Re: [gentoo-user] openvpn experience, anyone?

Sun, 18 Sep 2022 00:52:32 -0700 


On 18/9/22 15:26, n952162 wrote:

Hello all,

I want to ssh over my openvpn connection, and I can't do it, the
connection times out.

I saw a reference to gentoo in the openvpn scripts in /etc/openvpn and
thought maybe somebody here  knows something about this.

Earlier my institution recommended openconnect, and I was able to use
ssh to login in to a host with no problem.

Then, for some reason (licensing?), we were switched to openvpn, which
works for xfreerdp but not for ssh.

I don't have control over the institution's firewall (but I do have for
the host itself)

Perhaps when installing the new service, they tightened up the firewall
rules.  But maybe there's a configuration screw I can turn, or ... maybe
a USE flag?

- - down-root : Enable the down-root plugin
 - - examples  : Install examples, usually source code
 - - inotify   : Enable inotify filesystem monitoring support
 - - iproute2  : Enabled iproute2 support instead of net-tools
 + + lz4       : Enable support for lz4 compression (as implemented in
app-arch/lz4)
 + + lzo       : Enable support for lzo compression
 - - mbedtls   : Use mbed TLS as the backend crypto library
 + + openssl   : Use OpenSSL as the backend crypto library
 + + pam       : Add support for PAM (Pluggable Authentication Modules)
- DANGEROUS to
                 arbitrarily flip
 - - pkcs11    : Enable PKCS#11 smartcard support
 + + plugins   : Enable the OpenVPN plugin system
 - - systemd   : Enable use of systemd-specific libraries and features
like socket
                 activation or session tracking
 - - test      : Enable dependencies and/or preparations necessary to
run tests
                 (usually controlled by FEATURES=test but can be
toggled independently)

TIA



ssh and openvpn work well together.  However I am doing most of the work 
using my own configs - gentoo tries to be too clever with its vpn 
networking and Ive never been able to get it to work 
reliably/acceptably.  On some sites I have to use port 443 (https) to 
get through, and in extreme cases double wrap in ssl (using a mix of 
proxytunnel (windows host), stunnel and sslh) to disguise its a vpn but 
still separate it from regular https traffic on my firewall.  You will 
need to figure out where the ssh is getting blocked/stripped out - is 
openvpn your endpoint or theirs?


BillK

























					Reply via email to