Re: [Openvpn-devel] Developer documentation moved to Trac

2010-04-24 Thread Michele Baldessari 
Hi Samuli,

On Fri, 2010-04-23 at 16:45 +0300, Samuli Seppänen wrote:
> I moved/copied our developer documentation to Trac as discussed
> earlier[1]. The documentation is accessible from the main page:
> 
> 

Firefox (here on debian testing) gives me:
(Error code: sec_error_revoked_certificate)

Can you check the certificate, please?

thanks,
Michele

Re: [Openvpn-devel] Introducing OpenVPN Community Manager

2009-12-07 Thread Michele Baldessari 
On Mon, 2009-12-07 at 13:01 +0200, Yevgeny Kosarzhevsky wrote:
> > Now onto more concrete topics... I'm currently looking into community
> > projects around OpenVPN. I've so far found 14 different OpenVPN GUI
> > projects and two forum/wiki projects. I've listed them here:
> >
> >   http://users.utu.fi/sjsepp/openvpn_community_projects.html
> >
> > Do you know of other OpenVPN-related projects?

http://sourceforge.net/projects/securepoint/

hth,
Michele

Re: [Openvpn-devel] version 2.1

2009-05-04 Thread Michele Baldessari 
On Mon, 2009-05-04 at 11:54 +0200, Farkas Levente wrote:
> it's about 3 years since openvpn-2.1 is beta and almost everyone useing
> the beta version since there is no final release.
> wouldn't be it better to release the current version as 2.1 and all
> upcoming bugfix can be put into post 2.1?

+1 here. It's been so long, the 2.1 is absolutely stable and most
distros ship the 2.1 branch anyway.

cheers,
Michele

Re: [Openvpn-devel] DHCP Renew failing on Windows

2007-11-01 Thread Michele Baldessari 
Hi Alexey,

* Alexey Vdovin (ad...@dzer.ru) wrote:
> Most probably it happens when DHCP lase is expires and client trys
> renew DHCP address.
> 
> Check DHCP lease lifetime, try decrease it to reproduce the issue.

I've sniffed the network (although not in a problematic case) and I
sometimes I'm able to see the DHCP NACK message, but then the client
correctly asks for the new lease and receives the subsequent ACK.

I'll toy with the lease time option (the default lease time is a year
per default). I'll see if that helps.

thanks,
Michele


signature.asc
Description: Digital signature

[Openvpn-devel] DHCP Renew failing on Windows

2007-11-01 Thread Michele Baldessari 
Hi James et al.,

I'm running OpenVPN quite successfully on 20 Windows XP roadwarrios, in
order to access different networks. All the clients access a single VPN
concentrator (2.0.9 on Debian Etch) using x.509 authentication and
depending on a few server-side scripts they receive personalized routes
and iptables rules. (Nb: the INPUT chain is empty and defaults to
ACCEPT, only FORWARD rules are defined by the scripts).

So far so good, the setup works flawlessly pretty much all the time.
Almost two or three times a month though, one or two roadwarriors
(I've not been able to extrapolate a pattern, it happens to random people),
loses all the OpenVPN-pushed routes. 
The VPN connection is still up and running: if you add the routes manually 
it keeps on working without an itch. A reboot restores normal behaviour.

The client in the logs receives the following two warnings in the System
Event log:

1) Your computer was not able to renew its address from the network (from
   the DHCP Server) for the Network Card with network address 00FF97B41B3C.
   The following error occurred:
   The semaphore timeout period has expired. . Your computer will continue
   to try and obtain an address on its own from the network address (DHCP)
   server.

2) Your computer has automatically configured the IP address for the
   Network Card with network address 00FF97B41B3C.  The IP address being
   used is 169.254.236.158.

So it basically wasn't able to renew the DHCP lease, hence the dropping
of the routes. (Note that the initiale DHCP works fine, the client
receives its routes correctly. It's just that afterwards, I believe on
the subsequent renew but I'm not 100% sure, it fails and it loses all the 
VPN-pushd routes).

I've tried the tap-sleep option and raised the waiting time to no avail.
I'll now try the --dhcp-renew and --dhcp-release options, but I suspect
they won't help much.

I hope I can get a packet trace of this problem, but so far I've never
been able to reproduce under wireshark.

Any tips/hints on how to nail down and debug this beast?

thanks,
Michele


signature.asc
Description: Digital signature

[Openvpn-devel] OpenVPN Smartcard HOWTO

2007-04-11 Thread Michele Baldessari 
Hi *,

for those who might care, I wrote a few notes about OpenVPN and Smartcards
(via PKCS#12):
http://michele.pupazzo.org/docs/smart-cards-openvpn.html

Feedback is welcome.
Michele


signature.asc
Description: Digital signature