On 20-08-2015 18:40, David Sommerseth wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 20/08/15 19:11, debbie...@gmail.com wrote:
>> - Original Message - From: "Rui Santos"
>> To:
>> Sent: Thursday, August 20, 2015 3:10 PM Subject: Re:
>> [Openvpn-users] CRL and --CApath u
On 20-08-2015 20:16, debbie...@gmail.com wrote:
> - Original Message -
> From: "David Sommerseth"
> To: ; "Rui Santos"
> Cc:
> Sent: Thursday, August 20, 2015 6:40 PM
> Subject: Re: [Openvpn-users] CRL and --CApath usage
>
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 20/08
On 20-08-2015 22:14, Jan Just Keijser wrote:
> Hi Rui,
Hi Jan,
>
> On 20/08/15 21:19, David Sommerseth wrote:
>> On 20/08/15 21:16, debbie...@gmail.com wrote:
>>> - Original Message - From: "David Sommerseth"
>>>
>>> To: ; "Rui Santos"
>>> Cc:
>>> Sent: Thursday, August 20, 2015 6:40 PM
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 21/08/15 11:55, Rui Santos wrote:
>
> On 20-08-2015 18:40, David Sommerseth wrote: On 20/08/15 19:11,
> debbie...@gmail.com wrote:
- Original Message - From: "Rui Santos"
To:
Sent: Thursday, August
20, 2015 3:10 PM Su
On Fri, Aug 21, 2015 at 1:09 AM, wrote:
>
>
> REMOTE-SERVER / OpenVpn Server
> eth0 X.X.X.X
> 2600:::4d00::1/64
> vpn0 10.0.0.1/24
> 2600:::4dff::1/64
>
> LOCAL-ROUTER / OpenVpn Client
>
Hello Selva
> Just guessing, is the server on a Linode? I had once briefly tested a similar
> setup and, for some reason, the throughput on ipv6 connections was very poor.
> Once your setup is working I would love to hear about the performance.
Yeah the Server that I'm getting access to is one
On 21-08-2015 13:45, David Sommerseth wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 21/08/15 11:55, Rui Santos wrote:
>> On 20-08-2015 18:40, David Sommerseth wrote: On 20/08/15 19:11,
>> debbie...@gmail.com wrote:
> - Original Message - From: "Rui Santos"
> To:
Hi John,
> and a route on the server to the 4d09::/64 through the tunnel. Please
> show us the routes on the server too.
>
>
> ip -6 route
> 2600:::4d00::/64 dev eth0 proto kernel metric
> 256 pref medium
> 2600:::4dff::/64 dev tun1 proto
Hi Selva
ip -6 route
2600:x:x:4d00::/64 dev eth0 proto kernel metric 256 pref
medium
2600:x:x:4dff::/64 dev tun1 proto kernel metric 256 pref
medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
Hi Selva
> Can you ping from the server to the router's 4d09::1 address?
>From the shell on the REMOTE-SERVER, I CAN'T ping6 to the LOCAL-ROUTER's
>internal eth1 interface IP
ping6 2600:x:x:4d09::1
PING 2600:x:x:4d09::1(2600:x:x:4d09::1) 56 data bytes
Just sits there
Hi Selva
> What about ip6tables settings on the router? On my asus router the default
> was to DROP all, so I had to change those.
I have explicit blanket ACCEPT all enabled with verbose logging for all the
prefixes we're dealing with :-/
- John
Some more info on what I see on the firewalls.
On the LOCAL-ROUTER, testing the 2 ping"types", with and without the added
address
"without"
ping6 -c1 2600:x:x:4dff::1
PING 2600:x:x:4dff::1(2600:x:x:4dff::1) 56 data bytes
64 bytes from 2600:x:x:4dff::1: i
> P.S. By the way, if you are doing this only for ipv6 traffic (ie.,
> encryption is not required), its much easier to manage a 6in4 tunnel to the
> Linode. That's what I ended up doing although I still have some performance
> issues..
I can't because we figured out that the ISP blocks "protocol 4
On Fri, Aug 21, 2015, at 11:43 AM, Selva Nair wrote:
> So the packet is dropped by the VPN? I dont have access to my config right
> now, but may be an iroute is required in the config or ccd as in the ipv4
> case of routing LAN clients through VPN. Please check the man page on
> iroute.
I had adde
Crossed in the mail! :-)
On Fri, Aug 21, 2015, at 11:49 AM, Selva Nair wrote:
> > may be an iroute is required
>
> Just checked the man page -- it should be iroute-ipv6 in the ccd. I also
> realized you could use route-ipv6 in the same ccd file to set up the route
> to 4d09 in the system routing
Doing a quick & dirty (one run only) download comparison from my LAN (that's
behind the router, firewall, switch, etc etc).
In this test, the IPv4 traffic is going out locally, through my ISP, and the
IPv6 traffic is going over the VPN.
rm -f linux*tar.gz && \
time wget -4 --no-
I have a OpenVPN 2.3_git [git:master/291c227d2ccecaa9] client/server pair.
In both the Server & Client configs I have
sndbuf 0
rcvbuf 0
tun-mtu 1500
fragment 1300
mssfix
In the client's vpn logs I see these warnings
Fri Aug 21 18:03:45 2015 WARNIN
I got pointed to testing for good mtus
Dropping from 1500, these values give 0% packet loss
ping -M do -s 1472 -c 1 google.com
ping6 -M do -s 1452 -c 1 google.com
anything higher, 100% loss.
I read too MSS == MTU - 40
So for IPv4 MSS= 1432
Which I guess I set with
mssfix 1432
So wha
18 matches
Mail list logo
