On Wed, Mar 30, 2016 at 11:09 PM, Piotr Dobrogost wrote:
>
> Your script does indeed work which left me wondering what's going on
> in systemd that this environment is different...
What's interesting the script works even when
OPENSSL_ENABLE_MD5_VERIFY envvar is not being set in it. So the change
On Wed, Mar 30, 2016 at 8:42 PM, Jan Just Keijser wrote:
> On 30/03/16 18:06, Piotr Dobrogost wrote:
>> How is this different to setting this variable by using below
>> configuration file?
>>
> it's not, really, but I just want to rule out that systemd is not screwing
> things up somewhere between
On Wed Mar 30 20:36:14 2016, Joe Patterson wrote:
> I'm currently doing this in a hackish sort of way byt having a
> client-connect script that includes vtysh commands to inject routes into a
> quagga ospf process.
Why are you using OSPF if you add the routes by hand on the router?
I’m also runnin
The other ideal solution (IMHO), would be to have openvpn support an
internal routing protocol like ospf. That way you could have tons of
daemon processes (which would also effectively give you multi-processor
support, sort of), and a routing daemon on the host box aggregating all of
those routes
Hi,
On Tue, Mar 29, 2016 at 09:20:06AM +0200, Marc Haber wrote:
> However, the OpenVPN server does not seem to be able to listen on both
> UDP and TCP, and I need to run a second OpenVPN server to listen on
> TCP. This makes it impossible to assign the client that is now
> connected to the fallbac
On Wed, Mar 30, 2016 at 12:06 PM, Piotr Dobrogost <
p...@2016.forums.dobrogost.net> wrote:
> Please note that I inserted
> ExecStartPre=/usr/bin/env
> to /usr/lib/systemd/system/openvpn@.service template and I see
> OPENSSL_ENABLE_MD5_VERIFY=1
> in the journal logs meaning this env variable is set
On 30/03/16 18:06, Piotr Dobrogost wrote:
> [...]
> However, if you *must* use MD5 hashed certificates then try something like
>
> ExecStart=/usr/sbin/md5-openvpn --daemon --writepid
>
> and create a script /usr/sbin/md5-openvpn like
>
> #!/bin/bash
> export OPENSSL_ENABLE_MD5_VERIFY=1
> exec /usr
On Wed, Mar 30, 2016 at 5:08 PM, Jan Just Keijser wrote:
>
> hmmm you're using AES256 encryption in combination with MD5 signed certs?
> that's strong encryption with VERY weak certificate hashing - your server is
> prone to all kinds of attacks this way.
MD5 here is going to be replaced soon.
>
Hi Piotr,
On 29/03/16 23:41, Piotr Dobrogost wrote:
> Hi!
>
> When I start OpenVPN as a deamon from command line like this:
> `sudo OPENSSL_ENABLE_MD5_VERIFY=1 openvpn --daemon --config
> /etc/openvpn/xxx.conf`
> the tunnel comes up with no problem.
> However, when I start it as a systemd service
Hi,
On 29/03/16 09:20, Marc Haber wrote:
> Hi,
>
> I use OpenVPN to attach my notebook and a number of customer sites to
> my network and system management tools, and to transport IPv6 to my
> notebook regardless of its location. The central node is a server in
> housing, running Debian Linux. My
10 matches
Mail list logo
