Re: [Openvpn-users] Problems setting up dual-stack OpenVPN server on a Windows 10 host

erally not done for v6. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...

Re: [Openvpn-users] openvpn udp server and vrrp

t* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de signature.asc D

Re: [Openvpn-users] Recently started IP/DNS leak?

s totally impossible to give a meaningful reply to this. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655

Re: [Openvpn-users] Recently started IP/DNS leak?

WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de signature.asc Description: PGP signat

Re: [Openvpn-users] Recently started IP/DNS leak?

is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de si

Re: [Openvpn-users] question about "WARNING: this cipher's block size is less than 128 bit"

hed), or have to move to a new server with a different "--cipher" in the config. Apologies for the inconvenience... this is why we have cipher negotiation and AEAD in 2.4... gert -- USENET is *not* the non-clickable part of WWW!

Re: [Openvpn-users] Can I preserve the tun device from being deleted on the client side after the connection was closed or the server side is unavailable?

everything on linux... gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de signature.asc Description: PGP signature

Re: [Openvpn-users] Can I preserve the tun device from being deleted on the client side after the connection was closed or the server side is unavailable?

(on BSDs, one would do "ifconfig tun4 create", but Linux' ifconfig cannot do that) gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@green

Re: [Openvpn-users] Problem with CPU usage when running with systemd on 2.4-rc1

Hi, please do not send HTML mails... On Thu, Dec 08, 2016 at 07:07:50PM +1100, Chris Anderson wrote: > Hi I have a problem with openvpn running from > systemd (not using the suplied systemd unit files) consuming 100% cpu on > single thread when running from systemd. When I run this from a root

Re: [Openvpn-users] Can openvpn use compressed config file directly, say ``--config file.tar.gz''?

part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de signature.asc Description: P

Re: [Openvpn-users] Can openvpn use compressed config file directly, say ``--config file.tar.gz''?

nt that can do this sort of redirect. But as said earlier, the benefits of using gzip'ed config files is minimal, given that the files are so small anyway. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Ge

Re: [Openvpn-users] Can openvpn use compressed config file directly, say ``--config file.tar.gz''?

around a container format like .tar or .zip either. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35

Re: [Openvpn-users] question about "WARNING: this cipher's block size is less than 128 bit"

Hi, On Sat, Dec 17, 2016 at 01:23:53PM +0100, David Sommerseth wrote: > On 17/12/16 11:13, Gert Doering wrote: > > (Main reason we can't stick to BF-CBC is that we use OTP passwords and > > with "reneg-bytes 64M" it's asking way too often for user+password...) > >

Re: [Openvpn-users] question about "WARNING: this cipher's block size is less than 128 bit"

Not saying that this is the way it has to be done, but it's a nice way to transact a large user base without a flag day. (Main reason we can't stick to BF-CBC is that we use OTP passwords and with "reneg-bytes 64M" it's asking way too often for user+password...) gert -- USENET is *n

Re: [Openvpn-users] Does windows (10) client need admin rights?

of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de signature.asc Description: PGP sig

Re: [Openvpn-users] Experts' opinions needed: Lack of AES-256-CBC support

rver side does this, and you'll see renegotiations in the log file. Of course, upgrading to 2.4 and using AES would be much nicer :-) gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich

Re: [Openvpn-users] Launching OpenVPN-GUI automatically on user login?

ot* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de signature.asc

Re: [Openvpn-users] Question about tls-crypt and port 443 firewall ducking

-choice? :-)) gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net

Re: [Openvpn-users] OpenVPN over ssh tunnel

in your openvpn config) gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net

Re: [Openvpn-users] 2.4, windows tap driver problem

rt of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de signature.asc Description: PGP

Re: [Openvpn-users] 2.4, windows tap driver problem

tive service, and running OpenVPN from the GUI? If not, you should :-) gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de

Re: [Openvpn-users] TLS Key negotiation failed

of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de signature.asc Description: PGP sig

Re: [Openvpn-users] 2.4, windows tap driver problem

erver, > tun address should be 192.168.31.6, gui says so, > > but real address on tun is 10.1.10.6. Log file? gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany

Re: [Openvpn-users] Experts' opinions needed: Is my VPN provider using weak or strong encryption algorithms?

n-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de signature.asc Descriptio

Re: [Openvpn-users] question about "WARNING: this cipher's block size is less than 128 bit"

Hi, On Thu, Dec 22, 2016 at 11:26:14AM -0500, Selva Nair wrote: > On Sat, Dec 17, 2016 at 5:13 AM, Gert Doering <g...@greenie.muc.de> wrote: > > > (Main reason we can't stick to BF-CBC is that we use OTP passwords and > > with "reneg-bytes 64M" it's aski

Re: [Openvpn-users] How to verify a working tunnel on the client side

he data channel and see if something useful comes back. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025

[Openvpn-users] [PATCH] Make ENABLE_OCC no longer depend on !ENABLE_SMALL

-off-by: Gert Doering <g...@greenie.muc.de> --- src/openvpn/syshead.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/openvpn/syshead.h b/src/openvpn/syshead.h index a1b6047..f445864 100644 --- a/src/openvpn/syshead.h +++ b/src/openvpn/syshead.h @@ -589,9 +589,7 @@ socket_defined

Re: [Openvpn-users] win10, openvpn gui latest, and openvpn 2.4 server tls negotiation configuration error

not need TCP *and* UDP, unless you run two server processes, one for TCP and one for UDP. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@gree

Re: [Openvpn-users] Fully automate openvpn setup and key generation on linux

*not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de sign

Re: [Openvpn-users] NCP ciphers negotiation question

o far" out, so 2.3 users can slowly migrate to AEAD. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025

Re: [Openvpn-users] win10, openvpn gui latest, and openvpn 2.4 server tls negotiation configuration error

ickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de signature.asc Descrip

Re: [Openvpn-users] Win10 default gateway not being redirected

s what happened here. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu

Re: [Openvpn-users] Win10 default gateway not being redirected

Hi, On Mon, Apr 24, 2017 at 01:36:02PM -0400, Selva Nair wrote: > On Mon, Apr 24, 2017 at 1:12 PM, Gert Doering <g...@greenie.muc.de> wrote: > > > ... except that it really shouldn't do this, if you running the GUI without > > Admin privileges... which you *are* doin

Re: [Openvpn-users] Win10 default gateway not being redirected

t you? gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.inform

Re: [Openvpn-users] --no-iv option deprecation

"do not just hijack existing threats" first. gert PS: yeah, someone will come and yell at me that I'm so mean. Go for it. -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany

Re: [Openvpn-users] Fwd: --no-iv option deprecation

is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de signature.asc Descriptio

Re: [Openvpn-users] VPN without encryption and auth

x. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de signature.a

Re: [Openvpn-users] VPN clients disconnecting since 2.4

gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu

Re: [Openvpn-users] Default behaviour of ncp-ciphers on the server

(unless you put it there). (As a side note: please upgrade to 2.4.3) gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fa

Re: [Openvpn-users] Issue with single user, implicit ncp-ciphers connections

e - do not use --ncp-disable and varying --cipher settings unless there is a very specific situation that you need this for gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany

Re: [Openvpn-users] Issue with single user, implicit ncp-ciphers connections

t help (because that will ensure the server knows "client went away") - but otherwise, this is turning into a "if I do this, it hurts" - "then don't do this" thread. gert -- USENET is *not* the non-clickable part of WWW!

Re: [Openvpn-users] logrotate

a copy and truncate trick. > > Is there a "proper" way now to use the Linux logrotate feature without the > copytruncate option? --syslog? gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de

Re: [Openvpn-users] push vs. client file options

ds to be correct before a connection can be established at all. So, not pushable. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@green

Re: [Openvpn-users] Openvpn and samba

You can make them listen to the tun IP on the server, and restrict client access to "openvpn client IPs" - that should work. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doerin

Re: [Openvpn-users] Win10 default gateway not being redirected

ted packets going to your VPN server (and traffic local to the LAN network). gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89

Re: [Openvpn-users] --no-iv option deprecation

the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de signature.a

Re: [Openvpn-users] Is it possible for a server to set up one tun interface for each of the client?

- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muench

Re: [Openvpn-users] standby tunnel

//www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de signature.asc Description: PGP signature

Re: [Openvpn-users] standby tunnel

* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de signature

Re: [Openvpn-users] standby tunnel

on-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de signature.asc Description: PGP signature

Re: [Openvpn-users] standby tunnel

not answer *why* it thinks it wants to send a packet. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-356550

Re: [Openvpn-users] standby tunnel

l packet (maybe it *is* a --ping packet after all). gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025

Re: [Openvpn-users] Request 2.4.2-openvpn .deb package that is compatible with Debian Stretch

ess to the internal of X509_OBJECT OpenSSL: don't use direct access to the internal of RSA_METHOD OpenSSL: SSLeay symbols are no longer available in OpenSSL 1.1 OpenSSL: use EVP_CipherInit_ex() instead of EVP_CipherInit() Eric Thorpe (1): Fix Building Using MSVC Gert Doe

Re: [Openvpn-users] Remove me, please

/lists/listinfo/openvpn-users ... this is what is appended to every single mail, so you can click on it and remove yourself. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering -

Re: [Openvpn-users] * UPDATE * OpenVPN v2.4.3 and v2.3.17 releases

your VPN, and bored kids can find out which networks you use internally in the VPN and can send packets there, upgrade. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany

Re: [Openvpn-users] learn address script

rather hard to use openvpn. It's always nice to hear kind words from users :-) gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de f

Re: [Openvpn-users] learn address script

g "auth-retry nointeract" might be what you need on the client side to work karound this. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany

Re: [Openvpn-users] openvpn server / Windows Server 2016 Standard / assign server IP problem

d --topology subnet > nowadays. net30 exists because ptp didn't work on windows and nobody had one subnet yet :-) gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany

Re: [Openvpn-users] standby tunnel

the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de signature.

Re: [Openvpn-users] standby tunnel

gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de signatu

Re: [Openvpn-users] standby tunnel

tion" to be "initiated", as everything is static anyway. So it's not fully clear to me what it is doing there. (But I've never used static key mode in earnest, so I'll learn something new here :) ) gert -- USENET is *not* the non-clickable part of WWW!

Re: [Openvpn-users] Packet flow and ICMP/MTU question

rt -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-mu

Re: [Openvpn-users] Packet flow and ICMP/MTU question

ween openvpn and the "tun0 thing" in the kernel, and iptables/routing are really on the "app side" of the tun0). Language can be confusing. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~ger

Re: [Openvpn-users] standby tunnel

Worth a test. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.info

Re: [Openvpn-users] standby tunnel

on program end" :-) gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@n

Re: [Openvpn-users] Need help with Ubuntu 16.04 LTS OpenVPN 2.4 Dual-Stack Server Firewall Configuration

t router's LAN and WAN interface) when you do the traceroutes, and see where the packets show up gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@gre

Re: [Openvpn-users] Need help with Ubuntu 16.04 LTS OpenVPN 2.4 Dual-Stack Server Firewall Configuration

like "firewall" to me. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025

Re: [Openvpn-users] Need help with Ubuntu 16.04 LTS OpenVPN 2.4 Dual-Stack Server Firewall Configuration

n. Have you been following the check list in my "it's always routing" mail? If yes, what's the outcome? gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany

Re: [Openvpn-users] Packet flow and ICMP/MTU question

cond set of firewall rules, but those are "OpenVPN pf rules", not related (and not visible to) host side iptables. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany

Re: [Openvpn-users] Packet flow and ICMP/MTU question

gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de signature.asc Description: PGP signature -

Re: [Openvpn-users] Packet flow and ICMP/MTU question

it back *after firewall inspection*. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025

Re: [Openvpn-users] Request 2.4.2-openvpn .deb package that is compatible with Debian Stretch

o have Strech-compatible .deb for future relases which are not going to be available out of the box right away) gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, G

Re: [Openvpn-users] Need help with Ubuntu 16.04 LTS OpenVPN 2.4 Dual-Stack Server Firewall Configuration

le forwarding (because "traditionally", routers do not listen to router advertisements) /proc/sys/net/ipv6/conf/default/accept_ra /proc/sys/net/ipv6/conf/enp0s25/accept_ra gert -- USENET is *not* the non-clickable part of WWW!

Re: [Openvpn-users] standby tunnel

Hi, On Fri, Jun 09, 2017 at 08:09:13PM +0200, richard lucassen wrote: > On Fri, 9 Jun 2017 08:22:11 +0200 > Gert Doering <g...@greenie.muc.de> wrote: > > > > Setting verb to 8 makes a lot of noise :) That's why I just looked > > > with tcpdump. > > >

Re: [Openvpn-users] dual-stack setup on OpenBSD?

One possible workaround might be to use pf(4) on the server to setup a v6/v4 rdr NAT rule and have the firewall provide the "dual-stacking", but I'm not sure it actually works - never tried. But let's see the server logs first. gert -- USENET is *not* the non-clickable part of WWW!

Re: [Openvpn-users] OpenVPN per client cipher

pher patch - this is definitely useful. Interaction with NCP needs a bit more thought, it seems. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...

Re: [Openvpn-users] Donation

gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de

Re: [Openvpn-users] Why the tun device hasn't mac address?

WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de signature.asc Description: PGP signat

Re: [Openvpn-users] Why the tun device hasn't mac address?

rt of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de signature.asc Description: PGP

Re: [Openvpn-users] OpenVPN with LZ4

ut running "ldd openvpn" on your openvpn binary - if liblz4. shows up, it needs the dynamic library. Everything that does *not* show up is built-in (or not a direct dependency). gert -- USENET is *not* the non-clickable part of WWW!

Re: [Openvpn-users] explicit-exit-notify is ignored by previous blocks.

-- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de signature.asc Description: PGP signature

Re: [Openvpn-users] tcp-client: large ping during transfers (fwd)

stop the kernel from doing its own stuff, which it mostly "buffering" for "packets inside a TCP stream"). gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, German

Re: [Openvpn-users] Client mobility in bridged mode

@ mailing lists, as not all OpenVPN developers interested in "network" are subscribed to -users gert -- now what should I write here... Gert Doering - Munich, Germany g...@greenie.muc.de signature.asc Description: PGP signature

Re: [Openvpn-users] Management interface "echo" command standardization

eave the specifics of that to you :-) (I'm sure Arne will have some ideas as well) gert -- now what should I write here... Gert Doering - Munich, Germany g...@greenie.muc.de signature.asc Description: PGP signature ---

Re: [Openvpn-users] keepalive/connect-retry interaction

e in your logs that the remote "went away", but protocol-wise, it does not go away either - there is no connection setup / teardown in p2p-static-key mode. Just "packets that can be decrypted" and "remote IP address to send to-be-encrypted packets to&qu

Re: [Openvpn-users] Force connections/DNS lookup only over IPv4?

.x.y 1194 > > that is the IPv4 address. Was wondering if there is an option (like that > in SSH) to explicitly provide for an address family: Just use "protocol udp4" to force IPv4-only (or "tcp4"). gert -- now what should I write here... Gert Doering - Munich, Ger

Re: [Openvpn-users] Force connections/DNS lookup only over IPv4?

s hard, sorry. gert -- now what should I write here... Gert Doering - Munich, Germany g...@greenie.muc.de signature.asc Description: PGP signature -- Check out the vibrant tech community on o

Re: [Openvpn-users] Displaying messages to users by means of the GUI?

lude the --pull-filter. > > Would running openvpn-GUI on the modified config negate the pushed echo? Of course it would. If you filter push messages, they do not arrive. As for any other pushed option. gert -- now what should I write here... Gert Doering - Munich, Germany

Re: [Openvpn-users] Displaying messages to users by means of the GUI?

ary which does whatever he wants) gert -- now what should I write here... Gert Doering - Munich, Germany g...@greenie.muc.de signature.asc Description: PGP signature -- Check out the vibrant te

Re: [Openvpn-users] migrating from lzo to lz4

t;); push @outline, 'push "compress lz4"', 'compress lz4'; (the server can speak different compression algorithms at a time, but for reasons lost in the mists of time it needs to be told what to expect - even though the compression byte is actually telling it) gert -- now what sh

Re: [Openvpn-users] tcp-client: large ping during transfers (fwd)

routers / carrier-grade NAT boxes", etc. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025

Re: [Openvpn-users] tcp-client: large ping during transfers (fwd)

m achievable limit will make sure the queues are never filling up. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.d

Re: [Openvpn-users] tcp-client: large ping during transfers (fwd)

"large buffers with smart queueing" vs. "shallow buffers, drop early, leave this to the upper layer protocol to sort out") gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich,

Re: [Openvpn-users] arp over routed VPN

not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de signat

Re: [Openvpn-users] tcp-client: large ping during transfers (fwd)

rch on over the last 20 years. But that's quite a bit of work... gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-3565

Re: [Openvpn-users] Push explicit-exit-notify ?

gert -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert

Re: [Openvpn-users] dd-wrt router openVPN server version and client version must be the same?

eral, you should be fine. gert -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein,

Re: [Openvpn-users] Push explicit-exit-notify ?

myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany g...@greenie.muc.de signatu

Re: [Openvpn-users] Push explicit-exit-notify ?

If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert

Re: [Openvpn-users] OpenVPN network throughput vs raw network throughput

Hi, On Fri, Jun 08, 2018 at 11:27:42AM +0200, Gert Doering wrote: > So "TCP over naked IP" is exactly what you want to compare to "TCP over > OpenVPN over UDP/IP" - so "iperf3 tcp" is a valid test for "how does > the performance vary if OpenVPN/UDP i

<    1   2   3   4   5   6   7   8   9   >