nd via
StartAllTAPAdpaters(), which does some NDIS ioctls to cause the driver
to be loaded.
-dave
-Original Message-
From: jonathan openvpn [mailto:jonathan.open...@gmail.com]
Sent: Monday, June 08, 2009 11:38 AM
To: openvpn-devel@lists.sourceforge.net
Subject: [Openvpn-devel] Cannot find
erver, within the subnet defined in the 'server' directive.
-dave
hly tested, and the choice was made to not release it
without such testing.
I'm curious as to why you want this support specifically, since these
modes aren't really faster than CBC. Are you concerned about the
padding?
-dave
nd enable those ciphers.
Barring admission of the enablement into the official code base, would
it be a bad idea for you to build your version with the support of the
stream versions and use that? Provided that you tests ran fine?
-dave
Gotcha. Also minor bug: the buld number shows as rc16b instead of rc17
> -Original Message-
> From: Alon Bar-Lev [mailto:alon.bar...@gmail.com]
...
>
> True.
>
> Well, this is the original patch I sent [1]
>
> [1]
> http://www.opensc-project.org/build/browser/trunk/patches/open
> vp
This change seems incomplete, and it does not build on Windows on
non-MINGW32. It seems simple enough, the conditional compilation
doesn't define
OpenVPNCryptAcquireCertificatePrivateKey
For non-MINGW32
Attached is a patch to add that definition for non-MINGW32
-dave
> -
lto:jonathan.open...@gmail.com]
Sent: Thursday, May 28, 2009 9:30 AM
To: dave
Cc: openvpn-devel@lists.sourceforge.net
Subject: Re: [Openvpn-devel] CE port needed DLLs
Hi Dave.
This morning I've been able to solve the error and began to debug the
application. There were two reasons for my
7; then you should be better off.
Again, if you want to send me your compiled binary, I can inspect it
more closely if that is useful.
-Dave
-Original Message-
From: jonathan openvpn [mailto:jonathan.open...@gmail.com]
Sent: Thursday, May 28, 2009 1:56 AM
To: dave
Cc: openvpn-devel@lis
t is fairly standard.
Before doing surgery, you may wish to re-check your assumptions. Also,
if you wish to zip up your problem binaries and send them to me
directly, I will do a quick inspection for you.
-dave
-Original Message-
From: jonathan openvpn [mailto:jonathan.open...@gmail.com]
auth-user-pass-verify.
-dave
-Original Message-
From: Oana Comanici [mailto:oana.coman...@yahoo.com]
Sent: Sunday, April 12, 2009 6:10 PM
To: openvpn-devel@lists.sourceforge.net
Subject: [Openvpn-devel] Generating certificate/key pair locally on
clientmachine
Hello,
My name is Oana Com
p MinGW to build on Linux, though I haven't.
Agreed on the binary tarball, but brace yourself: the source tarball is
not always up-to-date to the current version either. I've experienced
that many times when building for OpenWRT. If you really want the
current source or for a specific version you may have to pull from
repository.
-Dave
irectory.
I now have a MingW environment working, so I don't do that anymore (and
so I can patch if I want), but it worked in a pinch and may allow you to
get on with the business of focusing on creating your installer for now,
then one day you can return to the MingW if you want to.
-Dave
tation and are effectively
synchronous, but reads are not).
Other than that, it is fairly straightforward: open the device, configure
the device-specific parameters, and read/write packets to it to your heart's
content.
-Dave
have to rescind my Verisign hypothesis as well. I maintain my other
statements, however.
Installing the Microsoft CA is not really an option in my case. And really,
the whole CRL distribution via the CDP is not either, but rather I was
hoping that OCSP would provide the validation.
-Dave
ssued from third level, as there is no actual
> need to find the root.
...
Sounds plausible, though as mentioned, the end cert CDP did nothing in the
testing that I performed. Only the CDP on the root had an effect on whether
the CRL was fetched.
-Dave
be valid with respect to the newly created (and modified) CA cert.
-Dave
> -Original Message-
> From: Dave [mailto:d...@ziggurat29.com]
> Sent: Saturday, October 18, 2008 6:08 PM
> To: 'Alon Bar-Lev'
> Cc: 'openvpn devel'
> Subject: Re: [Openvpn-deve
the other hand, you need the VMWare license to
create a new VM (though you can run an existing created VM for free, though,
with player).
> -Original Message-
> From: Alon Bar-Lev [mailto:alon.bar...@gmail.com]
> Sent: Saturday, October 18, 2008 4:48 PM
> To: Dave
> Cc: op
r Windows build/test environment. This is what I do for my
five-or-so different build environments.
-Dave
> -Original Message-
> From: Alon Bar-Lev [mailto:alon.bar...@gmail.com]
> Sent: Saturday, October 18, 2008 4:19 PM
> To: Dave
> Cc: openvpn devel
> Subject: Re:
OCSP/CRL checking....
-Dave
> -Original Message-
> From: Alon Bar-Lev [mailto:alon.bar...@gmail.com]
> Sent: Saturday, October 18, 2008 3:29 PM
> To: Dave
> Cc: openvpn devel
> Subject: Re: [Openvpn-devel] [MSCAPI] Need testers
>
>
> Oh!
> Thanks
> I
e the source if there was debug info.
Invariably something about my config triggers some boundary case.
When testing only with cryptoapicert, the failure occurs also, and is logged
as having had happened at the same location.
-Dave
> -Original Message-
> From: Alon Bar-Lev [mail
Such, I suppose, are the mysteries of capi.
It would be great if the 'CRL distribution point' and 'Authority Info
Access' 'OCSP' certificate extensions were used, but that's another
projectlette in itself, no?
-Dave
> -Original Message-
>
uld do it now but what are the test cases we are
> going to run? This is for the cryptoapicert feature? -Dave
>
OK, I'm not getting it. Educate me. I am using an existing and functional
server, and removed all the ca cert and key options in my config and
replaced them with:
cryptoap
> No change in functionality should be visible, but I guess
> first few versions will not work correctly.
...
Sure, I could do it now but what are the test cases we are going to run?
This is for the cryptoapicert feature?
-Dave
anting to truly unload for some technical reason, or just like to be
tidy like that. The OS will happily 'unload' it upon process shutdown.
I can't comment on 'code cleanup' because that is subjective.
-Dave
..
> Hi,
>
> When makins some inconsistency mistake with "--fragment"
> settings, I get an error message like:
>
> WARNING: 'mtu-dynamic' is present in local config but missing
> in remote config, local='mtu-dynamic'
>
> I guess this message has to be updates, as "--fragment" is
> meant to re
ty standpoint, that's probably a
good thing Anyway, wish there was at least an option to have a local
crl file fallback.
-Dave
> Behalf Of Alon Bar-Lev
> On Jan 27, 2008 7:04 PM, Dave wrote:
>
> > Can you explain the new options, or point me to where they are
> > explained so I can reconfigure?
>
> There is a single ID now for PKCS#11 certificate, sync to all
> projects OpenVPN, Open
I would, but I cannot figure out how to map the old options to the current
options. Previously, I used:
#basic token selection
pkcs11-providers bt_csp11.dll
pkcs11-slot-type "label"
pkcs11-slot "DavidLemley"
pkcs11-sign-mode sign
#select token keyset
pkcs11-id-type label
pkcs11-id "david_lemle
ation here:
>
> http://www.block64.net
>
...
Cool, I like it; if anyone is using OpenWRT and wants to try it out I made
an ipkg file with this patch applied at:
http://ovpnppc.ziggurat29.com/files/openvpn_2.1_rc4-1_mipsel.ipk
Now I have to find an ocsp daemon
-Dave
efs.h will be in it (along with some other stuff).
-Dave
doh!
Thanks
On 19-Apr-07, at 11:46 AM, Brane F. Gračnar wrote:
On Thursday 19. April 2007 14:51, Dave Cramer wrote:
The only way I can get learn-address script to work is by running
openvpn as root
Ideally I'd like to create an openvpn user, and chroot to /
openvpnprivate/
then run
rror , or a bug ?
Dave
Folks;
It's not documented as such explicitly, but I'm assuming it's true that
client-to-client is not needed when the 'subnet topology' option is used.
True? Am I missing a subtlety?
-Dave
...
> The bug, however, is that if an option takes parameters
> beyond the file name, as secret and tls-auth do, there is not
> a mechanism (at least not that one I can find in the code) to
...
OK, just in case anyone's curious about this stuff, for those two options
you can effectively do the sa
come
through. So at present 'secret' and 'tls-auth' only work if you did not
originally have a direction parameter. The other options I have all
tested and they do work.
-Dave
smime.p7s
Description: S/MIME cryptographic signature
etwork stack via the calls NdisMEthIndicateReceive() and
NdisMEthIndicateReceiveComplete().
The TAP device is sort of two devices in one: An NDIS miniport, and also
a typical custom device that you can open and do ReadFile() and
WriteFile() with. The network stack uses the former interface, and
openvpn.
nSSL? I was under the impression OpenVPN supported everything
available in the OpenSSL libraries. If anyone has already got this
working or has any answers, that would be most appreciated!
Regards,
Dave Shaw
---
Kaleidovision
The Dovecote
Brickendon
in native SDK form. These are supported on smartphone (the
current one is in MFC which is not supported on smartphone).
Lastly, all this is based upon my current understanding without having run
any code, so I could easily be wrong or be missing other additional
issues.
-Dave
-Original Me
It's fairly different in a couple areas:
* The installer needs to be marked in some way as supporting smartphone.
This is the problem you are having now.
* Smartphone devices don't have all the runtime functionality the
PocketPC devices do. Even if you manually installed it you would still
have
> -Original Message-
> From: Mathias Sundman [mailto:math...@openvpn.se]
...
>> When pushing an IP to an OpenVPN client and using the DHCP feature in
>> the TAP-Win32 driver to have it assigned to the windows client, I
>> believe OpenVPN or the TAP-Win32 driver is blocking the DHCP requ
That's wild, and I haven't seen that behaviour with my bridging setup. I
do use bridging and do have a DHCP server inside the LAN. I'll study the
code to see if I introduced a bug though causing the DHCP packet to get
forwarded even when it is processed. It's possible, and your workaround
with t
especially for the
feedback on problems/suggestions.
-Dave
>-Original Message-
>From: openvpn-devel-ad...@lists.sourceforge.net
[mailto:openvpn-devel-ad...@lists.sourceforge.net] On Behalf Of Iftikhar
Qureshi
>Sent: Monday, March 27, 2006 10:57 AM
>To: Dave
>Cc: openvpn-devel@lists.sourceforge.net
>Subject: RE: [Openvpn-devel] Op
> -Original Message-
> From: James Yonan [mailto:j...@yonan.net]
> Sent: Monday, March 27, 2006 4:57 PM
> To: Dave
> Subject: Re: [Openvpn-devel] OpenVPN for PocketPC
(...)
> >
> Are you using OpenVPN 2.0 or 2.1 (better to use 2.1 in this regard).
>
>
for CE. Now, the stuff
like ping, route, ipconfig, etc., do exist. They don't ship with PPC
because it doesn't have a console out-of-box anyway. They are findable on
the internet and I have a set which I am using now. Actually I think
Microsoft releases the source available -- they
rt"
cert "\\ipaq4150.crt"
key "\\ipaq4150.key"
comp-lzo
verb 5
#end
though don't take this as a reccomendation, just as a reference point as to
where I am now.
FWIW: you may wish to download nettools_arm_setup.exe from somewhere which
will give you the usual ne
> -Original Message-
> From: James Yonan [mailto:j...@yonan.net]
> Sent: Sunday, March 26, 2006 3:02 PM
> To: Dave
> Cc: 'Iftikhar Qureshi'; openvpn-devel@lists.sourceforge.net
> Subject: Re: [Openvpn-devel] OpenVPN for PocketPC
>
>
> >
&
-Original Message-
From: openvpn-devel-ad...@lists.sourceforge.net
[mailto:openvpn-devel-ad...@lists.sourceforge.net] On Behalf Of Iftikhar
Qureshi
Sent: Friday, March 24, 2006 2:42 PM
To: openvpn-devel@lists.sourceforge.net
Subject: [Openvpn-devel] PocketPC - Compile Error
Dave:
I tried
what hoisted it into that project. Parts of the
platform builder are needed for the TAP driver, but it shouldn't be needed
at all for any of the user-mode parts. I'll try and see if I can find where
the dependency came in, and how to remove it.
-Dave
> -Original Message-
> From: openvpn-devel-ad...@lists.sourceforge.net
> [mailto:openvpn-devel-ad...@lists.sourceforge.net] On Behalf Of Dave
> Sent: Wednesday, March 22, 2006 8:30 AM
> To: 'Iftikhar Qureshi'; openvpn-devel@lists.sourceforge.net
> Subject: RE:
me know. It fails in interesting ways. First, when loading the
driver it fails and returns 'parameter error'. However, it did really load
the driver and the driver is running happily. Second, when unloading the
driver, it returns 'success', however it really did _not_ unload the driver
and you will still have to soft-reset (after removing the registry keys) to
truly unload it. Odd! I notice the reference counts did not drop
appropriately in that second scenario.
-Dave
on relative to my projects that gets picked up via
settings in the eVC project
I have marked all the spots I have hacked-on with the comment //HHH for ease
of searching. You're free of course also to use diff.
Talk to you later; you're help will be greatly appreciated!
-Dave
---
>-Original Message-
>From: openvpn-devel-ad...@lists.sourceforge.net
[mailto:openvpn-devel-ad...@lists.sourceforge.net] On Behalf Of Iftikhar
Qureshi
>Sent: Friday, March 17, 2006 3:41 PM
>To: Dave; openvpn-devel@lists.sourceforge.net
>Subject: RE: [Openvpn-devel] OpenV
een printing options --version and --help and a sanity
checkpoint.
Next steps:
* test the portability functions I implemented in wince_portstuff.c to make
sure they really work.
* study tun.c and figure out what has to be reworked there.
* finish the 'deferred' activites in the TAP driver.
* test fix test
Later:
* clean code for submission and regress
* maybe alternative gui ui
And that's it for now. Apologies for the length. Actually it was helpful
to me to write it down as a log.
-Dave
54 matches
Mail list logo