[Openvpn-users] Option mismatch warning: keydir

Hi, I have a server running Debian wheezy with openvpn is 2.2.1 (stock version of the distribution). When version 2.3 clients connect, the server log shows WARNING: 'keydir' is present in local config but missing in remote config, local='keydir 1' What is this keydir option? I don't have it exp

[Openvpn-users] Fwd: Strange proxy behaviour in windows not linux

On Fri, Jul 3, 2015 at 7:58 AM, wrote: > Hi > > Using proxy to get to OpenVPN server the problem is that > an identical setup in Linux works where as windows does not ... > > Please see this full thread for full details: > https://forums.openvpn.net/topic19172-15.html#p53047 > Looks like a rout

Re: [Openvpn-users] Fwd: Strange proxy behaviour in windows not linux

> > >> Looks like a routing issue. >> >> Before the VPN is started you have direct route (so-called on-link in >> windows world) to the proxy server through the route entry >> >> 172.16.0.0255.255.240.0 On-link 172.16.13.52276 >> >> After it connects and before the default rout

Re: [Openvpn-users] custom static auth plugin - returning info to the client

On Mon, Jul 6, 2015 at 9:27 AM, Matthew Karas wrote: > Just to confirm what I think you're saying is - set the environmental > variables when the function is called with > OPENVPN_PLUGIN_CLIENT_CONNECT_V2. > > > > So let's say I can set the env variables - is the only way to act upon > those envi

Re: [Openvpn-users] Management interface - bringing connection up and down

On Tue, Jul 7, 2015 at 4:08 PM, Matthew Karas wrote: > I'm using the management interface for openvpn client and I would like > to interactively stop the tun0 interface using the management > interface. > To stop I use forget-passwords hold on signal SIGHUP to just restart hold on signal SIG

Re: [Openvpn-users] Changing users at my client causes tls auth error

On Fri, Jul 10, 2015 at 8:22 AM, Matthew Karas wrote: > > I'm connected then I use > > forget-passwords > SUCCESS: Passwords were forgotten > signal SIGHUP > SUCCESS: signal SIGHUP thrown > >ECHO:1436480286,on > >HOLD:Waiting for hold release > hold release > That should work for re-connecting a

Re: [Openvpn-users] Changing users at my client causes tls auth error

On Fri, Jul 10, 2015 at 9:42 AM, Jan Just Keijser wrote: > throwing a SIGHUP does not end/exit the connection, it merely restarts > it; an "exit" message is *not* sent to the server in this case. If you > throw a SIGTERM the "exit" message will be sent, but then the client > also exits. > Even i

Re: [Openvpn-users] Moving all IPv6 traffic from client though server over vpn, can't ping from client lan?

On Fri, Aug 21, 2015 at 1:09 AM, wrote: > > > REMOTE-SERVER / OpenVpn Server > eth0 X.X.X.X > 2600:::4d00::1/64 > vpn0 10.0.0.1/24 > 2600:::4dff::1/64 > > LOCAL-ROUTER / OpenVpn Client >

Re: [Openvpn-users] Moving all IPv6 traffic from client though server over vpn, can't ping from client lan?

Hi John, > and a route on the server to the 4d09::/64 through the tunnel. Please > show us the routes on the server too. > > > ip -6 route > 2600:::4d00::/64 dev eth0 proto kernel metric > 256 pref medium > 2600:::4dff::/64 dev tun1 proto

Re: [Openvpn-users] Dynamic NAT uses only the last IP Address in range

On Sun, Sep 27, 2015 at 10:28 AM, Nikolaos Milas wrote: > On 26/9/2015 10:34 μμ, Gert Doering wrote: > > > I wonder if just pre-setting all the NAT mappings wouldn't be much > > easier? So, you know that your server is handing out 192.168.1.x - so > > why not just initialize the SNAT so that eve

Re: [Openvpn-users] tls-verify script not working

On Mon, Oct 5, 2015 at 2:15 PM, Dreetjeh D wrote: > > > > I'd add some debug statements to the script, e.g. add on the second > line. > > echo "[$0] [$1] [$2] [$3] [$4]" > Result: > * > > Mon Oct 5 19:23:14 2015 us=499434 192.168.11.32:1194 ++ Certificate has > EKU (str

Re: [Openvpn-users] tls-verify script not working

On Mon, Oct 5, 2015 at 4:48 PM, Dreetjeh D wrote: > Hello, > > So I have to say thank you, turns out the script was the culprit. > Actually it is not my script, I speak and write some languages, but > no scripting :-) > These scripts needs not be "scripts" per se -- could be a compiled C or fort

[Openvpn-users] Fwd: tls-verify script not working

On Tue, Oct 6, 2015 at 9:48 AM, Dreetjeh D wrote: > > Hello, > > >>Unless you meant ISO 639-3 languages ;) > Yes, i meant exactly that :-) > Just trying to look at an example and try to understand what it`s doing. > I have no IT background and as middle age man taking first steps i come to > real

Re: [Openvpn-users] ipset based police routing not works with openvpn.

On Tue, Oct 13, 2015 at 10:23 PM, Hongyi Zhao wrote: > > 2- Using iptables to set the mark value 200 for all of the traffic > which are destinated to google.com: > > $ sudo iptables -t mangle -A PREROUTING -m set --match-set > openvpn-test dst -j MARK --set-mark 200 > This should work for forwa

Re: [Openvpn-users] ipset based police routing not works with openvpn.

On Wed, Oct 14, 2015 at 4:42 AM, Hongyi Zhao wrote: > On Wed, 14 Oct 2015 02:05:38 -0400, Selva Nair wrote: > > > This should work for forwarded packets, but for locally generated > > traffic you will need to mangle them in the OUTPUT chain. > > I've tried with t

Re: [Openvpn-users] ipset based police routing not works with openvpn.

On Thu, Oct 15, 2015 at 8:20 AM, Hongyi Zhao wrote: > 2- With the route in table openvpn: > > $ ip route show table openvpn > default via 10.211.1.34 dev tun-gfwlist > > This time the following command will give nothing: > > > $ traceroute 8.8.8.8 > traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 6

Re: [Openvpn-users] client config fallback from 1194 udp to 80 tcp

On Wed, Oct 21, 2015 at 9:46 AM, Stefan Szabo wrote: > hi, > > without proto tcp declaration it doesnt try over tcp, all that is doing is > udp. > > if the first line is proto tcp, the first connection is over tcp, after > that jumps over UDP.UDP is tried for 5 times after that it resets from the

Re: [Openvpn-users] client config fallback from 1194 udp to 80 tcp

Hi, In case my previous reply was not clear enough: On Wed, Oct 21, 2015 at 3:21 AM, Stefan Szabo wrote: > config client: > > > remote 62.231.75.XX > port 80 > proto tcp wait 1 > > > remote 62.231.75.XX > port 1194 > proto udp wait 10 > > This will cause the client to first try 62.231.75.

Re: [Openvpn-users] client config fallback from 1194 udp to 80 tcp

Hi Gert, Yes the problem remains (see below).. On Wed, Oct 21, 2015 at 2:50 PM, Gert Doering wrote: > hi, > On Wed, Oct 21, 2015 at 01:14:26PM -0400, Selva Nair wrote: > > Why? Because of this line in the config: > > > > persist-remote-ip > [..] > > That

Re: [Openvpn-users] client config fallback from 1194 udp to 80 tcp

Hi, On Wed, Oct 21, 2015 at 4:10 PM, wrote: > - Original Message - > From: "Gert Doering" > To: "Selva Nair" > > > > >> Why? Because of this line in the config: > >> > >> persist-remote-ip > > >> Th

[Openvpn-users] Fwd: client config fallback from 1194 udp to 80 tcp

Hi, On Wed, Oct 21, 2015 at 4:48 PM, Gert Doering wrote: > Hi, > > On Wed, Oct 21, 2015 at 04:37:57PM -0400, Selva Nair wrote: > > If I'm not mistaken, persist-remote-ip pre-dates connection-list support. > > With multiple options conditionally depending on ea

Re: [Openvpn-users] client config fallback from 1194 udp to 80 tcp

On Wed, Oct 21, 2015 at 5:11 PM, wrote: > >> >>> >> Why? Because of this line in the config: >>> >> >>> >> persist-remote-ip >>> >>> >> That will keep trying X:1194 only with whatever protocol is defined >>> >> before >>> >> those lines (or udp by default), if persist-remote-ip is also >> >>> spe

[Openvpn-users] Fwd: client config fallback from 1194 udp to 80 tcp

Hi, On Wed, Oct 21, 2015 at 4:59 PM, Erich Titl wrote: > Hi Folks > > sorry to chime in late (and unsolicited) > You are welcome. > > Am 21.10.2015 um 22:48 schrieb Gert Doering: > > Hi, > > > > On Wed, Oct 21, 2015 at 04:37:57PM -0400, Selva Nair wrot

Re: [Openvpn-users] client config fallback from 1194 udp to 80 tcp

On Wed, Oct 21, 2015 at 5:39 PM, wrote: > Results you could have SHARED in the FIRST place .. > Go through the thread carefully -- I was the first to point out the conflict between persist-ip and multiple remotes. I tested this with 2.3.8 this morning seeing the OP's post, immediately replied t

Re: [Openvpn-users] [Openvpn-devel] Creating a Windows team for OpenVPN?

On Thu, Oct 22, 2015 at 2:22 PM, Morris, Russell wrote: > Hi, > > Actually, I already have nobind in my config file (and am running v2.3.8). > I tend to see 2 errors, > - CONNECTION, but with ERROR (TAP adapter hung, have to close openvpn.exe, > disable / enable TAP, restart openvpn.exe) > - TAP

Re: [Openvpn-users] Strange OpenVPN and Konica Minolta spooler conflict

On Fri, Oct 23, 2015 at 12:22 PM, Gert Doering wrote: > Hi, > > On Fri, Oct 23, 2015 at 01:48:34PM +0200, Jan Just Keijser wrote: > > I've just read the entire thread and the original "bug report" from the > > IT department - there's a lot of information that is missing. > > Can they rule out eit

Re: [Openvpn-users] Strange OpenVPN and Konica Minolta spooler conflict

On Fri, Oct 23, 2015 at 8:06 AM, Erich Titl wrote: > Hi JJK > > Am 23.10.2015 um 13:48 schrieb Jan Just Keijser: > > Hi, > > > ... > > > > > As for the strange subnet: I've seen many companies that abuse public IP > > space for their own internal networks. Provided that you get your > > routing+n

Re: [Openvpn-users] Samba and openvpn: play nice together?

Hi, This probably has nothing to do with openvpn. But here is something I noticed in your smb.conf > On Sat, Oct 31, 2015 at 4:40 PM, Douglas D Germann Sr < > 76066@compuserve.com> wrote: > > > > [global] > > workgroup = EVERYONE > > server string = h server (Samba, Ubuntu) >

[Openvpn-users] Windows: on the suspend/resume bug

Hi, After an update of the tap driver to NDIS6 (tap-windows6) on a windows 7 client, now I too see what many others have been reporting as the suspend/resume bug. Basically, openvpn.exe terminates when windows suspends (put to sleep). On resume the process is gone. The chain of events go like th

Re: [Openvpn-users] Windows: on the suspend/resume bug

On Mon, Nov 2, 2015 at 9:47 AM, Simon Deziel wrote: > > Thanks for your analysis. Indeed, this could explain the differences > > between what you saw ("no issues") and what others are seeing, and how > > to solve this. > > > > I'll give the patch a closer look - and would appreciate a few more >

Re: [Openvpn-users] Windows: on the suspend/resume bug

On Mon, Nov 2, 2015 at 10:13 AM, Morris, Russell wrote: > Hi, > > I can test it out too, and have a setup to do so. Where do I get the > updated (test) build from? > > Thanks! > Yes, it would be great if you can test it building from scratch. So If you have openvpn-build and openvpn git master,

Re: [Openvpn-users] Windows: on the suspend/resume bug

Hi, On Mon, Nov 2, 2015 at 10:36 AM, Samuli Seppänen wrote: > Hi, > > I'll produce a special OpenVPN build with Selva's patch for testing > tomorrow. > Thanks. Please note that if the GUI is used, it should be run with disconnect_on_suspend=0 to work well with the patch. Here is a patch for t

Re: [Openvpn-users] Windows: on the suspend/resume bug

On Tue, Nov 3, 2015 at 8:24 AM, Simon Deziel wrote: > On 11/02/2015 12:21 PM, Selva Nair wrote: > > > > On Mon, Nov 2, 2015 at 11:22 AM, Simon Deziel > <mailto:simon.dez...@gmail.com>> wrote: > > > > > > > > I usually test by buil

[Openvpn-users] Windows: on the TAP not getting IP issue

Hi, Arrg.. I should have never updated our windows installations ;) Now one of our laptops has hit "this hanging in no IP-land" bliss. I see this issue mentioned in some trac tickets and here on the users list. Here is what I see: after successfully passing through TLS hurdles, tun/tap open etc,

Re: [Openvpn-users] Windows: on the TAP not getting IP issue

Hi, On Wed, Nov 4, 2015 at 1:21 AM, Morris, Russell wrote: > Sorry to hear that you’re having this issue also! The only upside is that it > seems I’m not completely crazy (as no one else had reporting seeing this > yet) … ;-). There is at least one comment on the trac with the same issue. In our

Re: [Openvpn-users] Windows: on the suspend/resume bug

Hi Gert, On Wed, Nov 4, 2015 at 10:47 AM, Gert Doering wrote: > > Tue Nov 03 22:58:23 2015 Route deletion fallback to route.exe > > Tue Nov 03 22:58:23 2015 env_block: add > PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem > > Tue Nov 03 22:58:23 2015 Closing TUN/TAP interface > > Tu

Re: [Openvpn-users] Windows: on the suspend/resume bug

On Wed, Nov 4, 2015 at 10:32 AM, Simon Deziel wrote: > > On Wed, Nov 04, 2015 at 08:49:10AM -0500, Simon Deziel wrote: > >> It also works on the physical box. Thanks > > > > Thanks for testing. Could one of you send me an openvpn log with > > --verb 4 that shows what is now happening on suspend/

Re: [Openvpn-users] OpenVPN client log file filling up hard drives on random computers

Hi, On Fri, Nov 20, 2015 at 11:53 AM, Shane McKinley wrote: > I have been having an issue for some time with the log files filling > up the hard drive randomly on different computers. > > OpenVPN version: 2.3.8 > > Config files are default besides changing the server address and the > name of th

Re: [Openvpn-users] OpenVPN client log file filling up hard drives on random computers

Hi, On Fri, Nov 20, 2015 at 12:20 PM, Shane McKinley wrote: > # Silence repeating messages. At most 20 > # sequential messages of the same message > # category will be output to the log. > ;mute 20 > mute is a good insurance. Enable this. If the server is windows, pre 2.3.5 versions + tap6 dr

Re: [Openvpn-users] OpenVPN client log file filling up hard drives on random computers

On Fri, Nov 20, 2015 at 1:00 PM, Selva Nair wrote: > If the server is windows read that as "if the server or client whatever is producing the huge logs is

Re: [Openvpn-users] openvpn server pretends to be .254 for emulated dhcp server?

Hi, yet, but I just noticed that a Windows client was saying it got it's openvpn IP client address from a DHCP server running on the .254 address.. > [..] > The server is actually set up to use the .1 address (ie "ifconfig > x.y.z.1 255.255.255.0"), so as far as I'm concerned, the .254 address

Re: [Openvpn-users] openvpn server pretends to be .254 for emulated dhcp server?

On Fri, Dec 4, 2015 at 12:01 AM, Leroy Tennison wrote: > A couple of thoughts come to mind. First, if node 254 is always active > then "well-behaved" DHCP clients should test for that and never accept > that address. > All this dhcp thing is just an exchange between the TAP interface and the DH

Re: [Openvpn-users] openvpn server pretends to be .254 for emulated dhcp server?

On Fri, Dec 4, 2015 at 7:16 PM, Jan Just Keijser wrote: > Hi Selva, *, > > Hi! > > On 04-Dec-15 06:55, Selva Nair wrote: > > On Fri, Dec 4, 2015 at 12:01 AM, Leroy Tennison < > leroy.tenni...@verizon.net> wrote: > >> A couple of thoughts come to min

Re: [Openvpn-users] openvpn server pretends to be .254 for emulated dhcp server?

Hi On Fri, Dec 4, 2015 at 9:01 PM, Jason Haar wrote: > On 05/12/15 14:05, Selva Nair wrote: > > That would be fine too. Say the second client gets 10.200.0.3 with > > dhcp server at 10.200.0.254 (the default). The client will send the > > dhcp packet to .254 (or to 255.2

Re: [Openvpn-users] openvpn server pretends to be .254 for emulated dhcp server?

Hi, On Sun, Dec 6, 2015 at 3:16 PM, Jason Haar wrote: > On 05/12/15 15:10, Selva Nair wrote: > > OpenVPN will fail with an error saying dhcp server address conflicts > > with the client ip. > > You can change this default behaviour using "ip-win32 dynamic 0" to

Re: [Openvpn-users] Routing

On Mon, Dec 7, 2015 at 12:53 AM, Axel Glienke wrote: > i have a little question. > > My system: > > ip route: > 0.0.0.0/1 via 10.8.0.5 dev tun0 > default via 192.168.2.1 dev br0 proto static metric 425 > 10.8.0.1 via 10.8.0.5 dev tun0 > 10.8.0.5 dev tun0 proto kernel scope link src 10.8.0.6

Re: [Openvpn-users] Routing between two LAN

Hi, On Tue, Dec 8, 2015 at 5:00 AM, Vnpenguin wrote: > > Here's my current config: http://pastebin.com/i92SA4dh > Configs are ok, except for the redundant push that Jan Just mentioned. Here's my network schema: http://s12.postimg.org/lvl9llv19/Open_VPN_1.png > > With these config, I CAN : > 1

Re: [Openvpn-users] Routing

Hi On Mon, Dec 7, 2015 at 6:45 AM, Axel Glienke wrote: > > my Konfiguration for example: > > Client --r5d.de --> rootserver (r5d.de) ---forwarding: vpn10.8.0.6 --> > myhomeserver > > So i want that only incoming traffic (requests for server) routing > back to the vpn/tun0 > Then "rootserver" mu

Re: [Openvpn-users] [Openvpn-devel] Kickstarter campaign for auditing and improving security software, including OpenVPN

Hi On Wed, Dec 9, 2015 at 4:06 AM, Samuli Seppänen wrote: > > OSTIF.org's website contains lost of information about OSTIF.org itself: > > > > The founder of OSTIF.org participated in our previous community meeting, > explaining the goals of their project: Is this OSTIF a

Re: [Openvpn-users] [Openvpn-devel] Kickstarter campaign for auditing and improving security software, including OpenVPN

Hi, Just to be on record, I managed to get in touch with ostif and got a response. Is this OSTIF a really serious organization? > > I ask this because no contact addresses on their webpage though they > solicit donation. Email to webmas...@ostif.org bounces (no such user) > etc. etc.. Many pages

Re: [Openvpn-users] "Safe" configurations for installation without admin privileges?

Hi, On Wed, Dec 9, 2015 at 4:03 PM, Jonathan K. Bullard wrote: > Inspired by Gert Doering (but don't blame him for any of my bad ideas > : ), I'm considering adding a feature to Tunnelblick (a FOSS GUI for > OpenVPN on OS X) that would allow a standard user on a Mac to install > "safe" OpenVPN c

Re: [Openvpn-users] Fwd: "Safe" configurations for installation without admin privileges?

uiet, a little more noise wont hurt, I hope. > Sorry to butt in a little late, see my comments below > > Jonathan K. Bullard wrote: > > Sorry, forgot to cc: the list. > > > [..] > > On Wed, Dec 9, 2015 at 6:35 PM, Selva Nair wrote: > > > >> Also I pr

Re: [Openvpn-users] windows start as administrator

Hi, On Thu, Dec 10, 2015 at 3:24 AM, Kapetanakis Giannis < bil...@edu.physics.uoc.gr> wrote: > 90% of our support tickets have to do with our users on windows not > running OpenVPN > as administrator. Connection seems ok but they disconnect after a while > (not able to install routes) which in no

Re: [Openvpn-users] windows start as administrator

Hi, On Thu, Dec 10, 2015 at 9:02 PM, Morris, Russell wrote: > Hi, > > > Checked it out (very remotely, trans-Atlantic flight … LOL). > That's funny. > Works great, thanks! And with admin rights, it properly pushes my routes > (that were broken with non-admin). > Thanks for testing. I am not

Re: [Openvpn-users] windows start as administrator

Hi, On Fri, Dec 11, 2015 at 6:06 AM, ValdikSS wrote: > I'd like that OpenVPN would automatically gain needed privileges in 2.3.9 > but I'm not sure if this is acceptable for all use cases. Could we run it > as administrator by default until we have working NSSM in a default > installation? > On

Re: [Openvpn-users] windows start as administrator

Hi, On Fri, Dec 11, 2015 at 2:34 PM, Simon Deziel wrote: > > > > Actually this is what people do today (set the shortcut to the gui to > > "[X] run as admin") to work around the permission issues. > > > > Never thought of doing this for openvpn.exe, though. But then, I won't > > claim to unders

Re: [Openvpn-users] windows start as administrator

Hi, On Fri, Dec 11, 2015 at 2:24 PM, Gert Doering wrote: > On Fri, Dec 11, 2015 at 11:08:16AM -0500, Selva Nair wrote: > [..] > > The test I posted was of requiring admin for the GUI itself (IMO, a bad > > idea). > > I just assumed requiring admin for openvpn.exe (thoug

Re: [Openvpn-users] windows start as administrator

Hi, On Fri, Dec 11, 2015 at 7:16 PM, Kapetanakis Giannis < bil...@edu.physics.uoc.gr> wrote: > > On 11/12/15 23:25, Selva Nair wrote: > > On Fri, Dec 11, 2015 at 2:24 PM, Gert Doering wrote: > >> >> Actually this is what people do today (set the shortcut to the

Re: [Openvpn-users] How to successfully post to the Forum?

On Thu, Dec 17, 2015 at 1:32 PM, Jeff Boyce wrote: > Is there a Forum moderator listening here, or someone else that might > know what special incantation or secret password (sarcasm) is needed to > get a message posted on the OpenVPN Forum? > No idea. But I too tried to post a few times and po

Re: [Openvpn-users] How exactly does setting the option "block-outside-dns" help for Linux and BSD users?

Hi, On Fri, Dec 18, 2015 at 8:24 PM, ValdikSS wrote: > Well, actually Linux can leak DNS requests too, just as Windows 7 and > older. The leak is usually occurs when DNS didn't respond in time and it > falls back to secondary server which could be your ISP one. > Windows 8.1 and 10 is another st

Re: [Openvpn-users] Fw: Windows installers with OpenVPN-GUI that requests highest available privileges

On Mon, Jan 4, 2016 at 1:10 PM, Samuli Seppänen wrote: > >> Basically, for my W7 64b machine .. > >> the right arch (64b) installled as expected, with UAC prompts > >> GUI did *not* request elevation when started by normal user > > This matches the behavior I observed today with my Windows Server

Re: [Openvpn-users] Issue getting to LAN behind VPN Server

On Tue, Jan 5, 2016 at 1:34 PM, Jeff Boyce wrote: > > My issue description is posted at > https://forums.openvpn.net/topic20369.html. > > I believe that my problem is a routing issue, but I have exhausted my > avenues of research and knowledge. The configs and routes on server & router look fin

Re: [Openvpn-users] Fw: Windows installers with OpenVPN-GUI that requests highest available privileges

Hi, On Wed, Jan 13, 2016 at 5:22 PM, wrote: > It would appear that an issue has arisen: > https://forums.openvpn.net/topic20734.html > > any further info appreciated. > This post in the forum describes a set up where the users are not supposed to have admin privileges. If so, create users with

Re: [Openvpn-users] Download verification methods

On Mon, Feb 22, 2016 at 9:34 AM, wrote: > arby@mint64-dik-xpc ~/Downloads $ gpg -v --verify > openvpn-install-2.3.10-I002-i686.exe.asc > openvpn-install-2.3.10-I002-i686.exe > gpg: armour header: Version: GnuPG v1 > gpg: Signature made Mon 01 Feb 2016 12:45:32 GMT using DSA key ID 198D22A3 > gpg:

Re: [Openvpn-users] separate config directories for Windows client

On Tue, Feb 23, 2016 at 7:42 AM, Helen Heath wrote: > Is it possible to alter the .opvn files to point to their respective > ta.key files in a different subdirectory? I have this set in my .opvn > configs > > tls-auth ta.key 1 > The GUI works with configs in sub directories of the config direct

Re: [Openvpn-users] separate config directories for Windows client

On Tue, Feb 23, 2016 at 8:51 AM, Helen Heath wrote: > Thanks Selva - I tried that, and the OpenVPN client just complained there > wasn't a valid config file at that location. But the config file works > just fine if it's back in the actual config directory. That's why I > believed you couldn't

Re: [Openvpn-users] --mtu-disc vs --mtu-test

Hi, On Tue, Feb 23, 2016 at 1:44 PM, wrote: > due to a distinct lack of developer support > from the windows server base > simple common sense * implies ALL Win OS > so not supported by *any* windows OS. > > MAC .. as if .. > BSD .. yeah right .. > > Bottom line: > --mtu-disc *Not Implemented* >

Re: [Openvpn-users] separate config directories for Windows client

On Tue, Feb 23, 2016 at 3:54 PM, David Sommerseth < open...@sf.lists.topphemmelig.net> wrote: > > try using double backslashes and escape spaces: > > --connect "c:\\program\ files\\openvpn\\config\\config1\\config1.ovpn" > > > > or use > > --connect "c:/program files/openvpn/config/config1/config1

Re: [Openvpn-users] separate config directories for Windows client

Hi, On Tue, Feb 23, 2016 at 4:04 PM, Helen Heath wrote: > Thanks Selva, tried it and it did exactly as you said. Problem solved, > thank you! > Good to know. For those who are in the dark about the GUI: PR#18 will support two config directories (one global and one user-specific, located in t

Re: [Openvpn-users] openvpn site-to-site configuration

On Tue, Feb 23, 2016 at 7:07 PM, tovis wrote: > The routers configuration, resulting settings and logs are on pastebin: > server side (tovis-lab): http://pastebin.com/3VRAadXz > client side (tovis-lak): http://pastebin.com/h8Ctfmx2 > server side LAN is 192.168.1.0 255.255.255.0 tunnel is 10.8.0.1

Re: [Openvpn-users] openvpn site-to-site configuration

Hi, On Wed, Feb 24, 2016 at 5:48 AM, tovis wrote: > Hi. > Thanks for answer! > At now I have use loglevel 5 (several time I was used level 9 but it was > useless - too many information). > I'm trying to find reading iroute from ccd directory but I do not find it > or is it not so obvious, do you

Re: [Openvpn-users] openvpn site-to-site configuration

On Wed, Feb 24, 2016 at 10:24 AM, tovis wrote: > Thanks for your answer! > On this (old 12.0.9 OpenWrt) /etc/config/openvpn contain only an include > to real configuration file /etc/openvpn/srv-vpn.conf > I this directory are also keys (such as ca.crt, ca.key, server.crt etc.) > ca cert etc are

Re: [Openvpn-users] Odd Windows error

On Wed, Feb 24, 2016 at 4:32 PM, Gregory Sloop wrote: > New Windows install on a new machine. > New OVPN install too, obviously. > > I'm using old config files, but I don't think the config file is part of > the problem. > > The error I keep getting in the logs, follows. [Repeats endlessly.] > --

Re: [Openvpn-users] Odd Windows error

On Wed, Feb 24, 2016 at 7:44 PM, Gregory Sloop wrote: > Might I mention though, dev-group, that that timeout message is worse than > worthless. Might as well have it say "Something went wrong." That would at > least be intelligible. :) Looking at the latest sources it appears to have been alrea

Re: [Openvpn-users] Allowing all OpenVPN 2.4.x Windows users to run OpenVPN by default?

On Thu, Mar 3, 2016 at 3:38 PM, Jason Haar wrote: > On Fri, Mar 4, 2016 at 1:38 AM, Gert Doering wrote: > >> I think this needs to be a question the installer asks. >> > > I agree. Let's face it, the use-case you are talking about is an > organization using something like SCCM to roll out openvp

Re: [Openvpn-users] Windows client without admin rights

On Fri, Mar 4, 2016 at 11:01 AM, Németh Tamás wrote: > Thank you very much for your answer. > > > > I've read that it's not possible to run OpenVPN on Windows from a > > > non-admin user account. > > > This issue has been fixed recently: it is possible to run OpenVPN as a > > non-admin user i

Re: [Openvpn-users] Windows client without admin rights

On Fri, Mar 4, 2016 at 11:01 AM, Németh Tamás wrote: > > A while back created a test build that should work as non-admin just > fine: > > > > < > http://build.openvpn.net/downloads/temp/openvpn-install-2.3_guipr18and20-I606-x86_64.exe > > > > > > Note that the user has to be in the "Administrator

Re: [Openvpn-users] Allowing all OpenVPN 2.4.x Windows users to run OpenVPN by default?

Hi, On Sat, Mar 5, 2016 at 5:35 AM, Németh Tamás wrote: > > > Well, what if there would be a checkbox in the installer labeled with > something like "Only members of this group are allowed to use OpenVPN:" and > then a dropdown list of local(?) Windows groups. One of the listed groups > migh > b

Re: [Openvpn-users] Allowing all OpenVPN 2.4.x Windows users to run OpenVPN by default?

Hi, Thanks for the comments. On Sat, Mar 5, 2016 at 6:40 PM, Németh Tamás NET wrote: > What if you add a config option to profile files which is similar to > "valid users" of samba's smb.conf? This option might be mandatory in > systemwide profiles and optional in personal profiles. Only users

Re: [Openvpn-users] Changing openvpn dhcp pool

Hi, On Sun, Mar 6, 2016 at 9:15 AM, Zoltán Szabó wrote: > I would like to have dynamic IPs assigned from this range: > 10.8.1.0 - 10.8.1.254 > > For this, I would like to use a /23, so 255.255.254.0 > Exclude the last address 10.8.1.254 from the range as that will clash with the internal dhcp se

Re: [Openvpn-users] Changing openvpn dhcp pool

On Sun, Mar 6, 2016 at 2:17 PM, Zoltán Szabó wrote: > Sun Mar 06 19:33:39 2016 Set TAP-Windows TUN subnet mode > network/local/netmask = 10.8.1.0/10.8.1.2/10.8.1.1 [SUCCEEDED] > Sun Mar 06 19:33:39 2016 MANAGEMENT: Client disconnected > Sun Mar 06 19:33:39 2016 ERROR: --ip-win32 dynamic [offset]

Re: [Openvpn-users] Changing openvpn dhcp pool

On Sun, Mar 6, 2016 at 4:18 PM, Zoltán Szabó wrote: > Ok it is better now after some changes, IP addresses are assigned > correctly from the two ranges. but non of the clients can reach each other, > even ping is not working. > Your configs look ok, but the routing table on the dhcp client is w

Re: [Openvpn-users] [Openvpn-devel] Samsung Galaxy S6 to android 6.0.1 powersave

Hi, On Mon, Mar 7, 2016 at 9:55 AM, wrote: > An interesting tid-bit about Samsung Galaxy S6 to android 6.0.1 > and OpenVPN Connect > > https://forums.openvpn.net/post59478.html#p59478 > Sounds, suspiciously similar to the sleep-resume issue we had on windows.. The interface probably suspends an

Re: [Openvpn-users] Lost functionality after windows 10 upgrade

Hi, On Mon, Mar 7, 2016 at 5:14 PM, Gregg K wrote: > Now I lost the ability to connect to any of the computers behind the VPN. > I > have tried disabling the firewall, and I still cannot ping the internal > network. I can ping the VPN IP address, which is 10.8.2.1, and I can also > can ping the

Re: [Openvpn-users] Site-to-site: VPN'd into one Site

Hi, On Mon, Mar 28, 2016 at 3:37 PM, Sumit Dahiya wrote: > You are right, our current site-to-site setup does not use OpenVPN. > Instead, > it uses router's built-in functionality. Couple of additional facts based > on > your comments: - > > 1. Our OpenVPN does not run on the router - it runs on

Re: [Openvpn-users] Site-to-site: VPN'd into one Site

Hi, On Mon, Mar 28, 2016 at 4:31 PM, Sumit Dahiya wrote: > Sat Mar 26 01:13:08 2016 PUSH: Received control message: 'PUSH_REPLY,route > 192.168.1.0 255.255.255.0,route 192.168.2.0 255.255.255.0,redirect-gateway > def1 bypass-dhcp,dhcp-option DNS 192.168.1.1,route 10.8.0.1,topology > net30,ping 1

Re: [Openvpn-users] Different behavior when OpenVPN is started as a service through systemd

On Wed, Mar 30, 2016 at 12:06 PM, Piotr Dobrogost < p...@2016.forums.dobrogost.net> wrote: > Please note that I inserted > ExecStartPre=/usr/bin/env > to /usr/lib/systemd/system/openvpn@.service template and I see > OPENSSL_ENABLE_MD5_VERIFY=1 > in the journal logs meaning this env variable is set

Re: [Openvpn-users] restrict access to certain users

Hi, On Fri, Apr 1, 2016 at 12:13 PM, Kapetanakis Giannis wrote: > Hi, > > Is there an option (i can't find on man) that will allow admin to > restrict access to certain users? > There are several ways to do this: (i) --tls-verify verify.sh In verify.sh you could check the common name against

Re: [Openvpn-users] Problems Configuring OpenVPN on Centos 6.6

Hi, On Sun, Apr 10, 2016 at 4:41 PM, H wrote: > I am having a problem configuring an OpenVPN server on a Centos 6.6 > server and am not sure where the problem is. Despite reviewing several > how-tos on the setup and making sure port 1194 is open on my router I am > unable to have a client connec

Re: [Openvpn-users] Increasing reneg-sec interval

Hi, On Mon, May 9, 2016 at 1:26 PM, dev wrote: > We use one-time passcodes as well as client/server certs for > authentication. I think what is happening is the re-key process is not > able to re-use the OTP so it fails and the user has to re-connect every > hour. > One way to handle this is by

[Openvpn-users] Fwd: Windows client without admin rights

missed to cc: the list Hi, On Wed, May 18, 2016 at 2:53 PM, debbie10t wrote: > On 16/05/16 19:59, Gert Doering wrote: > > Hi, > > > > On Sun, May 08, 2016 at 02:25:42PM -0400, Doug Lytle wrote: > >> Gert Doering wrote: > >>> These bits are not yet "interactive-service'ified". > >>> > >>> Patch

Re: [Openvpn-users] Split Tunnel on a per client basis

> ... > > Thank you Gert for all your advice, > > I also thank Selva Nair, who replied off-list. > off-list was by mistake :) > You have been very helpful and detailed, and I sincerely appreciate it. > > I decided to try the above solution first (as most handy), a

Re: [Openvpn-users] openvpn-client: limit ifconfig/route statements pushed by server

Hi, On Mon, May 16, 2016 at 10:44 AM, Chris Laif wrote: > Thanks Gert, I would be happy to a feature like that. Trac ticket is > http://community.openvpn.net/openvpn/ticket/682 > > I trust the remote VPN endpoint by sending pakets which are designated > to go there. I do *not* trust the remote t

Re: [Openvpn-users] Evaluating Openvpn management interface externally via application

Hi, On Thu, May 26, 2016 at 4:40 AM, Lamsoge, Abhijit wrote: > Hi All, > > I am trying to write python and C based application for modifying > “OpenVpn” in client mode via management interface. > > I need to do the following > > - Update the remote server the vpn client connects to at r

Re: [Openvpn-users] OpenVPN and IPTables

Hi, On Thu, May 26, 2016 at 4:00 PM, Scott Crooks wrote: > > So I did some testing with forwarding rules in place. Still having a bit > of trouble understanding why it's not working. As David recommended, I used > the wiki page here as a reference: > https://community.openvpn.net/openvpn/wiki/Br

Re: [Openvpn-users] reconnecting and block-outside-dns conflict ?

On Fri, May 27, 2016 at 7:56 AM, debbie10t wrote: > Hi, > > This is the original question: > https://forums.openvpn.net/viewtopic.php?f=4&t=21797 > > The gist is: > If a connection is dropped and --block-outside-dns is > blocking access to local DNS then how can the client > reconnect if it canno

Re: [Openvpn-users] Split Tunnel on a per client basis

On Fri, May 27, 2016 at 3:23 PM, Nikolaos Milas wrote: > > In your server config add push "route-gateway 10.12.12.1". This is > > automatically done (for topology subnet) if --server option is used to > > setup the server ip, ip-pool etc, not otherwise. Also see --server and > > --route options i

Re: [Openvpn-users] reconnecting and block-outside-dns conflict ?

On Tue, May 31, 2016 at 8:48 AM, debbie10t wrote: > On 27/05/16 16:50, Selva Nair wrote: > >> On Fri, May 27, 2016 at 7:56 AM, debbie10t wrote: >> >> Hi, >>> >>> This is the original question: >>> https://forums.openvpn.net/viewtopic.php?f=4&

Re: [Openvpn-users] openvpn-client: limit ifconfig/route statements pushed by server

Hi, On Fri, Jun 10, 2016 at 4:47 PM, Chris Laif wrote: > On Wed, May 25, 2016 at 4:04 AM, Selva Nair wrote: > > This looks like a very useful feature that I went ahead and took a stab > at > > it. See PR #50 at > > https://github.com/OpenVPN/openvpn/pull/50 > &g

Re: [Openvpn-users] Evaluating Openvpn management interface externally via application

On Fri, Jun 10, 2016 at 7:55 AM, Lamsoge, Abhijit < abhijit.lams...@harman.com> wrote: > Although management hold release stops vpn daemon from running further. > > It does not seem to work for me beyond that. > As when I do try to change the remote server using > > >remote MOD > > The server si

  1   2   3   4   >