[Openvpn-commits] SF.net Git: OpenVPN with experimental and new features - which requires a lot of testing branch, svn-branch-2.1, created. e4359af463463097dd80e679836905bcd8ad7a13

[<ope...@li...>]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OpenVPN with experimental and new features - which requires a lot of testing".

The branch, svn-branch-2.1 has been created
        at  e4359af463463097dd80e679836905bcd8ad7a13 (commit)

- Log -----------------------------------------------------------------
commit e4359af463463097dd80e679836905bcd8ad7a13
Author: James Yonan <ja...@op...>
Date:   Mon Apr 25 06:21:57 2011 +0000

    Fixed compile issues on Windows.
    
    Version 2.1.3w
    
    
    git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7219 e7ae566f-a301-0410-adde-c780ea21d3b5

commit 7966d75a9d41453a56e41eaae7b0fd64f75f7ec3
Author: James Yonan <ja...@op...>
Date:   Mon Apr 25 04:58:34 2011 +0000

    Added new "extra-certs" and "verify-hash" options (see man page for
    details).
    
    Increase the timeout after SIGUSR1 restart when restart is not
    due to server_poll_timeout.
    
    Version 2.1.3v
    
    
    git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7215 e7ae566f-a301-0410-adde-c780ea21d3b5

commit d5497262ae1d1a7cf50a45b5ab6750f63bf8565d
Author: James Yonan <ja...@op...>
Date:   Sun Apr 24 00:59:28 2011 +0000

    Added 'dir' flag to "crl-verify" (see man page for info).
    
    Don't call SSL_CTX_set_client_CA_list or SSL_CTX_set_client_CA_list
    if not running in server mode (these functions are only useful for
    TLS/SSL servers).
    
    Modified openvpn_snprintf to return false on overflow, and true
    otherwise.
    
    When AUTH_FAILED,... is received, log the full string.
    
    
    git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7213 e7ae566f-a301-0410-adde-c780ea21d3b5

commit cf906790a88cc4489fd4677aa6b9c5f6a7146488
Author: James Yonan <ja...@op...>
Date:   Tue Apr 19 10:28:06 2011 +0000

    Revert r7092 and r7151, i.e. remove --enable-osxipconfig
    configure option.  ipconfig on Mac has certain behavior that makes
    it unsuitable for use by OpenVPN to configure tun/tap interface.
    
    Version 2.1.3u
    
    
    git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7191 e7ae566f-a301-0410-adde-c780ea21d3b5

commit cacae3c01c812a793b3e9635ac3cad6f11dbc880
Author: James Yonan <ja...@op...>
Date:   Tue Apr 12 05:15:15 2011 +0000

    Version 2.1.3t
    
    
    git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7152 e7ae566f-a301-0410-adde-c780ea21d3b5

commit e51935df0ee3984a0464bfd72afc58836cb79d99
Author: James Yonan <ja...@op...>
Date:   Tue Apr 12 05:14:34 2011 +0000

    For Mac OSX, when DARWIN_USE_IPCONFIG is defined, retry ipconfig
    command on failure once every second for up to 15 seconds.  This
    is necessary to work around an issue observed on OSX 10.5 where
    the ipconfig command sometimes fails if executed immediately after
    the tun device open.
    
    
    git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7151 e7ae566f-a301-0410-adde-c780ea21d3b5

commit 28c8776b65c2300b758cd2b707283a43b4a582e8
Author: James Yonan <ja...@op...>
Date:   Sun Apr 3 21:48:15 2011 +0000

    Fixed bug in port-share that could cause port share process to
    crash with output like this:
    
    TCP connection established with 85.190.0.3:41781
    85.190.0.3:41781 SIGTERM[soft,port-share-redirect] received, client-instance exiting
    MANAGEMENT: TCP recv error: Socket operation on non-socket
    MANAGEMENT: Client disconnected
    MANAGEMENT: Triggering management exit
    Exiting due to fatal error
    EVENT: epoll_ctl EPOLL_CTL_MOD failed, sd=6: Bad file descriptor (errno=9)
    
    Then an error like this for every incoming connection that should be
    proxied:
    
    76.120.71.74:55302 PORT SHARE: sendmsg failed -- unable to communicate with background process (6,8,-1,-1): Connection refused (errno=111)
    
    Version 2.1.3s
    
    
    git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7127 e7ae566f-a301-0410-adde-c780ea21d3b5

commit 4d453a1792b04f01a8c313157402ce0501ae809c
Author: James Yonan <ja...@op...>
Date:   Sat Apr 2 08:21:28 2011 +0000

    Fixed bug that incorrectly placed stricter TCP packet replay rules on
    UDP sessions when the client daemon was running in UDP/TCP adaptive
    mode, and transitioned from TCP to UDP.
    
    The bug would cause a single dropped packet in UDP mode to trigger a
    barrage of packet replay errors followed by a disconnect and
    reconnect.
    
    Version 2.1.3r
    
    
    git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7125 e7ae566f-a301-0410-adde-c780ea21d3b5

commit ac1310528a248c99e039e7afaf48724ad1b7f10e
Author: James Yonan <ja...@op...>
Date:   Thu Mar 31 23:18:06 2011 +0000

    Added more packet ID debug info at debug level 3 for debugging
    false positive packet replays.
    
    Version 2.1.3q.
    
    
    git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7109 e7ae566f-a301-0410-adde-c780ea21d3b5

commit e9f8696f3981fc493501082d996340c9021919c7
Author: James Yonan <ja...@op...>
Date:   Sun Mar 27 09:20:13 2011 +0000

    Added ./configure --enable-osxipconfig option for Mac OS X which will
    enable the use of ipconfig (instead of ifconfig) for configuring the
    IP address and netmask of the tun/tap adapter.
    
    Version 2.1.3p
    
    
    git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7092 e7ae566f-a301-0410-adde-c780ea21d3b5

commit 0db046f253e86a3dd7583e2f7a13b21e7eba7493
Author: James Yonan <ja...@op...>
Date:   Sat Mar 26 21:16:40 2011 +0000

    Added "auth-token" client directive, which is intended to be
    pushed by server, and that is used to offer a temporary session
    token to clients that can be used in place of a password on
    subsequent credential challenges.
    
    This accomplishes the security benefit of preventing caching
    of the real password while offering most of the advantages
    of password caching, i.e. not forcing the user to re-enter
    credentials for every TLS renegotiation or network hiccup.
    
    auth-token does two things:
    
    1. if password caching is enabled, the token replaces the
       previous password, and
    
    2. if the management interface is active, the token is output
       to it:
    
         >PASSWORD:Auth-Token:<token>
    
    Also made a minor change to HALT/RESTART processing when password
    caching is enabled.  When client receives a HALT or RESTART message,
    and if the message text contains a flags block (i.e. [FFF]:message),
    if flag 'P' (preserve auth) is present in flags, don't purge the Auth
    password.  Otherwise do purge the Auth password.
    
    Version 2.1.3o
    
    
    git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7088 e7ae566f-a301-0410-adde-c780ea21d3b5

commit 1f001994070267d9d9016f0e5f13302de31e1284
Author: James Yonan <ja...@op...>
Date:   Fri Mar 25 11:06:16 2011 +0000

    win/sign.py now accepts an optional tap-dir argument.
    
    
    git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7086 e7ae566f-a301-0410-adde-c780ea21d3b5

commit 5d2e139852c5e89b592ccae746743efe9c3f61d3
Author: James Yonan <ja...@op...>
Date:   Mon Mar 21 09:00:39 2011 +0000

    Version 2.1.3n
    
    
    git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7069 e7ae566f-a301-0410-adde-c780ea21d3b5

commit 4ff5b53ff8a1d6232e21a3e8f0538dc87ca4920b
Author: James Yonan <ja...@op...>
Date:   Sun Mar 20 19:43:06 2011 +0000

    Client will now try to reconnect if no push reply received
    within handshake-window seconds.
    
    
    git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7066 e7ae566f-a301-0410-adde-c780ea21d3b5

commit e1b99e6b6630a81ffd3287bc11533707332d2dda
Author: James Yonan <ja...@op...>
Date:   Sun Mar 20 04:12:26 2011 +0000

    Extended "client-kill" management interface command (server-side)
    to accept an optional message string.  The message string format is:
    
      RESTART|HALT,<human-readable-message>
    
    RESTART will tell the client to restart (i.e. SIGUSR1).
    
    HALT will tell the client to exit (i.e. SIGTERM).
    
    On the client, human-readable-message will be communicated via
    management interface:
    
      >NOTIFY,<severity>,<type>,<human-readable-message>"
    
    Version 2.1.3m
    
    
    git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7063 e7ae566f-a301-0410-adde-c780ea21d3b5

commit 3530e5fba87dd060d8009bd57d1ba8976d0e8668
Author: James Yonan <ja...@op...>
Date:   Sun Mar 20 03:57:28 2011 +0000

    Fixed bug introduced in r7031 that might cause this error message:
    
    PORT SHARE: sendmsg failed (unable to communicate with background process)
    
    
    git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7062 e7ae566f-a301-0410-adde-c780ea21d3b5

commit ff65da3a230b658b2c1d52dc1a48612e80a2eb42
Author: James Yonan <ja...@op...>
Date:   Fri Mar 18 04:51:59 2011 +0000

    Fixed issue where a client might receive multiple push replies from
    a server if it sent multiple push requests due to the server being
    slow to respond.  This could cause the client to process pushed
    options twice, leading to duplicate pushed routes, among other issues.
    The fix, implemented server-side, is to reply only once to a push
    request even if multiple requests are received.
    
    
    git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7060 e7ae566f-a301-0410-adde-c780ea21d3b5

commit a74b741b6114d29ad68766139dbcd9dfcf715c4a
Author: James Yonan <ja...@op...>
Date:   Thu Mar 17 20:04:56 2011 +0000

    env_filter_match now includes the serial number of all certs
    in chain (as tls_serial_n vars), rather than only tls_serial_0.
    
    
    git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7055 e7ae566f-a301-0410-adde-c780ea21d3b5

commit 9df9e13f7c20e0c046b71de859e08a07edf0eb4f
Author: James Yonan <ja...@op...>
Date:   Tue Mar 15 05:06:23 2011 +0000

    Reduce log verbosity at level 3, with a focus on removing excessive log verbosity generated by port-share activity.
    
    Version 2.1.3k
    
    git-svn-id: http://svn.openvpn.net/projects/branches/BETA21@7033 e7ae566f-a301-0410-adde-c780ea21d3b5

commit 1c5ff7722dbd3e32aa3e5b7d5cb77773f083472d
Author: James Yonan <ja...@op...>
Date:   Sun Mar 13 06:59:25 2011 +0000

    Added optional journal directory argument to "port-share" directive, for reporting client IP origins of proxied connections.
    
    git-svn-id: http://svn.openvpn.net/projects/branches/BETA21@7031 e7ae566f-a301-0410-adde-c780ea21d3b5

commit 6c34e74f1340a72ab7dce077e4d326f03989322c
Author: James Yonan <ja...@op...>
Date:   Thu Mar 10 00:04:39 2011 +0000

    Added --enable-lzo-stub configure option to build an OpenVPN client without LZO, but that has limited interoperability with LZO-enabled servers.
    
    Modified "push-peer-info" option to push IV_LZO_STUB=1 to server when
    client was built with --enable-lzo-stub configure option.  This tells
    the server that the client lacks LZO capabilities, so the server
    should turn off LZO compression for this client via "lzo no".
    
    Added "setenv PUSH_PEER_INFO" option having the same effect as
    "push-peer-info".
    
    Version 2.1.3j
    
    git-svn-id: http://svn.openvpn.net/projects/branches/BETA21@7023 e7ae566f-a301-0410-adde-c780ea21d3b5

-----------------------------------------------------------------------


hooks/post-receive
-- 
OpenVPN with experimental and new features - which requires a lot of testing