29.07.2024 10:12, Gert Doering пишет:
Hi,
On Mon, Jul 29, 2024 at 10:05:06AM +0400, Dmitry Melekhov wrote:
I have 192.168.22.229/24 on my lan interface,
if I add
redirect-gateway block-local
then openvpn adds route
192.168.22.0 192.168.31.1 255.255.255.128 UG 0 0 0
Hello!
I have 192.168.22.229/24 on my lan interface,
if I add
redirect-gateway block-local
then openvpn adds route
192.168.22.0 192.168.31.1 255.255.255.128 UG 0 0 0
tun0
Could you tell me, why route is only for half of local net?
How can I fix this and get 255.2
14.04.2017 23:34, Gert Doering пишет:
> Hi,
>
> On Fri, Apr 14, 2017 at 11:25:04PM +0400, Dmitry Melekhov wrote:
>> I guess negotiation is choosing cipher from both sides list...
> Not today.
>
> It is what is documented today: choose the first cipher in the cipher
>
Hello!
Just wrote on 2.4.1 server
ncp-ciphers AES-256-CBC:AES-256-GCM:AES-128-GCM
by mistake and then can not connect using 2.4.1 client,
because server pushed AES-256-CBC to client and it is not in ncp-ciphers
default client list.
Yes, this is documented:
"For servers, the first cipher fr
26.01.2017 16:43, debbie10t пишет:
>
> On 26/01/17 11:55, Dmitry Melekhov wrote:
>> 26.01.2017 15:31, debbie10t пишет:
>>> On 26/01/17 07:10, Dmitry Melekhov wrote:
>>>> 26.01.2017 10:59, Gert Doering пишет:
>>>>> Hi,
>>>>>
>&g
26.01.2017 15:31, debbie10t пишет:
>
> On 26/01/17 07:10, Dmitry Melekhov wrote:
>> 26.01.2017 10:59, Gert Doering пишет:
>>> Hi,
>>>
>>> On Thu, Jan 26, 2017 at 09:54:59AM +0400, Dmitry Melekhov wrote:
>>>> Could you tell me is this expected
26.01.2017 10:59, Gert Doering пишет:
> Hi,
>
> On Thu, Jan 26, 2017 at 09:54:59AM +0400, Dmitry Melekhov wrote:
>> Could you tell me is this expected behavior and, if yes, is there any
>> workaround , something like dhcp-release for windows?
> This is a bug - on SIGUSR1
Hello!
We run two openvpn servers, one of them has network 192.168.205.0/24 on
tun and another has 192.168.206.0/24 on tun.
These servers are behind NAT.
Yesterday I rebooted NAT devices, after this we hit problem.
We have Centos 6 client, which runs openvpn 2.4.0 too.
Before NAT device rebo
24.01.2017 16:55, Gert Doering пишет:
> Hi,
>
> On Tue, Jan 24, 2017 at 04:45:52PM +0400, Dmitry Melekhov wrote:
>> 24.01.2017 16:31, Gert Doering ??:
>>> Well. If you *know* which of the old clients have been upgraded to AES,
>>> you should be able to put
24.01.2017 16:31, Gert Doering пишет:
>
> Well. If you *know* which of the old clients have been upgraded to AES,
> you should be able to put "cipher AES..." into a ccd/ file for that client
> (I haven't tested it with 2.4.0-final - it worked for a hacked-together
> variant I did that later become
24.01.2017 16:31, Gert Doering пишет:
> Hi,
>
> On Tue, Jan 24, 2017 at 04:09:29PM +0400, Dmitry Melekhov wrote:
>>>> and found that servers successfully uses blowfish for some old clients,
>>>> but for others not:
>>> It depends on whether the clie
24.01.2017 15:43, Gert Doering пишет:
> Hi,
>
> On Tue, Jan 24, 2017 at 02:51:48PM +0400, Dmitry Melekhov wrote:
>> Unfortunately, some of our points still uses blowfish, but we can't
>> change cipher on all of them once,
>>
>> so we decided to upgrade
Hello!
Unfortunately, some of our points still uses blowfish, but we can't
change cipher on all of them once,
so we decided to upgrade servers to 2.4.0 and then , one by one, change
client's ciphers.
Don't know why, but I decided to set default cipher on server to
AES-256-CBC ,
and
ncp-ciph
31.12.2016 13:47, Gert Doering пишет:
> HI,
>
> On Fri, Dec 30, 2016 at 08:34:31AM +0400, Dmitry Melekhov wrote:
>> 30.12.2016 00:46, Gert Doering ??:
>>> Now I'm not sure why that happens - windows should completely forget
>>> the DHCP lease when t
30.12.2016 00:46, Gert Doering пишет:
> Now I'm not sure why that happens - windows should completely forget
> the DHCP lease when the first OpenVPN connection ends. But then,
> Windows...
Afaik, it perfectly works with all previous, i.e. before 2.4 versions,
at least nobody here complained.
I'
Hello!
Just installed 2.4 on windows 7.
Connecting to on server, tun is set to, let's say to 10.1.10.6,
everything is fine.
Disconnect.
Change remote in config, connect to another server,
tun address should be 192.168.31.6, gui says so,
but real address on tun is 10.1.10.6.
Reboot solves pr
Hello!
Tried 2.4rc2 and hit this- error=CRL has expired,
Yes, next update is far in past, but, it is not usual in our environment
to revoke certificates,
and 2.3 works just fine with this crl.pem.
Could you tell me is this expected 2.4 behavior and I need to somehow
update CRL's next update
At 15:11:59 I restarted openvpn client, this - event_wait : Interrupted
system call (code=4) - is from openvpn stop.
centos 6 again, don't remember the same client , or not.
may be there is some option to limit system calls waiting?
Thank you!
15.07.2016 13:04, Dmitry Melekhov пишет:
&
15.07.2016 16:40, Gert Doering пишет:
> Hi,
>
> On Fri, Jul 15, 2016 at 01:04:12PM +0400, Dmitry Melekhov wrote:
>> This night one of connections was not able to reconnect , last message
>> in log is:
>>
>> Peer Connection Initiated with
>>
>> and thi
Hello!
This night one of connections was not able to reconnect , last message
in log is:
Peer Connection Initiated with
and this is all, openvpn process was running, though.
On server side I see:
SENT CONTROL
TLS Error: TLS key negotiation failed to occur within 60 seconds (check
your network
09.04.2014 17:55, Timothe Litt пишет:
> Since you'll document your experience, perhaps YOU can contribute
> instructions for the next person !
>
OK, I did some tests and here is what I'm going do:
1. my openvpn configs and easyrsa are located in /etc/openvpn,
so I want to copy current ca.crt and
09.04.2014 17:55, Timothe Litt пишет:
>> Yes, thank you, this is good theoretical explanation.
>> All I need now are practical examples :-)
>> I understand that can be like reading mans for me for far more
>> expirienced... :-( Hope somebody already implemented this and can
>> share...
> That *was
Hello!
Thank you for answer.
09.04.2014 16:33, Timothe Litt пишет:
>
> c) What you do is create your new CA certificate, and add it to the
> Trusted CAs file (or directory) that you distribute.
>
Thank you, this is good idea.
As I wrote before I have no experience using certificates, only eas
Hello!
May be this is faq, but I can't find any info which explains what I need
to do in step-by-step manner what I need to do in case of CA expiration.
I generated CA about 8.5 years ago for 10 years (default value), so I'll
face CA expiration soon enough.
I have ca.key and ca.crt, as I underst
Thank you very much!
This is what I need, and it works :-)
11.10.2013 16:44, Gert Doering пишет:
> Hi,
>
> On Fri, Oct 11, 2013 at 04:19:21PM +0400, Dmitry Melekhov wrote:
>> I have following is server config:
>>
>> push "dhcp-option DNS 192.168.0.1"
>&
Hello!
I have following is server config:
push "dhcp-option DNS 192.168.0.1"
It's works for almost all users, but for some reason I don't need this
for one client- it will have access to only one specific ip and will not
use our dns.
Is there any way to not push dns for this specific windows
Hello!
04.09.2013 21:32, David Sommerseth пишет:
Ahh! I didn't quite catch that.
Okay, --client-connect isn't designed to be called on re-establishments.
Only on new connections. That is, a connection which has been through
a complete disconnection phase. A complete disconnection can take
04.09.2013 20:04, David Sommerseth пишет:
>> - post your server config - try replacing the 'client-connect'
>> script with something like
>>
>> #!/bin/bash exit 1
>>
>> clients should no longer be able to connect - if they are, you know
>> the client-connect script is not called properly
> That's a
Hello!
I run OpenVPN 2.2.1 server.
And there are clients connected by mobile links, so they are not stable.
Connections are over udp.
On connect route add script is executed, on disconnect- route del.
As you see, route del was executed, but no route add.
Sep 4 12:45:19 inetgw1 openvpn[2692]:
16.08.2013 14:16, Gert Doering пишет:
> Hi,
Hello!
> On Fri, Aug 16, 2013 at 08:46:38AM +0400, Dmitry Melekhov wrote:
>> I'd like to have an ability to push "push-peer-info" from server's ccd,
> You can't.
>
> [..]
Yes, I know, but hope this will
16.08.2013 08:46, Dmitry Melekhov пишет:
>
>
> but on server side
>
> echo $UV_HWADDR >>/tmp/test
>
sorry, mistyping
echo $UV_USER >>/tmp/test
is right, and returns nothing...
--
Get
15.08.2013 16:17, Gert Doering пишет:
> Hi,
>
> On Thu, Aug 15, 2013 at 03:46:38PM +0400, Dmitry Melekhov wrote:
>> Could you ( or someone else) tell me which openvpn version supports
>>
>> push-peer-info ?
> Should be available on anything from 2.0 up - no idea when
15.08.2013 16:17, Gert Doering пишет:
> Hi,
>
> On Thu, Aug 15, 2013 at 03:46:38PM +0400, Dmitry Melekhov wrote:
>> Could you ( or someone else) tell me which openvpn version supports
>>
>> push-peer-info ?
> Should be available on anything from 2.0 up - no idea when
15.08.2013 15:40, Gert Doering пишет:
> Hi,
>
> On Thu, Aug 15, 2013 at 08:08:44AM +0400, Dmitry Melekhov wrote:
>> It can be interesting for security reasons to log from which OS/device
>> type client connected- most interesting is it mobile os or desktop.
>> Is t
Hello!
It can be interesting for security reasons to log from which OS/device
type client connected- most interesting is it mobile os or desktop.
Is there any way to achive this?
Thank you!
--
Get 100% visibility into
24.05.2013 14:02, Jan Just Keijser пишет:
That is, indeed, a good question. "git blame" points to...
commit 76809cae0eae07817160b423d3f9551df1a1d68e
Author: Jan Just Keijser
Date: Tue Feb 7 16:29:47 2012 +0100
Made some options connection-entry specific
Acked-by: David Sommerseth
24.05.2013 13:23, Gert Doering пишет:
> Hi,
>
> On Fri, May 24, 2013 at 10:13:14AM +0400, Dmitry Melekhov wrote:
>> Posted the same on forum :-)
> I'm not sure why that is *funny* - in general, I'd frown upon putting
> the same question in multiple places at the
Hello!
Posted the same on forum :-)
Centos 6.
Yesterday I used 2.2. on client , all was OK:
All was OK:
OPTIONS IMPORT: explicit notify parm(s) modified
But today I installed update to 2.3.1 and I now I see:
Options error: option 'explicit-exit-notify' cannot be used in this
context ([PUSH
38 matches
Mail list logo
