Stephan Scholz | 1 Apr 12:01 2004

Re: OpenVPN 2.0 -- Project Update and Release Notes

James,

this is amazing! :-))) I was happy to get the forking server working
with multiple clients in 1.6. But 2.0 sounds like a gem! Will give it a try ASAP.
Great work!

Stephan

--

-- 
Stephan Scholz <sscholz <at> astaro.com> | Development
Astaro AG | www.astaro.com | Phone +49-721-490069-0 | Fax -55

Awards for ASL:
- Nätverk & Kommunikation Magazine, Sweden: "Five Stars" - October 2003
- Linux Enterprise Readers' Choice Award: Best Firewall - October 2003
- LinuxWorld Product Excellence Award: Best Security Solution - August 2003
- "Excellent" Infoworld Magazine - August 2003

-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
James Yonan | 1 Apr 12:50 2004
Picon

Fwd: OpenVPN & OpenSSH x509 cert interop

Forwarded From: John Dhmioyrgos -- jd at teq org

> hi, just thought I'd suggest a link to
> http://roumenpetrov.info/openssh/
> (most popular OpenSSH x509 patchset) somewhere, as organizations looking
> to (ahem) leverage their new OpenVPN PKI may well be unaware of their
> ability to use the same certs for both VPN and SSH auth.
> 
> best regards,
> John

-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
James Yonan | 1 Apr 13:00 2004
Picon

Fwd: Annotated config files for Windows

Forwarded From: Mike Long m_long at telusplanet net

> Hi James.
> 
> First of all, thanks for the great product - I have only used OpenVPN
> for a short time, but have found it to be easy to use and quite
> powerful.  Compared to some other VPN solutions, configuration was a
> dream.  I have now set it up in both a Windows --> Windows, and Windows
> --> Linux environments and it is working great.
> 
> I though I would pass these along in case you were interested.  I took
> the configuration files from one of my windows -- > windows systems that
> is using a bridge (XP Pro on both sides).  I added notes from my own and
> your documentation as to what I was doing and why, and compiled a 'host'
> and 'client' setup file.
> 
> A lot of what is in here is already in your documentation, but I thought
> it might be useful as a 'cookbook' for anyone who wants to try the same
> setup.  Any areas that I had inital problems with I tried to explain so
> that, hopefully, it should be useful to others who had the same
> questions I did.
> 
> In any case, feel free to use some, all, or none of these - whatever
> suits you.  I hope to add to these for my own use in the short term
> future, and as I add RSA Keys/other improvements to my own setup.  I
> will pass them along as well if you are interested (or if I see any of
> this on the site :-).
> 
> Thanks very much again,
> Mike Long
(Continue reading)

James Yonan | 1 Apr 13:06 2004
Picon

Anyone using mrouted + tun interface on Linux?

Has anyone gotten mrouted to work over an OpenVPN tunnel using a tun interface?

mrouted dies on startup because it doesn't like the fact that the tun
interface has a subnet mask of 255.255.255.255.

James

>>Here's the excerpt from mrouted:
>>
>>/*
>>  * Verify that a given subnet number and mask pair are credible.
>>  *
>>  * With CIDR, almost any subnet and mask are credible.  mrouted still
>>  * can't handle aggregated class A's, so we still check that, but
>>  * otherwise the only requirements are that the subnet address is
>>  * within the [ABC] range and that the host bits of the subnet
>>  * are all 0.
>>  */

-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
Juan Rodriguez Hervella | 1 Apr 13:56 2004
Picon

Re: Anyone using mrouted + tun interface on Linux?

On Thursday 01 April 2004 13:06, James Yonan wrote:
> Has anyone gotten mrouted to work over an OpenVPN tunnel using a tun
> interface?
>
> mrouted dies on startup because it doesn't like the fact that the tun
> interface has a subnet mask of 255.255.255.255.
>
> James
>

I've never used mrouted, but I see that the "man mrouted" of
FreeBSD says something related to tunnel configuration:

[...snipped...]
  In order to support multicasting among subnets that are separated by
     (unicast) routers that do not support IP multicasting, mrouted includes
     support for "tunnels", which are virtual point-to-point links between
     pairs of multicast routers located anywhere in an internet.  IP multicast
     packets are encapsulated for transmission through tunnels, so that they
     look like normal unicast datagrams to intervening routers and subnets.
     The encapsulation is added on entry to a tunnel, and stripped off on exit
     from a tunnel.  The packets are encapsulated using the IP-in-IP protocol
     (IP protocol number 4).
[...snipped....]

[...snipped...]
    The third section of the configuration file, also optional, describes the
     configuration of any DVMRP tunnels this router might have.

     tunnel local-addr|ifname remote-addr|remote-hostname
(Continue reading)

James MacLean | 1 Apr 15:09 2004
Picon

Re: Anyone using mrouted + tun interface on Linux?

Hi James,

We use mrouted over OpenVPN tunnels here. Some points:

. If you want to use the TUN as and mrouted leg, it can not be
  255.255.255.255 :). Also they must have multicast enabled
  on the interfaces.

. If you don't want that TUN as an MCast pariticipant and it has a
  subnet on it (not 255.255.255.255 :)), use the disable 
  mrouted.conf option. Beware though that the tun must be active
  when you start mrouted or it will fail saying you have an error
  in your mrouted.conf file.

. We have run mrouted on the tunnels, but currently are tunneling 
  MultiCast using the mrouted tunnel option. These mrouted tunnels
  are working both inside and outside of the OpenVPN tunnels. You
  may recall me asking about getting 1500 to pass through OpenVPN
  because MCast care not for MTU discovery :). Part of the decision
  was based on the need to only have 2 IPs and no subnet to tunnel, 
  but would have to break out subnets to do it the other way.

. Make certain ipip module is loaded. If it isn't and you start up
  mrouted, it will appear to be going along fine and then just 
  end :(. Also, for debugging, try :

  mrouted -d packet,routing,cache,neighbors,interface,pruning,membership,route_detail

. As of linux 2.6, you need to allow traffic to MCast 224.0.0.0/4 in
  FORWARD rules in an unusual way. Put a -j LOG at the end of your
(Continue reading)

Jochen Vogel | 1 Apr 15:28 2004
Picon

Server to multiple sensors help needed

Hi,

I have the following problem.
I must encyrpt the connection
from server to multiple sensors on the controld and
from multiple sensors to server on mysql back

 Server		 Firewall		 Sensor 1
|------|		|--------|		|--------|
|      |--------->|        |------->|controld|
|      |<---------|        |<-------|        |
|      |		|	   |		|--------|
| MySQL|          |     NAT|      
|      |          |        |         Sensor n
|      |		|        |		|--------|
|	 |--------->|        |------->|controld|
|      |<---------|        |<-------|        |
|------|          |--------|       	|--------|

Can please someone give me an example to do this.

-can i work with one openvpn port on the server?
-is it possible to use shared keys?
-is it possible to create a tcp tunnel from the server to the sensor and use
it for the backward mysql connection?

Thx for help
jo

-------------------------------------------------------
(Continue reading)

Kevin P. Fleming | 1 Apr 17:00 2004

Re: Anyone using mrouted + tun interface on Linux?

James Yonan wrote:

> Has anyone gotten mrouted to work over an OpenVPN tunnel using a tun interface?
> 
> mrouted dies on startup because it doesn't like the fact that the tun
> interface has a subnet mask of 255.255.255.255.

Yes, I am using mrouted over OpenVPN tunnels using tun interfaces. 
However, like the other responder, I am using mrouted tunnels over the 
OpenVPN tunnels. I would have preferred to have mrouted work directly 
over the tun interface, but was unable to get that working in a 
reasonable period of time.

-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
John Locke | 1 Apr 20:52 2004

Re: More openVPN setup questions

On Wed, 2004-03-31 at 10:14, Michael Kelly wrote:
> Hello again John,
> 
> Okay I finally got into the setup of openVPN. Just to test the systems
> I utilized the sample static-office.conf and static-home.conf and things
> started fine. I am able to ping the office machine from home with the IP
> 10.1.0.1 and ping the home machine from the office with 10.1.0.2 and
> that is about where I have got to for now.
> 
> I began re-reading your suggestions for setup and I have a few
> questions but I will reiterate my setup first
> 
> - main office has static IP address and all computers are behind a
> hardware router. Samba server running in main office as well as apache
> machine (this is running openVPN)
> 
> - remote office has dynamic IP and all computers are behind a hardware
> router. There will be a dedicated Linux box to run openVPN (it is
> currently at my home for testing but my home has a dynamic IP and is
> behind a hardware router)
> 
> - no computers in either office are part of a domain
> 
> Questions:
> 
> First let me just say that I am still trying to gain an understanding
> of all of the concepts involved by learning as I do
> 
> I will post questions throughout your setup suggestions where I am not
> clear on something
(Continue reading)

René Pedersen | 2 Apr 12:43 2004
Picon
Picon

howto change gateway???

Hi,

I have succesfully set up a tunnel between my windoze xp and my linux samba
server with openvpn.

Network:

linux(samba-server) with OpenVPN
on LAN
tunnel ip(10.3.0.1)
lan ip(192.168.2.37)
	|
(192.168.2.1)
Firewall-box
(192.168.1.2)
	|
(192.168.1.1)
ADSL modem
wan ip(x.x.x.x)
	|
Internet
	|
wan ip(y.y.y.y)
Cable modem
(192.168.1.1)
	|
(192.168.1.2)
Firewall
(192.168.2.1)
	|
(Continue reading)


Gmane