1. 10 Jan, 2019 1 commit
  2. 24 Nov, 2018 1 commit
  3. 06 Nov, 2018 1 commit
  4. 15 Oct, 2018 1 commit
    • Ralph Schmieder's avatar
      chg: add --version-string · 13b64166
      Ralph Schmieder authored
      I've included a patch that provides better compatibility with CSD on
      ASA head ends. E.g. it allows to specify the version string that is
      presented to the ASA. Previous to this patch, OC presents its own
      version e.g. 0.7.8 but that could cause rejection on the head end if
      it looks for a matching AC version string.
      
      [dwmw2: All the library ABI support for the new function]
      Signed-off-by: default avatarRalph Schmieder <ralph.schmieder@gmail.com>
      Signed-off-by: default avatarDavid Woodhouse <dwmw2@infradead.org>
      13b64166
  5. 26 Jun, 2018 1 commit
  6. 31 May, 2018 3 commits
  7. 15 May, 2017 1 commit
  8. 13 Dec, 2016 1 commit
  9. 25 Sep, 2016 1 commit
  10. 07 Sep, 2016 1 commit
  11. 25 Aug, 2016 1 commit
    • Ralph Schmieder's avatar
      Add --passtos option to copy TOS/TCLASS from VPN packets · 37316927
      Ralph Schmieder authored
      This allows prioritised queuing of outbound packets. It is only of local
      significance (and importance) as it will influence queueing on the CPE
      which is typically the only place where this will be in effect. And the
      most effective place as the CPE is usually the bottleneck where all
      applications compete for limited upstream bandwidth.
      
      SPs do set the DSCP to 0 anyway at the trust boundary (which is the next
      hop from the CPE). Same goes for large corporations which also either
      reset the DSCP or have it set according to their policy, not the user's.
      
      It is implemented as an 'opt-in' using the --passtos command line switch
      in accordance with the OpenVPN implementation
      Signed-off-by: default avatarRalph Schmieder <ralph.schmieder@gmail.com>
      Signed-off-by: default avatarDavid Woodhouse <David.Woodhouse@intel.com>
      37316927
  12. 19 Jul, 2016 1 commit
  13. 16 May, 2016 1 commit
  14. 08 Mar, 2016 1 commit
  15. 24 Apr, 2015 1 commit
  16. 24 Feb, 2015 1 commit
  17. 25 Jan, 2015 1 commit
  18. 17 Nov, 2014 1 commit
  19. 03 Nov, 2014 1 commit
  20. 02 Aug, 2014 1 commit
    • Kevin Cernekee's avatar
      main: Allow reading --token-secret from a file · ec2eb275
      Kevin Cernekee authored
      If the token string starts with '@' or '/', assume it refers to a
      filename.  None of the current token backends would recognize a string
      starting with '@' or '/'.
      
      The main use cases are:
      
       - Keeping token secrets from showing up in "ps" output
       - Allowing the use of SecurID SDTID XML files without import/conversion
      
      This accepts "raw" HOTP/TOTP/SecurID tokens, not .stokenrc files.
      Therefore it cannot use stoken_import_rcfile().
      Signed-off-by: default avatarKevin Cernekee <cernekee@gmail.com>
      ec2eb275
  21. 20 Jun, 2014 3 commits
  22. 13 Jun, 2014 2 commits
    • Kevin Cernekee's avatar
      Change most PRG_TRACE prints to PRG_DEBUG · ab4abdcd
      Kevin Cernekee authored
      Use PRG_TRACE for the really noisy (and performance-impacting) log
      prints, like packet info and "No work to do" polling.  Use PRG_DEBUG for
      other verbose-but-infrequent debug output.  Change the command line
      parsing so that "-v" enables PRG_DEBUG and "-vv" enables PRG_TRACE.
      Signed-off-by: default avatarKevin Cernekee <cernekee@gmail.com>
      ab4abdcd
    • Kevin Cernekee's avatar
      main: Refactor signal handling · 56c5acb1
      Kevin Cernekee authored
      Eliminate the SIGUSR1/SIGUSR2 debug logging behavior and introduce new
      behavior for the following signals:
      
          SIGINT: Disconnect and logoff, run vpnc-script accordingly
          SIGHUP: Disconnect and run vpnc-script (cookie can be re-used)
          SIGUSR2: Reconnect to server immediately as if DPD triggered.
          SIGTERM: Just die. Disconnect without logoff, no vpnc-script
      Signed-off-by: default avatarKevin Cernekee <cernekee@gmail.com>
      56c5acb1
  23. 10 Jun, 2014 1 commit
  24. 18 Feb, 2014 1 commit
    • David Woodhouse's avatar
      Add RFC4226 HOTP token support · ef31b98a
      David Woodhouse authored
      This isn't really complete since it doesn't handle the token counter
      properly. It relies on being given the token counter along with the
      secret key, and there's no way to save the new value when we're done.
      
      We could perhaps add a library function to write the token counter back,
      and rely on the library user to manage the file storage containing the
      counter.
      
      Or maybe we want to use libpskc and allow the PSKC file to be specified,
      then we can update that file directly.
      
      A UI tool might also want to store the PSKC data in something like the
      keyring instead of a simple file, so in that case the library should
      probably allow for a callback which provides the new PSKC data rather
      than unconditionally writing it to a file.
      Signed-off-by: default avatarDavid Woodhouse <David.Woodhouse@intel.com>
      ef31b98a
  25. 13 Feb, 2014 1 commit
  26. 03 Feb, 2014 1 commit
  27. 15 Jan, 2014 2 commits
  28. 30 May, 2013 2 commits
  29. 25 Mar, 2013 1 commit
  30. 23 Mar, 2013 1 commit
  31. 28 Oct, 2012 1 commit
  32. 15 Oct, 2012 1 commit
  33. 11 Oct, 2012 1 commit