Re: [Openvpn-users] openvpn dns resolution on osx

Hi, On Mon, Jun 7, 2021 at 7:36 PM Noah wrote: > > Hi there, > > I am running osx 10.15.7 and installed the openvpn v3.2.7 client. > > Has anybody documented a decent way to be able to resolve hosts that are > reachable by the VPN. We have resolvers at the site I can get > resolution from when u

Re: [Openvpn-users] Strange problem: I'm disconnected after ~100s

Hi, On Mon, Aug 3, 2020 at 9:53 AM Gert Doering wrote: > > Hi, > > On Mon, Aug 03, 2020 at 02:30:54PM +0200, Thierry Fournier wrote: > > Anyone has an idea ? > > Without log, I never have ideas... put "verb 3" or "verb 4" into > the client config and see what it says. Tunnelblick has a button t

Re: [Openvpn-users] OpenVPN with OSPF there is no proper guide or support

Hi, On Wed, Apr 29, 2020 at 3:43 AM Gert Doering wrote: > > Hi, > > On Wed, Apr 29, 2020 at 09:03:20AM +0200, free...@tango.lu wrote: > > Ok so after a bit of research and finding half baked articles such as: > > https://superuser.com/questions/1283125/proper-configuration-for-quagga-ospf-on-an-o

Re: [Openvpn-users] [ext] Re: OpenVPN GUI 11

Hi, On Thu, Apr 16, 2020 at 8:25 AM Ralf Hildebrandt wrote: > > * Jonathan K. Bullard : > > > Just for the record, the best way to install configurations in > > Tunnelblick is to drag the configuration(s) and drop them on the > > Tunnelblick icon in the menu bar. The u

Re: [Openvpn-users] OpenVPN GUI 11

Hi, On Wed, Apr 15, 2020 at 10:19 AM Colin Ryan wrote: > > Folks, > > Per a previous email (and thanks for the help), I've been playing around > with the 11 GUI. > > > One thing that has come up is wondering if there is anyway to generate a > situation where if a user is presented a complete (i.e

Re: [Openvpn-users] [Openvpn-devel] Removing --disable-server option from OpenVPN

Oops. On Wed, Sep 18, 2019 at 6:54 AM Jonathan K. Bullard wrote: > > Hi, > > On Wed, Sep 18, 2019 at 6:38 AM Samuli Seppänen wrote: > > > > Hi, > > > > We are considering removing the --disable-server option from OpenVPN in 2.5. > > > > Do you u

Re: [Openvpn-users] [Openvpn-devel] Removing --disable-server option from OpenVPN

Hi, On Wed, Sep 18, 2019 at 6:38 AM Samuli Seppänen wrote: > > Hi, > > We are considering removing the --disable-server option from OpenVPN in 2.5. > > Do you use (and need) it, or know of somebody using (and needing) it? As far as I know, it is not used by any Tunnelblick users. Also, note tha

Re: [Openvpn-users] iOS client, redirection of all VPN traffic not working (OpenVPN 2.4.6 on FreeBSD)

Hi, On Mon, Mar 4, 2019 at 5:38 PM Sebastian Wolfgarten wrote: > > Hi, > > I am trying to redirect all VPN traffic such that it goes through OpenVPN. > Authentications works fine, client can connect to the VPN. > > However my client IP remains unchanged (e.g. when checking it with > www.ipinfo.

Re: [Openvpn-users] Expired GnuPG key?

Hi, David. On Mon, Oct 1, 2018 at 8:59 AM David Sommerseth wrote: > > On 30/09/18 23:14, Jonathan K. Bullard wrote: > > I downloaded openvpn-2.4.6.tar.gz and the associated GnuPG signature, > > but the signing key seems to have expired before it was signed: > > >

[Openvpn-users] Expired GnuPG key?

I downloaded openvpn-2.4.6.tar.gz and the associated GnuPG signature, but the signing key seems to have expired before it was signed: $gpg2 -v --verify openvpn-2.4.6.tar.gz.asc gpg: assuming signed data in '/***/openvpn-2.4.6.tar.gz' gpg: Signature made Tue Apr 24 03:14:52 2018 EDT gpg:

Re: [Openvpn-users] Challenge/response questions

Wed, Jun 27, 2018 at 5:56 PM, Jonathan K. Bullard > wrote: >> >> Hi. >> >> I'm hoping to implement challenge/response ("CR") in Tunnelblick (GUI >> for OpenVPN on macOS) and have some questions after reading the >> documentation [1]; >> &g

Re: [Openvpn-users] Challenge/response questions

Hi, David. Thanks for all the info. Very helpful. On Thu, Jun 28, 2018 at 5:21 AM, David Sommerseth wrote: > On 27/06/18 23:56, Jonathan K. Bullard wrote: >> Hi. >> >> I'm hoping to implement challenge/response ("CR") in Tunnelblick (GUI >> for OpenV

[Openvpn-users] Challenge/response questions

Hi. I'm hoping to implement challenge/response ("CR") in Tunnelblick (GUI for OpenVPN on macOS) and have some questions after reading the documentation [1]; 1. In Dynamic CR, does requiring a response mean that a non-empty response is required? 2. In Dynamic CR, what is the purpose of _not_ requ

Re: [Openvpn-users] what is best practice of location detection ?

HI, On Thu, Feb 15, 2018 at 10:46 PM, Selva Nair wrote: > Hi, > > On Tue, Feb 13, 2018 at 4:04 PM, David Sommerseth > wrote: >> On 13/02/18 17:21, Илья Шипицин wrote: >>> personally, I would like something like "preconnect script" which will check >>> something and decide "we are in a place, whe

Re: [Openvpn-users] what is best practice of location detection ?

Hi, On Thu, Feb 15, 2018 at 10:43 PM, Selva Nair wrote: > The Windows GUI already supports a preconnect script. It waits on the > script for a user defined timeout seconds and abort the connection if > the script fails. Tunnelblick (GUI for macOS) also has "pre-connect" scripts; the connection a

Re: [Openvpn-users] [Openvpn-devel] Follow up on sending messages to the GUI

Hi, On Thu, Nov 30, 2017 at 10:26 PM, Selva Nair wrote: > Hi Jon, > > On Thu, Nov 30, 2017 at 8:41 PM, Jonathan K. Bullard > wrote: > >> Thanks, Selva, >> >> On Wed, Nov 29, 2017 at 9:03 PM, Selva Nair wrote: >> > >> > I have made a draf

Re: [Openvpn-users] [Openvpn-devel] Follow up on sending messages to the GUI

Thanks, Selva, On Wed, Nov 29, 2017 at 9:03 PM, Selva Nair wrote: > > I have made a draft implementation of this feature that was discussed in a > previous thread. A test executable (GUI only) is in this pre-release: > > https://github.com/selvanair/openvpn-gui/releases/tag/v11-echo-msg > > Als

Re: [Openvpn-users] Management interface "echo" command standardization

Hi, On Mon, Nov 27, 2017 at 2:23 AM, Steven Haigh wrote: > On 2017-11-27 05:06, Selva Nair wrote: >> >> On Sun, Nov 26, 2017 at 10:49 AM, Jonathan K. Bullard >> wrote: >>> >>> >>> This: >>> >>> echo "msg This message"

[Openvpn-users] Fwd: Management interface "echo" command standardization

Hi, On Sun, Nov 26, 2017 at 1:06 PM, Selva Nair wrote: > Hi, > > On Sun, Nov 26, 2017 at 10:49 AM, Jonathan K. Bullard > wrote: >> >> Hi. (Top posting without quoting because I'm not reacting to specific >> comments.) >> >> I think Selva'

Re: [Openvpn-users] Management interface "echo" command standardization

Hi. (Top posting without quoting because I'm not reacting to specific comments.) I think Selva's approach of separate commands instead of separate fields in a single command is better for several reasons and withdraw my earlier proposal. How about (1) the ability to append messages to each other,

Re: [Openvpn-users] Management interface "echo" command standardization

Hi, On Sat, Nov 25, 2017 at 2:21 PM, Gert Doering wrote: > I missed something in your list, which *I* would like to see for > my users - a way to send a message to the GUI to display in a popup > window, intended for the users to see. > > Examples could be stuff like > > "you are using a server

Re: [Openvpn-users] Management interface "echo" command standardization

ome > changes I've been working on. I refer to the client openvpn process > as the daemon or client daemon and the UI as Windows GUI or GUI. > > On Sat, Nov 25, 2017 at 10:24 AM, Jonathan K. Bullard > wrote: >> QUESTIONS ABOUT THE OPENVPN WINDOWS GUI: >> >>

[Openvpn-users] Management interface "echo" command standardization

Inspired by a thread [1] about sending a message from the server to the client's GUI (and then displaying it to the user), I would like to discuss standardizing the management interface's "echo" commands. It would be nice if the OpenVPN Windows GUI, Tunnelblick, and other GUIs implemented the comma

Re: [Openvpn-users] Displaying messages to users by means of the GUI?

This thread has gotten away from its original subject: having the GUI display messages to the user. To summarize: 1. Static messages could be displayed by a "pre" script as Selva suggested, but that wouldn't be very portable. (Off the top of my head, on macOS I would have such a script use Ap

Re: [Openvpn-users] Displaying messages to users by means of the GUI?

HI, Selva, and thanks for your input. On Mon, Nov 20, 2017 at 7:17 PM, Selva wrote: > Hi Jon, > >> >> Does the Windows GUI do anything with these "echo" parameters? > > > Very recently we added support for two echo "directives": > 'echo forget-passwords' and 'echo save-passwords': we use these as

Re: [Openvpn-users] Displaying messages to users by means of the GUI?

Hi, On Mon, Nov 20, 2017 at 10:16 AM, Ralf Hildebrandt wrote: > My users primarily user Windows (OpenVPN-GUI), Tunnelblick. We do have > some Linux users (mainyly using NetworkManager) and even 4 ChromeOS > users. > > Is there any way for me to display informational messages on the > users's comp

Re: [Openvpn-users] migrating from lzo to lz4

Hi, On Thu, Nov 16, 2017 at 5:45 AM, Ralf Hildebrandt wrote: > * Jan Just Keijser : > >> yes, pretty much: all clients that have 'comp-lzo' in the client config and >> that support LZ4 can be told to use LZ4 compression by adding >> push "compress lz4" >> in the server config. > > I have a mix

Re: [Openvpn-users] openvpn 2.4.3 and libressl 2.5 *only*?

On Tue, Jul 4, 2017 at 3:11 AM, Harald Dunkel wrote: > Hi folks, > > Maybe I was too blind to see, but I'd love to get a tunnel- > blick with the most recent openvpn 2.4.3 and libressl 2.5 > included *only*. > > Having several choices here (and using the out-of-date > versions by default) appears

Re: [Openvpn-users] Question about tls-crypt and port 443 firewall ducking

Hi. On Mon, Dec 19, 2016 at 7:10 PM, Kevin Long wrote: > I was just browsing the Mastering OpenVPN book and a paragraph jumped out at > me which basically said that using OpenVPN on port 443 is a common way people > try to duck firewalls. Indeed, this is what I do. My clients are all over >

Re: [Openvpn-users] Launching OpenVPN-GUI automatically on user login?

On Wed, Nov 30, 2016 at 10:14 AM, Selva Nair wrote: > Yes, no auto-connect, just the launch the GUI on login and stay as a tray > application. > > To toggle this click the checkbox at: GUI settings->General->Launch on > Windows startup (or its translated string) -- though it says "Windows > sta

Re: [Openvpn-users] standalone/pure openvpn binary for Macs?

On Thu, Nov 24, 2016 at 7:30 PM, Jason Haar wrote: > > On Fri, Nov 25, 2016 at 11:48 AM, Mathias Jeschke > wrote: >> >> Why not run the openvpn binary that comes with Tunnelblick? > > > Wow - I have no idea how I missed that! Thanks for spelling out the bleeding > obvious to me - I must be gettin

Re: [Openvpn-users] options error: option 'setenv' cannot be used in this context ([PUSH-OPTIONS])

Hi. On Tue, Oct 25, 2016 at 11:53 AM, Selva Nair wrote: > Agreed, a way of having some unrecognized push options not tagged as an > error could be useful. If editing the client config is an option you can add > > pull-filter ignore block-outside-dns > pull-filter ignore register-dns > > That will

[Openvpn-users] Fwd: openvpnstart returned with status #226

Sorry, forgot to cc: the mailing list. -- Forwarded message -- From: Jonathan K. Bullard Date: Wed, Jul 20, 2016 at 10:09 AM Subject: Re: [Openvpn-users] openvpnstart returned with status #226 To: Chengyu Fan See Tunnelblick's An OpenVPN log entry says "T

Re: [Openvpn-users] Fwd: "Safe" configurations for installation without admin privileges?

(Gert replied to me privately because I (in error) sent privately to him. I have his permission to share his reply with the group, and am including my response.) On Thu, Dec 10, 2015 at 9:24 AM, Gert Doering wrote: > Mmmh. Seems I will have to figure out how .tblk works, and how to generate > th

[Openvpn-users] Fwd: Fwd: "Safe" configurations for installation without admin privileges?

Sorry, forgot cc: again. Arrgghh. -- Forwarded message -- From: Jonathan K. Bullard Date: Thu, Dec 10, 2015 at 9:01 AM Subject: Re: [Openvpn-users] Fwd: "Safe" configurations for installation without admin privileges? To: Gert Doering On Thu, Dec 10, 2015 at 8:2

Re: [Openvpn-users] Fwd: "Safe" configurations for installation without admin privileges?

Thanks, Gert and JJK, and thanks again, Selva. Gert's original wish was to have the user replace expiring certificates without admin authorization (I expanded it enormously), so perhaps it should be limited it to do only that: allow users to change certain files that are referred to in an existing

Re: [Openvpn-users] "Safe" configurations for installation without admin privileges?

On Wed, Dec 9, 2015 at 7:26 PM, wrote: > I am curious to know: > > 1. Do you mean "installation of OpenVPN app to the host system" > without "admin/root" privs .? No. > 2. Do you mean "configure the Tap/Tun network device" > without "admin/root" privs .? Not sure what you mean. Tunnelblick ca

[Openvpn-users] Fwd: "Safe" configurations for installation without admin privileges?

Sorry, forgot to cc: the list. -- Forwarded message -- From: Jonathan K. Bullard Date: Wed, Dec 9, 2015 at 9:00 PM Subject: Re: [Openvpn-users] "Safe" configurations for installation without admin privileges? To: Selva Nair Thanks. Comments below, but tldr; I don&

[Openvpn-users] "Safe" configurations for installation without admin privileges?

Inspired by Gert Doering (but don't blame him for any of my bad ideas : ), I'm considering adding a feature to Tunnelblick (a FOSS GUI for OpenVPN on OS X) that would allow a standard user on a Mac to install "safe" OpenVPN client configurations without requiring administrator credentials. This wou

Re: [Openvpn-users] DNS over VPN except vpnserver domain

On Mon, Aug 31, 2015 at 9:10 AM, Martin Lund wrote: > Hello All, > > I was thinking on how to solve this problem because starts to get > annoying. I have my linux machine connecting through openvpn with a script. > > After connecting my script replaces the dns servers in /etc/resolv.conf > with O

Re: [Openvpn-users] New OpenSSL release later today

New Tunnelblick releases with the updated OpenSSL versions will be available later today or tomorrow. On Thu, Jul 9, 2015 at 11:19 AM, Simon Deziel wrote: > On 07/09/2015 11:15 AM, Jan Just Keijser wrote: > > Hi, > > > > Simon Deziel wrote: > >> Hi *, > >> > >> So it seems that will require new

Re: [Openvpn-users] Unable to establish VPN

Tunnelblick 3.5.0 is statically linked with OpenSSL 1.0.1m and LZO 2.08, as can be seen in the OpenVPN log message: OpenVPN 2.3.6 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Apr 15 2015 library versions: OpenSSL 1.0.1m 19 Mar 2015, LZO 2.08 On Fri, Apr 17,

Re: [Openvpn-users] Unable to establish VPN

Probably nothing to do with your problem, but because Tunnelblick's copies of OpenVPN are statically linked with their own copy of the OpenSSL libraries, to get the ciphers you must use a command like: $ cd /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.6 $ ./openvpn --show-

[Openvpn-users] The Cryptographic Doom Principle

I just noticed an old (December 2011) blog post by Moxie Marlinspike, The Cryptographic Doom Principle mentioned recently on Hacker News , and wondered how the OpenVPN protocol works: in particular,

Re: [Openvpn-users] openvpn 2.3.6 on Mac OS

On Fri, Dec 19, 2014 at 7:34 AM, Jan Just Keijser wrote: > Actually, he's running the Tunnelblick version of OpenVPN; the actual > command line used was > /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.6/openvpn > config.ovpn > > (I'm not sure whether the --config was missing

Re: [Openvpn-users] openvpn 2.3.6 on Mac OS

On Fri, Dec 19, 2014 at 6:28 AM, Jan Just Keijser wrote: > > hi all, > > one of my colleagues is running into a strange problem with openvpn > 2.3.6 on Mac OS: > the routes pushed by the server all are rejected with the message > >option 'route' cannot be used in this context ([PUSH-OPTIONS])

Re: [Openvpn-users] --redirect-gateway and IPv6

Hi. On Sat, Oct 25, 2014 at 3:24 PM, Gert Doering wrote: > > Hi, > > On Sat, Oct 25, 2014 at 03:12:18PM -0400, Jonathan K. Bullard wrote: > > On my client, "--redirect-gateway def1" adds a pair of IPv4 routes that > > direct all IPv4 addresses to the VPN. > &

[Openvpn-users] --redirect-gateway and IPv6

On my client, "--redirect-gateway def1" adds a pair of IPv4 routes that direct all IPv4 addresses to the VPN. If a program sends packets to an IPv6 address in that situation, will the IPv6 traffic sent to the VPN? If not, is there a way to force that? Thanks. -

[Openvpn-users] Is 2.2.1 non-Windows "safe"?

In an article [1], OpenVPN developer Gert Doering is quoted as saying: "What you want to do from OpenVPN’s point of view is to ensure that you’re not using a 2.2.x version anymore, *and* that you just do not run your scripts using bash" Is there a problem with 2.2.1 generally, or just with the Wi

Re: [Openvpn-users] macox dns help for a novice?

On Wed, Sep 3, 2014 at 8:37 AM, Gert Doering wrote: > > On Wed, Sep 03, 2014 at 06:41:17PM +1200, Jason Haar wrote: > > Anyway, has anyone out there found out how to do this and is willing to > > share? :-) > > I have no direct answer, but maybe using Tunnelblick instead of "raw > openvpn" would ju

Re: [Openvpn-users] Where are the 2.3.3 sources?

guy that are (primarily) responsible for > the swupdate server. > > Samuli > > > > Enviat des del meu telèfon intel·ligent BlackBerry 10. >*De: *Jonathan K. Bullard > *Enviat: *dijous 10 d’abril de 2014 13.23 > *Per a: *Robo Burned > *A/c: *Timothe Litt; ope

Re: [Openvpn-users] Where are the 2.3.3 sources?

I have the same problem -- that the 2.3.3 .tar.gz gives a "404 not found". I can get the .zip and both of the GPG signatures, and everything else on the page. It is only the 2.3.3 .tar.gz that gets a 404. I am located in Connecticut, USA; my ISP is Cablevision. On Thu, Apr 10, 2014 at 5:13 AM, Ro

Re: [Openvpn-users] Bug in easy-rsa vars script?

On Wed, Nov 13, 2013 at 3:24 AM, Sebastian Arcus wrote: > According to internet posts, this bug seems to have been lurking around > for a while. Strangely, last time I used the easy-rsa scripts (maybe > about a year ago), everything seemed fine. > > The "vars" script contains the following line:

Re: [Openvpn-users] Linux clients connect OK but not Mac or Windows

In my experience, this error is sometimes due to invisible "garbage" characters in the file. A more recent version of Tunnelblick (3.3beta21b or 3.3beta54) might provide more detailed error messages, particularly if you tell Tunnelblick to use a later version of OpenVPN. Oh, and look in the Consol