Hello,
Jonathan K. Bullard, on dim. 01 avril 2018 06:17:55 -0400, wrote:
> Either way, can anyone give an approximate release date for 2.5, so we
> can have a time frame for the change? (Even a "not before" date would
> be very helpful in evaluating the impact of these proposed changes.)
I guess
Hello,
Gert Doering, on Mon 20 Jun 2016 08:40:12 +0200, wrote:
> I'm wondering how you do the resiliency. Traditionally, one would set up
> the routes on client-connect/client-disconnect (or via --learn-address),
> so it's under your control anyway
Ah, right, yes, we do that, and we announce
David Sommerseth, on Mon 20 Jun 2016 01:23:34 +0200, wrote:
> On 19/06/16 22:21, Samuel Thibault wrote:
> > Samuel Thibault, on Sun 19 Jun 2016 21:45:38 +0200, wrote:
> >> So we need the attached change, which just adds "protocol static", to
> >> expre
Samuel Thibault, on Sun 19 Jun 2016 21:45:38 +0200, wrote:
> So we need the attached change, which just adds "protocol static", to
> express that the routes created by openvpn are to override other
> dynamic routing.
Of course, v6 needs it too.
Samuel
--- a/route.c
+++ b
Hello,
Here we used two openvpn servers for resiliency, and we use the bird
bgp daemon to make the two boxes exchange routes. Bird however does not
pick up openvpn's routes because they are considered as "protocol boot"
in Linux' "ip route" terms, i.e. they are assumed to be an automatic
David Sommerseth, on Wed 10 Feb 2016 01:56:57 +0100, wrote:
> > 2 minutes after the client disconnected, which would probably be fine
> > enough for our use case.
>
> If you use --proto udp, then it can take up to --ping-reset $SEC to trigger
> (IIRC). You can use explicit-exit-notify to avoid
Hello,
Gert Doering, on Tue 09 Feb 2016 10:28:21 +0100, wrote:
> Alternatively, using
> --learn-address might actually be much easier than --client-connect, as
> it will already tell you which networks are "new for this client" - from
> the description, I'm fairly sure it handles
Gert Doering, on Tue 09 Feb 2016 12:58:26 +0100, wrote:
> On Tue, Feb 09, 2016 at 11:58:39AM +0100, Samuel Thibault wrote:
> > I have tried putting
> >
> > iroute-ipv6 2a01:474:5:1100::/56
> >
> > in the ccd, but from the learn-address script the environmen
Gert Doering, on Tue 09 Feb 2016 11:46:25 +0100, wrote:
> On Tue, Feb 09, 2016 at 11:15:33AM +0100, Samuel Thibault wrote:
> > Gert Doering, on Tue 09 Feb 2016 10:28:21 +0100, wrote:
> > > On Mon, Feb 08, 2016 at 10:39:29PM +0100, Samuel Thibault wrote:
> > > > I
Samuel Thibault, on Mon 08 Feb 2016 22:39:29 +0100, wrote:
> We could of course use the --up script to set the routes,
Oops, sorry, I didn't mean --up, but client-connect of course.
Samuel
Hello,
Is there a reason for not being allowed to set route / route-ipv6
options in the ccd?
Here is our need: we have two openvpn daemons running on the same
server, one in udp mode, the other in tcp mode. Both have the same
configuration, that setup is meant for our users to use whichever
Gert Doering, le Tue 11 Aug 2015 07:59:06 +0200, a écrit :
> > I can see that when accounting fails, an
> > exception is thrown, to return an error to openvpn and thus prevent
> > the connection. I guess this is an important part that shouldn't be
> > dropped, but I don't see a way to make it
Samuel Thibault, le Tue 11 Aug 2015 01:28:02 +0200, a écrit :
> Here is the log I'm having, for instance on a :
user connection, I meant
Samuel
Hello,
Lev Stipakov, le Fri 31 Jul 2015 11:19:15 +0300, a écrit :
> Do you use radius plugin from http://www.nongnu.org/radiusplugin/ ? I
> think the way OpenVPN delegates authentication to a plugin
> (OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY hook) is asynchronous, as well
> as plugin implementation,
Илья Шипицин, le Fri 31 Jul 2015 14:54:02 +0500, a écrit :
> it is too early to talk about central repository, currently I'm the
> only user of that plugin
But without a central repository where people would get to know about
your version, then it's even more probable that you'll remain the only
Samuel Thibault, le Fri 31 Jul 2015 11:32:06 +0200, a écrit :
> # Allows the plugin to use auth control files if OpenVPN (>= 2.1 rc8)
> provides them.
> # default is false
> # useauthcontrolfile=false
>
> Why is the default false??
And still... The main loop uses
pthre
Samuel Thibault, le Fri 31 Jul 2015 11:24:51 +0200, a écrit :
> Lev Stipakov, le Fri 31 Jul 2015 11:19:15 +0300, a écrit :
> > Do you use radius plugin from http://www.nongnu.org/radiusplugin/ ? I
> > think the way OpenVPN delegates authenticat
Hello,
Lev Stipakov, le Fri 31 Jul 2015 11:19:15 +0300, a écrit :
> Do you use radius plugin from http://www.nongnu.org/radiusplugin/ ? I
> think the way OpenVPN delegates authentication to a plugin
> (OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY hook) is asynchronous, as well
> as plugin implementation,
Илья Шипицин, le Fri 31 Jul 2015 14:09:51 +0500, a écrit :
> I've rewritten radius thing with .net, my plugin performs queries to
> multiple radius servers in parallel, I'm using it with Mono in
> production for few months:
>
> https://github.com/skbkontur/openvpn-auth-radius
>
> I can help with
Hello,
We've been having issues on our VPN server due to the way authentication
is done in openvpn. Basically, when a user would connect to the VPN
server, no trafic would pass for a couple of seconds, thus making
the VPN way less effective... This was an unfortunate combination
of several
Hello,
Any news on this issue?
Samuel
Samuel Thibault, le Mon 27 May 2013 22:05:19 +0200, a écrit :
> Gert Doering, le Mon 27 May 2013 09:25:12 +0200, a écrit :
> > On Mon, May 27, 2013 at 12:36:39AM +0200, Samuel Thibault wrote:
> > > Gert Doering, le Sat 25 May 2013 13:58
David Sommerseth, le Fri 10 Oct 2014 12:13:42 +0200, a écrit :
> I think it would be better to move the unlink() code from
> multi_client_connect_post() into multi_connection_established(), where
> these temp files are created. This makes the code clearer and easier to
> understand.
Right, how
Hello,
Our openvpn server got out of free inodes in /tmp, making it quite
completely nonworking. This is due to some codepath in multi.c which
does not remove its temporary file (when a plugin callback returns an
error, or a client-connect script returns an error). Please see the
attached patch
David Sommerseth, le Fri 02 May 2014 01:39:05 +0200, a écrit :
> On 17/04/14 14:07, Lev Stipakov wrote:
> > Hello,
> >
> > Are there any plans to support ipv6 env vars in
> > client-connect/disconnect scripts?
> >
> > There are at least 2 tickes on that feature:
> >
> >
Gert Doering, le Mon 27 May 2013 09:25:12 +0200, a écrit :
> On Mon, May 27, 2013 at 12:36:39AM +0200, Samuel Thibault wrote:
> > Gert Doering, le Sat 25 May 2013 13:58:19 +0200, a écrit :
> > > > To make it short: yes, the ipv6 pool environment variables are useful,
>
t; This whole bit is overly complicated. Unlike IPv4, there is no "this
> could be a remote or a netmask" distinction,
Right, here is a simpler patch.
Samuel
Add IPv6 pool environment variable
Add the ifconfig_ipv6_pool_remote_ip environment variable, similar to
ifconfig_pool_remot
, ifconfig_ipv6_pool_remote_ip and
ifconfig_ipv6_pool_netbits environment variables, similar to
ifconfig_pool_local_ip, ifconfig_pool_remote_ip, and
ifconfig_pool_netmask.
Signed-off-by: Samuel Thibault <samuel.thiba...@ens-lyon.org>
diff --git a/doc/openvpn.8 b/doc/openvpn.8
index d590714..7
Gert Doering, le Thu 11 Apr 2013 11:36:08 +0200, a écrit :
> On Thu, Apr 11, 2013 at 10:36:57AM +0200, Samuel Thibault wrote:
> > Gert Doering, le Thu 11 Apr 2013 10:30:02 +0200, a écrit :
> > > Now, I'm wondering who is actually *using* the management interface on
> >
Gert Doering, le Thu 11 Apr 2013 10:30:02 +0200, a écrit :
> Now, I'm wondering who is actually *using* the management interface on
> the server side (where stuff like "status 2" makes a bigger difference).
We use kill to shut down the current VPN session of somebody who has
stopped paying for
, ifconfig_ipv6_pool_remote_ip and
ifconfig_ipv6_pool_netbits environment variables, similar to
ifconfig_pool_local_ip, ifconfig_pool_remote_ip, and
ifconfig_pool_netmask.
Signed-off-by: Samuel Thibault <samuel.thiba...@ens-lyon.org>
diff --git a/doc/openvpn.8 b/doc/openvpn.8
index d590714..7
30 matches
Mail list logo
