On 17/07/2017 15:01, Jan Just Keijser wrote: > Hi all, > > On 17/07/17 12:34, Samuli Seppänen wrote: >> On 15/07/2017 00:43, Jan Just Keijser wrote: >>> Hi Samuli, >>> >>> On 14/07/17 16:07, Samuli Seppänen wrote: >>>> Hi all, >>>> >>>> Those of you who use pkcs11 on Windows: could you please test this new >>>> Windows installer: >>>> >>>> <http://build.openvpn.net/downloads/releases/openvpn-install-2.4.3-I602.exe> >>>> >>>> >>>> >>>> The previous installer(s) had pkcs11-helper 1.11. This one has 1.22, so >>>> some regression testing would be good to have. >>>> >>>> I'd like to push the updated installer out early next week, preferably >>>> on Monday. >>>> >>> nice to see that pkcs11 support is still included in the Windows >>> version; I can test the installer on monday morning(no Windows laptop in >>> my house ;)) I will let you know my findings. >>> >>> cheers, >>> >>> JJK >>> >> Hi JJK, >> >> Excellent, thanks! I will push out the new installer if everything looks >> good at your end. >> > > good news and bad news: > > + the pkcs11 stuff works as expected, no problems there > - with openvpn 2.4.3 my existing setup using "redirect-gateway def1" > stopped working! > > I'll downgrade OpenVPN to see if this problem was already there in > 2.3.XX ; what happens is this: > - openvpn wants to add a direct route to the VPN server > - there happen to be TWO gateways to that server with the SAME IP > address, one via wired ethernet, one via wireless > - openvpn gets confused and says "route gateway is ambiguous" and > refuses to add it > - after that, all traffic is jammed, as there is no direct route to the > VPN server itself, and thus all encrypted traffic is fed back into the > tunnel, where it is encrypted again, etc etc ("biting your own tail"). > > Disconnecting either wired or wireless solves the issue AFTER restarting > OpenVPN. Annoying. > It looks like a (minor) patch is needed to deal with this special case > > cheers, > > JJK >
Hi, Thanks for testing! I will push out the new installer tomorrow, hopefully in the morning (EEST). -- Samuli Seppänen Community Manager OpenVPN Technologies, Inc irc freenode net: mattock ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
