On 28.02.2010 14:22, David Sommerseth wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 26/06/09 17:00, Arne Schwabe wrote:
Hi,
I have written a simple plugin for packet filtering that looks up fw rules
in the order
Commonname.pf
IP_Port.pf
IP.pf
default.pf
If one of this files is
On 02/28/2010 07:22:16 AM, David Sommerseth wrote:
> On 26/06/09 17:00, Arne Schwabe wrote:
> > Hi,
> >
> > I have written a simple plugin for packet filtering that looks up
> fw
> rules
> > in the order
> >
> > Commonname.pf
> > IP_Port.pf
> > IP.pf
> > default.pf
> >
> > If one of this files is
On 02/28/2010 08:50:01 AM, Gert Doering wrote:
> Hi,
>
> while working on "make IPv6 payload work on Win32", I found something
> quite peculiar for OpenBSD in the OpenVPN code.
>
> Now, for all operatings systems *except* Win32 and OpenBSD, the
> sequence
> of execution is
>
> open_tun()
>
On 02/28/2010 02:04:01 PM, Stefan Monnier wrote:
>
> I'm at a loss when it comes to try and imagine someone who's used to
> the
> current behavior and bothered by the new behavior. Really. How can
> the
> current behavior ever be preferable? Why would someone ever prefer
> that
> a route
Yes, it is better than current. Should use --host= and not --target=
for cross compile.
1. I would not touch host_alias it is irrelevant and may lead to
problems. Use only host variable in autoconf.
2. The case in autoconf should be '*-*-os*)' and not '*os*)'
3. I don't think it is so important
I disagree.
First certificate tells you nothing, usually you have several
(signing, authentication, decryption).
First is random, and random is bad.
After a while the old certificates also expires and you have new ones
added to the card.
It would be not wise to enforce your card scheme on others.
From: Karl O. Pinc
---
openvpn.8 | 22 +-
1 files changed, 13 insertions(+), 9 deletions(-)
diff --git a/openvpn.8 b/openvpn.8
index f1612a7..0150ba7 100644
--- a/openvpn.8
+++ b/openvpn.8
@@ -4232,11 +4232,23 @@ test).
.B cmd
should return 0 to
On 02/28/2010 10:24:36 PM, Peter Stuge wrote:
> David Sommerseth wrote:
> > +++ b/options.c
> > @@ -529,6 +529,9 @@ static const char usage_message[] =
> >" tests of certification. cmd should return 0
> to allow\n"
> >" TLS handshake to proceed, or 1 to
Karl O. Pinc wrote:
> > > + "--tls-export-cert [directory] : Get peer cert in PEM format and
>
> There is no man page. It's in sample-scripts/.
It's a new option, right?
//Peter
On 02/28/2010 11:32:46 PM, Karl O. Pinc wrote:
> However, the openvpn(8) --tls-verify section of the man page
> is poor. I just sent another patch that clarifies it.
> Perhaps this is what you're looking for? If not then
> just ignore my man page patch.
I just sent another man page patch to be
On 02/28/2010 11:39:11 PM, Peter Stuge wrote:
> Karl O. Pinc wrote:
> > > > + "--tls-export-cert [directory] : Get peer cert in PEM format
> and
> >
> > There is no man page. It's in sample-scripts/.
>
> It's a new option, right?
The sample script has a new option, yes. But the
--tls-verify
From: Karl O. Pinc
---
openvpn.8 |4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/openvpn.8 b/openvpn.8
index 9512fc3..70e1e68 100644
--- a/openvpn.8
+++ b/openvpn.8
@@ -4235,8 +4235,8 @@ should return 0 to allow the TLS handshake to proceed, or
1
From: Karl O. Pinc
---
openvpn.8 |2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/openvpn.8 b/openvpn.8
index 70e1e68..51d6ac5 100644
--- a/openvpn.8
+++ b/openvpn.8
@@ -4236,7 +4236,7 @@ should return 0 to allow the TLS handshake to proceed, or
1
Hi,
On Sun, Feb 28, 2010 at 10:13:10PM -0600, Karl O. Pinc wrote:
> So, you should not need to do the ifconfig at all unless you're
> interested in tap functionality or there's other odd
> frobbing going on.
You need ifconfig to set an IP address :-) - which might be considered
"odd frobbing",
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/03/10 04:52, Karl O. Pinc wrote:
>>> If one of this files is found the file is used as PF configuration.
>> > Maybe
>>> > > this plugin is useful for someone else.
>> >
>> > Hi!
>> >
>> > Thank you for your patches. I've been looking at both
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/03/10 06:32, Karl O. Pinc wrote:
> On 02/28/2010 10:24:36 PM, Peter Stuge wrote:
>> David Sommerseth wrote:
>>> +++ b/options.c
>>> @@ -529,6 +529,9 @@ static const char usage_message[] =
>>>" tests of certification. cmd
Hi,
On Sun, Feb 28, 2010 at 10:25:10PM +0100, David Sommerseth wrote:
> I'm reviewing this patch in the patch tracker, and cannot make up my
> mind if this is correct or not. Can someone please advise if this is
> something we should include or not?
>
>
On 01.03.2010 11:16, David Sommerseth wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 28/02/10 15:56, Arne Schwabe wrote:
On 28.02.2010 14:22, David Sommerseth wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 26/06/09 17:00, Arne Schwabe wrote:
Hi,
I have written a simple
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/03/10 12:03, Arne Schwabe wrote:
> On 01.03.2010 11:16, David Sommerseth wrote:
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
>> On 28/02/10 15:56, Arne Schwabe wrote:
>>> On 28.02.2010 14:22, David Sommerseth wrote:
-BEGIN
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi all!
I am delighted to see that more people begin to respond to patches being
sent. These discussions are crucially important for us and the OpenVPN
community, and even the OpenVPN company I would presume.
However, I would like you to do a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 28/02/10 15:28, Gert Doering wrote:
> Hi,
>
> On Sun, Feb 28, 2010 at 01:50:35PM +0100, David Sommerseth wrote:
>> There are commands in the management interface which require the cid. The
>> only way at the moment to get the cid of connected
Hello,
there are so many complains about openvpn performance in proto tcp mode
that it is almost unbelievable that nobody took care of it. I am using two
20/20 MB connections and openvpn
tunnel in tcp mode. without vpn my ping is about 10ms but with vpn it jumps to
520ms. What is most
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/03/10 13:04, booyakasha wrote:
> Hello,
> there are so many complains about openvpn performance in proto tcp mode
> that it is almost unbelievable that nobody took care of it. I am using two
> 20/20 MB connections and openvpn
> tunnel in tcp
On 02/28/2010 11:52:56 PM, Karl O. Pinc wrote:
> On 02/28/2010 11:39:11 PM, Peter Stuge wrote:
> > Karl O. Pinc wrote:
> > > > > + "--tls-export-cert [directory] : Get peer cert in PEM
> format
> > and
> > >
> > > There is no man page. It's in sample-scripts/.
> >
> > It's a new option, right?
On 03/01/2010 04:22:04 AM, David Sommerseth wrote:
> On 01/03/10 06:32, Karl O. Pinc wrote:
> > On 02/28/2010 10:24:36 PM, Peter Stuge wrote:
> >> David Sommerseth wrote:
> >>> +++ b/options.c
> >>> @@ -529,6 +529,9 @@ static const char usage_message[] =
> >>>" tests of
I spend much time on this problem and it is not simple question of
configuration to be
discussed on users forum. I've tried all sort combinations of MTU sizes from
extremally small to very big all settings regarding MSS, RWIN, mssfix and so
on... I'm not accuseing anyone because of
>> If someone could give at least some vaguely plausible scenario,
>> that'd help.
> Maybe there's more than one tunnel and there's some stupid
> load balancing going on using a hosts file? (Along with
> deleting all non-vpn routes.)
[ Setting aside the fact that using OpenVPN's broken handling
Hello list,
Thanks a lot for the great software you are building here!
I have a little announcement:
"On wednesday, March 03, Packt author Markus Feilner will have a signing event
at the
german Cebit IT conference (http://www.cebit.de). In hall 2, at the booth of
his employer
Linux New
On 03/01/2010 08:12:03 AM, Stefan Monnier wrote:
> >> If someone could give at least some vaguely plausible scenario,
> >> that'd help.
> > Maybe there's more than one tunnel and there's some stupid
> > load balancing going on using a hosts file? (Along with
> > deleting all non-vpn routes.)
>
>
Hi,
On Sun, Feb 28, 2010 at 02:59:42PM +0100, David Sommerseth wrote:
> It should be nice to enhance tls-verify check possibilities against peer
> cert during a pending TLS connection like :
> - OCSP verification
> - check any X509 extensions of the peer certificate
> - delta CRL verification
> -
Hi,
I noted we've had some problems testing the new code against some OS'es
(e.g. OpenBSD), so I just sent a "OpenVPN testers wanted" mail to the
"openvpn-users" list:
http://sourceforge.net/mailarchive/forum.php?thread_name=4B8BF01A.20501%40openvpn.net_name=openvpn-users
I suggest we use a new
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
From: Jan Brinkmann
There was a debian bugreport which was filed in 2005 . It was patched but
it seems that nobody forwarded the patch to the openvpn project itself.
The problem is quite simple:
The dashes for
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/03/10 22:09, Bernhard Schmidt wrote:
> David Sommerseth wrote:
>
> Hi David,
>
>>> David, could you please pull my branch from Berni, and move that patch
>>> to wherever bugfixes/code cleanups go? It should
On Tue, Jan 26, 2010 at 05:51:36PM +0200, Pasi Kärkkäinen wrote:
> On Wed, Dec 16, 2009 at 10:48:30AM +0200, Pasi Kärkkäinen wrote:
> > On Thu, Dec 10, 2009 at 02:15:01PM +0200, Pasi Kärkkäinen wrote:
> > > Hello,
> > >
> > > I'm having some problems with OpenVPN (2.1rc20) on Windows Vista.
> >
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/03/10 22:41, Bernhard Schmidt wrote:
> Hi David,
>
>>> It doesn't make a difference at the moment (since the patch came from
>>> feat_ipv6_payload in the first place), but what's the general wish for
>>> the future? What to rebase on?
>>
>> To
On 01.03.2010 22:59, David Sommerseth wrote:
Could you please have a look at git://git.birkenwald.de/openvpn.git
test-rebase branch? The history of gert-ipv6 was starting to look a bit
weird (duplicate commits with the same content), to I rebased it on your
bugfix2.1 branch (and dropped the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 28/02/10 14:44, David Sommerseth wrote:
> From: Enrico Scholz
>
> I am running a multihomed host where 'local ' must be specified
> for proper operation. Unfortunately, this implies 'lport 1194' or
> another
From: Mathieu GIANNECCHINI
It should be nice to enhance tls-verify check possibilities against peer
cert during a pending TLS connection like :
- OCSP verification
- check any X509 extensions of the peer certificate
- delta CRL verification
- ...
This patch add a new
38 matches
Mail list logo