On Thu, Jul 27, 2023 at 11:54 AM, Bo Berglund wrote:
On Wed, 26 Jul 2023 10:00:51 + (UTC), Jason Long via Openvpn-users
wrote:
>On Wednesday, July 26, 2023 at 09:18:35 AM GMT+3:30, Bo Berglund
> wrote:
>>On Tue, 25 Jul 2023 21:42:40 + (UTC), Jason Long via O
h "route 172.20.50.0 255.255.255.128"
push "dhcp-option DNS 172.20.1.2"
keepalive 10 120
tls-auth ta.key 0
data-ciphers AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log /var/log/openvpn/openvpn.log
On Sunday, July 30, 2023 at 02:12:06 PM GMT+3:30, Gert Doering
wrote:
Hi,
On Sun, Jul 30, 2023 at 10:09:33AM +, Jason Long via Openvpn-users wrote:
> 172.20.1.0 via 10.8.0.0 device tun
> 172.20.50.0 via 10.8.0.0 device tun
> Wherever that came from, it's not a valid
On Sun, Jul 30, 2023 at 6:01 PM, Jochen Bern wrote:
On 29.07.23 16:11, Jason Long via Openvpn-users wrote:
> How can OpenVPN recognize that the configuration files Server-1.conf,
> Server-2.conf and Server-3.conf should be for IP address "1.2.3.4"?
>By default, a
On Sun, Jul 30, 2023 at 7:34 PM, Bo Berglund wrote:
On Sat, 29 Jul 2023 14:11:48 + (UTC), Jason Long via Openvpn-users
wrote:
>How can OpenVPN recognize that the configuration files Server-1.conf,
>Server-2.conf and Server-3.conf should be for IP address "1.2.3.4&
On Sun, Jul 30, 2023 at 6:16 PM, Jochen Bern wrote:
On 30.07.23 12:54, Jason Long via Openvpn-users wrote:
> On Sunday, July 30, 2023 at 02:12:06 PM GMT+3:30, Gert Doering
> wrote:
> On Sun, Jul 30, 2023 at 10:09:33AM +, Jason Long via Openvpn-users wrote:
>>
Hello,Thanks again.My client is Windows OS.In my local network, the DNS server
IP address is "172.20.1.2". My OpenVPN server can ping my internal network:
# ping 172.20.1.18PING 172.20.1.18 (172.20.1.18) 56(84) bytes of data.64 bytes
from 172.20.1.18: icmp_seq=1 ttl=63 time=1.10 ms64
Hello,
I have an OpenVPN server VM with two NICs:
enp0s3: NAT (10.0.2.15)
enp0s8: LAN (192.168.1.20)
My OpenVPN VM can see my internal network. For example:
# ping 172.20.1.18
PING 172.20.1.18 (172.20.1.18) 56(84) bytes of data.
64 bytes from 172.20.1.18: icmp_seq=1 ttl=63 time=1.21 ms
64 bytes
Hi,
On Mon, Jul 31, 2023 at 06:40:45AM +, Jason Long via Openvpn-users wrote:
> I want to connect my Windows VM to my OpenVNP server so that it can see my
> internal network. For example, my Windows VM can "ping 172.20.1.18".
IP communication (ping) always requires two dir
, just
the OpenVPN server refused to forward packets.
It should be somewhat obvious that IP forwarding needs to be enabled
on any device that is to act as a forwarder of IP packets (= moving
IP packets from one side to another side)... so forget all the garbage
on the Internet.
On a device that h
>
>
>
>
> From: "Jason Long via Openvpn-users"
> Date: Saturday, 29 July 2023 at 16:18:44
> To: "Tincantech via Openvpn-users"
> Subject: [Openvpn-users] How to write the iptables rules for a NIC with
> multiple IP addresses?
>
>
>
address, I must to rewrite
> all the iptables rules, because each public IP has its own "Tun name",
> "Port number" and "IP Range" in its configuration.
> Am I right?
First and foremost: *Why* do you want to do this (SNAT all the clients'
"through traff
t; So you're telling the server to *itself* route that destination into the
> VPN connection, and you're telling the client - twice - to also route it
> into the VPN. The poor packets are in Hotel California now.
> When I connected to the OpenVPN server, then I got the follow
> dhcp-option DOMAIN MY_DOMAIN
(I would *hope* that clients *cannot* "push" any settings to a central
server's OpenVPN ...)
> My problem is that I did it by enabling the IP Forwarding. I wanted
> to do it without it. I guess that I must to enable the IP Forwarding
&g
On Mon, Jul 31, 2023 at 4:20 PM, Jochen Bern wrote:
On 31.07.23 13:34, Jason Long wrote:
> Did you forget the PORT rule?
> # iptables -I INPUT -p udp --dport PORT -j ACCEPT
That rule a) *already* addresses *several* OpenVPN instances at once (as
it specifies *only* the port, not
On Mon, Jul 31, 2023 at 10:43 PM, Bo Berglund wrote:
On Mon, 31 Jul 2023 18:52:07 + (UTC), Jason Long via Openvpn-users
wrote:
>What is the usage of the "client-to-client" and "iroute"?
client-to-client:
if you would like connecting clients to be able to re
server?
Thank you.___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
On Mon, Jul 31, 2023 at 11:49 PM, Jochen Bern wrote:
On 31.07.23 21:42, Jason Long via Openvpn-users wrote:
> Hello,Is it possible to set public IP addresses from different
> countries on one NIC?
> VPN provider companies provide VPN service with IP addresses of
> different c
On Mon, 31 Jul 2023 21:51:43 +0200, Gert Doering wrote:
>Hi,
>
>On Mon, Jul 31, 2023 at 09:11:31PM +0200, Bo Berglund wrote:
>> On Mon, 31 Jul 2023 18:52:07 + (UTC), Jason Long via Openvpn-users
>> wrote:
>>
>> >What is the usage of the "client-
On 31.07.23 21:14, Jason Long wrote:
> On Mon, Jul 31, 2023 at 4:20 PM, Jochen Bern wrote: >>
> If, on the other hand, you'd like to type less, it's up to you to find
>> ways to make the rules less specific that still agree with whatever
>> *external* requireme
On Tue, 1 Aug 2023 05:57:29 + (UTC), Jason Long via Openvpn-users
wrote:
>OK,
>in my use case I set up a VPN server on a public IP with the sole purpose to
>act
>as a connection point between an IoT device running on a LAN with no public IP
>available which we needed to acc
Hello,To use OpenVPN with a NIC that has multiple IP addresses set on it, I
need to use the following statement in the server configuration file:
Local "Virtual IP"
But, when I use the following firewall rules and specify the virtual NIC,
OpenVPN network card and IP range, is there st
On Fri, Aug 4, 2023 at 12:59 PM, David Sommerseth
wrote: On 31.07.23 21:42, Jason Long via Openvpn-users wrote:
> Hello,Is it possible to set public IP addresses from different
> countries on one NIC?
This is a bit unclear. Generally, you assign multiple IP addresses to a
sing
Hello,Any idea?I would be grateful if someone could guide me.
Cheers.
On Wed, Aug 2, 2023 at 11:17 PM, Jason Long via
Openvpn-users wrote: Hello,To use
OpenVPN with a NIC that has multiple IP addresses set on it, I need to use the
following statement in the server configuration file
Hello dear OpenVPN users,
Sorry to bother, but I'm facing a rather strange problem, apparently
with some of my Windows 11 users.
We use a rather classical configuration similar to what is usually
called "split horizon DNS, but using 2 different servers:
- 1 public DNS server, on
Hi Gert,
Le 07/08/2023 à 07:55, Gert Doering a écrit :
Hi,
On Mon, Aug 07, 2023 at 01:11:23AM +0200, Bruno Tréguier via Openvpn-users
wrote:
For a few Windows 11 client machines, however, things are a bit weird: when
connected to the VPN, everything is ok for internal servers, but for public
On Mon, Aug 7, 2023 at 1:58 PM, Jochen Bern wrote:
On 06.08.23 22:41, Jason Long via Openvpn-users wrote:
> Hello,Any idea?I would be grateful if someone could guide me.
>
> On Wed, Aug 2, 2023 at 11:17 PM, Jason Long via
> Openvpn-users wrote: Hello,To use
> OpenVPN
Le 07/08/2023 à 07:55, Gert Doering a écrit :
Besides that, Windows also likes to query *all* DNS servers, internal
and external, and use who answers first. So in a split DNS setup,
results can be inconsistent. There's an openvpn option for that
(windows only), "block-outside-d
Le 07/08/2023 à 22:39, Selva Nair a écrit :
Hi,
Hi Gert, many thanks, everything's fine, the "block-outside-dns" option
works perfectly, but we'll have to use OpenVPN GUI only, as OpenVPN
Connect rejects this as an unknown option. Not a big deal, at least w
er posted anything here before, although I've been a
long time (and happy) user of OpenVPN, both personally and professionally.
When I had users I used to tell them to just check whether the icon
turns green and complain if it doesn't. In my case the VPN was for
access to the office
Hello,How to hardening an OpenVPN server? I found
"https://openvpn.net/community-resources/hardening-openvpn-security/";, but I
guess this is not complete. For example, it didn't say anything about using the
local statement.
Thank you.
____
On Thu, Aug 10, 2023 at 11:07 PM, Gert Doering wrote:
hi,
On Thu, Aug 10, 2023 at 07:27:50PM +, Jason Long via Openvpn-users wrote:
> Hello,How to hardening an OpenVPN server? I found
> "https://openvpn.net/community-resources/hardening-openvpn-security/";, but I
On 10/08/2023 21:44, Jason Long via Openvpn-users wrote:
[...snip...]
> Hello,
> I see. Can you show me a good article about hardening an OpenVPN
> server on Linux?
The best hardening trick you can do to OpenVPN: Use tls-crypt together
with UDP
With this setup, port scan
Hello,Is it true that WireGuard is safer and faster than OpenVPN?
Thank you.___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
-BEGIN PRIVATE KEY-
...
-END PRIVATE KEY-
#
# 2048 bit OpenVPN static key
#
-BEGIN OpenVPN Static key V1-
...
-END OpenVPN Static key V1-
But I got the following errors:
Cannot pre-load keyfile (ta.key)
Note: --cipher
Hello,
I added a virtual IP to my OpenVPN NIC as below:
...
enp0s3:1: flags=4163 mtu 1500
inet 20.1.1.20 netmask 255.0.0.0 broadcast 20.255.255.255
ether 08:00:27:ed:b4:7c txqueuelen 1000 (Ethernet)
...
Then, I added the following line to my Server.conf file:
local
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
Sent with Proton Mail secure email.
--- Original Message ---
On Saturday, August 12th, 2023 at 07:39, Jason Long via Openvpn-users
wrote:
> Hello,
> I added "tls-crypt ta.key 0" and "data-cipher AES-256-G
Hi,
On Fri, Aug 11, 2023 at 09:11:22PM +, Jason Long via Openvpn-users wrote:
> Hello,Is it true that WireGuard is safer and faster than OpenVPN?
Safer: no. Marketing claims.
Faster: depends. With DCO, OpenVPN can be faster, because AES-GCM is
hardware accelerated on many Intel/AMD C
Hello,
I added a virtual IP to my OpenVPN NIC as below:
...
enp0s3:1: flags=4163 mtu 1500
inet 20.1.1.20 netmask 255.0.0.0 broadcast 20.255.255.255
ether 08:00:27:ed:b4:7c txqueuelen 1000 (Ethernet)
...
Then, I added the following line to my Server.conf file:
local
Hi,
On Sun, Aug 13, 2023 at 05:23:07AM +, Jason Long wrote:
> Is there a way that OpenVPN can hide itself from censorship devices?
> Something like a statement or something like that.
>This has not much to do with the thread topic or the Subject: - and
>the short answer is "
On Sun, Aug 13, 2023 at 2:55 PM, Bo Berglund
wrote: On Sun, 13 Aug 2023 09:44:08 + (UTC),
Jason Long via Openvpn-users
wrote:
>Patches?
>The OpenVPV is open source, what about changing the source code and its
>fingerprint?
Yes, you are free to do so if you desire (and are p
Hello,Is the local statement only for physical NICs or does it work for virtual
NICs as well?
Thank you.___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
Hi,
On Sun, Aug 13, 2023 at 08:55:21PM +, Jason Long via Openvpn-users wrote:
> Hello,Is the local statement only for physical NICs or does it work for
> virtual NICs as well?
As I wrote like 2 weeks ago, this is *all* about IP addresses, not about
NICs.
>As a consequence, it
Hi,
On Mon, Aug 14, 2023 at 06:33:52AM +, Jason Long wrote:
> Why without the local statement my OpenVPN worked?
As I explained weeks ago, the combination of "port" + "local IP" needs
to be unique. So if you have only one OpenVPN process listening on
one port, you d
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
Sent with Proton Mail secure email.
--- Original Message ---
On Monday, August 14th, 2023 at 09:23, Jason Long via Openvpn-users
wrote:
>
> Mon Aug 14 12:52:03 2023 read UDPv4: Connection reset by peer (WSAECONNRESET)
&g
arité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netzwerk
Campus Benjamin Franklin (CBF)
Haus I | 1. OG | Raum 105
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155
ralf.hildebra...@charite.de
https://www.charite.de
___
Op
Hi,
On Mon, Aug 14, 2023 at 10:13:48AM +, Jason Long wrote:
> And because my client does not have direct access to IP "20.1.1.20", then it
> showed me that error. If my client connected to the OpenVPN server directly,
> then I should not have such a problem. Am I right?
8-14 12:54:38 us=859000 cert_file = '[UNDEF]'
2023-08-14 12:54:38 us=859000 extra_certs_file = '[UNDEF]'
2023-08-14 12:54:38 us=859000 priv_key_file = '[UNDEF]'
2023-08-14 12:54:38 us=859000 pkcs12_file = '[UNDEF]'
2023-08-14 12:54:38 us=85
Hello,
To increase the security of OpenVPN, I want to use the ccd-exclusive. I googled
it, but I could not find a good example. I just found the following question:
https://serverfault.com/questions/877201/limit-access-to-remote-server-via-particular-vpn
But, I really don't know what to
- Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netzwerk
Campus Benjamin Franklin (CBF)
Haus I | 1. OG | Raum 105
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155
ralf.hildebra...@charite.de
https://www.charite.de
___
Openvpn-user
at in a real environment such a scenario can also exist.
Consider an internal network where users connect to an internal OpenVPN server
and this server has several NICs with different IP addresses that are connected
to the Internet. Now you want to connect a group of users to a specific NIC.
For ex
Hello,
Le 14/08/2023 à 15:59, Jason Long via Openvpn-users a écrit :
Hi,
Thank you so much.
But I am sure that in a real environment such a scenario can also exist.
Consider an internal network where users connect to an internal OpenVPN server
and this server has several NICs with different IP
On Mon, Aug 14, 2023 at 5:16 PM, tincantech
wrote: -BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Sent with Proton Mail secure email.
--- Original Message ---
On Monday, August 14th, 2023 at 14:13, Jason Long via Openvpn-users
wrote:
> Hello,
> To increase the secur
Hello,
> > Thank you so much for your help.
> > I take a loot at
> > "https://build.openvpn.net/man/openvpn-2.6/openvpn.8.html";, but it only
> > explained the capabilities of this option and did not provide any examples.
> > I did:
> > # mkdir /etc/
On Mon, Aug 14, 2023 at 6:25 PM, Bruno Tréguier via Openvpn-users
wrote: Hello,
Le 14/08/2023 à 15:59, Jason Long via Openvpn-users a écrit :
> Hi,
> Thank you so much.
> But I am sure that in a real environment such a scenario can also exist.
> Consider an internal network where u
On Mon, Aug 14, 2023 at 8:22 PM, Gert Doering
wrote: Hi,
On Mon, Aug 14, 2023 at 01:59:32PM +, Jason Long wrote:
> But I am sure that in a real environment such a scenario can also exist.
> Consider an internal network where users connect to an internal OpenVPN
> server and th
Le 14/08/2023 à 23:19, Jason Long a écrit :
Hi Bruno,
Thank you so much for your reply.
Both (Server and Client) can ping each other and without the local
statement my client can connect to the OpenVPN server.
My client connecting to the server via an internal network
e:
> >
> > > >
> > > > Hello,
> > > > Thank you so much for your help.
> > > > I take a loot at
> > > > "https://build.openvpn.net/man/openvpn-2.6/openvpn.8.html";, but it only
> > > > explained the capabilities
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
--- Original Message ---
On Tuesday, August 15th, 2023 at 10:57, Jason Long wrote:
> Hello,
> My OpenVPN server internal network IP is "192.168.1.20" and the IP address of
> client is "192.168.1.21".
On Tue, Aug 15, 2023 at 5:33 PM, Gert Doering wrote: Hi,
On Tue, Aug 15, 2023 at 12:54:45PM +, Jason Long via Openvpn-users wrote:
> I did a tcpdump:
>
> # tcpdump --interface any udp port 2000 -n -v
> tcpdump: listening on any, link-type LINUX_SLL (Linux cooked v1), cap
On Tue, Aug 15, 2023 at 5:57 PM, tincantech
wrote: -BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
--- Original Message ---
On Tuesday, August 15th, 2023 at 15:02, Gert Doering
wrote:
> Hi,
>
> On Tue, Aug 15, 2023 at 12:54:45PM +, Jason Long via Openvpn-us
Hi,
On Tue, Aug 15, 2023 at 12:54:45PM +, Jason Long via Openvpn-users wrote:
> I did a tcpdump:
>
> # tcpdump --interface any udp port 2000 -n -v
> tcpdump: listening on any, link-type LINUX_SLL (Linux cooked v1), capture
> size 262144 bytes
> 08:50:47.761991 IP (tos 0x
ficate), or is not in the right
>place, or you did fancy thing with chroot (paths must match *inside*
>the chroot environment).
Hi Gert,
Thank you so much for your reply.
My OpenVPN server NICs are:
enp0s3: flags=4163 mtu 1500
inet 10.0.2.15 netmask 255.255.255.0 broadcast 10.0
On 16.08.23 12:23, Jason Long via Openvpn-users wrote:
>> On Wed, Aug 16, 2023 at 06:35:01AM +, Jason Long wrote:
>>> route 192.168.1.0 255.255.255.0
>>
>> This tells the server "put routing towards 192.168.1.0 into the VPN"
[...]
> So, what is
>On 16/08/2023 15:05, Jason Long via Openvpn-users wrote:
> On 16.08.23 12:23, Jason Long via Openvpn-users wrote:
>>> On Wed, Aug 16, 2023 at 06:35:01AM +, Jason Long wrote:
[...snip...]
> Hello,
> I used
> "https://www.howtoforge.com/how-to-install-and-configur
On Wed, Aug 16, 2023 at 6:27 PM, Jochen Bern
wrote: On 16.08.23 15:05, Jason Long wrote:
> I used
> "https://www.howtoforge.com/how-to-install-and-configure-openvpn-server-on-debian-10/";
> tutorial to create my OpenVPN server.
(No date on the article ... no date on the c
On Thu, Aug 17, 2023 at 1:52 AM, Jochen Bern
wrote: On 16.08.23 23:28, Jason Long wrote:
> 1- What is the difference between /etc/openvpn and /etc/openvpn/server
> directories?
>The systemd "unit files" that define the >templates for the services you
>"systemct
On Thu, Aug 17, 2023 at 8:24 AM, Bo Berglund
wrote:On Wed, 16 Aug 2023 21:28:29 + (UTC), Jason
Long via Openvpn-users
wrote:
>Hi Jochen,Thank you for your advice about the >How-to articles.Can you answer
>my questions?
>1- What is the difference between >/etc/openvpn a
lin
Tel. +49 30 450 570 155
ralf.hildebra...@charite.de
https://www.charite.de
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
ed. And *then* one
>of these two systems needs to keep tabs on >which clients *should* get a
>new cert (customers can terminate their >contracts with you ...) and when.
> 2- I've heard that OpenVPN can be configured >to work with username and
> password instead of key-
e FQDN, so I would suggest >naming the certs by user
>and/or device, like "Jason Long's private cell >phone".)
>Kind regards,
>--
>Jochen Bern
>Systemingenieur
>Binect GmbH
Hi Jochen,Thanks again.
1- In the round-robin mechanism, we can use the same keys for our servers, but
each client uses its own key.
2- So, the name that I entered in the "Common Name (eg: your user, host, or
server name) [Easy-RSA CA]:" question, must be used in the "./easyrsa gen-req
NAME nopass" and "./easyrsa sign-req server NAME" commands. Right?
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
ppose you want to configure a server. Can you show me the names you enter
for the commands below?
# ./easyrsa build-ca nopass
...
Common Name (eg: your user, host, or server name) [Easy-RSA CA]: "Your_Name"
# ./easyrsa gen-req "Your_Name" nopass
# ./easyrsa sign-req server
On 19.08.23 10:02, Bo Berglund wrote:
> On Sat, 19 Aug 2023 07:03:01 + (UTC), Jason Long via Openvpn-users
> wrote:
>> I have another questions:
>> 1- I checked the "Subject" of the ca.crt file and my CN name is "Server".
>> Now,
>> I mu
Hello,
I changed my server configuration and my OpenVPN server and my client each one
have a NIC:
OpenVPN Server: 10.0.2.15
Client: 10.0.2.16
The OpenVPN server network configuration is as below and has access to the
Internet:
# ifconfig
enp0s3: flags=4163 mtu 1500
inet 10.0.2.15
>Hi,
On Mon, Aug 14, 2023 at 09:19:44PM +, Jason Long via Openvpn-users wrote:
> Hi Bruno,Thank you so much for your reply.Both (Server and Client) can ping
> each other and without the local statement my client can connect to the
> OpenVPN server.My >client connecting to th
>Hi,
>On Sat, Aug 19, 2023 at 02:18:37PM +, Jason Long via Openvpn-users wrote:
> Sat Aug 19 18:23:53 2023 NOTE: unable to redirect IPv4 default gateway --
> Cannot read current default gateway from system
>If client and server are in the same network, and the client has no
>Hi,
>I don't know what mail client you are using, but the signature of the
>author of the email you are replying to should be removed before writing
>any text.
>This said, check my reply below.
>On 20/08/2023 11:49, Jason Long via Openvpn-users wrote:
> Hi,
> I
>Hi,
>On Sun, Aug 20, 2023 at 09:49:25AM +, Jason Long wrote:
> >On Sat, Aug 19, 2023 at 02:18:37PM +, Jason Long via Openvpn-users wrote:
> > Sat Aug 19 18:23:53 2023 NOTE: unable to redirect IPv4 default gateway --
> > Cannot read current default gateway from sy
Hello,
I googeled my question, but unfortunately, I could not find a correct and
complete article about it and I'm thankful if the experts here, write the
answer step by step and in summary.
Suppose you have an OpenVPN server. Now, you want to set two public IP
addresses on it. Your publ
-exclusive
route 10.0.2.2 255.255.255.0
I restarted the OpenVPN service and client connected to my OpenVPN server.
I changed the "iroute" and "route" IP addresses to something like
"192.168.1.0", but why client can connect to
>Hi,
>On Sun, Aug 20, 2023 at 01:14:55PM +, Jason Long via Openvpn-users wrote:
> I googeled my question, but unfortunately, I could not find a correct and
> complete article about it and I'm thankful if the experts here, write the
> answer step by step and in >su
server is physical, the number of your
> network cards is limited.
>One public IP address, or 2 public IP addresses, or 3 public IP addresses.
>I wouldn't use any NAT constructs, because that just adds complications.
> When I use "multihome" statement, then OpenVPN
On Mon, 21 Aug 2023 06:12:45 + (UTC), Jason Long via Openvpn-users
wrote:
>Hello,
>My server and client IP addresses are in range 10.0.2.X.
>I created a CCD directory and create a file inside the folder. I wrote the
>below lines in this file:
>
>iroute 10.0.2.0 255.255.
>Hi,
>On 22/08/2023 09:56, Jason Long via Openvpn-users wrote:
> 1- When I use "local" then I must not use "multihome" and vice versa?
>No. You can have 'multihome' along with 'local', but in this case
>'multihome' will do nothi
On Tue, Aug 22, 2023 at 4:54 PM, Gert Doering
wrote: >Hi,
>On Tue, Aug 22, 2023 at 07:56:44AM +, >Jason Long wrote:
> Thank you so much again.
> 1- When I use "local" then I must not use >"multihome" and vice versa?
>When you use local, the IP ad
>On Tue, 22 Aug 2023 08:20:24 + (UTC), Jason Long via Openvpn-users
> wrote:
>Yes. The file under the CCD directory is exactly as the Common Name of the
>client.
>So if you have set a requirement for the client to have a ccd entry in order to
>connect and this client ha
>Hi,
On Wed, Aug 23, 2023 at 06:41:35AM +, Jason Long via Openvpn-users wrote:
> Hello,
> My server and client use range 10.0.2.X:
>
> Server: 10.0.2.15
> Client: 10.0.2.16
>If this is the "outside" IP (LAN NIC) that client and server use to
>setup a VP
Thank you._______
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
On 25.08.23 21:41, Jason Long via Openvpn-users wrote:
> Hello,With the help of the following command, you can revoke a certificate:
> # ./revoke-full "Client_Name"
> Now if you change your mind, is it possible to use that certificate again?
> Is there a command to validate
On Sat, 26 Aug 2023 05:32:56 + (UTC), Jason Long via Openvpn-users
wrote:
>On 25.08.23 21:41, Jason Long via Openvpn-users wrote:
>> Hello,With the help of the following command, you can revoke a certificate:
>> # ./revoke-full "Client_Name"
>> Now if you chan
es, that likely means that it's *your* job to
>at least define, if not write, it.
> 2- Is it possible to send a new key to clients automatically when client
> key is revoked?
>Not with one OpenVPN connection alone (as revoking the key means that
>you do not trust that c
t;
>or a "vars" file would preset.)
> 2- Are the following commands correct to >expire the client key after 110
> days??
>
> # export EASYRSA_CERT_EXPIRE=110
> # ./easyrsa gen-req My_Client nopass
> # ./easyrsa sign-req client My_Client
>According t
Hello,
Why in the OpenVPN log, I see the following line:
Protocol options: explicit-exit-notify 1, protocol-flags cc-exit tls-ekm
dyn-tls-crypt
Thank you.
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https
Le 29/08/2023 à 09:02, Jason Long via Openvpn-users a écrit :
Hello,
Why in the OpenVPN log, I see the following line:
Protocol options: explicit-exit-notify 1, protocol-flags cc-exit tls-ekm
dyn-tls-crypt
Thank you.
Hello Jason,
Sorry to interfere, and sorry also if I look a bit harsh
Hello,
I configured OpenVPN to use the username and password for authentication, but I
need to have the "ca.crt", "cert server.crt", "server.key" and "dh.pem"
certificates.
So, what's the advantage of using this authentication method when
>On 30/08/2023 07:45, Jason Long via Openvpn-users wrote:
> Hello,
> I configured OpenVPN to use the username and password for authentication, but
> I need to have the "ca.crt", "cert server.crt", "server.key" and "dh.pem"
> certificates.
On Wed, Aug 30, 2023 at 5:36 PM, Gert Doering
wrote: >Hi,
>On Wed, Aug 30, 2023 at 01:53:40PM +, >Jason Long via Openvpn-users wrote:
> Thank you so much for your reply.
> As I understand, The "ca.crt" and "ta.crt" keys >are mandatory. I disabled
>
Hello,
I installed the openvpn-auth-ldap package and I want to use the Active
Directory for authentication.
I Opened Active Directory Users And Computers. Clicked the View menu and
selected Advanced Features. After it, I right-clicked on my username and
selected the Properties, then clicked
.1.1.1"
Client.ovpn:
route 10.0.2.0 255.255.255.0 10.0.2.2
I connected to the server, but default gateway not set:
Unknown adapter OpenVPN TAP-Windows6:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::b404:5a8b:df0e:52c3%15
IPv4 Address. . . . . . .
>Hi,
>On Sat, Sep 02, 2023 at 11:44:08AM +, Jason Long via Openvpn-users wrote:
> I connected to the server, but default gateway not set:
>
> Unknown adapter OpenVPN TAP-Windows6:
>
> Connection-specific DNS Suffix . :
> Link-local IPv6 Address . . . . . : f
501 - 600 of 804 matches
Mail list logo
