Imported Upstream version 2.2.1

parents
James Yonan <jim@yonan.net>
OpenVPN (TM) -- An Open Source VPN daemon
Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
This distribution contains multiple components, some
of which fall under different licenses. By using OpenVPN
or any of the bundled components enumerated below, you
agree to be bound by the conditions of the license for
each respective component.
OpenVPN trademark
-----------------
"OpenVPN" is a trademark of OpenVPN Technologies, Inc.
OpenVPN license:
----------------
OpenVPN is distributed under the GPL license version 2 (see Below).
Special exception for linking OpenVPN with OpenSSL:
In addition, as a special exception, OpenVPN Technologies, Inc. gives
permission to link the code of this program with the OpenSSL
library (or with modified versions of OpenSSL that use the same
license as OpenSSL), and distribute linked combinations including
the two. You must obey the GNU General Public License in all
respects for all of the code used other than OpenSSL. If you modify
this file, you may extend this exception to your version of the
file, but you are not obligated to do so. If you do not wish to
do so, delete this exception statement from your version.
LZO license:
------------
LZO is Copyright (C) Markus F.X.J. Oberhumer,
and is licensed under the GPL.
Special exception for linking OpenVPN with both OpenSSL and LZO:
Hereby I grant a special exception to the OpenVPN project
(http://openvpn.net/) to link the LZO library with
the OpenSSL library (http://www.openssl.org).
Markus F.X.J. Oberhumer
TAP-Win32/TAP-Win64 Driver license:
-----------------------------------
This device driver was inspired by the CIPE-Win32 driver by
Damion K. Wilson.
The source and object code of the TAP-Win32/TAP-Win64 driver
is Copyright (C) 2002-2010 OpenVPN Technologies, Inc., and is released under
the GPL version 2.
Windows DDK Samples:
--------------------
The Windows binary distribution includes devcon.exe, a
Microsoft DDK sample which is redistributed under the terms
of the DDK EULA.
NSIS License:
-------------
Copyright (C) 2002-2003 Joost Verburg
This software is provided 'as-is', without any express or implied
warranty. In no event will the authors be held liable for any damages
arising from the use of this software.
Permission is granted to anyone to use this software for any purpose,
including commercial applications, and to alter it and redistribute
it freely, subject to the following restrictions:
1. The origin of this software must not be misrepresented;
you must not claim that you wrote the original software.
If you use this software in a product, an acknowledgment in the
product documentation would be appreciated but is not required.
2. Altered versions must be plainly marked as such,
and must not be misrepresented as being the original software.
3. This notice may not be removed or altered from any distribution.
OpenSSL License:
----------------
The OpenSSL toolkit stays under a dual license, i.e. both the conditions of
the OpenSSL License and the original SSLeay license apply to the toolkit.
See below for the actual license texts. Actually both licenses are BSD-style
Open Source licenses. In case of any license issues related to OpenSSL
please contact openssl-core@openssl.org.
/* ====================================================================
* Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
Original SSLeay License
-----------------------
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
GNU Public License (GPL)
------------------------
OpenVPN, LZO, and the TAP-Win32 distributions are
licensed under the GPL version 2 (see COPYRIGHT.GPL).
In the Windows binary distribution of OpenVPN, the
GPL is reproduced below.
This diff is collapsed.
This source diff could not be displayed because it is too large. You can view the blob instead.
This diff is collapsed.
IMPORTANT NOTE FOR WINDOWS VISTA/7 USERS
Note that on Windows Vista, you will need to run the OpenVPN
GUI with administrator privileges, so that it can add routes
to the routing table that are pulled from the OpenVPN server.
You can do this by right-clicking on the OpenVPN GUI
desktop icon, and selecting "Run as administrator".
GENERAL QUICKSTART FOR WINDOWS
The OpenVPN Client requires a configuration file
and key/certificate files. You should obtain
these and save them to OpenVPN's configuration
directory, usually C:\Program Files\OpenVPN\config.
You can run OpenVPN as a Windows system service or by using
the client GUI. To use the OpenVPN GUI, double click on the
desktop icon or start menu icon. The OpenVPN GUI is a
system-tray applet, so an icon for the GUI will appear in
the lower-right corner of the screen. Right click on the
system tray icon, and a menu should appear showing the names
of your OpenVPN configuration files, and giving you the
option to connect.
#
# OpenVPN -- An application to securely tunnel IP networks
# over a single UDP port, with support for SSL/TLS-based
# session authentication and key exchange,
# packet encryption, packet authentication, and
# packet compression.
#
# Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
# Copyright (C) 2010 David Sommerseth <dazo@users.sourceforge.net>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program (see the file COPYING included with this
# distribution); if not, write to the Free Software Foundation, Inc.,
# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
LDADD = @LIBOBJS@
.PHONY: plugin
# This option prevents autoreconf from overriding our COPYING and
# INSTALL targets:
AUTOMAKE_OPTIONS = foreign
MAINTAINERCLEANFILES = \
config.log config.status \
$(srcdir)/Makefile.in \
$(srcdir)/config.h.in $(srcdir)/config.h.in~ $(srcdir)/configure \
$(srcdir)/install-sh $(srcdir)/ltmain.sh $(srcdir)/missing \
$(srcdir)/depcomp $(srcdir)/aclocal.m4 \
$(srcdir)/config.guess $(srcdir)/config.sub \
$(srcdir)/openvpn.spec
CLEANFILES = openvpn.8.html configure.h
EXTRA_DIST = \
easy-rsa \
sample-config-files \
sample-keys \
sample-scripts \
suse \
tap-win32 \
contrib \
debug \
plugin \
win
SUBDIRS = \
images \
service-win32 \
install-win32
TESTS = t_client.sh t_lpback.sh t_cltsrv.sh
sbin_PROGRAMS = openvpn
dist_doc_DATA = \
management/management-notes.txt
dist_noinst_SCRIPTS = \
$(TESTS) \
doclean \
domake-win \
t_cltsrv-down.sh \
configure_h.awk configure_log.awk
dist_noinst_DATA = \
openvpn.spec \
COPYRIGHT.GPL \
PORTS \
INSTALL-win32.txt \
service-win32/msvc.mak
openvpn_SOURCES = \
base64.c base64.h \
basic.h \
buffer.c buffer.h \
circ_list.h \
common.h \
crypto.c crypto.h \
dhcp.c dhcp.h \
errlevel.h \
error.c error.h \
event.c event.h \
fdmisc.c fdmisc.h \
forward.c forward.h forward-inline.h \
fragment.c fragment.h \
gremlin.c gremlin.h \
helper.c helper.h \
httpdigest.c httpdigest.h \
lladdr.c lladdr.h \
init.c init.h \
integer.h \
interval.c interval.h \
list.c list.h \
lzo.c lzo.h \
manage.c manage.h \
mbuf.c mbuf.h \
memdbg.h \
misc.c misc.h \
mroute.c mroute.h \
mss.c mss.h \
mtcp.c mtcp.h \
mtu.c mtu.h \
mudp.c mudp.h \
multi.c multi.h \
ntlm.c ntlm.h \
occ.c occ.h occ-inline.h \
pkcs11.c pkcs11.h \
openvpn.c openvpn.h \
openvpn-plugin.h \
options.c options.h \
otime.c otime.h \
packet_id.c packet_id.h \
perf.c perf.h \
pf.c pf.h pf-inline.h \
ping.c ping.h ping-inline.h \
plugin.c plugin.h \
pool.c pool.h \
proto.c proto.h \
proxy.c proxy.h \
ieproxy.h ieproxy.c \
ps.c ps.h \
push.c push.h \
pushlist.h \
reliable.c reliable.h \
route.c route.h \
schedule.c schedule.h \
session_id.c session_id.h \
shaper.c shaper.h \
sig.c sig.h \
socket.c socket.h \
socks.c socks.h \
ssl.c ssl.h \
status.c status.h \
syshead.h \
tun.c tun.h \
win32.h win32.c \
cryptoapi.h cryptoapi.c
nodist_openvpn_SOURCES = configure.h
options.$(OBJEXT): configure.h
configure.h: Makefile
awk -f $(srcdir)/configure_h.awk config.h > $@
awk -f $(srcdir)/configure_log.awk config.log >> $@
dist-hook:
cd $(distdir) && for i in $(EXTRA_DIST) $(SUBDIRS) ; do find $$i -name .svn -type d -prune -exec rm -rf '{}' ';' ; rm -f `find $$i -type f | grep -E '(^|\/)\.?\#|\~$$|\.s?o$$'` ; done
if WIN32
dist_noinst_DATA += openvpn.8
nodist_html_DATA = openvpn.8.html
openvpn.8.html: $(srcdir)/openvpn.8
$(MAN2HTML) < $(srcdir)/openvpn.8 > openvpn.8.html
else
dist_man_MANS = openvpn.8
endif
This diff is collapsed.
OpenVPN
Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
OpenVPN has been written to try to avoid features
that are not standardized well across different
OSes, so porting OpenVPN itself will probably be
straightforward if a tun or tap driver already exists.
Where special OS features are used, they are usually
bracketed with #ifdef HAVE_SOME_FUNCTION.
PLATFORM STATUS:
* Linux 2.2+ (supported)
* Solaris (supported)
* OpenBSD 3.0 (supported but pthreads are broken)
* Max OS X Darwin
* FreeBSD
* NetBSD
* Windows
* 64 bit platforms -- I have heard reports that
OpenVPN runs on Alpha Linux and FreeBSD.
* ARM -- I have heard of at least one case
where OpenVPN was successfully built and
run on the ARM architecture.
PORTING NOTES:
* Make sure that OpenSSL will build on your
platform.
* Make sure that a tun or tap virtual device
driver exists for your platform. See
http://vtun.sourceforge.net/tun/ for examples
of tun and tap drivers that have been written
for Linux, Solaris, and FreeBSD.
* Make sure you have autoconf 2.50+ and
automake 1.6+.
* Edit configure.ac, adding platform specific
config code, and a TARGET_YOUROS define.
* Add platform-specific includes to syshead.h.
* Add an #ifdef TARGET_YOUROS to the do_ifconfig()
function in tun.c to generate a correct "ifconfig"
command for your platform. Note that OpenVPN
determines the ifconfig path at ./configure time.
* Add an ifconfig_order() variant for your OS so
openvpn knows whether to call ifconfig before
or after tun/tap dev open.
* Add an #ifdef TARGET_YOUROS block in tun.c and define
the open_tun, close_tun, read_tun, and write_tun
functions. If your tun/tap virtual device is
sufficiently generic, you may be able to use the
default case.
* Add appropriate code to route.c to handle
the route command on your platform. This
is necessary for the --route option to
work correctly.
* After you successfully build OpenVPN, run
the loopback tests as described in INSTALL.
* For the next test, confirm that the UDP socket
functionality is working independently of the
tun device, by doing something like:
./openvpn --remote localhost --verb 9 --ping 1 --dev null
* Now try with --remote [a real host]
* Now try with a real tun/tap device, you will
need to figure out the appropriate ifconfig
command to use once openvpn has opened the tun/tap
device.
* Once you have simple tests working on the tun device,
try more complex tests such as using TLS mode.
* Stress test the link by doing ping -f across it.
* Make sure that packet fragmenting is happening
correctly by doing a ping -s 2000 or higher.
* Ensure that OpenVPN on your platform will talk
to OpenVPN on other platforms such as Linux.
Some tun/tap driver implementations will prepend
unnecessary stuff onto the datagram that must be
disabled with an explicit ioctl call if cross-platform
compatibility is to be preserved. You can see some
examples of this in tun.c.
* If your system supports pthreads, try building
with ./configure --enable-pthread and do a stress
test in TLS mode.
* Try the ultimate stress test which is --gremlin
--reneg-sec 10 in TLS mode (preferably with pthreads
enabled), then do a flood ping across the tunnel
(ping -f remote-endpoint) in both directions and let
it run overnight. --gremlin will induce massive
corruption and packet loss, but you win if you
wake up the next morning and both peers are still
running and occasionally even succeeding in their
attempted once-per-10-seconds TLS handshake.
* When it's working, submit your patch to
<openvpn-devel@lists.sourceforge.net>
and rejoice :)
OpenVPN -- A Secure tunneling daemon
Copyright (C) 2002-2010 OpenVPN Technologies, Inc. This program is free software;
you can redistribute it and/or modify
it under the terms of the GNU General Public License version 2
as published by the Free Software Foundation.
*************************************************************************
For the latest version of OpenVPN, go to:
http://openvpn.net/
To Build and Install,
./configure
make
make install
or see the file INSTALL for more info.
*************************************************************************
For detailed information on OpenVPN, including examples, see the man page
http://openvpn.net/man.html
For a sample VPN configuration, see
http://openvpn.net/howto.html
For a description of OpenVPN's underlying protocol,
see the file ssl.h included in the source distribution.
*************************************************************************
Other Files & Directories:
* INSTALL-win32.txt -- installation instructions
for Windows
* configure.ac -- script to rebuild our configure
script and makefile.
* openvpn.spec -- RPM Spec file
To build an OpenVPN binary RPM, use the command:
rpmbuild -tb [tarball]
When you install the binary RPM, it will automatically
install sample-scripts/openvpn.init (see below)
* sample-scripts/openvpn.init
A sample init script for OpenVPN. See the file for
comments and additional information.
* sample-scripts/verify-cn
A sample perl script which can be used with OpenVPN's
--tls-verify option to provide a customized authentication
test on embedded X509 certificate fields.
* sample-keys/
Sample RSA keys and certificates. DON'T USE THESE FILES
FOR ANYTHING OTHER THAN TESTING BECAUSE THEY ARE TOTALLY INSECURE.
* sample-config-files/
A collection of OpenVPN config files and scripts from
the HOWTO at http://openvpn.net/howto.html
* easy-rsa/
A simple guide to RSA key management, scripts included.
Also see http://openvpn.net/easyrsa.html
dnl Special Autoconf Macros for OpenVPN
dnl OPENVPN_ADD_LIBS(LIB)
AC_DEFUN([OPENVPN_ADD_LIBS], [
LIBS="$1 $LIBS"
])
dnl @synopsis AX_EMPTY_ARRAY
dnl
dnl Define EMPTY_ARRAY_SIZE to be either "0"
dnl or "" depending on which syntax the compiler
dnl prefers for empty arrays in structs.
dnl
dnl @version
dnl @author James Yonan <jim@yonan.net>
AC_DEFUN([AX_EMPTY_ARRAY], [
AC_MSG_RESULT([checking for C compiler empty array support])
AC_COMPILE_IFELSE(
[
struct { int foo; int bar[[0]]; } mystruct;