DHE?
Thank you and regards,
SaAtomic--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Openvp
may differ between OpenSSL versions.How do I correctly interpret the
default of "DEFAULT:!EXP:!LOW:!MEDIUM:!kDH:!kECDH:!DSS:!PSK:!SRP:!kRSA", or is
there a way to have OpenVPN print the default tls-ciphers for the system?Thank
you,kind regards,SaAtomic--
nterpret the default of
"DEFAULT:!EXP:!LOW:!MEDIUM:!kDH:!kECDH:!DSS:!PSK:!SRP:!kRSA", or is there a way
to have OpenVPN print the default tls-ciphers for the system?
Thank you,
kind regards,
SaAtomic
--
Check out
on and a custom program, that prints
to stdout and saves to a file.
Is there a way to have OpenVPN print to stdout and a log file?
Kind regards,
SaAtomic
--
Check out the vibrant tech community on one of the world's most
`ncp-disable` in its configuration and then reconnects to the same
server,
would the connection succeed, due to the server having the cipher in the
`ncp-ciphers` default list, or would it fail due to a cipher mismatch?
Thank you for the help,
kind regards,
SaAtomic
eases?
Kind regards,
SaAtomic
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Openvpn-users ma
Hello,
I do use --duplicate-cn on the server, but I'm not sure if the exit-notify is
correctly registered by the server. Thank you for the suggestion - I'll send
the logs as soon as possible.
Kind Regards,
SaAtomic
11. Apr 2017 18:15 by selva.n...@gmail.com:
>
> On Tue, A
Hi!
Background information on why I can't use the --nobind option can be found on
the mailing list
https://sourceforge.net/p/openvpn/mailman/openvpn-users/thread/KgsKMZk--3-0%40keemail.me/#msg35767686
Basically I can not alter the server configuration.
I start and stop a large number of client
mber of
times, which completely exhausts my IP pool on the server within minutes. This
topic was discussed earlier on the mailing list in case you missed it. Thank
you for the suggestion though, would be a perfect solution, if I didn't have
the issue with the IP pool exhaustion.
Kind
hello!
You're right. I use the ephermal ports that are given by the local system
(/proc/sys/net/ipv4/ip_local_port_range) and I verify if the chosen port is
actually available before starting OpenVPN with it, so that should not be the
problem.
Kind regards,
SaAtomic
10. Apr 2017 11:
he OpenVPN or is it more of an issue of the host
operating system?
I can't use the default `lport`, as I want to be able to start multiple OpenVPN
instances on the client.
Does anyone have an idea, how I could resolve or at least mitigate this issue?
t
process. I want to automate the process and would love to have an environmental
variable with the port, when using `nobind`. Unfortunately the variable
"local_port" is not set with `nobind`.
How can I identify the port OpenVPN is binding to using environmental
variables/scripting?
K
ocal port when using `nobind`?
Thank you and kind regards,SaAtomic
4. Apr 2017 16:44 by chipits...@gmail.com:
>
>
> 2017-04-04 19:09 GMT+05:00 <> saato...@keemail.me> >:
>
>> >> Hello!>> I'll have to look into the topology topic. Bu
Hello!I'll have to look into the topology topic. But it seems reasonable to me,
to print a warning about the net30 topology.
The explicit-exit-notify is a very good point! I missed that in my client
configuration. It appears to be working, if I start one process after the
other. However, during
I'm performing a number of tests with OpenVPN, where amongst other things, I
connect and disconnect with the same client certificate and slightly different
client config settings over and over (>75 times, withing a short time).
I realised that I exhaust my servers IP pool pretty quickly. Even wai
Hello!
I didn't realize there's a new release, thanks for the info! I'm really
tempted to order a copy now.I see you use OpenVPN 2.4 in the book, do you
discuss the new tls-crypt feature in the book?
Kind regards,SaAtomic
3. Apr 2017 10:14 by janj...@nikhef.nl:
Hello!
This is interesting, I've never encountered a VPN, where the server does not
have VPN IP address.How does one set that up? How does that even work, in terms
of forwarding traffic through the tunnel?
Would someone have a link for me, about that topic?
Kind regards,SaAtomic
31. Mar 20
d".
The client also prints this message, if it receives data from the server.
The error itself is clear and expected, but why does the connection "succeed"
with tls-crypt, whereas it doesn't complete with tls-auth?
Kind regards,
SaAtomic
ccasionally.
How could I implement "sending data and checking the response"? I'd need to get
that working in an automated manner.
Kind regards,SaAtomic
30. Mar 2017 09:00 by g...@greenie.muc.de:
> Hi,
>
> On Wed, Mar 29, 2017 at 03:27:55PM +0200, > saato...@keemail.me>
Hello!
I can not alter the configuration on the server, I can add options on the
client side, but that's it.Is there no other way?
Kind regards,SaAtomic
29. Mar 2017 17:54 by selva.n...@gmail.com:
> Hi,
> On Wed, Mar 29, 2017 at 5:26 AM, <> saato...@keemail.me> > wro
Is there a way to verify if an established tunnel is actually working properly
on the client side?
For instance, if I connect to an OpenVPN server (ncp-disable on server &
client) using a different cipher on the client than on the server, the client
will connect and print:
Initialization Sequenc
I'm trying to get the tunnel server's IP address on the client, independent of
the configuration file. For instance, I don't want to rely on default routes to
identify the server's IP address for the tunnel.
I tried to use environmental variables with `--up`, but couldn't identify the
server's I
-cn
What causes this delay and how can it be reduced or completely avoided?
Kind regards,
SaAtomic--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slas
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
cipher AES-256-CBC
auth SHA512
verb 3
comp-lzo
duplicate-cn
Is there any way to establish multiple connections from a single client to a
single server?
Kind regards
So, do I get this right?
OpenVPN built with mbedTLS will print the TLS PSK cipher suites (openvpn
--show-tls), despite OpenVPN not supporting these?
Kind regards,
SaAtomic
18. Feb 2017 13:05 by openvpn-users-requ...@lists.sourceforge.net:
> Date: Fri, 17 Feb 2017 15:16:37 +0100
>
happens to the `--cipher` option? Do I still configure that option and it
defines the preferred cipher?
In general, how do the options --ncp-ciphers, --ncp-disable and --cipher
cooperate?
Kind regards,
SaAtomic
--
Che
tional key exchange, is the PSK
used for the TLS encryption?
Kind regards,
SaAtomic
OpenVPN version 2.4.0 and mbedTLS version 2.4.0 (neat coincidence)
# openvpn --show-tls
TLS-DHE-PSK-WITH-AES-256-GCM-SHA384
TLS-DHE-PSK-WITH-AES-256-CCM
TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384
TLS-DHE-PSK-WITH-A
27 matches
Mail list logo
