newbie - need LDAP configuration

------------------------------------------------------------------------------
Virtualization & Cloud Management Using Capacity Planning
Cloud computing makes use of virtualization - but cloud computing 
also focuses on allowing computing to be delivered as a service.
http://www.accelacomm.com/jaw/sfnl/114/51521223/

_______________________________________________
Openvpn-users mailing list
Openvpn-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

filter mac address on bridge br0

------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d

_______________________________________________
Openvpn-users mailing list
Openvpn-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

VPN up, routing looks good but packets vanishing

Greetings all,

To extend on the subject, I am running OpenBSD 4.9( openvpn-2.1.4) on the
VPN server side  and OpenBSD 5.0(openvpn-2.1.4) on the VPN client side.  I
have successfully connected the VPN from the client to the server and can
ping both endpoints of the tunnel from either side.  The problem occurs
when I try to ping through the tunnel from the server side to an
IP/network on the client side other than the vpn client itself.

My network looks (roughly) like this:

server side pvt net-----vpn server(vpn01)--- internet----
                                                            |
client side pvt nets-----client vpn machine(apmobsd50)---

   VPN server 10.8.0.1---------VPN clent 10.8.0.6

 From the Server side I can ping throught to the client just fine:

# hostname
vpn01
# ping 10.8.0.6
PING 10.8.0.6 (10.8.0.6): 56 data bytes
64 bytes from 10.8.0.6: icmp_seq=0 ttl=255 time=21.618 ms
64 bytes from 10.8.0.6: icmp_seq=1 ttl=255 time=15.959 ms
64 bytes from 10.8.0.6: icmp_seq=2 ttl=255 time=16.455 ms
64 bytes from 10.8.0.6: icmp_seq=3 ttl=255 time=16.183 ms
64 bytes from 10.8.0.6: icmp_seq=4 ttl=255 time=16.414 ms
--- 10.8.0.6 ping statistics ---
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 15.959/17.325/21.618/2.159 ms

# hostname
vpn01
# tcpdump -ttt -e -nvi tun1 icmp
tcpdump: listening on tun1, link-type LOOP
Feb 06 07:58:42.924204 10.8.0.1>  10.8.0.6: icmp: echo request (id:fcef
seq:0) (ttl 255, id 45718, len 84)
Feb 06 07:58:42.945622 10.8.0.6>  10.8.0.1: icmp: echo reply (id:fcef
seq:0) (ttl 255, id 35066, len 84)
Feb 06 07:58:43.925483 10.8.0.1>  10.8.0.6: icmp: echo request (id:fcef
seq:1) (ttl 255, id 35693, len 84)
Feb 06 07:58:43.941367 10.8.0.6>  10.8.0.1: icmp: echo reply (id:fcef
seq:1) (ttl 255, id 46280, len 84)
Feb 06 07:58:44.935548 10.8.0.1>  10.8.0.6: icmp: echo request (id:fcef
seq:2) (ttl 255, id 27668, len 84)
Feb 06 07:58:44.951932 10.8.0.6>  10.8.0.1: icmp: echo reply (id:fcef
seq:2) (ttl 255, id 31581, len 84)
Feb 06 07:58:45.945649 10.8.0.1>  10.8.0.6: icmp: echo request (id:fcef
seq:3) (ttl 255, id 32461, len 84)
Feb 06 07:58:45.961761 10.8.0.6>  10.8.0.1: icmp: echo reply (id:fcef
seq:3) (ttl 255, id 39723, len 84)
Feb 06 07:58:46.955749 10.8.0.1>  10.8.0.6: icmp: echo request (id:fcef
seq:4) (ttl 255, id 11295, len 84)
Feb 06 07:58:46.972091 10.8.0.6>  10.8.0.1: icmp: echo reply (id:fcef
seq:4) (ttl 255, id 4699, len 84)
^C
10 packets received by filter
0 packets dropped by kernel

# hostname
apmobsd50
# tcpdump -ttt -e -nvi tun0 icmp
tcpdump: listening on tun0, link-type LOOP
Feb 06 07:58:42.934197 10.8.0.1>  10.8.0.6: icmp: echo request (id:fcef
seq:0) (ttl 255, id 45718, len 84)
tcpdump: WARNING: compensating for unaligned libpcap packets
Feb 06 07:58:42.934219 10.8.0.6>  10.8.0.1: icmp: echo reply (id:fcef
seq:0) (ttl 255, id 35066, len 84)
Feb 06 07:58:43.930074 10.8.0.1>  10.8.0.6: icmp: echo request (id:fcef
seq:1) (ttl 255, id 35693, len 84)
Feb 06 07:58:43.930086 10.8.0.6>  10.8.0.1: icmp: echo reply (id:fcef
seq:1) (ttl 255, id 46280, len 84)
Feb 06 07:58:44.940225 10.8.0.1>  10.8.0.6: icmp: echo request (id:fcef
seq:2) (ttl 255, id 27668, len 84)
Feb 06 07:58:44.940239 10.8.0.6>  10.8.0.1: icmp: echo reply (id:fcef
seq:2) (ttl 255, id 31581, len 84)
Feb 06 07:58:45.950323 10.8.0.1>  10.8.0.6: icmp: echo request (id:fcef
seq:3) (ttl 255, id 32461, len 84)
Feb 06 07:58:45.950336 10.8.0.6>  10.8.0.1: icmp: echo reply (id:fcef
seq:3) (ttl 255, id 39723, len 84)
Feb 06 07:58:46.960871 10.8.0.1>  10.8.0.6: icmp: echo request (id:fcef
seq:4) (ttl 255, id 11295, len 84)
Feb 06 07:58:46.960886 10.8.0.6>  10.8.0.1: icmp: echo reply (id:fcef
seq:4) (ttl 255, id 4699, len 84)
^C
10 packets received by filter
0 packets dropped by kernel

When I try to ping from the server(vpn01) through the client(apmobsd50) to
a network/IP on the client side internal networks (using 10.5.29.92), the
packets look like they are going down the tunnel correctly but
they never show up as writing to the tunnel when I have logging turned up
and I never see them on the client side when listneing with tcpdump. I do
have routing information set up, done multiple ways, used both 10.8.0.1
and 10.8.0.2 as the gateway, on the VPN server side so the packets
will(should) know where to go.

# hostname
apmobsd50
# ping 10.5.29.92
PING 10.5.29.92 (10.5.29.92): 56 data bytes
64 bytes from 10.5.29.92: icmp_seq=0 ttl=59 time=8.958 ms
64 bytes from 10.5.29.92: icmp_seq=1 ttl=59 time=8.974 ms
--- 10.5.29.92 ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 8.958/8.966/8.974/0.008 ms

# hostname
vpn01.entiret.com
# ping 10.5.29.92
PING 10.5.29.92 (10.5.29.92): 56 data bytes
--- 10.5.29.92 ping statistics ---
8 packets transmitted, 0 packets received, 100.0% packet loss

# hostname
vpn01
# tcpdump -ttt -e -nvi tun1 icmp
tcpdump: listening on tun1, link-type LOOP

Feb 06 08:07:33.556975 10.8.0.1>  10.5.29.92: icmp: echo request (id:23f6
seq:0) (ttl 255, id 23031, len 84)
Feb 06 08:07:34.558122 10.8.0.1>  10.5.29.92: icmp: echo request (id:23f6
seq:1) (ttl 255, id 33084, len 84)
Feb 06 08:07:35.568179 10.8.0.1>  10.5.29.92: icmp: echo request (id:23f6
seq:2) (ttl 255, id 35684, len 84)
Feb 06 08:07:36.578276 10.8.0.1>  10.5.29.92: icmp: echo request (id:23f6
seq:3) (ttl 255, id 57256, len 84)
Feb 06 08:07:37.588382 10.8.0.1>  10.5.29.92: icmp: echo request (id:23f6
seq:4) (ttl 255, id 14535, len 84)
Feb 06 08:07:38.598477 10.8.0.1>  10.5.29.92: icmp: echo request (id:23f6
seq:5) (ttl 255, id 64258, len 84)
Feb 06 08:07:39.608578 10.8.0.1>  10.5.29.92: icmp: echo request (id:23f6
seq:6) (ttl 255, id 17072, len 84)
Feb 06 08:07:40.618674 10.8.0.1>  10.5.29.92: icmp: echo request (id:23f6
seq:7) (ttl 255, id 15968, len 84)
^C
8 packets received by filter
0 packets dropped by kernel

# hostname
apmobsd50
# tcpdump -ttt -e -nvi tun0 icmp
tcpdump: listening on tun0, link-type LOOP

^C
0 packets received by filter
0 packets dropped by kernel

Firewalls don't appear to be the issue either:

# hostname
vpn01
PING 10.5.29.92 (10.5.29.92): 56 data bytes
--- 10.5.29.92 ping statistics ---
35 packets transmitted, 0 packets received, 100.0% packet loss

# hostname
vpn01
# tcpdump -ttt -e -nvi pflog0 icmp
tcpdump: WARNING: snaplen raised from 116 to 160
tcpdump: listening on pflog0, link-type PFLOG

^C
0 packets received by filter
0 packets dropped by kernel

# hostname
apmobsd50
# tcpdump -ttt -e -nvi pflog0 icmp
tcpdump: WARNING: snaplen raised from 116 to 160
tcpdump: listening on pflog0, link-type PFLOG
^C
271 packets received by filter
0 packets dropped by kernel

I can't figure out why openvpn doesn't see the packets traversing the
tunnel and using bandwidth.  When I set logging to "verb 5", and am
able to ping from the server side to the client side, I see the
wrwrwrwrwrw activity in the logs, however when trying to go through the
vpn to 10.5.29.92, it doesn't log anything.

Here are my configs and network information.

(VPN SERVER)
# hostname
vpn01
# ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST>  mtu 33200
         priority: 0
         groups: lo
         inet6 ::1 prefixlen 128
         inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
         inet 127.0.0.1 netmask 0xff000000
fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST>  mtu 1500
         lladdr 00:02:b3:97:13:3c
         priority: 0
         groups: egress
         media: Ethernet autoselect (100baseTX full-duplex)
         status: active
         inet6 fe80::202:b3ff:fe97:133c%fxp0 prefixlen 64 scopeid 0x1
         inet 192.168.27.9 netmask 0xffffff00 broadcast 192.168.27.255
enc0: flags=0<>
         priority: 0
         groups: enc
         status: active
pflog0: flags=141<UP,RUNNING,PROMISC>  mtu 33200
         priority: 0
         groups: pflog
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST>  mtu 1500
         priority: 0
         groups: tun
         status: active
         inet 10.7.0.1 -->  10.7.0.2 netmask 0xffffffff
tun2: flags=9843<UP,BROADCAST,RUNNING,SIMPLEX,LINK0,MULTICAST>  mtu 1500
         lladdr fe:e1:ba:dd:29:91
         priority: 0
         groups: tun
         status: active
         inet 10.12.0.1 netmask 0xffffff00 broadcast 10.12.0.255
         inet6 fe80::fce1:baff:fedd:2991%tun2 prefixlen 64 scopeid 0xb
tun3: flags=9843<UP,BROADCAST,RUNNING,SIMPLEX,LINK0,MULTICAST>  mtu 1500
         lladdr fe:e1:ba:df:6a:de
         priority: 0
         groups: tun
         status: active
         inet 10.10.0.1 netmask 0xffffff00 broadcast 10.10.0.255
         inet6 fe80::fce1:baff:fedf:6ade%tun3 prefixlen 64 scopeid 0xc
tun1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST>  mtu 1500
         priority: 0
         groups: tun
         status: active
         inet 10.8.0.1 -->  10.8.0.2 netmask 0xffffffff
# netstat -rnf inet
Routing tables

Internet:
Destination        Gateway            Flags   Refs      Use   Mtu  Prio Iface
default            192.168.27.254     UGS        7    21714     -     8 fxp0
10.5.29/24         10.8.0.2           UGS        0      189     -     8 tun1
10.7.0/24          10.7.0.2           UGS        2     4116     -     8 tun0
10.7.0.2           10.7.0.1           UH         1        0     -     4 tun0
10.8.0/24          10.8.0.2           UGS        0       30     -     8 tun1
10.8.0.2           10.8.0.1           UH         2        0     -     4 tun1
10.10.0/24         link#12            UC         0        0     -     4 tun3
10.12.0/24         link#11            UC         0        0     -     4 tun2
127/8              127.0.0.1          UGRS       0        0 33200     8 lo0
127.0.0.1          127.0.0.1          UH         0       70 33200     4 lo0
192.168.27/24      link#1             UC         1        0     -     4 fxp0
192.168.27.254     00:03:47:0a:45:0c  UHLc       1       11     -     4 fxp0
224/4              127.0.0.1          URS        0        0 33200     8 lo0

# cat vpn.conf
mode server
local 192.168.27.9
port 1195
proto udp
dev tun1
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/vpn01.crt
key /etc/openvpn/wkeys/vpn01.key
dh /etc/openvpn/keys/dh2048.pem
tls-auth /etc/openvpn/keys/ta.key 0
server 10.8.0.0 255.255.255.0
route 10.5.29.0 255.255.255.0 10.8.0.2
ifconfig-pool-persist /tmp/ipp.txt
keepalive 10 120
comp-lzo
user _openvpn
group _openvpn
persist-key
persist-tun
chroot /var/empty
status /var/log/vpn-status.log
log-append  /var/log/vpn.log
verb 2

#

(VPN CLIENT)
# hostname
apmobsd50

# ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST>  mtu 33152
         priority: 0
         groups: lo
         inet6 ::1 prefixlen 128
         inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
         inet 127.0.0.1 netmask 0xff000000
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST>  mtu 1500
         lladdr 00:25:64:ab:6c:0b
         priority: 0
         groups: egress
         media: Ethernet autoselect (100baseTX full-duplex)
         status: active
         inet6 fe80::225:64ff:feab:6c0b%em0 prefixlen 64 scopeid 0x1
         inet 10.6.116.161 netmask 0xfffffe00 broadcast 10.6.117.255
xl0: flags=8a43<UP,BROADCAST,RUNNING,ALLMULTI,SIMPLEX,MULTICAST>  mtu 1500
         lladdr 00:60:97:9f:af:80
         priority: 0
         media: Ethernet autoselect (100baseTX full-duplex)
         status: active
         inet 192.168.13.254 netmask 0xffffff00 broadcast 192.168.13.255
         inet6 fe80::260:97ff:fe9f:af80%xl0 prefixlen 64 scopeid 0x2
enc0: flags=0<>
         priority: 0
         groups: enc
         status: active
pflog0: flags=141<UP,RUNNING,PROMISC>  mtu 33152
         priority: 0
         groups: pflog
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST>  mtu 1500
         priority: 0
         groups: tun
         status: active
         inet 10.8.0.6 -->  10.8.0.5 netmask 0xffffffff
tun1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST>  mtu 1500
         priority: 0
         groups: tun
         status: active
         inet 10.7.0.6 -->  10.7.0.5 netmask 0xffffffff

# netstat -rnf inet
Routing tables

Internet:
Destination        Gateway            Flags   Refs      Use   Mtu  Prio Iface
default            10.6.116.1         UGS       16   825487     -     8 em0
10.6.116/23        link#1             UC         2        0     -     4 em0
10.6.116.1         00:26:0b:de:3e:52  UHLc       2        1     -     4 em0
10.6.116.2         00:1f:9e:9b:d3:54  UHLc       0        0     -     4 em0
10.6.116.161       127.0.0.1          UGHS       0        0 33152     8 lo0
10.7.0.1/32        10.7.0.5           UGS        3    18699     -     8 tun1
10.7.0.5           10.7.0.6           UH         1        0     -     4 tun1
10.8.0.1/32        10.8.0.5           UGS        0    13916     -     8 tun0
10.8.0.5           10.8.0.6           UH         1        0     -     4 tun0
127/8              127.0.0.1          UGRS       0        0 33152     8 lo0
127.0.0.1          127.0.0.1          UH         2    64502 33152     4 lo0
192.168.13/24      link#2             UC         1        0     -     4 xl0
192.168.13.33      00:15:60:c4:42:9a  UHLc       3  5448937     - L   4 xl0
224/4              127.0.0.1          URS        0        2 33152     8 lo0

# cat /etc/openvpn/client.conf
client
nobind
dev tun0
proto udp
remote 24.26.229.61 1195
persist-key
persist-tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/apmobsd50.crt
key /etc/openvpn/apmobsd50.key
tls-auth /etc/openvpn/ta.key  1
tls-client
remote-cert-tls server
comp-lzo
chroot /var/empty
status /var/log/vpn-status.log
log-append  /var/log/vpn.log
verb 5
user _openvpn
group _openvpn
#

Any help greatly appreciated!!!

TIA,

Aaron

------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d

Windows 7 cannot map drives

Hi,

I have an openvpn server (ipcop 1.21 + latest zerina) used to provide remote access to adminster a bunch of linux and windows servers. Now some users want to use this for remote access to network shares.

Using windows xp, everything works fine. But using Windows 7, it doesn't.

The VPN connection is Ok. I can ssh to linux servers and access intenal web servers from windows 7. I can even access network shares on the linux samba domain controller.

But I cannot access network shares from other samba file server, which is a member of the same domain. Windows XP does this fine, only windows 7 who doesn't. windows 7 complains a logon server was not found.

I login on the windows 7 computer using the domain user cached profile. When plugged into the local network the same has no problem to access the same network shares.

Using openvpn 2.2.2 on the client machines. Any ideas ?


[]s, Fernando Lozano

------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2

_______________________________________________
Openvpn-users mailing list
Openvpn-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Re: run a script when connection made

On Wed, Feb 1, 2012 at 10:00 PM, Davide Brini <dave_br <at> gmx.com> wrote:
> On Wed, 1 Feb 2012 21:52:23 +0800, "ian sison (mailing list)"
> <ian.sison <at> gmail.com> wrote:
>
>> >> That's actually what i'm trying to find out.  Someone at the forums
>> >> suggested client-connect and client-disconnect.  Which may be useful
>> >> to some people, but not to me as these options are only for openvpn
>> >> running in server mode.
>> >>
>> >> What i cannot find is a script that will be triggered on the client
>> >> when a connection is established, much like pppd's ip-up and ip-down
>> >> script which only get called when the P2P session is established. Does
>> >> anyone know of a way to implement similar functionality?
>> >>
>> >> I really need to have routes _NOT_ appear on the routing table when
>> >> there is no P2P openvpn connection, so that simple route metrics will
>> >> choose an alternative route if the direct via openvpn tun is not
>> >> available.
>> >
>> > What about --up and --route-up script hooks?  They're designed for the
>> > client side.  You can also add --up-delay to postpone calling the --up
>> > script until after the TCP/UDP connection is established.
>> >
>>
>> The --up and --route-up immediately bring up the routes regardless of
>> connection status with the peer.  I've tried it and confirmed it.
>> I've not tried the --up-delay yet.  The man page description seems to
>> be what I need.
>
> I may be misunderstanding something, but how about having the peer push the
> routes? That way, if the connection doesn't come up, the routes aren't
> created.
>
> --
> D.

Well that's another way to do it :)
Thanks i'll check this out.

------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d

client-disconnect script

------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2

_______________________________________________
Openvpn-users mailing list
Openvpn-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Entra nella mia rete su LinkedIn

------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2

_______________________________________________
Openvpn-users mailing list
Openvpn-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Openvpn 2.2 IPv6 MTU issue

Hi,

I have been using OpenVPN for quite a while now to bring IPv6 to
places that don't have IPv6. I am on Debian, and I use the OpenVPN
2.2.0-2 from Debian. I don't know whether this has its support for
IPv6 payload in tunnel mode patched in or Berni's and Gert's patches
have been accepted upstream in 2.2.

When I use the tunnelk to download data from an IPv6 only server, for
example .iso images or debian packages, the link is vastly slow. I get
data rates of sometimes well below 100 kbyte/s, although there is no
congestion in any parts of the network.

I have investigated a little bit. This is my setup:

--------------
| Web Server |
--------------
      |
      |
  -------------------Internet-----------------
  |                                          |
  |                                          |
  | VDSL                            Ethernet | x:y:z:0::a/64
----------                              ----------
| Router |                              | torres |
----------                              ----------
  | Ethernet
  |
  -------------Internal network---------------
  |                                          |
  | x:y:z:1::b/64                            | x:y:z:1::d/64
-------                                   -------
| fan |                                   | tap |
-------                                   -------
  | x:y:z:2::b/64
  |
  | x:y:z:3::c/64
------------
| spinturn |
------------

torres has native IPv6 and IPv4 and runs an OpenVPN server. x:y:z::/48
is routed to torres by the ISP.

tap is a an OpenVPN client connecting to torres. The tunnel has an
IPv4 and an IPv6 transfer network (x:y:z:f::/64 with torres being ::a
and tap being ::d). tap does also route IPv6 for the Internal network
and the VM network behind fan. All routing is set up so that I can
ping the Internet and all internal and external hosts (webserver,
torres, fan, tap, spinturn) via IPv6. TCP Connections are fine as
well, I use ssh over this setup all day.

I have not set any fragment and mtu settings on both server and client.

When I try downloading a big file from the web server to spinturn,
download is sometimes very slow, sometimes not so slow, but never in
the same speed dimension as IPv4. When I tcpdump on torres' interface,
I see the server sending IPv6 packets of size 1514 on wire. When those
packets are encapsulated into the OpenVPN link, I see UDP packets of
alternating sizes of 1514 bytes and 119 bytes sent to tap.

I would have expected OpenVPN to calculate the MTU of the tunnel and
allow PMTUD to work. That way, the Web server would reduce its packet
size so that a single TCP packet from the web server would be small
enough to be able to be transported in a single UDP packet.

Am I supposed to intervene manually to make this happen? I suspect
that OpenVPN is not aware that the tunnel overhead is bigger for IPv6
than for IPv4, But the 119 byte fragments don't fit into that suspicion.

What am I doing wrong?

Greetings
Marc

--

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 31958061
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 31958062

------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2

Re: Openvpn-users Digest, Vol 68, Issue 8

> ------------------------------
> 
> Message: 3
> Date: Thu, 26 Jan 2012 10:58:14 -0600
> From: "John A. Wallace" <jw72253 <at> verizon.net>
> Subject: [Openvpn-users] openvpn-connect
> To: <openvpn-users <at> lists.sourceforge.net>
> Message-ID: <000001ccdc4b$b1c46d80$154d4880$@net>
> Content-Type: text/plain; charset="us-ascii"
> 
> Hello.  Recently I was looking at what I thought at the time was an
> upgrade
> to my existing installation of OpenVPN, but at this point I am
> beginning to
> think that it was something else with a similarly sounding name,
> OpenVPN
> Connect. The program does appear to use OpenVPN for its connection
> technology, but there are also some differences in its appearance and
> behavior.  I believe that this company is affiliated with a company
> called
> Private Tunnel and another called Cloudfare.  Are you aware of any of
> these
> companies, and are they supposed to be providing your product as if it
> were
> theirs?

Please disregard this question from message #3 as it was not adequately
explained or detailed for clarity.  The next question, number 4, does
explain my issue sufficiently. Thank you and sorry for the inconvenience.

 
> ------------------------------
> 
> Message: 4
> Date: Thu, 26 Jan 2012 13:41:54 -0600
> From: "John A. Wallace" <jw72253 <at> verizon.net>
> Subject: [Openvpn-users] different versions of openVPN
> To: <openvpn-users <at> lists.sourceforge.net>
> Message-ID: <000001ccdc62$8eac3d20$ac04b760$@net>
> Content-Type: text/plain; charset="us-ascii"
> 
> Hello. I have a couple of questions about openVPN...
> 
> first, why is there a difference in these two OpenVPN programs:
> 
> http://swupdate.openvpn.org/downloads/shield/openvpn-connect.msi
> 
> http://swupdate.openvpn.org/community/releases/openvpn-2.2.2-
> install.exe
> 
> As both were downloaded from  https://www.openvpn.net/
> 
> second, what is the difference in these two adaptors:
> 
> "tap-win32 adapter V9"
> 
> which was installed by the program from the 1st link above.
> 
> And the other adaptor:
> 
> "tap-win32 adapter OAS"
> 
> which was installed by the program from the 2nd link above
> 
> In addition, the first one, without prompting from me, periodically
> attempts
> to connect to the
> 
> internet address 199.27.135.39:80
> 
> Thanks.

------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d

different versions of openVPN

------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d

_______________________________________________
Openvpn-users mailing list
Openvpn-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

openvpn-connect

------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d

_______________________________________________
Openvpn-users mailing list
Openvpn-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users