> hi,
> On Wed, Dec 27, 2023 at 09:48:34AM +, Jason Long via Openvpn-users wrote:
> >My server and client configurations are as follows:
>
> >https://paste.mozilla.org/sR05JKfV
>
> >https://paste.mozilla.org/PxsW6MC8
>
> >Are these suitable in terms o
>Hello,
>My server and client configurations are as follows:
>https://paste.mozilla.org/sR05JKfV
>https://paste.mozilla.org/PxsW6MC8
>Are these suitable in terms of security? Do you have any suggestions to
>improve them?
>Thank you.
___
>Openvpn-use
Hello,How can I change the 2048 bit OpenVPN static key to 4096?When generating
the Diffie-Hellman key, I chose it to be 4096 bits, are these two related?
Thank you.___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourcefo
Hello,My server and client configurations are as follows:
https://paste.mozilla.org/sR05JKfV
https://paste.mozilla.org/PxsW6MC8
Are these suitable in terms of security? Do you have any suggestions to improve
them?
Thank you.
___
Openvpn-users mailing lis
:13, Hans via Openvpn-users
> wrote:
>
>
>
> >
> > From: "Antonio Quartulli"
> > Date: Monday, 11 December 2023 at 12:02:33
> > To: "Jason Long" , "Tincantech via Openvpn-users"
> >
> > Subject: Re: [Open
> Hi,
> On Tue, Dec 12, 2023 at 05:59:40AM +, Jason Long via Openvpn-users wrote:
> https://paste.mozilla.org/CwWTPPW0
> I'd guess it's the "key-direction" line getting in the way. Remove this
> from both client and server config.
> Also, you are
> You need to check the server log to understand what's going on.
> Cheers,
On December 12, 2023 6:59:40 AM GMT+01:00, Jason Long
wrote:
> > On 11/12/2023 11:18, Jason Long via Openvpn-users wrote:
>> Hello,
>> If I want to use the "tls-crypt" option, t
> On 11/12/2023 11:18, Jason Long via Openvpn-users wrote:
> Hello,
> If I want to use the "tls-crypt" option, then the "ta.key" must be a separate
> file and it cannot be merged with the rest of the keys in one file. To be
> honest, it is difficult to use
Hello,
If I want to use the "tls-crypt" option, then the "ta.key" must be a separate
file and it cannot be merged with the rest of the keys in one file. To be
honest, it is difficult to use for both computer and mobile users because it is
two files.
Is there a solution?
Thank you.
___
Hello,
How can I download the Reference manual for OpenVPN 2.6
(https://openvpn.net/community-resources/reference-manual-for-openvpn-2-6/) as
a PDF file?
Thank you.
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sou
> On 06/12/2023 11:09, Jason Long via Openvpn-users wrote:
> Hello,
> Suppose the OpenVPN server is located in another country, but the DNS server
> is inside the company. What options should be included in the server and
> client configuration >file?
>
> Thank you
Hello,
Suppose the OpenVPN server is located in another country, but the DNS server is
inside the company. What options should be included in the server and client
configuration file?
Thank you.
___
Openvpn-users mailing list
Openvpn-users@lists.sour
>-BEGIN PGP SIGNED MESSAGE-
>Hash: SHA256
>Hi,
>On Tuesday, 7 November 2023 at 05:27, Jason Long wrote:
>
>
> Hello,
> I added the following line to the server.conf file:
>
> push "route 172.20.0.0 255.255.255.0"
>
> Then, I restarted the OpenVPN service:
>
> # systemctl restart op
>Hi,
>On Wed, Nov 01, 2023 at 05:16:52PM +, Jason Long via Openvpn-users wrote:
> Hello,Is there a tool to measure the security of OpenVPN connection?
> Something that tells if the security parameters used in the configuration
> file are sufficient or not.
>For TL
>-BEGIN PGP SIGNED MESSAGE-
>Hash: SHA256
>Hi,
>--- Original Message ---
>On Monday, November 6th, 2023 at 12:26, Jason Long wrote:
>
>
> Hello,
> Thank you so much for your reply.
> Some lines of my server.conf file are:
>
> push "redirect-gateway def1 bypass-dhcp"
> push "d
>On Saturday, November 4, 2023 at 05:31:40 PM GMT+3:30, tincantech
> wrote:
>-BEGIN PGP SIGNED MESSAGE-
>Hash: SHA256
>Hi,
>Your DNS server is non-local and you are most likely
>redirecting your gateway to the VPN.
>So, DNS packets for your DNS server are set into the
>tunnel and are f
Hello,
I was able to combine OpenVPN with Tor using
"https://gist.github.com/kremalicious/4c333c8c54fced00ab10c0a892a2304d";
tutorial.
When I connect to the OpenVPN network without a Tor, I can ping the computers
on the internal network by name, but with that configuration, I can't ping the
com
Hello,Is there a tool to measure the security of OpenVPN connection? Something
that tells if the security parameters used in the configuration file are
sufficient or not.
Thank you.___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
htt
Hello,
My OpenVPN server started, but I got the following message in the "openvpn.log":
--user specified but lacking CAP_SETPCAP. Cannot retain CAP_NET_ADMIN.
Disabling data channel offload
My server.conf is:
port 2023
proto udp
dev tun1
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/Se
Hello,I have two questions:1- When someone connects to an OpenVPN server, is it
possible to be redirected to duckduckgo.com when trying to go to google.com?
2- How can I block access to certain websites?
Does OpenVPN offer such features?
Thank you.___
>Hi,
On Sun, Sep 03, 2023 at 06:05:09AM +, Jason Long wrote:
> push "route 10.0.2.0 255.255.255.0 10.0.2.2 1"
> push "dhcp-option DNS 172.20.1.2"
> push "dhcp-option DNS 172.20.1.7"
> push "redirect-gateway autolocal"
>This *should* install a default gateway, but if it doesn't, check the
>cli
>On 03/09/2023 15:23, Jason Long via Openvpn-users wrote:
>
> Hello,
> As I said, I have some scenario and I want to learn more.
>Have you ordered any of the books you've been recommended? Have you
>read any of them?
>I would say you are pretty closed to gettin
>On 03/09/2023 15:23, Jason Long via Openvpn-users wrote:
>
> Hello,
> As I said, I have some scenario and I want to learn more.
>Have you ordered any of the books you've been recommended? Have you
>read any of them?
>I would say you are pretty closed to gettin
>Hi,
>On 03/09/2023 20:50, Jason Long via Openvpn-users wrote:
> I read those steps from an OpenVPN document. Can you tell me where
> the problem is?
>There is no problem.
>It is simply not possible to "configure" OpenVPN to assign an IP address
>based o
>On Sun, 03 Sep 2023 15:39:56 +, tincantech via Openvpn-users
wrote:
>Your continued use
>of this mailing list as an alternative to reading any documentation
>has not gone unnoticed.
>+1
>And it should result in *everyone* to stop responding to this list spammer who
>does not care reading t
>Le 03/09/2023 à 15:23, Jason Long a écrit :
> Hello,
> As I said, I have some scenario and I want to learn more.
>By abusively relying on others? Strange way to achieve your goals.
> Do you mean "ccd-exclusive"? If yes, then I edited the Server.conf as below:
>
> ifconfig 20.1.0.1 255.255.255.0
On Sun, Sep 3, 2023 at 5:38 PM, Bruno Tréguier via Openvpn-users
wrote: Le 03/09/2023 à 15:23, Jason
Long a écrit :
> Hello,
> As I said, I have some scenario and I want to >learn more.
>By abusively relying on others? Strange way to >achieve your goals.
> Do you mean "ccd-exclusive"? If ye
>Le 03/09/2023 à 08:48, Jason Long via Openvpn-users a écrit :
> Hello,
> When I use "server 10.8.0.0 255.255.255.0" in the Server.conf file, then
> OpenVPN assigns IP addresses to clients respectively. What should I do if I
> want to assign a specific IP >address
Hello,
When I use "server 10.8.0.0 255.255.255.0" in the Server.conf file, then
OpenVPN assigns IP addresses to clients respectively. What should I do if I
want to assign a specific IP address to a client with a specific computer name
or MAC address?
Thank you.
__
>Hi,
>On Sat, Sep 02, 2023 at 11:44:08AM +, Jason Long via Openvpn-users wrote:
> I connected to the server, but default gateway not set:
>
> Unknown adapter OpenVPN TAP-Windows6:
>
> Connection-specific DNS Suffix . :
> Link-local IPv6 Address . . . . . : f
Hello,
I have two VMs in VirtualBox and selected the NAT Network type for their
networking.
For both VMs, I configured the network manually. On Server (Debian) my network
configuration is:
enp0s3: flags=4163 mtu 1500
inet 10.0.2.15 netmask 255.255.255.0 broadcast 10.0.2.255
in
Hello,
I installed the openvpn-auth-ldap package and I want to use the Active
Directory for authentication.
I Opened Active Directory Users And Computers. Clicked the View menu and
selected Advanced Features. After it, I right-clicked on my username and
selected the Properties, then clicked the
On Wed, Aug 30, 2023 at 5:36 PM, Gert Doering
wrote: >Hi,
>On Wed, Aug 30, 2023 at 01:53:40PM +0000, >Jason Long via Openvpn-users wrote:
> Thank you so much for your reply.
> As I understand, The "ca.crt" and "ta.crt" keys >are mandatory. I disabled
>
>On 30/08/2023 07:45, Jason Long via Openvpn-users wrote:
> Hello,
> I configured OpenVPN to use the username and password for authentication, but
> I need to have the "ca.crt", "cert server.crt", "server.key" and "dh.pem"
> certificates.
Hello,
I configured OpenVPN to use the username and password for authentication, but I
need to have the "ca.crt", "cert server.crt", "server.key" and "dh.pem"
certificates.
So, what's the advantage of using this authentication method when I still need
to use these keys?
Thank you.
___
Hello,
Why in the OpenVPN log, I see the following line:
Protocol options: explicit-exit-notify 1, protocol-flags cc-exit tls-ekm
dyn-tls-crypt
Thank you.
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.n
On Sun, Aug 27, 2023 at 1:33 PM, Jochen Bern
wrote: On 27.08.23 07:49, Jason Long wrote:
> 1- When a key is generated, how many days is the default time for it to
> expire?
>Whatever your configuration files say. And >frankly, just generating one
>and *looking* at it might tell you *even fas
>On 26.08.23 07:32, Jason Long wrote:
> 1- How do you give keys to a large number of clients? Suppose there are
> 1000 employees in a company, do all employees have to go to the IT
> department of that company to get the client keys?
>Certificates are technical proof that the CA trusts the h
On Sat, 26 Aug 2023 05:32:56 + (UTC), Jason Long via Openvpn-users
wrote:
>On 25.08.23 21:41, Jason Long via Openvpn-users wrote:
>> Hello,With the help of the following command, you can revoke a certificate:
>> # ./revoke-full "Client_Name"
>> Now if you chan
On 25.08.23 21:41, Jason Long via Openvpn-users wrote:
> Hello,With the help of the following command, you can revoke a certificate:
> # ./revoke-full "Client_Name"
> Now if you change your mind, is it possible to use that certificate again?
> Is there a command to validate
Hello,With the help of the following command, you can revoke a certificate:
# ./revoke-full "Client_Name"
Now if you change your mind, is it possible to use that certificate again? Is
there a command to validate a revoked certificate?
Thank you.___
Op
>Hi,
On Wed, Aug 23, 2023 at 06:41:35AM +0000, Jason Long via Openvpn-users wrote:
> Hello,
> My server and client use range 10.0.2.X:
>
> Server: 10.0.2.15
> Client: 10.0.2.16
>If this is the "outside" IP (LAN NIC) that client and server use to
>setup a VP
>On Tue, 22 Aug 2023 08:20:24 + (UTC), Jason Long via Openvpn-users
> wrote:
>Yes. The file under the CCD directory is exactly as the Common Name of the
>client.
>So if you have set a requirement for the client to have a ccd entry in order to
>connect and this client ha
On Tue, Aug 22, 2023 at 4:54 PM, Gert Doering
wrote: >Hi,
>On Tue, Aug 22, 2023 at 07:56:44AM +, >Jason Long wrote:
> Thank you so much again.
> 1- When I use "local" then I must not use >"multihome" and vice versa?
>When you use local, the IP address that >OpenVPN will use is fixed, so
>no
>Hi,
>On 22/08/2023 09:56, Jason Long via Openvpn-users wrote:
> 1- When I use "local" then I must not use "multihome" and vice versa?
>No. You can have 'multihome' along with 'local', but in this case
>'multihome' will do nothi
On Mon, 21 Aug 2023 06:12:45 + (UTC), Jason Long via Openvpn-users
wrote:
>Hello,
>My server and client IP addresses are in range 10.0.2.X.
>I created a CCD directory and create a file inside the folder. I wrote the
>below lines in this file:
>
>iroute 10.0.2.0 255.255.
>Hi,
>On Mon, Aug 21, 2023 at 06:40:04AM +, Jason Long wrote:
> You said "This is not what I would have - I'd have a public IP address on the
> NIC,or 2, or 3.", does that mean you assign a separate network card for each
> IP address? If yes, >then if your server is physical, the number of y
>Hi,
>On Sun, Aug 20, 2023 at 01:14:55PM +, Jason Long via Openvpn-users wrote:
> I googeled my question, but unfortunately, I could not find a correct and
> complete article about it and I'm thankful if the experts here, write the
> answer step by step and in >su
Hello,
My server and client IP addresses are in range 10.0.2.X.
I created a CCD directory and create a file inside the folder. I wrote the
below lines in this file:
iroute 10.0.2.0 255.255.255.0
Then, I opened the server.conf file and wrote these lines in it:
client-config-dir CCD
ccd-exclusiv
Hello,
I googeled my question, but unfortunately, I could not find a correct and
complete article about it and I'm thankful if the experts here, write the
answer step by step and in summary.
Suppose you have an OpenVPN server. Now, you want to set two public IP
addresses on it. Your public IP a
>Hi,
>On Sun, Aug 20, 2023 at 09:49:25AM +, Jason Long wrote:
> >On Sat, Aug 19, 2023 at 02:18:37PM +, Jason Long via Openvpn-users wrote:
> > Sat Aug 19 18:23:53 2023 NOTE: unable to redirect IPv4 default gateway --
> > Cannot read current default gateway from sy
>Hi,
>I don't know what mail client you are using, but the signature of the
>author of the email you are replying to should be removed before writing
>any text.
>This said, check my reply below.
>On 20/08/2023 11:49, Jason Long via Openvpn-users wrote:
> Hi,
> I
>Hi,
>On Sat, Aug 19, 2023 at 02:18:37PM +, Jason Long via Openvpn-users wrote:
> Sat Aug 19 18:23:53 2023 NOTE: unable to redirect IPv4 default gateway --
> Cannot read current default gateway from system
>If client and server are in the same network, and the client has no
>Hi,
On Mon, Aug 14, 2023 at 09:19:44PM +0000, Jason Long via Openvpn-users wrote:
> Hi Bruno,Thank you so much for your reply.Both (Server and Client) can ping
> each other and without the local statement my client can connect to the
> OpenVPN server.My >client connecting to th
Hello,
I changed my server configuration and my OpenVPN server and my client each one
have a NIC:
OpenVPN Server: 10.0.2.15
Client: 10.0.2.16
The OpenVPN server network configuration is as below and has access to the
Internet:
# ifconfig
enp0s3: flags=4163 mtu 1500
inet 10.0.2.15 n
On 19.08.23 10:02, Bo Berglund wrote:
> On Sat, 19 Aug 2023 07:03:01 + (UTC), Jason Long via Openvpn-users
> wrote:
>> I have another questions:
>> 1- I checked the "Subject" of the ca.crt file and my CN name is "Server".
>> Now,
>> I mu
> On 18.08.23 21:22, Jason Long wrote:
> 1- In the round-robin mechanism, we can use the same keys for our
> servers, but each client uses its own key.
>You *can* do that, yes.
>Since you apparently don't provide clients with a CRL or any other means
>to have server certs revoked, I guess it
On Fri, Aug 18, 2023 at 7:51 PM, Jochen Bern
wrote: On 18.08.23 16:31, Jason Long wrote:
> 1- So, if we have multiple servers, then it is >better that the servers
> have the same key, but each client has its >own key. Am I right?
>No.
>I said that *if* you want your clients to be able >to
On Thu, Aug 17, 2023 at 5:32 PM, Jochen Bern
wrote: >On 17.08.23 14:12, Jason Long wrote:
> It is even better if each server has its own >separate keys.
>You didn't mention setting up multiple servers >yet IIRC, but yes, same
>best practice there ... in principle.
>However, if you plan to ins
On Thu, Aug 17, 2023 at 8:24 AM, Bo Berglund
wrote:On Wed, 16 Aug 2023 21:28:29 + (UTC), Jason
Long via Openvpn-users
wrote:
>Hi Jochen,Thank you for your advice about the >How-to articles.Can you answer
>my questions?
>1- What is the difference between >/etc/openvpn a
On Thu, Aug 17, 2023 at 1:52 AM, Jochen Bern
wrote: On 16.08.23 23:28, Jason Long wrote:
> 1- What is the difference between /etc/openvpn and /etc/openvpn/server
> directories?
>The systemd "unit files" that define the >templates for the services you
>"systemctl" later on used to expect all c
On Wed, Aug 16, 2023 at 6:27 PM, Jochen Bern
wrote: On 16.08.23 15:05, Jason Long wrote:
> I used
> "https://www.howtoforge.com/how-to-install-and-configure-openvpn-server-on-debian-10/";
> tutorial to create my OpenVPN server.
(No date on the article ... no date on the comments ... OpenVPN v
>On 16/08/2023 15:05, Jason Long via Openvpn-users wrote:
> On 16.08.23 12:23, Jason Long via Openvpn-users wrote:
>>> On Wed, Aug 16, 2023 at 06:35:01AM +, Jason Long wrote:
[...snip...]
> Hello,
> I used
> "https://www.howtoforge.com/how-to-install-and-configur
On 16.08.23 12:23, Jason Long via Openvpn-users wrote:
>> On Wed, Aug 16, 2023 at 06:35:01AM +, Jason Long wrote:
>>> route 192.168.1.0 255.255.255.0
>>
>> This tells the server "put routing towards 192.168.1.0 into the VPN"
[...]
> So, what is
Hi,
On Wed, Aug 16, 2023 at 06:35:01AM +, Jason Long wrote:
> I added the following lines to my server.conf:
>
> client-config-dir myclient
> ccd-exclusive
> route 192.168.1.0 255.255.255.0
>This tells the server "put routing towards 192.168.1.0 into the VPN",
>while 192.168.1.x is your LAN
Hi,
On Tue, Aug 15, 2023 at 12:54:45PM +, Jason Long via Openvpn-users wrote:
> I did a tcpdump:
>
> # tcpdump --interface any udp port 2000 -n -v
> tcpdump: listening on any, link-type LINUX_SLL (Linux cooked v1), capture
> size 262144 bytes
> 08:50:47.761991 IP (tos 0x
On Tue, Aug 15, 2023 at 5:57 PM, tincantech
wrote: -BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
--- Original Message ---
On Tuesday, August 15th, 2023 at 15:02, Gert Doering
wrote:
> Hi,
>
> On Tue, Aug 15, 2023 at 12:54:45PM +0000, Jason Long via Openvpn-us
On Tue, Aug 15, 2023 at 5:33 PM, Gert Doering wrote: Hi,
On Tue, Aug 15, 2023 at 12:54:45PM +, Jason Long via Openvpn-users wrote:
> I did a tcpdump:
>
> # tcpdump --interface any udp port 2000 -n -v
> tcpdump: listening on any, link-type LINUX_SLL (Linux cooked v1), cap
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
--- Original Message ---
On Tuesday, August 15th, 2023 at 10:57, Jason Long wrote:
> Hello,
> My OpenVPN server internal network IP is "192.168.1.20" and the IP address of
> client is "192.168.1.21". Both VMs can ping each other.
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Sent with Proton Mail secure email.
--- Original Message ---
On Monday, August 14th, 2023 at 22:11, Jason Long wrote:
> On Mon, Aug 14, 2023 at 11:47 PM, tincantech
>
> > wrote:
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA256
On Mon, Aug 14, 2023 at 8:22 PM, Gert Doering
wrote: Hi,
On Mon, Aug 14, 2023 at 01:59:32PM +, Jason Long wrote:
> But I am sure that in a real environment such a scenario can also exist.
> Consider an internal network where users connect to an internal OpenVPN
> server and this server has
On Mon, Aug 14, 2023 at 6:25 PM, Bruno Tréguier via Openvpn-users
wrote: Hello,
Le 14/08/2023 à 15:59, Jason Long via Openvpn-users a écrit :
> Hi,
> Thank you so much.
> But I am sure that in a real environment such a scenario can also exist.
> Consider an internal network where u
On Mon, Aug 14, 2023 at 11:47 PM, tincantech
wrote: -BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
--- Original Message ---
On Monday, August 14th, 2023 at 20:49, Jason Long wrote:
> On Mon, Aug 14, 2023 at 5:16 PM, tincantech
>
> > wrote:
> >
> > Hello,
> > Thank you so mu
On Mon, Aug 14, 2023 at 5:16 PM, tincantech
wrote: -BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Sent with Proton Mail secure email.
--- Original Message ---
On Monday, August 14th, 2023 at 14:13, Jason Long via Openvpn-users
wrote:
> Hello,
> To increase the secur
Hi,
On Mon, Aug 14, 2023 at 10:51:41AM +, Jason Long wrote:
> So, my iptables rules are OK and my problem is just my test environment.
> If someone really has such an environment, then what is the solution?
Build a proper test environment... whatever you have at hand, either
wire an OpenWRT
Hello,
To increase the security of OpenVPN, I want to use the ccd-exclusive. I googled
it, but I could not find a good example. I just found the following question:
https://serverfault.com/questions/877201/limit-access-to-remote-server-via-particular-vpn
But, I really don't know what to do.
I mu
Hi,
On Mon, Aug 14, 2023 at 10:13:48AM +, Jason Long wrote:
> And because my client does not have direct access to IP "20.1.1.20", then it
> showed me that error. If my client connected to the OpenVPN server directly,
> then I should not have such a problem. Am I right?
>You need to get
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
Sent with Proton Mail secure email.
--- Original Message ---
On Monday, August 14th, 2023 at 09:23, Jason Long via Openvpn-users
wrote:
>
> Mon Aug 14 12:52:03 2023 read UDPv4: Connection reset by peer (WSAECONNRESET)
&g
Hi,
On Mon, Aug 14, 2023 at 06:33:52AM +, Jason Long wrote:
> Why without the local statement my OpenVPN worked?
As I explained weeks ago, the combination of "port" + "local IP" needs
to be unique. So if you have only one OpenVPN process listening on
one port, you do not need to force the IP
Hi,
On Sun, Aug 13, 2023 at 08:55:21PM +, Jason Long via Openvpn-users wrote:
> Hello,Is the local statement only for physical NICs or does it work for
> virtual NICs as well?
As I wrote like 2 weeks ago, this is *all* about IP addresses, not about
NICs.
>As a consequence, it
Hello,Is the local statement only for physical NICs or does it work for virtual
NICs as well?
Thank you.___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
On Sun, Aug 13, 2023 at 2:55 PM, Bo Berglund
wrote: On Sun, 13 Aug 2023 09:44:08 + (UTC),
Jason Long via Openvpn-users
wrote:
>Patches?
>The OpenVPV is open source, what about changing the source code and its
>fingerprint?
Yes, you are free to do so if you desire (and are p
Hi,
On Sun, Aug 13, 2023 at 05:23:07AM +, Jason Long wrote:
> Is there a way that OpenVPN can hide itself from censorship devices?
> Something like a statement or something like that.
>This has not much to do with the thread topic or the Subject: - and
>the short answer is "no".
>(The long
Hello,
I added a virtual IP to my OpenVPN NIC as below:
...
enp0s3:1: flags=4163 mtu 1500
inet 20.1.1.20 netmask 255.0.0.0 broadcast 20.255.255.255
ether 08:00:27:ed:b4:7c txqueuelen 1000 (Ethernet)
...
Then, I added the following line to my Server.conf file:
local 20.1.1.20
Hi,
On Fri, Aug 11, 2023 at 09:11:22PM +, Jason Long via Openvpn-users wrote:
> Hello,Is it true that WireGuard is safer and faster than OpenVPN?
Safer: no. Marketing claims.
Faster: depends. With DCO, OpenVPN can be faster, because AES-GCM is
hardware accelerated on many Intel/AMD C
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
Sent with Proton Mail secure email.
--- Original Message ---
On Saturday, August 12th, 2023 at 07:39, Jason Long via Openvpn-users
wrote:
> Hello,
> I added "tls-crypt ta.key 0" and "data-cipher AES-256-G
Hello,
I added a virtual IP to my OpenVPN NIC as below:
...
enp0s3:1: flags=4163 mtu 1500
inet 20.1.1.20 netmask 255.0.0.0 broadcast 20.255.255.255
ether 08:00:27:ed:b4:7c txqueuelen 1000 (Ethernet)
...
Then, I added the following line to my Server.conf file:
local 20.1.1.20
Hello,
I added "tls-crypt ta.key 0" and "data-cipher AES-256-GCM" to my Server.conf
and "tls-crypt ta.key 1" and "data-cipher AES-256-GCM" to my Client.conf.
Client.ovpn is:
client
dev tun20
proto udp
remote 192.168.1.20 2000
resolv-retry infinite
nobind
persist-key
persist-tun
c
Hello,Is it true that WireGuard is safer and faster than OpenVPN?
Thank you.___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
On 10/08/2023 21:44, Jason Long via Openvpn-users wrote:
[...snip...]
> Hello,
> I see. Can you show me a good article about hardening an OpenVPN
> server on Linux?
The best hardening trick you can do to OpenVPN: Use tls-crypt together
with UDP
With this setup, port scan
On Thu, Aug 10, 2023 at 11:07 PM, Gert Doering wrote:
hi,
On Thu, Aug 10, 2023 at 07:27:50PM +, Jason Long via Openvpn-users wrote:
> Hello,How to hardening an OpenVPN server? I found
> "https://openvpn.net/community-resources/hardening-openvpn-security/";, but I
Hello,How to hardening an OpenVPN server? I found
"https://openvpn.net/community-resources/hardening-openvpn-security/";, but I
guess this is not complete. For example, it didn't say anything about using the
local statement.
Thank you.
___
Openvpn-use
On Mon, Aug 7, 2023 at 1:58 PM, Jochen Bern wrote:
On 06.08.23 22:41, Jason Long via Openvpn-users wrote:
> Hello,Any idea?I would be grateful if someone could guide me.
>
> On Wed, Aug 2, 2023 at 11:17 PM, Jason Long via
> Openvpn-users wrote: Hello,To use
> OpenVPN
Hello,Any idea?I would be grateful if someone could guide me.
Cheers.
On Wed, Aug 2, 2023 at 11:17 PM, Jason Long via
Openvpn-users wrote: Hello,To use
OpenVPN with a NIC that has multiple IP addresses set on it, I need to use the
following statement in the server configuration file
On Fri, Aug 4, 2023 at 12:59 PM, David Sommerseth
wrote: On 31.07.23 21:42, Jason Long via Openvpn-users wrote:
> Hello,Is it possible to set public IP addresses from different
> countries on one NIC?
This is a bit unclear. Generally, you assign multiple IP addresses to a
sing
Hello,To use OpenVPN with a NIC that has multiple IP addresses set on it, I
need to use the following statement in the server configuration file:
Local "Virtual IP"
But, when I use the following firewall rules and specify the virtual NIC,
OpenVPN network card and IP range, is there still a need f
On Tue, 1 Aug 2023 05:57:29 + (UTC), Jason Long via Openvpn-users
wrote:
>OK,
>in my use case I set up a VPN server on a public IP with the sole purpose to
>act
>as a connection point between an IoT device running on a LAN with no public IP
>available which we needed to acc
On 31.07.23 21:14, Jason Long wrote:
> On Mon, Jul 31, 2023 at 4:20 PM, Jochen Bern wrote: >>
> If, on the other hand, you'd like to type less, it's up to you to find
>> ways to make the rules less specific that still agree with whatever
>> *external* requirements you may have. For OpenVPN, the fo
On Mon, 31 Jul 2023 21:51:43 +0200, Gert Doering wrote:
>Hi,
>
>On Mon, Jul 31, 2023 at 09:11:31PM +0200, Bo Berglund wrote:
>> On Mon, 31 Jul 2023 18:52:07 +0000 (UTC), Jason Long via Openvpn-users
>> wrote:
>>
>> >What is the usage of the "client-
On Mon, Jul 31, 2023 at 11:49 PM, Jochen Bern wrote:
On 31.07.23 21:42, Jason Long via Openvpn-users wrote:
> Hello,Is it possible to set public IP addresses from different
> countries on one NIC?
> VPN provider companies provide VPN service with IP addresses of
> different c
1 - 100 of 143 matches
Mail list logo
