schwabe / openvpn Goto Github PK

https://swupdate.openvpn.net/beta-downloads/win-dco/openvpn-install-dco-preview-Win10.exe
I see this exe is compiled from this repo,I ran it and added options：
windows-driver ovpn-dco-win
tun-mtu 1428

but it will give an error
TUN: adding address failed using service，[status=1168 if_index=28]
TUN: setting IPv4 mtu using service failed:， [status=1168 if_index=28]
Does this exe not work?

client.ovpn

proto udp
dev tun
nobind
;windows-driver wintun
windows-driver ovpn-dco-win
tun-mtu 1428
remote 10.10.18.105 1194 
auth-nocache
resolv-retry 20
keepalive 10 60
mute-replay-warnings
remote-cert-tls server
persist-key
;persist-tun
explicit-exit-notify 1
auth-user-pass
cipher AES-128-GCM
reneg-sec 0
ca ca.crt
cert client1.crt
key client1.key
tls-auth ta.key 1
verb 3```

Can you add an option to start at system start up, both the app and connecting to a vpn.
Thanks

Can you add support for automatic updates, so you don't have to reinstall it every time there's a new update available.

Nach Update auf v 0.6.49 zeigt im log "could not read log item from file 0/0"

Can you please add support for multipool vpn profiles, not running at once but either if one fails then try an other and the option for a random selection between them at start.
Thinks

Hello Arne

I have problem with new version of OpenVPN . When I want to connect I got MGMT: Got unrecognized command > FATAL :Cannot load inline certificate file. Before the update it was work.
It is 0.6.71 ver.

Here is the log:
2017-06-26 09:42:21 hivatalos build 0.6.71 futtatva samsung SM-J510FN (MSM8916), Android 6.0.1 (MMB29M) API 23, ABI armeabi-v7a, (samsung/j5xnltexx/j5xnlte:6.0.1/MMB29M/J510FNXXU2AQD2:user/release-keys)
2017-06-26 09:42:22 Konfiguráció felépítése…
2017-06-26 09:42:22 New OpenVPN Status (VPN_GENERATE_CONFIG->LEVEL_START):
2017-06-26 09:42:22 New OpenVPN Status (VPN_GENERATE_CONFIG->LEVEL_START):
2017-06-26 09:42:22 started Socket Thread
2017-06-26 09:42:22 Hálózati állapot: CONNECTED to WIFI "KITE-Informatika"
2017-06-26 09:42:22 Debug state info: CONNECTED to WIFI "KITE-Informatika", pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED
2017-06-26 09:42:22 Debug state info: CONNECTED to WIFI "KITE-Informatika", pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED
2017-06-26 09:42:22 P:Initializing Google Breakpad!
2017-06-26 09:42:22 Current Parameter Settings:
2017-06-26 09:42:22 0 másodperc várakozás a csatlakozási kísérletek között
2017-06-26 09:42:22 config = '/data/user/0/de.blinkt.openvpn/cache/android.conf'
2017-06-26 09:42:22 mode = 0
2017-06-26 09:42:22 show_ciphers = DISABLED
2017-06-26 09:42:22 show_digests = DISABLED
2017-06-26 09:42:22 show_engines = DISABLED
2017-06-26 09:42:22 genkey = DISABLED
2017-06-26 09:42:22 key_pass_file = '[UNDEF]'
2017-06-26 09:42:22 show_tls_ciphers = DISABLED
2017-06-26 09:42:22 connect_retry_max = 0
2017-06-26 09:42:22 Connection profiles [0]:
2017-06-26 09:42:22 proto = udp
2017-06-26 09:42:22 local = '[UNDEF]'
2017-06-26 09:42:22 local_port = '[UNDEF]'
2017-06-26 09:42:22 remote = '212.92.8.82'
2017-06-26 09:42:22 remote_port = '1194'
2017-06-26 09:42:22 remote_float = ENABLED
2017-06-26 09:42:22 bind_defined = DISABLED
2017-06-26 09:42:22 bind_local = DISABLED
2017-06-26 09:42:22 bind_ipv6_only = DISABLED
2017-06-26 09:42:22 connect_retry_seconds = 2
2017-06-26 09:42:22 connect_timeout = 120
2017-06-26 09:42:22 socks_proxy_server = '[UNDEF]'
2017-06-26 09:42:22 socks_proxy_port = '[UNDEF]'
2017-06-26 09:42:22 tun_mtu = 1500
2017-06-26 09:42:22 tun_mtu_defined = ENABLED
2017-06-26 09:42:22 link_mtu = 1500
2017-06-26 09:42:22 link_mtu_defined = DISABLED
2017-06-26 09:42:22 tun_mtu_extra = 0
2017-06-26 09:42:22 tun_mtu_extra_defined = DISABLED
2017-06-26 09:42:22 mtu_discover_type = -1
2017-06-26 09:42:22 fragment = 0
2017-06-26 09:42:22 mssfix = 1450
2017-06-26 09:42:22 explicit_exit_notification = 0
2017-06-26 09:42:22 Connection profiles END
2017-06-26 09:42:22 remote_random = DISABLED
2017-06-26 09:42:22 ipchange = '[UNDEF]'
2017-06-26 09:42:22 dev = 'tun'
2017-06-26 09:42:22 dev_type = '[UNDEF]'
2017-06-26 09:42:22 dev_node = '[UNDEF]'
2017-06-26 09:42:22 lladdr = '[UNDEF]'
2017-06-26 09:42:22 topology = 1
2017-06-26 09:42:22 ifconfig_local = '[UNDEF]'
2017-06-26 09:42:22 ifconfig_remote_netmask = '[UNDEF]'
2017-06-26 09:42:22 ifconfig_noexec = DISABLED
2017-06-26 09:42:22 ifconfig_nowarn = ENABLED
2017-06-26 09:42:22 ifconfig_ipv6_local = '[UNDEF]'
2017-06-26 09:42:22 ifconfig_ipv6_netbits = 0
2017-06-26 09:42:22 ifconfig_ipv6_remote = '[UNDEF]'
2017-06-26 09:42:22 shaper = 0
2017-06-26 09:42:22 mtu_test = 0
2017-06-26 09:42:22 mlock = DISABLED
2017-06-26 09:42:22 keepalive_ping = 0
2017-06-26 09:42:22 keepalive_timeout = 0
2017-06-26 09:42:22 inactivity_timeout = 0
2017-06-26 09:42:22 ping_send_timeout = 0
2017-06-26 09:42:22 ping_rec_timeout = 0
2017-06-26 09:42:22 ping_rec_timeout_action = 0
2017-06-26 09:42:22 ping_timer_remote = DISABLED
2017-06-26 09:42:22 remap_sigusr1 = 0
2017-06-26 09:42:22 persist_tun = ENABLED
2017-06-26 09:42:22 persist_local_ip = DISABLED
2017-06-26 09:42:22 persist_remote_ip = DISABLED
2017-06-26 09:42:22 persist_key = DISABLED
2017-06-26 09:42:22 passtos = DISABLED
2017-06-26 09:42:22 resolve_retry_seconds = 60
2017-06-26 09:42:22 resolve_in_advance = ENABLED
2017-06-26 09:42:22 username = '[UNDEF]'
2017-06-26 09:42:22 groupname = '[UNDEF]'
2017-06-26 09:42:22 chroot_dir = '[UNDEF]'
2017-06-26 09:42:22 cd_dir = '[UNDEF]'
2017-06-26 09:42:22 writepid = '[UNDEF]'
2017-06-26 09:42:22 up_script = '[UNDEF]'
2017-06-26 09:42:22 down_script = '[UNDEF]'
2017-06-26 09:42:22 down_pre = DISABLED
2017-06-26 09:42:22 up_restart = DISABLED
2017-06-26 09:42:22 up_delay = DISABLED
2017-06-26 09:42:22 daemon = DISABLED
2017-06-26 09:42:22 inetd = 0
2017-06-26 09:42:22 log = DISABLED
2017-06-26 09:42:22 suppress_timestamps = DISABLED
2017-06-26 09:42:22 machine_readable_output = ENABLED
2017-06-26 09:42:22 nice = 0
2017-06-26 09:42:22 verbosity = 4
2017-06-26 09:42:22 mute = 0
2017-06-26 09:42:22 gremlin = 0
2017-06-26 09:42:22 status_file = '[UNDEF]'
2017-06-26 09:42:22 status_file_version = 1
2017-06-26 09:42:22 status_file_update_freq = 60
2017-06-26 09:42:22 occ = ENABLED
2017-06-26 09:42:22 rcvbuf = 0
2017-06-26 09:42:22 sndbuf = 0
2017-06-26 09:42:22 sockflags = 0
2017-06-26 09:42:22 fast_io = DISABLED
2017-06-26 09:42:22 comp.alg = 2
2017-06-26 09:42:22 comp.flags = 1
2017-06-26 09:42:22 route_script = '[UNDEF]'
2017-06-26 09:42:22 route_default_gateway = '[UNDEF]'
2017-06-26 09:42:22 route_default_metric = 0
2017-06-26 09:42:22 route_noexec = DISABLED
2017-06-26 09:42:22 route_delay = 0
2017-06-26 09:42:22 route_delay_window = 30
2017-06-26 09:42:22 route_delay_defined = DISABLED
2017-06-26 09:42:22 route_nopull = DISABLED
2017-06-26 09:42:22 route_gateway_via_dhcp = DISABLED
2017-06-26 09:42:22 allow_pull_fqdn = DISABLED
2017-06-26 09:42:22 management_addr = '/data/user/0/de.blinkt.openvpn/cache/mgmtsocket'
2017-06-26 09:42:22 management_port = 'unix'
2017-06-26 09:42:22 management_user_pass = '[UNDEF]'
2017-06-26 09:42:22 management_log_history_cache = 250
2017-06-26 09:42:22 management_echo_buffer_size = 100
2017-06-26 09:42:22 management_write_peer_info_file = '[UNDEF]'
2017-06-26 09:42:22 management_client_user = '[UNDEF]'
2017-06-26 09:42:22 management_client_group = '[UNDEF]'
2017-06-26 09:42:22 management_flags = 4390
2017-06-26 09:42:22 shared_secret_file = '[UNDEF]'
2017-06-26 09:42:22 key_direction = (null)
2017-06-26 09:42:22 ciphername = 'BF-CBC'
2017-06-26 09:42:22 ncp_enabled = ENABLED
2017-06-26 09:42:22 ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
2017-06-26 09:42:22 authname = 'SHA1'
2017-06-26 09:42:22 prng_hash = 'SHA1'
2017-06-26 09:42:22 prng_nonce_secret_len = 16
2017-06-26 09:42:22 keysize = 0
2017-06-26 09:42:22 engine = DISABLED
2017-06-26 09:42:22 replay = ENABLED
2017-06-26 09:42:22 mute_replay_warnings = DISABLED
2017-06-26 09:42:22 replay_window = 64
2017-06-26 09:42:22 replay_time = 15
2017-06-26 09:42:22 packet_id_file = '[UNDEF]'
2017-06-26 09:42:22 test_crypto = DISABLED
2017-06-26 09:42:22 tls_server = DISABLED
2017-06-26 09:42:22 tls_client = ENABLED
2017-06-26 09:42:22 key_method = 2
2017-06-26 09:42:22 ca_file = '[[INLINE]]'
2017-06-26 09:42:22 ca_path = '[UNDEF]'
2017-06-26 09:42:22 dh_file = '[UNDEF]'
2017-06-26 09:42:22 cert_file = '[[INLINE]]'
2017-06-26 09:42:22 extra_certs_file = '[UNDEF]'
2017-06-26 09:42:22 priv_key_file = '[[INLINE]]'
2017-06-26 09:42:22 pkcs12_file = '[UNDEF]'
2017-06-26 09:42:22 cipher_list = '[UNDEF]'
2017-06-26 09:42:22 tls_verify = '[UNDEF]'
2017-06-26 09:42:22 tls_export_cert = '[UNDEF]'
2017-06-26 09:42:22 verify_x509_type = 0
2017-06-26 09:42:22 verify_x509_name = '[UNDEF]'
2017-06-26 09:42:22 crl_file = '[UNDEF]'
2017-06-26 09:42:22 ns_cert_type = 0
2017-06-26 09:42:22 remote_cert_ku[i] = 0
2017-06-26 09:42:22 remote_cert_ku[i] = 0
2017-06-26 09:42:22 remote_cert_ku[i] = 0
2017-06-26 09:42:22 remote_cert_ku[i] = 0
2017-06-26 09:42:22 remote_cert_ku[i] = 0
2017-06-26 09:42:22 remote_cert_ku[i] = 0
2017-06-26 09:42:22 remote_cert_ku[i] = 0
2017-06-26 09:42:22 remote_cert_ku[i] = 0
2017-06-26 09:42:22 remote_cert_ku[i] = 0
2017-06-26 09:42:22 remote_cert_ku[i] = 0
2017-06-26 09:42:22 remote_cert_ku[i] = 0
2017-06-26 09:42:22 remote_cert_ku[i] = 0
2017-06-26 09:42:22 remote_cert_ku[i] = 0
2017-06-26 09:42:22 remote_cert_ku[i] = 0
2017-06-26 09:42:22 remote_cert_ku[i] = 0
2017-06-26 09:42:22 remote_cert_ku[i] = 0
2017-06-26 09:42:22 remote_cert_eku = '[UNDEF]'
2017-06-26 09:42:22 ssl_flags = 0
2017-06-26 09:42:22 tls_timeout = 2
2017-06-26 09:42:22 renegotiate_bytes = -1
2017-06-26 09:42:22 renegotiate_packets = 0
2017-06-26 09:42:22 renegotiate_seconds = 3600
2017-06-26 09:42:22 handshake_window = 60
2017-06-26 09:42:22 transition_window = 3600
2017-06-26 09:42:22 single_session = DISABLED
2017-06-26 09:42:22 push_peer_info = DISABLED
2017-06-26 09:42:22 tls_exit = DISABLED
2017-06-26 09:42:22 tls_auth_file = '[UNDEF]'
2017-06-26 09:42:22 tls_crypt_file = '[UNDEF]'
2017-06-26 09:42:22 client = ENABLED
2017-06-26 09:42:22 pull = ENABLED
2017-06-26 09:42:22 auth_user_pass_file = '[UNDEF]'
2017-06-26 09:42:22 OpenVPN 2.5-icsopenvpn [git:icsopenvpn-d51333c645c12713] android-14-armeabi-v7a [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jun 23 2017
2017-06-26 09:42:22 library versions: OpenSSL 1.1.0f 25 May 2017, LZO 2.10
2017-06-26 09:42:22 MANAGEMENT: Connected to management server at /data/user/0/de.blinkt.openvpn/cache/mgmtsocket
2017-06-26 09:42:22 MANAGEMENT: CMD 'hold release'
2017-06-26 09:42:22 MANAGEMENT: CMD 'proxy NONE'
2017-06-26 09:42:22 MANAGEMENT: CMD 'bytecount 2'
2017-06-26 09:42:22 MANAGEMENT: CMD 'state on'
2017-06-26 09:42:23 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2017-06-26 09:42:23 MGMT: Got unrecognized command>FATAL:Cannot load inline certificate file
2017-06-26 09:42:23 OpenSSL: error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak
2017-06-26 09:42:23 MANAGEMENT: Client disconnected
2017-06-26 09:42:23 Cannot load inline certificate file
2017-06-26 09:42:23 Exiting due to fatal error
2017-06-26 09:42:23 Process exited with exit value 1
2017-06-26 09:42:23 New OpenVPN Status (NOPROCESS->LEVEL_NOTCONNECTED): No process running.
2017-06-26 09:42:23 New OpenVPN Status (NOPROCESS->LEVEL_NOTCONNECTED): No process running.

there are any android porting tutorials for openvpn like your openssl repository （platform_external_openssl）

i need to port a special edition of openvpn for andorid and use ics-openvpn app for testing ，so i'd like to compile it as your pattern to replace "libopenvpn.so"

so , may i get some guidance here ?

Hi!
When I compile the openvpn-dco, an error occurs,

configure: error: libnl-genl-3.0 package not found or too old. Is the development package and pkg-config installed? Must be version 3.4.0 or newer

My environment: centos 5.4.168-1.el7.elrepo.x86_64
gcc version 9.3.1 20200408 (Red Hat 9.3.1-2) (GCC)

and
ls /usr/lib/libnl*

/usr/lib/libnl-3.la /usr/lib/libnl-genl-3.so.200 /usr/lib/libnl-route-3.la
/usr/lib/libnl-3.so /usr/lib/libnl-genl-3.so.200.26.0 /usr/lib/libnl-route-3.so
/usr/lib/libnl-3.so.200 /usr/lib/libnl-idiag-3.la /usr/lib/libnl-route-3.so.200
/usr/lib/libnl-3.so.200.26.0 /usr/lib/libnl-idiag-3.so /usr/lib/libnl-route-3.so.200.26.0
/usr/lib/libnl-cli-3.la /usr/lib/libnl-idiag-3.so.200 /usr/lib/libnl-xfrm-3.la
/usr/lib/libnl-cli-3.so /usr/lib/libnl-idiag-3.so.200.26.0 /usr/lib/libnl-xfrm-3.so
/usr/lib/libnl-cli-3.so.200 /usr/lib/libnl-nf-3.la /usr/lib/libnl-xfrm-3.so.200
/usr/lib/libnl-cli-3.so.200.26.0 /usr/lib/libnl-nf-3.so /usr/lib/libnl-xfrm-3.so.200.26.0
/usr/lib/libnl-genl-3.la /usr/lib/libnl-nf-3.so.200
/usr/lib/libnl-genl-3.so /usr/lib/libnl-nf-3.so.200.26.0

I am not too knowledgeable about libnl,Version 3.4 is required?
but on the site http://www.infradead.org/~tgr/libnl/
The latest stable release is: 3.2.25

Is there a openvpn-dco environment configuration list?

Hello

I have 10.1 col Full HD lenovo tablet. Maybe the needed icon size is missing from apk. I think it because the OpenVPN icon is the default green droid.

If the server challenges for a 2FA code, the client seems to consider that a hard connection failure and give up.

Alternatively, if the config contains a "static-challenge" line, it could be used to prompt for the 2FA code before attempting to connect, but it currently is ignored.

Hi,

I've an issue trying to compile the official release "openvpn v2.4.6":

gcc -DHAVE_CONFIG_H -I. -I../.. -I../../include -I../../include -I../../src/compat -I/usr/kerberos/include -DPLUGIN_LIBDIR="/usr/local/lib/openvpn/plugins" -Wall -Wno-unused-parameter -Wno-unused-function -g -O2 -std=c99 -MT route.o -MD -MP -MF .deps/route.Tpo -c -o route.o route.c
In file included from route.c:48:
/usr/include/linux/rtnetlink.h:487: error: expected specifier-qualifier-list before '__u64'
/usr/include/linux/rtnetlink.h:656: error: expected specifier-qualifier-list before '__u64'
make[3]: *** [route.o] Error 1

It can be fixed by removing the "-std=c99" parameter... However, there is certainly a better way to do that... Maybe there is already a patch to fix this ?

I'm running a CentOS 5 with the latest updates.

Thanks in advance for your help & return.

Regards,
David.

Excuse me!
I am using openvpn and want to test the real data of ovpn-dco in my environment..
I m having some trouble and don t understand the kernel so seek your help.

My environment is a centos, 5.4.168-1.el7.elrepo.x86_64.
And the openvpn process is started successfully, and the main problem is from libnl.
Libnl version:

Openvpn.log:

Under what circumstances is this error displayed and what should I do
please help!

Is there no one-click script for the openvpn-dco installation?Is it so difficult to use after the release?

Does the patch set defered-client-connect have a merge plan?

Hi!
When I compile the openvpn-dco, an error occurs,

configure: error: libnl-genl-3.0 package not found or too old. Is the development package and pkg-config installed? Must be version 3.4.0 or newer

My environment: centos 5.4.168-1.el7.elrepo.x86_64
gcc version 9.3.1 20200408 (Red Hat 9.3.1-2) (GCC)

and
ls /usr/lib/libnl*

/usr/lib/libnl-3.la /usr/lib/libnl-genl-3.so.200 /usr/lib/libnl-route-3.la
/usr/lib/libnl-3.so /usr/lib/libnl-genl-3.so.200.26.0 /usr/lib/libnl-route-3.so
/usr/lib/libnl-3.so.200 /usr/lib/libnl-idiag-3.la /usr/lib/libnl-route-3.so.200
/usr/lib/libnl-3.so.200.26.0 /usr/lib/libnl-idiag-3.so /usr/lib/libnl-route-3.so.200.26.0
/usr/lib/libnl-cli-3.la /usr/lib/libnl-idiag-3.so.200 /usr/lib/libnl-xfrm-3.la
/usr/lib/libnl-cli-3.so /usr/lib/libnl-idiag-3.so.200.26.0 /usr/lib/libnl-xfrm-3.so
/usr/lib/libnl-cli-3.so.200 /usr/lib/libnl-nf-3.la /usr/lib/libnl-xfrm-3.so.200
/usr/lib/libnl-cli-3.so.200.26.0 /usr/lib/libnl-nf-3.so /usr/lib/libnl-xfrm-3.so.200.26.0
/usr/lib/libnl-genl-3.la /usr/lib/libnl-nf-3.so.200
/usr/lib/libnl-genl-3.so /usr/lib/libnl-nf-3.so.200.26.0

I am not too knowledgeable about libnl ,Version 3.4 is required?
but on the site http://www.infradead.org/~tgr/libnl/
The latest stable release is: 3.2.25

Is there a openvpn-dco environment configuration list?

Current latest openvpn version is 2.4.6 but this repository is still using 2.4.5. I noticed that there was a branch, tag and a release for 2.4.6 version https://github.com/schwabe/openvpn/releases/tag/v2.4.6 however that branch was never merged into master. Can you explain why?