[Openvpn-users] (no subject)

Hi, I downloaded openvpn-2.3.7.zip and unzipped it to my /home directory. On my Debian 7 operating system, I did the following: sudo apt-get install libssl-dev liblzo2-dev libpam0g-dev checkinstall build-essential -y cd openvpn-2.3.7 ./configure make sudo checkinstall I encountered some

[Openvpn-users] Need help installing openvpn-2.3.7 from source on Debian 7

This is a re-send as my earlier post did not specify a subject in the subject line. I do not know if posts with empty subject lines are automatically rejected by the mailing list system. + Hi, I downloaded openvpn-2.3.7.zip and unzipp

[Openvpn-users] Need help installing openvpn-2.3.7 from source on Debian 7

>Sent: Friday, June 12, 2015 at 1:44 PM >From: "David Sommerseth" >To: "Sebastian Rubenstein" , >openvpn-users@lists.sourceforge.net >Subject: Re: [Openvpn-users] (no subject) > >This is your issue. Not related to the build at all. Do you have permission

[Openvpn-users] Fw: Need help installing openvpn-2.3.7 from source on Debian 7

--- Sent: Friday, June 12, 2015 at 8:08 PM From: "Sebastian Rubenstein" To: openvpn-users@lists.sourceforge.net Subject: [Openvpn-users] Need help installing openvpn-2.3.7 from source on Debian 7 >Sent: Friday, June 12, 2015 at 1:44 PM >From: "David Sommerseth"

[Openvpn-users] Clairification need: Why do users have to create this directory manually?

When I was compiling, making and checkinstalling OpenVPN using openvpn-2.3.7.zip, I encountered an error. A friend pointed out to me that I need to first manually create /usr/local/lib/openvpn on my Debian 7 operating system. Why did the developer(s) not write code that would create /usr/local

[Openvpn-users] Is my manually compiled OpenVPN using the correct version of OpenSSL?

Hi, I compiled and installed OpenVPN 2.3.7 on Debian 7 using openvpn-2.3.7.zip downloaded from OpenVPN's official site. In a terminal, I launched openvpn using a config file and below is a portion of the log: username@hostname:~$ sudo openvpn example.conf Fri Jun 12 OpenVPN 2.3.7 x86_64-unknow

Re: [Openvpn-users] Clairification need: Why do users have to create this directory manually?

Sent: Saturday, June 13, 2015 at 1:56 AM From: "David Sommerseth" To: "Sebastian Rubenstein" Subject: Re: [Openvpn-users] Clairification need: Why do users have to create this directory manually? >- From your log I see this was attempted: > >/bin/mkdir -p &#

Re: [Openvpn-users] Need help installing openvpn-2.3.7 from source on Debian 7

>Sent: Saturday, June 13, 2015 at 1:52 AM >From: "Gert Doering" >To: "Sebastian Rubenstein" >Cc: openvpn-users@lists.sourceforge.net >Subject: Re: [Openvpn-users] Need help installing openvpn-2.3.7 from source on >Debian 7 >Hi, > >What does "

Re: [Openvpn-users] Clairification need: Why do users have to create this directory manually?

>Sent: Monday, June 15, 2015 at 9:09 PM >From: "Robo Burned" >To: "Sebastian Rubenstein" >Cc: openvpn-users@lists.sourceforge.net >Subject: Re[2]: [Openvpn-users] Clairification need: Why do users have to >create this directory manually? > >There is a

[Openvpn-users] Clarification requested: Do the latest versions of OpenVPN for Windows need the latest OpenSSL bug fixes?

Hi, Do the following versions of OpenVPN for Microsoft Windows already include the bug fixes provided by OpenSSL 1.0.1o or OpenSSL 1.0.2c ? openvpn-install-2.3.7-I001-i686.exe openvpn-install-2.3.7-I001-x86_64.exe openvpn-install-2.3.7-I601-i686.exe openvpn-install-2.3.7-I601-x86_64.exe Or, the

Re: [Openvpn-users] OpenVPN 2.3.9 released

Thanks Samuli for doing a great job.   However, may I know why the latest community version 2.3.9 for Microsoft Windows OS does not include the four security fixes mentioned in https://openssl.org/news/secadv/20151203.txt ?   Regards.   Sebastien R.   Sent: Wednesday, December 16, 2015 a

Re: [Openvpn-users] Debian Jessie repository ?

>Sent: Thursday, December 17, 2015 at 5:38 AM >From: "Samuli Seppänen" >To: "Florent B" , openvpn-users@lists.sourceforge.net >Subject: Re: [Openvpn-users] Debian Jessie repository ? > >I'm the one who builds the official Debian/Ubuntu packages for OpenVPN. Thanks for your effort, Samuli, and als

Re: [Openvpn-users] OpenVPN 2.3.9 released

>Sent: Wednesday, December 16, 2015 at 9:40 PM >From: "Samuli Seppänen" >To: "openvpn users list (openvpn-users@lists.sourceforge.net)" >, "openvpn-de...@lists.sourceforge.net" >, openvpn-annou...@lists.sourceforge.net >Subject: [Openvpn-users] OpenVPN 2.3.9 released > >The biggest change is the

Re: [Openvpn-users] OpenVPN 2.3.9 released

> Sent: Friday, December 18, 2015 at 6:07 PM > From: "Jan Just Keijser" > To: "Sebastian Rubenstein" > Cc: "Samuli Seppänen" , "openvpn users list > (openvpn-users@lists.sourceforge.net)" > Subject: Re: [Openvpn-users] OpenVPN 2.3.9 rel

Re: [Openvpn-users] Debian Jessie repository ?

> Sent: Friday, December 18, 2015 at 8:21 PM > From: debbie...@gmail.com > To: "Sebastian Rubenstein" > Cc: openvpn-users@lists.sourceforge.net > Subject: Re: [Openvpn-users] Debian Jessie repository ? > > Compiling the source for Linux (Debian/Ubuntu) is fairly sim

Re: [Openvpn-users] OpenVPN 2.3.9 released

> Sent: Friday, December 18, 2015 at 8:54 PM > From: "Gert Doering" > To: "Sebastian Rubenstein" > Cc: "Jan Just Keijser" , "openvpn users list > (openvpn-users@lists.sourceforge.net)" > Subject: Re: [Openvpn-users] OpenVPN 2.3.9 rele

Re: [Openvpn-users] Debian Jessie repository ?

> Sent: Friday, December 18, 2015 at 9:22 PM > From: "Samuli Seppänen" > To: "Sebastian Rubenstein" > Cc: "Florent B" , openvpn-users@lists.sourceforge.net > Subject: Re: [Openvpn-users] Debian Jessie repository ? > > The packaging/build

[Openvpn-users] How exactly does setting the option "block-outside-dns" help for Linux and BSD users?

Suppose I use Linux or BSD as my primary OS and if I add the following line to my config file: setenv opt block-outside-dns How exactly will doing the above help me to prevent DNS leaks? (Based on my rudimentary knowledge of Linux and BSD systems, DNS leaks only occur on Microsoft Windows OSes

[Openvpn-users] Personal builds and official builds by Samuli - Any differences?

Hi Samuli If I were to install OpenVPN from source on a Debian/Ubuntu OS using the following method: # tar -xzvf openvpn-xxx.tar.gz # cd openvpn-xxx #./configure #make #make install How different--in terms of functionality and security--is the installed OpenVPN using the above method from the

[Openvpn-users] Offline installation of OpenVPN client for Debian and Ubuntu users

Hi Samuli Could you tell me where I can download the latest OpenVPN .deb file for offline installation? Thanks. Sebastian R. -- ___ Openvpn-users mailing list Openvpn-users@l

[Openvpn-users] Request to Samuli: Please upload *.asc files

Hi Samuli, Firstly, a belated Happy New Year to you. Secondly, thanks for rushing out version 2.3.10 for the benefit of users. Thirdly, I would appreciate it if you could upload the corresponding *.asc files of the following *.deb files in http://swupdate.openvpn.net/apt/pool/jessie/main/o/ope

Re: [Openvpn-users] Request to Samuli: Please upload *.asc files

Hi Samuli > Actually apt/dpkg handles signature validation automatically. I believe this > is how it works: > > > Yes, the procedure that you described in your reply assumes that my machine is connected to the in

[Openvpn-users] Experts' opinions needed: Lack of AES-256-CBC support

Hi, The contents of the following config file is provided by my VPN provider. I have redacted it to remove confidential information: client dev tun proto tcp remote 1.2.3.4 443 cipher BF-CBC tun-ipv6 redirect-gateway ipv6 resolv-retry infinite nobind persist-key persist-tun comp-lzo verb 3 remot

[Openvpn-users] Experts' opinions needed: Is my VPN provider using weak or strong encryption algorithms?

Hi, I hope that some experts here will be able to tell me if my VPN provider uses weak encryption standards with regards to encryption/decryption of control channel authentication and data channel? Thanks. Below is a sample of a redacted config file: remote-random remote somevpn.com 443 proto

[Openvpn-users] Request: Copy or Move openvpn_2.3.14-jessie0_amd64.deb and update hashsums in Packages file

Hi Samuli When you have time to spare, could you copy/move openvpn_2.3.14-jessie0_amd64.deb to http://swupdate.openvpn.net/apt/pool/jessie/main/o/openvpn/ please? Moreover, please update the Packages file in http://swupdate.openvpn.net/apt/dists/jessie/main/binary-amd64/Packages with the hash

Re: [Openvpn-users] Experts' opinions needed: Is my VPN provider using weak or strong encryption algorithms?

Hi Jan, Thanks for your tip. > You can check the cipher strength of the CA certificate by > writing the CA blob > > > -BEGIN CERTIFICATE- > > Large chunks of alphanumeric text > > -END CERTIFICATE- > > > to a file and then run >openssl x509 -text -noout -in cert.pem | g

Re: [Openvpn-users] Experts' opinions needed: Is my VPN provider using weak or strong encryption algorithms?

Hi Steffan Thanks for taking the time to explain to me the salient features of a good encryption/decryption VPN. > > tls-client > > This means you're using TLS for forward secrecy, and are refreshing you > data channel keys (at least) hourly. That's good. Is "forward secrecy" the same as "Per

[Openvpn-users] Keywords to look for that may indicate a VPN provider is providing strong encryption/decryption?

Hi, There are many criteria to judge if a VPN provider is good, reliable, trustworthy, etc.. and in this thread I am focusing on just the technical criteria. And thanks to Steffan for helping me to understand better what they are to be considered. In addition to the ones listed below, what oth

Re: [Openvpn-users] Fwd: Re: Experts' opinions needed: Is my VPN provider using weak or strong encryption algorithms?

Hello > Sent: Friday, December 16, 2016 at 6:14 AM > From: "Steffan Karger" > To: "Dreetjeh D" > Cc: "openvpn-users@lists.sourceforge.net" > > Subject: Re: [Openvpn-users] Fwd: Re: Experts' opinions needed: Is my VPN > provider using weak or strong encryption algorithms? > > > The reason why

Re: [Openvpn-users] Experts' opinions needed: Is my VPN provider using weak or strong encryption algorithms?

Thanks Steffan for your explanation but > Sent: Friday, December 16, 2016 at 6:05 AM > From: "Steffan Karger" > To: "openvpn-users@lists.sourceforge.net" > > Subject: Re: [Openvpn-users] Experts' opinions needed: Is my VPN provider > using weak or strong encryption algorithms? > > > AES-G

Re: [Openvpn-users] Experts' opinions needed: Is my VPN provider using weak or strong encryption algorithms?

Hello David, Thanks for the time that you spent on explaining basic concepts to me. > Sent: Friday, December 16, 2016 at 2:11 AM > From: "David Sommerseth" > To: "Sebastian Rubenstein" , > openvpn-users@lists.sourceforge.net > Subject: Re: [Openvpn-users]

Re: [Openvpn-users] Does windows (10) client need admin rights?

Hi Selva   > Sent: Friday, December 16, 2016 at 3:10 PM > From: "Selva Nair" > To: "Kevin Long" > Cc: "openvpn users list (openvpn-users@lists.sourceforge.net)" > > Subject: Re: [Openvpn-users] Does windows (10) client need admin rights? > >  > In version 2.4, the GUI and openvpn will run witho

Re: [Openvpn-users] Experts' opinions needed: Is my VPN provider using weak or strong encryption algorithms?

> Sent: Friday, December 16, 2016 at 2:31 PM > From: "Jan Just Keijser" > To: "Sebastian Rubenstein" , > openvpn-users@lists.sourceforge.net > Subject: Re: [Openvpn-users] Experts' opinions needed: Is my VPN provider > using weak or strong encrypt

Re: [Openvpn-users] Does windows (10) client need admin rights?

Hello Jan > Sent: Friday, December 16, 2016 at 2:26 PM > From: "Jan Just Keijser" > To: "Kevin Long" , > openvpn-users@lists.sourceforge.net > Subject: Re: [Openvpn-users] Does windows (10) client need admin rights? > > > There is little to be done about this, as Windows *requires* admin > priv

Re: [Openvpn-users] Keywords to look for that may indicate a VPN provider is providing strong encryption/decryption?

Hello Jan, Thanks for your reply. > Sent: Friday, December 16, 2016 at 2:24 PM > From: "Jan Just Keijser" > To: "Sebastian Rubenstein" , > openvpn-users@lists.sourceforge.net > Subject: Re: [Openvpn-users] Keywords to look for that may indicate a VPN > p

Re: [Openvpn-users] Experts' opinions needed: Is my VPN provider using weak or strong encryption algorithms?

Hello Jan > Sent: Friday, December 16, 2016 at 4:41 PM > From: "Jan Just Keijser" > To: "Sebastian Rubenstein" , > openvpn-users@lists.sourceforge.net > Subject: Re: [Openvpn-users] Experts' opinions needed: Is my VPN provider > using weak or strong e

Re: [Openvpn-users] Question about tls-crypt and port 443 firewall ducking

Hello Jon > Sent: Tuesday, December 20, 2016 at 8:23 PM > From: "Jonathan K. Bullard" > To: "openvpn-users@lists.sourceforge.net" > > Cc: "Kevin Long" > Subject: Re: [Openvpn-users] Question about tls-crypt and port 443 firewall > ducking > > > One approach that could help would be to use ob

Re: [Openvpn-users] Question about tls-crypt and port 443 firewall ducking

Hello > Sent: Tuesday, December 20, 2016 at 4:50 PM > From: "Jan Just Keijser" > To: "Kevin Long" , > openvpn-users@lists.sourceforge.net > Subject: Re: [Openvpn-users] Question about tls-crypt and port 443 firewall > ducking > > > the new tls-crypt feature adds some extra hiding of OpenVPN tra

Re: [Openvpn-users] Question about tls-crypt and port 443 firewall ducking

Hello Selva,   > Sent: Wednesday, December 21, 2016 at 2:54 AM > From: "Selva Nair" > To: "Sebastian Rubenstein" > Subject: Re: [Openvpn-users] Question about tls-crypt and port 443 firewall > ducking > > > > That matches with what I have heard:

[Openvpn-users] Security audit of OpenVPN on a regular basis??

Hi guys, I wonder if OpenVPN (community-edition) has ever been audited for security vulnerabilities? Ever? When was the last time OpenVPN was checked for security risks, bad coding, bad logic, backdoors? Does the software undergo a regular security audit? Like once every six months or a year?

Re: [Openvpn-users] Question about tls-crypt and port 443 firewall ducking

Hello David > Sent: Wednesday, December 21, 2016 at 8:49 PM > From: "David Sommerseth" > To: "Sebastian Rubenstein" , > openvpn-users@lists.sourceforge.net > Cc: kevin.l...@haloprivacy.com > Subject: Re: [Openvpn-users] Question about tls-crypt and port

Re: [Openvpn-users] Security audit of OpenVPN on a regular basis??

Hello, > Sent: Wednesday, December 21, 2016 at 8:35 PM > From: "David Sommerseth" > To: "Dreetjeh D" , > "openvpn-users@lists.sourceforge.net" , > "Sebastian Rubenstein" > Subject: Re: [Openvpn-users] Security audit of OpenVPN on a reg

Re: [Openvpn-users] Keywords to look for that may indicate a VPN provider is providing strong encryption/decryption?

Hello Selva, > Sent: Saturday, December 17, 2016 at 1:23 AM > From: "Selva Nair" > To: "Jan Just Keijser" > Cc: "Sebastian Rubenstein" , "openvpn users list (openvpn- > us...@lists.sourceforge.net)" > Subject: Re: [Openvpn-users] K