openvpn-devel

[Openvpn-devel] New OpenVPN beta available for testing

[James Y. <ji...@nt...>]

This beta revamps SIGUSR1 signal processing to make it like SIGHUP except
with more fine-grained control over which OpenVPN subsystems are reset.  It
also allows a SIGUSR1 to be generated internally based on --ping
and --ping-restart.  The goal is to make OpenVPN as robust as possible on
dynamic networks where DHCP, NAT, and firewalls must all be negotiated in a
dynamic context.  The --persist-tun option allows a reset without closing
and reopening the tun device (which allows seamless connectivity through the
tunnel across DHCP resets).  The --persist-ip option allows for preservation
of remote IP address across DHCP resets.  This allows both OpenVPN peers to
be DHCP clients.

Also changed is the pthread handling in the configure script.  The script
now uses the ACX_PTHREAD macro from the autoconf macro archive to
intelligently figure out which cc/gcc option to use when building with POSIX
thread support.  Some problems were reported when trying to build OpenVPN
with pthread support using gcc3.

I expect to make a new release in a few days if no problems are encountered.

Here is the full change log:

* Added --ping-restart option to restart
  connection on ping timeout using SIGUSR1
  logic (Matthias Andree).
* Added --persist-tun and --persist-ip options
  for finer-grained control over SIGUSR1
  and --ping-restart restarts.  To
  replicate previous SIGUSR1 functionality,
  use --persist-ip.
* Changed residual IV fetching code to take
  IV from tail of ciphertext.
* Added check to make sure that CFB or OFB
  cipher modes are only used with SSL/TLS
  authentication mode, and added a caveat
  to INSTALL.
* Added RPM notes to INSTALL.
* Added ACX_PTHREAD (from the autoconf
  macro archive) to configure.ac
  to figure out the right pthread
  options for a given platform.
* Broke out macro definitions from
  configure.ac to acinclude.m4.
* All changes maintain protocol compatibility
  with 1.1.0+.

Download from CVS or:

http://openvpn.sourceforge.net/beta/openvpn-1.2.0.4.tar.gz

James

Re: [Openvpn-devel] New OpenVPN beta available for testing

[Alberto G. I. <ag...@ag...>]

On Sat, Jun 01, 2002 at 01:02:44PM -0600, James Yonan wrote:
> This beta revamps SIGUSR1 signal processing to make it like SIGHUP except
> with more fine-grained control over which OpenVPN subsystems are reset.  It
> also allows a SIGUSR1 to be generated internally based on --ping
> and --ping-restart.  The goal is to make OpenVPN as robust as possible on
> dynamic networks where DHCP, NAT, and firewalls must all be negotiated in a
> dynamic context.  The --persist-tun option allows a reset without closing
> and reopening the tun device (which allows seamless connectivity through the
> tunnel across DHCP resets).  The --persist-ip option allows for preservation
> of remote IP address across DHCP resets.  This allows both OpenVPN peers to
> be DHCP clients.
> 
> Also changed is the pthread handling in the configure script.  The script
> now uses the ACX_PTHREAD macro from the autoconf macro archive to
> intelligently figure out which cc/gcc option to use when building with POSIX
> thread support.  Some problems were reported when trying to build OpenVPN
> with pthread support using gcc3.
> 
> * Added ACX_PTHREAD (from the autoconf
>   macro archive) to configure.ac
>   to figure out the right pthread
>   options for a given platform.

Hi James,

I some archs in Debian build binary packages using gcc3, the following
patch solved the problem:

--- openvpn-1.2.0.orig/configure
+++ openvpn-1.2.0/configure
@@ -9716,7 +9716,7 @@
                CFLAGS="$CFLAGS -pthread"
                ;;
          *)
-               CFLAGS="$CFLAGS -pthread"
+               CFLAGS="$CFLAGS -lpthread"
                ;;
          esac

--- openvpn-1.2.0.orig/configure.ac
+++ openvpn-1.2.0/configure.ac
@@ -284,7 +284,7 @@
                CFLAGS="$CFLAGS -pthread"
                ;;
          *)
-               CFLAGS="$CFLAGS -pthread"
+               CFLAGS="$CFLAGS -lpthread"
                ;;


The new configure* scripts work flawlessly :-)

Regards,

Alberto

-- 
Alberto Gonzalez Iniesta       | They that give up essential liberty
ag...@ag...                     | to obtain a little temporary safety
Encrypted mail preferred       | deserve neither liberty nor safety.

Key fingerprint = 9782 04E7 2B75 405C F5E9  0C81 C514 AF8E 4BA4 01C3

Re: [Openvpn-devel] New OpenVPN beta available for testing

[James Y. <ji...@nt...>]

> > * Added ACX_PTHREAD (from the autoconf
> >   macro archive) to configure.ac
> >   to figure out the right pthread
> >   options for a given platform.
>
> Hi James,
>
> I some archs in Debian build binary packages using gcc3, the following
> patch solved the problem:
>
> --- openvpn-1.2.0.orig/configure
> +++ openvpn-1.2.0/configure
> @@ -9716,7 +9716,7 @@
>                 CFLAGS="$CFLAGS -pthread"
>                 ;;
>           *)
> -               CFLAGS="$CFLAGS -pthread"
> +               CFLAGS="$CFLAGS -lpthread"
>                 ;;
>           esac
>
> --- openvpn-1.2.0.orig/configure.ac
> +++ openvpn-1.2.0/configure.ac
> @@ -284,7 +284,7 @@
>                 CFLAGS="$CFLAGS -pthread"
>                 ;;
>           *)
> -               CFLAGS="$CFLAGS -pthread"
> +               CFLAGS="$CFLAGS -lpthread"
>                 ;;
>
>
> The new configure* scripts work flawlessly :-)

Cool!  I did see that patch over on Debian, unfortunately it's not a
portable solution...  I did some fishing and found ACX_PTHREAD which looks
like it's the Right way to do this.

James