You probably need to (locally) sign the key because GPG doesn't trust it:
$ gpg --lsign C29D97ED198D22A3
The signature is correct:
$ gpg -v openvpn-install-2.3.11-I601-x86_64.exe.asc
gpg: armor header: Version: GnuPG v1
gpg: assuming signed data in 'openvpn-install-2.3.11-I601-x86_64.exe'
gpg: S
As far as I know, OpenVPN 2.3 can't reconnect with persist-tun even without
block-outside-dns if redirect-gateway with DNS was used and DNS TTL is exceeded.
AFAIR I learned about workaround for this issue in master only after the patch
or probably forgot about that difference. Sorry for that.
On
self and parses OpenVPN status file.
Vets, use this
https://github.com/ValdikSS/openvpn-radiusplugin/releases/tag/v2.2
>
> Curious,
>
> gert
>
signature.asc
Descript
You may try iodine, hanstunnel or similar software.
On 13.04.2016 22:09, Krishna Murthy wrote:
> my area local port udp 9201 open can i connect vpnbook through udp 9201 port
>
> thanks
>
>
>
>
> --
> Find and fix applicati
et 2.3.10 with this patch here:
https://github.com/ValdikSS/openvpn-with-patches/tree/v2.3.10-patches
On 03/18/2016 06:45 AM, Yevgeny Kosarzhevsky wrote:
> Hello,
>
> I wonder if OpenVPN is multi-threaded program.
>
> I am getting openvpn process locked during external script executi
If you get root, you can install Xposed framework with "Auto VPN Dialog
Confirm" module
http://repo.xposed.info/module/de.blinkt.vpndialogxposed
On 03/17/2016 10:10 PM, Gert Doering wrote:
> Hi,
>
> On Thu, Mar 17, 2016 at 02:49:42PM +0100, Luescher Claude wrote:
> It's a warning from Android tha
This is called "Secure Web Proxy". This is not a standard, but it is supported
by Chromium and Firefox.
https://www.chromium.org/developers/design-documents/secure-web-proxy
This helps against DPI in some countries like China and Turkmenistan. Actually,
I'd like to see support too.
https://comm
Windows VPN connections (PPTP, L2TP, SSTP, IPsec IKEv2) could be created and
used by user without administrator privileges.
But I don't really have my own opinion here as I'm not a Windows administrator.
On 03/03/2016 03:47 PM, Samuli Seppänen wrote:
> Sounds reasonable. Any other opinions?
>
Wednesday, February 17, 2016, ValdikSS <mailto:i...@valdikss.org.ru>> wrote:
signature.asc
Description: OpenPGP digital signature
--
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM +
On 02/17/2016 06:40 AM, Samuel Seidel wrote:
> A: Server - A server with non-contiguous IP's, which each may have separate
> gateways, from any substandard vps hosting provider
> Two static public IP addresses, for example:
> 203.0.113.101
> 203.0.114.202
How are they assigned? Do you have two a
Or you can generate a certificate which includes both clientAuth and
serverAuth, it should also work.
On 01/27/2016 09:41 PM, Jan Just Keijser wrote:
> Hi all,
>
> On 27/01/16 18:46, Joe Patterson wrote:
>
> I just tested it: yes it is possible to use the same certificate on both
> side, BUT
> y
This is OS dependant. Basically you need to allow outbound traffic only via tun
interface and don't use any explicit IP at all.
On 01/08/2016 12:38 PM, Jan Luehr wrote:
> Hello,
>
>
> Am 01/08/2016 um 10:29 AM schrieb ValdikSS:
> You're right. I'ven't thought
Hi.
On 01/07/2016 09:19 PM, Jan Lühr wrote:
> But ... this doesn't seem to do the trick.
> - If a hotel wifi network is using 2001:470:5093:3::/64 for auto
> configuration - traffic will leak, since /64 is more specific, than /48
> - right?
How could this be? Are you assuming that the attacker
Well, there could be some differences in terms of security.
If you use systemd to run OpenVPN, it would restrict OpenVPN capabilities and
device access.
If you just compile OpenVPN from source code and won't use systemd unit, you
won't get this functionality.
The example is rather contrived, but
On 12/19/2015 04:47 AM, debbie...@gmail.com wrote:
> Hi
> - Original Message -
> From: "Gert Doering"
> To:
> Cc: "Gert Doering" ; "Sebastian Rubenstein"
> ;
> Sent: Friday, December 18, 2015 9:14 PM
> Subject: Re: [Openvpn-users] OpenVPN 2.3.9 released
>
> Certainly "interpretted diff
Well, actually Linux can leak DNS requests too, just as Windows 7 and older.
The leak is usually occurs when DNS didn't respond in time and it falls back to
secondary server which could be your ISP one.
Windows 8.1 and 10 is another story, they send DNS queries in parallel to all
interfaces.
On
On 12/16/2015 05:12 PM, Ralf Hildebrandt wrote:
> * Samuli Seppänen :
>
>
> Where's the docs for that?
Only in the man file.
>
> What I need to know is:
>
> * does it work on Win32 only (ignoring it on osx/linux is ok)
Yes. It fails as an unknown option on non-Win32.
> * do I need to change the
I'd like that OpenVPN would automatically gain needed privileges in 2.3.9 but
I'm not sure if this is acceptable for all use cases. Could we run it as
administrator by default until we have working NSSM in a default installation?
On 12/11/2015 07:24 AM, Morris, Russell wrote:
>
> Hi,
>
>
>
> Th
period of time this happens in...I
> can check my monitoring system to see what it says but I have a
> feeling it is quite fast.
>
> On Fri, Nov 20, 2015 at 11:54 AM, ValdikSS wrote:
>
>
signature.asc
D
What information are they filled with?
On 20.11.2015 19:53, Shane McKinley wrote:
> I have been having an issue for some time with the log files filling
> up the hard drive randomly on different computers.
>
> OpenVPN version: 2.3.8
>
> Config files are default besides changing the server address
OpenVPN is not a VPN service, it's a software which allows you to build VPN
tunnel. You should set up your own server (or get/buy the access to someone's)
and
create/get client config.
On 12.11.2015 12:11, donovan mcdougal wrote:
> hello I downloaded openvpn today to try to thwart possible atta
Apply fknittel's patches to use client-connect in async way
(https://github.com/fknittel/openvpn/tree/feat_deferred_client-connect, also
https://github.com/ValdikSS/openvpn-with-patches)
3. Write you own plugin for tls-verify and use it in async way (it seems you
can't use async --tls-ve
You probably need to contact a server owner or a person you get the server
information from.
On 27.10.2015 15:57, zgala Zgala wrote:
> Hai
> I installed openvpn on my laptop but the momment i want to connect it
> is requesting my the user name and password. How can you help me on
> this matter.
>
Volg ons op Twitter / Facebook / LinkedIn / YouTube -Oorspronkelijk
bericht-
Van: Bonno Bloksma [mailto:b.blok...@tio.nl]
Verzonden: vrijdag 16 oktober 2015 9:09
Aan: ValdikSS; openvpn-users@lists.sourceforge.net
Onderwerp: Re: [Openvpn-users] Windows10 DNS Leak
Hi,
>> We just ra
erzonden: vrijdag 16 oktober 2015 9:09
Aan: ValdikSS; openvpn-users@lists.sourceforge.net
Onderwerp: Re: [Openvpn-users] Windows10 DNS Leak
Hi,
>> We just ran into this problem as well. User cannot access resources on our
>> network as pushed dns setting do not get used.
>> Dns ser
You can use plugin as for now.
https://github.com/ValdikSS/openvpn-fix-dns-leak-plugin
On 15.10.2015 19:08, Bonno Bloksma wrote:
> Hi,
>
> We just ran into this problem as well. User cannot access resources on our
> network as pushed dns setting do not get used.
> Dns servers get
2015-10-02 18:11 GMT+03:00 Jan Just Keijser :
> Hi,
>
> David Raison wrote:
> > Hi all,
> >
> > We're seeing some connection-resets to one of our clients since this
> > morning that we do not quite understand.
> > The client, which is behind a NAT, connected just fine until it went
> > down this m
2015 16:54, Nikolaos Milas wrote:
> On 26/9/2015 3:49 μμ, ValdikSS wrote:
>
> Thank you again for your latest advice.
>
> I inadvertently deleted the list address instead of your personal one in
> the recipients list! Sorry for this!
>
> In any case, the content of my messa
Please don't reply outside of maillist. Press "reply list" or "reply all"
instead of usual "reply".
On 26.09.2015 15:44, Nikolaos Milas wrote:
> On 26/9/2015 2:21 μμ, ValdikSS wrote:
>
>
> Thank you much for your advice!
No problem.
>
>
I suppose you're using UDP. This happens because UDP is stateless protocol and
server can't understand if the client disconnected right away unlike TCP.
OpenVPN supports special disconnect command which would probably solve your
problem
Add the following line in your client config:
explicit-exi
On 06/14/2014 04:02 PM, Gert Doering wrote:
> Reality check: how often are your users updating? Or do you
> provide a ready-made bundle of "here's the openvpn installer with
> the config included"? Because even if we add this function for
> 2.3.5, as long as your users still run something older,
On 06/14/2014 03:35 PM, Gert Doering wrote:
> In a VPN provider environment, I think what I'd do today is to just offer
> an IPv4+IPv6 service on UDP+TCP, and an IPv4-only service on a different
> IP address, again UDP+TCP - because you don't know in advance what your
> users are going to use, and
On 06/14/2014 03:30 PM, Gert Doering wrote:
> Hi,
>
> On Sat, Jun 14, 2014 at 01:24:02PM +0200, Gert Doering wrote:
>> But anyway: don't disable IPv6 if you are lucky enough to have a VPN
>> provider that can offer it to you. There's a reason why it is enabled
>> by default on about everything th
On 06/14/2014 03:24 PM, Gert Doering wrote:
> It's not particularily helpful for understanding the issue at hand if you
> keep bringing up *new* examples.
>
> But anyway: don't disable IPv6 if you are lucky enough to have a VPN
> provider that can offer it to you. There's a reason why it is enabl
On 06/14/2014 03:09 PM, Gert Doering wrote:
> 2.3.4 should fix all IPv6 issues on Windows 8.1. If not, please bring up
> the issues so we can fix them :-) - point is: IPv6 needs to work, and if
> it does not, it needs to be fixed, not turned off.
Sure, I always for IPv6, but, for example, if you'
On 06/14/2014 10:01 AM, Gert Doering wrote:
> Well, --route-nopull is another option.
It's still assign address.
> What's wrong with pulling IPv6 from the server?
There are some problems with IPv6 on latest Android and sometimes
there are problems with latest Windows (8/8.1)
--
Hello.
Is there a way to disable pulling IPv6 address from the server?
It's pulled from server even if tun-ipv6 is not set in client config.
The only way I found to avoid that is not to use --pull on client side,
but that's unacceptable for me.
Thanks.
---
37 matches
Mail list logo
