[Openvpn-users] http-encapsulation

Hi all, Is there anyone around here, that performed a measurement what the impact is of doing http-encapsusation (http-proxy) with openvpn? My case: - Client & servers are on a (huge) LAN - client is 2.4.6, servers are 2.4.7 - Setting up a vpn connection with UDP, doing a ping toward machine beh

Re: [Openvpn-users] Quite a few "Authenticate/Decrypt packet error: bad packet ID (may be a replay)" warnings

Hi, I noticed those "--mute-replay-warnings" to. But it wondered, is it wise and/or safe to mute those warnings? They were brought up (I presume) for a good reason... Hans. -Original Message- From: Ralf Hildebrandt Sent: Monday, June 15, 2020 4:43 PM To: openvpn-users@lists.sourceforge

Re: [Openvpn-users] To Generate IPs by Range

Multiple vpn-processes, each with their own (udp)-port, and their own subnet. For 16 clients you would need /28, for 32 clients a /27 From: "Fermin Francisco via Openvpn-users" mailto:openvpn-users@lists.sourceforge.net>> Date: Sunday, 26 July 2020 at 00:45:25 To: "openvpn-users@lists.sourceforg

[Openvpn-users] Forced disconnect on TCP

Hi all, I've got a peculiar situation: When setting up a tunnel with http encapsulation, all seems to work OK, However, after starting a Citrix-session and a Skype4Business meeting, the tunnel is aborted, SEEMINGLY by the server. (note: seemingly) I can restart the session, but with minutes (vary

Re: [Openvpn-users] Concatenate CRL's?

I thought this “feature” was solved some versions ago? Long time ago (version 2.1.4) I was caught off-guard by it, and had to solve it in a different way. From: "Stefan Monnier" mailto:monn...@iro.umontreal.ca>> Date: Monday, 18 January 2021 at 21:32:33 To: "openvpn-users@lists.sourceforge.net"

Re: [Openvpn-users] Flock of openvpn Servers: how to make one machine stop accepting NEW clients?

From: "Bogdan Rudas via Openvpn-users" mailto:openvpn-users@lists.sourceforge.net>> Date: Wednesday, 10 February 2021 at 22:42:37 To: "Ralf Hildebrandt" mailto:ralf.hildebra...@charite.de>> Cc: "Openvpn Users" mailto:openvpn-users@lists.sourceforge.net>> Subject: Re: [Openvpn-users] Flock of

Re: [Openvpn-users] OpenVPN freezes few seconds after each connection

Hi Thibault, There might be countless reasons for that you described. Personally, I met with them twice. One irregular returning, was caused by an unstable DNS-server, causing random delays. The other was caused by the single-thread auth architecture of openvpn, where the connection set-up by

Re: [Openvpn-users] [ext] (no subject)

From: "Stella Ashburne" mailto:rewe...@gmx.com>> Date: Thursday, 2 December 2021 at 17:15:23 To: "openvpn-users@lists.sourceforge.net" mailto:openvpn-users@lists.sourceforge.net>> Subject: Re: [Openvpn-users] [ext] (no subject No, I don't have access to the server's logs as my VPN provider is

Re: [Openvpn-users] Failover Openvpn

Hi Marcello, Yes, in principe it is possible to use identical addresses for multiple servers. Point however, why would you? You might solve some issues, but you get a shipload of new challenges in return… Your vpn server has an external adres, and that should be unique, though a common dns-name c

Re: [Openvpn-users] [ext] Re: OpenVPN-2.6.0-I004-amd64.msi still fails to work on Microsoft Windows 11 if opvpn-dco is enabled

Wasn’t compression done by openvpn considered a security risk, and to be avoided. Afaicr, Stephan Karger stated that compression should be done elsewhere. From: "Gert Doering" mailto:g...@greenie.muc.de>> Date: Friday, 10 February 2023 at 10:14:40 To: "Ralf Hildebrandt" mailto:ralf.hildebra...@

Re: [Openvpn-users] openVPN vs openSSH for single user access

Before opening SSH to the wordld, you might contemplate encapsulating it with stunnel. It also helps with paranoid firewalls ;-) -Original Message- From: Stefanie Leisestreichler Sent: Tuesday, February 14, 2023 4:42 PM To: openvpn-users@lists.sourceforge.net Subject: [Openvpn-users] ope

Re: [Openvpn-users] How to run multiple configuration files at the same time?

You can not have multiple processes listening on the same UDP port. We have dozens of vpn processes, EACH listening on its own dedicated UDP or TCP port. If you don’t like to have “complicated client config files”, then you just need infront of your vpn-services a simple iptables DNAT-rule, spr

Re: [Openvpn-users] Multiple OpenVPN server on one NIC

The combination of your server address AND your ther port number your process is listening on must be different. So, on a single NIC (one up-address) you can have dozens of vpn-processes, each listening on its own port. PS, it is recommended that each vpn process hands out unique pool of addres

Re: [Openvpn-users] OpenVPN multiple connections and multiple NICs

From: "Jason Long via Openvpn-users" mailto:openvpn-users@lists.sourceforge.net>> Date: Saturday, 22 July 2023 at 15:06:10 To: "openvpn-users@lists.sourceforge.net" mailto:openvpn-users@lists.sourceforge.net>> Subject: [Openvpn-users] OpenVPN multiple connections and multiple NICs Hello, My O

Re: [Openvpn-users] How to write the iptables rules for a NIC with multiple IP addresses?

From: "Jason Long via Openvpn-users" mailto:openvpn-users@lists.sourceforge.net>> Date: Saturday, 29 July 2023 at 16:18:44 To: "Tincantech via Openvpn-users" mailto:openvpn-users@lists.sourceforge.net>> Subject: [Openvpn-users] How to write the iptables rules for a NIC with multiple IP addres

Re: [Openvpn-users] How to determine the correct MTU/fragment value in OpenVPN 2.6

See below. From: "tincantech via Openvpn-users" mailto:openvpn-users@lists.sourceforge.net>> Date: Saturday, 29 July 2023 at 18:19:07 To: "Niccolò Belli" mailto:darkba...@linuxsystems.it>> Cc: "openvpn-users@lists.sourceforge.net" mailto:openvpn-users@lists.sourceforge.net>> Subject: Re: [Open

Re: [Openvpn-users] How to write the iptables rules for a NIC with multiple IP addresses?

Some thoughts below... -Original Message- From: Bo Berglund Sent: Sunday, July 30, 2023 6:02 PM To: openvpn-users@lists.sourceforge.net Subject: Re: [Openvpn-users] How to write the iptables rules for a NIC with multiple IP addresses? On Sat, 29 Jul 2023 14:11:48 + (UTC), Jason Long

Re: [Openvpn-users] A question about the local statement

From: "Bruno Tréguier via Openvpn-users" mailto:openvpn-users@lists.sourceforge.net>> Date: Monday, 14 August 2023 at 17:01:19 To: "openvpn-users@lists.sourceforge.net" mailto:openvpn-users@lists.sourceforge.net>> Subject: Re: [Openvpn-users] A question about the local statement Hello, Le 14

Re: [Openvpn-users] Unable to redirect IPv4 default gateway -- Cannot read current default gateway from system

From: "Jason Long via Openvpn-users" Hello, I set a default getaway for my client and that error solved. My question is that, suppose you want to set multiple public IP addresses on the OpenVPN server. How do you As I suggested before… Did you read: https://lartc.org/lartc.pdf ? It litera

Re: [Openvpn-users] Revoke a certificate and reuse it

From: "Jason Long via Openvpn-users" mailto:openvpn-users@lists.sourceforge.net>> Date: Saturday, 26 August 2023 at 07:40:18 To: "openvpn-users@lists.sourceforge.net" mailto:openvpn-users@lists.sourceforge.net>>, "Jochen Bern" mailto:jochen.b...@binect.de>> Subject: Re: [Openvpn-users] Revoke

Re: [Openvpn-users] URL forwarding and blacklisting

See below -Original Message- From: Jochen Bern Sent: Friday, September 22, 2023 1:06 AM To: openvpn-users@lists.sourceforge.net Subject: Re: [Openvpn-users] URL forwarding and blacklisting On 21.09.23 21:50, Jason Long via Openvpn-users wrote: > Hello,I have two questions:1- When someone

Re: [Openvpn-users] Issue with "up" and "down" script

Up/down relate to the state of the tun device. It takes some time until you can send data through it. From: "Leroy Tennison via Openvpn-users" mailto:openvpn-users@lists.sourceforge.net>> Date: Saturday, 11 November 2023 at 07:21:17 To: "Openvpn Users" mailto:openvpn-users@lists.sourceforge.net

Re: [Openvpn-users] Reference manual for OpenVPN 2.6 PDF

From: "Antonio Quartulli" mailto:a...@unstable.cc>> Date: Monday, 11 December 2023 at 12:02:33 To: "Jason Long" mailto:hack3r...@yahoo.com>>, "Tincantech via Openvpn-users" mailto:openvpn-users@lists.sourceforge.net>> Subject: Re: [Openvpn-users] Reference manual for OpenVPN 2.6 PDF Hi, On 1

Re: [Openvpn-users] Bypassing censorship devices

From: "Peter Davis via Openvpn-users" mailto:openvpn-users@lists.sourceforge.net>> Date: Tuesday, 12 December 2023 at 07:08:08 To: "Tincantech via Openvpn-users" mailto:openvpn-users@lists.sourceforge.net>> Subject: [Openvpn-users] Bypassing censorship devices Hello, How to use OpenVPN in a c

Re: [Openvpn-users] Bypassing censorship devices

From: "Peter Davis" mailto:peter.davis1...@proton.me>> Date: Tuesday, 12 December 2023 at 19:29:03 To: "Witvliet, J, Ing." mailto:j.witvl...@mindef.nl>> Cc: "openvpn-users@lists.sourceforge.net" mailto:openvpn-users@lists.sourceforge.net>> Subject: Re: [Openvpn-users] Bypassing censorship devi

Re: [Openvpn-users] Bypassing censorship devices

rceforge.net>> Subject: Re: [Openvpn-users] Bypassing censorship devices > On Tuesday, December 12th, 2023 at > 5:13 PM, Stella Ashburne via > Openvpn-users wrote: > Attention: Peter Davis > > Hi Peter > > > Sent: Tuesday, December 12, 2023 at 3:15 PM &g

Re: [Openvpn-users] Bypassing censorship devices

From: "Peter Davis via Openvpn-users" mailto:openvpn-users@lists.sourceforge.net>> Date: Tuesday, 12 December 2023 at 19:46:18 To: "Stella Ashburne" mailto:rewe...@gmx.com>> Cc: "openvpn-users@lists.sourceforge.net" mailto:openvpn-users@lists.sourceforge.net>> Subject: Re: [Openvpn-users] Bypa

Re: [Openvpn-users] Reference manual for OpenVPN 2.6 PDF

From: "Jochen Bern" mailto:jochen.b...@binect.de>> Date: Wednesday, 13 December 2023 at 09:56:08 To: "openvpn-users@lists.sourceforge.net" mailto:openvpn-users@lists.sourceforge.net>> Subject: Re: [Openvpn-users] Reference manual for OpenVPN 2.6 PDF On 13.12.23 07:44, Jason Long via Openvpn-us

Re: [Openvpn-users] Bypassing censorship devices

From: Peter Davis Sent: Wednesday, December 13, 2023 10:52 AM To: Witvliet, J, Ing. Cc: rewe...@gmx.com; openvpn-users@lists.sourceforge.net Subject: Re: [Openvpn-users] Bypassing censorship devices > On Wednesday, December 13th, 2023 at 12:13 AM, > j.witvl...@mindef.nl

[Openvpn-users] tls-crypt2

Hi all, Before asking the obvious: yes, i did go through the man-page, and doc/tls-crypt-v2.txt... :) Today I was experimenting with "crypt2": 1) I can generate a tls-crypt2-server-key 2) And based on that key, I can generate several tls-crypt2-client-keys So far so good, BUT: 1) how can I

Re: [Openvpn-users] OpenVPN on port 443

How about using stunnel instead? From: "Gert Doering" mailto:g...@greenie.muc.de>> Date: Wednesday, 24 January 2024 at 13:03:30 To: "Peter Davis" mailto:peter.davis1...@proton.me>> Cc: "openvpn-users@lists.sourceforge.net" mailto:openvpn-users@lists.sourceforge.net>> Subject: Re: [Openvpn-users]

[Openvpn-users] key length

Dear all, Last week i got a reminder, that (at least in Germany by the BSI ) the minimum key-length has been changed to 3072 bits. And before someone is going to mention it: yes, I know that according to NIST, 2K keys could be used until 2030 So, can Openvpn handle keys longer than 2K? Met vri

Re: [Openvpn-users] key length

Re: [Openvpn-users] key length Unable to verify the message Hi, On Wed, Feb 21, 2024 at 02:39:04PM +, Hans via Openvpn-users wrote: > Last week i got a reminder, that (at least in Germany by the BSI ) the > minimum key-length has been changed to 3072 bits. > And before someone is g

[Openvpn-users] (reversed) proxy

Hi all, At the openvpn client side it is possible to use http-encapsulation, For instance, we use in our client-config: (snip) http-proxy url-site-A 443 remote url_vpn-XXX tcp http-proxy url-site-A 443 remote url_vpn-XXX tcp http-proxy url-site-A 443 remote url_vpn-YYY

Re: [Openvpn-users] (reversed) proxy

Hallo Jan, From: Jan Just Keijser Sent: Wednesday, May 22, 2024 2:19 PM To: Witvliet, J, Ing., COMMIT/JIVC/GII/TEAM ITT ; openvpn-users@lists.sourceforge.net Subject: Re: [Openvpn-users] (reversed) proxy Hoi Hans, On 22/05/2024 12:41, Hans via Openvpn-users wrote: Hi all, At the openvpn

Re: [Openvpn-users] hide openvpn traffic completely

How about feeding OpenVPN through Stunnel? From: "Gert Doering" mailto:g...@greenie.muc.de>> Date: Tuesday, 19 November 2024 at 17:53:32 To: "sergio" mailto:ser...@outerface.net>> Cc: "Tincantech via Openvpn-users" mailto:openvpn-users@lists.sourceforge.net>> Subject: Re: [Openvpn-users] hide op