Re: [Openvpn-users] Clients can't connect after server reboot

2017-08-08 Thread Xen
Mio Vlahović schreef op 08-08-2017 19:59: Can anyone assist us on this one? I have googled and found something about CRL has expired error. Is it related with the upgrade of the openvpn package? we use one from the epel repository. You know a CRL is a certificate revocation list right. Being

Re: [Openvpn-users] Clients can't connect after server reboot

2017-08-08 Thread Xen
Mio Vlahović schreef op 08-08-2017 22:02: On 08.08.2017 21:47, David Sommerseth wrote: On 08/08/17 21:28, Mio Vlahović wrote: On 08.08.2017 21:13, David Sommerseth wrote: On 08/08/17 20:34, Leonardo Rodrigues wrote: You very likely created your certificated with MD5 hashing, which

[Openvpn-users] client connect script preventing openvpn restart

2017-05-20 Thread Xen
Hi, I have an older Synology installation of openvpn (server). There is some shell script starting openvpn. I am using a client connect script in the config. Sometimes I find that the server won't restart when I tell it to (it first sends regular kill messages then if that does not work I send

Re: [Openvpn-users] learn address script

2017-05-22 Thread Xen
Gert Doering schreef op 22-05-2017 19:03: > learn-address is only called if the route is not already-known - so > if the client has previously connected, and the server did not notice > that it went away (no --ping and no explicit-exit-notify), it will > not tell you "delete first, add again

Re: [Openvpn-users] learn address script

2017-05-27 Thread Xen
Jan Just Keijser schreef op 27-05-2017 22:48: On 23/05/17 00:25, Xen wrote: Been trying to get this working for several years now lol. if all external hosts can reach the server but you (internal host? vpn server?) then it's - as always - a routing or NATting issue. This _IS_ covered

Re: [Openvpn-users] learn address script

2017-05-28 Thread Xen
Jan Just Keijser schreef op 27-05-2017 22:48: if all external hosts can reach the server but you (internal host? vpn server?) then it's - as always - a routing or NATting issue. This _IS_ covered in a recipe of my OpenVPN cookbook I mean a mail log for myself from this morning shows first

Re: [Openvpn-users] learn address script

2017-05-28 Thread Xen
Gert Doering schreef op 28-05-2017 16:29: Hi, On Sun, May 28, 2017 at 11:46:43AM +0200, Xen wrote: But I don't know, it was just a temporary glitch. But the temporary glitch caused the connection to be dropped... If the server tells the client "your auth is not valid", yes, that w

Re: [Openvpn-users] automatically restart openvpn

2017-05-31 Thread Xen
Riccardo Paolo Bestetti schreef op 31-05-2017 16:01: It's not OpenVPN you should configure, but your Operating System. You should refer to its documentation or its relevant mailing list. You can also do: # crontab -l | { cat; echo "*/15 * * * * /bin/sh -c 'ifconfig | grep tun0 > /dev/null ||

Re: [Openvpn-users] automatically restart openvpn

2017-05-31 Thread Xen
Samuli Seppänen schreef op 31-05-2017 19:10: Hi, A few months back I looked into exactly this issue. Back then there was no easy way to make systemd send emails. That is why I still use monit which has good notification capabilities: Hi, yes, that sounds

Re: [Openvpn-users] automatically restart openvpn

2017-05-31 Thread Xen
David Sommerseth schreef op 31-05-2017 18:28: On 31/05/17 17:05, Xen wrote: Riccardo Paolo Bestetti schreef op 31-05-2017 16:01: It's not OpenVPN you should configure, but your Operating System. You should refer to its documentation or its relevant mailing list. You can also do: # crontab

Re: [Openvpn-users] Select nearest OpenVPN server / shared userbase / Only connect if away from home

2017-10-02 Thread Xen
I am sorry this will be my last message. This is bullshit. Илья Шипицин schreef op 02-10-2017 21:26: yes, if you distribute all of your organization routes via DHCP - it is good. but it is not common practice Then you throw away a solution just to be able to call something else bad. If

Re: [Openvpn-users] OpenVPN ports

2017-10-12 Thread Xen
Aziz schreef op 12-10-2017 11:02: Thank you all. I will do further testing/troubleshooting . Make sure you didn't just misunderstand the port forwarding dialogue of your router. Some routers these days, particularly from ISPs (modems) have rather unintuitive interfaces that can throw you

Re: [Openvpn-users] OpenVPN ports

2017-10-12 Thread Xen
Aziz schreef op 12-10-2017 10:32: Hi All, I'm using OpenVPN server behind NAT (Firewall), I need to know which ports to open in order to allow clients to connect to my OVPN server. In other words what are the defaults ports used by an OVPN server ? That means the only port you need is

Re: [Openvpn-users] Select nearest OpenVPN server / shared userbase / Only connect if away from home

2017-10-02 Thread Xen
Jan Just Keijser schreef op 02-10-2017 17:04: 2. Is there a way to have different OpenVPN servers share (or synchronize) the same certificates so we only have to create one certificate for each user to have access to all our OpenVPN servers worldwide? Or entirely validate through Active

Re: [Openvpn-users] fix disconnect connect order in address learning/unlearning

2017-10-02 Thread Xen
Jan Just Keijser schreef op 02-10-2017 17:00: are you using "proto udp" ? Yes I am using both but normally it would connect via UDP. if so, add "explicit-exit-notify 3" to the client config (or 'push "explicit-exit-notify 3" ' to the server config). That way, a client always sends a

Re: [Openvpn-users] Select nearest OpenVPN server / shared userbase / Only connect if away from home

2017-10-02 Thread Xen
Илья Шипицин schreef op 02-10-2017 20:08: 2017-10-02 22:40 GMT+05:00 Xen <l...@xenhideout.nl>: Илья Шипицин schreef op 02-10-2017 19:31: consider the following setup office LAN1: 192.168.100.0/24 LAN2: 192.168.101.0/24 user only use default gateway, it serves both internet and LAN2

Re: [Openvpn-users] Select nearest OpenVPN server / shared userbase / Only connect if away from home

2017-10-02 Thread Xen
Илья Шипицин schreef op 02-10-2017 18:41: This is a great idea. I do not think so. consider a "road" warrior" with a laptop 1) when in office, usually you get 0.0.0.0/0 route, i.e. default 2) when connected via vpn, you get a bunch of routes via vpn and 0.0.0.0/0 via local ISP. any

Re: [Openvpn-users] changes from 2.3 to 2.4 (client)?

2017-10-02 Thread Xen
Xen schreef op 02-10-2017 19:17: What did I do? I am apparently mistaken. The same thing happens with the 2.3 client now. I have tried: - net30 on both client and server, ifconfig-push 10.8.0.25 10.8.0.24 - subnet on both client and server, ifconfig-push 10.8.0.25 255.255.255.0

[Openvpn-users] changes from 2.3 to 2.4 (client)?

2017-10-02 Thread Xen
So it appears that by upgrading a client to 2.4 something stopped working. I have a rather old Synology server. Version is 2.1.4 Topology is as follows: Home network --> VPN server --> VPN client --> client behind client Home network (my computer) has a route for the VPN and a route for the

Re: [Openvpn-users] Select nearest OpenVPN server / shared userbase / Only connect if away from home

2017-10-02 Thread Xen
Илья Шипицин schreef op 02-10-2017 19:31: consider the following setup office LAN1: 192.168.100.0/24 LAN2: 192.168.101.0/24 user only use default gateway, it serves both internet and LAN2 (when user in LAN1) if user connects to vpn, it will route to LAN2 through vpn gateway (it wins over

Re: [Openvpn-users] changes from 2.3 to 2.4 (client)?

2017-10-02 Thread Xen
Xen schreef op 02-10-2017 19:48: I don't understand why routing from 192.168.0.0 to 10.3.0.0 suddenly doesn't work anymore? Now suddenly I have a connection again. I changed nothing. So I restart the VPN client. Again no connection. Already 5 minutes in. Now

Re: [Openvpn-users] Select nearest OpenVPN server / shared userbase / Only connect if away from home

2017-10-02 Thread Xen
Илья Шипицин schreef op 02-10-2017 21:00: LAN1 and LAN2 are just different floors in a single building. I don't know where you get that idea. If a VPN only provides gateway for VPN connected devices that's one thing. If a VPN provides routes for LANS that's another thing. Those routes

Re: [Openvpn-users] Select nearest OpenVPN server / shared userbase / Only connect if away from home

2017-10-03 Thread Xen
Theo Fokkema schreef op 03-10-2017 13:40: AirVPN uses its own tool they call "Eddie" which will do latency tests and connect to a recommended server, but which will also allow you to manually choose one. I guess there is a 'market' for an open tool that does the same for corporate networks

Re: [Openvpn-users] Select nearest OpenVPN server / shared userbase / Only connect if away from home

2017-10-03 Thread Xen
Theo Fokkema schreef op 03-10-2017 12:33: I'd have to hire a programmer to write a separate service that wraps around the OpenVPN service, probably. But I can hardly imagine that I'm the first person to want such a setup. Are any such wrappers or scripts existing? I noticed there are a

Re: [Openvpn-users] Select nearest OpenVPN server / shared userbase / Only connect if away from home

2017-10-03 Thread Xen
Jan Just Keijser schreef op 03-10-2017 10:52: Actually, this is not a requirement. You can set up a PKI (Public Key Infrastructure) like this: Root CA Server sub-cA --- Server cert Yes and you can have more than one Server cert. | + Office 1 sub-ca --- Office 1

Re: [Openvpn-users] changes from 2.3 to 2.4 (client)?

2017-10-03 Thread Xen
Jan Just Keijser schreef op 03-10-2017 11:29: On 02/10/17 19:17, Xen wrote: So it appears that by upgrading a client to 2.4 something stopped working. I have a rather old Synology server. Version is 2.1.4 Topology is as follows: Home network --> VPN server --> VPN client --> clie