When retrying connect() on management socket, log a message.
Especially useful when waiting for a persistent daemon to
come up after an unexpected exit or service disconnect.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
This allows a new user to attach to the mgmt i/f of
persistent connections which would be otherwise blocked
by the previously logged in user.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Useful for releasing the management interface if the user wants to
connect to it by other means.
Detached connections are set to state = detached (no disconnected)
and auto_connect disabled, so that they could be handled properly
during a re-attach.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Three options are provided to control scanning of persistent
(pre-satrted) connections in config-auto folder, and how they
are attached to.
Auto: Scan and list persistent connections and attach to their
management i/f automatically at startup, and periodically
retry on failure to attach.
Manual: Scan and list as above, but do not attach automatically.
User can attach to such connections by manually clicking
connect.
Never: Do not scan config-auto folder.
Default is "Auto"
Change of this setting in the settings menu will take full effect
only if none of the connections are in connecting/connected/detached
state so that the connection list can be updated. Otherwise
restart the GUI.
TODO: Copying the settings dialog changes to all languages
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Distinguish between management socket connected and
ready for interaction with the server. The former can
happen even if the server is connected to another client
and thus non-responsive.
Use manage.connected = 1 in place of true when connected
and = 2 when handshake with server completed and ready for
input.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
With persistent connections, we may not have the password
or may have a wrong password. Handle such cases while
connecting to the management interface.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- Parse the management interface address and password
from the config file
- Hide the status Window by default for persistent
connections --- their startup is automated and may
distract the user otherwise. The user can use the
menu to review status when required.
- Seed srand() using threadId instead of time. Although we
use rand() only for cosmetics, the latter is almost
never unique among threads when multiple connections can
get started in a succession with this patch set.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- This will be used for reading the management i/f
parameters for externally started (persistent) openpvn.exe
TODO: replace the parsing of config file in passphrase.c
using this.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- Parse the config-auto folder used by automatic service
and mark these profiles as persistent.
- These connections are marked as auto_connect to try
attaching to them at start up with periodic retry in
case the daemon or service are restarted.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- Remove service-only mode (start/stop service) which has not been in
use since we moved to running the GUI as limited user.
Also its not very useful as it does not allow any control of
service-started daemons
- Keep CheckServiceStatus and always check the status of
automatic service.
The status of the service will be used to toggle supporting
control of persistent connections started by the service.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Persistent connections have openvpn.exe daemon started
external to the GUI (e.g., by the automatic service).
This patch adds support for attaching to the management
i/f of such daemons from the GUI and control the connection.
The GUI never stops or starts the openvpn.exe process in this
case. Instead, connect and disconnect buttons signal the
management interface of a running openvpn.exe process to start
the tunnel by attaching to mgmt i/f and sending hold-release if
needed or stop it and wait in management-hold state
(see DisconnectDaemon()).
When the GUI process exits, persistent connections are left in their
current state using DetachOpenVPN().
No connections are marked as persistent as yet. That is done
in a following commit.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- Split starting the status thread and launch of the
daemon process (openvpn.exe) into separate functions.
This is useful for implementing control of persistent connections
where the daemon is launched externally: e.g., by the
automatic service.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
enable hardware-enforced stack protection on
compatible hardware/software (/CETCOMPAT linker option)
enable QSpectre protection
enable Control Flow Guard
issues were found by Microsoft BinSkim
Add support for selecting pkcs11-id from the GUI.
Requires --management-pkcs11-id in the config file.
This option is not added by the GUI.
A list of all available pkcs11 certificates are presented to the
user with buttons OK, Cancel, Retry. OK submits the selected
entry, Cancel closes the connection, Retry reconstructs the
list of certificates by querying the daemon again. The latter
can be used to retry after inserting a token.
If no certificates are found, a message suggesting to insert
a token and press 'Retry' is displayed.
The list shows the "Issued-to", "Issued-by" names
(usually the subject & issuer common names) and valid-until
date in current locale for each certificate.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Bind a socket and then close to identify
a free port and use it when starting openvpn.exe.
Try port = offset + config-index is first, matching
the current usage, and fallback to a dynamic port if
the former fails.
Trac: #1051
Signed-off-by: Selva Nair <selva.nair@gmail.com>
In some cases the service may take a while to startup openvpn.exe,
causing connection to the management interface to timeout. This could
leave behind the OpenVPN process if/when it eventually starts up.
(Trac 905, 1050).
As errors in starting up the OpenVPN daemon are independently
handled, its better to keep retrying the management interface connection
until aborted due to errors or by the user.
- On timeout, log a message on the status window and retry the
management interface connection
- Eliminate the timed-out state that is no longer used
- Call StopOpenVPN() before abort so that OpenVPN daemon
is not left running in case it starts up later.
- In the unlikely event that OpenManagement() fails, show an error
- User can abort by pressing disconnect
A "retrying.." message is logged on to the status window every
15 seconds.
See Trac: #905, #1050
Signed-off-by: Selva Nair <selva.nair@gmail.com>
This extended style makes the window topmost in z-order.
We currently set this for the user-auth and private-key
passphrase dialogs, but useful for any dialog that may popup
without user interaction.
(Eg., challenge response during a server-initiated restart
or reneg).
Trac: #1465
Signed-off-by: Selva Nair <selva.nair@gmail.com>
This adds optional support for using OpenVPN3 client
as an alternative to openvpn2.
Just replacing one client with another will not work:
- OpenVPN3 doesn't use interactive service, it uses
"agent" service with completely different protocol. OpenVPN GUI
needs to talk to agent using HTTP and JSON.
- OpenVPN3 management interface realtime notifications must be
explicitly turned on in order for GUI to work.
To enable using openvpn3:
- use any of *-ovpn3 presets (cmake build system)
- ./configure --enable-ovpn3 (mingw)
To switch betweet openvpn2 and openvpn3, see "OpenVPN Engine"
radiobutton group in Settings -> Advanced dialog.
OnReady() implementation was slighly changed - "log all on"
replaced with "log on all" - according to management interface
documentation this is the right way to do it, and also OpenVPN3
only supports "on all" order.
Management interface - enabled OpenVPN3 client (omiclient.exe) and
agent (ovpnagent.exe) are now part of openvpn3 repo.
Co-authored-by: Christopher Ng <facboy@gmail.com>
Signed-off-by: Christopher Ng <facboy@gmail.com>
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Ninja makes build slightly faster but requires running
"x64" developer command prompt, not the "default" one.
Without that, cmake silenly produces x86 binaries and it might
take a while to find out the reason. To avoid confusion, switch back
to MSVC generator.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Manifest is a convenient way to automatically
install dependencies. Since we have to support
both OpenSSL 1.1.1 (for OpenVPN 2.5) and OpenSSL 3
(for coming OpenVPN 2.6) and manifest file name
is hardcoded, we create two manifests and put them
into different directories.
To simplify build process, define configuration presets
for arch (x86/x64/arm64), debug/release and oss1.1.1/ossl3.
This way building is greatly simplified:
cmake -S . --preset x64-debug-ossl3
cmake --build --preset x64-debug-ossl3
Update GitHub Actions script accordingly.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Escape the username string before passing to management
interface. For other dialogs this is already done.
Move string-escape to a function and process the username
through it.
Also escape space, single quote in addition to double quote
and backslash.
Reported by: Jakob Curdes <jc@info-systems.de>
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- Support legacy algorithms while decrypting keys by loading
legacy provider unless default pros has fips enabled.
- Use the recommended PKCS8 format and AES-256-CBC cipher when
encrypting PEM keys.
For PKCS12, OpenSSL's default is used which is PBKDF2 with
AES-256-CBC in OpenSSL 3.0
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- Set env variables such as OPENSSL_CONF and OPENSSL_MODULES
- Replace deprecated initialization (since OpenSSL 1.1.0)
by OpenSSL_init_crypto()
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- remove vcpkg manifest and use whatever openssl
version is installed. To build with openssl3, one could
use openssl3 port from openvpn/contrib/vcpkg-ports.
- build with openssl1.1.1 and openssl3 in GitHub Actions
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Replace old wcstok signature with security-enhanced
version, which stores position information between calls in
"context" parameter instead of internal per-thread context.
This allows to get rid of _CRT_NON_CONFORMING_WCSTOK
define in CMakeLists.txt
Reported-by: Kai Schtrom
Signed-off-by: Lev Stipakov <lev@openvpn.net>
* Provide more space for challenge dialog text
We do use a re-sizeable dialog box for dynamic challenge-response
to cater for potentially long lines of challenge text. But the
space specified for the widget is enough for only a single short line
(~60 characters) of text.
Increase the horizontal and vertical space to allow for up to
two lines of ~120 characters per line.
The default size of the Window is not changed. But it is
automatically resized if the space required for the text
is longer than the window width minus some margin. The max
horizontal size of the window is capped at 640 nominal pixels
as longer text will be wrapped in to two lines.
Github issue #468
Signed-off-by: Selva Nair <selva.nair@gmail.com>
The user is prompted with a message showing the config
name that will be imported. The user can accept or cancel
the operation.
If the user was already prompted for over-write permission
because a config with the same name exists, no further dialog
is shown.
Import using the menu (Import File...) is not affected.
Rationale:
We want to set "Import" as the default verb for the context
menu of .ovpn files. This will allow import of configs by
double-click. Also when .ovpn file is downloaded using a browser,
setting the default bowser action to "open" will result in an import.
In such cases a silent import action could be surprising, and a
prompt showing what is being imported could provide a better UX.
On the flip-side, the prompt/dialog will also be shown when import
is done from the context menu of .ovpn by "right click and
choose import" or when "openvpn-gui.exe --import foo"
or "openvpn-gui.exe --command import foo" is executed. As import
is an action that does not result in an immediately visible result
(unlike, say, edit or print), a prompt requiring user action is of
some value even in these cases. At worst it's a minor annoyance.
See also: https://github.com/OpenVPN/openvpn-build/pull/227
and discussions there-in
Signed-off-by: Selva Nair <selva.nair@gmail.com>
When we link with natively-built OpenSSL .DLLs
(not cross compiled with MinGW), we are expected to include
applink.c, which provides glue between OpenSSL BIO layer
and compiler run-time. This doesn't apply to ARM64.
Failure to do that results in "no OPENSSL_Applink" fatal error
during password change.
See the corresponding fix in openvpn2:
https://sourceforge.net/p/openvpn/mailman/message/37361982/
Signed-off-by: Lev Stipakov <lev@openvpn.net>
When clicking on tray icon, menu items are deleted and then recreated.
Deletion uses o.num_config:
for (i = 0; i < o.num_configs; i++)
DestroyMenu(hMenuConn[i]);
Commit 8e4183f9 ("Add '--command import' command line option")
added BuildFileList() call which modifies o.num_configs
but doesn't touch menus. When clicking on tray icon after import,
abovementioned code attemps to access invalid item in hMenuConn array
and crashes when this is the first imported profile and hMenuConn is NULL.
In other DestryMenu is called with invalid argument.
Fix by recreating popup menus instead of just rescan file list -
this will first delete menus with correct o.num_config value.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
If the http header "Content-Disposition:" is present take the
filename specified in there as the name of the imported profile,
falling back to scanning the file contents for metadata.
If both filename= and filename*= attributes are present, the
latter takes precedence provided the character set is utf-8.
(Extended attributes as defined in RFC 5987).
In case of import from AS, the behaviour is unchanaged.
Issue: #450.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Less intrusive than a message box that user has
to close. Also the imported filename stub is now
included in the message.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
%S --> %hs in wide format strings, %ls otherwise
%s --> %ls in wide format strings, unchanged otherwise
%c --> %lc in wide format strings
Resource files together have about 970 lines affected and
were edited by looping through all with
sed -i 's/%S/%hs/g' $file
sed -i 's/%s/%ls/g' $file
All other files were manually changed (about 85 lines).
Recent versions of mingw-w64 implicitly turns on __USE_MINGW_ANSI_STDIO
if _GNU_SOURCE, _XOPEN_SOURCE etc are defined (which we do usei).
This breaks non-standard spec such as %S. Anyway, we have been
gradually getting rid of those.
MSVC builds should not be affected.
v2: multiple occurrences in same line was missed in v1 (/g missing in
sed expression). Fixed.
Signed-off-by: Selva Nair <selva.nair@gmail.com>