On Wed, 6 Oct 2004 satind...@in.safenet-inc.com wrote:
> Hi,
> I am implementing client-server openvpn with following additional
> requirement:
> Client-server should share a secret session-id provided by me while starting
> client and server. I dont want to keep this session-id in a file
.
> >
> > An other point is security. Actually the service wrapper need to run as
> > SYSTEM/Admin rights, we have to limit the features and commands which will
> > run as SYSTEM.
> >
> > Didier
> >
> > James Yonan wrote:
> >> On Fri, 1 Oct 2004, Math
Vlada,
I think the idea for the patch is good, i.e. using the client-config-dir
as a kind of authenticator of common names.
I do have a concern though on your implementation. You are conducting the
allow/deny test in multi_connection_established(). The problem is that
this function runs too
On Fri, 1 Oct 2004, Mathias Sundman wrote:
> Didier announced a first release of an improved version of the OpenVPN
> Service Wrapper earlier this week. The goal with this is to allow a non
> admin user on Windows to start/stop openvpn processes.
>
> It does this by listening on a local TCP
On Wed, 29 Sep 2004, Remco Boom wrote:
> Hello all
>
> In the file openvpn.nsi.in version 1.2.2.9, This is the most recent file
> in CVS
> http://cvs.sourceforge.net/viewcvs.py/openvpn/openvpn/install-win32/openvpn.nsi.in?rev=1.2.2.9=markup
> I found a bug, When you reinstall the same version
On Fri, 24 Sep 2004, JuanJo Ciarlante wrote:
> On Fri, Sep 24, 2004 at 10:39:59AM +0200, Matthias Andree wrote:
> > On Fri, 24 Sep 2004, JuanJo Ciarlante wrote:
> >
> > > This README covers UDP/IPv6 ( --udp6 ) support for openvpn-2.0_beta11
> > > Also, with address family "generalization"
On Mon, 20 Sep 2004, Kisero wrote:
> Hi, ive send two mails already and no answere..if imasking something
> wrong just tell me :)
>
> i need to know when a remote ip address disconnect..i could not find
> anything on the man, or raising the verb level , or nothing. so i
> start looking at the
William,
Thanks for the patch.
Have you tried it against the 2.0 beta series yet?
That's really the place where I will want to merge it.
Best Regards,
James
On Wed, 15 Sep 2004, William Preston wrote:
>
> hello list,
>
> here's a patch to add basic ntlm support to openvpn 1.6.0
> i've
On Thu, 16 Sep 2004, Matthias Andree wrote:
> On Tue, 14 Sep 2004, James Yonan wrote:
>
> > Therefore, in order for a dual licensing scheme to work, anyone who has ever
> > submitted code to the OpenVPN source code would need to agree to the dual
> > licensing scheme, si
On Tue, 14 Sep 2004, Russell Sutherland wrote:
> When one installs the current OpenVPN .exe NSIS install
> bundle on a WindowsXP or 2000 machine, a window pops
> up during the installation process saying something
> to the effect:
>
> "Warning: this driver has not been signed/approved
>
I've sent a message to the poster to get more info. This assertion would
happen if OpenVPN underestimated the maximum amount of cipher/HMAC
overhead bytes which might be added to a packet. I've never seen it
before.
James
On Fri, 10 Sep 2004, Alberto Gonzalez Iniesta wrote:
> Hi all,
>
>
On Wed, 8 Sep 2004, Robin G. Wenninger wrote:
> Hi list,
>
> I have a kind of "problem" here.
>
> I thought about connecting several subnets with 2.0 and for this purpose
> use the PUSH/PULL-Options.
>
> So I used options like
> push "route 10.0.0.0 255.255.255.0"
> push "route
On Tue, 7 Sep 2004, gary wrote:
> Hi,
>
> Anyone knows how feasible it is to use matrixssl instead of openssl ?
> The main advantage is memory footprint for embedded system like the
> linksys wrt54g.
It's possible, but development would be required.
To the extent that the matrixssl API
Mathias Sundman said:
> I'd like my Windows OpenVPN GUI to be able to send signals to the openvpn
> processes.
>
> Is it possible to send signals (like SIGHUP, SIGUSR1) to processses in
> Windows? How?
Windows doesn't really have signals like *nix.
When I want something
Mathias Sundman said:
> When i first looked at the pem_passphrase_callback() function in ssl.c, I
> though that the intention was to save the passphrase so the key could be
> reloaded after a ping-restart, because you use:
>
> static char passbuf[256];
>
> So, I was
Mathias Sundman said:
> --- forward-orig.c Fri Jul 30 22:08:22 2004
> +++ forward.c Sun Aug 8 09:48:21 2004
> @@ -243,6 +243,7 @@
> update_time ();
> event_timeout_clear (>c2.route_wakeup);
> event_timeout_clear (>c2.route_wakeup_expire);
> +
Matthias Andree said:
> On Wed, 04 Aug 2004, Tomasz Chmielewski wrote:
>
> > I was thinking of an option like ./configure --compile-statically - and
> > with such compiled binary, I wouldn't have to install compilers, compile
> > OpenVPN, deinstall compilers on every
This release has some cool new stuff, most notably TCP support in server mode.
While all OSes which OpenVPN supports should be able to run as a multi-client
TCP server, I've added an optimization for Linux 2.6 which takes advantage of
the new linearly scalable sys_epoll API. If you plan on
On Tuesday 06 July 2004 16:58, Mathias Sundman wrote:
> Some more things to consider...
>
> 1. On Windows, if the the service wrapper has started some openvpn
> processes before our gui agent is started, how should find out about
> those processes?
>
> I can think of the following ways:
>
> 1a.
On Tuesday 06 July 2004 04:25, Mathias Sundman wrote:
> On Tue, 6 Jul 2004, Jan Kiszka wrote:
> > If it's not a windows specific problem, then I suppost it's best to
> > add the functionallity in the openvpn binary so we get the
> > portability.
>
> I don't think the openvpn
> >>Thinking ahead, the challenge/response sequence for passing
> >> authentication info should be open-ended to provide for future
> >> implementation of alternative authentication methods such as Radius,
> >> LDAP, NT Auth, etc.
> >
> > Please don't do too much of that. I've seen this auth
On Tuesday 29 June 2004 11:06, Jan Kiszka wrote:
> Hi all,
>
> here is a tiny patch to make revoke-crt and make-crl work seamlessly
> within the easy-rsa environment. Seems that no one used it before ;)
Thanks, I've merged for inclusion in beta8.
James
> I would furthermore suggest to discuss the required interface between
> the GUI and the OpenVPN daemon on this list. Starting and stopping would
> be possibly by just running the main binary, but I think a more
> sophisticated status and diagnosis interface requires some other
> mechanism (e.g.
Pavlin,
Thanks for the patch. Is there any reason why someone might not want to have
multicast turned on by default, i.e. is there any chance this could break
something? Should it be controllable by an option?
James
Pavlin Radoslavov said:
> Hi!
>
> [OS: OpenBSD-3.5]
>
Torge Szczepanek said:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Hi!
>
> I am currently trying out OpenVPN 2.0 beta 4 using server mode.
>
> My config on the server looks like this:
>
> dev tun
> mode server
> ifconfig 192.168.100.1 192.168.100.2
>
> > PS: could I use windows version as OpenVPN Server?
>
> As a last resort only ;)
Actually, the OpenVPN server will run fine on Windows, though it may be
slightly less efficient than Linux on equivalent hardware.
James
Rainer Sokoll <r.sok...@intershop.de> said:
> On Sun, Jun 06, 2004 at 01:35:27AM -0000, James Yonan wrote:
>
> > * New feature: --status. Outputs a SIGUSR2-like
> > status summary to a given file, updated once
> > per n seconds. The status file is comma de
Jon,
Have you considered the possibility that there might be breakage in your
compilation environment, such as a mismatch between header files and shared
libraries?
I am saying this because I haven't seen any other reports of similar assertion
failures. If you are the only one seeing the
Denis Vlasenko said:
> On Saturday 05 June 2004 21:46, Mike Auty wrote:
> > Thanks for the super fast reply,
> > Sadly I don't have the facilities to build a new windows version.
> > Would you mind exaplaining briefly what it does? It only seems to
> >
Denis Vlasenko <v...@port.imtp.ilyichevsk.odessa.ua> said:
> On Saturday 29 May 2004 01:34, James Yonan wrote:
> > Jaye Mathisen <mr...@internetcds.com> said:
> > > It would be nice if openvpn could be configure to work with radius for
> >
> >
Jaye Mathisen said:
> It would be nice if openvpn could be configure to work with radius for
routing and
> IP assignment after the certificate was done. Would allow openvpn to be
integrated easily
> with existing infrastructure, instead of having to have a whole new
Denis,
That looks like a possible bug in the coarse timer update logic. The coarse
timer deals with events scheduled at a resolution denoted by an integer number
of seconds, such as pings. A timeout of one year is used as kind of
"effectively infinite" time interval. If you see this large
Ming-Ching Tiew said:
>
> Last night after posting to openvpn-user maillist about
> wanting to use zlib with OpenVPN, I had a look at the
> code. It seems the compression code is well-contained
> in lzo.c, I could even do a one-to-one swap of
> 'LZO_COMPRESS' with
Denis Vlasenko <v...@port.imtp.ilyichevsk.odessa.ua> said:
> On Sunday 16 May 2004 23:49, James Yonan wrote:
> > Denis,
> >
> > There are two ways of setting the MTU in OpenVPN, one is to use --tun-mtu
> > which doesn't include any encapsulation overhead, the oth
tell it to find functions in this special compatibility
library before looking for them in the normal C library."
James
Matthias Andree <ma+ov...@dt.e-technik.uni-dortmund.de> said:
> On Thu, 29 Apr 2004, James Yonan wrote:
>
> > Ooops... let's try that again with the correct
A new release of the 2.0 beta is available.
* One of the goals of OpenVPN 2.0 is extreme scalability, i.e. robustly
handling connections from potentially thousands of clients. To do this, some
kind of load balancing and failover capability is needed, because a single
OpenVPN daemon running on a
't forget to #DEFINE HAVE_GETTIMEOFDAY in
> config-win32.h. Let me know what you think.
> Derek Burdick
> - Original Message -----
> From: "James Yonan" <j...@yonan.net>
> To: "Derek Burdick" <de...@burdick.cc>;
> <openvpn-devel@lists.sourcefor
Lonnie Cumberland said:
> Hello All,
>
> Well, I've been away from the list for a little while and was wondering
> if someone could please bring me up to speed on the development of the
> "Many-to-One" TCP progress?
>
> It is my understanding that in the OpenVPN 2.0
Derek Burdick said:
> I was browsing the online CVS repository and noticed the
> config-win32.h.in says that HAVE_GETTIMEOFDAY is specified in misc.c. When
> I look in misc.c, I don't see the file. Is the latest version just not
> checked in? I also implemented a
Mike Auty said:
> Hi James,
> First off, great program, it's really amazing what you and the
> other developers have achieved.
> Secondly the new 2.0 seems to be working out quite well, but I ran
> into a little difficulty. The problem I was having turned out to
This latest 2.0 beta has some cool new features including tap interface
support and customization of configuration based on the client certificate
common name.
The man page on the web site now shows all new 2.0 options, and the release
notes on the web site shows sample config files for tap-style
Miika Keskinen said:
> Hi.
>
> How much functionality there needs to be implemented in order to get
> multiple connections with one tap-adapter working? And then, should that
> be implemented either by implementing ethernet-switch or maybe even with
> bridging-code? Normally
Arkadiusz Patyk said:
> Hi
>
> ifconfig-pool is fine, but I would need an option for IP
> reservation for users.
> The reservation could be realized on thebase of x509name
>
> for example:
>
> fixed-address 10.8.0.46
Matthias Andree <ma+ov...@dt.e-technik.uni-dortmund.de> said:
> On Tue, 30 Mar 2004, James Yonan wrote:
>
> > OpenVPN 2.0 -- Project Update and Release Notes
> >
> > I'm happy to announce that the first OpenVPN 2.0 beta is here, and well
> > ahead
> >
Arkadiusz Patyk said:
> Hi
>
> Two very significant things for me are:
> 1. In my configurations, VPN users have different rights to resources
> (access list on firewall - iptables). I have to know client IP to
> correctly setup firewall, how can i do this in 2.x ? How can
Marc Hassman said:
> A question and a suggestion:
>
> Q: This is probably an XP problem rather than a OpenVPN one. With Windows XP
> as a client, I can
> add an arbitrary route using the 'route' statement and I observe it being
> added in the 'route print' listing.
>
Matthias Andree said:
> On Sun, 29 Feb 2004, Christian Daniel wrote:
>
> > Hello everybody!
> >
> > For a student research project I'm trying to add multi instance capability
> > to
> > OpenVPN. The basic idea is to rip the main openvpn()-function
Juan Rodriguez Hervella said:
> Hello,
>
> I've just subscribed to this list, but I've read on the
> archives that the --redirect-gateway function is not
> working yet on FreeBSD because of the problem of
> retreiving the address of the default gateway.
>
> I've just written a
Juan Rodriguez Hervella said:
> Hello,
>
> I've just realized that openVPN-1.6rc1 only supports
> "inetd nowait" for the TLS case.
>
> I understand that it is not possible to have "nowait" behaviour
> for multiple clients with different secrets, but it would be still possible
This is a release candidate for 1.6.0.
The main change from 1.6-beta7 is that the Windows version now uses --ip-win32
dynamic by default.
Change Log:
2004.03.02 -- Version 1.6-rc1
* For Windows, make "--ip-win32 dynamic" the default.
* For Windows, make "--route-delay 10" the default
unless
Matthias Andree said:
> Hi,
>
> the files list.c, mroute.c and multi.c appear to be missing from the
> BETA20 branch in CVS:
>
> ma@merlin:~/cvs-3rdparty/openvpn> LANG=C make -ks 2>&1 | grep ^make
> make[1]: *** No rule to make target `list.c', needed by
Christian Lademann said:
> Hello, James hello, Christian,
>
> is it also going to be supported in 2.0 to have multiple tup/tap interfaces
> but only a single TCP-port on the server side waiting for incoming
> connections?
The ultimate goal is to have all connection options
Matthias Andree <ma+ov...@dt.e-technik.uni-dortmund.de> said:
> On Mon, 01 Mar 2004, James Yonan wrote:
>
> > Christian Daniel <c...@cdaniel.de> said:
> >
> > > Hello everybody!
> > >
> > > For a student research project I'm trying to a
PremKumar Jayaram said:
> Hello Everybody,
>
> I need to compile the opnevpn code on windows 2000. Using Win DDK I was able
> to compile the driver code, but I am not able to compile the openvpn.c and
> other files. I tired to compile using VC++ 6.0 but there
Martin,
Thanks for the patch -- it looks good and I expect to merge it. I see that
you hardwire the choice for iproute2 vs. vanilla ip route + ifconfig at build
time. Do you think that makes sense, or would it be better to have an
--iproute2 run time flag?
James
Martin Hejl
Farkas Levente <lfar...@bnap.hu> said:
> James Yonan wrote:
> > Farkas Levente <lfar...@bnap.hu> said:
> >
> >
> >>Mathias Sundman wrote:
> >>
> >>>Hi!
> >>>
> >>> > we use our linux vpn gateway and
Farkas Levente said:
> Mathias Sundman wrote:
> > Hi!
> >
> > > we use our linux vpn gateway and some win2000 road warrior clients with
> > > openvpn. I would like to route all internet traffic trough our firewall
> > > from the windows clients.
> >
> > I´ve been thinking
Teemu Kiviniemi <teem...@iki.fi> said:
> Wed, 29-10-2003 at 23:38, James Yonan wrote:
>
> > I would rather see this fix accomplished by adding some kind of dummy call
> > early on in the initialization sequence to trigger the dynamic load of the
> > DNS
> >
Teemu Kiviniemi said:
> Hi,
>
> OpenVPN 1.5beta12 and the CVS version have a problem when --resolv-retry
> and --chroot are used at the same time. In chroot environment,
> gethostbyname() can't resolve the remote IP address:
>
> Wed Oct 29 17:19:17 2003 13: RESOLVE: Cannot
Teemu Kiviniemi said:
> Hi,
>
> I ran into problems in using --tls-verify to verify the remote host with
> --chroot enabled. --tls-verify runs the verify script with system()
> command, so it assumes that /bin/sh is available. Usually, in a chroot
> environment, that's not true.
Peter Sandström said:
> I'm currently working on this, but as James says. This patch will be
> far to intrusive to be merged into 1.5 this late.
> The entire socketlayer needs to be ripped out and redone since alot
> of the current code assumes that there is always exactly
julien Touche said:
> test between debian linux 2.4.21 <-> openbsd 3.4, beta12 on the 2 sides
> works well
>
> one comment for openbsd, "dev tun" doesn't work:
>
> Tue Oct 14 12:14:14 2003 6: /sbin/ifconfig tun delete
> ifconfig: SIOCGIFFLAGS: Device not configured
>
Peter Sandström said:
> Hey,
>
> What's the current status of the CVS tree? I can't login using anonymous
> access.
>
> I was planning on implementing multiple-connections-to-one-openvpn-instance
> since I need it for a usecase.
> Not beeing able to checkout the source
I have a new beta release available with some very cool new features:
* The TAP-Win32 driver on Windows can now emulate a "tun" point-to-point IP
interface. This completes the "compatibility matrix" meaning that OpenVPN on
Windows can now talk to OpenVPN on any other platform, including those
Matthias Andree <ma+ov...@dt.e-technik.uni-dortmund.de> said:
> On Mon, 15 Sep 2003, James Yonan wrote:
>
> > Yes, this is a problem. For OpenBSD to talk to Windows over OpenVPN, we
> > need
> > either a tun driver for Windows or a tap driver for OpenBSD.
> &
Bert Shuler said:
> James:
> Are you aware of a Windows tun project? While most windows users may
> prefer tap, I am interested in the point-to-point nature of the tun
> device. When setting up many routed connections, it seems that each TAP
> connection will use 1
I've made some significant changes in the TAP-Win32 driver, bringing it up to
SMP standards, and making some performance improvements in latency and overall
efficiency.
While it has admirably held up to my stress tests on a single processor XP
laptop, it needs testing on more machines, especially
Tom Bin said:
>
> It's really a good idea.
> I think the syntax is good enough...,
> maybe you can take the metric(route cost) into consideration.
That's a good idea. It looks like most IP stacks support metric, I see that
Windows does too so that is good.
> I would like to
One of the nice things about the --ifconfig option is that it lets you set TUN
adapter endpoint addresses (i.e. the virtual IP addresses for each end of the
tunnel) in a platform independent manner -- OpenVPN then translates the
--ifconfig option to the appropriate ifconfig command for your
> question regarding windows openvpn (thanks a lot for this :), is it
> possible to have some script executed (like add a route for the other
> side subnet) ?
I'm thinking about something like this in a more generalized context, where
OpenVPN running as a server would actually generate the
If anyone out there is running 1.5-beta5 or later on OpenBSD, FreeBSD, NetBSD,
Mac OS X, or Linux 2.2, please let me know.
I want to make sure that 1.5 is tested on everything before 1.5 final is
released.
Thanks,
James
Yes, currently the CIPE TAP driver has the capability to run on NT 4, 2K, and
XP, but this first beta release of OpenVPN has only been tested on XP so far,
because that's the only windows development machine I have access to right
now. OpenVPN uses a slightly forked version of the CIPE TAP, but
Well some good news on the development front...
(1) OpenVPN has finally been ported to Windows.
(2) TCP protocol support has been added.
The Windows port was made possible by a number of emerging developments, most
importantly the stabilizing of the TAP driver component of the Cipe-Win32
1.4.2 has been released. Details here:
http://openvpn.sourceforge.net/relnotes.html
James
Matthias Andree <ma+ov...@dt.e-technik.uni-dortmund.de> said:
> On Thu, 10 Jul 2003, James Yonan wrote:
>
> >
> > This is a maintenance release which (a) fixes the previously discussed ISO
> > C99
> > vararg efficiency bug, and (b) further stabilizes the e
This is a maintenance release which (a) fixes the previously discussed ISO C99
vararg efficiency bug, and (b) further stabilizes the experimental
--mtu-dynamic option which causes OpenVPN to perform internal datagram
fragmentation in cases where native IP fragmentation is broken.
Testing will be
1.4.0 and 1.4.1 have a fairly serious efficiency bug when built by compilers
which do not support ISO C99 vararg macros. If you run ./configure with 1.4.0
or 1.4.1 and you see this line:
checking for ISO C 1999 vararg macro support... no
you will be experiencing a significant slowdown due to
A debian bug report was submitted that inspired me to look deeper into the
operation of --dev and the new --dev-name flag.
--dev-name was a patch for tun.c which I received a few months ago, which only
really does anything for linux 2.4. On first glance it appeared nominally
useful, so I merged
This release fixes two bugs in 1.4.0, including a build issue on OpenBSD, and
a bug under Linux 2.4 that can cause 100% CPU utilization if the --verb 0
option is used to suppress all output.
In addition, if a Linux 2.4 TUN/TAP open attempt fails, the code will now fall
back to the 2.2 TUN/TAP
A couple of bugs have surfaced in 1.4.0, including a problem with --verb 0
under Linux 2.4 and a trivial compile problem for OpenBSD.
I'd like to release 1.4.1 soon, which resolves both of these issues.
Please test this release candidate if possible.
Download:
Aaron,
I've found that the linux scheduler on 2.4 does a fairly good job at giving
openvpn the CPU that it needs, even on a more heavily loaded system. When
openvpn is forwarding tunnel packets, it is essentially i/o bound, and as such
gets a priority boost. When TLS keys are being negotiated,
Download:
http://sourceforge.net/projects/openvpn/
Release Notes:
This release adds options for persistence of replay protection information
across sessions, pass through of IPv4 TOS bits from the TUN/TAP device to the
UDP link, some advanced MTU control options, moderate revamping of the build
This release candidate fixes some longstanding annoyances with the
openvpn.init script, making it more robust, with better sanity checks on
command line options, and more accurate reporting of fail/success status back
to the caller.
The later feature required some changes to the way that --daemon
How do most other initialization scripts handle the differences between bash 1
and 2? Do they just restrict themselves to the least common denominator (a)?
Or do they try to explicitly instantiate bash2 (b)?
-#!/bin/sh
+#!/bin/bash2
(b) could be risky if there are distros where where
This release candidate fixes some build problems that surfaced on the outliers
of the RedHat distribution (6.2 and 9.0). Other minor fixes as well (see the
change log).
Tarball is here:
http://openvpn.sourceforge.net/beta/openvpn-1.3.2.30.tar.gz
James
Aaron Sethman <andro...@ratbox.org> said:
>
> On Thu, 24 Apr 2003, James Yonan wrote:
> > Actually, I was thinking more about the situation where people are forced to
> > tunnel IP over TCP, for whatever reason, when UDP is not an option. Since
> > IP
&
Aaron Sethman <andro...@ratbox.org> said:
>
>
> On Wed, 23 Apr 2003, Matthias Andree wrote:
>
> > On Wed, 23 Apr 2003, James Yonan wrote:
> >
> > > I wonder if one could build a better tcp-over-tcp by doing some
> > > intelligent
> >
We're on the final stretch for 1.4.0, so if possible, please give this release
a spin.
http://openvpn.sourceforge.net/beta/openvpn-1.3.2.24.tar.gz
I plan to release 1.4.0 shortly if there are no problems.
James
Matthias Andree said:
> On Sat, 19 Apr 2003, Aaron Sethman wrote:
>
> > I'm not necessarly sure it belongs in OpenVPN, but then again, I can see
> > the advantages to automatically failover to other links. Perhaps
> > abstracting things out in the code a
ware being installed at both ends, or OS-specific solutions.
>
> Thanks,
>
> - R. Latimer
>
> -Original Message-
> From: James Yonan [mailto:j...@yonan.net]
> Sent: Thursday, 17 April 2003 22:40
> To: R. Latimer
> Subject: Re: Multi-channel VPN
>
>
&g
Matthias Andree <ma+ov...@dt.e-technik.uni-dortmund.de> said:
> On Thu, 17 Apr 2003, James Yonan wrote:
>
> > A better alternative (orginally suggested by you) is to avoid fragmenting in
> > the first place by bouncing back ICMP_DEST_UNREACH/ICMP_FRAG_NEEDED to
Matthias Andree said:
> > http://openvpn.sourceforge.net/beta/openvpn-1.3.2.21.tar.gz (or CVS)
>
> I have a next round of patches to fix prototypes and types to quench
> compiler warnings and get a more robust source code against changed
> environments, to
Matthias Andree said:
> > What the FRAGMENT_ENABLE code does is to add an extra 4 byte header to each
> > datagram that includes, among other things, feedback on the number of
> > datagrams received as well as the maximum datagram size received. This
> > information can
OpenVPN continues to evolve, and I thought I would take this opportunity to
briefly describe some of the current directions in the project (which,
incidentally, has passed its 1 year milestone).
For one, a new OpenVPN beta is available and testing would be appreciated.
t, 15 Mar 2003, James Yonan wrote:
>
> > Yes, I think we should try to fix if it's only a trivial cast involved to
> > silence the warning.
> >
> > I don't see them on gcc 2.96, even with "-Wall -W -Wpointer-arith
> > -Wsign-compare -Winline".
>
>
If you have a chance, please test this beta. I mostly use linux 2.4 for
development, so I don't have much of a chance to test on linux 2.2 and
non-linux OSes.
Since the last beta announcement on this list, there's been a bunch of changes
including build system portability fixes, --dev-name, and
Christian,
Rather than put a lot of scripting language infrastructure into OpenVPN's
config file parser, why not just use a shell script, i.e.:
openvpn --dev-name vpn_${CUSTNO} \
--port 5${CUSTNO} \
--ifconfig 10.0.0.1 10.0.${CUSTNO}.1 \
--dev-type tun \
Jan Johansson <jan.johans...@biomatsys.com> said:
> On Sun, 2003-02-23 at 17:10, James Yonan wrote:
> > Russ,
> >
> > Have you tried the tracepath utility to attempt to measure the Path MTU?
> >
> > Are the routers in the path properly forwarding I
Aaron Sethman <andro...@ratbox.org> said:
>
> On Sat, 22 Feb 2003, James Yonan wrote:
> > This might be handled in a way similar to --ping-restart or SIGHUP/SIGUSR1,
> > where the openvpn daemon would essentially restart if the MTU size changed.
> > This would be
tunnels over tunnels, the lower-level (more nested) tunnels
will need lower --udp-mtu settings.
Longer-term, I hope to put some intelligence in OpenVPN to do this
automatically.
James
R P Herrold <herr...@owlriver.com> said:
> On Sat, 22 Feb 2003, James Yonan wrote:
>
> > Recentl
301 - 400 of 468 matches
Mail list logo