#!/bin/sh
# update-copyright-sh - Simple tool to update the Copyright lines
# in all files checked into git
#
# Copyright (C) 2016-2022 OpenVPN Inc <sales@openvpn.net>
# Copyright (C) 2016-2022 David Sommerseth <davids@openvpn.net>
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
# Basic shell sanity
set -eu
# Simple argument control
if [ $# -ne 1 ]; then
echo "Usage: $0 <New Copyright Year>"
exit 1
fi
# Only update Copyright lines with these owners
# The 'or' operator is GNU sed specific, and must be \|
UPDATE_COPYRIGHT_LINES="@openvpn\.net\|@fox-it\.com\|@sophos.com\|@eurephia\.org\|@greenie\.muc\.de\|@rozman.si\|@unstable\.cc\|@rfc2549.org\|@karger\.me\|selva.nair@"
COPY_YEAR="$1"
cd "$(git rev-parse --show-toplevel)"
for file in $(git ls-files | grep -v vendor/);
do
echo -n "Updating $file ..."
# The first sed operation covers 20xx-20yy copyright lines,
# The second sed operation changes 20xx -> 20xx-20yy
sed -e "/$UPDATE_COPYRIGHT_LINES/s/\(Copyright (C) 20..-\)\(20..\)[[:blank:]]\+/\1$COPY_YEAR /" \
-e "/$UPDATE_COPYRIGHT_LINES/s/\(Copyright (C) \)\(20..\)[[:blank:]]\+/\1\2-$COPY_YEAR /" \
-i $file
echo " Done"
done
echo
echo "** All files updated with $COPY_YEAR as the ending copyright year"
echo
exit 0
...@@ -5,7 +5,7 @@ ...@@ -5,7 +5,7 @@
# packet encryption, packet authentication, and # packet encryption, packet authentication, and
# packet compression. # packet compression.
# #
# Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net> # Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
# Copyright (C) 2006-2012 Alon Bar-Lev <alon.barlev@gmail.com> # Copyright (C) 2006-2012 Alon Bar-Lev <alon.barlev@gmail.com>
# #
......
# Makefile.in generated by automake 1.16.1 from Makefile.am.
# @configure_input@
# Copyright (C) 1994-2018 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE.
@SET_MAKE@
#
# OpenVPN -- An application to securely tunnel IP networks
# over a single UDP port, with support for SSL/TLS-based
# session authentication and key exchange,
# packet encryption, packet authentication, and
# packet compression.
#
# Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
# Copyright (C) 2006-2012 Alon Bar-Lev <alon.barlev@gmail.com>
#
VPATH = @srcdir@
am__is_gnu_make = { \
if test -z '$(MAKELEVEL)'; then \
false; \
elif test -n '$(MAKE_HOST)'; then \
true; \
elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
true; \
else \
false; \
fi; \
}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
*) echo "am__make_running_with_option: internal error: invalid" \
"target option '$${target_option-}' specified" >&2; \
exit 1;; \
esac; \
has_opt=no; \
sane_makeflags=$$MAKEFLAGS; \
if $(am__is_gnu_make); then \
sane_makeflags=$$MFLAGS; \
else \
case $$MAKEFLAGS in \
*\\[\ \ ]*) \
bs=\\; \
sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
| sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
esac; \
fi; \
skip_next=no; \
strip_trailopt () \
{ \
flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
}; \
for flg in $$sane_makeflags; do \
test $$skip_next = yes && { skip_next=no; continue; }; \
case $$flg in \
*=*|--*) continue;; \
-*I) strip_trailopt 'I'; skip_next=yes;; \
-*I?*) strip_trailopt 'I';; \
-*O) strip_trailopt 'O'; skip_next=yes;; \
-*O?*) strip_trailopt 'O';; \
-*l) strip_trailopt 'l'; skip_next=yes;; \
-*l?*) strip_trailopt 'l';; \
-[dEDm]) skip_next=yes;; \
-[JT]) skip_next=yes;; \
esac; \
case $$flg in \
*$$target_option*) has_opt=yes; break;; \
esac; \
done; \
test $$has_opt = yes
am__make_dryrun = (target_option=n; $(am__make_running_with_option))
am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
pkgdatadir = $(datadir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
pkglibexecdir = $(libexecdir)/@PACKAGE@
am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
install_sh_DATA = $(install_sh) -c -m 644
install_sh_PROGRAM = $(install_sh) -c
install_sh_SCRIPT = $(install_sh) -c
INSTALL_HEADER = $(INSTALL_DATA)
transform = $(program_transform_name)
NORMAL_INSTALL = :
PRE_INSTALL = :
POST_INSTALL = :
NORMAL_UNINSTALL = :
PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = distro
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/ax_emptyarray.m4 \
$(top_srcdir)/m4/ax_socklen_t.m4 \
$(top_srcdir)/m4/ax_varargs.m4 $(top_srcdir)/m4/libtool.m4 \
$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
$(top_srcdir)/m4/pkg.m4 $(top_srcdir)/version.m4 \
$(top_srcdir)/compat.m4 $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h \
$(top_builddir)/include/openvpn-plugin.h
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
AM_V_P = $(am__v_P_@AM_V@)
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
am__v_P_0 = false
am__v_P_1 = :
AM_V_GEN = $(am__v_GEN_@AM_V@)
am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
am__v_GEN_0 = @echo " GEN " $@;
am__v_GEN_1 =
AM_V_at = $(am__v_at_@AM_V@)
am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
am__v_at_0 = @
am__v_at_1 =
SOURCES =
DIST_SOURCES =
RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \
ctags-recursive dvi-recursive html-recursive info-recursive \
install-data-recursive install-dvi-recursive \
install-exec-recursive install-html-recursive \
install-info-recursive install-pdf-recursive \
install-ps-recursive install-recursive installcheck-recursive \
installdirs-recursive pdf-recursive ps-recursive \
tags-recursive uninstall-recursive
am__can_run_installinfo = \
case $$AM_UPDATE_INFO_DIR in \
n|no|NO) false;; \
*) (install-info --version) >/dev/null 2>&1;; \
esac
RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \
distclean-recursive maintainer-clean-recursive
am__recursive_targets = \
$(RECURSIVE_TARGETS) \
$(RECURSIVE_CLEAN_TARGETS) \
$(am__extra_recursive_targets)
AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \
distdir distdir-am
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
# Read a list of newline-separated strings from the standard input,
# and print each of them once, without duplicates. Input order is
# *not* preserved.
am__uniquify_input = $(AWK) '\
BEGIN { nonempty = 0; } \
{ items[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in items) print i; }; } \
'
# Make sure the list of sources is unique. This is necessary because,
# e.g., the same source file might be shared among _SOURCES variables
# for different programs/libraries.
am__define_uniq_tagged_files = \
list='$(am__tagged_files)'; \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
DIST_SUBDIRS = $(SUBDIRS)
am__DIST_COMMON = $(srcdir)/Makefile.in
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
am__relativize = \
dir0=`pwd`; \
sed_first='s,^\([^/]*\)/.*$$,\1,'; \
sed_rest='s,^[^/]*/*,,'; \
sed_last='s,^.*/\([^/]*\)$$,\1,'; \
sed_butlast='s,/*[^/]*$$,,'; \
while test -n "$$dir1"; do \
first=`echo "$$dir1" | sed -e "$$sed_first"`; \
if test "$$first" != "."; then \
if test "$$first" = ".."; then \
dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \
dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \
else \
first2=`echo "$$dir2" | sed -e "$$sed_first"`; \
if test "$$first2" = "$$first"; then \
dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \
else \
dir2="../$$dir2"; \
fi; \
dir0="$$dir0"/"$$first"; \
fi; \
fi; \
dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \
done; \
reldir="$$dir2"
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
AS = @AS@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
CMAKE = @CMAKE@
CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
DLLTOOL = @DLLTOOL@
DL_LIBS = @DL_LIBS@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GIT = @GIT@
GREP = @GREP@
IFCONFIG = @IFCONFIG@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
IPROUTE = @IPROUTE@
LD = @LD@
LDFLAGS = @LDFLAGS@
LIBOBJS = @LIBOBJS@
LIBPAM_CFLAGS = @LIBPAM_CFLAGS@
LIBPAM_LIBS = @LIBPAM_LIBS@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
LZ4_CFLAGS = @LZ4_CFLAGS@
LZ4_LIBS = @LZ4_LIBS@
LZO_CFLAGS = @LZO_CFLAGS@
LZO_LIBS = @LZO_LIBS@
MAKEINFO = @MAKEINFO@
MAN2HTML = @MAN2HTML@
MANIFEST_TOOL = @MANIFEST_TOOL@
MBEDTLS_CFLAGS = @MBEDTLS_CFLAGS@
MBEDTLS_LIBS = @MBEDTLS_LIBS@
MKDIR_P = @MKDIR_P@
NETSTAT = @NETSTAT@
NM = @NM@
NMEDIT = @NMEDIT@
OBJDUMP = @OBJDUMP@
OBJEXT = @OBJEXT@
OPENSSL_CFLAGS = @OPENSSL_CFLAGS@
OPENSSL_LIBS = @OPENSSL_LIBS@
OPENVPN_VERSION_MAJOR = @OPENVPN_VERSION_MAJOR@
OPENVPN_VERSION_MINOR = @OPENVPN_VERSION_MINOR@
OPENVPN_VERSION_PATCH = @OPENVPN_VERSION_PATCH@
OPTIONAL_CRYPTO_CFLAGS = @OPTIONAL_CRYPTO_CFLAGS@
OPTIONAL_CRYPTO_LIBS = @OPTIONAL_CRYPTO_LIBS@
OPTIONAL_DL_LIBS = @OPTIONAL_DL_LIBS@
OPTIONAL_INOTIFY_CFLAGS = @OPTIONAL_INOTIFY_CFLAGS@
OPTIONAL_INOTIFY_LIBS = @OPTIONAL_INOTIFY_LIBS@
OPTIONAL_LZ4_CFLAGS = @OPTIONAL_LZ4_CFLAGS@
OPTIONAL_LZ4_LIBS = @OPTIONAL_LZ4_LIBS@
OPTIONAL_LZO_CFLAGS = @OPTIONAL_LZO_CFLAGS@
OPTIONAL_LZO_LIBS = @OPTIONAL_LZO_LIBS@
OPTIONAL_PKCS11_HELPER_CFLAGS = @OPTIONAL_PKCS11_HELPER_CFLAGS@
OPTIONAL_PKCS11_HELPER_LIBS = @OPTIONAL_PKCS11_HELPER_LIBS@
OPTIONAL_SELINUX_LIBS = @OPTIONAL_SELINUX_LIBS@
OPTIONAL_SYSTEMD_LIBS = @OPTIONAL_SYSTEMD_LIBS@
OTOOL = @OTOOL@
OTOOL64 = @OTOOL64@
P11KIT_CFLAGS = @P11KIT_CFLAGS@
P11KIT_LIBS = @P11KIT_LIBS@
PACKAGE = @PACKAGE@
PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
PACKAGE_NAME = @PACKAGE_NAME@
PACKAGE_STRING = @PACKAGE_STRING@
PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_URL = @PACKAGE_URL@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PKCS11_HELPER_CFLAGS = @PKCS11_HELPER_CFLAGS@
PKCS11_HELPER_LIBS = @PKCS11_HELPER_LIBS@
PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PLUGINDIR = @PLUGINDIR@
PLUGIN_AUTH_PAM_CFLAGS = @PLUGIN_AUTH_PAM_CFLAGS@
PLUGIN_AUTH_PAM_LIBS = @PLUGIN_AUTH_PAM_LIBS@
RANLIB = @RANLIB@
RC = @RC@
ROUTE = @ROUTE@
SED = @SED@
SELINUX_LIBS = @SELINUX_LIBS@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
SOCKETS_LIBS = @SOCKETS_LIBS@
STRIP = @STRIP@
SYSTEMD_ASK_PASSWORD = @SYSTEMD_ASK_PASSWORD@
SYSTEMD_UNIT_DIR = @SYSTEMD_UNIT_DIR@
TAP_CFLAGS = @TAP_CFLAGS@
TAP_WIN_COMPONENT_ID = @TAP_WIN_COMPONENT_ID@
TAP_WIN_MIN_MAJOR = @TAP_WIN_MIN_MAJOR@
TAP_WIN_MIN_MINOR = @TAP_WIN_MIN_MINOR@
TEST_CFLAGS = @TEST_CFLAGS@
TEST_LDFLAGS = @TEST_LDFLAGS@
TMPFILES_DIR = @TMPFILES_DIR@
VERSION = @VERSION@
abs_builddir = @abs_builddir@
abs_srcdir = @abs_srcdir@
abs_top_builddir = @abs_top_builddir@
abs_top_srcdir = @abs_top_srcdir@
ac_ct_AR = @ac_ct_AR@
ac_ct_CC = @ac_ct_CC@
ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
am__include = @am__include@
am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
datadir = @datadir@
datarootdir = @datarootdir@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
libdir = @libdir@
libexecdir = @libexecdir@
libsystemd_CFLAGS = @libsystemd_CFLAGS@
libsystemd_LIBS = @libsystemd_LIBS@
localedir = @localedir@
localstatedir = @localstatedir@
mandir = @mandir@
mkdir_p = @mkdir_p@
oldincludedir = @oldincludedir@
pdfdir = @pdfdir@
plugindir = @plugindir@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
sampledir = @sampledir@
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
sysconfdir = @sysconfdir@
systemdunitdir = @systemdunitdir@
target_alias = @target_alias@
tmpfilesdir = @tmpfilesdir@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
MAINTAINERCLEANFILES = \
$(srcdir)/Makefile.in
SUBDIRS = systemd
all: all-recursive
.SUFFIXES:
$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
*$$dep*) \
( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
&& { if test -f $@; then exit 0; else break; fi; }; \
exit 1;; \
esac; \
done; \
echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign distro/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --foreign distro/Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
*) \
echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(top_srcdir)/configure: $(am__configure_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
mostlyclean-libtool:
-rm -f *.lo
clean-libtool:
-rm -rf .libs _libs
# This directory's subdirectories are mostly independent; you can cd
# into them and run 'make' without going through this Makefile.
# To change the values of 'make' variables: instead of editing Makefiles,
# (1) if the variable is set in 'config.status', edit 'config.status'
# (which will cause the Makefiles to be regenerated when you run 'make');
# (2) otherwise, pass the desired values on the 'make' command line.
$(am__recursive_targets):
@fail=; \
if $(am__make_keepgoing); then \
failcom='fail=yes'; \
else \
failcom='exit 1'; \
fi; \
dot_seen=no; \
target=`echo $@ | sed s/-recursive//`; \
case "$@" in \
distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
*) list='$(SUBDIRS)' ;; \
esac; \
for subdir in $$list; do \
echo "Making $$target in $$subdir"; \
if test "$$subdir" = "."; then \
dot_seen=yes; \
local_target="$$target-am"; \
else \
local_target="$$target"; \
fi; \
($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
|| eval $$failcom; \
done; \
if test "$$dot_seen" = "no"; then \
$(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
fi; test -z "$$fail"
ID: $(am__tagged_files)
$(am__define_uniq_tagged_files); mkid -fID $$unique
tags: tags-recursive
TAGS: tags
tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
set x; \
here=`pwd`; \
if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
include_option=--etags-include; \
empty_fix=.; \
else \
include_option=--include; \
empty_fix=; \
fi; \
list='$(SUBDIRS)'; for subdir in $$list; do \
if test "$$subdir" = .; then :; else \
test ! -f $$subdir/TAGS || \
set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \
fi; \
done; \
$(am__define_uniq_tagged_files); \
shift; \
if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
test -n "$$unique" || unique=$$empty_fix; \
if test $$# -gt 0; then \
$(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
"$$@" $$unique; \
else \
$(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
$$unique; \
fi; \
fi
ctags: ctags-recursive
CTAGS: ctags
ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
$(am__define_uniq_tagged_files); \
test -z "$(CTAGS_ARGS)$$unique" \
|| $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
$$unique
GTAGS:
here=`$(am__cd) $(top_builddir) && pwd` \
&& $(am__cd) $(top_srcdir) \
&& gtags -i $(GTAGS_ARGS) "$$here"
cscopelist: cscopelist-recursive
cscopelist-am: $(am__tagged_files)
list='$(am__tagged_files)'; \
case "$(srcdir)" in \
[\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
*) sdir=$(subdir)/$(srcdir) ;; \
esac; \
for i in $$list; do \
if test -f "$$i"; then \
echo "$(subdir)/$$i"; \
else \
echo "$$sdir/$$i"; \
fi; \
done >> $(top_builddir)/cscope.files
distclean-tags:
-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
distdir: $(BUILT_SOURCES)
$(MAKE) $(AM_MAKEFLAGS) distdir-am
distdir-am: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
dist_files=`for file in $$list; do echo $$file; done | \
sed -e "s|^$$srcdirstrip/||;t" \
-e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
case $$dist_files in \
*/*) $(MKDIR_P) `echo "$$dist_files" | \
sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
sort -u` ;; \
esac; \
for file in $$dist_files; do \
if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
if test -d $$d/$$file; then \
dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
if test -d "$(distdir)/$$file"; then \
find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
fi; \
if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
fi; \
cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
else \
test -f "$(distdir)/$$file" \
|| cp -p $$d/$$file "$(distdir)/$$file" \
|| exit 1; \
fi; \
done
@list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
if test "$$subdir" = .; then :; else \
$(am__make_dryrun) \
|| test -d "$(distdir)/$$subdir" \
|| $(MKDIR_P) "$(distdir)/$$subdir" \
|| exit 1; \
dir1=$$subdir; dir2="$(distdir)/$$subdir"; \
$(am__relativize); \
new_distdir=$$reldir; \
dir1=$$subdir; dir2="$(top_distdir)"; \
$(am__relativize); \
new_top_distdir=$$reldir; \
echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \
echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \
($(am__cd) $$subdir && \
$(MAKE) $(AM_MAKEFLAGS) \
top_distdir="$$new_top_distdir" \
distdir="$$new_distdir" \
am__remove_distdir=: \
am__skip_length_check=: \
am__skip_mode_fix=: \
distdir) \
|| exit 1; \
fi; \
done
check-am: all-am
check: check-recursive
all-am: Makefile
installdirs: installdirs-recursive
installdirs-am:
install: install-recursive
install-exec: install-exec-recursive
install-data: install-data-recursive
uninstall: uninstall-recursive
install-am: all-am
@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
installcheck: installcheck-recursive
install-strip:
if test -z '$(STRIP)'; then \
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
install; \
else \
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
"INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
fi
mostlyclean-generic:
clean-generic:
distclean-generic:
-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@echo "it deletes files that may require special tools to rebuild."
-test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES)
clean: clean-recursive
clean-am: clean-generic clean-libtool mostlyclean-am
distclean: distclean-recursive
-rm -f Makefile
distclean-am: clean-am distclean-generic distclean-tags
dvi: dvi-recursive
dvi-am:
html: html-recursive
html-am:
info: info-recursive
info-am:
install-data-am:
install-dvi: install-dvi-recursive
install-dvi-am:
install-exec-am:
install-html: install-html-recursive
install-html-am:
install-info: install-info-recursive
install-info-am:
install-man:
install-pdf: install-pdf-recursive
install-pdf-am:
install-ps: install-ps-recursive
install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-recursive
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
mostlyclean: mostlyclean-recursive
mostlyclean-am: mostlyclean-generic mostlyclean-libtool
pdf: pdf-recursive
pdf-am:
ps: ps-recursive
ps-am:
uninstall-am:
.MAKE: $(am__recursive_targets) install-am install-strip
.PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am check \
check-am clean clean-generic clean-libtool cscopelist-am ctags \
ctags-am distclean distclean-generic distclean-libtool \
distclean-tags distdir dvi dvi-am html html-am info info-am \
install install-am install-data install-data-am install-dvi \
install-dvi-am install-exec install-exec-am install-html \
install-html-am install-info install-info-am install-man \
install-pdf install-pdf-am install-ps install-ps-am \
install-strip installcheck installcheck-am installdirs \
installdirs-am maintainer-clean maintainer-clean-generic \
mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \
ps ps-am tags tags-am uninstall uninstall-am
.PRECIOUS: Makefile
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:
...@@ -5,7 +5,7 @@ ...@@ -5,7 +5,7 @@
# packet encryption, packet authentication, and # packet encryption, packet authentication, and
# packet compression. # packet compression.
# #
# Copyright (C) 2017-2018 OpenVPN Inc <sales@openvpn.net> # Copyright (C) 2017-2022 OpenVPN Inc <sales@openvpn.net>
# #
%.service: %.service.in Makefile %.service: %.service.in Makefile
......
# Makefile.in generated by automake 1.16.1 from Makefile.am.
# @configure_input@
# Copyright (C) 1994-2018 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE.
@SET_MAKE@
#
# OpenVPN -- An application to securely tunnel IP networks
# over a single UDP port, with support for SSL/TLS-based
# session authentication and key exchange,
# packet encryption, packet authentication, and
# packet compression.
#
# Copyright (C) 2017-2018 OpenVPN Inc <sales@openvpn.net>
#
VPATH = @srcdir@
am__is_gnu_make = { \
if test -z '$(MAKELEVEL)'; then \
false; \
elif test -n '$(MAKE_HOST)'; then \
true; \
elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
true; \
else \
false; \
fi; \
}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
*) echo "am__make_running_with_option: internal error: invalid" \
"target option '$${target_option-}' specified" >&2; \
exit 1;; \
esac; \
has_opt=no; \
sane_makeflags=$$MAKEFLAGS; \
if $(am__is_gnu_make); then \
sane_makeflags=$$MFLAGS; \
else \
case $$MAKEFLAGS in \
*\\[\ \ ]*) \
bs=\\; \
sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
| sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
esac; \
fi; \
skip_next=no; \
strip_trailopt () \
{ \
flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
}; \
for flg in $$sane_makeflags; do \
test $$skip_next = yes && { skip_next=no; continue; }; \
case $$flg in \
*=*|--*) continue;; \
-*I) strip_trailopt 'I'; skip_next=yes;; \
-*I?*) strip_trailopt 'I';; \
-*O) strip_trailopt 'O'; skip_next=yes;; \
-*O?*) strip_trailopt 'O';; \
-*l) strip_trailopt 'l'; skip_next=yes;; \
-*l?*) strip_trailopt 'l';; \
-[dEDm]) skip_next=yes;; \
-[JT]) skip_next=yes;; \
esac; \
case $$flg in \
*$$target_option*) has_opt=yes; break;; \
esac; \
done; \
test $$has_opt = yes
am__make_dryrun = (target_option=n; $(am__make_running_with_option))
am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
pkgdatadir = $(datadir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
pkglibexecdir = $(libexecdir)/@PACKAGE@
am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
install_sh_DATA = $(install_sh) -c -m 644
install_sh_PROGRAM = $(install_sh) -c
install_sh_SCRIPT = $(install_sh) -c
INSTALL_HEADER = $(INSTALL_DATA)
transform = $(program_transform_name)
NORMAL_INSTALL = :
PRE_INSTALL = :
POST_INSTALL = :
NORMAL_UNINSTALL = :
PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = distro/systemd
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/ax_emptyarray.m4 \
$(top_srcdir)/m4/ax_socklen_t.m4 \
$(top_srcdir)/m4/ax_varargs.m4 $(top_srcdir)/m4/libtool.m4 \
$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
$(top_srcdir)/m4/pkg.m4 $(top_srcdir)/version.m4 \
$(top_srcdir)/compat.m4 $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
DIST_COMMON = $(srcdir)/Makefile.am $(am__dist_doc_DATA_DIST) \
$(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h \
$(top_builddir)/include/openvpn-plugin.h
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
AM_V_P = $(am__v_P_@AM_V@)
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
am__v_P_0 = false
am__v_P_1 = :
AM_V_GEN = $(am__v_GEN_@AM_V@)
am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
am__v_GEN_0 = @echo " GEN " $@;
am__v_GEN_1 =
AM_V_at = $(am__v_at_@AM_V@)
am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
am__v_at_0 = @
am__v_at_1 =
SOURCES =
DIST_SOURCES =
am__can_run_installinfo = \
case $$AM_UPDATE_INFO_DIR in \
n|no|NO) false;; \
*) (install-info --version) >/dev/null 2>&1;; \
esac
am__dist_doc_DATA_DIST = README.systemd
am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
am__vpath_adj = case $$p in \
$(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
*) f=$$p;; \
esac;
am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
am__install_max = 40
am__nobase_strip_setup = \
srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
am__nobase_strip = \
for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
am__nobase_list = $(am__nobase_strip_setup); \
for p in $$list; do echo "$$p $$p"; done | \
sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
$(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
if (++n[$$2] == $(am__install_max)) \
{ print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
END { for (dir in files) print dir, files[dir] }'
am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__uninstall_files_from_dir = { \
test -z "$$files" \
|| { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
|| { echo " ( cd '$$dir' && rm -f" $$files ")"; \
$(am__cd) "$$dir" && rm -f $$files; }; \
}
am__installdirs = "$(DESTDIR)$(docdir)" "$(DESTDIR)$(systemdunitdir)" \
"$(DESTDIR)$(tmpfilesdir)"
DATA = $(dist_doc_DATA) $(systemdunit_DATA) $(tmpfiles_DATA)
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
am__DIST_COMMON = $(srcdir)/Makefile.in
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
AS = @AS@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
CMAKE = @CMAKE@
CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
DLLTOOL = @DLLTOOL@
DL_LIBS = @DL_LIBS@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GIT = @GIT@
GREP = @GREP@
IFCONFIG = @IFCONFIG@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
IPROUTE = @IPROUTE@
LD = @LD@
LDFLAGS = @LDFLAGS@
LIBOBJS = @LIBOBJS@
LIBPAM_CFLAGS = @LIBPAM_CFLAGS@
LIBPAM_LIBS = @LIBPAM_LIBS@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
LZ4_CFLAGS = @LZ4_CFLAGS@
LZ4_LIBS = @LZ4_LIBS@
LZO_CFLAGS = @LZO_CFLAGS@
LZO_LIBS = @LZO_LIBS@
MAKEINFO = @MAKEINFO@
MAN2HTML = @MAN2HTML@
MANIFEST_TOOL = @MANIFEST_TOOL@
MBEDTLS_CFLAGS = @MBEDTLS_CFLAGS@
MBEDTLS_LIBS = @MBEDTLS_LIBS@
MKDIR_P = @MKDIR_P@
NETSTAT = @NETSTAT@
NM = @NM@
NMEDIT = @NMEDIT@
OBJDUMP = @OBJDUMP@
OBJEXT = @OBJEXT@
OPENSSL_CFLAGS = @OPENSSL_CFLAGS@
OPENSSL_LIBS = @OPENSSL_LIBS@
OPENVPN_VERSION_MAJOR = @OPENVPN_VERSION_MAJOR@
OPENVPN_VERSION_MINOR = @OPENVPN_VERSION_MINOR@
OPENVPN_VERSION_PATCH = @OPENVPN_VERSION_PATCH@
OPTIONAL_CRYPTO_CFLAGS = @OPTIONAL_CRYPTO_CFLAGS@
OPTIONAL_CRYPTO_LIBS = @OPTIONAL_CRYPTO_LIBS@
OPTIONAL_DL_LIBS = @OPTIONAL_DL_LIBS@
OPTIONAL_INOTIFY_CFLAGS = @OPTIONAL_INOTIFY_CFLAGS@
OPTIONAL_INOTIFY_LIBS = @OPTIONAL_INOTIFY_LIBS@
OPTIONAL_LZ4_CFLAGS = @OPTIONAL_LZ4_CFLAGS@
OPTIONAL_LZ4_LIBS = @OPTIONAL_LZ4_LIBS@
OPTIONAL_LZO_CFLAGS = @OPTIONAL_LZO_CFLAGS@
OPTIONAL_LZO_LIBS = @OPTIONAL_LZO_LIBS@
OPTIONAL_PKCS11_HELPER_CFLAGS = @OPTIONAL_PKCS11_HELPER_CFLAGS@
OPTIONAL_PKCS11_HELPER_LIBS = @OPTIONAL_PKCS11_HELPER_LIBS@
OPTIONAL_SELINUX_LIBS = @OPTIONAL_SELINUX_LIBS@
OPTIONAL_SYSTEMD_LIBS = @OPTIONAL_SYSTEMD_LIBS@
OTOOL = @OTOOL@
OTOOL64 = @OTOOL64@
P11KIT_CFLAGS = @P11KIT_CFLAGS@
P11KIT_LIBS = @P11KIT_LIBS@
PACKAGE = @PACKAGE@
PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
PACKAGE_NAME = @PACKAGE_NAME@
PACKAGE_STRING = @PACKAGE_STRING@
PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_URL = @PACKAGE_URL@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PKCS11_HELPER_CFLAGS = @PKCS11_HELPER_CFLAGS@
PKCS11_HELPER_LIBS = @PKCS11_HELPER_LIBS@
PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PLUGINDIR = @PLUGINDIR@
PLUGIN_AUTH_PAM_CFLAGS = @PLUGIN_AUTH_PAM_CFLAGS@
PLUGIN_AUTH_PAM_LIBS = @PLUGIN_AUTH_PAM_LIBS@
RANLIB = @RANLIB@
RC = @RC@
ROUTE = @ROUTE@
SED = @SED@
SELINUX_LIBS = @SELINUX_LIBS@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
SOCKETS_LIBS = @SOCKETS_LIBS@
STRIP = @STRIP@
SYSTEMD_ASK_PASSWORD = @SYSTEMD_ASK_PASSWORD@
SYSTEMD_UNIT_DIR = @SYSTEMD_UNIT_DIR@
TAP_CFLAGS = @TAP_CFLAGS@
TAP_WIN_COMPONENT_ID = @TAP_WIN_COMPONENT_ID@
TAP_WIN_MIN_MAJOR = @TAP_WIN_MIN_MAJOR@
TAP_WIN_MIN_MINOR = @TAP_WIN_MIN_MINOR@
TEST_CFLAGS = @TEST_CFLAGS@
TEST_LDFLAGS = @TEST_LDFLAGS@
TMPFILES_DIR = @TMPFILES_DIR@
VERSION = @VERSION@
abs_builddir = @abs_builddir@
abs_srcdir = @abs_srcdir@
abs_top_builddir = @abs_top_builddir@
abs_top_srcdir = @abs_top_srcdir@
ac_ct_AR = @ac_ct_AR@
ac_ct_CC = @ac_ct_CC@
ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
am__include = @am__include@
am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
datadir = @datadir@
datarootdir = @datarootdir@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
libdir = @libdir@
libexecdir = @libexecdir@
libsystemd_CFLAGS = @libsystemd_CFLAGS@
libsystemd_LIBS = @libsystemd_LIBS@
localedir = @localedir@
localstatedir = @localstatedir@
mandir = @mandir@
mkdir_p = @mkdir_p@
oldincludedir = @oldincludedir@
pdfdir = @pdfdir@
plugindir = @plugindir@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
sampledir = @sampledir@
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
sysconfdir = @sysconfdir@
systemdunitdir = @systemdunitdir@
target_alias = @target_alias@
tmpfilesdir = @tmpfilesdir@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
EXTRA_DIST = \
tmpfiles-openvpn.conf \
openvpn-client@.service.in \
openvpn-server@.service.in
@ENABLE_SYSTEMD_TRUE@systemdunit_DATA = \
@ENABLE_SYSTEMD_TRUE@ openvpn-client@.service \
@ENABLE_SYSTEMD_TRUE@ openvpn-server@.service
@ENABLE_SYSTEMD_TRUE@tmpfiles_DATA = \
@ENABLE_SYSTEMD_TRUE@ tmpfiles-openvpn.conf
@ENABLE_SYSTEMD_TRUE@dist_doc_DATA = \
@ENABLE_SYSTEMD_TRUE@ README.systemd
MAINTAINERCLEANFILES = \
$(srcdir)/Makefile.in
all: all-am
.SUFFIXES:
$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
*$$dep*) \
( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
&& { if test -f $@; then exit 0; else break; fi; }; \
exit 1;; \
esac; \
done; \
echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign distro/systemd/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --foreign distro/systemd/Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
*) \
echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(top_srcdir)/configure: $(am__configure_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
mostlyclean-libtool:
-rm -f *.lo
clean-libtool:
-rm -rf .libs _libs
install-dist_docDATA: $(dist_doc_DATA)
@$(NORMAL_INSTALL)
@list='$(dist_doc_DATA)'; test -n "$(docdir)" || list=; \
if test -n "$$list"; then \
echo " $(MKDIR_P) '$(DESTDIR)$(docdir)'"; \
$(MKDIR_P) "$(DESTDIR)$(docdir)" || exit 1; \
fi; \
for p in $$list; do \
if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
echo "$$d$$p"; \
done | $(am__base_list) | \
while read files; do \
echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(docdir)'"; \
$(INSTALL_DATA) $$files "$(DESTDIR)$(docdir)" || exit $$?; \
done
uninstall-dist_docDATA:
@$(NORMAL_UNINSTALL)
@list='$(dist_doc_DATA)'; test -n "$(docdir)" || list=; \
files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
dir='$(DESTDIR)$(docdir)'; $(am__uninstall_files_from_dir)
install-systemdunitDATA: $(systemdunit_DATA)
@$(NORMAL_INSTALL)
@list='$(systemdunit_DATA)'; test -n "$(systemdunitdir)" || list=; \
if test -n "$$list"; then \
echo " $(MKDIR_P) '$(DESTDIR)$(systemdunitdir)'"; \
$(MKDIR_P) "$(DESTDIR)$(systemdunitdir)" || exit 1; \
fi; \
for p in $$list; do \
if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
echo "$$d$$p"; \
done | $(am__base_list) | \
while read files; do \
echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(systemdunitdir)'"; \
$(INSTALL_DATA) $$files "$(DESTDIR)$(systemdunitdir)" || exit $$?; \
done
uninstall-systemdunitDATA:
@$(NORMAL_UNINSTALL)
@list='$(systemdunit_DATA)'; test -n "$(systemdunitdir)" || list=; \
files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
dir='$(DESTDIR)$(systemdunitdir)'; $(am__uninstall_files_from_dir)
install-tmpfilesDATA: $(tmpfiles_DATA)
@$(NORMAL_INSTALL)
@list='$(tmpfiles_DATA)'; test -n "$(tmpfilesdir)" || list=; \
if test -n "$$list"; then \
echo " $(MKDIR_P) '$(DESTDIR)$(tmpfilesdir)'"; \
$(MKDIR_P) "$(DESTDIR)$(tmpfilesdir)" || exit 1; \
fi; \
for p in $$list; do \
if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
echo "$$d$$p"; \
done | $(am__base_list) | \
while read files; do \
echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(tmpfilesdir)'"; \
$(INSTALL_DATA) $$files "$(DESTDIR)$(tmpfilesdir)" || exit $$?; \
done
uninstall-tmpfilesDATA:
@$(NORMAL_UNINSTALL)
@list='$(tmpfiles_DATA)'; test -n "$(tmpfilesdir)" || list=; \
files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
dir='$(DESTDIR)$(tmpfilesdir)'; $(am__uninstall_files_from_dir)
tags TAGS:
ctags CTAGS:
cscope cscopelist:
distdir: $(BUILT_SOURCES)
$(MAKE) $(AM_MAKEFLAGS) distdir-am
distdir-am: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
dist_files=`for file in $$list; do echo $$file; done | \
sed -e "s|^$$srcdirstrip/||;t" \
-e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
case $$dist_files in \
*/*) $(MKDIR_P) `echo "$$dist_files" | \
sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
sort -u` ;; \
esac; \
for file in $$dist_files; do \
if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
if test -d $$d/$$file; then \
dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
if test -d "$(distdir)/$$file"; then \
find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
fi; \
if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
fi; \
cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
else \
test -f "$(distdir)/$$file" \
|| cp -p $$d/$$file "$(distdir)/$$file" \
|| exit 1; \
fi; \
done
check-am: all-am
check: check-am
all-am: Makefile $(DATA)
installdirs:
for dir in "$(DESTDIR)$(docdir)" "$(DESTDIR)$(systemdunitdir)" "$(DESTDIR)$(tmpfilesdir)"; do \
test -z "$$dir" || $(MKDIR_P) "$$dir"; \
done
install: install-am
install-exec: install-exec-am
install-data: install-data-am
uninstall: uninstall-am
install-am: all-am
@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
installcheck: installcheck-am
install-strip:
if test -z '$(STRIP)'; then \
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
install; \
else \
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
"INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
fi
mostlyclean-generic:
clean-generic:
distclean-generic:
-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@echo "it deletes files that may require special tools to rebuild."
-test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES)
@ENABLE_SYSTEMD_FALSE@install-data-hook:
clean: clean-am
clean-am: clean-generic clean-libtool mostlyclean-am
distclean: distclean-am
-rm -f Makefile
distclean-am: clean-am distclean-generic
dvi: dvi-am
dvi-am:
html: html-am
html-am:
info: info-am
info-am:
install-data-am: install-dist_docDATA install-systemdunitDATA \
install-tmpfilesDATA
@$(NORMAL_INSTALL)
$(MAKE) $(AM_MAKEFLAGS) install-data-hook
install-dvi: install-dvi-am
install-dvi-am:
install-exec-am:
install-html: install-html-am
install-html-am:
install-info: install-info-am
install-info-am:
install-man:
install-pdf: install-pdf-am
install-pdf-am:
install-ps: install-ps-am
install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-am
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
mostlyclean: mostlyclean-am
mostlyclean-am: mostlyclean-generic mostlyclean-libtool
pdf: pdf-am
pdf-am:
ps: ps-am
ps-am:
uninstall-am: uninstall-dist_docDATA uninstall-systemdunitDATA \
uninstall-tmpfilesDATA
.MAKE: install-am install-data-am install-strip
.PHONY: all all-am check check-am clean clean-generic clean-libtool \
cscopelist-am ctags-am distclean distclean-generic \
distclean-libtool distdir dvi dvi-am html html-am info info-am \
install install-am install-data install-data-am \
install-data-hook install-dist_docDATA install-dvi \
install-dvi-am install-exec install-exec-am install-html \
install-html-am install-info install-info-am install-man \
install-pdf install-pdf-am install-ps install-ps-am \
install-strip install-systemdunitDATA install-tmpfilesDATA \
installcheck installcheck-am installdirs maintainer-clean \
maintainer-clean-generic mostlyclean mostlyclean-generic \
mostlyclean-libtool pdf pdf-am ps ps-am tags-am uninstall \
uninstall-am uninstall-dist_docDATA uninstall-systemdunitDATA \
uninstall-tmpfilesDATA
.PRECIOUS: Makefile
%.service: %.service.in Makefile
$(AM_V_GEN)sed -e 's|\@sbindir\@|$(sbindir)|' \
$< > $@.tmp && mv $@.tmp $@
@ENABLE_SYSTEMD_TRUE@install-data-hook:
@ENABLE_SYSTEMD_TRUE@ mv $(DESTDIR)$(tmpfilesdir)/tmpfiles-openvpn.conf $(DESTDIR)$(tmpfilesdir)/openvpn.conf
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:
...@@ -5,27 +5,98 @@ ...@@ -5,27 +5,98 @@
# packet encryption, packet authentication, and # packet encryption, packet authentication, and
# packet compression. # packet compression.
# #
# Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net> # Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
# Copyright (C) 2006-2012 Alon Bar-Lev <alon.barlev@gmail.com> # Copyright (C) 2006-2012 Alon Bar-Lev <alon.barlev@gmail.com>
# #
MAINTAINERCLEANFILES = \ SUBDIRS = doxygen
$(srcdir)/Makefile.in
CLEANFILES = openvpn.8.html #
# List of man and HTML pages we build when rst2man/rst2html is available
#
# NOTE: Remember to add source .rst files to $(dist_noinst_DATA) below
# This could be automated with GNU Make, but we need BSD Make support
#
build_man_pages = openvpn.8 openvpn-examples.5
build_html_pages = openvpn.8.html openvpn-examples.5.html
dist_doc_DATA = \ dist_doc_DATA = \
management-notes.txt management-notes.txt gui-notes.txt
openvpn_sections = \
man-sections/advanced-options.rst \
man-sections/client-options.rst \
man-sections/connection-profiles.rst \
man-sections/encryption-options.rst \
man-sections/generic-options.rst \
man-sections/inline-files.rst \
man-sections/link-options.rst \
man-sections/log-options.rst \
man-sections/management-options.rst \
man-sections/network-config.rst \
man-sections/pkcs11-options.rst \
man-sections/plugin-options.rst \
man-sections/protocol-options.rst \
man-sections/proxy-options.rst \
man-sections/renegotiation.rst \
man-sections/signals.rst \
man-sections/script-options.rst \
man-sections/server-options.rst \
man-sections/tls-options.rst \
man-sections/unsupported-options.rst \
man-sections/virtual-routing-and-forwarding.rst \
man-sections/vpn-network-options.rst \
man-sections/windows-options.rst
openvpn_examples_sections = \
man-sections/example-fingerprint.rst \
man-sections/examples.rst
dist_noinst_DATA = \ dist_noinst_DATA = \
README.plugins interactive-service-notes.rst README.plugins interactive-service-notes.rst \
openvpn.8.rst \
openvpn-examples.5.rst \
$(openvpn_sections) \
$(openvpn_examples_sections)
# dependencies
openvpn.8 openvpn.8.html: $(openvpn_sections)
openvpn-examples.5 openvpn-examples.5.html: $(openvpn_examples_sections)
###### GENERIC RULES ##########
SUFFIXES = .8.rst .8 .8.html .5.rst .5 .5.html
MAINTAINERCLEANFILES = \
$(srcdir)/Makefile.in
.8.rst.8 .5.rst.5 :
if HAVE_PYDOCUTILS
$(RST2MAN) $< > $@
else
@echo "Missing python-docutils - skipping man page generation ($@)"
endif
.8.rst.8.html .5.rst.5.html :
if HAVE_PYDOCUTILS
$(RST2HTML) $< > $@
else
@echo "Missing python-docutils - skipping html page generation ($@)"
endif
if HAVE_PYDOCUTILS
dist_noinst_DATA += $(build_man_pages)
dist_html_DATA = $(build_html_pages)
# Failsafe - do not delete these files unless we can recreate them
CLEANFILES = $(build_man_pages) $(build_html_pages)
endif
if WIN32 if WIN32
dist_noinst_DATA += openvpn.8
nodist_html_DATA = openvpn.8.html
openvpn.8.html: $(srcdir)/openvpn.8
$(MAN2HTML) < $(srcdir)/openvpn.8 > openvpn.8.html
else else
dist_man_MANS = openvpn.8 dist_man_MANS = $(build_man_pages)
endif endif
dist-hook : $(build_man_pages) $(build_html_pages)
# Makefile.in generated by automake 1.16.1 from Makefile.am.
# @configure_input@
# Copyright (C) 1994-2018 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE.
@SET_MAKE@
#
# OpenVPN -- An application to securely tunnel IP networks
# over a single UDP port, with support for SSL/TLS-based
# session authentication and key exchange,
# packet encryption, packet authentication, and
# packet compression.
#
# Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
# Copyright (C) 2006-2012 Alon Bar-Lev <alon.barlev@gmail.com>
#
VPATH = @srcdir@
am__is_gnu_make = { \
if test -z '$(MAKELEVEL)'; then \
false; \
elif test -n '$(MAKE_HOST)'; then \
true; \
elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
true; \
else \
false; \
fi; \
}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
*) echo "am__make_running_with_option: internal error: invalid" \
"target option '$${target_option-}' specified" >&2; \
exit 1;; \
esac; \
has_opt=no; \
sane_makeflags=$$MAKEFLAGS; \
if $(am__is_gnu_make); then \
sane_makeflags=$$MFLAGS; \
else \
case $$MAKEFLAGS in \
*\\[\ \ ]*) \
bs=\\; \
sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
| sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
esac; \
fi; \
skip_next=no; \
strip_trailopt () \
{ \
flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
}; \
for flg in $$sane_makeflags; do \
test $$skip_next = yes && { skip_next=no; continue; }; \
case $$flg in \
*=*|--*) continue;; \
-*I) strip_trailopt 'I'; skip_next=yes;; \
-*I?*) strip_trailopt 'I';; \
-*O) strip_trailopt 'O'; skip_next=yes;; \
-*O?*) strip_trailopt 'O';; \
-*l) strip_trailopt 'l'; skip_next=yes;; \
-*l?*) strip_trailopt 'l';; \
-[dEDm]) skip_next=yes;; \
-[JT]) skip_next=yes;; \
esac; \
case $$flg in \
*$$target_option*) has_opt=yes; break;; \
esac; \
done; \
test $$has_opt = yes
am__make_dryrun = (target_option=n; $(am__make_running_with_option))
am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
pkgdatadir = $(datadir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
pkglibexecdir = $(libexecdir)/@PACKAGE@
am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
install_sh_DATA = $(install_sh) -c -m 644
install_sh_PROGRAM = $(install_sh) -c
install_sh_SCRIPT = $(install_sh) -c
INSTALL_HEADER = $(INSTALL_DATA)
transform = $(program_transform_name)
NORMAL_INSTALL = :
PRE_INSTALL = :
POST_INSTALL = :
NORMAL_UNINSTALL = :
PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
@WIN32_TRUE@am__append_1 = openvpn.8
subdir = doc
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/ax_emptyarray.m4 \
$(top_srcdir)/m4/ax_socklen_t.m4 \
$(top_srcdir)/m4/ax_varargs.m4 $(top_srcdir)/m4/libtool.m4 \
$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
$(top_srcdir)/m4/pkg.m4 $(top_srcdir)/version.m4 \
$(top_srcdir)/compat.m4 $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
DIST_COMMON = $(srcdir)/Makefile.am $(dist_doc_DATA) \
$(am__dist_noinst_DATA_DIST) $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h \
$(top_builddir)/include/openvpn-plugin.h
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
AM_V_P = $(am__v_P_@AM_V@)
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
am__v_P_0 = false
am__v_P_1 = :
AM_V_GEN = $(am__v_GEN_@AM_V@)
am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
am__v_GEN_0 = @echo " GEN " $@;
am__v_GEN_1 =
AM_V_at = $(am__v_at_@AM_V@)
am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
am__v_at_0 = @
am__v_at_1 =
SOURCES =
DIST_SOURCES =
am__can_run_installinfo = \
case $$AM_UPDATE_INFO_DIR in \
n|no|NO) false;; \
*) (install-info --version) >/dev/null 2>&1;; \
esac
am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
am__vpath_adj = case $$p in \
$(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
*) f=$$p;; \
esac;
am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
am__install_max = 40
am__nobase_strip_setup = \
srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
am__nobase_strip = \
for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
am__nobase_list = $(am__nobase_strip_setup); \
for p in $$list; do echo "$$p $$p"; done | \
sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
$(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
if (++n[$$2] == $(am__install_max)) \
{ print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
END { for (dir in files) print dir, files[dir] }'
am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__uninstall_files_from_dir = { \
test -z "$$files" \
|| { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
|| { echo " ( cd '$$dir' && rm -f" $$files ")"; \
$(am__cd) "$$dir" && rm -f $$files; }; \
}
man8dir = $(mandir)/man8
am__installdirs = "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(docdir)" \
"$(DESTDIR)$(htmldir)"
NROFF = nroff
MANS = $(dist_man_MANS)
am__dist_noinst_DATA_DIST = README.plugins \
interactive-service-notes.rst openvpn.8
DATA = $(dist_doc_DATA) $(dist_noinst_DATA) $(nodist_html_DATA)
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
AS = @AS@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
CMAKE = @CMAKE@
CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
DLLTOOL = @DLLTOOL@
DL_LIBS = @DL_LIBS@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GIT = @GIT@
GREP = @GREP@
IFCONFIG = @IFCONFIG@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
IPROUTE = @IPROUTE@
LD = @LD@
LDFLAGS = @LDFLAGS@
LIBOBJS = @LIBOBJS@
LIBPAM_CFLAGS = @LIBPAM_CFLAGS@
LIBPAM_LIBS = @LIBPAM_LIBS@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
LZ4_CFLAGS = @LZ4_CFLAGS@
LZ4_LIBS = @LZ4_LIBS@
LZO_CFLAGS = @LZO_CFLAGS@
LZO_LIBS = @LZO_LIBS@
MAKEINFO = @MAKEINFO@
MAN2HTML = @MAN2HTML@
MANIFEST_TOOL = @MANIFEST_TOOL@
MBEDTLS_CFLAGS = @MBEDTLS_CFLAGS@
MBEDTLS_LIBS = @MBEDTLS_LIBS@
MKDIR_P = @MKDIR_P@
NETSTAT = @NETSTAT@
NM = @NM@
NMEDIT = @NMEDIT@
OBJDUMP = @OBJDUMP@
OBJEXT = @OBJEXT@
OPENSSL_CFLAGS = @OPENSSL_CFLAGS@
OPENSSL_LIBS = @OPENSSL_LIBS@
OPENVPN_VERSION_MAJOR = @OPENVPN_VERSION_MAJOR@
OPENVPN_VERSION_MINOR = @OPENVPN_VERSION_MINOR@
OPENVPN_VERSION_PATCH = @OPENVPN_VERSION_PATCH@
OPTIONAL_CRYPTO_CFLAGS = @OPTIONAL_CRYPTO_CFLAGS@
OPTIONAL_CRYPTO_LIBS = @OPTIONAL_CRYPTO_LIBS@
OPTIONAL_DL_LIBS = @OPTIONAL_DL_LIBS@
OPTIONAL_INOTIFY_CFLAGS = @OPTIONAL_INOTIFY_CFLAGS@
OPTIONAL_INOTIFY_LIBS = @OPTIONAL_INOTIFY_LIBS@
OPTIONAL_LZ4_CFLAGS = @OPTIONAL_LZ4_CFLAGS@
OPTIONAL_LZ4_LIBS = @OPTIONAL_LZ4_LIBS@
OPTIONAL_LZO_CFLAGS = @OPTIONAL_LZO_CFLAGS@
OPTIONAL_LZO_LIBS = @OPTIONAL_LZO_LIBS@
OPTIONAL_PKCS11_HELPER_CFLAGS = @OPTIONAL_PKCS11_HELPER_CFLAGS@
OPTIONAL_PKCS11_HELPER_LIBS = @OPTIONAL_PKCS11_HELPER_LIBS@
OPTIONAL_SELINUX_LIBS = @OPTIONAL_SELINUX_LIBS@
OPTIONAL_SYSTEMD_LIBS = @OPTIONAL_SYSTEMD_LIBS@
OTOOL = @OTOOL@
OTOOL64 = @OTOOL64@
P11KIT_CFLAGS = @P11KIT_CFLAGS@
P11KIT_LIBS = @P11KIT_LIBS@
PACKAGE = @PACKAGE@
PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
PACKAGE_NAME = @PACKAGE_NAME@
PACKAGE_STRING = @PACKAGE_STRING@
PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_URL = @PACKAGE_URL@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PKCS11_HELPER_CFLAGS = @PKCS11_HELPER_CFLAGS@
PKCS11_HELPER_LIBS = @PKCS11_HELPER_LIBS@
PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PLUGINDIR = @PLUGINDIR@
PLUGIN_AUTH_PAM_CFLAGS = @PLUGIN_AUTH_PAM_CFLAGS@
PLUGIN_AUTH_PAM_LIBS = @PLUGIN_AUTH_PAM_LIBS@
RANLIB = @RANLIB@
RC = @RC@
ROUTE = @ROUTE@
SED = @SED@
SELINUX_LIBS = @SELINUX_LIBS@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
SOCKETS_LIBS = @SOCKETS_LIBS@
STRIP = @STRIP@
SYSTEMD_ASK_PASSWORD = @SYSTEMD_ASK_PASSWORD@
SYSTEMD_UNIT_DIR = @SYSTEMD_UNIT_DIR@
TAP_CFLAGS = @TAP_CFLAGS@
TAP_WIN_COMPONENT_ID = @TAP_WIN_COMPONENT_ID@
TAP_WIN_MIN_MAJOR = @TAP_WIN_MIN_MAJOR@
TAP_WIN_MIN_MINOR = @TAP_WIN_MIN_MINOR@
TEST_CFLAGS = @TEST_CFLAGS@
TEST_LDFLAGS = @TEST_LDFLAGS@
TMPFILES_DIR = @TMPFILES_DIR@
VERSION = @VERSION@
abs_builddir = @abs_builddir@
abs_srcdir = @abs_srcdir@
abs_top_builddir = @abs_top_builddir@
abs_top_srcdir = @abs_top_srcdir@
ac_ct_AR = @ac_ct_AR@
ac_ct_CC = @ac_ct_CC@
ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
am__include = @am__include@
am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
datadir = @datadir@
datarootdir = @datarootdir@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
libdir = @libdir@
libexecdir = @libexecdir@
libsystemd_CFLAGS = @libsystemd_CFLAGS@
libsystemd_LIBS = @libsystemd_LIBS@
localedir = @localedir@
localstatedir = @localstatedir@
mandir = @mandir@
mkdir_p = @mkdir_p@
oldincludedir = @oldincludedir@
pdfdir = @pdfdir@
plugindir = @plugindir@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
sampledir = @sampledir@
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
sysconfdir = @sysconfdir@
systemdunitdir = @systemdunitdir@
target_alias = @target_alias@
tmpfilesdir = @tmpfilesdir@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
MAINTAINERCLEANFILES = \
$(srcdir)/Makefile.in
CLEANFILES = openvpn.8.html
dist_doc_DATA = \
management-notes.txt
dist_noinst_DATA = README.plugins interactive-service-notes.rst \
$(am__append_1)
@WIN32_TRUE@nodist_html_DATA = openvpn.8.html
@WIN32_FALSE@dist_man_MANS = openvpn.8
all: all-am
.SUFFIXES:
$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
*$$dep*) \
( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
&& { if test -f $@; then exit 0; else break; fi; }; \
exit 1;; \
esac; \
done; \
echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign doc/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --foreign doc/Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
*) \
echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(top_srcdir)/configure: $(am__configure_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
mostlyclean-libtool:
-rm -f *.lo
clean-libtool:
-rm -rf .libs _libs
install-man8: $(dist_man_MANS)
@$(NORMAL_INSTALL)
@list1=''; \
list2='$(dist_man_MANS)'; \
test -n "$(man8dir)" \
&& test -n "`echo $$list1$$list2`" \
|| exit 0; \
echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \
$(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \
{ for i in $$list1; do echo "$$i"; done; \
if test -n "$$list2"; then \
for i in $$list2; do echo "$$i"; done \
| sed -n '/\.8[a-z]*$$/p'; \
fi; \
} | while read p; do \
if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
echo "$$d$$p"; echo "$$p"; \
done | \
sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
-e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
sed 'N;N;s,\n, ,g' | { \
list=; while read file base inst; do \
if test "$$base" = "$$inst"; then list="$$list $$file"; else \
echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
$(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \
fi; \
done; \
for i in $$list; do echo "$$i"; done | $(am__base_list) | \
while read files; do \
test -z "$$files" || { \
echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \
$(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \
done; }
uninstall-man8:
@$(NORMAL_UNINSTALL)
@list=''; test -n "$(man8dir)" || exit 0; \
files=`{ for i in $$list; do echo "$$i"; done; \
l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
sed -n '/\.8[a-z]*$$/p'; \
} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
-e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir)
install-dist_docDATA: $(dist_doc_DATA)
@$(NORMAL_INSTALL)
@list='$(dist_doc_DATA)'; test -n "$(docdir)" || list=; \
if test -n "$$list"; then \
echo " $(MKDIR_P) '$(DESTDIR)$(docdir)'"; \
$(MKDIR_P) "$(DESTDIR)$(docdir)" || exit 1; \
fi; \
for p in $$list; do \
if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
echo "$$d$$p"; \
done | $(am__base_list) | \
while read files; do \
echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(docdir)'"; \
$(INSTALL_DATA) $$files "$(DESTDIR)$(docdir)" || exit $$?; \
done
uninstall-dist_docDATA:
@$(NORMAL_UNINSTALL)
@list='$(dist_doc_DATA)'; test -n "$(docdir)" || list=; \
files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
dir='$(DESTDIR)$(docdir)'; $(am__uninstall_files_from_dir)
install-nodist_htmlDATA: $(nodist_html_DATA)
@$(NORMAL_INSTALL)
@list='$(nodist_html_DATA)'; test -n "$(htmldir)" || list=; \
if test -n "$$list"; then \
echo " $(MKDIR_P) '$(DESTDIR)$(htmldir)'"; \
$(MKDIR_P) "$(DESTDIR)$(htmldir)" || exit 1; \
fi; \
for p in $$list; do \
if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
echo "$$d$$p"; \
done | $(am__base_list) | \
while read files; do \
echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(htmldir)'"; \
$(INSTALL_DATA) $$files "$(DESTDIR)$(htmldir)" || exit $$?; \
done
uninstall-nodist_htmlDATA:
@$(NORMAL_UNINSTALL)
@list='$(nodist_html_DATA)'; test -n "$(htmldir)" || list=; \
files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
dir='$(DESTDIR)$(htmldir)'; $(am__uninstall_files_from_dir)
tags TAGS:
ctags CTAGS:
cscope cscopelist:
distdir: $(BUILT_SOURCES)
$(MAKE) $(AM_MAKEFLAGS) distdir-am
distdir-am: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
dist_files=`for file in $$list; do echo $$file; done | \
sed -e "s|^$$srcdirstrip/||;t" \
-e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
case $$dist_files in \
*/*) $(MKDIR_P) `echo "$$dist_files" | \
sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
sort -u` ;; \
esac; \
for file in $$dist_files; do \
if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
if test -d $$d/$$file; then \
dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
if test -d "$(distdir)/$$file"; then \
find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
fi; \
if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
fi; \
cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
else \
test -f "$(distdir)/$$file" \
|| cp -p $$d/$$file "$(distdir)/$$file" \
|| exit 1; \
fi; \
done
check-am: all-am
check: check-am
all-am: Makefile $(MANS) $(DATA)
installdirs:
for dir in "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(docdir)" "$(DESTDIR)$(htmldir)"; do \
test -z "$$dir" || $(MKDIR_P) "$$dir"; \
done
install: install-am
install-exec: install-exec-am
install-data: install-data-am
uninstall: uninstall-am
install-am: all-am
@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
installcheck: installcheck-am
install-strip:
if test -z '$(STRIP)'; then \
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
install; \
else \
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
"INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
fi
mostlyclean-generic:
clean-generic:
-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
distclean-generic:
-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@echo "it deletes files that may require special tools to rebuild."
-test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES)
clean: clean-am
clean-am: clean-generic clean-libtool mostlyclean-am
distclean: distclean-am
-rm -f Makefile
distclean-am: clean-am distclean-generic
dvi: dvi-am
dvi-am:
html: html-am
html-am:
info: info-am
info-am:
install-data-am: install-dist_docDATA install-man \
install-nodist_htmlDATA
install-dvi: install-dvi-am
install-dvi-am:
install-exec-am:
install-html: install-html-am
install-html-am:
install-info: install-info-am
install-info-am:
install-man: install-man8
install-pdf: install-pdf-am
install-pdf-am:
install-ps: install-ps-am
install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-am
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
mostlyclean: mostlyclean-am
mostlyclean-am: mostlyclean-generic mostlyclean-libtool
pdf: pdf-am
pdf-am:
ps: ps-am
ps-am:
uninstall-am: uninstall-dist_docDATA uninstall-man \
uninstall-nodist_htmlDATA
uninstall-man: uninstall-man8
.MAKE: install-am install-strip
.PHONY: all all-am check check-am clean clean-generic clean-libtool \
cscopelist-am ctags-am distclean distclean-generic \
distclean-libtool distdir dvi dvi-am html html-am info info-am \
install install-am install-data install-data-am \
install-dist_docDATA install-dvi install-dvi-am install-exec \
install-exec-am install-html install-html-am install-info \
install-info-am install-man install-man8 \
install-nodist_htmlDATA install-pdf install-pdf-am install-ps \
install-ps-am install-strip installcheck installcheck-am \
installdirs maintainer-clean maintainer-clean-generic \
mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \
ps ps-am tags-am uninstall uninstall-am uninstall-dist_docDATA \
uninstall-man uninstall-man8 uninstall-nodist_htmlDATA
.PRECIOUS: Makefile
@WIN32_TRUE@openvpn.8.html: $(srcdir)/openvpn.8
@WIN32_TRUE@ $(MAN2HTML) < $(srcdir)/openvpn.8 > openvpn.8.html
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:
man page documentation
======================
The man page content maintained in the openvpn.8.rst file and proper man and
the html version of the man page are generated using python-docutils. Both
the man page and html file are generated during 'make dist' or 'make distcheck'
and should be distributed inside the tarball by default.
Users compiling OpenVPN from the tarball should not need to regenerate the
man/html files unless the source file needs to be modified.
Further information:
* Python docutils project:
https://docutils.sourceforge.io/
* Quickstart on .rst
https://docutils.sourceforge.io/docs/user/rst/quickstart.html
* reStructuredText Markup Specifictaion (.rst)
https://docutils.sourceforge.io/docs/ref/rst/restructuredtext.html
This file documents the support in OpenVPN for Android 4.0 and up.
This support is primarily used in the "OpenVPN for Android" app
(https://github.com/schwabe/ics-openvpn). For building see the developer
README: https://github.com/schwabe/ics-openvpn/blob/master/doc/README.txt
Android provides the VPNService API
(http://developer.android.com/reference/android/net/VpnService.html)
which allows establishing VPN connections without rooting the device.
Since all the interfaces are are Android specific the calls to this
interface are made from the UI instead of OpenVPN directly. The API
needs the following parameters:
- IP and netmask of tun interface
- Networks that should be routed to the tun interface
- DNS Servers and DNS Domain
- MTU
All IPs/Routes are in CIDR style. Non CIDR routes are not supported.
Notable is the lack of support for setting routes to other interfaces
usually used to avoid the server connection going over the tun
interface. The Android VPNService API has the concept of protecting
a socket from being routed over a interface. Calling protect (fd)
will internally bind the socket to the interface used for the
external connection (usually WiFi or mobile data).
To use OpenVPN with the VPNService API OpenVPN must be build with
the TARGET_ANDROID compile option. Also the UI must use a UNIX
domain socket to connect to OpenVPN. When compiled as TARGET_ANDROID
OpenVPN will use management callbacks instead of executing traditional
ifconfig/route commands use the need-ok callback mechanism which
will ask
> NEED-OK command
where command can be:
IFCONFIG6 IPv6/netmask
IFCONFIG local remoteOrNetmask MTU topology
To tell the UI which IPs addresses OpenVPN expects on the interface.
Topology is one of "net30","p2p","subnet" or "undef".
ROUTE6 network/netmask
ROUTE network netmask
To tell the UI which routes should be set on the tun interface.
DNSSERVER IP server address
DNS6SERVER IPv6 server address
DNSDOMAIN searchdomain
To set the DNS server and search domain.
The GUI will then respond with a "needok 'command' ok' or "needok
'command' cancel', e.g. "needok 'IFCONFIG' ok".
PERSIST_TUN_ACTION
In Android 4.4-4.4.2 a bug exists that does not allow to open a new tun fd
while a tun fd is still open. When OpenVPN wants to open an fd it will do
this query. The UI should compare the last configuration of
the tun device with the current tun configuration and reply with either (or
always respond with OPEN_AFTER_BEFORE/OPEN_BEFORE_CLOSE)
- NOACTION: Keep using the old fd
- OPEN_AFTER_CLOSE: First close the old fd and then open a new to workaround the bug
- OPEN_BEFORE_CLOSE: the normal behaviour when the VPN configuration changed
For example the UI could respond with
needok 'PERSIST_TUN_ACTION' OPEN_AFTER_CLOSE
To protect a socket the OpenVPN will send a PROTECTFD to the UI.
When sending the PROTECTFD command command to the UI it will send
the fd of the socket as ancillary message over the UNIX socket.
The UI will then call protect(fd) on the received socket protecting
it from being routed over the VPN.
When opening a tun device the OpenVPN process will first send all
route, ifconfig and DNS related configuration to the UI and after
that calls the OPENTUN command to receive a tun fd with the requested
configuration. The UI will than use the collected information to
call the VPNService's establish() method to receive a fd which in
turn is send to the OpenVPN process as ancillary message to the
"needok 'OPENTUN' ok' response.
The OpenVPN for Android UI extensively uses other features that
are not specific to Android but are rarely used on other platform.
For example using SIGUSR1 and management-hold to restart, pause,
continue the VPN on network changes or the external key management
--management-external-key option and inline files.
To better support handover between networks, a the management command
network-change [samenetwork]
is used on the Android platform. It tells OpenVPN to do the necessary
action when the network changes. Currently this is just calling
the protect callback when using peer-id regardless of the samenetwork.
Without peer-id OpenVPN will generate USR1 when samenetwork is not set.
#
# OpenVPN -- An application to securely tunnel IP networks
# over a single UDP port, with support for SSL/TLS-based
# session authentication and key exchange,
# packet encryption, packet authentication, and
# packet compression.
#
# Copyright (C) 2017-2021 Fox-IT B.V. <openvpn@foxcrypto.com>
#
MAINTAINERCLEANFILES = \
$(srcdir)/Makefile.in
DISTCLEANFILES = openvpn.doxyfile
.PHONY: doxygen
doxygen: openvpn.doxyfile
doxygen openvpn.doxyfile
clean-local:
-rm -rf html latex
/*
* OpenVPN -- An application to securely tunnel IP networks
* over a single TCP/UDP port, with support for SSL/TLS-based
* session authentication and key exchange,
* packet encryption, packet authentication, and
* packet compression.
*
* Copyright (C) 2010-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
*
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
/**
* @file Data Channel Compression module documentation file.
*/
/**
* @defgroup compression Data Channel Compression module
*
* This module offers compression of data channel packets.
*
* @par State structures
* The Data Channel Compression module stores its internal state in a \c
* lzo_compress_workspace structure. This state includes flags which
* control the module's behavior and preallocated working memory. One
* such structure is present for each VPN tunnel, and is stored in the \c
* context.c2.lzo_compwork of the \c context associated with that VPN
* tunnel.
*
* @par Initialization and cleanup
* Every time a new \c lzo_compress_workspace is needed, it must be
* initialized using the \c lzo_compress_init() function. Similarly,
* every time a \c lzo_compress_workspace is no longer needed, it must be
* cleaned up using the \c lzo_compress_uninit() function. These
* functions take care of the allocation and freeing of internal working
* memory, but not of the \c lzo_compress_workspace structures themselves.
*
* @par
* Because of the one-to-one relationship between \c
* lzo_compress_workspace structures and VPN tunnels, the above-mentioned
* initialization and cleanup functions are called directly from the \c
* init_instance() and \c close_instance() functions, which control the
* initialization and cleanup of VPN tunnel instances and their associated
* \c context structures.
*
* @par Packet processing functions
* This module receives data channel packets from the \link data_control
* Data Channel Control module\endlink and processes them according to the
* settings of the packet's VPN tunnel. The \link data_control Data
* Channel Control module\endlink uses the following interface functions:
* - For packets which will be sent to a remote OpenVPN peer: \c
* lzo_compress()
* - For packets which have been received from a remote OpenVPN peer: \c
* lzo_decompress()
*
* @par Settings that control this module's activity
* Whether or not the Data Channel Compression module is active depends on
* the compile-time \c ENABLE_LZO preprocessor macro and the runtime flags
* stored in \c lzo_compress_workspace.flags of the associated VPN tunnel.
* The latter are initialized from \c options.lzo, which gets its value
* from the process's configuration sources, such as its configuration
* file or command line %options.
*
* @par Adaptive compression
* The compression module supports adaptive compression. If this feature
* is enabled, the compression routines monitor their own performance and
* turn compression on or off depending on whether it is leading to
* significantly reduced payload size.
*
* @par Compression algorithms
* This module uses the Lempel-Ziv-Oberhumer (LZO) compression algorithms.
* These offer lossless compression and are designed for high-performance
* decompression. This module uses the external \c lzo library's
* implementation of the algorithms.
*
* @par
* For more information on the LZO library, see:\n
* http://www.oberhumer.com/opensource/lzo/
*/
/*
* OpenVPN -- An application to securely tunnel IP networks
* over a single TCP/UDP port, with support for SSL/TLS-based
* session authentication and key exchange,
* packet encryption, packet authentication, and
* packet compression.
*
* Copyright (C) 2010-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
*
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
/**
* @file
* Control Channel Processor module documentation file.
*/
/**
* @defgroup control_processor Control Channel Processor module
*
* This module controls the setup and maintenance of VPN tunnels and the
* associated security parameters.
*
* @par This module's role
* The Control Channel Processor module lies at the core of OpenVPN's
* activities. It handles the setup of new VPN tunnels, the negotiation
* of data channel security parameters, the managing of active VPN
* tunnels, and finally the cleanup of expired VPN tunnels.
*
* @par State structures
* A large amount of VPN tunnel state information must be stored within an
* OpenVPN process. A wide variety of container structures are used by
* this module for that purpose. Several of these structures are listed
* below, and the function of the first three VPN tunnel state containers
* is described in more detail later.
* - VPN tunnel state containers:
* - \c tls_multi, security parameter state for a single VPN tunnel.
* Contains three instances of the \c tls_session structure.
* - \c tls_session, security parameter state of a single session
* within a VPN tunnel. Contains two instances of the \c key_state
* structure.
* - \c key_state, security parameter state of one TLS and data
* channel %key set.
* - Data channel security parameter containers:
* - \c key_ctx_bi, container for two sets of OpenSSL cipher and/or
* HMAC context (both directions). Contains two instances of the \c
* key_ctx structure.
* - \c key_ctx, container for one set of OpenSSL cipher and/or HMAC
* context (one directions.
* - Key material containers:
* - \c key2, container for two sets of cipher and/or HMAC %key
* material (both directions). Contains two instances of the \c key
* structure.
* - \c key, container for one set of cipher and/or HMAC %key material
* (one direction).
* - \c key_direction_state, ordering of %key material within the \c
* key2.key array.
* - Key method 2 random material containers:
* - \c key_source2, container for both halves of random material used
* for %key method 2. Contains two instances of the \c key_source
* structure.
* - \c key_source, container for one half of random material used for
* %key method 2.
*
* @par The life of a \c tls_multi object
* A \c tls_multi structure contains all the security parameter state
* information related to the control and data channels of one VPN tunnel.
* Its life cycle can be summarized as follows:
* -# Initialization: \c tls_multi_init() and \c
* tls_multi_init_finalize(), which are called (indirectly) from \c
* init_instance() when initializing a new \c context structure.
* - Initializes a \c tls_multi structure.
* - Allocates the three \c tls_session objects contained by the \c
* tls_multi structure, and initializes as appropriate.
* -# Management: \c tls_multi_process() and \c tls_pre_decrypt()
* - If a new session is initiated by the remote peer, then \c
* tls_pre_decrypt() starts the new session negotiation in the
* un-trusted \c tls_session.
* - If the, as yet, un-trusted \c tls_session authenticates
* successfully, then \c tls_multi_process() moves it so as to be
* the active \c tls_session.
* - If an error occurs during processing of a \c key_state object,
* then \c tls_multi_process() cleans up and initializes the
* associated \c tls_session object. If the error occurred in the
* active \c key_state of the active \c tls_session and the
* lame-duck \c key_state of that \c tls_session has not yet
* expired, it is preserved as fallback.
* -# Cleanup: \c tls_multi_free(), which is called (indirectly) from \c
* close_instance() when cleaning up a \c context structure.
* - Cleans up a \c tls_multi structure.
* - Cleans up the three \c tls_session objects contained by the \c
* tls_multi structure.
*
* @par The life of a \c tls_session object
* A \c tls_session structure contains the state information related to an
* active and a lame-duck \c key_state. Its life cycle can be summarized
* as follows:
* -# Initialization: \c tls_session_init()
* - Initializes a \c tls_session structure.
* - Initializes the primary \c key_state by calling \c
* key_state_init().
* -# Renegotiation: \c key_state_soft_reset()
* - Cleans up the old lame-duck \c key_state by calling \c
* key_state_free().
* - Moves the old primary \c key_state to be the new lame-duck \c
* key_state.
* - Initializes a new primary \c key_state by calling \c
* key_state_init().
* -# Cleanup: \c tls_session_free()
* - Cleans up a \c tls_session structure.
* - Cleans up all \c key_state objects associated with the session by
* calling \c key_state_free() for each.
*
* @par The life of a \c key_state object
* A \c key_state structure represents one control and data channel %key
* set. It contains an OpenSSL TLS object that encapsulates the control
* channel, and the data channel security parameters needed by the \link
* data_crypto Data Channel Crypto module\endlink to perform cryptographic
* operations on data channel packets. Its life cycle can be summarized
* as follows:
* -# Initialization: \c key_state_init()
* - Initializes a \c key_state structure.
* - Creates a new OpenSSL TLS object to encapsulate this new control
* channel session.
* - Sets \c key_state.state to \c S_INITIAL.
* - Allocates several internal buffers.
* - Initializes new reliability layer structures for this key set.
* -# Negotiation: \c tls_process()
* - The OpenSSL TLS object negotiates a TLS session between itself
* and the remote peer's TLS object.
* - Key material is generated and exchanged through the TLS session
* between OpenVPN peers.
* - Both peers initialize their data channel cipher and HMAC key
* contexts.
* - On successful negotiation, the \c key_state.state will progress
* from \c S_INITIAL to \c S_ACTIVE and \c S_NORMAL.
* -# Active tunneling: \link data_crypto Data Channel Crypto
* module\endlink
* - Data channel packet to be sent to a remote OpenVPN peer:
* - \c tls_pre_encrypt() loads the security parameters from the \c
* key_state into a \c crypto_options structure.
* - \c openvpn_encrypt() uses the \c crypto_options to an encrypt
* and HMAC sign the data channel packet.
* - Data channel packet received from a remote OpenVPN peer:
* - \c tls_pre_decrypt() loads the security parameters from the \c
* key_state into a \c crypto_options structure.
* - \c openvpn_encrypt() uses the \c crypto_options to
* authenticate and decrypt the data channel packet.
* -# Cleanup: \c key_state_free()
* - Cleans up a \c key_state structure together with its OpenSSL TLS
* object, key material, internal buffers, and reliability layer
* structures.
*
* @par Control functions
* The following two functions drive the Control Channel Processor's
* activities.
* - \c tls_multi_process(), iterates through the \c tls_session objects
* within a given \c tls_multi of a VPN tunnel, and calls \c
* tls_process() for each \c tls_session which is being set up, is
* already active, or is busy expiring.
* - \c tls_process(), performs the Control Channel Processor module's
* core handling of received control channel messages, and generates
* appropriate messages to be sent.
*
* @par Functions which control data channel key generation
* - Key method 1 key exchange functions were removed from OpenVPN 2.5
* - Key method 2 key exchange functions:
* - \c key_method_2_write(), generates and processes key material to
* be sent to the remote OpenVPN peer.
* - \c key_method_2_read(), processes key material received from the
* remote OpenVPN peer.
*/
/*
* OpenVPN -- An application to securely tunnel IP networks
* over a single TCP/UDP port, with support for SSL/TLS-based
* session authentication and key exchange,
* packet encryption, packet authentication, and
* packet compression.
*
* Copyright (C) 2010-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
*
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
/**
* @file
* Control Channel TLS module documentation file.
*/
/**
* @defgroup control_tls Control Channel TLS module
*
* This module provides secure encapsulation of control channel messages
* exchanged between OpenVPN peers.
*
* The Control Channel TLS module uses the Transport Layer Security (TLS)
* protocol to provide an encrypted communication channel between the
* local OpenVPN process and a remote peer. This protocol simultaneously
* offers certificate-based authentication of the communicating parties.
*
* @par This module's roles
* The Control Channel TLS module is essential for the security of any
* OpenVPN-based system. On the one hand, it performs the security
* operations necessary to protect control channel messages exchanged
* between OpenVPN peers. On the other hand, before the control and data
* channels are even setup, it controls the exchange of certificates and
* verification of the remote's identity during negotiation of VPN
* tunnels.
*
* @par
* The former role is described below. The latter is described in the
* documentation for the \c verify_callback() function.
*
* @par
* In other words, this module takes care of the confidentiality and
* integrity of data channel communications, and the authentication of
* both the communicating parties and the control channel messages
* exchanged.
*
* @par Initialization and cleanup
* Because of the one-to-one relationship between control channel TLS
* state and \c key_state structures, the initialization and cleanup of an
* instance of the Control Channel TLS module's state happens within the
* \c key_state_init() and \c key_state_free() functions. In other words,
* each \c key_state object contains exactly one OpenSSL SSL-BIO object,
* which is initialized and cleaned up together with the rest of the \c
* key_state object.
*
* @par Packet processing functions
* This object behaves somewhat like a black box with a ciphertext and a
* plaintext I/O port. Its interaction with OpenVPN's control channel
* during operation takes place within the \c tls_process() function of
* the \link control_processor Control Channel Processor\endlink. The
* following functions are available for processing packets:
* - If ciphertext received from the remote peer is available in the \link
* reliable Reliability Layer\endlink:
* - Insert it into the ciphertext-side of the SSL-BIO.
* - Use function: \c key_state_write_ciphertext()
* - If ciphertext can be extracted from the ciphertext-side of the
* SSL-BIO:
* - Pass it to the \link reliable Reliability Layer\endlink for sending
* to the remote peer.
* - Use function: \c key_state_read_ciphertext()
* - If plaintext can be extracted from the plaintext-side of the SSL-BIO:
* - Pass it on to the \link control_processor Control Channel
* Processor\endlink for local processing.
* - Use function: \c key_state_read_plaintext()
* - If plaintext from the \link control_processor Control Channel
* Processor\endlink is available to be sent to the remote peer:
* - Insert it into the plaintext-side of the SSL-BIO.
* - Use function: \c key_state_write_plaintext() or \c
* key_state_write_plaintext_const()
*
* @par Transport Layer Security protocol implementation
* This module uses the OpenSSL library's implementation of the TLS
* protocol in the form of an OpenSSL SSL-BIO object.
*
* @par
* For more information on the OpenSSL library's BIO objects, please see:
* - OpenSSL's generic BIO objects:
* http://www.openssl.org/docs/crypto/bio.html
* - OpenSSL's SSL-BIO object:
* http://www.openssl.org/docs/crypto/BIO_f_ssl.html
*/
/*
* OpenVPN -- An application to securely tunnel IP networks
* over a single TCP/UDP port, with support for SSL/TLS-based
* session authentication and key exchange,
* packet encryption, packet authentication, and
* packet compression.
*
* Copyright (C) 2010-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
*
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
/**
* @file
* Data Channel Control module documentation file.
*/
/**
* @defgroup data_control Data Channel Control module
*
* This module controls the processing of packets as they pass through the
* data channel.
*
* The Data Channel Control module controls the processing of packets as
* they pass through the data channel. The processing includes packet
* compression, fragmentation, and the performing of security operations
* on the packets. This module does not do the processing itself, but
* passes the packet to other data channel modules to perform the
* appropriate actions.
*
* Packets can travel in two directions through the data channel. They
* can be going to a remote destination which is reachable through a VPN
* tunnel, in which case this module prepares them to be sent out through
* a VPN tunnel. On the other hand, they can have been received through a
* VPN tunnel from a remote OpenVPN peer, in which case this module
* retrieves the packet in its original form as it was before entering the
* VPN tunnel on the remote OpenVPN peer. How this module processes
* packets traveling in the two directions is discussed in more detail
* below.
*
* @par Packets to be sent to a remote OpenVPN peer
* This module's main function for processing packets traveling in this
* direction is \c encrypt_sign(), which performs the following processing
* steps:
* - Call the \link compression Data Channel Compression module\endlink to
* perform packet compression if necessary.
* - Call the \link fragmentation Data Channel Fragmentation
* module\endlink to perform packet fragmentation if necessary.
* - Call the \link data_crypto Data Channel Crypto module\endlink to
* perform the required security operations.
*
* @par
* See the \c encrypt_sign() documentation for details of these
* interactions.
*
* @par
* After the above processing is complete, the packet is ready to be sent
* to a remote OpenVPN peer as a VPN tunnel packet. The actual sending of
* the packet is handled by the \link external_multiplexer External
* Multiplexer\endlink.
*
* @par Packets received from a remote OpenVPN peer
* The function that controls how packets traveling in this direction are
* processed is \c process_incoming_link(). That function, however, also
* performs some of the tasks required for the \link external_multiplexer
* External Multiplexer\endlink and is therefore listed as part of that
* module, instead of here.
*
* @par
* After the \c process_incoming_link() function has determined that a
* received packet is a data channel packet, it performs the following
* processing steps:
* - Call the \link data_crypto Data Channel Crypto module\endlink to
* perform the required security operations.
* - Call the \link fragmentation Data Channel Fragmentation
* module\endlink to perform packet reassembly if necessary.
* - Call the \link compression Data Channel Compression module\endlink to
* perform packet decompression if necessary.
*
* @par
* See the \c process_incoming_link() documentation for details of these
* interactions.
*
* @par
* After the above processing is complete, the packet is in its original
* form again as it was received by the remote OpenVPN peer. It can now
* be routed further to its final destination. If that destination is a
* locally reachable host, then the \link internal_multiplexer Internal
* Multiplexer\endlink will send it there.
*/
/*
* OpenVPN -- An application to securely tunnel IP networks
* over a single TCP/UDP port, with support for SSL/TLS-based
* session authentication and key exchange,
* packet encryption, packet authentication, and
* packet compression.
*
* Copyright (C) 2010-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
*
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
/**
* @file
* Data Channel Crypto module documentation file.
*/
/**
* @addtogroup data_crypto Data Channel Crypto module
*
* The Data Channel Crypto Module performs cryptographic operations on
* data channel packets.
*
* @par Security parameters
* This module is merely the user of a VPN tunnel's security parameters.
* It does not perform the negotiation and setup of the security
* parameters, nor the %key generation involved. These actions are done
* by the \link control_processor Control Channel Processor\endlink. This
* module receives the appropriate security parameters from that module in
* the form of a \c crypto_options structure when they are necessary for
* processing a packet.
*
* @par Packet processing functions
* This module receives data channel packets from the \link data_control
* Data Channel Control module\endlink and processes them according to the
* security parameters of the packet's VPN tunnel. The \link data_control
* Data Channel Control module\endlink uses the following interface
* functions:
* - For packets which will be sent to a remote OpenVPN peer:
* - \c tls_pre_encrypt()
* - \c openvpn_encrypt()
* - \c tls_post_encrypt()
* - For packets which have been received from a remote OpenVPN peer:
* - \c tls_pre_decrypt() (documented as part of the \link
* external_multiplexer External Multiplexer\endlink)
* - \c openvpn_decrypt()
*
* @par Settings that control this module's activity
* How the data channel processes packets received from the \link data_control
* Data Channel Control module\endlink at runtime depends on the associated
* \c crypto_options structure. To perform cryptographic operations, the
* \c crypto_options.key_ctx_bi must contain the correct cipher and HMAC
* security parameters for the direction the packet is traveling in.
*
* @par Crypto algorithms
* This module uses the crypto algorithm implementations of the external
* crypto library (currently either OpenSSL (default), or mbed TLS).
*/
/*
* OpenVPN -- An application to securely tunnel IP networks
* over a single TCP/UDP port, with support for SSL/TLS-based
* session authentication and key exchange,
* packet encryption, packet authentication, and
* packet compression.
*
* Copyright (C) 2010-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
*
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
/**
* @file
* Main Event Loop module documentation file.
*/
/**
* @defgroup eventloop Main Event Loop module
*
* This main event loop module drives the packet processing of OpenVPN.
*
* OpenVPN is an event driven system. Its activities are driven by a main
* event loop, which repeatedly waits for one of several predefined events
* to occur, and then calls the appropriate module to handle the event.
* The major types of network events that OpenVPN processes are:
* - A packet can be read from the external network interface.
* - The main event loop activates the \link external_multiplexer
* External Multiplexer\endlink to read and process the packet.
* - A packet can be read from the virtual tun/tap network interface.
* - The main event loop activates the \link internal_multiplexer
* Internal Multiplexer\endlink to read and process the packet.
* - If a packet is ready to be sent out as a VPN tunnel packet: the
* external network interface can be written to.
* - The main event loop activates the \link external_multiplexer
* External Multiplexer\endlink to send the packet.
* - If a packet is ready to be sent to a locally reachable destination:
* the virtual tun/tap network interface can be written to.
* - The main event loop activates the \link internal_multiplexer
* Internal Multiplexer\endlink to send the packet.
*
* Beside these external events, OpenVPN also processes other types of
* internal events. These include scheduled events, such as resending of
* non-acknowledged control channel messages.
*
* @par Main event loop implementations
*
* Depending on the mode in which OpenVPN is running, a different main
* event loop function is called to drive the event processing. The
* following implementations are available:
* - Client mode using UDP or TCP: \c tunnel_point_to_point()
* - Server mode using UDP: \c tunnel_server_udp()
* - Server mode using TCP: \c tunnel_server_tcp()
*/
/*
* OpenVPN -- An application to securely tunnel IP networks
* over a single TCP/UDP port, with support for SSL/TLS-based
* session authentication and key exchange,
* packet encryption, packet authentication, and
* packet compression.
*
* Copyright (C) 2010-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
*
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
/**
* @file
* External Multiplexer module documentation file.
*/
/**
* @addtogroup external_multiplexer External Multiplexer module
*
* The External Multiplexer is the link between the external network
* interface and the other OpenVPN modules. It reads packets from the
* external network interface, determines which remote OpenVPN peer and
* VPN tunnel they are associated with, and whether they are data channel
* or control channel packets. It then passes the packets on to the
* appropriate processing module.
*
* This module also handles packets traveling in the reverse direction,
* which have been generated by the local control channel or which have
* already been processed by the \link data_control Data Channel Control
* module\endlink and are destined for a remote host reachable through a
* VPN tunnel.
*/
/*
* OpenVPN -- An application to securely tunnel IP networks
* over a single TCP/UDP port, with support for SSL/TLS-based
* session authentication and key exchange,
* packet encryption, packet authentication, and
* packet compression.
*
* Copyright (C) 2010-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
*
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
/**
* @file
* Data Channel Fragmentation module documentation file.
*/
/**
* @defgroup fragmentation Data Channel Fragmentation module
*
* The Data Channel Fragmentation module offers fragmentation of data
* channel packets.
*
* @par State structures
* The Data Channel Fragmentation module stores its internal state in a \c
* fragment_master structure. One such structure is present for each VPN
* tunnel, and is stored in \c context.c2.fragment of the \c context
* associated with that VPN tunnel.
*
* @par
* The \c fragment_master structure contains one \c fragment_list
* structure \c fragment_master.incoming. This is a list of \c fragment
* structures, each of which can store the parts of one fragmented packet
* while it is being reassembled. The \c fragment_master structure also
* contains one \c buffer called \c fragment_master.outgoing, in which a
* data channel large packet to be sent to a remote OpenVPN peer can be
* broken up into parts to be sent one by one.
*
* @par Initialization and cleanup
* Every time a new \c fragment_master is needed, it must be allocated and
* initialized by the \c fragment_init() function. Similarly, every time
* a \c fragment_master is no longer needed, it must be cleaned up using
* the \c fragment_free() function. These functions take care of the
* allocation and freeing of the \c fragment_master structure itself and
* all internal memory required for the use of that structure. Note that
* this behavior is different from that displayed by the \link compression
* Data Channel Compression module\endlink.
*
* @par
* Because of the one-to-one relationship between \c fragment_master
* structures and VPN tunnels, the above-mentioned initialization and
* cleanup functions are called directly from the \c init_instance() and
* \c close_instance() functions, which control the initialization and
* cleanup of VPN tunnel instances and their associated \c context
* structures.
*
* @par Packet processing functions
* This module receives data channel packets from the \link data_control
* Data Channel Control module\endlink and processes them according to the
* settings of the packet's VPN tunnel. The \link data_control Data
* Channel Control module\endlink uses the following interface functions:
* - For packets which will be sent to a remote OpenVPN peer: \c
* fragment_outgoing() \n This function inspects data channel packets as
* they are being made ready to be sent as VPN tunnel packets to a
* remote OpenVPN peer. If a packet's size is larger than its
* destination VPN tunnel's maximum transmission unit (MTU), then this
* module breaks that packet up into smaller parts, each of which is
* smaller than or equal to the VPN tunnel's MTU. See \c
* fragment_outgoing() for details.
* - For packets which have been received from a remote OpenVPN peer: \c
* fragment_incoming() \n This function inspects data channel packets
* that have been received from a remote OpenVPN peer through a VPN
* tunnel. It reads the fragmentation header of the packet, and
* depending on its value performs the appropriate action. See \c
* fragment_incoming() for details.
*
* @par Settings that control this module's activity
* Whether the Data Channel Fragmentation module is active or not depends
* on the compile-time \c ENABLE_FRAGMENT preprocessor macro and the
* runtime flag \c options.fragment, which gets its value from the
* process's configuration sources, such as the configuration file and
* commandline %options.
*/
...@@ -5,7 +5,8 @@ ...@@ -5,7 +5,8 @@
* packet encryption, packet authentication, and * packet encryption, packet authentication, and
* packet compression. * packet compression.
* *
* Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net> * Copyright (C) 2010-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
*
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 * it under the terms of the GNU General Public License version 2
...@@ -21,44 +22,22 @@ ...@@ -21,44 +22,22 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/ */
#ifndef PING_INLINE_H /**
#define PING_INLINE_H * @file
* Internal Multiplexer module documentation file.
/*
* Should we exit or restart due to ping (or other authenticated packet)
* not received in n seconds?
*/ */
static inline void
check_ping_restart(struct context *c)
{
void check_ping_restart_dowork(struct context *c);
if (c->options.ping_rec_timeout /**
&& event_timeout_trigger(&c->c2.ping_rec_interval, * @addtogroup internal_multiplexer Internal Multiplexer module
&c->c2.timeval, *
(!c->options.ping_timer_remote * The Internal Multiplexer is the link between the virtual tun/tap
|| link_socket_actual_defined(&c->c1.link_socket_addr.actual)) * network interface and the \link data_control Data Channel Control
? ETT_DEFAULT : 15)) * module\endlink. It reads packets from the virtual network interface,
{ * determines for which remote OpenVPN peer they are destined, and then
check_ping_restart_dowork(c); * passes the packets on to the Data Channel Control module together with
} * information about their destination VPN tunnel instance.
} *
* This module also handles packets traveling in the reverse direction,
/* * which have already been processed by the Data Channel Control module
* Should we ping the remote? * and are destined for a locally reachable host.
*/ */
static inline void
check_ping_send(struct context *c)
{
void check_ping_send_dowork(struct context *c);
if (c->options.ping_send_timeout
&& event_timeout_trigger(&c->c2.ping_send_interval,
&c->c2.timeval,
!TO_LINK_DEF(c) ? ETT_DEFAULT : 1))
{
check_ping_send_dowork(c);
}
}
#endif /* ifndef PING_INLINE_H */
/*
* OpenVPN -- An application to securely tunnel IP networks
* over a single TCP/UDP port, with support for SSL/TLS-based
* session authentication and key exchange,
* packet encryption, packet authentication, and
* packet compression.
*
* Copyright (C) 2010-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
*
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
/**
* @file
* Key generation documentation file.
*/
/**
* @page key_generation Data channel %key generation
*
* This section describes how OpenVPN peers generate and exchange %key
* material necessary for the security operations performed on data
* channel packets.
*
* The %key generation and exchange process between OpenVPN client and
* server occurs every time data channel security parameters are
* negotiated, for example during the initial setup of a VPN tunnel or
* when the active security parameters expire. In source code terms, this
* is when a new key_state structure is initialized.
*
* @section key_generation_method Key methods
*
* OpenVPN supports two different ways of generating and exchanging %key
* material between client and server. These are known as %key method 1
* and %key method 2. %Key method 2 is the recommended method. Both are
* explained below.
*
* @subsection key_generation_method_1 Key method 1
*
* -# Each host generates its own random material.
* -# Each host uses its locally generated random material as %key data
* for encrypting and signing packets sent to the remote peer.
* -# Each host then sends its random material to the remote peer, so that
* the remote peer can use that %key data for authenticating and
* decrypting received packets.
*
* @subsection key_generation_method_2 Key method 2
*
* There are two methods for generating key data when using key method 2
* the first is OpenVPN's traditional approach that exchanges random
* data and uses a PRF and the other is using the RFC5705 keying material
* exporter to generate the key material. For both methods the random
* data is exchange but only used in the traditional method.
*
* -# The client generates random material in the following amounts:
* - Pre-master secret: 48 bytes
* - Client's PRF seed for master secret: 32 bytes
* - Client's PRF seed for %key expansion: 32 bytes
* -# The client sends its share of random material to the server.
* -# The server generates random material in the following amounts:
* - Server's PRF seed for master secret: 32 bytes
* - Server's PRF seed for %key expansion: 32 bytes
* -# The server computes the %key expansion using its own and the
* client's random material.
* -# The server sends its share of random material to the client.
* -# The client computes the %key expansion using its own and the
* server's random material.
*
* %Key method 2 %key expansion is performed by the \c
* generate_key_expansion_openvpn_prf() function. Please refer to its source
* code for details of the %key expansion process.
*
* When the client sends the IV_PROTO_TLS_KEY_EXPORT flag and the server replies
* with `key-derivation tls-ekm` the RFC5705 key material exporter with the
* label EXPORTER-OpenVPN-datakeys is used for the key data.
*
* @subsection key_generation_random Source of random material
*
* OpenVPN uses the either the OpenSSL library or the mbed TLS library as its
* source of random material.
*
* In OpenSSL, the \c RAND_bytes() function is called
* to supply cryptographically strong pseudo-random data. The following links
* contain more information on this subject:
* - For OpenSSL's \c RAND_bytes() function:
* http://www.openssl.org/docs/crypto/RAND_bytes.html
* - For OpenSSL's pseudo-random number generating system:
* http://www.openssl.org/docs/crypto/rand.html
* - For OpenSSL's support for external crypto modules:
* http://www.openssl.org/docs/crypto/engine.html
*
* In mbed TLS, the Havege random number generator is used. For details, see
* the mbed TLS documentation.
*
* @section key_generation_exchange Key exchange:
*
* The %key exchange process is initiated by the OpenVPN process running
* in client mode. After the initial three-way handshake has successfully
* completed, the client sends its share of random material to the server,
* after which the server responds with its part. This process is
* depicted below:
*
@verbatim
Client Client Server Server
State Action Action State
---------- -------------------- -------------------- ----------
... waiting until three-way handshake complete ...
S_START S_START
key_method_?_write()
send to server --> --> --> --> receive from client
S_SENT_KEY key_method_?_read()
S_GOT_KEY
key_method_?_write()
receive from server <-- <-- <-- <-- send to client
key_method_?_read() S_SENT_KEY
S_GOT_KEY
... waiting until control channel fully synchronized ...
S_ACTIVE S_ACTIVE
@endverbatim
*
* For more information about the client and server state values, see the
* \link control_processor Control Channel Processor module\endlink.
*
* Depending on which %key method is used, the \c ? in the function names
* of the diagram above is a \c 1 or a \c 2. For example, if %key method
* 2 is used, that %key exchange would be started by the client calling \c
* key_method_2_write(). These functions are called from the \link
* control_processor Control Channel Processor module's\endlink \c
* tls_process() function and control the %key generation and exchange
* process as follows:
* - %Key method 1 has been removed in OpenVPN 2.5
* - %Key method 2:
* - \c key_method_2_write(): generate random material locally, and if
* in server mode generate %key expansion.
* - \c key_method_2_read(): read random material received from remote
* peer, and if in client mode generate %key expansion.
*
* @subsection key_generation_encapsulation Transmission of key material
*
* The OpenVPN client and server communicate with each other through their
* control channel. This means that all of the data transmitted over the
* network, such as random material for %key generation, is encapsulated
* in a TLS layer. For more details, see the \link control_tls Control
* Channel TLS module\endlink documentation.
*/