1. 13 Dec, 2016 1 commit
  2. 25 Sep, 2016 1 commit
  3. 07 Sep, 2016 1 commit
  4. 25 Aug, 2016 1 commit
    • Ralph Schmieder's avatar
      Add --passtos option to copy TOS/TCLASS from VPN packets · 37316927
      Ralph Schmieder authored
      This allows prioritised queuing of outbound packets. It is only of local
      significance (and importance) as it will influence queueing on the CPE
      which is typically the only place where this will be in effect. And the
      most effective place as the CPE is usually the bottleneck where all
      applications compete for limited upstream bandwidth.
      
      SPs do set the DSCP to 0 anyway at the trust boundary (which is the next
      hop from the CPE). Same goes for large corporations which also either
      reset the DSCP or have it set according to their policy, not the user's.
      
      It is implemented as an 'opt-in' using the --passtos command line switch
      in accordance with the OpenVPN implementation
      Signed-off-by: default avatarRalph Schmieder <ralph.schmieder@gmail.com>
      Signed-off-by: default avatarDavid Woodhouse <David.Woodhouse@intel.com>
      37316927
  5. 19 Jul, 2016 1 commit
  6. 16 May, 2016 1 commit
  7. 08 Mar, 2016 1 commit
  8. 24 Apr, 2015 1 commit
  9. 24 Feb, 2015 1 commit
  10. 25 Jan, 2015 1 commit
  11. 17 Nov, 2014 1 commit
  12. 03 Nov, 2014 1 commit
  13. 02 Aug, 2014 1 commit
    • Kevin Cernekee's avatar
      main: Allow reading --token-secret from a file · ec2eb275
      Kevin Cernekee authored
      If the token string starts with '@' or '/', assume it refers to a
      filename.  None of the current token backends would recognize a string
      starting with '@' or '/'.
      
      The main use cases are:
      
       - Keeping token secrets from showing up in "ps" output
       - Allowing the use of SecurID SDTID XML files without import/conversion
      
      This accepts "raw" HOTP/TOTP/SecurID tokens, not .stokenrc files.
      Therefore it cannot use stoken_import_rcfile().
      Signed-off-by: default avatarKevin Cernekee <cernekee@gmail.com>
      ec2eb275
  14. 20 Jun, 2014 3 commits
  15. 13 Jun, 2014 2 commits
    • Kevin Cernekee's avatar
      Change most PRG_TRACE prints to PRG_DEBUG · ab4abdcd
      Kevin Cernekee authored
      Use PRG_TRACE for the really noisy (and performance-impacting) log
      prints, like packet info and "No work to do" polling.  Use PRG_DEBUG for
      other verbose-but-infrequent debug output.  Change the command line
      parsing so that "-v" enables PRG_DEBUG and "-vv" enables PRG_TRACE.
      Signed-off-by: default avatarKevin Cernekee <cernekee@gmail.com>
      ab4abdcd
    • Kevin Cernekee's avatar
      main: Refactor signal handling · 56c5acb1
      Kevin Cernekee authored
      Eliminate the SIGUSR1/SIGUSR2 debug logging behavior and introduce new
      behavior for the following signals:
      
          SIGINT: Disconnect and logoff, run vpnc-script accordingly
          SIGHUP: Disconnect and run vpnc-script (cookie can be re-used)
          SIGUSR2: Reconnect to server immediately as if DPD triggered.
          SIGTERM: Just die. Disconnect without logoff, no vpnc-script
      Signed-off-by: default avatarKevin Cernekee <cernekee@gmail.com>
      56c5acb1
  16. 10 Jun, 2014 1 commit
  17. 18 Feb, 2014 1 commit
    • David Woodhouse's avatar
      Add RFC4226 HOTP token support · ef31b98a
      David Woodhouse authored
      This isn't really complete since it doesn't handle the token counter
      properly. It relies on being given the token counter along with the
      secret key, and there's no way to save the new value when we're done.
      
      We could perhaps add a library function to write the token counter back,
      and rely on the library user to manage the file storage containing the
      counter.
      
      Or maybe we want to use libpskc and allow the PSKC file to be specified,
      then we can update that file directly.
      
      A UI tool might also want to store the PSKC data in something like the
      keyring instead of a simple file, so in that case the library should
      probably allow for a callback which provides the new PSKC data rather
      than unconditionally writing it to a file.
      Signed-off-by: default avatarDavid Woodhouse <David.Woodhouse@intel.com>
      ef31b98a
  18. 13 Feb, 2014 1 commit
  19. 03 Feb, 2014 1 commit
  20. 15 Jan, 2014 2 commits
  21. 30 May, 2013 2 commits
  22. 25 Mar, 2013 1 commit
  23. 23 Mar, 2013 1 commit
  24. 28 Oct, 2012 1 commit
  25. 15 Oct, 2012 1 commit
  26. 11 Oct, 2012 1 commit
  27. 25 Jun, 2012 1 commit
  28. 11 Jun, 2012 3 commits
  29. 08 Jun, 2012 1 commit
  30. 07 Jun, 2012 1 commit
  31. 03 May, 2012 1 commit
  32. 16 Apr, 2012 1 commit
  33. 08 Dec, 2011 1 commit