debian/0000755000000000000000000000000012144766360007177 5ustar debian/control0000644000000000000000000000221712144766007010602 0ustar Source: vtun Section: net Priority: optional Maintainer: Roland Stigge Build-Depends: debhelper (>= 9), autotools-dev, liblzo2-dev, zlib1g-dev, libssl-dev, bison, flex Standards-Version: 3.9.4 Homepage: http://vtun.sourceforge.net/ Package: vtun Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, udev [linux-any] | makedev [linux-any] Description: virtual tunnel over TCP/IP networks VTun is the easiest way to create virtual tunnels over TCP/IP networks with traffic shaping and compression. . It supports IP, PPP, SLIP, Ethernet and other tunnel types. . VTun is easily and highly configurable, it can be used for various network tasks. . VTun requires the universal TUN/TAP kernel module which can be found at http://vtun.sourceforge.net/tun/index.html or in the 2.4 and newer Linux kernels. . Note: This program includes an "encryption" feature intended to protect the tunneled data as it travels across the network. However, the protocol it uses is known to be very insecure, and you should not rely on it to deter anyone but a casual eavesdropper. See the included README.Encryption file for more information. debian/changelog0000644000000000000000000003133512144766360011056 0ustar vtun (3.0.3-2) unstable; urgency=low * debian/control: - Standards-Version: 3.9.4 - Build-Depends: debhelper (>= 9) * debian/compat: 9 * debian/rules: dh_prep instead of dh_clean -k for debhelper >= 7 -- Roland Stigge Wed, 15 May 2013 22:10:39 +0200 vtun (3.0.3-1) experimental; urgency=low * New upstream release * New maintainer (Closes: #677006) * Removed patch 07-64bits-segfault.patch (included upstream) * debian/control: - Standards-Version: 3.9.3 - Depend on udev | makedev only on [linux-any] (Closes: #666511) Thanks to Robert Millan * debian/source/format: 1.0 -> 3.0 (quilt) * Added IPv6 support patch, thanks to Mats Erik Andersson (Closes: #292582) -- Roland Stigge Sun, 07 Oct 2012 13:26:16 +0200 vtun (3.0.2-4) unstable; urgency=high * Check MAKEDEV existence before invoking it; also, avoid aborting even if MAKEDEV fails. Code snippet took from mdadm scripts. Closes: #595931. * debian/source/format: created for compatibility. * debian/control: bumped Standards-Version with no changes. -- Martín Ferrari Mon, 27 Sep 2010 04:42:18 +0200 vtun (3.0.2-3) unstable; urgency=low * Stop installing deprecated modutils conffile. (Closes: #518314). * Acknowledging NMU. Thanks Gregor. * debian/rules: update config.{sub,guess} before each build, closes: #535720. * debian/patches: added 07-64bits-segfault.patch, closes: #477707. * debian/init.d, debian/rules: support for tmpfs in /var, thanks to Stefano Rivera. Closes: #587342. * debian/copyright: add exception note for OpenSSL, thanks to Stefano too. * debian/control: add ${misc:Depends}; bump Standards-Version with no changes. * debian/init.d: remove run-level 1 from Default-Stop; sendsigs will take care. * debian/postinst: try to detect udev before calling makedev; remove the devfs check. * debian/control: add dependency on udev or makedev. * debian/init.d: add status command, thanks to Stefano Rivera. -- Martín Ferrari Tue, 29 Jun 2010 06:25:15 +0200 vtun (3.0.2-2.1) unstable; urgency=low * Non-maintainer upload. * Fix "vtun is broken on 'testing' when IPv6 is configured": apply patch by Mats Erik Andersson as debian/patches/06-ipv6.patch (closes: #581552). -- gregor herrmann Sun, 13 Jun 2010 17:30:52 +0200 vtun (3.0.2-2) unstable; urgency=low * Acknowledging NMU. Thanks Aurélien. * Fix duplicate NEWS file (Closes: #501442). * debian/control: bumped Standards-Version, removed unused debconf dependency. * debian/README.source: added to comply with 3.8.0 S-V. * debian/copyright: s/(C)/©/. -- Martín Ferrari Mon, 16 Feb 2009 14:50:37 -0200 vtun (3.0.2-1.1) unstable; urgency=high * Non-maintainer upload. * Fix openpty() wrong usage. (Closes: #499036) -- Aurélien GÉRÔME Tue, 13 Jan 2009 19:32:10 +0100 vtun (3.0.2-1) unstable; urgency=low * New upstream release, fixes incompatibilities with older clients. * debian/patches/05-cfgfile-bug.dpatch: removed as it was included in upstream release. * debian/patches/05-unix98pty.dpatch: added patch to support newer unix98 interface (Closes: #451931). * debian/control: - Bumped Standards-Version (no changes needed). - Added DM-Upload-Allowed and Vcs-Browser fields. - Minor description improvements (capitalisation). - Removed DMUA flag. Updated email address * debian/rules: - Fix debian-rules-ignores-make-clean-error. * debian/init.d: finally make it LSB compliant, thanks Petter for the fix (NMU'ed) (Closes: #464069). Also add dependency on $network, and avoid stopping during reboot/shutdown for faster processing. * debian/{patches,rules,control}: converted from dpatch to quilt, refreshed all patches. -- Martín Ferrari Tue, 22 Jul 2008 20:38:49 -0300 vtun (3.0.1-2.1) unstable; urgency=low * Non-maintainer upload to solve release goal. * Add LSB dependency header to init.d scripts (Closes: #464069). -- Petter Reinholdtsen Mon, 31 Mar 2008 00:30:54 +0200 vtun (3.0.1-2) unstable; urgency=low * Fix message in init.d that points to uncompressed NEWS.Debian file. (Closes: #414502) * Moved homepage pseudo-field to new source field in debian/control. -- Martín Ferrari Wed, 17 Oct 2007 15:09:17 -0300 vtun (3.0.1-1) unstable; urgency=low * New upstream release. * Switched to liblzo2 (Closes: #434941) -- Martín Ferrari Tue, 31 Jul 2007 20:29:59 +0100 vtun (3.0.0-1) unstable; urgency=low * New upstream version. * May not work with encrypted connections to 2.6 vtuns. See upstream bug #1685781. -- Martín Ferrari Fri, 15 Jun 2007 18:12:54 -0300 vtun (2.6-7) unstable; urgency=low * Corrected a bug in the maintainer scripts, which were preventing correct rc*.d links from being created, and daemon from starting on install/upgrade. (Closes: 409247) * Fixed start behaviour in init script, which caused it to fail when vtun was already running (and made upgrading fail, when the previous bug was fixed). * Moved notice about need to manually restart to a more sensible location. * Added script to remove configuration file in purge. -- Martín Ferrari Sat, 17 Feb 2007 20:18:36 -0300 vtun (2.6-6) unstable; urgency=low * Patch for correct declaration of types and functions (Closes: #400559). I had to replace getpt with posix_openpt, because for some obscure reason getpt was not being defined. Anyway, posix_openpt is the portable way of doing it. * Also added some minor fixes to shut up gcc. While doing that, a previously unknown bug showed up and was fixed. -- Martín Ferrari Wed, 29 Nov 2006 18:14:00 -0300 vtun (2.6-5) unstable; urgency=low * New maintainer. (Closes: #373134: ITA) * Acknowledge NMU. Thanks bubulle! * Re-packaged from scratch, with up-to-date autotools, current DH version and Standards-Version, and removing unneeded dependencies, solving some bugs in the way. (Closes: #344784) * Added conditional dependency on debconf-2.0. (Closes: #332139) * Added warnings about insecure encryption. (Closes: #319449) * New init.d uses /etc/default/vtun and can handle multiple clients and one server. (Closes: #262416) -- Martín Ferrari Fri, 24 Nov 2006 11:08:26 -0300 vtun (2.6-4.1) unstable; urgency=low * Non-maintainer upload to fix longstanding l10n issues * Remove the debconf templates that deals with upgrading from a pre-woody version. Closes: #388980, #276829, #318155, #330616, #337553 -- Christian Perrier Sun, 8 Oct 2006 11:32:34 +0200 vtun (2.6-4) unstable; urgency=low * Change package from non-US to main. Crypto in main has actually been acceptable for quite some time now, it seems. * Add the Japanese po-debconf template translation. Thanks, Hideki (Closes: #227423). * Give a mention to tun-source in README.Debian (Closes: #240428). * Only give mention that vtun needs to be restarted, don't actually restart it. Some working aroung debhelper was needed for this sort of thing (Closes: #203575). * Comment the examples in /etc/vtund.conf (Closes: #262418). * Change from deprecated dh_installmanpages to dh_installman. -- Morgon Kanter Fri, 1 Oct 2004 18:02:28 -0400 vtun (2.6-3) unstable; urgency=low * Updated policy to version 3.6.1, no change required. * Removed mentions of "encryption" from the description, added a README.Encryption file because of recent speculations (but no solid proof yet) about vtun's security (Closes: #212357). * Moved sslauth patch from cluster in the diff.gz to a dpatch file. * Added po-debconf to build-depends. * Changed "with permissions 644" to "default MAKEDEV permissions" in postinst because in the future they may not be 644. * Acknoledge NMU. (Closes: #198156, #208262, #202153) -- Morgon Kanter Fri, 26 Sep 2003 18:44:59 -0400 vtun (2.6-2.1) unstable; urgency=low * NMU * Added french debconf translation. Thanks, Michel Grentzinger. Closes: #198156 * Added dutch debconf translation. Thanks, Tim Vandermeersch. Closes: #208262 * Corrected README.Debian about mknod. Closes: #202153 -- Christian Perrier Mon, 8 Sep 2003 12:09:53 +0200 vtun (2.6-2) unstable; urgency=low * Patch so clients now write their PID file as well. (Closes: #197752, #197857) * Oops, it seems that I stuck the german debconf template in the wrong place. Thanks to Michel Grentzinger for the patch. (Closes: #197496) * Started using dpatch to handle patches between versions. -- Morgon Kanter Wed, 18 Jun 2003 01:22:35 -0400 vtun (2.6-1) unstable; urgency=low * New upstream release. (Closes: #187796) + tunnel.c fd leak fixed (Closes: #148770) + bugs in keeping tap interface up in persist mode fixed (Closes: #148807) * New maintainer (Closes: #194023) * Bumped standards version to 3.5.10 * New gettext-based debconf template translation used. Thanks for the patch, Andre. (Closes: #190083) * New Brazilian-Portugese debconf template translation (Thanks, Andre) * Added a German template (Closes: #138596) * Removed debian/copyright boilerplate left over from dh_make * Now just grab the newest config.{sub,guess} from autotools-dev instead of letting upstream provide them. * Added an autogen.sh script, and regenerated configure script so it would work with the new config.{guess,sub}. * We now use /dev/net/tun, not /dev/net/misc/tun. No idea why we didn't before, other than "devfs uses it". (Closes: #129968) * Can now connect an SSL client to a non-SSL server. Patch by Artur Czechowski. (Closes: #134271) -- Morgon Kanter Tue, 20 May 2002 17:33:21 -0400 vtun (2.5-4) unstable; urgency=low * Fix a broken vtun.config closes: #152689, #152927, 152589, #152886 * Remove unused files from package closes: #152690 -- Greg Olszewski Sun, 14 Jul 2002 18:07:38 -0700 vtun (2.5-3) unstable; urgency=low * Apply multiple link patches from Alexander Zangerl closes: #97780 * Fix debconf from repeating the upgrade messages closes: #137901 * Mention tun-source package in documentation closes: #145844 -- Greg Olszewski Tue, 9 Jul 2002 17:39:32 -0700 vtun (2.5-2) unstable; urgency=low * make /etc/vtund.conf 600 closes: #129967 * add creation of /dev/misc/net/tun for 2.4 kernels closes: #129968 -- Greg Olszewski Wed, 23 Jan 2002 00:28:33 -0800 vtun (2.5-1) unstable; urgency=low * New upstream version. closes: #102832, #92856, #108070, #109710, #113905 * added flex, bison to Build-Depends. closes: #100787 * added psmisc to depends. closes: #115059 * New maintainer -- Greg Olszewski Thu, 17 Jan 2002 16:16:29 -0800 vtun (2.4b1-3) unstable; urgency=low * these bugs were closed some time ago...closes: #80445, #77493, #81177, #81798 * no response from person who submitted bug. appears to be configuration error. closes: #69946 * fixed devfs support. closes: #86388 * CPU-eating bug with persists was fixed with 2.0b5. Closes: #58752 -- Craig Sanders Sat, 31 Mar 2001 12:54:34 +1000 vtun (2.4b1-2) unstable; urgency=low * added liblzo-dev, zlib1g-dev, libssl096-dev to Build-Depends * closes Bug#80445 -- Craig Sanders Mon, 25 Dec 2000 12:45:47 +1100 vtun (2.4b1-1) unstable; urgency=low * new upstream version * several fixes, adds support for tun driver in 2.4 series kernel -- Craig Sanders Sun, 24 Dec 2000 12:17:36 +1100 vtun (2.3-1) unstable; urgency=low * new upstream version * compiled against libssl-095a -- Craig Sanders Sat, 26 Aug 2000 08:41:41 +1000 vtun (2.1b3-1) unstable; urgency=low * new upstream version * rewrote init.d script and vtund-start script. Closes: #58449 * bug #36512 should have been closed ages ago. Closes: #36512 -- Craig Sanders Sat, 25 Mar 2000 16:20:56 +1100 vtun (1.3-1) unstable; urgency=low * new upstream version * architecture changed from i386 to any. Closes Bug#36512 -- Craig Sanders Mon, 26 Apr 1999 08:38:30 +1000 vtun (1.2-1) unstable; urgency=low * Initial Release. * created vtund-start perl script to make it easy to run vtund as as server or as a client. * cleaned up various compiler warnings by adding "#include " to cfg_file.l, client.c, lfd_encrypt.c, lib.c, linkfd.c, main.c, and server.c -- Craig Sanders Sat, 17 Apr 1999 08:22:39 +1000 debian/vtund-ipv6-client.conf0000644000000000000000000000144612034347054013342 0ustar # # Functionality verified by Mats Erik Andersson # for tunnels wrapping in IPv4 and in IPv6. # options { port 5000; syslog user; ifconfig /sbin/ifconfig; ip /sbin/ip; route /sbin/route; firewall /sbin/iptables; } default { compress no; encrypt no; speed 0; keepalive yes; stat yes; } big-buck-bunny { passwd blender; type tun; proto udp; compress yes; encrypt yes; up { ip "link set %d up multicast off mtu 1450"; ip "-4 addr add 10.3.0.2 peer 10.3.0.1 dev %d"; }; down { ip "link set %d down"; }; } big-buck-bunny-ipv6 { passwd blender; type tun; proto udp; compress yes; encrypt yes; up { ip "-6 link set %d up multicast off mtu 1450"; ip "-6 addr add fc00:170:0:6a::2/112 dev %d"; }; down { ip "-6 link set %d down"; }; } debian/watch0000644000000000000000000000016512034263330010215 0ustar version=3 http://sf.net/vtun/vtun-(.*)\.tar\.gz #http://downloads.sourceforge.net/vtun/ .*/vtun-(\d.*)\.tar\.gz\?.* debian/vtund-ipv6-server.conf0000644000000000000000000000144612034347054013372 0ustar # # Functionality verified by Mats Erik Andersson # for tunnels wrapping in IPv4 and in IPv6. # options { port 5000; syslog user; ifconfig /sbin/ifconfig; ip /sbin/ip; route /sbin/route; firewall /sbin/iptables; } default { compress no; encrypt no; speed 0; keepalive yes; stat yes; } big-buck-bunny { passwd blender; type tun; proto udp; compress yes; encrypt yes; up { ip "link set %d up multicast off mtu 1450"; ip "-4 addr add 10.3.0.1 peer 10.3.0.2 dev %d"; }; down { ip "link set %d down"; }; } big-buck-bunny-ipv6 { passwd blender; type tun; proto udp; compress yes; encrypt yes; up { ip "-6 link set %d up multicast off mtu 1450"; ip "-6 addr add fc00:170:0:6a::1/112 dev %d"; }; down { ip "-6 link set %d down"; }; } debian/rules0000755000000000000000000000544212144766327010267 0ustar #!/usr/bin/make -f # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 # These are used for cross-compiling and for saving the configure script # from having to guess our platform (since we know it already) DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) CFLAGS = -Wall -g ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) CFLAGS += -O0 else CFLAGS += -O2 endif ifeq ($(DEB_BUILD_GNU_TYPE), $(DEB_HOST_GNU_TYPE)) confflags += --build $(DEB_HOST_GNU_TYPE) else confflags += --build $(DEB_BUILD_GNU_TYPE) --host $(DEB_HOST_GNU_TYPE) endif config.status: $(QUILT_STAMPFN) configure dh_testdir [ -e orig_config ] || mkdir orig_config [ ! -f config.sub ] || mv config.sub orig_config [ ! -f config.guess ] || mv config.guess orig_config cp /usr/share/misc/config.sub /usr/share/misc/config.guess . # Add here commands to configure the package. ./configure $(confflags) --prefix=/usr \ --mandir=\$${prefix}/share/man \ --infodir=\$${prefix}/share/info \ --localstatedir=/var \ --sysconfdir=/etc \ --enable-lzo CFLAGS="$(CFLAGS)" LDFLAGS="-Wl,-z,defs" build: build-arch build-indep build-arch: build-stamp build-indep: build-stamp build-stamp: config.status dh_testdir $(MAKE) touch $@ clean: dh_testdir dh_testroot rm -f build-stamp [ ! -f Makefile ] || $(MAKE) distclean rm -rf $(CURDIR)/debian/tmp dh_clean if [ -d orig_config ]; then \ mv orig_config/config.sub orig_config/config.guess .; \ rmdir orig_config; \ fi install: build dh_testdir dh_testroot dh_prep dh_installdirs $(MAKE) DESTDIR=$(CURDIR)/debian/vtun install # Created in initscript: rm -rf $(CURDIR)/debian/vtun/var/lock $(CURDIR)/debian/vtun/var/run #install -m 755 vtund $(CURDIR)/debian/vtun/usr/sbin/ # Those are then installed by dh_installexamples mkdir $(CURDIR)/debian/tmp sed -n '/#.*CUT HERE.*Server config/,/#.*CUT HERE.*End/p' vtund.conf \ > $(CURDIR)/debian/tmp/vtund-server.conf sed -n '/#.*CUT HERE.*Client config/,/#.*CUT HERE.*End/p' vtund.conf \ > $(CURDIR)/debian/tmp/vtund-client.conf # Build architecture-independent files here. binary-indep: build install # We have nothing to do by default. # Build architecture-dependent files here. binary-arch: build install dh_testdir dh_testroot dh_installchangelogs ChangeLog dh_installdocs dh_installexamples dh_install dh_installlogrotate dh_installinit --no-start dh_installman dh_link dh_strip dh_compress dh_fixperms chmod 600 $(CURDIR)/debian/vtun/etc/vtund.conf install -m 644 debian/lintian_override \ $(CURDIR)/debian/vtun/usr/share/lintian/overrides/vtun dh_installdeb dh_shlibdeps dh_gencontrol dh_md5sums dh_builddeb binary: binary-indep binary-arch .PHONY: build clean binary-indep binary-arch binary install debian/patches/0000755000000000000000000000000012034353670010620 5ustar debian/patches/series0000644000000000000000000000026712034353357012044 0ustar 00-sslauth.patch 01-pidfile.patch 02-dumpfile.patch 03-signedness-warnings.patch 04-implicit-pointer-conversions.patch 05-unix98pty.patch 06-ipv6.patch 07-dual-family-transport.patch debian/patches/01-pidfile.patch0000644000000000000000000000553712034346470013505 0ustar 01-pidfile.patch by Morgon Kanter and Martín Ferrari http://sourceforge.net/support/tracker.php?aid=762822 This patch changes main.c so clients write their PID-file as well as servers. It also allows a tag to be added to the filename. Index: vtun-3.0.3/Makefile.in =================================================================== --- vtun-3.0.3.orig/Makefile.in 2012-10-07 20:42:53.313353837 +0200 +++ vtun-3.0.3/Makefile.in 2012-10-07 20:42:59.000000000 +0200 @@ -39,12 +39,12 @@ ETC_DIR = @sysconfdir@ VAR_DIR = @localstatedir@ -PID_FILE = ${VAR_DIR}/run/vtund.pid +PID_DIR = ${VAR_DIR}/run CFG_FILE = ${ETC_DIR}/vtund.conf STAT_DIR = ${VAR_DIR}/log/vtund LOCK_DIR = ${VAR_DIR}/lock/vtund -DEFS = -DVTUN_CONFIG_FILE=\"$(CFG_FILE)\" -DVTUN_PID_FILE=\"$(PID_FILE)\" \ +DEFS = -DVTUN_CONFIG_FILE=\"$(CFG_FILE)\" -DVTUN_PID_DIR=\"$(PID_DIR)\" \ -DVTUN_STAT_DIR=\"$(STAT_DIR)\" -DVTUN_LOCK_DIR=\"$(LOCK_DIR)\" OBJS = main.o cfg_file.tab.o cfg_file.lex.o server.o client.o lib.o \ Index: vtun-3.0.3/main.c =================================================================== --- vtun-3.0.3.orig/main.c 2012-10-07 20:42:59.000000000 +0200 +++ vtun-3.0.3/main.c 2012-10-07 20:42:59.000000000 +0200 @@ -43,7 +43,7 @@ struct vtun_opts vtun; struct vtun_host default_host; -void write_pid(void); +void write_pid(char *, char *); void reread_config(int sig); void usage(void); @@ -217,11 +217,12 @@ init_title(argc,argv,env,"vtund[s]: "); if( vtun.svr_type == VTUN_STAND_ALONE ) - write_pid(); + write_pid("server", NULL); server(sock); } else { init_title(argc,argv,env,"vtund[c]: "); + write_pid(host->host, vtun.svr_name); client(host); } @@ -232,15 +233,29 @@ /* * Very simple PID file creation function. Used by server. - * Overrides existing file. + * Overrides existing file. Optionally adds session name and host name to the + * pidfile name (this naming is very confusing, as the session is referred as + * host most of the time) */ -void write_pid(void) +void write_pid(char *session, char *host) { + char fn[1024]; FILE *f; - if( !(f=fopen(VTUN_PID_FILE,"w")) ){ - vtun_syslog(LOG_ERR,"Can't write PID file"); - return; + if(session != NULL && host != NULL) { + snprintf(fn, sizeof(fn), "%s/vtund.%s-%s.pid", VTUN_PID_DIR, session, + host); + } else if(session != NULL) { + snprintf(fn, sizeof(fn), "%s/vtund.%s.pid", VTUN_PID_DIR, session); + } else { + snprintf(fn, sizeof(fn), "%s/vtund.pid", VTUN_PID_DIR); + } + /* Make sure the PID file is not there before opening it for writing. */ + unlink(fn); + + if( !(f = fopen(fn, "w")) ) { + syslog(LOG_ERR, "Can't write PID file %s: %s", fn, strerror(errno)); + return; } fprintf(f,"%d",(int)getpid()); debian/patches/04-implicit-pointer-conversions.patch0000644000000000000000000000751312034343003017713 0ustar 04-implicit-pointer-conversions.dpatch by Martín Ferrari http://sourceforge.net/support/tracker.php?aid=1744571 Patch for correct declaration of types and functions. Missing includes, forward declarations and also I had to replace getpt with posix_openpt, because for some obscure reason it was not being defined. Anyway, posix_openpt is the portable way of doing it. @DPATCH@ Index: vtun-3.0.3/generic/pty_dev.c =================================================================== --- vtun-3.0.3.orig/generic/pty_dev.c 2008-01-07 23:36:13.000000000 +0100 +++ vtun-3.0.3/generic/pty_dev.c 2012-10-07 20:11:02.469302665 +0200 @@ -19,7 +19,9 @@ /* * $Id: pty_dev.c,v 1.4.2.2 2008/01/07 22:36:13 mtbishop Exp $ */ - +/* Althought differing from documentation, this is necessary to have + * posix_openpt in GNU libc */ +#define _XOPEN_SOURCE 600 #include "config.h" #include @@ -39,10 +41,10 @@ int pty_open(char *sl_name) { int mr_fd; -#if defined (HAVE_GETPT) && defined (HAVE_GRANTPT) && defined (HAVE_UNLOCKPT) && defined (HAVE_PTSNAME) +#if defined (HAVE_POSIX_OPENPT) && defined (HAVE_GRANTPT) && defined (HAVE_UNLOCKPT) && defined (HAVE_PTSNAME) char *ptyname; - if((mr_fd=getpt()) < 0) + if((mr_fd=posix_openpt(O_RDWR|O_NOCTTY)) < 0) return -1; if(grantpt(mr_fd) != 0) return -1; Index: vtun-3.0.3/lfd_encrypt.c =================================================================== --- vtun-3.0.3.orig/lfd_encrypt.c 2012-10-07 20:10:50.000000000 +0200 +++ vtun-3.0.3/lfd_encrypt.c 2012-10-07 20:11:02.469302665 +0200 @@ -44,6 +44,7 @@ #include #include #include +#include #include "vtun.h" #include "linkfd.h" @@ -101,6 +102,11 @@ EVP_CIPHER_CTX ctx_enc_ecb; /* sideband ecb encrypt */ EVP_CIPHER_CTX ctx_dec_ecb; /* sideband ecb decrypt */ +int send_msg(int len, char *in, char **out); +int send_ib_mesg(int *len, char **in); +int recv_msg(int len, char *in, char **out); +int recv_ib_mesg(int *len, char **in); + int prep_key(char **key, int size, struct vtun_host *host) { int tmplen, halflen; Index: vtun-3.0.3/lfd_lzo.c =================================================================== --- vtun-3.0.3.orig/lfd_lzo.c 2012-07-09 03:01:08.000000000 +0200 +++ vtun-3.0.3/lfd_lzo.c 2012-10-07 20:12:15.517304622 +0200 @@ -37,7 +37,6 @@ #include "lzoutil.h" #include "lzo1x.h" -#include "lzoutil.h" static lzo_byte *zbuf; static lzo_voidp wmem; Index: vtun-3.0.3/lfd_shaper.c =================================================================== --- vtun-3.0.3.orig/lfd_shaper.c 2008-01-07 23:35:36.000000000 +0100 +++ vtun-3.0.3/lfd_shaper.c 2012-10-07 20:11:02.469302665 +0200 @@ -31,6 +31,7 @@ #include "vtun.h" #include "linkfd.h" #include "lib.h" +#include /* * Shaper module. Index: vtun-3.0.3/lib.c =================================================================== --- vtun-3.0.3.orig/lib.c 2008-01-07 23:35:40.000000000 +0100 +++ vtun-3.0.3/lib.c 2012-10-07 20:11:02.469302665 +0200 @@ -38,6 +38,7 @@ #include "vtun.h" #include "linkfd.h" #include "lib.h" +#include volatile sig_atomic_t __io_canceled = 0; Index: vtun-3.0.3/lib.h =================================================================== --- vtun-3.0.3.orig/lib.h 2008-01-07 23:35:41.000000000 +0100 +++ vtun-3.0.3/lib.h 2012-10-07 20:11:02.469302665 +0200 @@ -23,6 +23,7 @@ #define _VTUN_LIB_H #include "config.h" +#include #include #include #include Index: vtun-3.0.3/lock.c =================================================================== --- vtun-3.0.3.orig/lock.c 2008-01-07 23:35:50.000000000 +0100 +++ vtun-3.0.3/lock.c 2012-10-07 20:11:02.469302665 +0200 @@ -37,6 +37,7 @@ #include "linkfd.h" #include "lib.h" #include "lock.h" +#include int create_lock(char * file) { debian/patches/06-ipv6.patch0000644000000000000000000000517212034263330012746 0ustar Description: Replace gethostbyname() with getaddrinfo(). In recent versions of glibc, a call to gethostbyname() will be default return an IPv6 reference as first entry. This completely breaks communication between the vtund server instance and the vtund client instance. . The solution to this clash is to migrate the code in 'netlib.c' to use getaddrinfo(), since this function can easily be configured to only return IPv4 addresses. Author: Mats Erik Andersson Forwarded: no Last-Update: 2010-05-13 --- vtun-3.0.2.debian/netlib.c +++ vtun-3.0.2/netlib.c @@ -229,21 +229,23 @@ int local_addr(struct sockaddr_in *addr, int server_addr(struct sockaddr_in *addr, struct vtun_host *host) { - struct hostent * hent; + struct addrinfo hints, *aiptr; memset(addr,0,sizeof(struct sockaddr_in)); - addr->sin_family = AF_INET; - addr->sin_port = htons(vtun.bind_addr.port); + memset(&hints, '\0', sizeof(hints)); + hints.ai_family = AF_INET; /* Lookup server's IP address. * We do it on every reconnect because server's IP * address can be dynamic. */ - if( !(hent = gethostbyname(vtun.svr_name)) ){ + if( getaddrinfo(vtun.svr_name, NULL, &hints, &aiptr) ){ vtun_syslog(LOG_ERR, "Can't resolv server address: %s", vtun.svr_name); return -1; } - addr->sin_addr.s_addr = *(unsigned long *)hent->h_addr; + memcpy(addr, aiptr->ai_addr, aiptr->ai_addrlen); + addr->sin_port = htons(vtun.bind_addr.port); + freeaddrinfo(aiptr); host->sopt.raddr = strdup(inet_ntoa(addr->sin_addr)); host->sopt.rport = vtun.bind_addr.port; @@ -254,8 +256,11 @@ int server_addr(struct sockaddr_in *addr /* Set address by interface name, ip address or hostname */ int generic_addr(struct sockaddr_in *addr, struct vtun_addr *vaddr) { - struct hostent *hent; + struct addrinfo hints, *aiptr; + memset(addr, 0, sizeof(struct sockaddr_in)); + memset(&hints, '\0', sizeof(hints)); + hints.ai_family = AF_INET; addr->sin_family = AF_INET; @@ -270,13 +275,14 @@ int generic_addr(struct sockaddr_in *add } break; case VTUN_ADDR_NAME: - if (!(hent = gethostbyname(vaddr->name))) { + if( getaddrinfo(vaddr->name, NULL, &hints, &aiptr) ){ vtun_syslog(LOG_ERR, "Can't resolv local address %s", vaddr->name); return -1; } - addr->sin_addr.s_addr = *(unsigned long *) hent->h_addr; + memcpy(addr, aiptr->ai_addr, aiptr->ai_addrlen); + freeaddrinfo(aiptr); break; default: addr->sin_addr.s_addr = INADDR_ANY; debian/patches/05-unix98pty.patch0000644000000000000000000000371012034343220013753 0ustar 05-unix98pty.patch by Christoph Thielecke http://sourceforge.net/tracker/index.php?func=detail&aid=1692526&group_id=2947&atid=102947 DP: Patch to allow the use of unix 98 pts Index: vtun-3.0.3/generic/pty_dev.c =================================================================== --- vtun-3.0.3.orig/generic/pty_dev.c 2012-10-07 20:12:25.000000000 +0200 +++ vtun-3.0.3/generic/pty_dev.c 2012-10-07 20:12:29.777305003 +0200 @@ -31,6 +31,8 @@ #include #include +#include + #include "vtun.h" #include "lib.h" @@ -57,31 +59,29 @@ #else - char ptyname[] = "/dev/ptyXY"; - char ch[] = "pqrstuvwxyz"; - char digit[] = "0123456789abcdefghijklmnopqrstuv"; + char ptyname[1024]; int l, m; + int master, slave; + + /* This algorithm works for UNIX98 PTS */ - /* This algorithm should work for almost all standard Unices */ - for(l=0; ch[l]; l++ ) { - for(m=0; digit[m]; m++ ) { - ptyname[8] = ch[l]; - ptyname[9] = digit[m]; - /* Open the master */ - if( (mr_fd=open(ptyname, O_RDWR)) < 0 ) - continue; + /* Open the master */ + mr_fd = openpty(&master, &slave, ptyname, NULL, NULL); + if (mr_fd == -1) + { + printf("error open pty"); + return -1; + } + else + { /* Check the slave */ - ptyname[5] = 't'; if( (access(ptyname, R_OK | W_OK)) < 0 ){ - close(mr_fd); - ptyname[5] = 'p'; - continue; + /* close(mr_fd); */ + return -1; } strcpy(sl_name,ptyname); - return mr_fd; - } - } - return -1; + return master; + } #endif } Index: vtun-3.0.3/Makefile.in =================================================================== --- vtun-3.0.3.orig/Makefile.in 2012-10-07 20:12:25.000000000 +0200 +++ vtun-3.0.3/Makefile.in 2012-10-07 20:14:08.745307653 +0200 @@ -19,7 +19,7 @@ # CC = @CC@ CFLAGS = @CFLAGS@ @CPPFLAGS@ -LDFLAGS = @LDFLAGS@ @LIBS@ +LDFLAGS = @LDFLAGS@ @LIBS@ -lutil YACC = @YACC@ YACCFLAGS = -d debian/patches/02-dumpfile.patch0000644000000000000000000000133212034346521013661 0ustar 02-dumpfile.patch by Martín Ferrari http://sourceforge.net/support/tracker.php?aid=1744569 Patch to add an extension to dump files, so they can be managed by logrotate Index: vtun-3.0.3/linkfd.c =================================================================== --- vtun-3.0.3.orig/linkfd.c 2012-10-07 20:42:53.000000000 +0200 +++ vtun-3.0.3/linkfd.c 2012-10-07 20:43:26.289354719 +0200 @@ -415,7 +415,7 @@ sa.sa_handler=sig_usr1; sigaction(SIGUSR1,&sa,NULL); - sprintf(file,"%s/%.20s", VTUN_STAT_DIR, host->host); + sprintf(file,"%s/%.20s.dump", VTUN_STAT_DIR, host->host); if( (host->stat.file=fopen(file, "a")) ){ setvbuf(host->stat.file, NULL, _IOLBF, 0); } else debian/patches/03-signedness-warnings.patch0000644000000000000000000001722712034342632016056 0ustar 03-signedness-warnings.dpatch by Martín Ferrari http://sourceforge.net/support/tracker.php?aid=1744570 Various explicit casts to stop gcc from complaining. It'd be better to fix the prototypes, but that's much more intrusive. Index: vtun-3.0.3/auth.c =================================================================== --- vtun-3.0.3.orig/auth.c 2012-10-07 20:07:28.000000000 +0200 +++ vtun-3.0.3/auth.c 2012-10-07 20:09:57.853300935 +0200 @@ -89,7 +89,7 @@ void gen_chal(char *buf) { - RAND_bytes(buf, VTUN_CHAL_SIZE); + RAND_bytes((unsigned char *)buf, VTUN_CHAL_SIZE); } void ssl_encrypt_chal(char *chal, char *pwd) @@ -98,10 +98,10 @@ BF_KEY key; syslog(LOG_INFO, "Use SSL-aware challenge/response"); - BF_set_key(&key, 16, MD5(pwd,strlen(pwd),NULL)); + BF_set_key(&key, 16, MD5((unsigned char *)pwd,strlen(pwd),NULL)); for(i=0; i < VTUN_CHAL_SIZE; i += 8 ) - BF_ecb_encrypt(chal + i, chal + i, &key, BF_ENCRYPT); + BF_ecb_encrypt((unsigned char *)chal + i, (unsigned char *)chal + i, &key, BF_ENCRYPT); } void ssl_decrypt_chal(char *chal, char *pwd) @@ -110,10 +110,10 @@ BF_KEY key; syslog(LOG_INFO, "Use SSL-aware challenge/response"); - BF_set_key(&key, 16, MD5(pwd,strlen(pwd),NULL)); + BF_set_key(&key, 16, MD5((unsigned char *)pwd,strlen(pwd),NULL)); for(i=0; i < VTUN_CHAL_SIZE; i += 8 ) - BF_ecb_encrypt(chal + i, chal + i, &key, BF_DECRYPT); + BF_ecb_encrypt((unsigned char *)chal + i, (unsigned char *)chal + i, &key, BF_DECRYPT); } #else /* HAVE_SSL */ Index: vtun-3.0.3/lfd_encrypt.c =================================================================== --- vtun-3.0.3.orig/lfd_encrypt.c 2008-01-07 23:35:32.000000000 +0100 +++ vtun-3.0.3/lfd_encrypt.c 2012-10-07 20:09:57.853300935 +0200 @@ -118,12 +118,12 @@ tmplen = strlen(host->passwd); if (tmplen != 0) halflen = tmplen>>1; else halflen = 0; - MD5(host->passwd, halflen, hashkey); - MD5((host->passwd)+halflen, tmplen-halflen, hashkey+16); + MD5((unsigned char *)host->passwd, halflen, (unsigned char *)hashkey); + MD5((unsigned char *)(host->passwd)+halflen, tmplen-halflen, (unsigned char *)hashkey+16); } else if (size == 16) { - MD5(host->passwd,strlen(host->passwd), hashkey); + MD5((unsigned char *)host->passwd,strlen(host->passwd), (unsigned char *)hashkey); } else { @@ -163,7 +163,7 @@ return -1; } - RAND_bytes((char *)&sequence_num, 4); + RAND_bytes((unsigned char *)&sequence_num, 4); gibberish = 0; gib_time_start = 0; phost = host; @@ -263,8 +263,8 @@ EVP_CIPHER_CTX_set_key_length(pctx_enc, keysize); EVP_CIPHER_CTX_set_key_length(pctx_dec, keysize); } - EVP_EncryptInit_ex(pctx_enc, NULL, NULL, pkey, NULL); - EVP_DecryptInit_ex(pctx_dec, NULL, NULL, pkey, NULL); + EVP_EncryptInit_ex(pctx_enc, NULL, NULL, (unsigned char *)pkey, NULL); + EVP_DecryptInit_ex(pctx_dec, NULL, NULL, (unsigned char *)pkey, NULL); EVP_CIPHER_CTX_set_padding(pctx_enc, 0); EVP_CIPHER_CTX_set_padding(pctx_dec, 0); if (sb_init) @@ -317,8 +317,8 @@ memset(in_ptr+len, pad, pad); outlen=len+pad; if (pad == blocksize) - RAND_bytes(in_ptr+len, blocksize-1); - EVP_EncryptUpdate(&ctx_enc, out_ptr, &outlen, in_ptr, len+pad); + RAND_bytes((unsigned char *)in_ptr+len, blocksize-1); + EVP_EncryptUpdate(&ctx_enc, (unsigned char *)out_ptr, &outlen, (unsigned char *)in_ptr, len+pad); *out = enc_buf; sequence_num++; @@ -338,7 +338,7 @@ outlen=len; if (!len) return 0; - EVP_DecryptUpdate(&ctx_dec, out_ptr, &outlen, in_ptr, len); + EVP_DecryptUpdate(&ctx_dec, (unsigned char *)out_ptr, &outlen, (unsigned char *)in_ptr, len); recv_ib_mesg(&outlen, &out_ptr); if (!outlen) return 0; tmp_ptr = out_ptr + outlen; tmp_ptr--; @@ -430,8 +430,8 @@ EVP_EncryptInit_ex(&ctx_enc, cipher_type, NULL, NULL, NULL); if (var_key) EVP_CIPHER_CTX_set_key_length(&ctx_enc, keysize); - EVP_EncryptInit_ex(&ctx_enc, NULL, NULL, pkey, NULL); - EVP_EncryptInit_ex(&ctx_enc, NULL, NULL, NULL, iv); + EVP_EncryptInit_ex(&ctx_enc, NULL, NULL, (unsigned char *)pkey, NULL); + EVP_EncryptInit_ex(&ctx_enc, NULL, NULL, NULL, (unsigned char *)iv); EVP_CIPHER_CTX_set_padding(&ctx_enc, 0); if (enc_init_first_time) { @@ -520,8 +520,8 @@ EVP_DecryptInit_ex(&ctx_dec, cipher_type, NULL, NULL, NULL); if (var_key) EVP_CIPHER_CTX_set_key_length(&ctx_dec, keysize); - EVP_DecryptInit_ex(&ctx_dec, NULL, NULL, pkey, NULL); - EVP_DecryptInit_ex(&ctx_dec, NULL, NULL, NULL, iv); + EVP_DecryptInit_ex(&ctx_dec, NULL, NULL, (unsigned char *)pkey, NULL); + EVP_DecryptInit_ex(&ctx_dec, NULL, NULL, NULL, (unsigned char *)iv); EVP_CIPHER_CTX_set_padding(&ctx_dec, 0); if (dec_init_first_time) { @@ -542,7 +542,7 @@ case CIPHER_INIT: in_ptr = in - blocksize*2; iv = malloc(blocksize); - RAND_bytes(iv, blocksize); + RAND_bytes((unsigned char *)iv, blocksize); strncpy(in_ptr,"ivec",4); in_ptr += 4; memcpy(in_ptr,iv,blocksize); @@ -550,12 +550,12 @@ cipher_enc_init(iv); memset(iv,0,blocksize); free(iv); iv = NULL; - RAND_bytes(in_ptr, in - in_ptr); + RAND_bytes((unsigned char *)in_ptr, in - in_ptr); in_ptr = in - blocksize*2; outlen = blocksize*2; - EVP_EncryptUpdate(&ctx_enc_ecb, in_ptr, - &outlen, in_ptr, blocksize*2); + EVP_EncryptUpdate(&ctx_enc_ecb, (unsigned char *)in_ptr, + &outlen, (unsigned char *)in_ptr, blocksize*2); *out = in_ptr; len = outlen; cipher_enc_state = CIPHER_SEQUENCE; @@ -581,7 +581,7 @@ in_ptr = in; iv = malloc(blocksize); outlen = blocksize*2; - EVP_DecryptUpdate(&ctx_dec_ecb, in_ptr, &outlen, in_ptr, blocksize*2); + EVP_DecryptUpdate(&ctx_dec_ecb, (unsigned char *)in_ptr, &outlen, (unsigned char *)in_ptr, blocksize*2); if ( !strncmp(in_ptr, "ivec", 4) ) { Index: vtun-3.0.3/netlib.c =================================================================== --- vtun-3.0.3.orig/netlib.c 2009-03-29 12:44:02.000000000 +0200 +++ vtun-3.0.3/netlib.c 2012-10-07 20:10:25.281301670 +0200 @@ -99,7 +99,7 @@ FD_ZERO(&fdset); FD_SET(s,&fdset); if( select(s+1,NULL,&fdset,NULL,timeout?&tv:NULL) > 0 ){ - int l=sizeof(errno); + socklen_t l=sizeof(errno); errno=0; getsockopt(s,SOL_SOCKET,SO_ERROR,&errno,&l); } else @@ -146,7 +146,8 @@ { struct sockaddr_in saddr; short port; - int s,opt; + int s; + socklen_t opt; extern int is_rmt_fd_connected; if( (s=socket(AF_INET,SOCK_DGRAM,0))== -1 ){ @@ -220,7 +221,7 @@ /* Set local address */ int local_addr(struct sockaddr_in *addr, struct vtun_host *host, int con) { - int opt; + socklen_t opt; if( con ){ /* Use address of the already connected socket. */ Index: vtun-3.0.3/server.c =================================================================== --- vtun-3.0.3.orig/server.c 2012-07-09 03:01:08.000000000 +0200 +++ vtun-3.0.3/server.c 2012-10-07 20:09:57.853300935 +0200 @@ -64,7 +64,7 @@ struct vtun_host *host; struct sigaction sa; char *ip; - int opt; + socklen_t opt; opt = sizeof(struct sockaddr_in); if( getpeername(sock, (struct sockaddr *) &cl_addr, &opt) ){ @@ -115,7 +115,8 @@ { struct sigaction sa; struct sockaddr_in my_addr, cl_addr; - int s, s1, opt; + int s, s1; + socklen_t opt; memset(&my_addr, 0, sizeof(my_addr)); my_addr.sin_family = AF_INET; debian/patches/07-dual-family-transport.patch0000644000000000000000000004774512034353002016331 0ustar Description: Enable transport in IPv4 and in IPv6 tunnels. A migration to use 'struct sockaddr_storage' makes it possible to establish a carrier tunnel using either IPv4 or IPv6. . Command line options '-4' and '-6' determines these. The default is to use IPv4. Observe that either family can be tunneled inside the tunnel, independently of the wrapping address family. . It is by intention the carrier is of one kind for each server instance. The options section can use 'ipv4' and 'ipv6' to choose either. Author: Mats Erik Andersson Forwarded: no Last-Update: 2010-05-15 Index: vtun-3.0.3/vtun.h =================================================================== --- vtun-3.0.3.orig/vtun.h 2012-10-07 21:17:50.000000000 +0200 +++ vtun-3.0.3/vtun.h 2012-10-07 21:17:50.000000000 +0200 @@ -23,6 +23,7 @@ #ifndef _VTUN_H #define _VTUN_H +#include /* We need 'sa_family_t'. */ #include "llist.h" /* Default VTUN port */ @@ -218,6 +219,7 @@ char *fwall; /* Command to configure FireWall */ char *iproute; /* iproute command */ + sa_family_t transport_af; /* Preferred address family for transport. */ char *svr_name; /* Server's host name */ char *svr_addr; /* Server's address (string) */ struct vtun_addr bind_addr; /* Server should listen on this address */ Index: vtun-3.0.3/main.c =================================================================== --- vtun-3.0.3.orig/main.c 2012-10-07 21:17:50.000000000 +0200 +++ vtun-3.0.3/main.c 2012-10-07 21:17:50.000000000 +0200 @@ -67,6 +67,7 @@ vtun.persist = -1; vtun.timeout = -1; vtun.sslauth = -1; + vtun.transport_af = AF_INET; /* Dup strings because parser will try to free them */ vtun.ppp = strdup("/usr/sbin/pppd"); @@ -98,7 +99,7 @@ /* Start logging to syslog and stderr */ openlog("vtund", LOG_PID | LOG_NDELAY | LOG_PERROR, LOG_DAEMON); - while( (opt=getopt(argc,argv,"misf:P:L:t:npq")) != EOF ){ + while( (opt=getopt(argc,argv,"misf:P:L:t:npq46")) != EOF ){ switch(opt){ case 'm': if (mlockall(MCL_CURRENT | MCL_FUTURE) < 0) { @@ -132,6 +133,12 @@ case 'q': vtun.quiet = 1; break; + case '4': + vtun.transport_af = AF_INET; + break; + case '6': + vtun.transport_af = AF_INET6; + break; default: usage(); exit(1); Index: vtun-3.0.3/netlib.h =================================================================== --- vtun-3.0.3.orig/netlib.h 2012-10-07 21:17:45.341409859 +0200 +++ vtun-3.0.3/netlib.h 2012-10-07 21:17:50.000000000 +0200 @@ -32,12 +32,14 @@ #include #endif -unsigned long getifaddr(char * ifname); +int getifaddr(struct sockaddr_storage *addr, char * ifname, sa_family_t af); int connect_t(int s, struct sockaddr *svr, time_t timeout); int udp_session(struct vtun_host *host); -int local_addr(struct sockaddr_in *addr, struct vtun_host *host, int con); -int server_addr(struct sockaddr_in *addr, struct vtun_host *host); -int generic_addr(struct sockaddr_in *addr, struct vtun_addr *vaddr); +int local_addr(struct sockaddr_storage *addr, struct vtun_host *host, int con); +int server_addr(struct sockaddr_storage *addr, struct vtun_host *host); +int generic_addr(struct sockaddr_storage *addr, struct vtun_addr *vaddr); +in_port_t get_port(struct sockaddr_storage *addr); +void set_port(struct sockaddr_storage *addr, in_port_t port); #endif /* _VTUN_NETDEV_H */ Index: vtun-3.0.3/netlib.c =================================================================== --- vtun-3.0.3.orig/netlib.c 2012-10-07 21:17:50.000000000 +0200 +++ vtun-3.0.3/netlib.c 2012-10-07 21:20:23.313414089 +0200 @@ -38,6 +38,7 @@ #include #include #include +#include #ifdef HAVE_SYS_SOCKIO_H #include @@ -81,7 +82,7 @@ #if defined(VTUN_SOCKS) && VTUN_SOCKS == 2 /* Some SOCKS implementations don't support * non blocking connect */ - return connect(s,svr,sizeof(struct sockaddr)); + return connect(s,svr,sizeof(struct sockaddr_storage)); #else int sock_flags; fd_set fdset; @@ -93,7 +94,7 @@ if( fcntl(s,F_SETFL,O_NONBLOCK) < 0 ) return -1; - if( connect(s,svr,sizeof(struct sockaddr)) < 0 && errno != EINPROGRESS) + if( connect(s,svr,sizeof(struct sockaddr_storage)) < 0 && errno != EINPROGRESS) return -1; FD_ZERO(&fdset); @@ -114,28 +115,78 @@ #endif } +/* Get port number, independently of address family. */ +in_port_t get_port(struct sockaddr_storage *addr) +{ + switch (addr->ss_family) { + case AF_INET6: + return ntohs(((struct sockaddr_in6 *) addr)->sin6_port); + break; + case AF_INET: + return ntohs(((struct sockaddr_in *) addr)->sin_port); + break; + default: + return 0; + } +} /* get_port(struct sockaddr_storage *) */ + +/* Set port number, independently of address family. */ +void set_port(struct sockaddr_storage *addr, in_port_t port) +{ + switch (addr->ss_family) { + case AF_INET6: + ((struct sockaddr_in6 *) addr)->sin6_port = htons(port); + break; + case AF_INET: + ((struct sockaddr_in *) addr)->sin_port = htons(port); + default: + break; + } +} /* set_port(struct sockaddr_storage *, in_port_t) */ + /* Get interface address */ -unsigned long getifaddr(char * ifname) +int getifaddr(struct sockaddr_storage *addr, char * ifname, sa_family_t af) { - struct sockaddr_in addr; - struct ifreq ifr; - int s; + struct ifaddrs *ifas, *ifa; - if( (s = socket(AF_INET, SOCK_DGRAM, 0)) == -1 ) + if( getifaddrs(&ifas) < 0 ) return -1; - strncpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name)-1); - ifr.ifr_name[sizeof(ifr.ifr_name)-1]='\0'; + for (ifa = ifas; ifa; ifa = ifa->ifa_next) { + if( ifa->ifa_addr->sa_family != af || + strcmp(ifname, ifa->ifa_name) ) + continue; + + /* Correct address family and interface name! + * Locate a useful candidate. */ + + /* For IPv4, the first address works. */ + if( (ifa->ifa_addr->sa_family == AF_INET) && + (ifa->ifa_flags & IFF_UP) ) + break; /* Good address. */ + + /* IPv6 needs some obvious exceptions. */ + if( ifa->ifa_addr->sa_family == AF_INET6 ) { + if( IN6_IS_ADDR_LINKLOCAL(&((struct sockaddr_in6 *) addr)->sin6_addr.s6_addr) + || IN6_IS_ADDR_SITELOCAL(&((struct sockaddr_in6 *) addr)->sin6_addr.s6_addr) ) + continue; + else + /* Successful search at this point, which + * only standard IPv6 can reach. */ + break; + } + } - if( ioctl(s, SIOCGIFADDR, &ifr) < 0 ){ - close(s); + if( ifa == NULL ) { + freeifaddrs(ifas); return -1; } - close(s); - addr = *((struct sockaddr_in *) &ifr.ifr_addr); + /* Copy the found address. */ + memcpy(addr, ifa->ifa_addr, sizeof(*addr)); + freeifaddrs(ifas); - return addr.sin_addr.s_addr; + return 0; } /* @@ -144,13 +195,16 @@ */ int udp_session(struct vtun_host *host) { - struct sockaddr_in saddr; + struct sockaddr_storage saddr; short port; int s; socklen_t opt; extern int is_rmt_fd_connected; - if( (s=socket(AF_INET,SOCK_DGRAM,0))== -1 ){ + /* Set local address and port */ + local_addr(&saddr, host, 1); + + if( (s=socket(saddr.ss_family,SOCK_DGRAM,0))== -1 ){ vtun_syslog(LOG_ERR,"Can't create socket"); return -1; } @@ -158,8 +212,6 @@ opt=1; setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)); - /* Set local address and port */ - local_addr(&saddr, host, 1); if( bind(s,(struct sockaddr *)&saddr,sizeof(saddr)) ){ vtun_syslog(LOG_ERR,"Can't bind to the socket"); return -1; @@ -172,7 +224,7 @@ } /* Write port of the new UDP socket */ - port = saddr.sin_port; + port = get_port(&saddr); if( write_n(host->rmt_fd,(char *)&port,sizeof(short)) < 0 ){ vtun_syslog(LOG_ERR,"Can't write port number"); return -1; @@ -191,7 +243,7 @@ return -1; } - saddr.sin_port = port; + set_port(&saddr, port); /* if the config says to delay the UDP connection, we wait for an incoming packet and then force a connection back. We need to @@ -219,91 +271,103 @@ } /* Set local address */ -int local_addr(struct sockaddr_in *addr, struct vtun_host *host, int con) +int local_addr(struct sockaddr_storage *addr, struct vtun_host *host, int con) { socklen_t opt; + char *ip = (char *) calloc(INET6_ADDRSTRLEN, sizeof(char)); + + memset(addr, '\0', sizeof(*addr)); if( con ){ /* Use address of the already connected socket. */ - opt = sizeof(struct sockaddr_in); + opt = sizeof(*addr); if( getsockname(host->rmt_fd, (struct sockaddr *)addr, &opt) < 0 ){ vtun_syslog(LOG_ERR,"Can't get local socket address"); return -1; } } else { + addr->ss_family = vtun.transport_af; if (generic_addr(addr, &host->src_addr) < 0) return -1; } - host->sopt.laddr = strdup(inet_ntoa(addr->sin_addr)); + getnameinfo((struct sockaddr *) addr, sizeof(*addr), + ip, INET6_ADDRSTRLEN, NULL, 0, NI_NUMERICHOST); + host->sopt.laddr = ip; return 0; } -int server_addr(struct sockaddr_in *addr, struct vtun_host *host) +int server_addr(struct sockaddr_storage *addr, struct vtun_host *host) { struct addrinfo hints, *aiptr; + char *ip, portstr[12]; + + ip = (char *) calloc(INET6_ADDRSTRLEN, sizeof(char)); + + memset(addr, '\0', sizeof(*addr)); - memset(addr,0,sizeof(struct sockaddr_in)); memset(&hints, '\0', sizeof(hints)); - hints.ai_family = AF_INET; + hints.ai_family = vtun.transport_af; + hints.ai_flags = AI_ADDRCONFIG | AI_NUMERICSERV; + + snprintf(portstr, sizeof(portstr), "%u", vtun.bind_addr.port); /* Lookup server's IP address. * We do it on every reconnect because server's IP * address can be dynamic. */ - if( getaddrinfo(vtun.svr_name, NULL, &hints, &aiptr) ){ - vtun_syslog(LOG_ERR, "Can't resolv server address: %s", vtun.svr_name); - return -1; + if (getaddrinfo(vtun.svr_name, portstr, &hints, &aiptr)) { + vtun_syslog(LOG_ERR, "Can't resolv server address: %s", vtun.svr_name); + return -1; } + memcpy(addr, aiptr->ai_addr, aiptr->ai_addrlen); - addr->sin_port = htons(vtun.bind_addr.port); freeaddrinfo(aiptr); - - host->sopt.raddr = strdup(inet_ntoa(addr->sin_addr)); + getnameinfo((struct sockaddr *) addr, sizeof(*addr), + ip, INET6_ADDRSTRLEN, NULL, 0, NI_NUMERICHOST); + host->sopt.raddr = ip; host->sopt.rport = vtun.bind_addr.port; return 0; } /* Set address by interface name, ip address or hostname */ -int generic_addr(struct sockaddr_in *addr, struct vtun_addr *vaddr) +int generic_addr(struct sockaddr_storage *addr, struct vtun_addr *vaddr) { + sa_family_t use_af = addr->ss_family; struct addrinfo hints, *aiptr; - memset(addr, 0, sizeof(struct sockaddr_in)); + memset(addr, '\0', sizeof(*addr)); /* Implicitly setting INADDR_ANY. */ memset(&hints, '\0', sizeof(hints)); - hints.ai_family = AF_INET; - - addr->sin_family = AF_INET; switch (vaddr->type) { case VTUN_ADDR_IFACE: - if (!(addr->sin_addr.s_addr = - getifaddr(vaddr->name))) { - vtun_syslog(LOG_ERR, - "Can't get address of interface %s", - vaddr->name); - return -1; - } - break; + if (getifaddr(addr, vaddr->name, use_af)) { + vtun_syslog(LOG_ERR, "Can't get address of interface %s", vaddr->name); + return -1; + } + break; case VTUN_ADDR_NAME: - if( getaddrinfo(vaddr->name, NULL, &hints, &aiptr) ){ - vtun_syslog(LOG_ERR, - "Can't resolv local address %s", - vaddr->name); - return -1; - } - memcpy(addr, aiptr->ai_addr, aiptr->ai_addrlen); - freeaddrinfo(aiptr); - break; - default: - addr->sin_addr.s_addr = INADDR_ANY; - break; + memset(&hints, '\0', sizeof(hints)); + hints.ai_family = use_af; + hints.ai_flags = AI_ADDRCONFIG; + + if (getaddrinfo(vaddr->name, NULL, &hints, &aiptr)) { + vtun_syslog(LOG_ERR, "Can't resolv local address %s", vaddr->name); + return -1; + } + memcpy(addr, aiptr->ai_addr, aiptr->ai_addrlen); + freeaddrinfo(aiptr); + break; + default: + /* INADDR_ANY has already been implicitly set, when erasing. */ + addr->ss_family = use_af; + break; } if (vaddr->port) - addr->sin_port = htons(vaddr->port); + set_port(addr, vaddr->port); return 0; } Index: vtun-3.0.3/client.c =================================================================== --- vtun-3.0.3.orig/client.c 2012-10-07 21:17:45.341409859 +0200 +++ vtun-3.0.3/client.c 2012-10-07 21:17:50.000000000 +0200 @@ -55,7 +55,7 @@ void client(struct vtun_host *host) { - struct sockaddr_in my_addr,svr_addr; + struct sockaddr_storage my_addr,svr_addr; struct sigaction sa; int s, opt, reconnect; @@ -101,7 +101,7 @@ * we want to connect, since STREAM sockets * can be successfully connected only once. */ - if( (s = socket(AF_INET,SOCK_STREAM,0))==-1 ){ + if( (s = socket(my_addr.ss_family,SOCK_STREAM,0))==-1 ){ vtun_syslog(LOG_ERR,"Can't create socket. %s(%d)", strerror(errno), errno); continue; @@ -138,9 +138,7 @@ vtun_syslog(LOG_INFO,"Session %s[%s] opened",host->host,vtun.svr_name); host->rmt_fd = s; - - /* Start the tunnel */ - client_term = tunnel(host); +/* Start the tunnel */ client_term = tunnel(host); vtun_syslog(LOG_INFO,"Session %s[%s] closed",host->host,vtun.svr_name); } else { Index: vtun-3.0.3/server.c =================================================================== --- vtun-3.0.3.orig/server.c 2012-10-07 21:17:50.000000000 +0200 +++ vtun-3.0.3/server.c 2012-10-07 21:17:50.000000000 +0200 @@ -30,6 +30,7 @@ #include #include #include +#include #ifdef HAVE_NETINET_IN_H #include @@ -60,24 +61,30 @@ void connection(int sock) { - struct sockaddr_in my_addr, cl_addr; + struct sockaddr_storage my_addr, cl_addr; struct vtun_host *host; struct sigaction sa; - char *ip; + char *cl_ip, *my_ip; socklen_t opt; - opt = sizeof(struct sockaddr_in); + cl_ip = calloc(INET6_ADDRSTRLEN, sizeof(char)); + my_ip = calloc(INET6_ADDRSTRLEN, sizeof(char)); + + opt = sizeof(cl_addr); if( getpeername(sock, (struct sockaddr *) &cl_addr, &opt) ){ vtun_syslog(LOG_ERR, "Can't get peer name"); exit(1); } - opt = sizeof(struct sockaddr_in); + opt = sizeof(my_addr); if( getsockname(sock, (struct sockaddr *) &my_addr, &opt) < 0 ){ vtun_syslog(LOG_ERR, "Can't get local socket address"); exit(1); } - ip = strdup(inet_ntoa(cl_addr.sin_addr)); + getnameinfo((struct sockaddr *) &cl_addr, sizeof(cl_addr), + cl_ip, INET6_ADDRSTRLEN, NULL, 0, NI_NUMERICHOST); + getnameinfo((struct sockaddr *) &my_addr, sizeof(my_addr), + my_ip, INET6_ADDRSTRLEN, NULL, 0, NI_NUMERICHOST); io_init(); @@ -86,14 +93,14 @@ sa.sa_flags=SA_NOCLDWAIT;; sigaction(SIGHUP,&sa,NULL); - vtun_syslog(LOG_INFO,"Session %s[%s:%d] opened", host->host, ip, - ntohs(cl_addr.sin_port) ); + vtun_syslog(LOG_INFO,"Session %s[%s:%d] opened", host->host, cl_ip, + get_port(&cl_addr) ); host->rmt_fd = sock; - host->sopt.laddr = strdup(inet_ntoa(my_addr.sin_addr)); + host->sopt.laddr = my_ip; host->sopt.lport = vtun.bind_addr.port; - host->sopt.raddr = strdup(ip); - host->sopt.rport = ntohs(cl_addr.sin_port); + host->sopt.raddr = strdup(cl_ip); + host->sopt.rport = get_port(&cl_addr); /* Start tunnel */ tunnel(host); @@ -103,8 +110,8 @@ /* Unlock host. (locked in auth_server) */ unlock_host(host); } else { - vtun_syslog(LOG_INFO,"Denied connection from %s:%d", ip, - ntohs(cl_addr.sin_port) ); + vtun_syslog(LOG_INFO,"Denied connection from %s:%d", cl_ip, + get_port(&cl_addr) ); } close(sock); @@ -114,21 +121,22 @@ void listener(void) { struct sigaction sa; - struct sockaddr_in my_addr, cl_addr; + struct sockaddr_storage my_addr, cl_addr; int s, s1; socklen_t opt; memset(&my_addr, 0, sizeof(my_addr)); - my_addr.sin_family = AF_INET; /* Set listen address */ + my_addr.ss_family = vtun.transport_af; + if( generic_addr(&my_addr, &vtun.bind_addr) < 0) { vtun_syslog(LOG_ERR, "Can't fill in listen socket"); exit(1); } - if( (s=socket(AF_INET,SOCK_STREAM,0))== -1 ){ + if( (s=socket(my_addr.ss_family,SOCK_STREAM,0))== -1 ){ vtun_syslog(LOG_ERR,"Can't create socket"); exit(1); } @@ -187,7 +195,7 @@ sigaction(SIGUSR1,&sa,NULL); vtun_syslog(LOG_INFO,"VTUN server ver %s (%s)", VTUN_VER, - vtun.svr_type == VTUN_INETD ? "inetd" : "stand" ); + vtun.svr_type == VTUN_INETD ? "inetd" : "standalone" ); switch( vtun.svr_type ){ case VTUN_STAND_ALONE: Index: vtun-3.0.3/vtund.8 =================================================================== --- vtun-3.0.3.orig/vtund.8 2012-10-07 21:17:45.341409859 +0200 +++ vtun-3.0.3/vtund.8 2012-10-07 21:17:50.000000000 +0200 @@ -13,6 +13,9 @@ < .I -s > +{ +.IR -4 | -6 +} [ .I -i ] @@ -27,6 +30,9 @@ ] .LP .B vtund +{ +.IR -4 | -6 +} [ .I -f file ] @@ -71,6 +77,14 @@ .SH OPTIONS .TP +.I -4 +Use \fBIPv4\fR for transport, and for listening socket. This is the default choice. +Any of the addressing modes IPv4 or IPv6 can passed inside the tunnel. +The decision to use either is made by the \fIifconfig\fR and \fIip\fR commands. +.TP +.I -6 +Choose \fBIPv6\fR as transport layer, and server listening socket. +.TP .I -f file Read config information from the .I file Index: vtun-3.0.3/cfg_kwords.h =================================================================== --- vtun-3.0.3.orig/cfg_kwords.h 2012-10-07 21:17:50.000000000 +0200 +++ vtun-3.0.3/cfg_kwords.h 2012-10-07 21:17:50.000000000 +0200 @@ -32,6 +32,8 @@ { "default", K_DEFAULT }, { "up", K_UP }, { "down", K_DOWN }, + { "ipv4", K_IPV4 }, + { "ipv6", K_IPV6 }, { "port", K_PORT }, { "srcaddr", K_SRCADDR }, { "addr", K_ADDR }, Index: vtun-3.0.3/cfg_file.y =================================================================== --- vtun-3.0.3.orig/cfg_file.y 2012-10-07 21:17:50.000000000 +0200 +++ vtun-3.0.3/cfg_file.y 2012-10-07 21:17:50.000000000 +0200 @@ -73,7 +73,7 @@ %token K_OPTIONS K_DEFAULT K_PORT K_BINDADDR K_PERSIST K_TIMEOUT %token K_PASSWD K_PROG K_PPP K_SPEED K_IFCFG K_FWALL K_ROUTE K_DEVICE -%token K_MULTI K_SRCADDR K_IFACE K_ADDR +%token K_MULTI K_SRCADDR K_IFACE K_ADDR K_IPV4 K_IPV6 %token K_TYPE K_PROT K_NAT_HACK K_COMPRESS K_ENCRYPT K_KALIVE K_STAT K_SSLAUTH %token K_UP K_DOWN K_SYSLOG K_IPROUTE @@ -190,6 +190,14 @@ | K_SYSLOG syslog_opt + | K_IPV4 { + vtun.transport_af = AF_INET; + } + + | K_IPV6 { + vtun.transport_af = AF_INET6; + } + | K_ERROR { cfg_error("Unknown option '%s'",$1); YYABORT; Index: vtun-3.0.3/vtund.conf.5 =================================================================== --- vtun-3.0.3.orig/vtund.conf.5 2012-10-07 21:17:45.341409859 +0200 +++ vtun-3.0.3/vtund.conf.5 2012-10-07 21:17:50.000000000 +0200 @@ -51,6 +51,12 @@ mode (\fBstand\fR), that is the default, or be invoked from .BR inetd (8). +.IP \fBipv4\fR +use IPv4 as transport medium. This is the default. Inside the tunnel other types are of course usable. + +.IP \fBipv6\fR +use IPv6 as transport medium. + .IP \fBport\ \fIportnumber\fR server port number to listen on or connect to. By default, \fBvtund\fR(8) uses port 5000. debian/patches/00-sslauth.patch0000644000000000000000000001655712034346427013561 0ustar 00-sslauth.patch by Artur R. Czechowski http://sourceforge.net/support/tracker.php?aid=1744566 This patch allows ssl-enabled clients to connect to non-ssl-enabled servers and vice versa. It also enables use of /dev/random based encryption instead of C's built-in (and rather weak) rand() function. Index: vtun-3.0.3/auth.c =================================================================== --- vtun-3.0.3.orig/auth.c 2012-10-07 20:22:53.425321705 +0200 +++ vtun-3.0.3/auth.c 2012-10-07 20:41:25.545351485 +0200 @@ -23,6 +23,10 @@ /* * Challenge based authentication. * Thanx to Chris Todd for the good idea. + * + * Artur R. Czechowski , 02/17/2002 + * Add support for connectin ssl to non-ssl vtuns (sslauth option) + * Use /dev/random in non-ssl gen_chal (if possible) */ #include "config.h" @@ -55,34 +59,57 @@ #include "lock.h" #include "auth.h" -/* Encryption and Decryption of the challenge key */ #ifdef HAVE_SSL #include #include #include +#endif /* HAVE_SSL */ + +/* Okay, start the "blue-wire" non-ssl auth patch stuff */ +void nonssl_encrypt_chal(char *chal, char *pwd) +{ + char *xor_msk = pwd; + register int i, xor_len = strlen(xor_msk); + + syslog(LOG_INFO, "Use nonSSL-aware challenge/response"); + for(i=0; i < VTUN_CHAL_SIZE; i++) + chal[i] ^= xor_msk[i%xor_len]; +} + +inline void nonssl_decrypt_chal(char *chal, char *pwd) +{ + nonssl_encrypt_chal(chal, pwd); +} +/* Mostly ended here, other than a couple replaced #ifdefs */ + +/* Encryption and Decryption of the challenge-key */ +#ifdef HAVE_SSL + void gen_chal(char *buf) { RAND_bytes(buf, VTUN_CHAL_SIZE); } -void encrypt_chal(char *chal, char *pwd) +void ssl_encrypt_chal(char *chal, char *pwd) { register int i; BF_KEY key; + syslog(LOG_INFO, "Use SSL-aware challenge/response"); BF_set_key(&key, 16, MD5(pwd,strlen(pwd),NULL)); for(i=0; i < VTUN_CHAL_SIZE; i += 8 ) BF_ecb_encrypt(chal + i, chal + i, &key, BF_ENCRYPT); } -void decrypt_chal(char *chal, char *pwd) +void ssl_decrypt_chal(char *chal, char *pwd) { register int i; BF_KEY key; + syslog(LOG_INFO, "Use SSL-aware challenge/response"); BF_set_key(&key, 16, MD5(pwd,strlen(pwd),NULL)); for(i=0; i < VTUN_CHAL_SIZE; i += 8 ) @@ -91,30 +118,43 @@ #else /* HAVE_SSL */ -void encrypt_chal(char *chal, char *pwd) -{ - char * xor_msk = pwd; - register int i, xor_len = strlen(xor_msk); - - for(i=0; i < VTUN_CHAL_SIZE; i++) - chal[i] ^= xor_msk[i%xor_len]; -} - -void inline decrypt_chal(char *chal, char *pwd) -{ - encrypt_chal(chal, pwd); -} - /* Generate PSEUDO random challenge key. */ void gen_chal(char *buf) { register int i; - - srand(time(NULL)); + unsigned int seed; + char *pseed; + int fd,cnt,len; + + if((fd=open("/dev/random",O_RDONLY))!=-1) { + pseed=(char *)&seed; + len=cnt=sizeof(seed); + while(cnt>0) { + cnt=read(fd,pseed,len); + len=len-cnt; + pseed=pseed+cnt; + } + } else { + seed=time(NULL); + } + srand(seed); for(i=0; i < VTUN_CHAL_SIZE; i++) buf[i] = (unsigned int)(255.0 * rand()/RAND_MAX); } + +void ssl_encrypt_chal(char *chal, char *pwd) +{ + syslog(LOG_ERR,"Cannot use `sslauth yes' without SSL support - fallback to `sslauth no'"); + nonssl_encrypt_chal(chal,pwd); +} + +void ssl_decrypt_chal(char *chal, char *pwd) +{ + syslog(LOG_ERR,"Cannot use `sslauth yes' without SSL support - fallback to `sslauth no'"); + nonssl_decrypt_chal(chal,pwd); +} + #endif /* HAVE_SSL */ /* @@ -358,7 +398,11 @@ if( !(h = find_host(host)) ) break; - decrypt_chal(chal_res, h->passwd); + if (h->sslauth) { + ssl_decrypt_chal(chal_res, h->passwd); + } else { + nonssl_decrypt_chal(chal_res, h->passwd); + } if( !memcmp(chal_req, chal_res, VTUN_CHAL_SIZE) ){ /* Auth successeful. */ @@ -410,7 +454,11 @@ if( !strncmp(buf,"OK",2) && cs2cl(buf,chal)){ stage = ST_CHAL; - encrypt_chal(chal,host->passwd); + if (host->sslauth) { + ssl_encrypt_chal(chal,host->passwd); + } else { + nonssl_encrypt_chal(chal,host->passwd); + } print_p(fd,"CHAL: %s\n", cl2cs(chal)); continue; Index: vtun-3.0.3/cfg_file.y =================================================================== --- vtun-3.0.3.orig/cfg_file.y 2012-10-07 20:22:53.425321705 +0200 +++ vtun-3.0.3/cfg_file.y 2012-10-07 20:41:25.545351485 +0200 @@ -74,7 +74,7 @@ %token K_OPTIONS K_DEFAULT K_PORT K_BINDADDR K_PERSIST K_TIMEOUT %token K_PASSWD K_PROG K_PPP K_SPEED K_IFCFG K_FWALL K_ROUTE K_DEVICE %token K_MULTI K_SRCADDR K_IFACE K_ADDR -%token K_TYPE K_PROT K_NAT_HACK K_COMPRESS K_ENCRYPT K_KALIVE K_STAT +%token K_TYPE K_PROT K_NAT_HACK K_COMPRESS K_ENCRYPT K_KALIVE K_STAT K_SSLAUTH %token K_UP K_DOWN K_SYSLOG K_IPROUTE %token K_HOST K_ERROR @@ -284,6 +284,13 @@ } compress + | K_SSLAUTH NUM { + parse_host->sslauth = $2; + + if(vtun.sslauth == -1) + vtun.sslauth = $2; + } + | K_ENCRYPT NUM { if( $2 ){ parse_host->flags |= VTUN_ENCRYPT; Index: vtun-3.0.3/cfg_kwords.h =================================================================== --- vtun-3.0.3.orig/cfg_kwords.h 2012-10-07 20:22:53.425321705 +0200 +++ vtun-3.0.3/cfg_kwords.h 2012-10-07 20:41:25.545351485 +0200 @@ -37,6 +37,7 @@ { "addr", K_ADDR }, { "iface", K_IFACE }, { "bindaddr", K_BINDADDR }, + { "sslauth", K_SSLAUTH }, { "persist", K_PERSIST }, { "multi", K_MULTI }, { "iface", K_IFACE }, Index: vtun-3.0.3/main.c =================================================================== --- vtun-3.0.3.orig/main.c 2012-10-07 20:22:53.425321705 +0200 +++ vtun-3.0.3/main.c 2012-10-07 20:41:25.549351485 +0200 @@ -66,6 +66,7 @@ vtun.cfg_file = VTUN_CONFIG_FILE; vtun.persist = -1; vtun.timeout = -1; + vtun.sslauth = -1; /* Dup strings because parser will try to free them */ vtun.ppp = strdup("/usr/sbin/pppd"); @@ -88,6 +89,11 @@ default_host.ka_interval = 30; default_host.ka_maxfail = 4; default_host.loc_fd = default_host.rmt_fd = -1; +#ifdef HAVE_SSL + default_host.sslauth = 1; +#else /* HAVE_SSL */ + default_host.sslauth = 0; +#endif /* HAVE_SSL */ /* Start logging to syslog and stderr */ openlog("vtund", LOG_PID | LOG_NDELAY | LOG_PERROR, LOG_DAEMON); @@ -166,6 +172,16 @@ vtun.persist = 0; if(vtun.timeout == -1) vtun.timeout = VTUN_TIMEOUT; + /* + * Want to save behaviour from older version: stronger authentication + * if compiled with --enable-ssl, weaker otherwise + */ + if(vtun.sslauth == -1) +#ifdef HAVE_SSL + vtun.sslauth = 1; +#else /* HAVE_SSL */ + vtun.sslauth = 0; +#endif /* HAVE_SSL */ switch( vtun.svr_type ){ case -1: Index: vtun-3.0.3/vtun.h =================================================================== --- vtun-3.0.3.orig/vtun.h 2012-10-07 20:22:53.425321705 +0200 +++ vtun-3.0.3/vtun.h 2012-10-07 20:41:25.549351485 +0200 @@ -99,6 +99,9 @@ int rmt_fd; int loc_fd; + /* SSL strong auth */ + int sslauth; + /* Persist mode */ int persist; @@ -204,6 +207,7 @@ struct vtun_opts { int timeout; int persist; + int sslauth; char *cfg_file; debian/stamp-patched0000644000000000000000000000000012034343561011632 0ustar debian/dirs0000644000000000000000000000006312034263330010045 0ustar usr/sbin var/log/vtund usr/share/lintian/overrides debian/README.Encryption0000644000000000000000000000104312034263330012171 0ustar This program includes an "encryption" feature intended to protect the tunneled data as it travels across the network. However, the protocol it uses is known to be very insecure, and you should not rely on it to deter anyone but a casual eavesdropper. For more information, see: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=319449 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=212357 http://www.cs.auckland.ac.nz/~pgut001/pubs/linux_vpn.txt http://www.mit.edu:8008/bloom-picayune/crypto/14238 -- Martín Ferrari debian/configure.in.patch0000644000000000000000000001027612034263330012577 0ustar --- configure.in 2006-12-11 04:55:06.000000000 -0300 +++ debian/configure.in 2007-05-26 12:22:23.000000000 -0300 @@ -7,7 +7,8 @@ dnl Process this file with autoconf to produce a configure script. dnl -AC_INIT(lib.c) +AC_INIT +AC_CONFIG_SRCDIR([lib.c]) AC_CONFIG_HEADER(config.h) dnl Shapper support @@ -72,7 +73,7 @@ dnl Guess host type. AC_CANONICAL_HOST -AC_CANONICAL_SYSTEM +AC_CANONICAL_TARGET dnl Check for programs. AC_PROG_YACC @@ -103,18 +104,18 @@ AC_SEARCH_LIBS(nanosleep, rt posix4) dnl Check for setproctitle in libutil -AC_SEARCH_LIBS(setproctitle, util bsd, AC_DEFINE(HAVE_SETPROC_TITLE) ) +AC_SEARCH_LIBS(setproctitle, util bsd, AC_DEFINE(HAVE_SETPROC_TITLE, 1, "Check for setproctitle in libutil") ) if test "$SHAPER" = "yes"; then - AC_DEFINE(HAVE_SHAPER) + AC_DEFINE(HAVE_SHAPER, 1, "Shaper module") fi if test "$ZLIB" = "yes"; then AC_MSG_RESULT() - AC_CHECKING( for ZLIB Library and Header files ... ) + AS_MESSAGE([checking for ZLIB Library and Header files ... ...]) AC_CHECK_LIB(z, deflate, LIBS="$LIBS -lz" - AC_DEFINE(HAVE_ZLIB), + AC_DEFINE(HAVE_ZLIB, 1, "ZLIB module"), AC_MSG_ERROR( Zlib library not found.) ) fi @@ -123,7 +124,7 @@ if test "$LZO" = "yes"; then LZOCHK="" AC_MSG_RESULT() - AC_CHECKING( for LZO Library and Header files ... ) + AS_MESSAGE([checking for LZO Library and Header files ... ...]) AC_SEARCH_HEADERS(lzo_asm.h, $LZO_HDR_DIR /usr/include/lzo "" /usr/local/include, LZOCHK="lzo2 lzo", @@ -141,7 +142,7 @@ AC_CHECK_LIB($I, lzo1x_decompress, [ LIBS="$LIBS -l"$I - AC_DEFINE(HAVE_LZO) + AC_DEFINE(HAVE_LZO, 1, "LZO module") havelzo=1 ] ) @@ -157,7 +158,7 @@ if test "$SSL" = "yes"; then AC_MSG_RESULT() - AC_CHECKING( for md5 Library and Header files ... ) + AS_MESSAGE([checking for md5 Library and Header files ... ...]) AC_SEARCH_HEADERS(md5.h, $SSL_HDR_DIR /usr/include/openssl "" /usr/include /usr/include/ssl /usr/local/include /usr/local/ssl/include /usr/include/sys, , @@ -167,14 +168,14 @@ if test "$SSL" = "yes"; then AC_MSG_RESULT() - AC_CHECKING( for blowfish Library and Header files ... ) + AS_MESSAGE([checking for blowfish Library and Header files ... ...]) AC_SEARCH_HEADERS(blowfish.h, $BLOWFISH_HDR_DIR /usr/include/ssl /usr/include/openssl /usr/include /usr/local/include /usr/local/ssl/include /usr/include/crypto, AC_CHECK_LIB(crypto, BF_set_key, [ LIBS="$LIBS -lcrypto" - AC_DEFINE(HAVE_SSL) - AC_DEFINE(HAVE_SSL_BLOWFISH) + AC_DEFINE(HAVE_SSL, 1, "Encryption support") + AC_DEFINE(HAVE_SSL_BLOWFISH, 1, "Blowfish encryption support") ], AC_MSG_ERROR( SSL library not found. ) ), @@ -189,7 +190,7 @@ $SSL_HDR_DIR /usr/include/ssl /usr/include/openssl /usr/include /usr/local/include /usr/local/ssl/include /usr/include/crypto, AC_CHECK_LIB(crypto, AES_set_encrypt_key, [ - AC_DEFINE(HAVE_SSL_AES) + AC_DEFINE(HAVE_SSL_AES, 1, "AES encryption support") ], AC_MSG_ERROR( AES library not found. ) ), @@ -204,7 +205,7 @@ $SSL_HDR_DIR /usr/include/ssl /usr/include/openssl /usr/include /usr/local/include /usr/local/ssl/include /usr/include/crypto, AC_CHECK_LIB(crypto, EVP_EncryptInit, [ - AC_DEFINE(HAVE_SSL_EVP) + AC_DEFINE(HAVE_SSL_EVP, 1, "EVP encryption support") ], AC_MSG_ERROR( EVP library not found. ) ), @@ -214,7 +215,7 @@ if test "$SOCKS" = "yes"; then AC_MSG_RESULT() - AC_CHECKING( for SOCKS Library ... ) + AS_MESSAGE([checking for SOCKS Library ... ...]) AC_CHECK_LIB(socks5, SOCKSconnect, [ CFLAGS="$CFLAGS -DVTUN_SOCKS=1" @@ -232,7 +233,7 @@ AC_MSG_RESULT() -AC_CHECK_FUNCS([getpt grantpt unlockpt ptsname]) +AC_CHECK_FUNCS([posix_openpt grantpt unlockpt ptsname]) OS_REL=`uname -r | tr -d '[A-Za-z\-\_\.]'` case $host_os in @@ -263,6 +264,7 @@ REL=`echo 'BRANCH-3_X' | tr -d '$: \-' | sed 's/^[A-Za-z]*//' | sed 's/\_/\./'` changequote([,]) -AC_DEFINE_UNQUOTED(VTUN_VER, "$REL `date '+%m/%d/%Y'`") +AC_DEFINE_UNQUOTED(VTUN_VER, "$REL `date '+%m/%d/%Y'`", "VTun version") -AC_OUTPUT(Makefile) +AC_CONFIG_FILES([Makefile]) +AC_OUTPUT debian/README.Debian0000644000000000000000000000070612034263330011226 0ustar vtun for Debian --------------- The installed /etc/vtund.conf file is empty except for explanatory comments. By default, vtund doesn't start at all, you need to edit /etc/vtund.conf and set it up for your requirements. See the docs and examples for details. You also need to edit /etc/default/vtun and define whether vtund is being run as a client, as a server or both. -- Martín Ferrari Fri, 24 Nov 2006 03:57:22 -0300 debian/install0000644000000000000000000000002712034263330010552 0ustar debian/vtund.conf /etc debian/postinst0000644000000000000000000000271212034263330010772 0ustar #!/bin/sh # vim:ts=4:sw=4:et:ai:sts=4 # postinst script for vtun set -e # summary of how this script can be called: # * `configure' # * `abort-upgrade' # * `abort-remove' `in-favour' # # * `abort-remove' # * `abort-deconfigure' `in-favour' # `removing' # # for details, see http://www.debian.org/doc/debian-policy/ or # the debian-policy package case "$1" in configure) # Make the device /dev/net/tun, which vtun uses. # Ripped off from mdadm scripts. MAKEDEV=/dev/MAKEDEV if [ ! -e /dev/net/tun ] \ && [ ! -e /dev/.static/dev/net/tun ] \ && [ ! -e /dev/.devfsd ] \ && [ -x $MAKEDEV ]; then echo -n 'Generating /dev/net/tun... ' >&2 cd /dev if $MAKEDEV tun >&2 >/dev/null; then echo 'done.' >&2 else echo 'failed.' >&2 fi fi ;; abort-upgrade|abort-remove|abort-deconfigure) ;; *) echo "postinst called with unknown argument \`$1'" >&2 exit 1 ;; esac # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# exit 0 debian/NEWS0000644000000000000000000000143112034263330007660 0ustar vtun (3.0.0-1) unstable; urgency=low May not work with encrypted connections to 2.6 vtuns. See upstream bug #1685781. -- Martín Ferrari Sat, 26 May 2007 23:55:38 -0300 vtun (2.6-5) unstable; urgency=low Starting from 2.6-5, vtun has stopped using /etc/vtund-start.conf. Configuration parameters about which instances to create are now stored in /etc/default/vtun. The installation script will try to perform an automatic upgrade, please check that it is OK. Pidfiles now include the session name and hostname, so you can have more than one instance of the same session name. Also, now includes a logrotate script for correct housekeeping of dump files. -- Martín Ferrari Thu, 23 Nov 2006 20:34:05 -0300 debian/postrm0000644000000000000000000000171512034263330010435 0ustar #!/bin/sh # postrm script for vtun # # see: dh_installdeb(1) set -e # summary of how this script can be called: # * `remove' # * `purge' # * `upgrade' # * `failed-upgrade' # * `abort-install' # * `abort-install' # * `abort-upgrade' # * `disappear' # # for details, see http://www.debian.org/doc/debian-policy/ or # the debian-policy package case "$1" in purge) rm -f /etc/default/vtun ;; remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) ;; *) echo "postrm called with unknown argument \`$1'" >&2 exit 1 ;; esac # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# exit 0 debian/source/0000755000000000000000000000000012034344320010461 5ustar debian/source/format0000644000000000000000000000001412034344320011667 0ustar 3.0 (quilt) debian/copyright0000644000000000000000000000367112034263330011124 0ustar This package was debianized by Martín Ferrari on Fri, 24 Nov 2006 03:57:22 -0300. It was downloaded from http://vtun.sourceforge.net/ Upstream Author: Maxim Krasnyansky Copyright © 1998-2003 Maxim Krasnyansky License: This package is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This package is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this package; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA In addition, as a special exception, the copyright holders give permission to link the code of portions of this program with the OpenSSL library under certain conditions as described in each individual source file, and distribute linked combinations including the two. You must obey the GNU General Public License in all respects for all of the code used other than OpenSSL. If you modify file(s) with this exception, you may extend this exception to your version of the file(s), but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. If you delete this exception statement from all source files in the program, then also delete it here. On Debian systems, the complete text of the GNU General Public License can be found in `/usr/share/common-licenses/GPL'. The Debian packaging is © 2006-2008, Martín Ferrari and is licensed under the GPL, see above. debian/compat0000644000000000000000000000000212144765777010410 0ustar 9 debian/lintian_override0000644000000000000000000000017512034263330012445 0ustar # Conffile that contains passwords and should not be world readable vtun: non-standard-file-perm etc/vtund.conf 0600 != 0644 debian/init.d0000644000000000000000000000643512034263330010302 0ustar #!/bin/sh -e # vim:ts=4:sw=4:et:ai:sts=4:filetype=sh ### BEGIN INIT INFO # Provides: vtun # Required-Start: $remote_fs $syslog $network # Required-Stop: $remote_fs $syslog $network # Default-Start: 2 3 4 5 # Default-Stop: # Short-Description: virtual tunnel over TCP/IP networks ### END INIT INFO # Runlevels 0 and 6 removed from Default-Stop as the script only kills the # daemon and that can be done by sendsigs, as sugested by Peter Reinholdtsen. PATH=/bin:/usr/bin:/sbin:/usr/sbin DAEMON=/usr/sbin/vtund NAME=vtun DESC="virtual tunnel daemon" CONFFILE=/etc/vtund.conf PIDPREFIX=/var/run/vtund test -f $DAEMON || exit 0 test -f $CONFFILE || exit 0 . /lib/lsb/init-functions # Include defaults if available if [ -f /etc/default/$NAME ] ; then . /etc/default/$NAME fi mkdir -p /var/run/vtund /var/lock/vtund case "$1" in start) if [ -f /etc/vtund-start.conf ]; then log_warning_msg "/etc/vtund-start.conf has been replaced!" if [ -e /usr/share/doc/vtun/NEWS.Debian.gz ]; then log_warning_msg "Please read /usr/share/doc/vtun/NEWS.Debian.gz" else log_warning_msg "Please read /usr/share/doc/vtun/NEWS.Debian" fi fi SOMETHING_STARTED=0 if [ -n "$RUN_SERVER" ] && [ "$RUN_SERVER" != no ]; then log_daemon_msg "Starting $DESC server " "$NAME" start-stop-daemon --start --startas $DAEMON --oknodo \ --pidfile $PIDPREFIX.server.pid -- -s $SERVER_ARGS log_end_msg $? SOMETHING_STARTED=1 fi for i in 0 1 2 3 4 5 6 7 8 9; do eval name=\$CLIENT${i}_NAME eval host=\$CLIENT${i}_HOST eval args=\$CLIENT${i}_ARGS if [ -n "$name" ] && [ -n "$host" ]; then log_daemon_msg "Starting $DESC client $name to $host " "$NAME" start-stop-daemon --start --startas $DAEMON --oknodo \ --pidfile $PIDPREFIX.$name-$host.pid -- $name $host $args log_end_msg $? SOMETHING_STARTED=1 fi done if [ "$SOMETHING_STARTED" -eq 0 ]; then log_failure_msg "$NAME disabled, please adjust the configuration to your needs " log_failure_msg "and then set RUN_SERVER to 'yes' or configure a client in " log_failure_msg "/etc/default/$NAME to enable it." exit 0 fi ;; stop) for i in $PIDPREFIX*.pid; do test -f "$i" || continue log_daemon_msg "Stopping $DESC" "$NAME" start-stop-daemon --oknodo --stop --pidfile $i rm -f $i done ;; status) for i in 0 1 2 3 4 5 6 7 8 9; do eval name=\$CLIENT${i}_NAME eval host=\$CLIENT${i}_HOST status_of_proc -p $PIDPREFIX.$name-$host.pid $DAEMON vtund && e$ done ;; reload|force-reload) echo "Reloading vtund."; for i in $PIDPREFIX*.pid; do test -f "$i" || continue start-stop-daemon --oknodo --stop --signal 1 --pidfile $i; done ;; restart) $0 stop sleep 1; $0 start ;; *) echo "Usage: $0 {start|stop|restart|reload|status|force-reload}" >&2 exit 1 ;; esac exit 0 debian/README.source0000644000000000000000000000036312034263330011343 0ustar This package uses quilt to manage all modifications to the upstream source. Changes are stored in the source package as diffs in debian/patches and applied during the build. See /usr/share/doc/quilt/README.source for a detailed explanation. debian/docs0000644000000000000000000000010012034263330010024 0ustar Credits FAQ README.Setup README.Shaper debian/README.Encryption debian/preinst0000644000000000000000000000507012034263330010573 0ustar #!/bin/sh # vim:ts=4:sw=4:et:ai:sts=4 # preinst script for vtun set -e # summary of how this script can be called: # * `install' # * `install' # * `upgrade' # * `abort-upgrade' # for details, see http://www.debian.org/doc/debian-policy/ or # the debian-policy package update_conf() { cat < /etc/default/vtun else # We need to provide a default configuration create_conf > /etc/default/vtun fi fi ;; abort-upgrade) ;; *) echo "preinst called with unknown argument \`$1'" >&2 exit 1 ;; esac if [ "$1" = upgrade ]; then echo "vtun must be restarted manually for changes to take effect." fi # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# exit 0 debian/examples0000644000000000000000000000022112034347054010724 0ustar scripts/reroute vtund.conf debian/tmp/vtund-client.conf debian/tmp/vtund-server.conf debian/vtund-ipv6-client.conf debian/vtund-ipv6-server.conf debian/autogen.sh0000644000000000000000000000146312034263330011164 0ustar #!/bin/sh # autotools update script, patching first configure.in. Based on # /usr/share/doc/autotools-dev/examples # # Requires: automake 1.9, autoconf 2.57+ # Conflicts: autoconf 2.13 set -e # Refresh GNU autotools toolchain. echo Cleaning autotools files... find -type d -name autom4te.cache -print0 | xargs -0 rm -rf \; find -type f \( -name missing -o -name install-sh -o -name mkinstalldirs \ -o -name depcomp -o -name ltmain.sh -o -name configure \ -o -name config.sub -o -name config.guess \) -print0 | xargs -0 rm -f cp -f /usr/share/automake/install-sh . cp -f /usr/share/misc/config.sub . cp -f /usr/share/misc/config.guess . patch -p0 < debian/configure.in.patch echo Running autoreconf... autoreconf --force --install find -type d -name autom4te.cache -print0 | xargs -0 rm -rf \; rm -f config.h.in~ debian/manpages0000644000000000000000000000002512034263330010675 0ustar vtund.8 vtund.conf.5 debian/logrotate0000644000000000000000000000012012034263330011076 0ustar /var/log/vtund/*.dump { rotate 54 daily compress copytruncate missingok } debian/vtund.conf0000644000000000000000000001342412034263330011175 0ustar # # VTun - Virtual Tunnel over TCP/IP network. # Copyright (C) 1998-2001 Maxim Krasnyansky # # Cleanup of English and spelling by # Ted Rolle # # Configuration file example, please see /usr/share/doc/vtun/examples for # other examples. # # Lines which begin with '#' are comments # # File format: # # XXXXX { # option param; option param; # option param; # ...... # } # Where XXXXX: # options - General options. # default - default session options. # session - Session options. # # Options _must_ be grouped by curly braces '{' '}'. # Each option _must_ end with ';' # # ----------- # General options: # # type - Server type. # 'stand' - Stand alone server (default). # 'inetd' - Started by inetd. # Used only by the server. # # ----------- # port - Server TCP port number. # # ----------- # syslog - Syslog facility. # # ----------- # timeout - General VTun timeout. # # ----------- # ppp - Program for the ppp initialization. # # ----------- # ifconfig - Program for the net interface initialization. # # ----------- # route - Program for the routing table manipulation. # # ----------- # firewall - Program for the firewall setup. # # ----------- # # Session options: # # passwd - Password for authentication. # # ----------- # type - Tunnel type. # 'tun' - IP tunnel (No PPP,Ether,.. headers). # 'ether' - Ethernet tunnel. # 'tty' - Serial tunnel, PPP, SLIP, etc. # 'pipe' - Pipe tunnel. # Default type is 'tty'. # Ignored by the client. # # ----------- # device - Network device. # 'tapXX' - for 'ether' # 'tunXX' - for 'tun' # By default VTun will automatically select available # device. # # ----------- # proto - Protocol. # 'tcp' - TCP protocol. # 'udp' - UDP protocol. # # 'tcp' is default for all tunnel types. # 'udp' is recommended for 'ether' and 'tun' only. # # This option is ignored by the client. # # ----------- # persist - Persist mode. # 'yes' - Reconnect to the server after connection # termination. # 'no' - Exit after connection termination (default). # Used only by the client. # # ----------- # keepalive - Enable 'yes' or disable 'no' connection # keep-alive. Ignored by the client. # # ----------- # timeout - Connect timeout. # # ----------- # compress - Enable 'yes' or disable 'no' compression. # It is also possible to specify method: # 'zlib' - ZLIB compression # 'lzo' - LZO compression # and level: # from 1(best speed) to 9(best compression) # separated by ':'. Default method is 'zlib:1'. # Ignored by the client. # # ----------- # encrypt - Enable 'yes' or disable 'no' encryption. # Ignored by the client. # # ----------- # stat - Enable 'yes' or disable 'no' statistics. # If enabled vtund will log statistic counters every # 5 minutes. # # ----------- # speed - Speed of the connection in kilobits/second. # 8,16,32,64,128,256,etc. # 0 means maximum possible speed without shaping. # You can specify speed in form IN:OUT. # IN - to the client, OUT - from the client. # Single number means same speed for IN and OUT. # Ignored by the client. # # ----------- # up - List of programs to run after connection has been # established. Used to initialize protocols, devices, # routing and firewall. # Format: # up { # option .....; # option .....; # }; # # down - List of programs to run after connection has been # terminated. Used to reset protocols, devices, routing # and firewall. # Format: # down { # option .....; # option .....; # }; # # 'up' and 'down' options: # # program - Run specified program. # Format: # program path arguments wait; # # path - Full path to the program. # '/bin/sh' will be used if path was omitted. # # arguments - Arguments to pass to the program. # Must be enclosed in double quotes. # Special characters and expansions: # ' (single quotes) - group arguments # \ (back slash) - escape character # %%(double percent) - same as %d # %d - TUN or TAP device or TTY port name # %A - Local IP address # %P - Local TCP or UDP port # %a - Remote IP address # %p - Remote TCP or UDP port # # wait - Wait for the program termination. # # ppp - Run program specified by 'ppp' statement in # 'options' section. # Format: # ppp arguments; # # ifconfig - Run program specified by 'ifconfig' statement in # 'options' section. # Format: # ifconfig arguments; # # route - Run program specified by 'route' statement in # 'options' section. # Format: # route arguments; # # firewall - Run program specified by 'firewall' statement in # 'options' section. # Format: # firewall arguments; # # ----------- # srcaddr - Local (source) address. Used to force vtund to bind # to the specific address and port. # Format: # srcaddr { # option .....; # option .....; # }; # # 'srcaddr' options: # # iface - Use interface address as the Source address. # Format: # iface if_name; # # addr - Source address. # Format: # addr ip_address; # addr host_name; # # port - Source port. # Format: # port port_no; # # ----------- # multi - Multiple connections. # 'yes' or 'allow' - allow multiple connections. # 'no' or 'deny' - deny multiple connections. # 'killold' - allow new connection and kill old one. # Ignored by the client. # # ----------- # Notes: # Options 'Ignored by the client' are provided by server # at the connection initialization. # # Option names can be abbreviated to a minimum of 4 characters. #