Re: [Openvpn-devel] [Fwd: Re: Clarifications to "OpenVPN will not connect through certain HTTP proxies" bug report]

[Gert Doering]

Hi,

On Mon, Mar 22, 2010 at 03:57:52PM +0200, Samuli Seppänen wrote:
> I encountered this with T-mobile's t-zones web proxy. I haven't
> needed to use it lately, so I can't verify that the patch is still
> necessary. I don't know of any proxy servers that won't accept the
> http:// prefix, especially if the port number is 443.

As tested: this syntax neither works with Squid nor Apache.

So I'd tend to agree with David: if a single user had a problem with
a T-Home proxy in 2007, I'd tend to blaim the proxy.

gert
-- 
USENET is *not* the non-clickable part of WWW!
   //www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de

Re: [Openvpn-devel] [Fwd: Re: Clarifications to "OpenVPN will not connect through certain HTTP proxies" bug report]

[Jan Just Keijser]

David Sommerseth wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 22/03/10 14:57, Samuli Seppänen wrote:
  

I somehow managed to miss the attached response earlier today. So the
proxy server error was encountered on T-mobile t-zones web proxy only.
Should we close the bug report or make further inquiries?



This was reported November 2007.  I can't recall having seen too much
fuzz about this issue during the time I've been active on the mailing
lists.  I believe this is a really minor issue.  With only a confirmed
issue with T-Mobile t-zones proxy over 2 years ago, I feel we this issue
is rather limited.

I would suggest closing it.  It can be re-opened if this turns out to be
a needed requirement for OpenVPN.  After all, OpenVPN follows the RFC,
that is the most important thing.  We should avoid adding support for
non-standards unless the it is so widespread that it really is
exceptionally needed.


  

ACK - let's make this a 'wontfix' .

cheers,

JJK

Re: [Openvpn-devel] [Fwd: Re: Clarifications to "OpenVPN will not connect through certain HTTP proxies" bug report]

[David Sommerseth]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 22/03/10 14:57, Samuli Seppänen wrote:
> I somehow managed to miss the attached response earlier today. So the
> proxy server error was encountered on T-mobile t-zones web proxy only.
> Should we close the bug report or make further inquiries?

This was reported November 2007.  I can't recall having seen too much
fuzz about this issue during the time I've been active on the mailing
lists.  I believe this is a really minor issue.  With only a confirmed
issue with T-Mobile t-zones proxy over 2 years ago, I feel we this issue
is rather limited.

I would suggest closing it.  It can be re-opened if this turns out to be
a needed requirement for OpenVPN.  After all, OpenVPN follows the RFC,
that is the most important thing.  We should avoid adding support for
non-standards unless the it is so widespread that it really is
exceptionally needed.


kind regards,

David Sommerseth.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkunk+UACgkQDC186MBRfrp9DACgsBuyorBAsyOHSeXOj5wXMJPC
syoAniFZnjv9zCP4sRgaQSfncav4L1/F
=/NQX
-END PGP SIGNATURE-

[Openvpn-devel] Old autotools support + UTF8 man-page patch

[Samuli Seppänen]

Here are a couple things that needed testing/inquiries from our users
before we take any action. I suggest giving both of them an ACK.

Removing support for old autotools in OpenVPN?
- http://thread.gmane.org/gmane.network.openvpn.user/29251
- no complains, lots of workarounds
- I suggest an ACK (=remove when needed)

UTF-8 man-page patch
- http://thread.gmane.org/gmane.network.openvpn.devel/3351/
- works on all tested Linux distros, old (FC5, Debian Etch) and modern
(e.g. Debian Lenny, Ubuntu 9.10)
- I suggest an ACK

-- 

Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock

Re: [Openvpn-devel] Summary of the IRC meeting (18th Mar 2010)

[Samuli Seppänen]

> Hi Samuli,
>
> (I'd prefer to be referred to as JJK in minutes ;-) )
>
>   
I'll try to remember that next time, JJK ;)

>   
>> Discussed potential problems with disfunctional proxy servers:
>>
>> 
>>
>> RFC2817 clearly states that proxies need to use this syntax:
>>
>>  CONNECT host:port/
>>
>>   
>> 
> that is not entirely correct:
>
> 5.2 Requesting a Tunnel with CONNECT
>
>A CONNECT method requests that a proxy establish a tunnel connection
>on its behalf. The Request-URI portion of the Request-Line is always
>an 'authority' as defined by URI Generic Syntax [2], which is to say
>the host name and port number destination of the requested connection
>separated by a colon:
>
>   CONNECT server.example.com:80 HTTP/1.1
>   Host: server.example.com:80
>
>Other HTTP mechanisms can be used normally with the CONNECT method --
>except end-to-end protocol Upgrade requests, of course, since the
>tunnel must be established first.
>
>
> the "other HTTP mechanisms" seems to be implemented by some (reverse?) 
> proxy servers ; there are numerous hits in google if you look closely. 
> Still don't know how relevant they are, however
>   
I sent mail to the bug author - so far no response.

-- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock

[Openvpn-devel] server log not very useful

[Farkas Levente]

hi,
if i set in my server's config:
tls-server
and on the client's conf:
remote-cert-tls server
ns-cert-type server
then if i generate a new cert for the server and forget to set it to 
server, then it's very hard to find out the problem. ie. neither from 
the server nor the client's log file contains any info about the 
problem's reason. it's be useful if there be some kind of info about the 
real reason other then:

TLS Error: Unroutable control packet received
[ECONNREFUSED]: Connection refused
thanks.
regards.

--
  Levente   "Si vis pacem para bellum!"