each a device via IP doesn't mean
that the Windows configuration is correct.
--
Leonard Isham, CISSP
Ostendo non ostento.
to determine a
UDP connection has been closed/discarded by the client. TCP on the
other hand is connection oriented and the server will realize the
connection is dropped. HTH
--
Leonard Isham, CISSP
Ostendo non ostento.
On 10/20/05, Mike Ireton wrote:
> Leonard Isham wrote:
>
> >
> > Merge the encrypted and unencrypted traffic for each side. Look for
> > missing unencrypted packets and then compare encrypted packets that
> > follow and look for a correlation of one or more missing
On 10/20/05, Mike Ireton wrote:
> Leonard Isham wrote:
> >
> >>
> >>The problem with this test is that there are many hundreds of OpenVPN
> >>packets per second flying between machine a and machine b - coupla
> >>megabits per second in fact
;m
> already
> doing it. In fact I have mss clamped down to 1312 right now for testing.
> But, mss clamping doesn't have anything to do with the loss of the
> lcp-echo frames I was complaining about.
>
You _have_ to do a packet capture to determine where the packets are
getting lost.
While I'm not a developer I have quite a bit of experience with
networking and VPNs (OPenVPN and others) and your issues look like a
bottleneck or packet size issue to me, and others.
If I may be so bold. James has requested that packet caputres be
performed to confirm where the loss is and IMHO this is what you need
to do to prove your point.
--
Leonard Isham, CISSP
Ostendo non ostento.
nfigured with certificates it uses the
certificates as the determination of this.
There is the option to allow duplicate certificates, but that would
seem incompatible with your current design.
You should re-examine your requirements and determine what your
priorities are. I would _not_ use duplicate certificates personally.
--
Leonard Isham, CISSP
Ostendo non ostento.
gt; All these 3 clients couldn't see each other but they could see the
> remaining 397 clients. The 397 couldn't see the 3 clients.
>
> I think that's it, any idea?
What is common amonng the three that is different from the rest?
Maybe subnetting issue? Does client-to-client work across subnets?
--
Leonard Isham, CISSP
Ostendo non ostento.
On 9/30/05, Marcelo Toledo wrote:
> Em Ter, 2005-09-27 às 21:58 -0400, Leonard Isham escreveu:
> > On 9/27/05, Marcelo Toledo wrote:
> > > I have one OpenVPN server version 2.0.2 using TCP port 1194 with TLS
> > > with about 400 clients connected to it. From time to ti
or bottlenecks, may require upgrade(s). Removing one
bottleneck may reveal the next bottleneck...
--
Leonard Isham, CISSP
Ostendo non ostento.
On 9/8/05, James Yonan wrote:
> On Thu, 8 Sep 2005, Leonard Isham wrote:
>
> > On 9/8/05, James Yonan wrote:
> > >
> > > On Thu, 8 Sep 2005, Leonard Isham wrote:
> > >
> > > > On 9/8/05, James Yonan wrote:
> > > > >
[snip
On 9/8/05, James Yonan wrote:
>
> On Thu, 8 Sep 2005, Leonard Isham wrote:
>
> > On 9/8/05, James Yonan wrote:
> > >
> > > OpenVPN Addressing Topology
> > > ---
> > >
> >
> > > Merging Schedule
> >
ne and roadmap.)
When will 2.1 development start/become publically available? This is
a feature that I would love to impliment, but the more the current
implimentation grows the harder it gets to change.
--
Leonard Isham, CISSP
Ostendo non ostento.
Version 2.0.1
>
What is the recommended order of upgrade?
Server then clients or is this, what gets upgraded frst, a non-issue?
--
Leonard Isham, CISSP
Ostendo non ostento.
was designed todo just this in the first place?
>
IMHO UDP support. Of course if OpenSSL supported UDP
--
Leonard Isham, CISSP
Ostendo non ostento.
them and keeping them up (and I haven't even looked into cross
compilation).
Is there someone keeping up with the RCs for 2.0 or anyone planning to
do a Zaurus package once it goes "gold?"
--
Leonard Isham, CISSP
Ostendo non ostento.
On Wed, 09 Feb 2005 18:42:38 -0600, Charles Duffy wrote:
> On Wed, 09 Feb 2005 17:26:14 -0500, Leonard Isham wrote:
>
> > You need to allow duplicate certificates.
>
> ...or to create unique client certificates. There's a lot to be said for
> knowing who the connecte
lient instance upon connection of a new client having the same common
name.
--
Leonard Isham, CISSP
Ostendo non ostento.
lve (1b) -- or at least study its difficulty in relation to (1a) and
> (2a).
>
What about a dual account/ID user situation? Where one user is a
normal user with all the restrictions and the other has administrator
rights. The first is used to login the second, administrator
equivalent is for storing the certificate and running the service.
--
Leonard Isham, CISSP
Ostendo non ostento.
On Fri, 14 Jan 2005 13:28:30 +0100, Didier Conchaudron
wrote:
> Leonard Isham wrote:
>
> [snip]
>
> >>Btw, MSDN cryptoapi docs don't talk about a way to get userspace certs
> >>from a SYSTEM rights. I think a way to solve this issue would be to make
&
implementation. Could possible be rectified
my having the service use the user login instead of system.
3) At this stage I think changes of this magnitude, as you suggest,
would most likely be post 2.0. James an the other brains behind this
would know better.
--
Leonard Isham, CISSP
Ostendo non ostento.
The user should not have the ability to logon to a machine with
OpenVPN installed if they are not allowed to use OpenVPN, or that user
should not have access to run the GUI (maybe the OpenVPN Service
should not even be running).
The certificate is authenticating the computer.
--
Leonard Isham, CISSP
Ostendo non ostento.
could do
> that, if there's interest). If not, then, oh well ... I guess I'll just
> maintain them for my own use.
IMHO RH and other distros inhibit customization by adjusting apps to
their own liking. This improves their ability to support their
distros, but can make it diffic
his will be moot for those of you who select your own port number
> using the "port" directive. It's only a question of changing the default from
> 5000 to 1194 when no "port" directive is specified.
>
> James
>
For the record. I am impressed***
I'd
t of like verbally explaining it to
some one and then it hits you.
--
Leonard Isham, CISSP
Ostendo non ostento.
24 matches
Mail list logo
