file here as an attachment, it is only 4k.
-Oorspronkelijk bericht-
Van: Bonno Bloksma
Verzonden: woensdag 6 december 2023 17:29
Aan: openvpn users list (openvpn-users@lists.sourceforge.net)
Onderwerp: openvpn on QNAP
Hi,
I have been using my QNAP as my OpenVPN server for a while but
ink / ISP for that ip number.
It is no different from any other ip number, be it 10.x.x.x and 172.16.x.x or
192.168.1.x or some public ip number, the routing has to be correct.
The registrar for the ip number will not dictate what machine can use the ip
number nor what other ip number can be o
Hi,
[...]
> Now, if you add tls-auth or tls-crypt to the server (+client) config, even a
> correct "openvpn UDP initial handshake" packet will *not* make the server
> reply,
> unless you also have the right tls-auth/tls-crypt configured on the client
> side - which needs a (secret!) key to do
y extra charge as it is NORMAL
internet access.
Met vriendelijke groet,
Bonno Bloksma
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
al and
on the internet then you might need a dns resolver in between that knows what
to resolve itself and what to forward to the "other network" dns server.
I have it set up that way on my home situation where any dns name company.org
gets sent to the company dn
SA_...) it works like
expected.
Now I have a crl file that is valid untill after my CA expires, that's long
enough. ;-)
Bonno Bloksma
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
ys $SA_EXPIRE -out "$CRL" -config "$KEY_CONFIG"
but that still generated a crl file for one month.
Bonno Bloksma
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
es, this is a static environment with currently just
3 links, so just a few keys/certs that will never change. I control all clients
so I could even just delete a key on the client if I don't want to use it
anymore.
Only when I suspect some foul play would I ever need to rev
log/openvpn-user.log {
rotate 12
monthly
copytruncate
compress
missingok
notifempty
}
Is this still the best way to do it?
Using OpenVPN Version: 2.3.4-5+deb8u2 on Debian
Bonno Bloksma
--
Check out the vibrant t
e GUI want to connect right after that.
I assume this would only autoconnect if there was only 1 config to use,
otherwise the software might launch the wrong VPN.
Bonno Bloksma
--
KEY_SIZE, run
build-dh and then set it back to what I have?
3) Is there any use in creating an even bigger dh file, lets say a 8192 bit
version?
Bonno Bloksma
--
___
Openvpn
y web traffic.
A few months ago we switched to Palo Alto firewalls which inspect the traffic
and filter on that. I can now filter on for instance allow facebook traffic but
deny facebook games. That level of filtering
still accept all established and
related traffic.
But the second line from Jan
$IPTABLES -A FORWARD -o tun+ -j ACCEPT
Covers that a bit more explicitly.
This is my basic firewall rule set for a "simple" Linux box acting sometimes as
a router if no additional filters are needed for
hernet cable to that system at the other side of the OpenVPN link. What would
need to change on your host?
Bonno Bloksma
Tio university of applied science
--
Go from Idea to Many App Stores Faster with Intel(R) XDK
Give
/ register in Windows using the
\Windows\System32\regsvr32.exe command?
Or do I just need to put in in the OpenVPN bin dir?
Met vriendelijke groet,
Bonno Bloksma
senior systeembeheerder
tio
university of applied sciences
begijnenhof 8-12 / 5611 el eindhoven
t +31 (0)40-296 28 28
b.blok...@tio.nl
Hi,
Not sure from the docs at that page.
Is this a DLL I have to install / register in Windows using the
\Windows\System32\regsvr32.exe command?
Or do I just need to put in in the OpenVPN bin dir?
Met vriendelijke groet,
Bonno Bloksma
senior systeembeheerder
tio
university of applied sciences
kSS/openvpn-fix-dns-leak-plugin
Ok, going to try that.
Bonno Bloksma
--
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
. . . . . . : Enabled
However, Windows 10 keeps using the ISP provided dns servers and therefore all
mapings etc fail.
As most of my users are not "smart users" I do NOT want them to mess with the
dns settings.
So now what? Do we prohibit the use of Windows 10? That is no
d:~#
Met vriendelijke groet,
Bonno Bloksma
senior systeembeheerder
tio
university of applied sciences
--
Don't Limit Your Business. Reach for the Cloud.
GigeNET's Cloud Solutions provide you with the tools and supp
upgrade to latest 2.3.2 or 2.3.4
release immediately.
We are at 2.3.7. now so it probably should change a few (but not all) of those
2.3.4. references into 2.3.7 or just "the lastest 2.3.x release".
Met vriendelijke groet,
Bonno Bloksma
senior systeembeheerder
tio
university of applie
CP config to see what we use.
The only usefull extra option to have in openvpn I see is ntp to make sure a
client on the other side will have the correct time for Kerberos authentication
against our AD. And wins just in case for that weird situation where dns goed
layer 2 router network where there are
just a few router / devices.
Use different ports for the different simultaneous configurations. I use the
default 1194 port for my road warriors and a different port for my WAN backup.
Bonno Bloksma
-Oorspronkelijk bericht-
Van: Zesen Qian
network
behind the server is.
What platform will you use for this? Redhat, Debian, etc? Or a non Linux
platform?
Met vriendelijke groet,
Bonno Bloksma
senior systeembeheerder
tio
university of applied sciences
begijnenhof 8-12 / 5611 el eindhoven
t +31 (0)40-296 28 28
b.blok...@tio.nl
d at my setup which I generated many years ago and it
has a dh4096.pem file
I think I generated this using default parameters because I did not understand
much about openvpn and keys at that time. But then again, maybe I did increase
it myself.
Bonno Bloksma
--
ter reading the
documentation just ask it here. There are a lot of experts here in this list.
;-)
Bonno Bloksma
--
___
Openvpn-users mailing list
Openvpn-use
] and remote VPN
[172.16.0.0/255.255.0.0]
Bonno Bloksma
--
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo
Samuli, I will simply ask everyone who does not
have version 2.3.5 yet to uninstall and reinstall.
Bonno
-Oorspronkelijk bericht-
Van: Bonno Bloksma [mailto:b.blok...@tio.nl]
Verzonden: maandag 3 november 2014 21:29
Aan: openvpn-users@lists.sourceforge.net
Onderwerp: [Openvpn-users
ly not)
1)
Is there a 1:1 relation between the OpenVPN version and the TAP driver?
2)
If someone has OpenVPN 2.x.y (x<3), can I simply tell them to uninstall OpenVPN
and install the latest 2.3.5 version and will they then have the latest TAP
driver?
Met vriendelijke groet,
Bonno B
report success in stead of an
error when indeed it has successfully revoke the certificate?
Met vriendelijke groet,
Bonno Bloksma
senior systeembeheerder
tio
university of applied sciences
begijnenhof 8-12 / 5611 el eindhoven
t +31 (0)40-296 28 28
b.blok...@tio.nl / www.tio.nl
Volg ons op Twitter
Hi Dave,
> Wow. Lots to think about. Once I get this all done, I'm thinking a wiki page
> contribution, "by noob, for noob" will be in order!
>
> On 08/01/2014 01:35 PM, Bonno Bloksma wrote:
>> Keep thinking of the OpenVPN setup as just 2 routers with a fi
tup where the OpenVPN link is just one of the links between sites.
> I'd really like to get enough understanding to make this work in & with
> Openvpn. So I'll stick with it for now.
Just ask for more examples when you do not understand something.
> Thanks!
You're we
server and you do not need crond for
that. The SNTP feature is present in a lot of embedded systems these days.
Bonno Bloksma
--
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
509 -subject -dates -noout -in ca.crt
[..]
notBefore=May 16 06:04:32 2008 GMT
notAfter=May 14 06:04:32 2018 GMT
Ok, I've got a few years left. ;-)
> openssl x509 -subject -dates -noout -in client-cert.crt
And these are even l
renewed. And for when
the keys for my clients need to be renewed. Need to read up on how to generate
next CA and make sure current and new clients can still connect. ;-)
Bonno Bloksma
--
WatchGuard Dimension instantly
: 2.2.1-8+deb7u2
Met vriendelijke groet,
Bonno Bloksma
senior systeembeheerder
tio
university of applied sciences
julianalaan 9 / 7553 ab hengelo
t +31 (0)74-255 06 10
b.blok...@tio.nl<mailto:b.blok...@tio.nl> / www.tio.nl<http://www.tio.nl/>
Volg ons op Twitter<http
never have to read the download page.
But if they do they might get confused by the dates (not) mentioned. Maybe
listing a date for the I003 release somewhere might be a good idea?
With kind regards,
Bonno Bloksma
system administrator
tio
university of applied sciences
julianalaan 9 / 7553
36 matches
Mail list logo