does not matter where the user is connecting from.
Selva
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
ross-signed-cert.crt new-server-cert.crt
It should show the cross-signed certificate at depth 1 linking the new
server certificate to the old CA at depth 2.
Direct verification using new CA would be
$ openssl verify -show_chain -CAfile new-ca.crt new-server-cert.crt
Selva
>
>
> Thanks Selva for the link! Two rounds will be a bit laborious as there
> are many endpoints. If I have to go for option A (Stacked CAs on all
> clients, stacked CAs on the server then update the server), is there a
> downside with leaving an expired CA cert on all the c
one round of client updates as
also discussed in that thread. I have used OpenSSL CLI in the past for this
but do not have a recipe at hand. No idea whether easyrsa could do it.
Selva
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
diagnose anything on their own, and I preferred to go
through the client and server logs.
Regards,
Selva
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
ious, is there any reason why you would prefer Connect
over OpenVPN-GUI? Apart from the superficial looks, that is
Thanks,
Selva
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
config file. That said, if OpenVPN was started with verb >= 4,
check the log file. Almost all settings are output to the log at that
verbosity.
Selva
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
323#artifacts
Selva
>
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
want to try out a fixed version, use openvpn.exe from the GHA build
here:
https://github.com/selvanair/openvpn/suites/11479839963/artifacts/592797275
Just replacing the one installed in C:\Program Files\OpenVPN\bin with this
should do.
Selva
___
Openvpn-us
.0 release. It will be in 2.6.1 release.
Selva
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
is a
patch in the works to hide those from the user though the data will still
remain in memory.
Selva
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
ference?
tcpdump could also help figure out why there are two smb streams one using
LAN IP and other using the VPN, which is carrying what traffic, which one
gets established first etc..
Selva
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
On Fri, Sep 23, 2022 at 5:07 PM Sebastian Arcus
wrote:
> On 23/09/2022 14:48, Selva Nair wrote:
> > Having said that, I took another look at the routing table on the
> Win10
> > client and noticed something odd. The only /32 routes I could find
> are
> &
-- remote could be made to
resolve
always to the public IP (via NAT) or to the LAN IP while on LAN. However,
in both cases a bypass
route is not required in this particular setup.
Selva
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
eleases for the client and server --- tunnelblick as client should be
okay. It's not possible for us to reproduce what a viscosity client or
server may be doing.
Selva
>
> Logically you might think that the reason the clients are being kicked off
> after a minute or so with management-
t's a pity that there is so much out-dated info about OpenVPN on Windows
out there.
Selva
On Tue, Jun 28, 2022 at 12:31 AM Jordan Hayes
wrote:
> The other thing that's always driven me crazy is that the client needs
> to have the "run as administrator" bit set, and it doesn't happen
and even setting its startup to auto should be
safe now as we have a folder exclusively meant for auto-start ones
(config-auto). This was not the case with older versions.
Selva
> However, the 'Interactive-Service' *is* installed by default.
>
> This feels *needlessly* complicated.
by the GUI is installed by default.
Selva
On Sat, Jun 25, 2022 at 3:09 PM Austin Witmer
wrote:
> Hello all!
>
> I am setting up an OpenVPN server on a windows server for a client, but
> ran into the problem where the openvpn service in services doesn’t pick up
> the config files I pl
is indeed the case.
As a quick fix, username@domain instead of domain\username may work with
your server.
Selva
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
em connect to each other, or can one connect to the other in Client mode
> while
> the routing will be both ways?
I do not know about bullit-in OpenVPN in ASUS routers, but typically
you would run one as a server and the other as a client although
point-to-point is also
-pass-verify
process. But, with only private-key password, that is not an option.
By the way, remapping signals or changing persist key has to be done
in the client config (not on server) for it to have any effect on how
signals are interpreted by the client or whether the key is
On Tue, Nov 23, 2021 at 11:13 AM Selva Nair wrote:
>
>
> On Tue, Nov 23, 2021 at 8:51 AM Ralf Hildebrandt <
> ralf.hildebra...@charite.de> wrote:
>
>> Yeah, it's in german, but anyway:
>>
>> https://www.heise.de/news/FBI-warnt-vor-Einbruechen-via-VPN-Softw
use and not saved anywhere. I know of no
GUI versions where this was not done.
Selva
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
gt;
"keepalive 5 30" on server leads to
push "ping 5"
push "ping-restart 30"
So try adding those two lines after push-reset:
Selva
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
is pretty long (60 sec or 120sec
for UDP?). But too small a value would cause unwanted failures.
That said, ping restart also takes a while to trigger, so there is not much
you can do to avoid a period of broken tunnel.
Selva
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
need "RESTART,[N]" to move to the next server. Not sure [2] would work..
Please test.
Unfortunately this command is very poorly documented.
Selva
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
et/community-resources/management-interface/
>
> the command is
>kill
> or
>kill :
>
I think that will send SIGTERM to the client which you do not want. Instead
use
client-kill CID
from the management interface of the server. Here CID is the client-id of
On Wed, Sep 22, 2021 at 4:35 PM Gert Doering wrote:
> Hi,
>
> On Wed, Sep 22, 2021 at 03:45:26PM -0400, Selva Nair wrote:
> > Is it worth the trouble? Isn't this use case arising from wanting to use
> > the GUI for something that it's not?
>
> Yeah, maybe it's the wro
nd
> > - Wait until we have a connection
>
> @selva: how complicated would it be to create a "hey, gui, please make
> this call *blocking* until all pending VPN client connections are
> established (or have given up)" command?
>
We do use SendMessage() which blocks until
On Wed, Sep 22, 2021 at 9:18 AM Bo Berglund wrote:
> On Tue, 21 Sep 2021 10:37:10 -0400, Selva Nair
> wrote:
>
> >> >> >We have some support for sending commands to the GUI to
> >> >> >connect, disconnect etc.. See
> >> >> >
>
Hi
On Tue, Sep 21, 2021 at 8:42 AM Bo Berglund wrote:
> On Fri, 18 Jun 2021 11:15:00 -0400, Selva Nair
> wrote:
>
> >Hi,
> >
> >On Fri, Jun 18, 2021 at 3:36 AM Bo Berglund
> wrote:
> >
> >> On Sat, 12 Jun 2021 14:01:51 -0400, Selva Nair
> >
Hi Mike,
Having this in a release depends on getting the PR merged upstream.
My patch for updating the API with signature parameters has been merged
into pkcs11-helper, so, in principle, we could now handle this in OpenVPN.
But that takes some effort.
Thanks for testing,
Selva
On Fri, Jul 30
o the new CA. Then update the server cert to the new CA.
> Then deploy a ca.crt with only the new CA cert.
>
This requires two rounds of client updates. But simpler than cross-signing.
Selva
___
Openvpn-users mailing list
Openvpn-users@lists.sou
Then gradually update the cert and ca
on clients to the new one (new CA only not old+new). When all clients are
updated remove the old CA cert and the link cert on the server.
Totally untested.
Selva
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
ng and
then take it apart in your PAM module. In that case remove static challenge
from user config. But this is no longer required, nor recommended -- use
2.4.10+ or 2.5.x on the server.
Selva
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
Hi,
On Fri, Jun 18, 2021 at 3:36 AM Bo Berglund wrote:
> On Sat, 12 Jun 2021 14:01:51 -0400, Selva Nair
> wrote:
>
> >> I wonder if there is some way (on Windows) to start the tunnel
> connection
> >> from
> >> the special comm program and then close it
/openvpn-gui#send-commands-to-a-running-instance-of-openvpn-gui
> >>
> >>Selva
> >
> >Thanks a lot!
> >
> >This is exactly what I need in Windows!
> >I just tried it in a user level command window and it works just fine
> both to
> >c
ch a feature if it is
> possible
> to accoplish.
>
> OpenVPN-GUI is sort of a GUI program so I suspect it does not have any
> useful
> hooks...
>
We have some support for sending commands to the GUI to
connect, disconnect etc.. See
https://github.com/OpenVPN/openvpn-gui#send-comman
you know which client is triggering the HMAC error at the end of
the server log? This may be unrelated, though.
Selva
On Fri, Jun 4, 2021 at 7:26 PM Bo Berglund wrote:
>
>
>
>
>
>
>
> ___
> Openvpn-users m
from, what is pushed to the clients etc. Not
snippets of logs here and there.
In the absence of that I'm out.
Selva
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
is happening.
Once the RPi is connected your Win10 client may be losing route to the
server.
Selva
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
uild? That's where build-related things live
including the nsis and msi scripts.
Selva
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
etup to pass the username,
password and pin in the right format? You have to use
--static-challenge in the client config and either run openvpn client
using a UI that supports static challenge. Running from the command
line should work too.
Server logs at verb=4 should have more info -- the abo
should be in somewhere like
%PROGRAMFILES%\Tap-Windows\bin and run it as admin. I believe
these utilities are installed for 2.4.x and earlier unless you customized
the installation.
If possible use 2.5.x and tapctl.exe
Selva
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
Not everyone wants a single connection to be active at a time. For
example, I right now have three connections to different locations
active -- that won't be possible if we were to second guess and
disconnect active connections.
Selva
___
Openvpn-
Hi,
>
> @selva I can't kill the whole client, as I'm doing a duplicate-cn. Hence I
> had to kill via IP address and port to pinpoint exactly that user.
>
> However I have found a secret feature, which it seems you guys weren't aware
> of. ;-)
>
> client-deny 4 0 "
commands can be sent). You cannot push such
messages mid-way through a connection.
client-kill is the right way to disconnect or restart with optional
advance to next remote.
Selva
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
s
GUI for the client, it will popup a message saying connection was
terminated.
Selva
On Tue, May 11, 2021 at 10:11 AM Houman wrote:
>
> Hello,
>
> I have been struggling to find a way to disconnect a specific user from the
> OpenVPN server.
> I believe there is one way to kill th
, are most welcome.
Thanks,
Selva
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
uth-PAM plugin (after I fought it for a while,
> and won :-) ). It does async nowadays, and if it does what you need,
> it's easier to use than setting up "things talking to management".
>
> I haven't looked into dynamic challenges yet, but it seems I should...
> Selva: am I rea
Hi Mike,
On Wed, Apr 21, 2021 at 4:55 PM mike tancsa wrote:
> On 4/21/2021 12:05 PM, Selva Nair wrote:
> > I think that patch is still not applied upstream. I tested softhsm
> > using your instructions and it works for TlS 1.3 and PSS -- softhsm2
> > gets request to sig
t;login:", "Password:"
and "Verification" in my example. So those latter words are specific to
your set up. Only the beginning of the prompt is matched, so "Verification"
would also match, say, a pam prompt of "Verification PIN:".
It's als
e
common-account@include common-password@include common-session*
where common-auth has
*auth required pam_google_authenticator.so*
among other modules. There are so many ways of setting up PAM
depending on how the user is authenticated (unix user db, ldap, Active
Directory, ...), wha
Hi,
On Wed, Apr 21, 2021 at 6:32 AM Jan Just Keijser wrote:
>
> Hi,
>
> On 20/04/21 20:05, Selva Nair wrote:
> > On Tue, Apr 20, 2021 at 6:47 AM Jan Just Keijser wrote:
> >> [...]
>
> >> This is surprising. SoftHSM would support raw RSA signatures
Hi,
On Tue, Apr 20, 2021 at 6:47 AM Jan Just Keijser wrote:
>
> Hi Selva,
>
..some good info snipped..
>
> I agree that it is better to stop using pkcs11-helper (if possible). I can
> reproduce the problem using "softhsm" (from http://www.opendnssec.org/) as
>
Hi JJK,
On Mon, Apr 19, 2021 at 7:19 AM Jan Just Keijser wrote:
> Hi Selva,
>
>
> On 15/04/21 20:20, Selva Nair wrote:
> > [...]
>
> >>
> >>
> >> Another thing I am not clear on, is where the cert signature type is set
> >> / required. I
Hi,
On Thu, Apr 15, 2021 at 1:46 PM mike tancsa wrote:
>
> On 4/14/2021 8:23 PM, Selva Nair wrote:
> >
> > You can restrict TLS version using th eoption --tls-version-min in
> > OpenVPN config file, but restricting to TLS 1.2 is not enough with
> > OpenSSL 1.1.1. I
pre-padded
data. You may want to ask the token supplier (SafeNet Inc) about it.
Selva
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
by default. For newer releases, there is a work around
like use TLS1.2 and configure OpenSSL to not negotiate PSS padding with the
server[1], but why not use cryptoapi as it works?
Selva
[1] https://community.openvpn.net/openvpn/ticket/1296#comment:12
On Wed, Apr 14, 2021 at 6:03 PM mike tancsa
>
I have always felt that this (with say n=1) should have been on by default
in UDP clients. And ignored byTCP clients instead of flagging a FATAL
error. Wonder why keep this as an optional option.
Selva
___
Openvpn-users mailing list
Openvpn-users@lis
cript-security handling as
well as for controlling scripts run by the GUI. I had tried but found
it to be beyond my foo to come with a decent way to do this.
Selva
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
the link, not sure I follow. Anything run
with user's privileges after the tunnel is established can potentially
use the tunnel.
Selva
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
management interface cannot not be serviced until the script returns.
In 2.5 you can get around this by using the deferred client-connect
feature. See the man page for details. Not supported in 2.4.9.
Selva
___
Openvpn-users mailing list
Openvpn-users@
HI,
On Sat, Mar 20, 2021 at 4:57 PM Gert Doering wrote:
> Hi,
>
> On Sat, Mar 20, 2021 at 12:20:45PM -0400, Selva Nair wrote:
> > We should have probably made this not a FATAL error.
>
> The rules could be twisted a bit ("if uid == 0 then not fatal"), but
>
Hi,
If restricting capabilities, I think you will need to add CAP_SYS_RESOURCE
to the bounding set in the systemd unit file.
We should have probably made this not a FATAL error.
Selva
On Sat, Mar 20, 2021 at 12:00 PM tincanteksup
wrote:
> It should make no difference but I do not use --u
-remote "127.0.0.1 10153" --route "162.245.206.244
> 255.255.255.255 net_gateway" --config=/etc/stunnel/vpn/openvpn.conf
>
Wrong use of quotes.
The correct usage would be
sudo openvpn --remote 127.0.0.1 10153 --route 162.245.206.244
255.255.255.255 net_gat
sense
is not working. I do not recall whether we made --dhcp-renew on by default.
Selva
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
t /b
(ii) move the script to a function and call it, redirecting o/p
@echo off
call :do_work >up_script.log 2>&1
exit /b
:do_work
@echo on
@rem the original script follows..
@rem end of script
@echo off
exit /b
Selva
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
Hi,
Happy to see more documentation. Looks good.
Would suggest to replace the tail end
"which is internally handled by making the timeout zero.
Selva"
by
"if saved username and password are available."
as the timeout = zero thingy is a matter of implementation which co
ow if there is one or if it can be configured.
>
The 6 seconds value is not configurable. If silent-connection is enabled
the dialog is not shown which is internally handled by making the timeout
zero.
Selva
___
Openvpn-users mailing list
Openvpn
ile distributed with openvpn-plugin-auth-pam.so. But I see nothing wrong
in the logs except that PAM returns authentication failure.
Check that the pam module "login" expects nothing more than username and
password and look for any errors PAM may be l
Hi
On Tue, Sep 22, 2020 at 6:51 AM Helmut Schneider wrote:
> Am 21.09.2020 um 23:16 schrieb Selva Nair:
>
> > On Mon, Sep 21, 2020 at 9:11 AM Helmut Schneider > <mailto:jumpe...@gmx.de>> wrote:
> >
> > Hi,
> >
> > I'm running OpenVP
reen) allthough the service is running.
>
After starting the GUI, you have to right-click on the tray icon and select
connect or (config-name->connect if you have multiple configs).
Selva
___
Openvpn-users mailing list
Openvpn-users@lists.
ng-openvpn-connect-ios/
Selva
On Wed, Aug 5, 2020 at 5:55 PM Aarti Anand wrote:
>
> Dajka, thank you for responding! I actually have been using an IPv6 over an
> IPv4 tunnel. Do I need to setup an IPv6 tunnel? or IPv6 addresses over an
> IPv4 tunnel should work?
>
> thanks,
>
&
name.
Both of these are described in OpenVPN howto. See
https://community.openvpn.net/openvpn/wiki/HOWTO#IncludingmultiplemachinesontheserversidewhenusingaroutedVPNdevtun
and
https://community.openvpn.net/openvpn/wiki/HOWTO#PushingDHCPoptionstoclients
Selva
On Sun, Jul 19, 2020 at 1:07 PM Fermin Francisco via Ope
Hi
On Thu, Jul 2, 2020 at 1:08 PM Marco De Vitis wrote:
> Il 01/07/20 21:18, Selva Nair ha scritto:
>
> fwiw, try removing the pushed block-outside-dns by adding this to the
> client config:
>
> pull-filter ignore block-outside-dns
>
>
> Hi,
> I tried this and inde
On Wed, Jul 1, 2020 at 3:18 PM Selva Nair wrote:
>
> Hi,
>
> On Wed, Jul 1, 2020 at 3:09 PM Marco De Vitis wrote:
..
> > But why should this make NLA fail? DNS resolution using the VPN DNS
> > server appears to work fine for every address, including the one
:
pull-filter ignore block-outside-dns
and check the logs to ensure it's ignored. This shouldn't be required,
and is not ideal, but worth a test.
Selva
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
c over the VPN.
In this case not all traffic is being sent via the VPN and there is no
redirect-gateway def1 in use. Almost all traffic continues to go via
the LAN and the default gateway is maintained on that interface. So
all those links about broken ncsi don't apply. I suspect DNS thro
127.0.0.1331
> 255.255.255.255 255.255.255.255 On-link 192.168.1.27291
> 255.255.255.255 255.255.255.255 On-link 192.168.112.1 5256
> 255.255.255.255 255.255.255.255 On-link172.28.254.241259
> ===
Only two public IPs are redirected via VPN and neither should impact
NLA or any of the services like spotify you mentioned.
Selva
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
onfiguration.
>
client-kill CID RESTART
from management interface will do that. RESTART is the default, another
option being HALT. Where CID is the actual cid of the client. I am not sure
whether this can be used to force move the client to the next
to
test other priorities as well. That may give a clue.
Selva
On Tue, May 26, 2020 at 8:33 PM Morris, Russell wrote:
> You may be on to something ... . I'm not running journald though (I
> don't think ... just checked via ps, not seeing it a least).
>
> I did try something, b
er
message -- do you have journald running?
Selva
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
? See
https://community.openvpn.net/openvpn/ticket/1272
if so, this was recently fixed in 2.4 and master -- should be in the
2.4.9 release.
Selva
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
o use port sharing, I prefer sslh
as its meant to do just that (port multiplexing) and can also support
multiple services. But haven't done any customized logging from it as
that's your main concern.
Best,
Selva
On Sun, May 24, 2020 at 9:18 PM Morris, Russell wrote:
>
> Hi Selva!
>
>
pressed short of using verb 0. Not sure why
its printed even at low verb levels. Another option may be to use
something like sslh to do the port redirection -- supposedly faster
than OpenVPN's --port-share and supports ssh as well.
https://github
t reneg-sec 0 on client so that
the value on server gets used. Effective reneg-sec is determined by the
lowest value in server and client with zero meaning "infinity" allowing the
server to control the actual value.
Selva
___
Openvpn
Hi,
On Thu, Apr 30, 2020 at 2:41 PM Dajka Tamás wrote:
> Hi Selva,
>
>
>
> thank you for your reply. Please help me, how can I set a token from
> management-client? Should I generate a token, store it and use
> ’client-auth’ + ’auth-toke $token’ + ’END’ simply? (and ve
triggered (this 1 hour is unrelated to reneg-sec),
that would explain why the connection dies at that point. This is just a
guess, not sure how to confirm this or why this happens.
I would first test the setup without auth-gen-token and use REAUTH to
identify when to re-authenticate the user.
Selva
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
On Fri, Apr 24, 2020 at 7:10 AM David Sommerseth <
open...@sf.lists.topphemmelig.net> wrote:
> On 21/04/2020 20:34, Selva Nair wrote:
> > Hi,
> >
> > On Tue, Apr 21, 2020 at 12:44 PM Vertigo Altair <
> vertigo.alt...@gmail.com
> > <mailto:vertigo.alt...
ig file you will need
plugin "ovpn login: USERNAME
password: PASSWORD pin: OTP"
That instructs the plugin to answer the prompts "login:" , "password:" and
"pin:" by the username, password and static challenge response provided by
the
ng with bytes separated by ":". And, there is no
guarantee that these will not change in future.
I'm not saying decimal string is better. The representation is
unambiguous as a set of digits with no spaces and no leading zeros.
But it may not be easy for an end user to get the decimal value.
If we cons
ssl x509 -noout -serial -in test.crt | \
> sed 's/.*=//g;s/../&:/g;s/:$//'
> 0B
>
> AFAIU the manpage I only have to touch the file:
>
> # touch /etc/openvpn/crl/0B
IIRC, you have to use the decimal representation of the serial.
Selva
_
hanged
only via the UI.
Also, (i) is easier to do.
Selva
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
tility
may in windows 10 probably help.
The two versions using identical inf file is what makes it hard to fix it
by just
reinstalling the correct Windows 10 release.
Selva
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
ove-tapwindows.ps1 script is very handy, it
works only if all adapters are first removed using deltapall.bat or
something
equivalent. Adding that functionality to the script would be very useful.
Regards,
Selva
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
, and your management client script, I can try
again. If the plugin used for the working setup is a custom one, I will
need that too.
Selva
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn
ipher AES-256-GCM,auth-token' (status=1)
>
Also you were not pushing ifconfig as per the log snippet last time, and
that's why I had asked you how you are setting the client IP.
I'm at a loss.
Selva
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
Hi,
On Wed, Apr 1, 2020 at 4:39 PM Dajka Tamás wrote:
> Hi Selva,
>
>
>
> you were right, I did forget the closing ’END’. Somehow I failed to notice
> it in your script.
>
>
I do not think you carefully read what I wrote :) I use "client-auth-nt" in
my s
ot;
If you have no client-connect confg parameters to send, use
"client-auth-nt" as in my demo script that you referred to. if sending
"client-auth" with no directives, you still have to send the line "END".
Selva
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
1 - 100 of 289 matches
Mail list logo