Hi Roland,
Am 27.04.14 22:07, schrieb Roland RoLaNd:
> Problem: road warriors cannot reach anything but the server which
> has openvpn on.
> note: this instance does not act as a gateway for other instances.
> it's just another instance among many on the same subnet.
Thats is the problem - the O
Hi Jeff,
Am 19.05.14 21:58, schrieb Jeff Boyce:
> This makes it appear as if there is a blocking
> firewall between my Windows client and the OpenWRT box. Is it possible that
> my DSL provider is blocking this communication? What am I missing, what
> additional diagnosis is needed, and what opt
Hi Mike,
If I understand you correctly you are trying to establish a VPN
connection to your local network using your local network as the
transport network.
This cannot work, because you create an IP address conflict as per your
observations.
You have two options:
(1) Try to use a different iso
Hi Mike,
As mentioned, for option (1) forget about the "bridge", thus use
"server 172.16.0.0 255.255.255.0" in the config instead of
"server-bridge ..." and don't call the bridge start script.
Mathias.
Am 27.05.14 02:29, schrieb Mike Josh:
> > If I understand you correctly you are trying to e
Hi Jeremy,
After you add the --duplicate-cn option no entries are written to the
persist file anymore.
From my pov the only way for your use case is to configure
--client-cert-not-required
and --username-as-common-name which results in persist entries of the
form "username,ip".
Furth
Hi,
I recommend to not stick to the facility limitation of the last
century's syslogd
and rather filter by program name.
You could add something like this to your rsyslog.conf:
:programname,isequal,"openvpn" @192.168.0.1
or, if you have multiple instances of openvpn and set a different
Hi Dave,
Am 01.08.14 16:06, schrieb davidg12...@fast-email.com:
> My question is what specific routes do I need to put on what boxes?
> Do I need to just put some sort of a static route on the desktop?
> Something also on the Location2 router? Or something in the Openvpn config?
The configuratio
Hi Dave,
Am 01.08.14 17:37, schrieb davidg12...@fast-email.com:
>> If you *really* want to send everthing else except your "service
>> traffic" over the internet that would require more configuration on both
>> routers.
>
> On BOTH? Ok, I really didn't figure that. I really don't get this stuff
Hi Dave,
On 01.08.14 23:29 CEST, davidg12...@fast-email.com wrote:
>> Keep thinking of the OpenVPN setup as just 2 routers with a fixed Ethernet
>> cable in between.
>> That in reality the "ethernet cable" is a VPN tunnel does not change the
>> routing setup.
>
> I guess that might be some of m
Hi Dave,
On 08/04/2014 05:23 AM, davidg12...@fast-email.com wrote:
> For this case
>
> Internet
> |
> |
> | ext: A.B.C.D
> Router/Firewall + OpenVPN Server
> | tun: 10.99.99.1
> | int: 10.0.0.1
> |
> |
>
Hi Dave,
On 08/04/2014 02:49 PM, davidg12...@fast-email.com wrote:
>>> Internet
>>> |
>>> |
>>> | ext: A.B.C.D
>>> Router/Firewall + OpenVPN Server
>>> | tun: 10.99.99.1
>>> | int: 10.0.0.1
>>> |
>>> |
>>> | ext: X.Y.
On 08/04/2014 10:36 PM, Gert Doering wrote:
> Pay me for about 6-8 weeks, and I think I can do it... but in my copious
> spare time, I won't even start this, as it's too complex a task.
You should think about starting a crowdfunding campaign ;)
Mathias.
Hi Lorenz,
Am 10.08.14 11:33, schrieb Lorenz Wenner:
> Hello folks,
>
> its my first posting. i am encountering a problem: it seems that in
> every private ipv4-network i can have only one openvpn client at a time
> connected the my openvpn server. all clients are configured in the same
> way. co
Hi Lorenz,
Am 16.08.14 08:32, schrieb Lorenz Wenner:
> thank you, i researched on this issue, found this:
>
> http://thomas.gouverneur.name/2014/02/openvpn-listen-on-tcp-and-udp-with-tun/
>
> tried it and it works, maybe also helpful for others.
>
> have fun
> lrnzo
I'm still wondering what your
Hi Bruno,
On 2014-08-25 19:15, Bruno Andrade wrote:
> The openvpn vlan is 10.8.0.0/24. When I try to ping 10.1.11.0/24 from
> vpn client, I can see the openvpn traffic arriving in eth0 (the openvpn
> server nic) with tcpdump, but I can't see the traffic in tun0.
You need to specify a "route" eit
Hi,
On 03/09/14 00:28, Jason Haar wrote:
[...]
> TCP - being below openvpn - doesn't suffer
> from this issue of course, the server always sees the TCP FIN/RSET
> packet and "knows" the client is no more.
AFAIK, this works only if TCP keepalive enabled, which depends on the OS
or keepalive on
Hi,
Am 04.09.14 um 15:53 schrieb Giles Coochey:
>> nope: the VPN needs to be able to add or remove routes to the OS and
>> >for that you need NetworkAdministrator privileges at a minimum.
>> >You might be able to get away with running it using a user that has
>> >those privs, but I doubt that it w
Hi Nick,
Your setup is somehow strange. In order to answer your question
I also have some questions:
(1) Are you using the community version of OpenVPN?
If not, maybe you want to consult the vendor's professional
support.
(2) How are you generating the configs and DMG files?
What
Hi Jeff,
Jeff Boyce wrote:
> When the VPN is established, from the client I can ping both the 10.4.0.1
> and the 192.168.123.2 addresses of the server. When I try to ping the Vista
> box behind the server from the client I get the following:
>
> C:\Users\jeffb>ping 192.168.123.111
> Pinging 192.
Hi Jeff,
See response inline:
Jeff Boyce wrote:
>> I guess you need at least something like this:
>>
>> $ cat /etc/config/network
>> ...
>> config interface 'vpn'
>> option ifname 'tun0'
>> option defaultroute '0'
>> option peerdns '0'
>> option proto 'none'
>>
>
> I had everything here in my ne
Hi Jeff,
On 11/10/2014 10:20 PM, Jeff Boyce wrote:
> However, I turned off the firewall on the OpernWRT router (confirmed with $
> iptables -L -n) then ran the ping test again. The result is the same (Reply
> from 10.4.0.1: Destination host unreachable). That to me indicates that my
> issue is
Hi Jeff,
On 11/12/2014 06:53 PM, Jeff Boyce wrote:
> Routing info as requested, listed below.
[...]
> Routing table of Vista Box behind OpenVPN Server
[...]
> ===
>
> Persistent Routes:
>
>Network Address Net
Hi Mike,
On 11/13/2014 09:52 AM, Mike Morris wrote:
> Before installing ovpn community edition as a server, I want to
> understand what side effects there are. For instance, running ovpn as a
> client, by default, means all outbound triaffic is routed through the
> vpn tunnel... even sshd respons
Hi,
Sounds like a permission issue to me, due to:
> user user
> group user
in your client.conf
Have you checked that "user" can access the pcscd socket?
What happens if you run the openvpn client with root permission? (remove
the user/group options from the client conf)
Cheers,
Mathias.
-
ing pkcs11-tool and sc-hsm-tool, etc) so it
> doesn't seem a problem related to a specific user's access to pcsc..
>
>
> Thanks and cheers,
> EG
>
>
>
>
>
> Il Martedì 16 Dicembre 2014 12:05, Mathias Jeschke
> ha scritto:
>
> Hi,
>
> Sounds lik
Hi Mario,
On 2014-12-23, 15:51 Ml Ml wrote:
> Hello List,
>
> this might be a little Off-Topic, but i am looking for a Mobile
> HotSpot device which runs - or can run - openvpn. (in any way such as
> OpenWRT or such).
>
> All the battery driven supported OpenWRT devices kinda suck because:
> - no
Hi Shawn,
On Thu, 26 Feb 2015 Shawn Heisey wrote:
> I'm looking for encryption that's completely transparent to programs,
> will
> work properly across multiple servers with IP multicast, and has
> relatively low computational overhead during most of its operation.
This sounds like a VPN ;)
Hi all,
On 2015-05-19 on 23:36 Jan Just Keijser wrote:
> yeah, it would simply be a matter of
>
> host1# openvpn --dev tun --secret static.key --ifconfig 10.200.0.1
> 10.200.0.2
>
> host2# openvpn --dev tun --secret static.key --ifconfig 10.200.0.2
> 10.200.0.1 --remote host1
>
> After
Hi Cem,
On 2015-06-01 at 07:34 Eliguzel, Cem wrote:
> I’ve downloaded debian package for OpenVPN 2.3.6 from
> http://swupdate.openvpn.net/apt/pool/wheezy/main/o/openvpn/openvpn_2.3.6-debian0_amd64.deb,
> which is OK.
>
> I need to build this package myself. Does anybody know where I can find
> th
Hi Jason,
On 2015-06-02 at 22:05 Jason Haar wrote:
> In this case using the openvpn tunnel as the default gw should have
> solved the problem - but normal people can't figure that out - so I'd
> like to solve it dynamically at the server end. However, to do that, the
> server would need to know i
Hi all,
On 2015-06-02 at 22:40 Mathias Jeschke wrote:
> AFAIK, this is not possible, but you have options from my pov:
>
> (1) Deploy 2 OpenVPN configurations to your users - one for split
> tunnel and one without (redirect-gw).
Forget this option - the redirect-gateway does
Hi Gert,
On 2015-06-03 at 09:27 Gert Doering wrote:
>> You will probably also need to run a script (-route-up cmd) in order to
>> add a host route for the local hotel gateway which is very likely in the
>> 10/8 network.
>
> "redirect-private" :-)
This is definitly a nice option - looks like I sh
Hi,
On 2015-06-03 at 10:15 Gert Doering wrote:
> I have *no* idea in which version this option was added - I just discovered
> it two weeks ago trying to understand a bug report related to this ;-)
Looks like it was added in 2.1 - and to the 2.2 manpage.
Mathias.
--
Hi Martin,
I've been using a local dnsmasq instance on my VPN client which has
some advantages:
(1) you can configure specific forwarders for particular domains
(e.g. for local domains that are reachable only via a tunnel
or resolving the VPN endpoint name always via your ISP's server)
(
Hi Jeff,
If there is only one server behind the VPN server you want to reach, the
easiest is to add the route directly on that server and not touch the
gateway at all.
If it's a linux machine just run:
$ ip route add 10.9.8.0/24 via 192.168.112.50
(for windows the syntax is a little different,
Hi Axel,
On 12/07/2015 09:49 AM, Axel Glienke wrote:
> Sorry, i dont understood:
> why the 2 ips (gmx.de; spiegel.de) a different routing? both are
> public ips with same scheme? why there a differnt handle by my routing
> table?
Because, that's what you have specified in your routing table:
>
Hi,
On 2015-12-08 at 12:55 Vnpenguin wrote:
> # traceroute -n 192.168.254.8
> traceroute to 192.168.254.8 (192.168.254.8), 30 hops max, 60 byte packets
> 1 192.168.1.31 0.194 ms 0.177 ms 0.166 ms
> 2 10.100.4.1 40.558 ms 40.601 ms 40.593 ms
> 3 * * *
> 4 * * *
> 5 * * *
> 6
Hi Jeff,
Jeff Boyce wrote:
> Thanks for the pointers. I am doing some research now reading through
> the iptables man page and reading other examples.
I recommend this howto:
http://www.netfilter.org/documentation/HOWTO//packet-filtering-HOWTO.html
It was written for Linux 2.4, but all the ip
Hi Jason,
Jason Haar wrote:
> Nah - there is no NetworkManager-dnsmasq service in Ubuntu-16.04 (and
> yes it is systemd based). There is no "*dnsmasq*" service at all - it's
> just something that NetworkManager calls somehow - but doesn't bother to
> keep tabs on.
>
> I think I might just go bac
Hi James,
You wrote:
> 1. I am using Windows 7 machines for server and client, can I use "dev tap"?
Yes.
> 2. in the sample.ovpn file, there is a line like this: ifconfig 10.3.0.1
> 255.255.255.0. I should change the ipaddress,10.3.0.1,to my actual
> address, 192.168.0.5?
No - that is a dedica
Hi Jonathan,
Jonathan Leroy wrote:
> Here's my server config file :
> https://gist.githubusercontent.com/jleroy/8eec6bc8d21275490add4d8fc0fdb178/raw/cdd70a322e434ce7959d7e700351ee5bbf45c442/server-subnets.conf
>
> For 213.32.57.144/28 (VPN clients subnet), it works.
> For 151.80.62.64/27, I get n
Hi Jonathan,
Jonathan Leroy wrote:
>> This looks more like a missing "route back issue" on subnet 151.80.62.64/27.
>> The routing table of dev.anytime.tools would be of interest, too.
>
> default via 151.80.62.94 dev eth0
> 151.80.62.64/27 dev eth0 proto kernel scope link src 151.80.62.70
Y
Hi Jason,
Jason Haar wrote:
> (we run openvpn as a "always on" process with no user interface, so
> TunnelBlick is out too)
Why not run the openvpn binary that comes with Tunnelblick?
$ sudo kextload
/Applications/Tunnelblick.app/Contents/Resources/tun-signed.kext
$ sudo
/Applications/Tunnelb
Hi Sreyan,
Sreyan Chakravarty wrote:
> My VPN and PBX are on the same box, so that which is the public IP of
> the VPN is also the public IP of the PBX.
>
> So once my VPN tunnel is setup, I use the same IP in my softphone to
> connect to my PBX, but obviously on a different port.
>
> So I am alr
Hi Greetz Pippin,
Pippin1st wrote:
> So, my first question is, how close am I?
At least the order of encryption/decryption and
compression/decompression makes no sense.
Compression should be always done before encryption!
Regarding ICMP: Yes, PMTUD relies on ICMP, thus blocking ICMP is
general
Hi Philipp,
Philipp Helo Rehs wrote:
Do you have any further idea?
I have downgraded to 2.3.14 and it works again.
Why have you added this to the config?
keysize 128
Try to comment out and run again.
Cheers,
Mathias
--
Hi Ralf,
Doug Lytle wrote:
Are there tuning tips regarding this particular setup (or openvpnm on
virtualized hardware), of is virtualbox merely a poor choice :)
I'd say that VB is a poor choice.
If you have any control over your server environment, I'd suggest a type 1
hypervisor. ESXi 6.x F
Looks like your tun kernel module is not loaded.
Check with:
$ lsmod | grep tun
If it's not loaded, try to load it:
$ modprobe tun
Normally the kernel module should be loaded automatically, so I suspect
that the module is not present.
Is it possible you have upgraded your kernel recently a
Hi Stella,
What is wrong with the Debian package from the official repo?
https://packages.debian.org/bullseye/openvpn
Do you really need 2.5.4 instead of 2.5.1?
Just my 2 cents,
Mathias
Marc-Christian Petersen wrote:
I think the packages are not there, neither for Bullseye nor Buster. Packag
Hi Stella,
Stella Ashburne wrote:
For as long as I can remember, the person who built and released the community
versions of OpenVPN also released them for Debian. That person preceded our
friend, Samuli. I just went with whatever was offered by that person and then
Samuli.
Based on this D
Hi Stella,
Stella Ashburne wrote:
I am just curious: are you an OpenVPN developer on Microsoft Windows OS? Linux
distro?
As this mailing list indicates I'm just an openvpn *user* and I'm not
seeking for the "latest and greatest" openvpn release. I'm fine with a
stable release, which provid
Hi Peter,
Peter Davis wrote:
Hi,
The server log showed me:
2023-10-23 15:46:59 Authenticate/Decrypt packet error: packet HMAC
authentication failed
2023-10-23 15:46:59 TLS Error: incoming packet authentication failed from
[AF_INET]192.168.1.3:51999
2023-10-23 15:47:02 Authenticate/Decrypt pac
Bo Berglund wrote:
I tried the service restart and it worked inasfar as the logs now look like this
example:
Mon Feb 5 09:42:42 2024 us=734354 succeeded -> ifconfig_pool_set()
Now I just need to get it to display as -mm-dd hh:mm:ss so it would be
useful for me.
I really wonder why it uses
Bo Berglund wrote:
I mean the logs being produced from these server.conf lines:
status /etc(openvpn/log/openvpn-status.log
log /etc(openvpn/log/openvpn.log
verb 4
Why do you insist on using legacy file based logs? Systemd's journal has
much better options to filter/display log messages.
And
54 matches
Mail list logo
