Re: [Openvpn-users] Can command line take multi parameter options? openvpn --remote "ip port" fails
Hi, On Thu, Mar 18, 2021 at 7:50 PM 8187--- via Openvpn-users < openvpn-users@lists.sourceforge.net> wrote: > Hello, list, > > This is probably obvious to the rest of you, but I am not able to give > openvpn multi parameter options on the command line: > > sudo openvpn --remote "127.0.0.1 10153" --route "162.245.206.244 > 255.255.255.255 net_gateway" --config=/etc/stunnel/vpn/openvpn.conf > Wrong use of quotes. The correct usage would be sudo openvpn --remote 127.0.0.1 10153 --route 162.245.206.244 255.255.255.255 net_gateway --config /etc/stunnel/vpn/openvpn.conf Selva ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
Re: [Openvpn-users] Can command line take multi parameter options? openvpn --remote "ip port" fails
Try: openvpn --remote "127.0.0.1" --port 10153 On 18/03/2021 23:47, 8187--- via Openvpn-users wrote: Hello, list, This is probably obvious to the rest of you, but I am not able to give openvpn multi parameter options on the command line: sudo openvpn --remote "127.0.0.1 10153" --route "162.245.206.244 255.255.255.255 net_gateway" --config=/etc/stunnel/vpn/openvpn.conf fails from the command line on ubuntu 20, but the same options work fine when they are included in the --config file: << remote 127.0.0.1 10153 route 162.245.206.244 255.255.255.255 net_gateway This is openvpn though a stunnel. Stunnel opens a vpn tunnel from localhost:port to the vpn server at a specific ip:port combination. Openvpn then uses the localhost:port as its remote parameter. It works great when everything is in the config file. But, when we change the stunnel addresses, and then try to use them from the command line, we get: << RESOLVE: Cannot resolve host address: 127.0.0.1/10153:1194 (Name or service not known) The config file has all the other parameters, keys, certs, etc., and they work when remote and port is given in the config file. So what obvious thing am I missing? I've tried '', "", remote=127.0.0.1\_10153, and more. Many thanks! Gordon ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
Re: [Openvpn-users] Can command line take multi parameter options? openvpn --remote "ip port" fails
Hello, list, This is probably obvious to the rest of you, but I am not able to give openvpn multi parameter options on the command line: sudo openvpn --remote "127.0.0.1 10153" --route "162.245.206.244 255.255.255.255 net_gateway" --config=/etc/stunnel/vpn/openvpn.conf fails from the command line on ubuntu 20, but the same options work fine when they are included in the --config file: << remote 127.0.0.1 10153 route 162.245.206.244 255.255.255.255 net_gateway >> This is openvpn though a stunnel. Stunnel opens a vpn tunnel from localhost:port to the vpn server at a specific ip:port combination. Openvpn then uses the localhost:port as its remote parameter. It works great when everything is in the config file. But, when we change the stunnel addresses, and then try to use them from the command line, we get: << RESOLVE: Cannot resolve host address: 127.0.0.1/10153:1194 (Name or service not known) >> The config file has all the other parameters, keys, certs, etc., and they work when remote and port is given in the config file. So what obvious thing am I missing? I've tried '', "", remote=127.0.0.1\_10153, and more. Many thanks! Gordon ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
Re: [Openvpn-users] "PID_ERR large diff" messages
On Thu, Mar 18, 2021 at 10:13:35AM +0100, Steffan Karger wrote: > If you see these a lot, it might be worth checking the network between > client and server to see why this packet reordering happens. Typically, I saw those (but not as many as reported by that user) when my CATV connection was dropping and reordering at lot of UDP packets. ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
Re: [Openvpn-users] "PID_ERR large diff" messages
Hi. On 16-03-2021 11:44, Ralf Hildebrandt wrote: > I noticed these in my logcheck output. Should I wory? > > Mar 15 14:39:57 openvpn-igel-int ovpn-server-udp[1089]: > ITC00E0C5247DB8/84.130.190.9:55871 PID_ERR large diff [66] [SSL-0] > [____0___] 0:627607 > 0:627541 t=1615815597[0] r=[-2,64,15,66,1] sl=[41,64,64,528] > Mar 15 14:39:57 openvpn-igel-int ovpn-server-udp[1089]: > ITC00E0C5247DB8/84.130.190.9:55871 PID_ERR large diff [70] [SSL-0] > [0____0__] 0:627612 > 0:627542 t=1615815597[0] r=[-2,64,15,70,1] sl=[36,64,64,528] > Mar 15 14:39:57 openvpn-igel-int ovpn-server-udp[1089]: > ITC00E0C5247DB8/84.130.190.9:55871 PID_ERR large diff [92] [SSL-0] > [00_0____] 0:627635 > 0:627543 t=1615815597[0] r=[-2,64,15,92,1] sl=[13,64,64,528] > Mar 15 14:39:57 openvpn-igel-int ovpn-server-udp[1089]: > ITC00E0C5247DB8/84.130.190.9:55871 PID_ERR large diff [92] [SSL-0] > [000_0___] 0:627636 > 0:627544 t=1615815597[0] r=[-2,64,15,92,1] sl=[12,64,64,528] > Mar 15 14:39:57 openvpn-igel-int ovpn-server-udp[1089]: > ITC00E0C5247DB8/84.130.190.9:55871 PID_ERR large diff [92] [SSL-0] > [_0______] 0:627637 > 0:627545 t=1615815597[0] r=[-2,64,15,92,1] sl=[11,64,64,528] > Mar 15 14:39:57 openvpn-igel-int ovpn-server-udp[1089]: > ITC00E0C5247DB8/84.130.190.9:55871 PID_ERR large diff [92] [SSL-0] > [0_0_____] 0:627638 > 0:627546 t=1615815597[0] r=[-2,64,15,92,1] sl=[10,64,64,528] > Mar 15 14:39:57 openvpn-igel-int ovpn-server-udp[1089]: > ITC00E0C5247DB8/84.130.190.9:55871 PID_ERR large diff [92] [SSL-0] > [00_0____] 0:627639 > 0:627547 t=1615815597[0] r=[-2,64,15,92,1] sl=[9,64,64,528] > Mar 15 14:39:57 openvpn-igel-int ovpn-server-udp[1089]: > ITC00E0C5247DB8/84.130.190.9:55871 PID_ERR large diff [92] [SSL-0] > [000_0___] 0:627640 > 0:627548 t=1615815597[0] r=[-2,64,15,92,1] sl=[8,64,64,528] Not unless you see them a lot. This just means that some old (reordered) packets are dropped by openvpn because replay protection checks can no longer guarantee that this is not a replayed packet. So it *might* be an availability issue, but won't affect connection security. If you see these a lot, it might be worth checking the network between client and server to see why this packet reordering happens. Otherwise just reduce the log level to 3, which is a very reasonable setting for production servers and will no longer show these warnings. -Steffan ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
