openvpn
openvpn copied to clipboard
OpenVPN
OpenVPN is an open source VPN daemon
This allows for accepting clients based on their certificate authority: ``` x509-username-field issuer CN verify-x509-name ...CA=ExampleCA_ match-prefix ``` `tls-verify` or `plugin` can do the equivalent, but require additional code execution...
**Describe the bug** Linux DCO (2.6 and 2.7) is losing at least peer delete messages from the kernel (and maybe key swap and float in 2.7). This was uncovered working...
Trying to figure out what failed on `running unit-tests` can be misleading if it's actually `compiling unit-tests`, but we do not have a separate stage for it (and I'm not...
Hi all! I tried to send this to openvpn-devel but it looks like it might not have gotten through? (I'm probably confused or just did something wrong.) It sounds like...
In a P2P config with a `ping` option but without `ping-restart` or `ping-exit`, DCO does not ping the remote. It works only after disabling DCO.
There was an update pushed earlier this year which undid some important logic in terms of learning/unlearning the ifconfig IP address. The older original code would check that the new/old...
A new `pkcs11-helper` [release](https://github.com/OpenSC/pkcs11-helper/releases) `1.31` dropped. The patch set for `RFC7512` applied to OpenVPN Windows builds also gained an [additional fix](https://github.com/OpenSC/pkcs11-helper/pull/4#issuecomment-2386674821). Seems to be a notation issue and not effect...
Similar to the key state init/free/zero PRs that were recently raised - since the code base depends on free(NULLs) it is good practice and better quality to ensure that the...
Created an example reference pull request where if the key is not zero'd out on tls_session_free then there is a potential risk that if it is ever called twice it...
Observed that the tls_session_init() function only initializes the KS_PRIMARY key and not the KS_LAME_DUCK key and the tls_session_free() function will free ALL keys always. This is a mis-match in the...