[Openvpn-users] OpenVPN 3 Linux v25 released

OpenVPN 3 Linux v25 (Stable release) The v25 release provides three new features and several enhancements since the previous release. Please notice the deprecation of openvpn3-autoload. * Feature: Live route updates (PUSH_UPDATE) support   When connecting to OpenVPN servers capable of pushing n

[Openvpn-users] OpenVPN 2.7_alpha2 released

The OpenVPN community project team is proud to release OpenVPN 2.7_alpha2. This is the second Alpha release for the feature release 2.7.0. As the Alpha name implies this is an early release build, this is not intended for production use. This release include security fix for CVE-2025-50054 Highl

Re: [Openvpn-users] OpenVPN Forums broken

Hi, On Mon, Jun 16, 2025 at 04:23:35PM +0100, Vincents Lists via Openvpn-users wrote: > For the past few weeks the "new" OpenVPN forums ( [ > https://forums-new.openvpn.net/ | https://forums-new.openvpn.net/ ] ) have > been overrun by Call-Girl spam, and it is impossible to actually reach any o

[Openvpn-users] OpenVPN Forums broken

Hi, For the past few weeks the "new" OpenVPN forums ( [ https://forums-new.openvpn.net/ | https://forums-new.openvpn.net/ ] ) have been overrun by Call-Girl spam, and it is impossible to actually reach any of the forums/messages. Is there a plan to get it cleaned up? If not, can the old fo

Re: [Openvpn-users] OpenVPN Client and auto reconnect

I would try this option: --connect-retry n Perhaps set it to a small value or 1? On Tue, Jun 10, 2025 at 9:34 PM NKP - A. Weitekamp via Openvpn-users < openvpn-users@lists.sourceforge.net> wrote: > Hello everyone! > > I have a question. We're using OpenVPN Connect 3.7.2 (

[Openvpn-users] OpenVPN Client and auto reconnect

Hello everyone! I have a question. We're using OpenVPN Connect 3.7.2 (4253) on Windows and would like to disable auto reconnection when the connection is lost. We use 2FA and have the following problem: If the connection drops briefly, the VPN client repeatedly attempts to establish a connection.

[Openvpn-users] OpenVPN 2.7_alpha1 released

The OpenVPN community project team is proud to release OpenVPN 2.7_alpha1. This is the first Alpha release for the feature release 2.7.0. As the "Alpha" name implies this is an early release build, this is not intended for production use. Highlights of this release include: * Multi-socket support

[Openvpn-users] OpenVPN 3 Linux v24.1 released

OpenVPN 3 Linux v24 (Bugfix/security release) The v24.1 release is a small security and bugfix release. * Security: CVE-2025-3908 - openvpn3-admin init-config follows symlink Wolfgang Frisch from the SUSE security team reach out and notified us of a potential issue with the openvpn3-admin ini

Re: [Openvpn-users] OpenVPN 2.6.13 released

al apt repositories: > > < > https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos#DebianUbuntu:UsingOpenVPNaptrepositories > > > > On Red Hat derivatives we recommend using the Fedora Copr repository. > > <

[Openvpn-users] OpenVPN 2.6.14 released

The OpenVPN community project team is proud to release OpenVPN 2.6.14. This is a bugfix release containing one security fix. Security fixes: * CVE-2025-2704: fix possible ASSERT() on OpenVPN servers using --tls-crypt-v2 Security scope: OpenVPN servers between 2.6.1 and 2.6.13 using --tls-cryp

[Openvpn-users] OpenVPN 2.6.13 released

The OpenVPN community project team is proud to release OpenVPN 2.6.13. This is a bugfix release. Feature changes: * on non-windows clients (MacOS, Linux, Unix) send "release" string from uname() call as IV_PLAT_VER to server - while highly OS specific this is still helpful to keep track of O

Re: [Openvpn-users] OpenVPN and CWE-316?

ot; > Robert A. Heinlein, The Moon is a Harsh > Mistress > > Gert Doering - Munich, Germany > g...@greenie.muc.de > ___ > Openvpn-users mailing list >

[Openvpn-users] OpenVPN 3 Linux v24 released

OpenVPN 3 Linux v24 (Stable release) The v24 release is another stable release. This resolves issues reported in several earlier releases and improves OpenVPN 3 Linux in several areas. * Improvement: Add --dns option support DNS resolver settings has been troublesome for many years, since

Re: [Openvpn-users] OpenVPN Certificates renewal

Forgot to include the list in my reply. Below are the steps I did to use stacked certificates so as to gradually roll out new certs: https://alexkaouris.medium.com/openvpn-roll-out-new-certificates-5ddcd1b3a6f3 Thanks to Rui for the tips. Cheers, Alex On Wed, 27 Nov 2024 at 7:13 PM, Rui Santos

[Openvpn-users] OpenVPN 3 Linux v23 released

OpenVPN 3 Linux v23 (Stable release) The v23 release is stable release which expands the distribution target since v22_dev was released. The goal for this step was to stabilize the codebase which was migrated to GDBus++ and the new Meson building system. The next release (v24) will also be a st

Re: [Openvpn-users] OpenVPN and CWE-316?

Hi, On Sun, Aug 18, 2024 at 07:15:44PM +0200, H H F wrote: > My password manager now all passwords are gone, so makes sense. This sentence does not make very much sense... gert -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, ho

Re: [Openvpn-users] OpenVPN and CWE-316?

Not hard to fix, but I do not have a proxy setup to test. > > Selva > _______ > Openvpn-users mailing list > Openvpn-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-users > ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users

Re: [Openvpn-users] OpenVPN and CWE-316?

On Wed, Aug 14, 2024 at 2:52 AM Gert Doering wrote: > Hi, > > On Tue, Aug 13, 2024 at 08:14:23PM -0400, Selva Nair wrote: > > Nonetheless, on Windows, we could easily add CryptProtectMemory() with > > SAME_PROCESS access for good measure, especially for those who cannot use > > "--auth-nocache".

Re: [Openvpn-users] OpenVPN and CWE-316?

Hi, On Wed, Aug 14, 2024 at 08:52:54AM +0200, Gert Doering wrote: > On Tue, Aug 13, 2024 at 08:14:23PM -0400, Selva Nair wrote: > > Nonetheless, on Windows, we could easily add CryptProtectMemory() with > > SAME_PROCESS access for good measure, especially for those who cannot use > > "--auth-nocac

Re: [Openvpn-users] OpenVPN and CWE-316?

Hi, On Tue, Aug 13, 2024 at 08:14:23PM -0400, Selva Nair wrote: > Nonetheless, on Windows, we could easily add CryptProtectMemory() with > SAME_PROCESS access for good measure, especially for those who cannot use > "--auth-nocache". That will also add some protection to proxy passwords > which are

Re: [Openvpn-users] OpenVPN and CWE-316?

On Tue, Aug 13, 2024 at 7:02 PM David W Graham wrote: > CryptProtectMemory function (dpapi.h) > > "The CryptProtectMemory function encrypts > memory > to prevent others from viewing sensitive information in your process. For > exa

Re: [Openvpn-users] OpenVPN and CWE-316?

r > doubted > it myself till I met a computer with a sense of humor." > Robert A. Heinlein, The Moon is a Harsh > Mistress > > Gert Doering - Munich, Germany > g...@greenie.muc.de > ___ > Ope

Re: [Openvpn-users] OpenVPN and CWE-316?

Hi On Tue, Aug 13, 2024 at 12:57:49PM +0200, Jakob Curdes wrote: > The original seccuvera article states that OpenVPN (I assume they mean the > Windows client) is "vulnerable" to this weakness and leaves data like > emails, passwords and 2FA codes in the main memory after the program is > closed.

[Openvpn-users] OpenVPN and CWE-316?

Hello all, in Germany we are reading articles like this one: https://www.heise.de/news/Schwere-Luecke-bei-kritischen-Anwendungen-Klartextpasswoerter-im-Prozessspeicher-9830774.html https://www.secuvera.de/blog/studie-klartextpassworter-in-passwortspeichern/ which mentions CWE-316: "Cleartext S

Re: [Openvpn-users] OpenVPN listening address

Peter Davis via Openvpn-users writes: > By default, OpenVPN is running on the address 0.0.0.0. Is this safe for a web > server? Web servers generally listen on INADDR_ANY. Web server implementations that are unsafe doing so are unsafe and should not be used at all. OpenVPN is not a web s

[Openvpn-users] OpenVPN listening address

Hello, By default, OpenVPN is running on the address 0.0.0.0. Is this safe for a web server? Thank you. ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users

[Openvpn-users] OpenVPN 2.6.12 released

The OpenVPN community project team is proud to release OpenVPN 2.6.12. This is a bugfix release. Bug fixes: * the fix for CVE-2024-5594 (refuse control channel messages with nonprintable characters) was too strict, breaking user configurations with AUTH_FAIL messages having trailing CR/NL ch

[Openvpn-users] OpenVPN 2.6.11 released

The OpenVPN community project team is proud to release OpenVPN 2.6.11. This is a bugfix release containing several security fixes. Security fixes: * CVE-2024-4877: Windows: harden interactive service pipe. Security scope: a malicious process with "some" elevated privileges (SeImpersonatePriv

[Openvpn-users] OpenVPN 3 Linux v22_dev released

OpenVPN 3 Linux v22_dev (Limited Release) This is a limited release primarily targeting Fedora 39 and newer plus Ubuntu 24.04. Other Linux distributions shipping glib2 version 2.76 or newer will also benefit from this release. This release contains a massive re-factoring of the D-Bus integrat

Re: [Openvpn-users] [Openvpn-devel] windows client tests needed

Hi, if you think this is a useful security enhancement, and would like to have it in a "short term" 2.6.x release, we need test results... please! gert On Thu, Jun 06, 2024 at 02:23:33PM +0200, Gert Doering wrote: > Hi, > > we have new code in master that helps with the "TunnelCrack" and > "T

Re: [Openvpn-users] [Openvpn-devel] windows client tests needed

Hi, On Thu, Jun 06, 2024 at 02:23:33PM +0200, Gert Doering wrote: > Now - this code has been merged into "git master", and installers > are here: > >https://github.com/OpenVPN/openvpn-build/actions/runs/9391365526?pr=641 > > (bottom of the page, "Artifacts", .zip files with a .msi inside).

Re: [Openvpn-users] OpenVPN packaged in Ubuntu 22.04

Hi, (new thread, new subject, breaking references:) On Sat, May 18, 2024 at 05:57:42PM +0200, Bo Berglund wrote: > I am running openvpn server on an Ubuntu 22.04.4 LTS and here is what I get > from > apt: > > $ apt policy openvpn > openvpn: > Installed: 2.5.9-0ubuntu0.22.04.2 > Candidate: 2

Re: [Openvpn-users] openvpn can not detect kernel dco module

Hi: Antonio Quartulli > Where did you get the ovpn-dco package from? > Because I have my own dev package, but I hardly believe that was pulled > upstream. openwrt had ovpn-dco module since 2022. but the included openvpn version is 2.5 or 2.6 without dco enabled. so it seems nobody test it before

Re: [Openvpn-users] openvpn can not detect kernel dco module

Hi, On 26/04/2024 10:16, d tbsky wrote: These modules will be auto-loaded by ovpn-dco if they exist in the system. the problem is that openwrt won't install them by default. openwrt ovpn-dco config file needs to be fixed so the required modules will be installed together. Agreed. Where did yo

Re: [Openvpn-users] openvpn can not detect kernel dco module

Antonio Quartulli > Thanks for testing! > I'd expect CRYPTO_CHACHA20POLY1305 to pull what's needed. Strange that > it didn't happen. > On my workstation I did not have such problem. > Anyway, I will double check if there is something missing on our side. These modules will be auto-loaded by ovpn-

Re: [Openvpn-users] openvpn can not detect kernel dco module

Hi, On 25/04/2024 12:07, d tbsky wrote: Hi: I think you should look for CONFIG_CRYPTO_CHACHA20POLY1305 in the kernel config. after trying and testing, I found besides "CONFIG_CRYPTO_CHACHA20POLY1305", I also need "CONFIG_CRYPTO_LIB_POLY1305" and "CONFIG_CRYPTO_LIB_CHACHA". ovpn-dco will auto

Re: [Openvpn-users] openvpn can not detect kernel dco module

Hi: > I think you should look for CONFIG_CRYPTO_CHACHA20POLY1305 in the kernel > config. after trying and testing, I found besides "CONFIG_CRYPTO_CHACHA20POLY1305", I also need "CONFIG_CRYPTO_LIB_POLY1305" and "CONFIG_CRYPTO_LIB_CHACHA". ovpn-dco will auto-load the three modules when doing CHACHA

Re: [Openvpn-users] openvpn can not detect kernel dco module

Hi: Antonio Quartulli > > Hi, > > On 24/04/2024 11:38, d tbsky wrote: > > [ 9652.965804] encrypt crypto_alloc_aead failed, err=-2 > > This is exactly it. The kernel crypto engine is reporting "not found". > > I think you should look for CONFIG_CRYPTO_CHACHA20POLY1305 in the kernel > config. I ha

Re: [Openvpn-users] openvpn can not detect kernel dco module

Hi, On 24/04/2024 11:38, d tbsky wrote: [ 9652.965804] encrypt crypto_alloc_aead failed, err=-2 This is exactly it. The kernel crypto engine is reporting "not found". I think you should look for CONFIG_CRYPTO_CHACHA20POLY1305 in the kernel config. Regards, -- Antonio Quartulli _

Re: [Openvpn-users] openvpn can not detect kernel dco module

Hi: > Can you please check if dmesg is reporting any error while you are > attempting to connect? dmesg report like this: [ 9078.296036] tun100: deleting peer with id 11699696, reason 0 [ 9652.965804] encrypt crypto_alloc_aead failed, err=-2 [ 9652.983698] tun100: deleting peer with id 12315992,

Re: [Openvpn-users] openvpn can not detect kernel dco module

Hi, On 24/04/2024 11:21, d tbsky wrote: Hi: Antonio Quartulli Unfortunately there will be no difference as this is an issue between openvpn and ovpn-dco. thanks a lot for hint! Could you please re-run with --verb 6 ? That will include DCO specific debug messages. Thanks a lot for t

Re: [Openvpn-users] openvpn can not detect kernel dco module

Hi: Antonio Quartulli > Unfortunately there will be no difference as this is an issue between > openvpn and ovpn-dco. thanks a lot for hint! > Could you please re-run with --verb 6 ? That will include DCO specific > debug messages. root@OpenWrt:~# openvpn --verb 6 --tls-client --dev tun100 -

Re: [Openvpn-users] openvpn can not detect kernel dco module

Hi, On 24/04/2024 11:03, d tbsky wrote: Hi: Antonio Quartulli Yes, 2.6.10 requires ovpn-dco-v2. ok. so I can not downgrade. wireguard uses chacha20poly1305, therefore it'd be essential to test with this algorithm in order to make a full comparison. Do you have a full log to provide rega

Re: [Openvpn-users] openvpn can not detect kernel dco module

Hi: Antonio Quartulli > > Yes, 2.6.10 requires ovpn-dco-v2. ok. so I can not downgrade. > wireguard uses chacha20poly1305, therefore it'd be essential to test > with this algorithm in order to make a full comparison. > > Do you have a full log to provide regarding the error "dco_new_key: > netl

Re: [Openvpn-users] openvpn can not detect kernel dco module

Hi, Yes, 2.6.10 requires ovpn-dco-v2. On 24/04/2024 10:43, d tbsky wrote: anyway the dco speed is still very poor. wireguard can run "190Mbit/300Mbit" upload/download speed at this device. openvpn can only do "40mb/20mb". but openvpn is more stable and feature rich than wiregurad. so I think I

Re: [Openvpn-users] openvpn can not detect kernel dco module

Hi: d tbsky > > Antonio Quartulli > > What is the exact openvpn and dc oversion that you compiled in your last > > test? > > > Hi: > > openvpn: 2.6.10 > dco: 0.2.20240320 I finally compiled dco module with full info and test it under openwrt. using iperf3 to test the tunnel, the upload speed

Re: [Openvpn-users] openvpn can not detect kernel dco module

Hi: > What is the exact openvpn and dc oversion that you compiled in your last > test? After checking, I found dco modules compiled under openwrt seems lacking something, like "version" root@OpenWrt:~# ls -la /sys/module/ovpn_dco_v2/ drwxr-xr-x3 root root 0 Mar 23 06:10 . drw

Re: [Openvpn-users] openvpn can not detect kernel dco module

Hi, On 18/04/2024 07:47, d tbsky wrote: Hi: I want to try openvn dco at openwrt. the official openwrt distribution stay at openvpn 2.5. so I tried compiled 2.6 and found it can not find kernel dco module. I thought maybe the distributed dco module is too old so I compiled lasted kmod_ovpn_

Re: [Openvpn-users] openvpn can not detect kernel dco module

Antonio Quartulli > What is the exact openvpn and dc oversion that you compiled in your last > test? > Hi: openvpn: 2.6.10 dco: 0.2.20240320 ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/list

[Openvpn-users] openvpn can not detect kernel dco module

Hi: I want to try openvn dco at openwrt. the official openwrt distribution stay at openvpn 2.5. so I tried compiled 2.6 and found it can not find kernel dco module. I thought maybe the distributed dco module is too old so I compiled lasted kmod_ovpn_dco_v2 module but "openvpn --version" still

[Openvpn-users] OpenVPN 2.6.10 released

The OpenVPN community project team is proud to release OpenVPN 2.6.10. This is a bugfix release containing several security fixes for Windows and Windows TAP driver and documentation updates. Security fixes: * CVE-2024-27459: Windows: fix a possible stack overflow in the interactive service co

Re: [Openvpn-users] OpenVPN for retro network

Hi, On Thu, Feb 15, 2024 at 08:58:28PM +, shadowbladeee via Openvpn-users wrote: > Before I spending more time on this can OpenVPN 2.6.3 bridged network > transport all these? I would like to bridge those old VMs just like they > would be on a local LAN. "I don't know", and I'm afraid that'

[Openvpn-users] OpenVPN and MTU

Hello, First: I don't have any problem with OpenVPN and MTU, this is out of curiosity. This is a simplified network map: 185.250.56.2 OpenVPN --- A.B.C.D (PPPoE) OpenVPN -- 193.72.186.160 (BGP router for 193.72.186.0/24) Look: (reliant is somewhere else on the internet, X.Y.88.46) scha

[Openvpn-users] OpenVPN for retro network

Hello List, I working on some unconventional setup for RETRO OSes... The setup is: -- openvpn -- internet -- openvpn -- retro network The servers range from old versions of Novell Netware like 2.x 3.x 4.x, Solaris, Windows NT and alikes running old protocols like ipx/spx and some even use

[Openvpn-users] OpenVPN 2.6.9 released

The OpenVPN community project team is proud to release OpenVPN 2.6.9. This is a bugfix release containing one security fix for the Windows installer. Security fixes: * Windows Installer: fix ​CVE-2023-7235 where installing to a non-default directory could lead to a local privilege escalation.

Re: [Openvpn-users] OpenVPN and ChaCha20-Poly1305 encryption

Hi, On Thu, Feb 08, 2024 at 06:36:40PM +, Peter Davis via Openvpn-users wrote: > Why OpenVPN does not support ChaCha20-Poly1305 encryption? What makes you think it doesn't? gert -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a comput

Re: [Openvpn-users] OpenVPN and ChaCha20-Poly1305 encryption

On 08.02.24 20:07, Peter Davis wrote: Why OpenVPN articles uses AES-256-GCM? Is it better? It is very probably "better" in the sense of remaining compatible with various OpenVPN and OpenSSL versions; Ctrl-F the online OpenVPN reference manuals for more info. "Better" as in more resistant to

Re: [Openvpn-users] OpenVPN and ChaCha20-Poly1305 encryption

>On Thursday, February 8th, 2024 at 10:21 PM, Jochen Bern > wrote: > On 08.02.24 19:36, Peter Davis via Openvpn-users wrote: > > > Why OpenVPN does not support ChaCha20-Poly1305 encryption? > > > You sure? > > > $ openvpn --show-ciphers | grep -i cha > > CHACHA20-POLY1305 (256 bit key, stream

Re: [Openvpn-users] OpenVPN and ChaCha20-Poly1305 encryption

On 08.02.24 19:36, Peter Davis via Openvpn-users wrote: Why OpenVPN does not support ChaCha20-Poly1305 encryption? You sure? $ openvpn --show-ciphers | grep -i cha CHACHA20-POLY1305 (256 bit key, stream cipher, TLS client/server mode only) (FWIW, OpenVPN 2.6.8 and, *more* relevant to the p

[Openvpn-users] OpenVPN and ChaCha20-Poly1305 encryption

Hi, According to Wikipedia: The main external difference with ChaCha20 is its 64 byte (512 bit) block size, in comparison to 16 bytes (128 bit) with both AES-128 and AES-256. The larger block size enables higher performance on modern CPUs and allows for larger streams before the 32 bit counter o

Re: [Openvpn-users] OpenVPN on port 443

On 27.01.24 19:27, Peter Davis wrote: On Thursday, January 25th, 2024 at 1:25 AM, Jochen Bern wrote: Also, don't forget to configure the VPN server with --port-share, in case one of the nation-level censors you're trying to fool gets the idea of looking at your "interesting website" himself ..

Re: [Openvpn-users] OpenVPN on port 443

>On Thursday, January 25th, 2024 at 1:25 AM, Jochen Bern > wrote: > On 24.01.24 13:31, Hans via Openvpn-users wrote: > > > From: "Gert Doering" mailto:g...@greenie.muc.de> > > Date: Wednesday, 24 January 2024 at 13:03:30 > > > > > On Wed, Jan 24, 2024 at 11:49:43AM +, Peter Davis via Openvp

Re: [Openvpn-users] OpenVPN on port 443

>On Wednesday, January 24th, 2024 at 3:38 PM, Marc SCHAEFER > wrote: > Hello, > > On Wed, Jan 24, 2024 at 11:49:43AM +, Peter Davis wrote: > > > I am testing this scenario in a virtual environment before moving it to the > > real world. > > > So, use subnets within private address ranges

[Openvpn-users] OpenVPN and V2Ray

Hello, I want to use OpenVPN with V2Ray. I took a look at the OpenVPN configuration with Shadowsocks and saw that in the Client.conf file there were two lines as follows: socks-proxy 127.0.0.1 1080 route SHADOWSOCKS_SERVER_IP 255.255.255.255 net_gateway I have two questions: 1- Are these two li

Re: [Openvpn-users] OpenVPN on port 443

On 24.01.24 13:31, Hans via Openvpn-users wrote: From: "Gert Doering" mailto:g...@greenie.muc.de>> Date: Wednesday, 24 January 2024 at 13:03:30 On Wed, Jan 24, 2024 at 11:49:43AM +, Peter Davis via Openvpn-users wrote: How can I make OpenVPN look like an HTTPS connection? You can't. Open

Re: [Openvpn-users] OpenVPN on port 443

How about using stunnel instead? From: "Gert Doering" mailto:g...@greenie.muc.de>> Date: Wednesday, 24 January 2024 at 13:03:30 To: "Peter Davis" mailto:peter.davis1...@proton.me>> Cc: "openvpn-users@lists.sourceforge.net" mailto:openvpn-users@lists.sou

Re: [Openvpn-users] OpenVPN on port 443

Hello, On Wed, Jan 24, 2024 at 11:49:43AM +, Peter Davis wrote: > I am testing this scenario in a virtual environment before moving it to the > real world. So, use subnets within private address ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16), or possibly some other reserved addresses [1

Re: [Openvpn-users] OpenVPN on port 443

Hi, On Wed, Jan 24, 2024 at 11:49:43AM +, Peter Davis via Openvpn-users wrote: > How can I make OpenVPN look like an HTTPS connection? You can't. OpenVPN is not https, so even if you use tcp/443, on a close enough look it will be clear "this is not HTTPS". gert -- "If was one thing all peo

Re: [Openvpn-users] OpenVPN on port 443

>On Wednesday, January 24th, 2024 at 11:18 AM, Marc SCHAEFER > wrote: > Hello, > > On Wed, Jan 24, 2024 at 06:14:22AM +, Peter Davis via Openvpn-users wrote: > > > 1- I don't understand what you mean about "server 20.20.0.0 255.255.255.0". > > What is the difference between IP range 10.X a

Re: [Openvpn-users] OpenVPN on port 443

On 24.01.24 08:48, Marc SCHAEFER wrote: and obviously you won't be able to contact any of those Microsoft IPs anymore, Considering all the times Peter mentioned that "evade [nation-level] censors" is among his objectives, blackholing the clients' connections to Microsoft (auto)update servers

Re: [Openvpn-users] OpenVPN on port 443

Hello, On Wed, Jan 24, 2024 at 06:14:22AM +, Peter Davis via Openvpn-users wrote: > 1- I don't understand what you mean about "server 20.20.0.0 255.255.255.0". > What is the difference between IP range 10.X and 20.X? 10.0.0.0/8 is a private range, that you can use as you please for private

Re: [Openvpn-users] OpenVPN on port 443

>On Tuesday, January 23rd, 2024 at 4:37 PM, Jakob Curdes >wrote: > Am 23.01.2024 um 13:32 schrieb Peter Davis via Openvpn-users: > > > Hello, > > I want to use OpenVPN and HTTPS. I found the following article: > > (...) > > > > > > > server 20.20.0.0 255.255.255.0 > > First of all, from wher

Re: [Openvpn-users] OpenVPN on port 443

Am 23.01.2024 um 13:32 schrieb Peter Davis via Openvpn-users: Hello, I want to use OpenVPN and HTTPS. I found the following article: (...) server 20.20.0.0 255.255.255.0 First of all, from where did you take that IP network? This is not a private network range as far as I

[Openvpn-users] OpenVPN on port 443

Hello, I want to use OpenVPN and HTTPS. I found the following article: https://snikt.net/blog/2016/12/01/how-not-to-hide-openvpn-behind-https/ssl/ My server has two NICs: enp0s3 (NAT) enp0s8 (Local) My OpenVPN server.conf is as below: port 443 proto tcp dev tun1 local 0.0.0.0 port-share 127.0.

[Openvpn-users] OpenVPN and Google Play

Hello, I have tunneled OpenVPN on Tor and I connect to OpenVPN server with OpenVPN Connect app on Android and PC. On Android I can't open some apps like Google Play and X, but when I use Orbot on Android these apps open. What changes does OpenVPN make? Thank you._

Re: [Openvpn-users] [Openvpn-devel] OpenVPN and outside clients

Resending to the mailing list for completeness (please always keep the mailing list in the CC field) Regards, On 03/01/2024 12:53, Peter Davis wrote: Hello, I changed the IP address in the client configuration file, but I can't connect to the server. I got the following error: Wed Jan 3 10

Re: [Openvpn-users] [Openvpn-devel] OpenVPN and outside clients

Sorry, posted to the wrong list. Forwarded to the correct one now. On 03/01/2024 09:41, Antonio Quartulli wrote: Hi, On 03/01/2024 09:14, Peter Davis wrote: Hello, I changed the IP address in the client configuration file, but I can't connect to the server. I got the following error: Wed J

Re: [Openvpn-users] OpenVPN and outside clients

On 02.01.24 15:31, Peter Davis via Openvpn-users wrote: My server has a NIC with a local IP address. Clients can connect to it on the internal network. I want clients from outside to be able to connect to it, but I can't set a public IP on the server's network card. On the firewall (Fortinet) tha

Re: [Openvpn-users] OpenVPN and outside clients

Hi, On 02/01/2024 15:31, Peter Davis via Openvpn-users wrote: I want to know, if I replace the IP address 1.2.3.4 instead of 192.168.1.1 in the client configuration file, then the clients should be able to connect to the server from outside the network? Most likely yes. This is what most peo

[Openvpn-users] OpenVPN and outside clients

Hello, My server has a NIC with a local IP address. Clients can connect to it on the internal network. I want clients from outside to be able to connect to it, but I can't set a public IP on the server's network card. On the firewall (Fortinet) that is directly connected to the Internet, a publi

Re: [Openvpn-users] OpenVPN Plugins and Systemd

Just for community knowledge. Through much trial and error it was concluded from some reason that the LimitNPROC was the culprit even though the plug-in only spawned 3 additional instances of OVPN. Didn't have time to really figure out why. PrivateTmp, ProtectHome, ProtectSystem are all fine

Re: [Openvpn-users] OpenVPN for Android and iOS

Hi, On Wed, Dec 13, 2023 at 06:23:48AM +, Jason Long via Openvpn-users wrote: > 2023-12-13 09:50:25 tls-crypt unwrap error: packet too short > 2023-12-13 09:50:25 TLS Error: tls-crypt unwrapping failed from > [AF_INET]172.21.50.67:39757 You answered the question yourself. If you put into t

Re: [Openvpn-users] OpenVPN for Android and iOS

> Hi, > On Tue, Dec 12, 2023 at 05:59:40AM +, Jason Long via Openvpn-users wrote: > https://paste.mozilla.org/CwWTPPW0 > I'd guess it's the "key-direction" line getting in the way.  Remove this > from both client and server config. > Also, you are mixing tls-auth and tls-crypt in your quest

Re: [Openvpn-users] OpenVPN for Android and iOS

> You need to check the server log to understand what's going on. > Cheers, On December 12, 2023 6:59:40 AM GMT+01:00, Jason Long wrote: >  > On 11/12/2023 11:18, Jason Long via Openvpn-users wrote: >> Hello, >> If I want to use the "tls-crypt" option, then the "ta.key" must be a >> separate

Re: [Openvpn-users] OpenVPN for Android and iOS

Hi, On Tue, Dec 12, 2023 at 05:59:40AM +, Jason Long via Openvpn-users wrote: > https://paste.mozilla.org/CwWTPPW0 I'd guess it's the "key-direction" line getting in the way. Remove this from both client and server config. Also, you are mixing tls-auth and tls-crypt in your questions - so,

Re: [Openvpn-users] OpenVPN for Android and iOS

You need to check the server log to understand what's going on. Cheers, On December 12, 2023 6:59:40 AM GMT+01:00, Jason Long wrote: >> On 11/12/2023 11:18, Jason Long via Openvpn-users wrote: >> Hello, >> If I want to use the "tls-crypt" option, then the "ta.key" must be a >> separate file an

Re: [Openvpn-users] OpenVPN for Android and iOS

> On 11/12/2023 11:18, Jason Long via Openvpn-users wrote: > Hello, > If I want to use the "tls-crypt" option, then the "ta.key" must be a separate > file and it cannot be merged with the rest of the keys in one file. To be > honest, it is difficult to use for both computer and mobile users becau

Re: [Openvpn-users] OpenVPN for Android and iOS

On 11/12/2023 11:18, Jason Long via Openvpn-users wrote: Hello, If I want to use the "tls-crypt" option, then the "ta.key" must be a separate file and it cannot be merged with the rest of the keys in one file. To be honest, it is difficult to use for both computer and mobile users because it

[Openvpn-users] OpenVPN for Android and iOS

Hello, If I want to use the "tls-crypt" option, then the "ta.key" must be a separate file and it cannot be merged with the rest of the keys in one file. To be honest, it is difficult to use for both computer and mobile users because it is two files. Is there a solution? Thank you. ___

Re: [Openvpn-users] OpenVPN Plugins and Systemd

On 29/11/2023 19:50, Colin Ryan wrote: Folks, Trying to move my openvpn configuration to fully systemd modified. I've compiled openvpn with systemd support and fundamentally it works with the most recent systemd recipe's in the style of openvpn@.service Systemd until has this: [Service] Ty

[Openvpn-users] OpenVPN Plugins and Systemd

Folks, Trying to move my openvpn configuration to fully systemd modified. I've compiled openvpn with systemd support and fundamentally it works with the most recent systemd recipe's in the style of openvpn@.service Systemd until has this: [Service] Type=notify PrivateTmp=true WorkingDirecto

Re: [Openvpn-users] OpenVpn client connect on system start in Linux?

On Wed, 22 Nov 2023 15:03:45 +0100, Marc SCHAEFER wrote: >In the past, you would just verify /etc/default/openvpn >had the AUTOSTART="all" entry and that the config files >would be directly over /etc/openvpn > >Obviously, if you want to go that latter way, read the >text about systemd in that fil

Re: [Openvpn-users] OpenVpn client connect on system start in Linux?

On Wed, Nov 22, 2023 at 03:03:45PM +0100, Marc SCHAEFER wrote: > that particular config, for example, if your file is /etc/openvpn/toto.conf I meant /etc/openvpn/client/toto.conf > systemctl status openvpn-client@toto.service ___ Openvpn-users ma

Re: [Openvpn-users] OpenVpn client connect on system start in Linux?

Hello, On Wed, Nov 22, 2023 at 02:44:57PM +0100, Bo Berglund wrote: > Is it enough to put the OVPN file (renamed to extension conf) into the > /etc/openvpn/client dir? I think it is not enough with recent Debian releases using systemd. AFAIK raspi is somewhat Debian. Here you need to test the st

[Openvpn-users] OpenVpn client connect on system start in Linux?

A quick question: I want to make a RaspberryPi device connect to the home OVPN server when it starts up and also to maintain the connection if there are interruptions such as temporary network access down. When the network is back up it should reconnect. Is it enough to put the OVPN file (renamed

Re: [Openvpn-users] OpenVPN + Tor

>-BEGIN PGP SIGNED MESSAGE- >Hash: SHA256 >Hi, >On Tuesday, 7 November 2023 at 05:27, Jason Long wrote: > > > Hello, > I added the following line to the server.conf file: > > push "route 172.20.0.0 255.255.255.0" > > Then, I restarted the OpenVPN service: > > # systemctl restart op

[Openvpn-users] OpenVPN 2.6.8 released

The OpenVPN community project team is proud to release OpenVPN 2.6.8. This is a small bugfix release fixing a few regressions in 2.6.7 release. User visible changes: * Windows: print warning if pushed options require DHCP (e.g. DOMAIN-SEARCH) and driver in use does not use DHCP (wintun, dco).

[Openvpn-users] OpenVPN 2.6.7 released

The OpenVPN community project team is proud to release OpenVPN 2.6.7. This is a bugfix release containing security fixes. Security Fixes: * CVE-2023-46850 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly use a send buffer after it has been free()d in some circumstances, causing some free()

Re: [Openvpn-users] OpenVPN + Tor

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, On Tuesday, 7 November 2023 at 05:27, Jason Long wrote: > > Hello, > I added the following line to the server.conf file: > > push "route 172.20.0.0 255.255.255.0" > > Then, I restarted the OpenVPN service: > > # systemctl restart openvpn

Re: [Openvpn-users] OpenVPN + Tor

>-BEGIN PGP SIGNED MESSAGE- >Hash: SHA256 >Hi, >--- Original Message --- >On Monday, November 6th, 2023 at 12:26, Jason Long wrote: > > > Hello, > Thank you so much for your reply. > Some lines of my server.conf file are: > > push "redirect-gateway def1 bypass-dhcp" > push "d

  1   2   3   4   5   6   7   8   9   10   >