Re: [Openvpn-devel] client-server customized session-id

On Wed, 6 Oct 2004 satind...@in.safenet-inc.com wrote: > Hi, > I am implementing client-server openvpn with following additional > requirement: > Client-server should share a secret session-id provided by me while starting > client and server. I dont want to keep this session-id in a file

Re: [Openvpn-devel] Pass log and passphrase between OpenVPN and OpenVPN GUI

. > > > > An other point is security. Actually the service wrapper need to run as > > SYSTEM/Admin rights, we have to limit the features and commands which will > > run as SYSTEM. > > > > Didier > > > > James Yonan wrote: > >> On Fri, 1 Oct 2004, Math

Re: [Openvpn-devel] Again: Feature implementation: Connection refusal based upon CN

Vlada, I think the idea for the patch is good, i.e. using the client-config-dir as a kind of authenticator of common names. I do have a concern though on your implementation. You are conducting the allow/deny test in multi_connection_established(). The problem is that this function runs too

Re: [Openvpn-devel] Pass log and passphrase between OpenVPN and OpenVPN GUI

On Fri, 1 Oct 2004, Mathias Sundman wrote: > Didier announced a first release of an improved version of the OpenVPN > Service Wrapper earlier this week. The goal with this is to allow a non > admin user on Windows to start/stop openvpn processes. > > It does this by listening on a local TCP

Re: [Openvpn-devel] Win 32 Install script bug openvpn.nsi

On Wed, 29 Sep 2004, Remco Boom wrote: > Hello all > > In the file openvpn.nsi.in version 1.2.2.9, This is the most recent file > in CVS > http://cvs.sourceforge.net/viewcvs.py/openvpn/openvpn/install-win32/openvpn.nsi.in?rev=1.2.2.9=markup > I found a bug, When you reinstall the same version

Re: [Openvpn-devel] [PATCH] UDPv6 support (UDP/IPv6)

On Fri, 24 Sep 2004, JuanJo Ciarlante wrote: > On Fri, Sep 24, 2004 at 10:39:59AM +0200, Matthias Andree wrote: > > On Fri, 24 Sep 2004, JuanJo Ciarlante wrote: > > > > > This README covers UDP/IPv6 ( --udp6 ) support for openvpn-2.0_beta11 > > > Also, with address family "generalization"

Re: [Openvpn-devel] logging remote ip disconnection

On Mon, 20 Sep 2004, Kisero wrote: > Hi, ive send two mails already and no answere..if imasking something > wrong just tell me :) > > i need to know when a remote ip address disconnect..i could not find > anything on the man, or raising the verb level , or nothing. so i > start looking at the

Re: [Openvpn-devel] proxy ntlm support

William, Thanks for the patch. Have you tried it against the 2.0 beta series yet? That's really the place where I will want to merge it. Best Regards, James On Wed, 15 Sep 2004, William Preston wrote: > > hello list, > > here's a patch to add basic ntlm support to openvpn 1.6.0 > i've

Re: [Openvpn-devel] OpenVPN Licensing Issues

On Thu, 16 Sep 2004, Matthias Andree wrote: > On Tue, 14 Sep 2004, James Yonan wrote: > > > Therefore, in order for a dual licensing scheme to work, anyone who has ever > > submitted code to the OpenVPN source code would need to agree to the dual > > licensing scheme, si

Re: [Openvpn-devel] Microsoft digital signature warning pop up windows

On Tue, 14 Sep 2004, Russell Sutherland wrote: > When one installs the current OpenVPN .exe NSIS install > bundle on a WindowsXP or 2000 machine, a window pops > up during the installation process saying something > to the effect: > > "Warning: this driver has not been signed/approved >

Re: [Openvpn-devel] Assertion failed at crypto.c:147

I've sent a message to the poster to get more info. This assertion would happen if OpenVPN underestimated the maximum amount of cipher/HMAC overhead bytes which might be added to a packet. I've never seen it before. James On Fri, 10 Sep 2004, Alberto Gonzalez Iniesta wrote: > Hi all, > >

Re: [Openvpn-devel] Connect several subnets with OpenVPN2.0

On Wed, 8 Sep 2004, Robin G. Wenninger wrote: > Hi list, > > I have a kind of "problem" here. > > I thought about connecting several subnets with 2.0 and for this purpose > use the PUSH/PULL-Options. > > So I used options like > push "route 10.0.0.0 255.255.255.0" > push "route

Re: [Openvpn-devel] openvpn using matrixssl ?

On Tue, 7 Sep 2004, gary wrote: > Hi, > > Anyone knows how feasible it is to use matrixssl instead of openssl ? > The main advantage is memory footprint for embedded system like the > linksys wrt54g. It's possible, but development would be required. To the extent that the matrixssl API

Re: [Openvpn-devel] Sending signals to a process in Windows

Mathias Sundman said: > I'd like my Windows OpenVPN GUI to be able to send signals to the openvpn > processes. > > Is it possible to send signals (like SIGHUP, SIGUSR1) to processses in > Windows? How? Windows doesn't really have signals like *nix. When I want something

Re: [Openvpn-devel] psw in pem_passphrase_callback() static or not?

Mathias Sundman said: > When i first looked at the pem_passphrase_callback() function in ssl.c, I > though that the intention was to save the passphrase so the key could be > reloaded after a ping-restart, because you use: > > static char passbuf[256]; > > So, I was

Re: [Openvpn-devel] Patch: Output log message after routes is added

Mathias Sundman said: > --- forward-orig.c Fri Jul 30 22:08:22 2004 > +++ forward.c Sun Aug 8 09:48:21 2004 > @@ -243,6 +243,7 @@ > update_time (); > event_timeout_clear (>c2.route_wakeup); > event_timeout_clear (>c2.route_wakeup_expire); > +

Re: [Openvpn-devel] compiling statically - how?

Matthias Andree said: > On Wed, 04 Aug 2004, Tomasz Chmielewski wrote: > > > I was thinking of an option like ./configure --compile-statically - and > > with such compiled binary, I wouldn't have to install compilers, compile > > OpenVPN, deinstall compilers on every

[Openvpn-devel] OpenVPN 2.0-beta8 released

This release has some cool new stuff, most notably TCP support in server mode. While all OSes which OpenVPN supports should be able to run as a multi-client TCP server, I've added an optimization for Linux 2.6 which takes advantage of the new linearly scalable sys_epoll API. If you plan on

Re: [Openvpn-devel] Re: Interface with GUI agent

On Tuesday 06 July 2004 16:58, Mathias Sundman wrote: > Some more things to consider... > > 1. On Windows, if the the service wrapper has started some openvpn > processes before our gui agent is started, how should find out about > those processes? > > I can think of the following ways: > > 1a.

[Openvpn-devel] Re: Interface with GUI agent

On Tuesday 06 July 2004 04:25, Mathias Sundman wrote: > On Tue, 6 Jul 2004, Jan Kiszka wrote: > > If it's not a windows specific problem, then I suppost it's best to > > add the functionallity in the openvpn binary so we get the > > portability. > > I don't think the openvpn

Re: Interface with GUI agent, was: Re: [Openvpn-devel] [Patch] revoke scripts were broken

> >>Thinking ahead, the challenge/response sequence for passing > >> authentication info should be open-ended to provide for future > >> implementation of alternative authentication methods such as Radius, > >> LDAP, NT Auth, etc. > > > > Please don't do too much of that. I've seen this auth

Re: [Openvpn-devel] [Patch] revoke scripts were broken

On Tuesday 29 June 2004 11:06, Jan Kiszka wrote: > Hi all, > > here is a tiny patch to make revoke-crt and make-crl work seamlessly > within the easy-rsa environment. Seems that no one used it before ;) Thanks, I've merged for inclusion in beta8. James

Interface with GUI agent, was: Re: [Openvpn-devel] [Patch] revoke scripts were broken

> I would furthermore suggest to discuss the required interface between > the GUI and the OpenVPN daemon on this list. Starting and stopping would > be possibly by just running the main binary, but I think a more > sophisticated status and diagnosis interface requires some other > mechanism (e.g.

Re: [Openvpn-devel] Enabling multicast on OpenBSD tun interface

Pavlin, Thanks for the patch. Is there any reason why someone might not want to have multicast turned on by default, i.e. is there any chance this could break something? Should it be controllable by an option? James Pavlin Radoslavov said: > Hi! > > [OS: OpenBSD-3.5] >

Re: [Openvpn-devel] IP adress assignment to tun devices using server mode

Torge Szczepanek said: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Hi! > > I am currently trying out OpenVPN 2.0 beta 4 using server mode. > > My config on the server looks like this: > > dev tun > mode server > ifconfig 192.168.100.1 192.168.100.2 >

Re: [Openvpn-devel] how to implement the multi client in openvpn?

> > PS: could I use windows version as OpenVPN Server? > > As a last resort only ;) Actually, the OpenVPN server will run fine on Windows, though it may be slightly less efficient than Linux on equivalent hardware. James

[Openvpn-devel] Re: [Openvpn-users] OpenVPN 2.0-beta3 released

Rainer Sokoll <r.sok...@intershop.de> said: > On Sun, Jun 06, 2004 at 01:35:27AM -0000, James Yonan wrote: > > > * New feature: --status. Outputs a SIGUSR2-like > > status summary to a given file, updated once > > per n seconds. The status file is comma de

[Openvpn-devel] Re: Still Assertion failed at event.c:399 (was Re: [Openvpn-users] OpenVPN 2.0-beta3 released

Jon, Have you considered the possibility that there might be breakage in your compilation environment, such as a mismatch between header files and shared libraries? I am saying this because I haven't seen any other reports of similar assertion failures. If you are the only one seeing the

Re: [Openvpn-devel] OpenVPN 2.0 Yo-Yo effect...

Denis Vlasenko said: > On Saturday 05 June 2004 21:46, Mike Auty wrote: > > Thanks for the super fast reply, > > Sadly I don't have the facilities to build a new windows version. > > Would you mind exaplaining briefly what it does? It only seems to > >

Re: [Openvpn-devel] Radius support, was: Re: [Openvpn-users] Is it possible to assign a specific ip address to a certificate?

Denis Vlasenko <v...@port.imtp.ilyichevsk.odessa.ua> said: > On Saturday 29 May 2004 01:34, James Yonan wrote: > > Jaye Mathisen <mr...@internetcds.com> said: > > > It would be nice if openvpn could be configure to work with radius for > > > >

[Openvpn-devel] Radius support, was: Re: [Openvpn-users] Is it possible to assign a specific ip address to a certificate?

Jaye Mathisen said: > It would be nice if openvpn could be configure to work with radius for routing and > IP assignment after the certificate was done. Would allow openvpn to be integrated easily > with existing infrastructure, instead of having to have a whole new

Re: [Openvpn-devel] [BUG] sometimes --ping 30 stops: select() timeout=31536000 seconds (exactly one year)!

Denis, That looks like a possible bug in the coarse timer update logic. The coarse timer deals with events scheduled at a resolution denoted by an integer number of seconds, such as pings. A timeout of one year is used as kind of "effectively infinite" time interval. If you see this large

Re: [Openvpn-devel] Trying to use zlib with openvpn

Ming-Ching Tiew said: > > Last night after posting to openvpn-user maillist about > wanting to use zlib with OpenVPN, I had a look at the > code. It seems the compression code is well-contained > in lzo.c, I could even do a one-to-one swap of > 'LZO_COMPRESS' with

Re: [Openvpn-devel] openvpn-2.0_beta1: tunnel MTU a bit too large

Denis Vlasenko <v...@port.imtp.ilyichevsk.odessa.ua> said: > On Sunday 16 May 2004 23:49, James Yonan wrote: > > Denis, > > > > There are two ways of setting the MTU in OpenVPN, one is to use --tun-mtu > > which doesn't include any encapsulation overhead, the oth

Re: [Openvpn-devel] OpenVPN 2.0-test26 released

tell it to find functions in this special compatibility library before looking for them in the normal C library." James Matthias Andree <ma+ov...@dt.e-technik.uni-dortmund.de> said: > On Thu, 29 Apr 2004, James Yonan wrote: > > > Ooops... let's try that again with the correct

[Openvpn-devel] (no subject)

A new release of the 2.0 beta is available. * One of the goals of OpenVPN 2.0 is extreme scalability, i.e. robustly handling connections from potentially thousands of clients. To do this, some kind of load balancing and failover capability is needed, because a single OpenVPN daemon running on a

Re: [Openvpn-devel] Windows and Shaper

't forget to #DEFINE HAVE_GETTIMEOFDAY in > config-win32.h. Let me know what you think. > Derek Burdick > - Original Message ----- > From: "James Yonan" <j...@yonan.net> > To: "Derek Burdick" <de...@burdick.cc>; > <openvpn-devel@lists.sourcefor

Re: [Openvpn-devel] Many to one TCP question

Lonnie Cumberland said: > Hello All, > > Well, I've been away from the list for a little while and was wondering > if someone could please bring me up to speed on the development of the > "Many-to-One" TCP progress? > > It is my understanding that in the OpenVPN 2.0

Re: [Openvpn-devel] Windows and Shaper

Derek Burdick said: > I was browsing the online CVS repository and noticed the > config-win32.h.in says that HAVE_GETTIMEOFDAY is specified in misc.c. When > I look in misc.c, I don't see the file. Is the latest version just not > checked in? I also implemented a

Re: [Openvpn-devel] OpenVPN 2.0 (test23) and logging

Mike Auty said: > Hi James, > First off, great program, it's really amazing what you and the > other developers have achieved. > Secondly the new 2.0 seems to be working out quite well, but I ran > into a little difficulty. The problem I was having turned out to

[Openvpn-devel] OpenVPN 2.0-test20 released

This latest 2.0 beta has some cool new features including tap interface support and customization of configuration based on the client certificate common name. The man page on the web site now shows all new 2.0 options, and the release notes on the web site shows sample config files for tap-style

Re: [Openvpn-devel] multiple connections on one tap

Miika Keskinen said: > Hi. > > How much functionality there needs to be implemented in order to get > multiple connections with one tap-adapter working? And then, should that > be implemented either by implementing ethernet-switch or maybe even with > bridging-code? Normally

Re: [Openvpn-devel] OpenVPN 2.0 feature request - fixed-address

Arkadiusz Patyk said: > Hi > > ifconfig-pool is fine, but I would need an option for IP > reservation for users. > The reservation could be realized on thebase of x509name > > for example: > > fixed-address 10.8.0.46

Re: [Openvpn-devel] OpenVPN 2.0 -- Project Update and Release Notes

Matthias Andree <ma+ov...@dt.e-technik.uni-dortmund.de> said: > On Tue, 30 Mar 2004, James Yonan wrote: > > > OpenVPN 2.0 -- Project Update and Release Notes > > > > I'm happy to announce that the first OpenVPN 2.0 beta is here, and well > > ahead > >

[Openvpn-devel] Re: [Openvpn-users] OpenVPN 2.0 and firewall

Arkadiusz Patyk said: > Hi > > Two very significant things for me are: > 1. In my configurations, VPN users have different rights to resources > (access list on firewall - iptables). I have to know client IP to > correctly setup firewall, how can i do this in 2.x ? How can

Re: [Openvpn-devel] route from server?

Marc Hassman said: > A question and a suggestion: > > Q: This is probably an XP problem rather than a OpenVPN one. With Windows XP > as a client, I can > add an arbitrary route using the 'route' statement and I observe it being > added in the 'route print' listing. >

Re: [Openvpn-devel] OpenVPN multi instancing

Matthias Andree said: > On Sun, 29 Feb 2004, Christian Daniel wrote: > > > Hello everybody! > > > > For a student research project I'm trying to add multi instance capability > > to > > OpenVPN. The basic idea is to rip the main openvpn()-function

Re: [Openvpn-devel] --redirect-gateway on FreeBSD

Juan Rodriguez Hervella said: > Hello, > > I've just subscribed to this list, but I've read on the > archives that the --redirect-gateway function is not > working yet on FreeBSD because of the problem of > retreiving the address of the default gateway. > > I've just written a

Re: [Openvpn-devel] Question about TCP forking server

Juan Rodriguez Hervella said: > Hello, > > I've just realized that openVPN-1.6rc1 only supports > "inetd nowait" for the TLS case. > > I understand that it is not possible to have "nowait" behaviour > for multiple clients with different secrets, but it would be still possible

[Openvpn-devel] OpenVPN 1.6-rc1 released

This is a release candidate for 1.6.0. The main change from 1.6-beta7 is that the Windows version now uses --ip-win32 dynamic by default. Change Log: 2004.03.02 -- Version 1.6-rc1 * For Windows, make "--ip-win32 dynamic" the default. * For Windows, make "--route-delay 10" the default unless

Re: [Openvpn-devel] Files missing from BETA20 CVS

Matthias Andree said: > Hi, > > the files list.c, mroute.c and multi.c appear to be missing from the > BETA20 branch in CVS: > > ma@merlin:~/cvs-3rdparty/openvpn> LANG=C make -ks 2>&1 | grep ^make > make[1]: *** No rule to make target `list.c', needed by

Re: [Openvpn-devel] OpenVPN multi instancing

Christian Lademann said: > Hello, James hello, Christian, > > is it also going to be supported in 2.0 to have multiple tup/tap interfaces > but only a single TCP-port on the server side waiting for incoming > connections? The ultimate goal is to have all connection options

Re: [Openvpn-devel] OpenVPN multi instancing

Matthias Andree <ma+ov...@dt.e-technik.uni-dortmund.de> said: > On Mon, 01 Mar 2004, James Yonan wrote: > > > Christian Daniel <c...@cdaniel.de> said: > > > > > Hello everybody! > > > > > > For a student research project I'm trying to a

[Openvpn-devel] Re: [Openvpn-users] Problem while compiling openvpn

PremKumar Jayaram said: > Hello Everybody, > > I need to compile the opnevpn code on windows 2000. Using Win DDK I was able > to compile the driver code, but I am not able to compile the openvpn.c and > other files. I tired to compile using VC++ 6.0 but there

Re: [Openvpn-devel] patch for iproute

Martin, Thanks for the patch -- it looks good and I expect to merge it. I see that you hardwire the choice for iproute2 vs. vanilla ip route + ifconfig at build time. Do you think that makes sense, or would it be better to have an --iproute2 run time flag? James Martin Hejl

Re: [Openvpn-devel] option suggestion (was Re: routing on windows)

Farkas Levente <lfar...@bnap.hu> said: > James Yonan wrote: > > Farkas Levente <lfar...@bnap.hu> said: > > > > > >>Mathias Sundman wrote: > >> > >>>Hi! > >>> > >>> > we use our linux vpn gateway and

Re: [Openvpn-devel] option suggestion (was Re: routing on windows)

Farkas Levente said: > Mathias Sundman wrote: > > Hi! > > > > > we use our linux vpn gateway and some win2000 road warrior clients with > > > openvpn. I would like to route all internet traffic trough our firewall > > > from the windows clients. > > > > I´ve been thinking

Re: [Openvpn-devel] Re: OpenVPN --resolv-retry and --chroot problem

Teemu Kiviniemi <teem...@iki.fi> said: > Wed, 29-10-2003 at 23:38, James Yonan wrote: > > > I would rather see this fix accomplished by adding some kind of dummy call > > early on in the initialization sequence to trigger the dynamic load of the > > DNS > >

[Openvpn-devel] Re: OpenVPN --resolv-retry and --chroot problem

Teemu Kiviniemi said: > Hi, > > OpenVPN 1.5beta12 and the CVS version have a problem when --resolv-retry > and --chroot are used at the same time. In chroot environment, > gethostbyname() can't resolve the remote IP address: > > Wed Oct 29 17:19:17 2003 13: RESOLVE: Cannot

Re: [Openvpn-devel] a replacement for --tls-remote and verify-cn

Teemu Kiviniemi said: > Hi, > > I ran into problems in using --tls-verify to verify the remote host with > --chroot enabled. --tls-verify runs the verify script with system() > command, so it assumes that /bin/sh is available. Usually, in a chroot > environment, that's not true.

[Openvpn-devel] RE: [Openvpn-users] connecting to multiple servers

Peter Sandström said: > I'm currently working on this, but as James says. This patch will be > far to intrusive to be merged into 1.5 this late. > The entire socketlayer needs to be ripped out and redone since alot > of the current code assumes that there is always exactly

Re: [Openvpn-devel] comments on beta12

julien Touche said: > test between debian linux 2.4.21 <-> openbsd 3.4, beta12 on the 2 sides > works well > > one comment for openbsd, "dev tun" doesn't work: > > Tue Oct 14 12:14:14 2003 6: /sbin/ifconfig tun delete > ifconfig: SIOCGIFFLAGS: Device not configured >

Re: [Openvpn-devel] CVS

Peter Sandström said: > Hey, > > What's the current status of the CVS tree? I can't login using anonymous > access. > > I was planning on implementing multiple-connections-to-one-openvpn-instance > since I need it for a usecase. > Not beeing able to checkout the source

[Openvpn-devel] OpenVPN pre-beta8 is ready for testing.

I have a new beta release available with some very cool new features: * The TAP-Win32 driver on Windows can now emulate a "tun" point-to-point IP interface. This completes the "compatibility matrix" meaning that OpenVPN on Windows can now talk to OpenVPN on any other platform, including those

Re: [Openvpn-devel] Re: [Openvpn-users] Windows tun driver

Matthias Andree <ma+ov...@dt.e-technik.uni-dortmund.de> said: > On Mon, 15 Sep 2003, James Yonan wrote: > > > Yes, this is a problem. For OpenBSD to talk to Windows over OpenVPN, we > > need > > either a tun driver for Windows or a tap driver for OpenBSD. > &

[Openvpn-devel] RE: [Openvpn-users] Windows tun driver

Bert Shuler said: > James: > Are you aware of a Windows tun project? While most windows users may > prefer tap, I am interested in the point-to-point nature of the tun > device. When setting up many routed connections, it seems that each TAP > connection will use 1

[Openvpn-devel] New TAP-Win32 driver needs stress testing

I've made some significant changes in the TAP-Win32 driver, bringing it up to SMP standards, and making some performance improvements in latency and overall efficiency. While it has admirably held up to my stress tests on a single processor XP laptop, it needs testing on more machines, especially

Re: [Openvpn-devel] Re: [Openvpn-users] New feature proposal: --route option

Tom Bin said: > > It's really a good idea. > I think the syntax is good enough..., > maybe you can take the metric(route cost) into consideration. That's a good idea. It looks like most IP stacks support metric, I see that Windows does too so that is good. > I would like to

[Openvpn-devel] New feature: --ifconfig for tap devices

One of the nice things about the --ifconfig option is that it lets you set TUN adapter endpoint addresses (i.e. the virtual IP addresses for each end of the tunnel) in a platform independent manner -- OpenVPN then translates the --ifconfig option to the appropriate ifconfig command for your

Re: [Openvpn-devel] Need 1.5 beta testers for *BSD, Linux 2.2, OS X

> question regarding windows openvpn (thanks a lot for this :), is it > possible to have some script executed (like add a route for the other > side subnet) ? I'm thinking about something like this in a more generalized context, where OpenVPN running as a server would actually generate the

[Openvpn-devel] Need 1.5 beta testers for *BSD, Linux 2.2, OS X

If anyone out there is running 1.5-beta5 or later on OpenBSD, FreeBSD, NetBSD, Mac OS X, or Linux 2.2, please let me know. I want to make sure that 1.5 is tested on everything before 1.5 final is released. Thanks, James

[Openvpn-devel] Re: [Openvpn-users] OpenVPN ported to Windows

Yes, currently the CIPE TAP driver has the capability to run on NT 4, 2K, and XP, but this first beta release of OpenVPN has only been tested on XP so far, because that's the only windows development machine I have access to right now. OpenVPN uses a slightly forked version of the CIPE TAP, but

[Openvpn-devel] OpenVPN ported to Windows

Well some good news on the development front... (1) OpenVPN has finally been ported to Windows. (2) TCP protocol support has been added. The Windows port was made possible by a number of emerging developments, most importantly the stabilizing of the TAP driver component of the Cipe-Win32

[Openvpn-devel] OpenVPN 1.4.2 Released

1.4.2 has been released. Details here: http://openvpn.sourceforge.net/relnotes.html James

Re: [Openvpn-devel] OpenVPN 1.4.2 release candidate, please test

Matthias Andree <ma+ov...@dt.e-technik.uni-dortmund.de> said: > On Thu, 10 Jul 2003, James Yonan wrote: > > > > > This is a maintenance release which (a) fixes the previously discussed ISO > > C99 > > vararg efficiency bug, and (b) further stabilizes the e

[Openvpn-devel] OpenVPN 1.4.2 release candidate, please test

This is a maintenance release which (a) fixes the previously discussed ISO C99 vararg efficiency bug, and (b) further stabilizes the experimental --mtu-dynamic option which causes OpenVPN to perform internal datagram fragmentation in cases where native IP fragmentation is broken. Testing will be

[Openvpn-devel] 1.4.x efficiency bug + 1.4.2 release candidate

1.4.0 and 1.4.1 have a fairly serious efficiency bug when built by compilers which do not support ISO C99 vararg macros. If you run ./configure with 1.4.0 or 1.4.1 and you see this line: checking for ISO C 1999 vararg macro support... no you will be experiencing a significant slowdown due to

[Openvpn-devel] --dev and --dev-name under linux 2.4+

A debian bug report was submitted that inspired me to look deeper into the operation of --dev and the new --dev-name flag. --dev-name was a patch for tun.c which I received a few months ago, which only really does anything for linux 2.4. On first glance it appeared nominally useful, so I merged

[Openvpn-devel] OpenVPN 1.4.1 Released

This release fixes two bugs in 1.4.0, including a build issue on OpenBSD, and a bug under Linux 2.4 that can cause 100% CPU utilization if the --verb 0 option is used to suppress all output. In addition, if a Linux 2.4 TUN/TAP open attempt fails, the code will now fall back to the 2.2 TUN/TAP

[Openvpn-devel] Release candidate for 1.4.1

A couple of bugs have surfaced in 1.4.0, including a problem with --verb 0 under Linux 2.4 and a trivial compile problem for OpenBSD. I'd like to release 1.4.1 soon, which resolves both of these issues. Please test this release candidate if possible. Download:

Re: [Openvpn-devel] an idea for openvpn..

Aaron, I've found that the linux scheduler on 2.4 does a fairly good job at giving openvpn the CPU that it needs, even on a more heavily loaded system. When openvpn is forwarding tunnel packets, it is essentially i/o bound, and as such gets a priority boost. When TLS keys are being negotiated,

[Openvpn-devel] 1.4.0 Released

Download: http://sourceforge.net/projects/openvpn/ Release Notes: This release adds options for persistence of replay protection information across sessions, pass through of IPv4 TOS bits from the TUN/TAP device to the UDP link, some advanced MTU control options, moderate revamping of the build

[Openvpn-devel] Third release candidate for 1.4.0

This release candidate fixes some longstanding annoyances with the openvpn.init script, making it more robust, with better sanity checks on command line options, and more accurate reporting of fail/success status back to the caller. The later feature required some changes to the way that --daemon

Re: [Openvpn-devel] Openvpn for RH62 - eek!

How do most other initialization scripts handle the differences between bash 1 and 2? Do they just restrict themselves to the least common denominator (a)? Or do they try to explicitly instantiate bash2 (b)? -#!/bin/sh +#!/bin/bash2 (b) could be risky if there are distros where where

[Openvpn-devel] 2nd release candidate for 1.4.0

This release candidate fixes some build problems that surfaced on the outliers of the RedHat distribution (6.2 and 9.0). Other minor fixes as well (see the change log). Tarball is here: http://openvpn.sourceforge.net/beta/openvpn-1.3.2.30.tar.gz James

Re: [Openvpn-devel] TCP-over-TCP (was: Multi-channel VPN)

Aaron Sethman <andro...@ratbox.org> said: > > On Thu, 24 Apr 2003, James Yonan wrote: > > Actually, I was thinking more about the situation where people are forced to > > tunnel IP over TCP, for whatever reason, when UDP is not an option. Since > > IP &

Re: [Openvpn-devel] TCP-over-TCP (was: Multi-channel VPN)

Aaron Sethman <andro...@ratbox.org> said: > > > On Wed, 23 Apr 2003, Matthias Andree wrote: > > > On Wed, 23 Apr 2003, James Yonan wrote: > > > > > I wonder if one could build a better tcp-over-tcp by doing some > > > intelligent > >

[Openvpn-devel] Release candidate for 1.4.0

We're on the final stretch for 1.4.0, so if possible, please give this release a spin. http://openvpn.sourceforge.net/beta/openvpn-1.3.2.24.tar.gz I plan to release 1.4.0 shortly if there are no problems. James

Re: [Openvpn-devel] TCP-over-TCP (was: Multi-channel VPN)

Matthias Andree said: > On Sat, 19 Apr 2003, Aaron Sethman wrote: > > > I'm not necessarly sure it belongs in OpenVPN, but then again, I can see > > the advantages to automatically failover to other links. Perhaps > > abstracting things out in the code a

[Openvpn-devel] Fwd: RE: Multi-channel VPN

ware being installed at both ends, or OS-specific solutions. > > Thanks, > > - R. Latimer > > -Original Message- > From: James Yonan [mailto:j...@yonan.net] > Sent: Thursday, 17 April 2003 22:40 > To: R. Latimer > Subject: Re: Multi-channel VPN > > &g

Re: [Openvpn-devel] Re: New beta available + progress update

Matthias Andree <ma+ov...@dt.e-technik.uni-dortmund.de> said: > On Thu, 17 Apr 2003, James Yonan wrote: > > > A better alternative (orginally suggested by you) is to avoid fragmenting in > > the first place by bouncing back ICMP_DEST_UNREACH/ICMP_FRAG_NEEDED to

Re: [Openvpn-devel] Re: New beta available + progress update

Matthias Andree said: > > http://openvpn.sourceforge.net/beta/openvpn-1.3.2.21.tar.gz (or CVS) > > I have a next round of patches to fix prototypes and types to quench > compiler warnings and get a more robust source code against changed > environments, to

[Openvpn-devel] Re: New beta available + progress update

Matthias Andree said: > > What the FRAGMENT_ENABLE code does is to add an extra 4 byte header to each > > datagram that includes, among other things, feedback on the number of > > datagrams received as well as the maximum datagram size received. This > > information can

[Openvpn-devel] New beta available + progress update

OpenVPN continues to evolve, and I thought I would take this opportunity to briefly describe some of the current directions in the project (which, incidentally, has passed its 1 year milestone). For one, a new OpenVPN beta is available and testing would be appreciated.

Re: [Openvpn-devel] New pre-1.3.3 beta

t, 15 Mar 2003, James Yonan wrote: > > > Yes, I think we should try to fix if it's only a trivial cast involved to > > silence the warning. > > > > I don't see them on gcc 2.96, even with "-Wall -W -Wpointer-arith > > -Wsign-compare -Winline". > >

[Openvpn-devel] New pre-1.3.3 beta

If you have a chance, please test this beta. I mostly use linux 2.4 for development, so I don't have much of a chance to test on linux 2.2 and non-linux OSes. Since the last beta announcement on this list, there's been a bunch of changes including build system portability fixes, --dev-name, and

Re: [Openvpn-devel] [PATCH]: add config-variables to OpenVPN-1.3.2

Christian, Rather than put a lot of scripting language infrastructure into OpenVPN's config file parser, why not just use a shell script, i.e.: openvpn --dev-name vpn_${CUSTNO} \ --port 5${CUSTNO} \ --ifconfig 10.0.0.1 10.0.${CUSTNO}.1 \ --dev-type tun \

Re: [Openvpn-devel] MTU

Jan Johansson <jan.johans...@biomatsys.com> said: > On Sun, 2003-02-23 at 17:10, James Yonan wrote: > > Russ, > > > > Have you tried the tracepath utility to attempt to measure the Path MTU? > > > > Are the routers in the path properly forwarding I

Re: [Openvpn-devel] MTU

Aaron Sethman <andro...@ratbox.org> said: > > On Sat, 22 Feb 2003, James Yonan wrote: > > This might be handled in a way similar to --ping-restart or SIGHUP/SIGUSR1, > > where the openvpn daemon would essentially restart if the MTU size changed. > > This would be

Re: [Openvpn-devel] MTU

tunnels over tunnels, the lower-level (more nested) tunnels will need lower --udp-mtu settings. Longer-term, I hope to put some intelligence in OpenVPN to do this automatically. James R P Herrold <herr...@owlriver.com> said: > On Sat, 22 Feb 2003, James Yonan wrote: > > > Recentl

<    1   2   3   4   5   >