Re: [Openvpn-devel] Windows, OpenVPN-GUI, disconnect

2010-03-18 Thread Eike Lohmann 


On win7 with baloontips disabled you can connect but can't disconnect 
via the gui.

Maybe that's your problem?

Am 18.03.2010 14:17, schrieb Gert Doering:

Hi,

On Thu, Mar 18, 2010 at 01:14:22PM +0100, Jan Just Keijser wrote:
   

took me a while to figure this one out:
the openvpn gui codes sets an 'exit event' (using a win32 API call
CreateEvent) before starting the actual openvpn process; when the user
chooses 'disconnect' this 'exit event' is triggered, which causes the
process to be terminated (using the appropriate win32 signal).
 

Huh, scary stuff.

How would that win32 signal be delivered to the openvpn.exe process?  Will
it just receive a unix-like signal "SIGTERM"?  Or does it have to poll
some sort of Windows event queue?


BTW: I just discovered that this is not limited to the openvpn.exe I
built *on* windows, but that my linux-mingw crosscompiled openvpn.exe
does this as well now, and so does the original OpenVPN-provided 2.1.1
binary(!).  "Something weird happened to this machine", and I don't
understand what it is.


   

The question now becomes: what does openvpn do when it receives a
terminate signal? actually, is there a signal being sent to the server
to say "client X is disconnecting" ?
 

Nothing whatsoever visible in the logs.  The last entry in the log (verb 5)
is after successful startup:

"Initialization Sequence Complete"

... and then when pressing, nothing whatsoever happens.

The OpenVPN connection stays alive and healthy(!), packets continue to
get forwarded, just the signal delivery fails.

(If I increase the log verbosity to "verb 9", lots of stuff is going
on, but nothing in there that gives any indication of signals being
received)

gert

Re: [Openvpn-devel] Windows, OpenVPN-GUI, disconnect

2010-03-18 Thread Gert Doering 
Hi,

On Thu, Mar 18, 2010 at 01:14:22PM +0100, Jan Just Keijser wrote:
> took me a while to figure this one out:
> the openvpn gui codes sets an 'exit event' (using a win32 API call 
> CreateEvent) before starting the actual openvpn process; when the user 
> chooses 'disconnect' this 'exit event' is triggered, which causes the 
> process to be terminated (using the appropriate win32 signal).

Huh, scary stuff.

How would that win32 signal be delivered to the openvpn.exe process?  Will
it just receive a unix-like signal "SIGTERM"?  Or does it have to poll
some sort of Windows event queue?


BTW: I just discovered that this is not limited to the openvpn.exe I 
built *on* windows, but that my linux-mingw crosscompiled openvpn.exe
does this as well now, and so does the original OpenVPN-provided 2.1.1
binary(!).  "Something weird happened to this machine", and I don't 
understand what it is.


> The question now becomes: what does openvpn do when it receives a 
> terminate signal? actually, is there a signal being sent to the server 
> to say "client X is disconnecting" ?

Nothing whatsoever visible in the logs.  The last entry in the log (verb 5)
is after successful startup:

"Initialization Sequence Complete"

... and then when pressing , nothing whatsoever happens.

The OpenVPN connection stays alive and healthy(!), packets continue to
get forwarded, just the signal delivery fails.

(If I increase the log verbosity to "verb 9", lots of stuff is going 
on, but nothing in there that gives any indication of signals being 
received)

gert
-- 
USENET is *not* the non-clickable part of WWW!
   //www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de

Re: [Openvpn-devel] Windows, OpenVPN-GUI, disconnect

2010-03-18 Thread Jan Just Keijser 

Hi Gert,

Gert Doering wrote:

Hi,

can one of you tell me what happens "under the hood" if I click the
"disconnect" button of the openvpn-gui under Windows XP?

Why am I asking?  I managed to get my windows build environment working
well enough that I can now build a complete installer package with the
IPv6 patches, and with the adapted tun/tap driver - but it breaks in
funny ways.

 - Installation works fine
 - running the openvpn-gui (precompiled) works fine
 - (client) connection to a TUN server works fine
   [initiated by pressing the "connect..." button of the GUI in the 
windowsstatus bar]

 - IPv4 and IPv6 connectivity works

 - pressing the "disconnection" button of the GUI doesn't seem to do 
   anything.  Well, the status window says "disconnecting..." and the
   button is greyed out - but no update in the log file or the status 
   window, no nothing.


I assume that "something is miscompiled" or "a newer version of mingw
has some surprising side effects" - but to know where to start looking,
it would be helpful to understand what signalling is used 


  openvpn-gui --> openvpn.exe

to signal disconnect.

(Since I didn't touch any of the signal handling stuff, I'm fairly sure
that it wasn't one of my changes, but I still want to have a working
Windows bundle to get people to test it)
  

took me a while to figure this one out:
the openvpn gui codes sets an 'exit event' (using a win32 API call 
CreateEvent) before starting the actual openvpn process; when the user 
chooses 'disconnect' this 'exit event' is triggered, which causes the 
process to be terminated (using the appropriate win32 signal).


The question now becomes: what does openvpn do when it receives a 
terminate signal? actually, is there a signal being sent to the server 
to say "client X is disconnecting" ?


cheers,

JJK

Re: [Openvpn-devel] Tomorrow's meeting (18th March)

2010-03-18 Thread JuanJo Ciarlante 
Hi,

2010/3/17 Samuli Seppänen :
>
>> On Wed, Mar 17, 2010 at 10:42:26AM +0200, Samuli Seppänen wrote:
>>
>>> Hi all,
>>>
>>> As usual, tomorrow's (18th March) meeting will be at #openvpn-discussion
>>> (irc.freenode.net) at 18:00 UTC. Preliminary meeting topics are
>>> available here:
>>>
>>> http://www.secure-computing.net/wiki/index.php/OpenVPN/IRC_meetings/Topics-2010-03-18
>>>
>>> David (dazo) won't be able to attend, unfortunately.
>>>
>>>
>>
>> Hi,
>>
>> I won't be able to attend either. I will next week, hopefully with news
>> on Debian packages build daily/weekly.
>>
> Too bad you're not able attend, Alberto. However, Jan will be present,
> so I think we're going to be focus on the two bugs/issues he has
> noticed, see "Possible bugs/issues" on this page:
>
> http://www.secure-computing.net/wiki/index.php/OpenVPN/IRC_meetings/Topics-2010-03-18

Unfortunately I can't attend either (regular meetings clash).
BTW  I've added this bug (forwarded by Alberto, tnx):
 +## [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=574164
Assertion fails in socket.c:429 in p2p mode due to Debian ipv6 patch]

Cheers,

>
> --
> Samuli Seppänen
> Community Manager
> OpenVPN Technologies, Inc
>
> irc freenode net: mattock
>
>
> --
> Download Intel Parallel Studio Eval
> Try the new software tools for yourself. Speed compiling, find bugs
> proactively, and fine-tune applications for parallel performance.
> See why Intel Parallel Studio got high marks during beta.
> http://p.sf.net/sfu/intel-sw-dev
> ___
> Openvpn-devel mailing list
> Openvpn-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openvpn-devel
>



-- 
--JuanJo ; echo j...@gomosglep.com | sed 's/[SPAM]//g'

Re: [Openvpn-devel] Bytecount Reporting

2010-03-18 Thread Eike Lohmann 


Or you can user the radiusplugin from Ralf 
(http://www.nongnu.org/radiusplugin/) use a radius server and set an 
accounting interval.


Regards, Eike



Am 17.03.2010 23:38, schrieb Davide Brini:

On Wednesday 17 March 2010, open...@rkmorris.us wrote:

   

I am trying to write an application that monitors traffic over an OpenVPN
  link - by using bytecount information from the management interface.
  However, after I telnet in, and enter "bytecount 1" (for 1 second
  updates), I find that the real-time bytecount updates are not really every
  second. They seem to be initially, but soon slow down (to an update every
  5-10 seconds).
 

Sorry for avoiding a direct answer to the question (David has already
addressed that quite well), but I just wanted to tell you that you can get
byte counts from OpenVPN's status file, ie the one you specify with "--
status". I used that in the past to monitor clients and traffic (it was
actually a Munin plugin that read the file and collected the data).
That said, it might not suit your requirements, but I thought I mentioned that
just in case.

Re: [Openvpn-devel] Bytecount Reporting

2010-03-18 Thread Davide Brini 
On Wednesday 17 March 2010, open...@rkmorris.us wrote:
> Hi Davide,
> 
> 
> 
> Yes, that makes sense - and I was going to do that originally, but I
>  figured the real-time bytecount would result in less traffic (and text
>  parsing). One question though ... you say "status file". Do you really
>  mean a file? I can execute the status command over the Management
>  Interface, but it's really a telnet type response, not in a file.

Yes, it's a real file. For example, you say

status /var/run/openvpn.status 10

and here's an example of what you get there (updated every 10 seconds, as per 
the above directive):

# cat /var/run/openvpn.status
OpenVPN CLIENT LIST
Updated,Wed Mar 17 22:56:47 2010
Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
CLIENT2,78.X.X.X:37298,742906,512337,Wed Mar 17 18:11:44 2010
DHOME,81.X.X.X:52424,3746,4900,Wed Mar 17 22:56:29 2010
ROUTING TABLE
Virtual Address,Common Name,Real Address,Last Ref
10.180.0.4,CLIENT2,78.X.X.X:37298,Wed Mar 17 18:11:45 2010
10.180.0.9,DHOME,81.X.X.X:52424,Wed Mar 17 22:56:30 2010
GLOBAL STATS
Max bcast/mcast queue length,0
END

Easily parsable with sed/awk/perl/whatever you like.
You can even choose among three different formats (all easily parsable) by 
using the "--status-version [n]" option (the above is format 1). See the man 
for the details.

-- 
D.