From patchwork Mon Mar 4 13:01:46 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "plaisthos (Code Review)" X-Patchwork-Id: 3630 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:1888:b0:559:d8ef:cc57 with SMTP id r8csp2640562max; Mon, 4 Mar 2024 05:02:39 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCVKbcJMFWbN4obdLBCBChIbV0JZPwHS7dKAKRDZZRuP6oeclxrprbzo9mdKhBpLhiokpfvnBYy5uKbjPn8lAE+Ay0+muKo= X-Google-Smtp-Source: AGHT+IGXaCD2F0zS1EM3VIbznU1oUTBlw6y51F/avrdf8SZ1z/JYjowomP4Ydh6ET+TFvvmm0Mn3 X-Received: by 2002:a05:6a20:3d94:b0:1a1:1a07:b0b3 with SMTP id s20-20020a056a203d9400b001a11a07b0b3mr10410247pzi.5.1709557358603; Mon, 04 Mar 2024 05:02:38 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1709557358; cv=none; d=google.com; s=arc-20160816; b=pVRHb+kcjcChEN3HpQrvVgvWYgtB4h4u45YekHwlxXNQHRjG+u4ak3HgLVUUoj6p3n 858tgJ8JXmaJErg5ZP1ZXSErhFGcvMeoM6NPIkDXZLAYKcQGP1uHk1A6Mv990M1Vfdmo JKyKfl/SDICSkp3JRAcP0agge0SJ/zTNOx7pvo09xJO8llpWl3vwmNeL/nBljAlDZwWa G9UgOL8ll0n5aZnQv0bZSyq/4mwF8DfY8oFFCBzaFkHGrCtS1ymzB6rKUJ/Wj4P+X4av 7FA15Zyako95JHT+Z4B8OIRa9H31GTv7aJbcRXufAif9MrDswfeCBw3irlIbYNqeQKt2 /i7g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:cc:reply-to:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence:subject:user-agent :mime-version:message-id:references:auto-submitted:to:date:from :dkim-signature:dkim-signature:dkim-signature; bh=dJPw7qCxzIav3mk2hJ7E5Kp/7xGVj9gdnFILPI4YkME=; fh=GFP4qDxgyJ2WEPo/oeLZg3Mj4NqvY1j2nTvTt7psNwg=; b=Nw3PwVhwhRGQ+E5B5WvsgCwdLm3/6l++78qs2s6bqfG9WKnUAjGvvqy/kr/D8PuX0+ 2m/Clde8ukVpFytR6BThylExJ/TjLRMES/4pI8xHyNIVYampW6cY0pmYhSPfNWB8FFD+ ednKP4+CQJRVOdpD0G//qSRGjPfU2apOQCpGWJD8uzthds0mdPzrc+rNpjdUCuhOOCAn vykF6kmJha6zwWmiKb3up0eyvn/FiEqv9HE36DEY4h4tpeGq8ByY2JGDdQmz+QPZLtiV mBZocU13diwH2aU7wqh/v2ZdYAiPh2cD07OYRbeYK/5rlqd3kShMudrOtHrVNHVL/lnc 0Djw==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=T9KkxXwS; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=ClgOtTSw; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=cVNDFws3; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id n26-20020a635c5a000000b005ceca1094c3si8141353pgm.853.2024.03.04.05.02.38 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 04 Mar 2024 05:02:38 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=T9KkxXwS; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=ClgOtTSw; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=cVNDFws3; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net Received: from [127.0.0.1] (helo=sfs-ml-3.v29.lw.sourceforge.com) by sfs-ml-3.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1rh7xD-0001GW-Mq; Mon, 04 Mar 2024 13:02:04 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-3.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1rh7xC-0001GO-Ef for openvpn-devel@lists.sourceforge.net; Mon, 04 Mar 2024 13:02:03 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Type:Content-Transfer-Encoding:MIME-Version :Message-ID:Reply-To:References:Subject:List-Unsubscribe:List-Id:Cc:To:Date: From:Sender:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help: List-Subscribe:List-Post:List-Owner:List-Archive; bh=fwY5xA4W9BcIcSTRXMOWL/lvpYNE94b/7D8oOQj29YU=; b=T9KkxXwSeRqwb38Uisd8xO4ODO rnfllyEG0xFgMVmhnlJqttnUqpaWrqTJSuFRJ0CRnBILvbPw2boULFQqkmI6XddUHTFiNETlr6nMc XF/2AkWW5hsOrytgxPn60IBNXU6V/6S7qYCkJH08ZXWyoc7xJ/5gLLjOAy+ZNFujrQj8=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Type:Content-Transfer-Encoding:MIME-Version:Message-ID:Reply-To: References:Subject:List-Unsubscribe:List-Id:Cc:To:Date:From:Sender:Content-ID :Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To: Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help:List-Subscribe:List-Post: List-Owner:List-Archive; bh=fwY5xA4W9BcIcSTRXMOWL/lvpYNE94b/7D8oOQj29YU=; b=C lgOtTSwMUFdBq1OZ9ABXWybtXZ/b1+k3oW6Ui/OIu2p7O7LExzqUaXP0f9fMQExQuMg/OExXdLfEv 2et+9/t4yVFcawxqliu3hqb/2BgxlGynpG7mTMvT0qLC2kzekRoglN2Vjc2HepjGFdtwsmtG/qAxE n/pv5mDDYCg8sJSI=; Received: from mail-wm1-f42.google.com ([209.85.128.42]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1rh7x2-0002BY-Pl for openvpn-devel@lists.sourceforge.net; Mon, 04 Mar 2024 13:02:02 +0000 Received: by mail-wm1-f42.google.com with SMTP id 5b1f17b1804b1-412e92deb18so673245e9.1 for ; Mon, 04 Mar 2024 05:01:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=openvpn.net; s=google; t=1709557307; x=1710162107; darn=lists.sourceforge.net; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from:from:to:cc :subject:date:message-id:reply-to; bh=fwY5xA4W9BcIcSTRXMOWL/lvpYNE94b/7D8oOQj29YU=; b=cVNDFws3odnVqCm9IzpZR+74KbK7xekE+kXZv85dIY8NtsfcSFJt9I2Xu0EqsF4Jib assMOCJ5OFXfqxJ9bRJQP+N86ZbREnqjTM6HxWcpS8cdJLaQb0YOpVu8CKd499EDrn4L uw3nio5FXyuzU60RAy0stdo9EV7Ih8msGcM9voGbPpAyE5mpRvnaV7o5d48cb118DaVG NTG60ouRHqKe/Qwe79epbiyHoJ+yr29Jgd2jvxnpm4Ee7ZabojQhQX7JGpbOINEzS+5J wBUNCi3NW40NxmCAibnVnLMEphvY9gvYkLaK7cknBYWL/4Z0X8T/RGWIZmMlg1CidIOj 5GFg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709557307; x=1710162107; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=fwY5xA4W9BcIcSTRXMOWL/lvpYNE94b/7D8oOQj29YU=; b=TN36gDEHmzGi9z6ferVgNXq1+x5IQ/46RR49ASX0AfsbmN4AG97FMfloNV/W0lsSlp B1B/QpHR0xoAXotbMCccC9mZFD7XPfn3xy5311Ib3WxfJzeacfZnY/D38/uuYJZnuQqi YKIe4ZgyrkaNb67h4z0rPjDRS3y96DUEw5OydWtqX8WFPY8NIb3GkJo1qYceEPj5PRzd 62s4Uoj9Mqz5x3FgoTahE6M6kmIEBkvVrGfyaryCDNb9NL7Cn0wq9FCuJFiX5SyPD2mq DxTn60+Z/Dln5NMOaC2U9hjwxSgOApCgX4G97FGK8bYhzaAxI308qEPubfKy9T9yUlde Ks+Q== X-Gm-Message-State: AOJu0YwjLstT666Qau2XGAreNOlrT1uxvZV70q+oRQqxp2BH4XJ70nYj 78DO2CRrX//NZGgyGM9q82KJKvtBNWP8XUVcKcOaTy6ljHrrMb6e4cwfYIc76Sp6S2kqrJhR2gR K X-Received: by 2002:a05:600c:1986:b0:412:64ea:8f5a with SMTP id t6-20020a05600c198600b0041264ea8f5amr6104526wmq.34.1709557307339; Mon, 04 Mar 2024 05:01:47 -0800 (PST) Received: from gerrit.openvpn.in (ec2-18-159-0-78.eu-central-1.compute.amazonaws.com. [18.159.0.78]) by smtp.gmail.com with ESMTPSA id ay12-20020a05600c1e0c00b00412e9162f19sm286344wmb.20.2024.03.04.05.01.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Mar 2024 05:01:47 -0800 (PST) From: "flichtenheld (Code Review)" X-Google-Original-From: "flichtenheld (Code Review)" X-Gerrit-PatchSet: 1 Date: Mon, 4 Mar 2024 13:01:46 +0000 To: plaisthos Auto-Submitted: auto-generated X-Gerrit-MessageType: newchange X-Gerrit-Change-Id: I199541fea5a76c8edef7f67d2dbfc476987dc2f7 X-Gerrit-Change-Number: 531 X-Gerrit-Project: openvpn X-Gerrit-ChangeURL: X-Gerrit-Commit: 35718fc74d5be61c1cc6adb5648fd5cec8692250 References: Message-ID: <2465160f2a0789112d5a63306fb087c2b875ffb7-HTML@gerrit.openvpn.net> MIME-Version: 1.0 User-Agent: Gerrit/3.8.2 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Attention is currently required from: plaisthos. Hello plaisthos, I'd like you to do a code review. Please visit Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.128.42 listed in list.dnswl.org] -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.128.42 listed in wl.mailspike.net] 0.0 WEIRD_PORT URI: Uses non-standard port number for HTTP 0.0 HTML_MESSAGE BODY: HTML included in message 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted Colors in HTML -0.0 T_SCC_BODY_TEXT_LINE No description available. X-Headers-End: 1rh7x2-0002BY-Pl Subject: [Openvpn-devel] [M] Change in openvpn[master]: samples: Remove tls-*.conf X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: frank@lichtenheld.com, arne-openvpn@rfc2549.org, openvpn-devel@lists.sourceforge.net Cc: openvpn-devel Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1792600816440361940?= X-GMAIL-MSGID: =?utf-8?q?1792600816440361940?= X-getmail-filter-classifier: gerrit message type newchange Attention is currently required from: plaisthos. Hello plaisthos, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/531?usp=email to review the following change. Change subject: samples: Remove tls-*.conf ...................................................................... samples: Remove tls-*.conf These are mostly redundant with client/server.conf Let's try to manage to maintain one set of sample configurations before we branch out further. Change-Id: I199541fea5a76c8edef7f67d2dbfc476987dc2f7 Signed-off-by: Frank Lichtenheld --- D sample/sample-config-files/home.up D sample/sample-config-files/office.up D sample/sample-config-files/tls-home.conf D sample/sample-config-files/tls-office.conf 4 files changed, 0 insertions(+), 173 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/31/531/1 diff --git a/sample/sample-config-files/home.up b/sample/sample-config-files/home.up deleted file mode 100755 index 9c347cc..0000000 --- a/sample/sample-config-files/home.up +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/sh -route add -net 10.0.0.0 netmask 255.255.255.0 gw $5 diff --git a/sample/sample-config-files/office.up b/sample/sample-config-files/office.up deleted file mode 100755 index 74a71a3..0000000 --- a/sample/sample-config-files/office.up +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/sh -route add -net 10.0.1.0 netmask 255.255.255.0 gw $5 diff --git a/sample/sample-config-files/tls-home.conf b/sample/sample-config-files/tls-home.conf deleted file mode 100644 index ff19d50..0000000 --- a/sample/sample-config-files/tls-home.conf +++ /dev/null @@ -1,83 +0,0 @@ -# -# Sample OpenVPN configuration file for -# home using SSL/TLS mode and RSA certificates/keys. -# -# '#' or ';' may be used to delimit comments. - -# Use a dynamic tun device. For non-Linux OSes, you may want to use an -# explicit unit number such as "tun1". -# OpenVPN also supports virtual ethernet "tap" devices. -dev tun - -# Our OpenVPN peer is the office gateway. -remote 1.2.3.4 - -# 10.1.0.2 is our local VPN endpoint (home). -# 10.1.0.1 is our remote VPN endpoint (office). -ifconfig 10.1.0.2 10.1.0.1 - -# Our up script will establish routes -# once the VPN is alive. -up ./home.up - -# In SSL/TLS key exchange, Office will -# assume server role and Home -# will assume client role. -tls-client - -# Certificate Authority file -ca my-ca.crt - -# Our certificate/public key -cert home.crt - -# Our private key -key home.key - -# Our data channel cipher (must match peer config) -cipher AES-256-GCM - -# OpenVPN 2.0 uses UDP port 1194 by default -# (official port assignment by iana.org 11/04). -# OpenVPN 1.x uses UDP port 5000 by default. -# Each OpenVPN tunnel must use -# a different port number. -# lport or rport can be used -# to denote different ports -# for local and remote. -; port 1194 - -# Downgrade UID and GID to an -# unpriviledged user after initialization -# for extra security. -; user openvpn -; group openvpn - -# If you built OpenVPN with -# LZO compression, uncomment -# out the following line. -; comp-lzo - -# Send a UDP ping to remote once -# every 15 seconds to keep -# stateful firewall connection -# alive. Uncomment this -# out if you are using a stateful -# firewall. -; ping 15 - -# Uncomment this section for a more reliable detection when a system -# loses its connection. For example, dial-ups or laptops that -# travel to other locations. -; ping 15 -; ping-restart 45 -; ping-timer-rem -; persist-tun -; persist-key - -# Verbosity level. -# 0 -- quiet except for fatal errors. -# 1 -- mostly quiet, but display non-fatal network errors. -# 3 -- medium output, good for normal operation. -# 9 -- verbose, good for troubleshooting -verb 3 diff --git a/sample/sample-config-files/tls-office.conf b/sample/sample-config-files/tls-office.conf deleted file mode 100644 index 152e58a..0000000 --- a/sample/sample-config-files/tls-office.conf +++ /dev/null @@ -1,86 +0,0 @@ -# -# Sample OpenVPN configuration file for -# office using SSL/TLS mode and RSA certificates/keys. -# -# '#' or ';' may be used to delimit comments. - -# Use a dynamic tun device. -# For Linux 2.2 or non-Linux OSes, -# you may want to use an explicit -# unit number such as "tun1". -# OpenVPN also supports virtual -# ethernet "tap" devices. -dev tun - -# 10.1.0.1 is our local VPN endpoint (office). -# 10.1.0.2 is our remote VPN endpoint (home). -ifconfig 10.1.0.1 10.1.0.2 - -# Our up script will establish routes -# once the VPN is alive. -up ./office.up - -# In SSL/TLS key exchange, Office will -# assume server role and Home -# will assume client role. -tls-server - -# Diffie-Hellman Parameters (tls-server only) -dh dh2048.pem - -# Certificate Authority file -ca my-ca.crt - -# Our certificate/public key -cert office.crt - -# Our private key -key office.key - -# Our data channel cipher (must match peer config) -cipher AES-256-GCM - -# OpenVPN 2.0 uses UDP port 1194 by default -# (official port assignment by iana.org 11/04). -# OpenVPN 1.x uses UDP port 5000 by default. -# Each OpenVPN tunnel must use -# a different port number. -# lport or rport can be used -# to denote different ports -# for local and remote. -; port 1194 - -# Downgrade UID and GID to an -# unpriviledged user after initialization -# for extra security. -; user openvpn -; group openvpn - -# If you built OpenVPN with -# LZO compression, uncomment -# out the following line. -; comp-lzo - -# Send a UDP ping to remote once -# every 15 seconds to keep -# stateful firewall connection -# alive. Uncomment this -# out if you are using a stateful -# firewall. -; ping 15 - -# Uncomment this section for a more reliable detection when a system -# loses its connection. For example, dial-ups or laptops that -# travel to other locations. -; ping 15 -; ping-restart 45 -; ping-timer-rem -; persist-tun -; persist-key - -# Verbosity level. -# 0 -- quiet except for fatal errors. -# 1 -- mostly quiet, but display non-fatal network errors. -# 3 -- medium output, good for normal operation. -# 9 -- verbose, good for troubleshooting -verb 3