Re: [Openvpn-users] OpenVPN on Xenial in AWS Issues

2016-05-10 Thread Simon Deziel
Hi Scott, On 2016-05-10 05:03 PM, Scott Crooks wrote: > [Unit] > Description=OpenVPN connection to %i > PartOf=openvpn.service > ReloadPropagatedFrom=openvpn.service > Before=systemd-user-sessions.service > After=network.target network-online.target # THIS IS NEEDED TO ENSURE > ROUTES COME UP AFTE

Re: [Openvpn-users] OpenVPN on Xenial in AWS Issues

2016-05-10 Thread Scott Crooks
Gert, Thanks for the solution, I didn't see your email until I got it working. The `systemd` script located at `/lib/systemd/system/openvpn@.service` is missing a very important line in the *[Unit]* section: [Unit] Description=OpenVPN connection to %i PartOf=openvpn.service ReloadPropagatedFrom=o

Re: [Openvpn-users] Increasing reneg-sec interval

2016-05-10 Thread Selva Nair
Hi, On Mon, May 9, 2016 at 1:26 PM, dev wrote: > We use one-time passcodes as well as client/server certs for > authentication. I think what is happening is the re-key process is not > able to re-use the OTP so it fails and the user has to re-connect every > hour. > One way to handle this is by

Re: [Openvpn-users] OpenVPN on Xenial in AWS Issues

2016-05-10 Thread Gert Doering
Hi, On Tue, May 10, 2016 at 01:26:27PM -0700, Scott Crooks wrote: > Is there a way to delay starting up OpenVPN? I don't know enough about systemd to say whether you could just add a "sleep 120" in the openvpn start script... It might also work to try adding up "sleep 120" to the openvpn co

Re: [Openvpn-users] OpenVPN on Xenial in AWS Issues

2016-05-10 Thread Scott Crooks
Gert, Good question. It's a bit of a black box as to what exact commands they are running. The documentation here describes the two types of checks (System Status and Instance Status): https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring-system-instance-status-check.html In the case of

Re: [Openvpn-users] OpenVPN on Xenial in AWS Issues

2016-05-10 Thread Gert Doering
Hi, On Tue, May 10, 2016 at 01:13:40PM -0700, Scott Crooks wrote: > The machine is not pingable, and not accessible via SSH if it's failed a > health check. I knew this wasn't a problem with OpenVPN, I was just warning > people / seeing if anyone had a workaround. My point was more "what does AWS

Re: [Openvpn-users] OpenVPN on Xenial in AWS Issues

2016-05-10 Thread Scott Crooks
Gert, The machine is not pingable, and not accessible via SSH if it's failed a health check. I knew this wasn't a problem with OpenVPN, I was just warning people / seeing if anyone had a workaround. On Tue, May 10, 2016 at 1:08 PM, Gert Doering wrote: > Hi, > > On Tue, May 10, 2016 at 12:28:46P

Re: [Openvpn-users] OpenVPN on Xenial in AWS Issues

2016-05-10 Thread Gert Doering
Hi, On Tue, May 10, 2016 at 12:28:46PM -0700, Scott Crooks wrote: > Is this related to OpenVPN itself, or is it Amazon's problem? The current > latest version in the Ubuntu repos is 2.3.10-1ubuntu2. OpenVPN does not know anything about AWS, so if it does not happen on "real" Ubuntu systems (and I

[Openvpn-users] OpenVPN on Xenial in AWS Issues

2016-05-10 Thread Scott Crooks
Greetings everyone, Just wanted to tell everyone of a potential issue with OpenVPN using a certain Ubuntu Xenial AMI in Amazon AWS. The steps to reproduce the problem are here: https://forums.aws.amazon.com/thread.jspa?messageID=719587 (it should not bug you for a login) The gist of it is when pe

[Openvpn-users] OpenVPN 2.3.11 released

2016-05-10 Thread Samuli Seppänen
The OpenVPN community project team is proud to release OpenVPN 2.3.11. It can be downloaded from here: This release fixes two vulnerabilities: a port-share bug with DoS potential and a buffer overflow by user supplied data when using pam