[Openvpn-devel] Traffic through Cloudflare

2018-09-14 Thread Morris, Russell
Hi, Perhaps a dumb question, but I recently set up my (HTTPS) server through Cloudflare, enabling their proxy service. Now when I try to connect to OpenVPN, I get the following? WARNING: Bad encapsulated packet length from peer (18516), which must be > 0 and <= 1626 - please ensure that --tun-

[Openvpn-devel] [PATCH v2 2/3] mbedtls: make external signing code generic

2018-09-14 Thread Steffan Karger
This prepares for reusing this code from the mbedtls pkcs11 implementation. The change itself should not have any functional impact. Signed-off-by: Steffan Karger --- v2: rebase onto current master src/openvpn/ssl_mbedtls.c | 115 -- src/openvpn/ssl_m

[Openvpn-devel] [PATCH v2 1/3] Do not load certificate from tls_ctx_use_external_private_key()

2018-09-14 Thread Steffan Karger
The cert and key loading logic surrounding management-external-key and management-external cert was somewhat intertwined. Untangle these to prepare for making the external key code more reusable. The best part is that this even reduces the number of lines of code. Signed-off-by: Steffan Karger

[Openvpn-devel] [PATCH v2 3/3] mbedtls: remove dependency on mbedtls pkcs11 module

2018-09-14 Thread Steffan Karger
Instead of using mbedtls's pkcs11 module, reuse the code we already have for management-external-key to also do pkcs11 signatures. As far as mbed is concerned, we simply provide an external signature. This has the following advantages: * We no longer need mbed TLS to be compiled with the pkcs11