[PATCH] openvpn: Add --tls-auth option
by Daniel Wagner
---
doc/vpn-config-format.txt | 5 +++++
vpn/plugins/openvpn.c | 1 +
2 files changed, 6 insertions(+)
diff --git a/doc/vpn-config-format.txt b/doc/vpn-config-format.txt
index 0bc62c08f19a..b9d37fa4196b 100644
--- a/doc/vpn-config-format.txt
+++ b/doc/vpn-config-format.txt
@@ -92,6 +92,11 @@ be contacted to supply the information.
OpenVPN 2.3+.
OpenVPN.TLSAuth sub-option of --tls-remote (O)
OpenVPN.TLSAuthDir sub-option of --tls-remote (O)
+ OpenVPN.TLSCipher --tls-cipher Add an additional layer of HMAC
+ authentication on top of the TLS
+ control channel to mitigate DoS attacks
+ and attacks on the TLS stack. Static
+ key file given as parameter (0)
OpenVPN.Cipher --cipher Encrypt packets with cipher algorithm
given as parameter (O)
OpenVPN.Auth --auth Authenticate packets with HMAC using
diff --git a/vpn/plugins/openvpn.c b/vpn/plugins/openvpn.c
index f38c0c365ed1..4bdc4cd75932 100644
--- a/vpn/plugins/openvpn.c
+++ b/vpn/plugins/openvpn.c
@@ -67,6 +67,7 @@ struct {
{ "OpenVPN.TLSRemote", "--tls-remote", 1 },
{ "OpenVPN.TLSAuth", NULL, 1 },
{ "OpenVPN.TLSAuthDir", NULL, 1 },
+ { "OpenVPN.TLSCipher", "--tls-cipher", 1},
{ "OpenVPN.Cipher", "--cipher", 1 },
{ "OpenVPN.Auth", "--auth", 1 },
{ "OpenVPN.CompLZO", "--comp-lzo", 0 },
--
2.21.0
2 years, 10 months
Re: Unsalble cellular connection
by JH
Hi Giacinto,
Just got response from the hardware contractor.
On 8/3/19, Giacinto Cifelli <gciofono(a)gmail.com> wrote:
> Hi jupiter,
> This signal level is output periodically by ofono in a signal.
> You can try to catch all ofono signals (these are dbus events, not to
> be confused with signal level and network signaling) with
> dbus-monitor.
> But I think the signal is ok.
> Only the network disables the PDP context. maybe without informing the
> modem.
> This is done by several networks.
>
>> The trouble is it connected well at
>> startup, then dropped it, it is hard to convince the hardware
>> contractor it is hardware problem unless I have strong evidence that
>> is not the software problem.
>
> Ask uBlox how to capture a protocol stack trace, and if it is feasible
> for your application, do it and have it analyzed by uBlox.
>
> Are you on GSM, on LTE catM or on LTE NB-IOT when this happens? On
> which network operator and country?
It is LTE Cat-M1, the operator is Telstra in Australia. I will be very
interested in finding out what is going on.
Thank you.
Kind regards,
- jupiter
2 years, 10 months
Re: Unsalble cellular connection
by JH
Hi Giacinto, thanks for your response.
On 8/2/19, Giacinto Cifelli <gciofono(a)gmail.com> wrote:
> Hi jupiter,
> most likely the network dropped the context without signaling.
> What kind of modem is it? And would you know also the chipset?
It is uBlox SARA-R4 chipset, did you mean it could be caused by weak
LTE signalling level? It is a prototype device, the hardware was
designed by an contractor. Any simple way to show LTE signalling level
in connman or ofono log files? The trouble is it connected well at
startup, then dropped it, it is hard to convince the hardware
contractor it is hardware problem unless I have strong evidence that
is not the software problem.
Thank you very much.
Kind regards,
- jupiter
2 years, 10 months
Unsalble cellular connection
by JH
Hi,
I have a device connect to 4G LTE, it was in good connection status on
start up, after a couple of hours, it dropped LTE connection, the
ofono did not show any errors, but connman had lots of error messages
at following, could any one help to explain what could be the problem?
Could it be ofono issue or connman issue? The device has small flash
size which don't have enough space to debug tools.
# journalctl -u ofono
-- Logs begin at Fri 2019-07-05 05:07:42 UTC, end at Thu 2019-08-01 10:42:49 UT-
Aug 01 07:49:47 systemd[1]: Starting Telephony service...
Aug 01 07:49:48 ofonod[188]: oFono version 1.24
Aug 01 07:49:48 systemd[1]: Started Telephony service.
Aug 01 07:49:53 ofonod[188]: Interface org.ofono.AllowedAccessPoints not t
Aug 01 07:49:57 ofonod[188]: LTE attach IP type: 0
Aug 01 08:09:39 ofonod[188]: LTE attach IP type: 0
# journalctl -u connman
.........
Aug 01 08:09:39 connmand[181]: Skipping disconnect of
/ubloxqmi_0/context1, network is connecting.
Aug 01 08:09:39 connmand[181]: ipconfig state 2 ipconfig method 1
Aug 01 08:09:39 connmand[181]: wwan0 {RX} 45 packets 7963 bytes
Aug 01 08:09:39 connmand[181]: wwan0 {TX} 56 packets 4730 bytes
Aug 01 08:09:39 connmand[181]: wwan0 {update} flags 69841 <UP,RUNNING,LOWER_UP>
Aug 01 08:09:39 connmand[181]: wwan0 {newlink} index 4 address
00:00:00:00:00:00 mtu 1500
Aug 01 08:09:39 connmand[181]: wwan0 {newlink} index 4 operstate 0 <UNKNOWN>
Aug 01 08:09:39 connmand[181]: ipconfig state 3 ipconfig method 1
Aug 01 08:09:39 connmand[181]: wwan0 {add} address 10.114.23.145/30
label wwan0 family 2
Aug 01 08:09:39 connmand[181]: wwan0 {add} route 10.114.23.144 gw
0.0.0.0 scope 253 <LINK>
Aug 01 08:09:39 connmand[181]: wwan0 {add} route 10.114.23.146 gw
0.0.0.0 scope 253 <LINK>
Aug 01 08:09:39 connmand[181]: wwan0 {add} route 10.4.58.204 gw
10.114.23.146 scope 0 <UNIVERSE>
Aug 01 08:09:39 connmand[181]: wwan0 {add} route 0.0.0.0 gw
10.114.23.146 scope 0 <UNIVERSE>
Aug 01 08:09:45 connmand[181]: Online check failed for 0xa71cf8 Telstra
Aug 01 09:34:10 connmand[181]: wwan0 {RX} 140 packets 15185 bytes
Aug 01 09:34:10 connmand[181]: wwan0 {TX} 158 packets 12440 bytes
Aug 01 09:34:10 connmand[181]: wwan0 {update} flags 4240 <DOWN>
Aug 01 09:34:11 connmand[181]: wwan0 {newlink} index 4 address
00:00:00:00:00:00 mtu 1500
Aug 01 09:34:11 connmand[181]: wwan0 {newlink} index 4 operstate 2 <DOWN>
Aug 01 09:34:11 connmand[181]: Time request for server 10.114.23.146
failed (101/Network is unreachable)
Aug 01 09:34:11 connmand[181]: wwan0 {del} address 10.114.23.145/30 label wwan0
Aug 01 09:34:11 connmand[181]: Skipping disconnect of
/ubloxqmi_0/context1, network is connecting.
Aug 01 09:34:11 connmand[181]: ipconfig state 2 ipconfig method 1
Aug 01 09:34:11 connmand[181]: Failed to change property:
/ubloxqmi_0/context1 org.ofono.ConnectionContext.Active:
org.ofono.Error.Failed Operation failed
Aug 01 09:34:11 connmand[181]: ipconfig state 7 ipconfig method 1
Aug 01 09:34:11 connmand[181]: Skipping disconnect of
/ubloxqmi_0/context1, network is connecting.
Aug 01 09:34:11 connmand[181]: ipconfig state 2 ipconfig method 1
Aug 01 09:34:11 connmand[181]: Failed to change property:
/ubloxqmi_0/context1 org.ofono.ConnectionContext.Active:
org.ofono.Error.Failed Operation failed
Aug 01 09:34:11 connmand[181]: ipconfig state 7 ipconfig method 1
Aug 01 09:34:11 connmand[181]: Skipping disconnect of
/ubloxqmi_0/context1, network is connecting.
Aug 01 09:34:11 connmand[181]: ipconfig state 2 ipconfig method 1
Aug 01 09:34:11 connmand[181]: Failed to change property:
/ubloxqmi_0/context1 org.ofono.ConnectionContext.Active:
org.ofono.Error.Failed Operation failed
-------
Thank you.
Kind regards,
- jupiter
2 years, 11 months