[Openvpn-devel] RE : OPENVPN with OPENLDAP

There is 2 approaches for this. One is tu use Brane F. Gracnar's addon : http://frost.ath.cx/software/openvpn_auth/ Another is to use Ralf Lübben's Radius plugin and delegate every backend search to the radius server. I, personnally, prefer

[Openvpn-devel] {Re} Your PR man INFX

INFX**INFX**INFX**INFX**INFX**INFX**INFX**INFX** Infinex Ventures Inc. (INFX) Current Price: $0.52 The Rally has begun Watch this one like a hawk, this report is sent because the potential is incredible This is AS sure as it gets H U G E N E W S read below COMPANY OVERVIEW Aggressive and ene

[Openvpn-devel] Re: Openvpn-devel -- confirmation of subscription -- request 658017

Am Freitag, 26. Mai 2006 12:34 schrieb openvpn-devel-requ...@lists.sourceforge.net: > Openvpn-devel -- confirmation of subscription -- request 658017 > > We have received a request from 84.56.91.162 for subscription of your > email address, , to the > openvpn-devel@lists.sourceforge.net mailing li

[Openvpn-devel] Re: Connection problems ports

Sorry guys wrong group I post in users group

[Openvpn-devel] Re: Connection problems ports

On Fri, 26 May 2006 13:27:40 +0400, Brian J wrote: Client file start__ client dev tap proto udp remote xxx.xxx.xxx.xxx:5000 I'm sure you should remove that ":" between the address and the port number. Tony.

[Openvpn-devel] Re: Configuration flexibility enhancement suggestion.

On Fri, 19 May 2006 18:37:39 +0400, Charles Duffy wrote: Another option -- if clients are using the OpenVPN GUI -- is just to have the different .conf files be named after the different locations they may be at, and let them manually select the one to start from the menu. I'm indeed a GUI

[Openvpn-devel] Re: Configuration flexibility enhancement suggestion.

Tony wrote: On Thu, 18 May 2006 23:49:16 +0400, Charles Duffy wrote: Why not just have separate config files for each possible configuration, rather than stuffing several configurations in one file? I did not know if it is possible on the client. Well, there's nothing about OpenVPN itself

[Openvpn-devel] Re: Configuration flexibility enhancement suggestion.

On Thu, 18 May 2006 23:49:16 +0400, Charles Duffy wrote: Why not just have separate config files for each possible configuration, rather than stuffing several configurations in one file? I did not know if it is possible on the client. The configurations could be set to exit on failure, and

[Openvpn-devel] Re: Configuration flexibility enhancement suggestion.

Why not just have separate config files for each possible configuration, rather than stuffing several configurations in one file? The configurations could be set to exit on failure, and a wrapper script (supervised by runit or a similar tool) could be responsible for rotating between them.

[Openvpn-devel] Re: OpenVPN 2.1-beta14 released

On Fri, 14 Apr 2006 01:51:12 +0400, James Yonan wrote: 2006.04.13 -- Version 2.1-beta14 * Fixed Windows server bug in time backtrack handling code which could cause TLS negotiation failures on legitimate clients. Confirm. client(v2.1b14)<->server(v2.1b14) works OK on winXP-SP2. * Rewrote g

[Openvpn-devel] Re: [Openvpn-users] Re: OpenVPN 2.0.7 and 2.1-beta13 released

Tony wrote: OpenVPN v2.0.7 (server mode) works fine now on winXP-SP2. However, OpenVPN v2.1b13 (server) reports "TLS negotiation failure" on the same set of keys|certs where v2.0.7 works fine. I see the servers certificate arriving (on the client) and then the session stops for 60 seconds. A

[Openvpn-devel] Re: OpenVPN 2.0.7 and 2.1-beta13 released

OpenVPN v2.0.7 (server mode) works fine now on winXP-SP2. However, OpenVPN v2.1b13 (server) reports "TLS negotiation failure" on the same set of keys|certs where v2.0.7 works fine. I see the servers certificate arriving (on the client) and then the session stops for 60 seconds. After that -

Re: [Openvpn-devel] Re: [PATCH] Enable compliation under Darwin

On Wednesday 05 April 2006 14:49, Johnny Lam wrote: > According to the Fink porting documents[1], this is not the right way to > link loadable modules on Mac OS X. The module should properly end with > ".so", and the compiler flags should include "-bundle" and not > "-dynamiclib", which should onl

[Openvpn-devel] Re: Who develops TAP-Win32?

Stupid me, I should have stated that I run it under BRIDGED configuration. Tony.

[Openvpn-devel] Re: Who develops TAP-Win32?

Tony wrote: Under "some problems" I mean that the neighborhood is un-browsable if NetBEUI is the only protocol used for workgrouping in windows. It takes to specify the exact share's name, like "\\server\printer", to find it. No discovery work at all. That's not a tap-win32 bug; it's normal

[Openvpn-devel] Re: Who develops TAP-Win32?

Under "some problems" I mean that the neighborhood is un-browsable if NetBEUI is the only protocol used for workgrouping in windows. It takes to specify the exact share's name, like "\\server\printer", to find it. No discovery work at all. James, please comment if it is possible to fix TAP-

[Err] [Openvpn-devel] Re: [PATCH] Enable compliation under Darwin

This is a multipart MIME message. Transmit Report: iry...@nexg.net¿¡°Ô ¸ÞÀÏ ¹ß¼ÛÀ» 3¹ø ½ÃµµÇßÁö¸¸ ½ÇÆÐÇÏ¿´½À´Ï´Ù. (½ÇÆÐ ÀÌÀ¯ : 550 : Recipient address rejected: User unknown in local recipient table(211.232.190.7)) <Âü°í> ½ÇÆÐ ÀÌÀ¯¿¡ ´ëÇÑ ¼³¸í User unknown :¸ÞÀÏÀ» ¼ö½ÅÇÒ »ç¿ëÀÚ°¡ Á¸ÀçÇÏÁö

[Openvpn-devel] Re: [PATCH] Enable compliation under Darwin

Roy Marples wrote: --- openvpn-2.0.4/plugin/down-root/Makefile.orig2005-11-02 20:25:40.0 +0100 +++ openvpn-2.0.4/plugin/down-root/Makefile 2005-11-02 20:31:53.0 +0100 @@ -7,11 +7,22 @@ CC_FLAGS=-O2 -Wall +ifeq ($(USERLAND),Darwin) + LIBNAME=dylib +else +

[Openvpn-devel] Re: Possible security bug

James Yonan wrote: Alberto, By default, the OpenVPN client doesn't accept pushed options from the server unless "pull" or "client" is specified. The idea is that once you agree to accept configuration info from the server, you are trusting (to a certain extent) in its integrity, so there are

[Openvpn-devel] Re: OpenVPN for PocketPC

Iftikhar Qureshi wrote: I was wondering what does it take to write an OpenVPN client/driver for PocketPC. There's already someone working on this. See the thread titled "WinCE/PPC; worthwhile to suport? possible?" on OpenVPN-users. Collaboration might not hurt -- I understand that he's made

[Openvpn-devel] Re[4]:up 0.45 (30.00%) Today

Haney Mary

Re: [Openvpn-devel] Re: OpenVPN and eToken (on windows).

-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 >>>They can simply replace it with a different CA certificate, so that you >>>authenticate to a server that claims to be your server but actually is a >>>different server that have the same certificate name as your server but >>>was issued by the

Re: [Openvpn-devel] Re: OpenVPN and eToken (on windows).

On 1/11/06, Albert Siersema wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: RIPEMD160 > > > They can simply replace it with a different CA certificate, so that you > > authenticate to a server that claims to be your server but actually is a > > different server that have the same certificate n

Re: [Openvpn-devel] Re: OpenVPN and eToken (on windows).

-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 > They can simply replace it with a different CA certificate, so that you > authenticate to a server that claims to be your server but actually is a > different server that have the same certificate name as your server but > was issued by the CA t

[Openvpn-devel] AW: [Openvpn-devel] Re: OpenVPN and eToken (on windows).

Hello Alon, > mts.spb.s...@mail.ru wrote: > > Hello Alon, > > > > ABL> So as long as private keys cannot be extracted... and as long as > > ABL> the attacker does not have access to the CA private key, you are > > ABL> in a good security level. > > The CA certificate I included on the token *DOES

[Openvpn-devel] Re: OpenVPN and eToken (on windows).

mts.spb.s...@mail.ru wrote: Hello Alon, ABL> Sure! I recommend of doing so. OK. ABL> So as long as private keys cannot be extracted... and as long as ABL> the attacker does not have access to the CA private key, you are ABL> in a good security level. The CA certificate I included on the token *

[Openvpn-devel] Re: OpenVPN and eToken (on windows).

Hello Andreas, mts.spb.s...@mail.ru wrote: ABL> Putting the CA certificate on the smartcard is a potential ABL> security issue. Each time you log into the token some one can ABL> modify its contents. So, I may safely delete my CA's certificate from the token? Sure! I recommend of doing so. I

[Openvpn-devel] Re: OpenVPN and eToken (on windows).

mts.spb.s...@mail.ru wrote: Hello Alon, Thank you, I got it working. I am glad. Is it possible not to keep the "ca.crt" on local disk and fetch it from the token as well? I've put all the certs and keys into PKCS#12 file and imported it into the token - along with the "ca.crt". Currently Op

[Openvpn-devel] Re: [Openvpn-users] OpenVPN failure traced to bug in tun driver (with fix)

Yes, you can work around the bug by patching the tun driver or extracting a newer version from the Linux source tree. But the problem remains: The OpenVPN install document specifically tells you to install a broken version of the tun driver. From http://openvpn.net/install.html: * Linux 2.2

[Openvpn-devel] Re: [Openvpn-users] OpenVPN failure traced to bug in tun driver (with fix)

Hi Jeff Stearns wrote: > If you use OpenVPN on Linux 2.2 or 4 2.4 or Solaris, you may be > suffering from a bug which causes connections to hang under heavy load. > The symptoms are very similar to the MTU problems discussed frequently > in these mailing lists. But it turns out that this bug is no

[Openvpn-devel] Re: Disable --redirect-gateway

James Yonan wrote: > No, redirect-gateway will definitely not be enabled by default in 2.1 or > future versions. OK, thanks for the clarification. Tim -- Tim Niemueller www.niemueller.de = Imagination is more im

Re: [Openvpn-devel] Re: Disable --redirect-gateway

Tim Niemueller wrote: Mathias Sundman wrote: On Tue, 6 Dec 2005, Tim Niemueller wrote: I can't see anywhere in the change-log that this would now be the default, and I can't see why it should be either. Have you verifyed that it really is the default in 2.1? In the man page of the

[Openvpn-devel] Re: Disable --redirect-gateway

Mathias Sundman wrote: > On Tue, 6 Dec 2005, Tim Niemueller wrote: > > > I can't see anywhere in the change-log that this would now be the > default, and I can't see why it should be either. Have you verifyed that > it really is the default in 2.1? > In the man page of the OpenVPN 2.1 beta 7 pa

[Openvpn-devel] Re: pkcs11 patch for openssh

Cornelius Koelbel wrote: Hello again, it absolutely great. It works. I realized that the cat'ing to the authorized_keys didn't contain a neccessary line break, so two public keys where concatenated togeather. Thats cool. When do you think this patch will be merged into the openssh tree? This

Re: [Openvpn-devel] Re: [Openvpn-users] Re: Simultaneous Access to Console Management

On Fri, 04 Nov 2005, James Yonan wrote: > > James> The management interface doesn't close the listening socket > > James> when it's connected to a client, because then it would need to > > James> reopen it after the client disconnects, and for various reasons > > James> this causes problems (espec

Re: [Openvpn-devel] Re: Patch: TAP & True MAC aging

Em Ter, 2005-10-11 às 21:29 +0200, Rolf Fokkens escreveu: > Hi, > > Attached the latest version of the MAC table patch. This patch allowes > OpenVPN to learn (and importantly forget!) MAC addresses like ethernet > switches. Also (like ethernet switches), OpenVPN now broadcasts packets > with un

[Openvpn-devel] Re: [Openvpn-users] Re: Simultaneous Access to Console Management

On Fri, 4 Nov 2005, Samuel Tardieu wrote: > > "James" == James Yonan writes: > > James> The management interface doesn't close the listening socket > James> when it's connected to a client, because then it would need to > James> reopen it after the client disconnects, and for various reasons

[Openvpn-devel] Re: Assertion failed at multi.c:1561

Gunter Ohrner wrote: > | * Kernel 2.6.12.6 32 Bit Opteron optimized Also happens with Kernel 2.6.13.4. Greetings, Gunter

Re: [Openvpn-devel] Re: Bug report (long) - OpenVPN dropping small frames

> > For the others who suggested reducing mss values and such - I'm > > already doing it. In fact I have mss clamped down to 1312 right now for > > testing. But, mss clamping doesn't have anything to do with the loss of the > > lcp-echo frames I was complaining about. > > > Janne also suggest

Re: [Openvpn-devel] Re: Bug report (long) - OpenVPN dropping small frames

On Thu, 20 Oct 2005, Mike Ireton wrote: For the others who suggested reducing mss values and such - I'm already doing it. In fact I have mss clamped down to 1312 right now for testing. But, mss clamping doesn't have anything to do with the loss of the lcp-echo frames I was complaining about.

Re: [Openvpn-devel] Re: Bug report (long) - OpenVPN dropping small frames

On 10/20/05, Mike Ireton wrote: > Leonard Isham wrote: > > > > > Merge the encrypted and unencrypted traffic for each side. Look for > > missing unencrypted packets and then compare encrypted packets that > > follow and look for a correlation of one or more missing or out of > > order encrypted

[Openvpn-devel] Re: Bug report (long) - OpenVPN dropping small frames

Leonard Isham wrote: Merge the encrypted and unencrypted traffic for each side. Look for missing unencrypted packets and then compare encrypted packets that follow and look for a correlation of one or more missing or out of order encrypted packets. Also non-trivial. I think you d

Re: [Openvpn-devel] Re: Bug report (long) - OpenVPN dropping small frames

On 10/20/05, Mike Ireton wrote: > Leonard Isham wrote: > > > >> > >>The problem with this test is that there are many hundreds of OpenVPN > >>packets per second flying between machine a and machine b - coupla > >>megabits per second in fact. There is no way to capture just the crypted > >>ud

[Openvpn-devel] Re: Bug report (long) - OpenVPN dropping small frames

Leonard Isham wrote: > >> >>The problem with this test is that there are many hundreds of OpenVPN >>packets per second flying between machine a and machine b - coupla >>megabits per second in fact. There is no way to capture just the crypted >>udp packets carrying the tunneled data involved in the

Re: [Openvpn-devel] Re: Bug report (long) - OpenVPN dropping small frames

On 10/20/05, Mike Ireton wrote: > James Yonan wrote: > > > > > When you do your 1393 byte ping from A to B, the packet is going to travel > > 1 -> 2 -> 3 -> 4 -> ICMP echo reply on B -> 4 -> 3 -> 2 -> 1. > > > > I need to know exactly where the packet is being dropped in this chain. > > > The prob

[Openvpn-devel] Re: Bug report (long) - OpenVPN dropping small frames

Mathias Sundman wrote: Then try using the --fragment option with a rather low value which will cause OpenVPN todo internal fragrentation to avoid IP fragmentation and see if the frags goes away, and hopefully the problem as well! A problem with this - which I am open to doing if it does so

[Openvpn-devel] Re: Bug report (long) - OpenVPN dropping small frames

James Yonan wrote: When you do your 1393 byte ping from A to B, the packet is going to travel 1 -> 2 -> 3 -> 4 -> ICMP echo reply on B -> 4 -> 3 -> 2 -> 1. I need to know exactly where the packet is being dropped in this chain. The problem with this test is that there are many hundreds of O

Re: [Openvpn-devel] Re: OpenVPN 2.1-beta3 released

On Wed, 19 Oct 2005, Bernhard Schmidt wrote: > On 2005-10-16, James Yonan wrote: > > > * Merged --multihome patch. > > Any chance to merge the IPv6 patch of JuanJo Ciarlante in the current > 2.1-series, too? http://www.irrigacion.gov.ar/juanjo/openvpn/ That patch is currently merged into the 2

[Openvpn-devel] Re: OpenVPN 2.1-beta3 released

On 2005-10-16, James Yonan wrote: > * Merged --multihome patch. Any chance to merge the IPv6 patch of JuanJo Ciarlante in the current 2.1-series, too? http://www.irrigacion.gov.ar/juanjo/openvpn/ Regards, Bernhard

Antwort: Re: [Openvpn-devel] Re: OpenVPN 2.1-beta3 released

Kopie openvpn-de...@lists.sourceforge.ne t Thema Re: [Openvpn-devel]

Re: [Openvpn-devel] Re: OpenVPN 2.1-beta3 released

On Mon, 17 Oct 2005, Nico Prenzel wrote: > > Hello James Yonan, > > you stated following in the changelog to 2.1 beta3 release: > > >>* openvpn --version will show [LZO1] or [LZO2], depending on > >> version that was linked. > > Could it be that the released beta3 has been linked with lzo1 li

[Openvpn-devel] Re: OpenVPN 2.1-beta3 released

Hello James Yonan, you stated following in the changelog to 2.1 beta3 release: >>* openvpn --version will show [LZO1] or [LZO2], depending on >> version that was linked. Could it be that the released beta3 has been linked with lzo1 libraries as I always receive the following lines on openvpn st

[Openvpn-devel] Re: Patch: TAP & True MAC aging

Hi, Attached the latest version of the MAC table patch. This patch allowes OpenVPN to learn (and importantly forget!) MAC addresses like ethernet switches. Also (like ethernet switches), OpenVPN now broadcasts packets with unknown MAC addresses (without the patch these packets are dropped).

[Openvpn-devel] Re: Client key exchange (fwd)

Szüts Péter wrote: I see I have to be more specific, otherwise you underestimate me. :)) Evidently so; my apologies. In any event, though, you should be posting to openvpn-users rather than openvpn-devel. The former has a superset of the readers of the latter, and your message will be more t

[Openvpn-devel] Re: Patch: TAP non ARP dependent

Hi, Using OpenVPN to build a WAN, I noticed a disturbing thing: After failing over to secondary OpenVPN server it takes a long time until a ping to a client side IP works again. I think I know what's happening: An OpenVPN server learns client-side MAC addresses based on the source MAC addres

[Openvpn-devel] Re: XP DHCP problems?

OpenVPN-devel is intended for those who are actively involved in working on OpenVPN's source code. Your issue is more appropriate for OpenVPN-users, as it discusses usage rather than development of OpenVPN. That said -- try disabling the tap-win32 adapter. If you still see the issue, you'll ha

Re: [Openvpn-devel] Re: OpenVPN source repository migrated to svn (subversion)

On Wed, 28 Sep 2005, Matthias Andree wrote: > I have worked quite a bit with Berkeley DB (which SVN set off with as > its database backend) in bogofilter, and while lots of things are to be > said about BDB robustness and corruptions, the most important point of > criticism is that one needs to ta

Re: [Openvpn-devel] Re: OpenVPN source repository migrated to svn (subversion)

On Tue, 27 Sep 2005, Charles Duffy wrote: > I'm not particularly fond of svn -- I think it's not nearly ambitious > enough[1] and have had DB corruption issues in the past -- but it's > certainly a big step up from CVS, and history stored in SVN can be far > less ambiguously retrieved. I have

Re: [Openvpn-devel] Re: OpenVPN source repository migrated to svn (subversion)

On Tue, 27 Sep 2005, Charles Duffy wrote: > Feel free to ignore the below rant. Revision control is (or at least was > for quite some time) one of my pet topics, and I occasionally feel > compelled to bore people at parties (or on mailing lists) with a > discussion of the subject. I certainly d

[Openvpn-devel] Re: OpenVPN source repository migrated to svn (subversion)

Feel free to ignore the below rant. Revision control is (or at least was for quite some time) one of my pet topics, and I occasionally feel compelled to bore people at parties (or on mailing lists) with a discussion of the subject. I certainly don't mean to compell anyone to switch RCSs a *seco

[Openvpn-devel] RE: [PATCH] Support --ca together with --pkcs12

Mathias Sundman wrote: > As promised in the thread "use pkcs12 certificates or not" on openvpn-users list, here is a patch that enables the use of --ca together with --pkcs12. Thanks! Now I can also make use the PKC#12 feature :) Best Regards, Alon Bar-Lev.

[Openvpn-devel] Re: [Openvpn-users] New subnet topology feature ready for testing

Farkas Levente wrote: > i always like to know my vpn enpoint has a static ip address so if i'd > like to access joe's vpn i can simply use joe.vpn.company.com name. This doesn't require a static address. I've posted a script to OpenVPN-users for dynamically updating a DNS server when called by th

[Openvpn-devel] Re: [Openvpn-users] New subnet topology feature ready for testing

James Yonan wrote: OpenVPN Addressing Topology --- However, now I've put together a brand new topology, called "topology subnet". This topology is very intuitive, like the "dev tap" topology where each client gets a single IP address from a pool, the server gets the .1 ad

RE: [Openvpn-devel] RE: [Openvpn-users] openvpn, smartcards and PKCS#11

Erich Titl wrote: > Which implies that you send cleartext to the device and get cyphertext back. So the easiest way to tamper the message is to intercept it at > the smartcard driver level :-) and modify it on the fly. If someone is smart enough to fetch the key contents from memory while it is b

Re: [Openvpn-devel] RE: [Openvpn-users] openvpn, smartcards and PKCS#11

Alon Alon Bar-Lev wrote: > ... > > In terms of security, there is no point of using a device that store keys > only to be extracted by applications. > In order to secure your identity you must use a device that cannot be > duplicated. > This can be implemented only if the device does not allow

RE: [Openvpn-devel] RE: [Openvpn-users] openvpn, smartcards and PKCS#11

Erich Titl wrote: > maybe I am completely off topic but I am using an ikey 1000 on a Windoze box with standard openvpn. AFAIK the ikey 1000 provides a > PKCS#11 interface which (at least on windoze) is handled by the proprietary driver. > This token only handles storage of the keys. I believe th

Re: [Openvpn-devel] RE: [Openvpn-users] openvpn, smartcards and PKCS#11

Alon maybe I am completely off topic but I am using an ikey 1000 on a Windoze box with standard openvpn. AFAIK the ikey 1000 provides a PKCS#11 interface which (at least on windoze) is handled by the proprietary driver. This token only handles storage of the keys. I believe the engine is onl

[Openvpn-devel] RE: [Openvpn-users] openvpn, smartcards and PKCS#11

James Yonan wrote: > Thanks for the interesting information on PKCS#11, OpenSSL, and smartcards. You are welcome... I now doing a phase on all open-source projects that uses cryptographic but do not use smartcards... In a standard way... :) > Any rough idea on what percentage of the cheaply avai

Re: [Openvpn-devel] Re: OpenVPN Protocol

> The big question in my mind is whether this possibly small increase in > performance will justify the loss of portability, and some level > of stability and security. > > James > Agreed. Is performance such a big issue anyway ? At least for clients, Open VPN's current user-level design is no

[Openvpn-devel] Re: [Openvpn-users] openvpn, smartcards and PKCS#11

On Tue, 6 Sep 2005, Alon Bar-Lev wrote: > Hello, > > I've seen some corresponding regarding this issue... But could > not understand the formal position of the development team. > > It seems that currently openvpn does not support smartcards. > > I've noticed that a patch is available from Frit

[Openvpn-devel] Re: Re[2]: The use of lzo if OpenSSL has zlib

Just because OpenSSL is linked with zlib doesn't mean it's going to actually use it for anything -- and to my knowledge, it doesn't.

[Openvpn-devel] Re: Re: OpenVPN Protocol

On Sat, 03 Sep 2005 11:21:27 -0600, James Yonan wrote: > The big question in my mind is whether this possibly small increase in > performance will justify the loss of portability, and some level > of stability and security. Further, I'd think one who wanted to engage in such a tradeoff could us

Re: [Openvpn-devel] Re: OpenVPN Protocol

On Sat, 3 Sep 2005, Gervasio Bernal wrote: > Lars Gullik Bjønnes gullik.net> writes: > > > > > Gervasio Bernal speedy.com.ar> writes: > > > > | First of all, I will explain what we are trying to develop. Basically, > > our > idea > > | is to make OpenVPN works at kernel level, not at user

[Openvpn-devel] Re: OpenVPN Protocol

Lars Gullik Bjønnes gullik.net> writes: > > Gervasio Bernal speedy.com.ar> writes: > > | First of all, I will explain what we are trying to develop. Basically, our idea > | is to make OpenVPN works at kernel level, not at user level, and use the linux > | cryptoapi instead of openssl. > >

[Openvpn-devel] Re: OpenVPN Protocol

Gervasio Bernal writes: | First of all, I will explain what we are trying to develop. Basically, our idea | is to make OpenVPN works at kernel level, not at user level, and use the linux | cryptoapi instead of openssl. Just a question. Why do you want to do this? Performance or something el

Re: [Openvpn-devel] Re: OpenVPN and HPUX

Sorry. I want to help, changing the code to support HPUX. I'm trying some solutions, and when I have the ifconfig script working on HPUX, I'll tell you. Raphael - Original Message - From: "Charles Duffy" To: Sent: Wednesday, August 31, 2005 6:56 PM Subject

Re: [Openvpn-devel] Re: OpenVPN and HPUX

On Wednesday 2005-August-31 16:56, Charles Duffy wrote: > This question should be posted to the openvpn-users list. Oops, my reply went to openvpn-users; I didn't even notice this was on openvpn-devel. -- mail to this address is discarded unless "/dev/rob0" or "not-spam" is in Subject: h

[Openvpn-devel] Re: OpenVPN and HPUX

This question should be posted to the openvpn-users list. If you were asking how to change the code to support HPUX, for instance, that would be appropriate for -devel; usage issues (as this is) are not. (Hint: Read the error message and do what it says).

[Openvpn-devel] Re: OpenVPN 2.0.1 security fixes available as individual & backported patches

On Wed, Aug 24, 2005 at 02:12:26PM -0600, James Yonan wrote: > Due to several requests, I've put together a set of isolated > patches which fix the individual security issues addressed by OpenVPN > 2.0.1, and which can be applied to any major version of OpenVPN going > back to 1.3.2. > > Out of t

[Openvpn-devel] Re: portable pkitool shell script [was OpenVPN 2.0.1 released -- note security fixes]

On Wed, 17 Aug 2005, Johnny C. Lam wrote: > On Wed, Aug 17, 2005 at 06:52:50AM -0600, James Yonan wrote: > > On Tue, 16 Aug 2005, Johnny Lam wrote: > > > > > James Yonan wrote: > > > > > > > > * Added easy-rsa 2.0 scripts to the tarball in easy-rsa/2.0 > > > > > > I am maintaining OpenVPN in th

[Openvpn-devel] Re: portable pkitool shell script

Matthias Andree wrote: On Wed, 17 Aug 2005, Johnny C. Lam wrote: (3) Solaris /bin/sh fix: don't set and export in one command; rather, export all the variables after setting them. (4) Solaris /bin/sh fix: "if ! cmd ; then ... fi" isn't understood, so change it to "if cmd;

Re: [Openvpn-devel] Re: OpenVPN 2.0.1 released -- note security fixes

On Tue, 16 Aug 2005, Johnny Lam wrote: > James Yonan wrote: > > > > * Added easy-rsa 2.0 scripts to the tarball in easy-rsa/2.0 > > I am maintaining OpenVPN in the NetBSD Packages Collection and was in > the process of updating our package to 2.0.1 when I noticed that the > pkitool script uses

[Openvpn-devel] Re: OpenVPN 2.0.1 released -- note security fixes

James Yonan wrote: * Added easy-rsa 2.0 scripts to the tarball in easy-rsa/2.0 I am maintaining OpenVPN in the NetBSD Packages Collection and was in the process of updating our package to 2.0.1 when I noticed that the pkitool script uses bash. If I provide them, will patches be accepted in

[Openvpn-devel] Re: [Openvpn-users] OpenVPN 2.0.1 released -- note security fixes

On Tue, 16 Aug 2005, Leonard Isham wrote: > On 8/16/05, James Yonan wrote: > > This release fixes a number of bugs in OpenVPN 2.0, including several bugs > > in the server which might be used to mount a DoS attack. > > > > Download: > > > > http://openvpn.net/download.html > > > > Change Log s

[Openvpn-devel] Re: [Openvpn-users] OpenVPN 2.0.1 released -- note security fixes

On 8/16/05, James Yonan wrote: > This release fixes a number of bugs in OpenVPN 2.0, including several bugs > in the server which might be used to mount a DoS attack. > > Download: > > http://openvpn.net/download.html > > Change Log since 2.0: > > 2005.08.16 -- Version 2.0.1 > What is the re

Re: [Openvpn-devel] Re: Radius support (Authentification, Authorization and Accounting)

On Fri, 24 Jun 2005, Ralf [UTF-8] Lübben wrote: > Hello, > > the radius plugin in is working. > I have still some questions about the OpenVpn behaviour. > > After one hour there is a rekeying/reauthentication of the user? Is that > right. Yes, this depends on the value of the --reneg-sec parame

[Openvpn-devel] Re: Radius support (Authentification, Authorization and Accounting)

Hello, the radius plugin in is working. I have still some questions about the OpenVpn behaviour. After one hour there is a rekeying/reauthentication of the user? Is that right. The problem is that before an user can be authenticated from the plugin the user needs a disconnect from OpenVpn for thi

[Openvpn-devel] RE: Windows XP Unable to Obtain IP Address in 2.0

After installing OpenVPN 2.0 on a Linux Server and 2 windows desktops (1 Win2K and 1 WinXP) I noticed that from time to time my VPN connection were unable to get an IP address and would just hang forever (more so on XP the Win2K). Upon doing further research, it appears that it is exactly the same

[Openvpn-devel] Re: Pushing network settings to Mac OS X

Try my scripts, which I posted to this list a few weeks ago. Mac OS X uses /etc/resolv.conf, I believe, so they should work for you, too. Search the archives for my messages, with instructions. Have fun, Jesse -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Jesse Adelman http://www.boldandbusted.com/ -+-+-+-

[Openvpn-devel] Re: Pushing network settings to Mac OS X clients

On Wed, 08 Jun 2005 00:53:33 +0200, Ralf Ebert wrote: > OpenVPN offers the possibility to push "Windows-specific network settings" > from the server to the client. Pushing a DNS server to the client doesn't > seem to be Windows specific and would be quite a nice feature for other > operating syste

Re: [Openvpn-devel] Re: Re: Radius support (Authentification, Authorization and Accounting)

On Fri, 3 Jun 2005, Ralf [UTF-8] Lübben wrote: > Hello, > > I have again two questions about the counter for the bytes send and > received: > > What is the datatype of the counters? > Radius only knows 32-bit unsingned integers. Right now the counters are 32 bits, but they may be expanded to 6

[Openvpn-devel] Re: Re: Radius support (Authentification, Authorization and Accounting)

Hello, I have again two questions about the counter for the bytes send and received: What is the datatype of the counters? Radius only knows 32-bit unsingned integers. Which traffic is counted? Is only the real payload counted without the encryption overhead? What about the keepalive packets?

Re: [Openvpn-devel] Re: Re: Radius support (Authentification, Authorization and Accounting)

Ok, I implemented a list. Everytime a user connects he gets the least number which is free or a new number is added to the list. But how do you want to create the ip address pool? Every client needs two ip addresses for one interface. I get the framed ip address from the radius answer packet. The

Re: [Openvpn-devel] Re: Re: Radius support (Authentification, Authorization and Accounting)

Am Dienstag, den 31.05.2005, 10:09 + schrieb Ralf Lübben: > If a client connects the nas port number is locked , if a client disconnect > the port number is freed. > A new client will always get the least number of the array. > > Would this behaviour ok? Yes. That would be OK. > How many

[Openvpn-devel] Re: LZO 2.00 released--compatibility patch attached

lar...@gullik.net (Lars Gullik Bjønnes) writes: | Kelledin writes: > | | Hi all, LZO 2.00 was just released, and it has a few API changes. | | Specifically the worst-case expansion formula prescribed by LZO.FAQ | | has changed, and headers now get their own lzo/ directory. > | I also thought th

Re: [Openvpn-devel] Re: Re: Radius support (Authentification, Authorization and Accounting)

Ok, I think I understand the problem. If a client send no stop packet the ip address will never be freed if the nas-port is never used again. So if a other client connects with the same nas port number, of the client which has not send the stop packet, the freeradius server will free the ip ad

Re: [Openvpn-devel] Re: Re: Radius support (Authentification, Authorization and Accounting)

Am Montag, den 30.05.2005, 19:49 + schrieb Ralf Lübben: > I have still one question about the NAS-Port attribute. At the moment the > port number is increment for every user, but never decremt. > Will this be a problem with freeradius? Must the number be in a special > range, maybe for assignm

[Openvpn-devel] Re: LZO 2.00 released--compatibility patch attached

Kelledin writes: | Hi all, LZO 2.00 was just released, and it has a few API changes. | Specifically the worst-case expansion formula prescribed by LZO.FAQ | has changed, and headers now get their own lzo/ directory. I also thought that the license changed. Isn't this the case? -- Lgb

Re: [Openvpn-devel] Re: Re: Radius support (Authentification, Authorization and Accounting)

Hello, Now, the accounting informations are read from the status file, which is generated with the interval 1s. The whole accounting stuff is done by a forked process. So if there are now other causes, I do not need the plugin. Am Dienstag, 31. Mai 2005 01:32 schrieben Sie: > > at the momemt

[Openvpn-devel] Re: Re: Radius support (Authentification, Authorization and Accounting)

Hello, at the momemt the radius plugin is working. The plugin model is very good. It was possible to implement the plugin without any problems. I have still one question about the NAS-Port attribute. At the moment the port number is increment for every user, but never decremt. Will this be a pro

  1   2   3   4   >