Imported Upstream version 2.3_rc1

parent 349cfa7a
*.c eol=lf
*.h eol=lf
*.rc eol=lf
*.txt eol=lf
*.bat eol=lf
*.vc*proj* eol=crlf
*.sln eol=crlf
*.[oa]
*.l[oa]
*.dll
*.exe
*.exe.*
*.obj
*.pyc
*.so
*~
*.idb
*.suo
*.ncb
*.vcproj.*
*.vcxproj.user
*.sln.cache
*.log
Release
Debug
Win32-Output
.deps
.libs
Makefile
Makefile.in
aclocal.m4
autodefs.h
autom4te.cache
config.guess
config.h
config.h.in
config.log
config.status
config.sub
configure
configure.h
depcomp
stamp-h1
install-sh
missing
ltmain.sh
libtool
m4/libtool.m4
m4/ltoptions.m4
m4/ltsugar.m4
m4/ltversion.m4
m4/lt~obsolete.m4
version.sh
msvc-env-local.bat
config-msvc-local.h
config-msvc-version.h
doc/openvpn.8.html
distro/rpm/openvpn.spec
tests/t_client.sh
tests/t_client-*-20??????-??????/
src/openvpn/openvpn
config-version.h
This diff is collapsed.
......@@ -60,28 +60,30 @@ OPTIONAL (but recommended):
(2) LZO real-time compression library, required for link compression,
available from http://www.oberhumer.com/opensource/lzo/
OpenBSD users can use ports or packages to install lzo, but remember
to add "--with-lzo-headers" and "--with-lzo-lib" directives to
"configure", pointing to /usr/local/include and /usr/local/lib
respectively since gcc will not find them otherwise.
to add CFLAGS="-I/usr/local/include" LDFLAGS="-L/usr/local/lib"
directives to "configure", since gcc will not find them otherwise.
(3) Pthread library.
OPTIONAL (for developers only):
(1) Autoconf 2.50 or higher + Automake 1.5 or higher
(1) Autoconf 2.59 or higher + Automake 1.9 or higher
-- available from http://www.gnu.org/software/software.html
(2) Dmalloc library
-- available from http://dmalloc.com/
*************************************************************************
CHECK OUT SOURCE FROM SUBVERSION REPOSITORY:
CHECK OUT SOURCE FROM SOURCE REPOSITORY:
git clone https://github.com/OpenVPN/openvpn
Check out stable version:
svn checkout http://svn.openvpn.net/projects/openvpn/trunk/openvpn openvpn
git checkout -b 2.2 remotes/origin/release/2.2
Check out master (unstable) branch:
Check out beta21 branch:
git checkout master
svn checkout http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn openvpn
*************************************************************************
......@@ -93,18 +95,18 @@ BUILD COMMANDS FROM TARBALL:
*************************************************************************
BUILD COMMANDS FROM SUBVERSION REPOSITORY CHECKOUT:
BUILD COMMANDS FROM SOURCE REPOSITORY CHECKOUT:
autoreconf -i -v
autoreconf -i -v -f
./configure
make
make install
*************************************************************************
BUILD A TARBALL FROM SUBVERSION REPOSITORY CHECKOUT:
BUILD A TARBALL FROM SOURCE REPOSITORY CHECKOUT:
autoreconf -i -v
autoreconf -i -v -f
./configure
make dist
......@@ -121,36 +123,85 @@ Test Crypto:
Test SSL/TLS negotiations (runs for 2 minutes):
./openvpn --config sample-config-files/loopback-client (In one window)
./openvpn --config sample-config-files/loopback-server (Simultaneously in another window)
./openvpn --config sample/sample-config-files/loopback-client (In one window)
./openvpn --config sample/sample-config-files/loopback-server (Simultaneously in another window)
*************************************************************************
OPTIONS for ./configure:
--enable-pthread Compile pthread support for
improved latency during SSL/TLS key
negotiations (Linux or Solaris only)
--disable-lzo Do not compile LZO compression support
--disable-crypto Do not compile OpenSSL crypto support
--disable-ssl Do not compile OpenSSL SSL support for
TLS-based key exchange
--with-ssl-headers=DIR Crypto/SSL Include files location
--with-ssl-lib=DIR Crypto/SSL Library location
--with-lzo-headers=DIR LZO Include files location
--with-lzo-lib=DIR LZO Library location
--with-ifconfig-path=PATH Path to ifconfig tool (only need to
specify if in a non-standard location)
--with-leak-check=TYPE Build with memory leak checking
TYPE = dmalloc or ssl
--enable-strict Enable strict compiler warnings
--enable-strict-options Enable strict options check between peers
--disable-lzo disable LZO compression support [default=yes]
--enable-lzo-stub don't compile LZO compression support but still
allow limited interoperability with LZO-enabled
peers [default=no]
--disable-crypto disable crypto support [default=yes]
--disable-ssl disable SSL support for TLS-based key exchange
[default=yes]
--enable-x509-alt-username
enable the --x509-username-field feature
[default=no]
--disable-multi disable client/server support (--mode server +
client mode) [default=yes]
--disable-server disable server support only (but retain client
support) [default=yes]
--disable-plugins disable plug-in support [default=yes]
--disable-eurephia disable support for the eurephia plug-in
[default=yes]
--disable-management disable management server support [default=yes]
--enable-pkcs11 enable pkcs11 support [default=no]
--disable-socks disable Socks support [default=yes]
--disable-http-proxy disable HTTP proxy support [default=yes]
--disable-fragment disable internal fragmentation support (--fragment)
[default=yes]
--disable-multihome disable multi-homed UDP server support (--multihome)
[default=yes]
--disable-port-share disable TCP server port-share support (--port-share)
[default=yes]
--disable-debug disable debugging support (disable gremlin and verb
7+ messages) [default=yes]
--enable-small enable smaller executable size (disable OCC, usage
message, and verb 4 parm list) [default=yes]
--enable-password-save allow --askpass and --auth-user-pass passwords to be
read from a file [default=yes]
--enable-iproute2 enable support for iproute2 [default=no]
--disable-def-auth disable deferred authentication [default=yes]
--disable-pf disable internal packet filter [default=yes]
--enable-strict enable strict compiler warnings (debugging option)
[default=no]
--enable-pedantic enable pedantic compiler warnings, will not generate
a working executable (debugging option) [default=no]
--enable-strict-options enable strict options check between peers (debugging
option) [default=no]
--enable-selinux enable SELinux support [default=no]
--enable-systemd enable systemd suppport [default=no]
ENVIRONMENT for ./configure:
IFCONFIG full path to ipconfig utility
ROUTE full path to route utility
IPROUTE full path to ip utility
NETSTAT path to netstat utility
MAN2HTML path to man2html utility
GIT path to git utility
TAP_CFLAGS C compiler flags for tap
OPENSSL_CRYPTO_CFLAGS
C compiler flags for OPENSSL_CRYPTO, overriding pkg-config
OPENSSL_CRYPTO_LIBS
linker flags for OPENSSL_CRYPTO, overriding pkg-config
OPENSSL_SSL_CFLAGS
C compiler flags for OPENSSL_SSL, overriding pkg-config
OPENSSL_SSL_LIBS
linker flags for OPENSSL_SSL, overriding pkg-config
POLARSSL_CFLAGS
C compiler flags for polarssl
POLARSSL_LIBS
linker flags for polarssl
LZO_CFLAGS C compiler flags for lzo
LZO_LIBS linker flags for lzo
PKCS11_HELPER_CFLAGS
C compiler flags for PKCS11_HELPER, overriding pkg-config
PKCS11_HELPER_LIBS
linker flags for PKCS11_HELPER, overriding pkg-config
*************************************************************************
......@@ -316,28 +367,3 @@ CAVEATS & BUGS:
IV for OFB and CFB modes. This is not an issue if you are
using CBC cipher mode (the default), or if you are using OFB or CFB
cipher mode with SSL/TLS authentication.
******************************************************************************
Subject: [Openvpn-users] Re: Windows XP 64 bit
From: Hypherion
Date: Thu, 14 Apr 2005 07:01:17 +0000 (UTC)
Well I managed to build a Windows XP 64 bit driver myself and it's working
great, I can connect to my server again :)
I had to use the WinDDK for Windows 2003 Service Pack 1 and just built the
driver in the Windows 2003 AMD64 environment. I had to comment out the
MAPINFO:FIXUPS directive in the SOURCES file.
Then I copied and renamed (devcon.exe/tapinstall.exe) from
C:\WINDDK\3790.1830\tools\devcon\amd64.
I had to edit the file OemWin2k.inf and change the Manufactured + Product
Section to:
[Manufacturer]
%Provider% = tap0901, NTamd64
[tap0901.NTamd64]
%DeviceDescription% = tap0901.ndi, tap0901
UPGRADING FROM 2.3-ALPHA1 AND EARLIER
OpenVPN Windows installer went through major changes in
2.3-alpha2. To avoid any unexpected behavior, it is strongly
suggested to upgrade as follows.
First backup configuration files and certificates from your
current installation; by default they're in
C:\Program Files\OpenVPN\config (32-bit Windows)
C:\Program Files (x86)\OpenVPN\config (64-bit Windows)
After this, stop the openvpn-gui or the openvpn service
wrapper, if either of them is running and uninstall OpenVPN.
Finally, remove the OpenVPN install directory entirely (e.g.
using Windows Explorer as administrator).
Finally, install the new version of OpenVPN and copy over
your configuration files and certificates, which now go to
C:\Program Files\OpenVPN\config
provided you did not install the 32-bit version on 64-bit
Windows.
IMPORTANT NOTE FOR WINDOWS VISTA/7 USERS
Note that on Windows Vista, you will need to run the OpenVPN
......
......@@ -7,6 +7,7 @@
#
# Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
# Copyright (C) 2010 David Sommerseth <dazo@users.sourceforge.net>
# Copyright (C) 2006-2012 Alon Bar-Lev <alon.barlev@gmail.com>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
......@@ -23,142 +24,78 @@
# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
LDADD = @LIBOBJS@
.PHONY: plugin
# This option prevents autoreconf from overriding our COPYING and
# INSTALL targets:
AUTOMAKE_OPTIONS = foreign
AUTOMAKE_OPTIONS = foreign 1.9
ACLOCAL_AMFLAGS = -I m4
MAINTAINERCLEANFILES = \
config.log config.status \
$(srcdir)/Makefile.in \
$(srcdir)/config.h.in $(srcdir)/config.h.in~ $(srcdir)/configure \
$(srcdir)/install-sh $(srcdir)/ltmain.sh $(srcdir)/missing \
$(srcdir)/m4/libtool.m4 $(srcdir)/m4/lt~obsolete.m4 \
$(srcdir)/m4/ltoptions.m4 $(srcdir)/m4/ltsugar.m4 \
$(srcdir)/m4/ltversion.m4 \
$(srcdir)/depcomp $(srcdir)/aclocal.m4 \
$(srcdir)/config.guess $(srcdir)/config.sub \
$(srcdir)/openvpn.spec
CLEANFILES = openvpn.8.html configure.h
$(srcdir)/config.guess $(srcdir)/config.sub
CLEANFILES = \
config-version.h
EXTRA_DIST = \
easy-rsa \
sample-config-files \
sample-keys \
sample-scripts \
suse \
tap-win32 \
contrib \
debug \
plugin \
win
debug
SUBDIRS = \
images \
service-win32 \
install-win32
.PHONY: config-version.h
TESTS = t_client.sh t_lpback.sh t_cltsrv.sh
sbin_PROGRAMS = openvpn
if GIT_CHECKOUT
BUILT_SOURCES = \
config-version.h
endif
dist_doc_DATA = \
management/management-notes.txt
SUBDIRS = build distro include src sample doc tests
dist_noinst_SCRIPTS = \
$(TESTS) \
doclean \
domake-win \
t_cltsrv-down.sh \
configure_h.awk configure_log.awk
dist_doc_DATA = \
README \
README.IPv6 \
README.polarssl \
COPYRIGHT.GPL \
COPYING
dist_noinst_DATA = \
openvpn.spec \
COPYRIGHT.GPL \
.gitignore \
.gitattributes \
config-version.h.in \
PORTS \
INSTALL-win32.txt \
service-win32/msvc.mak
README.IPv6 TODO.IPv6 \
README.polarssl \
openvpn.sln \
msvc-env.bat \
msvc-dev.bat \
msvc-build.bat
openvpn_SOURCES = \
base64.c base64.h \
basic.h \
buffer.c buffer.h \
circ_list.h \
common.h \
crypto.c crypto.h \
dhcp.c dhcp.h \
errlevel.h \
error.c error.h \
event.c event.h \
fdmisc.c fdmisc.h \
forward.c forward.h forward-inline.h \
fragment.c fragment.h \
gremlin.c gremlin.h \
helper.c helper.h \
httpdigest.c httpdigest.h \
lladdr.c lladdr.h \
init.c init.h \
integer.h \
interval.c interval.h \
list.c list.h \
lzo.c lzo.h \
manage.c manage.h \
mbuf.c mbuf.h \
memdbg.h \
misc.c misc.h \
mroute.c mroute.h \
mss.c mss.h \
mtcp.c mtcp.h \
mtu.c mtu.h \
mudp.c mudp.h \
multi.c multi.h \
ntlm.c ntlm.h \
occ.c occ.h occ-inline.h \
pkcs11.c pkcs11.h \
openvpn.c openvpn.h \
openvpn-plugin.h \
options.c options.h \
otime.c otime.h \
packet_id.c packet_id.h \
perf.c perf.h \
pf.c pf.h pf-inline.h \
ping.c ping.h ping-inline.h \
plugin.c plugin.h \
pool.c pool.h \
proto.c proto.h \
proxy.c proxy.h \
ieproxy.h ieproxy.c \
ps.c ps.h \
push.c push.h \
pushlist.h \
reliable.c reliable.h \
route.c route.h \
schedule.c schedule.h \
session_id.c session_id.h \
shaper.c shaper.h \
sig.c sig.h \
socket.c socket.h \
socks.c socks.h \
ssl.c ssl.h \
status.c status.h \
syshead.h \
tun.c tun.h \
win32.h win32.c \
cryptoapi.h cryptoapi.c
nodist_openvpn_SOURCES = configure.h
options.$(OBJEXT): configure.h
configure.h: Makefile
awk -f $(srcdir)/configure_h.awk config.h > $@
awk -f $(srcdir)/configure_log.awk config.log >> $@
if WIN32
dist_doc_DATA += INSTALL-win32.txt
else
dist_noinst_DATA += INSTALL-win32.txt
endif
dist-hook:
cd $(distdir) && for i in $(EXTRA_DIST) $(SUBDIRS) ; do find $$i -name .svn -type d -prune -exec rm -rf '{}' ';' ; rm -f `find $$i -type f | grep -E '(^|\/)\.?\#|\~$$|\.s?o$$'` ; done
dist_noinst_HEADERS = \
config-msvc.h \
config-msvc-version.h.in
if WIN32
dist_noinst_DATA += openvpn.8
nodist_html_DATA = openvpn.8.html
openvpn.8.html: $(srcdir)/openvpn.8
$(MAN2HTML) < $(srcdir)/openvpn.8 > openvpn.8.html
else
dist_man_MANS = openvpn.8
rootdir=$(prefix)
root_DATA = version.sh
endif
config-version.h:
@CONFIGURE_GIT_REVISION="`GIT_DIR=\"$(top_srcdir)/.git\" $(GIT) rev-parse --symbolic-full-name HEAD`/`GIT_DIR=\"$(top_srcdir)/.git\" $(GIT) rev-parse --short=16 HEAD`"; \
$(SED) "s#@CONFIGURE_GIT_REVISION[@]#$${CONFIGURE_GIT_REVISION}#g" "$(srcdir)/config-version.h.in" > config-version.h.tmp
@if ! [ -f config-version.h ] || ! cmp -s config-version.h.tmp config-version.h; then \
echo "replacing config-version.h"; \
mv config-version.h.tmp config-version.h; \
else \
rm -f config-version.h.tmp; \
fi
This diff is collapsed.
IPv6 payload support
--------------------
Latest IPv6 payload support code and documentation can be found from here:
http://www.greenie.net/ipv6/openvpn.html
For TODO list, see TODO.IPv6.
Gert Doering, 31.12.2009
IPv6 transport support
----------------------
[ Last updated: 25-Mar-2011. ]
OpenVPN-2.1 over UDP6/TCP6 README for ipv6-0.4.x patch releases:
( --udp6 and --tcp6-{client,server} )
* Availability
Source code under GPLv2 from http://github.com/jjo/openvpn-ipv6
Distro ready repos/packages:
o Debian sid official repo, by Alberto Gonzalez Iniesta,
starting from openvpn_2.1~rc20-2
o Gentoo official portage tree, by Marcel Pennewiss:
- https://bugs.gentoo.org/show_bug.cgi?id=287896
o Ubuntu package, by Bernhard Schmidt:
- https://launchpad.net/~berni/+archive/ipv6/+packages
o Freetz.org, milestone freetz-1.2
- http://trac.freetz.org/milestone/freetz-1.2
* Status:
o OK:
- upd6,tcp6: GNU/Linux, win32, openbsd-4.7, freebsd-8.1
- udp4->upd6,tcp4->tcp6 (ipv4/6 mapped): GNU/Linux
(gives a warning on local!=remote proto matching)
o NOT:
- win32: tcp4->tcp6 (ipv4/6 mapped) fails w/connection refused
o NOT tested:
- mgmt console
* Build setup:
./configure --enable-ipv6 (by default)
* Usage:
For IPv6 just specify "-p upd6" an proper IPv6 hostnames, adapting the example
from man page ...
On may:
openvpn --proto udp6 --remote <june_IPv6_addr> --dev tun1 \
--ifconfig 10.4.0.1 10.4.0.2 --verb 5 --secret key
On june:
openvpn --proto udp6 --remote <may_IPv6_addr> --dev tun1 \
--ifconfig 10.4.0.2 10.4.0.1 --verb 5 --secret key
Same for --proto tcp6-client, tcp6-server.
* Main code changes summary: