[Openvpn-users] disabling compression on the fly?

2018-10-09 Thread Ralf Hildebrandt
Currently we're suppling our user with a charite.ovpn File containing: ... compress lzo ... In some cases, we're overriding this on the server side by using: if (defined $ENV{'IV_LZ4'}) { $logger->info("$username lz4: available"); push @outline, 'compress lz4'; push @outline, 'push "com

Re: [Openvpn-users] disabling compression on the fly?

2018-10-09 Thread Jan Just Keijser
Hi Ralf, On 09/10/18 13:35, Ralf Hildebrandt wrote: Currently we're suppling our user with a charite.ovpn File containing: ... compress lzo ... In some cases, we're overriding this on the server side by using: if (defined $ENV{'IV_LZ4'}) { $logger->info("$username lz4: available"); pu

Re: [Openvpn-users] [ext] Re: disabling compression on the fly?

2018-10-09 Thread Ralf Hildebrandt
> which means that if you would use >   compress stub-v2 > then you'd basically end up with bogus compression - this does not seem to > be documented and I have no idea what the main difference is between 'stub' > and 'stub-v2'. In the end I resorted to this: if ($version =~ "2\.3\.") { push @

Re: [Openvpn-users] [ext] Re: disabling compression on the fly?

2018-10-09 Thread Ralf Hildebrandt
* Ralf Hildebrandt : > In the end I resorted to this: > > if ($version =~ "2\.3\.") { >push @outline, 'compress lzo'; >push @outline, 'push "compress lzo"'; > } > else { >push @outline, 'compress'; >push @outline, 'push "compress"'; ># compression considered insecure > } Addi

[Openvpn-users] OpenVPN cipher issue?

2018-10-09 Thread Alex K
Hi all, I have lately upgraded the OpenVPN server to Debian9 which is using openvpn 2.4.0-6. I have several openvpn clients terminating to this server which are running Debian7 and one of them Ubuntu 12.04. I know, these are old... The debian7 ones are able to terminate the server and connectivity

Re: [Openvpn-users] OpenVPN cipher issue?

2018-10-09 Thread Gert Doering
Hi, On Tue, Oct 09, 2018 at 05:46:23PM +0300, Alex K wrote: > confirmed, while the Ubuntu one is having a hard time. When establishing > VPN with the server the Ubuntu client gives the error: > > RTue Oct 9 14:26:23 2018 us=825324 cipher_ctx_update_ad: > EVP_CipherUpdate() failed > Tue Oct 9 14

Re: [Openvpn-users] OpenVPN cipher issue?

2018-10-09 Thread Alex K
Hi Girt, On Tue, Oct 9, 2018 at 6:23 PM Gert Doering wrote: > Hi, > > On Tue, Oct 09, 2018 at 05:46:23PM +0300, Alex K wrote: > > confirmed, while the Ubuntu one is having a hard time. When establishing > > VPN with the server the Ubuntu client gives the error: > > > > RTue Oct 9 14:26:23 2018

[Openvpn-users] Reg openvpn frequent disconnect

2018-10-09 Thread Johncy Bennette
Hi, In my Linux system, I am seeing my openvpn restarts many time due to one of the following reasons The server configuration has ping 10, ping-restart 10 and same is pushed to client. 1. [*.xxx.com] Inactivity timeout (--ping-restart), restarting 2. [UNDEF] Inactivity timeout (--ping-restart)

Re: [Openvpn-users] OpenVPN cipher issue?

2018-10-09 Thread Gert Doering
Hi, (copying in openvpn-devel, as this is something Steffan will want to see...) On Tue, Oct 09, 2018 at 06:41:30PM +0300, Alex K wrote: > Adding some more lines (verbosity 3): > > Tue Oct 9 15:38:17 2018 UDP link remote: [AF_INET]:1195 > Tue Oct 9 15:38:17 2018 TLS: Initial packet from [AF_IN

Re: [Openvpn-users] Elliptic Curves - Confirm differences (and evaluate) new settings

2018-10-09 Thread Steffan Karger
Hi, On 07-10-18 10:39, t...@thlu.de wrote: > OS: Debian 9.5, Raspian 9.4 > Openvpn: 2.4.6 > > Is it possible to confirm, that ECDH is really used? I have done 3 > tries, and it seems, all of them come to the same result: > > 1 (old): > dh   /etc/openvpn/dh.pem > tls-auth /etc/openvpn/ta.key