Is it possible to have a Openvpn server drop port scanning packets instead of
sending a reply. For example, when running 'shields up' on grc.com the port
that I have openvpn running on is reported as 'closed' instead of 'stealth'.
Is there a way to get openvpn to just not respond?
al Message -
>> From: "jack seth"
>> To: openvpn-users@lists.sourceforge.net
>> Sent: Tuesday, 24 September, 2013 5:16:27 PM
>> Subject: [Openvpn-users] Possible to drop port scan packets?
>>
>> Is it possible to have a Openvpn server drop port scan
O-8859-1
>
> On 25/09/13 11:16, jack seth wrote:
>> Thanks for the response. Yes I have that implemented. I am running
>> both a TCP and UDP server. Of course it is the TCP that is replying.
>> Actually the port is listed as 'closed' but I want it to appear as
>&
I am running Openvpn gui v5 that I recently upgraded. I noticed that it wasn't
saving the log when it connected. So I made the shortcut run as administrator.
That cured the loggin problem. But it causes the internet connect to drop
after a few seconds. I stay connected fine if I don't run as
> Message: 2
> Date: Thu, 17 Oct 2013 17:45:34 -0400
> From: "Sumit Dahiya"
> Subject: Re: [Openvpn-users] OpenVPN Security
> To:
> Message-ID: <000901cecb82$367ecdf0$a37c69d0$@eistech.com>
> Content-Type: text/plain; charset="us-ascii"
>
> Thanks for the comment. I should have mentioned that we
Is this the correct syntax for this option? "--dhcp-option DNS 192.168.1.1"
Can it be used without the --ip-win32 command?
--
Android is increasing in popularity, but the open devel
Here is my setup. My dsl modem is attached to the WAN port of my router.
Vlan2 is the WAN port interface. Vlan2 has been assigned an IP address
(192.168.1.253) in the same subnet as the modem to allow access. This rule is
used to make it work 'iptables -I POSTROUTING -t nat -o vlan2 -d 192.1
> From: bird_...@hotmail.com
> To: openvpn-users@lists.sourceforge.net
> Subject: Why can't I access my modem from the outside?
> Date: Fri, 1 Nov 2013 18:23:12 +
>
> Here is my setup. My dsl modem is attached to the WAN port of my router.
> Vlan2 is
Can someone please tell me the options available for --auth? I know the
default is SHA1. What else is available? This info does not seem to be easily
available.
--
Android is incr
I can't connect to my openvpn server using the option 'tls-cipher
TLS-SRP-SHA-DSS-WITH-AES-256-CBC-SHA'. This is the only change I made to the
server and client configs. They were working perfectly before this. Here are
the relevant log info
Client log
Sun Nov 03 21:00:26 2013 OpenVPN 2.3.2
> Date: Mon, 4 Nov 2013 14:55:53 +0100
> From: openvpn.l...@topphemmelig.net
> To: bird_...@hotmail.com
> Subject: Re: [Openvpn-users] Can't connect using tls-cipher
> TLS-SRP-SHA-DSS-WITH-AES-256-CBC-SHA
>
> On 04/11/13 04:17, j
S-256-CBC-SHA
>
> On 04/11/13 21:59, jack seth wrote:
>>
>>> Date: Mon, 4 Nov 2013 14:55:53 +0100
>>> From: openvpn.l...@topphemmelig.net
>>> To: bird_...@hotmail.com
>>> Subject: Re: [Openvpn-users] C
ISO-8859-1
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 11/03/13 21:17, jack seth wrote:
>> I can't connect to my openvpn server using the option 'tls-cipher
>> TLS-SRP-SHA-DSS-WITH-AES-256-CBC-SHA'. This is the only change I
>> made to th
age-ID:
> Content-Type: text/plain; charset=ISO-8859-1
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 11/03/13 21:17, jack seth wrote:
>> I can't connect to my openvpn server using the option 'tls-cipher
>> TLS-SRP-SHA-DSS-WITH-AES-256-CBC-SHA'
I have the following command in both the server and client configs 'tls-cipher
TLS-DHE-RSA-WITH-AES-256-CBC-SHA256'. The server starts up fine with this so I
think the server side is good. Both are running Openvpn 2.3.4. Server is
linux on my router, client is on a Windows 7 Ultimate laptop.
n-users@lists.sourceforge.net
Hi,
On Fri, Oct 17, 2014 at 5:13 AM, jack seth wrote:
I have the following command in both the server and client configs 'tls-cipher
TLS-DHE-RSA-WITH-AES-256-CBC-SHA256'. The server starts up fine with this so I
think the server side is good. Bot
I don't mean be part of a bridge. For example, different interfaces assigned
to it would become a vpn only interface.
--
Comprehensive Server Monitoring with Site24x7.
Monitor 1
I would like to connect to a vpn service (for example privateinternetaccess)
all internet traffic except for when I am connecting to my home network. I
have an openvpn server running at home that I would be connecting to. How can
I do something like this without having to alternate between ses
I can't connect using the 'mute-replay-warnings' setting. I have tried
it in the server & client config files and just the client config
file and the client won't connect. Actually, it looks like it doesn't
even get started. The screen is blank with no text at all. Can this be
fixed or is
I have my server TAP interface bridged to my lan so that when my client
connects it gets assigned an IP in the same subnet as my lan. Sometimes
'redirect-gateway def1' creates the proper routes and sometimes it doesn't.
During my testing, I manually created the same functionality as
'redirect
This is on Windows 7. Before I used the 'easy-rsa' script for RSA keys. Now I
would like to know how to generate CA, server, client, etc. using ECDSA keys?
Thanks!
--
Download
Is it possible to dictate the parameters of the secret key that is generated?
If so, how? The openvpn documentation just gives this command
'openvpn --genkey --secret ta.key' What kind and size of key does this command
generate?
Even when I am using the 'build-key' and 'build-key-server' batch files (i.e.
ones without 'pass' in them), when I get toward the end of putting the
parameters in it asks for a password. What's this for? Should I actually
enter one?
---
security
Best regards,
Pavel
Original Message
Subject: [Openvpn-users] What is the password for when
generating keys?
From: jack seth
To: openvpn-users@lists.sourceforge.net
Date: 22.12.2014 16:27
...@nikhef.nl
To: bird_...@hotmail.com; pbychik...@yahoo.com;
openvpn-users@lists.sourceforge.net
Subject: Re: [Openvpn-users] What is the password for when generating keys?
On 22/12/14 22:30, jack seth wrote:
Upon further inspection, I don't think th
Is it possible for me to sign my already created ca.crt with my ca.key? If so,
how?
--
Dive into the World of Parallel Programming! The Go Parallel Website,
sponsored by Intel and
I am trying to out my config using 16384 size keys. I am using my working
config except for substituting my large keys (still using the same ta.key
though). I am getting a 'inactivity timeout' from the server after about 3
minutes during the TLS handshake. I have read it will take longer to n
Upon further testing the problem seem to be using DH parameters of 16384 size.
Can someone provide some guidance on how I can get the server to extend or
disable the inactivity timeout?
From: bird_...@hotmail.com
To: openvpn-users@lists.sourceforge.net
Subject: Testing with large keys
Date: Fr
To: bird_...@hotmail.com; openvpn-users@lists.sourceforge.net
Subject: Re: [Openvpn-users] Testing with large keys
On 26/12/14 23:48, jack seth wrote:
I am trying to out my config using 16384 size
keys. I am using my working config except for subst
penvpn-users@lists.sourceforge.net
> Subject: Re: [Openvpn-users] Testing with large keys
>
> -BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> jack seth wrote:
> > I have tried the 'hand-window' option. It works for the client
> > config but the server side still
xenoph...@godshell.com
> To: bird_...@hotmail.com
> CC: janj...@nikhef.nl; openvpn-users@lists.sourceforge.net
> Subject: Re: [Openvpn-users] Testing with large keys
>
> -BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> jack seth wrote:
> > Could possibly be that. I ran your c
I must be doing something wrong but I can't figure out what it is. I am trying
to encrypt my private ca key with this command
openssl rsa -in ca.key -out caencrypted.key -aes256
This works fine but the problem is I don't get the original key back when I
decrypt it using this command
openssl r
I think I read somewhere that keys should be around 15K bit to match the
security of AES256. Do DH parameters need to be just as large? Easy-RSA makes
the keys and DH parameters the same bit size.
ndows-1252
>
> On 28-03-15 20:05, jack seth wrote:
> > I think I read somewhere that keys should be around 15K bit to match the
> > security of AES256. Do DH parameters need to be just as large?
> > Easy-RSA makes the keys and DH parameters the same bit size.
>
> T
ell.com
> > To: bird_...@hotmail.com
> > CC: janj...@nikhef.nl; openvpn-users@lists.sourceforge.net
> > Subject: Re: [Openvpn-users] Testing with large keys
> >
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA1
> >
> > jack seth wrote:
> Message: 1
> Date: Tue, 2 Jun 2015 23:43:39 +0200
> From: Gert Doering
> Subject: Re: [Openvpn-users] any way to get local network details to
> flow through to the server?
> To: Jason Haar
> Cc: "openvpn-users@lists.sourceforge.net"
>
> Message-ID: <20150602214339.gc...@greenie.muc.de>
> Con
I am trying to use the vpn_gateway variable in a route command but I keep
getting this error in the client log 'OpenVPN ROUTE: vpn_gateway undefined'.
How do I fix this? Server running 2.3.6 Windows client on 2.3.4.
---
> From: debbie...@gmail.com
> To: bird_...@hotmail.com
> CC: openvpn-users@lists.sourceforge.net
> Subject: Re: [Openvpn-users] How do I define vpn_gateway?
> Date: Sat, 6 Jun 2015 15:25:08 +0100
>
> Hi
> - Original Message -
> From: "jack seth"
&
> From: debbie...@gmail.com
> To: bird_...@hotmail.com
> CC: openvpn-users@lists.sourceforge.net
> Subject: Re: [Openvpn-users] How do I define vpn_gateway?
> Date: Sat, 6 Jun 2015 16:59:22 +0100
>
>
> - Original Message -
> From: "jack seth"
&g
Message: 1
Date: Mon, 4 Jan 2016 16:48:04 +0200
From: Samuli Sepp?nen
Subject: [Openvpn-users] OpenVPN 2.3.10 released
To: "openvpn users list (openvpn-users@lists.sourceforge.net)"
,
"openvpn-de...@lists.sourceforge.net"
,
How large of elliptic curve keys and EC DH parameters can 2.4 handle?
--
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel
g the list at
openvpn-users-ow...@lists.sourceforge.net
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Openvpn-users digest..."
Today's Topics:
1. Keys in Openvpn 2.4 (jack seth)
2. Re: Keys in Op
I'm assuming that Openvpn is actually using Openssl to create the 2048-bit
'ta.key' file (If that's not right please correct me). If so, what are the
openssl command/options used to create this file?
--
Developer Access
From: Gert Doering
Sent: Tuesday, November 8, 2016 11:20 AM
To: jack seth
Cc: openvpn-users@lists.sourceforge.net
Subject: Re: [Openvpn-users] Underlying command for static key file
Hi,
On Tue, Nov 08, 2016 at 05:09:32PM +, jack seth wrote:
>
My client config file has more than one
setup and I am wondering if there is a way to have the next connection
be tried if the previous one fails to connect?
How does Openvpn know if the connection has failed if it is UDP?
From: Gert Doering
Sent: Friday, November 11, 2016 1:51 AM
To: jack seth
Cc: openvpn-users@lists.sourceforge.net
Subject: Re: [Openvpn-users] Can you have failover with UDP?
Hi,
On Thu, Nov 10, 2016 at 10:22:32PM +, jack seth wrote:
> My cli
When you have multiple configs how long after a failure to connect
does the next config get tried?
Is '--server-poll-timeout' the correct setting to change this value?
--
Developer Access Program for Intel Xeon Phi Proce
I think this is a problem for servers using DDNS. If the tunnel goes down the
client will try to first resolve the server's hostname but the all traffic
(specifically DNS) is still routed to the tunnel which is down. :) So you can
never reconnect. Is there a way to specify that the openvpn se
From: Gert Doering
Sent: Thursday, November 24, 2016 3:21 PM
To: jack seth
Cc: openvpn-users@lists.sourceforge.net
Subject: Re: [Openvpn-users] Persist-tun+resolv-retry+redirect-gateway = problem
Hi,
On Thu, Nov 24, 2016 at 04:47:22PM +, jack seth
Date: Tue, 20 Dec 2016 20:03:59 +0100
From: Steffan Karger
Hi,
Exactly. To reliably bypass good DPI, it is not sufficient to hide that
traffic is (Open)VPN traffic, but instead you'll need to make it look
like allowed traffic. Tunneling over stunnel (which is 'plain' TLS, so
looks very simi
Can someone point me to some documentation for creating EC keys?
Thanks!
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_
51 matches
Mail list logo
