Hi,
On Sat, Jul 12, 2014 at 02:55:21PM +0200, David Sommerseth wrote:
> > Well, OpenSSL considers this a "feature", not an "issue"... and being
> > able to turn off session resumption is also considered a "feature"...
>
> Ahh, right!
>
> I thought this was related to a CVE, but it seems not, acc
- Original Message -
> From: "Gert Doering"
> To: "David Sommerseth"
> Cc: "Gert Doering" , "Jan Just Keijser"
> , openvpn-devel@lists.sourceforge.net
> Sent: Saturday, 12 July, 2014 1:31:09 PM
> Subject: Re: [Openvpn-devel] [
Hi,
On Sat, Jul 12, 2014 at 12:41:14PM +0200, David Sommerseth wrote:
> IIRC, the guy overseeing the Secure Response Team in RH is Mark Cox, which
> again
> is also an upstream OpenSSL maintainer. So I'm quite sure all RH releases
> have
> fixed this issue.
Well, OpenSSL considers this a "feat
- Original Message -
> From: "Gert Doering"
> To: "David Sommerseth"
> Cc: "Jan Just Keijser" ,
> openvpn-devel@lists.sourceforge.net
> Sent: Saturday, 12 July, 2014 11:41:30 AM
> Subject: Re: [Openvpn-devel] [PATCH] Add topology in sampl
Hi,
On Sat, Jul 12, 2014 at 11:08:46AM +0200, David Sommerseth wrote:
> > my question would be : why does openvpn need SSL_OP_NO_TICKET? why not
> > #ifdef the code, e.g.
> >
> >SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3
> >#ifdef SSL_OP_NO_TICKET
> > | SSL_OP_NO_TIC
- Original Message -
> From: "Jan Just Keijser"
> To: "Steffan Karger" , openvpn-devel@lists.sourceforge.net
> Sent: Saturday, 12 July, 2014 1:17:22 AM
> Subject: Re: [Openvpn-devel] [PATCH] Add topology in sample server
> configuration file
>
Hi,
On 11/07/14 20:35, Steffan Karger wrote:
Hi,
On 11-07-14 20:17, Jan Just Keijser wrote:
on CentOS 5 I get
checking for SSL_OP_NO_TICKET flag in OpenSSL... no
configure: error: OpenVPN 2.4+ requires SSL_OP_NO_TICKET in OpenSSL
which is logical as the "stock" openssl lib on CentOS 5 is ope
Hi,
On Fri, Jul 11, 2014 at 08:17:50PM +0200, Jan Just Keijser wrote:
> On 11/07/14 20:07, Gert Doering wrote:
> >On Fri, Jul 11, 2014 at 04:50:38PM +0200, Jan Just Keijser wrote:
> >>the master branch (from openvpn-testing) currently does not build on
> >>either CentOS 5 and 6.
> >Install snappy(
Hi,
On 11-07-14 20:17, Jan Just Keijser wrote:
> on CentOS 5 I get
>
> checking for SSL_OP_NO_TICKET flag in OpenSSL... no
> configure: error: OpenVPN 2.4+ requires SSL_OP_NO_TICKET in OpenSSL
>
> which is logical as the "stock" openssl lib on CentOS 5 is openssl 0.9.8
> ; to me, this breaks Ce
Hi,
On 11/07/14 20:07, Gert Doering wrote:
Hi,
On Fri, Jul 11, 2014 at 04:50:38PM +0200, Jan Just Keijser wrote:
the master branch (from openvpn-testing) currently does not build on
either CentOS 5 and 6.
Install snappy(-dev) or run configure with --disable-snappy :-) - besides
that, it shoul
Hi,
On Fri, Jul 11, 2014 at 04:50:38PM +0200, Jan Just Keijser wrote:
> the master branch (from openvpn-testing) currently does not build on
> either CentOS 5 and 6.
Install snappy(-dev) or run configure with --disable-snappy :-) - besides
that, it should build just fine.
gert
--
USENET is *n
Hi,
Gert Doering wrote:
On Fri, Jul 11, 2014 at 10:51:54AM +0200, Jan Just Keijser wrote:
On 11/07/14 10:00, Philipp Hagemeister wrote:
On modern systems, topology subnet should always be set, but it's
missing in the configuration file.
Add it with a short explanation.
NACK
The
Arne Schwabe wrote:
Fri Jul 11 11:31:28 2014 OpenVPN ROUTE: OpenVPN needs a gateway
parameter for a --route option and no default was specified by either
--route-gateway or --ifconfig options
Fri Jul 11 11:31:28 2014 OpenVPN ROUTE: failed to parse/resolve route
for host/network: 192.168.4.0
Fri J
Hi,
On Fri, Jul 11, 2014 at 10:51:54AM +0200, Jan Just Keijser wrote:
> On 11/07/14 10:00, Philipp Hagemeister wrote:
> >On modern systems, topology subnet should always be set, but it's
> >missing in the configuration file.
> >Add it with a short explanation.
> NACK
> There are a few annoying iss
After applying Arne's patch, would you ACK this?
In any case, the default is untouched by this patch. Can you enlist the
"few" critical bugs? I'll document them then on
https://community.openvpn.net/openvpn/wiki/Topology .
Best,
Philipp
On 07/11/2014 10:51 AM, Jan Just Keijser wrote:
> On 11/07
>
> Fri Jul 11 11:31:28 2014 OpenVPN ROUTE: OpenVPN needs a gateway
> parameter for a --route option and no default was specified by either
> --route-gateway or --ifconfig options
> Fri Jul 11 11:31:28 2014 OpenVPN ROUTE: failed to parse/resolve route
> for host/network: 192.168.4.0
> Fri Jul 11 1
Hi Arne,
Arne Schwabe wrote:
This is really not *necessary*, but the way the code does tun & tap and
net30 & subnet, it gets confused about things. Needs fixing, sorry for
that.
so in some cases a server-side statement
route 192.168.1.0 255.255.255.0
works fine with 'topology net30' but NOT
>
> This is really not *necessary*, but the way the code does tun & tap and
> net30 & subnet, it gets confused about things. Needs fixing, sorry for
> that.
>
>
>
> so in some cases a server-side statement
> route 192.168.1.0 255.255.255.0
> works fine with 'topology net30' but NOT with 'topolog
Hi Arne,
Arne Schwabe wrote:
Am 11.07.14 10:51, schrieb Jan Just Keijser:
On 11/07/14 10:00, Philipp Hagemeister wrote:
On modern systems, topology subnet should always be set, but it's
missing in the configuration file.
Add it with a short explanation.
NACK
There are a few annoying is
Am 11.07.14 10:51, schrieb Jan Just Keijser:
> On 11/07/14 10:00, Philipp Hagemeister wrote:
>> On modern systems, topology subnet should always be set, but it's
>> missing in the configuration file.
>> Add it with a short explanation.
> NACK
> There are a few annoying issues with
> topology subn
On 11/07/14 10:00, Philipp Hagemeister wrote:
On modern systems, topology subnet should always be set, but it's
missing in the configuration file.
Add it with a short explanation.
NACK
There are a few annoying issues with
topology subnet
esp when using server side things like
route
that w
On modern systems, topology subnet should always be set, but it's
missing in the configuration file.
Add it with a short explanation.
Signed-off-by: Philipp Hagemeister
---
sample/sample-config-files/server.conf | 7 +++
1 file changed, 7 insertions(+)
diff --git a/sample/sample-config-file
22 matches
Mail list logo
