Re: [Openvpn-devel] p2p topology on Windows

2016-09-23 Thread Marvin Adeff
I may be wrong, but this sounds suspiciously like what we use Gava's client-nat patch for. To enable us to NAT the device's local IP to the one assigned dynamically by openvpn (dhcp). Marvin Sent from my iPhone > On Sep 23, 2016, at 4:21 PM, David Woodhouse wrote: > >>

Re: [Openvpn-devel] p2p topology on Windows

2016-09-23 Thread David Woodhouse
On Sat, 2016-09-24 at 00:01 +0200, Jan Just Keijser wrote: > > sorry for asking, but what's the use case for this? The use case for point-to-point? It allows you to use a single IP address per client instead of having to set aside a whole /30 subnet per client as with the 'net30' mode. (And in

Re: [Openvpn-devel] p2p topology on Windows

2016-09-23 Thread Jan Just Keijser
Hi David, On 23/09/16 23:34, David Woodhouse wrote: > I believe I have P2P working on a Windows (8.1) client (with > OpenConnect, but I don't see why it can't work for OpenVPN). > > I configure the TAP device (with TAP_IOCTL_CONFIG_TUN) with the local > IP address, and with network and netmask

[Openvpn-devel] p2p topology on Windows

2016-09-23 Thread David Woodhouse
I believe I have P2P working on a Windows (8.1) client (with OpenConnect, but I don't see why it can't work for OpenVPN). I configure the TAP device (with TAP_IOCTL_CONFIG_TUN) with the local IP address, and with network and netmask both of 0.0.0.0. (AIUI this network/mask has nothing to do with

Re: [Openvpn-devel] extended error messages ?

2016-09-23 Thread Selva Nair
On Fri, Sep 23, 2016 at 10:14 AM, Илья Шипицин wrote: > > login/password are correct, but ... > > 1) password is expired > 2) acount is disabled > 3) access is not permitted If you use management-client-auth on the server side, you can return a reason for failure.

[Openvpn-devel] extended error messages ?

2016-09-23 Thread Илья Шипицин
Hello, is there a way to tell user that login/password are correct, but ... 1) password is expired 2) acount is disabled 3) access is not permitted is 2FA mechanism suitable for that ? is somebody already working on above mentioned error handling ? Cheers, Ilya Shipitsin

[Openvpn-devel] About Microsoft DirectAccess and OpenVPN concurrency problem

2016-09-23 Thread Vossi, Totti
Hi, in our VPN product for Windows we have logic which monitors for changes in active "normal" network interface and restarts OpenVPN in case IP changes in existing interfaces or new ones are added while VPN is on. Restart is done because otherwise those updated interfaces would bypass the

Re: [Openvpn-devel] [PATCH] Remove static global allocation of HTTP proxy user/passwords

2016-09-23 Thread David Sommerseth
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 22/09/16 22:51, Selva Nair wrote: > Hi, > > On Thu, Sep 22, 2016 at 3:40 PM, David Sommerseth > > wrote: > > This avoids allocating static memory which is not used unless the a > HTTP proxy with