Re: [Openvpn-users] OpenVPN with OSPF there is no proper guide or support --"TAP support removal" rumor

On Wed, Apr 29, 2020 at 05:34:14 -0400, Jonathan K. Bullard wrote: > Hi, > > On Wed, Apr 29, 2020 at 3:43 AM Gert Doering wrote: > > On Wed, Apr 29, 2020 at 09:03:20AM +0200, free...@tango.lu wrote: > > > Which makes me think OSPF is only possible with the old tap interfaces, > > > what the OpenV

Re: [Openvpn-users] OpenVPN architecture

Thank you, I appreciate the detailed response. -Original Message- From: Gert Doering To: Leroy Tennison Cc: openvpn-users Sent: Wed, Apr 29, 2020 11:53 am Subject: Re: [Openvpn-users] OpenVPN architecture Hi, On Wed, Apr 29, 2020 at 04:47:56PM +, Leroy Tennison via Openvpn-users

Re: [Openvpn-users] OpenVPN architecture

Hi, On Wed, Apr 29, 2020 at 04:47:56PM +, Leroy Tennison via Openvpn-users wrote: > I've seen a couple of replies to this but no direct answer to my question, > sounds like OpenVPN works similar to https, correct? Sort of. It's a bit more complicated, but it boils down to "TLS runs, authen

Re: [Openvpn-users] OpenVPN architecture

I've seen a couple of replies to this but no direct answer to my question, sounds like OpenVPN works similar to https, correct? -Original Message- From: Leroy Tennison via Openvpn-users To: openvpn-users Sent: Tue, Apr 28, 2020 5:28 pm Subject: [Openvpn-users] OpenVPN architecture Is

Re: [Openvpn-users] cipher selection

Thanks for the clarification.  I noticed your "upgrade" statement, just didn't assume a strict dependency of the ".. OCC..." statement with the upgrade statement.  Working on an upgrade plan... -Original Message- From: Gert Doering To: Leroy Tennison Cc: openvpn-users Sent: Wed, Apr

Re: [Openvpn-users] OpenVPN with OSPF there is no proper guide or support

Hi, On Wed, Apr 29, 2020 at 04:45:14PM +0200, Jan Just Keijser wrote: > it does make me wonder what the posts were about of people using > openvpn+tun+pfsense/quagga - some even more than 10 yrs ago! p2p mode, mayhaps? (IPv6 worked in p2p mode also much much earlier than in p2mp mode - mostly

Re: [Openvpn-users] cipher selection

Hi, On Wed, Apr 29, 2020 at 02:36:36PM +, Leroy Tennison via Openvpn-users wrote: > Well, this is unfortunate, reading your "their cipher setting is sent in the > OCC handshake to the server, and the server can handle different ciphers to > different clients" I thought I'd try setting a cip

Re: [Openvpn-users] OpenVPN with OSPF there is no proper guide or support

Hi Gert, On 29/04/20 13:11, Gert Doering wrote: Hi, On Wed, Apr 29, 2020 at 12:45:26PM +0200, Gert Doering wrote: On Wed, Apr 29, 2020 at 12:25:02PM +0200, Jan Just Keijser wrote: in other words, OSPF is not UDP or TCP based and hence will not easily work over routed tunnels - which makes sen

Re: [Openvpn-users] cipher selection

Well, this is unfortunate, reading your "their cipher setting is sent in the OCC handshake to the server, and the server can handle different ciphers to different clients" I thought I'd try setting a cipher in my 2.4.4 client's configuration (one that the 2.3.10 server said it supported) and the

Re: [Openvpn-users] cipher selection

Thank you, you've given me options to try, I appreciate it. -Original Message- From: Gert Doering To: Leroy Tennison Cc: openvpn-users Sent: Wed, Apr 29, 2020 12:50 am Subject: Re: [Openvpn-users] cipher selection Hi, On Tue, Apr 28, 2020 at 10:23:10PM +, Leroy Tennison via Openv

Re: [Openvpn-users] OpenVPN with OSPF there is no proper guide or support

Hi, On Wed, Apr 29, 2020 at 12:45:26PM +0200, Gert Doering wrote: > On Wed, Apr 29, 2020 at 12:25:02PM +0200, Jan Just Keijser wrote: > > in other words, OSPF is not UDP or TCP based and hence will not easily > > work over routed tunnels - which makes sense, as OSPF is a rout*ING > > *protocol,

Re: [Openvpn-users] OpenVPN with OSPF there is no proper guide or support

Hi, On Wed, Apr 29, 2020 at 12:25:02PM +0200, Jan Just Keijser wrote: > in other words, OSPF is not UDP or TCP based and hence will not easily > work over routed tunnels - which makes sense, as OSPF is a rout*ING > *protocol, not a rout*ED* protocol. Naaah. gert -- "If was one thing all peop

Re: [Openvpn-users] OpenVPN with OSPF there is no proper guide or support

On Wed, Apr 29, 2020 at 09:03:20AM +0200, free...@tango.lu wrote: Ok so after a bit of research and finding half baked articles such as: https://superuser.com/questions/1283125/proper-configuration-for-quagga-ospf-on-an-openvpn-network Which makes me think OSPF is only possible with the old ta

Re: [Openvpn-users] OpenVPN with OSPF there is no proper guide or support

Hi, On Wed, Apr 29, 2020 at 3:43 AM Gert Doering wrote: > > Hi, > > On Wed, Apr 29, 2020 at 09:03:20AM +0200, free...@tango.lu wrote: > > Ok so after a bit of research and finding half baked articles such as: > > https://superuser.com/questions/1283125/proper-configuration-for-quagga-ospf-on-an-o

Re: [Openvpn-users] OpenVPN architecture

On Wed, Apr 29, 2020 at 09:37:06AM +0200, Gert Doering wrote: > > HTTPS also has PFS[1] now, does OpenVPN have PFS too ? :)) > > Of course :-) > > (it always had, in TLS mode. Not in p2p --secret mode, but that is > deprecated - no PFS is one of the reasons) Nice! Thanks Gert. signature.asc

Re: [Openvpn-users] Checking OpenVPN connectivity

Hi, On 29/04/20 03:26, Erich Titl wrote: Hi Am 29.04.2020 um 00:45 schrieb Leroy Tennison via Openvpn-users: I had a situation today where i was asked "telnet to the port, see if it connects" to check their firewall configuration.  I realize this isn't going to work because telnet is tcp and t

Re: [Openvpn-users] OpenVPN with OSPF there is no proper guide or support

Hi, On 29/04/2020 09:03, free...@tango.lu wrote: > Ok so after a bit of research and finding half baked articles such as: > https://superuser.com/questions/1283125/proper-configuration-for-quagga-ospf-on-an-openvpn-network > > > Which makes me think OSPF is only possible with the old tap interfa

Re: [Openvpn-users] OpenVPN with OSPF there is no proper guide or support

Hi, On Wed, Apr 29, 2020 at 09:03:20AM +0200, free...@tango.lu wrote: > Ok so after a bit of research and finding half baked articles such as: > https://superuser.com/questions/1283125/proper-configuration-for-quagga-ospf-on-an-openvpn-network > > Which makes me think OSPF is only possible with t

Re: [Openvpn-users] OpenVPN architecture

Hi, On Wed, Apr 29, 2020 at 08:57:07AM +0200, Marc SCHAEFER wrote: > On Tue, Apr 28, 2020 at 10:26:40PM +, Leroy Tennison via Openvpn-users > wrote: > > Is OpenVPN architecture similar to HTTPS where the certificate, etc. is > > used to encrypt and transmit a symmetric key which is then used

[Openvpn-users] OpenVPN with OSPF there is no proper guide or support

Ok so after a bit of research and finding half baked articles such as: https://superuser.com/questions/1283125/proper-configuration-for-quagga-ospf-on-an-openvpn-network Which makes me think OSPF is only possible with the old tap interfaces, what the OpenVPN dev team even want to remove in the f

Re: [Openvpn-users] OpenVPN architecture

On Tue, Apr 28, 2020 at 10:26:40PM +, Leroy Tennison via Openvpn-users wrote: > Is OpenVPN architecture similar to HTTPS where the certificate, etc. is used > to encrypt and transmit a symmetric key which is then used for all future > communication? HTTPS also has PFS[1] now, does OpenVPN h

Re: [Openvpn-users] Checking OpenVPN connectivity

On Tue, Apr 28, 2020 at 10:45:03PM +, Leroy Tennison via Openvpn-users wrote: > udp packets from a source making it to a destination) without actually trying > to make a connection You can try netcat, with the -u option. Now, if you have a real powerful firewall it may see this is not legit