simple point to point tunnel
git clone git://
Log | Files | Refs | README

DateCommit messageAuthorFiles+-
2017-03-22 13:12Rename stun to warp-vpnsin18+359-359
2017-03-22 12:22Use consistent define for tag lengthsin1+1-1
2017-03-22 12:17Switch to libsodiumsin8+58-119
2017-03-22 09:43Remove logerr{,x}()sin4+3-27
2017-03-21 23:36Revamp loggingsin12+118-48
2017-03-21 23:07Remove obsolete commentsin1+0-2
2017-03-21 23:00Add pledge() wrapper to localize ifdefssin3+12-12
2017-03-21 22:58Remove obsolete ciphersin1+0-3
2016-04-30 17:30Rename state to rxstate along with associated enumsin1+25-25
2016-04-30 15:22Print an error message if packet is too largesin1+6-2
2016-04-28 13:39Sort DISTFILESsin1+1-1
2016-04-27 21:48Remove some bogus/useless commentssin1+0-5
2016-04-27 08:21Tidy up commentsin2+2-2
2017-03-21 22:47Don't error out on getaddrinfo() failuresin2+8-4
2016-04-21 11:43Allow dropping privileges to specified usersin4+19-9
2016-04-17 10:28Bump to 0.2sin1+1-1
2016-04-15 17:28init logging earlysin1+2-1
2016-04-14 11:12use basename() so one can specify /dev/tunX as wellsin1+2-1
2016-04-14 11:04style fixsin1+2-4
2016-04-14 10:42set address family directly in devwrite()sin4+12-15
2016-04-14 10:33be explicitsin1+2-1
2016-04-14 10:08cleanupsin1+0-2
2016-04-14 10:07castsin1+1-1
2016-04-14 10:02remove unused varsin1+0-1
2016-04-14 10:01rework ipv6/ipv4 support by inspecting the version field in the ip headersin9+57-21
2016-04-14 08:47move it up to case so one can do stun -c ?sin1+4-5
2016-04-14 08:42move down cipher listingsin1+5-5
2016-04-14 08:40add support for listing ciphers via -c ?sin4+33-15
2016-04-14 08:29fix usage in manpagesin1+2-1
2016-04-14 08:27some more info about -dsin1+3-1
2016-04-14 08:12add support for ipv6 over ipv4sin5+20-7
2016-04-14 08:00lower payload len to accomodate for v4 over v6sin1+1-1
2016-04-13 23:17don't overload crypto init with cipher selection and key derivationsin3+9-7
2016-04-13 22:32fix commentsin1+1-1
2016-04-13 17:32fix changelogsin1+1-1
2016-04-13 16:43increase auth timeout to 10ssin2+4-4
2016-04-13 16:20update WHATSNEWsin1+16-1
2016-04-13 15:28simplify error handlingsin1+1-3
2016-04-13 13:37wrap long linesin1+2-1
2016-04-13 11:44add ntop conversionssin3+46-2
2016-04-13 11:27rework includessin8+3-8
2016-04-13 11:24print some info when new client connectssin1+2-0
2016-04-13 08:52add some buffer size checkssin1+7-0
2016-04-13 08:50rename statessin1+23-23
2016-04-12 22:08relax error handlingsin1+4-2
2016-04-12 22:06init pfd oncesin1+4-4
2016-04-12 22:03style fixsin1+0-1
2016-04-12 21:41ipv6 supportsin2+13-5
2016-04-12 18:32fix commentsin1+1-1
2016-04-12 16:40use libressl version numbersin1+1-5
2016-04-12 16:36fix preprocsin1+1-1
2016-04-12 16:34fix openbsd compilationsin2+11-1
2016-04-12 16:27disable poly1305-ietf temporarilysin1+2-0
2016-04-12 16:18makefile style fixsin1+33-5
2016-04-12 16:15remove bogus closesin1+0-1
2016-04-12 16:06move default port to a define in stun.hsin2+2-1
2016-04-12 16:02factor out tunnel handlingsin4+43-38
2016-04-12 15:57some commentssin1+3-0
2016-04-12 15:53pass cipher type to cryptoinit()sin3+3-4
2016-04-12 15:52split out client/server codesin5+182-148
2016-04-12 15:25crypto cleanupsin1+13-12
2016-04-12 15:21align cipher tablesin1+3-3
2016-04-12 15:19include arg.h only in stun.csin2+1-2
2016-04-12 15:15fix indentationsin1+18-18
2016-04-12 14:41don't reuse n for random stuffsin1+4-4
2016-04-12 14:39remove impossible pathsin1+0-1
2016-04-12 14:38rename rcvtimeo to authtimeosin2+3-3
2016-04-12 14:33get rid of the inner loopssin1+17-25
2016-04-12 14:21remove BADPKT define, no longer usedsin1+0-1
2016-04-12 14:20fix commentssin1+2-5
2016-04-12 14:18style fixsin1+2-3
2016-04-12 14:17some comments for netpkt.csin1+28-4
2016-04-12 14:00cleanup error handling in netpkt.csin1+16-40
2016-04-12 13:52attempt to discard the entire pktsin1+1-2
2016-04-12 13:41if tag checking fails report a partial packetsin1+2-4
2016-04-12 13:35discard should return pktpartialsin1+1-1
2016-04-12 13:34correctly reset state machinesin3+11-9
2016-04-12 13:29use memsetsin1+1-1
2016-04-12 13:28use sizeofsin1+1-1
2016-04-12 13:27reset state machine on errorsin1+10-2
2016-04-12 13:10use non-blocking socketssin7+240-154
2016-04-12 11:28rework netpkt codesin6+59-53
2016-04-12 11:07rename net.c to netpkt.csin2+2-2
2016-04-12 10:57get rid of the foreground option and overload debugsin4+13-22
2016-04-12 10:52actually use prognamesin1+5-2
2016-04-12 10:50no need for constsin1+1-1
2016-04-12 10:46fix includesin1+1-0
2016-04-12 10:44we need sys/time.h for timeval in stun.hsin4+7-0
2016-04-12 10:42remove unneeded header includesin1+0-1
2016-04-12 10:41factor out auth codesin4+75-62
2016-04-12 10:38factor our net codesin4+92-83
2016-04-12 10:32factor out crypto codesin4+108-61
2016-04-12 10:15fix build on FreeBSDsin2+3-0
2016-04-12 10:13include stdint.h as it is required when including stun.hsin1+1-0
2016-04-12 10:12make linux port compile againsin3+6-0
2016-04-12 09:44reorgsin8+347-291
2016-04-10 11:50style fixsin1+3-3
2016-04-10 11:38some comments around readnet()sin1+7-0
2016-04-08 16:19set tcp keepalive optionsin1+2-0
2016-04-08 16:13add changelog filesin2+2-1
2016-04-08 15:58refine cppflags for linuxsin1+1-1
2016-04-08 15:41adjust againsin1+6-9
2016-04-08 15:37no need for unsignedsin1+1-1
2016-04-08 15:35fix so stun can easily be compiled with libressl from portssin1+10-5
2016-04-08 14:56nuke newlinesin1+0-1
2016-04-08 14:54pledge stunsin1+12-0
2016-04-08 14:48use a null entry to terminate ciphers tablesin1+10-13
2016-04-08 14:40warn for bad packets so things are easier to debugsin1+11-3
2016-04-08 14:18disable core dumps as memory contains the pre-shared keysin1+7-0
2016-04-08 14:07cleanupsin1+6-5
2016-04-08 12:48style fixsin1+2-4
2016-04-08 09:17reorder flagssin2+2-2
2016-04-08 09:17include CPPFLAGS when building in case they are usedsin1+1-1
2016-04-08 09:16be consistentsin1+1-1
2016-04-08 09:15PREFIX/MANPREFIX are set in config.mksin1+0-3
2016-04-08 09:15sort DISTFILES lexicographicallysin1+1-1
2016-04-08 09:11moar style fixsin1+3-6
2016-04-08 09:08style fixsin1+1-2
2016-04-08 09:07style fixsin1+3-3
2016-04-08 09:04log EVP_AEAD_CTX_open failuresin1+1-0
2016-04-08 08:22add note on deps for building on various systemssin1+13-0
2016-04-07 11:23add some newlinessin1+2-0
2016-04-06 17:36kill some impossible fatal errors and relax errors on sealsin1+5-9
2016-04-06 14:34simplify readnet()sin1+14-33
2016-04-06 14:28add comment about supported cipherssin1+10-0
2016-04-06 13:25factor out aead init to a separate functionsin1+23-19
2016-04-06 13:17no need to init *aeadsin1+0-1
2016-04-06 13:16use a tablesin1+20-27
2016-04-06 13:04use evp aead apisin2+145-149
2016-04-02 19:44cleanup config.mksin1+1-5
2016-04-02 19:38cleanup config.mksin1+0-5
2016-04-02 19:22style fixsin1+1-2
2016-04-02 08:33fix stylesin1+3-6
2016-04-02 08:28don't terminate if accept failssin1+5-2
2016-04-02 08:25reorder printsin1+1-1
2016-04-02 08:24reorder debug printsin1+2-3
2016-04-02 08:04simplify codesin1+4-14
2016-04-02 08:02fix stylesin1+9-17
2016-04-02 07:59fix stylesin1+2-3
2016-04-01 15:32no need for infinite loopsin1+20-21
2016-04-01 13:55update distfilessin1+1-1
2016-04-01 13:54remove author sectionsin1+0-2
2016-04-01 13:51Use Unlicense instead of ISCsin2+22-13
2016-04-01 11:27warn if challenge-response times outsin1+1-0
2016-04-01 11:25reorder definessin1+3-3
2016-04-01 11:22properly name fieldsin1+15-15
2016-04-01 11:18logerr() should log errorssin1+1-1
2016-04-01 11:15factor out logging into a separate functionsin1+15-19
2016-04-01 09:57grammar fixsin1+1-1
2016-04-01 08:34fix typosin1+1-1
2016-03-31 22:20increase to 100k roundssin1+1-1
2016-03-31 18:05update design commentsin1+3-1
2016-03-31 18:01rework design commentsin1+17-13
2016-03-31 17:23ignore errors from tun/tapsin1+16-38
2016-03-31 16:59some commentssin1+10-1
2016-03-31 16:55no need to do this in two stepssin1+2-8
2016-03-31 16:43add timeout for challenge responsesin1+3-1
2016-03-31 16:36change badpkt defsin1+1-1
2016-03-31 16:27gcm needs no padding adjust sizessin1+10-10
2016-03-31 16:25style changessin1+29-28
2016-03-31 15:51use definessin1+3-3
2016-03-31 15:50tidy upsin1+1-1
2016-03-31 15:49rename prepkey to derivekeysin1+2-2
2016-03-31 15:48get rid of setrcvtimeo()sin1+6-15
2016-03-31 14:01rename pktlen to payloadlensin1+9-9
2016-03-31 13:50clarify commentsin1+1-1
2016-03-31 13:44check poll fd errorsin1+4-0
2016-03-31 13:37more robust handling of corrupt packetssin1+69-86
2016-03-31 10:12syncsin1+5-12
2016-03-30 18:38try harder to recover from a bad header lensin1+17-4
2016-03-30 18:29setrcvtimeo is a util function, move it upsin1+14-14
2016-03-30 16:26update manpagesin1+4-8
2016-03-30 15:09move util funcs towards the topsin1+81-81
2016-03-30 15:07mention that challenge response uses 64 bit integerssin1+3-3
2016-03-30 15:03use 64-bit integers for challenge-responsesin1+30-18
2016-03-30 14:55discard packets as early as possiblesin1+4-4
2016-03-30 14:26fix design commentsin1+5-5
2016-03-30 12:50add gnu source to for linuxsin1+1-1
2016-03-30 12:49grp.h is needed for setgroups on linuxsin1+1-0
2016-03-30 12:38rename type to devtypesin2+7-7
2016-03-30 12:34be less harshsin1+1-1
2016-03-30 12:33grammar fix in manpagesin1+1-1
2016-03-30 12:32only daemonize when in backgroundsin1+4-2
2016-03-30 12:30allow binding to given addresssin2+11-3
2016-03-30 12:25use daemon(3) instead of rolling our ownsin1+1-30
2016-03-30 10:39remove redundant commentssin1+0-4
2016-03-30 09:24fix commentsin1+2-2
2016-03-30 08:55shorter linesin1+1-1
2016-03-30 08:50fix signedness issuessin1+2-2
2016-03-30 08:48use PBKDF2 for key derivationsin1+4-6
2016-03-30 08:34use default iv length for gcmsin1+4-10
2016-03-30 08:12Switch to aes-256-gcmsin1+48-16
2016-03-29 22:57more crypto worksin1+48-71
2016-03-29 18:19clean up crypto codesin1+41-37
2016-03-29 11:32fix descriptionsin1+1-1
2016-03-29 11:28restore nodelay, helps with nfssin1+4-0
2016-03-29 11:25silence some bullshit warningssin1+2-2
2016-03-29 10:47move up debug printsin1+3-2
2016-03-29 10:45check EVP_* for errorssin1+4-2
2016-03-29 10:43remove unnecessary commentssin1+0-4
2016-03-29 10:41fix commentsin1+1-1
2016-03-29 10:39move commentsin1+1-1
2016-03-29 10:35fix buffer sizessin1+12-15
2016-03-29 09:56fix key size errorsin1+1-1
2016-03-29 09:42revoke privs later so bind can succeed on low portssin1+16-15
2016-03-29 09:39remove impossible conditionssin1+1-2
2016-03-29 09:37some commentssin1+4-0
2016-03-29 09:34some more clarificationsin1+6-5
2016-03-29 09:30add note about internal error typessin1+4-0
2016-03-29 09:28add design overviewsin1+37-1
2016-03-29 09:11frail attempt at handling "bad packets"sin1+41-8
2016-03-29 08:45no need to initsin1+2-2
2016-03-29 08:41use switchsin1+32-24
2016-03-29 07:47revoke privilegessin1+17-0
2016-03-28 11:11no need for nodelaysin1+0-4
2016-03-26 10:52make it clear that connection is droppedsin1+6-12
2016-03-26 10:49Check pktlen against input buffer sizesin1+4-2
2016-03-24 18:25syncsin1+1-2
2016-03-24 18:07randomize padding when encryptingsin1+9-0
2016-03-24 17:03Silence warningsin1+1-1
2016-03-24 16:53fix cryptosin1+55-60
2016-03-24 15:36No need to be smart, this is done internallysin1+2-2
2016-03-24 11:35add timeout when challengingsin1+30-9
2016-03-24 11:08client should also challenge serversin1+19-1
2016-03-24 10:45challenge() should return -1 on failure and 0 on successsin1+3-1
2016-03-24 10:29fix tap mtu on linuxsin1+4-1
2016-03-24 10:27fix error handling for linux toosin1+12-2
2016-03-24 10:25unify error handling for tun tapsin1+12-4
2016-03-24 10:24reverse check to avoid indentingsin1+26-26
2016-03-24 10:21newline fixsin1+0-1
2016-03-24 10:18fix accidental infinite recursionsin1+1-1
2016-03-24 10:13squash tun/tap codesin1+50-102
2016-03-23 23:27add placeholder for linux tap until i fix the ifdef messsin1+18-0
2016-03-23 17:46update readmesin1+2-2
2016-03-23 17:04add note about client reconnectionsin1+4-1
2016-03-23 17:01avoid fd leaksin1+2-0
2016-03-23 16:56dbg printsin1+2-0
2016-03-23 16:52set reconnect timeout to 1 minutesin1+2-1
2016-03-23 16:51reconnect every second regardlesssin1+8-4
2016-03-23 14:21syncsin2+3-3
2016-03-23 12:45No need to default to optimizationsin1+3-3
2016-03-23 12:39fix tap handlingsin2+30-6
2016-03-23 11:44update README - on some BSDs u have to explicitly create the ifsin1+2-0
2016-03-23 11:19add primitive tap support for bsdsin1+55-12
2016-03-22 16:13simplify makefile, it was too genericsin2+27-42
2016-03-22 15:49remove cppflags for openbsdsin1+0-1
2016-03-22 15:45dragonfly config also works on freebsdsin1+1-1
2016-03-22 15:43Add DragonFly stanzasin1+5-1
2016-03-22 15:41add comment in config.mksin1+1-0
2016-03-22 15:40each system needs its own cppflagssin1+2-2
2016-03-22 15:39use posix IF_NAMESIZEsin1+2-2
2016-03-22 15:36remove extra config stuffsin1+1-10
2016-03-22 14:56remove unused varsin1+1-1
2016-03-22 14:53no need for retsin1+3-5
2016-03-22 14:52assume the if is upsin1+0-7
2016-03-22 14:45restore accidental change in CPPFLAGSsin1+1-1
2016-03-22 14:42add freebsd supportsin1+3-3
2016-03-22 14:37add dfly supportsin2+17-11
2016-03-22 14:15fix ifdefs a bitsin1+7-5
2016-03-22 14:01grammar fixsin1+1-1
2016-03-22 13:54add stun.8 to distsin1+1-1
2016-03-22 13:54add manpagesin2+49-5
2016-03-22 12:08include port in error messagesin1+1-1
2016-03-22 12:06remove unnecessary parenssin1+1-1
2016-03-22 12:04commentsin1+1-0
2016-03-22 12:01fix commentsin1+1-1
2016-03-22 11:41add hack commentsin1+1-1
2016-03-22 11:37fix err to logerr conversionsin1+2-2
2016-03-22 11:36add syslog + daemonization supportsin1+124-37
2016-03-22 10:44Force pointopoint for linux tunsin1+1-1
2016-03-22 10:43add comment to clarify that it is openbsd specificsin1+1-1
2016-03-22 10:41Set flags + mtu for linux tunsin1+20-1
2016-03-22 10:15fix newlinesin1+0-1
2016-03-22 10:12Print disconnects in debug modesin1+3-0
2016-03-22 10:10Add primitive linux supportsin2+46-0
2016-03-21 19:45mention host:portsin1+1-1
2016-03-21 19:44no need for superfluous errorssin1+2-8
2016-03-21 19:44rate limit reconnectssin1+3-1
2016-03-21 19:34automatically reconnectsin1+4-3
2016-03-21 19:30Close netfdsin1+3-1
2016-03-21 18:50remove some useless commentssin1+0-4
2016-03-21 18:46Adjust buffer sizesin1+1-1
2016-03-21 18:36Add nocrypto mode for debuggingsin1+29-0
2016-03-21 13:35rename loop() to tunnel()sin1+3-3
2016-03-21 12:44print remote client address in debug modesin1+3-0
2016-03-21 12:38use getaddrinfosin2+56-29
2016-03-21 12:14Header is loaded in a separate buffer so adjust sizessin1+2-2
2016-03-21 11:38Explicitely reject combination of -s and -h optionsQuentin Rameau1+3-2
2016-03-21 11:38make poll processing order more intuitivesin1+4-4
2016-03-21 11:36print some debug if challenge-response failssin1+2-0
2016-03-21 11:33fix size of buf for claritysin1+2-2
2016-03-21 11:32Remove DOCsin1+0-1
2016-03-21 11:25some newlinessin1+9-2
2016-03-21 11:15Add timeout for challenge-response and close the socket on timeoutsin1+23-4
2016-03-21 11:08add primitive challenge-response authsin1+64-6
2016-03-21 10:18Fix dist target and use wall by defaultsin2+7-11
2016-03-21 10:14cleanupsin2+65-63
2016-03-20 22:02type fixsin1+3-6
2016-03-17 23:07Make payload length 2 octets instead of 4sin1+8-10
2016-03-17 19:45No intention to use salt so just get rid of itsin1+3-4
2016-03-17 19:43Add note about stun port in READMEsin1+2-0
2016-03-17 19:38Fix signed/unsigned stuffsin1+17-17
2016-03-17 19:05fix socklen_t cast and some signedness warningsHiltjo Posthuma1+6-5
2016-03-17 18:56Remove license from stun.csin1+1-16
2016-03-17 18:55initial Makefile, README and LICENSEHiltjo Posthuma4+118-0
2016-03-17 18:36Initial commitsin2+440-0