Hi,
On Mon, Jul 13, 2020 at 10:07:38AM +0400, dm wrote:
> Forgot to add info from server console, last messages are:
>
> 2020-07-13 10:04:41 us=435946 10.1.1.17:53148 WARNING: 'version' is used
> inconsistently, local='version V4', remote='version V0 UNDEF'
> 2020-07-13 10:04:41 us=435976
13.07.2020 09:36, Dmitry Melekhov пишет:
12.07.2020 04:05, Arne Schwabe пишет:
Am 23.06.20 um 11:12 schrieb Dmitry Melekhov:
23.06.2020 13:02, Gert Doering пишет:
That patch is from Steffan, and review has been sitting in my lap for
way too long. Need to see if it still applies.
12.07.2020 04:05, Arne Schwabe пишет:
Am 23.06.20 um 11:12 schrieb Dmitry Melekhov:
23.06.2020 13:02, Gert Doering пишет:
That patch is from Steffan, and review has been sitting in my lap for
way too long. Need to see if it still applies.
Unfortunately it is not compatible with 2.4.9,
Am 23.06.20 um 11:12 schrieb Dmitry Melekhov:
> 23.06.2020 13:02, Gert Doering пишет:
>>
>>
>> That patch is from Steffan, and review has been sitting in my lap for
>> way too long. Need to see if it still applies.
>>
>
> Unfortunately it is not compatible with 2.4.9, because of introduced
>
On 22-06-2020 19:59, David Sommerseth wrote:
> On 22/06/2020 14:43, Steffan Karger wrote:
>> On 22-06-2020 14:29, David Sommerseth wrote:
>>> On 22/06/2020 14:21, Arne Schwabe wrote:
> PrivateTmp=true
> WorkingDirectory=/etc/openvpn/server
> -ExecStart=@sbindir@/openvpn --status
Hi,
On 22-06-2020 16:01, Arne Schwabe wrote:
> Am 22.06.20 um 14:43 schrieb Steffan Karger:
>> Maybe these should be the steps:
>>
>> 2.4: Use to AES-256-GCM when available (basically what NCP did)
>> 2.5: Switch to AES-256-GCM as the default cipher (but allow overriding)
>> 2.6: Remove support
24.06.2020 14:12, Arne Schwabe пишет:
There are openvpn 2.3 clients in 3g routers which are built without
ability to inform server about cipher, so server uses default cipher for
them,
in case you need to change default cipher on server you can't do this ,
because clients will not work, it is
> There are openvpn 2.3 clients in 3g routers which are built without
> ability to inform server about cipher, so server uses default cipher for
> them,
>
> in case you need to change default cipher on server you can't do this ,
> because clients will not work, it is also impossible to change
Hi,
On Tue, Jun 23, 2020 at 01:12:42PM +0400, Dmitry Melekhov wrote:
> 23.06.2020 13:02, Gert Doering ??:
> > That patch is from Steffan, and review has been sitting in my lap for
> > way too long. Need to see if it still applies.
>
> Unfortunately it is not compatible with 2.4.9,
23.06.2020 13:02, Gert Doering пишет:
That patch is from Steffan, and review has been sitting in my lap for
way too long. Need to see if it still applies.
Unfortunately it is not compatible with 2.4.9, because of introduced
change...
___
Hi,
On Tue, Jun 23, 2020 at 10:34:47AM +0200, Arne Schwabe wrote:
> > Well, may be it is possible to add support for setting cipher in ccd
> >
> > as it was possible before 2.4.9 using patch from here
> >
> > https://community.openvpn.net/openvpn/ticket/845
> >
>
> I get that this might have
23.06.2020 12:34, Arne Schwabe пишет:
Am 23.06.20 um 06:16 schrieb Dmitry Melekhov:
22.06.2020 20:58, Selva Nair пишет:
+*WARNING* This MAY break configurations where the client uses
+ ``--disable-occ`` feature where the ``--cipher`` has
+ not been explicitly
Am 23.06.20 um 06:16 schrieb Dmitry Melekhov:
> 22.06.2020 20:58, Selva Nair пишет:
>> +*WARNING* This MAY break configurations where the client uses
>> + ``--disable-occ`` feature where the ``--cipher`` has
>> + not been explicitly configured on both client and
>>
22.06.2020 20:58, Selva Nair пишет:
+*WARNING*This MAY break configurations where the client uses
+``--disable-occ`` feature where the ``--cipher`` has
+not been explicitly configured on both client and
+server side. It is recommended to
[resent for the ML inclusion]
On 22/06/2020 18:58, Selva Nair wrote:
> On Mon, Jun 22, 2020 at 7:31 AM David Sommerseth wrote:
[...snip...]
>> +ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log
>> --status-version 2 --suppress-timestamps --cipher AES-256-GCM --ncp-ciphers
>>
On 22/06/2020 14:43, Steffan Karger wrote:
> Hi,
>
> On 22-06-2020 14:29, David Sommerseth wrote:
>> On 22/06/2020 14:21, Arne Schwabe wrote:
>>>
PrivateTmp=true
WorkingDirectory=/etc/openvpn/server
-ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log
On 22/06/2020 19:20, André via Openvpn-devel wrote:
> Hi,
>
>
> Sent with ProtonMail Secure Email.
>
> ‐‐‐ Original Message ‐‐‐
> On Monday 22 June 2020 18:58, Selva Nair wrote:
>
>> On Mon, Jun 22, 2020 at 7:31 AM David Sommerseth dav...@openvpn.net wrote:
>>
>>> This change makes
Hi,
Sent with ProtonMail Secure Email.
‐‐‐ Original Message ‐‐‐
On Monday 22 June 2020 18:58, Selva Nair wrote:
> On Mon, Jun 22, 2020 at 7:31 AM David Sommerseth dav...@openvpn.net wrote:
>
> > This change makes the server use AES-256-GCM instead of BF-CBC as the
> > default cipher
On Mon, Jun 22, 2020 at 7:31 AM David Sommerseth wrote:
>
> This change makes the server use AES-256-GCM instead of BF-CBC as the
> default cipher for the VPN tunnel when starting OpenVPN via systemd
> and the openvpn-server@.service unit file.
>
> To avoid breaking existing running
Am 22.06.20 um 14:43 schrieb Steffan Karger:
> Hi,
>
> On 22-06-2020 14:29, David Sommerseth wrote:
>> On 22/06/2020 14:21, Arne Schwabe wrote:
>>>
PrivateTmp=true
WorkingDirectory=/etc/openvpn/server
-ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log
Hi,
On 22-06-2020 14:29, David Sommerseth wrote:
> On 22/06/2020 14:21, Arne Schwabe wrote:
>>
>>> PrivateTmp=true
>>> WorkingDirectory=/etc/openvpn/server
>>> -ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log
>>> --status-version 2 --suppress-timestamps --config %i.conf
On 22/06/2020 14:21, Arne Schwabe wrote:
>
>> PrivateTmp=true
>> WorkingDirectory=/etc/openvpn/server
>> -ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log
>> --status-version 2 --suppress-timestamps --config %i.conf
>> +ExecStart=@sbindir@/openvpn --status
> PrivateTmp=true
> WorkingDirectory=/etc/openvpn/server
> -ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log
> --status-version 2 --suppress-timestamps --config %i.conf
> +ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log
> --status-version 2
This change makes the server use AES-256-GCM instead of BF-CBC as the
default cipher for the VPN tunnel when starting OpenVPN via systemd
and the openvpn-server@.service unit file.
To avoid breaking existing running configurations defaulting to BF-CBC,
the Negotiable Crypto Parameters (NCP) list
24 matches
Mail list logo
