Good morning,
FYI, it appears that the PGP key used to sign the Debian/Ubuntu binaries
available at
https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos has
expired. This causes APT to warn about invalid signatures whenever it's
being run.
$ curl -s https://swupdate.openvpn.net/repos/r
* Gert Doering
>> Yeah, about that...I'm not sure your trac is completely healthy.
>> Even though I submitted issue #306, I get "Warning: No permissions
>> to add a comment." when trying to add info, there's no way I can
>> close the ticket (which I think it should be, as it's not an
>> OpenVPN bu
* Gert Doering
> I'm not sure if I really want to go there.
Completely fine by me, just getting the information out there, so you
can decide what to do with it, :-)
> I'm happy to put your detailed text into the trac ticket, though, so
> someone finding "it does not work!" and looking into trac
* Tore Anderson
> The patches will eventually make it into the previous LTS release
> 12.04 «Precise» too, as part of the upcoming 12.04.5 point release
> (expected in August).
Just a little followup here to clarify in case you decide to add this
info to the documentation. The 12.04.5
* Gert Doering
> +Note 2: if you do an IPv6+IPv4 dual-stack bind on a Linux machine with
> +multiple IPv4 address, connections to IPv4 addresses will not work
> +right on kernels before 3.14, due to missing kernel support for the
> +IPv4-mapped case.
This isn't entirely accurate. There are two
I'm guessing that everyone has seen http://heartbleed.com/ by now.
My question is simple: Could anyone confirm whether or not OpenVPN is
vulnerable (when linked to a vulnerable version of OpenSSL)?
Tore
Hi Gert,
> Could you run my test program to see whether that gets it right?
It doesn't:
server$ mhome
AF_INET6/IPV6_RECVPKTINFO enabled
setsockopt(IPV6_V6ONLY=0)
Socket bound to local address [AF_INET6][undef]:50001
--
CMSG_NXTHDR=(nil), level=41, type=50
IPV6_PKTINFO
read: fromlen=28, r_len=5
* Gert Doering
> On Sat, Jan 11, 2014 at 12:59:02AM +0100, Tore Anderson wrote:
>> FWIW: Now I also got to test git master with what I wanted to in the
>> first place, namely to see whether or not all the nice dualstack changes
>> had also made "multihome" work fo
* Gert Doering
> I *thought* that both proto udp and proto udp6 would create an IPv6 socket
> bound to :: with IPV6_V6ONLY set to 0 (= accepting IPv4 and IPv6 packets
> to any address). Only "proto udp4" should listen to 0.0.0.0.
This is not how git master behaves for me. "proto udp" and "proto
* Arne Schwabe
> Listening on multiple sockets not yet implemented. But a server having
> proto udp6 should get IPv6 mapped IPv4 clients working. What is
> happening/not working for you?
"multihome" doesn't work, the OpenVPN server responds from its primary
IPv4 address (the one the OS selects as
* Arne Schwabe
> Can you try the following one line patch? I will do a better cleanup
> patch later but this should fix the problem
Yep, this works. Thanks!
FWIW: Now I also got to test git master with what I wanted to in the
first place, namely to see whether or not all the nice dualstack chang
* Arne Schwabe
> That is very weird. I would expect it to fail for both cases in the same
> way. The codepath should trigger the same ASSERT(0) in both cases (or
> work in both). Can you forward a copy of your server configuration to
> me? Then I will try to reproduce that problem.
Sure thing, he
* Gert Doering
> Just to be sure I understand: it works for "proto udp6" if you do *not*
> use --multihome on the server?
Correct. Apologies for being unclear.
Tore
If I connect to an openvpn server using "proto udp6" and "multihome", it
instantly crashes with an assertion failure:
Jan 10 14:25:58 greed ovpn-server[9905]: 2a02:c0:100:0:9e8e:99ff:fed1:5243 TLS:
Initial packet from [AF_INET6]2a02:c0:100:0:9e8e:99ff:fed1:5243:56277 (via
2a02:c0:1001:100::145%e
* Tore Anderson
>>> FWIW, I'd like to push the GNOME NetworkManager folks some more
>>> to implement IPv6 support in their OpenVPN plugin, which is
>>> currently IPv4 only. This patch breaks one of the assumptions
>>> made there, in particular that IP
* Gert Doering
> Thanks for your patience :-) - indeed, it has been way too long, but
> (insert long list of excuses)...
Good things come to those who wait :-)
>> FWIW, I'd like to push the GNOME NetworkManager folks some more to
>> implement IPv6 support in their OpenVPN plugin, which is curren
* Samuli Seppänen
>> On Sat, Dec 15, 2012 at 11:23:52AM +0100, Tore Anderson wrote:
>>> * Arne Schwabe
>>>
>>>> This patch contains a number of changes. I did not further spit this
>>>> since some changes make only sense being changed together.
ACK, I tested several different fail-over scenarios and all worked fine.
Also all my pre-existing VPNs (maintained by GNOME NetworkManager)
worked just fine.
--
Tore Anderson
18 matches
Mail list logo
