Re: [Openvpn-devel] [Openvpn-users] why doesn't openvpn negotiate settings?

Gert Doering wrote: Hi, On Tue, Jul 30, 2013 at 04:57:31PM +0200, Ralf Hildebrandt wrote: I was wondering about this as well. This makes it extremely hard to every change the cipher (i.e. if it's not considered "safe" anymore) It needs to be implemented, tested, etc. - and I'm not sur

Re: [Openvpn-devel] [Openvpn-users] why doesn't openvpn negotiate settings?

Hi, On Thu, Aug 01, 2013 at 12:02:55PM +0200, Jan Just Keijser wrote: > It should be possible to add negotiation without completely breaking > backwards compatibility; right now, when a server pushes an option to > the client that is unrecognized the client will print a warning but it > will no

Re: [Openvpn-devel] [Openvpn-users] why doesn't openvpn negotiate settings?

Hi Gert, Gert Doering wrote: Hi, On Thu, Aug 01, 2013 at 12:02:55PM +0200, Jan Just Keijser wrote: It should be possible to add negotiation without completely breaking backwards compatibility; right now, when a server pushes an option to the client that is unrecognized the client will prin

Re: [Openvpn-devel] [Openvpn-users] why doesn't openvpn negotiate settings?

We've recently merged some patches allowing OpenVPN to negotiate certain settings (such as compression), but unfortunately at this time neither cipher nor auth directives can be negotiated in the 2.x branch. The 3.0 branch has fixed this somewhat by having the client support cipher and auth di

Re: [Openvpn-devel] [Openvpn-users] why doesn't openvpn negotiate settings?

On 8/4/2013 2:47 PM, James Yonan wrote: > However, to make cipher/auth negotiation really work, there are a few > more things that are needed. For one, the client would need to push a > list of supported cipher/auth methods, so the server can choose a > mutually supported combination. Another

Re: [Openvpn-devel] [Openvpn-users] why doesn't openvpn negotiate settings?

On 05/08/13 19:52, dan farmer wrote: > > To start with - I really, really appreciate the work that's gone into the > program. > I've released stuff myself, and it's not an easy process, especially for > something > as complex and with so much functionality as openvpn. I get that. > > But from

Re: [Openvpn-devel] [Openvpn-users] why doesn't openvpn negotiate settings?

Hi David, nice answer, David, and thanks for promoting the book ;) Your basic points are correct , of course: - networking is hard - security is hard Configuring openvpn can be daunting at first, but it is not nearly as bad as configuring PPTP , or - GASP! - IPSec+L2TP. Documentation can help

Re: [Openvpn-devel] [Openvpn-users] why doesn't openvpn negotiate settings?

Hi, I'm a bit late to that, but had always planned to respond to this... On Mon, Aug 05, 2013 at 10:52:54AM -0700, dan farmer wrote: > But from a user's perspective - anything that can make the horror known as > openvpn configuration easier would improve openvpn's adoption considerably. The iss

Re: [Openvpn-devel] [Openvpn-users] why doesn't openvpn negotiate settings?

Hi, On Tue, Aug 06, 2013 at 12:10:37PM +0200, Jan Just Keijser wrote: > Configuring openvpn can be daunting at first, but it is not nearly as > bad as configuring PPTP , or - GASP! - IPSec+L2TP. PPTP is actually way easier than OpenVPN :-) - why? Because you have much less choices regarding IP

Re: [Openvpn-devel] [Openvpn-users] why doesn't openvpn negotiate settings?

Hi, On Tue, Aug 06, 2013 at 10:08:03AM -0500, Les Mikesell wrote: > On Tue, Aug 6, 2013 at 4:52 AM, David Sommerseth > wrote: > > > > * Learn about TCP/IP networking, read especially chapter 3.1 in this > > book: . I'll > > repeat: You MUST