From patchwork Fri Sep 3 23:56:29 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 1935 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director11.mail.ord1d.rsapps.net ([172.28.255.1]) by backend30.mail.ord1d.rsapps.net with LMTP id +PQCARVDM2EZLwAAIUCqbw (envelope-from ) for ; Sat, 04 Sep 2021 05:57:41 -0400 Received: from proxy6.mail.ord1c.rsapps.net ([172.28.255.1]) by director11.mail.ord1d.rsapps.net with LMTP id +C27ABVDM2GHDwAAvGGmqA (envelope-from ) for ; Sat, 04 Sep 2021 05:57:41 -0400 Received: from smtp35.gate.ord1c ([172.28.255.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy6.mail.ord1c.rsapps.net with LMTPS id QJ1oABVDM2GGZAAA9sKXow (envelope-from ) for ; Sat, 04 Sep 2021 05:57:41 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp35.gate.ord1c.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=unstable.cc X-Suspicious-Flag: YES X-Classification-ID: 8a468be2-0d66-11ec-84e5-5452002f485d-1-1 Received: from [216.105.38.7] ([216.105.38.7:57350] helo=lists.sourceforge.net) by smtp35.gate.ord1c.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 48/69-17519-41343316; Sat, 04 Sep 2021 05:57:40 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1mMSQ3-0007fs-Gw; Sat, 04 Sep 2021 09:57:03 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mMSPr-0007ew-2U for openvpn-devel@lists.sourceforge.net; Sat, 04 Sep 2021 09:56:51 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=uf+oM0CRAQym5IqGEbNqkUwthi3IMIlR9AgwE0fFh+Y=; b=cCSEJfJ4Vy0v7WhXmAKwtZFXSt Dw79fBvsbs1s3HZyq6THUQz9OG6eRdh2o0JssAZeJJ7fY22xy2evCj2vGGNuNPS+ULL5UtzrlPuPM vpZYv2tpNu1q34Cfh6Nj0/ThlGW3HUHRl/QgGpNQ0DXgID3BGSsA5COOZVs4iJLrfbkY=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=uf+oM0CRAQym5IqGEbNqkUwthi3IMIlR9AgwE0fFh+Y=; b=dACPtFkuLVTnHfLrAuChE0ZoHu U9vWC4EgCg2nyybR2CmkhSaL8/ihMuqGO8IDnuze04oeDdlzJMhafb41UqgSlsNsbQP2PvFdOL7ZO PXYT9fK2FKLWxEKVPRMp4Q2KvdZFEAe5unl2qeQ747EkAFh1Q1zJjozavNCPXQNyl1Sk=; Received: from s2.neomailbox.net ([5.148.176.60]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) id 1mMSPq-00EOMo-D4 for openvpn-devel@lists.sourceforge.net; Sat, 04 Sep 2021 09:56:50 +0000 From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Sat, 4 Sep 2021 11:56:29 +0200 Message-Id: <20210904095629.6273-8-a@unstable.cc> In-Reply-To: <20210904095629.6273-1-a@unstable.cc> References: <20210904095629.6273-1-a@unstable.cc> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: With OpenVPN 2.6 there are a number of default settings that are changing to more modern and safer values. Some users may not be aware of that and may experience problematic behaviours, especially when connecting to older peers. Content analysis details: (0.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record X-Headers-End: 1mMSPq-00EOMo-D4 Subject: [Openvpn-devel] [PATCH 7/7] add message about changing default values X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox With OpenVPN 2.6 there are a number of default settings that are changing to more modern and safer values. Some users may not be aware of that and may experience problematic behaviours, especially when connecting to older peers. Add warning at startup to notify users about the change. Signed-off-by: Arne Schwabe Signed-off-by: Antonio Quartulli Acked-By: Arne Schwabe --- src/openvpn/options.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 6f6eb73d..26eac836 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -3278,6 +3278,12 @@ options_postprocess_mutate(struct options *o) * when using --pull */ pre_connect_save(o); + + /* Give a general warning at the end of initialisation that defaults + * have changed */ + msg(M_WARN, "Note that modernisation of defaults in OpenVPN 2.6 limits " + "compatibility with old versions. See Changes.rst and " + "--compat-mode in the manual for details."); } /*