Le 14/08/2023 à 23:19, Jason Long a écrit :
Hi Bruno,
Thank you so much for your reply.
Both (Server and Client) can ping each other and without the local
statement my client can connect to the OpenVPN server.
My client connecting to the server via an internal network:
On 2023-08-14 11:38, David Sommerseth wrote:
Yes, this must go into the .ovpn file. And it might very much be that
> the NetworkManager-openvpn does not grok the compat-mode option - so
> you can't run it via NetworkManager.
Thanks! Fortunately, TIL, that $company will upgrade the firewall
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Sent with Proton Mail secure email.
--- Original Message ---
On Monday, August 14th, 2023 at 22:11, Jason Long wrote:
> On Mon, Aug 14, 2023 at 11:47 PM, tincantech
>
> > wrote:
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash:
On Mon, Aug 14, 2023 at 8:22 PM, Gert Doering
wrote: Hi,
On Mon, Aug 14, 2023 at 01:59:32PM +, Jason Long wrote:
> But I am sure that in a real environment such a scenario can also exist.
> Consider an internal network where users connect to an internal OpenVPN
> server and this server
On Mon, Aug 14, 2023 at 6:25 PM, Bruno Tréguier via Openvpn-users
wrote: Hello,
Le 14/08/2023 à 15:59, Jason Long via Openvpn-users a écrit :
> Hi,
> Thank you so much.
> But I am sure that in a real environment such a scenario can also exist.
> Consider an internal network where users connect
Hi,
Howto is here:
https://community.openvpn.net/openvpn/wiki/HOWTO
wkr
Pippin
--- Original Message ---
On Monday, August 14th, 2023 at 23:11, Jason Long via Openvpn-users
wrote:
> On Mon, Aug 14, 2023 at 11:47 PM, tincantech
>
>> wrote:
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash:
On Mon, Aug 14, 2023 at 11:47 PM, tincantech
wrote: -BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
--- Original Message ---
On Monday, August 14th, 2023 at 20:49, Jason Long wrote:
> On Mon, Aug 14, 2023 at 5:16 PM, tincantech
>
> > wrote:
> >
> > Hello,
> > Thank you so
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
--- Original Message ---
On Monday, August 14th, 2023 at 20:49, Jason Long wrote:
> On Mon, Aug 14, 2023 at 5:16 PM, tincantech
>
> > wrote:
> >
> > Hello,
> > Thank you so much for your help.
> > I take a loot at
> >
On Mon, Aug 14, 2023 at 5:16 PM, tincantech
wrote: -BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Sent with Proton Mail secure email.
--- Original Message ---
On Monday, August 14th, 2023 at 14:13, Jason Long via Openvpn-users
wrote:
> Hello,
> To increase the security of
Hi,
On Mon, Aug 14, 2023 at 01:59:32PM +, Jason Long wrote:
> But I am sure that in a real environment such a scenario can also exist.
> Consider an internal network where users connect to an internal OpenVPN
> server and this server has several NICs with different IP addresses that are
>
Hello,
Le 14/08/2023 à 15:59, Jason Long via Openvpn-users a écrit :
Hi,
Thank you so much.
But I am sure that in a real environment such a scenario can also exist.
Consider an internal network where users connect to an internal OpenVPN server
and this server has several NICs with different IP
Hi,
On Mon, Aug 14, 2023 at 10:51:41AM +, Jason Long wrote:
> So, my iptables rules are OK and my problem is just my test environment.
> If someone really has such an environment, then what is the solution?
Build a proper test environment... whatever you have at hand, either
wire an OpenWRT
* Lev Stipakov :
> I checked the logs you've sent to me in private and data channel
> params are identical in both dco and non-dco cases.
Ah thanks for the feedback (and to all the others: The logs were
huge, that's why I sent them in private)
> It would be nice to get the logs from the driver
I checked the logs you've sent to me in private and data channel
params are identical in both dco and non-dco cases.
It would be nice to get the logs from the driver when you get admin
access to the Windows machine.
Also would be interesting to know if this is reproducible on more than
one
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Sent with Proton Mail secure email.
--- Original Message ---
On Monday, August 14th, 2023 at 14:13, Jason Long via Openvpn-users
wrote:
> Hello,
> To increase the security of OpenVPN, I want to use the ccd-exclusive.
Hello,
To increase the security of OpenVPN, I want to use the ccd-exclusive. I googled
it, but I could not find a good example. I just found the following question:
https://serverfault.com/questions/877201/limit-access-to-remote-server-via-particular-vpn
But, I really don't know what to do.
I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
Sent with Proton Mail secure email.
--- Original Message ---
On Monday, August 14th, 2023 at 11:51, Jason Long wrote:
> Hi,
>
> On Mon, Aug 14, 2023 at 10:13:48AM +, Jason Long wrote:
>
> If someone really has such an
Hi,
On Mon, Aug 14, 2023 at 10:51:41AM +, Jason Long wrote:
> So, my iptables rules are OK and my problem is just my test environment.
> If someone really has such an environment, then what is the solution?
Build a proper test environment... whatever you have at hand, either
wire an
Hi,
> Attached are the verb 4 logs from the client
> mssfix 1400 makes no difference, though
Sadly I could not find anything wrong there. Could you try with verb 6
please? And if possible the same with --disable-dco.
> > Does it reproduce on different client machines?
>
> Not sure yet.
By the
> > Once I switch the 2.6.5 windows client (with DCO) to UDP mode, we
> > still have fast downstream (measured on the client, 644Mbit/s) but
> > only 0.76Mbit/s upstream.
>
> Interesting. We haven't seen this before.
Thought so,
> > So it's some sort of DCO issue -- but only with UDP. Any ideas
Hi,
On Mon, Aug 14, 2023 at 10:13:48AM +, Jason Long wrote:
> And because my client does not have direct access to IP "20.1.1.20", then it
> showed me that error. If my client connected to the OpenVPN server directly,
> then I should not have such a problem. Am I right?
>You need to get
Hi,
> Once I switch the 2.6.5 windows client (with DCO) to UDP mode, we
> still have fast downstream (measured on the client, 644Mbit/s) but
> only 0.76Mbit/s upstream.
Interesting. We haven't seen this before.
> So it's some sort of DCO issue -- but only with UDP. Any ideas how we
> could
Hi,
On Mon, Aug 14, 2023 at 10:13:48AM +, Jason Long wrote:
> And because my client does not have direct access to IP "20.1.1.20", then it
> showed me that error. If my client connected to the OpenVPN server directly,
> then I should not have such a problem. Am I right?
You need to get
We have a setup with the server having no dco, but some clients do
have 2.6.5 and thus DCO enabled. Works like a charm in TCP mode
(upstream/downstream both high bandwidth).
Once I switch the 2.6.5 windows client (with DCO) to UDP mode, we
still have fast downstream (measured on the client,
Hi,
On Mon, Aug 14, 2023 at 08:23:51AM +, Jason Long wrote:
> Mon Aug 14 12:52:03 2023 read UDPv4: Connection reset by peer (WSAECONNRESET)
> (fd=ec,code=10054)
"connection reset by peer" can mean a few things - "the server process
is not running", "there is an iptables rule that is not
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
Sent with Proton Mail secure email.
--- Original Message ---
On Monday, August 14th, 2023 at 09:23, Jason Long via Openvpn-users
wrote:
>
> Mon Aug 14 12:52:03 2023 read UDPv4: Connection reset by peer (WSAECONNRESET)
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
Sent with Proton Mail secure email.
--- Original Message ---
On Monday, August 14th, 2023 at 09:23, Jason Long via Openvpn-users
wrote:
>
> Mon Aug 14 12:52:03 2023 read UDPv4: Connection reset by peer (WSAECONNRESET)
>
On 13/08/2023 10:58, Martin wrote:
On 2023-08-13 08:52, Gert Doering wrote:
Run the client with --verb 3 or 4, have a close look at the logfile.
If there is nothing obvious to you, show us the log.
/var/log/openvpn/ is empty.
Probably I need to use journalctl ?
If the server runs 2.3.10
Hi,
On Mon, Aug 14, 2023 at 06:33:52AM +, Jason Long wrote:
> Why without the local statement my OpenVPN worked?
As I explained weeks ago, the combination of "port" + "local IP" needs
to be unique. So if you have only one OpenVPN process listening on
one port, you do not need to force the
(original message with the table in attachment is pending approval of a
moderator)
On 11/08/2023 12:12, Jan Just Keijser wrote:
hi all,
interesting read:
"Bypassing Tunnels: Leaking VPN Client Traffic by Abusing Routing
Tables"
https://papers.mathyvanhoef.com/usenix2023-tunnelcrack.pdf
Hi,
On Mon, Aug 14, 2023 at 06:33:52AM +, Jason Long wrote:
> Why without the local statement my OpenVPN worked?
As I explained weeks ago, the combination of "port" + "local IP" needs
to be unique. So if you have only one OpenVPN process listening on
one port, you do not need to force the
Hi,
On Sun, Aug 13, 2023 at 08:55:21PM +, Jason Long via Openvpn-users wrote:
> Hello,Is the local statement only for physical NICs or does it work for
> virtual NICs as well?
As I wrote like 2 weeks ago, this is *all* about IP addresses, not about
NICs.
>As a consequence, it does not
32 matches
Mail list logo
