Hi,
On Thu, Feb 8, 2018 at 3:15 AM, Samuli Seppänen wrote:
> Il 07/02/2018 21:58, David Sommerseth ha scritto:
>> On 07/02/18 20:32, Илья Шипицин wrote:
>>> After auth-token were introduced, when user press "Reconnect", it leads to
>>> auth fail (saved password is forgotten), we run about 1000 us
Hi,
On Thu, Feb 8, 2018 at 12:07 PM, Arne Schwabe wrote:
> Am 08.02.18 um 16:31 schrieb Selva Nair:
>> Hi,
>>
>> On Thu, Feb 8, 2018 at 7:20 AM, David Sommerseth
>> wrote:
>>> On 08/02/18 04:36, Antonio Quartulli wrote:
>>>>
>>>>
>&
Hi,
On Thu, Feb 8, 2018 at 2:21 PM, blz wrote:
> On 2/7/2018 13:00 PM, Selva Nair wrote:
>
> One way for the GUI to handle the current situation is to not take the first
> AUTH_FAILED seriously (i.e keep the saved password) when auth-token is in
> use. But I would consider that a
Hi,
On Fri, Feb 9, 2018 at 3:33 AM, Samuli Seppänen wrote:
> Il 09/02/2018 07:41, Илья Шипицин ha scritto:
>>
>>
>> 2018-02-08 20:40 GMT+05:00 Selva Nair > <mailto:selva.n...@gmail.com>>:
>>
>> Hi,
>>
>> On Thu, Feb 8, 2018 at
Hi
,
On Wed, Feb 14, 2018 at 5:47 PM, fragmentux wrote:
> Hi,
>
>
> On 13/02/18 21:04, David Sommerseth wrote:
>>
>> On 13/02/18 17:21, Илья Шипицин wrote:
>>>
>>> personally, I would like something like "preconnect script" which will
>>> check
>>> something and decide "we are in a place, where vp
Hi,
On Tue, Feb 13, 2018 at 4:04 PM, David Sommerseth
wrote:
> On 13/02/18 17:21, Илья Шипицин wrote:
>> personally, I would like something like "preconnect script" which will check
>> something and decide "we are in a place, where vpn is not needed"
>
> This feature has been requested numerous t
Hi,
On Fri, Feb 16, 2018 at 12:05 AM, Илья Шипицин wrote:
> It might be only configured using gui/registry, right?
>
> Conditional configuring using ovpn files is not possible ? (Like "use those
> scripts only on windows)
The scripts I am referring to are run by the Windows GUI and are not
speci
Hi,
On Fri, Feb 16, 2018 at 8:25 AM, fragmentux wrote:
>
>
> On 16/02/18 03:43, Selva Nair wrote:
>>
>>
..
>>
>>
>> The Windows GUI already supports a preconnect script. It waits on the
>> script for a user defined timeout seconds and abort the
Hi,
Anyone using --cryptoapicert option on Windows with hardware tokens? If so
could you please test 2.4.5 and the patched executable here:
https://github.com/selvanair/openvpn/releases/tag/cng-fix
I'm particularly interested in cases where TLS 1.2 is negotiated with
tokens accessed via Windows C
Hi JJK,
On Fri, Apr 13, 2018 at 9:12 AM, Jan Just Keijser wrote:
> Hi,
>
> On 11-Apr-18 19:54, Selva Nair wrote:
>
> Hi,
>
> Anyone using --cryptoapicert option on Windows with hardware tokens? If so
> could you please test 2.4.5 and the patched executable here:
> h
Hi,
On Fri, Apr 27, 2018 at 12:25 PM, Leroy Tennison
wrote:
> Is there a way to get these messages to be sent to the log file specified in
> OpenVPN's configuration file? I see a reference to the "--echo [parms...]"
> configuration but there is no explanation about the definition of parms.
> Tha
-exit-notify) - but that implied that
> a 2.3 config
>
>
> ...
>
>
> ...
>
> explicit-exit-notify 3
>
>
> all of a sudden had *no* explicit-exit-notify configured anymore, instead
> of "for all profiles". Thus, warning.
>
> The warning is not relevant for pushed confi
Hi,
On Sat, May 26, 2018 at 4:14 PM, Gena Makhomed wrote:
> Hello, All!
>
> I use OpenVPN 2.4.6 on CentOS 7.5 from EPEL repo.
>
> I put in configuration file:
>
> log /var/log/openvpn-routers.log
> mute 20
> verb 0
>
> but still see in log file this message:
>
> Sat May 26 22:30:48 2018 do_ifconf
Hi,
On Tue, Jun 26, 2018 at 3:36 PM, Jason Haar wrote:
> Nope - didn't make any difference. I've tried TCP and UDP (with link-mtu
> 1200) - no difference.
>
> There probably aren't many people out there who tried openvpn on a Windows
> server. Probably a corner case. I think it would be best fo
Hi,
Currently OpenVPN core supports dynamic CR from console input
and the Windows OpenVPN-GUI also supports it. The following
comments are based on those implementations:
On Wed, Jun 27, 2018 at 5:56 PM, Jonathan K. Bullard
wrote:
>
> Hi.
>
> I'm hoping to implement challenge/response ("CR") in
Hi
On Thu, Jun 28, 2018 at 4:28 PM, Jonathan K. Bullard
wrote:
>>> 2. In Dynamic CR, what is the purpose of _not_ requiring a response?
>>> Is it to display a message without a text input box and have the user
>>> only able to click "OK" or "Cancel" (and disconnect if the user clicks
>>> "Cancel
Hi,
On Mon, Jul 23, 2018 at 12:49 PM, Johannes Bauer wrote:
> Hi list,
>
> I'm setting up a concentrator on Debian Stretch using OpenVPN 2.4.0 and
> have a Ubuntu client on 2.4.4. My clients have PKCS#11 smart cards with
> secp256r1 ECC certificates/private keys. Key handling works fine with
> pk
On Tue, Jul 24, 2018 at 4:37 AM, Johannes Bauer wrote:
>
> However, now I run into a separate issue, namely a hang at the PIN prompt:
>
> Tue Jul 24 10:20:20 2018 us=793936 PKCS#11: Calling pin_prompt hook for
> 'UserPIN (SmartCard-HSM)'
>
> This is a know issue since 2015, unfortunately:
> https:
Hi,
On Tue, Jul 24, 2018 at 5:26 PM, David Sommerseth
wrote:
> On 24/07/18 16:25, Selva Nair wrote:
>> On Tue, Jul 24, 2018 at 4:37 AM, Johannes Bauer wrote:
>>>
>>> However, now I run into a separate issue, namely a hang at the PIN prompt:
>>>
>>&g
Hi,
On Wed, Jul 25, 2018 at 4:04 AM, Gert Doering wrote:
> Hi,
>
> On Tue, Jul 24, 2018 at 11:26:40PM +0200, David Sommerseth wrote:
>> No matter how much I really dislike this, I do acknowledge this needs to be
>> fixed. I have played a little bit with this to look at workarounds, but the
>> mo
On Wed, Jul 25, 2018 at 5:27 PM, David Sommerseth
wrote:
> On 25/07/18 18:27, Selva Nair wrote:
>> Hi,
>>
>>
>> While replacing pkcs11-helper may be a good goal, I think the PIN
>> prompt issue is beyond that and will not be solved by just using some
>> ot
Hi,
If its not some other startup enrty as tincantech pointed out, please read
on:
On Wed, Jan 23, 2019 at 9:07 AM Jan Just Keijser wrote:
> hi all,
>
> how do I disable the automatic startup of OpenVPN on Windows?
> I can disable the "Automatically start" button in the GUI all I like,
> but ne
HI,
On Tue, Mar 5, 2019 at 6:56 AM wrote:
> Hi,
>
>
>
> As I recently installed openvpn on Ubuntu server. And somewhat configured
> the client to connect the server successfully.
>
>
>
> Openvpn Version : 2.4.4
>
> Server : Ubuntu 18.04
>
>
>
> Openvpn Server LAN IP : 192.168.1.2
>
> LAN Network
Hi,
On Thu, Mar 7, 2019 at 10:40 AM Lars Schotte wrote:
> Very nice, thanks for the advice.
>
> I think the reason why this question comes up so often is that when you
> google it you will get thousends of howtos how to configure a OpenVPN
> server on CentOS which is obviously not what I am tryi
Hi JJK,
On Fri, Jun 7, 2019 at 11:09 AM Jan Just Keijser wrote:
>
> hi all,
>
> in the eduVPN project we've run into a strange issue:
> HP Envy laptops running Windows 10 have a "handy" feature to
> automatically switch from wifi to a 'wired' adapter if one is detected.
> The use case behind this
On Fri, Jun 7, 2019 at 4:54 PM David Sommerseth
wrote:
>
> On 07/06/2019 19:19, Selva Nair wrote:
> [...snip...]
> > They don't seem to have a link to download the patched source (have to
> > make a request by email -- no idea whether a paid license is also
> > re
On Mon, Jun 10, 2019 at 4:50 AM Samuli Seppänen wrote:
>
> Il 07/06/19 20:19, Selva Nair ha scritto:
> > Hi JJK,
> >
> > On Fri, Jun 7, 2019 at 11:09 AM Jan Just Keijser wrote:
> >>
> >> hi all,
> >>
> >> in the eduVPN project we'
On Tue, Jun 11, 2019 at 3:32 AM Jan Just Keijser wrote:
>
> Hi,
>
> for the record: we've done tests with a modified .INF file and we've
> set the characteristics to 0x01 in the registry , but to no avail - the
> wifi connection is still shut down when the tunnel comes up.
That was a shot in the
Hi,
On Tue, Jul 23, 2019 at 9:50 AM Stefan Szabo via Openvpn-users
wrote:
>
> hi,
>
> is there any posibility to restrict users connecting to openvpn server,
> permit only those who uses devices provided by company?and how can be
> acomplished this?
> after check the cert and also LDAP goup to
Hi,
On Fri, Jul 26, 2019 at 9:52 AM Stefan Szabo wrote:
>
> hi,
>
> thanks for the answers, I still have one question:
> in order to
> "Verify that a given Access Server user only logs in using
> a known client machine, by using the MAC address of the client
> machine as a hardware ID."
>
> d
Copying the users list
Hi,
On Sun, Jan 19, 2020 at 3:34 PM John Ottander wrote:
>
> Hi,
>
> I found your openvpn-devel mailing list post from last April regarding an
> error with openvpn and and yubikey authentication with openssl 1.1.1.
>
> I am having the similar error and I was curious if yo
Hi,
On Sun, Mar 1, 2020 at 2:17 AM Gert Doering wrote:
>
> Hi,
>
> On Sun, Mar 01, 2020 at 05:37:15AM +, Leroy Tennison via Openvpn-users
> wrote:
> > Admittedly, and older server version (2.3) but is there a way to specify
> > multiple DNS search suffixes for a Windows (10 if that makes a
Hi
On Wed, Apr 1, 2020 at 10:17 AM Dajka Tamás wrote:
> Hi all,
>
>
>
> I’ve a _*working*_ server-client setup (tap + L2 bridge; server-bridge
> with on-lan DHCP), where the pam-auth plugin does the authentication (OTP
> with static-challenge, works OK). However, if I disable the plugin
> authen
Hi,
On Wed, Apr 1, 2020 at 4:39 PM Dajka Tamás wrote:
> Hi Selva,
>
>
>
> you were right, I did forget the closing ’END’. Somehow I failed to notice
> it in your script.
>
>
I do not think you carefully read what I wrote :) I use "client-auth-nt" in
my script and do not send "END" -- its not req
Hi
On Thu, Apr 2, 2020 at 4:38 PM Dajka Tamás wrote:
>
> Plugin part, when management-client is used:
>
>
>
> CLIENT_PUBLIC_IP:49712 TLS: Username/Password authentication deferred for
> username 'mysecretuser' [CN SET]
>
> CLIENT_PUBLIC_IP:49712 TCPv4_SERVER WRITE [308] to
> [AF_INET]CLIENT_PUBL
Hi Tom,
Your last log showed
MANAGEMENT: CMD 'client-auth 0 0'
but no
MANAGEMENT: CMD 'END'
That's what I meant.
Anyway, I have not been able to reproduce this. If you privately send me
the server and client configs (remove the certs and keys), server and
client logs in full at verb=4, and yo
Hi,
On Fri, Apr 3, 2020 at 5:06 PM Nathan Stratton Treadway
wrote:
>
> As I mentioned in the previous email, the
> emvista.inf_amd64_6d4bec28a2ef0cdf has a timestamp which coincides with
> the moment that the OpenVPN installer was being run.
>
> However, I noticed that the oem43.inf file does ha
Hi
> > The sha1sums of the two versions of the file are:
> > =
> > $ sha1sum *{program,system32}*tap09*
> > 42189b6a1b8c736397113bfc2283f5e1e1a44e8e
> failed_program-files_tap0901.sys
> > [the 39,920-byte file]
> > 841a86f416a882b0743fd6d9c9f29baf3ed06b6a
> failed_system32-drivers_tap0901.s
On Sat, Apr 4, 2020 at 7:45 PM Nathan Stratton Treadway
wrote:
> On Sat, Apr 04, 2020 at 18:40:06 -0400, Selva Nair wrote:
> > Is it possible that the user might have mistakenly installed the windows
> 7
> > version of 2.4.8 on this machine before the reset? The fact that the
Hi,
On Tue, Apr 7, 2020 at 2:15 PM Colin Ryan wrote:
> Folks,
>
> I'm working with GUI-11 and all is fine. However I'd like to have the
> default GUI configuration for my users be silent (i.e.not have the
> status log window open up with the password dialog)
>
>
> I realize there is the silent_c
Hi,
>
> If the optional dir flag is specified, enable a different mode where
> crl is a directory containing files named as revoked serial numbers
> (the files may be empty, the contents are never read). If a client
> requests a connection, where the client certificate serial number
> (decimal s
Hi,
On Thu, Apr 16, 2020 at 10:41 PM tincanteksup wrote:
>
> Missing the point completely.
>
> *Why* does openvpn expect a decimal value for something which is clearly
> intended to be and is at source Hex.
What the the ideal format should be is arguable, but the "source" is
not in hex. Serial n
Hi,
On Tue, Apr 21, 2020 at 12:44 PM Vertigo Altair
wrote:
> Hi OpenVPN People,
> I have a OpenVPN server, in this server, I'm authenticating users with my
> external program (via --auth-user-pass-verify option). There is no problem
> in this situation.
> I want to add Two Factor Auth. with goog
On Fri, Apr 24, 2020 at 7:10 AM David Sommerseth <
open...@sf.lists.topphemmelig.net> wrote:
> On 21/04/2020 20:34, Selva Nair wrote:
> > Hi,
> >
> > On Tue, Apr 21, 2020 at 12:44 PM Vertigo Altair <
> vertigo.alt...@gmail.com
> > <mailto:vertigo.alt...
Hi,
On Thu, Apr 30, 2020 at 11:16 AM Dajka Tamás wrote:
> Hi All,
>
>
>
> I assume the issue from 2017 with auth-nocache + auth-token still exists.
> However, I’ve bumped into something, which I cannot understand. Same setup
> with OTP, but removed the ’auth-nocache’ from the client.conf.
>
I w
zed client id means
already authenticated and sending alient-auth-nt. In that case you can
force a full auth when needed by sending a "client-deny reason" which will
trigger a new auth dialog at the client side.
Selva
>
>
> Thanks,
>
>
>
>Tom
>
&
Hi
On Mon, May 4, 2020 at 8:51 AM Dajka Tamás wrote:
> Hi,
>
>
>
> is it possible to disable „auth-nocache” in the client by a PUSH message?
> I mean, if the „auth-nocache” is SET in the client.conf to „reenable”
> credentials caching. What’s the logic behind? When we deployed the clients
> we d
Hi Russel,
Greetings!
>
> Perhaps a dumb question, but I’m setting up a Graylog (syslog) server, and
> finding that I see a lot of records like the one below – I believe because
> I’m port sharing (and have to, not really an option there). Just to make sure
> though … I think it’s pretty safe
elva!
>
> Good to hear from you. Hope all is going well there - and hope you and your
> family are staying safe.
>
> Thanks for the info - will give this a try. Have you used it BTW? And do you
> see it as faster / lower CPU load?
>
> Thanks again,
> ... Russell
>
Hi
On Mon, May 25, 2020 at 1:28 PM Aleksandar Ivanisevic
wrote:
>
> Hi,
>
> every time I restart the server (2.4.7 from debian 10.4) i see weird floating
> requests, e.g.
>
> May 22 19:27:52 qbs01 openvpn[16384]: Float requested for peer 1 to
> 1.2.3.4:5002
>
> followed immediately by
>
> May 2
Hi
On Tue, May 26, 2020 at 2:28 PM Morris, Russell wrote:
>
> It's possible, I won't say it's not ... LOL. FYI, all I did was add this to
> the server config file (for testing for now),
> client-connect "/usr/bin/logger -t openvpn client connect successful"
>
> And then I monitored network traff
ning once, but 2x the entries to syslog.
> Actually, I see that for all (OpenVPN) messages. Hmmm.
>
> Will keep digging, thanks!
>
> ... Russell
>
>
>
> -Original Message-
> From: Selva Nair
> Sent: Tuesday, May 26, 2020 1:56 PM
> To: Morris, Russell
> Cc:
> Thanks, Almost perfect! ;) Now, is there a way to send RESTART control
> message only to the specific client, or at least decide in runtime what the
> n parameter will be, as I don’t know in advance whether the server will be
> restarted to rebalance the clients or to change the configuration.
>
Hi
On Wed, Jul 1, 2020 at 11:21 AM Marco De Vitis wrote:
>
> Hi,
> I use OpenVPN client 2.4.9 on Windows 10 (v2004), and I have issues with the
> Network Location Awareness (NLA) Windows service.
>
> The issue is essentially described here, even though it dates back to Windows
> 7:
> https://d
Hi
On Wed, Jul 1, 2020 at 12:45 PM Jan Just Keijser wrote:
>
> Hi,
>
> On 01/07/20 14:51, Marco De Vitis wrote:
>
> Hi,
> I use OpenVPN client 2.4.9 on Windows 10 (v2004), and I have issues with the
> Network Location Awareness (NLA) Windows service.
>
> The issue is essentially described here,
Hi,
On Wed, Jul 1, 2020 at 3:09 PM Marco De Vitis wrote:
>
> Il 01/07/20 20:21, tincanteksup ha scritto:
> > The post you made on the forum suggests that you have set a default
> > gateway on the TAP adapter ..
> > Do not do that.
> Well yes, it's an attempt I made because I saw everyone in that
On Wed, Jul 1, 2020 at 3:18 PM Selva Nair wrote:
>
> Hi,
>
> On Wed, Jul 1, 2020 at 3:09 PM Marco De Vitis wrote:
..
> > But why should this make NLA fail? DNS resolution using the VPN DNS
> > server appears to work fine for every address, including the one which
&g
Hi
On Thu, Jul 2, 2020 at 1:08 PM Marco De Vitis wrote:
> Il 01/07/20 21:18, Selva Nair ha scritto:
>
> fwiw, try removing the pushed block-outside-dns by adding this to the
> client config:
>
> pull-filter ignore block-outside-dns
>
>
> Hi,
> I tried this and inde
Hi,
If your VPN establishes a route to the domain controller(s) and the
domain name resolves from the client, you can join the domain just as
you would do while directly connected to the LAN. For example, if the
domain name is example.local, "nslookup example.local" should return
the IP addresses
Hi,
I think it's a known "feature" that some apple services including
facetime bypasses the VPN tunnel. See the link below which is for the
connect client, but the community version should behave the same in
this particular case.
https://openvpn.net/vpn-server-resources/faq-regarding-openvpn-conne
Hi
On Mon, Sep 21, 2020 at 9:11 AM Helmut Schneider wrote:
> Hi,
>
> I'm running OpenVPN GUI as Service on Windows 10.
I do not understand what that means. Are you referring to the OpenVPN
Interactive Service?
> When I start the GUI
> the status isn't diplayed (not green) allthough the servi
Hi
On Tue, Sep 22, 2020 at 6:51 AM Helmut Schneider wrote:
> Am 21.09.2020 um 23:16 schrieb Selva Nair:
>
> > On Mon, Sep 21, 2020 at 9:11 AM Helmut Schneider > <mailto:jumpe...@gmx.de>> wrote:
> >
> > Hi,
> >
> > I'm running OpenV
Hi
On Thu, Oct 29, 2020 at 10:55 AM Ralf Hildebrandt <
ralf.hildebra...@charite.de> wrote:
> > True, but this "config mismatch warning" stuff should actually
> > be checked before GCM is negotiated, so there *should* not be a
> > mismatch if both sides have it in their config.
>
> Yes, it's ugly.
Hi,
On Tue, Nov 3, 2020 at 4:38 PM Jordan Borgner wrote:
> Hello all.
>
> I just installed openvpn 2.5.0 on archlinux. However, I'm having
> problems with the auth-pam plugin. Users are not able to authenticate
> themselves. They will get an error indicating that the password is
> incorrent alth
Hi,
On Thu, Dec 24, 2020 at 1:10 PM tincanteksup wrote:
> Hi,
>
> there is a forum thread:
> https://forums.openvpn.net/viewtopic.php?f=6&t=31529#p96550
>
> Which wants to know if the "enter user/pass timeout" can be configured.
>
The way it works is like this: if username/password is available
uld
change in future. And, my name is out of place in here..
--
Selva
On Thu, Dec 24, 2020 at 3:20 PM tincanteksup wrote:
>
> On 24/12/2020 19:43, Selva Nair wrote:
> > Hi,
> >
> > On Thu, Dec 24, 2020 at 1:10 PM tincanteksup
> wrote:
> >
> >> Hi,
>
Hi,
On Wed, Feb 17, 2021 at 5:38 PM tincanteksup wrote:
> Hi,
>
> due to not being allowed to have scripts "echo data" to the log file
> under Windows, debugging scripts is next to impossible.
>
> I presume there are no compile time options to enable "echo" under Windows
> ?
>
> Could anybody pr
Hi,
On Sun, Feb 28, 2021 at 9:51 AM tincanteksup wrote:
> Hi,
>
> Ref: https://forums.openvpn.net/viewtopic.php?f=6&t=31928
>
> I recall that there is some `netsh` setting that can effect DHCP working
> but I cannot remember what it is or where it was documented.
>
> I believe it is something to
Hi,
On Thu, Mar 18, 2021 at 7:50 PM 8187--- via Openvpn-users <
openvpn-users@lists.sourceforge.net> wrote:
> Hello, list,
>
> This is probably obvious to the rest of you, but I am not able to give
> openvpn multi parameter options on the command line:
>
> sudo openvpn --remote "127.0.0.1 10153"
Hi,
If restricting capabilities, I think you will need to add CAP_SYS_RESOURCE
to the bounding set in the systemd unit file.
We should have probably made this not a FATAL error.
Selva
On Sat, Mar 20, 2021 at 12:00 PM tincanteksup
wrote:
> It should make no difference but I do not use --user/-
HI,
On Sat, Mar 20, 2021 at 4:57 PM Gert Doering wrote:
> Hi,
>
> On Sat, Mar 20, 2021 at 12:20:45PM -0400, Selva Nair wrote:
> > We should have probably made this not a FATAL error.
>
> The rules could be twisted a bit ("if uid == 0 then not fatal"), but
> gen
Hi,
On Wed, Mar 31, 2021 at 3:54 PM Aleksandar Ivanisevic <
aleksan...@ivanisevic.de> wrote:
> Hi,
>
> are there any restrictions on contacting the management interface from a
> client-connect script?
>
OpenVPN is single threaded. The client-connect script blocks and the
management interface can
Hi,
On Fri, Apr 2, 2021 at 3:21 PM tincantech via Openvpn-users
wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Hi,
>
> I have had to test this myself because I am a little shocked ..
>
> Using the Windows GUI and an up script named like so:
> 'my_vpn_01_up.bat'
> which is kept i
Hi,
> If I distribute my VPN client as a Zip file then what ever name I give the
> VPN config file, I will obviously make the batch file the same.
> * provider.ovpn
> * provider_up.bat
> This is certainly not a difficult hurdle to side-step.
>
>
> > It's easy for an unsuspecting user to "import" a
Hi
On Thu, Apr 8, 2021 at 6:53 PM Mason Walters via Openvpn-users <
openvpn-users@lists.sourceforge.net> wrote:
> I've ran into this issue with 2.5 clients. Adding 'explicit-exit-notify'
> to the client's config resolved it for me.
>
>
> –explicit-exit-notify [n]
>
I have always felt that this (
Hi,
As per the logs its requesting unpadded signature of size 256 (padding = 3)
which is expected with OpenSSL 1.1.1 and TLS 1.2 or 1.3 as the it requires
PSS padded signature and OpenSSL provides the padded data to sign with
padding = NONE. My guess would be that your hardware token doesn't suppo
Hi,
On Wed, Apr 14, 2021 at 8:09 PM mike tancsa wrote:
> Thank you very much for the analysis and pointer. The application is a
> kiosk type environment and for a number of reasons, the windows dialog
> PIN popping up is not workable. Its been a while since I built OpenVPN
> from source, but I
Hi,
On Thu, Apr 15, 2021 at 1:46 PM mike tancsa wrote:
>
> On 4/14/2021 8:23 PM, Selva Nair wrote:
> >
> > You can restrict TLS version using th eoption --tls-version-min in
> > OpenVPN config file, but restricting to TLS 1.2 is not enough with
> > OpenSSL 1.1.1. I
Hi JJK,
On Mon, Apr 19, 2021 at 7:19 AM Jan Just Keijser wrote:
> Hi Selva,
>
>
> On 15/04/21 20:20, Selva Nair wrote:
> > [...]
>
> >>
> >>
> >> Another thing I am not clear on, is where the cert signature type is set
> >> / required. I
Hi,
On Tue, Apr 20, 2021 at 6:47 AM Jan Just Keijser wrote:
>
> Hi Selva,
>
..some good info snipped..
>
> I agree that it is better to stop using pkcs11-helper (if possible). I can
> reproduce the problem using "softhsm" (from http://www.opendnssec.org/) as
> well, thus you don't even need a
Hi,
On Wed, Apr 21, 2021 at 6:32 AM Jan Just Keijser wrote:
>
> Hi,
>
> On 20/04/21 20:05, Selva Nair wrote:
> > On Tue, Apr 20, 2021 at 6:47 AM Jan Just Keijser wrote:
> >> [...]
>
> >> This is surprising. SoftHSM would support raw RSA signatures
Hi
On Wed, Apr 21, 2021 at 11:48 AM Joe Patterson
wrote:
>
> What you're looking for is the openvpn challenge/response protocol,
> which can be used when authentication is done via the management
> interface.
>
> https://openvpn.net/community-resources/management-interface/
> describes it a bit.
Hi,
On Wed, Apr 21, 2021 at 1:35 PM Joe Patterson
wrote:
> I stand corrected! That's very useful to know.
>
> Does the "OTP" keywork in the plugin correspond to the OTP argument in
> the static challenge?
>
No, the argument to static-challenge is local to the client and only used
for prompting
Hi Mike,
On Wed, Apr 21, 2021 at 4:55 PM mike tancsa wrote:
> On 4/21/2021 12:05 PM, Selva Nair wrote:
> > I think that patch is still not applied upstream. I tested softhsm
> > using your instructions and it works for TlS 1.3 and PSS -- softhsm2
> > gets request to sign p
Hi
On Wed, Apr 28, 2021 at 11:52 AM Gert Doering wrote:
>
> Hi,
>
> On Wed, Apr 21, 2021 at 07:29:52PM +0200, Dajka Tamás wrote:
> > If interested, I can send the script over ( PAM is used for user
> > auth against an MS AD, and Radius is used for SecurID, since that
> > handle???s challenge-resp
Hi,
Currently RSA-PSS signatures are handled in pkcs11-helper by asking the
token to do raw RSA signature of data already padded by OpenSSL. Many new
hardware tokens refuse to support this mode and require the padding to be
done in hardware.
For a recent user report see this thread:
https://www.m
Hi,
Use "client-kill CID HALT" from the management interface. The third
argument of this command is optional (defaults to RESTART) -- what you
want is HALT. Use "status 2" to get the CID of the client.
The client will get a termination signal. If you are using the Windows
GUI for the client, it
On Tue, May 11, 2021 at 2:04 PM tincantech via Openvpn-users
wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Hi,
>
> ‐‐‐ Original Message ‐‐‐
> On Tuesday, 11 May 2021 15:07, Houman wrote:
>
> > Hello,
> >
> > I have been struggling to find a way to disconnect a specific
Hi,
>
> @selva I can't kill the whole client, as I'm doing a duplicate-cn. Hence I
> had to kill via IP address and port to pinpoint exactly that user.
>
> However I have found a secret feature, which it seems you guys weren't aware
> of. ;-)
>
> client-deny 4 0 "Disconnect Now"
client-deny is
Hi,
> HI,
>
> the OP did not follow up, so here it is:
> https://forums.openvpn.net/viewtopic.php?f=10&t=32300
The user wants to automatically disconnect a connection when another
one using a different config is started.
> I guess it could be a useful switch ?
>
No, it's not.
Not everyone want
On Thu, May 27, 2021 at 11:40 AM tincantech via Openvpn-users
wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Hi,
>
> ‐‐‐ Original Message ‐‐‐
> On Thursday, 27 May 2021 16:25, Gert Doering wrote:
>
> > Hi,
> >
> > On Thu, May 27, 2021 at 04:33:54PM +0200, Bo Berglund wro
Hi
On Thu, Jun 3, 2021 at 1:40 PM Gokan Atmaca wrote:
>
> Hello
>
> I am using Ubuntu server. I am using openvpn as SSL and TLS. PAM auth.
> together... Now I want to use google mfa. I got the following errors
> in the settings I made.
> I can ssh sign with the same 2fa information.
>
>
> What co
On Thu, Jun 3, 2021 at 3:12 PM Colin Ryan wrote:
>
> Folks,
>
> I've been customizing the NSIS installer for years. Want to look at
> moving to the MSI installer. Is there a source file for the community
> edition that I can use as a starting point?
Have you checked openvpn-build? That's where bu
On Fri, Jun 4, 2021 at 3:34 PM Bo Berglund wrote:
>
> On Fri, 04 Jun 2021 20:17:59 +0200, Bo Berglund wrote:
>
> >What could be causing this strange behavior?
> >
> >It seems like when the server has been connected to it goes blind for a while
> >but then returns to normal for a new comm session.
Hi,
You have to post the full client and server logs -- we need to see
the whole server log showing one connection succeeding and the
subsequent one failing. And the corresponding (i.e matching) client
logs. I want to see what routes are being set up, which port and IP
connections are coming from
Hi,
You can share large logs using some service like pastebin in pure text
format. Compressed logs are hard to look through.
As per the logs the server gets the initial TLS packet from the second
client, but hears nothing after that. The client gets nothing back
from the server. So something is b
Hi
On Sat, Jun 12, 2021 at 1:53 PM Bo Berglund wrote:
> I am using the OpenVPN Gui application on my Windows 10 laptop to connect
> to a
> variety of locations where I have put OpenVPN servers.
> This has always until now been a matter of establishing a connection prior
> to
> doing something on
On Sat, Jun 12, 2021 at 6:28 PM Bo Berglund wrote:
> On Sat, 12 Jun 2021 22:05:51 +0200, Bo Berglund
> wrote:
>
> >>We have some support for sending commands to the GUI to
> >>connect, disconnect etc.. See
> >>
> >>
> https://github.com/OpenVPN/openvpn-gui#send-commands-to-a-running-instance-of-
Hi,
On Fri, Jun 18, 2021 at 3:36 AM Bo Berglund wrote:
> On Sat, 12 Jun 2021 14:01:51 -0400, Selva Nair
> wrote:
>
> >> I wonder if there is some way (on Windows) to start the tunnel
> connection
> >> from
> >> the special comm program and then close it
Hi
On Mon, Jul 5, 2021 at 11:58 AM David Mehler wrote:
> Hello,
>
> Thank you for your reply. I do not have a plugin-auth-pam I've run a
> find for it.Where would this be at, this would be perfect, espeecially
> if I'm understanding your response right each client certificate would
> then be bou
201 - 300 of 341 matches
Mail list logo
