[Openvpn-devel] [PATCH] do not push route-ipv6 entries that are also in the iroute-ipv6 list

A server should push a route to a client only if there is no matching iroute for the same client. While this logic works fine for IPv4, there is no IPv6 counterpart. Implement the same check for IPv6 routes and discard matching ones from the push list. Trac: #354 Cc: Gert Doering Signed-off-by:

Re: [Openvpn-devel] Minimum Linux Version for OpenVPN 2.4.x

Thank you Jan, Gert et al for the replies. Especially Jan for going to all that trouble! Jan, to all your points — yes I agree. Upgrading this device to a newer kernel will be a major undertaking, I won’t bother you all with the details here. I asked the question to get an idea of how recent w

Re: [Openvpn-devel] [PATCH] Support fingerprint authentication

Hi Arne, On 23/05/18 16:46, Arne Schwabe wrote: I have some strong thoughts on this, mostly related to:  can someone explain to me why this is safe? I've seen that OpenSSH 7.7 now implements something similar (xmss hash-based signatures, https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-bas

Re: [Openvpn-devel] [PATCH] Support fingerprint authentication

>> > I have some strong thoughts on this, mostly related to:  can someone > explain to me why this is safe? > > I've seen that OpenSSH 7.7 now implements something similar (xmss > hash-based signatures, > https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12, > disabled by def

Re: [Openvpn-devel] [PATCH] Support fingerprint authentication

Hi Steffan, On 17/05/18 20:31, Steffan Karger wrote: Hi Jason, [ Dumping my thoughts so this doesn't remain completely unanswered for even longer. ] On 17-04-18 18:50, Jason A. Donenfeld wrote: OpenVPN traditionally works around CAs. However many TLS-based protocols also allow an alternative

[Openvpn-devel] Summary of the community meeting (Wed, 23rd May 2018)

Hi, Here's the summary of the IRC meeting. --- COMMUNITY MEETING Place: #openvpn-meeting on irc.freenode.net Date: Wednesday 23rd May 2018 Time: 11:30 CET (9:30 UTC) Planned meeting topics for this meeting were here: The next meet

Re: [Openvpn-devel] Minimum Linux Version for OpenVPN 2.4.x

Hi, On 22/05/18 22:47, Gert Doering wrote: On Tue, May 22, 2018 at 09:10:10PM +0200, David Sommerseth wrote: On 22/05/18 19:32, Marvin wrote: Can someone tell me the minimum Linux version that OpenVPN 2.4.x will build and run on?  We have an older appliance the runs on an older 2.4.31 kernel

Re: [Openvpn-devel] linking interactive service and openvpn.exe into single binary ?

Hi, On Wed, May 23, 2018 at 02:10:42PM +0500, ?? wrote: > however, what I talk about is a different case. "exe_path" exists, but it > points to wrong location. In that case, wipe the system and reinstall. Seriously: if you mess up your system config, there is no way we're go

Re: [Openvpn-devel] linking interactive service and openvpn.exe into single binary ?

2018-05-23 14:06 GMT+05:00 David Sommerseth < open...@sf.lists.topphemmelig.net>: > On 23/05/18 10:08, Илья Шипицин wrote: > > Hello, > > > > we observe weird registry corruption, when "exe_path" points to wrong > location. > > I came to an idea, why not to link both service and openvpn.exe into >

Re: [Openvpn-devel] linking interactive service and openvpn.exe into single binary ?

On 23/05/18 10:08, Илья Шипицин wrote: > Hello, > > we observe weird registry corruption, when "exe_path" points to wrong > location. > I came to an idea, why not to link both service and openvpn.exe into single > openvpn.exe thus removing the need to specify exe_path at all ? > > thoughts ? Wh

[Openvpn-devel] linking interactive service and openvpn.exe into single binary ?

Hello, we observe weird registry corruption, when "exe_path" points to wrong location. I came to an idea, why not to link both service and openvpn.exe into single openvpn.exe thus removing the need to specify exe_path at all ? thoughts ? Ilya Shipitsin ---