[Openvpn-devel] RFE: allow 'lport 0' setup for random port binding (arrived in [Openvpn-users])

2010-01-08 Thread David Sommerseth 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


Resending it to openvpn-devel list, to hit the right audience.

kind regards,

David Sommerseth


On 08/01/10 10:39, Enrico Scholz wrote:
> Hi,
> 
> I am running a multihomed host where 'local ' must be specified
> for proper operation.  Unfortunately, this implies 'lport 1194' or
> another static port. 
> 
> This causes problems with stateful firewalls which register the host/port
> pairs in the internal connection tracking table. On ungraceful reconnects,
> the new TCP connection will have same the host/port pairs but unexpected
> sequence numbers. The new connection will be assumed as invalid hence and
> be dropped.
> 
> It would be nice when local port can be configured to be bound to a
> random port number.  After reading code,
> 
> |else if (streq (p[0], "lport") && p[1])
> |  ...
> |port = atoi (p[1]);
> |-   if (!legal_ipv4_port (port))
> |+   if (port != 0 && !legal_ipv4_port (port))
> |  {
> 
> in options.c seems to be the only required change.
> 
> 
> 
> Enrico

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAktHTyMACgkQDC186MBRfrrceACfT7IdVvNZU5VxIVQG1A19pmue
4dEAn1FEYwDky5BekueF/rELX7jVOfUK
=zjPt
-END PGP SIGNATURE-

Re: [Openvpn-devel] IRC meeting regarding OpenVPN development model

2010-01-08 Thread Eric Crist 
I agree with David.

Sent via BlackBerry from T-Mobile

-Original Message-
From: David Sommerseth 
Date: Fri, 08 Jan 2010 12:04:39 
To: Samuli Seppänen
Cc: openvpn-devel@lists.sourceforge.net
Subject: Re: [Openvpn-devel] IRC meeting regarding OpenVPN development model

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 08/01/10 09:40, Samuli Seppänen wrote:
> These are very valid concerns... even if all else goes smoothly, there's
> probably lots of "noise" on the #openvpn channel. Any objections against
> moving the meeting(s) to #openvpn-discussion?

Right now, I'm not sure what's the best.  I really think we're being a
bit unstructured, unclear and maybe a bit too flexible - changing things
constantly just a few days before the meeting, may cause some confusion
to what's really going to happen.  That will not benefit anything.

Samuli, I would say you should take this decision, but rather asap.  If
nothing is changed, we can move the meeting from #openvpn to another
channel after the meeting has really started.  But if really changes, it
should be decided *now* and be communicated immediately.

There are pro and contra points to both staying in #openvpn and to move
to #openvpn-discussion.  For me what is chosen, is less important. It is
much more important to me that we actually do have these discussions.


kind regards,

David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAktHEUEACgkQDC186MBRfrpTvgCeNLPSm57U+cUbfQDmCpclYus0
hLQAoKnGO27ftUDa32fsIurw/3blCXwl
=yqRV
-END PGP SIGNATURE-

--
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev 
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] IRC meeting regarding OpenVPN development model

2010-01-08 Thread Samuli Seppänen 
These are very valid concerns... even if all else goes smoothly, there's
probably lots of "noise" on the #openvpn channel. Any objections against
moving the meeting(s) to #openvpn-discussion?

-- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock
twitter com: samuli_openvpn


> All the official discussions I've seen on IRC so far, have had the channel
> moderated and only the participants got the permissions to write.
> Else you might and will get disturbed in multiple ways.
> However it was me as well, who was asking Eric for a moderated discussion.
>
> An alternative approach might be choosing another channel, e.g.
> #openvpn-discussion or just continue on the -devel mailinglist.
>
> Kind regards
> Thomas
>
>
>
> Am 06.01.10 19:08, schrieb richard -rw- weinberger:
>   
>> 2010/1/6, Eric F Crist:
>>
>> 
>>> This forum will be moderated.  To apply for +v during the conversation,
>>> please send an email to open...@secure-computing.net with your registered
>>> IRC nickname and reason for requesting +v.
>>>
>>>  
>>>   
>> This is the first step in the wrong direction of making __Open__VPN
>> more open. :-(
>>
>>
>> 
>
>
> --
> This SF.Net email is sponsored by the Verizon Developer Community
> Take advantage of Verizon's best-in-class app development support
> A streamlined, 14 day to market process makes app distribution fast and easy
> Join now and get one step closer to millions of Verizon customers
> http://p.sf.net/sfu/verizon-dev2dev 
> ___
> Openvpn-devel mailing list
> Openvpn-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openvpn-devel
>

[Openvpn-devel] Two separate IRC meetings on Monday and Tuesday

2010-01-08 Thread Samuli Seppänen 
Hi,

Just wanted to clear some confusion. So we will have _two_ separate IRC
meetings on Monday and Tuesday:

1) Community site design (on Monday)

Place: #openvpn at irc.freenode.net
Time: Monday 11th Jan 19:00 UTC (20:00 MET, 21:00 EEST, 11AM PST, 2PM EST)
Duration: 1 hour (or more)


2) OpenVPN development model (on Tuesday)

Place: #openvpn at irc.freenode.net
Time: Tuesday 12th Jan 19:00 UTC (20:00 MET, 21:00 EEST, 11AM PST, 2PM EST)
Duration: 1 hour (or more)


-- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock
twitter com: samuli_openvpn