On Wednesday 19 January 2011 04:12:47 Bob Proulx wrote:
> peasth...@shaw.ca wrote:
> > Bob Proulx wrote:
> > > You have a complicated setup!
> >
> > A complex setup. "complicated" is a verb. ... Sorry.
>
> Uhm... No. Complicated is an adjective.
>
> From WordNet (r) 2.0 [wn]:
>
>complicate
On Tue January 18 2011 20:12:47 Bob Proulx wrote:
> peasth...@shaw.ca wrote:
> > Are you suggesting that all of dalton's 'net traffic
> > go through the tunnel and Joule? Are you suggesting
> > that all of joule's 'net traffic go through the tunnel
> > and dalton? Aren't both significantly disadv
peasth...@shaw.ca wrote:
> Bob Proulx wrote:
> > You have a complicated setup!
>
> A complex setup. "complicated" is a verb. ... Sorry.
Uhm... No. Complicated is an adjective.
From WordNet (r) 2.0 [wn]:
complicated
adj : difficult to analyze or understand; "a complicated problem"
peasth...@shaw.ca wrote:
> > Only my dynamic client has a remote set.
>
> ??
> We are on the same frequency here. The dynamic-ip system
> has a remote parameter pointing to the static-ip system. The
> static-ip system lacks the remote parameter ... unless I revert
> to my old dependance up
From: Bob Proulx
Date: Mon, 17 Jan 2011 21:59:42 -0700
> You have a complicated setup!
A complex setup. "complicated" is a verb. ... Sorry.
It's simplifying slowly and surely. One helpful detail is to
route to a LAN rather than to individual machines.
route 172.23.0.0 255.255.0.0
rather
From: Bob Proulx
Date: Mon, 17 Jan 2011 21:52:08 -0700
> Only my dynamic client has a remote set.
??
We are on the same frequency here. The dynamic-ip system
has a remote parameter pointing to the static-ip system. The
static-ip system lacks the remote parameter ... unless I revert
to
peasth...@shaw.ca wrote:
> A third case is when I am at work and the tunnel between dalton
You have a complicated setup!
> and joule is broken. Then POP3 can bring messages from the ISP
> through the public Internet to cantor; but the ISP will not accept
> a message from cantor via SMTP thro
peasth...@shaw.ca wrote:
> Thanks. One additional revision appears necessary. The man page
> for OpenVPN has the heading "VPN Address Setup" with three examples.
> Each of these examples has a --remote parameter on each end of the
> tunnel. I assumed that a --remote parameter is essential in eve
From: Mike Bird
Date: Wed, 12 Jan 2011 10:42:45 -0800
> Your config works without "mode server".
Thanks. One additional revision appears necessary.
The man page for OpenVPN has the heading "VPN Address Setup" with
three examples. Each of these examples has a --remote parameter on each
e
Bob,
From: Bob Proulx
Date: Wed, 12 Jan 2011 11:22:23 -0700
> Every reply of yours is starting a new thread. You can see this in
> the mailing list archives.
Apologies. I understand and certainly would prefer not do that.
> This is an aside but why is the subject being modified with a "
PETER EASTHOPE wrote:
> r...@dalton:/etc/openvpn# cat /etc/openvpn/myvpn.conf
> # dalton:/etc/openvpn/myvpn.conf
Dalton is the static IP server configuration.
> mode server
> secret /root/key 1
As Mike found and pointed out those are incompatible. For server mode
you need to set up and use ce
On Wed January 12 2011 10:14:32 PETER EASTHOPE wrote:
> From: Mike Bird
> Date: Wed, 12 Jan 2011 08:52:41 -0800
>
> > When I try your config on one of my test boxes I find
> > the following in syslog:
> >
> > Jan 12 08:50:18 bul-lb ovpn-myvpn[9850]: Options error: --mode server
> > requires --tls-
Mike Bird wrote:
> Bob Proulx wrote:
> > It is definitely "dev tun" not tun0.
>
> Not when you've got six OpenVPN tunnels on one system.
>
> We use tun0 on single-tunnel systems for consistency
> and in case we need to add a second tunnel.
Ah... Thanks for the correction!
Bob
signature.asc
D
On Wed January 12 2011 10:22:23 Bob Proulx wrote:
> It is definitely "dev tun" not tun0.
Not when you've got six OpenVPN tunnels on one system.
We use tun0 on single-tunnel systems for consistency
and in case we need to add a second tunnel.
--Mike Bird
--
To UNSUBSCRIBE, email to debian-user-
From: Bob Proulx
Date: Wed, 12 Jan 2011 11:13:10 -0700
> Yes. I can see the udp packets both leaving one and arriving at the
> other using tcpdump on the interfaces. I tried it on two of my
> systems before sending that message.
Good! Thanks! Now I'm convinced that it should work. (And h
PETER EASTHOPE wrote:
> r...@dalton:~# /etc/init.d/openvpn start
> Starting virtual private network daemon: myvpn failed!
>
> Same result with both "dev tun" and "dev tun0" in
> /etc/openvpn/myvpn.conf.
It is definitely "dev tun" not tun0.
> One other suspicious detail: /etc/openvpn/update-reso
PETER EASTHOPE wrote:
> From: Bob Proulx
> Date: Mon, 10 Jan 2011 21:55:10 -0700
> > x: echo foo | nc -u y 1149
> >
> > You should see that show up in your tcpdump traces.
>
> You've tried this on your system? Or least can detect the datagram
> leaving the orginating system?
Yes. I can see
From: PETER EASTHOPE
Date: Tue, 11 Jan 2011 19:23:50 -0800
> Incidentally, telnet and daytime haven't worked in dalton since last Spring.
>
Thanks to a comment discovered via current emails from Simon McVittie
about bug reports, I replaced inetutils-inetd and inetutils-telnetd
with open
On Wed January 12 2011 08:08:31 PETER EASTHOPE wrote:
> The failure of netcat, port 1194 to be detected on the
> external interface is more fundamental. If someone
> with a working tunnel can confirm that the netcat test
> of Bob Proulx works, then I'll know that it should work
> here before the t
Mike,
From: Mike Bird
Date: Tue, 11 Jan 2011 19:53:13 -0800
> What happens on "/etc/init.d/openvpn start"?
r...@dalton:~# /etc/init.d/openvpn start
Starting virtual private network daemon: myvpn failed!
Same result with both "dev tun" and "dev tun0" in
/etc/openvpn/myvpn.conf.
The failure
On Tue January 11 2011 19:23:50 PETER EASTHOPE wrote:
> r...@dalton:/etc/openvpn# ip addr show
I don't see the OpenVPN tunnel.
What happens on "/etc/init.d/openvpn start"?
FWIW, I use "dev tun0" (or "dev tunN" for some N) instead of
"dev tun" in the OpenVPN config.
--Mike Bird
--
To UNSUBSCR
From: Bob Proulx
Date: Mon, 10 Jan 2011 21:55:10 -0700
> x: echo foo | nc -u y 1149
>
> You should see that show up in your tcpdump traces.
You've tried this on your system? Or least can detect the datagram
leaving the orginating system?
From: Mike Bird
Date: Tue, 11 Jan 2011 14:39:
On Tue January 11 2011 14:09:09 PETER EASTHOPE wrote:
> OK. Seems that somehow I've managed to disable port
> 1194 or tcpdump.
Anything interesting in the /etc/openvpn/*, or in the output
of "iptables-save" or of "route -n" or of "ifconfig"?
(Post them here if there's nothing private.)
--Mike B
From: Bob Proulx
Date: Mon, 10 Jan 2011 21:55:10 -0700
> They don't reach the external interface? That is an excellent clue.
> But I think it might be a problem trying to have traceroute do it.
> ... try netcat instead.
At work now and this happens on Dalton. 142.103.107.138 is
carnot.yi.
On Mon January 10 2011 20:55:10 Bob Proulx wrote:
> > Did something break in the Squeeze network infrastructure about
> > a two weeks back?
>
> Most of my machines are running Lenny. So I wouldn't know.
FWIW, we have not encountered any problems in what is now a mixed
Lenny/Squeeze OpenVPN networ
peasth...@shaw.ca wrote:
> Bob Proulx wrote:
> > Do the packets arrive at dalton? You should be able to see this with
> > tcpdump.
> > tcpdump -lni any port 1194
>
> Tried that and found 0 datagrams reaching Dalton. In fact
> datagrams don't even reach the external interface on Joule.
They d
From: Bob Proulx
Date: Sun, 09 Jan 2011 17:54:51 -0700
> Do the packets arrive at dalton? You should be able to see this with
> tcpdump.
> tcpdump -lni any port 1194
Tried that and found 0 datagrams reaching Dalton. In fact
datagrams don't even reach the external interface on Joule.
In
peasth...@shaw.ca wrote:
> Bob Proulx wrote:
> > But an openvpn configuration shouldn't be depending upon dynamic dns.
> ...
> Nevertheless, the tunnel fails.
Hmm...
> pe...@joule:~$ grep refused /var/log/syslog
> Jan 9 15:08:53 joule ovpn-myvpn[1903]: read UDPv4 [ECONNREFUSED]: Connection
> r
* From: Bob Proulx
* Date: Wed, 5 Jan 2011 14:01:54 -0700
> But an openvpn configuration shouldn't be depending upon dynamic dns.
> Have your dynamic IP client contact your server. ... might be able to use
> almost
> the same configuration you currently have but just with some tweaks.
PETER EASTHOPE wrote:
> Recently the DDNS server hasn't been updating and I've wondered
> about other configurations.
But an openvpn configuration shouldn't be depending upon dynamic dns.
Have your dynamic IP client contact your server. If the server is
static and known then there shouldn't be a
Folk,
For several years OpenVPN has provided a reliable tunnel
between two machines, Dalton and Joule. Ref.
http://142.103.107.138:80/NetworksPage.html
Dalton has a static address. Joule has a dynamic address,
usually available by reference to joule.yi.org. This
depended upon a DDNS server a
31 matches
Mail list logo
