Re: [Openvpn-users] [Openvpn-devel] why doesn't openvpn negotiate settings?

2013-08-16 Thread /dev/rob0
ement a broken protocol, however. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: -- Get 100% visibility into Java/.NET code wit

Re: [Openvpn-users] how to know which part of the /30 to push

2013-09-11 Thread /dev/rob0
upgrade your server or clients to 2.1+, definitely do so. Might as well go for 2.3 now. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: ---

Re: [Openvpn-users] openvpn and iptables rules advice

2014-04-28 Thread /dev/rob0
7;t connect > > Here is my services: > > udp 0 0 0.0.0.0:500 0.0.0.0:* 3115/charon > udp 0 0 0.0.0.0:1701 0.0.0.0:* 2885/xl2tpd > udp 0 0 162.245.256.150:6000 0.0.0.0:* 2818/openvpn > udp 0 0 0.0.0.0:4500 0.0.0.0:* 3115/charon > udp6 0 0 :::500 :::* 3115/charon

Re: [Openvpn-users] Changing openvpn dhcp pool

2016-03-19 Thread /dev/rob0
cted. Remove --client-to-client if you need firewalling. > Do you have any idea how can I make it work? Even I tired to add > it to INPUT and OUTPUT. Forwarded packets do not go to INPUT nor OUTPUT chains. -- http://rob0.nodns4.us/ Offlist GMX mail

Re: [Openvpn-users] Site-to-site: VPN'd into one Site

2016-03-28 Thread /dev/rob0
eally can't get a useful answer without sharing what you have done with your configuration. You might also include a diagram (ASCII inline, or an image via an image sharing service or other HTTP link) to show what networks you have and what you'd like clients to "see". -- ht

Re: [Openvpn-users] Site-to-site: VPN'd into one Site

2016-03-28 Thread /dev/rob0
VPN server's config file. > 4. I will draw up a diagram and share it soon. -- http://rob0.nodns4.us/ Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: -- Transform Data into Opportuni

Re: [Openvpn-users] Assign publicly accessible ip to client using openvpn

2016-04-07 Thread /dev/rob0
le; you can fill it in from JJK's book. Yes, you can do the NAT as JJK suggested, but ugh, NAT is bad. -- http://rob0.nodns4.us/ Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: -- _

Re: [Openvpn-users] Transfer Easy-RSA PKI to OpenVPN Access Server.

2016-05-06 Thread /dev/rob0
s not possible to transfer, is it possible to set up > a PKI with OpenVPN Access Server. Easy-rsa is simply a frontend for OpenSSL's ca(1) utility, but again, specific questions regarding OpenVPN-AS don't belong here. -- http://rob0.nodns4.us/ Offlist GMX mail is seen only if

Re: [Openvpn-users] OpenVPN and IPTables

2016-05-18 Thread /dev/rob0
h some good self help factoids. I think maybe you want !serverlan, but I can't tell from what you have said. The #netfilter channel has good information in the /topic on general best practices. I'm not sure that the per-user chain sounds like

Re: [Openvpn-users] OpenVPN and IPTables

2016-05-19 Thread /dev/rob0
Comments to both posters inline ... On Fri, May 20, 2016 at 12:42:31AM +0200, David Sommerseth wrote: > On 19/05/16 20:47, Scott Crooks wrote: > > Thank you also for the explanation regarding the firewalling. > > Part of the problem (and why I didn't reply to /dev/rob0) is

Re: [Openvpn-users] openvpn problems

2016-05-25 Thread /dev/rob0
ou, and that they disconnect you when you have exceeded the limit? > pls give me suggestion The only way I imagine you can get around your ISP's limits would be to get a new ISP, or to ask them to change the limit. Am I missing something? -- http://rob0.nodns4.us/ Offlist GMX

Re: [Openvpn-users] ignoring server control message

2016-06-18 Thread /dev/rob0
d it cut off my ssh connections like clockwork, every 60 seconds. The cure was a UDP peer-to-peer openvpn, then ssh through the tunnel, and all was well. Let me tell you, it was not easy setting up openvpn with only a few seconds per connection to be able to typ