Re: [Openvpn-devel] Cannot find TAP adapter

nd via StartAllTAPAdpaters(), which does some NDIS ioctls to cause the driver to be loaded. -dave -Original Message- From: jonathan openvpn [mailto:jonathan.open...@gmail.com] Sent: Monday, June 08, 2009 11:38 AM To: openvpn-devel@lists.sourceforge.net Subject: [Openvpn-devel] Cannot find

Re: [Openvpn-devel] How to route without splitting the network into a/30?

erver, within the subnet defined in the 'server' directive. -dave

Re: [Openvpn-devel] Unable to use -OFB or -CFB ciphers in OpenVPN

hly tested, and the choice was made to not release it without such testing. I'm curious as to why you want this support specifically, since these modes aren't really faster than CBC. Are you concerned about the padding? -dave

Re: [Openvpn-devel] Unable to use -OFB or -CFB ciphers in OpenVPN

nd enable those ciphers. Barring admission of the enablement into the official code base, would it be a bad idea for you to build your version with the support of the stream versions and use that? Provided that you tests ran fine? -dave

Re: [Openvpn-devel] Reporting issue with v2.1 rc16and--cryptoapicert

Gotcha. Also minor bug: the buld number shows as rc16b instead of rc17 > -Original Message- > From: Alon Bar-Lev [mailto:alon.bar...@gmail.com] ... > > True. > > Well, this is the original patch I sent [1] > > [1] > http://www.opensc-project.org/build/browser/trunk/patches/open > vp

Re: [Openvpn-devel] Reporting issue with v2.1 rc16 and--cryptoapicert

This change seems incomplete, and it does not build on Windows on non-MINGW32. It seems simple enough, the conditional compilation doesn't define OpenVPNCryptAcquireCertificatePrivateKey For non-MINGW32 Attached is a patch to add that definition for non-MINGW32 -dave > -

Re: [Openvpn-devel] CE port needed DLLs

lto:jonathan.open...@gmail.com] Sent: Thursday, May 28, 2009 9:30 AM To: dave Cc: openvpn-devel@lists.sourceforge.net Subject: Re: [Openvpn-devel] CE port needed DLLs Hi Dave. This morning I've been able to solve the error and began to debug the application. There were two reasons for my

Re: [Openvpn-devel] CE port needed DLLs

7; then you should be better off. Again, if you want to send me your compiled binary, I can inspect it more closely if that is useful. -Dave -Original Message- From: jonathan openvpn [mailto:jonathan.open...@gmail.com] Sent: Thursday, May 28, 2009 1:56 AM To: dave Cc: openvpn-devel@lis

Re: [Openvpn-devel] CE port needed DLLs

t is fairly standard. Before doing surgery, you may wish to re-check your assumptions. Also, if you wish to zip up your problem binaries and send them to me directly, I will do a quick inspection for you. -dave -Original Message- From: jonathan openvpn [mailto:jonathan.open...@gmail.com]

Re: [Openvpn-devel] Generating certificate/key pair locally on clientmachine

auth-user-pass-verify. -dave -Original Message- From: Oana Comanici [mailto:oana.coman...@yahoo.com] Sent: Sunday, April 12, 2009 6:10 PM To: openvpn-devel@lists.sourceforge.net Subject: [Openvpn-devel] Generating certificate/key pair locally on clientmachine Hello, My name is Oana Com

Re: [Openvpn-devel] Unpackged Windows binaries? -- Problems building 2.1 rc15 on Windows XP

p MinGW to build on Linux, though I haven't. Agreed on the binary tarball, but brace yourself: the source tarball is not always up-to-date to the current version either. I've experienced that many times when building for OpenWRT. If you really want the current source or for a specific version you may have to pull from repository. -Dave

Re: [Openvpn-devel] Unpackged Windows binaries? -- Problems building 2.1 rc15 on Windows XP

irectory. I now have a MingW environment working, so I don't do that anymore (and so I can patch if I want), but it worked in a pinch and may allow you to get on with the business of focusing on creating your installer for now, then one day you can return to the MingW if you want to. -Dave

Re: [Openvpn-devel] TUN/TAP Windows

tation and are effectively synchronous, but reads are not). Other than that, it is fairly straightforward: open the device, configure the device-specific parameters, and read/write packets to it to your heart's content. -Dave

Re: [Openvpn-devel] [MSCAPI] Need testers

have to rescind my Verisign hypothesis as well. I maintain my other statements, however. Installing the Microsoft CA is not really an option in my case. And really, the whole CRL distribution via the CDP is not either, but rather I was hoping that OCSP would provide the validation. -Dave

Re: [Openvpn-devel] [MSCAPI] Need testers

ssued from third level, as there is no actual > need to find the root. ... Sounds plausible, though as mentioned, the end cert CDP did nothing in the testing that I performed. Only the CDP on the root had an effect on whether the CRL was fetched. -Dave

Re: [Openvpn-devel] [MSCAPI] Need testers

be valid with respect to the newly created (and modified) CA cert. -Dave > -Original Message- > From: Dave [mailto:d...@ziggurat29.com] > Sent: Saturday, October 18, 2008 6:08 PM > To: 'Alon Bar-Lev' > Cc: 'openvpn devel' > Subject: Re: [Openvpn-deve

Re: [Openvpn-devel] [MSCAPI] Need testers

the other hand, you need the VMWare license to create a new VM (though you can run an existing created VM for free, though, with player). > -Original Message- > From: Alon Bar-Lev [mailto:alon.bar...@gmail.com] > Sent: Saturday, October 18, 2008 4:48 PM > To: Dave > Cc: op

Re: [Openvpn-devel] [MSCAPI] Need testers

r Windows build/test environment. This is what I do for my five-or-so different build environments. -Dave > -Original Message- > From: Alon Bar-Lev [mailto:alon.bar...@gmail.com] > Sent: Saturday, October 18, 2008 4:19 PM > To: Dave > Cc: openvpn devel > Subject: Re:

Re: [Openvpn-devel] [MSCAPI] Need testers

OCSP/CRL checking.... -Dave > -Original Message- > From: Alon Bar-Lev [mailto:alon.bar...@gmail.com] > Sent: Saturday, October 18, 2008 3:29 PM > To: Dave > Cc: openvpn devel > Subject: Re: [Openvpn-devel] [MSCAPI] Need testers > > > Oh! > Thanks > I

Re: [Openvpn-devel] [MSCAPI] Need testers

e the source if there was debug info. Invariably something about my config triggers some boundary case. When testing only with cryptoapicert, the failure occurs also, and is logged as having had happened at the same location. -Dave > -Original Message- > From: Alon Bar-Lev [mail

Re: [Openvpn-devel] [MSCAPI] Need testers

Such, I suppose, are the mysteries of capi. It would be great if the 'CRL distribution point' and 'Authority Info Access' 'OCSP' certificate extensions were used, but that's another projectlette in itself, no? -Dave > -Original Message- >

Re: [Openvpn-devel] [MSCAPI] Need testers

uld do it now but what are the test cases we are > going to run? This is for the cryptoapicert feature? -Dave > OK, I'm not getting it. Educate me. I am using an existing and functional server, and removed all the ca cert and key options in my config and replaced them with: cryptoap

Re: [Openvpn-devel] [MSCAPI] Need testers

> No change in functionality should be visible, but I guess > first few versions will not work correctly. ... Sure, I could do it now but what are the test cases we are going to run? This is for the cryptoapicert feature? -Dave

Re: [Openvpn-devel] [PATCH v4] Use CryptoAPI CA store (was Re:[PATCH v3] Use CryptoAPI CA store)

anting to truly unload for some technical reason, or just like to be tidy like that. The OS will happily 'unload' it upon process shutdown. I can't comment on 'code cleanup' because that is subjective. -Dave

Re: [Openvpn-devel] Confusing "mtu-dynamic" warnings

.. > Hi, > > When makins some inconsistency mistake with "--fragment" > settings, I get an error message like: > > WARNING: 'mtu-dynamic' is present in local config but missing > in remote config, local='mtu-dynamic' > > I guess this message has to be updates, as "--fragment" is > meant to re

Re: [Openvpn-devel] Merge status of OCSP support?

ty standpoint, that's probably a good thing Anyway, wish there was at least an option to have a local crl file fallback. -Dave

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.1-rc5 released

> Behalf Of Alon Bar-Lev > On Jan 27, 2008 7:04 PM, Dave wrote: > > > Can you explain the new options, or point me to where they are > > explained so I can reconfigure? > > There is a single ID now for PKCS#11 certificate, sync to all > projects OpenVPN, Open

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.1-rc5 released

I would, but I cannot figure out how to map the old options to the current options. Previously, I used: #basic token selection pkcs11-providers bt_csp11.dll pkcs11-slot-type "label" pkcs11-slot "DavidLemley" pkcs11-sign-mode sign #select token keyset pkcs11-id-type label pkcs11-id "david_lemle

Re: [Openvpn-devel] |PATCH] OpenVPN / OCSP

ation here: > > http://www.block64.net > ... Cool, I like it; if anyone is using OpenWRT and wants to try it out I made an ipkg file with this patch applied at: http://ovpnppc.ziggurat29.com/files/openvpn_2.1_rc4-1_mipsel.ipk Now I have to find an ocsp daemon -Dave

Re: [Openvpn-devel] Building new TAP driver (tap0901) on windows

efs.h will be in it (along with some other stuff). -Dave

Re: [Openvpn-devel] learn address problems with chroot, or userid

doh! Thanks On 19-Apr-07, at 11:46 AM, Brane F. Gračnar wrote: On Thursday 19. April 2007 14:51, Dave Cramer wrote: The only way I can get learn-address script to work is by running openvpn as root Ideally I'd like to create an openvpn user, and chroot to / openvpnprivate/ then run

[Openvpn-devel] learn address problems with chroot, or userid

rror , or a bug ? Dave

[Openvpn-devel] Does 'topology subnet' obviate 'client-to-client'?

Folks; It's not documented as such explicitly, but I'm assuming it's true that client-to-client is not needed when the 'subnet topology' option is used. True? Am I missing a subtlety? -Dave

Re: [Openvpn-devel] [Openvpn-users] Inline option in 2.1 beta; how to do it?

... > The bug, however, is that if an option takes parameters > beyond the file name, as secret and tls-auth do, there is not > a mechanism (at least not that one I can find in the code) to ... OK, just in case anyone's curious about this stuff, for those two options you can effectively do the sa

Re: [Openvpn-devel] [Openvpn-users] Inline option in 2.1 beta; how to do it?

come through. So at present 'secret' and 'tls-auth' only work if you did not originally have a direction parameter. The other options I have all tested and they do work. -Dave smime.p7s Description: S/MIME cryptographic signature

Re: [Openvpn-devel] hello, everyone.i have a question about tap-win32 driver, thinks

etwork stack via the calls NdisMEthIndicateReceive() and NdisMEthIndicateReceiveComplete(). The TAP device is sort of two devices in one: An NDIS miniport, and also a typical custom device that you can open and do ReadFile() and WriteFile() with. The network stack uses the former interface, and openvpn.

[Openvpn-devel] OpenVPN using ECDSA & ECDH

nSSL? I was under the impression OpenVPN supported everything available in the OpenSSL libraries. If anyone has already got this working or has any answers, that would be most appreciated! Regards, Dave Shaw --- Kaleidovision The Dovecote Brickendon

Re: [Openvpn-devel] i-mate SP5 & OpenVPN

in native SDK form. These are supported on smartphone (the current one is in MFC which is not supported on smartphone). Lastly, all this is based upon my current understanding without having run any code, so I could easily be wrong or be missing other additional issues. -Dave -Original Me

Re: [Openvpn-devel] i-mate SP5 & OpenVPN

It's fairly different in a couple areas: * The installer needs to be marked in some way as supporting smartphone. This is the problem you are having now. * Smartphone devices don't have all the runtime functionality the PocketPC devices do. Even if you manually installed it you would still have

Re: [Openvpn-devel] DHCP on PocketPC port

> -Original Message- > From: Mathias Sundman [mailto:math...@openvpn.se] ... >> When pushing an IP to an OpenVPN client and using the DHCP feature in >> the TAP-Win32 driver to have it assigned to the windows client, I >> believe OpenVPN or the TAP-Win32 driver is blocking the DHCP requ

Re: [Openvpn-devel] DHCP on PocketPC port

That's wild, and I haven't seen that behaviour with my bridging setup. I do use bridging and do have a DHCP server inside the LAN. I'll study the code to see if I introduced a bug though causing the DHCP packet to get forwarded even when it is processed. It's possible, and your workaround with t

RE: [Openvpn-devel] Any news about WinCE porting?

especially for the feedback on problems/suggestions. -Dave

RE: [Openvpn-devel] OpenVPN for PocketPC

>-Original Message- >From: openvpn-devel-ad...@lists.sourceforge.net [mailto:openvpn-devel-ad...@lists.sourceforge.net] On Behalf Of Iftikhar Qureshi >Sent: Monday, March 27, 2006 10:57 AM >To: Dave >Cc: openvpn-devel@lists.sourceforge.net >Subject: RE: [Openvpn-devel] Op

RE: [Openvpn-devel] OpenVPN for PocketPC

> -Original Message- > From: James Yonan [mailto:j...@yonan.net] > Sent: Monday, March 27, 2006 4:57 PM > To: Dave > Subject: Re: [Openvpn-devel] OpenVPN for PocketPC (...) > > > Are you using OpenVPN 2.0 or 2.1 (better to use 2.1 in this regard). > >

RE: [Openvpn-devel] OpenVPN for PocketPC

for CE. Now, the stuff like ping, route, ipconfig, etc., do exist. They don't ship with PPC because it doesn't have a console out-of-box anyway. They are findable on the internet and I have a set which I am using now. Actually I think Microsoft releases the source available -- they

RE: [Openvpn-devel] OpenVPN for PocketPC

rt" cert "\\ipaq4150.crt" key "\\ipaq4150.key" comp-lzo verb 5 #end though don't take this as a reccomendation, just as a reference point as to where I am now. FWIW: you may wish to download nettools_arm_setup.exe from somewhere which will give you the usual ne

RE: [Openvpn-devel] OpenVPN for PocketPC

> -Original Message- > From: James Yonan [mailto:j...@yonan.net] > Sent: Sunday, March 26, 2006 3:02 PM > To: Dave > Cc: 'Iftikhar Qureshi'; openvpn-devel@lists.sourceforge.net > Subject: Re: [Openvpn-devel] OpenVPN for PocketPC > > > > &

RE: [Openvpn-devel] PocketPC - Compile Error

-Original Message- From: openvpn-devel-ad...@lists.sourceforge.net [mailto:openvpn-devel-ad...@lists.sourceforge.net] On Behalf Of Iftikhar Qureshi Sent: Friday, March 24, 2006 2:42 PM To: openvpn-devel@lists.sourceforge.net Subject: [Openvpn-devel] PocketPC - Compile Error Dave: I tried

RE: [Openvpn-devel] PocketPC - Compile Error

what hoisted it into that project. Parts of the platform builder are needed for the TAP driver, but it shouldn't be needed at all for any of the user-mode parts. I'll try and see if I can find where the dependency came in, and how to remove it. -Dave

RE: [Openvpn-devel] OpenVPN for PocketPC

> -Original Message- > From: openvpn-devel-ad...@lists.sourceforge.net > [mailto:openvpn-devel-ad...@lists.sourceforge.net] On Behalf Of Dave > Sent: Wednesday, March 22, 2006 8:30 AM > To: 'Iftikhar Qureshi'; openvpn-devel@lists.sourceforge.net > Subject: RE:

RE: [Openvpn-devel] OpenVPN for PocketPC

me know. It fails in interesting ways. First, when loading the driver it fails and returns 'parameter error'. However, it did really load the driver and the driver is running happily. Second, when unloading the driver, it returns 'success', however it really did _not_ unload the driver and you will still have to soft-reset (after removing the registry keys) to truly unload it. Odd! I notice the reference counts did not drop appropriately in that second scenario. -Dave

RE: [Openvpn-devel] OpenVPN for PocketPC

on relative to my projects that gets picked up via settings in the eVC project I have marked all the spots I have hacked-on with the comment //HHH for ease of searching. You're free of course also to use diff. Talk to you later; you're help will be greatly appreciated! -Dave ---

RE: [Openvpn-devel] OpenVPN for PocketPC

>-Original Message- >From: openvpn-devel-ad...@lists.sourceforge.net [mailto:openvpn-devel-ad...@lists.sourceforge.net] On Behalf Of Iftikhar Qureshi >Sent: Friday, March 17, 2006 3:41 PM >To: Dave; openvpn-devel@lists.sourceforge.net >Subject: RE: [Openvpn-devel] OpenV

RE: [Openvpn-devel] OpenVPN for PocketPC

een printing options --version and --help and a sanity checkpoint. Next steps: * test the portability functions I implemented in wince_portstuff.c to make sure they really work. * study tun.c and figure out what has to be reworked there. * finish the 'deferred' activites in the TAP driver. * test fix test Later: * clean code for submission and regress * maybe alternative gui ui And that's it for now. Apologies for the length. Actually it was helpful to me to write it down as a log. -Dave