8 years ago · 056c322601
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -0,0 +1,14 @@
 
				+Changes proposed in this pull request:
			
 
				+ - 
			
 
				+ - 
			
 
				+ - 
			
 
				+
			
 
				+Your great patch is much appreciated. We are considering to apply your patch into the SoftEther VPN main tree.
			
 
				+
			
 
				+SoftEther VPN Patch Acceptance Policy:
			
 
				+http://www.softether.org/5-download/src/9.patch
			
 
				+
			
 
				+You have two options which are described on the above policy.
			
 
				+Could you please choose either option 1 or 2, and specify it clearly on the reply?
			
 
				+
			
 
				+-
			
--- a/debian/softether-vpnserver.init
+++ b/debian/softether-vpnserver.init
@@ -1,4 +1,3 @@
 
				-
			
 
				 #! /bin/sh
			
 
				 
			
 
				 ### BEGIN INIT INFO
			
--- a/src/Cedar/Client.c
+++ b/src/Cedar/Client.c
@@ -6663,7 +6663,7 @@ bool CtConnect(CLIENT *c, RPC_CLIENT_CONNECT *connect)
 
				 				CiSetError(c, ERR_ACCOUNT_ACTIVE);

			
 
				 			}

			
 
				 			else if (r->ClientAuth->AuthType == CLIENT_AUTHTYPE_SECURE &&

			
 
				-				client->UseSecureDeviceId == 0)

			
 
				+				c->UseSecureDeviceId == 0)

			
 
				 			{

			
 
				 				// Secure device is not specified

			
 
				 				CiSetError(c, ERR_NO_SECURE_DEVICE_SPECIFIED);

			
--- a/src/Cedar/IPsec_IkePacket.c
+++ b/src/Cedar/IPsec_IkePacket.c
@@ -2560,6 +2560,8 @@ IKE_ENGINE *NewIkeEngine()
 
				 	IKE_CRYPTO *des, *des3, *aes;

			
 
				 	IKE_HASH *sha1, *md5, *sha2_256, *sha2_384, *sha2_512;

			
 
				 	IKE_DH *dh1, *dh2, *dh5;

			
 
				+	IKE_HASH *sha1, *md5;

			
 
				+	IKE_DH *dh1, *dh2, *dh5, *dh2048, *dh3072, *dh4096;

			
 
				 	UINT des_key_sizes[] =

			
 
				 	{

			
 
				 		8,

			
@@ -2609,6 +2611,9 @@ IKE_ENGINE *NewIkeEngine()
 
				 	dh1 = NewIkeDh(e, IKE_DH_1_ID, IKE_DH_1_STRING, 96);

			
 
				 	dh2 = NewIkeDh(e, IKE_DH_2_ID, IKE_DH_2_STRING, 128);

			
 
				 	dh5 = NewIkeDh(e, IKE_DH_5_ID, IKE_DH_5_STRING, 192);

			
 
				+	dh2048 = NewIkeDh(e, IKE_DH_2048_ID, IKE_DH_2048_STRING, 256);

			
 
				+	dh3072 = NewIkeDh(e, IKE_DH_3072_ID, IKE_DH_3072_STRING, 384);

			
 
				+	dh4096 = NewIkeDh(e, IKE_DH_4096_ID, IKE_DH_4096_STRING, 512);

			
 
				 

			
 
				 	// Define the IKE algorithm

			
 
				 	e->IkeCryptos[IKE_P1_CRYPTO_DES_CBC] = des;

			
@@ -2632,6 +2637,9 @@ IKE_ENGINE *NewIkeEngine()
 
				 	e->IkeDhs[IKE_P1_DH_GROUP_768_MODP] = e->EspDhs[IKE_P2_DH_GROUP_768_MODP] = dh1;

			
 
				 	e->IkeDhs[IKE_P1_DH_GROUP_1024_MODP] = e->EspDhs[IKE_P2_DH_GROUP_1024_MODP] = dh2;

			
 
				 	e->IkeDhs[IKE_P1_DH_GROUP_1536_MODP] = e->EspDhs[IKE_P2_DH_GROUP_1536_MODP] = dh5;

			
 
				+	e->IkeDhs[IKE_P1_DH_GROUP_2048_MODP] = e->EspDhs[IKE_P2_DH_GROUP_2048_MODP] = dh2048;

			
 
				+	e->IkeDhs[IKE_P1_DH_GROUP_3072_MODP] = e->EspDhs[IKE_P2_DH_GROUP_3072_MODP] = dh3072;

			
 
				+	e->IkeDhs[IKE_P1_DH_GROUP_4096_MODP] = e->EspDhs[IKE_P2_DH_GROUP_4096_MODP] = dh4096;

			
 
				 

			
 
				 	return e;

			
 
				 }

			
@@ -3183,6 +3191,15 @@ DH_CTX *IkeDhNewCtx(IKE_DH *d)
 
				 

			
 
				 	case IKE_DH_5_ID:

			
 
				 		return DhNewGroup5();

			
 
				+

			
 
				+	case IKE_DH_2048_ID:

			
 
				+		return DhNew2048();

			
 
				+

			
 
				+	case IKE_DH_3072_ID:

			
 
				+		return DhNew3072();

			
 
				+

			
 
				+	case IKE_DH_4096_ID:

			
 
				+		return DhNew4096();

			
 
				 	}

			
 
				 

			
 
				 	return NULL;

			
--- a/src/Cedar/IPsec_IkePacket.h
+++ b/src/Cedar/IPsec_IkePacket.h
@@ -262,6 +262,9 @@ struct IKE_TRANSFORM_VALUE
 
				 #define IKE_P1_DH_GROUP_768_MODP			1

			
 
				 #define IKE_P1_DH_GROUP_1024_MODP			2

			
 
				 #define IKE_P1_DH_GROUP_1536_MODP			5

			
 
				+#define IKE_P1_DH_GROUP_2048_MODP			14

			
 
				+#define IKE_P1_DH_GROUP_3072_MODP			15

			
 
				+#define IKE_P1_DH_GROUP_4096_MODP			16

			
 
				 

			
 
				 // Phase 1: The expiration date type in IKE transform value

			
 
				 #define IKE_P1_LIFE_TYPE_SECONDS			1

			
@@ -275,6 +278,9 @@ struct IKE_TRANSFORM_VALUE
 
				 #define IKE_P2_DH_GROUP_768_MODP			1

			
 
				 #define IKE_P2_DH_GROUP_1024_MODP			2

			
 
				 #define IKE_P2_DH_GROUP_1536_MODP			5

			
 
				+#define IKE_P2_DH_GROUP_2048_MODP			14

			
 
				+#define IKE_P2_DH_GROUP_3072_MODP			15

			
 
				+#define IKE_P2_DH_GROUP_4096_MODP			16

			
 
				 

			
 
				 // Phase 2: The encapsulation mode in IPsec transform value

			
 
				 #define IKE_P2_CAPSULE_TUNNEL				1

			
@@ -552,6 +558,15 @@ struct IKE_P1_KEYSET
 
				 #define	IKE_DH_5_ID								2

			
 
				 #define	IKE_DH_5_STRING							"MODP 1536 (Group 5)"

			
 
				 

			
 
				+#define IKE_DH_2048_ID							14

			
 
				+#define IKE_DH_2048_STRING						"MODP 2048 (Group 14)"

			
 
				+

			
 
				+#define IKE_DH_3072_ID							15

			
 
				+#define IKE_DH_3072_STRING						"MODP 3072 (Group 15)"

			
 
				+

			
 
				+#define IKE_DH_4096_ID							16

			
 
				+#define IKE_DH_4096_STRING						"MODP 4096 (Group 16)"

			
 
				+

			
 
				 

			
 
				 // Encryption algorithm for IKE

			
 
				 struct IKE_CRYPTO

			
--- a/src/Cedar/IPsec_PPP.c
+++ b/src/Cedar/IPsec_PPP.c
@@ -1749,8 +1749,12 @@ PPP_PACKET *PPPRecvResponsePacket(PPP_SESSION *p, PPP_PACKET *req, USHORT expect
 
				 

			
 
				 			if (pp->IsControl && PPP_CODE_IS_REQUEST(pp->Protocol, pp->Lcp->Code))

			
 
				 			{

			
 
				+				// Record current resend because next steps may take a while

			
 
				+				UINT64 currentresend = next_resend - now;

			
 
				 				// Process when the received packet is a request packet

			
 
				 				response = PPPProcessRequestPacket(p, pp);

			
 
				+				// Increase next resend because this may have taken a while

			
 
				+				next_resend = Tick64() + currentresend;

			
 
				 				FreePPPPacket(pp);

			
 
				 

			
 
				 				if (response == NULL)

			
--- a/src/Cedar/Interop_OpenVPN.c
+++ b/src/Cedar/Interop_OpenVPN.c
@@ -1151,14 +1151,17 @@ UINT OvsParseKeyMethod2(OPENVPN_KEY_METHOD_2 *ret, UCHAR *data, UINT size, bool
 
				 					// Random2

			
 
				 					if (ReadBuf(b, ret->Random2, sizeof(ret->Random2)) == sizeof(ret->Random2))

			
 
				 					{

			
 
				-						// String

			
 
				-						if (OvsReadStringFromBuf(b, ret->OptionString, sizeof(ret->OptionString)) &&

			
 
				-							OvsReadStringFromBuf(b, ret->Username, sizeof(ret->Username)) &&

			
 
				-							OvsReadStringFromBuf(b, ret->Password, sizeof(ret->Password)) &&

			
 
				-							OvsReadStringFromBuf(b, ret->PeerInfo, sizeof(ret->PeerInfo)))

			
 
				-						{

			
 
				-							read_size = b->Current;

			
 
				-						}

			
 
				+                        // String

			
 
				+                        if (OvsReadStringFromBuf(b, ret->OptionString, sizeof(ret->OptionString)) &&

			
 
				+                            OvsReadStringFromBuf(b, ret->Username, sizeof(ret->Username)) &&

			
 
				+                            OvsReadStringFromBuf(b, ret->Password, sizeof(ret->Password)))

			
 
				+                        {

			
 
				+                            if (!OvsReadStringFromBuf(b, ret->PeerInfo, sizeof(ret->PeerInfo)))

			
 
				+                            {

			
 
				+                                Zero(ret->PeerInfo, sizeof(ret->PeerInfo));

			
 
				+                            }

			
 
				+                            read_size = b->Current;

			
 
				+                        }

			
 
				 					}

			
 
				 				}

			
 
				 			}