ocserv - BanIP and client's behind a NAT

2020-03-03 Thread Alan Jowett
OpenConnect folks, I am evaluating DoS protections for a instances of ocserv. I see there is an option to configure BanIP, but I am curious about what experience folks have had using this when clients are behind a NAT. Scenario: Company has employees that go on-site to work with customers, but

Re: Creating TAP tunnels rather than TUN

2020-03-03 Thread Daniel Lenski
On Tue, Mar 3, 2020 at 5:31 AM Scott wrote: > > Hi, > > I'm running ocserv on FreeBSD and users are currently terminated on TUN > tunnels. > > Is there any way to configure or rebuild ocserv such that it creates TAP > interfaces instead? > > My aim is to bridge these users back to a central site (

Re: Sudden seg fault on openconnect after system updates

2020-03-03 Thread David Woodhouse
On Sat, 2020-02-29 at 15:12 -0500, Randall Sindlinger wrote: > I have been happily using OpenConnect to access my VPN via a smartcard up > until this morning. I > dropped my linux laptop off with IT for some updates, and I now am suddenly > getting seg > faults. I've tried troubleshooting a few

Sudden seg fault on openconnect after system updates

2020-03-03 Thread Randall Sindlinger
Hello OpenConnect developers, My earlier message got stuck in a moderation queue, because adding the crash report put it over 40k. Below is my original message without the crash report. I'll be happy to send it separately if you think it might be useful. === I have been happily using OpenConn

Creating TAP tunnels rather than TUN

2020-03-03 Thread Scott
Hi, I'm running ocserv on FreeBSD and users are currently terminated on TUN tunnels. Is there any way to configure or rebuild ocserv such that it creates TAP interfaces instead? My aim is to bridge these users back to a central site (which is not running ocserv). Thanks, Scott ps. apologies

Re: openconnect and tpm2

2020-03-03 Thread James Bottomley
On Tue, 2020-03-03 at 13:11 +0200, David Woodhouse wrote: > On Tue, 2020-03-03 at 09:02 +0100, Grant Williamson wrote: > > In our use case. We are provided a p12 file. > > We are testing om RHEL 8. > > Where improvement could take place, my thoughts. > > > > - instructions on how to extract the pr

Re: openconnect and tpm2

2020-03-03 Thread David Woodhouse
On Tue, 2020-03-03 at 09:02 +0100, Grant Williamson wrote: > In our use case. We are provided a p12 file. > We are testing om RHEL 8. > Where improvement could take place, my thoughts. > > - instructions on how to extract the private key and the certs from > the p12(see below) I'm definitely goin

Re: openconnect and tpm2

2020-03-03 Thread Grant Williamson
In our use case. We are provided a p12 file. We are testing om RHEL 8. Where improvement could take place, my thoughts. - instructions on how to extract the private key and the certs from the p12(see below) - offer openssl_tpm2_engine ibmtss(ibmtss-devel, libibmtss0) packages in epel 8 - build the