Hi,
On 22/07/20 13:32, Richard Hector wrote:
On 21/07/20 11:23 pm, Jan Just Keijser wrote:
Hi Richard,
On 19/07/20 12:04, Richard Hector wrote:
That's what I couldn't manage - a p2p network (no client or server)
using certificates. In the end I concluded it couldn't be done, but I'm
happy to
Hi,
On Wed, Jul 22, 2020 at 11:32:06PM +1200, Richard Hector wrote:
> > cipher aes-256-gcm
[..]
>
> > - in this mode, NCP is disabled and hence you would not get GCM
> > encrpytion - thus you need to specify it explicitly.
>
> I wasn't familiar with either of those. It seems NCP isn't needed
> b
On 19/07/20 10:44 pm, Gert Doering wrote:
> Hi,
>
> On Sun, Jul 19, 2020 at 10:32:42PM +1200, Richard Hector wrote:
>> > NAT with port translation in beteween? If the port
>> > changes after a restart, and the other end has no --float in the config,
>> > things will not work. Here a clear cli
On 21/07/20 11:23 pm, Jan Just Keijser wrote:
> Hi Richard,
>
> On 19/07/20 12:04, Richard Hector wrote:
>> That's what I couldn't manage - a p2p network (no client or server)
>> using certificates. In the end I concluded it couldn't be done, but I'm
>> happy to be corrected.
>>
> this can be ach
On 21/07/20 13:16, Jan Just Keijser wrote:
Does --keepalive work in p2p mode ?
yes it does.
as a minor followup: as the manual page states
--keepalive 10 60
translates to
if mode server:
ping 10 # Argument: interval
ping-restart 120 # Argument: ti
Hi Richard,
On 19/07/20 12:04, Richard Hector wrote:
[...]
This is also why I never really considered the static key p2p mode when
implementing these new unit files. The advantage of these unit files are
essentially that they add more hardening outside of OpenVPN as well and the
server side wi
What is the effect of setting --nobind in the systemd unit file and then
--lport/--rport in the config ?
Does --keepalive work in p2p mode ?
On 19/07/2020 06:09, Richard Hector wrote:
Hi all,
I have 4 machines (actually VPSes) that have a full mesh of VPNs between
them. I'm using a slightly
Hi,
On Sun, Jul 19, 2020 at 11:42:48AM +0100, tincanteksup wrote:
> Try removing these settings:
>
> > user nobody
> > group nogroup
> > persist-key
> > persist-tun
>
> If you study your logs you will probably notice their effects.
In p2p mode, I do not think think it will make any differen
Hi,
On Sun, Jul 19, 2020 at 10:32:42PM +1200, Richard Hector wrote:
> > NAT with port translation in beteween? If the port
> > changes after a restart, and the other end has no --float in the config,
> > things will not work. Here a clear client/server role also helps, as
> > there is a well
Try removing these settings:
> user nobody
> group nogroup
> persist-key
> persist-tun
If you study your logs you will probably notice their effects.
On 19/07/2020 06:09, Richard Hector wrote:
Hi all,
I have 4 machines (actually VPSes) that have a full mesh of VPNs between
them. I'm using a
On 19/07/20 10:08 pm, Gert Doering wrote:
> Hi,
>
> On Sun, Jul 19, 2020 at 09:56:09PM +1200, Richard Hector wrote:
>> I'm aware of the flags in the cert, and (IIRC) managed to enable both
>> client and server flags, and both client and server worked with the same
>> cert.
>
> Good :-)
>
>> What
Hi,
On Sun, Jul 19, 2020 at 09:56:09PM +1200, Richard Hector wrote:
> I'm aware of the flags in the cert, and (IIRC) managed to enable both
> client and server flags, and both client and server worked with the same
> cert.
Good :-)
> What I wasn't able to do is have identical (well, reversed) co
On 19/07/20 9:20 pm, David Sommerseth wrote:
> On 19/07/2020 07:09, Richard Hector wrote:
>> Hi all,
>>
>> I have 4 machines (actually VPSes) that have a full mesh of VPNs between
>> them. I'm using a slightly-modified version of the 'client' example
>> config. Since it appears TLS, and the use of
On 19/07/20 9:09 pm, Gert Doering wrote:
> Hi,
>
> On Sun, Jul 19, 2020 at 05:09:59PM +1200, Richard Hector wrote:
>> I have 4 machines (actually VPSes) that have a full mesh of VPNs between
>> them. I'm using a slightly-modified version of the 'client' example
>> config. Since it appears TLS, and
On 19/07/2020 07:09, Richard Hector wrote:
> Hi all,
>
> I have 4 machines (actually VPSes) that have a full mesh of VPNs between
> them. I'm using a slightly-modified version of the 'client' example
> config. Since it appears TLS, and the use of certificates, requires
> named client and server pe
Hi,
On Sun, Jul 19, 2020 at 05:09:59PM +1200, Richard Hector wrote:
> I have 4 machines (actually VPSes) that have a full mesh of VPNs between
> them. I'm using a slightly-modified version of the 'client' example
> config. Since it appears TLS, and the use of certificates, requires
> named client
16 matches
Mail list logo
