Hello!
I didn't realize there's a new release, thanks for the info! I'm really
tempted to order a copy now.I see you use OpenVPN 2.4 in the book, do you
discuss the new tls-crypt feature in the book?
Kind regards,SaAtomic
3. Apr 2017 10:14 by janj...@nikhef.nl:
> > Hi,
>
> On 03/04/17 08:57, > saato...@keemail.me> wrote:
> >
>> Hello!
>> This is interesting, I've never encountered a VPN, where the
>> server does not have VPN IP address. >> How does one set that up? How
>> does that even work, in terms of forwarding traffic through the
>> tunnel?>>
>> >> >> Would someone have a link for me, about that topic?>>
>>
>> >>
>>
> an example is given in my OpenVPN Cookbook, although that example is
> for a point-to-point connection. However, it could also be applied to a
> client/server setup. The main idea is that the client only needs to know
> which *interface* to send the packets out on, not to which router IP ; so
> as long as the clients know that traffic for network X needs to go out
> interface tunY then the packets should "flow". There are caveats here,
> however: some OSes don't like this, especially if you want to reroute
> *all* traffic over the VPN tunnel.
> Apart from that, if I were running an OpenVPN server to which
> potential rogue users can connect then I'd block all incoming traffic on
> the VPN server - you'd be allowed to FORWARD stuff, nothing more. This is
> similar to a well-protected LAN where you're not allowed to connect to the
> LAN router/gateway: all that thing will do for you is forward (and filter)
> traffic.
> As a final note: if you're running OpenVPN in tap mode then it's not
> even necessary that the VPN "router" IP is the same as that of the VPN
> server itself; one could set up a VPN server and a separate router to
> handle the VPN traffic. Then again, "tap" setups are quite rare these days.
>
> HTH,
>
> JJK
>
>
>
>
>
>>
>> 31. Mar 2017 18:20 by >> janj...@nikhef.nl>> :
>>
>>
>>> >>> Hi,
>>>
>>> On 30/03/17 10:06, >>> saato...@keemail.me>>> wrote:
>>> >>>
>>>> Hello!
>>>> >>>> >>>> Yes, I could "unix ping" the tunnel's server
>>>> IP (e.g. ping -c 1 -W 2 -I tun0 172.16.0.1), but I haven't
>>>> found a reliable way to automatically identify the server's IP
>>>> address yet.>>>> >>>> The environmental variable
>>>> $route_network_1 appears to be working for that only
>>>> occasionally. >>>>
>>>> >>>> >>>> How could I implement "sending data and
>>>> checking the response"? I'd need to get that working in an
>>>> automated manner.>>>>
>>>> >>>>
>>>>
>>> in theory the server does not need to have a VPN IP address - or
>>> the server could be configured to block all access to it; if I
>>> were running a VPN setup where paying customers are connecting this
>>> is exactly what I'd do - I wouldn't want a rogue customer to attack
>>> my server.
>>>
>>> Having said that, in 99.9% of the cases the server IP will
>>> always be <subnet>.1 - which use cases are you trying to address in
>>> which this is not the case?
>>>
>>> HTH,
>>>
>>> JJK
>>>
>>>
>>>
>>>>
>>>> 30. Mar 2017 09:00 by >>>> g...@greenie.muc.de>>>> :
>>>>
>>>>
>>>>> Hi,
>>>>>
>>>>> On Wed, Mar 29, 2017 at 03:27:55PM +0200, >>>>>
>>>>> saato...@keemail.me>>>>> wrote:
>>>>>> How can I confirm that the data channel is working
>>>>>> correctly after "Initialization Sequence Completed" on
>>>>>> the client?
>>>>>
>>>>> "ping the server", like, with "unix ping"?
>>>>>
>>>>> Send data over the data channel and see if something
>>>>> useful comes back.
>>>>>
>>>>>
>>>> >>>>
>>>
>>>
>>
>> >>
>> >>
>> ------------------------------------------------------------------------------Check
>> out the vibrant tech community on one of the world's mostengaging tech
>> sites, Slashdot.org! >> http://sdm.link/slashdot>>
>> >>
>> >> _______________________________________________Openvpn-users
>> mailing list>> Openvpn-users@lists.sourceforge.net>>
>> https://lists.sourceforge.net/lists/listinfo/openvpn-users>>
>
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
