Stefan Crain
9d52be2b3c
Contributing guidelines to curb the useless issues and pull requests.
...
Github.com shows these on the top of the issues screen and Pull request area,
They give an overview of the usefulness here -
https://github.com/blog/1184-contributing-guidelines
2017-01-23 14:02:08 -05:00
Nyr
6939dffb09
Fixed firewall and SELinux for TCP
...
- Firewall/SELinux configuration wasn't updated to work with TCP (fixes
#250 )
- Uncluttered protocol selection a bit
2017-01-20 15:12:54 +01:00
Nyr
0e4bba792b
TCP support
...
Also, my English sucks.
2017-01-04 03:41:47 +01:00
Nyr
c6880407dd
UX improvements
...
Fixes #241 .
2016-12-11 19:11:57 +01:00
Nyr
597d16d094
Upgrade cipher to AES-128-CBC
...
Will be the new default starting with OpenVPN 2.4.
2016-12-11 17:03:25 +01:00
Nyr
b6f0c42b5b
Merge pull request #194 from hhktony/patch-3
...
Bugfix for situations when net.ipv4.ip_forward_use_pmtu is set in /etc/sysctl.conf.
2016-09-06 18:30:23 +02:00
Tony Xu
799b8f9a76
fix net.ipv4.ip_forward settings
...
If the `/etc/sysctl.conf` contains `net.ipv4.ip_forward_use_pmtu`
2016-09-06 23:52:08 +08:00
Nyr
791c54786c
Better way to enable IP forwarding
...
Should be more universal than the previous approach.
2016-09-06 16:20:52 +02:00
Nyr
6e349e31cb
Merge pull request #184 from redorkulated/master
...
Changed iptables to not lookup hosts
2016-09-01 16:23:57 +02:00
Michael
56f079289e
Changed iptables to not lookup hosts
...
Should be faster lookup on iptables if firewall rules contain lots
of host IP addresses (no need for a DNS lookup on each one!)
2016-08-22 20:14:34 +01:00
Nyr
dab9a210c2
Offer updated
2016-07-23 16:50:02 +02:00
Nyr
5e29198c21
Offer updated
2016-07-23 16:44:41 +02:00
Nyr
ef1ae85797
Change cipher to AES-128-CBC
2016-05-16 02:52:33 +02:00
Nyr
ae5b5ce2be
Drop privileges after initialization
2016-05-15 20:50:37 +02:00
Nyr
c5b4907fd6
Enable tls-auth
2016-05-15 19:22:32 +02:00
Nyr
acca10ba1a
Prevent DNS leaks on Windows 10
...
- This will generate a warning in unsupported environments.
- This will not work if the client is using an OpenVPN version lower
than 2.3.9
- For OpenVPN 2.3.3+, ignore-unknown-option could be used instead of
setenv opt to prevent a warning.
TL;DR: upgrade to the latest OpenVPN on Windows, ignore the warning
elsewhere.
Thanks a lot for your continuous work on OpenVPN, @ValdikSS.
2016-05-15 01:49:50 +02:00
Nyr
52f419e0d5
Detect users running with "sh" instead of bash
...
And changed error codes. Sorry, not sorry.
2016-05-10 14:12:32 +02:00
Nyr
2bcb4681a1
Added Verisign DNS
2016-04-07 16:57:47 +02:00
Nyr
7fb12dc5cb
Use "hash" instead of "which"
...
Always better to use builtins, and “which” is even missing in some
minimal templates.
2016-03-14 19:41:39 +01:00
Nyr
91b9373311
TAP is not needed
...
Not sure why it was there in the first place.
2016-03-13 22:45:34 +01:00
Nyr
3a96224d1f
Revoking doesn't need a restart
...
The CRL is checked with every new connection and channel renegotiation,
no need to restart the server.
2016-03-08 01:12:43 +01:00
Nyr
96108e6b2e
Clarify NAT question
2016-02-29 19:18:32 +01:00
Nyr
e8958b969e
Avoid error message if sestatus isn't available
...
Just a cosmetic change.
2016-02-19 21:50:28 +01:00
Nyr
eaf6f1fed4
Removed Level 3 DNS
...
For some countries, Level 3 is now hijacking NXDOMAIN responses, so
removed.
2016-02-14 22:26:10 +01:00
Nyr
cf60872eae
SELinux improvements
...
- Now the port exception is removed when uninstalling.
- sestatus seems to be more widely available.
2016-02-13 19:09:16 +01:00
Nyr
f9dafd6ec6
SELinux compatibility
...
This should’ve been supported for a long time.
2016-02-12 23:46:53 +01:00
Nyr
186737c769
Improved one-liner
...
git.io now supports HTTPS :)
2016-02-12 23:21:32 +01:00
Nyr
9779b817b6
Update README.md
...
The “isn’t bulletproof” part was confusing to some users which were
emailing me about security. I was just talking about compatibility.
2016-02-05 21:36:41 +01:00
Nyr
aa5c024b8e
Merge pull request #107 from angrysnarl/master
...
Fixed rm -rf commands for revoking user certs
2015-12-15 17:17:31 +01:00
angrysnarl
a1b57a1c31
Fixed rm -rf commands for revoking user certs
2015-12-16 00:15:08 +08:00
Nyr
0df84e4541
Fix #105
2015-12-14 22:36:40 +01:00
Nyr
e58addc2c5
Verify server certificate during easy-rsa download
2015-11-24 23:04:56 +01:00
Nyr
d55effb08c
Update to easy-rsa 3.0.1
2015-11-21 15:35:51 +01:00
Nyr
73da43b872
Merge pull request #88 from ValdikSS/buf
...
Do not allow OpenVPN to set (low) buffer sizes
2015-11-15 19:36:15 +01:00
Nyr
51998f0d56
Merge pull request #87 from ValdikSS/euid
...
Use EUID to check root
2015-11-15 19:35:26 +01:00
Nyr
5a0babb807
Merge pull request #86 from ValdikSS/exit
...
Use different exit codes on error
2015-11-15 19:35:13 +01:00
ValdikSS
0265fc0e06
Use different exit codes on error
2015-11-15 13:37:22 +03:00
ValdikSS
15a39afd11
Do not allow OpenVPN to set (low) buffer sizes
2015-11-15 13:36:20 +03:00
ValdikSS
2574097eb4
Use EUID to check root
2015-11-15 13:34:19 +03:00
Nyr
d32416561b
Grep for DROP as well as REJECT
2015-10-07 19:57:04 +02:00
Nyr
5c65625bcc
Merge pull request #76 from PeterDaveHello/patch-1
...
Don't run the script if download failed
2015-10-07 13:38:21 +02:00
Peter Dave Hello
5741989e69
Update README.md
...
Use `&&` instead of `;` in the command,
do not run the script if download failed.
2015-10-07 16:00:06 +08:00
Nyr
eb8d8257a0
The BIG commit
...
- Upgrade to easy-rsa 3.0.0
- Firewall support: rules are added for both FirewallD and iptables if
needed.
- Creation of our own configuration files for both the server and
clients.
- Using subnet topology instead of the deprecated net30.
- Removed port 53 question during install: user can just choose that
port during setup.
- Removed internal networking option: this is a road warrior installer
after all.
- Bugfix: the default easy-rsa directory was not correctly deleted if
one was already there.
2015-09-12 21:48:08 +02:00
Nyr
abe2ac44b1
Offer updated
2015-09-04 20:56:25 +02:00
Nyr
e176938ecd
Offer updated
2015-08-06 19:43:23 +02:00
Nyr
b46a0541dd
Replaced Yandex DNS with Google
...
Yandex DNS is not stable enough, Google was previously missing.
2015-08-05 02:17:24 +02:00
Nyr
67b4cd68e2
Merge pull request #57 from hcartiaux/master
...
Remove a useless wc
2015-08-04 16:27:58 +02:00
Hyacinthe Cartiaux
91e09dedf1
Remove a useless use of wc
2015-08-01 20:27:30 +02:00
Nyr
7d467d9666
Multiple improvements
...
- Better UX for client certificate revocation: a list of the current
client names is shown to the user
- easy-rsa 2.2.2 now used by default: it’s easier for me to maintain a
single version
2015-07-22 08:02:59 +02:00
Nyr
b778c1aed9
Cosmetic bugfix
2015-06-29 09:23:44 +02:00