From 462840cf6effdb35179664e4b4c95f9325bc1d73 Mon Sep 17 00:00:00 2001 From: Michael Clausen Date: Mon, 3 Oct 2016 13:31:03 +0200 Subject: Using client parameter in function CtConnect Using the global client variable might lead to strange behavoir if multiple clients are allocated and to crashes in the case the client was not initialized with CtStartClient() --- src/Cedar/Client.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Cedar/Client.c b/src/Cedar/Client.c index d4dd39be..9c907ff7 100644 --- a/src/Cedar/Client.c +++ b/src/Cedar/Client.c @@ -6661,7 +6661,7 @@ bool CtConnect(CLIENT *c, RPC_CLIENT_CONNECT *connect) CiSetError(c, ERR_ACCOUNT_ACTIVE); } else if (r->ClientAuth->AuthType == CLIENT_AUTHTYPE_SECURE && - client->UseSecureDeviceId == 0) + c->UseSecureDeviceId == 0) { // Secure device is not specified CiSetError(c, ERR_NO_SECURE_DEVICE_SPECIFIED); -- cgit v1.2.3 From 343d82e98c12a3a12a6b05f867bb122e66cb97cd Mon Sep 17 00:00:00 2001 From: DDGo Date: Tue, 29 Nov 2016 18:22:26 +0100 Subject: Remove blank line at the start from init file There was a blank line at the start of the file before #! /bin/sh, which declares which interpeter it has to use. With this blank line the init script will not work and will throw error "exit status 1", meaning the deamon doesn't start. This simple edit to the file will fix that --- debian/softether-vpnserver.init | 1 - 1 file changed, 1 deletion(-) diff --git a/debian/softether-vpnserver.init b/debian/softether-vpnserver.init index 51baa221..8b815579 100644 --- a/debian/softether-vpnserver.init +++ b/debian/softether-vpnserver.init @@ -1,4 +1,3 @@ - #! /bin/sh ### BEGIN INIT INFO -- cgit v1.2.3 From a5425bcb4e083f6832b5a654ccdc691129859f64 Mon Sep 17 00:00:00 2001 From: Noah O'Donoghue Date: Wed, 28 Dec 2016 14:39:01 +0700 Subject: Add files via upload --- src/Cedar/IPsec_PPP.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/Cedar/IPsec_PPP.c b/src/Cedar/IPsec_PPP.c index 562b187e..3dc9f24b 100644 --- a/src/Cedar/IPsec_PPP.c +++ b/src/Cedar/IPsec_PPP.c @@ -1749,8 +1749,12 @@ PPP_PACKET *PPPRecvResponsePacket(PPP_SESSION *p, PPP_PACKET *req, USHORT expect if (pp->IsControl && PPP_CODE_IS_REQUEST(pp->Protocol, pp->Lcp->Code)) { + // Record current resend because next steps may take a while + UINT64 currentresend = next_resend - now; // Process when the received packet is a request packet response = PPPProcessRequestPacket(p, pp); + // Increase next resend because this may have taken a while + next_resend = Tick64() + currentresend; FreePPPPacket(pp); if (response == NULL) -- cgit v1.2.3 From 69508dc6842b53dd20e906074fcaa3fdde8c03d7 Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Mon, 9 Jan 2017 16:22:33 +0500 Subject: added github PR template --- .github/PULL_REQUEST_TEMPLATE.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 .github/PULL_REQUEST_TEMPLATE.md diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 00000000..14a862fa --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,14 @@ +Changes proposed in this pull request: + - + - + - + +Your great patch is much appreciated. We are considering to apply your patch into the SoftEther VPN main tree. + +SoftEther VPN Patch Acceptance Policy: +http://www.softether.org/5-download/src/9.patch + +You have two options which are described on the above policy. +Could you please choose either option 1 or 2, and specify it clearly on the reply? + +- -- cgit v1.2.3 From c7c40c063a62faccf2c058605dad499ba572ec5c Mon Sep 17 00:00:00 2001 From: Moataz Elmasry Date: Sat, 21 Jan 2017 15:16:11 +0100 Subject: Add DH groups 2048,3072,4096 to IPSec_IKE src/Cedar/IPsec_IkePacket.c --- src/Cedar/IPsec_IkePacket.c | 17 ++++++++++++++++- src/Cedar/IPsec_IkePacket.h | 15 +++++++++++++++ 2 files changed, 31 insertions(+), 1 deletion(-) diff --git a/src/Cedar/IPsec_IkePacket.c b/src/Cedar/IPsec_IkePacket.c index 6068397d..8475a456 100644 --- a/src/Cedar/IPsec_IkePacket.c +++ b/src/Cedar/IPsec_IkePacket.c @@ -2559,7 +2559,7 @@ IKE_ENGINE *NewIkeEngine() IKE_ENGINE *e = ZeroMalloc(sizeof(IKE_ENGINE)); IKE_CRYPTO *des, *des3, *aes; IKE_HASH *sha1, *md5; - IKE_DH *dh1, *dh2, *dh5; + IKE_DH *dh1, *dh2, *dh5, *dh2048, *dh3072, *dh4096; UINT des_key_sizes[] = { 8, @@ -2601,6 +2601,9 @@ IKE_ENGINE *NewIkeEngine() dh1 = NewIkeDh(e, IKE_DH_1_ID, IKE_DH_1_STRING, 96); dh2 = NewIkeDh(e, IKE_DH_2_ID, IKE_DH_2_STRING, 128); dh5 = NewIkeDh(e, IKE_DH_5_ID, IKE_DH_5_STRING, 192); + dh2048 = NewIkeDh(e, IKE_DH_2048_ID, IKE_DH_2048_STRING, 256); + dh3072 = NewIkeDh(e, IKE_DH_3072_ID, IKE_DH_3072_STRING, 384); + dh4096 = NewIkeDh(e, IKE_DH_4096_ID, IKE_DH_4096_STRING, 512); // Define the IKE algorithm e->IkeCryptos[IKE_P1_CRYPTO_DES_CBC] = des; @@ -2620,6 +2623,9 @@ IKE_ENGINE *NewIkeEngine() e->IkeDhs[IKE_P1_DH_GROUP_768_MODP] = e->EspDhs[IKE_P2_DH_GROUP_768_MODP] = dh1; e->IkeDhs[IKE_P1_DH_GROUP_1024_MODP] = e->EspDhs[IKE_P2_DH_GROUP_1024_MODP] = dh2; e->IkeDhs[IKE_P1_DH_GROUP_1536_MODP] = e->EspDhs[IKE_P2_DH_GROUP_1536_MODP] = dh5; + e->IkeDhs[IKE_P1_DH_GROUP_2048_MODP] = e->EspDhs[IKE_P2_DH_GROUP_2048_MODP] = dh2048; + e->IkeDhs[IKE_P1_DH_GROUP_3072_MODP] = e->EspDhs[IKE_P2_DH_GROUP_3072_MODP] = dh3072; + e->IkeDhs[IKE_P1_DH_GROUP_4096_MODP] = e->EspDhs[IKE_P2_DH_GROUP_4096_MODP] = dh4096; return e; } @@ -3132,6 +3138,15 @@ DH_CTX *IkeDhNewCtx(IKE_DH *d) case IKE_DH_5_ID: return DhNewGroup5(); + + case IKE_DH_2048_ID: + return DhNew2048(); + + case IKE_DH_3072_ID: + return DhNew3072(); + + case IKE_DH_4096_ID: + return DhNew4096(); } return NULL; diff --git a/src/Cedar/IPsec_IkePacket.h b/src/Cedar/IPsec_IkePacket.h index c34864c7..6f714377 100644 --- a/src/Cedar/IPsec_IkePacket.h +++ b/src/Cedar/IPsec_IkePacket.h @@ -259,6 +259,9 @@ struct IKE_TRANSFORM_VALUE #define IKE_P1_DH_GROUP_768_MODP 1 #define IKE_P1_DH_GROUP_1024_MODP 2 #define IKE_P1_DH_GROUP_1536_MODP 5 +#define IKE_P1_DH_GROUP_2048_MODP 14 +#define IKE_P1_DH_GROUP_3072_MODP 15 +#define IKE_P1_DH_GROUP_4096_MODP 16 // Phase 1: The expiration date type in IKE transform value #define IKE_P1_LIFE_TYPE_SECONDS 1 @@ -272,6 +275,9 @@ struct IKE_TRANSFORM_VALUE #define IKE_P2_DH_GROUP_768_MODP 1 #define IKE_P2_DH_GROUP_1024_MODP 2 #define IKE_P2_DH_GROUP_1536_MODP 5 +#define IKE_P2_DH_GROUP_2048_MODP 14 +#define IKE_P2_DH_GROUP_3072_MODP 15 +#define IKE_P2_DH_GROUP_4096_MODP 16 // Phase 2: The encapsulation mode in IPsec transform value #define IKE_P2_CAPSULE_TUNNEL 1 @@ -540,6 +546,15 @@ struct IKE_P1_KEYSET #define IKE_DH_5_ID 2 #define IKE_DH_5_STRING "MODP 1536 (Group 5)" +#define IKE_DH_2048_ID 14 +#define IKE_DH_2048_STRING "MODP 2048 (Group 14)" + +#define IKE_DH_3072_ID 15 +#define IKE_DH_3072_STRING "MODP 3072 (Group 15)" + +#define IKE_DH_4096_ID 16 +#define IKE_DH_4096_STRING "MODP 4096 (Group 16)" + // Encryption algorithm for IKE struct IKE_CRYPTO -- cgit v1.2.3 From 78bcc07fa9cbbcaff21c8fad95eac52174c8cbb3 Mon Sep 17 00:00:00 2001 From: cm0x4d Date: Thu, 28 Sep 2017 10:37:24 +0200 Subject: Peer info optional in OvsParseKeyMethod2() --- src/Cedar/Interop_OpenVPN.c | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/src/Cedar/Interop_OpenVPN.c b/src/Cedar/Interop_OpenVPN.c index 801f48b9..1eb57f82 100644 --- a/src/Cedar/Interop_OpenVPN.c +++ b/src/Cedar/Interop_OpenVPN.c @@ -1151,14 +1151,17 @@ UINT OvsParseKeyMethod2(OPENVPN_KEY_METHOD_2 *ret, UCHAR *data, UINT size, bool // Random2 if (ReadBuf(b, ret->Random2, sizeof(ret->Random2)) == sizeof(ret->Random2)) { - // String - if (OvsReadStringFromBuf(b, ret->OptionString, sizeof(ret->OptionString)) && - OvsReadStringFromBuf(b, ret->Username, sizeof(ret->Username)) && - OvsReadStringFromBuf(b, ret->Password, sizeof(ret->Password)) && - OvsReadStringFromBuf(b, ret->PeerInfo, sizeof(ret->PeerInfo))) - { - read_size = b->Current; - } + // String + if (OvsReadStringFromBuf(b, ret->OptionString, sizeof(ret->OptionString)) && + OvsReadStringFromBuf(b, ret->Username, sizeof(ret->Username)) && + OvsReadStringFromBuf(b, ret->Password, sizeof(ret->Password))) + { + if (!OvsReadStringFromBuf(b, ret->PeerInfo, sizeof(ret->PeerInfo))) + { + Zero(ret->PeerInfo, sizeof(ret->PeerInfo)); + } + read_size = b->Current; + } } } } -- cgit v1.2.3