Showing preview only (5,727K chars total). Download the full file or copy to clipboard to get everything.
Repository: OpenVPN/openvpn
Branch: master
Commit: a04a3cedd41a
Files: 522
Total size: 5.4 MB
Directory structure:
gitextract_yqj5celu/
├── .clang-format
├── .git-blame-ignore-revs
├── .gitattributes
├── .github/
│ ├── ISSUE_TEMPLATE/
│ │ └── bug_report.md
│ ├── PULL_REQUEST_TEMPLATE.md
│ └── workflows/
│ ├── build.yaml
│ ├── coverity-scan.yml
│ └── doxygen.yml
├── .gitignore
├── .mailmap
├── .pre-commit-config.yaml
├── .svncommitters
├── AUTHORS
├── CMakeLists.txt
├── CMakePresets.json
├── CONTRIBUTING.rst
├── COPYING
├── COPYRIGHT.GPL
├── ChangeLog
├── Changes.rst
├── INSTALL
├── Makefile.am
├── NEWS
├── PORTS
├── README
├── README.awslc
├── README.cmake.md
├── README.dco.md
├── README.ec
├── README.mbedtls
├── README.wolfssl
├── compat.m4
├── config.h.cmake.in
├── configure.ac
├── contrib/
│ ├── OCSP_check/
│ │ └── OCSP_check.sh
│ ├── README
│ ├── cmake/
│ │ ├── git-version.py
│ │ └── parse-version.m4.py
│ ├── extract-crl/
│ │ └── extractcrl.py
│ ├── multilevel-init.patch
│ ├── openvpn-fwmarkroute-1.00/
│ │ ├── README
│ │ ├── fwmarkroute.down
│ │ └── fwmarkroute.up
│ ├── vcpkg-manifests/
│ │ ├── mingw/
│ │ │ └── vcpkg.json
│ │ └── windows/
│ │ └── vcpkg.json
│ ├── vcpkg-ports/
│ │ └── pkcs11-helper/
│ │ ├── config-w32-vc.h.in-indicate-OpenSSL.patch
│ │ ├── nmake-compatibility-with-vcpkg-nmake.patch
│ │ ├── pkcs11-helper-001-RFC7512.patch
│ │ ├── portfile.cmake
│ │ └── vcpkg.json
│ └── vcpkg-triplets/
│ ├── arm64-windows-ovpn.cmake
│ ├── x64-mingw-ovpn.cmake
│ ├── x64-windows-ovpn.cmake
│ ├── x86-mingw-ovpn.cmake
│ └── x86-windows-ovpn.cmake
├── debug/
│ ├── doval
│ ├── dovalns
│ └── valgrind-suppress
├── dev-tools/
│ ├── gen-release-tarballs.sh
│ ├── gerrit-send-mail.py
│ ├── git-pre-commit-format.sh
│ └── update-copyright.sh
├── distro/
│ ├── Makefile.am
│ ├── dns-scripts/
│ │ ├── Makefile.am
│ │ ├── haikuos_file-dns-updown.sh
│ │ ├── macos-dns-updown.sh
│ │ ├── openresolv-dns-updown.sh
│ │ ├── resolvconf_file-dns-updown.sh
│ │ └── systemd-dns-updown.sh
│ └── systemd/
│ ├── Makefile.am
│ ├── README.systemd
│ ├── openvpn-client@.service.in
│ ├── openvpn-server@.service.in
│ └── tmpfiles-openvpn.conf
├── doc/
│ ├── CMakeLists.txt
│ ├── Makefile.am
│ ├── README.man
│ ├── README.plugins
│ ├── android.txt
│ ├── doxygen/
│ │ ├── Makefile.am
│ │ ├── doc_compression.h
│ │ ├── doc_control_processor.h
│ │ ├── doc_control_tls.h
│ │ ├── doc_data_control.h
│ │ ├── doc_data_crypto.h
│ │ ├── doc_eventloop.h
│ │ ├── doc_external_multiplexer.h
│ │ ├── doc_fragmentation.h
│ │ ├── doc_internal_multiplexer.h
│ │ ├── doc_key_generation.h
│ │ ├── doc_mainpage.h
│ │ ├── doc_memory_management.h
│ │ ├── doc_protocol_overview.h
│ │ ├── doc_reliable.h
│ │ ├── doc_tunnel_state.h
│ │ └── openvpn.doxyfile.in
│ ├── gui-notes.txt
│ ├── interactive-service-notes.rst
│ ├── keying-material-exporter.txt
│ ├── man-sections/
│ │ ├── advanced-options.rst
│ │ ├── cipher-negotiation.rst
│ │ ├── client-options.rst
│ │ ├── connection-profiles.rst
│ │ ├── encryption-options.rst
│ │ ├── example-fingerprint.rst
│ │ ├── examples.rst
│ │ ├── generic-options.rst
│ │ ├── inline-files.rst
│ │ ├── link-options.rst
│ │ ├── log-options.rst
│ │ ├── management-options.rst
│ │ ├── network-config.rst
│ │ ├── pkcs11-options.rst
│ │ ├── plugin-options.rst
│ │ ├── protocol-options.rst
│ │ ├── proxy-options.rst
│ │ ├── renegotiation.rst
│ │ ├── script-options.rst
│ │ ├── server-options.rst
│ │ ├── signals.rst
│ │ ├── tls-options.rst
│ │ ├── unsupported-options.rst
│ │ ├── virtual-routing-and-forwarding.rst
│ │ ├── vpn-network-options.rst
│ │ └── windows-options.rst
│ ├── management-notes.txt
│ ├── openvpn-examples.5.rst
│ ├── openvpn.8.rst
│ ├── t_server_null.rst
│ ├── tests/
│ │ └── authentication-plugins.md
│ └── tls-crypt-v2.txt
├── forked-test-driver
├── include/
│ ├── Makefile.am
│ ├── openvpn-msg.h
│ └── openvpn-plugin.h.in
├── ltrc.inc
├── m4/
│ ├── .keep
│ ├── ax_socklen_t.m4
│ └── pkg.m4
├── renovate.json
├── sample/
│ ├── Makefile.am
│ ├── sample-config-files/
│ │ ├── README
│ │ ├── client.conf
│ │ ├── firewall.sh
│ │ ├── loopback-client
│ │ ├── loopback-server
│ │ ├── openvpn-shutdown.sh
│ │ ├── openvpn-startup.sh
│ │ └── server.conf
│ ├── sample-keys/
│ │ ├── README
│ │ ├── ca.crt
│ │ ├── ca.key
│ │ ├── client-ec.crt
│ │ ├── client-ec.key
│ │ ├── client-pass.key
│ │ ├── client.crt
│ │ ├── client.key
│ │ ├── client.p12
│ │ ├── ffdhe2048.pem
│ │ ├── gen-sample-keys.sh
│ │ ├── openssl.cnf
│ │ ├── server-ec.crt
│ │ ├── server-ec.key
│ │ ├── server.crt
│ │ ├── server.key
│ │ └── ta.key
│ ├── sample-plugins/
│ │ ├── Makefile.am
│ │ ├── Makefile.plugins
│ │ ├── README
│ │ ├── client-connect/
│ │ │ ├── README
│ │ │ └── sample-client-connect.c
│ │ ├── defer/
│ │ │ ├── multi-auth.c
│ │ │ └── winbuild
│ │ ├── keying-material-exporter-demo/
│ │ │ ├── README
│ │ │ ├── client.ovpn
│ │ │ ├── http-client.py
│ │ │ ├── http-server.py
│ │ │ ├── keyingmaterialexporter.c
│ │ │ └── server.ovpn
│ │ ├── log/
│ │ │ ├── log.c
│ │ │ ├── log_v3.c
│ │ │ └── winbuild
│ │ └── simple/
│ │ ├── base64.c
│ │ ├── simple.c
│ │ ├── simple.def
│ │ └── winbuild
│ └── sample-scripts/
│ ├── auth-pam.pl
│ ├── bridge-start
│ ├── bridge-stop
│ ├── totpauth.py
│ ├── ucn.pl
│ └── verify-cn
├── src/
│ ├── Makefile.am
│ ├── compat/
│ │ ├── Makefile.am
│ │ ├── compat-basename.c
│ │ ├── compat-daemon.c
│ │ ├── compat-dirname.c
│ │ ├── compat-gettimeofday.c
│ │ ├── compat-strsep.c
│ │ └── compat.h
│ ├── openvpn/
│ │ ├── Makefile.am
│ │ ├── argv.c
│ │ ├── argv.h
│ │ ├── auth_token.c
│ │ ├── auth_token.h
│ │ ├── base64.c
│ │ ├── base64.h
│ │ ├── basic.h
│ │ ├── buffer.c
│ │ ├── buffer.h
│ │ ├── circ_list.h
│ │ ├── clinat.c
│ │ ├── clinat.h
│ │ ├── common.h
│ │ ├── comp-lz4.c
│ │ ├── comp-lz4.h
│ │ ├── comp.c
│ │ ├── comp.h
│ │ ├── compstub.c
│ │ ├── console.c
│ │ ├── console.h
│ │ ├── console_builtin.c
│ │ ├── console_systemd.c
│ │ ├── crypto.c
│ │ ├── crypto.h
│ │ ├── crypto_backend.h
│ │ ├── crypto_epoch.c
│ │ ├── crypto_epoch.h
│ │ ├── crypto_mbedtls.c
│ │ ├── crypto_mbedtls.h
│ │ ├── crypto_mbedtls_legacy.c
│ │ ├── crypto_mbedtls_legacy.h
│ │ ├── crypto_openssl.c
│ │ ├── crypto_openssl.h
│ │ ├── cryptoapi.c
│ │ ├── cryptoapi.h
│ │ ├── dco.c
│ │ ├── dco.h
│ │ ├── dco_freebsd.c
│ │ ├── dco_freebsd.h
│ │ ├── dco_internal.h
│ │ ├── dco_linux.c
│ │ ├── dco_linux.h
│ │ ├── dco_win.c
│ │ ├── dco_win.h
│ │ ├── dhcp.c
│ │ ├── dhcp.h
│ │ ├── dns.c
│ │ ├── dns.h
│ │ ├── domain_helper.h
│ │ ├── env_set.c
│ │ ├── env_set.h
│ │ ├── errlevel.h
│ │ ├── error.c
│ │ ├── error.h
│ │ ├── event.c
│ │ ├── event.h
│ │ ├── fdmisc.c
│ │ ├── fdmisc.h
│ │ ├── forward.c
│ │ ├── forward.h
│ │ ├── fragment.c
│ │ ├── fragment.h
│ │ ├── gremlin.c
│ │ ├── gremlin.h
│ │ ├── helper.c
│ │ ├── helper.h
│ │ ├── httpdigest.c
│ │ ├── httpdigest.h
│ │ ├── init.c
│ │ ├── init.h
│ │ ├── integer.h
│ │ ├── interval.c
│ │ ├── interval.h
│ │ ├── list.c
│ │ ├── list.h
│ │ ├── lladdr.c
│ │ ├── lladdr.h
│ │ ├── lzo.c
│ │ ├── lzo.h
│ │ ├── manage.c
│ │ ├── manage.h
│ │ ├── mbedtls_compat.h
│ │ ├── mbuf.c
│ │ ├── mbuf.h
│ │ ├── memdbg.h
│ │ ├── misc.c
│ │ ├── misc.h
│ │ ├── mroute.c
│ │ ├── mroute.h
│ │ ├── mss.c
│ │ ├── mss.h
│ │ ├── mtcp.c
│ │ ├── mtcp.h
│ │ ├── mtu.c
│ │ ├── mtu.h
│ │ ├── mudp.c
│ │ ├── mudp.h
│ │ ├── multi.c
│ │ ├── multi.h
│ │ ├── multi_io.c
│ │ ├── multi_io.h
│ │ ├── networking.h
│ │ ├── networking_freebsd.c
│ │ ├── networking_iproute2.c
│ │ ├── networking_iproute2.h
│ │ ├── networking_sitnl.c
│ │ ├── networking_sitnl.h
│ │ ├── occ.c
│ │ ├── occ.h
│ │ ├── openssl_compat.h
│ │ ├── openvpn.c
│ │ ├── openvpn.h
│ │ ├── openvpn.manifest
│ │ ├── openvpn_win32_resources.rc
│ │ ├── options.c
│ │ ├── options.h
│ │ ├── options_parse.c
│ │ ├── options_util.c
│ │ ├── options_util.h
│ │ ├── otime.c
│ │ ├── otime.h
│ │ ├── ovpn_dco_freebsd.h
│ │ ├── ovpn_dco_linux.h
│ │ ├── ovpn_dco_win.h
│ │ ├── packet_id.c
│ │ ├── packet_id.h
│ │ ├── ping.c
│ │ ├── ping.h
│ │ ├── pkcs11.c
│ │ ├── pkcs11.h
│ │ ├── pkcs11_backend.h
│ │ ├── pkcs11_mbedtls.c
│ │ ├── pkcs11_openssl.c
│ │ ├── platform.c
│ │ ├── platform.h
│ │ ├── plugin.c
│ │ ├── plugin.h
│ │ ├── pool.c
│ │ ├── pool.h
│ │ ├── proto.c
│ │ ├── proto.h
│ │ ├── proxy.c
│ │ ├── proxy.h
│ │ ├── ps.c
│ │ ├── ps.h
│ │ ├── push.c
│ │ ├── push.h
│ │ ├── push_util.c
│ │ ├── pushlist.h
│ │ ├── reflect_filter.c
│ │ ├── reflect_filter.h
│ │ ├── reliable.c
│ │ ├── reliable.h
│ │ ├── ring_buffer.h
│ │ ├── route.c
│ │ ├── route.h
│ │ ├── run_command.c
│ │ ├── run_command.h
│ │ ├── schedule.c
│ │ ├── schedule.h
│ │ ├── session_id.c
│ │ ├── session_id.h
│ │ ├── shaper.c
│ │ ├── shaper.h
│ │ ├── sig.c
│ │ ├── sig.h
│ │ ├── siphash.h
│ │ ├── siphash_reference.c
│ │ ├── socket.c
│ │ ├── socket.h
│ │ ├── socket_util.c
│ │ ├── socket_util.h
│ │ ├── socks.c
│ │ ├── socks.h
│ │ ├── ssl.c
│ │ ├── ssl.h
│ │ ├── ssl_backend.h
│ │ ├── ssl_common.h
│ │ ├── ssl_mbedtls.c
│ │ ├── ssl_mbedtls.h
│ │ ├── ssl_ncp.c
│ │ ├── ssl_ncp.h
│ │ ├── ssl_openssl.c
│ │ ├── ssl_openssl.h
│ │ ├── ssl_pkt.c
│ │ ├── ssl_pkt.h
│ │ ├── ssl_util.c
│ │ ├── ssl_util.h
│ │ ├── ssl_verify.c
│ │ ├── ssl_verify.h
│ │ ├── ssl_verify_backend.h
│ │ ├── ssl_verify_mbedtls.c
│ │ ├── ssl_verify_mbedtls.h
│ │ ├── ssl_verify_openssl.c
│ │ ├── ssl_verify_openssl.h
│ │ ├── status.c
│ │ ├── status.h
│ │ ├── syshead.h
│ │ ├── tls_crypt.c
│ │ ├── tls_crypt.h
│ │ ├── tun.c
│ │ ├── tun.h
│ │ ├── tun_afunix.c
│ │ ├── tun_afunix.h
│ │ ├── vlan.c
│ │ ├── vlan.h
│ │ ├── wfp_block.c
│ │ ├── wfp_block.h
│ │ ├── win32-util.c
│ │ ├── win32-util.h
│ │ ├── win32.c
│ │ ├── win32.h
│ │ ├── xkey_common.h
│ │ ├── xkey_helper.c
│ │ └── xkey_provider.c
│ ├── openvpnmsica/
│ │ ├── CMakeLists.txt
│ │ ├── Makefile.am
│ │ ├── dllmain.c
│ │ ├── msica_arg.c
│ │ ├── msica_arg.h
│ │ ├── msiex.c
│ │ ├── msiex.h
│ │ ├── openvpnmsica.c
│ │ ├── openvpnmsica.h
│ │ └── openvpnmsica_resources.rc
│ ├── openvpnserv/
│ │ ├── CMakeLists.txt
│ │ ├── Makefile.am
│ │ ├── common.c
│ │ ├── eventmsg.mc
│ │ ├── interactive.c
│ │ ├── openvpnserv_resources.rc
│ │ ├── service.c
│ │ ├── service.h
│ │ ├── validate.c
│ │ └── validate.h
│ ├── plugins/
│ │ ├── Makefile.am
│ │ ├── auth-pam/
│ │ │ ├── Makefile.am
│ │ │ ├── README.auth-pam
│ │ │ ├── auth-pam.c
│ │ │ ├── auth-pam.exports
│ │ │ ├── pamdl.c
│ │ │ ├── pamdl.h
│ │ │ ├── utils.c
│ │ │ └── utils.h
│ │ └── down-root/
│ │ ├── Makefile.am
│ │ ├── README.down-root
│ │ ├── down-root.c
│ │ └── down-root.exports
│ └── tapctl/
│ ├── CMakeLists.txt
│ ├── Makefile.am
│ ├── basic.h
│ ├── error.c
│ ├── error.h
│ ├── main.c
│ ├── tap.c
│ ├── tap.h
│ └── tapctl_resources.rc
├── tests/
│ ├── Makefile.am
│ ├── lwip_client_up.sh
│ ├── ntlm_support.c
│ ├── null_client_up.sh
│ ├── t_client.rc-sample
│ ├── t_client.sh.in
│ ├── t_cltsrv-down.sh
│ ├── t_cltsrv.sh
│ ├── t_lpback.sh
│ ├── t_net.sh
│ ├── t_server_null.rc-sample
│ ├── t_server_null.sh
│ ├── t_server_null_client.sh
│ ├── t_server_null_default.rc
│ ├── t_server_null_server.sh
│ ├── t_server_null_stress.sh
│ ├── unit_tests/
│ │ ├── Makefile.am
│ │ ├── README.md
│ │ ├── example_test/
│ │ │ ├── Makefile.am
│ │ │ ├── README.md
│ │ │ ├── test.c
│ │ │ └── test2.c
│ │ ├── openvpn/
│ │ │ ├── Makefile.am
│ │ │ ├── cert_data.h
│ │ │ ├── input/
│ │ │ │ ├── appears_empty.txt
│ │ │ │ ├── empty.txt
│ │ │ │ ├── leak_suppr.txt
│ │ │ │ ├── user_only.txt
│ │ │ │ └── user_pass.txt
│ │ │ ├── mock_get_random.c
│ │ │ ├── mock_management.c
│ │ │ ├── mock_msg.c
│ │ │ ├── mock_msg.h
│ │ │ ├── mock_ssl_dependencies.c
│ │ │ ├── mock_win32_execve.c
│ │ │ ├── pkey_test_utils.c
│ │ │ ├── test_argv.c
│ │ │ ├── test_auth_token.c
│ │ │ ├── test_buffer.c
│ │ │ ├── test_common.h
│ │ │ ├── test_crypto.c
│ │ │ ├── test_cryptoapi.c
│ │ │ ├── test_dhcp.c
│ │ │ ├── test_mbuf.c
│ │ │ ├── test_misc.c
│ │ │ ├── test_ncp.c
│ │ │ ├── test_networking.c
│ │ │ ├── test_options_parse.c
│ │ │ ├── test_packet_id.c
│ │ │ ├── test_pkcs11.c
│ │ │ ├── test_pkt.c
│ │ │ ├── test_provider.c
│ │ │ ├── test_push_update_msg.c
│ │ │ ├── test_socket.c
│ │ │ ├── test_ssl.c
│ │ │ ├── test_tls_crypt.c
│ │ │ └── test_user_pass.c
│ │ ├── openvpnserv/
│ │ │ ├── Makefile.am
│ │ │ └── test_openvpnserv.c
│ │ └── plugins/
│ │ ├── Makefile.am
│ │ └── auth-pam/
│ │ ├── Makefile.am
│ │ └── test_search_and_replace.c
│ └── update_t_client_ips.sh
└── version.m4
================================================
FILE CONTENTS
================================================
================================================
FILE: .clang-format
================================================
---
BasedOnStyle: Mozilla
AccessModifierOffset: '-4'
AlignAfterOpenBracket: Align
AlignConsecutiveMacros:
Enabled: true
AcrossEmptyLines: false
AcrossComments: true
AlignEscapedNewlines: Left
AlignOperands: true
AlignTrailingComments:
Kind: Always
OverEmptyLines: 1
AllowAllParametersOfDeclarationOnNextLine: true
AllowShortBlocksOnASingleLine: Never
AllowShortCaseLabelsOnASingleLine: false
AllowShortFunctionsOnASingleLine: None
AllowShortIfStatementsOnASingleLine: Never
AllowShortLoopsOnASingleLine: false
BinPackArguments: true
BinPackParameters: true
BreakAfterReturnType: AllDefinitions
BreakBeforeBinaryOperators: NonAssignment
BreakBeforeBraces: Allman
BreakBeforeTernaryOperators: true
BreakStringLiterals: false
ColumnLimit: '0'
ContinuationIndentWidth: '4'
DerivePointerAlignment: false
IndentCaseLabels: true
IndentGotoLabels: false
IndentWidth: '4'
IndentWrappedFunctionNames: false
InsertBraces: true
KeepEmptyLinesAtTheStartOfBlocks: false
MaxEmptyLinesToKeep: '2'
PointerAlignment: Right
ReflowComments: true
SortIncludes: false
SpaceAfterCStyleCast: false
SpaceBeforeAssignmentOperators: true
SpaceBeforeParens: ControlStatements
SpacesBeforeTrailingComments: '2'
SpacesInParens: Never
TabWidth: '4'
TypeNames: [DWORD]
UseTab: Never
WhitespaceSensitiveMacros: [_STRINGIFY]
---
Language: C
---
Language: Cpp
================================================
FILE: .git-blame-ignore-revs
================================================
# This FILE allows git blame to ignore reformatting changes and instead
# shows the previous commit that changed the line.
#
# To avoid manually building the list of commits this commit
# adds a file with a list of reformatting commits. TO use:
#
# git blame --ignore-revs-file=.git-blame-ignore-revs file
#
# or to automatically always use the file
#
# git config blame.ignoreRevsFile .git-blame-ignore-revs
# Uncrustify 2020/06... (engine, pool, SSO)
c1ff8f247f91c88a2df5502eeedf42857f9a6831
# Uncrustify the tests/unit_tests/ part of our tree.
da1574ef7826d73f01e120cbd1ba40ce39a305b7
# Another round of uncrustify code cleanup.
9cf7b4925a54d93fbea1cadcf3dc0e11f3ce358f
# networking_sitnl.c: uncrustify file
2c45d268ca65c522fbabb7c4dab5e721296b4623
# Uncrustify tapctl and openvpnmsica
6280d3d5536174934ee22d3840457d61896e0e3a
# tun.c: uncrustify
baef44fc8769bbd99f4d699ce9f63180c29a5455
# networking_sitnl.c: uncrustify file
2c45d268ca65c522fbabb7c4dab5e721296b4623
# uncrustify openvpn sources
f57431cdc88f22fa4d7962946f0d3187fe058539
# More broadly enforce Allman style and braces-around-conditionals
4cd4899e8e80efae03c584a760fd107251735723
# The Great Reformatting - first phase
81d882d5302b8b647202a6893b57dfdc61fd6df2
# Fix trailing-whitespace errors in last patch.
3282632d9325267c850072db7545a884a1637f51
# The Great Reformatting of 2022
abe49856d81f51136d543539202a0bf8fb946474
# Reformat for sp_after_comma=add
e51d9a73693ee742b36e19fb1718e5e27167831d
# The Great Reformatting of 2025, switching to clang-format
3cca3367e6e0ffeccb8e39cb2c739d1dcb086701
# Switching to ColumnLimit 0 for clang-format
21f7d6e1ad65b1f7db673bc98764dc7325858e0b
================================================
FILE: .gitattributes
================================================
*.c eol=lf
*.h eol=lf
*.rc eol=lf
*.txt eol=lf
*.bat eol=lf
*.vc*proj* eol=crlf
*.sln eol=crlf
================================================
FILE: .github/ISSUE_TEMPLATE/bug_report.md
================================================
---
name: Bug report
about: Create a report to help us improve
title: ''
labels: ''
assignees: ''
---
**IMPORTANT NOTE**
Bugs about OpenVPN Access Server, OpenVPN Connect or any other product by OpenVPN Inc. should be directly reported to OpenVPN Inc. at https://support.openvpn.net
**Describe the bug**
A clear and concise description of what the bug is.
**To Reproduce**
Steps to reproduce the behavior. Please make sure to not post any secrets like keys and passwords.
**Expected behavior**
A clear and concise description of what you expected to happen.
**Version information (please complete the following information):**
- OS: [e.g. Ubuntu 22.04]
- OpenVPN version: [e.g. 2.5.8]
- Repeat for peer if relevant
**Additional context**
Add any other context about the problem here.
================================================
FILE: .github/PULL_REQUEST_TEMPLATE.md
================================================
# Thank you for your contribution
You are welcome to open PR, but they are used for discussion only. All
patches must eventually go to the openvpn-devel mailing list for review:
* https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Please send your patch using [git-send-email](https://git-scm.com/docs/git-send-email). For example to send your latest commit to the list:
$ git send-email --to=openvpn-devel@lists.sourceforge.net HEAD~1
For details, see these Wiki articles:
* https://community.openvpn.net/openvpn/wiki/DeveloperDocumentation
* https://community.openvpn.net/openvpn/wiki/Contributing
================================================
FILE: .github/workflows/build.yaml
================================================
# The name of our workflow
name: Build
on:
push:
pull_request:
jobs:
clang-format:
name: Check code style with clang-format
runs-on: ubuntu-24.04
steps:
- name: Install dependencies
run: |
sudo apt update && sudo apt install -y python3-pip
pip3 install pre-commit
- name: Checkout OpenVPN
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Run clang-format
run: pre-commit run -a --show-diff-on-failure || true
- name: Check for changes
run: git diff --output=format-changes.patch
- uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
with:
name: format-changes.patch
path: format-changes.patch
- name: Set job status
run: test ! -s format-changes.patch
android:
strategy:
fail-fast: false
matrix:
abi: [ arm64-v8a ]
include:
- abi: arm64-v8a
vcpkg_triplet: arm64-android
runs-on: ubuntu-24.04
name: "Android - ${{ matrix.abi }}"
# Github images already setup NDK with ANDROID_NDK_ROOT pointing to the root
# of the SDK
env:
VCPKG_DEFAULT_TRIPLET: ${{ matrix.vcpkg_triplet }}
VCPKG_ROOT: ${{ github.workspace }}/vcpkg
VCPKG_INSTALLED_DIR: ${{ github.workspace }}/vcpkg/installed
steps:
- name: Checkout OpenVPN
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: lukka/get-cmake@f176ccd3f28bda569c43aae4894f06b2435a3375 # v4.2.3
- name: Install vcpkg
uses: lukka/run-vcpkg@5e0cab206a5ea620130caf672fce3e4a6b5666a1 # v11.5
with:
vcpkgGitCommitId: e5a1490e1409d175932ef6014519e9ae149ddb7c
- name: Install dependencies
run: ${VCPKG_ROOT}/vcpkg install openssl lz4 cmocka
- name: configure OpenVPN with cmake
run: |
cmake -S . -B openvpn-build -DUNSUPPORTED_BUILDS=yes \
-DCMAKE_SYSTEM_NAME=Android -DCMAKE_SYSTEM_VERSION=28 \
-DCMAKE_ANDROID_ARCH_ABI=${{ matrix.abi }} \
-DOPENSSL_ROOT_DIR=${VCPKG_INSTALLED_DIR}/${{ matrix.vcpkg_triplet }} \
-DENABLE_PKCS11=false -DBUILD_TESTING=true -DENABLE_LZO=false
- name: Build OpenVPN Android binary with cmake
run: cmake --build openvpn-build
mingw:
strategy:
fail-fast: false
matrix:
arch: [x86, x64]
build: [Release, Debug]
name: "gcc-mingw - ${{ matrix.arch }} - ${{matrix.build }} - OSSL"
runs-on: ubuntu-24.04
env:
VCPKG_ROOT: ${{ github.workspace }}/vcpkg
steps:
- name: Install dependencies
run: sudo apt update && sudo apt install -y mingw-w64 unzip build-essential wget python3-docutils man2html-base
- name: Checkout OpenVPN
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: lukka/get-cmake@f176ccd3f28bda569c43aae4894f06b2435a3375 # v4.2.3
- name: Restore from cache and install vcpkg
uses: lukka/run-vcpkg@5e0cab206a5ea620130caf672fce3e4a6b5666a1 # v11.5
with:
vcpkgGitCommitId: e5a1490e1409d175932ef6014519e9ae149ddb7c
vcpkgJsonGlob: '**/mingw/vcpkg.json'
- name: Run CMake with vcpkg.json manifest
uses: lukka/run-cmake@af1be47fd7c933593f687731bc6fdbee024d3ff4 # v10.8
with:
configurePreset: mingw-${{ matrix.arch }}
buildPreset: mingw-${{ matrix.arch }}
buildPresetAdditionalArgs: "['--config ${{ matrix.build }}']"
- uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
with:
name: openvpn-mingw-${{ matrix.arch }}-${{ matrix.build }}
path: |
${{ github.workspace }}/out/build/mingw/${{ matrix.arch }}/**/${{ matrix.build }}/*.exe
${{ github.workspace }}/out/build/mingw/${{ matrix.arch }}/**/${{ matrix.build }}/*.dll
!${{ github.workspace }}/out/build/mingw/${{ matrix.arch }}/**/${{ matrix.build }}/test_*.exe
- uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
with:
name: openvpn-mingw-${{ matrix.arch }}-${{ matrix.build }}-tests
path: |
${{ github.workspace }}/out/build/mingw/${{ matrix.arch }}/**/${{ matrix.build }}/test_*.exe
${{ github.workspace }}/out/build/mingw/${{ matrix.arch }}/${{ matrix.build }}/*.dll
mingw-unittest:
needs: [ mingw ]
strategy:
fail-fast: false
matrix:
arch: [x86, x64]
test: [argv, auth_token, buffer, cryptoapi, crypto, misc, options_parse, ncp, openvpnserv, packet_id, pkt, provider, ssl, tls_crypt, user_pass]
build: [Release, Debug]
runs-on: windows-2025
name: "mingw unittest ${{ matrix.test }} - ${{ matrix.arch }} - ${{ matrix.build }} - OSSL"
steps:
- name: Checkout OpenVPN
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Retrieve mingw unittest
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
with:
name: openvpn-mingw-${{ matrix.arch }}-${{ matrix.build }}-tests
path: unittests
- name: Run ${{ matrix.test }} unit test
run: |
$test_file=(Get-ChildItem -Path unittests -Filter test_${{ matrix.test }}.exe -Recurse).fullname
& $test_file
env:
srcdir: "${{ github.workspace }}/tests/unit_tests/openvpn"
ubuntu:
strategy:
fail-fast: false
matrix:
os: [ubuntu-22.04, ubuntu-24.04]
sslpkg: [libssl-dev]
ssllib: [openssl]
include:
- os: ubuntu-22.04
libname: OpenSSL 3.0.2
pkcs11pkg: "libpkcs11-helper1-dev softhsm2 gnutls-bin"
extraconf: --enable-pkcs11
- os: ubuntu-24.04
libname: OpenSSL 3.0.13
pkcs11pkg: "libpkcs11-helper1-dev softhsm2 gnutls-bin"
extraconf: --enable-pkcs11
name: "gcc - ${{matrix.os}} - ${{matrix.libname}} ${{matrix.extraconf}}"
env:
SSLPKG: "${{matrix.sslpkg}}"
PKCS11PKG: "${{matrix.pkcs11pkg}}"
runs-on: ${{matrix.os}}
steps:
- name: Install dependencies
run: sudo apt update && sudo apt install -y liblzo2-dev libpam0g-dev liblz4-dev libcap-ng-dev libnl-genl-3-dev linux-libc-dev man2html libcmocka-dev python3-docutils libtool automake autoconf ${SSLPKG} ${PKCS11PKG}
- name: Checkout OpenVPN
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: autoconf
run: autoreconf -fvi
- name: configure
run: ./configure --with-crypto-library=${{matrix.ssllib}} ${{matrix.extraconf}} --enable-werror
- name: make all
run: make -j3
- name: configure checks
if: ${{ matrix.extraconf != '--disable-management' }}
run: echo 'RUN_SUDO="sudo -E"' >tests/t_server_null.rc
- name: make check
run: make -j3 check VERBOSE=1
ubuntu-clang-asan:
strategy:
fail-fast: false
matrix:
os: [ubuntu-22.04, ubuntu-24.04]
ssllib: [openssl]
name: "clang-asan - ${{matrix.os}} - ${{matrix.ssllib}}"
env:
UBSAN_OPTIONS: print_stacktrace=1
runs-on: ${{matrix.os}}
steps:
- name: Install dependencies
run: sudo apt update && sudo apt install -y liblzo2-dev libpam0g-dev liblz4-dev libcap-ng-dev libnl-genl-3-dev linux-libc-dev man2html clang libcmocka-dev python3-docutils libtool automake autoconf
- name: Checkout OpenVPN
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: autoconf
run: autoreconf -fvi
- name: configure
run: CFLAGS="-fsanitize=address,undefined -fno-sanitize-recover=all -fno-omit-frame-pointer -O2" CC=clang ./configure --with-crypto-library=${{matrix.ssllib}} --enable-werror
- name: make all
run: make -j3
- name: configure checks
run: echo 'RUN_SUDO="sudo -E"' >tests/t_server_null.rc
- name: make check
run: make -j3 check VERBOSE=1
macos:
strategy:
fail-fast: false
matrix:
ssllib: [openssl@3, libressl]
build: [normal, asan]
os: [macos-14, macos-15, macos-26]
include:
- build: asan
cflags: "-fsanitize=address,undefined -fno-sanitize-recover=all -fno-optimize-sibling-calls -fsanitize-address-use-after-scope -fno-omit-frame-pointer -g -O1"
ldflags: -fsanitize=address,undefined -fno-sanitize-recover=all
# Our build system ignores LDFLAGS for plugins
configureflags: --disable-plugin-auth-pam --disable-plugin-down-root
- build: normal
cflags: "-O2 -g"
ldflags: ""
configureflags: ""
runs-on: ${{matrix.os}}
name: "${{matrix.os}} - ${{matrix.ssllib}} - ${{matrix.build}}"
env:
CFLAGS: ${{ matrix.cflags }}
LDFLAGS: ${{ matrix.ldflags }}
UBSAN_OPTIONS: print_stacktrace=1
steps:
- name: Install dependencies
run: brew install ${{matrix.ssllib}} lzo lz4 man2html cmocka libtool automake autoconf
- name: Checkout OpenVPN
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Set environment
run: |
cat >>$GITHUB_ENV <<EOF;
OPENSSL_CFLAGS=-I$(brew --prefix ${{matrix.ssllib}})/include
OPENSSL_LIBS=-L$(brew --prefix ${{matrix.ssllib}})/lib -lcrypto -lssl
LZO_CFLAGS=-I$(brew --prefix lzo)/include
LZO_LIBS=-L$(brew --prefix lzo)/lib -llzo2
EOF
- name: autoconf
run: autoreconf -fvi
- name: configure
run: ./configure --enable-werror ${{matrix.configureflags}}
- name: make all
run: make -j4
- name: configure checks
run: echo 'RUN_SUDO="sudo -E"' >tests/t_server_null.rc
- name: make check
run: make -j4 check VERBOSE=1
msvc:
strategy:
fail-fast: false
matrix:
arch: [amd64, x86, arm64, amd64-clang, x86-clang]
name: "msbuild - ${{ matrix.arch }} - openssl"
env:
BUILD_CONFIGURATION: Release
runs-on: windows-2025
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: lukka/get-cmake@f176ccd3f28bda569c43aae4894f06b2435a3375 # v4.2.3
- name: Install rst2html
run: python -m pip install --upgrade pip docutils
- name: Restore artifacts, or setup vcpkg (do not install any package)
uses: lukka/run-vcpkg@5e0cab206a5ea620130caf672fce3e4a6b5666a1 # v11.5
with:
vcpkgGitCommitId: e5a1490e1409d175932ef6014519e9ae149ddb7c
vcpkgJsonGlob: '**/windows/vcpkg.json'
- name: Run CMake with vcpkg.json manifest (NO TESTS)
uses: lukka/run-cmake@af1be47fd7c933593f687731bc6fdbee024d3ff4 # v10.8
if: ${{ matrix.arch == 'arm64' }}
with:
configurePreset: win-${{ matrix.arch }}-release
buildPreset: win-${{ matrix.arch }}-release
- name: Run CMake with vcpkg.json manifest
uses: lukka/run-cmake@af1be47fd7c933593f687731bc6fdbee024d3ff4 # v10.8
if: ${{ matrix.arch != 'arm64' }}
with:
configurePreset: win-${{ matrix.arch }}-release
buildPreset: win-${{ matrix.arch }}-release
testPreset: win-${{ matrix.arch }}-release
testPresetAdditionalArgs: "['--output-on-failure']"
- uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
with:
name: openvpn-msvc-${{ matrix.arch }}
path: |
${{ github.workspace }}/out/**/*.exe
${{ github.workspace }}/out/**/*.dll
!${{ github.workspace }}/out/**/test_*.exe
!${{ github.workspace }}/out/**/CMakeFiles/**
!${{ github.workspace }}/out/**/vcpkg_installed/**
libressl:
strategy:
fail-fast: false
matrix:
os: [ubuntu-24.04]
ssllib: [libressl]
build: [ normal, asan ]
configureflags: ["--with-openssl-engine=no"]
include:
- build: asan
cflags: "-fsanitize=address -fno-sanitize-recover=all -fno-optimize-sibling-calls -fsanitize-address-use-after-scope -fno-omit-frame-pointer -g -O1"
ldflags: -fsanitize=address -fno-sanitize-recover=all
cc: clang
- build: normal
cflags: "-O2 -g"
ldflags: ""
cc: gcc
name: "${{matrix.cc}} ${{matrix.build}} - ${{matrix.os}} - ${{matrix.ssllib}}"
runs-on: ${{matrix.os}}
env:
CFLAGS: ${{ matrix.cflags }}
LDFLAGS: ${{ matrix.ldflags }}
CC: ${{matrix.cc}}
UBSAN_OPTIONS: print_stacktrace=1
steps:
- name: Install dependencies
run: sudo apt update && sudo apt install -y liblzo2-dev libpam0g-dev liblz4-dev linux-libc-dev man2html clang libcmocka-dev python3-docutils libtool automake autoconf pkg-config libcap-ng-dev libnl-genl-3-dev
- name: "libressl: checkout"
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
path: libressl
# versioning=semver-coerced
repository: libressl/portable
ref: v4.2.1
- name: "libressl: autogen.sh"
env:
LIBRESSL_GIT_OPTIONS: "--no-single-branch"
run: ./autogen.sh
working-directory: libressl
- name: "libressl: configure"
run: ./configure
working-directory: libressl
- name: "libressl: make all"
run: make -j3
working-directory: libressl
- name: "libressl: make install"
run: sudo make install
working-directory: libressl
- name: "ldconfig"
run: sudo ldconfig
- name: Checkout OpenVPN
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: autoconf
run: autoreconf -fvi
- name: configure
run: ./configure --with-crypto-library=openssl ${{matrix.configureflags}} --enable-werror
- name: make all
run: make -j3
- name: Ensure the build uses LibreSSL
run: |
./src/openvpn/openvpn --version
./src/openvpn/openvpn --version | grep -q "library versions: LibreSSL"
- name: configure checks
run: echo 'RUN_SUDO="sudo -E"' >tests/t_server_null.rc
- name: make check
run: make -j3 check VERBOSE=1
mbedtls4:
strategy:
fail-fast: false
matrix:
os: [ubuntu-24.04]
ssllib: [mbedtls4]
build: [ normal, asan ]
include:
- build: asan
cflags: "-fsanitize=address -fno-sanitize-recover=all -fno-optimize-sibling-calls -fsanitize-address-use-after-scope -fno-omit-frame-pointer -g -O1"
ldflags: -fsanitize=address -fno-sanitize-recover=all
cc: clang
- build: normal
cflags: "-O2 -g"
ldflags: ""
cc: gcc
name: "${{matrix.cc}} ${{matrix.build}} - ${{matrix.os}} - ${{matrix.ssllib}}"
runs-on: ${{matrix.os}}
env:
CFLAGS: ${{ matrix.cflags }}
LDFLAGS: ${{ matrix.ldflags }}
CC: ${{matrix.cc}}
UBSAN_OPTIONS: print_stacktrace=1
steps:
- name: Install dependencies
run: sudo apt update && sudo apt install -y liblzo2-dev libpam0g-dev liblz4-dev linux-libc-dev man2html clang libcmocka-dev python3-docutils python3-jinja2 python3-jsonschema libtool automake autoconf pkg-config libcap-ng-dev libnl-genl-3-dev
- name: "mbedtls: checkout"
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
path: mbedtls
submodules: recursive
# versioning=semver-coerced
repository: Mbed-TLS/mbedtls
ref: v4.0.0
- uses: lukka/get-cmake@f176ccd3f28bda569c43aae4894f06b2435a3375 # v4.2.3
- name: "mbedtls: cmake"
run: cmake -B build
working-directory: mbedtls
- name: "mbedtls: cmake --build"
run: cmake --build build
working-directory: mbedtls
- name: "mbedtls: cmake --install"
run: sudo cmake --install build --prefix /usr
working-directory: mbedtls
- name: Checkout OpenVPN
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: autoconf
run: autoreconf -fvi
- name: configure
run: ./configure --with-crypto-library=mbedtls --enable-werror
- name: make all
run: make -j3
- name: Ensure the build uses mbed TLS 4.x
run: |
./src/openvpn/openvpn --version
./src/openvpn/openvpn --version | grep -q "library versions: mbed TLS 4."
- name: configure checks
run: echo 'RUN_SUDO="sudo -E"' >tests/t_server_null.rc
- name: make check
run: make -j3 check VERBOSE=1
aws-lc:
strategy:
fail-fast: false
matrix:
os: [ubuntu-24.04]
ssllib: [ awslc ]
build: [ normal, asan ]
include:
- build: asan
cflags: "-fsanitize=address -fno-sanitize-recover=all -fno-optimize-sibling-calls -fsanitize-address-use-after-scope -fno-omit-frame-pointer -g -O1"
ldflags: -fsanitize=address -fno-sanitize-recover=all
cc: clang
cxx: clang++
- build: normal
cflags: "-O2 -g"
ldflags: ""
cc: gcc
cxx: c++
name: "${{matrix.cc}} ${{matrix.build}} - ${{matrix.os}} - ${{matrix.ssllib}}"
runs-on: ${{matrix.os}}
env:
CFLAGS: ${{ matrix.cflags }}
LDFLAGS: ${{ matrix.ldflags }}
CC: ${{matrix.cc}}
CXX: ${{matrix.cxx}}
UBSAN_OPTIONS: print_stacktrace=1
AWS_LC_INSTALL: /opt/aws-lc
steps:
- name: Install dependencies
run: sudo apt update && sudo apt install -y gcc golang make liblzo2-dev libpam0g-dev liblz4-dev linux-libc-dev man2html clang libcmocka-dev python3-docutils python3-jinja2 python3-jsonschema libtool automake autoconf pkg-config libcap-ng-dev libnl-genl-3-dev
- name: "AWS-LC: checkout"
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
path: aws-lc
# versioning=semver-coerced
repository: aws/aws-lc
ref: v1.70.0
- uses: lukka/get-cmake@f176ccd3f28bda569c43aae4894f06b2435a3375 # v4.2.3
- name: "AWS-LC: build"
run: |
mkdir build
cd build
cmake -GNinja -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX="${{ env.AWS_LC_INSTALL }}" -DBUILD_SHARED_LIBS=1 ../
ninja install
working-directory: aws-lc
- name: Checkout OpenVPN
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: autoconf
run: autoreconf -fvi
- name: configure with AWS-LC
run: |
OPENSSL_CFLAGS="-I${{ env.AWS_LC_INSTALL }}/include" \
OPENSSL_LIBS="-L${{ env.AWS_LC_INSTALL }}/lib -lssl -lcrypto" \
LDFLAGS="-Wl,-rpath=${{ env.AWS_LC_INSTALL }}/lib" \
./configure --with-crypto-library=openssl
- name: make all
run: make -j3
- name: Ensure the build uses AWS-LC
run: |
./src/openvpn/openvpn --version
./src/openvpn/openvpn --version | grep -q "library versions: AWS-LC"
- name: configure checks
run: echo 'RUN_SUDO="sudo -E"' >tests/t_server_null.rc
- name: make check
run: make -j3 check VERBOSE=1
================================================
FILE: .github/workflows/coverity-scan.yml
================================================
name: coverity-scan
on:
schedule:
- cron: '0 20 * * *' # Daily at 20:00 UTC
workflow_dispatch:
jobs:
latest:
# Running coverity requires the secrets.COVERITY_SCAN_TOKEN token
# which is only available on the main repository
if: github.repository_owner == 'OpenVPN'
runs-on: ubuntu-24.04
steps:
- name: Check submission cache
id: check_submit
uses: actions/cache/restore@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
with:
path: |
cov-int
key: check-submit-${{ github.sha }}
- name: Install dependencies
if: steps.check_submit.outputs.cache-hit != 'true'
run: sudo apt update && sudo apt install -y liblzo2-dev libpam0g-dev liblz4-dev libcap-ng-dev libnl-genl-3-dev linux-libc-dev man2html libcmocka-dev python3-docutils libtool automake autoconf libssl-dev libpkcs11-helper1-dev softhsm2 gnutls-bin
- name: Checkout OpenVPN
if: steps.check_submit.outputs.cache-hit != 'true'
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Download Coverity Build Tool
if: steps.check_submit.outputs.cache-hit != 'true'
run: |
wget -q https://scan.coverity.com/download/cxx/linux64 --post-data "token=$TOKEN&project=OpenVPN%2Fopenvpn" -O cov-analysis-linux64.tar.gz
mkdir cov-analysis-linux64
tar xzf cov-analysis-linux64.tar.gz --strip 1 -C cov-analysis-linux64
env:
TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
- name: autoconf
if: steps.check_submit.outputs.cache-hit != 'true'
run: autoreconf -fvi
- name: configure
if: steps.check_submit.outputs.cache-hit != 'true'
run: ./configure --enable-pkcs11
- name: Build with cov-build
if: steps.check_submit.outputs.cache-hit != 'true'
run: |
PATH=`pwd`/cov-analysis-linux64/bin:$PATH
cov-build --dir cov-int make
- name: Submit the result to Coverity Scan
if: steps.check_submit.outputs.cache-hit != 'true'
run: |
tar czvf openvpn.tgz cov-int
curl --form token=$TOKEN \
--form email=$EMAIL \
--form file=@openvpn.tgz \
--form version="$GITHUB_SHA" \
--form description="master" \
https://scan.coverity.com/builds?project=OpenVPN%2Fopenvpn
env:
TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
EMAIL: ${{ secrets.COVERITY_SCAN_EMAIL }}
- name: Cache submission
if: steps.check_submit.outputs.cache-hit != 'true'
uses: actions/cache/save@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
with:
path: |
cov-int
key: ${{ steps.check_submit.outputs.cache-primary-key }}
================================================
FILE: .github/workflows/doxygen.yml
================================================
name: Deploy Doxygen documentation to Pages
on:
push:
branches: ["master"]
workflow_dispatch:
concurrency:
group: "pages"
cancel-in-progress: false
jobs:
build:
runs-on: ubuntu-24.04
if: ${{ github.repository_owner == 'openvpn' || github.event_name == 'workflow_dispatch' }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
path: openvpn
- name: Install dependencies
run: |
sudo apt update
sudo apt install -y --no-install-recommends \
build-essential doxygen graphviz \
liblzo2-dev libpam0g-dev liblz4-dev libcap-ng-dev libnl-genl-3-dev linux-libc-dev man2html libcmocka-dev python3-docutils libtool automake autoconf libssl-dev
- name: Build Doxygen documentation
id: build
run: |
cd openvpn
autoreconf -f -i
cd ..
mkdir doxygen
cd doxygen
../openvpn/configure
make doxygen
touch doc/doxygen/html/.nojekyll
- name: Upload static files as artifact
id: deployment
uses: actions/upload-pages-artifact@7b1f4a764d45c48632c6b24a0339c27f5614fb0b # v4.0.0
with:
path: doxygen/doc/doxygen/html/
deploy:
needs: build
permissions:
pages: write # to deploy to Pages
id-token: write # to verify the deployment originates from an appropriate source
environment:
name: github-pages
url: ${{ steps.deployment.outputs.page_url }}
runs-on: ubuntu-24.04
steps:
- name: Deploy to GitHub Pages
id: deployment
uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4.0.5
================================================
FILE: .gitignore
================================================
*.[oa]
*.l[oa]
*.dll
*.exe
*.exe.*
*.obj
*.pyc
*.so
*~
*.idb
*.suo
*.ncb
*.log
out
.vs
.deps
.libs
Makefile
Makefile.in
aclocal.m4
autodefs.h
autom4te.cache
config.guess
config.h
config.h.in
config.log
config.status
config.sub
configure
configure.h
depcomp
stamp-h1
install-sh
missing
ltmain.sh
libtool
m4/libtool.m4
m4/ltoptions.m4
m4/ltsugar.m4
m4/ltversion.m4
m4/lt~obsolete.m4
build
doc/openvpn-examples.5
doc/openvpn-examples.5.html
doc/openvpn.8
doc/openvpn.8.html
/doc/doxygen/html/
/doc/doxygen/latex/
/doc/doxygen/openvpn.doxyfile
distro/systemd/*.service
distro/dns-scripts/dns-updown
sample/sample-keys/sample-ca/
vendor/cmocka_build
vendor/dist
tests/t_client.sh
tests/t_client-*-20??????-??????/
tests/t_server_null.rc
t_client.rc
t_client_ips.rc
tests/unit_tests/**/*_testdriver
src/openvpn/openvpn
include/openvpn-plugin.h
config-version.h
nbproject
test-driver
compile
stamp-h2
================================================
FILE: .mailmap
================================================
Adriaan de Jong <dejong@fox-it.com> <adriaan@adriaan-VirtualBox.(none)>
David Sommerseth <dazo@eurephia.net> <dazo@users.sourceforge.net>
Gert Doering <gert@greenie.muc.de> <gd@medat.de>
Gert Doering <gert@greenie.muc.de> <gert@fbsd74.ov.greenie.net>
Gert Doering <gert@greenie.muc.de> <gert@fbsd90.ov.greenie.net>
Gert Doering <gert@greenie.muc.de> <gert@mobile.greenie.muc.de>
James Yonan <james@openvpn.net> <james@e7ae566f-a301-0410-adde-c780ea21d3b5>
Jan Just Keijser <janjust@nikhef.nl> <janjust@nikhef.nl>
JuanJo Ciarlante <jjo@google.com> <jjo+ml@google.com>
Karl O. Pinc <kop@meme.com> <kop@mofo.meme.com>
Robert Fischer <ml-openvpn@trispace.org> <ml-openvpn@trispace.org>
Samuli Seppänen <samuli@openvpn.net> <samuli@openvpn.net>
Seth Mos <seth.mos@dds.nl> <seth.mos@dds.nl>
================================================
FILE: .pre-commit-config.yaml
================================================
repos:
- repo: https://github.com/pre-commit/mirrors-clang-format
rev: 'v21.1.8'
hooks:
- id: clang-format
files: \.[ch]$
# preserve upstream formatting
exclude: ^(src/compat/compat-lz4\.[ch]|src/openvpn/ovpn_dco_(linux|win)\.h)$
================================================
FILE: .svncommitters
================================================
james = James Yonan <james@openvpn.net>
================================================
FILE: AUTHORS
================================================
James Yonan <jim@yonan.net>
================================================
FILE: CMakeLists.txt
================================================
cmake_minimum_required(VERSION 3.14)
set(CMAKE_CONFIGURATION_TYPES "Release;Debug;ASAN")
project(openvpn)
# This CMake file implements building OpenVPN with CMAKE
#
# Note that this is *NOT* the official way to build openvpn on anything
# other than Windows/mingw despite working on other platforms too. You will need
# to add -DUNSUPPORTED_BUILDS=true to build on non Windows platforms.
#
# This cmake also makes a few assertions like lzo, lz4 being used
# and OpenSSL having version 1.1.1+ and generally does not offer the same
# configurability like autoconf
find_package(PkgConfig REQUIRED)
include(CheckSymbolExists)
include(CheckIncludeFiles)
include(CheckCCompilerFlag)
include(CheckLinkerFlag OPTIONAL)
include(CheckTypeSize)
include(CheckStructHasMember)
include(CTest)
option(UNSUPPORTED_BUILDS "Allow unsupported builds" OFF)
if (NOT WIN32 AND NOT ${UNSUPPORTED_BUILDS})
message(FATAL_ERROR "Note: on Unix platform the official and supported build method is using autoconfig. CMake based build should be only used for Windows and internal testing/development.")
endif()
if (EXISTS "${CMAKE_CURRENT_SOURCE_DIR}/config.h")
message(FATAL_ERROR "The top level source directory has a config.h file. Note that you can't mix in-tree autoconfig builds with out-of-tree cmake builds.")
endif ()
option(MBED "BUILD with mbed" OFF)
set(MBED_INCLUDE_PATH "" CACHE STRING "Path to mbed TLS include directory")
set(MBED_LIBRARY_PATH "" CACHE STRING "Path to mbed library directory")
option(WOLFSSL "BUILD with wolfSSL" OFF)
option(ENABLE_LZ4 "BUILD with lz4" ON)
option(ENABLE_LZO "BUILD with lzo" ON)
option(ENABLE_PKCS11 "BUILD with pkcs11-helper" ON)
option(USE_WERROR "Treat compiler warnings as errors (-Werror)" ON)
option(FAKE_ANDROID "Target Android but do not use actual cross compile/Android cmake to build for simple compile checks on Linux")
option(ENABLE_DNS_UPDOWN_BY_DEFAULT "Run --dns-updown hook by default" ON)
set(DNS_UPDOWN_PATH "${CMAKE_INSTALL_PREFIX}/libexec/openvpn/dns-updown" CACHE STRING "Default location for the DNS up/down script")
set(PLUGIN_DIR "${CMAKE_INSTALL_PREFIX}/lib/openvpn/plugins" CACHE FILEPATH "Location of the plugin directory")
# Create machine readable compile commands
option(ENABLE_COMPILE_COMMANDS "Generate compile_commands.json and a symlink for clangd to find it" OFF)
if (ENABLE_COMPILE_COMMANDS)
if (EXISTS ${CMAKE_CURRENT_SOURCE_DIR}/build AND NOT IS_SYMLINK ${CMAKE_CURRENT_SOURCE_DIR}/build)
message(FATAL_ERROR "The top level source directory contains a 'build' file or directory. Please remove or rename it. CMake creates a symlink with that name during build.")
endif()
set(CMAKE_EXPORT_COMPILE_COMMANDS 1)
add_custom_target(
symlink-build-dir ALL
${CMAKE_COMMAND} -E create_symlink ${CMAKE_CURRENT_BINARY_DIR} ${CMAKE_CURRENT_SOURCE_DIR}/build
)
endif ()
# AddressSanitize - use CXX=clang++ CC=clang cmake -DCMAKE_BUILD_TYPE=asan to build with ASAN
set(CMAKE_C_FLAGS_ASAN
"-fsanitize=address,undefined -fno-sanitize-recover=all -fno-optimize-sibling-calls -fsanitize-address-use-after-scope -fno-omit-frame-pointer -g -O1"
CACHE STRING "Flags used by the C compiler during AddressSanitizer builds."
FORCE)
set(CMAKE_CXX_FLAGS_ASAN
"-fsanitize=address,undefined -fno-sanitize-recover=all -fno-optimize-sibling-calls -fsanitize-address-use-after-scope -fno-omit-frame-pointer -g -O1"
CACHE STRING "Flags used by the C++ compiler during AddressSanitizer builds."
FORCE)
function(check_and_add_compiler_flag flag variable)
check_c_compiler_flag(${flag} ${variable})
if (${variable})
add_compile_options(${flag})
endif()
endfunction()
if (MSVC)
add_compile_definitions(
_CRT_SECURE_NO_WARNINGS
_CRT_NONSTDC_NO_DEPRECATE
_WINSOCK_DEPRECATED_NO_WARNINGS
)
if (USE_WERROR)
add_compile_options(/WX)
endif ()
# C4018: signed/unsigned mismatch
# C4244: conversion from 'type1' to 'type2', possible loss of data
# C4267: conversion from 'size_t' to 'type', possible loss of data
add_compile_options(
/MP
/W3 /wd4018 /wd4267 /wd4244
/sdl
/Qspectre
/guard:cf
/FC
/ZH:SHA_256
"$<$<CONFIG:Release>:/GL>"
"$<$<CONFIG:Release>:/Oi>"
"$<$<CONFIG:Release>:/Gy>"
"$<$<CONFIG:Release>:/Zi>"
)
add_link_options(
/Brepro
"$<$<CONFIG:Release>:/LTCG:incremental>"
"$<$<CONFIG:Release>:/DEBUG:FULL>"
"$<$<CONFIG:Release>:/OPT:REF>"
"$<$<CONFIG:Release>:/OPT:ICF>"
)
if (${CMAKE_GENERATOR_PLATFORM} STREQUAL "x64" OR ${CMAKE_GENERATOR_PLATFORM} STREQUAL "x86")
add_link_options("$<$<CONFIG:Release>:/CETCOMPAT>")
endif()
else ()
add_compile_options(-Wall -Wuninitialized)
check_and_add_compiler_flag(-Wno-stringop-truncation NoStringOpTruncation)
check_and_add_compiler_flag(-Wstrict-prototypes StrictPrototypes)
check_and_add_compiler_flag(-Wold-style-definition OldStyleDefinition)
add_compile_options(-Wconversion -Wno-sign-conversion)
add_compile_options(-Wextra -Wno-unused-parameter)
# clang doesn't have the different levels but also doesn't include it in -Wextra
check_and_add_compiler_flag(-Wimplicit-fallthrough=2 GCCImplicitFallthrough)
if (WIN32)
# Not sure how to deal with GetProcAddress
add_compile_options(-Wno-cast-function-type)
endif ()
if (USE_WERROR)
add_compile_options(-Werror)
endif ()
endif ()
find_package(Python3 REQUIRED COMPONENTS Interpreter)
execute_process(
COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/contrib/cmake/parse-version.m4.py ${CMAKE_CURRENT_SOURCE_DIR}/version.m4
WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}
)
include(${CMAKE_CURRENT_BINARY_DIR}/version.cmake)
set(OPENVPN_VERSION_MAJOR ${PRODUCT_VERSION_MAJOR})
set(OPENVPN_VERSION_MINOR ${PRODUCT_VERSION_MINOR})
set(OPENVPN_VERSION_PATCH ${PRODUCT_VERSION_PATCH})
set(OPENVPN_VERSION_RESOURCE ${PRODUCT_VERSION_RESOURCE})
set(CMAKE_C_STANDARD 11)
# Set the various defines for config.h.cmake.in
if (${CMAKE_SYSTEM_NAME} STREQUAL "Android" OR ${FAKE_ANDROID})
set(TARGET_ANDROID YES)
set(ENABLE_ASYNC_PUSH YES)
set(ENABLE_SITNL YES)
# Wacky workaround as OpenSSL package detection is otherwise broken (https://stackoverflow.com/questions/45958214/android-cmake-could-not-find-openssl)
list(APPEND CMAKE_FIND_ROOT_PATH ${OPENSSL_ROOT_DIR})
elseif (${CMAKE_SYSTEM_NAME} STREQUAL "Linux")
set(TARGET_LINUX YES)
set(ENABLE_ASYNC_PUSH YES)
set(ENABLE_LINUXDCO YES)
set(ENABLE_SITNL YES)
set(ENABLE_DCO YES)
elseif (${CMAKE_SYSTEM_NAME} STREQUAL "FreeBSD")
set(TARGET_FREEBSD YES)
set(ENABLE_DCO YES)
link_libraries(-lnv)
elseif (${CMAKE_SYSTEM_NAME} STREQUAL "OpenBSD")
set(TARGET_OPENBSD YES)
elseif (${CMAKE_SYSTEM_NAME} STREQUAL "SunOS")
set(TARGET_SOLARIS YES)
set(HAVE_SYS_SOCKIO_H 1)
link_libraries(-lnsl -lsocket -lresolv)
elseif (WIN32)
set(ENABLE_DCO YES)
elseif (APPLE)
set(TARGET_DARWIN YES)
else()
message(FATAL_ERROR "Unknown system name: \"${CMAKE_SYSTEM_NAME}\"")
endif ()
if (UNIX)
set(PATH_SEPARATOR /)
set(ENABLE_PORT_SHARE YES)
set(HAVE_SA_FAMILY_T YES)
elseif (WIN32)
set(PATH_SEPARATOR \\\\)
set(TARGET_WIN32 YES)
endif ()
check_include_files(unistd.h HAVE_UNISTD_H)
if (HAVE_UNISTD_H)
check_symbol_exists(chroot unistd.h HAVE_CHROOT)
check_symbol_exists(chdir unistd.h HAVE_CHDIR)
check_symbol_exists(dup unistd.h HAVE_DUP)
check_symbol_exists(dup2 unistd.h HAVE_DUP2)
check_symbol_exists(fork unistd.h HAVE_FORK)
check_symbol_exists(execve unistd.h HAVE_EXECVE)
check_symbol_exists(ftruncate unistd.h HAVE_FTRUNCATE)
check_symbol_exists(nice unistd.h HAVE_NICE)
check_symbol_exists(setgid unistd.h HAVE_SETGID)
check_symbol_exists(setuid unistd.h HAVE_SETUID)
check_symbol_exists(setsid unistd.h HAVE_SETSID)
check_symbol_exists(daemon "unistd.h;stdlib.h" HAVE_DAEMON)
check_symbol_exists(getpeereid "unistd.h;sys/socket.h" HAVE_GETPEEREID)
endif()
check_include_files(grp.h HAVE_GRP_H)
if (HAVE_GRP_H)
check_symbol_exists(getgrnam grp.h HAVE_GETGRNAM)
endif()
check_include_files(libgen.h HAVE_LIBGEN_H)
if (HAVE_LIBGEN_H)
check_symbol_exists(basename libgen.h HAVE_BASENAME)
check_symbol_exists(dirname libgen.h HAVE_DIRNAME)
endif()
check_include_files(pwd.h HAVE_PWD_H)
if (HAVE_PWD_H)
check_symbol_exists(getpwnam pwd.h HAVE_GETPWNAM)
endif()
check_include_files(sys/epoll.h HAVE_SYS_EPOLL_H)
if (HAVE_SYS_EPOLL_H)
check_symbol_exists(epoll_create sys/epoll.h HAVE_EPOLL_CREATE)
endif()
check_include_files(syslog.h HAVE_SYSLOG_H)
if (HAVE_SYSLOG_H)
check_symbol_exists(openlog syslog.h HAVE_OPENLOG)
check_symbol_exists(syslog syslog.h HAVE_SYSLOG)
endif()
check_include_files(sys/mman.h HAVE_SYS_MMAN_H)
if (HAVE_SYS_MMAN_H)
check_symbol_exists(mlockall sys/mman.h HAVE_MLOCKALL)
endif()
check_include_files(sys/socket.h HAVE_SYS_SOCKET_H)
if (HAVE_SYS_SOCKET_H)
check_symbol_exists(sendmsg sys/socket.h HAVE_SENDMSG)
check_symbol_exists(recvmsg sys/socket.h HAVE_RECVMSG)
check_symbol_exists(getsockname sys/socket.h HAVE_GETSOCKNAME)
# Checking for existence of structs with check_symbol_exists does not work,
# so we use check_struct_hash_member with a member instead
check_struct_has_member("struct cmsghdr" cmsg_len sys/socket.h HAVE_CMSGHDR)
endif()
check_include_files(sys/time.h HAVE_SYS_TIME_H)
if (HAVE_SYS_TIME_H)
check_symbol_exists(gettimeofday sys/time.h HAVE_GETTIMEOFDAY)
check_symbol_exists(getrlimit "sys/time.h;sys/resource.h" HAVE_GETRLIMIT)
endif()
check_symbol_exists(chsize io.h HAVE_CHSIZE)
check_symbol_exists(getrlimit sys/resource.h HAVE_GETRLIMIT)
check_symbol_exists(strsep string.h HAVE_STRSEP)
# Some OS (e.g. FreeBSD) need some basic headers to allow
# including network headers
set(NETEXTRA sys/types.h)
check_include_files("${NETEXTRA};netinet/in.h" HAVE_NETINET_IN_H)
if (HAVE_NETINET_IN_H)
list(APPEND NETEXTRA netinet/in.h)
endif ()
check_include_files(arpa/inet.h HAVE_ARPA_INET_H)
check_include_files(dlfcn.h HAVE_DLFCN_H)
check_include_files(dmalloc.h HAVE_DMALLOC_H)
check_include_files(fcntl.h HAVE_FCNTL_H)
check_include_files(err.h HAVE_ERR_H)
check_include_files(netdb.h HAVE_NETDB_H)
check_include_files("${NETEXTRA};netinet/in6.h" HAVE_NETINET_IN_H)
check_include_files(net/if.h HAVE_NET_IF_H)
check_include_files("${NETEXTRA};net/if_tun.h" HAVE_NET_IF_TUN_H)
check_include_files(poll.h HAVE_POLL_H)
check_include_files("${NETEXTRA};resolv.h" HAVE_RESOLV_H)
check_include_files(sys/ioctl.h HAVE_SYS_IOCTL_H)
check_include_files(sys/inotify.h HAVE_SYS_INOTIFY_H)
check_include_files("${NETEXTRA};sys/uio.h" HAVE_SYS_UIO_H)
check_include_files(sys/un.h HAVE_SYS_UN_H)
check_include_files(sys/wait.h HAVE_SYS_WAIT_H)
check_include_files("${NETEXTRA};netinet/ip.h" HAVE_NETINET_IP_H)
if (HAVE_NETINET_IP_H)
set(CMAKE_EXTRA_INCLUDE_FILES netinet/ip.h)
check_type_size("struct in_pktinfo" IN_PKTINFO)
check_struct_has_member("struct in_pktinfo" ipi_spec_dst netinet/ip.h HAVE_IPI_SPEC_DST)
check_type_size("struct msghdr" MSGHDR)
set(CMAKE_EXTRA_INCLUDE_FILES)
endif()
find_program(IFCONFIG_PATH ifconfig)
find_program(IPROUTE_PATH ip)
find_program(ROUTE_PATH route)
if (${ENABLE_LZ4})
pkg_search_module(liblz4 liblz4 REQUIRED IMPORTED_TARGET)
endif ()
if (${ENABLE_LZO})
pkg_search_module(lzo2 lzo2 REQUIRED IMPORTED_TARGET)
endif ()
if (${ENABLE_PKCS11})
pkg_search_module(pkcs11-helper libpkcs11-helper-1 REQUIRED IMPORTED_TARGET)
endif ()
function(check_mbed_configuration)
if (NOT (MBED_INCLUDE_PATH STREQUAL "") )
set(CMAKE_REQUIRED_INCLUDES ${MBED_INCLUDE_PATH})
endif ()
if (NOT (MBED_LIBRARY_PATH STREQUAL ""))
set(CMAKE_REQUIRED_LINK_OPTIONS "-L${MBED_LIBRARY_PATH}")
endif ()
set(CMAKE_REQUIRED_LIBRARIES "mbedtls;mbedx509;mbedcrypto")
check_include_files(psa/crypto.h HAVE_PSA_CRYPTO_H)
endfunction()
if (${MBED})
check_mbed_configuration()
endif()
function(add_library_deps target)
if (${MBED})
if (NOT (MBED_INCLUDE_PATH STREQUAL "") )
target_include_directories(${target} PRIVATE ${MBED_INCLUDE_PATH})
endif ()
if(NOT (MBED_LIBRARY_PATH STREQUAL ""))
target_link_directories(${target} PRIVATE ${MBED_LIBRARY_PATH})
endif ()
target_link_libraries(${target} PRIVATE -lmbedtls -lmbedx509 -lmbedcrypto)
elseif (${WOLFSSL})
pkg_search_module(wolfssl wolfssl REQUIRED)
target_link_libraries(${target} PUBLIC ${wolfssl_LINK_LIBRARIES})
target_include_directories(${target} PRIVATE ${wolfssl_INCLUDE_DIRS}/wolfssl)
else ()
find_package(OpenSSL REQUIRED)
target_link_libraries(${target} PUBLIC OpenSSL::SSL OpenSSL::Crypto)
if (WIN32)
target_link_libraries(${target} PUBLIC
ws2_32.lib crypt32.lib fwpuclnt.lib iphlpapi.lib
wininet.lib setupapi.lib rpcrt4.lib wtsapi32.lib ncrypt.lib bcrypt.lib)
endif ()
endif ()
if (MINGW)
target_compile_definitions(${target} PRIVATE
WIN32_LEAN_AND_MEAN
NTDDI_VERSION=NTDDI_VISTA _WIN32_WINNT=_WIN32_WINNT_VISTA
)
endif()
# optional dependencies
target_link_libraries(${target} PUBLIC
$<TARGET_NAME_IF_EXISTS:PkgConfig::liblz4>
$<TARGET_NAME_IF_EXISTS:PkgConfig::lzo2>
$<TARGET_NAME_IF_EXISTS:PkgConfig::pkcs11-helper>
)
if (${CMAKE_SYSTEM_NAME} STREQUAL "Linux")
pkg_search_module(libcapng REQUIRED libcap-ng IMPORTED_TARGET)
pkg_search_module(libnl REQUIRED libnl-genl-3.0 IMPORTED_TARGET)
target_link_libraries(${target} PUBLIC PkgConfig::libcapng PkgConfig::libnl)
endif ()
endfunction()
if (${MBED})
set(ENABLE_CRYPTO_MBEDTLS YES)
elseif (${WOLFSSL})
set(ENABLE_CRYPTO_OPENSSL YES)
set(ENABLE_CRYPTO_WOLFSSL YES)
else ()
set(ENABLE_CRYPTO_OPENSSL YES)
endif ()
include_directories(${CMAKE_CURRENT_SOURCE_DIR} src/compat include)
add_custom_command(
OUTPUT always_rebuild config-version.h
COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/contrib/cmake/git-version.py
)
set(HAVE_CONFIG_VERSION_H YES)
if (BUILD_TESTING)
find_package(cmocka CONFIG)
if (TARGET cmocka::cmocka)
set(CMOCKA_LIBRARIES cmocka::cmocka)
else ()
pkg_search_module(cmocka cmocka REQUIRED IMPORTED_TARGET)
set(CMOCKA_LIBRARIES PkgConfig::cmocka)
endif ()
set(CMAKE_REQUIRED_LIBRARIES ${CMOCKA_LIBRARIES})
check_include_files(cmocka_version.h HAVE_CMOCKA_VERSION_H)
endif ()
configure_file(config.h.cmake.in config.h)
configure_file(include/openvpn-plugin.h.in openvpn-plugin.h)
# TODO we should remove the need for this, and always include config.h
add_compile_definitions(HAVE_CONFIG_H)
include_directories(${CMAKE_CURRENT_BINARY_DIR})
add_subdirectory(doc)
add_subdirectory(src/openvpnmsica)
add_subdirectory(src/openvpnserv)
add_subdirectory(src/tapctl)
set(SOURCE_FILES
${CMAKE_CURRENT_BINARY_DIR}/config.h
${CMAKE_CURRENT_BINARY_DIR}/config-version.h
${CMAKE_CURRENT_BINARY_DIR}/openvpn-plugin.h
src/compat/compat-basename.c
src/compat/compat-daemon.c
src/compat/compat-dirname.c
src/compat/compat-gettimeofday.c
src/compat/compat-strsep.c
src/openvpn/argv.c
src/openvpn/argv.h
src/openvpn/base64.c
src/openvpn/base64.h
src/openvpn/basic.h
src/openvpn/buffer.c
src/openvpn/buffer.h
src/openvpn/circ_list.h
src/openvpn/clinat.c
src/openvpn/clinat.h
src/openvpn/common.h
src/openvpn/comp-lz4.c
src/openvpn/comp-lz4.h
src/openvpn/comp.c
src/openvpn/comp.h
src/openvpn/compstub.c
src/openvpn/console.c
src/openvpn/console_builtin.c
src/openvpn/console.h
src/openvpn/crypto.c
src/openvpn/crypto.h
src/openvpn/crypto_backend.h
src/openvpn/crypto_epoch.c
src/openvpn/crypto_epoch.h
src/openvpn/crypto_openssl.c
src/openvpn/crypto_openssl.h
src/openvpn/crypto_mbedtls.c
src/openvpn/crypto_mbedtls.h
src/openvpn/cryptoapi.c
src/openvpn/cryptoapi.h
src/openvpn/dco.c
src/openvpn/dco.h
src/openvpn/dco_win.c
src/openvpn/dco_win.h
src/openvpn/dco_linux.c
src/openvpn/dco_linux.h
src/openvpn/dco_freebsd.c
src/openvpn/dco_freebsd.h
src/openvpn/dhcp.c
src/openvpn/dhcp.h
src/openvpn/dns.c
src/openvpn/dns.h
src/openvpn/errlevel.h
src/openvpn/env_set.c
src/openvpn/env_set.h
src/openvpn/error.c
src/openvpn/error.h
src/openvpn/event.c
src/openvpn/event.h
src/openvpn/fdmisc.c
src/openvpn/fdmisc.h
src/openvpn/forward.c
src/openvpn/forward.h
src/openvpn/fragment.c
src/openvpn/fragment.h
src/openvpn/gremlin.c
src/openvpn/gremlin.h
src/openvpn/helper.c
src/openvpn/helper.h
src/openvpn/httpdigest.c
src/openvpn/httpdigest.h
src/openvpn/init.c
src/openvpn/init.h
src/openvpn/integer.h
src/openvpn/interval.c
src/openvpn/interval.h
src/openvpn/list.c
src/openvpn/list.h
src/openvpn/lladdr.c
src/openvpn/lladdr.h
src/openvpn/lzo.c
src/openvpn/lzo.h
src/openvpn/manage.c
src/openvpn/manage.h
src/openvpn/mbuf.c
src/openvpn/mbuf.h
src/openvpn/memdbg.h
src/openvpn/misc.c
src/openvpn/misc.h
src/openvpn/mroute.c
src/openvpn/mroute.h
src/openvpn/mss.c
src/openvpn/mss.h
src/openvpn/mtcp.c
src/openvpn/mtcp.h
src/openvpn/mtu.c
src/openvpn/mtu.h
src/openvpn/mudp.c
src/openvpn/mudp.h
src/openvpn/multi.c
src/openvpn/multi.h
src/openvpn/multi_io.h
src/openvpn/multi_io.c
src/openvpn/occ.c
src/openvpn/occ.h
src/openvpn/openvpn.c
src/openvpn/openvpn.h
src/openvpn/openvpn_win32_resources.rc
src/openvpn/options.c
src/openvpn/options.h
src/openvpn/options_util.c
src/openvpn/options_util.h
src/openvpn/options_parse.c
src/openvpn/otime.c
src/openvpn/otime.h
src/openvpn/ovpn_dco_win.h
src/openvpn/packet_id.c
src/openvpn/packet_id.h
src/openvpn/ping.c
src/openvpn/ping.h
src/openvpn/pkcs11.c
src/openvpn/pkcs11.h
src/openvpn/pkcs11_backend.h
src/openvpn/pkcs11_openssl.c
src/openvpn/pkcs11_mbedtls.c
src/openvpn/platform.c
src/openvpn/platform.h
src/openvpn/plugin.c
src/openvpn/plugin.h
src/openvpn/pool.c
src/openvpn/pool.h
src/openvpn/proto.c
src/openvpn/proto.h
src/openvpn/proxy.c
src/openvpn/proxy.h
src/openvpn/ps.c
src/openvpn/ps.h
src/openvpn/push.c
src/openvpn/push_util.c
src/openvpn/push.h
src/openvpn/pushlist.h
src/openvpn/reflect_filter.c
src/openvpn/reflect_filter.h
src/openvpn/reliable.c
src/openvpn/reliable.h
src/openvpn/route.c
src/openvpn/route.h
src/openvpn/run_command.c
src/openvpn/run_command.h
src/openvpn/schedule.c
src/openvpn/schedule.h
src/openvpn/session_id.c
src/openvpn/session_id.h
src/openvpn/shaper.c
src/openvpn/shaper.h
src/openvpn/sig.c
src/openvpn/sig.h
src/openvpn/socket.c
src/openvpn/socket.h
src/openvpn/socket_util.c
src/openvpn/socket_util.h
src/openvpn/socks.c
src/openvpn/socks.h
src/openvpn/ssl.c
src/openvpn/ssl.h
src/openvpn/ssl_backend.h
src/openvpn/ssl_common.h
src/openvpn/ssl_openssl.c
src/openvpn/ssl_openssl.h
src/openvpn/ssl_mbedtls.c
src/openvpn/ssl_mbedtls.h
src/openvpn/ssl_verify.c
src/openvpn/ssl_verify.h
src/openvpn/ssl_verify_backend.h
src/openvpn/ssl_verify_openssl.c
src/openvpn/ssl_verify_openssl.h
src/openvpn/ssl_verify_mbedtls.c
src/openvpn/ssl_verify_mbedtls.h
src/openvpn/status.c
src/openvpn/status.h
src/openvpn/syshead.h
src/openvpn/tls_crypt.c
src/openvpn/tun.c
src/openvpn/tun.h
src/openvpn/tun_afunix.c
src/openvpn/tun_afunix.h
src/openvpn/networking_sitnl.c
src/openvpn/networking_freebsd.c
src/openvpn/auth_token.c
src/openvpn/auth_token.h
src/openvpn/ssl_ncp.c
src/openvpn/ssl_ncp.h
src/openvpn/ssl_pkt.c
src/openvpn/ssl_pkt.h
src/openvpn/ssl_util.c
src/openvpn/ssl_util.h
src/openvpn/vlan.c
src/openvpn/vlan.h
src/openvpn/wfp_block.c
src/openvpn/wfp_block.h
src/openvpn/win32.c
src/openvpn/win32-util.c
src/openvpn/win32.h
src/openvpn/win32-util.h
src/openvpn/xkey_helper.c
src/openvpn/xkey_provider.c
)
add_executable(openvpn ${SOURCE_FILES})
add_library_deps(openvpn)
target_compile_options(openvpn PRIVATE -DDEFAULT_DNS_UPDOWN=\"${DNS_UPDOWN_PATH}\")
if(MINGW)
target_compile_options(openvpn PRIVATE -municode -UUNICODE)
target_link_options(openvpn PRIVATE -municode)
endif()
if (MSVC)
# we have our own manifest
target_link_options(openvpn PRIVATE /MANIFEST:NO)
endif()
if (${CMAKE_SYSTEM_NAME} STREQUAL "Linux")
target_link_libraries(openvpn PUBLIC -ldl)
endif ()
if (NOT WIN32)
target_compile_options(openvpn PRIVATE -DPLUGIN_LIBDIR=\"${PLUGIN_DIR}\")
find_library(resolv resolv)
# some platform like BSDs already include resolver functionality in the libc
# and do not have an extra resolv library
if (${resolv} OR APPLE)
set(RESOLV_LIBRARIES resolv)
target_link_libraries(openvpn PUBLIC ${RESOLV_LIBRARIES})
endif ()
endif ()
option(UT_ALLOW_BIG_ALLOC "Allow unit-tests to use > 1 GB of memory" ON)
if (BUILD_TESTING)
set(unit_tests
"test_argv"
"test_auth_token"
"test_buffer"
"test_crypto"
"test_dhcp"
"test_mbuf"
"test_misc"
"test_ncp"
"test_options_parse"
"test_packet_id"
"test_pkt"
"test_provider"
"test_socket"
"test_ssl"
"test_user_pass"
"test_push_update_msg"
)
if (WIN32)
list(APPEND unit_tests
"test_cryptoapi"
)
endif ()
# MSVC and Apple's LLVM ld do not support --wrap
# This test requires cmake >= 3.18, so check if check_linker_flag is
# available
if (COMMAND check_linker_flag)
check_linker_flag(C -Wl,--wrap=parse_line LD_SUPPORTS_WRAP)
endif()
# Clang-cl (which is also MSVC) is wrongly detected to support wrap
if (NOT MSVC AND "${LD_SUPPORTS_WRAP}")
list(APPEND unit_tests
"test_tls_crypt"
)
endif ()
# These tests work on only on Linux since they depend on special Linux features
if (${CMAKE_SYSTEM_NAME} STREQUAL "Linux")
list(APPEND unit_tests
"test_networking"
)
endif ()
if (NOT WIN32 AND ${ENABLE_PKCS11})
set(_HAVE_SOFTHSM2 YES)
find_program(P11TOOL p11tool)
find_program(SOFTHSM2_UTIL softhsm2-util)
find_library(SOFTHSM2_MODULE softhsm2 PATH_SUFFIXES softhsm)
if (P11TOOL STREQUAL "P11TOOL-NOTFOUND")
message(STATUS "p11tool not found, pkcs11 UT disabled")
set(_HAVE_SOFTHSM2 NO)
elseif (SOFTHSM2_UTIL STREQUAL "SOFTHSM2_UTIL-NOTFOUND")
message(STATUS "softhsm2-util not found, pkcs11 UT disabled")
set(_HAVE_SOFTHSM2 NO)
elseif (SOFTHSM2_MODULE STREQUAL "SOFTHSM2_MODULE-NOTFOUND")
message(STATUS "softhsm2 module not found, pkcs11 UT disabled")
set(_HAVE_SOFTHSM2 NO)
endif ()
if (_HAVE_SOFTHSM2)
message(VERBOSE "pkcs11 UT enabled")
list(APPEND unit_tests
"test_pkcs11"
)
endif ()
endif ()
foreach (test_name ${unit_tests})
cmake_path(SET _UT_SOURCE_DIR ${CMAKE_CURRENT_SOURCE_DIR}/tests/unit_tests/openvpn)
# test_networking needs special environment
if (NOT ${test_name} STREQUAL "test_networking")
add_test(${test_name} ${test_name})
# for compat with autotools make check
set_tests_properties(${test_name} PROPERTIES
ENVIRONMENT "srcdir=${_UT_SOURCE_DIR};LSAN_OPTIONS=suppressions=${_UT_SOURCE_DIR}/input/leak_suppr.txt")
endif ()
add_executable(${test_name}
tests/unit_tests/openvpn/${test_name}.c
tests/unit_tests/openvpn/mock_msg.c
tests/unit_tests/openvpn/mock_msg.h
src/openvpn/platform.c
src/openvpn/win32-util.c
src/compat/compat-gettimeofday.c
)
add_library_deps(${test_name})
target_link_libraries(${test_name} PUBLIC ${CMOCKA_LIBRARIES})
target_include_directories(${test_name} PRIVATE src/openvpn)
# for compat with IDEs like Clion that ignore the tests properties
# for the environment variable srcdir when running tests as fallback
target_compile_definitions(${test_name} PRIVATE "UNIT_TEST_SOURCEDIR=\"${_UT_SOURCE_DIR}\"")
if (UT_ALLOW_BIG_ALLOC)
target_compile_definitions(${test_name} PRIVATE UNIT_TEST_ALLOW_BIG_ALLOC)
endif ()
if (NOT ${test_name} STREQUAL "test_buffer")
target_sources(${test_name} PRIVATE
src/openvpn/buffer.c
)
endif ()
endforeach()
target_sources(test_auth_token PRIVATE
src/openvpn/base64.c
src/openvpn/crypto_epoch.c
src/openvpn/crypto_mbedtls.c
src/openvpn/crypto_openssl.c
src/openvpn/crypto.c
src/openvpn/otime.c
src/openvpn/packet_id.c
)
target_sources(test_buffer PRIVATE
tests/unit_tests/openvpn/mock_get_random.c
)
target_sources(test_crypto PRIVATE
src/openvpn/crypto_mbedtls.c
src/openvpn/crypto_openssl.c
src/openvpn/crypto_epoch.c
src/openvpn/crypto.c
src/openvpn/otime.c
src/openvpn/packet_id.c
src/openvpn/mtu.c
src/openvpn/mss.c
)
target_sources(test_ssl PRIVATE
tests/unit_tests/openvpn/mock_management.c
tests/unit_tests/openvpn/mock_ssl_dependencies.c
tests/unit_tests/openvpn/mock_win32_execve.c
src/openvpn/argv.c
src/openvpn/base64.c
src/openvpn/crypto_epoch.c
src/openvpn/crypto_mbedtls.c
src/openvpn/crypto_openssl.c
src/openvpn/crypto.c
src/openvpn/cryptoapi.c
src/openvpn/env_set.c
src/openvpn/mss.c
src/openvpn/mtu.c
src/openvpn/options_util.c
src/openvpn/otime.c
src/openvpn/packet_id.c
src/openvpn/run_command.c
src/openvpn/ssl_mbedtls.c
src/openvpn/ssl_openssl.c
src/openvpn/ssl_util.c
src/openvpn/ssl_verify_mbedtls.c
src/openvpn/ssl_verify_openssl.c
src/openvpn/xkey_helper.c
src/openvpn/xkey_provider.c
)
target_sources(test_mbuf PRIVATE
tests/unit_tests/openvpn/mock_get_random.c
src/openvpn/buffer.c
src/openvpn/mbuf.c
)
target_sources(test_misc PRIVATE
tests/unit_tests/openvpn/mock_get_random.c
src/openvpn/options_util.c
src/openvpn/ssl_util.c
src/openvpn/list.c
)
target_sources(test_ncp PRIVATE
src/openvpn/crypto_epoch.c
src/openvpn/crypto_mbedtls.c
src/openvpn/crypto_openssl.c
src/openvpn/crypto.c
src/openvpn/otime.c
src/openvpn/packet_id.c
src/openvpn/ssl_util.c
src/compat/compat-strsep.c
)
target_sources(test_options_parse PRIVATE
tests/unit_tests/openvpn/mock_get_random.c
src/openvpn/options_parse.c
src/openvpn/options_util.c
)
target_sources(test_packet_id PRIVATE
tests/unit_tests/openvpn/mock_get_random.c
src/openvpn/otime.c
src/openvpn/packet_id.c
src/openvpn/reliable.c
src/openvpn/session_id.c
)
target_sources(test_pkt PRIVATE
tests/unit_tests/openvpn/mock_win32_execve.c
src/openvpn/argv.c
src/openvpn/base64.c
src/openvpn/crypto_epoch.c
src/openvpn/crypto_mbedtls.c
src/openvpn/crypto_openssl.c
src/openvpn/crypto.c
src/openvpn/env_set.c
src/openvpn/otime.c
src/openvpn/packet_id.c
src/openvpn/reliable.c
src/openvpn/run_command.c
src/openvpn/session_id.c
src/openvpn/ssl_pkt.c
src/openvpn/tls_crypt.c
)
target_sources(test_provider PRIVATE
tests/unit_tests/openvpn/mock_get_random.c
src/openvpn/xkey_provider.c
src/openvpn/xkey_helper.c
src/openvpn/base64.c
)
target_link_libraries(test_socket PUBLIC ${RESOLV_LIBRARIES})
target_sources(test_socket PRIVATE
tests/unit_tests/openvpn/mock_get_random.c
tests/unit_tests/openvpn/mock_management.c
tests/unit_tests/openvpn/mock_win32_execve.c
src/openvpn/env_set.c
src/openvpn/run_command.c
src/openvpn/socket_util.c
)
target_sources(test_user_pass PRIVATE
tests/unit_tests/openvpn/mock_get_random.c
tests/unit_tests/openvpn/mock_win32_execve.c
src/openvpn/base64.c
src/openvpn/console.c
src/openvpn/env_set.c
src/openvpn/run_command.c
)
target_sources(test_push_update_msg PRIVATE
tests/unit_tests/openvpn/mock_msg.c
tests/unit_tests/openvpn/mock_get_random.c
src/openvpn/options_util.c
src/openvpn/otime.c
src/openvpn/list.c
)
target_sources(test_argv PRIVATE
tests/unit_tests/openvpn/mock_get_random.c
src/openvpn/argv.c
)
if (TARGET test_cryptoapi)
target_sources(test_cryptoapi PRIVATE
tests/unit_tests/openvpn/mock_get_random.c
tests/unit_tests/openvpn/cert_data.h
tests/unit_tests/openvpn/pkey_test_utils.c
src/openvpn/xkey_provider.c
src/openvpn/xkey_helper.c
src/openvpn/base64.c
)
endif ()
target_compile_definitions(test_dhcp PRIVATE DHCP_UNIT_TEST)
target_sources(test_dhcp PRIVATE
tests/unit_tests/openvpn/mock_get_random.c
)
if (TARGET test_networking)
target_link_options(test_networking PRIVATE -Wl,--wrap=parse_line)
target_compile_options(test_networking PRIVATE -UNDEBUG)
target_sources(test_networking PRIVATE
src/openvpn/networking_sitnl.c
src/openvpn/crypto_epoch.c
src/openvpn/crypto_mbedtls.c
src/openvpn/crypto_openssl.c
src/openvpn/crypto.c
src/openvpn/crypto_epoch.c
src/openvpn/fdmisc.c
src/openvpn/otime.c
src/openvpn/packet_id.c
)
endif ()
if (TARGET test_tls_crypt)
target_link_options(test_tls_crypt PRIVATE -Wl,--wrap=parse_line)
target_link_options(test_tls_crypt PRIVATE
-Wl,--wrap=buffer_read_from_file
-Wl,--wrap=buffer_write_file
-Wl,--wrap=rand_bytes)
target_sources(test_tls_crypt PRIVATE
tests/unit_tests/openvpn/mock_win32_execve.c
src/openvpn/argv.c
src/openvpn/base64.c
src/openvpn/crypto_epoch.c
src/openvpn/crypto_mbedtls.c
src/openvpn/crypto_openssl.c
src/openvpn/crypto.c
src/openvpn/env_set.c
src/openvpn/otime.c
src/openvpn/packet_id.c
src/openvpn/run_command.c
)
endif ()
if (TARGET test_pkcs11)
target_compile_options(test_pkcs11 PRIVATE
-DP11TOOL_PATH=\"${P11TOOL}\"
-DSOFTHSM2_MODULE_PATH=\"${SOFTHSM2_MODULE}\"
-DSOFTHSM2_UTIL_PATH=\"${SOFTHSM2_UTIL}\"
)
target_sources(test_pkcs11 PRIVATE
tests/unit_tests/openvpn/mock_get_random.c
tests/unit_tests/openvpn/pkey_test_utils.c
src/openvpn/argv.c
src/openvpn/base64.c
src/openvpn/env_set.c
src/openvpn/otime.c
src/openvpn/pkcs11.c
src/openvpn/pkcs11_openssl.c
src/openvpn/run_command.c
src/openvpn/xkey_helper.c
src/openvpn/xkey_provider.c
)
endif ()
endif (BUILD_TESTING)
================================================
FILE: CMakePresets.json
================================================
{
"version": 3,
"configurePresets": [
{
"name": "base",
"hidden": true,
"cacheVariables": {
"CMAKE_TOOLCHAIN_FILE": {
"value": "$env{VCPKG_ROOT}/scripts/buildsystems/vcpkg.cmake",
"type": "FILEPATH"
},
"VCPKG_OVERLAY_TRIPLETS": {
"value": "${sourceDir}/contrib/vcpkg-triplets",
"type": "FILEPATH"
},
"VCPKG_OVERLAY_PORTS": {
"value": "${sourceDir}/contrib/vcpkg-ports",
"type": "FILEPATH"
}
}
},
{
"name": "base-windows",
"hidden": true,
"binaryDir": "${sourceDir}/out/build/${presetName}",
"generator": "Visual Studio 17 2022",
"cacheVariables": {
"VCPKG_MANIFEST_DIR": "${sourceDir}/contrib/vcpkg-manifests/windows",
"VCPKG_HOST_TRIPLET": "x64-windows"
},
"vendor": { "microsoft.com/VisualStudioSettings/CMake/1.0": { "hostOS": [ "Windows" ] } }
},
{
"name": "base-mingw",
"hidden": true,
"generator": "Ninja Multi-Config",
"cacheVariables": {
"CMAKE_SYSTEM_NAME": {
"value": "Windows",
"type": "STRING"
},
"VCPKG_MANIFEST_DIR": "${sourceDir}/contrib/vcpkg-manifests/mingw"
}
},
{
"name": "x64",
"hidden": true,
"architecture": {
"value": "x64",
"strategy": "set"
},
"cacheVariables": {
"VCPKG_TARGET_TRIPLET": "x64-windows-ovpn"
}
},
{
"name": "x64-mingw",
"hidden": true,
"binaryDir": "out/build/mingw/x64",
"cacheVariables": {
"CMAKE_C_COMPILER": {
"value": "x86_64-w64-mingw32-gcc",
"type": "STRING"
},
"CMAKE_CXX_COMPILER": {
"value": "x86_64-w64-mingw32-g++",
"type": "STRING"
},
"VCPKG_TARGET_TRIPLET": "x64-mingw-ovpn"
}
},
{
"name": "arm64",
"hidden": true,
"architecture": {
"value": "arm64",
"strategy": "set"
},
"cacheVariables": {
"VCPKG_TARGET_TRIPLET": "arm64-windows-ovpn"
}
},
{
"name": "x86",
"hidden": true,
"architecture": {
"value": "Win32",
"strategy": "set"
},
"cacheVariables": {
"VCPKG_TARGET_TRIPLET": "x86-windows-ovpn"
}
},
{
"name": "i686-mingw",
"hidden": true,
"binaryDir": "out/build/mingw/x86",
"cacheVariables": {
"CMAKE_C_COMPILER": {
"value": "i686-w64-mingw32-gcc",
"type": "STRING"
},
"CMAKE_CXX_COMPILER": {
"value": "i686-w64-mingw32-g++",
"type": "STRING"
},
"VCPKG_TARGET_TRIPLET": "x86-mingw-ovpn"
}
},
{
"name": "debug",
"hidden": true,
"cacheVariables": {
"CMAKE_BUILD_TYPE": "Debug"
}
},
{
"name": "release",
"hidden": true,
"cacheVariables": {
"CMAKE_BUILD_TYPE": "Release"
}
},
{
"name": "clangtoolset",
"toolset": "ClangCL"
},
{
"name": "mingw-x64",
"inherits": [ "base", "base-mingw", "x64-mingw" ]
},
{
"name": "mingw-x86",
"inherits": [ "base", "base-mingw", "i686-mingw" ]
},
{
"name": "win-amd64-release",
"inherits": [ "base", "base-windows", "x64", "release" ]
},
{
"name": "win-amd64-clang-release",
"inherits": [ "base", "base-windows", "clangtoolset", "x64", "release" ]
},
{
"name": "win-arm64-release",
"inherits": [ "base", "base-windows", "arm64", "release" ]
},
{
"name": "win-x86-release",
"inherits": [ "base", "base-windows", "x86", "release" ]
},
{
"name": "win-x86-clang-release",
"inherits": [ "base", "base-windows", "clangtoolset", "x86", "release" ]
},
{
"name": "win-amd64-debug",
"inherits": [ "base", "base-windows", "x64", "debug" ]
},
{
"name": "win-amd64-clang-debug",
"inherits": [ "base", "base-windows", "clangtoolset", "x64", "debug" ]
},
{
"name": "win-arm64-debug",
"inherits": [ "base", "base-windows", "arm64", "debug" ]
},
{
"name": "win-x86-debug",
"inherits": [ "base", "base-windows", "x86", "debug" ]
},
{
"name": "win-x86-clang-debug",
"inherits": [ "base", "base-windows", "clangtoolset", "x86", "debug" ]
},
{
"name": "unix-native",
"generator": "Ninja Multi-Config",
"binaryDir": "out/build/unix"
}
],
"buildPresets": [
{
"name": "mingw-x64",
"configurePreset": "mingw-x64"
},
{
"name": "mingw-x86",
"configurePreset": "mingw-x86"
},
{
"name": "win-amd64-release",
"configurePreset": "win-amd64-release",
"configuration": "Release"
},
{
"name": "win-amd64-clang-release",
"configurePreset": "win-amd64-clang-release",
"configuration": "Release"
},
{
"name": "win-arm64-release",
"configurePreset": "win-arm64-release",
"configuration": "Release"
},
{
"name": "win-x86-release",
"configurePreset": "win-x86-release",
"configuration": "Release"
},
{
"name": "win-x86-clang-release",
"configurePreset": "win-x86-clang-release",
"configuration": "Release"
},
{
"name": "win-amd64-debug",
"configurePreset": "win-amd64-debug",
"configuration": "Debug"
},
{
"name": "win-amd64-clang-debug",
"configurePreset": "win-amd64-clang-debug",
"configuration": "Debug"
},
{
"name": "win-arm64-debug",
"configurePreset": "win-arm64-debug",
"configuration": "Debug"
},
{
"name": "win-x86-debug",
"configurePreset": "win-x86-debug",
"configuration": "Debug"
},
{
"name": "win-x86-clang-debug",
"configurePreset": "win-x86-clang-debug",
"configuration": "Debug"
},
{
"name": "unix-native",
"configurePreset": "unix-native"
}
],
"testPresets": [
{
"name": "win-amd64-release",
"configurePreset": "win-amd64-release"
},
{
"name": "win-amd64-clang-release",
"configurePreset": "win-amd64-clang-release"
},
{
"name": "win-x86-release",
"configurePreset": "win-x86-release"
},
{
"name": "win-x86-clang-release",
"configurePreset": "win-x86-clang-release"
},
{
"name": "win-amd64-debug",
"configurePreset": "win-amd64-debug"
},
{
"name": "win-amd64-clang-debug",
"configurePreset": "win-amd64-clang-debug"
},
{
"name": "win-x86-debug",
"configurePreset": "win-x86-debug"
},
{
"name": "win-x86-clang-debug",
"configurePreset": "win-x86-clang-debug"
},
{
"name": "unix-native",
"configurePreset": "unix-native"
}
]
}
================================================
FILE: CONTRIBUTING.rst
================================================
CONTRIBUTING TO THE OPENVPN PROJECT
===================================
Patches should be written against the Git "master" branch. Some patches may get
backported to a release branch.
The preferred procedure is to send patches to the "openvpn-devel" mailing list:
- https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Instead of directly sending patches to the list you can also create an account
in our instance of the Gerrit review tool: https://gerrit.openvpn.net/
See https://community.openvpn.net/Development/GerritBestPractices.
While we do not merge GitHub pull requests as-is, we do allow their use for code
review purposes. After the patch has been ACKed (reviewed and accepted), it must
be sent to the mailing list. This last step does not necessarily need to be done
by the patch author, although that is definitely recommended.
When sending patches to "openvpn-devel" the subject line should be prefixed with
``[PATCH]``. To avoid merging issues the patches should be generated with
git-format-patch or sent using git-send-email. Try to split large patches into
small, atomic pieces to make reviews easier.
Please make sure that the source code formatting follows the guidelines at
https://community.openvpn.net/Development/CodeStyle. Automated checking can be
done with clang-format (https://community.openvpn.net/Development/CodeStyle)
and the configuration file which can be found in the git repository at ``.clang-format``.
There is also a git pre-commit hook script, which runs clang-format automatically
each time you commit and lets you format your code conveniently, if needed.
To install the hook simply run: ``dev-tools/git-pre-commit-format.sh install``
If you want quick feedback on a patch before sending it to openvpn-devel mailing
list, you can visit the #openvpn-devel channel on irc.libera.chat. Note that
you need to be logged in to Libera to join the channel:
- https://libera.chat/guides/registration
More detailed contribution instructions are available here:
- https://community.openvpn.net/Development/DeveloperDocumentation
Note that the process for contributing to other OpenVPN projects such as
openvpn-build, openvpn-gui, tap-windows6 and easy-rsa may differ from what was
described above. Please refer to the contribution instructions of each
respective project.
================================================
FILE: COPYING
================================================
OpenVPN (TM) -- An Open Source VPN daemon
Copyright (C) 2002-2026 OpenVPN Inc <sales@openvpn.net>
This distribution contains multiple components, some
of which fall under different licenses. By using OpenVPN
or any of the bundled components enumerated below, you
agree to be bound by the conditions of the license for
each respective component.
OpenVPN trademark
-----------------
"OpenVPN" is a trademark of OpenVPN Inc
OpenVPN license:
----------------
OpenVPN is distributed under the GPL license version 2.
Special exception for linking OpenVPN with OpenSSL:
In addition, as a special exception, OpenVPN Inc gives
permission to link the code of this program with the OpenSSL
library (or with modified versions of OpenSSL that use the same
license as OpenSSL), and distribute linked combinations including
the two. You must obey the GNU General Public License in all
respects for all of the code used other than OpenSSL. If you modify
this file, you may extend this exception to your version of the
file, but you are not obligated to do so. If you do not wish to
do so, delete this exception statement from your version.
Apache2 linking exception:
---------------------------
In addition, as a special exception, OpenVPN Inc and the
contributors give permission to link the code of this program to
libraries (the "Libraries") licensed under the Apache License
version 2.0 (this work and any linked library the "Combined Work")
and copy and distribute the Combined Work without an obligation to
license the Libraries under the GNU General Public License v2
(GPL-2.0) as required by Section 2 of the GPL-2.0, and without an
obligation to refrain from imposing any additional restrictions in
the Apache License version 2 that are not in the GPL-2.0, as
required by Section 6 of the GPL-2.0. You must comply with the
GPL-2.0 in all other respects for the Combined Work, including
the obligation to provide source code. If you modify this file, you
may extend this exception to your version of the file, but you are
not obligated to do so. If you do not wish to do so, delete this
exception statement from your version.
For better understanding, in plain non-legalese English this basically says:
* The intention for this license exception is to allow OpenVPN to be
linked against APL-2 licensed libraries, even where the GPL-2.0 and
APL-2 licenses conflict from a legal perspective.
* OpenVPN itself will stay GPL-2.0 and the code belonging to the
OpenVPN project must comply to the GPL-2.0 license. This is NOT
dual-licensing of the OpenVPN code base.
* This license exception DOES NOT require NOR expect a license change
of the APL-2 based library. This exception allows using the APL-2
library as-is. However, when distributing a compiled OpenVPN binary
linking against APL-2 libraries ("Combined Work"), the REQUIREMENT is
that the APL-2 library MUST also be available on similar terms as in
GPL-2.0, like providing the source code of the library upon request,
except in the two specific ways mentioned.
* If the APL-2 based library forbids such linking and distribution,
this license exception DOES NOT overrule the restriction of the APL-2
based library. If the APL-2 library cannot satisfy the requirements
in this license exception, you CANNOT distribute an OpenVPN binary
linked with this library.
LZO linking exception:
----------------------
LZO is Copyright (C) Markus F.X.J. Oberhumer,
and is licensed under the GPL.
Special exception for linking OpenVPN with both OpenSSL and LZO:
Hereby I grant a special exception to the OpenVPN project
(https://openvpn.net/) to link the LZO library with
the OpenSSL library (https://www.openssl.org).
Markus F.X.J. Oberhumer
================================================
FILE: COPYRIGHT.GPL
================================================
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
<https://fsf.org/>
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users. This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to
using it. (Some other Free Software Foundation software is covered by
the GNU Lesser General Public License instead.) You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
this service if you wish), that you receive source code or can get it
if you want it, that you can change the software or use pieces of it
in new free programs; and that you know you can do these things.
To protect your rights, we need to make restrictions that forbid
anyone to deny you these rights or to ask you to surrender the rights.
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must give the recipients all the rights that
you have. You must make sure that they, too, receive or can get the
source code. And you must show them these terms so they know their
rights.
We protect your rights with two steps: (1) copyright the software, and
(2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software. If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so
that any problems introduced by others will not reflect on the original
authors' reputations.
Finally, any free program is threatened constantly by software
patents. We wish to avoid the danger that redistributors of a free
program will individually obtain patent licenses, in effect making the
program proprietary. To prevent this, we have made it clear that any
patent must be licensed for everyone's free use or not licensed at all.
The precise terms and conditions for copying, distribution and
modification follow.
GNU GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License applies to any program or other work which contains
a notice placed by the copyright holder saying it may be distributed
under the terms of this General Public License. The "Program", below,
refers to any such program or work, and a "work based on the Program"
means either the Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it,
either verbatim or with modifications and/or translated into another
language. (Hereinafter, translation is included without limitation in
the term "modification".) Each licensee is addressed as "you".
Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of
running the Program is not restricted, and the output from the Program
is covered only if its contents constitute a work based on the
Program (independent of having been made by running the Program).
Whether that is true depends on what the Program does.
1. You may copy and distribute verbatim copies of the Program's
source code as you receive it, in any medium, provided that you
conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the
notices that refer to this License and to the absence of any warranty;
and give any other recipients of the Program a copy of this License
along with the Program.
You may charge a fee for the physical act of transferring a copy, and
you may at your option offer warranty protection in exchange for a fee.
2. You may modify your copy or copies of the Program or any portion
of it, thus forming a work based on the Program, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:
a) You must cause the modified files to carry prominent notices
stating that you changed the files and the date of any change.
b) You must cause any work that you distribute or publish, that in
whole or in part contains or is derived from the Program or any
part thereof, to be licensed as a whole at no charge to all third
parties under the terms of this License.
c) If the modified program normally reads commands interactively
when run, you must cause it, when started running for such
interactive use in the most ordinary way, to print or display an
announcement including an appropriate copyright notice and a
notice that there is no warranty (or else, saying that you provide
a warranty) and that users may redistribute the program under
these conditions, and telling the user how to view a copy of this
License. (Exception: if the Program itself is interactive but
does not normally print such an announcement, your work based on
the Program is not required to print an announcement.)
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works. But when you
distribute the same sections as part of a whole which is a work based
on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote it.
Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Program.
In addition, mere aggregation of another work not based on the Program
with the Program (or with a work based on the Program) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.
3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding machine-readable
source code, which must be distributed under the terms of Sections
1 and 2 above on a medium customarily used for software interchange; or,
b) Accompany it with a written offer, valid for at least three
years, to give any third party, for a charge no more than your
cost of physically performing source distribution, a complete
machine-readable copy of the corresponding source code, to be
distributed under the terms of Sections 1 and 2 above on a medium
customarily used for software interchange; or,
c) Accompany it with the information you received as to the offer
to distribute corresponding source code. (This alternative is
allowed only for noncommercial distribution and only if you
received the program in object code or executable form with such
an offer, in accord with Subsection b above.)
The source code for a work means the preferred form of the work for
making modifications to it. For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to
control compilation and installation of the executable. However, as a
special exception, the source code distributed need not include
anything that is normally distributed (in either source or binary
form) with the major components (compiler, kernel, and so on) of the
operating system on which the executable runs, unless that component
itself accompanies the executable.
If distribution of executable or object code is made by offering
access to copy from a designated place, then offering equivalent
access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not
compelled to copy the source along with the object code.
4. You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License. Any attempt
otherwise to copy, modify, sublicense or distribute the Program is
void, and will automatically terminate your rights under this License.
However, parties who have received copies, or rights, from you under
this License will not have their licenses terminated so long as such
parties remain in full compliance.
5. You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Program or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
modifying or distributing the Program (or any work based on the
Program), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Program or works based on it.
6. Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties to
this License.
7. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not distribute the Program at all. For example, if a patent
license would not permit royalty-free redistribution of the Program by
all those who receive copies directly or indirectly through you, then
the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Program.
If any portion of this section is held invalid or unenforceable under
any particular circumstance, the balance of the section is intended to
apply and the section as a whole is intended to apply in other
circumstances.
It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any
such claims; this section has the sole purpose of protecting the
integrity of the free software distribution system, which is
implemented by public license practices. Many people have made
generous contributions to the wide range of software distributed
through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing
to distribute software through any other system and a licensee cannot
impose that choice.
This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.
8. If the distribution and/or use of the Program is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Program under this License
may add an explicit geographical distribution limitation excluding
those countries, so that distribution is permitted only in or among
countries not thus excluded. In such case, this License incorporates
the limitation as if written in the body of this License.
9. The Free Software Foundation may publish revised and/or new versions
of the General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the Program
specifies a version number of this License which applies to it and "any
later version", you have the option of following the terms and conditions
either of that version or of any later version published by the Free
Software Foundation. If the Program does not specify a version number of
this License, you may choose any version ever published by the Free Software
Foundation.
10. If you wish to incorporate parts of the Program into other free
programs whose distribution conditions are different, write to the author
to ask for permission. For software which is copyrighted by the Free
Software Foundation, write to the Free Software Foundation; we sometimes
make exceptions for this. Our decision will be guided by the two goals
of preserving the free status of all derivatives of our free software and
of promoting the sharing and reuse of software generally.
NO WARRANTY
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
convey the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, see <https://www.gnu.org/licenses/>.
Also add information on how to contact you by electronic and paper mail.
If the program is interactive, make it output a short notice like this
when it starts in an interactive mode:
Gnomovision version 69, Copyright (C) year name of author
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, the commands you use may
be called something other than `show w' and `show c'; they could even be
mouse-clicks or menu items--whatever suits your program.
You should also get your employer (if you work as a programmer) or your
school, if any, to sign a "copyright disclaimer" for the program, if
necessary. Here is a sample; alter the names:
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
`Gnomovision' (which makes passes at compilers) written by James Hacker.
<signature of Moe Ghoul>, 1 April 1989
Moe Ghoul, President of Vice
This General Public License does not permit incorporating your program into
proprietary programs. If your program is a subroutine library, you may
consider it more useful to permit linking proprietary applications with the
library. If this is what you want to do, use the GNU Lesser General
Public License instead of this License.
================================================
FILE: ChangeLog
================================================
OpenVPN ChangeLog
Copyright (C) 2002-2026 OpenVPN Inc <sales@openvpn.net>
this marks the start of the 2.8 development cycle
up to the first formal 2.8 pre-release, this file will not be
maintained - please look at "git log" or "git shortlog v2.7.0..HEAD"
to see what was changed.
================================================
FILE: Changes.rst
================================================
Overview of changes in 2.8
==========================
Overview of changes in 2.7
==========================
New features
------------
Multi-socket support for servers
OpenVPN servers now can listen on multiple sockets at the same time.
Multiple ``--local`` statements in the configuration can be used to
configure this. This way the same server can e.g. listen for UDP
and TCP connections at the same time, or listen on multiple addresses
and/or ports.
Client implementations for DNS options sent by server for Linux/BSD/macOS
Linux, BSD and macOS versions of OpenVPN now ship with a per-platform
default ``--dns-updown`` script that implements proper handling of
DNS configuration sent by the server. The scripts should work on
systems that use ``systemd`` or ``resolveconf`` to manage the DNS
setup, as well as raw ``/etc/resolv.conf`` files. However, the exact
features supported will depend on the configuration method.
On Linux and MacOS this should usually make split-DNS configurations
supported out-of-the-box now.
Note that this new script will not be used by default if a ``--up``
script is already in use to reduce problems with
backwards compatibility.
See documentation for ``--dns-updown`` and ``--dns`` for more details.
New client implementation for DNS options sent by server for Windows
The Windows client now uses NRPT (Name Resolution Policy Table) to
handle DNS configurations. This adds support for split-DNS and DNSSEC
and improves the compatbility with local DNS resolvers. Requires the
interactive service.
On Windows the ``block-local`` flag is now enforced with WFP filters.
The ``block-local`` flag to ``--redirect-gateway`` and
``--redirect-private`` is now also enforced via the Windows Firewall,
making sure packets can't be sent to the local network.
This provides stronger protection against TunnelCrack-style attacks.
Windows network adapters are now generated on demand
This means that on systems that run multiple OpenVPN connections at
the same time the users don't need to manually create enough network
adapters anymore (in addition to the ones created by the installer).
Windows automatic service now runs as an unpriviledged user
All tasks that need privileges are now delegated to the interactive
service.
**NOTE** this has the risk of breaking existing setups if the
Windows certificate store is used (cryptoapi), and the certificates
are not readable for ``NT SERVICE\OpenVPNService``.
Support for new version of Linux DCO module
OpenVPN DCO module is moving upstream and being merged into the
main Linux kernel. For this process some API changes were required.
OpenVPN 2.7 will only support the new API. The new module is called
``ovpn``. Out-of-tree builds for older kernels are available. Please
see the release announcements for futher information.
Support for server mode in win-dco driver
On Windows the win-dco driver can now be used in server setups.
Support for TLS client floating in DCO implementations
The kernel modules will detect clients floating to a new IP address
and notify userland so both data packets (kernel) and TLS packets
(sent by userland) can reach the new client IP.
(Actual support depends on recent-enough kernel implementation)
Enforcement of AES-GCM usage limit
OpenVPN will now enforce the usage limits on AES-GCM with the same
confidentiality margin as TLS 1.3 does. This mean that renegotiation will
be triggered after roughly 2^28 to 2^31 packets depending of the packet
size. More details about usage limit of AES-GCM can be found here:
https://datatracker.ietf.org/doc/draft-irtf-cfrg-aead-limits/
Epoch data keys and packet format
This introduces the epoch data format for AEAD data channel
ciphers in TLS mode ciphers. This new data format has a number of
improvements over the standard "DATA_V2" format.
- AEAD tag at the end of packet which is more hardware implementation
friendly
- Automatic key switchover when cipher usage limits are hit, similar to
the epoch data keys in (D)TLS 1.3
- 64 bit instead of 32 bit packet ids to allow the data channel to be
ready for 10 GBit/s without having frequent renegotiation
- IV constructed with XOR instead of concatenation to not have (parts) of
the real IV on the wire
Support for Epoch data channel on Windows, using the win-dco driver (2.8.0+)
Default ciphers in ``--data-ciphers``
Ciphers in ``--data-ciphers`` can contain the string DEFAULT that is
replaced by the default ciphers used by OpenVPN, making it easier to
add an allowed cipher without having to spell out the default ciphers.
TLS alerts
OpenVPN 2.7 will send out TLS alerts to peers informing them if the TLS
session shuts down or when the TLS implementation informs the peer about
an error in the TLS session (e.g. mismatching TLS versions). This improves
the user experience as the client shows an error instead of running into
a timeout when the server just stops responding completely.
Support for tun/tap via unix domain socket and lwipovpn support
To allow better testing and emulating a full client with a full
network stack OpenVPN now allows a program executed to provide
a tun/tap device instead of opening a device.
The co-developed lwipovpn program based on lwIP stack allows to
simulate full IP stack. An OpenVPN client using
``--dev-node unix:/path/to/lwipovpn`` can emulate a full client that
can be pinged, can serve a website and more without requiring any
elevated permission. This can make testing OpenVPN much easier.
For more details see
`lwipovpn on Github <https://github.com/OpenVPN/lwipovpn>`_.
Allow overriding username with ``--override-username``
This is intended to allow using ``--auth-gen-token`` in scenarios where the
clients use certificates and multi-factor authentication. This will
also generate a ``push "auth-token-user newusername"`` directive in
push replies.
``--port-share`` now properly supports IPv6
Issues with logging of IPv6 addresses were fixed. The feature now allows
IPv6 connections towards the proxy receiver.
Support for Haiku OS
TLS1.3 support with mbedTLS (requires mbedTLS >= 3.6.4)
PUSH_UPDATE client support
It is now possible to update parts of the client-side configuration
(IP address, routes, MTU, DNS) by sending a new server-to-client
control message, ``PUSH_UPDATE,<options>``.
See also: https://openvpn.github.io/openvpn-rfc/openvpn-wire-protocol.html
NOTE: PUSH_UPDATE client support is currently disabled if DCO
is active (on all platforms).
PUSH_UPDATE server support (minimal)
New management interface commands ``push-update-broad`` and
``push-update-cid`` to send PUSH_UPDATE option updates to all
clients ("there is a new DNS server") or only a specific client ID
("privileges have changed, here's a new IP address"). See
doc/management-notes.txt
NOTE: PUSH_UPDATE server support is currently disabled if DCO
is active (on all platforms).
Support for user-defined routing tables on Linux
See the ``--route-table`` option in the manpage
PQE support for WolfSSL
Two new environment variables have been introduced to communicate desired
default gateway redirection to plugins like Network Manager,
``route_redirect_gateway_ipv4`` and ``route_redirect_gateway_ipv6``.
See the "Environmental Variables" section in the man page
Improved logging of service events/errors to event log on Windows.
"Recursive Routing" check is now more granular, and will only drop
packets-in-tunnel if destination IP, protocol and port matches with
those needed to reach the VPN server. With that change, you can now
use policies that direct "everything that is not OpenVPN" into the
tunnel, and have IP packets to the VPN server address arrive as
expected (no such policies are currently installed by OpenVPN)
(GH: OpenVPN/openvpn#669).
COPYING: license details only relevant to our Windows installers have
been updated and moved to the openvpn-build repo
Improved BYTECOUNT support - more strictly adhere to timing interval
requested, correctly support client and server counters with Linux and
Windows DCO offloading.
Improve compatibility with OpenSSL 3.6.0 (do not fail t_lpback selftest)
New option ``--tls-crypt-v2-max-age n`` to check tls-crypt-v2 timestamps
(When a client is older than n days or has no timestamp, the server
will reject it)
mbedTLS 4 support has been added.
Note that with mbedTLS 4 algorithms need to be translated to
mbedTLS 4 internal IDs by OpenVPN, and some names might be
missing.
Deprecated features
-------------------
``secret`` support has been removed (by default).
static key mode (non-TLS) is no longer considered "good and secure enough"
for today's requirements. Use TLS mode instead. If deploying a PKI CA
is considered "too complicated", using ``--peer-fingerprint`` makes
TLS mode about as easy as using ``--secret``.
This mode can still be enabled by using
``--allow-deprecated-insecure-static-crypto`` but will be removed in
OpenVPN 2.8.
Support for wintun Windows driver has been removed.
OpenVPN 2.6 added support for the new dco-win driver, so it supported
three different device drivers: dco-win, wintun, and tap-windows6.
OpenVPN 2.7 now drops the support for wintun driver. By default
all modern configs should be supported by dco-win driver. In all
other cases OpenVPN will fall back automatically to tap-windows6
driver.
NTLMv1 authentication support for HTTP proxies has been removed.
This is considered an insecure method of authentication that uses
obsolete crypto algorithms.
NTLMv2 support is still available, but will be removed in a future
release.
When configured to authenticate with NTLMv1 (``ntlm`` keyword in
``--http-proxy``) OpenVPN will try NTLMv2 instead.
``persist-key`` option has been enabled by default.
All the keys will be kept in memory across restart.
OpenSSL 1.0.2 support has been removed.
Support for building with OpenSSL 1.0.2 has been removed. The minimum
supported OpenSSL version is now 1.1.0.
mbedTLS 2.x support has been removed
Support for building with mbedTLS 2.x has been removed (it is out
of support since March 2025, and the necessary compatibility code
is making maintenance and support for mbedTLS 4.x hard).
The minimum supported mbedTLS version is now 3.2.1.
Compression on send has been removed.
OpenVPN 2.7 will never compress data before sending. Decompression of
received data is still supported.
``--allow-compression yes`` is now an alias for
``--allow-compression asym``.
``--memstats`` feature removed
The ``--memstats`` option was largely undocumented and there is no known
user of this feature. This feature provided very limited statistics
(number of users, link bytes read/written) and we do not except any
usage because of this.
Using ``--push`` in a mode that is not ``--mode server`` will now print a
clear warning that this is an unsupported operation and might cause
negotiation failures.
``--reneg-bytes`` and ``--reneg-packets`` do not work in DCO mode, and will
now print an appropriate warning.
On-connect resolving of ``--remote`` addresses in ``--tcp-server`` mode
was not working since 2.4, so the code was completely removed.
User-visible Changes
--------------------
- Default for ``--topology`` changed to ``subnet`` for ``--mode server``.
Previous releases always used ``net30`` as default. This only affects
configs with ``--mode server`` or ``--server`` (the latter implies the
former), and ``--dev tun``, and only if IPv4 is enabled.
Note that this changes the semantics of ``--ifconfig``, so if you have
manual settings for that in your config but not set ``--topology``
your config might fail to parse with the new version. Just adding
``--topology net30`` to the config should fix the problem.
By default ``--topology`` is pushed from server to client.
- ``--x509-username-field`` will no longer automatically convert fieldnames to
uppercase. This was deprecated since OpenVPN 2.4, and has now been removed.
- ``--dh none`` is now the default if ``--dh`` is not specified. Modern TLS
implementations will prefer ECDH and other more modern algorithms anyway.
And finite field Diffie Hellman is in the proces of being deprecated
(see draft-ietf-tls-deprecate-obsolete-kex)
- ``--lport 0`` does not imply ``--bind`` anymore.
- ``--redirect-gateway`` now works correctly if the VPN remote is not
reachable by the default gateway.
- ``--show-gateway`` now supports querying the gateway for IPv4 addresses.
- ``--static-challenge`` option now has a third parameter ``format`` that
can change how password and challenge response should be combined.
- ``--key`` and ``--cert`` now accept URIs implemented in OpenSSL 3 as well as
optional OpenSSL 3 providers loaded using ``--providers`` option.
- ``--cryptoapicert`` now supports issuer name as well as Windows CA template
name or OID as selector string.
- TLS handshake debugging information contains much more details now when
using recent versions of OpenSSL.
- The ``IV_PLAT_VER`` variable sent by Windows clients now contains the
full Windows build version to make it possible to determine the
Windows 10 or Windows 11 version used.
- The ``--windows-driver`` option to select between various windows
drivers will no longer do anything - it's kept so existing configs
will not become invalid, but it is ignored with a warning. The default
is now ``ovpn-dco`` if all options used are compatible with DCO, with
a fallback to ``tap-windows6``. To force TAP (for example because a
server pushes DCO incompatible options), use the ``--disable-dco``
option.
- Apply more checks to incoming TLS handshake packets before creating
new state - namely, verify message ID / acked ID for "valid range for
an initial packet". This fixes a problem with clients that float
very early but send control channel packet from the pre-float IP
(Github: OpenVPN/openvpn#704).
- Use of ``--dh dh2048.pem`` in all sample configs has been replaced
with ``--dh none``. The ``dh2048.pem`` file has been removed.
- The startup delay in ``t_client.sh`` has been reduced from 3s to 1s,
making a noticeable difference for setups with many tests.
- Changed from using ``uncrustify`` for code formatting and pre-commit checks
to ``clang-format``. This reformatted quite a bit of code, and requires
that regular committers change their pre-commit checks accordingly.
- On Linux, on interfaces where applicable, OpenVPN explicitly configures
the broadcast address again. This was dropped for 2.6.0 "because
computers are smart and can do it themselves", but the kernel netlink
interface isn't, and will install "0.0.0.0". This does not normally
matter, but for broadcast-based applications that get the address to
use from "ifconfig", this change repairs functionality (this has
been backported to 2.6.15, but is not in earlier 2.6 versions).
- ``max-routes-per-client 0`` used to be silently upgraded to ``1``. This
now produces an error.
- ``ifconfig`` and ``ifconfig-ipv6`` values are now stored in pre-connect
options cache, and will be restored to pre-connect values on reconnects
if the server stops pushing the respective option.
- ``tapctl.exe`` helper binary on Windows has been reworked to improve
help texts (making clear that it can not only do TAP-Adapters but
Win-DCO as well), add printing of the hwid to all adapter outputs, and
change the default adapter type created to ``ovpn-dco``.
- The default for ``multihome`` egress interface handling has changed.
2.7.0 will default to ipi_ifindex=0, that is, leave the decision to the
routing/policy setup of the operating system. The pre-2.7 behaviour
(force egress = ingress interface) can be achieved with the new
``--multihome same-interface`` sub-option.
- Windows ``openvpn.exe`` binary manifest now sets code page UTF8 - which
has no direct effect on OpenVPN itself, but this repairs OpenSSL file
loading for key/cert files with non-ASCII characters in their file names
(GH: OpenVPN/openvpn#920).
- The ``test-crypto`` option no longer requires a ``--secret`` argument and
will automatically generate a random key.
- The configure-time option ``--enable-x509-alt-username`` is no longer
conditional, and always-on (GH: OpenVPN/openvpn#917).
Deprecated features
-------------------
``--opt-verify`` feature removed
This option was already deprecated and it is now being converted to a
no-op. Using this option will only print a warning.
Overview of changes in 2.6
==========================
Project changes
---------------
We want to deprecate our old Trac bug tracking system.
Please report any issues with this release in GitHub
instead: https://github.com/OpenVPN/openvpn/issues
New features
------------
Support unlimited number of connection entries and remote entries
New management commands to enumerate and list remote entries
Use ``remote-entry-count`` and ``remote-entry-get``
commands from the management interface to get the number of
remote entries and the entries themselves.
Keying Material Exporters (RFC 5705) based key generation
As part of the cipher negotiation OpenVPN will automatically prefer
the RFC5705 based key material generation to the current custom
OpenVPN PRF. This feature requires OpenSSL or mbed TLS 2.18+.
Compatibility with OpenSSL in FIPS mode
OpenVPN will now work with OpenSSL in FIPS mode. Note, no effort
has been made to check or implement all the
requirements/recommendation of FIPS 140-2. This just allows OpenVPN
to be run on a system that be configured OpenSSL in FIPS mode.
``mlock`` will now check if enough memlock-able memory has been reserved,
and if less than 100MB RAM are available, use setrlimit() to upgrade
the limit. See Trac #1390. Not available on OpenSolaris.
Certificate pinning/verify peer fingerprint
The ``--peer-fingerprint`` option has been introduced to give users an
easy to use alternative to the ``tls-verify`` for matching the
fingerprint of the peer. The option takes use a number of allowed
SHA256 certificate fingerprints.
See the man page section "Small OpenVPN setup with peer-fingerprint"
for a tutorial on how to use this feature. This is also available online
under https://github.com/openvpn/openvpn/blob/master/doc/man-sections/example-fingerprint.rst
TLS mode with self-signed certificates
When ``--peer-fingerprint`` is used, the ``--ca`` and ``--capath`` option
become optional. This allows for small OpenVPN setups without setting up
a PKI with Easy-RSA or similar software.
Deferred auth support for scripts
The ``--auth-user-pass-verify`` script supports now deferred authentication.
Pending auth support for plugins and scripts
Both auth plugin and script can now signal pending authentication to
the client when using deferred authentication. The new ``client-crresponse``
script option and ``OPENVPN_PLUGIN_CLIENT_CRRESPONSE`` plugin function can
be used to parse a client response to a ``CR_TEXT`` two factor challenge.
See ``sample/sample-scripts/totpauth.py`` for an example.
Compatibility mode (``--compat-mode``)
The modernisation of defaults can impact the compatibility of OpenVPN 2.6.0
with older peers. The options ``--compat-mode`` allows UIs to provide users
with an easy way to still connect to older servers.
OpenSSL 3.0 support
OpenSSL 3.0 has been added. Most of OpenSSL 3.0 changes are not user visible but
improve general compatibility with OpenSSL 3.0. ``--tls-cert-profile insecure``
has been added to allow selecting the lowest OpenSSL security level (not
recommended, use only if you must). OpenSSL 3.0 no longer supports the Blowfish
(and other deprecated) algorithm by default and the new option ``--providers``
allows loading the legacy provider to renable these algorithms.
Optional ciphers in ``--data-ciphers``
Ciphers in ``--data-ciphers`` can now be prefixed with a ``?`` to mark
those as optional and only use them if the SSL library supports them.
Improved ``--mssfix`` and ``--fragment`` calculation
The ``--mssfix`` and ``--fragment`` options now allow an optional :code:`mtu`
parameter to specify that different overhead for IPv4/IPv6 should taken into
account and the resulting size is specified as the total size of the VPN packets
including IP and UDP headers.
Cookie based handshake for UDP server
Instead of allocating a connection for each client on the initial packet
OpenVPN server will now use an HMAC based cookie as its session id. This
way the server can verify it on completing the handshake without keeping
state. This eliminates the amplification and resource exhaustion attacks.
For tls-crypt-v2 clients, this requires OpenVPN 2.6 clients or later
because the client needs to resend its client key on completing the hand
shake. The tls-crypt-v2 option allows controlling if older clients are
accepted.
By default the rate of initial packet responses is limited to 100 per 10s
interval to avoid OpenVPN servers being abused in reflection attacks
(see ``--connect-freq-initial``).
Data channel offloading with ovpn-dco
2.6.0+ implements support for data-channel offloading where the data packets
are directly processed and forwarded in kernel space thanks to the ovpn-dco
kernel module. The userspace openvpn program acts purely as a control plane
application. Note that DCO will use DATA_V2 packets in P2P mode, therefore,
this implies that peers must be running 2.6.0+ in order to have P2P-NCP
which brings DATA_V2 packet support.
Session timeout
It is now possible to terminate a session (or all) after a specified amount
of seconds has passed session commencement. This behaviour can be configured
using ``--session-timeout``. This option can be configured on the server, on
the client or can also be pushed.
Inline auth username and password
Username and password can now be specified inline in the configuration file
within the <auth-user-pass></auth-user-pass> tags. If the password is
missing OpenVPN will prompt for input via stdin. This applies to inline'd
http-proxy-user-pass too.
Tun MTU can be pushed
The client can now also dynamically configure its MTU and the server
will try to push the client MTU when the client supports it. The
directive ``--tun-mtu-max`` has been introduced to increase the maximum
pushable MTU size (defaults to 1600).
Dynamic TLS Crypt
When both peers are OpenVPN 2.6.1+, OpenVPN will dynamically create
a tls-crypt key that is used for renegotiation. This ensure that only the
previously authenticated peer can do trigger renegotiation and complete
renegotiations.
Improved control channel packet size control (``max-packet-size``)
The size of control channel is no longer tied to
``--link-mtu``/``--tun-mtu`` and can be set using ``--max-packet-size``.
Sending large control channel frames is also optimised by allowing 6
outstanding packets instead of just 4. ``max-packet-size`` will also set
``mssfix`` to try to limit data-channel packets as well.
Deprecated features
-------------------
``inetd`` has been removed
This was a very limited and not-well-tested way to run OpenVPN, on TCP
and TAP mode only.
``verify-hash`` has been deprecated
This option has very limited usefulness and should be replaced by either
a better ``--ca`` configuration or with a ``--tls-verify`` script.
``secret`` has been deprecated
static key mode (non-TLS) is no longer considered "good and secure enough"
for today's requirements. Use TLS mode instead. If deploying a PKI CA
is considered "too complicated", using ``--peer-fingerprint`` makes
TLS mode about as easy as using ``--secret``.
``ncp-disable`` has been removed
This option mainly served a role as debug option when NCP was first
introduced. It should now no longer be necessary.
TLS 1.0 and 1.1 are deprecated
``tls-version-min`` is set to 1.2 by default. OpenVPN 2.6.0 defaults
to a minimum TLS version of 1.2 as TLS 1.0 and 1.1 should be generally
avoided. Note that OpenVPN versions older than 2.3.7 use TLS 1.0 only.
``--cipher`` argument is no longer appended to ``--data-ciphers``
by default. Data cipher negotiation has been introduced in 2.4.0
and been significantly improved in 2.5.0. The implicit fallback
to the cipher specified in ``--cipher`` has been removed.
Effectively, ``--cipher`` is a no-op in TLS mode now, and will
only have an effect in pre-shared-key mode (``--secret``).
From now on ``--cipher`` should not be used in new configurations
for TLS mode.
Should backwards compatibility with older OpenVPN peers be
required, please see the ``--compat-mode`` instead.
``--prng`` has beeen removed
OpenVPN used to implement its own PRNG based on a hash. However implementing
a PRNG is better left to a crypto library. So we use the PRNG
mbed TLS or OpenSSL now.
``--keysize`` has been removed
The ``--keysize`` option was only useful to change the key length when using the
BF, CAST6 or RC2 ciphers. For all other ciphers the key size is fixed with the
chosen cipher. As OpenVPN v2.6 no longer supports any of these variable length
ciphers, this option was removed as well to avoid confusion.
Compression no longer enabled by default
Unless an explicit compression option is specified in the configuration,
``--allow-compression`` defaults to ``no`` in OpeNVPN 2.6.0.
By default, OpenVPN 2.5 still allowed a server to enable compression by
pushing compression related options.
PF (Packet Filtering) support has been removed
The built-in PF functionality has been removed from the code base. This
feature wasn't really easy to use and was long unmaintained.
This implies that also ``--management-client-pf`` and any other compile
time or run time related option do not exist any longer.
Option conflict checking is being deprecated and phased out
The static option checking (OCC) is no longer useful in typical setups
that negotiate most connection parameters. The ``--opt-verify`` and
``--occ-disable`` options are deprecated, and the configure option
``--enable-strict-options`` has been removed. Logging of mismatched
options has been moved to debug logging (verb 7).
User-visible Changes
--------------------
- CHACHA20-POLY1305 is included in the default of ``--data-ciphers`` when available.
- Option ``--prng`` is ignored as we rely on the SSL library random number generator.
- Option ``--nobind`` is default when ``--client`` or ``--pull`` is used in the configuration
- :code:`link_mtu` parameter is removed from environment or replaced with 0 when scripts are
called with parameters. This parameter is unreliable and no longer internally calculated.
- control channel packet maximum size is no longer influenced by
``--link-mtu``/``--tun-mtu`` and must be set by ``--max-packet-size`` now.
The default is 1250 for the control channel size.
- In point-to-point OpenVPN setups (no ``--server``), using
``--explict-exit-notiy`` on one end would terminate the other side at
session end. This is considered a no longer useful default and has
been changed to "restart on reception of explicit-exit-notify message".
If the old behaviour is still desired, ``--remap-usr1 SIGTERM`` can be used.
- FreeBSD tun interfaces with ``--topology subnet`` are now put into real
subnet mode (IFF_BROADCAST instead of IFF_POINTOPOINT) - this might upset
software that enumerates interfaces, looking for "broadcast capable?" and
expecting certain results. Normal uses should not see any difference.
- The default configurations will no longer allow connections to OpenVPN 2.3.x
peer or earlier, use the new ``--compat-mode`` option if you need
compatibility with older versions. See the manual page on the
``--compat-mode`` for details.
- The ``client-pending-auth`` management command now requires also the
key id. The management version has been changed to 5 to indicate this change.
- (OpenVPN 2.6.2) A client will now refuse a connection if pushed compression
settings will contradict the setting of allow-compression as this almost
always results in a non-working connection.
- The "kill" by addr management command now requires also the protocol
as string e.g. "udp", "tcp".
Common errors with OpenSSL 3.0 and OpenVPN 2.6
----------------------------------------------
Both OpenVPN 2.6 and OpenSSL 3.0 tighten the security considerable, so some
configuration will no longer work. This section will cover the most common
causes and error message we have seen and explain their reason and temporary
workarounds. You should fix the underlying problems as soon as possible since
these workaround are not secure and will eventually stop working in a future
update.
- weak SHA1 or MD5 signature on certificates
This will happen on either loading of certificates or on connection
to a server::
OpenSSL: error:0A00018E:SSL routines::ca md too weak
Cannot load certificate file cert.crt
Exiting due to fatal error
OpenSSL 3.0 no longer allows weak signatures on certificates. You can
downgrade your security to allow them by using ``--tls-cert-profile insecure``
but should replace/regenerate these certificates as soon as possible.
- 1024 bit RSA certificates, 1024 bit DH parameters, other weak keys
This happens if you use private keys or other cryptographic material that
does not meet today's cryptographic standards anymore. Messages are similar
to::
OpenSSL: error:0A00018F:SSL routines::ee key too small
OpenSSL: error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small
DH parameters (``--dh``) can be regenerated with ``openssl dhparam 2048``.
For other cryptographic keys, these keys and certificates need to be
regenerated. TLS Security level can be temporarily lowered with
``--tls-cert-profile legacy`` or even ``--tls-cert-profile insecure``.
- Connecting to a OpenVPN 2.3.x server or allowing OpenVPN 2.3.x or earlier
clients
This will normally result in messages like::
OPTIONS ERROR: failed to negotiate cipher with server. Add the server's cipher ('AES-128-CBC') to --data-ciphers (currently 'AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305') if you want to connect to this server.
or
client/127.0.0.1:49954 SENT CONTROL [client]: 'AUTH_FAILED,Data channel cipher negotiation failed (no shared cipher)' (status=1)
You can manually add the missing cipher to the ``--data-ciphers``. The
standard ciphers should be included as well, e.g.
``--data-ciphers AES-256-GCM:AES-128-GCM:?Chacha20-Poly1305:?AES-128-CBC``.
You can also use the ``--compat-mode`` option. Note that these message may
also indicate other cipher configuration problems. See the data channel
cipher negotiation manual section for more details. (Available online under
https://github.com/OpenVPN/openvpn/blob/master/doc/man-sections/cipher-negotiation.rst)
- Use of a legacy or deprecated cipher (e.g. 64bit block ciphers)
OpenSSL 3.0 no longer supports a number of insecure and outdated ciphers in
its default configuration. Some of these ciphers are known to be vulnerable (SWEET32 attack).
This will typically manifest itself in messages like::
OpenSSL: error:0308010C:digital envelope routines::unsupported
Cipher algorithm 'BF-CBC' not found
Unsupported cipher in --data-ciphers: BF-CBC
If your OpenSSL distribution comes with the legacy provider (see
also ``man OSSL_PROVIDER-legacy``), you can load it with
``--providers legacy default``. This will re-enable the old algorithms.
- OpenVPN version not supporting TLS 1.2 or later
The default in OpenVPN 2.6 and also in many distributions is now TLS 1.2 or
later. Connecting to a peer that does not support this will results in
messages like::
TLS error: Unsupported protocol. This typically indicates that client and
server have no common TLS version enabled. This can be caused by mismatched
tls-version-min and tls-version-max options on client and server. If your
OpenVPN client is between v2.3.6 and v2.3.2 try adding tls-version-min 1.0
to the client configuration to use TLS 1.0+ instead of TLS 1.0 only
OpenSSL: error:0A000102:SSL routines::unsupported protocol
This can be an OpenVPN 2.3.6 or earlier version. ``compat-version 2.3.0`` will
enable TLS 1.0 support if supported by the OpenSSL distribution. Note that
on some Linux distributions enabling TLS 1.1 or 1.0 is not possible.
Overview of changes in 2.5
==========================
New features
------------
Client-specific tls-crypt keys (``--tls-crypt-v2``)
``tls-crypt-v2`` adds the ability to supply each client with a unique
tls-crypt key. This allows large organisations and VPN providers to profit
from the same DoS and TLS stack protection that small deployments can
already achieve using ``tls-auth`` or ``tls-crypt``.
ChaCha20-Poly1305 cipher support
Added support for using the ChaCha20-Poly1305 cipher in the OpenVPN data
channel.
Improved Data channel cipher negotiation
The option ``ncp-ciphers`` has been renamed to ``data-ciphers``.
The old name is still accepted. The change in name signals that
``data-ciphers`` is the preferred way to configure data channel
ciphers and the data prefix is chosen to avoid the ambiguity that
exists with ``--cipher`` for the data cipher and ``tls-cipher``
for the TLS ciphers.
OpenVPN clients will now signal all supported ciphers from the
``data-ciphers`` option to the server via ``IV_CIPHERS``. OpenVPN
servers will select the first common cipher from the ``data-ciphers``
list instead of blindly pushing the first cipher of the list. This
allows to use a configuration like
``data-ciphers ChaCha20-Poly1305:AES-256-GCM`` on the server that
prefers ChaCha20-Poly1305 but uses it only if the client supports it.
See the data channel negotiation section in the manual for more details.
Removal of BF-CBC support in default configuration:
By default OpenVPN 2.5 will only accept AES-256-GCM and AES-128-GCM as
data ciphers. OpenVPN 2.4 allows AES-256-GCM,AES-128-GCM and BF-CBC when
no --cipher and --ncp-ciphers options are present. Accepting BF-CBC can be
enabled by adding
data-ciphers AES-256-GCM:AES-128-GCM:BF-CBC
and when you need to support very old peers also
data-ciphers-fallback BF-CBC
To offer backwards compatibility with older configs an *explicit*
cipher BF-CBC
in the configuration will be automatically translated into adding BF-CBC
to the data-ciphers option and setting data-ciphers-fallback to BF-CBC
(as in the example commands above). We strongly recommend to switching
away from BF-CBC to a more secure cipher.
Asynchronous (deferred) authentication support for auth-pam plugin.
See src/plugins/auth-pam/README.auth-pam for details.
Deferred client-connect
The ``--client-connect`` option and the connect plugin API allow
asynchronous/deferred return of the configuration file in the same way
as the auth-plugin.
Faster connection setup
A client will signal in the ``IV_PROTO`` variable that it is in pull
mode. This allows the server to push the configuration options to
the client without waiting for a ``PULL_REQUEST`` message. The feature
is automatically enabled if both client and server support it and
significantly reduces the connection setup time by avoiding one
extra packet round-trip and 1s of internal event delays.
Netlink support
On Linux, if configured without ``--enable-iproute2``, configuring IP
addresses and adding/removing routes is now done via the netlink(3)
kernel interface. This is much faster than calling ``ifconfig`` or
``route`` and also enables OpenVPN to run with less privileges.
If configured with --enable-iproute2, the ``ip`` command is used
(as in 2.4). Support for ``ifconfig`` and ``route`` is gone.
Wintun support
On Windows, OpenVPN can now use ``wintun`` devices. They are faster
than the traditional ``tap9`` tun/tap devices, but do not provide
``--dev tap`` mode - so the official installers contain both. To use
a wintun device, add ``--windows-driver wintun`` to your config
(and use of the interactive service is required as wintun needs
SYSTEM privileges to enable access).
IPv6-only operation
It is now possible to have only IPv6 addresses inside the VPN tunnel,
and IPv6-only address pools (2.4 always required IPv4 config/pools
and IPv6 was the "optional extra").
Improved Windows 10 detection
Correctly log OS on Windows 10 now.
Linux VRF support
Using the new ``--bind-dev`` option, the OpenVPN outside socket can
now be put into a Linux VRF. See the "Virtual Routing and Forwarding"
documentation in the man page.
TLS 1.3 support
TLS 1.3 support has been added to OpenVPN. Currently, this requires
OpenSSL 1.1.1+.
The options ``--tls-ciphersuites`` and ``--tls-groups`` have been
added to fine tune TLS protocol options. Most of the improvements
were also backported to OpenVPN 2.4 as part of the maintainance
releases.
Support setting DHCP search domain
A new option ``--dhcp-option DOMAIN-SEARCH my.example.com`` has been
defined, and Windows support for it is implemented (tun/tap only, no
wintun support yet). Other platforms need to support this via ``--up``
script (Linux) or GUI (OSX/Tunnelblick).
per-client changing of ``--data-ciphers`` or ``data-ciphers-fallback``
from client-connect script/dir (NOTE: this only changes preference of
ciphers for NCP, but can not override what the client announces as
"willing to accept")
Handle setting of tun/tap interface MTU on Windows
If IPv6 is in use, MTU must be >= 1280 (Windows enforces IETF requirements)
Add support for OpenSSL engines to access private key material (like TPM).
HMAC based auth-token support
The ``--auth-gen-token`` support has been improved and now generates HMAC
based user token. If the optional ``--auth-gen-token-secret`` option is
used clients will be able to seamlessly reconnect to a different server
using the same secret file or to the same server after a server restart.
Improved support for pending authentication
The protocol has been enhanced to be able to signal that
the authentication should use a secondary authentication
via web (like SAML) or a two factor authentication without
disconnecting the OpenVPN session with AUTH_FAILED. The
session will instead be stay in a authenticated state and
wait for the second factor authentication to complete.
This feature currently requires usage of the managent interface
on both client and server side. See the ``management-notes.txt``
``client-pending-auth`` and ``cr-response`` commands for more
details.
VLAN support
OpenVPN servers in TAP mode can now use 802.1q tagged VLANs
on the TAP interface to separate clients into different groups
that can then be handled differently (different subnets / DHCP,
firewall zones, ...) further down the network. See the new
options ``--vlan-tagging``, ``--vlan-accept``, ``--vlan-pvid``.
802.1q tagging on the client side TAP interface is not handled
today (= tags are just forwarded transparently to the server).
Support building of .msi installers for Windows
Allow unicode search string in ``--cryptoapicert`` option (Windows)
Support IPv4 configs with /31 netmasks now
(By no longer trying to configure ``broadcast x.x.x.x`` in
ifconfig calls, /31 support "just works")
New option ``--block-ipv6`` to reject all IPv6 packets (ICMPv6)
this is useful if the VPN service has no IPv6, but the clients
might have (LAN), to avoid client connections to IPv6-enabled
servers leaking "around" the IPv4-only VPN.
``--ifconfig-ipv6`` and ``--ifconfig-ipv6-push`` will now accept
hostnames and do a DNS lookup to get the IPv6 address to use
Deprecated features
-------------------
For an up-to-date list of all deprecated options, see this wiki page:
https://community.openvpn.net/openvpn/wiki/DeprecatedOptions
- ``ncp-disable`` has been deprecated
With the improved and matured data channel cipher negotiation, the use
of ``ncp-disable`` should not be necessary anymore.
- ``inetd`` has been deprecated
This is a very limited and not-well-tested way to run OpenVPN, on TCP
and TAP mode only, which complicates the code quite a bit for little gain.
To be removed in OpenVPN 2.6 (unless users protest).
- ``no-iv`` has been removed
This option was made into a NOOP option with OpenVPN 2.4. This has now
been completely removed.
- ``--client-cert-not-required`` has been removed
This option will now cause server configurations to not start. Use
``--verify-client-cert none`` instead.
- ``--ifconfig-pool-linear`` has been removed
This option is removed. Use ``--topology p2p`` or ``--topology subnet``
instead.
- ``--compress xxx`` is considered risky and is warned against, see below.
- ``--key-method 1`` has been removed
User-visible Changes
--------------------
- If multiple connect handlers are used (client-connect, ccd, connect
plugin) and one of the handler succeeds but a subsequent fails, the
client-disconnect-script is now called immediately. Previously it
was called, when the VPN session was terminated.
- Support for building with OpenSSL 1.0.1 has been removed. The minimum
supported OpenSSL version is now 1.0.2.
- The GET_CONFIG management state is omitted if the server pushes
the client configuration almost immediately as result of the
faster connection setup feature.
- ``--compress`` is nowadays considered risky, because attacks exist
leveraging compression-inside-crypto to reveal plaintext (VORACLE). So
by default, ``--compress xxx`` will now accept incoming compressed
packets (for compatibility with peers that have not been upgraded yet),
but will not use compression outgoing packets. This can be controlled with
the new option ``--allow-compression yes|no|asym``.
- Stop changing ``--txlen`` aways from OS defaults unless explicitly specified
in config file. OS defaults nowadays are actually larger then what we used
to configure, so our defaults sometimes caused packet drops = bad performance.
- remove ``--writepid`` pid file on exit now
- plugin-auth-pam now logs via OpenVPN logging method, no longer to stderr
(this means you'll have log messages in syslog or openvpn log file now)
- use ISO 8601 time format for file based logging now (YYYY-MM-DD hh:mm:dd)
(syslog is not affected, nor is ``--machine-readable-output``)
- ``--clr-verify`` now loads all CRLs if more than one CRL is in the same
file (OpenSSL backend only, mbedTLS always did that)
- when ``--auth-user-pass file`` has no password, and the management interface
is active, query management interface (instead of trying console query,
which does not work on windows)
- skip expired certificates in Windows certificate store (``--cryptoapicert``)
- ``--socks-proxy`` + ``--proto udp*`` will now allways use IPv4, even if
IPv6 is requested and available. Our SOCKS code does not handle IPv6+UDP,
and before that change it would just fail in non-obvious ways.
- TCP listen() backlog queue is now set to 32 - this helps TCP servers that
receive lots of "invalid" connects by TCP port scanners
- do no longer print OCC warnings ("option mismatch") about ``key-method``,
``keydir``, ``tls-auth`` and ``cipher`` - these are either gone now, or
negotiated, and the warnings do not serve a useful purpose.
- ``dhcp-option DNS`` and ``dhcp-option DNS6`` are now treated identically
(= both accept an IPv4 or IPv6 address for the nameserver)
Maintainer-visible changes
--------------------------
- the man page is now in maintained in .rst format, so building the openvpn.8
manpage from a git checkout now requires python-docutils (if this is missing,
the manpage will not be built - which is not considered an error generally,
but for package builders or ``make distcheck`` it is). Release tarballs
contain the openvpn.8 file, so unless some .rst is changed, doc-utils are
not needed for building.
- OCC support can no longer be disabled
- AEAD support is now required in the crypto library
- ``--disable-server`` has been removed from configure (so it is no longer
possible to build a client-/p2p-only OpenVPN binary) - the saving in code
size no longer outweighs the extra maintenance effort.
- ``--enable-iproute2`` will disable netlink(3) support, so maybe remove
that from package building configs (see above)
- support building with MSVC 2019
- cmocka based unit tests are now only run if cmocka is installed externally
(2.4 used to ship a local git submodule which was painful to maintain)
- ``--disable-crypto`` configure option has been removed. OpenVPN is now always
built with crypto support, which makes the code much easier to maintain.
This does not affect ``--cipher none`` to do a tunnel without encryption.
- ``--disable-multi`` configure option has been removed
Overview of changes in 2.4
==========================
New features
------------
Seamless client IP/port floating
Added new packet format P_DATA_V2, which includes peer-id. If both the
server and client support it, the client sends all data packets in
the new format. When a data packet arrives, the server identifies peer
by peer-id. If peer's ip/port has changed, server assumes that
client has floated, verifies HMAC and updates ip/port in internal structs.
This allows the connection to be immediately restored, instead of requiring
a TLS handshake before the server accepts packets from the new client
ip/port.
Data channel cipher negotiation
Data channel ciphers (``--cipher``) are now by default negotiated. If a
client advertises support for Negotiable Crypto Parameters (NCP), the
server will choose a cipher (by default AES-256-GCM) for the data channel,
and tell the client to use that cipher. Data channel cipher negotiation
can be controlled using ``--ncp-ciphers`` and ``--ncp-disable``.
A more limited version also works in client-to-server and server-to-client
scenarios where one of the end points uses a v2.4 client or server and the
other side uses an older version. In such scenarios the v2.4 side will
change to the ``--cipher`` set by the remote side, if permitted by by
``--ncp-ciphers``. For example, a v2.4 client with ``--cipher BF-CBC``
and ``ncp-ciphers AES-256-GCM:AES-256-CBC`` can connect to both a v2.3
server with ``cipher BF-CBC`` as well as a server with
``cipher AES-256-CBC`` in its config. The other way around, a v2.3 client
with either ``cipher BF-CBC`` or ``cipher AES-256-CBC`` can connect to a
v2.4 server with e.g. ``cipher BF-CBC`` and
``ncp-ciphers AES-256-GCM:AES-256-CBC`` in its config. For this to work
it requires that OpenVPN was built without disabling OCC support.
AEAD (GCM) data channel cipher support
The data channel now supports AEAD ciphers (currently only GCM). The AEAD
packet format has a smaller crypto overhead than the CBC packet format,
(e.g. 20 bytes per packet for AES-128-GCM instead of 36 bytes per packet
for AES-128-CBC + HMAC-SHA1).
ECDH key exchange
The TLS control channel now supports for elliptic curve diffie-hellmann
key exchange (ECDH).
Improved Certificate Revocation List (CRL) processing
CRLs are now handled by the crypto library (OpenSSL or mbed TLS), instead
of inside OpenVPN itself. The crypto library implementations are more
strict than the OpenVPN implementation was. This might reject peer
certificates that would previously be accepted. If this occurs, OpenVPN
will log the crypto library's error description.
Dualstack round-robin DNS client connect
Instead of only using the first address of each ``--remote`` OpenVPN
will now try all addresses (IPv6 and IPv4) of a ``--remote`` entry.
Support for providing IPv6 DNS servers
A new DHCP sub-option ``DNS6`` is added alongside with the already existing
``DNS`` sub-option. This is used to provide DNS resolvers available over
IPv6. This may be pushed to clients where `` --up`` scripts and ``--plugin``
can act upon it through the ``foreign_option_<n>`` environment variables.
Support for the Windows client picking up this new sub-option is added,
however IPv6 DNS resolvers need to be configured via ``netsh`` which requires
administrator privileges unless the new interactive services on Windows is
being used. If the interactive service is used, this service will execute
``netsh`` in the background with the proper privileges.
New improved Windows Background service
The new OpenVPNService is based on openvpnserv2, a complete rewrite of the OpenVPN
service wrapper. It is intended for launching OpenVPN instances that should be
up at all times, instead of being manually launched by a user. OpenVPNService is
able to restart individual OpenVPN processes if they crash, and it also works
properly on recent Windows versions. OpenVPNServiceLegacy tends to work poorly,
if at all, on newer Windows versions (8+) and its use is not recommended.
New interactive Windows service
The installer starts OpenVPNServiceInteractive automatically and configures
it to start at system startup.
The interactive Windows service allows unprivileged users to start
OpenVPN connections in the global config directory (usually
C:\\Program Files\\OpenVPN\\config) using OpenVPN GUI without any
extra configuration.
Users who belong to the built-in Administrator group or to the
local "OpenVPN Administrator" group can also store configuration
files under %USERPROFILE%\\OpenVPN\\config for use with the
interactive service.
redirect-gateway ipv6
OpenVPN has now feature parity between IPv4 and IPv6 for redirect
gateway including the handling of overlapping IPv6 routes with
IPv6 remote VPN server address.
LZ4 Compression and pushable compression
Additionally to LZO compression OpenVPN now also supports LZ4 compression.
Compression options are now pushable from the server.
Filter pulled options client-side: pull-filter
New option to explicitly allow or reject options pushed by the server.
May be used multiple times and is applied in the order specified.
Per-client remove push options: push-remove
New option to remove options on a per-client basis from the "push" list
(more fine-grained than ``--push-reset``).
Http proxy password inside config file
Http proxy passwords can be specified with the inline file option
``<http-proxy-user-pass>`` .. ``</http-proxy-user-pass>``
Windows version detection
Windows version is detected, logged and possibly signalled to server
(IV_PLAT_VER=<nn> if ``--push-peer-info`` is set on client).
Authentication tokens
In situations where it is not suitable to save user passwords on the client,
OpenVPN has support for pushing a --auth-token since v2.3. This option is
pushed from the server to the client with a token value to be used instead
of the users password. For this to work, the authentication plug-in would
need to implement this support as well. In OpenVPN 2.4 --auth-gen-token
is introduced, which will allow the OpenVPN server to generate a random
token and push it to the client without any changes to the authentication
modules. When the clients need to re-authenticate the OpenVPN server will
do the authentication internally, instead of sending the re-authentication
request to the authentication module . This feature is especially
useful in configurations which use One Time Password (OTP) authentication
schemes, as this allows the tunnel keys to be renegotiated regularly without
any need to supply new OTP codes.
keying-material-exporter
Keying Material Exporter [RFC-5705] allow additional keying material to be
derived from existing TLS channel.
Android platform support
Support for running on Android using Android's VPNService API has been added.
See doc/android.txt for more details. This support is primarily used in
the OpenVPN for Android app (https://github.com/schwabe/ics-openvpn)
AIX platform support
AIX platform support has been added. The support only includes tap
devices since AIX does not provide tun interface.
Control channel encryption (``--tls-crypt``)
Use a pre-shared static key (like the ``--tls-auth`` key) to encrypt control
channel packets. Provides more privacy, some obfuscation and poor-man's
post-quantum security.
Asynchronous push reply
Plug-ins providing support for deferred authentication can benefit from a more
responsive authentication where the server sends PUSH_REPLY immediately once
the authentication result is ready, instead of waiting for the client to
to send PUSH_REQUEST once more. This requires OpenVPN to be built with
``./configure --enable-async-push``. This is a compile-time only switch.
Deprecated features
-------------------
For an up-to-date list of all deprecated options, see this wiki page:
https://community.openvpn.net/openvpn/wiki/DeprecatedOptions
- ``--key-method 1`` is deprecated in OpenVPN 2.4 and will be removed in v2.5.
Migrate away from ``--key-method 1`` as soon as possible. The recommended
approach is to remove the ``--key-method`` option from the configuration
files, OpenVPN will then use ``--key-method 2`` by default. Note that this
requires changing the option in both the client and server side configs.
- ``--tls-remote`` is removed in OpenVPN 2.4, as indicated in the v2.3
man-pages. Similar functionality is provided via ``--verify-x509-name``,
which does the same job in a better way.
- ``--compat-names`` and ``--no-name-remapping`` were deprecated in OpenVPN 2.3
and will be removed in v2.5. All scripts and plug-ins depending on the old
non-standard X.509 subject formatting must be updated to the standardized
formatting. See the man page for more information.
- ``--no-iv`` is deprecated in OpenVPN 2.4 and will be removed in v2.5.
- ``--keysize`` is deprecated in OpenVPN 2.4 and will be removed in v2.6
together with the support of ciphers with cipher block size less than
128-bits.
- ``--comp-lzo`` is deprecated in OpenVPN 2.4. Use ``--compress`` instead.
- ``--ifconfig-pool-linear`` has been deprecated since OpenVPN 2.1 and will be
removed in v2.5. Use ``--topology p2p`` instead.
- ``--client-cert-not-required`` is deprecated in OpenVPN 2.4 and will be removed
in v2.5. Use ``--verify-client-cert none`` for a functional equivalent.
- ``--ns-cert-type`` is deprecated in OpenVPN 2.3.18 and v2.4. It will be removed
in v2.5. Use the far better ``--remote-cert-tls`` option which replaces this
feature.
User-visible Changes
--------------------
- When using ciphers with cipher blocks less than 128-bits,
OpenVPN will complain loudly if the configuration uses ciphers considered
weak, such as the SWEET32 attack vector. In such scenarios, OpenVPN will by
default renegotiate for each 64MB of transported data (``--reneg-bytes``).
This renegotiation can be disabled, but is HIGHLY DISCOURAGED.
- For certificate DNs with duplicate fields, e.g. "OU=one,OU=two", both fields
are now exported to the environment, where each second and later occurrence
of a field get _$N appended to it's field name, starting at N=1. For the
example above, that would result in e.g. X509_0_OU=one, X509_0_OU_1=two.
Note that this breaks setups that rely on the fact that OpenVPN would
previously (incorrectly) only export the last occurrence of a field.
- ``proto udp`` and ``proto tcp`` now use both IPv4 and IPv6. The new
options ``proto udp4`` and ``proto tcp4`` use IPv4 only.
- ``--sndbuf`` and ``--recvbuf`` default now to OS defaults instead of 64k
- OpenVPN exits with an error if an option has extra parameters;
previously they were silently ignored
- ``--tls-auth`` always requires OpenVPN static key files and will no
longer work with free form files
- ``--proto udp6/tcp6`` in server mode will now try to always listen to
both IPv4 and IPv6 on platforms that allow it. Use ``--bind ipv6only``
to explicitly listen only on IPv6.
- Removed ``--enable-password-save`` from configure. This option is now
always enabled.
- Stricter default TLS cipher list (override with ``--tls-cipher``), that now
also disables:
* Non-ephemeral key exchange using static (EC)DH keys
* DSS private keys
- mbed TLS builds: changed the tls_digest_N values exported to the script
environment to be equal to the ones exported by OpenSSL builds, namely
the certificate fingerprint (was the hash of the 'to be signed' data).
- mbed TLS builds: minimum RSA key size is now 2048 bits. Shorter keys will
not be accepted, both local and from the peer.
- ``--connect-timeout`` now specifies the timeout until the first TLS packet
is received (identical to ``--server-poll-timeout``) and this timeout now
includes the removed socks proxy timeout and http proxy timeout.
In ``--static`` mode ``connect-timeout`` specifies the timeout for TCP and
proxy connection establishment
- ``--connect-retry-max`` now specifies the maximum number of unsuccessful
attempts of each remote/connection entry before exiting.
- ``--http-proxy-timeout`` and the static non-changeable socks timeout (5s)
have been folded into a "unified" ``--connect-timeout`` which covers all
steps needed to connect to the server, up to the start of the TLS exchange.
The default value has been raised to 120s, to handle slow http/socks
proxies graciously. The old "fail TCP fast" behaviour can be achieved by
adding "``--connect-timeout 10``" to the client config.
- ``--http-proxy-retry`` and ``--sock-proxy-retry`` have been removed. Proxy connections
will now behave like regular connection entries and generate a USR1 on failure.
- ``--connect-retry`` gets an optional second argument that specifies the maximum
time in seconds to wait between reconnection attempts when an exponential
backoff is triggered due to repeated retries. Default = 300 seconds.
- Data channel cipher negotiation (see New features section) can override
ciphers configured in the config file. Use ``--ncp-disable`` if you do not want
this behavior.
- All tun devices on all platforms are always considered to be IPv6
capable. The ``--tun-ipv6`` option is ignored (behaves like it is always
on).
- On the client side recursively routed packets, which have the same destination
as the VPN server, are dropped. This can be disabled with
--allow-recursive-routing option.
- On Windows, when the ``--register-dns`` option is set, OpenVPN no longer
restarts the ``dnscache`` service - this had unwanted side effects, and
seems to be no longer necessary with currently supported Windows versions.
- If no flags are given, and the interactive Windows service is used, "def1"
is implicitly set (because "delete and later reinstall the existing
default route" does not work well here). If not using the service,
the old behaviour is kept.
- OpenVPN now reloads a CRL only if the modication time or file size has
changed, instead of for each new connection. This reduces the connection
setup time, in particular when using large CRLs.
- OpenVPN now ships with more up-to-date systemd unit files which take advantage
of the improved service management as well as some hardening steps. The
configuration files are picked up from the /etc/openvpn/server/ and
/etc/openvpn/client/ directories (depending on unit file). This also avoids
these new unit files and how they work to collide with older pre-existing
unit files.
- Using ``--no-iv`` (which is generally not a recommended setup) will
require explicitly disabling NCP with ``--disable-ncp``. This is
intentional because NCP will by default use AES-GCM, which requires
an IV - so we want users of that option to consciously reconsider.
Maintainer-visible changes
--------------------------
- OpenVPN no longer supports building with crypto support, but without TLS
support. As a consequence, OPENSSL_CRYPTO_{CFLAGS,LIBS} and
OPENSSL_SSL_{CFLAGS,LIBS} have been merged into OPENSSL_{CFLAGS,LIBS}. This
is particularly relevant for maintainers who build their own OpenSSL library,
e.g. when cross-compiling.
- Linux distributions using systemd is highly encouraged to ship these new unit
files instead of older ones, to provide a unified behaviour across systemd
based Linux distributions.
- With OpenVPN 2.4, the project has moved over to depend on and actively use
the official C99 standard (-std=c99). This may fail on some older compiler/libc
header combinations. In most of these situations it is recommended to
use -std=gnu99 in CFLAGS. This is known to be needed when doing
i386/i686 builds on RHEL5.
Version 2.4.5
=============
New features
------------
- The new option ``--tls-cert-profile`` can be used to restrict the set of
allowed crypto algorithms in TLS certificates in mbed TLS builds. The
default profile is 'legacy' for now, which allows SHA1+, RSA-1024+ and any
elliptic curve certificates. The default will be changed to the 'preferred'
profile in the future, which requires SHA2+, RSA-2048+ and any curve.
Version 2.4.3
=============
New features
------------
- Support building with OpenSSL 1.1 now (in addition to older versions)
- On Win10, set low interface metric for TAP adapter when block-outside-dns
is in use, to make Windows prefer the TAP adapter for DNS queries
(avoiding large delays)
Security
--------
- CVE-2017-7522: Fix ``--x509-track`` post-authentication remote DoS
A client could crash a v2.4+ mbedtls server, if that server uses the
``--x509-track`` option and the client has a correct, signed and unrevoked
certificate that contains an embedded NUL in the certificate subject.
Discovered and reported to the OpenVPN security team by Guido Vranken.
- CVE-2017-7521: Fix post-authentication remote-triggerable memory leaks
A client could cause a server to leak a few bytes each time it connects to the
server. That can eventually cause the server to run out of memory, and thereby
causing the server process to terminate. Discovered and reported to the
OpenVPN security team by Guido Vranken. (OpenSSL builds only.)
- CVE-2017-7521: Fix a potential post-authentication remote code execution
attack on servers that use the ``--x509-username-field`` option with an X.509
extension field (option argument prefixed with ``ext:``). A client that can
cause a server to run out-of-memory (see above) might be able to cause the
server to double free, which in turn might lead to remote code execution.
Discovered and reported to the OpenVPN security team by Guido Vranken.
(OpenSSL builds only.)
- CVE-2017-7520: Pre-authentication remote crash/information disclosure for
clients. If clients use a HTTP proxy with NTLM authentication (i.e.
``--http-proxy <server> <port> [<authfile>|'auto'|'auto-nct'] ntlm2``),
a man-in-the-middle attacker between the client and the proxy can cause
the client to crash or disclose at most 96 bytes of stack memory. The
disclosed stack memory is likely to contain the proxy password. If the
proxy password is not reused, this is unlikely to compromise the security
of the OpenVPN tunnel itself. Clients who do not use the ``--http-proxy``
option with ntlm2 authentication are not affected.
- CVE-2017-7508: Fix remotely-triggerable ASSERT() on malformed IPv6 packet.
This can be used to remotely shutdown an openvpn server or client, if
IPv6 and ``--mssfix`` are enabled and the IPv6 networks used inside the VPN
are known.
- Fix null-pointer dereference when talking to a malicious http proxy
that returns a malformed ``Proxy-Authenticate:`` headers for digest auth.
- Fix overflow check for long ``--tls-cipher`` option
- Windows: Pass correct buffer size to ``GetModuleFileNameW()``
(OSTIF/Quarkslabs audit, finding 5.6)
User-visible Changes
--------------------
- ``--verify-hash`` can now take an optional flag which changes the hashing
algorithm. It can be either SHA1 or SHA256. The default if not provided is
SHA1 to preserve backwards compatibility with existing configurations.
- Restrict the supported ``--x509-username-field`` extension fields to subjectAltName
and issuerAltName. Other extensions probably didn't work anyway, and would
cause OpenVPN to crash when a client connects.
Bugfixes
--------
- Fix fingerprint calculation in mbed TLS builds. This means that mbed TLS users
of OpenVPN 2.4.0, v2.4.1 and v2.4.2 that rely on the values of the
``tls_digest_*`` env vars, or that use ``--verify-hash`` will have to change
the fingerprint values they check against. The security impact of the
incorrect calculation is very minimal; the last few bytes (max 4, typically
4) are not verified by the fingerprint. We expect no real-world impact,
because users that used this feature before will notice that it has suddenly
stopped working, and users that didn't will notice that connection setup
fails if they specify correct fingerprints.
- Fix edge case with NCP when the server sends an empty PUSH_REPLY message
back, and the client would not initialize it's data channel crypto layer
properly (trac #903)
- Fix SIGSEGV on unaligned buffer access on OpenBSD/Sparc64
- Fix TCP_NODELAY on OpenBSD
- Remove erroneous limitation on max number of args for ``--plugin``
- Fix NCP behaviour on TLS reconnect (Server would not send a proper
"cipher ..." message back to the client, leading to client and server
using different ciphers) (trac #887)
Version 2.4.2
=============
Bugfixes
--------
- Fix memory leak introduced in OpenVPN 2.4.1: if ``--remote-cert-tls`` is
used, we leaked some memory on each TLS (re)negotiation.
Security
--------
- Fix a pre-authentication denial-of-service attack on both clients and
servers. By sending a too-large control packet, OpenVPN 2.4.0 or v2.4.1 can
be forced to hit an ASSERT() and stop the process. If ``--tls-auth`` or
``--tls-crypt`` is used, only attackers that have the ``--tls-auth`` or
``--tls-crypt`` key can mount an attack.
(OSTIF/Quarkslab audit finding 5.1, CVE-2017-7478)
- Fix an authenticated remote DoS vulnerability that could be triggered by
causing a packet id roll over. An attack is rather inefficient; a peer
would need to get us to send at least about 196 GB of data.
(OSTIF/Quarkslab audit finding 5.2, CVE-2017-7479)
Version 2.4.1
=============
- ``--remote-cert-ku`` now only requires the certificate to have at least the
bits set of one of the values in the supplied list, instead of requiring an
exact match to one of the values in the list.
- ``--remote-cert-tls`` now only requires that a keyUsage is present in the
certificate, and leaves the verification of the value up to the crypto
library, which has more information (i.e. the key exchange method in use)
to verify that the keyUsage is correct.
- ``--ns-cert-type`` is deprecated. Use ``--remote-cert-tls`` instead.
The nsCertType x509 extension is very old, and barely used.
``--remote-cert-tls`` uses the far more common keyUsage and extendedKeyUsage
extension instead. Make sure your certificates carry these to be able to
use ``--remote-cert-tls``.
================================================
FILE: INSTALL
================================================
Installation instructions for OpenVPN, a Secure Tunneling Daemon
Copyright (C) 2002-2022 OpenVPN Inc. This program is free software;
you can redistribute it and/or modify
it under the terms of the GNU General Public License version 2
as published by the Free Software Foundation.
*************************************************************************
QUICK START:
Unix:
./configure && make && make install
*************************************************************************
To download OpenVPN source code of releases, go to:
https://openvpn.net/community-downloads/
OpenVPN releases are also available as Debian/RPM packages:
https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos
OpenVPN development versions can be found here:
https://github.com/OpenVPN/openvpn
https://gitlab.com/OpenVPN/openvpn
https://sourceforge.net/p/openvpn/openvpn/ci/master/tree/
They should all be in sync at any time.
To download easy-rsa go to:
https://github.com/OpenVPN/easy-rsa
To download tap-windows (NDIS 6) driver source code go to:
https://github.com/OpenVPN/tap-windows6
To download ovpn-dco Windows driver source code go to:
https://github.com/OpenVPN/ovpn-dco-win
To get the cross-compilation environment go to:
https://github.com/OpenVPN/openvpn-build
For step-by-step instructions with real-world examples see:
https://community.openvpn.net/openvpn/wiki/GettingStartedwithOVPN
https://community.openvpn.net/openvpn/wiki
https://openvpn.net/community-resources/
Also see the man page for more information.
*************************************************************************
For a list of supported platforms and architectures, and for
instructions how to port OpenVPN to a yet-unsupported architecture,
see the file "PORTS".
*************************************************************************
SYSTEM REQUIREMENTS:
(1) TUN and/or TAP driver to allow user-space programs to control
a virtual point-to-point IP or Ethernet device.
See TUN/TAP Driver References section below for more info.
(2a) OpenSSL library, necessary for encryption, version 1.1.0 or higher
required, available from https://www.openssl.org/
or
(2b) mbed TLS library, an alternative for encryption, version 2.0 or higher
required, available from https://tls.mbed.org/
(3) on Linux, "libnl-gen" is required for kernel netlink support
(4) on Linux, "libcap-ng" is required for Linux capability handling
OPTIONAL:
(5) LZO real-time compression library, required for link compression,
available from https://www.oberhumer.com/opensource/lzo/
(most supported operating systems have LZO in their installable
packages repository. It might be necessary to add LZO_CFLAGS=
and LZO_LIBS= to the configure call to make it find the LZO pieces)
(6) LZ4 compression library
OPTIONAL (for developers only):
(1) Autoconf 2.59 or higher
Automake 1.9 or higher
Libtool
Git
(2) cmocka test framework (https://cmocka.org)
(3) If using t_client.sh test framework, fping/fping6 is needed
Note: t_client.sh needs an external configured OpenVPN server.
See t_client.rc-sample for more info.
*************************************************************************
CHECK OUT SOURCE FROM SOURCE REPOSITORY:
Clone the repository:
git clone https://github.com/OpenVPN/openvpn
git clone https://gitlab.com/OpenVPN/openvpn
git clone git://openvpn.git.sourceforge.net/gitroot/openvpn/openvpn
Check out stable version:
git checkout release/2.6
Check out master (unstable) branch:
git checkout master
*************************************************************************
BUILD COMMANDS FROM TARBALL:
./configure
make
sudo make install
*************************************************************************
BUILD COMMANDS FROM SOURCE REPOSITORY CHECKOUT:
autoreconf -i -v -f
./configure
make
sudo make install
*************************************************************************
BUILD A TARBALL FROM SOURCE REPOSITORY CHECKOUT:
autoreconf -i -v -f
./configure
make distcheck
*************************************************************************
TESTS (after BUILD):
make check (Run all tests below)
Test Crypto:
./openvpn --genkey secret key
./openvpn --test-crypto --secret key
Test SSL/TLS negotiations (runs for 2 minutes):
./openvpn --config sample/sample-config-files/loopback-client (In one window)
./openvpn --config sample/sample-config-files/loopback-server (Simultaneously in another window)
For more thorough client-server tests you can configure your own, private test
environment. See tests/t_client.rc-sample for details.
To do the C unit tests, you need to have the "cmocka" test framework
installed on your system. More recent distributions already ship this
as part of their packages/ports. If your system does not have it,
you can install cmocka with these commands:
$ git clone https://git.cryptomilk.org/projects/cmocka.git
$ cd cmocka
$ mkdir build
$ cd build
$ cmake -DCMAKE_INSTALL_PREFIX=/usr/local -DCMAKE_BUILD_TYPE=Debug ..
$ make
$ sudo make install
*************************************************************************
OPTIONS for ./configure:
To get an overview of all the configure options, run "./configure --help"
ENVIRONMENT for ./configure:
For more fine-grained control on include + library paths for external
components etc., configure can be called with environment variables on
the command line, e.g.
./configure OPENSSL_CFLAGS="-I/usr/local/include" ...
these are also explained in "./configure --help", so not repeated here.
*************************************************************************
Linux distribution packaging:
Each Linux distribution has their own way of doing packaging and their
own set of guidelines of how proper packaging should be done. It
is therefore recommended to reach out to the Linux distributions you
want to have OpenVPN packaged for directly. The OpenVPN project wants
to focus more on the OpenVPN development and less on the packaging
and how packaging is done in all various distributions.
For more details:
* Arch Linux
https://www.archlinux.org/packages/?name=openvpn
* Debian
https://packages.debian.org/search?keywords=openvpn&searchon=names
https://tracker.debian.org/pkg/openvpn
* Fedora / Fedora EPEL (Red Hat Enterprise Linux/CentOS/Scientific Linux)
https://apps.fedoraproject.org/packages/openvpn/overview/
https://src.fedoraproject.org/rpms/openvpn
* Gentoo
https://packages.gentoo.org/packages/net-vpn/openvpn
https://gitweb.gentoo.org/repo/gentoo.git/tree/net-vpn/openvpn
* openSUSE
https://build.opensuse.org/package/show/network:vpn/openvpn
* Ubuntu
https://packages.ubuntu.com/search?keywords=openvpn
In addition, the OpenVPN community provides best-effort package
repositories for CentOS/Fedora, Debian and Ubuntu:
https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos
*************************************************************************
TUN/TAP Driver References:
* Linux 2.6 or higher (with integrated TUN/TAP driver):
(1) load driver: modprobe tun
(2) enable routing: echo 1 > /proc/sys/net/ipv4/ip_forward
Note that (1) needs to be done once per reboot. If you install from RPM (see
above) and use the openvpn.init script, these steps are taken care of for you.
* FreeBSD:
FreeBSD ships with the TUN/TAP driver, and the device nodes for tap0,
tap1, tap2, tap3, tun0, tun1, tun2 and tun3 are made by default.
On FreeBSD versions prior to 12.0-RELEASE, there were independent
TUN and TAP drivers, and the TAP driver needed to be loaded manually,
using the command:
# kldload if_tap
For recent FreeBSD versions, TUN/TAP are integrated and always loaded.
FreeBSD 14 contains the ovpn(4) for kernel-level OpenVPN acceleration
(DCO) which will be used by OpenVPN 2.6 and up if available.
* OpenBSD:
OpenBSD has dynamically created tun* devices so you only need
to create an empty /etc/hostname.tun0 (tun1, tun2 and so on) for each tun
you plan to use to create the device(s) at boot.
* Solaris:
You need a TUN/TAP kernel driver for OpenVPN to work:
https://web.archive.org/web/20250504214754/http://www.whiteboard.ne.jp/~admin2/tuntap/
* Haiku:
Haiku can't yet dynamically create TUN/TAP devices, so you need to manually
create one before running openvpn:
# ifconfig tun/0 up
A standard reference the dev as "tun" in your config is all that's needed
to use the tunnel device.
* Windows
OpenVPN on Windows needs a TUN/TAP kernel driver to work. OpenVPN installers
include this driver, so installing it separately is not usually required.
Starting from Windows 10 2004 / Windows Server 2022, OpenVPN can use the
dco-win driver for kernel-level acceleration for OpenVPN client setups.
This driver is also included in the community-provided OpenVPN installers.
*************************************************************************
CAVEATS & BUGS:
* See the bug tracker on https://github.com/OpenVPN/openvpn/issues
and the wiki on https://community.openvpn.net/wiki for more detailed
caveats on operating systems, and for open and resolved bug reports.
* Note: We only recently switched to GitHub for reporting new issues,
old issues can be found at https://community.openvpn.net/openvpn/report
================================================
FILE: Makefile.am
================================================
#
# OpenVPN -- An application to securely tunnel IP networks
# over a single UDP port, with support for SSL/TLS-based
# session authentication and key exchange,
# packet encryption, packet authentication, and
# packet compression.
#
# Copyright (C) 2002-2026 OpenVPN Inc <sales@openvpn.net>
# Copyright (C) 2010-2026 David Sommerseth <dazo@eurephia.org>
# Copyright (C) 2006-2012 Alon Bar-Lev <alon.barlev@gmail.com>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, see <https://www.gnu.org/licenses/>.
#
ACLOCAL_AMFLAGS = -I m4
MAINTAINERCLEANFILES = \
config.log config.status \
$(srcdir)/Makefile.in \
$(srcdir)/config.h.in $(srcdir)/config.h.in~ $(srcdir)/configure \
$(srcdir)/install-sh $(srcdir)/ltmain.sh $(srcdir)/missing \
$(srcdir)/m4/libtool.m4 $(srcdir)/m4/lt~obsolete.m4 \
$(srcdir)/m4/ltoptions.m4 $(srcdir)/m4/ltsugar.m4 \
$(srcdir)/m4/ltversion.m4 \
$(srcdir)/depcomp $(srcdir)/aclocal.m4 \
$(srcdir)/config.guess $(srcdir)/config.sub
CLEANFILES = \
config-version.h tests/t_client.sh
EXTRA_DIST = \
contrib \
debug \
ltrc.inc \
CMakeLists.txt \
CMakePresets.json \
config.h.cmake.in \
forked-test-driver
.PHONY: config-version.h doxygen
if GIT_CHECKOUT
BUILT_SOURCES = \
config-version.h
endif
SUBDIRS = distro include src sample doc tests
dist_doc_DATA = \
README \
README.mbedtls \
Changes.rst \
COPYRIGHT.GPL \
COPYING
dist_noinst_DATA = \
.gitignore \
.gitattributes \
CONTRIBUTING.rst \
PORTS \
README.cmake.md \
README.dco.md \
README.ec \
README.wolfssl
config-version.h:
@CONFIGURE_GIT_CHFILES="`$(GIT) -C \"$(top_srcdir)\" diff-files --name-status -r --ignore-submodules --quiet -- || echo \"+\"`"; \
CONFIGURE_GIT_UNCOMMITTED="`$(GIT) -C \"$(top_srcdir)\" diff-index --cached --quiet --ignore-submodules HEAD || echo \"*\"`"; \
CONFIGURE_GIT_REVISION="`$(GIT) -C \"$(top_srcdir)\" rev-parse --symbolic-full-name HEAD | cut -d/ -f3-`/`$(GIT) -C \"$(top_srcdir)\" rev-parse --short=16 HEAD`"; \
echo "#define CONFIGURE_GIT_REVISION \"$${CONFIGURE_GIT_REVISION}\"" > config-version.h.tmp; \
echo "#define CONFIGURE_GIT_FLAGS \"$${CONFIGURE_GIT_CHFILES}$${CONFIGURE_GIT_UNCOMMITTED}\"" >> config-version.h.tmp
@if ! [ -f config-version.h ] || ! cmp -s config-version.h.tmp config-version.h; then \
echo "replacing config-version.h"; \
mv config-version.h.tmp config-version.h; \
else \
rm -f config-version.h.tmp; \
fi
doxygen:
$(MAKE) -C doc/doxygen doxygen
================================================
FILE: NEWS
================================================
================================================
FILE: PORTS
================================================
OpenVPN
Copyright (C) 2002-2026 OpenVPN Inc <sales@openvpn.net>
OpenVPN has been written to try to avoid features
that are not standardized well across different
OSes, so porting OpenVPN itself will probably be
straightforward if a tun or tap driver already exists.
Where special OS features are used, they are usually
bracketed with #ifdef HAVE_SOME_FUNCTION.
PLATFORM STATUS:
Tier 1 platforms - actively tested for every source commit, across
multiple operating system versions
* Windows 7 and newer
* Windows Server 2012 and newer
* Linux
* FreeBSD
* macOS
Tier 2 platforms - it worked at some point, but is not actively tested
on "latest OS, latest OS libraries" so might break if larger changes
are done on the platform side
* OpenBSD
* NetBSD
* DragonFly BSD
* Solaris
* AIX
For underlying CPU architecture, everything 32 bit or 64 bit (Intel, AMD,
ARM, PowerPC, SPARC*) should work fine. 16 bit Architectures are unlikely
to work.
PORTING GUIDELINE TO A NEW PLATFORM:
* Make sure that OpenSSL will build on your
platform.
* Make sure that a tun or tap virtual device
driver exists for your platform. See
https://vtun.sourceforge.net/tun/ for examples
of tun and tap drivers that have been written
for Linux, Solaris, and FreeBSD.
* Make sure you have autoconf 2.50+ and
automake 1.6+.
* Edit configure.ac, adding platform specific
config code, and a TARGET_YOUROS define.
* Add platform-specific includes to syshead.h.
* Add an #ifdef TARGET_YOUROS to the do_ifconfig()
function in tun.c to generate a correct "ifconfig"
command for your platform. Note that OpenVPN
determines the ifconfig path at ./configure time.
* Possibly add an ifconfig_order() variant for your OS so
openvpn knows whether to call ifconfig before
or after tun/tap dev open.
* Add an #ifdef TARGET_YOUROS block in tun.c and define
the open_tun, close_tun, read_tun, and write_tun
functions. If your tun/tap virtual device is
sufficiently generic, you may be able to use the
default case.
* Add appropriate code to route.c to handle
the route command on your platform. This
is necessary for the --route option to
work correctly.
* After you successfully build OpenVPN, run
the loopback tests as described in INSTALL.
* For the next test, confirm that the UDP socket
functionality is working independently of the
tun device, by doing something like:
./openvpn --remote localhost --verb 9 --ping 1 --dev null
* Now try with --remote [a real host]
* Now try with a real tun/tap device, you will
need to figure out the appropriate ifconfig
command to use once openvpn has opened the tun/tap
device.
* Once you have simple tests working on the tun device,
try more complex tests such as using TLS mode.
* Stress test the link by doing ping -f across it.
* Make sure that packet fragmenting is happening
correctly by doing a ping -s 2000 or higher.
* Ensure that OpenVPN on your platform will talk
to OpenVPN on other platforms such as Linux.
Some tun/tap driver implementations will prepend
unnecessary stuff onto the datagram that must be
disabled with an explicit ioctl call if cross-platform
compatibility is to be preserved. You can see some
examples of this in tun.c.
* Try the ultimate stress test which is --gremlin --reneg-sec 10
in TLS mode then do a flood ping across the tunnel
(ping -f remote-endpoint) in both directions and let
it run overnight. --gremlin will induce massive
corruption and packet loss, but you win if you
wake up the next morning and both peers are still
running and occasionally even succeeding in their
attempted once-per-10-seconds TLS handshake.
* When it's working, submit your patch to
<openvpn-devel@lists.sourceforge.net>
and rejoice :)
================================================
FILE: README
================================================
OpenVPN -- A Secure tunneling daemon
Copyright (C) 2002-2022 OpenVPN Inc. This program is free software;
you can redistribute it and/or modify
it under the terms of the GNU General Public License version 2
as published by the Free Software Foundation.
*************************************************************************
To get the latest release of OpenVPN, go to:
https://openvpn.net/community-downloads/
To Build and Install,
tar -zxf openvpn-<version>.tar.gz
cd openvpn-<version>
./configure
make
make install
or see the file INSTALL for more info.
For information on how to build OpenVPN on/for Windows with MinGW
or MSVC see README.cmake.md.
*************************************************************************
For detailed information on OpenVPN, including examples, see the man page
http://openvpn.net/man.html
For a sample VPN configuration, see
http://openvpn.net/howto.html
To report an issue, see
https://github.com/OpenVPN/openvpn/issues/new
For a description of OpenVPN's underlying protocol,
see the file ssl.h included in the source distribution.
*************************************************************************
Other Files & Directories:
* configure.ac -- script to rebuild our configure
script and makefile.
* sample/sample-scripts/verify-cn
A sample perl script which can be used with OpenVPN's
--tls-verify option to provide a customized authentication
test on embedded X509 certificate fields.
* sample/sample-keys/
Sample RSA keys and certificates. DON'T USE THESE FILES
FOR ANYTHING OTHER THAN TESTING BECAUSE THEY ARE TOTALLY INSECURE.
* sample/sample-config-files/
A collection of OpenVPN config files and scripts from
the HOWTO at http://openvpn.net/howto.html
*************************************************************************
Note that easy-rsa and tap-windows are now maintained in their own subprojects.
Their source code is available here:
https://github.com/OpenVPN/easy-rsa
https://github.com/OpenVPN/tap-windows6
Community-provided Windows installers (MSI) and Debian packages are built from
https://github.com/OpenVPN/openvpn-build
See the INSTALL file for usage information.
================================================
FILE: README.awslc
================================================
This version of OpenVPN supports AWS-LC (AWS Libcrypto), AWS's open-source cryptographic library.
If you encounter bugs in OpenVPN while using AWS-LC:
1. Try compiling OpenVPN with OpenSSL to determine if the issue is specific to AWS-LC
2. For AWS-LC-specific issues, please report them at: https://github.com/aws/aws-lc
To build and install OpenVPN with AWS-LC:
OPENSSL_CFLAGS="-I/${AWS_LC_INSTALL_FOLDER}/include" \
OPENSSL_LIBS="-L/${AWS_LC_INSTALL_FOLDER}/lib -lssl -lcrypto" \
LDFLAGS="-Wl,-rpath=${AWS_LC_INSTALL_FOLDER}/lib" \
./configure --with-crypto-library=openssl
make
make install
*************************************************************************
Due to limitations in AWS-LC, the following features are missing
* Windows CryptoAPI support
================================================
FILE: README.cmake.md
================================================
OpenVPN Builds with CMake
=========================
For Windows builds we do not use the autotools-based buildsystem that we use
for our Unix-like (Linux, BSDs, macOS, etc.) builds. Instead we added a
separate (CMake)[https://cmake.org/]-based buildsystem.
This buildsystem supports building for Windows both with MSVC (i.e. Visual
Studio) and MinGW. MinGW builds are also supported as cross-compile
from Linux.
The official builds, which are also available as CMake presets (see
`cmake --list-presets` and `CMakePresets.json`) all use
(VCPKG)[https://github.com/microsoft/vcpkg/#vcpkg-overview] for dependency
management. This allows us to do proper supply-chain management and
also makes cross-building with MinGW on Linux much simpler. However,
builds are also possible by providing the build dependencies manually,
but that might require specifying more information to CMake.
You need at least CMake version 3.21 or newer for the `CMakePreset.json`
file to be supported. Manual builds might be possible with older CMake
versions, see `cmake_minimum_required` in `CMakeLists.txt`.
If you're looking to build the full Windows installer MSI, take a look
at https://github.com/OpenVPN/openvpn-build.git .
MSVC builds
-----------
The following tools are expected to be present on the system, you
can install them with a package manager of your choice (e.g.
chocolatey, winget) or manually:
* CMake (>= 3.21)
* Git
* Python (3.x), plus the Python module `docutils`
* Visual Studion 17 (2022), C/C++ Enviroment
For example, to prepare the required tools with chocolatey, you
can use the following commands (Powershell):
# Installing Chocolatey
Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))
& choco.exe install -y git --params "/GitAndUnixToolsOnPath"
& choco.exe install -y python
& python.exe -m ensurepip
& python.exe -m pip install --upgrade pip
& python.exe -m pip install docutils
& choco.exe install -y cmake --installargs 'ADD_CMAKE_TO_PATH=System'
& choco.exe install -y "visualstudio2022buildtools"
& choco.exe install -y "visualstudio2022-workload-vctools" --params "--add Microsoft.VisualStudio.Component.UWP.VC.ARM64 --add Microsoft.VisualStudio.Component.VC.Tools.ARM64 --add Microsoft.VisualStudio.Component.VC.ATL.Spectre --add Microsoft.VisualStudio.Component.VC.ATLMFC.Spectre --add Microsoft.VisualStudio.Component.VC.ATL.ARM64.Spectre --add Microsoft.VisualStudio.Component.VC.MFC.ARM64.Spectre --add Microsoft.VisualStudio.Component.VC.Runtimes.ARM64.Spectre --add Microsoft.VisualStudio.Component.VC.Runtimes.x86.x64.Spectre --quiet"
& choco.exe install -y windows-sdk-10-version-2004-windbg
One or more restarts of Powershell might be required to pick up new additions
to `PATH` between steps. A Windows restart is probably required after
installing Visual Studio before being able to use it.
You can find the exact commands we use to set up the community build machines
at https://github.com/OpenVPN/openvpn-buildbot/blob/master/jenkins/windows-server/msibuild.pkr.hcl
To do a default build, assuming you are in a MSVC 17 2022 environment:
mkdir C:\OpenVPN
cd C:\OpenVPN
git clone https://github.com/microsoft/vcpkg.git
git clone https://github.com/OpenVPN/openvpn.git
set VCPKG_ROOT=C:\OpenVPN\vcpkg
cd openvpn
cmake --preset win-amd64-release
cmake --build --preset win-amd64-release
ctest --preset win-amd64-release
When using the presets, the build directory is
`out/build/<preset-name>/`, you can find the output files there.
No install support is provided directly in OpenVPN build, take a look
at https://github.com/OpenVPN/openvpn-build.git instead.
MinGW builds (cross-compile on Linux)
-------------------------------------
To build the Windows executables on a Linux system:
# install mingw with the package manager of your choice, e.g.
sudo apt-get install -y mingw-w64
# in addition to mingw we also need a toolchain for host builds, e.g.
sudo apt-get install -y build-essential
# minimum required tools for vcpkg bootstrap: curl, zip, unzip, tar, e.g.
sudo apt-get install -y curl zip unzip tar
# additionally vcpkg requires powershell when building Windows binaries.
# See https://learn.microsoft.com/en-us/powershell/scripting/install/installing-powershell-on-linux
# e.g.
sudo apt-get install -y wget apt-transport-https software-properties-common
wget -q "https://packages.microsoft.com/config/ubuntu/$(lsb_release -rs)/packages-microsoft-prod.deb"
sudo dpkg -i packages-microsoft-prod.deb
sudo apt-get update
sudo apt-get install -y powershell
# minimum required tools for build: cmake, docutils, git, ninja,
# pkg-config, python e.g.
sudo apt-get install -y cmake git ninja-build pkg-config python3 python3-docutils
# additionally required to build pkcs11-helper: automake, autoconf,
# man2html, e.g.
sudo apt-get install -y automake autoconf man2html-base
mkdir mingw
cd mingw
git clone https://github.com/microsoft/vcpkg.git
git clone https://github.com/OpenVPN/openvpn.git
export VCPKG_ROOT=$PWD/vcpkg
cd openvpn
# requires CMake 3.21 or newer
cmake --preset mingw-x64
cmake --build --preset mingw-x64
# unit tests are built, but no testPreset is provided. You need to copy
# them to a Windows system manually
The instructions have been verified on a Ubuntu 22.04 LTS system in a
bash shell, and might need adaptions to other Linux distributions/versions.
Note that the MinGW preset builds use the `Ninja multi-config` generator, so
if you want to build the Debug binaries, use
cmake --build --preset mingw-x64 --config Debug
The default build is equivalent to specifying `--config Release`.
When using the presets, the build directory is
`out/build/mingw/<arch>`, you can find the actual output files in
sub-directories called `<buildtype>`.
No install support is provided directly in OpenVPN build, take a look
at https://github.com/OpenVPN/openvpn-build.git instead.
Unsupported builds
------------------
The CMake buildsystem also supports builds on Unix-like platforms. These builds
are sometimes useful for OpenVPN developers (e.g. when they use IDEs with
integrated CMake support). However, they are not officially supported, do not
include any install support and should not be used to distribute/package
OpenVPN. To emphasize this fact, you need to specify `-DUNSUPPORTED_BUILDS=ON`
to cmake to be able to use these builds.
The `unix-native` CMake preset is available for these builds. This preset does
not require VCPKG and instead assumes all build-dependencies are provided by
the system natively.
Generating compile_commands.json
--------------------------------
To have the CMake buildsystem generate compile_commands.json you can specify
`-DENABLE_COMPILE_COMMANDS=ON` on the command line or enable the CMake option
another way you like. For supported generators the file will then be created.
Additionally, the buildsystem will create a symlink `build/` to the --preset
build directory that contains the generated JSON file. This is done so that
clangd is able to find it.
Enabling this option may cause an error on Windows, since creating a symlink
is a privileged operation there. If you enable Developer Mode for the system,
symlinks can be created by regular users.
================================================
FILE: README.dco.md
================================================
OpenVPN data channel offload
============================
2.6.0+ implements support for data-channel offloading where the data packets
are directly processed and forwarded in kernel space thanks to the ovpn-dco
kernel module. The userspace openvpn program acts purely as a control plane
application.
Overview of current release
---------------------------
- See the "Limitations by design" and "Current limitations" sections for
features that are not and/or will not be supported by OpenVPN + ovpn-dco.
Getting started (Linux)
-----------------------
The new DCO linux kernel module (namely `ovpn`) has been merged upstream
as of linux-6.16. From this kernel version onwards you directly get
the DCO module as shipped by your kernel.
NOTE: the new `ovpn` Linux kernel module is compatible only with OpenVPN
2.7 and greater.
Alternatively, if you run an older kernel or if you want to use a more
recent DCO module than the one shipped by your kernel, you need to use
the ovpn-backports project.
To learn how to use the ovpn-backports project and build your own DCO
kernel module, please refer to the README file available at:
https://github.com/OpenVPN/ovpn-backports/blob/main/README.md
Then clone and build OpenVPN (or use OpenVPN 2.7+). For example:
git clone https://github.com/openvpn/openvpn.git
cd openvpn
autoreconf -vi
./configure --enable-dco
make
sudo make install # Or just run src/openvpn/openvpn
When starting openvpn it will automatically detect DCO support and use the
kernel module. Add the option `--disable-dco` to disable data channel offload
support. If the configuration contains an option that is incompatible with
data channel offloading, OpenVPN will automatically disable DCO support and
warn the user.
Should OpenVPN be configured to use a feature that is not supported by ovpn
or should the ovpn kernel module not be available on the system, you will
see a message like
Note: Kernel support for ovpn-dco missing, disabling data channel offload.
in your log.
Getting started (Windows)
-------------------------
Official releases published at https://openvpn.net/community-downloads/
include ovpn-dco-win driver since 2.6.0.
There are also snapshot releases available at
https://build.openvpn.net/downloads/snapshots/github-actions/openvpn2/ .
This installer contains the latest OpenVPN code and the ovpn-dco-win driver.
DCO and P2P mode
----------------
DCO is also available when running OpenVPN in P2P mode without `--pull` /
`--client` option. P2P mode is useful for scenarios when the OpenVPN tunnel
should not interfere with overall routing and behave more like a "dumb" tunnel,
like GRE.
However, DCO requires DATA_V2 to be enabled, which is available for P2P mode
only in OpenVPN 2.6 and later.
OpenVPN prints a diagnostic message for the P2P NCP result when running in P2P
mode:
P2P mode NCP negotiation result: TLS_export=1, DATA_v2=1, peer-id 9484735, cipher=AES-256-GCM
Double check that you have `DATA_v2=1` in your output and a supported AEAD
cipher (AES-XXX-GCM or CHACHA20POLY1305).
Routing with ovpn-dco
---------------------
The ovpn-dco kernel module implements a more transparent approach to
configuring routes to clients (aka "iroutes") and consults the main kernel
routing tables for forwarding decisions.
- Each client has a VPN IPv4 and/or a VPN IPv6 assigned to it;
- additional IP ranges can be routed to a client by adding a route with
a client VPN IP as the gateway/nexthop (i.e. ip route add a.b.c.d/24 via
$VPNIP);
- due to the point above, there is no real need to add a companion `--route` for
each `--iroute` directive, unless you want to blackhole traffic when the
specific client is not connected;
- no internal routing is available. If you need truly internal routes, this can
be achieved either with filtering using `iptables` or using `ip rule`;
- client-to-client behaviour, as implemented in userspace, does not exist:
packets always reach the tunnel interface and are then re-routed to the
destination peer based on the system routing table.
Limitations by design
----------------------
- Layer 3 (dev tun) only;
- only the following AEAD ciphers are currently supported: Chacha20-Poly1305
and AES-GCM-128/192/256;
- no support for compression or compression framing:
- see also the `--compress migrate` option to move to a se
gitextract_yqj5celu/ ├── .clang-format ├── .git-blame-ignore-revs ├── .gitattributes ├── .github/ │ ├── ISSUE_TEMPLATE/ │ │ └── bug_report.md │ ├── PULL_REQUEST_TEMPLATE.md │ └── workflows/ │ ├── build.yaml │ ├── coverity-scan.yml │ └── doxygen.yml ├── .gitignore ├── .mailmap ├── .pre-commit-config.yaml ├── .svncommitters ├── AUTHORS ├── CMakeLists.txt ├── CMakePresets.json ├── CONTRIBUTING.rst ├── COPYING ├── COPYRIGHT.GPL ├── ChangeLog ├── Changes.rst ├── INSTALL ├── Makefile.am ├── NEWS ├── PORTS ├── README ├── README.awslc ├── README.cmake.md ├── README.dco.md ├── README.ec ├── README.mbedtls ├── README.wolfssl ├── compat.m4 ├── config.h.cmake.in ├── configure.ac ├── contrib/ │ ├── OCSP_check/ │ │ └── OCSP_check.sh │ ├── README │ ├── cmake/ │ │ ├── git-version.py │ │ └── parse-version.m4.py │ ├── extract-crl/ │ │ └── extractcrl.py │ ├── multilevel-init.patch │ ├── openvpn-fwmarkroute-1.00/ │ │ ├── README │ │ ├── fwmarkroute.down │ │ └── fwmarkroute.up │ ├── vcpkg-manifests/ │ │ ├── mingw/ │ │ │ └── vcpkg.json │ │ └── windows/ │ │ └── vcpkg.json │ ├── vcpkg-ports/ │ │ └── pkcs11-helper/ │ │ ├── config-w32-vc.h.in-indicate-OpenSSL.patch │ │ ├── nmake-compatibility-with-vcpkg-nmake.patch │ │ ├── pkcs11-helper-001-RFC7512.patch │ │ ├── portfile.cmake │ │ └── vcpkg.json │ └── vcpkg-triplets/ │ ├── arm64-windows-ovpn.cmake │ ├── x64-mingw-ovpn.cmake │ ├── x64-windows-ovpn.cmake │ ├── x86-mingw-ovpn.cmake │ └── x86-windows-ovpn.cmake ├── debug/ │ ├── doval │ ├── dovalns │ └── valgrind-suppress ├── dev-tools/ │ ├── gen-release-tarballs.sh │ ├── gerrit-send-mail.py │ ├── git-pre-commit-format.sh │ └── update-copyright.sh ├── distro/ │ ├── Makefile.am │ ├── dns-scripts/ │ │ ├── Makefile.am │ │ ├── haikuos_file-dns-updown.sh │ │ ├── macos-dns-updown.sh │ │ ├── openresolv-dns-updown.sh │ │ ├── resolvconf_file-dns-updown.sh │ │ └── systemd-dns-updown.sh │ └── systemd/ │ ├── Makefile.am │ ├── README.systemd │ ├── openvpn-client@.service.in │ ├── openvpn-server@.service.in │ └── tmpfiles-openvpn.conf ├── doc/ │ ├── CMakeLists.txt │ ├── Makefile.am │ ├── README.man │ ├── README.plugins │ ├── android.txt │ ├── doxygen/ │ │ ├── Makefile.am │ │ ├── doc_compression.h │ │ ├── doc_control_processor.h │ │ ├── doc_control_tls.h │ │ ├── doc_data_control.h │ │ ├── doc_data_crypto.h │ │ ├── doc_eventloop.h │ │ ├── doc_external_multiplexer.h │ │ ├── doc_fragmentation.h │ │ ├── doc_internal_multiplexer.h │ │ ├── doc_key_generation.h │ │ ├── doc_mainpage.h │ │ ├── doc_memory_management.h │ │ ├── doc_protocol_overview.h │ │ ├── doc_reliable.h │ │ ├── doc_tunnel_state.h │ │ └── openvpn.doxyfile.in │ ├── gui-notes.txt │ ├── interactive-service-notes.rst │ ├── keying-material-exporter.txt │ ├── man-sections/ │ │ ├── advanced-options.rst │ │ ├── cipher-negotiation.rst │ │ ├── client-options.rst │ │ ├── connection-profiles.rst │ │ ├── encryption-options.rst │ │ ├── example-fingerprint.rst │ │ ├── examples.rst │ │ ├── generic-options.rst │ │ ├── inline-files.rst │ │ ├── link-options.rst │ │ ├── log-options.rst │ │ ├── management-options.rst │ │ ├── network-config.rst │ │ ├── pkcs11-options.rst │ │ ├── plugin-options.rst │ │ ├── protocol-options.rst │ │ ├── proxy-options.rst │ │ ├── renegotiation.rst │ │ ├── script-options.rst │ │ ├── server-options.rst │ │ ├── signals.rst │ │ ├── tls-options.rst │ │ ├── unsupported-options.rst │ │ ├── virtual-routing-and-forwarding.rst │ │ ├── vpn-network-options.rst │ │ └── windows-options.rst │ ├── management-notes.txt │ ├── openvpn-examples.5.rst │ ├── openvpn.8.rst │ ├── t_server_null.rst │ ├── tests/ │ │ └── authentication-plugins.md │ └── tls-crypt-v2.txt ├── forked-test-driver ├── include/ │ ├── Makefile.am │ ├── openvpn-msg.h │ └── openvpn-plugin.h.in ├── ltrc.inc ├── m4/ │ ├── .keep │ ├── ax_socklen_t.m4 │ └── pkg.m4 ├── renovate.json ├── sample/ │ ├── Makefile.am │ ├── sample-config-files/ │ │ ├── README │ │ ├── client.conf │ │ ├── firewall.sh │ │ ├── loopback-client │ │ ├── loopback-server │ │ ├── openvpn-shutdown.sh │ │ ├── openvpn-startup.sh │ │ └── server.conf │ ├── sample-keys/ │ │ ├── README │ │ ├── ca.crt │ │ ├── ca.key │ │ ├── client-ec.crt │ │ ├── client-ec.key │ │ ├── client-pass.key │ │ ├── client.crt │ │ ├── client.key │ │ ├── client.p12 │ │ ├── ffdhe2048.pem │ │ ├── gen-sample-keys.sh │ │ ├── openssl.cnf │ │ ├── server-ec.crt │ │ ├── server-ec.key │ │ ├── server.crt │ │ ├── server.key │ │ └── ta.key │ ├── sample-plugins/ │ │ ├── Makefile.am │ │ ├── Makefile.plugins │ │ ├── README │ │ ├── client-connect/ │ │ │ ├── README │ │ │ └── sample-client-connect.c │ │ ├── defer/ │ │ │ ├── multi-auth.c │ │ │ └── winbuild │ │ ├── keying-material-exporter-demo/ │ │ │ ├── README │ │ │ ├── client.ovpn │ │ │ ├── http-client.py │ │ │ ├── http-server.py │ │ │ ├── keyingmaterialexporter.c │ │ │ └── server.ovpn │ │ ├── log/ │ │ │ ├── log.c │ │ │ ├── log_v3.c │ │ │ └── winbuild │ │ └── simple/ │ │ ├── base64.c │ │ ├── simple.c │ │ ├── simple.def │ │ └── winbuild │ └── sample-scripts/ │ ├── auth-pam.pl │ ├── bridge-start │ ├── bridge-stop │ ├── totpauth.py │ ├── ucn.pl │ └── verify-cn ├── src/ │ ├── Makefile.am │ ├── compat/ │ │ ├── Makefile.am │ │ ├── compat-basename.c │ │ ├── compat-daemon.c │ │ ├── compat-dirname.c │ │ ├── compat-gettimeofday.c │ │ ├── compat-strsep.c │ │ └── compat.h │ ├── openvpn/ │ │ ├── Makefile.am │ │ ├── argv.c │ │ ├── argv.h │ │ ├── auth_token.c │ │ ├── auth_token.h │ │ ├── base64.c │ │ ├── base64.h │ │ ├── basic.h │ │ ├── buffer.c │ │ ├── buffer.h │ │ ├── circ_list.h │ │ ├── clinat.c │ │ ├── clinat.h │ │ ├── common.h │ │ ├── comp-lz4.c │ │ ├── comp-lz4.h │ │ ├── comp.c │ │ ├── comp.h │ │ ├── compstub.c │ │ ├── console.c │ │ ├── console.h │ │ ├── console_builtin.c │ │ ├── console_systemd.c │ │ ├── crypto.c │ │ ├── crypto.h │ │ ├── crypto_backend.h │ │ ├── crypto_epoch.c │ │ ├── crypto_epoch.h │ │ ├── crypto_mbedtls.c │ │ ├── crypto_mbedtls.h │ │ ├── crypto_mbedtls_legacy.c │ │ ├── crypto_mbedtls_legacy.h │ │ ├── crypto_openssl.c │ │ ├── crypto_openssl.h │ │ ├── cryptoapi.c │ │ ├── cryptoapi.h │ │ ├── dco.c │ │ ├── dco.h │ │ ├── dco_freebsd.c │ │ ├── dco_freebsd.h │ │ ├── dco_internal.h │ │ ├── dco_linux.c │ │ ├── dco_linux.h │ │ ├── dco_win.c │ │ ├── dco_win.h │ │ ├── dhcp.c │ │ ├── dhcp.h │ │ ├── dns.c │ │ ├── dns.h │ │ ├── domain_helper.h │ │ ├── env_set.c │ │ ├── env_set.h │ │ ├── errlevel.h │ │ ├── error.c │ │ ├── error.h │ │ ├── event.c │ │ ├── event.h │ │ ├── fdmisc.c │ │ ├── fdmisc.h │ │ ├── forward.c │ │ ├── forward.h │ │ ├── fragment.c │ │ ├── fragment.h │ │ ├── gremlin.c │ │ ├── gremlin.h │ │ ├── helper.c │ │ ├── helper.h │ │ ├── httpdigest.c │ │ ├── httpdigest.h │ │ ├── init.c │ │ ├── init.h │ │ ├── integer.h │ │ ├── interval.c │ │ ├── interval.h │ │ ├── list.c │ │ ├── list.h │ │ ├── lladdr.c │ │ ├── lladdr.h │ │ ├── lzo.c │ │ ├── lzo.h │ │ ├── manage.c │ │ ├── manage.h │ │ ├── mbedtls_compat.h │ │ ├── mbuf.c │ │ ├── mbuf.h │ │ ├── memdbg.h │ │ ├── misc.c │ │ ├── misc.h │ │ ├── mroute.c │ │ ├── mroute.h │ │ ├── mss.c │ │ ├── mss.h │ │ ├── mtcp.c │ │ ├── mtcp.h │ │ ├── mtu.c │ │ ├── mtu.h │ │ ├── mudp.c │ │ ├── mudp.h │ │ ├── multi.c │ │ ├── multi.h │ │ ├── multi_io.c │ │ ├── multi_io.h │ │ ├── networking.h │ │ ├── networking_freebsd.c │ │ ├── networking_iproute2.c │ │ ├── networking_iproute2.h │ │ ├── networking_sitnl.c │ │ ├── networking_sitnl.h │ │ ├── occ.c │ │ ├── occ.h │ │ ├── openssl_compat.h │ │ ├── openvpn.c │ │ ├── openvpn.h │ │ ├── openvpn.manifest │ │ ├── openvpn_win32_resources.rc │ │ ├── options.c │ │ ├── options.h │ │ ├── options_parse.c │ │ ├── options_util.c │ │ ├── options_util.h │ │ ├── otime.c │ │ ├── otime.h │ │ ├── ovpn_dco_freebsd.h │ │ ├── ovpn_dco_linux.h │ │ ├── ovpn_dco_win.h │ │ ├── packet_id.c │ │ ├── packet_id.h │ │ ├── ping.c │ │ ├── ping.h │ │ ├── pkcs11.c │ │ ├── pkcs11.h │ │ ├── pkcs11_backend.h │ │ ├── pkcs11_mbedtls.c │ │ ├── pkcs11_openssl.c │ │ ├── platform.c │ │ ├── platform.h │ │ ├── plugin.c │ │ ├── plugin.h │ │ ├── pool.c │ │ ├── pool.h │ │ ├── proto.c │ │ ├── proto.h │ │ ├── proxy.c │ │ ├── proxy.h │ │ ├── ps.c │ │ ├── ps.h │ │ ├── push.c │ │ ├── push.h │ │ ├── push_util.c │ │ ├── pushlist.h │ │ ├── reflect_filter.c │ │ ├── reflect_filter.h │ │ ├── reliable.c │ │ ├── reliable.h │ │ ├── ring_buffer.h │ │ ├── route.c │ │ ├── route.h │ │ ├── run_command.c │ │ ├── run_command.h │ │ ├── schedule.c │ │ ├── schedule.h │ │ ├── session_id.c │ │ ├── session_id.h │ │ ├── shaper.c │ │ ├── shaper.h │ │ ├── sig.c │ │ ├── sig.h │ │ ├── siphash.h │ │ ├── siphash_reference.c │ │ ├── socket.c │ │ ├── socket.h │ │ ├── socket_util.c │ │ ├── socket_util.h │ │ ├── socks.c │ │ ├── socks.h │ │ ├── ssl.c │ │ ├── ssl.h │ │ ├── ssl_backend.h │ │ ├── ssl_common.h │ │ ├── ssl_mbedtls.c │ │ ├── ssl_mbedtls.h │ │ ├── ssl_ncp.c │ │ ├── ssl_ncp.h │ │ ├── ssl_openssl.c │ │ ├── ssl_openssl.h │ │ ├── ssl_pkt.c │ │ ├── ssl_pkt.h │ │ ├── ssl_util.c │ │ ├── ssl_util.h │ │ ├── ssl_verify.c │ │ ├── ssl_verify.h │ │ ├── ssl_verify_backend.h │ │ ├── ssl_verify_mbedtls.c │ │ ├── ssl_verify_mbedtls.h │ │ ├── ssl_verify_openssl.c │ │ ├── ssl_verify_openssl.h │ │ ├── status.c │ │ ├── status.h │ │ ├── syshead.h │ │ ├── tls_crypt.c │ │ ├── tls_crypt.h │ │ ├── tun.c │ │ ├── tun.h │ │ ├── tun_afunix.c │ │ ├── tun_afunix.h │ │ ├── vlan.c │ │ ├── vlan.h │ │ ├── wfp_block.c │ │ ├── wfp_block.h │ │ ├── win32-util.c │ │ ├── win32-util.h │ │ ├── win32.c │ │ ├── win32.h │ │ ├── xkey_common.h │ │ ├── xkey_helper.c │ │ └── xkey_provider.c │ ├── openvpnmsica/ │ │ ├── CMakeLists.txt │ │ ├── Makefile.am │ │ ├── dllmain.c │ │ ├── msica_arg.c │ │ ├── msica_arg.h │ │ ├── msiex.c │ │ ├── msiex.h │ │ ├── openvpnmsica.c │ │ ├── openvpnmsica.h │ │ └── openvpnmsica_resources.rc │ ├── openvpnserv/ │ │ ├── CMakeLists.txt │ │ ├── Makefile.am │ │ ├── common.c │ │ ├── eventmsg.mc │ │ ├── interactive.c │ │ ├── openvpnserv_resources.rc │ │ ├── service.c │ │ ├── service.h │ │ ├── validate.c │ │ └── validate.h │ ├── plugins/ │ │ ├── Makefile.am │ │ ├── auth-pam/ │ │ │ ├── Makefile.am │ │ │ ├── README.auth-pam │ │ │ ├── auth-pam.c │ │ │ ├── auth-pam.exports │ │ │ ├── pamdl.c │ │ │ ├── pamdl.h │ │ │ ├── utils.c │ │ │ └── utils.h │ │ └── down-root/ │ │ ├── Makefile.am │ │ ├── README.down-root │ │ ├── down-root.c │ │ └── down-root.exports │ └── tapctl/ │ ├── CMakeLists.txt │ ├── Makefile.am │ ├── basic.h │ ├── error.c │ ├── error.h │ ├── main.c │ ├── tap.c │ ├── tap.h │ └── tapctl_resources.rc ├── tests/ │ ├── Makefile.am │ ├── lwip_client_up.sh │ ├── ntlm_support.c │ ├── null_client_up.sh │ ├── t_client.rc-sample │ ├── t_client.sh.in │ ├── t_cltsrv-down.sh │ ├── t_cltsrv.sh │ ├── t_lpback.sh │ ├── t_net.sh │ ├── t_server_null.rc-sample │ ├── t_server_null.sh │ ├── t_server_null_client.sh │ ├── t_server_null_default.rc │ ├── t_server_null_server.sh │ ├── t_server_null_stress.sh │ ├── unit_tests/ │ │ ├── Makefile.am │ │ ├── README.md │ │ ├── example_test/ │ │ │ ├── Makefile.am │ │ │ ├── README.md │ │ │ ├── test.c │ │ │ └── test2.c │ │ ├── openvpn/ │ │ │ ├── Makefile.am │ │ │ ├── cert_data.h │ │ │ ├── input/ │ │ │ │ ├── appears_empty.txt │ │ │ │ ├── empty.txt │ │ │ │ ├── leak_suppr.txt │ │ │ │ ├── user_only.txt │ │ │ │ └── user_pass.txt │ │ │ ├── mock_get_random.c │ │ │ ├── mock_management.c │ │ │ ├── mock_msg.c │ │ │ ├── mock_msg.h │ │ │ ├── mock_ssl_dependencies.c │ │ │ ├── mock_win32_execve.c │ │ │ ├── pkey_test_utils.c │ │ │ ├── test_argv.c │ │ │ ├── test_auth_token.c │ │ │ ├── test_buffer.c │ │ │ ├── test_common.h │ │ │ ├── test_crypto.c │ │ │ ├── test_cryptoapi.c │ │ │ ├── test_dhcp.c │ │ │ ├── test_mbuf.c │ │ │ ├── test_misc.c │ │ │ ├── test_ncp.c │ │ │ ├── test_networking.c │ │ │ ├── test_options_parse.c │ │ │ ├── test_packet_id.c │ │ │ ├── test_pkcs11.c │ │ │ ├── test_pkt.c │ │ │ ├── test_provider.c │ │ │ ├── test_push_update_msg.c │ │ │ ├── test_socket.c │ │ │ ├── test_ssl.c │ │ │ ├── test_tls_crypt.c │ │ │ └── test_user_pass.c │ │ ├── openvpnserv/ │ │ │ ├── Makefile.am │ │ │ └── test_openvpnserv.c │ │ └── plugins/ │ │ ├── Makefile.am │ │ └── auth-pam/ │ │ ├── Makefile.am │ │ └── test_search_and_replace.c │ └── update_t_client_ips.sh └── version.m4
Showing preview only (321K chars total). Download the full file or copy to clipboard to get everything.
SYMBOL INDEX (6005 symbols across 274 files)
FILE: contrib/cmake/git-version.py
function run_command (line 36) | def run_command(args):
function get_branch_commit_id (line 41) | def get_branch_commit_id():
function main (line 55) | def main():
FILE: contrib/cmake/parse-version.m4.py
function main (line 34) | def main():
FILE: contrib/extract-crl/extractcrl.py
function measure_time (line 34) | def measure_time(method):
function load_crl (line 42) | def load_crl(filename, format):
function scan_dir (line 74) | def scan_dir(dirname):
function create_new_files (line 79) | def create_new_files(dirname, newset, oldset):
function remove_old_files (line 89) | def remove_old_files(dirname, newset, oldset):
function check_crlfile (line 98) | def check_crlfile(arg):
function check_outdir (line 103) | def check_outdir(arg):
function main (line 108) | def main():
FILE: dev-tools/gerrit-send-mail.py
function get_details (line 32) | def get_details(args):
function get_patch (line 79) | def get_patch(details, args):
function apply_patch_mods (line 88) | def apply_patch_mods(patch_text, details, args):
function main (line 132) | def main():
FILE: include/openvpn-msg.h
type message_type_t (line 29) | typedef enum
type message_header_t (line 54) | typedef struct
type inet_address_t (line 61) | typedef union
type interface_t (line 67) | typedef struct
type wfp_block_flags_t (line 74) | typedef enum
type address_message_t (line 80) | typedef struct
type route_message_t (line 89) | typedef struct
type dns_cfg_message_t (line 100) | typedef struct
type nrpt_flags_t (line 111) | typedef enum
type nrpt_dns_cfg_message_t (line 119) | typedef struct
type wins_cfg_message_t (line 129) | typedef struct
type nbt_cfg_message_t (line 137) | typedef struct
type flush_neighbors_message_t (line 150) | typedef struct
type ack_message_t (line 157) | typedef struct
type wfp_block_message_t (line 163) | typedef struct
type enable_dhcp_message_t (line 170) | typedef struct
type set_mtu_message_t (line 176) | typedef struct
type adapter_type_t (line 184) | typedef enum
type create_adapter_message_t (line 190) | typedef struct
FILE: sample/sample-plugins/client-connect/sample-client-connect.c
type plugin_context (line 61) | struct plugin_context
type plugin_per_client_context (line 72) | struct plugin_per_client_context
function atoi_null0 (line 107) | static int
function OPENVPN_EXPORT (line 121) | OPENVPN_EXPORT int
function write_cc_options_file (line 204) | int
function cc_handle_deferred_v1 (line 240) | int
function openvpn_plugin_client_connect (line 346) | int
function openvpn_plugin_client_connect_v2 (line 391) | int
function openvpn_plugin_client_connect_defer_v2 (line 466) | int
function OPENVPN_EXPORT (line 521) | OPENVPN_EXPORT int
function OPENVPN_EXPORT (line 585) | OPENVPN_EXPORT void *
function OPENVPN_EXPORT (line 592) | OPENVPN_EXPORT void
function OPENVPN_EXPORT (line 599) | OPENVPN_EXPORT void
FILE: sample/sample-plugins/defer/multi-auth.c
type plugin_context (line 65) | struct plugin_context
function plog (line 75) | static void
type plugin_per_client_context (line 111) | struct plugin_per_client_context
function atoi_null0 (line 158) | static int
function OPENVPN_EXPORT (line 172) | OPENVPN_EXPORT int
function OPENVPN_EXPORT (line 179) | OPENVPN_EXPORT int
function do_auth_user_pass (line 257) | static bool
function auth_user_pass_verify (line 281) | static int
function OPENVPN_EXPORT (line 372) | OPENVPN_EXPORT int
function OPENVPN_EXPORT (line 399) | OPENVPN_EXPORT void *
function OPENVPN_EXPORT (line 407) | OPENVPN_EXPORT void
function OPENVPN_EXPORT (line 415) | OPENVPN_EXPORT void
FILE: sample/sample-plugins/keying-material-exporter-demo/http-server.py
class ExampleHTTPRequestHandler (line 5) | class ExampleHTTPRequestHandler(BaseHTTPRequestHandler):
method do_GET (line 7) | def do_GET(self):
function run (line 31) | def run():
FILE: sample/sample-plugins/keying-material-exporter-demo/keyingmaterialexporter.c
type endpoint (line 44) | enum endpoint
type plugin (line 50) | struct plugin
type session (line 57) | struct session
function OPENVPN_EXPORT (line 90) | OPENVPN_EXPORT int
function session_user_set (line 116) | static void
function tls_verify (line 165) | static int
function file_store (line 188) | static void
function server_store (line 201) | static void
function client_store (line 213) | static void
function tls_final (line 224) | static int
function OPENVPN_EXPORT (line 255) | OPENVPN_EXPORT int
function OPENVPN_EXPORT (line 270) | OPENVPN_EXPORT void *
function OPENVPN_EXPORT (line 281) | OPENVPN_EXPORT void
function OPENVPN_EXPORT (line 293) | OPENVPN_EXPORT void
FILE: sample/sample-plugins/log/log.c
type plugin_context (line 39) | struct plugin_context
function OPENVPN_EXPORT (line 71) | OPENVPN_EXPORT openvpn_plugin_handle_t
function show (line 108) | void
function OPENVPN_EXPORT (line 172) | OPENVPN_EXPORT int
function OPENVPN_EXPORT (line 203) | OPENVPN_EXPORT void
FILE: sample/sample-plugins/log/log_v3.c
type plugin_context (line 42) | struct plugin_context
function OPENVPN_EXPORT (line 74) | OPENVPN_EXPORT int
function show (line 128) | void
function x509_print_info (line 192) | static void
function OPENVPN_EXPORT (line 244) | OPENVPN_EXPORT int
function OPENVPN_EXPORT (line 285) | OPENVPN_EXPORT void
FILE: sample/sample-plugins/simple/base64.c
function OPENVPN_EXPORT (line 100) | OPENVPN_EXPORT int
function OPENVPN_EXPORT (line 154) | OPENVPN_EXPORT int
function OPENVPN_EXPORT (line 198) | OPENVPN_EXPORT void
FILE: sample/sample-plugins/simple/simple.c
type plugin_context (line 41) | struct plugin_context
function OPENVPN_EXPORT (line 73) | OPENVPN_EXPORT openvpn_plugin_handle_t
function OPENVPN_EXPORT (line 103) | OPENVPN_EXPORT int
function OPENVPN_EXPORT (line 125) | OPENVPN_EXPORT void
FILE: sample/sample-scripts/totpauth.py
function main (line 54) | def main():
function write_auth_control (line 100) | def write_auth_control(status):
function write_auth_pending (line 105) | def write_auth_pending(timeout, method, extra):
FILE: src/compat/compat-daemon.c
function daemon (line 49) | int
FILE: src/compat/compat-gettimeofday.c
function gettimeofday_calibrate (line 46) | static void
function gettimeofday (line 60) | int
function gettimeofday (line 119) | int
FILE: src/compat/compat.h
type timeval (line 50) | struct timeval
FILE: src/openvpn/argv.c
function argv_extend (line 47) | static void
function argv_init (line 70) | static void
function argv_new (line 86) | struct argv
function argv_free (line 100) | void
function argv_reset (line 112) | static void
function argv_grow (line 139) | static void
function argv_append (line 156) | static void
function argv_clone (line 178) | static struct argv
function argv_insert_head (line 206) | struct argv
type argv (line 230) | struct argv
type gc_arena (line 230) | struct gc_arena
function argv_msg (line 241) | void
function argv_msg_prefix (line 258) | void
type gc_arena (line 287) | struct gc_arena
function argv_printf_arglist (line 346) | static bool
function argv_printf (line 437) | bool
function argv_printf_cat (line 461) | bool
function argv_parse_cmd (line 480) | void
FILE: src/openvpn/argv.h
type argv (line 34) | struct argv
type argv (line 42) | struct argv
type argv (line 44) | struct argv
type argv (line 46) | struct argv
type gc_arena (line 46) | struct gc_arena
type argv (line 48) | struct argv
type argv (line 48) | struct argv
type argv (line 50) | struct argv
type argv (line 52) | struct argv
type argv (line 54) | struct argv
type argv (line 56) | struct argv
type argv (line 66) | struct argv
FILE: src/openvpn/auth_token.c
function auth_token_kt (line 31) | static struct key_type
function add_session_token_env (line 37) | void
function auth_token_write_server_key_file (line 117) | void
function auth_token_init_secret (line 123) | void
function generate_auth_token (line 160) | void
function check_hmac_token (line 274) | static bool
function verify_auth_token (line 295) | unsigned int
function wipe_auth_token (line 403) | void
function check_send_auth_token (line 423) | void
function resend_auth_token_renegotiation (line 462) | void
FILE: src/openvpn/auth_token.h
type user_pass (line 61) | struct user_pass
type tls_multi (line 61) | struct tls_multi
type user_pass (line 68) | struct user_pass
type tls_multi (line 68) | struct tls_multi
type tls_session (line 69) | struct tls_session
type key_ctx (line 76) | struct key_ctx
type tls_session (line 92) | struct tls_session
type tls_multi (line 92) | struct tls_multi
type user_pass (line 93) | struct user_pass
type tls_multi (line 101) | struct tls_multi
function is_auth_token (line 120) | static inline bool
type tls_multi (line 131) | struct tls_multi
type tls_session (line 131) | struct tls_session
type context (line 138) | struct context
FILE: src/openvpn/base64.c
function openvpn_base64_encode (line 50) | int
function pos (line 103) | static int
function token_decode (line 118) | static unsigned int
function openvpn_base64_decode (line 159) | int
FILE: src/openvpn/buffer.c
function array_mult_safe (line 39) | size_t
function buf_size_error (line 53) | void
type buffer (line 59) | struct buffer
type buffer (line 66) | struct buffer
type buffer (line 85) | struct buffer
type gc_arena (line 89) | struct gc_arena
type buffer (line 92) | struct buffer
type buffer (line 112) | struct buffer
type buffer (line 114) | struct buffer
type buffer (line 116) | struct buffer
type buffer (line 119) | struct buffer
function buf_init_debug (line 135) | bool
function buf_debug_line (line 143) | static inline int
type buffer (line 150) | struct buffer
function buf_clear (line 162) | void
function buf_assign (line 173) | bool
function free_buf (line 183) | void
function free_buf_gc (line 190) | static void
function buf_sub (line 221) | struct buffer
function buf_printf (line 240) | bool
function buf_puts (line 267) | bool
function buf_catrunc (line 292) | void
function buffer_write_file (line 305) | bool
type gc_arena (line 341) | struct gc_arena
type gc_entry (line 347) | struct gc_entry
type gc_entry (line 349) | struct gc_entry
type gc_entry (line 349) | struct gc_entry
type gc_entry (line 351) | struct gc_entry
type gc_entry (line 351) | struct gc_entry
type gc_entry (line 354) | struct gc_entry
type gc_arena (line 375) | struct gc_arena
type gc_entry_special (line 385) | struct gc_entry_special
function x_gc_free (line 407) | void
function x_gc_freespecial (line 426) | void
function gc_addspecial (line 442) | void
function gc_transfer (line 464) | void
type gc_arena (line 489) | struct gc_arena
type buffer (line 497) | struct buffer
function buf_rmtail (line 521) | void
function buf_null_terminate (line 536) | void
function buf_chomp (line 557) | void
function string_null_terminate (line 600) | void
function chomp (line 617) | void
function rm_trailing_chars (line 626) | void
type gc_arena (line 653) | struct gc_arena
function string_clear (line 694) | void
function string_array_len (line 706) | int
type gc_arena (line 721) | struct gc_arena
type buffer (line 723) | struct buffer
type buffer (line 752) | struct buffer
type gc_arena (line 756) | struct gc_arena
type buffer (line 759) | struct buffer
function buf_string_match_head_str (line 781) | bool
function buf_string_compare_advance (line 792) | bool
function buf_substring_len (line 806) | int
function buf_parse (line 828) | bool
function char_class (line 892) | bool
function char_inc_exc (line 1032) | static inline bool
function string_class (line 1039) | bool
function string_mod (line 1058) | bool
function string_check_buf (line 1091) | bool
type gc_arena (line 1110) | struct gc_arena
function string_replace_leading (line 1124) | void
function checked_snprintf (line 1142) | bool
function valign4 (line 1154) | void
type buffer_list (line 1177) | struct buffer_list
type buffer_list (line 1180) | struct buffer_list
function buffer_list_free (line 1186) | void
function buffer_list_defined (line 1196) | bool
function buffer_list_reset (line 1202) | void
function buffer_list_push (line 1217) | void
type buffer_entry (line 1231) | struct buffer_entry
type buffer_list (line 1232) | struct buffer_list
type buffer_entry (line 1234) | struct buffer_entry
type buffer (line 1258) | struct buffer
type buffer_list (line 1259) | struct buffer_list
function buffer_list_aggregate_separator (line 1271) | void
function buffer_list_aggregate (line 1320) | void
function buffer_list_pop (line 1326) | void
function buffer_list_advance (line 1343) | void
type buffer_list (line 1357) | struct buffer_list
type buffer_list (line 1361) | struct buffer_list
function buffer_read_from_file (line 1380) | struct buffer
FILE: src/openvpn/buffer.h
type buffer (line 59) | struct buffer
type gc_entry (line 86) | struct gc_entry
type gc_entry_special (line 97) | struct gc_entry_special
type gc_arena (line 115) | struct gc_arena
type buffer (line 132) | struct buffer
type buffer (line 134) | struct buffer
type buffer (line 136) | struct buffer
type buffer (line 136) | struct buffer
type gc_arena (line 145) | struct gc_arena
type buffer (line 160) | struct buffer
type buffer (line 162) | struct buffer
type gc_arena (line 162) | struct gc_arena
type buffer (line 164) | struct buffer
type buffer (line 164) | struct buffer
type gc_arena (line 166) | struct gc_arena
type gc_arena (line 168) | struct gc_arena
type buffer (line 170) | struct buffer
type gc_arena (line 170) | struct gc_arena
type buffer (line 175) | struct buffer
type buffer (line 177) | struct buffer
type gc_arena (line 178) | struct gc_arena
type buffer (line 180) | struct buffer
type buffer (line 180) | struct buffer
type gc_arena (line 182) | struct gc_arena
type gc_arena (line 184) | struct gc_arena
type buffer (line 186) | struct buffer
type gc_arena (line 186) | struct gc_arena
type gc_arena (line 190) | struct gc_arena
type gc_arena (line 203) | struct gc_arena
type buffer (line 207) | struct buffer
function gc_freeaddrinfo_callback (line 215) | static inline void
function clear_buf (line 222) | static inline struct buffer
function buf_defined (line 228) | static inline bool
function buf_valid (line 234) | static inline bool
type buffer (line 241) | struct buffer
function buf_len (line 253) | static int
type buffer (line 267) | struct buffer
type buffer (line 273) | struct buffer
function buf_size_valid (line 285) | static inline bool
function buf_size_valid_signed (line 291) | static inline bool
type buffer (line 298) | struct buffer
function buf_reset (line 303) | static inline void
function buf_reset_len (line 312) | static inline void
function buf_init_dowork (line 319) | static inline bool
function buf_set_write (line 331) | static inline void
function buf_set_read (line 348) | static inline void
function strncpynt (line 361) | static inline void
function has_digit (line 372) | static inline bool
function secure_memzero (line 414) | static inline void
type buffer (line 437) | struct buffer
type buffer (line 450) | struct buffer
type buffer (line 457) | struct buffer
type buffer (line 459) | struct buffer
type buffer (line 461) | struct buffer
type buffer (line 482) | struct buffer
type buffer (line 488) | struct buffer
type buffer (line 493) | struct buffer
type gc_arena (line 501) | struct gc_arena
type gc_arena (line 504) | struct gc_arena
type buffer (line 512) | struct buffer
type buffer (line 512) | struct buffer
function buf_safe (line 518) | static inline bool
function buf_safe_bidir (line 525) | static inline bool
function buf_forward_capacity (line 539) | static inline int
function buf_forward_capacity_total (line 557) | static inline int
function buf_reverse_capacity (line 575) | static inline int
function buf_inc_len (line 588) | static inline bool
type buffer (line 605) | struct buffer
function buf_advance (line 616) | static inline bool
type buffer (line 634) | struct buffer
type buffer (line 647) | struct buffer
function buf_write (line 660) | static inline bool
function buf_write_prepend (line 672) | static inline bool
function buf_write_u8 (line 684) | static inline bool
function buf_write_u16 (line 690) | static inline bool
function buf_write_u32 (line 697) | static inline bool
function buf_copy (line 704) | static inline bool
function buf_copy_n (line 710) | static inline bool
function buf_copy_range (line 721) | static inline bool
function buf_copy_excess (line 739) | static inline bool
function buf_read (line 762) | static inline bool
function buf_peek_u8 (line 774) | static inline int
function buf_read_u8 (line 786) | static inline int
function buf_read_u16 (line 797) | static inline int
function buf_read_u32 (line 808) | static inline uint32_t
function buf_equal (line 831) | static inline bool
function buf_string_match (line 841) | static inline bool
function buf_string_match_head (line 855) | static inline bool
type buffer (line 865) | struct buffer
type buffer (line 867) | struct buffer
type buffer (line 869) | struct buffer
type buffer (line 946) | struct buffer
type gc_arena (line 964) | struct gc_arena
function strprefix (line 969) | static inline bool
type buffer (line 1003) | struct buffer
type gc_arena (line 1015) | struct gc_arena
type gc_arena (line 1015) | struct gc_arena
type gc_arena (line 1017) | struct gc_arena
type gc_arena (line 1019) | struct gc_arena
function gc_defined (line 1021) | static inline bool
function gc_init (line 1027) | static inline void
function gc_detach (line 1034) | static inline void
function gc_new (line 1040) | static inline struct gc_arena
function gc_free (line 1048) | static inline void
function gc_reset (line 1061) | static inline void
function check_malloc_return (line 1130) | static inline void
type buffer_entry (line 1142) | struct buffer_entry
type buffer_list (line 1148) | struct buffer_list
type buffer_list (line 1161) | struct buffer_list
type buffer_list (line 1168) | struct buffer_list
type buffer_list (line 1177) | struct buffer_list
type buffer_list (line 1184) | struct buffer_list
type buffer_list (line 1192) | struct buffer_list
type buffer_entry (line 1203) | struct buffer_entry
type buffer_list (line 1203) | struct buffer_list
type buffer (line 1212) | struct buffer
type buffer_list (line 1212) | struct buffer_list
type buffer_list (line 1214) | struct buffer_list
type buffer_list (line 1216) | struct buffer_list
type buffer_list (line 1227) | struct buffer_list
type buffer_list (line 1241) | struct buffer_list
type buffer_list (line 1243) | struct buffer_list
type buffer (line 1255) | struct buffer
type gc_arena (line 1255) | struct gc_arena
FILE: src/openvpn/clinat.c
function add_entry (line 34) | static bool
function print_client_nat_list (line 49) | void
type client_nat_option_list (line 70) | struct client_nat_option_list
type gc_arena (line 71) | struct gc_arena
type client_nat_option_list (line 73) | struct client_nat_option_list
type client_nat_option_list (line 78) | struct client_nat_option_list
type client_nat_option_list (line 79) | struct client_nat_option_list
type gc_arena (line 79) | struct gc_arena
type client_nat_option_list (line 81) | struct client_nat_option_list
function copy_client_nat_option_list (line 87) | void
function add_client_nat_to_option_list (line 101) | void
function print_checksum (line 146) | static void
function print_pkt (line 161) | static void
function client_nat_transform (line 183) | void
FILE: src/openvpn/clinat.h
type client_nat_entry (line 33) | struct client_nat_entry
type client_nat_option_list (line 43) | struct client_nat_option_list
type client_nat_option_list (line 49) | struct client_nat_option_list
type gc_arena (line 49) | struct gc_arena
type client_nat_option_list (line 51) | struct client_nat_option_list
type client_nat_option_list (line 52) | struct client_nat_option_list
type gc_arena (line 52) | struct gc_arena
type client_nat_option_list (line 54) | struct client_nat_option_list
type client_nat_option_list (line 55) | struct client_nat_option_list
type client_nat_option_list (line 57) | struct client_nat_option_list
type client_nat_option_list (line 59) | struct client_nat_option_list
type client_nat_option_list (line 63) | struct client_nat_option_list
type buffer (line 63) | struct buffer
FILE: src/openvpn/common.h
type counter_type (line 31) | typedef uint64_t counter_type;
type interval_t (line 37) | typedef int interval_t;
type ptr_type (line 57) | typedef unsigned long long ptr_type;
type ptr_type (line 59) | typedef unsigned long ptr_type;
FILE: src/openvpn/comp-lz4.c
function lz4_compress_init (line 39) | static void
function lz4v2_compress_init (line 46) | static void
function lz4_compress_uninit (line 52) | static void
function lz4_compress (line 58) | static void
function lz4v2_compress (line 79) | static void
function do_lz4_decompress (line 91) | static void
function lz4_decompress (line 115) | static void
function lz4v2_decompress (line 152) | static void
type compress_alg (line 200) | struct compress_alg
type compress_alg (line 203) | struct compress_alg
FILE: src/openvpn/comp-lz4.h
type compress_alg (line 31) | struct compress_alg
type compress_alg (line 32) | struct compress_alg
type lz4_workspace (line 34) | struct lz4_workspace
FILE: src/openvpn/comp.c
type compress_context (line 38) | struct compress_context
type compress_options (line 39) | struct compress_options
type compress_context (line 41) | struct compress_context
function compv2_escape_data_ifneeded (line 89) | void
function comp_uninit (line 107) | void
function comp_print_stats (line 117) | void
function comp_generate_peer_info_string (line 132) | void
function check_compression_settings_valid (line 161) | bool
FILE: src/openvpn/comp.h
type compress_options (line 74) | struct compress_options
function comp_non_stub_enabled (line 80) | static inline bool
type compress_options (line 94) | struct compress_options
type compress_context (line 141) | struct compress_context
type compress_alg (line 146) | struct compress_alg
type lzo_compress_workspace (line 175) | struct lzo_compress_workspace
type lz4_workspace (line 178) | struct lz4_workspace
type compress_context (line 185) | struct compress_context
type compress_alg (line 198) | struct compress_alg
type compress_alg (line 199) | struct compress_alg
type compress_context (line 201) | struct compress_context
type compress_options (line 201) | struct compress_options
type compress_context (line 203) | struct compress_context
type compress_context (line 205) | struct compress_context
type status_output (line 205) | struct status_output
type compress_options (line 207) | struct compress_options
type buffer (line 207) | struct buffer
type buffer (line 209) | struct buffer
function comp_enabled (line 211) | static inline bool
FILE: src/openvpn/compstub.c
function stub_compress_init (line 37) | static void
function stub_compress_uninit (line 42) | static void
function stub_compress (line 47) | static void
function stub_decompress (line 73) | static void
function stubv2_compress (line 107) | static void
function stubv2_decompress (line 119) | static void
type compress_alg (line 156) | struct compress_alg
type compress_alg (line 159) | struct compress_alg
FILE: src/openvpn/console.c
type _query_user (line 40) | struct _query_user
function query_user_clear (line 43) | void
function query_user_add (line 55) | void
FILE: src/openvpn/console.h
type _query_user (line 33) | struct _query_user
type _query_user (line 42) | struct _query_user
function query_user_exec (line 90) | static inline bool
function query_user_exec (line 102) | static inline bool
function query_user_SINGLE (line 117) | static inline bool
FILE: src/openvpn/console_builtin.c
function get_console_input_win32 (line 59) | static bool
function FILE (line 152) | static FILE *
function close_tty (line 170) | static void
function get_console_input (line 192) | static bool
function query_user_exec_builtin (line 279) | bool
FILE: src/openvpn/console_systemd.c
function check_systemd_running (line 44) | static bool
function get_console_input_systemd (line 56) | static bool
function query_user_exec_systemd (line 94) | bool
FILE: src/openvpn/crypto.c
function openvpn_encrypt_aead (line 65) | static void
function openvpn_encrypt_v1 (line 196) | static void
function openvpn_encrypt (line 328) | void
function cipher_get_aead_limits (line 344) | uint64_t
function crypto_check_replay (line 375) | bool
function openvpn_decrypt_aead (line 434) | static bool
function openvpn_decrypt_v1 (line 615) | static bool
function openvpn_decrypt (line 778) | bool
function calculate_crypto_overhead (line 802) | size_t
function crypto_max_overhead (line 849) | unsigned int
function warn_insecure_key_type (line 856) | static void
function init_key_type (line 874) | void
function key_ctx_update_implicit_iv (line 963) | static void
function init_key_ctx (line 995) | void
function init_key_bi_ctx_send (line 1037) | void
function init_key_bi_ctx_recv (line 1049) | void
function init_key_ctx_bi (line 1061) | void
function free_key_ctx (line 1080) | void
function free_key_ctx_bi (line 1099) | void
function key_is_zero (line 1107) | static bool
function check_key (line 1125) | bool
function generate_key_random (line 1144) | static void
function key_print (line 1165) | static void
function key2_print (line 1179) | void
function key_parameters_from_key (line 1188) | void
function test_crypto (line 1198) | void
function crypto_read_openvpn_key (line 1289) | void
function generate_test_crypto_random_key (line 1328) | void
function read_key_file (line 1352) | void
function write_key_file (line 1555) | int
function must_have_n_keys (line 1613) | void
function ascii2keydirection (line 1631) | int
function key_direction_state_init (line 1683) | void
function verify_fix_key2 (line 1712) | void
function prng_bytes (line 1728) | void
function get_random (line 1735) | long int
function print_cipher (line 1747) | void
function cipher_name_pair (line 1775) | static const cipher_name_pair *
function write_pem_key_file (line 1822) | void
function generate_ephemeral_key (line 1859) | bool
function read_pem_key_file (line 1877) | bool
function check_tls_prf_working (line 1914) | bool
FILE: src/openvpn/crypto.h
type sha256_digest (line 132) | struct sha256_digest
type key_type (line 140) | struct key_type
type key (line 151) | struct key
type key_parameters (line 162) | struct key_parameters
type key_parameters (line 189) | struct key_parameters
type key (line 189) | struct key
type epoch_key (line 191) | struct epoch_key
type key_ctx (line 201) | struct key_ctx
type key2 (line 239) | struct key2
type key_direction_state (line 258) | struct key_direction_state
type key_ctx_bi (line 279) | struct key_ctx_bi
type crypto_options (line 292) | struct crypto_options
type key2 (line 408) | struct key2
type key (line 417) | struct key
type key_type (line 417) | struct key_type
type key_type (line 429) | struct key_type
type key_ctx (line 436) | struct key_ctx
type key_parameters (line 436) | struct key_parameters
type key_type (line 436) | struct key_type
type key_ctx (line 439) | struct key_ctx
type key_parameters (line 439) | struct key_parameters
type key_type (line 440) | struct key_type
type key_ctx (line 442) | struct key_ctx
type key_parameters (line 442) | struct key_parameters
type key_type (line 443) | struct key_type
type key_ctx (line 445) | struct key_ctx
type key_ctx_bi (line 447) | struct key_ctx_bi
type key2 (line 447) | struct key2
type key_type (line 448) | struct key_type
type key_ctx_bi (line 450) | struct key_ctx_bi
type buffer (line 483) | struct buffer
type buffer (line 483) | struct buffer
type crypto_options (line 483) | struct crypto_options
type buffer (line 519) | struct buffer
type buffer (line 519) | struct buffer
type crypto_options (line 519) | struct crypto_options
type frame (line 520) | struct frame
type crypto_options (line 535) | struct crypto_options
type packet_id_net (line 535) | struct packet_id_net
type gc_arena (line 536) | struct gc_arena
type key_type (line 552) | struct key_type
type buffer (line 574) | struct buffer
type buffer (line 586) | struct buffer
type crypto_options (line 612) | struct crypto_options
type frame (line 612) | struct frame
type key_direction_state (line 617) | struct key_direction_state
type key2 (line 619) | struct key2
type key_type (line 619) | struct key_type
type key2 (line 621) | struct key2
type key2 (line 628) | struct key2
type key_type (line 628) | struct key_type
type key_type (line 631) | struct key_type
type key_ctx_bi (line 631) | struct key_ctx_bi
type key2 (line 633) | struct key2
type key_type (line 639) | struct key_type
type key_ctx_bi (line 639) | struct key_ctx_bi
function key_ctx_bi_defined (line 652) | static inline bool
function create_kt (line 680) | static inline struct key_type
function cipher_decrypt_verify_fail_exceeded (line 715) | static inline bool
function cipher_decrypt_verify_fail_warn (line 730) | static inline bool
function aead_usage_limit_reached (line 759) | static inline bool
FILE: src/openvpn/crypto_backend.h
type hash_algo_type (line 58) | typedef enum
type cipher_name_pair (line 65) | typedef struct
type buffer (line 134) | struct buffer
type buffer (line 134) | struct buffer
type gc_arena (line 135) | struct gc_arena
type buffer (line 146) | struct buffer
type buffer (line 146) | struct buffer
function cipher_valid (line 211) | static inline bool
function cipher_defined (line 225) | static inline bool
function md_defined (line 510) | static inline bool
FILE: src/openvpn/crypto_epoch.c
function ovpn_hkdf_expand (line 41) | void
function ovpn_expand_label (line 76) | bool
function epoch_key_iterate (line 123) | static void
function epoch_data_key_derive (line 139) | void
function epoch_init_send_key_ctx (line 168) | static void
function epoch_init_recv_key (line 188) | static void
function epoch_generate_future_receive_keys (line 202) | void
function epoch_iterate_send_key (line 275) | void
function epoch_replace_update_recv_key (line 284) | void
function free_epoch_key_ctx (line 337) | void
function epoch_init_key_ctx (line 352) | void
type key_ctx (line 373) | struct key_ctx
type crypto_options (line 374) | struct crypto_options
function epoch_check_send_iterate (line 412) | void
FILE: src/openvpn/crypto_epoch.h
type key_parameters (line 71) | struct key_parameters
type epoch_key (line 71) | struct epoch_key
type key_type (line 72) | struct key_type
type crypto_options (line 87) | struct crypto_options
type crypto_options (line 98) | struct crypto_options
type crypto_options (line 103) | struct crypto_options
type crypto_options (line 108) | struct crypto_options
type crypto_options (line 123) | struct crypto_options
type key_type (line 123) | struct key_type
type epoch_key (line 124) | struct epoch_key
type epoch_key (line 124) | struct epoch_key
type key_ctx (line 134) | struct key_ctx
type crypto_options (line 134) | struct crypto_options
type crypto_options (line 143) | struct crypto_options
FILE: src/openvpn/crypto_mbedtls.c
function crypto_init_lib_engine (line 63) | void
function provider_t (line 70) | provider_t *
function crypto_unload_provider (line 80) | void
function cipher_info_t (line 116) | static const cipher_info_t *
function rand_bytes (line 135) | int
function cipher_valid_reason (line 146) | bool
function cipher_kt_key_size (line 186) | unsigned int
function cipher_kt_iv_size (line 197) | unsigned int
function cipher_kt_block_size (line 209) | unsigned int
function cipher_kt_tag_size (line 220) | unsigned int
function cipher_kt_insecure (line 230) | bool
function cipher_kt_mode_cbc (line 243) | bool
function cipher_kt_mode_ofb_cfb (line 254) | bool
function cipher_kt_mode_aead (line 265) | bool
function cipher_ctx_t (line 276) | cipher_ctx_t *
function cipher_ctx_free (line 286) | void
function cipher_ctx_init (line 301) | void
function cipher_ctx_iv_length (line 326) | unsigned int
function cipher_ctx_get_tag (line 332) | int
function cipher_ctx_block_size (line 344) | unsigned int
function cipher_ctx_mode (line 350) | int
function cipher_ctx_mode_cbc (line 357) | bool
function cipher_ctx_mode_ofb_cfb (line 363) | bool
function cipher_ctx_mode_aead (line 374) | bool
function cipher_ctx_direction (line 385) | static int
function cipher_ctx_reset (line 403) | int
function needed_dst_size (line 479) | static size_t
function cipher_ctx_update_ad (line 499) | int
function cipher_ctx_update (line 514) | int
function cipher_ctx_final (line 549) | int
function cipher_ctx_final_check_tag (line 586) | int
function md_info_t (line 641) | static const md_info_t *
function md_valid (line 654) | bool
function md_kt_size (line 676) | unsigned char
function md_ctx_t (line 691) | md_ctx_t *
function md_full (line 699) | bool
function md_ctx_free (line 721) | void
function md_ctx_init (line 727) | void
function md_ctx_cleanup (line 737) | void
function md_ctx_size (line 743) | int
function md_ctx_update (line 753) | void
function md_ctx_final (line 759) | void
function hmac_ctx_t (line 771) | hmac_ctx_t *
function hmac_ctx_free (line 779) | void
function hmac_ctx_init_with_arbitrary_key_length (line 785) | static void
function hmac_ctx_init (line 801) | void
function hmac_ctx_cleanup (line 810) | void
function hmac_ctx_size (line 817) | int
function hmac_ctx_reset (line 823) | void
function hmac_ctx_update (line 830) | void
function hmac_ctx_final (line 837) | void
function tls1_P_hash (line 860) | static void
function ssl_tls1_PRF (line 942) | bool
function crypto_init_lib (line 979) | void
function crypto_uninit_lib (line 984) | void
function crypto_clear_error (line 989) | void
function mbed_log_err (line 994) | bool
function mbed_log_func_line (line 1012) | bool
function memcmp_constant_time (line 1025) | int
function show_available_ciphers (line 1031) | void
function show_available_digests (line 1069) | void
function show_available_engines (line 1092) | void
function crypto_pem_encode (line 1099) | bool
function crypto_pem_decode (line 1138) | bool
FILE: src/openvpn/crypto_mbedtls.h
type crypto_operation_t (line 53) | typedef int crypto_operation_t;
type provider_t (line 66) | typedef void provider_t;
type cipher_info_t (line 68) | typedef struct cipher_info
type cipher_operation_t (line 78) | typedef union psa_cipher_or_aead_operation
type cipher_ctx_t (line 84) | typedef struct cipher_ctx
type md_info_t (line 94) | typedef struct md_info
type md_ctx_t (line 100) | typedef struct md_ctx
type hmac_ctx_t (line 106) | typedef struct hmac_ctx
function mbed_log_func_line_lite (line 138) | static inline bool
FILE: src/openvpn/crypto_mbedtls_legacy.c
function crypto_init_lib_engine (line 67) | void
function provider_t (line 74) | provider_t *
function crypto_unload_provider (line 84) | void
function crypto_init_lib (line 95) | void
function crypto_uninit_lib (line 100) | void
function crypto_clear_error (line 105) | void
function mbed_log_err (line 110) | bool
function mbed_log_func_line (line 128) | bool
function crypto_init_dmalloc (line 143) | void
function show_available_ciphers (line 160) | void
function show_available_digests (line 202) | void
function show_available_engines (line 229) | void
function crypto_pem_encode (line 241) | bool
function crypto_pem_decode (line 279) | bool
function mbedtls_ctr_drbg_context (line 332) | mbedtls_ctr_drbg_context *
function rand_bytes (line 369) | int
function mbedtls_cipher_info_t (line 394) | static const mbedtls_cipher_info_t *
function cipher_valid_reason (line 406) | bool
function cipher_kt_key_size (line 448) | unsigned int
function cipher_kt_iv_size (line 461) | unsigned int
function cipher_kt_block_size (line 473) | unsigned int
function cipher_kt_tag_size (line 484) | unsigned int
function cipher_kt_insecure (line 494) | bool
function mbedtls_cipher_mode_t (line 510) | static mbedtls_cipher_mode_t
function cipher_kt_mode_cbc (line 517) | bool
function cipher_kt_mode_ofb_cfb (line 524) | bool
function cipher_kt_mode_aead (line 533) | bool
function mbedtls_cipher_context_t (line 552) | mbedtls_cipher_context_t *
function cipher_ctx_free (line 560) | void
function cipher_ctx_init (line 567) | void
function cipher_ctx_iv_length (line 600) | unsigned int
function cipher_ctx_get_tag (line 606) | int
function cipher_ctx_block_size (line 622) | unsigned int
function cipher_ctx_mode (line 628) | int
function cipher_ctx_mode_cbc (line 636) | bool
function cipher_ctx_mode_ofb_cfb (line 643) | bool
function cipher_ctx_mode_aead (line 651) | bool
function cipher_ctx_reset (line 662) | int
function cipher_ctx_update_ad (line 678) | int
function cipher_ctx_update (line 694) | int
function cipher_ctx_final (line 710) | int
function cipher_ctx_final_check_tag (line 725) | int
function mbedtls_md_info_t (line 772) | static const mbedtls_md_info_t *
function md_valid (line 793) | bool
function md_kt_size (line 811) | unsigned char
function md_full (line 828) | bool
function mbedtls_md_context_t (line 835) | mbedtls_md_context_t *
function md_ctx_free (line 843) | void
function md_ctx_init (line 849) | void
function md_ctx_cleanup (line 860) | void
function md_ctx_size (line 866) | int
function md_ctx_update (line 876) | void
function md_ctx_final (line 882) | void
function mbedtls_md_context_t (line 901) | mbedtls_md_context_t *
function hmac_ctx_free (line 909) | void
function hmac_ctx_init (line 915) | void
function hmac_ctx_cleanup (line 930) | void
function hmac_ctx_size (line 936) | int
function hmac_ctx_reset (line 946) | void
function hmac_ctx_update (line 952) | void
function hmac_ctx_final (line 958) | void
function memcmp_constant_time (line 964) | int
function tls1_P_hash (line 1000) | static void
function ssl_tls1_PRF (line 1087) | bool
FILE: src/openvpn/crypto_mbedtls_legacy.h
type mbedtls_md_info_t (line 38) | typedef mbedtls_md_info_t md_kt_t;
type mbedtls_cipher_context_t (line 41) | typedef mbedtls_cipher_context_t cipher_ctx_t;
type mbedtls_md_context_t (line 44) | typedef mbedtls_md_context_t md_ctx_t;
type mbedtls_md_context_t (line 47) | typedef mbedtls_md_context_t hmac_ctx_t;
type provider_t (line 50) | typedef void provider_t;
type mbedtls_operation_t (line 67) | typedef mbedtls_operation_t crypto_operation_t;
function mbed_log_func_line_lite (line 116) | static inline bool
FILE: src/openvpn/crypto_openssl.c
function ENGINE (line 90) | static ENGINE *
function ENGINE (line 106) | static ENGINE *
function crypto_init_lib_engine (line 138) | void
function provider_t (line 154) | provider_t *
function crypto_unload_provider (line 171) | void
function crypto_init_lib (line 188) | void
function crypto_uninit_lib (line 203) | void
function crypto_clear_error (line 223) | void
function crypto_print_openssl_errors (line 229) | void
function crypto_free (line 297) | static void
function crypto_init_dmalloc (line 303) | void
function cipher_name_cmp (line 320) | static int
type collect_ciphers (line 329) | struct collect_ciphers
function collect_ciphers (line 336) | static void
function show_available_ciphers (line 363) | void
function print_digest (line 424) | void
function show_available_digests (line 431) | void
function show_available_engines (line 472) | void
function crypto_pem_encode (line 495) | bool
function crypto_pem_decode (line 523) | bool
function rand_bytes (line 582) | int
function evp_cipher_type (line 599) | static evp_cipher_type *
function cipher_valid_reason (line 608) | bool
function cipher_kt_key_size (line 672) | unsigned int
function cipher_kt_iv_size (line 682) | unsigned int
function cipher_kt_block_size (line 692) | unsigned int
function cipher_kt_tag_size (line 742) | unsigned int
function cipher_kt_insecure (line 755) | bool
function cipher_kt_mode (line 777) | int
function cipher_kt_mode_cbc (line 784) | bool
function cipher_kt_mode_ofb_cfb (line 801) | bool
function cipher_kt_mode_aead (line 814) | bool
function cipher_ctx_t (line 846) | cipher_ctx_t *
function cipher_ctx_free (line 854) | void
function cipher_ctx_init (line 860) | void
function cipher_ctx_iv_length (line 878) | unsigned int
function cipher_ctx_get_tag (line 884) | int
function cipher_ctx_block_size (line 890) | unsigned int
function cipher_ctx_mode (line 896) | int
function cipher_ctx_mode_cbc (line 902) | bool
function cipher_ctx_mode_ofb_cfb (line 921) | bool
function cipher_ctx_mode_aead (line 936) | bool
function cipher_ctx_reset (line 959) | int
function cipher_ctx_update_ad (line 965) | int
function cipher_ctx_update (line 976) | int
function cipher_ctx_final (line 986) | int
function cipher_ctx_final_check_tag (line 992) | int
function evp_md_type (line 1012) | static evp_md_type *
function md_valid (line 1034) | bool
function md_kt_size (line 1090) | unsigned char
function md_full (line 1110) | bool
function EVP_MD_CTX (line 1121) | EVP_MD_CTX *
function md_ctx_free (line 1129) | void
function md_ctx_init (line 1135) | void
function md_ctx_cleanup (line 1149) | void
function md_ctx_size (line 1155) | int
function md_ctx_update (line 1161) | void
function md_ctx_final (line 1167) | void
function HMAC_CTX (line 1182) | HMAC_CTX *
function hmac_ctx_free (line 1190) | void
function hmac_ctx_init (line 1196) | void
function hmac_ctx_cleanup (line 1213) | void
function hmac_ctx_size (line 1224) | int
function hmac_ctx_reset (line 1234) | void
function hmac_ctx_update (line 1243) | void
function hmac_ctx_final (line 1249) | void
function hmac_ctx_t (line 1257) | hmac_ctx_t *
function hmac_ctx_free (line 1271) | void
function hmac_ctx_init (line 1279) | void
function hmac_ctx_cleanup (line 1307) | void
function hmac_ctx_size (line 1313) | int
function hmac_ctx_reset (line 1319) | void
function hmac_ctx_update (line 1331) | void
function hmac_ctx_final (line 1337) | void
function memcmp_constant_time (line 1348) | int
function ssl_tls1_PRF (line 1354) | bool
function ssl_tls1_PRF (line 1405) | bool
function ssl_tls1_PRF (line 1418) | bool
function ssl_tls1_PRF (line 1472) | bool
FILE: src/openvpn/crypto_openssl.h
type EVP_CIPHER_CTX (line 41) | typedef EVP_CIPHER_CTX cipher_ctx_t;
type EVP_MD_CTX (line 44) | typedef EVP_MD_CTX md_ctx_t;
type HMAC_CTX (line 48) | typedef HMAC_CTX hmac_ctx_t;
type provider_t (line 51) | typedef void provider_t;
type hmac_ctx_t (line 53) | typedef struct
type OSSL_PROVIDER (line 60) | typedef OSSL_PROVIDER provider_t;
type EVP_CIPHER (line 67) | typedef const EVP_CIPHER evp_cipher_type;
type EVP_MD (line 68) | typedef const EVP_MD evp_md_type;
type EVP_CIPHER (line 70) | typedef EVP_CIPHER evp_cipher_type;
type EVP_MD (line 71) | typedef EVP_MD evp_md_type;
type crypto_operation_t (line 89) | typedef int crypto_operation_t;
FILE: src/openvpn/cryptoapi.c
function SSL_CTX_use_CryptoAPI_certificate (line 57) | int
type CAPI_DATA (line 68) | typedef struct _CAPI_DATA
function wchar_t (line 83) | static const wchar_t *
function CAPI_DATA_free (line 121) | static void
function DWORD (line 156) | static DWORD
type gc_arena (line 181) | struct gc_arena
function CRYPT_OID_INFO (line 203) | static const CRYPT_OID_INFO *
function test_certificate_template (line 220) | static bool
function CERT_CONTEXT (line 261) | static const CERT_CONTEXT *
function xkey_cng_ec_sign (line 345) | static int
function xkey_cng_rsa_sign (line 375) | static int
function xkey_cng_sign (line 445) | static int
type gc_arena (line 485) | struct gc_arena
function Load_CryptoAPI_certificate (line 508) | static int
function SSL_CTX_use_CryptoAPI_certificate (line 599) | int
FILE: src/openvpn/dco.c
function dco_install_key (line 53) | static int
function init_key_dco_bi (line 86) | int
type key_state (line 106) | struct key_state
type tls_multi (line 107) | struct tls_multi
type key_state (line 107) | struct key_state
type key_state (line 111) | struct key_state
type key_ctx_bi (line 112) | struct key_ctx_bi
function dco_update_keys (line 129) | bool
function dco_check_option_ce (line 236) | static bool
function dco_check_startup_option (line 296) | bool
function dco_check_option (line 433) | bool
function dco_check_pull_options (line 495) | bool
function dco_p2p_add_new_peer (line 507) | int
function dco_remove_peer (line 542) | void
function dco_multi_get_localaddr (line 557) | static bool
function dco_multi_add_new_peer (line 607) | int
function dco_install_iroute (line 661) | void
function dco_delete_iroutes (line 725) | void
FILE: src/openvpn/dco.h
type event_set (line 36) | struct event_set
type key2 (line 37) | struct key2
type key_state (line 38) | struct key_state
type multi_context (line 39) | struct multi_context
type multi_instance (line 40) | struct multi_instance
type mroute_addr (line 41) | struct mroute_addr
type options (line 42) | struct options
type tls_multi (line 43) | struct tls_multi
type tuntap (line 44) | struct tuntap
type gc_arena (line 67) | struct gc_arena
type options (line 78) | struct options
type options (line 90) | struct options
type options (line 101) | struct options
type context (line 109) | struct context
type tuntap (line 119) | struct tuntap
type tuntap (line 127) | struct tuntap
type event_set (line 141) | struct event_set
type tls_multi (line 157) | struct tls_multi
type key_state (line 157) | struct key_state
type key2 (line 157) | struct key2
type tls_multi (line 169) | struct tls_multi
type context (line 176) | struct context
type context (line 198) | struct context
type multi_context (line 207) | struct multi_context
type multi_instance (line 207) | struct multi_instance
type multi_context (line 217) | struct multi_context
type multi_instance (line 217) | struct multi_instance
type mroute_addr (line 218) | struct mroute_addr
type multi_context (line 226) | struct multi_context
type multi_instance (line 226) | struct multi_instance
type context (line 242) | struct context
type context (line 256) | struct context
function dco_available (line 261) | static inline bool
type gc_arena (line 268) | struct gc_arena
function dco_check_option (line 273) | static inline bool
function dco_check_startup_option (line 279) | static inline bool
function dco_check_pull_options (line 285) | static inline bool
function ovpn_dco_init (line 291) | static inline bool
function open_tun_dco (line 297) | static inline int
function close_tun_dco (line 303) | static inline void
function dco_read_and_process (line 308) | static inline int
function dco_event_set (line 315) | static inline void
function init_key_dco_bi (line 320) | static inline int
function dco_update_keys (line 327) | static inline bool
function dco_p2p_add_new_peer (line 334) | static inline int
function dco_set_peer (line 340) | static inline int
function dco_remove_peer (line 347) | static inline void
function dco_multi_add_new_peer (line 352) | static inline int
function dco_install_iroute (line 358) | static inline void
function dco_delete_iroutes (line 363) | static inline void
function dco_get_peer_stats_multi (line 368) | static inline int
function dco_get_peer_stats (line 374) | static inline int
function dco_supports_epoch_data (line 386) | static inline bool
FILE: src/openvpn/dco_freebsd.c
function nvlist_t (line 42) | static nvlist_t *
function nvlist_to_sockaddr (line 75) | static bool
function dco_new_peer (line 135) | int
function open_fd (line 197) | static int
function close_fd (line 217) | static void
function ovpn_dco_init (line 225) | bool
function dco_set_ifmode (line 238) | static int
function create_interface (line 265) | static int
function remove_interface (line 308) | static int
function open_tun_dco (line 328) | int
function close_tun_dco (line 347) | void
function dco_swap_keys (line 354) | int
function dco_del_peer (line 383) | int
function dco_del_key (line 412) | int
function nvlist_t (line 442) | static nvlist_t *
function start_tun (line 463) | static int
function dco_new_key (line 482) | int
function dco_set_peer (line 529) | int
function dco_update_peer_stat (line 567) | static void
function dco_read_and_process (line 589) | int
function dco_available (line 714) | bool
type gc_arena (line 775) | struct gc_arena
type utsname (line 777) | struct utsname
function dco_event_set (line 788) | void
function dco_get_peer_stats_multi (line 830) | int
function dco_get_peer_stats (line 915) | int
function dco_supports_epoch_data (line 939) | bool
FILE: src/openvpn/dco_freebsd.h
type dco_key_slot_t (line 31) | typedef enum ovpn_key_slot dco_key_slot_t;
type dco_cipher_t (line 32) | typedef enum ovpn_key_cipher dco_cipher_t;
type ovpn_message_type_t (line 34) | enum ovpn_message_type_t
type ovpn_del_reason_t (line 44) | enum ovpn_del_reason_t
type dco_context_t (line 52) | typedef struct dco_context
FILE: src/openvpn/dco_internal.h
function dco_cipher_t (line 39) | static inline dco_cipher_t
type sockaddr (line 62) | struct sockaddr
type sockaddr (line 63) | struct sockaddr
type in_addr (line 63) | struct in_addr
type in6_addr (line 63) | struct in6_addr
FILE: src/openvpn/dco_linux.c
type key_ctx_bi (line 70) | struct key_ctx_bi
type nl_msg (line 72) | struct nl_msg
function resolve_ovpn_netlink_id (line 85) | static int
type nl_msg (line 116) | struct nl_msg
type nl_msg (line 119) | struct nl_msg
function ovpn_nl_recvmsgs (line 136) | static int
function ovpn_nl_msg_send (line 186) | static int
type sockaddr (line 207) | struct sockaddr
type sockaddr (line 208) | struct sockaddr
type gc_arena (line 208) | struct gc_arena
type sockaddr_in6 (line 210) | struct sockaddr_in6
type sockaddr_in6 (line 210) | struct sockaddr_in6
type sockaddr_in (line 213) | struct sockaddr_in
type sockaddr (line 218) | struct sockaddr
function dco_new_peer (line 223) | int
function ovpn_nl_cb_finish (line 299) | static int
type ovpn_nlmsgerr_attrs (line 321) | enum ovpn_nlmsgerr_attrs
function ovpn_nl_cb_error (line 336) | static int
function ovpn_dco_register (line 389) | static void
type nl_msg (line 410) | struct nl_msg
function ovpn_dco_init_netlink (line 412) | static void
function ovpn_dco_init (line 465) | bool
function ovpn_dco_uninit_netlink (line 492) | static void
function open_tun_dco (line 504) | int
function close_tun_dco (line 526) | void
function dco_swap_keys (line 535) | int
function dco_del_peer (line 559) | int
function dco_del_key (line 583) | int
function dco_new_key (line 607) | int
function dco_set_peer (line 661) | int
function mcast_family_handler (line 695) | static int
function ovpn_get_mcast_id (line 739) | static int
function ovpn_parse_float_addr (line 766) | static bool
function ovpn_nla_get_uint (line 805) | static uint64_t
function dco_update_peer_stat (line 818) | static void
function ovpn_handle_peer (line 867) | static int
function ovpn_iface_check (line 926) | static bool
function ovpn_handle_peer_del_ntf (line 948) | static int
function ovpn_handle_peer_float_ntf (line 992) | static int
function ovpn_handle_key_swap_ntf (line 1036) | static int
function ovpn_handle_msg (line 1080) | static int
function dco_read_and_process (line 1171) | int
function dco_get_peer (line 1179) | static int
function dco_get_peer_stats (line 1230) | int
function dco_get_peer_stats_multi (line 1241) | int
function dco_available (line 1247) | bool
type gc_arena (line 1264) | struct gc_arena
type buffer (line 1266) | struct buffer
type utsname (line 1267) | struct utsname
type gc_arena (line 1287) | struct gc_arena
type gc_arena (line 1307) | struct gc_arena
type stat (line 1310) | struct stat
function dco_event_set (line 1332) | void
function dco_supports_epoch_data (line 1347) | bool
FILE: src/openvpn/dco_linux.h
type dco_key_slot_t (line 38) | typedef enum ovpn_key_slot dco_key_slot_t;
type dco_cipher_t (line 39) | typedef enum ovpn_cipher_alg dco_cipher_t;
type ovpn_mode (line 45) | enum ovpn_mode
type ovpn_ifla_attrs (line 51) | enum ovpn_ifla_attrs
type dco_context_t (line 63) | typedef struct
FILE: src/openvpn/dco_win.c
function dco_wait_ready (line 48) | static void
function dco_get_version (line 72) | static bool
function ovpn_dco_init_mp (line 121) | void
function dco_p2p_start_vpn (line 164) | void
function ovpn_dco_init (line 189) | bool
function open_tun_dco (line 214) | int
function dco_connect_wait (line 221) | static void
function dco_mp_start_vpn (line 282) | void
function dco_p2p_new_peer (line 326) | void
function dco_new_peer (line 417) | int
function dco_del_peer (line 468) | int
function dco_set_peer (line 494) | int
function dco_new_key (line 528) | int
function dco_del_key (line 583) | int
function dco_swap_keys (line 591) | int
function dco_available (line 617) | bool
type gc_arena (line 645) | struct gc_arena
type buffer (line 650) | struct buffer
function dco_handle_overlapped_success (line 671) | static void
function dco_read_and_process (line 692) | int
function dco_get_peer_stats_multi (line 747) | int
function dco_get_peer_stats_fallback (line 878) | int
function dco_get_peer_stats (line 907) | int
function dco_event_set (line 949) | void
function dco_win_supports_multipeer (line 1019) | bool
function dco_win_add_iroute_ipv4 (line 1026) | void
function dco_win_add_iroute_ipv6 (line 1049) | void
function dco_win_del_iroute_ipv4 (line 1070) | void
function dco_win_del_iroute_ipv6 (line 1091) | void
function dco_supports_epoch_data (line 1110) | bool
FILE: src/openvpn/dco_win.h
type OVPN_KEY_SLOT (line 32) | typedef OVPN_KEY_SLOT dco_key_slot_t;
type OVPN_CIPHER_ALG (line 33) | typedef OVPN_CIPHER_ALG dco_cipher_t;
type dco_mode_type (line 35) | typedef enum
type dco_context (line 42) | struct dco_context
type dco_context_t (line 61) | typedef struct dco_context dco_context_t;
type link_socket (line 63) | struct link_socket
type link_socket (line 65) | struct link_socket
type signal_info (line 66) | struct signal_info
type tuntap (line 68) | struct tuntap
type in6_addr (line 75) | struct in6_addr
type in6_addr (line 80) | struct in6_addr
function dco_start_tun (line 84) | static inline void
FILE: src/openvpn/dhcp.c
function get_dhcp_message_type (line 35) | static int
function in_addr_t (line 75) | static in_addr_t
function in_addr_t (line 147) | in_addr_t
function write_dhcp_u8 (line 196) | static void
function write_dhcp_u32_array (line 210) | static void
function write_dhcp_str (line 239) | static void
function write_dhcp_search_str (line 268) | static void
function build_dhcp_options_string (line 329) | bool
FILE: src/openvpn/dhcp.h
type dhcp (line 61) | struct dhcp
type dhcp_full (line 83) | struct dhcp_full
type buffer (line 94) | struct buffer
type buffer (line 99) | struct buffer
type tuntap_options (line 99) | struct tuntap_options
FILE: src/openvpn/dns.c
function dns_server_port_parse (line 47) | static bool
function dns_server_addr_parse (line 61) | bool
function dns_domain_list_append (line 147) | bool
function dns_server_priority_parse (line 174) | bool
type dns_server (line 189) | struct dns_server
type dns_server (line 190) | struct dns_server
type gc_arena (line 190) | struct gc_arena
type dns_server (line 192) | struct dns_server
function dns_options_verify (line 211) | bool
type dns_domain (line 228) | struct dns_domain
type dns_domain (line 229) | struct dns_domain
type gc_arena (line 229) | struct gc_arena
type dns_domain (line 231) | struct dns_domain
type dns_domain (line 232) | struct dns_domain
type dns_domain (line 237) | struct dns_domain
type dns_server (line 246) | struct dns_server
type dns_server (line 247) | struct dns_server
type gc_arena (line 247) | struct gc_arena
type dns_server (line 249) | struct dns_server
type dns_server (line 250) | struct dns_server
type dns_server (line 255) | struct dns_server
function clone_dns_options (line 265) | struct dns_options
function dns_options_preprocess_pull (line 281) | void
function dns_options_postprocess_pull (line 288) | void
type dns_security (line 325) | enum dns_security
type dns_server_transport (line 344) | enum dns_server_transport
function make_domain_list (line 364) | static void
function run_up_down_service (line 405) | static void
function setenv_dns_option (line 486) | static void
function setenv_dns_options (line 509) | static void
function updown_env_set (line 573) | static void
function do_run_up_down_command (line 581) | static int
function run_updown_runner (line 614) | static bool
function run_up_down_command (line 707) | static void
function show_dns_options (line 787) | void
function run_dns_up_down (line 866) | void
FILE: src/openvpn/dns.h
type dns_security (line 30) | enum dns_security
type dns_server_transport (line 38) | enum dns_server_transport
type dns_updown_flags (line 46) | enum dns_updown_flags
type dns_domain (line 53) | struct dns_domain
type dns_server_addr (line 59) | struct dns_server_addr
type dns_server (line 70) | struct dns_server
type dns_updown_runner_info (line 82) | struct dns_updown_runner_info
type dhcp_options (line 99) | struct dhcp_options
type dns_options (line 112) | struct dns_options
type dns_server (line 141) | struct dns_server
type dns_server (line 141) | struct dns_server
type gc_arena (line 141) | struct gc_arena
type dns_domain (line 151) | struct dns_domain
type gc_arena (line 151) | struct gc_arena
type dns_server (line 161) | struct dns_server
type dns_options (line 170) | struct dns_options
type dns_options (line 179) | struct dns_options
type dns_options (line 179) | struct dns_options
type gc_arena (line 179) | struct gc_arena
type dns_options (line 186) | struct dns_options
type dns_options (line 193) | struct dns_options
type options (line 202) | struct options
type tuntap (line 202) | struct tuntap
type dns_updown_runner_info (line 203) | struct dns_updown_runner_info
type dns_options (line 210) | struct dns_options
function dns_updown_user_set (line 217) | static inline bool
function dns_updown_forced (line 228) | static inline bool
FILE: src/openvpn/domain_helper.h
function is_allowed_domain_ascii (line 24) | static inline bool
function validate_domain (line 33) | static inline bool
FILE: src/openvpn/env_set.c
type gc_arena (line 48) | struct gc_arena
type buffer (line 50) | struct buffer
function env_string_equal (line 62) | static bool
function remove_env_item (line 93) | static bool
function add_env_item (line 126) | static void
function env_set_del_nolock (line 142) | static bool
function env_set_add_nolock (line 148) | static void
type env_set (line 155) | struct env_set
type gc_arena (line 156) | struct gc_arena
type env_set (line 158) | struct env_set
function env_set_destroy (line 165) | void
function env_set_del (line 182) | bool
function env_set_add (line 192) | void
type env_set (line 201) | struct env_set
type env_item (line 203) | struct env_item
function env_set_print (line 211) | void
function env_set_write_file (line 237) | void
function env_set_inherit (line 261) | void
function setenv_counter (line 282) | void
function setenv_int (line 290) | void
function setenv_long_long (line 298) | void
function setenv_str (line 306) | void
function setenv_str_safe (line 312) | void
function setenv_str_incr (line 328) | void
function setenv_del (line 351) | void
function setenv_str_ex (line 358) | void
type gc_arena (line 399) | struct gc_arena
type buffer (line 401) | struct buffer
function setenv_int_i (line 413) | void
function setenv_str_i (line 422) | void
function env_allowed (line 431) | bool
type env_set (line 440) | struct env_set
type gc_arena (line 440) | struct gc_arena
type env_item (line 443) | struct env_item
FILE: src/openvpn/env_set.h
type env_item (line 36) | struct env_item
type env_set (line 42) | struct env_set
type env_set (line 49) | struct env_set
type env_set (line 54) | struct env_set
type env_set (line 56) | struct env_set
type env_set (line 58) | struct env_set
type env_set (line 60) | struct env_set
type env_set (line 62) | struct env_set
type env_set (line 64) | struct env_set
type env_set (line 70) | struct env_set
type env_set (line 72) | struct env_set
type env_set (line 74) | struct env_set
type env_set (line 78) | struct env_set
type gc_arena (line 78) | struct gc_arena
type env_set (line 80) | struct env_set
type env_set (line 82) | struct env_set
type env_set (line 84) | struct env_set
type env_set (line 86) | struct env_set
type env_set (line 88) | struct env_set
type env_set (line 96) | struct env_set
type env_set (line 98) | struct env_set
type env_set (line 98) | struct env_set
function is_password_env_var (line 101) | static inline bool
function env_safe_to_print (line 108) | static inline bool
type env_set (line 123) | struct env_set
type gc_arena (line 124) | struct gc_arena
FILE: src/openvpn/error.c
function msg_forked (line 94) | void
function set_debug_level (line 100) | bool
function set_mute_cutoff (line 116) | bool
function msglvl_t (line 130) | msglvl_t
function get_mute_cutoff (line 136) | int
function set_suppress_timestamps (line 142) | void
function set_machine_readable_output (line 148) | void
function error_reset (line 154) | void
function errors_to_stderr (line 178) | void
function FILE (line 187) | FILE *
function x_msg (line 211) | void
type gc_arena (line 221) | struct gc_arena
function x_msg_va (line 232) | void
function dont_mute (line 382) | bool
function assert_failed (line 416) | void
function out_of_memory (line 434) | void
function open_syslog (line 441) | void
function close_syslog (line 466) | void
function get_orig_stderr (line 483) | int
function redirect_stdout_stderr (line 490) | void
function reset_check_status (line 601) | void
function set_check_status (line 608) | void
function x_check_status (line 623) | void
type virtual_output (line 700) | struct virtual_output
function openvpn_exit (line 706) | void
type gc_arena (line 746) | struct gc_arena
type buffer (line 748) | struct buffer
type gc_arena (line 775) | struct gc_arena
type buffer (line 936) | struct buffer
FILE: src/openvpn/error.h
type gc_arena (line 39) | struct gc_arena
type gc_arena (line 72) | struct gc_arena
type msglvl_t (line 77) | typedef unsigned int msglvl_t;
type gc_arena (line 210) | struct gc_arena
function check_debug_level (line 250) | static inline bool
function msg_test (line 257) | static inline bool
type link_socket (line 291) | struct link_socket
type tuntap (line 292) | struct tuntap
type link_socket (line 302) | struct link_socket
type tuntap (line 303) | struct tuntap
function check_status (line 305) | static inline void
function set_check_status_error_delay (line 314) | static inline void
function msg_set_prefix (line 329) | static inline void
type virtual_output (line 345) | struct virtual_output
type virtual_output (line 347) | struct virtual_output
function msg_set_virtual_output (line 349) | static inline void
type virtual_output (line 355) | struct virtual_output
function ignore_sys_error (line 365) | static inline bool
function msglvl_t (line 397) | static inline msglvl_t
function openvpn_errno_maybe_crt (line 403) | static inline int
FILE: src/openvpn/event.c
function tv_to_ms_timeout (line 77) | static inline int
type we_set (line 93) | struct we_set
function we_set_event (line 103) | static inline void
function we_append_event (line 127) | static inline bool
function we_del_event (line 157) | static void
function we_del_index (line 182) | static void
function we_get_rw_indices (line 195) | static void
function we_free (line 216) | static void
function we_reset (line 225) | static void
function we_del (line 233) | static void
function we_ctl (line 241) | static void
function we_wait (line 392) | static int
type event_set (line 489) | struct event_set
type we_set (line 492) | struct we_set
type event_set (line 524) | struct event_set
type ep_set (line 531) | struct ep_set
function ep_free (line 540) | static void
function ep_reset (line 549) | static void
function ep_del (line 556) | static void
function ep_ctl (line 572) | static void
function ep_wait (line 609) | static int
type event_set (line 649) | struct event_set
type ep_set (line 652) | struct ep_set
type event_set (line 689) | struct event_set
type po_set (line 695) | struct po_set
function po_free (line 705) | static void
function po_reset (line 714) | static void
function po_del (line 722) | static void
function po_set_pollfd_events (line 747) | static inline void
function po_append_event (line 761) | static inline bool
function po_ctl (line 779) | static void
function po_wait (line 820) | static int
type event_set (line 867) | struct event_set
type po_set (line 870) | struct po_set
type event_set (line 900) | struct event_set
type se_set (line 906) | struct se_set
function se_free (line 917) | static void
function se_reset (line 925) | static void
function se_del (line 943) | static void
function se_ctl (line 964) | static void
function se_wait_return (line 1014) | static int
function se_wait_fast (line 1044) | static int
function se_wait_scalable (line 1065) | static int
type event_set (line 1088) | struct event_set
type se_set (line 1091) | struct se_set
type event_set (line 1121) | struct event_set
type event_set (line 1125) | struct event_set
type event_set (line 1128) | struct event_set
type event_set (line 1168) | struct event_set
type event_set (line 1171) | struct event_set
type event_set (line 1186) | struct event_set
FILE: src/openvpn/event.h
type rw_handle (line 89) | struct rw_handle
type event_t (line 95) | typedef int event_t;
type event_set (line 101) | struct event_set
type event_set_return (line 102) | struct event_set_return
type event_set_functions (line 104) | struct event_set_functions
type event_set_return (line 121) | struct event_set_return
type event_set (line 127) | struct event_set
type event_arg_t (line 132) | typedef enum
type event_arg (line 139) | struct event_arg
type event_set (line 156) | struct event_set
function event_free (line 158) | static inline void
function event_reset (line 167) | static inline void
function event_del (line 173) | static inline void
function event_ctl (line 179) | static inline void
function event_wait (line 185) | static inline int
function event_set_return_init (line 193) | static inline void
function wait_signal (line 202) | static inline void
function wait_signal (line 213) | static inline void
FILE: src/openvpn/fdmisc.c
function set_nonblock_action (line 35) | bool
function set_cloexec_action (line 54) | bool
function set_nonblock (line 67) | void
function set_cloexec (line 77) | void
FILE: src/openvpn/fdmisc.h
function openvpn_fd_set (line 38) | static inline void
FILE: src/openvpn/forward.c
type context (line 56) | struct context
type gc_arena (line 56) | struct gc_arena
type buffer (line 58) | struct buffer
function show_wait_status (line 70) | static void
function check_tls_errors_co (line 80) | static void
function check_tls_errors_nco (line 87) | static void
function check_tls_errors (line 97) | static inline void
function context_immediate_reschedule (line 123) | static inline void
function context_reschedule_sec (line 130) | static inline void
function check_dco_key_status (line 144) | void
function check_tls (line 177) | static void
function parse_incoming_control_channel_command (line 233) | static void
function check_incoming_control_channel (line 282) | static void
function check_push_request (line 314) | static void
function check_connection_established (line 332) | static void
function send_control_channel_string_dowork (line 369) | bool
function reschedule_multi_process (line 390) | void
function send_control_channel_string (line 397) | bool
function check_add_routes_action (line 414) | static void
function check_add_routes (line 429) | static void
function check_inactivity_timeout (line 479) | static void
function get_server_poll_remaining_time (line 503) | int
function check_server_poll_timeout (line 511) | static void
function schedule_exit (line 527) | bool
function check_scheduled_exit (line 548) | static void
function check_status_file (line 557) | static void
function check_fragment (line 571) | static void
function buffer_turnover (line 600) | static inline void
function encrypt_sign (line 620) | void
function check_session_timeout (line 707) | static void
function process_coarse_timers (line 721) | static void
function check_coarse_timers (line 833) | static void
function check_timeout_random_component_dowork (line 858) | static void
function check_timeout_random_component (line 869) | static inline void
function socks_postprocess_incoming_link (line 887) | static inline void
function socks_preprocess_outgoing_link (line 896) | static inline void
function link_socket_write_post_size_adjust (line 908) | static inline void
function read_incoming_link (line 925) | void
function process_incoming_link_part1 (line 986) | bool
function process_incoming_link_part2 (line 1119) | void
function process_incoming_link (line 1202) | static void
function extract_dco_float_peer_addr (line 1212) | void
function process_incoming_dco (line 1246) | void
function read_incoming_tun (line 1299) | void
function drop_if_recursive_routing (line 1363) | static void
function process_incoming_tun (line 1478) | void
function ipv6_send_icmp_unreachable (line 1536) | void
function process_ip_header (line 1661) | void
function process_outgoing_link (line 1745) | void
function process_outgoing_tun (line 1879) | void
function pre_select (line 1965) | void
function multi_io_process_flags (line 2031) | static void
function get_io_flags_udp (line 2150) | void
function io_wait (line 2163) | void
function process_io (line 2286) | void
FILE: src/openvpn/forward.h
type context (line 71) | struct context
type multi_io (line 71) | struct multi_io
type context (line 73) | struct context
type context (line 75) | struct context
type context (line 77) | struct context
type link_socket (line 77) | struct link_socket
type context (line 113) | struct context
type event_timeout (line 115) | struct event_timeout
type context (line 138) | struct context
type link_socket (line 138) | struct link_socket
type context (line 166) | struct context
type link_socket_info (line 166) | struct link_socket_info
type context (line 193) | struct context
type link_socket_info (line 193) | struct link_socket_info
type openvpn_sockaddr (line 206) | struct openvpn_sockaddr
type sockaddr (line 207) | struct sockaddr
type context (line 229) | struct context
type link_socket (line 229) | struct link_socket
type context (line 245) | struct context
type context (line 262) | struct context
type link_socket (line 262) | struct link_socket
type context (line 278) | struct context
type link_socket (line 278) | struct link_socket
type context (line 292) | struct context
type tls_session (line 310) | struct tls_session
type context (line 320) | struct context
type context (line 331) | struct context
type buffer (line 331) | struct buffer
type link_socket (line 332) | struct link_socket
type context (line 334) | struct context
type link_socket_info (line 336) | struct link_socket_info
type context (line 337) | struct context
function register_activity (line 349) | static inline void
function p2p_iow_flags (line 367) | static inline unsigned int
function connection_established (line 383) | static inline bool
FILE: src/openvpn/fragment.c
function fragment_list_buf_init (line 43) | static void
function fragment_list_buf_free (line 53) | static void
type fragment (line 67) | struct fragment
type fragment_list (line 68) | struct fragment_list
type fragment_master (line 91) | struct fragment_master
type frame (line 92) | struct frame
type fragment_master (line 94) | struct fragment_master
function fragment_free (line 115) | void
function fragment_frame_init (line 124) | void
function fragment_incoming (line 138) | void
function fragment_prepend_flags (line 255) | static void
function optimal_fragment_size (line 292) | static inline int
function fragment_outgoing (line 312) | void
function fragment_ready_to_send (line 362) | bool
function fragment_ttl_reap (line 397) | static void
function fragment_wakeup (line 413) | void
FILE: src/openvpn/fragment.h
type fragment (line 64) | struct fragment
type fragment_list (line 95) | struct fragment_list
type fragment_master (line 139) | struct fragment_master
type fragment_header_type (line 191) | typedef uint32_t fragment_header_type;
type fragment_master (line 261) | struct fragment_master
type frame (line 261) | struct frame
type fragment_master (line 273) | struct fragment_master
type frame (line 273) | struct frame
type fragment_master (line 281) | struct fragment_master
type fragment_master (line 331) | struct fragment_master
type buffer (line 331) | struct buffer
type frame (line 331) | struct frame
type fragment_master (line 382) | struct fragment_master
type buffer (line 382) | struct buffer
type frame (line 382) | struct frame
type fragment_master (line 411) | struct fragment_master
type buffer (line 411) | struct buffer
type frame (line 412) | struct frame
function fragment_outgoing_defined (line 425) | static inline bool
type fragment_master (line 434) | struct fragment_master
type frame (line 434) | struct frame
function fragment_housekeeping (line 453) | static inline void
FILE: src/openvpn/gremlin.c
type packet_flood_parms (line 81) | struct packet_flood_parms
function get_packet_flood_parms (line 85) | struct packet_flood_parms
function flip (line 95) | static bool
function roll (line 105) | static int
function ask_gremlin (line 122) | bool
function corrupt_gremlin (line 181) | void
FILE: src/openvpn/gremlin.h
type packet_flood_parms (line 61) | struct packet_flood_parms
type buffer (line 69) | struct buffer
type packet_flood_parms (line 71) | struct packet_flood_parms
FILE: src/openvpn/helper.c
type gc_arena (line 38) | struct gc_arena
type buffer (line 40) | struct buffer
type gc_arena (line 49) | struct gc_arena
type buffer (line 51) | struct buffer
type gc_arena (line 58) | struct gc_arena
type buffer (line 60) | struct buffer
type gc_arena (line 66) | struct gc_arena
type buffer (line 68) | struct buffer
type gc_arena (line 85) | struct gc_arena
type buffer (line 87) | struct buffer
type gc_arena (line 95) | struct gc_arena
type buffer (line 97) | struct buffer
type gc_arena (line 103) | struct gc_arena
type buffer (line 105) | struct buffer
function helper_add_route (line 110) | static void
function verify_common_subnet (line 119) | static void
function helper_setdefault_topology (line 136) | void
function helper_client_server (line 164) | void
function helper_keepalive (line 547) | void
function helper_tcp_nodelay (line 607) | void
FILE: src/openvpn/helper.h
type options (line 32) | struct options
type options (line 34) | struct options
type options (line 36) | struct options
type options (line 38) | struct options
FILE: src/openvpn/httpdigest.c
function CvtHex (line 34) | static void
function DigestCalcHA1 (line 65) | void
function DigestCalcResponse (line 95) | void
FILE: src/openvpn/init.c
type context (line 60) | struct context
type context (line 70) | struct context
type context (line 72) | struct context
function context_clear (line 74) | static void
function context_clear_1 (line 80) | static void
function context_clear_2 (line 86) | void
function context_clear_all_except_first_time (line 92) | void
function run_up_down (line 106) | static void
function update_options_ce_post (line 181) | static void
function management_callback_proxy_cmd (line 199) | static bool
function ce_management_query_proxy (line 245) | static bool
function management_callback_send_cc_message (line 295) | static bool
function management_callback_remote_entry_count (line 318) | static unsigned int
function management_callback_remote_entry_get (line 333) | static bool
function management_callback_remote_cmd (line 371) | static bool
function ce_management_query_remote (line 421) | static bool
function init_connection_list (line 483) | static void
function clear_remote_addrlist (line 509) | static void
function next_connection_entry (line 523) | static void
function init_query_passwords (line 653) | void
function uninit_proxy_dowork (line 680) | static void
function init_proxy_dowork (line 697) | static void
function init_proxy (line 729) | static void
function uninit_proxy (line 735) | static void
function do_link_socket_addr_new (line 741) | static void
function context_init_1 (line 748) | void
function context_gc_free (line 799) | void
function close_port_share (line 809) | static void
function init_port_share (line 819) | static void
function init_static (line 837) | bool
function uninit_static (line 923) | void
function init_verb_mute (line 941) | void
function init_options_dev (line 964) | void
function print_openssl_info (line 975) | bool
function do_genkey (line 1013) | bool
function do_persist_tuntap (line 1094) | bool
function possibly_become_daemon (line 1153) | bool
function do_uid_gid_chroot (line 1195) | static void
type context (line 1272) | struct context
type gc_arena (line 1272) | struct gc_arena
type buffer (line 1274) | struct buffer
function pre_setup (line 1282) | void
function reset_coarse_timers (line 1305) | void
function do_init_server_poll_timeout (line 1316) | static void
function do_init_timers (line 1329) | static void
function do_init_traffic_shaper (line 1412) | static void
function do_alloc_route_list (line 1428) | static void
function do_init_route_list (line 1446) | static void
function do_init_route_ipv6_list (line 1485) | static void
function initialization_sequence_completed (line 1537) | void
function route_noexec_enabled (line 1647) | static bool
function do_route (line 1658) | bool
function do_init_tun (line 1712) | static void
function can_preserve_tun (line 1757) | static bool
function add_wfp_block (line 1779) | static void
function del_wfp_block (line 1805) | static void
function ifconfig_noexec_enabled (line 1824) | static bool
function open_tun_backend (line 1832) | static void
function do_open_tun (line 1854) | static bool
function do_close_tun_simple (line 2010) | static void
function do_close_tun (line 2040) | static void
function tun_abort (line 2144) | void
function options_hash_changed_or_zero (line 2163) | static bool
function add_delim_if_non_empty (line 2176) | static void
function tls_print_deferred_options_results (line 2190) | static void
function do_deferred_options_part2 (line 2318) | static bool
function do_up (line 2341) | bool
function do_update (line 2476) | bool
function pull_permission_mask (line 2529) | unsigned int
function do_deferred_p2p_ncp (line 2545) | static bool
function do_deferred_options (line 2590) | bool
function do_hold (line 2753) | static bool
function socket_restart_pause (line 2772) | static void
function do_startup_pause (line 2849) | static void
function get_frame_mtu (line 2862) | static size_t
function frame_finalize_options (line 2892) | static void
function key_schedule_free (line 2973) | static void
function init_crypto_pre (line 2986) | static void
function do_init_crypto_test (line 3005) | static void
function do_init_crypto_static (line 3035) | static void
function do_init_tls_wrap_key (line 3079) | static void
function do_init_crypto_tls_c1 (line 3151) | static void
function do_init_crypto_tls (line 3247) | static void
function do_init_frame_tls (line 3481) | static void
function do_init_crypto_none (line 3511) | static void
function do_init_crypto (line 3526) | static void
function do_init_frame (line 3543) | static void
function do_option_warnings (line 3589) | static void
type context_buffers (line 3685) | struct context_buffers
type frame (line 3686) | struct frame
type context_buffers (line 3688) | struct context_buffers
function free_context_buffers (line 3710) | void
function do_init_buffers (line 3735) | static void
function do_init_fragment (line 3747) | static void
function do_link_socket_new (line 3768) | static void
function do_init_socket_phase1 (line 3785) | static void
function do_init_socket_phase2 (line 3817) | static void
function do_print_data_channel_mtu_parms (line 3829) | static void
function do_compute_occ_strings (line 3844) | static void
function do_init_first_time (line 3873) | static void
function do_close_free_buf (line 3907) | static void
function do_close_tls (line 3921) | static void
function do_close_free_key_schedule (line 3948) | static void
function do_close_link_socket (line 3970) | static void
function do_close_packet_id (line 4030) | static void
function do_close_fragment (line 4045) | static void
function do_event_set_init (line 4060) | static void
function do_close_event_set (line 4078) | static void
function do_open_status_output (line 4093) | static void
function do_close_status_output (line 4105) | static void
function do_open_ifconfig_pool_persist (line 4122) | static void
function do_close_ifconfig_pool_persist (line 4134) | static void
function do_inherit_env (line 4152) | static void
function do_env_set_destroy (line 4160) | static void
function do_signal_on_tls_errors (line 4171) | static void
function init_plugins (line 4186) | void
function open_plugins (line 4196) | void
function do_close_plugins (line 4230) | static void
function do_inherit_plugins (line 4241) | static void
function management_callback_status_p2p (line 4255) | static void
function management_show_net_callback (line 4262) | void
function management_callback_network_change (line 4275) | int
function init_management_callback_p2p (line 4324) | void
function init_management (line 4350) | void
function open_management (line 4359) | bool
function close_management (line 4399) | void
function uninit_management_callback (line 4412) | void
function persist_client_stats (line 4423) | void
function init_instance (line 4437) | static void
function init_instance_handle_signals (line 4724) | void
function close_instance (line 4746) | void
function inherit_context_child (line 4819) | void
function inherit_context_top (line 4907) | void
function close_context (line 4953) | void
function write_pid_file (line 4985) | void
function remove_pid_file (line 5019) | void
function do_test_crypto (line 5033) | void
FILE: src/openvpn/init.h
type context (line 34) | struct context
type context (line 36) | struct context
type context (line 38) | struct context
type context (line 46) | struct context
type options (line 48) | struct options
type options (line 50) | struct options
type options (line 52) | struct options
type options (line 54) | struct options
type options (line 56) | struct options
type options (line 58) | struct options
type context (line 60) | struct context
type env_set (line 60) | struct env_set
type context (line 66) | struct context
type options (line 68) | struct options
type route_list (line 68) | struct route_list
type route_ipv6_list (line 69) | struct route_ipv6_list
type tuntap (line 69) | struct tuntap
type plugin_list (line 70) | struct plugin_list
type env_set (line 70) | struct env_set
type context (line 72) | struct context
type context (line 74) | struct context
type context (line 76) | struct context
type context (line 78) | struct context
type context (line 90) | struct context
type context (line 92) | struct context
type context (line 94) | struct context
type gc_arena (line 94) | struct gc_arena
type context (line 96) | struct context
type context (line 102) | struct context
type context (line 104) | struct context
type context (line 104) | struct context
type link_socket (line 105) | struct link_socket
type context (line 107) | struct context
type context (line 107) | struct context
type context (line 114) | struct context
type context_buffers (line 116) | struct context_buffers
type frame (line 116) | struct frame
type context_buffers (line 118) | struct context_buffers
type context (line 123) | struct context
type context (line 129) | struct context
type context (line 137) | struct context
type context (line 142) | struct context
type context (line 144) | struct context
type context (line 154) | struct context
FILE: src/openvpn/integer.h
function clamp_size_to_int (line 42) | static inline int
function max_uint (line 52) | static inline unsigned int
function min_uint (line 65) | static inline unsigned int
function min_size (line 78) | static inline size_t
function max_int (line 91) | static inline int
function min_int (line 104) | static inline int
function constrain_int (line 117) | static inline int
function constrain_uint (line 138) | static inline unsigned int
function modulo_subtract (line 169) | static inline int
function modulo_add (line 184) | static inline int
function adjust_power_of_2 (line 204) | static inline size_t
function index_verify (line 218) | static inline int
function round_down_size (line 232) | static inline size_t
FILE: src/openvpn/interval.c
function interval_init (line 33) | void
function event_timeout_trigger (line 41) | bool
FILE: src/openvpn/interval.h
type interval (line 41) | struct interval
type interval (line 50) | struct interval
function interval_test (line 64) | static inline bool
function interval_schedule_wakeup (line 91) | static inline void
function interval_future_trigger (line 105) | static inline void
function interval_action (line 121) | static inline void
type event_timeout (line 134) | struct event_timeout
function event_timeout_defined (line 141) | static inline bool
function event_timeout_clear (line 152) | static inline void
function event_timeout_init (line 171) | static inline void
function event_timeout_reset (line 186) | static inline void
function event_timeout_modify_wakeup (line 203) | static inline void
function interval_t (line 216) | static inline interval_t
type event_timeout (line 256) | struct event_timeout
type timeval (line 256) | struct timeval
type usec_timer (line 266) | struct usec_timer
function usec_timer_start (line 274) | static inline void
function usec_timer_end (line 281) | static inline void
function usec_timer_interval_defined (line 289) | static inline bool
function usec_timer_interval (line 295) | static inline int
FILE: src/openvpn/list.c
type hash (line 36) | struct hash
type hash (line 41) | struct hash
type hash_bucket (line 53) | struct hash_bucket
function hash_free (line 59) | void
type hash_element (line 78) | struct hash_element
type hash (line 79) | struct hash
type hash_bucket (line 79) | struct hash_bucket
type hash_element (line 81) | struct hash_element
type hash_element (line 82) | struct hash_element
function hash_remove_fast (line 106) | bool
function hash_add (line 136) | bool
function hash_remove_by_value (line 164) | void
function hash_remove_marked (line 181) | static void
function hash_iterator_init_range (line 212) | void
function hash_iterator_init (line 233) | void
function hash_iterator_lock (line 239) | static inline void
function hash_iterator_unlock (line 247) | static inline void
function hash_iterator_advance (line 262) | static inline void
function hash_iterator_free (line 269) | void
type hash_element (line 275) | struct hash_element
type hash_iterator (line 276) | struct hash_iterator
type hash_element (line 278) | struct hash_element
type hash_bucket (line 288) | struct hash_bucket
function hash_iterator_delete_element (line 307) | void
function hash_func (line 415) | uint32_t
FILE: src/openvpn/list.h
type hash_element (line 39) | struct hash_element
type hash_bucket (line 47) | struct hash_bucket
type hash (line 52) | struct hash
type hash (line 63) | struct hash
type hash (line 67) | struct hash
type hash (line 69) | struct hash
type hash_element (line 71) | struct hash_element
type hash (line 71) | struct hash
type hash_bucket (line 71) | struct hash_bucket
type hash (line 74) | struct hash
type hash_bucket (line 74) | struct hash_bucket
type hash (line 76) | struct hash
type hash_iterator (line 78) | struct hash_iterator
type hash (line 90) | struct hash
type hash_iterator (line 90) | struct hash_iterator
type hash (line 93) | struct hash
type hash_iterator (line 93) | struct hash_iterator
type hash_element (line 95) | struct hash_element
type hash_iterator (line 95) | struct hash_iterator
type hash_iterator (line 97) | struct hash_iterator
type hash_iterator (line 99) | struct hash_iterator
function hash_value (line 103) | static inline uint32_t
function hash_n_elements (line 109) | static inline uint32_t
function hash_n_buckets (line 115) | static inline uint32_t
type hash_bucket (line 121) | struct hash_bucket
type hash (line 122) | struct hash
type hash (line 128) | struct hash
type hash_element (line 131) | struct hash_element
type hash_bucket (line 133) | struct hash_bucket
function hash_add_fast (line 145) | static inline void
function hash_remove (line 160) | static inline bool
FILE: src/openvpn/lladdr.c
function set_lladdr (line 16) | int
FILE: src/openvpn/lladdr.h
type env_set (line 9) | struct env_set
FILE: src/openvpn/lzo.c
function lzo_compress_init (line 43) | static void
function lzo_compress_uninit (line 60) | static void
function lzo_compress (line 67) | static void
function lzo_decompress (line 75) | static void
type compress_alg (line 123) | struct compress_alg
FILE: src/openvpn/lzo.h
type compress_alg (line 56) | struct compress_alg
type lzo_adaptive_compress (line 103) | struct lzo_adaptive_compress
type lzo_compress_workspace (line 122) | struct lzo_compress_workspace
FILE: src/openvpn/manage.c
type mcv (line 68) | enum mcv
type management (line 75) | struct management
type management (line 78) | struct management
type management (line 80) | struct management
function man_help (line 82) | static void
function man_welcome (line 203) | static void
function man_password_needed (line 214) | static inline bool
function man_check_password (line 220) | static void
function man_update_io_state (line 251) | static void
function man_output_list_push_finalize (line 267) | static void
function man_output_list_push_str (line 281) | static void
function man_output_list_push (line 290) | static void
function man_prompt (line 297) | static void
function report_command_status (line 317) | static void
function man_delete_unix_socket (line 330) | static void
function man_close_socket (line 341) | static void
function virtual_output_callback_func (line 357) | static void
function man_mod_signal (line 445) | static int
function man_signal (line 471) | static void
function man_command_unsupported (line 498) | static void
function man_status (line 505) | static void
function man_bytecount_stop (line 518) | static void
function man_bytecount (line 525) | static void
function man_bytecount_output_client (line 563) | static void
function man_bytecount_output_server (line 575) | static void
function man_kill (line 587) | static void
function man_history (line 675) | static void
function man_log (line 717) | static void
function man_echo (line 724) | static void
function man_state (line 731) | static void
function man_up_finalize (line 738) | static void
function man_query_user_pass (line 768) | static void
function man_query_username (line 793) | static void
function man_query_password (line 802) | static void
function man_query_need_ok (line 816) | static void
function man_query_need_str (line 825) | static void
function man_forget_passwords (line 834) | static void
function man_net (line 842) | static void
function man_send_cc_message (line 855) | static void
function man_pkcs11_id_count (line 878) | static void
function man_pkcs11_id_get (line 884) | static void
function man_remote_entry_count (line 905) | static void
function man_remote_entry_get (line 921) | static void
function man_hold (line 958) | static void
function in_extra_reset (line 992) | static void
function in_extra_dispatch (line 1015) | static void
function parse_cid (line 1052) | static bool
function parse_uint (line 1066) | static bool
function man_client_pending_auth (line 1091) | static void
function man_client_auth (line 1123) | static void
function man_client_deny (line 1140) | static void
function man_client_kill (line 1168) | static void
function man_client_n_clients (line 1194) | static void
function man_env_filter (line 1208) | static void
function man_pk_sig (line 1216) | static void
function man_certificate (line 1232) | static void
function man_load_stats (line 1248) | static void
function man_need (line 1274) | static bool
function man_proxy (line 1291) | static void
function man_remote (line 1305) | static void
function man_network_change (line 1320) | static void
function set_client_version (line 1341) | static void
function man_push_update (line 1359) | static void
function man_dispatch_command (line 1401) | static void
function man_start_ne32 (line 1764) | static void
function man_stop_ne32 (line 1784) | static void
function man_connection_settings_reset (line 1792) | static void
function man_new_connection_post (line 1805) | static void
function man_verify_unix_peer_uid_gid (line 1859) | static bool
function man_accept (line 1895) | static void
function man_listen (line 1935) | static void
function man_connect (line 2011) | static void
function man_reset_client_socket (line 2077) | static void
function man_process_command (line 2125) | static void
function man_io_error (line 2175) | static bool
function man_send_with_fd (line 2195) | static ssize_t
function man_recv_with_fd (line 2228) | static ssize_t
function management_android_control (line 2281) | bool
function managment_android_persisttun_action (line 2302) | int
function man_read (line 2331) | static ssize_t
function man_write (line 2425) | static ssize_t
function man_connection_clear (line 2470) | static void
function man_persist_init (line 2483) | static void
function man_persist_close (line 2519) | static void
function man_settings_init (line 2541) | static void
function man_settings_close (line 2630) | static void
function man_connection_init (line 2641) | static void
function man_connection_close (line 2686) | static void
type management (line 2715) | struct management
type management (line 2718) | struct management
function management_open (line 2729) | bool
function management_close (line 2768) | void
function management_set_callback (line 2778) | void
function management_clear_callback (line 2785) | void
function management_set_state (line 2794) | void
function env_filter_match (line 2848) | static bool
function man_output_env (line 2894) | static void
function man_output_extra_env (line 2915) | static void
function management_up_down (line 2929) | void
function management_notify (line 2939) | void
function management_notify_generic (line 2945) | void
function man_output_peer_info_env (line 2951) | static void
function management_notify_client_needing_auth (line 2979) | void
function management_notify_client_cr_response (line 3001) | void
function management_connection_established (line 3021) | void
function management_notify_client_close (line 3031) | void
function management_learn_addr (line 3043) | void
function management_echo (line 3056) | void
function management_post_tunnel_open (line 3090) | void
function management_pre_tunnel_close (line 3113) | void
function management_auth_failure (line 3122) | void
function management_auth_token (line 3135) | void
function man_persist_state (line 3141) | static inline bool
function management_socket_set (line 3157) | void
function management_io (line 3195) | void
function management_socket_set (line 3244) | void
function management_io (line 3279) | void
function man_standalone_ok (line 3306) | static inline bool
function man_check_for_signals (line 3312) | static bool
function man_block (line 3329) | static int
function man_output_standalone (line 3388) | static void
function man_standalone_event_loop (line 3411) | static int
function man_wait_for_client_connection (line 3434) | static void
function management_event_loop_n_seconds (line 3467) | void
function management_query_user_pass (line 3520) | bool
function management_query_multiline (line 3646) | static int
type management (line 3725) | struct management
type buffer_list (line 3727) | struct buffer_list
type buffer (line 3731) | struct buffer
type management (line 3755) | struct management
type buffer_list (line 3756) | struct buffer_list
type buffer (line 3760) | struct buffer
type management (line 3784) | struct management
type buffer (line 3788) | struct buffer
type management (line 3810) | struct management
type buffer (line 3813) | struct buffer
function management_would_hold (line 3828) | bool
function management_hold (line 3838) | bool
type command_line (line 3891) | struct command_line
type command_line (line 3894) | struct command_line
function command_line_reset (line 3901) | void
function command_line_free (line 3908) | void
function command_line_add (line 3921) | void
type command_line (line 3937) | struct command_line
function command_line_next (line 3951) | void
type log_entry (line 3964) | struct log_entry
type gc_arena (line 3964) | struct gc_arena
type buffer (line 3966) | struct buffer
function log_entry_free_contents (line 4035) | static void
function log_index (line 4047) | static inline int
function log_history_obj_init (line 4053) | static void
type log_history (line 4061) | struct log_history
type log_history (line 4064) | struct log_history
function log_history_free_contents (line 4071) | static void
function log_history_close (line 4082) | void
function log_history_add (line 4089) | void
function log_history_resize (line 4110) | void
type log_entry (line 4131) | struct log_entry
type log_history (line 4132) | struct log_history
function management_sleep (line 4144) | void
function management_check_bytecount_client (line 4168) | void
function management_check_bytecount_server (line 4191) | void
function man_persist_client_stats (line 4232) | void
function management_sleep (line 4249) | void
FILE: src/openvpn/manage.h
type man_def_auth_context (line 62) | struct man_def_auth_context
type command_line (line 77) | struct command_line
type command_line (line 83) | struct command_line
type command_line (line 85) | struct command_line
type command_line (line 87) | struct command_line
type command_line (line 89) | struct command_line
type command_line (line 91) | struct command_line
type command_line (line 93) | struct command_line
type log_entry (line 106) | struct log_entry
type log_entry (line 135) | struct log_entry
type gc_arena (line 135) | struct gc_arena
type log_history (line 137) | struct log_history
type log_history (line 145) | struct log_history
type log_history (line 147) | struct log_history
type log_history (line 149) | struct log_history
type log_entry (line 149) | struct log_entry
type log_history (line 151) | struct log_history
type log_entry (line 153) | struct log_entry
type log_history (line 153) | struct log_history
function log_history_size (line 155) | static inline int
function log_history_capacity (line 161) | static inline int
type management_callback (line 171) | struct management_callback
type man_persist (line 217) | struct man_persist
type man_settings (line 238) | struct man_settings
type man_connection (line 274) | struct man_connection
type management (line 331) | struct management
type management (line 338) | struct management
type user_pass (line 340) | struct user_pass
type management (line 342) | struct management
type management (line 344) | struct management
type management (line 350) | struct management
type management (line 352) | struct management
type management (line 354) | struct management
type management (line 356) | struct management
type event_set (line 356) | struct event_set
type management (line 359) | struct management
type management (line 361) | struct management
type management_callback (line 361) | struct management_callback
type management (line 363) | struct management
type management (line 365) | struct management
type user_pass (line 365) | struct user_pass
type management (line 369) | struct management
type management (line 373) | struct management
type management (line 377) | struct management
type management (line 379) | struct management
type management (line 381) | struct management
type management (line 383) | struct management
type env_set (line 383) | struct env_set
type management (line 385) | struct management
type management (line 388) | struct management
type management (line 390) | struct management
type man_def_auth_context (line 392) | struct man_def_auth_context
type env_set (line 393) | struct env_set
type management (line 395) | struct management
type man_def_auth_context (line 396) | struct man_def_auth_context
type env_set (line 396) | struct env_set
type management (line 398) | struct management
type man_def_auth_context (line 399) | struct man_def_auth_context
type env_set (line 399) | struct env_set
type management (line 401) | struct management
type man_def_auth_context (line 401) | struct man_def_auth_context
type mroute_addr (line 402) | struct mroute_addr
type man_def_auth_context (line 405) | struct man_def_auth_context
type env_set (line 406) | struct env_set
type management (line 408) | struct management
type management (line 410) | struct management
function management_connected (line 412) | static inline bool
function management_query_user_pass_enabled (line 418) | static inline bool
function management_query_remote_enabled (line 424) | static inline bool
function management_query_proxy_enabled (line 430) | static inline bool
function management_enable_def_auth (line 437) | static inline bool
type management (line 468) | struct management
type in6_addr (line 469) | struct in6_addr
type openvpn_sockaddr (line 470) | struct openvpn_sockaddr
type openvpn_sockaddr (line 471) | struct openvpn_sockaddr
type management (line 477) | struct management
type management (line 483) | struct management
type management (line 488) | struct management
type context (line 494) | struct context
type management (line 494) | struct management
type timeval (line 494) | struct timeval
type multi_context (line 496) | struct multi_context
type timeval (line 496) | struct timeval
type management (line 498) | struct management
type context (line 498) | struct context
FILE: src/openvpn/mbedtls_compat.h
function mbedtls_compat_psa_crypto_init (line 52) | static inline void
type mbedtls_ecp_curve_info (line 66) | typedef struct
function mbedtls_oid_get_attr_short_name (line 72) | static inline int
function mbedtls_oid_get_extended_key_usage (line 158) | static inline int
function mbedtls_compat_pk_parse_key (line 205) | static inline int
function mbedtls_compat_pk_parse_keyfile (line 217) | static inline int
function mbedtls_compat_pk_check_pair (line 227) | static inline int
FILE: src/openvpn/mbuf.c
type mbuf_set (line 42) | struct mbuf_set
type mbuf_set (line 47) | struct mbuf_set
function mbuf_free (line 58) | void
type mbuf_buffer (line 74) | struct mbuf_buffer
type buffer (line 75) | struct buffer
type mbuf_buffer (line 77) | struct mbuf_buffer
function mbuf_free_buf (line 85) | void
function mbuf_add_item (line 98) | void
function mbuf_extract_item (line 120) | bool
type multi_instance (line 142) | struct multi_instance
type mbuf_set (line 143) | struct mbuf_set
type multi_instance (line 145) | struct multi_instance
type mbuf_item (line 151) | struct mbuf_item
function mbuf_dereference_instance (line 162) | void
FILE: src/openvpn/mbuf.h
type multi_instance (line 36) | struct multi_instance
type mbuf_buffer (line 42) | struct mbuf_buffer
type mbuf_item (line 51) | struct mbuf_item
type mbuf_set (line 57) | struct mbuf_set
type mbuf_set (line 66) | struct mbuf_set
type mbuf_set (line 68) | struct mbuf_set
type mbuf_buffer (line 70) | struct mbuf_buffer
type buffer (line 70) | struct buffer
type mbuf_buffer (line 72) | struct mbuf_buffer
type mbuf_set (line 74) | struct mbuf_set
type mbuf_item (line 74) | struct mbuf_item
type mbuf_set (line 76) | struct mbuf_set
type mbuf_item (line 76) | struct mbuf_item
type mbuf_set (line 78) | struct mbuf_set
type multi_instance (line 78) | struct multi_instance
function mbuf_defined (line 80) | static inline bool
function mbuf_len (line 86) | static inline unsigned int
function mbuf_maximum_queued (line 92) | static inline int
type multi_instance (line 98) | struct multi_instance
type mbuf_set (line 98) | struct mbuf_set
type multi_instance (line 100) | struct multi_instance
type mbuf_set (line 101) | struct mbuf_set
FILE: src/openvpn/misc.c
function set_std_files_to_null (line 54) | void
function auth_user_pass_mgmt (line 82) | static bool
type auth_challenge_info (line 126) | struct auth_challenge_info
type gc_arena (line 127) | struct gc_arena
type auth_challenge_info (line 131) | struct auth_challenge_info
type buffer (line 136) | struct buffer
function get_user_pass_cr (line 200) | bool
function purge_user_pass (line 469) | void
function set_auth_token (line 495) | void
function set_auth_token_user (line 515) | void
type gc_arena (line 543) | struct gc_arena
type gc_arena (line 549) | struct gc_arena
type gc_arena (line 576) | struct gc_arena
type buffer (line 579) | struct buffer
type gc_arena (line 607) | struct gc_arena
type gc_arena (line 626) | struct gc_arena
type gc_arena (line 656) | struct gc_arena
function validate_peer_info_line (line 717) | bool
function output_peer_info_env (line 754) | void
function prepend_dir (line 776) | struct buffer
function protect_user_pass (line 787) | void
function unprotect_user_pass (line 807) | void
FILE: src/openvpn/misc.h
type plugin_list (line 35) | struct plugin_list
type gc_arena (line 43) | struct gc_arena
type gc_arena (line 45) | struct gc_arena
type user_pass (line 51) | struct user_pass
type auth_challenge_info (line 75) | struct auth_challenge_info
type static_challenge_info (line 89) | struct static_challenge_info
type auth_challenge_info (line 99) | struct auth_challenge_info
type static_challenge_info (line 102) | struct static_challenge_info
type user_pass (line 137) | struct user_pass
function get_user_pass (line 149) | static inline bool
type user_pass (line 156) | struct user_pass
type user_pass (line 167) | struct user_pass
type user_pass (line 178) | struct user_pass
type gc_arena (line 185) | struct gc_arena
type gc_arena (line 187) | struct gc_arena
type env_set (line 200) | struct env_set
type buffer (line 205) | struct buffer
type gc_arena (line 205) | struct gc_arena
type user_pass (line 210) | struct user_pass
type user_pass (line 215) | struct user_pass
FILE: src/openvpn/mroute.c
function mroute_addr_init (line 37) | void
function is_mac_mcast_addr (line 47) | static inline bool
function is_mac_mcast_maddr (line 53) | static inline bool
function mroute_learnable_address (line 62) | bool
function mroute_get_in_addr_t (line 106) | static inline void
function mroute_get_in6_addr (line 118) | static inline void
function mroute_is_mcast (line 130) | static inline bool
function mroute_is_mcast_ipv6 (line 139) | static inline bool
function mroute_extract_addr_ip (line 146) | unsigned int
function mroute_copy_ether_to_addr (line 210) | static void
function mroute_extract_addr_ether (line 221) | unsigned int
function mroute_extract_openvpn_sockaddr (line 253) | bool
function mroute_addr_mask_host_bits (line 317) | void
function mroute_addr_hash_function (line 357) | uint32_t
function mroute_addr_compare_function (line 364) | bool
type mroute_addr (line 371) | struct mroute_addr
type gc_arena (line 371) | struct gc_arena
type mroute_addr (line 377) | struct mroute_addr
type gc_arena (line 377) | struct gc_arena
type buffer (line 379) | struct buffer
type mroute_addr (line 382) | struct mroute_addr
type mroute_helper (line 481) | struct mroute_helper
type mroute_helper (line 484) | struct mroute_helper
function mroute_helper_regenerate (line 490) | static void
function mroute_helper_add_iroute46 (line 519) | void
function mroute_helper_del_iroute46 (line 534) | void
function mroute_helper_free (line 550) | void
FILE: src/openvpn/mroute.h
type mroute_addr (line 81) | struct mroute_addr
type mroute_addr (line 115) | struct mroute_addr
type mroute_addr (line 115) | struct mroute_addr
type mroute_addr (line 117) | struct mroute_addr
type mroute_addr (line 117) | struct mroute_addr
type mroute_addr (line 119) | struct mroute_addr
type mroute_addr (line 120) | struct mroute_addr
type mroute_helper (line 131) | struct mroute_helper
type openvpn_sockaddr (line 140) | struct openvpn_sockaddr
type mroute_addr (line 142) | struct mroute_addr
type openvpn_sockaddr (line 143) | struct openvpn_sockaddr
type mroute_addr (line 145) | struct mroute_addr
type gc_arena (line 145) | struct gc_arena
type mroute_addr (line 151) | struct mroute_addr
type mroute_addr (line 153) | struct mroute_addr
type gc_arena (line 153) | struct gc_arena
type mroute_addr (line 159) | struct mroute_addr
type gc_arena (line 160) | struct gc_arena
type mroute_addr (line 162) | struct mroute_addr
type mroute_helper (line 164) | struct mroute_helper
type mroute_helper (line 166) | struct mroute_helper
type mroute_helper (line 168) | struct mroute_helper
type mroute_helper (line 170) | struct mroute_helper
type mroute_addr (line 172) | struct mroute_addr
type mroute_addr (line 172) | struct mroute_addr
type buffer (line 173) | struct buffer
type mroute_addr (line 175) | struct mroute_addr
type mroute_addr (line 175) | struct mroute_addr
type buffer (line 176) | struct buffer
function mroute_extract_addr_from_packet (line 182) | static inline unsigned int
function mroute_addr_equal (line 208) | static inline bool
type mroute_addr (line 231) | struct mroute_addr
function mroute_addr_hash_len (line 237) | static inline uint32_t
function mroute_extract_in_addr_t (line 243) | static inline void
function in_addr_t (line 252) | static inline in_addr_t
function mroute_addr_reset (line 265) | static inline void
FILE: src/openvpn/mss.c
function mss_fixup_ipv4 (line 45) | void
function mss_fixup_ipv6 (line 82) | void
function mss_fixup_dowork (line 138) | void
function adjust_payload_max_cbc (line 197) | static inline size_t
function get_ip_encap_overhead (line 217) | static size_t
function frame_calculate_fragment (line 241) | static void
function frame_calculate_mssfix (line 271) | static void
function frame_calculate_dynamic (line 316) | void
function frame_adjust_path_mtu (line 335) | void
FILE: src/openvpn/mss.h
type buffer (line 32) | struct buffer
type buffer (line 34) | struct buffer
type buffer (line 36) | struct buffer
type frame (line 39) | struct frame
type key_type (line 39) | struct key_type
type options (line 40) | struct options
type link_socket_info (line 40) | struct link_socket_info
type context (line 47) | struct context
FILE: src/openvpn/mtcp.c
type ta_iow_flags (line 40) | struct ta_iow_flags
type multi_instance (line 48) | struct multi_instance
type multi_context (line 49) | struct multi_context
type link_socket (line 49) | struct link_socket
type gc_arena (line 51) | struct gc_arena
type multi_instance (line 52) | struct multi_instance
type hash (line 53) | struct hash
type hash_element (line 59) | struct hash_element
type hash_bucket (line 61) | struct hash_bucket
type multi_instance (line 69) | struct multi_instance
type multi_instance (line 69) | struct multi_instance
function multi_tcp_instance_specific_init (line 101) | bool
function multi_tcp_instance_specific_free (line 123) | void
function multi_tcp_delete_event (line 129) | void
function multi_tcp_dereference_instance (line 138) | void
function multi_tcp_process_outgoing_link_ready (line 150) | bool
function multi_tcp_process_outgoing_link (line 175) | bool
FILE: src/openvpn/mtcp.h
type multi_context (line 32) | struct multi_context
type multi_instance (line 33) | struct multi_instance
type context (line 34) | struct context
type multi_io (line 36) | struct multi_io
type multi_instance (line 36) | struct multi_instance
type multi_context (line 38) | struct multi_context
type multi_instance (line 38) | struct multi_instance
type multi_instance (line 40) | struct multi_instance
type multi_context (line 42) | struct multi_context
type multi_context (line 45) | struct multi_context
type multi_instance (line 45) | struct multi_instance
type multi_instance (line 48) | struct multi_instance
type multi_context (line 48) | struct multi_context
type link_socket (line 48) | struct link_socket
type multi_context (line 50) | struct multi_context
type multi_instance (line 50) | struct multi_instance
type multi_io (line 52) | struct multi_io
FILE: src/openvpn/mtu.c
function alloc_buf_sock_tun (line 40) | void
function calc_packet_id_size_dc (line 50) | unsigned int
function frame_calculate_protocol_header_size (line 60) | size_t
function frame_calculate_payload_overhead (line 97) | size_t
function frame_calculate_payload_size (line 137) | size_t
function calc_options_string_link_mtu (line 146) | size_t
function frame_print (line 189) | void
function set_mtu_discover_type (line 217) | void
function translate_mtu_discover_type_name (line 252) | int
type probehdr (line 279) | struct probehdr
type gc_arena (line 286) | struct gc_arena
type probehdr (line 288) | struct probehdr
type iovec (line 289) | struct iovec
type msghdr (line 290) | struct msghdr
type cmsghdr (line 291) | struct cmsghdr
type sock_extended_err (line 292) | struct sock_extended_err
type sockaddr_storage (line 293) | struct sockaddr_storage
type buffer (line 294) | struct buffer
type sock_extended_err (line 326) | struct sock_extended_err
type sock_extended_err (line 337) | struct sock_extended_err
function set_sock_extended_error_passing (line 393) | void
FILE: src/openvpn/mtu.h
type frame (line 107) | struct frame
type options (line 168) | struct options
type frame (line 189) | struct frame
type key_type (line 196) | struct key_type
type frame (line 207) | struct frame
type options (line 207) | struct options
type key_type (line 208) | struct key_type
type options (line 226) | struct options
type key_type (line 227) | struct key_type
type key_type (line 245) | struct key_type
type options (line 246) | struct options
type options (line 255) | struct options
type frame (line 255) | struct frame
type options (line 261) | struct options
type key_type (line 261) | struct key_type
type buffer (line 266) | struct buffer
type frame (line 266) | struct frame
type gc_arena (line 277) | struct gc_arena
FILE: src/openvpn/mudp.c
function send_hmac_reset_packet (line 40) | static void
function do_pre_decrypt_check (line 64) | static bool
type multi_instance (line 194) | struct multi_instance
type multi_context (line 195) | struct multi_context
type link_socket (line 195) | struct link_socket
type gc_arena (line 197) | struct gc_arena
type mroute_addr (line 198) | struct mroute_addr
type multi_instance (line 199) | struct multi_instance
type hash (line 200) | struct hash
type hash_element (line 206) | struct hash_element
type hash_bucket (line 208) | struct hash_bucket
type multi_instance (line 246) | struct multi_instance
type tls_pre_decrypt_state (line 253) | struct tls_pre_decrypt_state
type tls_session (line 287) | struct tls_session
function multi_process_outgoing_link (line 325) | static inline void
function multi_process_io_udp (line 347) | void
function p2mp_iow_flags (line 375) | unsigned int
FILE: src/openvpn/mudp.h
type context (line 30) | struct context
type multi_context (line 31) | struct multi_context
type multi_context (line 33) | struct multi_context
type multi_context (line 35) | struct multi_context
type link_socket (line 35) | struct link_socket
type multi_instance (line 56) | struct multi_instance
type multi_context (line 56) | struct multi_context
type link_socket (line 57) | struct link_socket
FILE: src/openvpn/multi.c
type multi_instance (line 60) | struct multi_instance
function set_cc_config (line 74) | static void
function learn_address_script (line 82) | static bool
function multi_ifconfig_pool_persist (line 149) | void
function multi_reap_range (line 160) | static void
function multi_reap_all (line 184) | static void
type multi_reap (line 190) | struct multi_reap
type multi_reap (line 193) | struct multi_reap
function multi_reap_process_dowork (line 201) | void
function multi_reap_free (line 214) | static void
function reap_buckets_per_pass (line 223) | static uint32_t
function cid_hash_function (line 231) | static uint32_t
function cid_compare_function (line 238) | static bool
function int_hash_function (line 249) | static uint32_t
function int_compare_function (line 258) | static bool
function multi_init (line 268) | static void
type multi_instance (line 426) | struct multi_instance
type gc_arena (line 426) | struct gc_arena
type buffer (line 430) | struct buffer
function generate_prefix (line 455) | static void
function ungenerate_prefix (line 472) | void
function multi_del_iroutes (line 484) | static void
function setenv_stats (line 506) | static void
function multi_client_disconnect_setenv (line 521) | static void
function multi_client_disconnect_script (line 534) | static void
function multi_close_instance (line 565) | void
function multi_uninit (line 662) | static void
type multi_instance (line 715) | struct multi_instance
type multi_context (line 716) | struct multi_context
type mroute_addr (line 716) | struct mroute_addr
type link_socket (line 717) | struct link_socket
type gc_arena (line 719) | struct gc_arena
type multi_instance (line 720) | struct multi_instance
function multi_print_status (line 811) | static void
type multi_instance (line 1036) | struct multi_instance
type multi_context (line 1037) | struct multi_context
type multi_instance (line 1037) | struct multi_instance
type mroute_addr (line 1037) | struct mroute_addr
type hash_element (line 1040) | struct hash_element
type hash_bucket (line 1042) | struct hash_bucket
type multi_route (line 1043) | struct multi_route
type multi_instance (line 1044) | struct multi_instance
type gc_arena (line 1045) | struct gc_arena
type multi_route (line 1051) | struct multi_route
type multi_route (line 1062) | struct multi_route
type multi_instance (line 1125) | struct multi_instance
type multi_context (line 1126) | struct multi_context
type mroute_addr (line 1126) | struct mroute_addr
type multi_route (line 1129) | struct multi_route
type multi_instance (line 1130) | struct multi_instance
type multi_route (line 1138) | struct multi_route
type multi_instance (line 1143) | struct multi_instance
type mroute_helper (line 1149) | struct mroute_helper
type mroute_addr (line 1150) | struct mroute_addr
type multi_route (line 1162) | struct multi_route
type multi_instance (line 1167) | struct multi_instance
type gc_arena (line 1178) | struct gc_arena
type multi_instance (line 1200) | struct multi_instance
type multi_context (line 1201) | struct multi_context
type multi_instance (line 1201) | struct multi_instance
type openvpn_sockaddr (line 1205) | struct openvpn_sockaddr
type mroute_addr (line 1206) | struct mroute_addr
type multi_instance (line 1220) | struct multi_instance
type multi_instance (line 1246) | struct multi_instance
type multi_context (line 1247) | struct multi_context
type multi_instance (line 1247) | struct multi_instance
type in6_addr (line 1247) | struct in6_addr
type mroute_addr (line 1251) | struct mroute_addr
type multi_instance (line 1265) | struct multi_instance
function multi_add_iroutes (line 1298) | static void
function multi_delete_dup (line 1343) | static void
function check_stale_routes (line 1383) | static void
function ifconfig_push_constraint_satisfied (line 1413) | static bool
function multi_select_virtual_addr (line 1433) | static void
function multi_set_virtual_addr_env (line 1574) | static void
function multi_client_connect_post (line 1620) | static void
function multi_client_connect_post_plugin (line 1646) | static void
function multi_client_connect_mda (line 1685) | enum client_connect_return
function multi_client_connect_setenv (line 1718) | static void
function multi_client_set_protocol_options (line 1748) | static bool
function ccs_delete_deferred_ret_file (line 1900) | static void
function ccs_gen_deferred_ret_file (line 1925) | static bool
function ccs_test_deferred_ret_file (line 1957) | static enum client_connect_return
function ccs_delete_config_file (line 2007) | static void
function ccs_gen_config_file (line 2030) | static bool
function multi_client_connect_call_plugin_v1 (line 2056) | static enum client_connect_return
function multi_client_connect_call_plugin_v2 (line 2146) | static enum client_connect_return
function multi_client_connect_script_deferred (line 2195) | static enum client_connect_return
function multi_client_connect_call_script (line 2236) | static enum client_connect_return
function multi_client_setup_dco_initial (line 2294) | static bool
function multi_client_generate_tls_keys (line 2317) | static bool
function multi_client_connect_late_setup (line 2340) | static void
function multi_client_connect_early_setup (line 2463) | static void
function multi_client_connect_compress_migrate (line 2498) | static enum client_connect_return
function multi_client_connect_source_ccd (line 2530) | static enum client_connect_return
type client_connect_return (line 2581) | enum client_connect_return
type multi_context (line 2582) | struct multi_context
type multi_instance (line 2582) | struct multi_instance
function override_locked_username (line 2599) | static bool
function multi_connection_established (line 2673) | static void
function multi_process_file_closed (line 2812) | void
function multi_add_mbuf (line 2869) | void
function multi_unicast (line 2888) | static inline void
function multi_bcast (line 2905) | static void
function compute_wakeup_sigma (line 2951) | static inline unsigned int
function multi_schedule_context_wakeup (line 2975) | static void
function add_inotify_file_watch (line 2988) | static void
function multi_process_post (line 3017) | bool
function multi_process_float (line 3116) | static void
function multi_close_instance_on_signal (line 3215) | void
function multi_signal_instance (line 3227) | static void
function process_incoming_del_peer (line 3236) | static void
function multi_process_incoming_dco (line 3277) | void
function multi_process_incoming_link (line 3344) | bool
function multi_process_incoming_tun (line 3542) | bool
type multi_instance (line 3634) | struct multi_instance
type mbuf_set (line 3635) | struct mbuf_set
type mbuf_item (line 3637) | struct mbuf_item
function multi_process_timeout (line 3670) | bool
function multi_process_drop_outgoing_tun (line 3702) | void
function route_quota_exceeded (line 3724) | void
function gremlin_flood_clients (line 3738) | static void
function stale_route_check_trigger (line 3770) | static bool
function multi_process_per_second_timers_dowork (line 3781) | void
function multi_top_init (line 3810) | static void
function multi_top_free (line 3817) | static void
function is_exit_restart (line 3824) | static bool
function multi_push_restart_schedule_exit (line 3830) | static void
function multi_process_signal (line 3868) | bool
function management_callback_status (line 3893) | static void
function management_callback_n_clients (line 3908) | static int
function management_callback_kill_by_cn (line 3915) | static int
function management_callback_kill_by_addr (line 3941) | static int
function management_delete_event (line 3973) | static void
type multi_instance (line 3983) | struct multi_instance
type multi_context (line 3984) | struct multi_context
type multi_instance (line 3988) | struct multi_instance
type multi_instance (line 3988) | struct multi_instance
function management_kill_by_cid (line 3997) | static bool
function management_client_pending_auth (line 4014) | static bool
function management_client_auth (line 4049) | static bool
type multi_context (line 4089) | struct multi_context
type multi_context (line 4089) | struct multi_context
type multi_instance (line 4090) | struct multi_instance
function init_management_callback_multi (line 4104) | void
function multi_assign_peer_id (line 4136) | void
function multi_get_timeout (line 4171) | static void
function tunnel_server_loop (line 4191) | static void
function tunnel_server (line 4224) | void
function multi_unlearn_addr (line 4283) | static void
function multi_unlearn_in_addr_t (line 4318) | static void
function multi_unlearn_in6_addr (line 4336) | static void
function unlearn_ifconfig (line 4350) | void
function unlearn_ifconfig_ipv6 (line 4362) | void
function update_vhash (line 4384) | void
function multi_check_push_ifconfig_extra_route (line 4430) | bool
function multi_check_push_ifconfig_ipv6_extra_route (line 4451) | bool
FILE: src/openvpn/multi.h
type multi_reap (line 51) | struct multi_reap
type deferred_signal_schedule_entry (line 59) | struct deferred_signal_schedule_entry
type client_connect_defer_state (line 70) | struct client_connect_defer_state
type multi_instance (line 101) | struct multi_instance
type multi_context (line 162) | struct multi_context
type client_connect_return (line 225) | enum client_connect_return
type multi_route (line 236) | struct multi_route
type context (line 257) | struct context
type multi_instance (line 260) | struct multi_instance
type gc_arena (line 260) | struct gc_arena
type multi_instance (line 266) | struct multi_instance
type multi_context (line 266) | struct multi_context
type mroute_addr (line 267) | struct mroute_addr
type link_socket (line 268) | struct link_socket
type multi_context (line 270) | struct multi_context
type multi_instance (line 270) | struct multi_instance
type multi_context (line 272) | struct multi_context
type multi_context (line 301) | struct multi_context
type multi_instance (line 301) | struct multi_instance
type multi_context (line 335) | struct multi_context
type multi_instance (line 335) | struct multi_instance
type link_socket (line 336) | struct link_socket
type multi_context (line 354) | struct multi_context
type multi_context (line 357) | struct multi_context
type multi_instance (line 359) | struct multi_instance
type mbuf_set (line 359) | struct mbuf_set
type multi_context (line 361) | struct multi_context
type multi_instance (line 361) | struct multi_instance
type mbuf_buffer (line 361) | struct mbuf_buffer
type multi_context (line 363) | struct multi_context
type multi_context (line 365) | struct multi_context
type multi_context (line 367) | struct multi_context
type multi_instance (line 367) | struct multi_instance
type multi_context (line 369) | struct multi_context
type multi_context (line 379) | struct multi_context
function multi_output_queue_ready (line 391) | static inline bool
type multi_instance (line 413) | struct multi_instance
type multi_context (line 414) | struct multi_context
type multi_instance (line 416) | struct multi_instance
type multi_instance (line 433) | struct multi_instance
function route_quota_inc (line 435) | static inline void
function route_quota_dec (line 441) | static inline void
function route_quota_test (line 448) | static inline bool
function multi_instance_inc_refcount (line 466) | static inline void
function multi_instance_dec_refcount (line 472) | static inline void
function multi_route_del (line 482) | static inline void
function multi_route_defined (line 491) | static inline bool
type multi_instance (line 517) | struct multi_instance
function set_prefix (line 523) | static inline void
function clear_prefix (line 535) | static inline void
type multi_context (line 564) | struct multi_context
type multi_context (line 566) | struct multi_context
function multi_reap_process (line 568) | static inline void
function multi_process_per_second_timers (line 577) | static inline void
function multi_get_timeout_instance (line 596) | static inline void
function multi_process_outgoing_tun (line 639) | static inline bool
function multi_process_outgoing_link_dowork (line 661) | static inline bool
type multi_instance (line 684) | struct multi_instance
type multi_instance (line 697) | struct multi_instance
type in6_addr (line 698) | struct in6_addr
function multi_set_pending (line 705) | static inline void
type multi_context (line 718) | struct multi_context
type multi_instance (line 718) | struct multi_instance
type multi_instance (line 721) | struct multi_instance
type multi_context (line 722) | struct multi_context
type multi_context (line 726) | struct multi_context
type multi_instance (line 726) | struct multi_instance
type multi_context (line 727) | struct multi_context
type multi_instance (line 727) | struct multi_instance
type multi_context (line 728) | struct multi_context
type multi_instance (line 728) | struct multi_instance
FILE: src/openvpn/multi_io.c
type ta_iow_flags (line 49) | struct ta_iow_flags
type context (line 102) | struct context
type multi_context (line 103) | struct multi_context
type multi_instance (line 103) | struct multi_instance
type multi_io (line 115) | struct multi_io
type multi_io (line 118) | struct multi_io
function multi_io_set_global_rw_flags (line 132) | void
function multi_io_free (line 154) | void
function multi_io_wait (line 165) | int
function multi_io_wait_lite (line 214) | static int
type multi_instance (line 283) | struct multi_instance
type multi_context (line 284) | struct multi_context
type multi_instance (line 284) | struct multi_instance
type multi_instance (line 287) | struct multi_instance
function multi_io_post (line 360) | static int
function multi_io_process_io (line 417) | void
function multi_io_action (line 542) | void
function multi_io_delete_event (line 629) | void
FILE: src/openvpn/multi_io.h
type multi_io (line 51) | struct multi_io
type multi_io (line 64) | struct multi_io
type multi_io (line 66) | struct multi_io
type multi_context (line 68) | struct multi_context
type multi_context (line 70) | struct multi_context
type multi_context (line 72) | struct multi_context
type multi_instance (line 72) | struct multi_instance
type multi_context (line 74) | struct multi_context
type multi_instance (line 74) | struct multi_instance
type multi_io (line 76) | struct multi_io
FILE: src/openvpn/networking.h
type context (line 27) | struct context
type openvpn_net_iface_t (line 35) | typedef char openvpn_net_iface_t;
function net_ctx_init (line 46) | static inline int
function net_ctx_reset (line 55) | static inline void
function net_ctx_free (line 61) | static inline void
type context (line 78) | struct context
type in6_addr (line 185) | struct in6_addr
type in6_addr (line 209) | struct in6_addr
type in6_addr (line 272) | struct in6_addr
type in6_addr (line 273) | struct in6_addr
type in6_addr (line 308) | struct in6_addr
type in6_addr (line 309) | struct in6_addr
type in6_addr (line 341) | struct in6_addr
type in6_addr (line 342) | struct in6_addr
FILE: src/openvpn/networking_freebsd.c
function net_route_v4 (line 11) | static int
function net_route_v6 (line 49) | static int
function net_route_v4_add (line 84) | int
function net_route_v6_add (line 91) | int
function net_route_v4_del (line 98) | int
function net_route_v6_del (line 105) | int
FILE: src/openvpn/networking_iproute2.c
function net_ctx_init (line 38) | int
function net_ctx_reset (line 51) | void
function net_ctx_free (line 57) | void
function net_iface_new (line 63) | int
function net_iface_type (line 77) | int
function net_iface_del (line 85) | int
function net_iface_up (line 98) | int
function net_iface_mtu_set (line 112) | int
function net_addr_ll_set (line 126) | int
function net_addr_v4_add (line 146) | int
function net_addr_v6_add (line 162) | int
function net_addr_v4_del (line 178) | int
function net_addr_v6_del (line 194) | int
function net_addr_ptp_v4_add (line 210) | int
function net_addr_ptp_v4_del (line 228) | int
function net_route_v4_add (line 246) | int
function net_route_v6_add (line 284) | int
function net_route_v4_del (line 317) | int
function net_route_v6_del (line 343) | int
FILE: src/openvpn/networking_iproute2.h
type openvpn_net_iface_t (line 26) | typedef char openvpn_net_iface_t;
type openvpn_net_ctx (line 28) | struct openvpn_net_ctx
type openvpn_net_ctx_t (line 34) | typedef struct openvpn_net_ctx openvpn_net_ctx_t;
FILE: src/openvpn/networking_sitnl.c
type nlmsghdr (line 79) | struct nlmsghdr
type inet_address_t (line 88) | typedef union
type sitnl_link_req (line 97) | struct sitnl_link_req
type sitnl_addr_req (line 107) | struct sitnl_addr_req
type sitnl_route_req (line 117) | struct sitnl_route_req
type nlmsghdr (line 124) | struct nlmsghdr
type sitnl_route_data_cb (line 129) | struct sitnl_route_data_cb
function sitnl_addattr (line 138) | static int
function sitnl_socket (line 171) | static int
function sitnl_bind (line 208) | static int
function sitnl_send (line 250) | static int
type route_res_t (line 457) | typedef struct
function sitnl_route_save (line 466) | static int
function sitnl_route_best_gw (line 532) | static int
function net_route_v6_best_gw (line 600) | int
function net_route_v4_best_gw (line 628) | int
function net_iface_up (line 660) | int
function net_iface_mtu_set (line 702) | int
function net_addr_ll_set (line 733) | int
function sitnl_addr_set (line 764) | static int
function sitnl_addr_ptp_add (line 831) | static int
function sitnl_addr_ptp_del (line 864) | static int
function sitnl_route_set (line 895) | static int
function sitnl_addr_add (line 966) | static int
function sitnl_addr_del (line 998) | static int
function net_addr_v4_add (line 1029) | int
function net_addr_v6_add (line 1048) | int
function net_addr_v4_del (line 1068) | int
function net_addr_v6_del (line 1087) | int
function net_addr_ptp_v4_add (line 1107) | int
function net_addr_ptp_v4_del (line 1135) | int
function sitnl_route_add (line 1156) | static int
function net_route_v4_add (line 1187) | int
function net_route_v6_add (line 1215) | int
function sitnl_route_del (line 1241) | static int
function net_route_v4_del (line 1266) | int
function net_route_v6_del (line 1292) | int
function net_iface_new (line 1319) | int
function sitnl_parse_rtattr_flags (line 1363) | static int
function sitnl_parse_rtattr (line 1391) | static int
function sitnl_type_save (line 1400) | static int
function net_iface_type (line 1435) | int
function net_iface_del (line 1467) | int
FILE: src/openvpn/networking_sitnl.h
type openvpn_net_iface_t (line 24) | typedef char openvpn_net_iface_t;
FILE: src/openvpn/occ.c
type mtu_load_test (line 57) | struct mtu_load_test
function check_send_occ_req_dowork (line 143) | void
function check_send_occ_load_test_dowork (line 182) | void
function check_send_occ_msg_dowork (line 216) | void
function process_received_occ_msg (line 359) | void
FILE: src/openvpn/occ.h
type mtu_load_test (line 73) | struct mtu_load_test
function is_occ_msg (line 83) | static inline bool
type context (line 89) | struct context
type context (line 91) | struct context
type context (line 93) | struct context
type context (line 95) | struct context
function occ_reset_op (line 101) | static inline int
function check_send_occ_req (line 110) | static inline void
function check_send_occ_load_test (line 124) | static inline void
function check_send_occ_msg (line 138) | static inline void
function cc_exit_notify_enabled (line 158) | static inline bool
FILE: src/openvpn/openssl_compat.h
function X509_OBJECT_free (line 60) | static inline void
function EVP_PKEY_get_group_name (line 89) | static inline int
type OSSL_LIB_CTX (line 127) | typedef void OSSL_LIB_CTX;
type OSSL_PROVIDER (line 128) | typedef void OSSL_PROVIDER;
function EVP_CIPHER (line 132) | static inline const EVP_CIPHER *
function EVP_MD (line 140) | static inline const EVP_MD *
function EVP_CIPHER_free (line 148) | static inline void
function EVP_MD_free (line 154) | static inline void
function ERR_get_error_all (line 160) | static inline unsigned long
function SSL_get0_peer_signature_name (line 173) | static inline int
function SSL_get0_peer_signature_name (line 187) | static inline int
FILE: src/openvpn/openvpn.c
function process_signal_p2p (line 40) | static bool
function tunnel_point_to_point (line 56) | static void
function init_early (line 104) | void
function uninit_early (line 121) | static void
function openvpn_main (line 152) | static int
function wmain (line 352) | int
function main (line 382) | int
FILE: src/openvpn/openvpn.h
type key_schedule (line 54) | struct key_schedule
type packet_id_persist (line 81) | struct packet_id_persist
function packet_id_persist_init (line 85) | static inline void
type context_buffers (line 94) | struct context_buffers
type context_persist (line 120) | struct context_persist
type context_0 (line 136) | struct context_0
type context_1 (line 156) | struct context_1
function is_cas_pending (line 208) | static inline bool
type context_2 (line 223) | struct context_2
type context (line 470) | struct context
FILE: src/openvpn/options.c
function init_options (line 794) | void
function uninit_options (line 914) | void
function setenv_connection_entry (line 965) | static void
function setenv_local_entry (line 983) | static void
function setenv_settings (line 991) | void
function setenv_foreign_option (line 1024) | static void
function delete_all_dhcp_fo (line 1053) | static void
function in_addr_t (line 1088) | static in_addr_t
type gc_arena (line 1114) | struct gc_arena
function ipv6_addr_safe_hexplusbits (line 1131) | static bool
type gc_arena (line 1138) | struct gc_arena
type verify_hash_list (line 1165) | struct verify_hash_list
type gc_arena (line 1166) | struct gc_arena
type verify_hash_list (line 1171) | struct verify_hash_list
type verify_hash_list (line 1218) | struct verify_hash_list
type gc_arena (line 1220) | struct gc_arena
type gc_arena (line 1222) | struct gc_arena
type verify_hash_list (line 1225) | struct verify_hash_list
type verify_hash_list (line 1241) | struct verify_hash_list
function show_dhcp_option_list (line 1260) | static void
function show_dhcp_option_addrs (line 1269) | static void
function show_tuntap_options (line 1280) | static void
function dhcp_option_dns6_parse (line 1306) | static void
function dhcp_option_address_parse (line 1320) | static void
type vlan_acceptable_frames (line 1349) | enum vlan_acceptable_frames
function show_p2mp_parms (line 1365) | static void
function option_iroute (line 1457) | static void
function option_iroute_ipv6 (line 1484) | static void
function show_http_proxy_options (line 1502) | static void
function options_detach (line 1532) | void
function rol_check_alloc (line 1541) | void
function rol6_check_alloc (line 1550) | static void
function cnol_check_alloc (line 1559) | static void
function show_connection_entry (line 1569) | static void
function show_connection_entries (line 1626) | static void
function show_pull_filter_list (line 1647) | static void
function show_settings (line 1665) | void
type http_proxy_options (line 1963) | struct http_proxy_options
type gc_arena (line 1965) | struct gc_arena
type http_proxy_options (line 1969) | struct http_proxy_options
function options_postprocess_http_proxy_override (line 1991) | static void
type local_list (line 2026) | struct local_list
type connection_entry (line 2027) | struct connection_entry
type gc_arena (line 2027) | struct gc_arena
type local_entry (line 2036) | struct local_entry
type connection_entry (line 2037) | struct connection_entry
type gc_arena (line 2037) | struct gc_arena
type local_list (line 2039) | struct local_list
type local_entry (line 2040) | struct local_entry
type local_entry (line 2047) | struct local_entry
type connection_list (line 2067) | struct connection_list
type options (line 2068) | struct options
type connection_entry (line 2077) | struct connection_entry
type options (line 2078) | struct options
type connection_list (line 2080) | struct connection_list
type connection_entry (line 2081) | struct connection_entry
type connection_entry (line 2086) | struct connection_entry
type connection_entry (line 2087) | struct connection_entry
type remote_list (line 2103) | struct remote_list
type options (line 2104) | struct options
type remote_entry (line 2113) | struct remote_entry
type options (line 2114) | struct options
type remote_list (line 2116) | struct remote_list
type remote_entry (line 2117) | struct remote_entry
type remote_entry (line 2122) | struct remote_entry
type remote_entry (line 2123) | struct remote_entry
type pull_filter_list (line 2139) | struct pull_filter_list
type options (line 2140) | struct options
type pull_filter (line 2149) | struct pull_filter
type options (line 2150) | struct options
type pull_filter_list (line 2152) | struct pull_filter_list
type pull_filter (line 2153) | struct pull_filter
function connection_entry_load_re (line 2170) | static void
function connection_entry_preload_key (line 2191) | static void
function check_ca_required (line 2207) | static void
function options_postprocess_verify_ce (line 2245) | static void
function options_postprocess_mutate_ce (line 2896) | static void
function options_postprocess_mutate_le (line 3053) | static void
function remap_redirect_gateway_flags (line 3071) | static void
function pre_connect_save (line 3087) | static void
function pre_connect_restore (line 3132) | void
function options_postprocess_mutate_invariant (line 3205) | static void
function options_postprocess_verify (line 3268) | static void
function options_postprocess_cipher (line 3305) | static void
function need_compatibility_before (line 3365) | static bool
function options_set_backwards_compatible_options (line 3375) | static void
function options_process_mutate_prf (line 3443) | static void
function tuntap_options_postprocess_dns (line 3471) | static void
function dhcp_options_postprocess_dns (line 3586) | static void
function options_postprocess_mutate (line 3728) | static void
function check_file_access (line 3927) | static bool
function check_file_access_chroot (line 4023) | static bool
function check_file_access_chroot_inline (line 4057) | static bool
function check_file_access_inline (line 4073) | static bool
function check_cmd_access (line 4101) | static bool
function options_postprocess_filechecks (line 4141) | static void
function options_postprocess (line 4252) | void
function options_postprocess_pull (line 4266) | bool
type options (line 4324) | struct options
type frame (line 4324) | struct frame
type tuntap (line 4324) | struct tuntap
type gc_arena (line 4325) | struct gc_arena
type buffer (line 4327) | struct buffer
type key_type (line 4426) | struct key_type
function options_cmp_equal (line 4517) | bool
function options_warning (line 4523) | void
type gc_arena (line 4530) | struct gc_arena
type gc_arena (line 4532) | struct gc_arena
type buffer (line 4533) | struct buffer
function options_warning_safe_scan2 (line 4543) | static void
function options_warning_safe_scan1 (line 4597) | static void
function options_warning_safe_ml (line 4615) | static void
function options_cmp_equal_safe (line 4637) | bool
function options_warning_safe (line 4660) | void
type gc_arena (line 4667) | struct gc_arena
type buffer (line 4669) | struct buffer
type gc_arena (line 4680) | struct gc_arena
function parse_topology (line 4716) | int
function auth_retry_get (line 4766) | int
function auth_retry_set (line 4772) | bool
function usage (line 4817) | void
function usage_small (line 4843) | void
function show_windows_version (line 4851) | void
function show_dco_version (line 4860) | void
function show_library_versions (line 4870) | void
function usage_version (line 4884) | static void
function notnull (line 4906) | void
function string_defined_equal (line 4915) | bool
function ping_rec_err (line 4929) | static void
function atou (line 4937) | static unsigned int
function verify_permission (line 4955) | static bool
function no_more_than_n_args (line 5008) | static bool
function msglvl_t (line 5033) | static inline msglvl_t
function remove_option (line 5046) | void
function check_route_option (line 5208) | static bool
function check_route6_option (line 5236) | static bool
function check_dns_option (line 5257) | static bool
function update_option (line 5366) | void
function set_user_script (line 5497) | static void
function show_compression_warning (line 5524) | static void
function key_is_external (line 5536) | bool
function add_option (line 5556) | void
function has_udp_in_local_list (line 9277) | bool
FILE: src/openvpn/options.h
type options_pre_connect (line 62) | struct options_pre_connect
type local_entry (line 99) | struct local_entry
type connection_entry (line 106) | struct connection_entry
type remote_entry (line 182) | struct remote_entry
type local_list (line 192) | struct local_list
type connection_list (line 199) | struct connection_list
type remote_list (line 207) | struct remote_list
type provider_list (line 214) | struct provider_list
type vlan_acceptable_frames (line 222) | enum vlan_acceptable_frames
type remote_host_store (line 229) | struct remote_host_store
type genkey_type (line 237) | enum genkey_type
type verify_hash_list (line 245) | struct verify_hash_list
type options (line 254) | struct options
type pull_filter (line 791) | struct pull_filter
type pull_filter_list (line 803) | struct pull_filter_list
type options (line 809) | struct options
type env_set (line 812) | struct env_set
type context (line 834) | struct context
type options (line 834) | struct options
type env_set (line 837) | struct env_set
type context (line 859) | struct context
type options (line 859) | struct options
type env_set (line 862) | struct env_set
type options (line 864) | struct options
type env_set (line 866) | struct env_set
type options (line 868) | struct options
type env_set (line 871) | struct env_set
type options (line 873) | struct options
type env_set (line 875) | struct env_set
type options (line 892) | struct options
type options (line 894) | struct options
type env_set (line 896) | struct env_set
type options (line 896) | struct options
type options (line 898) | struct options
type gc_arena (line 902) | struct gc_arena
type options (line 904) | struct options
type frame (line 904) | struct frame
type tuntap (line 904) | struct tuntap
type gc_arena (line 905) | struct gc_arena
type gc_arena (line 926) | struct gc_arena
type options (line 929) | struct options
type env_set (line 929) | struct env_set
type options (line 931) | struct options
type env_set (line 931) | struct env_set
type options (line 933) | struct options
type gc_arena (line 933) | struct gc_arena
type context (line 935) | struct context
type options (line 935) | struct options
type buffer (line 935) | struct buffer
type env_set (line 937) | struct env_set
type options (line 939) | struct options
type options (line 941) | struct options
type env_set (line 943) | struct env_set
type options (line 945) | struct options
type options (line 947) | struct options
type gc_arena (line 950) | struct gc_arena
type options (line 974) | struct options
type env_set (line 976) | struct env_set
type options (line 978) | struct options
type options (line 980) | struct options
function dco_enabled (line 985) | static inline bool
FILE: src/openvpn/options_parse.c
function bypass_doubledash (line 34) | static void
function space (line 43) | static inline bool
function parse_line (line 49) | int
type in_src (line 225) | struct in_src
function in_src_get (line 237) | static bool
type in_src (line 261) | struct in_src
type gc_arena (line 261) | struct gc_arena
type buffer (line 264) | struct buffer
type buffer (line 285) | struct buffer
function check_inline_file (line 304) | static int
function check_inline_file_via_fp (line 328) | static int
function check_inline_file_via_buf (line 337) | static int
function read_config_file (line 346) | void
function read_config_string (line 420) | void
function parse_argv (line 449) | void
function apply_push_options (line 511) | bool
function options_server_import (line 579) | void
function options_string_import (line 589) | void
FILE: src/openvpn/options_util.c
type options (line 35) | struct options
type gc_arena (line 37) | struct gc_arena
function valid_integer (line 103) | bool
function positive_atoi (line 119) | int
function positive_atoll (line 134) | bool
function atoi_warn (line 150) | int
function atoi_constrained (line 165) | bool
function check_push_update_option_flags (line 205) | bool
function apply_pull_filter (line 267) | bool
FILE: src/openvpn/options_util.h
type options (line 29) | struct options
type options (line 79) | struct options
FILE: src/openvpn/otime.c
function update_now (line 43) | void
function update_now_usec (line 68) | void
type timeval (line 83) | struct timeval
type gc_arena (line 83) | struct gc_arena
type buffer (line 85) | struct buffer
type timeval (line 96) | struct timeval
type gc_arena (line 96) | struct gc_arena
type gc_arena (line 104) | struct gc_arena
type buffer (line 106) | struct buffer
type timeval (line 107) | struct timeval
type tm (line 116) | struct tm
type frequency_limit (line 136) | struct frequency_limit
type frequency_limit (line 139) | struct frequency_limit
function frequency_limit_free (line 151) | void
function frequency_limit_event_allowed (line 157) | bool
function time_test (line 178) | void
FILE: src/openvpn/otime.h
type tv_sec_t (line 31) | typedef long tv_sec_t;
type tv_usec_t (line 32) | typedef long tv_usec_t;
type time_t (line 34) | typedef time_t tv_sec_t;
type suseconds_t (line 35) | typedef suseconds_t tv_usec_t;
type frequency_limit (line 38) | struct frequency_limit
type frequency_limit (line 46) | struct frequency_limit
type frequency_limit (line 48) | struct frequency_limit
type frequency_limit (line 50) | struct frequency_limit
type gc_arena (line 53) | struct gc_arena
type timeval (line 57) | struct timeval
type gc_arena (line 57) | struct gc_arena
type timeval (line 59) | struct timeval
type gc_arena (line 59) | struct gc_arena
type timeval (line 68) | struct timeval
function openvpn_gettimeofday (line 70) | static inline int
function update_time (line 83) | static inline void
function time_t (line 96) | static inline time_t
function tv_clear (line 107) | static inline void
function tv_defined (line 114) | static inline bool
function tv_subtract (line 121) | static inline int
function tv_add (line 139) | static inline void
function tv_lt (line 153) | static inline bool
function tv_le (line 170) | static inline bool
function tv_ge (line 187) | static inline bool
function tv_gt (line 204) | static inline bool
function tv_eq (line 221) | static inline bool
function tv_delta (line 227) | static inline void
function tv_within_sigma (line 254) | static inline bool
function interval_earliest_wakeup (line 266) | static inline void
FILE: src/openvpn/ovpn_dco_freebsd.h
type ovpn_notif_type (line 37) | enum ovpn_notif_type
type ovpn_del_reason (line 44) | enum ovpn_del_reason
type ovpn_key_slot (line 50) | enum ovpn_key_slot
type ovpn_key_cipher (line 56) | enum ovpn_key_cipher
FILE: src/openvpn/ovpn_dco_linux.h
type ovpn_cipher_alg (line 14) | enum ovpn_cipher_alg {
type ovpn_del_peer_reason (line 20) | enum ovpn_del_peer_reason {
type ovpn_key_slot (line 28) | enum ovpn_key_slot {
FILE: src/openvpn/ovpn_dco_win.h
type OVPN_PROTO (line 30) | typedef enum {
type OVPN_NEW_PEER (line 35) | typedef struct _OVPN_NEW_PEER {
type OVPN_MP_NEW_PEER (line 49) | typedef struct _OVPN_MP_NEW_PEER {
type OVPN_STATS (line 66) | typedef struct _OVPN_STATS {
type OVPN_PEER_STATS (line 86) | typedef struct _OVPN_PEER_STATS {
type OVPN_KEY_SLOT (line 94) | typedef enum _OVPN_KEY_SLOT {
type OVPN_CIPHER_ALG (line 99) | typedef enum _OVPN_CIPHER_ALG {
type OVPN_KEY_DIRECTION (line 105) | typedef struct _OVPN_KEY_DIRECTION
type OVPN_CRYPTO_DATA (line 112) | typedef struct _OVPN_CRYPTO_DATA {
type OVPN_CRYPTO_DATA_V2 (line 123) | typedef struct _OVPN_CRYPTO_DATA_V2 {
type OVPN_MP_SET_PEER (line 128) | typedef struct _OVPN_MP_SET_PEER {
type OVPN_SET_PEER (line 135) | typedef struct _OVPN_SET_PEER {
type OVPN_VERSION (line 141) | typedef struct _OVPN_VERSION {
type OVPN_MODE (line 147) | typedef enum {
type OVPN_SET_MODE (line 152) | typedef struct _OVPN_SET_MODE {
type OVPN_MP_START_VPN (line 156) | typedef struct _OVPN_MP_START_VPN {
type OVPN_NOTIFY_CMD (line 164) | typedef enum {
type OVPN_DEL_PEER_REASON (line 170) | typedef enum {
type OVPN_NOTIFY_EVENT (line 178) | typedef struct _OVPN_NOTIFY_EVENT {
type OVPN_MP_DEL_PEER (line 185) | typedef struct _OVPN_MP_DEL_PEER {
type OVPN_MP_SWAP_KEYS (line 189) | typedef struct _OVPN_MP_SWAP_KEYS {
type OVPN_MP_IROUTE (line 193) | typedef struct _OVPN_MP_IROUTE {
type OVPN_GET_PEER_STATS (line 203) | typedef struct _OVPN_GET_PEER_STATS {
FILE: src/openvpn/packet_id.c
type packet_id_rec (line 56) | struct packet_id_rec
type packet_id_net (line 57) | struct packet_id_net
function packet_id_debug (line 62) | static inline void
function packet_id_init_recv (line 79) | static void
function packet_id_init (line 95) | void
function packet_id_move_recv (line 108) | void
function packet_id_free (line 125) | void
function packet_id_add (line 136) | void
function packet_id_reap (line 188) | void
function packet_id_test (line 219) | bool
function packet_id_read (line 318) | bool
function packet_id_send_update (line 343) | static bool
function packet_id_send_update_epoch (line 366) | static bool
function packet_id_write (line 381) | bool
type packet_id_net (line 423) | struct packet_id_net
type gc_arena (line 423) | struct gc_arena
type buffer (line 425) | struct buffer
function packet_id_persist_init (line 439) | void
function packet_id_persist_close (line 449) | void
function packet_id_persist_load (line 463) | void
function packet_id_persist_save (line 507) | void
function packet_id_persist_load_obj (line 548) | void
type packet_id_persist (line 559) | struct packet_id_persist
type gc_arena (line 559) | struct gc_arena
type buffer (line 561) | struct buffer
function packet_id_debug_print (line 581) | static void
function packet_id_read_epoch (line 653) | uint16_t
function packet_id_write_epoch (line 676) | bool
FILE: src/openvpn/packet_id.h
type packet_id_type (line 45) | typedef uint32_t packet_id_type;
type net_time_t (line 51) | typedef uint32_t net_time_t;
type packet_id_print_type (line 77) | typedef uint64_t packet_id_print_type;
type packet_id_rec (line 113) | struct packet_id_rec
type packet_id_persist (line 131) | struct packet_id_persist
type packet_id_persist_file_image (line 141) | struct packet_id_persist_file_image
type packet_id_send (line 151) | struct packet_id_send
type packet_id_net (line 190) | struct packet_id_net
type packet_id (line 198) | struct packet_id
type packet_id (line 204) | struct packet_id
type packet_id (line 207) | struct packet_id
type packet_id_rec (line 213) | struct packet_id_rec
type packet_id_rec (line 213) | struct packet_id_rec
type packet_id_rec (line 216) | struct packet_id_rec
type packet_id_net (line 216) | struct packet_id_net
type packet_id_rec (line 219) | struct packet_id_rec
type packet_id_net (line 219) | struct packet_id_net
type packet_id_rec (line 222) | struct packet_id_rec
type packet_id_persist (line 229) | struct packet_id_persist
type packet_id_persist (line 232) | struct packet_id_persist
type packet_id_persist (line 235) | struct packet_id_persist
type packet_id_persist (line 238) | struct packet_id_persist
type packet_id_persist (line 241) | struct packet_id_persist
type packet_id (line 241) | struct packet_id
type packet_id_persist (line 244) | struct packet_id_persist
type gc_arena (line 244) | struct gc_arena
type packet_id_net (line 251) | struct packet_id_net
type buffer (line 251) | struct buffer
type packet_id_send (line 263) | struct packet_id_send
type buffer (line 263) | struct buffer
function packet_id_initialized (line 270) | static inline bool
function packet_id_persist_enabled (line 277) | static inline bool
function packet_id_persist_save_obj (line 289) | static inline void
function reset_packet_id_send (line 311) | static inline void
type packet_id_net (line 318) | struct packet_id_net
type gc_arena (line 319) | struct gc_arena
function packet_id_size (line 321) | static inline int
function packet_id_close_to_wrapping (line 327) | static inline bool
function packet_id_reap_test (line 333) | static inline void
type packet_id_send (line 350) | struct packet_id_send
type buffer (line 350) | struct buffer
type packet_id_net (line 359) | struct packet_id_net
type buffer (line 359) | struct buffer
FILE: src/openvpn/ping.c
function trigger_ping_timeout_signal (line 44) | void
function check_ping_send_dowork (line 70) | void
FILE: src/openvpn/ping.h
function is_ping_msg (line 39) | static inline bool
type context (line 50) | struct context
type context (line 52) | struct context
function check_ping_restart (line 58) | static inline void
function check_ping_send (line 75) | static inline void
FILE: src/openvpn/pkcs11.c
function time_t (line 42) | static time_t
function __mygettimeofday (line 49) | static int
function __mysleep (line 56) | static void
function msglvl_t (line 79) | static msglvl_t
function _pkcs11_msg_openvpn2pkcs11 (line 118) | static unsigned
function _pkcs11_openvpn_log (line 155) | static void
function PKCS11H_BOOL (line 169) | static PKCS11H_BOOL
function PKCS11H_BOOL (line 198) | static PKCS11H_BOOL
function pkcs11_initialize (line 240) | bool
function pkcs11_terminate (line 308) | void
function pkcs11_addProvider (line 318) | bool
function pkcs11_logout (line 394) | int
function pkcs11_management_id_count (line 400) | int
function pkcs11_management_id_get (line 433) | bool
function tls_ctx_use_pkcs11 (line 571) | int
function PKCS11H_BOOL (line 660) | static PKCS11H_BOOL
function show_pkcs11_ids (line 692) | void
FILE: src/openvpn/pkcs11.h
type tls_root_ctx (line 43) | struct tls_root_ctx
FILE: src/openvpn/pkcs11_backend.h
type gc_arena (line 48) | struct gc_arena
type tls_root_ctx (line 69) | struct tls_root_ctx
FILE: src/openvpn/pkcs11_mbedtls.c
function pkcs11_get_x509_cert (line 42) | static bool
function pkcs11_sign (line 90) | static bool
function pkcs11_init_tls_session (line 97) | int
type gc_arena (line 121) | struct gc_arena
function pkcs11_certificate_serial (line 144) | int
FILE: src/openvpn/pkcs11_openssl.c
function set_pss_params (line 67) | static int
function CK_RV (line 145) | static CK_RV
function xkey_pkcs11h_sign (line 165) | static int
function xkey_handle_free (line 262) | static void
function xkey_load_from_pkcs11h (line 279) | static int
function pkcs11_init_tls_session (line 330) | int
type gc_arena (line 410) | struct gc_arena
function pkcs11_certificate_serial (line 431) | int
FILE: src/openvpn/platform.c
function platform_chroot (line 53) | void
function platform_user_get (line 79) | bool
function platform_user_set (line 106) | static void
function platform_group_get (line 123) | bool
function platform_group_set (line 150) | static void
function need_keep_caps (line 184) | static int
function platform_user_group_set (line 217) | void
function platform_nice (line 310) | void
function platform_getpid (line 332) | unsigned int
function platform_mlockall (line 343) | void
function platform_chdir (line 391) | int
function platform_system_ok (line 412) | bool
function platform_ret_code (line 423) | int
function platform_ret_code (line 436) | int
function platform_access (line 456) | int
function platform_sleep_milliseconds (line 472) | void
function platform_unlink (line 486) | bool
function FILE (line 499) | FILE *
function platform_open (line 512) | int
function platform_stat (line 525) | int
type gc_arena (line 540) | struct gc_arena
type gc_arena (line 591) | struct gc_arena
type buffer (line 615) | struct buffer
function platform_absolute_pathname (line 635) | bool
function platform_test_file (line 654) | bool
FILE: src/openvpn/platform.h
type context (line 58) | struct context
type platform_state_user (line 62) | struct platform_state_user
type platform_state_group (line 73) | struct platform_state_group
type platform_state_user (line 82) | struct platform_state_user
type platform_state_group (line 84) | struct platform_state_group
type platform_state_user (line 86) | struct platform_state_user
type platform_state_group (line 87) | struct platform_state_group
type context (line 87) | struct context
type platform_stat_t (line 118) | typedef struct _stat platform_stat_t;
type platform_stat_t (line 120) | typedef struct stat platform_stat_t;
type gc_arena (line 129) | struct gc_arena
type gc_arena (line 132) | struct gc_arena
FILE: src/openvpn/plugin.c
type plugin_common (line 50) | struct plugin_common
function plugin_show_string_array (line 52) | static void
function plugin_show_args_env (line 65) | static void
type gc_arena (line 131) | struct gc_arena
type buffer (line 133) | struct buffer
function plugin_supported_types (line 152) | static inline unsigned int
type plugin_option_list (line 158) | struct plugin_option_list
type gc_arena (line 159) | struct gc_arena
type plugin_option_list (line 161) | struct plugin_option_list
function plugin_option_list_add (line 166) | bool
function plugin_option_list_print (line 186) | void
function libdl_resolve_symbol (line 205) | static void
function dll_resolve_symbol (line 219) | static void
function plugin_init_item (line 233) | static void
function plugin_vlog (line 371) | static void
function plugin_log (line 430) | static void
type openvpn_plugin_callbacks (line 439) | struct openvpn_plugin_callbacks
function plugin_open_item (line 458) | static void
function plugin_call_item (line 540) | static int
function plugin_close_item (line 609) | static void
function plugin_abort_item (line 640) | static void
function plugin_per_client_init (line 652) | static void
function plugin_per_client_destroy (line 670) | static void
type plugin_list (line 689) | struct plugin_list
type plugin_list (line 690) | struct plugin_list
type plugin_list (line 692) | struct plugin_list
type plugin_common (line 700) | struct plugin_common
type plugin_option_list (line 701) | struct plugin_option_list
type plugin_common (line 704) | struct plugin_common
function plugin_common_open (line 718) | static void
function plugin_common_close (line 747) | static void
type plugin_list (line 763) | struct plugin_list
type plugin_option_list (line 764) | struct plugin_option_list
type plugin_list (line 766) | struct plugin_list
function plugin_list_open (line 773) | void
function plugin_call_ssl (line 781) | int
function plugin_list_close (line 868) | void
function plugin_abort (line 887) | void
function plugin_defined (line 903) | bool
function openvpn_plugin_string_list_item_free (line 933) | static void
function openvpn_plugin_string_list_free (line 945) | static void
type openvpn_plugin_string_list (line 957) | struct openvpn_plugin_string_list
type openvpn_plugin_string_list (line 958) | struct openvpn_plugin_string_list
function plugin_return_get_column (line 971) | void
function plugin_return_free (line 985) | void
function plugin_return_print (line 997) | void
FILE: src/openvpn/plugin.h
type plugin_option (line 44) | struct plugin_option
type plugin_option_list (line 50) | struct plugin_option_list
type plugin (line 56) | struct plugin
type plugin_per_client (line 85) | struct plugin_per_client
type plugin_common (line 90) | struct plugin_common
type plugin_list (line 96) | struct plugin_list
type plugin_return (line 103) | struct plugin_return
type plugin_option_list (line 109) | struct plugin_option_list
type gc_arena (line 109) | struct gc_arena
type plugin_option_list (line 111) | struct plugin_option_list
type gc_arena (line 111) | struct gc_arena
type plugin_option_list (line 114) | struct plugin_option_list
type plugin_list (line 118) | struct plugin_list
type plugin_option_list (line 118) | struct plugin_option_list
type plugin_list (line 120) | struct plugin_list
type plugin_option_list (line 120) | struct plugin_option_list
type plugin_return (line 121) | struct plugin_return
type env_set (line 121) | struct env_set
type plugin_list (line 123) | struct plugin_list
type plugin_list (line 123) | struct plugin_list
type plugin_list (line 125) | struct plugin_list
type argv (line 125) | struct argv
type plugin_return (line 126) | struct plugin_return
type env_set (line 126) | struct env_set
type plugin_list (line 129) | struct plugin_list
type plugin_list (line 131) | struct plugin_list
type plugin_return (line 133) | struct plugin_return
type plugin_return (line 133) | struct plugin_return
type plugin_return (line 136) | struct plugin_return
type plugin_return (line 139) | struct plugin_return
function plugin_n (line 143) | static inline int
function plugin_return_defined (line 156) | static inline bool
function plugin_return_init (line 162) | static inline void
type plugin_list (line 169) | struct plugin_list
type plugin_return (line 173) | struct plugin_return
function plugin_defined (line 178) | static inline bool
function plugin_call_ssl (line 184) | static inline int
function plugin_call (line 194) | static inline int
FILE: src/openvpn/pool.c
function ifconfig_pool_entry_free (line 37) | static void
function ifconfig_pool_find (line 56) | static int
function ifconfig_pool_verify_range (line 116) | bool
type ifconfig_pool (line 139) | struct ifconfig_pool
type pool_type (line 140) | enum pool_type
type in6_addr (line 141) | struct in6_addr
type gc_arena (line 144) | struct gc_arena
type ifconfig_pool (line 145) | struct ifconfig_pool
function ifconfig_pool_free (line 280) | void
function ifconfig_pool_handle (line 296) | ifconfig_pool_handle
function ifconfig_pool_release (line 348) | bool
function ifconfig_pool_handle (line 366) | static ifconfig_pool_handle
function ifconfig_pool_handle (line 397) | static ifconfig_pool_handle
function in_addr_t (line 432) | static in_addr_t
function ifconfig_pool_handle_to_ipv6_base (line 461) | static struct in6_addr
function ifconfig_pool_set (line 474) | static void
function ifconfig_pool_list (line 486) | static void
function ifconfig_pool_msg (line 523) | static void
type ifconfig_pool_persist (line 537) | struct ifconfig_pool_persist
type ifconfig_pool_persist (line 540) | struct ifconfig_pool_persist
function ifconfig_pool_persist_close (line 559) | void
function ifconfig_pool_write_trigger (line 572) | bool
function ifconfig_pool_read (line 585) | void
function ifconfig_pool_write (line 711) | void
function ifconfig_pool_test (line 730) | void
FILE: src/openvpn/pool.h
type pool_type (line 34) | enum pool_type
type ifconfig_pool_entry (line 40) | struct ifconfig_pool_entry
type ifconfig_pool (line 48) | struct ifconfig_pool
type ifconfig_pool_persist (line 66) | struct ifconfig_pool_persist
type ifconfig_pool_handle (line 72) | typedef int ifconfig_pool_handle;
type ifconfig_pool (line 74) | struct ifconfig_pool
type pool_type (line 74) | enum pool_type
type in6_addr (line 76) | struct in6_addr
type ifconfig_pool (line 79) | struct ifconfig_pool
type ifconfig_pool (line 83) | struct ifconfig_pool
type in6_addr (line 84) | struct in6_addr
type ifconfig_pool (line 87) | struct ifconfig_pool
type ifconfig_pool_persist (line 89) | struct ifconfig_pool_persist
type ifconfig_pool_persist (line 91) | struct ifconfig_pool_persist
type ifconfig_pool_persist (line 93) | struct ifconfig_pool_persist
type ifconfig_pool_persist (line 95) | struct ifconfig_pool_persist
type ifconfig_pool (line 95) | struct ifconfig_pool
type ifconfig_pool_persist (line 97) | struct ifconfig_pool_persist
type ifconfig_pool (line 97) | struct ifconfig_pool
FILE: src/openvpn/proto.c
function is_ipv_X (line 38) | static bool
function is_ipv4 (line 107) | bool
function is_ipv6 (line 112) | bool
function ip_checksum (line 119) | uint16_t
function ipv4_packet_size_verify (line 170) | void
FILE: src/openvpn/proto.h
type openvpn_ethhdr (line 53) | struct openvpn_ethhdr
type openvpn_8021qhdr (line 65) | struct openvpn_8021qhdr
type openvpn_iphdr (line 89) | struct openvpn_iphdr
type openvpn_ipv6hdr (line 119) | struct openvpn_ipv6hdr
type openvpn_icmp6hdr (line 134) | struct openvpn_icmp6hdr
type openvpn_udphdr (line 154) | struct openvpn_udphdr
type openvpn_tcphdr (line 165) | struct openvpn_tcphdr
type ip_tcp_udp_hdr (line 195) | struct ip_tcp_udp_hdr
function get_tun_ip_ver (line 250) | static inline int
type buffer (line 290) | struct buffer
type buffer (line 292) | struct buffer
FILE: src/openvpn/proxy.c
type http_proxy_options (line 43) | struct http_proxy_options
type http_proxy_options (line 44) | struct http_proxy_options
type gc_arena (line 44) | struct gc_arena
type user_pass (line 57) | struct user_pass
function proxy_recv_char (line 59) | bool
function recv_line (line 103) | static bool
function proxy_send (line 186) | bool
function send_line_crlf (line 198) | static bool
function send_crlf (line 211) | static bool
type gc_arena (line 218) | struct gc_arena
type gc_arena (line 229) | struct gc_arena
type http_proxy_info (line 235) | struct http_proxy_info
type gc_arena (line 235) | struct gc_arena
type buffer (line 237) | struct buffer
function clear_user_pass_http (line 245) | static void
function get_user_pass_http (line 251) | static void
function dump_residual (line 293) | static void
function get_proxy_authenticate (line 315) | static int
function store_proxy_authenticate (line 354) | static void
function get_key_value (line 365) | static bool
type gc_arena (line 445) | struct gc_arena
type http_proxy_info (line 478) | struct http_proxy_info
type http_proxy_options (line 479) | struct http_proxy_options
type http_proxy_info (line 481) | struct http_proxy_info
function http_proxy_close (line 523) | void
function add_proxy_headers (line 529) | static bool
function establish_http_proxy_passthru (line 595) | bool
FILE: src/openvpn/proxy.h
type http_custom_header (line 37) | struct http_custom_header
type http_proxy_options (line 44) | struct http_proxy_options
type http_proxy_info (line 66) | struct http_proxy_info
type http_proxy_options (line 76) | struct http_proxy_options
type http_proxy_options (line 76) | struct http_proxy_options
type gc_arena (line 77) | struct gc_arena
type http_proxy_info (line 79) | struct http_proxy_info
type http_proxy_options (line 79) | struct http_proxy_options
type http_proxy_info (line 81) | struct http_proxy_info
type timeval (line 84) | struct timeval
type http_proxy_info (line 88) | struct http_proxy_info
type event_timeout (line 92) | struct event_timeout
type buffer (line 93) | struct buffer
type signal_info (line 93) | struct signal_info
type gc_arena (line 95) | struct gc_arena
type gc_arena (line 97) | struct gc_arena
FILE: src/openvpn/ps.c
type port_share (line 39) | struct port_share
type proxy_connection (line 66) | struct proxy_connection
type buffer (line 80) | struct buffer
function close_socket_if_defined (line 89) | static inline void
function close_fds_except (line 108) | static void
function set_signals (line 126) | static void
function recv_control (line 142) | static int
function send_control (line 157) | static int
function cmsg_size (line 172) | static int
function port_share_sendmsg (line 185) | static void
function proxy_entry_close_sd (line 252) | static void
function proxy_entry_mark_for_close (line 270) | static void
function proxy_list_housekeeping (line 298) | static void
function journal_add (line 334) | static void
function proxy_list_close (line 375) | static void
function proxy_connection_io_requeue (line 390) | static inline void
function proxy_entry_new (line 410) | static bool
function control_message_from_parent (line 485) | static bool
function proxy_connection_io_recv (line 561) | static int
function proxy_connection_io_send (line 582) | static int
function proxy_connection_io_xfer (line 625) | static int
function proxy_connection_io_status (line 655) | static bool
function proxy_connection_io_dispatch (line 686) | static int
function port_share_proxy (line 726) | static void
type port_share (line 800) | struct port_share
type openvpn_sockaddr (line 805) | struct openvpn_sockaddr
type port_share (line 806) | struct port_share
type addrinfo (line 815) | struct addrinfo
type gc_arena (line 825) | struct gc_arena
function port_share_close (line 918) | void
function port_share_abort (line 944) | void
function is_openvpn_protocol (line 964) | bool
function port_share_redirect (line 1015) | void
FILE: src/openvpn/ps.h
type port_share (line 32) | struct port_share
type port_share (line 41) | struct port_share
type port_share (line 43) | struct port_share
type port_share (line 46) | struct port_share
type port_share (line 48) | struct port_share
type buffer (line 50) | struct buffer
type port_share (line 52) | struct port_share
type buffer (line 52) | struct buffer
FILE: src/openvpn/push.c
function receive_auth_failed (line 47) | void
function server_pushed_signal (line 127) | void
function receive_exit_message (line 188) | void
function server_pushed_info (line 224) | void
function receive_cr_response (line 262) | void
function parse_auth_pending_keywords (line 294) | static void
function receive_auth_pending (line 335) | void
type gc_arena (line 376) | struct gc_arena
type push_list (line 376) | struct push_list
function send_auth_failed (line 392) | void
function send_auth_pending_messages (line 437) | bool
function send_restart (line 493) | void
function incoming_push_message (line 504) | void
function send_push_request (line 570) | bool
function prepare_auth_token_push_reply (line 605) | void
function prepare_push_reply (line 637) | bool
function send_push_options (line 741) | static bool
function send_push_reply_auth_token (line 783) | void
function send_push_reply (line 803) | bool
function push_option_ex (line 866) | static void
function push_option (line 895) | void
function clone_push_list (line 901) | void
function push_options (line 916) | void
function push_option_fmt (line 924) | static bool
function push_reset (line 942) | void
function push_remove_option (line 948) | void
function process_incoming_push_request (line 985) | int
function push_update_digest (line 1030) | static void
function process_incoming_push_reply (line 1062) | static int
function process_incoming_push_msg (line 1111) | int
function remove_iroutes_from_push_route_list (line 1147) | void
FILE: src/openvpn/push.h
type push_update_type (line 46) | typedef enum
type context (line 53) | struct context
type context (line 79) | struct context
type options (line 79) | struct options
type buffer (line 80) | struct buffer
type context (line 82) | struct context
type buffer (line 82) | struct buffer
type context (line 86) | struct context
type context (line 88) | struct context
type buffer (line 88) | struct buffer
type context (line 90) | struct context
type buffer (line 90) | struct buffer
type context (line 93) | struct context
type buffer (line 95) | struct buffer
type context (line 97) | struct context
type buffer (line 97) | struct buffer
type context (line 99) | struct context
type buffer (line 99) | struct buffer
type options (line 101) | struct options
type options (line 103) | struct options
type options (line 105) | struct options
type gc_arena (line 105) | struct gc_arena
type options (line 107) | struct options
type options (line 109) | struct options
type options (line 111) | struct options
type context (line 113) | struct context
type tls_multi (line 120) | struct tls_multi
type tls_session (line 120) | struct tls_session
type context (line 123) | struct context
type tls_multi (line 132) | struct tls_multi
type context (line 140) | struct context
type buffer (line 140) | struct buffer
FILE: src/openvpn/push_util.c
function process_push_update (line 13) | int
function find_first_comma_of_next_bundle (line 54) | static size_t
function forge_msg (line 69) | static struct buffer
type gc_arena (line 82) | struct gc_arena
function message_splitter (line 93) | static bool
function send_single_push_update (line 141) | static bool
function support_push_update (line 226) | static bool
function send_push_update (line 253) | static int
function management_callback_send_push_update_broadcast (line 362) | bool
function management_callback_send_push_update_by_cid (line 370) | bool
FILE: src/openvpn/pushlist.h
type push_entry (line 28) | struct push_entry
type push_list (line 35) | struct push_list
FILE: src/openvpn/reflect_filter.c
function reflect_filter_rate_limit_check (line 41) | bool
function reflect_filter_rate_limit_decrease (line 76) | void
type initial_packet_rate_limit (line 86) | struct initial_packet_rate_limit
type initial_packet_rate_limit (line 89) | struct initial_packet_rate_limit
function initial_rate_limit_free (line 102) | void
FILE: src/openvpn/reflect_filter.h
type initial_packet_rate_limit (line 29) | struct initial_packet_rate_limit
type initial_packet_rate_limit (line 54) | struct initial_packet_rate_limit
type initial_packet_rate_limit (line 61) | struct initial_packet_rate_limit
type initial_packet_rate_limit (line 66) | struct initial_packet_rate_limit
type initial_packet_rate_limit (line 71) | struct initial_packet_rate_limit
FILE: src/openvpn/reliable.c
function packet_id_type (line 43) | static inline packet_id_type
function reliable_pid_in_range1 (line 52) | static inline bool
function reliable_pid_in_range2 (line 62) | static inline bool
function reliable_pid_min (line 87) | static inline bool
function reliable_ack_packet_id_present (line 94) | static inline bool
function reliable_ack_read_packet_id (line 108) | bool
function reliable_ack_acknowledge_packet_id (line 126) | bool
function reliable_ack_read (line 143) | bool
function reliable_ack_parse (line 165) | bool
function copy_acks_to_mru (line 203) | void
function reliable_ack_write (line 247) | bool
type buffer (line 305) | struct buffer
type gc_arena (line 305) | struct gc_arena
type buffer (line 308) | struct buffer
type session_id (line 327) | struct session_id
function reliable_init (line 347) | void
function reliable_free (line 363) | void
function reliable_empty (line 379) | bool
function reliable_send_purge (line 394) | void
type reliable (line 435) | struct reliable
type gc_arena (line 435) | struct gc_arena
type buffer (line 437) | struct buffer
type reliable_entry (line 442) | struct reliable_entry
function reliable_can_get (line 453) | bool
function reliable_not_replay (line 471) | bool
function reliable_wont_break_sequentiality (line 498) | bool
type buffer (line 517) | struct buffer
type reliable (line 518) | struct reliable
type reliable_entry (line 522) | struct reliable_entry
function reliable_get_num_output_sequenced_available (line 532) | int
type buffer (line 561) | struct buffer
type reliable (line 562) | struct reliable
type buffer (line 566) | struct buffer
type reliable_entry (line 571) | struct reliable_entry
type gc_arena (line 588) | struct gc_arena
type reliable_entry (line 596) | struct reliable_entry
type reliable (line 597) | struct reliable
type reliable_entry (line 601) | struct reliable_entry
function reliable_can_send (line 611) | bool
type buffer (line 637) | struct buffer
type reliable (line 638) | struct reliable
type reliable_entry (line 640) | struct reliable_entry
type reliable_entry (line 645) | struct reliable_entry
function reliable_schedule_now (line 674) | void
function interval_t (line 697) | interval_t
function reliable_mark_active_incoming (line 735) | void
function reliable_mark_active_outgoing (line 768) | void
function reliable_mark_deleted (line 795) | void
function reliable_ack_debug_print (line 813) | void
function reliable_debug_print (line 823) | void
FILE: src/openvpn/reliable.h
type reliable_ack (line 63) | struct reliable_ack
type reliable_entry (line 76) | struct reliable_entry
type reliable (line 93) | struct reliable
type reliable_ack (line 126) | struct reliable_ack
type buffer (line 126) | struct buffer
type session_id (line 126) | struct session_id
type buffer (line 146) | struct buffer
type reliable_ack (line 146) | struct reliable_ack
type session_id (line 147) | struct session_id
type reliable (line 156) | struct reliable
type reliable_ack (line 156) | struct reliable_ack
function reliable_ack_empty (line 175) | static inline bool
function reliable_ack_outstanding (line 188) | static inline int
type reliable_ack (line 216) | struct reliable_ack
type reliable_ack (line 216) | struct reliable_ack
type buffer (line 216) | struct buffer
type session_id (line 217) | struct session_id
type reliable (line 238) | struct reliable
type reliable (line 247) | struct reliable
type reliable (line 266) | struct reliable
type reliable (line 279) | struct reliable
type reliable (line 303) | struct reliable
type buffer (line 315) | struct buffer
type buffer (line 328) | struct buffer
type reliable (line 328) | struct reliable
type reliable (line 339) | struct reliable
type buffer (line 339) | struct buffer
type reliable_ack (line 355) | struct reliable_ack
type reliable_entry (line 373) | struct reliable_entry
type reliable (line 373) | struct reliable
type reliable_ack (line 383) | struct reliable_ack
type reliable_ack (line 383) | struct reliable_ack
type reliable (line 392) | struct reliable
type buffer (line 392) | struct buffer
type buffer (line 413) | struct buffer
type reliable (line 413) | struct reliable
type reliable (line 426) | struct reliable
type reliable (line 439) | struct reliable
type buffer (line 439) | struct buffer
type reliable (line 460) | struct reliable
type buffer (line 479) | struct buffer
type reliable (line 479) | struct reliable
type reliable (line 498) | struct reliable
type reliable (line 511) | struct reliable
type reliable (line 520) | struct reliable
type reliable (line 522) | struct reliable
function reliable_set_timeout (line 525) | static inline void
type buffer (line 532) | struct buffer
type gc_arena (line 532) | struct gc_arena
type reliable_ack (line 534) | struct reliable_ack
FILE: src/openvpn/ring_buffer.h
type tun_ring (line 51) | struct tun_ring
type tun_register_rings (line 63) | struct tun_register_rings
type TUN_PACKET_HEADER (line 73) | struct TUN_PACKET_HEADER
type TUN_PACKET (line 78) | struct TUN_PACKET
function register_ring_buffers (line 99) | static inline bool
FILE: src/openvpn/route.c
type route_ipv4 (line 60) | struct route_ipv4
type tuntap (line 60) | struct tuntap
type route_ipv4 (line 62) | struct route_ipv4
type tuntap (line 62) | struct tuntap
type route_ipv6 (line 64) | struct route_ipv6
type tuntap (line 64) | struct tuntap
type route_ipv6 (line 66) | struct route_ipv6
type tuntap (line 66) | struct tuntap
type route_ipv6 (line 68) | struct route_ipv6
type tuntap (line 68) | struct tuntap
type route_ipv4 (line 70) | struct route_ipv4
type tuntap (line 70) | struct tuntap
type route_ipv4 (line 73) | struct route_ipv4
type tuntap (line 73) | struct tuntap
type route_ipv4 (line 78) | struct route_ipv4
type tuntap (line 78) | struct tuntap
type route_gateway_info (line 79) | struct route_gateway_info
type env_set (line 79) | struct env_set
type route_bypass (line 82) | struct route_bypass
function print_bypass_addresses (line 86) | static void
function add_bypass_address (line 106) | static bool
type route_option_list (line 129) | struct route_option_list
type gc_arena (line 130) | struct gc_arena
type route_option_list (line 132) | struct route_option_list
type route_ipv6_option_list (line 138) | struct route_ipv6_option_list
type gc_arena (line 139) | struct gc_arena
type route_ipv6_option_list (line 141) | struct route_ipv6_option_list
type route_option_list (line 154) | struct route_option_list
type route_option_list (line 155) | struct route_option_list
type gc_arena (line 155) | struct gc_arena
type route_option_list (line 157) | struct route_option_list
type route_ipv6_option_list (line 163) | struct route_ipv6_option_list
type route_ipv6_option_list (line 164) | struct route_ipv6_option_list
type gc_arena (line 164) | struct gc_arena
type route_ipv6_option_list (line 166) | struct route_ipv6_option_list
function copy_route_option_list (line 172) | void
function copy_route_ipv6_option_list (line 180) | void
type route_ipv4 (line 189) | struct route_ipv4
type gc_arena (line 189) | struct gc_arena
type buffer (line 191) | struct buffer
function is_route_parm_defined (line 201) | static bool
function setenv_route_addr (line 215) | static void
function get_special_addr (line 232) | static bool
function is_special_addr (line 300) | bool
function init_route (line 313) | static bool
function init_route_ipv6 (line 436) | static bool
function add_route_to_option_list (line 493) | void
function add_route_ipv6_to_option_list (line 508) | void
function clear_route_list (line 522) | static void
function clear_route_ipv6_list (line 529) | static void
function route_list_add_vpn_gateway (line 536) | void
function add_block_local_item (line 545) | static void
function add_block_local_routes (line 573) | static void
function block_local_needed (line 597) | bool
function init_route_list (line 605) | bool
function ipv6_net_contains_host (line 717) | bool
function init_route_ipv6_list (line 751) | bool
function add_route3 (line 885) | static bool
function del_route3 (line 899) | static void
function add_bypass_routes (line 913) | static bool
function del_bypass_routes (line 931) | static void
function redirect_default_route_to_vpn (line 947) | static bool
function undo_redirect_default_route_to_vpn (line 1055) | static void
function add_routes (line 1102) | bool
function delete_routes (line 1167) | void
function delete_routes_v4 (line 1175) | void
function delete_routes_v6 (line 1197) | void
function print_route_option (line 1232) | static void
function print_route_options (line 1239) | void
function print_default_gateway (line 1253) | void
function print_route (line 1327) | static void
function print_routes (line 1338) | void
function setenv_route (line 1348) | static void
function setenv_routes (line 1368) | void
function setenv_route_ipv6 (line 1379) | static void
function setenv_routes_ipv6 (line 1405) | void
function local_route (line 1439) | static int
function is_on_link (line 1471) | static inline bool
function add_route (line 1480) | bool
function route_ipv6_clear_host_bits (line 1764) | void
function add_route_ipv6 (line 1789) | bool
function delete_route (line 2025) | static void
function delete_route_ipv6 (line 2197) | void
function MIB_IPFORWARDTABLE (line 2378) | static const MIB_IPFORWARDTABLE *
function test_route (line 2400) | static int
function test_route_helper (line 2412) | static void
function test_routes (line 2437) | bool
function MIB_IPFORWARDROW (line 2480) | static const MIB_IPFORWARDROW *
function DWORD (line 2528) | static DWORD
function get_default_gateway (line 2564) | void
function DWORD (line 2616) | static DWORD
function get_default_gateway_ipv6 (line 2661) | void
function add_route_ipapi (line 2707) | static int
function del_route_ipapi (line 2803) | static bool
function do_route_service (line 2840) | static int
function do_route_ipv4_service (line 2872) | static int
function route_ipv6_ipapi (line 2901) | static int
function do_route_ipv6_service (line 2978) | static int
function add_route_service (line 3021) | static int
function del_route_service (line 3027) | static bool
function add_route_ipv6_service (line 3034) | static int
function del_route_ipv6_service (line 3040) | static bool
type gc_arena (line 3047) | struct gc_arena
type buffer (line 3049) | struct buffer
function show_routes (line 3064) | void
function get_default_gateway (line 3084) | void
function get_default_gateway_ipv6 (line 3107) | void
function get_default_gateway (line 3124) | void
type rtreq (line 3260) | struct rtreq
function get_default_gateway_ipv6 (line 3267) | void
type rtmsg (line 3312) | struct rtmsg
function get_default_gateway (line 3366) | void
function get_default_gateway_ipv6 (line 3586) | void
function get_default_gateway (line 3744) | void
function get_default_gateway_ipv6 (line 3814) | void
function get_default_gateway (line 3848) | void
function get_default_gateway_ipv6 (line 3853) | void
function netmask_to_netbits (line 3863) | bool
function netmask_to_netbits2 (line 3894) | int
function add_host_route_if_nonlocal (line 3920) | static void
function add_host_route_array (line 3929) | static void
function get_bypass_addresses (line 3945) | static void
function get_bypass_addresses (line 3983) | static void
function test_local_addr (line 4001) | int
function test_local_addr (line 4032) | int
FILE: src/openvpn/route.h
type route_bypass (line 52) | struct route_bypass
type route_special_addr (line 59) | struct route_special_addr
type route_option (line 75) | struct route_option
type route_option_list (line 95) | struct route_option_list
type route_ipv6_option (line 102) | struct route_ipv6_option
type route_ipv6_option_list (line 111) | struct route_ipv6_option_list
type route_ipv4 (line 118) | struct route_ipv4
type route_ipv6 (line 133) | struct route_ipv6
type route_gateway_address (line 151) | struct route_gateway_address
type route_gateway_info (line 157) | struct route_gateway_info
type route_ipv6_gateway_address (line 188) | struct route_ipv6_gateway_address
type route_ipv6_gateway_info (line 194) | struct route_ipv6_gateway_info
type route_list (line 228) | struct route_list
type route_ipv6_list (line 243) | struct route_ipv6_list
type iroute (line 260) | struct iroute
type iroute_ipv6 (line 267) | struct iroute_ipv6
type route_list (line 284) | struct route_list
type route_option_list (line 286) | struct route_option_list
type gc_arena (line 286) | struct gc_arena
type route_ipv6_option_list (line 288) | struct route_ipv6_option_list
type gc_arena (line 288) | struct gc_arena
type route_option_list (line 290) | struct route_option_list
type route_option_list (line 290) | struct route_option_list
type gc_arena (line 291) | struct gc_arena
type route_ipv6_option_list (line 293) | struct route_ipv6_option_list
type route_ipv6_option_list (line 294) | struct route_ipv6_option_list
type gc_arena (line 294) | struct gc_arena
type route_option_list (line 296) | struct route_option_list
type route_option_list (line 296) | struct route_option_list
type gc_arena (line 297) | struct gc_arena
type route_ipv6_option_list (line 299) | struct route_ipv6_option_list
type route_ipv6_option_list (line 300) | struct route_ipv6_option_list
type gc_arena (line 300) | struct gc_arena
type route_ipv6 (line 302) | struct route_ipv6
type route_ipv6 (line 304) | struct route_ipv6
type tuntap (line 304) | struct tuntap
type env_set (line 305) | struct env_set
type route_ipv6 (line 307) | struct route_ipv6
type tuntap (line 307) | struct tuntap
type env_set (line 308) | struct env_set
type route_ipv4 (line 310) | struct route_ipv4
type tuntap (line 310) | struct tuntap
type route_gateway_info (line 311) | struct route_gateway_info
type env_set (line 311) | struct env_set
type route_option_list (line 314) | struct route_option_list
type route_ipv6_option_list (line 317) | struct route_ipv6_option_list
type route_list (line 320) | struct route_list
type route_option_list (line 320) | struct route_option_list
type env_set (line 322) | struct env_set
type route_ipv6_list (line 324) | struct route_ipv6_list
type route_ipv6_option_list (line 324) | struct route_ipv6_option_list
type in6_addr (line 326) | struct in6_addr
type env_set (line 326) | struct env_set
type route_list (line 329) | struct route_list
type env_set (line 329) | struct env_set
type route_list (line 331) | struct route_list
type route_ipv6_list (line 331) | struct route_ipv6_list
type tuntap (line 331) | struct tuntap
type env_set (line 332) | struct env_set
type route_list (line 334) | struct route_list
type route_ipv6_list (line 334) | struct route_ipv6_list
type tuntap (line 334) | struct tuntap
type env_set (line 335) | struct env_set
type route_list (line 337) | struct route_list
type tuntap (line 337) | struct tuntap
type env_set (line 338) | struct env_set
type route_ipv6_list (line 340) | struct route_ipv6_list
type tuntap (line 340) | struct tuntap
type env_set (line 341) | struct env_set
type env_set (line 343) | struct env_set
type route_list (line 343) | struct route_list
type env_set (line 345) | struct env_set
type route_ipv6_list (line 345) | struct route_ipv6_list
type route_gateway_info (line 356) | struct route_gateway_info
type route_ipv6_gateway_info (line 358) | struct route_ipv6_gateway_info
type in6_addr (line 358) | struct in6_addr
type route_gateway_info (line 361) | struct route_gateway_info
type route_ipv6_gateway_info (line 362) | struct route_ipv6_gateway_info
type route_gateway_info (line 373) | struct route_gateway_info
type route_option_list (line 376) | struct route_option_list
type route_list (line 380) | struct route_list
type route_list (line 386) | struct route_list
type tuntap (line 386) | struct tuntap
function test_routes (line 389) | static inline bool
function in_addr_t (line 400) | static inline in_addr_t
function route_list_vpn_gateway_needed (line 412) | static inline bool
function route_did_redirect_default_gat
Condensed preview — 522 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (5,893K chars).
[
{
"path": ".clang-format",
"chars": 1335,
"preview": "---\nBasedOnStyle: Mozilla\nAccessModifierOffset: '-4'\nAlignAfterOpenBracket: Align\nAlignConsecutiveMacros:\n Enabled: tru"
},
{
"path": ".git-blame-ignore-revs",
"chars": 1672,
"preview": "# This FILE allows git blame to ignore reformatting changes and instead\n# shows the previous commit that changed the lin"
},
{
"path": ".gitattributes",
"chars": 95,
"preview": "*.c eol=lf\n*.h eol=lf\n*.rc eol=lf\n*.txt eol=lf\n*.bat eol=lf\n*.vc*proj* eol=crlf\n*.sln eol=crlf\n"
},
{
"path": ".github/ISSUE_TEMPLATE/bug_report.md",
"chars": 794,
"preview": "---\nname: Bug report\nabout: Create a report to help us improve\ntitle: ''\nlabels: ''\nassignees: ''\n\n---\n\n**IMPORTANT NOTE"
},
{
"path": ".github/PULL_REQUEST_TEMPLATE.md",
"chars": 618,
"preview": "# Thank you for your contribution\n\nYou are welcome to open PR, but they are used for discussion only. All\npatches must e"
},
{
"path": ".github/workflows/build.yaml",
"chars": 19681,
"preview": "# The name of our workflow\nname: Build\non:\n push:\n pull_request:\n\njobs:\n clang-format:\n name: Check code style wit"
},
{
"path": ".github/workflows/coverity-scan.yml",
"chars": 2806,
"preview": "name: coverity-scan\non:\n schedule:\n - cron: '0 20 * * *' # Daily at 20:00 UTC\n workflow_dispatch:\n\njobs:\n latest:\n"
},
{
"path": ".github/workflows/doxygen.yml",
"chars": 1734,
"preview": "name: Deploy Doxygen documentation to Pages\non:\n push:\n branches: [\"master\"]\n workflow_dispatch:\nconcurrency:\n gro"
},
{
"path": ".gitignore",
"chars": 897,
"preview": "*.[oa]\n*.l[oa]\n*.dll\n*.exe\n*.exe.*\n*.obj\n*.pyc\n*.so\n*~\n*.idb\n*.suo\n*.ncb\n*.log\nout\n.vs\n.deps\n.libs\nMakefile\nMakefile.in\n"
},
{
"path": ".mailmap",
"chars": 960,
"preview": "Adriaan de Jong <dejong@fox-it.com> <adriaan@adriaan-VirtualBox.(none)>\nDavid Sommerseth <dazo@eurephia.net>"
},
{
"path": ".pre-commit-config.yaml",
"chars": 270,
"preview": "repos:\n - repo: https://github.com/pre-commit/mirrors-clang-format\n rev: 'v21.1.8'\n hooks:\n - id: clang-form"
},
{
"path": ".svncommitters",
"chars": 40,
"preview": "james = James Yonan <james@openvpn.net>\n"
},
{
"path": "AUTHORS",
"chars": 28,
"preview": "James Yonan <jim@yonan.net>\n"
},
{
"path": "CMakeLists.txt",
"chars": 32647,
"preview": "cmake_minimum_required(VERSION 3.14)\nset(CMAKE_CONFIGURATION_TYPES \"Release;Debug;ASAN\")\nproject(openvpn)\n\n# This CMake "
},
{
"path": "CMakePresets.json",
"chars": 8605,
"preview": "{\n \"version\": 3,\n \"configurePresets\": [\n {\n \"name\": \"base\",\n \"hidden\": true,\n "
},
{
"path": "CONTRIBUTING.rst",
"chars": 2323,
"preview": "CONTRIBUTING TO THE OPENVPN PROJECT\n===================================\n\nPatches should be written against the Git \"mast"
},
{
"path": "COPYING",
"chars": 3820,
"preview": "OpenVPN (TM) -- An Open Source VPN daemon\n\nCopyright (C) 2002-2026 OpenVPN Inc <sales@openvpn.net>\n\nThis distribution co"
},
{
"path": "COPYRIGHT.GPL",
"chars": 17984,
"preview": " GNU GENERAL PUBLIC LICENSE\n Version 2, June 1991\n\n Copyright (C) 1989, 1991 Fr"
},
{
"path": "ChangeLog",
"chars": 282,
"preview": "OpenVPN ChangeLog\nCopyright (C) 2002-2026 OpenVPN Inc <sales@openvpn.net>\n\nthis marks the start of the 2.8 development c"
},
{
"path": "Changes.rst",
"chars": 68620,
"preview": "Overview of changes in 2.8\n==========================\n\n\nOverview of changes in 2.7\n==========================\nNew featur"
},
{
"path": "INSTALL",
"chars": 9521,
"preview": "Installation instructions for OpenVPN, a Secure Tunneling Daemon\n\nCopyright (C) 2002-2022 OpenVPN Inc. This program is f"
},
{
"path": "Makefile.am",
"chars": 2989,
"preview": "#\n# OpenVPN -- An application to securely tunnel IP networks\n# over a single UDP port, with support for SSL"
},
{
"path": "NEWS",
"chars": 0,
"preview": ""
},
{
"path": "PORTS",
"chars": 3913,
"preview": "OpenVPN\nCopyright (C) 2002-2026 OpenVPN Inc <sales@openvpn.net>\n\n OpenVPN has been written to try to avoid features\n t"
},
{
"path": "README",
"chars": 2202,
"preview": "OpenVPN -- A Secure tunneling daemon\n\nCopyright (C) 2002-2022 OpenVPN Inc. This program is free software;\nyou can redist"
},
{
"path": "README.awslc",
"chars": 789,
"preview": "This version of OpenVPN supports AWS-LC (AWS Libcrypto), AWS's open-source cryptographic library.\n\nIf you encounter bugs"
},
{
"path": "README.cmake.md",
"chars": 7577,
"preview": "OpenVPN Builds with CMake\n=========================\n\nFor Windows builds we do not use the autotools-based buildsystem th"
},
{
"path": "README.dco.md",
"chars": 5207,
"preview": "OpenVPN data channel offload\n============================\n2.6.0+ implements support for data-channel offloading where th"
},
{
"path": "README.ec",
"chars": 1884,
"preview": "Since 2.4.0, OpenVPN has official support for elliptic curve crypto. Elliptic\ncurves are an alternative to RSA for asymm"
},
{
"path": "README.mbedtls",
"chars": 783,
"preview": "This version of OpenVPN has mbed TLS support. To enable, follow the\ninstructions below:\n\nTo build and install,\n\n\t./confi"
},
{
"path": "README.wolfssl",
"chars": 2761,
"preview": "Support for wolfSSL is implemented and maintained by wolfSSL Inc. The support is\nimplemented using wolfSSL's compatibili"
},
{
"path": "compat.m4",
"chars": 1931,
"preview": "dnl OpenVPN -- An application to securely tunnel IP networks\ndnl over a single UDP port, with support for S"
},
{
"path": "config.h.cmake.in",
"chars": 10703,
"preview": "\n/* Configuration settings */\n#define CONFIGURE_DEFINES \"N/A\"\n\n/* Enable async push */\n#cmakedefine ENABLE_ASYNC_PUSH\n\n/"
},
{
"path": "configure.ac",
"chars": 42537,
"preview": "dnl OpenVPN -- An application to securely tunnel IP networks\ndnl over a single UDP port, with support for S"
},
{
"path": "contrib/OCSP_check/OCSP_check.sh",
"chars": 3671,
"preview": "#!/bin/sh\n\n# Sample script to perform OCSP queries with OpenSSL\n# given a certificate serial number.\n\n# If you run your "
},
{
"path": "contrib/README",
"chars": 66,
"preview": "This directory contains scripts and patches contributed\nby users.\n"
},
{
"path": "contrib/cmake/git-version.py",
"chars": 2933,
"preview": "#\n# OpenVPN -- An application to securely tunnel IP networks\n# over a single UDP port, with support for SSL"
},
{
"path": "contrib/cmake/parse-version.m4.py",
"chars": 2215,
"preview": "#\n# OpenVPN -- An application to securely tunnel IP networks\n# over a single UDP port, with support for SSL"
},
{
"path": "contrib/extract-crl/extractcrl.py",
"chars": 4398,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\n'''\nHelper script for CRL (certificate revocation list) file extraction\n"
},
{
"path": "contrib/multilevel-init.patch",
"chars": 2242,
"preview": "--- /etc/init.d/openvpn\t2004-05-12 20:30:06.000000000 +0200\n+++ openvpn\t2004-05-12 20:34:33.000000000 +0200\n@@ -58,13 +5"
},
{
"path": "contrib/openvpn-fwmarkroute-1.00/README",
"chars": 1858,
"preview": "OpenVPN fwmark Routing\nSean Reifschneider, <jafo@tummy.com>\nThursday November 27, 2003\n==========================\n\nThese"
},
{
"path": "contrib/openvpn-fwmarkroute-1.00/fwmarkroute.down",
"chars": 674,
"preview": "#!/bin/sh\n#\n# Bring down vpn routing.\n\n# calculate the network address\nremote_network=`ipcalc -n \"$remote\"/\"$remote_ne"
},
{
"path": "contrib/openvpn-fwmarkroute-1.00/fwmarkroute.up",
"chars": 1392,
"preview": "#!/bin/sh\n#\n# Bring up vpn routing.\n\n# calculate the network address\nremote_network=`ipcalc -n \"$remote\"/\"$remote_netm"
},
{
"path": "contrib/vcpkg-manifests/mingw/vcpkg.json",
"chars": 271,
"preview": "{\n \"$schema\": \"https://raw.githubusercontent.com/microsoft/vcpkg/master/scripts/vcpkg.schema.json\",\n \"name\": \"openvpn\""
},
{
"path": "contrib/vcpkg-manifests/windows/vcpkg.json",
"chars": 397,
"preview": "{\n \"$schema\": \"https://raw.githubusercontent.com/microsoft/vcpkg/master/scripts/vcpkg.schema.json\",\n \"name\": \"openvpn\""
},
{
"path": "contrib/vcpkg-ports/pkcs11-helper/config-w32-vc.h.in-indicate-OpenSSL.patch",
"chars": 992,
"preview": "From c2293864de70fec322fe7e559055530ef56b9641 Mon Sep 17 00:00:00 2001\nFrom: Lev Stipakov <lev@openvpn.net>\nDate: Tue, 1"
},
{
"path": "contrib/vcpkg-ports/pkcs11-helper/nmake-compatibility-with-vcpkg-nmake.patch",
"chars": 1090,
"preview": "From 2d3a2c05383f653544b9c7194dd1349c6d5f3067 Mon Sep 17 00:00:00 2001\nFrom: Lev Stipakov <lev@openvpn.net>\nDate: Tue, 1"
},
{
"path": "contrib/vcpkg-ports/pkcs11-helper/pkcs11-helper-001-RFC7512.patch",
"chars": 16025,
"preview": "upstream PR: https://github.com/OpenSC/pkcs11-helper/pull/4\n\nRebased to 1.31.0 by selva.nair@gmail.com\n\ncommit 90590b020"
},
{
"path": "contrib/vcpkg-ports/pkcs11-helper/portfile.cmake",
"chars": 2954,
"preview": "vcpkg_download_distfile(ARCHIVE\n URLS \"https://github.com/OpenSC/pkcs11-helper/releases/download/pkcs11-helper-${VERS"
},
{
"path": "contrib/vcpkg-ports/pkcs11-helper/vcpkg.json",
"chars": 422,
"preview": "{\n \"$schema\": \"https://raw.githubusercontent.com/microsoft/vcpkg/master/scripts/vcpkg.schema.json\",\n \"name\": \"pkcs11-h"
},
{
"path": "contrib/vcpkg-triplets/arm64-windows-ovpn.cmake",
"chars": 206,
"preview": "set(VCPKG_TARGET_ARCHITECTURE arm64)\nset(VCPKG_CRT_LINKAGE dynamic)\nset(VCPKG_LIBRARY_LINKAGE dynamic)\n\nset(STATIC_PORTS"
},
{
"path": "contrib/vcpkg-triplets/x64-mingw-ovpn.cmake",
"chars": 225,
"preview": "set(VCPKG_TARGET_ARCHITECTURE x64)\nset(VCPKG_CRT_LINKAGE dynamic)\nset(VCPKG_LIBRARY_LINKAGE static)\nset(VCPKG_ENV_PASSTH"
},
{
"path": "contrib/vcpkg-triplets/x64-windows-ovpn.cmake",
"chars": 204,
"preview": "set(VCPKG_TARGET_ARCHITECTURE x64)\nset(VCPKG_CRT_LINKAGE dynamic)\nset(VCPKG_LIBRARY_LINKAGE dynamic)\n\nset(STATIC_PORTS l"
},
{
"path": "contrib/vcpkg-triplets/x86-mingw-ovpn.cmake",
"chars": 223,
"preview": "set(VCPKG_TARGET_ARCHITECTURE x86)\nset(VCPKG_CRT_LINKAGE dynamic)\nset(VCPKG_LIBRARY_LINKAGE static)\nset(VCPKG_ENV_PASSTH"
},
{
"path": "contrib/vcpkg-triplets/x86-windows-ovpn.cmake",
"chars": 204,
"preview": "set(VCPKG_TARGET_ARCHITECTURE x86)\nset(VCPKG_CRT_LINKAGE dynamic)\nset(VCPKG_LIBRARY_LINKAGE dynamic)\n\nset(STATIC_PORTS l"
},
{
"path": "debug/doval",
"chars": 246,
"preview": "#!/bin/bash\nPROGDIR=`dirname $0`\nunset LD_LIBRARY_PATH\nvalgrind --tool=memcheck --error-limit=no --suppressions=$PROGDIR"
},
{
"path": "debug/dovalns",
"chars": 136,
"preview": "#!/bin/bash\nvalgrind --tool=memcheck --error-limit=no --gen-suppressions=all --leak-check=full --show-reachable=yes --nu"
},
{
"path": "debug/valgrind-suppress",
"chars": 22759,
"preview": "{\n <insert a suppression name here>\n Memcheck:Addr8\n obj:/lib/ld-2.5.so\n obj:/lib/ld-2.5.so\n obj:/lib/ld-2.5.s"
},
{
"path": "dev-tools/gen-release-tarballs.sh",
"chars": 6719,
"preview": "#!/bin/sh\n# gen-release-tarballs.sh - Generates release tarballs with signatures\n#\n# Copyright (C) 2017-2026 - David S"
},
{
"path": "dev-tools/gerrit-send-mail.py",
"chars": 5485,
"preview": "#!/usr/bin/env python3\n\n# Copyright (C) 2023-2026 OpenVPN Inc <sales@openvpn.net>\n# Copyright (C) 2023-2026 Frank Lich"
},
{
"path": "dev-tools/git-pre-commit-format.sh",
"chars": 6525,
"preview": "#!/bin/sh\n\n# Copyright (c) 2015, David Martin\n# 2022, Heiko Hund\n# 2025, Frank Lichtenheld\n#"
},
{
"path": "dev-tools/update-copyright.sh",
"chars": 1852,
"preview": "#!/bin/sh\n# update-copyright-sh - Simple tool to update the Copyright lines\n# in all files checked"
},
{
"path": "distro/Makefile.am",
"chars": 526,
"preview": "#\n# OpenVPN -- An application to securely tunnel IP networks\n# over a single UDP port, with support for SSL"
},
{
"path": "distro/dns-scripts/Makefile.am",
"chars": 740,
"preview": "#\n# OpenVPN -- An application to securely tunnel IP networks\n# over a single UDP port, with support for SSL"
},
{
"path": "distro/dns-scripts/haikuos_file-dns-updown.sh",
"chars": 2575,
"preview": "#!/bin/sh\n#\n# Simple OpenVPN up/down script for modifying Haiku OS resolv.conf\n# (C) Copyright 2024 OpenVPN Inc <sales@o"
},
{
"path": "distro/dns-scripts/macos-dns-updown.sh",
"chars": 8823,
"preview": "#!/bin/bash\n#\n# dns-updown - add/remove openvpn provided DNS information\n#\n# (C) Copyright 2025 OpenVPN Inc <sales@openv"
},
{
"path": "distro/dns-scripts/openresolv-dns-updown.sh",
"chars": 2497,
"preview": "#!/bin/sh\n#\n# Simple OpenVPN up/down script for openresolv integration\n# (C) Copyright 2016 Baptiste Daroussin\n# "
},
{
"path": "distro/dns-scripts/resolvconf_file-dns-updown.sh",
"chars": 2546,
"preview": "#!/bin/sh\n#\n# Simple OpenVPN up/down script for modifying /etc/resolv.conf\n# (C) Copyright 2024 OpenVPN Inc <sales@openv"
},
{
"path": "distro/dns-scripts/systemd-dns-updown.sh",
"chars": 6898,
"preview": "#!/bin/bash\n#\n# dns-updown - add/remove openvpn provided DNS information\n#\n# Copyright (C) 2024-2026 OpenVPN Inc <sales@"
},
{
"path": "distro/systemd/Makefile.am",
"chars": 1052,
"preview": "#\n# OpenVPN -- An application to securely tunnel IP networks\n# over a single UDP port, with support for SSL"
},
{
"path": "distro/systemd/README.systemd",
"chars": 2422,
"preview": "OpenVPN and systemd\n===================\n\nAs of OpenVPN v2.4, upstream is shipping systemd unit files to provide a\nfine g"
},
{
"path": "distro/systemd/openvpn-client@.service.in",
"chars": 769,
"preview": "[Unit]\nDescription=OpenVPN tunnel for %i\nAfter=network-online.target\nWants=network-online.target\nDocumentation=man:openv"
},
{
"path": "distro/systemd/openvpn-server@.service.in",
"chars": 891,
"preview": "[Unit]\nDescription=OpenVPN service for %i\nAfter=network-online.target\nWants=network-online.target\nDocumentation=man:open"
},
{
"path": "distro/systemd/tmpfiles-openvpn.conf",
"chars": 78,
"preview": "d /run/openvpn-client 0710 root root -\nd /run/openvpn-server 0710 root root -\n"
},
{
"path": "doc/CMakeLists.txt",
"chars": 4246,
"preview": "set(_GENERATE_HTML_DOC YES)\nset(_GENERATE_MAN_DOC YES)\nset(_MAYBE_PYTHON \"\")\nfind_program(RST2HTML NAMES rst2html rst2h"
},
{
"path": "doc/Makefile.am",
"chars": 3029,
"preview": "#\n# OpenVPN -- An application to securely tunnel IP networks\n# over a single UDP port, with support for SSL"
},
{
"path": "doc/README.man",
"chars": 762,
"preview": "\nman page documentation\n======================\n\nThe man page content maintained in the openvpn.8.rst file and proper man"
},
{
"path": "doc/README.plugins",
"chars": 1515,
"preview": "OpenVPN Plugins\n---------------\n\nStarting with OpenVPN 2.0-beta17, compiled plugin modules are\nsupported on any *nix OS "
},
{
"path": "doc/android.txt",
"chars": 4198,
"preview": "This file documents the support in OpenVPN for Android using the\nVPNService API (https://developer.android.com/reference"
},
{
"path": "doc/doxygen/Makefile.am",
"chars": 968,
"preview": "#\n# OpenVPN -- An application to securely tunnel IP networks\n# over a single UDP port, with support for SSL"
},
{
"path": "doc/doxygen/doc_compression.h",
"chars": 4051,
"preview": "/*\n * OpenVPN -- An application to securely tunnel IP networks\n * over a single TCP/UDP port, with support "
},
{
"path": "doc/doxygen/doc_control_processor.h",
"chars": 9112,
"preview": "/*\n * OpenVPN -- An application to securely tunnel IP networks\n * over a single TCP/UDP port, with support "
},
{
"path": "doc/doxygen/doc_control_tls.h",
"chars": 4628,
"preview": "/*\n * OpenVPN -- An application to securely tunnel IP networks\n * over a single TCP/UDP port, with support "
},
{
"path": "doc/doxygen/doc_data_control.h",
"chars": 4438,
"preview": "/*\n * OpenVPN -- An application to securely tunnel IP networks\n * over a single TCP/UDP port, with support "
},
{
"path": "doc/doxygen/doc_data_crypto.h",
"chars": 2997,
"preview": "/*\n * OpenVPN -- An application to securely tunnel IP networks\n * over a single TCP/UDP port, with support "
},
{
"path": "doc/doxygen/doc_eventloop.h",
"chars": 2938,
"preview": "/*\n * OpenVPN -- An application to securely tunnel IP networks\n * over a single TCP/UDP port, with support "
},
{
"path": "doc/doxygen/doc_external_multiplexer.h",
"chars": 1800,
"preview": "/*\n * OpenVPN -- An application to securely tunnel IP networks\n * over a single TCP/UDP port, with support "
},
{
"path": "doc/doxygen/doc_fragmentation.h",
"chars": 4536,
"preview": "/*\n * OpenVPN -- An application to securely tunnel IP networks\n * over a single TCP/UDP port, with support "
},
{
"path": "doc/doxygen/doc_internal_multiplexer.h",
"chars": 1716,
"preview": "/*\n * OpenVPN -- An application to securely tunnel IP networks\n * over a single TCP/UDP port, with support "
},
{
"path": "doc/doxygen/doc_key_generation.h",
"chars": 7343,
"preview": "/*\n * OpenVPN -- An application to securely tunnel IP networks\n * over a single TCP/UDP port, with support "
},
{
"path": "doc/doxygen/doc_mainpage.h",
"chars": 7960,
"preview": "/*\n * OpenVPN -- An application to securely tunnel IP networks\n * over a single TCP/UDP port, with support "
},
{
"path": "doc/doxygen/doc_memory_management.h",
"chars": 4542,
"preview": "/*\n * OpenVPN -- An application to securely tunnel IP networks\n * over a single TCP/UDP port, with support "
},
{
"path": "doc/doxygen/doc_protocol_overview.h",
"chars": 9053,
"preview": "/*\n * OpenVPN -- An application to securely tunnel IP networks\n * over a single TCP/UDP port, with support "
},
{
"path": "doc/doxygen/doc_reliable.h",
"chars": 1853,
"preview": "/*\n * OpenVPN -- An application to securely tunnel IP networks\n * over a single TCP/UDP port, with support "
},
{
"path": "doc/doxygen/doc_tunnel_state.h",
"chars": 7360,
"preview": "/*\n * OpenVPN -- An application to securely tunnel IP networks\n * over a single TCP/UDP port, with support "
},
{
"path": "doc/doxygen/openvpn.doxyfile.in",
"chars": 115431,
"preview": "# Doxyfile 1.9.1\n\n# This file describes the settings to be used by the documentation system\n# doxygen (www.doxygen.org) "
},
{
"path": "doc/gui-notes.txt",
"chars": 12280,
"preview": "Management Interface \"echo\" protocol\n\n================================================================================\nT"
},
{
"path": "doc/interactive-service-notes.rst",
"chars": 11409,
"preview": "OpenVPN Interactive Service Notes\n=================================\n\n\nIntroduction\n------------\n\nOpenVPN Interactive Ser"
},
{
"path": "doc/keying-material-exporter.txt",
"chars": 6219,
"preview": "OpenVPN Daniel Kubec <niel@rtfm.cz>\nRFC-5705 "
},
{
"path": "doc/man-sections/advanced-options.rst",
"chars": 4039,
"preview": "Standalone Debug Options\n------------------------\n\n--show-gateway args\n (Standalone) Show current IPv4 and IPv6 default"
},
{
"path": "doc/man-sections/cipher-negotiation.rst",
"chars": 5255,
"preview": "Data channel cipher negotiation\n-------------------------------\n\nOpenVPN 2.4 and higher have the capability to negotiate"
},
{
"path": "doc/man-sections/client-options.rst",
"chars": 23385,
"preview": "Client Options\n--------------\nThe client options are used when connecting to an OpenVPN server configured\nto use ``--ser"
},
{
"path": "doc/man-sections/connection-profiles.rst",
"chars": 2573,
"preview": "CONNECTION PROFILES\n===================\n\nClient configuration files may contain multiple remote servers which\nit will at"
},
{
"path": "doc/man-sections/encryption-options.rst",
"chars": 4244,
"preview": "Encryption Options\n------------------\n\nSSL Library information\n```````````````````````\n\n--show-ciphers\n (Standalone) Sh"
},
{
"path": "doc/man-sections/example-fingerprint.rst",
"chars": 6440,
"preview": "Small OpenVPN setup with peer-fingerprint\n=========================================\nThis section consists of instruction"
},
{
"path": "doc/man-sections/examples.rst",
"chars": 8699,
"preview": "EXAMPLES\n========\n\nPrior to running these examples, you should have OpenVPN installed on\ntwo machines with network conne"
},
{
"path": "doc/man-sections/generic-options.rst",
"chars": 19889,
"preview": "Generic Options\n---------------\nThis section covers generic options which are accessible regardless of\nwhich mode OpenVP"
},
{
"path": "doc/man-sections/inline-files.rst",
"chars": 834,
"preview": "INLINE FILE SUPPORT\n===================\n\nOpenVPN allows including files in the main configuration for the ``--ca``,\n``--"
},
{
"path": "doc/man-sections/link-options.rst",
"chars": 21418,
"preview": "Link Options\n------------\nThis link options section covers options related to the connection between\nthe local and the r"
},
{
"path": "doc/man-sections/log-options.rst",
"chars": 2767,
"preview": "Log options\n-----------\n\n--echo parms\n Echo ``parms`` to log output.\n\n Designed to be used to send messages to a contr"
},
{
"path": "doc/man-sections/management-options.rst",
"chars": 5216,
"preview": "Management Interface Options\n----------------------------\nOpenVPN provides a feature rich socket based management interf"
},
{
"path": "doc/man-sections/network-config.rst",
"chars": 342,
"preview": "NETWORK CONFIGURATION\n=====================\n\nOpenVPN consists of two sides of network configuration. One side is the\n*l"
},
{
"path": "doc/man-sections/pkcs11-options.rst",
"chars": 2894,
"preview": "PKCS#11 / SmartCard options\n```````````````````````````\n\n--pkcs11-cert-private args\n Set if access to certificate objec"
},
{
"path": "doc/man-sections/plugin-options.rst",
"chars": 2855,
"preview": "Plug-in Interface Options\n-------------------------\n\nOpenVPN can be extended by loading external plug-in modules at runt"
},
{
"path": "doc/man-sections/protocol-options.rst",
"chars": 10731,
"preview": "Protocol options\n----------------\nOptions in this section affect features available in the OpenVPN wire\nprotocol. Many "
},
{
"path": "doc/man-sections/proxy-options.rst",
"chars": 3594,
"preview": "--http-proxy args\n Connect to remote host through an HTTP proxy. This requires at least an\n address ``server`` and ``"
},
{
"path": "doc/man-sections/renegotiation.rst",
"chars": 2768,
"preview": "Data Channel Renegotiation\n``````````````````````````\n\nWhen running OpenVPN in client/server mode, the data channel will"
},
{
"path": "doc/man-sections/script-options.rst",
"chars": 42209,
"preview": "SCRIPTING INTEGRATION\n=====================\n\nOpenVPN can execute external scripts in various phases of the lifetime of\nt"
},
{
"path": "doc/man-sections/server-options.rst",
"chars": 34520,
"preview": "Server Options\n--------------\nStarting with OpenVPN 2.0, a multi-client TCP/UDP server mode is\nsupported, and can be ena"
},
{
"path": "doc/man-sections/signals.rst",
"chars": 1180,
"preview": "SIGNALS\n=======\n\n:code:`SIGHUP`\n Cause OpenVPN to close all TUN/TAP and network connections, restart,\n re-read the"
},
{
"path": "doc/man-sections/tls-options.rst",
"chars": 32954,
"preview": "TLS Mode Options\n````````````````\n\nTLS mode is the most powerful crypto mode of OpenVPN in both security\nand flexibility"
},
{
"path": "doc/man-sections/unsupported-options.rst",
"chars": 2449,
"preview": "\nUNSUPPORTED OPTIONS\n===================\n\nOptions listed in this section have been removed from OpenVPN and are no\nlonge"
},
{
"path": "doc/man-sections/virtual-routing-and-forwarding.rst",
"chars": 2432,
"preview": "Virtual Routing and Forwarding\n------------------------------\n\nOptions in this section relates to configuration of virtu"
},
{
"path": "doc/man-sections/vpn-network-options.rst",
"chars": 25526,
"preview": "Virtual Network Adapter (VPN interface)\n---------------------------------------\n\nOptions in this section relates to conf"
},
{
"path": "doc/man-sections/windows-options.rst",
"chars": 11073,
"preview": "Windows-Specific Options\n-------------------------\n\nThese options are considered unknown on non-Windows platforms, resul"
},
{
"path": "doc/management-notes.txt",
"chars": 51256,
"preview": "OpenVPN Management Interface Notes\n----------------------------------\n\nThe OpenVPN Management interface allows OpenVPN t"
},
{
"path": "doc/openvpn-examples.5.rst",
"chars": 425,
"preview": "===============================\n openvpn examples\n===============================\n-------------------------\n Secure IP t"
},
{
"path": "doc/openvpn.8.rst",
"chars": 4281,
"preview": "=========\n openvpn\n=========\n-------------------------\n Secure IP tunnel daemon\n-------------------------\n\n:Manual secti"
},
{
"path": "doc/t_server_null.rst",
"chars": 6482,
"preview": "Notes for the --dev null test suite\n===================================\n\nIntroduction\n------------\n\nThe *--dev null test"
},
{
"path": "doc/tests/authentication-plugins.md",
"chars": 3773,
"preview": "# TESTING OF MULTIPLE AUTHENTICATION PLUG-INS\n\n\nOpenVPN 2.x can support loading and authenticating users through multipl"
},
{
"path": "doc/tls-crypt-v2.txt",
"chars": 10620,
"preview": "Client-specific tls-crypt keys (--tls-crypt-v2)\n===============================================\n\nThis document describes"
},
{
"path": "forked-test-driver",
"chars": 5093,
"preview": "#! /bin/sh\n# test-driver - basic testsuite driver script.\n\nscriptversion=2018-03-07.03; # UTC\n\n# Copyright (C) 2011-2021"
},
{
"path": "include/Makefile.am",
"chars": 545,
"preview": "#\n# OpenVPN -- An application to securely tunnel IP networks\n# over a single UDP port, with support for SSL"
},
{
"path": "include/openvpn-msg.h",
"chars": 4173,
"preview": "/*\n * OpenVPN -- An application to securely tunnel IP networks\n * over a single TCP/UDP port, with support "
},
{
"path": "include/openvpn-plugin.h.in",
"chars": 27800,
"preview": "/*\n * OpenVPN -- An application to securely tunnel IP networks\n * over a single TCP/UDP port, with support "
},
{
"path": "ltrc.inc",
"chars": 645,
"preview": "#\n# OpenVPN -- An application to securely tunnel IP networks\n# over a single UDP port, with support for SSL"
},
{
"path": "m4/.keep",
"chars": 0,
"preview": ""
},
{
"path": "m4/ax_socklen_t.m4",
"chars": 1531,
"preview": "dnl -- The following is base of curl's acinclude.m4 --\ndnl Check for socklen_t: historically on BSD it is an int, and in"
},
{
"path": "m4/pkg.m4",
"chars": 10264,
"preview": "# pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*-\n# serial 12 (pkg-config-0.29.2)\n\ndnl Copyright © "
},
{
"path": "renovate.json",
"chars": 1386,
"preview": "{\n \"$schema\": \"https://docs.renovatebot.com/renovate-schema.json\",\n \"packageRules\": [\n {\n \"match"
},
{
"path": "sample/Makefile.am",
"chars": 607,
"preview": "#\n# OpenVPN -- An application to securely tunnel IP networks\n# over a single UDP port, with support for SSL"
},
{
"path": "sample/sample-config-files/README",
"chars": 172,
"preview": "Sample OpenVPN Configuration Files.\n\nThese files are part of the OpenVPN HOWTO\nwhich is located at:\n\nhttp://openvpn.net/"
},
{
"path": "sample/sample-config-files/client.conf",
"chars": 3434,
"preview": "##############################################\n# Sample client-side OpenVPN 2.6 config file #\n# for connecting to multi-"
},
{
"path": "sample/sample-config-files/firewall.sh",
"chars": 3562,
"preview": "#!/bin/sh\n\n# A Sample OpenVPN-aware firewall.\n\n# eth0 is connected to the internet.\n# eth1 is connected to a private sub"
},
{
"path": "sample/sample-config-files/loopback-client",
"chars": 11462,
"preview": "# Perform a TLS loopback test -- client side.\n#\n# This test performs a TLS negotiation once every 10 seconds,\n# and will"
},
{
"path": "sample/sample-config-files/loopback-server",
"chars": 676,
"preview": "# Perform a TLS loopback test -- server side.\n#\n# This test performs a TLS negotiation once every 10 seconds,\n# and will"
},
{
"path": "sample/sample-config-files/openvpn-shutdown.sh",
"chars": 63,
"preview": "#!/bin/sh\n\n# stop all openvpn processes\n\nkillall -TERM openvpn\n"
},
{
"path": "sample/sample-config-files/openvpn-startup.sh",
"chars": 776,
"preview": "#!/bin/sh\n\n# A sample OpenVPN startup script\n# for Linux.\n\n# openvpn config file directory\ndir=/etc/openvpn\n\n# load the "
},
{
"path": "sample/sample-config-files/server.conf",
"chars": 10580,
"preview": "#################################################\n# Sample OpenVPN 2.6 config file for #\n# multi-client serve"
},
{
"path": "sample/sample-keys/README",
"chars": 737,
"preview": "Sample RSA and EC keys.\n\nRun ./gen-sample-keys.sh to generate fresh test keys.\n\nSee the examples section of the man page"
},
{
"path": "sample/sample-keys/ca.crt",
"chars": 2224,
"preview": "-----BEGIN CERTIFICATE-----\nMIIGPjCCBCagAwIBAgIUb1C400ZucjRZvAAz3XyuEusnRgYwDQYJKoZIhvcNAQEL\nBQAwZjELMAkGA1UEBhMCS0cxCzA"
},
{
"path": "sample/sample-keys/ca.key",
"chars": 3272,
"preview": "-----BEGIN PRIVATE KEY-----\nMIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCI+p/ZLGUHCANT\nTFaKnw+J3wi+ef2EKJ5WHt5PWMu"
},
{
"path": "sample/sample-keys/client-ec.crt",
"chars": 4846,
"preview": "Certificate:\n Data:\n Version: 3 (0x2)\n Serial Number: 7 (0x7)\n Signature Algorithm: sha256WithRS"
},
{
"path": "sample/sample-keys/client-ec.key",
"chars": 237,
"preview": "-----BEGIN PRIVATE KEY-----\nMIGEAgEAMBAGByqGSM49AgEGBSuBBAAKBG0wawIBAQQggBG28jKEqUG3n/wcnvcr\nh2VP5dXkRChxqLw3ydT+HpGhRAN"
},
{
"path": "sample/sample-keys/client-pass.key",
"chars": 1874,
"preview": "-----BEGIN ENCRYPTED PRIVATE KEY-----\nMIIFLTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIVDt6h9I/tNsCAggA\nMAwGCCqGSIb3DQIJB"
},
{
"path": "sample/sample-keys/client.crt",
"chars": 5981,
"preview": "Certificate:\n Data:\n Version: 3 (0x2)\n Serial Number: 2 (0x2)\n Signature Algorithm: sha256WithRS"
},
{
"path": "sample/sample-keys/client.key",
"chars": 1704,
"preview": "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDdrrIKQObP4cGi\nodKDLDGY4huyhUBnAPqrv8+dFNH"
},
{
"path": "sample/sample-keys/ffdhe2048.pem",
"chars": 424,
"preview": "-----BEGIN DH PARAMETERS-----\nMIIBCAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz\n+8yTnc4kmz75fS/jY2MMddj2g"
},
{
"path": "sample/sample-keys/gen-sample-keys.sh",
"chars": 4432,
"preview": "#!/bin/sh\n#\n# Run this script to set up a test CA, and test key-certificate pair for a\n# server, and various clients.\n#\n"
},
{
"path": "sample/sample-keys/openssl.cnf",
"chars": 4312,
"preview": "# Heavily borrowed from EasyRSA 3, for use with OpenSSL 1.0.*\n\n#########################################################"
},
{
"path": "sample/sample-keys/server-ec.crt",
"chars": 5301,
"preview": "Certificate:\n Data:\n Version: 3 (0x2)\n Serial Number: 6 (0x6)\n Signature Algorithm: sha256WithRS"
},
{
"path": "sample/sample-keys/server-ec.key",
"chars": 237,
"preview": "-----BEGIN PRIVATE KEY-----\nMIGEAgEAMBAGByqGSM49AgEGBSuBBAAKBG0wawIBAQQghKHFa1jQGnTwZbFNJoJv\nRABNN9RrBuBkrXPCwOdUnt6hRAN"
},
{
"path": "sample/sample-keys/server.crt",
"chars": 6438,
"preview": "Certificate:\n Data:\n Version: 3 (0x2)\n Serial Number: 1 (0x1)\n Signature Algorithm: sha256WithRS"
},
{
"path": "sample/sample-keys/server.key",
"chars": 1708,
"preview": "-----BEGIN PRIVATE KEY-----\nMIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCvk86dhofEirs4\nb1AWmylw2lq9s0xaA7jhlPU/Sz8"
},
{
"path": "sample/sample-keys/ta.key",
"chars": 636,
"preview": "#\n# 2048 bit OpenVPN static key\n#\n-----BEGIN OpenVPN Static key V1-----\n21d94830510107f8753d3b6f3145e01d\ned37075115afcb0"
},
{
"path": "sample/sample-plugins/Makefile.am",
"chars": 1181,
"preview": "#\n# OpenVPN -- An application to securely tunnel IP networks\n# over a single UDP port, with support for SSL"
},
{
"path": "sample/sample-plugins/Makefile.plugins",
"chars": 986,
"preview": "# SPDX-License-Identifier: GPL-2.0-only\n#\n# Copyright (C) 2020-2026 OpenVPN Inc <sales@openvpn.net>\n#\n\n#\n# Plug-ins to"
},
{
"path": "sample/sample-plugins/README",
"chars": 1812,
"preview": "OpenVPN plug-in examples.\n\nExamples provided:\n\n* authentication and logging\nsimple/simple.c -- using the --auth-user-pas"
},
{
"path": "sample/sample-plugins/client-connect/README",
"chars": 1437,
"preview": "OpenVPN plugin examples.\n\nExamples provided:\n\nsample-client-connect.c\n\n - hook to all plugin hooks that openvpn offers\n"
},
{
"path": "sample/sample-plugins/client-connect/sample-client-connect.c",
"chars": 19579,
"preview": "/*\n * OpenVPN -- An application to securely tunnel IP networks\n * over a single TCP/UDP port, with support "
},
{
"path": "sample/sample-plugins/defer/multi-auth.c",
"chars": 12174,
"preview": "/*\n * OpenVPN -- An application to securely tunnel IP networks\n * over a single TCP/UDP port, with support "
},
{
"path": "sample/sample-plugins/defer/winbuild",
"chars": 573,
"preview": "#\n# Build an OpenVPN plugin module on Windows/MinGW.\n# The argument should be the base name of the C source file\n# (with"
},
{
"path": "sample/sample-plugins/keying-material-exporter-demo/README",
"chars": 2316,
"preview": "OpenVPN plugin examples. Daniel Kubec <niel@rtfm.cz>\n\nExamples provided:\n\nkeyingmaterialexpor"
},
{
"path": "sample/sample-plugins/keying-material-exporter-demo/client.ovpn",
"chars": 274,
"preview": "tls-client\npull\n\nkeying-material-exporter \"EXPORTER_SSO_TEST\" 16\nreneg-sec 0\n\nca ../../sample-keys/ca.crt\ncert ../"
},
{
"path": "sample/sample-plugins/keying-material-exporter-demo/http-client.py",
"chars": 420,
"preview": "#!/usr/bin/python\nimport sys\nimport os\nimport httplib\n\nf = '/tmp/openvpn_sso_user'\nwith open (f, \"r\") as myfile:\n\tsessio"
},
{
"path": "sample/sample-plugins/keying-material-exporter-demo/http-server.py",
"chars": 1097,
"preview": "#!/usr/bin/python\nfrom BaseHTTPServer import BaseHTTPRequestHandler, HTTPServer\nimport os\n\nclass ExampleHTTPRequestHandl"
},
{
"path": "sample/sample-plugins/keying-material-exporter-demo/keyingmaterialexporter.c",
"chars": 7603,
"preview": "/*\n * OpenVPN -- An application to securely tunnel IP networks\n * over a single TCP/UDP port, with support "
},
{
"path": "sample/sample-plugins/keying-material-exporter-demo/server.ovpn",
"chars": 304,
"preview": "tls-server\nreneg-sec 0\n\nkeying-material-exporter \"EXPORTER_SSO_TEST\" 16\nduplicate-cn\n\nplugin ./keyingmaterialexporter.so"
},
{
"path": "sample/sample-plugins/log/log.c",
"chars": 5868,
"preview": "/*\n * OpenVPN -- An application to securely tunnel IP networks\n * over a single TCP/UDP port, with support "
},
{
"path": "sample/sample-plugins/log/log_v3.c",
"chars": 8506,
"preview": "/*\n * OpenVPN -- An application to securely tunnel IP networks\n * over a single TCP/UDP port, with support "
},
{
"path": "sample/sample-plugins/log/winbuild",
"chars": 575,
"preview": "#\n# Build an OpenVPN plugin module on Windows/MinGW.\n# The argument should be the base name of the C source file\n# (with"
},
{
"path": "sample/sample-plugins/simple/base64.c",
"chars": 7475,
"preview": "/*\n * OpenVPN -- An application to securely tunnel IP networks\n * over a single TCP/UDP port, with support "
},
{
"path": "sample/sample-plugins/simple/simple.c",
"chars": 3643,
"preview": "/*\n * OpenVPN -- An application to securely tunnel IP networks\n * over a single TCP/UDP port, with support "
},
{
"path": "sample/sample-plugins/simple/simple.def",
"chars": 178,
"preview": "LIBRARY OpenVPN_PLUGIN_SAMPLE\nDESCRIPTION \"Sample OpenVPN plug-in module.\"\nEXPORTS\n openvpn_plugin_open_v1 @1\n o"
},
{
"path": "sample/sample-plugins/simple/winbuild",
"chars": 575,
"preview": "#\n# Build an OpenVPN plugin module on Windows/MinGW.\n# The argument should be the base name of the C source file\n# (with"
},
{
"path": "sample/sample-scripts/auth-pam.pl",
"chars": 2408,
"preview": "#!/usr/bin/perl -t\n\n# OpenVPN PAM AUTHENTICATON\n# This script can be used to add PAM-based authentication\n# to OpenV"
},
{
"path": "sample/sample-scripts/bridge-start",
"chars": 741,
"preview": "#!/bin/sh\n\n#################################\n# Set up Ethernet bridge on Linux\n# Requires: bridge-utils\n################"
},
{
"path": "sample/sample-scripts/bridge-stop",
"chars": 313,
"preview": "#!/bin/sh\n\n####################################\n# Tear Down Ethernet bridge on Linux\n###################################"
},
{
"path": "sample/sample-scripts/totpauth.py",
"chars": 4018,
"preview": "#! /usr/bin/python3\n# Copyright (c) 2021 OpenVPN Inc <sales@openvpn.net>\n# Copyright (c) 2021 Arne Schwabe <arne@rfc2549"
},
{
"path": "sample/sample-scripts/ucn.pl",
"chars": 339,
"preview": "#!/usr/bin/perl -t\n\n# OpenVPN --auth-user-pass-verify script.\n# Only authenticate if username equals common_name.\n# In O"
},
{
"path": "sample/sample-scripts/verify-cn",
"chars": 2183,
"preview": "#!/usr/bin/perl\n\n# verify-cn -- a sample OpenVPN tls-verify script\n#\n# Return 0 if cn matches the common name component "
},
{
"path": "src/Makefile.am",
"chars": 522,
"preview": "#\n# OpenVPN -- An application to securely tunnel IP networks\n# over a single UDP port, with support for SSL"
},
{
"path": "src/compat/Makefile.am",
"chars": 630,
"preview": "#\n# OpenVPN -- An application to securely tunnel IP networks\n# over a single UDP port, with support for SSL"
},
{
"path": "src/compat/compat-basename.c",
"chars": 1483,
"preview": "/*\n * OpenVPN -- An application to securely tunnel IP networks\n * over a single UDP port, with support for "
},
{
"path": "src/compat/compat-daemon.c",
"chars": 2231,
"preview": "/*\n * OpenVPN -- An application to securely tunnel IP networks\n * over a single UDP port, with support for "
},
{
"path": "src/compat/compat-dirname.c",
"chars": 3934,
"preview": "/*\n * OpenVPN -- An application to securely tunnel IP networks\n * over a single UDP port, with support for "
},
{
"path": "src/compat/compat-gettimeofday.c",
"chars": 3039,
"preview": "/*\n * OpenVPN -- An application to securely tunnel IP networks\n * over a single UDP port, with support for "
},
{
"path": "src/compat/compat-strsep.c",
"chars": 1675,
"preview": "/*\n * OpenVPN -- An application to securely tunnel IP networks\n * over a single UDP port, with support for "
},
{
"path": "src/compat/compat.h",
"chars": 1563,
"preview": "/*\n * OpenVPN -- An application to securely tunnel IP networks\n * over a single UDP port, with support for "
},
{
"path": "src/openvpn/Makefile.am",
"chars": 4271,
"preview": "#\n# OpenVPN -- An application to securely tunnel IP networks\n# over a single UDP port, with support for SSL"
}
]
// ... and 322 more files (download for full content)
About this extraction
This page contains the full source code of the OpenVPN/openvpn GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 522 files (5.4 MB), approximately 1.4M tokens, and a symbol index with 6005 extracted functions, classes, methods, constants, and types. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.