Re: [Openvpn-devel] testing challenge-response

2016-08-16 Thread Selva Nair
Hi, Following up on the previous mail, the server side script for client authentication and the server/client configs that I use for testing challenge-response auth are uploaded here: https://gist.github.com/selvanair/b31ec6d5873e2ffc141ec680fca69254 On the server-side the script should be runni

[Openvpn-devel] testing challenge-response

2016-08-16 Thread Selva Nair
Hi, As discussed in the IRC meeting, here is a client config that connects to a test server I run for static and dynamic challenge. Just run it as sudo openvpn --config cr-client.conf Respond with some arbitrary strings at the username, password and static-challenge prompts and the server will

Re: [Openvpn-devel] block-outside-dns and multiple tunnels

2016-08-16 Thread Selva Nair
Hi, On Tue, Aug 16, 2016 at 12:41 PM, ValdikSS wrote: > This is known issue (for me), and it was superficially discussed on IRC at > some point. It wasn't considered significant to implement block-outside-dns > for multiple connections. > > Is there ahy reason to use block-outside-dns on multipl

Re: [Openvpn-devel] block-outside-dns and multiple tunnels

2016-08-16 Thread ValdikSS
This is known issue (for me), and it was superficially discussed on IRC at some point. It wasn't considered significant to implement block-outside-dns for multiple connections. Is there ahy reason to use block-outside-dns on multiple connections? Just asked supergregg (bug reporter), he probably

Re: [Openvpn-devel] [PATCH 1/3] Do not pass env for system commands on Linux

2016-08-16 Thread ValdikSS
On 08/08/2016 11:34 AM, David Sommerseth wrote: > > On 07/08/16 13:44, ValdikSS wrote: > > It's possible to have so much routes that they won't fit into stack > > and execve would fail with E2BIG (Argument list too long). > > > This commit fixes this issue by not adding route information into > > e

Re: [Openvpn-devel] [PATCH] Discourage using 64-bit block ciphers

2016-08-16 Thread Arne Schwabe
Am 16.08.16 um 16:46 schrieb Steffan Karger: > As discussed with the development team, we should start moving away from > ciphers with a small block size. For OpenVPN in particular this means > moving away from 64-bit block ciphers, towards 128-bit block ciphers. > This patch makes a start with

Re: [Openvpn-devel] [PATCH (master)] Discourage using 64-bit block ciphers

2016-08-16 Thread Arne Schwabe
Am 16.08.16 um 16:45 schrieb Steffan Karger: > As discussed with the development team, we should start moving away from > ciphers with a small block size. For OpenVPN in particular this means > moving away from 64-bit block ciphers, towards 128-bit block ciphers. > This patch makes a start with

[Openvpn-devel] [PATCH] Discourage using 64-bit block ciphers

2016-08-16 Thread Steffan Karger
As discussed with the development team, we should start moving away from ciphers with a small block size. For OpenVPN in particular this means moving away from 64-bit block ciphers, towards 128-bit block ciphers. This patch makes a start with that by moving ciphers with a block size < 128 bits to

[Openvpn-devel] [PATCH (master)] Discourage using 64-bit block ciphers

2016-08-16 Thread Steffan Karger
As discussed with the development team, we should start moving away from ciphers with a small block size. For OpenVPN in particular this means moving away from 64-bit block ciphers, towards 128-bit block ciphers. This patch makes a start with that by moving ciphers with a block size < 128 bits to

[Openvpn-devel] Summary of the IRC meeting on 15th August 2016

2016-08-16 Thread Samuli Seppänen
Hi, Here's the summary of yesterday's IRC meeting. --- COMMUNITY MEETING Place: #openvpn-meeting on irc.freenode.net Date: Monday 15th August 2016 Time: 20:00 CEST (18:00 UTC) Planned meeting topics for this meeting were here: T