Re: [Openvpn-users] surf the internet through openvpn

On Sat, 5 Jun 2021 07:59:40 +0200 Stella Ashburne wrote: > Hi guys, > > This mailing list is for discussions concerning Debian. > > For discussions on specific topics such as openvpn, please post your > questions on https://forums.openvpn.net/ or > https://www.reddit.com/r/OpenVPN/ > > In g

Re: [Openvpn-users] surf the internet through openvpn

o: "debian-user list" Cc: "Fermin Francisco" Subject: Re: [Openvpn-users] surf the internet through openvpn Please keep the discussion on the list. And sorry for top posting, this client refuses todo otherwise :-(   Make sure traffic coming from the openvpn client can indeed a

Re: [Openvpn-users] surf the internet through openvpn

Please keep the discussion on the list. And sorry for top posting, this client refuses todo otherwise :-( Make sure traffic coming from the openvpn client can indeed access the internet, test with ping. If that does not work solve that problem first. Look at routing and NAT on your openvpn serv

Re: Openvpn 2fa google

the error is as follows. Verification code is correct. -% error: openvpn(pam_google_authenticator)[16239]: Invalid verification code for usi21 On Wed, Jun 2, 2021 at 10:58 PM Gokan Atmaca wrote: > > Hello > > I use Google for 2FA. My configuration is as follows. However, I could > not log in. S

Re: OpenVpn Mac Address Filter

Hi, On 2021-06-02 8:45 a.m., Gokan Atmaca wrote: > Hello > > There I am trying to compile openvpn. I am getting an error as below. > > What can be the problem ? > > -% error: > /usr/bin/install: cannot stat './openvpn.8': No such file or directory > make[4]: *** [Makefile:515: install-man8] Err

Re: OpenVpn Mac Address Filter

Hello There I am trying to compile openvpn. I am getting an error as below. What can be the problem ? -% error: /usr/bin/install: cannot stat './openvpn.8': No such file or directory make[4]: *** [Makefile:515: install-man8] Error 1 make[4]: Leaving directory '/root/openvpn/doc' make[3]: *** [Ma

Re: OpenVpn Mac Address Filter

> Mac address is available only on the local network. You usually do not > get the mac address of the openvpn client but the mac address of nic of > the last router facing your openvpn server. You are right. I will try Google 2fa. On Sat, May 29, 2021 at 9:57 PM Erwan David wrote: > > Le 29/05

Re: OpenVpn Mac Address Filter

Le 29/05/2021 à 20:09, Gokan Atmaca a écrit : > Hello > > Can we filter MAC addresses of Openvpn clients ? > > Thanks. > > > Mac address is available only on the local network. You usually do not get the mac address of the openvpn client but the mac address of nic of the last router facing your ope

Re: openvpn-systemd-resolved vs gui

Il 02/09/19 19:52, john doe ha scritto: Those messages are error messages, if I were you I would put the missing file 'scripts/update-systemd-resolved' in the directory '/etc/openvpn/scripts' or look in your openvpn config file for the '--up script' directive. They sure behave like warnings, t

Re: openvpn-systemd-resolved vs gui

On 9/2/2019 7:08 PM, Andrea Borgia wrote: > Il 01/09/19 19:09, john doe ha scritto: > > > >>> After seeing some warnings in the system logs, I decided to >>> investigate and >> It would help if we could see those warnings as well. > > Sep  2 16:59:40 clarisse systemd[1]: > openvpn@update-systemd-re

Re: openvpn-systemd-resolved vs gui

Il 01/09/19 19:09, john doe ha scritto: After seeing some warnings in the system logs, I decided to investigate and It would help if we could see those warnings as well. Sep 2 16:59:40 clarisse systemd[1]: openvpn@update-systemd-resolved.service: Service RestartSec=5s expired, scheduling

Re: openvpn-systemd-resolved vs gui

On 9/1/2019 6:33 PM, Andrea Borgia wrote: > Hi. > > After seeing some warnings in the system logs, I decided to investigate and It would help if we could see those warnings as well. > found out that I am supposed to enable this script to integrate the dns Which script are you refering to? > inf

Re: Openvpn cli vs. Openvpn Networkmanager

Hi. On Wed, May 29, 2019 at 03:22:34PM +0200, basti wrote: > Then I setup it with networkmanger the connection is established, but > resolv.conf looks different with the result that i cant resolve hosts on > the other site of vpn. > > cat /etc/resolv.conf > # Dynamic resolv.conf(5) file f

Re: Openvpn with brainpoolP256r1 works for debian clients only

Dominik wrote: > Hi all, > > I'm using openvpn with certificates based on elliptic curves form the > brainpoolP256r1 group. This works fine if the server and the clients run > with debian as operating system. > > If I try to connect with a client based on windows or centos using the > same clien

Re: openvpn fails to run a learn-address script

On 27.02.19 14:37, Curt wrote: On 2019-02-27, Dominik wrote: I'm looking for help related to three questions: 1) How do I get additional information about what is causing the error? Why is systemd blocking sudo despite the modifications in the override.conf 2) More generally: How can I run o

Re: openvpn fails to run a learn-address script

On 2019-02-27, Dominik wrote: > > I'm looking for help related to three questions: > > 1) How do I get additional information about what is causing the error? > Why is systemd blocking sudo despite the modifications in the override.conf > > 2) More generally: How can I run openvpn in a daemon as u

Re: openvpn over ipv6 /65

> Hi. > > > This will need to be repeated at every reboot, > > No, it won't. OP has two stanzas regarding eth0 in e/n/i already - one > for inet and another one for inet6. You're right; I'm clearly not having a good day! Thank-you for the correction. Steve -- https://www.steve.org.

Re: openvpn over ipv6 /65

Hi. On Fri, Nov 23, 2018 at 03:39:16PM +, Steve Kemp wrote: > > with this: > > > > iface eth0 inet6 static > >address 2a03:9800:10:54::2 > >netmask 65 > >gateway 2a03:9800:10:54::1 > > > > Leave all the other entries intact. > > Then invoke this as

Re: openvpn over ipv6 /65

> with this: > > iface eth0 inet6 static >address 2a03:9800:10:54::2 >netmask 65 >gateway 2a03:9800:10:54::1 > > Leave all the other entries intact. > Then invoke this as root (one-time only): > > ip a d dev eth0 2a03:9800:10:54::2/64 > ip a a dev eth0 2a03:98

Re: openvpn over ipv6 /65

HI. On Fri, Nov 23, 2018 at 03:07:01PM +0100, tony wrote: > Thanks for your quick response, Reco, > > On 23/11/2018 13:33, Reco wrote: > > Hi. > > > > On Fri, Nov 23, 2018 at 01:18:45PM +0100, tony wrote: > >> Hi, > >> > >> I have a Stretch VPServer with a /64 netbloch, of which only

Re: openvpn over ipv6 /65

Thanks for your quick response, Reco, On 23/11/2018 13:33, Reco wrote: > Hi. > > On Fri, Nov 23, 2018 at 01:18:45PM +0100, tony wrote: >> Hi, >> >> I have a Stretch VPServer with a /64 netbloch, of which only the first 2 >> addresses are used. I've been struggling for some time to get the r

Re: openvpn over ipv6 /65

Hi. On Fri, Nov 23, 2018 at 01:18:45PM +0100, tony wrote: > Hi, > > I have a Stretch VPServer with a /64 netbloch, of which only the first 2 > addresses are used. I've been struggling for some time to get the right > stanza to split that into two /65s, using the upper half for openvpn. I

Re: OpenVPN & Debian Stretch

Thanks. I'll install openvpn, and easy-rsa on a test computer and see what it does, before installing it on my server. Wayne Sallee wa...@waynesallee.com http://www.WayneSallee.com On 09/05/2018 08:51 AM, Dan Ritter wrote: easy-rsa is basically a series of scripts to get openssl to do the rig

Re: OpenVPN & Debian Stretch

On 09/05/2018 08:51 AM, Dan Ritter wrote: On Wed, Sep 05, 2018 at 06:56:44AM -0400, Wayne Sallee wrote: On 09/05/2018 06:30 AM, Dan Purgert wrote: Dan Ritter wrote: On Wed, Sep 05, 2018 at 12:29:02AM -, Dan Purgert wrote: Dan Ritter wrote: On Tue, Sep 04, 2018 at 07:42:58PM -0400, Wa

Re: OpenVPN & Debian Stretch

Wayne Sallee wrote: > I will also be installing OpenVPN on Debian Stretch (Debian 9). What > problems are you having? go for installation - there are no problems discussed here - only how one should generate the certificate for the client. The easy-rsa is a set of scripts that makes generation o

Re: OpenVPN & Debian Stretch

On Wed, Sep 05, 2018 at 06:56:44AM -0400, Wayne Sallee wrote: > > > On 09/05/2018 06:30 AM, Dan Purgert wrote: > > Dan Ritter wrote: > > > On Wed, Sep 05, 2018 at 12:29:02AM -, Dan Purgert wrote: > > > > Dan Ritter wrote: > > > > > On Tue, Sep 04, 2018 at 07:42:58PM -0400, Wayne Sallee wrote:

Re: OpenVPN & Debian Stretch

On 09/04/2018 06:47 PM, Josh W. wrote: Debian Users, I am having a terrible time setting up a free VPN Service! Could "Any Body" point me to an UP To Date way. to set up OpenVPN on Debian Stretch? Your Help is Much Needed!!! Thank you! Joshua mailto:joshw8...@gmail.com>> I will a

Re: OpenVPN & Debian Stretch

On 09/05/2018 06:30 AM, Dan Purgert wrote: Dan Ritter wrote: On Wed, Sep 05, 2018 at 12:29:02AM -, Dan Purgert wrote: Dan Ritter wrote: On Tue, Sep 04, 2018 at 07:42:58PM -0400, Wayne Sallee wrote: Has anyone set up OpenVPN with ssh-keygen -t rsa ? Technically, you can do that. ssh-

Re: OpenVPN & Debian Stretch

Dan Ritter wrote: > On Wed, Sep 05, 2018 at 12:29:02AM -, Dan Purgert wrote: >> Dan Ritter wrote: >> > On Tue, Sep 04, 2018 at 07:42:58PM -0400, Wayne Sallee wrote: >> >> Has anyone set up OpenVPN with ssh-keygen -t rsa ? >> >> >> > >> > Technically, you can do that. >> >> ssh-keygen generate

Re: OpenVPN & Debian Stretch

On Wed, Sep 05, 2018 at 12:29:02AM -, Dan Purgert wrote: > Dan Ritter wrote: > > On Tue, Sep 04, 2018 at 07:42:58PM -0400, Wayne Sallee wrote: > >> Has anyone set up OpenVPN with ssh-keygen -t rsa ? > >> > > > > Technically, you can do that. > > ssh-keygen generates ssh keys, not x.509 certif

Re: OpenVPN & Debian Stretch

Dan Ritter wrote: > On Tue, Sep 04, 2018 at 07:42:58PM -0400, Wayne Sallee wrote: >> Has anyone set up OpenVPN with ssh-keygen -t rsa ? >> > > Technically, you can do that. ssh-keygen generates ssh keys, not x.509 certificates ... -- |_|O|_| Registered Linux user #585947 |_|_|O| Github: https

Re: OpenVPN & Debian Stretch

On Tue, Sep 04, 2018 at 07:42:58PM -0400, Wayne Sallee wrote: > Has anyone set up OpenVPN with ssh-keygen -t rsa ? > Technically, you can do that. In practice, you need to have a CA set up, of which easy-rsa is the simplest choice. Why? Revocation. Let's suppose you have an SSH server. Because

Re: OpenVPN & Debian Stretch

Has anyone set up OpenVPN with ssh-keygen -t rsa ? Wayne Sallee wa...@waynesallee.com http://www.WayneSallee.com On 09/04/2018 07:34 PM, Dan Purgert wrote: Josh W. wrote: Debian Users, I am having a terrible time setting up a free VPN Service! Could "Any Body" point me to an UP To D

Re: OpenVPN & Debian Stretch

Josh W. wrote: > Debian Users, > I am having a terrible time setting up a free VPN Service! Could > "Any Body" point me to an UP To Date way. to set up OpenVPN on Debian > Stretch? Your Help is Much Needed!!! Thank you! > > Joshua > apt-get install openvpn-server Should be enough to get

Re: OpenVPN & Debian Stretch

On Tue, Sep 04, 2018 at 05:47:37PM -0500, Josh W. wrote: > Debian Users, > I am having a terrible time setting up a free VPN Service! Could > "Any Body" point me to an UP To Date way. to set up OpenVPN on Debian > Stretch? Your Help is Much Needed!!! Thank you! sudo apt install openvpn ea

Re: OpenVPN dhcp

On Sat, Jul 28, 2018 at 02:06:46PM -0400, Jim Popovitch wrote: > > Heck, it took NM > something like 7 years to fix the flood of wifi events that hit > .xsession-errors and filled up /home partitions, so don't hold your > breath on this issue being resolved before Sid hits stable. > That is a com

Re: OpenVPN dhcp

On Sat, 2018-07-28 at 19:31 +0200, Erwan David wrote: > > > Does not seem to work for DNS pushed by the VPN server... > A less pertinent bit was on another page that said you also need to add the following lines to your client.ovpn before importing into NetworkManager. script-security 2 up

Re: OpenVPN dhcp

Le 07/28/18 à 18:48, Jim Popovitch a écrit : > On Fri, 2018-07-27 at 14:52 -0400, Roberto C. Sánchez wrote: >> The short answer is, "as long as you use NetworkManager, no." >> >> I no longer have the link, but some time ago I found a page that >> explains it very clearly. >> >> Search terms: "openv

Re: OpenVPN dhcp

On Fri, 2018-07-27 at 14:52 -0400, Roberto C. Sánchez wrote: > The short answer is, "as long as you use NetworkManager, no." > > I no longer have the link, but some time ago I found a page that > explains it very clearly. > > Search terms: "openvpn networkmanager dns leak" > > Effectively, Netwo

Re: OpenVPN dhcp

On Fri, Jul 27, 2018 at 02:38:37PM -0400, Jim Popovitch wrote: > Hello, > > Is there a way to have an OpenVPN server push dhcp-options to the > clients that completely replace any existing entries in > /etc/resolv.conf?   > The short answer is, "as long as you use NetworkManager, no." I no longe

Re: openvpn client DNS security

On Thu, Apr 05, 2018 at 11:48:51AM +0200, Roger Price wrote: > Hi, I had a problem setting up DNS on an openvpn client. I'll describe it > here before submitting a bug report - I would appreciate comment on the > security aspects. > > > Looking more closely at script /etc/openvpn/update-resolv-

Re: openvpn

On Mon, 23 Oct 2017 21:03:30 +0200 Pol Hallen wrote: > Hello all :-) > > maybe I've a simple question... > > I've an openvpn server 10.0.0.1/24 and a connected client (gateway): > I use vpn to make backup. > > On this client I've samba and clients in same lan can connect to it. > > The proble

Re: openvpn updates?

On Tue, Jun 27, 2017 at 11:11:47AM -0400, Perry E. Metzger wrote: > On Thu, 22 Jun 2017 23:10:21 +0300 Adrian Bunk > wrote: > > On Thu, Jun 22, 2017 at 10:20:09AM -0400, Perry E. Metzger wrote: > > > There was a security advisory against openvpn a couple of days > > > ago; > > > > Yesterday, no

Re: openvpn updates?

On Tue 27 Jun 2017 at 12:09:47 (-0400), Perry E. Metzger wrote: > On Tue, 27 Jun 2017 10:48:26 -0500 David Wright > wrote: > > > Any news on this? Apparently this is remotely exploitable though > > > not in ordinary configurations. > > > > In what respect do > > > > https://security-tracker.d

Re: openvpn updates?

On Tue, 27 Jun 2017 10:48:26 -0500 David Wright wrote: > > Any news on this? Apparently this is remotely exploitable though > > not in ordinary configurations. > > In what respect do > > https://security-tracker.debian.org/tracker/source-package/openvpn > > and > > https://tracker.debian.o

Re: openvpn updates?

On Tue 27 Jun 2017 at 11:11:47 (-0400), Perry E. Metzger wrote: > On Thu, 22 Jun 2017 23:10:21 +0300 Adrian Bunk > wrote: > > On Thu, Jun 22, 2017 at 10:20:09AM -0400, Perry E. Metzger wrote: > > > There was a security advisory against openvpn a couple of days > > > ago; > > > > Yesterday, not

Re: openvpn updates?

On Thu, 22 Jun 2017 23:10:21 +0300 Adrian Bunk wrote: > On Thu, Jun 22, 2017 at 10:20:09AM -0400, Perry E. Metzger wrote: > > There was a security advisory against openvpn a couple of days > > ago; > > Yesterday, not a couple of days ago. > > > just wondering when updated packages are likely t

Re: openvpn updates?

Hi. On Fri, 23 Jun 2017 00:03:30 + Mark Fletcher wrote: > On Fri, 23 Jun 2017 at 05:27, Adrian Bunk wrote: > > > On Thu, Jun 22, 2017 at 10:20:09AM -0400, Perry E. Metzger wrote: > > > There was a security advisory against openvpn a couple of days ago; > > > > Yesterday, not a coup

Re: openvpn updates?

On Fri, 23 Jun 2017 at 05:27, Adrian Bunk wrote: > On Thu, Jun 22, 2017 at 10:20:09AM -0400, Perry E. Metzger wrote: > > There was a security advisory against openvpn a couple of days ago; > > Yesterday, not a couple of days ago Holy hell, I missed that. Thanks for waking me up! Any chance som

Re: openvpn updates?

On Thu, Jun 22, 2017 at 10:20:09AM -0400, Perry E. Metzger wrote: > There was a security advisory against openvpn a couple of days ago; Yesterday, not a couple of days ago. > just wondering when updated packages are likely to show up? unstable is already fixed. stable and oldstable will be fixe

Re: openvpn start failed and Jessie

On Sex, 13 Mai 2016, Bonno Bloksma wrote: Today I had a Jessie system where I made a little mistake with the openvpn config file name and after a restart of the service it did not come back, off course. Off course it did not come back either after a full reboot of the system. A colleage went

Re: OpenVPN fails [SOLVED]

On 07/10/15 15:32, Reco wrote: Update initrd after updating /etc/mdadm/mdadm.conf. I'm afraid that's beyond my expertise update-initramfs -k all -u It's all in the handbook, really. All it takes is to read it once. https://debian-handbook.info/ Thanks for sticking with this. You're

Re: OpenVPN fails

Hi. On Wed, Oct 07, 2015 at 02:56:49PM +0100, Tony van der Hoff wrote: > On 06/10/15 19:00, Reco wrote: > >> 1) Those should work just fine, and fix the trouble somewhat: > >> > >> mdadm --add /dev/md0 /dev/sda5 > >> mdadm --add /dev/md1 /dev/sda6 > >> mdadm --add /dev/md3 /dev/sda8 > >> mdadm --

Re: OpenVPN fails

On 06/10/15 19:00, Reco wrote: >> 1) Those should work just fine, and fix the trouble somewhat: >> >> mdadm --add /dev/md0 /dev/sda5 >> mdadm --add /dev/md1 /dev/sda6 >> mdadm --add /dev/md3 /dev/sda8 >> mdadm --add /dev/md4 /dev/sda9 >> mdadm --add /dev/md6 /dev/sda11 >> >> 2) A big warning - wait

Re: OpenVPN fails

Hi. On Tue, Oct 06, 2015 at 08:53:58PM +0300, Reco wrote: > Hi. > > On Tue, Oct 06, 2015 at 06:21:59PM +0100, Tony van der Hoff wrote: > > On 06/10/15 17:59, Reco wrote: > > > > > > > > Allow me to explain then. > > > > > Thank you, Reco, I'm really grateful. I'm learning a lot h

Re: OpenVPN fails

Hi. On Tue, Oct 06, 2015 at 06:21:59PM +0100, Tony van der Hoff wrote: > On 06/10/15 17:59, Reco wrote: > > > > > Allow me to explain then. > > > Thank you, Reco, I'm really grateful. I'm learning a lot here! You're welcome. > OK, here goes: > > root@tony-lx:~# cat /proc/mdstat > Per

Re: OpenVPN fails

On 06/10/15 17:59, Reco wrote: > > Allow me to explain then. > Thank you, Reco, I'm really grateful. I'm learning a lot here! > You did not run update-grub, so whatever changes you made to grub.cfg > were expected to be honored on reboot. > Yet on reboot "insmod mdraid1x" was there. > That can

Re: OpenVPN fails

Hi. On Tue, Oct 06, 2015 at 05:16:29PM +0100, Tony van der Hoff wrote: > On 06/10/15 16:03, Reco wrote: > > I propose an experiment. > > > > 1) Remove "insmod mdraid1x" from grub.cfg. By using any text editor, *do > > not* run update-grub. > > 2) Reboot. > > 3) While in grub, press 'e' wh

Re: OpenVPN fails

On 06/10/15 16:03, Reco wrote: > I propose an experiment. > > 1) Remove "insmod mdraid1x" from grub.cfg. By using any text editor, *do > not* run update-grub. > 2) Reboot. > 3) While in grub, press 'e' while the default boot entry is selected. > 4) Check whenever boot entry still contains "insmod

Re: OpenVPN fails

Hi. On Tue, Oct 06, 2015 at 02:03:37PM +0100, Tony van der Hoff wrote: > >>> > >>> As long as "uname -v" output is consistent with "apt-cache policy > >>> linux-image-3.2.0-4-amd64" output there's nothing to worry about IMO. > >>> > >>> They stopped to change kernel version (i.e. 3.2.0-4)

Re: OpenVPN fails

On 06/10/15 13:22, Reco wrote: > Hi. > > On Tue, Oct 06, 2015 at 11:46:31AM +0100, Tony van der Hoff wrote: >> On 05/10/15 18:33, Reco wrote: >>> Hi. >>> >>> On Mon, Oct 05, 2015 at 06:15:58PM +0100, Tony van der Hoff wrote: On 05/10/15 17:38, Reco wrote: > On Mon, Oct 05, 2015

Re: OpenVPN fails

Hi. On Tue, Oct 06, 2015 at 11:46:31AM +0100, Tony van der Hoff wrote: > On 05/10/15 18:33, Reco wrote: > > Hi. > > > > On Mon, Oct 05, 2015 at 06:15:58PM +0100, Tony van der Hoff wrote: > >> On 05/10/15 17:38, Reco wrote: > >>> On Mon, Oct 05, 2015 at 05:17:49PM +0100, Tony van der H

Re: OpenVPN fails

On 05/10/15 18:33, Reco wrote: > Hi. > > On Mon, Oct 05, 2015 at 06:15:58PM +0100, Tony van der Hoff wrote: >> On 05/10/15 17:38, Reco wrote: >>> On Mon, Oct 05, 2015 at 05:17:49PM +0100, Tony van der Hoff wrote: >> Thanks for the quick response, Reco. >> >> 1. Kernel is stock wh

Re: OpenVPN fails

Actually I went back and it's not the region that is the factor... It is the image that was used to build the droplets. The Debian 7.0 images all require the kernel to be set in the control panel. Even though I've upgraded a few of those to 8.x so looks like I need to just rebuild them (thank goodn

Re: OpenVPN fails

On 10/5/2015 12:05 PM, Reco wrote: >> 2. I don't know when 3.2.0-4 was released; I suspect the answer is yes. >> >> 3. many reboots; the last one earlier today. >> >> I note bug=767836 describes this problem, but appears closed with 3.2.0-4 > It was closed because the problem was not in the kerne

Re: OpenVPN fails

Hi. On Mon, Oct 05, 2015 at 06:15:58PM +0100, Tony van der Hoff wrote: > On 05/10/15 17:38, Reco wrote: > > On Mon, Oct 05, 2015 at 05:17:49PM +0100, Tony van der Hoff wrote: > Thanks for the quick response, Reco. > > 1. Kernel is stock wheezy: > 3.2.0-4-amd64 #1 SMP

Re: OpenVPN fails

On 05/10/15 17:38, Reco wrote: > On Mon, Oct 05, 2015 at 05:17:49PM +0100, Tony van der Hoff wrote: Thanks for the quick response, Reco. 1. Kernel is stock wheezy: 3.2.0-4-amd64 #1 SMP Debian 3.2.57-3+deb7u2 x86_64 GNU/Linux >>> >>> But very old one. Current one is 3.2.68-1+de

Re: OpenVPN fails

On Mon, Oct 05, 2015 at 05:17:49PM +0100, Tony van der Hoff wrote: > >> Thanks for the quick response, Reco. > >> > >> 1. Kernel is stock wheezy: > >> 3.2.0-4-amd64 #1 SMP Debian 3.2.57-3+deb7u2 x86_64 GNU/Linux > > > > But very old one. Current one is 3.2.68-1+deb7u4. > > > > It's a shot in th

Re: OpenVPN fails

On 05/10/15 17:05, Reco wrote: > Hi. > > On Mon, Oct 05, 2015 at 04:46:01PM +0100, Tony van der Hoff wrote: >> On 05/10/15 16:31, Reco wrote: >>> Hi. >>> >>> On Mon, Oct 05, 2015 at 03:51:17PM +0100, Tony van der Hoff wrote: Hi, I have a VPS running up to date wheezy, with an O

Re: OpenVPN fails

Hi. On Mon, Oct 05, 2015 at 04:46:01PM +0100, Tony van der Hoff wrote: > On 05/10/15 16:31, Reco wrote: > > Hi. > > > > On Mon, Oct 05, 2015 at 03:51:17PM +0100, Tony van der Hoff wrote: > >> Hi, > >> > >> I have a VPS running up to date wheezy, with an OpenVPN server, and a > >> wheezy box

Re: OpenVPN fails

Hi. On Mon, Oct 05, 2015 at 03:51:17PM +0100, Tony van der Hoff wrote: > Hi, > > I have a VPS running up to date wheezy, with an OpenVPN server, and a > wheezy box at home running an OpenVPN client. this used to work fine > last year. I haven't had cause to use it much recently, and I now

Re: OpenVPN fails

On 05/10/15 16:31, Reco wrote: > Hi. > > On Mon, Oct 05, 2015 at 03:51:17PM +0100, Tony van der Hoff wrote: >> Hi, >> >> I have a VPS running up to date wheezy, with an OpenVPN server, and a >> wheezy box at home running an OpenVPN client. this used to work fine >> last year. I haven't had c

Re: OpenVPN doesn't restart after sleep

Tony van der Hoff wrote: > I meant 'addresses' gives 100% packet loss. > or succeed as expected, so networking > is up. If ping 8.8.8.8 has 100% packet loss then I would say full networking is down. It will be impossible for DNS to function that way. Does that mean your server isn't routing p

Re: OpenVPN doesn't restart after sleep

On 15/04/15 13:32, lukn555 wrote: > Hi Tony > > Sorry for the late reply, I suffered the same but I only just found out > how to fix this: > > > > Add the following script to /lib/systemd/system-sleep (in case you are > using systemd): > > $ cat /lib/systemd/system-sleep/openvpn.sh > #!/bin/ba

Fwd: Re: OpenVPN doesn't restart after sleep

Forward to list, having replied directly to Bob in error. Original Message Subject: Re: OpenVPN doesn't restart after sleep Date: Thu, 16 Apr 2015 15:10:29 +0200 From: Tony van der Hoff To: Bob Proulx Thanks for your reply, Bob. I have now risen from my sick-bed, an

Re: OpenVPN doesn't restart after sleep

lukn555 wrote: > Sorry for the late reply, I suffered the same but I only just found out > how to fix this: I am glad you have something that works for you. However I read this and it feels like a workaround for a deeper problem. I applaud you sharing your solution with us. Thank you for doing

Re: OpenVPN doesn't restart after sleep

Hi Tony Sorry for the late reply, I suffered the same but I only just found out how to fix this: Add the following script to /lib/systemd/system-sleep (in case you are using systemd): $ cat /lib/systemd/system-sleep/openvpn.sh #!/bin/bash case "$1" in post) /bin/systemc

Re: OpenVPN doesn't restart after sleep

On 03/04/15 00:11, Bob Proulx wrote: > Tony van der Hoff wrote: >> I have OpenVPN on my KDE Wheezy laptop configured to connect to my >> wheezy VPS. When booting from scratch this works fine. > > Works for me too. Note that I am not using KDE however. Doesn't seem > like that should matter. Unl

Re: OpenVPN doesn't restart after sleep

Tony van der Hoff wrote: > I have OpenVPN on my KDE Wheezy laptop configured to connect to my > wheezy VPS. When booting from scratch this works fine. Works for me too. Note that I am not using KDE however. Doesn't seem like that should matter. Unless you are using some KDE specific network som

Re: OpenVPN on Xen DomU

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Tue, 21 Oct 2014 10:40:24 -0400 Henning Follmann wrote: > Why do you want to do nat on the DomU interface? > You should do nat on the vpn interface. Hi Henning, it was a desperate try. ;) Anyway I got it working now, after copying the original

Re: OpenVPN on Xen DomU

On Tue, Oct 21, 2014 at 02:51:41PM +0200, Denis Witt wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Hi list, > > yay, some non systemd related traffic. ;) > > I try to migrate an OpenVPN-Server/Gateway to a Xen DomU (old config is > working fine). Connection to the VPN works fine

Re: OpenVPN client configuration for simultaneous connections to external servers

On Mon, 5 May 2014 14:35:18 -0300 Daniel Bareiro wrote: > On Saturday, 19 April 2014 11:47:37 -0300, > Daniel Bareiro wrote: > > > I'm doing tests to simultaneously maintain two VPN links against PureVPN > > servers. As this is an external provider, I have no way to make changes > > in the confi

Re: OpenVPN client configuration for simultaneous connections to external servers

On Saturday, 19 April 2014 11:47:37 -0300, Daniel Bareiro wrote: > I'm doing tests to simultaneously maintain two VPN links against PureVPN > servers. As this is an external provider, I have no way to make changes > in the configuration of VPN servers. > > The settings I'm using to set up each li

Re: OpenVPN + Heartbleed question

Hi. On Mon, Apr 14, 2014 at 04:31:18AM -0400, shawn wilson wrote: > It might be possible for an openvpn server to initiate a heartbeat sequence > with a client. And therefore for a rogue server to exploit this. I don't > believe > this to be the case however and I can't think of any other way of

Re: OpenVPN + Heartbleed question

It might be possible for an openvpn server to initiate a heartbeat sequence with a client. And therefore for a rogue server to exploit this. I don't believe this to be the case however and I can't think of any other way of exploiting this. If you can get openvpn to use named sockets, you should be

Re: openvpn question

On 10/25/13, Gregory Nowak wrote: > This is an update to the thread originally started at: > > > To recap briefly though, I ended up using NAT to route a public > address from my /29 subnet on my VPS to a private IP address > assigned to

Re: openvpn question

Hi all. This is an update to the thread originally started at: I won't give a summary here, the above URL can give the full story. To recap briefly though, I ended up using NAT to route a public address from my /29 subnet on my VPS to a

Re: openvpn question

Ok. In case others besides Zenaan are interested, here is what I did to get openvpn going, and to allow my laptop to get a public IP address through openvpn from the /29 block of public addresses allocated to me from my VPS provider. This setup works for my needs, your mileage may vary as they say.

Re: openvpn question

On Sat, Aug 24, 2013 at 12:57:18PM +1000, Zenaan Harkness wrote: > Yes please! BUT: probably sanitize (obfuscate) your public, and > isp-provided, ip addresses, if there is any likelihood of the > existence of your particular VPN being of interest to an adversary. Of course. I'll probably do that

Re: openvpn question

On Sat, Aug 24, 2013 at 12:48:26PM +1000, Zenaan Harkness wrote: > Bob, your link http://shorewall.net/ProxyARP.htm is > great! Easy to read. Yes, I meant to mention that. It does a good job of providing a general explanation of proxy ARP indeed. Greg -- web site: http://www.gregn..net gpg pub

Re: openvpn question

On Sat, Aug 24, 2013 at 12:44:28PM +1000, Zenaan Harkness wrote: > Whether or not using proxy arp, I recommend using tap device. I > believe there is a little more overhead with tun (higher in the > stack), _especially_ given you want to forward everything, ie DNAT and > SNAT. tun buys nothing but

Re: openvpn question

On 8/24/13, Gregory Nowak wrote: > As I already said, everything is working. The problem is solved. If > there is interest, I can paste the openvpn configs from server/client, > and the interfaces file with relevant iptables rules from the server > to show how I'm doing what I'm doing. Thanks agai

Re: openvpn question

On 8/24/13, Zenaan Harkness wrote: > On 8/24/13, Bob Proulx wrote: >> Right. Which does not have anything to do with the way proxy arp is >> set up. >> >>> I thought this over again with my brain fresher in the afternoon than >>> it was last night, and you are right, it would work in this situat

Re: openvpn question

On 8/24/13, Bob Proulx wrote: > Gregory Nowak wrote: >> Bob Proulx wrote: >> > The device will still have an ethernet address whether you assigned >> > one to it or not. It is not necessary for you to assign one since one >> > has already been assigned by default. (From the vendor. Or in the >>

Re: openvpn question

On Fri, Aug 23, 2013 at 04:54:46PM -0600, Bob Proulx wrote: > Uhm... Yes. > > > # ifconfig tun0 > > tun0 Link encap:UNSPEC HWaddr > > 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 > > Silly bear! That is the tun device. Never tunnel the tun device. > > > The above is from the VPS, with

Re: openvpn question

Gregory Nowak wrote: > Bob Proulx wrote: > > The device will still have an ethernet address whether you assigned > > one to it or not. It is not necessary for you to assign one since one > > has already been assigned by default. (From the vendor. Or in the > > case of virtual hardware from the s

Re: openvpn question

On Fri, Aug 23, 2013 at 11:16:12AM -0600, Bob Proulx wrote: > The device will still have an ethernet address whether you assigned > one to it or not. It is not necessary for you to assign one since one > has already been assigned by default. (From the vendor. Or in the > case of virtual hardware

Re: openvpn question

On Fri, Aug 23, 2013 at 12:36:58PM +, Bonno Bloksma wrote: > I have been following this and I think it is getting clear what you are doing > but I have lost what the problem is we are trying to resolve. > > If I understand it right your setup is something like: > > VPS has network 1.2.3.0/24

Re: openvpn question

Gregory Nowak wrote: > In addition to this, I have iptables rules using the nat table, > which take traffic which has the laptop's public address as > destination, and do DNAT on it, changing the destination address to > be the laptop's private address. I also have a rule doing the > reverse. This

RE: openvpn question

Hi Gregory, > Gregory Nowak wrote: >>> The public address assigned to the laptop would actually be >>> configured on the VPS, >> >> Hmm... No. Sorry. Doesn't make sense. The public address assigned >> to the laptop would probably be yet another private address behind a >> NAT somewhere. >

  1   2   >