raffic too...)
- --
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
On 2021-11-07 at 13:55, g...@greenie.muc.de wrote:
> Hi Community,
>
> OpenVPN supports HTTP proxies that require
I've thrown the win2K12 away - moved the existing config directory to Win10
and it "just worked". No idea what was really behind this issue - no worse
off with Win10 - so forwards I go ;-)
On Wed, Jun 27, 2018 at 8:39 AM Selva Nair wrote:
> Hi,
>
> On Tue, Jun 26, 2018 at
s fine - so this is definitely a working config - just not for Win2012.
Both ends are fully patched and the Windows installer was grabbed yesterday
from openvpn.net
Any ideas appreciated
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint:
-key clients would work on the new IP but fail on
the old. Then after we see no more old-key connections, change the old IP
server config to match the new.
(I don't want to use more ports because we already use the good ones ;-)
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigat
new one
5. rotation is now complete
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
--
Check out the vi
the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> ___
> Openvpn-users mailing list
> Openvpn-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
>
>
-
does "client-disconnect" block all clients until it completes - that
would explain everything? (because clients have "ping-restart 20")
Thanks
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0
from %s (si=%d op=%s)"
All I know is that if I saw that "unroutable" message, I would be 100%
thinking about network and firewall problems - I would never have thought
this was anything else
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +
how a website
Hmm, on second thoughts, this would be easier/cleaner to do in Apache via
mod_proxy...
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C
erver, they'll still be happy, and then
when I migrate the server to 2.4, they all auto-update to AES
Is that correct? That would be perfect as then no dual infrastructure would
be required
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation
f Blowfish to AES? That would be great - certainly worth waiting
for :-)
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
-
GIT version of the
server because of my desire for the peer-id data, but I'd rather be vanilla
to be honest :-)
Thanks again!
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5E
uming the most bandwidth. Provides multi-vendor support for NetFlow,
> J-Flow, sFlow and other flows. Make informed decisions using capacity
> planning reports. http://sdm.link/zohodev2dev
> ___
> Openvpn-users mailing list
>
_
> Openvpn-users mailing list
> Openvpn-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
>
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Finge
ease of
Win10 to the public has this characteristic and then openvpn will be toast?
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF
s systemd based). There is no "*dnsmasq*" service at all - it's just
something that NetworkManager calls somehow - but doesn't bother to keep
tabs on.
I think I might just go back to Fedora, I have not been enjoying the
experience ;-)
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigati
s the problem - but restarting the
entire network stack just to fix DNS is not a solution...
Anyone else figured that out? This is Ubuntu 16.04. Thanks!
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6
tarted, openvpn logs
get to report "Initialization Sequence Completed", system crashes.
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6
actually work for
some of our users when travelling to certain countries...
Yes this is a obfuscation trick, but one that uses 99% of existing code :-)
and yes I know this could be hacked together using stunnel/socat/etc. But
notice the phrase "hacked together"
--
Cheers
Jason Haar
I
;
rather than anything finer-grained. Or they would make a domain group
called "Openvpn Users" and use it to control who gets openvpn - and
therefore also has the ability to run it
Jason
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
an --up script. But I'm not aware of any ready-made implementation.
>
> gert
>
>
>
> --
>
>
> ___
> Openvpn-users mailing list
> Openvpn-users@lists.sourceforge.net
> https://lists.sourceforge.net/li
n work with this :-)
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CA
use .1 on the server, so would "ip-win32 dynamic 1" make the client
think the DHCP server was on 192.168.0.1? That would be perfect
#This defines the "dhcp" range
mode server
tls-server
push "topology subnet"
ifconfig 192.168.0.1 255.255.255.0
ifconfig-pool 192.168.0
's no UDP error checking built into openvpn, then shouldn't
DNS lookups (ie udp inside a udp openvpn tunnel) fail a lot? Or is the
Internet generally so reliable that it doesn't matter? (eg 1% packet
loss on Internet leads to 1% packet loss inside openvpn tunnel?)
--
Cheers
Jason Haar
Corporate Infor
at's just as likely to be open and you are less likely to hit a
transparent proxy
Also, you had tcp/80 first and then udp/1194 - which I think is the
opposite order to what you wanted? ie openvpn works from the top of the
config downwards
--
Cheers
Jason Haar
Corporate Information Security Manager
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
ports in my suggestion because an openvpn server may have
multiple ports available to all clients - so they're not unique)
Thanks
PS: actually, I've seen this with the Chrome client too. Totally bugs on
the client - but it kills the server
--
Cheers
Jason Haar
Corporate Information Security
favorite sounds useful, but is poorly supported
Timezone (101) option because your computer's timezone should always
come from your physical location - not the remote end of a VPN tunnel. I
think a lot of DHCP options aren't needed for the same reason
--
Cheers
Jason Haar
Corporate Information
it to the correct value, but we're
trying to make the application work like it does on the LAN - ie
auto-configure)
Obviously I'm running this in routing mode - not bridging (because then
it would be working! ;-)
Thanks!
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble
learn how to walk before going crazy on people's routing
tables ;-)
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
signature.asc
Description: OpenPGP digital
option 3 is the only way:
allow the user to connect, get server to query client to find out local
routing table and then reconfigure the client to match conditions where
appropriate
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP
than the
server, shouldn't it either error - or set itself to the same value?
(and it isn't listed as pushable either). This seems such an obvious
case for something else to happen?
On 22/05/15 16:05, Jason Haar wrote:
Hi there
We've got a working openvpn server successfully supporting
Linux
the Chromebook.
Has anyone got the current Chromebook working with openvpn? I'd love to
know what you did ;-)
Thanks!
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
address
Doesn't --ping take care of that? Keepalive packets should mean the
TCP/UDP NAT session sees enough traffic to stop any NAT firewall from
timing it out (assuming ping is 30sec). That in turn should stop the
firewall needing to change port numbers
--
Cheers
Jason Haar
Corporate Information
On 19/04/15 12:05, Jeff Mitchell wrote:
Unless the NAT implementation is broken. Read up a bit in the thread :-)
Ohh! :-)
(but there are no broken NAT implementations! Say it ain't so!)
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481
the external
will all be encrypted openvpn traffic - so it's not very interesting)
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
Do any of them affect openvpn if it's set to use tls-auth (as recommended)?
ie is openvpn immune from these if the bad guys don't have copies of
your tls-auth file
Thanks
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP
impact too of course
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
--
Dive into the World
54.243.31.231
54.244.52.199
54.245.168.39
54.248.220.39
54.250.253.231
54.251.31.135
54.252.254.199
54.252.79.167
54.255.254.231
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D
On 29/01/15 09:15, Stefan Monnier wrote:
Reviewing code is too time consuming. Instead, I just download such
crap through a VPN, this way I know I'm secure
make sure it uses AES!!! Really important
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1
set trimble-openvpn
DependOnService Dhcp tap0901 NUL 21
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
struggled through getting my new Chromecast
to even work on 3 different wifi networks - broadcast based issues
again... (btw: multicast == broadcast in this email ;-)
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
--
Download BIRT iHub F-Type - The Free
, although I haven't tested)
Thanks
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
--
Meet
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
--
Want excitement?
Manually upgrade your production
script ;-)
Thanks!
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
--
Want excitement
Doering wrote:
On Wed, Sep 03, 2014 at 06:41:17PM +1200, Jason Haar wrote:
Anyway, has anyone out there found out how to do this and is willing to
share? :-)
I have no direct answer, but maybe using Tunnelblick instead of raw
openvpn would just solve this for you? (It's a very nice MacOS gui
in 2006
so maybe it doesn't work on the newer OSes?
Anyway, has anyone out there found out how to do this and is willing to
share? :-)
Thanks!
PS: I'm using this
http://openvpn.net/archive/openvpn-users/2006-10/msg00120.html
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble
it to resolver #1 instead of
resolver #2. Once that is fixed, it should all work?
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
- it simply seems
to be sleeping without doing anything? BTW I download this logfile an
hour after the client tunnel disappeared after the IP change - the last
line in the logfile was an hour old - so there's no sign of openvpn
doing anything since.
Any ideas?
--
Cheers
Jason Haar
Corporate
disconnected
I had some cleanup code in 4 which meant the server turned around
and killed the 3 instead of the 1 - not what I wanted ;-). Still -
all fixable thanks to the wondrous scripting options openvpn gives us :-)
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd
not
define tls-cipher on the clients, only the server. So am I correct in
saying that an openvpn network using tls-auth plus client certs should
be effectively immune to MiTM attacks, thereby making it OK to leave as
much decision making as possible to the server?
Thanks!
--
Cheers
Jason Haar
Corporate
a vast range of Internet between the two that I know nothing
about, so it's not worth mentioning ;-)
Thanks!
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
to the management port and went
through the options that help showed - nothing seemed to show me such
details? (eg status 2)
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
environment variables, there's no such details from
the clients getting through
Have I missed something? Thanks!
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
if they are travelling to other
countries. We have gateways all over the world and users typically don't
use the optimum one - they use the one that worked last time. And then
they complain how slow VOIP is over it ;-)
In the words of immortal Devo: Freedom from choice: is what you want ;-)
--
Cheers
Jason
What feature does --remote-random-hostname give you that having a
10second TTL on one DNS record wouldn't?
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
, but the Universe can
always engineer a better fool
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
, openvpn doesn't do
standard TLS negotiation (at least if you are using tls-auth as you
should be) - so some layer7 firewalls
could potentially even block openvpn on tcp port 443 - however, most
don't :-)
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
- otherwise you will get burnt)
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
signature.asc
Description: OpenPGP digital signature
60 matches
Mail list logo