From patchwork Wed May 28 19:11:20 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4269 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:ea43:b0:667:60b:5921 with SMTP id ou3csp904755mab; Wed, 28 May 2025 12:11:51 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCUXmWp6wUQWR7YwXAsebTRod12FDi08Ec7QYssYT3BsU+1SWbSPaR4xYfWLuAUnG0ukIIzzNB5m1/w=@openvpn.net X-Google-Smtp-Source: AGHT+IE4lbTa0kUfM1bdzaCTDXOi9LpGuaTvXlYmZWQbVwzzZYxFjwcqaKCK1hp6R9gAGO9LYZQB X-Received: by 2002:a05:6e02:3086:b0:3dc:8bb8:28a1 with SMTP id e9e14a558f8ab-3dc9b75b68fmr159320115ab.14.1748459511166; Wed, 28 May 2025 12:11:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1748459511; cv=none; d=google.com; s=arc-20240605; b=G3heNl2CmSvhIff0jqDCAOBey5fBpqoOMRHDYLIa/R0DwLZhyFfdRQQnLD1IWBj38p ZLFyB2/muaHLrC7VkvoWTPYnxwEXuq14x+hgAAWpR5RSiQfpMr5py2wLBiKpqstjiI7J QjsfwT2YvO5t50qhc6qWFjc3RTP6IJ9FPtmsgK2jT/fVhI0Ni0u+DwFffxec6MCiNNpK vicaSa8kPtB4iuxil80gDRbatZt7wtgfNk5iJy1u1+sOwzT8aRmxJpy8qtf6N/yorY6l ITRu8DdC1O8bwFsJXuiAFjgD8BP65EpP4He0Ev+E51J9QlgQa/FApVSh/QlyXjn5ditk yUvA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=iSW7EmSW1uf3vfP+Y8vG+igQ6vLR+14NcjUJAq7IlTg=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=eT2Ao3EumUJwWpvPska72Lf6gC7ld2Z+q2iXDH/fJjFgQiaLUQjyXLGVgWZO8gm7Nt sedcguuHdt1G2V4VOGIeWjkQdrnsc8e22rXYaNcf0urSjvAAnRZOGT484LltSGtr15yU 5b4bpQAbqfg0OmcwtQIxSY5YEevN6OJ3C4zpQZJrfK08TZaKZKtnh1EMZ7S8xPKdX+0q FGspqoW1TWq9t16U/afNA/qIIBd6Pvw5XP8NA7YYuf+NnSKJvLFYwkQMA9O6RhZPN2BI qt6ujPdDAkzIWp35/sGtKKrivDJuxyh2k2qEY9vNwQTNTlvoEjDY1Ei5q3hFLQFCoot/ WepQ==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=I23KtxDx; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=URgVD5z2; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b="Pi/jqkKO"; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id e9e14a558f8ab-3dd8bfbc9b3si26225965ab.48.2025.05.28.12.11.51 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 28 May 2025 12:11:51 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=I23KtxDx; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=URgVD5z2; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b="Pi/jqkKO"; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=iSW7EmSW1uf3vfP+Y8vG+igQ6vLR+14NcjUJAq7IlTg=; b=I23KtxDxeKiiEoAnD/pq0Cx5bU heT9BAgVVK4aySJoqhQuC76QxbttNzguqfFNSmRldmMLlhslvgdzAQrQX+V4VPPzjzs2MyHtFvtiL jmE+tWxtfkfoe4VCFqKh4y64OlddnIsB5u/u4FB8B5xAxBAabrb7eNcMvQ4oxJfL+CJ4=; Received: from [127.0.0.1] (helo=sfs-ml-3.v29.lw.sourceforge.com) by sfs-ml-3.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1uKMBo-0006hg-SG; Wed, 28 May 2025 19:11:48 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-3.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1uKMBf-0006hB-CD for openvpn-devel@lists.sourceforge.net; Wed, 28 May 2025 19:11:39 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=Nfz99JuJ/mYLXgEPctL1C2ukJ3z6TXNNe6RyPAaKkk4=; b=URgVD5z2Xktsc+aLAPmmVYXIUS ms8FCU4NXRtnA+qMySvK8DR/vRm8mufg/0xkCu2jUlKB0DxM2recKA+VM9M/9WRul+llQZfCPaaFE 9OX77rssCHAe1A4+4XYPpFt2/E07l5myCVNX7sAJydSDfywS2VbBxB4lsxncdLREPExk=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=Nfz99JuJ/mYLXgEPctL1C2ukJ3z6TXNNe6RyPAaKkk4=; b=Pi/jqkKOMPltZoS8oiAniNIJii Rh1wQdEED+CEWj/y3jGVoohdTbGGAygJ1WKR85VQaskbw8HN+8uio+Hop+5AoiNpvNDtXi42jvWsz IncOoH3yBvgRYzfAEuzS2v/oQKz3B/NphumTN6/kihXBkX5Smex69gdRqcE88/8X3LW0=; Received: from [193.149.48.143] (helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1uKMBa-0005T3-6i for openvpn-devel@lists.sourceforge.net; Wed, 28 May 2025 19:11:36 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.17.1.9/8.17.1.9) with ESMTP id 54SJBRp7025724 for ; Wed, 28 May 2025 21:11:27 +0200 Received: (from gert@localhost) by blue.greenie.muc.de (8.17.1.9/8.17.1.9/Submit) id 54SJBRR6025723 for openvpn-devel@lists.sourceforge.net; Wed, 28 May 2025 21:11:27 +0200 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Wed, 28 May 2025 21:11:20 +0200 Message-ID: <20250528191126.25707-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.49.0 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 1.7 (+) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Frank Lichtenheld We have an official solution for this now. Change-Id: Ic30f8514b50f561e7ea8f1ce12d740ac53f202e5 Signed-off-by: Frank Lichtenheld Acked-by: Gert Doering --- Content analysis details: (1.7 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: openvpn.net] 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [193.149.48.143 listed in bl.score.senderscore.com] 0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [193.149.48.143 listed in sa-accredit.habeas.com] 0.4 NO_DNS_FOR_FROM DNS: Envelope sender has no MX or A DNS records 0.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail) [SPF failed: Rejected by SPF record] 0.0 SPF_NONE SPF: sender does not publish an SPF Record 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS X-Headers-End: 1uKMBa-0005T3-6i Subject: [Openvpn-devel] [PATCH v1] Remove contrib/pull-resolv-conf X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1833392680448424022?= X-GMAIL-MSGID: =?utf-8?q?1833392680448424022?= From: Frank Lichtenheld We have an official solution for this now. Change-Id: Ic30f8514b50f561e7ea8f1ce12d740ac53f202e5 Signed-off-by: Frank Lichtenheld Acked-by: Gert Doering --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1034 This mail reflects revision 1 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering diff --git a/contrib/pull-resolv-conf/client.down b/contrib/pull-resolv-conf/client.down deleted file mode 100644 index 0cbb476..0000000 --- a/contrib/pull-resolv-conf/client.down +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/sh - -# Copyright (c) 2005-2018 OpenVPN Inc -# Licensed under the GPL version 2 - -# First version by Jesse Adelman -# someone at boldandbusted dink com -# http://www.boldandbusted.com/ - -# PURPOSE: This script automatically removes the /etc/resolv.conf entries previously -# set by the companion script "client.up". - -# INSTALL NOTES: -# Place this in /etc/openvpn/client.down -# Then, add the following to your /etc/openvpn/.conf: -# client -# up /etc/openvpn/client.up -# down /etc/openvpn/client.down -# Next, "chmod a+x /etc/openvpn/client.down" - -# USAGE NOTES: -# Note that this script is best served with the companion "client.up" -# script. - -# Tested under Debian lenny with OpenVPN 2.1_rc11 -# It should work with any UNIX with a POSIX sh, /etc/resolv.conf or resolvconf - -# This runs with the context of the OpenVPN UID/GID -# at the time of execution. This generally means that -# the client "up" script will run fine, but the "down" script -# will require the use of the OpenVPN "down-root" plugin -# which is in the plugins/ directory of the OpenVPN source tree -# The config example above would have to be changed to: -# client -# up /etc/openvpn/client.up -# plugin openvpn-plugin-down-root.so "/etc/openvpn/client.down" - -# A horrid work around, from a security perspective, -# is to run OpenVPN as root. THIS IS NOT RECOMMENDED. You have -# been WARNED. -PATH=/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin - -if type resolvconf >/dev/null 2>&1; then - resolvconf -d "${dev}" -f -elif [ -e /etc/resolv.conf.ovpnsave ] ; then - # cp + rm rather than mv in case it's a symlink - cp /etc/resolv.conf.ovpnsave /etc/resolv.conf - rm -f /etc/resolv.conf.ovpnsave -fi - -exit 0 diff --git a/contrib/pull-resolv-conf/client.up b/contrib/pull-resolv-conf/client.up deleted file mode 100644 index 220aeb7..0000000 --- a/contrib/pull-resolv-conf/client.up +++ /dev/null @@ -1,104 +0,0 @@ -#!/bin/sh - -# Copyright (c) 2005-2018 OpenVPN Inc -# Licensed under the GPL version 2 - -# First version by Jesse Adelman -# someone at boldandbusted dink com -# http://www.boldandbusted.com/ - -# PURPOSE: This script automatically sets the proper /etc/resolv.conf entries -# as pulled down from an OpenVPN server. - -# INSTALL NOTES: -# Place this in /etc/openvpn/client.up -# Then, add the following to your /etc/openvpn/.conf: -# client -# up /etc/openvpn/client.up -# Next, "chmod a+x /etc/openvpn/client.up" - -# USAGE NOTES: -# Note that this script is best served with the companion "client.down" -# script. - -# Tested under Debian lenny with OpenVPN 2.1_rc11 -# It should work with any UNIX with a POSIX sh, /etc/resolv.conf or resolvconf - -# This runs with the context of the OpenVPN UID/GID -# at the time of execution. This generally means that -# the client "up" script will run fine, but the "down" script -# will require the use of the OpenVPN "down-root" plugin -# which is in the plugins/ directory of the OpenVPN source tree - -# A horrid work around, from a security perspective, -# is to run OpenVPN as root. THIS IS NOT RECOMMENDED. You have -# been WARNED. -PATH=/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin - -# init variables - -i=1 -domains= -fopt= -ndoms=0 -nns=0 -nl=' -' - -# $foreign_option_ is something like -# "dhcp-option DOMAIN example.com" (multiple allowed) -# or -# "dhcp-option DNS 10.10.10.10" (multiple allowed) - -# each DNS option becomes a "nameserver" option in resolv.conf -# if we get one DOMAIN, that becomes "domain" in resolv.conf -# if we get multiple DOMAINS, those become "search" lines in resolv.conf -# if we get no DOMAINS, then don't use either domain or search. - -while true; do - eval fopt=\$foreign_option_${i} - [ -z "${fopt}" ] && break - - case ${fopt} in - dhcp-option\ DOMAIN\ *) - ndoms=$((ndoms + 1)) - domains="${domains} ${fopt#dhcp-option DOMAIN }" - ;; - dhcp-option\ DNS\ *) - nns=$((nns + 1)) - if [ $nns -le 3 ]; then - dns="${dns}${dns:+$nl}nameserver ${fopt#dhcp-option DNS }" - else - printf "%s\n" "Too many nameservers - ignoring after third" >&2 - fi - ;; - *) - printf "%s\n" "Unknown option \"${fopt}\" - ignored" >&2 - ;; - esac - i=$((i + 1)) -done - -ds="" -if [ $ndoms -eq 1 ]; then - ds="${nl}domain" -elif [ $ndoms -gt 1 ]; then - ds="${nl}search" -fi - -# This is the complete file - "$domains" has a leading space already -out="# resolv.conf autogenerated by ${0} (${dev})${nl}${dns}${ds}${domains}" - -# use resolvconf if it's available -if type resolvconf >/dev/null 2>&1; then - printf "%s\n" "${out}" | resolvconf -a "${dev}" -else - # Preserve the existing resolv.conf - if [ -e /etc/resolv.conf ] ; then - cp /etc/resolv.conf /etc/resolv.conf.ovpnsave - fi - printf "%s\n" "${out}" > /etc/resolv.conf - chmod 644 /etc/resolv.conf -fi - -exit 0