Hello list,
Is there an option to run a peer to peer tunnel which is up (tun
devices are there), but remains completely silent and only becomes
active when data is routed through the tunnel? So no keepalive, no
initializing.
IOW: a sort of encrypted version of an ipip tunnel. I think I can do
the
Hi,
On Thu, Jun 08, 2017 at 10:00:50AM +0200, richard lucassen wrote:
> Is there an option to run a peer to peer tunnel which is up (tun
> devices are there), but remains completely silent and only becomes
> active when data is routed through the tunnel? So no keepalive, no
> initializing.
>
> IO
On Thu, 8 Jun 2017 10:36:13 +0200
Gert Doering wrote:
> > Is there an option to run a peer to peer tunnel which is up (tun
> > devices are there), but remains completely silent and only becomes
> > active when data is routed through the tunnel? So no keepalive, no
> > initializing.
> >
> > IOW:
Hi,
On Thu, Jun 08, 2017 at 11:51:47AM +0200, richard lucassen wrote:
> I can set ping-restart to 0 to disable this function, but settin ping
> to 0 just puts the ping back to the default of 10 sec. And the
> keepalive option is AFAIUI just a wrapper for ping and ping-restart. I
> cannot see how t
On Thu, 8 Jun 2017 12:00:31 +0200
Gert Doering wrote:
> > I can set ping-restart to 0 to disable this function, but settin
> > ping to 0 just puts the ping back to the default of 10 sec. And the
> > keepalive option is AFAIUI just a wrapper for ping and
> > ping-restart. I cannot see how to disab
Hi,
On Thu, Jun 08, 2017 at 01:30:12PM +0200, richard lucassen wrote:
> On Thu, 8 Jun 2017 12:00:31 +0200
> Gert Doering wrote:
>
> > > I can set ping-restart to 0 to disable this function, but settin
> > > ping to 0 just puts the ping back to the default of 10 sec. And the
> > > keepalive optio
On Thu, 8 Jun 2017 13:49:28 +0200
Gert Doering wrote:
> > But it still tries to initialize (which is quite obvious of course),
> > but is there a way to tell OpenVPN to only initialize the VPN as
> > soon as data enters the tunnel?
>
> If you do static-key, there is nothing to initialize remotel
Hi,
On 08/06/17 14:30, richard lucassen wrote:
On Thu, 8 Jun 2017 13:49:28 +0200
Gert Doering wrote:
But it still tries to initialize (which is quite obvious of course),
but is there a way to tell OpenVPN to only initialize the VPN as
soon as data enters the tunnel?
If you do static-key, the
Hi,
On Thu, Jun 08, 2017 at 04:43:32PM +0200, Jan Just Keijser wrote:
> but your initial packets will almost always time out - the initial
> handshake in PtP mode is *at least* 10 seconds.
There's a handshake in static-key mode? (Not talking about tls-client
to tls-server ptp mode)
gert
--
US
Hi,
On Thu, Jun 08, 2017 at 02:30:39PM +0200, richard lucassen wrote:
> # tcpdump -ni eth0 udp port 1198
> tcpdump: verbose output suppressed, use -v or -vv for full protocol
> decode listening on eth0, link-type EN10MB (Ethernet), capture size
> 262144 bytes
> 14:24:56.852049 IP a.b.c.d.1198 > e.
Hi,
On 08/06/17 17:03, Gert Doering wrote:
Hi,
On Thu, Jun 08, 2017 at 04:43:32PM +0200, Jan Just Keijser wrote:
but your initial packets will almost always time out - the initial
handshake in PtP mode is *at least* 10 seconds.
There's a handshake in static-key mode? (Not talking about tls-c
On Thu, 8 Jun 2017 17:03:56 +0200
Gert Doering wrote:
> Run
> openvpn --verb
>
> (starting from 5, going up)
>
> to see what it's doing...
--verb 6
You can see the 10 secs wait:
Thu Jun 8 22:00:11 2017 us=709103 UDPv4 link remote:
[AF_INET]e.f.g.h:1198
Thu Jun 8 22:00:21 2017 us=308356
On Thu, 08 Jun 2017 16:43:32 +0200
Jan Just Keijser wrote:
>keep-alive 0 0
> which is the same as
>ping 0
>ping-restart 0
I tried that, but setting "ping 0" results in the default of 10 secs,
not disabling. The option "ping 0" is not mentioned in the manpage BTW.
setting ping-restart
On Thu, 8 Jun 2017 17:07:58 +0200
Jan Just Keijser wrote:
> well, the static keys need to be checked, but what I've found is that
> both ends wait for 10 seconds before printing out 'Initialization
> complete" - I did not test whether you can send packets over the link
> sooner than that.
The in
Hi,
On Thu, Jun 08, 2017 at 10:31:10PM +0200, richard lucassen wrote:
> --verb 6
>
> You can see the 10 secs wait:
>
> Thu Jun 8 22:00:11 2017 us=709103 UDPv4 link remote:
> [AF_INET]e.f.g.h:1198
> Thu Jun 8 22:00:21 2017 us=308356 Peer Connection Initiated with
> [AF_INET]e.f.g.h:1198
> Thu J
On Thu, 8 Jun 2017 22:47:35 +0200
Gert Doering wrote:
> On Thu, Jun 08, 2017 at 10:31:10PM +0200, richard lucassen wrote:
> > --verb 6
> >
> > You can see the 10 secs wait:
> >
> > Thu Jun 8 22:00:11 2017 us=709103 UDPv4 link remote:
> > [AF_INET]e.f.g.h:1198
> > Thu Jun 8 22:00:21 2017 us=30
Just as a thought, have you tried running tcpdump on the tunnel interface
immediately after it comes up (before the 10 seconds), on the off chance
that this has nothing to do with openvpn, but instead something on the OS
side of things has decided that a new interface needs a packet or three
sent 1
Hi,
On Thu, Jun 08, 2017 at 11:19:24PM +0200, richard lucassen wrote:
> > Well, it's not showing any outgoing packets yet, so maybe it needs
> > more
> > --verb.
>
> Setting verb to 8 makes a lot of noise :) That's why I just looked with
> tcpdump.
tcpdump does not answer *why* it thinks it want
Hi,
On Thu, Jun 08, 2017 at 11:03:17PM +, Joe Patterson wrote:
> Just as a thought, have you tried running tcpdump on the tunnel interface
> immediately after it comes up (before the 10 seconds), on the off chance
> that this has nothing to do with openvpn, but instead something on the OS
> si
19 matches
Mail list logo