Browse code
Renamed sample-keys/tmp-ca.crt to ca.crt. Fixed bug where remove_iroutes_from_push_route_list was missing routes if those routes had an implied netmask (by omission) of 255.255.255.255.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@587 e7ae566f-a301-0410-adde-c780ea21d3b5
james authored on 2005/10/01 20:10:12Showing 9 changed files
- openvpn.8
- push.c
- sample-config-files/loopback-client
- sample-config-files/loopback-server
- sample-keys/README
- sample-keys/ca.crt
- sample-keys/ca.key
- sample-keys/tmp-ca.crt
- sample-keys/tmp-ca.key
| ... | ... |
@@ -3363,15 +3363,15 @@ certificate. This file can have multiple |
| 3363 | 3363 |
certificates in .pem format, concatenated together. You can construct your own |
| 3364 | 3364 |
certificate authority certificate and private key by using a command such as: |
| 3365 | 3365 |
|
| 3366 |
-.B openssl req -nodes -new -x509 -keyout tmp-ca.key -out tmp-ca.crt |
|
| 3366 |
+.B openssl req -nodes -new -x509 -keyout ca.key -out ca.crt |
|
| 3367 | 3367 |
|
| 3368 | 3368 |
Then edit your openssl.cnf file and edit the |
| 3369 | 3369 |
.B certificate |
| 3370 | 3370 |
variable to point to your new root certificate |
| 3371 |
-.B tmp-ca.crt. |
|
| 3371 |
+.B ca.crt. |
|
| 3372 | 3372 |
|
| 3373 | 3373 |
For testing purposes only, the OpenVPN distribution includes a sample |
| 3374 |
-CA certificate (tmp-ca.crt). |
|
| 3374 |
+CA certificate (ca.crt). |
|
| 3375 | 3375 |
Of course you should never use |
| 3376 | 3376 |
the test certificates and test keys distributed with OpenVPN in a |
| 3377 | 3377 |
production environment, since by virtue of the fact that |
| ... | ... |
@@ -5001,9 +5001,9 @@ Diffie Hellman parameters (see above where |
| 5001 | 5001 |
.B --dh |
| 5002 | 5002 |
is discussed for more info). You can also use the |
| 5003 | 5003 |
included test files client.crt, client.key, |
| 5004 |
-server.crt, server.key and tmp-ca.crt. |
|
| 5004 |
+server.crt, server.key and ca.crt. |
|
| 5005 | 5005 |
The .crt files are certificates/public-keys, the .key |
| 5006 |
-files are private keys, and tmp-ca.crt is a certification |
|
| 5006 |
+files are private keys, and ca.crt is a certification |
|
| 5007 | 5007 |
authority who has signed both |
| 5008 | 5008 |
client.crt and server.crt. For Diffie Hellman |
| 5009 | 5009 |
parameters you can use the included file dh1024.pem. |
| ... | ... |
@@ -5011,11 +5011,11 @@ parameters you can use the included file dh1024.pem. |
| 5011 | 5011 |
.LP |
| 5012 | 5012 |
On may: |
| 5013 | 5013 |
.IP |
| 5014 |
-.B openvpn --remote june.kg --dev tun1 --ifconfig 10.4.0.1 10.4.0.2 --tls-client --ca tmp-ca.crt --cert client.crt --key client.key --reneg-sec 60 --verb 5 |
|
| 5014 |
+.B openvpn --remote june.kg --dev tun1 --ifconfig 10.4.0.1 10.4.0.2 --tls-client --ca ca.crt --cert client.crt --key client.key --reneg-sec 60 --verb 5 |
|
| 5015 | 5015 |
.LP |
| 5016 | 5016 |
On june: |
| 5017 | 5017 |
.IP |
| 5018 |
-.B openvpn --remote may.kg --dev tun1 --ifconfig 10.4.0.2 10.4.0.1 --tls-server --dh dh1024.pem --ca tmp-ca.crt --cert server.crt --key server.key --reneg-sec 60 --verb 5 |
|
| 5018 |
+.B openvpn --remote may.kg --dev tun1 --ifconfig 10.4.0.2 10.4.0.1 --tls-server --dh dh1024.pem --ca ca.crt --cert server.crt --key server.key --reneg-sec 60 --verb 5 |
|
| 5019 | 5019 |
.LP |
| 5020 | 5020 |
Now verify the tunnel is working by pinging across the tunnel. |
| 5021 | 5021 |
.LP |
| ... | ... |
@@ -273,12 +273,12 @@ remove_iroutes_from_push_route_list (struct options *o) |
| 273 | 273 |
if (parse_line (line, p, SIZE (p), "[PUSH_ROUTE_REMOVE]", 1, D_ROUTE_DEBUG, &gc)) |
| 274 | 274 |
{
|
| 275 | 275 |
/* is the push item a route directive? */ |
| 276 |
- if (p[0] && p[1] && p[2] && !strcmp (p[0], "route")) |
|
| 276 |
+ if (p[0] && !strcmp (p[0], "route") && !p[3]) |
|
| 277 | 277 |
{
|
| 278 | 278 |
/* get route parameters */ |
| 279 | 279 |
bool status1, status2; |
| 280 | 280 |
const in_addr_t network = getaddr (GETADDR_HOST_ORDER, p[1], 0, &status1, NULL); |
| 281 |
- const in_addr_t netmask = getaddr (GETADDR_HOST_ORDER, p[2], 0, &status2, NULL); |
|
| 281 |
+ const in_addr_t netmask = getaddr (GETADDR_HOST_ORDER, p[2] ? p[2] : "255.255.255.255", 0, &status2, NULL); |
|
| 282 | 282 |
|
| 283 | 283 |
/* did route parameters parse correctly? */ |
| 284 | 284 |
if (status1 && status2) |
| ... | ... |
@@ -288,7 +288,7 @@ remove_iroutes_from_push_route_list (struct options *o) |
| 288 | 288 |
/* does route match an iroute? */ |
| 289 | 289 |
for (ir = o->iroutes; ir != NULL; ir = ir->next) |
| 290 | 290 |
{
|
| 291 |
- if (network == ir->network && netmask == netbits_to_netmask (ir->netbits)) |
|
| 291 |
+ if (network == ir->network && netmask == netbits_to_netmask (ir->netbits >= 0 ? ir->netbits : 32)) |
|
| 292 | 292 |
{
|
| 293 | 293 |
copy = false; |
| 294 | 294 |
break; |
| ... | ... |
@@ -7,7 +7,7 @@ NOTE: THESE KEYS ARE FOR TESTING PURPOSES ONLY. |
| 7 | 7 |
DON'T USE THEM FOR ANY REAL WORK BECAUSE |
| 8 | 8 |
THEY ARE TOTALLY INSECURE! |
| 9 | 9 |
|
| 10 |
-tmp-ca.{crt,key} -- sample CA key/cert
|
|
| 10 |
+ca.{crt,key} -- sample CA key/cert
|
|
| 11 | 11 |
client.{crt,key} -- sample client key/cert
|
| 12 | 12 |
server.{crt,key} -- sample server key/cert (nsCertType=server)
|
| 13 | 13 |
pass.{crt,key} -- sample client key/cert with password-encrypted key
|
| 14 | 14 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,19 @@ |
| 0 |
+-----BEGIN CERTIFICATE----- |
|
| 1 |
+MIIDBjCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQQFADBmMQswCQYDVQQGEwJLRzEL |
|
| 2 |
+MAkGA1UECBMCTkExEDAOBgNVBAcTB0JJU0hLRUsxFTATBgNVBAoTDE9wZW5WUE4t |
|
| 3 |
+VEVTVDEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTA0MTEy |
|
| 4 |
+NTE0NDA1NVoXDTE0MTEyMzE0NDA1NVowZjELMAkGA1UEBhMCS0cxCzAJBgNVBAgT |
|
| 5 |
+Ak5BMRAwDgYDVQQHEwdCSVNIS0VLMRUwEwYDVQQKEwxPcGVuVlBOLVRFU1QxITAf |
|
| 6 |
+BgkqhkiG9w0BCQEWEm1lQG15aG9zdC5teWRvbWFpbjCBnzANBgkqhkiG9w0BAQEF |
|
| 7 |
+AAOBjQAwgYkCgYEAqPjWJnesPu6bR/iec4FMz3opVaPdBHxg+ORKNmrnVZPh0t8/ |
|
| 8 |
+ZT34KXkYoI9B82scurp8UlZVXG8JdUsz+yai8ti9+g7vcuyKUtcCIjn0HLgmdPu5 |
|
| 9 |
+gFX25lB0pXw+XIU031dOfPvtROdG5YZN5yCErgCy7TE7zntLnkEDuRmyU6cCAwEA |
|
| 10 |
+AaOBwzCBwDAdBgNVHQ4EFgQUiaZg47rqPq/8ZH9MvYzSSI3gzEYwgZAGA1UdIwSB |
|
| 11 |
+iDCBhYAUiaZg47rqPq/8ZH9MvYzSSI3gzEahaqRoMGYxCzAJBgNVBAYTAktHMQsw |
|
| 12 |
+CQYDVQQIEwJOQTEQMA4GA1UEBxMHQklTSEtFSzEVMBMGA1UEChMMT3BlblZQTi1U |
|
| 13 |
+RVNUMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW6CAQAwDAYDVR0T |
|
| 14 |
+BAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBfJoiWYrYdjM0mKPEzUQk0nLYTovBP |
|
| 15 |
+I0es/2rfGrin1zbcFY+4dhVBd1E/StebnG+CP8r7QeEIwu7x8gYDdOLLsZn+2vBL |
|
| 16 |
+e4jNU1ClI6Q0L7jrzhhunQ5mAaZztVyYwFB15odYcdN2iO0tP7jtEsvrRqxICNy3 |
|
| 17 |
+8itzViPTf5W4sA== |
|
| 18 |
+-----END CERTIFICATE----- |
| 0 | 19 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,15 @@ |
| 0 |
+-----BEGIN RSA PRIVATE KEY----- |
|
| 1 |
+MIICXQIBAAKBgQCo+NYmd6w+7ptH+J5zgUzPeilVo90EfGD45Eo2audVk+HS3z9l |
|
| 2 |
+PfgpeRigj0Hzaxy6unxSVlVcbwl1SzP7JqLy2L36Du9y7IpS1wIiOfQcuCZ0+7mA |
|
| 3 |
+VfbmUHSlfD5chTTfV058++1E50blhk3nIISuALLtMTvOe0ueQQO5GbJTpwIDAQAB |
|
| 4 |
+AoGAQuVREyWp4bhhbZr2UFBOco2ws6EOLWp4kdD/uI+WSoEjlHKiDJj+GJ1CrL5K |
|
| 5 |
+o+4yD5MpCQf4/4FOQ0ukprfjJpDwDinTG6vzuWSLTHNiTgvksW3vy7IsNMJx97hT |
|
| 6 |
+4D2QOOl9HhA50Qqg70teMPYXOgLRMVsdCIV7p7zDNy4nM+ECQQDX8m5ZcQmPtUDA |
|
| 7 |
+38dPTfpL4U7kMB94FItJYH/Lk5kMW1/J33xymNhL+BHaG064ol9n2ubGW4XEO5t2 |
|
| 8 |
+qE1IOsVpAkEAyE/x/OBVSI1s75aYGlEwMd87p3qaDdtXT7WzujjRY7r8Y1ynkMU6 |
|
| 9 |
+GtMeneBX/lk4BY/6I+5bhAzce+hqhaXejwJBAL5Wg+c4GApf41xdogqHm7doNyYw |
|
| 10 |
+OHyZ9w9NDDc+uGbI30xLPSCxEe0cEXgiG6foDpm2uzRZFTWaqHPU8pFYpAkCQGNX |
|
| 11 |
+cpWM0/7VVK9Fqk1y8knpgfY/UWOJ4jU/0dCLGR0ywLSuYNPlXDmtdkOp3TnhGW14 |
|
| 12 |
+x/9F2NEWZ8pzq1B4wHUCQQC5ztD4m/rpiIpinoewUJODoeBJXYBKqx1+mdrALCq6 |
|
| 13 |
+ESvK1WRiusMaY3xmsdv4J2TB5iUPryELbn3jU12WGcQc |
|
| 14 |
+-----END RSA PRIVATE KEY----- |
| 0 | 15 |
deleted file mode 100644 |
| ... | ... |
@@ -1,19 +0,0 @@ |
| 1 |
-MIIDBjCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQQFADBmMQswCQYDVQQGEwJLRzEL |
|
| 2 |
-MAkGA1UECBMCTkExEDAOBgNVBAcTB0JJU0hLRUsxFTATBgNVBAoTDE9wZW5WUE4t |
|
| 3 |
-VEVTVDEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTA0MTEy |
|
| 4 |
-NTE0NDA1NVoXDTE0MTEyMzE0NDA1NVowZjELMAkGA1UEBhMCS0cxCzAJBgNVBAgT |
|
| 5 |
-Ak5BMRAwDgYDVQQHEwdCSVNIS0VLMRUwEwYDVQQKEwxPcGVuVlBOLVRFU1QxITAf |
|
| 6 |
-BgkqhkiG9w0BCQEWEm1lQG15aG9zdC5teWRvbWFpbjCBnzANBgkqhkiG9w0BAQEF |
|
| 7 |
-AAOBjQAwgYkCgYEAqPjWJnesPu6bR/iec4FMz3opVaPdBHxg+ORKNmrnVZPh0t8/ |
|
| 8 |
-ZT34KXkYoI9B82scurp8UlZVXG8JdUsz+yai8ti9+g7vcuyKUtcCIjn0HLgmdPu5 |
|
| 9 |
-gFX25lB0pXw+XIU031dOfPvtROdG5YZN5yCErgCy7TE7zntLnkEDuRmyU6cCAwEA |
|
| 10 |
-AaOBwzCBwDAdBgNVHQ4EFgQUiaZg47rqPq/8ZH9MvYzSSI3gzEYwgZAGA1UdIwSB |
|
| 11 |
-iDCBhYAUiaZg47rqPq/8ZH9MvYzSSI3gzEahaqRoMGYxCzAJBgNVBAYTAktHMQsw |
|
| 12 |
-CQYDVQQIEwJOQTEQMA4GA1UEBxMHQklTSEtFSzEVMBMGA1UEChMMT3BlblZQTi1U |
|
| 13 |
-RVNUMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW6CAQAwDAYDVR0T |
|
| 14 |
-BAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBfJoiWYrYdjM0mKPEzUQk0nLYTovBP |
|
| 15 |
-I0es/2rfGrin1zbcFY+4dhVBd1E/StebnG+CP8r7QeEIwu7x8gYDdOLLsZn+2vBL |
|
| 16 |
-e4jNU1ClI6Q0L7jrzhhunQ5mAaZztVyYwFB15odYcdN2iO0tP7jtEsvrRqxICNy3 |
|
| 17 |
-8itzViPTf5W4sA== |
| 18 | 1 |
deleted file mode 100644 |
| ... | ... |
@@ -1,15 +0,0 @@ |
| 1 |
-MIICXQIBAAKBgQCo+NYmd6w+7ptH+J5zgUzPeilVo90EfGD45Eo2audVk+HS3z9l |
|
| 2 |
-PfgpeRigj0Hzaxy6unxSVlVcbwl1SzP7JqLy2L36Du9y7IpS1wIiOfQcuCZ0+7mA |
|
| 3 |
-VfbmUHSlfD5chTTfV058++1E50blhk3nIISuALLtMTvOe0ueQQO5GbJTpwIDAQAB |
|
| 4 |
-AoGAQuVREyWp4bhhbZr2UFBOco2ws6EOLWp4kdD/uI+WSoEjlHKiDJj+GJ1CrL5K |
|
| 5 |
-o+4yD5MpCQf4/4FOQ0ukprfjJpDwDinTG6vzuWSLTHNiTgvksW3vy7IsNMJx97hT |
|
| 6 |
-4D2QOOl9HhA50Qqg70teMPYXOgLRMVsdCIV7p7zDNy4nM+ECQQDX8m5ZcQmPtUDA |
|
| 7 |
-38dPTfpL4U7kMB94FItJYH/Lk5kMW1/J33xymNhL+BHaG064ol9n2ubGW4XEO5t2 |
|
| 8 |
-qE1IOsVpAkEAyE/x/OBVSI1s75aYGlEwMd87p3qaDdtXT7WzujjRY7r8Y1ynkMU6 |
|
| 9 |
-GtMeneBX/lk4BY/6I+5bhAzce+hqhaXejwJBAL5Wg+c4GApf41xdogqHm7doNyYw |
|
| 10 |
-OHyZ9w9NDDc+uGbI30xLPSCxEe0cEXgiG6foDpm2uzRZFTWaqHPU8pFYpAkCQGNX |
|
| 11 |
-cpWM0/7VVK9Fqk1y8knpgfY/UWOJ4jU/0dCLGR0ywLSuYNPlXDmtdkOp3TnhGW14 |
|
| 12 |
-x/9F2NEWZ8pzq1B4wHUCQQC5ztD4m/rpiIpinoewUJODoeBJXYBKqx1+mdrALCq6 |
|
| 13 |
-ESvK1WRiusMaY3xmsdv4J2TB5iUPryELbn3jU12WGcQc |