On 5/3/2024 6:13 PM, Gert Doering wrote:
Hi,
On Fri, May 03, 2024 at 04:25:29PM -0400, mike tancsa wrote:
Is there any more information about this somewhere ?
https://www.blackhat.com/us-24/briefings/schedule/#ovpnx--zero-days-leading-to-rce-lpe-and-kce-via-byovd-affecting-millions-of-openvpn
Is there any more information about this somewhere ?
https://www.blackhat.com/us-24/briefings/schedule/#ovpnx--zero-days-leading-to-rce-lpe-and-kce-via-byovd-affecting-millions-of-openvpn-endpoints-across-the-globe-38900
---Mike
___
Openvpn-us
On 2/13/2024 1:13 PM, Peter Davis via Openvpn-users wrote:
Hello,
1- Is there a way to report when clients connect and disconnect?
2- Is it possible to notify the connection of a specific client to the
server through email?
On the server, you can use the client-connect/disconnect config. Just
On 2/13/2024 1:37 PM, Peter Davis wrote:
> On Tuesday, February 13th, 2024 at 9:58 PM, mike tancsa
wrote:
On 2/13/2024 1:13 PM, Peter Davis via Openvpn-users wrote:
Hello,
1- Is there a way to report when clients connect and disconnect?
2- Is it possible to notify the connection o
On 10/3/2023 6:15 PM, Selva Nair wrote:
With that order the key won't match the certificate and the server
should not even start. Looks like your cross-signed certificate has
the server's public key -- it should have the new CA's public key
signed by the old CA. What error do you get on old cl
On 10/2/2023 3:59 PM, Selva Nair wrote:
On Mon, Oct 2, 2023 at 3:00 PM mike tancsa wrote:
I am in a position where I want to start migrating users away from my
old CA which will expire in the medium term future to a new CA. I
have
many endpoint and cant just "OK, eve
On 10/2/2023 4:42 PM, Jochen Bern wrote:
On 02.10.23 22:21, mike tancsa wrote:
If I have to go for option A (Stacked CAs on all
clients, stacked CAs on the server then update the server), is there
a downside with leaving an expired CA cert on all the clients ? Or
can they just be left there
On 10/2/2023 3:59 PM, Selva Nair wrote:
If you can afford two rounds of client config updates, this could be
done without step 3 -- see the following thread from users list:
https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg05983.html
Essentially, update to the stacked
I am in a position where I want to start migrating users away from my
old CA which will expire in the medium term future to a new CA. I have
many endpoint and cant just "OK, everyone download a new files now."
So I am looking at the steps in
https://www.hexonet.net/blog/migrating-new-ca-for
On 11/16/2021 3:53 PM, tincantech wrote:
> So try adding those two lines after push-reset:
push-reset also deletes --topology ..
The accurate solution is --push-remove
Thanks very much! I was looking for options like that in the help output
but didnt see it. It indeed works as expected
%
On 11/16/2021 3:43 PM, Selva Nair wrote:
"keepalive 5 30" on server leads to
push "ping 5"
push "ping-restart 30"
Thanks that works exactly as I had hoped!
---Mike
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://l
Hi all,
I have a number of vpn endpoints where I push a set of routes
through the server's config. I now need to make an exception for one
such client. As its in the field, I have no easy way of changing the
remote config. Is there a way where I can cancel a route push through
the ccd f
Hi All,
Has anyone had a chance to look at the latest OpenSSL sec issue and
if and how it might impact OpenVPN ?
https://www.openssl.org/news/secadv/20210824.txt
I always get a little worried with it involves x509 processing
---Mike
___
Ope
Hi,
Thanks, I finally got around to testing this with the current
version of OpenVPN from git and it works great on my
Aladin/SafeNet/Gemalto/Thales token (model 510x)
Would be great if this was part of the default build/distribution.
I can now get TLS1.3 working using the pkcs11 interface.
On 4/21/2021 12:05 PM, Selva Nair wrote:
> I think that patch is still not applied upstream. I tested softhsm
> using your instructions and it works for TlS 1.3 and PSS -- softhsm2
> gets request to sign pre-padded PSS data as Raw RSA and it seems to
> handle that.
>
> I can understand some hardwar
On 4/14/2021 8:23 PM, Selva Nair wrote:
>
> You can restrict TLS version using th eoption --tls-version-min in
> OpenVPN config file, but restricting to TLS 1.2 is not enough with
> OpenSSL 1.1.1. It defaults to PSS for both TLS 1.2 and 1.3.
>
> Rather than building your own OpenSSL, a much simp
adding with the server[1], but why not use cryptoapi as it works?
>
> Selva
>
> [1] https://community.openvpn.net/openvpn/ticket/1296#comment:12
> <https://community.openvpn.net/openvpn/ticket/1296#comment:12>
>
> On Wed, Apr 14, 2021 at 6:03 PM mike tancsa <mailto:m.
Trying out a newer version of OpenVPN community edition (latest from the
website) on windows 10 and running into problems with a config that
works from 2.4.7. If I use the token with OpenVPN 2.4.7 it works as
expected. On 2.5.1, I get a series of errors when using the pkcs11
method. The token wor
Hi folks,
Will the sec issue with OpenSSL force a new release of OpenVPN ?
https://www.openssl.org/news/secadv/20200421.txt
---Mike
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/list
On 3/31/2015 10:30 AM, Mike Tancsa wrote:
> On 3/31/2015 10:23 AM, Gert Doering wrote:
>> Hi,
>>
>> On Tue, Mar 31, 2015 at 09:39:46AM -0400, Mike Tancsa wrote:
>>> I am not able to reproduce this.
>>
>> You need to use --daemon to make openvpn fork(). Ot
On 3/31/2015 10:23 AM, Gert Doering wrote:
> Hi,
>
> On Tue, Mar 31, 2015 at 09:39:46AM -0400, Mike Tancsa wrote:
>> I am not able to reproduce this.
>
> You need to use --daemon to make openvpn fork(). Otherwise, it will
> "just work", but after forking, t
to be done to openssl ?
# openssl engine
(cryptodev) BSD cryptodev engine
(rsax) RSAX engine support
(rdrand) Intel RDRAND engine
(dynamic) Dynamic engine loading support
I had a client connect and disconnect and was able to pass traffic
across the tunnel
---Mike
--
---
Has anyone had a chance to look at the impact of the latest OpenSSL
security issues ?
https://www.openssl.org/news/secadv_20150319.txt
---Mike
--
---
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing Internet services since 1994
On 6/30/2014 4:16 PM, Jan Just Keijser wrote:
> Yep I did.
> Your biggest problem is the Safenet driver for Mac OS X (esp 10.9+)
Thanks Jan, What version of the Safenet stuff are you using ?
---Mike
--
---
Mike Tancsa, tel +1 519 651 3400
Sentex Communicati
Has anyone got OpenVPN to work with Aladin/Safenet Java eTokens on a MAC?
---Mike
--
---
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada http://www.tancsa.com
Can you post some stats about how many requests it took on average to
get the key ? e.g. how many bytes sent at the server, how many bytes
back and how many total packets would be helpful.
---Mike
--
---
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m..
rent instances.
---Mike
--
-------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada http://www.tancsa.com/
--
> Openvpn-devel mailing list
>> openvpn-de...@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/openvpn-devel
>>
>
> --
> Get your SQL database under version control now!
>
28 matches
Mail list logo
