[Openvpn-users] Request .deb package of OpenVPN 2.5.6
Hi Samuli Thank you, Samuli and all the people who contributed to the release of OpenVPN 2.5.6 Is it possible for you to release a Debian package of the current version please? By the way, the link that you provided in your post, viz. https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos%3E leads to nowhere. Best regards. Stella ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
Re: [Openvpn-users] DUO plugin loads/runs even if previous plugin fails
Hi, On Fri, Jul 09, 2021 at 06:17:14PM +0100, Duarte Rocha wrote: > I'm loading the openvpn-auth-ldap.so for user validation and then > loading the duo plugin for 2FA. It works, except it has an unwanted > behaviour if a user is not on the allowed groups in LDAP the > openvpn-auth-ldap.so will fail but will still trigger the push > notification. Shouldn't the 2nd plugin not be called if the previous > ends with error? Just came across this old thread. Sorry for not responding in a more timely fashion - we discussed your findings, and a subsequently discovered security issue with multiple plugins running in "deferred" mode (not your case), and fixed the latter one first. The "should plugins be executed allways, all of them" (current behaviour) or "should it be short-circuited, with authentication stopping the moment the first plugin returns ERROR" is currently under discussion, and I expect to see some code in the next few weeks (so, 2.5.7 might address this). Please follow the openvpn-devel list for discussions on code and behavioural changes. gert -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany g...@greenie.muc.de signature.asc Description: PGP signature ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
[Openvpn-users] (no subject)
___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
Re: [Openvpn-users] OpenVPN Bridge log IPs
Hi, On Wed, Mar 16, 2022 at 08:09:27PM +, dashdruid via Openvpn-users wrote: > This is an example output for OpenVPN with verb 3 logging: > > 18:58:39+01:00 server : client1/7.7.7.7:5111 MULTI: Learn: 46:73:8a:e7:e6:b4 > -> client1/7.7.7.7:5111 > 18:58:39+01:00 server : client1/7.7.7.7:5111 MULTI: Learn: 21:ba:ed:15:65:7e > -> client1/7.7.7.7:5111 > 18:58:39+01:00 server : client1/7.7.7.7:5111 MULTI: Learn: 70:b5:f7:31:e3:39 > -> client1/7.7.7.7:5111 > 18:58:40+01:00 server : client1/7.7.7.7:5111 MULTI: Learn: f1:db:27:92:e0:97 > -> client1/7.7.7.7:5111 > > Is there any way to make the server log the remote IP addresses for the MACs > it has learned from the client? In TAP mode, OpenVPN is not interested in IP addresses. It just cares about MAC addresses. Run arpwatch on the "host" side (listening on the tap interface) to get the IP/MAC mapping. gert -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany g...@greenie.muc.de signature.asc Description: PGP signature ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users