Commit Graph

39 Commits (577d982b51670f7f68d6dad9d0bf08f8a01879ba)

Author SHA1 Message Date
Selva Nair 0e76e4b544 Option to disable attaching to persistent connections
Three options are provided to control scanning of persistent
(pre-satrted) connections in config-auto folder, and how they
are attached to.

Auto: Scan and list persistent connections and attach to their
      management i/f automatically at startup, and periodically
      retry on failure to attach.
Manual: Scan and list as above, but do not attach automatically.
      User can attach to such connections by manually clicking
      connect.
Never: Do not scan config-auto folder.

Default is "Auto"

Change of this setting in the settings menu will take full effect
only if none of the connections are in connecting/connected/detached
state so that the connection list can be updated. Otherwise
restart the GUI.

TODO: Copying the settings dialog changes to all languages

Signed-off-by: Selva Nair <selva.nair@gmail.com>
2022-08-08 10:11:25 -04:00
Selva Nair 477c61ff83 Parse config-auto directory for persistent connections
- Parse the config-auto folder used by automatic service
  and mark these profiles as persistent.

- These connections are marked as auto_connect to try
attaching to them at start up with periodic retry in
case the daemon or service are restarted.

Signed-off-by: Selva Nair <selva.nair@gmail.com>
2022-08-08 10:11:25 -04:00
Selva Nair 8f0dbbc8a3 Always check status of automatic service
- Remove service-only mode (start/stop service) which has not been in
  use since we moved to running the GUI as limited user.
  Also its not very useful as it does not allow any control of
  service-started daemons

- Keep CheckServiceStatus and always check the status of
automatic service.

The status of the service will be used to toggle supporting
control of persistent connections started by the service.

Signed-off-by: Selva Nair <selva.nair@gmail.com>
2022-08-08 10:11:25 -04:00
Lev Stipakov d60325acde Support for OpenVPN 3
This adds optional support for using OpenVPN3 client
as an alternative to openvpn2.

Just replacing one client with another will not work:

 - OpenVPN3 doesn't use interactive service, it uses
"agent" service with completely different protocol. OpenVPN GUI
needs to talk to agent using HTTP and JSON.

 - OpenVPN3 management interface realtime notifications must be
explicitly turned on in order for GUI to work.

To enable using openvpn3:

 - use any of *-ovpn3 presets (cmake build system)

 - ./configure --enable-ovpn3 (mingw)

To switch betweet openvpn2 and openvpn3, see "OpenVPN Engine"
radiobutton group in Settings -> Advanced dialog.

OnReady() implementation was slighly changed - "log all on"
replaced with "log on all" - according to management interface
documentation this is the right way to do it, and also OpenVPN3
only supports "on all" order.

Management interface - enabled OpenVPN3 client (omiclient.exe) and
agent (ovpnagent.exe) are now part of openvpn3 repo.

Co-authored-by: Christopher Ng <facboy@gmail.com>
Signed-off-by: Christopher Ng <facboy@gmail.com>
Signed-off-by: Lev Stipakov <lev@openvpn.net>
2022-06-15 10:32:36 -04:00
Selva Nair 24b9d06957 Update OpenSSL initialization
- Set env variables such as OPENSSL_CONF and OPENSSL_MODULES
- Replace deprecated initialization (since OpenSSL 1.1.0)
  by OpenSSL_init_crypto()

Signed-off-by: Selva Nair <selva.nair@gmail.com>
2022-02-10 09:30:05 -05:00
Selva Nair 56ee704501 Use C standrad compliant printf specifications
%S --> %hs in wide format strings, %ls otherwise
%s --> %ls in wide format strings, unchanged otherwise
%c --> %lc in wide format strings

Resource files together have about 970 lines affected and
were edited by looping through all with
sed -i 's/%S/%hs/g' $file
sed -i 's/%s/%ls/g' $file
All other files were manually changed (about 85 lines).

Recent versions of mingw-w64 implicitly turns on __USE_MINGW_ANSI_STDIO
if _GNU_SOURCE, _XOPEN_SOURCE etc are defined (which we do usei).

This breaks non-standard spec such as %S. Anyway, we have been
gradually getting rid of those.

MSVC builds should not be affected.

v2: multiple occurrences in same line was missed in v1 (/g missing in
sed expression). Fixed.

Signed-off-by: Selva Nair <selva.nair@gmail.com>
2021-11-03 16:20:17 -04:00
Selva Nair f098f2fee4 Make 'management port offset' and 'menu view' user-configurable
- Add an option in the advanced settings menu for
the management port offset. Allows any value in the
range 1 to 61000 which with upto ~4000 added as connection
id keeps it in range.

Default is the currently hard coded value of 25340.

As Windows has no concept of privileged ports and the ephemeral
range used varies from version to version, no attempt is made to
avoid conflicts with ports in use.

- Add an option to choose the config menu view from the
advanced settings with three options:

Auto:   Automatically switch to the nested view when
        number of configs exceed a limit (currently 25)
Flat:   Force the flat view irrespective of the number of
        configs
Nested: Force the nested view irrespective of the number
        of configs

Issues: 370 and 387

Signed-off-by: Selva Nair <selva.nair@gmail.com>
2021-02-24 09:26:05 +02:00
Selva Nair 482bf586df Persist echo msg history in registry
- Echo msg history saved to registry on disconnect and loaded on
  reconnect.
- Muting of repeated messages now work across GUI restarts.

Signed-off-by: Selva Nair <selva.nair@gmail.com>
2021-01-07 23:29:02 -05:00
Selva Nair 82e17b239e Mute echo message if repeated or disabled
- Suppress messages with exactly same content as previously
  displayed within popup_mute_interval (24h by default). This parameter
  may be set on command line as "--popup_mute_interval n" where n is
  in hours.

- Command line option '--disable_popup_messages' disables all echo
  message popups (window and notification).

This patch only handles suppression of repeated messages during
reconnections.
TODO: Persist message history in the registry and use it to mute
repeated messages after disconnects and across restarts of the GUI.

Signed-off-by: Selva Nair <selva.nair@gmail.com>
2021-01-07 23:29:02 -05:00
Lev Stipakov 1715746477 Introduce "Always use interactive service" option
We didn't use interactive service when gui was running
under admin because of some privilege escalation vulnerability in Vista.

Apparently this issue doesn't exist on Win7 and newer versions so
it is safe to use iservice on those systems.

Introduce "Always use interactive service" option,
which is "on" by default. This should enable users,
who by various reasons run gui as admin, use Wintun.

When gui is running as admin and interactive service
cannot be started or not installed, warn that wintun will not work.

Signed-off-by: Lev Stipakov <lev@openvpn.net>
2020-09-18 00:03:03 -04:00
Selva Nair dd7234534b Fix ReadRegValue when data read from a registry key is of zero length
Also if install_path read from registry is an empty string, illegal
memory access may result. Fix by using the default value in this
case as well.

Signed-off-by: Selva Nair <selva.nair@gmail.com>
2020-02-27 11:20:50 -05:00
Selva Nair a9898d3819 Add a registry key for choosing config menu view
Add a new registry key (DWORD): config_menu_vew
   possible values:  0 (auto), 1 (flat), 2 (nested).

Default value is 0 which renders nested menu if the number of
configs is > 50, else displays the current flat view. To force
the flat menu view set it to 1. A value of 2 forces the nested
view even if there are only a few configs.

A new command line option "--config_menu_view n" does the same.
Command line options take precedence over any value set in the
registry.

Signed-off-by: Selva Nair <selva.nair@gmail.com>
2019-02-11 11:51:23 -05:00
Selva Nair 2f5084d47e Set a fall back for editor if file association fails
- When registry keys were simplified, the log viewer and editor
  entries were removed in favour of file associations that the
  user can independently control.

  Yet, there are times when an associated application fails to start
  or no associations are present etc., and its useful to have a fall
  back editor setting to open config and log files.
  This patch sets that default as "notepad.exe"

- Also remove the unused profile_dir[] in registry.c
  and have add a default for Windows directory

Signed-off-by: Selva Nair <selva.nair@gmail.com>
2018-04-23 15:49:10 +03:00
Selva Nair daef688990 Add a default for openvpnpath
Allow the GUI to run without any registry keys present:
the location of openvpn installation defaults to
C:\Program Files\OpenVPN if not found in registry.

Useful for testing builds or to display --help etc.

See also: PR #147

Signed-off-by: Selva Nair <selva.nair@gmail.com>
2017-12-03 13:57:33 -05:00
Selva Nair 3513fb9220 Close registry keys after use
- Open registry key HKCU was not closed in some code paths
- Also fix incorrect return value checks in GetRegistryKeys() and
  SetRegistryVersion()

Signed-off-by: Selva Nair <selva.nair@gmail.com>
2017-05-12 09:49:59 -04:00
Selva Nair 778cc3d225 Add a system-wide option to disable the password save feature
- A new registry HKLM\Software\OpenVPN\disable_save_passwords
  (32 bit DWORD value) may be set to a non-zero value to
  disable password saving by users. Applies to both auth and
  private key passwords. Usernames are always saved.

Signed-off-by: Selva Nair <selva.nair@gmail.com>
2017-03-07 11:49:03 -05:00
Selva Nair 5a47986ccb Make options saved in registry editable by user
Option ediitng dialogs are in two tabs: General and Advanced.
Proxy related options are left in the proxy tab. Options
config_dir, config_ext, log_dir, script timeouts and
service-only flag are in the Advanced tab. All other more commonly
used flags and options are in the General tab.

- As options are editable, save values in registry only when they differ
  from the default values. This leaves the registry clean and makes changing
  options and their defaults during updates easier.

- Entries for config_dir and log_dir must be absolute paths.
  Environemental variables such as %PROFILEDIR% may be used
  to construct these.

- Empty config_dir, config_ext and log_dir entries are silently
  ignored (i.e., the current values are left unchanged).

- Store all numeric and boolean parameters in registry as DWORD instead of
  strings.

- On startup, the default parameters are loaded, then the registry is read
  and finally command-line parameters parsedi.

- Out of range script timeout values in registry truncated with a
  warning instead of fatal error. This allows the user to access the
  settings dialog and make corrections.

- Save proxy and language settings under the same
  HKCU\Software\OpenVPN-GUI key as other options instead of under Nilings.

- Save the current version of the GUI in regsitry so that updates
  can be detected and any needed registry cleanup done.

- If no version info is present in the registry any values in OpenVPN-GUI
  key in HKCU are deleted for a clean start as this is the first version
  to save registry values in HKCU. Language and proxy data if present
  under Nilings is migrated.

Note: new controls in the General tab and newly added Advanced tab dialog
are copied to all language files from the English version. These need to
be translated.

Signed-off-by: Selva Nair <selva.nair@gmail.com>
2016-08-06 11:46:15 -04:00
Selva Nair 964d728a42 Use file associations to open config and log
- Use ShellExecute to open config and log files so that
  file associations can be used. If that fails fall-back to
  the default editor (notepad.exe).
- Remove the keys editor and log_viewer from registry.
  The user can change the editor/viewer through fie association.

Signed-off-by: Selva Nair <selva.nair@gmail.com>
2016-08-06 11:46:15 -04:00
Selva Nair 1c748e382d Simplify some parameters and registry keys
- Replace allow_password by a runtime check that enables password
  change menu only when the user has write-access to the key file.
- Read exe_path and priority from HKLM and do not duplicate in HKCU.
- Always allow the user to view the config: edit will succeed if user
  has write access.
- Always include the proxy settings tab which is the default.
- Remove the unused power event handling and disconnect_on_suspend key.
- Remove password_attempts -- user can stop the password dilaog
  by clicking cancel.
- Remove allow_service: implicitly enabled if service_only is used.
- Deprecate removed options in cmd-line parser
- Update README.rst
- Close config file before exit in GetKeyFileName
- Close thread and dialog handles in passphrase.c

Signed-off-by: Selva Nair <selva.nair@gmail.com>
2016-08-06 11:46:15 -04:00
Selva Nair 3ce7466b20 Create connection keys inside configs and only if needed
Signed-off-by: Selva Nair <selva.nair@gmail.com>
2016-07-12 21:49:43 -04:00
Selva Nair 5880fdcd02 Save username and optionally passwords
- Username and, optionally, password as well as the private
  key passphrase are saved in config-specific registry keys
- All saved data are kept encrypted using DPAPI
- The passphrase dialog is skipped if a valid saved private
  key password is available. However, the user-auth dialog
  is always presented, prefilled with the saved username
  and password.

Note: A text string "Save password" is added to three dialogs
in all language resource files. Additional text with ids
IDS_MENU_CLEARPASS and IDS_NFO_DELETE_PASS are added to the
STRINGTABLE only in the English language resource file.
All these need translations.

Signed-off-by: Selva Nair <selva.nair@gmail.com>
2016-05-29 19:35:30 -04:00
Samuli Seppänen 72818bbf8e Merge pull request #33 from selvanair/bugfix
Some small bug fixes
2016-04-12 17:07:12 +03:00
Selva Nair ef9a195406 Ensure strings read from registry are null terminated
Signed-off-by: Selva Nair <selva.nair@gmail.com>
2016-03-30 21:15:12 -04:00
Selva Nair 43d0ef3a5a Handle interactive service policy restrictions
When a connection is attempted using a config in a location
that would fail, offer an option to add the user to the "OpenVPN
Administrators" group. This is done using shell-execute which will
show a UAC prompt for elevation. If it fails (due to user chooses
NO or the UAC dialog fails) the connection is not started.

v2 Changes
 - Rebase to master
 - Automaticlaly add the admin group if it doesn't exist
 - Allow unicode strings in debug output
 - Use domain\username to identify user
 - Fix the PrintDebug macro

Minor changes based on user feedback
 - Bring the window back to foreground after UAC prompt completion
 - Show a message if another connection is tried during authorization
 - Do not add user to ovpn_admin_group if it is same as the built-in admin group

Signed-off-by: Selva Nair <selva.nair@gmail.com>
2016-03-13 20:23:20 -04:00
Selva Nair 77538dd0d0 Support user and global config directories
- Set default config directory (config_dir) to %UserProfile%\OpenVPN\config
  (saved and read back from HKCU\Software\OpenVPN-GUI\config_dir)

- Add a global_config_dir variable read from HKLM\Software\OpenVPN\config_dir
  or set to OpenVPN-install-path\config

- Scan both directories and their sub directories for connection profiles.
  In case of name conflicts config_dir gets priority over global_config_dir

- Eliminate multiple warnings of duplicate configs

Fixed on review (Thanks to leobasilio@gmail.com)

- Fix wrongly used o.config_dir in 2 locations
- Unrelated: Added missing  CheckIServiceStatus to service.h

Signed-off-by: Selva Nair <selva.nair@gmail.com>
2016-03-01 15:50:02 -05:00
Selva Nair 09334e71a0 Fix the path of notepad.exe
Signed-off-by: Selva Nair <selva.nair@gmail.com>
2016-02-15 11:09:45 -05:00
Selva Nair 4437ce7a8c Change default log file location to a OpenVPN/log in user's profile directory
Change the default log file location to OpenVPN/log in user's profile directory
to support running without admin privileges using the interactive service.
The registry keys are moved to HKCU from HKLM to allow for user-specific
settings as well as to avoid the need for running the GUI as admin at the
first instance.

Signed-off-by: Selva Nair <selva.nair@gmail.com>
2016-02-15 11:09:45 -05:00
Selva Nair 2bb1726764 Do not disconnect on suspend
Openvpn no longer terminates but restarts on suspend. This conflicts with
the stop/restart logic in the gui during windows power state change events.
This patch changes the default behaviour so that SIGTERM is not triggered
during windows suspend.

Signed-off-by: Selva Nair <selva.nair@gmail.com>
2015-11-17 23:38:17 -05:00
Heiko Hund f420d7dcbb use CRT's _countof instead of proprietary _tsizeof 2012-03-29 17:40:34 +02:00
Alon Bar-Lev c9eb68c77f use automake in build
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Edited to not use libtool and implicit automake rule to build resource object
2012-03-28 10:59:44 +00:00
Heiko Hund a6e6d88115 refactor option handling code 2010-04-09 06:18:58 +02:00
Heiko Hund 61cb987f4d make it work when compiled as unicode 2010-03-21 10:07:14 +01:00
Heiko Hund 6939cb8792 replace GUI_* with PACKAGE_* macros 2010-03-11 22:58:45 +01:00
Heiko Hund 9959072150 use TCHARs in preparation for unicode support 2009-02-09 17:48:21 +00:00
Heiko Hund 5783d7da94 cleaned up resource IDs 2009-02-04 15:54:37 +00:00
Heiko Hund 66280bca2c added function to get/set registry DWORD values 2009-02-02 15:45:43 +00:00
Heiko Hund d646c7fc8c fixed compiler warnings 2009-01-19 12:28:26 +00:00
Heiko Hund 3d4aaeb5a4 switched to use of localization functions 2009-01-18 20:59:52 +00:00
Heiko Hund fd9e4ae6db import of openvpn-gui-1.0.3.zip
git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
2008-12-18 11:08:35 +00:00