Since version 11.30, we scan config-auto folder and show them
in the menu of available connection profiles. To reduce user-confusion,
always group these configs under a submenu ("Persistent Connections")
even when nested config menu view is not in use.
ActivateConfigGroups() is now always called as Persistent and
System profile groups can now go from empty to non-empty
on rescan.
When nested config menu view is enabled, "persistent", "system"
and "user" configs are always shown in separate groups.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Create the parent groups for persistent and system profiles
in advance so that these always appear at the top when nested
config menu view is active.
Also, while rescanning with active connections present, newly
found configs in global config and auto-config folders are added
to their own parent groups instead of to the root groups.
No user-visible changes unless nested config menu view is enabled.
In that case, "Persistent Connections" followed by "System Profiles"
will always appear first in the connections list.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
PR 418 introduced repeatedly trying to connect to the
management interface on timeout. User can exit out of this loop
by "disconnect", but for this to work an explict
call to OnStop() is required. Normally OnStop() is triggered
by management disconnect which won't happen if not connected
in the first place.
Also call OnStop() on all iservice errors instead of waiting for
management timeout which may never happen.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
_wfopen requires ccs=<encoding> to support writing of
non-ascii text. This was missed in the initial commit.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- Download link was outdated.
- Link to docs on configuration pointed to the main page of OpenVPN Inc.
which is hardly helpful -- point to the configuration section of the
HOW TO instead.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- Add a function to check flow direction of currently selected
UI language
- Add MB_RIGHT|MB_RTLREADING to message boxes when language is RTL
Note: though we use MessageBoxEx() for popups, and pass langId to it,
buttons like OK/Cancel are not automatically localized. It seems these
get localized based on the current locale, not the langID passed in.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
In bidirectional text, neutral characters like parentheses
and slashes can get interpreted as RTL when not surrounded by
strong LTR characters. This leads to wrong formatting like
"<Copyright <foo@example.com" instead of "Copyright <foo@example.com>"
Workaround by adding explicit right-to-left embedding marker (U+202a).
(Ref: https://www.unicode.org/reports/tr9/)
For trailing slash in URLs, they are just omitted when not really
required.
Some other minor edits:
- Do not translate "OpenVPN Technologies Inc."
- SOCKES --> SOCKS
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- Remove description about run-as-admin that is out-dated.
Simply state that the GUI is supposed to be run as a limited user.
- Document persistent connections support in the GUI.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
In case of persistent connections, openvpn.exe is still running
after a disconnect, and another user can restart it without needing
credentials using cached passwords. Avoid this by sending
"forget-passwords" to the management interface before disconnect.
Only persistent connections are affected.
In openvpn.exe versions >= 2.5.8, this will also clear cached
auth_token, if present.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Also remove related variables from configure.ac
as those are unused since we updated resources to be
MSVC compliant.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
CheckServiceStatus() return value is never used - the status
is set to global options_t struct.
While on it, remove unneccessary "false" argument
and reformat the code.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
- ShellExecute with runas is used to elevate
- This Option is hidden if PLAP dll is not found in the
install_path bin folder
- Depends on the presence of openvpn-plap-install.reg
and openvpn-plap-uninstall.reg in the install-path bin
folder.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Connection profiles shown on the login screen using PLAP
requires automatic service that starts openvpn.exe
processes for these profiles.
This commit adds an attempt to start the service from
PLAP dll. The service is started only if any PLAP enabled
profiles are found.
As starting the service can spawn up OpenVPN.exe processes and
the GUI may attach to them, auto-connect in the GUI is
suspended during session lock to leave the connections free to
be controlled from PLAP screen.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
If '--management' option cannot be parsed in the config file of a
persistent profile (due to missing option, unreadable password etc.),
connecting it from the GUI menu fails.
In such cases show an error message instead of silently failing.
The message is shown only during manual connect attempts,
not during auto-connect or resume.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- instantiate OpenVPN PLAP provider which will enumerate configs
in config-auto directory.
- Attempt to connect each config found one after the other
The test program is deliberately written in C++ as that's how most
Windows programs (and likely, LogonUI.exe) may use the COM object.
Note that duplicate configs are ignored, so ensure that config
files in config-auto are not "shadowed" by identical named one's
in user's profile or in global config folder.
Additional notes:
The test program is not linked to the plap dll.
Instead it finds the module using CoGetClassObject,
so the plap dll must be registered in the system.
It also tests dynamically loading the dll from
C:\Program Files\OpenVPN\bin\libopenvpn_plap.dll
which should succeed even if the registration is not
proper.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
This header has been recently added to mingw-w64 on our
request. Until its available in released versions,
wget it from mingw-w64's github repo.
Only affects autotools-based builds -- MSVC builds will pick the
native header.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- Dialog windows of connections can popup at any time due to
restarts not in user's control. Avoid this by marking current
current profile being connected, and intercepting dialogs for
other profiles.
This is implemented by hooking into management callbacks such as
OnPassword, OnNeedOk etc.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- COM interfaces for ICredentialProvider and
IConnectableCredentialProviderCredential combined
with a trimmed down user-interface implemented as
libopenvpn_plap.dll
- Connections autostarted by OpenVPNService are enumerated
as possible PLAP connections. The user is expected to leave
these in management hold so that "connect" will popup any
required user dialogs.
To use:
- Register the dll as a PLAP provider (see included .reg files)
- The enumerated connections will show up as tiles in the PLAP
screen of the login desktop (secure desktop).
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- Early state change from the main thread makes it synchronous and
thus easier to wait on the connection to complete when started
programmatically.
Made use of in Connect() in the PLAP implementation that follows.
Does not affect on the current mode of operation.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- Proper parenting is required for PLAP and cannot
hurt in general. The parent window in GUI mode
is the main window. In PLAP it will be the handle
obtained from LogonUI.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
OpenVPN3 doesn't yet support "state"
management command without parameters.
While this has to be fixed on OpenVPN3
side, it doesn't mean that gui could simply crash.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Frank Lichtenheld