As described in msg <374a7eb7-f539-5231-623b-41f208ed8...@belkam.com> on
openvpn-de...@lists.sourceforge.net, clients that are compiled with
--disable-occ (included in --enable-small) won't send an options string.
Without the options string, the 2.4 server doesn't know which cipher to
use for poor
Hi
On 24.01.2017 13.56, David Sommerseth wrote:
> Perhaps we should consider to move the OCC stuff out of --enable-small?
>
> As --enable-small does save quite some bytes on --help and the OpenSSL
> error strings and lots of other places, my gut feeling is that OCC
> itself shouldn't increase the
Hello,
On 18.01.2017 11:21, Andreas Herrmann wrote:
> My guess:
> mssfix has a default value of 1450, which is to small nowadays:
> 1450 + 8 UDP header + 40 IPv6 header + 8 PPPoE header = 1506
>
> What would be the best way to solve that issue?
> - set mssfix to 1444 at client and server
> - wo
24.01.2017 16:55, Gert Doering пишет:
> Hi,
>
> On Tue, Jan 24, 2017 at 04:45:52PM +0400, Dmitry Melekhov wrote:
>> 24.01.2017 16:31, Gert Doering ??:
>>> Well. If you *know* which of the old clients have been upgraded to AES,
>>> you should be able to put "cipher AES..." into a ccd/ file
On 24/01/17 13:31, Gert Doering wrote:
> bug the router vendor
> in question not to use --enable-small and/or upgrade to 2.4.0"...
Perhaps we should consider to move the OCC stuff out of --enable-small?
As --enable-small does save quite some bytes on --help and the OpenSSL
error strings and lots
Hi,
On Tue, Jan 24, 2017 at 04:45:52PM +0400, Dmitry Melekhov wrote:
> 24.01.2017 16:31, Gert Doering ??:
> >
> > Well. If you *know* which of the old clients have been upgraded to AES,
> > you should be able to put "cipher AES..." into a ccd/ file for that client
> > (I haven't tested it
24.01.2017 16:31, Gert Doering пишет:
>
> Well. If you *know* which of the old clients have been upgraded to AES,
> you should be able to put "cipher AES..." into a ccd/ file for that client
> (I haven't tested it with 2.4.0-final - it worked for a hacked-together
> variant I did that later become
24.01.2017 16:31, Gert Doering пишет:
> Hi,
>
> On Tue, Jan 24, 2017 at 04:09:29PM +0400, Dmitry Melekhov wrote:
and found that servers successfully uses blowfish for some old clients,
but for others not:
>>> It depends on whether the client sends OCC info about its config - if it
>>> doe
Hi,
On Tue, Jan 24, 2017 at 04:09:29PM +0400, Dmitry Melekhov wrote:
> >> and found that servers successfully uses blowfish for some old clients,
> >> but for others not:
> > It depends on whether the client sends OCC info about its config - if it
> > doesn't send that (like "because it was compil
24.01.2017 15:43, Gert Doering пишет:
> Hi,
>
> On Tue, Jan 24, 2017 at 02:51:48PM +0400, Dmitry Melekhov wrote:
>> Unfortunately, some of our points still uses blowfish, but we can't
>> change cipher on all of them once,
>>
>> so we decided to upgrade servers to 2.4.0 and then , one by one, change
Hi,
On Tue, Jan 24, 2017 at 02:51:48PM +0400, Dmitry Melekhov wrote:
> Unfortunately, some of our points still uses blowfish, but we can't
> change cipher on all of them once,
>
> so we decided to upgrade servers to 2.4.0 and then , one by one, change
> client's ciphers.
>
> Don't know why, bu
Hello!
Unfortunately, some of our points still uses blowfish, but we can't
change cipher on all of them once,
so we decided to upgrade servers to 2.4.0 and then , one by one, change
client's ciphers.
Don't know why, but I decided to set default cipher on server to
AES-256-CBC ,
and
ncp-ciph
12 matches
Mail list logo