Re: [Openvpn-devel] [DEVELOPER REQUESTED] Repackage TAP-Win32

On 02/18/2012 06:04:48 PM, David Sommerseth wrote: > Right now, debating tarball/zipball formats is a bit premature. > There > are 8 challenging steps to solve before this. Even though Windows > doesn't support tarballs natively, LGPL tools like 7-Zip exists which > will make that job easier.

Re: [Openvpn-devel] [DEVELOPER REQUESTED] Repackage TAP-Win32

On 02/18/2012 04:53:50 PM, Scott Zeid wrote: > On Feb 18, 2012 9:05 AM, "Alon Bar-Lev" > wrote: > > 9. Output of build system would be [at least] (msi, tarball) for > > (win32, win64). Why tarball? To enable people to fetch files > without > > hacking the msi (example: cross compile). > > It sh

Re: [Openvpn-devel] [DEVELOPER REQUESTED] Repackage TAP-Win32

On 02/18/2012 09:05:16 AM, Alon Bar-Lev wrote: > Hello, > > We have a go to rewrite the OpenvPN build system. > 9. Output of build system would be [at least] (msi, tarball) for > (win32, win64). Why tarball? To enable people to fetch files without > hacking the msi (example: cross compile). I'd

Re: [Openvpn-devel] Problem with alloc_buf_gc function

On 12/29/2011 01:29:00 PM, Gert Doering wrote: > Now I wouldn't know how to enable ip forwarding on Windows, and I > wouldn't > even think of running an OpenVPN server on Windows, but supposedly it > can > be done. Let someone else chime in and answer that... Perhaps on the openvpn-users list in

Re: [Openvpn-devel] Problem with alloc_buf_gc function

On 12/29/2011 08:24:54 AM, Gert Doering wrote: > Linux needs to know that it is to be a router: > > # echo 1 >/proc/sys/net/ipv4/ip_forward See /etc/sysctl.conf (man sysctl.conf) to set forwarding at boot. Karl Free Software: "You don't pay back, you pay forward." -- Robert

Re: [Openvpn-devel] Debian master branch build?

On 12/18/2011 03:21:06 AM, Gert Doering wrote > > This is not about "newer software" - it doesn't make sense for Debian > to include *snapshots* in their distribution. Debian provides tools (uupdate) that facilitate putting snapshots, or head or whatever, into packages for installation on Debian

Re: [Openvpn-devel] Debian master branch build?

On 12/17/2011 02:47:39 PM, Praetorian wrote: > A few weeks/months ago in an IRC meeting I asked about a debian build > for the master branch. I recently installed the > openvpn-2.x-master-20111202-wo-startup-test-install.exe on my vista > laptop (which installed fine btw). Is there a debian build

Re: [Openvpn-devel] [PATCH v3] Move away from openvpn_basename() over to platform provided basename()

On 12/11/2011 02:37:02 PM, Gert Doering wrote: > Of course nobody wants to reimplement all library functions (except > djb, maybe, but we do not want to go there), but given some functions > with sufficiently vague or messy calling semantics, having a better > defined local implementation can i

Re: [Openvpn-devel] OemWin2k.inf specify network adapter name

On 06/03/2011 12:35:28 PM, Gert Doering wrote: > Hi, > > On Fri, Jun 03, 2011 at 07:14:39PM +0200, David Sommerseth wrote: > > Pure feature wise, this really sounds like a reasonable thing to > change. > > ACK. I like the idea. > > But I have no idea whether this can be done, and if yes, how.

Re: [Openvpn-devel] minimalistic OpenVPN

On 06/02/2011 10:46:00 AM, Mr Dash Four wrote: > Is it possible to build a minimalistic version of OpenVPN to be used > on > portables? > > As part of in-house project I would like to be able to compile, build > install and use OpenVPN on HTC (Desire). I already have the modified > OS > and the

Re: [Openvpn-devel] [PATCH] Change the default --tmp-dir path to a more suitable path

On 04/07/2011 09:59:51 AM, Alon Bar-Lev wrote: > Please stop trying to find problems where not exist. I think we are on the same page here. I don't see any sort of problem. Karl Free Software: "You don't pay back, you pay forward." -- Robert A. Heinlein

Re: [Openvpn-devel] [PATCH] Change the default --tmp-dir path to a more suitable path

On 04/07/2011 07:51:55 AM, David Sommerseth wrote: > [resend copy to openvpn-devel list as well] > I checked for the $TMPDIR variable on CentOS 5.5, Fedora 14 and > Gentoo > installations. And $TMPDIR didn't show up at all, hence I thought > this was > not a really useful option. However, I see

Re: [Openvpn-devel] OpenVPN documentation (man page) review

On 01/12/2011 02:48:29 PM, Jan Just Keijser wrote: > As for the document format: if we want users to contribute then we > should not opt for a too-difficult format that users would have to > learn > before being able to contribute. Docbook and/or texinfo are nice for > Linux users but you'd sca

Re: [Openvpn-devel] OpenVPN documentation (man page) review

On 01/12/2011 02:40:00 AM, Matthias Andree wrote: > Am 11.01.2011 12:20, schrieb David Sommerseth: > > > > Hi folks! > > > > This is a little cry for help from us playing with the OpenVPN > code. > > > > We have a quite good man page today with a lot of information. But > > maintaining it and

Re: [Openvpn-devel] Can *plugin* kill specific ovpn tunnel?...

On 12/14/2010 04:22:53 PM, Vineet Kumar wrote: > Sorry pl. explain the "intermediary" part. Is that supposed to solve > the single telnet server accepting multiple *concurrent* client > sessions? Yes. The multiple concurrent client sessions talk to a single telnet server via an intermediary. Th

Re: [Openvpn-devel] [PATCH] Open log files as text files on Windows

On 12/13/2010 10:56:28 AM, David Sommerseth wrote: > On 13/12/10 17:29, Karl O. Pinc wrote: > > On 12/13/2010 05:56:16 AM, David Sommerseth wrote: > >> By giving the "t" flag to _fdopen() on Windows, the file will be > >> opened in a "translate mode&

Re: [Openvpn-devel] [PATCH] Open log files as text files on Windows

On 12/13/2010 05:56:16 AM, David Sommerseth wrote: > By giving the "t" flag to _fdopen() on Windows, the file will be > opened in a "translate mode", where it will take care of converting > \n to \r\n, and also look for the CTRL-Z mark when opening the log > file in append mode. It should be possi

Re: [Openvpn-devel] PATCH: floating-tls

On 12/02/2010 11:56:56 AM, Samuli Seppänen wrote: > Hi Blaise, > > Actually we discussed the floating-tls patch in last community > meeting: > > > The discussion ends with deciding that the feature be "opt-in", I presume via a compile t

Re: [Openvpn-devel] PATCH: floating-tls

On 12/02/2010 11:44:27 AM, Blaise Gassend wrote: > Hi, > > Didn't hear back from anybody. Is there really no interest at all in > adding floating TLS? Sounds like a nice feature to me, but I don't know enough to ack the code. Karl Free Software: "You don't pay back, you pay forward."

Re: [Openvpn-devel] Intelligent OpenVPN service?

On 10/18/2010 02:14:19 PM, Jason Haar wrote: > On 10/19/2010 07:43 AM, Davide Brini wrote: > > Sorry for the silly question, but how do you expect the OpenVPN > link > to be > > established if the computer "does not already have a connection"? > > > > What do you mean with the above statement? >

Re: [Openvpn-devel] Unpackged Windows binaries? -- Problems building 2.1 rc15 on Windows XP

On 08/27/2010 11:16:40 AM, David Sommerseth wrote: > On 27/08/10 16:20, Karl O. Pinc wrote: > > On 08/27/2010 03:50:55 AM, David Sommerseth wrote: > >> -BEGIN PGP SIGNED MESSAGE- > >> Hash: SHA1 > >> > >> On 09/04/09 19:44, Karl O. Pinc wrote:

Re: [Openvpn-devel] Unpackged Windows binaries? -- Problems building 2.1 rc15 on Windows XP

On 08/27/2010 03:50:55 AM, David Sommerseth wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 09/04/09 19:44, Karl O. Pinc wrote: > > > > On 04/09/2009 07:58:46 AM, Karl O. Pinc wrote: > >> > >> On 04/09/2009 01:01:50 AM, Alon Bar-Lev wr

Re: [Openvpn-devel] Summary of the IRC meeting (19th Aug 2010)

On 08/20/2010 10:48:17 AM, Gert Doering wrote: > The app is cross-compileable today - but to make that work requires > that > all relevant Windows APIs are exported in mingw headers *and > libraries*. > > Windows APIs have the nasty habit of changing over time, so if mingw > stops updating their

Re: [Openvpn-devel] Unpackaged Windows binaries (Was: Re: [Openvpn-users] [ANN] OS X packages - OpenVPN 2.1.1)

On 04/26/2010 10:23:21 AM, David Sommerseth wrote: > On 26/04/10 16:47, Karl O. Pinc wrote: > > > > Speaking of the standard release process there is still this > thread: > > > > Re: [Openvpn-devel] Unpackged Windows binaries? -- Problems > building > >

Re: [Openvpn-devel] Unpackaged Windows binaries (Was: Re: [Openvpn-users] [ANN] OS X packages - OpenVPN 2.1.1)

On 04/27/2010 05:58:43 AM, Peter Stuge wrote: > Karl O. Pinc wrote: > > IMO OpenVPN is encouraging bad practices by supplying packages for > > distros that include OpenVPN. > > Ideally the package for that distro as made by OpenVPN is always > equivalent to the one made

Re: [Openvpn-devel] Unpackaged Windows binaries (Was: Re: [Openvpn-users] [ANN] OS X packages - OpenVPN 2.1.1)

On 04/27/2010 05:58:43 AM, Peter Stuge wrote: > Karl O. Pinc wrote: > > IMO OpenVPN is encouraging bad practices by supplying packages for > > distros that include OpenVPN. > > Ideally the package for that distro as made by OpenVPN is always > equivalent to the one

Re: [Openvpn-devel] Unpackaged Windows binaries (Was: Re: [Openvpn-users] [ANN] OS X packages - OpenVPN 2.1.1)

On 04/26/2010 02:11:26 PM, Karl O. Pinc wrote: > On 04/26/2010 11:53:19 AM, Peter Stuge wrote: > > Karl O. Pinc wrote: > > > the project is already releasing unpackaged Linux > > > binaries > > > > Really? > > They seem to have stopped sometime after

Re: [Openvpn-devel] Unpackaged Windows binaries (Was: Re: [Openvpn-users] [ANN] OS X packages - OpenVPN 2.1.1)

On 04/26/2010 09:46:06 PM, Toby Thain wrote: > > On 27-Apr-10, at 12:19 PM, Karl O. Pinc wrote: > > > On 04/26/2010 06:19:31 PM, Toby Thain wrote: > >>> > >>> > >> > >> I don't think unpackaged OS X binaries are very useful, which

Re: [Openvpn-devel] Unpackaged Windows binaries (Was: Re: [Openvpn-users] [ANN] OS X packages - OpenVPN 2.1.1)

On 04/26/2010 06:02:46 PM, David Sommerseth wrote: > On 26/04/10 21:11, Karl O. Pinc wrote: > > On Debian all I had to do was "aptitude install nsis" and then > > run it to make MS Windows installers. Plug and play, no > > compiling necessary. > > > > J

Re: [Openvpn-devel] Unpackaged Windows binaries (Was: Re: [Openvpn-users] [ANN] OS X packages - OpenVPN 2.1.1)

On 04/26/2010 06:19:31 PM, Toby Thain wrote: > > On 27-Apr-10, at 1:58 AM, Karl O. Pinc wrote: > > > > The problem addressed is that there only binaries available > > for MS Windows are pre-packaged in an installer executable. > > This means that anyone who wants sto

Re: [Openvpn-devel] Unpackaged Windows binaries (Was: Re: [Openvpn-users] [ANN] OS X packages - OpenVPN 2.1.1)

On 04/26/2010 11:53:19 AM, Peter Stuge wrote: > Karl O. Pinc wrote: > > the project is already releasing unpackaged Linux > > binaries > > Really? They seem to have stopped sometime after July 30 2008. http://web.archive.org/web/20080730205524/openvpn.net/index.php/ downloa

Re: [Openvpn-devel] Unpackaged Windows binaries (Was: Re: [Openvpn-users] [ANN] OS X packages - OpenVPN 2.1.1)

On 04/26/2010 10:23:21 AM, David Sommerseth wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 26/04/10 16:47, Karl O. Pinc wrote: > > Speaking of the standard release process there is still this > thread: > > > > Re: [Openvpn-devel] Unpack

Re: [Openvpn-devel] [PATCH] Serial number export, fixed

On 04/26/2010 05:48:38 AM, Davide Brini wrote: > On Monday 26 Apr 2010 11:04:16 David Sommerseth wrote: > > > > Agreed, but from experience with many users ... it's a lot of users > who > > just take a script and try it out without even looking at the > script > > itself. So if the script could

Re: [Openvpn-devel] [ANN] OS X packages - OpenVPN 2.1.1

On 04/26/2010 03:42:37 AM, Arnoud Vermeer wrote: > Hi Toby, > > I for one appreciate your effort and would love to see this in the > standard > release process. Speaking of the standard release process there is still this thread: Re: [Openvpn-devel] Unpackged Windows binaries? -- Problems buildi

Re: [Openvpn-devel] [PATCH] Serial number export, fixed

On 04/26/2010 03:56:16 AM, Davide Brini wrote: > On Monday 26 Apr 2010 00:13:39 David Sommerseth wrote: > > > +# OCSP responder URL (mandatory) > > > +ocsp_url="http://some.ocsp.server/"; > > > +#ocsp_url="https://some.secure.ocsp.server/"; > > > > Wouldn't it be better to use a more valid URL? >

Re: [Openvpn-devel] Status Message Missing IP Address

On 04/24/2010 09:34:46 AM, open...@rkmorris.us wrote: > > > Hi, > > This makes sense to me on the server side, but I'm running the > management interface on the client ... why would it not know (or at > least report) it's IP address? Because it's not OpenVPN's IP address it's the client OS's IP

Re: [Openvpn-devel] openvpn error messages on the administrative interface?

On 04/23/2010 01:36:56 AM, Huzaifa Sidhpurwala wrote: > Hi All, > I have been patching NetworkManager-openvpn for some time now, trying > to > enable some functionality, which a lot of > people use. > The main problem we have been facing for some time now, is that > openvpn > throws error messages

Re: [Openvpn-devel] Slight modification to the contrib client.up script: DNS in server order

On 04/21/2010 09:13:35 AM, Toby Thain wrote: > > On 21-Apr-10, at 11:49 PM, Richard Monk wrote: > > > I had an issue come up where the clients were getting DNS entries > in > > > the > > reverse order the server sends them when using the client.up > contrib > > script. Since the DNS servers

Re: [Openvpn-devel] Unpackged Windows binaries? -- Problems building 2.1 rc15 on Windows XP

Hello, What's happening with this patch? Does OpenVPN want it? On 04/01/2010 10:19:01 AM, Karl O. Pinc wrote: > So, what is the status of this patch? Would Openvpn > release "unpackaged" MS Windows binaries? If so > you can apply the code patch and I'll rework t

Re: [Openvpn-devel] Unpackged Windows binaries? -- Problems building 2.1 rc15 on Windows XP

So, what is the status of this patch? Would Openvpn release "unpackaged" MS Windows binaries? If so you can apply the code patch and I'll rework the documentation patch into where ever the documentation currently exists. On 02/28/2010 09:48:46 PM, Karl O. Pinc wrote: > On 02/2

Re: [Openvpn-devel] [PATCH] On TARGET_LINUX define _GNU_SOURCE if not defined

On 03/13/2010 05:34:19 PM, Matthias Andree wrote: > Karl O. Pinc wrote on 2010-03-10: > > But, you _don't_ have to run ./configure every time. You > > You do. Yes. Thanks. I don't know what I was thinking. Karl Free Software: "You d

Re: [Openvpn-devel] Supporting "route-gateway dhcp" on non-Windows

On 03/11/2010 04:42:07 PM, Stefan Monnier wrote: > >> Let's not add more complexity to openvpn itself, I'd be much > happier if > > You just don't understand. > > The complexity *WILL* be in OpenVPN, if we decide to support > > "route-gateway dhcp" for non-Windows platforms. > > I'm not sure what

Re: [Openvpn-devel] Supporting "route-gateway dhcp" on non-Windows

On 03/11/2010 04:42:07 PM, Stefan Monnier wrote: > I find the effort would be better spent on working with other people > trying to make sure that ifplugd/NetworkManager/distributions/... > make > this setup as troublefree as possible. Exactly. As an example appended is a 47 line patch to th

Re: [Openvpn-devel] Supporting "route-gateway dhcp" on non-Windows

On 03/11/2010 01:21:19 PM, Gert Doering wrote: > This might be the other big misunderstanding here. As of today, if > you > want to use "ifplugd + dhcp + ..." on a TAP interface, just do so - > OpenVPN > won't stand in your way. This is not the issue at hand - the issue > is > that OpenVPN wan

Re: [Openvpn-devel] Supporting "route-gateway dhcp" on non-Windows

On 03/11/2010 09:10:23 AM, David Sommerseth wrote: > I agree to your points, from a theoretical point of view. But from a > practical point of view, I'm not sure how possible it is to find a > more > generic solution which can be used on all *nix based setups. AFAIK, > ifplugd is very Linux orie

Re: [Openvpn-devel] [PATCH] On TARGET_LINUX define _GNU_SOURCE if not defined

On 03/10/2010 12:09:58 PM, David Sommerseth wrote: > > But how is it then that Alon does not run ./configure > > on machine 2 above? > > The fact is that I believe he does run ./configure on all machines. > Autotools just generates a set up files which is not depending on > anything else than bas

Re: [Openvpn-devel] [PATCH] On TARGET_LINUX define _GNU_SOURCE if not defined

On 03/10/2010 11:54:52 AM, David Sommerseth wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 10/03/10 18:39, Karl O. Pinc wrote: > > On 03/10/2010 11:19:13 AM, Alon Bar-Lev wrote: > >> I will try to explain again. > >> > >> You have two

Re: [Openvpn-devel] [PATCH] On TARGET_LINUX define _GNU_SOURCE if not defined

On 03/10/2010 11:41:49 AM, Alon Bar-Lev wrote: > On Wed, Mar 10, 2010 at 7:39 PM, Karl O. Pinc wrote: > > In other words ./configure is not expected to be run under normal > > circumstances. > > > > The whole point of autoconf is to produce something that can > >

Re: [Openvpn-devel] [PATCH] On TARGET_LINUX define _GNU_SOURCE if not defined

On 03/10/2010 11:37:57 AM, David Sommerseth wrote: > On 10/03/10 18:26, Peter Stuge wrote: > > The only way autoconf on that RHEL4.6 would be relevant is if those > > RHEL4.6 systems strictly need to build directly from git source, as > > opposed to building from a prepared tarball. Is that the ca

Re: [Openvpn-devel] [PATCH] On TARGET_LINUX define _GNU_SOURCE if not defined

On 03/10/2010 11:19:13 AM, Alon Bar-Lev wrote: > I will try to explain again. > > You have two roles of environments: > > 1. Developer/packager workstation. > > 2. Target environment. > > For example, 1 would be my computer, and 2 would be the old redhat > computer. > > You go to (1) and do: >

Re: [Openvpn-devel] Supporting "route-gateway dhcp" on non-Windows

On 03/09/2010 11:27:13 AM, David Sommerseth wrote: > On 09/03/10 17:41, Karl O. Pinc wrote: > > On 03/09/2010 10:16:37 AM, David Sommerseth wrote: > > > >>> Over-automating things will cause people headaches. > >>> You don't want to willy-nilly s

Re: [Openvpn-devel] Supporting "route-gateway dhcp" on non-Windows

On 03/09/2010 10:16:37 AM, David Sommerseth wrote: > > Over-automating things will cause people headaches. > > You don't want to willy-nilly startup a dhcp client > > and have all your interfaces configured with dhcp without > > your consent. > > Exactly! Which again moves it more in the directi

Re: [Openvpn-devel] Supporting "route-gateway dhcp" on non-Windows

On 03/09/2010 08:01:32 AM, Stefan Monnier wrote: > > bring the interfaces up > > start dhcp client (if not triggered directly from the interfaces) > > start openvpn > > That is a misconfiguration in my book. The only correct > configuration > is when the dhcp client is triggered from the interfa

Re: [Openvpn-devel] Supporting "route-gateway dhcp" on non-Windows

On 03/09/2010 08:05:17 AM, David Sommerseth wrote: > On the other hand, ./configure > could try to detect which DHCP client the system got and could use > that > as a default client to kick off. I think this might cause more problems than it solves because there's no guarantee that build hosts w

Re: [Openvpn-devel] Supporting "route-gateway dhcp" on non-Windows

On 03/09/2010 12:47:36 AM, Peter Stuge wrote: > Karl O. Pinc wrote: > > The boot order that makes sense to me is: > > > > bring the interfaces up > > start dhcp client (if not triggered directly from the interfaces) > > start openvpn > > > > The

Re: [Openvpn-devel] Supporting "route-gateway dhcp" on non-Windows

On 03/08/2010 05:09:49 PM, Stefan Monnier wrote: > >> I think if the user just starts the dhcp client on an interface > >> independently from the moment the interface goes up (or down), > this > > >> is simply a misconfiguration. > > I'm not sure I understand. Are you saying that manually starti

Re: [Openvpn-devel] Supporting "route-gateway dhcp" on non-Windows

On 03/08/2010 03:26:11 PM, Stefan Monnier wrote: > > In either case we'd be looking at an openvpn configuration > > directive (or 2) that takes a command to run once > > the link comes up (and down). If that was in place then > > any of A, B, C, or D, or your choice of using an ifup/ifdown > > scr

Re: [Openvpn-devel] Supporting "route-gateway dhcp" on non-Windows

On 03/08/2010 02:26:13 PM, Peter Stuge wrote: > Karl O. Pinc wrote: > > > I know of at least four DHCP clients and I avoid dhclient as much > as > > > possible. It would be a tremendous mistake to tie OpenVPN to any > one > > > DHCP client IMO. > > &g

Re: [Openvpn-devel] Supporting "route-gateway dhcp" on non-Windows

On 03/08/2010 10:50:48 AM, Peter Stuge wrote: > Karl O. Pinc wrote: > > > I'm hoping that we can make "route-gateway dhcp" work on Unix > > > platforms as well. I'm thinking there are two possible ways we > > > could do this: > > Network

Re: [Openvpn-devel] Linux tun/tap performance issues

On 03/08/2010 10:40:10 AM, Peter Stuge wrote: > James Yonan wrote: > > all of the CPU-intensive cryptographic operations are being done in > > user space. > > Could some kind of crypto acceleration of OpenSSL be in play? Particularly in combination with context switching overhead going back and f

Re: [Openvpn-devel] Supporting "route-gateway dhcp" on non-Windows

On 03/08/2010 09:21:35 AM, James Yonan wrote: > OpenVPN 2.1 has a relatively recent feature that allows a TAP-based > OpenVPN session to be established where the client gets its IP > address > > assignment and other attributes from the server-side DHCP server. > I'm hoping that we can make "rou

Re: [Openvpn-devel] [PATCH] IPv6 support for TUN/TAP driver on windows

On 03/08/2010 09:16:33 AM, Samuli Seppänen wrote: > > > What needs to happen next? > > > > - it whould be highly appreciated if Samuli could get OpenVPN Tech > >to provide Windows binaries for the "openvpn-testing" tree, so > that > >we can get decent testing by the windows user base >

Re: [Openvpn-devel] special-case code for OpenBSD - advice needed

On 03/05/2010 10:39:26 AM, Gert Doering wrote: > Hi, > > On Fri, Mar 05, 2010 at 11:44:28AM +0100, Heiko Hund wrote: > > On Friday 05 March 2010 10:11:51 Gert Doering wrote: > > > What happened exactly? Could you ask your colleague for a log > file? > > > > Well, he couldn't ping any remote host

Re: [Openvpn-devel] Meeting topics for today

On 03/04/2010 03:18:43 AM, Samuli Seppänen wrote: > Hi all, > > here's a list of today's meeting topics: > > http://www.secure-computing.net/wiki/index.php/OpenVPN/IRC_meetings/ > Topics-2010-03-04 When is the meeting? Karl Free Software: "You don't pay back, you pay forward."

Re: [Openvpn-devel] Erratic TCP Throughput

On 03/03/2010 02:40:16 AM, Jason Haar wrote: > On 03/03/2010 04:52 PM, open...@rkmorris.us wrote: > > > > 1) Without OpenVPN - consistent performance, ~ 70 Mbps total > > throughput (on a 100 Mb LAN). > > 2) With OpenVPN - very consistent performance, sometimes fine, > other > > times very poor.

Re: [Openvpn-devel] [PATCH] FQDN for routes should expand to all IPs (second round)

On 03/01/2010 08:12:03 AM, Stefan Monnier wrote: > >> If someone could give at least some vaguely plausible scenario, > >> that'd help. > > Maybe there's more than one tunnel and there's some stupid > > load balancing going on using a hosts file? (Along with > > deleting all non-vpn routes.) > >

Re: [Openvpn-devel] OpenVPN Pf plugin/small status patch

On 03/01/2010 03:37:07 AM, David Sommerseth wrote: > Even though I do agree with you, Karl, that the vocabulary can be > confusing, I'm not sure it is up to us to change that. Just figured I'd mention it. Karl Free Software: "You don't pay back, you pay forward." -- Robert A

Re: [Openvpn-devel] [PATCH] enhance tls-verify possibility

On 03/01/2010 04:22:04 AM, David Sommerseth wrote: > On 01/03/10 06:32, Karl O. Pinc wrote: > > On 02/28/2010 10:24:36 PM, Peter Stuge wrote: > >> David Sommerseth wrote: > >>> +++ b/options.c > >>> @@ -529,6 +529,9 @@ static const char usage_messag

Re: [Openvpn-devel] special-case code for OpenBSD - advice needed

On 03/01/2010 01:54:46 AM, Gert Doering wrote: > Hi, > > On Sun, Feb 28, 2010 at 10:13:10PM -0600, Karl O. Pinc wrote: > > So, you should not need to do the ifconfig at all unless you're > > interested in tap functionality or there's other odd > > frobbing go

Re: [Openvpn-devel] [PATCH] enhance tls-verify possibility

On 02/28/2010 11:52:56 PM, Karl O. Pinc wrote: > On 02/28/2010 11:39:11 PM, Peter Stuge wrote: > > Karl O. Pinc wrote: > > > > > + "--tls-export-cert [directory] : Get peer cert in PEM > format > > and > > > > > > There is no man page. It

[Openvpn-devel] [PATCH] Final frobbing of openvpn(8) --tls-verify

From: Karl O. Pinc --- openvpn.8 |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/openvpn.8 b/openvpn.8 index 70e1e68..51d6ac5 100644 --- a/openvpn.8 +++ b/openvpn.8 @@ -4236,7 +4236,7 @@ should return 0 to allow the TLS handshake to proceed, or 1 to fail. Note that

[Openvpn-devel] [PATCH] Yet another tweak of openvpn(8) --tls-verify

From: Karl O. Pinc --- openvpn.8 |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/openvpn.8 b/openvpn.8 index 9512fc3..70e1e68 100644 --- a/openvpn.8 +++ b/openvpn.8 @@ -4235,8 +4235,8 @@ should return 0 to allow the TLS handshake to proceed, or 1 to fail. Note

Re: [Openvpn-devel] [PATCH] enhance tls-verify possibility

On 02/28/2010 11:39:11 PM, Peter Stuge wrote: > Karl O. Pinc wrote: > > > > + "--tls-export-cert [directory] : Get peer cert in PEM format > and > > > > There is no man page. It's in sample-scripts/. > > It's a new option, right? The sample

Re: [Openvpn-devel] [PATCH] enhance tls-verify possibility

On 02/28/2010 11:32:46 PM, Karl O. Pinc wrote: > However, the openvpn(8) --tls-verify section of the man page > is poor. I just sent another patch that clarifies it. > Perhaps this is what you're looking for? If not then > just ignore my man page patch. I just sent another man

[Openvpn-devel] [PATCH] More improvments to openvpn(8) --tls-verify

From: Karl O. Pinc --- openvpn.8 |6 +++--- 1 files changed, 3 insertions(+), 3 deletions(-) diff --git a/openvpn.8 b/openvpn.8 index 0150ba7..9512fc3 100644 --- a/openvpn.8 +++ b/openvpn.8 @@ -4235,14 +4235,14 @@ should return 0 to allow the TLS handshake to proceed, or 1 to fail. Note

Re: [Openvpn-devel] [PATCH] enhance tls-verify possibility

On 02/28/2010 10:24:36 PM, Peter Stuge wrote: > David Sommerseth wrote: > > +++ b/options.c > > @@ -529,6 +529,9 @@ static const char usage_message[] = > >" tests of certification. cmd should return 0 > to allow\n" > >" TLS handshake to proceed, or 1 to fa

[Openvpn-devel] [PATCH] Frob the openvpn(8) man page tls-verify section to clarify

From: Karl O. Pinc --- openvpn.8 | 22 +- 1 files changed, 13 insertions(+), 9 deletions(-) diff --git a/openvpn.8 b/openvpn.8 index f1612a7..0150ba7 100644 --- a/openvpn.8 +++ b/openvpn.8 @@ -4232,11 +4232,23 @@ test). .B cmd should return 0 to allow the TLS handshake

Re: [Openvpn-devel] [PATCH] FQDN for routes should expand to all IPs (second round)

On 02/28/2010 02:04:01 PM, Stefan Monnier wrote: > > I'm at a loss when it comes to try and imagine someone who's used to > the > current behavior and bothered by the new behavior. Really. How can > the > current behavior ever be preferable? Why would someone ever prefer > that > a route would

Re: [Openvpn-devel] special-case code for OpenBSD - advice needed

On 02/28/2010 08:50:01 AM, Gert Doering wrote: > Hi, > > while working on "make IPv6 payload work on Win32", I found something > quite peculiar for OpenBSD in the OpenVPN code. > > Now, for all operatings systems *except* Win32 and OpenBSD, the > sequence > of execution is > > open_tun() > d

Re: [Openvpn-devel] OpenVPN Pf plugin/small status patch

On 02/28/2010 07:22:16 AM, David Sommerseth wrote: > On 26/06/09 17:00, Arne Schwabe wrote: > > Hi, > > > > I have written a simple plugin for packet filtering that looks up > fw > rules > > in the order > > > > Commonname.pf > > IP_Port.pf > > IP.pf > > default.pf > > > > If one of this files is

Re: [Openvpn-devel] Unpackged Windows binaries? -- Problems building 2.1 rc15 on Windows XP

On 02/28/2010 06:27:54 AM, David Sommerseth wrote: > On 09/04/09 05:03, Karl O. Pinc wrote: > > The OpenVPN devs have a "built" source tree in which they run > > install-win32/buildinstaller. My point being that > > if they would package it up > > a

Re: [Openvpn-devel] Feature removal policy [WAS: Re: [PATCH v2] Do not randomize resolving of IP addresses in getaddr()]

On 02/24/2010 02:36:45 AM, Samuli Seppänen wrote: > > >> If someone who explicitly chooses a functionality > >> needs to get a warning about the default they > >> should get this warning at ./configure time -- > >> the time they make the choice. > >> > > > > The only time I can think of that

Re: [Openvpn-devel] [PATCH v2] Do not randomize resolving of IP addresses in getaddr()

On 02/22/2010 03:46:33 PM, David Sommerseth wrote: > > Does that cover your concerns? Yes. It's all somewhat a matter of taste, so if you find it tasty that's good enough for me. :-) Karl Free Software: "You don't pay back, you pay forward." -- Robert A. Heinlein

Re: [Openvpn-devel] [PATCH v2] Do not randomize resolving of IP addresses in getaddr()

On 02/22/2010 10:52:17 AM, Peter Stuge wrote: > Karl O. Pinc wrote: > > Someone may be relying on the behavior but, at the moment > > or depending on present dns circumstances, does not have > > multiple A records returned. In this case no warning will > > be generated.

Re: [Openvpn-devel] [PATCH v2] Do not randomize resolving of IP addresses in getaddr()

On 02/19/2010 05:11:38 PM, David Sommerseth wrote: > On 20/02/10 00:06, Karl O. Pinc wrote: > > On 02/19/2010 04:57:30 PM, David Sommerseth wrote: > > > > Am I wrong or does using --disable-depr-random-resolv > > not remove the random choice? > > That is correc

Re: [Openvpn-devel] [PATCH v2] Do not randomize resolving of IP addresses in getaddr()

On 02/22/2010 01:46:53 AM, David Sommerseth wrote: The commit log > will > state that this begins the feature deprecation process, with a > warning > when this feature is used and the feature can be removed at compile > time > with --disable-depr-random-resolv. I've thought a bit more about t

Re: [Openvpn-devel] [PATCH v2] Do not randomize resolving of IP addresses in getaddr()

On 02/19/2010 09:39:40 PM, Karl O. Pinc wrote: > If someone who explicitly chooses a functionality > needs to get a warning about the default they > should get this warning at ./configure time -- > the time they make the choice. The only time I can think of that a warning should be

Re: [Openvpn-devel] [PATCH v2] Do not randomize resolving of IP addresses in getaddr()

On 02/19/2010 05:11:38 PM, David Sommerseth wrote: > On 20/02/10 00:06, Karl O. Pinc wrote: > > On 02/19/2010 04:57:30 PM, David Sommerseth wrote: > > > > Am I wrong or does using --disable-depr-random-resolv > > not remove the random choice? > > That is correc

Re: [Openvpn-devel] [PATCH v2] Do not randomize resolving of IP addresses in getaddr()

On 02/19/2010 04:57:30 PM, David Sommerseth wrote: Am I wrong or does using --disable-depr-random-resolv not remove the random choice? > From: David Sommerseth > For now this feature is enabled by default, but can be disabled by > running > ./configure with --disable-depr-random-resolv. In th

Re: [Openvpn-devel] [IPv6] Merge conflicts in mroute.c

On 02/19/2010 04:42:49 PM, Gert Doering wrote: > - the external globals in6addr_any and in6addr_loopback will not >be compiled in (in6_addr.c). > >** I expect this to cause linking problems for my code ** > As said: I would welcome contact to someone who is using > uClibc+OpenVPN > and

Re: [Openvpn-devel] [PATCH] FQDN for routes should expand to all IPs

On 02/19/2010 03:02:40 AM, David Sommerseth wrote: > On 19/02/10 04:18, Stefan Monnier wrote: > > > > If it's a config var, it could indeed just be a global var, so I > don't > > think it would be very complex. But that's really not something > the > > user should have to configure. > > That de

Re: [Openvpn-devel] Summary of the IRC meeting (18th Feb 2010)

On 02/19/2010 06:48:44 AM, Samuli Seppänen wrote: > Btw. what do you think about including the full IRC chatlog in these > emails? I like it. (And don't see the point in having a separate attachment either. It's just one more thing to have to click on.) Karl Free Software: "You don't pay b

Re: [Openvpn-devel] [PATCH] FQDN for routes should expand to all IPs

On 02/19/2010 06:25:10 AM, Siim Põder wrote: > Hi > > Karl O. Pinc wrote: > > So, unless you're pulling names out of /etc/hosts it's likely > > that randomization does nothing. And if the bind administrator > > has gone to the extra work to enable a

Re: [Openvpn-devel] [PATCH] FQDN for routes should expand to all IPs

On 02/18/2010 12:26:37 PM, Karl O. Pinc wrote: > (I seem to recall that bind attempts to rotate the ordering > of the names, but I can't find any reference to this at a glance > and could be wrong.) Ah, here it is. Bind9 has a rrset-order directive. Results can be fixed, ran

Re: [Openvpn-devel] [PATCH] FQDN for routes should expand to all IPs

On 02/18/2010 08:12:17 AM, David Sommerseth wrote: > On 18/02/10 13:53, Gert Doering wrote: > >> * usage of get_random in getaddr() [socket.c:261] > >> > >> I admit I should have spotted this one on the first review. > Because > >> this code snippet below looks really odd to me. > >> > >> if (n

[Openvpn-devel] [PATCH] Change verify-cn so cn is no longer hardcoded in openvpn's config file

--- sample-scripts/verify-cn | 42 +++--- 1 files changed, 27 insertions(+), 15 deletions(-) diff --git a/sample-scripts/verify-cn b/sample-scripts/verify-cn index 5d56d95..f9fea0f 100755 --- a/sample-scripts/verify-cn +++ b/sample-scripts/verify-cn @@ -7,24

[Openvpn-devel] Make sample-scripts/verify-cn dynamic

Hi, Re: [PATCH] Change verify-cn so cn is no longer hardcoded in openvpn's config file This patch should be easy to process. A resubmission of the patch sent to this list on 04/23/2009. The patch changes the verify-cn script sample to be used with --tls-verify so that instead of having to hard

Re: [Openvpn-devel] Summary of the IRC meeting (4th Feb 2010)

On 02/05/2010 07:01:14 AM, Samuli Seppänen wrote: > Here's a summary of yesterday's meeting. This and earlier meeting > summaries are linked to from here: > > http://www.secure-computing.net/wiki/index.php/OpenVPN/IRC_meetings The link there seems to refer back to your email, which does not conta

Re: [Openvpn-devel] Summary of the IRC meeting (28th Jan 2010)

On 01/31/2010 11:13:06 AM, Eric F Crist wrote: > I do not feel the forums and mailing list need to be synchronized. > They are two different mediums, and should be treated as such. I disagree. (Although this has no impact on any operational decision because so far as I know there's no good choi

Re: [Openvpn-devel] Summary of the "OpenVPN development model" meeting

On 01/27/2010 07:28:24 PM, Peter Stuge wrote: > David Sommerseth wrote: > > For those of us not being heavily involved in development processes > > from day-to-day, we can probably survive with whatever VCS is being > > used. > > Fair enough. But I think two git features in particular matter also

  1   2   >