[Openvpn-users] Inserting hmac/tls-auth onto a production OpenVPN Server

Hi all, I'm now hardening our OpenVPN Production Server. I've managed to hardened all required aspects, except the HMAC/TLS-AUTH option. AFAICT, activating the HMAC extra security mechanism, will force me to reconfigure all clients, with the risk of failure and a lot of downtime. The only way

Re: [Openvpn-users] Routing multiple networks

-- ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users -- Melhores Cumprimentos / Best Regards, *Rui Santos* mailto:rsan...@ruisantos.com Systems Administrator https://www.facebook.com

Re: [Openvpn-users] CRL and --CApath usage

On 21-08-2015 13:45, David Sommerseth wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 21/08/15 11:55, Rui Santos wrote: On 20-08-2015 18:40, David Sommerseth wrote: On 20/08/15 19:11, debbie...@gmail.com wrote: - Original Message - From: Rui Santos rsan...@grupopie.com

[Openvpn-users] CRL and --CApath usage

, just to reread the CRL. Am I missing something ? Still using OpenVPN 2.3.2 -- Melhores Cumprimentos / Best Regards, Rui Santos Systems Administrator

Re: [Openvpn-users] CRL and --CApath usage

On 20-08-2015 15:01, debbie...@gmail.com wrote: - Original Message - From: Rui Santos rsan...@grupopie.com To: openvpn-users@lists.sourceforge.net Sent: Thursday, August 20, 2015 12:33 PM Subject: [Openvpn-users] CRL and --CApath usage I'm using --CApath option for CA and CRL

Re: [Openvpn-users] CRL and --CApath usage

On 20-08-2015 18:40, David Sommerseth wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 20/08/15 19:11, debbie...@gmail.com wrote: - Original Message - From: Rui Santos rsan...@grupopie.com To: openvpn-users@lists.sourceforge.net Sent: Thursday, August 20, 2015 3:10 PM

Re: [Openvpn-users] CRL and --CApath usage

On 20-08-2015 22:14, Jan Just Keijser wrote: Hi Rui, Hi Jan, On 20/08/15 21:19, David Sommerseth wrote: On 20/08/15 21:16, debbie...@gmail.com wrote: - Original Message - From: David Sommerseth openvpn.l...@topphemmelig.net To: debbie...@gmail.com; Rui Santos rsan...@grupopie.com

Re: [Openvpn-users] CRL and --CApath usage

ED MESSAGE- Hash: SHA1 On 21/08/15 11:55, Rui Santos wrote: On 20-08-2015 18:40, David Sommerseth wrote: On 20/08/15 19:11, debbie...@gmail.com wrote:

Re: [Openvpn-users] Server not initializing Encrypt/Decrypt keys

Hi Steffan, > > Yes, please create a ticket on https://community.openvpn.net/openvpn/ to > keep track of this. > > Yes, please attach the --verb 7 logs of both client and server (we > usually prefer --verb 4, but in this case --verb 7 might give useful > additional info). > > Please also specify

[Openvpn-users] Server not initializing Encrypt/Decrypt keys

is of any interest, but are some very long logs. I can also fill a bug report, if needed. Thank you for you time. Cheers, -- Rui Santos Veni, Vidi, Linux -- Check out the vibrant tech community on one of the world's mos

Re: [Openvpn-users] OpenVPN ChaCha20-Poly1305 performance

t side. > > > > gert > > > > > > > ___ > Openvpn-users mailing list > Openvpn-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-users -- Rui Santos Veni, Vidi, Linux ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users

[Openvpn-users] Cross-compile OpenVPN against non-default OpenSSL version

please lend a hand on how it can be compiled against the non-default OpenSSL version? Here's where the libraries are actually located: /usr/lib64/.libssl.so.1.1.hmac /usr/lib64/engines-1.1/capi.so /usr/lib64/libcrypto.so.1.1.0j /usr/lib64/libssl.so.1.1 Thank you in advance, -- Rui Santos Veni, Vidi

Re: [Openvpn-users] Cross-compile OpenVPN against non-default OpenSSL version

On 24/09/21 20:33, Gert Doering wrote: > Hi, > > On Fri, Sep 24, 2021 at 03:55:22PM +0100, Rui Santos wrote: > Thank you very much for your reply! > ./configure --help > > ... > Some influential environment variables: > ... > OPENSSL_CFLAGS >

Re: [Openvpn-users] Cross-compile OpenVPN against non-default OpenSSL version

On 27/09/21 16:41, Rui Santos wrote: > > On 24/09/21 20:33, Gert Doering wrote: >> Hi, >> >> On Fri, Sep 24, 2021 at 03:55:22PM +0100, Rui Santos wrote: >> > Thank you very much for your reply! >> ./configure --help >> >> ... >> Some infl

Re: [Openvpn-users] Issue a specific tunnel to re-connect to the next server

On 15/11/21 17:19, Selva Nair wrote: > > > On Mon, Nov 15, 2021 at 12:08 PM Jan Just Keijser > wrote: > > Hi Rui, > > Hi Selva, thank you for your reply :) > I guess you mean server config, not client config. On client, 2 would > be interpreted as the number of

Re: [Openvpn-users] Issue a specific tunnel to re-connect to the next server

0 On 15/11/21 17:06, Jan Just Keijser wrote: > Hi Rui, > > Hello Jan! Thanks for getting back to me :) > this is indeed what you use the management interface for. Read up at e.g. >  https://openvpn.net/community-resources/management-interface/ > > the command is >   kill > or >   kill : > > You

[Openvpn-users] Issue a specific tunnel to re-connect to the next server

you in advance, -- Rui Santos Veni, Vidi, Linux ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users

Re: [Openvpn-users] Issue a specific tunnel to re-connect to the next server

On 15/11/21 18:39, Selva Nair wrote: > Hi,  >   > > > client-kill CID > > > > from the management interface of the server. Here CID is the > client-id > > of the client which could be obtained from status output. This > command > > by default causes the client to