On 19.08.23 15:04, Jason Long wrote:
I asked:
"If CN's name is Server, then I must change the ccd directory to
Server? Am I right?"
Answer:
"If that's what the Subject CN of the cert you want to use as a
client cert says, then yes, that's it. Of course, looking at a
file "ca.crt" and seeing a
On 19.08.23 10:02, Bo Berglund wrote:
> On Sat, 19 Aug 2023 07:03:01 + (UTC), Jason Long via Openvpn-users
> wrote:
>> I have another questions:
>> 1- I checked the "Subject" of the ca.crt file and my CN name is "Server".
>> Now,
>> I must change the "ccd" directory to "Server", but how ab
On 19.08.23 10:02, Bo Berglund wrote:
On Sat, 19 Aug 2023 07:03:01 + (UTC), Jason Long via Openvpn-users
wrote:
I have another questions:
1- I checked the "Subject" of the ca.crt file and my CN name is "Server". Now,
I must change the "ccd" directory to "Server", but how about the file n
On Sat, 19 Aug 2023 07:03:01 + (UTC), Jason Long via Openvpn-users
wrote:
>Hello,
>I have another questions:
>
>1- I checked the "Subject" of the ca.crt file and my CN name is "Server". Now,
>I must change the "ccd" directory to "Server", but how about the file name
>under the "Server" dire
> On 18.08.23 21:22, Jason Long wrote:
> 1- In the round-robin mechanism, we can use the same keys for our
> servers, but each client uses its own key.
>You *can* do that, yes.
>Since you apparently don't provide clients with a CRL or any other means
>to have server certs revoked, I guess it
On 18.08.23 21:22, Jason Long wrote:
1- In the round-robin mechanism, we can use the same keys for our
servers, but each client uses its own key.
You *can* do that, yes.
Since you apparently don't provide clients with a CRL or any other means
to have server certs revoked, I guess it doesn'
On Fri, Aug 18, 2023 at 7:51 PM, Jochen Bern
wrote: On 18.08.23 16:31, Jason Long wrote:
> 1- So, if we have multiple servers, then it is >better that the servers
> have the same key, but each client has its >own key. Am I right?
>No.
>I said that *if* you want your clients to be able >to
On 18.08.23 16:31, Jason Long wrote:
1- So, if we have multiple servers, then it is better that the servers
have the same key, but each client has its own key. Am I right?
No.
I said that *if* you want your clients to be able to replace one server
with another dynamically, it may be a vali
On Thu, Aug 17, 2023 at 5:32 PM, Jochen Bern
wrote: >On 17.08.23 14:12, Jason Long wrote:
> It is even better if each server has its own >separate keys.
>You didn't mention setting up multiple servers >yet IIRC, but yes, same
>best practice there ... in principle.
>However, if you plan to ins
Hi,
On Wed, Aug 16, 2023 at 10:23:40AM +, Jason Long wrote:
> enp0s8: flags=4163 mtu 1500
> inet 192.168.1.20 netmask 255.255.255.0 broadcast 192.168.1.255
>
> So, what is the right IP for the following statement?
>
> route 192.168.1.0 255.255.255.0
What do you want to *achieve*
On Thu, 17 Aug 2023 12:12:13 + (UTC), Jason Long via Openvpn-users
wrote:
>Hello Jochen,Thanks again.
>Your words are true and I had asked such a question before. It is even better
>if each server has its own separate keys. If the clients all use the same
>keys, then we can block any client
On Thu, 17 Aug 2023 12:17:06 + (UTC), Jason Long via Openvpn-users
wrote:
>>1- What is the difference between >/etc/openvpn and /etc/openvpn/server
>>>directories?
>> I put my server.conf file in the /etc/openvpn >directory and it worked.
>
>>You are running an *old* version of OpenVPN! >Th
On 17.08.23 14:12, Jason Long wrote:
It is even better if each server has its own separate keys.
You didn't mention setting up multiple servers yet IIRC, but yes, same
best practice there ... in principle.
However, if you plan to instruct the clients to contact "*any* of
servers you find av
On Thu, Aug 17, 2023 at 8:24 AM, Bo Berglund
wrote:On Wed, 16 Aug 2023 21:28:29 + (UTC), Jason
Long via Openvpn-users
wrote:
>Hi Jochen,Thank you for your advice about the >How-to articles.Can you answer
>my questions?
>1- What is the difference between >/etc/openvpn and /etc/openvpn/serv
On Thu, Aug 17, 2023 at 1:52 AM, Jochen Bern
wrote: On 16.08.23 23:28, Jason Long wrote:
> 1- What is the difference between /etc/openvpn and /etc/openvpn/server
> directories?
>The systemd "unit files" that define the >templates for the services you
>"systemctl" later on used to expect all c
On Wed, 16 Aug 2023 21:28:29 + (UTC), Jason Long via Openvpn-users
wrote:
>Hi Jochen,Thank you for your advice about the How-to articles.Can you answer
>my questions?
>1- What is the difference between /etc/openvpn and /etc/openvpn/server
>directories?
> I put my server.conf file in the
On 16.08.23 23:28, Jason Long wrote:
1- What is the difference between /etc/openvpn and /etc/openvpn/server
directories?
The systemd "unit files" that define the templates for the services you
"systemctl" later on used to expect all configs - whether for a server
or a client instance - to be
On Wed, Aug 16, 2023 at 6:27 PM, Jochen Bern
wrote: On 16.08.23 15:05, Jason Long wrote:
> I used
> "https://www.howtoforge.com/how-to-install-and-configure-openvpn-server-on-debian-10/";
> tutorial to create my OpenVPN server.
(No date on the article ... no date on the comments ... OpenVPN v
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
--- Original Message ---
On Wednesday, August 16th, 2023 at 15:55, Jochen Bern
wrote:
> However, if you worked along that how-to, your CA certificate is
> indeed using the CN of "server" (not "Server", but that might be a
> liberty
On 16.08.23 15:05, Jason Long wrote:
I used
"https://www.howtoforge.com/how-to-install-and-configure-openvpn-server-on-debian-10/";
tutorial to create my OpenVPN server.
(No date on the article ... no date on the comments ... OpenVPN version
not shown anywhere ... according to one systemctl
>On 16/08/2023 15:05, Jason Long via Openvpn-users wrote:
> On 16.08.23 12:23, Jason Long via Openvpn-users wrote:
>>> On Wed, Aug 16, 2023 at 06:35:01AM +, Jason Long wrote:
[...snip...]
> Hello,
> I used
> "https://www.howtoforge.com/how-to-install-and-configure-openvpn-server-on-debian-10/
On 16/08/2023 15:05, Jason Long via Openvpn-users wrote:
On 16.08.23 12:23, Jason Long via Openvpn-users wrote:
On Wed, Aug 16, 2023 at 06:35:01AM +, Jason Long wrote:
[...snip...]
Hello,
I used
"https://www.howtoforge.com/how-to-install-and-configure-openvpn-server-on-debian-10/";
tuto
On 16.08.23 12:23, Jason Long via Openvpn-users wrote:
>> On Wed, Aug 16, 2023 at 06:35:01AM +, Jason Long wrote:
>>> route 192.168.1.0 255.255.255.0
>>
>> This tells the server "put routing towards 192.168.1.0 into the VPN"
[...]
> So, what is the right IP for the following statement?
> route
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Edited for brevity:
--- Original Message ---
> On 16.08.23 12:23, Jason Long via Openvpn-users wrote:
> > I opened the ca.crt file on the client and clicked on the Details tab
> > and it showed me "CN = Server". So, I must change the "Test-
On 16.08.23 12:23, Jason Long via Openvpn-users wrote:
On Wed, Aug 16, 2023 at 06:35:01AM +, Jason Long wrote:
route 192.168.1.0 255.255.255.0
This tells the server "put routing towards 192.168.1.0 into the VPN"
[...]
So, what is the right IP for the following statement?
route 192.168.1.
Hi,
On Wed, Aug 16, 2023 at 06:35:01AM +, Jason Long wrote:
> I added the following lines to my server.conf:
>
> client-config-dir myclient
> ccd-exclusive
> route 192.168.1.0 255.255.255.0
>This tells the server "put routing towards 192.168.1.0 into the VPN",
>while 192.168.1.x is your LAN
On Wed, 16 Aug 2023 06:35:01 + (UTC), Jason Long via Openvpn-users
wrote:
>
>I added the following lines to my server.conf:
>
>client-config-dir myclient
>ccd-exclusive
>route 192.168.1.0 255.255.255.0
>multihome
>
>From the reference manual:
multihome
Configure a multi-homed UDP server
Hi,
On Wed, Aug 16, 2023 at 06:35:01AM +, Jason Long wrote:
> I added the following lines to my server.conf:
>
> client-config-dir myclient
> ccd-exclusive
> route 192.168.1.0 255.255.255.0
This tells the server "put routing towards 192.168.1.0 into the VPN",
while 192.168.1.x is your LAN ne
Hi,
On Tue, Aug 15, 2023 at 12:54:45PM +, Jason Long via Openvpn-users wrote:
> I did a tcpdump:
>
> # tcpdump --interface any udp port 2000 -n -v
> tcpdump: listening on any, link-type LINUX_SLL (Linux cooked v1), capture
> size 262144 bytes
> 08:50:47.761991 IP (tos 0x0, ttl 128, id 892, o
On Tue, Aug 15, 2023 at 5:57 PM, tincantech
wrote: -BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
--- Original Message ---
On Tuesday, August 15th, 2023 at 15:02, Gert Doering
wrote:
> Hi,
>
> On Tue, Aug 15, 2023 at 12:54:45PM +, Jason Long via Openvpn-users wrote:
>
>
On Tue, Aug 15, 2023 at 5:33 PM, Gert Doering wrote: Hi,
On Tue, Aug 15, 2023 at 12:54:45PM +, Jason Long via Openvpn-users wrote:
> I did a tcpdump:
>
> # tcpdump --interface any udp port 2000 -n -v
> tcpdump: listening on any, link-type LINUX_SLL (Linux cooked v1), capture
> size 262144
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
--- Original Message ---
On Tuesday, August 15th, 2023 at 15:02, Gert Doering
wrote:
> Hi,
>
> On Tue, Aug 15, 2023 at 12:54:45PM +, Jason Long via Openvpn-users wrote:
>
> > I did a tcpdump:
> >
> > # tcpdump --interface any
Hi,
On Tue, Aug 15, 2023 at 12:54:45PM +, Jason Long via Openvpn-users wrote:
> I did a tcpdump:
>
> # tcpdump --interface any udp port 2000 -n -v
> tcpdump: listening on any, link-type LINUX_SLL (Linux cooked v1), capture
> size 262144 bytes
> 08:50:47.761991 IP (tos 0x0, ttl 128, id 892, o
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
--- Original Message ---
On Tuesday, August 15th, 2023 at 10:57, Jason Long wrote:
> Hello,
> My OpenVPN server internal network IP is "192.168.1.20" and the IP address of
> client is "192.168.1.21". Both VMs can ping each other.
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
--- Original Message ---
On Tuesday, August 15th, 2023 at 10:57, Jason Long wrote:
> Hello,
> My OpenVPN server internal network IP is "192.168.1.20" and the IP address of
> client is "192.168.1.21". Both VMs can ping each other.
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Sent with Proton Mail secure email.
--- Original Message ---
On Monday, August 14th, 2023 at 22:11, Jason Long wrote:
> On Mon, Aug 14, 2023 at 11:47 PM, tincantech
>
> > wrote:
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA256
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Sent with Proton Mail secure email.
--- Original Message ---
On Monday, August 14th, 2023 at 22:11, Jason Long wrote:
> On Mon, Aug 14, 2023 at 11:47 PM, tincantech
>
> > wrote:
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA256
Hi,
Howto is here:
https://community.openvpn.net/openvpn/wiki/HOWTO
wkr
Pippin
--- Original Message ---
On Monday, August 14th, 2023 at 23:11, Jason Long via Openvpn-users
wrote:
> On Mon, Aug 14, 2023 at 11:47 PM, tincantech
>
>> wrote:
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash:
On Mon, Aug 14, 2023 at 11:47 PM, tincantech
wrote: -BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
--- Original Message ---
On Monday, August 14th, 2023 at 20:49, Jason Long wrote:
> On Mon, Aug 14, 2023 at 5:16 PM, tincantech
>
> > wrote:
> >
> > Hello,
> > Thank you so mu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
--- Original Message ---
On Monday, August 14th, 2023 at 20:49, Jason Long wrote:
> On Mon, Aug 14, 2023 at 5:16 PM, tincantech
>
> > wrote:
> >
> > Hello,
> > Thank you so much for your help.
> > I take a loot at
> > "https://bui
On Mon, Aug 14, 2023 at 5:16 PM, tincantech
wrote: -BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Sent with Proton Mail secure email.
--- Original Message ---
On Monday, August 14th, 2023 at 14:13, Jason Long via Openvpn-users
wrote:
> Hello,
> To increase the security of Op
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Sent with Proton Mail secure email.
--- Original Message ---
On Monday, August 14th, 2023 at 14:13, Jason Long via Openvpn-users
wrote:
> Hello,
> To increase the security of OpenVPN, I want to use the ccd-exclusive.
--ccd-exclusiv
Hello,
To increase the security of OpenVPN, I want to use the ccd-exclusive. I googled
it, but I could not find a good example. I just found the following question:
https://serverfault.com/questions/877201/limit-access-to-remote-server-via-particular-vpn
But, I really don't know what to do.
I mu
43 matches
Mail list logo