yourconfig.ovpn
(or whatever the path is on your system) and look at the output.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax
parsers on Windows...
(just using / as a path delimiter should work, btw :) ).
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49
, CyanogenMod with rooted OpenVPN, using tun/tap directly and
not the VPN API might indeed work.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g
effects.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu
(how should it?), but it will just plainly ignore your packets now...
but no packets go through the interface anymore.
...mission accomplished :-)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering
!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de
pgp1hIHjqN_pB.pgp
Description: PGP signature
this from occurring?
How do you start OpenVPN?
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025
Hi,
On Sat, Jan 10, 2015 at 07:43:42PM +0100, Chris wrote:
On 01/10/2015 07:32 PM, Gert Doering wrote:
(A slightly more detailed answer would require a slighly more
detailed question - tun or tap mode, what exactly do you want to
achieve, how is the client identified, ...)
sorry, it's
!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de
pgpEZqY_8wF4z.pgp
Description: PGP signature
/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de
pgpCdmRl1wSLZ.pgp
Description: PGP signature
--
Dive
/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de
pgpUn5x_z4KKr.pgp
Description: PGP signature
--
Dive
(community vs. OpenVPN Tech), different bugs...
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g
of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de
pgpLDQzoY87zq.pgp
Description: PGP signature
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de
pgpgCrZ56mecg.pgp
.) is welcome - the patch will not
affect anyone else, so it's not easy to test.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de
=/usr/ (Below mention error I am getting )
This is a pfsense question, please ask there.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g
!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de
pgptFCRd_r4i0.pgp
Description: PGP signature
of OpenVPN tunnels
(tunnel from *here* to *there*, these IP addresses in *this* tunnel,
...).
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g
!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de
pgpWDvJzFLzkW.pgp
Description: PGP signature
to steal *that* from another client, there's far worse
attacks (inject spoofed traffic, etc).
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g
!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de
pgpk0TEcpRkSJ.pgp
Description: PGP signature
subnet to the
server config.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g
!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de
pgpp4mHgHgCTQ.pgp
Description: PGP signature
!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de
pgpINvY9Dgf3F.pgp
Description: PGP signature
and the client cert
with build-key...
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g
/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de
pgpUdrA2XK5AY.pgp
Description: PGP signature
--
One
.
[..]
I'm not sure why 2.2 is not complaining - but the reason it's complaining
in 2.3 is that it wants to resolve netmask into something to be used
for [alias]...
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert
annoying, but no lever to break into
a system.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025
% of
the use cases are because someone said so.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025
of hackery depending on the
way openvpn is started on the clients.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89
to run a script (-route-up cmd) in order to
add a host route for the local hotel gateway which is very likely in the
10/8 network.
redirect-private :-)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert
Hi,
On Wed, Jun 03, 2015 at 09:36:33AM +0200, Mathias Jeschke wrote:
On 2015-06-03 at 09:27 Gert Doering wrote:
You will probably also need to run a script (-route-up cmd) in order to
add a host route for the local hotel gateway which is very likely in the
10/8 network.
redirect-private
work for you.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu
an ip address also used by one of your servers - but to fix *that*,
you'd have to go down the use NAT on the server tun route...)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany
[with
--multihome!] and use firewall rules to reject packets to addresses you
do not want to see exposed, or run multiple OpenVPN processes - none of
this is perfect)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert
/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de
pgpsm0soUrsf8.pgp
Description: PGP signature
!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de
pgpJx0u4eTpi0.pgp
Description: PGP signature
=20041123140412341
Website and link is no longer available.
thanks
PS: where would you prefer this to be reported ?
trac, category documentation
thanks,
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert
own...
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu
or multicast work, for example, or AIX machines
that do not have tun interfaces) but usually tun is the better choice.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany
!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de
pgpjNFbH1ojl8.pgp
Description: PGP signature
--
Don't
is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de
pgpqKTkNIohA5.pgp
the client config is already known
(to *tell* the plugin what the address is).
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax
!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de
pgp6KAT409Gqv.pgp
Description: PGP signature
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de
pgpyNWevZvHoF.pgp
activates --tls-server and all
the to-multiple-clients thing, while --client implies --tls-client,
but both --tls-* options can be used standalone)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering
!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de
pgp3UJGSTBbSL.pgp
Description: PGP signature
OpenVPN knows that
this /64 is on the client side.
You have the iroute for IPv4, so adding iroute-ipv6 for IPv6 *should*
be the logical conclusion... :-)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert
part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de
pgp2AP7D7YQI1.pgp
Description: PGP signature
is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de
pgpLbgBXoJRkn.pgp
Description: PGP
on.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de
- like, your hardware accelerates 3DES and you use
--cipher blowfish...)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89
, to keep the NAT state current
Remedy 3: use IPv6, which does not have these NAT issues...
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g
!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de
/2.3 branch) has
all the necessary fixes, and will lead to a 2.3.8 release very soon.
Apologies for the mess.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany
anymore.
Yes, please!
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g
as well - but then, it should not be
necessary given normal source address selection rules...
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g
be fixed)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de
si
do not know all the options yet, some
really pre-date my involvement by a long time.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax:
ient.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informa
to solve this.
I'll give the patch a closer look - and would appreciate a few more
testers that actually have seen the problem - and then it could go
into 2.3 + git master. So, "early ack" here :-)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenc
y to destination prefixes
("ip rule to 8.8.8.8 table ...").
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.m
nvpn what you want and let openvpn do the right stuff for your
system.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.d
!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de
pgpxb45mSHvAQ.pgp
Description: PGP signature
!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de
pgp0xqQrFoNtC.pgp
Description: PGP signature
will not interfere with that, so in general, yes.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g
ion to peer
Which openvpn version is that? Are you using "--remap-usr1 SIGTERM" in your
config?
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany
t* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de
pgp30awFDgdb
ng?
You'd only see the VPN server's IP address externally if the VPN server
uses NAT on your packets - which is by no means required (none of my
VPN servers do).
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Ger
so it seems to be UDP all right.
("danted" on Ubuntu used on the proxy server)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany
from
within OpenVPN. "--proto udp6" *should* work, though I have not found
a SOCKS server yet that can actually do UDP+IPv6... (ssh -D can do
IPv6, but only TCP...)
gert
--
USENET is *not* the non-clickable part of WWW!
//www
Hi,
On Wed, Sep 23, 2015 at 06:22:06AM -0400, Alan McKay wrote:
> On Wed, Sep 23, 2015 at 3:49 AM, Gert Doering <g...@greenie.muc.de> wrote:
>
> > I have the nagging suspicion that you're talking about OpenVPN AS?
> >
> > "Community" OpenVPN
suspicion that you're talking about OpenVPN AS?
"Community" OpenVPN has no idea what a "profile group" might be...
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
G
vironment? For "modulo
operations", this should be good enough...
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
f
s on the server side to set up
routing.
But you can, of course, just install local firewall rules on the server
to reject all connection attempts to the .1 address.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~
65.65.60), 30 hops max, 60 byte packets
Second half.
> >> traceroute to spiegel.de (62.138.116.3), 30 hops max, 60 byte packets
First half.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering
nfigs needs admin privilege.
>
> It would be useful to have support for such usage in the official GUI.
Indeed, this sounds useful as well. No idea what is missing, though...
gert
--
USENET is *not* the non-clickable part of WWW!
Hi,
On Wed, Dec 09, 2015 at 04:03:37PM -0500, Jonathan K. Bullard wrote:
> Inspired by Gert Doering (but don't blame him for any of my bad ideas
> : ), I'm considering adding a feature to Tunnelblick (a FOSS GUI for
> OpenVPN on OS X) that would allow a standard user on a Mac to instal
"manifest" before...)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.info
quot;LAN2" appears to use different addresses
when seen from the VPN
- ...
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@gr
;.
(And who would run a server on Windows anyway?)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35
cause on Ubuntu, this is an unknown option -> error.
make it
setenv opt block-outside-dns
instead
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@
!!"
- otherwise some testers reported DNS latencies in the first few minutes
of VPN usage.
(Lev, Valdikss, feel free to chime in and explain better)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert
running OpenVPN
with user privs?
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025
Hi,
On Fri, Dec 11, 2015 at 11:08:16AM -0500, Selva Nair wrote:
> On Fri, Dec 11, 2015 at 6:51 AM, Gert Doering <g...@greenie.muc.de> wrote:
>
> > We had vetos on this in the past (because we want to go for the iService),
> > but for 2.3, I would welcome such a
Hi,
On Tue, Jan 05, 2016 at 10:59:54AM +0100, Ralf Hildebrandt wrote:
> * Gert Doering <g...@greenie.muc.de>:
>
> > Last time I tested on Win7/64, the 32 bit executables worked just fine
> > (this is how I noticed that installing 64 bit onto a system that already
e part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de
signature.asc
Description:
ENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de
signature.asc
Descr
a bit of time and energy.
Some patches for "support different routing table IDs" are floating around,
but they are all somewhat incomplete, and partially buggy.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~g
dy
has a 32 bit version installed causes two versions to be there...)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-
etting up something
in an --up script. But I'm not aware of any ready-made implementation.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie
on-problem.
It's a windows-only option, and really *relevant* only on Win8 and Win10.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.
will not know about the
installation, and that the binaries will reside in /usr/local/ not /usr/
Just looking at the "openvpn" binary, no difference.
gert
--
USENET is *not* the non-clickable part of WWW!
//ww
cial binary is signed -
but besides this, it's still built from the very same source tree)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
u distrust your VPN clients - is to permit everything coming in via
tun0
iptables -I INPUT -i tun0 -j FORWARD
(or similar to this, typing from memory)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Ger
ert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-
art...
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-mue
uipment
right now to test it.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de
signature.asc
Description: PGP signatu
101 - 200 of 863 matches
Mail list logo