diff options
-rw-r--r-- | .github/PULL_REQUEST_TEMPLATE.md | 14 | ||||
-rw-r--r-- | debian/softether-vpnserver.init | 1 | ||||
-rw-r--r-- | src/Cedar/Client.c | 2 | ||||
-rw-r--r-- | src/Cedar/IPsec_IkePacket.c | 17 | ||||
-rw-r--r-- | src/Cedar/IPsec_IkePacket.h | 15 | ||||
-rw-r--r-- | src/Cedar/IPsec_PPP.c | 4 | ||||
-rw-r--r-- | src/Cedar/Interop_OpenVPN.c | 19 |
7 files changed, 62 insertions, 10 deletions
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 00000000..14a862fa --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,14 @@ +Changes proposed in this pull request: + - + - + - + +Your great patch is much appreciated. We are considering to apply your patch into the SoftEther VPN main tree. + +SoftEther VPN Patch Acceptance Policy: +http://www.softether.org/5-download/src/9.patch + +You have two options which are described on the above policy. +Could you please choose either option 1 or 2, and specify it clearly on the reply? + +- diff --git a/debian/softether-vpnserver.init b/debian/softether-vpnserver.init index 51baa221..8b815579 100644 --- a/debian/softether-vpnserver.init +++ b/debian/softether-vpnserver.init @@ -1,4 +1,3 @@ - #! /bin/sh ### BEGIN INIT INFO diff --git a/src/Cedar/Client.c b/src/Cedar/Client.c index ccfbe665..c4aa26d7 100644 --- a/src/Cedar/Client.c +++ b/src/Cedar/Client.c @@ -6663,7 +6663,7 @@ bool CtConnect(CLIENT *c, RPC_CLIENT_CONNECT *connect) CiSetError(c, ERR_ACCOUNT_ACTIVE);
}
else if (r->ClientAuth->AuthType == CLIENT_AUTHTYPE_SECURE &&
- client->UseSecureDeviceId == 0)
+ c->UseSecureDeviceId == 0)
{
// Secure device is not specified
CiSetError(c, ERR_NO_SECURE_DEVICE_SPECIFIED);
diff --git a/src/Cedar/IPsec_IkePacket.c b/src/Cedar/IPsec_IkePacket.c index 0c83752b..0790403c 100644 --- a/src/Cedar/IPsec_IkePacket.c +++ b/src/Cedar/IPsec_IkePacket.c @@ -2560,6 +2560,8 @@ IKE_ENGINE *NewIkeEngine() IKE_CRYPTO *des, *des3, *aes;
IKE_HASH *sha1, *md5, *sha2_256, *sha2_384, *sha2_512;
IKE_DH *dh1, *dh2, *dh5;
+ IKE_HASH *sha1, *md5;
+ IKE_DH *dh1, *dh2, *dh5, *dh2048, *dh3072, *dh4096;
UINT des_key_sizes[] =
{
8,
@@ -2609,6 +2611,9 @@ IKE_ENGINE *NewIkeEngine() dh1 = NewIkeDh(e, IKE_DH_1_ID, IKE_DH_1_STRING, 96);
dh2 = NewIkeDh(e, IKE_DH_2_ID, IKE_DH_2_STRING, 128);
dh5 = NewIkeDh(e, IKE_DH_5_ID, IKE_DH_5_STRING, 192);
+ dh2048 = NewIkeDh(e, IKE_DH_2048_ID, IKE_DH_2048_STRING, 256);
+ dh3072 = NewIkeDh(e, IKE_DH_3072_ID, IKE_DH_3072_STRING, 384);
+ dh4096 = NewIkeDh(e, IKE_DH_4096_ID, IKE_DH_4096_STRING, 512);
// Define the IKE algorithm
e->IkeCryptos[IKE_P1_CRYPTO_DES_CBC] = des;
@@ -2632,6 +2637,9 @@ IKE_ENGINE *NewIkeEngine() e->IkeDhs[IKE_P1_DH_GROUP_768_MODP] = e->EspDhs[IKE_P2_DH_GROUP_768_MODP] = dh1;
e->IkeDhs[IKE_P1_DH_GROUP_1024_MODP] = e->EspDhs[IKE_P2_DH_GROUP_1024_MODP] = dh2;
e->IkeDhs[IKE_P1_DH_GROUP_1536_MODP] = e->EspDhs[IKE_P2_DH_GROUP_1536_MODP] = dh5;
+ e->IkeDhs[IKE_P1_DH_GROUP_2048_MODP] = e->EspDhs[IKE_P2_DH_GROUP_2048_MODP] = dh2048;
+ e->IkeDhs[IKE_P1_DH_GROUP_3072_MODP] = e->EspDhs[IKE_P2_DH_GROUP_3072_MODP] = dh3072;
+ e->IkeDhs[IKE_P1_DH_GROUP_4096_MODP] = e->EspDhs[IKE_P2_DH_GROUP_4096_MODP] = dh4096;
return e;
}
@@ -3183,6 +3191,15 @@ DH_CTX *IkeDhNewCtx(IKE_DH *d) case IKE_DH_5_ID:
return DhNewGroup5();
+
+ case IKE_DH_2048_ID:
+ return DhNew2048();
+
+ case IKE_DH_3072_ID:
+ return DhNew3072();
+
+ case IKE_DH_4096_ID:
+ return DhNew4096();
}
return NULL;
diff --git a/src/Cedar/IPsec_IkePacket.h b/src/Cedar/IPsec_IkePacket.h index 2f7859f7..e82925b6 100644 --- a/src/Cedar/IPsec_IkePacket.h +++ b/src/Cedar/IPsec_IkePacket.h @@ -262,6 +262,9 @@ struct IKE_TRANSFORM_VALUE #define IKE_P1_DH_GROUP_768_MODP 1
#define IKE_P1_DH_GROUP_1024_MODP 2
#define IKE_P1_DH_GROUP_1536_MODP 5
+#define IKE_P1_DH_GROUP_2048_MODP 14
+#define IKE_P1_DH_GROUP_3072_MODP 15
+#define IKE_P1_DH_GROUP_4096_MODP 16
// Phase 1: The expiration date type in IKE transform value
#define IKE_P1_LIFE_TYPE_SECONDS 1
@@ -275,6 +278,9 @@ struct IKE_TRANSFORM_VALUE #define IKE_P2_DH_GROUP_768_MODP 1
#define IKE_P2_DH_GROUP_1024_MODP 2
#define IKE_P2_DH_GROUP_1536_MODP 5
+#define IKE_P2_DH_GROUP_2048_MODP 14
+#define IKE_P2_DH_GROUP_3072_MODP 15
+#define IKE_P2_DH_GROUP_4096_MODP 16
// Phase 2: The encapsulation mode in IPsec transform value
#define IKE_P2_CAPSULE_TUNNEL 1
@@ -552,6 +558,15 @@ struct IKE_P1_KEYSET #define IKE_DH_5_ID 2
#define IKE_DH_5_STRING "MODP 1536 (Group 5)"
+#define IKE_DH_2048_ID 14
+#define IKE_DH_2048_STRING "MODP 2048 (Group 14)"
+
+#define IKE_DH_3072_ID 15
+#define IKE_DH_3072_STRING "MODP 3072 (Group 15)"
+
+#define IKE_DH_4096_ID 16
+#define IKE_DH_4096_STRING "MODP 4096 (Group 16)"
+
// Encryption algorithm for IKE
struct IKE_CRYPTO
diff --git a/src/Cedar/IPsec_PPP.c b/src/Cedar/IPsec_PPP.c index 562b187e..3dc9f24b 100644 --- a/src/Cedar/IPsec_PPP.c +++ b/src/Cedar/IPsec_PPP.c @@ -1749,8 +1749,12 @@ PPP_PACKET *PPPRecvResponsePacket(PPP_SESSION *p, PPP_PACKET *req, USHORT expect if (pp->IsControl && PPP_CODE_IS_REQUEST(pp->Protocol, pp->Lcp->Code))
{
+ // Record current resend because next steps may take a while
+ UINT64 currentresend = next_resend - now;
// Process when the received packet is a request packet
response = PPPProcessRequestPacket(p, pp);
+ // Increase next resend because this may have taken a while
+ next_resend = Tick64() + currentresend;
FreePPPPacket(pp);
if (response == NULL)
diff --git a/src/Cedar/Interop_OpenVPN.c b/src/Cedar/Interop_OpenVPN.c index 801f48b9..1eb57f82 100644 --- a/src/Cedar/Interop_OpenVPN.c +++ b/src/Cedar/Interop_OpenVPN.c @@ -1151,14 +1151,17 @@ UINT OvsParseKeyMethod2(OPENVPN_KEY_METHOD_2 *ret, UCHAR *data, UINT size, bool // Random2
if (ReadBuf(b, ret->Random2, sizeof(ret->Random2)) == sizeof(ret->Random2))
{
- // String
- if (OvsReadStringFromBuf(b, ret->OptionString, sizeof(ret->OptionString)) &&
- OvsReadStringFromBuf(b, ret->Username, sizeof(ret->Username)) &&
- OvsReadStringFromBuf(b, ret->Password, sizeof(ret->Password)) &&
- OvsReadStringFromBuf(b, ret->PeerInfo, sizeof(ret->PeerInfo)))
- {
- read_size = b->Current;
- }
+ // String
+ if (OvsReadStringFromBuf(b, ret->OptionString, sizeof(ret->OptionString)) &&
+ OvsReadStringFromBuf(b, ret->Username, sizeof(ret->Username)) &&
+ OvsReadStringFromBuf(b, ret->Password, sizeof(ret->Password)))
+ {
+ if (!OvsReadStringFromBuf(b, ret->PeerInfo, sizeof(ret->PeerInfo)))
+ {
+ Zero(ret->PeerInfo, sizeof(ret->PeerInfo));
+ }
+ read_size = b->Current;
+ }
}
}
}
|