Re: [Openvpn-users] Where are the 2.3.3 sources?

> http://openvpn.net/index.php/download/community-downloads.html says the > source tarball is > http://swupdate.openvpn.org/community/releases/openvpn-2.3.3.tar.gz > > But that returns a 404... > > Hi Timothy, This actually the second time this exact problem has been reported. That said, I am ab

Re: [Openvpn-users] what to do in case of openvpn CA expiration?

09.04.2014 17:55, Timothe Litt пишет: >> Yes, thank you, this is good theoretical explanation. >> All I need now are practical examples :-) >> I understand that can be like reading mans for me for far more >> expirienced... :-( Hope somebody already implemented this and can >> share... > That *was

Re: [Openvpn-users] Regarding pkcs11 support in our Debian/Ubuntu

Timothe Litt ACM Distinguished Engineer -- This communication may not represent the ACM or my employer's views, if any, on the matters discussed. On 09-Apr-14 08:25, openvpn-users-requ...@lists.sourceforge.net wrote: Date: Wed, 09 Apr 2014 13:02:54 +0300 From: Samuli Sep

Re: [Openvpn-users] Does OpenVPN use the TLS heartbeat extension? (OpenSSL Security Advisory CVE-2014-0160)

> 1. After our Windows server has been upgraded to 2.3.3, how can I determine > if a connecting Windows client is still using older insecure versions? I > cannot see anything specific in the server log that tells me client's > version? Do I need to start the OpenVPN service with specific parameters

Re: [Openvpn-users] Does OpenVPN use the TLS heartbeat extension? (OpenSSL Security Advisory CVE-2014-0160)

We rely on file-based cert/key authentication and do not use tls-auth or other methods. So, just as you recommended, we will need to re-create and re-issue respective certs and keys to all clients. Also, can you all help with the following: - 1. After our Windows server has been upgraded to

[Openvpn-users] Where are the 2.3.3 sources?

http://openvpn.net/index.php/download/community-downloads.html says the source tarball is http://swupdate.openvpn.org/community/releases/openvpn-2.3.3.tar.gz But that returns a 404... -- Timothe Litt ACM Distinguished Engineer -- This communication may not represent the

Re: [Openvpn-users] Test / Verify for Heartbleed

On 09/04/14 18:41, Colin Ryan wrote: > Folks, > > I understand clearly enough that determining your vulnerability to > Heartbleed is actually pretty straight forward, i.e. do you have and did > you compile with the affect OpenSSL lib's. > > However I have a few circumstances where I'd like to b

Re: [Openvpn-users] what to do in case of openvpn CA expiration?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/04/14 15:55, Timothe Litt wrote: [...snip...] > easyrsa seems to be a very simple wrapper around openssl. Good > for getting started with certificates, not powerful enough for > later on. Agreed. Even though, I believe easy-rsa 3 will become b

[Openvpn-users] Test / Verify for Heartbleed

Folks, I understand clearly enough that determining your vulnerability to Heartbleed is actually pretty straight forward, i.e. do you have and did you compile with the affect OpenSSL lib's. However I have a few circumstances where I'd like to be able to specifically confirm or deny the bleed.

Re: [Openvpn-users] what to do in case of openvpn CA expiration?

Yes, thank you, this is good theoretical explanation. All I need now are practical examples :-) I understand that can be like reading mans for me for far more expirienced... :-( Hope somebody already implemented this and can share... That *was* practical; the theory is more complicated :-) Step-by

Re: [Openvpn-users] what to do in case of openvpn CA expiration?

Hello! Thank you for answer. 09.04.2014 16:33, Timothe Litt пишет: > > c) What you do is create your new CA certificate, and add it to the > Trusted CAs file (or directory) that you distribute. > Thank you, this is good idea. As I wrote before I have no experience using certificates, only eas

Re: [Openvpn-users] what to do in case of openvpn CA expiration?

Hello! May be this is faq, but I can't find any info which explains what I need to do in step-by-step manner what I need to do in case of CA expiration. I generated CA about 8.5 years ago for 10 years (default value), so I'll face CA expiration soon enough. I have ca.key and ca.crt, as I understa

[Openvpn-users] OpenVPN 2.3.3 released

The OpenVPN community project team is proud to release OpenVPN 2.3.3. It can be downloaded from here: This release contains a number of bug fixes, small enhancements and changes aimed at improving long-term compatibility with newer OpenVPN

[Openvpn-users] what to do in case of openvpn CA expiration?

Hello! May be this is faq, but I can't find any info which explains what I need to do in step-by-step manner what I need to do in case of CA expiration. I generated CA about 8.5 years ago for 10 years (default value), so I'll face CA expiration soon enough. I have ca.key and ca.crt, as I underst

Re: [Openvpn-users] Does OpenVPN use the TLS heartbeat extension? (OpenSSL Security Advisory CVE-2014-0160)

>> 3. Do we need to re-generate all keys/certificates (ca, clients etc.) and >> send them over to all clients after this fix? > > Same answer that has been given before - unless you use some sort of > extra authentication (--tls-auth or one-time-password authentication), there > is a chance that so

[Openvpn-users] Regarding pkcs11 support in our Debian/Ubuntu packages

Hi all, It OpenVPN 2.3.3 requires libpkcs11-helper 1.11 or newer. What this means is that unless I patch the OpenVPN sources I won't be able to provide Debian/Ubuntu packages with pkcs11 support except for Ubuntu 14.04 which has 1.11 in default repos. So, is anyone using pkcs11 with the Debian pa

Re: [Openvpn-users] Does OpenVPN use the TLS heartbeat extension? (OpenSSL Security Advisory CVE-2014-0160)

Hi, On Tue, Apr 08, 2014 at 10:21:34PM -0400, Sumit Dahiya wrote: > Thanks for the information. I’ll appreciate any further insight on the > following: - > > 1. Should we uninstall and then re-install the 2.3.3 on all Windows clients? > Or should we install 2.3.3 without uninstalling previous ver