[Openvpn-devel] OpenVPN 2.3.13 released

The OpenVPN community project team is proud to release OpenVPN 2.3.13. It can be downloaded from here: This release includes many small improvements and fixes. The largest change in this is release is limiting of --reneg-bytes to 64MB wh

Re: [Openvpn-devel] Summary of today's (Monday, 10th Oct 2016) community meeting

Hi, On Wed, Nov 02, 2016 at 06:19:26AM -0400, Jonathan K. Bullard wrote: > On Mon, Oct 10, 2016 at 4:26 PM, Samuli Seppänen wrote: > > Discussed OpenVPN 2.3.13 release. Three things are missing: > > > > 1. recursive routing > > 2. block-outside-dns v2 > > 3. 64MB renegotiation for 64-bit block ci

Re: [Openvpn-devel] Summary of today's (Monday, 10th Oct 2016) community meeting

Hi, On Thu, Nov 3, 2016 at 8:26 AM, Gert Doering wrote: > > On Wed, Nov 02, 2016 at 06:19:26AM -0400, Jonathan K. Bullard wrote: > > On Mon, Oct 10, 2016 at 4:26 PM, Samuli Seppänen > wrote: > > > Discussed OpenVPN 2.3.13 release. Three things are missing: > > > > > > 1. recursive routing > > >

Re: [Openvpn-devel] Summary of today's (Monday, 10th Oct 2016) community meeting

Hi, On Thu, Nov 03, 2016 at 08:56:51AM -0400, Jonathan K. Bullard wrote: > For me/Tunnelblick, #3 was the important one; as I understand it #2 is > Windows-only so irrelevant. #3 is in :-) - #2 is windows, indeed, but #1 would have been nice to have ("if you have a VPN with redirect-gateway, and

Re: [Openvpn-devel] [PATCH] Refactor CRL handling

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 28/10/16 17:54, Steffan Karger wrote: > This patch refactors the CRL handling to rely more on the > implementation of the crypto library. It will insert the CRL at > the correct time to keep it up to date, but all additional > verification logic is

[Openvpn-devel] Considering to send AUTH_FAILED on TLS errors

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, During the review of the CRL improvement patch, I briefly mentioned that clients do not disconnect gracefully if the TLS layer does not accept the client certificate (like when it is on a CRL). I have spent some time looking through the code to

Re: [Openvpn-devel] Considering to send AUTH_FAILED on TLS errors

Hi David, On 03-11-16 22:03, David Sommerseth wrote: > During the review of the CRL improvement patch, I briefly mentioned > that clients do not disconnect gracefully if the TLS layer does not > accept the client certificate (like when it is on a CRL). > > I have spent some time looking through t

[Openvpn-devel] [PATCH v4] Drop recursively routed packets

From: Lev Stipakov v4: - Account for IP header offset in TAP mode - Correct handle of non-IP protocols in TAP mode v3: Use better way of figuring out IP proto version which does not break TAP mode. Add an option to allow recursive routing, could be useful when packets sent by openvpn itself ar

Re: [Openvpn-devel] [PATCH] Refactor CRL handling

Hi, On 03-11-16 19:21, David Sommerseth wrote: > On 28/10/16 17:54, Steffan Karger wrote: >> This patch refactors the CRL handling to rely more on the >> implementation of the crypto library. It will insert the CRL at >> the correct time to keep it up to date, but all additional >> verification l

Re: [Openvpn-devel] [OpenVPN/openvpn-gui] OpenVPN & pam_radius_auth - Dynamic CR (#92)

Hi, Copying openvpn-devel as this is more about openvpn server than the GUI. On Thu, Nov 3, 2016 at 7:23 PM, roberthunt-dm wrote: > I am trying to get OpenVPN working with a Radius server configured to send > an access_challenge for an otp code it dynamically generates. > > (server) openvpn ser