script caches the IPs handed out by the test VPN server to a file 4 | # for later use. 5 | 6 | RC="$TOP_BUILDDIR/t_client_ips.rc" 7 | 8 | grep EXPECT_IFCONFIG4_$TESTNUM= $RC > /dev/null 2>&1 9 | if [ $? -ne 0 ]; then 10 | echo "EXPECT_IFCONFIG4_$TESTNUM=$ifconfig_local" >> $RC 11 | fi 12 | 13 | grep EXPECT_IFCONFIG6_$TESTNUM= $RC > /dev/null 2>&1 14 | if [ $? -ne 0 ]; then 15 | echo "EXPECT_IFCONFIG6_$TESTNUM=$ifconfig_ipv6_local" >> $RC 16 | fi 17 | -------------------------------------------------------------------------------- /vendor/Makefile.am: -------------------------------------------------------------------------------- 1 | cmockasrc = $(srcdir)/cmocka 2 | # Not just '$(builddir)/cmocka', because cmocka requires an out-of-source build 3 | cmockabuild = $(builddir)/cmocka_build 4 | cmockadist = $(builddir)/dist 5 | 6 | MAINTAINERCLEANFILES = \ 7 | $(srcdir)/Makefile.in \ 8 | "$(cmockabuild)" \ 9 | "$(cmockadist)" 10 | 11 | libcmocka: 12 | if CMOCKA_INITIALIZED 13 | mkdir -p $(cmockabuild) $(cmockadist) 14 | ## Compensate for the cd in the paths 15 | (cd $(cmockabuild) && cmake -DCMAKE_INSTALL_PREFIX=../$(cmockadist) ../$(cmockasrc) && make && make install) 16 | endif 17 | 18 | check: libcmocka 19 | 20 | clean: 21 | rm -rf $(cmockabuild) 22 | rm -rf $(cmockainstall) 23 | -------------------------------------------------------------------------------- /vendor/README.md: -------------------------------------------------------------------------------- 1 | Vendor 2 | ======== 3 | 4 | Vendor source libraries are included in this directory. Libraries are included 5 | when there is no good way to ensure that the package is available on all 6 | systems. 7 | 8 | `Makefile.am` compiles these libraries and installs them into ./dist. 9 | -------------------------------------------------------------------------------- /version.m4: -------------------------------------------------------------------------------- 1 | dnl define the OpenVPN version 2 | define([PRODUCT_NAME], [OpenVPN]) 3 | define([PRODUCT_TARNAME], [openvpn]) 4 | define([PRODUCT_VERSION_MAJOR], [2]) 5 | define([PRODUCT_VERSION_MINOR], [4]) 6 | define([PRODUCT_VERSION_PATCH], [.9]) 7 | m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MAJOR]) 8 | m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MINOR], [[.]]) 9 | m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_PATCH], [[]]) 10 | define([PRODUCT_BUGREPORT], [openvpn-users@lists.sourceforge.net]) 11 | define([PRODUCT_VERSION_RESOURCE], [2,4,9,0]) 12 | dnl define the TAP version 13 | define([PRODUCT_TAP_WIN_COMPONENT_ID], [tap0901]) 14 | define([PRODUCT_TAP_WIN_MIN_MAJOR], [9]) 15 | define([PRODUCT_TAP_WIN_MIN_MINOR], [9]) 16 | -------------------------------------------------------------------------------- /version.sh.in: -------------------------------------------------------------------------------- 1 | OPENVPN_PACKAGE_NAME="@PACKAGE_NAME@" 2 | OPENVPN_PACKAGE_TARNAME="@PACKAGE_TARNAME@" 3 | OPENVPN_PACKAGE_VERSION="@PACKAGE_VERSION@" 4 | OPENVPN_PACKAGE_HOST="@host@" 5 | --------------------------------------------------------------------------------