On Wednesday 05 April 2006 14:49, Johnny Lam wrote:
> According to the Fink porting documents[1], this is not the right way to
> link loadable modules on Mac OS X. The module should properly end with
> ".so", and the compiler flags should include "-bundle" and not
> "-dynamiclib", which should onl
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
>>>They can simply replace it with a different CA certificate, so that you
>>>authenticate to a server that claims to be your server but actually is a
>>>different server that have the same certificate name as your server but
>>>was issued by the
On 1/11/06, Albert Siersema wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: RIPEMD160
>
> > They can simply replace it with a different CA certificate, so that you
> > authenticate to a server that claims to be your server but actually is a
> > different server that have the same certificate n
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
> They can simply replace it with a different CA certificate, so that you
> authenticate to a server that claims to be your server but actually is a
> different server that have the same certificate name as your server but
> was issued by the CA t
Tim Niemueller wrote:
Mathias Sundman wrote:
On Tue, 6 Dec 2005, Tim Niemueller wrote:
I can't see anywhere in the change-log that this would now be the
default, and I can't see why it should be either. Have you verifyed that
it really is the default in 2.1?
In the man page of the
On Fri, 04 Nov 2005, James Yonan wrote:
> > James> The management interface doesn't close the listening socket
> > James> when it's connected to a client, because then it would need to
> > James> reopen it after the client disconnects, and for various reasons
> > James> this causes problems (espec
Em Ter, 2005-10-11 às 21:29 +0200, Rolf Fokkens escreveu:
> Hi,
>
> Attached the latest version of the MAC table patch. This patch allowes
> OpenVPN to learn (and importantly forget!) MAC addresses like ethernet
> switches. Also (like ethernet switches), OpenVPN now broadcasts packets
> with un
> > For the others who suggested reducing mss values and such - I'm
> > already doing it. In fact I have mss clamped down to 1312 right now for
> > testing. But, mss clamping doesn't have anything to do with the loss of the
> > lcp-echo frames I was complaining about.
> >
> Janne also suggest
On Thu, 20 Oct 2005, Mike Ireton wrote:
For the others who suggested reducing mss values and such - I'm
already doing it. In fact I have mss clamped down to 1312 right now for
testing. But, mss clamping doesn't have anything to do with the loss of the
lcp-echo frames I was complaining about.
On 10/20/05, Mike Ireton wrote:
> Leonard Isham wrote:
>
> >
> > Merge the encrypted and unencrypted traffic for each side. Look for
> > missing unencrypted packets and then compare encrypted packets that
> > follow and look for a correlation of one or more missing or out of
> > order encrypted
On 10/20/05, Mike Ireton wrote:
> Leonard Isham wrote:
> >
> >>
> >>The problem with this test is that there are many hundreds of OpenVPN
> >>packets per second flying between machine a and machine b - coupla
> >>megabits per second in fact. There is no way to capture just the crypted
> >>ud
On 10/20/05, Mike Ireton wrote:
> James Yonan wrote:
>
> >
> > When you do your 1393 byte ping from A to B, the packet is going to travel
> > 1 -> 2 -> 3 -> 4 -> ICMP echo reply on B -> 4 -> 3 -> 2 -> 1.
> >
> > I need to know exactly where the packet is being dropped in this chain.
>
>
> The prob
On Wed, 19 Oct 2005, Bernhard Schmidt wrote:
> On 2005-10-16, James Yonan wrote:
>
> > * Merged --multihome patch.
>
> Any chance to merge the IPv6 patch of JuanJo Ciarlante in the current
> 2.1-series, too? http://www.irrigacion.gov.ar/juanjo/openvpn/
That patch is currently merged into the 2
Kopie
openvpn-de...@lists.sourceforge.ne
t
Thema
Re: [Openvpn-devel]
On Mon, 17 Oct 2005, Nico Prenzel wrote:
>
> Hello James Yonan,
>
> you stated following in the changelog to 2.1 beta3 release:
>
> >>* openvpn --version will show [LZO1] or [LZO2], depending on
> >> version that was linked.
>
> Could it be that the released beta3 has been linked with lzo1 li
On Wed, 28 Sep 2005, Matthias Andree wrote:
> I have worked quite a bit with Berkeley DB (which SVN set off with as
> its database backend) in bogofilter, and while lots of things are to be
> said about BDB robustness and corruptions, the most important point of
> criticism is that one needs to ta
On Tue, 27 Sep 2005, Charles Duffy wrote:
> I'm not particularly fond of svn -- I think it's not nearly ambitious
> enough[1] and have had DB corruption issues in the past -- but it's
> certainly a big step up from CVS, and history stored in SVN can be far
> less ambiguously retrieved.
I have
On Tue, 27 Sep 2005, Charles Duffy wrote:
> Feel free to ignore the below rant. Revision control is (or at least was
> for quite some time) one of my pet topics, and I occasionally feel
> compelled to bore people at parties (or on mailing lists) with a
> discussion of the subject. I certainly d
Erich Titl wrote:
> Which implies that you send cleartext to the device and get cyphertext
back. So the easiest way to tamper the message is to intercept it at
> the smartcard driver level :-) and modify it on the fly. If someone is
smart enough to fetch the key contents from memory while it is b
Alon
Alon Bar-Lev wrote:
>
...
>
> In terms of security, there is no point of using a device that store keys
> only to be extracted by applications.
> In order to secure your identity you must use a device that cannot be
> duplicated.
> This can be implemented only if the device does not allow
Erich Titl wrote:
> maybe I am completely off topic but I am using an ikey 1000 on a Windoze
box with standard openvpn. AFAIK the ikey 1000 provides a
> PKCS#11 interface which (at least on windoze) is handled by the
proprietary driver.
> This token only handles storage of the keys. I believe th
Alon
maybe I am completely off topic but I am using an ikey 1000 on a Windoze
box with standard openvpn. AFAIK the ikey 1000 provides a PKCS#11
interface which (at least on windoze) is handled by the proprietary driver.
This token only handles storage of the keys. I believe the engine is
onl
> The big question in my mind is whether this possibly small increase in
> performance will justify the loss of portability, and some level
> of stability and security.
>
> James
>
Agreed.
Is performance such a big issue anyway ? At least for clients, Open VPN's
current user-level design is no
On Sat, 3 Sep 2005, Gervasio Bernal wrote:
> Lars Gullik Bjønnes gullik.net> writes:
>
> >
> > Gervasio Bernal speedy.com.ar> writes:
> >
> > | First of all, I will explain what we are trying to develop. Basically,
> > our
> idea
> > | is to make OpenVPN works at kernel level, not at user
Sorry.
I want to help, changing the code to support HPUX.
I'm trying some solutions, and when I have the ifconfig script working on
HPUX, I'll tell you.
Raphael
- Original Message -
From: "Charles Duffy"
To:
Sent: Wednesday, August 31, 2005 6:56 PM
Subject: [Openvpn-devel] Re: Op
On Wednesday 2005-August-31 16:56, Charles Duffy wrote:
> This question should be posted to the openvpn-users list.
Oops, my reply went to openvpn-users; I didn't even notice this was on
openvpn-devel.
--
mail to this address is discarded unless "/dev/rob0"
or "not-spam" is in Subject: h
On Tue, 16 Aug 2005, Johnny Lam wrote:
> James Yonan wrote:
> >
> > * Added easy-rsa 2.0 scripts to the tarball in easy-rsa/2.0
>
> I am maintaining OpenVPN in the NetBSD Packages Collection and was in
> the process of updating our package to 2.0.1 when I noticed that the
> pkitool script uses
On Fri, 24 Jun 2005, Ralf [UTF-8] Lübben wrote:
> Hello,
>
> the radius plugin in is working.
> I have still some questions about the OpenVpn behaviour.
>
> After one hour there is a rekeying/reauthentication of the user? Is that
> right.
Yes, this depends on the value of the --reneg-sec parame
On Fri, 3 Jun 2005, Ralf [UTF-8] Lübben wrote:
> Hello,
>
> I have again two questions about the counter for the bytes send and
> received:
>
> What is the datatype of the counters?
> Radius only knows 32-bit unsingned integers.
Right now the counters are 32 bits, but they may be expanded to 6
Ok,
I implemented a list. Everytime a user connects he gets the least number
which is free or a new number is added to the list.
But how do you want to create the ip address pool?
Every client needs two ip addresses for one interface.
I get the framed ip address from the radius answer packet.
The
Am Dienstag, den 31.05.2005, 10:09 + schrieb Ralf Lübben:
> If a client connects the nas port number is locked , if a client disconnect
> the port number is freed.
> A new client will always get the least number of the array.
>
> Would this behaviour ok?
Yes. That would be OK.
> How many
Ok,
I think I understand the problem.
If a client send no stop packet the ip address will never be freed if the
nas-port is never used again.
So if a other client connects with the same nas port number, of the client
which has not send the stop packet, the freeradius server will free the ip
ad
Am Montag, den 30.05.2005, 19:49 + schrieb Ralf Lübben:
> I have still one question about the NAS-Port attribute. At the moment the
> port number is increment for every user, but never decremt.
> Will this be a problem with freeradius? Must the number be in a special
> range, maybe for assignm
Hello,
Now, the accounting informations are read from the status file, which is
generated with the interval 1s. The whole accounting stuff is done by a
forked process. So if there are now other causes, I do not need the plugin.
Am Dienstag, 31. Mai 2005 01:32 schrieben Sie:
> > at the momemt
On Friday 20 May 2005 12:36, James Yonan wrote:
> You can declare C function prototypes in C++ code with
>
> extern "C" {
> include "openvpn-plugin.h"
> }
>
> to maintain compatibility between the C and C++ namespaces.
For more information, check out
http://www.parashift.com/c
On Fri, 20 May 2005, Ralf [UTF-8] Lübben wrote:
> Hello,
>
> I have a big problem with my programm.
> I developed it with a test main function with the
> openvpn_plugin_open_v1, openvpn_plugin_func_v1 and openvpn_plugin_close_v1
> function and everything works fine.
> I used some c++-libraries
On Wed, 18 May 2005, Simon Perreault wrote:
> On Wednesday 18 May 2005 09:40, Simon Perreault wrote:
> > 1) reopen stdin, stdout and stderr to /dev/null when --daemon option is
> > specified (need a way to access options structure in the plugin)
>
> Here's a patch using the first solution. Please
Am Dienstag, den 17.05.2005, 23:39 +0400 schrieb Ralf Lübben:
> Or are there great advantages if every user gets his own tun
> interface?
No. This is not really necessary.
> To Torge Szczepanek: Which radius server do you use?
> I use freeradius and I think I can only set
I am als
> One more question to the plugin PLUGIN_CLIENT_DISCONNECT:
> Does every plugin which is called, gets the pointer to thesame
> struct openvpn_plugin_handle_t, so I can save here the socket to
> the background processes and the plugin PLUGIN_CLIENT_DISCONNECT
> can send data to these socket numbe
On Tue, 17 May 2005, Torge Szczepanek wrote:
> Am Dienstag, den 17.05.2005, 07:18 -0600 schrieb James Yonan:
>
> > It's more like the opposite: 1.x supported a specific tunx interface and
> > port for each client. 2.0 was rewritten to allow all clients to share a
> > single tun/tap interface a
> 2. Accounting
> Here I'm not sure, want is the best way to do it, maybe somebody have
> some ideas.
> One idea is to create for every openvpn-client who
> connects to the openvpn-server a own process with fork().
> So every process gets his own Acct-Interim-Interval and can send
> the accountin
Am Dienstag, den 17.05.2005, 07:18 -0600 schrieb James Yonan:
> It's more like the opposite: 1.x supported a specific tunx interface and
> port for each client. 2.0 was rewritten to allow all clients to share a
> single tun/tap interface and TCP/UDP port. The 2.0 approach tends to be
> preferre
On Tue, 17 May 2005, Torge Szczepanek wrote:
> Am Dienstag, den 17.05.2005, 15:20 +0400 schrieb Ralf Lübben:
>
> > I want to send following attribute:
> > Username
> > Password
> > NAS-Port = number of the tun interface
>
> This is bad, since you must send a unique identifier to the Radius
> Ser
On Tue, 17 May 2005, Ralf [UTF-8] Lübben wrote:
> Hello,
>
> I finished a C++class for the radius protocol. So I can send, receive and
> analyze authentication and accounting radius packets.
>
> Now I will start to create the openvpn-plugin.
>
> I have there still some quesitions:
>
> When are
Am Dienstag, den 17.05.2005, 15:20 +0400 schrieb Ralf Lübben:
> I want to send following attribute:
> Username
> Password
> NAS-Port = number of the tun interface
This is bad, since you must send a unique identifier to the Radius
Server for every connected client if I understand this correctly.
On Fri, 13 May 2005, Bjoern Boschman wrote:
> Hi again,
>
> I researched a bit more and found out that the iroute in the ccd file causes
> the server crash.
Aha, I see what's going on. OpenVPN 2.0 doesn't support "iroute" usage in
"client-config-dir" files when running in "dev tap" mode. Thi
Alex Ongena wrote:
no, I'am not aware of such an option, nor do I find this
option/parameter in the manual page.
Because it's not there, because its behaviour is going to change in the
future. Search for it in the mailing list archives.
no, I'am not aware of such an option, nor do I find this
option/parameter in the manual page.
I'am using OpenVPN 2.0.0 and have never used the version before.
alex
On Mon, 2005-05-02 at 11:36 -0500, Charles Duffy wrote:
> > It's a proper shutdown on client side, so the client can inform
> > the
Hans Wolff wrote:
I'm sure you'll hear complaints, but this question probably belongs in
openvpn-users.
Anyhow, can you post your configs for both ends?
You may be right, but I have the impression it may be a bug, which is
more a developer issue.
I'll post both configs in a subsequent em
On Wed, 09 Feb 2005 18:42:38 -0600, Charles Duffy wrote:
> On Wed, 09 Feb 2005 17:26:14 -0500, Leonard Isham wrote:
>
> > You need to allow duplicate certificates.
>
> ...or to create unique client certificates. There's a lot to be said for
> knowing who the connected clients are (in the logs, s
Yes thats what i need, thanks james!
James Yonan wrote:
On Thu, 3 Feb 2005, Charles Duffy wrote:
On Thu, 03 Feb 2005 15:28:29 +0100, Patrick Steiner wrote:
Is it possible to use OpenVPN with OPIE (One Time Passwords in
Everything) What i want is to connect from a windows client to a
On Thu, 2005-02-03 at 13:25 -0700, James Yonan wrote:
> Right, but I think he's asking for a challenge/response mechanism, which
> doesn't yet exist.
Erp -- my bad. I was thinking of a different one-time password scheme,
and didn't read his message fully. Apologies to all.
On Thu, 3 Feb 2005, Charles Duffy wrote:
> On Thu, 03 Feb 2005 15:28:29 +0100, Patrick Steiner wrote:
>
> > Is it possible to use OpenVPN with OPIE (One Time Passwords in
> > Everything) What i want is to connect from a windows client to a linux
> > server. But for OPIE i need a interactive pass
I've exactly the same problem.
Running on win2k.
Didier
Mathias Sundman wrote:
Peter 'Luna' Runestig has put together a Crypto API patch which tries
to access user-based certificate/key pairs even when OpenVPN is
running as a service.
Given that Peter can't test this patch himself, it would
Peter 'Luna' Runestig has put together a Crypto API patch which tries to
access user-based certificate/key pairs even when OpenVPN is running as a
service.
Given that Peter can't test this patch himself, it would be great if
someone who uses this feature would volunteer to do some testing and
re
On 2005-01-16 03:12, James Yonan wrote:
> Looks like CERT_SYSTEM_STORE_USERS is undefined in the MinGW environment.
>
> gcc -g -O2 -Wall -Wno-unused-function -Wno-unused-variable -mno-cygwin
> -I/c/src/
> openssl-0.9.7e/include -I/c/src/lzo-1.08/include -c cryptoapi.c -o cryptoapi.o
> cryptoapi.c
Looks like CERT_SYSTEM_STORE_USERS is undefined in the MinGW environment.
gcc -g -O2 -Wall -Wno-unused-function -Wno-unused-variable -mno-cygwin -I/c/src/
openssl-0.9.7e/include -I/c/src/lzo-1.08/include -c cryptoapi.c -o cryptoapi.o
cryptoapi.c: In function `SSL_CTX_use_CryptoAPI_certificate':
cr
Leonard Isham a écrit :
What about a dual account/ID user situation? Where one user is a
normal user with all the restrictions and the other has administrator
rights. The first is used to login the second, administrator
equivalent is for storing the certificate and running the service.
go
On Fri, 14 Jan 2005 20:03:57 -0700 (MST), James Yonan wrote:
> On Thu, 13 Jan 2005, Didier Conchaudron wrote:
>
> > Hi all,
> >
> > I'm still working on a renewed openvpn service wrapper( which's heading
> > to allow a non-admin user to start/stop pre-defined tunnels via a tcp
> > socket) and I s
On Tue, 21 Dec 2004, Charles Duffy wrote:
> On Tue, 21 Dec 2004 21:09:21 +0100, Tor Håkon Gjerde wrote:
>
> > It doesn't sound that hard to make that patch. If someone would be so kind
> > and send me one, I would be very grateful.
>
> Presuming that you aren't a coder yourself -- it typically
On Wed, Dec 22, 2004 at 05:11:51AM -0700, James Yonan wrote:
> On Wed, 22 Dec 2004, Charles Duffy wrote:
>
> > On Wed, 22 Dec 2004 11:00:09 +0100, Alberto Gonzalez Iniesta wrote:
> > > Recent updates of openvpn appear to have changed the handling of
> > > whitespace in tls certificate names.
> >
On Wed, 22 Dec 2004, Charles Duffy wrote:
> On Wed, 22 Dec 2004 11:00:09 +0100, Alberto Gonzalez Iniesta wrote:
> > Recent updates of openvpn appear to have changed the handling of
> > whitespace in tls certificate names.
> ...
> > Now it needs '_' not '.' for spaces:
>
> My guess is that this
On 2004 12 20 (Monday) 15:43, Charles Duffy wrote:
> On Mon, 20 Dec 2004 11:23:56 +0200, Doncho N. Gunchev wrote:
>
> > How from userspace you are going to access tap/tun device and insert
> > IP/Ethernet packets?
>
> He's not going to insert IP or ethernet packets at all -- he's only doing
>
ecember 15, 2004 4:06 PM
Subject: [Openvpn-users] Re: [Openvpn-devel] Re: Perl version of OpenVPN
client
What tool should I have in order to compile src of the windows version of
the OpenVPN?
Thanks
Sam
Charles Duffy wrote:
On Wed, 15 Dec 2004 12:54:42 +0800, sam wun wrote:
Is there any perl version of OpenVPN client?
No.
Why would you want something slower and more resource-intensive to use in
a "stripped-down" environment?
You can compile builds of the regular OpenVPN source tre
>On Wed, 10 Nov 2004 01:03:35 +0100, Stefan `Sec` Zehl wrote:
>
>
>>Can the server support listening on two ports at the same time? This
>>would make migration much easier.
>>
>>
>
>It should be straightforward enough to have your firewall redirect
>incoming connections from the old port to t
On Wed, 3 Nov 2004, Mathias Sundman wrote:
> On Tue, 2 Nov 2004, Mathias Sundman wrote:
>
> > James,
> >
> > I think we made a little misstake with the "auto-find free TAP device"
> > feature.
> >
> > In OpenVPN GUI >= beta20 I close the connections and restart them after a
> > suspend. If mult
On Thu, 14 Oct 2004, zeeshaan wrote:
thanx Mathew actually i was doing wrong that i was not running ms/mw.bat first
but now i am having problem with openssl as
as it says
f:/djgpp/bin/make.exe: unrecognized option `--win32'
wats up now i think its something wrong with make now.
Well, djgp
On Fri, 17 Sep 2004, Christof Meerwald wrote:
> On Tue, 14 Sep 2004 19:29:33 -, James Yonan wrote:
> > I've been considering various ways that the OpenVPN project might become
> > financially self-sustaining. While this has been discussed in the past, the
> > discussion usually centered arou
On Tuesday July 27, j...@yonan.net wrote:
> Neil,
>
> Comments Inline below...
>
> Neil Brown said:
>
> >
> >
> > As was hinted at with the previous patch, this patch introduces a new
> > config option "net-type". It can be either "ptp" or "subnet".
> >
> > If net-type is not explicitly giv
On Tuesday July 27, j...@yonan.net wrote:
> I agree with you that tunnel device type and subnet vs. point-to-point mode
> are mutually exclusive properties.
>
> My main concern is preventing an explosion in the size of the parameter
> permutation space, where the code has to handle 4 cases of dev/
On Tuesday 27 July 2004 11:25, James Yonan wrote:
> Neil,
>
> Thanks for the patches... here are some comments:
>
> * You've obviously put a lot of effort into understanding the code to write
> this patch. But did you consider any alternative approaches, such as
> starting multiple OpenVPN instanc
On Sunday 11 July 2004 14:51, Jan Kiszka wrote:
> Mathias Sundman wrote:
> > ...
> > One more thing to consider... Should we consider a system running this
> > service manager an open system where all locally logged on users is
> > allowed to fully manage openvpn connections, which includes:
> >
>
Denis Vlasenko wrote:
1. On Windows, if the the service wrapper has started some openvpn
processes before our gui agent is started, how should find out about
those processes?
I can think of the following ways:
1a. Ask the service wrapper via the socket interface that I'm working
on right now. T
Mathias Sundman wrote:
...
One more thing to consider... Should we consider a system running this
service manager an open system where all locally logged on users is
allowed to fully manage openvpn connections, which includes:
* Start/Stop openvpn processes
As a first step, I think we shoul
> > IMHO daemontools for windows, if ported, can handle quite a variety
> > of different setups, including one needed by openvpn. Then you can
> > install it as part of openvpn install.
>
> If the only issue we had to solve here was how a normal user should be
> able to spawn openvpn processes, I a
On Fri, 9 Jul 2004, Denis Vlasenko wrote:
On Friday 09 July 2004 00:35, Mathias Sundman wrote:
What I am trying to say? I am very happy that you guys are actively
working on openvpn. Really.
Just please do not OVERdesign it.
Maybe it's better to try to port daemontools to Windows
and run open
On Friday 09 July 2004 00:35, Mathias Sundman wrote:
> > What I am trying to say? I am very happy that you guys are actively
> > working on openvpn. Really.
> >
> > Just please do not OVERdesign it.
> >
> > Maybe it's better to try to port daemontools to Windows
> > and run openvpn daemon(s) under
On Thu, 8 Jul 2004, Denis Vlasenko wrote:
1. On Windows, if the the service wrapper has started some openvpn
processes before our gui agent is started, how should find out about
those processes?
I think it's an important point worth some discussion on whether to (a)
put all the "intelligence"
> > >> 1. On Windows, if the the service wrapper has started some openvpn
> > >> processes before our gui agent is started, how should find out about
> > >> those processes?
> > >>
> > >> I can think of the following ways:
> > >>
> > >> 1a. Ask the service wrapper via the socket interface that I'm
On Thu, 8 Jul 2004, James Yonan wrote:
1. On Windows, if the the service wrapper has started some openvpn
processes before our gui agent is started, how should find out about
those processes?
I think that the goal here is to work towards putting all of the complexity
into the portable service
On Thursday 08 July 2004 02:55, Mathias Sundman wrote:
> On Wed, 7 Jul 2004, James Yonan wrote:
> > On Tuesday 06 July 2004 16:58, Mathias Sundman wrote:
> >> Some more things to consider...
> >>
> >> 1. On Windows, if the the service wrapper has started some openvpn
> >> processes before our gui a
On Wed, 7 Jul 2004, James Yonan wrote:
On Tuesday 06 July 2004 16:58, Mathias Sundman wrote:
Some more things to consider...
1. On Windows, if the the service wrapper has started some openvpn
processes before our gui agent is started, how should find out about
those processes?
I can think of
On Tuesday 06 July 2004 16:58, Mathias Sundman wrote:
> Some more things to consider...
>
> 1. On Windows, if the the service wrapper has started some openvpn
> processes before our gui agent is started, how should find out about
> those processes?
>
> I can think of the following ways:
>
> 1a. Ask
On Wed, 31 Mar 2004 18:39:45 -, you wrote:
>Arkadiusz Patyk said:
>
>> Hi
>>
>> Two very significant things for me are:
>> 1. In my configurations, VPN users have different rights to resources
>> (access list on firewall - iptables). I have to know client IP to
>> correctly setup firewall,
On Tue, 27 Jan 2004, James Yonan wrote:
> OpenVPN needs the MinGW compiler to build openvpn.exe on Windows.
> There would probably be some porting work involved to get it to build
> under VC++. I've heard reports that VC++ doesn't like GNU or ISO C99
> vararg-style macros, which OpenVPN depends o
Teemu Kiviniemi said:
> Wed, 29-10-2003 at 23:38, James Yonan wrote:
>
> > I would rather see this fix accomplished by adding some kind of dummy call
> > early on in the initialization sequence to trigger the dynamic load of the
> > DNS
> > library -- but which doesn't touch the functionality o
Wed, 29-10-2003 at 23:38, James Yonan wrote:
> I would rather see this fix accomplished by adding some kind of dummy call
> early on in the initialization sequence to trigger the dynamic load of the DNS
> library -- but which doesn't touch the functionality of the current DNS name
> resolution cod
Adam Laurie said:
>
> >> this was just a quick note to request that you do some whitespace foo
> > > (in particular CR/LF stuff) for the openvpn generated secret files as
> > > this seems to cause pain when setting up keys generated by one or other
> > > platform and then transferring them
James Yonan wrote:
Adam Laurie said:
this was just a quick note to request that you do some whitespace foo
> (in particular CR/LF stuff) for the openvpn generated secret files as
> this seems to cause pain when setting up keys generated by one or other
> platform and then transferring the
Matthias Andree said:
> On Tue, 16 Sep 2003, James Yonan wrote:
>
> > While I do believe that the majority of Windows users will prefer a tap
> > interface, I say this simply because in my experience _most_ Windows users
> > prefer the option that is the easiest to configure. Once you stop
> >
On Tue, 16 Sep 2003, James Yonan wrote:
> While I do believe that the majority of Windows users will prefer a tap
> interface, I say this simply because in my experience _most_ Windows users
> prefer the option that is the easiest to configure. Once you stop
> automatically routing broadcasts and
On Tue, 16 Sep 2003, James Yonan wrote:
> > I'd like to challenge the "better" claim:
>
> I mean "better" only in the sense of simpler configuration -- i.e. not needing
> to set up a WINS server to make cross-subnet browsing work. I agree that tun
> is more scalable, secure, etc.
After being th
Matthias Andree said:
> On Mon, 15 Sep 2003, James Yonan wrote:
>
> > Yes, this is a problem. For OpenBSD to talk to Windows over OpenVPN, we
> > need
> > either a tun driver for Windows or a tap driver for OpenBSD.
> >
> > My guess is that the easier and better solution would be to solve the
On Mon, 15 Sep 2003, James Yonan wrote:
> Yes, this is a problem. For OpenBSD to talk to Windows over OpenVPN, we need
> either a tun driver for Windows or a tap driver for OpenBSD.
>
> My guess is that the easier and better solution would be to solve the tap on
> OpenBSD problem, rather than th
Tom Bin said:
>
> It's really a good idea.
> I think the syntax is good enough...,
> maybe you can take the metric(route cost) into consideration.
That's a good idea. It looks like most IP stacks support metric, I see that
Windows does too so that is good.
> I would like to suggest the route
On Thu, 17 Apr 2003, James Yonan wrote:
> The nice part about a radio link is that it is probably under your control,
> meaning that you can ensure that ICMPs get properly passed. This allows path
> MTU discovery to work and therefore solves a lot of the harder problems.
Well, at least for the
Matthias Andree said:
> On Thu, 17 Apr 2003, James Yonan wrote:
>
> > A better alternative (orginally suggested by you) is to avoid fragmenting in
> > the first place by bouncing back ICMP_DEST_UNREACH/ICMP_FRAG_NEEDED to the
> > TUN
> > device. This won't work on TAP devices because the ether
Matthias Andree said:
> > http://openvpn.sourceforge.net/beta/openvpn-1.3.2.21.tar.gz (or CVS)
>
> I have a next round of patches to fix prototypes and types to quench
> compiler warnings and get a more robust source code against changed
> environments, to aid possible later debugging; it also i
> Hello James,
>
> That's good to hear,
>
> There are some questions that I had to over come with
> my experimental forking server, like when does a forked
> process exit? Should we always use something line --inactive
> or --ping-exit? Or should there be a control command for closing
> the conne
1 - 100 of 104 matches
Mail list logo