The sender domain has a DMARC Reject/Quarantine policy which disallows sending mailing list messages using the original "From" header.
To mitigate this problem, the original message has been wrapped automatically by the mailing list software.
--- Begin Message ---Hello Magnus, Hi Felix, On Sat, Dec 17, 2016 at 1:53 AM, Magnus Kroken <mkro...@gmail.com> wrote: > OpenVPN 2.4 builds with mbedTLS 2.x, rename openvpn-polarssl > variant to openvpn-mbedtls. > > Some feature highlights: > * Data channel cipher negotiation > * AEAD cipher support for data channel encryption (currently only AES-GCM) > * ECDH key exchange for control channel > * LZ4 compression support it seems that there's a small compatibility problem for "older VPN servers" with OpenVPN 2.4 and mbedTLS: TLS-DHE-* ciphers don't seem to be supported anymore. I'm not sure if that's a problem in real-world (I just upgraded to latest LEDE git HEAD and found one of my VPN connections "broken" - but I can't tell if this is whether that VPN-server was exotic or if it's a real-world problem). the list of avaiable TLS ciphers in LEDE's OpenVPN when using mbedTLS: # openvpn --show-tls TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA TLS-RSA-WITH-AES-256-GCM-SHA384 TLS-RSA-WITH-AES-256-CBC-SHA256 TLS-RSA-WITH-AES-256-CBC-SHA TLS-RSA-WITH-AES-128-GCM-SHA256 TLS-RSA-WITH-AES-128-CBC-SHA256 TLS-RSA-WITH-AES-128-CBC-SHA TLS-PSK-WITH-AES-256-GCM-SHA384 TLS-PSK-WITH-AES-256-CBC-SHA384 TLS-PSK-WITH-AES-256-CBC-SHA TLS-PSK-WITH-AES-128-GCM-SHA256 TLS-PSK-WITH-AES-128-CBC-SHA256 TLS-PSK-WITH-AES-128-CBC-SHA I guess this worked on LEDE with PolarSSL with OpenVPN 2.3: #define POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED while //#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED can you tell if I ran into some corner case (the affected server was using OpenVPN 2.3.14, most probably with OpenSSL backend) or if this is a real problem? Regards, Martin
--- End Message ---
_______________________________________________ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev