[Openvpn-devel] Re: Mac OS X tap support
Hi, just to say a few words myself... It would be nice if this patch and eventually the driver could be integrated into openvpn like the win32 driver. do that if you like, therefore I put it under BSD style license. However, I wrote the driver only weeks ago (it is online since August 24th), so there may be some bugs/weaknesses. Therefore I am interested in any bugreports, suggestions and problems encountered. Mattias Nissler: Thanks for providing this driver, there was a very short timeslice, where I was thinkning to do a tap kernel extension on my own ... but luckily Daniel Lehmann has some greater ability to use google correctly ;) Well, perhaps that's not your fault, google had only two weeks until now to pick it up ;-) I was quite amazed that they are so quick. Have fun, Mattias
Re: [Openvpn-devel] Mac OS X tap support
On Sat, 11 Sep 2004, Waldemar Brodkorb wrote: > Hi, > > yesterday we found a new tun/tap kernel extension for Mac OS X > here: > http://www-user.rhrk.uni-kl.de/~nissler/tuntap/ > > After some short testing and a small patch to OpenVPN > the Mac OS X client seems to work correctly via the > TAP device. > > It would be nice if this patch and eventually > the driver could be integrated into openvpn like the > win32 driver. > > If someone is interested we also would provide a binary > package, which installs the tap/tun driver and OpenVPN on > Mac OS X. That would be great if you wanted to do it. OpenVPN on OS X really needs a maintainer. > Mattias Nissler: Thanks for providing this driver, there > was a very short timeslice, where I was thinkning to do a tap > kernel extension on my own ... but luckily Daniel Lehmann has some > greater ability to use google correctly ;) That's cool -- I didn't even know someone had written a new driver. James
Re: [Openvpn-devel] Assertion failed at crypto.c:147
I've sent a message to the poster to get more info. This assertion would happen if OpenVPN underestimated the maximum amount of cipher/HMAC overhead bytes which might be added to a packet. I've never seen it before. James On Fri, 10 Sep 2004, Alberto Gonzalez Iniesta wrote: > Hi all, > > After returning from my holidays, I found the following two [1][2] bug > reports in the Debian Bug Tracking System. I haven't had this problem > and the source code says it should never happen :) so any hints would > be appreciated. > > Thanks, > > Alberto > > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=265632 > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=270005 > > -- > Alberto Gonzalez Iniesta | BOFH excuse #178: > agi@(agi.as|debian.org)| short leg on process table > Encrypted mail preferred | > > Key fingerprint = 9782 04E7 2B75 405C F5E9 0C81 C514 AF8E 4BA4 01C3 > > > --- > This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 > Project Admins to receive an Apple iPod Mini FREE for your judgement on > who ports your project to Linux PPC the best. Sponsored by IBM. > Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php > ___ > Openvpn-devel mailing list > Openvpn-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-devel >
[Openvpn-devel] Mac OS X tap support
Hi, yesterday we found a new tun/tap kernel extension for Mac OS X here: http://www-user.rhrk.uni-kl.de/~nissler/tuntap/ After some short testing and a small patch to OpenVPN the Mac OS X client seems to work correctly via the TAP device. It would be nice if this patch and eventually the driver could be integrated into openvpn like the win32 driver. If someone is interested we also would provide a binary package, which installs the tap/tun driver and OpenVPN on Mac OS X. We have a project in our university, where we would like to use OpenVPN to secure our Wireless LAN. Mattias Nissler: Thanks for providing this driver, there was a very short timeslice, where I was thinkning to do a tap kernel extension on my own ... but luckily Daniel Lehmann has some greater ability to use google correctly ;) Thanks in advance Waldemar -- CE94 5F99 BA88 65B1 25B9 8CD1 305A FF6B F8F8 1846 gpg --keyserver x-hkp://pgp.mit.edu --recv-keys F8F81846 *** http://www.luusa.org/~wbx *** Index: INSTALL === RCS file: /cvsroot/openvpn/openvpn/INSTALL,v retrieving revision 1.37.2.2 diff -d -u -r1.37.2.2 INSTALL --- INSTALL 24 Jun 2004 03:48:27 - 1.37.2.2 +++ INSTALL 11 Sep 2004 14:25:41 - @@ -232,6 +232,9 @@ Obtain Christoph Pfisterer's TUN driver at http://chrisp.de/en/projects/tunnel.html + or + Mattias Nissler's TUN/TAP driver at + http://www-user.rhrk.uni-kl.de/~nissler/tuntap/ * Solaris9 Sparc/64 Index: tun.c === RCS file: /cvsroot/openvpn/openvpn/tun.c,v retrieving revision 1.37.2.21 diff -d -u -r1.37.2.21 tun.c --- tun.c 19 Aug 2004 03:28:11 - 1.37.2.21 +++ tun.c 11 Sep 2004 14:25:46 - @@ -682,7 +682,14 @@ tun_mtu ); else - no_tap_ifconfig (); + openvpn_snprintf (command_line, sizeof (command_line), + IFCONFIG_PATH " %s %s netmask %s mtu %d up", + actual, + ifconfig_local, + ifconfig_remote_netmask, + tun_mtu + ); + msg (M_INFO, "%s", command_line); system_check (command_line, "Mac OS X ifconfig failed", true); tt->did_ifconfig = true;
Re: [Openvpn-devel] Connect several subnets with OpenVPN2.0
Hi James, I totally overlooked this. Thank you for your help. Regards, Robin On Wed, Sep 08, 2004 at 09:16:09AM -0600, James Yonan wrote: > > > On Wed, 8 Sep 2004, Robin G. Wenninger wrote: > > > Hi list, > > > > I have a kind of "problem" here. > > > > I thought about connecting several subnets with 2.0 and for this purpose > > use the PUSH/PULL-Options. > > > > So I used options like > > push "route 10.0.0.0 255.255.255.0" > > push "route 192.168.1.0 255.255.255.0" > > > > To push all known subnets to the Clients. But the problem is, if I push > > route 10.0.0.0 255.255.255.0 to the Client which "owns" this subnet it > > overwrites the old routing entry and kicks its Subnet. > > > > My recommendation would be a kind of exception list. > > Something like > > push "route 10.0.0.0 255.255.255.0" except common-name > > > > What do you think about this, is there any other (good to administrate) > > solution? > > Interestingly enough, I think that this exception mechanism is already > built into the way that IP routing works. > > For example, suppose I push my all-inclusive /16 subnet: > > push "route 10.11.0.0 255.255.0.0" > > Now suppose a client has taken a /24 subset of this range such as > 10.11.45.0/255.255.255.0. > > The all-inclusive /16 route will match at a lower priority in the client's > routing table than the client's private /24 subnet, so both subnets can > coexist on the client. The 10.11.45.0/255.255.255.0 subnet will match on > any of the client's local traffic, while packets directed to 10.11.x.y > will get routed back to the server when x is not equal to 45.
Re: [Openvpn-devel] CVS repository for version 2 - but where?
On Fri, 10 Sep 2004, Thomas Glanzmann wrote: > I am unable to find the CVS repository to the upcomming 2.0 version. Thomas, the CVS respository is the same as for version 1, but you'll need to check out the BETA20 branch, i. e. run: "cvs update -rBETA20" (or pass -rBETA20 to cvs checkout). HTH, -- Matthias Andree Encrypted mail welcome: my GnuPG key ID is 0x052E7D95 (PGP/MIME preferred)
