Howdy:
We've been dropping UDP packets on a busy UDP OpenVPN. We are running
on OpenBSD 5.5 release with very little tuning. It's brand new HW with
AESNI capable processors, 4 core, and 32GB RAM. We have a 100Mbit/s
symmetric pipe on our circuit. We have tested network cables. We have
about 8
On Thu, Jul 24, 2014 at 2:14 PM, wrote:
>
> > I've got an older bash script I used (before I started doing dynamic
> > routing via ospf) for a client connect script that probably does what you
> > want. It's kind of ugly, but functional:
> >
> > #!/bin/bash
> > if [ "$script_type" = "client-conn
Hi Joe,
On Thu, Jul 24, 2014, at 10:47 AM, Joe Patterson wrote:
> I'm not entirely clear
Welcome to MY world ...
> what you're meaning by these preceding few lines.
> Do you have all 4 of these addresses on the external interface?
Yes.
ip -4 addr ls eth0
2: eth0: mtu 1500 qdisc pfif
Hi,
On Thu, Jul 24, 2014 at 10:17:30AM -0700, pg0...@fastmail.fm wrote:
> There will be 3 CLIENTS
I would just put it all into the main config, and be done with it. It's
just 3 "route" lines...
(Things are different if you do stuff like "I have 1 clients, some
of them having networks routed
On Thu, Jul 24, 2014 at 1:17 PM, wrote:
>
> I will have a single SERVER. It'll eventually have a config of:
>
> @VPN_SERVER
> IP(eth0) = "S.S.S.S" external/WAN intfc
> = 192.168.0.1
> = 172.16.0.1
>
Hi Joe
On Thu, Jul 24, 2014, at 09:55 AM, Joe Patterson wrote:
> But, if for some reason you can't or really don't want to do that ...
Being a bit more specific abt my *goal* state ...
I will have a single SERVER. It'll eventually have a config of:
@VPN_SERVER
IP(eth0)
First off, main doesn't necessarily have to get messy. If you have a bunch
of clients connecting, all with subnets behind them, and you can't get to
those subnets without the VPN connection being up, then most likely the
most effective thing to do is to find a supernet that encompasses all of
the
Hi Gert
On Thu, Jul 24, 2014, at 09:43 AM, Gert Doering wrote:
> "route" is not a valid command in ccd files today.
That's consistent with Joe's comment:
"route" statements cannot go in a ccd
So we've a quorum! :-)
Now, on to understanding the client-connect script invocation ...
Hi,
On Thu, Jul 24, 2014 at 06:57:51AM -0700, pg0...@fastmail.fm wrote:
> /etc/openvpn/ccd/client1.conf
> ifconfig-push 10.0.0.2 255.255.255.0
> iroute192.168.1.0 255.255.255.0
> + route 192.168.1.0 255.255.255.0
> + push
Hi Joe,
On Thu, Jul 24, 2014, at 07:31 AM, Joe Patterson wrote:
> If I'm understanding you correctly, I think I know the problem: "route"
> statements cannot go in a ccd (or, more accurately, they don't do anything
> if they're there), because route statements are injecting routes into the
> OS r
If I'm understanding you correctly, I think I know the problem: "route"
statements cannot go in a ccd (or, more accurately, they don't do anything
if they're there), because route statements are injecting routes into the
OS routing table, which is only done on start-up (and in the case of
running
I have three machines: a 'vpn server' & a 'vpn client' are both running OpenVPN
2.3_git [git:master/a4b8f653ee5be9c2].; a 'lan server' sits on the client-side
LAN behind the 'vpn client'. 'vpn server' & 'vpn client' are connected via VPN
over a
UDP connection.
I.e.,
@VPN_SERVER
That's what I did using rsyslog and every thing work find now, thx for
everything
2014-07-24 9:22 GMT+02:00 Mathias Jeschke :
>
> Hi,
>
> I recommend to not stick to the facility limitation of the last
> century's syslogd
> and rather filter by program name.
>
> You could add something like
Hi,
I recommend to not stick to the facility limitation of the last
century's syslogd
and rather filter by program name.
You could add something like this to your rsyslog.conf:
:programname,isequal,"openvpn" @192.168.0.1
or, if you have multiple instances of openvpn and set a different
14 matches
Mail list logo
