old
- git it is! :-)
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
the
server components for parsing environment vars pushed by the client
Is there any reason that "feature" still isn't present? I mean - it's a
bug - there's no point in having the client support a feature that the
server can't even interpret?
--
Cheers
Jason Haar
Corporate Informat
e if there are other ways to achieve that - but this is what has
> been told to me...
I can confirm that is precisely the way we use openvpn. We use it as an
"always on vpn" and so it needs to be running via a service at boot
time. nssm works well for us in that regard
--
Cheers
Jason Haar
4 16:18 nf_nat_sip.ko.xz
-rw-r--r-- 1 root root 1764 Aug 4 16:18 nf_nat_tftp.ko.xz
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
ke me who use it will have to move to the new format ;-)
The migration plan Steffan suggested sounds perfect
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
sign
al|required)" - with the
default still being "required" of course - sort of like Apache's
SSLVerifyClient
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
et is fine - it's the vpn
that's broken". I really doubt any vpn software could better compensate
for that corner case - and I think that fits the description of "lossy
network" well.
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1
as openvpn as a Unix service
Jason
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
running on that for some time now - but just tried out
2.3.6 - and discovered that support still wasn't in there!
Was it dropped for some reason, or was/is 2.3_git not a true
representation of what ended up in the official 2.3 series? The missing
code was in src/openvpn/misc.c
Thanks
--
Cheers
Jason
what I think about this needing to be an "openvpn ping" type
solution: it is irrelevant if the server is up or even if openvpn tcp
ports appear to be open, it's only evidence that openvpn is working that
should be taken as evidence that openvpn is - well - working :-)
--
Cheers
Jason Haar
C
nts back to their "home" vpn
router complain that VoIP is awful, whereas those that vpn'ed into the
corporate site down the road from their hotel, they get much better
realtime performance. And if they don't - the company can do something
to fix that - whereas we have no ability to improv
and/or using "route-noexec/route-nopull", etc). However, the server
can't tell the client to become a router (therefore opening up the
client's internal network to be accessible from the server), nor can it
force the client to create local accounts, install software, etc. So
what are the
set management *much* easier and means you get
marvellous side-effects like I can be SSH-ed into a work machine at
home, suspend my laptop, go to another building and get an completely
different Internet address, and yet seconds later have openvpn
auto-reconnect to work and find my SSH session still
ning
> Cloud computing makes use of virtualization - but cloud computing
> also focuses on allowing computing to be delivered as a service.
> http://www.accelacomm.com/jaw/sfnl/114/51521223/
> ___
> Openvpn-devel mailing list
> Openvpn-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openvpn-devel
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
ally if it's crashed.
Good point. I reported this in Mar last year ("bugs with
openvpnserv.exe") and it seems it was acknowledged as an issue. Is that
fixed now? Would be great to see openvpn.exe restarting on error -
without having to resort to srvany or nssm ;-)
Thanks
--
Cheers
-proxy if it has to. Basically, you'd be guaranteed a working VPN
session on any network that you're meant to be able to do such things on
(with one config).
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
rypted "skype protocol".
i.e. if an organization has a policied BlueCoat transparent HTTPS proxy,
and general egress filtering, does Skype work?
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9
ed" CAs
I think you'll be out of luck making openvpn run through such an environment
> Also, doesn't this make openvpn different from other SSL VPNs which
> advertise the fact that they are truly SSL?
>
Yes it does
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigatio
y I think a "pre" script option would be a good idea.
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
surprised I've missed it :-}
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
blem I see is that we make extensive use of "--up"/etc scripts
and a user can sometimes do several "up->down->up" in a row - which
leads to "flapping" checks. If the server was told the client was
leaving, this would reduce these issues).
--
Cheers
Jason Haar
Inform
finer grained in our
reactions without resorting to such methods.
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
certainly be a good thing ;-)
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
almost any network imaginable -
without user intervention.
Thanks!
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
rofiles? :-)
In a similar vein, the following ticket is in the bug tracking system -
there seems to be a general problem with mixing TCP and UDP options (eg
mssfix, nobind, fragment)
http://sourceforge.net/tracker/index.php?func=detail=2945147_id=48978=454720
--
Cheers
Jason Haar
Information Sec
. Could it be simply overloaded? When
you're nailing 70Mbs through it, how does it look?
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
en I
created the key and restarted openvpn, Win7 recategorized the interface
as "domain" - which is exactly right!
Shouldn't openvpn ensure it sets the same registry keys during install -
so that this always happens?
Thanks
Jason
On 02/25/2010 10:10 PM, Jason Haar wrote:
> Thanks Leon
On 02/03/2010 10:09 PM, Samuli Seppänen wrote:
> Hi Jason,
>
> You can file bugs to our SF.net bug tracker:
>
Thanks! Done it: 2945154 and 2945147
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprin
Hi there
I think I've found bugs in openvpn (nobind doesn't work with UDP) and
the openvpnserv.exe for Windows (sometimes doesn't fully close down -
meaning you can't restart openvpn.exe), is there an official channel for
reporting bugs?
Thanks
--
Cheers
Jason Haar
Information Security
erver problem. "nobind" only works in client mode
If you're using tun interfaces, you'll need to split your pool range
between the two instances.
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
nd lport=>1023 for tcp
Jason
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
n
still explicitly binds to 1194. I always read the manpage as meaning
"nobind" meant "let the OS decide what port to use". In fact, I just
tried "lport 2" and that didn't work either! It still used 1194.
--
Cheers
Jason Haar
Information Security Manager, Trim
32 matches
Mail list logo