[Openvpn-devel] RFE: allow 'lport 0' setup for random port binding (arrived in [Openvpn-users])
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Resending it to openvpn-devel list, to hit the right audience. kind regards, David Sommerseth On 08/01/10 10:39, Enrico Scholz wrote: > Hi, > > I am running a multihomed host where 'local ' must be specified > for proper operation. Unfortunately, this implies 'lport 1194' or > another static port. > > This causes problems with stateful firewalls which register the host/port > pairs in the internal connection tracking table. On ungraceful reconnects, > the new TCP connection will have same the host/port pairs but unexpected > sequence numbers. The new connection will be assumed as invalid hence and > be dropped. > > It would be nice when local port can be configured to be bound to a > random port number. After reading code, > > |else if (streq (p[0], "lport") && p[1]) > | ... > |port = atoi (p[1]); > |- if (!legal_ipv4_port (port)) > |+ if (port != 0 && !legal_ipv4_port (port)) > | { > > in options.c seems to be the only required change. > > > > Enrico -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAktHTyMACgkQDC186MBRfrrceACfT7IdVvNZU5VxIVQG1A19pmue 4dEAn1FEYwDky5BekueF/rELX7jVOfUK =zjPt -END PGP SIGNATURE-
Re: [Openvpn-devel] IRC meeting regarding OpenVPN development model
I agree with David. Sent via BlackBerry from T-Mobile -Original Message- From: David SommersethDate: Fri, 08 Jan 2010 12:04:39 To: Samuli Seppänen Cc: openvpn-devel@lists.sourceforge.net Subject: Re: [Openvpn-devel] IRC meeting regarding OpenVPN development model -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08/01/10 09:40, Samuli Seppänen wrote: > These are very valid concerns... even if all else goes smoothly, there's > probably lots of "noise" on the #openvpn channel. Any objections against > moving the meeting(s) to #openvpn-discussion? Right now, I'm not sure what's the best. I really think we're being a bit unstructured, unclear and maybe a bit too flexible - changing things constantly just a few days before the meeting, may cause some confusion to what's really going to happen. That will not benefit anything. Samuli, I would say you should take this decision, but rather asap. If nothing is changed, we can move the meeting from #openvpn to another channel after the meeting has really started. But if really changes, it should be decided *now* and be communicated immediately. There are pro and contra points to both staying in #openvpn and to move to #openvpn-discussion. For me what is chosen, is less important. It is much more important to me that we actually do have these discussions. kind regards, David Sommerseth -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAktHEUEACgkQDC186MBRfrpTvgCeNLPSm57U+cUbfQDmCpclYus0 hLQAoKnGO27ftUDa32fsIurw/3blCXwl =yqRV -END PGP SIGNATURE- -- This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] IRC meeting regarding OpenVPN development model
These are very valid concerns... even if all else goes smoothly, there's probably lots of "noise" on the #openvpn channel. Any objections against moving the meeting(s) to #openvpn-discussion? -- Samuli Seppänen Community Manager OpenVPN Technologies, Inc irc freenode net: mattock twitter com: samuli_openvpn > All the official discussions I've seen on IRC so far, have had the channel > moderated and only the participants got the permissions to write. > Else you might and will get disturbed in multiple ways. > However it was me as well, who was asking Eric for a moderated discussion. > > An alternative approach might be choosing another channel, e.g. > #openvpn-discussion or just continue on the -devel mailinglist. > > Kind regards > Thomas > > > > Am 06.01.10 19:08, schrieb richard -rw- weinberger: > >> 2010/1/6, Eric F Crist: >> >> >>> This forum will be moderated. To apply for +v during the conversation, >>> please send an email to open...@secure-computing.net with your registered >>> IRC nickname and reason for requesting +v. >>> >>> >>> >> This is the first step in the wrong direction of making __Open__VPN >> more open. :-( >> >> >> > > > -- > This SF.Net email is sponsored by the Verizon Developer Community > Take advantage of Verizon's best-in-class app development support > A streamlined, 14 day to market process makes app distribution fast and easy > Join now and get one step closer to millions of Verizon customers > http://p.sf.net/sfu/verizon-dev2dev > ___ > Openvpn-devel mailing list > Openvpn-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-devel >
[Openvpn-devel] Two separate IRC meetings on Monday and Tuesday
Hi, Just wanted to clear some confusion. So we will have _two_ separate IRC meetings on Monday and Tuesday: 1) Community site design (on Monday) Place: #openvpn at irc.freenode.net Time: Monday 11th Jan 19:00 UTC (20:00 MET, 21:00 EEST, 11AM PST, 2PM EST) Duration: 1 hour (or more) 2) OpenVPN development model (on Tuesday) Place: #openvpn at irc.freenode.net Time: Tuesday 12th Jan 19:00 UTC (20:00 MET, 21:00 EEST, 11AM PST, 2PM EST) Duration: 1 hour (or more) -- Samuli Seppänen Community Manager OpenVPN Technologies, Inc irc freenode net: mattock twitter com: samuli_openvpn