Dear Devs,
I read that a kernel acceleration module is WIP
from https://openvpn.net/openvpn-hackathon-2019/. It's very exciting
because performance will have much improvement.
If you don't mind, would you share us some lastest news because it seems that
no more news is found after Google? Than
Hi Gert,
Good news, it worked beautifully with tun and tap interfaces!
Thank you very much
BR
Gava
On Sun, Aug 30, 2020 at 5:37 PM Gert Doering wrote:
> Hi,
>
> On Sun, Aug 30, 2020 at 02:07:03PM +0200, Gert Doering wrote:
> > On Sat, Aug 29, 2020 at 09:42:46PM -0300, Rafael Gava wrote:
Hi Gert,
thanks for the prompt fix.
Our server is an old appliance and I really don't know if it was compiled
with "enable-small". I'll try to figure that. :-)
Sure, I'll try the fix and let you know ASAP.
BR
Gava
On Sun, Aug 30, 2020 at 5:37 PM Gert Doering wrote:
> Hi,
>
> On Sun, Aug 30
Hi,
On Sun, Aug 30, 2020 at 02:07:03PM +0200, Gert Doering wrote:
> On Sat, Aug 29, 2020 at 09:42:46PM -0300, Rafael Gava wrote:
[..]
> If it still doesn't do that, you found a new bug :-)
So - patch has been merged, and I think I have set up an appropriate
testbed to verify this (2.5/master talk
Acked-by: Gert Doering
Besides the visual check ("nice, one level of indentation removed!"),
I have also added 5 more tests to our test environment (running on
phillip, so available for all t_client instances):
- git master client to 2.3 server, "--cipher bf-cbc"
("OCC based NCP, same cipher
> +++ b/src/openvpn/ssl.c
> @@ -2311,7 +2311,18 @@ push_peer_info(struct buffer *buf, struct tls_session
> *session)
> if (session->opt->ncp_enabled
> && (session->opt->mode == MODE_SERVER || session->opt->pull))
> {
> +/* We keep announcing IV_NCP=2 in
This is basically to improve 2.4 client to OpenVPN 2.5 server compatibility.
The commit message of patch 2/2 explains the motivations and details more.
Arne Schwabe (2):
Normalise ncp-ciphers option and restrict it to 127 bytes
Also announce IV_CIPHERS as client in OpenVPN 2.4
doc/openvpn.8
In scenarios of mbed TLS vs OpenSSL we already normalise the ciphers
that are send via the wire protocol via OCC to not have a mismatch
warning between server and client. This is done by
translate_cipher_name_from_openvpn. The same applies also to the
ncp-ciphers list. Specifying non normalised nam
This improves compatbility to a OpenVPN 2.5 server and
allows to negotiate a different cipher than AES-128/256-GCM
without abusing the poor man's NCP support with --cipher.
We keep the IV_NCP=2 flag logic as broken as it is since 2.5 server
ignore the flag if IV_CIPHERS is set and this might break
If we do not get a cipher pushed we call tls_poor_mans_ncp to determine
whether we can use the server's cipher. Inherited from OpenVPN
2.4's code we only did this check when the ciphers were different.
Since OpenVPN 2.5 does not assume that our cipher we report in OCC
(options->ciphername) is alway
If we do not get a cipher pushed we call tls_poor_mans_ncp to determine
if we can use the cipher that the server uses. Left over from OpenVPN
2.4's code we only did this check when the ciphers were different.
Since OpenVPN 2.5 does not assume that our cipher we report in OCC
(options->ciphername) i
Am 29.08.20 um 21:19 schrieb Rafael Gava:
> Hi Arne,
>
> This thread has a could days but I'm testing the version 2.5-beta2 and
> I'm getting the following error:
>
> 2020-08-29 16:02:53 us=643016 OPTIONS ERROR: failed to negotiate cipher
> with server. Add the server's cipher ('BF-CBC') to --da
Hi,
On Sat, Aug 29, 2020 at 09:42:46PM -0300, Rafael Gava wrote:
> Actually, I was testing Samuli's 2.5-beta2 installer from the link below:
> Note sure if it's with the patch for data-ciphers but I guess so.
> I'll pull the 2.5-beta2 code and build it in order to check if it's
> working properl
13 matches
Mail list logo
