Update OpenVPN to -master

author: Arne Schwabe <arne@rfc2549.org> 2015-02-24 21:20:30 +0100
committer: Arne Schwabe <arne@rfc2549.org> 2015-02-24 21:20:30 +0100
commit: 9a526dbc926ad43073016c8bf4634f781391acff (patch)
tree: ab91fb6d63126b05f5b7b10f343581f3540c168c
parent: 64786447cb71e4019d47bcddafc1f6eb8d171824 (diff)
10 files changed, 56 insertions, 8 deletions
diff --git a/main/openvpn/config-version.h b/main/openvpn/config-version.h
index 6044ed8e..eb75eff4 100644
--- a/main/openvpn/config-version.h
+++ b/main/openvpn/config-version.h
@@ -1,2 +1,2 @@
-#define CONFIGURE_GIT_REVISION "icsopenvpn_629-3976c7f5f4d39f06"
+#define CONFIGURE_GIT_REVISION "icsopenvpn_629-4c6f7f0d16e1a6b3"
 #define CONFIGURE_GIT_FLAGS ""
diff --git a/main/openvpn/sample/sample-config-files/client.conf b/main/openvpn/sample/sample-config-files/client.conf
index 050ef600..fedcbd6e 100644
--- a/main/openvpn/sample/sample-config-files/client.conf
+++ b/main/openvpn/sample/sample-config-files/client.conf
@@ -105,7 +105,7 @@ remote-cert-tls server
 
 # If a tls-auth key is used on the server
 # then every client must also have the key.
-;tls-auth ta.key 1
+tls-auth ta.key 1
 
 # Select a cryptographic cipher.
 # If the cipher option is used on the server
diff --git a/main/openvpn/sample/sample-config-files/loopback-client b/main/openvpn/sample/sample-config-files/loopback-client
index ebbd1cf4..7117307d 100644
--- a/main/openvpn/sample/sample-config-files/loopback-client
+++ b/main/openvpn/sample/sample-config-files/loopback-client
@@ -21,5 +21,6 @@ remote-cert-tls server
 ca sample-keys/ca.crt
 key sample-keys/client.key
 cert sample-keys/client.crt
+tls-auth sample-keys/ta.key 1
 ping 1
 inactive 120 10000000
diff --git a/main/openvpn/sample/sample-config-files/loopback-server b/main/openvpn/sample/sample-config-files/loopback-server
index 8cb97be0..8e1f39cd 100644
--- a/main/openvpn/sample/sample-config-files/loopback-server
+++ b/main/openvpn/sample/sample-config-files/loopback-server
@@ -21,5 +21,6 @@ dh sample-keys/dh2048.pem
 ca sample-keys/ca.crt
 key sample-keys/server.key
 cert sample-keys/server.crt
+tls-auth sample-keys/ta.key 0
 ping 1
 inactive 120 10000000
diff --git a/main/openvpn/sample/sample-config-files/server.conf b/main/openvpn/sample/sample-config-files/server.conf
index 701be3cc..c85ca0ff 100644
--- a/main/openvpn/sample/sample-config-files/server.conf
+++ b/main/openvpn/sample/sample-config-files/server.conf
@@ -241,7 +241,7 @@ keepalive 10 120
 # a copy of this key.
 # The second parameter should be '0'
 # on the server and '1' on the clients.
-;tls-auth ta.key 0 # This file is secret
+tls-auth ta.key 0 # This file is secret
 
 # Select a cryptographic cipher.
 # This config item must be copied to
diff --git a/main/openvpn/sample/sample-keys/gen-sample-keys.sh b/main/openvpn/sample/sample-keys/gen-sample-keys.sh
index 414687eb..725cfc97 100755
--- a/main/openvpn/sample/sample-keys/gen-sample-keys.sh
+++ b/main/openvpn/sample/sample-keys/gen-sample-keys.sh
@@ -14,6 +14,9 @@ then
     exit 1
 fi
 
+# Generate static key for tls-auth (or static key mode)
+$(dirname ${0})/../../src/openvpn/openvpn --genkey --secret ta.key
+
 # Create required directories and files
 mkdir -p sample-ca
 rm -f sample-ca/index.txt
diff --git a/main/openvpn/sample/sample-keys/ta.key b/main/openvpn/sample/sample-keys/ta.key
new file mode 100644
index 00000000..16690368
--- /dev/null
+++ b/main/openvpn/sample/sample-keys/ta.key
@@ -0,0 +1,21 @@
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+a863b1cbdb911ff4ef3360ce135157e7
+241a465f5045f51cf9a92ebc24da34fd
+5fc48456778c977e374d55a8a7298aef
+40d0ab0c60b5e09838510526b73473a0
+8da46a8c352572dd86d4a871700a915b
+6aaa58a9dac560db2dfdd7ef15a202e1
+fca6913d7ee79c678c5798fbf7bd920c
+caa7a64720908da7254598b052d07f55
+5e31dc5721932cffbdd8965d04107415
+46c86823da18b66aab347e4522cc05ff
+634968889209c96b1024909cd4ce574c
+f829aa9c17d5df4a66043182ee23635d
+8cabf5a7ba02345ad94a3aa25a63d55c
+e13f4ad235a0825e3fe17f9419baff1c
+e73ad1dd652f1e48c7102fe8ee181e54
+10a160ae255f63fd01db1f29e6efcb8e
+-----END OpenVPN Static key V1-----
diff --git a/main/openvpn/src/openvpn/mroute.c b/main/openvpn/src/openvpn/mroute.c
index ba4ef46f..972f1dd5 100644
--- a/main/openvpn/src/openvpn/mroute.c
+++ b/main/openvpn/src/openvpn/mroute.c
@@ -426,8 +426,16 @@ mroute_addr_print_ex (const struct mroute_addr *ma,
 	  break;
 	case MR_ADDR_IPV6:
 	  {
-	    buf_printf (&out, "%s",
-		  print_in6_addr( *(struct in6_addr*)&maddr.addr, 0, gc)); 
+	    if ( IN6_IS_ADDR_V4MAPPED( (struct in6_addr*)&maddr.addr ) )
+	      {
+		buf_printf (&out, "%s",
+		     print_in_addr_t( *(in_addr_t*)(&maddr.addr[12]), IA_NET_ORDER, gc));
+	      }
+	    else
+	      {
+	        buf_printf (&out, "%s",
+		      print_in6_addr( *(struct in6_addr*)&maddr.addr, 0, gc));
+	      }
 	    if (maddr.type & MR_WITH_NETBITS)
 	      {
 		buf_printf (&out, "/%d", maddr.netbits);
diff --git a/main/openvpn/src/openvpn/socket.c b/main/openvpn/src/openvpn/socket.c
index 331a9d9f..f5c740d8 100644
--- a/main/openvpn/src/openvpn/socket.c
+++ b/main/openvpn/src/openvpn/socket.c
@@ -2573,9 +2573,19 @@ setenv_sockaddr (struct env_set *es, const char *name_prefix, const struct openv
 	}
       break;
     case AF_INET6:
-      openvpn_snprintf (name_buf, sizeof (name_buf), "%s_ip6", name_prefix);
-      getnameinfo(&addr->addr.sa, sizeof (struct sockaddr_in6),
-		  buf, sizeof(buf), NULL, 0, NI_NUMERICHOST);
+      if ( IN6_IS_ADDR_V4MAPPED( &addr->addr.in6.sin6_addr ))
+	{
+	  struct in_addr ia;
+	  ia.s_addr = *(in_addr_t *)&addr->addr.in6.sin6_addr.s6_addr[12] ;
+	  openvpn_snprintf (name_buf, sizeof (name_buf), "%s_ip", name_prefix);
+	  openvpn_snprintf (buf, sizeof(buf), "%s", inet_ntoa(ia) );
+	}
+      else
+        {
+	  openvpn_snprintf (name_buf, sizeof (name_buf), "%s_ip6", name_prefix);
+	  getnameinfo(&addr->addr.sa, sizeof (struct sockaddr_in6),
+		      buf, sizeof(buf), NULL, 0, NI_NUMERICHOST);
+	}
       setenv_str (es, name_buf, buf);
 
       if ((flags & SA_IP_PORT) && addr->addr.in6.sin6_port)
diff --git a/main/openvpn/src/openvpn/ssl_openssl.c b/main/openvpn/src/openvpn/ssl_openssl.c
index 48c05715..d9abc6ea 100644
--- a/main/openvpn/src/openvpn/ssl_openssl.c
+++ b/main/openvpn/src/openvpn/ssl_openssl.c
@@ -203,6 +203,10 @@ tls_ctx_set_options (struct tls_root_ctx *ctx, unsigned int ssl_flags)
     if (tls_ver_min > TLS_VER_1_2 || tls_ver_max < TLS_VER_1_2)
       sslopt |= SSL_OP_NO_TLSv1_2;
 #endif
+#ifdef SSL_OP_NO_COMPRESSION
+    /* Disable compression - flag not available in OpenSSL 0.9.8 */
+    sslopt |= SSL_OP_NO_COMPRESSION;
+#endif
     SSL_CTX_set_options (ctx->ctx, sslopt);
   }
author	Arne Schwabe <arne@rfc2549.org>	2015-02-24 21:20:30 +0100
committer	Arne Schwabe <arne@rfc2549.org>	2015-02-24 21:20:30 +0100
commit	9a526dbc926ad43073016c8bf4634f781391acff (patch)
tree	ab91fb6d63126b05f5b7b10f343581f3540c168c
parent	64786447cb71e4019d47bcddafc1f6eb8d171824 (diff)