Hi:
> What is the exact openvpn and dc oversion that you compiled in your last
> test?
After checking, I found dco modules compiled under openwrt seems
lacking something, like "version"
root@OpenWrt:~# ls -la /sys/module/ovpn_dco_v2/
drwxr-xr-x3 root root 0 Mar 23 06:10 .
Hi,
On 18/04/2024 07:47, d tbsky wrote:
Hi:
I want to try openvn dco at openwrt. the official openwrt
distribution stay at openvpn 2.5. so I tried compiled 2.6 and found it
can not find kernel dco module. I thought maybe the distributed dco
module is too old so I compiled lasted
Antonio Quartulli
> What is the exact openvpn and dc oversion that you compiled in your last
> test?
>
Hi:
openvpn: 2.6.10
dco: 0.2.20240320
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
Hi:
I want to try openvn dco at openwrt. the official openwrt
distribution stay at openvpn 2.5. so I tried compiled 2.6 and found it
can not find kernel dco module. I thought maybe the distributed dco
module is too old so I compiled lasted kmod_ovpn_dco_v2 module but
"openvpn --version" still
The OpenVPN community project team is proud to release OpenVPN 2.6.10.
This is a bugfix release containing several security fixes for Windows and
Windows TAP driver and documentation updates.
Security fixes:
* CVE-2024-27459: Windows: fix a possible stack overflow in the interactive
service
Hi,
On Thu, Feb 15, 2024 at 08:58:28PM +, shadowbladeee via Openvpn-users wrote:
> Before I spending more time on this can OpenVPN 2.6.3 bridged network
> transport all these? I would like to bridge those old VMs just like they
> would be on a local LAN.
"I don't know", and I'm afraid
Hello,
First: I don't have any problem with OpenVPN and MTU, this is out of curiosity.
This is a simplified network map:
185.250.56.2 OpenVPN --- A.B.C.D (PPPoE) OpenVPN -- 193.72.186.160
(BGP router for 193.72.186.0/24)
Look: (reliant is somewhere else on the internet, X.Y.88.46)
Hello List,
I working on some unconventional setup for RETRO OSes...
The setup is:
-- openvpn -- internet -- openvpn -- retro
network
The servers range from old versions of Novell Netware like 2.x 3.x 4.x,
Solaris, Windows NT and alikes running old protocols like ipx/spx and some even
use
The OpenVPN community project team is proud to release OpenVPN 2.6.9.
This is a bugfix release containing one security fix for the Windows installer.
Security fixes:
* Windows Installer: fix CVE-2023-7235 where installing to a non-default
directory
could lead to a local privilege
Hi,
On Thu, Feb 08, 2024 at 06:36:40PM +, Peter Davis via Openvpn-users wrote:
> Why OpenVPN does not support ChaCha20-Poly1305 encryption?
What makes you think it doesn't?
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a
On 08.02.24 20:07, Peter Davis wrote:
Why OpenVPN articles uses AES-256-GCM? Is it better?
It is very probably "better" in the sense of remaining compatible with
various OpenVPN and OpenSSL versions; Ctrl-F the online OpenVPN
reference manuals for more info.
"Better" as in more resistant
>On Thursday, February 8th, 2024 at 10:21 PM, Jochen Bern
> wrote:
> On 08.02.24 19:36, Peter Davis via Openvpn-users wrote:
>
> > Why OpenVPN does not support ChaCha20-Poly1305 encryption?
>
>
> You sure?
>
> > $ openvpn --show-ciphers | grep -i cha
> > CHACHA20-POLY1305 (256 bit key,
On 08.02.24 19:36, Peter Davis via Openvpn-users wrote:
Why OpenVPN does not support ChaCha20-Poly1305 encryption?
You sure?
$ openvpn --show-ciphers | grep -i cha
CHACHA20-POLY1305 (256 bit key, stream cipher, TLS client/server mode only)
(FWIW, OpenVPN 2.6.8 and, *more* relevant to the
Hi,
According to Wikipedia:
The main external difference with ChaCha20 is its 64 byte (512 bit) block size,
in comparison to 16 bytes (128 bit) with both AES-128 and AES-256. The larger
block size enables higher performance on modern CPUs and allows for larger
streams before the 32 bit counter
On 27.01.24 19:27, Peter Davis wrote:
On Thursday, January 25th, 2024 at 1:25 AM, Jochen Bern
wrote:
Also, don't forget to configure the VPN server with --port-share, in
case one of the nation-level censors you're trying to fool gets the idea
of looking at your "interesting website" himself
>On Thursday, January 25th, 2024 at 1:25 AM, Jochen Bern
> wrote:
> On 24.01.24 13:31, Hans via Openvpn-users wrote:
>
> > From: "Gert Doering" mailto:g...@greenie.muc.de>
> > Date: Wednesday, 24 January 2024 at 13:03:30
> >
> > > On Wed, Jan 24, 2024 at 11:49:43AM +, Peter Davis via
>On Wednesday, January 24th, 2024 at 3:38 PM, Marc SCHAEFER
> wrote:
> Hello,
>
> On Wed, Jan 24, 2024 at 11:49:43AM +, Peter Davis wrote:
>
> > I am testing this scenario in a virtual environment before moving it to the
> > real world.
>
>
> So, use subnets within private address
Hello,
I want to use OpenVPN with V2Ray. I took a look at the OpenVPN configuration
with Shadowsocks and saw that in the Client.conf file there were two lines as
follows:
socks-proxy 127.0.0.1 1080
route SHADOWSOCKS_SERVER_IP 255.255.255.255 net_gateway
I have two questions:
1- Are these two
On 24.01.24 13:31, Hans via Openvpn-users wrote:
From: "Gert Doering" mailto:g...@greenie.muc.de>>
Date: Wednesday, 24 January 2024 at 13:03:30
On Wed, Jan 24, 2024 at 11:49:43AM +, Peter Davis via Openvpn-users wrote:
How can I make OpenVPN look like an HTTPS connection?
You can't.
How about using stunnel instead?
From: "Gert Doering" mailto:g...@greenie.muc.de>>
Date: Wednesday, 24 January 2024 at 13:03:30
To: "Peter Davis" mailto:peter.davis1...@proton.me>>
Cc: "openvpn-users@lists.sourceforge.net"
mailto:openvpn-users@lists.sou
Hello,
On Wed, Jan 24, 2024 at 11:49:43AM +, Peter Davis wrote:
> I am testing this scenario in a virtual environment before moving it to the
> real world.
So, use subnets within private address ranges (10.0.0.0/8, 172.16.0.0/12,
192.168.0.0/16), or possibly
some other reserved addresses
Hi,
On Wed, Jan 24, 2024 at 11:49:43AM +, Peter Davis via Openvpn-users wrote:
> How can I make OpenVPN look like an HTTPS connection?
You can't. OpenVPN is not https, so even if you use tcp/443, on a close
enough look it will be clear "this is not HTTPS".
gert
--
"If was one thing all
>On Wednesday, January 24th, 2024 at 11:18 AM, Marc SCHAEFER
> wrote:
> Hello,
>
> On Wed, Jan 24, 2024 at 06:14:22AM +, Peter Davis via Openvpn-users wrote:
>
> > 1- I don't understand what you mean about "server 20.20.0.0 255.255.255.0".
> > What is the difference between IP range 10.X
On 24.01.24 08:48, Marc SCHAEFER wrote:
and obviously you won't be able to contact any of those Microsoft IPs anymore,
Considering all the times Peter mentioned that "evade [nation-level]
censors" is among his objectives, blackholing the clients' connections
to Microsoft (auto)update servers
Hello,
On Wed, Jan 24, 2024 at 06:14:22AM +, Peter Davis via Openvpn-users wrote:
> 1- I don't understand what you mean about "server 20.20.0.0 255.255.255.0".
> What is the difference between IP range 10.X and 20.X?
10.0.0.0/8 is a private range, that you can use as you please for private
>On Tuesday, January 23rd, 2024 at 4:37 PM, Jakob Curdes
>wrote:
> Am 23.01.2024 um 13:32 schrieb Peter Davis via Openvpn-users:
>
> > Hello,
> > I want to use OpenVPN and HTTPS. I found the following article:
>
> (...)
>
> > > > > > server 20.20.0.0 255.255.255.0
>
> First of all, from
Am 23.01.2024 um 13:32 schrieb Peter Davis via Openvpn-users:
Hello,
I want to use OpenVPN and HTTPS. I found the following article:
(...)
server 20.20.0.0 255.255.255.0
First of all, from where did you take that IP network? This is not a
private network range as far as I
Hello,
I want to use OpenVPN and HTTPS. I found the following article:
https://snikt.net/blog/2016/12/01/how-not-to-hide-openvpn-behind-https/ssl/
My server has two NICs:
enp0s3 (NAT)
enp0s8 (Local)
My OpenVPN server.conf is as below:
port 443
proto tcp
dev tun1
local 0.0.0.0
port-share
Hello,
I have tunneled OpenVPN on Tor and I connect to OpenVPN server with OpenVPN
Connect app on Android and PC. On Android I can't open some apps like Google
Play and X, but when I use Orbot on Android these apps open.
What changes does OpenVPN make?
Thank
Resending to the mailing list for completeness (please always keep the
mailing list in the CC field)
Regards,
On 03/01/2024 12:53, Peter Davis wrote:
Hello,
I changed the IP address in the client configuration file, but I can't
connect to the server. I got the following error:
Wed Jan 3
Sorry,
posted to the wrong list.
Forwarded to the correct one now.
On 03/01/2024 09:41, Antonio Quartulli wrote:
Hi,
On 03/01/2024 09:14, Peter Davis wrote:
Hello,
I changed the IP address in the client configuration file, but I can't
connect to the server. I got the following error:
Wed
On 02.01.24 15:31, Peter Davis via Openvpn-users wrote:
My server has a NIC with a local IP address. Clients can connect to
it on the internal network. I want clients from outside to be able
to connect to it, but I can't set a public IP on the server's network
card. On the firewall (Fortinet)
Hi,
On 02/01/2024 15:31, Peter Davis via Openvpn-users wrote:
I want to know, if I replace the IP address 1.2.3.4 instead of
192.168.1.1 in the client configuration file, then the clients should be
able to connect to the server from outside the network?
Most likely yes.
This is what most
Hello,
My server has a NIC with a local IP address. Clients can connect to it on the
internal network. I want clients from outside to be able to connect to it, but
I can't set a public IP on the server's network card. On the firewall
(Fortinet) that is directly connected to the Internet, a
Just for community knowledge.
Through much trial and error it was concluded from some reason that the
LimitNPROC was the culprit even though the plug-in only spawned 3
additional instances of OVPN. Didn't have time to really figure out why.
PrivateTmp, ProtectHome, ProtectSystem are all fine
Hi,
On Wed, Dec 13, 2023 at 06:23:48AM +, Jason Long via Openvpn-users wrote:
> 2023-12-13 09:50:25 tls-crypt unwrap error: packet too short
> 2023-12-13 09:50:25 TLS Error: tls-crypt unwrapping failed from
> [AF_INET]172.21.50.67:39757
You answered the question yourself. If you put into
> Hi,
> On Tue, Dec 12, 2023 at 05:59:40AM +, Jason Long via Openvpn-users wrote:
> https://paste.mozilla.org/CwWTPPW0
> I'd guess it's the "key-direction" line getting in the way. Remove this
> from both client and server config.
> Also, you are mixing tls-auth and tls-crypt in your
> You need to check the server log to understand what's going on.
> Cheers,
On December 12, 2023 6:59:40 AM GMT+01:00, Jason Long
wrote:
> > On 11/12/2023 11:18, Jason Long via Openvpn-users wrote:
>> Hello,
>> If I want to use the "tls-crypt" option, then the "ta.key" must be a
>> separate
Hi,
On Tue, Dec 12, 2023 at 05:59:40AM +, Jason Long via Openvpn-users wrote:
> https://paste.mozilla.org/CwWTPPW0
I'd guess it's the "key-direction" line getting in the way. Remove this
from both client and server config.
Also, you are mixing tls-auth and tls-crypt in your questions - so,
You need to check the server log to understand what's going on.
Cheers,
On December 12, 2023 6:59:40 AM GMT+01:00, Jason Long
wrote:
>> On 11/12/2023 11:18, Jason Long via Openvpn-users wrote:
>> Hello,
>> If I want to use the "tls-crypt" option, then the "ta.key" must be a
>> separate file
> On 11/12/2023 11:18, Jason Long via Openvpn-users wrote:
> Hello,
> If I want to use the "tls-crypt" option, then the "ta.key" must be a separate
> file and it cannot be merged with the rest of the keys in one file. To be
> honest, it is difficult to use for both computer and mobile users
On 11/12/2023 11:18, Jason Long via Openvpn-users wrote:
Hello,
If I want to use the "tls-crypt" option, then the "ta.key" must be a separate
file and it cannot be merged with the rest of the keys in one file. To be honest, it is difficult
to use for both computer and mobile users because it
Hello,
If I want to use the "tls-crypt" option, then the "ta.key" must be a separate
file and it cannot be merged with the rest of the keys in one file. To be
honest, it is difficult to use for both computer and mobile users because it is
two files.
Is there a solution?
Thank you.
On 29/11/2023 19:50, Colin Ryan wrote:
Folks,
Trying to move my openvpn configuration to fully systemd modified.
I've compiled openvpn with systemd support and fundamentally it works
with the most recent systemd recipe's in the style of openvpn@.service
Systemd until has this:
[Service]
Folks,
Trying to move my openvpn configuration to fully systemd modified.
I've compiled openvpn with systemd support and fundamentally it works
with the most recent systemd recipe's in the style of openvpn@.service
Systemd until has this:
[Service]
Type=notify
PrivateTmp=true
On Wed, 22 Nov 2023 15:03:45 +0100, Marc SCHAEFER wrote:
>In the past, you would just verify /etc/default/openvpn
>had the AUTOSTART="all" entry and that the config files
>would be directly over /etc/openvpn
>
>Obviously, if you want to go that latter way, read the
>text about systemd in that
On Wed, Nov 22, 2023 at 03:03:45PM +0100, Marc SCHAEFER wrote:
> that particular config, for example, if your file is /etc/openvpn/toto.conf
I meant /etc/openvpn/client/toto.conf
> systemctl status openvpn-client@toto.service
___
Openvpn-users
Hello,
On Wed, Nov 22, 2023 at 02:44:57PM +0100, Bo Berglund wrote:
> Is it enough to put the OVPN file (renamed to extension conf) into the
> /etc/openvpn/client dir?
I think it is not enough with recent Debian releases using systemd.
AFAIK raspi is somewhat Debian.
Here you need to test the
A quick question:
I want to make a RaspberryPi device connect to the home OVPN server when it
starts up and also to maintain the connection if there are interruptions such as
temporary network access down. When the network is back up it should reconnect.
Is it enough to put the OVPN file
>-BEGIN PGP SIGNED MESSAGE-
>Hash: SHA256
>Hi,
>On Tuesday, 7 November 2023 at 05:27, Jason Long wrote:
>
>
> Hello,
> I added the following line to the server.conf file:
>
> push "route 172.20.0.0 255.255.255.0"
>
> Then, I restarted the OpenVPN service:
>
> # systemctl restart
The OpenVPN community project team is proud to release OpenVPN 2.6.8.
This is a small bugfix release fixing a few regressions in 2.6.7 release.
User visible changes:
* Windows: print warning if pushed options require DHCP (e.g. DOMAIN-SEARCH)
and driver in use does not use DHCP (wintun, dco).
The OpenVPN community project team is proud to release OpenVPN 2.6.7.
This is a bugfix release containing security fixes.
Security Fixes:
* CVE-2023-46850 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly use a
send buffer after
it has been free()d in some circumstances, causing some
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
On Tuesday, 7 November 2023 at 05:27, Jason Long wrote:
>
> Hello,
> I added the following line to the server.conf file:
>
> push "route 172.20.0.0 255.255.255.0"
>
> Then, I restarted the OpenVPN service:
>
> # systemctl restart
>-BEGIN PGP SIGNED MESSAGE-
>Hash: SHA256
>Hi,
>--- Original Message ---
>On Monday, November 6th, 2023 at 12:26, Jason Long wrote:
>
>
> Hello,
> Thank you so much for your reply.
> Some lines of my server.conf file are:
>
> push "redirect-gateway def1 bypass-dhcp"
> push
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
--- Original Message ---
On Monday, November 6th, 2023 at 12:26, Jason Long wrote:
>
> Hello,
> Thank you so much for your reply.
> Some lines of my server.conf file are:
>
> push "redirect-gateway def1 bypass-dhcp"
> push
>On Saturday, November 4, 2023 at 05:31:40 PM GMT+3:30, tincantech
> wrote:
>-BEGIN PGP SIGNED MESSAGE-
>Hash: SHA256
>Hi,
>Your DNS server is non-local and you are most likely
>redirecting your gateway to the VPN.
>So, DNS packets for your DNS server are set into the
>tunnel and are
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
Your DNS server is non-local and you are most likely
redirecting your gateway to the VPN.
So, DNS packets for your DNS server are set into the
tunnel and are finally dropped by the server gateway.
Openvpn has option : '--redirect-gateway
Hello,
I was able to combine OpenVPN with Tor using
"https://gist.github.com/kremalicious/4c333c8c54fced00ab10c0a892a2304d;
tutorial.
When I connect to the OpenVPN network without a Tor, I can ping the computers
on the internal network by name, but with that configuration, I can't ping the
OpenVPN 3 Linux v21 (stable)
This announcement comes a bit delayed as we have spent time ensuring
brand new software package repositories for both .deb and .rpm
packages are working properly.
We have now introduced a set of repositories suitable for production
environments. These new
Hi,
On Fri, Oct 20, 2023 at 06:39:54PM -0400, Bo Berglund wrote:
> I am worried that if the destination happens to be the gateway to the
> internet,
> like it would when browsing via the tunnel, will it be allowed???
iptables looks at the actual destination IP in the packet.
So if your gateway
On Fri, 20 Oct 2023 18:39:54 -0400, Bo Berglund wrote:
>On Fri, 20 Oct 2023 22:12:18 +0200, Antonio Quartulli wrote:
>
>>Hi,
>>
>>On 20/10/2023 21:35, Bo Berglund wrote:
>>> What have I missed?
>>
>>Breaking your setup in mysterious ways is not going to help :-)
>>
>>As Gert pointed out, what
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
--- Original Message ---
On Friday, October 20th, 2023 at 23:39, Bo Berglund
wrote:
> On Fri, 20 Oct 2023 22:12:18 +0200, Antonio Quartulli a...@unstable.cc wrote:
>
> > Hi,
> >
> > On 20/10/2023 21:35, Bo Berglund wrote:
> >
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
--- Original Message ---
On Friday, October 20th, 2023 at 21:17, Bo Berglund
wrote:
> On Fri, 20 Oct 2023 15:35:30 -0400, Bo Berglund bo.bergl...@gmail.com wrote:
>
> > On Thu, 19 Oct 2023 18:11:48 -0400, Bo Berglund
On Fri, 20 Oct 2023 22:12:18 +0200, Antonio Quartulli wrote:
>Hi,
>
>On 20/10/2023 21:35, Bo Berglund wrote:
>> What have I missed?
>
>Breaking your setup in mysterious ways is not going to help :-)
>
>As Gert pointed out, what you want to achieve requires configuring the
>firewall to prevent
On Fri, 20 Oct 2023 15:35:30 -0400, Bo Berglund wrote:
>On Thu, 19 Oct 2023 18:11:48 -0400, Bo Berglund wrote:
>
>>I.e. is it enough to remove the route into the local LAN for this to be
>>blocked
>>and only allowing web access forwarding?
>
>So today I tried this:
>
>
>topology subnet
>server
Hi,
On 20/10/2023 21:35, Bo Berglund wrote:
What have I missed?
Breaking your setup in mysterious ways is not going to help :-)
As Gert pointed out, what you want to achieve requires configuring the
firewall to prevent access to the LAN subnet.
Cheers,
--
Antonio Quartulli
On Thu, 19 Oct 2023 18:11:48 -0400, Bo Berglund wrote:
>I.e. is it enough to remove the route into the local LAN for this to be blocked
>and only allowing web access forwarding?
So today I tried this:
topology subnet
server 10.13.149.0 255.255.255.0 'nopool'
multihome #Operate on both eth0
On 20.10.23 05:31, Bo Berglund wrote:
Does this mean that when the client tries to access the server side gateway
device (router) he will not be blocked but all other addresses will?
The gateway is on the LAN and it gets traffic from the tunnel, but does it mean
that its address is also open
Hi,
On Thu, Oct 19, 2023 at 06:11:48PM -0400, Bo Berglund wrote:
> What is the simplest way to accomplish this?
You need to involve local firewalling to do this.
> What do I need to do to get the web only config?
>
> push "redirect-gateway def1 bypass-dhcp" #This makes the client access
>
On Fri, 20 Oct 2023 01:22:17 +, tincantech via Openvpn-users
wrote:
>-BEGIN PGP SIGNED MESSAGE-
>Hash: SHA256
>
>Hi,
>
>--- Original Message ---
>On Friday, October 20th, 2023 at 00:31, Bo Berglund
>wrote:
>
>
>
>> I have done that previously using ccd commands to assign a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
--- Original Message ---
On Friday, October 20th, 2023 at 00:31, Bo Berglund
wrote:
> I have done that previously using ccd commands to assign a user a specific IP
> address and then block that address in IPTABLEWS from reaching
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
--- Original Message ---
On Friday, October 20th, 2023 at 00:31, Bo Berglund
wrote:
> On Thu, 19 Oct 2023 22:52:12 +, tincantech via Openvpn-users
> openvpn-users@lists.sourceforge.net wrote:
>
> > I think I hav
On Thu, 19 Oct 2023 22:52:12 +, tincantech via Openvpn-users
wrote:
>I think I have misunderstood above.
>
>You want to take away client access to the server LAN.
Yes, I want these clients to only use the VPN server as a way to reach the
Internet from anothere lo0cation than their own. But
On Thu, 19 Oct 2023 22:39:29 +, tincantech via Openvpn-users
wrote:
>-BEGIN PGP SIGNED MESSAGE-
>Hash: SHA256
>
>Hi,
>
>--- Original Message ---
>On Thursday, October 19th, 2023 at 23:11, Bo Berglund
>wrote:
>
>
>
>> Now I would like to add one more type, web-only:
>> 4 -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
--- Original Message ---
On Thursday, October 19th, 2023 at 23:39, tincantech via Openvpn-users
wrote:
> Hi,
>
> --- Original Message ---
> On Thursday, October 19th, 2023 at 23:11, Bo Berglund bo.bergl...@gmail.com
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
--- Original Message ---
On Thursday, October 19th, 2023 at 23:11, Bo Berglund
wrote:
> Now I would like to add one more type, web-only:
> 4 - Clent can only access the web through the server side gateway but not the
> local LAN
>
So I have previouisly configured a lot of servers which do one of 3 things:
1 - Client access to the Internet AND to the server side LAN
2 - Cliuent access to the server side LAN only, no forwarding to the web
3 - Client only has access to other client on the same VPN server
Now I would like to
I am working on the replacement OpenVPN server for my daughter's old server.
I have it running according to the logs so I hope I am done now.
(Thanks for the feedback to my earlier queries!)
I am currently at home and will start the journey to her tomorrow so I would
like to test it here, but I
Hello,
I installed the openvpn-auth-ldap package and I want to use the Active
Directory for authentication.
I Opened Active Directory Users And Computers. Clicked the View menu and
selected Advanced Features. After it, I right-clicked on my username and
selected the Properties, then clicked
The OpenVPN community project team is proud to release OpenVPN 2.6.6.
This is a small bugfix release.
User visible changes:
* OCC exit messages are now logged more visibly. See GH #391.
* OpenSSL error messages are now logged with more details
(for example, when loading a provider fails,
On 2023-08-14 11:38, David Sommerseth wrote:
Yes, this must go into the .ovpn file. And it might very much be that
> the NetworkManager-openvpn does not grok the compat-mode option - so
> you can't run it via NetworkManager.
Thanks! Fortunately, TIL, that $company will upgrade the firewall
On 13/08/2023 10:58, Martin wrote:
On 2023-08-13 08:52, Gert Doering wrote:
Run the client with --verb 3 or 4, have a close look at the logfile.
If there is nothing obvious to you, show us the log.
/var/log/openvpn/ is empty.
Probably I need to use journalctl ?
If the server runs 2.3.10
rceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
Hi,
On Sun, Aug 13, 2023 at 09:44:08AM +, Jason Long wrote:
> >(The long answer is "there are patches that can do this for a limited
> >time, and then the police catches on, and it will stop working")
>
> Thank you so much for your reply.
> Patches?
Use google. Since these are not official
On Sun, 13 Aug 2023 09:44:08 + (UTC), Jason Long via Openvpn-users
wrote:
>Patches?
>The OpenVPV is open source, what about changing the source code and its
>fingerprint?
Yes, you are free to do so if you desire (and are proficient in the coding of
OpenVPN)
I woul not do it myself,
Hi,
On Sun, Aug 13, 2023 at 05:23:07AM +, Jason Long wrote:
> Is there a way that OpenVPN can hide itself from censorship devices?
> Something like a statement or something like that.
>This has not much to do with the thread topic or the Subject: - and
>the short answer is "no".
>(The long
On 2023-08-13 08:52, Gert Doering wrote:
> Run the client with --verb 3 or 4, have a close look at the logfile.
>
> If there is nothing obvious to you, show us the log.
/var/log/openvpn/ is empty.
Probably I need to use journalctl ?
> If the server runs 2.3.10 (which is, like, "ancient") then my
On 2023-08-13 04:12, Boris wrote:
> There might be some helpful information in the logfile(s)?
/var/log/openvpn/ is empty.
I assume, I need to use journalctl ?
Note, that I used to start the OpenVPN connection via NetworkManager UI,
and only now for the first time, I try to learn how to use
Hi,
On Sun, Aug 13, 2023 at 05:23:07AM +, Jason Long wrote:
> Is there a way that OpenVPN can hide itself from censorship devices?
> Something like a statement or something like that.
This has not much to do with the thread topic or the Subject: - and
the short answer is "no".
(The long
Hi,
On Sun, Aug 13, 2023 at 12:33:13AM +, Martin wrote:
> after upgrading my PC from Debian 11 with openvpn 2.5.6-1 to Debian 12
> with openvpn 2.6.3-1+deb12u1, I can't connect to my company anymore.
> Downgrading the openvpn package helps immediately, but that can't be
> a long term
Hi,
On Fri, Aug 11, 2023 at 09:11:22PM +, Jason Long via Openvpn-users wrote:
> Hello,Is it true that WireGuard is safer and faster than OpenVPN?
Safer: no. Marketing claims.
Faster: depends. With DCO, OpenVPN can be faster, because AES-GCM is
hardware accelerated on many Intel/AMD CPUs
13.08.2023 03:03:04 Martin :
> Dears,
>
> after upgrading my PC from Debian 11 with openvpn 2.5.6-1 to Debian 12
> with openvpn 2.6.3-1+deb12u1, I can't connect to my company anymore.
> Downgrading the openvpn package helps immediately, but that can't be
> a long term solution, right? The
Dears,
after upgrading my PC from Debian 11 with openvpn 2.5.6-1 to Debian 12
with openvpn 2.6.3-1+deb12u1, I can't connect to my company anymore.
Downgrading the openvpn package helps immediately, but that can't be
a long term solution, right? The company runs OpenVPN 2.3.10.
Any idea how to
Hi,
On Fri, Aug 11, 2023 at 09:11:22PM +, Jason Long via Openvpn-users wrote:
> Hello,Is it true that WireGuard is safer and faster than OpenVPN?
Safer: no. Marketing claims.
Faster: depends. With DCO, OpenVPN can be faster, because AES-GCM is
hardware accelerated on many Intel/AMD CPUs
Hello,Is it true that WireGuard is safer and faster than OpenVPN?
Thank you.___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
Hello,
Thanks again.
Yes, I'm testing on a virtual machine and haven't moved it to a real server
yet, But the public IP address has nothing to do with the server configuration
file. The IP address is important for the client file that wants to connect to
my server. In the client file, I must
On 26.07.23 07:44, Jason Long wrote:
I just created a virtual NIC and all the iptables rules that I did
for a real NIC, I did for this virtual NIC too. Consider an OpenVPN
server that has one NIC with three public IPs and you want to run
an OpenVPN server.conf file for each IPs. You must set
Hello,
I just created a virtual NIC and all the iptables rules that I did for a real
NIC, I did for this virtual NIC too. Consider an OpenVPN server that has one
NIC with three public IPs and you want to run an OpenVPN server.conf file for
each IPs. You must set these three public IPs on your
On 25.07.23 12:22, Jason Long wrote:
You said "The rules seem to assume that Internet traffic *will* go out
$IF_MAIN and not enp0s3.", Why enp0s3? I created a virtual NIC (enp0s3:0)
and I want my traffic go through it. Am I wrong?
I have no reason to doubt that you WANT to have it work like
Hello,
Thank you so much for your reply.
You said "The rules seem to assume that Internet traffic *will* go out $IF_MAIN
and not enp0s3.", Why enp0s3? I created a virtual NIC (enp0s3:0) and I want my
traffic go through it. Am I wrong?
And:
# cat /proc/sys/net/ipv4/conf/all/forwarding
1
#
#
1 - 100 of 1039 matches
Mail list logo