age-
> From: The Doctor via Openvpn-users
> [mailto:openvpn-users@lists.sourceforge.net]
> Sent: Saturday, April 4, 2020 4:07 PM
> To: Gert Doering
> Cc: openvpn-users@lists.sourceforge.net
> Subject: Re: [Openvpn-users] First time set up using openvpn
>
> On Sat, A
>
> Tom
>
> -Original Message-
> From: The Doctor via Openvpn-users
> [mailto:openvpn-users@lists.sourceforge.net]
> Sent: Saturday, April 4, 2020 2:55 PM
> To: Gert Doering
> Cc: openvpn-users@lists.sourceforge.net
> Subject: Re: [Openvpn-users] First ti
ng
Cc: openvpn-users@lists.sourceforge.net
Subject: Re: [Openvpn-users] First time set up using openvpn
On Sat, Apr 04, 2020 at 03:57:21PM +0200, Gert Doering wrote:
> Hi,
>
> On Sat, Apr 04, 2020 at 06:54:48AM -0600, The Doctor wrote:
> > > As soon as you have the TLS-A
On Sat, Apr 04, 2020 at 03:25:37PM +0200, Dajka Tam?s wrote:
> You are missing the authentication fully.
>
> Since you plan to use radius authentication and not cert base auth, you must
> have these lines in the server.conf:
>
> verify-client-cert none
> username-as-common-name
>
> plugin /lib64
On Sat, Apr 04, 2020 at 03:57:21PM +0200, Gert Doering wrote:
> Hi,
>
> On Sat, Apr 04, 2020 at 06:54:48AM -0600, The Doctor wrote:
> > > As soon as you have the TLS-Auth part sorted out - there is no
> > > authentication backend configured on the server, so it won't do
> > > LDAP or radius. As
The Doctor via Openvpn-users
> [mailto:openvpn-users@lists.sourceforge.net]
> Sent: Saturday, April 4, 2020 2:55 PM
> To: Gert Doering
> Cc: openvpn-users@lists.sourceforge.net
> Subject: Re: [Openvpn-users] First time set up using openvpn
>
> On Sat, Apr 04, 2020 at 0
Hi,
On Sat, Apr 04, 2020 at 06:54:48AM -0600, The Doctor wrote:
> > As soon as you have the TLS-Auth part sorted out - there is no
> > authentication backend configured on the server, so it won't do
> > LDAP or radius. As for "how to do this", there's many possible ways
> > - you can use a plugi
You are missing the authentication fully.
Since you plan to use radius authentication and not cert base auth, you must
have these lines in the server.conf:
verify-client-cert none
username-as-common-name
plugin /lib64/openvpn/plugins/openvpn-plugin-auth-pam.so "openvpn login
USERNAME password PA
-
From: The Doctor via Openvpn-users
[mailto:openvpn-users@lists.sourceforge.net]
Sent: Saturday, April 4, 2020 2:55 PM
To: Gert Doering
Cc: openvpn-users@lists.sourceforge.net
Subject: Re: [Openvpn-users] First time set up using openvpn
On Sat, Apr 04, 2020 at 09:24:24AM +0200, Gert Doering wrot
On Sat, Apr 04, 2020 at 09:24:24AM +0200, Gert Doering wrote:
> Hi,
>
> On Fri, Apr 03, 2020 at 05:30:23PM -0600, The Doctor via Openvpn-users wrote:
> > tls-auth /usr/local/etc/openvpn/server/ta.key 0 # This file is secret
>
> If you have this on the server...
>
> > ;tls-auth /usr/local/etc/ope
That's not a top-post but this is.
And for throwing catb be at me take this:
http://catb.org/~esr/faqs/smart-questions.html
On 04/04/2020 03:47, The Doctor wrote:
On Sat, Apr 04, 2020 at 01:59:43AM +0100, tincanteksup wrote:
Hi Doctor,
HMAC indicates that your --tls-auth settings are incorr
Hi,
On Fri, Apr 03, 2020 at 05:30:23PM -0600, The Doctor via Openvpn-users wrote:
> tls-auth /usr/local/etc/openvpn/server/ta.key 0 # This file is secret
If you have this on the server...
> ;tls-auth /usr/local/etc/openvpn/server/ta.key 1
... you MUST have it on the client as well.
> verb 9
t
On Fri, Apr 03, 2020 at 08:47:36PM -0600, The Doctor via Openvpn-users wrote:
> On Sat, Apr 04, 2020 at 01:59:43AM +0100, tincanteksup wrote:
> > Hi Doctor,
> >
> > HMAC indicates that your --tls-auth settings are incorrect.
> >
> > I point out the fault below.
> >
> > Shameless plug:
> > https:
On Sat, Apr 04, 2020 at 01:59:43AM +0100, tincanteksup wrote:
> Hi Doctor,
>
> HMAC indicates that your --tls-auth settings are incorrect.
>
> I point out the fault below.
>
> Shameless plug:
> https://github.com/TinCanTech/easy-tls/wiki
>
> FTR:
> "# This file is secret"
> could be better ex
Hi Doctor,
HMAC indicates that your --tls-auth settings are incorrect.
I point out the fault below.
Shameless plug:
https://github.com/TinCanTech/easy-tls/wiki
FTR:
"# This file is secret"
could be better explained as
"# This file is shared secret"
HTH
tct
On 04/04/2020 00:30, The Docto
15 matches
Mail list logo
