he non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de
signature.as
se of ip is not exactly esoteric -
setup ipv4/ipv6 addresses on tun if, add ipv4/ipv6 routes)
gert,
openvpn upstream
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany
ill not accept it (traditional
patch will, and complain about fuzz needed).
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49
is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de
pgpgX6iDB49Qz.pgp
at it, you could bump to upstream 2.3.7...
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025
that usually to be what I expect and want to happen)
Now, I'm not saying that this would be trivial to do, but tremendously
useful :-)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich
be needed and/or beneficial?
thanks,
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g
Hi,
On Wed, Sep 24, 2014 at 07:43:13PM +0200, Stefano De Carlo wrote:
Il 24/09/2014 18:30, Gert Doering ha scritto:
OpenVPN Upstream would recommend to go up to HEAD in git/master, aka
9048d50b0a27a724ad088dc4904eb4888b0bca87 - this is all openvpn-devel
anyway, but what we have in-tree
poke
users to upgrade, if needed).
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g
IPv6 addressing and not registered in DNS, while an attacker
on the same LAN just needs to ping ff02::1 to see them all, wide open...
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany
, he'll just target your PC first, and
jump from there to the devices on your LAN. Way easier in general)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany
is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de
pgp3MtiaZYaXj.pgp
Description
!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de
pgpG13MFLVJiR.pgp
Description: PGP signature
requirements.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu
).
The old model strong firewall, weak devices behind it is just a thing
not matching reality anymore...
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g
and 41027.
Will there be a backport to AA 12.09?
Seconded - that would be very welcome (because OpenVPN is vulnerable to
CVE-2014-0224).
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich
the output of some commands look like.
thanks,
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025
. (Noted :)).
Anyway, thanks for helping me gettings this off the ground. More questions
(and answers for the archive) to come :-)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany
!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de
pgpj0iFsvpaNY.pgp
Description: PGP signature
/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de
pgpXyce0NB9VQ.pgp
Description: PGP signature
___
openwrt-devel mailing list
openwrt-devel
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de
pgpnvZ5qjUsp7.pgp
,
zone: wan
}
}
... so, something I am missing... :-/
thanks,
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89
Hi,
On Fri, May 02, 2014 at 10:56:07PM +0200, Gert Doering wrote:
May 2 22:47:09: IPv6 DHCP: Received SOLICIT from FE80::CC4F:57BB:3A1:93FD on
Vlan2
May 2 22:47:09: IPv6 DHCP: Option IA-NA(3) is not supported yet
May 2 22:47:09: IPv6 DHCP: Sending ADVERTISE to FE80::CC4F:57BB:3A1:93FD
Hi,
On Fri, May 02, 2014 at 10:56:07PM +0200, Gert Doering wrote:
... so, something I am missing... :-/
Oh well. First thing is I should have looked at 'ifstatus wan_6' which
indeed tells me WAN is working:
root@OpenWrt:/etc/config# ifstatus wan_6
{
up: false,
pending: true
part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de
pgpMFKHwsHgb4.pgp
Description: PGP signature
is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de
pgpBKyu5CNqOd.pgp
!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de
pgpfRH7MEuErv.pgp
Description: PGP signature
!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de
pgpHNoajovfYp.pgp
Description: PGP signature
___
openwrt-devel mailing list
is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de
pgpnb1ThllAtF.pgp
is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de
pgpYQjRRPMmfq.pgp
Description: PGP
. But that will not help UDP or other IP protocols.
Or accept IPv4 fragmentation...
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax
the fragmentation on IPV4 ?
In that case, you'd need to drop the IPv4 packet. Gain? Zero :-)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g
)
then the packet is fragmented by the IPv4 Stack even if the MTU 1500 vs 1460
(40 is the size of ipv6 headers)
Any ideas ?
Pietro Paolini
pulsarpie...@aol.com
-Original Message-
From: Gert Doering g...@greenie.muc.de
To: OpenWrt Development List openwrt
broadcom bits are not there, so you plainly *can't*...
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025
!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de
pgpiw7ZUJ1cYA.pgp
Description: PGP signature
with A=1,
the user can use any address in that /64 they want. Which even holds
true for 3G networks that force link-local to very specific IDs.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering
://swupdate.openvpn.org/community/releases/openvpn-2.3.2.zip
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025
there...
(As far as OpenWRT goes, the necessary patches for 2.3.1 and 2.3.2 should
be the same)
gert,
speaking as OpenVPN maintainer
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany
/wiki/ChangesInOpenvpn23
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g
, server, 3G router
(using an USB UMTS dongle, with OpenVPN and IPv6 over OpenVPN), ...
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax
!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de
pgpVect2PRbsy.pgp
Description: PGP signature
___
openwrt
to get
back via link-local was useful, even if slightly cumbersome due to the
interface-dependent syntax fe80::1:2:3%eth0 on the client side)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich
that has working IPv6 and will push
IPv6 routes, to see that everything works, let me know and I'll set up
something.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany
/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de
pgpCoLgNDnuzN.pgp
Description: PGP signature
___
openwrt-devel mailing list
openwrt-devel
Hi,
On Wed, Sep 12, 2012 at 10:06:00AM +0800, Mirko Vogt wrote:
On 09/12/2012 03:30 AM, Gert Doering wrote:
Commited to openvpn upstream in cae102ae0c2ff934c456cd584cbf87a33cd95206
Nice - glad to see fixes get applied that fast upstream.
I also committed the fix into OpenWrt yesterday
!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de
pgpYSr2I6TI4O.pgp
Description: PGP signature
/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de
pgp0D5ABWgzvW.pgp
Description: PGP signature
___
openwrt-devel mailing list
openwrt-devel
We used to call ifconfig tun0 inet6 add The inet6 part is optional,
and not understood by busybox. So now we call ifconfig tun0 add ...,
which works on all supported Linux variants.
Tested on Gentoo, RHEL5+, Debian Lenny up.
Signed-off-by: Gert Doering g...@greenie.muc.de
---
src/openvpn
!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de
pgpsFGshyzjEw.pgp
Description: PGP signature
Hi,
On Tue, Sep 11, 2012 at 01:51:11PM +0200, Gert Doering wrote:
We used to call ifconfig tun0 inet6 add The inet6 part is optional,
and not understood by busybox. So now we call ifconfig tun0 add ...,
which works on all supported Linux variants.
Tested on Gentoo, RHEL5+, Debian
Hi,
On Tue, Sep 11, 2012 at 03:00:10PM +0200, Joachim Schlipper wrote:
Am 11.09.2012 13:53, schrieb Gert Doering:
Indeed, it's that simple. I have just sent a patch upstream to change
this in the openvpn git sources, as all non-busybox Linux versions
accept that syntax as well - so we
:-)
(As a side note heads up: we're likely going to tag the openvpn git
tree as 2.3_beta1 tomorrow or Friday)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de
, considered reasonable, ACKed).
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g
remove #include config.h from ssl_polarssl.h.
We'll get this fixed upstream in one way or the other, and I'll send
over a new commit ID with the fix.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering
!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de
pgpojLIGfkXnr.pgp
Description: PGP signature
want to
load - be it original linksys, dd-wrt or tomatoUSB :-) )
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025
/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de
pgpnFxq58EflH.pgp
Description: PGP signature
___
openwrt-devel mailing list
openwrt-devel
chairs on the titanic).
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g
are still
there.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu
today, but not with open
source components...)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025
-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de
pgpYFxWQZWPP8.pgp
Description: PGP
-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de
pgp9CNxWxuUdp.pgp
Description: PGP
!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de
pgpeFWWvjUy0p.pgp
Description: PGP signature
has been read, and not wait for the reader buffer to fill up.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025
!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de
pgpgd6wzN41Vm.pgp
Description: PGP signature
to find.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de
needed to do this
on Linux, no?
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g
with any solution at all)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g
the roboswitch stuff to swconfig?
(is this desirable?)
... basically trying to get some better understanding about the different
things involved here.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert
parallel VLANs, no matter
which VIDs or 802.1q VLAN IDs up to 15 (read: no way to use 920)?
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
pity.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de
/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de
pgpKSvs89AIM0.pgp
Description: PGP signature
___
openwrt-devel mailing list
openwrt-devel
problems in getting a certain platform to actually
*work*? Is there a howto or anything?
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g
Hi,
On Wed, Nov 24, 2010 at 08:16:35PM +0100, Florian Fainelli wrote:
On Wednesday 24 November 2010 19:46:54 Gert Doering wrote:
ping?
I have it committed locally, I will push this later tonight. Sorry about that.
Thanks!
(I know how busy you folks are, so I usually patiently wait
- or my local SVN is confused. I know I sent this last
time, but svn diff claims it's not in the repository right now...
Anyway, here's the output of svn update ; svn diff on the packages feed
tree...
Please include :-)
Signed-off-by: Gert Doering g...@greenie.muc.de
Index: openvpn-devel
(Kirkwood SoC).
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu
that...)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu
on 10.03/ar71xx with udp and tcp TUN, IPv4+IPv6 payload, tests passed.
Please include :-)
Signed-off-by: Gert Doering g...@greenie.muc.de
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich
Hi Florian,
On Sun, Aug 01, 2010 at 12:35:19AM +0200, Florian Fainelli wrote:
Le Wednesday 7 July 2010 10:46:50, Gert Doering a écrit :
[..]
OTOH, that package does not have any sort of IPv6 support, which means
that IPv6-on-OpenWRT users need to compile their own OpenVPN package,
which
!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
81 matches
Mail list logo