ng
relies on to reduce runtime) - and breaking and decrypting that traffic
does not help decrypt the next blob of traffic (ie it's about as good as
it gets)
Hopefully I haven't blown cover by saying too much that's incorrect
there - I'm sure someone else will let us know if I have!
gotta think that part
through - otherwise you will get burnt)
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
signature.asc
Descript
ouldn't it
just be removed from the code, or pushed down to some lower logging
level so that most people don't see it? Or at least have " (probably
nothing to be concerned with)" added to it. :-)
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 4
I don't know of any other product with that kind of option. As far
as I'm aware, if you're doing OTK, the expectation is you are using it
every time you connect - just like you're currently seeing...
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
g
on TCP. If scanning a TCP port returns "closed", that 100% means
there's nothing running on it (ignoring firewall rules that limit by ip
address). It *must* return "open" for any of your openvpn clients to
ever be able to use it
--
Cheers
Jason Haar
Information Security
o - but to be precise, openvpn doesn't do
standard TLS negotiation (at least if you are using tls-auth as you
should be) - so some layer7 firewalls
could potentially even block openvpn on tcp port 443 - however, most
don't :-)
--
Cheers
Jason Haar
Information Security Manager, Trimble N
u
can try to engineer yourself a foolproof system, but the Universe can
always engineer a better fool
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint:
;
> vs. if it were using it, correct?
>
Yes it is more likely, but it's 0.0001% more likely (or not: maybe more
or less)
Give it a try and see how it goes. No-one can actually answer this
question for your situation - only you can decide if it's appropriate or not
--
Cheers
Jason
ganization* trying to protect *the organization's*
laptops and users
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
What feature does "--remote-random-hostname" give you that having a
10second TTL on one DNS record wouldn't?
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063
tches,
you can subvert that general rule by doing tricks with arp spoofing/etc.
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407
f djb: "profile, don't speculate"
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
--
Is yo
ie "iperf -c server.name" measures throughput, whereas "iperf -c
server.name -P4" measures bandwidth (ie push 4 sessions in parallel
normally saturates a WAN link, if not, try 8, 10, etc until you do)
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
igger
than the maximum number of clients - but that isn't a big deal on our
10/8 network.
This is the biggest thing I love about openvpn: the scripting triggers
it supports. You can basically make it do anything :-)
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigat
;d even think of increasing that
yet again. The theoretical risk of someone actually brute forcing a key
in that time window is still nearly infinitely less than the actual
impact of key renegotiation on openvpn
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone:
t;Freedom from choice: is what you want" ;-)
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
>
/tmp/file" to dump environment variables, there's no such details from
the clients getting through
Have I missed something? Thanks!
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 C
#x27;ve connected to the management port and went
through the options that "help" showed - nothing seemed to show me such
details? (eg "status 2")
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E
Well that means I'm out of luck then ;-)
It does seem like git master has been patched so that this peer-info is
now available via env variables as well - so if we jump into the
development unknown we could use the feature: I think we'll just have to
pass ;-)
Thanks!
--
Cheers
Jason H
Well that was basically painless
Now I see the following is available to scripts called on the server,
nice :-)
IV_HWADDR=52:54:00:ff:72:87
IV_PLAT=win
IV_SSL=OpenSSL_1.0.1i_6_Aug_2014
IV_VER=2.3.4
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1
about our server on our work network and
everything about (say) my client laptop on my home network - but
there's a vast range of "Internet" between the two that I know nothing
about, so it's not worth mentioning ;-)
Thanks!
--
Cheers
Jason Haar
Corporate Information Securi
any cipher/etc decisions as possible on the server, so I'd rather not
define tls-cipher on the clients, only the server. So am I correct in
saying that an openvpn network using tls-auth plus client certs should
be effectively immune to MiTM attacks, thereby making it OK to leave as
much decis
ys of connection tracking.
Couldn't agree more. You really need to use "client-connect" and
"client-disconnect" so that you can create START/STOP records - they are
the only things that really get it right
--
Cheers
Jason Haar
Corporate Information Security Man
ient connects, server triggers --client-connect
4. server realizes client has disconnected
I had some "cleanup" code in "4" which meant the server turned around
and killed the "3" instead of the "1" - not what I wanted ;-). Still -
all fixable thanks to t
nnel's DNS settings. It was written in 2006
so maybe it doesn't work on the newer OSes?
Anyway, has anyone out there found out how to do this and is willing to
share? :-)
Thanks!
PS: I'm using this
http://openvpn.net/archive/openvpn-users/2006-10/msg00120.html
--
Cheers
Jason Ha
7;m not a Mac
person, but I interpret this as meaning when I do "nslookup
blah.corporate.domain", the Mac sends it to "resolver #1" instead of
"resolver #2". Once that is fixed, it should all work?
--
Cheers
Jason Haar
Corporate Information Securi
op around
and retry making a connection - like it does on our Linux clients.
Very odd. The log shows no real error that I can see - it simply seems
to be sleeping without doing anything? BTW I download this logfile an
hour after the client tunnel disappeared after the IP change - the last
line in th
1:05, Jonathan K. Bullard wrote:
> On Wed, Sep 3, 2014 at 8:37 AM, Gert Doering wrote:
>> On Wed, Sep 03, 2014 at 06:41:17PM +1200, Jason Haar wrote:
>>> Anyway, has anyone out there found out how to do this and is willing to
>>> share? :-)
>> I have no direct answer, bu
ils to restart?
So obviously I fixed the down script and now running as a service is
moving happily between IP addresses, but is does look like a minor bug?
Thanks again for the suggestion!
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
an do to stop this happening again (besides better QA
on our "up" script ;-)
Thanks!
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
-
n. I'll look to see if I can remove some of the calls, that
should help
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
-
I'm doing it incorrectly :-)
server is 2.3_git, and this is over UDP of course (I doubt this is an
issue over TCP, although I haven't tested)
Thanks
--
Cheers
Jason Haar
Corporate Information Security Manager
t by bots all the time - precisely because we have it running on HTTPS
port. So a bit of luck in the timing could end with logs implying a
correlation between a client connect and a bot that really doesn't exist
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigatio
smasq to forward queries for
"*.company.dns" to the appropriate intranet DNS servers irrespective of
the state of the openvpn tunnel (ie they'll fail if it's not running,
but that's OK because they'd fail anyway)
Have I got it correct? Thanks
--
Cheers
Jason Haar
Cor
at value is
returned. If your VPN DNS servers resolve it quicker than your Internet
resolver, we'll get the 10.* address - otherwise the Internet address.
That will cause confusion in some situations
Still - it's better than I hoped for :-)
PS: yes, Win8 has a "DNS Client" servic
nt IPs for that trick to work
of course
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
--
Down
settled on
DNS. On top of that, I just struggled through getting my new Chromecast
to even work on 3 different wifi networks - broadcast based issues
again... (btw: multicast == broadcast in this email ;-)
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone
s\openvpn\log\trimble-openvpn-stderr.log" > NUL 2>&1
"c:\program files\openvpn\bin\nssm.exe" set trimble-openvpn
AppRotateFiles 1 > NUL 2>&1
"c:\program files\openvpn\bin\nssm.exe" set trimble-openvpn
DependOnService Dhcp tap0901 >
onto the instances. I use the
incredibly useful "--up", "--client-connect", etc scripting options to
enable us to have ONE subnet shared over all those instances (plus some
client config standards to ensure it all works)
Openvpn is awesome :-)
--
Cheers
Jason Haar
Corporate
On 29/01/15 09:15, Stefan Monnier wrote:
> Reviewing code is too time consuming. Instead, I just download such
> crap through a VPN, this way I know I'm secure
make sure it uses AES!!! Really important
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation
4.232.40.71
54.241.32.103
54.243.31.231
54.244.52.199
54.245.168.39
54.248.220.39
54.250.253.231
54.251.31.135
54.252.254.199
54.252.79.167
54.255.254.231
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6
lp reduce any client impact too of course
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
--
Do any of them affect openvpn if it's set to use tls-auth (as recommended)?
ie is openvpn immune from these if the bad guys don't have copies of
your tls-auth file
Thanks
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 48
r internal or external (obviously the external
will all be encrypted openvpn traffic - so it's not very interesting)
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B
p with a new source port or source IP address
Doesn't "--ping" take care of that? Keepalive packets should mean the
TCP/UDP NAT session sees enough traffic to stop any NAT firewall from
timing it out (assuming ping is <30sec). That in turn should stop the
firewall needing to change p
On 19/04/15 12:05, Jeff Mitchell wrote:
>
> Unless the NAT implementation is broken. Read up a bit in the thread :-)
>
Ohh! :-)
(but there are no broken NAT implementations! Say it ain't so!)
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
IP address on the outside -
> nicely handled with --peer-id
Yum! Sounds good. Google's QUIC HTTP "optimizer" would have to do
something similar
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E
:07:05 jhaar-nz-ll openvpn[21899]: /sbin/ip addr del dev vpn1
10.99.99.99.22/24
*** server syslogs ***
WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1546',
remote='link-mtu 1542'
WARNING: 'mtu-dynamic' is present in local config but missing in r
namic'
We don't see that with any other client - just the Chromebook.
Has anyone got the current Chromebook working with openvpn? I'd love to
know what you did ;-)
Thanks!
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8
either has no mention of fragment, or fragment is larger than the
server, shouldn't it either error - or set itself to the same value?
(and it isn't listed as "pushable" either). This seems such an obvious
case for something else to happen?
On 22/05/15 16:05, Jason Haar
hrough environment variables to the server, would that be a good
idea as an option? Obviously there are privacy issues - but when one
organization controls both the client and server - that's a bit academic
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd
it on the server end. Sounds like my "option 3" is the only way:
allow the user to connect, get server to query client to find out local
routing table and then reconfigure the client to match conditions where
appropriate
--
Cheers
Jason Haar
Corporate Information Security Manager, Tri
ybe just generate an alert to begin with.
Should probably learn how to walk before going crazy on people's routing
tables ;-)
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063
quot; - so what should I look for
to know for sure I have an openvpn server with this function? (which I
assume is actually peer-id)
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E
nt does allow you to hardwire it to the correct value, but we're
trying to make the application work like it does on the LAN - ie
auto-configure)
Obviously I'm running this in routing mode - not bridging (because then
it would be working! ;-)
Thanks!
--
Cheers
Jason Haar
Corporate Informa
ll have to update all of your clients to use such
> a patch.
Any reason it wasn't included in the formal source? ie what's the
downside? Then we could add NTP, WPAD, etc
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fi
That would make for a small patch ;-)
PS: I ignored my favorite "sounds useful, but is poorly supported"
Timezone (101) option because your computer's timezone should always
come from your physical location - not the remote end of a VPN tunnel. I
think a lot of DHCP option
That would reduce the damage such events cause (note I don't
include ports in my suggestion because an openvpn server may have
multiple ports available to all clients - so they're not unique)
Thanks
PS: actually, I've seen this with the Chrome client too. Totally bugs on
the cli
)
...but you are correct, I'm already looking into changing the scripts to
try to pick up earlier that there's a problem with the new session, and
ditch
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9
hat working?
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F
that's just as likely to be open and you are less likely to hit a
transparent proxy
Also, you had tcp/80 first and then udp/1194 - which I think is the
opposite order to what you wanted? ie openvpn works from the top of the
config downwards
--
Cheers
Jason Haar
Corporate Information Securi
, if there's no UDP error checking built into openvpn, then shouldn't
DNS lookups (ie udp inside a udp openvpn tunnel) fail a lot? Or is the
Internet generally so reliable that it doesn't matter? (eg 1% packet
loss on Internet leads to 1% packet loss inside openvpn tunnel?)
--
Cheers
J
ed
itself to be the .1 address - as that is internally consistent?
Thanks
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
is the TAP driver hard-wired to pretend
X.Y.Z.254 is the DHCP server IP? Why can't it pretend to be the IP
address of the openvpn server? That would make more sense and be
internally correct?
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1
use .1 on the server, so would "ip-win32 dynamic 1" make the client
think the DHCP server was on 192.168.0.1? That would be perfect
#This defines the "dhcp" range
mode server
tls-server
push "topology subnet"
ifconfig 192.168.0.1 255.255.255.0
ifconfig-pool 192.168.0
cause that wouldn't work in a web browser - so I want
to check this is supposed to be how openvpn works (I guess we could call
it a kind of "pinning")
Thanks!
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navig
e - excellent - I can work with this :-)
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprin
mething
> in an --up script. But I'm not aware of any ready-made implementation.
>
> gert
>
>
>
> --
>
>
> ___
> Openvpn-users mailing list
> Openvpn-users@lists.sourceforge.net
> https://list
orrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
> ___
> Openvpn-users mailing list
> Openvpn-users@lists.sourceforge.net
>
anything finer-grained. Or they would make a domain group
called "Openvpn Users" and use it to control who gets openvpn - and
therefore also has the ability to run it
Jason
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint
envpn actually work for
some of our users when travelling to certain countries...
Yes this is a obfuscation trick, but one that uses 99% of existing code :-)
and yes I know this could be hacked together using stunnel/socat/etc. But
notice the phrase "hacked together"
--
Cheers
Jason H
.de
> fax: +49-89-35655025
> g...@net.informatik.tu-muenchen.de
>
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
is (Android
6.0). Surely it's using the same APIs?
I just get a nice "key" in the notification area
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerpr
mes up, openvpn is started, openvpn logs
get to report "Initialization Sequence Completed", system crashes.
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint:
rting NetworkManager certainly fixes the problem - but restarting the
entire network stack just to fix DNS is not a solution...
Anyone else figured that out? This is Ubuntu 16.04. Thanks!
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
P
her than by
restarting NetworkManager. I used to be on Fedora and I would swear I used
to just kill dnsmasq and NetworkManager auto-restarted it - but that isn't
the case with Ubuntu
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint
q*" service at all - it's just
something that NetworkManager calls somehow - but doesn't bother to keep
tabs on.
I think I might just go back to Fedora, I have not been enjoying the
experience ;-)
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1
public has this characteristic and then openvpn will be toast?
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
--
Openvpn-users mailing list
> Openvpn-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
>
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint
bandwidth. Provides multi-vendor support for NetFlow,
> J-Flow, sFlow and other flows. Make informed decisions using capacity
> planning reports. http://sdm.link/zohodev2dev
> ___
> Openvpn-users mailing
because of my desire for the peer-id data, but I'd rather be vanilla
to be honest :-)
Thanks again!
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C06
ded any more,
but it still working on everything up to Win10 - so we'll keep doing it to
keep our silent/scripted installs working without a murmur :-)
certutil -addstore "TrustedPublisher" openvpn-tap-driver.p7b > NUL 2>&1
--
Cheers
Jason Haar
Information Security Manag
houldn't have any issues with Vista+?
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 84
ture, so that
the new clients can use the new servers while the old clients migrate.
Thanks
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
--
That would be great - certainly worth waiting
for :-)
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
be happy, and then
when I migrate the server to 2.4, they all auto-update to AES
Is that correct? That would be perfect as then no dual infrastructure would
be required
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigat
:-}, and was looking for a
new version to go to when 2.4 officially comes out
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6
On Fri, Nov 25, 2016 at 11:48 AM, Mathias Jeschke
wrote:
> Why not run the openvpn binary that comes with Tunnelblick?
>
Wow - I have no idea how I missed that! Thanks for spelling out the
bleeding obvious to me - I must be getting old! :-)
--
Cheers
Jason Haar
Information Se
and look "legit"
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
--
Check out the vibrant te
bsite
Hmm, on second thoughts, this would be easier/cleaner to do in Apache via
mod_proxy...
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
t received from %s (si=%d op=%s)"
All I know is that if I saw that "unroutable" message, I would be 100%
thinking about network and firewall problems - I would never have thought
this was anything else
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd
f the kill takes too long?
Or does "client-disconnect" block all clients until it completes - that
would explain everything? (because clients have "ping-restart 20")
Thanks
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 48
e of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______
> Openvpn-users mailing list
> Openvpn-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
>
t the new one
5. rotation is now complete
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
--
Check out t
n the new IP but fail on
the old. Then after we see no more old-key connections, change the old IP
server config to match the new.
(I don't want to use more ports because we already use the good ones ;-)
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1
config to a Win10 system where it
works fine - so this is definitely a working config - just not for Win2012.
Both ends are fully patched and the Windows installer was grabbed yesterday
from openvpn.net
Any ideas appreciated
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
and replace it with a Win10 system. Will
probably be OK for what I want.
On Tue, Jun 26, 2018 at 9:11 PM Jan Just Keijser wrote:
> Hi Jason,
>
> On 26/06/18 04:49, Jason Haar wrote:
>
> Hey there
>
> I'm trying to get a Win2012 openvpn client to talk to a Redhat7 openvpn
&
I've thrown the win2K12 away - moved the existing config directory to Win10
and it "just worked". No idea what was really behind this issue - no worse
off with Win10 - so forwards I go ;-)
On Wed, Jun 27, 2018 at 8:39 AM Selva Nair wrote:
> Hi,
>
> On Tue, Jun 26, 201
raffic too...)
- --
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
On 2021-11-07 at 13:55, g...@greenie.muc.de wrote:
> Hi Community,
>
> OpenVPN supports HTTP proxies that require
99 matches
Mail list logo
