--- Day changed Sun Jan 01 2012 00:11 -!- zeshooem [~zee@bas1-toronto46-1177856379.dsl.bell.ca] has joined #openvpn 00:11 -!- zeshooem [~zee@bas1-toronto46-1177856379.dsl.bell.ca] has quit [Remote host closed the connection] 00:12 -!- zeshoem [~zee@bas1-toronto46-1177856379.dsl.bell.ca] has quit [Ping timeout: 268 seconds] 00:32 -!- UnterPerro_ [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 00:32 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Read error: Connection reset by peer] 00:32 -!- UnterPerro_ is now known as UnterPerro 01:20 -!- Some_Person [~Some_Pers@unaffiliated/someperson/x-249303] has quit [Read error: Connection reset by peer] 01:22 -!- Some_Person [~Some_Pers@unaffiliated/someperson/x-249303] has joined #openvpn 01:24 <@vpnHelper> RSS Update - forum: I Need Auto-reconnect when it drops connection 01:54 -!- resha [70c64e7e@gateway/web/freenode/ip.112.198.78.126] has joined #openvpn 01:56 < resha> hello, our ISP is using their own dns servers and if I use other dns servers like 8.8.8.8, I can blocked. what is my workaround on this to be used with openvpn? 01:58 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Read error: Connection reset by peer] 01:58 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 01:59 < hyper_ch> resha: I don't understand the problem 02:01 < resha> hyper_ch: i am using mobile broadband. when I put 8.8.8.8 on the broadband device, I cant connect to internet. but if I use their dns server, it connects to internet. I suppose they use their dns server to block openvpn traffic. 02:02 < hyper_ch> I still don't understand what works, what doesn't and what you try to achieve 02:02 < hyper_ch> !goal 02:02 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc 02:02 < hyper_ch> !welcome 02:02 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 02:04 < resha> hyper_ch: the problem is I cannot get through the internet with using isp dns server. 02:04 < hyper_ch> you don't need dns to access the internet 02:04 < hyper_ch> but I still have no clue what works when and what doesn't 02:05 < hyper_ch> yo have problems with vpn or not 02:05 < hyper_ch> do you run your own vpn server 02:06 < resha> i run my own vpn server. and the client cant access the internet. it seems that the ISP is using their own dns server that blocks openvpn traffic. if I use other dns server, I cant access internet still. 02:07 < hyper_ch> I still have no clue what works and what not 02:07 < hyper_ch> and you can access internet even without dns 02:08 < hyper_ch> I give up 02:08 < resha> works means able to access internet 02:09 < resha> yes i can access internet if that is without vpn traffic 02:09 < resha> but if with vpn traffic, i cant access internet 02:14 -!- magicblaze007 [~magicblaz@c-68-63-40-199.hsd1.fl.comcast.net] has joined #openvpn 02:16 <@vpnHelper> RSS Update - forum: Can't find the solution to this anywere. Hope you can! 02:18 -!- resha [70c64e7e@gateway/web/freenode/ip.112.198.78.126] has quit [Quit: Page closed] 02:23 -!- magicblaze007 [~magicblaz@c-68-63-40-199.hsd1.fl.comcast.net] has quit [Quit: Leaving.] 02:44 -!- Some_Person [~Some_Pers@unaffiliated/someperson/x-249303] has left #openvpn ["Leaving"] 03:04 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Quit: UnterPerro lives to save another day] 03:24 < Doktor_J> am i alive here? 03:24 < Doktor_J> yay 03:25 < Doktor_J> resha: a DNS server is technically incapable of "blocking openvpn traffic". a *router* (or gateway) may be able to do so, but a DNS server is not. 03:32 < Doktor_J> the DNS server may choose to ignore your request to resolve a hostname (such as if you're using a well-known dynamic DNS provider such as dyndns.org for the VPN server, and for whatever reason the ISP feels it necessary to block access to dynamic DNS hosts) 03:33 <@vpnHelper> RSS Update - forum: OpenVPN with Google authenticator like 2FA (windows client) 03:33 < Doktor_J> but if you can figure out another way to get your VPN server's actual IP address (such as having it figure it out via whatismyip.org, and then emailing it to yourself -- or the end user -- every 12 hours or so) 03:34 < Doktor_J> you could just configure the client to connect directly to the IP, and the DNS server would be completely removed from the equation 03:35 < Doktor_J> what is more likely though is that the ISP (perhaps a work or school connection?) is blocking VPN traffic, or at least the standard OpenVPN port, via an upstream gateway 03:35 < Doktor_J> first thing to try is moving the VPN server to a non-standard port... try 1294 for example. 03:36 < Doktor_J> if that doesn't work, you could try moving your VPN server to a port that is commonly used for other standard services, such as 443 (HTTPS) 03:37 < Doktor_J> often times such network filtering will allow carte-blanche access on well-known, well-used ports such as that 03:40 < Doktor_J> i would also suggest enabling tls-auth on the server (and client too of course), which might make the data look more like HTTPS-ish traffic, if the network filters are actually inspecting the data transfer 03:40 < Doktor_J> i'm not sure if doing so results in the handshake being encrypted though, because if it doesn't, then the filters might catch the openvpn handshake and abort the connection right there. worth a shot though :) 03:41 < Doktor_J> and someone here more knowledgeable than me might be able to confirm/deny what i've suggested 03:41 < Doktor_J> lol 03:41 < Doktor_J> webchat + vpnHelper = fail 03:42 < Doktor_J> the link gets the closing > appended to it in webchat, breaking the link 03:42 < Doktor_J> perhaps vpnHelper could be tweaked to put spaces between the link itself and it's enclosing LT/GT brackets? 03:45 -!- mattock [~samuli@openvpn/corp/admin/mattock] has joined #openvpn 03:45 -!- mode/#openvpn [+o mattock] by ChanServ 03:47 < Doktor_J> hi mattock :) 03:47 <@mattock> hi 03:48 < Doktor_J> do you know who runs vpnHelper (the bot)? 03:48 < Doktor_J> had a tiny suggestion regarding it 03:49 < Doktor_J> its forum RSS update links get munged in the freenode webchat 03:49 < Doktor_J> if spaces could be put between the link and < / > brackets, that would probably fix it 03:51 <@vpnHelper> RSS Update - forum: Can't find the solution to this anywere. Hope you can! 03:53 < Doktor_J> from that, the link i get in webchat is http://forums.openvpn.net/topic9509.html#p19091%3E 03:53 <@vpnHelper> Title: OpenVPN Support Forum Can't find the solution to this anywere. Hope you can! : Off Topic, Related (at forums.openvpn.net) 03:53 < Doktor_J> (well that's an interesting feature of the bot) 03:53 < Doktor_J> (also amusing that it strips the extraneous character) 03:56 < Doktor_J> if it's an eggdrop with a tcl script performing the rss update functionality, i could assist with the fix :) 04:03 <@vpnHelper> RSS Update - forum: OpenVPN on CentOS 6 using webmin || Wrong routes set to the client 04:09 <@vpnHelper> RSS Update - forum: [Help] Problem To Connect to the Server 04:12 -!- mattock [~samuli@openvpn/corp/admin/mattock] has quit [Ping timeout: 244 seconds] 04:20 -!- master_of_master [~master_of@p57B54453.dip.t-dialin.net] has quit [Ping timeout: 255 seconds] 04:22 -!- Denial [Denial@drgi.co.uk] has joined #openvpn 04:22 -!- master_of_master [~master_of@p57B52E02.dip.t-dialin.net] has joined #openvpn 04:35 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 252 seconds] 04:41 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 04:58 -!- ObamaIsAGangsta [~newegggg@61.170.211.238] has joined #openvpn 05:00 < ObamaIsAGangsta> http://pastebin.com/6wkybGab 05:00 < ObamaIsAGangsta> i'm trying to make a new client key and crt but have error message 05:01 < ObamaIsAGangsta> i made the key dir myself... i'm not sure where to find index.txt 05:06 < Doktor_J> ObamaIsAGangsta: try "touch /etc/openvpn/easy-rsa/2.0/keys/index.txt" 05:06 < Doktor_J> just to create it as an empty file 05:06 < Doktor_J> see if that shuts it up 05:06 < Doktor_J> (ideally it'll figure out that no keys have been generated, and just start filling the index.txt... not entirely sure though) 05:09 < ObamaIsAGangsta> ok i'll give it a shot thx 05:11 < ObamaIsAGangsta> http://pastebin.com/VZHXBnAf 05:12 < ObamaIsAGangsta> now its a different error 05:12 < Doktor_J> touch /etc/openvpn/easy-rsa/2.0/keys/serial 05:12 < Doktor_J> if i'm not mistaken, both of those are basically used for tracking generated keys 05:13 < ObamaIsAGangsta> im not sure why i dont have them 05:13 < Doktor_J> and if you haven't generated any yet, they don't seem to exist 05:13 < ObamaIsAGangsta> im using a ca.key and server.key that i generated months ago on another server 05:13 < Doktor_J> ah that'd be why 05:13 < ObamaIsAGangsta> i just put all the files into a key dir 05:13 < Doktor_J> you haven't generated any on this server 05:13 < ObamaIsAGangsta> only thing i've run is . ./vars and ./build-key 05:13 < Doktor_J> *nod* 05:15 < ObamaIsAGangsta> http://pastebin.com/u54x1vyH 05:15 < ObamaIsAGangsta> however it has created a key crt and csr for the new client 05:15 < ObamaIsAGangsta> so maybe i can ignore it? 05:16 < Doktor_J> most likely, yes... 05:16 < Doktor_J> cat /etc/openvpn/easy-rsa/2.0/keys/serial 05:16 < Doktor_J> see if it put anything in there 05:16 < ObamaIsAGangsta> i didnt keep the vars file from the old server, so i just made the fields the same as per the old vars file 05:16 < ObamaIsAGangsta> hope that wont be an issue 05:17 < Doktor_J> i can't imagine that being a problem 05:17 < ObamaIsAGangsta> just empty file 05:17 < Doktor_J> hmmmm 05:18 < Doktor_J> i'm not entirely sure how to proceed at this point 05:18 < Doktor_J> i'd guess try to connect with the newly-generated client keys and see if it works :P 05:18 < ObamaIsAGangsta> i'll try connecting as the new client 05:19 < ObamaIsAGangsta> yep 05:20 < Doktor_J> probably safe to ignore the error then, at least in the short term 05:20 < Doktor_J> i might suggest sticking around though, to see if someone more knowledgeable might have something to contribute regarding it 05:21 < Doktor_J> right now it's the wee hours of the morning for most of the US, with most people probably sleeping off their new years' celebrations 05:21 < ObamaIsAGangsta> ha 05:21 < ObamaIsAGangsta> i got pretty wasted 05:22 < ObamaIsAGangsta> yea its not gonna work, if i double click on the crt it says invalid for use as public security file 05:22 < ObamaIsAGangsta> gonna have to make a new certificate authority :( 05:22 < ObamaIsAGangsta> which is unfortunate as i have a few friends and family using existing keys 05:23 < Doktor_J> why are you double-clicking on the crt? 05:24 < Doktor_J> if you're only using the certificates for VPN, then openvpn's opinion of them is the only thing that should matter ;) 05:24 < ObamaIsAGangsta> just wanted to see if it looks normal 05:24 < Doktor_J> ah 05:24 < ObamaIsAGangsta> the actual error message when trying to connect is: 05:25 < ObamaIsAGangsta> http://pastebin.com/9zQXsbqC 05:25 < Doktor_J> oh, so it does puke when trying to connect, then 05:25 < Doktor_J> try this: 05:25 < Doktor_J> echo 1 > /etc/openvpn/easy-rsa/2.0/keys/serial 05:25 < Doktor_J> then generate a new key 05:25 < ObamaIsAGangsta> k 05:25 < Doktor_J> not gonna make any promises 05:25 < Doktor_J> but maybe it'll get you somewhere :D 05:26 < Doktor_J> <- still sorta an openvpn newbie 05:26 < Doktor_J> been learning a HELL of a lot about it this week though... *head on verge of exploding* 05:27 < ObamaIsAGangsta> exactly same error 05:27 < ObamaIsAGangsta> well ur clearly not a linux noob 05:27 < Doktor_J> meh :/ 05:28 < Doktor_J> lol... what i know about linux is largely due to my google-fu, and a few years of beating my head against it :D 05:28 < ObamaIsAGangsta> just dont know what im missing, i kept the ca.crt, server.crt, server.key and ca.key from old server 05:28 < Doktor_J> i started out learning openvpn for an implementation at work. finally got that implementation 99% done... once i take a bit of a break, i'm going to look at setting up a vpn server at home so my friends across the country can connect to my network, and we can have cross-country LAN parties :P 05:28 < ObamaIsAGangsta> should be sufficient to make new clients 05:29 < ObamaIsAGangsta> i'll stick around maybe someone will know of a proper way to generate index.txt 05:29 < Doktor_J> what about your dh.pem? 05:29 < ObamaIsAGangsta> also kept that 05:29 < Doktor_J> ah okay 05:29 < ObamaIsAGangsta> just didnt realise index is important 05:30 < Doktor_J> not sure... you might need the server.csr? 05:30 < ObamaIsAGangsta> ahh 05:30 < ObamaIsAGangsta> damn i dont have that 05:30 < Doktor_J> let me dig. i think that's just an intermediate file i happen to have laying around 05:30 < Doktor_J> may not be necessary 05:31 < ObamaIsAGangsta> ahhhhhh 05:31 < ObamaIsAGangsta> ok 05:31 < ObamaIsAGangsta> i ran . ./vars then ./clean-all 05:31 < ObamaIsAGangsta> running clean all has put index and serial in the key dir 05:32 < Doktor_J> ooh, progress? 05:32 < Doktor_J> try making a new cert 05:32 < ObamaIsAGangsta> yep 05:32 < Doktor_J> see, i learn by brute-force :D 05:32 < Doktor_J> bang my head on something 05:32 < Doktor_J> eventually my skull cracks and the knowledge leaks in >_< 05:33 < Doktor_J> not terribly efficient... but i learn a lot of interesting things that i might've otherwise missed 05:34 < ObamaIsAGangsta> well 05:34 < ObamaIsAGangsta> it didnt give me any error messages during creation 05:35 < ObamaIsAGangsta> i opened index.txt it is actually just an empty file, and serial simply has '01' written in it 05:35 < Doktor_J> that's a start 05:35 < Doktor_J> hmmm 05:36 < ObamaIsAGangsta> and im connected as the client 05:36 < ObamaIsAGangsta> :) 05:36 < Doktor_J> sweet 05:36 < ObamaIsAGangsta> clean-all script is a bit misleading, i thought it just does like a rm on the dir 05:38 < Doktor_J> lol 05:49 < ObamaIsAGangsta> what time is it in usa? 05:49 < ObamaIsAGangsta> here 8pm 05:49 < Doktor_J> 6:49 for me 05:49 < Doktor_J> i'm east coast 05:50 < ObamaIsAGangsta> ah 05:50 < ObamaIsAGangsta> shanghai for me 05:50 < ObamaIsAGangsta> even openvpn website is blocked if i dont use vpn ;) 05:50 < Doktor_J> i think it's 1:49 in hawaii, then 3:49-6:49 across the continental US 05:50 < Doktor_J> lol 05:50 < Doktor_J> naturally, because they don't want you to research that sort of thing :P 05:50 < ObamaIsAGangsta> yea 05:53 < ObamaIsAGangsta> most of the things they block like youtube facebook etc is just because they don't want compeition 05:53 < ObamaIsAGangsta> got their own versions of said services 05:55 < Doktor_J> well vpn is an insta-negation of every other block they have in place 05:55 < ObamaIsAGangsta> yea, even google doesnt work 05:55 < Doktor_J> so they're going to block the hell out of anything having to do with vpn :) 05:56 < Doktor_J> of course, because there's google.cn (last time i checked anyways) 05:56 < ObamaIsAGangsta> but usa is also cracking down on internet freedom, so i am sure alot more people are gonna use openvpn 05:56 < ObamaIsAGangsta> and exit their internet somewhere free 05:56 < Doktor_J> well they're trying to 05:56 < Doktor_J> there's a hell of a lot of people fighting it 05:57 < Doktor_J> one of the bills has already been canned 05:57 < ObamaIsAGangsta> good 05:57 < ObamaIsAGangsta> as my name suggests im not really a big fan of obama 05:57 < ObamaIsAGangsta> hope for ron paul ha 05:57 < Doktor_J> well it's not obama putting these through though 05:57 < Doktor_J> i think he actually promised to veto one of them if it came to him 05:58 < ObamaIsAGangsta> oh 05:58 < Doktor_J> (but i'm not a big fan of a lot of his policies, otherwise) 05:58 < Doktor_J> yeah, i'd be okay with ron paul i think 05:58 < ObamaIsAGangsta> then vote, im sure a caucaus or primary is coming to a state near you soon 05:59 -!- fridim_ [~fridim@2a01:e35:2ece:f2d0:223:4eff:fe6c:c754] has joined #openvpn 05:59 < ObamaIsAGangsta> anyway yea, better stop talk politics before some1 complains about spamming with offtopic 05:59 < Doktor_J> i intend to... i don't always vote, but whenever state or national leadership is up on the ballot, or there's an issue i'm particularly interested in, i make damn sure i'm at the polls :) 06:00 < ObamaIsAGangsta> if things keep going the way they are, i wouldnt be suprised if vpns are banned for personal use 06:00 < ObamaIsAGangsta> obviously companies couldnt function without but 06:01 < ObamaIsAGangsta> in france and iran they are basically illegal already 06:01 < ObamaIsAGangsta> probably a few other places 06:05 < ObamaIsAGangsta> anyway thx for the help 06:05 < ObamaIsAGangsta> i once helped some1 set it up on centos server for like 2 hours 06:05 < ObamaIsAGangsta> totally spoon feeding, then he left without saying thanks 06:06 < ObamaIsAGangsta> after that i seldom bother 06:07 < Doktor_J> understood 06:07 < Doktor_J> you're welcome :) 06:09 < Doktor_J> krzee and hyper_ch helped me out 06:09 < Doktor_J> so i figure i can pay it forward a little :) 06:11 < ObamaIsAGangsta> krzee knows all 06:12 < Doktor_J> it would seem so 06:12 < hyper_ch> I didn't do it - whatever I'm accused of 06:13 < Doktor_J> lol 06:13 < hyper_ch> and why setup a centos server? it's even more outdated than debian stable 06:13 < Doktor_J> not often that someone denies a positive deed 06:13 < hyper_ch> as for the certs: 06:13 < hyper_ch> !pki 06:13 <@vpnHelper> "pki" is (#1) http://openvpn.net/index.php/open-source/documentation/howto.html#pki for how to make your PKI stuff (ca, and certs) or (#2) Heres a basic rundown of how it works... The server, client, and ca certs are all signed by the same ca.key. The server and client use the ca.crt to check that eachother were signed by the right ca.key. Optionally, the client also checks that the server cert was 06:13 <@vpnHelper> signed specially as a server (see !servercert) 06:13 -!- fridim_ [~fridim@2a01:e35:2ece:f2d0:223:4eff:fe6c:c754] has quit [Ping timeout: 240 seconds] 06:13 < hyper_ch> there's a nice table showing what files need to go where 06:14 < Doktor_J> yes, that table was very helpful for me :) 06:14 < ObamaIsAGangsta> why centos? its stable... 06:14 < ObamaIsAGangsta> i used rpmforge to install openvpn so i dont have quite the latest version 06:14 < ObamaIsAGangsta> 2.2 i think i have 06:14 < hyper_ch> apt apt apt apt :) 06:14 < Doktor_J> i'm using centos because it's what my company uses 06:14 < ObamaIsAGangsta> when 2.3 comes out i'll update because that will have full ipv6 support as i know, so we'll be able to use ip6 as the carrier 06:15 < Doktor_J> and they don't want to have to deal with having different distros on different servers 06:15 < hyper_ch> there's only four things I compile on debian: (1) znc (2) openvpn (3) freeswitch (4) rtorrent 06:15 < ObamaIsAGangsta> compiling it myself is a bit out of my league 06:15 < Doktor_J> i'm somewhat agnostic, personally. my own VPS runs freebsd 06:15 < ObamaIsAGangsta> im more a yum install openvpn kind of person 06:16 < hyper_ch> and on desktops/Notebooks I live Kubuntu 06:16 < Doktor_J> previously my shell account ran some debian-ish variant of linux 06:16 < hyper_ch> but I'm eyeing more and more at NixOS 06:16 < ObamaIsAGangsta> imo windows 7 ultimate is great 06:16 < ObamaIsAGangsta> just very... useable 06:16 < Doktor_J> (i don't remember exactly what, but i knew it used apt) 06:17 < hyper_ch> Kubuntu is very useable, safe, fast, free and libre :) 06:17 < Doktor_J> i like win7 because i'm a serious PC gamer 06:17 < hyper_ch> you don't need win7 for freeciv :) 06:17 < Doktor_J> if i didn't spend so much time playing games or futzing around in photoshop i'd probably set up a dual-boot 06:17 < ObamaIsAGangsta> im preety avid starcraft 2 player 06:18 < Doktor_J> <- mostly FPSes... TF2, L4D2, borderlands, etc 06:18 < Doktor_J> win7 is everything vista wanted to be but failed miserably at 06:18 < hyper_ch> photoshop.. .I see... for my needs Gimp is good enough :) 06:19 < Doktor_J> gimp drives me nuts 06:19 < ObamaIsAGangsta> yep its pretty much perfect, however they are butchering windows 8 its gonna be the new vista 06:19 < ObamaIsAGangsta> i ran the dev preview sooooo bad 06:19 < hyper_ch> Doktor_J: since gimp has single-window option now, it's become usable 06:19 < Doktor_J> i learned on photoshop way back in the day in high school working on the school newspaper (photoshop 3.0 baby), and just continued learning from there 06:19 < ObamaIsAGangsta> basically dumbing it down so that a pc will become like an ipad 06:20 < hyper_ch> well, photoshop is clearly superior to gimp 06:20 < Doktor_J> figuring out how to do all the stuff in gimp that i know how to do in photoshop just takes more time than i'm willing to commit to it 06:20 < ObamaIsAGangsta> back then i was using micrographix 06:20 < hyper_ch> but for the 95% of photoshop users gimp would also do 06:20 < Doktor_J> it probably would do for me too 06:20 < Doktor_J> but that learning curve is a bitch 06:20 < hyper_ch> some things are just done differently 06:21 < ObamaIsAGangsta> whats the point of the ipp.txt file, none of my clients ever get dished out the ip listed in it 06:21 < hyper_ch> same goes with office 06:21 < Doktor_J> and necessity drove me to overcome photoshop; there's no necessity for me to learn gimp 06:21 < hyper_ch> I didn't use 95% of the functionality provided with Office 2003 06:21 < Doktor_J> ObamaIsAGangsta: you need the persist-ip directive (or something like that) 06:21 < hyper_ch> yet coherent styling accross 100-150 pages was a nightmare in it 06:21 < hyper_ch> OOo did a much better job at that and so I stick to OOo or rather LO now 06:21 < Doktor_J> LO? 06:22 < hyper_ch> not to mention the save-to-pdf function OOo has had for years 06:22 < hyper_ch> LibreOffice 06:22 < Doktor_J> gotta love that. pay for acrobat? nuts to that. 06:22 < hyper_ch> I think office 2010 now also exports to pdf, right? 06:22 < Doktor_J> i believe so 06:23 < Doktor_J> (it's on my work computer, and does so -- not sure if it's native functionality, but it looks like it) 06:23 < hyper_ch> :) 06:23 < ObamaIsAGangsta> ifconfig-pool-persist ipp.txt i guess this goes in server.conf not the client confs 06:23 < Doktor_J> OOo's learning curve was shallow enough that i could adapt to it 06:23 < Doktor_J> ObamaIsAGangsta: correct 06:23 < hyper_ch> Doktor_J: I think it's native now 06:23 < hyper_ch> before you had to install some free pdf-printer software 06:23 < Doktor_J> yeah 06:23 < hyper_ch> like pdf995 06:23 < Doktor_J> pdfwriter 06:24 < Doktor_J> gimp would win a lot more users if a dev could devote some time to making some sort of option/skin/wtfever that made it feel more like photoshop 06:24 < hyper_ch> Doktor_J: well, the singl-window-mode is already a big step towards it 06:24 < Doktor_J> *nod* 06:24 < hyper_ch> I hated those flying tool-palettes 06:24 < Doktor_J> i don't think i've seen that yet 06:24 < Doktor_J> might have to check it out 06:25 < Doktor_J> but i also use a lot of layer, filtering and adjustment functionality in photoshop, and figuring out how to do so in gimp has proven a PITA when i've tried 06:25 < hyper_ch> http://files.chromecode.com/temp/gimp-single-window-mode-in-progress.png 06:26 < hyper_ch> before, all those option windows/palettes were flying around 06:26 < hyper_ch> that was so annyoing 06:27 < Doktor_J> !goal 06:27 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc 06:27 < hyper_ch> and I agree, the layer style options in PS are great... gimp should implement that also 06:27 < Doktor_J> *nod* 06:27 < hyper_ch> outline, transparency, emboss etc. 06:28 < Doktor_J> (never did !goal when i first came in here, and was curious) 06:28 < ObamaIsAGangsta> someone messed up the layering on obamas birth certificate 06:28 < Doktor_J> >_< 06:28 < hyper_ch> oh, you heard obama signed that prisoner act thingy? 06:28 < Doktor_J> no... not sure which act you're referring to 06:29 < ObamaIsAGangsta> NPAA 06:29 < hyper_ch> http://thinkprogress.org/security/2011/12/31/396018/breaking-obama-signs-defense-authorization-bill/ 06:29 <@vpnHelper> Title: BREAKING: Obama Signs Defense Authorization Bill | ThinkProgress (at thinkprogress.org) 06:29 < Doktor_J> i think i might have a vague idea, but i've been up like 20-ish hours, and my brain's not entirely functional 06:29 < ObamaIsAGangsta> now he can send americans arrest in the usa to gitmo 06:30 < hyper_ch> ObamaIsAGangsta: https://www.nytimes.com/2011/12/13/opinion/guantanamo-forever.html?_r=1 -- written by two retired 4-star generals 06:30 <@vpnHelper> Title: Log In - The New York Times (at www.nytimes.com) 06:31 < hyper_ch> you need to login to read that? 06:31 < ObamaIsAGangsta> checking 06:32 < ObamaIsAGangsta> appears so 06:32 < hyper_ch> hmmm, I guess some of my FF addons prevent that paywall from appearing :) 06:32 < ObamaIsAGangsta> im listening to alex jones now, im sure i'll hear about it from him 06:32 < hyper_ch> I'll make a pdf out of it 06:32 < ObamaIsAGangsta> cool 06:33 < hyper_ch> I think it's because I disabled some of the JS 06:34 < ObamaIsAGangsta> surely their website isnt that rudimentary 06:34 < hyper_ch> yes, it is 06:35 < hyper_ch> http://www.sjau.ch/4-star-generals.pdf 06:35 < ObamaIsAGangsta> fast upload :) 06:35 < hyper_ch> blocked are: revsci.net, nyt.com and krxd.net 06:36 < hyper_ch> does this still work: http://gizmodo.com/5815360/this-is-how-to-bypass-the-new-york-times-paywall 06:36 -!- frojnd [~frojnd@86.58.21.55] has quit [Read error: Connection reset by peer] 06:36 <@vpnHelper> Title: How to Bypass the New York Times Paywall In Three Seconds, Zero Hacking Required (at gizmodo.com) 06:37 < ObamaIsAGangsta> who is blocking 06:37 < ObamaIsAGangsta> no it doesnt 06:37 -!- frojnd [~frojnd@86.58.21.55] has joined #openvpn 06:39 < hyper_ch> well, either it's a browser addon or it's my location 06:39 < hyper_ch> let me try chromium with no addons 06:40 < hyper_ch> works in chromium with no addons... so I guess that it's my location then 06:40 < hyper_ch> anyway, you got the pdf :) 06:43 < ObamaIsAGangsta> depressing stuff 06:43 < ObamaIsAGangsta> step by step they're taking away freedoms 06:44 < hyper_ch> yeah 06:44 < hyper_ch> because it's bit by bit, most people don't notice 06:44 < ObamaIsAGangsta> u listen to alex jones show? 06:44 < hyper_ch> don't even know who that is 06:45 < ObamaIsAGangsta> so anyway, you recommend debian for server? 06:46 < ObamaIsAGangsta> when 2.3 comes out i can probably change 06:46 < hyper_ch> I like debian stable on servers 06:46 < hyper_ch> it's really stable 06:46 < hyper_ch> so a few things you should compile yourself 06:46 < hyper_ch> but compiling openvpn on debian is simple 06:47 < ObamaIsAGangsta> it has dependencies 06:47 < hyper_ch> add the source 06:47 < hyper_ch> then apt-get build-dep openvpn 06:47 < hyper_ch> that should pull the necessary dependencies 06:47 < ObamaIsAGangsta> hmm apt-get is like yum? 06:47 < hyper_ch> well, I mean debian source package 06:47 < hyper_ch> there's apt-get and aptitude 06:48 < hyper_ch> aptitude would be recommended, but I'm so used to apt-get 06:48 < ObamaIsAGangsta> ok so one can download the openvpn source meant for debian 06:48 < ObamaIsAGangsta> type one line and done? 06:48 < hyper_ch> well, debian has binary repositories and source repositories 06:48 < hyper_ch> the source repositories contain the sources including the debian compile options 06:48 < hyper_ch> because of that, you can easily fetch all dependencies 06:49 < ObamaIsAGangsta> ah ok 06:49 < ObamaIsAGangsta> cool 06:49 < hyper_ch> except if the dependencies have changed from the debina version to the new version of the program 06:49 < hyper_ch> so you can normally run apt-get build-deb openvpn 06:49 < hyper_ch> and it will pull the required dependencies 06:49 < hyper_ch> then fetch the source from openvpn 06:49 < ObamaIsAGangsta> im just looking foreward to using ipv6 as the transport 06:49 < hyper_ch> and start compiling 06:50 < ObamaIsAGangsta> so def gonna compile 2.3 06:50 < hyper_ch> I didn't run into problems compiling it on debian 06:51 < Doktor_J> biggest thing i don't like about ipv6 is that i'm going to have a hell of a time memorizing IPs :P 06:52 < hyper_ch> that's what a hosts file is for :) 06:52 < hyper_ch> just alias them with some hostname 06:52 < hyper_ch> homecomputer 06:52 < hyper_ch> homelaptop 06:52 < hyper_ch> homeserver 06:52 < hyper_ch> that should still work with the hosts file on ipv6, right? 06:53 < ObamaIsAGangsta> well, world is almost run out of ipv4 addresses so 06:53 < ObamaIsAGangsta> no choice but to move on 06:53 < hyper_ch> ah.... 06:53 < hyper_ch> not really 06:54 < ObamaIsAGangsta> in another couple of years then 06:54 < hyper_ch> there will be a war before 06:54 < hyper_ch> and a lot less people 06:54 < hyper_ch> and we'll have plenty of ip addresses again :) 06:54 < ObamaIsAGangsta> i doubt that'd be the reason for war 06:54 < hyper_ch> I didn't say it's the reason of war 06:54 < hyper_ch> I just say there will be a war 06:55 < ObamaIsAGangsta> not if ron paul is president 06:55 < hyper_ch> china is building up massively 06:56 < ObamaIsAGangsta> i live in china, its really harmless 06:56 < ObamaIsAGangsta> i very much doubt it'd ever go to war 06:56 < ObamaIsAGangsta> something will kick off with syria/iran though 06:57 < ObamaIsAGangsta> but when hasn't the middle east had a war 06:57 < Doktor_J> i see china as preferring to fight an economic war rather than a military war 07:01 < ObamaIsAGangsta> its gonna get messy for most currencies, if i have spare money im buying silver 07:02 < hyper_ch> ObamaIsAGangsta: IIRC in '07 a chinese sub surfaced just about 5 miles away from a US aircarft carrier 07:02 < hyper_ch> also chinese have now an own aircraft carrier 07:02 < hyper_ch> they also have missiles to sink aircraft carriers 07:02 < hyper_ch> and since a few days their own GPS 07:02 < ObamaIsAGangsta> and nukes 07:02 < ObamaIsAGangsta> hundreds of nukes 07:02 < hyper_ch> china's gaining influence 07:03 < ObamaIsAGangsta> i know 07:03 < hyper_ch> and the US is weakening 07:03 < ObamaIsAGangsta> thats why i came here and learnt chiense 07:03 < hyper_ch> russia has also be strengthened 07:03 < hyper_ch> I just wish there were a couple more strong players 07:03 < hyper_ch> none superstrong 07:03 < ObamaIsAGangsta> also the girls here are preety hot 07:03 < hyper_ch> but more than just a handful 07:04 < ObamaIsAGangsta> because of nukes i can't see an actual war like ww2 07:05 < ObamaIsAGangsta> of course there'll always be small wars like libya 07:05 < hyper_ch> whereabouts in china are you? shanghai? 07:06 < hyper_ch> hongkong? 07:06 < ObamaIsAGangsta> shanghai 07:06 < hyper_ch> I have a friend there :) 07:06 < hyper_ch> and another one in hong kong... she's very cute 07:07 < hyper_ch> http://images.sjau.ch/img/294e54a8.jpg 07:07 < hyper_ch> http://images.sjau.ch/img/cdff2519.jpg 07:07 < ObamaIsAGangsta> i do have a liking for asian girls 07:08 < hyper_ch> there are really good looking asian girls 07:08 < hyper_ch> but also very bad looking ones 07:08 < hyper_ch> like everywhere else :) 07:09 < hyper_ch> I should fly with singapore airlines again... the flight atttendants last time were like models :) 07:09 < ObamaIsAGangsta> my gf is a flight attendent 07:09 < hyper_ch> :) 07:09 < ObamaIsAGangsta> tried out for singapore 07:10 < hyper_ch> also heard good things about cathay pacific but never flew with them 07:10 < ObamaIsAGangsta> thats the one she works for 07:10 < ObamaIsAGangsta> based out of hong kong 07:10 < Doktor_J> lol hyper_ch, that first girl you linked to looks like a younger version of my ex 07:11 < ObamaIsAGangsta> what is it with geeks and asians 07:11 * Doktor_J shrugs 07:11 < Doktor_J> i'm equal-opportunity 07:11 < Doktor_J> well not exactly 07:11 < Doktor_J> i have a preference for (asians XOR redheads) 07:13 < ObamaIsAGangsta> lol xor 07:13 < ObamaIsAGangsta> sometimes i say 'lol' in when speaking 07:13 < ObamaIsAGangsta> instead of laughing 07:13 < Doktor_J> i do too, though it's usually preceded at least with a snicker 07:14 * APTX double checks the channel name 07:14 < hyper_ch> Doktor_J: :) 07:14 < hyper_ch> isn't it stressful as flight attendant with all those time shifts? 07:14 * ObamaIsAGangsta double checks that APTX has no power 07:15 < ObamaIsAGangsta> she just flies between shanghai and hong kong 07:15 < ObamaIsAGangsta> 2 hour flight 07:15 < ObamaIsAGangsta> so no time shift 07:16 < Doktor_J> APTX: if people want to discuss openvpn in here, i have no problem aborting off-topic conversation threads... but that notwithstanding, it's otherwise pretty dead in here :D 07:16 < APTX> I don't really have anything against it 07:17 < Doktor_J> *nod* 07:17 < APTX> it's just that usually these kinds of talks are in different channels 07:17 < ObamaIsAGangsta> well no1's come in asking for help 07:20 < Cubox> Hi 07:20 < Cubox> I have a little problem 07:22 < Cubox> All is working, and, when my internet connection is down, i can't access internet. But, when internet is up, i have to restart the daemon openvpn to have internet. 07:22 < Cubox> How to solve this without use a tcp tunnel ? 07:25 < ObamaIsAGangsta> your question confuses me 07:25 < Cubox> oh 07:26 < Cubox> I'm french, and it's not easy to explain 07:28 < Doktor_J> let me see if i understand 07:28 < Doktor_J> you have openvpn and your general internet connection working 07:29 < Doktor_J> but if the internet connection goes down (and the VPN connection goes down with it)... 07:29 < Doktor_J> when the internet connection comes back up, you have to restart openvpn before your internet connection works? 07:29 < Cubox> when the global connection is up, openvpn tunnel is donw 07:29 < Cubox> yes 07:29 < Cubox> I will go to eat, my config is 07:29 < Cubox> http://pastebin.com/rD445Zf5 07:30 < Cubox> (will be bask in 15 minutes) 07:30 < Cubox> back * 07:31 < Doktor_J> hmmmm reading is proving difficult with a cat on my chest -_- 07:33 < Doktor_J> (laying on my back, laptop propped against my legs... and now there is a cat on my chest, between my face and the laptop) 07:34 < hyper_ch> so, first batch of pants and shirts washed and ironed :) 07:36 < hyper_ch> APTX: any issue? 07:36 < APTX> ? 07:36 < hyper_ch> [14:14] * APTX double checks the channel name 07:36 < hyper_ch> you have an issue with openvpn? 07:37 < APTX> read on :) 07:37 < hyper_ch> APTX: I can't read :) 07:37 < APTX> no, I don't have any issue 07:38 < hyper_ch> awwwww :( 07:40 <@EugeneKay> hyper_ch - pants are a sin and you shall face the wrath of our Pastafarian overlord for wearing them 07:40 < hyper_ch> EugeneKay: well, the courts insist on me wearing pants 07:41 < hyper_ch> EugeneKay: do you have any recommendation for some pc speakers? 07:42 <@EugeneKay> I use a set of Logitech Z506 07:43 <@EugeneKay> They're adequate, but only barely. 07:43 < hyper_ch> I have some tiny logitech ones 07:44 < Doktor_J> i like my little bose companion 2 series 2 speakers 07:45 < Doktor_J> (i have neither the space nor the environment for having a subwoofer, so i just need a good set of 2.0 speakers) 07:45 < hyper_ch> they don't have mine anymore 07:46 <@EugeneKay> 5.1 or GTFO 07:47 < hyper_ch> http://www.amazon.co.uk/Logitech-OEM-S200-Black-Silver/dp/B0009KO43A 07:47 < hyper_ch> those are the ones I have 07:47 < Doktor_J> back when i had my own room, yes, i had 5.1 07:48 < Doktor_J> but if you were to see my current computer area, you'd be at a loss as to where those other three speakers (and especially the subwoofer) would go 07:50 <@vpnHelper> RSS Update - forum: OpenVPN routing fails, but only sometimes. (windows client) 07:51 < hyper_ch> "OpenVPN routing fails, but only sometimes. (windows client)" -> I'd blame Windows 07:56 <@vpnHelper> RSS Update - forum: Can't find the solution to this anywere. Hope you can! 08:16 < Cubox> Doktor_J: re 09:02 < ObamaIsAGangsta> 24 hours until iowa 09:23 -!- Gravitron [~admin@cpe-65-28-68-253.kc.res.rr.com] has joined #openvpn 09:23 -!- Gravitron [~admin@cpe-65-28-68-253.kc.res.rr.com] has quit [Changing host] 09:23 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 09:34 -!- simplechat [~simplecha@unaffiliated/simplechat] has quit [Remote host closed the connection] 10:57 <@EugeneKay> Waffles? 10:58 < ecrist> happy new year. 11:01 -!- mattock [~samuli@openvpn/corp/admin/mattock] has joined #openvpn 11:01 -!- mode/#openvpn [+o mattock] by ChanServ 11:08 -!- vect0rx [vectorx@countercultured.net] has joined #openvpn 11:10 -!- aegidos_ [~admin@p54B5D570.dip.t-dialin.net] has joined #openvpn 11:10 -!- aegidos [~admin@p54B5D570.dip.t-dialin.net] has joined #openvpn 11:18 -!- c1de0x [~c1de0x@208.111.44.254] has quit [Ping timeout: 240 seconds] 11:19 -!- c1de0x [~c1de0x@208.111.44.254] has joined #openvpn 11:21 <@EugeneKay> Waffles. :-D 11:26 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Ping timeout: 252 seconds] 11:26 -!- c1de0x [~c1de0x@208.111.44.254] has quit [Ping timeout: 252 seconds] 11:27 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 11:27 -!- aegidos [~admin@p54B5D570.dip.t-dialin.net] has quit [Quit: aegidos] 11:27 -!- aegidos_ [~admin@p54B5D570.dip.t-dialin.net] has quit [Quit: aegidos_] 11:28 -!- bigpaws [~bigpaws@c-68-37-125-150.hsd1.nj.comcast.net] has quit [Ping timeout: 255 seconds] 11:34 -!- c1de0x [~c1de0x@208.111.44.254] has joined #openvpn 11:36 -!- c1de0x [~c1de0x@208.111.44.254] has quit [Max SendQ exceeded] 11:40 -!- bigpaws [~bigpaws@c-68-37-125-150.hsd1.nj.comcast.net] has joined #openvpn 11:54 -!- fridim_ [~fridim@2a01:e35:2ece:f2d0:223:4eff:fe6c:c754] has joined #openvpn 11:58 -!- aegidos_ [~admin@p54B5D570.dip.t-dialin.net] has joined #openvpn 11:58 -!- aegidos [~admin@p54B5D570.dip.t-dialin.net] has joined #openvpn 11:59 < aegidos> happy nu year 0x7DC :-D 12:00 -!- aegidos_ [~admin@p54B5D570.dip.t-dialin.net] has left #openvpn [] 12:04 -!- spacedust [~info@unaffiliated/cosmicblue] has left #openvpn [] 12:46 < aegidos> hm 12:51 -!- Netsplit *.net <-> *.split quits: ScriptFanix, vect0rx 12:52 -!- Netsplit over, joins: vect0rx, ScriptFanix 13:30 -!- fridim_ [~fridim@2a01:e35:2ece:f2d0:223:4eff:fe6c:c754] has quit [Ping timeout: 240 seconds] 13:56 -!- c1de0x [~c1de0x@208.111.44.254] has joined #openvpn 14:04 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Quit: Computer has gone to sleep.] 14:25 <@vpnHelper> RSS Update - forum: Wrong routes set to the client 14:39 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Ping timeout: 252 seconds] 14:39 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 14:41 -!- Ionic [ionic@ionic.de] has quit [Excess Flood] 14:45 -!- Guest40372 [ionic@ionic.de] has joined #openvpn 14:48 -!- Gravitron [~admin@cpe-76-92-159-145.kc.res.rr.com] has joined #openvpn 14:48 -!- Gravitron [~admin@cpe-76-92-159-145.kc.res.rr.com] has quit [Changing host] 14:48 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 15:01 <@vpnHelper> RSS Update - forum: openvpn connects with no traffic on win 7 64bit 15:33 -!- mattock [~samuli@openvpn/corp/admin/mattock] has quit [Ping timeout: 268 seconds] 15:43 -!- Doktor_J [41605745@gateway/web/freenode/ip.65.96.87.69] has quit [Ping timeout: 258 seconds] 15:49 -!- JackWinter [~jack@vodsl-8990.vo.lu] has joined #openvpn 15:51 -!- JackWinter [~jack@vodsl-8990.vo.lu] has quit [Quit: Konversation terminated!] 15:52 -!- JackWinter [~jack@vodsl-8990.vo.lu] has joined #openvpn 16:19 <@vpnHelper> RSS Update - forum: Unknown issue only with Linux client 16:22 -!- Guest40372 [ionic@ionic.de] has left #openvpn [] 17:09 -!- zeshoem [~zee@bas1-toronto46-1177856379.dsl.bell.ca] has joined #openvpn 17:18 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 17:30 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has joined #openvpn 17:30 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has quit [Changing host] 17:30 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 17:30 -!- mode/#openvpn [+v Axeman] by ChanServ 17:34 < zeshoem> Hi I can ping from openvpn client 10.8.1.6 to openvpn server 10.8.1.1 but not the other way around 17:34 < zeshoem> What do I need to check? 17:39 < krzee> firewall on client 17:39 < krzee> thats not an idea, it is the problem =] 17:39 -!- fridim_ [~fridim@2a01:e35:2ece:f2d0:223:4eff:fe6c:c754] has joined #openvpn 17:40 -!- Denial [Denial@drgi.co.uk] has quit [] 17:40 < zeshoem> but I can ping from the local side, 192.168.2.11 17:40 < zeshoem> client is running centos, no firewall and se linux disabled 17:47 < zeshoem> Here is the network diagram at this point http://t.co/9fTIrJSQ 17:47 <@vpnHelper> Title: Twitter / Mansoor Nathani: Issues getting R2 to reach ... (at t.co) 17:48 < krzee> iptables -I INPUT -i tun+ -j ACCEPT 17:49 < zeshoem> on the client? 17:49 < krzee> yes 17:49 < krzee> [15:39] firewall on client 17:49 < krzee> [15:39] thats not an idea, it is the problem =] 17:49 < krzee> holey shit that diagram sucks 17:50 < zeshoem> I should pull out visio next time 17:50 < krzee> or gliffy would work 17:50 < krzee> gliffy.com, thats how i made the diagram in this: 17:50 < krzee> !route 17:50 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT or (#3) See !tcpip for more info about a more basic networking guide 17:54 < zeshoem> still unable to ping from server to client. The tunnel is working fine though 17:54 < krzee> well its still *something* on the client blocking the ping 17:55 <+TJNII> Which client? The VPN client? Or something behind those routers you drew? 17:55 < krzee> [15:34] Hi I can ping from openvpn client 10.8.1.6 to openvpn server 10.8.1.1 but not the other way around 17:55 < krzee> TJNII, ^ 17:55 < zeshoem> its an openvpn install on centos no fancy client 17:56 < krzee> to quote the topic... 17:56 < krzee> Your problem is your firewall, really. 17:57 < zeshoem> I dont really mind that it cant ping' 17:57 < krzee> then it sounds like you are fine 17:57 < zeshoem> I am more concerned that the router cant get out to the internet 17:57 < krzee> the router is behind the client? 17:57 < zeshoem> I am working on a new gliffy document 17:57 < zeshoem> yes 17:57 < krzee> and you read this: 17:57 < krzee> !route 17:57 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT or (#3) See !tcpip for more info about a more basic networking guide 17:59 < zeshoem> When I try to ping 8.8.8.8 from R2, I get Sun Jan 1 18:59:21 2012 us=373545 vpn2/70.52.169.123:46475 MULTI: Learn: 192.168.4.4 -> vpn2/70.52.169.123:46475 in the openvpnlog 18:00 < krzee> !configs 18:00 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries 18:04 <+TJNII> Either the client needs to SNAT or the server has to have routes for the 192. networks. 18:05 <+TJNII> Problem is likely that the packet gets to the target and that machine doesn't know how to send it back. 18:05 <+TJNII> But again, configs would be nice. :) 18:05 <+TJNII> Including routing tables. 18:18 < zeshoem> is netstat -r sufficient for routing table? 18:18 <+TJNII> yes 18:19 < zeshoem> http://pastebin.com/H5eQSuYs 18:19 < zeshoem> PC (192.168.2.25) > OPen VPN Client (192.168.2.11) > Open VPN Server (NAT) > Internet works just fine 18:20 <+TJNII> Yep, I'll bet it does 18:21 <+TJNII> No NATS, except out to the internet, I assume? 18:21 < zeshoem> thats right 18:21 < zeshoem> I just notice /etc/openvpn/openvpn.conf missing the 192.168.4.0 line 18:21 <+TJNII> The server doesn't know what to do with packets from the 192.168.4.0/24 net 18:21 <+TJNII> No route for it 18:21 < zeshoem> 192.168.4.0 10.8.1.2 255.255.255.0 UG 0 0 0 tun0 18:22 <+TJNII> It's likely trying to send them out venet0.... 18:22 < zeshoem> not where is a line 18:22 < zeshoem> *now 18:22 <+TJNII> Does it work now? 18:22 < zeshoem> checking 18:24 < zeshoem> It does 18:24 < zeshoem> Thank you very much 18:24 <+TJNII> np 18:24 < zeshoem> thank you krzee as well! 18:26 < krzee> yw 18:31 -!- krzie [nobody@openvpn/community/support/krzee] has quit [Quit: This computer has gone to sleep] 19:06 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Ping timeout: 248 seconds] 19:11 -!- _julian [~quassel@hmbg-4d06eeab.pool.mediaWays.net] has joined #openvpn 19:11 -!- _julian_ [~quassel@hmbg-4d06f94a.pool.mediaWays.net] has quit [Read error: Operation timed out] 19:11 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 19:11 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 19:19 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has joined #openvpn 19:28 -!- simplechat [~simplecha@123-243-79-139.static.tpgi.com.au] has joined #openvpn 19:28 -!- simplechat [~simplecha@123-243-79-139.static.tpgi.com.au] has quit [Changing host] 19:28 -!- simplechat [~simplecha@unaffiliated/simplechat] has joined #openvpn 19:30 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has joined #openvpn 19:30 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has quit [Changing host] 19:30 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 19:30 -!- mode/#openvpn [+v Axeman] by ChanServ 19:55 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Quit: Sorry Gotta Run!] 21:27 < ObamaIsAGangsta> if you dont keep a copy of a clients crt file, you can never revoke them? 21:28 < ObamaIsAGangsta> seems so 21:28 < krzee> csr, but ya 21:29 < ObamaIsAGangsta> so there's no way to stop them connecting 21:30 < ObamaIsAGangsta> its complaining about not having the .crt 21:30 < ObamaIsAGangsta> doesnt mention csr 21:31 < krzee> --disable still works 21:31 < krzee> in a ccd entry 21:31 < krzee> but its not as good as using the crl, if you could 21:32 < ObamaIsAGangsta> k thanks 21:32 < ObamaIsAGangsta> i wanted to be able to re-use the common name 21:33 < krzee> no 21:33 < krzee> dont re-use a common-name 21:36 <@vpnHelper> RSS Update - forum: New Site-to-Site Tunnel With Partial Connectivity 21:38 < ObamaIsAGangsta> ok 21:38 < ObamaIsAGangsta> if i do ./build-key user10 is it ok to have the common name for that user the same? i.e user10 21:42 < krzee> huh? 21:42 < krzee> 1 sec lemme look at easy-rsa 21:42 < krzee> !pki 21:42 < ecrist> OMG - Obama Must Go 21:42 <@vpnHelper> "pki" is (#1) http://openvpn.net/index.php/open-source/documentation/howto.html#pki for how to make your PKI stuff (ca, and certs) or (#2) Heres a basic rundown of how it works... The server, client, and ca certs are all signed by the same ca.key. The server and client use the ca.crt to check that eachother were signed by the right ca.key. Optionally, the client also checks that the server cert was signed 21:43 < ecrist> lol 21:43 <@vpnHelper> specially as a server (see !servercert) 21:43 < ObamaIsAGangsta> im asking if the common name needs to be unique 21:43 < ecrist> krzee: Happy New Year, bro. 21:43 < krzee> ecrist, seriously, i almost banned based on that, but didnt wanna feed the troll-nick 21:43 < ObamaIsAGangsta> or can it be the same as the name of the cert and key files 21:43 < krzee> happy newyear brutha! 21:43 < krzee> the name of the cert doesnt matter 21:43 < krzee> only the CN does 21:44 < ObamaIsAGangsta> ok i'll just make them the same then 21:44 < ObamaIsAGangsta> less confusing 21:44 < ObamaIsAGangsta> i'll keep a copy of peoples crt and csr incase need revoke later 21:44 < krzee> ObamaIsAGangsta, if you were following the page from !pki you'd see the official openvpn howto used the same for CN and file 21:44 < krzee> youd also see where it says to always use a unique CN 21:45 < krzee> or you can be lazy like me and use ssl-admin 21:45 < krzee> !ssl-admin 21:45 <@vpnHelper> "ssl-admin" is (#1) if you use freebsd, it is in ports or (#2) svn co https://www.secure-computing.net/svn/trunk/ssl-admin to grab it from svn or (#3) A perl script for managing SSL certificates (being a CA). Makes a good replacement for easy-rsa 21:46 < ObamaIsAGangsta> easy-rsa isn't that great, it doesnt even set correct permissions for key files 21:46 <+TJNII> umask ftw 21:47 < krzee> ya, thats your job as a unix admin 21:47 <+TJNII> Well, iirc easy-rsa is nothing but a bunch of shell scripts, so I'm sure we'll all welcome ObamaIsAGangsta's patches to add proper chmods. :) 21:47 < krzee> although i do agree somewhat with the sentiment, personally i choose to use ssl-admin 21:48 < krzee> and one day ill get around to adding cert generation to my bash config file generator 21:48 < krzee> !confgen 21:48 <@vpnHelper> "confgen" is (#1) http://www.doeshosting.com/code/openvpn-confgen.tgz for the bash config generator or (#2) you can use svn co http://www.secure-computing.net/svn/trunk/openvpn-confgen/ 21:48 < krzee> and TJNII, you do remember correctly =] 21:48 <+TJNII> krzee: You have too much fin with that bot. 21:48 <+TJNII> s/fin/fun/ 21:48 < krzee> TJNII, i love that bot man 21:48 < krzee> !factoids 21:48 <@vpnHelper> "factoids" is A semi-regularly updated dump of factoids database is available at http://www.secure-computing.net/factoids.php 21:49 < krzee> !whoami 21:49 <@vpnHelper> support 21:49 < krzee> damn right vpnHelper 21:49 < krzee> !tell TJNII hey there big boi 21:49 <+TJNII> Woah there. :) 21:49 < krzee> haha 21:50 -!- caemir_ [~caemir@unaffiliated/caemir] has joined #openvpn 21:51 -!- caemir [~caemir@unaffiliated/caemir] has quit [Ping timeout: 252 seconds] 21:51 -!- caemir_ is now known as caemir 21:52 < ObamaIsAGangsta> ok last Q for today 21:52 < ObamaIsAGangsta> it makes a crl.pem right 21:52 < ObamaIsAGangsta> do i need to copy a new crl.pem to /openvpn every time i revoke a new client? 21:52 < ObamaIsAGangsta> i guess it wont auto update 21:55 < krzee> correct, and if your setup is secure that requires a file transfer too 21:55 < krzee> since your server is not your CA in a secure environment 22:04 -!- _Danilo_ [~Danilo@unaffiliated/danilo/x-728421] has joined #openvpn 22:07 <+TJNII> krzee: http://secure-computing.net/logs/#openvpn.log doesn't quite return expected content. 22:14 <+TJNII> !say I'm a pretty princess 22:14 <+TJNII> Hmm, the factoid page said that should have gotten a response.... 22:18 -!- ObamaIsAGangsta [~newegggg@61.170.211.238] has quit [] 22:30 -!- aegidos__ [~admin@p54B5A587.dip.t-dialin.net] has joined #openvpn 22:33 -!- aegidos [~admin@p54B5D570.dip.t-dialin.net] has quit [Ping timeout: 252 seconds] 22:33 -!- aegidos__ is now known as aegidos 22:36 <@EugeneKay> It lied. 23:09 * ecrist returns 23:09 < ecrist> I'm not looking forward to this forum migration 23:09 < ecrist> I've been putting off this ldap module long enough. 23:10 <+TJNII> ldap FT ..... something ..... 23:17 < ecrist> ldap is awesome 23:20 <+TJNII> Yea, but its integration is usually somewhat less than ideal... 23:21 < ecrist> not really 23:21 < ecrist> in regards to integration, LDAP can be difficult 23:21 < ecrist> LDAP is a relatively blank canvas and anything you desire can be painted upon it. it's hard to integrate that 23:22 < ecrist> it's not for a lack of support, or desire for support, but it's not really normalized 23:22 < ecrist> though, it can be. 23:22 < ecrist> there are some standards, but it's a matter of which standard to support 23:22 <+TJNII> Yea, that's true,. 23:23 < ecrist> the POSIX standard seems well-supported in LDAP and various software packages 23:23 < ecrist> vb doesn't support LDAP at all, so I'm writing a module for it 23:28 * EugeneKay blinks 23:28 <@EugeneKay> Visual Basic.... LDAP..... moduel.... 23:28 <@EugeneKay> What? 23:28 <@EugeneKay> Oh, vBulletin. 23:28 <@EugeneKay> Less crazy, I suppose. 23:29 <+TJNII> I read that as Visual Basic, too. Was a bit surprised. 23:29 < ecrist> vbulletin 23:29 <@EugeneKay> Still. 23:29 < ecrist> I'm moving the forum to vbulletin this week, provided I get the ldap stuff figured out 23:30 < ecrist> the big negative is I'm not migrating the current content. 23:30 < ecrist> we're going to keep the old content 'live' without write for about a year, then delete them. 23:31 <@EugeneKay> Sounds liek a plan 23:39 < ecrist> phpbb sucks on a ~heavily used forum 23:40 < ecrist> and the SEO tools just suck, perioud 23:40 < ecrist> period* 23:41 <@EugeneKay> phpBB just *sucks* 23:41 < ecrist> I can't say that, I did dev for it for a while. 23:42 < ecrist> the team even sent me a silly teddy bear for my efforts 23:42 < ecrist> though, I also contributed to UnrealIRCd 23:42 < ecrist> they at least list me as a contrib there. --- Day changed Mon Jan 02 2012 00:12 <@vpnHelper> RSS Update - forum: How to implement same key can only one client is online? 00:13 -!- aegidos [~admin@p54B5A587.dip.t-dialin.net] has quit [Quit: aegidos] 00:15 -!- fridim_ [~fridim@2a01:e35:2ece:f2d0:223:4eff:fe6c:c754] has quit [Ping timeout: 240 seconds] 00:34 -!- aegidos [~admin@tmo-097-101.customers.d1-online.com] has joined #openvpn 00:36 <@vpnHelper> RSS Update - forum: Road Warrior setup 00:38 -!- aegidos [~admin@tmo-097-101.customers.d1-online.com] has quit [Ping timeout: 240 seconds] 00:39 -!- vpopov [~happylife@dyn-58-35.fttbee.kis.ru] has joined #openvpn 00:49 -!- aegidos_ [~admin@tmo-097-101.customers.d1-online.com] has joined #openvpn 00:49 < aegidos_> good morning :-D 00:52 <+TJNII> Not for another 8 minutes. :D 00:52 < aegidos_> i have to ask you about help for my tunnelblick connection. I am able to connect to my VPN and map network drives and ssh to my debian server, no problem. but the DNS doesn't work and traceroute timed out http://pastebin.com/BiqtQY3n i added the DNS 8.8.8.8 to my network settings on the client 00:54 <+TJNII> Configs? 00:54 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 00:55 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 00:58 < aegidos_> resolv.conf http://pastebin.com/6ZAPZKap 00:58 <+TJNII> !configs 00:58 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries 00:58 < aegidos_> open vpnconf http://pastebin.com/v4ejjxaN 00:59 -!- fridim_ [~fridim@2a01:e35:2ece:f2d0:223:4eff:fe6c:c754] has joined #openvpn 00:59 <+TJNII> Okay, so you're using "push "redirect-gateway def1"" 00:59 <+TJNII> And you said the VPN works to the server side subnet, correct? 01:00 <+TJNII> So the problem is you can get to devices on the same server, but not out to the internet. Correct? 01:00 < aegidos_> yes if i connect to the server i am able to map network drives and ssh to my server 01:00 < aegidos_> yes 01:00 < aegidos_> and i can not ping internally 01:01 <+TJNII> How does the server connect to the internet? 01:01 < aegidos_> ethernet cable, no WLAN. connected to a FritzBox 01:01 < aegidos_> Firtzbox sets up the dyndns 01:02 <+TJNII> So did you configure your server to route VPN traffic to the fritzbox? 01:03 < aegidos_> hm, i guess not. 01:03 <+TJNII> Also, you will either need to SNAT on the server or configure the FritzBox to know about the 10.8.0.0 subnet 01:03 < aegidos_> inside fritzbox i set up a static route from 10.8.0.1 to the openVPN Server 01:04 <+TJNII> You mean set it up so that the server is the gateway for the 10.8.0.0/24 subnet, correct? 01:05 < aegidos_> yes 01:05 <+TJNII> Okay, Good 01:05 <+TJNII> Then all you should need to do is enable ip_forward on the server 01:05 * TJNII says "Let's see if I can remember the bot command..." 01:05 -!- dazo_afk is now known as dazo 01:06 -!- caemir [~caemir@unaffiliated/caemir] has quit [Ping timeout: 240 seconds] 01:06 < aegidos_> !ip_forward 01:06 <+TJNII> !linipforward 01:06 <@vpnHelper> "linipforward" is (#1) echo 1 > /proc/sys/net/ipv4/ip_forward for a temp solution (til reboot) or set net.ipv4.ip_forward = 1 in sysctl.conf for perm solution or (#2) chmod +x /etc/rc.d/rc.ip_forward for perm solution in slackware 01:07 < aegidos_> okay then i will try this and reboot the server 01:07 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 01:07 < aegidos_> then reconnect from my client 01:07 <+TJNII> Shouldn't have to reboot... 01:07 < aegidos_> nice 01:08 <+TJNII> echo 1 > /proc/sys/net/ipv4/ip_forward will enable it on a running system 01:08 < aegidos_> but while log in via open vpn i am shortly "offline" ^^ 01:10 < aegidos_> Fehler 105 (net::ERR_NAME_NOT_RESOLVED): Die DNS-Adresse des Servers kann nicht aufgelöst werden. 01:11 < aegidos_> no connection 01:11 < aegidos_> traceroute timeout 01:12 <+TJNII> pastebin the output of the following from the server: route , iptables -L , iptables -L -t nat 01:12 <+TJNII> It would be helpful if you do that with the client connected 01:14 < aegidos_> okay, one second 01:18 < aegidos_> http://pastebin.com/MbWLVWd2 01:18 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 01:19 <+TJNII> hmmm.... everything looks okay 01:19 -!- happylife [~happylife@dyn-58-35.fttbee.kis.ru] has joined #openvpn 01:20 -!- happylife [~happylife@dyn-58-35.fttbee.kis.ru] has quit [Read error: Connection reset by peer] 01:20 <+TJNII> At this point I would run tcpdump on eth0 of the server. Try to query 8.8.8.8. See what traffic goes out and what comes back 01:21 < aegidos_> okay how may i execute the dump and send a request to 8.8.8.8? 01:22 <+TJNII> Open the connection. On the server: tcpdump -i eth0. That will log all traffic on eth0. Then run nslookup google.com 8.8.8.8 on the client 01:23 < aegidos_> okay 01:27 -!- aegidos_ [~admin@tmo-097-101.customers.d1-online.com] has quit [Ping timeout: 240 seconds] 01:29 -!- aegidos [~admin@tmo-097-101.customers.d1-online.com] has joined #openvpn 01:29 < aegidos> so i will pastebin the output 01:31 < aegidos> server tcp dump http://pastebin.com/3XfytQhE 01:32 < aegidos> the nslookup client http://pastebin.com/kDZriw3p 01:32 <+TJNII> That worked 01:33 < aegidos> great :-D 01:33 <+TJNII> The client was able to query 8.8.8.8 according to the nslookup output 01:35 < aegidos> but some services in between might drop the packages when waiting for the response 01:35 -!- X0Rc0re [~chatzilla@124.148.205.10] has joined #openvpn 01:35 -!- [capslock] [~root@autodns-212-219-225-239.staffs.ac.uk] has joined #openvpn 01:35 < X0Rc0re> i need help with setting up a VPN in a VPS using OpenVPN 01:35 <+TJNII> okay, 12:35am. Time to sign off. 01:35 -!- [capslock] [~root@autodns-212-219-225-239.staffs.ac.uk] has left #openvpn ["Leaving"] 01:36 <+TJNII> Good luck aegidos 01:36 < aegidos> thanks TJNII ! 01:36 < X0Rc0re> I need someone to teamviewer me, as im having a problem 01:40 < X0Rc0re> anyone!? 01:41 -!- fridim_ [~fridim@2a01:e35:2ece:f2d0:223:4eff:fe6c:c754] has quit [Ping timeout: 240 seconds] 01:43 -!- Jarred [~Jarred@c-71-198-139-210.hsd1.ca.comcast.net] has joined #openvpn 01:43 -!- Jarred [~Jarred@c-71-198-139-210.hsd1.ca.comcast.net] has left #openvpn ["Leaving"] 01:43 < X0Rc0re> ? 01:43 <@vpnHelper> RSS Update - forum: How to implement same key can only one client is online? || Road Warrior setup 01:44 < X0Rc0re> anyone here? 01:46 -!- aegidos [~admin@tmo-097-101.customers.d1-online.com] has quit [Read error: Connection reset by peer] 01:50 <@vpnHelper> RSS Update - forum: New Site-to-Site Tunnel With Partial Connectivity 01:56 <@vpnHelper> RSS Update - forum: Unknown issue only with Linux client 02:01 -!- happylife [~happylife@dyn-58-35.fttbee.kis.ru] has joined #openvpn 02:02 -!- X0Rc0re [~chatzilla@124.148.205.10] has quit [Quit: ChatZilla 0.9.88 [Firefox 8.0.1/20111120135848]] 02:04 -!- happylife [~happylife@dyn-58-35.fttbee.kis.ru] has quit [Read error: Connection reset by peer] 02:06 -!- X0Rc0re [~chatzilla@124.148.205.10] has joined #openvpn 02:07 < X0Rc0re> anyone here? 02:07 < X0Rc0re> ? 02:10 < reiffert> all have died at the big inferno yesterday. 02:13 < X0Rc0re> reiffert: can you help me setup openVPN on debain squeeze VPS? 02:13 < X0Rc0re> i am having a pronlem 02:13 < X0Rc0re> do you have teamviewer? 02:15 <@dazo> !howto 02:15 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror 02:15 <@dazo> X0Rc0re: ^^^ 02:15 < X0Rc0re> dazo: i have read it, but i am having problems 02:15 <@dazo> !welcome 02:15 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 02:15 < X0Rc0re> i can show you on teamviewer 02:16 <@dazo> nope, we don't do teamviewer 02:18 < X0Rc0re> awwww :( 02:18 < X0Rc0re> why not? 02:18 < X0Rc0re> dazo: can i send you the SSH details and you set it up for me? 02:18 < X0Rc0re> please :) 02:18 <@dazo> nope, that way you won't learn anything and you'll just bother us again 02:19 * dazo is tired already and ignores X0Rc0re from now on 02:19 < X0Rc0re> btw dazo can i put this in http://www.eurephia.net/? 02:19 <@vpnHelper> Title: eurephia :: a flexible OpenVPN authentication module (at www.eurephia.net) 02:19 <@dazo> X0Rc0re: put what in? 02:19 <@dazo> you can use eurephia with OpenVPN on Debian 02:19 < X0Rc0re> http://www.eurephia.net/ the auth plugin 02:19 <@vpnHelper> Title: eurephia :: a flexible OpenVPN authentication module (at www.eurephia.net) 02:20 <@dazo> I know that plug-in ... I wrote it 02:20 < X0Rc0re> can i use it? 02:20 < X0Rc0re> nice :D 02:20 <@dazo> Yeah, that plug-in does work very well ... but reading the docs is a must 02:20 < X0Rc0re> so does it allow other users to connect to your VPN? 02:20 < X0Rc0re> my VPN* 02:21 < X0Rc0re> ? 02:22 <@dazo> that plug-in does extend the authentication to require certificate, username and passwords to match ... and it will then update iptables on-the-fly to give a restricted VPN access 02:22 <@dazo> but you need to create user accounts and certificates to your users ... with that in place, these clients can access the VPN 02:22 < X0Rc0re> So, i can create users and let people connect to my VPN? 02:22 < X0Rc0re> ok :) 02:22 <@dazo> yeah, that's kind of the point 02:26 < X0Rc0re> dazo: about how long would it take me to setup OpenVPN and eurephia? 02:26 <@dazo> X0Rc0re: some people have done it in hours ... some needed weeks 02:26 <@dazo> depends on your experience with VPN 02:26 < X0Rc0re> none :s 02:26 <@dazo> start with getting OpenVPN working first, without eurephia ... when that's done ... then add eurephia 02:28 <@dazo> I'll help you with the eurephia stuff when you have OpenVPN running .... for OpenVPN support, you probably need to wait some hours as people wake up ... most people here are located in the US and Europe, and Europe is beginning to wake up now 02:28 < X0Rc0re> yea ok thanx ;) 02:29 < X0Rc0re> i followed this tutorial http://switzernet.com/public/081215-openvpn-client/main.htm 02:29 <@vpnHelper> Title: Install openvpn server on debian (at switzernet.com) 02:29 < X0Rc0re> but not sure what to put in the config file 02:30 <@dazo> rather spend time reading the official OpenVPN how-to's ... that'll save you confusion ... and it is *expected* that people seeking help here are familiar with that howto 02:30 <@dazo> !howto 02:30 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror 02:31 < X0Rc0re> ok 02:32 <@dazo> another good resource is "OpenVPN Cookbook" by Jan Just Keijser ... it's a book, with good recipes how to get started with OpenVPN 02:32 < X0Rc0re> ok thanx :) 02:32 <@dazo> JJK is active in our OpenVPN community ... so that's a safe guide 02:32 < X0Rc0re> :) 03:26 <@vpnHelper> RSS Update - forum: Setup on server connected directly to WAN. 03:34 < X0Rc0re> do i have enter stuff for Distinguished name? 03:43 -!- mattock [~samuli@openvpn/corp/admin/mattock] has joined #openvpn 03:43 -!- mode/#openvpn [+o mattock] by ChanServ 03:50 -!- nb [~nb@fedora/znc.nb] has quit [Ping timeout: 268 seconds] 03:51 -!- Denial [Denial@drgi.co.uk] has joined #openvpn 03:51 < hyper_ch> dazo: EugeneKay: krzee: http://www.golem.de/1201/88732.html -- new method to store encryption keys in the CPU instead of the ram in order to prevent cold boot attacks 03:51 <@vpnHelper> Title: Sicherheit: Tresor verschlüsselt Festplatten ohne RAM - Golem.de (at www.golem.de) 03:52 -!- hyper_ch was kicked from #openvpn by EugeneKay [Cool story bro.] 03:52 -!- hyper_ch [~hyper_ch@ks357331.kimsufi.com] has joined #openvpn 03:53 < hyper_ch> dazo: EugeneKay: krzee: The whitepaper in english http://www1.informatik.uni-erlangen.de/tresorfiles/tresor.pdf 03:56 <@dazo> hyper_ch: nice! 03:57 < hyper_ch> dazo: comes with a patch... the golem article says that on AES-NI you shouldn't notice any degradation of performance 03:58 < hyper_ch> but on CPUs without AES-NI you'll notice a loss in performance 03:59 < hyper_ch> dazo: http://www1.informatik.uni-erlangen.de/tresor 03:59 <@vpnHelper> Title: TRESOR Runs Encryption Securely Outside RAM | IT-Sicherheitsinfrastrukturen (Informatik 1) (at www1.informatik.uni-erlangen.de) 04:02 <@vpnHelper> RSS Update - forum: TLS negotiation failed with UDP 04:03 <@dazo> hyper_ch: that patch is more for the in-kernel encryption layer ... which openssl don't use ... but such a feature for openssl would be neat! 04:04 < hyper_ch> dazo: I'll await a feedback after you have studied it :) 04:04 <@dazo> hehehe 04:04 < hyper_ch> does openssl use aes? 04:06 <@dazo> openssl supports aes as encryption algorithm, and it supports aes-ni instruction set on CPUs supporting this 04:07 < hyper_ch> so if you have aes-ni cpu won't it then help? 04:07 <@dazo> it can help ... but I see one key point in the paper which makes user-space usage of the in-cpu key storage less ideal 04:08 -!- ObamaIsAGangsta [~newegggg@208.111.39.186] has joined #openvpn 04:08 * ObamaIsAGangsta dissapointed in obama 04:08 <@dazo> as registers may be swapped out and non-swapped-out registers may be accessible by other applications 04:08 -!- ObamaIsAGangsta was kicked from #openvpn by dazo [this is not a political channel] 04:09 -!- ObamaIsAGangsta [~newegggg@208.111.39.186] has joined #openvpn 04:09 < hyper_ch> dazo: can you explain that in layman's terms? 04:10 < X0Rc0re> http://screensnapr.com/v/ayvTmP.png <<< do i put in 127.0.0.1 there? and the server IP? 04:10 <@vpnHelper> Title: View ayvTmP.png on ScreenSnapr (at screensnapr.com) 04:12 <@dazo> X0Rc0re: do you know what 127.0.0.1 means? and what that will do if you ask a server process to listen to only that IP? 04:12 < hyper_ch> X0Rc0re: for generating the config files you can use the confgen tool by krzee 04:12 < hyper_ch> !confgen 04:12 <@vpnHelper> "confgen" is (#1) http://www.doeshosting.com/code/openvpn-confgen.tgz for the bash config generator or (#2) you can use svn co http://www.secure-computing.net/svn/trunk/openvpn-confgen/ 04:12 < X0Rc0re> its your loacal IP 04:12 < X0Rc0re> oh thanx :D 04:12 <@dazo> X0Rc0re: well, yes and no ... it is an IP address only accessible on that host 04:13 <@dazo> X0Rc0re: so if I ask you to hack 127.0.0.1 ... you'll just hack your own box 04:13 <@vpnHelper> RSS Update - forum: [ask] server behind router 04:13 < X0Rc0re> yea :p 04:13 < X0Rc0re> how do i run confgen? 04:15 <@dazo> hyper_ch: to run more applications in "parallel" (multi-tasking) the kernel's scheduler let a task (f.ex. an application) run for a certain time ... then it halts the running saves all CPU registers and puts it into RAM, load registers for the next task in the work queue and let that task run for a while, until it swaps it out again with yet another task in the work queue 04:15 <@dazo> of course, this gets even more complicated if you're having more CPU cores available ... but the principle is the same 04:16 <@dazo> so that means that if an application may access the key storage in the CPU, it may not be locked down for only one application ... more applications may get access to this information 04:17 <@dazo> *but* if the kernel is the "owner" of the CPU based key storage ... the kernel can make sure only the proper applications gets access to the corresponding keys in the key storage and nothing else 04:18 <@dazo> This will not be that trivial to implement in openssl ... as that will be a very Linux specific feature (at least for now) 04:18 < X0Rc0re> simple terms? 04:18 < X0Rc0re> :p 04:18 < X0Rc0re> wait nvm 04:19 <@dazo> X0Rc0re: to quote Albert Einstein: Make it as simple as possible, but no simpler 04:21 -!- master_of_master [~master_of@p57B52E02.dip.t-dialin.net] has quit [Ping timeout: 240 seconds] 04:23 -!- master_of_master [~master_of@p57B55B06.dip.t-dialin.net] has joined #openvpn 04:28 < ObamaIsAGangsta> anyone know when 2.3 comes out 04:28 < ObamaIsAGangsta> looking forward to ipv6 full support 04:29 < X0Rc0re> dazo :p 04:30 <@dazo> ObamaIsAGangsta: no release date is set ... and we're still tweaking things for the alpha/beta releases ... hopefully we're getting something out around FOSDEM in beginning of February 04:30 < ObamaIsAGangsta> oh, your part of the dev team 04:30 <@dazo> ObamaIsAGangsta: but latest snapshots are considered runnable 04:31 <@dazo> ObamaIsAGangsta: I'm currently the gatekeeper of the community git tree for OpenVPN 04:31 <@dazo> !snapshots 04:31 <@vpnHelper> "snapshots" is (#1) weekly dev snapshots are available from ftp://ftp.secure-computing.net/pub/openvpn or (#2) by helping test these features, and reporting back on either of the mailing lists, you can help these features become part of the stable branch 04:31 < ObamaIsAGangsta> there's gonna have to be some good how to's... ipv6 is very confusing to most people 04:32 < X0Rc0re> how do you run bash scripts in windows? 04:32 <@dazo> ObamaIsAGangsta: we're not going to teach people IPv6 ... that somebody else need to do ... but we'll cover how to configure the IPv6 support 04:32 <@dazo> X0Rc0re: you normally don't 04:32 <@dazo> X0Rc0re: unless you install cygwin 04:32 < X0Rc0re> what is .sh file extension? 04:32 < X0Rc0re> how do i run it in windows? 04:33 <@dazo> X0Rc0re: the confgen stuff is written for POSIX shell (meaning not Windows) 04:33 < X0Rc0re> :( 04:33 < ObamaIsAGangsta> just to clarify, this won't be tunning ipv6 using ipv4 packets as the carrier, it'll be ipv6 packets carrying the encrypted packets 04:33 <@dazo> X0Rc0re: you got it wrong .... Windows s**ks 04:33 < X0Rc0re> dazo, i also have linux and mac osx 04:34 < X0Rc0re> linux i have slackware 04:34 < X0Rc0re> distro 04:34 < ObamaIsAGangsta> windows 7 fan here 04:34 < ObamaIsAGangsta> give your gf a laptop with linux and she'll find it confusing 04:34 <@dazo> ObamaIsAGangsta: full IPv6 support means both supporting OpenVPN connections over IPv6 *and* transporting IPv6 packets inside the VPN tunnel 04:34 < ObamaIsAGangsta> sweet 04:34 < ObamaIsAGangsta> good job 04:34 <@dazo> X0Rc0re: so use linux or osx 04:35 < X0Rc0re> i use windows mainly 04:35 < X0Rc0re> but i use both equally 04:35 < X0Rc0re> i have leopard not lion 04:35 <@dazo> doesn't matter ... as long as you have bash available 04:36 < X0Rc0re> yea, ill go on them later 04:56 < hyper_ch> dazo: thx :) 05:19 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has joined #openvpn 05:20 < ObamaIsAGangsta> some people dont know how to read 05:28 -!- Guest64230 [~nb@delta.bebout.us] has joined #openvpn 05:36 < X0Rc0re> I dont :dumb: 05:36 -!- aegidos [~admin@tmo-103-47.customers.d1-online.com] has joined #openvpn 05:36 < aegidos> hello everybody 05:38 < X0Rc0re> hey 05:38 < aegidos> having trouble with my openVPN, nslookup on client works but if i open a browser the dns doesn't work, always page timeouts 05:38 < aegidos> http://pastebin.com/kDZriw3p 05:38 < aegidos> IRC doesn't work either, if i'm connected to my VPN 05:38 < aegidos> but mapping of networkdrives inside my VPN works 05:43 -!- Champi [Champi@rootshell.fr] has quit [Ping timeout: 252 seconds] 05:46 -!- Champi [Champi@rootshell.fr] has joined #openvpn 05:53 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has joined #openvpn 05:57 -!- zirikili [~cj@201.59.200.137] has joined #openvpn 05:57 < zirikili> hi guys... happy new year! 05:58 < zirikili> is there a network lenght limit for one instance of OpenVPN? I mean, may I use a class B network for my clients? 06:03 < hyper_ch> what's a class b network? 06:04 <@dazo> Usually a /16 subnet 06:04 <@dazo> (iirc) 06:04 < hyper_ch> dazo: you speak again geek :) 06:04 * hyper_ch is a network noob 06:04 <@dazo> hyper_ch: subnet mask is 16 bits .... 255.255.0.0 06:05 <@dazo> !1918 06:05 <@vpnHelper> "1918" is (#1) RFC1918 makes three unique netblocks available for private use: 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 or (#2) see also: http://en.wikipedia.org/wiki/Private_network or http://www.faqs.org/rfcs/rfc1918.html or (#3) Too lazy to find your own subnet? Try this one: http://scarydevilmonastery.net/subnet.cgi 06:05 < hyper_ch> because 8 bit is 256 06:05 < hyper_ch> and 16bit is a lot more? 06:05 -!- aegidos [~admin@tmo-103-47.customers.d1-online.com] has quit [Ping timeout: 276 seconds] 06:05 -!- zirikili [~cj@201.59.200.137] has quit [Quit: leaving] 06:05 < hyper_ch> I still don't get it.... all those network description thingies are so difficult :) 06:07 <@dazo> hyper_ch: /24 subnets (8 bits available for addressing, 24 as a "fixed network prefix") is 255.255.255.0 06:07 < hyper_ch> I just whoised who owns my birthday IP, having used: DD.MM.YY.YY 06:07 < hyper_ch> it's xerox 06:07 <@dazo> so increasing to to /16 (16 bits available for addressing, 16 "fixed network prefix") ... actually doubles the /24 net 8 times 06:07 < hyper_ch> well, DD.MM.19.YY 06:08 <@dazo> (9 bits is twice as big as 8 bits, 10 bits are quadrupled from 8 bits) 06:11 < ObamaIsAGangsta> just use 255.0.0.0 06:11 < ObamaIsAGangsta> plenty 06:11 < hyper_ch> dazo: I think I get it slowly 06:18 <@dazo> ObamaIsAGangsta: in most networks, /24 nets (255.255.255.0) is more than plentiful .... using /18 or /16 covers absolutely the rest of most need ... going to /8 without really needing it is basically just clueless setups 06:19 <@dazo> hyper_ch: http://en.wikipedia.org/wiki/IPv4_subnetting_reference 06:20 <@vpnHelper> Title: IPv4 subnetting reference - Wikipedia, the free encyclopedia (at en.wikipedia.org) 06:20 < ObamaIsAGangsta> 256 06:20 < ObamaIsAGangsta> then divide by 3 06:21 < ObamaIsAGangsta> gives what, 80 clients can connect 06:21 < ObamaIsAGangsta> not enough for a big vpn operation 06:22 <@dazo> ObamaIsAGangsta: why divide by 3? 06:22 < ObamaIsAGangsta> thats what openvpn does 06:22 < ObamaIsAGangsta> uses up 3 for each client 06:22 < ObamaIsAGangsta> i read it somewhere 06:22 <@dazo> ObamaIsAGangsta: ahh, if you use --topology subnet ... you'll avoid that 06:22 < ObamaIsAGangsta> ipp.txt will say 10.8.0.4 for a client, but that client will be given 10.8.0.6 06:23 <@dazo> default (legacy from early openvpn days) is to use /30 nets for each client 06:23 <@dazo> !/30 06:23 <@vpnHelper> "/30" is (#1) http://openvpn.net/index.php/open-source/faq/77-server/273-qifconfig-poolq-option-use-a-30-subnet-4-private-ip-addresses-per-client-when-used-in-tun-mode.html (sorry for the long link, they wont fix the anchors) explains why routed clients each use 4 ips or (#2) you can avoid this behavior by reading !topology or (#3) so by default, first client is .6, then .10 .14 .18 etc etc or (#4) use 06:23 <@vpnHelper> openvpn --show-valid-subnets to see the subnets you can use in net30 06:24 <@dazo> so dividing on 4, is more correct when using the default /30 setup 06:24 < ObamaIsAGangsta> so its actually 4 06:24 -!- aegidos [~admin@tmo-103-47.customers.d1-online.com] has joined #openvpn 06:24 < ObamaIsAGangsta> yea i see it now 06:25 -!- caemir_ [~caemir@unaffiliated/caemir] has joined #openvpn 06:25 -!- caemir [~caemir@unaffiliated/caemir] has quit [Ping timeout: 240 seconds] 06:25 -!- caemir_ is now known as caemir 06:25 < ObamaIsAGangsta> so 24 net = around 6000 clients 06:25 < ObamaIsAGangsta> 16k rather 06:27 < ObamaIsAGangsta> to allow more you just put server 255.255.0.0 10.8.0.0 right? 06:27 <@dazo> server 10.8.0.0 255.255.0.0 06:28 < ObamaIsAGangsta> ah yea 06:28 <@dazo> that'll give you a /16 subnet .... which is the maximum OpenVPN can tackle 06:28 < ObamaIsAGangsta> well there's no way 1 cpu core could ever handle that many clients anyway 06:28 <@dazo> That'll give you 16384 client networks 06:28 <@dazo> exactly 06:29 <@dazo> And OpenVPN already due to the single thread approach is already struggling when reaching ~150 clients 06:29 <@dazo> (if all clients are network intensive, or f.ex. using TAP and not TUN) 06:30 < ObamaIsAGangsta> one could run another openvpn daemon per core 06:30 < ObamaIsAGangsta> not sure if they'd both pick out addresses from the same pool though 06:31 <@dazo> yeah, but then its clever to let each openvpn use its own subnet 06:31 < ObamaIsAGangsta> never tried setting up two instances running 06:31 -!- caemir [~caemir@unaffiliated/caemir] has quit [Ping timeout: 240 seconds] 06:31 <@dazo> or else the routing is going to be far more complicated 06:31 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 06:31 < ObamaIsAGangsta> so other one could be server 10.9.0.0 255.255.0.0 06:32 < ObamaIsAGangsta> add seperate nat rule etc 06:32 <@vpnHelper> RSS Update - forum: openvpn and source based routing 06:34 < hyper_ch> dazo: EugeneKay: krphop_: http://motivatedcats.iblogger.org/images/cat_tinfoil.jpg 06:34 <@dazo> :-P 06:34 < hyper_ch> I have to prep my furballs :) 06:34 < ObamaIsAGangsta> should be kicked 06:34 < ObamaIsAGangsta> i was kick for mention government 06:35 -!- Cubox [~Cubox@unaffiliated/cubox] has quit [Remote host closed the connection] 06:35 -!- Cubox [~Cubox@unaffiliated/cubox] has joined #openvpn 06:36 < X0Rc0re> With OpenVPN, do the people connecting to the VPN have a GUI to connect? 06:36 < X0Rc0re> can they connect using this : http://openvpn.net/index.php/open-source/documentation/howto.html#config 06:36 <@vpnHelper> Title: HOWTO (at openvpn.net) 06:36 < ObamaIsAGangsta> are there any decent how to's online dealing with running multiple instances 06:36 < X0Rc0re> oops 06:36 < ObamaIsAGangsta> interesting stuff 06:36 < X0Rc0re> http://screensnapr.com/v/mwvGKO.png 06:36 <@vpnHelper> Title: View mwvGKO.png on ScreenSnapr (at screensnapr.com) 06:37 -!- roentgen [~arthur@openvpn/community/support/roentgen] has joined #openvpn 06:38 < X0Rc0re> dazo: how do users connect to Eurephi?a 06:38 < X0Rc0re> ? 06:38 < X0Rc0re> SSH runneling? 06:38 <@dazo> X0Rc0re: users don't connect to eurephia ... they connect to an openvpn server 06:38 < X0Rc0re> tunneling* 06:38 < X0Rc0re> well i mean auth* 06:39 < X0Rc0re> do they authenticate through putty? 06:39 <@dazo> X0Rc0re: you obviously haven't read the documentation 06:39 < ObamaIsAGangsta> i told him to 06:39 < ObamaIsAGangsta> got tired of spoon feed 06:39 <@dazo> X0Rc0re: openvpn clients needs to to be told to ask for username/password .... but *before* you think about that .... just ignore eurephia and get openvpn working 06:40 <@dazo> without username/password authentication 06:40 <@dazo> when that works, you have a setup ready to be expanded 06:40 < X0Rc0re> ok :) 06:45 < ObamaIsAGangsta> this is a good pic for any1 not understanding ip 06:45 < ObamaIsAGangsta> http://www.ripe.net/images/cidr_working42.jpg 06:50 < X0Rc0re> May i just ask, how many people can connect to the VPN at once? 06:57 -!- X0Rc0re_ [~chatzilla@203-206-79-95.dyn.iinet.net.au] has joined #openvpn 06:59 -!- X0Rc0re [~chatzilla@124.148.205.10] has quit [Ping timeout: 260 seconds] 06:59 -!- X0Rc0re_ is now known as X0Rc0re 07:05 <@dazo> X0Rc0re: many ... up to 150 without any problem ... for more than 150, it depends on your config 07:06 <@dazo> and how much traffic your clients push through the tunnel 07:13 -!- X0Rc0re_ [~chatzilla@124-169-237-96.dyn.iinet.net.au] has joined #openvpn 07:13 -!- aegidos [~admin@tmo-103-47.customers.d1-online.com] has quit [Ping timeout: 244 seconds] 07:13 < ErichG> Good morning all. I'm trying to get a site-site bridging server up and running on OSX Lion. I have successfully installed the tap driver, and the site B server (tomatoVPN) successfully connects and exchanges packets on the tap.... 07:13 < ErichG> the problem is that I can't figure out how to actually make a bridge device on the Mac. 07:14 -!- X0Rc0re [~chatzilla@203-206-79-95.dyn.iinet.net.au] has quit [Ping timeout: 252 seconds] 07:14 -!- X0Rc0re_ is now known as X0Rc0re 07:15 -!- aegidos [~admin@tmo-103-47.customers.d1-online.com] has joined #openvpn 07:16 < ObamaIsAGangsta> how come this isnt working 07:16 < ObamaIsAGangsta> openvpn --daemon --config /etc/openvpn/secondcore/server.conf 07:16 < ObamaIsAGangsta> should start my 2nd instance 07:18 <@dazo> ObamaIsAGangsta: what does the log say? 07:18 -!- aegidos [~admin@tmo-103-47.customers.d1-online.com] has quit [Client Quit] 07:18 <@dazo> ErichG: just a control question first: Why do you need to bridge the network? 07:18 -!- X0Rc0re [~chatzilla@124-169-237-96.dyn.iinet.net.au] has quit [Read error: Connection reset by peer] 07:19 < ErichG> dazo: One of the main purposes of the VPN is to get NAT out of freeswitch. 07:19 -!- aegidos [~admin@tmo-103-96.customers.d1-online.com] has joined #openvpn 07:20 < ErichG> otherwise I would route 07:20 < ObamaIsAGangsta> there's no server log to look at, its supposed to create its own seperate log in secondcore dir 07:20 < ObamaIsAGangsta> otherwise the two logs would be overwriting eachother 07:21 < ErichG> dazo: sorry for that sentence... essentially I have a lot of SIP clients connecting to a remote server. 07:21 < ErichG> also.. I've had this working for years under linux.. 07:23 <@dazo> ObamaIsAGangsta: just add --log /tmp/openvpn.log ... and you'll get it 07:24 -!- aegidos [~admin@tmo-103-96.customers.d1-online.com] has left #openvpn [] 07:24 <@vpnHelper> RSS Update - forum: Date-Time stamp in log name 07:26 < ObamaIsAGangsta> ok now 2 processes show up on htop 07:26 -!- rawplayer [~foo@shell.students.os3.nl] has joined #openvpn 07:26 < ObamaIsAGangsta> normally i just start openvpn by tying service openvpn start 07:26 <@dazo> ErichG: okay ... well, I don't know much about OSX .... but in general, SIP should (in theory) work fine on non-bridged network (using routing) as well ... you basically need TAP and bridging when the broadcast traffic is important in the network 07:27 -!- X0Rc0re [~chatzilla@58-7-211-238.dyn.iinet.net.au] has joined #openvpn 07:27 -!- ObamaIsAGangsta [~newegggg@208.111.39.186] has quit [Read error: Connection reset by peer] 07:27 -!- ObamaIsAGangsta [~newegggg@208.111.39.186] has joined #openvpn 07:32 < ErichG> dazo: thanks for the advice - I'll give it a shot... (I had been enjoying some broadcast dependent features of OSX, like bonjour service advertising... iTunes sharing). 07:32 -!- ObamaIsAGangsta [~newegggg@208.111.39.186] has quit [Ping timeout: 276 seconds] 07:33 -!- ObamaIsAGangsta [~newegggg@208.111.39.186] has joined #openvpn 07:34 <@dazo> yeah, bonjour/mdns and such stuff uses a lot of multicast and broadcast traffic 07:34 < ErichG> to the room - if there are any Mac experts who are also OPVN devs, it would be great to get some docs out on how to bridge in Lion. All the best everyone, Happy New Year! 07:34 -!- ObamaIsAGangsta [~newegggg@208.111.39.186] has quit [Read error: Connection reset by peer] 07:34 -!- ObamaIsAGangsta [~newegggg@208.111.39.186] has joined #openvpn 07:34 <@dazo> ErichG: my guess is that krzee and/or ecrist are those who knows most about ovpn and osx 07:35 < ErichG> dazo: thanks - I'll have a loot for them. 07:35 -!- X0Rc0re [~chatzilla@58-7-211-238.dyn.iinet.net.au] has quit [Quit: ChatZilla 0.9.88 [Firefox 8.0.1/20111120135848]] 07:36 -!- aegidos [~admin@tmo-102-35.customers.d1-online.com] has joined #openvpn 07:36 < aegidos> Hy i don't get it. my openvpn is running and i can connect to my home debian machine 07:36 < ErichG> s/loot/look lol 07:36 < aegidos> network mapping is working 07:37 < aegidos> browsing with IP is workung 07:37 < aegidos> but DNS isn't workung 07:37 < aegidos> working 07:37 <@dazo> !dns 07:37 <@vpnHelper> "dns" is (#1) Level3 open recursive DNS server at 4.2.2.[1-6] or (#2) Google open recursive DNS server at 8.8.8.8 / 8.8.4.4 or (#3) you might be looking for !pushdns 07:37 <@dazo> !pushdns 07:37 <@vpnHelper> "pushdns" is (#1) push "dhcp-option DNS a.b.c.d" to push dns to the client or (#2) http://thread.gmane.org/gmane.network.openvpn.user/25139/focus=25147 see that mail archive for some info on pushing dns or (#3) http://article.gmane.org/gmane.network.openvpn.user/25149 for a perm fix via regedit or (#4) in unix you'll use the update-resolv-conf script or (#5) also 07:37 <@vpnHelper> http://comments.gmane.org/gmane.network.openvpn.user/31975 reports --register-dns as fixing their problems pushing DNS to windows 7 07:37 < aegidos> i even pushed the ip over push dhcp 07:37 <@dazo> aegidos: which os? 07:37 <@dazo> Windows? 07:37 < aegidos> 8.8.8.8 DNS pushed to clients doesnt work dazo 07:37 < aegidos> OS X + Tunnelblick 07:38 < aegidos> nslookup works either on the client 07:39 <@dazo> aegidos: ahh, okay ... sorry, I don't know much about osx ... but I believe /etc/resolv.conf should get updated 07:39 < aegidos> but i can not route out of my network 07:39 < aegidos> i updated resolve.conf 07:39 < ObamaIsAGangsta> hmm i see that by itself it has added a new tun device, tun1 07:39 < ObamaIsAGangsta> normal? 07:39 <@dazo> if you can't route out of your network ... you got routing or firewall/nat issues 07:40 < ObamaIsAGangsta> i was able to connect to the second instance and ping 10.9.0.1 07:40 <@dazo> ObamaIsAGangsta: yupp, that's normal ... one tun/tap device per openvpn process 07:40 < ObamaIsAGangsta> what im doing is just academic interest i guess, my average load per 1 core is 0.02 over last 30 days lol 07:41 < aegidos> okay firewall issues might indicated my iptables is blocking sth but i did masquerading and this stuff too 07:41 < aegidos> http://forums.openvpn.net/topic9504.html#p19077 07:41 <@vpnHelper> Title: OpenVPN Support Forum OpenVPN+Shorewall. Internal routing OK, external fails : Server Administration (at forums.openvpn.net) 07:41 <@dazo> aegidos: use tcpdump or wireshark to see if the dns requests goes out on the proper interfaces on your vpn server 07:42 < aegidos> yes tcpdump does: http://pastebin.com/3XfytQhE 07:43 < aegidos> it does some DNS on d1-online what seems to be the google DNS 8.8.8.8 07:44 < ObamaIsAGangsta> i'm guessing this is the only firewall change needed? http://pastebin.com/LQBRTs18 07:44 < ObamaIsAGangsta> just some new forward and nat rules 07:45 < aegidos> i could try this again ObamalsAGansta 07:47 < aegidos> iptables postrouting doesn't work either 07:47 -!- rommel092079 [b816b6f6@gateway/web/freenode/ip.184.22.182.246] has joined #openvpn 07:48 < ObamaIsAGangsta> ? 07:48 < aegidos> i tried your code from pastebin 07:48 < aegidos> http://pastebin.com/LQBRTs18 07:51 -!- akm22562 [~andrew.mi@99-89-67-145.uvs.lsvlky.sbcglobal.net] has joined #openvpn 07:51 <@dazo> that looks fine (I would probably use -j DROP instead of -j REJECT, but that's nitpicking) 07:52 <@dazo> aegidos: what does tcpdump of the tunnel interface say on the server? (please apply -n to tcpdump to make it more readable) 07:52 -!- ObamaIsAGangsta [~newegggg@208.111.39.186] has quit [Read error: Connection reset by peer] 07:52 -!- ObamaIsAGangsta [~newegggg@61.170.211.238] has joined #openvpn 07:52 <@vpnHelper> RSS Update - forum: How to implement same key can only one client is online? || OpenVPN+Shorewall. Internal routing OK, external fails 07:53 < ObamaIsAGangsta> works 07:53 < ObamaIsAGangsta> am now connected from the 2nd daemon ;) 07:53 < aegidos> hm 07:53 < ObamaIsAGangsta> just dont know how to bind it to the other cpu core 07:53 < ObamaIsAGangsta> but thats more of a linux question 07:53 <@dazo> ObamaIsAGangsta: yeah, look for taskset ... CPU affinity is the feature you'll be looking for 07:54 < rommel092079> sir dazo, our ISP has its own dns. and with their own dns, when I use vpn, there is no internet. moreover, if I use other public or private dns, there is no internet still. if this is the situation, I cannot use vpn traffic 07:55 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 07:57 < akm22562> I feel stupid asking this but... I have a site-to-site shared key tunnel setup. It works great from both LANs. However, if I VPN into to a LAN, I can't talk down the tunnel. Can anyone offer advise, please? 07:58 <@dazo> !route 07:58 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT or (#3) See !tcpip for more info about a more basic networking guide 07:58 <@dazo> akm22562: ^^ 07:59 < ObamaIsAGangsta> i do find it a little odd that both process look different, only difference is port number in configs and ippool 07:59 < ObamaIsAGangsta> http://screensnapr.com/v/ahRe3s.png 07:59 <@vpnHelper> Title: View ahRe3s.png on ScreenSnapr (at screensnapr.com) 08:00 <@dazo> ObamaIsAGangsta: process 3534 is started via a init script most likely, while your other process is started manually 08:01 < ObamaIsAGangsta> that is what happened, seems the manual one hasn't chrooted itself properly 08:01 < ObamaIsAGangsta> to /var/run/openvpn 08:02 <@dazo> ObamaIsAGangsta: which distro are you on? 08:02 < ObamaIsAGangsta> centos 5.5 08:02 -!- rommel092079 [b816b6f6@gateway/web/freenode/ip.184.22.182.246] has quit [Quit: Page closed] 08:03 <@dazo> then it should be enough to have your second config in /etc/openvpn and do a 'service openvpn restart' .... 08:03 < ObamaIsAGangsta> yea but i can't have two files both named server.conf 08:03 -!- aegidos [~admin@tmo-102-35.customers.d1-online.com] has quit [Read error: Connection reset by peer] 08:03 < ObamaIsAGangsta> as i know it looks for that name not xxx.conf 08:03 <@dazo> ObamaIsAGangsta: just give it another name (server2.conf) 08:03 < ObamaIsAGangsta> ahhhh ok 08:04 <@dazo> iirc, it looks for /etc/openvpn/*.conf 08:04 -!- aegidos [~admin@tmo-102-35.customers.d1-online.com] has joined #openvpn 08:04 < ObamaIsAGangsta> convenient then wont have to copy all the key crts to new dir 08:04 <@dazo> :) 08:04 < ErichG> dazo: et.al. I just discovered that, unlike FreeBSD, in OSX Lion you actually have to specify a device number, ala, #ifconfig bridge0 create. FreeBSD looks for existing bridges and adds an index automatically. People have been waiting for bridging in OSX forever.. so you may start seeing this question more. 08:05 <@dazo> ahh 08:05 < ErichG> made me feel pretty tupid, lol. 08:05 <@dazo> s/t/c/ :-P 08:05 < ErichG> lol 08:06 < ErichG> cheers all - enjoy the day! 08:06 <@dazo> u2 08:06 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has left #openvpn [] 08:08 < ObamaIsAGangsta> it only started server.conf process 08:08 -!- aegidos [~admin@tmo-102-35.customers.d1-online.com] has quit [Ping timeout: 252 seconds] 08:11 <@dazo> ObamaIsAGangsta: then checking /var/log/messages .... or other log files might be an idea 08:12 <@dazo> I just checked /etc/init.d/openvpn on a CentOS 5.7 box, and it should be decent enough to start all configs 08:14 < ObamaIsAGangsta> disabled privacy extensions tun1 08:15 < ObamaIsAGangsta> ahh nevermind 08:15 < ObamaIsAGangsta> im silly, i put both conf files in /secondcore 08:19 <@vpnHelper> RSS Update - forum: How to implement same key can only one client is online? || possible ways to establish ddns updates for openvpn clients 08:19 < ObamaIsAGangsta> working ;) 08:20 < ObamaIsAGangsta> thanks you really are the resident expert in here 08:21 -!- krzie [nobody@openvpn/community/support/krzee] has joined #openvpn 08:25 <@vpnHelper> RSS Update - forum: TLS negotiation failed with UDP 08:26 -!- akm22562 [~andrew.mi@99-89-67-145.uvs.lsvlky.sbcglobal.net] has quit [Remote host closed the connection] 08:30 < ObamaIsAGangsta> its so easy to do i dont see why multicore support is a big deal 08:32 < ObamaIsAGangsta> just noticed i can ping 10.8.0.1 and 10.9.0.1 when connected via either daemon 08:32 < ObamaIsAGangsta> guess makes sense 08:32 < ObamaIsAGangsta> anyway time to sleep thanks every1 08:33 -!- ObamaIsAGangsta [~newegggg@61.170.211.238] has quit [] 08:36 -!- Mowee [~Mowi@lendabrain.net] has joined #openvpn 08:37 <@vpnHelper> RSS Update - forum: Road Warrior setup || How to implement same key can only one client is online? || New Site-to-Site Tunnel With Partial Connectivity 08:37 -!- Guest64230 [~nb@delta.bebout.us] has quit [Changing host] 08:37 -!- Guest64230 [~nb@fedora/znc.nb] has joined #openvpn 08:38 -!- Guest64230 [~nb@fedora/znc.nb] has quit [Quit: ZNC - http://znc.in] 08:43 <@vpnHelper> RSS Update - forum: [resoved]How to implement same key can only one client ... 08:49 -!- nb [~nb@fedora/znc.nb] has joined #openvpn 08:52 -!- Cubox [~Cubox@unaffiliated/cubox] has quit [Quit: WeeChat 0.3.7-dev] 09:02 -!- roentgen [~arthur@openvpn/community/support/roentgen] has quit [Quit: Konversation terminated!] 09:13 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has quit [Ping timeout: 252 seconds] 09:22 < ecrist> did ErichG get his problem solved, dazo? 09:23 <@dazo> ecrist: yeah, it was that osx requires the bridge index number ... while *bsd don't need it and does the indexing automatically 09:24 < ecrist> os x bridge support is new in 10.7, fwiw 09:26 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 09:29 -!- bauruine [~stefan@2001:8e0:100b:dead:f2de:f1ff:fe9f:974b] has joined #openvpn 09:43 -!- pierreghz [~pierreghz@cust-215-74-111-94.dyn.as47377.net] has joined #openvpn 09:55 -!- roentgen [~arthur@openvpn/community/support/roentgen] has joined #openvpn 10:02 -!- aegidos [~admin@p54B5B462.dip.t-dialin.net] has joined #openvpn 10:02 < aegidos> nabend 10:02 < aegidos> unbelievable 10:03 < aegidos> my vpn works a little bit better than today morning 10:03 < aegidos> but the client isn`t able to access the internet 10:03 -!- skynet2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 10:03 < aegidos> DNS doesn't work, IRC doesn't work either 10:03 < aegidos> !pushdns 10:03 <@vpnHelper> "pushdns" is (#1) push "dhcp-option DNS a.b.c.d" to push dns to the client or (#2) http://thread.gmane.org/gmane.network.openvpn.user/25139/focus=25147 see that mail archive for some info on pushing dns or (#3) http://article.gmane.org/gmane.network.openvpn.user/25149 for a perm fix via regedit or (#4) in unix you'll use the update-resolv-conf script or (#5) also 10:03 <@vpnHelper> http://comments.gmane.org/gmane.network.openvpn.user/31975 reports --register-dns as fixing their problems pushing DNS to windows 7 10:04 < aegidos> already tried this but it doesn't work 10:04 < aegidos> if i am in my VPN i can ssh to the openVPN Server 10:04 < aegidos> the server can browse, i tried with command line warrior browser w3m :-D 10:05 < aegidos> but not the client 10:05 < aegidos> anybody some routing experience, why the client can not browse? 10:06 < ecrist> !def1 10:06 <@vpnHelper> "def1" is (#1) used in redirect-gateway, Add the def1 flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. or (#2) please see --redirect-gateway in the man page ( !man ) to fully understand or (#3) push "redirect-gateway def1" 10:07 < ecrist> are you handing out 'real' IPs, or are you using NAT for VPN clients 10:08 < aegidos> there is a NAT implemented to do a translation between 10.8.0.0 and gateway 192.168.178.77 10:08 < aegidos> a static route was added to my fritzbox 10:09 < ecrist> !welcome 10:09 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 10:10 < aegidos> http://pastebin.com/MbWLVWd2 10:10 < aegidos> http://pastebin.com/HdXeAycM 10:11 < aegidos> here my server conf http://pastebin.com/GNviTvUQ 10:12 < aegidos> my client.conf http://pastebin.com/GE06sZ73 10:12 < aegidos> I'm running OSX Snow LEO and using Tunnelblick to connect 10:13 < ecrist> as the client or the server? 10:13 < aegidos> openvpn is running over debian 10:13 < aegidos> the client is OSX the server debian 10:15 < ecrist> with the VPN up, show me `netstat -rn` on the mac 10:16 < ecrist> also, unless you have a good reason, you should be using UDP instead of TCP 10:16 < aegidos> okay, my IRC will exit if i connect to vpn 10:16 < aegidos> okay i can change to UDP on server and client side no problem 10:17 < ecrist> !tcp 10:17 <@vpnHelper> "tcp" is (#1) Sometimes you cannot avoid tunneling over tcp, but if you can avoid it, DO. http://sites.inka.de/~bigred/devel/tcp-tcp.html Why TCP Over TCP Is A Bad Idea. or (#2) http://www.openvpn.net/papers/BLUG-talk/14.html for a presentation by James Yonan (OpenVPN lead developer) or (#3) if you must use tcp, you likely want --tcp-nodelay 10:18 -!- aegidos_ [~admin@p54B5B462.dip.t-dialin.net] has joined #openvpn 10:18 -!- aegidos [~admin@p54B5B462.dip.t-dialin.net] has quit [Read error: Connection reset by peer] 10:18 -!- aegidos_ is now known as aegidos 10:18 < aegidos> http://pastebin.com/h2FcZdTw 10:19 < ecrist> is your VPN server and VPN client on the same lan? 10:19 < aegidos> now they are yes 10:19 < ecrist> that's not going to work. 10:20 < aegidos> okay than i will make a netstat when i'm outside and connected via mobile phone tethering 10:20 < aegidos> + 10:20 < ecrist> there you go 10:20 < aegidos> thanks a lot !! 10:21 < aegidos> seems that you will crack that nut :-D 10:21 < ecrist> ? 10:22 < aegidos> had today some discussions about my problem but nobody could help me 10:22 < ecrist> many users here are from the US, and today is a business holiday 10:23 < ecrist> I just happen to be using today to work on the openvpn forum 10:23 <@vpnHelper> RSS Update - forum: Bridging on Windows Server 2008 R2 10:24 < aegidos> okay cool 10:24 < aegidos> goin to reboot 10:24 < ecrist> not sure why you need to reboot 10:24 < ecrist> but enjoy 10:25 < aegidos> changed my tunnelblick config to udp :-D 10:25 < ecrist> no need to reboot 10:25 < aegidos> okay than i will stay 10:25 < ecrist> next time you connect, it just uses the config 10:27 -!- skynet2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 10:27 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 10:27 < aegidos> okay that should work 10:28 < aegidos> but now i'm switching to thethering. short time disconnected ... 10:30 -!- pierreghz [~pierreghz@cust-215-74-111-94.dyn.as47377.net] has quit [Ping timeout: 252 seconds] 10:30 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Read error: Connection reset by peer] 10:33 -!- skynet2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 10:34 -!- happylife [~happylife@dyn-58-35.fttbee.kis.ru] has joined #openvpn 10:35 -!- skynet2000 [~skynet-20@unaffiliated/skynet2000] has quit [Client Quit] 10:36 -!- skynet2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 10:38 -!- aegidos_ [~admin@tmo-103-185.customers.d1-online.com] has joined #openvpn 10:38 < aegidos_> okay again here 10:40 < hyper_ch> hi ecrist 10:40 < aegidos_> now i changed to UDP and get a new error 10:40 < aegidos_> http://pastebin.com/7Ch4uzbf 10:40 -!- aegidos [~admin@p54B5B462.dip.t-dialin.net] has quit [Ping timeout: 240 seconds] 10:40 -!- aegidos_ is now known as aegidos 10:41 < aegidos> http://pastebin.com/JJvpV3uY 10:44 -!- pierreghz [~pierreghz@cust-14-25-111-94.dyn.as47377.net] has joined #openvpn 10:45 -!- dazo is now known as dazo_afk 10:46 -!- SOG [~SOG@168.70.16.99] has joined #openvpn 10:51 < ecrist> looks like a firewall issue or something 10:56 < aegidos> okay switching back to udp :-D 10:56 < aegidos> to find the rootcause 10:57 -!- aegidos_ [~admin@p54B5B462.dip.t-dialin.net] has joined #openvpn 10:57 -!- aegidos [~admin@tmo-103-185.customers.d1-online.com] has quit [Read error: Connection reset by peer] 10:57 -!- aegidos_ is now known as aegidos 10:58 -!- aegidos_ [~admin@tmo-096-129.customers.d1-online.com] has joined #openvpn 11:02 -!- aegidos [~admin@p54B5B462.dip.t-dialin.net] has quit [Ping timeout: 252 seconds] 11:02 -!- aegidos_ is now known as aegidos 11:02 -!- SOG [~SOG@168.70.16.99] has quit [Quit: I will be back!] 11:03 -!- SOG [~SOG@168.70.16.99] has joined #openvpn 11:11 -!- aegidos [~admin@tmo-096-129.customers.d1-online.com] has quit [Remote host closed the connection] 11:11 -!- aegidos [~admin@p54B5B462.dip.t-dialin.net] has joined #openvpn 11:12 -!- simplechat [~simplecha@unaffiliated/simplechat] has quit [Read error: Connection reset by peer] 11:12 -!- aegidos_ [~admin@tmo-096-129.customers.d1-online.com] has joined #openvpn 11:13 < aegidos_> switching to tcp failed 11:13 < aegidos_> now nor udp/tcp works 11:13 < ecrist> both client/server needs to match 11:15 < aegidos_> yes they do 11:15 < aegidos_> now both switched back to tcp 11:16 -!- aegidos [~admin@p54B5B462.dip.t-dialin.net] has quit [Ping timeout: 240 seconds] 11:16 -!- aegidos_ is now known as aegidos 11:16 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has joined #openvpn 11:16 < aegidos> and i rebooted the server 11:17 < aegidos> but that doesn't help 11:17 -!- aegidos_ [~admin@p54B5B462.dip.t-dialin.net] has joined #openvpn 11:17 -!- aegidos [~admin@tmo-096-129.customers.d1-online.com] has quit [Read error: Connection reset by peer] 11:17 -!- aegidos_ is now known as aegidos 11:18 -!- aegidos [~admin@p54B5B462.dip.t-dialin.net] has quit [Client Quit] 11:19 < ecrist> ErichG: saw your questions about Mac OS X and bridge interface 11:19 < ecrist> just an FYI, bridge support in OS X is new in 10.7 11:19 < ErichG> ecrist: thanks - I figured that out finally with dazo's help... 11:21 < ErichG> although I seem to have routing problems I didn't in linux.. working though that now. I routers can talk to each other over the link, but nothing else in the subnet.... I'll be back if I can't grock it ;-) 11:21 -!- raidz [~raidz@openvpn/corp/admin/andrew] has joined #openvpn 11:21 -!- mode/#openvpn [+o raidz] by ChanServ 11:22 -!- skynet2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 11:22 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 11:22 -!- smerz [~smerz@smerz.demon.nl] has joined #openvpn 11:23 -!- [neg]r01dz [~neg]r01dz@gateway/tor-sasl/negr01dz/x-41213968] has joined #openvpn 11:24 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Ping timeout: 240 seconds] 11:24 -!- aegidos [~admin@p54B5B462.dip.t-dialin.net] has joined #openvpn 11:24 < [neg]r01dz> Hello. 11:24 < aegidos> okay here is my netstat http://pastebin.com/Ve2qaf5f 11:24 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 11:24 < ecrist> [neg]r01dz: color in here sucks, please refrain from it 11:24 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Read error: Connection reset by peer] 11:24 < ecrist> particularly in silly combinations 11:25 < [neg]r01dz> Then set the channel mode to +C, silly. 11:26 -!- mode/#openvpn [+o ecrist] by ChanServ 11:26 -!- mode/#openvpn [+c] by ChanServ 11:27 < [neg]r01dz> See, it works. 11:27 < [neg]r01dz> or not.. 11:27 <@ecrist> aegidos: I don't need private messages, either 11:27 < [neg]r01dz> capital c. 11:27 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 11:27 <@ecrist> capital C is for CTCP 11:27 <@ecrist> lower c is for color 11:27 < [neg]r01dz> ah. 11:28 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Read error: Connection reset by peer] 11:28 <@ecrist> http://freenode.net/using_the_network.shtml for your reference 11:29 <@vpnHelper> Title: freenode: using the network (at freenode.net) 11:30 < [neg]r01dz> Well, channel ctcp can be used to cause a massive PITA as well. 11:30 < [neg]r01dz> Want me to demonstrate?;) 11:30 < aegidos> i guess my tun0 configuration looks good 11:31 < aegidos> but not sure about the flag setting 11:34 <@ecrist> [neg]r01dz: if you want to never make it back in here, by all means. ;) 11:34 <@ecrist> aegidos: post new copies of your current server/client configs, please 11:35 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 11:35 < aegidos> okay but i switched them back to TCP because UDP didn't work properly 11:35 <@ecrist> well, if you're getting connected, no need 11:36 < aegidos> client: http://pastebin.com/wcVhxLLj 11:36 -!- skynet2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 11:36 -!- skynet2000 [~skynet-20@unaffiliated/skynet2000] has quit [Client Quit] 11:36 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Client Quit] 11:36 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 11:37 < aegidos> server.conf http://pastebin.com/1ZAF14Q7 11:40 < aegidos> !welcome 11:40 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 11:40 < aegidos> !configs 11:40 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries 11:40 < [neg]r01dz> !jews did nine eleven 11:40 <@vpnHelper> RSS Update - forum: Problem connecting Windows 7 to OpenVPN 11:41 -!- [neg]r01dz [~neg]r01dz@gateway/tor-sasl/negr01dz/x-41213968] has left #openvpn ["Jews did WTC"] 11:42 -!- mode/#openvpn [+b *!*@*negr01dz*] by ecrist 11:43 < aegidos> http://pastebin.com/cT3fMA3Y 11:43 < aegidos> open vpn version is this http://pastebin.com/cT3fMA3Y 11:43 <@ecrist> you need to upgrade 11:44 <@ecrist> 2.2.2 is the current version 11:44 < aegidos> okay i will look how ;-) 11:53 -!- c1de0x [~c1de0x@208.111.44.254] has quit [Ping timeout: 240 seconds] 11:53 -!- c1de0x [~c1de0x@208.111.44.254] has joined #openvpn 11:54 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 11:55 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 11:56 -!- Cubox [~Cubox@vps.e-noob.eu] has joined #openvpn 11:57 -!- Cubox [~Cubox@vps.e-noob.eu] has quit [Changing host] 11:57 -!- Cubox [~Cubox@unaffiliated/cubox] has joined #openvpn 11:59 -!- mattock [~samuli@openvpn/corp/admin/mattock] has quit [Ping timeout: 252 seconds] 12:03 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has quit [Quit: Leaving.] 12:03 -!- skynet-2000 is now known as SkyNet-2000 12:06 -!- roentgen [~arthur@openvpn/community/support/roentgen] has quit [Quit: Konversation terminated!] 12:09 -!- SkyNet-2000 is now known as SkyNet 12:10 -!- SkyNet is now known as Guest93730 12:11 -!- c1de0x [~c1de0x@208.111.44.254] has quit [Remote host closed the connection] 12:11 -!- c1de0x [~c1de0x@208.111.44.254] has joined #openvpn 12:12 -!- Guest93730 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 12:12 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 12:15 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Read error: Connection reset by peer] 12:19 -!- babble [~coyote@unaffiliated/coyote] has joined #openvpn 12:33 -!- Duryodhan_ [Duryodhan@117.225.215.211] has joined #openvpn 12:44 -!- vocis [~vocis@gateway/tor-sasl/voidzero] has joined #openvpn 12:45 -!- c1de0x [~c1de0x@208.111.44.254] has quit [Ping timeout: 240 seconds] 12:48 -!- Duryodhan [Duryodhan@2002:75e0:7855::75e0:7855] has joined #openvpn 12:48 < Duryodhan> hay anyone using endian..??? 12:49 < hyper_ch> yes 12:50 -!- Duryodhan_ [Duryodhan@117.225.215.211] has quit [Ping timeout: 276 seconds] 12:51 -!- Duryodhan [Duryodhan@2002:75e0:7855::75e0:7855] has quit [Client Quit] 12:51 -!- Duryodhan [Duryodhan@2002:75e0:7855::75e0:7855] has joined #openvpn 12:52 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has joined #openvpn 12:52 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has quit [Changing host] 12:52 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 12:52 -!- mode/#openvpn [+v Axeman] by ChanServ 12:55 < Duryodhan> anyone one using endian..?? 12:56 -!- skynet-2000 [~skynet-20@99-62-100-172.lightspeed.tukrga.sbcglobal.net] has joined #openvpn 12:57 -!- skynet-2000 [~skynet-20@99-62-100-172.lightspeed.tukrga.sbcglobal.net] has quit [Changing host] 12:57 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 12:58 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has left #openvpn [] 13:02 <@vpnHelper> RSS Update - forum: Unknown issue only with Linux client 13:04 < Duryodhan> hy 13:05 <@ecrist> what is endian? 13:05 < hyper_ch> it's some kind of salad 13:06 * hyper_ch gives a cookie to ecrist 13:06 * jeev takes the cookie away 13:08 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 13:08 < Duryodhan> no 13:08 < Duryodhan> its firewall 13:08 < Duryodhan> open source 13:09 * TJNII is using little-endian hw right now. 13:09 <@ecrist> we don't support firewall packages in here. 13:09 < Duryodhan> ok 13:09 < Duryodhan> thanx 13:10 -!- skynet-2000 is now known as _SkyNet|1000` 13:11 -!- _SkyNet|1000` is now known as SkyNet-1000 13:20 -!- SkyNet-1000 is now known as DataZombie 13:21 -!- Duryodhan [Duryodhan@2002:75e0:7855::75e0:7855] has quit [Ping timeout: 268 seconds] 13:30 -!- c1de0x [~c1de0x@208.111.44.254] has joined #openvpn 13:31 -!- DataZombie is now known as ItsMe` 13:32 -!- ItsMe` is now known as skynet-2000 13:34 -!- skynet-2000 is now known as ITsMe` 13:34 -!- ITsMe` is now known as skynet-2000 13:34 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has quit [Remote host closed the connection] 13:37 -!- Axeman2 [~Axeman3@knox.pace.edu] has joined #openvpn 13:37 -!- Axeman2 [~Axeman3@knox.pace.edu] has quit [Changing host] 13:37 -!- Axeman2 [~Axeman3@openvpn/user/axeman] has joined #openvpn 13:37 -!- mode/#openvpn [+v Axeman2] by ChanServ 13:41 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Ping timeout: 248 seconds] 13:47 -!- c1de0x [~c1de0x@208.111.44.254] has quit [Ping timeout: 252 seconds] 13:51 -!- c1de0x [~c1de0x@208.111.44.254] has joined #openvpn 13:59 -!- Axeman2 [~Axeman3@openvpn/user/axeman] has quit [Read error: Connection reset by peer] 14:19 < aegidos> ecrist: openvpn is already the newest version. 14:25 <@ecrist> it is? 14:25 <@ecrist> 2.0.9 is old 14:25 <@ecrist> very very old 14:44 < hyper_ch> 2.0.9 doesn't support topology 14:47 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Remote host closed the connection] 14:52 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 14:55 -!- aegidos_ [~admin@p54B5D9F3.dip.t-dialin.net] has joined #openvpn 14:57 -!- babble [~coyote@unaffiliated/coyote] has quit [Quit: Leaving] 14:58 -!- aegidos [~admin@p54B5B462.dip.t-dialin.net] has quit [Ping timeout: 248 seconds] 14:58 -!- aegidos_ is now known as aegidos 15:06 -!- Secret [~Secret@78.157.114.78] has quit [Ping timeout: 252 seconds] 15:07 -!- Secret [~Secret@78.157.114.78] has joined #openvpn 15:09 -!- aegidos_ [~admin@p54B5D9F3.dip.t-dialin.net] has joined #openvpn 15:09 -!- aegidos [~admin@p54B5D9F3.dip.t-dialin.net] has quit [Ping timeout: 244 seconds] 15:09 -!- aegidos_ is now known as aegidos 15:11 -!- aegidos_ [~admin@tmo-102-114.customers.d1-online.com] has joined #openvpn 15:14 -!- aegidos [~admin@p54B5D9F3.dip.t-dialin.net] has quit [Ping timeout: 255 seconds] 15:14 -!- aegidos_ is now known as aegidos 15:16 -!- aegidos_ [~admin@p54B5D9F3.dip.t-dialin.net] has joined #openvpn 15:19 -!- aegidos [~admin@tmo-102-114.customers.d1-online.com] has quit [Ping timeout: 252 seconds] 15:19 -!- aegidos_ is now known as aegidos 15:23 -!- aegidos_ [~admin@p54B5AFAD.dip.t-dialin.net] has joined #openvpn 15:27 -!- aegidos [~admin@p54B5D9F3.dip.t-dialin.net] has quit [Ping timeout: 268 seconds] 15:27 -!- aegidos_ is now known as aegidos 15:34 -!- aegidos_ [~admin@p54B5C3EF.dip.t-dialin.net] has joined #openvpn 15:35 -!- aegidos_ [~admin@p54B5C3EF.dip.t-dialin.net] has quit [Remote host closed the connection] 15:37 -!- aegidos_ [~admin@p54B5C3EF.dip.t-dialin.net] has joined #openvpn 15:37 -!- aegidos [~admin@p54B5AFAD.dip.t-dialin.net] has quit [Ping timeout: 240 seconds] 15:37 -!- aegidos_ is now known as aegidos 15:37 -!- aegidos [~admin@p54B5C3EF.dip.t-dialin.net] has quit [Remote host closed the connection] 15:41 -!- aegidos [~admin@p54B5C3EF.dip.t-dialin.net] has joined #openvpn 15:49 -!- aegidos [~admin@p54B5C3EF.dip.t-dialin.net] has quit [Ping timeout: 252 seconds] 15:51 -!- aegidos [~admin@p54B5D30F.dip.t-dialin.net] has joined #openvpn 15:55 -!- aegidos [~admin@p54B5D30F.dip.t-dialin.net] has quit [Ping timeout: 240 seconds] 15:55 -!- happylife [~happylife@dyn-58-35.fttbee.kis.ru] has quit [Read error: Connection reset by peer] 16:16 -!- troyt [~troyt@c-24-10-222-127.hsd1.ut.comcast.net] has quit [Remote host closed the connection] 16:21 -!- SOG [~SOG@168.70.16.99] has left #openvpn [] 16:24 -!- Netsplit *.net <-> *.split quits: +Mp5-, cron2, Deathvalley122, tabakhase 16:25 -!- Netsplit over, joins: Mp5- 16:25 -!- Netsplit over, joins: tabakhase, cron2, Deathvalley122 16:25 -!- mode/#openvpn [+o cron2] by ChanServ 16:32 -!- pierreghz [~pierreghz@cust-14-25-111-94.dyn.as47377.net] has quit [Read error: Connection reset by peer] 16:42 -!- nb [~nb@fedora/znc.nb] has quit [Ping timeout: 268 seconds] 16:53 -!- vpopov [~happylife@dyn-58-35.fttbee.kis.ru] has quit [Ping timeout: 240 seconds] 16:54 -!- Denial [Denial@drgi.co.uk] has quit [] 16:54 -!- Guest59671 [~nb@delta.bebout.us] has joined #openvpn 16:55 -!- Guest59671 [~nb@delta.bebout.us] has quit [Changing host] 16:55 -!- Guest59671 [~nb@fedora/znc.nb] has joined #openvpn 16:55 -!- Guest59671 [~nb@fedora/znc.nb] has left #openvpn [] 16:57 -!- astrostl [~astrostl@71-11-141-45.dhcp.stls.mo.charter.com] has joined #openvpn 16:58 < astrostl> i have a client connecting with a bridged ip of 10.10.9.5. its lan ip is 10.0.3.13. if i do a "route add 10.0.3.13 gw 10.10.9.5" on the server i get what i want. how/where should i put that command in the server? i put "route 10.0.3.13 255.255.255.0 10.10.9.5" in server.conf but no dice. 17:00 -!- DataZombie [~DataZombi@unaffiliated/skynet2000] has joined #openvpn 17:00 -!- mocas_ [~mocas@87-196-118-159.net.novis.pt] has joined #openvpn 17:03 -!- mocas [~mocas@87.196.121.23] has quit [Ping timeout: 248 seconds] 17:19 -!- Discombobulation [~Discombob@gateway/tor-sasl/discombobulation] has joined #openvpn 17:19 < Discombobulation> yo 17:20 < Discombobulation> !goal 17:20 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc 17:20 < Discombobulation> !welcome 17:20 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 17:21 < Discombobulation> !howto 17:21 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror 17:22 < Discombobulation> derp 17:25 < Discombobulation> are licenses mandatory when setting up an OpenVPN server, or can it be done without licenses? 17:25 -!- JoeyJoeJo [~brian@pool-173-71-223-79.clppva.fios.verizon.net] has joined #openvpn 17:26 < JoeyJoeJo> I've got an open vpn connection working between two ddwrt routers. However, machines behind my client ddwrt can't ping the remote network. I can ping the remote network from the client ddwrt. How can I fix that? 17:28 <+TJNII> Discombobulation: Licenses? What licenses? You mean the certs? 17:28 < Discombobulation> TJNII: http://openvpn.net/index.php/access-server/pricing.html 17:28 <@vpnHelper> Title: Pricing Guide (at openvpn.net) 17:29 < Discombobulation> that has me confused. i was under the impression OpenVPN is free software o_0 17:29 <+TJNII> Discombobulation: That's the paid support thing, I believe. You don't need a license to use OpenVPN/. 17:29 < Discombobulation> ahh ok 17:29 < Discombobulation> tyvm 17:29 <+TJNII> Oh, that's the access server 17:29 <+TJNII> I don't know anything about it, don't use it 17:30 < Discombobulation> ahh 17:30 < Discombobulation> 1 more Q 17:31 < Discombobulation> how much hardware would you need to run a dedicated OpenVPN server for like, 1-4 users max at a time? 17:31 < Discombobulation> probably not much im sure 17:31 < krzee> anything 17:31 < krzee> a lil openwrt router would be fine 17:31 < krzee> assuming you arent pushing major bits 17:33 < Discombobulation> mkay 17:34 -!- astrostl [~astrostl@71-11-141-45.dhcp.stls.mo.charter.com] has quit [] 17:34 -!- Secret [~Secret@78.157.114.78] has quit [Read error: Connection reset by peer] 17:38 -!- Secret [~Secret@78.157.114.78] has joined #openvpn 17:50 -!- zalzice [~zalzice@25.79-160-109.customer.lyse.net] has quit [Ping timeout: 255 seconds] 17:52 -!- zalzice [~zalzice@25.79-160-109.customer.lyse.net] has joined #openvpn 17:57 -!- Beave [~champ@bundy.vistech.net] has quit [Read error: Operation timed out] 17:57 -!- Beave [~champ@bundy.vistech.net] has joined #openvpn 18:01 -!- Discombobulation [~Discombob@gateway/tor-sasl/discombobulation] has quit [Remote host closed the connection] 18:05 -!- JoeyJoeJo [~brian@pool-173-71-223-79.clppva.fios.verizon.net] has quit [Read error: Connection reset by peer] 18:05 -!- JoeyJoeJo [~brian@pool-173-71-223-79.clppva.fios.verizon.net] has joined #openvpn 18:05 -!- Discombobulation [~Discombob@gateway/tor-sasl/discombobulation] has joined #openvpn 18:17 -!- EugeneKay [eugene@itvends.com] has quit [Ping timeout: 252 seconds] 19:08 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has joined #openvpn 19:09 -!- _julian_ [~quassel@hmbg-4d06d37e.pool.mediaWays.net] has joined #openvpn 19:13 -!- _julian [~quassel@hmbg-4d06eeab.pool.mediaWays.net] has quit [Ping timeout: 252 seconds] 19:34 -!- simplechat [~simplecha@123-243-79-139.static.tpgi.com.au] has joined #openvpn 19:34 -!- simplechat [~simplecha@123-243-79-139.static.tpgi.com.au] has quit [Changing host] 19:34 -!- simplechat [~simplecha@unaffiliated/simplechat] has joined #openvpn 19:59 -!- smerz [~smerz@smerz.demon.nl] has quit [Remote host closed the connection] 20:40 -!- zeshooem [~zee@bas1-toronto46-1177856379.dsl.bell.ca] has joined #openvpn 20:40 -!- zeshoem [~zee@bas1-toronto46-1177856379.dsl.bell.ca] has quit [Ping timeout: 252 seconds] 20:57 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Quit: Textual IRC Client: http://www.textualapp.com/] 20:57 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 21:02 -!- forgotten [forgotten@is.undroppable.co.uk] has joined #openvpn 21:02 < forgotten> i'm having trouble generating Client certs for openvpn. Not writing to database, then cert file is Empty. 21:04 < forgotten> and says: failed to update database 21:04 < forgotten> TXT_DB error number 2 21:13 < forgotten> oh i fixed that :) now i'm gettin connection refused lol 21:20 -!- jordanm [~jordanm@pdpc/supporter/active/jordanm] has joined #openvpn 21:20 -!- jordanm [~jordanm@pdpc/supporter/active/jordanm] has left #openvpn [] 21:54 <@ecrist> Discombobulation: we don't support AS in here 21:54 <@ecrist> !as 21:54 <@vpnHelper> "as" is please go to #OpenVPN-AS for help with Access-Server 21:54 < Discombobulation> no problem 21:54 < Discombobulation> i was assuming the license was for openvpn itself 21:54 <@ecrist> AS is a commercial product, and this is the support channel for the open-source software. 21:54 <@ecrist> ah, no, it's not 21:55 < Discombobulation> yeah 21:55 < Discombobulation> glad i got that clarified 22:00 < forgotten> can someone help me with PF on openbsd to allow clients to connect to openvpn ? 22:02 < krzie> !notovpn 22:02 <@vpnHelper> "notovpn" is "notopenvpn" is your problem is not about openvpn, and while we try to be helpful, you may have a better chance of finding your answer if you ask your question in a channel related to your problem 22:04 <@ecrist> meh, I can help 22:05 <@ecrist> forgotten: if you have pf enabled, you should probably know how to allow traffic in to openvpn 22:05 < forgotten> well.. its enabled to just pass everything i believe 22:06 < forgotten> but i'm getting nothing but Connection Refused when connecting my client 22:07 < forgotten> also i thought you had to add Nat rules to allow traffic out via your vpn subnet 22:10 < Olipro> real men use proper routing, not NAT 22:10 < Olipro> but if you don't control the VPN server, fair enough 22:12 <@ecrist> forgotten: pfctl -d 22:12 <@ecrist> that completely disables pf 22:14 < forgotten> i still can't connect via client 22:14 < forgotten> to establish my tunnel on 10.10.10.* 22:16 <@ecrist> !welcome 22:16 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 22:36 -!- EugeneKay [eugene@itvends.com] has joined #openvpn 23:05 -!- babble [~coyote@unaffiliated/coyote] has joined #openvpn 23:17 -!- SkyNet-1000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn --- Day changed Tue Jan 03 2012 00:05 < forgotten> does openvpn have to create a tun or tap interface? can it use an exsiting ? say like vlan interface? 00:10 -!- Discombobulation [~Discombob@gateway/tor-sasl/discombobulation] has quit [Quit: Leaving] 00:15 <+TJNII> forgotten: The tun/tap interface is the endpoint of the tunnel. It has to be there. You connect it to a physical interface (i.e. a vlan interface) with by bridging (tap) or routing (tun) 00:15 <+TJNII> It's what allows the kernel to pass traffic into/outof the tunnel 00:18 -!- babble [~coyote@unaffiliated/coyote] has quit [Quit: Leaving] 00:21 <@vpnHelper> RSS Update - forum: Multiple Server Ports Problem 00:24 -!- bauruine [~stefan@2001:8e0:100b:dead:f2de:f1ff:fe9f:974b] has quit [Ping timeout: 252 seconds] 00:24 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 00:24 -!- DataZombie [~DataZombi@unaffiliated/skynet2000] has quit [Quit: KVIrc 4.0.4 Insomnia http://www.kvirc.net/] 00:25 -!- SkyNet-1000 [~skynet-20@unaffiliated/skynet2000] has quit [Remote host closed the connection] 00:25 -!- babble [~coyote@unaffiliated/coyote] has joined #openvpn 00:35 -!- aegidos [~admin@tmo-102-59.customers.d1-online.com] has joined #openvpn 00:35 -!- aegidos [~admin@tmo-102-59.customers.d1-online.com] has quit [Remote host closed the connection] 00:40 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has joined #openvpn 00:42 -!- aegidos [~admin@tmo-102-59.customers.d1-online.com] has joined #openvpn 00:44 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 00:45 -!- aegidos [~admin@tmo-102-59.customers.d1-online.com] has quit [Remote host closed the connection] 00:45 -!- aegidos [~admin@p54B5B0E2.dip.t-dialin.net] has joined #openvpn 00:47 -!- [1]SigmaProjects [~SigmaProj@cpe-66-75-87-13.socal.res.rr.com] has joined #openvpn 00:49 -!- SigmaProjects [~SigmaProj@cpe-66-75-87-13.socal.res.rr.com] has quit [Ping timeout: 276 seconds] 00:49 -!- [1]SigmaProjects is now known as SigmaProjects 01:01 -!- dazo_afk is now known as dazo 01:20 < aegidos> good morning my dear openVPN experts 01:21 < aegidos> how to update from openVPN 2.0.9 to 2.2.2 if package manager on debian etch says: already newest installed? 01:27 < matsim> if you're happy whith what's in debian stable, use it, otherwise, you might have to: Build yourself, or try if you can build the debian sources from wheezy 01:28 < matsim> but I think you're either on a very old debian release or your package manager has a problem, even lenny has 2.1 rc11, squeeze has 2.1.3+Patches 01:34 <@vpnHelper> RSS Update - forum: Help Creating a Configuration File 01:34 -!- aegidos_ [~admin@tmo-102-59.customers.d1-online.com] has joined #openvpn 01:35 -!- aegidos_ [~admin@tmo-102-59.customers.d1-online.com] has quit [Remote host closed the connection] 01:35 -!- aegidos [~admin@p54B5B0E2.dip.t-dialin.net] has quit [Remote host closed the connection] 01:37 -!- aegidos [~admin@tmo-102-59.customers.d1-online.com] has joined #openvpn 01:38 < aegidos> maybe this tutorial works if i wget the 2.2.2 version directly from the web http://redes-privadas-virtuales.blogspot.com/2011/12/secure-remote-access-to-home-through.html 01:38 <@vpnHelper> Title: Redes Privadas Virtuales: Secure remote access to home through OpenVPN (I) (at redes-privadas-virtuales.blogspot.com) 01:39 -!- aegidos [~admin@tmo-102-59.customers.d1-online.com] has quit [Remote host closed the connection] 01:39 <@vpnHelper> RSS Update - forum: Assign Public Class C to client1 01:39 -!- aegidos [~admin@p54B5B0E2.dip.t-dialin.net] has joined #openvpn 01:41 < matsim> aegidos: You should first check what debian release you're using :) 01:43 < matsim> 2.0.9 was in debian lenny (Debian 4.0) which is unsupported in terms of security updates anyway 01:44 < matsim> what does 'lsb_release -a' tell you? 01:44 -!- aegidos_ [~admin@tmo-102-59.customers.d1-online.com] has joined #openvpn 01:44 -!- infidel [~coyote@unaffiliated/coyote] has joined #openvpn 01:44 < matsim> aegidos_: did you lose connection or get my message about debian lenny? 01:45 < aegidos_> lost connection ... 01:45 < aegidos_> i only got that i have to check the version 01:45 < aegidos_> i guess its etch 01:45 < aegidos_> but i will check this out 01:45 < matsim> what does 'lsb_release -a' tell you? 01:46 < matsim> because 2.0.9 was last seen in lenny = unsupported in terms of bug/security fixes by debian anyway 01:46 < aegidos_> okay, now its getting hard to get into my vpn 01:46 -!- infidel [~coyote@unaffiliated/coyote] has quit [Read error: Connection reset by peer] 01:46 < aegidos_> i think i have to establish a new connection 01:46 < aegidos_> im shortly away ;-) 01:47 < aegidos_> then i will tell you 01:47 -!- infidel [~coyote@unaffiliated/coyote] has joined #openvpn 01:47 -!- BustyLoli-Chan [~BustyLoli@24.111.195.1] has joined #openvpn 01:47 < BustyLoli-Chan> Anyone here have a momment to help a poor moron? :D 01:47 -!- aegidos [~admin@p54B5B0E2.dip.t-dialin.net] has quit [Ping timeout: 240 seconds] 01:47 -!- aegidos_ is now known as aegidos 01:47 -!- infidel [~coyote@unaffiliated/coyote] has quit [Read error: Connection reset by peer] 01:47 < forgotten> im prolly just as moronic as u :P 01:48 < BustyLoli-Chan> :< sad day 01:48 < forgotten> whats up tho? 01:49 < BustyLoli-Chan> https://forums.openvpn.net/topic9520.html 01:49 < BustyLoli-Chan> this x.x 01:49 <@vpnHelper> RSS Update - forum: automatic reconnect potable openvpn 01:49 <@vpnHelper> Title: OpenVPN Support Forum Help Creating a Configuration File : Scripting and Customizations (at forums.openvpn.net) 01:49 -!- aegidos_ [~admin@tmo-096-197.customers.d1-online.com] has joined #openvpn 01:51 -!- aegidos_ [~admin@tmo-096-197.customers.d1-online.com] has quit [Read error: Connection reset by peer] 01:52 -!- aegidos [~admin@tmo-102-59.customers.d1-online.com] has quit [Ping timeout: 240 seconds] 01:56 <@vpnHelper> RSS Update - forum: Help Creating a Configuration File 01:56 -!- aegidos [~admin@p54B5B0E2.dip.t-dialin.net] has joined #openvpn 01:57 < BustyLoli-Chan> do you think you can fix it? :D 01:57 < aegidos> what was the command i should check the distribution version? 01:57 -!- babble [~coyote@unaffiliated/coyote] has quit [Quit: Leaving] 01:57 < matsim> lsb_release -a 02:00 < aegidos> Linux LKGAC6FF3 2.6.18-6-ixp4xx #1 Tue Feb 12 00:57:53 UTC 2008 armv5tel 02:02 < matsim> outch, that must be etch 02:02 < aegidos> lsb_release -a command not found ... 02:03 < matsim> ok, if it's a very small os install, lsb_release can be missing 02:04 < matsim> embedded stuff? - really looks like etch because: http://archive.debian.net/search?lang=de&searchon=names&keywords=linux-image 02:04 <@vpnHelper> Title: Debian -- Ergebnisse der Debian-Paketsuche -- linux-image (at archive.debian.net) 02:04 <+TJNII> hmmm... debian based.... look in /etc/apt/sources.list 02:07 < aegidos> aha i got LKGAC6FF3:~# cat /etc/issue 02:07 < aegidos> Debian GNU/Linux 4.0 \n \l 02:08 <+TJNII> That's unsupported as of Feb 2010 02:08 <+TJNII> You _really_ need to update that 02:10 < BustyLoli-Chan> so is there at least some super awesome guide to writting conf files I can look at somewhere? 02:11 < EugeneKay> !man 02:11 <@vpnHelper> "man" is (#1) http://openvpn.net/man for 2.0 manual or (#2) http://openvpn.net/man-beta.html for 2.1 manual or (#3) http://openvpn.net/index.php/open-source/documentation/manuals/427-openvpn-22.html for 2.2 manual or (#4) the man pages are your friend! 02:11 < BustyLoli-Chan> I've looked at it 02:12 < EugeneKay> !book 02:12 <@vpnHelper> "book" is http://www.packtpub.com/openvpn-2-cookbook/book check out JJK's awesome cookbook for openvpn 2! 02:12 < BustyLoli-Chan> let me buy that book 02:12 < matsim> aegidos: I suspect you're running Debian on a kinda small box like a Linksys NSLU2, have fun updating that... 02:12 <@vpnHelper> RSS Update - forum: Road Warrior setup 02:13 < BustyLoli-Chan> to work this open source software who's creators refuse to offer any form of support to me :| 02:14 < BustyLoli-Chan> why you gotta do me like that :< 02:14 -!- aegidos [~admin@p54B5B0E2.dip.t-dialin.net] has quit [Read error: Connection timed out] 02:15 -!- aegidos [~admin@p54B5B0E2.dip.t-dialin.net] has joined #openvpn 02:16 < BustyLoli-Chan> Okay 02:16 < BustyLoli-Chan> new plan 02:16 < BustyLoli-Chan> who wants 10 dollars :D 02:18 < aegidos> no i guess i need to update from etch to Lenny? 02:18 <@vpnHelper> RSS Update - forum: New Site-to-Site Tunnel With Partial Connectivity 02:18 < BustyLoli-Chan> okay... 02:19 < BustyLoli-Chan> Who wants 20 dollars :D 02:19 -!- mattock [~samuli@openvpn/corp/admin/mattock] has joined #openvpn 02:19 -!- mode/#openvpn [+o mattock] by ChanServ 02:20 < matsim> aegidos: Yes, from etch to lenny, from lenny to squeeze 02:21 < matsim> but if it is a NSLU2, it will take hours, I had it as NFS server and it was a pain, even with OpenWRT which is much more slim than debian 02:21 < aegidos> ohoh seems to get very complicated :-D hopefully samba works after patching till squeeze 02:21 < matsim> woul you consider openwrt? 02:21 < aegidos> for sure it IS a NSLU2 :-D 02:23 < matsim> there are pre-compiled images for the slug and openvpn 2.1.4 is in their ipk repository 02:23 <@vpnHelper> RSS Update - forum: Unknown issue only with Linux client 02:23 < matsim> see: http://downloads.openwrt.org/backfire/10.03.1/ixp4xx_generic/ 02:23 <@vpnHelper> Title: Index of /backfire/10.03.1/ixp4xx_generic/ (at downloads.openwrt.org) 02:28 < BustyLoli-Chan> :O 02:31 -!- X0Rc0re [~chatzilla@203-206-101-78.dyn.iinet.net.au] has joined #openvpn 02:31 < X0Rc0re> hello, i need help configuring OpenVPN on my VPS, would anyone like to help? (i am up to config part, but its not configuring properly :s ) 02:32 < BustyLoli-Chan> Don't bother ask 02:32 < BustyLoli-Chan> channel is full of dicks 02:32 < BustyLoli-Chan> better luck waiting till someone who isn't an asshat is awake 02:32 < BustyLoli-Chan> *asking :3 02:33 < BustyLoli-Chan> If you ask hard enough though I'm sure someone will link you to the web page that has the user manual on it 02:33 < BustyLoli-Chan> or a link to a 20 dollar book on how to use their open source software that will hopefully soon be dead and or dying since the people who don't know how to use it can't get some fucking help 02:34 < BustyLoli-Chan> or a link to a guide that they could actually use to learn 02:35 < matsim> BustyLoli-Chan: Please, it depends how you ask and where, also check out the forums, and reading books sometimes doesn't hurt, really 02:36 < BustyLoli-Chan> I thought I was rather nice at first. I've asked on the forums and have faith that someone would answer my question, but I was hoping to get this up and running relatively quickly 02:37 < matsim> Sometimes idling and waiting helps too on IRC - if someone is around that knows, they will possibly answer to a specific question !generic 02:37 -!- aegidos [~admin@p54B5B0E2.dip.t-dialin.net] has quit [Read error: Connection timed out] 02:38 < X0Rc0re> BustyLoli-Chan: dont worry, i was in here yeasterday and what i got was this 02:38 < X0Rc0re> !welcome 02:38 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 02:39 -!- aegidos [~admin@p54B5B0E2.dip.t-dialin.net] has joined #openvpn 02:40 < X0Rc0re> oh and i got this aswell 02:40 < X0Rc0re> !howto 02:40 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror 02:40 < X0Rc0re> I mean come on!!! 02:40 < X0Rc0re> i thought this channel was for help? 02:41 < EugeneKay> !configs 02:42 -!- aegidos_ [~admin@tmo-102-175.customers.d1-online.com] has joined #openvpn 02:42 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries 02:42 < EugeneKay> !goal 02:42 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc 02:42 -!- aegidos_ [~admin@tmo-102-175.customers.d1-online.com] has quit [Remote host closed the connection] 02:42 < EugeneKay> X0Rc0re ^^ 02:42 -!- aegidos_ [~admin@p54B5B0E2.dip.t-dialin.net] has joined #openvpn 02:42 <+TJNII> Both of you have yet to ask a specific question. Most of the supporters are in the US or Europe. It is 1:40am where I am, I'm only up because I have insomnia. I don't feel like helping noobs mewing for help with no details. Ask a question that shows you've done some research and understand your problem and you'll get _much_ better help 02:42 < EugeneKay> BustyLoli-Chan - If you're not satisfied, you are entitled to a full refund. 02:42 <+TJNII> I like helping with interesting problems. I don't like hand-holding. 02:42 < X0Rc0re> all i ever get is these commands "!" 02:43 < EugeneKay> X0Rc0re - I've no clue what your problem is. Hence, I ask for your !goal 02:43 < EugeneKay> See also the /topic: | We're not psychic -- please !paste your !configs and !logs and a description of your problem || 02:43 < X0Rc0re> I need help with the server config file 02:43 < EugeneKay> !confgen 02:43 <@vpnHelper> "confgen" is (#1) http://www.doeshosting.com/code/openvpn-confgen.tgz for the bash config generator or (#2) you can use svn co http://www.secure-computing.net/svn/trunk/openvpn-confgen/ 02:44 < X0Rc0re> someone already linked that 02:44 < X0Rc0re> im not on linux 02:44 < EugeneKay> bash is not exclusively a linux thing. :-p 02:44 < X0Rc0re> i already have a config file 02:44 < zalzice> X0Rc0re: you should describe more detailed of your problem, not just "i have problem with my computer?" 02:45 < X0Rc0re> but its not showing any output 02:45 -!- aegidos [~admin@p54B5B0E2.dip.t-dialin.net] has quit [Ping timeout: 268 seconds] 02:45 <+TJNII> Windows, I assume? 02:48 < X0Rc0re> yes 02:48 < X0Rc0re> but on a debian box 02:48 < X0Rc0re> VPS 02:48 -!- aegidos_ [~admin@p54B5B0E2.dip.t-dialin.net] has quit [Ping timeout: 252 seconds] 02:49 <+TJNII> But the server is running in Windows, though, right? 02:49 < EugeneKay> So are you on linux or aren't you? o.O 02:52 < EugeneKay> Oh hey the new year is over. 02:52 -!- mode/#openvpn [+o EugeneKay] by ChanServ 02:52 -!- EugeneKay changed the topic of #openvpn to: Welcome to the OpenVPN community support channel || PLEASE read the entire topic || Current Release: 2.2.2 (22-Dec-2011) || First time here? Use !welcome and !goal || Access Server? /join #openvpn-as || We're not psychic -- please !paste your !configs and !logs and a description of the issue || Your problem is your firewall, really. || Not a native English speaker? Say so, we understand 02:52 -!- mode/#openvpn [+v EugeneKay] by EugeneKay 02:52 -!- mode/#openvpn [-o EugeneKay] by EugeneKay 02:54 < X0Rc0re> the server i running debian 02:55 < X0Rc0re> is* 02:55 < X0Rc0re> i am on a windows box atm 02:55 < X0Rc0re> and my VPS is running debian 02:57 <+TJNII> Check for logs in /var/log. Use grep if you don't know what file to look in. Set "verb 4" in your server .conf file to get (sane) debugging info. make syre to reestart the daemon after editing the config. 02:57 * TJNII goes to bed 02:58 < X0Rc0re> already used grep 02:58 < X0Rc0re> can someone please teamviewer me? 02:58 <+EugeneKay> Not comfortable with the liability issues. 03:00 <@dazo> X0Rc0re: please tell us *what* the problem you have are? "It's not working" is just as helpful as shouting "Somebody farted!" ... and we do need !logs and and !configs ... and we need to see them, with proper log level .... if you can't provide that, please go away 03:00 <+EugeneKay> We need a !psychic factoid 03:00 <@dazo> EugeneKay: got a good text for it? 03:01 <+EugeneKay> The one in the /topic 03:01 -!- tazou [~Guillaume@78.223.143.27] has joined #openvpn 03:01 < tazou> Hello 03:01 < tazou> is a french room for openvpn please? 03:02 <@dazo> tazou: nope, only English here ... don't know about any other openvpn rooms 03:02 < X0Rc0re> http://pastebin.com/E4376Wwa 03:02 < X0Rc0re> http://pastebin.com/YhMs4C7m 03:02 < X0Rc0re> credits to Obama guy 03:02 < tazou> ok dazo thanks 03:02 < X0Rc0re> but i used tun instead 03:02 <@dazo> X0Rc0re: we need *your* configs not somebody elses 03:03 < X0Rc0re> dazo im using those configs 03:03 <@dazo> and we need *your* log files ... with --verb set to 4 03:03 < X0Rc0re> ... 03:03 < X0Rc0re> ok one sec 03:03 < tazou> So, I have a little question. I setup a OpenVPN server on OpenBSD 5.0. It's working good with certificate. I would like to try now with login/pass authentification. So I add this in my server conf file : "auth-user-pass-verify /usr/local/libexec/openvpn_bsdauth via-file" 03:03 < X0Rc0re> use eurephria 03:03 < tazou> And this in my client : "auth-user-pass" 03:04 <@dazo> !learn psychic as We're not psychic -- please !paste your !configs and !logs and a description of the issue 03:04 <@vpnHelper> Joo got it. 03:04 <@dazo> EugeneKay: ^^ 03:04 <+EugeneKay> <3 03:04 < tazou> When I connect, it prompt for login/pass, but when I login, in my log server I have this : "TLS Auth Error: user-pass-verify script failed to execute: /usr/local/libexec/openvpn_bsdauth openvpn_up_a6e5115f2e2890980726601bc731b5d7.tmp" 03:04 < tazou> An idea please ? :) 03:04 < X0Rc0re> how do i cd to my config file? 03:05 <@dazo> ???!!!?? ... you're kidding us, X0Rc0re? 03:05 -!- Denial [Denial@drgi.co.uk] has joined #openvpn 03:05 < X0Rc0re> nope, im serious 03:05 <+EugeneKay> I don't think I can help you. 03:06 < X0Rc0re> i tried cd/etc/openvpn 03:06 <@dazo> X0Rc0re: cd /etc/openvpn 03:06 <@dazo> gee 03:06 < X0Rc0re> i tried that 03:06 < X0Rc0re> doesn work 03:06 -!- X0Rc0re was kicked from #openvpn by dazo [come back when you've learnt to use a computer] 03:06 -!- X0Rc0re [~chatzilla@203-206-101-78.dyn.iinet.net.au] has joined #openvpn 03:06 -!- X0Rc0re was kicked from #openvpn by dazo [come back when you've learnt to use a computer] 03:06 -!- X0Rc0re [~chatzilla@203-206-101-78.dyn.iinet.net.au] has joined #openvpn 03:06 -!- X0Rc0re was kicked from #openvpn by dazo [come back when you've learnt to use a computer] 03:06 -!- X0Rc0re [~chatzilla@203-206-101-78.dyn.iinet.net.au] has joined #openvpn 03:06 -!- X0Rc0re was kicked from #openvpn by dazo [come back when you've learnt to use a computer] 03:07 -!- X0Rc0re [~chatzilla@203-206-101-78.dyn.iinet.net.au] has joined #openvpn 03:07 -!- mode/#openvpn [+b *!*chatzilla@*.dyn.iinet.net.au] by dazo 03:07 -!- X0Rc0re was kicked from #openvpn by dazo [come back when you've learnt to use a computer] 03:07 < reiffert> :) 03:08 < hyper_ch> since when is dazo so mean? 03:08 <+EugeneKay> !read 03:08 <@vpnHelper> "read" is ive been known to overreact when people look for 2 minutes and ask me to explain it to them 03:09 <@dazo> and this is at least the second day in a row where this guy pops up with "please hold my hand" requests 03:09 <+EugeneKay> Mebbeh we need a !handhold 03:10 <@dazo> hehe ... yeah 03:10 < reiffert> you prolly need to reinstate a reiffert. 03:11 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Quit: UnterPerro lives to save another day] 03:11 < tazou> Do you have an idea for my question please ? (: 03:11 <+EugeneKay> tazou - can you execute the script from the shell? 03:11 < reiffert> tazou: I cant see any questionmark in your last "question". 03:11 <@dazo> tazou: sorry, I got disturbed with other matters 03:12 < tazou> sorry 03:12 < tazou> yes I can : /usr/local/libexec/openvpn_bsdauth -> just return the shell 03:12 <@dazo> tazou: it might be that the script is not executable, that --script-security is not set up correctly or that --tmpdir is not writable for openvpn 03:12 < tazou> not error message like "not executable" 03:12 <@dazo> tazou: and it might be that the script is not executable for the openvpn user 03:13 < tazou> /usr/local/libexec/openvpn_bsdauth: setgid ELF 32-bit LSB executable, Intel 80386, version 1, for OpenBSD, dynamically linked (uses shared libs), stripped 03:13 <@dazo> ahh 03:13 < tazou> -r-xr-s--- 1 _openvpn auth 6196 Aug 17 03:27 /usr/local/libexec/openvpn_bsdauth 03:13 <@dazo> and what about the /usr/local/libexec/ directory? 03:13 < tazou> drwxr-xr-x 2 root wheel 512 Jan 2 15:53 libexec 03:13 <@dazo> tazou: do you do some chrooting? 03:14 < reiffert> "_"openvpn? 03:14 <@dazo> tazou: make sure --script-security is set to 2 or 3 03:15 < tazou> when I'm on chroot with : user:_openvpn and group:_openvpn, I have this error message : TLS Auth Error: could not write username/password to file: openvpn_up_1ad92c7d22bee205a72fb83d9ab525ec.tmp 03:16 < tazou> So, to TRY , I comment the chroot and launch openvon in root (I know it's dirty, but just for test) 03:16 <@dazo> tazou: okay, I'd make sure that --tmpdir is something sensible (it defaults to /tmp on 2.2 on *nix) ... but if you do --chroot, you need $(chroot)/tmp 03:16 < tazou> and in root I have : "TLS Auth Error: user-pass-verify script failed to execute: /usr/local/libexec/openvpn_bsdauth openvpn_up_a6e5115f2e2890980726601bc731b5d7.tmp" 03:16 < tazou> Sorry, my chroot is not activated: #chroot /etc/openvpn/jail 03:17 < tazou> just "user" dans "group" are set to "_openvpn" 03:17 <@dazo> tazou: okay, which openvpn version are you on? 03:17 < tazou> Just to be more clear : http://pastebin.com/SGismbdH my conf file ;) 03:17 < tazou> dazo, OpenVPN 2.1.4 i386-unknown-openbsd5.0 [SSL] [LZO2] built on Aug 16 2011 03:18 < tazou> reiffert, grep openvpn /etc/group -> _openvpn:*:577: _openvpnusers:*:596: 03:19 < tazou> dazo, installed with classic "pkg_add -iv openvpn" 03:19 <@dazo> tazou: you don't have 'script-security 2' in your server config 03:19 < tazou> ha sorry :/ 03:19 < tazou> I must put in ? 03:20 <@dazo> tazou: check the man page and you'll see why ;-) 03:20 < tazou> ok ;) 03:21 < tazou> 2 -- Allow calling of built-in executables and user-defined scripts. 03:21 < tazou> eh! 03:21 <@dazo> ;-) 03:21 < tazou> ok it's add to my conf :) 03:21 < tazou> but the problem is the same :/ 03:22 < tazou> TLS Auth Error: could not write username/password to file: openvpn_up_6815d24f575f8e00ae76412dca2b19a6.tmp 03:22 <@dazo> tazou: now it's write permissions to the tmpdir ... try adding --tmpdir /tmp 03:22 <@dazo> (you would probably want to move that tmpdir to safer place where only _openvpn have read/write access) 03:23 <@dazo> and when you re-enable chroot ... the openvpn_bsdauth (plus required libs + support files) and the tmpdir needs to be moved into the chroot as well 03:24 < tazou> HO YEAH ! TLS: Username/Password authentication succeeded for username 'titi' 03:24 < tazou> dazo, for information : it's "--tmp-dir" on openbsd5 03:25 < tazou> ok dazo 03:25 < tazou> dazo, can I setup --tmp-dir IN my conf file ? 03:26 <@dazo> !-- 03:26 <@vpnHelper> "--" is OpenVPN allows any option to be placed either on the command line or in a configuration file. Though all command line options are preceded by a double-leading-dash ("--"), this prefix must be removed when an option is placed in a configuration file. 03:26 <@dazo> tazou: ^^ 03:26 < tazou> boh ! enormous :) 03:29 -!- CQ [~chatzilla@p4FD0F5A0.dip.t-dialin.net] has joined #openvpn 03:29 -!- CQ [~chatzilla@p4FD0F5A0.dip.t-dialin.net] has left #openvpn [] 03:32 < tazou> Grrr 03:32 < tazou> TLS Auth Error: could not write username/password to file: /etc/openvpn/jail/tmp/openvpn_up_090da9cdea4e8492089ccf74886fe286.tmp 03:32 < tazou> with : 03:32 < tazou> http://pastebin.com/tVwW16HL 03:33 < tazou> and chmod 777 /etc/openvpn/jail/tmp 03:33 < tazou> why ? :/ 03:38 <@dazo> tazou: use --tmpdir /tmp 03:39 < tazou> ok I try 03:39 <@dazo> when you add --chroot /etc/openvpn/jail --tmpdir /etc/openvpn/jail/tmp .... it will try to access /etc/openvpn/jail/etc/openvpn/jail/tmp 03:43 < tazou> So I must do: mkdir -p /etc/openvpn/jail/etc/openvpn/jail/tmp ? 03:44 <@dazo> if you use --chroot /etc/openvpn/jail --tmpdir /etc/openvpn/jail/tmp, then yes .... if you change --tmpdir to /tmp .... you just need /etc/openvpn/jail/tmp 03:45 < BustyLoli-Chan> quit rage quit 03:45 < BustyLoli-Chan> darp 03:45 -!- BustyLoli-Chan [~BustyLoli@24.111.195.1] has quit [Quit: rage quit] 03:45 < tazou> ok 03:45 < tazou> I try :) 03:46 -!- vpopov [~happylife@dyn-58-35.fttbee.kis.ru] has joined #openvpn 03:47 < tazou> dazo, I'm a little lost :/ http://pastebin.com/JRWVN3zz 03:47 <@dazo> change this one: tmp-dir /etc/openvpn/jail/tmp 03:48 <@dazo> to: tmp-dir /tmp 03:51 <@vpnHelper> RSS Update - forum: Road Warrior setup 03:51 < tazou> ok 03:52 < tazou> dazo, ok I do it, and now I have : TLS Auth Error: user-pass-verify script failed to execute: /etc/openvpn/jail/openvpn_bsdauth /tmp/openvpn_up_d346e429ec0c3c41261464eb233855f9.tmp 03:53 < tazou> ha! maybe openbpn_bsduath need dependencies.. 03:53 <@dazo> tazou: this one is tricky now, as openvpn_bsdauth is probably not statically linked ... so you now will probably need quite some lib files into the chroot 03:53 < tazou> yep :) 03:54 <@dazo> such challenges like this, is why I wrote eurephia as a C plug-in ... to avoid all these script dependencies 03:55 <@dazo> unfortunately, I've not managed to port eurephia successfully to OpenBSD - due to the strictness OpenBSD has compared to FreeBSD 03:56 < tazou> ha ok 03:56 < tazou> grr : LS Auth Error: user-pass-verify script failed to execute: /etc/openvpn/jail/openvpn_bsdauth /tmp/openvpn_up_bb1bb30e61fc8e793d1a4648f623a83c.tmp 03:56 < tazou> I did it : 03:57 < tazou> http://pastebin.com/nvAGxUCh 04:00 < tazou> heu I add this ok : cp /usr/lib/libc.so.60.1 /etc/openvpn/jail/usr/lib/ cp /usr/libexec/ld.so /etc/openvpn/jail/usr/libexec/ 04:01 < tazou> -ok 04:01 -!- ciphergoth [~paul@host238.lshift.net] has quit [Quit: Ex-Chat] 04:01 -!- aegidos [~admin@tmo-103-72.customers.d1-online.com] has joined #openvpn 04:02 -!- aegidos [~admin@tmo-103-72.customers.d1-online.com] has quit [Remote host closed the connection] 04:03 -!- aegidos [~admin@p54B5B0E2.dip.t-dialin.net] has joined #openvpn 04:04 <@dazo> tazou: you probably need to generate /etc/ld.so.cache inside the chroot as well 04:05 < tazou> OOps ! 04:05 < tazou> ldconfig /etc/openvpn/jail/ 04:05 < tazou> /usr/local/sbin/openvpn --config /etc/openvpn/server.conf 04:06 < tazou> /usr/local/sbin/openvpn: can't load library 'liblzo2.so.0.0' 04:06 < tazou> :D 04:11 -!- mode/#openvpn [-b *!*chatzilla@*.dyn.iinet.net.au] by dazo 04:13 -!- CaptainQuirk [~leo@mol92-10-78-236-165-242.fbx.proxad.net] has joined #openvpn 04:13 < CaptainQuirk> Hi there ! 04:13 < tazou> dazo, I reboot my pc, ok for starting openvpn ;) 04:13 < tazou> but, how can I do what you say please ? ( tazou: you probably need to generate /etc/ld.so.cache inside the chroot as well) 04:14 < tazou> hi CaptainQuirk 04:14 < CaptainQuirk> I'm currently configurating openVPN to access a remote server. I have to generate keys and a certificate request to the administrator 04:14 < CaptainQuirk> I have no instruction on where to put this files on my local hard drive 04:14 < CaptainQuirk> what would you recommend ? 04:15 < tazou> on client ? 04:15 < CaptainQuirk> yep 04:16 <@dazo> CaptainQuirk: http://openvpn.net/index.php/open-source/documentation/howto.html#pki ... look at the "Key files" section a bit further down 04:16 <@vpnHelper> Title: HOWTO (at openvpn.net) 04:17 <@dazo> where to put it ... that's up to you ... it all depends on --ca/--key/--cert options in your config 04:17 -!- aegidos_ [~admin@tmo-103-72.customers.d1-online.com] has joined #openvpn 04:19 -!- master_of_master [~master_of@p57B55B06.dip.t-dialin.net] has quit [Read error: Operation timed out] 04:19 -!- aegidos_ [~admin@tmo-103-72.customers.d1-online.com] has quit [Read error: Connection reset by peer] 04:19 -!- aegidos [~admin@p54B5B0E2.dip.t-dialin.net] has quit [Ping timeout: 276 seconds] 04:20 < CaptainQuirk> dazo, a "keys" subdirectory is mentioned but I think it has to do with a directory on the server, not on my machine 04:20 -!- aegidos [~admin@tmo-097-81.customers.d1-online.com] has joined #openvpn 04:20 < CaptainQuirk> from what I read in the sample client config file, the files are located directly in the home directory 04:20 < CaptainQuirk> is it how it should be ? 04:21 -!- aegidos_ [~admin@tmo-103-157.customers.d1-online.com] has joined #openvpn 04:22 <@dazo> CaptainQuirk: you need three files (in addition to the config) on your client ... and you need to modify the config according to your environment ... if there are no paths, in most cases openvpn expects these files to be located where openvpn is started 04:22 -!- master_of_master [~master_of@p57B5383F.dip.t-dialin.net] has joined #openvpn 04:23 < CaptainQuirk> ok, so I could place them anywhere, as long as I put the correct path in the config file. But Is there an admitted standard way to do it 04:23 < CaptainQuirk> ? 04:24 -!- aegidos [~admin@tmo-097-81.customers.d1-online.com] has quit [Ping timeout: 252 seconds] 04:24 -!- aegidos_ is now known as aegidos 04:26 <@dazo> CaptainQuirk: correct 04:27 <+EugeneKay> See also the --cd directive 04:27 < tazou> dazo, do you know how can I do what you say please ? ( tazou: you probably need to generate /etc/ld.so.cache inside the chroot as well) 04:27 -!- noisebleed [~quassel@lula.inescn.pt] has joined #openvpn 04:27 -!- noisebleed [~quassel@lula.inescn.pt] has quit [Changing host] 04:27 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has joined #openvpn 04:28 < CaptainQuirk> Ok, so, to foresee the situation where I could have multiple open VPN connections, I should place the files relative to a particular server on a special place 04:28 <@dazo> tazou: I don't know exactly any quick paths ... the only thing which strikes me is to copy over the ldconfig program into the chroot ... and do $ chroot /etc/openvpn/jail/ bin/ldconfig 04:28 <@dazo> or something like that ... 04:29 < CaptainQuirk> and leave the keys in my home, so I can use them for another project, am I right ? 04:30 <@dazo> CaptainQuirk: you can place these files wherever you like ... just make sure the secret files (key files) are kept secret, to avoid potential abuse of these files 04:30 < CaptainQuirk> Dazo, yes, I was merely asking for advise on a logical point of view 04:31 < CaptainQuirk> can I use the ssl keys for several server authentication like it's done through SSH ? 04:31 -!- aegidos [~admin@tmo-103-157.customers.d1-online.com] has quit [Read error: Connection reset by peer] 04:31 < tazou> ok dazo thanks 04:32 <+EugeneKay> With a crtain Private Key/Cert combo, you can authenticate into any server which recognizes the CA which signed your cert. 04:33 < CaptainQuirk> ah, ok, but it's not like SSH where you can actually use a key for multiple server authentication 04:33 <@dazo> CaptainQuirk: yes and no ... as this is PKI, the certificate which is signed by the shared trusted third party between you and the openvpn server .... and this client certificate is tightly connected to the client key file .... so as long as the other service recognise the CA which signed the client key, it will work 04:34 <+EugeneKay> The same Key can have multiple Certs. 04:34 <+EugeneKay> The server has to recognize the CA which backs your cert, rather than a list of authorized_keys. 04:34 <+EugeneKay> More centralized-like. 04:35 <@dazo> good point! 04:35 < CaptainQuirk> but as you said, I could use the same key for several projects involving different servers and different CA 04:35 < CaptainQuirk> as long as the CA recognizes the cert I receive for each one, regardless of the key I use 04:47 -!- Essobi [~Essobi@74-128-55-37.dhcp.insightbb.com] has quit [Read error: Connection reset by peer] 04:47 -!- Essobi [~Essobi@74-128-55-37.dhcp.insightbb.com] has joined #openvpn 04:48 < CaptainQuirk> where will openvpn look for the config file ? 04:49 <+EugeneKay> The default linux init scripts look in /etc/openvpn/ 04:50 <+EugeneKay> The windows Service looks in %PROGRAM FILES%/openvpn/config/ 04:50 * hyper_ch murmurs: "There is no Windows.... there is now Windows.... there is no Windows...." 04:50 <+EugeneKay> Shush, heretic. 04:51 <+EugeneKay> Or is that me? 04:51 < CaptainQuirk> ok, so, I would have to specify the config file with a command line option to override the default behavior then ? 04:52 <+EugeneKay> Windows? 04:52 < CaptainQuirk> no linux 04:52 < CaptainQuirk> --config I saw in the man page 04:52 <+EugeneKay> That's the 'standard' way to do it, yes. 04:53 <+EugeneKay> The init script is provided for convenience. 04:53 <+EugeneKay> dazo - still there? Just came up with another factoidd 04:54 <@dazo> EugeneKay: bring it on! 04:54 <@dazo> EugeneKay: you might have the power as well 04:54 <+EugeneKay> I didn't, last I tried. 04:54 <+EugeneKay> !add vend as IT VENDS 04:54 <@vpnHelper> Error: The command "add" is available in the BadWords and RSS plugins. Please specify the plugin whose command you wish to call by using its name as a command before "add". 04:54 <+EugeneKay> Er 04:54 <@dazo> learn 04:54 <+EugeneKay> !learn vend as IT VENDS 04:54 <@vpnHelper> Error: You don't have the factoids.learn capability. If you think that you should have this capability, be sure that you are identified before trying again. The 'whoami' command can tell you if you're identified. 04:54 <@dazo> ah, okay 04:55 <+EugeneKay> Anyway 04:55 <+EugeneKay> To start OpenVPN-GUI easily on Windows, make a shortcut and set the Target as: "C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe" --config_dir "C:\path\to\config\" --connect client.ovpn --show_balloon 0 --silent_connection 1 --show_script_window 0 04:56 <+EugeneKay> I'm thinking "winshortcut" 04:56 <+EugeneKay> Or just "shortcut" 04:56 <@dazo> !learn winshortcut as To start OpenVPN-GUI easily on Windows, make a shortcut and set the Target as: "C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe" --config_dir "C:\path\to\config\" --connect client.ovpn --show_balloon 0 --silent_connection 1 --show_script_window 0 04:56 <@vpnHelper> Error: No closing quotation 04:57 <+EugeneKay> Go figure. 04:57 <@dazo> grr 04:57 < hyper_ch> hi dazo 04:57 <@dazo> hyper_ch: hey! 04:58 <@dazo> !learn winshortcut as To start OpenVPN-GUI easily on Windows, make a shortcut and set the Target as: "C:\\Program Files (x86)\\OpenVPN\\bin\\openvpn-gui-1.0.3.exe" --config_dir "C:\\path\\to\\config\\" --connect client.ovpn --show_balloon 0 --silent_connection 1 --show_script_window 0 04:58 <@vpnHelper> Joo got it. 04:58 <@dazo> !winshortcut 04:58 <@vpnHelper> "winshortcut" is To start OpenVPN-GUI easily on Windows, make a shortcut and set the Target as: C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe --config_dir C:\path\to\config\ --connect client.ovpn --show_balloon 0 --silent_connection 1 --show_script_window 0 04:58 <@dazo> hah! 04:58 <+EugeneKay> Figures 04:58 <+EugeneKay> Stupid quotes 04:59 <@dazo> nope ... stupid windows requiring backslashes in paths 04:59 <+EugeneKay> Actually, vpnHelper stripped out the quotes 04:59 <+EugeneKay> They're needed in the Target 04:59 <+EugeneKay> So, stupid quotes ;-) 05:00 <@dazo> oh true 05:00 <@dazo> !forget winshortcut 05:00 <@vpnHelper> Joo got it. 05:00 <@dazo> !learn winshortcut as To start OpenVPN-GUI easily on Windows, make a shortcut and set the Target as: \"C:\\Program Files (x86)\\OpenVPN\\bin\\openvpn-gui-1.0.3.exe\" --config_dir \"C:\\path\\to\\config\\\" --connect client.ovpn --show_balloon 0 --silent_connection 1 --show_script_window 0 05:00 <@vpnHelper> Joo got it. 05:00 <@dazo> !winshortcut 05:00 <@vpnHelper> "winshortcut" is To start OpenVPN-GUI easily on Windows, make a shortcut and set the Target as: \"C:\\Program Files (x86)\\OpenVPN\\bin\\openvpn-gui-1.0.3.exe\" --config_dir \"C:\\path\\to\\config\\\" --connect client.ovpn --show_balloon 0 --silent_connection 1 --show_script_window 0 05:01 <@dazo> duh 05:01 <+EugeneKay> xD 05:01 <@dazo> stupid quotes! 05:01 <@dazo> !forget winshortcut 05:01 <@vpnHelper> Joo got it. 05:01 <@dazo> !learn winshortcut as To start OpenVPN-GUI easily on Windows, make a shortcut and set the Target as: \"C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe\" --config_dir \"C:\path\to\config\" --connect client.ovpn --show_balloon 0 --silent_connection 1 --show_script_window 0 05:01 <@vpnHelper> Joo got it. 05:02 <@dazo> !winshortcut 05:02 <@vpnHelper> "winshortcut" is To start OpenVPN-GUI easily on Windows, make a shortcut and set the Target as: \"C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe\" --config_dir \"C:\path\to\config\" --connect client.ovpn --show_balloon 0 --silent_connection 1 --show_script_window 0 05:02 <+EugeneKay> Closer :-p 05:02 * dazo don't care any more ... this is close enough! :-P 05:03 <@dazo> not even is Windows a pain in the a*** when it comes to the support code we need in the source tree ... it's even a pain with vpnHelper/factoids 05:04 <+EugeneKay> Welcome to Windows, fuck you. 05:04 < tazou> thanks dazo for your help, good food and see you this afternoon :) 05:04 <@dazo> tazou: you got further? 05:04 < tazou> i don't understand :/ 05:05 < tazou> dazo, what do you mean ? 05:07 <@dazo> tazou: you managed to make it work with your chroot? 05:08 < tazou> not at all .. 05:08 < tazou> i'll try again this afernoon ;) 05:08 < tazou> afternoon* 05:08 < tazou> see you 05:08 -!- tazou [~Guillaume@78.223.143.27] has quit [Quit: Quitte] 05:10 -!- benste [~benste@41.3.3.225] has joined #openvpn 05:10 -!- voidzero [~vocis@gateway/tor-sasl/voidzero] has joined #openvpn 05:10 -!- vocis [~vocis@gateway/tor-sasl/voidzero] has quit [Remote host closed the connection] 05:10 -!- voidzero is now known as vocis 05:12 < benste> hi , using the example I'm connected to my TUN server, got an IP which is 10.8.0.6 and points to a 10.8.0.5 tunnel - even though the VPN connection was succesful I can't even ping my server neither setup routing for internet 05:20 -!- benste [~benste@41.3.3.225] has quit [Ping timeout: 244 seconds] 05:25 -!- rjd_ [rjd@x64.pin.se] has joined #openvpn 05:31 < rjd_> hi. Just setup a simple server/client openvpn, and client and server can reach each other. Now trying to route packets from a LAN neighbor of the client to the LAN network (address) of the server, and I can see that the packet goes out the tun device of the 'client', but I don't see the corresponding packet on the 'server'. All iptables rules are ACCEPT (default policy), and ip forwarding on all interfaces is 1. 05:32 < rjd_> This leads me to think that I may need something in the openvpn config to allow this 05:32 < rjd_> configs at http://pastebin.com/ARdbDNGi 05:32 -!- raidz [~raidz@openvpn/corp/admin/andrew] has quit [Ping timeout: 252 seconds] 05:33 -!- aegidos [~admin@tmo-103-32.customers.d1-online.com] has joined #openvpn 05:33 < aegidos> can openvpn handle preshared keys in the config-File instead of certificates? 05:34 -!- benste [~benste@41.5.209.26] has joined #openvpn 05:34 < aegidos> there is a possibility for my router (Fritz 7170) to setup an VPN node. 05:35 < benste> !welcome 05:35 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 05:35 < aegidos> i want to connect to this node via Tunnelblick instead of the Snowleopard VPN Client (Cisco) 05:36 < benste> aegidos: sorry - did that for myself :) 05:36 < aegidos> okay :-D 05:36 < benste> iirc fritbox supports ipsec VPn only 05:36 < benste> !goal > benste 05:37 < aegidos> thanks 05:37 < aegidos> i will join a fritzbox channel that might be wrong in here :-D 05:37 < benste> !goal | benste 05:37 < aegidos> its more tunnelblick issue 05:37 < benste> aegidos: I'm not to sure 05:37 < benste> if it's about openvpn you might be right here 05:37 < benste> just take a look which kind of VPN it is 05:38 < benste> !goal 05:38 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc 05:38 < aegidos> okay hopefully i can determine this 05:38 < benste> aegidos: you'll find it in the fritzbox interface 05:39 < benste> !redirect 05:39 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns 05:39 < benste> !ipforward 05:39 <@vpnHelper> "ipforward" is please choose between !linipforward !winipforward !osxipforward and !fbsdipforward 05:39 < benste> !linipforward 05:39 <@vpnHelper> "linipforward" is (#1) echo 1 > /proc/sys/net/ipv4/ip_forward for a temp solution (til reboot) or set net.ipv4.ip_forward = 1 in sysctl.conf for perm solution or (#2) chmod +x /etc/rc.d/rc.ip_forward for perm solution in slackware 05:39 < aegidos> okay than i have to reboot because the cisco vpn client conf which is coming natively with OSX 10.6.8 is buggy 05:39 < aegidos> coming back soon 05:40 < benste> aegidos: 05:40 -!- aegidos [~admin@tmo-103-32.customers.d1-online.com] has quit [Quit: aegidos] 05:41 < benste> !nat 05:41 <@vpnHelper> "nat" is (#1) http://openvpn.net/howto.html#redirect for an explanation of NAT as it applies to openvpn or (#2) http://www.secure-computing.net/wiki/index.php/OpenVPN/FAQ#Traffic_forwarding_doesn.27t_work_when_using_client_specific_access_rules or (#3) dont forget to turn on ip forwarding or (#4) please choose between !linnat !winnat and !fbsdnat for specific howto 05:42 < benste> !linnat 05:42 <@vpnHelper> "linnat" is (#1) for a basic iptables NAT where 10.8.0.x is the vpn network: iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE or (#2) to choose what IP address to NAT as, you can use iptables -t nat -I POSTROUTING -o eth0 -j SNAT --to or (#3) http://netfilter.org/documentation/HOWTO//NAT-HOWTO.html for more info or (#4) openvz see !openvzlinnat 05:42 -!- aegidos [~admin@tmo-102-62.customers.d1-online.com] has joined #openvpn 05:43 < benste> aegidos: cisco VPN is another type of vpn iirc icompatible with openvpn 05:43 < aegidos> hy benste 05:43 < aegidos> oh incompatible is bad 05:44 < benste> :-) 05:44 < aegidos> but if the ipsec VPN of the fritzbox is working im not sure if i need openvpn longer 05:44 < benste> take a look at wikipedeia for the pro / con 05:45 < rjd_> furthermore: I see the encapsulated pings on 'servers' eth0, but not when tcpdumping the tun(1) interface.. 05:45 -!- aegidos [~admin@tmo-102-62.customers.d1-online.com] has quit [Remote host closed the connection] 05:45 -!- aegidos [~admin@p54B5B0E2.dip.t-dialin.net] has joined #openvpn 05:46 < benste> @all -- if i want to NAT my VPN net to my internet which is on my Ppp0 does i need to change eth0 to ppp0 ? - or does it for iptables just mean were it's coming from ? 05:47 < benste> sorry got the man :) 05:47 < benste> -o = output 05:48 < rjd_> What do I have to do to allow -> client -> server -> ? I have forwarding, static routes, I see the (icmp) packets in the tun interface of the client, but not on the server (although I do see a corresponding encapsulated vpn packeton the servers eth0). 05:50 < aegidos> yes fritz uses IPSec ! 05:50 < aegidos> okay not sure if tunnelblick is capable to handle this because in ipsec we have no certificates 05:56 <+EugeneKay> Well, except for the part where it does. 05:57 <@dazo> aegidos: I don't think tunnelblick supports anything else than openvpn 05:57 < benste> aegidos: try it :) 05:57 < benste> btw. in the meantime my DNS is resolved, but i don't get a ICMP or HTTP response via my runnel 05:57 < benste> tunnel 05:57 <@dazo> !ipsec 06:01 -!- aegidos [~admin@p54B5B0E2.dip.t-dialin.net] has quit [Quit: aegidos] 06:02 -!- benste [~benste@41.5.209.26] has quit [Ping timeout: 255 seconds] 06:05 -!- rasyid7 [~3333@69.163.36.67] has joined #openvpn 06:06 -!- rasyid7 [~3333@69.163.36.67] has left #openvpn [] 06:06 -!- rasyid7 [~3333@69.163.36.67] has joined #openvpn 06:07 -!- tazou [~Guillaume@78.223.143.27] has joined #openvpn 06:07 < tazou> hi again 06:07 < tazou> dazo, have a good food ? :) 06:08 <@dazo> not yet :) 06:08 <@dazo> (need it soon, though) 06:10 < tazou> hihi 06:11 < tazou> do you have some time for my openvpn chroot please ? 06:16 < tazou> dazo, * 06:17 <@dazo> tazou: shoot! 06:17 < tazou> boom ! (: 06:17 < tazou> ok 06:17 < tazou> so 06:18 < tazou> with chroot I have not error message 06:18 < tazou> just the authentification failed 06:18 < tazou> like this : 06:18 < tazou> TLS Auth Error: Auth Username/Password verification failed for peer 06:18 < tazou> but without chroot with the SAME login/pass it works 06:19 <@dazo> tazou: maybe you need the password db into the chroot as well? 06:20 < tazou> ha 06:20 <@dazo> I'm not familiar with the BSD auth regime, so I don't know how that really works .... and OpenBSD is the only one using it these days, iirc 06:32 < hyper_ch> dazo: are you a voip professional? 06:33 <@dazo> hyper_ch: nope ... I barely know what voip is 06:33 < hyper_ch> awwww :( you make me sad 06:33 <@dazo> hyper_ch: krzee knows more about that, I believe 06:33 < hyper_ch> he does 06:33 < hyper_ch> probably 06:34 < tazou> dazo, I copy this files http://www.openbsd.org/faq/faq10.html#vipw but the authentification fail again... An idea ? :) 06:34 <@vpnHelper> Title: 10 - System Management (at www.openbsd.org) 06:35 <@dazo> tazou: no, not really ... you probably need to strace (or whatever the bsd approach is) to see what this openvpn_bsdauth process tries to access 06:36 < tazou> dazo, strace /usr/local/sbin/openvpn --config /etc/openvpn/server.conf ? 06:36 <@dazo> tazou: yeah 06:36 < tazou> ok 06:36 < tazou> dem! strace: command not found :D 06:37 <@dazo> openvpn is a single threaded process, so it's fairly simple to debug this way 06:37 < tazou> openBSD uses ktrace and kdump instead of strace. 06:37 < tazou> ;) 06:37 <@dazo> ahh! true 06:37 < tazou> oki:) 06:38 < tazou> it log nothinf 06:38 < tazou> but I increase "verb" to 9 06:39 < tazou> :p 06:41 < tazou> erf, no more interresting informations... 06:45 < tazou> I think i'll not chroot my openvpn 06:47 < tazou> dazo, Do you know other Windows OpenVPN GUI, more user friendly that http://swupdate.openvpn.org/community/releases/openvpn-2.2.2-install.exe ? 06:50 -!- vpopov [~happylife@dyn-58-35.fttbee.kis.ru] has quit [Read error: Connection reset by peer] 06:50 < tazou> Like this http://www.vpnsecure.me/support/windows/ (screenshot at bottom) 06:50 <@vpnHelper> Title: Windows: VPNSecure OpenVPN Encrypted VPN Setup | VPN Secure Networks (at www.vpnsecure.me) 06:51 <+EugeneKay> openvpn-gui *is* the user-friendly one. 06:51 < tazou> hihi :) 06:51 <+EugeneKay> Not sure wtf they're doing, but there is no such thing as "openvpn pptp" 06:56 < tazou> ;) 07:00 <@dazo> tazou: there are a few gui's circulating ... I would say that openvpn-gui is user-friendly, but not good/sleek looking .... and there is a developer working on improving the gui and the interactions for openvpn to integrate better into Windows 07:01 < tazou> ah ok 07:01 <@dazo> and the strength of the openvpn-gui, is that it uses plain config files .... not trying to guificate all the features openvpn supports, as that would make it much less user friendly, as openvpn is very feature rich and incredibly flexible 07:02 < tazou> yeap 07:02 <@dazo> tazou: here's a list over GUI's we've stumbled over or been pointed at ... https://community.openvpn.net/openvpn/wiki/RelatedProjects#WindowsclientGUI 07:02 <@vpnHelper> Title: RelatedProjects – OpenVPN Community (at community.openvpn.net) 07:02 < tazou> ho thanks dazo :) 07:10 -!- bwallen [~bwallen@static-108-28-88-66.washdc.fios.verizon.net] has quit [Quit: Ex-Chat] 07:16 -!- c1de0x [~c1de0x@208.111.44.254] has quit [Excess Flood] 07:21 -!- c1de0x [~c1de0x@208.111.44.254] has joined #openvpn 07:38 -!- vocis [~vocis@gateway/tor-sasl/voidzero] has quit [Ping timeout: 276 seconds] 07:50 -!- Azrael808 [~peter@212.161.9.162] has joined #openvpn 07:52 -!- vocis [~vocis@gateway/tor-sasl/voidzero] has joined #openvpn 08:15 -!- Axeman [~Axeman3@198.105.46.46] has joined #openvpn 08:15 -!- Axeman [~Axeman3@198.105.46.46] has quit [Changing host] 08:15 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 08:15 -!- mode/#openvpn [+v Axeman] by ChanServ 08:16 -!- _Danilo_ [~Danilo@unaffiliated/danilo/x-728421] has left #openvpn ["Sto andando via"] 08:18 -!- Mainz [~Mainz@187.37.73.134] has joined #openvpn 08:21 < Mainz> !welcome 08:21 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 08:22 < Mainz> !goal 08:22 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc 08:27 < Mainz> Hello there, I'm trying to implement an OPENVPN server to provide access to my office LAN for remote users, and even after reading the guides from the site and comparing the config file to the sample in the page, I couldn't figure out what is going on... can someone help me? 08:29 < Mainz> The service is running in a Linux environment, I can telnet to the openvpn administration port, but can`t telnet to localhost port defined in the config file.. this could be a firewall issue? 08:29 <+EugeneKay> It could be a lot of things. 08:29 <+EugeneKay> If you're using UDP, you wouldn't be able to telnet to it. 08:30 <+EugeneKay> And you ought to be using UDP. 08:31 < Mainz> tks, I'm using UDP, but the client remains only in Connecting.. 08:31 <+EugeneKay> !logs 08:31 <@vpnHelper> "logs" is (#1) is please pastebin your logfiles from both client and server with verb set to 5 or (#2) In Tunnelblick, right-click and select copy to copy log text to clipboard. 08:31 <+EugeneKay> !configs 08:31 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries 08:32 < Mainz> just a sec. 08:34 -!- rjd_ [rjd@x64.pin.se] has left #openvpn [] 08:34 -!- gladiatr [~sdspence@openvpn/community/support/gladiatr] has joined #openvpn 08:51 -!- schlitzer|freihe [~schlitzer@212.144.228.122] has joined #openvpn 08:51 < schlitzer|freihe> hey all 08:52 < schlitzer|freihe> i´m using openvpn in tap mode. everything is working fine. but there is one thing... is there a way to automatically add the tap device to a bridge? 08:54 < schlitzer|freihe> with tinc vpn i have a tinc-up script that is doing something like this: ifconfig $INTERFACE up; brctl addif br0 $INTERFACE 08:54 < schlitzer|freihe> can i do something similar with openvpn? 08:55 -!- Secret [~Secret@78.157.114.78] has quit [Ping timeout: 252 seconds] 08:58 -!- Secret [~Secret@78.157.114.78] has joined #openvpn 09:03 -!- scampbell [~scampbell@c-98-224-240-62.hsd1.mi.comcast.net] has joined #openvpn 09:04 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Read error: Operation timed out] 09:05 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 09:14 -!- simplechat [~simplecha@unaffiliated/simplechat] has quit [Remote host closed the connection] 09:20 -!- scampbell [~scampbell@c-98-224-240-62.hsd1.mi.comcast.net] has quit [Remote host closed the connection] 09:20 -!- aegidos [~admin@p54B5B0E2.dip.t-dialin.net] has joined #openvpn 09:26 <@vpnHelper> RSS Update - forum: Subnet Conflicts 09:28 -!- gladiatr [~sdspence@openvpn/community/support/gladiatr] has quit [Ping timeout: 252 seconds] 09:36 -!- luckman212 [~irc@pool-108-41-8-176.nycmny.fios.verizon.net] has joined #openvpn 09:40 -!- luckman212 [~irc@pool-108-41-8-176.nycmny.fios.verizon.net] has quit [Client Quit] 09:40 -!- luckman212 [~irc@pool-108-41-8-176.nycmny.fios.verizon.net] has joined #openvpn 09:41 -!- gladiatr [~sdspence@160.15.124.24.cm.sunflower.com] has joined #openvpn 10:01 -!- JackWinter [~jack@vodsl-8990.vo.lu] has quit [Read error: Connection reset by peer] 10:17 -!- JackWinter [~jack@vodsl-8990.vo.lu] has joined #openvpn 10:22 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has quit [Read error: Connection reset by peer] 10:22 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has joined #openvpn 10:26 -!- forgotten [forgotten@is.undroppable.co.uk] has left #openvpn [] 10:27 -!- dazo is now known as dazo_afk 10:33 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Quit: Sorry Gotta Run!] 10:41 -!- Mainz [~Mainz@187.37.73.134] has quit [] 10:48 -!- aegidos [~admin@p54B5B0E2.dip.t-dialin.net] has quit [Quit: aegidos] 10:50 <@vpnHelper> RSS Update - forum: Layer 2 bridging not working 11:05 -!- Azrael808 [~peter@212.161.9.162] has quit [Ping timeout: 252 seconds] 11:08 -!- Duryodhan [Duryodhan@117.225.70.168] has joined #openvpn 11:18 -!- jkyle [~krunk-@unaffiliated/krunk-] has joined #openvpn 11:18 < jkyle> !welcome 11:18 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 11:19 < jkyle> nevermind, my problem is the firewall 11:19 * jkyle is joking 11:21 < jkyle> Does openvpn support single use authentication schemes? 11:21 < jkyle> I'm skimming/searching over the docs and haven't run across it yet 11:27 -!- gladiatr [~sdspence@160.15.124.24.cm.sunflower.com] has quit [Ping timeout: 248 seconds] 11:29 -!- tazou [~Guillaume@78.223.143.27] has quit [Quit: Quitte] 11:29 -!- raidz [~raidz@openvpn/corp/admin/andrew] has joined #openvpn 11:29 -!- mode/#openvpn [+o raidz] by ChanServ 11:30 -!- schlitzer|freihe [~schlitzer@212.144.228.122] has quit [Quit: Leaving] 11:40 -!- gladiatr [~sdspence@135.15.124.24.cm.sunflower.com] has joined #openvpn 11:41 -!- vocis [~vocis@gateway/tor-sasl/voidzero] has quit [Ping timeout: 276 seconds] 11:46 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 11:52 -!- JoeyJoeJo [~brian@pool-173-71-223-79.clppva.fios.verizon.net] has quit [Read error: Connection reset by peer] 11:52 -!- JoeyJoeJo [~brian@pool-173-71-223-79.clppva.fios.verizon.net] has joined #openvpn 11:57 -!- vocis [~vocis@gateway/tor-sasl/voidzero] has joined #openvpn 12:01 <@ecrist> jkyle: yes, but no 12:01 <@ecrist> openvpn doesn't do the authentication, it can call a script to do the authentication 12:01 <@raidz> ecrist! I keep seeing you on xblive, I got to get you in a party with my bro and I 12:01 < jkyle> 3rd party plugins and RADIUS eh? 12:01 <@raidz> we just got a 36 win streak the other day :-D 12:02 <@raidz> Although I might get banned for a few days because I am using a rapidfire remote not, hah 12:03 -!- JoeyJoeJo [~brian@pool-173-71-223-79.clppva.fios.verizon.net] has quit [Read error: Connection reset by peer] 12:05 <@ecrist> nice, raidz 12:07 <@ecrist> next time you see me online, hit me up, usually myself, my buddy, and my son 12:07 <@raidz> Sweet, when are you usually on ecrist? 12:07 -!- scampbell [~scampbell@c-98-224-240-62.hsd1.mi.comcast.net] has joined #openvpn 12:07 <@ecrist> this week, likely not at all 12:07 <@ecrist> gotta clean the house to get it ready to sell 12:09 <@raidz> moving? 12:09 <@ecrist> yes 12:09 <@raidz> Same area different house? 12:09 <@ecrist> we live in the hood, and I'm tired of dodging bullets 12:09 <@ecrist> different area, different house (since I own a real house, and not one that is of a 'mobile' persuasion) 12:09 <@raidz> haha 12:10 <@ecrist> I imagine people who own trailer homes, when they pack, just close the doors and lock them. 12:10 <@raidz> haha 12:11 -!- kbarry [~chatzilla@rrcs-24-153-167-50.sw.biz.rr.com] has joined #openvpn 12:11 <@raidz> ecrist: you have a son? 12:12 <@ecrist> yes, 10 12:12 < kbarry> I'm reading thru this http://www.dd-wrt.com/wiki/index.php/VPN_%28the_easy_way%29_v24%2B#Creating_Certificates_Using_Easy_RSA_in_Windows and i am wondering if i should be actually generating the keys using a specific computer? OpenVPN is on my router, and I wanted to set up clients. Do i create the keys using the router? 12:12 <@vpnHelper> Title: VPN (the easy way) v24+ - DD-WRT Wiki (at www.dd-wrt.com) 12:12 <@ecrist> and a daughter 12:12 <@raidz> wow dude, I didn't know you were that old :-p 12:13 <@ecrist> heh, 32 12:13 <@raidz> *ducks* 12:13 <@raidz> Oh, you aren't 12:13 <@raidz> you had them young! 12:13 <@ecrist> that's called good planning 12:13 <@ecrist> at this rate, my kids will both be out of my house by the time I turn 50 12:13 <@ecrist> party on garth 12:14 <@raidz> hahaha, wish I thought of that 12:14 <@ecrist> and, actually, when I turn 50, my daughter will be either 2 years through college, or 2 years not living at home 12:14 <@ecrist> ;) 12:14 <@raidz> so no matter what she is out at 18? 12:15 -!- deever [~deever@78.46.68.172] has left #openvpn [] 12:20 -!- aegidos [~admin@p54B5B0E2.dip.t-dialin.net] has joined #openvpn 12:27 <@ecrist> raidz: that's the idea, now 12:27 <@ecrist> I moved out at 17 12:28 <@raidz> did you goto college? 12:29 < aegidos> what's the newest debian version with ovpn runnin ? 12:29 < aegidos> !debian 12:29 <@vpnHelper> "debian" is Although we are aware the Debian stable package repository has OpenVPN 2.1rc11, to offer support, we require users to run the current version of OpenVPN. See !download for information on where/how to obtain a recent release. 12:29 < aegidos> !download 12:29 <@vpnHelper> "download" is (#1) http://www.openvpn.net/download to download OpenVPN or (#2) OpenVPN's Windows installer now includes OpenVPN GUI. Don't bother with http://openvpn.se anymore or (#3) Don't trust download.com at all. It provides an extremely old version with malware: http://insecure.org/news/download-com-fiasco.html 12:34 <@ecrist> raidz: no 12:34 <@ecrist> aegidos: openvpn has it's own repositories now, but I don't remember the info 12:34 <@raidz> awesome, I love seeing smart people who have good jobs and didn't get sucked into student loans 12:35 <@ecrist> aegidos: https://community.openvpn.net/openvpn/wiki/OpenvpnAptRepos#Usingrepos.openvpn.net 12:35 <@vpnHelper> Title: OpenvpnAptRepos – OpenVPN Community (at community.openvpn.net) 12:35 < aegidos> thanks ecrist 12:36 -!- gladiatr [~sdspence@135.15.124.24.cm.sunflower.com] has quit [Changing host] 12:36 -!- gladiatr [~sdspence@openvpn/community/support/gladiatr] has joined #openvpn 12:40 < kbarry> Do i need to generate the keys on the router? 12:41 < rawplayer> generate the keys on a offline device 12:49 -!- rudenstam [~smartnude@pdpc/supporter/student/rudenstam] has joined #openvpn 12:49 -!- CaptainQuirk [~leo@mol92-10-78-236-165-242.fbx.proxad.net] has quit [Quit: Leaving] 12:50 < rudenstam> hello, are there any known problems with openvpn and hibernation? I'm using windows7... After I have hibernated the win7 client and woke it up again the vpn connection is never restored.. 12:50 <@ecrist> yes 12:50 <@ecrist> are you running 2.2.2? 12:50 <@ecrist> I think there were/are some fixes in there for it. 12:50 < rudenstam> let me boot that laptop and find out... ;) 12:54 < rudenstam> OpenVPN 2.2.2 built on Dec 15 2011 12:56 < rudenstam> ecrist: so seems I'm using 2.2.2 on the win client... using 2.1.3 on the linux server, should it matter? 12:57 <@ecrist> server shouldn't matter, it's a problem with the windows gui 12:59 < rudenstam> ecrist: should it work better if I run without the gui? 12:59 < rudenstam> think I saw that you can install it without GUI and just have it run as service? 13:00 <@ecrist> I don't know, rudenstam, just commenting based on conversation I've been privy to. I don't use windows. 13:01 < rudenstam> ah.. alright... if you got any more ideas, or if anyone else has... please send them my way 13:04 <@ecrist> rudenstam: have you searched google, or the mailing list? 13:04 -!- lusis [u2537@gateway/web/irccloud.com/x-qssekjifawkonkrd] has quit [Remote host closed the connection] 13:04 -!- evilhackerdude [u1451@gateway/web/irccloud.com/x-qzqfuzytiymrpupv] has quit [Remote host closed the connection] 13:05 < rudenstam> ecrist: a bit.. looking more thorouly at it now.. 13:15 -!- lusis [u2537@gateway/web/irccloud.com/x-opglpxhhlkmspano] has joined #openvpn 13:21 < rudenstam> ecrist: found the ticket for it now.. https://community.openvpn.net/openvpn/ticket/71 .... will try the task scheaduler trick mentioned in comments.. 13:21 <@vpnHelper> Title: #71 (Windows 7 (and Vista) - tunnel fails after resume from Sleep/Standby) – OpenVPN Community (at community.openvpn.net) 13:23 <@ecrist> ah, I knew there was something somewhere 13:24 -!- evilhackerdude [u1451@gateway/web/irccloud.com/x-mtnanhmunfyuvqza] has joined #openvpn 13:41 <@vpnHelper> RSS Update - forum: decrypt openvpn ssl traffic with wireshark 13:41 < kbarry> i need/want to remake the first coupel of keys i made. 13:42 < kbarry> i was using the easy RSA on windows. 13:42 < kbarry> using the command build-key [name] but i want to remake the first keys i made. It was asking for a challenege password and i'd preffer not to have one. 13:45 -!- vpopov [~happylife@dyn-58-35.fttbee.kis.ru] has joined #openvpn 13:45 <@ecrist> kbarry: then just press enter 13:45 < kbarry> do i just delete the .key, .csr and .crt files and start over? 13:46 < kbarry> (i make client1 - client3 and 13:49 < kbarry> now i want to redo them. do i just delete those files and the build-key client1, etc? 13:57 -!- Duryodhan [Duryodhan@117.225.70.168] has quit [Ping timeout: 248 seconds] 14:00 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has quit [Remote host closed the connection] 14:03 < rudenstam> ecrist: the task scheduler disable/enable trick helped 14:09 <@ecrist> can you comment on that in the ticket, please? 14:11 < rudenstam> ecrist: the workaround is the one that adapted cat describes in the ticket, so don't think there's any comment needed? 14:11 < rudenstam> I don't really have anything to add except "it worked" 14:11 <@ecrist> ok 14:13 -!- kbarry_ [~chatzilla@rrcs-24-153-167-50.sw.biz.rr.com] has joined #openvpn 14:14 -!- kbarry [~chatzilla@rrcs-24-153-167-50.sw.biz.rr.com] has quit [Ping timeout: 240 seconds] 14:24 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Remote host closed the connection] 14:24 -!- kbarry_ [~chatzilla@rrcs-24-153-167-50.sw.biz.rr.com] has quit [Quit: ChatZilla 0.9.88 [Firefox 8.0/20111104165243]] 14:25 -!- Azrael808 [~peter@cpc17-walt12-2-0-cust657.13-2.cable.virginmedia.com] has joined #openvpn 14:31 -!- Axeman [~Axeman3@198.105.46.46] has joined #openvpn 14:31 -!- Axeman [~Axeman3@198.105.46.46] has quit [Changing host] 14:31 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 14:31 -!- mode/#openvpn [+v Axeman] by ChanServ 14:33 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 14:35 -!- vpopov [~happylife@dyn-58-35.fttbee.kis.ru] has quit [Read error: No route to host] 14:35 <@vpnHelper> RSS Update - forum: Can't find the solution to this anywere. Hope you can! 14:41 -!- Morpheus [~Snake@217.16.178.248] has joined #openvpn 14:45 -!- Azrael808 [~peter@cpc17-walt12-2-0-cust657.13-2.cable.virginmedia.com] has quit [Ping timeout: 240 seconds] 14:47 -!- Morpheus [~Snake@217.16.178.248] has quit [Quit: Leaving] 14:50 -!- Essobi [~Essobi@74-128-55-37.dhcp.insightbb.com] has quit [Read error: Connection reset by peer] 14:50 -!- Essobi [~Essobi@74-128-55-37.dhcp.insightbb.com] has joined #openvpn 15:04 -!- Secret [~Secret@78.157.114.78] has quit [Read error: Connection reset by peer] 15:04 -!- Secret [~Secret@78.157.114.78] has joined #openvpn 15:09 -!- scampbell [~scampbell@c-98-224-240-62.hsd1.mi.comcast.net] has quit [Ping timeout: 268 seconds] 15:15 -!- aegidos [~admin@p54B5B0E2.dip.t-dialin.net] has quit [Quit: aegidos] 15:15 -!- iGENIUS [~iGENIUS@189-112-140-106.static.ctbctelecom.com.br] has joined #openvpn 15:16 < iGENIUS> is there a way to install an openvpn server on linux and connect to it as a client through windows? 15:20 < krzee> yes 15:20 <@vpnHelper> RSS Update - forum: TAP UDP bridge questions for games networking. 15:20 < krzee> just like you would with any other OS's 15:29 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Quit: Computer has gone to sleep.] 15:33 -!- danielsh [~danielsh@apache/committer/danielsh] has joined #openvpn 15:34 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Quit: Sorry Gotta Run!] 15:35 -!- Azrael808 [~peter@cpc17-walt12-2-0-cust657.13-2.cable.virginmedia.com] has joined #openvpn 15:36 < danielsh> Looking into configuring fail2ban for openvpn. 15:36 < danielsh> failregex = ^%(__prefix_line)sTCP connection established with :\d*$ 15:36 < danielsh> ^%(__prefix_line)sTCPv4_SERVER link remote: :\d*$ 15:37 < danielsh> ^^^ is that a good setting? Not sure what's the best thing to watch the logs for. 15:44 -!- rudenstam [~smartnude@pdpc/supporter/student/rudenstam] has left #openvpn [] 15:46 -!- Agin [~Agin@greenzone.copyleft.no] has quit [Ping timeout: 240 seconds] 15:51 -!- benjamino [~benjamino@67.136.148.138] has joined #openvpn 15:52 -!- benjamino [~benjamino@67.136.148.138] has left #openvpn [] 15:52 -!- JackWinter [~jack@vodsl-8990.vo.lu] has quit [Quit: Konversation terminated!] 15:52 -!- JackWinter [~jack@vodsl-8990.vo.lu] has joined #openvpn 15:54 -!- Novae [~Novae@unaffiliated/novae] has quit [Ping timeout: 252 seconds] 15:58 -!- Azrael808 [~peter@cpc17-walt12-2-0-cust657.13-2.cable.virginmedia.com] has quit [Ping timeout: 240 seconds] 16:09 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Remote host closed the connection] 16:10 <@ecrist> danielsh: not really sure, you'd have to ask the fail2ban folks 16:12 < danielsh> ecrist: Sorry, let me phrase this question again without involving fail2ban: 16:12 < danielsh> What's a good way to cause openvpn to log every IP that tries to connect and authenticate to it? 16:14 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 16:14 <@ecrist> verb 4 16:14 <@ecrist> in the server config 16:14 < danielsh> assume I have an oracle for the "monitor the logs, extract IP's from them, and rate limit them". 16:14 * danielsh tries 16:14 <@ecrist> or, tcpdump 16:15 < danielsh> Interesting approach, there. 16:15 < danielsh> It's a freebsd server, so I can use pflog 16:15 <@ecrist> that's what I'd do 16:15 < danielsh> Have it log every first packet on the TCP conn 16:15 < danielsh> and rate limit that 16:15 * ecrist freebsd guy 16:15 < danielsh> ecrist: thanks, that's a good trick to remember 16:15 * ecrist points to his cloak 16:16 * danielsh was already checking the cloak :) 16:16 <@ecrist> ;) 16:18 < danielsh> ecrist: /var/log/messages does not look any different with 'verb 4' 16:18 < danielsh> There's a screenful of messages when openvpn boots, 16:18 < iGENIUS> i'm trying out a tutorial on youtube, however i don't see any tun0 listed on the ifconfig output, can someone tell me how the server and route addresses in this config would look like? http://pastebin.com/rBSaD2ta http://pastebin.com/BMHNxj66 16:18 < danielsh> but the same 3 lines upon a connection 16:18 < danielsh> Jan 4 00:17:32 t1 openvpn[4094]: TCP connection established with 192.114.23.210:15718 16:18 < danielsh> Jan 4 00:17:32 t1 openvpn[4094]: TCPv4_SERVER link local (bound): [undef]:993 16:18 <@ecrist> it's not going to be in /var/log/messages 16:18 < danielsh> Jan 4 00:17:32 t1 openvpn[4094]: TCPv4_SERVER link remote: 192.114.23.210:15718 16:18 < danielsh> Jan 4 00:17:42 t1 openvpn[4094]: Peer Connection Initiated with 192.114.23.210:15718 16:18 <@ecrist> depending on your config 16:19 < danielsh> Ahh, so I need to add a log-append directive too? 16:22 < danielsh> no difference 16:23 < danielsh> verb 4 16:23 < danielsh> log-append /tmp/foo 16:23 <@ecrist> try verb 5 16:23 < danielsh> if it matters it's not in --mode server atm. 16:23 <@ecrist> well, it's doing what it's supposed to 16:23 -!- iGENIUS [~iGENIUS@189-112-140-106.static.ctbctelecom.com.br] has quit [] 16:24 <@ecrist> > Jan 4 00:17:32 t1 openvpn[4094]: TCP connection established with 192.114.23.210:15718 16:24 <@ecrist> that looks right to me 16:24 < danielsh> software tends to behave that way 16:24 < danielsh> yeah, but I get that even without the --verb directives 16:24 <@ecrist> what more are you looking for? 16:25 < danielsh> Dunno 16:25 < danielsh> I saw this before I asked anything here 16:25 < danielsh> I thought you were saying there are other logged things, if I crank up the --verb 16:25 < danielsh> so was looking for those 16:26 < danielsh> (no major difference with verb=5) 16:26 <@ecrist> there are 16:26 <@ecrist> verb 5 is what we seek to troubleshoot 16:28 < danielsh> well, ack 16:29 < danielsh> but afaics I don't get more log entries with the connecting IP in them with verb 5, compared to no --verb at all 16:29 < danielsh> OpenVPN 2.2.1 amd64-portbld-freebsd8.2 [SSL] [LZO2] [eurephia] built on Dec 4 2011 16:29 <@ecrist> I'm not sure what you're acutally looking for. 16:29 < danielsh> Logging the IP of someone who tries to connect 16:30 < danielsh> even if they failed to authenticate 16:30 < danielsh> Given that, I'll have fail2ban watch the log files and IP ban anyone who tries to enumerate passwords or whatever. 16:30 * danielsh (I use key-based authentication) 16:31 <@ecrist> honestly, I'd use tcpdump 16:31 <@ecrist> tcpdump -n -e -tttt -i pflog0 upd port 1194 16:31 <@ecrist> but I'm sure you know all that 16:35 < danielsh> could figure it out, probably. 16:35 <@vpnHelper> RSS Update - forum: Please Help- Login Window issues on Windows 7 64bit 16:35 < danielsh> I don't remember the tcpdump flags by heart yet :( 16:36 <@ecrist> neither do I, but _quadDamage does 16:36 <@ecrist> ;) 16:36 <@ecrist> fwiw, I have a couple aliases on my bsd boxes you may find useful 16:36 <@ecrist> alias: showpfrt not found 16:36 <@ecrist> grr 16:37 <@ecrist> ecrist@swordfish:~-> alias showpfrt 16:37 <@ecrist> tcpdump -n -e -tttt -i pflog0 16:37 <@ecrist> ecrist@swordfish:~-> alias showpflog 16:37 <@ecrist> tcpdump -n -e -tttt -r /var/log/pflog 16:37 < danielsh> nice 16:38 < danielsh> so those just dump pflog 16:38 < danielsh> FWIW, at this point I wonder how to connect fail2ban to tcpdump 16:38 <@ecrist> showpflog does, showpfrt dumps the pflog0 interface 16:38 < danielsh> *nod* 16:38 <@ecrist> assuming you're using one 16:38 < danielsh> fail2ban wants a file, 16:38 <@ecrist> a file can be stdin, afaik 16:39 < danielsh> ahh, that was my next questino 16:39 < danielsh> if it can watch a process output too 16:39 <@ecrist> just use a single hyphen 16:39 < danielsh> Err, stdin of what? 16:39 < danielsh> fail2ban runs as daemon 16:39 <@ecrist> grep foobeans - 16:39 <@ecrist> if you start typing, it'll repeat foobeans but nothing else. ;) 16:40 < danielsh> Yeah I know that 16:40 < danielsh> but fail2ban doesn't have a stdin 16:40 <@ecrist> that's really still a fail2ban thing 16:40 <@ecrist> we're in #openvpn 16:40 <@ecrist> ;) 16:40 < danielsh> this time you're right. :P 16:40 < danielsh> thanks much ecrist 16:40 <@ecrist> np 16:40 < danielsh> that was a very helpful 10*n minutes 16:41 <@ecrist> heh, one of my better moments then 16:41 <@ecrist> oh, I must have forgotten 16:41 <@ecrist> 16:41 <@ecrist> tits or gtfo 17:10 -!- datums_nb [~datums@cpe-72-130-14-131.socal.res.rr.com] has joined #openvpn 17:21 -!- gladiatr [~sdspence@openvpn/community/support/gladiatr] has quit [Quit: Leaving] 17:33 <@vpnHelper> RSS Update - forum: Unknown issue only with Linux client 17:35 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has quit [Ping timeout: 252 seconds] 17:56 -!- bauruine [~stefan@2001:8e0:100b:dead:f2de:f1ff:fe9f:974b] has joined #openvpn 17:56 -!- tabakhase [t4b4kh453@rps9289.ovh.net] has quit [Changing host] 17:56 -!- tabakhase [t4b4kh453@unaffiliated/tabakhase] has joined #openvpn 18:06 -!- speakman [~daniel@unaffiliated/speakman] has quit [Ping timeout: 252 seconds] 18:24 < vocis> b00bs 18:38 < dioz> what about them? 18:41 -!- Gravitron [~admin@65.28.68.253] has joined #openvpn 18:41 -!- Gravitron [~admin@65.28.68.253] has quit [Changing host] 18:41 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 18:41 -!- newl [~newl@97.75.165.156] has joined #openvpn 18:43 -!- jkyle [~krunk-@unaffiliated/krunk-] has quit [Ping timeout: 240 seconds] 18:46 <@vpnHelper> RSS Update - forum: Hope you can find a solution to this :) 18:57 -!- Denial [Denial@drgi.co.uk] has quit [] 19:02 -!- speakman [~daniel@h-181-147.a166.corp.bahnhof.se] has joined #openvpn 19:02 -!- speakman [~daniel@h-181-147.a166.corp.bahnhof.se] has quit [Changing host] 19:02 -!- speakman [~daniel@unaffiliated/speakman] has joined #openvpn 19:08 -!- _julian [~quassel@hmbg-5f767116.pool.mediaWays.net] has joined #openvpn 19:12 -!- _julian_ [~quassel@hmbg-4d06d37e.pool.mediaWays.net] has quit [Ping timeout: 255 seconds] 19:15 -!- datums_nb [~datums@cpe-72-130-14-131.socal.res.rr.com] has quit [Ping timeout: 240 seconds] 19:16 -!- simplechat [~simplecha@123-243-79-139.static.tpgi.com.au] has joined #openvpn 19:16 -!- simplechat [~simplecha@123-243-79-139.static.tpgi.com.au] has quit [Changing host] 19:16 -!- simplechat [~simplecha@unaffiliated/simplechat] has joined #openvpn 19:21 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Quit: Computer has gone to sleep.] 19:51 -!- nutcase_ [~nutcase@ir0nic.com] has joined #openvpn 19:59 -!- nutcase_ [~nutcase@ir0nic.com] has quit [Quit: BAI] 20:02 <@vpnHelper> RSS Update - forum: we are looking for a heads up on issues we would encounter. 20:03 -!- datums_nb [~datums@cpe-72-130-14-131.socal.res.rr.com] has joined #openvpn 20:05 -!- nutcase_ [~nutcase@ir0nic.com] has joined #openvpn 20:06 -!- datums_nb [~datums@cpe-72-130-14-131.socal.res.rr.com] has quit [Max SendQ exceeded] 20:08 -!- kbarry [~chatzilla@adsl-66-138-57-209.dsl.bumttx.swbell.net] has joined #openvpn 20:08 < kbarry> h 20:08 < reiffert> ö 20:09 -!- datums_nb [~datums@cpe-72-130-14-131.socal.res.rr.com] has joined #openvpn 20:10 -!- nutcase_ [~nutcase@ir0nic.com] has quit [Client Quit] 20:10 < kbarry> I've just established connection to a router i configured at work. 20:10 < kbarry> I'm at home now testing it, 20:10 < kbarry> Ran the gui, have made connection but i can't ping anything on my network at work (10 20:10 < kbarry> 10.0.0.x 20:11 < kbarry> home is 192.168.0.x 20:11 < kbarry> the VPN tells me my ip on it is 192.168.2.200 20:11 < kbarry> Forgive me for being such a VPN newb, but i'm a little stumped. 20:12 < kbarry> i can't "see" anything on the other side of the VPN device. 20:13 < kbarry> I notice i don't ahve a gateway on my VPN connection (ipconfig /all) does that matter? 20:20 < dioz> pastebin your configs 20:30 < kbarry> dioz what do you mean? 20:31 < kbarry> http://pastebin.com/7xyvv17L 20:32 < dioz> gonna have to tell the machine where 10.0.0.0 is 20:34 < kbarry> 10.0.0.x is my office lan. 20:35 < kbarry> the VPN server running on a router is at the config ip. 20:35 < kbarry> that device is also the DHCP for 10.0.0.x 20:37 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has quit [Read error: Connection reset by peer] 20:37 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has joined #openvpn 20:37 -!- newl is now known as new1 20:37 < dioz> i don't know anything about your router 20:38 -!- new1 is now known as newl 20:39 < kbarry> Forgive me. I appriate the help, but i don't know if i know what question to ask. 20:39 < kbarry> I'm getting connected to the VPN, but i don't know how to "see" anything thats behind it. 20:40 < kbarry> Maybe i haven't setup the VPN connection properly, and its looking for the ip's i'm trying to ping thru my internet connection, and not the VPN adapter. 20:41 < dioz> i'd need more information about your router 20:41 < dioz> it's probably using some kind of web-based interface too 20:42 < dioz> your router should push the routes to your computer 20:44 < kbarry> router is running DD-WRT (with openVPN) 20:57 -!- kbarry [~chatzilla@adsl-66-138-57-209.dsl.bumttx.swbell.net] has quit [Quit: ChatZilla 0.9.88 [Firefox 8.0/20111104165243]] 21:22 < krzee> !route 21:22 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT or (#3) See !tcpip for more info about a more basic networking guide 21:22 < krzee> oh hah he left 21:22 < newl> exit 21:23 < reiffert> operator 21:36 <@vpnHelper> RSS Update - forum: Multiple clients on OpenVPN - Routing Issue 21:36 <+TJNII> krzee: So a couple weeks back we were discussing HA OpenVPN and you asked me to report my findings. I haven't had time to play with routing failover, however everything I know about networking leads me to believe it won't work the way I want. I do have HA bridging OpenVPN working where a failover doesn't drop connections, though. 21:37 <+TJNII> I should clarify my requirements, though, as I've realized they are probably beyond the normal user 21:37 < newl> even mortal man? 21:38 < krzee> failover doesnt drop connections? very cool 21:38 < krzee> although interesting as well from a security standpoint... 21:38 < krzee> how do the effective keys (which rotate hourly) stay synced? 21:38 <+TJNII> I'm using OpenVPN in an environment where the traffic mostly shells, either via ssh or telnet. All TCP, though. Anyways, having your shell drop out could be ... bad. Losing the controlling terminal could cause processes to die, which could at best disrupt work or at worst brick something. So I wanted my sessions to stay open. 21:39 <+TJNII> With routing, on failover, the client IP has to change. I can't think of a a way without a lot of network magic. Especially in my environment where I don't control the router, so with routing I'd have to NAT. 21:40 <+TJNII> If the client IP changes, the TCP stack on the server won't know about it, and RST the connection. This is the conclusion the network guru at work and I reached. That will likely drop the session. 21:41 <+TJNII> So I went with bridging. On failover, the client connects to the new server, but can maintain its IP as it is a layer 2. No different from unplugging a ethernet cable and plugging it back into another port. 21:41 -!- newl [~newl@97.75.165.156] has left #openvpn [] 21:41 <+TJNII> As long as the arp tables catch up before whatever the client is using times out, everything just pauses and then starts back up as if nothing happened. 21:42 <+TJNII> Tested it this afternoon with some SSH and telnet sessions. Failed the server I was using, and it failed over to the next without dropping anything. 21:43 <+TJNII> krzee: The key negotiation all happens as you'd expect. As long as the client IP doesn't change the client can tolerate the disruption of a reconnect. 21:44 <+TJNII> I'm doing a long duration test right now. I left the tunnel open with some open sessions and went home. We'll see what state it is in tomorrow. 21:49 <+TJNII> Of course, an unexpected hurdle was that I'm using "redirect-gateway def1" and, by default, openvpn only created a special route for the server it was connected to so all other traffic was routed into the tunnel. This caused headaches on failover as, since it left the tunnel device up when it tried to reconnect, it would try to contact the falover server through the tunnel. (That obviously didn't work) I got around that by explicitly creating routes to all th 21:49 <+TJNII> e servers in the clinet config with the "net_gateway" argument so the client always can talk to all the servers, regardless of tunnel state. 21:53 <+TJNII> That's why I was asking about load balancers a while back, but I found the route method to be a much better solution. 22:30 <+TJNII> Wow. Apparently there was a patch to make OpenVPN work over ICMP at one point. I'd like ot get my hands on that, just so I caould say "Our VPN servers support TCP, UDP, and ICMP. *beat pause* You heard me." 22:31 <@ecrist> TJNII: troll 22:33 <@ecrist> you can do HA failover with openvpn in bridged mode, and many connections won't fail, but it's not perfect. 22:34 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has quit [Read error: Connection reset by peer] 22:34 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has joined #openvpn 22:35 <+TJNII> True, and hopefully it will never be needed. I did some homework and basic tests on this, wanted to share while it was still fresh in my mind. I was asked to report back, after all. 22:36 <+TJNII> And I certainly hope you're callime be a troll for the ICMP comment, not for the failover comments. 23:54 <@vpnHelper> RSS Update - forum: How-to: Tunnel WAN IP assigned to specific users --- Day changed Wed Jan 04 2012 00:21 -!- aegidos [~admin@tmo-097-6.customers.d1-online.com] has joined #openvpn 00:25 -!- aegidos [~admin@tmo-097-6.customers.d1-online.com] has quit [Remote host closed the connection] 00:27 -!- aegidos [~admin@tmo-097-6.customers.d1-online.com] has joined #openvpn 00:31 -!- aegidos [~admin@tmo-097-6.customers.d1-online.com] has quit [Remote host closed the connection] 00:31 -!- aegidos [~admin@p54B5AA44.dip.t-dialin.net] has joined #openvpn 00:43 -!- datums_nb [~datums@cpe-72-130-14-131.socal.res.rr.com] has quit [Ping timeout: 252 seconds] 00:52 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 00:55 <@vpnHelper> RSS Update - forum: download speed is VERY SLOW 00:58 -!- babble [~coyote@unaffiliated/coyote] has joined #openvpn 01:09 -!- aegidos [~admin@p54B5AA44.dip.t-dialin.net] has quit [Ping timeout: 276 seconds] 01:15 -!- datums_nb [~datums@cpe-72-130-14-131.socal.res.rr.com] has joined #openvpn 01:34 -!- beerbro is now known as Yaph-ar-ti 01:51 <+EugeneKay> TJNII - uh, wtf? It's called 'screen' 01:51 <+EugeneKay> Learn to use it. 01:52 -!- rasyid7 [~3333@69.163.36.67] has quit [Ping timeout: 240 seconds] 02:01 <@vpnHelper> RSS Update - forum: Unknown issue only with Linux client 02:07 <@vpnHelper> RSS Update - forum: we are looking for a heads up on issues we would encounter. 02:18 -!- dazo_afk is now known as dazo 02:21 -!- helllen [~helllen@91.102.241.62] has joined #openvpn 02:21 < helllen> helllo 02:21 < helllen> I need to reinstall my openvpn server 02:21 < helllen> I would like it has the same CA to have the same certificates 02:22 < helllen> can I? 02:24 <+EugeneKay> Sure. 02:24 < matsim> not being an expert on openvpn but if your domain / hostname doesn't change you can copy the CA/certs 02:24 <+EugeneKay> openvpn doesn't care about domain/hostname 02:25 <+EugeneKay> the common-name of the certs is suggested to be the same as your hostname for sanity reasons, but there is not technical requirement for it 02:26 < matsim> EugeneKay: What happens if let's say the certs' cn is vpn.foo.org but now it's vpn.foobar.org - no complaining? 02:26 <+EugeneKay> So long as the cert is signed by the same CA with the same key-usage(client or server), the ther party will accept it as a valid certificate. 02:27 <+EugeneKay> other* 02:27 < matsim> ok, thanks 02:28 <+EugeneKay> You can build a script that will do implement a check of the CN against the hostname being connected to, but openvpn doesn't do this. 02:29 < matsim> I would have expected that (by ignorance of reading documentation though) 02:35 -!- babble [~coyote@unaffiliated/coyote] has quit [Quit: Leaving] 02:36 -!- Yaph-ar-ti [~gustav@sockensaft.garagenwein.at] has quit [Quit: ZNC - http://znc.sourceforge.net] 02:36 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 02:37 -!- Yaph-ar-ti [~gustav@mineralwasser.jesus.si] has joined #openvpn 02:51 <@vpnHelper> RSS Update - forum: Hope you can find a solution to this :) 02:58 -!- gladiatr [~sdspence@openvpn/community/support/gladiatr] has joined #openvpn 03:02 <@dazo> helllen: if you have all your CA files on a different (preferably offline) computer .... openvpn will still work. the OpenVPN server just needs the CA certificate, server certificate and server key file .... if you generate a new server certificate and server key, signed by the same CA it will still work (at least if you either don't use --tls-remote or have the same CN value in the new certificate) 03:05 < helllen> where is the certificate located? 03:06 -!- aegidos [~admin@p54B5AA44.dip.t-dialin.net] has joined #openvpn 03:09 < JackWinter> helllen: where your config file says it is located :) otherwise i think it looks in the current dir. seems better to me to specify the full path in the config file, then you can manually start it from what ever dir you happen to be in 03:12 -!- gladiatr [~sdspence@openvpn/community/support/gladiatr] has quit [Ping timeout: 252 seconds] 03:16 -!- Denial [Denial@drgi.co.uk] has joined #openvpn 03:16 -!- JackWinter [~jack@vodsl-8990.vo.lu] has quit [Quit: Konversation terminated!] 03:26 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Quit: UnterPerro lives to save another day] 03:32 -!- JackWinter [~jack@vodsl-8990.vo.lu] has joined #openvpn 03:41 <@vpnHelper> RSS Update - forum: Non-Admin usage of OpenVPN on Windows 03:53 -!- aegidos_ [~admin@tmo-096-21.customers.d1-online.com] has joined #openvpn 03:57 -!- aegidos [~admin@p54B5AA44.dip.t-dialin.net] has quit [Ping timeout: 252 seconds] 03:57 -!- aegidos_ is now known as aegidos 03:59 -!- aegidos [~admin@tmo-096-21.customers.d1-online.com] has quit [Remote host closed the connection] 04:00 -!- aegidos [~admin@p54B5AA44.dip.t-dialin.net] has joined #openvpn 04:09 -!- JackWinter [~jack@vodsl-8990.vo.lu] has quit [Quit: Konversation terminated!] 04:10 -!- JackWinter [~jack@vodsl-8990.vo.lu] has joined #openvpn 04:11 <@vpnHelper> RSS Update - forum: unable redirect default gateway 04:21 -!- datums_nb [~datums@cpe-72-130-14-131.socal.res.rr.com] has quit [Remote host closed the connection] 04:21 -!- master_of_master [~master_of@p57B5383F.dip.t-dialin.net] has quit [Ping timeout: 252 seconds] 04:23 -!- master_of_master [~master_of@p57B559BA.dip.t-dialin.net] has joined #openvpn 04:23 -!- mattock [~samuli@openvpn/corp/admin/mattock] has quit [Ping timeout: 248 seconds] 04:24 -!- mattock [~samuli@openvpn/corp/admin/mattock] has joined #openvpn 04:24 -!- mode/#openvpn [+o mattock] by ChanServ 04:34 -!- aegidos_ [~admin@tmo-096-21.customers.d1-online.com] has joined #openvpn 04:34 -!- aegidos_ [~admin@tmo-096-21.customers.d1-online.com] has quit [Read error: Connection reset by peer] 04:37 -!- Cubox [~Cubox@unaffiliated/cubox] has left #openvpn ["WeeChat 0.3.7-dev"] 04:38 -!- aegidos [~admin@p54B5AA44.dip.t-dialin.net] has quit [Ping timeout: 248 seconds] 04:40 -!- bauruine [~stefan@2001:8e0:100b:dead:f2de:f1ff:fe9f:974b] has quit [Remote host closed the connection] 04:43 -!- ErichG_ [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has joined #openvpn 04:43 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has quit [Read error: Connection reset by peer] 04:43 -!- ErichG_ is now known as ErichG 04:49 -!- Tsunami1|phone [Tsunami1@unaffiliated/tsunami1] has joined #openvpn 04:49 -!- KindOne [~KindOne@colchester-lug/silly-fool/donut] has joined #openvpn 04:50 -!- mah454 [~mah454@95.82.59.250] has joined #openvpn 04:50 < mah454> Hello 04:50 < mah454> I need openvpn web interface 04:50 -!- Tsunami1|phone [Tsunami1@unaffiliated/tsunami1] has left #openvpn [] 05:13 <+havoc> gah, "Options error: Maximum length of --push buffer (1024) has been exceeded" :( 05:13 -!- noisebleed [~quassel@piggy.inescn.pt] has joined #openvpn 05:13 -!- noisebleed [~quassel@piggy.inescn.pt] has quit [Changing host] 05:13 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has joined #openvpn 05:15 -!- aegidos [~admin@tmo-097-58.customers.d1-online.com] has joined #openvpn 05:15 -!- aegidos [~admin@tmo-097-58.customers.d1-online.com] has quit [Remote host closed the connection] 05:16 -!- aegidos [~admin@p54B5AA44.dip.t-dialin.net] has joined #openvpn 05:26 -!- lolwut [~KindOne@colchester-lug/silly-fool/donut] has joined #openvpn 05:27 -!- KindOne [~KindOne@colchester-lug/silly-fool/donut] has quit [Disconnected by services] 05:27 -!- lolwut is now known as KindOne 05:29 -!- pa [~pa@unaffiliated/pa] has quit [Quit: Sto andando via] 05:30 <@dazo> havoc: which version are you on? 05:31 <+havoc> old I think, on debian, checking.... 05:31 <+havoc> 2.1~rc11-1 05:31 <+havoc> I'm consolidating the pushed subnets though 05:31 <+havoc> I understand that there has to be a limit 05:32 <@dazo> ouch .... I believe the final 2.1 releases will split longer pushes into several pushes 05:32 <+havoc> dazo: ah, nice 05:32 <@dazo> I think 2.1_rc11 is too old for that feature 05:32 <@dazo> just upgrade to the latest 2.2.2 release ;-) 05:32 <+havoc> I will be upgrading to 2.1.3-2 when I get off my ass and upgrade this machine to squeeze 05:34 <@dazo> havoc: you know 2.1 releases are not supported any more? ... and security/bugfixes needs to be backported by the debian package maintainer - if he have time for that 05:34 <+havoc> yup 05:34 <+havoc> which is why I'm just dealing witht he 1024 limit 05:34 <@dazo> :) 05:34 <+havoc> this machine desperately needs to be upgrade, I just need time :( 05:35 <@dazo> If I were you, I'd just compile the latest openvpn ... and replace the binary ... openvpn isn't file system intrusive at all ... it's the binary and the man page, basically 05:36 <+havoc> ah, nice 05:36 <+havoc> could also easily checkinstall it then too 05:36 <@dazo> (the rest of the files are mostly distro dependent - which can reside on the box) 05:36 <@dazo> not sure what checkinstall is .... but probably :-P 05:36 -!- aegidos [~admin@p54B5AA44.dip.t-dialin.net] has quit [Read error: Connection timed out] 05:37 <+havoc> ./configure && make && checkinstall 05:37 <+havoc> debian thing, basically converts to a .deb and installs so that it's in dpkg 05:37 <@dazo> ahh! 05:37 <+havoc> very handy for maintaining source stuff 05:37 <@dazo> even nicer :) 05:38 <+havoc> yup 05:38 -!- aegidos [~admin@p54B5AA44.dip.t-dialin.net] has joined #openvpn 05:38 <+havoc> but it's really only useful for stuff without a billion deps 05:38 <@dazo> yeah 05:38 < helllen> helllo again 05:39 < helllen> I am on the system now 05:39 < helllen> I would like to clone one installed system because it is now broken the filesystem 05:39 < helllen> and we are going to reinstall it again 05:39 <+havoc> dazo: I maintain dirs for src built stuff on my debian boxes w/ a text file containing the ./configure line I used 05:40 < helllen> the problem is I have served the certs to the clients and I would like to reuse them 05:40 < helllen> what should I do? 05:41 <@dazo> matsim: You are partially correct that changing host name may cause issues ... but that depends on if --tls-remote is used ... this will make the client check that the servers CN value matches the value provided to --tls-remote 05:41 <@dazo> helllen: do you know how PKI works in general? 05:42 < helllen> more less 05:42 <@dazo> helllen: so the answer is the same as last time ... if the CA certificate is the same, and the servers certificate is the same on your new box ... it will just work .... 05:43 < helllen> do I have to copy anything from the server with problems to the new server? 05:43 <@dazo> helllen: and the openvpn *only* needs the proper CA certificate, server certificate and server key ... if you have that ... then no problem 05:43 < helllen> where is the CA certificate located? 05:43 <@dazo> If the server key/certificate is corrupted .... create a new one, with the same CN as the old certificate .... and it will work 05:44 <@dazo> helllen: what does the 'ca' statement say in your openvpn config? 05:44 < helllen> I will check it 05:44 < helllen> as.conf ?? 05:45 <@dazo> helllen: are you using openvpn access server? 05:45 < helllen> yes 05:45 < helllen> with license 05:45 <@dazo> !as 05:45 <@vpnHelper> "as" is please go to #OpenVPN-AS for help with Access-Server 05:46 <@dazo> we don't know much about the Access Server here .... the only thing AS uses from the community version is the openvpn binary ... that's all we know here 05:50 -!- voidzero [~vocis@gateway/tor-sasl/voidzero] has joined #openvpn 05:50 -!- vocis [~vocis@gateway/tor-sasl/voidzero] has quit [Ping timeout: 276 seconds] 05:50 -!- voidzero is now known as vocis 05:53 <+havoc> dazo: we have a site-to-site via our office to another corp, and they have 14 different /25, /26, & /27's :( 05:54 <+havoc> for now I just threw them all in 172.22.0.0/16 05:54 <+havoc> less than ideal, but it'll work for now 05:56 <@dazo> mm 06:03 -!- aegidos_ [~admin@tmo-097-58.customers.d1-online.com] has joined #openvpn 06:06 -!- aegidos [~admin@p54B5AA44.dip.t-dialin.net] has quit [Ping timeout: 240 seconds] 06:06 -!- aegidos_ is now known as aegidos 06:09 -!- aegidos [~admin@tmo-097-58.customers.d1-online.com] has quit [Read error: Connection reset by peer] 06:13 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Ping timeout: 240 seconds] 06:14 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 06:21 -!- sibok [~developer@76.Red-213-98-136.staticIP.rima-tde.net] has joined #openvpn 06:21 < sibok> Hi, could someone tell me of a good resource to configure an vpn client under linux? thx :) 06:23 <@dazo> !howto 06:23 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror 06:23 <@dazo> sibok: ^^^ 06:26 <@vpnHelper> RSS Update - forum: unable redirect default gateway 06:32 -!- vereteran [~vereteran@static.88-198-170-117.clients.your-server.de] has quit [Excess Flood] 06:35 -!- vereteran [~vereteran@static.88-198-170-117.clients.your-server.de] has joined #openvpn 06:44 <@vpnHelper> RSS Update - forum: Unknown issue only with Linux client 06:50 <@vpnHelper> RSS Update - forum: Unknown issue only with Linux client 06:53 -!- Undeadlord [~undead@8.10.252.240] has joined #openvpn 06:56 <+havoc> gah, still need to convert everything to tun too 06:57 < Undeadlord> Morning all, is there a way to add local routes to a purchased (I don't have control of he server config) VPN connection? 07:01 <+EugeneKay> Define "local routes" 07:02 <+EugeneKay> Route on your client to arbitrary set of addresses? Sure. Route on the server to your LAN? No. 07:04 < Undeadlord> Sorry, I am usingthe VPN on a machine that is seprate from my main laptop. I use a piece of software to allowme to use one keyboard and mouse to control both systems, when using the VPN I lose the ability to move from one machine to another. So I was wondering if I could have OpenVPN add the local client side LAN. 07:05 < Undeadlord> So it sounds like what I waned wouldn't work, unless I could have openvpn ignore the local LAN adreses for routing through the VPN 07:06 -!- mah454 [~mah454@95.82.59.250] has quit [Ping timeout: 240 seconds] 07:09 -!- mah454 [~mah454@95.82.59.250] has joined #openvpn 07:24 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has quit [Read error: Connection reset by peer] 07:24 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has joined #openvpn 07:29 < Undeadlord> ah I think I got it :) 07:31 -!- mah454 [~mah454@95.82.59.250] has quit [Quit: Leaving] 07:31 -!- Undeadlord [~undead@8.10.252.240] has quit [] 07:32 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has joined #openvpn 07:32 < sibok> dazo: thx! 07:33 -!- Undeadlord [~undead@62.212.73.103] has joined #openvpn 07:34 -!- sibok [~developer@76.Red-213-98-136.staticIP.rima-tde.net] has quit [Remote host closed the connection] 07:38 <@vpnHelper> RSS Update - forum: Windows 7 Client question 07:38 -!- pa [~pa@unaffiliated/pa] has joined #openvpn 07:44 <@vpnHelper> RSS Update - forum: Wrong routes set to the client 07:48 -!- Undeadlord [~undead@62.212.73.103] has quit [] 07:48 -!- converge [~converge@unaffiliated/joaop] has joined #openvpn 07:49 -!- fluter [~fluter@fedora/fluter] has joined #openvpn 07:53 -!- bragon [~Alexandre@81.93.247.165] has quit [Ping timeout: 276 seconds] 07:55 -!- bragon [~Alexandre@81.93.247.165] has joined #openvpn 07:59 -!- fluter [~fluter@fedora/fluter] has quit [Read error: Connection reset by peer] 08:02 <@vpnHelper> RSS Update - forum: Windows 7 as OpenVPN server with redirect-gateway 08:03 -!- fluter [~fluter@fedora/fluter] has joined #openvpn 08:11 -!- sled-dog [~luser@65-124-95-55.dia.static.qwest.net] has quit [Remote host closed the connection] 08:12 -!- converge [~converge@unaffiliated/joaop] has quit [Quit: Linkinus - http://linkinus.com] 08:15 -!- bragon [~Alexandre@81.93.247.165] has quit [Ping timeout: 240 seconds] 08:16 -!- bragon [~Alexandre@81.93.247.165] has joined #openvpn 08:32 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has joined #openvpn 08:34 < hyper_ch> krzee: http://www.theregister.co.uk/2012/01/04/german_cloud_ceiling/ 08:34 <@vpnHelper> Title: Germans increase office efficiency with 'cloud ceiling' • The Register (at www.theregister.co.uk) 08:41 -!- helllen [~helllen@91.102.241.62] has left #openvpn ["Saliendo"] 08:44 -!- aegidos [~admin@p54B5AA44.dip.t-dialin.net] has joined #openvpn 08:46 -!- fluter [~fluter@fedora/fluter] has quit [Quit: Leaving] 08:55 -!- JackWinter [~jack@vodsl-8990.vo.lu] has quit [Ping timeout: 240 seconds] 08:56 -!- kbarry [~chatzilla@rrcs-24-153-167-50.sw.biz.rr.com] has joined #openvpn 08:57 < kbarry> I went home last night after setting up OpenVPN on DD-WRT router here at work. Tested connection (brought my key files with me) it connected. But once connected i couldnt ping anything behind the router. 09:00 < kbarry> Maybe i am missing soemthing i'd know about if i weren't a newb. I read something about routes. I was using my laptop at home as a client to the router running openVPN/DD-WRT and I couldn't get ping anything. I got an IP assigned from the virtual adapter, but i couldnt access anything. What am i missing? 09:08 -!- MarKsaitis_ [~MarKsaiti@195.59.185.18] has joined #openvpn 09:09 -!- MarKsaitis_ [~MarKsaiti@195.59.185.18] has quit [Read error: Connection reset by peer] 09:09 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has quit [Ping timeout: 268 seconds] 09:18 <@ecrist> !route 09:18 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT or (#3) See !tcpip for more info about a more basic networking guide 09:18 <@ecrist> kbarry ^^^ 09:18 < dioz> i doubt it's route 09:18 < dioz> he said something about not having a gateway 09:19 <@ecrist> a gateway is very specifically about missing routes. ;) 09:22 < dioz> well yeah i know 09:22 < dioz> but 09:22 < dioz> split hairs! 09:22 <@ecrist> and, in his text above, he doesn't even use the word gateway 09:23 <@ecrist> I know he was her yesterday, but I don't review former conversations if I'm here now. 09:24 < dioz> kbarry: your gateway would provide a lease on a ip to the machine joining the vpn 09:24 <@ecrist> it would? 09:24 < dioz> with that information it would provide gateway/dns/routes 09:24 < dioz> i would speculate on his router setup 09:26 < kbarry> Thanks for the help. I have read that twice. 09:26 <@ecrist> we try to keep the speculation down 09:26 < kbarry> I have a pastebin of my config 09:27 <@ecrist> can I see it, please? 09:27 < kbarry> http://pastebin.com/HadzuR14 09:27 <@ecrist> also 09:27 <@ecrist> !logs 09:27 <+EugeneKay> xD 09:27 <@vpnHelper> "logs" is (#1) is please pastebin your logfiles from both client and server with verb set to 5 or (#2) In Tunnelblick, right-click and select copy to copy log text to clipboard. 09:28 <@ecrist> dioz: looking at his configs, your speculation is dead-wrong 09:28 < kbarry> i "think" what i need is 09:28 < kbarry> to add a route 09:28 < dioz> *shrug* 09:28 <@ecrist> kbarry: client config, as well, please 09:29 <@ecrist> and the logs from BOTH sides 09:29 < kbarry> http://pastebin.com/dGkXh95a 09:29 < dioz> yesterday he didn't post his server config ecrist 09:30 < kbarry> hahahaha, ok, let me get those (Thanks for the help 09:30 < kbarry> http://pastebin.com/uBDwGMqe 09:31 < kbarry> I don't know exactly how to get the server logs (off the router) let me look. 09:31 <@ecrist> also, verb 4 please for the logs 09:31 -!- rasyid7 [~3333@69.163.36.67] has joined #openvpn 09:31 <@ecrist> I assume the routing table at the top of your paste is on the server? 09:32 < kbarry> yes. i'll properly label it. About to pastebin again, found server logs. 09:32 <@ecrist> just to clear this up in my head, then, I think I see your problem. 09:33 < kbarry> http://pastebin.com/bYJG7Msp 09:33 <@ecrist> your server lan is 10.0/24, your VPN is 192.168.2.0/24 09:33 <@ecrist> and you want the VPN to communicate with the server lan, correct? and you're using bridged-mode VPN? 09:35 < kbarry> Yes, i want to be on my laptop at home (Client), and be able to ping/remote a server that is on the LAN 09:35 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has joined #openvpn 09:35 < kbarry> I don't know if its in bridge mode. I drive on bridges with my car........ 09:35 < kbarry> (a joke about how little i know about bridges :) 09:36 <@ecrist> I would suggest changing the server-bridge line to the following, then 09:37 < kbarry> The server config, i pasted it from a tutorial i found. 09:37 <@ecrist> server-bridge 10.0.0.X 255.255.255.0 10.0.0.225 10.0.0.249 09:37 < kbarry> (meaning i have no idea what each line of the config actally does.) 09:38 <@ecrist> change X to the IP of your server's lan interface 09:39 <@ecrist> then you need to bridge tap0 with your ethernet interface on the VPN server 09:40 <@ecrist> alternatively, you can use server-bridge "nogw" and your LAN dhcp server will pass out IP information, but won't pass the gateway 09:41 -!- prg3 [~prg3@chatter.majestik.org] has joined #openvpn 09:41 <@ecrist> the bridging of tap0 and eth0 on the vpn server still needs to occur though 09:43 -!- rooth [rooth@ge.mig.en.redfox.nu] has quit [Ping timeout: 244 seconds] 09:44 -!- scampbell [~scampbell@mail.scampbell.net] has joined #openvpn 09:44 -!- rooth [rooth@ge.mig.en.redfox.nu] has joined #openvpn 09:47 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has quit [Quit: Leaving] 09:49 < kbarry> ok i added the change. Do i need to have a "route xxxxxxxxxx" line in the config? I just want all clients to have access to the whole lan behind the server 09:49 < kbarry> THANK YOU so much for taking time to deal with me. 09:49 < pwrcycle> kbarry you'll need to add client-to-client in the server config then. 09:50 <@ecrist> kbarry: no, you don't 09:51 <@ecrist> but add client-to-client like pwrcycle said 09:51 <@ecrist> that way VPN clients can talk to eachother. 09:51 < prg3> Is OpenVPN a reasonable option for large site to site connections? I'm using it for remote user to server connections and it works like a charm 09:52 < hyper_ch> define large site to site connections 09:54 <@ecrist> prg3: I tend to defer to IPSec for static tunnels for large clients 09:54 <@ecrist> but we use openvpn internally 09:55 < prg3> ecrist: I was using Ipsec between, but the way that OpenBSD's ipsec dealt with routing was annoying me.. I've cutover to GRE with IPSEC tunnels, however that's causing me weird troubles. 09:56 <@ecrist> use cisco 09:58 < pwrcycle> prg3 your prob. with tunnel in tunnel could been the MTU size but this isn't either of those channels. 10:00 < prg3> ecrist: No budget for real gear.. 10:00 < prg3> pwrcycle: I just dropped it to 1200.. 10:01 <@ecrist> you can get an 1841 on ebay for about $250 10:01 <@ecrist> regardless, you should be able to use openvpn without a problem. 10:02 <@ecrist> !mtu 10:02 <@vpnHelper> "mtu" is (#1) see --mtu-test to learn how to test your MTU settings. Basically you just use --mtu-test in your normal client config or (#2) mtu debugging guide: http://www.secure-computing.net/wiki/index.php/OpenVPN/Troubleshooting 10:03 < prg3> I think dropping the GRE mtu actually might have solved the problem… but I might still look at using OpenVPN for the site to site if this thing gives me any more trouble. 10:04 <@ecrist> use the debug guide above, written by _quadDamage 10:04 <@ecrist> it's thourough. 10:05 < pwrcycle> prg3 cool 10:07 -!- Gravitron [~admin@65.28.68.253] has joined #openvpn 10:07 -!- Gravitron [~admin@65.28.68.253] has quit [Changing host] 10:07 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 10:16 < kbarry> ecrist: " the bridging of tap0 and eth0 on the vpn server still needs to occur though" what is this?>? 10:16 < kbarry> Got called away from my desk, catching up. 10:22 <@ecrist> what are you using for a VPN server? 10:22 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has quit [Quit: Leaving] 10:23 -!- aegidos [~admin@p54B5AA44.dip.t-dialin.net] has quit [Read error: Connection timed out] 10:24 -!- aegidos [~admin@p54B5AA44.dip.t-dialin.net] has joined #openvpn 10:36 -!- Duryodhan [~Duryodhan@117.224.165.55] has joined #openvpn 10:44 -!- simplechat [~simplecha@unaffiliated/simplechat] has quit [Remote host closed the connection] 10:48 -!- xsteadfastx [~mpreuss@ppp-93-104-143-30.dynamic.mnet-online.de] has joined #openvpn 10:48 <@vpnHelper> RSS Update - forum: New Site-to-Site Tunnel With Partial Connectivity 11:03 < kbarry> ecrist: Buffalo WHR-G54S running DD-WRT (with the built in openVPN) 11:05 <@ecrist> you'll have to ask the DD-WRT people how to bridge tap0 and eth0 11:05 <@dazo> kbarry: any particular reason you chose dd-wrt? 11:05 <@ecrist> also, I'd suggest making tap0 a static interface and keep the bridge static, as well 11:05 < kbarry> dazo: there was a Tutorial for it? 11:05 <@dazo> kbarry: I wouldn't trust dd-wrt ... they have a not too good approach to security issues ... 11:06 < kbarry> i'm just wanting clients to have access to the entire lan that the server is on. 11:06 < kbarry> what would you trust? 11:07 < kbarry> Not that loss of data is the only risk from less than secure security, but its not a big concern right now. We don't have information on the lant hats sensitive, 11:07 < kbarry> having our computers hacked would suck of course 11:07 -!- JackWinter [~jack@vodsl-8990.vo.lu] has joined #openvpn 11:07 < kbarry> but there are only 5 employees, and right now i'm mainly just interested in getting it up in "any" form. 11:08 < kbarry> i mean, i can connect tot he VPN, but i can't ping anything. I want to be able to remote desktop into a computer thats on the lan with the server (The router is the server) 11:09 <@dazo> kbarry: there's a little project called littleblackbox ... which has all ssh keys for dd-wrt releases .... which can be used to decrypt ssh traffic ... and the dd-wrt team don't see that as a problem for example 11:10 <@dazo> kbarry: it was also noticed that in one of their releases it was some hard coded iptables rules, with specific IP addresses granted access to the dd-wrt box ... and dd-wrt team didn't find it important enough to inform their users about it 11:11 < kbarry> I appreciate the security concerns. I don't think i know enough to make an informed decision. I can't even ping across my VPN yet.... 11:12 <@dazo> kbarry: dd-wrt is probably fine if you do a full review of the running code in dd-wrt ... but these issues is one of my main reasons to ditch it and use openwrt instead 11:12 -!- Duryodhan_ [Duryodhan@2002:75e1:baeb::75e1:baeb] has joined #openvpn 11:13 < kbarry> i'm just trying to get my vpn working in any form. A non functioning VPN is the best form of security :) 11:15 -!- Duryodhan [~Duryodhan@117.224.165.55] has quit [Read error: Connection reset by peer] 11:15 < kbarry> have to step out for a prject. bbl 11:17 -!- jkyle [~krunk-@unaffiliated/krunk-] has joined #openvpn 11:19 <@dazo> kbarry: a non-functioning router is the best form of security ... if you can access the router from the outside via ssh (or http/https), you're vulnerable instantly again 11:19 -!- aegidos [~admin@p54B5AA44.dip.t-dialin.net] has quit [Read error: Connection reset by peer] 11:19 -!- aegidos [~admin@p54B5AA44.dip.t-dialin.net] has joined #openvpn 11:22 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Quit: Computer has gone to sleep.] 11:28 -!- c1de0x [~c1de0x@208.111.44.254] has quit [Ping timeout: 252 seconds] 11:29 -!- c1de0x [~c1de0x@208.111.44.254] has joined #openvpn 11:35 <@vpnHelper> RSS Update - forum: [Help] Problem To Connect to the Server 11:42 < vlt> Hello. I had to install OpenVPN on a windows machine. When I set it up it worked quite well. But now in production use I can't access the client and vice versa. Although it seems to establish a connection just fine I can't send pings or any other packets. I have a quite large "verb 9" logfile here: http://pastebin.com/2Pd6nDHS Can anyone see what might cause the problem here? 11:47 -!- Duryodhan_ [Duryodhan@2002:75e1:baeb::75e1:baeb] has quit [Quit: Leaving] 11:53 <@vpnHelper> RSS Update - forum: Using web hosting account for VPN tunnel 11:53 < dioz> vlt: odds are we'll need your conf files (client and server) and any logs/debug (verbose 4) you can provide 11:53 < dioz> in order to be ANY help at all 11:54 < dioz> and don't paste them here use pastebin and link the url 11:56 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has joined #openvpn 11:57 < vlt> dioz: Ok, thanks. I'll find some verbose 4 logs and conf files ... 11:59 -!- fridim_ [~fridim@2a01:e35:2ece:f2d0:223:4eff:fe6c:c754] has joined #openvpn 11:59 <@vpnHelper> RSS Update - forum: Can connect, but nothing routing... 12:11 <@ecrist> kbarry: I told you what to do to get it working... 12:21 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 12:23 <@vpnHelper> RSS Update - forum: Layer 2 bridging not working 12:23 -!- fridim_ [~fridim@2a01:e35:2ece:f2d0:223:4eff:fe6c:c754] has quit [Ping timeout: 240 seconds] 12:49 -!- APTX [APTX@unaffiliated/aptx] has quit [Ping timeout: 248 seconds] 12:50 -!- APTX [APTX@unaffiliated/aptx] has joined #openvpn 12:54 -!- APTX_ [APTX@unaffiliated/aptx] has joined #openvpn 12:55 -!- APTX [APTX@unaffiliated/aptx] has quit [Ping timeout: 255 seconds] 12:58 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has quit [Remote host closed the connection] 12:59 -!- cp [~chirayu@matrix.openvpn.org] has joined #openvpn 12:59 -!- cp is now known as patelx 13:02 -!- patelx [~chirayu@matrix.openvpn.org] has quit [Changing host] 13:02 -!- patelx [~chirayu@openvpn/corp/admin/patel] has joined #openvpn 13:14 -!- APTX_ [APTX@unaffiliated/aptx] has quit [Read error: Connection reset by peer] 13:14 -!- APTX [APTX@unaffiliated/aptx] has joined #openvpn 13:16 -!- aegidos [~admin@p54B5AA44.dip.t-dialin.net] has quit [Quit: aegidos] 13:19 -!- APTX [APTX@unaffiliated/aptx] has quit [Read error: Connection reset by peer] 13:19 -!- APTX [APTX@unaffiliated/aptx] has joined #openvpn 13:32 -!- APTX [APTX@unaffiliated/aptx] has quit [Ping timeout: 255 seconds] 13:32 -!- APTX [APTX@unaffiliated/aptx] has joined #openvpn 13:32 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has quit [] 13:35 <+havoc> to convert to tun now, or later? 13:35 * havoc is slackin 13:43 <+havoc> just have to remember to use --topology subnet 13:47 -!- KindOne [~KindOne@colchester-lug/silly-fool/donut] has quit [Read error: Operation timed out] 13:47 -!- KindOne [~KindOne@colchester-lug/silly-fool/donut] has joined #openvpn 13:53 -!- Roadblock_RVA [~Roadblock@office.neteasyinc.com] has joined #openvpn 13:54 < Roadblock_RVA> !welcome 13:54 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 13:55 -!- APTX_ [APTX@unaffiliated/aptx] has joined #openvpn 13:55 -!- APTX_ [APTX@unaffiliated/aptx] has quit [Remote host closed the connection] 13:55 -!- APTX_ [APTX@unaffiliated/aptx] has joined #openvpn 13:55 -!- APTX [APTX@unaffiliated/aptx] has quit [Ping timeout: 240 seconds] 13:58 -!- dazo is now known as dazo_afk 14:09 < Roadblock_RVA> client-server setup failing with "bad source address from client [] packet dropped" 14:10 < Roadblock_RVA> Pastebin is here: http://pastebin.com/CZrQSeza 14:10 < Roadblock_RVA> From everything I've seen and understand this should be working, but I'm doubtless overlooking something simple 14:11 < Roadblock_RVA> Server is centos 5.7 and client is vyatta 6.3 14:25 < kbarry> ecrist: earlier you said i have have the LAN DHCP give ip leases, but it won't pass the gateway, what do you mean it won't pass the gateway? What advantages are there to using the dhcp of the lan for vpn connections? 14:27 -!- vocis [~vocis@gateway/tor-sasl/voidzero] has quit [Ping timeout: 276 seconds] 14:28 -!- vocis [~vocis@gateway/tor-sasl/voidzero] has joined #openvpn 14:31 <+havoc> kbarry: I would think the only disadvantage would be that it's an additional dependency 14:31 <+havoc> I use LAN DHCP for my OVPN clients 14:31 <+havoc> and a dhcp-relay 14:32 <+havoc> you need a dhcp-relay in a routed environment; don't need it if it's a bridged environment 14:32 <+havoc> also don't need it if the ovpn server and dhcp server are he same machine 14:33 < kbarry> havoc: this is my first day dealing with bridges :) Still trying to figure out exactly how i need to do thing. ecrist was heling me earlier, but i fear i might be just a little lost still. 14:34 <+havoc> bridging can seem simpler but it has more deps 14:34 < kbarry> i don't know what a dhcp relay is, I started the day with a vpn server i setup yesterday, i could get connected last night from home, but i couldnt ping anything. 14:34 <+havoc> rather very specific things have to happen in the exact correct order or it will all fail 14:35 < kbarry> i think if i understood what was being told to me, i am getting connected, but the communications thru the vpn aren't getting conencted to the right chanel to actually access the lan. 14:35 < kbarry> he mentioned bridging two interfaces 14:35 -!- BustyLoli-Chan [~BustyLoli@24.111.195.1] has joined #openvpn 14:35 <+havoc> yes 14:36 < BustyLoli-Chan> would you squeeze until I cried? o.o 14:36 < BustyLoli-Chan> oh :O 14:36 < BustyLoli-Chan> btw 14:36 < BustyLoli-Chan> I MANAGED TO DO ALL THAT I NEEDED WITH THE WINDOWS ROUTING TABLE 14:36 < kbarry> ecrist then you need to bridge tap0 with your ethernet interface on the VPN server 14:36 < kbarry> ecrist alternatively, you can use server-bridge "nogw" and your LAN dhcp server will pass out IP information, but won't pass the gateway 14:36 < BustyLoli-Chan> WITHOUT YOUR SHITTY LACK OF SUPORT 14:36 < kbarry> -->| prg3 (~prg3@chatter.majestik.org) has joined #openvpn 14:36 < kbarry> ecrist the bridging of tap0 and eth0 on the vpn server still needs to occur though 14:37 < BustyLoli-Chan> AND WITHYOUT YOUR SHITTY SOFTWARE 14:37 < BustyLoli-Chan> THAT IS SO FUCKING COMLICATED TO USE IT'S A FUCKING JOKE 14:37 < BustyLoli-Chan> anyway yeah :3 14:37 -!- BustyLoli-Chan [~BustyLoli@24.111.195.1] has quit [Client Quit] 14:38 <+havoc> kbarry: yeah, you need a br0 or something 14:39 <@ecrist> heh 14:39 <@ecrist> BustyLoli-Chan thinks we give a shit. 14:39 <@ecrist> that's cute. 14:40 <+havoc> kbarry: this is how I did it, when I did it: http://pastebin.com/fgscBgmS 14:40 <+havoc> that's from /etc/network/interfaces on debian 14:40 <+havoc> ecrist: yeah, not a happy person 14:41 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has quit [Quit: Leaving.] 14:42 < jkyle> openstack's pretty new, growing pains I guess. docs are here and there 14:58 -!- patelx [~chirayu@openvpn/corp/admin/patel] has quit [Quit: patelx] 14:59 -!- cp [~chirayu@64.125.181.73] has joined #openvpn 14:59 -!- cp_ [~chirayu@matrix.openvpn.org] has joined #openvpn 15:00 -!- cp_ [~chirayu@matrix.openvpn.org] has quit [Client Quit] 15:03 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 15:03 -!- cp [~chirayu@64.125.181.73] has quit [Ping timeout: 240 seconds] 15:09 -!- kyrix [~ashley@chello084112114196.33.11.vie.surfer.at] has joined #openvpn 15:09 -!- kyrix_ [~ashley@chello084112114196.33.11.vie.surfer.at] has joined #openvpn 15:10 -!- kyrix_ [~ashley@chello084112114196.33.11.vie.surfer.at] has quit [Read error: Connection reset by peer] 15:12 -!- APTX [APTX@unaffiliated/aptx] has joined #openvpn 15:12 -!- APTX_ [APTX@unaffiliated/aptx] has quit [Ping timeout: 260 seconds] 15:21 -!- APTX [APTX@unaffiliated/aptx] has quit [Read error: Connection reset by peer] 15:22 -!- APTX [APTX@unaffiliated/aptx] has joined #openvpn 15:29 -!- [1]SigmaProjects [~SigmaProj@cpe-66-75-87-13.socal.res.rr.com] has joined #openvpn 15:30 -!- SigmaProjects [~SigmaProj@cpe-66-75-87-13.socal.res.rr.com] has quit [Ping timeout: 240 seconds] 15:32 -!- SigmaProjects [~SigmaProj@cpe-66-75-87-13.socal.res.rr.com] has joined #openvpn 15:34 -!- [1]SigmaProjects [~SigmaProj@cpe-66-75-87-13.socal.res.rr.com] has quit [Ping timeout: 252 seconds] 15:50 < kbarry> havoc: mind giving me a bit of a walkthrough that link you sent? 15:50 <+havoc> it's one way to set up a bridge in linux 15:50 <+havoc> a bridge device is like an ethernet device 15:51 <+havoc> br instead of eth or tap or tun 15:51 <+havoc> it consists of 2 or more network interfaces, in this case tap0 and eth0 15:52 <+havoc> the tricky bit is that in the case of a vpn one of the ifaces is virtual 15:52 <+havoc> this means that you must make sure it is up before br0 can be created 15:53 <+havoc> once created you would route/firewall traffic via br0 rather than via eth0 or tap0 15:54 <+havoc> ecrist: I've been thinking about going back to a bridged setup 15:55 <+havoc> a hybrid bridge that is; tun0 + tun1 = br0 where tun0 is udp:1194 and tun1 is tcp:443 15:57 -!- Roadblock_RVA [~Roadblock@office.neteasyinc.com] has quit [Quit: Leaving] 15:58 < kbarry> havoc this instruction from ecrist is still confusing me.: "alternatively, you can use server-bridge "nogw" and your LAN dhcp server will pass out IP information, but won't pass the gateway...the bridging of tap0 and eth0 on the vpn server still needs to occur though" 15:58 < kbarry> the bridging of tap- and eth0... 15:59 <+havoc> I don't know what he meant either 16:00 < kbarry> i'm trying to have cleints connect to the server (a router running dd-wrt and openvpn) and the client be abel to "see" the lan that the router is on(and handling dhcp for) 16:00 < kbarry> sounds like you set it up so the vpn clients get ip leases from the lan's dhcp? 16:00 <+havoc> yes 16:01 <+havoc> and my bridge method would work for you, assuming eth0 is your internal (lan) iface 16:01 <+havoc> and no need for a dhcp relay since ovpn and dhcp are on same device 16:02 <+havoc> *or* you could use your existing configs and add soem routes and enable ip forwarding 16:03 < kbarry> on my router there is a "bridging" area, and under current bridging table it sas 16:03 < kbarry> intervaces vlan0 eth1 16:04 <+havoc> unless on of those is the interface openvpn creates it won't work 16:05 < kbarry> .... 16:05 < kbarry> Maybe i need to start again tomorrow. 16:06 < kbarry> I don't know enough to effectively help myself. 16:06 < kbarry> :) 16:06 <+havoc> spend the night researching/reading up on networking 16:06 <+havoc> wikipedia is a good start 16:07 <+havoc> there is a *lot* to know, and it's counter-productive to think you can start from nothing in no time 16:07 <+havoc> seems like you may have a good start though 16:11 < kbarry> :) 16:12 < kbarry> I am familiar with networking to some degree. This is a bit advanced for me. Trying to avoid the learning curve because i hope that this would be a one time event. 16:12 < kbarry> and fairly standard application 16:12 <+havoc> ha, there's nothing "standard" about a vpn, any vpn 16:13 <+havoc> or any network infrastructure for that matter 16:17 < kbarry> well, getting a single client conencted to the server which is also the router, and give the client access to the lan... baffling. 16:20 -!- cjs226 [~cjs226@99-61-65-242.lightspeed.austtx.sbcglobal.net] has joined #openvpn 16:26 -!- kbarry [~chatzilla@rrcs-24-153-167-50.sw.biz.rr.com] has quit [Ping timeout: 252 seconds] 16:29 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has joined #openvpn 16:31 -!- kbarry [~chatzilla@rrcs-24-153-167-49.sw.biz.rr.com] has joined #openvpn 16:39 -!- kbarry_ [~chatzilla@rrcs-24-153-167-50.sw.biz.rr.com] has joined #openvpn 16:39 <@vpnHelper> RSS Update - forum: Please Help- Login Window issues on Windows 7 64bit 16:40 -!- kbarry_ [~chatzilla@rrcs-24-153-167-50.sw.biz.rr.com] has quit [Client Quit] 16:40 -!- kbarry [~chatzilla@rrcs-24-153-167-49.sw.biz.rr.com] has quit [Ping timeout: 248 seconds] 16:45 -!- kyrix [~ashley@chello084112114196.33.11.vie.surfer.at] has quit [Remote host closed the connection] 16:52 -!- y_nk [5d13093b@gateway/web/freenode/ip.93.19.9.59] has joined #openvpn 16:52 < y_nk> hello 16:53 < y_nk> i'm looking for some support on openvpn 16:54 < y_nk> i get an error from my openvpn daemon, and i don't know what could be the issue 16:54 < y_nk> the error says it cant read the dh pem file 16:54 < y_nk> but i used the easy-rsa scripts with my windows computer 16:54 < y_nk> (3 times tbh) 16:57 < y_nk> i cant find the version of openvpn installed on my router 16:58 < y_nk> and i think it could be due to different versions between the scripts and the daemon 16:58 < y_nk> does anyone know something related to something similar ? 17:04 <@vpnHelper> RSS Update - forum: Please Help- Login Window issues on Windows 7 64bit 17:06 < krzee> !path 17:06 <@vpnHelper> "path" is It is a good idea to use full paths in your config. 17:07 < krzee> !winpath 17:07 <@vpnHelper> "winpath" is (#1) Remember on Windows to quote pathnames and use double backslashes, e.g.: "C:\\Program Files\\OpenVPN\\config\\foo.key" or (#2) also, you can use forward slashes to avoid needing double backslashes, but you still need quotes, e.g.: C:/Program Files/OpenVPN/config/foo.key (but surrounded by quotes) 17:07 < krzee> it not being able to read a local file has nothing to do with openvpn version 17:07 -!- y_nk [5d13093b@gateway/web/freenode/ip.93.19.9.59] has quit [Ping timeout: 258 seconds] 17:07 < krzee> OR THAT 17:16 <@vpnHelper> RSS Update - forum: my wish 17:17 -!- voidzero [~vocis@gateway/tor-sasl/voidzero] has joined #openvpn 17:20 -!- APTX [APTX@unaffiliated/aptx] has quit [Ping timeout: 260 seconds] 17:20 -!- JPeterson [HydraIRC@s213-103-209-64.cust.tele2.se] has quit [Read error: Connection reset by peer] 17:20 -!- vocis [~vocis@gateway/tor-sasl/voidzero] has quit [Ping timeout: 276 seconds] 17:21 -!- voidzero is now known as vocis 17:22 -!- APTX [APTX@unaffiliated/aptx] has joined #openvpn 17:27 -!- Denial [Denial@drgi.co.uk] has quit [] 17:37 -!- APTX [APTX@unaffiliated/aptx] has quit [Read error: Connection reset by peer] 17:37 -!- APTX [APTX@unaffiliated/aptx] has joined #openvpn 17:43 -!- jkyle [~krunk-@unaffiliated/krunk-] has quit [Ping timeout: 240 seconds] 17:46 <@vpnHelper> RSS Update - forum: breaking up Class C into four subnets 17:48 -!- Roadblock_RVA [~Ragansi@pool-173-53-37-34.rcmdva.fios.verizon.net] has joined #openvpn 17:57 -!- ErichG_ [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has joined #openvpn 17:57 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has quit [Read error: Connection reset by peer] 17:57 -!- ErichG_ is now known as ErichG 18:00 -!- JPeterson [HydraIRC@s213-103-209-64.cust.tele2.se] has joined #openvpn 18:01 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has quit [Ping timeout: 252 seconds] 18:05 -!- NetSkay [~quassel@c-71-207-130-87.hsd1.va.comcast.net] has joined #openvpn 18:06 -!- NetSkay [~quassel@c-71-207-130-87.hsd1.va.comcast.net] has quit [Quit: http://quassel-irc.org - Chat comfortably. Anywhere.] 18:06 -!- NetSkay [~quassel@c-71-207-130-87.hsd1.va.comcast.net] has joined #openvpn 18:07 -!- Harley [~Harley@182.149.72.25] has joined #openvpn 18:10 < NetSkay> hey guys 18:10 -!- Harley [~Harley@182.149.72.25] has quit [Remote host closed the connection] 18:11 -!- NetSkay [~quassel@c-71-207-130-87.hsd1.va.comcast.net] has quit [Remote host closed the connection] 18:11 -!- NetSkay [~quassel@c-71-207-130-87.hsd1.va.comcast.net] has joined #openvpn 18:14 -!- NetSkay [~quassel@c-71-207-130-87.hsd1.va.comcast.net] has quit [Remote host closed the connection] 18:14 -!- NetSkay [~quassel@c-71-207-130-87.hsd1.va.comcast.net] has joined #openvpn 18:14 -!- NetSkay [~quassel@c-71-207-130-87.hsd1.va.comcast.net] has quit [Client Quit] 18:14 -!- Kateon [482392@xs8.xs4all.nl] has quit [Ping timeout: 240 seconds] 18:21 -!- Kateon [482392@xs8.xs4all.nl] has joined #openvpn 18:22 -!- NetSkay [~quassel@c-71-207-130-87.hsd1.va.comcast.net] has joined #openvpn 18:23 -!- NetSkay [~quassel@c-71-207-130-87.hsd1.va.comcast.net] has quit [Remote host closed the connection] 18:29 -!- NetSkay [~quassel@c-71-207-130-87.hsd1.va.comcast.net] has joined #openvpn 18:29 -!- NetSkay [~quassel@c-71-207-130-87.hsd1.va.comcast.net] has quit [Remote host closed the connection] 18:47 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has joined #openvpn 19:05 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Quit: Computer has gone to sleep.] 19:07 -!- _julian_ [~quassel@hmbg-5f761fad.pool.mediaWays.net] has joined #openvpn 19:08 -!- _julian [~quassel@hmbg-5f767116.pool.mediaWays.net] has quit [Read error: Operation timed out] 19:19 -!- jkyle [~krunk-@unaffiliated/krunk-] has joined #openvpn 19:42 -!- jkyle [~krunk-@unaffiliated/krunk-] has quit [Ping timeout: 276 seconds] 20:08 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has joined #openvpn 20:32 -!- jkyle [~krunk-@unaffiliated/krunk-] has joined #openvpn 20:41 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 20:50 -!- babble [~coyote@unaffiliated/coyote] has joined #openvpn 20:58 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has quit [Ping timeout: 252 seconds] 20:59 -!- qiyong [~qiyong@60.23.248.82] has joined #openvpn 21:00 -!- qiyong [~qiyong@60.23.248.82] has quit [Client Quit] 21:05 -!- jkyle [~krunk-@unaffiliated/krunk-] has quit [Quit: Lost terminal] 21:07 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has joined #openvpn 21:20 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has joined #openvpn 21:37 -!- Gravitron [~admin@76.92.159.145] has joined #openvpn 21:37 -!- Gravitron [~admin@76.92.159.145] has quit [Changing host] 21:37 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 21:47 -!- KindOne [~KindOne@colchester-lug/silly-fool/donut] has quit [Read error: Operation timed out] 21:48 -!- CharlieSheen [~KindOne@colchester-lug/silly-fool/donut] has joined #openvpn 21:48 -!- CharlieSheen is now known as KindOne 22:07 -!- iDiytto [~diytto@96.18.141.120] has joined #openvpn 22:12 -!- vocis [~vocis@gateway/tor-sasl/voidzero] has quit [Ping timeout: 276 seconds] 22:15 -!- Rahail-m [~irC@c-71-238-240-241.hsd1.mi.comcast.net] has joined #openvpn 22:16 < Rahail-m> hi 22:16 < Rahail-m> !welcome 22:16 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 22:16 < Rahail-m> !goal 22:16 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc 22:17 < Rahail-m> !lan 22:17 < Rahail-m> !route 22:17 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT or (#3) See !tcpip for more info about a more basic networking guide 22:18 < Rahail-m> any one can help me configuring vpn 22:18 < Rahail-m> please let me know 22:18 < krzie> !ask 22:18 <@vpnHelper> "ask" is (#1) don't ask to ask, just ask your question please or (#2) http://www.latinsud.com/answer/ or (#3) http://www.catb.org/~esr/faqs/smart-questions.html to learn how to get help 22:19 < krzie> oh and more importantly: 22:19 < krzie> !goal 22:19 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc 22:19 < Rahail-m> :) 22:19 < Rahail-m> i try didnt work not that exprince yet 22:29 -!- iDiytto [~diytto@96.18.141.120] has quit [Quit: Colloquy crashed.] 22:58 <@vpnHelper> RSS Update - forum: OpenVPN routing fails, but only sometimes. (windows client) 23:00 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 23:18 -!- JPeterson [HydraIRC@s213-103-209-64.cust.tele2.se] has quit [Quit: HydraIRC -> http://www.hydrairc.com <- IRC with a difference] 23:20 -!- Rahail-m [~irC@c-71-238-240-241.hsd1.mi.comcast.net] has quit [] 23:23 -!- JPeterson [HydraIRC@s213-103-209-64.cust.tele2.se] has joined #openvpn 23:29 -!- APTX_ [APTX@unaffiliated/aptx] has joined #openvpn 23:29 -!- APTX [APTX@unaffiliated/aptx] has quit [Read error: Connection reset by peer] 23:33 -!- vocis [~vocis@gateway/tor-sasl/voidzero] has joined #openvpn 23:36 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has quit [Read error: Connection reset by peer] 23:36 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has joined #openvpn 23:37 -!- ErichG_ [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has joined #openvpn 23:37 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has quit [Read error: Connection reset by peer] 23:37 -!- ErichG_ is now known as ErichG 23:52 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has quit [Ping timeout: 252 seconds] --- Day changed Thu Jan 05 2012 00:13 -!- simplechat [~simplecha@123-243-79-139.static.tpgi.com.au] has joined #openvpn 00:13 -!- simplechat [~simplecha@123-243-79-139.static.tpgi.com.au] has quit [Changing host] 00:13 -!- simplechat [~simplecha@unaffiliated/simplechat] has joined #openvpn 00:17 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Quit: UnterPerro] 00:20 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Quit: Computer has gone to sleep.] 00:22 -!- modsiw [~modsiw@c-69-254-97-12.hsd1.tn.comcast.net] has joined #openvpn 00:23 < modsiw> can someone point me to directions to make a tap in linux? 00:23 -!- tjz [~pc@bb116-14-145-196.singnet.com.sg] has joined #openvpn 00:23 -!- tjz [~pc@bb116-14-145-196.singnet.com.sg] has quit [Changing host] 00:23 -!- tjz [~pc@unaffiliated/tjz] has joined #openvpn 00:24 < hyper_ch> modsiw: why do you want to use tap? 00:25 < modsiw> to create bridge 00:25 < hyper_ch> !goal 00:25 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc 00:27 < modsiw> trying to get a media center extender to work from one lan to another 00:27 < hyper_ch> !bridge 00:27 <@vpnHelper> "bridge" is (#1) http://openvpn.net/index.php/documentation/miscellaneous/ethernet-bridging.html for the doc or (#2) http://openvpn.net/index.php/documentation/faq.html#bridge1 for info from the FAQ or (#3) also see !tunortap and !layer2 and read --server-bridge in the manual (!man) 00:27 < hyper_ch> !tunortap 00:27 <@vpnHelper> "tunortap" is (#1) you ONLY want tap if you need to pass layer2 traffic over the vpn (traffic destined for a MAC address). If you are using IP traffic you want tun. Dont waste the extra overhead. or (#2) and if your reason for wanting tap is windows shares, see !wins or (#3) also remember that if someone gets access to any side of a tap vpn they can use layer2 attacks like arp poisoning against you over 00:27 <@vpnHelper> the vpn or (#4) lan gaming? use tap! 00:31 < modsiw> !wins 00:31 <@vpnHelper> "wins" is http://oreilly.com/catalog/samba/chapter/book/ch07_03.html is a good link for seeing how to run WINS on samba 00:49 -!- scampbell [~scampbell@mail.scampbell.net] has quit [Quit: Ex-Chat] 00:55 -!- aegidos [~admin@p54B5A46C.dip.t-dialin.net] has joined #openvpn 00:59 -!- Duryodhan [~Duryodhan@14.139.58.194] has joined #openvpn 01:01 < Duryodhan> have anyone used Endian firewall 01:03 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 01:04 < Duryodhan> hello 01:04 < Duryodhan> anyone have used endian firewall ..?? 01:05 < krzie> no, do you have an openvpn question instead? 01:10 -!- Yaph-ar-ti is now known as beerbro 01:14 < hyper_ch> hi krzie 01:14 < krzie> hey hyper_ch 01:15 < hyper_ch> krzie: I did order myself some expensive gear 01:16 < krzie> o ya? 01:16 < krzie> need my shipping address? 01:16 < krzie> ;] 01:16 -!- Duryodhan [~Duryodhan@14.139.58.194] has quit [Remote host closed the connection] 01:16 -!- aegidos [~admin@p54B5A46C.dip.t-dialin.net] has quit [Read error: No route to host] 01:16 < hyper_ch> krzie: :) a treadmill desk 01:16 < hyper_ch> I should get it in about 3 weeks 01:16 < krzie> haha 01:17 < hyper_ch> well, elctric height adjustable desk with 200x100 cm 01:17 < hyper_ch> can lift about 200kg 01:17 -!- aegidos [~admin@p54B5A46C.dip.t-dialin.net] has joined #openvpn 01:18 < hyper_ch> plus a treadmill aimed at slow speed of 0.5 - 2 mph 01:21 -!- aegidos_ [~admin@tmo-103-90.customers.d1-online.com] has joined #openvpn 01:21 <@vpnHelper> RSS Update - forum: Multiple internet connection using iptables 01:23 -!- aegidos_ [~admin@tmo-103-90.customers.d1-online.com] has quit [Read error: Connection reset by peer] 01:24 -!- aegidos [~admin@p54B5A46C.dip.t-dialin.net] has quit [Ping timeout: 240 seconds] 01:34 <@vpnHelper> RSS Update - forum: [Help] Problem To Connect to the Server 01:38 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Quit: UnterPerro] 01:52 <@vpnHelper> RSS Update - forum: Wrong routes set to the client 02:04 -!- gladiatr [~sdspence@openvpn/community/support/gladiatr] has joined #openvpn 02:14 -!- Denial [Denial@drgi.co.uk] has joined #openvpn 02:27 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Ping timeout: 240 seconds] 02:27 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 02:48 -!- KindOne [~KindOne@colchester-lug/silly-fool/donut] has quit [Remote host closed the connection] 02:48 -!- KindOne [~KindOne@colchester-lug/silly-fool/donut] has joined #openvpn 03:02 -!- chantra [~chantra@ns353511.ovh.net] has quit [Ping timeout: 255 seconds] 03:02 -!- chantra [~chantra@unaffiliated/chantra] has joined #openvpn 03:08 -!- Duryodhan [~Duryodhan@14.139.58.194] has joined #openvpn 03:22 -!- babble [~coyote@unaffiliated/coyote] has quit [Quit: Leaving] 03:34 <@vpnHelper> RSS Update - forum: Ubuntu 11.10 TUN help 03:36 -!- vocis [~vocis@gateway/tor-sasl/voidzero] has quit [Ping timeout: 276 seconds] 03:41 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has quit [Remote host closed the connection] 03:45 -!- aegidos [~admin@tmo-102-3.customers.d1-online.com] has joined #openvpn 03:45 -!- aegidos [~admin@tmo-102-3.customers.d1-online.com] has quit [Remote host closed the connection] 03:46 -!- Duryodhan [~Duryodhan@14.139.58.194] has quit [Remote host closed the connection] 04:06 -!- aegidos [~admin@tmo-102-3.customers.d1-online.com] has joined #openvpn 04:18 -!- rasyid7 [~3333@69.163.36.67] has quit [] 04:20 -!- master_of_master [~master_of@p57B559BA.dip.t-dialin.net] has quit [Ping timeout: 240 seconds] 04:20 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has joined #openvpn 04:22 -!- master_of_master [~master_of@p57B554F9.dip.t-dialin.net] has joined #openvpn 04:27 -!- aegidos [~admin@tmo-102-3.customers.d1-online.com] has quit [Remote host closed the connection] 04:27 -!- aegidos [~admin@p54B5A46C.dip.t-dialin.net] has joined #openvpn 04:30 -!- aegidos_ [~admin@tmo-102-3.customers.d1-online.com] has joined #openvpn 04:32 -!- aegidos_ [~admin@tmo-102-3.customers.d1-online.com] has quit [Remote host closed the connection] 04:33 -!- pranq [~pranq@unaffiliated/contempt] has quit [Quit: leaving] 04:34 -!- aegidos [~admin@p54B5A46C.dip.t-dialin.net] has quit [Ping timeout: 252 seconds] 04:34 -!- pranq [pranq@unaffiliated/contempt] has joined #openvpn 04:36 -!- aegidos [~admin@tmo-102-3.customers.d1-online.com] has joined #openvpn 04:36 -!- aegidos [~admin@tmo-102-3.customers.d1-online.com] has quit [Read error: Connection reset by peer] 04:36 -!- aegidos [~admin@tmo-097-34.customers.d1-online.com] has joined #openvpn 04:37 -!- aegidos [~admin@tmo-097-34.customers.d1-online.com] has quit [Remote host closed the connection] 04:37 -!- aegidos [~admin@p54B5A46C.dip.t-dialin.net] has joined #openvpn 04:43 -!- aegidos [~admin@p54B5A46C.dip.t-dialin.net] has quit [Ping timeout: 240 seconds] 04:49 -!- dazo_afk is now known as dazo 04:55 -!- xsteadfastx [~mpreuss@ppp-93-104-143-30.dynamic.mnet-online.de] has left #openvpn [] 05:00 -!- RonPaul [~KindOne@colchester-lug/silly-fool/donut] has joined #openvpn 05:01 -!- KindOne [~KindOne@colchester-lug/silly-fool/donut] has quit [Disconnected by services] 05:01 -!- RonPaul is now known as KindOne 05:10 -!- Savvis [Savvis@68.140.79.239] has joined #openvpn 05:10 -!- Savvis [Savvis@68.140.79.239] has left #openvpn [] 05:10 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has quit [Read error: Connection reset by peer] 05:10 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has joined #openvpn 05:20 -!- aegidos [~admin@tmo-097-94.customers.d1-online.com] has joined #openvpn 05:21 -!- aegidos [~admin@tmo-097-94.customers.d1-online.com] has quit [Remote host closed the connection] 05:21 -!- aegidos [~admin@p54B5A46C.dip.t-dialin.net] has joined #openvpn 05:24 -!- dazo is now known as dazo_afk 05:27 -!- Forco [~eivind@gore.copyleft.no] has joined #openvpn 05:27 < Forco> !welcome 05:27 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 05:27 < Forco> !goal 05:27 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc 05:28 -!- aegidos_ [~admin@tmo-097-94.customers.d1-online.com] has joined #openvpn 05:30 < Forco> I am working on setting up a OpenVPN-server. Everything seems to work fine. I'm using "push "redirect-gateway def1"" to try to get all traffic to go through the VPN-server. But on the client (Windows XP, usingg the OpenVPN-client) the gateway is set to "10.0.1.5" when i do a "route PRINT". And i can't access the internal or the external networks im trying to reach through the VPN. If i manually set the interface in windows to use 10.0.1.1 as gateway everyt 05:30 -!- aegidos_ [~admin@tmo-097-94.customers.d1-online.com] has quit [Remote host closed the connection] 05:30 -!- aegidos_ [~admin@p54B5A46C.dip.t-dialin.net] has joined #openvpn 05:30 < Forco> I have looked around for a solution on google/different forums for quite a while now. Can't seem to find any solution. 05:31 -!- aegidos [~admin@p54B5A46C.dip.t-dialin.net] has quit [Remote host closed the connection] 05:31 -!- aegidos_ is now known as aegidos 05:31 -!- dazo_afk is now known as dazo 05:50 <@vpnHelper> RSS Update - forum: Can connect, but nothing routing... 05:56 -!- aegidos [~admin@p54B5A46C.dip.t-dialin.net] has quit [Ping timeout: 240 seconds] 05:59 -!- gladiatr [~sdspence@openvpn/community/support/gladiatr] has quit [Quit: Leaving] 06:10 -!- cpm [~Chip@pdpc/supporter/active/cpm] has joined #openvpn 06:18 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has joined #openvpn 06:23 -!- Roadblock_RVA [~Ragansi@pool-173-53-37-34.rcmdva.fios.verizon.net] has quit [Quit: Leaving] 06:31 -!- ariana_ [~ariana@8.22.83.151] has joined #openvpn 06:32 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Remote host closed the connection] 06:32 < ariana_> openvpn crypically fails to start 06:32 < ariana_> i created certificated 06:32 < ariana_> s 06:35 <@dazo> !welcome 06:35 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 06:35 < ariana_> http://en.gentoo-wiki.com/wiki/OpenVPN i followed those instructions 06:35 <@vpnHelper> Title: OpenVPN - Gentoo Linux Wiki (at en.gentoo-wiki.com) 06:35 < ariana_> if there is a better place to start point me there 06:36 < ariana_> thank you dazo 06:37 < ariana_> i can't get the thing to start in order to experience any run-time failures 06:37 < ariana_> !configs 06:37 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries 06:38 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 06:40 < ariana_> oh, i'm sorry, just woke up... it doesn't like nm 06:41 < ariana_> it doesn't like odd netmasks though but i just used a more normal one 06:44 -!- cpm [~Chip@pdpc/supporter/active/cpm] has quit [Quit: cpm] 06:48 < ariana_> thanks again dazo 06:51 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Ping timeout: 252 seconds] 06:52 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 06:55 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has joined #openvpn 07:00 -!- ariana_ [~ariana@8.22.83.151] has quit [Ping timeout: 240 seconds] 07:03 -!- dangergrrl [~ariana@8.22.83.151] has joined #openvpn 07:08 -!- dangergrrl [~ariana@8.22.83.151] has quit [Read error: Connection reset by peer] 07:09 -!- dangergrrl [~ariana@8.22.83.151] has joined #openvpn 07:19 <@vpnHelper> RSS Update - forum: Problem connecting Windows 7 to OpenVPN 07:28 -!- cjs226 [~cjs226@99-61-65-242.lightspeed.austtx.sbcglobal.net] has quit [] 07:31 -!- EugeneKay [eugene@itvends.com] has quit [Read error: Operation timed out] 07:36 -!- EugeneKay [eugene@itvends.com] has joined #openvpn 07:48 -!- mode/#openvpn [+v EugeneKay] by ChanServ 07:50 -!- KindOne [~KindOne@colchester-lug/silly-fool/donut] has quit [Quit: mmm donuts....] 07:54 -!- Axeman [~Axeman3@198.105.46.46] has joined #openvpn 07:54 -!- Axeman [~Axeman3@198.105.46.46] has quit [Changing host] 07:54 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 07:54 -!- mode/#openvpn [+v Axeman] by ChanServ 08:02 -!- S1lv3R [~ben@178-83-34-83.dynamic.hispeed.ch] has joined #openvpn 08:02 < S1lv3R> hello World 08:03 < S1lv3R> is this normal? When i connect to my ovpn Server the connection will be lost for few secs? 08:04 -!- dollabill [~mike@199.44.8.98] has joined #openvpn 08:05 -!- krantz [~gustav.kr@h-176-10-236-148.na.cust.bahnhof.se] has joined #openvpn 08:05 < krantz> Im trying to install openvpn 2.2.2 on a debian dist. 08:05 -!- anathaema [~ariana@8.22.83.151] has joined #openvpn 08:05 < krantz> I follow the steps for "Linux Notes (without RPM)" on http://openvpn.net/index.php/open-source/documentation/howto.html#install 08:05 <@vpnHelper> Title: HOWTO (at openvpn.net) 08:05 -!- Axeman [~Axeman3@openvpn/user/axeman] has left #openvpn ["Leaving"] 08:06 < krantz> But at "make" and "make install" i get "make: *** No rule to make target `install'. Stop." 08:06 < krantz> make: *** No targets specified and no makefile found. Stop. 08:06 < krantz> Why is that? 08:07 < S1lv3R> krantz: http://www.youtube.com/watch?v=BfZV4MnGfkk&feature=related 08:07 <@vpnHelper> Title: OpenVPN Install How To - YouTube (at www.youtube.com) 08:07 -!- dangergrrl [~ariana@8.22.83.151] has quit [Ping timeout: 240 seconds] 08:08 < anathaema> what doc for win7 setup after getting the server up? 08:09 < S1lv3R> plz check howtos for Client Configuration 08:11 -!- `Ile` [~Ile@kaniserver.net] has joined #openvpn 08:14 -!- anathaema [~ariana@8.22.83.151] has quit [Read error: Connection reset by peer] 08:15 -!- anathaema [~ariana@8.22.83.151] has joined #openvpn 08:15 -!- Forco [~eivind@gore.copyleft.no] has quit [Quit: Lost terminal] 08:21 <@vpnHelper> RSS Update - forum: IGMP 08:22 -!- cjs226 [~cjs226@rrcs-71-40-79-154.sw.biz.rr.com] has joined #openvpn 08:28 -!- scampbell [~scampbell@c-98-224-240-62.hsd1.mi.comcast.net] has joined #openvpn 08:36 -!- APTX_ is now known as APTX 08:37 -!- `Ile` [~Ile@kaniserver.net] has quit [Quit: KVIrc 4.1.3 Equilibrium http://www.kvirc.net/] 08:39 <@vpnHelper> RSS Update - forum: UDP working fine , TCP not connecting 08:39 -!- ariana_ [~ariana@8.22.83.151] has joined #openvpn 08:43 -!- anathaema [~ariana@8.22.83.151] has quit [Ping timeout: 252 seconds] 08:45 <@vpnHelper> RSS Update - forum: UDP working fine , TCP not connecting 08:46 -!- __nolife [~Lirezh@83-64-53-66.kocheck.xdsl-line.inode.at] has quit [Ping timeout: 244 seconds] 08:50 -!- ariana_ [~ariana@8.22.83.151] has quit [Read error: Connection reset by peer] 08:50 -!- aegidos [~admin@p54B5A46C.dip.t-dialin.net] has joined #openvpn 08:55 -!- hceylan [~hceylan@213.248.153.186] has joined #openvpn 08:55 < hceylan> In network gnome-netmwork-manager it won't allow me to create a username/password connection without a CA Certificate 08:56 < hceylan> it seems that this is supported by open vpns based on this http://openvpn.net/index.php/open-source/documentation/howto.html#auth 08:56 <@vpnHelper> Title: HOWTO (at openvpn.net) 08:57 < hceylan> is there a way to alter network-manager config file and remove the dummy certificate I put in to force the entry window to enable save button? 09:02 -!- __nolife [~Lirezh@83-64-53-66.kocheck.xdsl-line.inode.at] has joined #openvpn 09:11 <@dazo> !nm 09:11 <@dazo> !networkmanager 09:11 <@dazo> hmm 09:12 <@dazo> hceylan: don't trust network-manager ... that's not something we support here, it's a project of the network-manager guys 09:13 <@dazo> openvpn supports much more than network-manager will ever support in it's UI 09:13 <@dazo> http://openvpn.net/archive/openvpn-users/2008-01/msg00046.html 09:13 <@vpnHelper> Title: Re: [Openvpn-users] Importing an OpenVPN configuration file in Network Manager (at openvpn.net) 09:14 -!- __nolife [~Lirezh@83-64-53-66.kocheck.xdsl-line.inode.at] has quit [Ping timeout: 255 seconds] 09:15 -!- simplechat [~simplecha@unaffiliated/simplechat] has quit [Remote host closed the connection] 09:17 -!- hceylan [~hceylan@213.248.153.186] has quit [Ping timeout: 240 seconds] 09:20 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Ping timeout: 252 seconds] 09:22 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 09:22 -!- __nolife [~Lirezh@83-64-53-66.kocheck.xdsl-line.inode.at] has joined #openvpn 09:32 -!- aegidos [~admin@p54B5A46C.dip.t-dialin.net] has quit [Quit: aegidos] 09:39 -!- __nolife [~Lirezh@83-64-53-66.kocheck.xdsl-line.inode.at] has quit [Ping timeout: 252 seconds] 09:39 -!- S1lv3R [~ben@178-83-34-83.dynamic.hispeed.ch] has quit [Quit: Lost terminal] 09:40 < Dougy> hello all 09:41 < krzee> sup doug 09:43 -!- __nolife [~Lirezh@83-64-53-66.kocheck.xdsl-line.inode.at] has joined #openvpn 09:44 < Dougy> hey jeff 09:44 < Dougy> whats new 09:46 -!- vocis [~vocis@gateway/tor-sasl/voidzero] has joined #openvpn 09:50 <+EugeneKay> I got Sieve working. Kinda. 09:52 < krzee> not much Dougy just working and getting ready for a lil vacation 09:58 -!- JPeterso2 [HydraIRC@s213-103-209-64.cust.tele2.se] has joined #openvpn 09:59 -!- Axeman2 [~Axeman3@198.105.46.46] has joined #openvpn 09:59 -!- Axeman2 [~Axeman3@198.105.46.46] has quit [Changing host] 09:59 -!- Axeman2 [~Axeman3@openvpn/user/axeman] has joined #openvpn 09:59 -!- mode/#openvpn [+v Axeman2] by ChanServ 10:00 -!- mocas__ [~mocas@87.196.251.242] has joined #openvpn 10:01 -!- JPeterson [HydraIRC@s213-103-209-64.cust.tele2.se] has quit [Ping timeout: 248 seconds] 10:01 -!- JPeterso2 is now known as JPeterson 10:03 -!- mocas_ [~mocas@87-196-118-159.net.novis.pt] has quit [Ping timeout: 255 seconds] 10:13 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has quit [Read error: Operation timed out] 10:14 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has joined #openvpn 10:16 -!- astrostl_ [~astrostl@68-188-73-250.static.stls.mo.charter.com] has joined #openvpn 10:18 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has quit [Ping timeout: 255 seconds] 10:18 <@vpnHelper> RSS Update - forum: Site to Site problems. 10:22 -!- astrostl_ [~astrostl@68-188-73-250.static.stls.mo.charter.com] has quit [] 10:23 -!- S1lv3R [NoMail@178-83-34-83.dynamic.hispeed.ch] has joined #openvpn 10:23 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has joined #openvpn 10:23 < S1lv3R> !configs 10:24 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries 10:25 < S1lv3R> !paste 10:25 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into pastebin or a similar website, or (#2) ie: www.pastebin.ca 10:26 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has quit [Remote host closed the connection] 10:27 -!- astrostl_ [~astrostl@68-188-73-250.static.stls.mo.charter.com] has joined #openvpn 10:28 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has quit [Read error: Operation timed out] 10:33 < S1lv3R> anyone german here? 10:34 <@ecrist> yes, there are 10:34 <@ecrist> this is an english-speaking channel, though. 10:35 < S1lv3R> Ok i will try it with my bad englisch (o; 10:36 < hyper_ch> http://www.google.com/translate 10:36 <@vpnHelper> Title: Google Translate (at www.google.com) 10:36 < S1lv3R> OVPN Server is running i can login to my OVPN Server with my mobile device but Internet isnt working here my Server.conf http://de.pastebin.ca/2099597 and my Client.conf http://de.pastebin.ca/2099598 10:39 < S1lv3R> Its an Firewall problem? 10:41 < hyper_ch> !welcome 10:41 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 10:41 < hyper_ch> !configs 10:41 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries 10:42 < S1lv3R> !route 10:42 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT or (#3) See !tcpip for more info about a more basic networking guide 10:43 < S1lv3R> anyone ideas? The Config files are good? 10:44 < krzee> please when you post configs, do it like this: 10:44 < krzee> !configs 10:44 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries 10:44 < krzee> without all the comments 10:44 < krzee> do that and ill look =] 10:45 < krzee> also 10:45 < krzee> !goal 10:45 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc 10:47 < S1lv3R> sry i was post the config files [17:36:58] my OS Debian i use the the source from Debian and I would like to access the internet over my vpn. My Mobiledevice is my HTC DHD 10:47 < S1lv3R> Server.conf http://de.pastebin.ca/2099597 and my Client.conf http://de.pastebin.ca/2099598 10:47 < krzee> i dont think you noticed the important part 10:47 < krzee> !configs 10:47 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries 10:47 < krzee> please remove the comments before posting 10:48 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has quit [Read error: Connection reset by peer] 10:48 < S1lv3R> arggs sry 10:48 < krzee> your config file is 300 lines, there are likely no more than 20 config entries in that 300 lines, i will not be reading 300 lines to find 20 that matter 10:48 < krzee> np 10:49 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has joined #openvpn 10:49 < S1lv3R> Srever.conf http://de.pastebin.ca/2099604 10:50 < krzee> perfect, and client 10:50 < krzee> you should change the subnet in --server 10:50 < krzee> from 10.0.0.0 to something less common, like maybe 10.8.0.0 10:50 < S1lv3R> http://de.pastebin.ca/2099605 10:51 < krzee> after you have done that, and reconnected, tell me 10:53 < S1lv3R> ok Connected to my Server HomeIP as 10.8.0.6 but it isnt working again 10:57 < S1lv3R> done 11:00 < krzee> ok 11:00 < krzee> can you ping 10.8.0.1 from the phone? 11:01 < S1lv3R> yes 11:01 < krzee> ok good 11:02 < krzee> now on the server 11:02 < krzee> cat /proc/sys/net/ipv4/ip_forward 11:02 < krzee> what does that output? 11:02 < S1lv3R> zero 11:03 < krzee> ok thats a problem 11:03 < krzee> !linipforward 11:03 <@vpnHelper> "linipforward" is (#1) echo 1 > /proc/sys/net/ipv4/ip_forward for a temp solution (til reboot) or set net.ipv4.ip_forward = 1 in sysctl.conf for perm solution or (#2) chmod +x /etc/rc.d/rc.ip_forward for perm solution in slackware 11:06 < S1lv3R> ok now its on 1 perma 11:06 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has quit [Quit: Leaving.] 11:08 < krzee> did you config NAT yet? 11:08 < S1lv3R> it isnt working again krzee 11:08 < krzee> !linnat 11:08 <@vpnHelper> "linnat" is (#1) for a basic iptables NAT where 10.8.0.x is the vpn network: iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE or (#2) to choose what IP address to NAT as, you can use iptables -t nat -I POSTROUTING -o eth0 -j SNAT --to or (#3) http://netfilter.org/documentation/HOWTO//NAT-HOWTO.html for more info or (#4) openvz see !openvzlinnat 11:10 < S1lv3R> krzee i love ya (o; It was an NAT Problem ^^ 11:12 < krzee> well it was both ;] 11:13 < krzee> ip forwarding and nat 11:19 -!- Kurogane [~Kurogane@190.62.87.115] has joined #openvpn 11:23 < Kurogane> Is possible to have a user system where can have login and restrict banwitdh also speed use for the user? 11:25 < krzee> see --shaper or use your firewall for that 11:32 < Dougy> krzee: 11:32 < Dougy> where you off to? 11:32 < Dougy> vaca wise 11:32 < krzee> usa, maybe some peru and brazil 11:33 -!- BenLue [NoMail@178-83-34-83.dynamic.hispeed.ch] has joined #openvpn 11:33 < vect0rx> where you visitng the US from krzee? 11:33 < krzee> caribbean 11:34 < vect0rx> oh nice. I was in jamaica this last July 11:34 < vect0rx> (from northwest US) 11:34 < krzee> ahh im from cali 11:35 < vect0rx> same.. born and raised. sad I've never lived more than about a 25mi diameter from SJ where I was born :) 11:35 < vect0rx> but the tech work is here. 11:35 < krzee> well depending 11:35 < krzee> plenty of tech work left in the sj area 11:35 < krzee> but ya, plenty up north too 11:35 < pwrcycle> krzee: where are you visiting? 11:35 < krzee> hows the rain treatin ya? ;] 11:36 < krzee> easier to say a place and ask if ill be headed that way 11:36 < pwrcycle> DC? 11:36 < vect0rx> not too wet right now.. strange fog some nights.. odd ca weather. high 30s-low 50s so "cold" for CA 11:36 < krzee> nah, closest to there would be NY or FL 11:36 -!- S1lv3R [NoMail@178-83-34-83.dynamic.hispeed.ch] has quit [Ping timeout: 260 seconds] 11:37 -!- dangergrrl [~ariana@8.22.83.151] has joined #openvpn 11:44 < Kurogane> krzee, --shaper as understand is for speed, good here, but what about bandwidth use? for example give a user only can use 50GB in a month 11:47 < vocis> These days licenses are just as hard to work with as patents 11:47 < vocis> hola, sorry, wrong # 11:49 -!- dangergrrl [~ariana@8.22.83.151] has quit [Ping timeout: 260 seconds] 11:51 <@dazo> Kurogane: traffic shaping and bandwith limiting is not the task of a VPN ... that's the task of a router/gateway ... Compared to the "physical world", OpenVPN is basically virtual network adapters + the cable in between 11:51 -!- hceylan [~hceylan@213.248.153.186] has joined #openvpn 11:51 <@dazo> Kurogane: --shaper is also very poorly implemented, and there are no big efforts into improving that ... as there are better tools for that job 11:52 < Kurogane> dazo, for example? what tools 11:52 <@dazo> tc? 11:53 < Kurogane> tc? 11:54 <@dazo> traffic control, tc, which is available in most Linux distros these days 11:54 < Kurogane> lets me check 11:54 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 11:56 <@dazo> iirc, it's a part of iproute2 12:00 < Kurogane> the tc? 12:05 <@dazo> yeah 12:07 < BenLue> krzee is this normal i have the same ip with my mobile DHD and my Windows Client when im loginto the ovpn Server? 12:08 < krzee> you using the same cert for each...? 12:08 < BenLue> yes 12:08 < krzee> dont 12:09 < BenLue> i need create new cert? 12:09 < krzee> ya, one per client 12:09 < BenLue> okay 12:13 < Kurogane> dazo, i look a bit for tc, i see the limit only can use for a interface, is possible to base in IP, because i going to use for IP (by users) i don user if possible to limit bandwith by IP, If not, what app recomend me to do this? only use x bandwith in a month and reset every month. 12:13 <@dazo> Kurogane: I've never needed to restrict bandwidth, so I dunno these details 12:14 < krzee> firewall can do it 12:14 < krzee> same way you would for members of a lan 12:14 <@dazo> but iirc what I've read about tc ... you use some extra tricks in addition which tags packets based on IP ... then tc picks it up and rate limit the flow 12:15 <@dazo> krzee is right, this tagging happens in the firewall 12:15 < krzee> its not an openvpn issue at all 12:15 < Kurogane> krzee, if not mind, can you share a little example for a firewall? 12:15 < krzee> if you can do it outside openvpn, you can do it in openvpn 12:16 < krzee> nope, ive never needed to, im just letting you know its not openvpn related 12:16 < krzee> so that you can also try in some channels related to the firewall of your choice 12:18 < BenLue> ./build-key ben was working but now ./build-key julia isnt working. Whats wrong? 12:18 < BenLue> root@S3DEBSRV01:/etc/openvpn/easy-rsa/2.0# ./build-key julia 12:18 < BenLue> Please edit the vars script to reflect your configuration, 12:18 < BenLue> was edited 12:19 < Kurogane> krzee, but in the case i set it 10gb can use, and use it in 20 days, what happen? of course not let you download more, its reset in anyway that rule? 12:21 < Kurogane> automatic of course. 12:29 < krzee> Kurogane, as i mentioned, i dont use that stuff, which is why im helping people in #openvpn and not in #iptables ;] 12:30 < krzee> "iptables bandwidth limit lan" looks promising in google 12:31 < krzee> but if i needed what you're asking about, ild be in #iptables or whatever channel was related to the firewall i was using 12:32 -!- cpm [~Chip@pdpc/supporter/active/cpm] has joined #openvpn 12:41 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 12:42 <@vpnHelper> RSS Update - forum: Openvpn-install.exe commandline options 12:42 < takamichi> Does the Linux client care whether the config files are named .conf or .ovpn? 12:42 -!- fridim_ [~fridim@2a01:e35:2ece:f2d0:223:4eff:fe6c:c754] has joined #openvpn 12:43 < krzee> openvpn itself does not, but the OS startup scripts want it named .conf 12:44 < takamichi> krzee: What OS startup scripts? 12:44 < krzee> did you install via the os package manager? 12:44 < takamichi> yes 12:45 < krzee> then it installed scripts to start openvpn on boot 12:45 < krzee> init.d scripts 12:45 < takamichi> I'm just trying to work out whether I need to distribute two sets of config files to our users to cover both Linux and Windows clients. 12:46 < krzee> well you may find that windows clients need extra options too, depend on what you're doing 12:46 < takamichi> krzee: I'm referring to the client config files 12:46 < krzee> im aware of that 12:47 < takamichi> Ok, that makes sense, yes the Windows machines to need additional options. Silly me, Thanks Krzee. 12:47 < BenLue> whats the name from Ovpn Webinterface for Debian? 12:48 < krzee> there isnt one, at least no official one 12:50 < BenLue> is the name OpenVPN Access Server? 12:50 < krzee> oh ok 12:50 < krzee> !AS 12:50 <@vpnHelper> "AS" is please go to #OpenVPN-AS for help with Access-Server 12:50 < krzee> thats commercial 12:50 < BenLue> okies 12:50 < BenLue> nonefreesoftware? 12:51 < krzee> nah AS is commercial 12:51 < krzee> by the corp that makes openvpn 12:52 < krzee> i've heard very good things about it 12:56 -!- shteyngart [thumper@i.dont.get.mad.i.get.stabby.net] has quit [Quit: leaving] 12:57 -!- gremly [~gremly@200.106.218.64] has joined #openvpn 12:59 -!- fridim_ [~fridim@2a01:e35:2ece:f2d0:223:4eff:fe6c:c754] has quit [Ping timeout: 240 seconds] 13:01 -!- Axeman2 [~Axeman3@openvpn/user/axeman] has quit [Quit: Sorry Gotta Run!] 13:02 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has quit [Remote host closed the connection] 13:03 -!- Gravitron [~admin@cpe-76-92-159-145.kc.res.rr.com] has joined #openvpn 13:03 -!- Gravitron [~admin@cpe-76-92-159-145.kc.res.rr.com] has quit [Changing host] 13:03 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 13:07 < BenLue> question: what the correct path when i saved all files from my Mobile Device in openvpn/Julia 13:07 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Client Quit] 13:08 < BenLue> ca Julia/ca.crt isnt working 13:08 -!- Gravitron [~admin@76.92.159.145] has joined #openvpn 13:08 -!- Gravitron [~admin@76.92.159.145] has quit [Changing host] 13:08 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 13:08 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Client Quit] 13:13 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 13:14 -!- dazo is now known as dazo_afk 13:17 -!- Secret [~Secret@78.157.114.78] has quit [Read error: Operation timed out] 13:18 -!- Secret [~Secret@78.157.114.78] has joined #openvpn 13:20 -!- warik [~warik@173-164-255-200-SFBA.hfc.comcastbusiness.net] has joined #openvpn 13:23 < warik> hi! quick question, how can I check how many client are currently connected to the server ? thanks! 13:27 -!- astrostl_ [~astrostl@68-188-73-250.static.stls.mo.charter.com] has quit [] 13:30 -!- beerbro is now known as Yarph-ar-ti 13:40 <@vpnHelper> RSS Update - forum: [Help] Problem To Connect to the Server 13:45 -!- hceylan [~hceylan@213.248.153.186] has quit [Remote host closed the connection] 13:46 < hyper_ch> warik: ping the server on the vpn ip 13:52 < BenLue> OKay other way 13:53 < BenLue> I have create for few minutes new Client.crt 13:54 -!- pierreghz [~pierreghz@cust-141-74-111-94.dyn.as47377.net] has joined #openvpn 13:54 < BenLue> I need 1 for Client2. I need only ./build-key Client2 ? 13:54 < BenLue> ore i must ./build-dh again? 13:55 -!- hceylan [~hceylan@213.248.153.186] has joined #openvpn 13:56 < krzee> do you know what build-dh does? 13:56 -!- hceylan [~hceylan@213.248.153.186] has quit [Client Quit] 13:56 < krzee> warik, could use a status file, or the management interface 13:57 < BenLue> i need Diffie Hellman Parameter only for Ovpn Server! 13:59 < rawplayer> ok! 14:00 -!- `Ile` [~kvirc@93-87-242-236.dynamic.isp.telekom.rs] has joined #openvpn 14:01 -!- `Ile` [~kvirc@93-87-242-236.dynamic.isp.telekom.rs] has quit [Client Quit] 14:02 -!- krantz [~gustav.kr@h-176-10-236-148.na.cust.bahnhof.se] has quit [] 14:42 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has quit [Read error: Operation timed out] 14:44 -!- Reihar_ [c1324ff9@gateway/web/freenode/ip.193.50.79.249] has joined #openvpn 14:44 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has joined #openvpn 14:45 < Reihar_> Hi 14:50 -!- cpm [~Chip@pdpc/supporter/active/cpm] has quit [Ping timeout: 244 seconds] 14:51 -!- Reihar_ [c1324ff9@gateway/web/freenode/ip.193.50.79.249] has quit [Ping timeout: 258 seconds] 14:51 < krzee> BenLue, correct =] 14:54 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has joined #openvpn 15:00 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has quit [Ping timeout: 248 seconds] 15:02 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has joined #openvpn 15:03 -!- Reihar_ [c1324ff9@gateway/web/freenode/ip.193.50.79.249] has joined #openvpn 15:03 < Reihar_> Hi 15:03 < Reihar_> I've got a problem with openvpn 15:03 < Reihar_> I'm using it over an http proxy 15:04 < Reihar_> and until today it was working fine 15:04 < Reihar_> but suddenly it stopped working 15:04 < Reihar_> and says that it can authentificate to the proxy 15:05 < Reihar_> HTTP proxy returned: 'HTTP/1.0 407 Proxy Authentication Required' 15:05 < Reihar_> I haven't changed anything in my config 15:05 < Reihar_> and I still can connect to the proxy 15:05 < Reihar_> using my web browser 15:07 -!- patelx [~chirayu@openvpn/corp/admin/patel] has joined #openvpn 15:07 -!- mode/#openvpn [+o patelx] by ChanServ 15:09 -!- aegidos [~admin@p54B5A46C.dip.t-dialin.net] has joined #openvpn 15:10 < Reihar_> Here is my config : http://pastie.org/3133724 15:19 < Reihar_> May anyone help me please ? 15:22 -!- babble [~coyote@unaffiliated/coyote] has joined #openvpn 15:23 -!- mattock [~samuli@openvpn/corp/admin/mattock] has quit [Read error: No route to host] 15:25 -!- mattock [~samuli@openvpn/corp/admin/mattock] has joined #openvpn 15:25 -!- mode/#openvpn [+o mattock] by ChanServ 15:25 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has quit [Remote host closed the connection] 15:27 -!- fridim_ [~fridim@2a01:e35:2ece:f2d0:223:4eff:fe6c:c754] has joined #openvpn 15:28 < krzie> Reihar_, and when you use the browser, do you need to auth? 15:28 < Reihar_> yes 15:28 < Reihar_> I type my username and my password 15:29 < Reihar_> and it works 15:29 -!- aegidos [~admin@p54B5A46C.dip.t-dialin.net] has left #openvpn [] 15:31 < Reihar_> krzie: I'm using freenode webchat on my browser on that connection. 15:39 -!- mattock [~samuli@openvpn/corp/admin/mattock] has quit [Remote host closed the connection] 15:40 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has joined #openvpn 15:41 -!- Kurogane [~Kurogane@190.62.87.115] has quit [Quit: Saliendo] 15:48 -!- dollabill [~mike@199.44.8.98] has quit [Ping timeout: 252 seconds] 15:56 < BenLue> krzee were can i see who is connected on my ovpn server?` 15:56 < BenLue> /etc/init.d/openvpn status isnt working 16:00 -!- APTX [APTX@unaffiliated/aptx] has quit [Read error: Connection reset by peer] 16:00 -!- APTX [APTX@unaffiliated/aptx] has joined #openvpn 16:01 -!- fries [~fries@pD9FBF821.dip.t-dialin.net] has joined #openvpn 16:01 < fries> Hi there, is anyone here running openvpn on android? 16:02 -!- patelx [~chirayu@openvpn/corp/admin/patel] has quit [Quit: patelx] 16:04 -!- fries [~fries@pD9FBF821.dip.t-dialin.net] has quit [Client Quit] 16:04 -!- fries [~fries@pD9FBF821.dip.t-dialin.net] has joined #openvpn 16:06 -!- fries [~fries@pD9FBF821.dip.t-dialin.net] has left #openvpn [] 16:08 -!- fries [~fries@pD9FBF821.dip.t-dialin.net] has joined #openvpn 16:10 < krzie> Reihar_, give openvpn the auth info 16:11 < Reihar_> krzie: how ? 16:11 < krzie> by looking at the manual 16:11 < krzie> !man 16:11 <@vpnHelper> "man" is (#1) http://openvpn.net/man for 2.0 manual or (#2) http://openvpn.net/man-beta.html for 2.1 manual or (#3) http://openvpn.net/index.php/open-source/documentation/manuals/427-openvpn-22.html for 2.2 manual or (#4) the man pages are your friend! 16:12 -!- scampbell [~scampbell@c-98-224-240-62.hsd1.mi.comcast.net] has quit [Quit: Ex-Chat] 16:12 < fries> Hi, is anyone here running openvpn on android? 16:13 < krzie> ask a more specific question 16:14 < fries> I'm the guy who ported it to android quite a while ago. I'd like to do an update and need some testers. 16:14 < krzie> badass, i thought i recognized that handle 16:14 < krzie> i use it on android daily 16:14 < krzie> although not with a gui 16:15 < fries> nice! 16:16 < fries> well I didn't have very mich time during the last year, but it seems openvpn on android is used widely. But there are still some issuesm especially when installing open vpn. 16:16 < krzie> ild love to see a config file import option 16:17 < fries> In OpenVPN Settings? 16:17 < krzie> oh wait nm that was cm7 16:17 < krzie> my bad 16:17 -!- zeshoem [~zee@bas1-toronto46-1177856379.dsl.bell.ca] has joined #openvpn 16:18 -!- zeshooem [~zee@bas1-toronto46-1177856379.dsl.bell.ca] has quit [Read error: Connection reset by peer] 16:18 < fries> thing is, when I built openvpn there was an issue with androids native ifconfig. That is the reason busybox is required. 16:18 -!- mode/#openvpn [+v fries] by ChanServ 16:18 < BenLue> fries yes 16:19 < BenLue> u need rooted your Devices 16:19 < BenLue> ^^ 16:19 < krzie> BenLue, he made the android app ;] 16:19 < BenLue> ahh okay ^^ 16:20 < BenLue> krzee were can i see who is connectet on my Server? I cant find the cmd in man 16:20 <+fries> I'd like to build a version working with the native ifconfig tool if possible but would need some testers to see if it really works with various configs. 16:20 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 16:20 < BenLue> great 16:20 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 16:20 < krzie> BenLue, like i said before, status file or management interface, both are in the manual ;] 16:21 < krzie> !management 16:21 <@vpnHelper> "management" is (#1) see http://openvpn.net/management for doc on management interface or (#2) read http://svn.openvpn.net/projects/openvpn/obsolete/BETA21-preauto/openvpn/management/management-notes.txt if you are a programmer making a GUI that will interact with OpenVPN 16:21 < krzie> and --status / --management in the manual 16:21 < krzie> fries, see priv msg 16:21 < krzie> fries, and ild be happy to test cm7 for ya 16:22 < krzie> although cm7 has its own ovpn interface, it is quite inferior to ovpn settings imho 16:22 < krzie> oh... but cm7 has busybox too 16:22 -!- lusis [u2537@gateway/web/irccloud.com/x-opglpxhhlkmspano] has quit [Remote host closed the connection] 16:23 <+fries> krzi didn't get one 16:26 <+fries> on cyanogen it's not really an issue, because the working binary is preinstalled. The issue is with the rooted devices running stock. 16:27 -!- lusis [u2537@gateway/web/irccloud.com/x-wsgjjcibaoagypvc] has joined #openvpn 16:27 <@vpnHelper> RSS Update - forum: Site to Site problems. 16:28 -!- cjs226 [~cjs226@rrcs-71-40-79-154.sw.biz.rr.com] has quit [] 16:28 <+fries> I have no idea what problems might occur with a new binary and there is basically no communication channel between the user und me. 16:29 <+fries> krzie when I have built a new binary i would advertise it here. So you and others could test it. Would thet be OK? 16:29 < BenLue> krzee i see 10.8.0.6,chris,extip:62418,Thu Jan 5 23:23:05 2012 16:30 < BenLue> when i try to going the shares i see only my own Shares 0.O 16:30 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has joined #openvpn 16:30 < BenLue> i understud the world *lol* 16:32 < krzie> fries, certainly, ill add it to my bot 16:32 < krzie> !android 16:32 <@vpnHelper> "android" is (#1) CyanogenMod includes an integrated OpenVPN client. You will need a !p12 to load your certificates. or (#2) If you can't get CM, get root/busybox/tun and grab android-openvpn-installer + openvpn-settings from Market 16:32 -!- pierreghz [~pierreghz@cust-141-74-111-94.dyn.as47377.net] has quit [Quit: Quitte] 16:33 <+fries> krzie thank you 16:36 -!- luckman212_ [~irc@pool-108-41-8-176.nycmny.fios.verizon.net] has joined #openvpn 16:39 -!- luckman212 [~irc@pool-108-41-8-176.nycmny.fios.verizon.net] has quit [Ping timeout: 240 seconds] 16:46 <+fries> bye 16:46 -!- fries [~fries@pD9FBF821.dip.t-dialin.net] has left #openvpn [] 16:47 < BenLue> hmmmm porblem is i cant ping Home Client1 to VPN Client 16:47 < BenLue> *problem can 16:48 < BenLue> When i try from Home Client2 to VPN Client ping isnt working 16:54 -!- evilhackerdude [u1451@gateway/web/irccloud.com/x-mtnanhmunfyuvqza] has quit [Read error: Connection reset by peer] 16:54 -!- lusis [u2537@gateway/web/irccloud.com/x-wsgjjcibaoagypvc] has quit [Read error: Connection reset by peer] 16:57 < BenLue> krzee ca.crt is by all user the same file? 17:03 -!- Reihar_ [c1324ff9@gateway/web/freenode/ip.193.50.79.249] has quit [Ping timeout: 258 seconds] 17:05 -!- APTX [APTX@unaffiliated/aptx] has quit [Read error: Connection reset by peer] 17:06 -!- APTX [APTX@unaffiliated/aptx] has joined #openvpn 17:10 -!- fridim_ [~fridim@2a01:e35:2ece:f2d0:223:4eff:fe6c:c754] has quit [Ping timeout: 240 seconds] 17:14 < krzie> BenLue, 17:14 < krzie> !pki 17:14 <@vpnHelper> "pki" is (#1) http://openvpn.net/index.php/open-source/documentation/howto.html#pki for how to make your PKI stuff (ca, and certs) or (#2) Heres a basic rundown of how it works... The server, client, and ca certs are all signed by the same ca.key. The server and client use the ca.crt to check that eachother were signed by the right ca.key. Optionally, the client also checks that the server cert was signed 17:14 <@vpnHelper> specially as a server (see !servercert) 17:15 -!- cpm [~Chip@pdpc/supporter/active/cpm] has joined #openvpn 17:25 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 17:27 -!- SviMik [~pIRCuser8@131.250.35.213.dyn.estpak.ee] has joined #openvpn 17:29 -!- Denial [Denial@drgi.co.uk] has quit [] 17:32 -!- luckman212_ [~irc@pool-108-41-8-176.nycmny.fios.verizon.net] has quit [Remote host closed the connection] 17:39 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has quit [Remote host closed the connection] 17:39 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has joined #openvpn 17:45 -!- cjs226 [~cjs226@99-61-65-242.lightspeed.austtx.sbcglobal.net] has joined #openvpn 17:49 -!- SviMik [~pIRCuser8@131.250.35.213.dyn.estpak.ee] has quit [Quit: pIRC v2.2 < Personal IRC Team > http://ircworld.ru and http://xirc.ru/] 17:54 < warik> how you do revoke only one key ? 17:56 -!- evilhackerdude [u1451@gateway/web/irccloud.com/x-xtgjlwlpoeavafvy] has joined #openvpn 17:56 -!- modsiw [~modsiw@c-69-254-97-12.hsd1.tn.comcast.net] has quit [Quit: Leaving] 18:05 -!- cpm [~Chip@pdpc/supporter/active/cpm] has quit [Ping timeout: 244 seconds] 18:15 -!- [1]netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has joined #openvpn 18:15 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has quit [Read error: Connection reset by peer] 18:15 -!- [1]netskay is now known as netskay 18:15 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 18:16 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 18:21 -!- [1]netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has joined #openvpn 18:23 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has quit [Ping timeout: 240 seconds] 18:23 -!- [1]netskay is now known as netskay 18:29 -!- [1]netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has joined #openvpn 18:30 < [1]netskay> hey guys 18:30 < [1]netskay> does anyone have a few minutes to spare and help me trouble shoot this server configuration 18:30 < [1]netskay> im tying to accomplish 18:31 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Quit: UnterPerro] 18:32 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has quit [Ping timeout: 240 seconds] 18:32 -!- [1]netskay is now known as netskay 18:33 < netskay> does comcast by any chance block/filter incoming VPN server traffic? 18:34 <+EugeneKay> !crl 18:34 <@vpnHelper> "crl" is (#1) --crl-verify A CRL (certificate revocation list) is used when a particular key is compromised but when the overall PKI is still intact. The only time when it would be necessary to rebuild the entire PKI from scratch would be if the root certificate key itself was compromised. or (#2) you can make use of CRL by using the revoke-full script in easy-rsa (packaged with openvpn) that 18:34 <@vpnHelper> will create the CRL file for you. ssl-admin will also build a crl for you 18:34 <+EugeneKay> warik ^ 18:34 < netskay> i can connect just fine from within the LAN, i can also SSH to my server from my public IP, so not a routing issue; however, when i try and VPN through the public IP 18:34 < netskay> not happening 18:34 < netskay> connection refused error 18:34 <+EugeneKay> netskay - not heard any reports of such activity, but they're not called Cuntcast for nothing. 18:35 < netskay> ive made the post on here 18:35 < netskay> http://ubuntuforums.org/showthread.php?p=11587130#post11587130 18:35 <@vpnHelper> Title: [ubuntu] iptables routing - host inaccessible publicly - Ubuntu Forums (at ubuntuforums.org) 18:35 < netskay> with detailed info 18:35 < netskay> i even posted a question on serverfault.com 18:36 < netskay> for troubleshooting purposes, just now i placed the VPN server host behind one NAT router which has a public IP 18:36 < netskay> and placed the host server in the DMZ of the router 18:36 < netskay> tried switching ports 18:36 <+EugeneKay> "try and VPN through the public IP" 18:36 < netskay> iptables is disabled; and on the post ive made on the forums from yesterday, i have allowed ALL incoming/outgoing connections to the host 18:36 <+EugeneKay> Could you please rephrase your issue in the fort of a sentence? 18:36 <+EugeneKay> form* 18:37 < netskay> yea 18:37 < netskay> ok ill just tell u what i did just now 18:37 < netskay> disabled the iptables completely 18:37 < netskay> have openvpn running in TCP mode on port 5000 18:38 < netskay> and i have placed the VPN server behind a router which has a public ip address given to my comcast 18:38 < netskay> a simple linksys router 18:38 < netskay> with me so far? 18:38 < netskay> to me by* 18:38 <+EugeneKay> You're trying to run a VPN server from behind your home NAT router. 18:38 < netskay> yes 18:38 <+EugeneKay> Ok. So, where's the issue?\ 18:38 < netskay> the vpn server is in the DMZ of the router 18:38 < netskay> i dont know 18:38 < netskay> lol 18:39 < netskay> when im on the LAN, i can connect 18:39 < netskay> to the server 18:39 < netskay> perfectly fine 18:39 <+EugeneKay> "The enter key is not a punctuation mark." 18:39 < netskay> BUT 18:39 < netskay> when i try and connect via the public ip, i get an error connection refused 18:40 < netskay> even though the host is in the DMZ of the router, and ubuntu does NOT have iptables enabled 18:40 < netskay> i can ssh from from the public ip just fine though :/ 18:40 < netskay> i can ssh into the host when i use the public ip though 18:41 <+EugeneKay> I think you mean "ssh to the public IP" 18:41 < netskay> yes 18:41 <+EugeneKay> I presume that you have the ports for SSH and openvpn forwarded to the correct LAN host 18:41 < netskay> yes 18:42 <+EugeneKay> Verify that openvpn is actually running & listening. netstat -lptu 18:43 < warik> EugeneKay: thank you! 18:44 < netskay> tcp *:5000 state: listen 18:44 < netskay> so yes 18:44 < netskay> there is also 18:44 < netskay> udp *:openvpn 18:44 < netskay> state: NULL 18:45 <+EugeneKay> Are you running two openvpn instances? o.O 18:45 -!- gremly [~gremly@200.106.218.64] has quit [Quit: WeeChat 0.3.6] 18:46 < netskay> yes, on 2 different ports 18:46 < netskay> 5000 and 1194 18:46 < netskay> could they be conflicting? 18:47 <+EugeneKay> If you're using the same --server config for both, that would cause routing problems. But you're not even getting that far in the connection process 18:47 < netskay> im using completely different set of configuration files 18:48 <+EugeneKay> TBQH, it sounds like something with your router's firewall. 18:48 <+EugeneKay> Spank that into working right. 18:48 < netskay> on diff ports, one pushing redirect-gateway on one subnet (192.168.4.0), the other just places the client on a lan under a separate subnet (192.168.3.0) 18:49 < netskay> hmm, i allowed VPN passthrough, i have placed the host in the DMZ as well as have ports forwarded 18:49 < netskay> so yea, i think it is the router 18:49 < netskay> on the ISP 18:49 < netskay> or* 18:56 -!- simplechat [~simplecha@123-243-79-139.static.tpgi.com.au] has joined #openvpn 18:56 -!- simplechat [~simplecha@123-243-79-139.static.tpgi.com.au] has quit [Changing host] 18:56 -!- simplechat [~simplecha@unaffiliated/simplechat] has joined #openvpn 19:00 < warik> EugeneKay: is there a way to change the bandwidth ? 19:06 -!- _julian_ [~quassel@hmbg-5f761fad.pool.mediaWays.net] has quit [Read error: Operation timed out] 19:06 -!- _julian [~quassel@hmbg-5f77cf29.pool.mediaWays.net] has joined #openvpn 19:13 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 19:15 -!- UnterPerro_ [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 19:15 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Read error: Connection reset by peer] 19:15 -!- UnterPerro_ is now known as UnterPerro 19:15 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Client Quit] 19:39 -!- rkantos [~robin2@109.169.55.199] has quit [Read error: Operation timed out] 19:48 -!- cjs226 [~cjs226@99-61-65-242.lightspeed.austtx.sbcglobal.net] has quit [] 19:49 -!- babble [~coyote@unaffiliated/coyote] has quit [Quit: Leaving] 20:02 -!- warik_ [~warik@173-164-255-200-SFBA.hfc.comcastbusiness.net] has joined #openvpn 20:04 -!- warik [~warik@173-164-255-200-SFBA.hfc.comcastbusiness.net] has quit [Ping timeout: 255 seconds] 20:04 -!- warik_ is now known as warik 20:08 -!- rkantos [~robin2@109.169.55.199] has joined #openvpn 20:15 -!- BenLue [NoMail@178-83-34-83.dynamic.hispeed.ch] has quit [] 20:16 -!- rkantos [~robin2@109.169.55.199] has quit [Ping timeout: 248 seconds] 20:49 -!- warik [~warik@173-164-255-200-SFBA.hfc.comcastbusiness.net] has quit [Quit: warik] 20:58 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has joined #openvpn 21:13 <@vpnHelper> RSS Update - forum: Site to Site problems. 21:19 <@vpnHelper> RSS Update - forum: Problem connecting Windows 7 to OpenVPN 22:17 < netskay> . 22:20 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 22:20 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 22:23 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Read error: Connection reset by peer] 22:30 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 22:42 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 22:55 -!- aegidos_ [~admin@p54B5A292.dip.t-dialin.net] has joined #openvpn 23:03 -!- scampbell [~scampbell@mail.scampbell.net] has joined #openvpn 23:04 -!- scampbell [~scampbell@mail.scampbell.net] has quit [Remote host closed the connection] 23:17 -!- cyberspace- [20253@ninthfloor.org] has quit [Remote host closed the connection] 23:22 -!- lusis [u2537@gateway/web/irccloud.com/x-hsjmbwotaseamiwo] has joined #openvpn 23:23 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has quit [] 23:27 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has quit [Quit: ZNC, Courtesy of OpenWRT] 23:43 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn 23:45 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has quit [Client Quit] 23:47 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn 23:59 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has quit [Ping timeout: 240 seconds] --- Day changed Fri Jan 06 2012 00:35 -!- Zimsky [~Zimsky@rozznet.net] has quit [Ping timeout: 240 seconds] 00:36 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 00:56 -!- Mp5- [~Mp5@99-59-223-143.lightspeed.jcvlfl.sbcglobal.net] has quit [Remote host closed the connection] 01:03 -!- Mp5- [~Mp5@99-59-223-143.lightspeed.jcvlfl.sbcglobal.net] has joined #openvpn 01:07 -!- RichardBronosky_ [~RichardBr@slice1.bronosky.com] has quit [Ping timeout: 240 seconds] 01:07 -!- MrWGW [MrWGW@74.124.192.8] has quit [Ping timeout: 240 seconds] 01:08 -!- MrWGW [MrWGW@74.124.192.8] has joined #openvpn 01:12 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 01:37 -!- hilarie_ [~hilarie@iptv-dhcp-198-157.kpunet.net] has joined #openvpn 01:37 < hilarie_> hello... W: GPG error: http://repos.openvpn.net lucid InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8E6DA8B4E158C569 I can't get that to go away 01:38 < hilarie_> http://paste.ubuntu.com/794615/ 01:38 < hilarie_> I even got it to say it added 01:42 -!- hilarie_ is now known as hilarie 02:00 -!- resha [7a022e4c@gateway/web/freenode/ip.122.2.46.76] has joined #openvpn 02:00 < resha> is it possible not to indicate on the server and client config tcp or udp? 02:00 < resha> is it possible not to indicate on the server and client config tcp or udp protocol? 02:06 -!- resha [7a022e4c@gateway/web/freenode/ip.122.2.46.76] has quit [Quit: Page closed] 02:09 -!- hilarie [~hilarie@iptv-dhcp-198-157.kpunet.net] has quit [Ping timeout: 240 seconds] 02:30 <@vpnHelper> RSS Update - forum: Radius cliients? 02:41 -!- Denial [Denial@drgi.co.uk] has joined #openvpn 02:49 -!- hilarie [~hilarie@iptv-dhcp-198-157.kpunet.net] has joined #openvpn 02:59 -!- hilarie [~hilarie@iptv-dhcp-198-157.kpunet.net] has quit [Ping timeout: 240 seconds] 03:16 -!- caemir [~caemir@78.129.43.30] has joined #openvpn 03:16 -!- caemir [~caemir@78.129.43.30] has quit [Changing host] 03:16 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 03:30 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has joined #openvpn 03:31 -!- hilarie [~hilarie@iptv-dhcp-198-157.kpunet.net] has joined #openvpn 03:34 -!- Rene [~Adium@cs181081047.pp.htv.fi] has joined #openvpn 03:34 < Rene> Good morning all! :-) 03:40 < Rene> could someone point me into the right direction in finding some guides or even an howto on how to connect multiple servers into one network-segment (eg. 192.168.6.0), and then be able to connect with a client to the main openvpn-server, and be able to browse eg. smb-shares. I have now set up with client-to-client setting, but my concern is that i don't want to let clients to see each other. They should only see the servers... 03:45 -!- noisebleed [~quassel@kermit.inescn.pt] has joined #openvpn 03:45 -!- noisebleed [~quassel@kermit.inescn.pt] has quit [Changing host] 03:45 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has joined #openvpn 03:45 <@vpnHelper> RSS Update - forum: Free providers? 03:45 -!- hilarie [~hilarie@iptv-dhcp-198-157.kpunet.net] has quit [Ping timeout: 240 seconds] 03:47 -!- hilarie [~hilarie@iptv-dhcp-198-157.kpunet.net] has joined #openvpn 03:55 -!- hilarie [~hilarie@iptv-dhcp-198-157.kpunet.net] has quit [Ping timeout: 240 seconds] 04:01 -!- hilarie [~hilarie@iptv-dhcp-198-157.kpunet.net] has joined #openvpn 04:07 -!- dazo_afk is now known as dazo 04:07 -!- Yarph-ar-ti is now known as beerbro 04:14 < hilarie> anyone on that can tell me what I did wrong with easy-rsa? http://paste.ubuntu.com/794703/ 04:19 < hilarie> stupid tarballs, got it, nvm 04:21 -!- master_of_master [~master_of@p57B554F9.dip.t-dialin.net] has quit [Ping timeout: 240 seconds] 04:23 -!- master_of_master [~master_of@p57B54F91.dip.t-dialin.net] has joined #openvpn 04:24 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 04:35 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 04:38 -!- gladiatr [~sdspence@openvpn/community/support/gladiatr] has joined #openvpn 04:49 -!- hilarie [~hilarie@iptv-dhcp-198-157.kpunet.net] has quit [Ping timeout: 252 seconds] 04:51 < gladiatr> !iroute 04:51 <@vpnHelper> "iroute" is does not bypass or alter the kernel's routing table, it allows openvpn to know it should handle the routing when the kernel points to it but the network is not one that openvpn knows about. This is only needed when connecting a LAN which is behind a client, and therefor belongs in a ccd entry. Also see !route and !ccd 04:51 < gladiatr> !route 04:51 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT or (#3) See !tcpip for more info about a more basic networking guide 04:56 -!- hilarie [~hilarie@206.223.198.157] has joined #openvpn 05:05 -!- hilarie [~hilarie@206.223.198.157] has quit [Ping timeout: 240 seconds] 05:12 <@dazo> Rene: have you looked at !howto and !man? For a quick fast path, look for --server and --topology 05:15 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 05:17 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 05:28 < gladiatr> !openbsd 06:00 <@dazo> hahaha! http://www.youtube.com/watch?v=ySdaJbgO5gc 06:00 <@vpnHelper> Title: Gwapos Professional DDOS Service - YouTube (at www.youtube.com) 06:04 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Read error: Operation timed out] 06:05 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 06:07 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 255 seconds] 06:07 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 06:08 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has quit [Ping timeout: 252 seconds] 06:31 -!- hilarie [~hilarie@iptv-static-219-135.kpunet.net] has joined #openvpn 06:40 < Rene> dazo: thanks, i'll check at topology and server 06:42 < Rene> dazo: i remember that i read many years ago a howto with iptables and stuff for limiting uses from seing each other, but that they could see all servers with one vpn-connection.. now i run 3 different vpn-connections to reach every server.. 06:42 < Rene> it's a bit too much trouble :-) 06:43 <@dazo> Rene: yeah, that's basic iptables ... restrict your VPN clients based on IP address .... nothing else 06:44 <@dazo> performance wise, esp. if each of these tunnels have a lot of traffic, having separate daemons might provide better throughput ... esp. if you have a multi-core box and a scheduler which places each of these openvpn processes on each CPU core (or you use taskset) .... but it's a higher maintenance burden to such setups 06:57 < Rene> dazo: the servers are basically on the same server as virtual servers 06:57 < Rene> also they are in the same network.. 06:58 < Rene> it's mainly for maintaining config-files, source-files etc, so the tarffic is pretty limited 06:58 < Rene> do you know any "howto" for how to tweak iptables to work with the tap0-devices? 07:01 <@dazo> Rene: -i tap0 or -o tap0 ? 07:01 * dazo probably don't understand the question 07:01 < Rene> lol 07:01 < Rene> just pulling some hair :-) 07:02 < Rene> all servers run on tap0 07:02 < Rene> so i guess that both.. 07:03 -!- hilarie [~hilarie@iptv-static-219-135.kpunet.net] has quit [Quit: Leaving] 07:05 -!- gladiatr [~sdspence@openvpn/community/support/gladiatr] has quit [Quit: Leaving] 07:13 <@dazo> Rene: this is basic iptables stuff, so this isn't the proper channel for it ... but in general to avoid client-to-client traffic with iptables ... you need to block that in the FORWARD chain 07:13 <@dazo> and FORWARD is the only chain which takes both -i and -o into consideration of rules .... INPUT chain have only -i available, and OUTPUT only -o 07:15 < Rene> dazo: ah, yes, you are right. did not think about that :-) Thanks! 07:23 <@vpnHelper> RSS Update - forum: Http Proxy .. How to? 07:38 -!- luckman212 [~irc@pool-108-41-8-176.nycmny.fios.verizon.net] has joined #openvpn 07:40 -!- pierreghz [~pierreghz@cust-204-40-111-94.dyn.as47377.net] has joined #openvpn 07:43 -!- dollabill [~mike@199.44.8.98] has joined #openvpn 07:55 -!- bauruine [~stefan@39-232.197-178.cust.bluewin.ch] has joined #openvpn 08:10 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 252 seconds] 08:11 -!- takamichi [~pri@c254.adsl.inet-telecom.org] has joined #openvpn 08:19 -!- bauruine [~stefan@39-232.197-178.cust.bluewin.ch] has quit [Ping timeout: 252 seconds] 08:23 -!- aegidos_ [~admin@p54B5A292.dip.t-dialin.net] has quit [Quit: aegidos_] 08:27 -!- aegidos [~admin@p54B5A292.dip.t-dialin.net] has joined #openvpn 08:39 -!- dazo is now known as dazo_afk 08:40 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has joined #openvpn 08:43 -!- Rene [~Adium@cs181081047.pp.htv.fi] has quit [Quit: Leaving.] 08:46 -!- dazo_afk is now known as dazo 09:14 -!- Rene [~Adium@cs181081047.pp.htv.fi] has joined #openvpn 09:23 <@vpnHelper> RSS Update - forum: WIN XP SP3 -Connected but cannot ping, but WIN 7 works fine. 09:26 -!- gremly [~gremly@200.106.218.64] has joined #openvpn 09:30 -!- RichardBronosky [~RichardBr@slice1.bronosky.com] has joined #openvpn 09:34 -!- MarKsaitis_ [~MarKsaiti@195.59.185.18] has joined #openvpn 09:34 -!- takamichi [~pri@c254.adsl.inet-telecom.org] has quit [Ping timeout: 240 seconds] 09:34 -!- MarKsaitis_ [~MarKsaiti@195.59.185.18] has quit [Read error: Connection reset by peer] 09:35 -!- MarKsaitis_ [~MarKsaiti@195.59.185.18] has joined #openvpn 09:35 -!- takamichi [~pri@217.23.4.104] has joined #openvpn 09:37 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has quit [Ping timeout: 244 seconds] 09:41 -!- MarKsaitis_ [~MarKsaiti@195.59.185.18] has quit [Quit: Leaving] 09:41 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has joined #openvpn 09:41 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has quit [Read error: Connection reset by peer] 09:41 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has joined #openvpn 09:42 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has quit [Read error: Connection reset by peer] 09:42 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has joined #openvpn 09:43 -!- aegidos [~admin@p54B5A292.dip.t-dialin.net] has quit [Quit: aegidos] 09:43 -!- aegidos [~admin@p54B5A292.dip.t-dialin.net] has joined #openvpn 09:43 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has quit [Read error: Connection reset by peer] 09:45 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has joined #openvpn 09:45 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has quit [Read error: Connection reset by peer] 09:48 -!- aegidos [~admin@p54B5A292.dip.t-dialin.net] has quit [Client Quit] 09:54 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has joined #openvpn 09:55 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has quit [Read error: Connection reset by peer] 09:55 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has joined #openvpn 09:55 < jeev> hmm 09:55 < jeev> my redirect-gateway isn't working on the andrizoid 10:04 -!- aegidos [~admin@p54B5A292.dip.t-dialin.net] has joined #openvpn 10:05 -!- aegidos [~admin@p54B5A292.dip.t-dialin.net] has quit [Client Quit] 10:06 -!- aegidos [~admin@p54B5A292.dip.t-dialin.net] has joined #openvpn 10:17 -!- defsdoor [~andy@cpc17-sutt4-2-0-cust175.perr.cable.virginmedia.com] has joined #openvpn 10:22 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has quit [Quit: Leaving] 10:24 -!- lusis [u2537@gateway/web/irccloud.com/x-hsjmbwotaseamiwo] has quit [Remote host closed the connection] 10:24 -!- evilhackerdude [u1451@gateway/web/irccloud.com/x-xtgjlwlpoeavafvy] has quit [Write error: Broken pipe] 10:26 -!- takamichi [~pri@217.23.4.104] has quit [Ping timeout: 240 seconds] 10:26 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 10:27 -!- lusis [u2537@gateway/web/irccloud.com/x-haiphigdimzvbise] has joined #openvpn 10:31 -!- evilhackerdude [u1451@gateway/web/irccloud.com/x-zuzroifaycuiqqus] has joined #openvpn 10:34 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 10:38 -!- axelm7 [~axelm10@186.135.11.123] has joined #openvpn 10:39 < axelm7> hi guys. anybody here running openvpn on a dd-wrt or openwrt router? 10:42 -!- simplechat [~simplecha@unaffiliated/simplechat] has quit [Remote host closed the connection] 10:43 < axelm7> I would like to know what cipher I should use to get 1 mbps performance without using all my CPU on an Asus RTN16 (480mhz broadcom cpu) 10:44 -!- aegidos [~admin@p54B5A292.dip.t-dialin.net] has quit [Quit: aegidos] 11:11 <@dazo> axelm7: use blowfish 11:12 <@dazo> blowfish has the lowest CPU consumption, and somehow perform the same on almost every single CPU available 11:12 < axelm7> I am using blowfish too 11:14 <@dazo> axelm7: for performance stuff ... have a look here: https://community.openvpn.net/openvpn/wiki/Gigabit_Networks_Linux ... even though it covers 1gbit scenarios, the principles are the same for 1mbit ... even though you won't benefit that much with such high mtu values 11:14 <@vpnHelper> Title: Gigabit_Networks_Linux – OpenVPN Community (at community.openvpn.net) 11:26 -!- APTX [APTX@unaffiliated/aptx] has quit [Ping timeout: 240 seconds] 11:29 -!- APTX [APTX@unaffiliated/aptx] has joined #openvpn 11:32 -!- dazo is now known as dazo_afk 11:41 -!- gremly [~gremly@200.106.218.64] has quit [Quit: WeeChat 0.3.6] 11:51 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has quit [Remote host closed the connection] 11:56 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has quit [Quit: ErichG] 12:00 -!- Kendall [~gjones@ip-216-36-110-194.dsl.lax.megapath.net] has joined #openvpn 12:03 < Kendall> I'm trying to install OpenVPN 2.2.2 client on Windows 7 to connect to existing VPN; I installed openvpn in Compatibility mode for Windows Vista, ran the install program as an Administrator, placed the key and configuration files in C:\program files\openvpn\config. If I set the client.ovpn file to open with openvpn.exe, then all works fine. However, if I use openvpn-gui.exe, in Compatibility Mode and as an Administrator, it does no 12:05 < Kendall> also, are there any plans to improve the support for Windows 7 ? 12:09 < dioz> it does what? 12:15 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 12:17 < krzie> Kendall, your text got cut off 12:17 < krzie> we dunno what your problem was 12:18 < krzie> the config should be .ovpn 12:23 < Kendall> i hate when i do that..sorry.. 12:24 < Kendall> to finish my question: not seem to find the configuration file. The user is the computer Administrator account. What is the magic required to get openvpn-gui working ? 12:24 < Kendall> The command line program works, just not the GUI program 12:25 -!- axelm7 [~axelm10@186.135.11.123] has quit [Ping timeout: 252 seconds] 12:25 -!- lusis [u2537@gateway/web/irccloud.com/x-haiphigdimzvbise] has quit [Remote host closed the connection] 12:28 -!- lusis [u2537@gateway/web/irccloud.com/x-ulaezkimjiqwpenw] has joined #openvpn 12:31 -!- Kendall [~gjones@ip-216-36-110-194.dsl.lax.megapath.net] has quit [Ping timeout: 240 seconds] 12:41 -!- aegidos_ [~admin@p54B5A292.dip.t-dialin.net] has joined #openvpn 12:42 -!- axelm7 [~axelm10@186.135.11.123] has joined #openvpn 12:44 -!- aegidos_ is now known as aegidos 12:50 -!- axelm7 [~axelm10@186.135.11.123] has quit [Quit: Leaving] 12:59 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Remote host closed the connection] 13:05 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 13:05 -!- scampbell [~scampbell@mail.scampbell.net] has joined #openvpn 13:16 <+EugeneKay> !winshortcut 13:16 <@vpnHelper> "winshortcut" is To start OpenVPN-GUI easily on Windows, make a shortcut and set the Target as: \"C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe\" --config_dir \"C:\path\to\config\" --connect client.ovpn --show_balloon 0 --silent_connection 1 --show_script_window 0 13:16 <+EugeneKay> Oh, he's buggered off. 13:23 -!- aegidos [~admin@p54B5A292.dip.t-dialin.net] has quit [Read error: No route to host] 13:25 -!- aegidos [~admin@p54B5A292.dip.t-dialin.net] has joined #openvpn 13:28 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has quit [] 13:29 -!- aegidos [~admin@p54B5A292.dip.t-dialin.net] has quit [Client Quit] 13:41 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 13:42 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 13:43 -!- defsdoor [~andy@cpc17-sutt4-2-0-cust175.perr.cable.virginmedia.com] has quit [Quit: Ex-Chat] 13:49 -!- haggler [hnbc@pool-108-5-105-250.nwrknj.fios.verizon.net] has joined #openvpn 13:50 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 13:53 < haggler> hey guys. I have a successfull connection between my debian box (server) and windows 7 (client) however i am unable to mount any network locations. anyone have any ideas? 13:53 < haggler> i have proper config in /etc/exports and all 13:54 < haggler> i am relitivly new to open vpn but not debian/windows. i guess im struggling as to how to debug the issue 13:54 <+EugeneKay> !firewall 13:54 <@vpnHelper> "firewall" is (#1) please see http://openvpn.net/man#lbBD for more info or (#2) see http://www.secure-computing.net/wiki/index.php/OpenVPN/Firewall for brief notes on disabling firewall rulesets. 13:55 < haggler> thank you 14:00 < haggler> sweet i can ping now 14:00 < haggler> thats progress 14:01 < haggler> probably some sort of iptable 14:01 -!- skynet-2000 [~skynet-20@99-62-100-172.lightspeed.tukrga.sbcglobal.net] has joined #openvpn 14:02 -!- skynet-2000 [~skynet-20@99-62-100-172.lightspeed.tukrga.sbcglobal.net] has quit [Changing host] 14:02 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 14:02 < haggler> once i get a successfull ping i can just add \\ip\share folder?? 14:02 < haggler> assuming all i need to do is edit /etc/exports to the proper ip/path 14:02 <@ecrist> no clue 14:02 <@ecrist> /etc/exports is for NFS 14:02 <@ecrist> \\ip\share is samba 14:03 <@ecrist> two totally different things 14:03 < haggler> ya thats probably my problem them 14:03 < haggler> need to use samba not nfs 14:04 <+EugeneKay> That wouuuld cause that issue. 14:04 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Read error: Connection reset by peer] 14:06 < haggler> EugeneKay do you have a magic trigger for that ? :) 14:07 < haggler> kidding :) thanks guys 14:34 < haggler> cant any anything to show :( 14:38 -!- CorvetteZR1 [~scratchi@195.34.234.216.sta.connection.ca] has joined #openvpn 14:39 < CorvetteZR1> !welcome 14:39 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 14:39 < CorvetteZR1> !goal 14:39 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc 14:42 < CorvetteZR1> Hi. i have an OpenVPN server with cryptodev engine enabled. in the case of windows openvpn clients, is it possible for them to take advantage of the crypto accelaration? as i understand the crypto needs to be enabled on both ends, but there is no cryptodev for it. any advice on how to enable crypto acceleration for road warriors? 14:42 < CorvetteZR1> * for it meaning Windows 14:50 -!- dollabill [~mike@199.44.8.98] has quit [Ping timeout: 252 seconds] 14:56 < haggler> maybe if i be more specific... i did start \\10.9.8.1 and was promted with a user/password 14:56 < haggler> im not sure what to use, i tried root pass for testing and it doesnt work :( 15:03 < haggler> did adduser samba, smbpasswd -a samba, and edited smbusers 15:04 < haggler> got it! 15:04 < haggler> cheers 15:06 -!- aegidos [~admin@p54B5A292.dip.t-dialin.net] has joined #openvpn 15:13 -!- aegidos [~admin@p54B5A292.dip.t-dialin.net] has quit [Quit: aegidos] 15:17 -!- caemir [~caemir@78.129.43.30] has joined #openvpn 15:17 -!- caemir [~caemir@78.129.43.30] has quit [Changing host] 15:17 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 15:20 -!- aegidos [~admin@p54B5A292.dip.t-dialin.net] has joined #openvpn 15:27 -!- CorvetteZR1 [~scratchi@195.34.234.216.sta.connection.ca] has quit [Quit: Leaving] 15:34 -!- aegidos [~admin@p54B5A292.dip.t-dialin.net] has quit [Quit: aegidos] 15:54 -!- pierreghz [~pierreghz@cust-204-40-111-94.dyn.as47377.net] has quit [Quit: Quitte] 16:30 <@vpnHelper> RSS Update - forum: Error when importing a config - AUTHRPC_ERRBACK 16:46 -!- jason404 [~jason404@31-222-188-155.static.cloud-ips.co.uk] has joined #openvpn 16:47 < jason404> what sort of openvpn config would I need to connect to an amazon ec2 server? It seems to have an internal private IP adress which is different from its firewalled public IP address 17:05 -!- Denial [Denial@drgi.co.uk] has quit [] 17:13 <@vpnHelper> RSS Update - forum: multicast config 17:15 -!- luckman212 [~irc@pool-108-41-8-176.nycmny.fios.verizon.net] has quit [Write error: Broken pipe] 17:27 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has joined #openvpn 17:35 -!- c0smic [~c0smic141@ip72-222-207-98.ph.ph.cox.net] has joined #openvpn 17:36 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 17:53 -!- danielsh [~danielsh@apache/committer/danielsh] has quit [Quit: danielsh] 18:00 -!- c0smic [~c0smic141@ip72-222-207-98.ph.ph.cox.net] has left #openvpn [] 18:35 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 18:44 -!- Rene [~Adium@cs181081047.pp.htv.fi] has quit [Quit: Leaving.] 18:56 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 18:59 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 19:02 -!- danielsh [~danielsh@apache/committer/danielsh] has joined #openvpn 19:03 -!- danielsh [~danielsh@apache/committer/danielsh] has left #openvpn [] 19:07 -!- _julian_ [~quassel@hmbg-5f764eef.pool.mediaWays.net] has joined #openvpn 19:08 -!- _julian [~quassel@hmbg-5f77cf29.pool.mediaWays.net] has quit [Ping timeout: 244 seconds] 19:59 -!- tjz [~pc@unaffiliated/tjz] has quit [Read error: Connection reset by peer] 20:18 -!- tjz [~pc@bb116-14-145-196.singnet.com.sg] has joined #openvpn 20:18 -!- tjz [~pc@bb116-14-145-196.singnet.com.sg] has quit [Changing host] 20:18 -!- tjz [~pc@unaffiliated/tjz] has joined #openvpn 21:16 -!- simplechat [~simplecha@123-243-79-139.static.tpgi.com.au] has joined #openvpn 21:17 -!- simplechat [~simplecha@123-243-79-139.static.tpgi.com.au] has quit [Changing host] 21:17 -!- simplechat [~simplecha@unaffiliated/simplechat] has joined #openvpn 21:22 < prg3> all 21:23 <+TJNII> none 21:49 <@vpnHelper> RSS Update - forum: Hope you can find a solution to this :) 22:03 -!- JG84 [~JoeGazz84@TechEssentials/JoeGazz84] has quit [Quit: У меня есть более важные дела, чем холостой здесь.] 22:16 -!- hilarie [~hilarie@iptv-dhcp-198-157.kpunet.net] has joined #openvpn 22:17 < hilarie> before I copy and paste all my configs and stuff... is there a config change I should make from the example that tells my computer to actually use the vpn... I show it as connected, and ifconfig shows it exists, but I am not routing traffic over it at all 22:23 < hilarie> server config http://paste.ubuntu.com/795670/ 22:24 < hilarie> client config http://paste.ubuntu.com/795671/ 22:26 < hilarie> I don't know where to find logs :( 22:27 -!- JoeGazz84 [~JoeGazz84@TechEssentials/JoeGazz84] has joined #openvpn 22:33 <+TJNII> hilarie: What host os? 22:33 < hilarie> both ubuntu 11.04 22:33 < hilarie> client ran through sudo, server ran as root 22:33 <+TJNII> hilarie: Look in /var/log/ 22:33 < hilarie> on client, or host? 22:33 <+TJNII> hilarie: Grep the comments out of those configs 22:34 <+TJNII> hilarie: Using the initscript, I assume? 22:34 <+TJNII> !configs 22:34 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries 22:34 < hilarie> I don't know how to use the init scripts 22:35 < hilarie> what would it be in /var/log/ there is no openvpn 22:36 < hilarie> got to go( cab driver, have home) 22:40 -!- hilarie [~hilarie@iptv-dhcp-198-157.kpunet.net] has quit [Ping timeout: 240 seconds] 22:40 -!- hilarie [~hilarie@iptv-dhcp-198-157.kpunet.net] has joined #openvpn 22:40 < hilarie> Sorry about that 22:41 <+TJNII> So how are you starting openvpn? 22:42 < hilarie> sudo openvpn --config client.conf 22:42 < hilarie> and on the server openvpn --config server.conf (no need for sudo as its root) 22:42 <+TJNII> Okay 22:43 <+TJNII> Can you please repaste your configs without comments? 22:43 < hilarie> Yeah, 22:45 < hilarie> http://paste.ubuntu.com/795682/ 22:45 < hilarie> client 22:46 <+TJNII> So I believe that should send the logs to syslog. 22:46 <+TJNII> Check in /var/log again. They're likely in /var/log/messages or whaever the Ubuntu equivalent is. 22:46 <+TJNII> I'd use grep to find them 22:48 < hilarie> http://paste.ubuntu.com/795684/ 22:48 < hilarie> server 22:49 <+TJNII> Yea, that should also be sending to syslog. 22:49 <+TJNII> Does ubuntu use rsyslog? 22:49 <+TJNII> I want to say Debian does, but I might be confusing it with Cent 22:50 < hilarie> in /var/log/messages only has Jan 7 04:39:50 hilarie -- MARK -- 22:50 < hilarie> a bunch of that 22:51 <+TJNII> Well, you can add a log line to your configs and give it a file. 22:51 <+TJNII> I try to avoid that as I prefer to use log daemons, but it will get you oging 22:51 < hilarie> your not seeing anything in the config that should be making the tunnel not work? 22:51 <+TJNII> Nothing is jumping out, but I was looking for log options. 22:52 <+TJNII> If you're going to debug, you need logs 22:52 <+TJNII> They'll tell you why the tunnel isn't working 22:52 < hilarie> k, log level 7 right? 22:52 <+TJNII> If you want. I prefer 4 22:53 <+TJNII> Lots of useful info but not per-packet noise 22:53 < hilarie> and uncomment, the log-append? 22:54 <+TJNII> Yes. Give it the filename you want to log to 22:56 < hilarie> http://paste.ubuntu.com/795688/ 22:56 < hilarie> server log 22:57 < hilarie> got another fair, brb 22:58 <+TJNII> Server looks up 22:58 <+TJNII> Try and connect, repaste both she server and client logs 22:58 <+TJNII> s/she/the/ 23:01 -!- hilarie [~hilarie@iptv-dhcp-198-157.kpunet.net] has quit [Ping timeout: 248 seconds] 23:33 <@vpnHelper> RSS Update - forum: Advice on openvpn deployment || Site to Site problems. 23:37 -!- hilarie [~hilarie@iptv-dhcp-198-157.kpunet.net] has joined #openvpn 23:37 < hilarie> TJNII, you still here? 23:41 -!- skynet-2000 [~skynet-20@99-62-100-172.lightspeed.tukrga.sbcglobal.net] has joined #openvpn 23:42 -!- skynet-2000 [~skynet-20@99-62-100-172.lightspeed.tukrga.sbcglobal.net] has quit [Changing host] 23:42 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 23:44 -!- hilarie [~hilarie@iptv-dhcp-198-157.kpunet.net] has quit [Ping timeout: 240 seconds] --- Day changed Sat Jan 07 2012 00:12 -!- Essobi [~Essobi@74-128-55-37.dhcp.insightbb.com] has quit [Ping timeout: 276 seconds] 00:12 -!- Zyclops [~Adium@ec2-176-34-56-205.ap-northeast-1.compute.amazonaws.com] has joined #openvpn 00:12 -!- Essobi [~Essobi@74-128-55-37.dhcp.insightbb.com] has joined #openvpn 00:13 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 276 seconds] 00:13 -!- Mowee [~Mowi@lendabrain.net] has quit [Ping timeout: 276 seconds] 00:13 -!- Mowi [~Mowi@lendabrain.net] has joined #openvpn 00:13 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 00:14 < Zyclops> hey guys.. i've got a tunnelblick vpn configuration in a .conf file. I'm trying to use openvpn gui in windows 7 to configure the vpn. i've copied the .conf .key and .crt files across but i'm not sure about a couple of the configurations in the .opvn format. 00:14 < Zyclops> 1. is the ipconfig dev tun 00:15 < Zyclops> point-to-point ip link.. does that require configuration on the server? 00:33 -!- Zyclops [~Adium@ec2-176-34-56-205.ap-northeast-1.compute.amazonaws.com] has quit [Quit: Leaving.] 00:46 <@vpnHelper> RSS Update - forum: Windows 7 Client question 00:54 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 00:55 -!- aegidos [~admin@p54B5AF73.dip.t-dialin.net] has joined #openvpn 00:59 -!- aegidos [~admin@p54B5AF73.dip.t-dialin.net] has quit [Client Quit] 01:23 -!- scampbell [~scampbell@mail.scampbell.net] has quit [Read error: Connection reset by peer] 01:25 -!- aegidos [~admin@p54B5AF73.dip.t-dialin.net] has joined #openvpn 01:48 -!- aegidos [~admin@p54B5AF73.dip.t-dialin.net] has quit [Quit: aegidos] 01:55 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 02:18 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 02:31 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 02:34 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 03:03 -!- Denial [Denial@drgi.co.uk] has joined #openvpn 03:13 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Read error: Operation timed out] 03:13 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 03:15 <@vpnHelper> RSS Update - forum: Ubuntu 11.10 TUN help || unable to access openvpnas from Windows Server 2008 || IGMP || Problem connecting Windows 7 to OpenVPN || Windows 7 Client question || Site to Site problems. RSS Update - forum: Site to Site problems. 03:45 <@vpnHelper> RSS Update - forum: OpenVPN routing fails, but only sometimes. (windows client) 03:46 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 03:51 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 04:21 -!- master_of_master [~master_of@p57B54F91.dip.t-dialin.net] has quit [Ping timeout: 252 seconds] 04:23 -!- master_of_master [~master_of@p57B5538A.dip.t-dialin.net] has joined #openvpn 04:49 <@vpnHelper> RSS Update - forum: [solved] unable to access openvpnas from Windows Server 2008 05:49 <@vpnHelper> RSS Update - forum: Port Forwarding by SQL 05:50 -!- APTX [APTX@unaffiliated/aptx] has quit [Read error: Connection reset by peer] 05:50 -!- APTX [APTX@unaffiliated/aptx] has joined #openvpn 05:55 <@vpnHelper> RSS Update - forum: Please Help- Login Window issues on Windows 7 64bit 06:01 <@vpnHelper> RSS Update - forum: Can't find the solution to this anywere. Hope you can! 06:07 <@vpnHelper> RSS Update - forum: [resolved] WIN XP SP3-Connected but cant ping, WIN 7 works 06:16 -!- roentgen [~arthur@openvpn/community/support/roentgen] has joined #openvpn 06:24 <+EugeneKay> Yawn. 06:26 -!- roentgen [~arthur@openvpn/community/support/roentgen] has quit [Quit: Konversation terminated!] 06:30 -!- cpm [~Chip@64.134.242.152] has joined #openvpn 06:30 -!- cpm [~Chip@64.134.242.152] has quit [Changing host] 06:30 -!- cpm [~Chip@pdpc/supporter/active/cpm] has joined #openvpn 06:33 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn 06:37 <@vpnHelper> RSS Update - forum: only some traffic : disable push redirect-gateway 06:39 -!- roentgen [~arthur@openvpn/community/support/roentgen] has joined #openvpn 06:41 -!- cpm [~Chip@pdpc/supporter/active/cpm] has quit [Quit: cpm] 06:55 -!- jaminja [~jaminja@85.17.232.145] has joined #openvpn 06:55 -!- jaminja [~jaminja@85.17.232.145] has quit [Changing host] 06:55 -!- jaminja [~jaminja@unaffiliated/jaminja] has joined #openvpn 07:12 -!- gremly [~gremly@200.106.218.64] has joined #openvpn 07:33 -!- zeshooem [~zee@108.162.156.93] has joined #openvpn 07:36 -!- zeshoem [~zee@bas1-toronto46-1177856379.dsl.bell.ca] has quit [Ping timeout: 255 seconds] 07:45 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Remote host closed the connection] 08:01 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 08:22 -!- krzie [nobody@openvpn/community/support/krzee] has quit [Quit: This computer has gone to sleep] 08:25 -!- Netsplit *.net <-> *.split quits: Deathvalley122, prg3, @cron2, tabakhase 08:25 -!- Netsplit over, joins: @cron2, prg3, tabakhase, Deathvalley122 08:27 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has joined #openvpn 08:29 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 08:30 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 08:32 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 08:34 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 09:11 -!- Rene [~Adium@cs181081047.pp.htv.fi] has quit [Quit: Leaving.] 09:15 -!- Rene [~Adium@cs181081047.pp.htv.fi] has joined #openvpn 09:24 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 09:25 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has quit [Quit: too late] 09:28 -!- mikkel [~mikkel@80-71-132-15.u.parknet.dk] has joined #openvpn 09:30 -!- vpopov [~happylife@dyn-58-35.fttbee.kis.ru] has joined #openvpn 09:32 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 09:32 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has joined #openvpn 09:32 -!- aegidos [~admin@p54B5AF73.dip.t-dialin.net] has joined #openvpn 09:34 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has quit [Client Quit] 09:34 -!- krzie [nobody@openvpn/community/support/krzee] has joined #openvpn 09:35 -!- iDiytto [~diytto@96.18.141.120] has joined #openvpn 09:36 -!- iDiytto [~diytto@96.18.141.120] has left #openvpn [] 09:48 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 09:49 -!- Rene [~Adium@cs181081047.pp.htv.fi] has quit [Quit: Leaving.] 09:54 <@vpnHelper> RSS Update - forum: Please Help- Login Window issues on Windows 7 64bit 10:07 -!- krzie [nobody@openvpn/community/support/krzee] has quit [Read error: Connection reset by peer] 10:08 -!- krzie [nobody@openvpn/community/support/krzee] has joined #openvpn 10:08 <+havoc> I should lab up my TUN conversion today 10:34 -!- p3rror [~mezgani@2001:470:1f0b:c66:1::2] has joined #openvpn 10:42 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has joined #openvpn 10:50 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 10:56 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has quit [Quit: too late] 10:59 -!- jaminja [~jaminja@unaffiliated/jaminja] has quit [Ping timeout: 276 seconds] 11:06 -!- vpopov [~happylife@dyn-58-35.fttbee.kis.ru] has quit [Ping timeout: 240 seconds] 11:07 -!- simplechat [~simplecha@unaffiliated/simplechat] has quit [Remote host closed the connection] 11:15 -!- vpopov [~happylife@dyn-58-35.fttbee.kis.ru] has joined #openvpn 11:16 -!- aegidos [~admin@p54B5AF73.dip.t-dialin.net] has quit [Quit: aegidos] 11:16 -!- jaminja [~jaminja@unaffiliated/jaminja] has joined #openvpn 11:18 <@vpnHelper> RSS Update - forum: Newbee Help Please 11:24 <@vpnHelper> RSS Update - forum: [resolved] unable to access openvpnas from Win Server 2008 11:25 -!- jaminja [~jaminja@unaffiliated/jaminja] has quit [Ping timeout: 240 seconds] 11:30 <@vpnHelper> RSS Update - forum: [resolved] Layer 2 bridging not working || [resolved] Subnet Conflicts 11:30 -!- roentgen [~arthur@openvpn/community/support/roentgen] has quit [Quit: Konversation terminated!] 11:34 -!- jaminja [~jaminja@85.17.232.145] has joined #openvpn 11:34 -!- jaminja [~jaminja@85.17.232.145] has quit [Changing host] 11:34 -!- jaminja [~jaminja@unaffiliated/jaminja] has joined #openvpn 11:36 <@vpnHelper> RSS Update - forum: web-Access via OpenVPN || WHS as internet gateway with Open VPN anonymisation service 11:40 < haggler> is there anyway to have 2 connections established at once without getting All TAP-Win32 adapters on this system are currently in use? 11:41 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has joined #openvpn 11:42 <@vpnHelper> RSS Update - forum: Date-Time stamp in log name || I Need Auto-reconnect when it drops connection || please help me 11:45 -!- MrWGW [MrWGW@74.124.192.8] has quit [Ping timeout: 240 seconds] 11:46 -!- mirco [~mirco@p57ACCD09.dip.t-dialin.net] has joined #openvpn 11:48 <@vpnHelper> RSS Update - forum: Assign Public Class C to client1 || automatic reconnect potable openvpn || openvpn connects with no traffic on win 7 64bit 11:54 <@vpnHelper> RSS Update - forum: Port Forwarding by SQL || Help Creating a Configuration File || [resolved] download speed is VERY SLOW 12:00 <@vpnHelper> RSS Update - forum: unable redirect default gateway || openvpn connects with no traffic on win 7 64bit 12:06 <@vpnHelper> RSS Update - forum: Setup on server connected directly to WAN. || Disconnected after inactivity 12:12 <@vpnHelper> RSS Update - forum: TLS negotiation failed with UDP 12:18 <@vpnHelper> RSS Update - forum: Multiple Server Ports Problem 12:24 <@vpnHelper> RSS Update - forum: Http Proxy .. How to? 12:30 <@vpnHelper> RSS Update - forum: Bridging on Windows Server 2008 R2 12:36 <@vpnHelper> RSS Update - forum: OpenVPN with Google authenticator like 2FA (windows client) || Down script to fix route issue 12:48 <@vpnHelper> RSS Update - forum: breaking up Class C into four subnets || openvpn and source based routing || [resolved] Multiple clients on OpenVPN - Routing Issue 12:54 <@vpnHelper> RSS Update - forum: multicast config || [Help] Problem To Connect to the Server 12:55 -!- Rene [~Adium@cs181081047.pp.htv.fi] has joined #openvpn 12:55 -!- pierreghz [~pierreghz@cust-254-120-111-94.dyn.as47377.net] has joined #openvpn 12:56 -!- Rene [~Adium@cs181081047.pp.htv.fi] has quit [Client Quit] 13:00 <@vpnHelper> RSS Update - forum: Wrong routes set to the client || possible ways to establish ddns updates for openvpn clients 13:03 -!- Rene [~Adium@cs181081047.pp.htv.fi] has joined #openvpn 13:06 <@vpnHelper> RSS Update - forum: only some traffic : disable push redirect-gateway 13:12 -!- Rene [~Adium@cs181081047.pp.htv.fi] has quit [Quit: Leaving.] 13:15 -!- Rene [~Adium@cs181081047.pp.htv.fi] has joined #openvpn 13:15 -!- Rene [~Adium@cs181081047.pp.htv.fi] has quit [Client Quit] 13:18 <@vpnHelper> RSS Update - forum: OpenVPN and RRAS working together 13:24 -!- APTX [APTX@unaffiliated/aptx] has quit [Ping timeout: 255 seconds] 13:30 -!- sia^pwnnt [115kluu@owned.ninjasinpyjamas.biz] has quit [Read error: Operation timed out] 13:36 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has joined #openvpn 13:36 <@vpnHelper> RSS Update - forum: Port Forwarding by SQL 13:41 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has quit [Quit: HydraIRC -> http://www.hydrairc.com <- The professional IRC Client :D] 13:41 <@vpnHelper> RSS Update - forum: Port Forwarding by SQL 13:45 -!- sia^pwnnt [115kluu@owned.ninjasinpyjamas.biz] has joined #openvpn 13:49 <+EugeneKay> RSS update - pants: EugeneKay is wearing them 13:49 <@vpnHelper> Title: Eugene Kashpureff Home Live Camera ! (at kashpureff.org) 14:02 -!- Rene [~Adium@cs181081047.pp.htv.fi] has joined #openvpn 14:11 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 14:13 -!- Kurdo [~Kurdo@46.53.23.160] has joined #openvpn 14:20 -!- APTX [APTX@unaffiliated/aptx] has joined #openvpn 14:27 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 14:31 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Read error: Connection reset by peer] 14:33 -!- krzie [nobody@openvpn/community/support/krzee] has quit [Quit: This computer has gone to sleep] 14:33 -!- rkantos [~robin2@109.169.55.199] has joined #openvpn 14:35 -!- Kurdo [~Kurdo@46.53.23.160] has quit [Quit: ChatZilla 0.9.88 [Firefox 9.0.1/20111220165912]] 14:47 -!- mirco [~mirco@p57ACCD09.dip.t-dialin.net] has quit [Read error: Connection reset by peer] 14:48 <@vpnHelper> RSS Update - forum: Port Forwarding by SQL 14:48 -!- mirco [~mirco@p57ACCD09.dip.t-dialin.net] has joined #openvpn 14:54 <@vpnHelper> RSS Update - forum: Can't find the solution to this anywere. Hope you can! 15:15 -!- skynet-1000 [~skynet-10@unaffiliated/skynet2000] has joined #openvpn 15:24 <@vpnHelper> RSS Update - forum: Can't find the solution to this anywere. Hope you can! 15:30 <@vpnHelper> RSS Update - forum: automatic reconnect potable openvpn 15:34 -!- zeshoem [~zee@108.162.156.93] has joined #openvpn 15:35 -!- zeshooem [~zee@108.162.156.93] has quit [Read error: Connection reset by peer] 15:36 <@vpnHelper> RSS Update - forum: Can't find the solution to this anywere. Hope you can! || Windows 7 as OpenVPN server with redirect-gateway 15:48 <@vpnHelper> RSS Update - forum: Can't find the solution to this anywere. Hope you can! 16:00 <@vpnHelper> RSS Update - forum: Can't find the solution to this anywere. Hope you can! || Port Forwarding by SQL 16:04 -!- corretico [~luis@190.211.93.11] has joined #openvpn 16:29 < haggler> is there anyway to have 2 connections established at once without getting All TAP-Win32 adapters on this system are currently in use? 16:29 -!- skynet-1000 [~skynet-10@unaffiliated/skynet2000] has quit [Quit: Leaving] 16:30 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 16:30 <@vpnHelper> RSS Update - forum: Newbee Help Please 16:32 -!- pierreghz [~pierreghz@cust-254-120-111-94.dyn.as47377.net] has quit [Quit: Quitte] 16:46 -!- gremly [~gremly@200.106.218.64] has quit [Quit: WeeChat 0.3.6] 16:47 -!- gremly [~gremly@200.106.218.64] has joined #openvpn 17:02 -!- gremly [~gremly@200.106.218.64] has quit [Quit: WeeChat 0.3.6] 17:04 -!- Rene [~Adium@cs181081047.pp.htv.fi] has quit [Quit: Leaving.] 17:04 -!- Rene [~Adium@cs181081047.pp.htv.fi] has joined #openvpn 17:19 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 17:25 <@vpnHelper> RSS Update - forum: Error when importing a config - AUTHRPC_ERRBACK 17:42 -!- rkantos [~robin2@109.169.55.199] has quit [Read error: Connection reset by peer] 17:47 -!- rkantos [~robin2@109.169.55.199] has joined #openvpn 17:48 <+EugeneKay> haggler - there should be a shortcut in the OpenVPN program group to add a second adapter 17:50 <+EugeneKay> You need to have one tun/tap adapter per openvpn process. *nix handles this dynamically, but Windows is.... windowsy. 17:51 -!- mikkel [~mikkel@80-71-132-15.u.parknet.dk] has quit [Quit: Leaving] 17:53 -!- Secret [~Secret@78.157.114.78] has quit [Ping timeout: 240 seconds] 17:56 -!- Secret [~Secret@78.157.114.78] has joined #openvpn 18:03 -!- zeshoem [~zee@108.162.156.93] has quit [Read error: Connection reset by peer] 18:05 -!- zeshoem [~zee@108.162.156.93] has joined #openvpn 18:06 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 18:11 <@vpnHelper> RSS Update - forum: OpenVPN and Android/Windows Client -- No IP Address 18:14 -!- Denial [Denial@drgi.co.uk] has quit [] 18:15 -!- vpopov [~happylife@dyn-58-35.fttbee.kis.ru] has quit [Ping timeout: 255 seconds] 18:18 -!- zeshoem [~zee@108.162.156.93] has quit [Read error: Connection reset by peer] 18:20 -!- zeshoem [~zee@108.162.156.93] has joined #openvpn 18:24 -!- zeshoem [~zee@108.162.156.93] has quit [Read error: Connection reset by peer] 18:26 -!- zeshoem [~zee@108.162.156.93] has joined #openvpn 18:40 -!- Rene [~Adium@cs181081047.pp.htv.fi] has quit [Quit: Leaving.] 18:41 -!- Secret [~Secret@78.157.114.78] has quit [Read error: Operation timed out] 18:41 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 18:43 -!- Secret [~Secret@78.157.114.78] has joined #openvpn 19:04 -!- _julian [~quassel@hmbg-5f765dcb.pool.mediaWays.net] has joined #openvpn 19:07 -!- _julian_ [~quassel@hmbg-5f764eef.pool.mediaWays.net] has quit [Ping timeout: 252 seconds] 19:35 <@vpnHelper> RSS Update - forum: Need routing help with ZyXEL USG router 19:58 -!- jaminja [~jaminja@unaffiliated/jaminja] has quit [Quit: Lost terminal] 19:58 -!- jaminja [~jaminja@unaffiliated/jaminja] has joined #openvpn 19:58 <@vpnHelper> RSS Update - forum: ZyXEL USG static route not working for Internet access 20:16 -!- mirco [~mirco@p57ACCD09.dip.t-dialin.net] has quit [Read error: Connection reset by peer] 20:17 -!- mirco [~mirco@p57ACCD09.dip.t-dialin.net] has joined #openvpn 20:21 -!- mirco [~mirco@p57ACCD09.dip.t-dialin.net] has quit [Ping timeout: 252 seconds] 20:43 -!- p3rror [~mezgani@2001:470:1f0b:c66:1::2] has quit [Ping timeout: 260 seconds] 20:57 <@vpnHelper> RSS Update - forum: I Need Auto-reconnect when it drops connection 21:26 -!- simplechat [~simplecha@123-243-79-139.static.tpgi.com.au] has joined #openvpn 21:26 -!- simplechat [~simplecha@123-243-79-139.static.tpgi.com.au] has quit [Changing host] 21:26 -!- simplechat [~simplecha@unaffiliated/simplechat] has joined #openvpn 21:38 -!- lusis [u2537@gateway/web/irccloud.com/x-ulaezkimjiqwpenw] has quit [Remote host closed the connection] 21:38 -!- evilhackerdude [u1451@gateway/web/irccloud.com/x-zuzroifaycuiqqus] has quit [Remote host closed the connection] 22:21 <@vpnHelper> RSS Update - forum: Site to Site problems. 22:29 -!- krzie [nobody@openvpn/community/support/krzee] has joined #openvpn 23:09 <@vpnHelper> RSS Update - forum: Newbee Help Please 23:28 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 23:30 -!- zeshoem [~zee@108.162.156.93] has quit [] 23:39 -!- corretico [~luis@190.211.93.11] has quit [Remote host closed the connection] 23:42 -!- corretico [~luis@190.211.93.11] has joined #openvpn 23:42 -!- Zyclops [~Adium@111.174.238.54] has joined #openvpn 23:43 -!- Zyclops [~Adium@111.174.238.54] has left #openvpn [] --- Day changed Sun Jan 08 2012 00:00 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Ping timeout: 240 seconds] 00:00 -!- c1de0x [~c1de0x@208.111.44.254] has quit [Quit: Coyote finally caught me] 00:00 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 00:01 -!- c1de0x [~c1de0x@208.111.44.254] has joined #openvpn 00:38 -!- corretico [~luis@190.211.93.11] has quit [Ping timeout: 240 seconds] 00:55 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 01:08 <@vpnHelper> RSS Update - forum: OpenVPN connection point-to-point 01:28 -!- Rene [~Adium@cs181081047.pp.htv.fi] has joined #openvpn 01:30 -!- jaminja [~jaminja@unaffiliated/jaminja] has quit [Ping timeout: 240 seconds] 01:45 -!- Rene [~Adium@cs181081047.pp.htv.fi] has quit [Quit: Leaving.] 01:50 <@vpnHelper> RSS Update - forum: Installing OpenVPn on MAC 10.6 01:52 -!- Rene [~Adium@cs181081047.pp.htv.fi] has joined #openvpn 01:52 -!- Rene [~Adium@cs181081047.pp.htv.fi] has quit [Client Quit] 01:56 <@vpnHelper> RSS Update - forum: OpenVPN is connected but does not work 02:03 -!- Cr4zi3 [killaz@staff.xbins.org] has quit [Ping timeout: 248 seconds] 02:03 -!- Cr4zi3 [killaz@crazie2-1-pt.tunnel.tserv12.mia1.ipv6.he.net] has joined #openvpn 02:08 <@vpnHelper> RSS Update - forum: Site to Site problems. 02:14 <@vpnHelper> RSS Update - forum: Port Forwarding by SQL 02:20 <@vpnHelper> RSS Update - forum: OpenVPN is connected but does not work 02:26 -!- simplechat [~simplecha@unaffiliated/simplechat] has quit [Remote host closed the connection] 02:32 <@vpnHelper> RSS Update - forum: ZyXEL USG static route not working for Internet access 02:59 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 248 seconds] 03:00 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 03:17 -!- pk__ [~root@14.139.59.2] has joined #openvpn 03:18 <@vpnHelper> RSS Update - forum: Can´t connect to VPN 03:18 < pk__> my vpn provider game me ca.crt client.conf files and a login password 03:19 -!- kloeri [~kloeri@freenode/staff/exherbo.kloeri] has quit [Ping timeout: 600 seconds] 03:20 < pk__> but everytime i start my computer i need to enter the id and password manually..is there any way so that i can write these login credentials in a file and openvpn automatically takes these 03:31 -!- kloeri [~kloeri@freenode/staff/exherbo.kloeri] has joined #openvpn 03:36 -!- pk__ [~root@14.139.59.2] has left #openvpn [] 03:53 -!- SOG [~SOG@wsip-70-164-135-177.lv.lv.cox.net] has joined #openvpn 04:00 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 248 seconds] 04:02 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has quit [Remote host closed the connection] 04:02 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has joined #openvpn 04:07 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 04:18 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 252 seconds] 04:19 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 04:21 -!- master_of_master [~master_of@p57B5538A.dip.t-dialin.net] has quit [Ping timeout: 255 seconds] 04:23 -!- master_of_master [~master_of@p57B544DA.dip.t-dialin.net] has joined #openvpn 04:24 -!- skynet2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 05:00 <@vpnHelper> RSS Update - forum: Multiple Server Ports Problem 05:01 -!- skynet2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 05:03 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 05:03 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Quit: UnterPerro lives to save another day] 05:06 <@vpnHelper> RSS Update - forum: OpenVPN Elliptic Curves (SHA512, ECDSA, ECDH, Linux, Debian) 05:08 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 05:20 -!- `Ile` [~kvirc@178.222.141.204] has joined #openvpn 05:21 -!- `Ile` [~kvirc@178.222.141.204] has quit [Client Quit] 05:25 -!- Rene1 [~Adium@cs181081047.pp.htv.fi] has joined #openvpn 05:36 <@vpnHelper> RSS Update - forum: Using web hosting account for VPN tunnel 05:48 <@vpnHelper> RSS Update - forum: I Can't Send PM 06:27 -!- Denial [Denial@drgi.co.uk] has joined #openvpn 06:30 <@vpnHelper> RSS Update - forum: Port Forwarding by SQL 06:54 -!- catsup [~d@ps38852.dreamhost.com] has quit [Remote host closed the connection] 06:54 -!- catsup [~d@ps38852.dreamhost.com] has joined #openvpn 08:15 -!- kloeri [~kloeri@freenode/staff/exherbo.kloeri] has quit [Ping timeout: 612 seconds] 08:17 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has quit [Ping timeout: 276 seconds] 08:21 -!- Secret [~Secret@78.157.114.78] has quit [Read error: Connection reset by peer] 08:30 -!- Secret [~Secret@78.157.114.78] has joined #openvpn 08:32 -!- kloeri [~kloeri@freenode/staff/exherbo.kloeri] has joined #openvpn 08:34 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 276 seconds] 08:35 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 08:42 <@vpnHelper> RSS Update - forum: push "dhcp-option DNS ....." question 08:48 <@vpnHelper> RSS Update - forum: Routing Problem 08:56 -!- Secret [~Secret@78.157.114.78] has quit [Read error: Connection reset by peer] 09:01 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Quit: Textual IRC Client: http://www.textualapp.com/] 09:01 -!- Gravitron [~admin@cpe-76-92-159-145.kc.res.rr.com] has joined #openvpn 09:01 -!- Gravitron [~admin@cpe-76-92-159-145.kc.res.rr.com] has quit [Changing host] 09:01 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 09:01 -!- Secret [~Secret@78.157.114.78] has joined #openvpn 09:02 -!- Secret [~Secret@78.157.114.78] has quit [Read error: Connection reset by peer] 09:07 -!- Secret [~Secret@78.157.114.78] has joined #openvpn 09:12 -!- Rene1 [~Adium@cs181081047.pp.htv.fi] has quit [Quit: Leaving.] 09:37 < dioz> i have it setup in debian this way-- client-cert-not-required, username-as-common-name 09:37 < dioz> so i don't need certs 09:38 < dioz> Options error: --client-cert-not-required must be used with --management-client-auth, an --auth-user-pass-verify script, or plugin <-- this is the error i get in freebsd 09:42 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has joined #openvpn 09:46 < dioz> nvm, i'm high 10:01 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Remote host closed the connection] 10:05 -!- Rene [~Adium@cs181081047.pp.htv.fi] has joined #openvpn 10:06 -!- vocis [~vocis@gateway/tor-sasl/voidzero] has quit [Ping timeout: 276 seconds] 10:07 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 10:38 -!- brummel444 [~chatzilla@p5DDE7794.dip.t-dialin.net] has joined #openvpn 10:41 < brummel444> hi. i set up openvpn in bridge-mode. i can dial in with my client (iphone) and get an ip address of my local subnet, but the client cant be pinged or connect anywhere. what can i look at to locate the problem? 10:49 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 240 seconds] 10:50 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 10:50 -!- tekzilla [~jon@hmbg-5f767659.pool.mediaWays.net] has joined #openvpn 10:53 -!- vocis [~vocis@gateway/tor-sasl/voidzero] has joined #openvpn 11:07 < brummel444> hi. i set up openvpn in bridge-mode. i can dial in with my client (iphone) and get an ip address of my local subnet, but the client cant be pinged or connect anywhere. what can i look at to locate the problem? 11:07 < brummel444> i cant even see a connection attempt in wireshark 11:09 < brummel444> the client has the correct ip gateway.. also connecting to the servers webserver isnt possible, iptables is configured to allow all input traffic from br and tap device 11:27 -!- SOG [~SOG@wsip-70-164-135-177.lv.lv.cox.net] has quit [Remote host closed the connection] 11:28 -!- SOG [~SOG@168.70.16.99] has joined #openvpn 11:31 < krzie> why are you bridging? 11:31 < krzie> also, are you sure iphone can do tap mode? i think it can not 11:31 < krzie> since it can only do tun via tunemu 11:42 < brummel444> i want to access data on my local network. hm.. thats possible. ill try another client. 11:46 < brummel444> no, tap should work, i looked it up 11:50 < krzie> you dont need tap for that 11:50 < krzie> !route 11:50 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT or (#3) See !tcpip for more info about a more basic networking guide 11:51 < krzie> but ya i see they did add tap to tunemu 11:59 < brummel444> i need the client to be in the same subnet like the local lan clients. im using plex media server. i can connect via wifi, but not via vpn (routing), dont know why, i guess the app allows only connections from the same subnet. so i need the client to act like physically connected to the same subnet. 12:00 < brummel444> it also didnt work using xl2tp/ipsec. thats why i conclude that i need a layer2 vpn. 12:02 < krzie> did it "not work" because your routing wasnt setup correctly...? 12:02 < krzie> since that doesnt just magically work... 12:02 -!- bergle [~bergle@c-68-63-42-110.hsd1.fl.comcast.net] has joined #openvpn 12:02 < krzie> you would need routes setup on the clients and ip forwarding on the server 12:04 < brummel444> i think i set that up correctly, since i could connect to the internet, the plex webinterfaces of the server. but i think on xl2tp/ipsec mdns doesnt get through the vpn.. perhaps thats why this configuration didnt work. 12:05 < brummel444> when i tried openvpn in routing mode, i could connect using a third-party app.. but not with the original ios plex client. so i think its just testing for same subnet 12:06 < krzie> ok maybe it uses some l2 then 12:06 < brummel444> l2? 12:06 < krzie> layer2 12:07 < krzie> the machine you need layer2 to is the server or a machine behind the server? 12:07 < brummel444> its the server 12:07 < krzie> try tap without bridge 12:07 < krzie> a normal routed tap 12:07 < brummel444> then i have different subnets 12:07 < krzie> i highly doubt it gives a damn 12:08 < krzie> and you dont need a bridge to have layer2 12:08 < brummel444> i did try that before, with a third party app it worked like that 12:08 < krzie> you would if it was a machine behind the server (on its lan) 12:08 < krzie> what you're assuming is happening makes no sense 12:08 < brummel444> but i think i need a bridge to get the clients to the same subnet right? 12:08 < krzie> what app are you using? 12:08 < krzie> the same subnet thing makes no sense at all 12:09 < brummel444> the plex app 12:09 < krzie> needing layer2 would make sense 12:09 -!- Secret [~Secret@78.157.114.78] has quit [Ping timeout: 240 seconds] 12:10 -!- Secret [~Secret@78.157.114.78] has joined #openvpn 12:12 < krzie> hah it really is that way 12:12 < krzie> hillarious 12:12 < brummel444> ? how did you find out? 12:12 < krzie> umm, google 12:12 < krzie> plex app iphone subnet vpn 12:12 < krzie> http://forums.plexapp.com/index.php/topic/35371-clients-cannot-connect-from-remote-network/ 12:12 <@vpnHelper> Title: Clients cannot connect from remote network - Plex Forums (at forums.plexapp.com) 12:12 < brummel444> they want to sell their myplex shit 12:13 < brummel444> so what i need is layer2 vpn bridge, then i just has to work 12:14 < krzie> looks like it, thats terribly done by them 12:14 < krzie> elan October 31st, 2011 11:00 am 12:14 < krzie> @Daniel: that too is a known issue, I didn?t post it because I believe a minority of people run VPNs, and the post was long enough as it was It?s on the list and we?ll fix it. 12:15 < krzie> http://elan.plexapp.com/2011/10/31/state-of-the-release-2/ 12:15 <@vpnHelper> Title: Plex » State of the release (at elan.plexapp.com) 12:15 < krzie> ArcSissy November 29th, 2011 5:23 am 12:15 < krzie> Please reinstate a login/pass model (token-free) version of Plex server en -App. 12:15 < krzie> I am using VPN to enter my personal Plex server over a additional subnet (VPN only) and therefore Plex Server is not available anymore. 12:15 < krzie> The older version rocked ? but I?m on the break of departing with Plex due to the new traffic warden situation. 12:15 < krzie> Please revert! 12:15 < krzie> ArcSissy 12:19 < brummel444> in my opinion they want to collect lots of user data 12:19 < krzie> the same subnet thing doesnt add to that 12:20 < brummel444> users will use myplex 12:20 < brummel444> and not a vpn 12:20 < krzie> sux for them 12:29 <@vpnHelper> RSS Update - forum: OpenVPN and Android/Windows Client -- No IP Address 12:59 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has quit [Remote host closed the connection] 13:05 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has joined #openvpn 13:07 -!- Rene [~Adium@cs181081047.pp.htv.fi] has quit [Quit: Leaving.] 13:08 -!- Rene [~Adium@cs181081047.pp.htv.fi] has joined #openvpn 13:23 -!- SviMik [~pIRCuser8@131.250.35.213.dyn.estpak.ee] has joined #openvpn 13:27 < SviMik> hi all. I have a strange routing problem on client side (windows XP). I use redirect-gateway. after connecting everything works, but new route records are disappering after minute or two 13:28 < SviMik> VPN connection continue working, I can ping local addresses in VPN network. No messages in client nor server log. 13:30 -!- Rene [~Adium@cs181081047.pp.htv.fi] has left #openvpn [] 13:31 < SviMik> routes "0.0.0.0 128.0.0.0 10.116.192.1" and "128.0.0.0 128.0.0.0 10.116.192.1" just magically disappear with no reason... 13:34 < Olipro> SviMik: it's never magic 13:35 < Olipro> something is removing them 13:35 < SviMik> but if not openvpn, the who? it is clear windows installation, there is no software except openvpn 13:37 < Olipro> are you running openvpn with verbose logging? 13:38 < Olipro> if openvpn is doing it, it'll tell you 13:38 < SviMik> verb 4 13:38 < Olipro> are you using tun or tap 13:38 < SviMik> tap 13:38 < Olipro> on both ends right? 13:38 < SviMik> yes 13:39 < Olipro> I can think of the possibility that windows thinks 10.116.192.1 has become unreachable and is thus invalidating the route 13:39 < Olipro> which may actually be happening if it stops responding to ARP 13:39 < SviMik> but I can ping 10.116.192.1 after the route is removed 13:39 < Olipro> then check the openvpn log 13:40 < SviMik> nothing in log. last line is: Initialization Sequence Completed 13:43 < Olipro> ok, and on the physical and tunneled networks, are you running DHCP or anything along those lines 13:43 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Quit: Computer has gone to sleep.] 13:44 < SviMik> I found something. it happens only if I use Reconnect button in GUI 13:45 < SviMik> if I disconnect, wait some time, and then connect back - anything is ok 13:45 < Olipro> that sounds to me like the route is getting removed on disconnect, but isn't being re-added 13:53 -!- vocis [~vocis@gateway/tor-sasl/voidzero] has quit [Ping timeout: 276 seconds] 13:55 < SviMik> Olipro why then routes are existing after reconnection? 13:55 < SviMik> and they disappear only after a minute 13:56 < Olipro> hm, that is interesting, I wonder if it's a race condition 13:56 < Olipro> if the GUI tells the existing process to exit without waiting for it to actually exit, that would make sense 13:56 < Olipro> although that seems like a long teardown time 13:58 < krzie> sounds like a bug for the trac 13:58 < krzie> !trac 13:58 <@vpnHelper> "trac" is (#1) see https://community.openvpn.net for development information and bug tracker. or (#2) if you have a forum login, use that for trac, its the same database. 13:59 < SviMik> I think it waits, because I see termination messages in log, and only then new process messages 14:02 < SviMik> krzie I'm even not sure how to reproduce it. 14:02 < krzie> oh 14:04 -!- brummel444 [~chatzilla@p5DDE7794.dip.t-dialin.net] has quit [Quit: ChatZilla 0.9.87 [Firefox 9.0.1/20111220165912]] 14:06 < SviMik> ok, I can write "click on the Reconnect button on Windows XP". but it looks silly. if this button really have a stable bug, it should be found already 14:07 < krzie> well if you cant reproduce it im quick to blame windows 14:07 < krzie> if you can, which i thought you could when i mentioned trac, then you have a bug ;] 14:08 < krzie> brb from krzee 14:08 < SviMik> but obviously a pause could be added there. it is playing with routes very fast, maybe causing some bugs in windows 14:10 -!- krzie [nobody@openvpn/community/support/krzee] has quit [Quit: This computer has gone to sleep] 14:13 <@vpnHelper> RSS Update - forum: Http Proxy .. How to? 14:13 < SviMik> yes, I can reproduce it. 14:16 < SviMik> bug "works" in xp sp2 and xp sp3, with any vpn server 14:29 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 14:35 < krzee> there ya go then! =] 14:36 < SviMik> ok, here is my story. http://svimik.com/ovpn_reconnect_bug.txt 14:36 < SviMik> maybe I post it later to trac 14:51 -!- BRkSYs [~t7DS@187.127.194.65] has joined #openvpn 14:55 <@vpnHelper> RSS Update - forum: VPN connection lost in seconds 15:07 <@vpnHelper> RSS Update - forum: Any OpenSolaris "dladm create-iptun" support for OpenVPN? 15:10 -!- JackWinter [~jack@vodsl-8990.vo.lu] has quit [Quit: Konversation terminated!] 15:13 -!- JackWinter [~jack@vodsl-8990.vo.lu] has joined #openvpn 15:25 <@vpnHelper> RSS Update - forum: TCP Out of Order Problem 15:29 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 15:32 -!- vocis [~vocis@gateway/tor-sasl/voidzero] has joined #openvpn 15:43 <@vpnHelper> RSS Update - forum: Routing LANs connected to VPN Server/client (default gw) 15:44 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has quit [Read error: Connection reset by peer] 15:45 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 240 seconds] 15:49 <@vpnHelper> RSS Update - forum: ZyXEL USG static route not working for Internet access 15:56 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 15:57 -!- sia^pwnnt [115kluu@owned.ninjasinpyjamas.biz] has quit [Ping timeout: 240 seconds] 15:59 -!- BRkSYs [~t7DS@187.127.194.65] has left #openvpn [] 16:00 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has joined #openvpn 16:19 <@vpnHelper> RSS Update - forum: openvpn and source based routing 16:31 <@vpnHelper> RSS Update - forum: ZyXEL USG static route not working for Internet access 16:32 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 16:33 -!- sia^pwnnt [8440frag@owned.ninjasinpyjamas.biz] has joined #openvpn 16:40 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has quit [Quit: I love my HydraIRC -> http://www.hydrairc.com <-] 16:41 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has joined #openvpn 16:44 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has joined #openvpn 16:46 -!- SviMik [~pIRCuser8@131.250.35.213.dyn.estpak.ee] has quit [Ping timeout: 252 seconds] 17:12 -!- voidzero [~vocis@gateway/tor-sasl/voidzero] has joined #openvpn 17:16 -!- vocis [~vocis@gateway/tor-sasl/voidzero] has quit [Ping timeout: 276 seconds] 17:16 -!- voidzero is now known as vocis 17:17 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 17:44 -!- ovid [~ovid@unaffiliated/ovid] has joined #openvpn 17:45 -!- voidzero [~vocis@gateway/tor-sasl/voidzero] has joined #openvpn 17:48 -!- vocis [~vocis@gateway/tor-sasl/voidzero] has quit [Ping timeout: 276 seconds] 17:48 -!- voidzero is now known as vocis 18:08 <@vpnHelper> RSS Update - forum: Newbee Help Please 18:42 -!- SviMik [~pIRCuser8@131.250.35.213.dyn.estpak.ee] has joined #openvpn 18:55 -!- SviMik [~pIRCuser8@131.250.35.213.dyn.estpak.ee] has quit [Quit: pIRC v2.2 < Personal IRC Team > http://ircworld.ru and http://xirc.ru/] 19:00 -!- bergle [~bergle@c-68-63-42-110.hsd1.fl.comcast.net] has quit [Remote host closed the connection] 19:03 -!- _julian_ [~quassel@hmbg-4d06e74b.pool.mediaWays.net] has joined #openvpn 19:07 -!- _julian [~quassel@hmbg-5f765dcb.pool.mediaWays.net] has quit [Ping timeout: 276 seconds] 19:15 -!- tekzilla [~jon@hmbg-5f767659.pool.mediaWays.net] has quit [Ping timeout: 276 seconds] 19:17 -!- tekzilla [~jon@hmbg-5f7604b5.pool.mediaWays.net] has joined #openvpn 19:20 -!- jason404 [~jason404@31-222-188-155.static.cloud-ips.co.uk] has left #openvpn [] 19:24 -!- DrArcheh [~drarcheh@unaffiliated/drarcheh] has joined #openvpn 19:25 < DrArcheh> I'm trying to connect two hosts in point-to-point mode, both hosts have server certificate though. It seems that the tls-server only accepts client certificate for the remote peer 19:26 < DrArcheh> is there a way to change that? "remote-cert-tls server" doesn't seem to help 19:27 < krzee> in point-to-point mode, there are no certs 19:27 < krzee> just a static key 19:27 < krzee> !ptp 19:27 < krzee> erm 19:27 < krzee> !p2p 19:27 < krzee> !secret 19:27 <@vpnHelper> "secret" is funny that people use free programs, consult free help for them, run a business with them, but are restricted to say what they do. 19:27 < krzee> lol wrong secret 19:27 < DrArcheh> ah ok, i was using psk+certs 19:27 < DrArcheh> heh 19:28 < krzee> ya, ptp is just psk 19:28 < krzee> !forwardsecurity 19:28 < DrArcheh> is it actually ok to use psk+certs for client-server setups? or doesn't that make sense? 19:28 <@vpnHelper> "forwardsecurity" is (#1) in server/client mode with certs your key renegotiates (changes) every hour (by default), so if someone captures your traffic, and then gets your key, they can only decrypt the traffic within the timeframe since last renegotiation or (#2) in ptp mode (static key) you do not have this, so if someone gets your key they can decrypt ANY past traffic that they captured 19:28 < krzee> client/server uses pki, no psk 19:28 < krzee> basically, you never use both together 19:29 -!- Denial [Denial@drgi.co.uk] has quit [] 19:29 < DrArcheh> i figured using psk next to pki would stop the server from responding to random scans 19:30 < DrArcheh> but thanks :) 19:46 < krzee> oh 19:46 < krzee> !hmac 19:46 <@vpnHelper> "hmac" is (#1) The tls-auth directive adds an additional HMAC signature to all SSL/TLS handshake packets for integrity verification. Any UDP packet not bearing the correct HMAC signature can be dropped without further processing. The tls-auth HMAC signature provides an additional level of security above and beyond that provided by SSL/TLS. or (#2) openvpn --genkey --secret ta.key to make the tls static key 19:46 <@vpnHelper> , in configs: tls-auth ta.key # , 1 for client or 0 for server in the configs 19:47 < krzee> thats what you were looking for 19:47 < krzee> it is a psk of sorts 19:47 < krzee> just you use it with --tls-auth instead of --secret 19:47 < krzee> and we call it hmac signature instead of psk ;] 19:48 < krzee> but ya, you are right =] 19:50 <@vpnHelper> RSS Update - forum: Openvpn config to allow IGMP traffic? 20:21 -!- skynet-2000 is now known as darkconer 20:22 -!- darkconer is now known as skynet-2000 20:22 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has quit [Quit: too late] 21:10 <+EugeneKay> !noroot 21:10 <@vpnHelper> "noroot" is See !unpriv for a writeup by EugeneKay 21:10 <+EugeneKay> !unpriv 21:10 <@vpnHelper> "unpriv" is see https://community.openvpn.net/openvpn/wiki/UnprivilegedUser for a write-up by EugeneKay on how to run OpenVPN without root/admin permissions. 21:10 < krzee> hey awesome! 21:13 <+EugeneKay> Mrh? 21:13 <@vpnHelper> RSS Update - forum: user-auth-verify Win7 write error 21:24 <+EugeneKay> Yay, my own guide came in handy. 21:25 -!- danielsh [~danielsh@apache/committer/danielsh] has joined #openvpn 21:25 -!- danielsh [~danielsh@apache/committer/danielsh] has left #openvpn [] 21:45 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Ping timeout: 240 seconds] 21:46 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 21:56 <@vpnHelper> RSS Update - forum: how can we improve SEO on sites 22:02 <@vpnHelper> RSS Update - forum: I Can't Send PM || OpenVPN Setup help (HIRE) 22:38 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has quit [Ping timeout: 240 seconds] 22:47 -!- krzie [nobody@openvpn/community/support/krzee] has joined #openvpn 23:40 <@vpnHelper> RSS Update - forum: VPN connection lost in seconds 23:51 -!- skynet2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn --- Day changed Mon Jan 09 2012 00:01 -!- skynet2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 00:18 <@vpnHelper> RSS Update - forum: Newbee Help Please 00:30 <@vpnHelper> RSS Update - forum: Openvpn config to allow IGMP traffic? 00:34 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 00:38 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 00:41 -!- GHAI_ [~joti@cthulhu-isp.net] has joined #openvpn 00:42 -!- Olipro_ [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn 00:44 -!- Mimiko [~mimiko@77.89.245.38] has joined #openvpn 00:46 -!- Xymski [~Zimsky@rozznet.net] has joined #openvpn 00:46 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has quit [Ping timeout: 240 seconds] 00:46 -!- Netsplit *.net <-> *.split quits: kloeri, +fremo, agagag, bragon, caemir, Zimsky, TypoNe, +GHAI 00:46 -!- Olipro_ is now known as Olipro 00:47 -!- Netsplit over, joins: agagag 00:49 -!- caemir [~caemir@78.129.43.30] has joined #openvpn 00:49 -!- kloeri [~kloeri@freenode/staff/exherbo.kloeri] has joined #openvpn 00:49 -!- bragon [~Alexandre@81.93.247.165] has joined #openvpn 00:49 -!- TypoNe [~itsme@195.197.184.87] has joined #openvpn 00:49 -!- fremo [~fremo@noc.toile-libre.net] has joined #openvpn 00:49 -!- ServerMode/#openvpn [+v fremo] by hitchcock.freenode.net 00:51 -!- caemir [~caemir@78.129.43.30] has quit [Changing host] 00:51 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 00:54 -!- lusis [u2537@gateway/web/irccloud.com/x-ashkfjvhklwyetwa] has joined #openvpn 01:16 <@vpnHelper> RSS Update - forum: [HELP] TAP-win32 adapter V9 Access Denied 01:29 -!- Mimiko [~mimiko@77.89.245.38] has quit [] 01:34 <@vpnHelper> RSS Update - forum: Http Proxy .. How to? || Openvpn config to allow IGMP traffic? 01:39 -!- Mp5- [~Mp5@99-59-223-143.lightspeed.jcvlfl.sbcglobal.net] has quit [Ping timeout: 252 seconds] 01:40 -!- Mp5- [~Mp5@99-59-223-143.lightspeed.jcvlfl.sbcglobal.net] has joined #openvpn 01:40 <@vpnHelper> RSS Update - forum: Routing LANs connected to VPN Server/client (default gw) || Advice on openvpn deployment 01:46 <@vpnHelper> RSS Update - forum: ZyXEL USG static route not working for Internet access || Routing Problem 01:52 <@vpnHelper> RSS Update - forum: user-auth-verify Win7 write error 01:58 <@vpnHelper> RSS Update - forum: GetAdaptersInfo #2 failed 02:04 <@vpnHelper> RSS Update - forum: Routing LANs connected to VPN Server/client (default gw) || openvpn and source based routing 02:08 -!- dazo_afk is now known as dazo 02:10 <@vpnHelper> RSS Update - forum: [HELP] TAP-win32 adapter V9 Access Denied 02:24 -!- SOG [~SOG@168.70.16.99] has quit [Ping timeout: 248 seconds] 02:26 -!- SOG [~SOG@wsip-70-164-135-177.lv.lv.cox.net] has joined #openvpn 02:26 -!- SOG [~SOG@wsip-70-164-135-177.lv.lv.cox.net] has quit [Remote host closed the connection] 02:27 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 02:28 -!- Denial [Denial@drgi.co.uk] has joined #openvpn 02:28 <@vpnHelper> RSS Update - forum: Want to establish VPN in a Organization Pease Help 02:32 -!- Azrael808 [~peter@212.161.9.162] has joined #openvpn 02:53 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 02:55 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 248 seconds] 02:58 <@vpnHelper> RSS Update - forum: Weird routing problem 03:03 -!- mape2k [~mape2k@2001:6f8:997:1000:221:86ff:fe98:93a2] has joined #openvpn 03:16 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has joined #openvpn 03:30 -!- chantra [~chantra@unaffiliated/chantra] has quit [Read error: Operation timed out] 03:33 -!- chantra [~chantra@unaffiliated/chantra] has joined #openvpn 03:40 <@vpnHelper> RSS Update - forum: ufw blocking connections 03:42 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 03:47 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 03:53 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Quit: UnterPerro lives to save another day] 04:08 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has quit [Ping timeout: 260 seconds] 04:21 -!- master_of_master [~master_of@p57B544DA.dip.t-dialin.net] has quit [Ping timeout: 240 seconds] 04:23 -!- master_of_master [~master_of@p57B55C85.dip.t-dialin.net] has joined #openvpn 04:29 -!- DarthGandalf [~Vetinari@znc/developer/DarthGandalf] has quit [Ping timeout: 268 seconds] 04:32 -!- rob0 [rob0@pdpc/valentine/postfixninja/rob0] has joined #openvpn 04:32 -!- noisebleed [~quassel@kermit.inescn.pt] has joined #openvpn 04:32 -!- noisebleed [~quassel@kermit.inescn.pt] has quit [Changing host] 04:32 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has joined #openvpn 04:32 < rob0> !syslog 04:33 < rob0> I don't see in the man page where it is possible to change the syslog facility when in --daemon mode. Is it? 04:37 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 04:40 -!- bolovanos [~bb@38.213.broadband7.iol.cz] has joined #openvpn 04:40 < bolovanos> hi 04:40 -!- zux [~zux@195.13.186.54] has joined #openvpn 04:41 < bolovanos> win7 64bit, OpenVPN GUI v1.0.3 04:41 < bolovanos> I have problem to rewrite my old pem file with new one i got. it is caused by writing privileges on config directory. 04:41 < bolovanos> is there any possible way to tell to VPN that my actual pem file is somewhere else than in config directory. I have tried to reedit .config file, but it says that backslashes are not allowed. 04:41 < rob0> dazo, http://openvpn.net/archive/openvpn-devel/2005-01/msg00033.html ... 7 years ago, was this implemented? 04:41 <@vpnHelper> Title: [Openvpn-devel] syslog facility config choice (at openvpn.net) 04:41 < zux> looks like there was no answer 04:44 <@vpnHelper> RSS Update - forum: I Can't Send PM 04:45 <@dazo> rob0: yes, that's implemented ... has been in the source tree at least since the BETA21 days (2005) 04:45 <@dazo> rob0: but it's a compile time configuration 04:46 < rob0> I still don't see it in the man ... ah 04:46 < rob0> would be nice to be able to set that at run time :) 04:46 <@dazo> well, yeah ... not a high priority thing, but doable .... file a Trac ticket, and we won't forget it :) 04:47 < rob0> zux, --> job for you :) 04:48 < rob0> I might, if I get around to it. 04:48 < rob0> dazo, thanks. 04:49 < rob0> if I do it I'll include a man page patch 04:49 <@dazo> rob0: that'd be wonderful! 04:50 < zux> rob0, that would be just great :) 04:55 -!- DarthGandalf [~Vetinari@znc/developer/DarthGandalf] has joined #openvpn 04:58 < zux> https://community.openvpn.net/openvpn/ticket/188 04:58 <@vpnHelper> Title: #188 (syslog facility config should be set in config file) – OpenVPN Community (at community.openvpn.net) 05:02 < rob0> okay, I'll try to remember to do a man page patch 05:06 < zux> and i'll just wait with my syslog needs :) 05:09 -!- vocis [~vocis@gateway/tor-sasl/voidzero] has quit [Ping timeout: 276 seconds] 05:13 -!- vereteran [~vereteran@static.88-198-170-117.clients.your-server.de] has quit [Quit: ZNC - http://znc.in] 05:14 -!- cpm [~Chip@pdpc/supporter/active/cpm] has joined #openvpn 05:19 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 248 seconds] 05:20 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 05:31 -!- vereteran [~vereteran@static.88-198-170-117.clients.your-server.de] has joined #openvpn 05:33 -!- vocis [~vocis@gateway/tor-sasl/voidzero] has joined #openvpn 05:34 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has joined #openvpn 05:42 <@vpnHelper> RSS Update - forum: [HELP] TAP-win32 adapter V9 Access Denied 05:46 -!- vpopov [~happylife@dyn-58-35.fttbee.kis.ru] has joined #openvpn 05:49 -!- Ehaa86 [~eivind@gore.copyleft.no] has joined #openvpn 05:51 -!- vocis [~vocis@gateway/tor-sasl/voidzero] has quit [Remote host closed the connection] 05:56 -!- Ciph [~Ciph@109-104-19-74.customers.ownit.se] has joined #openvpn 05:56 < Ciph> !welcome 05:56 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 05:56 -!- cpm [~Chip@pdpc/supporter/active/cpm] has quit [Quit: cpm] 05:57 < Ciph> !configs 05:57 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries 05:58 < Ciph> hi im having a issue using openvpn with openwrt, im getting read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054) 05:59 < Ciph> i have followed this guide, opened up port etc http://wiki.openwrt.org/inbox/vpn.howto 06:01 < hyper_ch> !howto 06:01 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror 06:06 <@vpnHelper> RSS Update - forum: Auto disconnect 06:13 < Ehaa86> !route 06:13 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT or (#3) See !tcpip for more info about a more basic networking guide 06:18 <@vpnHelper> RSS Update - forum: Weird routing problem 06:21 < Ehaa86> I have a bit of a problem. I've created a new OpenVPN-server. Same config as all my old ones (which work like a charm.) I use "push "redirect-gateway def1"" to make all traffic go through the openvpn-server. But the clients gets the default gateway "10.0.1.5" (which doesnt respond/work.) If i manually force the gateway to 10.0.1.1 everything works like a charm. Does anyone have any idea on how to fix this? (Server: Ubuntu 10.04 LTS, Client: Windows XP wit 06:22 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has joined #openvpn 06:35 -!- Ciph [~Ciph@109-104-19-74.customers.ownit.se] has quit [Read error: Connection reset by peer] 06:36 -!- Ciph [~Ciph@109-104-19-74.customers.ownit.se] has joined #openvpn 06:41 -!- defsdoor [~andy@cpc17-sutt4-2-0-cust175.perr.cable.virginmedia.com] has joined #openvpn 06:48 <@vpnHelper> RSS Update - forum: user-auth-verify Win7 write error 06:49 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has quit [Remote host closed the connection] 07:00 -!- Ciph_ [~Ciph@109-104-19-74.customers.ownit.se] has joined #openvpn 07:00 -!- Ciph [~Ciph@109-104-19-74.customers.ownit.se] has quit [Read error: Connection reset by peer] 07:02 -!- Ciph [~Ciph@109-104-19-74.customers.ownit.se] has joined #openvpn 07:05 -!- Ciph_ [~Ciph@109-104-19-74.customers.ownit.se] has quit [Ping timeout: 276 seconds] 07:05 <@vpnHelper> RSS Update - forum: Weird routing problem 07:06 -!- mape2k [~mape2k@2001:6f8:997:1000:221:86ff:fe98:93a2] has quit [Quit: Leaving] 07:11 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has joined #openvpn 07:18 <@vpnHelper> RSS Update - forum: Route problems in Windows 7/2008 07:49 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has joined #openvpn 07:58 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has quit [Ping timeout: 240 seconds] 08:02 -!- MarKsaitis_ [~MarKsaiti@195.59.185.18] has joined #openvpn 08:03 -!- MarKsaitis_ [~MarKsaiti@195.59.185.18] has quit [Read error: Connection reset by peer] 08:05 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has quit [Ping timeout: 252 seconds] 08:10 -!- Ciph [~Ciph@109-104-19-74.customers.ownit.se] has quit [Quit: KVIrc 4.0.4 Insomnia http://www.kvirc.net/] 08:26 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has joined #openvpn 08:36 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has quit [Quit: Leaving] 08:38 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has joined #openvpn 08:39 -!- APTX [APTX@unaffiliated/aptx] has quit [Read error: Connection reset by peer] 08:39 -!- APTX [APTX@unaffiliated/aptx] has joined #openvpn 08:43 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has joined #openvpn 08:44 -!- tjz [~pc@unaffiliated/tjz] has quit [Quit: bbl.] 08:45 -!- Gravitron [~admin@65.28.68.253] has joined #openvpn 08:45 -!- Gravitron [~admin@65.28.68.253] has quit [Changing host] 08:45 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 08:50 -!- APTX [APTX@unaffiliated/aptx] has quit [Read error: Connection reset by peer] 08:51 -!- APTX [APTX@unaffiliated/aptx] has joined #openvpn 08:54 <@vpnHelper> RSS Update - forum: No more internet connexion 09:00 <@vpnHelper> RSS Update - forum: Http Proxy .. How to? 09:04 -!- bolovanos [~bb@38.213.broadband7.iol.cz] has quit [Quit: Miranda IM! Smaller, Faster, Easier. http://miranda-im.org] 09:11 -!- mgorbach [~mgorbach@96.241.54.213] has joined #openvpn 09:12 < mgorbach> Anyone out there a VPN performance expert? I'm seeing weirdness where downloads from the VPN server machine are fast, but downloads from other machines on its subnet are slow. 09:22 -!- KaiForce [~chatzilla@adsl-70-228-75-61.dsl.akrnoh.ameritech.net] has joined #openvpn 09:24 <@vpnHelper> RSS Update - forum: Openvpn config to allow IGMP traffic? 09:29 -!- Intensity [6zNDP14Gi1@unaffiliated/intensity] has joined #openvpn 09:29 <@vpnHelper> RSS Update - forum: OpenVPN Routed Performance Issue 09:35 -!- zz_mgorbach [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has joined #openvpn 09:35 <@vpnHelper> RSS Update - forum: Help setting upTunnel 09:58 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has quit [Quit: Leaving] 10:00 -!- zux [~zux@195.13.186.54] has quit [Ping timeout: 240 seconds] 10:02 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Ping timeout: 240 seconds] 10:13 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 10:24 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 10:30 -!- Axeman [~Axeman3@198.105.46.46] has joined #openvpn 10:30 -!- Axeman [~Axeman3@198.105.46.46] has quit [Changing host] 10:30 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 10:30 -!- mode/#openvpn [+v Axeman] by ChanServ 10:31 -!- APTX_ [APTX@unaffiliated/aptx] has joined #openvpn 10:32 -!- APTX [APTX@unaffiliated/aptx] has quit [Ping timeout: 260 seconds] 10:39 -!- APTX_ [APTX@unaffiliated/aptx] has quit [Read error: Connection reset by peer] 10:39 -!- APTX [APTX@unaffiliated/aptx] has joined #openvpn 10:42 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Quit: Computer has gone to sleep.] 10:42 <@vpnHelper> RSS Update - forum: IGMP 10:50 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 10:53 -!- APTX [APTX@unaffiliated/aptx] has quit [Read error: Connection reset by peer] 10:53 -!- APTX [APTX@unaffiliated/aptx] has joined #openvpn 10:54 -!- Ehaa86 [~eivind@gore.copyleft.no] has quit [Quit: Lost terminal] 10:55 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Read error: Connection reset by peer] 11:03 -!- APTX_ [APTX@unaffiliated/aptx] has joined #openvpn 11:03 -!- APTX [APTX@unaffiliated/aptx] has quit [Read error: Connection reset by peer] 11:07 -!- vpopov [~happylife@dyn-58-35.fttbee.kis.ru] has quit [Ping timeout: 240 seconds] 11:16 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 11:26 -!- dazo is now known as dazo_afk 11:27 <+EugeneKay> !iptables 11:27 <@vpnHelper> "iptables" is (#1) to test if iptables is your problem, disable all rules or put the defaults to accept: iptables -P INPUT ACCEPT; iptables -P OUTPUT ACCEPT; iptables -P FORWARD ACCEPT; iptables -F; iptables -Z or (#2) please see http://openvpn.net/man#lbBD for more info or (#3) you can see http://www.secure-computing.net/wiki/index.php/OpenVPN/Firewall for pf or iptables 11:31 <@vpnHelper> RSS Update - forum: WHS as internet gateway with Open VPN anonymisation service 11:34 -!- Secret [~Secret@78.157.114.78] has quit [Ping timeout: 240 seconds] 11:34 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Quit: Sorry Gotta Run!] 11:36 -!- Secret [~Secret@78.157.114.78] has joined #openvpn 11:39 -!- Azrael808 [~peter@212.161.9.162] has quit [Ping timeout: 244 seconds] 12:27 -!- KaiForce [~chatzilla@adsl-70-228-75-61.dsl.akrnoh.ameritech.net] has quit [Quit: ChatZilla 0.9.88 [Firefox 8.0.1/20111120135848]] 12:51 -!- Essobi [~Essobi@74-128-55-37.dhcp.insightbb.com] has quit [Ping timeout: 252 seconds] 12:57 -!- raidz [~raidz@openvpn/corp/admin/andrew] has quit [Ping timeout: 252 seconds] 13:16 -!- troyt [~troyt@c-24-10-222-127.hsd1.ut.comcast.net] has joined #openvpn 13:21 -!- troyt [~troyt@c-24-10-222-127.hsd1.ut.comcast.net] has quit [Client Quit] 13:24 -!- troyt [~troyt@c-24-10-222-127.hsd1.ut.comcast.net] has joined #openvpn 13:33 -!- Xymski is now known as Zimsky 13:39 -!- troyt [~troyt@c-24-10-222-127.hsd1.ut.comcast.net] has quit [Quit: AAAGH! IT BURNS!] 13:44 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has quit [] 13:49 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has joined #openvpn 13:53 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 13:53 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Client Quit] 13:55 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 13:56 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Client Quit] 13:59 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 14:01 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 14:08 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has joined #openvpn 14:16 -!- vocis [~vocis@gateway/tor-sasl/voidzero] has joined #openvpn 14:35 < netskay> has anyone tinkered with tinc VPN here? 14:37 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has joined #openvpn 14:37 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has quit [Ping timeout: 240 seconds] 14:41 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has quit [Read error: Connection reset by peer] 14:41 -!- [1]netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has joined #openvpn 14:43 < ErichG> greetings all - I'm so close to having an openvpn bridging server working under osx lion, but have a head scratcher. In short, the exact same configuration works running on a linux OpenVPN server, but when executed on the Mac, while the remote router connects to the server, and server and router can ssh to each other over the tunnel, no other clients can see the vpn server. I gather it must have something to do with the tap or bridg 14:43 < ErichG> interface in OSX - any ideas? 14:44 < krzee> hang around, i think ecrist has found some weird stuff with bridging in osx 14:44 < ErichG> ahso! 14:44 < ErichG> thanks 14:44 < krzee> in the meantime, want me to try to talk you out of using bridge mode? 14:44 < ErichG> lol 14:44 < ErichG> no 14:45 < ErichG> I'll stick around, and in the meantime just run the server on a linux box. 14:47 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has joined #openvpn 14:47 < krzee> ok well ill let my bot get in some of my finer points ;] 14:47 < krzee> !tunortap 14:47 <@vpnHelper> "tunortap" is (#1) you ONLY want tap if you need to pass layer2 traffic over the vpn (traffic destined for a MAC address). If you are using IP traffic you want tun. Dont waste the extra overhead. or (#2) and if your reason for wanting tap is windows shares, see !wins or (#3) also remember that if someone gets access to any side of a tap vpn they can use layer2 attacks like arp poisoning against you over 14:47 <@vpnHelper> the vpn or (#4) lan gaming? use tap! 14:49 < ErichG> those are tasty 14:50 < ErichG> it's for my greedy little macintosh site to site bonjour.... I admit it. Shoot me! 14:50 < ErichG> I use routed for most things 14:56 -!- Deathvalley122 [~Death@localtel.eagleits.net] has quit [Remote host closed the connection] 14:56 < krzee> ;] 14:56 -!- Deathvalley122 [~Death@localtel.eagleits.net] has joined #openvpn 14:57 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has quit [Ping timeout: 240 seconds] 15:18 < haggler> !wins 15:18 <@vpnHelper> "wins" is http://oreilly.com/catalog/samba/chapter/book/ch07_03.html is a good link for seeing how to run WINS on samba 15:43 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has joined #openvpn 15:53 <@vpnHelper> RSS Update - forum: breaking up Class C into four subnets 15:56 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has quit [Ping timeout: 244 seconds] 16:08 -!- defsdoor [~andy@cpc17-sutt4-2-0-cust175.perr.cable.virginmedia.com] has quit [Quit: Ex-Chat] 16:12 -!- [1]netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has quit [Read error: Connection reset by peer] 16:12 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has joined #openvpn 16:13 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has quit [Read error: Connection reset by peer] 16:14 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has joined #openvpn 16:18 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has joined #openvpn 16:23 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 240 seconds] 16:24 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 16:30 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has quit [Ping timeout: 240 seconds] 16:35 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has joined #openvpn 16:46 -!- p3rror [~mezgani@41.249.9.45] has joined #openvpn 16:51 -!- p3rror is now known as UnicornS 16:55 -!- vocis [~vocis@gateway/tor-sasl/voidzero] has quit [Remote host closed the connection] 16:55 -!- vocis [~vocis@gateway/tor-sasl/voidzero] has joined #openvpn 16:59 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has quit [Ping timeout: 240 seconds] 17:02 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has quit [Quit: Leaving] 17:08 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has joined #openvpn 17:17 <@vpnHelper> RSS Update - forum: Auth script returns "1" but, connects anyway 17:18 -!- Secret [~Secret@78.157.114.78] has quit [Ping timeout: 240 seconds] 17:19 -!- Secret [~Secret@78.157.114.78] has joined #openvpn 17:24 -!- luckman212 [~irc@pool-108-41-8-176.nycmny.fios.verizon.net] has joined #openvpn 17:28 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has quit [Ping timeout: 240 seconds] 17:29 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has joined #openvpn 17:34 -!- [1]netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has joined #openvpn 17:34 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has quit [Read error: Connection reset by peer] 17:34 -!- [1]netskay is now known as netskay 17:34 -!- Azrael808 [~peter@cpc17-walt12-2-0-cust657.13-2.cable.virginmedia.com] has joined #openvpn 17:34 <@vpnHelper> RSS Update - forum: Setup Ethernet Bridging on two remote site (One as server an 17:37 -!- [1]netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has joined #openvpn 17:37 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has quit [Read error: Connection reset by peer] 17:37 -!- [1]netskay is now known as netskay 17:38 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has quit [Read error: Connection reset by peer] 17:40 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has joined #openvpn 17:40 -!- Azrael808 [~peter@cpc17-walt12-2-0-cust657.13-2.cable.virginmedia.com] has quit [Ping timeout: 240 seconds] 17:45 -!- raidz [~raidz@openvpn/corp/admin/andrew] has joined #openvpn 17:45 -!- mode/#openvpn [+o raidz] by ChanServ 17:50 -!- dangergrrl [~ariana@8.22.83.149] has joined #openvpn 17:51 < dangergrrl> !welcome 17:51 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 17:51 < dangergrrl> !goal 17:51 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc 17:53 < dangergrrl> !configs 17:53 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries 17:53 < dangergrrl> !logs 17:53 <@vpnHelper> "logs" is (#1) is please pastebin your logfiles from both client and server with verb set to 5 or (#2) In Tunnelblick, right-click and select copy to copy log text to clipboard. 18:11 -!- ppr is now known as peper 18:21 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has quit [Ping timeout: 240 seconds] 18:27 -!- troyt [~troyt@c-24-10-222-127.hsd1.ut.comcast.net] has joined #openvpn 18:34 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has joined #openvpn 18:35 < krzee> !ircstats 18:35 <@vpnHelper> "ircstats" is (#1) See http://secure-computing.net/logs/openvpn.html for all-time IRC stats. or (#2) See http://secure-computing.net/logs/openvpn-devel.html for all-time dev channel IRC stats. 18:41 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Ping timeout: 240 seconds] 18:41 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 18:43 -!- SOG [~SOG@wsip-70-164-135-177.lv.lv.cox.net] has joined #openvpn 18:43 -!- SOG [~SOG@wsip-70-164-135-177.lv.lv.cox.net] has quit [Client Quit] 18:57 -!- brah [c82b2429@gateway/web/freenode/ip.200.43.36.41] has joined #openvpn 18:58 < brah> Question: In a tun server, all the traffic between clients goes through the server, right? 19:02 < krzee> in openvpn, regardless of tun or tap, yes 19:03 -!- _julian_ [~quassel@hmbg-4d06e74b.pool.mediaWays.net] has quit [Read error: Operation timed out] 19:03 -!- skynet-2000 is now known as thecooler 19:04 -!- thecooler is now known as skynet-2000 19:04 -!- _julian [~quassel@hmbg-4d06e0b6.pool.mediaWays.net] has joined #openvpn 19:13 -!- Denial [Denial@drgi.co.uk] has quit [] 19:16 <@vpnHelper> RSS Update - forum: user-auth-verify Win7 write error 19:17 -!- tekzilla [~jon@hmbg-5f7604b5.pool.mediaWays.net] has quit [Ping timeout: 244 seconds] 19:19 -!- tekzilla [~jon@hmbg-5f77c405.pool.mediaWays.net] has joined #openvpn 19:34 <@vpnHelper> RSS Update - forum: ZyXEL USG static route not working for Internet access 19:40 <@vpnHelper> RSS Update - forum: IGMP 19:46 -!- vocis [~vocis@gateway/tor-sasl/voidzero] has quit [Quit: vocis] 19:51 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 20:00 -!- _julian_ [~quassel@hmbg-4d06ae95.pool.mediaWays.net] has joined #openvpn 20:00 -!- _julian [~quassel@hmbg-4d06e0b6.pool.mediaWays.net] has quit [Read error: Operation timed out] 20:19 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Remote host closed the connection] 20:21 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has quit [Ping timeout: 276 seconds] 20:24 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has joined #openvpn 20:24 -!- dangergrrl [~ariana@8.22.83.149] has quit [Ping timeout: 240 seconds] 20:30 -!- dangergrrl [~ariana@8.22.83.149] has joined #openvpn 20:57 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has quit [Read error: Connection reset by peer] 20:57 -!- [1]netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has joined #openvpn 21:07 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has joined #openvpn 21:07 -!- [1]netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has quit [Read error: Connection reset by peer] 21:10 <@vpnHelper> RSS Update - forum: can't connect to connection 21:14 -!- UnicornS [~mezgani@41.249.9.45] has quit [Ping timeout: 240 seconds] 21:20 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has quit [Ping timeout: 240 seconds] 21:23 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has joined #openvpn 21:28 <@vpnHelper> RSS Update - forum: user-auth-verify Win7 write error 21:30 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has quit [Read error: Connection reset by peer] 21:30 -!- [1]netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has joined #openvpn 21:44 -!- brah [c82b2429@gateway/web/freenode/ip.200.43.36.41] has quit [Ping timeout: 258 seconds] 22:01 -!- dangergrrl [~ariana@8.22.83.149] has quit [Ping timeout: 240 seconds] 22:04 <@vpnHelper> RSS Update - forum: Browser not routing through openvpn connection 22:10 <@vpnHelper> RSS Update - forum: TCP Out of Order Problem 22:28 -!- dangergrrl [~ariana@8.22.83.149] has joined #openvpn 22:40 <@vpnHelper> RSS Update - forum: Ubuntu 10.10 Certificate error 22:54 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 22:58 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Ping timeout: 244 seconds] 23:02 -!- dangergrrl [~ariana@8.22.83.149] has quit [Ping timeout: 252 seconds] 23:10 <@vpnHelper> RSS Update - forum: route traffic of one network adapters, two connected 23:31 -!- dangergrrl [~ariana@8.22.83.149] has joined #openvpn 23:37 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 23:40 -!- [1]netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has quit [Quit: HydraIRC -> http://www.hydrairc.com <- The professional IRC Client :D] 23:50 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 23:54 -!- mgorbach [~mgorbach@96.241.54.213] has quit [Quit: Leaving...] 23:54 -!- zz_mgorbach is now known as mgorbach --- Day changed Tue Jan 10 2012 00:28 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 00:30 -!- ovid [~ovid@unaffiliated/ovid] has quit [Quit: ...you break it, you pwn it.] 00:50 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 00:56 <@vpnHelper> RSS Update - forum: Site to Site problems. 01:14 <@vpnHelper> RSS Update - forum: Help setting upTunnel 01:20 <@vpnHelper> RSS Update - forum: Openvpn config to allow IGMP traffic? || Want to establish VPN in a Organization Pease Help 01:20 -!- mattock [~samuli@openvpn/corp/admin/mattock] has joined #openvpn 01:20 -!- mode/#openvpn [+o mattock] by ChanServ 01:36 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has quit [Ping timeout: 240 seconds] 01:49 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has joined #openvpn 01:49 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Quit: UnterPerro lives to save another day] 01:56 <@vpnHelper> RSS Update - forum: Free providers? 01:58 -!- stephanj [stephan@nemesis.stejau.de] has joined #openvpn 01:58 < stephanj> is there a way to have openvpn in bridged modus getting the ip via dhcp of the target network? 02:05 < reiffert> y 02:08 <@vpnHelper> RSS Update - forum: Span / Monitor port when using "client-to-client" mode? 02:14 <@vpnHelper> RSS Update - forum: Connects but can't reach remote network 02:17 < reiffert> !factoids search --values dhcp 02:17 <@vpnHelper> 'bridge-dhcp', 'dhcp', 'pushdns', and 'win_ipfail' 02:17 < reiffert> !dhcp 02:17 <@vpnHelper> "dhcp" is redirect-gateway bypass-dhcp gets around the problem of DHCP packets to the local DHCP server being incorrectly routed into the tunnel. Available in 2.1 02:17 < reiffert> !bridge-dhcp 02:17 <@vpnHelper> "bridge-dhcp" is http://openvpn.net/faq.html#bridge-addressing for making clients grab dhcp ip over the bridge but not over-riding dhcp ip from local dhcp server 02:23 < stephanj> the faq link is not available anymore, or rather doesnt point to any special article 02:26 < reiffert> http://openvpn.net/index.php/open-source/faq/77-server/323-i-want-to-set-up-an-ethernet-bridge-on-the-1921681024-subnet-existing-dhcp.html 02:26 <@vpnHelper> Title: I want to set up an ethernet bridge on the 192.168.1.0/24 subnet. existing DHCP. (at openvpn.net) 02:28 -!- meepmeep [meepmeep@212.24.104.229] has quit [Ping timeout: 244 seconds] 02:36 < stephanj> ah thanks! 03:08 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has quit [Ping timeout: 255 seconds] 03:15 -!- JackWinter [~jack@vodsl-8990.vo.lu] has quit [Quit: Konversation terminated!] 03:15 -!- JackWinter [~jack@vodsl-8990.vo.lu] has joined #openvpn 03:17 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has joined #openvpn 03:27 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has joined #openvpn 03:28 -!- nur [~nur@86.98.17.198] has joined #openvpn 03:28 < nur> Hi 03:28 < nur> any body home 03:28 < nur> ? 03:29 < nur> server.conf 03:30 < nur> local 192.168.0.113 03:30 < nur> port 1194 03:30 < nur> proto udp 03:30 < nur> dev tun 03:30 < nur> ca ca.crt 03:30 < nur> cert server.crt 03:30 < nur> key server.key # This file should be kept secret 03:30 -!- nur was kicked from #openvpn by vpnHelper [Flooding detected. Please use http://pastebin.com for posting logs or configs.] 03:31 -!- nur [~nur@86.98.17.198] has joined #openvpn 03:31 < nur> hi 03:35 < stephanj> pastebin and no meta questions 03:35 < nur> ? 03:35 < stephanj> http://pastebin.com 03:35 < nur> ahh ok 03:35 < nur> can you help me 03:35 < nur> ? 03:35 < stephanj> and "anybody home" - just ask 03:35 < stephanj> idk 03:36 < stephanj> i havent seen a question 03:36 < nur> i can tell you 03:36 < nur> im new to irc 03:36 < nur> never used in in my life 03:36 < nur> i dont know how it works 03:36 < nur> stuck with OpenVPN configuration 03:36 < stephanj> jap paste the config file again to the pastebin 03:36 < stephanj> then ask your question 03:36 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has quit [Ping timeout: 240 seconds] 03:36 < nur> ok 03:39 < nur> http://pastebin.com/290TgnSt 03:41 < stephanj> what is the problem? 03:44 -!- Denial [Denial@drgi.co.uk] has joined #openvpn 03:46 -!- CaBa [caba@unique-inter.net] has left #openvpn [] 03:49 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 03:54 -!- X0Rc0re [~chatzilla@203-206-101-97.dyn.iinet.net.au] has joined #openvpn 04:21 -!- master_of_master [~master_of@p57B55C85.dip.t-dialin.net] has quit [Ping timeout: 240 seconds] 04:23 -!- master_of_master [~master_of@p57B554F2.dip.t-dialin.net] has joined #openvpn 04:36 -!- X0Rc0re [~chatzilla@203-206-101-97.dyn.iinet.net.au] has quit [Quit: ChatZilla 0.9.88 [Firefox 8.0.1/20111120135848]] 05:02 <@vpnHelper> RSS Update - forum: Openvpn config to allow IGMP traffic? 05:05 -!- beerbro [~gustav@mineralwasser.jesus.si] has quit [Read error: Connection reset by peer] 05:10 -!- gustav- [~gustav@mineralwasser.jesus.si] has joined #openvpn 05:21 -!- gustav- is now known as beerbro 05:24 -!- krzie [nobody@openvpn/community/support/krzee] has quit [Quit: This computer has gone to sleep] 05:32 <@vpnHelper> RSS Update - forum: Browser not routing through openvpn connection || Ubuntu 10.10 Certificate error 05:45 <@vpnHelper> RSS Update - forum: need help on installing old program on windows 7 05:45 -!- X0Rc0re [~chatzilla@203-206-101-97.dyn.iinet.net.au] has joined #openvpn 05:45 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 06:03 -!- X0Rc0re [~chatzilla@203-206-101-97.dyn.iinet.net.au] has quit [Quit: ChatZilla 0.9.88 [Firefox 8.0.1/20111120135848]] 06:17 -!- dazo_afk is now known as dazo 06:25 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 252 seconds] 06:25 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 06:26 -!- takamichi [~pri@217.23.4.104] has joined #openvpn 06:34 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 06:38 -!- Cyntrox [~Cyntrox@146.247.152.209] has joined #openvpn 06:42 -!- jhp [~jhp@zeus.jhprins.org] has joined #openvpn 06:43 < jhp> Hi everyone. I need to migrate my openvpn server to a new CA with new certs for everybody. I have created my new CA. What are my next steps. Can I run the same OpenVPN server with a cert from both CA's and a CA file containing information for both CA's? 06:44 < jhp> So basicly extending the 3 files with an extra CA, an extra key and an extra cert? 07:00 -!- Cyntrox [~Cyntrox@146.247.152.209] has quit [Ping timeout: 252 seconds] 07:01 <@ecrist> what did I do? 07:03 -!- Cyntrox [~Cyntrox@146.247.152.209] has joined #openvpn 07:07 -!- Cyntrox [~Cyntrox@146.247.152.209] has quit [Ping timeout: 252 seconds] 07:12 -!- Cyntrox_ [~Cyntrox@146.247.152.209] has joined #openvpn 07:13 < Cyntrox_> !welcome 07:13 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 07:14 < Cyntrox_> !route 07:14 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT or (#3) See !tcpip for more info about a more basic networking guide 07:17 < Cyntrox_> When I start openVPN, the tun interface is set as the default gateway - is there a way to prevent that? 07:21 <@dazo> jhp: I'd send this request to the openvpn-users mailing list ... please elaborate a bit more there. I'm sure there are more people there who can give more qualified answers .... I believe it is possible to do it like you describe, but there might be some pitfalls I'm not aware of - as I've never tried myself 07:21 <@dazo> Cyntrox_: remove --redirect-gateway from your configs 07:21 -!- ferdelan [~none@gw-2.211.ru] has joined #openvpn 07:22 < Cyntrox_> That option is not in my config. Here's a paste: http://pastebin.com/EGPdhCvV 07:23 <@dazo> Cyntrox_: then you need to add --route-nopull and add additional --route entries for those routes your do want through your VPN 07:24 < Cyntrox_> dazo: Thanks, I'll try that (and probably be disconnected from this channel in the process) 07:25 < ferdelan> Hi guys! Can someone say how to configure openvpn server for using one client with auth-pass without cipher and another client to use TLS-auth and cipher? 07:39 -!- Secret [~Secret@78.157.114.78] has quit [Read error: Operation timed out] 07:39 <+havoc> too bad one config can't establish multiple tunnels :( 07:39 -!- Cyntrox_ [~Cyntrox@146.247.152.209] has quit [Read error: Connection reset by peer] 07:40 -!- Secret [~Secret@78.157.114.78] has joined #openvpn 07:45 -!- Cyntrox [~Cyntrox@146.247.152.209] has joined #openvpn 07:47 -!- codingrobot [~codingrob@heim-032-63.raab-heim.uni-linz.ac.at] has joined #openvpn 07:47 -!- Secret [~Secret@78.157.114.78] has quit [Ping timeout: 260 seconds] 07:49 -!- Azrael808 [~peter@212.161.9.162] has joined #openvpn 07:49 -!- Secret [~Secret@78.157.114.78] has joined #openvpn 07:50 -!- ravel_exe [ravel_exe@175.142.247.6] has joined #openvpn 07:59 -!- krzie [nobody@hemp.ircpimps.org] has joined #openvpn 07:59 -!- krzie [nobody@hemp.ircpimps.org] has quit [Changing host] 07:59 -!- krzie [nobody@openvpn/community/support/krzee] has joined #openvpn 08:01 -!- meepmeep [meepmeep@there-is-no.endoftheinternet.org] has joined #openvpn 08:02 -!- X0Rc0re [~chatzilla@203-206-101-97.dyn.iinet.net.au] has joined #openvpn 08:08 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 08:13 -!- ravel_cmd [ravel_exe@175.142.247.6] has joined #openvpn 08:15 -!- ravel_exe [ravel_exe@175.142.247.6] has quit [Ping timeout: 255 seconds] 08:21 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 08:21 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has joined #openvpn 08:23 -!- Secret [~Secret@78.157.114.78] has quit [Ping timeout: 244 seconds] 08:23 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 08:25 -!- Secret [~Secret@78.157.114.78] has joined #openvpn 08:30 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 08:30 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 08:36 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 08:37 -!- anathaema [~ariana@8.22.83.149] has joined #openvpn 08:39 -!- bragon_ [~Alexandre@81.93.247.165] has joined #openvpn 08:39 -!- fremo_ [~fremo@noc.toile-libre.net] has joined #openvpn 08:40 -!- mgorbach [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has quit [Ping timeout: 240 seconds] 08:40 -!- bragon [~Alexandre@81.93.247.165] has quit [Ping timeout: 240 seconds] 08:40 -!- dangergrrl [~ariana@8.22.83.149] has quit [Ping timeout: 240 seconds] 08:40 -!- Cyntrox [~Cyntrox@146.247.152.209] has quit [Read error: Connection reset by peer] 08:41 -!- kloeri [~kloeri@freenode/staff/exherbo.kloeri] has quit [Remote host closed the connection] 08:41 -!- Cyntrox_ [~Cyntrox@146.247.152.209] has joined #openvpn 08:41 -!- kloeri [~kloeri@freenode/staff/exherbo.kloeri] has joined #openvpn 08:41 -!- fremo [~fremo@noc.toile-libre.net] has quit [Ping timeout: 240 seconds] 08:41 -!- zz_mgorbach [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has joined #openvpn 08:41 -!- zz_mgorbach is now known as mgorbach 08:43 -!- ravel_cmd [ravel_exe@175.142.247.6] has quit [Remote host closed the connection] 08:43 -!- ravel_exe [ravel_exe@175.142.247.6] has joined #openvpn 08:46 -!- kloeri [~kloeri@freenode/staff/exherbo.kloeri] has quit [Read error: Connection reset by peer] 08:46 -!- kloeri [~kloeri@freenode/staff/exherbo.kloeri] has joined #openvpn 08:51 -!- kloeri [~kloeri@freenode/staff/exherbo.kloeri] has quit [Read error: Connection reset by peer] 08:51 -!- kloeri [~kloeri@freenode/staff/exherbo.kloeri] has joined #openvpn 08:56 -!- kloeri [~kloeri@freenode/staff/exherbo.kloeri] has quit [Read error: Connection reset by peer] 08:57 -!- kloeri [~kloeri@freenode/staff/exherbo.kloeri] has joined #openvpn 08:57 -!- kloeri [~kloeri@freenode/staff/exherbo.kloeri] has quit [Quit: leaving] 08:57 -!- Gravitron [~admin@65.28.68.253] has joined #openvpn 08:57 -!- Gravitron [~admin@65.28.68.253] has quit [Changing host] 08:57 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 09:01 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 09:01 -!- Secret [~Secret@78.157.114.78] has quit [Read error: Operation timed out] 09:01 < X0Rc0re> need help with setting up OpenVPN 09:01 < X0Rc0re> can someone please help me 09:01 -!- kloeri [~kloeri@freenode/staff/exherbo.kloeri] has joined #openvpn 09:04 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 09:05 <@dazo> X0Rc0re: step carefully ... we're not going to help without seeing your configuration attempts first 09:10 < X0Rc0re> i sent them last time 09:11 -!- Cyntrox_1 [~Cyntrox@146.247.159.205] has joined #openvpn 09:12 -!- Cyntrox_1 [~Cyntrox@146.247.159.205] has quit [Read error: Connection reset by peer] 09:12 -!- ravel_cmd [ravel_exe@175.142.247.6] has joined #openvpn 09:12 -!- lusis [u2537@gateway/web/irccloud.com/x-ashkfjvhklwyetwa] has left #openvpn [] 09:13 < rob0> hmmm, do we have a heightened sense of entitlement here? :) 09:13 -!- Secret [~Secret@78.157.114.78] has joined #openvpn 09:14 < rob0> I scrolled up anyway, and in several pages of the channel, there was no evidence of any pastebin from a "X0Rc0re". 09:14 -!- Cyntrox_ [~Cyntrox@146.247.152.209] has quit [Ping timeout: 252 seconds] 09:15 <+havoc> I think the point is: "paste it again", no matter what 09:15 <+havoc> you can't expect those who help scores of people daily to remember a paste for you 09:15 -!- ravel_exe [ravel_exe@175.142.247.6] has quit [Ping timeout: 248 seconds] 09:16 -!- Cyntrox_ [~Cyntrox@146.247.152.209] has joined #openvpn 09:21 -!- Secret [~Secret@78.157.114.78] has quit [Ping timeout: 276 seconds] 09:22 -!- Secret [~Secret@78.157.114.78] has joined #openvpn 09:23 -!- ravel_cmd [ravel_exe@175.142.247.6] has quit [Remote host closed the connection] 09:24 <@dazo> havoc++ 09:26 < X0Rc0re> effort = too much effort. 09:26 < X0Rc0re> teamviewer can help :) 09:26 < X0Rc0re> its all on there 09:26 < X0Rc0re> all my configs 09:26 <@dazo> X0Rc0re: last chance ... WE DO NOT DO TEAMVIEWER SUPPORT HERE 09:26 * rob0 loses interest in helping 09:26 < X0Rc0re> which channel does? 09:27 <@dazo> X0Rc0re: YOU must put some effort into solving this ... and we will guide you ... we will NOT do the job for you 09:27 < rob0> http://sweet.nodns4.us/ 09:27 <@vpnHelper> Title: S.W.E.E.T.: Stop Wasting Everyone Else's Time (at sweet.nodns4.us) 09:27 < X0Rc0re> you must understand i am still a young fellow, at the tender age of 12. 09:27 <@dazo> then you have the capacity to learn ... and you learn by doing 09:29 -!- Secret [~Secret@78.157.114.78] has quit [Ping timeout: 240 seconds] 09:29 -!- Secret [~Secret@78.157.114.78] has joined #openvpn 09:30 -!- ravel_exe [~ravel_exe@175.142.247.6] has joined #openvpn 09:35 -!- ravel_exe [~ravel_exe@175.142.247.6] has quit [Read error: Connection reset by peer] 09:36 -!- ravel_exe [ravel_exe@175.142.247.6] has joined #openvpn 09:38 < jeev> uh 09:38 < jeev> once every 6 months, something happens to a vpn for a customer. 09:38 < jeev> i can't get past the router (first hop) 09:39 < jeev> win xp client machines - linux router (192.168.1.254) - internet - myvpn 09:40 < jeev> when i try to traceroute one of the two ips that's routed specifically to go through the vpn via pushing the route, the computers when traceing it, will show the first hop, 192.168.1.254, everything else will time out. nothing has been touched. 09:45 -!- Secret [~Secret@78.157.114.78] has quit [Ping timeout: 252 seconds] 09:47 -!- Secret [~Secret@78.157.114.78] has joined #openvpn 09:49 -!- Cyntrox_ [~Cyntrox@146.247.152.209] has quit [Ping timeout: 276 seconds] 09:51 -!- Cyntrox [~Cyntrox@146.247.152.209] has joined #openvpn 09:51 -!- Secret [~Secret@78.157.114.78] has quit [Ping timeout: 252 seconds] 09:53 -!- Secret [~Secret@78.157.114.78] has joined #openvpn 09:53 < krzie> jeev, are you also thumbs? 09:55 < jeev> no way! 09:55 < jeev> ick! 09:56 < jeev> i started this gangster shit, this is the THANKS I GET? 09:56 <@ecrist> you started what? 09:56 < jeev> who knows 09:56 < jeev> any idea what i'm experiencing ? 09:56 <@ecrist> no 09:56 < krzie> lack of troubleshooting experience 09:56 -!- ravel_exe [ravel_exe@175.142.247.6] has quit [] 09:56 < krzie> seems to be the big factor 09:56 * jeev waves his fist at ecrist and krzie 09:57 < jeev> i'll follow the packets i guess 09:57 < jeev> i just wanted to a quick answer 09:57 < krzie> heh 09:57 < jeev> now! 10:00 -!- Secret [~Secret@78.157.114.78] has quit [Ping timeout: 252 seconds] 10:00 -!- thumbs [1000@unaffiliated/thumbs] has joined #openvpn 10:00 < thumbs> krzie: no. 10:00 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 10:00 < krzie> lol 10:01 < thumbs> krzie: I have spies everywhere. 10:01 -!- Secret [~Secret@78.157.114.78] has joined #openvpn 10:02 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 10:03 -!- Cyntrox [~Cyntrox@146.247.152.209] has quit [Ping timeout: 268 seconds] 10:04 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has quit [Quit: Leaving] 10:05 < krzie> ;] 10:05 * jeev knows the spy 10:05 < jeev> thumbs, can't believe he mistook me for YOU, as i said, "ick" 10:06 < krzie> you did change handles to his once before :-p 10:06 < thumbs> he tried, when I was offline. 10:06 < jeev> yea like 3 months ago 10:06 <@vpnHelper> RSS Update - forum: Browser not routing through openvpn connection 10:06 < krzie> and both your idents are numeric 10:06 < thumbs> thankfully, I have enforce on. 10:06 < jeev> pfft, he's user 1000 10:06 < jeev> i'm user 1004, i'm too cool, i have 3 users before. 10:07 < jeev> lol 4 10:07 < krzie> actually, 4 before 10:07 < jeev> i dont know how to co uhnt 10:07 < krzie> ya 10:07 < krzie> and thats not counting root 10:07 < krzie> which i bet came before too 10:07 < jeev> THAT'S NOT COUNTING LP 10:08 < krzie> but i was pretty sure it was different people 10:08 < krzie> cause in #mysql i seen that thumbs knows stuff 10:09 < krzie> and well 10:09 < krzie> heh 10:09 < jeev> yea, he doesn't know nearly enough 10:09 < jeev> the other day he was asking me the difference between phillips and a flat head 10:09 -!- rkantos [~robin2@109.169.55.199] has quit [Read error: Connection reset by peer] 10:09 < thumbs> jeev: shut up already. 10:09 < krzie> 1 makes TV's, other is for setting your beer on while getting head? 10:10 < jeev> krzie, who knows. 10:10 < jeev> he's pmsing, so i'm going to stop, he's a real bad pmser 10:11 < jeev> krzie 10:11 < jeev> i tried it on my nexus, it wouldn't set default gateway 10:11 < jeev> too lazy to figure out why 10:11 < krzie> .topic 10:11 < jeev> i have won the laziness achievment. 10:12 < krzie> oh n m 10:12 < krzie> it used to say we wouldnt put in more effort than you 10:12 < krzie> i guess now we will! :-p 10:12 -!- grendal-prime [~sgraham@2001:470:822a:200:1e75:8ff:fe48:dfef] has joined #openvpn 10:12 < jeev> those days are gone! 10:12 < jeev> na i'll figure that out later, not important 10:13 < krzie> its easy dude, just get a log 10:13 < grendal-prime> ok i guess i just cant think of how to word this. I connected from a terminal.. like openvpn --config myconfig.conf 10:13 < grendal-prime> an that works..but the terminal got shut down and the tun is still up. 10:13 < grendal-prime> i want to disconnect via the term...and i see no way of doing that 10:13 < krzie> kill 10:14 < grendal-prime> openvp --kill tun0 ? 10:14 < krzie> no 10:14 < krzie> kill 10:14 < krzie> yanno, normal unix admin stuff ;] 10:14 < grendal-prime> really? wow i thought there would be some... 10:15 < grendal-prime> i dont know... tun remove command 10:15 < grendal-prime> interesting.. 10:15 < krzie> well 10:15 < krzie> openvpn is still running 10:15 < jeev> i wonder if that's krzie 10:15 < krzie> ;] 10:15 < krzie> kill openvpn, run will go away 10:15 < krzie> unless it was persistant (made with --mktun) in which case --rmtun would do it 10:18 < grendal-prime> ok well i just used htop found it and killed it. Thats how i did it in the past i just thought there was a more...well prefered way of doing it. 10:18 < krzie> s/run/tun/ 10:18 < krzie> well if you use the management interface you could likely kill it from there 10:19 < krzie> but really, if you just use kill it should suicide cleanly 10:19 < krzie> kill -9 would be more unclean, but really shouldnt matter either 10:19 < krzie> unless you have disconnect scripts that matter 10:19 -!- takamichi [~pri@217.23.4.104] has quit [Ping timeout: 252 seconds] 10:19 < krzie> besides, nobody breaks out the -9 hammer needlessly anymore, right? 10:23 <@dazo> krzie: kill -9 might not necessarily remove any created devices ... that usually tells the kernel to kill the process without mercy ... kill [-15 (TERM)] will allow the process to shutdown properly on its own 10:25 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 10:27 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 10:29 < krzie> ahh wed 10:29 < krzie> werd* 10:32 <@dazo> it's not so weird actually. SIGKILL is a signal which can not be caught by the application at all. The kernel will just go into its internal scheduler and remove that job as a running process and free the memory used by it ... with SIGTERM it will send the signal to the application which can then "catch" this signal and run a "cleanup" routine. The application will then stop doing whatever it did, and the registered signal handler process 10:32 <@dazo> will be run instead ... and it can even decide to ignore SIGTERM if it wants to (even though that's considered bad coding) 10:35 < krzie> werd != weird 10:35 <@dazo> ahh 10:35 < krzie> werd is like "cool" 10:35 * dazo read "weird" and saw now it is "werd" :) 10:35 < krzie> ya that happens a bit actually 10:36 <@dazo> :) 10:36 < krzie> hows things going man? 10:37 <@dazo> pretty good ... having a pretty full plate these days ... and too many cool tasks to look at :) 10:37 <@dazo> but trying to stay on top of openvpn patches though :) 10:37 < krzie> ;] 10:37 <+EugeneKay> krzie - kinda. I managed to corrupt the databases while testing failover, gave up there. 10:37 < krzie> http://i.imgur.com/p3eX2.png 10:37 < krzie> LOL 10:38 < krzie> nsfw (text only) 10:38 <@dazo> Even managed to get some time for eurephia hacking too ... a PostgreSQL database driver is taking pretty good shape now :) (supplemental to SQLite) 10:38 < krzie> oh very cool 10:39 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 10:40 <@dazo> Next part is to revamp the code to be able to use LDAP for authentication (coupled with SQLite or PostgreSQL db for config/user tracking) 10:40 <@dazo> (and then maybe Kerberos as a supplement to LDAP) 10:42 <@dazo> and by the way ... if you want a great enterprisey SQL database ... look at PostgreSQL .... forget about MySQL - that's a piece of crap when you want to do more advanced stuff 10:42 <@dazo> EugeneKay: how do you find such stuff ....... 10:43 <@dazo> on second though ... I don't want to know! :-P 10:43 <+EugeneKay> dazo - which stuff? 10:43 <@dazo> geee ... I misread! I meant krzie! 10:44 <+EugeneKay> The stuff I find is far worse >_> 10:44 <@dazo> Then I definitely don't want to know! ;-) 10:52 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Quit: Computer has gone to sleep.] 10:58 <@vpnHelper> RSS Update - forum: Routes problem, ping not into LAN || Newbee Help Please 11:01 -!- Azrael808 [~peter@212.161.9.162] has quit [Ping timeout: 240 seconds] 11:08 -!- caemir [~caemir@78.129.43.30] has joined #openvpn 11:08 -!- caemir [~caemir@78.129.43.30] has quit [Changing host] 11:08 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 11:13 -!- Axeman [~Axeman3@198.105.46.46] has joined #openvpn 11:13 -!- Axeman [~Axeman3@198.105.46.46] has quit [Changing host] 11:13 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 11:13 -!- mode/#openvpn [+v Axeman] by ChanServ 11:28 -!- Secret [~Secret@78.157.114.78] has quit [Ping timeout: 248 seconds] 11:30 -!- Secret [~Secret@78.157.114.78] has joined #openvpn 11:33 -!- grendal-prime [~sgraham@2001:470:822a:200:1e75:8ff:fe48:dfef] has quit [Ping timeout: 260 seconds] 11:34 -!- grendal-prime [~sgraham@2001:470:822a:200:1e75:8ff:fe48:dfef] has joined #openvpn 11:38 -!- Secret [~Secret@78.157.114.78] has quit [Ping timeout: 268 seconds] 11:38 -!- Secret [~Secret@78.157.114.78] has joined #openvpn 11:40 <@ecrist> jeev: wtf are you carrying on about? 11:47 -!- Secret [~Secret@78.157.114.78] has quit [Ping timeout: 252 seconds] 11:52 -!- Secret [~Secret@78.157.114.78] has joined #openvpn 11:53 -!- X0Rc0re [~chatzilla@203-206-101-97.dyn.iinet.net.au] has quit [Remote host closed the connection] 11:53 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 11:57 -!- Secret [~Secret@78.157.114.78] has quit [Ping timeout: 276 seconds] 11:58 < jeev> BLAH 11:59 -!- Secret [~Secret@78.157.114.78] has joined #openvpn 12:00 -!- ferdelan [~none@gw-2.211.ru] has quit [] 12:01 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 12:08 -!- Secret [~Secret@78.157.114.78] has quit [Ping timeout: 268 seconds] 12:11 -!- Secret [~Secret@78.157.114.78] has joined #openvpn 12:14 -!- futurestack [~o_o@unaffiliated/futurestack] has joined #openvpn 12:25 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 12:32 < krzie> !hmac 12:32 <@vpnHelper> "hmac" is (#1) The tls-auth directive adds an additional HMAC signature to all SSL/TLS handshake packets for integrity verification. Any UDP packet not bearing the correct HMAC signature can be dropped without further processing. The tls-auth HMAC signature provides an additional level of security above and beyond that provided by SSL/TLS. or (#2) openvpn --genkey --secret ta.key to make the tls static key 12:32 <@vpnHelper> , in configs: tls-auth ta.key # , 1 for client or 0 for server in the configs 12:35 -!- Secret [~Secret@78.157.114.78] has quit [Ping timeout: 244 seconds] 12:36 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Quit: Computer has gone to sleep.] 12:37 < krzie> !certverify 12:37 <@vpnHelper> "certverify" is verify your certs are signed correctly by running `openssl verify -CAfile ` for client.crt and server.crt 12:38 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has joined #openvpn 12:41 -!- Secret [~Secret@78.157.114.46] has joined #openvpn 12:54 -!- dazo is now known as dazo_afk 13:06 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 13:08 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 13:09 -!- WaGE [~wormwood@c-174-48-233-198.hsd1.md.comcast.net] has joined #openvpn 13:09 -!- gremly [~gremly@200.106.218.64] has joined #openvpn 13:10 -!- gremly [~gremly@200.106.218.64] has quit [Client Quit] 13:10 -!- Secret [~Secret@78.157.114.46] has quit [Ping timeout: 252 seconds] 13:10 < WaGE> Greetings all, is there anyway I can get the hostname or arbitrary data from a remote client without sshing into box? 13:11 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Read error: Connection reset by peer] 13:11 < hyper_ch> WaGE: what do you try to achieve? 13:11 < WaGE> I just want to be able to identify the clients 13:12 < WaGE> and I can't use common name etc from cert 13:12 < hyper_ch> use CCD 13:12 < hyper_ch> and assign each one a static ip 13:13 < WaGE> hrm, that wouldn't work in my current setup >_< 13:14 <@vpnHelper> RSS Update - forum: OpenVPN in WinCE 13:14 < WaGE> hyper_ch: so there is no way to pull information from client? 13:14 < WaGE> hyper_ch: like hostname for example 13:14 < krzie> no 13:14 < WaGE> hyper_ch: having only the dhcp assigned IP address 13:14 < WaGE> darn 13:15 < krzie> you could use hostname as the common-name 13:15 < WaGE> yeah, was hoping there was something else 13:15 < WaGE> like a command line option that would push certain info to server 13:15 < hyper_ch> you could use magic 13:15 < krzie> but nothing should ever be pushed to the server 13:15 < krzie> and because of that, cant 13:15 < WaGE> yeah 13:16 < krzie> the info that is given to the server that does what you want is the common-name 13:16 < WaGE> hmm, so it would have to be some other kind of mechanism outside of OpenVPN 13:16 -!- Secret [~Secret@78.157.114.46] has joined #openvpn 13:16 < WaGE> krzie: right, the thing is the certs are shared between all the clients 13:16 < krzie> so you use pw auth? 13:16 < WaGE> so at the moment, common name won't do it 13:18 < krzie> you are using usernames/passwords right? 13:18 < WaGE> nope 13:18 < WaGE> just the certs 13:18 < krzie> then your setup is done wrong, and thats why you have no accountability 13:18 < krzie> theres no work-around to attempt to make it right, cause its wrong ;] 13:18 < krzie> like fundamentally 13:19 < hyper_ch> but isn't "no accountability" a good thing? 13:19 < krzie> not if you run the server :-p 13:19 <+EugeneKay> Only at Enron. 13:19 < krzie> or if it is, then he doesnt need info from the client ;] 13:19 < krzie> but he cant break all accountability, then ask why he cant have some accountability 13:19 < WaGE> also to add a little bit of more fuel to the fire 13:20 < WaGE> even if I did have user / pass 13:20 < WaGE> they would share :X 13:20 < krzie> why 13:20 <+EugeneKay> I lolt 13:23 < WaGE> sorry back 13:23 < WaGE> because 13:23 < WaGE> they're devices 13:24 < hyper_ch> everything is a device :) 13:28 * rob0 is a device 13:28 < WaGE> ... 13:29 < WaGE> devices with very limited configurability ~_~ 13:29 < WaGE> basically just clones 13:29 -!- r0ckY [~r0ckY@host74-2.natpool.mwn.de] has joined #openvpn 13:30 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has quit [] 13:30 < r0ckY> hi, i need to have specific mac addresses for my clients. I can assign these in windows quitlinux?e easily, but what would be the best way to deal with this in 13:31 < r0ckY> hi, i need to have specific mac addresses for my clients. I can assign these in windows quite easily, but what would be the best way to deal with this in linux? 13:37 -!- r0ckY [~r0ckY@host74-2.natpool.mwn.de] has quit [Quit: IRC webchat at http://irc2go.com/] 13:37 -!- anathaema [~ariana@8.22.83.149] has quit [Ping timeout: 240 seconds] 13:41 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has quit [Remote host closed the connection] 13:41 <@vpnHelper> RSS Update - forum: openvpn stops working after a server reboot 13:42 -!- mattock [~samuli@openvpn/corp/admin/mattock] has left #openvpn [] 13:48 <@vpnHelper> RSS Update - forum: Error svc_run_except 13:54 <@vpnHelper> RSS Update - forum: Problem starting Access Server. || SVC_RUN_EXCEPT-cannot start server 13:57 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 240 seconds] 14:00 <@vpnHelper> RSS Update - forum: Auth script returns "1" but, connects anyway 14:37 -!- skynet-2000 [~skynet-20@99-62-100-172.lightspeed.tukrga.sbcglobal.net] has joined #openvpn 14:37 -!- skynet-2000 [~skynet-20@99-62-100-172.lightspeed.tukrga.sbcglobal.net] has quit [Changing host] 14:37 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 14:44 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 14:54 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has joined #openvpn 15:06 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Read error: Operation timed out] 15:07 -!- Rolybrau [~Rolybrau@33-97.3-85.cust.bluewin.ch] has joined #openvpn 15:07 -!- Rolybrau [~Rolybrau@33-97.3-85.cust.bluewin.ch] has quit [Changing host] 15:07 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 15:08 -!- mgorbach is now known as zz_mgorbach 15:17 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has quit [Quit: ErichG] 15:54 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has quit [Ping timeout: 260 seconds] 16:04 -!- Gravitron [~admin@76.92.159.145] has joined #openvpn 16:04 -!- Gravitron [~admin@76.92.159.145] has quit [Changing host] 16:04 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 16:05 -!- newl [~newl@97.75.165.156] has joined #openvpn 16:08 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Ping timeout: 248 seconds] 16:14 -!- Schnabeltier [Schnabel3@ist.verliebt.in.seinen.bouncer.von.bouncer-paradise.com] has joined #openvpn 16:22 -!- eutheria [~eutheria@cpc7-cmbg14-2-0-cust43.5-4.cable.virginmedia.com] has joined #openvpn 16:30 -!- eutheria [~eutheria@cpc7-cmbg14-2-0-cust43.5-4.cable.virginmedia.com] has quit [Ping timeout: 252 seconds] 16:31 -!- eutheria [~eutheria@cpc7-cmbg14-2-0-cust43.5-4.cable.virginmedia.com] has joined #openvpn 16:34 -!- Schnabeltier [Schnabel3@ist.verliebt.in.seinen.bouncer.von.bouncer-paradise.com] has left #openvpn [] 16:34 -!- Schnabeltier [Schnabel3@ist.verliebt.in.seinen.bouncer.von.bouncer-paradise.com] has joined #openvpn 16:35 < Schnabeltier> !welcome 16:35 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 16:36 < Schnabeltier> !goal 16:36 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc 16:37 < Schnabeltier> !readirect 16:37 < Schnabeltier> !redirect 16:38 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns 16:38 < Schnabeltier> !def1 16:38 <@vpnHelper> "def1" is (#1) used in redirect-gateway, Add the def1 flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. or (#2) please see --redirect-gateway in the man page ( !man ) to fully understand or (#3) push "redirect-gateway def1" 16:39 * Schnabeltier alleready confused 16:39 < Schnabeltier> !ipforward 16:39 <@vpnHelper> "ipforward" is please choose between !linipforward !winipforward !osxipforward and !fbsdipforward 16:39 < Schnabeltier> !linipforward 16:39 <@vpnHelper> "linipforward" is (#1) echo 1 > /proc/sys/net/ipv4/ip_forward for a temp solution (til reboot) or set net.ipv4.ip_forward = 1 in sysctl.conf for perm solution or (#2) chmod +x /etc/rc.d/rc.ip_forward for perm solution in slackware 16:41 < Schnabeltier> !nat 16:41 <@vpnHelper> "nat" is (#1) http://openvpn.net/howto.html#redirect for an explanation of NAT as it applies to openvpn or (#2) http://www.secure-computing.net/wiki/index.php/OpenVPN/FAQ#Traffic_forwarding_doesn.27t_work_when_using_client_specific_access_rules or (#3) dont forget to turn on ip forwarding or (#4) please choose between !linnat !winnat and !fbsdnat for specific howto 16:41 < Schnabeltier> !linnat 16:41 <@vpnHelper> "linnat" is (#1) for a basic iptables NAT where 10.8.0.x is the vpn network: iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE or (#2) to choose what IP address to NAT as, you can use iptables -t nat -I POSTROUTING -o eth0 -j SNAT --to or (#3) http://netfilter.org/documentation/HOWTO//NAT-HOWTO.html for more info or (#4) openvz see !openvzlinnat 16:57 -!- okamis_ [2eef7d06@gateway/web/freenode/ip.46.239.125.6] has joined #openvpn 16:58 < okamis_> Hi, I have set up a routed connection by the arch wiki guide, I just wonder why I lose my lan connection when I start the openvpn server 17:14 < dioz> redirect policy? 17:19 -!- newl [~newl@97.75.165.156] has quit [Quit: Lost terminal] 17:21 -!- newl [~newl@97.75.165.156] has joined #openvpn 17:21 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 240 seconds] 17:25 -!- WaGE [~wormwood@c-174-48-233-198.hsd1.md.comcast.net] has quit [Ping timeout: 260 seconds] 17:25 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has quit [Remote host closed the connection] 17:31 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has joined #openvpn 17:36 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has quit [Ping timeout: 276 seconds] 17:44 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has joined #openvpn 17:52 < krzee> okamis_, we dont know, use, or care about the arch wiki guide 17:52 < krzee> !welcome 17:52 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 17:53 <@vpnHelper> RSS Update - forum: Can ping everything, except VPN Server LAN IP 18:07 < okamis_> !route 18:07 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT or (#3) See !tcpip for more info about a more basic networking guide 18:09 -!- kardus [~kardus@silph.co] has joined #openvpn 18:35 < okamis_> !redirect 18:35 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns 18:36 < okamis_> !dns 18:36 <@vpnHelper> "dns" is (#1) Level3 open recursive DNS server at 4.2.2.[1-6] or (#2) Google open recursive DNS server at 8.8.8.8 / 8.8.4.4 or (#3) you might be looking for !pushdns 18:37 < okamis_> !def1 18:37 <@vpnHelper> "def1" is (#1) used in redirect-gateway, Add the def1 flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. or (#2) please see --redirect-gateway in the man page ( !man ) to fully understand or (#3) push "redirect-gateway def1" 18:38 -!- grendal-prime [~sgraham@2001:470:822a:200:1e75:8ff:fe48:dfef] has quit [Ping timeout: 260 seconds] 18:40 < newl> !strongswan 18:41 < Olipro> OpenVPN is not IPSec 18:49 < krzee> !notcompat 18:49 <@vpnHelper> "notcompat" is (#1) IPSEC and PPTP are _not_ compatible with OpenVPN. OpenVPN uses SSL whereas PPTP and IPSEC use proprietary protocols and therefore cannot be compatible. or (#2) OpenVPN only connects to OpenVPN 18:53 < newl> Olipro: no kidding 18:54 < Olipro> you know there's a strongswan IRC channel right? 18:54 < Olipro> on this very network 18:54 < newl> no way ... is it called #strongswan?? who would a guessed - been there for years bud 18:56 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has joined #openvpn 18:56 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has quit [Changing host] 18:56 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 18:56 -!- mode/#openvpn [+v Axeman] by ChanServ 18:57 < Olipro> then that makes your querying the channel bot with "!strongswan" appear all the more bizarre 18:58 < newl> as does your response 19:03 <+EugeneKay> Ladies, please. 19:03 -!- JoeGazz84 is now known as joegazz 19:04 <+EugeneKay> Can't we all get along? 19:06 <@vpnHelper> RSS Update - forum: Routing to VPN stil not working with Open VPN2.2.2 19:10 -!- Denial [Denial@drgi.co.uk] has quit [] 19:18 -!- tekzilla [~jon@hmbg-5f77c405.pool.mediaWays.net] has quit [Ping timeout: 248 seconds] 19:18 -!- okamis_ [2eef7d06@gateway/web/freenode/ip.46.239.125.6] has quit [Ping timeout: 258 seconds] 19:20 -!- tekzilla [~jon@hmbg-4d06ad17.pool.mediaWays.net] has joined #openvpn 19:27 < Olipro> good old vpnHelper with those RSS updates 19:27 < Olipro> because the channel can never have enough stupid 19:28 < Olipro> internat exploder wont route thru my VPN, plz halp! 19:29 < dioz> what's wrong with ie? 19:29 < dioz> i primarily use ie 19:29 < krzee> !windows 19:29 <@vpnHelper> "windows" is (#1) pcs are like air conditioners, they work fine unless you open windows or (#2) http://secure-computing.net/files/windows.jpg for funny or (#3) http://secure-computing.net/files/windows_2.jpg for more funny 19:29 < dioz> not funny at all 19:30 < krzee> not joking 19:30 < krzee> :-p 19:31 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has quit [Ping timeout: 240 seconds] 19:34 < newl> Olipro: must be nice to be so superior to everyone else 19:39 -!- APTX_ is now known as APTX 19:40 <+JodaZ> newl, it is 19:41 <+JodaZ> why is routing always so rocket sciency 19:43 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has joined #openvpn 19:45 <+havoc> routing is easy; finding the typo not so much ;) 19:45 <+JodaZ> routing isn't easy 19:45 <+JodaZ> not even subnet masks are, i mean when theres a gui for it, couldn't they at least show how they match ? with like bits and colour ? 19:46 <+havoc> eh, well to me it makes sense 19:46 <+havoc> but I still have problems with it, usually a typo that takes me forever to find :( 19:49 <+havoc> that or some other colosally stupid mistake 19:50 <+JodaZ> how does routing work again ? you specify a ip+mask+interface for where packets go out for that ipmask match ? 19:50 <+havoc> don't think about masks, that'll mess you up 19:51 <+havoc> they matter, but not before you understand the rest 19:51 <+havoc> it's all about the "hops" 19:52 <+havoc> if you have points A, B, and C, and you want to get to C from A via B, the B needs to know about (i.e. have a route to) A and C 19:52 <+havoc> a route is a direction for packets to the next "hop" 19:52 <+JodaZ> so what what parameters does a route have ? 19:53 <+havoc> the the route on A for A to B would actually be the address of B 19:53 <+havoc> at most basic it's an address, mask, and gateway 19:53 <+havoc> with an optional interface and/or metric 19:54 <+havoc> but metrics are for graph theory, you don't need to know that ;) 19:54 <+JodaZ> gateway is an ip that is looked up to a mac thats then used, right ? 19:54 <+havoc> gateway and interfaces can be used *almost* interchangably 19:54 <+JodaZ> wat 19:54 <+havoc> that just tells the packets which exit door to use 19:55 <+JodaZ> just because an interface has its own default gateway you don't need to only use that to ever route over that interface, do you ? 19:55 <+havoc> *or* which door leads to the destination they already know (from the route) that they need to get to 19:55 -!- pranq [pranq@unaffiliated/contempt] has quit [Read error: Operation timed out] 19:56 <+havoc> default gateway is something lsightly different 19:56 -!- zz_mgorbach is now known as mgorbach 19:58 -!- _julian [~quassel@hmbg-4d069186.pool.mediaWays.net] has joined #openvpn 19:58 <+havoc> JodaZ: I'd try to help/explain more, but it's my bedtime 19:59 <+JodaZ> same here pretty much 19:59 <+JodaZ> good night 19:59 -!- pranq [pranq@unaffiliated/contempt] has joined #openvpn 20:00 < mgorbach> Anyone other there familiar with tcpdump? 20:00 < mgorbach> I'm troublingshooting an OpenVPN performance issue and trying to understand why tcpdump is reporting large numbers of packets "dropped by interface." 20:01 < newl> it ain't that hard - i can even do it 20:02 <@ecrist> what interface dropped them? 20:02 -!- _julian_ [~quassel@hmbg-4d06ae95.pool.mediaWays.net] has quit [Ping timeout: 252 seconds] 20:02 < mgorbach> The interface on my openvpn server, which is masquerading. 20:02 -!- Essobi [~Essobi@74-128-55-37.dhcp.insightbb.com] has joined #openvpn 20:03 < mgorbach> I am noticing good performance downloading from the openvpn server itself, but slow performance downloading from other machines on its subnet. 20:03 < newl> are you talking about when you end tcpdump and it says # dropped packets? 20:03 < newl> those are packets you didn't have it collect 20:03 -!- grendal-prime [~sgraham@c-67-187-145-117.hsd1.ca.comcast.net] has joined #openvpn 20:04 < mgorbach> It says "0 dropped by filter, 0 dropped by kernel, dropped by interface" 20:06 < mgorbach> Oh, maybe dropped by interface means that they were dropped because they were not on the specifc interface. 20:06 < newl> what is your command line 20:08 <@ecrist> mgorbach: the interface will drop packets that it receievs, but which were not destined for it 20:08 < mgorbach> Ah 20:09 < mgorbach> ecrist: So that makes sense in the case of masquerading? 20:09 <@ecrist> sure 20:10 < newl> promiscuousness 20:10 <@ecrist> it tells me you have a device sending traffic to an interface, and you're doing something wrong. 20:11 < mgorbach> Hmm 20:11 < mgorbach> ecrist: The problem I'm troubleshooting is this: https://forums.openvpn.net/topic9553.html 20:11 <@vpnHelper> Title: OpenVPN Support Forum OpenVPN Routed Performance Issue : Configuration (at forums.openvpn.net) 20:12 < mgorbach> Basically, download from the VPN server itself is fas.t Downlad form any other machine on its LAN subnet is slow. 20:12 < mgorbach> And I can't figure out why. 20:16 -!- novaflash is now known as novaflash_away 20:17 <@ecrist> mgorbach: one would argue you're doing it wrong 20:17 < mgorbach> ecrist: How so? 20:17 <@ecrist> you should have your openvpn server in between your airport extreme and your internet gateway 20:17 <@ecrist> let the AE be an AP 20:18 < mgorbach> ecrist: Why is that a better design? (Sorry, quite new to networks). 20:19 <@ecrist> if you're new to networks, you really have no business messing with masquerading. 20:19 -!- pa [~pa@unaffiliated/pa] has quit [Read error: Operation timed out] 20:20 < mgorbach> ecrist: The issue is that I have an old AppleTV I've hacke into a Gentoo linux server. I want it to be an OpenVPN gateway for me, so I don't have to keep my other machines on. 20:20 < mgorbach> Because the AE is my gateway, I can't do static routes, so masquerading was the only way to allow the OpenVPN clients to access the server subnet, as I understood it. 20:20 < mgorbach> And it does _work_, it just seems to have horrible perofrmance issues that I don't understand. 20:20 <@ecrist> right, and I'm not a linux guy, and your issue isn't openvpn 20:21 <@ecrist> it's the masquerading 20:21 < mgorbach> I figured that, given that the connection is performing great to the server directly. 20:21 <@ecrist> !notopenvpn 20:21 <@vpnHelper> "notopenvpn" is your problem is not about openvpn, and while we try to be helpful, you may have a better chance of finding your answer if you ask your question in a channel related to your problem 20:22 < mgorbach> But does masquerading have known problems that prevent it from working in my setup? 20:26 <@ecrist> I don't have your setup, so, no known issues, I guess. 20:27 <@ecrist> we do all sorts of redirects and NAT on our network at $work and have no issues. 20:27 <@ecrist> but, we have a properly configured network, as well, with decent kit 20:35 -!- pa [~pa@unaffiliated/pa] has joined #openvpn 20:58 -!- troyt [~troyt@c-24-10-222-127.hsd1.ut.comcast.net] has quit [Quit: AAAGH! IT BURNS!] 21:00 -!- troyt [~troyt@c-24-10-222-127.hsd1.ut.comcast.net] has joined #openvpn 21:07 < codingrobot> i'm looking for a working udp-hole-punching tool similar to http://code.google.com/p/udponnat/ because my server is behind firewall. any ideas? 21:07 <@vpnHelper> Title: udponnat - UDPonNAT is a PROXY for UDP application. With UDPonNAT, you can make your UDP application server to provide service behind the NAT device. - Google Project Hosting (at code.google.com) 21:09 -!- newl [~newl@97.75.165.156] has quit [Quit: Reconnecting] 21:09 -!- newl [~newl@97.75.165.156] has joined #openvpn 21:17 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Ping timeout: 248 seconds] 21:26 <@vpnHelper> RSS Update - forum: OpenVPN hickups with Remote Printers for MS RDP 21:34 -!- |rt| [~realthing@24-181-237-193.dhcp.oxfr.ma.charter.com] has joined #openvpn 21:34 < |rt|> Has anyone seen the OpenVPN GUI not prompt the user for their username and password? 21:40 -!- vocis [~vocis@gateway/tor-sasl/voidzero] has joined #openvpn 21:45 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has joined #openvpn 21:45 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has quit [Changing host] 21:45 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 21:46 -!- mode/#openvpn [+v Axeman] by ChanServ 21:51 < |rt|> Looks like the newest version has resolved the issue. Must have been a bug in the GUI somewhere 21:52 -!- newl [~newl@97.75.165.156] has quit [Quit: leaving] 21:56 <@vpnHelper> RSS Update - forum: OpenVPN Clients Automation 22:03 -!- troyt [~troyt@c-24-10-222-127.hsd1.ut.comcast.net] has quit [Quit: AAAGH! IT BURNS!] 22:05 -!- codingrobot [~codingrob@heim-032-63.raab-heim.uni-linz.ac.at] has left #openvpn [] 22:09 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 22:12 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 22:17 -!- troyt [~troyt@2001:1938:240:3000::3] has joined #openvpn 22:21 -!- troyt [~troyt@2001:1938:240:3000::3] has quit [Client Quit] 22:24 -!- troyt [~troyt@2001:1938:240:3000::3] has joined #openvpn 22:41 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Ping timeout: 248 seconds] 22:50 -!- jameslordhz [~jack@60.12.143.54] has joined #openvpn 22:50 <@vpnHelper> RSS Update - forum: OpenVPN routing fails, but only sometimes. (windows client) 23:08 -!- twister004 [~chatzilla@59.90.104.109] has joined #openvpn 23:28 -!- mgorbach is now known as zz_mgorbach 23:43 -!- X0Rc0re [~chatzilla@203-206-23-97.dyn.iinet.net.au] has joined #openvpn 23:51 <@vpnHelper> RSS Update - forum: Invalid Subnet Mask and no Default Gateway --- Day changed Wed Jan 11 2012 00:05 -!- grendal-prime [~sgraham@c-67-187-145-117.hsd1.ca.comcast.net] has quit [Quit: Ex-Chat] 00:31 <@vpnHelper> RSS Update - forum: Can´t connect to VPN 00:38 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 00:43 -!- nur [~nur@86.98.17.198] has quit [Quit: Leaving] 00:48 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 01:01 <@vpnHelper> RSS Update - forum: Website Audit: What Really is It? 01:12 -!- X0Rc0re [~chatzilla@203-206-23-97.dyn.iinet.net.au] has quit [Quit: ChatZilla 0.9.88 [Firefox 8.0.1/20111120135848]] 01:13 -!- novaflash_away is now known as novaflash 01:20 -!- mattock [~samuli@openvpn/corp/admin/mattock] has joined #openvpn 01:20 -!- mode/#openvpn [+o mattock] by ChanServ 01:32 -!- jameslordhz [~jack@60.12.143.54] has left #openvpn [] 01:34 -!- Denial [Denial@drgi.co.uk] has joined #openvpn 01:49 <@vpnHelper> RSS Update - forum: Browser not routing through openvpn connection 01:53 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Quit: UnterPerro lives to save another day] 02:01 <@vpnHelper> RSS Update - forum: OpenVPN hickups with Remote Printers for MS RDP || Routing to VPN stil not working with Open VPN2.2.2 || Routes problem, ping not into LAN 02:06 -!- Champi [Champi@rootshell.fr] has quit [Ping timeout: 252 seconds] 02:07 <@vpnHelper> RSS Update - forum: Invalid Subnet Mask and no Default Gateway 02:18 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 268 seconds] 02:18 -!- takamichi [~pri@217.23.4.104] has joined #openvpn 02:41 -!- Azrael808 [~peter@212.161.9.162] has joined #openvpn 02:47 -!- kardus [~kardus@silph.co] has left #openvpn [] 02:50 -!- twister004 [~chatzilla@59.90.104.109] has quit [Quit: ChatZilla 0.9.88 [Firefox 9.0.1/20111220165912]] 03:13 -!- takamichi [~pri@217.23.4.104] has quit [Ping timeout: 248 seconds] 03:14 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 03:19 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has joined #openvpn 03:19 -!- X0Rc0re [~chatzilla@203-206-23-97.dyn.iinet.net.au] has joined #openvpn 03:22 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has quit [Quit: too late] 03:24 <@vpnHelper> RSS Update - forum: Routes problem, ping not into LAN 03:31 -!- Champi [Champi@rootshell.fr] has joined #openvpn 03:32 -!- eutheria [~eutheria@cpc7-cmbg14-2-0-cust43.5-4.cable.virginmedia.com] has quit [Quit: Mankind is obsolete] 03:36 <@vpnHelper> RSS Update - forum: redirect traffic to tunnel of one out of 2 network adapter || route traffic of one network adapters, two connected 03:46 -!- JackWinter [~jack@vodsl-8990.vo.lu] has quit [Quit: Konversation terminated!] 04:06 -!- X0Rc0re [~chatzilla@203-206-23-97.dyn.iinet.net.au] has quit [Quit: ChatZilla 0.9.88 [Firefox 8.0.1/20111120135848]] 04:16 -!- noisebleed [~quassel@piggy.inescn.pt] has joined #openvpn 04:16 -!- noisebleed [~quassel@piggy.inescn.pt] has quit [Changing host] 04:16 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has joined #openvpn 04:18 <@vpnHelper> RSS Update - forum: redirect traffic to tunnel of one out of 2 network adapter 04:22 -!- master_of_master [~master_of@p57B554F2.dip.t-dialin.net] has quit [Ping timeout: 252 seconds] 04:23 -!- pqatsi [~leleobhz@unaffiliated/leleobhz] has joined #openvpn 04:24 -!- master_of_master [~master_of@p57B52E1B.dip.t-dialin.net] has joined #openvpn 04:24 -!- pa [~pa@unaffiliated/pa] has quit [Quit: Sto andando via] 04:25 < pqatsi> Someone have a theory for a openvpn that dont pass any trafic more or less in a day or 2, with or without traffic? 04:25 < pqatsi> (And sometimes fails when im doing something within vpn) 04:36 <@vpnHelper> RSS Update - forum: Routes problem, ping not into LAN 04:42 <@vpnHelper> RSS Update - forum: Website Audit: What Really is It? || Routes problem, ping not into LAN || redirect traffic to tunnel of one out of 2 network adapter 04:46 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has quit [Ping timeout: 240 seconds] 04:52 -!- eutheria [~francis@host81-137-110-129.in-addr.btopenworld.com] has joined #openvpn 04:54 < eutheria> i was wondering if there is an 'easier' windows client to use, one that doesn't require me to up run the client as admin? 04:54 <@vpnHelper> RSS Update - forum: Routes problem, ping not into LAN 04:56 -!- eutheria [~francis@host81-137-110-129.in-addr.btopenworld.com] has quit [Quit: Mankind is obsolete] 04:59 -!- X0Rc0re [~chatzilla@203-59-89-93.dyn.iinet.net.au] has joined #openvpn 04:59 <@vpnHelper> RSS Update - forum: OpenVPN N2N setup with IPfire 04:59 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has joined #openvpn 05:02 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has joined #openvpn 05:10 -!- X0Rc0re [~chatzilla@203-59-89-93.dyn.iinet.net.au] has quit [Ping timeout: 240 seconds] 05:12 -!- fluter [~fluter@125.34.78.155] has joined #openvpn 05:12 -!- fluter [~fluter@125.34.78.155] has quit [Changing host] 05:12 -!- fluter [~fluter@fedora/fluter] has joined #openvpn 05:34 <@vpnHelper> RSS Update - forum: OpenVPN N2N setup with IPfire 05:35 -!- raidz [~raidz@openvpn/corp/admin/andrew] has quit [Ping timeout: 252 seconds] 05:40 -!- raidz [~raidz@openvpn/corp/admin/andrew] has joined #openvpn 05:40 -!- mode/#openvpn [+o raidz] by ChanServ 05:40 <@vpnHelper> RSS Update - forum: Routes problem, ping not into LAN 05:43 -!- Netsplit *.net <-> *.split quits: bigpaws, takamichi, Rolybrau, skynet-2000 05:47 -!- Netsplit over, joins: takamichi, Rolybrau, skynet-2000, bigpaws 06:03 -!- JackWinter [~jack@vodsl-8990.vo.lu] has joined #openvpn 06:05 <@vpnHelper> RSS Update - forum: Routes problem, ping not into LAN 06:13 -!- Tick-Tock [~Tick-Tock@2607:f358:1:fed5:22:0:b683:4295] has quit [Quit: ZNC - http://znc.in] 06:14 -!- vocis [~vocis@gateway/tor-sasl/voidzero] has quit [Ping timeout: 276 seconds] 06:16 -!- qiyong [~qiyong@60.23.248.82] has joined #openvpn 06:17 < qiyong> i want clients behind tun0 and tun1 see each other 06:17 < qiyong> i have tun0 and tun1 06:17 < qiyong> anyone help me with linux ip route? 06:17 -!- stdudz [~stdudz@cpc3-benw10-2-0-cust179.gate.cable.virginmedia.com] has joined #openvpn 06:19 -!- pa [~pa@unaffiliated/pa] has joined #openvpn 06:25 -!- vocis [~vocis@gateway/tor-sasl/voidzero] has joined #openvpn 06:28 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has joined #openvpn 06:28 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has quit [Changing host] 06:28 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 06:28 -!- mode/#openvpn [+v Axeman] by ChanServ 06:38 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Ping timeout: 248 seconds] 06:41 <@vpnHelper> RSS Update - forum: Routes problem, ping not into LAN 06:47 <@vpnHelper> RSS Update - forum: Routes problem, ping not into LAN 06:53 < |Mike|> snip those < > off ktnx 06:53 <@vpnHelper> RSS Update - forum: redirect traffic to tunnel of one out of 2 network adapter 06:54 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has joined #openvpn 06:56 -!- fluter [~fluter@fedora/fluter] has quit [Ping timeout: 260 seconds] 07:05 <@vpnHelper> RSS Update - forum: redirect traffic to tunnel of one out of 2 network adapter 07:06 -!- X0Rc0re [~chatzilla@203-206-48-170.dyn.iinet.net.au] has joined #openvpn 07:11 <@vpnHelper> RSS Update - forum: Routes problem, ping not into LAN 07:14 <+havoc> any of you guys run shorewall? 07:14 <+havoc> I'm only curious; no other reason for asking 07:14 -!- Diffen [~diffen@80.78.212.242] has joined #openvpn 07:14 -!- dazo_afk is now known as dazo 07:15 <+havoc> I generally get new users to use it as it simplifies [for them] setting up all the routing 07:16 <+havoc> ("routing" being used generically here) 07:20 -!- mrsno_ [~sno@static.153.209.46.78.clients.your-server.de] has quit [Ping timeout: 240 seconds] 07:21 -!- mrsno_ [~sno@static.153.209.46.78.clients.your-server.de] has joined #openvpn 07:23 <@vpnHelper> RSS Update - forum: need help on installing old program on windows 7 || Invalid Subnet Mask and no Default Gateway 07:26 -!- stdudz [~stdudz@cpc3-benw10-2-0-cust179.gate.cable.virginmedia.com] has quit [Ping timeout: 240 seconds] 07:28 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has joined #openvpn 07:28 <@vpnHelper> RSS Update - forum: Help setting upTunnel 07:35 <@vpnHelper> RSS Update - forum: Invalid Subnet Mask and no Default Gateway 07:39 -!- JackWinter [~jack@vodsl-8990.vo.lu] has quit [Read error: Connection reset by peer] 07:39 -!- stdudz [~stdudz@93-97-250-212.zone5.bethere.co.uk] has joined #openvpn 07:41 <@vpnHelper> RSS Update - forum: Problem connecting to SQL Server through OpenVpn tunnel || Invalid Subnet Mask and no Default Gateway 07:47 <@vpnHelper> RSS Update - forum: Invalid Subnet Mask and no Default Gateway 07:49 -!- X0Rc0re [~chatzilla@203-206-48-170.dyn.iinet.net.au] has quit [Quit: ChatZilla 0.9.88 [Firefox 8.0.1/20111120135848]] 07:54 -!- Azrael808 [~peter@212.161.9.162] has quit [Ping timeout: 252 seconds] 07:54 -!- JackWinter [~jack@vodsl-8990.vo.lu] has joined #openvpn 07:57 -!- fluter [~fluter@fedora/fluter] has joined #openvpn 07:59 <@vpnHelper> RSS Update - forum: Can ping everything, except VPN Server LAN IP || Routes problem, ping not into LAN 08:02 -!- stdudz [~stdudz@93-97-250-212.zone5.bethere.co.uk] has quit [Ping timeout: 240 seconds] 08:02 -!- stdudz [~stdudz@cpc4-newc15-2-0-cust168.gate.cable.virginmedia.com] has joined #openvpn 08:04 -!- Beave [~champ@bundy.vistech.net] has quit [Ping timeout: 255 seconds] 08:04 <@vpnHelper> RSS Update - forum: Routes problem, ping not into LAN 08:04 -!- Beave [~champ@bundy.vistech.net] has joined #openvpn 08:05 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 240 seconds] 08:06 -!- takamichi [~pri@217.23.4.104] has joined #openvpn 08:06 < stdudz> Hello, I am trying to find a way to alter or scramble the tls handshake so that l7-filters can't detect it. Can anyone point me in the right direction as to what is needed to do this? 08:07 -!- Azrael808 [~peter@212.161.9.162] has joined #openvpn 08:08 -!- Axeman [~Axeman3@198.105.46.46] has joined #openvpn 08:08 -!- Axeman [~Axeman3@198.105.46.46] has quit [Changing host] 08:08 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 08:08 -!- mode/#openvpn [+v Axeman] by ChanServ 08:11 <@vpnHelper> RSS Update - forum: Invalid Subnet Mask and no Default Gateway 08:14 < stdudz> I am studying the source and have found some info, c2.tls_multi seems to be important, I believe other people have achieved implementing such a feature 08:27 <@dazo> stdudz: that's going to be immensely difficult ... basically the OpenVPN protocol is standard SSL with an extra package in front ... this is to allow SSL over UDP (SSL is strictly designed for TCP) 08:27 <@dazo> so this extra package contains some info which UDP is lacking over TCP ... like packet sequence numbering 08:27 <@dazo> and this is why l7 filters identify openvpn traffic 08:33 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has joined #openvpn 08:34 -!- pqatsi [~leleobhz@unaffiliated/leleobhz] has quit [Ping timeout: 268 seconds] 08:35 -!- takamichi [~pri@217.23.4.104] has quit [Ping timeout: 252 seconds] 08:36 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 08:36 < stdudz> Thanks for responding dazo. Could altering the construction of the additional section in some way be enough to evade detection from the l7 filters you think? 08:37 < stdudz> rather than scrambling it 08:38 <@dazo> stdudz: if you do that, your implementation of OpenVPN will not be compatible with other versions of OpenVPN .... depending on how clever the l7 filter is, it might work .... but if you use 443/tcp ... the filter might only allow proper SSL packets there 08:47 < stdudz> Sorry i forgot to say, I have control of both clients and servers so incompatibility with standard openvpn is no problem. I'll keep investigating the source 08:48 -!- RamsesFSFE [~RamsesFSF@internetautobahn.de] has joined #openvpn 08:51 -!- Nike [~nikenike@82-171-252-6.ip.telfort.nl] has joined #openvpn 08:51 < RamsesFSFE> Hi all, I've got a problem with OpenVPN running on the tap-Device. Both server and client start without errors, and obviously, I can send packets through the VPN but don't receive any. The openvpn-status.log on the server shows much more outgoing traffic than ifconfig on the client side. The tap0 device on the client side always receives only 42 bytes. What could I do to find out what the problem is? 08:52 < Nike> hello all, is it possible to leave eth0 as it was and also use that interface as the bridge interface for the tap device? 08:52 -!- vocis [~vocis@gateway/tor-sasl/voidzero] has left #openvpn [] 08:56 < Nike> it seems to work if i give 192.168.1.1 to the eth0, start the openvpn stuff with tap on 192.168.1.2 and then assign 192.168.1.2 again to eth0 08:56 < Nike> is this a good setup? 08:59 -!- Nike [~nikenike@82-171-252-6.ip.telfort.nl] has quit [Read error: Connection reset by peer] 08:59 -!- Nike_ [~nikenike@82-171-252-6.ip.telfort.nl] has joined #openvpn 09:06 -!- Nike [~nikenike@82-171-252-6.ip.telfort.nl] has joined #openvpn 09:06 -!- Nike_ [~nikenike@82-171-252-6.ip.telfort.nl] has quit [Read error: Connection reset by peer] 09:06 -!- RamsesFSFE [~RamsesFSF@internetautobahn.de] has left #openvpn ["Verlassend"] 09:09 <@vpnHelper> RSS Update - forum: Invalid Subnet Mask and no Default Gateway || Routes problem, ping not into LAN 09:11 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 248 seconds] 09:11 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 09:13 -!- fluter [~fluter@fedora/fluter] has quit [Remote host closed the connection] 09:14 -!- |rt| [~realthing@24-181-237-193.dhcp.oxfr.ma.charter.com] has left #openvpn [] 09:14 -!- Nike_ [~nikenike@82-171-252-6.ip.telfort.nl] has joined #openvpn 09:14 -!- Nike [~nikenike@82-171-252-6.ip.telfort.nl] has quit [Read error: Connection reset by peer] 09:14 -!- Nike_ is now known as Nike 09:14 <@vpnHelper> RSS Update - forum: NYC Server specialists - Technology business solutions 09:16 -!- Diffen [~diffen@80.78.212.242] has quit [Quit: This computer has gone to sleep] 09:17 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 09:19 -!- mattock [~samuli@openvpn/corp/admin/mattock] has left #openvpn [] 09:21 <@vpnHelper> RSS Update - forum: OpenVPN hickups with Remote Printers for MS RDP 09:22 < Nike> how am i supposed do this: i run services on eth0 09:22 < Nike> i want to run an openvpn service on that machine 09:23 < Nike> what is the right way? 09:26 -!- SOG [~SOG@wsip-70-164-132-45.lv.lv.cox.net] has joined #openvpn 09:27 < rob0> !bridging 09:27 < rob0> !tap 09:27 <@vpnHelper> "tap" is "bridge" is (#1) http://openvpn.net/index.php/documentation/faq.html#bridge1, or (#2) http://openvpn.net/index.php/documentation/miscellaneous/ethernet-bridging.html, or (#3) Bridging looks like a good choice to people who don't know how to set up IP routing, but to learn routing is generally far better., or (#4) useful for windows sharing (without wins server) and LAN gaming, anything where the 09:27 <@vpnHelper> protocol uses MAC addresses instead of IP addresses. 09:32 -!- Nike [~nikenike@82-171-252-6.ip.telfort.nl] has quit [Ping timeout: 248 seconds] 09:32 <@vpnHelper> RSS Update - forum: Open VPN library for Ubuntu and Mac 09:37 -!- SOG [~SOG@wsip-70-164-132-45.lv.lv.cox.net] has quit [Read error: Connection reset by peer] 09:37 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 09:38 -!- SOG [~SOG@wsip-70-164-132-45.lv.lv.cox.net] has joined #openvpn 09:40 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Quit: Textual IRC Client: http://www.textualapp.com/] 09:40 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 09:41 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 09:42 -!- tmus [~tmus@host-230-227.adsl.gl] has joined #openvpn 09:42 -!- phaedra [~phaedra@pdpc/supporter/monthlybyte/phaedra] has joined #openvpn 09:43 < tmus> Hi all - All my licenses disappeared from my OpenVPN-AS machine... Trying to re-add yields: Support for the licenses expired on december 23rd, but surely that's not the problem...(?) 09:47 <@dazo> !as 09:47 <@vpnHelper> "as" is please go to #OpenVPN-AS for help with Access-Server 09:47 <@dazo> tmus: ^^ 09:47 < tmus> dazo, thanks :-) 09:48 < ErichG> pardon the remedial question - but if I want to create a private subnet, can I just create a tap interface without bridging with a real interface? 09:49 <@dazo> ErichG: yes, and that's the recommended approach ... also called "routed setup" 09:50 < ErichG> meaning a routed bridge (NAT on VPN server), rather than a "routed" vpn? 09:50 <@dazo> ErichG: in such setups you can also use TUN mode (instead of TAP, which bridges requires), which gives you less overhead on the tunnel as well 09:51 <@dazo> ErichG: I don't understand that question 09:51 < ErichG> yes - I understand that part, thanks. 09:52 < ErichG> sorry, I mean - I want to create a bridged VPN, but I don't want to route anything to the net, just let the clients all share the interface.. I understand I can created a tun based vpn as an alternative, but I'm specifically trying to bridge a private subnet. 09:52 -!- SOG [~SOG@wsip-70-164-132-45.lv.lv.cox.net] has quit [Read error: Connection reset by peer] 09:52 < ErichG> also... 09:53 <@dazo> ErichG: ahh, okay ... well, when you bridge the traffic, it's impossible to say which traffic came from LAN or VPN .... as those two are "merged" together 09:54 < ErichG> yes.. I mean that I could route traffic from that interface to another using iptables if I wanted to... 09:54 <@dazo> so if you want LAN to access the Internet and not VPN clients ... then you have no chance with bridging 09:54 <@dazo> (as firewalling will happen against the brX device) 09:55 <@dazo> maybe ebtables have some features which can solve that, but I don't know ebtables enough to say 09:55 <@dazo> ErichG: basically, what I think you're trying to solve ... using bridging will just make things very much complicated .... 09:56 <@dazo> is there a reason you need bridging to start with? 09:56 < ErichG> yes, please don't beat me up about bridging vs routing... there are reasons I need to bridge these networks. 09:56 < ErichG> lol 09:57 < ErichG> the real issue is that I can't get bridging working under OSX, whereas this all works perfectly running the server under linux. 09:58 <@dazo> it's just that you route and firewall the bridge interface .... so if what you bridge together will have the same privileges, then it's nothing else than standard network setups .... but if what you bridge should be behaved differently, then you're into a painful path of disappointments 09:58 <@dazo> ErichG: bridging on OSX arrived first on the latest OSX release, whatever that was again ... ecrist might know something here 09:59 < ErichG> I heard from someone (possibly you) that he had discovered an issue in osx... I do have a bridge constructed 09:59 < ErichG> I know it's new 09:59 -!- SOG [~SOG@wsip-70-164-132-45.lv.lv.cox.net] has joined #openvpn 10:00 <@dazo> I might be the guilty one .... but I don't recall ;-) 10:00 < ErichG> time flys! 10:00 <@dazo> :) 10:04 -!- BoomSie [~gideon@dw77242112238.amsterdam-tc.dataweb.net] has joined #openvpn 10:07 < ErichG> I think my question is basically... and I realize this is super remedial... Does OpenVPN server take the traffic its seeing on the public interface and copy it to the tap interface, or is it relying on the tap interface being bridged with a public interface? 10:08 -!- tmus [~tmus@host-230-227.adsl.gl] has quit [Ping timeout: 240 seconds] 10:09 <@vpnHelper> RSS Update - forum: Wrong Time in Logs 10:16 * ecrist is here. 10:17 <@ecrist> ErichG: you need to bridge the interfaces in the kernel for that behavior 10:17 <@ecrist> openvpn doesn't do that itself. 10:17 < ErichG> got it... makes sense.. 10:18 -!- smerz [~smerz@smerz.demon.nl] has joined #openvpn 10:18 < ErichG> meanwhile - ecrist, have you found something about the new bridge feature in Lion? 10:18 <@ecrist> it works 10:20 < ErichG> that's good to know, as I don't seem to be getting it to work.. is it critical that the ip be reassigned from en0 to the bridge? It lets me add en0 while letting it keep its ip... 10:21 <@vpnHelper> RSS Update - forum: Invalid Subnet Mask and no Default Gateway 10:21 <@ecrist> as far as i know, there's no graphical tools, you have to do everything on the command line. 10:21 <@ecrist> no, which interface has the IP should be irrelevant. 10:22 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 10:22 < ErichG> that's what I thought.. in linux, when you add an interface to a bridge, it strips its ip and then you have to assign it to bridge itself. 10:22 < ErichG> it's great that OSX doesn't do that 10:23 < ErichG> nevertheless... my bridge doesn't work - the router (tomatoVPN) can ssh across the tunnel to the Server and vice versa, yet the other machines behind tomato can't see the server and vice versa. 10:25 < ErichG> if you can confirm you've had a working bridging server running under Lion - I'll just keep banging my head against it until I figure out what I've done wrong... lol. 10:25 -!- SOG [~SOG@wsip-70-164-132-45.lv.lv.cox.net] has quit [Read error: Connection reset by peer] 10:25 <@ecrist> OS X's bridge interface is based on what freebsd has 10:26 <@ecrist> ErichG: I have had a working bridge on OS X Lion, but it wasn't related to openvpn. are you making sure you 'up' the bridge interface, after it's created? 10:26 <@ecrist> that's what most people forget 10:26 <@ecrist> ifconfig bridge0 create up 10:27 < ErichG> ecrist: I'll do that explicitly.. ifconfig seems to report its up.. if that's what it is - I may shoot myself. lol 10:28 <@ecrist> pastebin your ifconfig output 10:28 < ErichG> will do - rebuilding the bridge.. one sec 10:28 <@ecrist> ok 10:30 -!- Irssi: #openvpn: Total of 143 nicks [5 ops, 0 halfops, 36 voices, 102 normal] 10:31 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 10:31 -!- vpnHelper [~vpn@openvpn/bot/vpnHelper] has quit [Quit: Ctrl-C at console.] 10:32 -!- vpnHelper [~vpn@openvpn/bot/vpnHelper] has joined #openvpn 10:32 -!- mode/#openvpn [+o vpnHelper] by ChanServ 10:32 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has quit [Ping timeout: 276 seconds] 10:34 -!- SOG [~SOG@wsip-70-164-132-45.lv.lv.cox.net] has joined #openvpn 10:35 < ErichG> ecrist: http://pastebin.com/hLG1hJe7 10:37 <@ecrist> looks fine to me 10:38 < ErichG> cool... I'll connect to the vpn and see what the result is. 10:39 -!- SOG [~SOG@wsip-70-164-132-45.lv.lv.cox.net] has quit [Read error: Connection reset by peer] 10:41 -!- phaedra [~phaedra@pdpc/supporter/monthlybyte/phaedra] has quit [Quit: Leaving] 10:44 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has quit [Ping timeout: 268 seconds] 10:45 -!- Diffen [~diffen@90-231-44-70-no32.tbcn.telia.com] has joined #openvpn 10:47 <@ecrist> ErichG: I'm firing up a bridge on this end, too, to see if it works. 10:49 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has quit [Ping timeout: 268 seconds] 10:52 -!- p3rror [~mezgani@2001:470:1f0b:c66:1::2] has joined #openvpn 10:53 -!- BoomSie [~gideon@dw77242112238.amsterdam-tc.dataweb.net] has quit [Ping timeout: 252 seconds] 10:56 <@vpnHelper> RSS Update - forum: Browser not routing through openvpn connection || Invalid Subnet Mask and no Default Gateway 10:59 -!- Azrael808 [~peter@212.161.9.162] has quit [Read error: Operation timed out] 11:00 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 11:11 < rob0> Captain, report to the bridge. 11:11 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has quit [Ping timeout: 276 seconds] 11:12 < jeev> oh no 11:12 < jeev> rob0 is following me again 11:13 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has joined #openvpn 11:21 -!- stdudz [~stdudz@cpc4-newc15-2-0-cust168.gate.cable.virginmedia.com] has quit [Ping timeout: 252 seconds] 11:22 -!- MarKsaitis [~MarKsaiti@cpc4-rdng22-2-0-cust932.15-3.cable.virginmedia.com] has joined #openvpn 11:26 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has joined #openvpn 11:28 <@ecrist> ErichG: I do find one particular problem with bridging on OS X, as I test it 11:29 <@ecrist> I have to re 'up' the interfaces in the bridge (the ones without IPs) 11:31 -!- JackWinter [~jack@vodsl-8990.vo.lu] has quit [Remote host closed the connection] 11:32 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has quit [Ping timeout: 240 seconds] 11:35 <@ecrist> ifconfig bridge0 create addm tap0 addm en0 up 11:36 <@ecrist> that works for me without a problem, and I actually didn't have to up the interfaces again 11:38 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has joined #openvpn 11:38 -!- stdudz [~stdudz@cpc4-newc15-2-0-cust168.gate.cable.virginmedia.com] has joined #openvpn 11:42 -!- ErichG_ [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has joined #openvpn 11:45 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Ping timeout: 240 seconds] 11:45 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has quit [Ping timeout: 240 seconds] 11:45 -!- ErichG_ is now known as ErichG 11:46 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 11:49 -!- JackWinter [~jack@vodsl-8990.vo.lu] has joined #openvpn 11:50 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has quit [Ping timeout: 255 seconds] 11:56 <@vpnHelper> RSS Update - forum: Browser not routing through openvpn connection 11:58 -!- Homeman [~Homeman@0x5739dcae.roennqu1.dynamic.dsl.tele.dk] has joined #openvpn 11:59 < Homeman> Googled this a bit, but didnt find a answer, is it posible to foward all the clients connections on lets say port 80 to a internal ip and port like 127.0.0.1:XxxX 12:00 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Remote host closed the connection] 12:02 <@vpnHelper> RSS Update - forum: Routes problem, ping not into LAN || Invalid Subnet Mask and no Default Gateway 12:03 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has joined #openvpn 12:04 -!- JackWinter [~jack@vodsl-8990.vo.lu] has quit [Remote host closed the connection] 12:09 -!- JackWinter [~jack@vodsl-8990.vo.lu] has joined #openvpn 12:13 <@ecrist> ErichG: I tested, and bridging works fine 12:13 <@ecrist> 11:35:57 <@ecrist> ifconfig bridge0 create addm tap0 addm en0 up 12:13 <@ecrist> 11:36:12 <@ecrist> that works for me without a problem, and I actually didn't have to up the interfaces again 12:14 < ErichG> ecrist: that works for me fine, in terms of creating the bridge.. but when I connect with openvpn, I can't ping the server from behind the tomato router 12:15 -!- JackWinter [~jack@vodsl-8990.vo.lu] has quit [Remote host closed the connection] 12:15 <@ecrist> I tested that exact thing, though 12:15 <@ecrist> I'm on a laptop, connected to our work network over openvpn 12:15 < ErichG> and you have a bridging server running on OSX? 12:16 < ErichG> not the client... 12:16 <@ecrist> I connected my wife's latop (via ethernet) and assigned it an IP on our VPN subnet, and it can connect to all our company resources without a problem. 12:16 <@ecrist> it doesn't matter if it's an openvpn client or server 12:16 < ErichG> well.. in my case.. it seems to 12:16 <@ecrist> the bridging is at the kernel level, not the openvpn (application) layer 12:17 <@ecrist> well, I'm not your admin, so I can't speak to your setup, but I am confirming bridging DOES work on openvpn 12:17 < ErichG> that's great news... 12:19 < ErichG> what I'm experiencing is that when running as a server under OSX, that when the same exact client router connects to the same configuration, I can't ping across the tunnel from behind the router, whereas in the linux server setup exactly the same way, it works perfectly. 12:19 -!- Homeman [~Homeman@0x5739dcae.roennqu1.dynamic.dsl.tele.dk] has left #openvpn [] 12:20 < ErichG> with the OSX machine networking setup as per the ifconfig output you saw earlier. 12:20 < ErichG> weird 12:22 < ErichG> again, I can ssh across the tunnel from the tomato router itself 12:22 < ErichG> anyway - thanks for the help and input! 12:26 <@ecrist> no problem 12:27 -!- JackWinter [~jack@vodsl-8990.vo.lu] has joined #openvpn 12:30 -!- novaflash is now known as novaflash_away 12:31 -!- Diffen [~diffen@90-231-44-70-no32.tbcn.telia.com] has quit [Quit: This computer has gone to sleep] 12:51 -!- novaflash_away is now known as novaflash 12:56 <@vpnHelper> RSS Update - forum: Browser not routing through openvpn connection 13:00 -!- stdudz [~stdudz@cpc4-newc15-2-0-cust168.gate.cable.virginmedia.com] has quit [Ping timeout: 244 seconds] 13:11 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Quit: Computer has gone to sleep.] 13:13 -!- stdudz [~stdudz@cpc4-newc15-2-0-cust168.gate.cable.virginmedia.com] has joined #openvpn 13:16 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 13:20 -!- JoeyJoeJo [~brian@pool-173-71-223-79.clppva.fios.verizon.net] has joined #openvpn 13:20 < JoeyJoeJo> How do I set up clients for split tunnelling? 13:21 < pwrcycle> !route 13:21 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT or (#3) See !tcpip for more info about a more basic networking guide 13:21 < JoeyJoeJo> Thanks 13:23 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has quit [Remote host closed the connection] 13:31 -!- LetsGo [~LetsGo@unaffiliated/letsgo] has joined #openvpn 13:40 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has quit [] 13:41 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has joined #openvpn 13:41 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has quit [Client Quit] 13:46 -!- sukima [suki@gateway/shell/blinkenshell.org/x-debjrajdhxsvmtoz] has joined #openvpn 13:47 < sukima> !welcome 13:47 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 13:48 < sukima> !redirect 13:48 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns 13:48 < sukima> !ipforward 13:48 <@vpnHelper> "ipforward" is please choose between !linipforward !winipforward !osxipforward and !fbsdipforward 13:49 < sukima> !osxipforward 13:49 <@vpnHelper> "osxipforward" is (#1) sysctl -w net.inet.ip.forwarding=1 for a temp solution or (#2) add IPFORWARDING=-YES- in /etc/hostconfig for a permanent solution 13:49 < sukima> !nat 13:49 <@vpnHelper> "nat" is (#1) http://openvpn.net/howto.html#redirect for an explanation of NAT as it applies to openvpn or (#2) http://www.secure-computing.net/wiki/index.php/OpenVPN/FAQ#Traffic_forwarding_doesn.27t_work_when_using_client_specific_access_rules or (#3) dont forget to turn on ip forwarding or (#4) please choose between !linnat !winnat and !fbsdnat for specific howto 13:52 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has joined #openvpn 13:52 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 13:53 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 13:54 -!- stdudz [~stdudz@cpc4-newc15-2-0-cust168.gate.cable.virginmedia.com] has quit [Ping timeout: 244 seconds] 13:58 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 13:59 < hyper_ch> krzee: raspberry pi news - http://arstechnica.com/gadgets/news/2012/01/raspberry-pis-35-700mhz-linux-computer-enters-manufacturing.ars 13:59 <@vpnHelper> Title: Raspberry Pi's $35, 700MHz Linux computer enters manufacturing (at arstechnica.com) 14:00 < Essobi> already been reading about that... 14:00 < Essobi> It's a weeee tiny arm. 14:01 < hyper_ch> I know, I'm going to order a couple 14:01 < hyper_ch> I currently envision two usage cases for them 14:01 < hyper_ch> maybe more later :) 14:01 < hyper_ch> (1) run as backup server - just add two external drives, use the base debian system and setup rsync / ssh backups 14:02 < hyper_ch> (2) run a freeswitch server on it 14:02 <@dazo> could probably also work pretty well as openvpn based client routers 14:02 < hyper_ch> maybe :) 14:03 < hyper_ch> well, for a FS server, you just need a 4gb sd card with the sstem and FS on it 14:07 < sukima> I have a feeling this is a dumb noob question but I have a OSX server running openvpn and setting redirect-gateway so that the client tunnels all traffic (want secure access through tunnel to internet) Setting ipforward but unable to find info on NAT for mac or on "bridging" is this just not possible on a OSX server? 14:11 -!- bigpaws [~bigpaws@c-68-37-125-150.hsd1.nj.comcast.net] has quit [Ping timeout: 240 seconds] 14:12 -!- bigpaws [~bigpaws@c-68-37-125-150.hsd1.nj.comcast.net] has joined #openvpn 14:17 < Essobi> hyper_ch: Umm.. don't expect to get too many calls up let alone transcode on freeswitch with that... iirc, no MMU on that ARM. 14:17 < Essobi> I've toyed with with arm. 14:18 < hyper_ch> Essobi: I wished I could put somehow a pci isdn card on it 14:19 < Essobi> Uhh.. didn't someguy make a blackfin ATA for asterisk? to give to low-income in africa? that could possibly be changed enough to run a isdn chip. 14:21 < Essobi> http://www.atcom.cn/products_ippbx.html?gclid=COby7PflyK0CFYtX7Aod02JjhA 14:21 <@vpnHelper> Title: IP PBX |Asterisk | ATCOM | VOIP Manufacturer (at www.atcom.cn) 14:21 < Essobi> Those... they're blackfin running asterisk/linux 14:21 < rob0> sukima, the only dumb noob part of it is that you are asking in the wrong place. It is a question about your OS, so it belongs in a place that supports your OS. 14:21 < Essobi> with the ATA interface on the board.. 14:22 < Essobi> and there's a BRI model. 14:22 < hyper_ch> Essobi: well, I just wished I could use the low power raspberry pi to also use isdn 14:22 < Essobi> hyper_ch: http://www.voip-info.org/wiki/view/IP-4B 14:23 <@vpnHelper> Title: IP-4B - voip-info.org (at www.voip-info.org) 14:23 < Essobi> well... you're going to need mawr power just to run the ISDN interfaces then the pi uses. 14:23 < Essobi> That IP4B is max 2amps at 12V. 14:24 < Essobi> it'll do about 10-15 calls too. 14:24 < Essobi> where as that pi will probably do like 2-3... 14:24 < Essobi> If that. 14:25 < Essobi> I had an ARM920T that'd barely do 2 calls. 14:26 < Essobi> Okay okay... So.. is there a way to undo a redirect-gateway issued to a client? I want to mess with not routing all the traffic over the vpn anymore, but the client push is in the server config not the ccd's.. i'd like to edit my ccd and remove that default gw, and start specifying all the network ranges I use... 14:32 -!- Some_Person [~Some_Pers@91.227.125.201] has joined #openvpn 14:33 < Some_Person> Does OpenVPN on the client's end depend more on the upload or download speed? 14:33 < hyper_ch> Essobi: the pi will do mare... it has 256mb ram 14:34 < Essobi> Mmm... 14:34 < Essobi> Pi-cluster. nom. 14:34 < Some_Person> I'm trying to stream video through OpenVPN and it isn't very stable. The server appears to have plenty of bandwidth both up and down, but the client's upload speed is unimpressive 14:34 < hyper_ch> Essobi: it even can do full hd :) 14:34 -!- Some_Person [~Some_Pers@91.227.125.201] has quit [Changing host] 14:34 -!- Some_Person [~Some_Pers@unaffiliated/someperson/x-249303] has joined #openvpn 14:35 < Essobi> hyper_ch: Yea.. my arm920T has USB, ethernet, compact-pci, etc. 14:35 < hyper_ch> hmmm, the PI could also server a cheap media server 14:35 < hyper_ch> it can do full hd, has hdmi 14:37 -!- cjs226 [~cjs226@99-61-65-242.lightspeed.austtx.sbcglobal.net] has joined #openvpn 14:42 < Essobi> noice. must have off-loaders. 14:51 -!- MarKsaitis [~MarKsaiti@cpc4-rdng22-2-0-cust932.15-3.cable.virginmedia.com] has quit [Quit: Leaving] 14:55 -!- sukima [suki@gateway/shell/blinkenshell.org/x-debjrajdhxsvmtoz] has quit [Quit: leaving] 15:30 -!- JackWinter [~jack@vodsl-8990.vo.lu] has quit [Remote host closed the connection] 15:35 -!- JackWinter [~jack@vodsl-8990.vo.lu] has joined #openvpn 15:36 < Essobi> hyper_ch: when's the pi hitting the shelf? --- Log closed Wed Jan 11 15:39:00 2012 --- Log opened Wed Jan 11 15:39:16 2012 15:39 -!- ecrist [~ecrist@jaguar-2-red.claimlynx.com] has joined #openvpn 15:39 -!- Irssi: #openvpn: Total of 139 nicks [4 ops, 0 halfops, 36 voices, 99 normal] 15:39 < hyper_ch> Essobi: you probably could put it into a big mac box :) 15:39 -!- Irssi: Join to #openvpn was synced in 30 secs 15:42 < Essobi> sheeit, gun metal black. Look like a tiny flight data recorder. 15:42 < hyper_ch> (or use a big mac box to prevent it from dusting) 15:44 * dazo gets hungry with all this big mac talk .... 15:46 < hyper_ch> better get a double whopper :) 15:47 -!- cpm [~Chip@pdpc/supporter/active/cpm] has joined #openvpn 15:48 < hyper_ch> btw: https://verydemotivational.files.wordpress.com/2010/10/demotivational-posters-popemobile.jpg 15:57 -!- LetsGo [~LetsGo@unaffiliated/letsgo] has quit [Quit: Leaving] 16:04 -!- JackWinter [~jack@vodsl-8990.vo.lu] has quit [Remote host closed the connection] 16:12 -!- JackWinter [~jack@vodsl-8990.vo.lu] has joined #openvpn 16:14 -!- WaGE [~wormwood@c-174-48-233-198.hsd1.md.comcast.net] has joined #openvpn 16:14 < WaGE> Hello all, aside from expect whats a good way to automate the creation of a client cert? 16:16 -!- cpm [~Chip@pdpc/supporter/active/cpm] has quit [Quit: cpm] 16:28 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Ping timeout: 248 seconds] 16:38 < hyper_ch> WaGE: magic 16:39 < hyper_ch> magic is a good way to do anything 16:40 < hyper_ch> but do you even need expect? can't you input all info with parameters? 16:41 <@vpnHelper> RSS Update - forum: Problems connection multiple times with same user 16:46 -!- haggler [hnbc@pool-108-5-105-250.nwrknj.fios.verizon.net] has left #openvpn [] 16:50 < WaGE> hyper_ch: sorry for the delay 16:50 < WaGE> hyper_ch: its cool, I just mangled build-key to use --batch instead of interactive and using env var for CN 16:50 < hyper_ch> :) 16:53 <@vpnHelper> RSS Update - forum: Problems connection multiple times with same user 16:55 -!- dazo is now known as dazo_afk 17:05 <@vpnHelper> RSS Update - forum: OpenVPN hickups with Remote Printers for MS RDP 17:07 < Essobi> .8 17:11 <@vpnHelper> RSS Update - forum: OpenVPN hickups with Remote Printers for MS RDP 17:14 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has quit [Remote host closed the connection] 17:58 < Essobi> Meh... can you not put a redirect-gateway statement in a ccd? 18:00 < Essobi> When I move the redirect statement from the primary config to a ccd, my config stops working for some reason.. 18:06 < jhp> Hi everybody. I use OpenVPN to connect to my office network. And this works fine for both IPv4 and IPv6. But with IPv6 I have a problem and that is the MAC address of the TAP device that changes everytime resulting in a not so steady IPv6 address on my client. 18:07 < jhp> how do I tell my OpenVPN in NetworkManager to use the MAC address of my ethernet card for the TAP device? Is this possible 18:07 < jhp> ? 18:52 < dioz> ifconfig-pool-persist ipp.txt ??? 19:01 -!- pa [~pa@unaffiliated/pa] has quit [Ping timeout: 240 seconds] 19:02 -!- pa [~pa@unaffiliated/pa] has joined #openvpn 19:03 -!- WaGE [~wormwood@c-174-48-233-198.hsd1.md.comcast.net] has quit [Quit: WeeChat 0.3.6] 19:16 -!- tekzilla [~jon@hmbg-4d06ad17.pool.mediaWays.net] has quit [Read error: Operation timed out] 19:21 -!- tekzilla [~jon@hmbg-4d06db09.pool.mediaWays.net] has joined #openvpn 19:27 < qiyong> i have tun0 and tun1. i want clients behind tun0 and tun1 see each other. how? 19:28 -!- rooth [rooth@ge.mig.en.redfox.nu] has quit [Ping timeout: 276 seconds] 19:30 -!- rooth [rooth@ge.mig.en.redfox.nu] has joined #openvpn 19:32 < krzee> treat them as lans behind openvpn 19:32 < krzee> tun0 would be a lan behind tun1's openvpn 19:32 < krzee> and tun1 would be a lan behind tun0's vpn 19:32 < krzee> !route 19:32 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT or (#3) See !tcpip for more info about a more basic networking guide 19:37 -!- Denial [Denial@drgi.co.uk] has quit [] 19:39 -!- corretico [~luis@190.211.93.11] has joined #openvpn 19:40 -!- corretico [~luis@190.211.93.11] has quit [Read error: Connection reset by peer] 19:41 -!- corretico [~luis@190.211.93.11] has joined #openvpn 19:53 -!- Gravitron [~admin@76.92.159.145] has joined #openvpn 19:53 -!- Gravitron [~admin@76.92.159.145] has quit [Changing host] 19:53 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 19:57 -!- _julian_ [~quassel@hmbg-4d06ae95.pool.mediaWays.net] has joined #openvpn 19:59 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 19:59 -!- mode/#openvpn [+v Axeman] by ChanServ 20:00 -!- _julian [~quassel@hmbg-4d069186.pool.mediaWays.net] has quit [Ping timeout: 240 seconds] 20:01 -!- joegazz [~JoeGazz84@TechEssentials/JoeGazz84] has quit [Read error: Operation timed out] 20:05 -!- JoeGazz84 [~JoeGazz84@TechEssentials/JoeGazz84] has joined #openvpn 20:07 < qiyong> krzee: on both networks, i added: route add -net xxx gw xxx 20:08 < qiyong> krzee: but it doesn't work 20:10 < krzee> are both processes servers? 20:14 -!- smerz [~smerz@smerz.demon.nl] has quit [Quit: Ex-Chat] 20:16 -!- novaflash is now known as novaflash_away 20:17 -!- newl [~newl@97.75.165.156] has joined #openvpn 20:28 < qiyong> krzee: don't know 20:29 < krzee> umm 20:29 < krzee> its not your setup? 20:32 < qiyong> krzee: actually, i'm using vtun for quick and dirty setup. i'll migrate to openvpn later 20:38 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 20:39 < krzee> then why are you asking for help here? 20:39 < krzee> ok well heres the quick rundown if you decide to use openvpn 20:39 < krzee> if both are server processes 20:39 < krzee> each will push the other's client subnet to its clients 20:40 < krzee> and server will have ip forwarding on 20:40 < krzee> *the end* 20:40 < qiyong> ip forwarding on you mean the ip_forwarding ? 20:41 < qiyong> i have net.ipv4.ip_forward = 1 20:41 < qiyong> krzee: ^ 20:45 < Schnabeltier> i hate openvopn 20:45 < Schnabeltier> mighty tool, but damn fucking hard to get running properly 20:47 -!- Axeman2 [~Axeman3@openvpn/user/axeman] has joined #openvpn 20:47 -!- mode/#openvpn [+v Axeman2] by ChanServ 20:48 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Ping timeout: 248 seconds] 20:49 < newl> ? 20:49 < newl> to easy to get running actually 20:50 < rob0> What I have seen is that people who don't understand enough about networking have wrong expectations. I think that those who do understand the basics find it pretty easy. 20:50 <+EugeneKay> Everything is easy once you know how to do it 20:50 < rob0> Fortunately, openvpn is a nice tool to teach yourself about networking. 20:51 < Schnabeltier> until now i was statisfied with ssh tunnel but now i need openvpn, i´m a rookie in networking i would suppose, but openvpn is hard 20:53 -!- Axeman3 [~Axeman3@knox.pace.edu] has joined #openvpn 20:54 * rob0 scrolled up a few pages and saw no question 20:54 < rob0> I suggest you read the /topic first. 20:55 < thumbs> everything is simple for rob0 20:57 -!- Axeman2 [~Axeman3@openvpn/user/axeman] has quit [Read error: Operation timed out] 21:04 < dioz> everything is simple for those that read 21:04 < dioz> and are capable of comprehending what it is they're reading 21:04 < dioz> if you can't do those simple actions 21:04 < dioz> i'd suggest not working with computers 21:04 < dioz> i hear janitors don't need to read 21:05 <+EugeneKay> !enter 21:05 <+EugeneKay> Hrm, thought this bot had that. 21:05 <+EugeneKay> "The enter key is not a punctuation mark." 21:06 < thumbs> !help 21:06 <@vpnHelper> (help [] []) -- This command gives a useful description of what does. is only necessary if the command is in more than one plugin. 21:06 < dioz> http://www.geeksaresexy.net/2011/05/14/cat-5-cable-flogger-pic/ 21:06 <@vpnHelper> Title: Cat-5 Cable Flogger [Pic] (at www.geeksaresexy.net) 21:06 -!- qiyong [~qiyong@60.23.248.82] has quit [Quit: leaving] 21:07 < newl> dioz kinda arrogant are we? 21:07 < dioz> i've been told that yeah 21:07 < newl> usually you have to have something to back it up 21:08 < dioz> back up my ability to read and comprehend the text i am reading? 21:12 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 21:18 < Schnabeltier> when the server runs a static key, only one client can connect, am i right? 21:20 < rob0> Static key is very easy, and there IS no server and no client. They are peers. Yes, two peers. 21:21 < rob0> There is a short and simple static-key-mini-howto on the community documentation site. 21:28 < rob0> heh, unfortunately it too uses the "client" and "server" terms, but to be fair, it was written long before an actual openvpn server implementation existed. 21:29 < rob0> So while it was wrong, it was less wrong than it is now. 21:29 < Olipro> even if you were just using a static key, I don't think that wouldn't have any bearing on your choice of operation with respect to routing 21:30 < rob0> Of course. Routing is routing. The howto merely gets a point-to-point tunnel working. After that, you have to know what you are doing. 21:31 -!- mick_laptop [~mick@clamwin/admin/mickhome] has quit [Ping timeout: 255 seconds] 21:32 < krzee> !learn enter as The enter key is not a punctuation mark. 21:32 <@vpnHelper> Joo got it. 21:32 < krzee> ;] 21:33 < newl> i think \n is a punctuation mark? 21:34 < krzee> nope, escape sequence 21:38 -!- mick_laptop [~mick@mickweiss.com] has joined #openvpn 21:43 < Schnabeltier> !tun 21:43 -!- raidz [~raidz@openvpn/corp/admin/andrew] has quit [Ping timeout: 252 seconds] 21:44 < Schnabeltier> !lintun 21:44 < Schnabeltier> mhm... 21:44 < Schnabeltier> !welcome 21:44 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 21:44 < Schnabeltier> !redirect 21:44 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns 21:47 < Schnabeltier> !def1 21:47 <@vpnHelper> "def1" is (#1) used in redirect-gateway, Add the def1 flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. or (#2) please see --redirect-gateway in the man page ( !man ) to fully understand or (#3) push "redirect-gateway def1" 21:48 < Schnabeltier> !ipforward 21:48 <@vpnHelper> "ipforward" is please choose between !linipforward !winipforward !osxipforward and !fbsdipforward 21:48 < Schnabeltier> !linipfoward 21:49 < Schnabeltier> !linipforward 21:49 <@vpnHelper> "linipforward" is (#1) echo 1 > /proc/sys/net/ipv4/ip_forward for a temp solution (til reboot) or set net.ipv4.ip_forward = 1 in sysctl.conf for perm solution or (#2) chmod +x /etc/rc.d/rc.ip_forward for perm solution in slackware 21:52 -!- kzoo [~russellm@rustlesolutions.ca] has joined #openvpn 21:53 < kzoo> How do I have my clients push routes on to my openvpn server when they connect so that I have a route back to my clients network? Does adding a "route" statement in the client config do this? 21:56 <+EugeneKay> !route 21:56 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT or (#3) See !tcpip for more info about a more basic networking guide 21:57 <+EugeneKay> Clients don't push to the server; the server knows what client<--> what lan because of the iroute in the ccd 21:58 < kzoo> ok pefect that's exactly what i needed 21:59 -!- Axeman3 [~Axeman3@knox.pace.edu] has quit [Read error: Connection reset by peer] 22:03 -!- newl [~newl@97.75.165.156] has quit [Quit: leaving] 22:07 -!- Axeman3 [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has joined #openvpn 22:22 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 22:25 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 22:36 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 22:37 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 22:39 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Client Quit] 22:42 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 22:43 -!- Axeman3 [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has quit [Ping timeout: 248 seconds] 22:51 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Quit: Computer has gone to sleep.] 22:54 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 23:13 <@vpnHelper> RSS Update - forum: Finding Cookware Sets Reviews 23:37 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 23:45 -!- bcalab [~bcalab@117.239.59.179] has joined #openvpn 23:46 -!- SOG [~SOG@wsip-70-164-132-45.lv.lv.cox.net] has joined #openvpn 23:48 < bcalab> The firewall in my openvpn client's network, drops connection if persistent traffic is sent or downloaded via all ports except http and https ports. 23:49 < bcalab> I tried running server on https port, still openvpn establshes connection, but upsurge in traffic via the tunnel make the firewall to drop the connection 23:51 -!- bcalab is now known as ribbler --- Day changed Thu Jan 12 2012 00:00 -!- zeshoem [~zee@108.162.156.19] has joined #openvpn 00:07 <@vpnHelper> RSS Update - forum: Newbee Help Please 00:07 -!- p3rror [~mezgani@2001:470:1f0b:c66:1::2] has quit [Remote host closed the connection] 00:24 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has joined #openvpn 00:25 -!- jameslordhz [~jack@60.12.143.9] has joined #openvpn 00:25 < jameslordhz> hi all 00:36 -!- Peter1234 [~jircii@ip98-165-34-222.ph.ph.cox.net] has joined #openvpn 00:38 < Peter1234> hi everyone i need to know the difference of the downloads in the openvpn repository i know the as version is access server ,but the other downloads from there is that client end of openvpn for like linux distro or are those community edition openvpn server ? Thanks 00:41 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 00:43 < rob0> there is no distinction in the software between server and client. The distinction comes in the configuration options with which the command was invoked. 00:43 < rob0> !as 00:43 <@vpnHelper> "as" is please go to #OpenVPN-AS for help with Access-Server 00:51 < Peter1234> ok ,but i was asking on the downloads if it says openvpn version number etc is that mean community edition of openvpn server and if it says openvpn as version number i assume that is openvpn access server edition ? 00:53 < Peter1234> the downloads that are available on openvpn repositories for updated stable releases 00:57 -!- novaflash_away is now known as novaflash 00:57 -!- jameslordhz [~jack@60.12.143.9] has quit [Ping timeout: 240 seconds] 00:58 < rob0> I don't know what you are looking at, I just get mine included with my Linux distro. Never have looked at AS, either. 00:58 < Peter1234> ok yah i see the one included in the distro its a later version than what they are putting as stable on there website. 00:59 < Peter1234> and it doesn't say AS either as well. 00:59 < rob0> no, a distro will not include AS. 00:59 < Peter1234> Access server has gui interface the distro one is that all configured by command line ? 01:00 < rob0> "Community" version is well documented, see /topic. 01:01 * rob0 is off to bed, good luck. 01:01 < Peter1234> ok thanks 01:02 -!- tessier [~treed@kernel-panic/copilotco] has joined #openvpn 01:03 < tessier> Hello all! Is there a correct way to bring up openvpn in a CentOS client? I currently have it in my /etc/rc.local but that isn't very good. It should come up with the rest of the network interfaces. 01:11 -!- jameslordhz [~jack@60.12.143.134] has joined #openvpn 01:14 <+EugeneKay> tessier - the openvpn package includes the openvpn init scripts. 01:14 <@vpnHelper> RSS Update - forum: I Can't Send PM 01:15 <+EugeneKay> YOu'll find it at /etc/rc.d/init.d/openvpn, along with all the other service scripts. 01:16 <+EugeneKay> To use it, drop your openvpn.conf into /etc/openvpn/, then start the service. chkconfig it on to start at boot, just like any other. 01:18 < tessier> Ah, ok. Thanks! 01:21 <@vpnHelper> RSS Update - forum: OpenVPN and Android/Windows Client -- No IP Address 01:42 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 01:44 -!- tjz [~pc@bb116-14-145-196.singnet.com.sg] has joined #openvpn 01:44 -!- tjz [~pc@bb116-14-145-196.singnet.com.sg] has quit [Changing host] 01:44 -!- tjz [~pc@unaffiliated/tjz] has joined #openvpn 01:51 -!- dazo_afk is now known as dazo 02:04 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 02:10 -!- beerbro [~gustav@mineralwasser.jesus.si] has quit [Quit: ZNC - http://znc.sourceforge.net] 02:11 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has quit [Ping timeout: 260 seconds] 02:12 -!- beerbro [~gustav@mineralwasser.jesus.si] has joined #openvpn 02:12 -!- mattock [~samuli@openvpn/corp/admin/mattock] has joined #openvpn 02:13 -!- mode/#openvpn [+o mattock] by ChanServ 02:15 <@vpnHelper> RSS Update - forum: freeradius + openvpn + mysql Authentication 02:16 < jameslordhz> hi all 02:17 < jameslordhz> i get soucce code of openvpn from git, find no Makefile in it, so how to compile it? 02:18 <+EugeneKay> jameslordhz - read the README. 02:19 < jameslordhz> even no configure file in it, it get source from git, not that tarball, dude 02:19 -!- mattock [~samuli@openvpn/corp/admin/mattock] has quit [Remote host closed the connection] 02:21 -!- mattock [~samuli@openvpn/corp/admin/mattock] has joined #openvpn 02:21 -!- mode/#openvpn [+o mattock] by ChanServ 02:22 <+EugeneKay> I don't have a copy of the git repo about, but I'm sure the info you need is there. If you're unable to figure it out, I suggest #openvpn-devel or the mailing list. 02:24 <+EugeneKay> In fact, I just cloned openvpn.git and found the missing step in under 60 seconds. Read the README(and INSTALL) closer, you'll find it. 02:25 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 02:25 <+EugeneKay> If you can't, then I'm sorry to say that you should not be compiling your own software. Have you considered a packaged version? 02:25 < reiffert> mattock: jameslordhz is missing configure and Makefile in the git sourcecode. 02:25 < reiffert> dazo: see above 02:26 <+EugeneKay> reiffert - it's there, I assure you. 02:26 < reiffert> jameslordhz: just a second please. 02:26 <@dazo> jameslordhz: run: autoreconf -vi 02:26 <@dazo> ./configure is only created in tar balls before it's packaged for a release 02:26 <@dazo> (that's how autotools is designed to work) 02:27 -!- Azrael808 [~peter@212.161.9.162] has joined #openvpn 02:28 -!- BoomSie [~gideon@dw77242112238.amsterdam-tc.dataweb.net] has joined #openvpn 02:29 < jameslordhz> dazo i got it:) 02:29 <@dazo> goodie! 02:29 < jameslordhz> just now i use other command to generate configure, but failed 02:30 < jameslordhz> dazo are you familiar with code of openvpn? 02:30 <@dazo> jameslordhz: no, not so much ... I'm just the maintainer of the community git repository :-P 02:31 < jameslordhz> dazo the git repo for openvpn? 02:32 <@dazo> yeah :) 02:33 <@dazo> jameslordhz: what's failing? you need to have autotools packages installed (automake, autoconf, etc) 02:33 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 02:44 -!- beerbro [~gustav@mineralwasser.jesus.si] has quit [Changing host] 02:44 -!- beerbro [~gustav@unaffiliated/beerbroy] has joined #openvpn 03:00 -!- JackWinter [~jack@vodsl-8990.vo.lu] has quit [Read error: Connection reset by peer] 03:04 -!- SOG [~SOG@wsip-70-164-132-45.lv.lv.cox.net] has quit [Ping timeout: 244 seconds] 03:09 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 03:14 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has joined #openvpn 03:27 <@vpnHelper> RSS Update - forum: tls-server and explicit-exit-notify 03:28 -!- Denial [Denial@drgi.co.uk] has joined #openvpn 03:34 <@vpnHelper> RSS Update - forum: openvpn on Centos 5.5 03:45 <@vpnHelper> RSS Update - forum: openvpn on Centos 5.5 03:52 <@vpnHelper> RSS Update - forum: [HELP] TAP-win32 adapter V9 Access Denied 03:52 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 04:12 -!- JackWinter [~jack@vodsl-8990.vo.lu] has joined #openvpn 04:14 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 04:15 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 04:16 -!- raa [~nag@42.79-160-154.customer.lyse.net] has joined #openvpn 04:20 -!- noisebleed [~quassel@kermit.inescn.pt] has joined #openvpn 04:20 -!- noisebleed [~quassel@kermit.inescn.pt] has quit [Changing host] 04:20 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has joined #openvpn 04:22 -!- master_of_master [~master_of@p57B52E1B.dip.t-dialin.net] has quit [Ping timeout: 240 seconds] 04:24 -!- master_of_master [~master_of@p57B55D78.dip.t-dialin.net] has joined #openvpn 04:30 -!- shogsbro_ [~shogsbro@94-193-45-205.zone7.bethere.co.uk] has joined #openvpn 04:34 -!- X0Rc0re [~chatzilla@203-206-48-170.dyn.iinet.net.au] has joined #openvpn 04:43 -!- shogsbro_ [~shogsbro@94-193-45-205.zone7.bethere.co.uk] has left #openvpn [] 04:47 -!- X0Rc0re [~chatzilla@203-206-48-170.dyn.iinet.net.au] has quit [Quit: ChatZilla 0.9.88 [Firefox 8.0.1/20111120135848]] 04:48 -!- shogsbro [~shogsbro@94-193-45-205.zone7.bethere.co.uk] has joined #openvpn 04:48 -!- frojnd [~frojnd@86.58.21.55] has quit [Ping timeout: 252 seconds] 04:49 -!- shogsbro [~shogsbro@94-193-45-205.zone7.bethere.co.uk] has left #openvpn ["Leaving..."] 05:06 -!- APTX [APTX@unaffiliated/aptx] has quit [Ping timeout: 260 seconds] 05:07 -!- frojnd [~frojnd@86.58.21.55] has joined #openvpn 05:14 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has quit [Ping timeout: 276 seconds] 05:21 <@vpnHelper> RSS Update - forum: Help me please! The speed limit openvpn. 05:33 <@vpnHelper> RSS Update - forum: Help me please! The speed limit openvpn. 05:35 -!- corretico [~luis@190.211.93.11] has quit [Ping timeout: 240 seconds] 05:39 -!- corretico [~luis@190.211.93.11] has joined #openvpn 05:43 -!- SOG [~SOG@wsip-70-164-133-20.lv.lv.cox.net] has joined #openvpn 05:46 <@vpnHelper> RSS Update - forum: How to conect trough ftp to clients 05:58 -!- SOG [~SOG@wsip-70-164-133-20.lv.lv.cox.net] has quit [Quit: I will be back!] 06:12 -!- Axeman3 [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has joined #openvpn 06:13 -!- Axeman2 [~Axeman3@knox.pace.edu] has joined #openvpn 06:13 -!- Axeman2 [~Axeman3@knox.pace.edu] has quit [Changing host] 06:13 -!- Axeman2 [~Axeman3@openvpn/user/axeman] has joined #openvpn 06:13 -!- mode/#openvpn [+v Axeman2] by ChanServ 06:14 -!- cpm [~Chip@pdpc/supporter/active/cpm] has joined #openvpn 06:16 -!- Axeman3 [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has quit [Ping timeout: 248 seconds] 06:24 -!- Axeman2 [~Axeman3@openvpn/user/axeman] has quit [Quit: Sorry Gotta Run!] 06:34 <@vpnHelper> RSS Update - forum: Help me please! The speed limit openvpn. 06:34 -!- fluter [~fluter@fedora/fluter] has joined #openvpn 06:40 <@vpnHelper> RSS Update - forum: ip pool range help 06:53 -!- cpm [~Chip@pdpc/supporter/active/cpm] has quit [Ping timeout: 244 seconds] 06:53 -!- Essobi [~Essobi@74-128-55-37.dhcp.insightbb.com] has quit [Ping timeout: 244 seconds] 07:02 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has quit [Quit: This computer has gone to sleep] 07:02 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has joined #openvpn 07:04 <@vpnHelper> RSS Update - forum: Help me please! The speed limit openvpn. 07:04 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has joined #openvpn 07:17 -!- cjs226 [~cjs226@99-61-65-242.lightspeed.austtx.sbcglobal.net] has quit [] 07:33 -!- Diffen [~diffen@78-69-119-137-no42.tbcn.telia.com] has joined #openvpn 07:47 -!- APTX [APTX@unaffiliated/aptx] has joined #openvpn 08:09 -!- cjs226 [~cjs226@rrcs-71-40-79-154.sw.biz.rr.com] has joined #openvpn 08:22 <@vpnHelper> RSS Update - forum: OpenVPN hickups with Remote Printers for MS RDP 08:32 -!- fluter [~fluter@fedora/fluter] has quit [Remote host closed the connection] 08:34 <@vpnHelper> RSS Update - forum: Routes problem, ping not into LAN 08:34 -!- JoeyJoeJo [~brian@pool-173-71-223-79.clppva.fios.verizon.net] has quit [Read error: Connection reset by peer] 08:34 -!- JoeyJoeJo [~brian@pool-173-71-223-79.clppva.fios.verizon.net] has joined #openvpn 08:36 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Ping timeout: 240 seconds] 08:37 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 08:40 <@vpnHelper> RSS Update - forum: Routes problem, ping not into LAN 08:47 < reiffert> can I rename the client certificate name after I've created the certificate? 08:49 < reiffert> not just move foo.crt bar.crt, but rename the common name 08:49 < Olipro> that would require you to generate a new certificate 08:49 < Olipro> there's nothing stopping you from using the same private key you used previously, though 08:50 < reiffert> generating a new certificate mean revoke the old one, create a new one. doesnt quite fit the letters "rename the CN" ... 08:50 < Olipro> revoking the previous one is up to you 08:50 < Olipro> nonetheless, it's not possible to simply change the CN; the signature generated from the CA key is a hash of EVERYTHING in the certificate 08:51 < Olipro> change 1 bit and you get a new hash, and therefore, require a new signatuer 08:51 < Olipro> *signature 08:51 <@dazo> reiffert: you can't change the CN of a CSR or CRt ... the file with the certificate can be named whatever you want, not related to the contents at all 08:51 <@dazo> (in fact, you can't change any information in a CSR or CRT) 08:51 < reiffert> ok, thanks guys, let me check my options. 09:17 -!- eQuiNoX__ [~eQuiNoX__@101.63.241.113] has joined #openvpn 09:18 < eQuiNoX__> hey everyone, i just used openvpn to connect to a vpn network and im able to browse through the webpages in the vpn network. however, when i try to ssh into a server present in that network, im unable to. 09:18 < eQuiNoX__> any suggestions on what i should be doing? 09:18 < eQuiNoX__> thanks in advance. 09:19 < krzee> !route 09:19 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT or (#3) See !tcpip for more info about a more basic networking guide 09:19 < krzee> probably this: 09:19 < krzee> !route_outside_ovpn 09:19 <@vpnHelper> "route_outside_ovpn" is "route_outside_openvpn" is (#1) http://www.secure-computing.net/wiki/index.php/Graph for a cool graph explaining the route you need to add to your gateway, explained better in section: ROUTES TO ADD OUTSIDE OPENVPN in !route, or (#2) you do not need this if the vpn node IS the gateway for its lan 09:19 < eQuiNoX__> let me check it out 09:19 < eQuiNoX__> thank you 09:21 < krzee> np 09:22 -!- eQuiNoX__ [~eQuiNoX__@101.63.241.113] has quit [Client Quit] 09:24 -!- mbutubuntu [~mbutubunt@host125-101-dynamic.35-79-r.retail.telecomitalia.it] has joined #openvpn 09:25 < mbutubuntu> hello folks, I've found on this link (http://openvpn.net/archive/openvpn-users/2004-11/msg00649.html) that openVPN overhead is 69 bytes per packet. 09:25 <@vpnHelper> Title: Re: [Openvpn-users] Overhead added to each packet by OpenVPN? (at openvpn.net) 09:26 < mbutubuntu> do this bytes be added before passing through tun/tap device or after? 09:27 < mbutubuntu> I'm doing this question because I'm tuning up TUN/TAP MTU 09:30 -!- mbutubuntu [~mbutubunt@host125-101-dynamic.35-79-r.retail.telecomitalia.it] has quit [Quit: Sto andando via] 09:31 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 09:54 -!- JackWinter [~jack@vodsl-8990.vo.lu] has quit [Quit: Konversation terminated!] 10:01 -!- JackWinter [~jack@vodsl-8990.vo.lu] has joined #openvpn 10:02 <@vpnHelper> RSS Update - forum: Misunderstanding of next-hop 10:05 < Peter1234> I am trying to figure out how i get the the vpn server to issue my own ip subnet range from a dhcp server instead of using the subnet that comes standard with openvpn is this done in the server config file ? 10:06 < krzee> actually 10:06 < krzee> if in bridge mode you just dont use anything to set the address 10:06 < krzee> and dhcp will take over 10:07 < krzee> so like no --server-bridge 10:07 < krzee> i would assume that the same works without bridge if the dhcp server is running on the vpn server 10:09 < Peter1234> ok so i need to setup bridge mode for that to work. yah dhcp is not on the vpn server. 10:10 < Peter1234> so i would bridge my internal interface with vpn server so it can receive the ip range from dhcp. 10:11 < Peter1234> Am i heading in the right direction with that statement ? 10:11 < krzee> well 10:11 < krzee> all depends why you even want this 10:11 < krzee> usually its 100% not needed, and comes from a lack of understanding of routing 10:12 < krzee> so, why do you want that? 10:13 < Peter1234> well this is how i setup all my cisco stuff and i am kind of new to linux and openvpn and want to stay in same standards as i have in the past 10:14 < krzee> !tunortap 10:14 <@vpnHelper> "tunortap" is (#1) you ONLY want tap if you need to pass layer2 traffic over the vpn (traffic destined for a MAC address). If you are using IP traffic you want tun. Dont waste the extra overhead. or (#2) and if your reason for wanting tap is windows shares, see !wins or (#3) also remember that if someone gets access to any side of a tap vpn they can use layer2 attacks like arp poisoning against you over 10:14 <@vpnHelper> the vpn or (#4) lan gaming? use tap! 10:14 < krzee> may as well do things correctly instead :-p 10:15 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 10:16 < Peter1234> i prefer tun but the statement krzee made . Made me think the only way i can accomplish what i wan to do by bridging. 10:19 < Peter1234> I don't know where openvpn lets me configure this option so i can issue my ip range pool in a tun setting. 10:20 < Peter1234> besides only having to use openvpn 10.8.0.0 subnet range. 10:23 -!- Diffen [~diffen@78-69-119-137-no42.tbcn.telia.com] has quit [Quit: This computer has gone to sleep] 10:23 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 10:37 <@vpnHelper> RSS Update - forum: need help on installing old program on windows 7 10:40 < Peter1234> so does any know if what i said is even possible on openvpn i have hundreds of acl in my network and not being able to do this with openvpn would make a disaster. 10:43 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has quit [Quit: Leaving] 10:44 <@dazo> Peter1234: I don't have a complete picture of your requirements .... what are you solving? The overall picture, not the details (like tap+bridging - that's a solution, not the task to solve) 10:49 < Peter1234> complete picture would be to have openvpn establish a tunnel ,but use the dhcp ip range i set and dish those out to the connecting clients 10:50 < Peter1234> not using the standard ip range that comes with openvpn. I hope that makes sense ? 10:50 -!- mocas_ [~mocas@87-196-120-236.net.novis.pt] has joined #openvpn 10:54 -!- mocas__ [~mocas@87.196.251.242] has quit [Ping timeout: 268 seconds] 10:54 <@dazo> Peter1234: why do you need the DHCP server to provide the IPs? What problem does that solve? 10:54 <@dazo> (often the solution isn't to do exactly what other solutions do - but to solve the core problem) 10:56 < Peter1234> it solves me from having to rewrite alot of acl in the internal network to suite with openvpns standard ip range. 10:56 <@dazo> Peter1234: what kind of ACLs is that? 10:56 <@dazo> and where are those ACLs propagated? 10:56 < Peter1234> on cisco switches 10:57 <@dazo> so it's firewall rules? 10:57 <@dazo> or is it more advanced traffic shaping as well? 10:57 < Peter1234> you can say that more ip rules inter vlan rules 10:57 < Peter1234> yah your second statement 10:58 < hyper_ch> hi dazo 10:58 <@dazo> hyper_ch: hey! 10:58 < hyper_ch> dazo: what's up? 10:58 < Peter1234> so if openvpn can do this iwon't have to configure much and pull a cisco unit we have already doing this. 10:59 <@dazo> Peter1234: can you be more specific what these rules do? .... I might have a different approach for you, but if I see it doesn't match - I'll skip adding other approaches 10:59 <@dazo> hyper_ch: pretty good ... u? 10:59 < hyper_ch> dazo: got a little cold... well, it's winter... 11:00 < hyper_ch> besides that, life is good.. in two weeks I should get my new desk 11:00 <@dazo> :) 11:01 -!- hyper__ch [~hyper_ch@adsl-62-167-103-68.adslplus.ch] has joined #openvpn 11:01 -!- hyper_ch [~hyper_ch@ks357331.kimsufi.com] has quit [Disconnected by services] 11:01 -!- hyper__ch is now known as hyper_ch 11:01 -!- hyper__ch [~hyper_ch@ks357331.kimsufi.com] has joined #openvpn 11:01 -!- hyper_ch [~hyper_ch@adsl-62-167-103-68.adslplus.ch] has quit [Disconnected by services] 11:01 -!- hyper__ch is now known as hyper_ch 11:01 < Peter1234> well there are probably alot of things going on in this network i can't probably explain all ,but the 2 switches i can see now have acl that limiting ip subnet ranges to certain departments. 11:01 < hyper_ch> dazo: it'll be a piece of work 11:03 <@dazo> Peter1234: good! I think you should have a quick look at eurephia then ... of course, it won't parse your cisco rules, but configuration and network overhead wise, it might be a better solution 11:03 <@dazo> !eurephia 11:03 <@vpnHelper> "eurephia" is http://www.eurephia.net/ 11:03 -!- Azrael808 [~peter@212.161.9.162] has quit [Ping timeout: 244 seconds] 11:03 < Peter1234> ok thanks dazo going to read up on it. 11:03 <@dazo> Peter1234: that's a project I'm driving ... it haven't got too much focus lately, but I use the latest development version in production on a smaller site, and it works perfect there 11:04 <@dazo> eurephia is an add-on to openvpn 11:04 * hyper_ch heard that eurphia eats small babies 11:04 <@dazo> hyper_ch: only if they're nasty 11:04 < hyper_ch> I remember I stumbled upon eurephia a while back.. what does it do again? 11:05 < Peter1234> ok cool will look into it. So as far as you know openvpn doesn't support what i am trying do without an add on . 11:05 <@dazo> Peter1234: not out-of-the-box ... which is why I decided to write eurephia .... there is a packet filtering feature in OpenVPN, but that also needs a plug-in to set up the rules 11:06 <@dazo> hyper_ch: it's a more advanced authentication and access control plug-in ... so depending on the combination of username/password and certificate, the firewall is updated to let the traffic through for that user 11:07 < hyper_ch> dazo: right, I remember now 11:07 < Peter1234> dazo : ok thanks you would think this would be easy and more versatile that openvpn team would have already added this feature to dictate your own ip range. 11:08 <@dazo> Peter1234: I don't quite understand 11:09 <@dazo> OpenVPN is more like a virtual network cable ... VPN itself doesn't control the contents of that cable (like in the real world with network cables), it's firewalls which controls the traffic .... which is where OpenVPN + eurephia gives that control 11:10 < hyper_ch> dazo: openvpn is not wireless? :( 11:10 < Peter1234> dazo : it says eurephia is an authentication plug in i don't have authentication issues i have an ip issue i don't care who authenticates i care what ip address there holding when the connect 11:10 <@dazo> Peter1234: if you don't care who connects to the VPN ... how do you know which ACL rules to apply to that connection? 11:11 < Peter1234> cause the network is setup to pool those people into certain ip ranges for there access to different services 11:11 <+EugeneKay> they're* 11:11 <@dazo> IP addresses are a very weak defence mechanism, as that can be forged ... and with proper admin rights on the client, the client may change his VPN address easily 11:12 <@dazo> and especially with OpenVPN ... it's enough to have network admin rights, and you set the IP to whatever you want 11:13 < Peter1234> you might be right in some cases but if there locked down to a specific subnet dished out by dhcp they are not going to get very far changing there ip addresses anyways. 11:14 <+EugeneKay> You might think you're right, but that is such a bad piece of networking advice I don't know where to start telling you you're wrong. 11:14 <@dazo> Peter1234: that requires the firewalls to know which VPN clients are connected with which IP addresses ... so that if the client changes the VPN address, the firewall will block it 11:15 <@dazo> and then you really do need TAP mode, to get the MAC address ... and do firewall matching on IP address + MAC address, to be sure the IP is not changed 11:26 < Peter1234> dazo : i think we all know different ways to accomplish certain things and i am not disagreeing at all with what everyone is saying. A vlan switch can drop any packet that doesn't come from its subnet before it even hits the outside wire so if you change your ip address its going to get dropped and its set up to take anything thats in that subnet to pass through to its necessary areas. We can all go about things certain ways. I was just 11:26 < Peter1234> hoping that openvpn could do what i was asking which i thought it could since i am already doing it in cisco gear. So i spent 2 days setting up this box to get rid of the cisco equipment and didn't plan ahead to check if openvpn could do this. 11:28 <@dazo> Peter1234: how and where will this VLAN tagging happen? 11:29 < Peter1234> I also don't want to get into a debate on what setup is right or wrong i just prefer to try to solve my problem at hand. 11:29 <@dazo> Peter1234: our comments here are mainly concerns that you might go for a solution which don't provide what you believe it will 11:30 * dazo need to head out now 11:30 < Peter1234> dazo : understandable thanks for you time. 11:31 -!- dazo is now known as dazo_afk 11:31 <+EugeneKay> I'm not sure what the problem at hand is. Trying to authenticate based on client IP address, rather than a PKI certificate? 11:32 < krzee> nah 11:32 < krzee> just that his switches are configured to only pass traffic from same subnet 11:32 < Peter1234> eugenekay : its not authenticateing its after authenticating i want openvpn to give out or pass to necessary dhcp server my ip range. Not the standard ip range openvpn comes with 11:32 < krzee> so he wants to bridge to get the same subnet ip from dhcp server 11:33 < krzee> which is totally doable 11:33 <+EugeneKay> OpenVPN doesn't "come with" an IP range, you specify one. 11:33 < krzee> EugeneKay, actually for that, you dont specify one ;] 11:33 <+EugeneKay> If you're bridging, sure. But bridging causes cancer, AIDS, and rapes your cat. 11:33 < krzee> this is true 11:33 < krzee> poor kitty 11:33 <+EugeneKay> The sane thing to do is to expand your switch's allowed subnet. 11:34 < krzee> yes, very much so 11:34 <+EugeneKay> If you can't figure out how to do that, I don't think I can be of any help. 11:34 < krzee> but try convincing people to be sane 11:34 <+EugeneKay> Another option is to use MASQUERADE, but then you lose all accountability beyond that it came from "the vpn server" 11:34 < krzee> true, nat-hack would work there 11:34 < krzee> although that also rapes your cat 11:34 < Peter1234> yah it sounds sane but configuring all the switches and unseen networks in this network to allowed subnet could be just a mess as well i wish it was just one switch and that wouldn't be a problem 11:36 <+EugeneKay> There's your three real options. Pick one. My advice is to bite the bullet and give your switches a decent configuration. 11:36 < krzee> other 2 is bridge, and nat-hack 11:36 < krzee> i also would go with EugeneKay's pick 11:36 < krzee> and ild take that as a chance to clean up the configs so next time would be easier 11:37 <+EugeneKay> To avoid this problem down the line, allow a nice, fat block of subnets instead of a single /24 11:37 -!- BoomSie [~gideon@dw77242112238.amsterdam-tc.dataweb.net] has quit [Ping timeout: 252 seconds] 11:37 <+EugeneKay> Pick a /16 out of the 10/8 block. 11:37 * ecrist prefers the 172 1918 range 11:37 < ecrist> !1918 11:37 <@vpnHelper> "1918" is (#1) RFC1918 makes three unique netblocks available for private use: 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 or (#2) see also: http://en.wikipedia.org/wiki/Private_network or http://www.faqs.org/rfcs/rfc1918.html or (#3) Too lazy to find your own subnet? Try this one: http://scarydevilmonastery.net/subnet.cgi 11:37 < krzee> wait wait, you want people to properly subnet as well!?!? 11:37 < Peter1234> yah i am going to have to consider this guys thanks for your input. 11:37 -!- raidz [~raidz@openvpn/corp/admin/andrew] has joined #openvpn 11:37 -!- mode/#openvpn [+o raidz] by ChanServ 11:38 < krzee> np 11:39 <+EugeneKay> I pick a /16 out of 10/8 for each of my "sites", and then divide that up into VLANS of /20 or /24. Each machine ends up with a /28 or /32, as appropriate. 11:52 < prg3> EugeneKay. That's what I did with mine.. it's really handy for routing and knowing which machine is in which office. 11:53 <+EugeneKay> And you can even connect to other 10/8 users' networks, so long as there's no /16 conflicts. 11:55 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has quit [Quit: ErichG] 12:09 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 12:15 < rob0> I've done the same thing subnetting 192.168/16 into /22's or /21's. 12:31 < kzoo> in an openvpn iroute/route statement, can i specify a different source address? im using a 'tun' interface and all traffic across the tunnel is sourced as my point-to-point /30 12:32 -!- scampbell [~scampbell@c-98-224-240-62.hsd1.mi.comcast.net] has joined #openvpn 12:35 < krzee> kzoo, huh? 12:36 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has joined #openvpn 12:37 < prg3> EugeneKay: Yes.. just make sure you never use 10/8 as a machine's netmask, and only use the /24s or however you carve up the /16s for each site.. 12:37 <+EugeneKay> Well, duh. 12:37 < prg3> :) 12:38 < prg3> I just brought up a site, and had some of my assistants learn that one the hard way 12:38 <+EugeneKay> Spank them. 12:38 < prg3> They learned 12:39 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 12:41 < ecrist> we use a /16 for our net, and use a bridged openvpn config. 12:44 -!- Essobi [~Essobi@74-128-55-37.dhcp.insightbb.com] has joined #openvpn 12:49 < hyper_ch> dazo_afk: krzee: http://www.youtube.com/watch?v=LNrLfylgHE0 12:49 <@vpnHelper> Title: How to Buy a Car, Using Game Theory - YouTube (at www.youtube.com) 12:51 < Peter1234> Eugenekay : earlier you mentioned you use a /16 10.8 for your sites right ? 12:51 <+EugeneKay> Yus 12:51 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 255 seconds] 12:51 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 12:53 < Peter1234> the network i am using is 10.15 /16 . which is you planned to use openvpn and new you only had access to 10.8 /16 subnet with openvpn as tun which is what i was talking about earlier of being locked into a certain subnet by openvpn. 12:53 < Peter1234> new = knew 12:53 < Essobi> sup 12:53 < ecrist> Peter1234: openvpn isn't locked in to 10.8/16 12:54 < ecrist> not sure why you'd think that. 12:54 < Peter1234> ecrist : you have a way i can configure my client connections in tun mode with my own range from my own dhcp server ? 12:54 < rob0> Using the default is generally NOT a good idea, because it is going to clash with all the other fools who used the default too. :) 12:55 < hyper_ch> ecrist: http://www.youtube.com/watch?v=LNrLfylgHE0 12:55 <@vpnHelper> Title: How to Buy a Car, Using Game Theory - YouTube (at www.youtube.com) 12:56 < ecrist> Peter1234: I'm not going to build your vpn for you, but if you search for '--server-bridge ' on the man page, you'll answer your own question 12:57 < Peter1234> ecrist : i am not asking you to build my vpn ,but i thought server -bridge is a tap setting. 12:57 < ecrist> it is 12:57 < ecrist> tun (routed) is a layer 3 tunnel, tap (bridged) is layer 2 (where DHCP is) 12:58 < ecrist> you cannot pass ethernet frames across a tunnel that depends on IP information. 13:00 < ecrist> and, if you want to use DHCP from your remote LAN, tap is the right thing to do. 13:01 < Peter1234> ecrist : you happen to know the overhead on that configuration is it noticable different ? 13:03 < ecrist> I use a bridged VPN, and we have openvpn hand address out from a /24 13:19 -!- DataZombie [~DataZombi@unaffiliated/skynet2000] has joined #openvpn 13:20 -!- DataZombie [~DataZombi@unaffiliated/skynet2000] has quit [Client Quit] 13:33 -!- luckman212 [~irc@pool-108-41-8-176.nycmny.fios.verizon.net] has quit [Remote host closed the connection] 13:40 < Essobi> Hmm.. Any reason I can't use push '"redirect-gateway def1"' in a CCD? 13:40 < Essobi> When I move that directive to the ccd from the primary server config.. I can connect still, but I can't route anywhere.. 13:44 < JoeyJoeJo> I've got an OpenVPN client on my iphone. Even though my server is set to route all traffic over the VPN tunnel, web traffic on my iphone doesn't go over the tunnel. However traffic bound for my network does. How can I fix this? 13:50 <+EugeneKay> Sounds like the route isn't actually "taking", or not being used on the client. I don't have a clue where to start debugging on iOS, other than to ask for logs. 13:51 -!- eyefor [~shiva@109.228.80.113] has joined #openvpn 13:51 < JoeyJoeJo> Yeah, I guess I'll look around on the device for the logs, but I suspect it's like you said 13:51 <+EugeneKay> "EugeneKay is right because EugeneKay is always right." 13:52 < eyefor> Hello, I'm using OpenVPN as VPN server on my linux box and I was wondering if there is some way to monitor traffic of each user? This would be extremely helpful! 13:52 < krzee> eyefor, in your firewall 13:53 < krzee> look for how to do it with normal lan users, its the same thing, except they are connecting over a vpn instead of a physical cable 13:53 < eyefor> krzee, I'm using iptables, would that work for each user separately? 13:53 < krzee> yes, but i cant tell you how 13:53 < eyefor> ok I'll figure it out 13:53 < krzee> not cause its top secret, but because i have never done it ;] 13:53 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has quit [Remote host closed the connection] 13:53 < eyefor> thanks for pointing me to right direction 13:53 <+EugeneKay> You'll want to give static IPs via CCD and something involving packet counting. 13:53 < krzee> np 13:53 < krzee> yes, what EugeneKay said 13:53 -!- Bitvilag [~Bitvilag@dsl4E5C7261.pool.t-online.hu] has joined #openvpn 13:53 < krzee> and you probably wanna use the default topology, with tun 13:54 < krzee> that way users cant ifconfig to a different IP 13:54 < eyefor> yeah I'm using tun 13:54 < krzee> !static 13:54 <@vpnHelper> "static" is (#1) use --ifconfig-push in a ccd entry for a static ip for the vpn client or (#2) example in net30 (default): ifconfig-push 10.8.0.6 10.8.0.5 example in subnet (see !topology) or tap (see !tunortap): ifconfig-push 10.8.0.5 255.255.255.0 or (#3) also see !ccd and !iporder 13:54 < krzee> and dont use topology subnet =] 13:55 < eyefor> so I'm assigining static IP when I create client conf file, right? 13:56 <+EugeneKay> Yes. Each client will need a ccd/ file with their IP 13:57 < eyefor> damn, that would be tricky since I would have to deploy new config files to dozens of clients 13:57 <+EugeneKay> No. 13:57 <+EugeneKay> !ccd 13:57 <@vpnHelper> "ccd" is entries that are basically included into server.conf, but only for the specified client based on common-name. use --client-config-dir to enable it, then put the config options for the client in /common-name 13:58 <+EugeneKay> Not client.conf, my mistake. Server-side, in the ccd/ dir, one file per client. 13:58 < eyefor> oh great! 13:59 -!- grendal_prime [~grendal_p@2001:470:822a:200:1e75:8ff:fe48:dfef] has joined #openvpn 13:59 < eyefor> I'm going to investigate this now, thanks!\ 13:59 < krzee> np i4 13:59 < krzee> grendal_prime is here, hide the all-spark! 13:59 < grendal_prime> whats the channel for access server support? 14:00 * krzee points @ topic 14:00 < krzee> !as 14:00 <@vpnHelper> "as" is please go to #OpenVPN-AS for help with Access-Server 14:00 < grendal_prime> sorry man for some reason this client chops the topic off and i cant seem to find a place to display it all 14:00 < krzee> by typing /topic 14:00 < grendal_prime> aahh thanks hehehe 14:00 < krzee> np ;] 14:01 < grendal_prime> so how you been man? 14:01 < grendal_prime> still in the sunshine state? 14:05 < krzee> must have me confused with someone else, but im doing well =] 14:05 < krzee> i dont live in usa ;] 14:06 -!- eyefor [~shiva@109.228.80.113] has quit [Quit: Leaving] 14:06 < krzee> how have you been? 14:06 -!- luckman212 [~irc@pool-108-41-8-176.nycmny.fios.verizon.net] has joined #openvpn 14:14 -!- Bitvilag [~Bitvilag@dsl4E5C7261.pool.t-online.hu] has quit [] 14:24 -!- Axeman [~Axeman3@198.105.46.46] has joined #openvpn 14:24 -!- Axeman [~Axeman3@198.105.46.46] has quit [Changing host] 14:24 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 14:24 -!- mode/#openvpn [+v Axeman] by ChanServ 14:26 -!- kzoo [~russellm@rustlesolutions.ca] has left #openvpn [] 14:27 -!- Some_Person [~Some_Pers@unaffiliated/someperson/x-249303] has left #openvpn ["Leaving"] 14:35 -!- stevieman [~Rob@72.38.184.18] has joined #openvpn 14:38 < stevieman> I have an openvpn setup that has been working great for about a year now. We recently changed ISPs and now one of the client computers cannot connect. Open GUI issues this error: TCP/UDP: Incoming packet rejected from 192.168.2.12:1194(2), expected per address {external IP} (Allow this incoming source address/port by removing --remote or adding --float) 14:39 < stevieman> I followed the same procedure for updating this machine as I did others. Open the .opvn config file and update the IP address to the new one. 14:42 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has joined #openvpn 14:54 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 14:59 -!- Flare183 [~jesse@botters/flare183] has joined #openvpn 14:59 -!- kitharris [~meow@71.188.116.185] has joined #openvpn 15:00 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 15:03 -!- kitharris [~meow@71.188.116.185] has quit [Client Quit] 15:04 -!- kitharris [~meow@71.188.116.185] has joined #openvpn 15:09 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Quit: Computer has gone to sleep.] 15:13 < Essobi> Is there any limit for the contents of a CCD file? 15:14 -!- converge_ [~converge@187.55.221.96] has joined #openvpn 15:14 < hyper_ch> what do you mean with limit? 15:14 < hyper_ch> the CCD will just overwrite stuff in the server config 15:14 < hyper_ch> if there are conflicting things 15:14 < hyper_ch> IIRC 15:15 < kitharris> My problem: http://pastebin.com/ieGMV0ZN Please help. :) 15:16 < Essobi> hyper_ch: I moved a directive from the main server config, to a CCD, and it seems to dead route all my traffic to nowhere, when I do. 15:17 < hyper_ch> what directive? 15:17 < Essobi> push "redirect-gateway def1" 15:18 < Essobi> It works as expected when in the main config. 15:18 < Essobi> All my traffic routes over the VPN. 15:18 < hyper_ch> should also work in the CCD 15:18 < Essobi> I would think so too.. 15:18 < hyper_ch> s/should/does/ 15:18 < hyper_ch> as I use it for one machine only in a ccd 15:19 < Essobi> yea, this is per user CCDs. 15:19 < hyper_ch> ifconfig-push 10.8.0.8 255.255.255.0 15:19 < hyper_ch> push "redirect-gateway def1 15:19 < hyper_ch> works fine 15:19 -!- joao [~converge@187.55.221.96] has joined #openvpn 15:21 < Essobi> Hmm... Perhaps I have to move the push "dhcp-option...'s with them as well.. 15:22 < Flare183> Can someone help kitharris? o_O That seems like a windows bug or something. 15:23 -!- converge_ [~converge@187.55.221.96] has quit [Ping timeout: 240 seconds] 15:33 -!- grendal_prime [~grendal_p@2001:470:822a:200:1e75:8ff:fe48:dfef] has quit [Remote host closed the connection] 15:33 -!- grendal_prime [~grendal_p@2001:470:822a:200:1e75:8ff:fe48:dfef] has joined #openvpn 15:33 < Essobi> hyper_ch: So again... no reason this config change shouldn't work? Hmm... 15:33 < hyper_ch> Essobi: it should 15:33 < hyper_ch> Flare183: issue !welcome 15:33 < hyper_ch> kitharris: issue !welcome 15:34 < kitharris> !welcome 15:34 < Flare183> hyper_ch: um I'm one of kitharris' friends. 15:34 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 15:34 -!- grendal_prime [~grendal_p@2001:470:822a:200:1e75:8ff:fe48:dfef] has left #openvpn [] 15:34 < kitharris> !goal 15:34 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc 15:34 < Essobi> !route 15:34 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT or (#3) See !tcpip for more info about a more basic networking guide 15:38 < kitharris> I want a private network between a group of online computers, using static IPs so that we can host various services to each other from within the VPN. 15:40 < Essobi> kitharris: Read the route URL right there. 15:40 < Essobi> that's pretty close to their example 15:44 -!- raidz [~raidz@openvpn/corp/admin/andrew] has quit [Ping timeout: 252 seconds] 15:44 <@vpnHelper> RSS Update - forum: OpenVPN client for the iPhone and iPad 15:48 < kitharris> I'm not trying to route any external network though. 15:49 < kitharris> I have --client-to-client set and I want clients to be able to connect directly to each other through the vpn, which is already working, except for the first windows client I've tried to add. 15:56 -!- joao [~converge@187.55.221.96] has quit [Quit: Linkinus - http://linkinus.com] 15:57 < Essobi> kitharris: yea, I read that... it's weird. 15:57 < Essobi> What version are the server, linux clients, and windows client? 15:58 < kitharris> OpenVPN 2.2.2 x86_64-unknown-linux-gnu [SSL] [LZO2] [EPOLL] [eurephia] built on Jan 3 2012 15:58 < kitharris> That's for the server and some of my clients 15:58 < Essobi> And the swindows client? 15:58 < kitharris> 2.2.2 from openvpn.net 15:59 < Essobi> yea, no idea. 15:59 <@vpnHelper> RSS Update - forum: using tls-auth with multiple clients 16:00 < Essobi> Really weird. 16:01 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Ping timeout: 248 seconds] 16:05 * EugeneKay blinks 16:05 <@vpnHelper> RSS Update - forum: Is there other special configuration needed based on ISP ? 16:06 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has quit [Ping timeout: 252 seconds] 16:08 -!- scampbell [~scampbell@c-98-224-240-62.hsd1.mi.comcast.net] has quit [Quit: Ex-Chat] 16:16 < kitharris> http://pastebin.com/P9UNPFY7 http://i.imgur.com/x417Z.png 16:23 -!- raidz [~raidz@openvpn/corp/admin/andrew] has joined #openvpn 16:23 -!- mode/#openvpn [+o raidz] by ChanServ 16:27 -!- Gravitron [~admin@cpe-65-28-68-253.kc.res.rr.com] has joined #openvpn 16:27 -!- Gravitron [~admin@cpe-65-28-68-253.kc.res.rr.com] has quit [Changing host] 16:27 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 16:38 < kitharris> !topology 16:38 <@vpnHelper> "topology" is (#1) it is possible to avoid the !/30 behavior if you use 2.1+ with the option: topology subnet This will end up being default in later versions. or (#2) Clients will receive addresses ending in .2, .3, .4, etc, instead of being divided into 2-host subnets. or (#3) See http://osdir.com/ml/network.openvpn.devel/2005-09/msg00020.html for more history on this. 16:39 < kitharris> !/30 16:39 <@vpnHelper> "/30" is (#1) http://openvpn.net/index.php/open-source/faq/77-server/273-qifconfig-poolq-option-use-a-30-subnet-4-private-ip-addresses-per-client-when-used-in-tun-mode.html (sorry for the long link, they wont fix the anchors) explains why routed clients each use 4 ips or (#2) you can avoid this behavior by reading !topology or (#3) so by default, first client is .6, then .10 .14 .18 etc etc or (#4) use 16:39 <@vpnHelper> openvpn --show-valid-subnets to see the subnets you can use in net30 16:52 -!- astrostl [~astrostl@71-11-141-45.dhcp.stls.mo.charter.com] has joined #openvpn 16:54 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Quit: Computer has gone to sleep.] 17:00 <@vpnHelper> RSS Update - forum: Site to Site Problems! 17:01 < kitharris> Fixed my problem: set --topology subnet, changed all client configs to ifconfig-push 255.255.255.0 17:02 -!- cjs226 [~cjs226@rrcs-71-40-79-154.sw.biz.rr.com] has quit [] 17:03 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Read error: Connection reset by peer] 17:03 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 17:07 -!- kitharris [~meow@71.188.116.185] has quit [Quit: haihai] 17:08 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has joined #openvpn 17:08 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has quit [Changing host] 17:08 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 17:08 -!- mode/#openvpn [+v Axeman] by ChanServ 17:08 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Read error: Connection reset by peer] 17:18 -!- Peter1234 [~jircii@ip98-165-34-222.ph.ph.cox.net] has quit [Quit: jIRCii - http://www.oldschoolirc.com] 17:24 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has quit [Quit: This computer has gone to sleep] 17:34 -!- converge [~converge@unaffiliated/joaop] has joined #openvpn 17:34 -!- converge [~converge@unaffiliated/joaop] has left #openvpn [] 17:37 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 240 seconds] 17:39 -!- X0Rc0re [~chatzilla@203-206-48-170.dyn.iinet.net.au] has joined #openvpn 17:42 -!- astrostl [~astrostl@71-11-141-45.dhcp.stls.mo.charter.com] has quit [] 17:44 -!- cjs226 [~cjs226@99-61-65-242.lightspeed.austtx.sbcglobal.net] has joined #openvpn 17:47 -!- Flare183 [~jesse@botters/flare183] has quit [Quit: herp derp] 17:48 -!- X0Rc0re [~chatzilla@203-206-48-170.dyn.iinet.net.au] has quit [Ping timeout: 240 seconds] 17:50 -!- X0Rc0re [~chatzilla@203-206-48-170.dyn.iinet.net.au] has joined #openvpn 18:02 -!- Tick-Tock [~Tick-Tock@lunari.us] has joined #openvpn 18:12 -!- nonotza [~nonotza@66.246.94.130] has joined #openvpn 18:12 < nonotza> I'm having trouble connecting to the internet while connected to an openvpn server I just setup. I followed the directions here: http://openvpn.net/index.php/open-source/documentation/howto.html#redirect but I am still not able to connect. Here are the client IP tables: http://pastebin.com/faZLc6ZE 18:12 <@vpnHelper> Title: HOWTO (at openvpn.net) 18:12 -!- glc_ [~Gclark@adsl-99-63-81-253.dsl.chcgil.sbcglobal.net] has joined #openvpn 18:12 -!- glc_ [~Gclark@adsl-99-63-81-253.dsl.chcgil.sbcglobal.net] has left #openvpn ["Leaving"] 18:14 -!- krzie [nobody@openvpn/community/support/krzee] has quit [Quit: This computer has gone to sleep] 18:15 < Schnabeltier> nonotza that´s the same problem i´m trying to solve :P 18:28 -!- nonotza_ [~nonotza@50-57-234-249.static.cloud-ips.com] has joined #openvpn 18:30 -!- krzie [nobody@openvpn/community/support/krzee] has joined #openvpn 18:30 -!- nonotza [~nonotza@66.246.94.130] has quit [Ping timeout: 240 seconds] 18:30 -!- nonotza_ is now known as nonotza 18:40 -!- krzie [nobody@openvpn/community/support/krzee] has quit [Quit: Leaving] 18:46 -!- krzie [nobody@openvpn/community/support/krzee] has joined #openvpn 18:52 -!- Denial [Denial@drgi.co.uk] has quit [] 18:54 -!- _quadDam1ge [~EmperorTo@jaguar-2-red.claimlynx.com] has joined #openvpn 18:55 -!- zeshooem [~zee@108.162.156.19] has joined #openvpn 18:55 -!- X0Rc0re [~chatzilla@203-206-48-170.dyn.iinet.net.au] has quit [Quit: ChatZilla 0.9.88 [Firefox 8.0.1/20111120135848]] 18:56 -!- _julian [~quassel@hmbg-4d06ae95.pool.mediaWays.net] has joined #openvpn 19:02 -!- EvilJStoker_ [jstoker@unaffiliated/jstoker] has joined #openvpn 19:03 -!- Netsplit *.net <-> *.split quits: zeshoem, +_quadDamage, _julian_, mrsno_, +fbh, +EvilJStoker 19:03 -!- EvilJStoker_ is now known as EvilJStoker 19:05 -!- nonotza [~nonotza@50-57-234-249.static.cloud-ips.com] has quit [Quit: nonotza] 19:14 -!- fbh [fbh@lucifer.frands.net] has joined #openvpn 19:14 -!- mrsno_ [~sno@static.153.209.46.78.clients.your-server.de] has joined #openvpn 19:15 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has joined #openvpn 19:20 -!- tekzilla [~jon@hmbg-4d06db09.pool.mediaWays.net] has quit [Ping timeout: 240 seconds] 19:22 -!- tekzilla [~jon@hmbg-4d06cbee.pool.mediaWays.net] has joined #openvpn 19:28 -!- fbh [fbh@lucifer.frands.net] has quit [Changing host] 19:28 -!- fbh [fbh@unaffiliated/fbh] has joined #openvpn 19:37 -!- mohi666 [mohi666@nat/google/x-kytvirjnjgmvhfnq] has joined #openvpn 19:38 < mohi666> What's the public IP of a remote user in a routing VPN? 19:38 < mohi666> their own IP or the VPN public IP? 19:56 -!- _julian_ [~quassel@hmbg-5f7648c9.pool.mediaWays.net] has joined #openvpn 20:00 -!- _julian [~quassel@hmbg-4d06ae95.pool.mediaWays.net] has quit [Ping timeout: 252 seconds] 20:05 -!- _julian_ [~quassel@hmbg-5f7648c9.pool.mediaWays.net] has quit [Quit: No Ping reply in 180 seconds.] 20:05 -!- _julian [~quassel@hmbg-5f7648c9.pool.mediaWays.net] has joined #openvpn 20:17 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 20:24 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 20:30 -!- Essobi [~Essobi@74-128-55-37.dhcp.insightbb.com] has quit [Ping timeout: 252 seconds] 20:32 -!- Essobi [~Essobi@74-128-55-37.dhcp.insightbb.com] has joined #openvpn 20:42 -!- mohi666 [mohi666@nat/google/x-kytvirjnjgmvhfnq] has quit [Quit: Leaving] 20:43 <@vpnHelper> RSS Update - forum: Routing to VPN stil not working with Open VPN2.2.2 20:51 -!- X0Rc0re [~chatzilla@124-169-186-202.dyn.iinet.net.au] has joined #openvpn 20:54 -!- sPiN [~sPiN@opensuse/member/jcspin247] has joined #openvpn 22:02 -!- Cr4zi3 [killaz@crazie2-1-pt.tunnel.tserv12.mia1.ipv6.he.net] has quit [Ping timeout: 252 seconds] 22:10 -!- Cr4zi3 [killaz@crazie2-1-pt.tunnel.tserv12.mia1.ipv6.he.net] has joined #openvpn 22:24 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 22:32 -!- krzie [nobody@openvpn/community/support/krzee] has quit [Quit: This computer has gone to sleep] 22:35 -!- X0Rc0re [~chatzilla@124-169-186-202.dyn.iinet.net.au] has quit [Quit: ChatZilla 0.9.88 [Firefox 8.0.1/20111120135848]] 22:40 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 22:45 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 22:49 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has quit [Quit: HydraIRC -> http://www.hydrairc.com <- Po-ta-to, boil em, mash em, stick em in a stew.] 22:59 -!- Cr4zi3 [killaz@crazie2-1-pt.tunnel.tserv12.mia1.ipv6.he.net] has quit [Remote host closed the connection] 23:06 -!- Cr4zi3 [killaz@crazie2-1-pt.tunnel.tserv12.mia1.ipv6.he.net] has joined #openvpn 23:14 <@vpnHelper> RSS Update - forum: openvpn on Centos 5.5 23:20 -!- Mp5- [~Mp5@99-59-223-143.lightspeed.jcvlfl.sbcglobal.net] has quit [Ping timeout: 255 seconds] 23:21 -!- Mp5- [~Mp5@99-59-223-143.lightspeed.jcvlfl.sbcglobal.net] has joined #openvpn 23:32 -!- krzie [nobody@hemp.ircpimps.org] has joined #openvpn 23:32 -!- krzie [nobody@hemp.ircpimps.org] has quit [Changing host] 23:32 -!- krzie [nobody@openvpn/community/support/krzee] has joined #openvpn 23:39 -!- l0rd_hex [~rubit_man@S0106000024c61290.ed.shawcable.net] has quit [Read error: Connection reset by peer] 23:43 -!- l0rd_hex [~rubit_man@S0106000024c61290.ed.shawcable.net] has joined #openvpn 23:53 -!- X0Rc0re [~chatzilla@124-169-186-202.dyn.iinet.net.au] has joined #openvpn 23:54 < X0Rc0re> what sort of hash is this? 7679827e8335635f63 23:56 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] --- Day changed Fri Jan 13 2012 00:01 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 00:01 -!- Cr4zi3 [killaz@crazie2-1-pt.tunnel.tserv12.mia1.ipv6.he.net] has quit [Read error: Connection reset by peer] 00:02 -!- Cr4zi3 [killaz@staff.xbins.org] has joined #openvpn 00:14 <@vpnHelper> RSS Update - forum: need help on installing old program on windows 7 00:31 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 00:34 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 00:46 -!- tjz [~pc@unaffiliated/tjz] has quit [Ping timeout: 240 seconds] 01:14 -!- `Ile` [~Ile@kaniserver.net] has joined #openvpn 01:14 -!- `Ile` [~Ile@kaniserver.net] has quit [Client Quit] 01:25 < hyper_ch> krzee: https://www.youtube.com/watch?v=CjaC8Pq9-V0 01:25 <@vpnHelper> Title: Revolution OS - YouTube (at www.youtube.com) 01:31 <@vpnHelper> RSS Update - forum: openvpn on Centos 5.5 01:33 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Quit: UnterPerro lives to save another day] 01:38 <@vpnHelper> RSS Update - forum: OpenVPN apt/yum repos now available 01:47 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 01:53 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 02:01 -!- matyk2012 [~mathew@cpc14-slou1-2-0-cust242.haye.cable.virginmedia.com] has joined #openvpn 02:02 < matyk2012> Hello All, I am having an issue when i try to get a client to connect to my vpn server. I have tried using TCP and UDP (Not sure why... ) but both failed. 02:02 < matyk2012> When i tried to connect via TCP 02:02 < matyk2012> I get the following Log entry 02:02 < matyk2012> Fri Jan 13 07:57:58 2012 andriod/94.197.127.26:57375 Connection reset, restarting [0] 02:05 < matyk2012> on UDP i got 02:05 < matyk2012> Fri Jan 13 07:56:21 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111) 02:08 <@vpnHelper> RSS Update - forum: openvpn on Centos 5.5 02:08 <+EugeneKay> matyk2012 - "andriod"..... phone? 02:08 < matyk2012> yup its rooted and using custom rom would this be the issue? 02:08 <+EugeneKay> Most likely a carrier firewall. 02:09 < matyk2012> ah hm anyway i can confirm? 02:09 < matyk2012> before i use to ssh tunnel to access my stuff 02:09 <+EugeneKay> Try it over WiFi ;-) 02:09 < matyk2012> would the subnet clash though? 02:09 <+EugeneKay> Use a /different/ WiFi network. 02:10 <+EugeneKay> I was reading something today about T-Mo falsifying TCP RSTs and outright blocking UDP, for whatever stupid reason. 02:10 <+EugeneKay> I've never had issue with it, but I don't use my phone off WiFi much. 02:10 < matyk2012> i have tried TCP and UDP 02:10 < matyk2012> I dont have access to another wifi either :( 02:11 <+EugeneKay> https://grepular.com/Punching_through_The_Great_Firewall_of_TMobile 02:11 <@vpnHelper> Title: Punching through The Great Firewall of T-Mobile (at grepular.com) 02:11 <+EugeneKay> tl;dr: ignore the TCP RSTs 02:11 < matyk2012> im not on tmobile but would it be usefull? 02:11 <+EugeneKay> Worth a go. 02:12 * EugeneKay snoozes 02:13 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has joined #openvpn 02:13 <@vpnHelper> RSS Update - forum: OpenVPN with redirect-gateway renders public ip inaccessable 02:16 -!- dazo_afk is now known as dazo 02:18 * hyper_ch gives EugeneKay a tissue 02:19 <+EugeneKay> Snooze, not sneeze. 02:19 < hyper_ch> :) 02:20 -!- matyk2012 [~mathew@cpc14-slou1-2-0-cust242.haye.cable.virginmedia.com] has quit [Ping timeout: 240 seconds] 02:28 -!- BoomSie [~gideon@dw77242112238.amsterdam-tc.dataweb.net] has joined #openvpn 02:33 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 02:41 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 240 seconds] 02:42 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 02:43 -!- Denial [Denial@drgi.co.uk] has joined #openvpn 02:45 -!- X0Rc0re [~chatzilla@124-169-186-202.dyn.iinet.net.au] has quit [Quit: ChatZilla 0.9.88 [Firefox 8.0.1/20111120135848]] 02:47 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 252 seconds] 02:48 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 02:52 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has quit [Quit: This computer has gone to sleep] 02:57 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 03:16 -!- bragon_ is now known as bragon 03:22 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 03:34 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has joined #openvpn 03:35 -!- Azrael808 [~peter@212.161.9.162] has joined #openvpn 03:38 -!- defsdoor [~andy@cpc17-sutt4-2-0-cust175.perr.cable.virginmedia.com] has joined #openvpn 03:51 -!- BoomSie [~gideon@dw77242112238.amsterdam-tc.dataweb.net] has quit [Remote host closed the connection] 03:59 -!- noisebleed [~quassel@kermit.inescn.pt] has joined #openvpn 03:59 -!- noisebleed [~quassel@kermit.inescn.pt] has quit [Changing host] 03:59 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has joined #openvpn 04:15 <@vpnHelper> RSS Update - forum: my wish 04:16 -!- matyk2012 [~mathew@cpc14-slou1-2-0-cust242.haye.cable.virginmedia.com] has joined #openvpn 04:17 -!- style [style@vpn.ilric.org] has joined #openvpn 04:18 < style> Hi, is there any way to restrict one user's access to only one ip (i.e. user A logs into openvpn and I want to nullroute everything except server B) 04:19 -!- stdudz [~stdudz@cpc4-newc15-2-0-cust168.gate.cable.virginmedia.com] has joined #openvpn 04:21 -!- JackWinter [~jack@vodsl-8990.vo.lu] has quit [Quit: Konversation terminated!] 04:21 -!- stdudz [~stdudz@cpc4-newc15-2-0-cust168.gate.cable.virginmedia.com] has left #openvpn [] 04:21 -!- master_of_master [~master_of@p57B55D78.dip.t-dialin.net] has quit [Ping timeout: 255 seconds] 04:22 -!- Ile [~Ile@kaniserver.net] has joined #openvpn 04:22 -!- Ile is now known as `Ile` 04:23 -!- master_of_master [~master_of@p57B55B8C.dip.t-dialin.net] has joined #openvpn 04:26 -!- JackWinter [~jack@vodsl-8990.vo.lu] has joined #openvpn 04:27 <@vpnHelper> RSS Update - forum: using tls-auth with multiple clients || openvpn on Centos 5.5 04:40 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 04:42 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has joined #openvpn 04:49 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 05:04 <@dazo> style: that's doable, with some dynamic firewall updates .... look into the script hooks, at --learn-address specifically 05:04 <@dazo> style: if you want something even more robust, but also more advanced, you can have a look at eurephia 05:04 <@dazo> !eurephia 05:04 <@vpnHelper> "eurephia" is http://www.eurephia.net/ 05:06 < style> dazo: thanks! 05:35 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Read error: Operation timed out] 05:35 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 05:45 -!- caemir [~caemir@78.129.43.30] has joined #openvpn 05:45 -!- caemir [~caemir@78.129.43.30] has quit [Changing host] 05:45 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 05:48 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has joined #openvpn 05:55 -!- corretico [~luis@190.211.93.11] has quit [Ping timeout: 240 seconds] 05:58 -!- corretico [~luis@190.211.93.11] has joined #openvpn 06:01 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has quit [Ping timeout: 240 seconds] 06:11 -!- cjs226 [~cjs226@99-61-65-242.lightspeed.austtx.sbcglobal.net] has quit [] 06:17 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has joined #openvpn 06:19 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has quit [Read error: Connection reset by peer] 06:20 -!- sia^pwnnt [8440frag@owned.ninjasinpyjamas.biz] has quit [Quit: -)(- If you can't see the fnords, they can't eat you.] 06:37 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has joined #openvpn 07:01 -!- cjs226 [~cjs226@rrcs-71-40-79-154.sw.biz.rr.com] has joined #openvpn 07:07 < reiffert> ipsec is driving me nuts. 07:08 < reiffert> any knowledge about: ipsec server running on linux, working clients: win7, osx, android, iphone/ipad without the need of breaking the jails? 07:09 < hyper_ch> !ipsec 07:09 < hyper_ch> :) 07:10 < ecrist> reiffert: IPSec sucks 07:10 < ecrist> and is best left to same-manufacturer implementations. 07:10 < ecrist> we only use it for client VPNs and then only for large corporate networks. 07:14 < hyper_ch> and IPSec eats small babies 07:16 < rob0> without ketchup? Oh, the horrors! 07:18 < reiffert> ipsec may suck, but customers are afraid in breaking the android/iOs jails, so openvpn is out of an option 07:19 < hyper_ch> but rooting android is simple 07:19 < reiffert> shut up. 07:19 < reiffert> strongswan? 07:19 < hyper_ch> and you'll never know what spyware your distributor has put on stock android 07:20 < reiffert> see above 07:22 < rob0> Set up ipsec for them and charge a heck of a lot of money. 07:24 < reiffert> rob0: providing a proper solution is more of my goals than charging lots of money. 07:26 < rob0> Well, you already have openvpn ... is that not a proper solution? Should you forever be jerked around by the whims of proprietary device vendors? 07:26 * dazo keeps his mouth shut until he is sure to get a decent portion of the "lots of money" pot 07:26 < rob0> if so, have fun, but this is not really the place to ask for ipsec advice 07:27 < reiffert> rob0: yeah, fuck it and now shut up or try to be more helpful. 07:27 <@dazo> hehehe 07:28 < rob0> I think at this point a mutual /ignore looks best. 07:28 < reiffert> ack. 07:30 -!- luckman212_ [~irc@pool-108-41-8-176.nycmny.fios.verizon.net] has joined #openvpn 07:30 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has quit [Ping timeout: 245 seconds] 07:31 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has joined #openvpn 07:32 -!- Mp5 [~Mp5@99-59-223-143.lightspeed.jcvlfl.sbcglobal.net] has joined #openvpn 07:33 -!- Mp5- [~Mp5@99-59-223-143.lightspeed.jcvlfl.sbcglobal.net] has quit [Ping timeout: 240 seconds] 07:33 -!- luckman212 [~irc@pool-108-41-8-176.nycmny.fios.verizon.net] has quit [Ping timeout: 240 seconds] 07:49 < ecrist> reiffert: I'd just use PPTP on android/iOS devices 07:49 < ecrist> also 07:49 < ecrist> !notopenvpn 07:49 <@vpnHelper> "notopenvpn" is your problem is not about openvpn, and while we try to be helpful, you may have a better chance of finding your answer if you ask your question in a channel related to your problem 07:56 <@vpnHelper> RSS Update - forum: Multiple VPN (Cisco and openvpn) 1 WAN IP 07:58 -!- cjs226 [~cjs226@rrcs-71-40-79-154.sw.biz.rr.com] has quit [] 08:20 <@vpnHelper> RSS Update - forum: Routing to VPN stil not working with Open VPN2.2.2 08:26 <@vpnHelper> RSS Update - forum: Routing to VPN stil not working with Open VPN2.2.2 08:27 -!- jameslordhz [~jack@60.12.143.134] has quit [Ping timeout: 248 seconds] 08:31 -!- mocas__ [~mocas@87-196-247-143.net.novis.pt] has joined #openvpn 08:31 <@vpnHelper> RSS Update - forum: OpenVPN AS NATmode || Routing to VPN stil not working with Open VPN2.2.2 08:34 -!- mocas_ [~mocas@87-196-120-236.net.novis.pt] has quit [Ping timeout: 252 seconds] 08:34 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has joined #openvpn 08:42 -!- jameslordhz [~jack@60.12.143.45] has joined #openvpn 08:44 <@vpnHelper> RSS Update - forum: Routing to VPN stil not working with Open VPN2.2.2 08:45 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 252 seconds] 08:45 -!- takamichi [~pri@217.23.4.104] has joined #openvpn 08:49 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has quit [Quit: This computer has gone to sleep] 08:56 <@vpnHelper> RSS Update - forum: Routing to VPN stil not working with Open VPN2.2.2 09:02 <@vpnHelper> RSS Update - forum: Routing to VPN stil not working with Open VPN2.2.2 09:08 <@vpnHelper> RSS Update - forum: Routing to VPN stil not working with Open VPN2.2.2 09:14 <@vpnHelper> RSS Update - forum: Routing to VPN stil not working with Open VPN2.2.2 09:23 -!- dollabill [~mike@199.44.8.98] has joined #openvpn 09:32 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 09:39 <@vpnHelper> RSS Update - forum: Bridge client gets gateway from DHCP despite server-bridge 09:51 -!- caemir [~caemir@78.129.43.30] has joined #openvpn 09:51 -!- caemir [~caemir@78.129.43.30] has quit [Changing host] 09:51 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 10:16 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has quit [Ping timeout: 244 seconds] 10:20 -!- mocas_ [~mocas@87-196-125-224.net.novis.pt] has joined #openvpn 10:23 -!- mocas__ [~mocas@87-196-247-143.net.novis.pt] has quit [Ping timeout: 248 seconds] 10:25 -!- `Ile` [~Ile@kaniserver.net] has quit [Quit: KVIrc 4.1.3 Equilibrium http://www.kvirc.net/] 10:27 <@vpnHelper> RSS Update - forum: Ubuntu 10.10 Certificate error 10:29 -!- `Ile` [~kvirc@178.222.168.150] has joined #openvpn 10:32 -!- Azrael808 [~peter@212.161.9.162] has quit [Read error: Operation timed out] 10:34 -!- EugeneKay [eugene@itvends.com] has quit [Quit: ZNC - http://znc.in] 10:42 -!- EugeneKay [znc@itvends.com] has joined #openvpn 10:45 -!- takamichi [~pri@217.23.4.104] has quit [Ping timeout: 240 seconds] 10:45 -!- mocas__ [~mocas@87-196-243-47.net.novis.pt] has joined #openvpn 10:46 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 10:46 -!- EugeneKay [znc@itvends.com] has quit [Remote host closed the connection] 10:49 -!- mocas_ [~mocas@87-196-125-224.net.novis.pt] has quit [Ping timeout: 240 seconds] 10:49 -!- Azrael808 [~peter@212.161.9.162] has joined #openvpn 10:54 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has quit [Ping timeout: 252 seconds] 10:57 -!- mocas_ [~mocas@87-196-123-103.net.novis.pt] has joined #openvpn 11:02 -!- mocas__ [~mocas@87-196-243-47.net.novis.pt] has quit [Ping timeout: 268 seconds] 11:03 -!- luckman212_ [~irc@pool-108-41-8-176.nycmny.fios.verizon.net] has quit [Read error: Connection reset by peer] 11:03 -!- EugeneKay [znc@itvends.com] has joined #openvpn 11:13 -!- EugeneKay [znc@itvends.com] has quit [Quit: ZNC - http://znc.in] 11:13 -!- EugeneKay [eugene@itvends.com] has joined #openvpn 11:14 -!- Azrael808 [~peter@212.161.9.162] has quit [Ping timeout: 260 seconds] 11:21 -!- `Ile`|2 [~kvirc@178.222.177.110] has joined #openvpn 11:21 -!- `Ile` [~kvirc@178.222.168.150] has quit [Ping timeout: 244 seconds] 11:27 -!- Essobi [~Essobi@74-128-55-37.dhcp.insightbb.com] has quit [Read error: Connection reset by peer] 11:31 -!- Axeman [~Axeman3@198.105.46.46] has joined #openvpn 11:31 -!- Axeman [~Axeman3@198.105.46.46] has quit [Changing host] 11:31 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 11:31 -!- mode/#openvpn [+v Axeman] by ChanServ 11:32 -!- Essobi [~Essobi@74-128-55-37.dhcp.insightbb.com] has joined #openvpn 11:34 -!- `Ile`|2 is now known as `Ile` 11:36 -!- MarKsaitis [~MarKsaiti@cpc4-rdng22-2-0-cust932.15-3.cable.virginmedia.com] has joined #openvpn 11:57 -!- okamis_ [2eef7d06@gateway/web/freenode/ip.46.239.125.6] has joined #openvpn 11:57 < okamis_> !goal 11:57 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc 11:58 < okamis_> !welcome 11:58 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 11:58 < okamis_> !howto 11:58 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror 12:12 < okamis_> my goal is to make the server not lose lan connection when starting the openvpn server 12:13 < okamis_> http://pastebin.com/KLPFhxzs 12:16 <@dazo> sounds like a good goal ;-) 12:17 <@dazo> okamis_: what's the IP range you use on your LAN? 12:17 < okamis_> 10.1.1.0 12:18 <@dazo> okamis_: that's the mistake in your config .... you can't use the same IP address range in the VPN as the LAN 12:18 <@dazo> change the VPN subnet to, say, 10.8.0.0 255.255.255.0 12:18 < okamis_> oh, 12:18 < hyper_ch> 10.8.0.x <3 12:19 <@dazo> :) 12:20 < okamis_> question: what does the mask do with the ip? I cant really understand that part 12:20 <@vpnHelper> RSS Update - forum: Routing to VPN stil not working with Open VPN2.2.2 12:21 <@dazo> !tcpip 12:21 <@vpnHelper> "tcpip" is http://www.redbooks.ibm.com/redbooks/pdfs/gg243376.pdf See chapter 3.1 for useful basic TCP/IP networking knowledge you should probably know 12:21 <@dazo> okamis_: ^^ that book should describe all these details, pretty in detail ... that's a really important aspect to understand about TCP/IP addressing 12:22 < okamis_> thx, I tried reading some wiki and making sense of a netmask calculator, gave me nightmares 12:22 < hyper_ch> okamis_: simply said: the ip address indicates the start of the subnet and the mask defines the range of it 12:23 < hyper_ch> dazo: is that so wrong? 12:23 < okamis_> not read it through yet, but 10.1.1.0 and mask 255.255.255.0 would make me believe the range is 10.1.1.0 to 255.255.255.0 but Im quite sure that aint right 12:24 <@dazo> hyper_ch: that's true ... but you forget the trick about how the netmask is used to calculate the start and the end 12:25 < hyper_ch> :) 12:27 <@dazo> okamis_: actually, 255.255.255.0 means that you have 256 IP addresses available .... and 2 of these are not "normal" IP addresses (the first and the last one) 12:27 <@dazo> but read about it, and you'll see the bigger picture :) 12:29 -!- Gravitron [~admin@65.28.68.253] has joined #openvpn 12:29 -!- Gravitron [~admin@65.28.68.253] has quit [Changing host] 12:29 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 12:34 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Quit: Computer has gone to sleep.] 12:36 -!- dazo is now known as dazo_afk 12:41 -!- dazo_afk is now known as dazo 12:42 -!- dazo is now known as dazo_afk 12:49 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has quit [Remote host closed the connection] 12:51 <@vpnHelper> RSS Update - forum: using tls-auth with multiple clients 13:03 -!- stephanj [stephan@nemesis.stejau.de] has left #openvpn [] 13:09 <@vpnHelper> RSS Update - forum: Routing to VPN stil not working with Open VPN2.2.2 13:21 <@vpnHelper> RSS Update - forum: Routing to VPN stil not working with Open VPN2.2.2 13:36 -!- catsup [~d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer] 13:36 -!- catsup [~d@ps38852.dreamhost.com] has joined #openvpn 14:11 -!- _quadDam1ge is now known as _quadDamage 14:17 -!- nowen [~nowen@adsl-74-176-212-133.asm.bellsouth.net] has joined #openvpn 14:19 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 14:35 -!- `Ile` [~kvirc@178.222.177.110] has quit [Quit: KVIrc 4.1.3 Equilibrium http://www.kvirc.net/] 14:38 < sPiN> howdy chaps.. I was just got openvpn configured on my pfsense firewall and got a linux 3.1 kernel'd client to connect to it.. i was using a usb 3g modem and disabling the wifi 14:40 < sPiN> i noticed the interface for the usb 3g modem has an MTU of only 128 and i think this might be causing all of these udpv4 no buffer space available errors 14:41 < sPiN> ive tried enabling mss and setting various mtus, but i cant seem to shut that error up.. i did notice that if i set an mtu of 966 on the tun device i seemed to get consistent perf. i am doing a redirect gateway setup and everything works as expected.. so it may just be an annoying warning i have to deal with 14:43 < sPiN> it spams several a minute in the clients logs.. i disabled the usb 3g modem and enabled wifi and was able to loopback into my external ip and connect to the vpn without any of these udpv4 errors.. so im wondering if any of you guys might have experience with 3g modems on clients and openvpn connections 14:44 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has quit [] 14:47 -!- tessier [~treed@kernel-panic/copilotco] has quit [Read error: Connection reset by peer] 14:49 -!- newl [~newl@97.75.165.156] has joined #openvpn 14:56 -!- dollabill [~mike@199.44.8.98] has quit [Ping timeout: 244 seconds] 15:03 -!- raidz [~raidz@openvpn/corp/admin/andrew] has quit [Ping timeout: 252 seconds] 15:09 -!- Beave [~champ@bundy.vistech.net] has quit [Ping timeout: 252 seconds] 15:19 -!- oc80z [~oc80z@blea.ch] has quit [Changing host] 15:19 -!- oc80z [~oc80z@openvpn/user/oc80z] has joined #openvpn 15:21 -!- rmull [rmull@nooperation.org] has joined #openvpn 15:22 -!- rmull [rmull@nooperation.org] has left #openvpn [] 15:44 < Essobi> ˜/2 15:45 -!- newl [~newl@97.75.165.156] has left #openvpn [] 15:51 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 15:52 -!- matyk2012 [~mathew@cpc14-slou1-2-0-cust242.haye.cable.virginmedia.com] has quit [Remote host closed the connection] 15:54 <+dxtr> What could it be if the connection to a server stops at "MANAGEMENT: >STATE:1326490377,WAIT,,," 15:54 <+dxtr> after "UDPv4 link remote: " 15:54 -!- johnny_be_yellow [~Joe@96.26.97.237] has joined #openvpn 15:54 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has quit [Remote host closed the connection] 15:54 < johnny_be_yellow> !welcome 15:54 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 15:55 < johnny_be_yellow> !route 15:55 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT or (#3) See !tcpip for more info about a more basic networking guide 16:01 < johnny_be_yellow> I've got a problem that's driving me crazy -- somehow I guess I'm making a routing loop on the clients that causes openvpn to use 100% of a cpu. I have everything working with a single push "route 192.168.39.0 255.255.255.0" -- if I add a push "route 192.168.40.0 255.255.255.0" the openvpn windows client goes nuts and never sends anything it just burns cpu -- I don't understand it -- 192.168.39 and 40 are not on the client at all. Is there a way to 16:01 < johnny_be_yellow> what's happening on the client openvpn side? 16:05 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Ping timeout: 248 seconds] 16:08 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has joined #openvpn 16:10 -!- raidz [~raidz@openvpn/corp/admin/andrew] has joined #openvpn 16:10 -!- mode/#openvpn [+o raidz] by ChanServ 16:34 -!- defsdoor [~andy@cpc17-sutt4-2-0-cust175.perr.cable.virginmedia.com] has quit [Quit: Ex-Chat] 16:39 -!- EugeneKay [eugene@itvends.com] has quit [Ping timeout: 252 seconds] 16:39 -!- nowen [~nowen@adsl-74-176-212-133.asm.bellsouth.net] has quit [Quit: Leaving.] 16:47 -!- EugeneKay [eugene@itvends.com] has joined #openvpn 16:49 -!- Gravitron [~admin@65.28.68.253] has joined #openvpn 16:49 -!- Gravitron [~admin@65.28.68.253] has quit [Changing host] 16:49 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 16:51 -!- mode/#openvpn [+v EugeneKay] by ChanServ 16:58 <@vpnHelper> RSS Update - forum: multicast config 17:09 -!- futurestack [~o_o@unaffiliated/futurestack] has quit [Ping timeout: 260 seconds] 17:10 -!- futurestack [~o_o@unaffiliated/futurestack] has joined #openvpn 17:19 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 17:40 -!- JackWinter2 [~jack@vodsl-8990.vo.lu] has joined #openvpn 17:48 -!- Netsplit *.net <-> *.split quits: sigius, JackWinter, corretico 17:52 -!- Netsplit over, joins: corretico 17:55 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has joined #openvpn 17:55 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has quit [Changing host] 17:55 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 17:55 -!- mode/#openvpn [+v Axeman] by ChanServ 17:55 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has joined #openvpn 17:57 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Quit: Computer has gone to sleep.] 18:04 -!- MeanderingCode [~Meanderin@97-123-13-2.albq.qwest.net] has joined #openvpn 18:04 < MeanderingCode> hello all 18:04 -!- Axeman2 [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has joined #openvpn 18:04 -!- Axeman2 [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has quit [Changing host] 18:04 -!- Axeman2 [~Axeman3@openvpn/user/axeman] has joined #openvpn 18:04 -!- mode/#openvpn [+v Axeman2] by ChanServ 18:05 < MeanderingCode> i'm scouring the 'net for info on vpn configuration, routing (as in how a linux host running an openvpn client routes things), etc, all towards the goal of having only _certain_ applications' traffic route over the vpn connection 18:05 < MeanderingCode> remarkably difficult to find :/ 18:06 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Ping timeout: 248 seconds] 18:06 < MeanderingCode> can anyone point me at some good resources? 18:06 < |Mike|> topic 18:06 < |Mike|> !def1 18:06 -!- frojnd [~frojnd@86.58.21.55] has quit [Ping timeout: 260 seconds] 18:06 <@vpnHelper> "def1" is (#1) used in redirect-gateway, Add the def1 flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. or (#2) please see --redirect-gateway in the man page ( !man ) to fully understand or (#3) push "redirect-gateway def1" 18:06 < |Mike|> !route 18:06 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT or (#3) See !tcpip for more info about a more basic networking guide 18:07 < MeanderingCode> thanks |Mike| 18:13 -!- MarKsaitis [~MarKsaiti@cpc4-rdng22-2-0-cust932.15-3.cable.virginmedia.com] has quit [Ping timeout: 260 seconds] 18:15 -!- Denial [Denial@drgi.co.uk] has quit [] 18:22 -!- okamis_ [2eef7d06@gateway/web/freenode/ip.46.239.125.6] has quit [Quit: Page closed] 18:39 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 18:56 -!- Axeman2 [~Axeman3@openvpn/user/axeman] has quit [Ping timeout: 248 seconds] 19:16 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 19:16 -!- Axeman2 [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has joined #openvpn 19:16 -!- Axeman2 [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has quit [Changing host] 19:16 -!- Axeman2 [~Axeman3@openvpn/user/axeman] has joined #openvpn 19:16 -!- mode/#openvpn [+v Axeman2] by ChanServ 19:18 -!- tekzilla [~jon@hmbg-4d06cbee.pool.mediaWays.net] has quit [Read error: Operation timed out] 19:23 -!- tekzilla [~jon@hmbg-4d06f5da.pool.mediaWays.net] has joined #openvpn 19:34 -!- newl [~newl@97.75.165.156] has joined #openvpn 19:50 -!- tjz [~pc@bb116-14-145-196.singnet.com.sg] has joined #openvpn 19:50 -!- tjz [~pc@bb116-14-145-196.singnet.com.sg] has quit [Changing host] 19:50 -!- tjz [~pc@unaffiliated/tjz] has joined #openvpn 19:54 -!- caemir [~caemir@78.129.43.30] has joined #openvpn 19:54 -!- caemir [~caemir@78.129.43.30] has quit [Changing host] 19:54 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 19:54 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 19:55 -!- _julian_ [~quassel@hmbg-5f77d30b.pool.mediaWays.net] has joined #openvpn 19:58 -!- _julian [~quassel@hmbg-5f7648c9.pool.mediaWays.net] has quit [Ping timeout: 248 seconds] 20:18 -!- Axeman2 [~Axeman3@openvpn/user/axeman] has quit [Ping timeout: 248 seconds] 20:21 -!- newl [~newl@97.75.165.156] has left #openvpn [] 20:25 -!- teratoma [~teratoma@i.dont.get.mad.i.get.stabby.net] has joined #openvpn 20:37 -!- JackWinter2 [~jack@vodsl-8990.vo.lu] has quit [Quit: Konversation terminated!] 20:41 -!- JackWinter [~jack@vodsl-8990.vo.lu] has joined #openvpn 20:41 -!- JackWinter [~jack@vodsl-8990.vo.lu] has quit [Client Quit] 20:45 -!- JackWinter [~jack@vodsl-8990.vo.lu] has joined #openvpn 20:46 <+EugeneKay> ecrist, are you about? 20:47 < krzie> MeanderingCode, 20:47 < krzie> !routebyapp 20:47 <@vpnHelper> "routebyapp" is if you want to send only certain apps over the VPN you need to run a socks server on the internal VPN subnet (see !sockd) then get an app like proxifier (google it) to selectively route traffic over the socks proxy based on port/app/subnet or any combination. 20:48 < MeanderingCode> !sockd 20:48 <@vpnHelper> "sockd" is if you want !routebyapp you can use this dante config www.ircpimps.org/sockd.conf but BE SURE TO ONLY RUN THIS ON THE INTERNAL VPN IP! otherwise you will be an open proxy. that config has no security because its expected to run inside openvpn 20:48 <+EugeneKay> krzie, you might know. What powers vpnHelper? 20:48 < krzie> !version 20:48 <@vpnHelper> The current (running) version of this Supybot is 0.83.4.1. The newest version available online is 0.83.4.1. 20:49 < MeanderingCode> thanks, krzie. Unfortunately, I won't be able to administer most of the vpns in question for this setup 20:49 < krzie> that and black magic 20:49 <+EugeneKay> Ah, danke. 20:49 < MeanderingCode> it will, however, help regarding my laptop's configuration :) 20:49 < krzie> np MeanderingCode, but thats the ONLY way you will route by app 20:49 < MeanderingCode> pretty much 20:49 < krzie> however, if connecting to services on the server, you can use the vpn ip to connect, then it goes over the vpn 20:50 < MeanderingCode> the other methods i'm finding are some bind trickery and iptables 20:50 < MeanderingCode> right, what you said :) 20:50 < krzie> maybe even split-routing 20:50 < krzie> err 20:50 < krzie> split-dns 20:50 < MeanderingCode> and binding apps to interfaces, when they support it, along w/ SO_BINDTODEVICE 20:50 < krzie> depending on the real goal 20:51 < MeanderingCode> and iptables magic, by matching UID (which is by user, not application, but i can make that work) 20:52 < krzie> that would be a cool writeup 20:52 < krzie> !wiki 20:52 <@vpnHelper> "wiki" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN for the Unofficial wiki or (#2) https://community.openvpn.net/openvpn/wiki for the Official wiki 20:53 < krzie> if interested ;] 20:53 < MeanderingCode> ya know, if i can get it working in a stable fashion, i certainly will :) 20:54 < MeanderingCode> and thanks for the invitation :) 20:57 -!- caemir [~caemir@78.129.43.30] has joined #openvpn 20:57 -!- caemir [~caemir@78.129.43.30] has quit [Changing host] 20:57 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 21:00 <+EugeneKay> Yay, got my supybot running. 21:21 -!- newl [~newl@97.75.165.156] has joined #openvpn 21:32 -!- newl [~newl@97.75.165.156] has left #openvpn [] 22:01 -!- Axeman2 [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has joined #openvpn 22:01 -!- Axeman2 [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has quit [Changing host] 22:01 -!- Axeman2 [~Axeman3@openvpn/user/axeman] has joined #openvpn 22:01 -!- mode/#openvpn [+v Axeman2] by ChanServ 22:06 -!- MeanderingCode_ [~Meanderin@97-123-13-2.albq.qwest.net] has joined #openvpn 22:06 -!- MeanderingCode_ [~Meanderin@97-123-13-2.albq.qwest.net] has quit [Read error: Connection reset by peer] 22:07 -!- MeanderingCode [~Meanderin@97-123-13-2.albq.qwest.net] has quit [Ping timeout: 240 seconds] 22:33 -!- jameslordhz [~jack@60.12.143.45] has quit [Ping timeout: 255 seconds] 22:34 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 268 seconds] 22:35 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 22:37 -!- jameslordhz [~jack@60.12.143.45] has joined #openvpn 22:40 -!- Axeman2 [~Axeman3@openvpn/user/axeman] has quit [Quit: Sorry Gotta Run!] 22:48 -!- agagag [~anton@eudaimonia.goto10.org] has quit [Remote host closed the connection] 22:53 -!- agagag [~anton@eudaimonia.goto10.org] has joined #openvpn 22:58 -!- agagag [~anton@eudaimonia.goto10.org] has quit [Ping timeout: 260 seconds] 23:45 -!- X0Rc0re [~chatzilla@124-169-186-202.dyn.iinet.net.au] has joined #openvpn --- Day changed Sat Jan 14 2012 00:01 -!- agagag [~anton@eudaimonia.goto10.org] has joined #openvpn 00:16 -!- jameslordhz [~jack@60.12.143.45] has quit [Ping timeout: 260 seconds] 00:22 -!- jameslordhz [~jack@60.12.143.45] has joined #openvpn 01:05 -!- dioz [~dioz@2001:470:1f11:12a9::1] has quit [Read error: Operation timed out] 01:09 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 01:34 -!- jameslordhz [~jack@60.12.143.45] has quit [Ping timeout: 240 seconds] 01:42 -!- ribbler [~bcalab@117.239.59.179] has left #openvpn [] 01:44 -!- jameslordhz [~jack@60.12.143.45] has joined #openvpn 01:46 < jameslordhz> hi 01:47 -!- jameslordhz [~jack@60.12.143.45] has left #openvpn [] 02:05 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 02:08 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 02:16 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has quit [Ping timeout: 276 seconds] 02:18 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has joined #openvpn 02:37 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 02:43 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 02:47 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has quit [Ping timeout: 240 seconds] 02:59 <@vpnHelper> RSS Update - forum: I cannot get my openvpn client to connect to the server 03:02 -!- mohi666 [~mohi@c-76-103-53-145.hsd1.ca.comcast.net] has joined #openvpn 03:04 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Read error: Operation timed out] 03:04 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 03:35 -!- mohi666 [~mohi@c-76-103-53-145.hsd1.ca.comcast.net] has quit [Quit: Leaving] 03:39 -!- Crumbz [~Crumbz@host-89-242-68-69.as13285.net] has joined #openvpn 03:40 < Crumbz> Hey guys, is there any way to run the openvpn client as a socks proxy server? i'm sure i saw an option for it before but i cannot find it. 03:59 -!- X0Rc0re [~chatzilla@124-169-186-202.dyn.iinet.net.au] has quit [Quit: ChatZilla 0.9.88 [Firefox 8.0.1/20111120135848]] 04:12 < hyper_ch> Crumbz: what's a socks proxy server? 04:22 -!- master_of_master [~master_of@p57B55B8C.dip.t-dialin.net] has quit [Ping timeout: 240 seconds] 04:22 -!- X0Rc0re_ [7ca9baca@gateway/web/freenode/ip.124.169.186.202] has joined #openvpn 04:22 < X0Rc0re_> hello, may i ask what type of OpenVPN is this? http://openvpn.net/index.php/access-server/docs/admin-guides/387-how-to-use-local-user-authentication.html 04:22 <@vpnHelper> Title: How to use local user authentication (at openvpn.net) 04:22 < X0Rc0re_> is it a paid OpenVPN? 04:23 < reiffert> X0Rc0re_: openvpn is a piece of software. 04:23 < X0Rc0re_> how do you get that web user interface? 04:23 < reiffert> X0Rc0re_: it's been released under GPL. 04:23 < X0Rc0re_> reiffert: then whats that web user interface?? 04:23 -!- master_of_master [~master_of@p57B54777.dip.t-dialin.net] has joined #openvpn 04:23 < X0Rc0re_> is it free? 04:24 < reiffert> there is no web user interface that comes with openvpn, but there are webinterfaces you can use, e.g. 04:24 < reiffert> http://openvpn-web-gui.sourceforge.net/ 04:24 <@vpnHelper> Title: OpenVPN Web GUI 0.3.x (at openvpn-web-gui.sourceforge.net) 04:24 < X0Rc0re_> oh thanx :) 04:24 < X0Rc0re_> so i that will allow other users to connect to my VPN? 04:25 < reiffert> no, it's a web interface to manage the openvpn certificates. 04:26 < X0Rc0re_> so how do i manage users to connect to my VPN? 04:26 < reiffert> how do you think that it might eventually work, especially "connecting users to a vpn"? 04:26 < X0Rc0re_> certs 04:26 < reiffert> print out certs, then what? 04:27 < X0Rc0re_> give them to the users? 04:27 < reiffert> great, what will they do with them? 04:27 < X0Rc0re_> connect to my vpn 04:28 < reiffert> well, they have a client, they have a config file, they have certificates. then they are potentially able to connect. 04:28 < X0Rc0re_> i would still like to know what is this? http://gyazo.com/f9f3c263a184e08228a69630f54aaf38 04:28 <@vpnHelper> Title: f9f3c263a184e08228a69630f54aaf38.png (at gyazo.com) 04:28 < reiffert> it's an url. 04:28 < X0Rc0re_> ... 04:28 < reiffert> !as 04:28 <@vpnHelper> "as" is please go to #OpenVPN-AS for help with Access-Server 04:28 < reiffert> Access-Server is the commercial product of the openvpn company. 04:29 < X0Rc0re_> so that is access server? 04:29 < reiffert> right. we dont support that in here. 04:29 < X0Rc0re_> oh ok 04:29 < X0Rc0re_> #OpenVPN-AS 04:29 < X0Rc0re_> ty 04:29 < X0Rc0re_> is that another way i can alllow users to connect? 04:29 < X0Rc0re_> using as? 04:30 < reiffert> not using as. 04:30 < reiffert> but do as the howto says 04:30 < reiffert> !howto 04:30 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror 04:32 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 248 seconds] 04:32 -!- agagag [~anton@eudaimonia.goto10.org] has quit [Ping timeout: 252 seconds] 04:36 -!- X0Rc0re_ [7ca9baca@gateway/web/freenode/ip.124.169.186.202] has quit [Ping timeout: 258 seconds] 04:38 -!- agagag [~anton@eudaimonia.goto10.org] has joined #openvpn 04:38 <@vpnHelper> RSS Update - forum: Buying a cookware set 04:40 -!- mattock [~samuli@openvpn/corp/admin/mattock] has left #openvpn [] 04:40 -!- X0Rc0re [~chatzilla@124-169-186-202.dyn.iinet.net.au] has joined #openvpn 04:46 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 04:49 < X0Rc0re> what is this? http://sourceforge.net/projects/openvpn-config/ 04:49 <@vpnHelper> Title: OpenVPN Configuration CLI Wizard | Free System Administration software downloads at SourceForge.net (at sourceforge.net) 04:51 < X0Rc0re> is untangle any good? http://www.untangle.com/images/screenshots/OpenVPN/openvpn_gui_email_clients.png 04:52 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 04:57 < hyper_ch> X0Rc0re: if you want a config generator use 04:57 < hyper_ch> !confgen 04:57 <@vpnHelper> "confgen" is (#1) http://www.doeshosting.com/code/openvpn-confgen.tgz for the bash config generator or (#2) you can use svn co http://www.secure-computing.net/svn/trunk/openvpn-confgen/ 04:58 < hyper_ch> some crazy guy in here created it :) 05:11 < X0Rc0re> hyper_ch: im done with my config file:) 05:11 < X0Rc0re> :) 05:24 < X0Rc0re> how exactly do i find the cert file in OpenVPN? 05:24 < hyper_ch> create them 05:24 < hyper_ch> !howto 05:24 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror 05:24 < hyper_ch> !ca 05:25 < hyper_ch> !cert 05:25 < X0Rc0re> ? 05:25 < X0Rc0re> lol 05:26 < hyper_ch> !pki 05:26 <@vpnHelper> "pki" is (#1) http://openvpn.net/index.php/open-source/documentation/howto.html#pki for how to make your PKI stuff (ca, and certs) or (#2) Heres a basic rundown of how it works... The server, client, and ca certs are all signed by the same ca.key. The server and client use the ca.crt to check that eachother were signed by the right ca.key. Optionally, the client also checks that the server cert was 05:26 <@vpnHelper> signed specially as a server (see !servercert) 05:26 < X0Rc0re> yes i have read that and done that 05:27 < X0Rc0re> i want to know what directory do i go to to obtain them? 05:27 < hyper_ch> depends where you created them 05:28 < X0Rc0re> the default area 05:29 < X0Rc0re> http://screensnapr.com/v/qajfyU.png 05:29 <@vpnHelper> Title: View qajfyU.png on ScreenSnapr (at screensnapr.com) 05:30 < hyper_ch> you really should use colorization for ls 05:31 < X0Rc0re> colorization? 05:34 < hyper_ch> yes 05:34 < hyper_ch> add this to your .bashrc file 05:35 < hyper_ch> # enable color support of ls and also add handy aliases 05:35 < hyper_ch> if [ -x /usr/bin/dircolors ]; then 05:35 < hyper_ch> test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)" 05:35 < hyper_ch> alias ls='ls --color=auto' 05:35 < hyper_ch> #alias dir='dir --color=auto' 05:35 < hyper_ch> #alias vdir='vdir --color=auto' 05:35 < hyper_ch> alias grep='grep --color=auto' 05:35 < hyper_ch> alias fgrep='fgrep --color=auto' 05:35 < hyper_ch> alias egrep='egrep --color=auto' 05:35 < hyper_ch> fi 05:35 < hyper_ch> get the dircolors if it's not installed yet 05:35 < hyper_ch> log out and log back in 05:46 < X0Rc0re> kk :p 05:50 < hyper_ch> see now the colorization? 05:54 -!- MarKsaitis [~MarKsaiti@cpc4-rdng22-2-0-cust932.15-3.cable.virginmedia.com] has joined #openvpn 06:08 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has quit [Remote host closed the connection] 06:41 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 06:42 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Remote host closed the connection] 07:05 -!- MarKsaitis [~MarKsaiti@cpc4-rdng22-2-0-cust932.15-3.cable.virginmedia.com] has quit [Ping timeout: 252 seconds] 07:10 -!- gffa [~gffa@unaffiliated/gffa] has quit [Ping timeout: 244 seconds] 07:13 -!- mocas__ [~mocas@87-196-242-85.net.novis.pt] has joined #openvpn 07:15 -!- mocas_ [~mocas@87-196-123-103.net.novis.pt] has quit [Ping timeout: 268 seconds] 07:18 -!- gffa [~gffa@unaffiliated/gffa] has joined #openvpn 07:25 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has joined #openvpn 07:46 -!- radioxid [~radioxid@nlr28-1-78-237-60-197.fbx.proxad.net] has joined #openvpn 07:50 -!- X0Rc0re [~chatzilla@124-169-186-202.dyn.iinet.net.au] has quit [Quit: ChatZilla 0.9.88 [Firefox 8.0.1/20111120135848]] 07:59 -!- radioxid [~radioxid@nlr28-1-78-237-60-197.fbx.proxad.net] has quit [Quit: Get MacIrssi - http://www.sysctl.co.uk/projects/macirssi/] 08:42 -!- resha [~rave@112.198.78.136] has joined #openvpn 08:42 -!- resha [~rave@112.198.78.136] has quit [Client Quit] 08:42 -!- resha1 [~rave@112.198.78.136] has joined #openvpn 08:42 < resha1> what can I do if my isp throttles vpn connection? 08:43 < hyper_ch> get a new isp 08:44 < resha1> all our isp are throttling vpn connection 08:47 -!- resha1 [~rave@112.198.78.136] has quit [Read error: Connection reset by peer] 08:48 -!- resha [~rave@112.198.78.136] has joined #openvpn 08:48 -!- resha [~rave@112.198.78.136] has left #openvpn [] 08:59 -!- Kaizen [~osu@unaffiliated/kyoku] has joined #openvpn 09:01 < Kaizen> what's the easiest way to create my own custom branded openvpn client, anyone have a guide for it? looks like they don't release the source code for windows gui 09:02 < hyper_ch> as openvpn is opensource, then the code for the windows gui should also be somewher 09:03 < Kaizen> http://openvpn.net/index.php?option=com_content&id=357 the client is here, but there is no source code i can find 09:03 <@vpnHelper> Title: Client Packages (at openvpn.net) 09:07 < hyper_ch> https://community.openvpn.net/openvpn/wiki/DeveloperDocumentation#Maindevelopmentrepositorygit 09:07 <@vpnHelper> Title: DeveloperDocumentation – OpenVPN Community (at community.openvpn.net) 09:07 < hyper_ch> which points to here http://openvpn.git.sourceforge.net/git/gitweb.cgi?p=openvpn/openvpn.git;a=summary 09:07 <@vpnHelper> Title: SourceForge - openvpn/openvpn.git/summary (at openvpn.git.sourceforge.net) 09:08 < hyper_ch> when browsing the tree you get here http://openvpn.git.sourceforge.net/git/gitweb.cgi?p=openvpn/openvpn.git;a=tree 09:08 <@vpnHelper> Title: SourceForge - openvpn/openvpn.git/tree (at openvpn.git.sourceforge.net) 09:08 < hyper_ch> which has a install-w32 folder 09:08 < hyper_ch> http://openvpn.git.sourceforge.net/git/gitweb.cgi?p=openvpn/openvpn.git;a=tree;f=install-win32;h=9a7d6f35a3825ab736e43ae0df87441269565d0e;hb=HEAD 09:08 <@vpnHelper> Title: SourceForge - openvpn/openvpn.git/tree - install-win32/ (at openvpn.git.sourceforge.net) 09:08 < hyper_ch> it's all there, all you have to do is look for it 09:38 -!- Gravitron [~admin@65.28.68.253] has joined #openvpn 09:38 -!- Gravitron [~admin@65.28.68.253] has quit [Changing host] 09:38 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 09:48 -!- APTX_ [APTX@unaffiliated/aptx] has joined #openvpn 09:48 -!- Denial [Denial@drgi.co.uk] has joined #openvpn 09:49 -!- APTX [APTX@unaffiliated/aptx] has quit [Ping timeout: 252 seconds] 09:54 -!- stdudz [~stdudz@93-97-250-212.zone5.bethere.co.uk] has joined #openvpn 09:57 < stdudz> Hey all, anyone here have experience setting up and linking multiple servers with subnet topology? I'm having a problem with the iroutes. The server link is achieved by having one server, B, act as a client of the other, A. Server A then pushes all the routes to server B, and has all the iroutes also pushed to it. 09:59 < stdudz> Everything works fine, I have scripts to change the routes on server B when a client connects. The big problem is that if the link goes down between the 2 servers and then comes up again, all the subnets attached to server A go down, because the iroute option prioritises the new connections. In this case Server B gets all the iroutes. 09:59 < hyper_ch> that's too complex to me to understand for what you're trying to achieve 10:01 < stdudz> Most of it is background, the problem is that i have duplicate iroutes and the wrong one is being used when the 2nd server link goes down and comes back on, server A assumes all the subnets are on server B 10:02 < hyper_ch> all traffic has always to go through the serve 10:02 < hyper_ch> I mean all client traffic 10:02 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has joined #openvpn 10:02 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has quit [Changing host] 10:02 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 10:02 -!- mode/#openvpn [+v Axeman] by ChanServ 10:05 < stdudz> Yes, clients can chose either server A or B. I have the client config set so it is random. If both the servers stayed up all the time it would be perfect, but unfortunately its not possible 10:06 < stdudz> One way I was thinking was to disconnect all clients when Server B re-establishes the connection to server A. Is there a way to do this? 10:06 < stdudz> That way the client subnets will reconnect to server A, and they will get their iroute back as they are more recently connected than server B 10:07 < stdudz> The question is really about prioritising iroutes, if anyone has any idea? 10:10 < stdudz> can give more info if needed 10:15 < hyper_ch> dazo_afk: will you wear a "dazo" name patch at fossdem? 10:19 -!- radioxid [~radioxid@nlr28-1-78-237-60-197.fbx.proxad.net] has joined #openvpn 10:31 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Quit: Sorry Gotta Run!] 10:41 < stdudz> Still researching this problem with the iroutes. One solution is to force all clients to disconnect when the other server connects. I know the management interface can do this, but the router I have openvpn is running on doesn't have telnet on it. The preferred way would be to have a client-connect script contain commands that do it. Is this possible? Or is there anything else I can do? 10:54 < krzie> using a routing protocol or something? 10:55 -!- Cr4zi3 [killaz@staff.xbins.org] has quit [Read error: Operation timed out] 10:59 -!- Kaizen [~osu@unaffiliated/kyoku] has quit [Read error: Connection reset by peer] 11:00 -!- Brownout [~brownout@wikimedia/brownout] has joined #openvpn 11:01 < stdudz> nicest way for this to work would be if the iroute allowed a metric to be stated with it 11:03 < Brownout> I'm having some issues with an openvpn server (2.1.0), when started I get the error message: "RESOLVE: Cannot parse IP address: 192.168.57.0 Options error: error parsing --server parameters". The server line is "server 192.168.57.0 255.255.255.0". Any ideas? 11:08 <@vpnHelper> RSS Update - forum: User Auth for VPN 11:10 < hyper_ch> theres a udp or tcp missing I think 11:11 < hyper_ch> no, I'm wrong 11:11 < hyper_ch> try a different network like 10.8.0.0 11:14 < Brownout> hm, you're right 11:15 < hyper_ch> I am? 11:15 < hyper_ch> about what? 11:15 < Brownout> about trying a different network 11:15 < Brownout> why wouldn't it like 192.168.57.0/24? 11:16 < hyper_ch> the ways of OpenVPN are mysterious and known only to a selected few prophets 11:18 < hyper_ch> which is religious-speak for I have no clue 11:23 -!- stdudz [~stdudz@93-97-250-212.zone5.bethere.co.uk] has quit [Ping timeout: 240 seconds] 11:23 -!- stdudz [~stdudz@cpc3-benw10-2-0-cust179.gate.cable.virginmedia.com] has joined #openvpn 11:35 -!- stdudz [~stdudz@cpc3-benw10-2-0-cust179.gate.cable.virginmedia.com] has quit [Ping timeout: 240 seconds] 11:37 -!- MarKsaitis [~MarKsaiti@cpc4-rdng22-2-0-cust932.15-3.cable.virginmedia.com] has joined #openvpn 11:39 -!- raidz [~raidz@openvpn/corp/admin/andrew] has quit [Ping timeout: 252 seconds] 11:41 -!- stdudz [~stdudz@93-97-250-212.zone5.bethere.co.uk] has joined #openvpn 11:49 -!- stdudz [~stdudz@93-97-250-212.zone5.bethere.co.uk] has quit [Ping timeout: 260 seconds] 12:01 < ecrist> EugeneKay: I am now. 12:02 -!- stdudz [~stdudz@93-97-250-212.zone5.bethere.co.uk] has joined #openvpn 12:11 -!- stdudz [~stdudz@93-97-250-212.zone5.bethere.co.uk] has quit [Ping timeout: 240 seconds] 12:19 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has quit [Quit: too late] 12:22 -!- Crumbz [~Crumbz@host-89-242-68-69.as13285.net] has quit [Quit: Leaving] 12:22 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has joined #openvpn 12:23 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has quit [Client Quit] 12:24 -!- stdudz [~stdudz@cpc3-benw10-2-0-cust179.gate.cable.virginmedia.com] has joined #openvpn 12:26 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has joined #openvpn 12:28 -!- stdudz [~stdudz@cpc3-benw10-2-0-cust179.gate.cable.virginmedia.com] has quit [Ping timeout: 240 seconds] 12:29 -!- kitharris [~meow@71.188.116.185] has joined #openvpn 12:41 -!- stdudz [~stdudz@93-97-250-212.zone5.bethere.co.uk] has joined #openvpn 12:45 -!- stdudz [~stdudz@93-97-250-212.zone5.bethere.co.uk] has quit [Ping timeout: 252 seconds] 12:53 -!- teratoma [~teratoma@i.dont.get.mad.i.get.stabby.net] has quit [Quit: leaving] 12:58 -!- radioxid [~radioxid@nlr28-1-78-237-60-197.fbx.proxad.net] has quit [Ping timeout: 268 seconds] 12:59 -!- radioxid [~radioxid@nlr28-1-78-237-60-197.fbx.proxad.net] has joined #openvpn 12:59 -!- stdudz [~stdudz@cpc3-benw10-2-0-cust179.gate.cable.virginmedia.com] has joined #openvpn 13:00 -!- radioxid [~radioxid@nlr28-1-78-237-60-197.fbx.proxad.net] has quit [Client Quit] 13:09 -!- stdudz [~stdudz@cpc3-benw10-2-0-cust179.gate.cable.virginmedia.com] has quit [Ping timeout: 260 seconds] 13:11 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Ping timeout: 255 seconds] 13:16 -!- nonotza [~nonotza@50-57-234-249.static.cloud-ips.com] has joined #openvpn 13:16 -!- stdudz [~stdudz@93-97-250-212.zone5.bethere.co.uk] has joined #openvpn 13:16 < nonotza> it seems like port 22 traffic on my vpn client is not being routed through the vpn. how can I fix that? 13:19 < krzie> its not based on port, its based on routing table 13:20 < krzie> if you're connecting to 22 on the vpn server, use the vpn ip 13:21 < nonotza> is this something that I configure in the openvpn client settings? 13:22 < krzie> what machine are you trying to reach through the vpn? 13:22 < krzie> the vpn server, a machine on the vpn server's lan, or a machine on the internet? 13:23 < nonotza> a machine on the internet 13:23 -!- JackWinter [~jack@vodsl-8990.vo.lu] has quit [Ping timeout: 240 seconds] 13:23 < krzie> you need to configure some stuff on the server, what OS is the server? 13:24 < nonotza> centos 13:24 < krzie> and post your configs like this: 13:24 < nonotza> I'm mucking about with the iptables 13:24 < krzie> !configs 13:24 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries 13:24 -!- JackWinter [~jack@vodsl-8990.vo.lu] has joined #openvpn 13:24 < krzie> and you will need to do this: 13:24 < krzie> !linnat 13:24 <@vpnHelper> "linnat" is (#1) for a basic iptables NAT where 10.8.0.x is the vpn network: iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE or (#2) to choose what IP address to NAT as, you can use iptables -t nat -I POSTROUTING -o eth0 -j SNAT --to or (#3) http://netfilter.org/documentation/HOWTO//NAT-HOWTO.html for more info or (#4) openvz see !openvzlinnat 13:24 < nonotza> I'll do that a minute - mind if I explain a little bit more? 13:25 < nonotza> because most of those are done 13:25 < krzie> after you post your configs 13:25 < nonotza> ok 13:28 < nonotza> client: OS X Lion, server: centos, openvpn v2.2 13:28 < nonotza> http://pastebin.com/8URQppzY 13:29 -!- JackWinter2 [~jack@vodsl-8990.vo.lu] has joined #openvpn 13:30 < nonotza> ok - so I have this line in my iptables: iptables -A INPUT -i eth0 -p tcp -s vpn_ip_address --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT 13:30 < nonotza> default policy is drop 13:30 -!- JackWinter [~jack@vodsl-8990.vo.lu] has quit [Ping timeout: 252 seconds] 13:31 -!- JackWinter2 [~jack@vodsl-8990.vo.lu] has quit [Read error: Connection reset by peer] 13:31 < nonotza> however it won't accept connection from my vpn ip address 13:31 -!- JackWinter2 [~jack@vodsl-8990.vo.lu] has joined #openvpn 13:31 < nonotza> when I add this line: iptables -I INPUT -p tcp -m tcp -s client_ip_address --dport 22 -j ACCEPT 13:31 < nonotza> I can log into the server via ssh just fine 13:33 < nonotza> if I connect to the vpn and try to connecting via ssh, the "Last login" prompt always shows the client IP address/hostname - even when I'm connected to the VPN 13:33 < rob0> so it would appear that the vpn_ip_address or client_ip_address (are they different? If munging BE CONSISTENT) is not coming in eth0 13:33 < nonotza> they are different 13:34 < nonotza> eth0 is the public nic 13:34 < krzie> vpn ip wont come over eth0 13:34 < krzie> vpn ip comes in over vpn adapter 13:34 < nonotza> tun0? 13:34 < krzie> most likely 13:34 < nonotza> ah ok 13:34 < nonotza> let me make that change 13:35 < krzie> but didnt you say that the machine you want to ssh to is out there on the internet, not the server or machine in servers lan... 13:36 -!- JackWinter3 [~jack@vodsl-8990.vo.lu] has joined #openvpn 13:37 < nonotza> I may have misunderstood - the vpn server and ssh server are the same box 13:37 -!- JackWinter2 [~jack@vodsl-8990.vo.lu] has quit [Ping timeout: 255 seconds] 13:37 < krzie> then you didnt need ip forwarding 13:37 < krzie> just ssh to the vpn ip 13:37 < krzie> 10.8.0.1 13:37 < krzie> anything else is a firewall problem 13:38 < nonotza> still timing out 13:38 < krzie> [15:37] anything else is a firewall problem 13:38 < nonotza> when I ssh into the vpn ip 13:38 < nonotza> here's the curious part though 13:39 < krzie> oh also check that ssh listens on that ip ;] 13:39 < krzie> like *:22 in your netstat -l 13:39 < krzie> -ln rather 13:40 < nonotza> on the server? 13:41 < krzie> yep 13:42 < nonotza> yes I see the foreign IP with port 22. 13:42 < krzie> ahh its the foreign ip? 13:42 < nonotza> oops 13:42 < nonotza> sorry 13:42 < nonotza> that was from the client 13:42 < krzie> not just *:22 ? 13:42 < krzie> heh 13:42 < nonotza> in the server I didn't see anything 13:43 < nonotza> output is different on the server 13:43 < nonotza> I see paths, states, I-node, etc 13:44 < nonotza> is I-node the port? 13:44 < nonotza> ah shit 13:44 < nonotza> sorry didn't read all of the output 13:44 < nonotza> it's listening on port 22 13:44 < krzie> well no shit 13:44 < nonotza> tcp 0 0 :::22 :::* LISTEN 13:44 < krzie> ok, its on * 13:44 < krzie> so ya, when firewall works, you can ssh to 10.8.0.1 13:45 < krzie> until you can, its your firewall 13:45 < nonotza> ok - here's something though 13:45 < nonotza> when I am connected through through the vpn client, the server thinks I'm coming from my normal client IP address - not the vpn ip address 13:46 < nonotza> that sounds like something is wrong with the routing on my client, no? 13:48 < nonotza> krzie? 13:48 < rob0> isn't that ipv6? 13:48 < krzie> cause you're connecting to the normal ip, not the vpn ip 13:48 < krzie> rob0, if hes listening to ipv6 *, hes listening to ipv4 * 13:49 < krzie> ssh doesnt have seperate listen config entries 13:49 < nonotza> ok that makes sense 13:51 <+EugeneKay> !topsecret 13:51 <@vpnHelper> "topsecret" is if your setup is so top secret that you cant post your configs or logs, please leave now and go find support you trust. 13:52 < krzie> he posted the configs 13:52 <+EugeneKay> Not for him :-p 13:52 < krzie> oh =] 13:52 <+EugeneKay> I was stealing the factoid 13:53 < krzie> thief! 13:53 < krzie> !factoids 13:53 <@vpnHelper> "factoids" is A semi-regularly updated dump of factoids database is available at http://www.secure-computing.net/factoids.php 13:53 < rob0> sigh, okay, I know when I'm not wanted 13:53 < krzie> echo "o hai!" > /dev/rob0 13:54 < rob0> but ... but ... my setup is so top secret that I can't post my configs or logs!! 13:54 < nonotza> I posted my config files 13:54 < nonotza> I just obscured the domain name 13:54 < krzie> [15:52] Not for him :-p 13:54 < krzie> [15:52] oh =] 13:54 < krzie> [15:52] I was stealing the factoid 13:54 < nonotza> I'm a little slow today. 13:54 < nonotza> If you couldn't tell. 13:55 < nonotza> *_* 13:56 < nonotza> ok - so I got ssh working now :) 13:56 < nonotza> thanks so much for the help krzie 13:57 < krzie> np 14:00 -!- corretico [~luis@190.211.93.11] has quit [Remote host closed the connection] 14:09 < nonotza> so krzie, I had access to a vpn at one point and i was able to access the server through ssh by using it's domain name - I didn't use the vpn ip address. I imagine after keys are added to the known_hosts, and if I connect to other vpns this way I'll have to remove previous keys from my known_hosts files 14:09 < nonotza> otherwise I'll get a man in the middle attack warning 14:11 < nonotza> I guess that's something to do with my firewall settings 14:13 -!- nonotza_ [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has joined #openvpn 14:17 -!- nonotza [~nonotza@50-57-234-249.static.cloud-ips.com] has quit [Ping timeout: 245 seconds] 14:17 -!- nonotza_ is now known as nonotza 14:21 < krzie> if its the same vpn ip, obviously 14:21 < krzie> i have many vpn's, no overlapping subnets tho :-p 14:22 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has joined #openvpn 14:22 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has quit [Changing host] 14:22 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 14:22 -!- mode/#openvpn [+v Axeman] by ChanServ 14:25 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Client Quit] 14:45 -!- MarKsaitis [~MarKsaiti@cpc4-rdng22-2-0-cust932.15-3.cable.virginmedia.com] has quit [Quit: Leaving] 14:48 -!- stdudz [~stdudz@93-97-250-212.zone5.bethere.co.uk] has quit [Ping timeout: 245 seconds] 14:48 -!- stdudz [~stdudz@cpc3-benw10-2-0-cust179.gate.cable.virginmedia.com] has joined #openvpn 14:50 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Quit: Computer has gone to sleep.] 15:08 -!- MeanderingCode [~Meanderin@97-123-13-2.albq.qwest.net] has joined #openvpn 15:13 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 15:16 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 15:21 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 15:59 <@vpnHelper> RSS Update - forum: I cannot get my openvpn client to connect to the server 16:20 -!- agagag_ [~anton@eudaimonia.goto10.org] has joined #openvpn 16:21 -!- gffa_ [~gffa@unaffiliated/gffa] has joined #openvpn 16:22 -!- gffa [~gffa@unaffiliated/gffa] has quit [Disconnected by services] 16:29 -!- kitharris [~meow@71.188.116.185] has quit [Ping timeout: 276 seconds] 16:38 -!- Netsplit *.net <-> *.split quits: agagag 16:41 -!- kitharris [~meow@71.188.116.185] has joined #openvpn 16:48 -!- zeshooem [~zee@108.162.156.19] has quit [] 16:55 -!- nonotza [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has quit [Ping timeout: 252 seconds] 16:56 -!- nonotza [~nonotza@50-57-234-249.static.cloud-ips.com] has joined #openvpn 17:24 -!- gffa_ is now known as gffa 17:27 -!- stdudz [~stdudz@cpc3-benw10-2-0-cust179.gate.cable.virginmedia.com] has quit [Ping timeout: 255 seconds] 17:33 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has joined #openvpn 17:33 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has quit [Changing host] 17:33 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 17:33 -!- mode/#openvpn [+v Axeman] by ChanServ 17:48 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has joined #openvpn 17:52 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has joined #openvpn 18:00 <@vpnHelper> RSS Update - forum: Theoretical setup 18:12 <@vpnHelper> RSS Update - forum: Newbee Help Please 18:18 <@vpnHelper> RSS Update - forum: Can´t connect to VPN 18:22 -!- APTX_ is now known as APTX 18:25 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has quit [Quit: too late] 18:30 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has joined #openvpn 18:52 -!- corretico [~luis@190.211.93.11] has joined #openvpn 18:56 -!- radioxid [~radioxid@nlr28-1-78-237-60-197.fbx.proxad.net] has joined #openvpn 19:03 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Ping timeout: 248 seconds] 19:08 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has joined #openvpn 19:08 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has quit [Changing host] 19:08 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 19:08 -!- mode/#openvpn [+v Axeman] by ChanServ 19:14 <+JodaZ> can i disable "TEST ROUTES" ? 19:15 < krzee> whats the real problem 19:19 * Olipro disables krzee in the test icles 19:20 -!- tekzilla [~jon@hmbg-4d06f5da.pool.mediaWays.net] has quit [Read error: Operation timed out] 19:21 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has quit [Remote host closed the connection] 19:24 -!- tekzilla [~jon@hmbg-5f7624ab.pool.mediaWays.net] has joined #openvpn 19:47 -!- radioxid [~radioxid@nlr28-1-78-237-60-197.fbx.proxad.net] has quit [Quit: Computer has gone to sleep] 19:56 -!- _julian [~quassel@hmbg-5f77ef31.pool.mediaWays.net] has joined #openvpn 19:57 -!- _julian_ [~quassel@hmbg-5f77d30b.pool.mediaWays.net] has quit [Ping timeout: 244 seconds] 20:08 -!- Gravitron [~admin@76.92.159.145] has joined #openvpn 20:08 -!- Gravitron [~admin@76.92.159.145] has quit [Changing host] 20:08 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 20:14 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Remote host closed the connection] 20:37 <@vpnHelper> RSS Update - forum: OpenVPN hickups with Remote Printers for MS RDP 20:40 -!- nonotza_ [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has joined #openvpn 20:44 -!- nonotza [~nonotza@50-57-234-249.static.cloud-ips.com] has quit [Ping timeout: 245 seconds] 20:44 -!- nonotza_ is now known as nonotza 20:55 -!- Cr4zi3 [killaz@crazie2-1-pt.tunnel.tserv12.mia1.ipv6.he.net] has joined #openvpn 21:04 -!- nonotza [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has quit [Ping timeout: 240 seconds] 21:04 -!- nonotza [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has joined #openvpn 21:13 <@vpnHelper> RSS Update - forum: Accessing OpenVPN server from its public IP 21:15 -!- nonotza_ [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has joined #openvpn 21:15 -!- nonotza [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has quit [Read error: Connection reset by peer] 21:15 -!- nonotza_ is now known as nonotza 21:18 -!- mohi666 [~mohi@c-76-103-53-145.hsd1.ca.comcast.net] has joined #openvpn 21:19 < mohi666> I've installed OpenVPN on my arch linux 21:19 < mohi666> I can connect to it from my LAN network, but get an error when trying to connect to it from a public IP 21:19 < mohi666> any idea what could be wrong? 21:24 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Ping timeout: 248 seconds] 21:24 <@vpnHelper> RSS Update - forum: Can't Access Admin Web UI ?? 21:37 <@vpnHelper> RSS Update - forum: Can't Access Admin Web UI ... ?? 21:43 <@vpnHelper> RSS Update - forum: [SOLVED] Accessing OpenVPN server from its public IP 21:49 <@vpnHelper> RSS Update - forum: Can´t connect to VPN 21:50 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has joined #openvpn 21:50 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has quit [Changing host] 21:50 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 21:50 -!- mode/#openvpn [+v Axeman] by ChanServ 21:56 -!- mohi666 [~mohi@c-76-103-53-145.hsd1.ca.comcast.net] has quit [Quit: Leaving] 21:59 -!- nonotza [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has quit [Ping timeout: 252 seconds] 22:02 -!- nonotza [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has joined #openvpn 22:06 -!- nonotza_ [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has joined #openvpn 22:07 -!- nonotza [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has quit [Ping timeout: 248 seconds] 22:07 -!- nonotza_ is now known as nonotza 22:26 -!- kitharris [~meow@71.188.116.185] has quit [Remote host closed the connection] 22:27 -!- Autoeth [~nguyendp0@ip98-165-34-222.ph.ph.cox.net] has joined #openvpn 22:31 -!- ColonelPanik [~panik@fiber-64-130-86-196.yucca.net] has joined #openvpn 22:31 < ColonelPanik> Help please, what is NT Domain? 22:32 -!- nonotza [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has quit [Ping timeout: 244 seconds] 22:32 <+Axeman> whoa. 22:32 < Autoeth> You mean microsoft Domain ? 22:33 < ColonelPanik> It is asking on the Network connection info. Linux Mint 22:34 < Autoeth> Sorry i never used Linux Mint so i wouldn't know what they want there. 22:34 < Autoeth> but my guess would be to put the domain there the one that you are part of your network 22:35 < Autoeth> but this is openvpn channel maybe a linux mint channel would be better for your question ? 22:36 < ColonelPanik> I am trying to set up openVPN 22:37 < Autoeth> ok yah i am sorry i still wouldn't know i never came across that. 22:38 < Autoeth> Hopefully someone else here can help you. Wait a little bit. 22:38 < ColonelPanik> Okay, thanks. 22:40 -!- nonotza [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has joined #openvpn 22:43 -!- nonotza_ [~nonotza@50-57-234-249.static.cloud-ips.com] has joined #openvpn 22:45 -!- nonotza [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has quit [Ping timeout: 248 seconds] 22:45 -!- nonotza_ is now known as nonotza 22:53 -!- nonotza [~nonotza@50-57-234-249.static.cloud-ips.com] has quit [Read error: Connection reset by peer] 22:53 -!- nonotza [~nonotza@50-57-234-249.static.cloud-ips.com] has joined #openvpn 22:57 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 22:57 -!- MeanderingCode_ [~Meanderin@97-123-13-2.albq.qwest.net] has joined #openvpn 22:57 -!- MeanderingCode_ [~Meanderin@97-123-13-2.albq.qwest.net] has quit [Read error: Connection reset by peer] 22:59 -!- MeanderingCode [~Meanderin@97-123-13-2.albq.qwest.net] has quit [Ping timeout: 268 seconds] 23:03 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Quit: Sorry Gotta Run!] 23:12 < nonotza> I have a site that's located on the same server as a vpn. when the client is connected to the vpn, it can access the site at 10.8.0.1 (private vpn address) but it can't access it through it's domain name 23:12 < nonotza> I added a /etc/hosts entry that maps the domain name to the private ip address but that doesn't seem to do the trick 23:13 < nonotza> is this a firewall issue? any ideas? 23:40 -!- nonotza [~nonotza@50-57-234-249.static.cloud-ips.com] has quit [Read error: Connection reset by peer] 23:41 -!- nonotza [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has joined #openvpn 23:41 -!- nonotza [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has quit [Client Quit] 23:48 <@vpnHelper> RSS Update - forum: IGMP --- Day changed Sun Jan 15 2012 00:57 -!- hilarie [~freenode@95.211.150.180] has joined #openvpn 00:58 < hilarie> could anyone point me in the right direction, to put the keys right in the configuration file, like AS does? 01:08 <+EugeneKay> It's a code change. 01:31 < hilarie> can I just go ca ? 01:32 < hilarie> would it be ca (gibberish) or ca Begin Cert, (gibberish) end cert? 01:47 <+EugeneKay> No, the code required to do that does not exist in the FOSS openvpn. 01:48 < hilarie> AS only thing? 01:48 <+EugeneKay> Correct. 01:49 < hilarie> bleh, I only want 3 connections... I wish they'd let you buy less then 10 01:50 * EugeneKay shrugs 01:50 <+EugeneKay> It's a silly feature, IMO. 01:53 < hilarie> any theories an where the logs might be going on a ubuntu system on the client side, and is there a way to force them into the folder you are running it from? 01:54 < hyper_ch> you mean like the log_file directive or somethign? 01:54 <+EugeneKay> If you're running it as a service(using the default init scripts), probably syslog. See ---log 01:55 -!- JoeyJoeJo [~brian@pool-173-71-223-79.clppva.fios.verizon.net] has quit [Read error: Connection reset by peer] 01:55 -!- JoeyJoeJo [~brian@pool-173-71-223-79.clppva.fios.verizon.net] has joined #openvpn 01:55 -!- JoeyJoeJo [~brian@pool-173-71-223-79.clppva.fios.verizon.net] has quit [Read error: Connection reset by peer] 01:55 -!- JoeyJoeJo [~brian@pool-173-71-223-79.clppva.fios.verizon.net] has joined #openvpn 01:55 < hyper_ch> or rather: log /path/to/logfile 01:56 < hilarie> its not running as an init script, just doing sudo openvpn --config client.ovpn --script-security 2 01:57 < hilarie> hyper_ch add log /this/is/where/i/will/fine/thelogfile.txt? 01:58 < hyper_ch> yes 01:58 < hilarie> got a fair (cab driver) bbl 01:58 < hyper_ch> and you could also alter verbosity 02:26 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Quit: UnterPerro lives to save another day] 02:48 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 03:06 -!- radioxid [~radioxid@nlr28-1-78-237-60-197.fbx.proxad.net] has joined #openvpn 03:58 -!- DarthGandalf [~Vetinari@znc/developer/DarthGandalf] has quit [Read error: Connection reset by peer] 04:03 -!- DarthGandalf [~Vetinari@znc/developer/DarthGandalf] has joined #openvpn 04:19 -!- hilarie [~freenode@95.211.150.180] has quit [Quit: hilarie] 04:20 -!- hilarie [~freenode@95.211.150.180] has joined #openvpn 04:22 -!- master_of_master [~master_of@p57B54777.dip.t-dialin.net] has quit [Ping timeout: 276 seconds] 04:24 -!- master_of_master [~master_of@p57B54634.dip.t-dialin.net] has joined #openvpn 04:25 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has joined #openvpn 04:49 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has joined #openvpn 05:02 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has quit [Remote host closed the connection] 05:02 -!- Autoeth [~nguyendp0@ip98-165-34-222.ph.ph.cox.net] has quit [Quit: jIRCii - http://www.oldschoolirc.com] 05:35 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has joined #openvpn 05:39 -!- Essobi [~Essobi@74-128-55-37.dhcp.insightbb.com] has quit [Read error: Connection reset by peer] 05:39 -!- Essobi [~Essobi@74-128-55-37.dhcp.insightbb.com] has joined #openvpn 05:42 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 06:48 <@vpnHelper> RSS Update - forum: OpenVPN client for the iPhone and iPad 07:32 -!- DarthGandalf [~Vetinari@znc/developer/DarthGandalf] has quit [Ping timeout: 260 seconds] 07:48 -!- DarthGandalf [~Vetinari@znc/developer/DarthGandalf] has joined #openvpn 07:52 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has quit [Remote host closed the connection] 08:18 -!- DarthGandalf [~Vetinari@znc/developer/DarthGandalf] has quit [Read error: Connection reset by peer] 08:22 -!- DarthGandalf [~Vetinari@znc/developer/DarthGandalf] has joined #openvpn 08:44 -!- DarthGandalf [~Vetinari@znc/developer/DarthGandalf] has quit [Ping timeout: 255 seconds] 08:45 -!- DarthGandalf [~Vetinari@2001:470:25:7cd::20:1] has joined #openvpn 08:45 -!- DarthGandalf [~Vetinari@2001:470:25:7cd::20:1] has quit [Changing host] 08:45 -!- DarthGandalf [~Vetinari@znc/developer/DarthGandalf] has joined #openvpn 09:05 -!- JackWinter3 [~jack@vodsl-8990.vo.lu] has quit [Quit: Konversation terminated!] 09:19 <@vpnHelper> RSS Update - forum: Proper support for duplicate iroutes. 09:31 -!- JackWinter [~jack@vodsl-10245.vo.lu] has joined #openvpn 09:35 -!- newl [~newl@97.75.165.156] has joined #openvpn 09:58 -!- radioxid [~radioxid@nlr28-1-78-237-60-197.fbx.proxad.net] has quit [Quit: Computer has gone to sleep] 10:03 -!- radioxid [~radioxid@nlr28-1-78-237-60-197.fbx.proxad.net] has joined #openvpn 10:06 -!- pierreghz [~pierreghz@cust-94-126-111-94.dyn.as47377.net] has joined #openvpn 10:13 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has quit [Read error: Connection reset by peer] 10:45 -!- resha [b816b6f6@gateway/web/freenode/ip.184.22.182.246] has joined #openvpn 10:46 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Quit: Textual IRC Client: http://www.textualapp.com/] 10:46 -!- Gravitron [~admin@76.92.159.145] has joined #openvpn 10:46 -!- Gravitron [~admin@76.92.159.145] has quit [Changing host] 10:46 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 10:52 -!- vpopov [~happylife@dyn-58-233.fttbee.kis.ru] has joined #openvpn 10:53 -!- resha [b816b6f6@gateway/web/freenode/ip.184.22.182.246] has quit [Quit: Page closed] 11:01 -!- radioxid [~radioxid@nlr28-1-78-237-60-197.fbx.proxad.net] has quit [Quit: Computer has gone to sleep] 11:01 -!- resha [~rave@184.22.182.246] has joined #openvpn 11:02 < resha> guys my isp uses mtu 1266, should I also change my mtu to 1266? 11:05 < krzie> !mtu 11:05 <@vpnHelper> "mtu" is (#1) see --mtu-test to learn how to test your MTU settings. Basically you just use --mtu-test in your normal client config or (#2) mtu debugging guide: http://www.secure-computing.net/wiki/index.php/OpenVPN/Troubleshooting 11:05 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has joined #openvpn 11:05 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has quit [Changing host] 11:06 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 11:06 -!- mode/#openvpn [+v Axeman] by ChanServ 11:13 -!- resha [~rave@184.22.182.246] has quit [] 11:18 -!- vpopov [~happylife@dyn-58-233.fttbee.kis.ru] has quit [Ping timeout: 260 seconds] 11:20 < newl> why does his isp use 1266? 11:22 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has joined #openvpn 11:30 < Olipro> that's not even on a 4 byte alignment 11:35 -!- resha [~rave@184.22.182.246] has joined #openvpn 11:36 < resha> krzie, i put mtu-test on my client config for testing purposes and its result was (1633,1633) while with speedguide.net, it shows that my isp router is using 1266. what to do here? 11:37 < resha> MTU = 1266 11:37 < resha> MTU is not fully optimized for broadband. Consider increasing your MTU to 1500 for better throughput. If you are using a router, it could be limiting your MTU regardless of Registry settings. 11:37 < resha> What should I do now? 11:41 < newl> what is the number in the ifconfig 11:42 < resha> Im using windows xp newl. What do you mean number in the ifconfig? 11:45 < newl> oh does ipifconfig ? show mtu 11:46 < resha> ipifconfig? 11:52 -!- resha [~rave@184.22.182.246] has quit [] 11:55 -!- tazzmn [~tazz@host-22-163-111-24.midco.net] has joined #openvpn 11:56 < tazzmn> say i got a question. I got mysql and pam_mysql installed. Trying to get openvpn to connect to it threw the db….it comes back AUTH DENIED in the openvpn log files 12:00 < krzie> change the script to give debug info or something 12:01 < krzie> basically, all openvpn cares about is exit status 12:01 < krzie> if it exits success, login is ok 12:01 < krzie> if it exits fail, AUTH DENIED 12:02 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 12:02 < tazzmn> all i have is the config file for openvpn and mysql under /etc/pam.d 12:05 < krzie> nothing in the database...? 12:05 < krzie> ;] 12:05 < tazzmn> lol sorry left that one out…I got a vpn database 12:05 < krzie> but ya i dunno, ild try doing what the script does manually and debugging it 12:05 < krzie> its not an openvpn issue, that i can assure you 12:06 < krzie> when using secondary auth, openvpn doesnt care about anything except the exit status of your script 12:06 < tazzmn> so its pam_mysql that probably has the issue 12:06 < krzie> if it did nothing more than exit without error, login would be allowed 12:06 < krzie> i dunno, which is why i would debug 12:07 < krzie> if i could tell you what it is i wouldnt bother debugging ;] 12:08 -!- dioz [~dioz@2001:470:d:e3::1] has joined #openvpn 12:09 < tazzmn> otays i got the debug level up to 6 and watching it 12:09 < krzie> no no 12:09 < krzie> not openvpn debug 12:09 < krzie> [14:00] change the script to give debug info or something 12:09 < krzie> [14:01] basically, all openvpn cares about is exit status 12:09 < krzie> [14:01] if it exits success, login is ok 12:09 < krzie> [14:01] if it exits fail, AUTH DENIED 12:09 < krzie> [14:05] but ya i dunno, ild try doing what the script does manually and debugging it 12:09 < krzie> [14:05] its not an openvpn issue, that i can assure you 12:09 < krzie> you dont need to debug openvpn, lol 12:10 < tazzmn> debug the script? 12:11 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has joined #openvpn 12:11 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 12:12 < krzie> ok listen carefully 12:13 < krzie> the script is exiting with failure status 12:13 < krzie> that is ALL openvpn knows or cares about 12:13 < krzie> the problem is not in openvpn, so you cant find thr problem by debugging openvpn 12:15 < tazzmn> ok i do understand that 12:16 -!- roentgen [~arthur@openvpn/community/support/roentgen] has joined #openvpn 12:16 < krzie> figure out what the script is doing, see why it doesnt work, fix it ;] 12:16 < krzie> could be your db 12:16 < krzie> could be your pam config 12:16 < tazzmn> i am thinking pam config 12:17 < rob0> You no go making hand party with Miss Pamela! 12:20 < tazzmn> i don't think its db cause this db was one from a old server migrated over 12:24 < krzie> heh, never problems with db migrations, right? ;] 12:24 < tazzmn> usually not…always a possibility 12:26 < krzie> troubleshooting is the systematic elimination of those possibilities 12:26 < krzie> ;] 12:27 < tazzmn> well i enabled the logs for errors and access for mysql and I haven't seen either post anything 12:27 < krzie> logs of what? 12:27 < krzie> heh 12:27 < tazzmn> the access and error logs of mysql 12:28 < krzie> logs of mysql access showed nothing accessing the db? 12:28 < krzie> shouldnt that be a clue...? 12:28 < tazzmn> just now to troubleshoot why pam_mysql isn't working properly 12:29 < krzie> so make a connection to the db with all info you gave pam 12:29 < tazzmn> that does work…already did that 12:29 < krzie> now do it through pam 12:29 < tazzmn> how do i do it threw pam? 12:29 < krzie> dunno, never needed to care about it 12:29 < krzie> try looking at your script 12:33 < tazzmn> ok i think i ran into the issue…tried to pull up the connection by copying and pasting the line into the shell and it came back Segmentation fault 12:37 -!- Tick-Tock [~Tick-Tock@lunari.us] has quit [Remote host closed the connection] 12:39 -!- Tick-Tock [~Tick-Tock@lunari.us] has joined #openvpn 12:48 -!- mattock [~samuli@openvpn/corp/admin/mattock] has joined #openvpn 12:48 -!- mode/#openvpn [+o mattock] by ChanServ 13:00 -!- roentgen [~arthur@openvpn/community/support/roentgen] has quit [Quit: Konversation terminated!] 13:03 -!- Tick-Tock [~Tick-Tock@lunari.us] has quit [Remote host closed the connection] 13:05 -!- Tick-Tock [~Tick-Tock@lunari.us] has joined #openvpn 13:08 <@vpnHelper> RSS Update - forum: Multiple VPN (Cisco and openvpn) 1 WAN IP || using tls-auth with multiple clients || Routing to VPN stil not working with Open VPN2.2.2 13:08 -!- ColonelPanik [~panik@fiber-64-130-86-196.yucca.net] has left #openvpn ["Leaving"] 13:14 <@vpnHelper> RSS Update - forum: I cannot get my openvpn client to connect to the server 13:17 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Ping timeout: 248 seconds] 13:24 -!- newl [~newl@97.75.165.156] has quit [Quit: Lost terminal] 13:25 -!- newl [~newl@97.75.165.156] has joined #openvpn 13:49 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Quit: Computer has gone to sleep.] 13:49 <@vpnHelper> RSS Update - forum: pfsense as client, linux as server 13:50 -!- pierreghz [~pierreghz@cust-94-126-111-94.dyn.as47377.net] has quit [Quit: Quitte] 13:54 -!- bigpaws [~bigpaws@c-68-37-125-150.hsd1.nj.comcast.net] has quit [Ping timeout: 240 seconds] 14:16 -!- sPiN [~sPiN@opensuse/member/jcspin247] has quit [Ping timeout: 255 seconds] 14:16 -!- bigpaws [~bigpaws@c-68-37-125-150.hsd1.nj.comcast.net] has joined #openvpn 14:18 -!- sPiN [~sPiN@opensuse/member/jcspin247] has joined #openvpn 14:21 -!- bigpaws [~bigpaws@c-68-37-125-150.hsd1.nj.comcast.net] has quit [Ping timeout: 240 seconds] 14:23 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has quit [Read error: Connection reset by peer] 14:27 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has joined #openvpn 14:35 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 14:41 -!- newl [~newl@97.75.165.156] has quit [Quit: leaving] 14:43 -!- tazzmn [~tazz@host-22-163-111-24.midco.net] has quit [Quit: tazzmn] 14:51 <@vpnHelper> RSS Update - forum: pfsense as client, linux as server 15:01 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Quit: Rolybrau] 15:03 <@vpnHelper> RSS Update - forum: Newbee Help Please 15:04 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 15:11 -!- MeanderingCode [~Meanderin@97-123-13-2.albq.qwest.net] has joined #openvpn 15:20 -!- nonotza [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has joined #openvpn 15:23 -!- JoeyJoeJo [~brian@pool-173-71-223-79.clppva.fios.verizon.net] has quit [Quit: Leaving] 16:03 -!- nonotza [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has quit [Ping timeout: 248 seconds] 16:06 -!- nonotza [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has joined #openvpn 16:11 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has quit [Quit: Leaving] 16:11 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has joined #openvpn 16:16 -!- nonotza [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has quit [Ping timeout: 268 seconds] 16:19 -!- nonotza [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has joined #openvpn 16:24 -!- nonotza_ [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has joined #openvpn 16:24 -!- nonotza [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has quit [Ping timeout: 244 seconds] 16:24 -!- nonotza_ is now known as nonotza 16:25 -!- nonotza [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has quit [Client Quit] 16:26 -!- bigpaws [~bigpaws@c-68-37-125-150.hsd1.nj.comcast.net] has joined #openvpn 16:28 <@vpnHelper> RSS Update - forum: Openbsd/openvpn nat/route-to/pf issue 16:28 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has quit [Ping timeout: 255 seconds] 16:30 -!- bigpaws [~bigpaws@c-68-37-125-150.hsd1.nj.comcast.net] has quit [Ping timeout: 240 seconds] 16:31 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has joined #openvpn 16:39 -!- bigpaws [~bigpaws@c-68-37-125-150.hsd1.nj.comcast.net] has joined #openvpn 17:13 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has quit [Read error: No route to host] 17:14 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has joined #openvpn 17:16 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has joined #openvpn 17:16 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has quit [Changing host] 17:16 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 17:16 -!- mode/#openvpn [+v Axeman] by ChanServ 17:17 -!- Denial [Denial@drgi.co.uk] has quit [] 17:19 -!- futurestack [~o_o@unaffiliated/futurestack] has quit [Ping timeout: 260 seconds] 17:21 -!- futurestack [~o_o@unaffiliated/futurestack] has joined #openvpn 17:21 -!- caemir [~caemir@unaffiliated/caemir] has quit [Quit: ZNC - http://znc.sourceforge.net] 17:21 -!- caemir [~caemir@78.129.43.30] has joined #openvpn 17:21 -!- caemir [~caemir@78.129.43.30] has quit [Changing host] 17:21 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 17:22 -!- oc80z [~oc80z@openvpn/user/oc80z] has quit [Excess Flood] 17:22 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 17:22 -!- oc80z [oc80z@blea.ch] has joined #openvpn 17:34 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has quit [Remote host closed the connection] 17:37 -!- diffen3 [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has joined #openvpn 17:39 -!- MeanderingCode_ [~Meanderin@97-123-13-2.albq.qwest.net] has joined #openvpn 17:39 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 17:40 -!- MeanderingCode [~Meanderin@97-123-13-2.albq.qwest.net] has quit [Ping timeout: 252 seconds] 17:40 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 17:40 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has quit [Ping timeout: 268 seconds] 17:41 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has quit [Quit: too late] 18:04 -!- corretico [~luis@190.211.93.11] has quit [Ping timeout: 240 seconds] 18:06 -!- JoeyJoeJo [~brian@pool-173-71-223-79.clppva.fios.verizon.net] has joined #openvpn 18:07 < JoeyJoeJo> I've got a site to site connection set up and my client can ping the network behind the server. However, I can't ping from my server network to my client network. How can I fix that? 18:12 < krzee> can the server ping the client network? 18:13 -!- arooni-mobile [~arooni-mo@200.32.253.72] has joined #openvpn 18:13 < JoeyJoeJo> let me check 18:14 < JoeyJoeJo> No 18:15 < JoeyJoeJo> I can ping the client's tun0, but it doesn't get any further than that 18:15 < krzee> ip forwarding enabled? 18:15 < JoeyJoeJo> In the client or server? 18:17 < krzee> well which one isnt forwarding between its interfaces...? 18:17 < krzee> you said you cant even ping client's eth0 ip, right? 18:17 -!- corretico [~luis@190.211.93.11] has joined #openvpn 18:24 -!- arooni-mobile__ [~arooni-mo@200.32.253.72] has joined #openvpn 18:24 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Ping timeout: 248 seconds] 18:24 -!- arooni-mobile__ [~arooni-mo@200.32.253.72] has quit [Read error: Connection reset by peer] 18:25 -!- arooni-mobile__ [~arooni-mo@200.32.253.72] has joined #openvpn 18:26 -!- arooni-mobile [~arooni-mo@200.32.253.72] has quit [Ping timeout: 252 seconds] 18:31 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 18:32 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 18:32 -!- resha [7a022e4c@gateway/web/freenode/ip.122.2.46.76] has joined #openvpn 18:33 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has joined #openvpn 18:33 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has quit [Changing host] 18:33 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 18:33 -!- mode/#openvpn [+v Axeman] by ChanServ 18:33 < resha> Hello there, my ISP is using 1266 mtu and with mtu-test, I get result (1633,1633). What should I do ? what mtu should I follow? 18:34 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Quit: Rolybrau] 18:37 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 18:40 -!- bigpaws [~bigpaws@c-68-37-125-150.hsd1.nj.comcast.net] has quit [Ping timeout: 240 seconds] 18:40 -!- sPiN [~sPiN@opensuse/member/jcspin247] has quit [Remote host closed the connection] 18:40 -!- arooni-mobile__ [~arooni-mo@200.32.253.72] has quit [Ping timeout: 240 seconds] 18:40 -!- bigpaws [~bigpaws@c-68-37-125-150.hsd1.nj.comcast.net] has joined #openvpn 18:46 -!- resha [7a022e4c@gateway/web/freenode/ip.122.2.46.76] has quit [Quit: Page closed] 18:54 <@vpnHelper> RSS Update - forum: How to Set Admin Web UI port on start up ?? 19:11 < krzee> every time i try to answer resha hes gone, i hate webchat users 19:18 <@vpnHelper> RSS Update - forum: No Internet Connection on QNAP 19:23 -!- tekzilla [~jon@hmbg-5f7624ab.pool.mediaWays.net] has quit [Ping timeout: 252 seconds] 19:24 -!- p3rror [~mezgani@2001:470:1f0b:c66:1::2] has joined #openvpn 19:25 -!- tekzilla [~jon@hmbg-4d069783.pool.mediaWays.net] has joined #openvpn 19:26 -!- JustMe [~JustMe@68-118-11-210.static.hlrg.nc.charter.com] has joined #openvpn 19:27 -!- JustMe is now known as Guest5829 19:29 -!- Guest5829 [~JustMe@68-118-11-210.static.hlrg.nc.charter.com] has left #openvpn [] 19:29 <@vpnHelper> RSS Update - forum: OpenVPN in WinCE 19:30 -!- p3rror [~mezgani@2001:470:1f0b:c66:1::2] has quit [Quit: Leaving] 19:38 -!- Guest5829 [~JustMe@68-118-11-210.static.hlrg.nc.charter.com] has joined #openvpn 19:39 -!- Guest5829 [~JustMe@68-118-11-210.static.hlrg.nc.charter.com] has quit [Quit: Leaving] 19:53 -!- _julian_ [~quassel@hmbg-4d069556.pool.mediaWays.net] has joined #openvpn 19:54 -!- _julian [~quassel@hmbg-5f77ef31.pool.mediaWays.net] has quit [Read error: Operation timed out] 19:54 -!- diffen3 [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has quit [Quit: This computer has gone to sleep] 19:55 -!- Tick-Tock [~Tick-Tock@lunari.us] has quit [Ping timeout: 260 seconds] 19:56 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 19:57 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 19:59 -!- Tick-Tock [~Tick-Tock@lunari.us] has joined #openvpn 20:00 -!- corretico [~luis@190.211.93.11] has quit [Ping timeout: 240 seconds] 20:09 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Ping timeout: 252 seconds] 20:12 -!- corretico [~luis@190.211.93.11] has joined #openvpn 20:25 -!- DarthGandalf [~Vetinari@znc/developer/DarthGandalf] has quit [Ping timeout: 260 seconds] 20:32 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 20:32 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Remote host closed the connection] 20:32 -!- DarthGandalf [~Vetinari@znc/developer/DarthGandalf] has joined #openvpn 20:35 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 20:41 -!- DarthGandalf [~Vetinari@znc/developer/DarthGandalf] has quit [Ping timeout: 252 seconds] 20:45 -!- DarthGandalf [~Vetinari@znc/developer/DarthGandalf] has joined #openvpn 20:54 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Ping timeout: 248 seconds] 21:04 -!- MeanderingCode_ [~Meanderin@97-123-13-2.albq.qwest.net] has quit [Read error: Connection reset by peer] 21:15 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has joined #openvpn 21:15 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has quit [Changing host] 21:15 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 21:15 -!- mode/#openvpn [+v Axeman] by ChanServ 21:20 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Ping timeout: 248 seconds] 21:29 -!- bigpaws [~bigpaws@c-68-37-125-150.hsd1.nj.comcast.net] has quit [Ping timeout: 240 seconds] 21:35 <@vpnHelper> RSS Update - forum: IPTABLES secure Internet tunnel 21:39 -!- bigpaws [~bigpaws@c-68-37-125-150.hsd1.nj.comcast.net] has joined #openvpn 22:03 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has joined #openvpn 22:03 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has quit [Changing host] 22:03 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 22:03 -!- mode/#openvpn [+v Axeman] by ChanServ 22:23 -!- bigpaws [~bigpaws@c-68-37-125-150.hsd1.nj.comcast.net] has quit [Ping timeout: 240 seconds] 22:40 -!- X0Rc0re [~chatzilla@58-7-182-114.dyn.iinet.net.au] has joined #openvpn 22:47 <@vpnHelper> RSS Update - forum: Broadcasts using tun 23:19 -!- JoeK [~Joseph@ip-66-228-36-238.makaiwell.com] has quit [Quit: ZNC - http://znc.in] 23:19 -!- JoeK [~Joseph@node1-eros.hostftw.com] has joined #openvpn 23:23 <@vpnHelper> RSS Update - forum: redirect traffic to tunnel of one out of 2 network adapter 23:26 -!- JackWinter2 [~jack@vodsl-9465.vo.lu] has joined #openvpn 23:28 -!- JackWinter [~jack@vodsl-10245.vo.lu] has quit [Ping timeout: 252 seconds] 23:28 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 23:34 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Quit: Sorry Gotta Run!] 23:51 <@vpnHelper> RSS Update - forum: Want to establish VPN in a Organization Pease Help --- Day changed Mon Jan 16 2012 00:05 -!- X0Rc0re [~chatzilla@58-7-182-114.dyn.iinet.net.au] has quit [Quit: ChatZilla 0.9.88 [Firefox 8.0.1/20111120135848]] 00:13 -!- diffen3 [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has joined #openvpn 00:22 -!- diffen3 [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has quit [Quit: This computer has gone to sleep] 00:23 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has joined #openvpn 00:27 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has quit [Ping timeout: 260 seconds] 00:44 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 00:55 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has joined #openvpn 00:59 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 01:11 -!- APTX [APTX@unaffiliated/aptx] has quit [Read error: Connection reset by peer] 01:11 -!- APTX [APTX@unaffiliated/aptx] has joined #openvpn 01:22 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 01:27 <@vpnHelper> RSS Update - forum: redirect traffic to tunnel of one out of 2 network adapter 01:29 -!- Diffen [~diffen@210.152.241.83.in-addr.dgcsystems.net] has joined #openvpn 01:33 <@vpnHelper> RSS Update - forum: Broadcasts using tun 01:39 <@vpnHelper> RSS Update - forum: No Internet Connection on QNAP 01:47 -!- JackWinter2 [~jack@vodsl-9465.vo.lu] has quit [Ping timeout: 260 seconds] 01:52 -!- bigpaws [~bigpaws@c-68-37-125-150.hsd1.nj.comcast.net] has joined #openvpn 01:56 -!- X0Rc0re [~chatzilla@124-169-46-85.dyn.iinet.net.au] has joined #openvpn 02:14 -!- Diffen [~diffen@210.152.241.83.in-addr.dgcsystems.net] has quit [Quit: This computer has gone to sleep] 02:14 -!- JackWinter2 [~jack@ppp-289.vo.lu] has joined #openvpn 02:20 -!- dazo_afk is now known as dazo 02:21 <@vpnHelper> RSS Update - forum: one Public IP => multiple VLANs (one per department) 02:23 -!- JackWinter2 [~jack@ppp-289.vo.lu] has quit [Ping timeout: 240 seconds] 02:38 -!- JackWinter [~jack@ppp-289.vo.lu] has joined #openvpn 02:39 <@vpnHelper> RSS Update - forum: openvpn Management HELP 02:43 -!- bigpaws [~bigpaws@c-68-37-125-150.hsd1.nj.comcast.net] has quit [Ping timeout: 240 seconds] 02:45 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Quit: UnterPerro lives to save another day] 02:45 <@vpnHelper> RSS Update - forum: No Internet Connection on QNAP 02:46 -!- Azrael808 [~peter@212.161.9.162] has joined #openvpn 02:48 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has joined #openvpn 03:03 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 03:10 -!- X0Rc0re [~chatzilla@124-169-46-85.dyn.iinet.net.au] has quit [Quit: ChatZilla 0.9.88 [Firefox 8.0.1/20111120135848]] 03:18 <@vpnHelper> RSS Update - forum: Bridge client gets gateway from DHCP despite server-bridge || No Internet Connection on QNAP 03:32 -!- catsup [~d@ps38852.dreamhost.com] has quit [Remote host closed the connection] 03:32 -!- catsup [~d@ps38852.dreamhost.com] has joined #openvpn 03:32 -!- catsup [~d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer] 03:34 -!- JackWinter [~jack@ppp-289.vo.lu] has quit [Read error: Connection reset by peer] 03:34 -!- JackWinter2 [~jack@ppp-289.vo.lu] has joined #openvpn 03:42 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn 03:44 -!- bigpaws [~bigpaws@c-68-37-125-150.hsd1.nj.comcast.net] has joined #openvpn 03:44 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 03:45 -!- JackWinter2 [~jack@ppp-289.vo.lu] has quit [Quit: Konversation terminated!] 03:45 -!- JackWinter3 [~jack@ppp-289.vo.lu] has joined #openvpn 03:49 <@vpnHelper> RSS Update - forum: Porting OpenVpn Client only 03:52 -!- JackWinter4 [~jack@ppp-289.vo.lu] has joined #openvpn 03:52 -!- JackWinter3 [~jack@ppp-289.vo.lu] has quit [Quit: Konversation terminated!] 03:56 -!- JackWinter4 [~jack@ppp-289.vo.lu] has quit [Read error: Connection reset by peer] 03:56 -!- JackWinter [~jack@ppp-289.vo.lu] has joined #openvpn 04:03 -!- johnny_be_yell-1 [~Joe@96.26.97.237] has joined #openvpn 04:04 -!- Dougy_ [me@tech.qsi.net] has joined #openvpn 04:04 -!- openbsdnoob_ [~openbsdno@88.79.221.61] has joined #openvpn 04:06 -!- wedge_ [lordsilenc@bigfoot.xh.se] has joined #openvpn 04:06 -!- kofi [~matsim@dilatino.soleus.nu] has joined #openvpn 04:07 -!- cyberspace_ [20253@ninthfloor.org] has joined #openvpn 04:07 -!- gffa_ [~gffa@unaffiliated/gffa] has joined #openvpn 04:07 -!- reiffert_ [~thomas@mail.reifferscheid.org] has joined #openvpn 04:07 -!- Netsplit *.net <-> *.split quits: pa, reiffert, EvilJStoker, Champi, Azrael808, johnny_be_yellow, Olipro, gffa, wedge, GHAI_, (+5 more, use /NETSPLIT to show all of them) 04:07 -!- openbsdnoob_ is now known as openbsdnoob 04:08 -!- Netsplit over, joins: Azrael808 04:08 -!- |Mike| [mike@vps-2a01-4f8-101-1c1-b23f-f6e5.twenty-five.nl] has joined #openvpn 04:08 -!- GHAI [~joti@cthulhu-isp.net] has joined #openvpn 04:09 -!- Champi [Champi@rootshell.fr] has joined #openvpn 04:10 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn 04:10 -!- JackWinter [~jack@ppp-289.vo.lu] has quit [Quit: Konversation terminated!] 04:10 -!- JackWinter2 [~jack@ppp-289.vo.lu] has joined #openvpn 04:11 -!- EvilJStoker [jstoker@unaffiliated/jstoker] has joined #openvpn 04:13 < hilarie> What went wrong here, http://paste.ubuntu.com/806029/ is http://forums.openvpn.net/topic7731.html shennanigans or am I messing it up? 04:13 <@vpnHelper> Title: OpenVPN Support Forum Create ovpn client file : Server Administration (at forums.openvpn.net) 04:19 -!- pa [~pa@unaffiliated/pa] has joined #openvpn 04:22 -!- master_of_master [~master_of@p57B54634.dip.t-dialin.net] has quit [Ping timeout: 252 seconds] 04:24 -!- master_of_master [~master_of@p57B52E94.dip.t-dialin.net] has joined #openvpn 04:25 < hilarie> http://openvpn.net/index.php/open-source/documentation/change-log/71-21-change-log.html it looks like it should be working 04:25 <@vpnHelper> Title: 2.1 Change Log (at openvpn.net) 04:25 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 240 seconds] 04:25 -!- Tixos [~sg@95.140.125.10] has joined #openvpn 04:27 < Tixos> hi 04:27 < Tixos> what is the OpenVPN Watchdog alternative for linux? 04:27 < Tixos> Basically it does this >  How to Stop Your Real IP Being Exposed After OpenVPN Disconnection 04:34 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has joined #openvpn 04:41 <@vpnHelper> RSS Update - forum: Can´t connect to VPN 04:45 -!- Tixos [~sg@95.140.125.10] has quit [Ping timeout: 248 seconds] 04:47 <@vpnHelper> RSS Update - forum: ip pool range help 04:48 -!- Denial [~Denial@drgi.co.uk] has joined #openvpn 04:49 -!- corretico [~luis@190.211.93.11] has quit [Ping timeout: 240 seconds] 04:49 -!- zu_ [~zu@ks387228.kimsufi.com] has quit [Ping timeout: 252 seconds] 04:54 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn 04:55 -!- noisebleed [~quassel@kermit.inescn.pt] has joined #openvpn 04:55 -!- noisebleed [~quassel@kermit.inescn.pt] has quit [Changing host] 04:55 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has joined #openvpn 04:58 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 04:58 <@vpnHelper> RSS Update - forum: Can´t connect to VPN 05:00 -!- Tixos [~sg@host109-152-210-250.range109-152.btcentralplus.com] has joined #openvpn 05:06 -!- corretico [~luis@190.211.93.11] has joined #openvpn 05:07 -!- Tixos [~sg@host109-152-210-250.range109-152.btcentralplus.com] has quit [Quit: Leaving.] 05:11 -!- Tixos [~sg@192.162.102.116] has joined #openvpn 05:13 -!- mocas_ [~mocas@87.196.249.210] has joined #openvpn 05:17 -!- mocas__ [~mocas@87-196-242-85.net.novis.pt] has quit [Ping timeout: 252 seconds] 05:18 < Tixos> Can someone please tell me how to prevent IP leaking on linux?? 05:30 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 05:35 < hyper_ch> what's IP leaking? 05:38 < hyper_ch> Tixos: 05:39 < Tixos> when the VPN connection drops 05:39 < Tixos> and im left sitting on my real IP making requests anywhere and eveywhere 05:39 < Tixos> windows solution > http://openvpnchecker.com/ 05:39 <@vpnHelper> Title: OpenVPNChecker.com - OpenVPN IP Leak and DNS Leak Preventer > Home (at openvpnchecker.com) 05:41 -!- DarthGandalf [~Vetinari@znc/developer/DarthGandalf] has quit [Ping timeout: 240 seconds] 05:43 < Tixos> hyper_ch: 05:52 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 05:56 <@dazo> Tixos: you need to setup a simple firewall route, only allowing OpenVPN traffic out on your main interface 05:56 < hyper_ch> dazo: you were quicker :) 05:56 <@dazo> :) 05:56 < Tixos> but then i cant connect off my real IP when i wish to 05:56 < hyper_ch> dazo: still going to FossDem? 05:56 < Tixos> right? 05:57 <@dazo> hyper_ch: I'm going 05:57 <@dazo> Tixos: that's when you remove this rule 05:57 < hyper_ch> Tixos: sure you can... just make another command upon disconnecting that removes that rule 05:57 < Tixos> so a few scripts are needed, which i am useless at :) 05:57 < Tixos> there is seriously no scripts already exisiting that you know of? of linux apps for it? 05:57 < hyper_ch> !updown 05:58 < hyper_ch> Tixos: how do you connect openvpn? 05:58 < Tixos> have either of you done this before? would you be able to share? 05:58 < Tixos> i use the gnome plugin for network manager 05:59 < hyper_ch> Tixos: any reason why you don't run it from the shell? 05:59 < hyper_ch> it would be a simple shell script 06:00 <@dazo> with the network-manager-openvpn-plugin ... you're left in blackhole ... that's an annoyingly piece of shit ... as it kills openvpn (or any VPNs) if the main device looses the connection 06:00 < Tixos> wouldnt know where to start tbh 06:00 <@dazo> if you run openvpn from a shell, openvpn will run and try to reconnect automatically 06:00 <@dazo> thus - no IP leak 06:01 < Tixos> how can i tell if there IS an ip leak? 06:01 < Tixos> is that even possible 06:01 < hyper_ch> Tixos: what distro? 06:01 < Tixos> ubuntu 06:01 -!- defsdoor [~andy@cpc17-sutt4-2-0-cust175.perr.cable.virginmedia.com] has joined #openvpn 06:01 <@dazo> but network-manager will rewrite /etc/resolv.conf ... so you might get some nasty surprises there on re-connects with vpn 06:01 < hyper_ch> Tixos: ls -al /etc/openvpn --> please pastebin output 06:01 < Tixos> i change my config files alot also, so this would involved re-writing scripts etc? i dont know 06:02 < hyper_ch> Tixos: all you'd need is to have the client.conf file in /etc/openvpn/ 06:02 < hyper_ch> according with the keys and ca stuff 06:02 < hyper_ch> and then you could just run: sudo /etc/init.d/openvpn start 06:02 < Tixos> -rwxr-xr-x 1 root root 1357 2011-07-04 14:10 update-resolv-conf 06:02 -!- X0Rc0re [~chatzilla@124-169-46-85.dyn.iinet.net.au] has joined #openvpn 06:02 < hyper_ch> or sudo /etc/init.d/openvpn stop 06:05 -!- cpm [~Chip@pool-74-98-18-217.altnpa.east.verizon.net] has joined #openvpn 06:05 -!- cpm [~Chip@pool-74-98-18-217.altnpa.east.verizon.net] has quit [Changing host] 06:05 -!- cpm [~Chip@pdpc/supporter/active/cpm] has joined #openvpn 06:05 < Tixos> so i need to run openvpn from shell 06:05 < Tixos> and write scripts to add and remove rules from firewalls 06:05 < Tixos> seems painful to me, and im no coder 06:06 < hyper_ch> the shell is your friend 06:06 < Tixos> ive read iptable and openvpn client manuals before, there is a reason i went with the GUI 06:07 < hyper_ch> still, the shell is your friend 06:07 < hyper_ch> and openvpn isn't really hard to setup 06:08 < Tixos> and this helps with my original question ? 06:08 < Olipro> if you want a nice tard-friendly GUI, get coding 06:09 < Olipro> the answer to your question is that what you want doesn't exist 06:09 < Tixos> wow i got my answer :) 06:09 <@dazo> Tixos: you might solve your leak issue, just by running openvpn from a shell ... and not trust network-manager to control VPNs 06:09 < Olipro> primarily because the majority of people who use OpenVPN consider using a CLI and editing configuration files to be trivial 06:10 < Tixos> dazo, what if its the server dropping and nothing to do with my local setup 06:10 < Tixos> only method is using firewall? 06:10 < Tixos> Olipro: im not talkig about editing configs, im talking about writing scripts to enable disable firewall rules and such, this isnt trivial to me 06:10 < Tixos> sorry to disappoint you 06:11 < Olipro> you want to manipulate iptables? 06:11 < Olipro> well that /would/ call for a rudimentary script 06:11 <@dazo> Tixos: if your openvpn clients looses the connection while running, you can tell it to try to reconnect indefinitely .... thus you not causing any routes to change 06:12 < Olipro> however, there *are* GUIs that will let you create iptables rules, you could do so and copy paste into a script file 06:12 < Tixos> ok 06:12 <@dazo> and in the moment you kill off your openvpn client, those VPN routes goes away 06:12 < Olipro> but instead, I'd suggest just reading the iptables manpage, it's really not that hard 06:12 < Tixos> ill look into it and come back 06:13 < hyper_ch> dazo: the simplest way seems to be redirect def1 and set the client to infinite connection retry 06:14 <@dazo> hyper_ch: ack! 06:14 <@dazo> Tixos: ^^ 06:14 < hyper_ch> Olipro: reading is hard :) 06:14 < Tixos> i will get it running through shell firstly before worrying abnout that part 06:14 < Tixos> and dont start saying im unwilling to read, you do not know me :) 06:15 < Tixos> time is always my enemy 06:15 <@dazo> well, then you need to make time to read ;-) 06:15 < Tixos> if anyone could 'make' time, they would be rich as hell 06:16 < Tixos> i dont have those super powers :) 06:16 <@dazo> in this world ... make time == prioritise differently 06:16 < Tixos> its not top of my list 06:16 < hyper_ch> there's a mktime() php command 06:16 < Tixos> it seems 06:16 < hyper_ch> and we all know that mk is short for "make" 06:17 < Tixos> i hate when people say 'if you dont like it, code yourself a GUI', well yea if i had a spare 2 months i would probably do that, but amazingly i dont. 06:17 < Tixos> ill let you know when i fail :) 06:17 <@vpnHelper> RSS Update - forum: Anonyproz OpenVPN Service Provider || Free providers? 06:17 <@dazo> Tixos: in my world that means, it's not annoying you enough ;-) 06:17 < rob0> but that's how it is. You can't expect someone else to scratch your itch. 06:18 < Tixos> i know thats how it is, i am not complaining 06:18 -!- DarthGandalf [~Vetinari@znc/developer/DarthGandalf] has joined #openvpn 06:18 < hyper_ch> someone will code it when they're annoyed enough :) 06:18 < Tixos> and comes an RSS feed from a windows dev who had the time to create what i need :) 06:19 < hyper_ch> Tixos: you also run the vpn server? 06:19 < Tixos> no 06:19 < rob0> Windows is more oriented toward people like you. So's Mac OS X, probably a much better choice. 06:19 < Tixos> ive spoke with the provider 'no related issues' his ened 06:19 < hyper_ch> rob0: I was like him once :) 06:20 < Tixos> rob0: cut the shit 06:20 < Tixos> you dont know me :) 06:20 < rob0> sure I do 06:20 < hyper_ch> Tixos: does the openvpn server push redirect def1? 06:20 < Tixos> thanks for the help dazo, hyper_ch 06:20 < Tixos> your arrogance means i know you also then :) 06:20 < rob0> heh, you are not as smart as you might think 06:21 < Tixos> ditto 06:22 < hyper_ch> Tixos: you'll need a client.conf file in /etc/openvpn that looks somewhat like this: http://pastebin.com/pGGAfws9 06:22 < hyper_ch> but whether routes are being set and which port and server and stuff... you'll need to figure out on your own 06:22 <@vpnHelper> RSS Update - forum: OpenVPN Site to Site Connection Using DD-WRT Capable Routers 06:23 < Tixos> using --config *.ovpn isnt good practice? 06:24 < hyper_ch> Tixos: the ubuntu init script runs all .conf files in /etc/openvpn 06:24 < hyper_ch> and as it is a client, I prefer to name it client.conf 06:24 < Tixos> .conf being the same as .ovpn? im looking for linux-based documentation on the official site, and not finding much atm 06:24 < Tixos> ill get there, ill come back if i need help, ty 06:25 < hyper_ch> but if you want to run it manually and not at boot up, then you'd use another file extension... like ovpn and manually call it with that config 06:25 < hyper_ch> and if I type something and dazo types something else, better listen to Mr. Dazo 06:26 < Tixos> i dont want it to start at boot 06:26 < Tixos> /etc/openvpn scripts are? 06:27 < Tixos> im just going to be asking question after qiestions like this, i need to get some background first 06:27 < hyper_ch> Tixos: just re-read what I wrote 06:27 < Tixos> i read it 06:27 < Tixos> yes i can do that 06:27 < Tixos> want to read that in the manual though :) 06:28 < hyper_ch> !howto 06:28 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror 06:28 < Tixos> mostly server documentation isnt it 06:28 < hyper_ch> have a read and you'll see 06:29 < Tixos> maybe i can run with this switch 06:29 < Tixos> --connect-retry-max 06:30 < Tixos> although no idea if that will run if it drops :) 06:30 < hyper_ch> or you put it into the config and just run that config 06:35 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has joined #openvpn 06:36 < Tixos> with this swtich (that is already in my providers config) resolv-retry infinite 06:36 < Tixos> my real IP should never be used to connect through right? 06:36 < Tixos> so we are purely blaming this on networking manager plugin ? 06:37 < hyper_ch> I have no clue how the network manager works 06:37 < Tixos> well, im only looking into this, because yesturday it dropped 4 times 06:38 < hyper_ch> but if it's in there, as long as the vpn runs, it should remove the routes 06:38 < hyper_ch> if it did add routes 06:38 < Tixos> running via shell 06:38 < Tixos> how can i visually monitor the connection ? 06:38 < hyper_ch> wireshark 06:38 < Tixos> erm 06:38 < Tixos> any logs etc i can generate to check if im connected 06:39 < hyper_ch> ifconfig 06:39 < hyper_ch> if it lists tun0 you are connected 06:39 < hyper_ch> also run route 06:39 < hyper_ch> to see where you're being routed through 06:40 < Tixos> ok thanks 06:40 < Tixos> ;log     /tmp/openvpn_udp.log 06:40 < Tixos> and that will show of any drops etc? 06:40 < hyper_ch> enable it and see :) 06:40 < hyper_ch> you could also use more/less verbosity 06:41 < Tixos> well, i cant 'make ' a drop can i? :P 06:41 < Tixos> my providers config has 'verb 3' but no logfile 06:41 < Tixos> pointless? or is that for their end? 06:42 < hyper_ch> verbosity without logfile is useless 06:42 < hyper_ch> IMHO 06:42 < Tixos> lol 06:42 < hyper_ch> verb 5 should be fine for debugging 06:42 < Tixos> right 06:43 < Tixos> this switch will be useless if i link with changing firewall rules? 06:43 < Tixos> --client-disconnect cmd : Run script cmd on client disconnection 06:43 < Tixos> useful* 06:43 < hyper_ch> you probably don't need it 06:43 < hyper_ch> when you try to resolv-retry infinite 06:45 < Tixos> i acnt see how the connection can fail, if this setting is already in my config 06:45 <@vpnHelper> RSS Update - forum: No local connection anymore when OpenVPN bridged enabled 06:45 < hyper_ch> the ways of the network manager an unknownst to us, mere mortal beings 06:46 < Tixos> ok ill jack it in then 06:47 < Tixos> this is my current config 06:48 < Tixos> http://pastebin.com/jCvUTH6Y 06:48 < Olipro> so um, does Network Manager bring up your OpenVPN connection? 06:52 <@vpnHelper> RSS Update - forum: no access to server || No local connection anymore when OpenVPN bridged enabled 06:55 -!- fluter [~fluter@fedora/fluter] has joined #openvpn 06:55 < Tixos> yes it does 06:56 < Tixos> never had issues with it, until yesturday 06:56 < Olipro> are you using WiFi? 06:56 < Tixos> nope 06:56 < Tixos> can post be an issue? TCP 1194 or w.e vs UDP 443? 06:57 < Tixos> port8 06:57 < Olipro> well nonetheless, trusting Network Manager not to tear down your OpenVPN connection is a real headache 06:57 < Olipro> I'd suggest not using it, or if you insist, go to the Gnome guys to find out why it's being torn down 06:57 < Tixos> i changed server and it hasnt happened yet today, i will try doing it via term 06:58 -!- Tixos [~sg@192.162.102.116] has quit [Quit: Leaving.] 06:59 -!- fluter [~fluter@fedora/fluter] has quit [Client Quit] 06:59 -!- fluter [~fluter@fedora/fluter] has joined #openvpn 07:00 -!- fluter [~fluter@fedora/fluter] has quit [Max SendQ exceeded] 07:01 -!- fluter [~fluter@fedora/fluter] has joined #openvpn 07:02 <@vpnHelper> RSS Update - forum: No local connection anymore when OpenVPN bridged enabled 07:03 <@dazo> hehe ... or should we say "whoops!" .... http://ddanchev.blogspot.com/2012/01/whos-behind-koobface-botnet-osint.html (hyper_ch) 07:03 <@vpnHelper> Title: Dancho Danchev's Blog - Mind Streams of Information Security Knowledge: Who's Behind the Koobface Botnet? - An OSINT Analysis (at ddanchev.blogspot.com) 07:06 -!- Tixos [~sg@192.162.102.116] has joined #openvpn 07:06 < Tixos> isnt port 1194 TCP? 07:07 < Tixos> and 443 UDP? :S 07:07 < Tixos> as i am getting this error and it says its related to latency 07:07 < Tixos> Mon Jan 16 13:04:42 2012 Replay-window backtrack occurred [1] 07:07 <@dazo> Tixos: read up about --replay-window in the man page 07:07 -!- cpm [~Chip@pdpc/supporter/active/cpm] has quit [Ping timeout: 244 seconds] 07:08 <@dazo> Tixos: 1194/udp is the default OpenVPN setup (if port/proto is not configured) 07:09 <@dazo> and port numbers and protocol isn't connected at all .... in fact you can have apache listen to 443/tcp and openvpn listen to 443/udp 07:10 < Tixos> i cant see --replay-windows using '/pattern replay' not sure if im using that right 07:11 <@dazo> Tixos: just type: /replay-window 07:11 < Tixos> ahhh lol 07:12 < Tixos> ok great, so after running for a week, if max is 2 i can set --replay-window=2 07:12 < Tixos> although, if its only 2 probably no need to touch this 07:12 <@vpnHelper> RSS Update - forum: No local connection anymore when OpenVPN bridged enabled 07:13 < Tixos> and hyper_ch, thats the reason for 'verb' in config without logfile, just to view in shell i guess :) 07:14 < Tixos> should i try to sort out all 'warnings'? ie use this switch 'WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this' 07:15 < Tixos> 'WARNING: No server certificate verification method has been enabled.' 07:15 < Tixos> there are about 5-6 07:15 <@dazo> Tixos: solving as many of those warnings as possible is a good thing 07:16 <@dazo> if you're not worried about that your VPN password is in memory while openvpn runs, you don't need to worry about auth-nocache 07:16 < Tixos> i am using user-pass auth only, i guess not much can be done about the first one 07:16 <@dazo> (auth-nocache will require OpenVPN to ask for username/password again if it needs to re-connect to the server) 07:16 < Tixos> rather the second 07:16 < Tixos> server certificate verification 07:16 <@dazo> that's a good one to fix 07:17 < hyper_ch> dazo: from windows I'm used to just press "next" upon warnings and not bother about them :) 07:17 <@vpnHelper> RSS Update - forum: Openbsd/openvpn nat/route-to/pf issue 07:17 < Tixos> i have a .crt from the provider 07:17 <@dazo> hyper_ch: *speechless* ;-) 07:17 < Tixos> guess its not being used for some reason? 07:18 <@dazo> Tixos: that's used, for sure ... but you might need to look at --tls-remote 07:18 < Tixos> o right 07:19 < Tixos> so just 07:19 < Tixos> tls-remote ca.crt 07:19 < Tixos> ill play around 07:20 < Tixos> if i am running with 'openvpn --config' what is the correct way to terminate the connection 07:20 -!- gffa_ is now known as gffa 07:21 < hyper_ch> sudo killall openvpn 07:21 < hyper_ch> that's one way :) 07:21 <@dazo> Tixos: if you have --daemon in your config, you'll need to use the 'kill' command with the proper process ID of your openvpn instance .... but if it's running in the foreground, just do CTRL-C 07:21 < Tixos> i can just cntl+c, but it doesnt feel right 07:21 <@dazo> CTRL-C is proper 07:21 < Tixos> righty 07:21 < Tixos> hmm, 'route' is totally different each time? or should it be the same :) 07:21 < hyper_ch> dazo: whats wrong with killall? 07:22 < hyper_ch> everyone in us has a little mass murderer :) 07:22 <@dazo> hyper_ch: I try to hide that need :-P 07:22 < Tixos> hyper_ch: 'route' output is totally different now compared to using network manager 07:22 <@vpnHelper> RSS Update - forum: No local connection anymore when OpenVPN bridged enabled || Bridge client gets gateway from DHCP despite server-bridge 07:22 <@dazo> (and if you're running more openvpn tunnels in parallel .... killall is kind of bruteforce) 07:23 < hyper_ch> Tixos: let me fetch my magic crystal ball and divine what your "route" output looks like 07:23 < hyper_ch> dazo: well, usually I use sudo /etc/init.d/openvpn start|stop|restart 07:24 <@dazo> hyper_ch: I think I used your magic crystal ball as a bowling ball ... it might not be in the same perfect shape as earlier .... 07:24 < Tixos> hmm 07:24 < Tixos> i asked 07:24 < Tixos> if it should be the same everytime its run 07:24 * hyper_ch gets his lightning enchanted rod and points it at dazo 07:24 < hyper_ch> *zzzaaapppp* 07:25 * dazo pops up shield 07:26 < hyper_ch> Tixos: before we know what your routes look like, we can't say for sure 07:27 -!- resha [b816b6f6@gateway/web/freenode/ip.184.22.182.246] has joined #openvpn 07:27 < resha> how to fix TLS Error: Unroutable control packet received from x.x.x.x 07:28 < hyper_ch> so, time to update Diaspora 07:28 < Olipro> wait for the other end to realise the connection dropped, or tear down the connection and bring it back up manually 07:28 < Olipro> you can minimise that error for disconnects by using keepalive 07:28 -!- dollabill [~mike@199.44.8.98] has joined #openvpn 07:29 < resha> Olipro, is that answer for my question? 07:29 < Olipro> yes 07:29 < hyper_ch> resha: you have to use TLS? 07:30 < resha> thanks olipro. is this right keepalive 5 120? is that enough? 07:30 < resha> Hyper_ch - yes I use TLS 07:30 < Olipro> that will send a ping every 5 seconds 07:31 < Olipro> if no response is received for 120 seconds, it kills the connection 07:31 < resha> tls-auth /etc/openvpn/keys/ta.key 0 07:31 < Olipro> so the question really is... would you consider 120 seconds a bit of an excessive timeout 07:31 < resha> but I dont think it killed the connection after 120 seconds I guess its around 30 seconds 07:32 < resha> :) 07:33 <@dazo> hyper_ch: I've come quite a good step forward setting up the Diaspora server myself now ... just need to get nginx up'n'running properly and some firewalling stuff 07:33 < hyper_ch> nginx? 07:33 < hyper_ch> isn't that way too complicated :) 07:33 < resha> Hyper_ch - what is the use TLS towards resolving that TLS error? 07:34 < hyper_ch> resha: I don't use tls on openvpn 07:34 < resha> why? 07:34 < hyper_ch> why should I use it? 07:35 < resha> because its a security option? 07:35 < hyper_ch> it is? 07:35 < hyper_ch> how so? 07:35 < resha> :) on manual? 07:36 < hyper_ch> but how does it make it more secure? 07:37 < resha> protect against DoS attacks 07:37 < hyper_ch> how would TLS protect against DoS? 07:38 < resha> I dont know much about it. It is what is written on the manual that I read :) 07:38 -!- bigpaws [~bigpaws@c-68-37-125-150.hsd1.nj.comcast.net] has quit [Remote host closed the connection] 07:39 -!- bigpaws [~bigpaws@c-68-37-125-150.hsd1.nj.comcast.net] has joined #openvpn 07:40 < resha> Can you tell me now why you dont use tls on openvpn? :) 07:40 < hyper_ch> resha: I don't see why I should and you haven't given me any reason yet as to why I should 07:41 < resha> Hyper_ch, I dont know much about this thing aside from following what I read. Maybe your enlightment will clarify me on this too. 07:42 < hyper_ch> resha: I don't see how tls will help when I use certs 07:42 <@dazo> resha: TLS doesn't protect against DoS ... but if you read about --tls-auth, you'll see how OpenVPN in UDP mode can avoid DoS more efficiently, by adding an extra layer of control 07:42 <@dazo> hyper_ch: nginx isn't so bad to configure, from what I read .... and I'm keen on getting to know nginx as well :) 07:42 <@vpnHelper> RSS Update - forum: no access to server || No local connection anymore when OpenVPN bridged enabled 07:42 < resha> This what I read: Add an additional layer of HMAC authentication on top of the TLS control channel to protect against DoS attacks. In a nutshell, --tls-auth enables a kind of "HMAC firewall" on OpenVPN's TCP/UDP port, where TLS control channel packets bearing an incorrect HMAC signature can be dropped immediately without response. 07:42 * dazo might even put varnish in front of nginx as well 07:43 < rob0> The way it works: you read through the howto and manual, then decide what you need. One size fors not fit all. 07:43 < rob0> err wow, typo day 07:43 < hyper_ch> dazo: well, same here... I'm pondering about creating an ISO for a 4GB SD card raspberry pi that has FS, FusionPBX, sqlite and nginx 07:43 < rob0> *does 07:43 < hyper_ch> what's varnish? 07:43 -!- X0Rc0re [~chatzilla@124-169-46-85.dyn.iinet.net.au] has quit [Quit: ChatZilla 0.9.88 [Firefox 8.0.1/20111120135848]] 07:44 -!- resha [b816b6f6@gateway/web/freenode/ip.184.22.182.246] has quit [Quit: Page closed] 07:44 <@dazo> hyper_ch: it's a web cache ... however, I just realised that's really dumb ... as diaspora is https :/ 07:44 < hyper_ch> ah :) 07:44 <@dazo> (varnish doesn't support https) 07:44 < hyper_ch> what about squid? 07:44 -!- bigpaws [~bigpaws@c-68-37-125-150.hsd1.nj.comcast.net] has quit [Ping timeout: 276 seconds] 07:44 <@dazo> it's an awesome web cache, with an amazing flexible config scheme 07:45 <@dazo> squid isn't so suitable as a reverse proxy, and way too slow compared to varnish 07:45 < ecrist> dazo: you just need a suitable ssl accelerator 07:45 <@dazo> yeah 07:45 <@dazo> hyper_ch: https://www.varnish-cache.org/ 07:45 <@vpnHelper> Title: Front page | Varnish Community (at www.varnish-cache.org) 07:45 < hyper_ch> dazo: you need to install ecrist on the machine to do ssl acceleration 07:45 <@dazo> hehehe 07:45 <@dazo> hyper_ch: I'd probably rather not ... I'm afraid he'll be too grumpy! 07:46 < hyper_ch> is varnish also a proxy server? 07:47 <+havoc> squid is like apache; wicked huge/many functions/applications 07:47 <@dazo> hyper_ch: it's a caching proxy server, to be more exact 07:47 < hyper_ch> dazo: maybe I should have a look at it 07:47 -!- NoReGreT [~regret@unaffiliated/noregret] has joined #openvpn 07:48 < hyper_ch> dazo: when you get D* give me your userid 07:48 < hyper_ch> s/give/up, give/ 07:48 <@dazo> hyper_ch: highly recommended! The config will amaze you ;-) 07:48 <@dazo> hyper_ch: when I've solved nginx + firewall ;-) 07:48 < hyper_ch> squid has any annoyingly commented config 07:48 < NoReGreT> I'm new to openvpn, I have an account with a provider and I got the .key, .crt files.. how would I connect? should I link those in the config file ? 07:49 < hyper_ch> NoReGreT: yes 07:49 < hyper_ch> NoReGreT: issue: !welcome in this channel 07:49 < NoReGreT> !welcome 07:49 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 07:49 <@dazo> hyper_ch: customers (using the commercial version) of varnish: https://www.varnish-software.com/references 07:49 <@vpnHelper> Title: Customer References | Varnish Software (at www.varnish-software.com) 07:50 < NoReGreT> !howto 07:50 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror 07:50 < hyper_ch> facebook uses varnish? 07:50 <@dazo> yeah 07:51 <@dazo> NoReGreT: if you got cert/keys from a provider ... that provider should most likely provide you with a config as well 07:51 < hyper_ch> dazo: but what about the evilness of Facebook, won't it taint varnish and it'll become evil itself? 07:51 <@dazo> hyper_ch: don't shoot the messenger ;-) 07:51 < rob0> BANG 07:51 < hyper_ch> you make it sound like it's a bad thing 07:52 <+havoc> fascebook is also an ideal proving ground for infrastructure tech 07:52 <@dazo> hyper_ch: messenger == varnish ;-) 07:52 <@dazo> ack 07:52 <+havoc> at least in this instance 07:52 <@dazo> +1 07:52 < hyper_ch> who has more servers? google or facebook? 07:52 <+havoc> google, easily 07:53 < hyper_ch> you sure? 07:53 <+havoc> I can't imaging facebook ever making enough money ever to buy as much gear as google has 07:53 <+havoc> but no, not sure 07:53 < Olipro> Google. 07:53 <+havoc> just speculation/educated guess 07:53 < Olipro> Google indexes the internet, Facebook does not 07:54 <+havoc> I can't imagine facebook even coming close 07:54 <@dazo> Google also build their own specialised computers 07:54 < hyper_ch> but facebook has 750million fanatics that connect 24/7 to it for status updates and animal farm 07:54 <@dazo> hehehe 07:54 < Olipro> and Google indexes all of that content too 07:54 <+havoc> hyper_ch: and that can run on *one* of google's custom boxes ;) 07:54 <+havoc> (maybe) 07:54 <+havoc> Olipro: yup 07:54 < hyper_ch> farmville 07:54 < hyper_ch> not animal farm 07:55 < hyper_ch> two slightly different things :) 07:56 < hyper_ch> I hope all of you have read animal farm 07:56 < rob0> "Comrade Napoleon is always right." "I will work harder." 07:56 < NoReGreT> dazo: no really, no openvpn config file 07:56 < rob0> I would not pay money to a provider that can't/won't support me. 07:57 < hyper_ch> NoReGreT: what ovpn provider? 08:00 * dazo just reads an article from the Chinese ambassador in Norway, claiming that the Chinese people are free, elect their own leaders freely and can speak freely the Internet ..... #yeahright! 08:00 < hyper_ch> they can speak freely in the chinese internt 08:00 < hyper_ch> as long as it's not against party policy 08:01 <@dazo> yeah 08:01 <@dazo> China is still pissed on Norway for giving Liu Xiaobo the Nobel Peace Price in 2010 ... 08:01 < ecrist> dazo: snapshot rolled, and I sent the signature to the mailing list. 08:01 < hyper_ch> if you want a clean internet experience you should VPN into a China 08:01 <@dazo> ecrist: cool, thx!! 08:01 < ecrist> http://www.youtube.com/watch?v=WyTVkD0w--E&feature=share 08:01 <@vpnHelper> Title: Marines Urinating On Dead Taliban - Action Figure Therapy - YouTube (at www.youtube.com) 08:01 < hyper_ch> dazo: you don't happen to be norwegian? 08:02 <@dazo> I do 08:02 < hyper_ch> blonde, blue eyed, high vodka tolerance? 08:02 <@dazo> almost :-P 08:02 < ecrist> NSFW in the US, probably OK in Europe 08:03 < hyper_ch> is anything SFW in the US? 08:03 < ecrist> pictures of your mom are just fine 08:04 <@dazo> ecrist: priceless youtube video! 08:04 < ecrist> :) 08:10 <@vpnHelper> RSS Update - forum: Kitchenaid is capable of heating quickly 08:13 <+havoc> heh, forum spam 08:17 < rob0> or else very clever steganography 08:18 -!- zu [~zu@ks387228.kimsufi.com] has joined #openvpn 08:22 <@vpnHelper> RSS Update - forum: Help setting upTunnel || OpenVPN N2N setup with IPfire 08:36 -!- bigpaws [~bigpaws@c-68-37-125-150.hsd1.nj.comcast.net] has joined #openvpn 08:38 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has joined #openvpn 08:39 -!- fluter [~fluter@fedora/fluter] has quit [Quit: Leaving] 08:39 <@vpnHelper> RSS Update - forum: vpn server with different subnets for different common names 08:50 -!- NoReGreT [~regret@unaffiliated/noregret] has quit [Quit: leaving] 08:52 <@vpnHelper> RSS Update - forum: vpn server with different subnets for different common names 08:55 -!- Tixos [~sg@192.162.102.116] has quit [Quit: Leaving.] 09:03 -!- p3rror [~mezgani@41.137.254.45] has joined #openvpn 09:11 -!- defsdoor [~andy@cpc17-sutt4-2-0-cust175.perr.cable.virginmedia.com] has quit [Ping timeout: 252 seconds] 09:12 -!- defsdoor [~andy@cpc17-sutt4-2-0-cust175.perr.cable.virginmedia.com] has joined #openvpn 09:16 <@vpnHelper> RSS Update - forum: vpn server with different subnets for different common names 09:18 -!- defsdoor [~andy@cpc17-sutt4-2-0-cust175.perr.cable.virginmedia.com] has quit [Ping timeout: 255 seconds] 09:19 -!- defsdoor [~andy@cpc17-sutt4-2-0-cust175.perr.cable.virginmedia.com] has joined #openvpn 09:27 -!- rasyid7 [~3333@69.163.36.67] has joined #openvpn 09:38 -!- mocas_ [~mocas@87.196.249.210] has quit [Ping timeout: 240 seconds] 09:47 -!- APTX_ [APTX@unaffiliated/aptx] has joined #openvpn 09:47 -!- APTX [APTX@unaffiliated/aptx] has quit [Ping timeout: 252 seconds] 09:51 -!- mocas_ [~mocas@87-196-121-73.net.novis.pt] has joined #openvpn 09:58 <@vpnHelper> RSS Update - forum: Website Audit: What Really is It? 10:04 <@vpnHelper> RSS Update - forum: Broadcasts using tun 10:21 -!- cyberspace_ [20253@ninthfloor.org] has quit [Ping timeout: 240 seconds] 10:22 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn 10:33 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has quit [Ping timeout: 252 seconds] 10:52 <@vpnHelper> RSS Update - forum: No local connection anymore when OpenVPN bridged enabled 10:55 -!- mort_gib [~mort_gib@16.Red-83-36-63.staticIP.rima-tde.net] has joined #openvpn 11:00 -!- matthaiso [~matt@84.19.169.170] has joined #openvpn 11:01 < matthaiso> Hi. Can anyone pls tell me how to make exceptions? I'm running Linux and want to access some websites without the vpn server, but with my "true ip" 11:04 -!- raidz [~raidz@openvpn/corp/admin/andrew] has joined #openvpn 11:04 -!- mode/#openvpn [+o raidz] by ChanServ 11:05 -!- Azrael808 [~peter@212.161.9.162] has quit [Read error: Operation timed out] 11:06 < rob0> oh, that is not going to be trivial at all. I think you might do that better without redirect_gateway, and use a local HTTP proxy which forwards some requests through the tunnel, and sends others direct to the website. 11:07 < rob0> You can look at the LARTC.org howto, maybe do it with multiple route tables and rules, but those rules are not going to be selected by name, only by IP address. 11:08 -!- newl [~newl@97.75.165.156] has joined #openvpn 11:13 -!- mort_gib [~mort_gib@16.Red-83-36-63.staticIP.rima-tde.net] has quit [Quit: Ex-Chat] 11:15 -!- newl [~newl@97.75.165.156] has left #openvpn [] 11:15 <@vpnHelper> RSS Update - forum: Log Questions 11:22 < hyper_ch> not even Linux can divide by 0 - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654876 11:22 <@vpnHelper> Title: #654876 - CVE-2012-0207: divide error and panic when receiving mixed IGMP queries - Debian Bug report logs (at bugs.debian.org) 12:00 -!- MeanderingCode [~Meanderin@97-123-13-2.albq.qwest.net] has joined #openvpn 12:18 -!- MarKsaitis [~MarKsaiti@cpc4-rdng22-2-0-cust932.15-3.cable.virginmedia.com] has joined #openvpn 13:00 -!- p3rror [~mezgani@41.137.254.45] has quit [Ping timeout: 240 seconds] 13:01 -!- dollabill [~mike@199.44.8.98] has quit [] 13:03 -!- dazo is now known as dazo_afk 13:04 -!- R-66Y [~nobody@elegua.za.net] has quit [Read error: Operation timed out] 13:06 -!- R-66Y [~nobody@elegua.za.net] has joined #openvpn 13:09 -!- JPeterson [HydraIRC@s213-103-209-64.cust.tele2.se] has quit [Read error: Connection reset by peer] 13:10 -!- JPeterson [HydraIRC@s213-103-209-64.cust.tele2.se] has joined #openvpn 13:23 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has quit [] 13:26 -!- Dweezahr [~Dweezahr@flits102-34.flits.rug.nl] has joined #openvpn 13:57 -!- Netsplit *.net <-> *.split quits: kloeri, Diffen, dioz, vect0rx, rooth, JoeGazz84, APTX_, Cr4zi3, Zimsky, DrArcheh 13:57 -!- Netsplit over, joins: rooth, dioz 13:57 -!- Netsplit over, joins: vect0rx 13:57 -!- APTX [APTX@unaffiliated/aptx] has joined #openvpn 13:57 -!- DrArcheh [~drarcheh@85.214.227.198] has joined #openvpn 13:57 -!- Netsplit over, joins: kloeri, Diffen 13:57 -!- Cr4zi3 [killaz@staff.xbins.org] has joined #openvpn 13:59 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 13:59 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 14:00 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 14:03 -!- JoeGazz84 [~JoeGazz84@TechEssentials/JoeGazz84] has joined #openvpn 14:04 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 14:04 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 14:06 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has joined #openvpn 14:06 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has quit [Changing host] 14:06 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 14:06 -!- mode/#openvpn [+v Axeman] by ChanServ 14:07 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 14:07 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 14:09 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 14:09 -!- SOG [~SOG@168.70.16.99] has joined #openvpn 14:10 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 14:10 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 14:15 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 14:15 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 14:19 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 14:19 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 14:24 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 14:24 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 14:25 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 14:25 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 14:26 -!- MarKsaitis_ [~MarKsaiti@cpc4-rdng22-2-0-cust932.15-3.cable.virginmedia.com] has joined #openvpn 14:27 -!- MarKsaitis [~MarKsaiti@cpc4-rdng22-2-0-cust932.15-3.cable.virginmedia.com] has quit [Ping timeout: 240 seconds] 14:28 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 14:28 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 14:33 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 14:33 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 14:38 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 14:38 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 14:41 -!- MarKsaitis_ [~MarKsaiti@cpc4-rdng22-2-0-cust932.15-3.cable.virginmedia.com] has quit [Quit: Leaving] 14:45 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 14:45 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 14:45 <@vpnHelper> RSS Update - forum: Routed OpenVPN between two subnets || OpenVPN forwards client's public IP 14:52 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 14:52 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 14:53 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 14:53 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 14:54 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 14:54 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 15:01 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 15:01 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 15:02 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 15:02 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 15:03 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 15:03 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 15:07 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 15:07 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 15:09 -!- Gravitron [~admin@64.93.227.97] has joined #openvpn 15:09 -!- Gravitron [~admin@64.93.227.97] has quit [Changing host] 15:09 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 15:12 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 15:12 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 15:13 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Ping timeout: 252 seconds] 15:13 -!- Gravitron [~admin@69.163.40.45] has joined #openvpn 15:13 -!- Gravitron [~admin@69.163.40.45] has quit [Changing host] 15:13 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 15:16 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Ping timeout: 248 seconds] 15:19 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 15:19 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 15:20 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 15:20 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 15:23 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 15:23 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 15:24 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 15:24 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 15:25 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 15:25 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 15:34 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 15:34 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 15:38 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 15:38 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 15:40 -!- batrick [~batrick@batbytes.com] has quit [Quit: WeeChat 0.3.2] 15:41 -!- batrick [~batrick@nmap/developer/batrick] has joined #openvpn 15:42 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 15:42 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 15:45 -!- batrick [~batrick@nmap/developer/batrick] has quit [Client Quit] 15:45 -!- batrick [~batrick@nmap/developer/batrick] has joined #openvpn 15:48 -!- batrick [~batrick@nmap/developer/batrick] has quit [Client Quit] 15:48 -!- batrick [~batrick@nmap/developer/batrick] has joined #openvpn 15:49 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 15:49 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 15:51 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 15:51 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 15:52 -!- p3rror [~mezgani@41.250.235.173] has joined #openvpn 15:54 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 15:54 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 15:58 -!- corretico [~luis@190.211.93.11] has quit [Ping timeout: 240 seconds] 16:00 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 16:00 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 16:03 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 16:03 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 16:04 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 16:04 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 16:11 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 16:11 -!- mode/#openvpn [+v Axeman] by ChanServ 16:13 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Ping timeout: 252 seconds] 16:14 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 16:14 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 16:15 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 16:15 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 16:16 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 16:17 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Ping timeout: 248 seconds] 16:19 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 16:19 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 16:22 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 16:22 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 16:29 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 16:29 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 16:31 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 16:31 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 16:33 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 16:33 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 16:34 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 16:34 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 16:37 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 16:37 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 16:38 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 16:38 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 16:38 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 16:38 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 16:43 -!- nonotza [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has joined #openvpn 16:43 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 16:43 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 16:44 -!- JoeyJoeJo [~brian@pool-173-71-223-79.clppva.fios.verizon.net] has quit [Ping timeout: 240 seconds] 16:47 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 16:48 -!- mode/#openvpn [+v Axeman] by ChanServ 16:48 -!- defsdoor [~andy@cpc17-sutt4-2-0-cust175.perr.cable.virginmedia.com] has quit [Quit: Ex-Chat] 16:48 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 16:48 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 16:49 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 16:49 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 16:50 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 16:50 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 16:50 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 16:50 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 16:52 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 16:52 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 16:53 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 16:53 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 16:54 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 16:54 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 16:57 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 16:57 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 16:59 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has quit [Remote host closed the connection] 17:00 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 17:00 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 17:08 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 17:08 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 17:09 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 17:09 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 17:12 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 17:12 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 17:13 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 17:13 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 17:21 -!- matthaiso [~matt@84.19.169.170] has quit [Remote host closed the connection] 17:22 -!- oc80z [oc80z@blea.ch] has quit [Excess Flood] 17:22 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 17:22 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 17:23 -!- oc80z [oc80z@blea.ch] has joined #openvpn 17:23 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 17:23 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 17:24 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 17:24 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 17:29 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 17:29 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 17:31 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 17:31 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 17:32 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 17:32 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 17:34 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 17:34 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 17:36 -!- newl_ [~newl@97.75.165.156] has joined #openvpn 17:37 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 17:37 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 17:38 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 17:38 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 17:39 -!- Denial [~Denial@drgi.co.uk] has quit [] 17:40 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 17:40 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 17:42 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 17:42 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 17:44 <@vpnHelper> RSS Update - forum: openvpn not forwarding traffic to tap0 17:46 -!- mode/#openvpn [+o krzee] by ChanServ 17:47 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 17:47 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 17:47 -!- mode/#openvpn [+b *!*Zimsky@rozznet.net] by krzee 17:47 <@krzee> (just temp to stop his rejoin / flood cycle) 18:09 -!- Crumbz [~Crumbz@host-89-240-241-45.as13285.net] has joined #openvpn 18:10 < Crumbz> hey guys, how do i stop stdout spam with killall openvpn 18:10 < Crumbz> i have tried >/dev/null; doesn't work 18:10 < Crumbz> ie: killall openvpn >/dev/null 18:12 -!- Axeman [~Axeman3@openvpn/user/axeman] has left #openvpn ["Leaving"] 18:13 <@krzee> sure its stdout you're seeing? 18:13 <@krzee> more likely stderr 18:14 <@krzee> and btw, youd be seeing killall stdout/stderr with that command, not openvpn 18:15 <@krzee> unless you started openvpn in the foreground and bandgrounded it the unix way instead of the openvpn way, which would keep output going to your terminal 18:15 <@krzee> which would lead to the question, why you doing that? 18:16 -!- SOG [~SOG@168.70.16.99] has quit [Quit: SOG] 18:24 <+EugeneKay> "because the blog post told me to" 18:26 <@vpnHelper> RSS Update - forum: Route problems in Windows 7/2008 18:39 < Crumbz> krzee, why am i backgrounding it the unix way? i didn't think it made a difference.. 18:41 <@krzee> you using & to background? 18:41 < Crumbz> krzee, yes, shouldn't i? 18:41 <@krzee> --daemon 18:42 <@krzee> and if it was the same, how did i know you were doing that? 18:42 <@krzee> ;] 18:43 < Crumbz> krzee, okok, really, what is the difference though? 18:43 < Crumbz> the deamon will restart? 18:44 <@krzee> & doesnt stop the output from coming to your window 18:44 <@krzee> it also keeps the process depending on your terminal 18:44 <@krzee> close the terminal, you closed openvpn 18:45 <@krzee> basically, & wasnt made for what you're using it for, but openvpn has --daemon, which was made for it 18:45 <@krzee> !man 18:45 <@vpnHelper> "man" is (#1) http://openvpn.net/man for 2.0 manual or (#2) http://openvpn.net/man-beta.html for 2.1 manual or (#3) http://openvpn.net/index.php/open-source/documentation/manuals/427-openvpn-22.html for 2.2 manual or (#4) the man pages are your friend! 18:46 <@krzee> -daemon [progname] 18:46 <@krzee> Become a daemon after all initialization functions are completed. This option will cause all message and error output to be sent to the syslog file (such as /var/log/messages), except for the output of shell scripts and ifconfig commands, which will go to /dev/null unless otherwise redirected. The syslog redirection occurs immediately at the point that --daemon is parsed on the command line even though the daemonization point occurs later. I 18:46 <@krzee> f one of the --log options is present, it will supercede syslog redirection. 18:46 <@krzee> The optional progname parameter will cause OpenVPN to report its program name to the system logger as progname. This can be useful in linking OpenVPN messages in the syslog file with specific tunnels. When unspecified, progname defaults to "openvpn". 18:46 <@krzee> When OpenVPN is run with the --daemon option, it will try to delay daemonization until the majority of initialization functions which are capable of generating fatal errors are complete. This means that initialization scripts can test the return status of the openvpn command for a fairly reliable indication of whether the command has correctly initialized and entered the packet forwarding event loop. 18:46 <@krzee> In OpenVPN, the vast majority of errors which occur after initialization are non-fatal. 18:50 < Crumbz> krzee, thanks, helpful. can i just put it in the config as 'daemon' ? 18:50 <@krzee> yep 18:50 <@krzee> !-- 18:50 <@vpnHelper> "--" is OpenVPN allows any option to be placed either on the command line or in a configuration file. Though all command line options are preceded by a double-leading-dash ("--"), this prefix must be removed when an option is placed in a configuration file. 18:51 -!- krzie [nobody@openvpn/community/support/krzee] has quit [Quit: This computer has gone to sleep] 18:56 < Crumbz> krzee, thanks mate. I know your name from somewhere btw.. ;) 18:56 <@krzee> np, cool, know where? 18:58 < Crumbz> I don't know.. irc afaik, maybe gentoo/bash/archlinux? 19:00 < Crumbz> krzee, probably here.. :) 19:11 -!- newl_ [~newl@97.75.165.156] has quit [Quit: leaving] 19:15 <@krzee> could be any of them 19:17 <@vpnHelper> RSS Update - forum: Windows 7 x64, routing, DHCP and a unstable VPN 19:22 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Ping timeout: 252 seconds] 19:23 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 19:24 -!- tekzilla [~jon@hmbg-4d069783.pool.mediaWays.net] has quit [Ping timeout: 248 seconds] 19:25 -!- corretico [~luis@190.211.93.11] has joined #openvpn 19:26 -!- tekzilla [~jon@hmbg-4d06cd90.pool.mediaWays.net] has joined #openvpn 19:28 <@vpnHelper> RSS Update - forum: Official Android App 19:40 <@vpnHelper> RSS Update - forum: Can OpenVPN be installed on Windows Server Core (no GUI)? 19:43 -!- gremly [~gremly@200.106.218.64] has joined #openvpn 19:48 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Ping timeout: 252 seconds] 19:52 -!- _julian [~quassel@hmbg-4d06c380.pool.mediaWays.net] has joined #openvpn 19:55 -!- _julian_ [~quassel@hmbg-4d069556.pool.mediaWays.net] has quit [Ping timeout: 276 seconds] 20:08 -!- Gravitron [~admin@64.93.227.97] has joined #openvpn 20:08 -!- Gravitron [~admin@64.93.227.97] has quit [Changing host] 20:08 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 20:12 -!- Gravitro_ [~admin@69.163.40.45] has joined #openvpn 20:13 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Ping timeout: 276 seconds] 20:33 <+dvl> anyone tried OpenVPN in a FreeBSD jail? It sounds useful for adminstrative purposes. 20:33 -!- Essobi [~Essobi@74-128-55-37.dhcp.insightbb.com] has quit [Read error: Connection reset by peer] 20:39 -!- Essobi [~Essobi@74-128-55-37.dhcp.insightbb.com] has joined #openvpn 20:47 <@vpnHelper> RSS Update - forum: How to increase openvpn tunnel speed or performance 20:48 -!- Gravitro_ [~admin@69.163.40.45] has quit [Ping timeout: 245 seconds] 21:01 -!- Crumbz [~Crumbz@host-89-240-241-45.as13285.net] has quit [Remote host closed the connection] 21:10 -!- hilarie [~freenode@95.211.150.180] has quit [Quit: hilarie] 21:41 -!- Gravitron [~admin@64.93.226.162] has joined #openvpn 21:41 -!- Gravitron [~admin@64.93.226.162] has quit [Changing host] 21:41 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 21:46 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Ping timeout: 276 seconds] 21:49 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 21:51 <@vpnHelper> RSS Update - forum: need help on installing old program on windows 7 21:52 -!- Gravitro_ [~admin@69.163.40.45] has joined #openvpn 21:53 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Ping timeout: 255 seconds] 22:10 -!- Gravitro_ [~admin@69.163.40.45] has quit [Ping timeout: 240 seconds] 22:14 -!- Gravitron [~admin@69.163.40.45] has joined #openvpn 22:14 -!- Gravitron [~admin@69.163.40.45] has quit [Changing host] 22:14 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 22:26 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Ping timeout: 240 seconds] 22:27 -!- Gravitron [~admin@69.163.40.45] has joined #openvpn 22:27 -!- Gravitron [~admin@69.163.40.45] has quit [Changing host] 22:27 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 22:32 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Ping timeout: 240 seconds] 22:51 -!- gremly [~gremly@200.106.218.64] has quit [Quit: WeeChat 0.3.6] 22:52 -!- X0Rc0re [~chatzilla@58-7-243-182.dyn.iinet.net.au] has joined #openvpn 23:01 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 23:13 -!- MeanderingCode_ [~Meanderin@97-123-15-175.albq.qwest.net] has joined #openvpn 23:13 -!- MeanderingCode_ [~Meanderin@97-123-15-175.albq.qwest.net] has quit [Remote host closed the connection] 23:14 -!- MeanderingCode [~Meanderin@97-123-13-2.albq.qwest.net] has quit [Ping timeout: 252 seconds] 23:14 <@vpnHelper> RSS Update - forum: OpenVPN Clients Automation 23:21 -!- krzie [nobody@openvpn/community/support/krzee] has joined #openvpn 23:24 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 23:31 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 23:34 -!- X0Rc0re [~chatzilla@58-7-243-182.dyn.iinet.net.au] has quit [Quit: ChatZilla 0.9.88 [Firefox 8.0.1/20111120135848]] --- Day changed Tue Jan 17 2012 00:00 -!- nonotza [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has quit [Quit: nonotza] 00:01 -!- nonotza [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has joined #openvpn 00:02 -!- nonotza [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has quit [Client Quit] 00:23 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 00:26 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 00:31 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 00:34 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 00:37 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has quit [Read error: Connection reset by peer] 00:39 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 00:40 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 00:42 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 00:44 -!- mattock [~samuli@openvpn/corp/admin/mattock] has left #openvpn [] 00:50 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has joined #openvpn 00:57 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 01:01 <@vpnHelper> RSS Update - forum: Windows 7 x64, routing, DHCP and a unstable VPN 01:23 -!- Autoeth [~nguyendp0@ip98-165-34-222.ph.ph.cox.net] has joined #openvpn 01:56 -!- rasyid7 [~3333@69.163.36.67] has quit [Ping timeout: 240 seconds] 01:56 -!- rasyid7 [~3333@183.78.51.185] has joined #openvpn 01:58 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Quit: UnterPerro lives to save another day] 02:03 -!- Cybert1nus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has joined #openvpn 02:04 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 02:04 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has quit [Ping timeout: 260 seconds] 02:12 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 02:14 -!- bigpaws [~bigpaws@c-68-37-125-150.hsd1.nj.comcast.net] has quit [Ping timeout: 240 seconds] 02:16 -!- bigpaws [~bigpaws@c-68-37-125-150.hsd1.nj.comcast.net] has joined #openvpn 02:22 -!- p3rror [~mezgani@41.250.235.173] has quit [Ping timeout: 260 seconds] 02:29 -!- skynet-2000 [SkyNet-200@gateway/shell/trekweb.org/x-jtbslgsopdmxqotx] has joined #openvpn 02:30 -!- Azrael808 [~peter@212.161.9.162] has joined #openvpn 02:37 < hyper_ch> hmmm, mounting the same partition in multiple locations on the filesystem shouldn't do any damage, right? 02:37 <@vpnHelper> RSS Update - forum: Broadcasts using tun 02:41 -!- epsilon [textblase@raid1.net] has joined #openvpn 03:13 -!- Denial [Denial@drgi.co.uk] has joined #openvpn 03:20 < hyper_ch> krzee: http://www.raspberrypi.org/archives/553 03:20 <@vpnHelper> Title: Slashdot video interview with Eben | Raspberry Pi (at www.raspberrypi.org) 03:36 <@vpnHelper> RSS Update - forum: Windows 7 x64, routing, DHCP and a unstable VPN || Stainless cookware with copper bottom 03:37 < epsilon> how do i open a vpn connection without typing password on clientside? I want a client (debian/openvpn) to log on server (also debian) on boot automatically without any further interaction 03:37 <+EugeneKay> SSL key password or client-auth password? 03:38 <+EugeneKay> s/client-auth/auth-user-pass-verify/ 03:44 < epsilon> not sure which one... I create keys with build-key-server amd -pass 03:57 -!- Autoeth [~nguyendp0@ip98-165-34-222.ph.ph.cox.net] has quit [Quit: jIRCii - http://www.oldschoolirc.com] 04:00 <@vpnHelper> RSS Update - forum: tls-server and explicit-exit-notify 04:06 <@vpnHelper> RSS Update - forum: openvpn not forwarding traffic to tap0 || How to increase openvpn tunnel speed or performance 04:08 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has joined #openvpn 04:18 <@vpnHelper> RSS Update - forum: OpenVPN forwards client's public IP || Routed OpenVPN between two subnets 04:22 -!- master_of_master [~master_of@p57B52E94.dip.t-dialin.net] has quit [Ping timeout: 252 seconds] 04:24 -!- master_of_master [~master_of@p57B52184.dip.t-dialin.net] has joined #openvpn 04:30 <@vpnHelper> RSS Update - forum: OpenVPN forwards client's public IP 04:31 -!- mattock [~samuli@openvpn/corp/admin/mattock] has joined #openvpn 04:31 -!- mode/#openvpn [+o mattock] by ChanServ 04:36 -!- dazo_afk is now known as dazo 04:37 -!- MarKsaitis [~MarKsaiti@88.96.60.78] has joined #openvpn 04:40 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 04:42 -!- p3rror [~mezgani@41.205.221.206] has joined #openvpn 04:43 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 04:47 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 04:47 <@vpnHelper> RSS Update - forum: OpenVPN forwards client's public IP || Would it be secure to enter your credit card online over a V 04:51 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 04:52 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 04:54 <@vpnHelper> RSS Update - forum: no access to server || Windows 7 x64, routing, DHCP and a unstable VPN 05:00 <@vpnHelper> RSS Update - forum: no access to server || Would it be secure to enter your credit card online over a V 05:12 < epsilon> I assigned a subnet like 192.168.10.0/24 to the server and the client get an ip from that range... but who is actually playing the "dhcpd"? and can I assign fix IP on client-side? 05:24 <+EugeneKay> The openvpn process hands out IPs from the pool you specified. 05:24 <+EugeneKay> !static 05:24 <@vpnHelper> RSS Update - forum: --inactive-tcp --inactive-udp --inactive-ip --inactive-nonip 05:24 <@vpnHelper> "static" is (#1) use --ifconfig-push in a ccd entry for a static ip for the vpn client or (#2) example in net30 (default): ifconfig-push 10.8.0.6 10.8.0.5 example in subnet (see !topology) or tap (see !tunortap): ifconfig-push 10.8.0.5 255.255.255.0 or (#3) also see !ccd and !iporder 05:24 <+EugeneKay> Use ^^ to gie out static IPs per-client(based upon the common-name on the certificate) 05:35 -!- Haraken [~ryuk@unaffiliated/haraken] has quit [Ping timeout: 248 seconds] 05:37 -!- openbsdnoob [~openbsdno@88.79.221.61] has quit [Ping timeout: 248 seconds] 05:37 -!- WebDawg [~WebDawg@officialg0d.com] has quit [Ping timeout: 248 seconds] 05:38 -!- pwrcycle [~pwrcycle@unaffiliated/pwrcycle] has quit [Ping timeout: 248 seconds] 05:38 -!- openbsdnoob [~openbsdno@88.79.221.61] has joined #openvpn 05:38 -!- pwrcycle [~pwrcycle@173.214.160.92] has joined #openvpn 05:39 -!- Brownout_ [~brownout@wikimedia/brownout] has joined #openvpn 05:39 -!- Haraken [~ryuk@unaffiliated/haraken] has joined #openvpn 05:40 -!- [1]SigmaProjects [~SigmaProj@cpe-66-75-87-13.socal.res.rr.com] has joined #openvpn 05:40 -!- WebDawg [~WebDawg@officialg0d.com] has joined #openvpn 05:40 -!- Brownout [~brownout@wikimedia/brownout] has quit [Ping timeout: 248 seconds] 05:43 -!- SigmaProjects [~SigmaProj@cpe-66-75-87-13.socal.res.rr.com] has quit [Ping timeout: 248 seconds] 05:43 -!- [1]SigmaProjects is now known as SigmaProjects 06:24 <@vpnHelper> RSS Update - forum: Broadcasts using tun 06:25 -!- nixusr [~nixusr@205.185.121.60] has joined #openvpn 06:25 -!- nixusr [~nixusr@205.185.121.60] has quit [Changing host] 06:25 -!- nixusr [~nixusr@unaffiliated/nixusr] has joined #openvpn 06:26 -!- nixusr [~nixusr@unaffiliated/nixusr] has quit [Read error: Connection reset by peer] 06:30 <@vpnHelper> RSS Update - forum: Broadcasts using tun 06:39 -!- gremly [~gremly@200.106.218.64] has joined #openvpn 06:49 -!- amir [~amir@unaffiliated/amir] has quit [Remote host closed the connection] 06:54 <@vpnHelper> RSS Update - forum: Website Audit: What Really is It? 06:58 -!- Brownout_ [~brownout@wikimedia/brownout] has left #openvpn [] 07:00 <@vpnHelper> RSS Update - forum: need help on installing old program on windows 7 07:12 -!- APTX [APTX@unaffiliated/aptx] has quit [Remote host closed the connection] 07:12 <@vpnHelper> RSS Update - forum: any way to have log of users?? 07:13 -!- APTX [APTX@unaffiliated/aptx] has joined #openvpn 07:17 -!- p3rror [~mezgani@41.205.221.206] has quit [Ping timeout: 272 seconds] 07:24 -!- rasyid7 [~3333@183.78.51.185] has quit [Read error: Connection reset by peer] 07:24 -!- rasyid7 [~3333@69.163.36.67] has joined #openvpn 07:27 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has quit [Ping timeout: 272 seconds] 07:30 <@vpnHelper> RSS Update - forum: any way to have log of users?? 07:32 -!- p3rror [~mezgani@41.137.254.45] has joined #openvpn 07:49 -!- p3rror [~mezgani@41.137.254.45] has quit [Read error: Operation timed out] 08:01 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 08:02 -!- p3rror [~mezgani@41.205.221.206] has joined #openvpn 08:06 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 08:18 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Quit: Rolybrau] 08:20 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 08:22 -!- p3rror [~mezgani@41.205.221.206] has quit [Ping timeout: 244 seconds] 08:25 <@vpnHelper> RSS Update - forum: Broadcasts using tun 08:26 -!- MarKsaitis [~MarKsaiti@88.96.60.78] has quit [Ping timeout: 248 seconds] 08:26 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 08:27 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has joined #openvpn 08:29 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 08:31 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 08:34 -!- buntfalke [~nobody@unaffiliated/buntfalke] has joined #openvpn 08:34 -!- amir [~amir@unaffiliated/amir] has joined #openvpn 08:34 -!- Khas [~Khas@ewangunn.com] has joined #openvpn 08:35 < Khas> Hello. I've set the netmask to be /24, but all the clients receive a /30 netmask. Do I have to set the netmask anywhere else? Cause at the moment the clients can't see each other :-( 08:36 <@dazo> Khas: you're using tun mode? 08:37 <@dazo> Khas: if so, have a look at --topology in the man page 08:37 < Khas> tun is layer 3, right? 08:37 < Khas> I always get them confused :-D 08:37 <@dazo> !tunortap 08:37 <@vpnHelper> "tunortap" is (#1) you ONLY want tap if you need to pass layer2 traffic over the vpn (traffic destined for a MAC address). If you are using IP traffic you want tun. Dont waste the extra overhead. or (#2) and if your reason for wanting tap is windows shares, see !wins or (#3) also remember that if someone gets access to any side of a tap vpn they can use layer2 attacks like arp poisoning against you over the 08:37 <@vpnHelper> vpn or (#4) lan gaming? use tap! 08:37 < rob0> !/30 08:37 <@vpnHelper> "/30" is (#1) http://openvpn.net/index.php/open-source/faq/77-server/273-qifconfig-poolq-option-use-a-30-subnet-4-private-ip-addresses-per-client-when-used-in-tun-mode.html (sorry for the long link, they wont fix the anchors) explains why routed clients each use 4 ips or (#2) you can avoid this behavior by reading !topology or (#3) so by default, first client is .6, then .10 .14 .18 etc etc or (#4) use 08:37 <@dazo> Khas: yeah, tun is layer 3 (I had to double check ^^^) 08:37 <@vpnHelper> openvpn --show-valid-subnets to see the subnets you can use in net30 08:40 < Khas> Haha it is for windows shares, but I'm just used to addressing by either hostname or ip, neither of which works. 08:40 < Khas> Well, not just windows shares. 08:40 < Khas> I just want them all on the same subnet 08:41 < Khas> So it's best to use tap, if I want to set it up for lan gaming too. 08:42 < Khas> And let the server dish out the IPs 08:47 <@vpnHelper> RSS Update - forum: Which one better 08:48 -!- Axeman [~Axeman3@198.105.46.46] has joined #openvpn 08:48 -!- Axeman [~Axeman3@198.105.46.46] has quit [Changing host] 08:48 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 08:48 -!- mode/#openvpn [+v Axeman] by ChanServ 08:50 -!- JackWinter2 [~jack@ppp-289.vo.lu] has quit [Quit: Konversation terminated!] 08:53 -!- JackWinter [~jack@ppp-289.vo.lu] has joined #openvpn 08:57 -!- p3rror [~mezgani@41.137.254.45] has joined #openvpn 09:07 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has joined #openvpn 09:11 -!- rasyid7 [~3333@69.163.36.67] has quit [Remote host closed the connection] 09:12 -!- rasyid7 [~3333@69.163.36.67] has joined #openvpn 09:13 -!- Gravitron [~admin@64.93.145.58] has joined #openvpn 09:13 -!- Gravitron [~admin@64.93.145.58] has quit [Changing host] 09:13 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 09:58 -!- bigpaws [~bigpaws@c-68-37-125-150.hsd1.nj.comcast.net] has quit [Ping timeout: 240 seconds] 09:58 <@vpnHelper> RSS Update - forum: Hardware requirments for 7000 users works over OpenVpn SRV 09:59 -!- bigpaws [~bigpaws@c-68-37-125-150.hsd1.nj.comcast.net] has joined #openvpn 10:04 -!- druid [~druid@unaffiliated/druid] has joined #openvpn 10:04 < druid> Hi 10:05 < druid> Can someone tell me what would be the impact in terms of cpu etc on a server for an openvpn server with one connection? 10:05 < druid> i know it might be a bit vague but... 10:06 < rob0> anywhere from minimal to overwhelming, depending how much traffic you push through it 10:08 < rob0> The choice of cipher can make a difference too, as can other settings. 10:09 -!- Nebukadneza [~Nebukadne@h1749472.stratoserver.net] has joined #openvpn 10:09 < Nebukadneza> heho 10:10 < Nebukadneza> i've problems migrating a old openvpn config/connection to a new p-t-p ip of the other side. using this config: http://nopaste.ghostdub.de/?491 openvpn somehow adds routes to 10.8.0.2 upon connect (10.8.0.6 is the correct ptp partner ip) 10:14 -!- Khas [~Khas@ewangunn.com] has quit [Ping timeout: 248 seconds] 10:27 < ecrist> !welcome 10:27 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 10:30 -!- dazo is now known as dazo_afk 10:32 < rob0> druid, an unsolicited PM is very rude. People who want support outside of the channel must be willing to pay for that support. 10:37 < Nebukadneza> !logs 10:37 <@vpnHelper> "logs" is (#1) is please pastebin your logfiles from both client and server with verb set to 5 or (#2) In Tunnelblick, right-click and select copy to copy log text to clipboard. 10:38 < Nebukadneza> !configs 10:38 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries 10:38 < Nebukadneza> !interface 10:38 <@vpnHelper> "interface" is (#1) paste interface configuration from both client and server, while being disconnected and when beeing connected. Be sure to also add the routing tables for both situations from client and from server or (#2) in windows: ipconfig /all - unix: ifconfig -a , and for routing tables: netstat -rn 10:38 < Nebukadneza> thhanks, one sec ;) 10:38 -!- dazo_afk is now known as dazo 10:40 -!- skynet-2000 is now known as skynet 10:40 -!- skynet is now known as Guest11006 10:51 -!- gui113 [~gu1113m0@gondolin.uc3m.es] has joined #openvpn 10:51 < druid> rob0: the only thing that is rude is to write that in the cannel instead of simply saying that in the private message i sent 10:51 < druid> i didn't think it was a problem, i didn't think you could be such a douche. 10:51 < druid> *channel 10:53 < rob0> http://sweet.nodns4.us/ might help, and at that, I am done. 10:53 <@vpnHelper> Title: S.W.E.E.T.: Stop Wasting Everyone Else's Time (at sweet.nodns4.us) 10:54 < druid> i'm used to irc which doesn't mean i have to agree with your site 10:54 < druid> if anybody come and ask me questions in private, if i have problems with that i'll tell him in the private message 10:54 < druid> because i'm civilized 10:54 < druid> you're not 10:59 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has quit [Ping timeout: 240 seconds] 11:01 -!- gui113 [~gu1113m0@gondolin.uc3m.es] has left #openvpn ["Saliendo"] 11:01 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Quit: Textual IRC Client: http://www.textualapp.com/] 11:01 -!- Gravitron [~admin@64.93.145.58] has joined #openvpn 11:01 -!- Gravitron [~admin@64.93.145.58] has quit [Changing host] 11:01 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 11:02 -!- Kateon [482392@xs8.xs4all.nl] has quit [Ping timeout: 252 seconds] 11:02 -!- cherwin [1776628@xs8.xs4all.nl] has quit [Ping timeout: 252 seconds] 11:02 < Nebukadneza> phew, gathered all the info -> http://nopaste.ghostdub.de/?496 11:02 -!- Kateon [~user@xs8.xs4all.nl] has joined #openvpn 11:03 < Nebukadneza> i am able to initialize the openvpn connection, i can ping the point2point partner, the routes seem to be pushed and set correctly, however... i can't seem to reach the net on the other side (or, for that matter, even the other box itself with its own lan ip) 11:03 < Nebukadneza> (i also somehow miss the learn: messages for those ips when i ping them?) 11:06 < Nebukadneza> (it also seems that the client (10.8.0.2 // 172.19.10.74) can ping the server (10.8.0.1 // 192.168.0.1) on its lan-ip (192.168.0.1)) 11:07 -!- Kateon [~user@xs8.xs4all.nl] has quit [Ping timeout: 252 seconds] 11:08 -!- cherwin [~cherwin@xs8.xs4all.nl] has joined #openvpn 11:09 -!- Kateon [~user@xs8.xs4all.nl] has joined #openvpn 11:10 < rob0> Nebukadneza, would have been easier without all those comments, like the factoid said. 11:11 < Nebukadneza> oh, overread that, sorry :/ 11:11 < Nebukadneza> should i re-paste? 11:11 < rob0> I can't wade through it all, using lynx here. 11:11 < ecrist> druid: what are you carrying on about? 11:15 < ecrist> channel policy, as is typical of support channels on IRC, is to keep everything in-channel. 11:16 < ecrist> unsolicited PMs are not OK 11:16 < ecrist> rob0 was not out of line calling you out, and most here likely wouldn't have noticed you being chastised if it wasn't for your own efforts to continue the argument. 11:18 -!- scampbell [~scampbell@c-98-224-240-62.hsd1.mi.comcast.net] has joined #openvpn 11:21 -!- APTX [APTX@unaffiliated/aptx] has quit [Read error: Connection reset by peer] 11:22 -!- APTX [APTX@unaffiliated/aptx] has joined #openvpn 11:25 < Nebukadneza> d'oh 11:25 < Nebukadneza> missed a iroute in the clients ccd 11:26 < rob0> heh, cool, you found it :) 11:26 < Nebukadneza> tinkering quite a bit ;) 11:26 < rob0> the process of making a good pastebin always helps :) 11:26 < Nebukadneza> thanks nonetheless! :) 11:26 < ecrist> most here, aside from me, aren't assholes. ;) 11:27 <+EugeneKay> Your mother is a hamster and your father smells of elderberries. 11:27 < Nebukadneza> lol 11:27 < rob0> I'm definitely not an asshole! I have it on good authority that I am a douche. ;) 11:28 < rob0> remember, you read it here first! 11:28 < thumbs> I can vouch for that statement - rob0 IS a douche! :) 11:28 < rob0> haha 11:33 -!- dioz [~dioz@2001:470:d:e3::1] has quit [Read error: Connection reset by peer] 11:34 -!- Azrael808 [~peter@212.161.9.162] has quit [Read error: Operation timed out] 11:38 <@vpnHelper> RSS Update - forum: Computer Repair... 11:40 -!- dioz [~dioz@2001:470:d:e3::1] has joined #openvpn 11:45 <@dazo> but even more importantly, rob0 has merits in helping out people here; quite well too, from what I have seen 11:47 < rob0> aww, thanks guys 11:47 < rob0> your support is appreciated 11:47 < ecrist> check's in the mail, I'm sure 11:47 <@dazo> heh ... e-mail, I presume :-P 11:47 < rob0> yes, but it's rubber :( 11:53 -!- JackWinter [~jack@ppp-289.vo.lu] has quit [Quit: Konversation terminated!] 11:55 -!- JackWinter [~jack@ppp-289.vo.lu] has joined #openvpn 11:55 <@vpnHelper> RSS Update - forum: Help with Start-Up Error 11:56 -!- DarthGandalf [~Vetinari@znc/developer/DarthGandalf] has left #openvpn ["Once you know what it is you want to be true, instinct is a very useful device for enabling you to know that it is"] 11:57 -!- MeanderingCode [~Meanderin@97-123-15-175.albq.qwest.net] has joined #openvpn 11:58 -!- agagag_ [~anton@eudaimonia.goto10.org] has quit [Ping timeout: 244 seconds] 12:02 <@vpnHelper> RSS Update - forum: Trying to compile the tap driver source code 12:03 -!- APTX [APTX@unaffiliated/aptx] has quit [Read error: Connection reset by peer] 12:06 -!- APTX [APTX@unaffiliated/aptx] has joined #openvpn 12:06 -!- agagag [~anton@eudaimonia.goto10.org] has joined #openvpn 12:09 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 12:09 -!- gremly [~gremly@200.106.218.64] has quit [Quit: WeeChat 0.3.6] 12:12 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 12:18 -!- oc80z [oc80z@blea.ch] has quit [Excess Flood] 12:18 -!- openbsdnoob [~openbsdno@88.79.221.61] has left #openvpn [] 12:19 -!- oc80z [oc80z@blea.ch] has joined #openvpn 12:20 -!- openbsdnoob [~openbsdno@88.79.221.61] has joined #openvpn 12:30 -!- pwrcycle [~pwrcycle@173.214.160.92] has quit [Changing host] 12:30 -!- pwrcycle [~pwrcycle@unaffiliated/pwrcycle] has joined #openvpn 12:36 <@vpnHelper> RSS Update - forum: one Public IP => multiple VLANs (one per department) 12:43 -!- hkais [~xenoadmin@82.113.119.229] has joined #openvpn 12:44 < hkais> hello all 12:44 < hkais> !welcome 12:44 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 12:47 -!- koaschten [~koaschten@31-16-0-231-dynip.superkabel.de] has joined #openvpn 12:50 < koaschten> Anyone got a tip where to look if i can ping but not traceroute from one to another bridged end of vpn-connected network? e.g. i split my 192.168.0.0/24 network into 100-150 and 200 to 250, i can ping from .123 to .234 and vice versa but i cant traceroute 13:00 <@vpnHelper> RSS Update - forum: Change Tray Icon In OpenVPN Connect Client? 13:00 <+EugeneKay> !firewall 13:00 <@vpnHelper> "firewall" is (#1) please see http://openvpn.net/man#lbBD for more info or (#2) see http://www.secure-computing.net/wiki/index.php/OpenVPN/Firewall for brief notes on disabling firewall rulesets. 13:01 < koaschten> EugeneKay I already figured it out, trying to traceroute the same device is stupid ;) it works fine, i tried to trace from the routers shell which wasn't really clever 13:02 <+EugeneKay> ;-) 13:02 <+EugeneKay> Traceroute is a funky one because windows and *nix implementations are wildly different, and firewalled differently. 13:03 < koaschten> And i can actually print across the vpn too, which is awesome considering i only played around with dd-wrt and openvpn for 3 hours now. 13:03 < koaschten> it's pretty straightforward and changed positively in the last 2 years since i had a look at it. 13:04 -!- win5hit [~Winshit@HSI-KBW-46-223-5-242.hsi.kabel-badenwuerttemberg.de] has joined #openvpn 13:06 <@vpnHelper> RSS Update - forum: When will v6 server be supported? 13:06 <+EugeneKay> Glad to hear it. 13:07 < win5hit> hi there, i've got a question not directly concerning openvpn. i'm trying to write a little program that uses some kind of smartcard to store the private key of a openvpn user. 13:08 -!- corretico [~luis@190.211.93.11] has quit [Remote host closed the connection] 13:08 <+EugeneKay> Never touched it. IIRC, there's a bit on it in the howto 13:08 < win5hit> but im not sure how to handle the public key of the ca that signed the ca. as far as i understand there is no need to store it safely? i mean... its the public key 13:09 < Olipro> correct 13:09 <+EugeneKay> Public keys and certs are public. Keep them in a .crt somewhere. 13:09 < Olipro> actually, the public key of the CA is required for verifying the signature 13:11 < win5hit> when i "export" the cacertificate from a p12 with openssl i have to enter a PEM pass phrase... is it optional or why would i set a password for a public key 13:11 < koaschten> it's an optional security measure which probably was set during creation? 13:11 <@vpnHelper> RSS Update - forum: Computer Repair... 13:14 < win5hit> going to read the man of openssl... 13:15 -!- dazo is now known as dazo_afk 13:17 -!- win5hit [~Winshit@HSI-KBW-46-223-5-242.hsi.kabel-badenwuerttemberg.de] has left #openvpn ["PING 1326827853"] 13:24 < hkais> hello all 13:24 < hkais> how can I setup openvpn to work with VLANs? 13:32 -!- p3rror [~mezgani@41.137.254.45] has quit [Read error: Operation timed out] 13:36 <@vpnHelper> RSS Update - forum: Failover/redundancy scenario 13:41 -!- JPeterson [HydraIRC@s213-103-209-64.cust.tele2.se] has quit [Read error: Connection reset by peer] 13:41 <+EugeneKay> Olipro - you owe me a Xmas present http://www.ebay.com/itm/220916597331 13:41 <@vpnHelper> Title: SuperMicro 6015B Server Dual (2x) Intel Quad Core Xeon 1.86Ghz, 16GB, 160Gb | eBay (at www.ebay.com) 13:42 -!- cjs226 [~cjs226@rrcs-71-40-79-154.sw.biz.rr.com] has joined #openvpn 13:42 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has joined #openvpn 13:45 -!- JPeterson [~JPeterson@s213-103-209-64.cust.tele2.se] has joined #openvpn 13:50 -!- Axeman [~Axeman3@openvpn/user/axeman] has left #openvpn ["Leaving"] 13:51 -!- MeanderingCode [~Meanderin@97-123-15-175.albq.qwest.net] has quit [Read error: Connection reset by peer] 13:52 -!- JPeterson [~JPeterson@s213-103-209-64.cust.tele2.se] has quit [Read error: Connection reset by peer] 14:00 -!- JPeterson [HydraIRC@s213-103-209-64.cust.tele2.se] has joined #openvpn 14:00 -!- MeanderingCode [~Meanderin@97-123-15-175.albq.qwest.net] has joined #openvpn 14:06 -!- druid [~druid@unaffiliated/druid] has left #openvpn ["Once you know what it is you want to be true, instinct is a very useful device for enabling you to know that it is"] 14:06 <@vpnHelper> RSS Update - forum: Routing Client Traffic Through The Server 14:08 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has quit [] 14:09 -!- buntfalke [~nobody@unaffiliated/buntfalke] has quit [] 14:12 -!- hkais [~xenoadmin@82.113.119.229] has quit [Ping timeout: 240 seconds] 14:16 -!- star314 [~star314@starnet1.sinh.us] has joined #openvpn 14:30 -!- Crumbz [~Crumbz@host-2-96-27-163.as13285.net] has joined #openvpn 14:32 -!- KaiForce [~chatzilla@adsl-70-228-66-236.dsl.akrnoh.ameritech.net] has joined #openvpn 14:34 -!- star314 [~star314@starnet1.sinh.us] has quit [Quit: Leaving] 14:36 <@vpnHelper> RSS Update - forum: Can't connect - Having a hard time with this 15:06 -!- hkais [~xenoadmin@stgt-5f701ab1.pool.mediaWays.net] has joined #openvpn 15:18 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Quit: Computer has gone to sleep.] 15:18 <@vpnHelper> RSS Update - forum: OpenVPN/OpenWRT routing issues 15:26 -!- Mowi [~Mowi@lendabrain.net] has quit [Quit: I don't discriminate, I hate everyone.] 15:28 -!- Mowee [~Mowi@lendabrain.net] has joined #openvpn 15:31 <@vpnHelper> RSS Update - forum: OpenVPN/OpenWRT routing issues 15:47 -!- Araluccl0 [~lallo@151.77.69.93] has joined #openvpn 15:52 < Araluccl0> hi, can anyone help me (complete newbie) Im trying to route my client traffic thru openvpn server... I just added push "redirect-gateway def1" and push "dhcp-option DNS 10.8.0.1" on my server.conf (10.8.0.1) traffic seems to route but browser doesnt open sites on my server... btw I just realized that on server ping -i tap0 www.xxxx.com dosnt work... so I guess route works but dns on tap0 doesnt? 15:53 -!- KaiForce [~chatzilla@adsl-70-228-66-236.dsl.akrnoh.ameritech.net] has quit [Quit: ChatZilla 0.9.88 [Firefox 8.0.1/20111120135848]] 15:53 < Araluccl0> err: I meant browser doesnt open sites on my client 15:53 < Araluccl0> err2: ping -I 15:54 <@krzee> !redirect 15:54 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns 15:54 <@krzee> !linnat 15:54 <@vpnHelper> "linnat" is (#1) for a basic iptables NAT where 10.8.0.x is the vpn network: iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE or (#2) to choose what IP address to NAT as, you can use iptables -t nat -I POSTROUTING -o eth0 -j SNAT --to or (#3) http://netfilter.org/documentation/HOWTO//NAT-HOWTO.html for more info or (#4) openvz see !openvzlinnat 15:54 <@vpnHelper> RSS Update - forum: Can't get portforwarding to work 15:54 <@krzee> !linipforward 15:54 <@vpnHelper> "linipforward" is (#1) echo 1 > /proc/sys/net/ipv4/ip_forward for a temp solution (til reboot) or set net.ipv4.ip_forward = 1 in sysctl.conf for perm solution or (#2) chmod +x /etc/rc.d/rc.ip_forward for perm solution in slackware 15:55 < |Mike|> *burp* 15:56 < Araluccl0> I guess I did all ... but ill recheck... thanks 15:56 < Araluccl0> !def1 15:56 <@vpnHelper> "def1" is (#1) used in redirect-gateway, Add the def1 flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. or (#2) please see --redirect-gateway in the man page ( !man ) to fully understand or (#3) push "redirect-gateway def1" 15:57 < Araluccl0> !pushdns 15:57 <@vpnHelper> "pushdns" is (#1) push "dhcp-option DNS a.b.c.d" to push dns to the client or (#2) http://thread.gmane.org/gmane.network.openvpn.user/25139/focus=25147 see that mail archive for some info on pushing dns or (#3) http://article.gmane.org/gmane.network.openvpn.user/25149 for a perm fix via regedit or (#4) in unix you'll use the update-resolv-conf script or (#5) also 15:57 <@vpnHelper> http://comments.gmane.org/gmane.network.openvpn.user/31975 reports --register-dns as fixing their problems pushing DNS to windows 7 15:59 <@krzee> can you ping a ip, like 8.8.8.8 for example 16:01 -!- Araluccl1 [~lallo@151.77.69.93] has joined #openvpn 16:01 -!- Araluccl0 [~lallo@151.77.69.93] has quit [Read error: Connection reset by peer] 16:01 < Araluccl1> I guess I cant be on irc either :) 16:02 < Araluccl1> btw the fact that ping -I tap0 fails maybe can be related 16:02 < Araluccl1> ? 16:02 < Araluccl1> that happenson the server 16:08 <@krzee> you dont need to specify the interface 16:08 <@krzee> the routing table will handle that 16:08 < Araluccl1> well without -I I can ping correctly 16:09 <@krzee> !logs 16:09 <@vpnHelper> "logs" is (#1) is please pastebin your logfiles from both client and server with verb set to 5 or (#2) In Tunnelblick, right-click and select copy to copy log text to clipboard. 16:09 <@krzee> verb 4 is enough 16:09 < Araluccl1> ok...wait a sec pls... I do that 16:11 < Araluccl1> I count get disconnected as soon as I connect to server... but ill come back soon :) 16:11 < Araluccl1> could 16:11 < |Mike|> hf. 16:13 -!- Araluccl0 [~lallo@151.77.69.93] has joined #openvpn 16:13 -!- Araluccl1 [~lallo@151.77.69.93] has quit [Read error: Connection reset by peer] 16:15 < Araluccl0> this is my server log http://pastebin.com/6CQsee0G this is my client log http://pastebin.com/SpygxtTB 16:15 < Araluccl0> verb 5 16:15 < Araluccl0> I hope its useful 16:16 < Araluccl0> I have other clients enabled... client Im testing with is parasbro.casa1 16:17 < Araluccl0> if I remove push redirect def1 and push dns vpn traffic works fine 16:17 < Araluccl0> I have no idea o what is that RwWWRwRwR.... :) 16:17 < |Mike|> fix perms 16:18 <@krzee> |Mike|, huh? 16:18 < Araluccl0> the warnign lines? 16:18 < Araluccl0> warning 16:18 < Araluccl0> about the key 16:18 < Araluccl0> yes I have to... but I guess its not thet th routing problem 16:19 < |Mike|> warnings should be fixed too :) 16:19 < Araluccl0> yes... but its a provate client and server bos ...so they are secur so far :) 16:19 < Araluccl0> boxes 16:19 < |Mike|> True! 16:20 < |Mike|> Hrm, maybe I should read the whole conversation before answering. I feel kinda stupid now haha 16:20 < Araluccl0> Im trying to route all my traffic thru vpn server but it doesnt work :) 16:20 < Araluccl0> client traffic 16:21 < Araluccl0> push redirect def1 and push dns but that breaks my client internet 16:21 < Araluccl0> ...I used them 16:22 < Araluccl0> if I remove them client and server work... but of cause no traffic is redirected 16:24 -!- cjs226 [~cjs226@rrcs-71-40-79-154.sw.biz.rr.com] has quit [] 16:35 -!- Araluccl0 [~lallo@151.77.69.93] has quit [Read error: Connection reset by peer] 16:35 -!- Araluccl0 [~lallo@151.77.69.93] has joined #openvpn 16:35 <@krzee> cat /proc/sys/net/ipv4/ip_forward 16:35 <@krzee> on your server 16:35 <@krzee> tell me the output 16:36 <@krzee> also, iptables -L -t nat 16:36 < |Mike|> 0 or 1 ? ;-) 16:37 < Araluccl0> 1 16:37 <@vpnHelper> RSS Update - forum: Static IP Windows Please 16:37 < Araluccl0> http://pastebin.com/XephWPdH 16:37 < Araluccl0> ots the paste of iptables -L -t nat 16:37 < Araluccl0> its 16:43 <@vpnHelper> RSS Update - forum: Give users access to different individual private networks 16:44 <@krzee> can the client ping 10.8.0.1? 16:45 < Araluccl0> normally yes... I don't know if I can with push options... wait I try (ill get disconencted again) 16:46 -!- Araluccl0 [~lallo@151.77.69.93] has quit [Quit: Anche il discorsismo ha un limitismo.] 16:46 -!- Araluccl0 [~lallo@151.77.69.93] has joined #openvpn 16:47 < Araluccl0> the answer is yes :) Esecuzione di Ping 10.8.0.1 con 32 byte di dati: 16:47 < Araluccl0> Risposta da 10.8.0.1: byte=32 durata=139ms TTL=64 16:48 < Araluccl0> everything inside the vpn seems to work... except access to wan on the client 16:48 -!- Crumbz [~Crumbz@host-2-96-27-163.as13285.net] has quit [Quit: Leaving] 16:48 < Araluccl0> I can paste my configs if that can help 16:48 < Araluccl0> I also have ccd dir... but its empty right now 16:49 <@krzee> sure, like this: 16:49 <@krzee> !configs 16:49 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries 16:50 <@krzee> and you said you cant ping 8.8.8.8 when on the vpn, right? 16:50 <@krzee> or you can, but not with -I 16:50 -!- scampbell [~scampbell@c-98-224-240-62.hsd1.mi.comcast.net] has quit [Remote host closed the connection] 16:51 < Araluccl0> thats the strange ... ping -I venet0 (my eth0) 8.8.8.8 works 16:51 < Araluccl0> ping -I tap0 8.8.8.8 doesnt 16:51 <@krzee> and without -I 16:51 < Araluccl0> it works 16:52 <@krzee> go to whatismyip.com 16:53 < Araluccl0> well... right now... I have client disconnected and have my provider ip... if I try to conenct... I cant connect to any site...so I cant check 16:53 <@krzee> well the ping tests were all while connected, right? 16:53 < Araluccl0> the ping 10.8.0.1 16:53 < Araluccl0> yes 16:54 < Olipro> does tap0 have an assigned address? 16:54 < Araluccl0> anything except vpn ips doesnt work 16:54 < Olipro> ok, I see 16:54 < Olipro> so tap0 has an RFC1918 address 16:54 <@krzee> [14:51] ping -I tap0 8.8.8.8 doesnt 16:54 <@krzee> [14:51] and without -I 16:54 <@krzee> [14:51] it works 16:54 <@krzee> while on the vpn^ ? 16:54 < Olipro> that just means that ping is using a different interface 16:54 < Olipro> quite probably venet0 16:54 < Araluccl0> Link encap:Ethernet HWaddr 16:ff:7a:87:80:41 16:54 < Araluccl0> inet addr:10.8.0.1 Bcast:10.8.0.255 Mask:255.255.255.0 16:55 < Olipro> sounds to me like the VPN server isn't NATting your traffic 16:55 < Araluccl0> it just has a ip6 address (my server is a vps) 16:55 <@krzee> show your routing table after connected 16:55 < Olipro> so... you have a VPN to a server with IPv6 only 16:55 < Olipro> and you expect to be able to route IPv4 traffic through it? 16:55 < Araluccl0> table on server or client? 16:55 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 16:55 < Araluccl0> nope... I have a public ip on vps 16:56 -!- Cybert1nus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has quit [Remote host closed the connection] 16:56 < Araluccl0> this is my server.conf http://pastebin.com/LQf6j1mJ 16:56 < Olipro> and is it configured to NAT traffic from the VPN interface 16:56 < Araluccl0> if it can help 16:56 < Araluccl0> hmm... I have no idea... :) 16:56 < Araluccl0> how can i check 16:56 < Olipro> that would be a "No" then 16:56 < Olipro> OpenVPN has nothing to do with NAT 16:57 < Olipro> what OS is the VPN server running 16:57 < Araluccl0> hmm... no clue... really newbie... about routing 16:57 < Araluccl0> if needed I can paste client.conf too 16:57 < Olipro> no, just answer my question 16:58 < Araluccl0> ubunti 11 16:58 < Olipro> if you can ping the server on the 10.x.x.x address, there is nothing wrong with OpenVPN 16:58 < Araluccl0> ubuntu 16:58 < Araluccl0> I can...from my client 16:58 < Olipro> iptables -t nat -vnL POSTROUTING 16:58 < Araluccl0> without push redirect directives vpn seems to wiork fine 16:59 < Araluccl0> Chain POSTROUTING (policy ACCEPT 1680 packets, 112K bytes) 16:59 < Araluccl0> pkts bytes target prot opt in out source destination 16:59 < Araluccl0> 0 0 MASQUERADE all -- * eth0 10.8.0.0/24 0.0.0.0/0 16:59 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 16:59 < Olipro> eth0 is the interface with the public IP, right? 17:00 < Araluccl0> in ifconfig its not there... I have the usual tap0 + a venet0 but I guss so 17:00 < Olipro> then no, it's not 17:00 < Araluccl0> hmm 17:00 < Olipro> so your MASQUERADE rule is incorrect 17:00 < Araluccl0> oh 17:01 < Araluccl0> ...you could be absolute right... 17:01 < Olipro> iptables -t nat -D POSTROUTING 1 17:01 < Araluccl0> silly me 17:01 <@krzee> Olipro++ 17:01 < Olipro> iptables -t nat -A POSTROUTING -o venet0 -s 10.8.0.0/24 -j MASQUERADE 17:02 < Araluccl0> yes.. thats was probable a big mistake... can I try to reconnect the client now... 17:02 < Araluccl0> if I get disconnected... dont worry..ill come back :) 17:03 < Olipro> sure 17:03 < Olipro> I'd suggest not redirecting routes 17:03 -!- Araluccl1 [~lallo@151.77.69.93] has joined #openvpn 17:03 -!- Araluccl0 [~lallo@151.77.69.93] has quit [Read error: Connection reset by peer] 17:04 < Araluccl1> hehe... I guess it diosnt work.. but it was myerror to correct for sure 17:04 < Araluccl1> I checked while connected... I can ping server form client and vice versa 17:05 < Araluccl1> I can ping public ip fron server...but not from client... BUT from server ping -I tap0 doesnt work 17:06 < Araluccl1> ping -I tap0 8.8.8.8 17:06 < Araluccl1> PING 8.8.8.8 (8.8.8.8) from 10.8.0.1 tap0: 56(84) bytes of data. 17:06 < Araluccl1> dosnt work 17:07 < Araluccl1> ping -I venet0 8.8.8.8 17:07 < Araluccl1> PING 8.8.8.8 (8.8.8.8) from 216.231.135.109 venet0: 56(84) bytes of data. 17:07 < Araluccl1> 64 bytes from 8.8.8.8: icmp_req=1 ttl=55 time=23.6 ms 17:07 < Araluccl1> this one does 17:07 <+EugeneKay> !paste 17:07 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into pastebin or a similar website, or (#2) ie: www.pastebin.ca 17:07 -!- p3rror [~mezgani@41.249.12.201] has joined #openvpn 17:07 < |Mike|> EugeneKay: no need for tbh. Nobody else is chatting :) 17:07 < Araluccl1> sorry if i fllooded 17:08 < Araluccl1> but they were less than 5 :) 17:08 <+EugeneKay> DEVELOPERS DEVELOPERS DEVELOPERS DEVELOPERS DEVELOPERS DEVELOPERS DEVELOPERS DEVELOPERS 17:08 <+EugeneKay> Wait, that's not the right one. 17:08 < |Mike|> badgerbadger? ;-) 17:08 <+EugeneKay> RAH RAH RAH !FACTOID 17:08 <@krzee> wait is |Mike| setting policy now? lol 17:08 < |Mike|> krzee: yes sir! 17:09 <+EugeneKay> In #git I've gotten into the habit of covertly inserting factoids into the bot, then responding in-channel with said factoid for simple requests. 17:09 <+EugeneKay> Much more fun to make it sound like it's a common, simple thing and urdoinitrong 17:09 < Araluccl1> this is my client.conf if can help http://pastebin.com/kKVb5v1b 17:10 <+EugeneKay> Remind me what the problem is, the start of it is lost in my scrollback 17:11 < Araluccl1> Im trying to route my client traffic trhu vpn ip 17:11 < Araluccl1> but if I add push redirect def1 and push dhcp option dns client cant tonnect to wan 17:11 < Araluccl1> if I add them on the server 17:11 < |Mike|> EugeneKay: haha, that rule is evil :D 17:12 <+EugeneKay> If you do it from the client side, you don't use "push" 17:12 < Araluccl1> nope... i put both into server.conf 17:13 <+EugeneKay> Looks like you're doing the ifconfig stuff on the client side, rather than server side? 17:13 < Araluccl1> hmm... 17:13 < Araluccl1> I thought it was correct for tap dev... didnt it? 17:13 <+EugeneKay> dev tap is evil and worthy of a firm beating 17:13 < Araluccl1> it worked without redirect directives 17:14 < |Mike|> krzee: does the bot have a quote function? 17:14 < Araluccl1> at this point im openeed to every solution :) 17:14 <+EugeneKay> Textbook solution is to do dev tun, and have server hand out as much of the config as possible 17:15 < Araluccl1> can tun config handle more that a client subnet? 17:15 <+EugeneKay> Sure. 17:15 < Araluccl1> I have more than a client connected to the server 17:15 < Araluccl1> I thought it was a point to point solution :) 17:16 <+EugeneKay> The tun device itself is, but that's what routes are for. 17:16 < Araluccl1> so one server to one client 17:16 <+EugeneKay> As far as the server is concerned, the whole subnet goes down that tun device(and into openvpn). 17:16 <+EugeneKay> From there it's all openvpn's problem. 17:17 < Araluccl1> hmm... well i guess ill have to modify my config... you think my client and server conf need much customizations? 17:17 < Araluccl1> or just dev tun ? 17:17 <+EugeneKay> Switch to dev tun on both ends, drop the ifconfig on the client side, make sure your ifconfig-pool is right on the server side 17:17 < Araluccl1> ok... wait... :) I try 17:18 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Read error: Operation timed out] 17:18 < Araluccl1> i comment these 2 line on client? 17:18 < Araluccl1> ifconfig 10.8.0.3 255.255.255.0 17:18 < Araluccl1> ifconfig-nowarn 17:19 <+EugeneKay> Yup 17:19 <+EugeneKay> You also don't need tls-client, the --client directive already expands to --pull --tls-client 17:20 < Araluccl1> ok... it didnt disconnected me... so worked... but whatismyiop shows my providerì's ip 17:20 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 17:21 < Araluccl1> but its a start 17:21 <+EugeneKay> logs from the client connection? 17:22 < Araluccl1> http://pastebin.com/9WRHSPRv 17:22 < Araluccl1> its verb 5 17:23 < Araluccl1> wai..im a stupid.. didnt change dev on cloient...sorry 17:23 <+EugeneKay> "since you are using --dev tap" 17:23 <+EugeneKay> Yeah :-p 17:23 <+EugeneKay> And do you have --route-gateway 10.8.0.1 on the server? 17:24 -!- Araluccl0 [~lallo@216.231.135.109] has joined #openvpn 17:25 -!- Araluccl1 [~lallo@151.77.69.93] has quit [Read error: Connection reset by peer] 17:25 -!- Araluccl1 [~lallo@151.77.69.93] has joined #openvpn 17:26 < Araluccl1> hehe... it lasted not for long... 17:26 < Araluccl1> but it did worked... 17:26 < Araluccl1> this is client log http://pastebin.com/dg3zQkuu 17:27 <+EugeneKay> Not seeing why it died 17:28 -!- Araluccl1 [~lallo@151.77.69.93] has quit [Read error: Connection reset by peer] 17:28 -!- Araluccl1 [~lallo@151.77.69.93] has joined #openvpn 17:28 < Araluccl1> hmm.. it works... but I get disconnected after a few minutes... 17:29 -!- Araluccl0 [~lallo@216.231.135.109] has quit [Ping timeout: 252 seconds] 17:29 <+EugeneKay> Is it redirecting properly? 17:29 < Araluccl1> yes...whatismyip showed my vps ip 17:29 <+EugeneKay> Good. ;-) 17:29 < Araluccl1> but it lasts less than 1 minute :) 17:30 <+EugeneKay> That's probably a stateful firewall problem 17:30 < Araluccl1> client side or server side 17:30 < Araluccl1> ? 17:30 <+EugeneKay> Depends. Where are you? 17:30 < Araluccl1> home :D 17:30 <+EugeneKay> I mean, ISP/Geographically 17:30 < Araluccl1> im in italy 17:31 < Araluccl1> vps is usa 17:31 < Araluccl1> I need it for HULU :) 17:31 <+EugeneKay> I don't think Italy has any funky int'l firewall stuff, but I've been wrong before 17:31 < Olipro> they don't 17:31 < Olipro> also, hi, I'm back, how far have you gotten 17:31 < Araluccl1> im pretty sure we dont have 17:31 <+EugeneKay> It's redirecting properly now, but it's dropping the connection 17:31 < Olipro> you don't, as much of a dick as Berlusconi was, you're still part of the EU 17:31 < Araluccl1> I switched from tap to tun 17:32 < Araluccl1> and now everything seems to work... (thansks to EugeneKay) byut...I got disconencted 17:32 <+EugeneKay> I wanna say try TCP, see if it works any better 17:32 < Araluccl1> whatismyip shows vpn ip..but after a minute...connection drops 17:32 < Olipro> TCP in TCP is The Worst. 17:32 < Araluccl1> cool..wait... 17:32 < Araluccl1> oh 17:32 < Olipro> even without Nagle 17:32 <+EugeneKay> Yes, yes, I know. But "the worst" is better than "not at all" 17:32 < Araluccl1> i can try...wait 17:33 <+EugeneKay> If you want a lighter-weigth whatismyip, I recommend http://util.khresear.ch/myip 17:33 <@vpnHelper> Title: What is my IP? (at util.khresear.ch) 17:33 < Olipro> what's wrong with ip4.me 17:33 <+EugeneKay> It doesn't give you the full reverse DNS and forward addresses for your reverse. :-p 17:34 < Olipro> good point 17:34 <+EugeneKay> I should improve the API of that, give JSON as an option 17:35 -!- Araluccl0 [~lallo@216.231.135.109] has joined #openvpn 17:35 -!- Araluccl1 [~lallo@151.77.69.93] has quit [Read error: Connection reset by peer] 17:36 -!- Araluccl1 [~lallo@151.77.69.93] has joined #openvpn 17:36 < Araluccl1> nope..it didnt work... :) 17:36 < Araluccl1> its a pity...cause everything seemed to wiork fine 17:37 < Olipro> sounds like the firewall issue is one of your endpoints 17:38 <+EugeneKay> Yup, and I'm not getting paid enough to debug firewalls. :-p 17:38 <+EugeneKay> Play with nmap. 17:38 < Araluccl1> oh... wait... I had a openvpn client launced on my openwtroute too with iolder tap config..maybe it screwed up... 17:38 <+EugeneKay> Very likely. 17:38 < Araluccl1> i stopped now 17:38 < Araluccl1> :) i retry... 17:38 <+EugeneKay> If you look at the server log, it'll probably complain about duplicate clients 17:39 <+EugeneKay> Which describes exactly that issue. 17:39 -!- win5hit [~Winshit@HSI-KBW-46-223-5-242.hsi.kabel-badenwuerttemberg.de] has joined #openvpn 17:39 -!- Araluccl0 [~lallo@216.231.135.109] has quit [Ping timeout: 252 seconds] 17:40 -!- Araluccl0 [~lallo@216.231.135.109] has joined #openvpn 17:40 -!- Araluccl1 [~lallo@151.77.69.93] has quit [Read error: Connection reset by peer] 17:41 -!- Araluccl1 [~lallo@151.77.69.93] has joined #openvpn 17:41 < Araluccl1> :) that sucks... 17:41 < win5hit> can somebody explain to me how the client certificate is checked during the authentification process? like some data is signed with the clientcert and sent to the server.... 17:42 < Araluccl1> 69.93:2128 MULTI: bad source address from client [192.168.1.5], packet dropped 17:42 <+EugeneKay> !pki 17:42 <@vpnHelper> "pki" is (#1) http://openvpn.net/index.php/open-source/documentation/howto.html#pki for how to make your PKI stuff (ca, and certs) or (#2) Heres a basic rundown of how it works... The server, client, and ca certs are all signed by the same ca.key. The server and client use the ca.crt to check that eachother were signed by the right ca.key. Optionally, the client also checks that the server cert was 17:42 <@vpnHelper> signed specially as a server (see !servercert) 17:42 < Araluccl1> this one? 17:42 <+EugeneKay> No, that's just a weird error. 17:42 <@krzee> hey Araluccl, why you using tap anyways? 17:42 <+EugeneKay> krzee - he isn't anymore :-p 17:43 <@krzee> ahh nice 17:43 < Araluccl1> cause I thought tun was point to point connection 17:43 < Araluccl1> and I have different clients 17:43 < Araluccl1> http://pastebin.com/7b5VMqhX this is my server log 17:43 < Araluccl1> bad source... 17:44 < Araluccl1> (im 192.168.1.5) 17:44 -!- Araluccl0 [~lallo@216.231.135.109] has quit [Ping timeout: 252 seconds] 17:44 < Araluccl1> I guess its a config issue 17:44 <@krzee> weird 17:45 <@krzee> ive seen this before 17:45 <@krzee> never figured out the issue tho 17:45 < Araluccl1> hehe... lucky me 17:45 <@krzee> where it sends packets over tun even tho it uses src address of eth0 17:45 <@krzee> whereas it should use src of tun0 17:45 <@krzee> is the client ALWAYS 192.168.1.x? 17:45 <@krzee> or is it a laptop or something...? 17:46 < Araluccl1> well... nope... I also have a 10.51.0.0 at work 17:46 < Araluccl1> and in fact I gues now its turne on trying to connect to a rap server :) 17:46 < Araluccl1> tap 17:47 < Araluccl1> oh..and I have a client on my android cell too :) 17:47 < Araluccl1> but its not ùturned off i guess 17:47 < Araluccl1> not = now 17:48 < Araluccl1> maybe all those float and other client directives? 17:48 < Araluccl1> I could try a trial and figure comments but i have no clue :) 17:49 < Araluccl1> now I try to comemnt pus redirect on server and check if I disconnect again 17:50 < Araluccl1> im still here... 17:51 <@vpnHelper> RSS Update - forum: Build own Installer 17:51 < Araluccl1> so I guess... push "redirect-gateway def1" and / or push "dhcp-option DNS 10.8.0.1" are the guilties 17:52 < Araluccl1> those are the only ones I commented 17:52 <@krzee> heh 17:52 <@krzee> well ya 17:52 <@krzee> you arent redirecting your route to go through your vpn 17:53 <@krzee> so while it doesnt disconnect, it also doesnt access the inet through your vpn 17:53 < Araluccl1> hmm 17:53 -!- win5hit [~Winshit@HSI-KBW-46-223-5-242.hsi.kabel-badenwuerttemberg.de] has quit [Quit: Leaving.] 17:53 < Araluccl1> I didnt get it... 17:53 <@krzee> is your dns server listening on 10.8.0.1? 17:53 < Araluccl1> im sorry :) 17:53 < Araluccl1> on my vps dns servers are 8.8.8.8 and 8.8.4.4 17:54 <@krzee> your client and server are BOTH on tun now, right? 17:54 < Araluccl1> yes 17:54 <@krzee> so do you have a dns server listening on 10.8.0.1? 17:55 < Araluccl1> hmm... what do you mean with listening... i can see 2 ones into sresolve.conf :) 17:55 < Araluccl1> (really newbie... im so ashamed :D ) 17:56 <@krzee> push "dhcp-option DNS 10.8.0.1" 17:56 < Araluccl1> thankg god mom cant see me now... 17:56 <@krzee> if you arent running a NS on 10.8.0.1, thats bad 17:56 < Araluccl1> oh... 17:56 < Araluccl1> so the ones into resolve.conf arent good? 17:56 < Araluccl1> I can oping public sites from ps so I thought they worked fine 17:57 < Araluccl1> vps 17:57 < Araluccl1> btw what do you suggest? :) 17:58 < Araluccl1> I can uncomment redirect gateway and leave dns push commented? 18:02 < Araluccl1> I tried... it doesnt disconnect but doesnt redirect eithrt... 18:03 <@krzee> im saying pushing 10.8.0.1 is no good 18:03 <@krzee> that tells the client to make that his dns server 18:03 <@krzee> but theres no server running there 18:04 < Araluccl1> I see 18:04 < Araluccl1> but without it it doesnt redirect traffic 18:04 -!- Denial [Denial@drgi.co.uk] has quit [] 18:04 < Araluccl1> the solution is run a dns server on vps? 18:04 <@krzee> and it works with it? 18:04 <@krzee> no, the solution is to put a real nameserver there if you wanna push a nameserver 18:04 < Araluccl1> it works but gest disconenccted after a minute or so 18:05 <@krzee> like 8.8.8.8 for example 18:05 < Araluccl1> ah...ok... I try 18:06 -!- Araluccl0 [~lallo@216.231.135.109] has joined #openvpn 18:07 -!- Araluccl1 [~lallo@151.77.69.93] has quit [Read error: Connection reset by peer] 18:07 -!- Araluccl1 [~lallo@151.77.69.93] has joined #openvpn 18:08 < Araluccl1> nope... ieven with push "dhcp-option DNS 8.8.8.8" ...i disconnect 18:11 -!- Araluccl0 [~lallo@216.231.135.109] has quit [Ping timeout: 252 seconds] 18:13 -!- Araluccl0 [~lallo@216.231.135.109] has joined #openvpn 18:15 < Araluccl0> im using this now push "redirect-gateway def1 bypass-dhcp" + push dhcp dns option... and didnt disconnect yet... 18:17 < Araluccl0> I think it works... no idea what it does... 18:17 -!- Araluccl1 [~lallo@151.77.69.93] has quit [Ping timeout: 252 seconds] 18:17 < Araluccl0> but I think it works... 18:19 < Araluccl0> well..it works... I don't know how to thank you all ...really :) 18:20 < Araluccl0> Araluccl0 is connecting from *@216.231.135.109 :) ...its 1.20 am here...i guess ill go to sleep 18:21 -!- Araluccl1 [~lallo@151.77.69.93] has joined #openvpn 18:25 -!- Araluccl0 [~lallo@216.231.135.109] has quit [Ping timeout: 252 seconds] 18:31 <@vpnHelper> RSS Update - forum: one Public IP => multiple VLANs (one per department) 18:32 -!- Araluccl0 [~lallo@151.77.69.93] has joined #openvpn 18:32 -!- Araluccl1 [~lallo@151.77.69.93] has quit [Read error: Connection reset by peer] 18:36 -!- Araluccl1 [~lallo@151.77.69.93] has joined #openvpn 18:36 -!- Araluccl0 [~lallo@151.77.69.93] has quit [Read error: Connection reset by peer] 18:41 -!- cjs226 [~cjs226@99-61-65-242.lightspeed.austtx.sbcglobal.net] has joined #openvpn 18:47 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Quit: Rolybrau] 18:49 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 18:49 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 18:50 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Client Quit] 18:51 -!- Araluccl0 [~lallo@151.77.69.93] has joined #openvpn 18:51 -!- Araluccl1 [~lallo@151.77.69.93] has quit [Read error: Connection reset by peer] 18:53 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 19:01 -!- Araluccl1 [~lallo@216.231.135.109] has joined #openvpn 19:01 -!- Araluccl0 [~lallo@151.77.69.93] has quit [Read error: Connection reset by peer] 19:01 -!- Araluccl0 [~lallo@151.77.69.93] has joined #openvpn 19:06 -!- Araluccl1 [~lallo@216.231.135.109] has quit [Ping timeout: 252 seconds] 19:10 -!- Araluccl0 [~lallo@151.77.69.93] has quit [Ping timeout: 252 seconds] 19:11 -!- Araluccl0 [~lallo@216.231.135.109] has joined #openvpn 19:11 -!- newl [~newl@97.75.165.156] has joined #openvpn 19:11 -!- Araluccl1 [~lallo@151.77.69.93] has joined #openvpn 19:13 -!- cconstantine_ [~cconstant@173.247.200.5] has joined #openvpn 19:15 -!- Araluccl0 [~lallo@216.231.135.109] has quit [Ping timeout: 252 seconds] 19:17 < cconstantine_> hey all. I'm installing my first openvpn setup, and I appear to have hit a snag. I have the server running (debian 6.0), and a client (MacOSX lion using tunnelblick) connected with a TUN. The server has an internal network of 10.182.x.x, and I can ssh from the client to the server's 10.182.x.x ip (eth1's ip), but I can't seem to get it to ssh to other machines in the server's subnet. Could someone help me out? 19:19 < cconstantine_> the how to says to "Make sure that you've enabled IP and TUN/TAP forwarding on the OpenVPN server machine.". I've enabled ip forwarding, but I don't know how to enable TUN forwarding and the FAQ doesn't seem to cover it 19:26 <@vpnHelper> RSS Update - forum: openvpn not forwarding traffic to tap0 19:26 -!- tekzilla [~jon@hmbg-4d06cd90.pool.mediaWays.net] has quit [Ping timeout: 252 seconds] 19:28 -!- tekzilla [~jon@hmbg-4d06cc62.pool.mediaWays.net] has joined #openvpn 19:35 -!- Gravitron [~admin@64.93.224.120] has joined #openvpn 19:35 -!- Gravitron [~admin@64.93.224.120] has quit [Changing host] 19:35 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 19:50 -!- _julian_ [~quassel@hmbg-5f76763a.pool.mediaWays.net] has joined #openvpn 19:54 -!- _julian [~quassel@hmbg-4d06c380.pool.mediaWays.net] has quit [Ping timeout: 252 seconds] 19:54 < cconstantine_> Haza! I got it: iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o -j MASQUERADE 20:00 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 20:06 -!- Gravitro_ [~admin@69.163.40.45] has joined #openvpn 20:06 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Ping timeout: 252 seconds] 20:08 <@vpnHelper> RSS Update - forum: Windows 7 x64, routing, DHCP and a unstable VPN 20:22 -!- gremly [~gremly@200.106.218.64] has joined #openvpn 20:24 < rob0> !route 20:24 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT or (#3) See !tcpip for more info about a more basic networking guide 20:24 < rob0> cconstantine_, ^^ the right answer. NAT makes it partially work, but routing is the real way. 20:38 <@vpnHelper> RSS Update - forum: I cannot get my openvpn client to connect to the server 20:50 <@vpnHelper> RSS Update - forum: Internet Speed with and without OpenVPN 20:58 -!- Autoeth [~nguyendp0@ip98-165-34-222.ph.ph.cox.net] has joined #openvpn 21:10 * WebDawg http://wordpress.org/extend/plugins/sopa-strike/ 21:10 <@vpnHelper> Title: WordPress SOPA Strike « WordPress Plugins (at wordpress.org) 21:10 <+EugeneKay> Cool story bro. 21:12 -!- newl [~newl@97.75.165.156] has left #openvpn [] 21:15 -!- gremly [~gremly@200.106.218.64] has quit [Quit: WeeChat 0.3.6] 21:18 -!- hkais1 [~xenoadmin@stgt-5f700db2.pool.mediaWays.net] has joined #openvpn 21:21 -!- hkais [~xenoadmin@stgt-5f701ab1.pool.mediaWays.net] has quit [Ping timeout: 252 seconds] 21:27 < jeev> in order for the strike banner to work, it needs to be done for more than a day. 21:29 -!- Guest11006 [SkyNet-200@gateway/shell/trekweb.org/x-jtbslgsopdmxqotx] has left #openvpn [] 21:32 -!- corretico [~luis@190.211.93.11] has joined #openvpn 21:32 <@vpnHelper> RSS Update - forum: I cannot get my openvpn client to connect to the server 21:53 -!- coolstar-pc [4cfd0338@gateway/web/freenode/ip.76.253.3.56] has joined #openvpn 21:54 < coolstar-pc> !welcome 21:54 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 21:54 < coolstar-pc> How do I use openvpn with a custom vpn server? 21:56 -!- MeanderingCode_ [~Meanderin@97-123-15-175.albq.qwest.net] has joined #openvpn 21:57 -!- MeanderingCode [~Meanderin@97-123-15-175.albq.qwest.net] has quit [Ping timeout: 252 seconds] 22:01 -!- futurestack [~o_o@unaffiliated/futurestack] has quit [Ping timeout: 255 seconds] 22:01 <+EugeneKay> !howto 22:01 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror 22:02 <@vpnHelper> RSS Update - forum: I cannot get my openvpn client to connect to the server 22:09 -!- futurestack [~o_o@unaffiliated/futurestack] has joined #openvpn 22:13 -!- ponyofdeath [~vladi@cpe-75-80-175-217.san.res.rr.com] has quit [Quit: leaving] 22:13 -!- futurestack [~o_o@unaffiliated/futurestack] has quit [Ping timeout: 240 seconds] 22:16 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 22:17 -!- futurestack [~o_o@unaffiliated/futurestack] has joined #openvpn 22:19 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 22:29 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 23:03 < Autoeth> i need someone that has actually setup a bridged openvpn server anyone in here right now ? 23:04 < Autoeth> sorry on linux OS ? 23:19 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 23:24 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 23:42 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 23:45 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 23:49 -!- mohi666 [~mohi@c-76-103-53-145.hsd1.ca.comcast.net] has joined #openvpn 23:50 -!- nonotza [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has joined #openvpn --- Day changed Wed Jan 18 2012 00:16 <@vpnHelper> RSS Update - forum: Routed OpenVPN between two subnets 00:22 <@vpnHelper> RSS Update - forum: [SOLVED] Accessing OpenVPN server from its public IP 00:28 <@vpnHelper> RSS Update - forum: [SOLVED] Accessing OpenVPN server from its public IP || Static IP Windows Please 00:33 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 00:36 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 00:52 <@vpnHelper> RSS Update - forum: redirect traffic to tunnel of one out of 2 network adapter 00:59 -!- mohi666 [~mohi@c-76-103-53-145.hsd1.ca.comcast.net] has quit [Ping timeout: 240 seconds] 01:09 -!- koaschten [~koaschten@31-16-0-231-dynip.superkabel.de] has quit [Ping timeout: 276 seconds] 01:16 -!- Netsplit *.net <-> *.split quits: wedge_, johnny_be_yell-1, Essobi, _julian_, dioz, Gravitro_, cconstantine_, bauruine, ScriptFanix, JoeK 01:18 -!- Netsplit over, joins: ScriptFanix, Gravitro_, _julian_, cconstantine_, bauruine, dioz, Essobi, wedge_, johnny_be_yell-1, JoeK 01:27 -!- hkais1 [~xenoadmin@stgt-5f700db2.pool.mediaWays.net] has quit [Ping timeout: 252 seconds] 01:52 <@vpnHelper> RSS Update - forum: OpenVPN Management kill cn of the flowchart 01:57 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Quit: UnterPerro lives to save another day] 02:00 -!- pwrcycle [~pwrcycle@unaffiliated/pwrcycle] has quit [Ping timeout: 276 seconds] 02:10 <@vpnHelper> RSS Update - forum: username-as-common-nameNot sensitive to big or small letters 02:11 -!- Nebukadneza [~Nebukadne@h1749472.stratoserver.net] has left #openvpn [] 02:21 -!- X0Rc0re [~chatzilla@58-7-130-107.dyn.iinet.net.au] has joined #openvpn 02:22 -!- zalzice [~zalzice@25.79-160-109.customer.lyse.net] has quit [Ping timeout: 252 seconds] 02:23 -!- zalzice [~zalzice@25.79-160-109.customer.lyse.net] has joined #openvpn 02:25 -!- p3rror [~mezgani@41.249.12.201] has quit [Read error: Operation timed out] 02:28 -!- Azrael808 [~peter@212.161.9.162] has joined #openvpn 02:28 <@vpnHelper> RSS Update - forum: any way to have log of users?? 02:40 <@vpnHelper> RSS Update - forum: Static IP Windows Please || I cannot get my openvpn client to connect to the server 02:46 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has quit [Ping timeout: 260 seconds] 02:46 <@vpnHelper> RSS Update - forum: any way to have log of users?? || Routing Client Traffic Through The Server 02:52 <@vpnHelper> RSS Update - forum: Routed OpenVPN between two subnets || redirect traffic to tunnel of one out of 2 network adapter 02:55 -!- koaschten [~koaschten@31-16-0-231-dynip.superkabel.de] has joined #openvpn 02:58 -!- dazo_afk is now known as dazo 02:59 -!- Denial [Denial@drgi.co.uk] has joined #openvpn 03:14 -!- X0Rc0re [~chatzilla@58-7-130-107.dyn.iinet.net.au] has quit [Quit: ChatZilla 0.9.88 [Firefox 8.0.1/20111120135848]] 03:15 -!- colopolo [5f86f74e@gateway/web/freenode/ip.95.134.247.78] has joined #openvpn 03:16 -!- mocas_ [~mocas@87-196-121-73.net.novis.pt] has quit [Ping timeout: 240 seconds] 03:16 < colopolo> Hi all 03:17 < colopolo> How can I get list of currently connected clients to my ovpn server? 03:21 -!- seekr [~Foo@209-6-86-244.c3-0.smr-ubr2.sbo-smr.ma.cable.rcn.com] has joined #openvpn 03:21 <@dazo> colopolo: three ways: 1) look at log files, 2) enable --status file, and/or 3) enable --management 03:22 <@dazo> !man 03:22 <@vpnHelper> "man" is (#1) http://openvpn.net/man for 2.0 manual or (#2) http://openvpn.net/man-beta.html for 2.1 manual or (#3) http://openvpn.net/index.php/open-source/documentation/manuals/427-openvpn-22.html for 2.2 manual or (#4) the man pages are your friend! 03:22 -!- seekr [~Foo@209-6-86-244.c3-0.smr-ubr2.sbo-smr.ma.cable.rcn.com] has left #openvpn [] 03:23 <@dazo> well, there's a another approach as well ... using --client-connect/--client-disconnect and/or --learn-address script hooks, or writing a plug-in in C which is loaded via --plugin 03:23 <@dazo> (it all depends on how advanced you want to be) 03:25 < colopolo> looks hooks is a way to go for me 03:25 < colopolo> Thanks! 03:26 <@dazo> you're welcome! 03:27 < hyper_ch> hi dazo 03:27 <@dazo> hey! 03:29 < hyper_ch> dazo: you read gizmodo sometimes? 03:30 <@dazo> seldom 03:30 <@dazo> (mostly due to too little time :)) 03:31 < hyper_ch> dazo: I just wonder, does it take for you also a long time until a gizmodo article becomes "responsive"? 03:31 <@dazo> I'd have to test it out now 03:31 < hyper_ch> there seems to be some many things being loaded that at first it's not responsiv at all 03:31 < hyper_ch> e.g. http://gizmodo.com/5877084/why-android-handsets-are-bigger-than-the-iphone 03:31 <@vpnHelper> Title: Why Android Handsets are Bigger Than the iPhone (at gizmodo.com) 03:32 <@dazo> The page loads and is viewed quickly, but continues to load something afterwards ... 03:32 < hyper_ch> but can you scroll down while it's still loading other things? 03:32 <@dazo> I can scroll 03:33 <@dazo> (to a complete bottom even) 03:33 < hyper_ch> while it loads other stuff? hmmm 03:33 < hyper_ch> Firefox? 03:33 <@dazo> yupp ... latest which arrived Fedora 14 03:33 <@dazo> 3.6.34 03:34 < hyper_ch> I think I'll ahve to remove my FF profile 03:35 < hyper_ch> thx for testing 03:37 -!- colopolo [5f86f74e@gateway/web/freenode/ip.95.134.247.78] has quit [Ping timeout: 258 seconds] 03:37 <@vpnHelper> RSS Update - forum: TFTP not working once connected through open vpn || getting an open NAT in residence 03:37 <@dazo> SOPA/PIPA protests have really gotten started now ... 03:41 -!- coolstar-pc [4cfd0338@gateway/web/freenode/ip.76.253.3.56] has quit [Quit: Good Night Everyone] 03:44 <@dazo> http://www.osnews.com/ .... that's a cool approach ... 03:50 <@vpnHelper> RSS Update - forum: TFTP not working once connected through open vpn 03:53 -!- SigmaProjects [~SigmaProj@cpe-66-75-87-13.socal.res.rr.com] has quit [Ping timeout: 240 seconds] 03:56 <@vpnHelper> RSS Update - forum: any way to have log of users?? || username-as-common-nameNot sensitive to big or small letters 04:08 <@vpnHelper> RSS Update - forum: Internet Speed with and without OpenVPN 04:10 -!- nonotza [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has quit [Quit: nonotza] 04:23 -!- master_of_master [~master_of@p57B52184.dip.t-dialin.net] has quit [Ping timeout: 252 seconds] 04:24 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has joined #openvpn 04:24 -!- master_of_master [~master_of@p57B55B13.dip.t-dialin.net] has joined #openvpn 04:26 <@vpnHelper> RSS Update - forum: any way to have log of users?? 04:29 -!- p3rror [~mezgani@41.137.254.45] has joined #openvpn 04:32 <@vpnHelper> RSS Update - forum: any way to have log of users?? 04:50 <@vpnHelper> RSS Update - forum: any way to have log of users?? 05:08 <@vpnHelper> RSS Update - forum: TFTP not working once connected through open vpn 05:14 <@vpnHelper> RSS Update - forum: TFTP not working once connected through open vpn 05:46 -!- Araluccl0 [~lallo@216.231.135.109] has joined #openvpn 05:47 -!- Araluccl1 [~lallo@151.77.69.93] has quit [Read error: Connection reset by peer] 05:48 -!- Araluccl1 [~lallo@151.77.69.93] has joined #openvpn 05:51 -!- Araluccl0 [~lallo@216.231.135.109] has quit [Ping timeout: 252 seconds] 06:16 -!- pwrcycle [~pwrcycle@173.214.160.92] has joined #openvpn 06:32 <@vpnHelper> RSS Update - forum: connected via VPN, but having access errors 06:38 <@vpnHelper> RSS Update - forum: connected via VPN, but having access errors 06:39 -!- Gravitro_ [~admin@69.163.40.45] has quit [Ping timeout: 260 seconds] 06:40 -!- dimir [~dimir@dimir.eu] has joined #openvpn 06:40 < dimir> hello there. 06:42 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has joined #openvpn 06:42 < dimir> I'm thinking to deploy OpenVPN. Our needs are pretty standard except that we would like to authenticate users via AD. I was checking for LDAP auth support in OpenVPN and I found out it. But I could not find answer to this question: Can I specify which LDAP object (user/group) is allowed to use OpenVPN service? 06:44 <@vpnHelper> RSS Update - forum: username-as-common-nameNot sensitive to big or small letters 06:46 -!- krzie [nobody@openvpn/community/support/krzee] has quit [Quit: This computer has gone to sleep] 06:46 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has quit [Client Quit] 06:50 <@vpnHelper> RSS Update - forum: any way to have log of users?? || connected via VPN, but having access errors 06:50 <@dazo> dimir: is it this one you've found? http://redmine.debuntu.org/projects/openvpn-ldap-auth/wiki#LDAP-plugin-configuration 06:50 <@vpnHelper> Title: openvpn-ldap-auth - Wiki - Redmine@Debuntu (at redmine.debuntu.org) 06:51 < dimir> dazo: no, this one: http://openvpn.net/index.php/access-server/docs/admin-guides/190-how-to-authenticate-users-with-active-directory.html :-D 06:52 <@vpnHelper> Title: How to authenticate users with Active Directory (at openvpn.net) 06:52 <@dazo> dimir: that's Access Server .... not the community version we support 06:52 <@dazo> !as 06:52 <@vpnHelper> "as" is please go to #OpenVPN-AS for help with Access-Server 06:52 < dimir> oh. 06:52 < dimir> I see. 06:53 < dimir> I was looking for community version actually. So you mean community version does not have this web management UI? 06:53 <@dazo> correct 06:53 < dimir> dang 06:53 <@dazo> (OpenVPN AS uses the same community openvpn core under the hood, but they've wrapped it in with a webUI 06:54 < dimir> Oh. 06:54 <@dazo> (well, AS uses a OpenVPN v2.1 core) 06:54 < dimir> Good then. 06:54 < dimir> I basically do not care that much about the UI. But I'd like to know if I can select which LDAP object can use the service. 06:55 <@dazo> I don't know enough about LDAP (yet), but I believe the first pointer I gave you should be able to tackle that ... however, I don't know if that's been tested against AD LDAP for auth 06:56 <@dazo> chantra (who is the developer of that plug-in) might know better 06:56 <@vpnHelper> RSS Update - forum: connected via VPN, but having access errors 07:02 < dimir> dazo: I see, thanks. 07:02 < dimir> dazo: It shouldn't be hard to add such a filter in theory so maybe I could contribute a bit in that sense. 07:03 <@dazo> cool! 07:06 < dimir> :-) 07:08 < dimir> dazo: I guess this is how the one would start https://community.openvpn.net/openvpn/wiki/Contributing ? 07:08 <@vpnHelper> Title: Contributing – OpenVPN Community (at community.openvpn.net) 07:09 <@dazo> dimir: yeah, generally ... even though that's mostly aimed towards the core OpenVPN part ... the LDAP support is an external project which chantra is in the lead of, so I don't know if he has his own ways there 07:10 < dimir> dazo: oh, I see! 07:10 <@dazo> OpenVPN is incredibly flexible, so it's easy to put on extra stuffing on top 07:11 * dazo also got his own OpenVPN project on the side as well, which also does authentication stuff 07:11 < dimir> chantra: Hi there. Could you tell me if LDAP authentication supports filter, that is I'd like to select which LDAP object (user/group) is allowed to use VPN service? 07:11 <@dazo> !eurephia 07:11 <@vpnHelper> "eurephia" is http://www.eurephia.net/ 07:11 <@dazo> (not LDAP support there, yet, but I'm planning on it) 07:12 < dimir> Nice. 07:18 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has quit [Quit: Leaving] 07:21 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has joined #openvpn 07:31 -!- nonotza [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has joined #openvpn 07:43 -!- nonotza [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has quit [Quit: nonotza] 07:54 -!- koaschten_ [~koaschten@31-16-0-231-dynip.superkabel.de] has joined #openvpn 07:56 -!- koaschten [~koaschten@31-16-0-231-dynip.superkabel.de] has quit [Ping timeout: 252 seconds] 07:59 -!- n3wb13 [~newbie@83.149.126.31] has joined #openvpn 07:59 -!- krzie [nobody@openvpn/community/support/krzee] has joined #openvpn 08:03 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has joined #openvpn 08:06 -!- n3wb13 [~newbie@83.149.126.31] has left #openvpn ["Leaving"] 08:07 -!- krzie [nobody@openvpn/community/support/krzee] has quit [Ping timeout: 244 seconds] 08:08 <@vpnHelper> RSS Update - forum: Internet Speed with and without OpenVPN 08:18 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has joined #openvpn 08:21 -!- Tixos [~sg@95.140.125.31] has joined #openvpn 08:27 <@vpnHelper> RSS Update - forum: Give users access to different individual private networks || Internet Speed with and without OpenVPN 09:03 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has quit [Ping timeout: 240 seconds] 09:07 -!- MarKsaitis_ [~MarKsaiti@195.59.185.18] has joined #openvpn 09:08 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has quit [Ping timeout: 248 seconds] 09:24 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has joined #openvpn 09:28 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 09:31 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 09:39 <@vpnHelper> RSS Update - forum: Internet Speed with and without OpenVPN 09:41 -!- cjs226 [~cjs226@99-61-65-242.lightspeed.austtx.sbcglobal.net] has quit [] 09:46 -!- APTX [APTX@unaffiliated/aptx] has quit [Quit: No Ping reply in 180 seconds.] 09:48 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has quit [Ping timeout: 276 seconds] 09:49 -!- noisebleed [~quassel@lula.inescn.pt] has joined #openvpn 09:49 -!- noisebleed [~quassel@lula.inescn.pt] has quit [Changing host] 09:49 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has joined #openvpn 09:49 -!- APTX [APTX@unaffiliated/aptx] has joined #openvpn 09:51 <@vpnHelper> RSS Update - forum: openvpn not forwarding traffic to tap0 [SOLVED] 09:55 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has quit [Ping timeout: 252 seconds] 09:57 <@vpnHelper> RSS Update - forum: Testing environment || openvpn not forwarding traffic to tap0 [SOLVED] 10:03 <@vpnHelper> RSS Update - forum: Windows 7 User Account Control Warning on each boot up? 10:11 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 10:13 -!- MarKsaitis_ [~MarKsaiti@195.59.185.18] has quit [Quit: Leaving] 10:15 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 10:31 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has quit [Ping timeout: 244 seconds] 10:35 -!- treund [~treund@97.75.177.42] has joined #openvpn 10:39 -!- Araluccl0 [~lallo@216.231.135.109] has joined #openvpn 10:42 -!- Araluccl1 [~lallo@151.77.69.93] has quit [Ping timeout: 252 seconds] 10:46 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn 10:46 -!- mode/#openvpn [+v s7r] by ChanServ 10:47 <+s7r> wow 2.2.2 release many thanks to all developers!!! 10:48 <+s7r> full ipv6 support krzee dazo 10:48 <+s7r> ? 10:48 <@dazo> s7r: nope ... that's in 2.3 10:48 <@dazo> 2.2.x have a IPv6 enabled TUN/TAP driver for Windows 10:49 <+s7r> ah, ok 10:49 <@dazo> (never new features in minor updates .... at least not on my shift) 10:49 <+s7r> i will read changelog now 10:49 <+s7r> so basically 2.2.2 has minor improvements against 2.2.1 10:49 <+s7r> new features only in major release, such as 2.3 ? 10:50 <@dazo> bugfixes, security fixes and such likes, that's minor releases 10:50 <@dazo> and yeah, new features only in major releases, as 2.3 will be 10:51 <@vpnHelper> RSS Update - forum: Windows 7 User Account Control Warning on each boot up? 10:57 -!- tekoholic [~quassel@97-118-207-247.hlrn.qwest.net] has joined #openvpn 11:01 -!- Azrael808 [~peter@212.161.9.162] has quit [Ping timeout: 252 seconds] 11:01 -!- dazo is now known as dazo_afk 11:03 -!- krzee [krzee@openvpn/community/support/krzee] has quit [Ping timeout: 252 seconds] 11:09 -!- Araluccl1 [~lallo@151.77.69.93] has joined #openvpn 11:11 -!- Tixos [~sg@95.140.125.31] has quit [Quit: Leaving.] 11:13 -!- Araluccl0 [~lallo@216.231.135.109] has quit [Ping timeout: 252 seconds] 11:15 -!- Azrael808 [~peter@212.161.9.162] has joined #openvpn 11:25 -!- treund [~treund@97.75.177.42] has left #openvpn [] 11:27 -!- c1de0x [~c1de0x@208.111.44.254] has quit [Ping timeout: 252 seconds] 11:33 -!- c1de0x [~c1de0x@208.111.44.254] has joined #openvpn 11:34 -!- Autoeth [~nguyendp0@ip98-165-34-222.ph.ph.cox.net] has quit [Quit: jIRCii - http://www.oldschoolirc.com] 11:40 -!- c1de0x [~c1de0x@208.111.44.254] has quit [Max SendQ exceeded] 11:41 -!- c1de0x [~c1de0x@208.111.44.254] has joined #openvpn 11:42 -!- koaschten_ is now known as koaschten 11:49 -!- c1de0x [~c1de0x@208.111.44.254] has quit [Ping timeout: 252 seconds] 12:03 -!- Azrael808 [~peter@212.161.9.162] has quit [Ping timeout: 248 seconds] 12:10 <@vpnHelper> RSS Update - forum: Routed OpenVPN between two subnets 12:13 -!- JPeterson [HydraIRC@s213-103-209-64.cust.tele2.se] has quit [Read error: Connection reset by peer] 12:17 -!- rasyid7 [~3333@69.163.36.67] has quit [Read error: Connection reset by peer] 12:17 -!- rasyid7 [~3333@69.163.36.67] has joined #openvpn 12:18 -!- JPeterson [HydraIRC@s213-103-209-64.cust.tele2.se] has joined #openvpn 12:18 -!- JPeterson [HydraIRC@s213-103-209-64.cust.tele2.se] has quit [Read error: Connection reset by peer] 12:22 -!- JPeterson [HydraIRC@s213-103-209-64.cust.tele2.se] has joined #openvpn 12:24 -!- defsdoor [~andy@cpc17-sutt4-2-0-cust175.perr.cable.virginmedia.com] has joined #openvpn 12:32 -!- rasyid7 [~3333@69.163.36.67] has quit [Ping timeout: 272 seconds] 12:36 -!- mikmu [~chatzilla@24.114.223.218] has joined #openvpn 12:37 < mikmu> Hey there, quick question. I have a Peer-to-Peer SSL tunnel between two routers (PFSense and DD-WRT). The tunnel is up and running. Routers on each end can access the other's network, but workstations cannot send traffic through the tunnel 12:38 < mikmu> Do we have to manually add routes on the workstations? Site A is 10.0.0.0/24 and B is 10.10.1.0/24, routing through 10.99.1.0/24 12:39 < mikmu> Router at site B, 10.10.1.1 can access any ressource on the entire 10.0.0.0/24 network 12:39 < mikmu> But computers on Site B router can not ping or access services such as SMTP or ssh 12:40 < mikmu> And, router on site A cannot access SSH on router site B 12:41 -!- kokozedman [607fb67a@gateway/web/freenode/ip.96.127.182.122] has joined #openvpn 12:45 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has joined #openvpn 12:48 -!- defsdoor [~andy@cpc17-sutt4-2-0-cust175.perr.cable.virginmedia.com] has quit [Quit: Ex-Chat] 12:48 -!- defsdoor [~andy@cpc17-sutt4-2-0-cust175.perr.cable.virginmedia.com] has joined #openvpn 12:52 < rob0> !route 12:52 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT or (#3) See !tcpip for more info about a more basic networking guide 12:52 < rob0> Each side has to know how to reach the other. 12:57 < mikmu> Hi rob0 12:57 < mikmu> I'll read the documents, I was adding routes directly on the windows PC with no success, as I didn't figure that it could be pushed from the router configuration 12:58 < mikmu> Since the PCs do not have any openVPN software on them 12:58 < mikmu> But I'll check with the openvpn configuration to see what I'll pick up. Thanks 13:03 < rob0> yw 13:04 -!- kokozedman [607fb67a@gateway/web/freenode/ip.96.127.182.122] has quit [Ping timeout: 258 seconds] 13:11 -!- p3rror [~mezgani@41.137.254.45] has quit [Ping timeout: 244 seconds] 13:24 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has quit [Ping timeout: 240 seconds] 13:29 < mikmu> hmm, may be problems with the implementation of openvpn on dd-wrt. I get ERROR: Linux route add command failed: external program exited with error status: 255 13:30 < mikmu> I seem to be able to add them by hand though 13:53 < Essobi> Does openvpn ever update a CCD file while running? 13:53 < Essobi> As in openvpn itself writing to the files, perhaps when a valid user connects? 13:58 < ecrist> no 13:59 < ecrist> CCD is never written to directly by openvpn 14:02 <@vpnHelper> RSS Update - forum: I cannot get my openvpn client to connect to the server 14:08 < Essobi> ecrist: Hmm.. Then I have a rogue SVN or some other processes updating these damned things. 14:08 < jeev> rob0. 14:08 < ecrist> perhaps, but openvpn doesn't update them. the atime of the file will be updated, generally by a system call to fopen() but not by openvpn directly. 14:09 < Essobi> tail -F MyUserName ; echo '#test' >> MyUserName ..... I connect to the VPN, and I see, "MyUserName has truncated" and the #test is gone. My CCD is only 1 line long to begin with... 14:09 < Essobi> But it only seems to happen when I connect... which I find odd. 14:09 < Essobi> ls -lart shows the same... ccd's being updated everytime someone connects. 14:10 < ecrist> !config 14:10 <@vpnHelper> (config []) -- If is given, sets the value of to . Otherwise, returns the current value of . You may omit the leading "supybot." in the name if you so choose. 14:10 < ecrist> !configs 14:10 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries 14:11 < Essobi> Well... I'll wait till I can down the server. Just seems odd I can't do an atomic update on these files while openvpn is running, and I didn't expect it to be by design. 14:11 < Essobi> IIRC, this is an old version. 14:11 -!- Autoeth [~nguyendp0@ip98-165-34-222.ph.ph.cox.net] has joined #openvpn 14:12 < Essobi> Ah, 2.1.1. 14:14 -!- Axeman [~Axeman3@198.105.46.46] has joined #openvpn 14:14 -!- Axeman [~Axeman3@198.105.46.46] has quit [Changing host] 14:14 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 14:14 -!- mode/#openvpn [+v Axeman] by ChanServ 14:19 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Ping timeout: 252 seconds] 14:20 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 14:22 < Autoeth> anyone here that has actually setup a bridged openvpn server i did alot of reading ,but have some questions before i even attempt this ? 14:25 < mikmu> rob0: Thanks for the routing pointer. Got things up and running. Was definitely missing quite a bit of configuration. The routes, client-to-client and ccd files fixed things up. Thanks! 14:26 < ecrist> Autoeth: I run a bridged network. 14:28 < Autoeth> ecrist : cool can you clearify an overview of my statement. So my understanding is i setup a bridge to my internal network card and add a tap interface to that bridge so openvpn server can get to it. It also says that you might have problems creating a bridge upon bootup this is linux i am talking about. Or can you explain that overview ? 14:28 < rob0> mikmu, awesome, good to hear it, and congrats. 14:28 < ecrist> Autoeth: sounds about right. I'm a freebsd/mac os guy, so I can't tell you shit about that toy operating system you use. :P 14:29 < Autoeth> ecrist : lol ok can anyone else comment on that ? 14:30 < ecrist> I don't have problems creating it on boot on freebsd 14:31 < ecrist> given OS X is almost freebsd, I doubt I'd have problems there, either. 14:32 < ecrist> that being said, I'm sure anyone that knew what they were doing could do it on linux 14:32 < Autoeth> so you make the bridge and your dhcp server issues your tap an ip address ? 14:32 < Autoeth> all upon boot up ? 14:33 < ecrist> not quite 14:33 < ecrist> we statically assign our VPN a range inside a larger /16 subnet 14:34 < ecrist> we create a tap0 interface, bridge that with em0, and em0 has a static IP on the /16 subnet 14:34 < Autoeth> ok yah i guess i should of clearified better i would understand the part of static ips i guess i was trying to understand the overview of what actually happens in a dhcp sense. 14:36 < Autoeth> cause in the static mode your talking about your clients would also have to set there ip static in that range as well if you configure it that way. Would that be a correct statment. 14:36 < ecrist> no 14:36 < ecrist> I use openvpn to assign IPs to a /24 inside a /16 14:36 -!- mikmu [~chatzilla@24.114.223.218] has quit [Quit: ChatZilla 0.9.88 [Firefox 8.0.1/20111120135848]] 14:37 < Autoeth> in that sense you would only have the option for openvpn to issue that one range that comes standard with openvpn server. How about that statement ? 14:38 < Autoeth> i think its like 192.168.x.x or something in that nature. 14:38 < ecrist> there is no 'range that comes standard' with openvpn 14:39 < ecrist> I think you should try reading the man page. 14:41 < Autoeth> what option would i be looking for in the man page ? 14:41 < Autoeth> where openvpn issues the dhcp clients addresses. 14:42 < ecrist> heh, the one where you think openvpn comes with an IP range 14:44 < Autoeth> ifconfig-pool is that the one you use ? 14:45 < ecrist> look for --server-bridge 14:46 < Autoeth> ok my understanding of server-bridge just opens that range to use as a bridge ,but doesn't force openvpn to issue dhcp clients an address in a certain range. 14:46 < ecrist> it doesn't, but can 14:46 < ecrist> try reading further 14:46 < ecrist> you *can* assign IPs from a separate DHCP server 14:48 < Autoeth> ok yah thats what i am trying to do i understood that part with the server-bridge allowing that open so a seperate dhcp server can assign them. 14:49 * ecrist goes away 14:50 < Autoeth> open =option 14:51 < Autoeth> then was trying to figure out what i problems that i have read on openvpn about making a bridge and tap on linux and it not booting up correctly thats why i wanted someone that had experienced that in linux. 14:58 -!- Autoeth [~nguyendp0@ip98-165-34-222.ph.ph.cox.net] has quit [Quit: switching servers] 15:01 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has joined #openvpn 15:02 -!- Autoeth [~nguyendp0@ip98-165-34-222.ph.ph.cox.net] has joined #openvpn 15:15 -!- p3rror [~mezgani@2001:470:1f0b:c66:1::2] has joined #openvpn 15:42 -!- hkais [~xenoadmin@stgt-5f700db2.pool.mediaWays.net] has joined #openvpn 15:56 -!- krzee [nobody@hemp.ircpimps.org] has joined #openvpn 15:56 -!- krzee [nobody@hemp.ircpimps.org] has quit [Changing host] 15:56 -!- krzee [nobody@openvpn/community/support/krzee] has joined #openvpn 15:58 < hyper_ch> good evening 16:01 <@vpnHelper> RSS Update - forum: Windows 7 x64, routing, DHCP and a unstable VPN 16:07 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Ping timeout: 248 seconds] 16:09 -!- rasyid7 [~3333@183.78.21.183] has joined #openvpn 16:09 -!- rasyid7 [~3333@183.78.21.183] has quit [Client Quit] 16:11 -!- Araluccl0 [~lallo@216.231.135.109] has joined #openvpn 16:12 -!- krzee [nobody@openvpn/community/support/krzee] has quit [Quit: This computer has gone to sleep] 16:14 -!- krzee [nobody@hemp.ircpimps.org] has joined #openvpn 16:14 -!- krzee [nobody@hemp.ircpimps.org] has quit [Changing host] 16:14 -!- krzee [nobody@openvpn/community/support/krzee] has joined #openvpn 16:14 -!- Araluccl1 [~lallo@151.77.69.93] has quit [Ping timeout: 252 seconds] 16:15 -!- hkais [~xenoadmin@stgt-5f700db2.pool.mediaWays.net] has quit [Ping timeout: 244 seconds] 16:15 -!- Araluccl1 [~lallo@151.77.69.93] has joined #openvpn 16:17 -!- meepmeep [meepmeep@there-is-no.endoftheinternet.org] has quit [Ping timeout: 252 seconds] 16:18 -!- Araluccl0 [~lallo@216.231.135.109] has quit [Ping timeout: 252 seconds] 16:18 -!- krzee [nobody@openvpn/community/support/krzee] has quit [Client Quit] 16:30 -!- Gravitron [~admin@64.93.224.120] has joined #openvpn 16:30 -!- Gravitron [~admin@64.93.224.120] has quit [Changing host] 16:30 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 16:33 -!- MeanderingCode_ [~Meanderin@97-123-15-175.albq.qwest.net] has quit [Read error: Connection reset by peer] 16:33 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has quit [Quit: Leaving] 16:33 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has joined #openvpn 16:35 -!- oc80z [oc80z@blea.ch] has quit [Excess Flood] 16:35 -!- oc80z [oc80z@blea.ch] has joined #openvpn 16:37 -!- Araluccl0 [~lallo@216.231.135.109] has joined #openvpn 16:41 -!- Araluccl1 [~lallo@151.77.69.93] has quit [Ping timeout: 252 seconds] 16:41 <@vpnHelper> RSS Update - forum: Simple connection does not work 16:43 -!- gffa [~gffa@unaffiliated/gffa] has quit [Quit: sleep] 16:45 -!- defsdoor [~andy@cpc17-sutt4-2-0-cust175.perr.cable.virginmedia.com] has quit [Quit: Ex-Chat] 16:47 -!- Araluccl1 [~lallo@151.77.69.93] has joined #openvpn 16:50 -!- Araluccl0 [~lallo@216.231.135.109] has quit [Ping timeout: 252 seconds] 16:58 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has quit [Remote host closed the connection] 17:05 <@vpnHelper> RSS Update - forum: Connection works but not all traffic routing even with redir 17:11 <@vpnHelper> RSS Update - forum: I connect but I see the network 17:11 < |Mike|> lol 17:25 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has joined #openvpn 17:33 -!- Denial [Denial@drgi.co.uk] has quit [Remote host closed the connection] 17:33 -!- Denial [Denial@drgi.co.uk] has joined #openvpn 17:39 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 252 seconds] 17:40 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn 17:42 < Essobi> anyone using CCDs mind checking if it updates the file when a user connects? a simple 'ls -lart /etc/openvpn/ccd/' should be enough to confirm if they're updating a lot.. 17:44 < Essobi> I see nothing in my configs that I think would do this... 17:47 -!- Autoeth [~nguyendp0@ip98-165-34-222.ph.ph.cox.net] has left #openvpn [] 17:47 -!- meepmeep [meepmeep@there-is-no.endoftheinternet.org] has joined #openvpn 17:49 -!- s7r [~s7r@openvpn/user/s7r] has left #openvpn [] 17:49 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has quit [Remote host closed the connection] 17:49 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 17:50 -!- mode/#openvpn [+v Axeman] by ChanServ 17:57 < Essobi> any seen reports of openvpn server wiping out non ifconfig-push lines from ccd/$usernames? 18:01 < Essobi> on/14 18:01 < Essobi> *cough* 18:07 -!- Axeman [~Axeman3@openvpn/user/axeman] has left #openvpn ["Leaving"] 18:09 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Quit: Computer has gone to sleep.] 18:11 <@vpnHelper> RSS Update - forum: What Linux Distro Has OpenVPN Installed? 18:12 < |Mike|> ??! 18:17 <@vpnHelper> RSS Update - forum: Windows 7 User Account Control Warning on each boot up? 18:50 -!- Denial [Denial@drgi.co.uk] has quit [] 19:00 -!- zalzice [~zalzice@25.79-160-109.customer.lyse.net] has quit [Read error: Operation timed out] 19:03 -!- zalzice [~zalzice@25.79-160-109.customer.lyse.net] has joined #openvpn 19:16 -!- koaschten [~koaschten@31-16-0-231-dynip.superkabel.de] has quit [Ping timeout: 252 seconds] 19:28 -!- tekzilla [~jon@hmbg-4d06cc62.pool.mediaWays.net] has quit [Ping timeout: 244 seconds] 19:30 -!- tekzilla [~jon@hmbg-5f77d3ce.pool.mediaWays.net] has joined #openvpn 19:37 -!- koaschten [~koaschten@31-16-0-231-dynip.superkabel.de] has joined #openvpn 19:49 -!- _julian [~quassel@hmbg-5f7609cf.pool.mediaWays.net] has joined #openvpn 19:51 -!- treund [~treund@97.75.177.42] has joined #openvpn 19:52 -!- _julian_ [~quassel@hmbg-5f76763a.pool.mediaWays.net] has quit [Ping timeout: 260 seconds] 20:13 -!- treund [~treund@97.75.177.42] has left #openvpn [] 20:32 -!- X0Rc0re [~chatzilla@58-7-130-107.dyn.iinet.net.au] has joined #openvpn 20:38 -!- zalzice [~zalzice@25.79-160-109.customer.lyse.net] has quit [Ping timeout: 260 seconds] 20:40 -!- zalzice [~zalzice@25.79-160-109.customer.lyse.net] has joined #openvpn 21:16 -!- X0Rc0re [~chatzilla@58-7-130-107.dyn.iinet.net.au] has quit [Quit: ChatZilla 0.9.88 [Firefox 8.0.1/20111120135848]] 21:19 -!- Gravitron [~admin@64.93.226.137] has joined #openvpn 21:19 -!- Gravitron [~admin@64.93.226.137] has quit [Changing host] 21:19 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 21:40 -!- Gravitro_ [~admin@69.163.40.45] has joined #openvpn 21:40 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Ping timeout: 245 seconds] 21:41 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 240 seconds] 21:47 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn 21:50 -!- a [d@ps38852.dreamhost.com] has joined #openvpn 21:50 -!- a is now known as Guest34739 21:55 -!- kokozedman [607fb67a@gateway/web/freenode/ip.96.127.182.122] has joined #openvpn 21:59 -!- kokozedman [607fb67a@gateway/web/freenode/ip.96.127.182.122] has quit [Ping timeout: 258 seconds] 22:08 -!- dioz [~dioz@2001:470:d:e3::1] has quit [Read error: Connection reset by peer] 22:08 -!- dioz [~dioz@2001:470:d:e3::1] has joined #openvpn 22:08 -!- mohi666 [~mohi@c-76-103-53-145.hsd1.ca.comcast.net] has joined #openvpn 22:11 -!- zz_mgorbach [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has quit [Read error: Connection reset by peer] 22:11 -!- mgorbachi [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has joined #openvpn 22:13 -!- johnpat [~johnpat@nj-71-2-36-131.dhcp.embarqhsd.net] has joined #openvpn 22:14 -!- johnpat [~johnpat@nj-71-2-36-131.dhcp.embarqhsd.net] has quit [Client Quit] 22:19 <@vpnHelper> RSS Update - forum: Slow CentoOS openvpn client connection to server 22:53 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 22:56 -!- vereteran [~vereteran@static.88-198-170-117.clients.your-server.de] has quit [Excess Flood] 22:56 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 22:58 -!- pwrcycle [~pwrcycle@173.214.160.92] has quit [Changing host] 22:58 -!- pwrcycle [~pwrcycle@unaffiliated/pwrcycle] has joined #openvpn 23:03 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 23:03 -!- vereteran [~vereteran@static.88-198-170-117.clients.your-server.de] has joined #openvpn 23:04 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 23:09 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 23:14 -!- catsup [d@ps38852.dreamhost.com] has quit [Quit: leaving] 23:17 -!- Guest34739 [d@ps38852.dreamhost.com] has quit [Quit: Reconnecting] 23:17 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn 23:24 -!- p3rror [~mezgani@2001:470:1f0b:c66:1::2] has quit [Ping timeout: 240 seconds] 23:24 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 23:24 <@vpnHelper> RSS Update - forum: Give users access to different individual private networks 23:28 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 23:42 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 23:46 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 23:50 -!- virtuaposta [~suraj@117.195.33.156] has joined #openvpn 23:51 < virtuaposta> Greetings!! 23:52 < virtuaposta> I am trying to authenticate openvpn users through openldap, but while connecting from client, I am getting this in logs : TCP: connect to [AF_INET]xxx.xxx.xxx.xxx:1194 failed, will try again in 5 seconds: Connection refused. Any help please --- Day changed Thu Jan 19 2012 00:03 -!- kokozedman [607fb67a@gateway/web/freenode/ip.96.127.182.122] has joined #openvpn 00:04 < kokozedman> hey guys, what is the most common way to shape an OpenVPN server? 00:06 < kokozedman> it seems that the server is sending out data at a much faster, too fast, that at the client ... the speed peaks-out, then goes down, then up and down, and so on 00:06 < kokozedman> when it does down, it really goes down to 0 00:06 < kokozedman> then it ramps back up 00:11 -!- kokozedman [607fb67a@gateway/web/freenode/ip.96.127.182.122] has quit [Quit: Page closed] 00:16 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 00:21 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 00:32 -!- l0rd_hex [~rubit_man@S0106000024c61290.ed.shawcable.net] has left #openvpn ["just e to the step, flick it, stick it and cyalatabye!"] 00:47 -!- zeshoem [~zee@108.162.156.19] has joined #openvpn 01:09 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has joined #openvpn 01:13 <@vpnHelper> RSS Update - forum: Active directory and user groups 01:15 -!- hkais [~xenoadmin@stgt-4d02e95b.pool.mediaWays.net] has joined #openvpn 01:27 -!- raa [~nag@42.79-160-154.customer.lyse.net] has quit [Read error: Connection reset by peer] 01:28 -!- raa [~nag@42.79-160-154.customer.lyse.net] has joined #openvpn 01:31 -!- cconstantine_ is now known as cconstantine 01:35 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 01:39 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 01:43 <@vpnHelper> RSS Update - forum: Give users access to different individual private networks || one Public IP => multiple VLANs (one per department) 01:44 <+EugeneKay> ^^ that guy needs a ccd and some firewall rules 01:46 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has quit [Ping timeout: 260 seconds] 01:49 -!- hkais [~xenoadmin@stgt-4d02e95b.pool.mediaWays.net] has left #openvpn ["PART #android-dev :JOIN #postfix-de"] 02:03 < virtuaposta> hi all 02:03 < virtuaposta> ovpn-client: read UDPv4 [ECONNREFUSED]: Connection refused (code=111) 02:03 < virtuaposta> can connect using my conf file but unable to connect via network-manager openvpn setup 02:12 -!- virtuaposta [~suraj@117.195.33.156] has quit [Ping timeout: 248 seconds] 02:13 -!- virtuaposta [~suraj@117.195.33.156] has joined #openvpn 02:36 < Olipro> that would likely be because the network manager setup is different 02:51 -!- jhp [~jhp@zeus.jhprins.org] has quit [Ping timeout: 252 seconds] 03:02 -!- Azrael808 [~peter@212.161.9.162] has joined #openvpn 03:04 -!- mohi666 [~mohi@c-76-103-53-145.hsd1.ca.comcast.net] has quit [Ping timeout: 240 seconds] 03:16 -!- dazo_afk is now known as dazo 03:26 <@vpnHelper> RSS Update - forum: Simple connection does not work 03:33 <@vpnHelper> RSS Update - forum: Internet Speed with and without OpenVPN || Routed OpenVPN between two subnets 03:33 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 03:34 -!- Intensity [6zNDP14Gi1@unaffiliated/intensity] has quit [Ping timeout: 255 seconds] 03:38 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 03:38 -!- leno81 [~leno81@208.111.39.186] has joined #openvpn 03:39 < leno81> My server profider has given me a /64 ipv6 subnet 03:40 < hyper_ch> lucky you :) 03:40 < leno81> how do i give connecting clients an ipv6 public ip? 03:40 < hyper_ch> !ipv6 03:40 < leno81> have it running with standard ip4 atm 03:40 <@vpnHelper> "ipv6" is (#1) http://www.greenie.net/ipv6/openvpn.html for ipv6 payload patch (adds some nice ipv6 options) or (#2) see !snapshots for a release with ipv6 patches in it, report how it works to help it get included in a stable release 03:41 < leno81> !snapshots 03:41 <@vpnHelper> "snapshots" is (#1) weekly dev snapshots are available from ftp://ftp.secure-computing.net/pub/openvpn or (#2) by helping test these features, and reporting back on either of the mailing lists, you can help these features become part of the stable branch 03:41 < hyper_ch> but isn't the whole point of a vpn to have not public ips? 03:42 < leno81> i mean i'd like to give each client their own uniquie ip6 address 03:43 < hyper_ch> I don't know anything about ipv6 03:43 < leno81> it is confusing 03:43 < virtuaposta> hi all, facing some issues with openvpn+openldap setup 03:44 < virtuaposta> PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /usr/lib/openvpn/openvpn-auth-ldap.so 03:44 < virtuaposta> anyone? 03:44 < hyper_ch> !welcome 03:44 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 03:44 < leno81> maybe i should just use tap 03:44 < hyper_ch> !tunortap 03:44 <@vpnHelper> "tunortap" is (#1) you ONLY want tap if you need to pass layer2 traffic over the vpn (traffic destined for a MAC address). If you are using IP traffic you want tun. Dont waste the extra overhead. or (#2) and if your reason for wanting tap is windows shares, see !wins or (#3) also remember that if someone gets access to any side of a tap vpn they can use layer2 attacks like arp poisoning against you over 03:44 <@vpnHelper> the vpn or (#4) lan gaming? use tap! 03:48 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 03:49 <@dazo> virtuaposta: check the log files for the openvpn-auth-ldap plug-in ... most likely it was a) not able to connect to the LDAP server, b) could not query the LDAP server (wrong bind address?), c) username and/or password was wrong 03:49 < hyper_ch> hi dazo 03:49 <@dazo> leno81: what do you want to do? just IPv6 or IPv6 through a VPN tunnel? 03:49 <@dazo> hyper_ch: hey! 03:50 < hyper_ch> dazo: what news do you bring? 03:50 -!- defsdoor [~andy@cpc17-sutt4-2-0-cust175.perr.cable.virginmedia.com] has joined #openvpn 03:50 -!- noisebleed [~quassel@kermit.inescn.pt] has joined #openvpn 03:50 -!- noisebleed [~quassel@kermit.inescn.pt] has quit [Changing host] 03:50 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has joined #openvpn 03:50 <@dazo> hyper_ch: that the world seems to start yet another day, with the same usual world problems as ever? ;-) 03:51 < hyper_ch> dazo: like more senators dropping SOPA support? 03:51 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 03:51 <@dazo> dazo: nah, they're not dropping it after all ... just postponing it for February 03:51 < hyper_ch> dazo: why do you highlight yourself? 03:52 * dazo don't do that ... 03:52 <@dazo> ahh 03:52 <@dazo> duh! 03:52 <@dazo> too early! 03:52 < hyper_ch> hehehe :) 03:52 * dazo is still waking up :) 03:52 < leno81> im not sure why all these websites are blacking out, obama said he wont sign it 03:52 < hyper_ch> isn't it time for internet2 to pop up before internet1 gets regulated beyond recognition? 03:54 <@dazo> leno81: well, SOPA is one thing, PIPA is something very similar ... and this is to give some strong signals that the those lobbying (and paying) for such regulations will not get it easy 03:55 <@vpnHelper> RSS Update - forum: Internet Speed with and without OpenVPN 03:56 <@dazo> leno81: this is just as much a fight about Intellectual Property (IP) as well ... which is really making innovation difficult, as with IP comes patents .... and with patents, it's a short leap to software patents 03:56 <@dazo> . 03:56 < hyper_ch> I don't believe in Imaginary Property 03:57 <@dazo> It looks less dangerously if you just see SOPA/PIPA in a limited perspective (which the pro-SOPA advocates very well for) ... but it opens up for so much other troubles, which not just can but will be abused in the future 04:01 -!- Intensity [50OWyeK641@unaffiliated/intensity] has joined #openvpn 04:12 -!- p3rror [~mezgani@41.205.221.206] has joined #openvpn 04:22 -!- master_of_master [~master_of@p57B55B13.dip.t-dialin.net] has quit [Ping timeout: 248 seconds] 04:24 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Quit: UnterPerro] 04:24 -!- master_of_master [~master_of@p57B52D8D.dip.t-dialin.net] has joined #openvpn 04:25 < leno81> anyone have any idea how to get the openvpn server to dole out ipv6 addresses to clients? 04:28 -!- sebyrock [~lazz.salv@2-228-122-114.ip191.fastwebnet.it] has joined #openvpn 04:28 < sebyrock> hi all 04:30 < sebyrock> is possible syncronize more people into VPN? 04:32 < virtuaposta> hi dazo yes the password was encrypted and thus not accepting, made entry in plane text and it at least access ldap but now I am under this error : TLS Error: TLS handshake failed any guidance over this? 04:32 <@dazo> leno81: did you read !ipv6? 04:33 <@dazo> !ipv6 04:33 <@vpnHelper> "ipv6" is (#1) http://www.greenie.net/ipv6/openvpn.html for ipv6 payload patch (adds some nice ipv6 options) or (#2) see !snapshots for a release with ipv6 patches in it, report how it works to help it get included in a stable release 04:33 -!- ScriptFan [~bofh@LLagny-156-34-26-176.w80-14.abo.wanadoo.fr] has joined #openvpn 04:33 <@dazo> leno81: and you must use a openvpn snapshot release ... openvpn v2.2 or earlier does not support ipv6 in this regard 04:34 <@dazo> virtuaposta: you need to share complete logs 04:34 <@dazo> !logs 04:34 <@vpnHelper> "logs" is (#1) is please pastebin your logfiles from both client and server with verb set to 5 or (#2) In Tunnelblick, right-click and select copy to copy log text to clipboard. 04:34 <@dazo> !pastebin 04:34 <@vpnHelper> Miscellany || Someone || OS X keychain patch 04:34 <@dazo> ?? 04:35 <@dazo> !factoids search pastebin 04:35 <@vpnHelper> "pastebin" is please paste anything with more than 5 lines into pastebin or a similar website 04:35 < virtuaposta> pastebinin dazo give me few moments pleas 04:35 < virtuaposta> *please 04:36 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 04:36 -!- Intensity [50OWyeK641@unaffiliated/intensity] has quit [Ping timeout: 255 seconds] 04:40 -!- suraj_ [~suraj@117.195.45.240] has joined #openvpn 04:40 -!- leno81 [~leno81@208.111.39.186] has quit [Read error: Connection reset by peer] 04:40 -!- suraj_ [~suraj@117.195.45.240] has quit [Client Quit] 04:40 -!- leno81 [~leno81@208.111.39.186] has joined #openvpn 04:42 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 04:42 -!- virtuaposta [~suraj@117.195.33.156] has quit [Ping timeout: 245 seconds] 04:43 -!- virtuaposta [~suraj@117.195.45.240] has joined #openvpn 04:43 < virtuaposta> dazo, here are the logs : http://pastebin.com/PxJHVstt 04:44 <@dazo> virtuaposta: that's not a complete log ... and verb is not high enough 04:46 -!- Araluccl1 [~lallo@151.77.69.93] has quit [Quit: Anche il discorsismo ha un limitismo.] 04:47 -!- Araluccl0 [~lallo@151.77.69.93] has joined #openvpn 04:47 < virtuaposta> dazo, I collected logs from last connection attempt, let me increase the verbosity and provide you with more detailed logs 04:52 -!- aaaaaaaaaaaaaasd [~leno81@124.78.163.178] has joined #openvpn 04:52 -!- aaaaaaaaaaaaaasd is now known as danniel 04:53 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn 04:53 -!- mode/#openvpn [+v s7r] by ChanServ 04:53 -!- leno81 [~leno81@208.111.39.186] has quit [Ping timeout: 276 seconds] 04:54 < virtuaposta> dazo, current logs for last attempt : http://pastebin.com/aD9ZBV4B let me know in case need to collect more 04:55 <@dazo> still not a *complete* log file 04:55 <@dazo> from the top of where OpenVPN starts 04:56 <@dazo> and still doesn't look like verb 4 04:56 <@dazo> or verb 5 04:56 < virtuaposta> dazo, its verb 4 i am using and logs are from the point where openvpn restarted :( 04:56 <@dazo> anyhow 04:56 <@dazo> O' 04:57 <@dazo> I'm missing the line where it says version information, and a dump of the parsed config file ... so this is not complete 04:57 < virtuaposta> let me give you complete vpn.log but it may include non-essential stuffs as well 04:57 <@dazo> Thu Jan 19 16:18:35 2012 us=976782 123.234.345.456:35791 PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /usr/lib/openvpn/openvpn-auth-ldap.so 04:57 <@dazo> Thu Jan 19 16:18:35 2012 us=976818 123.234.345.456:35791 TLS Auth Error: Auth Username/Password verification failed for peer 04:57 <@dazo> let me determine what's non-essential 04:57 <@dazo> but from what I see ... still LDAP issues here 04:59 < danniel> i just want to use openvpn as an ipv6 tunnel broker 04:59 < danniel> with ip4 as carrier 05:00 < danniel> my isp that my client laptop uses doesnt support ip6 but my vps isp does 05:01 <@dazo> !ipv6 05:01 <@vpnHelper> "ipv6" is (#1) http://www.greenie.net/ipv6/openvpn.html for ipv6 payload patch (adds some nice ipv6 options) or (#2) see !snapshots for a release with ipv6 patches in it, report how it works to help it get included in a stable release 05:01 <@dazo> !snapshot 05:01 <@dazo> danniel: ^^^ 05:02 < virtuaposta> dazo, http://pastebin.com/66zgGn1P 05:03 <@dazo> virtuaposta: look at line 301-305 .... that's LDAP troubles ... you need to sort out that ... and that's not an OpenVPN issue 05:06 -!- Denial [Denial@drgi.co.uk] has joined #openvpn 05:07 -!- Intensity [bgdh4rG9xt@unaffiliated/intensity] has joined #openvpn 05:08 -!- virtuaposta [~suraj@117.195.45.240] has quit [Ping timeout: 240 seconds] 05:11 <@vpnHelper> RSS Update - forum: Computer Repair... 05:18 -!- danniel [~leno81@124.78.163.178] has quit [Read error: No route to host] 05:18 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 05:19 < epsilon> !ccd 05:19 <@vpnHelper> "ccd" is entries that are basically included into server.conf, but only for the specified client based on common-name. use --client-config-dir to enable it, then put the config options for the client in /common-name 05:20 < epsilon> how do I actually assign a client to a specific ccd? 05:21 -!- virtuaposta [~suraj@117.195.35.13] has joined #openvpn 05:23 < virtuaposta> ... 05:24 <+EugeneKay> epsilon - read the man page entry for --client-config-dir ;-) 05:25 -!- Deathvalley122 [~Death@localtel.eagleits.net] has quit [Excess Flood] 05:25 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 05:26 -!- Deathvalley122 [~Death@localtel.eagleits.net] has joined #openvpn 05:27 < epsilon> god, via filename... strange idea 05:29 <+EugeneKay> What would you suggest? Via magic? 05:29 <@vpnHelper> RSS Update - forum: Route problems in Windows 7/2008 05:29 < epsilon> a line like "commonname XYZ" in file 05:30 <+EugeneKay> So what would you name the files, then? 05:32 < epsilon> anything? My first thought was openvpn is parsing the config at startup, or on connect and applies the client-config... naver mind 05:35 <+EugeneKay> It reads them at connect time. 05:43 -!- virtuaposta [~suraj@117.195.35.13] has quit [Ping timeout: 252 seconds] 06:04 < defsdoor> epsilon, makes more sense also if you see what ccd-exclusive does 06:05 < defsdoor> quickest and simplest solution is to use the filesystem as a database - means external scripts etc.. can update the ccd settings without needing to reload a config 06:22 -!- Mowee [~Mowi@lendabrain.net] has quit [Quit: I don't discriminate, I hate everyone.] 06:25 -!- Mowee [~Mowi@lendabrain.net] has joined #openvpn 06:32 -!- caemir [~caemir@unaffiliated/caemir] has quit [Ping timeout: 240 seconds] 06:33 -!- CatKiller [~be@91.123.228.52] has joined #openvpn 06:33 < CatKiller> Hi there! 06:35 < CatKiller> I have a quick question about OpenVPN on Linux (Ubuntu 10.04): I am trying to restrict network access to specific users by using the "ccd" directory and following the official howto (chapter: "Configuring client-specific rules and access policies"). Everything seems fine, except that when the client connects, the "ccd" configuration does not seem to be used. 06:35 < CatKiller> There is one thing I think could be the issue: The "CN" of this client certificate has a space in it "FirstName LastName" 06:36 < CatKiller> I have the corresponding ccd file as /etc/openvpn/ccd/FirstName LastName 06:36 <+EugeneKay> OpenVPN normalizes CNs to use underscore(_) for invalid characters 06:36 < CatKiller> Is there something I'm missing? 06:36 < CatKiller> Hi Eugene, 06:37 <+EugeneKay> Try using ccd/First_Name 06:37 < CatKiller> Ok, so should I change the ccd file name to FirstName_LastName? 06:37 <+EugeneKay> Er, ccd/First_Last 06:37 <+EugeneKay> Correct. 06:37 < CatKiller> thanks! 06:37 <+EugeneKay> I *think* it uses the same normalization when looking for CNs as it does for scripts(see --no-name-remapping) 06:37 < CatKiller> Outstanding 06:37 < CatKiller> All ok now 06:38 < CatKiller> thanks a million 06:38 <+EugeneKay> Sure. 06:38 <+EugeneKay> I recommend sticking to [a-zA-Z0-9.] for CNs 06:38 < CatKiller> Momment of truth now (testing filtering). 06:38 < CatKiller> Yep. it was my first attempt, I wasn't too sure. 06:38 < CatKiller> I'll do that from now on 06:38 <+EugeneKay> I think @ is also valid 06:39 < CatKiller> (Just don't feel like reissuing the certificate on this one) 06:39 <+EugeneKay> You can use alternative subjet names for stuff like First Last name 06:39 <+EugeneKay> I'm not a fan of using @ in CNs because they're a special character in most shells 06:39 <+EugeneKay> At least, stuff like rsync :-p 06:39 < CatKiller> Yes I think I'll just stick with a short all lowercase name 06:40 < CatKiller> I just "modeled" it on various CNs I had seen on web certificatesd 06:40 <+EugeneKay> A decent model, usually. 06:40 < CatKiller> True 06:40 < CatKiller> filtering works as well. Tis great. One question though: 06:40 < CatKiller> I am a bit weary of filtering with a source IP 06:40 < CatKiller> Is it safe? I mean is there no way to spoof your source tunnel IP address in OpenVPN? 06:41 < CatKiller> the 10.8.0.0/24 source IP is allowed to access the entire network 06:41 < CatKiller> while the contractor in question has a 10.8.10.0/24 IP 06:42 < CatKiller> and a filter is in place when the source is not 10.8.0.0/24 06:42 <+EugeneKay> I'm not 100% on the underlying code, but I believe ccd-on-CN+iptables is "secure enough" for filtering. AFAIK, the server won't accept any client-spoofed IPs, just the one it pushes(if you're configured to push the ifconfig stuff) 06:42 < CatKiller> It's configured to push it 06:42 < CatKiller> great, that's pretty much what I wanted to know 06:42 <+EugeneKay> A more reliable way to do it is to use different OpenVPN instances 06:42 < CatKiller> so long as there is some mechanism to do it 06:42 < CatKiller> Very true 06:43 < CatKiller> However I may be having up to 10 different access types 06:43 <+EugeneKay> With static tun devices you can filter the whole block+adapter 06:43 < CatKiller> Then you're pretty sure that's true 06:43 < CatKiller> but if the IP is not easilly spoofable 06:43 < CatKiller> that's secure enough (for what I am using it for) 06:43 <+EugeneKay> Not enough to put money/a contract on it, but secure enough. 06:44 <+EugeneKay> Use the mailing list / find somebody who does the internals 06:44 < CatKiller> at the end of the day, we trust this contractor enough, it's simply to avoid "easy" hacks or inadvertent access to the contractor 06:44 < CatKiller> Thanks a lot 06:44 < CatKiller> will do 06:44 < CatKiller> Although after what you told me, since there is at least one mechanism to stop it it means to me that some precautions were taken 06:44 <+EugeneKay> "Defense in depth" 06:45 < CatKiller> The contractor is not going to try and hack us, just want to make sure that if someone was to get a hold of his certificate he couldn't easilly just grab everything 06:45 < CatKiller> I was given no time budget to do this so I'm not going to go the extra mile this time ;) 06:45 <+EugeneKay> Hehe 06:45 < CatKiller> I'll do the bare minimum 06:45 <+EugeneKay> Sounds like you're good, though. 06:45 < CatKiller> Thanks a lot for your help anyways! 06:46 < CatKiller> Not really. Learning mainly. I'm not a sysadmin really. We simply don't have one. 06:46 < CatKiller> Coding is mostly my job. 06:48 -!- Tixos [~sg@95.140.125.31] has joined #openvpn 06:48 < Tixos> hey, can someone tell me more about this error 06:48 < Tixos> Thu Jan 19 12:02:01 2012 read UDPv4 [EHOSTUNREACH]: No route to host (code=113) 06:48 <+EugeneKay> Tixos: https://en.wikipedia.org/wiki/ICMP_Destination_Unreachable 06:48 <@vpnHelper> Title: ICMP Destination Unreachable - Wikipedia, the free encyclopedia (at en.wikipedia.org) 06:48 < Tixos> after between 10-20 of this error, i get this line and a SIGUSR for restart 06:48 -!- cpm [~Chip@pdpc/supporter/active/cpm] has joined #openvpn 06:48 -!- stevieman [~Rob@72.38.184.18] has quit [Ping timeout: 240 seconds] 06:48 < Tixos> Thu Jan 19 12:03:49 2012 [server] Inactivity timeout (--ping-restart), restarting 06:50 < Tixos> EugeneKay: im not a provider, i am getting this error and i have contacted them, just wondering if you can explain why this might happen? seems to happen around the 1hour mark 06:51 <+EugeneKay> Stateful firewalls somewhere in between, router misconfiguration, rabid weasels in your undergarments.... 06:51 < Tixos> hmm 06:51 < Tixos> not a server issue ? 06:51 <+EugeneKay> Not necessarily, but possibly. 06:51 < Tixos> anyway to debug? 06:52 < Tixos> ive been trying to debug with him, 06:52 < Tixos> i went to running client from shell because i was told it was probably 'network manager' 06:52 <+EugeneKay> Regular MTR may give some indication about where the issue is, but not really, no. 06:53 <+EugeneKay> The fact that the connection works for an hour, then resets, tells me that it's probably some sort of funky firewall mechanism implemented by your ISP, but it could as easily be space aliens eating the packets. 06:54 <+EugeneKay> (this actually can happen: high-energy cosmic rays flip a coupla bits in a router or induce crosstalk in a copper GbE connection somewhere) 06:54 < Tixos> seems madness 06:55 < Tixos> it never used to happen 06:55 < Tixos> and he has recetly changed some scripting i think 06:55 <+EugeneKay> It boggles my mind that technology works to begin with. ;-) 06:56 <+EugeneKay> Without a server log there really isn't much I can tell you past that 06:56 < Tixos> ok thanks :) 06:56 < Tixos> anotehr question, someone here told me to use 'route' to check stats of my connection 06:57 < Tixos> im not quite sure of the expected output from it, without vpn enabled there is only eth0 interface, and with i have tun0, but should the VPN server IP be on the same line as the eth0 interface? 06:57 <@vpnHelper> RSS Update - forum: No local connection anymore when OpenVPN bridged enabled 07:03 <+s7r> ecrist: you there? 07:07 < ecrist> I am 07:07 < ecrist> just got here. 07:07 -!- cpm [~Chip@pdpc/supporter/active/cpm] has quit [Quit: cpm] 07:08 -!- corretico [~luis@190.211.93.11] has quit [Ping timeout: 240 seconds] 07:08 -!- corretico [~luis@190.211.93.11] has joined #openvpn 07:10 < ecrist> s7r: what's up? 07:12 <+s7r> hy. i wanted to ask you something. I have a vps with 2 public IP addr . can I config openvpn to listen on one, and assign the other one to client? i only need 1 concurent client at a time 07:13 < ecrist> not directly, no 07:13 <+EugeneKay> !nat 07:13 <@vpnHelper> "nat" is (#1) http://openvpn.net/howto.html#redirect for an explanation of NAT as it applies to openvpn or (#2) http://www.secure-computing.net/wiki/index.php/OpenVPN/FAQ#Traffic_forwarding_doesn.27t_work_when_using_client_specific_access_rules or (#3) dont forget to turn on ip forwarding or (#4) please choose between !linnat !winnat and !fbsdnat for specific howto 07:13 < ecrist> you'll run into issues handing out IPs on the same subnet as your server IP 07:14 <+s7r> i had from my ISP 07:14 <+EugeneKay> You'll need to use SNAT, though you can just do vanilla MASQUERADEing. 07:14 <+s7r> a server with /29 07:14 <+EugeneKay> (and use just the one IP) 07:14 <+s7r> and it could assign me public IP directly 07:15 <+EugeneKay> If you have a netblock routed TO your server, you can hand that block out via OpenVPN, or any other mechanism. But on-link subnets you can't do that, because the upstream router doesn't know how to do it. 07:16 <+EugeneKay> You can try stupid things like proxy-arp, but they're stupid and painful. 07:16 <+s7r> ok thanks 07:16 <+s7r> i didn't know how they did it 07:17 <+s7r> i think they had upstream router configured to know how to handle the /29 block 07:17 <+EugeneKay> Likely. 07:29 * ecrist would use FreeBSD and pf with binat 07:29 < ecrist> :) 07:34 -!- kokozedman [607fb67a@gateway/web/freenode/ip.96.127.182.122] has joined #openvpn 07:35 < kokozedman> hello again guys... 07:35 < kokozedman> anyone with some kind of cookbook traffic shapping for OpenVPN? 07:36 < kokozedman> my server is sending data to my clients at a much too fast rate, and things gets buffered (i guess) 07:36 < kokozedman> and things tend to melt down over and over again 07:38 < reiffert_> !howto 07:38 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror 07:39 < reiffert_> sorrz. 07:39 < reiffert_> !man 07:39 <@vpnHelper> "man" is (#1) http://openvpn.net/man for 2.0 manual or (#2) http://openvpn.net/man-beta.html for 2.1 manual or (#3) http://openvpn.net/index.php/open-source/documentation/manuals/427-openvpn-22.html for 2.2 manual or (#4) the man pages are your friend! 07:39 < reiffert_> !factoids search --values shape 07:39 <@vpnHelper> No keys matched that query. 07:39 < reiffert_> !factoids search shape 07:39 <@vpnHelper> No keys matched that query. 07:39 < reiffert_> see --shaper in the manpage. 07:42 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has joined #openvpn 07:43 < kokozedman> reiffert_: problem is, that doesn't work in server mode 07:43 < reiffert_> prove. 07:45 < kokozedman> reiffert_: or has that changed in newer versions? look here: https://forums.openvpn.net/topic7686.html 07:45 <@vpnHelper> Title: OpenVPN Support Forum --shaper and --server together : Wishlist (at forums.openvpn.net) 07:47 < kokozedman> i'm using 2.2.0 on Ubuntu server 11.10 07:48 < reiffert_> dazo: any comments on kokozedman? 07:48 * dazo looks 07:49 <@dazo> kokozedman: that's basically not a openvpn problem. OpenVPN is like a virtual network cable, and you can't traffic shape that cable directly ... you need to do that via 'tc' (in Linux) or similar OS dependent tools 07:50 < reiffert_> so what is the --shaper option used for then? 07:50 < kokozedman> dazo: yes, i have been reading about that a lot lately... but i'm not sure how to cope with tc... at least, none worked for me so far 07:50 < kokozedman> so, i'm currently been looking if there is a kind of generic ways 07:51 <@dazo> reiffert_: it was an attempt, but it's only partly useful traffic being sent out, on the side it is configured .... I imagine that shaper crap will be taken out of openvpn at some point, as it's not really delivering what people expect these days 07:51 <@dazo> kokozedman: 07:51 <@dazo> kokozedman: tc is the generic way 07:51 < kokozedman> because i'm thinking i'm not the only person who has come across this problem, and i thought may be, there is already a kind of template for tc, specially meant for folks of the OpenVPN 07:52 < reiffert_> what about tc on windows and bsd? 07:52 <@dazo> reiffert_: then you need to use whatever tools those platforms supports 07:52 < kokozedman> dazo: yes, i agree... but just thought someone already thought about creating a kind of cookbook page on tc, FOR OpenVPN 07:53 < kokozedman> reiffert_: windows has a bunch of traffic limiting softwares 07:54 <@dazo> kokozedman: I'm not that active in this channel, so I can't say anything to how often this pops up here ... but it comes from time to time, and none which I know of have published any how-tos, blogs or wikis for that 07:54 < kokozedman> i see 07:55 <@dazo> kokozedman: having that said, if you want your 15 min of fame, please dig deep on this topic and you can publish such an article (the community wiki is an alternative if you don't have your own) ... and you'll do us all a great favour :) 07:56 < kokozedman> :) 07:59 <@vpnHelper> RSS Update - forum: Give users access to different individual private networks 08:01 -!- zokko [bbajorek@unaffiliated/zokko] has joined #openvpn 08:01 < zokko> hi guys 08:05 < zokko> anyone can help with routing? 08:05 < zokko> i have 10.8.0.0 subnet on tun0 and 192.168.2.0/24 on eth0 08:06 < zokko> i need client from 10.8.* to reach 192.168.2.* 08:06 < zokko> how can i achieve it? 08:09 < rob0> as long as each side knows how to reach the other, and the openvpn server is doing packet forwarding, it works. 08:09 < rob0> !route 08:09 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT or (#3) See !tcpip for more info about a more basic networking guide 08:20 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 08:21 < zokko> rob0: i can ping only one ip on 192.168.2.0/24 08:21 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Client Quit] 08:29 -!- noisebleed_ [~quassel@lula.inescn.pt] has joined #openvpn 08:29 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has quit [Ping timeout: 248 seconds] 08:31 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 08:35 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 08:38 < zokko> i made it 08:38 < zokko> rob0: thank for that doc 08:38 < zokko> s/thank/thanks 08:39 < rob0> great, congrats 08:39 -!- p3rror [~mezgani@41.205.221.206] has quit [Ping timeout: 260 seconds] 08:45 -!- dazo is now known as dazo_afk 08:47 <@vpnHelper> RSS Update - forum: What Linux Distro Has OpenVPN Installed? || Slow CentoOS openvpn client connection to server || Internet Speed with and without OpenVPN 08:49 -!- dazo_afk is now known as dazo 08:50 < kokozedman> i'm using the ipp.txt file (which is describled in the howto) ... but the strange thing is that IP addresses the Openvpn puts in that file does not reflect the reality 08:50 < kokozedman> for example, for my common name, i see 10.8.0.4 ... but in reality, my address is actually 10.8.0.6 08:50 < kokozedman> why is that? 08:51 <@dazo> kokozedman: probably it tells about the /30 net it has assigned 08:51 <@dazo> !/30 08:51 <@vpnHelper> "/30" is (#1) http://openvpn.net/index.php/open-source/faq/77-server/273-qifconfig-poolq-option-use-a-30-subnet-4-private-ip-addresses-per-client-when-used-in-tun-mode.html (sorry for the long link, they wont fix the anchors) explains why routed clients each use 4 ips or (#2) you can avoid this behavior by reading !topology or (#3) so by default, first client is .6, then .10 .14 .18 etc etc or (#4) use 08:51 <@vpnHelper> openvpn --show-valid-subnets to see the subnets you can use in net30 08:52 -!- Axeman [~Axeman3@198.105.46.46] has joined #openvpn 08:52 -!- Axeman [~Axeman3@198.105.46.46] has quit [Changing host] 08:52 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 08:52 -!- mode/#openvpn [+v Axeman] by ChanServ 08:52 -!- p3rror [~mezgani@41.137.254.45] has joined #openvpn 08:53 < kokozedman> dazo: i see, thanks for the heads-up 08:53 <@vpnHelper> RSS Update - forum: I connect but I see the network 08:53 -!- Axeman [~Axeman3@openvpn/user/axeman] has left #openvpn [] 08:59 <@vpnHelper> RSS Update - forum: Error using tun4 09:02 -!- kokozedman [607fb67a@gateway/web/freenode/ip.96.127.182.122] has quit [Ping timeout: 258 seconds] 09:07 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has joined #openvpn 09:11 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 09:16 -!- Harley [~Harley@110.184.82.154] has joined #openvpn 09:18 -!- Harley [~Harley@110.184.82.154] has quit [Remote host closed the connection] 09:18 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 09:25 -!- dimir [~dimir@dimir.eu] has quit [Read error: No route to host] 09:35 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has quit [Ping timeout: 260 seconds] 09:41 -!- s7r [~s7r@openvpn/user/s7r] has left #openvpn [] 09:42 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 09:42 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has joined #openvpn 09:48 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 09:52 <@vpnHelper> RSS Update - forum: Can OpenVPN be installed on Linux? || [Help] Secure or Not? 09:53 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 252 seconds] 09:55 -!- _julian [~quassel@hmbg-5f7609cf.pool.mediaWays.net] has quit [Ping timeout: 244 seconds] 09:58 <@vpnHelper> RSS Update - forum: Can OpenVPN be installed on Linux? 09:59 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 10:11 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has quit [Quit: This computer has gone to sleep] 10:17 -!- tekzilla [~jon@hmbg-5f77d3ce.pool.mediaWays.net] has quit [Ping timeout: 248 seconds] 10:19 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 10:20 -!- Harley [~Harley@182.149.75.32] has joined #openvpn 10:21 -!- leno81 [~leno81@208.111.39.186] has joined #openvpn 10:22 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 10:24 -!- crissi- [crissi@wohnt.auf.Deep-Space-Nine.eu] has joined #openvpn 10:24 < crissi-> hello 10:24 -!- diemaco [~doom@2001:470:1d:5d8:4c8e:9396:7d4a:cdc3] has joined #openvpn 10:25 -!- Harley [~Harley@182.149.75.32] has quit [Ping timeout: 276 seconds] 10:25 < leno81> hello 10:25 < crissi-> i have a problem running openvpn in bridging mode (udp, no encryption)... its slow (~ 200/s). 10:25 < crissi-> where to search for ther problem? 10:26 < crissi-> the client is a small router (wrt54gl) but cpu is only about 19% 10:28 <+EugeneKay> "in bridging mode" <---- there's your problem ;-) 10:28 < crissi-> huh? 10:28 < crissi-> why that should be a problem? 10:28 <+EugeneKay> Because bridging mode is crap. 10:29 < crissi-> its only to connect some networks together.. should not a problem with speed 10:29 <+EugeneKay> You might only be eating 19% cpu, but you're inserting connection-lag between layer 2 and layer 3. Normally the lag on that portion is the time it takes for the packet to make it from your NIC's copper port to the CPU ;-) 10:29 < crissi-> hm 10:30 <+EugeneKay> If you're running openvpn on the routers of both networks anyway, use routing. Really. 10:30 <+EugeneKay> !tunortap 10:30 <@vpnHelper> "tunortap" is (#1) you ONLY want tap if you need to pass layer2 traffic over the vpn (traffic destined for a MAC address). If you are using IP traffic you want tun. Dont waste the extra overhead. or (#2) and if your reason for wanting tap is windows shares, see !wins or (#3) also remember that if someone gets access to any side of a tap vpn they can use layer2 attacks like arp poisoning against you 10:30 <@vpnHelper> over the vpn or (#4) lan gaming? use tap! 10:30 < crissi-> i use tap 10:31 <+EugeneKay> Bad juju ;-) 10:33 < crissi-> tun is better in speed case? 10:33 < crissi-> i need bridging because arp and so on 10:33 < crissi-> dhcp, eg 10:34 < pwrcycle> crissi-: no, use tun like he says. 10:35 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has quit [Read error: Operation timed out] 10:38 -!- danniel [~leno81@124.78.163.178] has joined #openvpn 10:38 < danniel> . 10:38 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 10:39 -!- leno81 [~leno81@208.111.39.186] has quit [Ping timeout: 245 seconds] 10:40 -!- sebyrock [~lazz.salv@2-228-122-114.ip191.fastwebnet.it] has quit [Quit: etciù] 10:42 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has quit [Quit: Leaving] 10:42 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 10:58 < danniel> 2.2.0-3.el6.rf is latest stable? 10:59 -!- ibins [~Michael@2001:6f8:1c60:7777:21a:4dff:fe66:600c] has joined #openvpn 11:04 -!- beerbro [~gustav@unaffiliated/beerbroy] has quit [Excess Flood] 11:06 -!- beerbro [~gustav@109.75.189.98] has joined #openvpn 11:08 < hyper_ch> good evening 11:09 -!- danniel [~leno81@124.78.163.178] has quit [] 11:09 -!- leno81 [~leno81@208.111.39.186] has joined #openvpn 11:09 < leno81> evening 11:10 -!- Azrael808 [~peter@212.161.9.162] has quit [Ping timeout: 252 seconds] 11:11 -!- beerbro [~gustav@109.75.189.98] has quit [Changing host] 11:11 -!- beerbro [~gustav@unaffiliated/beerbroy] has joined #openvpn 11:14 <@vpnHelper> RSS Update - forum: Routed OpenVPN between two subnets 11:19 < leno81> i dont quite understand what the latest stable version is 11:19 < leno81> what is version 2.3-2 11:19 < leno81> from repos.openvpn.net-CentOS6-snapshots 11:20 < leno81> but on the main website it says stable version is 2.2.2 11:21 -!- danniel [~leno81@208.111.39.186] has joined #openvpn 11:21 -!- leno81 [~leno81@208.111.39.186] has quit [Read error: Connection reset by peer] 11:22 -!- danniel [~leno81@208.111.39.186] has quit [Client Quit] 11:22 -!- leno81 [~leno81@208.111.39.186] has joined #openvpn 11:22 -!- Tixos [~sg@95.140.125.31] has quit [Quit: Leaving.] 11:23 -!- noisebleed [~quassel@lula.inescn.pt] has joined #openvpn 11:23 -!- noisebleed [~quassel@lula.inescn.pt] has quit [Changing host] 11:23 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has joined #openvpn 11:24 -!- noisebleed_ [~quassel@lula.inescn.pt] has quit [Ping timeout: 252 seconds] 11:26 <@vpnHelper> RSS Update - forum: I connect but I see the network 11:28 -!- tekzilla [~jon@hmbg-5f77d3ce.pool.mediaWays.net] has joined #openvpn 11:29 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Ping timeout: 252 seconds] 11:30 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 11:30 < leno81> !snapshot 11:30 < leno81> !snapshots 11:30 <@vpnHelper> "snapshots" is (#1) weekly dev snapshots are available from ftp://ftp.secure-computing.net/pub/openvpn or (#2) by helping test these features, and reporting back on either of the mailing lists, you can help these features become part of the stable branch 11:35 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 11:35 -!- windwhinny [~wircer@113.94.223.70] has joined #openvpn 11:35 -!- windwhinny [~wircer@113.94.223.70] has left #openvpn [] 11:46 -!- Diffen [~diffen@c-e728e555.09-107-73746f10.cust.bredbandsbolaget.se] has joined #openvpn 11:53 -!- wedge_ [lordsilenc@bigfoot.xh.se] has quit [Ping timeout: 260 seconds] 11:53 -!- wedge [lordsilenc@bigfoot.xh.se] has joined #openvpn 11:56 <@vpnHelper> RSS Update - forum: Internet Speed with and without OpenVPN 12:05 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has joined #openvpn 12:21 -!- MeanderingCode [~Meanderin@97-123-14-239.albq.qwest.net] has joined #openvpn 12:24 -!- Diffen [~diffen@c-e728e555.09-107-73746f10.cust.bredbandsbolaget.se] has quit [Quit: This computer has gone to sleep] 12:28 -!- scampbell [~scampbell@c-98-224-240-62.hsd1.mi.comcast.net] has joined #openvpn 12:32 -!- MeanderingCode [~Meanderin@97-123-14-239.albq.qwest.net] has quit [Remote host closed the connection] 12:37 <@vpnHelper> RSS Update - forum: Routed OpenVPN between two subnets 12:39 -!- MeanderingCode [~Meanderin@97-123-14-239.albq.qwest.net] has joined #openvpn 12:57 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has joined #openvpn 13:01 -!- mape2k [~mape2k@2001:6f8:133b:0:21f:3bff:fe27:21a9] has joined #openvpn 13:01 -!- mape2k [~mape2k@2001:6f8:133b:0:21f:3bff:fe27:21a9] has quit [Client Quit] 13:06 -!- leno81 [~leno81@208.111.39.186] has quit [Ping timeout: 240 seconds] 13:08 -!- mape2k [~mape2k@f053198046.adsl.alicedsl.de] has joined #openvpn 13:20 -!- dazo is now known as dazo_afk 13:21 < astrostl> i have three hosts: 10.0.1.12 - 14, all of which have the same routes and are behind the same openvpn server (.6). i can reach 12 and 14, but not 13. it isn't a firewall issue. any tips for troubleshooting/ 13:21 < astrostl> ? 13:22 <@vpnHelper> RSS Update - forum: Simple connection does not work 13:23 -!- p3rror [~mezgani@41.137.254.45] has quit [Ping timeout: 240 seconds] 13:25 -!- [zs] [~zs@204.152.201.79] has joined #openvpn 13:27 -!- [zs] [~zs@204.152.201.79] has left #openvpn ["PING 1327001227"] 13:39 -!- corretico [~luis@190.211.93.11] has quit [Ping timeout: 240 seconds] 13:52 -!- mape2k [~mape2k@f053198046.adsl.alicedsl.de] has quit [Quit: Leaving] 14:02 -!- ibins [~Michael@2001:6f8:1c60:7777:21a:4dff:fe66:600c] has quit [Quit: Verlassend] 14:14 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has quit [] 14:21 -!- Araluccl1 [~lallo@216.231.135.109] has joined #openvpn 14:25 -!- Araluccl0 [~lallo@151.77.69.93] has quit [Ping timeout: 252 seconds] 14:25 -!- Araluccl0 [~lallo@151.77.69.93] has joined #openvpn 14:26 -!- Araluccl1 [~lallo@216.231.135.109] has quit [Read error: Connection reset by peer] 14:30 -!- krzee [nobody@hemp.ircpimps.org] has joined #openvpn 14:30 -!- krzee [nobody@hemp.ircpimps.org] has quit [Changing host] 14:30 -!- krzee [nobody@openvpn/community/support/krzee] has joined #openvpn 14:31 -!- Araluccl0 [~lallo@151.77.69.93] has quit [Ping timeout: 252 seconds] 14:31 -!- Araluccl0 [~lallo@216.231.135.109] has joined #openvpn 14:32 -!- Araluccl1 [~lallo@151.77.69.93] has joined #openvpn 14:33 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has joined #openvpn 14:36 -!- Araluccl0 [~lallo@216.231.135.109] has quit [Ping timeout: 252 seconds] 14:39 -!- lbalbalba [lbalbalba@dhcp-077-251-003-044.chello.nl] has joined #openvpn 14:40 < lbalbalba> !welcome\ 14:40 < lbalbalba> !welcome 14:40 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 14:41 -!- Araluccl0 [~lallo@151.77.196.13] has joined #openvpn 14:44 -!- Araluccl1 [~lallo@151.77.69.93] has quit [Ping timeout: 252 seconds] 14:56 < lbalbalba> hi 14:56 < lbalbalba> I have been playing around with the clang static analyzer (http://clang-analyzer.llvm.org/) 14:57 <@vpnHelper> Title: Clang Static Analyzer (at clang-analyzer.llvm.org) 14:57 < lbalbalba> Running it on openvpn, I got these results, people may want to look at ? : 14:57 < lbalbalba> http://lbalbalba.x90x.net/ccc-analyzer/clang%20v3.1%20trunk%20rev.%20148484/scan-build-openvpn-2.2.2/ 14:57 <@vpnHelper> Title: openvpn-2.2.2 - scan-build results (at lbalbalba.x90x.net) 14:58 < lbalbalba> if the analysis is correct, there are a few dereferences of null pointers 15:04 <+EugeneKay> Patches welcome. 15:05 < lbalbalba> as always :) need to figure out if the analysis is indeed correct, though 15:05 < krzee> may be worth mentioning in #openvpn-devel 15:05 < lbalbalba> ah. got it 15:09 -!- lbalbalba [lbalbalba@dhcp-077-251-003-044.chello.nl] has quit [Quit: HydraIRC -> http://www.hydrairc.com <- The professional IRC Client :D] 15:20 -!- Gravitro_ [~admin@69.163.40.45] has quit [Ping timeout: 244 seconds] 15:43 -!- noisebleed_ [~quassel@kermit.inescn.pt] has joined #openvpn 15:44 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has quit [Ping timeout: 240 seconds] 15:53 -!- p3rror [~mezgani@41.140.34.179] has joined #openvpn 16:04 -!- MeanderingCode [~Meanderin@97-123-14-239.albq.qwest.net] has quit [Read error: Connection reset by peer] 16:08 -!- defsdoor [~andy@cpc17-sutt4-2-0-cust175.perr.cable.virginmedia.com] has quit [Quit: Ex-Chat] 16:09 <@vpnHelper> RSS Update - forum: Newbee Help Please 16:16 -!- treund [~treund@97.75.177.42] has joined #openvpn 16:33 -!- scampbell [~scampbell@c-98-224-240-62.hsd1.mi.comcast.net] has quit [Read error: Connection reset by peer] 16:49 -!- treund [~treund@97.75.177.42] has left #openvpn [] 17:01 -!- gremly [~gremly@200.106.218.64] has joined #openvpn 17:02 -!- tekzilla [~jon@hmbg-5f77d3ce.pool.mediaWays.net] has quit [Read error: Operation timed out] 17:08 -!- tekzilla [~jon@hmbg-5f77d3ce.pool.mediaWays.net] has joined #openvpn 17:13 -!- [zs] [~zs@173.234.43.202] has joined #openvpn 17:20 -!- zz_mgorbach [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has joined #openvpn 17:20 -!- mgorbachi [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has quit [Read error: Connection reset by peer] 17:22 -!- tekzilla [~jon@hmbg-5f77d3ce.pool.mediaWays.net] has quit [Ping timeout: 252 seconds] 17:24 -!- p3rror [~mezgani@41.140.34.179] has quit [Ping timeout: 240 seconds] 17:27 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has quit [Remote host closed the connection] 17:29 -!- [zs] [~zs@173.234.43.202] has quit [Quit: Quit] 17:33 -!- JohnnyLotus [~pierre@139.11.41.4] has joined #openvpn 17:47 -!- Harley [~Harley@182.149.56.190] has joined #openvpn 17:48 -!- tekzilla [~jon@hmbg-4d06f59f.pool.mediaWays.net] has joined #openvpn 17:50 -!- jpsil [~johnpat@nj-71-2-36-131.dhcp.embarqhsd.net] has joined #openvpn 17:58 <@vpnHelper> RSS Update - forum: Computer Repair... 18:02 -!- treund [~treund@97.75.177.42] has joined #openvpn 18:10 -!- JohnnyLotus [~pierre@139.11.41.4] has left #openvpn ["Konversation terminated!"] 18:11 -!- Transformer [~Transform@ool-4a59e397.dyn.optonline.net] has joined #openvpn 18:12 -!- Transformer [~Transform@ool-4a59e397.dyn.optonline.net] has left #openvpn [] 18:13 -!- Gravitron [~admin@69.163.40.45] has joined #openvpn 18:13 -!- Gravitron [~admin@69.163.40.45] has quit [Changing host] 18:13 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 18:17 -!- Denial [Denial@drgi.co.uk] has quit [] 18:24 -!- Harley [~Harley@182.149.56.190] has quit [Remote host closed the connection] 18:25 -!- Harley [~Harley@182.149.56.190] has joined #openvpn 18:39 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has quit [Ping timeout: 260 seconds] 18:40 -!- zeshoem [~zee@108.162.156.19] has quit [Ping timeout: 245 seconds] 18:49 -!- Araluccl1 [~lallo@216.231.135.109] has joined #openvpn 18:51 -!- zeshoem [~zee@108.162.156.19] has joined #openvpn 18:53 -!- Araluccl0 [~lallo@151.77.196.13] has quit [Ping timeout: 252 seconds] 18:53 -!- tjz [~pc@unaffiliated/tjz] has quit [Ping timeout: 248 seconds] 18:53 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has joined #openvpn 18:53 -!- noisebleed_ [~quassel@kermit.inescn.pt] has quit [Ping timeout: 245 seconds] 18:57 -!- tjz [~pc@bb116-14-174-68.singnet.com.sg] has joined #openvpn 18:57 -!- tjz [~pc@bb116-14-174-68.singnet.com.sg] has quit [Changing host] 18:57 -!- tjz [~pc@unaffiliated/tjz] has joined #openvpn 18:58 -!- Harley [~Harley@182.149.56.190] has quit [Remote host closed the connection] 18:58 -!- Araluccl0 [~lallo@151.77.196.13] has joined #openvpn 18:58 -!- Araluccl1 [~lallo@216.231.135.109] has quit [Read error: Connection reset by peer] 19:00 -!- Araluccl1 [~lallo@216.231.135.109] has joined #openvpn 19:03 -!- Araluccl0 [~lallo@151.77.196.13] has quit [Ping timeout: 252 seconds] 19:26 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Ping timeout: 252 seconds] 19:30 -!- Cr4zi3 [killaz@staff.xbins.org] has quit [Ping timeout: 244 seconds] 19:48 <+EugeneKay> !download 19:48 <@vpnHelper> "download" is (#1) http://www.openvpn.net/download to download OpenVPN or (#2) OpenVPN's Windows installer now includes OpenVPN GUI. Don't bother with http://openvpn.se anymore or (#3) Don't trust download.com at all. It provides an extremely old version with malware: http://insecure.org/news/download-com-fiasco.html 19:53 <+EugeneKay> !winshortcut 19:53 <@vpnHelper> "winshortcut" is To start OpenVPN-GUI easily on Windows, make a shortcut and set the Target as: \"C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe\" --config_dir \"C:\path\to\config\" --connect client.ovpn --show_balloon 0 --silent_connection 1 --show_script_window 0 20:01 -!- treund [~treund@97.75.177.42] has left #openvpn [] 20:06 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has joined #openvpn 20:14 -!- X0Rc0re [~chatzilla@58-7-130-107.dyn.iinet.net.au] has joined #openvpn 20:20 <@vpnHelper> RSS Update - forum: Route problems in Windows 7/2008 20:23 -!- Axeman [~Axeman3@knox.pace.edu] has joined #openvpn 20:23 -!- Axeman [~Axeman3@knox.pace.edu] has quit [Changing host] 20:23 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 20:23 -!- mode/#openvpn [+v Axeman] by ChanServ 20:23 -!- troyt [~troyt@2001:1938:240:3000::3] has quit [Ping timeout: 252 seconds] 20:32 -!- troyt [~troyt@2001:1938:240:3000::3] has joined #openvpn 20:35 <+EugeneKay> !net30 20:35 <@vpnHelper> "net30" is "/30" is (#1) http://openvpn.net/index.php/documentation/faq.html#slash30 explains why routed clients each use 4 ips, or (#2) you can avoid this behavior with by reading !topology 20:35 <+EugeneKay> !topology 20:36 <@vpnHelper> "topology" is (#1) it is possible to avoid the !/30 behavior if you use 2.1+ with the option: topology subnet This will end up being default in later versions. or (#2) Clients will receive addresses ending in .2, .3, .4, etc, instead of being divided into 2-host subnets. or (#3) See http://osdir.com/ml/network.openvpn.devel/2005-09/msg00020.html for more history on this. 20:37 -!- Cr4zi3 [killaz@crazie2-1-pt.tunnel.tserv12.mia1.ipv6.he.net] has joined #openvpn 20:41 -!- X0Rc0re [~chatzilla@58-7-130-107.dyn.iinet.net.au] has quit [Quit: ChatZilla 0.9.88 [Firefox 8.0.1/20111120135848]] 20:55 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Read error: Connection reset by peer] 20:59 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has quit [Read error: Operation timed out] 21:08 -!- corretico [~luis@190.211.93.11] has joined #openvpn 21:36 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has joined #openvpn 21:36 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has quit [Changing host] 21:36 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 21:36 -!- mode/#openvpn [+v Axeman] by ChanServ 21:42 -!- brah [~watter@host168.201-252-195.telecom.net.ar] has joined #openvpn 21:49 <@vpnHelper> RSS Update - forum: Slow CentoOS openvpn client connection to server 22:09 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Read error: Operation timed out] 22:16 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 22:19 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 22:44 -!- leno81 [~leno81@124.78.163.178] has joined #openvpn 22:44 -!- leno81 [~leno81@124.78.163.178] has quit [Client Quit] 22:53 -!- mohi666 [~mohi@c-76-103-53-145.hsd1.ca.comcast.net] has joined #openvpn 22:57 -!- noisebleed_ [~quassel@lula.inescn.pt] has joined #openvpn 22:57 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has quit [Ping timeout: 240 seconds] 22:59 -!- SigmaProjects [~SigmaProj@cpe-66-74-191-116.socal.res.rr.com] has joined #openvpn 23:02 -!- virtuaposta [~suraj@117.195.36.205] has joined #openvpn 23:04 -!- bigpaws [~bigpaws@c-68-37-125-150.hsd1.nj.comcast.net] has quit [Ping timeout: 252 seconds] 23:05 -!- bigpaws [~bigpaws@c-68-37-125-150.hsd1.nj.comcast.net] has joined #openvpn 23:20 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 23:23 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 23:38 -!- mohi666 [~mohi@c-76-103-53-145.hsd1.ca.comcast.net] has quit [Quit: Leaving] 23:51 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 23:55 -!- havoc [~havoc@neptune.chaillet.net] has quit [Ping timeout: 252 seconds] 23:55 -!- havoc [~havoc@neptune.chaillet.net] has joined #openvpn --- Day changed Fri Jan 20 2012 00:01 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 00:20 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 00:25 < virtuaposta> hello everyone!! 00:25 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 00:27 < virtuaposta> I have configured openvpn+openldap using openvpn-auth-ldap, but while connecting from client, server complains that user not found. Any guidance please here are the logs : http://pastebin.com/dJtzbMJx 00:30 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 00:32 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 00:33 -!- Cr4zi3 [killaz@crazie2-1-pt.tunnel.tserv12.mia1.ipv6.he.net] has quit [Ping timeout: 260 seconds] 00:37 -!- Cr4zi3 [~killaz@crazie2-1-pt.tunnel.tserv12.mia1.ipv6.he.net] has joined #openvpn 00:54 < virtuaposta> any help in following? : I have configured openvpn+openldap using openvpn-auth-ldap, but while connecting from client, server complains that user not found. Any guidance please. Here are the logs : http://pastebin.com/dJtzbMJx 00:56 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has joined #openvpn 01:14 -!- Cr4zi3 [~killaz@crazie2-1-pt.tunnel.tserv12.mia1.ipv6.he.net] has quit [Remote host closed the connection] 01:19 -!- Cr4zi3 [killaz@crazie2-1-pt.tunnel.tserv12.mia1.ipv6.he.net] has joined #openvpn 01:45 <@vpnHelper> RSS Update - forum: Route problems in Windows 7/2008 01:50 -!- virtuaposta [~suraj@117.195.36.205] has quit [Ping timeout: 255 seconds] 01:57 -!- krzee [nobody@openvpn/community/support/krzee] has quit [Quit: This computer has gone to sleep] 02:03 -!- zeshoem [~zee@108.162.156.19] has quit [Ping timeout: 240 seconds] 02:23 -!- noisebleed [~quassel@kermit.inescn.pt] has joined #openvpn 02:23 -!- noisebleed [~quassel@kermit.inescn.pt] has quit [Changing host] 02:23 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has joined #openvpn 02:23 -!- noisebleed_ [~quassel@lula.inescn.pt] has quit [Ping timeout: 240 seconds] 02:45 -!- BoomSie [~gideon@dw77242112238.amsterdam-tc.dataweb.net] has joined #openvpn 02:45 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has quit [Ping timeout: 260 seconds] 02:49 -!- ScriptFan [~bofh@LLagny-156-34-26-176.w80-14.abo.wanadoo.fr] has quit [Ping timeout: 260 seconds] 02:55 <@vpnHelper> RSS Update - forum: Please help me with OPENVPN || cannot ping openvpn server 02:57 -!- phrearch [~phrearch_@212-182-144-130.ip.telfort.nl] has joined #openvpn 02:57 < phrearch> hello 02:57 < phrearch> does anyone know how to allow tunneled ssh connections with iptables? 02:57 < phrearch> i would like to block all traffic except everything coming from the tunnel 02:58 < phrearch> so far i got http://paste.pocoo.org/show/537653/ 02:59 < reiffert_> iptables -I INPUT -i tun0 ! -p tcp --dport 22 -j ACCEPT 02:59 -!- Azrael808 [~peter@212.161.9.162] has joined #openvpn 02:59 < reiffert_> ah well, put the ! before --dport 02:59 < phrearch> ow great! 02:59 < phrearch> thanks, ill give that a try 02:59 < reiffert_> oh so wrong. 02:59 < reiffert_> ok here's the deal. 02:59 < phrearch> ok :) 02:59 < reiffert_> iptables -I INPUT -i lo0 -j ACCEPT 02:59 < reiffert_> iptables -I INPUT -i eth0 -j ACCEPT 03:00 < phrearch> ehm, eth0 as well? 03:01 -!- virtuaposta [~suraj@114.143.184.114] has joined #openvpn 03:01 < reiffert_> iptables -I INPUT -i tun0 -p tcp --dport 22 -j ACCEPT 03:01 < reiffert_> iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 03:01 < reiffert_> iptables -P INPUT DROP 03:01 < reiffert_> drone 03:01 < reiffert_> s,drone,done 03:02 < reiffert_> remove that eth0 line once it's working as expected 03:02 < reiffert_> dont forget to add 03:02 -!- reiffert_ was kicked from #openvpn by vpnHelper [Flooding detected. Please use http://pastebin.com for posting logs or configs.] 03:02 -!- reiffert_ [~thomas@mail.reifferscheid.org] has joined #openvpn 03:02 < phrearch> ok thanks for the help 03:02 < reiffert_> fuck you. 03:02 < reiffert_> dont forget to add 03:02 < reiffert_> iptables -I INPUT -p udp --dport 1194 -j ACCEPT 03:02 < phrearch> aha, thats for openvpn ? 03:03 < reiffert_> yeah 03:03 < phrearch> cool 03:03 -!- Azrael808 [~peter@212.161.9.162] has quit [Client Quit] 03:07 -!- Azrael808 [~peter@212.161.9.162] has joined #openvpn 03:07 < phrearch> hm 03:07 < phrearch> http://paste.pocoo.org/show/537659/ 03:07 < phrearch> somehow it still blocks ssh 03:09 < phrearch> there are two eth0 devices it seems 03:17 -!- comps [~username@gw-gsosfm.gsosfm.cz] has joined #openvpn 03:18 -!- Denial [Denial@drgi.co.uk] has joined #openvpn 03:18 < comps> hello, is there any official workaround for p2p mode on privileged ports? http://pastebin.com/8aGHaeQZ (debian squeeze, openvpn 2.2.2 from repos.openvpn.net) 03:19 < comps> the only easy way I can think of is CAP_NET_ADMIN 03:20 < comps> (the problem happens on client reconnect) 03:31 <@vpnHelper> RSS Update - forum: Connection works but not all traffic routing even with redir || Error using tun4 03:35 < phrearch> hm, im trying to allow pings over the vpn tunnel like: iptables -I INPUT -i tun0 -p icmp --icmp-type 0 -s 0/0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT 03:35 < phrearch> ping doesnt seem to work though 03:37 <@vpnHelper> RSS Update - forum: one Public IP => multiple VLANs (one per department) 03:43 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has quit [Quit: This computer has gone to sleep] 03:45 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has joined #openvpn 03:46 < phrearch> hm weird 03:46 < phrearch> iptables -A INPUT -i tun0 -p icmp -m limit --limit 10/second -j ACCEPT 03:46 < phrearch> this one doesnt work. but it works when i keep out the tunnel interface 03:46 < phrearch> im trying to ping the machine over the tunnel 03:47 < reiffert_> could you paste: iptables -L -v -n --line-nu 03:48 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has quit [Client Quit] 03:48 < reiffert_> and change OUTPUT and FORWARD policy to ACCEPT before doing this. 03:49 < phrearch> http://paste.pocoo.org/show/537689/ 03:49 < phrearch> ow ehm, sorry. should have done that last direction first 03:50 < phrearch> ah, think that was already the case 03:51 < reiffert_> is that a vpn client or a vpn server? 03:51 < phrearch> its a vpn client 03:51 < phrearch> im trying to ping it on the vpn address 03:51 < reiffert_> get rid of line 1,2,4,7,8 03:51 < reiffert_> and add 03:52 < reiffert_> nothing. 03:52 < reiffert_> and repaste 03:53 < reiffert_> iptables -D INPUT 1 03:53 < reiffert_> iptables -D INPUT 1 03:53 < reiffert_> iptables -D INPUT 2 03:53 < reiffert_> check with -L -v -n --line-nu 03:53 < phrearch> http://paste.pocoo.org/show/537691/ 03:54 < reiffert_> let me check 03:54 < phrearch> ow missed that last one 03:54 < reiffert_> remove line 2,4,5 03:54 < phrearch> 2 is already commented 03:55 < reiffert_> see the line numbers in the INPUT chain? 03:55 < reiffert_> those are the numbers I'm referring too 03:55 < phrearch> ah sorry. i thought you mentioned the ip rules 03:55 < reiffert_> "Chain num" 03:55 < reiffert_> Actually it's the "Rule num" 03:56 < reiffert_> those are 03:56 < reiffert_> however 03:57 < reiffert_> repaste please 03:58 < phrearch> hm, lost ssh access again 03:58 < reiffert_> 10:57 < reiffert_> repaste please 04:02 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has quit [Remote host closed the connection] 04:03 < phrearch> http://paste.pocoo.org/show/537695/ 04:03 < phrearch> sorry, took a while 04:03 < reiffert_> great. 04:04 < reiffert_> now connect the vpn client to the vpn server 04:04 < phrearch> it is already 04:04 -!- noisebleed [~quassel@piggy.inescn.pt] has joined #openvpn 04:04 -!- noisebleed [~quassel@piggy.inescn.pt] has quit [Changing host] 04:04 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has joined #openvpn 04:04 < reiffert_> from the server do: telnet IPOFCLIENT 22 04:04 < reiffert_> telnet VPNIPOFCLIENT 22 04:05 < phrearch> i got no access from the vpn server 04:05 < reiffert_> do you see something? 04:05 < reiffert_> from the client paste: 04:05 < reiffert_> netstat -anp |grep ssh 04:05 < reiffert_> and: ifconfig 04:08 < reiffert_> out for a smoke, brb 04:08 < phrearch> ok thanks for the help 04:08 < reiffert_> 11:05 < reiffert_> from the client paste: 04:08 < reiffert_> 11:05 < reiffert_> netstat -anp |grep ssh 04:08 < reiffert_> 11:05 < reiffert_> and: ifconfig 04:09 < phrearch> iptables -A INPUT -p icmp -m limit --limit 10/second -j ACCEPT 04:09 < phrearch> iptables -A INPUT -p icmp -j DROP 04:10 < phrearch> this is fine by me as well. ping works then, but also from the net 04:13 < reiffert_> please. do as told. 04:13 < reiffert_> we are || that close from a working solution 04:14 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn 04:15 -!- mode/#openvpn [+v s7r] by ChanServ 04:15 <@vpnHelper> RSS Update - forum: Testing environment 04:17 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 04:17 -!- mode/#openvpn [+v Axeman] by ChanServ 04:19 -!- Diffen [~diffen@c-217-115-61-226.cust.bredband2.com] has joined #openvpn 04:22 -!- master_of_master [~master_of@p57B52D8D.dip.t-dialin.net] has quit [Ping timeout: 248 seconds] 04:24 -!- master_of_master [~master_of@p57B55AFA.dip.t-dialin.net] has joined #openvpn 04:37 -!- virtuaposta [~suraj@114.143.184.114] has quit [Quit: Leaving] 04:39 <@vpnHelper> RSS Update - forum: Route problems in Windows 7/2008 04:45 <@vpnHelper> RSS Update - forum: Client Windows 7 can't run ping 04:50 -!- Diffen [~diffen@c-217-115-61-226.cust.bredband2.com] has quit [Quit: This computer has gone to sleep] 04:57 <@vpnHelper> RSS Update - forum: Routed OpenVPN between two subnets || Simple connection does not work 04:58 < reiffert_> phrearch: ping? 05:01 < phrearch> reiffert_: pong, turns out that it didnt work as expected :/ 05:01 < reiffert_> phrearch: did you paste what I asked you yet? 05:01 < reiffert_> did you paste yet what I was asking you? 05:03 <@vpnHelper> RSS Update - forum: I connect but I see the network || Internet Speed with and without OpenVPN 05:04 < phrearch> it shows some incoming connections on the second lan 05:05 -!- c1de0x [~c1de0x@208.111.44.254] has joined #openvpn 05:07 < phrearch> think that was it 05:11 -!- Araluccl0 [~lallo@216.231.135.109] has joined #openvpn 05:12 -!- Araluccl1 [~lallo@216.231.135.109] has quit [Read error: Connection reset by peer] 05:26 -!- virtuaposta [~suraj@114.143.184.114] has joined #openvpn 05:27 < virtuaposta> hi all, is there any way so that we can VPN in between same LAN networks, for example road warriors utilising 192.168.1.0/24 connecting through VPN to office with network 192.168.1.0/24? 05:33 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has joined #openvpn 05:35 -!- comps [~username@gw-gsosfm.gsosfm.cz] has left #openvpn [] 05:40 -!- JackWinter [~jack@ppp-289.vo.lu] has quit [Remote host closed the connection] 05:46 -!- JackWinter [~jack@ppp-289.vo.lu] has joined #openvpn 06:00 -!- dazo_afk is now known as dazo 06:04 <@vpnHelper> RSS Update - forum: Client Windows 7 can't run ping 06:21 -!- virtuaposta [~suraj@114.143.184.114] has quit [Quit: Leaving] 06:29 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has joined #openvpn 06:33 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has quit [Ping timeout: 252 seconds] 06:33 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Ping timeout: 248 seconds] 06:34 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 06:34 -!- mode/#openvpn [+v Axeman] by ChanServ 06:40 -!- eddyst1 [~eddyst@p50854B45.dip0.t-ipconnect.de] has joined #openvpn 06:41 < eddyst1> !welcome 06:41 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 06:43 < eddyst1> !goal 06:43 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc 06:44 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Ping timeout: 248 seconds] 06:49 < eddyst1> !paste 06:49 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into pastebin or a similar website, or (#2) ie: www.pastebin.ca 06:52 <@vpnHelper> RSS Update - forum: Please help me with OPENVPN 06:56 -!- danielwa [~user@e177136225.adsl.alicedsl.de] has joined #openvpn 07:00 < eddyst1> ?logs 07:01 < eddyst1> !logs 07:01 <@vpnHelper> "logs" is (#1) is please pastebin your logfiles from both client and server with verb set to 5 or (#2) In Tunnelblick, right-click and select copy to copy log text to clipboard. 07:04 <@vpnHelper> RSS Update - forum: cannot ping openvpn server 07:08 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has joined #openvpn 07:10 -!- danielwa [~user@e177136225.adsl.alicedsl.de] has quit [Remote host closed the connection] 07:10 <@vpnHelper> RSS Update - forum: Theoretical setup || cannot ping openvpn server 07:13 < eddyst1> !configs 07:13 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries 07:15 < eddyst1> !howto for beginners 07:15 < eddyst1> !howto 07:15 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror 07:15 < eddyst1> !route 07:15 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT or (#3) See !tcpip for more info about a more basic networking guide 07:22 < reiffert_> phrearch: does it work now? 07:23 -!- s7r [~s7r@openvpn/user/s7r] has left #openvpn [] 07:29 < phrearch> reiffert_: yea kinda. thanks for the help 07:40 <@vpnHelper> RSS Update - forum: Can't connect - Having a hard time with this 07:43 < eddyst1> !mitm 07:43 <@vpnHelper> "mitm" is (#1) http://openvpn.net/index.php/documentation/howto.html#mitm to know about stopping Man-in-the-Middle attacks by signing the server cert specially or (#2) use !servercert to generate the server cert manually or use the easy-rsa build-key-server script to build your server certificates or (#3) then use: ns-cert-type server in the client config 07:44 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 07:44 -!- mode/#openvpn [+v Axeman] by ChanServ 07:49 -!- Axeman [~Axeman3@openvpn/user/axeman] has left #openvpn [] 07:52 <@vpnHelper> RSS Update - forum: How to get exitcode from cmd line windows 08:04 <@vpnHelper> RSS Update - forum: Routed OpenVPN between two subnets 08:07 -!- JackWinter [~jack@ppp-289.vo.lu] has quit [Quit: Konversation terminated!] 08:10 -!- JackWinter [~jack@ppp-289.vo.lu] has joined #openvpn 08:12 -!- axelm7 [axelm7@186.135.15.217] has joined #openvpn 08:12 -!- JackWinter [~jack@ppp-289.vo.lu] has quit [Client Quit] 08:13 < eddyst1> I would like to access the lan behind the server with bridging. The connection establishes and I can ping the server. Tracert 192.168.54.1 try’s to go over 192.168.54.1 which is the default gateway on the client’s side. My prefered language is german. Client: Win 7 Server ubuntu 10.10 virtual Tracert 192.168.54.1: http://pastebin.ca/2104486 Route print: http://de.pastebin.ca/2104488 Ipconfig /all: http://de.pastebin 08:13 < axelm7> hi guys, got a dd-wrt router running openvpn 2.2.1 and the openvpn process is dying for some reason. here's the log: http://fpaste.org/XGWZ/ . check out line 276 08:13 < axelm7> in fact I have 100 of these routers in production and most of them have the same problem 08:14 -!- defsdoor [~andy@cpc17-sutt4-2-0-cust175.perr.cable.virginmedia.com] has joined #openvpn 08:18 -!- JackWinter [~jack@ppp-289.vo.lu] has joined #openvpn 08:34 <@vpnHelper> RSS Update - forum: Asking for a second password 08:41 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Ping timeout: 252 seconds] 08:42 -!- Rolybrau [~Rolybrau@116-197.77-83.cust.bluewin.ch] has joined #openvpn 08:42 -!- Rolybrau [~Rolybrau@116-197.77-83.cust.bluewin.ch] has quit [Changing host] 08:42 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 08:47 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has joined #openvpn 08:52 -!- brah [~watter@host168.201-252-195.telecom.net.ar] has quit [Ping timeout: 240 seconds] 08:55 -!- p3rror [~mezgani@41.137.254.45] has joined #openvpn 08:57 < axelm7> eddyst1, do you really need bridge mode instead of routing? 08:57 <@vpnHelper> RSS Update - forum: OpenVPN client for the iPhone and iPad 09:02 -!- Gravitro_ [~admin@69.163.40.45] has joined #openvpn 09:05 < eddyst1> I would prefere it. Also if it is a little more traffic is is easyer to work with the fileshares (I think so - but I'm new for configuring a own OpenVPN). 09:05 -!- kokozedman [607fb67a@gateway/web/freenode/ip.96.127.182.122] has joined #openvpn 09:07 -!- KaiForce [~chatzilla@adsl-70-228-66-236.dsl.akrnoh.ameritech.net] has joined #openvpn 09:09 < axelm7> eddyst1, isn't windows file sharing just a matter of forwarding some ports? netbios, rpc, and some other windows port? 09:10 -!- kokozedman [607fb67a@gateway/web/freenode/ip.96.127.182.122] has quit [Ping timeout: 258 seconds] 09:11 -!- gremly [~gremly@200.106.218.64] has quit [Quit: WeeChat 0.3.6] 09:13 < eddyst1> axelm7: Whats the problem with brideging? If I read the Advantages <> disadvantages section of the FAQ it seams fine to me. 09:14 -!- kokozedman [607fb67a@gateway/web/freenode/ip.96.127.182.122] has joined #openvpn 09:15 < kokozedman> heys guys... i'm having a strange, probably MTU related problem here, yet i'm on a TCP-based setup... does that happen? 09:15 < kokozedman> when i download, everything works fine 09:15 < kokozedman> but as soon as i try to upload something, it breaks 09:19 -!- dioz [~dioz@2001:470:d:e3::1] has quit [Ping timeout: 252 seconds] 09:20 -!- dioz [~dioz@2001:470:d:e3::1] has joined #openvpn 09:22 -!- boianmiahilov [~Adium@83.97.64.97] has joined #openvpn 09:22 < boianmiahilov> hi everyone 09:22 < ecrist> kokozedman: 09:22 < ecrist> !tcp 09:22 < boianmiahilov> i have one question 09:22 <@vpnHelper> "tcp" is (#1) Sometimes you cannot avoid tunneling over tcp, but if you can avoid it, DO. http://sites.inka.de/~bigred/devel/tcp-tcp.html Why TCP Over TCP Is A Bad Idea. or (#2) http://www.openvpn.net/papers/BLUG-talk/14.html for a presentation by James Yonan (OpenVPN lead developer) or (#3) if you must use tcp, you likely want --tcp-nodelay 09:22 < ecrist> also 09:22 < ecrist> !mtu 09:22 -!- dioz [~dioz@2001:470:d:e3::1] has quit [Client Quit] 09:22 <@vpnHelper> "mtu" is (#1) see --mtu-test to learn how to test your MTU settings. Basically you just use --mtu-test in your normal client config or (#2) mtu debugging guide: http://www.secure-computing.net/wiki/index.php/OpenVPN/Troubleshooting 09:22 -!- kokozedman [607fb67a@gateway/web/freenode/ip.96.127.182.122] has quit [Ping timeout: 258 seconds] 09:23 < boianmiahilov> is it posiable to have VPN connection to server A and make the trafic for its public ip adress pass trough the VPN 09:26 < ecrist> if the routing is set up to support it 09:26 -!- dioz [~dioz@2001:470:d:e3::1] has joined #openvpn 09:33 < dioz> asdf 09:34 < ecrist> ghjkl 09:39 < boianmiahilov> ecrist: any ideas how to set it that ? 09:40 < ecrist> boianmiahilov: generally, it's going to be out of the scope of ability for most users 09:40 < ecrist> it involves core routing changes at the ISP level 09:42 < boianmiahilov> i understand networking very well but still i cant see that happen without looping it 09:44 < boianmiahilov> and if it involves ISP level changes it means its not going trough the vpn 09:45 -!- eddyst1 [~eddyst@p50854B45.dip0.t-ipconnect.de] has left #openvpn [] 09:57 -!- boianmiahilov1 [~Adium@83.97.64.99] has joined #openvpn 09:58 -!- boianmiahilov [~Adium@83.97.64.97] has quit [Ping timeout: 255 seconds] 10:01 -!- wat [~watter@host203.190-30-138.telecom.net.ar] has joined #openvpn 10:01 -!- boianmiahilov1 [~Adium@83.97.64.99] has quit [Client Quit] 10:05 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has quit [Quit: Leaving] 10:19 -!- BoomSie [~gideon@dw77242112238.amsterdam-tc.dataweb.net] has quit [Ping timeout: 245 seconds] 10:26 -!- JackWinter [~jack@ppp-289.vo.lu] has quit [Remote host closed the connection] 10:26 -!- chmig [~chmig@46-126-126-44.dynamic.hispeed.ch] has joined #openvpn 10:30 -!- corretico [~luis@190.211.93.11] has quit [Ping timeout: 240 seconds] 10:30 -!- corretico [~luis@190.211.93.11] has joined #openvpn 10:30 <@vpnHelper> RSS Update - forum: Routed OpenVPN between two subnets 10:31 -!- boianmiahilov [~Adium@87.120.127.238] has joined #openvpn 10:31 -!- boianmiahilov [~Adium@87.120.127.238] has quit [Client Quit] 10:32 -!- JackWinter [~jack@ppp-289.vo.lu] has joined #openvpn 10:35 -!- corretico [~luis@190.211.93.11] has quit [Max SendQ exceeded] 10:35 -!- corretico [~luis@190.211.93.11] has joined #openvpn 10:41 <@vpnHelper> RSS Update - forum: Block access to Lan but not Internet 10:42 -!- gremly [~gremly@200.106.218.64] has joined #openvpn 10:45 -!- phrearch [~phrearch_@212-182-144-130.ip.telfort.nl] has quit [Remote host closed the connection] 10:47 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has joined #openvpn 10:59 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Remote host closed the connection] 11:03 <@vpnHelper> RSS Update - forum: How-to: Tunnel WAN IP assigned to specific users 11:04 -!- axelm7 [axelm7@186.135.15.217] has quit [Ping timeout: 272 seconds] 11:07 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 11:12 -!- JackWinter [~jack@ppp-289.vo.lu] has quit [Quit: Konversation terminated!] 11:20 -!- JackWinter [~jack@ppp-289.vo.lu] has joined #openvpn 11:24 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has quit [Quit: Leaving] 11:27 <@vpnHelper> RSS Update - forum: Client Windows 7 can't run ping 11:35 -!- Azrael808 [~peter@212.161.9.162] has quit [Ping timeout: 260 seconds] 11:40 -!- gremly [~gremly@200.106.218.64] has quit [Quit: WeeChat 0.3.6] 11:52 -!- krzee [nobody@openvpn/community/support/krzee] has joined #openvpn 11:53 -!- JPeterson [HydraIRC@s213-103-209-64.cust.tele2.se] has quit [Read error: Connection reset by peer] 11:56 -!- chmig [~chmig@46-126-126-44.dynamic.hispeed.ch] has quit [Quit: chmig] 12:01 -!- JPeterson [HydraIRC@s213-103-209-64.cust.tele2.se] has joined #openvpn 12:03 <@vpnHelper> RSS Update - forum: Client Windows 7 can't run ping || Routed OpenVPN between two subnets 12:15 -!- caemir [~caemir@unaffiliated/caemir] has quit [Quit: Reboot time] 12:15 <@vpnHelper> RSS Update - forum: Block access to Lan but not Internet 12:15 -!- cconstantine [~cconstant@173.247.200.5] has quit [Read error: Connection reset by peer] 12:28 -!- Araluccl1 [~lallo@151.77.231.209] has joined #openvpn 12:31 -!- JackWinter [~jack@ppp-289.vo.lu] has quit [Quit: Konversation terminated!] 12:32 -!- Araluccl0 [~lallo@216.231.135.109] has quit [Ping timeout: 252 seconds] 12:41 -!- KaiForce [~chatzilla@adsl-70-228-66-236.dsl.akrnoh.ameritech.net] has quit [Quit: ChatZilla 0.9.88 [Firefox 9.0.1/20111220165912]] 12:43 -!- JackWinter [~jack@ppp-289.vo.lu] has joined #openvpn 12:45 <@vpnHelper> RSS Update - forum: Routed OpenVPN between two subnets 12:46 -!- MeanderingCode [~Meanderin@97-123-14-239.albq.qwest.net] has joined #openvpn 13:00 -!- p3rror [~mezgani@41.137.254.45] has quit [Ping timeout: 252 seconds] 13:04 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has quit [Remote host closed the connection] 13:08 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has joined #openvpn 13:15 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has quit [Remote host closed the connection] 13:31 -!- Meeloow [~Meeloow@5ED4728D.cm-7-5b.dynamic.ziggo.nl] has joined #openvpn 13:31 < Meeloow> !welcome 13:31 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 13:31 < Meeloow> !goal 13:32 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc 13:32 < Meeloow> Hello 13:32 -!- JackWinter [~jack@ppp-289.vo.lu] has quit [Quit: Konversation terminated!] 13:33 < Meeloow> I have an issue with my vpn client, is there someone here who could help me? 13:33 -!- dazo is now known as dazo_afk 13:34 <+EugeneKay> !psychic 13:34 <@vpnHelper> "psychic" is We're not psychic -- please !paste your !configs and !logs and a description of the issue 13:35 -!- JackWinter [~jack@ppp-289.vo.lu] has joined #openvpn 13:36 < Meeloow> The issue is that I would like to enable split tunneling on my vpn service, I'm using privatetunnel.com which provides 100mb of free vpn service, but in order to preserve bandwith I want to make it only use the vpn route for a specific IP 13:37 < Meeloow> i've read you can do this serverside, but i have no access to their server, so i haev to do it clientside 13:37 < Meeloow> have* 13:37 <+EugeneKay> You need to play with the routing 13:38 < Meeloow> In the client.ovpn file, right? 13:38 <+EugeneKay> Yup. 13:38 < Meeloow> I'm a total newbie when it comes to vpn, this is my first time using one 13:38 <+EugeneKay> You probably have a "client" or "pull" directive? 13:39 < Meeloow> you mean a folder? 13:39 <+EugeneKay> directive == line inside the .conf/.ovpn 13:39 < Meeloow> oh, let me check 13:40 < Meeloow> yes 13:40 < Meeloow> one line containing "client" 13:41 <+EugeneKay> Mmmkay. That means that your client will be "pull"ing additional configuration stuff from the server when it connects. Most relavent to your situation is that it pulls route info 13:41 <+EugeneKay> What you want to do is ignore that route info and only enact the ones that you specify in your .ovpn 13:41 < Meeloow> Alright 13:42 <+EugeneKay> Add "route-nopull" to do the first, and then "route 1.2.3.4" to do the second. 13:42 <+EugeneKay> COnsult the man page for more info on the exact syntax of --route 13:42 <+EugeneKay> !man 13:42 <@vpnHelper> "man" is (#1) http://openvpn.net/man for 2.0 manual or (#2) http://openvpn.net/man-beta.html for 2.1 manual or (#3) http://openvpn.net/index.php/open-source/documentation/manuals/427-openvpn-22.html for 2.2 manual or (#4) the man pages are your friend! 13:42 <+EugeneKay> You only need to specify the network & netmask parameters, gateway/metric you can omit. 13:44 < Meeloow> I'm lost in the long manual page, heh 13:44 <+EugeneKay> ctrl-f for "--route" 13:44 < Meeloow> --route network/IP [netmask] [gateway] [metric]? 13:44 <+EugeneKay> Yup 13:45 < Meeloow> Alright 13:46 < Meeloow> So route.1.2.3.4 13:46 < Meeloow> Actually 13:46 < Meeloow> I'm lost again 13:47 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has quit [] 13:47 <+EugeneKay> Add one route line per subnet block you want to access via the VPN 13:47 < Meeloow> Wait, let me explain exactly why I want to do this 13:48 < Meeloow> I'm playing a game that is hosted on a certain host, but their host is disconnecting IP's from holland (I'm from holland) because of bad routing, and the only way to play without getting disconnected is by using a different route 13:48 < Meeloow> This is why the server owner suggested me to use a vpn server until the issue gets fixed 13:49 < Meeloow> I have absolutely zero knowledge of routing in general 13:49 <+EugeneKay> Is it a single IP you're trying to get access to, or a whole block of them? 13:49 < Meeloow> A single ip, just the ip of the server I want to play on 13:49 < Meeloow> Everything else should go normally, not included in the vpn 13:49 <+EugeneKay> route the.ip.add.res 13:50 < Meeloow> Ah! 13:50 < Meeloow> so just route and then the ip adress? 13:50 <+EugeneKay> Yup 13:50 < Meeloow> Alright! Let me try 13:50 < Meeloow> Thanks! 13:50 -!- gremly [~gremly@200.106.218.64] has joined #openvpn 13:53 < Meeloow> whatismyip.com now shows my normal ip 13:54 < Meeloow> I think this did solve the problem 13:54 < Meeloow> Thank you so much! 13:54 <+EugeneKay> Good. ;-) 13:55 -!- eddyst1 [~eddyst@drsd-4db30d35.pool.mediaWays.net] has joined #openvpn 13:55 < Meeloow> ipconfig still shows the vpn ip though 13:56 < Meeloow> Is this normal? 13:56 <+EugeneKay> On the vpn device, yes. 13:58 < Meeloow> But it's still completely disconnected from the vpn server otherwise, right? 13:58 < Meeloow> So it can't eat my bandwith as long as I'm not in the game 13:58 <+EugeneKay> It's connected, but no traffic is routed to go over it. 13:58 < Meeloow> Awesome 13:58 -!- durando [~quassel@cpe-67-253-41-119.maine.res.rr.com] has joined #openvpn 13:58 < Meeloow> Thanks again! 14:00 < durando> i am having difficuties with the security for openvpn, i have sucessfully created a ca cert, server cert/key, and 2 client certs/keys, i am able to get client 1 to connect without issues, but client 2 is an android client and keeps asking me for a username / password when i have not set one up can someone please assist me with figuring out this very frustrating issue 14:00 <+EugeneKay> !android 14:00 <@vpnHelper> "android" is (#1) CyanogenMod includes an integrated OpenVPN client. You will need a !p12 to load your certificates. or (#2) If you can't get CM, get root/busybox/tun and grab android-openvpn-installer + openvpn-settings from Market 14:01 <+EugeneKay> The CM client requires you to load the certificate into the phone's cert store 14:01 < durando> hmm 14:01 < durando> well i have cm, and i am using the openvpn settings from market 14:02 < durando> so how do i tell it that it doesn't need the username / password? 14:02 * EugeneKay makes a funny face 14:02 <+EugeneKay> No idea. I don't use that app. 14:02 < durando> i couldn't figure out how to use the built in client 14:03 -!- Araluccl0 [~lallo@151.77.231.209] has joined #openvpn 14:03 -!- Araluccl1 [~lallo@151.77.231.209] has quit [Read error: Connection reset by peer] 14:03 < durando> would you be willing to assist me in setting up the CM client correcty 14:03 < durando> whats is a !p121 14:03 < durando> whats is a !p12 14:04 < durando> !p12 14:04 <@vpnHelper> "p12" is openssl pkcs12 -export -out filename.p12 -inkey filename.key -in filename.crt -certfile ca.crt 14:04 < durando> hmmm 14:12 < durando> okay so i have a p12 now 14:13 < durando> and i copied it along with the client2.crt and client2.key and a client2.ovpn i created to data/openvpn 14:13 < durando> but i still can't seem to select the certs in the default app in cm under settings>wireless&networks>VPN 14:14 <+EugeneKay> That would be because you don't do any of that in order to use the CM client 14:14 <+EugeneKay> http://wiki.cyanogenmod.com/wiki/OpenVPN#Client 14:14 <@vpnHelper> Title: OpenVPN - CyanogenMod Wiki (at wiki.cyanogenmod.com) 14:20 < durando> hmm 14:20 < durando> okay now i can use it in the internal client 14:20 < durando> but it still asks for a non existant username/password 14:21 < durando> not sure if it matters but the openvpn server is on TomatoUSB router firmware 14:23 <+EugeneKay> Don't specify one :-p 14:24 < durando> i'm saying when it connects its telling me that it needs a username/passwrod 14:24 < durando> but it never does it for client1 14:24 < durando> client1 is another tomatousb router 14:26 < durando> i think i may see the issue now 14:29 < durando> just me being stupid 14:29 < durando> i have a connection 14:29 < durando> but i can't seem to communicate from android to the network behind client1 14:29 -!- diffen3 [~diffen@c-4f6601a6-74736162.cust.telenor.se] has joined #openvpn 14:31 <@vpnHelper> RSS Update - forum: Computer Repair... 14:32 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has quit [Ping timeout: 248 seconds] 14:41 -!- Essobi [~Essobi@74-128-55-37.dhcp.insightbb.com] has quit [Read error: Connection reset by peer] 14:42 -!- Essobi [~Essobi@74-128-55-37.dhcp.insightbb.com] has joined #openvpn 14:48 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has joined #openvpn 14:51 -!- chmig [~chmig@46-126-126-44.dynamic.hispeed.ch] has joined #openvpn 14:51 -!- diffen3 [~diffen@c-4f6601a6-74736162.cust.telenor.se] has quit [Ping timeout: 255 seconds] 15:01 <@vpnHelper> RSS Update - forum: Help Creating a Configuration File 15:07 -!- JackWinter [~jack@ppp-289.vo.lu] has quit [Remote host closed the connection] 15:11 -!- JackWinter [~jack@ppp-289.vo.lu] has joined #openvpn 15:13 -!- p3rror [~mezgani@41.249.138.132] has joined #openvpn 15:16 -!- JackWinter [~jack@ppp-289.vo.lu] has quit [Remote host closed the connection] 15:17 < Araluccl0> hi, I successully (sort of) configured my openvopn client's traffic to be routed thru my vpn server... that works everywhere but at work... redirect-gateway def1 doesnt work... and traffic is not redirected... any idea why? unfortunately I cant provide any log... using tcpdump I can only see stuff directed > original dns servers and that stops there... 15:18 < Araluccl0> oh... at work... it works perfectly using windows 7 but not using wifi and openvpn on my android... 15:18 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has joined #openvpn 15:18 < Araluccl0> same configuration on my android works perfectly at home 15:19 <+EugeneKay> Not much that can be done without logs. 15:19 -!- durando [~quassel@cpe-67-253-41-119.maine.res.rr.com] has quit [Remote host closed the connection] 15:20 -!- JackWinter [~jack@ppp-289.vo.lu] has joined #openvpn 15:22 < Meeloow> EugeneKay? 15:22 <+EugeneKay> Not you 15:23 < Meeloow> My internet radio and msn just disconnected after using the vpn with split tunneling for a while 15:23 < Araluccl0> yes... I see... I hoped it was something known... not only my issue... ) 15:23 < Meeloow> Could this be coincidence or could it have to do with the vpn settings? 15:23 <+EugeneKay> Concidence / international routing issues / space aliens ate your packets. :-p 15:23 -!- APTX [APTX@unaffiliated/aptx] has quit [Ping timeout: 260 seconds] 15:24 < Meeloow> I did a tracert to google and it's different than normal aswell 15:24 < Meeloow> It makes me think some things still go through the vpn for some reason haha 15:25 <@vpnHelper> RSS Update - forum: Build own Installer 15:28 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has quit [Read error: Operation timed out] 15:39 -!- JackWinter [~jack@ppp-289.vo.lu] has quit [Remote host closed the connection] 15:44 -!- p3rror [~mezgani@41.249.138.132] has quit [Read error: Connection reset by peer] 15:46 -!- chmig [~chmig@46-126-126-44.dynamic.hispeed.ch] has left #openvpn [] 15:53 -!- APTX [APTX@unaffiliated/aptx] has joined #openvpn 15:55 -!- JackWinter [~jack@ppp-289.vo.lu] has joined #openvpn 16:10 -!- SA007 [~sa007@80-69-95-149.colo.transip.net] has joined #openvpn 16:11 < SA007> hi, i could use some help, openvpn complains about not route to host when trying to setup the vpn 16:11 < SA007> but 1 can ping the host just fine, also netcat on the host/port works 16:12 < SA007> where could be the problem, I had the setup working on a different set of ip's 2 days ago, but now i put it into production and it faild horribly without appearant reason 16:13 < SA007> i have a bridge with tap0 bridget to eth0 on one side, and a client with tap0 on the other side, both are configures wthout any security (plaintext) 16:13 <@vpnHelper> RSS Update - forum: [OK] Simple connection does not work 16:13 < SA007> i have tried udp and tcp, both fail on the same point 16:16 < SA007> also, none of the sides have firewalling, just for testing 16:19 <@vpnHelper> RSS Update - forum: [OK] Simple connection does not work 16:23 < SA007> ok, connection works now, now to get data over it... more dbugging 16:23 < SA007> problem was the subnet mask overlayd the server ip 16:23 < SA007> appearantly it doesn't like that, but with verb 6 error messages get kindof flushed away 16:32 -!- eddyst1 [~eddyst@drsd-4db30d35.pool.mediaWays.net] has left #openvpn [] 16:42 < SA007> is there anybody here? 16:44 <+EugeneKay> Nobody but us rocks. 16:45 -!- wat [~watter@host203.190-30-138.telecom.net.ar] has quit [Ping timeout: 240 seconds] 16:45 < SA007> :) 16:46 < SA007> í'm now struggling with routing 16:46 < SA007> from what i understand this should work, but it doesn't 16:46 < prg3> tcpdump 16:46 < SA007> i've got some wtupid setting wrong, but can't find it 16:46 < prg3> use tcpdump, and find where the packets are going between the 2 systems. 16:47 < SA007> i don't even know what i should be looking for 16:48 < prg3> Well, if you built the routes, you should know which packets and traffic should be going out which interface? watch that interface and make sure they leave on it.. 16:48 < prg3> Or this is client to server? 16:48 < SA007> what i basically want, i have host 1 which is on 81.x.x.64, and host two which is on 80.x.x.150 16:49 < SA007> and i want host two to also have ip adress 81.x.x.61 16:49 < prg3> So vpn in with tap? 16:50 < SA007> i have that, host one is running a bridge between eth0 and tap0, host2 gets in remotely, i have the ip on host2, but the data is not flowing as it should 16:50 < SA007> but i'm puzziling which ip should be at what point in which config 16:50 < prg3> I'm not sure about tap.. everything I've done is tun, it makes more sense to me. 16:51 < SA007> should both ifconfig lines be identical, what about the netmask, by hosting provider says 255.255.255.128, but whith that i can't get the tunnel going 16:52 < prg3> the ifconfigs should be different IP addresess for sure.. 16:52 < prg3> I'm really not sure at all about weirdnesses with tap. What I'd do is setup a backend network and use tun to route to that.. which is your server? 16:52 < SA007> you'd think so, but it gives an error message on that 16:52 < SA007> both are mine 16:53 < prg3> In the OpenVPN context, which is the server and which is the client? 16:53 < SA007> 81.x.x.64 is the server, 80.x.x.150 is the client 16:54 < prg3> Personally, I'd setup .64 with tap, use 10.0.0.0/24 as your backend network, and then it'll assign an IP to 150 on the 10 when it connects. 16:54 < prg3> I can't help with bridging, it frightens me :) 16:54 <@vpnHelper> RSS Update - forum: I connect but I see the network 16:54 < SA007> but that doen't give met the externally visible 81.x.x.61 i need 16:55 < SA007> i have it fully working 2 days ago, but now the netmasks overlap and appearantly openvpn really doen't like that 16:55 < prg3> Oh… 16:56 < prg3> I'm not sure at all with this one.. Probably best to ask the question on anytime not Friday afternoon/evening though :) 16:56 < prg3> I gotta run myself. 16:56 < SA007> yeah, i'd wish i'd had time on a normal hour to move my server, but i don't 16:56 < SA007> really really tired here and still 1,5 hours drive from home... 16:57 < prg3> Ouch 16:57 < prg3> Good luck! 16:57 < SA007> and the damn tunnel isn't working so my websites are down 16:57 < SA007> thanks 16:57 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has joined #openvpn 16:58 -!- wat [~watter@host14.201-252-209.telecom.net.ar] has joined #openvpn 17:06 < SA007> noone here thow know hot to get bridging working? 17:09 -!- Araluccl0 [~lallo@151.77.231.209] has quit [Read error: Connection reset by peer] 17:09 -!- Araluccl0 [~lallo@151.77.231.209] has joined #openvpn 17:12 -!- Araluccl0 [~lallo@151.77.231.209] has quit [Read error: Connection reset by peer] 17:12 -!- Araluccl0 [~lallo@151.77.231.209] has joined #openvpn 17:13 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has quit [Remote host closed the connection] 17:15 -!- Araluccl1 [~lallo@151.77.231.209] has joined #openvpn 17:15 -!- Araluccl0 [~lallo@151.77.231.209] has quit [Read error: Connection reset by peer] 17:15 <+EugeneKay> Nope. Bridging is evil and vile. 17:16 < SA007> i agree, but i need to get stuff temporaily working :P 17:16 < SA007> now trying somehting else evil 17:16 < SA007> prying all used ports using ssh commandline options 17:18 -!- Araluccl0 [~lallo@151.77.231.209] has joined #openvpn 17:20 -!- Araluccl1 [~lallo@151.77.231.209] has quit [Ping timeout: 252 seconds] 17:21 -!- Araluccl1 [~lallo@151.77.231.209] has joined #openvpn 17:21 -!- Araluccl0 [~lallo@151.77.231.209] has quit [Read error: Connection reset by peer] 17:26 -!- Araluccl1 [~lallo@151.77.231.209] has quit [Ping timeout: 252 seconds] 17:27 -!- Araluccl0 [~lallo@151.77.231.209] has joined #openvpn 17:29 -!- pimperle [~pimp@194.59.156.81] has joined #openvpn 17:29 < pimperle> hallo everyone 17:30 < pimperle> when using openvpn with the --redirect-gateway option, it does not create a host route to the openvpn server before tearing down the default route 17:30 < pimperle> hence the connection does not work 17:31 < pimperle> i am using a certificate to login and without redirect-gateway the local adresses get forwarded as expected 17:36 -!- Araluccl0 [~lallo@151.77.231.209] has quit [Read error: Connection reset by peer] 17:36 -!- Araluccl1 [~lallo@151.77.231.209] has joined #openvpn 17:37 -!- defsdoor [~andy@cpc17-sutt4-2-0-cust175.perr.cable.virginmedia.com] has quit [Quit: Ex-Chat] 17:37 -!- gremly [~gremly@200.106.218.64] has quit [Quit: WeeChat 0.3.6] 17:38 -!- Araluccl0 [~lallo@151.77.231.209] has joined #openvpn 17:38 -!- Araluccl1 [~lallo@151.77.231.209] has quit [Read error: Connection reset by peer] 17:41 -!- Araluccl1 [~lallo@151.77.231.209] has joined #openvpn 17:41 -!- Araluccl0 [~lallo@151.77.231.209] has quit [Read error: Connection reset by peer] 17:41 -!- coagula [~coagula@207.204.240.195] has joined #openvpn 17:42 -!- coagula [~coagula@207.204.240.195] has quit [Client Quit] 17:46 -!- Araluccl1 [~lallo@151.77.231.209] has quit [Read error: Connection reset by peer] 17:46 -!- Araluccl0 [~lallo@151.77.231.209] has joined #openvpn 17:50 -!- tekzilla [~jon@hmbg-4d06f59f.pool.mediaWays.net] has quit [Ping timeout: 260 seconds] 17:51 -!- oc80z [oc80z@blea.ch] has quit [Changing host] 17:51 -!- oc80z [oc80z@openvpn/user/oc80z] has joined #openvpn 17:52 -!- tekzilla [~jon@hmbg-4d06b96a.pool.mediaWays.net] has joined #openvpn 17:53 -!- SA007 [~sa007@80-69-95-149.colo.transip.net] has quit [Quit: leaving] 17:53 -!- Araluccl1 [~lallo@151.77.231.209] has joined #openvpn 17:55 -!- Araluccl0 [~lallo@151.77.231.209] has quit [Ping timeout: 252 seconds] 17:55 -!- Araluccl1 [~lallo@151.77.231.209] has quit [Read error: Connection reset by peer] 17:55 -!- Araluccl0 [~lallo@151.77.231.209] has joined #openvpn 18:00 -!- Araluccl1 [~lallo@151.77.231.209] has joined #openvpn 18:00 -!- Araluccl0 [~lallo@151.77.231.209] has quit [Ping timeout: 252 seconds] 18:02 -!- p3rror [~mezgani@2001:470:1f0b:c66:1::2] has joined #openvpn 18:06 <@vpnHelper> RSS Update - forum: New installation on Vmware esxi 5.0 - use appliance or not? 18:07 -!- Araluccl1 [~lallo@151.77.231.209] has quit [Ping timeout: 252 seconds] 18:08 -!- Araluccl0 [~lallo@151.77.231.209] has joined #openvpn 18:14 -!- Araluccl1 [~lallo@216.231.135.109] has joined #openvpn 18:14 -!- dkr [~dkr@67.132.255.16] has quit [Ping timeout: 252 seconds] 18:14 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has quit [Ping timeout: 260 seconds] 18:15 -!- wat [~watter@host14.201-252-209.telecom.net.ar] has quit [Ping timeout: 240 seconds] 18:17 -!- Araluccl0 [~lallo@151.77.231.209] has quit [Ping timeout: 252 seconds] 18:18 -!- Araluccl0 [~lallo@151.77.231.209] has joined #openvpn 18:21 -!- Araluccl1 [~lallo@216.231.135.109] has quit [Ping timeout: 252 seconds] 18:21 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has joined #openvpn 18:27 -!- wat [~watter@host73.201-252-193.telecom.net.ar] has joined #openvpn 18:38 -!- MeanderingCode_ [~Meanderin@97-123-14-239.albq.qwest.net] has joined #openvpn 18:39 -!- MeanderingCode [~Meanderin@97-123-14-239.albq.qwest.net] has quit [Ping timeout: 252 seconds] 18:49 -!- Araluccl1 [~lallo@151.77.231.209] has joined #openvpn 18:49 -!- Araluccl0 [~lallo@151.77.231.209] has quit [Read error: Connection reset by peer] 18:53 -!- Araluccl0 [~lallo@151.77.231.209] has joined #openvpn 18:53 -!- Araluccl1 [~lallo@151.77.231.209] has quit [Read error: Connection reset by peer] 19:01 -!- Araluccl1 [~lallo@151.77.231.209] has joined #openvpn 19:01 -!- Araluccl0 [~lallo@151.77.231.209] has quit [Read error: Connection reset by peer] 19:12 -!- koaschten_ [~koaschten@31-16-0-231-dynip.superkabel.de] has joined #openvpn 19:14 -!- JackWinter2 [~jack@ppp-289.vo.lu] has joined #openvpn 19:15 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has quit [Read error: Operation timed out] 19:15 -!- koaschten [~koaschten@31-16-0-231-dynip.superkabel.de] has quit [Ping timeout: 272 seconds] 19:16 -!- JackWinter [~jack@ppp-289.vo.lu] has quit [Ping timeout: 240 seconds] 19:19 -!- Araluccl0 [~lallo@151.77.231.209] has joined #openvpn 19:19 -!- Araluccl1 [~lallo@151.77.231.209] has quit [Read error: Connection reset by peer] 19:25 -!- Araluccl1 [~lallo@151.77.231.209] has joined #openvpn 19:25 -!- Araluccl0 [~lallo@151.77.231.209] has quit [Read error: Connection reset by peer] 19:25 -!- newl [~newl@97.75.165.156] has joined #openvpn 19:25 -!- newl [~newl@97.75.165.156] has quit [Client Quit] 19:27 -!- newl [~newl@97.75.165.156] has joined #openvpn 19:28 -!- Araluccl0 [~lallo@151.77.231.209] has joined #openvpn 19:28 -!- Araluccl1 [~lallo@151.77.231.209] has quit [Read error: Connection reset by peer] 19:32 -!- Araluccl1 [~lallo@151.77.231.209] has joined #openvpn 19:32 -!- Araluccl0 [~lallo@151.77.231.209] has quit [Read error: Connection reset by peer] 19:38 -!- newl [~newl@97.75.165.156] has left #openvpn [] 19:56 -!- APTX [APTX@unaffiliated/aptx] has quit [Ping timeout: 252 seconds] 19:57 -!- APTX [APTX@unaffiliated/aptx] has joined #openvpn 20:00 -!- Meeloow [~Meeloow@5ED4728D.cm-7-5b.dynamic.ziggo.nl] has quit [Quit: Ik ga weg] 20:43 <@vpnHelper> RSS Update - forum: OpenVPN + OSX + Viscosity Error 20:48 -!- zeshoem [~zee@108.162.156.19] has joined #openvpn 21:04 -!- Denial [Denial@drgi.co.uk] has quit [] 21:09 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 21:12 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 21:41 -!- DrArcheh [~drarcheh@85.214.227.198] has quit [Changing host] 21:41 -!- DrArcheh [~drarcheh@unaffiliated/drarcheh] has joined #openvpn 22:00 -!- JoeK [~Joseph@node1-eros.hostftw.com] has quit [Quit: ZNC - http://znc.in] 22:04 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 22:05 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 22:06 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has quit [Quit: This computer has gone to sleep] 23:14 -!- wat [~watter@host73.201-252-193.telecom.net.ar] has quit [Ping timeout: 240 seconds] 23:24 -!- raidz [~raidz@openvpn/corp/admin/andrew] has quit [Ping timeout: 252 seconds] 23:28 -!- wat [~watter@host46.200-117-224.telecom.net.ar] has joined #openvpn --- Day changed Sat Jan 21 2012 00:08 -!- durando [~quassel@cpe-67-253-41-119.maine.res.rr.com] has joined #openvpn 00:14 -!- durando_ [~quassel@cpe-67-253-41-119.maine.res.rr.com] has joined #openvpn 00:33 -!- durando [~quassel@cpe-67-253-41-119.maine.res.rr.com] has quit [Remote host closed the connection] 00:43 -!- Gravitro_ [~admin@69.163.40.45] has quit [Ping timeout: 252 seconds] 00:49 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 00:51 -!- sW0rd7_indie [~sW0rd7_in@c-68-61-162-175.hsd1.mi.comcast.net] has joined #openvpn 00:54 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 00:58 -!- sW0rd7_indie [~sW0rd7_in@c-68-61-162-175.hsd1.mi.comcast.net] has quit [] 01:05 <@vpnHelper> RSS Update - forum: Specifying external IP pool and custom port per client. 01:06 -!- koaschten_ [~koaschten@31-16-0-231-dynip.superkabel.de] has quit [Ping timeout: 248 seconds] 01:08 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 01:15 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 01:19 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 01:20 -!- ScriptFanix [~vincent@Hanaman.riquer.fr] has joined #openvpn 01:43 -!- ScriptFanix [~vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 01:44 -!- `Ile` [~kvirc@91-150-99-228.dynamic.isp.telekom.rs] has joined #openvpn 01:53 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 02:04 -!- diemaco [~doom@2001:470:1d:5d8:4c8e:9396:7d4a:cdc3] has quit [Read error: Connection reset by peer] 02:05 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 02:08 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 02:10 -!- wat [~watter@host46.200-117-224.telecom.net.ar] has quit [Ping timeout: 240 seconds] 02:17 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 02:24 -!- wat [~watter@host134.186-125-77.telecom.net.ar] has joined #openvpn 02:34 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 02:41 -!- mjbots [~thutomj@168.167.176.49] has joined #openvpn 02:43 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 02:46 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 02:53 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 02:57 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 02:58 < mjbots> !welcome 02:58 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 02:59 < mjbots> !goal 02:59 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc 03:02 < mjbots> 1. Which hardware devices does openvpn require? 03:05 < mjbots> 2. Do I need to have a public static IP for the office and at home? 03:06 < mjbots> 3. Do I have to purchase a firewall like cisco asa firewall or a standard modem provided by ISP will work just fine? 03:08 < mjbots> 4. What kind of support does openvpn team offer except for software updates? 03:11 < mjbots> 5. Does the openvpn also offer installations, configurations and implementation remotely? What are charges? 03:14 <+EugeneKay> Any x86-like hardware 03:15 <+EugeneKay> The server needs to have a public IP. The client can be behind any UDP or TCP-passing NAT device 03:15 <+EugeneKay> Firewalling is up to you. Linux's iptables works well. 03:16 <+EugeneKay> The same provided by most GPL projects - man pages and volunteers on the mailing list. You can buy support/services from OpenVPN Techonologies, the company behind most development on the project. 03:16 <+EugeneKay> Not as such, but you can find consultants willing to do such, or purchase OpenVPN-AS, which is OpenVPN Tech's hosted product. 03:17 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 03:18 <+EugeneKay> Addendum to the first - you can run openvpn on anything that it'll compile for, but x86 and x86-64 linux distros or BSD are the most common. It's also available for Android, and ARM router firmwares such as Tomato and OpenWRT. If you want high speed you'll want a commodity *nix server, though. 03:30 <+EugeneKay> mjbots - yurp, but please try to keep it in-channel 03:30 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 03:35 < mjbots> So that is to say, from the ISP to the openvpn_server (with 2 nic ports - external and internal) right! 03:36 < mjbots> But what if the ISP doesnt offer static IP address to public? 03:36 <+EugeneKay> Then there's not much you can do to get incoming access. 03:36 < mjbots> Will it work if I use some service like dyndns 03:37 <+EugeneKay> That only serves to give you a static hostname on your dynamic IP. You still need to be able to receive the incoming UDP or TCP connection. 03:38 <+EugeneKay> That means a public IP. 03:38 <+EugeneKay> You can use an external VPN server to route your way in, but that takes a VPS or such someplace 03:38 <@vpnHelper> RSS Update - forum: [Help] Problem To Connect to the Server || Remote Desktop 03:39 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 03:40 < mjbots> That's where the OpenVPN-AS comes into play? 03:41 <+EugeneKay> If you want them to hsot it, sure. But I really don't even know if it's possible to do it with them - I've not used AS. 03:42 < mjbots> But now in my case, I do not think the ISP will give me a static IP? Maybe they are going to require the company to get a leased line, is that so? 03:43 <+EugeneKay> Depends upon the carrier, but a leased line had damn well better come with a static public IP, for the kinda prices you pay. 03:48 < mjbots> I am currently trying to get hold of ISP to see if it's possible to get a static IP 04:23 -!- master_of_master [~master_of@p57B55AFA.dip.t-dialin.net] has quit [Read error: Operation timed out] 04:24 -!- master_of_master [~master_of@p57B55616.dip.t-dialin.net] has joined #openvpn 05:24 -!- Araluccl0 [~lallo@151.77.77.173] has joined #openvpn 05:26 -!- Araluccl1 [~lallo@151.77.231.209] has quit [Ping timeout: 252 seconds] 05:31 <@vpnHelper> RSS Update - forum: hi 05:35 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 05:49 -!- jameslordhz [~jack@125.109.172.245] has joined #openvpn 05:52 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn 05:52 -!- mode/#openvpn [+v s7r] by ChanServ 06:10 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has joined #openvpn 06:20 <@vpnHelper> RSS Update - forum: Route problems in Windows 7/2008 (SOLVED) 06:21 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Ping timeout: 252 seconds] 06:22 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 06:24 -!- style [style@vpn.ilric.org] has quit [Quit: leaving] 06:26 -!- axelm7 [~axelm7@186.135.14.163] has joined #openvpn 06:31 -!- `Ile` [~kvirc@91-150-99-228.dynamic.isp.telekom.rs] has quit [Read error: Operation timed out] 06:34 -!- esters [50e8ea11@gateway/web/freenode/ip.80.232.234.17] has joined #openvpn 06:34 -!- Denial [Denial@drgi.co.uk] has joined #openvpn 06:37 -!- tjz [~pc@unaffiliated/tjz] has quit [Quit: bbl.] 06:43 -!- esters [50e8ea11@gateway/web/freenode/ip.80.232.234.17] has quit [Ping timeout: 258 seconds] 06:45 -!- jameslordhz [~jack@125.109.172.245] has quit [Ping timeout: 240 seconds] 06:45 -!- `Ile` [~kvirc@109-93-12-95.dynamic.isp.telekom.rs] has joined #openvpn 07:01 -!- `Ile` [~kvirc@109-93-12-95.dynamic.isp.telekom.rs] has quit [Quit: Changing server...] 07:02 -!- `Ile` [~kvirc@109-93-12-95.dynamic.isp.telekom.rs] has joined #openvpn 07:03 -!- sunzofma1 [~sunzofman@c-76-112-187-140.hsd1.mi.comcast.net] has joined #openvpn 07:03 < sunzofma1> greetz 07:04 -!- axelm8 [~axelm7@186.135.14.163] has joined #openvpn 07:05 -!- jameslordhz [~jack@125.109.172.245] has joined #openvpn 07:07 -!- axelm7 [~axelm7@186.135.14.163] has quit [Ping timeout: 252 seconds] 07:08 -!- esters [50e8ea11@gateway/web/freenode/ip.80.232.234.17] has joined #openvpn 07:08 < esters> Hi, I would like to know how to properly set up an openvpn setup (2.1.4) between two routers and different subnets, the server is 192.168.1.1 / 255.255.255.0 - http://pastebin.com/qBsm5G4E and client 192.168.2.1 / 255.255.255.0 - http://pastebin.com/aY4eBmHQ when i applied the settings above my client router hung and i had to do a hard reset and disable openvpn. 07:12 <@vpnHelper> RSS Update - forum: How do I make client work with certificate? 07:31 -!- esters [50e8ea11@gateway/web/freenode/ip.80.232.234.17] has quit [Ping timeout: 258 seconds] 07:47 -!- zeshoem [~zee@108.162.156.19] has quit [Ping timeout: 240 seconds] 07:47 <@vpnHelper> RSS Update - forum: Howto run multiple client connection using single daemon 07:50 < hyper_ch> krzee: http://i43.tinypic.com/t7omww.jpg 08:21 -!- axelm7 [axelm7@186.135.14.163] has joined #openvpn 08:22 -!- axelm8 [~axelm7@186.135.14.163] has quit [Ping timeout: 240 seconds] 08:41 -!- jameslordhz [~jack@125.109.172.245] has quit [Ping timeout: 252 seconds] 08:43 -!- kofi is now known as matsim 08:50 -!- ibins [~Michael@2001:6f8:1c60:7777:21a:4dff:fe66:600c] has joined #openvpn 08:55 -!- vlt [~dm@suez.activ-job.com] has quit [Remote host closed the connection] 08:59 < sunzofma1> are there existing bash scripts which help automate the client key generating process. perhaps one that uses expect? 09:00 < hyper_ch> sunzofma1: there will be - as soon as you write one :) 09:00 < hyper_ch> it shouldn't be too hard to generate such thing 09:01 < sunzofma1> building keys manually can be a grind when you have 20-30 users ;-) 09:01 < sunzofma1> hyper_ch: point well taken 09:01 < hyper_ch> probably make a user.txt file 09:01 < hyper_ch> each line a new key 09:01 < hyper_ch> and a bash script that loops through the entries and creates the keys 09:01 < rob0> In the imaginary world, the way it ought to work, users would generate their own keys and send a CSR to you. 09:02 < rob0> I know that's not how it really works, though. 09:02 -!- s7r [~s7r@openvpn/user/s7r] has left #openvpn [] 09:03 < sunzofma1> hyper_ch: just didn't want re-invent if not necessary 09:03 < hyper_ch> sunzofma1: and don't forget to publish it :) 09:04 < sunzofma1> hyper_ch: indeed 09:09 -!- eddyst [~eddyst@drsd-4dbdadfa.pool.mediaWays.net] has joined #openvpn 09:09 -!- eddyst [~eddyst@drsd-4dbdadfa.pool.mediaWays.net] has left #openvpn [] 09:09 -!- `Ile` [~kvirc@109-93-12-95.dynamic.isp.telekom.rs] has quit [Remote host closed the connection] 09:17 -!- pierreghz [~pierreghz@cust-160-62-111-94.dyn.as47377.net] has joined #openvpn 09:24 <@vpnHelper> RSS Update - forum: Static IP Windows Please 09:26 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has joined #openvpn 09:29 -!- jameslordhz [~jack@125.109.172.245] has joined #openvpn 09:36 -!- jameslordhz [~jack@125.109.172.245] has quit [Ping timeout: 240 seconds] 09:37 -!- JoeGazz84 [~JoeGazz84@TechEssentials/JoeGazz84] has quit [Quit: У меня есть более важные дела, чем холостой здесь.] 09:40 -!- JoeGazz84 [~JoeGazz84@TechEssentials/JoeGazz84] has joined #openvpn 09:51 -!- jameslordhz [~jack@125.109.172.245] has joined #openvpn 09:52 < jameslordhz> hi all 09:52 < jameslordhz> i face a strange problem 09:52 < jameslordhz> i need help 09:53 <+EugeneKay> !psychic 09:53 <@vpnHelper> "psychic" is We're not psychic -- please !paste your !configs and !logs and a description of the issue 10:00 -!- jameslordhz [~jack@125.109.172.245] has quit [Ping timeout: 260 seconds] 10:01 -!- jameslordhz [~jack@125.109.172.245] has joined #openvpn 10:01 * Olipro muses as to whether the "strange problem" is related to that ping timeout 10:07 < rob0> numerous ping timeouts! 10:08 < rob0> 14:41, 15:36, 16:00 UTC 10:09 < Olipro> and all within a range of 240-260 10:09 < Olipro> you'd think that if you wanted help with a faulty connection, you wouldn't try to get that help over said connection 10:09 -!- axelm7 [axelm7@186.135.14.163] has quit [Ping timeout: 252 seconds] 10:12 < jameslordhz> EugeneKay, dude, my dhcp on lan is 192.168.1.0/24, but when i connect that router, the ip i get is 10.10.52.102, god, what a hell that is, the ip should be in 192.168.1.0/24 10:13 < jameslordhz> EugeneKay i connect the wan port of my router to another router whose dhcp range is in 10.10.52.0/24 10:13 < jameslordhz> dude, wrong channel:( 10:13 < rob0> A problem indeed, but how is that related to the topic of #openvpn? 10:13 < rob0> ah :) 10:16 < Olipro> I think his problem is OpenWRT related 10:18 -!- Olipro is now known as Llamafarmers 10:22 -!- ibins [~Michael@2001:6f8:1c60:7777:21a:4dff:fe66:600c] has quit [Quit: Verlassend] 10:27 -!- Llamafarmers is now known as Olipro 10:29 -!- durando_ [~quassel@cpe-67-253-41-119.maine.res.rr.com] has quit [Remote host closed the connection] 10:50 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 10:58 -!- sunzofma1 [~sunzofman@c-76-112-187-140.hsd1.mi.comcast.net] has quit [Read error: Connection reset by peer] 11:02 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Quit: UnterPerro lives to save another day] 11:06 <+EugeneKay> Why would I care at all? 11:07 < hyper_ch> EugeneKay: because you're a caring person 11:10 <+EugeneKay> u funny bro 11:12 < hyper_ch> :) 11:24 -!- catsup [d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer] 11:24 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn 11:34 -!- [zs] [~zs@94.76.206.194] has joined #openvpn 11:38 -!- guifort [~guifort@ALille-554-1-80-165.w90-47.abo.wanadoo.fr] has joined #openvpn 11:38 < guifort> Hello All 11:44 < guifort> I have a small question, for the redirect gateway option 11:47 -!- koaschten [~koaschten@31-16-0-231-dynip.superkabel.de] has joined #openvpn 11:47 < guifort> I use OpenVPN on some network like 3G Network or WiMax Network, but on some connection the gateway isn't in the same subnet as the IP address like, IP : 41.201.X.X / 255.255.255.0 and the gateway is 172.20.6.1 11:49 < guifort> When I configure the redirect gateway option with or without def1 , the route add failed because the gateway isn't in the same subnet, ( Windows error) have you a solution ? 11:50 < dioz> run as administrator 11:50 < dioz> i actually don't know 11:50 < dioz> disregard that statement 11:51 < guifort> I 'am at administrator the problem is the same an XP or 7 system 11:52 < guifort> If I try to add a route manually with cmd it fail also, besause the subnet isn't the same :/ 11:59 -!- amir [~amir@unaffiliated/amir] has quit [Remote host closed the connection] 12:00 -!- amir [~amir@unaffiliated/amir] has joined #openvpn 12:02 < dioz> i administer a big network 12:02 < dioz> i hate it 12:14 < catsup> you need to have a route for the gateway 12:14 < catsup> like a host route or whatever 12:15 < catsup> you cannot route over an IP you don't have another route to 12:16 < guifort> yes ... but it's work for the internet access it's strange network with this wimax provider 12:19 -!- [zs] [~zs@94.76.206.194] has left #openvpn ["PING 1327169971"] 12:28 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has joined #openvpn 12:28 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has quit [Changing host] 12:28 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 12:28 -!- mode/#openvpn [+v Axeman] by ChanServ 12:31 -!- Axeman [~Axeman3@openvpn/user/axeman] has left #openvpn [] 12:37 <@vpnHelper> RSS Update - forum: Which one better 12:39 -!- zz_mgorbach [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has quit [Quit: ZNC - http://znc.in] 12:40 -!- mgorbach [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has joined #openvpn 12:44 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Ping timeout: 252 seconds] 12:46 -!- axelm7 [axelm7@186.135.14.163] has joined #openvpn 12:46 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 13:01 <@vpnHelper> RSS Update - forum: User Auth for VPN 13:49 <@vpnHelper> RSS Update - forum: Bought OpenVPN during the week now it won't work 13:58 < jpsil> Hey, can somebody help me with setting up OVPN? 14:01 < dioz> help you what with setting up openvpn? 14:06 -!- Araluccl0 [~lallo@151.77.77.173] has quit [Ping timeout: 252 seconds] 14:15 -!- `Ile` [~kvirc@93-86-248-49.dynamic.isp.telekom.rs] has joined #openvpn 14:15 < Essobi> ecrist: luls. I figured out that weird CCD thing. :| 14:30 -!- JackWinter2 [~jack@ppp-289.vo.lu] has quit [Quit: Konversation terminated!] 14:34 -!- JackWinter [~jack@ppp-289.vo.lu] has joined #openvpn 14:38 -!- Shishire [~emperorsh@pdpc/supporter/student/shishire] has joined #openvpn 14:39 -!- Araluccl0 [~lallo@151.77.77.173] has joined #openvpn 14:42 -!- oc80z [oc80z@openvpn/user/oc80z] has quit [Excess Flood] 14:43 -!- oc80z [oc80z@blea.ch] has joined #openvpn 14:59 -!- anonsolal [~solal@cxr69-2-87-91-63-89.dsl.sta.abo.bbox.fr] has joined #openvpn 14:59 < anonsolal> o/ 15:00 < anonsolal> I've just installed openvpn, how do I use it ? 15:00 < anonsolal> I'm on Linux Mint 15:01 < anonsolal> !welcome 15:01 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 15:02 -!- BoomSie [~gideon@84-245-27-118.dsl.cambrium.nl] has joined #openvpn 15:08 < Olipro> hello, I've just bought a computer, how do I use it? 15:09 * Olipro pushes EugeneKay's "On" button 15:24 -!- BoomSie [~gideon@84-245-27-118.dsl.cambrium.nl] has quit [Quit: Ex-Chat] 15:29 -!- BoomSie [~gideon@84-245-27-118.dsl.cambrium.nl] has joined #openvpn 15:33 -!- guifort [~guifort@ALille-554-1-80-165.w90-47.abo.wanadoo.fr] has quit [Quit: Quitte] 16:01 -!- p3rror [~mezgani@2001:470:1f0b:c66:1::2] has quit [Ping timeout: 252 seconds] 16:15 -!- p3rror [~mezgani@41.248.198.247] has joined #openvpn 16:19 -!- anonsolal [~solal@cxr69-2-87-91-63-89.dsl.sta.abo.bbox.fr] has quit [Ping timeout: 245 seconds] 16:21 -!- kaiyou [~kaiyou_fn@blitzen.pierre.jaury.eu] has joined #openvpn 16:23 -!- pierreghz [~pierreghz@cust-160-62-111-94.dyn.as47377.net] has quit [Ping timeout: 248 seconds] 16:27 -!- pierreghz [~pierreghz@cust-160-62-111-94.dyn.as47377.net] has joined #openvpn 16:27 -!- pierreghz [~pierreghz@cust-160-62-111-94.dyn.as47377.net] has quit [Read error: Connection reset by peer] 16:30 -!- anonsolal [~solal@cxr69-2-87-91-63-89.dsl.sta.abo.bbox.fr] has joined #openvpn 16:32 <@vpnHelper> RSS Update - forum: Problems with OpenVPN 2.2.2 on Windows Server 16:36 -!- anonsolal [~solal@cxr69-2-87-91-63-89.dsl.sta.abo.bbox.fr] has quit [Quit: Quitte] 16:46 -!- Shishire [~emperorsh@pdpc/supporter/student/shishire] has quit [] 16:50 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has quit [Remote host closed the connection] 17:02 -!- treund [~treund@97.75.177.42] has joined #openvpn 17:27 -!- JackWinter [~jack@ppp-289.vo.lu] has quit [Ping timeout: 272 seconds] 17:34 -!- JackWinter [~jack@ppp-289.vo.lu] has joined #openvpn 17:38 -!- gremly [~gremly@200.106.218.64] has joined #openvpn 17:48 -!- tekzilla [~jon@hmbg-4d06b96a.pool.mediaWays.net] has quit [Read error: Operation timed out] 17:48 -!- JackWinter [~jack@ppp-289.vo.lu] has quit [Remote host closed the connection] 17:48 -!- Araluccl1 [~lallo@151.77.253.164] has joined #openvpn 17:49 -!- JackWinter [~jack@ppp-289.vo.lu] has joined #openvpn 17:50 -!- Araluccl0 [~lallo@151.77.77.173] has quit [Ping timeout: 252 seconds] 17:51 -!- JackWinter [~jack@ppp-289.vo.lu] has quit [Client Quit] 17:52 -!- tekzilla [~jon@hmbg-4d06a2b2.pool.mediaWays.net] has joined #openvpn 17:53 -!- JackWinter [~jack@ppp-289.vo.lu] has joined #openvpn 17:55 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has joined #openvpn 18:14 -!- h4x0r` [~h4x0r@unaffiliated/respekt] has joined #openvpn 18:14 -!- h4x0r` [~h4x0r@unaffiliated/respekt] has left #openvpn [] 18:15 -!- bestNameEver [~h4x0r@unaffiliated/respekt] has joined #openvpn 18:15 < bestNameEver> hi all 18:15 < bestNameEver> im interested in making my own openvpn driver for windows 18:15 < bestNameEver> could i get some basic pointers on how to configure my options and build for win7 please? 18:16 < bestNameEver> have looked everywhere and kinda feeling abstract 18:20 < Olipro> having the Windows Driver Kit would be a good start 18:21 -!- p3rror [~mezgani@41.248.198.247] has quit [Ping timeout: 240 seconds] 18:24 < bestNameEver> yes i have it installed :) 18:24 < bestNameEver> im in the tap-win32 directory, but im not sure what to do exactly from here 18:24 < bestNameEver> i issued the build command, i dont believe it compiled anything tho lol 18:24 < bestNameEver> help much appreciated Olipro 18:26 < Olipro> why do you think it didn't do anything? 18:27 < Olipro> you should now have a .sys file 18:27 < bestNameEver> i figure i need to alter some config.h settings or something? 18:27 -!- Araluccl0 [~lallo@151.77.193.131] has joined #openvpn 18:27 < bestNameEver> i issued x86 build but im on x64 but i doubt that would make a huge diff 18:28 < Olipro> it does if you want to actually use the driver under x64 18:28 < Olipro> the version that gets compiled depends on the WDK environment you launch 18:29 < bestNameEver> the thing is no compilation seems to take place.. 18:29 < Olipro> go to tap dir -> make 18:30 < bestNameEver> makefile:6: *** missing separator. Stop. 18:30 -!- Araluccl1 [~lallo@151.77.253.164] has quit [Ping timeout: 252 seconds] 18:33 -!- jpsil [~johnpat@nj-71-2-36-131.dhcp.embarqhsd.net] has left #openvpn [] 18:34 -!- p3rror [~mezgani@41.140.172.97] has joined #openvpn 18:34 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has quit [Read error: Connection reset by peer] 18:34 -!- BoomSie [~gideon@84-245-27-118.dsl.cambrium.nl] has quit [Quit: Ex-Chat] 18:35 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has joined #openvpn 18:35 -!- Araluccl1 [~lallo@151.77.204.35] has joined #openvpn 18:35 < bestNameEver> Olipro, can u help me with this? 18:37 -!- Araluccl0 [~lallo@151.77.193.131] has quit [Ping timeout: 252 seconds] 18:37 < Olipro> either there's something wrong with the makefile (presumably not) or your environment isn't configured correctly 18:37 < Olipro> and I really do not feel like pouring through the myriad possibilies the latter could entail 18:38 -!- Araluccl0 [~lallo@151.77.207.200] has joined #openvpn 18:38 < bestNameEver> ok.. 18:38 < bestNameEver> i renamed SOURCES.in to sources and got a few errors now. 18:38 < bestNameEver> cant find autodefs.h 18:40 -!- Araluccl1 [~lallo@151.77.204.35] has quit [Ping timeout: 252 seconds] 18:42 < bestNameEver> might needs some deps like pkcs-11 18:42 < bestNameEver> idk, documented much? 18:43 <@vpnHelper> RSS Update - forum: multiple disconnects while sftp'ing over an openvpn channel 18:43 < bestNameEver> thx 18:43 -!- Araluccl1 [~lallo@151.77.215.37] has joined #openvpn 18:44 -!- Araluccl0 [~lallo@151.77.207.200] has quit [Ping timeout: 252 seconds] 18:44 < bestNameEver> um ok so can anybody help me with some win32 make assistance win7 ? 18:47 < bestNameEver> maybe i need perl lol 18:50 -!- Araluccl0 [~lallo@151.77.223.143] has joined #openvpn 18:52 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Read error: Connection reset by peer] 18:52 -!- Araluccl1 [~lallo@151.77.215.37] has quit [Ping timeout: 252 seconds] 18:53 -!- Araluccl1 [~lallo@151.77.227.161] has joined #openvpn 18:55 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 18:55 -!- Araluccl0 [~lallo@151.77.223.143] has quit [Ping timeout: 252 seconds] 18:56 -!- bestNameEver [~h4x0r@unaffiliated/respekt] has left #openvpn [] 19:00 -!- Araluccl0 [~lallo@151.77.235.55] has joined #openvpn 19:01 -!- h4x0r` [~h4x0r@unaffiliated/respekt] has joined #openvpn 19:01 < h4x0r`> Olipro, im back 19:02 -!- Araluccl1 [~lallo@151.77.227.161] has quit [Ping timeout: 252 seconds] 19:02 < Olipro> I thought you were over at #ipv6 19:07 -!- Araluccl1 [~lallo@151.77.244.124] has joined #openvpn 19:10 -!- Araluccl0 [~lallo@151.77.235.55] has quit [Ping timeout: 252 seconds] 19:19 -!- Araluccl0 [~lallo@151.77.129.130] has joined #openvpn 19:20 < h4x0r`> i will be soon champ 19:22 -!- Araluccl1 [~lallo@151.77.244.124] has quit [Ping timeout: 252 seconds] 19:24 -!- Araluccl1 [~lallo@151.77.134.123] has joined #openvpn 19:25 -!- Denial [Denial@drgi.co.uk] has quit [] 19:27 -!- Araluccl0 [~lallo@151.77.129.130] has quit [Ping timeout: 252 seconds] 19:30 < h4x0r`> alright so sstill no luck customising this driver or building it for use with my own application 19:35 < Olipro> I hate to break this to you, but, even if you get it to build for x64, you still have the issue of signing the driver 19:35 < Olipro> or you can disable driver signing enforcement 19:35 < h4x0r`> i dont plan on distributing it 19:36 < h4x0r`> if u tell how to build it ill work on signing it then lol 19:39 -!- treund [~treund@97.75.177.42] has left #openvpn [] 19:40 < rob0> You would probably do better asking in a channel for your build environment. Most of us here don't even use Windows. 19:41 < rob0> How to compile something in Windows is not really an openvpn issue, even if you happen to be compiling openvpn. 19:45 < rob0> One thing that might be on topic here, although I doubt we'd have much to say about it, would be why you want to build your own tap driver rather than use the distributed binary. 19:45 < h4x0r`> well thanks for the explanation i really appreciate :) 19:45 < h4x0r`> it* 19:46 -!- `Ile` [~kvirc@93-86-248-49.dynamic.isp.telekom.rs] has quit [Remote host closed the connection] 19:47 < h4x0r`> rob0, ive always wanted to investigate building my own drivers.. its just a learning curve, thanks to all concerned for that chat, sorry about the random issue, i should be able to get this sorted, i was just thinking there should be more converage on a win32 build, anyway thx again 19:48 < rob0> You can probably learn a lot just from reading and experimenting with the source code. 19:49 < h4x0r`> Absolutley - thats my next form of targetted approach, heh 19:49 < rob0> good luck 20:11 -!- gremly [~gremly@200.106.218.64] has quit [Quit: WeeChat 0.3.6] 20:25 -!- Araluccl0 [~lallo@151.77.188.15] has joined #openvpn 20:28 -!- Araluccl1 [~lallo@151.77.134.123] has quit [Ping timeout: 252 seconds] 20:37 -!- Araluccl1 [~lallo@151.77.199.79] has joined #openvpn 20:39 -!- Araluccl0 [~lallo@151.77.188.15] has quit [Ping timeout: 252 seconds] 20:41 -!- Araluccl0 [~lallo@151.77.202.149] has joined #openvpn 20:43 -!- Araluccl1 [~lallo@151.77.199.79] has quit [Ping timeout: 252 seconds] 20:54 -!- axelm7 [axelm7@186.135.14.163] has quit [Ping timeout: 255 seconds] 21:02 -!- Araluccl1 [~lallo@151.77.218.175] has joined #openvpn 21:04 -!- Araluccl0 [~lallo@151.77.202.149] has quit [Ping timeout: 252 seconds] 21:06 -!- Araluccl0 [~lallo@151.77.221.143] has joined #openvpn 21:08 -!- Araluccl1 [~lallo@151.77.218.175] has quit [Ping timeout: 252 seconds] 21:14 -!- MeanderingCode_ [~Meanderin@97-123-14-239.albq.qwest.net] has quit [Ping timeout: 240 seconds] 21:19 -!- treund [~treund@97.75.177.42] has joined #openvpn 21:31 < h4x0r`> guys srsrly having a nightmare 21:31 < h4x0r`> is there an easy way to compile openvpn under win32? 21:33 < h4x0r`> am i supposed to build dependencies and eddit settings.in 21:33 < h4x0r`> whats the story with it 21:36 < treund> just get a prebuilt 21:37 < h4x0r`> i want to build my own driver 21:37 < h4x0r`> it shouldnt be this , random :p 21:37 < h4x0r`> installing mingw, maybe itll be more effective than perl 21:37 < h4x0r`> the thing is nothings mentioned about settings.in or anything, so im not sure what steps im actually missing . 21:38 < treund> you are trying to build openvpn from source using perl?? 21:38 < h4x0r`> just the tap-win32 driver mate 21:38 < h4x0r`> thats all i need.. 21:39 < h4x0r`> this says download source, cd tap-win32, issue 'build' command from wdk 21:39 < h4x0r`> http://www.varsanofiev.com/inside/using_tuntap_under_windows.htm 21:39 <@vpnHelper> Title: Using tuntap under Windows (at www.varsanofiev.com) 21:39 < treund> http://i3.cs.berkeley.edu/impl/win/tap-win32.html 21:39 <@vpnHelper> Title: TAP-Win32 driver installation (at i3.cs.berkeley.edu) 21:40 < h4x0r`> treund, lulz yes thank you, but i need to build my own 21:42 -!- JackWinter [~jack@ppp-289.vo.lu] has quit [Quit: Konversation terminated!] 21:47 < h4x0r`> omfg. 21:47 < h4x0r`> mingw worked first hit 21:47 -!- JackWinter [~jack@ppp-289.vo.lu] has joined #openvpn 21:55 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has quit [Ping timeout: 248 seconds] 21:57 -!- treund [~treund@97.75.177.42] has quit [Quit: leaving] 22:12 -!- Guy1 [~JustMe@75-130-166-114.static.hlrg.nc.charter.com] has joined #openvpn 22:16 -!- Guy1 is now known as me 22:16 -!- me is now known as Guest4572 22:18 -!- Guest4572 [~JustMe@75-130-166-114.static.hlrg.nc.charter.com] has quit [Quit: Leaving] 22:38 -!- kokozedman [607fb67a@gateway/web/freenode/ip.96.127.182.122] has joined #openvpn 22:39 < kokozedman> hey guys... what's the best way to really speed-up the negotiation between server/client? 22:39 < kokozedman> i'm trying to implement a non-stop internet on a dynamic ip address, which sometimes reconnects 22:39 < kokozedman> and currently, it takes a rather long time, causing the existing connections to sometime break 22:40 < kokozedman> the line takes about 5 - 8 seconds to reconnect 22:40 < h4x0r`> im actually wondering how to change the name of the driver in ipconfig - it comes up as Tap32 V9 i think 22:40 < kokozedman> and openvpn takes about the same 22:41 < Olipro> are you using static TLS keys? 22:42 < kokozedman> Olipro: no, i'm in server/clients mode (several clients, single server) 22:42 < rob0> I can reboot my adsl modem, come back up with a new IP, and 2-3 minutes later when all the dust is settled and vpn reconnects, my ssh sessions are still active. 22:43 < Olipro> ditto 22:43 < Olipro> 5-8 seconds shouldn't impact a TCP connection 22:43 < kokozedman> rob0: yeah, i know SSH is really hard ball at keeping itself alive ... but what about people downloing email attachments 22:43 < Olipro> are you using persist-tun 22:43 -!- ZBandit [~wjones@66.148.253.114.nw.nuvox.net] has joined #openvpn 22:44 < kokozedman> i agree, but given OpenVPN taking about 5 - 10 seconds to re-establish itself after i trigger a SIGUSR1 from ppp's ip-up ... sometimes it breaks 22:44 < kokozedman> Olipro: of course, persist-tun 22:45 < Olipro> is any NAT involved? 22:45 < kokozedman> i'm looking for some ways of shortning the negotiation time ... 22:45 < kokozedman> yes, NAT for sure 22:45 < Olipro> within the tunnel? 22:45 < ZBandit> I'm new to the VPN world.... Got a few quick questions I can't find the answer to..... #1 - if a local network is on the 192.168.0.x class, can openvpn be configured so when an outside machine logs in, it can have the same class ip? 22:45 < kokozedman> i mean, the first time it negotiates, it's fine if it takes a long time... but for the subsequent reconnects... i think it should be quicker 22:46 < Olipro> if you use the MASQUERADE target, it will deliberately forget all connections once it sees the interface go down 22:46 < Olipro> which, no matter how fast OpenVPN connects, will kill connections 22:46 < Olipro> *reconnects 22:46 < kokozedman> Olipro: within the tunnel is MASQUERADE ... but the link established with the tunnel is through direct ppp 22:46 < Olipro> ok, stop using MASQUERADE 22:47 < rob0> there should be no need for NAT within the tunnel, only if using redirect_gateway and assigning RFC 1918 addresses. 22:47 < Olipro> like I just said, you could have OpenVPN reconnecting in 10 millisecond 22:47 < Olipro> it would STILL kill all your connections 22:47 < rob0> and that nat only is needed for traffic leaving the vpn 22:47 < Olipro> switch to SNAT, or better yet, stop using NAT completely 22:47 < rob0> !route 22:47 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT or (#3) See !tcpip for more info about a more basic networking guide 22:48 < rob0> ZBandit, "192.168.0.x class" means what? 22:48 < kokozedman> hmm... thing is, the tun0 never goes down... and MASQUERADE is ON IT 22:48 < kokozedman> tun0 never goes down, on server, on clients ... so, i don't think MASQUERADE is a problem 22:49 < Olipro> you'll never find out unless you switch 22:49 < Olipro> and I honestly see no reason not to switch 22:49 < ZBandit> rob0: I want to have a small block of ip's set aside for outside machines... 192.168.0.200-210. All the rest of the local lan uses .1-.100 22:49 < rob0> still, the fact that you are using NAT where NAT should not be needed: that is a problem 22:49 < h4x0r`> so can i change the tap32 driver name that shows in ipconfig? anyone know how? 22:49 < Olipro> well, if his server isn't his to control, and/or it's in multi-client mode 22:49 < kokozedman> as for OpenVPN connecting to the server, it is set to persiste, and every-5 seconds it tries, but the tun0 is still on .... then after about 10 seconds, the transfers begin to flow again 22:49 < Olipro> routing to clients behind a peer can be problematinc 22:49 < Olipro> *problematic 22:50 < rob0> ZBandit, first, when designing networks, use CIDR boundaries, not decimal ones. In the long run you will be glad you did. 22:50 < Olipro> kokozedman: I believe it persists the interface but netfilter knows the interface isn't actually connected 22:50 < kokozedman> rob0: why should NAT not be needed here? it's forwarding internet you know... the 10.8.0.1 is the gateway here 22:50 < rob0> Second, see the /topic and the howto 22:51 < Olipro> because you have the entirety of RFC1918 space to play with 22:51 < Olipro> NAT from RFC1918 space to a public address? sure 22:51 < ZBandit> k 22:51 < Olipro> from RFC1918 to another RFC1918? No. 22:52 < rob0> koko, as I said, use NAT from RFC1918-->world but not ^^ 22:52 < ZBandit> so .193-254 22:52 < Olipro> otherwise it's essentially double NAT 22:52 < kokozedman> Olipro: the connections DOES NOT break sometimes ... that is, if openvpn reconnects quick (sometimes it does) ... but it breaks if it takes too long; so, i'm guessing there is no MASQUERADE or netfilter problem here, just the TCP stack timing-out after some time 22:52 < Olipro> you're guessing 22:52 < Olipro> if you just want to guess because you can't be bothered (or don't know how) to use SNAT, that's your problem, not mine 22:53 < Olipro> then again, you don't know how to route either 22:53 < rob0> ZBandit, 192-207 would be 192.168.0.192/28 22:53 < kokozedman> alright man, not that i don't want to check it, but simply that i'm sure nothing breaks in-between ... only need to shorten the amount of time for reconnects 22:53 < rob0> ZBandit, also, 192.168.0-2 are common choices, you might be better off choosing a less common network 22:54 < rob0> 172.16.0.0/12 has lots of rarely-chosen networks 22:54 < Olipro> 172.12.0.0/12 is a good candidate 22:55 < Olipro> *16 22:55 < ZBandit> ok got it 22:56 < Olipro> kokozedman: to know /definitively/ you could get conntrack tools (or continuously dump from proc) and observe the conntrack table 22:56 < Olipro> trigger the reconnect and see if it forgets NATted connections or not 22:56 < rob0> afk 22:57 < kokozedman> Olipro: hmm... i have no idea what is all that... 22:57 < kokozedman> some wikis? articles? 22:58 < h4x0r`> guys 22:59 < h4x0r`> how can i change this in the source code - TAP-Win32 Provider V9 22:59 < Olipro> install conntrack tools, read the manpages? 22:59 < h4x0r`> or is that non compliant 23:00 < Olipro> do you not have something that will do a "Find in Files" for you 23:00 < Olipro> heck, Windows should have that built in 23:00 < h4x0r`> ur right lol 23:01 < h4x0r`> hoping its in the oem inf 23:03 < h4x0r`> yup - sure is :D 23:03 <@vpnHelper> RSS Update - forum: Newbee Help Please 23:08 < kokozedman> Olipro: sorry for the probably silly question, but where do i get that installed? the platform on which the openvpn client is running is on an openwrt router... and right now, i'm connected to the internet thru the router (which is taking internet from openvpn) 23:13 < Olipro> use opkg or luci 23:13 < Olipro> it's called conntrack-tools I believe 23:14 < Olipro> except, OpenWRT doesn't provide manpages 23:14 < Olipro> so if you don't know how to use it 23:14 < Olipro> I'd start with google 23:14 < Olipro> or install it on a major linux distro 23:15 < Olipro> i.e. one not designed for embedded systems 23:16 <@vpnHelper> RSS Update - forum: DNS issues 23:20 -!- jameslordhz [~jack@125.109.172.245] has quit [Ping timeout: 240 seconds] 23:30 -!- corretico [~luis@190.211.93.11] has quit [Ping timeout: 255 seconds] 23:34 -!- jameslordhz [~jack@220.190.19.70] has joined #openvpn 23:35 -!- h4x0r` [~h4x0r@unaffiliated/respekt] has quit [] 23:42 -!- h4x0r` [~h4x0r@unaffiliated/respekt] has joined #openvpn 23:42 < h4x0r`> :) 23:42 < h4x0r`> Niiiice.. --- Day changed Sun Jan 22 2012 00:04 < h4x0r`> ive got my openvpn driver installed - should this bring up the device? 00:04 < h4x0r`> netsh interface ip set address static 10.3.0.1 255.255.255.0 00:22 -!- kokozedman [607fb67a@gateway/web/freenode/ip.96.127.182.122] has quit [Ping timeout: 264 seconds] 00:32 -!- h4x0r` [~h4x0r@unaffiliated/respekt] has quit [] 01:01 -!- ZBandit [~wjones@66.148.253.114.nw.nuvox.net] has left #openvpn [] 01:11 < hyper_ch> krzee: dazo_afk: you know this: http://www.peervpn.net/ 01:11 <@vpnHelper> Title: PeerVPN - the open source peer-to-peer VPN (at www.peervpn.net) 01:14 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 01:17 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 01:21 -!- Gravitron [~admin@64.93.224.242] has joined #openvpn 01:21 -!- Gravitron [~admin@64.93.224.242] has quit [Changing host] 01:21 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 01:25 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Ping timeout: 244 seconds] 01:29 -!- h4x0r` [~h4x0r@unaffiliated/respekt] has joined #openvpn 01:31 < h4x0r`> hey guys, so is this the right way to get the tap32 device up? netsh interface ip set address static 10.3.0.1 255.255.255.0 01:52 -!- mjbots [~thutomj@168.167.176.49] has quit [Ping timeout: 252 seconds] 01:58 < h4x0r`> the idea was to use a ssh tunnel and the driver to enable systemwide tunnelling.. 02:11 -!- mjbots [~thutomj@168.167.176.49] has joined #openvpn 02:16 <+EugeneKay> h4x0r` - to be frank, "wtf r u doin?" 02:17 < h4x0r`> lulz 02:17 < h4x0r`> ok 02:19 < h4x0r`> well i was thinking about using the driver tap-win32 from openvpn sources 02:19 < h4x0r`> to make my own personal local network with ssh/vpn 02:19 < h4x0r`> so ive built the driver, but not sure how to bring the interface up 02:21 <+EugeneKay> A-huh. 02:22 <+EugeneKay> While I commend you on your haxing ability(seriously, that's pretty cool), I think it's a waste of time if you're doing it as anything other than an academic exercise. 02:22 < Olipro> you do realise the driver on its own just exposes an API? 02:22 < Olipro> you need to actual userspace program to feed packets into it 02:22 < Olipro> such as oooh err... OPENVPN 02:22 <+EugeneKay> As for how to up/down an interface on Windows, I haven't' a bloody clue. I just right-click the bugger and hit "Disable" 02:23 < h4x0r`> yes im writing the program 02:23 < h4x0r`> lol@disable.. 02:23 < Olipro> the TAP interface brings itself up when a userspace program brings it up 02:23 < h4x0r`> yes thats what im looking into now 02:25 < Olipro> I'm still not clear on why you want a custom driver for this 02:25 < Olipro> there's nothing stopping you from operating OpenVPN over a LAN 02:25 < Olipro> whether encrypted or not 02:25 < hyper_ch> hi EugeneKay 02:25 <+EugeneKay> Rawr 02:26 < hyper_ch> EugeneKay: you know this? http://www.peervpn.net/ 02:26 <@vpnHelper> Title: PeerVPN - the open source peer-to-peer VPN (at www.peervpn.net) 02:26 <+EugeneKay> I do not. 02:26 < h4x0r`> Olipro, ive noticed a lot of openvpn clients bring up the client and push all internet traffic throught the vpn 02:26 < hyper_ch> EugeneKay: get to know it and give me your thoughts :) 02:26 < h4x0r`> i find this far more awesome than using a socks5 http tunnel for example 02:26 < Olipro> h4x0r`: that has NOTHING to do with OpenVPN or the driver you've just compiled 02:27 < Olipro> OpenVPN will do /nothing/ whatsoever to your OS's routing table unless instructed to 02:27 <+EugeneKay> Looks like Tor, but without all the Tor stuff. 02:27 -!- Gnewt [~vector@submarine.gnewt.at] has quit [Ping timeout: 255 seconds] 02:28 < h4x0r`> Olipro, im not sure what you're getting at 02:28 < Olipro> if that's the real basis for you compiling that driver, you've just completely wasted your time 02:28 < h4x0r`> id like to run a vpn with the driver 02:28 <+EugeneKay> While I commend you on your haxing ability(seriously, that's pretty cool), I think it's a waste of time if you're doing it as anything other than an academic exercise. 02:28 < Olipro> you can open a VPN tunnel with OpenVPN without making a single damn change to your routing 02:29 < Olipro> if you WANT to route a prefix, however large or small, you can 02:29 < Olipro> you are wasting your time here completely 02:29 < h4x0r`> na mate 02:29 < h4x0r`> ur off by a mile 02:29 < h4x0r`> i want to use the driver for a vpn 02:29 < Olipro> right, but what is it that OpenVPN can't do for you 02:30 < h4x0r`> i wouldnt be here if it couldnt do anything for me 02:30 < Olipro> that wasn't what I asked 02:30 < h4x0r`> this is very cryptic 02:30 <+EugeneKay> !notopenvpn 02:30 <@vpnHelper> "notopenvpn" is your problem is not about openvpn, and while we try to be helpful, you may have a better chance of finding your answer if you ask your question in a channel related to your problem 02:30 < Olipro> I asked what it is that OpenVPN can't do for you that you think you need to compile a custom driver and userspace program for 02:30 < h4x0r`> ohhh 02:31 < h4x0r`> na, im just coding my own client :s 02:31 <+EugeneKay> This is a OpenVPN userspace support channel. I'm not sure what you're doing, but it really isn't..... relavent. 02:31 < Olipro> well if you want to reinvent the wheel for the heck of it, by all means 02:31 < h4x0r`> relevant* 02:31 < Olipro> but that wasn't what you were implying 02:31 < h4x0r`> yeah its just a program i feel like coding, and i just want to use the driver lol 02:32 < h4x0r`> its interesting.. nevermind.. 02:33 <+EugeneKay> Interesing, yes. Something we can help you with, no. ;-) 02:35 < h4x0r`> maybe :p 02:35 -!- h4x0r` [~h4x0r@unaffiliated/respekt] has quit [] 02:39 -!- koaschten [~koaschten@31-16-0-231-dynip.superkabel.de] has quit [Ping timeout: 244 seconds] 02:46 -!- Gnewt [~vector@submarine.gnewt.at] has joined #openvpn 02:47 -!- Gnewt [~vector@submarine.gnewt.at] has quit [Read error: Connection reset by peer] 02:50 -!- jameslordhz [~jack@220.190.19.70] has quit [Ping timeout: 240 seconds] 02:51 -!- axelm7 [~axelm7@186.135.14.163] has joined #openvpn 02:55 -!- axelm7 [~axelm7@186.135.14.163] has quit [Ping timeout: 240 seconds] 03:04 -!- jameslordhz [~jack@125.109.161.106] has joined #openvpn 03:06 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 03:12 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 03:17 -!- jameslordhz [~jack@125.109.161.106] has quit [Ping timeout: 248 seconds] 03:45 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has joined #openvpn 04:12 -!- thutomj_ [~thutomj@168.167.176.49] has joined #openvpn 04:15 -!- mjbots [~thutomj@168.167.176.49] has quit [Ping timeout: 260 seconds] 04:20 -!- master_of_master [~master_of@p57B55616.dip.t-dialin.net] has quit [Read error: Operation timed out] 04:24 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has quit [Quit: This computer has gone to sleep] 04:25 -!- master_of_master [~master_of@p57B537F5.dip.t-dialin.net] has joined #openvpn 04:30 <@vpnHelper> RSS Update - forum: Problems with OpenVPN 2.2.2 on Windows Server 04:50 -!- jameslordhz [~jack@125.109.161.106] has joined #openvpn 05:11 -!- Diffen [~diffen@78-82-119-12.tn.glocalnet.net] has joined #openvpn 05:19 -!- wat [~watter@host134.186-125-77.telecom.net.ar] has quit [Ping timeout: 240 seconds] 05:22 -!- X0Rc0re [~chatzilla@124-169-86-8.dyn.iinet.net.au] has joined #openvpn 05:33 -!- wat [~watter@host47.200-45-225.telecom.net.ar] has joined #openvpn 05:40 -!- h4x0r` [h4x0r@79.133.201.85] has joined #openvpn 05:40 -!- h4x0r` [h4x0r@79.133.201.85] has quit [Changing host] 05:40 -!- h4x0r` [h4x0r@unaffiliated/respekt] has joined #openvpn 05:44 -!- wat [~watter@host47.200-45-225.telecom.net.ar] has quit [Ping timeout: 240 seconds] 05:50 -!- X0Rc0re [~chatzilla@124-169-86-8.dyn.iinet.net.au] has quit [Quit: ChatZilla 0.9.88 [Firefox 8.0.1/20111120135848]] 05:58 -!- wat [~watter@host56.201-252-192.telecom.net.ar] has joined #openvpn 06:03 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn 06:03 -!- mode/#openvpn [+v s7r] by ChanServ 06:08 -!- wat [~watter@host56.201-252-192.telecom.net.ar] has quit [Ping timeout: 240 seconds] 06:09 -!- h4x0r` [h4x0r@unaffiliated/respekt] has quit [] 06:10 -!- h4x0r` [h4x0r@79.133.201.85] has joined #openvpn 06:10 -!- h4x0r` [h4x0r@79.133.201.85] has quit [Changing host] 06:10 -!- h4x0r` [h4x0r@unaffiliated/respekt] has joined #openvpn 06:10 -!- h4x0r` [h4x0r@unaffiliated/respekt] has quit [Remote host closed the connection] 06:19 -!- Araluccl1 [~lallo@151.77.96.58] has joined #openvpn 06:21 -!- wat [~watter@host44.186-125-76.telecom.net.ar] has joined #openvpn 06:22 -!- Araluccl0 [~lallo@151.77.221.143] has quit [Ping timeout: 252 seconds] 06:26 -!- Denial [Denial@drgi.co.uk] has joined #openvpn 06:30 < hyper_ch> where's my krzee and dazo_afk :( 06:30 < hyper_ch> hi mattock 06:41 <+EugeneKay> Hiding. 06:43 -!- Araluccl0 [~lallo@151.77.137.198] has joined #openvpn 06:45 -!- Araluccl1 [~lallo@151.77.96.58] has quit [Ping timeout: 252 seconds] 06:46 <+s7r> with static key I can only use 1 client and 1 server at a time? 06:46 <+s7r> i can't have 3 clients on one server each with static keyts? 06:46 <+s7r> keys* 06:49 < hyper_ch> you can have multiple clients connecting with the same key 06:49 < hyper_ch> but that's bad 06:49 < hyper_ch> but you can make new keys 06:50 <+s7r> can each client have its own key ? 06:50 <+s7r> and connect one at a time anytime? 06:51 < hyper_ch> you can have multiple clients connecting with the same key at the same time 06:51 < hyper_ch> but that's bad 06:51 < hyper_ch> but you can make new keys for each client 06:52 <+s7r> how? 06:52 < hyper_ch> !pki 06:52 <@vpnHelper> "pki" is (#1) http://openvpn.net/index.php/open-source/documentation/howto.html#pki for how to make your PKI stuff (ca, and certs) or (#2) Heres a basic rundown of how it works... The server, client, and ca certs are all signed by the same ca.key. The server and client use the ca.crt to check that eachother were signed by the right ca.key. Optionally, the client also checks that the server cert was 06:52 <@vpnHelper> signed specially as a server (see !servercert) 07:00 -!- h4x0r` [~h4x0r@CPE-120-146-170-159.static.qld.bigpond.net.au] has joined #openvpn 07:00 -!- h4x0r` [~h4x0r@CPE-120-146-170-159.static.qld.bigpond.net.au] has quit [Changing host] 07:00 -!- h4x0r` [~h4x0r@unaffiliated/respekt] has joined #openvpn 07:02 -!- h4x0r` [~h4x0r@unaffiliated/respekt] has quit [Client Quit] 07:05 -!- axelm7 [axelm7@186.135.14.163] has joined #openvpn 07:10 -!- wat [~watter@host44.186-125-76.telecom.net.ar] has quit [Ping timeout: 240 seconds] 07:24 -!- wat [~watter@host176.200-82-62.telecom.net.ar] has joined #openvpn 07:31 -!- Araluccl1 [~lallo@151.77.141.231] has joined #openvpn 07:34 -!- Araluccl0 [~lallo@151.77.137.198] has quit [Ping timeout: 252 seconds] 07:34 -!- Araluccl0 [~lallo@151.77.238.190] has joined #openvpn 07:35 -!- Araluccl1 [~lallo@151.77.141.231] has quit [Ping timeout: 252 seconds] 07:41 -!- Araluccl1 [~lallo@151.77.248.88] has joined #openvpn 07:43 -!- s7r [~s7r@openvpn/user/s7r] has left #openvpn [] 07:44 -!- Araluccl0 [~lallo@151.77.238.190] has quit [Ping timeout: 252 seconds] 07:46 -!- Araluccl0 [~lallo@151.77.249.113] has joined #openvpn 07:46 -!- Araluccl1 [~lallo@151.77.248.88] has quit [Ping timeout: 252 seconds] 08:07 -!- pierreghz [~pierreghz@cust-211-13-111-94.dyn.as47377.net] has joined #openvpn 08:30 -!- fonk [~fonk@unforgotten.de] has joined #openvpn 08:35 < fonk> Hi! I try to configure auth-ldap, but get "LDAP bind failed: Confidentiality required (confidentiality required)" - here's my ldap-config: http://nopaste.info/0bf8a18a6b.html What could be the problem? With ldaps and TLSEnable no, it works without problems, bur i'd like to use StartTLS 08:48 -!- Diffen [~diffen@78-82-119-12.tn.glocalnet.net] has quit [Quit: This computer has gone to sleep] 09:00 -!- Han [~han@unaffiliated/han] has joined #openvpn 09:01 < Han> Can I set the upload limit for a client? The client is on adsl and getting data is no problem, uploading is though. 09:02 < Han> It chokes the connection if I upload something over nfs. 09:03 -!- michaelgamble [~michaelga@CPE00195b25196b-CM001cea3dc820.cpe.net.cable.rogers.com] has joined #openvpn 09:03 < michaelgamble> hey anybody around? 09:04 < michaelgamble> I'm trying to figure out how to go about connecting to an openvpn server from a mac.. anyone have any experience with this? 09:07 < hyper_ch> yes 09:10 < michaelgamble> i logged into the https web gui of my openvpn server and i see they have an installer for mac.. however i can't seem to determine how old that installer is nor can i find client version info on google :p 09:10 < michaelgamble> the other thing is i see most tutorials say to use tunnelblick 09:11 < michaelgamble> any direction on how i figure out what client version is the newest / or should i be using tunnelblick? 09:14 < michaelgamble> i apologize for the berage of questions, last time i tried this prior to my last format i screwed it up and never was able to get it to work 09:17 -!- pierreghz [~pierreghz@cust-211-13-111-94.dyn.as47377.net] has quit [Ping timeout: 252 seconds] 09:19 -!- thutomj_ [~thutomj@168.167.176.49] has quit [Ping timeout: 240 seconds] 09:22 < michaelgamble> sweet 09:22 < michaelgamble> i took a chance with the default openvpn osx installer and it worked without any issue 09:23 < michaelgamble> love when things work seemlesslhy 09:23 < ecrist> Essobi: what was it? 09:24 -!- ibins [~Michael@2001:6f8:1c60:7777:21a:4dff:fe66:600c] has joined #openvpn 09:27 < hyper_ch> hi ecrist 09:27 < ecrist> hi, hyper_ch 09:27 < hyper_ch> ecrist: you know this? http://www.peervpn.net/ 09:27 <@vpnHelper> Title: PeerVPN - the open source peer-to-peer VPN (at www.peervpn.net) 09:28 -!- wat [~watter@host176.200-82-62.telecom.net.ar] has quit [Ping timeout: 240 seconds] 09:28 < ecrist> hyper_ch: never heard of it, seems to have not been developed since 2009 though. 09:29 < hyper_ch> Well, in case it's perfected, it doesn't need to be maintained anymore 09:30 < ecrist> yeah, things don't work that way 09:31 < ibins> perfect software -> :-) 09:31 < ibins> But first: Hello" 09:32 < ibins> Does anybody have knowledge of OpenVPN plugins, that connect the management interface of OpenVPN to a bus system like dbus? 09:32 < hyper_ch> what management interface? 09:32 < ecrist> nope 09:32 < ecrist> ibins: what are you trying to do 09:32 < ibins> The management interface of OpenVPN 09:33 < hyper_ch> there is no openvpn management interface 09:33 < ecrist> hyper_ch: yes there is 09:33 < hyper_ch> IIRC 09:33 < hyper_ch> ecrist: LIES!!! 09:33 -!- mode/#openvpn [+o ecrist] by ChanServ 09:33 < ibins> I'm working on a minimalistic IPC-bus 09:33 -!- hyper_ch was kicked from #openvpn by ecrist [don't spread false information] 09:33 <@ecrist> !goal 09:33 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc 09:33 -!- hyper_ch [~hyper_ch@ks357331.kimsufi.com] has joined #openvpn 09:34 < ibins> The aim is to have a very small dbus 09:35 <@ecrist> the management interface can do some of what you might want, but I doubt all 09:35 < ibins> especially for embedded devices running a mini linux or even driven by a uC without any OS 09:35 <@ecrist> there is much useful information in the openvpn status log, and other actions can be done with client-connect and client-disconnect 09:37 < ibins> As far as I can see, there are two possibilities: 09:37 < ibins> a) create a separate process, that connects to the management interface of OpenVPN and to the dbus-like system 09:37 < ibins> b) create a OpenVPN-plugin, that connects direktly to the dbus-like system 09:38 -!- newl [~newl@97.75.165.156] has joined #openvpn 09:38 < ibins> The problem with a) is, that a separate process is not very nice. One has to start it, stop it and so on. 09:39 < ibins> The problem with b) is, that there are to view Hooks for the Plugins. 09:39 < ibins> Example: There is nothing, that could be use directly after starting the OpenVPN instance. 09:39 < newl> ibins: what do you want to do? 09:40 < ibins> The first callback to use is OPENVPN_PLUGIN_UP. 09:41 < ibins> newl: I want to connect OpenVPN to another system like dbus by creating some kind of software, that communicates via the OpenVPN management interface and the other system (like dbus) 09:42 -!- wat [~watter@host173.190-30-138.telecom.net.ar] has joined #openvpn 09:43 < ibins> hyper_ch: What did you mean? (before being kicked :-) 09:44 < newl> ibins why would you want to do that? 09:44 < newl> talking about crazy ^h^h^h new things sheds light on them 09:45 < ibins> Another process should be able to control OpenVPN. Example: 09:45 < ibins> Some kind of software watchdog should check, if an OpenVPN instance is still running. 09:46 < ibins> Or I want to retrive the routing table of the OpenVPN process and display it somewhere 09:46 < ibins> This is all possible with the --management option. 09:46 < ibins> But: 09:46 < newl> ps -efw and route run on a crond/atd ? 09:47 < ibins> I do not want to code shell scripts. 09:47 < ibins> This is thought to run on embedded devices like OpenWRT 09:48 < newl> the --management option is interesting 09:48 < ibins> DBus is too heavy, it needs expat (about 120kB) and libdbus.so is also about 240kB) 09:48 < ibins> So I decided to code my own little Inter Process Communications daemon 09:49 < ibins> OpenVPN is not the only instance, I want to control 09:50 < krzee> [07:47] I do not want to code shell scripts. 09:50 < krzee> [07:47] This is thought to run on embedded devices like OpenWRT 09:50 < krzee> fyi, openwrt runs shell scripts :-p 09:50 < ibins> krzee: yes, that why it is soooo slow 09:51 < krzee> openwrt running a shell script is too slow? 09:51 < ibins> OpenWRT itself is quite slow 09:51 < krzee> i run shell scripts from mine all the time, and my openwrt setups are anarexic on their hardware... the scripts run just fine 09:52 < ibins> How long does it take for your box to boot? 09:52 < krzee> the openwrt? 09:52 < ibins> Yes 09:52 < krzee> not sure, i just wait til the light stops, maybe 2 min or something 09:52 < krzee> cant say boot time weas ever that important for the router 09:52 < krzee> its not being rebooted so often 09:52 * ecrist starts to think ibins doesn't know what he's doing 09:55 < ibins> The bootup process is only an example. 09:55 < ibins> Lets set up another example: 09:56 < ibins> On your embedded device is a process, that controls LEDs. When OpenVPN is started, it should blink. If the tunnel is up, it should be on all the time 09:56 < newl> and ecrist is the winner 09:57 < axelm7> hi guys, got an issue here. openvpn 2.2.1 client running on a dd-wrt router. it is connected to my OpenVPN server just fine. After some time the client crashes on the router and obviously it looses the connection. 09:58 < ibins> Still interested? If not, then I save the effort of typing. 09:58 < axelm7> I would like to create a cron job on the router that does ps | grep openvpn and if there is no output it should restart the openvpn client. Can someone help me with the syntax for that command? 09:58 < newl> you gotta make _some_ sense with what you are saying 09:59 < ibins> newl: so I will continue: 10:00 <@ecrist> axelm7: it's pretty straight forward 10:00 < ibins> To get the LED controlling process the information, how to blink the LED, one could use the management interface of OpenVPN. 10:01 < ibins> Open a UDS socket, ask OpenVPN with "status" and interprete the answer. 10:01 < ibins> This would all be fine 10:01 < ibins> Now imagine a lot of such processes like the LED controling process 10:01 <@ecrist> axelm7: on my machine, I'd do: ps -p `cat /var/run/openvpn.pid` 10:01 <@ecrist> if that exits 1, openvpn isn't running 10:02 <@ecrist> if it exits 0, openvpn is running 10:02 < ibins> Would it not be fine, if all this IPC could be handled with some kind of messaging system, that all participants understand? 10:03 < newl> axelm7: if [ `ps | grep -c [o]penvpn` -eq 0 ]; then echo it is not running; fi 10:03 <@ecrist> ibins: for an LED like that, you really should tie to a kernel module which monitors the status of the tap or tun interface 10:04 < ibins> If it where only the LED information I wanted, this would be sufficient. But I also want all the other information of OpenVPN, like the IP adresses, routes.... 10:05 -!- wat232 [~watter@host105.190-30-138.telecom.net.ar] has joined #openvpn 10:05 <@ecrist> and, like I said, you can get that from the openvpn status log 10:05 < ibins> The tun device alone does not necessarily indicate, that the tunnel is up and running. 10:05 < ibins> grep on the log is possible 10:06 < ibins> All this would be possible in many possible ways. 10:06 < ibins> But I do not want to use shell scripts. 10:07 < ibins> Lets be silly and say, that we want to check every second, if a tunnel is up or not. 10:07 < ibins> We want a very accurate LED. 10:07 < ibins> This is nonsense, but let me continue: 10:07 < ibins> If you start a shell script every second, you burn a lot of CPU power and ram 10:08 -!- wat [~watter@host173.190-30-138.telecom.net.ar] has quit [Ping timeout: 240 seconds] 10:08 < ibins> Just initiating a process costs a lot of CPU power 10:09 < newl> you on a 286? or 8088? 10:09 <+EugeneKay> bash might be slow, so it's a good thing I'm not trying to run it on a TI-83 10:10 <+EugeneKay> If your openwrt has issues with cpu time being eaten up by a bash script, I think you have bigger problems. Like the 100mbit it's passing. 10:10 < ibins> I'm on a armv4 10:10 < ibins> 100 MBit/s are never possible on my device. 10:10 < ibins> Using certs I achive max 5 MBit/s with Blowfish 10:11 < ibins> I want to save as much CPU power for the important task: Communicating. 10:11 <+EugeneKay> I was speaking about the port itself, sans openvpn, but OK. 10:11 < ibins> The LED is fine, but it should cost as less CPU as possible 10:12 <+EugeneKay> While you're busy calculating the number of MIPS eaten up by a shell script that blinks a LED, the rest of us will be doing something useful. Like actually running our vpns ;-) 10:12 <@ecrist> indeed 10:12 <@ecrist> ibins: at this point, you're just wasting everyone's time 10:12 <@ecrist> feel free to leave any time. ;) 10:12 < ibins> OK. Sorry. 10:15 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Read error: Operation timed out] 10:16 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 10:16 < rob0> !sweet 10:16 <@vpnHelper> "sweet" is http://sweet.nodns4.us/ =( 10:17 < rob0> :) 10:23 -!- Azrael808 [~peter@dandlgreen.demon.co.uk] has joined #openvpn 10:31 < axelm7> newl, thanks a lot. ended up doing this: if [ `ps | grep -c [o]penvpn` -eq 0 ]; then openvpn --config /tmp/openvpncl/openvpn.conf ; fi & 10:31 < axelm7> now I need to set this up to run once every 5 mins in dd-wrt 10:32 < newl> dd-wrt can you get a crond on it? :) 10:35 -!- unixSnob [~unixSnob@212.117.169.230] has joined #openvpn 10:35 < unixSnob> How do you discover what DNS server is actually being queried? I have doubts about /etc/resolv.conf when tunneling.. Is there a definitive test that can be done? 10:35 < ibins> If you have no crond, you could start a shell script, that restart OpenVPN whenever it fails: http://pastebin.com/1tnL9dVx 10:36 < newl> unixSnob: nslookup www.ibm.com 10:38 < unixSnob> newl: does "server:" in that output refer to the DNS server? It shows my routers IP 10:38 <+EugeneKay> Yes. You'd think a "unix snob" would know that. 10:39 < unixSnob> this contradicts what the VPN admins told me 10:39 -!- Azrael808 [~peter@dandlgreen.demon.co.uk] has quit [Ping timeout: 248 seconds] 10:40 < unixSnob> some VPN admin said DNS automatically routes to the VPN server 10:40 <+EugeneKay> Well, they're wrong. 10:40 < unixSnob> but my router would not know where that is 10:41 <+EugeneKay> nslookup only tells you the resolver used by that particularly machine. If your router is doing a simple forward, then you'd have to rerun the test there. 10:41 <+EugeneKay> Even then, the underlying resolver might simply be forwarding. 10:42 < unixSnob> EugeneKay: the router actually gives its own IP address when I do a "nslookup www.ibm.com" 10:42 <+EugeneKay> I dunno where the client end of your openvpn is being terminated, so I dunno, 10:42 < unixSnob> it's not at the router.. it's on a machine on the LAN 10:43 <+EugeneKay> Mmmkay. Then you'll need to change the DNS server list somehow if you want to change it. :-p 10:43 <+EugeneKay> resolveconfd may be of interest 10:45 < unixSnob> is there a way to find out the IP of the VPN servers DNS server? When I ask the VPN provider what the DNS is, they insist that it's taken care of -- i cannot get a straight answer 10:47 < newl> unixSnob: i'm guessing they don't want you messing with their _working_ setup? why do you want to ? 10:48 < unixSnob> newl: they only support mac and windows. To use a GNU platform, I've dissected their app for the keys and configured openvpn to use them 10:49 < unixSnob> and it works -- but DNS is apparently outside the tunnel 10:50 -!- Tykling [tykling@er.tyk.nu] has joined #openvpn 10:52 < Tykling> hello gentlemen, I have a tun vpn between two freebsd 9 servers, I've specified "local" and "bind" and "lport" in the config but openvpn still connects from another IP and port, can someone help me figure out why ? 10:52 -!- Azrael808 [~peter@dandlgreen.demon.co.uk] has joined #openvpn 10:54 <@ecrist> !configs 10:54 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries 10:54 <@ecrist> !logs 10:54 <@vpnHelper> "logs" is (#1) is please pastebin your logfiles from both client and server with verb set to 5 or (#2) In Tunnelblick, right-click and select copy to copy log text to clipboard. 10:56 < newl> unixSnob: you used the nslookup www.ibm.com from your end of the tunnel ? and it worked? 10:58 < unixSnob> newl: it worked, i believe, however I don't ultimately know where the router is getting the DNS from. I suspect it's whatever dns the ISP sends w/ the DHCP data 10:59 < unixSnob> in any case, it seems to indicate that the DNS info is not coming from the VPN provider 11:00 < newl> check your cat /var/lib/dhcpcd/dhcpcd-wlan0.info 11:00 < newl> yfmv 11:02 < unixSnob> ty 11:03 -!- wat232 [~watter@host105.190-30-138.telecom.net.ar] has quit [Ping timeout: 240 seconds] 11:05 -!- p3rror [~mezgani@41.140.172.97] has quit [Ping timeout: 240 seconds] 11:10 -!- unixSnob [~unixSnob@212.117.169.230] has quit [Ping timeout: 245 seconds] 11:12 -!- unixSnob [~unixSnob@64.37.55.205] has joined #openvpn 11:12 -!- unixSnob [~unixSnob@64.37.55.205] has quit [Client Quit] 11:15 -!- axelm8 [axelm7@186.135.9.36] has joined #openvpn 11:16 -!- axelm7 [axelm7@186.135.14.163] has quit [Ping timeout: 255 seconds] 11:17 -!- wat232 [~watter@host143.200-82-66.telecom.net.ar] has joined #openvpn 11:37 <@vpnHelper> RSS Update - forum: Client can connect but has no access to the Internet 11:38 < axelm8> newl, there is a crond on my router. http://screencast.com/t/LLxHVTqRzz 11:39 <@vpnHelper> Title: 01.22.2012-14.38.34 - axelm7's library (at screencast.com) 11:51 -!- ibins [~Michael@2001:6f8:1c60:7777:21a:4dff:fe66:600c] has left #openvpn ["Verlassend"] 11:57 -!- SviMik [~pIRCuser8@131.250.35.213.dyn.estpak.ee] has joined #openvpn 11:59 < SviMik> Hi all. Does anybody know, how to redirect default gateway on linux client with internet access via PPPoE? 11:59 < SviMik> the log says: NOTE: unable to redirect default gateway -- Cannot read current default gateway from system 12:00 < SviMik> problem: I also can't figure out the gateway IP in PPPoE connection 12:01 < newl> getting a pppoe connection should do all that automatically 12:13 <@vpnHelper> RSS Update - forum: Restrict remote access across tunnel ! ? 12:15 < SviMik> newl no, pppoe connection already exists and works 12:16 < SviMik> I want openvpn over pppoe 12:16 < axelm8> so you have your wan connection on pppoe. I don't understand what that has to do with your tun adapter and your routing rules 12:17 < SviMik> but to keep openvpn connection, I need to redirect all traffic to openvpn server, EXCEPT openvpn connection itself 12:17 < SviMik> to do that, "redirect-gateway" should create route "remote_host 255.255.255.255 net_gateway" 12:18 < SviMik> and only then redirect all traffic 12:18 < axelm8> and apparently it is not 12:18 < SviMik> but what is net_gateway in case of pppoe? 12:19 < SviMik> openvpn can't find net_gateway, so redirect-gateway doesn't work 12:19 <@vpnHelper> RSS Update - forum: why ethernet bridge need ip address 12:19 < axelm8> I use pppoe on my dd-wrt router, let me see what adapters I have 12:20 -!- gremly [~gremly@200.106.218.64] has joined #openvpn 12:20 -!- gremly [~gremly@200.106.218.64] has quit [Client Quit] 12:20 < axelm8> my wan adapter is ppp0 12:22 < SviMik> axelm8 but which gateway should I use to direct traffic to ppp0 (if I need to do that manually)? 12:23 < axelm8> what does www.whatismyip.org say? 12:23 < axelm8> and what does route -n say? 12:24 < axelm8> and ifconfig 12:25 < SviMik> www.whatismyip.org shows my real IP 12:27 < SviMik> when I tried "route 0.0.0.0 0.0.0.0 vpn_gateway" - I lost internet connection, and openvpn also disconnected 12:28 < SviMik> when I use "redirect-gateway def1" - it doesn't work with error: unable to redirect default gateway -- Cannot read current default gateway from system 12:32 < axelm8> SviMik, I have no idea, sorry 12:33 < axelm8> what distribution are you running? 12:34 < SviMik> kubuntu 12:35 < SviMik> (not me actually... my client. I can't help him, because I don't have pppoe to reproduce this error) 12:36 < axelm8> I can run the openvpn client on my PPPoE router if you wish, but that's as far as I can go 12:36 < axelm8> maybe the routing table would be useful for you 12:38 * newl wonders why openvpn would care about it going over pppoe? 12:38 < axelm8> I ask myself the same question 12:42 < axelm8> newl, there's something I don't like about /bin/sh -c [ `ps | grep -c [o]penvpn` -eq 0 ]; then openvpn --config /tmp/openvpncl/openvpn.conf ; fi & 12:42 < SviMik> have you ever used redirect-gateway? 12:43 < axelm8> SviMik, nope. I find it does not scale properly with many clients 12:43 < SviMik> so this is the answer... I need somebody who understands, what redirect-gateway does :) 12:43 < axelm8> newl, the & at the end leaves sh running until openvpncl crashes again 12:44 -!- koaschten [~koaschten@31-16-0-231-dynip.superkabel.de] has joined #openvpn 12:44 < axelm8> ask the guys in #openvpn-as 12:45 < axelm8> how do I get the & to apply only to openvpn --config /tmp/openvpncl/openvpn.conf instead of the whole line 12:46 < axelm8> just put the & before ; fi ? 12:48 < newl> & ; fi :) 12:48 < newl> why do you need the & any way ?? 12:49 < axelm8> I thought the cron jobs were supposed to finish as quickly as possible so crond would go to the next item in the list. 12:49 < axelm8> Or are they forked? 12:51 < newl> remove the & 12:51 < axelm8> ok 12:51 < newl> and ps -efw you probably have tons started in the background by now 13:06 < axelm8> I think busybox ps does not support -e 13:06 < axelm8> I have removed the & anyways 13:34 -!- Azrael808 [~peter@dandlgreen.demon.co.uk] has quit [Ping timeout: 252 seconds] 13:38 < axelm8> newl, u there? 13:38 < axelm8> this command is not getting me the right output 13:38 < axelm8> nvram set cron_jobs="* * * * * if [ `ps | grep -c [o]penvpn` -eq 0 ]; then openvpn --config /tmp/openvpncl/openvpn.conf ; fi" 13:38 < axelm8> nvram commit 13:39 < axelm8> this is setting cron_jobs to cron_jobs=* * * * * if [ 2 -eq 0 ]; then openvpn --config /tmp/openvpncl/openvpn.conf ; fi 13:40 < axelm8> how do I make ps get executed by cron instead of by nvram set 13:40 < axelm8> double `` `` ? 13:41 -!- Araluccl1 [~lallo@151.77.184.77] has joined #openvpn 13:42 -!- Araluccl0 [~lallo@151.77.249.113] has quit [Read error: Connection reset by peer] 13:45 -!- SviMik [~pIRCuser8@131.250.35.213.dyn.estpak.ee] has quit [Quit: pIRC v2.2 < Personal IRC Team > http://ircworld.ru and http://xirc.ru/] 14:05 -!- p3rror [~mezgani@2001:470:1f0b:c66:1::2] has joined #openvpn 14:14 -!- `Ile` [~kvirc@79-101-144-185.dynamic.isp.telekom.rs] has joined #openvpn 14:18 < axelm8> \' worked 14:32 < newl> do you have a crontab file there? put the code in a script and then set the crontab entry to run the script - have you done crond before? 14:43 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has joined #openvpn 14:54 -!- p3rror [~mezgani@2001:470:1f0b:c66:1::2] has quit [Remote host closed the connection] 15:11 -!- parallel [~parallel@c-76-103-89-93.hsd1.ca.comcast.net] has joined #openvpn 15:13 -!- wat232 [~watter@host143.200-82-66.telecom.net.ar] has quit [Ping timeout: 240 seconds] 15:26 -!- wat232 [~watter@186.153.104.77] has joined #openvpn 15:38 -!- jpdude1995 [~johnpat@nj-71-2-36-131.dhcp.embarqhsd.net] has joined #openvpn 15:39 < jpdude1995> Can somebody help me setup a VPN on openvpn? 15:41 -!- newl [~newl@97.75.165.156] has left #openvpn [] 15:43 -!- h4x0r` [~h4x0r@CPE-120-146-170-159.static.qld.bigpond.net.au] has joined #openvpn 15:43 -!- h4x0r` [~h4x0r@CPE-120-146-170-159.static.qld.bigpond.net.au] has quit [Changing host] 15:43 -!- h4x0r` [~h4x0r@unaffiliated/respekt] has joined #openvpn 15:44 -!- jpdude1995 [~johnpat@nj-71-2-36-131.dhcp.embarqhsd.net] has left #openvpn [] 15:48 -!- `Ile` [~kvirc@79-101-144-185.dynamic.isp.telekom.rs] has quit [Remote host closed the connection] 16:04 -!- parallel [~parallel@c-76-103-89-93.hsd1.ca.comcast.net] has quit [Quit: Leaving] 16:16 -!- wat232 [~watter@186.153.104.77] has quit [Ping timeout: 240 seconds] 16:29 -!- wat232 [~watter@host26.201-252-204.telecom.net.ar] has joined #openvpn 16:36 -!- jpdude1995 [~johnpat@nj-71-2-36-131.dhcp.embarqhsd.net] has joined #openvpn 16:39 -!- markerx [~markerx@97-118-189-82.hlrn.qwest.net] has joined #openvpn 16:40 < markerx> Hey there! 16:41 < markerx> I am just beginning to explore installing OpenVPN on a Ubuntu VPS 16:41 < markerx> I was wondering if you can use Proxies to help hide the static IP of the VPS server? 16:48 -!- h4x0r` [~h4x0r@unaffiliated/respekt] has quit [] 16:49 -!- h4x0r` [~h4x0r@CPE-120-146-170-159.static.qld.bigpond.net.au] has joined #openvpn 16:49 -!- h4x0r` [~h4x0r@CPE-120-146-170-159.static.qld.bigpond.net.au] has quit [Excess Flood] 16:50 -!- h4x0r` [~h4x0r@CPE-120-146-170-159.static.qld.bigpond.net.au] has joined #openvpn 16:50 -!- h4x0r` [~h4x0r@CPE-120-146-170-159.static.qld.bigpond.net.au] has quit [Changing host] 16:50 -!- h4x0r` [~h4x0r@unaffiliated/respekt] has joined #openvpn 16:50 -!- h4x0r` [~h4x0r@unaffiliated/respekt] has left #openvpn [] 17:15 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has quit [Remote host closed the connection] 17:51 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 17:52 -!- tekzilla [~jon@hmbg-4d06a2b2.pool.mediaWays.net] has quit [Ping timeout: 252 seconds] 17:54 -!- tekzilla [~jon@hmbg-5f765103.pool.mediaWays.net] has joined #openvpn 18:21 -!- michaelgamble [~michaelga@CPE00195b25196b-CM001cea3dc820.cpe.net.cable.rogers.com] has quit [Quit: michaelgamble] 18:29 -!- axelm8 [axelm7@186.135.9.36] has quit [Ping timeout: 276 seconds] 18:41 <@vpnHelper> RSS Update - forum: OpenDNS and OpenVPN 18:42 -!- Denial [Denial@drgi.co.uk] has quit [] 18:44 -!- mgorbach [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has quit [Ping timeout: 276 seconds] 18:48 -!- mgorbach [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has joined #openvpn 19:04 <@ecrist> markerx: sure 19:05 <@ecrist> look in the man page for proxy 19:05 <@ecrist> iirc, openvpn supports both HTTP proxies as well as standard SOCKS proxying 19:10 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has joined #openvpn 19:13 -!- MikeW [~MW@ks35441.kimsufi.com] has joined #openvpn 19:14 < MikeW> Hey guys, is there any way to manually specify HTTP Auth basic credentials inside the openvpn configuration file rather than pointing the config to another file? 19:20 <@ecrist> no 19:24 < MikeW> Shame. Ok now to try to figure out why tunnelblick doesn't want to connect through the proxy 19:25 <@ecrist> I don't think tunnelblick cares much 19:25 <@ecrist> it just wraps the openvpn binary 19:26 < MikeW> yeah but I'm trying to trace down what it is that I'm doing wrong that doesn't make it with through the http proxy here 19:26 * ecrist thinks he's figured out how to use his own LDAP plugin for vB and still use existing hooks. 19:34 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has quit [Quit: This computer has gone to sleep] 19:35 < MikeW> How frustrating. Tunnelblick log says "openvpnstart status #242: Error: OpenVPN returned with status 1. Possible error in configuration file. See "All Messages" in Console for details" yet there isn't anything useful in the osx console 19:36 < MikeW> actually, there's nothing being written to the osx console :-/ 19:37 <@ecrist> they likely mean the openvpn console 19:37 <@ecrist> get tunnelblick out of the picture and use the CLI 19:38 <@ecrist> the binary itself is at /Applications/Tunnelblick.app/Contents/Resources/openvpn 19:41 -!- mgorbach [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has quit [Read error: Operation timed out] 19:41 -!- wat232 [~watter@host26.201-252-204.telecom.net.ar] has quit [Ping timeout: 240 seconds] 19:53 -!- wat232 [~watter@host112.201-252-208.telecom.net.ar] has joined #openvpn 19:55 < MikeW> oh I think I've figured it out. I'm using a vpn service that requires UDP to work but to work through a http proxy, proto tcp needs to be used. Doh 19:57 <@ecrist> doh 19:59 < MikeW> Shame that blackvpn require udp :/ 20:02 <@ecrist> !tcp 20:02 <@vpnHelper> "tcp" is (#1) Sometimes you cannot avoid tunneling over tcp, but if you can avoid it, DO. http://sites.inka.de/~bigred/devel/tcp-tcp.html Why TCP Over TCP Is A Bad Idea. or (#2) http://www.openvpn.net/papers/BLUG-talk/14.html for a presentation by James Yonan (OpenVPN lead developer) or (#3) if you must use tcp, you likely want --tcp-nodelay 20:05 < MikeW> yeah sadly my environment doesn't allow udp. :( 20:09 -!- mgorbach [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has joined #openvpn 20:22 -!- jpdude1995 [~johnpat@nj-71-2-36-131.dhcp.embarqhsd.net] has left #openvpn [] 20:26 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Quit: Computer has gone to sleep.] 20:29 <@vpnHelper> RSS Update - forum: openvpn client can't reconnect after server failure 20:45 -!- krzee [nobody@openvpn/community/support/krzee] has quit [Quit: This computer has gone to sleep] 20:58 -!- gremly [~gremly@200.106.218.64] has joined #openvpn 21:32 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 21:35 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 21:57 -!- gremly [~gremly@200.106.218.64] has quit [Quit: WeeChat 0.3.6] 21:58 -!- krzee [nobody@hemp.ircpimps.org] has joined #openvpn 21:58 -!- krzee [nobody@hemp.ircpimps.org] has quit [Changing host] 21:58 -!- krzee [nobody@openvpn/community/support/krzee] has joined #openvpn 22:06 <@vpnHelper> RSS Update - forum: Install OpenVPN [paying] 22:54 <@vpnHelper> RSS Update - forum: CreateProcess error 23:35 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 23:40 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn --- Day changed Mon Jan 23 2012 00:16 -!- markerx [~markerx@97-118-189-82.hlrn.qwest.net] has quit [Quit: markerx] 00:16 -!- markerx [~markerx@97-118-189-82.hlrn.qwest.net] has joined #openvpn 00:17 -!- markerx [~markerx@97-118-189-82.hlrn.qwest.net] has quit [Client Quit] 00:26 -!- axelm7 [~axelm7@186.135.9.36] has joined #openvpn 00:31 -!- axelm7 [~axelm7@186.135.9.36] has quit [Ping timeout: 276 seconds] 00:37 -!- markerx [~markerx@97-118-189-82.hlrn.qwest.net] has joined #openvpn 00:38 < markerx> Hi again! 00:38 < markerx> I few hour ago I ask: 00:39 < markerx> I am installing OpenVPN on a Ubuntu VPS, can you use Proxies to help hide the static IP of the VPS server? 00:39 < markerx> I see that you can specify a proxy in the server.conf file 00:39 < markerx> Can you rotate through a list of proxies? 00:45 <+EugeneKay> I'm not sure what you mean "specify a proxy", there's no such option I'm aware of for servers 00:45 <@vpnHelper> RSS Update - forum: Newbee Help Please 00:45 <+EugeneKay> You an use an HTTP proxy from the client, but that's "lulz" 00:46 < markerx> hmmm... 00:46 < markerx> How can you protect the IP of the VPS/OpenVPN server? 00:46 <+EugeneKay> OpenVPN is not an anonymity tool. You're thinking of Tor. 00:48 < markerx> I am probably being overly paranoid 00:49 < markerx> Just trying to lock down my household internet security 00:49 < markerx> without having to create a management headache 00:49 -!- troyt [~troyt@2001:1938:240:3000::3] has quit [Ping timeout: 252 seconds] 01:04 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has joined #openvpn 01:19 -!- reiffert_ is now known as reiffert 01:26 -!- dazo_afk is now known as dazo 01:26 <@vpnHelper> RSS Update - forum: TCP/UDP: Socket bind failed on local address already in use 01:40 -!- `Ile` [~Ile@kaniserver.net] has joined #openvpn 01:41 -!- Araluccl1 [~lallo@151.77.184.77] has quit [Quit: Anche il discorsismo ha un limitismo.] 01:41 -!- Araluccl0 [~lallo@151.77.184.77] has joined #openvpn 01:44 <@vpnHelper> RSS Update - forum: OpenVPN Linux Servers connecting Windows 2008 Domain || [SOLVED] TCP/UDP: Socket bind failed on local address alr... 01:56 -!- markerx [~markerx@97-118-189-82.hlrn.qwest.net] has quit [Quit: markerx] 02:14 <@vpnHelper> RSS Update - forum: There is a problem in your selection of --ifconfig endpoints 02:19 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has joined #openvpn 02:25 -!- Tykling [tykling@er.tyk.nu] has quit [Excess Flood] 02:28 -!- Tykling [tykling@er.tyk.nu] has joined #openvpn 02:35 -!- Tykling [tykling@er.tyk.nu] has quit [Excess Flood] 02:40 -!- Tykling [tykling@er.tyk.nu] has joined #openvpn 02:47 -!- Tykling [tykling@er.tyk.nu] has quit [Excess Flood] 02:49 -!- Tykling [tykling@er.tyk.nu] has joined #openvpn 02:52 -!- Tykling [tykling@er.tyk.nu] has quit [Excess Flood] 02:57 -!- Tykling [tykling@er.tyk.nu] has joined #openvpn 03:02 -!- zokko [bbajorek@unaffiliated/zokko] has left #openvpn [] 03:07 -!- Tykling [tykling@er.tyk.nu] has quit [Excess Flood] 03:10 -!- Tykling [tykling@er.tyk.nu] has joined #openvpn 03:12 -!- Tykling [tykling@er.tyk.nu] has quit [Excess Flood] 03:12 <@vpnHelper> RSS Update - forum: Static IP Windows Please 03:13 -!- Tykling [tykling@er.tyk.nu] has joined #openvpn 03:17 -!- Tykling [tykling@er.tyk.nu] has quit [Excess Flood] 03:18 <@vpnHelper> RSS Update - forum: Please help me with OPENVPN || Routed OpenVPN between two subnets 03:21 -!- Tykling [tykling@er.tyk.nu] has joined #openvpn 03:46 <@vpnHelper> RSS Update - forum: OpenDNS and OpenVPN 04:18 -!- koaschten [~koaschten@31-16-0-231-dynip.superkabel.de] has quit [Ping timeout: 244 seconds] 04:23 -!- master_of_master [~master_of@p57B537F5.dip.t-dialin.net] has quit [Read error: Operation timed out] 04:25 -!- master_of_master [~master_of@p57B52568.dip.t-dialin.net] has joined #openvpn 04:39 <@vpnHelper> RSS Update - forum: TLS Error: TLS key negotiation failed to occur within 60 sec 04:50 -!- noisebleed [~quassel@piggy.inescn.pt] has joined #openvpn 04:50 -!- noisebleed [~quassel@piggy.inescn.pt] has quit [Changing host] 04:50 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has joined #openvpn 04:55 -!- axelm7 [~axelm7@186.135.9.36] has joined #openvpn 05:00 -!- axelm8 [axelm7@186.135.9.36] has joined #openvpn 05:02 -!- axelm7 [~axelm7@186.135.9.36] has quit [Ping timeout: 276 seconds] 05:02 <@vpnHelper> RSS Update - forum: Specifying external IP pool and custom port per client. || Client can connect but has no access to the Internet 05:05 * EugeneKay crickets 05:16 < havoc> bah 05:29 -!- ragnar [~ragnar@bifrost.ninjatux.org] has joined #openvpn 05:31 < ragnar> RMon Jan 23 11:29:33 2012 us=515046 TLS Error: Unroutable control packet received from XX.xx.xx.xx:xxxxx (si=3 op=P_CONTROL_V1) 05:31 < ragnar> what does this mean exactly? 05:32 <@vpnHelper> RSS Update - forum: Please Review My Site : 05:35 -!- Denial [~Denial@drgi.co.uk] has joined #openvpn 05:45 -!- axelm8 [axelm7@186.135.9.36] has quit [Ping timeout: 276 seconds] 06:02 <@vpnHelper> RSS Update - forum: new vpn setup advice 06:04 -!- eddyst1 [~eddyst@p5085508E.dip0.t-ipconnect.de] has joined #openvpn 06:12 < eddyst1> I like to use a bridge configuration. The connection establishes and I can ping the server but no other clients behind the server. Is there a HOWTO trubleshute for such problems. 06:22 <+EugeneKay> !howto 06:22 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror 06:22 <+EugeneKay> !tunortap 06:22 <@vpnHelper> "tunortap" is (#1) you ONLY want tap if you need to pass layer2 traffic over the vpn (traffic destined for a MAC address). If you are using IP traffic you want tun. Dont waste the extra overhead. or (#2) and if your reason for wanting tap is windows shares, see !wins or (#3) also remember that if someone gets access to any side of a tap vpn they can use layer2 attacks like arp poisoning against you 06:22 <@vpnHelper> over the vpn or (#4) lan gaming? use tap! 06:23 -!- fr00d [~andi@unaffiliated/fr00d] has joined #openvpn 06:23 < fr00d> Hello! 06:23 <+EugeneKay> !hi 06:23 <+EugeneKay> Hrm, thought we had one of those. 06:23 < fr00d> What's the difference between using udp or tcp for openvpn connection? 06:24 <+EugeneKay> !tcp 06:24 <@vpnHelper> "tcp" is (#1) Sometimes you cannot avoid tunneling over tcp, but if you can avoid it, DO. http://sites.inka.de/~bigred/devel/tcp-tcp.html Why TCP Over TCP Is A Bad Idea. or (#2) http://www.openvpn.net/papers/BLUG-talk/14.html for a presentation by James Yonan (OpenVPN lead developer) or (#3) if you must use tcp, you likely want --tcp-nodelay 06:24 < fr00d> I have the problem that my client is not reachable via udp on the port openvpn delegates to use. 06:24 < fr00d> Ah, thanks. 06:25 -!- _julian_ [~quassel@hmbg-4d06f326.pool.mediaWays.net] has joined #openvpn 06:27 < fr00d> OK, I'll think about running two openvpn servers which use the same private network. They should be able to do dhcp from the same subnet, is that possible? 06:27 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has joined #openvpn 06:28 < fr00d> A workaround would be to use two subnets and route one into the other and vise versa. 06:28 <+EugeneKay> No, each (routed) openvpn tunnel should have a different subnet, tunnel device, etc. It's trivial to push a route for the other(or for a whole /20 block) down, though 06:29 <+EugeneKay> eg, I have 10.12.0.0/16 set aside for VPN links, and then a /20 out of that for each VPN server, and a /24 out of THAT for each actual openvpn instance. A bit of routing magic and --up scripts results in a HA system, with real-live hostnames. 06:30 < fr00d> This sound's great, so I need to play a bit more with openvpn... 06:30 < fr00d> Thanks for your help. 06:30 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Ping timeout: 252 seconds] 06:31 < eddyst1> !wins 06:31 <@vpnHelper> "wins" is http://oreilly.com/catalog/samba/chapter/book/ch07_03.html is a good link for seeing how to run WINS on samba 06:31 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 06:49 -!- p3rror [~mezgani@41.205.221.206] has joined #openvpn 06:55 < fr00d> Are there any problems with running two openvpn server instances on the same ip, on the same port the one via udp, the other via tcp? 06:57 < havoc> fr00d: nope 06:57 < havoc> I listen on udp:1194 and tcp:443 on 3 diff servers 06:57 < fr00d> perfect! 06:58 <@dazo> fr00d: no problems, but you should avoid having the same VPN subnet on those two instances, that will create some extra challenges ... but if separate subnets, no issues at all 06:58 < fr00d> Eh, no, I'd like to listen on udp:1194 and tcp:1194 on the same server with the same ip. ;) 06:58 < havoc> dazo: heh, that's exactly what I have planned, but haven't gotten to it yet 06:58 <@dazo> listening to tcp and udp ports on same port number and IP is very fine 06:58 < fr00d> I have set up seperate subnets and I will add network routes from one into the other net and vise versa. 06:58 < havoc> dazo: use same subnet, but on br0, where br0 = tun0 + tun1 06:59 <@dazo> havoc: you can't bridge tun ... only tap ;-) 06:59 < havoc> gah! 06:59 <@dazo> (bridges requires ethernet frames) 06:59 < havoc> dazo: thanks, I guess I either won't be bridging them, or I won't be converting to tun 06:59 < havoc> dazo: understood, thanks 06:59 < havoc> yeah, L2 device 06:59 <@dazo> yupp 07:00 < havoc> I'm all TAP now but was going to convert to TUN for performance, but with --topology subnet 07:00 < fr00d> The only challange is to update DNS accordingly to which port and according to this which subnet was chosen. 07:01 < fr00d> Wait, isn't there a way to do something like loadbalancing via dns to let one domainname point to two addresses? So the client should support to connect to the other address if the first doesn't answer. ;) 07:01 <@dazo> fr00d: if you look carefully at the different script hooks (search for SCRIPTING in man page), you'll find that --learn-address or --client-connect might help you out there 07:02 <@dazo> ahh ... you can in client configs add more --remote statements ... and even use --remote-random, to randomly select server to connect to 07:02 <@dazo> but I wouldn't load balance between tcp and udp, though 07:02 <@dazo> !tcp 07:02 <@vpnHelper> "tcp" is (#1) Sometimes you cannot avoid tunneling over tcp, but if you can avoid it, DO. http://sites.inka.de/~bigred/devel/tcp-tcp.html Why TCP Over TCP Is A Bad Idea. or (#2) http://www.openvpn.net/papers/BLUG-talk/14.html for a presentation by James Yonan (OpenVPN lead developer) or (#3) if you must use tcp, you likely want --tcp-nodelay 07:02 <@dazo> I'd recommend tcp as a fallback in cases where udp doesn't work 07:02 < fr00d> I do not want the client to loadbalance. 07:03 < fr00d> Each client can reach each other client in this vpn. 07:03 * dazo might have misunderstood what was supposed to be load balanced 07:03 < fr00d> I'd like to set up DNS very easy. So if I enter a DNS entry with two ips of the different subnets for each connected client they should be accessible. 07:04 <+EugeneKay> You need dynamic updates and a script to do that properly. 07:04 <@dazo> okay, you mean the internal DNS which connected VPN clients uses? 07:04 < fr00d> But for this I think I first need to read some more about loadbalancing. 07:04 <@dazo> fr00d: EugeneKay is right 07:04 < fr00d> Yes. 07:04 <+EugeneKay> "EugeneKay is right because EugeneKay is always right." 07:04 < fr00d> hehe 07:04 <@dazo> !learn EugeneKay as right because EugeneKay is always right. 07:04 <@vpnHelper> Joo got it. 07:04 <@dazo> !EugeneKay 07:04 <@vpnHelper> "EugeneKay" is right because EugeneKay is always right. 07:05 <@dazo> :-P 07:05 <+EugeneKay> :-D 07:05 < fr00d> hmm, well educated bot... :D 07:05 <@dazo> hehehe, yupp :) 07:06 < fr00d> So, I'll first have lunch and then, maybe playing a bit more around with openvpn. Thanks for your help. 07:07 < havoc> fr00d: you talking about round-robin DNS? 07:07 < havoc> e.g. vpn.domain.com = multiple IPs? 07:07 < havoc> if so that's just multiple A recs for same name in DNS 07:25 <@vpnHelper> RSS Update - forum: Took over the ovpn server, CA/Keys unknown. 07:25 < havoc> dazo: who runs the forums? 07:26 <@dazo> havoc: ecrist is having some responsibilities there 07:32 < havoc> just curious 07:32 < havoc> I know spam is a nightmare for any admin 07:32 < havoc> I saw more go by this morning 07:34 -!- rawtaz [~rawtaz@rho.hobbyhotellet.se] has joined #openvpn 07:35 < rawtaz> hi. im wondering if it is possible to shrink the ESXi virtual appliance a bit, so it doesnt take up 15 GB? im not sure what so much space is needed for 07:36 <@dazo> rawtaz: this isn't vmware support 07:36 < rawtaz> uh, i know that.. 07:37 <@dazo> rawtaz: then I presume you probably know that this channel is for OpenVPN community support too 07:37 < rawtaz> yep 07:38 < rawtaz> and if you read what i say, my question is very much openvpn related 07:38 < rawtaz> in fact, what it asks about is something that is provided from the openvpn side 07:38 < rawtaz> does this make sense? 07:38 <@dazo> Is that the Access Server stuff? 07:38 < rawtaz> yes sir 07:38 <@dazo> !as 07:38 <@vpnHelper> "as" is please go to #OpenVPN-AS for help with Access-Server 07:38 < rawtaz> okay, roger that 07:38 < rawtaz> thank you :) 07:38 <@dazo> this is the community side .... AS is the commercial side 07:39 < rawtaz> i failed to read the topic 07:39 -!- dkr [~dkr@67.132.255.16] has joined #openvpn 07:40 -!- gladiatr [~sdspence@openvpn/community/support/gladiatr] has joined #openvpn 07:41 <+EugeneKay> !read 07:41 <@vpnHelper> "read" is ive been known to overreact when people look for 2 minutes and ask me to explain it to them 07:41 < gladiatr> wheeee... happy 2012 07:41 <@ecrist> havoc: I'm the forum guy 07:42 < havoc> ecrist: I feel for you :( 07:42 < havoc> the spam seems on the rise lately 07:42 < gladiatr> havoc: it's not that bad. 07:42 < fr00d> havoc: Ah, ok. What happens if the client gets the ip which not responds? Does the client try the other one? 07:42 <@ecrist> the other mods do a good job of keeping it down, I think. 07:42 < havoc> ah, maybe I'm just noticing it more then 07:42 < krzee> its actually pretty constant 07:43 < krzee> but ya it seems to get caught by mods 07:43 < havoc> fr00d: if client retrys, and does another dns lookup for that retry, it should get the next IP 07:43 -!- axelm8 [~axelm7@186.135.8.52] has joined #openvpn 07:44 < krzee> havoc, you dont always get a new dns lookup 07:44 -!- gremly [~gremly@200.106.218.64] has joined #openvpn 07:44 < havoc> fr00d: ^^^^^ 07:44 < krzee> depends from system to system in my testing 07:44 < havoc> DNS round-robin may not work for you then 07:45 < krzee> i use multiple --remote entries for that reason 07:45 < fr00d> So, I need a setup which is a bit more complex until the request really gets to the client where it should go. 07:46 <@dazo> I think he wants to do some DNS RR stuff on the internal DNS for connected VPN clients ... to connect to the correct VPN client from another VPN client, via DNS host names .... 07:46 < havoc> fr00d: multiple --remote entries doesn't seem to complex 07:46 < havoc> dazo: ah 07:47 * dazo is still not sure he really caught it ... but hopes he is closer ... 07:47 < krzee> oh lol 07:47 < krzee> ya i didnt read the scroll 07:53 -!- axelm8 [~axelm7@186.135.8.52] has left #openvpn [] 07:55 <@dazo> ecrist: mattock: I've installed this captcha on another phpbb forum which got quite some spam a while ago. After this new captcha, all spam went away ... http://www.phpbbsmith.com/projects/phpbb3/photo-visual-confirmation.html 07:55 <@vpnHelper> Title: Photo Visual Confirmation phpBB Smith (at www.phpbbsmith.com) 07:56 <@ecrist> dazo - we're moving to vB anyway... 07:56 < fr00d> havoc: But I do not need multiple remote entries. I have one server with one port but want to use tcp and udp. Therefore I need two subnets. 07:57 <@dazo> ecrist: I know, but if it's much now ... this one kills it easily and efficiently ... took me less than an hour to get it working ... but that was without LDAP integration though 07:57 <@dazo> fr00d: what's a bit confusing for us is where you want the load balancing ... we don't really see how you want your setup to work, esp. in regards to the load balancing 08:01 <@vpnHelper> RSS Update - forum: Windows 7 x64, routing, DHCP and a unstable VPN 08:02 -!- eddyst1 [~eddyst@p5085508E.dip0.t-ipconnect.de] has left #openvpn [] 08:03 < fr00d> The client has to possibilities to connect to the vpn and each client should be able to reach each other client. This works. With the two networks for udp and tcp each client has the possibility to get an address of either the "udp"-subnet or the "tcp"-subnet. What I want to do is to make clients reachable via dns i.e. client1.vpn.mydomain.com. One possibility is to check the zonefile when the client connects and update it if nesseccary and the other ... 08:03 < fr00d> ... idea was to make the client accessible via the dns entry by adding more than one ip for one client. 08:09 <@ecrist> cron2: I've tagged a snapshot and it's pushed out to the ftp servers 08:13 <@vpnHelper> RSS Update - forum: Took over the ovpn server, CA/Keys unknown. 08:18 <@dazo> fr00d: sounds like dynamic dns updates is what you're looking for then ... so when a client connects, it will update the dns server with its client name and vpn IP address 08:19 <@dazo> fr00d: look at nsupdate 08:21 < fr00d> Yes I'm using nsupdate for dynamic dns entries. I'll have a try. 08:23 <@dazo> fr00d: if you already have things setup for nsupdate .... then it's a fairly simple script which can be used via --client-connect and --client-disconnect to add/delete IP addresses 08:24 <+EugeneKay> Pretty sure I said that an hour ago. :v 08:31 < fr00d> Maybe, but there the buzzword nsupdate was missing. 08:32 <+EugeneKay> You need dynamic updates and a script to do that properly. 08:32 <+EugeneKay> nsupdate is just a dynamic update client. :-p 08:39 < ragnar> RMon Jan 23 11:29:33 2012 us=515046 TLS Error: Unroutable control packet received from XX.xx.xx.xx:xxxxx (si=3 op=P_CONTROL_V1) 08:39 < ragnar> does any of you know what this means exactly? 08:40 <@ecrist> !logs 08:40 <@vpnHelper> "logs" is (#1) is please pastebin your logfiles from both client and server with verb set to 5 or (#2) In Tunnelblick, right-click and select copy to copy log text to clipboard. 08:41 -!- APTX [APTX@unaffiliated/aptx] has quit [Read error: Connection reset by peer] 08:42 < ragnar> ok 08:42 -!- APTX [APTX@unaffiliated/aptx] has joined #openvpn 08:45 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has joined #openvpn 08:50 -!- `Ile` [~Ile@kaniserver.net] has quit [Quit: KVIrc 4.1.3 Equilibrium http://www.kvirc.net/] 08:56 -!- misulicus [4f7357c6@gateway/web/freenode/ip.79.115.87.198] has joined #openvpn 08:57 -!- scampbell [~scampbell@c-98-224-240-62.hsd1.mi.comcast.net] has joined #openvpn 08:57 < misulicus> hey guys, just wanted to ask if someone can please take a quick look at my post here https://forums.openvpn.net/topic9671.html 08:57 -!- Gravitron [~admin@69.163.40.45] has joined #openvpn 08:57 <@vpnHelper> Title: OpenVPN Support Forum new vpn setup advice : Server Administration (at forums.openvpn.net) 08:57 -!- Gravitron [~admin@69.163.40.45] has quit [Changing host] 08:57 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 08:57 < misulicus> i`m trying to get answers today 09:01 <@vpnHelper> RSS Update - forum: need tun.ko 09:02 < misulicus> we assume that we will have to pay someone to get a server setup like that 09:08 <+EugeneKay> To be quite frank, there's no money in that. 09:08 <+EugeneKay> Plenty enough competition already. 09:09 < misulicus> yeah well we got the customers already, we just need the service to be setup 09:18 < misulicus> any idea who could do a setupt like this ? 09:29 < Olipro> presumably, you want the whole thing automated 09:30 < Olipro> so you need something integrated with your payment gateway to create and issue client certificates with expiration dates tied to however long their subscription is 09:30 < Olipro> not to mention that yes, you need a server located in the US with sufficient bandwidth to meet your demand 09:33 < krzee> no no you shouldnt need to expire the cert 09:33 < krzee> use secondary auth via db 09:33 < krzee> then the script can check expiration date as well 09:36 <+EugeneKay> I was about to say, changing certs every month of subscription is gonna get old quick 09:39 < Olipro> yeah, secondary auth and/or revocation would be sufficient 09:40 < Olipro> I suppose revocation could be preferable if you don't want the headache of having to worry about your DB backend going down 09:41 -!- p3rror [~mezgani@41.205.221.206] has quit [Remote host closed the connection] 09:43 <@vpnHelper> RSS Update - forum: any way to have log of users?? 09:51 -!- p3rror [~mezgani@41.137.254.45] has joined #openvpn 09:52 < misulicus> well i can handle the maine website and payment stuff 09:53 -!- koaschten [~koaschten@31-16-0-231-dynip.superkabel.de] has joined #openvpn 09:53 < misulicus> i do some php programming...but the vpn part where user logins and gets access to the vpn is out of my leaguea 09:54 < misulicus> like: http://www.privatetunnel.com/ 09:54 <@vpnHelper> Title: Private Tunnel - Your Private Tunnel to the Internet (at www.privatetunnel.com) 09:55 < misulicus> i guess i can do an easy check to see if the user has active subscription in my main site DB and if he does he is allowed to login 10:10 < misulicus> but the server side i cant do it 10:19 <@ecrist> misulicus: we aren't going to do this for you 10:19 < misulicus> i`m asking, willing to hire someone to do it : 10:19 <@ecrist> I read your post, and all you really need is a VPN server (or a few, really), some load balancing, an authentication back-end (LDAP) 10:19 <@ecrist> I'll do it for you for $285 USD per hour 10:20 <@ecrist> minimum of 40 hours, paid 50% in advance 10:25 < misulicus> way too much :( 10:28 < jeev> i'll do it for 275 10:28 < jeev> 39 hours. 10:28 <+EugeneKay> Those are fairly standard consulting rates for a job like this. If you find somebody that'll do it for substantially less ,they're probably clueless. 10:29 <+EugeneKay> Realistically, you need at least a part-time admin 10:30 <@ecrist> heh, 10:30 <@ecrist> build me a custom interface and tie that to a central authentication engine (and all the admin pages, since you obviously can't edit the raw LDAP/etc) and install and test, for LESS than $285/hr? You're crazy 10:31 < jeev> i said i'd do it for 275 10:31 <+EugeneKay> To say nothing of tying it into a billign system 10:32 <+EugeneKay> Like I said, no money in this. :-p 10:34 < misulicus> well most i`d be interested in setting up openvpn on a server first 10:36 -!- scampbell [~scampbell@c-98-224-240-62.hsd1.mi.comcast.net] has quit [Read error: Connection reset by peer] 10:38 <@ecrist> nobody's stopping you 10:38 <@ecrist> jeev: he'd need someone that knows what they're doing, disqualifying you automatically 10:38 -!- scampbell [~scampbell@c-98-224-240-62.hsd1.mi.comcast.net] has joined #openvpn 10:41 < misulicus> ecrist thats too much 10:42 <@ecrist> perhaps, but I won't do it for less 10:42 <@ecrist> figure it out yourself, or start asking good questions. :) 10:46 -!- troyt [~troyt@2001:1938:240:3000::3] has joined #openvpn 10:48 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has quit [Quit: Leaving] 10:56 -!- leno81 [~leno81@208.111.39.186] has joined #openvpn 10:56 < leno81> hi 10:56 < leno81> i can specify what port to use for connection to the server, but can i force the vpn to use a sepcific port on the client? 10:56 < leno81> specific* 10:56 <@dazo> leno81: look at --rport and --lport in the man page 10:56 <@dazo> !man 10:56 <@vpnHelper> "man" is (#1) http://openvpn.net/man for 2.0 manual or (#2) http://openvpn.net/man-beta.html for 2.1 manual or (#3) http://openvpn.net/index.php/open-source/documentation/manuals/427-openvpn-22.html for 2.2 manual or (#4) the man pages are your friend! 11:03 < havoc> need to add 2.2.x to the list on http://openvpn.net/index.php/open-source/documentation.html 11:03 <@vpnHelper> Title: Documentation (at openvpn.net) 11:04 < havoc> you can get to it through the "Manuals" parent category link, but a direct 2.2 link should be under it in addition to the direct links for 2.1 and 2.0 11:08 < leno81> so i just put --lport port in the client config? 11:18 -!- danniel [~leno81@208.111.39.186] has joined #openvpn 11:22 -!- leno81 [~leno81@208.111.39.186] has quit [Ping timeout: 272 seconds] 11:23 -!- raidz [~raidz@openvpn/corp/admin/andrew] has joined #openvpn 11:23 -!- mode/#openvpn [+o raidz] by ChanServ 11:23 -!- Dweezahr [~Dweezahr@flits102-34.flits.rug.nl] has quit [Ping timeout: 255 seconds] 11:24 -!- Dweezahr [~Dweezahr@flits102-34.flits.rug.nl] has joined #openvpn 11:33 -!- rawtaz [~rawtaz@rho.hobbyhotellet.se] has left #openvpn [] 11:36 <@vpnHelper> RSS Update - forum: Routed OpenVPN between two subnets 11:39 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Remote host closed the connection] 11:40 -!- danniel [~leno81@208.111.39.186] has quit [Ping timeout: 244 seconds] 11:42 <@vpnHelper> RSS Update - forum: Stopping the OpenVPN Daemon on OpenBSD 11:42 -!- leno81 [~leno81@208.111.39.186] has joined #openvpn 11:46 -!- markerx [~markerx@97-118-189-82.hlrn.qwest.net] has joined #openvpn 11:46 -!- Araluccl0 [~lallo@151.77.184.77] has quit [Read error: Connection reset by peer] 11:47 -!- leno81 [~leno81@208.111.39.186] has quit [Ping timeout: 252 seconds] 11:47 -!- dazo is now known as dazo_afk 11:48 -!- Araluccl0 [~lallo@151.77.143.50] has joined #openvpn 11:49 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 11:52 < crissi-> hello 11:53 < crissi-> i did some performance tests in lan and got very bad results (tap mode using udp, tap is bridged to another network interface) 11:54 < crissi-> tested version is 2.2.0 11:54 < crissi-> did someone ran in same problem too? 11:55 < crissi-> i got only 800k/s in 100mbit lan (encryption disabled, lzo disabled, fast-io on) 11:57 -!- misulicus [4f7357c6@gateway/web/freenode/ip.79.115.87.198] has quit [Quit: Page closed] 12:05 < Olipro> well something is evidently very wrong with your setup, yes 12:05 < Olipro> because I get higher throughput than that with all of the above turned /on/ 12:09 < crissi-> setup is: - - - - 12:10 < Olipro> you're running it over wireless LAN 12:10 < crissi-> yes 12:10 < crissi-> :-D 12:10 < crissi-> it should be possible to get more than 800k/s 12:11 < Olipro> it's not a 100Mbit LAN if you're connecting it over Wireless 12:11 < Olipro> plus you've made no mention of the involvement of say... NAT 12:11 < crissi-> i'll try via lan cable... and i'll report if its better 12:12 < crissi-> yes there is nat... at 12:12 < crissi-> but that should not kill so much speed 12:13 < Olipro> that largely depends on the speed of its processor 12:15 < crissi-> lan router and vpn client router both are mips brcm47xx (linksys wrt54l, ~ 200mhz) 12:15 < crissi-> but im sure that the cpu is not the problem on lan router 12:16 < Olipro> 200Mhz? bleh 12:17 < crissi-> yes 12:17 < Olipro> if the wifi encryption isn't offloaded, that would suck 12:17 < crissi-> wifi enc is off 12:17 < crissi-> -> cpu has no problem 12:17 <@ecrist> also, crissi-, you've told us nothing of your hardware. if you're running that on an old casio calculator watch, I'm impressed. 12:19 -!- troyt [~troyt@2001:1938:240:3000::3] has quit [Ping timeout: 260 seconds] 12:20 <@ecrist> crissi-: we routinely get 5 to 10 Mbps on an old Pentium 3. We get about 8Mbps on Atom 330 before it tips over 12:21 < crissi-> on box running openvpn client? 12:22 <@ecrist> sorry, I misquoted 12:22 <@ecrist> we get 8Mbps on a VIA 400MHz processor 12:22 <@ecrist> I was looking at the wrong box 12:23 -!- troyt [~troyt@2001:1938:240:3000::3] has joined #openvpn 12:24 < crissi-> i can try also with a 400mhz atheros mips 12:25 < crissi-> ecrist: which encrytion? tcp? udp? 12:25 <@ecrist> upd, with default encryption 12:25 <@ecrist> tap (bridged) 12:26 < crissi-> ok.. with encryption.. 12:26 < crissi-> btw: with cable... same results 12:27 <@ecrist> then your setup is screwy 12:29 < crissi-> with tcp the throughput is more worse :( 12:29 < crissi-> really strange. 12:29 <@ecrist> more worse? 12:29 < hyper_ch> ecrist: think different! - http://420.thrashbarg.net/acer_apple_mac_laptops_auditorium.jpg 12:29 <@ecrist> english your second language? 12:29 <@ecrist> !tcp 12:29 <@vpnHelper> "tcp" is (#1) Sometimes you cannot avoid tunneling over tcp, but if you can avoid it, DO. http://sites.inka.de/~bigred/devel/tcp-tcp.html Why TCP Over TCP Is A Bad Idea. or (#2) http://www.openvpn.net/papers/BLUG-talk/14.html for a presentation by James Yonan (OpenVPN lead developer) or (#3) if you must use tcp, you likely want --tcp-nodelay 12:30 <@ecrist> see that, crissi- 12:30 <@raidz> I might be reading this wrong but if you are running openvpn on a 400mhz mips processor than 800 kilobytes is pretty standard speedwise crissi- 12:30 < crissi-> right... that was the reason why i use udp. just for info 12:30 <@raidz> especially if it is using tun/natted and not bridged 12:30 < crissi-> 800k/s is on 200 mhz mips 12:31 < crissi-> :-D 12:31 <@raidz> than that is pretty darn good 12:31 <@raidz> wait kilobits? 12:32 < crissi-> kilobyte per second 12:32 <@raidz> ok cool 12:32 <@raidz> yeah that isn't bad 12:32 < crissi-> hm. 12:32 < crissi-> i dont think so. 12:32 <@raidz> these mips procs just aren't powerful enough 12:32 < crissi-> i have no encryption and udp is used 12:32 <@raidz> doesn't matter, its not encryption 12:33 < crissi-> cpu is at 77 percent on the mips box 12:33 <@raidz> I have tested on a 500mhz mips with and without encryption 12:33 <@raidz> with and without compression etc 12:33 < crissi-> right 12:33 <@raidz> and it maxes out the cpu at about 10mbits 12:33 <@raidz> encryption brings it down a bit, so does compression, but not by much 12:33 < crissi-> i'll check if the lan router is the bottleneck 12:34 <@raidz> these are just my findings, and what I have gathered from others 12:35 <@ecrist> raidz: we see the same 12:35 <@ecrist> a 400MHz mips falls over around 8Mbps 12:35 <@ecrist> having encryption enabled/disabled doesn't make much difference 12:36 < crissi-> no, the lan gateway (also 200mips with nat) had 18% cpu on 600/ks... slow 12:36 < crissi-> low cpu i would say 12:36 < crissi-> but... it would be nice to find a way to increase the speed 12:37 <@raidz> crissi-: I agree :-) I have talked to james and dazo, but it sounds like there might not be much luck, particularly since this runs in userspace 12:37 -!- gremly [~gremly@200.106.218.64] has quit [Quit: WeeChat 0.3.6] 12:37 < crissi-> it would save a lot of money 12:38 < crissi-> i'm root... so i can do nasty things on the box 12:38 <@raidz> I guess, although those small atom comps have pretty good specs for a pretty cheap price 12:38 < crissi-> btw: is running openwrt with kernel 2.4.37.9 12:39 <@raidz> Tomato v1.28.7494 MIPSR2-Toastman-RT K26 USB VPN 12:39 <@raidz> root@dontslam:/tmp/home/root# uname -a 12:39 <@raidz> Linux dontslam 2.6.22.19 #11 Mon Jan 16 23:37:46 ICT 2012 mips GNU/Linux 12:39 <@raidz> root@dontslam:/tmp/home/root# 12:39 <@raidz> Thats what I am running 12:40 < crissi-> http://paste.debian.net/153373/ <- vpn box 12:41 -!- krzee [nobody@openvpn/community/support/krzee] has quit [Quit: This computer has gone to sleep] 12:42 <@raidz> Yeah those speeds are not bad for that proc, like I said, I get around 10mbps on this: http://pastebin.com/u5ckw8Z0 12:43 <@raidz> I am tempted to get one of these and use it for openvpn: http://www.bestbuy.com/site/olstemplatemapper.jsp?id=pcat17080&type=page&qp=q70726f63657373696e6774696d653a3e313930302d30312d3031~~cabcat0500000%23%230%23%2311a~~cabcat0501000%23%230%23%2329~~nf994%7C%7C4e6574746f7020436f6d7075746572&list=y&nrp=15&sc=abComputerSP&sp=-bestsellingsort+skuid&usc=abcat0500000 12:43 <@vpnHelper> Title: Nettop Computer : Desktop & All-in-One Computers - BestBuy (at www.bestbuy.com) 12:48 -!- newl [~newl@97.75.165.156] has joined #openvpn 12:55 -!- markerx_ [~markerx@74.221.212.77] has joined #openvpn 12:56 -!- markerx [~markerx@97-118-189-82.hlrn.qwest.net] has quit [Ping timeout: 240 seconds] 12:56 < Olipro> ecrist: I've found you can get a lot better if you compile with GCC 4.5, -O2 and GCC Graphite framework built into your toolchain 12:56 -!- markerx_ is now known as markerx 12:58 <@vpnHelper> RSS Update - forum: Stopping the OpenVPN Daemon on OpenBSD 13:05 -!- krzee [nobody@openvpn/community/support/krzee] has joined #openvpn 13:14 -!- cyberspace- [20253@ninthfloor.org] has quit [Remote host closed the connection] 13:34 < reiffert> did I mention that ipsec sucks? 13:35 <@ecrist> reiffert: I thought that was common knowledge around these parts 13:36 < reiffert> ecrist: want to make a journey to Apple and tell them about openvpn? 13:40 <@vpnHelper> RSS Update - forum: SEO SUPPORT 13:42 < havoc> that looks spammy 13:43 <+EugeneKay> I think it's a case of outright ignorance 13:44 < havoc> ah 13:51 <@ecrist> we use an SEO module on the openvpn forum 13:51 <@vpnHelper> RSS Update - forum: SEO SUPPORT 13:51 <@ecrist> not sure what he was asking about, but it's locked now 13:51 <@ecrist> :) 13:58 -!- p3rror [~mezgani@41.137.254.45] has quit [Ping timeout: 272 seconds] 13:58 <+EugeneKay> I hate you, Group Policy. 14:04 <@ecrist> reiffert: are you talking about the iphone? 14:04 <@ecrist> openvpn works swimmingly on os x 14:06 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has quit [] 14:09 -!- newl [~newl@97.75.165.156] has left #openvpn [] 14:09 <@vpnHelper> RSS Update - forum: Specifying external IP pool and custom port per client. 14:32 -!- Han [~han@unaffiliated/han] has left #openvpn [] 15:19 -!- star314 [~star314@starnet1.sinh.us] has joined #openvpn 15:19 < Essobi> Does using TAP mean ALL traffic is routed across the VPN by default? 15:20 <+EugeneKay> No. 15:21 < Essobi> Hmm.. well where the hell is this default route coming from... 15:21 <+EugeneKay> !logs 15:21 <@vpnHelper> "logs" is (#1) is please pastebin your logfiles from both client and server with verb set to 5 or (#2) In Tunnelblick, right-click and select copy to copy log text to clipboard. 15:31 -!- APTX [APTX@unaffiliated/aptx] has quit [Read error: Connection reset by peer] 15:31 -!- APTX [APTX@unaffiliated/aptx] has joined #openvpn 15:33 <@ecrist> !configs 15:33 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries 15:33 <@ecrist> more appropriate ^^^ 15:35 -!- raidz [~raidz@openvpn/corp/admin/andrew] has quit [Ping timeout: 252 seconds] 15:35 -!- Netsplit *.net <-> *.split quits: APTX 15:35 -!- Netsplit over, joins: APTX 15:37 -!- raidz [~raidz@openvpn/corp/admin/andrew] has joined #openvpn 15:37 -!- mode/#openvpn [+o raidz] by ChanServ 15:49 < Essobi> ecrist: nm, thanks thou... 15:49 < Essobi> This stupid ubuntu vpn manager was doing weird sheit without telling me. 15:50 < Essobi> it had some uproute management script that decided I wanted to route everything, w/o asking me, or telling me it's the default.. 15:50 < Essobi> well gnome manager I should say I gues... 15:52 < Essobi> Is there a limit to the mnumber of routes I can push? 15:54 <@ecrist> gah 15:54 <@ecrist> !ubuntu 15:54 <@vpnHelper> "ubuntu" is dont use network manager! 15:55 <@ecrist> Essobi: at this point, I think it's like 1000 or so 15:55 < Essobi> lul.. no kidding. I'm re-tresting on blick now since we use that in prod. ;) 15:55 <@vpnHelper> RSS Update - forum: Client can connect but has no access to the Internet 15:55 < Essobi> ecrist: roger that 15:56 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Ping timeout: 240 seconds] 16:05 -!- troyt [~troyt@2001:1938:240:3000::3] has quit [Ping timeout: 260 seconds] 16:12 < Essobi> Ah, had to up max-routes on the clients too. 16:22 -!- troyt [~troyt@2001:1938:240:3000::3] has joined #openvpn 16:30 < Essobi> Awesome... seems tunnelblick stops working over 100 routes. :| 16:31 < Essobi> Seems I have some work to do.. 16:41 <+EugeneKay> Use less routes. :v 16:47 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has quit [Quit: This computer has gone to sleep] 16:55 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has quit [Remote host closed the connection] 16:55 -!- star314 [~star314@starnet1.sinh.us] has quit [Quit: Leaving] 16:55 -!- scampbell [~scampbell@c-98-224-240-62.hsd1.mi.comcast.net] has quit [Quit: Ex-Chat] 17:05 -!- markerx [~markerx@74.221.212.77] has quit [Quit: markerx] 17:08 -!- babble [~coyote@unaffiliated/coyote] has joined #openvpn 17:13 <@vpnHelper> RSS Update - forum: Please Review My Blog 17:20 < Essobi> EugeneKay: Thank you, Captain Obvious. :D 17:20 <+EugeneKay> Any time. 17:24 < Essobi> :D 17:31 <@vpnHelper> RSS Update - forum: Please Review My Blog 17:41 -!- gladiatr [~sdspence@openvpn/community/support/gladiatr] has quit [Quit: Leaving] 17:49 -!- Denial [~Denial@drgi.co.uk] has quit [] 17:51 -!- tekzilla [~jon@hmbg-5f765103.pool.mediaWays.net] has quit [Read error: Operation timed out] 17:56 -!- tekzilla [~jon@hmbg-4d06bf66.pool.mediaWays.net] has joined #openvpn 18:09 -!- Tykling [tykling@er.tyk.nu] has quit [Read error: Connection reset by peer] 18:10 -!- Haraken [~ryuk@unaffiliated/haraken] has quit [Ping timeout: 272 seconds] 18:10 -!- vereteran [~vereteran@static.88-198-170-117.clients.your-server.de] has quit [Excess Flood] 18:10 -!- raidz [~raidz@openvpn/corp/admin/andrew] has left #openvpn [] 18:10 -!- raidz [~raidz@openvpn/corp/admin/andrew] has joined #openvpn 18:10 -!- mode/#openvpn [+o raidz] by ChanServ 18:10 -!- Haraken [~ryuk@unaffiliated/haraken] has joined #openvpn 18:12 -!- vereteran [~vereteran@static.88-198-170-117.clients.your-server.de] has joined #openvpn 18:13 -!- Tykling [tykling@er.tyk.nu] has joined #openvpn 18:13 <+JodaZ> how can i speed up openvpn connection speed, it seems to spend 5 seconds on "TEST ROUTES:", how would i just disable that test ? 18:15 -!- meepmeep_ [meepmeep@there-is-no.endoftheinternet.org] has joined #openvpn 18:15 -!- amir__ [~amir@80-219-10-9.dclient.hispeed.ch] has joined #openvpn 18:15 -!- amir__ [~amir@80-219-10-9.dclient.hispeed.ch] has quit [Changing host] 18:15 -!- amir__ [~amir@unaffiliated/amir] has joined #openvpn 18:15 -!- master_o1_master [~master_of@p57B52568.dip.t-dialin.net] has joined #openvpn 18:15 -!- GHAI_ [~joti@cthulhu-isp.net] has joined #openvpn 18:15 -!- |Mike|_ [mike@vps-2a01-4f8-101-1c1-b23f-f6e5.twenty-five.nl] has joined #openvpn 18:16 -!- meepmeep [meepmeep@there-is-no.endoftheinternet.org] has quit [Ping timeout: 272 seconds] 18:16 -!- master_of_master [~master_of@p57B52568.dip.t-dialin.net] has quit [Ping timeout: 272 seconds] 18:16 -!- amir [~amir@unaffiliated/amir] has quit [Ping timeout: 272 seconds] 18:16 -!- GHAI [~joti@cthulhu-isp.net] has quit [Ping timeout: 272 seconds] 18:16 -!- |Mike| [mike@vps-2a01-4f8-101-1c1-b23f-f6e5.twenty-five.nl] has quit [Ping timeout: 272 seconds] 18:37 < Essobi> Yay, everything's working with the route changes. 18:37 < Essobi> w00t 18:45 -!- newl [~newl@97.75.165.156] has joined #openvpn 19:04 -!- troyt [~troyt@2001:1938:240:3000::3] has quit [Ping timeout: 245 seconds] 19:05 -!- krzie [nobody@openvpn/community/support/krzee] has joined #openvpn 19:06 -!- krzie [nobody@openvpn/community/support/krzee] has quit [Remote host closed the connection] 19:14 -!- krzee [nobody@openvpn/community/support/krzee] has quit [Quit: This computer has gone to sleep] 19:19 <@vpnHelper> RSS Update - forum: 192.168.113.3:1194 failed? Server errors on start up with co 19:40 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has joined #openvpn 19:40 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has quit [Changing host] 19:40 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 19:40 -!- mode/#openvpn [+v Axeman] by ChanServ 19:46 -!- _julian [~quassel@hmbg-4d068b5c.pool.mediaWays.net] has joined #openvpn 19:49 -!- _julian_ [~quassel@hmbg-4d06f326.pool.mediaWays.net] has quit [Ping timeout: 248 seconds] 19:51 < Intensity> I'm trying to use "--iproute alternate-command" in OpenVPN 2.2.2, but I get: Unrecognized option or missing parameter(s). Am I missing something? 19:52 -!- gardar2 [9d9d4da0@gateway/web/freenode/ip.157.157.77.160] has joined #openvpn 19:53 < gardar2> any op around? 19:53 <+EugeneKay> Several. 19:53 < gardar2> I'm wondering why my other nick is banned 19:53 <+EugeneKay> Not a clue. Perhaps somebody disagreed with you? 19:54 < gardar2> might be for the same reason I got banned on #firefox 19:55 < gardar2> had a lot of timeouts with my bnc being configured incorrectly 19:55 -!- mode/#openvpn [+o EugeneKay] by ChanServ 19:56 <@EugeneKay> It appears to be from way back in Nov, so I'll go ahead and lift it. Expect the wrath of dog if your connection wonks out :-p 19:56 -!- mode/#openvpn [-b *!*@gardar.net] by EugeneKay 19:56 < gardar2> Haha thanks :) 19:56 -!- mode/#openvpn [-o EugeneKay] by EugeneKay 19:56 -!- gardar2 [9d9d4da0@gateway/web/freenode/ip.157.157.77.160] has left #openvpn [] 19:56 -!- gardar [~gardar@gardar.net] has joined #openvpn 19:56 -!- krzee [nobody@hemp.ircpimps.org] has joined #openvpn 19:56 -!- krzee [nobody@hemp.ircpimps.org] has quit [Changing host] 19:56 -!- krzee [nobody@openvpn/community/support/krzee] has joined #openvpn 19:57 -!- newl [~newl@97.75.165.156] has left #openvpn [] 19:59 -!- troyt [~troyt@2001:1938:240:3000::3] has joined #openvpn 20:03 -!- troyt [~troyt@2001:1938:240:3000::3] has quit [Ping timeout: 252 seconds] 20:05 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 20:10 -!- troyt [~troyt@2001:1938:240:3000::3] has joined #openvpn 20:11 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 20:16 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Ping timeout: 245 seconds] 20:23 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Read error: Operation timed out] 20:25 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Quit: UnterPerro] 20:27 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 20:29 -!- Gravitron [~admin@64.93.224.182] has joined #openvpn 20:29 -!- Gravitron [~admin@64.93.224.182] has quit [Changing host] 20:29 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 20:29 -!- newl [~newl@97.75.165.156] has joined #openvpn 20:33 -!- oc80z [oc80z@blea.ch] has quit [Changing host] 20:33 -!- oc80z [oc80z@openvpn/user/oc80z] has joined #openvpn 20:51 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has joined #openvpn 20:58 -!- jameslordhz [~jack@125.109.161.106] has quit [Ping timeout: 240 seconds] 20:59 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Quit: UnterPerro] 21:08 -!- h4x0r` [~h4x0r@CPE-120-146-170-159.static.qld.bigpond.net.au] has joined #openvpn 21:08 -!- h4x0r` [~h4x0r@CPE-120-146-170-159.static.qld.bigpond.net.au] has quit [Changing host] 21:08 -!- h4x0r` [~h4x0r@unaffiliated/respekt] has joined #openvpn 21:12 -!- babble [~coyote@unaffiliated/coyote] has quit [Quit: Leaving] 21:14 -!- jameslordhz [~jack@125.109.164.178] has joined #openvpn 21:50 <@vpnHelper> RSS Update - forum: Deny admin user access to vpn 21:55 -!- newl [~newl@97.75.165.156] has left #openvpn [] 21:55 <@vpnHelper> RSS Update - forum: Windows 7 as OpenVPN server with redirect-gateway 22:00 -!- brandon [6176bd52@gateway/web/freenode/ip.97.118.189.82] has joined #openvpn 22:03 -!- gremly [~gremly@200.106.218.64] has joined #openvpn 22:11 -!- brandon [6176bd52@gateway/web/freenode/ip.97.118.189.82] has quit [Quit: Page closed] 22:11 <@vpnHelper> RSS Update - forum: Please Review My Site : 22:46 -!- zeshoem [~zee@108.162.156.19] has joined #openvpn 22:57 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 22:59 -!- wat232 [~watter@host112.201-252-208.telecom.net.ar] has quit [Ping timeout: 252 seconds] 23:03 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Quit: UnterPerro lives to save another day] 23:26 -!- sxONevilMACHINE [~chatzilla@68.153.102.55] has joined #openvpn 23:26 < sxONevilMACHINE> *noob question* how may layers of private nets is too many for a dyn DNS client to "pull" a link through 23:35 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 23:36 < Olipro> 42 23:38 < hyper_ch> 47 23:38 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 23:43 -!- gremly [~gremly@200.106.218.64] has quit [Quit: WeeChat 0.3.6] 23:48 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 23:48 -!- Araluccl0 [~lallo@151.77.143.50] has quit [Quit: Anche il discorsismo ha un limitismo.] 23:48 -!- Araluccl0 [~lallo@151.77.143.50] has joined #openvpn 23:58 -!- sxONevilMACHINE [~chatzilla@68.153.102.55] has left #openvpn [] --- Day changed Tue Jan 24 2012 00:09 <@vpnHelper> RSS Update - forum: Routing all client traffic (inc web-traffic) through the VPN 00:24 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Quit: UnterPerro] 00:38 -!- nutron [~nutron@24.67.96.21] has joined #openvpn 00:38 -!- nutron [~nutron@24.67.96.21] has quit [Changing host] 00:38 -!- nutron [~nutron@unaffiliated/nutron] has joined #openvpn 00:38 <@vpnHelper> RSS Update - forum: Client Windows 7 can't run ping 00:47 -!- nutron [~nutron@unaffiliated/nutron] has quit [Quit: I must go eat my cheese!] 00:48 -!- nutron [~nutron@24.67.96.21] has joined #openvpn 00:48 -!- nutron [~nutron@24.67.96.21] has quit [Changing host] 00:48 -!- nutron [~nutron@unaffiliated/nutron] has joined #openvpn 00:56 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has joined #openvpn 01:10 -!- nutron [~nutron@unaffiliated/nutron] has quit [Quit: I must go eat my cheese!] 01:10 -!- nutron [~nutron@unaffiliated/nutron] has joined #openvpn 01:21 -!- Denial [Denial@drgi.co.uk] has joined #openvpn 01:25 < hyper_ch> ecrist: online? 01:29 -!- zeeshoem [~zee@108.162.156.19] has joined #openvpn 01:30 -!- zeshoem [~zee@108.162.156.19] has quit [Ping timeout: 276 seconds] 01:31 < hyper_ch> ki 01:31 < hyper_ch> !pki 01:31 <@vpnHelper> "pki" is (#1) http://openvpn.net/index.php/open-source/documentation/howto.html#pki for how to make your PKI stuff (ca, and certs) or (#2) Heres a basic rundown of how it works... The server, client, and ca certs are all signed by the same ca.key. The server and client use the ca.crt to check that eachother were signed by the right ca.key. Optionally, the client also checks that the server cert was 01:31 <@vpnHelper> signed specially as a server (see !servercert) 01:33 <@vpnHelper> RSS Update - forum: Client can connect but has no access to the Internet || need tun.ko 01:39 <@vpnHelper> RSS Update - forum: Specifying external IP pool and custom port per client. 02:00 -!- Zyclops [~Adium@59.111.18.162] has joined #openvpn 02:00 < Zyclops> hey 02:00 < Zyclops> what do you guys use for iphone/ipad openvpn support? 02:01 < hyper_ch> s/i*/Android/ 02:01 < Zyclops> yeah but everything else in android is shit though 02:02 < Zyclops> so angry with andorid 02:02 < hyper_ch> s/shit/great/ 02:02 < Zyclops> how about a big marketing lie, they sell android like it's one platform 02:02 < Zyclops> but it's not it's like 20 different companies all producing their own stuff with only like the nexus actually doing what the android platform advertises 02:02 < Zyclops> i bought 3 android phones 02:03 < Zyclops> an 2 htc's and a motorola 02:03 < hyper_ch> marketing is a lie 02:03 < Zyclops> the peice of shit motorola is only 9 months old 02:03 < Zyclops> it's not even running gingerbread 02:03 < Zyclops> and i can't upgrade it 02:03 < Zyclops> even two an operating system that is 2 years old 02:03 < Zyclops> the system is rife with bugs 02:03 < Zyclops> i.e. things that just crash 02:04 < Zyclops> i'll never be able to upgrade it to the new version 02:04 < Zyclops> because motorola won't be assed 02:04 < Zyclops> same with one of the HTCs 02:05 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has quit [Remote host closed the connection] 02:06 < Zyclops> google has made a dogs breakfast out of android and they'll need to do something drastically different. at the moment the iOS os and associated eco-system is miles better… also this also seems to be the general consenus , go read any of the articles on ars-technica on android recently and 90% of the android related articles are negative. 02:06 < Zyclops> next windows mobile is looking very promising 02:06 < Zyclops> which is good, because apple need some decent competition 02:07 -!- dazo_afk is now known as dazo 02:07 -!- thinkIllcode [~h4x0r@CPE-120-146-170-159.static.qld.bigpond.net.au] has joined #openvpn 02:08 < hyper_ch> --> also this also seems to be the general consenus , go read any of the articles on ars-technica on android recently and 90% of the android related articles are negative. --> so? 02:09 < Zyclops> so… ? 02:09 < hyper_ch> I think the general consensus is great towards android 02:09 < Zyclops> nah, it's very negative out of all of my friends (out of the computer industry) 02:10 < hyper_ch> and well, who reads ars technica besides nerds anyway 02:10 < Zyclops> and we all own (or have owned one in the past) 02:10 < hyper_ch> the masses are happy with it 02:10 < Zyclops> erm highly knowledgable technology writers who spend their working life analysing and reviewing this stuff 02:10 -!- h4x0r` [~h4x0r@unaffiliated/respekt] has quit [Ping timeout: 276 seconds] 02:10 -!- thinkIllcode [~h4x0r@CPE-120-146-170-159.static.qld.bigpond.net.au] has left #openvpn [] 02:11 < Zyclops> things i don't like i about iPhone 1. no OpenVPN support 2. no OpenSMS apis so i can get in built translation into iMessage 02:11 < Zyclops> 3. no open sms apis so i can block unwanted sms's 02:11 < Zyclops> i think thats about it 02:11 < Zyclops> minor irratations 02:12 < hyper_ch> [09:10] erm highly knowledgable technology writers who spend their working life analysing and reviewing this stuff --> and how often have they been right towards the masses? 02:12 < Zyclops> yeah i agree with you 02:13 < Zyclops> in that if your spending less than $150 on a smart phone (new) 02:13 < Zyclops> you should get an android 02:13 < Zyclops> anything more than that you should get a 3GS, iPhone 4, iPhone 4s 02:13 < Zyclops> it's a good budget phone 02:13 < Zyclops> same as the old nokia feature phones 02:14 < Zyclops> as you can tell, i'm quite bitter about android. I used to be a big supporter 02:14 < hyper_ch> you should not get an i* device at all 02:14 < Zyclops> my team still has to write software for them though.. so lol still get to use them 02:14 < hyper_ch> and neither MS* 02:15 < Zyclops> MS should be intersting 02:15 < Zyclops> i'd like to get my hands on a device 02:15 < Zyclops> when they come out 02:15 < hyper_ch> I don't care for them 02:16 < Zyclops> i really love the ideas for their apps 02:16 < Zyclops> js / html5 only 02:16 < Zyclops> brilliant 02:16 < Zyclops> about as open and cross platform as you can get 02:16 < hyper_ch> if there just wasn't "EEE" 02:16 < Zyclops> EEE? 02:17 < hyper_ch> https://en.wikipedia.org/wiki/Embrace,_extend_and_extinguish 02:17 <@vpnHelper> Title: Embrace, extend and extinguish - Wikipedia, the free encyclopedia (at en.wikipedia.org) 02:18 < Zyclops> lol 02:19 -!- cherwin_ [1776628@xs8.xs4all.nl] has joined #openvpn 02:19 -!- Dougy [me@tech.qsi.net] has joined #openvpn 02:19 -!- Tick-Tock_ [~Tick-Tock@2607:f358:1:fed5:22:0:b683:4295] has joined #openvpn 02:19 -!- Netsplit *.net <-> *.split quits: +caesay, Kateon, Dougy_, Secret, +masch, Rolybrau, Tick-Tock, +inimino, MikeW, cherwin, (+1 more, use /NETSPLIT to show all of them) 02:19 -!- Tick-Tock_ is now known as Tick-Tock 02:19 -!- Kateon [482392@xs8.xs4all.nl] has joined #openvpn 02:20 -!- Netsplit over, joins: epsilon 02:20 -!- Netsplit over, joins: MikeW 02:21 -!- Netsplit over, joins: masch 02:21 -!- Netsplit over, joins: Secret 02:22 -!- Netsplit over, joins: inimino 02:29 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has quit [Remote host closed the connection] 02:29 -!- caesay [~caesay@socialshock.net] has joined #openvpn 02:30 -!- caesay is now known as Guest5164 02:30 -!- Rolybrau [~Rolybrau@220-96.79-83.cust.bluewin.ch] has joined #openvpn 02:31 -!- Rolybrau is now known as Guest94608 02:32 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has joined #openvpn 02:37 <@vpnHelper> RSS Update - forum: Routed OpenVPN between two subnets || Auth-user-pass and general security question 02:41 -!- Guest94608 [~Rolybrau@220-96.79-83.cust.bluewin.ch] has quit [Read error: Connection reset by peer] 02:43 -!- Zyclops [~Adium@59.111.18.162] has quit [Ping timeout: 245 seconds] 02:43 <@vpnHelper> RSS Update - forum: need tun.ko 02:43 -!- Zyclops1 [~Adium@ec2-176-34-56-205.ap-northeast-1.compute.amazonaws.com] has joined #openvpn 03:06 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 03:14 <@vpnHelper> RSS Update - forum: redirect traffic to tunnel of one out of 2 network adapter 03:20 <@vpnHelper> RSS Update - forum: need tun.ko 03:21 <@dazo> Zyclops1: iirc, ars technica has gotten quite some negative feedback for being very pro Microsoft too, in general ... and there's some rumours going that they receive some financial support from Microsoft .... so maybe not so odd that their Android articles in general have a negative attitude 03:23 < Zyclops1> really.. intersesting 03:23 < Zyclops1> got a link to an article? 03:23 < Zyclops1> arstechnica is pretty much my favorite publication 03:24 < Zyclops1> it'd piss me off if they weren't being honest 03:24 <@dazo> not at hand, I'll try to dig up something ... it's quite a while since I read about it 03:24 < Zyclops1> yeah 03:24 < Zyclops1> i'll do a google 03:24 <@dazo> Zyclops1: no media is honest ... everyone can be bought, as long as the price is right ... that's why I never trust just one media, but compare more against each other 03:30 < Zyclops1> as far as newspapers go 03:30 < Zyclops1> the guardian i find is generally the most reliable 03:31 -!- `Ile` [~Ile@kaniserver.net] has joined #openvpn 03:38 <@vpnHelper> RSS Update - forum: need tun.ko 03:42 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Read error: Operation timed out] 03:43 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 03:43 <@vpnHelper> RSS Update - forum: need tun.ko 03:50 <@vpnHelper> RSS Update - forum: need tun.ko || Give users access to different individual private networks 03:56 <@vpnHelper> RSS Update - forum: need tun.ko 04:02 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has joined #openvpn 04:03 -!- thumbs [1000@unaffiliated/thumbs] has quit [Ping timeout: 252 seconds] 04:04 -!- thumbs [1000@modemcable008.11-201-24.mc.videotron.ca] has joined #openvpn 04:04 -!- thumbs [1000@modemcable008.11-201-24.mc.videotron.ca] has quit [Changing host] 04:04 -!- thumbs [1000@unaffiliated/thumbs] has joined #openvpn 04:15 <@vpnHelper> RSS Update - forum: Routing all client traffic (inc web-traffic) through the VPN 04:20 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 04:20 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Client Quit] 04:23 -!- master_o1_master [~master_of@p57B52568.dip.t-dialin.net] has quit [Ping timeout: 276 seconds] 04:24 -!- master_of_master [~master_of@p57B55AFE.dip.t-dialin.net] has joined #openvpn 04:34 -!- hypno [~hypno@impulse2.gothiaso.com] has joined #openvpn 04:36 < hypno> hi. i have some odd issues on solaris 10/sparc with openvpn. there is something wrong with attaching/detaching the tun0 interface. anyone recognize this problem? 04:39 <@vpnHelper> RSS Update - forum: Help needed to escape from nosy boss 04:56 -!- hypno [~hypno@impulse2.gothiaso.com] has left #openvpn [] 05:00 -!- amir__ is now known as amir 05:01 -!- Araluccl0 [~lallo@151.77.143.50] has quit [Ping timeout: 252 seconds] 05:01 -!- Araluccl0 [~lallo@151.77.143.50] has joined #openvpn 05:04 -!- Zyclops1 [~Adium@ec2-176-34-56-205.ap-northeast-1.compute.amazonaws.com] has quit [Quit: Leaving.] 05:23 -!- mirco [~mirco@pd95b6029.dip0.t-ipconnect.de] has joined #openvpn 06:10 -!- koaschten [~koaschten@31-16-0-231-dynip.superkabel.de] has quit [Ping timeout: 252 seconds] 06:13 -!- kokozedman [607fb67a@gateway/web/freenode/ip.96.127.182.122] has joined #openvpn 06:15 < kokozedman> hey guys ... what should i tweak in order to avoid the TCP phenomenon, like it reaches peak speed, then nothing gets tranferred to the user-application for a brief period of time while the link is still transmitting at full speed ... then about 2 seconds after, the speed goes down to zero and starts to ramp-up again, then the user application gets a burst of data... 06:15 < kokozedman> i'm not sure if this is called the TCP meltdown 06:16 < kokozedman> but i'm running openvpn over TCP 06:16 < kokozedman> and it's the transfer that i'm doing inside openvpn which gets affected by this 06:19 <+EugeneKay> !tcp 06:19 <@vpnHelper> "tcp" is (#1) Sometimes you cannot avoid tunneling over tcp, but if you can avoid it, DO. http://sites.inka.de/~bigred/devel/tcp-tcp.html Why TCP Over TCP Is A Bad Idea. or (#2) http://www.openvpn.net/papers/BLUG-talk/14.html for a presentation by James Yonan (OpenVPN lead developer) or (#3) if you must use tcp, you likely want --tcp-nodelay 06:24 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has quit [Quit: This computer has gone to sleep] 06:58 -!- TomFyuri [~Tom_Fyuri@moloko.TeNeT.Odessa.UA] has joined #openvpn 07:04 -!- Dougy [me@tech.qsi.net] has quit [Read error: Connection reset by peer] 07:05 -!- Dougy [me@tech.qsi.net] has joined #openvpn 07:06 -!- TypoNe [~itsme@195.197.184.87] has quit [Ping timeout: 240 seconds] 07:07 -!- TypoNe [~itsme@195.197.184.87] has joined #openvpn 07:10 <@vpnHelper> RSS Update - forum: Unable to ping behind client from server in Bridge Mode 07:14 < TomFyuri> how do I send to windows client "route.exe change 0.0.0.0 mask 0.0.0.0 192.168.1.1" command ? i'm using bridged openvpn connection between my linux box and windows pc which works perfectly, i just want to share internet. 07:24 -!- koaschten [~koaschten@31-16-0-231-dynip.superkabel.de] has joined #openvpn 07:40 <@vpnHelper> RSS Update - forum: Help needed to escape from nosy boss 07:47 -!- prakashkamliya [~prakashka@202.131.123.66] has joined #openvpn 07:47 < prakashkamliya> Can anyone explain in detail about including multiple machines on client side using bridge mode 07:47 <@vpnHelper> RSS Update - forum: Including multiple machines on the client side bridge mode?? 07:47 < prakashkamliya> ? 07:47 < prakashkamliya> do we need to bridge tap and nic-lan before starting connection or after that ?? 07:47 -!- _quadDamage [~EmperorTo@jaguar-2-red.claimlynx.com] has quit [Read error: Connection reset by peer] 07:47 -!- _quadDamage [~EmperorTo@jaguar-2-red.claimlynx.com] has joined #openvpn 07:48 < prakashkamliya> vpnHelper: yeah that one only 07:48 < prakashkamliya> i have posted that question only 07:48 <@ecrist> hyper_ch: I am now. 07:50 < hyper_ch> ecrist: for mountint shares over VPN, what do you recommend? Samba? 07:50 <@ecrist> totally depends 07:50 <@ecrist> we use both samba and afpd 07:51 < hyper_ch> well, sometimes the connection breaks and I wonder what's easier to "auto-restore" 07:52 <@ecrist> not sure 07:53 < hyper_ch> this far I've been using sshfs but when connection breaks it's a mess 07:53 <@dazo> hyper_ch: I've been running glusterfs over openvpn with great success ... but also samba 07:54 < hyper_ch> ovpn would would auto-restore the connection to the server and probably autofs to auto-mount again? 07:54 <@dazo> glusterfs might cause a hang for some seconds, but when restored it's fine again 07:55 < hyper_ch> hanging for a few seconds isn't bad 07:55 <@dazo> (haven't experienced connection drops with samba yet) 07:55 < hyper_ch> it just shouldn't locally write files that should be stored on the server 07:55 <@dazo> well, some seconds, not a few .... up to 20-30 seconds in some cases 07:55 < hyper_ch> you know what I mean? 07:56 <@dazo> yeah, the FS layer in the OS kernel will take care of blocking those operations until a write can be performed 07:56 < hyper_ch> if you just use plain sshfs you sometimes write locally 07:57 <@dazo> however - only hitch I'm having with glusterfs is that group accessibility isn't working nicely in my setup .... but could be my config mistake, though 07:57 < hyper_ch> will have a look 07:57 < hyper_ch> thx 07:59 <@ecrist> afpd works wonderfully, samba seems reliable enough 08:00 < hyper_ch> I can't find anything regarding afpd 08:01 <@ecrist> apple file sharing 08:01 <@dazo> hyper_ch: netatalk is the open source variant of afpd, I believe 08:01 <@vpnHelper> RSS Update - forum: Including multiple machines on the client side bridge mode?? 08:01 <@ecrist> aka netatalk 08:01 < hyper_ch> dazo: oh... the mac thing... I never got that to work properly 08:01 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Quit: Computer has gone to sleep.] 08:02 < havoc> I used to run netatalk for some clients 08:02 < havoc> no more, all newer OSX releases support SMB/CIFS 08:02 -!- TomFyuri [~Tom_Fyuri@moloko.TeNeT.Odessa.UA] has left #openvpn [] 08:02 < havoc> so all straight samba now 08:03 < havoc> netatalk is a nightmare 08:07 -!- h4x0r` [~h4x0r@CPE-120-146-170-159.static.qld.bigpond.net.au] has joined #openvpn 08:07 -!- h4x0r` [~h4x0r@CPE-120-146-170-159.static.qld.bigpond.net.au] has quit [Changing host] 08:07 -!- h4x0r` [~h4x0r@unaffiliated/respekt] has joined #openvpn 08:09 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has joined #openvpn 08:09 -!- Diffen [~diffen@c83-251-114-228.bredband.comhem.se] has joined #openvpn 08:10 -!- kokozedman [607fb67a@gateway/web/freenode/ip.96.127.182.122] has quit [Ping timeout: 264 seconds] 08:46 -!- prakashkamliya [~prakashka@202.131.123.66] has quit [Ping timeout: 240 seconds] 08:47 -!- Diffen [~diffen@c83-251-114-228.bredband.comhem.se] has quit [Quit: This computer has gone to sleep] 08:47 -!- mirco_ [~mirco@pd95b6029.dip0.t-ipconnect.de] has joined #openvpn 08:49 -!- mirco [~mirco@pd95b6029.dip0.t-ipconnect.de] has quit [Ping timeout: 240 seconds] 08:49 -!- mirco_ is now known as mirco 08:52 -!- Diffen [~diffen@c83-251-114-228.bredband.comhem.se] has joined #openvpn 08:56 -!- Axeman [~Axeman3@198.105.46.22] has joined #openvpn 08:56 -!- Axeman [~Axeman3@198.105.46.22] has quit [Changing host] 08:56 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 08:56 -!- mode/#openvpn [+v Axeman] by ChanServ 09:03 -!- gladiatr [~sdspence@openvpn/community/support/gladiatr] has joined #openvpn 09:03 -!- Diffen [~diffen@c83-251-114-228.bredband.comhem.se] has quit [Quit: This computer has gone to sleep] 09:11 -!- kaiyou [~kaiyou_fn@blitzen.pierre.jaury.eu] has left #openvpn ["Ex-Chat"] 09:16 -!- rasyid7 [~rasyid@69.163.36.67] has joined #openvpn 09:16 < rasyid7> hi .. anyone can give me link to create a openvpn server via udp port 53 ?\ 09:17 <+EugeneKay> !howto 09:17 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror 09:23 -!- sled-dog [~luser@65-124-95-55.dia.static.qwest.net] has joined #openvpn 09:24 -!- luckman212 [~irc@pool-108-41-8-176.nycmny.fios.verizon.net] has joined #openvpn 09:25 < sled-dog> what kind of overhead does an idle or unused tunnel consume? I mean if it's bound to eth0 but no traffic actually crosses the tunnel, how much bandwidth does it take to keep the tunnel up? 09:25 <+EugeneKay> A few packets every --ping seconds 09:25 < hyper_ch> sled-dog: that's pretty simple to figure out 09:25 < hyper_ch> setupa tunnel 09:25 < hyper_ch> don't route any traffic to it 09:25 < sled-dog> done, so far 09:26 < hyper_ch> measure how much traffic (aka ping) goes through 09:26 < sled-dog> none goes through 09:26 <+EugeneKay> Well there you go ;-) 09:26 < sled-dog> I stated that in my question, EugeneKay 09:27 < sled-dog> but the keepalives or reregistration or whatever that maintain the tunnel, that's what I'm asking about 09:27 <+EugeneKay> It's whatever you set --keepalive too 09:27 < hyper_ch> I still stand by what I said earlier 09:27 <+EugeneKay> Or what you need to keep the TCP connection going, if you're using TCP(a bad idea) 09:27 < sled-dog> hyper_ch: I've had a tunnel up for a week, with vnstat monitoring that interface... zero traffic 09:28 <+EugeneKay> vnstat isn't terribly accurate at extremely-low levels like that 09:28 < sled-dog> but again, I 09:29 < sled-dog> but again, I'm not asking how much traffic passes *through* the tunnel, but now much between both ends that maintain the connection 09:29 <+EugeneKay> A few packets every --ping seconds 09:29 < sled-dog> does anyone understand what I'm asking? 09:30 <+EugeneKay> tcpdump it if you don't trust me 09:32 <+EugeneKay> I just tcpdumped my eth0 for one minute, capturing udp 1194. There were 12 packets. I have --ping set to 10. 09:33 <+EugeneKay> There is no dark voodoo going on behind the scenes here. It's a simple answer. 09:33 < hyper_ch> of course there is dark voodoo 09:33 < hyper_ch> you're just too blind to see it 09:33 <+EugeneKay> Shush, you. 09:36 -!- Gravitron [~admin@64.93.224.182] has joined #openvpn 09:36 -!- Gravitron [~admin@64.93.224.182] has quit [Changing host] 09:36 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 09:40 -!- Gravitro_ [~admin@69.163.40.45] has joined #openvpn 09:41 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Ping timeout: 245 seconds] 09:46 -!- ibins [~Michael@dslb-084-056-076-210.pools.arcor-ip.net] has joined #openvpn 09:52 -!- h4x0r` [~h4x0r@unaffiliated/respekt] has quit [Ping timeout: 240 seconds] 10:00 <@ecrist> sled-dog: monitor the interface statistics on eth0 10:01 <@ecrist> you'll have your answer 10:01 <@ecrist> or run tcpdump on it 10:05 -!- gremly [~gremly@200.106.218.64] has joined #openvpn 10:05 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has joined #openvpn 10:22 -!- `Ile` [~Ile@kaniserver.net] has quit [Quit: KVIrc 4.1.3 Equilibrium http://www.kvirc.net/] 10:27 <@vpnHelper> RSS Update - forum: Routing all client traffic (inc web-traffic) through the VPN 10:33 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has quit [Ping timeout: 240 seconds] 10:33 <@vpnHelper> RSS Update - forum: Routing all client traffic (inc web-traffic) through the VPN 10:37 < Intensity> Hi. I'm trying to use "--iproute alternate-command" in OpenVPN 2.2.2, but I get: Unrecognized option or missing parameter(s). Am I missing something? 10:38 -!- mirco [~mirco@pd95b6029.dip0.t-ipconnect.de] has quit [Quit: mirco] 10:44 -!- Axeman2 [~Axeman3@198.105.46.22] has joined #openvpn 10:44 -!- Axeman2 [~Axeman3@198.105.46.22] has quit [Changing host] 10:44 -!- Axeman2 [~Axeman3@openvpn/user/axeman] has joined #openvpn 10:44 -!- mode/#openvpn [+v Axeman2] by ChanServ 10:44 -!- Axeman2 is now known as drFeelgood 10:45 -!- drFeelgood [~Axeman3@openvpn/user/axeman] has quit [Client Quit] 10:51 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has quit [] 11:24 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has quit [Remote host closed the connection] 11:24 -!- APTX [APTX@unaffiliated/aptx] has quit [Quit: No Ping reply in 180 seconds.] 11:24 -!- Tick-Tock [~Tick-Tock@2607:f358:1:fed5:22:0:b683:4295] has quit [Ping timeout: 260 seconds] 11:24 -!- crissi- [crissi@wohnt.auf.Deep-Space-Nine.eu] has quit [Ping timeout: 260 seconds] 11:25 -!- vect0rx [vectorx@countercultured.net] has quit [Ping timeout: 252 seconds] 11:25 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has joined #openvpn 11:26 -!- APTX [APTX@unaffiliated/aptx] has joined #openvpn 11:26 -!- _quadDamage [~EmperorTo@jaguar-2-red.claimlynx.com] has quit [Ping timeout: 260 seconds] 11:27 -!- _quadDamage [~EmperorTo@jaguar-2-red.claimlynx.com] has joined #openvpn 11:27 -!- crissi [crissi@wohnt.auf.Deep-Space-Nine.eu] has joined #openvpn 11:29 -!- Tick-Tock [~Tick-Tock@2607:f358:1:fed5:22:0:b683:4295] has joined #openvpn 11:32 -!- APTX [APTX@unaffiliated/aptx] has quit [Remote host closed the connection] 11:33 -!- APTX [APTX@unaffiliated/aptx] has joined #openvpn 11:43 -!- newl [~newl@97.75.165.156] has joined #openvpn 11:45 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 11:48 -!- payal11 [payal@inara.dreamhost.com] has joined #openvpn 11:48 < payal11> hi all 11:48 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 11:49 < payal11> today my client gave me a dot-ovpn file to connect to his server 11:49 < payal11> and in the file he kept the certificate 11:50 < payal11> how is that possible 11:50 <@dazo> payal11: an undocumented feature ... using f.ex 11:50 <@dazo> it's called inline certs 11:50 <@dazo> most keys/certs can be embedded like that 11:52 < payal11> dazo: what is this f.ex 11:52 <@dazo> for example 11:52 * dazo need to run 11:53 < payal11> dazo: 1 min 11:53 <@dazo> but just look carefully in the config file ... and you'll most likely see the certs/keys are encapsulated with {key data], {cert data}, and so on 11:53 <@dazo> no, I'm going now 11:54 < payal11> Options error: No client-side authentication method is specified. You must use either --cert/--key, --pkcs12, or --auth-user-pass 11:54 -!- dazo is now known as dazo_afk 11:55 < payal11> thanks 11:57 < payal11> anyone else here? 11:59 -!- Araluccl0 [~lallo@151.77.143.50] has quit [Ping timeout: 252 seconds] 12:09 -!- Araluccl0 [~lallo@151.77.126.212] has joined #openvpn 12:14 -!- krzee [nobody@openvpn/community/support/krzee] has quit [Quit: This computer has gone to sleep] 12:16 -!- krzee [nobody@hemp.ircpimps.org] has joined #openvpn 12:16 -!- krzee [nobody@hemp.ircpimps.org] has quit [Changing host] 12:16 -!- krzee [nobody@openvpn/community/support/krzee] has joined #openvpn 12:20 < ibins> payal11: here is an example: http://pastebin.com/0vbpEHCZ 12:21 -!- MeanderingCode [~Meanderin@97-123-14-239.albq.qwest.net] has joined #openvpn 12:22 -!- Gravitro_ [~admin@69.163.40.45] has quit [Ping timeout: 252 seconds] 12:24 -!- rasyid7 [~rasyid@69.163.36.67] has quit [] 12:29 -!- kalken [~default@c83-248-128-189.bredband.comhem.se] has joined #openvpn 12:30 < kalken> hello! trying to resolve "TLS Error: TLS handshake failed" when reconnecting if connection is lost. Anybody know where to look for answers? 12:30 < kalken> it seems there is something wrong with cached ssl-keys or something 12:45 -!- EgoDeus1 [~q@pool-108-4-65-23.rcmdva.fios.verizon.net] has joined #openvpn 12:46 -!- michaelgamble [~michaelga@97.107.57.17] has joined #openvpn 12:46 < michaelgamble> anyone around? 12:47 < michaelgamble> i've got a bit of a challenge, we had to let go of an employee today and he is the one who set up our openvpn virtual machine.. I'm logged in both the admin interface and have the terminal up.. and I'm not seeing any obvious place to change user password 12:47 < EgoDeus1> So I just got OpenVPN connected for the first time. Will it automatically grab all outbound traffic and route it though the vpn, or do some applications need to be configured to use it? 12:48 < prg3> michaelgamble: It's a linux machine? 12:48 < michaelgamble> yeah 12:48 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Quit: Sorry Gotta Run!] 12:48 < michaelgamble> looks like ubuntu9 12:48 < prg3> Just run "passwd" from the command line and you can reset the password there. 12:49 < prg3> Depends on how it's setup though, there might be another database for user passwords that you may need to disable too 12:51 < michaelgamble> how do you switch users 12:51 < michaelgamble> in linux 12:53 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has quit [Remote host closed the connection] 12:54 -!- EgoDeus1 [~q@pool-108-4-65-23.rcmdva.fios.verizon.net] has left #openvpn ["Leaving"] 12:54 < michaelgamble> running password seemed to only half work :p 12:55 < sled-dog> "su -" to become root, and "su - username" to become another user if you're logged in as root already 13:01 -!- kalken [~default@c83-248-128-189.bredband.comhem.se] has quit [Quit: WeeChat 0.3.2] 13:03 <@vpnHelper> RSS Update - forum: Question? 13:04 <@ecrist> or just, su - to become that user, if you know their password 13:05 < newl> do you have the user setup properly? home etc 13:06 -!- nonotza [~nonotza@50-57-234-249.static.cloud-ips.com] has joined #openvpn 13:20 < Araluccl0> hi, can anyone help me? id like to make my ovpn server to learn my work and my home's sublan... now... with the same exact config the learning process works on workplace (windows 7 64) but not at home (openwrt opn the router) here are log from the failed learnign process http://pastebin.com/TJx5SG2w + client config http://pastebin.com/RT2BRBfW + server.conf http://pastebin.com/kJYHgFDC the important thing is that i can ping vpn ip but NOT private lan ip.. 13:20 < Araluccl0> so probably is a firewall issue... but not a clue 13:21 -!- vect0rx [vectorx@countercultured.net] has joined #openvpn 13:21 <@ecrist> !logs 13:21 <@vpnHelper> "logs" is (#1) is please pastebin your logfiles from both client and server with verb set to 5 or (#2) In Tunnelblick, right-click and select copy to copy log text to clipboard. 13:21 < Araluccl0> hehe..ok... sorry 13:22 < michaelgamble> is their a main config file that an openvpn server is supposed to use when it starts up? 13:25 <@ecrist> nope 13:25 < Araluccl0> http://pastebin.com/MpEnZQex my server log 13:25 <@ecrist> you can define one with --config 13:25 <@ecrist> try the man page, michaelgamble 13:25 < michaelgamble> yeah i know i saw that in the manual page 13:25 < michaelgamble> the problem is how do i tell what one is currently being used 13:26 <@ecrist> ps auxwwww | grep openvpn 13:26 <@ecrist> ? 13:26 <@ecrist> Araluccl0: you're not following directions 13:26 <@ecrist> verb 5, and on the full connection 13:28 < Araluccl0> my client http://pastebin.com/MSyBCskg 13:29 < Araluccl0> isnt it verb 5? 13:29 < Araluccl0> wait...sorry I check 13:29 < Araluccl0> its verb 5 on both client and server 13:30 < Araluccl0> I checked before to paste 13:30 <@ecrist> sure, but, you're already running openvpn, so the log just complains that it can't run 13:30 <@ecrist> that's hardly useful 13:30 < Araluccl0> oh...wait... 13:34 -!- mattock [~samuli@openvpn/corp/admin/mattock] has quit [Remote host closed the connection] 13:35 < Araluccl0> really...strange...I rebooter server and still complaining addres aleady in use... please wait... 13:36 < newl> check you network config files 13:42 < Araluccl0> no idea... what happened... is this good ...does it seem a verb 5 log? http://pastebin.com/iRcnFQvh 13:46 < Araluccl0> http://pastebin.com/8MPxsF01 this is my cloient log... they seem really small to be verb 5 ...but I swear I have verb 5 on both client and server conf :) 13:50 < Araluccl0> oh..still socket bind... but it definately works...I can ping vpn server from client and vice versa... but I guess I hav to sort it out fiorst... 13:52 -!- michaelgamble [~michaelga@97.107.57.17] has quit [Quit: michaelgamble] 13:52 < Araluccl0> this is my network/interfaces config http://pastebin.com/SNi8VRCt if useful 13:52 -!- newl [~newl@97.75.165.156] has quit [Ping timeout: 252 seconds] 13:54 -!- newl [~newl@97.75.165.156] has joined #openvpn 14:06 < Araluccl0> http://pastebin.com/0RehByAZ is this a correct log... with server properly started?... after a few attempts it seems started 14:09 < Araluccl0> btw ....this is what happens with vpn at work... internal route 10.51.0.0/24 -> cupidz.qualcosa.it/151.13.210.194:3529 and I can ping 10.51.0.4 instead... that doesnt happen with 192.168.1.1 for my house router 14:09 < Araluccl0> cliebnt config are identical 14:16 < Araluccl0> this is my client log ...if anyone... :) ... http://pastebin.com/5yaAmdmw 14:29 -!- MarKsaitis [~MarKsaiti@cpc4-rdng22-2-0-cust932.15-3.cable.virginmedia.com] has joined #openvpn 14:35 -!- oc80z [oc80z@openvpn/user/oc80z] has quit [Excess Flood] 14:35 -!- oc80z [oc80z@blea.ch] has joined #openvpn 14:52 -!- Araluccl1 [~lallo@151.77.236.69] has joined #openvpn 14:52 -!- misulicus [4f7357c6@gateway/web/freenode/ip.79.115.87.198] has joined #openvpn 14:53 < misulicus> hey guys, if i want to run a vpn server for lets say 500-600 users...how many IP adresses i need on my serveR? 14:54 <+EugeneKay> That's like asking how many feet of surgical tube you need to build a car. 14:54 <+EugeneKay> The answer is "you're counting the wrong thing" 14:54 < misulicus> hmm 14:54 -!- Araluccl0 [~lallo@151.77.126.212] has quit [Ping timeout: 252 seconds] 14:54 <@ecrist> heh 14:54 <@ecrist> 500-600 I'd guess 14:55 <+EugeneKay> If you want to give a static public IP to each user, you need 500 addresses. Good luck getting that much IPv4 space. 14:55 < misulicus> ok then no static ip for the users 14:56 <+EugeneKay> For a more sane MASQUERADE setup, you need ~1 per server. 14:56 < newl> EugeneKay: since i am a surgical tubing salesman i think you will need 1000 ft to start.. can i place your order now? 14:57 <+EugeneKay> Let's leave my bedroom misadventures out of this discussion. 14:57 <+EugeneKay> misulicus - no, we can't. 14:58 < misulicus> ok 14:58 < misulicus> so then 1 ip on server is good then ? 14:58 <+EugeneKay> Should be fine, yes. 14:58 <+EugeneKay> More presing will be the server catching fire with 500 simultaneous clients. ;-) 14:58 < misulicus> k, and about server itself ? any companies u`d recommend ? 14:59 <+EugeneKay> Serverbeach treated me good for years. I have a set of Dells colocated with Hurricane Electric nowadays. 14:59 -!- Araluccl0 [~lallo@151.77.236.69] has joined #openvpn 15:00 -!- Araluccl1 [~lallo@151.77.236.69] has quit [Read error: Connection reset by peer] 15:00 < Araluccl0> hi can anyone help me with configs and logs I pasted a fw prompts ago... (server port was messed up but now it seems ok) 15:00 -!- MarKsaitis [~MarKsaiti@cpc4-rdng22-2-0-cust932.15-3.cable.virginmedia.com] has quit [Quit: Leaving] 15:01 < Araluccl0> I can repost if needed 15:03 < misulicus> is there a guide on how i can make the user creation and authentication from a mysql databse 15:04 -!- SviMik [~pIRCuser8@131.250.35.213.dyn.estpak.ee] has joined #openvpn 15:06 < SviMik> hi all. does anybody know such problem: anything works fine, but after few minutes VPN connection breaks 15:07 < newl> misulicus: you really in charge of a setup for 500-600 users ? 15:07 < misulicus> i`m gathering all the info i can at this stage 15:07 < newl> you lied a lot on your resume huh? 15:07 < SviMik> user claims he doesn't have ISP problems, and he doesn't use wireless connections. Here is Wireshark dump: http://svimik.com/ovpnbrokentcp.png 15:10 <+EugeneKay> User is lying. 15:10 < SviMik> :) 15:14 < Olipro> maybe OpenVPN could do with a patch for TCP connections to use TCP-MD5 - at least on Linux 15:15 <+EugeneKay> I'm interested in that ICMP transport patch 15:15 < SviMik> *on screenshot .106 is server, and .31 is a client 15:15 < Olipro> right, and your server is being sent a reset 15:15 < Araluccl0> sorry...after how long can I ask again for helop without looking too bothering? :) 15:16 < SviMik> no, the [RST] packet is from client to server! 15:16 < Olipro> ...that's what I said 15:16 <+EugeneKay> Araluccl0 - every 2 hours, though your problem just plain doesn't interest me. Sorry. 15:16 < Olipro> which part of "your server is being sent a reset" looks like "your server is sending the client a reset" 15:17 < Araluccl0> :( 15:17 < Araluccl0> its trivial only apparently...but its really interesting... 15:17 < SviMik> yes... looks strange, that successfuly server receive packet from client (capture is made on server side) 15:17 < Olipro> Araluccl0: please describe concisely what you're trying to do, and what's not working 15:18 < Olipro> SviMik: you /could/ setup iptables to drop TCP RST packets for his connection 15:18 < SviMik> Olipro sorry, my reading mistake :) 15:18 < Olipro> and he could do the same on his end 15:18 < Olipro> and use keepalive within openvpn 15:18 < Araluccl0> thanks... I have one server and 2 clients... the clients have basically identical conf... but I can route the internal lan ip from one...but not from another 15:18 < Araluccl0> id like to share whole subnet 15:19 < Olipro> the server is operating in multi-client mode presumably 15:19 < Araluccl0> but basically now I can ping 10.51.0.4 ( from my work pc) but not 192.168.1.1 (my router at hoem withm openvpn installed) 15:19 < Olipro> the server is operating in multi-client mode presumably <-- 15:20 < Araluccl0> I can provide conf and logs...wait...http://pastebin.com/RT2BRBfW http://pastebin.com/kJYHgFDC 15:21 < Olipro> are multiple separate clients connecting to this server? 15:21 < Araluccl0> http://pastebin.com/cEa5QX7c client log http://pastebin.com/tpzP3XDQ serve log 15:21 < Olipro> could you perhaps just answer my questions 15:22 -!- krzee [nobody@openvpn/community/support/krzee] has quit [Ping timeout: 252 seconds] 15:22 < Araluccl0> so far just my office pc at work and my touter at home... og...and my android cell... but I can disable if needed 15:22 < Olipro> ok, I guess not 15:22 < Araluccl0> i did.... 15:22 < Araluccl0> i guess 15:22 < Olipro> ok 15:23 < Araluccl0> I can disable cell if needed... it goes in deep sleep and disconnect often 15:23 < Olipro> so, you have multiple OpenVPN instances going to the server on the same UDP port 15:23 < Araluccl0> yes 15:23 < Araluccl0> isnt it allowed? 15:24 < Araluccl0> I was toldtcp is bad 15:24 < Olipro> in order for routes behind client OpenVPN instsnaces to be accessible from the server, you need to create iroutes per client 15:24 < Olipro> *instances 15:24 < Araluccl0> I did... into my ccd folder 15:24 -!- eriberto [~eriberto@200.252.148.190] has joined #openvpn 15:24 < Araluccl0> I can paste ifneeded...but basically just irfonfig-opush and iroute 15:24 < Araluccl0> ifconfig-push 15:24 < Araluccl0> directives 15:25 < Olipro> right, so you have an iroute for the subnet behind your home router yes? 15:25 < Araluccl0> the important is that I can ping vpn client ip fropm server but NOT lan internal ip 15:25 < Araluccl0> yes 15:26 < eriberto> hi all! the openvpn running from win7 as client is arriving into my network with real IP. how to make it be the tun network IP (invalid)? 15:26 < Olipro> when you try to ping an address behind the router, does the packet actually reach the home router 15:26 < Olipro> because either your iroute is incorrect 15:26 < Olipro> or the home router is filtering the packet 15:27 < Olipro> eriberto: what? 15:27 < Araluccl0> nope... from the server to my lan I can only ping vpn ip 15:27 < Araluccl0> instead at work... I can ping vpn ip AND lan ip... 15:27 < Olipro> if the packet reaches the router and the router filters it, obviously the ping is going to fail 15:27 -!- MeanderingCode [~Meanderin@97-123-14-239.albq.qwest.net] has quit [Ping timeout: 255 seconds] 15:27 -!- misulicus [4f7357c6@gateway/web/freenode/ip.79.115.87.198] has quit [Quit: Page closed] 15:28 < Araluccl0> yes... problably its a firewall issues...but I cant solve it... 15:28 < Araluccl0> I tried to disable iptables... but probably failed... too newbie 15:28 < Olipro> right...so...you...need...to...fix...your...firewall 15:28 < Araluccl0> exactly... 15:28 < eriberto> Olipro: I am viewing the real IP of the client into my network. 15:29 < Olipro> eriberto: right, and presumably, those are the encrypted OpenVPN packets 15:29 < Araluccl0> so you think its for suure a fw issue... I can stop trying to fix ovpn conf? 15:29 < Olipro> well let's find out shall wep 15:29 < Olipro> 8we 15:29 < Olipro> ** 15:29 < Olipro> on the home router: 15:29 < Araluccl0> absolutely...! 15:29 < Olipro> iptables -S >pastebinme.txt 15:29 -!- krzee [nobody@openvpn/community/support/krzee] has joined #openvpn 15:29 < Olipro> if it has iptables-save, use that instead 15:30 < Araluccl0> http://pastebin.com/TjDH3rHk 15:31 < Araluccl0> I had it :) 15:31 < Araluccl0> I can use it if you prefer 15:32 < Araluccl0> im so incapable when is aboput iptables... im so ashamed :) 15:33 < eriberto> [Olipro] My client has 192.168.231.14 as IP from VPN. I want to see it in my internal trafic. However, I am viewing the real IP of the client. Do you understand? 15:33 < Olipro> eriberto: ok, so examine the client's routing table 15:34 < eriberto> Olipro, I will see now. Take me a moment. 15:34 < Olipro> Araluccl0: ok, that looks like you're running OpenWRT 15:34 < Araluccl0> yeah... 15:34 < Olipro> let's just do a quick and easy test 15:34 < Araluccl0> cool 15:35 < Olipro> iptables -I FORWARD -p icmp -j ACCEPT 15:35 < Olipro> then try to ping from the server 15:35 < eriberto> Olipro, the route is fine. 15:35 < eriberto> My internal net is 10/8 15:36 < Olipro> if the route was fine, you wouldn't be here 15:36 < Araluccl0> root@parasbro:~# ping 10.8.0.14 15:36 < Araluccl0> PING 10.8.0.14 (10.8.0.14) 56(84) bytes of data. 15:36 < Araluccl0> 64 bytes from 10.8.0.14: icmp_req=1 ttl=64 time=150 ms 15:36 < Araluccl0> 64 bytes from 10.8.0.14: icmp_req=2 ttl=64 time=153 ms 15:36 < Olipro> either the OpenVPN client is routing traffing through the tunnel or it isn't 15:36 < Olipro> a simple "it worked" would have been enough 15:36 < Araluccl0> but NOT 192.168.1.1 15:36 < Araluccl0> i dont paste to not bother 15:36 < Araluccl0> but ping fails 15:36 < Olipro> ok, pastebin the server's route table 15:36 < Araluccl0> ok 15:37 < Araluccl0> just route command? 15:37 < Olipro> ip route show 15:37 < eriberto> Olipro, it is for me? 15:37 < Araluccl0> ip route show 15:37 < Araluccl0> 10.8.0.2 dev tun0 proto kernel scope link src 10.8.0.1 15:37 < Araluccl0> 10.51.0.0/24 via 10.8.0.2 dev tun0 15:37 < Araluccl0> 10.8.0.0/24 via 10.8.0.2 dev tun0 15:37 < Araluccl0> 192.168.1.0/24 via 10.8.0.2 dev tun0 15:37 < Araluccl0> 169.254.0.0/16 dev venet0 scope link metric 1000 15:37 < Araluccl0> default dev venet0 scope link 15:37 -!- Araluccl0 was kicked from #openvpn by vpnHelper [Flooding detected. Please use http://pastebin.com for posting logs or configs.] 15:37 -!- Araluccl0 [~lallo@151.77.236.69] has joined #openvpn 15:37 < Olipro> i did say pastebin 15:37 < Araluccl0> im sorry... i thought it swas small 15:37 < Araluccl0> ok.. ill do that 15:38 < Araluccl0> http://pastebin.com/drwAhkgP 15:38 < Olipro> ok, now a pastebin of the ccd for the home router 15:38 < Araluccl0> ok 15:39 < Araluccl0> http://pastebin.com/rQTRJEcz 15:39 < Araluccl0> it infact has static ip .14 15:39 < Araluccl0> so I guess certificates work fine 15:40 < Araluccl0> and iroute should do too... it works for my offici lan ip 15:40 < eriberto> Olipro, I found the problem. The Windows 7 isn't using the internel DNS. Can you help me? 15:41 < eriberto> Olipro, I send my internal DNS to client. 15:42 < Olipro> Araluccl0: ok, I think it'd be better to switch this to topology subnet for your usage 15:42 < Olipro> net30 can be problematic 15:42 < Olipro> so, in your server and client configs, add the line "topology subnet" 15:42 < Araluccl0> can topology sunet work with linux and windows clients togheter? 15:42 < Araluccl0> subnet 15:42 < Araluccl0> together 15:42 -!- luckman212 [~irc@pool-108-41-8-176.nycmny.fios.verizon.net] has quit [Remote host closed the connection] 15:43 < Araluccl0> i have windows abnd linux clients connecting to a linux server 15:43 < Olipro> providing your windows clients aren't using an old OpenVPN version 15:43 < Araluccl0> nope.. they are all pretty much up to date... 15:43 < Araluccl0> ok then...cool 15:44 < Araluccl0> ...wait...I change... do I have to change ip into my ifconfig-push too? 15:44 < Olipro> no, you shouldn't do 15:45 < Araluccl0> ok then...a sec 15:48 -!- ibins [~Michael@dslb-084-056-076-210.pools.arcor-ip.net] has quit [Quit: Verlassend] 15:48 < Araluccl0> sorry... iots happened before... if I stop openvpn server brutally and relaunch it says bind address in use... i rebooted now 15:50 < Araluccl0> TCP/UDP: Socket bind failed on local address [undef]: Address already in use 15:50 < Araluccl0> this error... I dunno why... after a few reboot it stops.. I guess some timeout... 15:54 < Araluccl0> ok...restarted... 15:54 < Araluccl0> but thats really annoying... 15:56 < Araluccl0> Olipro... you there? :) 15:57 < Araluccl0> yes...hopefully... 15:57 < Araluccl0> do I try to ping my lan ip? 15:58 < Olipro> if you've brought it all back up, yes 15:59 < Araluccl0> oh 15:59 < Araluccl0> now im .12 not .14 anymopre? 15:59 < Araluccl0> is that normal? 16:00 < Olipro> subnet30 is the default and uses a weird way of forwarding 16:00 < Olipro> namely you have a "fake" peer address on the interface 16:00 < Olipro> topology subnet gets rid of that and is straightforward 16:00 < Araluccl0> hmm... btw now I can ping 10.8.0.12 but still no 1912.168.1.1 16:00 < Araluccl0> from server 16:01 < Araluccl0> I hoppe you dont ask me to restart server cause its a bit trouble :) 16:01 < Araluccl0> not for me... of course...its that it takes a bit to restart properly... :) 16:02 < Araluccl0> btw I think..the problem is on openwrt... 16:02 < Araluccl0> that iptables thing... :) 16:02 < Olipro> what is the OpenVPN address assigned to the server? 16:02 < Araluccl0> 10.8.0.1 16:03 < Olipro> try doing the ping with that as source 16:03 < Olipro> ping -I 10.8.0.1 192.168.1.1 16:03 < Araluccl0> hmm... you mean ping -I tun0 ? 16:03 < Olipro> right 16:03 < Araluccl0> ahh..ok 16:04 < Araluccl0> no luck 16:04 < Olipro> ok, let's see if the packets are going to the router at least 16:04 < Araluccl0> its like stuff are rejected.. 16:04 < Olipro> what's the name of the vpn interface on your router? 16:04 < Araluccl0> I have tcpdump... 16:04 < Araluccl0> tun0 16:04 < Olipro> ok, that'll do 16:05 < Olipro> run tcpdump on the openwrt 16:05 < Olipro> send some pings 16:05 < Olipro> see if they're seen 16:05 < Araluccl0> tcpdump -I tun0 16:05 < Araluccl0> ? 16:05 < Olipro> on the OpenWRT router 16:05 < Araluccl0> ok 16:05 < Olipro> it's -i 16:06 < Araluccl0> http://pastebin.com/Bj88jRG4 16:06 < Araluccl0> it sees stuff coming 16:06 -!- newl [~newl@97.75.165.156] has quit [Quit: Lost terminal] 16:06 < Araluccl0> oh...sorry..it was ping to 10.8.0.12 16:06 < Olipro> all those ICMP requests are destined for the router... 16:06 < Olipro> mmhmm 16:06 < Araluccl0> i paste correct one 16:07 < Araluccl0> ok.. pinging 192.168.1.1 from server... no stuff reacehed router... 16:07 -!- newl [~newl@97.75.165.156] has joined #openvpn 16:07 < Araluccl0> tcpdump has no entries 16:07 < Olipro> right 16:08 < Araluccl0> is that bad? :) 16:08 < Araluccl0> I screwed up.. I knew it! :) 16:08 < Olipro> hm? 16:08 < Araluccl0> just kidding... 16:09 < Araluccl0> no idea... 16:09 < Araluccl0> just I usually screw things...so... 16:09 < Araluccl0> :) 16:09 < Olipro> one period is usually enough 16:09 < Araluccl0> yes...sorry... 16:10 < Olipro> you must be italian 16:10 < Araluccl0> btw if stuff doesnt pass tcpdump... the problem is on the server? 16:10 < Olipro> right 16:10 < Araluccl0> yes I am 16:10 < Olipro> what verb do you have set for Openvpn? 16:10 < Araluccl0> 5 both server and client 16:10 < Olipro> ok, pastebin the most recent log contents 16:10 < Olipro> it should be reporting a routing failure 16:10 < Araluccl0> ok...both? 16:10 < Olipro> server 16:10 < Araluccl0> ok 16:11 < Araluccl0> http://pastebin.com/RM0qadas 16:11 < Araluccl0> hmm... there are connections issues? 16:12 < Araluccl0> consider the server is a vps in USA 16:12 < Araluccl0> I use it for HULU...well..id like to 16:12 < Olipro> well, is a ping to the OpenWRT router's VPN IP working? 16:13 < Araluccl0> yes 16:13 < Araluccl0> I can ping 10.8.0.12 16:13 < Olipro> mmm, this is odd 16:13 < Araluccl0> yeah... 16:14 < Olipro> you know, you could just run multiple separate OpenVPN instances rather than 1 server instance 16:14 < Olipro> saves having to bother with iroutes 16:14 < Olipro> and is generally much less annoying 16:14 < Araluccl0> hmm... I don't know how to make communicate clients..is it hard? 16:15 < Araluccl0> Did I told I can ping my office vpn lan ip? 16:15 < Araluccl0> same exact client config 16:15 < Araluccl0> I can ping 10.8.0.6 AND 10.51.0.4 16:15 < Olipro> clients can reach subnets behind the server just fine, because they only have one peer 16:15 < Araluccl0> so im pretty sure its a openmwrt issue 16:15 < Olipro> your tcpdump shows the packets aren't even been received on the tunnel interface 16:16 < Araluccl0> true... 16:16 < Araluccl0> wait... I retry... 16:16 -!- sled-dog [~luser@65-124-95-55.dia.static.qwest.net] has left #openvpn ["I've had enough!"] 16:16 -!- nonotza_ [~nonotza@66.246.94.130] has joined #openvpn 16:17 < Araluccl0> nope... 16:17 < Araluccl0> no traces 16:17 < Olipro> and no failures in the OpenVPN server log? 16:17 -!- nonotza_ [~nonotza@66.246.94.130] has quit [Client Quit] 16:17 < Araluccl0> wait... 16:18 < Araluccl0> nope latest is at 23.06 ,,about 7mins ago 16:19 < Araluccl0> listen... can I try a desperate thing...disable completely ittables on server and / or client? 16:19 < Araluccl0> ip 16:20 < Olipro> it's not iptables 16:20 < Araluccl0> just to realize if ths the sorurce of the problem 16:20 -!- nonotza [~nonotza@50-57-234-249.static.cloud-ips.com] has quit [Ping timeout: 245 seconds] 16:20 < Olipro> wait, I've just realised something 16:20 < Olipro> paste me the ccd of the router again 16:20 < Araluccl0> consider... my vps interfaces file has a lot of strange ip6 entries 16:21 < Araluccl0> ok..wait 16:21 < Araluccl0> http://pastebin.com/P9bWT57k 16:23 < Olipro> hm, ok, and "ip route show" on the server has 192.168.1.0/24 going via tun0 yes? 16:24 < Araluccl0> http://pastebin.com/pChN9QnN 16:24 < Araluccl0> nope :) 16:24 < Olipro> oh for gods sake 16:25 < Olipro> ip route add 192.168.1.0/24 dev tun0 16:25 < Araluccl0> yes...I know... but it was supposed to be don by iroute 16:25 <@vpnHelper> RSS Update - forum: Windows 7 as OpenVPN server with redirect-gateway 16:25 < Olipro> no 16:25 < Olipro> iroute does not modify the kernel's routing table 16:25 < Olipro> route does that 16:26 < Olipro> iroute is so OpenVPN knows which physical tunnel connection to send it over 16:26 < Araluccl0> ok..i did... but still no ping... 16:26 < Olipro> run tcpdump on the router and see if the packet is at least seen 16:26 < Araluccl0> and its into routing table 16:27 < Araluccl0> ok..wait 16:27 < Olipro> tcpdump will always see a packet, even if iptables is filtering it 16:27 < Araluccl0> nope..same as before 16:29 < Araluccl0> its strange..even an illeterate lake me can see that :) 16:29 < Olipro> personally, I'd say just dump this config and use multiple separate OpenVPN instances, one for each connection 16:29 < Olipro> no need to use ccds, no need to mess around with iroutes 16:30 < Araluccl0> hmm... can you say how to set it up? even just superficially? 16:30 < Olipro> just have multiple separate config files on the server 16:30 < Olipro> each one uses a different UDP port 16:30 < Araluccl0> and will client will communicate each other? 16:30 < Araluccl0> thru server? 16:30 < Olipro> not directly to eachother, no, but the server will route between them just fine 16:31 < Araluccl0> nice... I can try that... so same exact config...just no ccd and no route directives? 16:31 < Olipro> pretty much, yeah, just use peer addresses, don't need to push any config 16:31 < Olipro> and you can use "topology p2p" 16:32 < Olipro> you still need to specify what subnets you want to route via whichever tunnel, but no iroute is necessary 16:32 < Olipro> alternatively, use a routing protocol like OSPF 16:33 < Araluccl0> hmm.. is there any tutorial...maybe with pre made configs? 16:33 < Araluccl0> ip route show 16:33 < Araluccl0> 192.168.1.0/24 dev tun0 scope link 16:33 < Araluccl0> 10.8.0.0/24 dev tun0 proto kernel scope link src 10.8.0.1 16:33 < Araluccl0> 169.254.0.0/16 dev venet0 scope link metric 1000 16:33 < Araluccl0> default dev venet0 scope link 16:33 < Araluccl0> oh..im sorry 16:33 < Araluccl0> pasted accidentally clipboard 16:33 < Araluccl0> btw 192.168.1.0 is there :D 16:34 < Araluccl0> well... now Its late to test... tomorrow ill try at work... instead of actually working :D ... of course ill come back here... if not ... thanks a lot for tour help 16:34 < Olipro> if you really want to check it, send a ping again then check OpenVPN server logs 16:34 < Olipro> now that the route is present, OpenVPN /should/ at least report an error 16:34 < Araluccl0> with old config? 16:34 < Olipro> yes 16:35 < Araluccl0> ah ok..wait 16:36 < Araluccl0> nope..klastest sting is 16:36 < Araluccl0> Tue Jan 24 23:06:45 2012 us=215353 151.77.236.69:53842 SIGUSR1[soft,tls-error] received, client-instance restarting 16:36 < Araluccl0> RRWWRRWWRR 16:36 < Araluccl0> thhen a lot of garbage 16:36 < Araluccl0> 23.06 is old 16:37 < Olipro> :\ 16:37 < Araluccl0> what can humanly mean? :) 16:38 < Araluccl0> and why with my work it works... 16:38 < Olipro> seriously, dump the multi-client config and go for p2p 16:39 < Olipro> if you're just setting a server up for your own personal usage, it's much more flexible 16:39 -!- eriberto [~eriberto@200.252.148.190] has quit [Remote host closed the connection] 16:39 < Araluccl0> how many instance can a vps server cpu handle? 16:40 < Araluccl0> its not that powerful 16:40 < Araluccl0> btw...ill try to test that tomorrow... 16:40 < Olipro> OpenVPN isn't that demanding 16:40 < Olipro> I'm sure you could run a few hundred 16:40 < Araluccl0> well i dont really need that many 16:41 < Araluccl0> its just a pity :) 16:41 < Araluccl0> I thought I had all set :) 16:41 < Olipro> personally, I prefer to have my separate clients on separate tunnel interfaces 16:41 < Olipro> since they're not on the same LAN anyway, why have them on the same interface with your server 16:43 < Araluccl0> ok then...tomorrow ill try... last question...if my work lan ip can be pinged... that means that to share the whole office lan I hust have to push "route..." directive on server conf? 16:43 < Araluccl0> just 16:43 < Araluccl0> something like push "route 10.561.0.0 255.255.2550" 16:44 < Olipro> yes 16:44 < Araluccl0> something like push "route 10.51.0.0 255.255.255.0" 16:44 < Araluccl0> nice... I have to test that too... just to see if its just my router the problem 16:45 < reiffert> I solved my ipsec problem. Working clients so far: OS X, Windows 7, Android, iPhone, iPod, iPad, Linux. Using IpSec+Xauth+RSA. 16:45 < Araluccl0> well..i go to sleep now... thanks a lot for your help... really patient :) 16:45 < reiffert> without the need of breaking/rooting android or iphone jails if it matters. 16:45 < Araluccl0> but tomorrow ill be back wothj a WORKING multi instances openvpn! :) 16:45 < Araluccl0> (hopefully) 16:46 < Araluccl0> night all 16:47 -!- SviMik [~pIRCuser8@131.250.35.213.dyn.estpak.ee] has quit [Quit: pIRC v2.2 < Personal IRC Team > http://ircworld.ru and http://xirc.ru/] 16:48 < reiffert> rob0: ignoretest 16:55 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has quit [Remote host closed the connection] 17:01 -!- JackWinter [~jack@ppp-289.vo.lu] has quit [Quit: Konversation terminated!] 17:08 -!- JackWinter [~jack@ppp-289.vo.lu] has joined #openvpn 17:45 -!- newl [~newl@97.75.165.156] has quit [Ping timeout: 255 seconds] 17:52 -!- newl [~newl@97.75.165.156] has joined #openvpn 17:52 -!- troyt [~troyt@2001:1938:240:3000::3] has quit [Ping timeout: 272 seconds] 17:53 -!- tekzilla [~jon@hmbg-4d06bf66.pool.mediaWays.net] has quit [Read error: Operation timed out] 17:54 -!- Araluccl1 [~lallo@151.77.255.18] has joined #openvpn 17:55 -!- troyt [~troyt@2001:1938:240:3000::3] has joined #openvpn 17:56 -!- Araluccl0 [~lallo@151.77.236.69] has quit [Ping timeout: 252 seconds] 17:57 -!- tekzilla [~jon@hmbg-4d069b3f.pool.mediaWays.net] has joined #openvpn 17:59 -!- Araluccl0 [~lallo@151.77.131.130] has joined #openvpn 18:01 -!- Araluccl1 [~lallo@151.77.255.18] has quit [Ping timeout: 252 seconds] 18:32 -!- TJNII [~TJNII@tjnii.com] has quit [Quit: Because a pickle too small is a gherkin.] 18:48 -!- h4x0r` [~h4x0r@CPE-120-146-170-159.static.qld.bigpond.net.au] has joined #openvpn 18:48 -!- h4x0r` [~h4x0r@CPE-120-146-170-159.static.qld.bigpond.net.au] has quit [Changing host] 18:48 -!- h4x0r` [~h4x0r@unaffiliated/respekt] has joined #openvpn 18:50 -!- MeanderingCode [~Meanderin@173-12-202-43-Albuquerque.hfc.comcastbusiness.net] has joined #openvpn 18:58 -!- MeanderingCode [~Meanderin@173-12-202-43-Albuquerque.hfc.comcastbusiness.net] has quit [Ping timeout: 252 seconds] 19:25 -!- Denial [Denial@drgi.co.uk] has quit [] 19:40 -!- LuckyY [~LuckY@188.142.61.123] has quit [Read error: Connection reset by peer] 19:40 -!- LuckyY [~LuckY@188.142.61.123] has joined #openvpn 19:45 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 19:45 -!- _julian_ [~quassel@hmbg-5f77d217.pool.mediaWays.net] has joined #openvpn 19:48 -!- _julian [~quassel@hmbg-4d068b5c.pool.mediaWays.net] has quit [Ping timeout: 245 seconds] 19:55 -!- corretico [~luis@190.211.93.11] has joined #openvpn 20:15 -!- Gravitron [~admin@64.93.224.109] has joined #openvpn 20:15 -!- Gravitron [~admin@64.93.224.109] has quit [Changing host] 20:15 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 20:20 -!- Gravitro_ [~admin@69.163.40.45] has joined #openvpn 20:20 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Ping timeout: 252 seconds] 20:25 -!- Gravitro_ [~admin@69.163.40.45] has quit [Ping timeout: 240 seconds] 20:26 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 20:29 -!- troyt [~troyt@2001:1938:240:3000::3] has quit [Ping timeout: 240 seconds] 20:37 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Ping timeout: 255 seconds] 20:39 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 20:50 -!- troyt [~troyt@2001:1938:240:3000::3] has joined #openvpn 20:51 -!- nutron [~nutron@unaffiliated/nutron] has quit [Read error: Operation timed out] 20:52 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 20:55 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 21:05 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Read error: Connection reset by peer] 21:09 -!- SOG [~SOG@111.124.10.93.rev.sfr.net] has joined #openvpn 21:10 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 21:10 -!- troyt [~troyt@2001:1938:240:3000::3] has quit [Ping timeout: 272 seconds] 21:15 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 21:16 -!- michaelgamble [~michaelga@CPE00195b25196b-CM001cea3dc820.cpe.net.cable.rogers.com] has joined #openvpn 21:16 < michaelgamble> heyo 21:17 < michaelgamble> I'm looking at the openvpn downloads, and what i want is to install a fresh openvpn server.. is their a walkthrough somewhere? 21:21 -!- troyt [~troyt@2001:1938:240:3000::3] has joined #openvpn 21:26 < Olipro> Yes. 21:26 < michaelgamble> :) 21:27 < michaelgamble> I'm reading one right now, but its confusing me because its saying that i should ssh in to copy the client key to the client machine.. but i thought openvpn had the web gui for connecting :p 21:27 < michaelgamble> geglus.com/blog/2011/11/12/install-openvpn-server-on-ubuntu/ 21:28 < michaelgamble> http://geglus.com/blog/2011/11/12/install-openvpn-server-on-ubuntu/ 21:28 < michaelgamble> any recommendations for a specific tutorial / walkthrough? 21:37 < krzee> the web gui is for AS 21:37 < krzee> !AS 21:37 <@vpnHelper> "AS" is please go to #OpenVPN-AS for help with Access-Server 21:37 < krzee> this channel is for the open source version, which has no web ui 21:38 < krzee> !howto 21:38 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror 21:38 < michaelgamble> ah my bad didn't realize they were different 21:39 < krzee> !download 21:39 <@vpnHelper> "download" is (#1) http://www.openvpn.net/download to download OpenVPN or (#2) OpenVPN's Windows installer now includes OpenVPN GUI. Don't bother with http://openvpn.se anymore or (#3) Don't trust download.com at all. It provides an extremely old version with malware: http://insecure.org/news/download-com-fiasco.html 21:39 < krzee> thats the open source version 21:39 < michaelgamble> they did a really slick job with pre-packaged vm appliances at openvpn-as 21:39 < michaelgamble> i appreciate the re-direct though :) 21:42 < krzee> np 21:42 -!- LuckyY [~LuckY@188.142.61.123] has quit [Ping timeout: 240 seconds] 21:46 -!- LuckyY [~LuckY@188.142.61.123] has joined #openvpn 21:48 -!- Zyclops [~Adium@ec2-176-34-56-205.ap-northeast-1.compute.amazonaws.com] has joined #openvpn 21:49 -!- nutron [~nutron@unaffiliated/nutron] has joined #openvpn 22:01 -!- newl [~newl@97.75.165.156] has quit [Quit: leaving] 22:02 -!- JackWinter [~jack@ppp-289.vo.lu] has quit [Ping timeout: 240 seconds] 22:10 <@vpnHelper> RSS Update - forum: Newbee Help Please 22:15 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 22:21 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 22:49 -!- JackWinter [~jack@ppp-289.vo.lu] has joined #openvpn 22:54 -!- JackWinter [~jack@ppp-289.vo.lu] has quit [Ping timeout: 240 seconds] 22:54 -!- JackWinter [~jack@ppp-289.vo.lu] has joined #openvpn 23:04 -!- JackWinter [~jack@ppp-289.vo.lu] has quit [Ping timeout: 255 seconds] 23:10 -!- michaelgamble [~michaelga@CPE00195b25196b-CM001cea3dc820.cpe.net.cable.rogers.com] has quit [Quit: michaelgamble] 23:11 -!- JackWinter [~jack@ppp-289.vo.lu] has joined #openvpn 23:19 -!- gremly [~gremly@200.106.218.64] has quit [Quit: WeeChat 0.3.6] 23:23 -!- twister004 [~chatzilla@mail.goi.ritsnet.co.in] has joined #openvpn 23:30 -!- prakashkamliya [~prakashka@202.131.123.66] has joined #openvpn 23:31 < prakashkamliya> Can one please explain howto include multiple machines on client side using bridge mode. As its documentation on site doesnot reveal it in detail 23:40 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 23:45 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 23:46 -!- vereteran [~vereteran@static.88-198-170-117.clients.your-server.de] has quit [Excess Flood] 23:47 -!- vereteran [~vereteran@static.88-198-170-117.clients.your-server.de] has joined #openvpn --- Day changed Wed Jan 25 2012 00:02 -!- twister004_ [~chatzilla@59.99.200.9] has joined #openvpn 00:02 -!- twister004_ [~chatzilla@59.99.200.9] has quit [Read error: Connection reset by peer] 00:02 -!- twister004 [~chatzilla@mail.goi.ritsnet.co.in] has quit [Read error: Connection reset by peer] 00:03 -!- twister004_ [~chatzilla@mail.goi.ritsnet.co.in] has joined #openvpn 00:03 -!- twister004_ is now known as twister004 00:18 -!- SOG [~SOG@111.124.10.93.rev.sfr.net] has quit [Quit: I will be back!] 00:19 -!- Zyclops [~Adium@ec2-176-34-56-205.ap-northeast-1.compute.amazonaws.com] has quit [Ping timeout: 240 seconds] 00:20 <@vpnHelper> RSS Update - forum: Static IP Windows Please 00:21 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Quit: UnterPerro] 00:24 -!- mattock [~samuli@openvpn/corp/admin/mattock] has joined #openvpn 00:24 -!- mode/#openvpn [+o mattock] by ChanServ 00:26 <@vpnHelper> RSS Update - forum: Running more than one vps with one ca.crt on client 00:43 -!- raidz [~raidz@openvpn/corp/admin/andrew] has quit [Ping timeout: 252 seconds] 00:54 -!- corretico [~luis@190.211.93.11] has quit [Ping timeout: 276 seconds] 00:56 -!- prakashkamliya_ [~prakashka@202.131.123.66] has joined #openvpn 00:56 -!- prakashkamliya [~prakashka@202.131.123.66] has quit [Ping timeout: 240 seconds] 00:58 -!- corretico [~luis@190.211.93.11] has joined #openvpn 00:59 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has joined #openvpn 01:00 -!- MeanderingCode [~Meanderin@97-123-14-239.albq.qwest.net] has joined #openvpn 01:03 -!- `Ile` [~Ile@kaniserver.net] has joined #openvpn 01:14 <@vpnHelper> RSS Update - forum: Client can connect but has no access to the Internet 01:14 -!- prakashkamliya_ [~prakashka@202.131.123.66] has quit [Ping timeout: 252 seconds] 01:14 -!- prakashkamliya_ [~prakashka@202.131.123.66] has joined #openvpn 01:31 -!- prakashkamliya_ [~prakashka@202.131.123.66] has quit [Ping timeout: 276 seconds] 01:49 -!- Essobi [~Essobi@74-128-55-37.dhcp.insightbb.com] has quit [Ping timeout: 240 seconds] --- Log closed Wed Jan 25 02:17:28 2012 --- Log opened Wed Jan 25 02:23:12 2012 02:23 -!- ecrist [~ecrist@jaguar-2-red.claimlynx.com] has joined #openvpn 02:23 -!- Irssi: #openvpn: Total of 134 nicks [4 ops, 0 halfops, 16 voices, 114 normal] 02:23 -!- ObamaIsAGangsta [~leno81@208.111.39.186] has joined #openvpn 02:23 -!- Irssi: Join to #openvpn was synced in 30 secs 02:29 -!- twister004 [~chatzilla@mail.goi.ritsnet.co.in] has quit [Read error: Connection reset by peer] 02:30 -!- twister004_ [~chatzilla@mail.goi.ritsnet.co.in] has joined #openvpn 02:30 -!- twister004_ is now known as twister004 --- Log closed Wed Jan 25 02:34:37 2012 --- Log opened Wed Jan 25 02:40:03 2012 02:40 -!- ecrist [~ecrist@jaguar-2-red.claimlynx.com] has joined #openvpn 02:40 -!- Irssi: #openvpn: Total of 134 nicks [4 ops, 0 halfops, 16 voices, 114 normal] 02:40 -!- _quadDamage [~EmperorTo@jaguar-2-red.claimlynx.com] has joined #openvpn 02:40 -!- Irssi: Join to #openvpn was synced in 29 secs 02:48 <@dazo> ObamaIsAGangsta: use tc or some other OS related traffic control regime ... no other way 02:54 -!- koaschten [~koaschten@31-16-0-231-dynip.superkabel.de] has quit [Ping timeout: 244 seconds] 03:02 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn 03:02 -!- mode/#openvpn [+v s7r] by ChanServ 03:10 <@vpnHelper> RSS Update - forum: WinXP setting bogus subnet and routes 03:17 -!- krzee [nobody@openvpn/community/support/krzee] has quit [Quit: This computer has gone to sleep] 03:30 -!- Denial [Denial@drgi.co.uk] has joined #openvpn 03:35 -!- tazou [~Guillaume@78.223.143.27] has joined #openvpn 03:35 < tazou> Hi, 03:35 -!- meepmeep_ [meepmeep@there-is-no.endoftheinternet.org] has quit [Ping timeout: 245 seconds] 03:35 < tazou> is it possible to limit bandwith usage by vpn account please ? 03:36 -!- tekoholic [~quassel@97-118-207-247.hlrn.qwest.net] has quit [Quit: No Ping reply in 180 seconds.] 03:36 -!- tekoholic [~quassel@97-118-207-247.hlrn.qwest.net] has joined #openvpn 03:36 < tazou> Example: I have 100 vpn users, and I would like to give 50KB/s to each users 03:36 -!- meepmeep [meepmeep@there-is-no.endoftheinternet.org] has joined #openvpn 03:37 -!- corretico [~luis@190.211.93.11] has quit [Ping timeout: 245 seconds] 03:42 -!- corretico [~luis@190.211.93.11] has joined #openvpn 03:46 -!- defsdoor [~andy@cpc17-sutt4-2-0-cust175.perr.cable.virginmedia.com] has joined #openvpn 03:59 <@vpnHelper> RSS Update - forum: configure Shorewall to allow vpn through 04:01 -!- prakashkamliya_ [~prakashka@202.131.123.66] has joined #openvpn 04:03 -!- stephanj [stephan@nemesis.stejau.de] has joined #openvpn 04:03 < stephanj> when the vpn server pushs a gateway rule to the client, is there a way to ignore this rule? 04:04 < stephanj> in this case all traffic is redirected throu the tunnel -> which i dont want 04:06 < reiffert> intresting question. 04:06 < reiffert> dazo: ? 04:07 < reiffert> stephanj: I'd probably have my own --up script. 04:08 < stephanj> and reverse server pushed routes and define my own? 04:08 < reiffert> --route-nopull 04:08 < reiffert> looks worth a try as well 04:08 < stephanj> k 04:08 < stephanj> i will try :) 04:09 < reiffert> or 04:09 < reiffert> --route-noexec 04:09 < reiffert> Don't add or remove routes automatically. Instead pass routes to --route-up script using environmental vari- 04:09 < reiffert> ables. 04:11 <@dazo> stephanj: route --no-pull is the solution ... but you'll need then to add --route statements for those routes you really want 04:12 < reiffert> which leads you to -noexec and --route-up cmd? 04:12 -!- tazou [~Guillaume@78.223.143.27] has left #openvpn ["Quitte"] 04:14 -!- prakashkamliya_ [~prakashka@202.131.123.66] has quit [Ping timeout: 252 seconds] 04:17 -!- h4x0r` [~h4x0r@unaffiliated/respekt] has quit [] 04:20 -!- prakashkamliya_ [~prakashka@202.131.123.66] has joined #openvpn 04:21 <@dazo> nah, just adding --route ... will do all the routing setups automatically ... the route-up is called after all routes are set up 04:21 <@dazo> so you won't get any routes this way, if you want to filter 04:23 -!- master_of_master [~master_of@p57B55AFE.dip.t-dialin.net] has quit [Ping timeout: 244 seconds] 04:25 -!- master_of_master [~master_of@p57B55C88.dip.t-dialin.net] has joined #openvpn 04:25 -!- krzee [nobody@openvpn/community/support/krzee] has joined #openvpn 04:27 -!- p3rror [~mezgani@41.137.254.45] has joined #openvpn 04:31 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 04:34 -!- prakashkamliya_ [~prakashka@202.131.123.66] has quit [Ping timeout: 252 seconds] 04:39 -!- MikeW [~MW@ks35441.kimsufi.com] has quit [Remote host closed the connection] 04:39 -!- MikeW [~MW@ks35441.kimsufi.com] has joined #openvpn 04:47 -!- prakashkamliya_ [~prakashka@115.118.161.163] has joined #openvpn 04:54 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 04:56 -!- h4x0r` [~h4x0r@CPE-120-146-170-159.static.qld.bigpond.net.au] has joined #openvpn 04:56 -!- h4x0r` [~h4x0r@CPE-120-146-170-159.static.qld.bigpond.net.au] has quit [Changing host] 04:56 -!- h4x0r` [~h4x0r@unaffiliated/respekt] has joined #openvpn 04:56 -!- prakashkamliya_ [~prakashka@115.118.161.163] has quit [Ping timeout: 248 seconds] 04:58 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 05:05 -!- prakashkamliya_ [~prakashka@115.118.161.163] has joined #openvpn 05:07 -!- noisebleed [~quassel@piggy.inescn.pt] has joined #openvpn 05:07 -!- noisebleed [~quassel@piggy.inescn.pt] has quit [Changing host] 05:07 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has joined #openvpn 05:08 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Quit: UnterPerro lives to save another day] 05:44 -!- prakashkamliya_ [~prakashka@115.118.161.163] has quit [Ping timeout: 252 seconds] 05:58 -!- Araluccl0 [~lallo@151.77.131.130] has quit [Quit: Anche il discorsismo ha un limitismo.] 05:59 -!- Araluccl0 [~lallo@151.77.131.130] has joined #openvpn 06:24 -!- prakashkamliya_ [~prakashka@115.118.161.163] has joined #openvpn 06:24 -!- gardar [~gardar@gardar.net] has quit [Remote host closed the connection] 06:34 -!- prakashkamliya_ [~prakashka@115.118.161.163] has quit [Ping timeout: 260 seconds] 06:36 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has quit [Quit: This computer has gone to sleep] 06:50 -!- koaschten [~koaschten@31-16-0-231-dynip.superkabel.de] has joined #openvpn 06:55 -!- c1de0x [~c1de0x@208.111.44.254] has quit [Excess Flood] 07:09 -!- twister004 [~chatzilla@mail.goi.ritsnet.co.in] has quit [Read error: Connection reset by peer] 07:10 -!- twister004_ [~chatzilla@mail.goi.ritsnet.co.in] has joined #openvpn 07:10 -!- twister004_ is now known as twister004 07:16 -!- c1de0x [~c1de0x@208.111.44.254] has joined #openvpn 07:29 <@vpnHelper> RSS Update - forum: my other wish 07:40 -!- Araluccl0 [~lallo@151.77.131.130] has quit [Ping timeout: 252 seconds] 07:44 -!- Araluccl0 [~lallo@151.77.199.164] has joined #openvpn 07:52 -!- Araluccl0 [~lallo@151.77.199.164] has quit [Ping timeout: 252 seconds] 07:52 -!- Araluccl0 [~lallo@151.77.89.146] has joined #openvpn 07:59 -!- Araluccl0 [~lallo@151.77.89.146] has quit [Ping timeout: 252 seconds] 07:59 -!- dazo_ [dazo@openvpn/community/developer/dazo] has joined #openvpn 07:59 -!- mode/#openvpn [+o dazo_] by ChanServ 08:00 -!- dazo [dazo@openvpn/community/developer/dazo] has quit [Disconnected by services] 08:00 -!- dazo_ is now known as dazo 08:02 -!- Diffen [~diffen@210.152.241.83.in-addr.dgcsystems.net] has joined #openvpn 08:06 -!- Araluccl0 [~lallo@151.77.244.172] has joined #openvpn 08:06 < hyper_ch> !pki 08:06 <@vpnHelper> "pki" is (#1) http://openvpn.net/index.php/open-source/documentation/howto.html#pki for how to make your PKI stuff (ca, and certs) or (#2) Heres a basic rundown of how it works... The server, client, and ca certs are all signed by the same ca.key. The server and client use the ca.crt to check that eachother were signed by the right ca.key. Optionally, the client also checks that the server cert was 08:06 <@vpnHelper> signed specially as a server (see !servercert) 08:12 -!- Araluccl0 [~lallo@151.77.244.172] has quit [Ping timeout: 252 seconds] 08:20 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 08:34 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 260 seconds] 08:40 < hyper_ch> !def1 08:40 <@vpnHelper> "def1" is (#1) used in redirect-gateway, Add the def1 flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. or (#2) please see --redirect-gateway in the man page ( !man ) to fully understand or (#3) push "redirect-gateway def1" 08:41 -!- gladiatr [~sdspence@openvpn/community/support/gladiatr] has quit [Quit: Leaving] 08:44 -!- Deele [~Mr.D@80.233.175.48] has joined #openvpn 08:44 < Deele> hello 08:44 < pwrcycle> !welcome 08:44 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 08:45 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has joined #openvpn 08:45 < Deele> is it possible, to configure openvpn, so that my windows machine only uses vpn when accessing specific IP's or domains (better) 08:45 < pwrcycle> !route 08:45 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT or (#3) See !tcpip for more info about a more basic networking guide 08:46 < Deele> pwrcycle. I guess, you wanted to say "yes"? 08:46 < pwrcycle> not really :) 08:47 < pwrcycle> you basically want to not override your default route. but not sure how to do that on windows.. 08:47 < Deele> I want to access secured servers at office through VPN, in mean time, for all other traffic, use my current connection 08:47 < pwrcycle> yeah, read the faq. in the client settings somewheres 08:48 < Deele> ok 08:48 < pwrcycle> !redirect 08:48 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns 08:49 < Deele> so, I should search something like "openvpn client routing on windows"? 08:50 < pwrcycle> yes 08:50 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 08:50 < pwrcycle> but in really, that should just lead you to the links from the bot 08:51 < pwrcycle> because that is where the real knowledge is 08:52 <@vpnHelper> RSS Update - forum: OPENVPN Works from States, not Europe 08:52 < Deele> pwrcycle I found http://www.adamsinfo.com/quick-linux-and-windows-openvpn-howto-and-tutorial-including-vpn-routing/ 08:53 <@vpnHelper> Title: Quick Linux and Windows OpenVPN HOWTO and tutorial, including VPN routing | Adam Palmer, PHP Programmer, Website Security Consultant (at www.adamsinfo.com) 08:53 < Deele> I guess, it will work, but that leads only to single IP range configuration 08:53 < Deele> I need one range and 3 IP's 08:57 < pwrcycle> !goal 08:57 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc 08:58 < Deele> I want to access secured network at my work, through VPN, those are 3 IPS and one IP range, 08:59 < Deele> all other traffic, should use current IP connection (non vpn) 08:59 < Deele> currently, ping on my external address gives me 6 hops, in realy, it is just 2 08:59 < Deele> reality* 09:00 < Deele> I mean, tracert 09:02 -!- evilhackerdude [u1451@gateway/web/irccloud.com/x-radqxutoepcawvwf] has joined #openvpn 09:02 -!- evilhackerdude is now known as ehd 09:02 < hyper_ch> !linipforward 09:02 <@vpnHelper> "linipforward" is (#1) echo 1 > /proc/sys/net/ipv4/ip_forward for a temp solution (til reboot) or set net.ipv4.ip_forward = 1 in sysctl.conf for perm solution or (#2) chmod +x /etc/rc.d/rc.ip_forward for perm solution in slackware 09:07 < hyper_ch> !lan 09:07 < hyper_ch> !bridge 09:07 <@vpnHelper> "bridge" is (#1) http://openvpn.net/index.php/documentation/miscellaneous/ethernet-bridging.html for the doc or (#2) http://openvpn.net/index.php/documentation/faq.html#bridge1 for info from the FAQ or (#3) also see !tunortap and !layer2 and read --server-bridge in the manual (!man) 09:09 < Deele> hyper_ch, I have hard time understanding this, I'm weak in networking 09:10 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn 09:12 < Deele> and I have no access to server configuration 09:12 < hyper_ch> Deele: that was not aimed at you but for me 09:12 < Deele> Okay 09:13 < hyper_ch> !route 09:13 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT or (#3) See !tcpip for more info about a more basic networking guide 09:16 <@vpnHelper> RSS Update - forum: Openvpn between two computers in the same network 09:17 -!- h4x0r` [~h4x0r@unaffiliated/respekt] has quit [Ping timeout: 252 seconds] 09:17 -!- h4x0r` [~h4x0r@CPE-120-146-170-159.static.qld.bigpond.net.au] has joined #openvpn 09:17 -!- h4x0r` [~h4x0r@CPE-120-146-170-159.static.qld.bigpond.net.au] has quit [Changing host] 09:17 -!- h4x0r` [~h4x0r@unaffiliated/respekt] has joined #openvpn 09:20 -!- Deele [~Mr.D@80.233.175.48] has quit [Disconnected by services] 09:20 -!- De`off [~Mr.D@217.199.115.217] has joined #openvpn 09:22 <@vpnHelper> RSS Update - forum: Remove routes when there is no connection w/ the peer 09:26 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has quit [Quit: No Ping reply in 180 seconds.] 09:27 -!- noisebleed_ [~quassel@piggy.inescn.pt] has joined #openvpn 09:30 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Remote host closed the connection] 09:31 -!- tabakhase [t4b4kh453@unaffiliated/tabakhase] has quit [Ping timeout: 240 seconds] 09:32 -!- pranq [pranq@unaffiliated/contempt] has quit [Ping timeout: 240 seconds] 09:32 -!- Mowee [~Mowi@lendabrain.net] has quit [Quit: I don't discriminate, I hate everyone.] 09:33 -!- tabakhase_ [t4b4kh453@rps9289.ovh.net] has joined #openvpn 09:33 -!- EvilJStoker [jstoker@unaffiliated/jstoker] has quit [Quit: EvilJStoker is gone :(] 09:33 -!- pranq_ [pranq@bbis.us] has joined #openvpn 09:34 -!- Netsplit *.net <-> *.split quits: JoeGazz84, Guest5164 --- Log closed Wed Jan 25 09:39:22 2012 --- Log opened Wed Jan 25 09:39:37 2012 09:39 -!- ecrist [~ecrist@jaguar-2-red.claimlynx.com] has joined #openvpn 09:39 -!- Irssi: #openvpn: Total of 122 nicks [3 ops, 0 halfops, 16 voices, 103 normal] 09:40 -!- cron2 [~gert@kirk.greenie.muc.de] has joined #openvpn 09:40 -!- Irssi: Join to #openvpn was synced in 30 secs 09:40 -!- R-66Y [~nobody@elegua.za.net] has joined #openvpn 09:41 -!- EvilJStoker_ [jstoker@athena.jcs.me.uk] has joined #openvpn 09:42 -!- newl [~newl@97.75.165.156] has joined #openvpn 09:42 -!- `Ile` [~Ile@kaniserver.net] has joined #openvpn 09:42 -!- tekoholic [~quassel@97-118-207-247.hlrn.qwest.net] has quit [Quit: http://quassel-irc.org - Chat comfortably. Anywhere.] 09:42 -!- tekoholic [~tekoholic@97-118-207-247.hlrn.qwest.net] has joined #openvpn 09:43 -!- tekoholic [~tekoholic@97-118-207-247.hlrn.qwest.net] has left #openvpn [] 09:50 -!- Diffen [~diffen@210.152.241.83.in-addr.dgcsystems.net] has quit [Quit: This computer has gone to sleep] 09:51 -!- Dweezahr [~Dweezahr@flits102-34.flits.rug.nl] has joined #openvpn 09:54 -!- Cr4zi3 [killaz@crazie2-1-pt.tunnel.tserv12.mia1.ipv6.he.net] has quit [Excess Flood] 09:54 -!- fr00d [~andi@sandbox2.sixhop.de] has joined #openvpn 09:54 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 09:54 -!- Guest5164 [~caesay@socialshock.net] has joined #openvpn 09:54 -!- JoeGazz84 [~JoeGazz84@TechEssentials/JoeGazz84] has joined #openvpn 09:54 -!- rob0 [rob0@pdpc/valentine/postfixninja/rob0] has joined #openvpn 09:54 -!- chantra [~chantra@unaffiliated/chantra] has joined #openvpn 09:54 -!- RichardBronosky [~RichardBr@slice1.bronosky.com] has joined #openvpn 09:55 -!- stephanj [stephan@nemesis.stejau.de] has joined #openvpn 09:55 -!- payal11 [payal@inara.dreamhost.com] has joined #openvpn 09:55 -!- masch [~quassel@big.masch.it] has joined #openvpn 09:55 -!- JPeterson [HydraIRC@s213-103-209-64.cust.tele2.se] has joined #openvpn 09:55 -!- Intensity [bgdh4rG9xt@unaffiliated/intensity] has joined #openvpn 09:55 -!- mick_laptop [~mick@mickweiss.com] has joined #openvpn 09:55 -!- novaflash [~novaflash@openvpn/user/novaflash] has joined #openvpn 09:55 -!- ServerMode/#openvpn [+v novaflash] by pratchett.freenode.net 10:02 -!- scampbell [~scampbell@mail.scampbell.net] has joined #openvpn 10:06 -!- twister004 [~chatzilla@mail.goi.ritsnet.co.in] has quit [Quit: ChatZilla 0.9.88 [Firefox 9.0.1/20111220165912]] 10:07 -!- scampbell is now known as Guest21359 10:09 -!- ObamaIsAGangsta [~leno81@208.111.39.186] has quit [Ping timeout: 245 seconds] 10:10 -!- ObamaIsAGangsta [~leno81@208.111.39.186] has joined #openvpn 10:13 -!- danniel [~leno81@208.111.39.186] has joined #openvpn 10:13 -!- ObamaIsAGangsta [~leno81@208.111.39.186] has quit [Read error: Connection reset by peer] 10:27 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has joined #openvpn 10:28 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 10:42 -!- h4x0r` [~h4x0r@unaffiliated/respekt] has quit [] 10:42 -!- h4x0r` [~h4x0r@CPE-120-146-170-159.static.qld.bigpond.net.au] has joined #openvpn 10:42 -!- h4x0r` [~h4x0r@CPE-120-146-170-159.static.qld.bigpond.net.au] has quit [Changing host] 10:42 -!- h4x0r` [~h4x0r@unaffiliated/respekt] has joined #openvpn 10:50 < crissi> is it possible to send a userdefined identifier from client to server 10:50 < crissi> ? 10:51 < crissi> the client is using certificate but that one cant changed 10:51 < ecrist> like what? 10:51 < ecrist> you can request a username and password 10:51 < ecrist> and you can access components of the CA certificate, iirc 10:55 < crissi> i would like to have a way to see what client it is 10:55 < crissi> but the connected clients all have same cert 10:56 < crissi> if i could override the name in cert it would be ok 10:58 <@dazo> crissi: that's the point of separate certificates .... or username/password authentication .... no other way 10:59 < crissi> bah. 11:00 < crissi> no way to set teh cn? 11:02 <@dazo> the CN is a value inside a CA signed certificate .... if you change the CA, you invalidate the certificate 11:02 -!- h4x0r` [~h4x0r@unaffiliated/respekt] has quit [] 11:03 <@dazo> change the CN, you invalidate the certificate, I meant 11:04 < ecrist> you need to re-issue certificates to each user 11:06 < crissi> not possible 11:07 < crissi> changing the cert 11:07 < crissi> if i had a way to push the mac of the device it would be nice... 11:08 -!- ibins [~Michael@2001:6f8:1c60:7777:21a:4dff:fe66:600c] has joined #openvpn 11:09 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Quit: Rolybrau] 11:10 < ecrist> crissi: we told you what to do. that is all 11:14 -!- raidz [~raidz@openvpn/corp/admin/andrew] has joined #openvpn 11:14 -!- mode/#openvpn [+o raidz] by ChanServ 11:14 <@dazo> crissi: the mac address is only available in TAP mode ... and that is available via the --learn-address script hook 11:15 < crissi> yes, i'm in tap mode :) 11:15 < crissi> how i have to use that? 11:15 <@dazo> but only when clients connect (learn-address 'add mode') ... when clients disconnect, you'll only get the IP address 11:15 <@dazo> read the man page 11:16 <@dazo> but that's the MAC address of the TAP adapter, not anything else 11:16 * dazo heads out 11:17 -!- dazo is now known as dazo_afk 11:19 < ecrist> and the TAP address is random 11:23 < crissi> no, that should net be a problem 11:52 <@vpnHelper> RSS Update - forum: Need IPv6 code in mroute_extract_addr_from_packet 11:55 -!- EvilJStoker_ [jstoker@athena.jcs.me.uk] has quit [Changing host] 11:55 -!- EvilJStoker_ [jstoker@unaffiliated/jstoker] has joined #openvpn 11:55 -!- cron2 [~gert@kirk.greenie.muc.de] has quit [Changing host] 11:55 -!- cron2 [~gert@openvpn/community/developer/cron2] has joined #openvpn 11:56 -!- EvilJStoker_ is now known as EvilJStoker 12:04 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has joined #openvpn 12:05 -!- mcp [~mcp@wolk-project.de] has quit [Remote host closed the connection] 12:05 < krzee> hrm i answered that question like a month ago 12:12 < rob0> reiffert: ignore removed 12:15 -!- init [~init@95-89-60-199-dynip.superkabel.de] has joined #openvpn 12:21 -!- mcp [~mcp@wolk-project.de] has joined #openvpn 12:37 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has quit [Ping timeout: 245 seconds] 12:41 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has joined #openvpn 12:47 <@vpnHelper> RSS Update - forum: Getting this to work. 12:49 -!- `Ile` [~Ile@kaniserver.net] has quit [Quit: KVIrc 4.1.3 Equilibrium http://www.kvirc.net/] 12:49 -!- `Ile`|2 [~kvirc@79-101-238-129.dynamic.isp.telekom.rs] has joined #openvpn 12:49 -!- `Ile`|2 is now known as `Ile` 12:50 -!- gardar [~gardar@gardar.net] has joined #openvpn 13:04 -!- prg3 [~prg3@chatter.majestik.org] has quit [Quit: ZNC - http://znc.sourceforge.net] 13:05 -!- prg3 [~prg3@chatter.majestik.org] has joined #openvpn 13:11 <@vpnHelper> RSS Update - forum: Site-to-Site Tunnel/IP masquerade question. 13:13 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 13:14 -!- newl [~newl@97.75.165.156] has left #openvpn [] 13:21 -!- p3rror [~mezgani@41.137.254.45] has quit [Read error: Operation timed out] 13:26 -!- init [~init@95-89-60-199-dynip.superkabel.de] has quit [Quit: Verlassend] 13:29 <@vpnHelper> RSS Update - forum: Proper support for duplicate iroutes. 13:41 <@vpnHelper> RSS Update - forum: Official Android App || Site to Site Problems! 13:47 <@vpnHelper> RSS Update - forum: I cannot get my openvpn client to connect to the server || Please help me with OPENVPN 13:51 -!- roentgen [~arthur@openvpn/community/support/roentgen] has joined #openvpn 13:53 <@vpnHelper> RSS Update - forum: Unable to ping behind client from server in Bridge Mode || Bought OpenVPN during the week now it won't work || Howto run multiple client connection using single daemon 13:55 -!- Guest21359 [~scampbell@mail.scampbell.net] has quit [Quit: Ex-Chat] 13:55 -!- s7r [~s7r@openvpn/user/s7r] has left #openvpn [] 13:59 <@vpnHelper> RSS Update - forum: Port Forwarding by SQL || Including multiple machines on the client side bridge mode?? 14:09 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has quit [Ping timeout: 245 seconds] 14:09 -!- roentgen [~arthur@openvpn/community/support/roentgen] has quit [Quit: Konversation terminated!] 14:11 <@vpnHelper> RSS Update - forum: Active directory and user groups || There is a problem in your selection of --ifconfig endpoints 14:12 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has joined #openvpn 14:23 <@vpnHelper> RSS Update - forum: Port Forwarding by SQL 14:25 < tabakhase_> im tring to HAbalance my vpn 14:25 < tabakhase_> connecting direct to vpn-1 and vpn-2 works just fine 14:25 < tabakhase_> but connecting to "vpn" (shared ip using heartbeat) the connection cant be established 14:26 < tabakhase_> seems like his waiting till death for the remoteOptions string 14:27 < tabakhase_> TLS keynego. failed 14:29 <@vpnHelper> RSS Update - forum: GetAdaptersInfo #2 failed 14:42 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has quit [] 14:57 -!- MeanderingCode [~Meanderin@97-123-14-239.albq.qwest.net] has quit [Read error: Connection reset by peer] 14:57 -!- MeanderingCode [~Meanderin@97-123-14-239.albq.qwest.net] has joined #openvpn 14:58 -!- `Ile` [~kvirc@79-101-238-129.dynamic.isp.telekom.rs] has quit [Remote host closed the connection] 14:59 <@vpnHelper> RSS Update - forum: Disable version check, how? 15:00 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 240 seconds] 15:00 -!- takamichi [~pri@217.23.4.104] has joined #openvpn 15:14 -!- tabakhase_ [t4b4kh453@rps9289.ovh.net] has quit [Changing host] 15:14 -!- tabakhase_ [t4b4kh453@unaffiliated/tabakhase] has joined #openvpn 15:21 -!- Gravitron [~admin@64.93.224.109] has joined #openvpn 15:21 -!- Gravitron [~admin@64.93.224.109] has quit [Changing host] 15:21 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 15:28 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Ping timeout: 252 seconds] 15:29 -!- defsdoor [~andy@cpc17-sutt4-2-0-cust175.perr.cable.virginmedia.com] has quit [Quit: Ex-Chat] 15:33 -!- cjs226 [~cjs226@rrcs-71-40-79-154.sw.biz.rr.com] has joined #openvpn 15:46 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has quit [Quit: Leaving] 15:47 -!- ibins [~Michael@2001:6f8:1c60:7777:21a:4dff:fe66:600c] has quit [Quit: Verlassend] 15:50 -!- Gravitro_ [~admin@69.163.40.45] has joined #openvpn 15:56 -!- cphuntington97 [~jonathan@64.61.24.18] has joined #openvpn 16:07 -!- cjs226 [~cjs226@rrcs-71-40-79-154.sw.biz.rr.com] has quit [] 16:08 -!- takamichi [~pri@217.23.4.104] has quit [Ping timeout: 260 seconds] 16:08 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 16:12 -!- mcp [~mcp@wolk-project.de] has quit [Remote host closed the connection] 16:12 -!- mcp [~mcp@wolk-project.de] has joined #openvpn 16:15 -!- h4x0r` [~h4x0r@CPE-120-146-170-159.static.qld.bigpond.net.au] has joined #openvpn 16:15 -!- h4x0r` [~h4x0r@CPE-120-146-170-159.static.qld.bigpond.net.au] has quit [Changing host] 16:15 -!- h4x0r` [~h4x0r@unaffiliated/respekt] has joined #openvpn 16:16 -!- johnny_be_yell-1 [~Joe@96.26.97.237] has left #openvpn [] 16:19 -!- Gravitron [~admin@64.93.224.109] has joined #openvpn 16:19 -!- Gravitron [~admin@64.93.224.109] has quit [Changing host] 16:19 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 16:19 -!- Araluccl0 [~lallo@151.77.174.247] has joined #openvpn 16:19 -!- Gravitro_ [~admin@69.163.40.45] has quit [Ping timeout: 245 seconds] 16:23 -!- Gravitro_ [~admin@69.163.40.45] has joined #openvpn 16:23 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Ping timeout: 252 seconds] 16:24 -!- jason_rad [~jason_rad@66.60.164.164] has joined #openvpn 16:24 -!- zeeshoem [~zee@108.162.156.19] has quit [] 16:24 < jason_rad> Need some insight. The goal: Employees are equipped with a laptop. The laptop needs to initialize VPN upon logging in (OpenVPN, users are auth'd against AD upon joining domain). My problem is.. How does one do this when the user first needs access when setting up their wireless nic card with their home routers. 16:24 < jason_rad> I know this is not an openvpn issue, just wondering if any of you have done something similar 16:37 -!- Gravitro_ [~admin@69.163.40.45] has quit [Read error: Connection reset by peer] 16:37 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 16:41 -!- jason_rad [~jason_rad@66.60.164.164] has quit [Quit: jason_rad] 16:50 <+EugeneKay> Magic 16:54 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Ping timeout: 252 seconds] 17:00 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has quit [Quit: This computer has gone to sleep] 17:08 -!- amir [~amir@unaffiliated/amir] has quit [Ping timeout: 252 seconds] 17:13 -!- JackWinter2 [~jack@ppp-289.vo.lu] has joined #openvpn 17:14 -!- c1de0x [~c1de0x@208.111.44.254] has quit [Ping timeout: 252 seconds] 17:14 -!- h4x0r` [~h4x0r@unaffiliated/respekt] has quit [Read error: Connection reset by peer] 17:15 -!- JackWinter [~jack@ppp-289.vo.lu] has quit [Ping timeout: 252 seconds] 17:23 -!- nutron [~nutron@unaffiliated/nutron] has quit [Quit: I must go eat my cheese!] 17:32 -!- c1de0x [~c1de0x@208.111.44.254] has joined #openvpn 17:32 -!- c1de0x [~c1de0x@208.111.44.254] has quit [Excess Flood] 17:33 -!- c1de0x [~c1de0x@208.111.44.254] has joined #openvpn 17:36 -!- c1de0x [~c1de0x@208.111.44.254] has quit [Max SendQ exceeded] 17:37 -!- c1de0x [~c1de0x@208.111.44.254] has joined #openvpn 17:37 -!- c1de0x [~c1de0x@208.111.44.254] has quit [Max SendQ exceeded] 17:38 -!- c1de0x [~c1de0x@208.111.44.254] has joined #openvpn 17:40 -!- De`off [~Mr.D@217.199.115.217] has quit [Ping timeout: 252 seconds] 17:43 -!- h4x0r` [~h4x0r@CPE-120-146-170-159.static.qld.bigpond.net.au] has joined #openvpn 17:44 -!- newl [~newl@97.75.165.156] has joined #openvpn 17:44 -!- Gravitron [~admin@64.93.226.18] has joined #openvpn 17:45 -!- epsilon [textblase@raid1.net] has quit [Read error: Operation timed out] 17:49 -!- Gravitro_ [~admin@69.163.40.45] has joined #openvpn 17:49 -!- Gravitron [~admin@64.93.226.18] has quit [Ping timeout: 248 seconds] 17:50 -!- epsilon [textblase@raid1.net] has joined #openvpn 17:55 -!- wedge [lordsilenc@bigfoot.xh.se] has quit [Ping timeout: 240 seconds] 17:55 -!- rooth [rooth@ge.mig.en.redfox.nu] has quit [Ping timeout: 252 seconds] 17:55 -!- wedge [lordsilenc@bigfoot.xh.se] has joined #openvpn 17:55 -!- rooth [rooth@ge.mig.en.redfox.nu] has joined #openvpn 17:57 -!- tekzilla [~jon@hmbg-4d069b3f.pool.mediaWays.net] has quit [Ping timeout: 248 seconds] 17:57 -!- c1de0x [~c1de0x@208.111.44.254] has quit [Max SendQ exceeded] 17:59 -!- tekzilla [~jon@hmbg-4d06b15e.pool.mediaWays.net] has joined #openvpn 17:59 -!- mode/#openvpn [+o cron2] by ChanServ 18:00 -!- h4x0r` is now known as Guest35145 18:13 -!- amir__ [~amir@80-219-10-9.dclient.hispeed.ch] has joined #openvpn 18:13 -!- amir__ [~amir@80-219-10-9.dclient.hispeed.ch] has quit [Changing host] 18:13 -!- amir__ [~amir@unaffiliated/amir] has joined #openvpn 18:14 < tabakhase_> hi therwe 18:18 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has quit [Remote host closed the connection] 18:25 -!- Essobi [~Essobi@74-133-160-231.dhcp.insightbb.com] has quit [Ping timeout: 248 seconds] 18:26 -!- epsilon [textblase@raid1.net] has quit [Quit: cya] 18:27 -!- epsilon [textblase@raid1.net] has joined #openvpn 18:28 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has joined #openvpn 18:31 -!- MeanderingCode [~Meanderin@97-123-14-239.albq.qwest.net] has quit [Ping timeout: 240 seconds] 18:34 -!- MeanderingCode [~Meanderin@m5.mullvad.net] has joined #openvpn 18:39 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has quit [Quit: This computer has gone to sleep] 18:40 -!- MeanderingCode [~Meanderin@m5.mullvad.net] has quit [Ping timeout: 276 seconds] 18:54 -!- Denial [Denial@drgi.co.uk] has quit [] 19:06 -!- MeanderingCode [~Meanderin@97-123-14-239.albq.qwest.net] has joined #openvpn 19:10 -!- [1]SigmaProjects [~SigmaProj@cpe-66-74-191-116.socal.res.rr.com] has joined #openvpn 19:11 -!- SigmaProjects [~SigmaProj@cpe-66-74-191-116.socal.res.rr.com] has quit [Ping timeout: 252 seconds] 19:11 -!- [1]SigmaProjects is now known as SigmaProjects 19:17 -!- Gravitro_ [~admin@69.163.40.45] has quit [Ping timeout: 240 seconds] 19:19 -!- SigmaProjects [~SigmaProj@cpe-66-74-191-116.socal.res.rr.com] has quit [Read error: Connection reset by peer] 19:20 -!- SigmaProjects [~SigmaProj@cpe-66-74-191-116.socal.res.rr.com] has joined #openvpn 19:26 -!- Dev0n [~Dev0n@host-92-26-113-187.as13285.net] has joined #openvpn 19:27 < Dev0n> hey, is this possible with openvpn ? CLIENT [ IP A ] -> OPENVPN SERVER [ IP B ] -> INTERNET [ IP B ] 19:27 -!- raidz [~raidz@openvpn/corp/admin/andrew] has quit [Ping timeout: 252 seconds] 19:27 < Dev0n> what I'm really asking for it is possible to setup proxies using openvpn right ? 19:33 < tabakhase_> Dev0n sure 19:33 -!- SigmaProjects [~SigmaProj@cpe-66-74-191-116.socal.res.rr.com] has quit [Read error: Connection reset by peer] 19:33 < Dev0n> cool, you know any tuts/guides on the net about getting a something like that running on a debian based system ? 19:33 < Dev0n> -a 19:44 -!- _julian [~quassel@hmbg-4d069511.pool.mediaWays.net] has joined #openvpn 19:44 -!- vect0rx [vectorx@countercultured.net] has quit [Remote host closed the connection] 19:46 -!- tjz [~pc@bb219-75-31-20.singnet.com.sg] has joined #openvpn 19:46 -!- tjz [~pc@bb219-75-31-20.singnet.com.sg] has quit [Changing host] 19:46 -!- tjz [~pc@unaffiliated/tjz] has joined #openvpn 19:47 -!- _julian_ [~quassel@hmbg-5f77d217.pool.mediaWays.net] has quit [Ping timeout: 252 seconds] 19:49 < krzee> !redirect 19:49 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns 19:49 < krzee> or if you are that lazy and understand networking 19:49 < krzee> !confgen 19:49 <@vpnHelper> "confgen" is (#1) http://www.doeshosting.com/code/openvpn-confgen.tgz for the bash config generator or (#2) you can use svn co http://www.secure-computing.net/svn/trunk/openvpn-confgen/ 19:56 < Dev0n> heh, I'll try the not-so lazy methods first and if I crash and burn, I can look at the spoon feeders :D 19:56 < Dev0n> thanks 19:57 < Dev0n> unrecognized options: --enable-pthread when doing ./configure --enable-pthread 19:57 < Dev0n> openvpn 2.2.2 19:57 < Dev0n> anyone else had that issue ? 20:04 -!- nutron [~nutron@unaffiliated/nutron] has joined #openvpn 20:05 -!- epsilon [textblase@raid1.net] has quit [Quit: cya] 20:05 -!- epsilon [textblase@raid1.net] has joined #openvpn 20:31 < newl> you don't think they are telling the truth? 20:31 < newl> configure --help | less do you see that configure option 20:42 < Dev0n> newl, INSTALL says otherwise 20:42 < Dev0n> but I guess that file is prob out dated 20:43 < newl> check the config it probably picks the best one you gots on yer system 20:43 < newl> config.log 21:30 -!- oc80z [oc80z@blea.ch] has quit [Changing host] 21:30 -!- oc80z [oc80z@openvpn/user/oc80z] has joined #openvpn 21:49 -!- emmanuelux [~emmanuel@2a01:e35:2e4d:9010:21d:60ff:fe0e:b818] has joined #openvpn 21:50 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Ping timeout: 252 seconds] 21:51 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has joined #openvpn 21:51 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has quit [Changing host] 21:51 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 21:51 -!- mode/#openvpn [+v Axeman] by ChanServ 21:51 < emmanuelux> hello 21:52 < emmanuelux> is there a simple way to have openvpn client work in a 'sandbox' (without a VM) 21:54 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 21:54 <@vpnHelper> RSS Update - forum: New openvpn server on dd-wrt, log posted, need assistance 21:55 -!- newl [~newl@97.75.165.156] has quit [Quit: leaving] 22:04 < krzee> depends what you mean by 'sandbox' 22:04 < krzee> that usually refers to a chroot, in which case yes 22:04 < krzee> maybe you could mean a freebsd jail, in which case yes 22:06 -!- corretico [~luis@190.211.93.11] has quit [Ping timeout: 240 seconds] 22:11 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 22:12 -!- Essobi [~Essobi@74-133-160-231.dhcp.insightbb.com] has joined #openvpn 22:17 -!- tamo2 [7adc2d12@gateway/web/freenode/ip.122.220.45.18] has joined #openvpn 22:17 < tamo2> I have a problem on which connection goes out, when carrying out Skype via OpenVPN. I am glad when there is information about solution. 22:25 <@vpnHelper> RSS Update - forum: Routed OpenVPN between two subnets 22:25 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Ping timeout: 248 seconds] 22:48 -!- corretico [~luis@190.211.93.11] has joined #openvpn 23:31 <@vpnHelper> RSS Update - forum: iptables udp 1195 MARK and MASQUERADE 23:36 -!- tamo2 [7adc2d12@gateway/web/freenode/ip.122.220.45.18] has quit [Quit: Page closed] 23:36 -!- babble [~coyote@unaffiliated/coyote] has joined #openvpn 23:40 -!- danniel [~leno81@208.111.39.186] has quit [] 23:49 -!- X0Rc0re [~chatzilla@124-169-221-73.dyn.iinet.net.au] has joined #openvpn 23:50 < X0Rc0re> need help with connecting to my VPN, i use this command to start my VPN /etc/init.d/openvpn restart 23:50 < X0Rc0re> whats the command to connect the VPN to my computer? 23:55 -!- babble [~coyote@unaffiliated/coyote] has quit [Quit: Leaving] 23:55 <@vpnHelper> RSS Update - forum: Please help me with OPENVPN --- Day changed Thu Jan 26 2012 00:03 -!- thansen [~thansen@c-67-177-32-87.hsd1.ut.comcast.net] has joined #openvpn 00:04 < thansen> I've got a relatively complete vpn setup I'd like some help with (complex for me anyway) 00:04 < thansen> server is running 2 instances of openvpn...one is tun style, other is tap 00:05 < thansen> I'm connected tun style from my laptop and would like to access another server that's connected tap style to the vpn server 00:05 -!- X0Rc0re [~chatzilla@124-169-221-73.dyn.iinet.net.au] has quit [Quit: ChatZilla 0.9.88 [Firefox 8.0.1/20111120135848]] 00:05 < thansen> I'm presuming it's some sort of iptables voodoo I need to perform to get it to work but not sure what exactly it is that I need 00:06 -!- simplechat [~simplecha@123-243-79-139.static.tpgi.com.au] has joined #openvpn 00:06 -!- simplechat [~simplecha@123-243-79-139.static.tpgi.com.au] has quit [Changing host] 00:06 -!- simplechat [~simplecha@unaffiliated/simplechat] has joined #openvpn 00:07 < thansen> the tap machine can ping the hosts on the physical network and the hosts on the physical network can ping back 00:08 < thansen> I just can't get to the vpn'd server from my tun'd laptop 00:08 < thansen> but can hit the other hosts on the physical network 00:34 -!- simplechat [~simplecha@unaffiliated/simplechat] has quit [Remote host closed the connection] 00:48 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has joined #openvpn 00:51 < emmanuelux> krzee, thx you to answer, what i'd like is to avoid that all my applications use the vpn but only some of them, a chroot seems to be the way to do it 00:57 -!- jameslordhz [~jack@125.109.164.178] has quit [Ping timeout: 252 seconds] 00:57 -!- jameslordhz [~jack@220.190.21.171] has joined #openvpn 01:05 <@vpnHelper> RSS Update - forum: New installation on Vmware esxi 5.0 - use appliance or not? 01:08 -!- ostolvis [~ostolvis@108.162.156.19] has joined #openvpn 01:09 -!- `Ile` [~Ile@kaniserver.net] has joined #openvpn 01:10 -!- jameslordhz [~jack@220.190.21.171] has quit [Ping timeout: 240 seconds] 01:22 -!- jameslordhz [~jack@220.190.18.30] has joined #openvpn 01:29 -!- jameslordhz1 [~jack@125.108.48.169] has joined #openvpn 01:32 -!- jameslordhz [~jack@220.190.18.30] has quit [Ping timeout: 245 seconds] 01:41 <@vpnHelper> RSS Update - forum: Disable TAP version check, how? 01:45 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn 01:45 -!- mode/#openvpn [+v s7r] by ChanServ 01:53 -!- tabakhase_ is now known as tabakhase 01:59 -!- jameslordhz [~jack@220.190.21.230] has joined #openvpn 02:01 -!- jameslordhz1 [~jack@125.108.48.169] has quit [Ping timeout: 276 seconds] 02:15 -!- emmanuelux [~emmanuel@2a01:e35:2e4d:9010:21d:60ff:fe0e:b818] has quit [Quit: Ex-Chat] 02:21 -!- emmanuelux [~emmanuel@2a01:e35:2e4d:9010:21d:60ff:fe0e:b818] has joined #openvpn 02:23 -!- jameslordhz1 [~jack@125.109.161.32] has joined #openvpn 02:24 -!- jameslordhz [~jack@220.190.21.230] has quit [Ping timeout: 248 seconds] 02:24 -!- dazo_afk is now known as dazo 02:27 -!- bigpaws [~bigpaws@c-68-37-125-150.hsd1.nj.comcast.net] has quit [Ping timeout: 252 seconds] 02:27 -!- bigpaws_ [~bigpaws@c-68-37-125-150.hsd1.nj.comcast.net] has joined #openvpn 02:28 -!- Guest35145 [~h4x0r@CPE-120-146-170-159.static.qld.bigpond.net.au] has left #openvpn [] 02:29 -!- h4x0r` [~h4x0r@CPE-120-146-170-159.static.qld.bigpond.net.au] has joined #openvpn 02:29 -!- h4x0r` [~h4x0r@CPE-120-146-170-159.static.qld.bigpond.net.au] has quit [Changing host] 02:29 -!- h4x0r` [~h4x0r@unaffiliated/respekt] has joined #openvpn 02:52 -!- jameslordhz [~jack@125.109.162.87] has joined #openvpn 02:54 -!- jameslordhz1 [~jack@125.109.161.32] has quit [Ping timeout: 240 seconds] 02:55 -!- jameslordhz1 [~jack@125.109.170.251] has joined #openvpn 02:56 -!- Denial [Denial@drgi.co.uk] has joined #openvpn 02:56 -!- jameslordhz [~jack@125.109.162.87] has quit [Ping timeout: 252 seconds] 03:02 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has joined #openvpn 03:04 -!- defsdoor [~andy@cpc17-sutt4-2-0-cust175.perr.cable.virginmedia.com] has joined #openvpn 03:11 -!- JackWinter2 [~jack@ppp-289.vo.lu] has quit [Quit: Konversation terminated!] 03:12 -!- Mowee [~Mowi@85.17.180.48] has joined #openvpn 03:18 -!- JackWinter [~jack@ppp-289.vo.lu] has joined #openvpn 03:32 -!- koaschten [~koaschten@31-16-0-231-dynip.superkabel.de] has quit [Ping timeout: 240 seconds] 03:39 < krzee> emmanuelux, 03:40 < krzee> !route_by_app 03:42 < reiffert> !factoids search krzee 03:42 <@vpnHelper> No keys matched that query. 03:43 < krzee> hrm 03:43 < krzee> !factoids search app 03:43 <@vpnHelper> "routebyapp" is if you want to send only certain apps over the VPN you need to run a socks server on the internal VPN subnet (see !sockd) then get an app like proxifier (google it) to selectively route traffic over the socks proxy based on port/app/subnet or any combination. 03:43 < krzee> ahh thx 03:49 < hyper_ch> !sockd 03:49 <@vpnHelper> "sockd" is if you want !routebyapp you can use this dante config www.ircpimps.org/sockd.conf but BE SURE TO ONLY RUN THIS ON THE INTERNAL VPN IP! otherwise you will be an open proxy. that config has no security because its expected to run inside openvpn 03:51 -!- agagag [~anton@eudaimonia.goto10.org] has quit [Ping timeout: 276 seconds] 03:51 -!- fr00d [~andi@sandbox2.sixhop.de] has quit [Quit: brb] 04:08 -!- Essobi [~Essobi@74-133-160-231.dhcp.insightbb.com] has quit [Ping timeout: 276 seconds] 04:09 -!- diffen3 [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has joined #openvpn 04:09 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has quit [Read error: Connection reset by peer] 04:11 -!- amir__ is now known as amir 04:19 -!- Araluccl0 [~lallo@151.77.174.247] has quit [Quit: Anche il discorsismo ha un limitismo.] 04:19 -!- Araluccl0 [~lallo@151.77.174.247] has joined #openvpn 04:20 -!- h4x0r` [~h4x0r@unaffiliated/respekt] has quit [Ping timeout: 252 seconds] 04:21 -!- master_of_master [~master_of@p57B55C88.dip.t-dialin.net] has quit [Read error: Operation timed out] 04:24 -!- agagag [~anton@eudaimonia.goto10.org] has joined #openvpn 04:25 -!- master_of_master [~master_of@p57B54E20.dip.t-dialin.net] has joined #openvpn 04:30 -!- simplechat [~simplecha@123-243-79-139.static.tpgi.com.au] has joined #openvpn 04:30 -!- simplechat [~simplecha@123-243-79-139.static.tpgi.com.au] has quit [Changing host] 04:30 -!- simplechat [~simplecha@unaffiliated/simplechat] has joined #openvpn 04:36 -!- simplechat [~simplecha@unaffiliated/simplechat] has quit [Remote host closed the connection] 04:48 -!- simplechat [~simplecha@123-243-79-139.static.tpgi.com.au] has joined #openvpn 04:48 -!- simplechat [~simplecha@123-243-79-139.static.tpgi.com.au] has quit [Changing host] 04:48 -!- simplechat [~simplecha@unaffiliated/simplechat] has joined #openvpn 04:51 -!- Deele [~Mr.D@217.199.115.217] has joined #openvpn 05:01 -!- phyber [phyber@irssi.co.uk] has joined #openvpn 05:02 < phyber> Hi, I'm using OpenVPN with a 'server' line for dynamically assigning IP addresses but I'm also using ifconfig-push for giving certain clients specific IP addresses. 05:02 < phyber> It seems OpenVPN isn't smart in this situation and will dynamically assign IP addresses that it shouldn't. 05:02 < phyber> is there a way around this? 05:03 < phyber> So far I'm guessing that I just shouldn't assign any addresses dynamically and should manually assign them all. 05:06 <@vpnHelper> RSS Update - forum: error socket.connetc() faild while creating connection 05:11 -!- p3rror [~mezgani@41.137.254.45] has joined #openvpn 05:11 <@vpnHelper> RSS Update - forum: Free providers? 05:13 <@dazo> phyber: use --ifconfig-push with IP addresses outside the address pool you've defined in --server 05:15 < phyber> guessed it might be something like that. thanks for confirming it :) 05:17 -!- phyber [phyber@irssi.co.uk] has left #openvpn [] 05:24 -!- dxtr [5d080d72@unaffiliated/dxtr] has quit [Ping timeout: 252 seconds] 05:27 -!- p3rror [~mezgani@41.137.254.45] has quit [Ping timeout: 276 seconds] 05:29 -!- p3rror [~mezgani@41.137.254.45] has joined #openvpn 05:48 <@vpnHelper> RSS Update - forum: Client Windows 7 can't run ping 05:51 -!- Gravitro_ [~admin@64.93.227.241] has joined #openvpn 05:52 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Read error: Connection reset by peer] 05:54 <@vpnHelper> RSS Update - forum: Client Windows 7 can't run ping || OPENVPN Works from States, not Europe 06:00 <@vpnHelper> RSS Update - forum: Site-to-Site Tunnel/IP masquerade question. 06:08 -!- jameslordhz1 [~jack@125.109.170.251] has left #openvpn [] 06:08 -!- JackWinter [~jack@ppp-289.vo.lu] has quit [Excess Flood] 06:08 -!- JackWinter [~jack@ppp-289.vo.lu] has joined #openvpn 06:08 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 06:09 -!- mode/#openvpn [+v Axeman] by ChanServ 06:09 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Read error: Connection reset by peer] 06:13 -!- agagag [~anton@eudaimonia.goto10.org] has quit [Read error: Operation timed out] 06:14 -!- agagag [~anton@eudaimonia.goto10.org] has joined #openvpn 06:15 -!- EvilJStoker [jstoker@unaffiliated/jstoker] has quit [Ping timeout: 252 seconds] 06:17 -!- Zlotnik [531995bf@gateway/web/freenode/ip.83.25.149.191] has joined #openvpn 06:18 -!- Netsplit *.net <-> *.split quits: Deele, MeanderingCode 06:18 < Zlotnik> !welcome 06:18 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 06:19 < Zlotnik> !howto 06:19 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror 06:23 -!- Netsplit over, joins: Deele, MeanderingCode 06:33 < Zlotnik> Hi. I downloaded openvpn-2.0.9-gui-1.0.3-install. Do i need to download more actual version (i don't see any other package inst+gui )? If i installed it i don't need to configure anything? 06:34 < Zlotnik> Sorry i'm noob and not native speaker. 06:36 <+EugeneKay> !download 06:36 <@vpnHelper> "download" is (#1) http://www.openvpn.net/download to download OpenVPN or (#2) OpenVPN's Windows installer now includes OpenVPN GUI. Don't bother with http://openvpn.se anymore or (#3) Don't trust download.com at all. It provides an extremely old version with malware: http://insecure.org/news/download-com-fiasco.html 06:36 <+EugeneKay> It sounds like you got the GUI from the mentioned .se site. Uninstall that, it's antique. 06:37 -!- EvilJStoker [jstoker@unaffiliated/jstoker] has joined #openvpn 06:37 -!- Deathvalley122 [~Death@localtel.eagleits.net] has quit [Ping timeout: 240 seconds] 06:40 < Zlotnik> thanks. But this new version is without gui. If i download new install package and gui from here: http://sourceforge.net/projects/openvpn-gui/files/Snapshot%20Binaries/ and install both it will work without configuring anything sir? 06:40 <@vpnHelper> Title: OpenVPN GUI - Browse /Snapshot Binaries at SourceForge.net (at sourceforge.net) 06:41 <+EugeneKay> !snapshot 06:41 <+EugeneKay> Oh, you buggering bot 06:42 <+EugeneKay> !snapshots 06:42 <@vpnHelper> "snapshots" is (#1) weekly dev snapshots are available from ftp://ftp.secure-computing.net/pub/openvpn or (#2) by helping test these features, and reporting back on either of the mailing lists, you can help these features become part of the stable branch 06:42 -!- Deathvalley122 [~Death@66.172.106.114] has joined #openvpn 06:43 <+EugeneKay> I don't know what's in that sourceforge package you linked. You want the package linked in !download, really you do. 06:49 -!- Araluccl0 [~lallo@151.77.174.247] has quit [Ping timeout: 252 seconds] 06:51 -!- Deathvalley122 [~Death@66.172.106.114] has quit [Quit: ZNC - http://znc.sourceforge.net] 06:52 -!- Araluccl0 [~lallo@151.77.162.19] has joined #openvpn 06:54 -!- Deathvalley122 [~Death@66.172.106.114] has joined #openvpn 07:04 <@vpnHelper> RSS Update - forum: can't connect to connection 07:09 < ecrist> Zlotnik: openvpn ships with a GUI for Windows now 07:09 < ecrist> do not use the sourceforge gui 07:09 < ecrist> well, rather, if you do, we don't support it 07:10 <@dazo> ecrist: there are more windows gui's on sf.net ... and d12fk (on devel) is developing it 07:11 < ecrist> wtf is that guy 07:11 < ecrist> he's a nobody. ;) 07:11 < ecrist> dazo: regardless, we can't support N+1 GUI's 07:12 <@dazo> fair enough ... and it will come in 2.3 anyway ;-) 07:12 < ecrist> *then* it'll be supported. :P 07:14 <@dazo> :) 07:15 -!- Deathvalley122 [~Death@66.172.106.114] has quit [Ping timeout: 245 seconds] 07:17 -!- p3rror [~mezgani@41.137.254.45] has quit [Ping timeout: 276 seconds] 07:18 < Zlotnik> yes, I had gui in the install pack :) 07:22 -!- Deathvalley122 [~Death@localtel.eagleits.net] has joined #openvpn 07:26 < Zlotnik> i thought it will be easier ;) "requires a configuration file and key/certificate files" i see i can use sample configuration file but how would be the best to do? i see there is option to run as service or from console, there is routing or bridge option... looks very confusing :D 07:26 <@vpnHelper> RSS Update - forum: [HELP] TAP-win32 adapter V9 Access Denied || Help setting upTunnel 07:26 <+EugeneKay> New gui for 2.3? 07:26 <+EugeneKay> !howto 07:26 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror 07:27 <+EugeneKay> Zlotnik ^ 07:28 -!- p3rror [~mezgani@41.137.254.45] has joined #openvpn 07:29 -!- misulicus [me@79.115.87.198] has joined #openvpn 07:31 < misulicus> hey guys a question the OpenVPN Client works only with Access Server ? 07:31 < Zlotnik> hmm maybe i should have restart pc before instaling new package ;) it looks like old gui 100.3 07:31 < Zlotnik> 1.0.3* 07:31 <+EugeneKay> misulicus - no? It's open source, works just fine.... 07:31 <@vpnHelper> RSS Update - forum: Can OpenVPN be installed on Windows Server Core (no GUI)? 07:35 < misulicus> EugeneKay i tried connecting to my servers IP with OpenVPN Client, i get this error after entering user and pass: Not an Access Server. 07:35 <+EugeneKay> Are you using the access server client? :-p 07:35 < misulicus> no 07:36 <@vpnHelper> RSS Update - forum: Remove routes when there is no connection w/ the peer || Can VPN Services Provide End to End Encryption? 07:37 < misulicus> i downloaded : http://swupdate.openvpn.org/community/releases/openvpn-2.2.2-install.exe installed it, i put the cert file, like in the tutorial i folowed so far 07:37 < misulicus> i started enter user pass but its hanging 07:37 < misulicus> Thu Jan 26 15:36:35 2012 UDPv4 link remote: server:port 07:38 < misulicus> ok it closed and it retries aparently 07:38 < misulicus> Thu Jan 26 15:37:36 2012 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 07:38 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has joined #openvpn 07:42 <@vpnHelper> RSS Update - forum: OpenVPN with redirect-gateway renders public ip inaccessable 07:44 <+s7r> misulicus: clientul pentru access server merge si cu community project instalat pe server 07:49 <@vpnHelper> RSS Update - forum: Auto disconnect 07:52 -!- misulicus1 [~me@184.173.10.92-static.reverse.softlayer.com] has joined #openvpn 07:52 -!- Denial [Denial@drgi.co.uk] has quit [Ping timeout: 248 seconds] 07:54 -!- misulicus [me@79.115.87.198] has quit [Ping timeout: 240 seconds] 07:55 -!- misulicus [me@79.115.87.198] has joined #openvpn 07:56 <@dazo> misulicus: if you have an access server already .... why not just use the AS client as well, as that's designed to work together 07:57 < misulicus> yeah dont have access server, i jsut wanted to try the free version to see if i can get it to work 07:57 <@dazo> (in theory 2.2.x clients should work against Access Server ... but that's not something which is tested a lot) 07:57 <@dazo> !logs 07:57 <@vpnHelper> "logs" is (#1) is please pastebin your logfiles from both client and server with verb set to 5 or (#2) In Tunnelblick, right-click and select copy to copy log text to clipboard. 07:57 <@dazo> !config 07:57 <@vpnHelper> (config []) -- If is given, sets the value of to . Otherwise, returns the current value of . You may omit the leading "supybot." in the name if you so choose. 07:58 <@dazo> !configs 07:58 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries 07:58 <@dazo> misulicus: ^^^ we need to see your !logs and !configs then 07:58 < misulicus> ok i`m just a newb here :) 07:59 -!- misulicus1 [~me@184.173.10.92-static.reverse.softlayer.com] has quit [Ping timeout: 255 seconds] 07:59 <@dazo> I was also openvpn newb many years ago ... now I'm involved in openvpn development ... being a newb is not an accepted excuse ;-) 08:00 < misulicus> ok so, if possible to make the openvpn client to work with the community version 08:00 < misulicus> would be easier for users to use 08:00 < misulicus> what info u need to show u ? 08:00 < havoc> being a newb is a reason to RTFM, nothing more 08:01 < havoc> ...and ask intelligent questions about what you should be reading 08:02 <@dazo> I don't know how Access Server is configured, so I don't know what to tweak 08:02 -!- misulicus [me@79.115.87.198] has quit [Read error: Connection reset by peer] 08:02 -!- misulicus1 [~me@184.173.10.92-static.reverse.softlayer.com] has joined #openvpn 08:02 <@dazo> !howto 08:02 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror 08:02 <@dazo> misulicus1: ^^^ 08:03 -!- misulicus [me@79.115.87.198] has joined #openvpn 08:03 < havoc> dazo: how is AS managed, is it the same devs working on both OVPN and AS? 08:03 <@dazo> havoc: it's James Yonan who is doing the AS development, and he have most of the focus there nowadays 08:04 < havoc> is it largely the same codebase? 08:04 <@dazo> under the hood, it's the openvpn community version doing the VPN stuff .... but the management tools (UI) and the client UI are different 08:04 < misulicus> dazo it worked mate :P 08:04 < havoc> right, so then it has the same abilities/restrictions as OVPN 08:04 < havoc> and same limitations 08:05 <@dazo> havoc: it was very close to the same code base ... however, OpenVPN AS is stuck in a 2.1 branch ... we have much of that stuff in the the 2.2 releases, and we're missing one new thing in the 'master' branch in the development tree 08:05 < havoc> ah 08:05 <@dazo> but 2.2 and beyond is far more developed nowadays than the AS version 08:06 < havoc> nice 08:06 <@dazo> James is trying to move over to the git version as well, but it takes time to migrate all his tools and build environments for the AS 08:07 < havoc> yeah, understandable 08:07 < havoc> we just mograted from VSS2005 to TFS ;) 08:07 < havoc> migrated 08:07 -!- misulicus1 [~me@184.173.10.92-static.reverse.softlayer.com] has quit [Ping timeout: 252 seconds] 08:07 <@dazo> TFS? 08:07 < havoc> different world of course, but still major move 08:07 < havoc> dazo: Team Foundation Server 08:08 <@dazo> ahh 08:08 * dazo is not well traversed in the Windows environment .... and tries to stay away from it as much as possible 08:08 < havoc> M$ stuff 08:08 < havoc> dazo: consider yourself lucky ;) 08:08 <@dazo> :) 08:09 < havoc> for me it's a little different as I made the conscious decision ~5yrs ago to transition from Production to Infrastructure 08:09 < havoc> so less/no coding now, just dev support 08:09 * dazo read the first paragraph on the following URL ... and thought "No, I don't nee^H^H^H want to know more 08:09 <@dazo> https://en.wikipedia.org/wiki/Team_Foundation_Server 08:09 <@vpnHelper> Title: Team Foundation Server - Wikipedia, the free encyclopedia (at en.wikipedia.org) 08:10 <@dazo> :) 08:10 < havoc> dazo: my point was that they were still using Visual SourceSafe 2005, every version of which pretty much sucked 08:10 < havoc> and VSS in total is wicked outdated, 2005 was last version 08:11 <@dazo> yeah, VSS is even worse that CVS 08:11 < havoc> TFS is definitely a step up 08:11 < havoc> exactly :) 08:11 < havoc> even M$ dev (w/ VS) + TortiesCVS woulf have been better 08:12 < havoc> or TortiesSVN 08:13 <+EugeneKay> Moar git :v 08:14 < havoc> CVS is/was very basic, but it *worked* 08:14 < havoc> at least you could count on it not courupting/losing data 08:14 < havoc> corrupting 08:14 <@dazo> seeing CVS and SVN in the same discussion reminds me of the Subversion slogan "SVN is CVS done right" ... and Linus Torvalds scream "There is no way ever you can make CVS right" 08:14 < havoc> heheh 08:17 -!- misulicus [me@79.115.87.198] has quit [] 08:17 -!- misulicus [me@79.115.87.198] has joined #openvpn 08:18 <+EugeneKay> +1 08:18 <+EugeneKay> I'm actually cursing at a svn project right now 08:27 -!- gremly [~gremly@pcsp174-30.supercabletv.net.co] has joined #openvpn 08:27 < ecrist> I actually like SVN 08:27 < havoc> I liked SVN too 08:28 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Read error: Operation timed out] 08:29 -!- JackWinter [~jack@ppp-289.vo.lu] has quit [Remote host closed the connection] 08:31 < misulicus> ok another newb q 08:31 < misulicus> i folowed a tutorial to install openvpn, i created a client.openvpn file i imported it in the OpenVPN client and it works, i can connect 08:32 -!- JackWinter [~jack@ppp-289.vo.lu] has joined #openvpn 08:32 < misulicus> My question is, i create a new user on the server, give him the Openvpn client and the same client.openvpn 08:32 < misulicus> When he logins with his own user/pass, it will give him a different IP that the other user who has same client.openvpn file ? 08:33 < misulicus> like if i give u the client.openvpn to use with OPenVPN client, and i create a new user on the server it will work for both of us 08:34 < havoc> misulicus: it should give diff IP, but only if you've allowed multiple connections using same cert(s) 08:34 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 08:35 < misulicus> ok, how can i check if my config is set like that ? 08:35 < havoc> I foget what the opt is called, but I use the same config for everyone, but diff certs/keys 08:35 < havoc> are you using the same keys as well as same config? 08:35 < havoc> (same config is normal) 08:36 < misulicus> well i folowed a tutorial on web, how to install..i tried it, created a client.openvpn file wich i imported in the openvpn client and i can login fine 08:36 < misulicus> i created a new user on the server 08:36 < misulicus> and tried to login with the new user and it worked fine, but i cant try both users at the same time to see if it works 08:37 < misulicus> thats why i`m asking 08:37 < havoc> well I'd guess they'll both get diff IPs if the IP pool is setup correctly 08:38 < havoc> but the rest you just need to test 08:39 < misulicus> http://pastebin.com/j7GW5Ayt 08:39 < misulicus> thats the client.openvpn file i use 08:40 < havoc> server config is more relevant for the questions you're asking, I think 08:41 < misulicus> http://pastebin.com/WvdZ55JX 08:41 < misulicus> thats server config 08:42 -!- dazo is now known as dazo_afk 08:43 < havoc> ah, you're using pam auth 08:43 < havoc> I know nothing about that 08:43 -!- scampbell [~scampbell@c-98-224-240-62.hsd1.mi.comcast.net] has joined #openvpn 08:43 < misulicus> well thats how the tutorial hada i`d 08:43 < misulicus> i`d like it to work with a mysql databse for user logins but thats too much for my knowledge 08:44 < havoc> yeah, I can't help you past this, sorry 08:47 -!- dazo_afk is now known as dazo 08:47 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 255 seconds] 08:58 -!- gladiatr [~sdspence@openvpn/community/support/gladiatr] has joined #openvpn 09:05 -!- newl [~newl@97.75.165.156] has joined #openvpn 09:12 -!- misulicus [me@79.115.87.198] has quit [] 09:20 < Zlotnik> i think i will give up :( I don't understand how it works. Maybe i can't make both client and server on one pc. I just wanted to secure my connects in internet but this openvpn require a lot of configuration by someone with more knowledge :( 09:21 < `Ile`> c c c 09:23 < rob0> not going to argue with the decision to give up, but I'm curious: secure connections against what? How does having both VPN endpoints on one host secure against anything? 09:25 <+s7r> :)))) 09:25 <+s7r> i want to secure my loopback traffic to 127.0.0.1 09:26 < rob0> hey, you evil h4x0R! 127.0.0.1 is MINE!!!11 09:30 -!- `Ile` [~Ile@kaniserver.net] has quit [Quit: KVIrc 4.1.3 Equilibrium http://www.kvirc.net/] 09:30 -!- Denial [Denial@drgi.co.uk] has joined #openvpn 09:41 < Zlotnik> i thought it do but i said i didnt understand how it works ;) 09:42 < Zlotnik> to use freely and anonimously internet just how it should be in free country 09:43 <+s7r> well first of all you need a server located in a 'free country' 09:43 <+s7r> and you make a vpn between your computer and that server which is in another counry 09:44 <+s7r> this way you bypass all restrictions and censorship in your country and hide your activity with heavy encryption 09:45 <+EugeneKay> OpenVPN is not Tor. 09:47 <@vpnHelper> RSS Update - forum: Newbee Help Please 09:51 -!- simplechat [~simplecha@unaffiliated/simplechat] has quit [Ping timeout: 240 seconds] 10:01 <+s7r> EugeneKay: speaking of tor 10:01 <+s7r> what port / protocl does it use 10:01 <+s7r> can it be blocked? 10:01 <+s7r> sorry for off topic 10:01 <+s7r> but really curious 10:02 <+EugeneKay> Tor protocol, TCP:80 and :443 usually 10:03 <+EugeneKay> 9001 and 9030 are the "standard" ports, but 80 and 443 are recommended for use because they're not firewalled 10:04 < Zlotnik> do you know anything else free, open source with already predefined server? 10:04 < Zlotnik> i don't think many free countries last in this world 10:05 <@vpnHelper> RSS Update - forum: Remove routes when there is no connection w/ the peer 10:06 -!- Essobi [~Essobi@74-133-160-231.dhcp.insightbb.com] has joined #openvpn 10:12 -!- noisebleed_ [~quassel@piggy.inescn.pt] has quit [Ping timeout: 276 seconds] 10:16 -!- noisebleed [~quassel@kermit.inescn.pt] has joined #openvpn 10:16 -!- noisebleed [~quassel@kermit.inescn.pt] has quit [Changing host] 10:16 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has joined #openvpn 10:17 <@vpnHelper> RSS Update - forum: Site-to-Site Tunnel/IP masquerade question. 10:18 -!- h4x0r` [~h4x0r@CPE-120-146-170-159.static.qld.bigpond.net.au] has joined #openvpn 10:18 -!- gladiatr [~sdspence@openvpn/community/support/gladiatr] has quit [Remote host closed the connection] 10:18 -!- h4x0r` is now known as Guest68793 10:23 -!- Guest68793 [~h4x0r@CPE-120-146-170-159.static.qld.bigpond.net.au] has quit [Ping timeout: 276 seconds] 10:30 -!- newl [~newl@97.75.165.156] has left #openvpn [] 10:32 -!- dxtr [~dxtr@2a00:16d8:2:300:0:dead:beef:cafe] has joined #openvpn 10:32 -!- dxtr [~dxtr@2a00:16d8:2:300:0:dead:beef:cafe] has quit [Changing host] 10:32 -!- dxtr [~dxtr@unaffiliated/dxtr] has joined #openvpn 10:34 -!- dxtr [~dxtr@unaffiliated/dxtr] has quit [Client Quit] 10:35 <@vpnHelper> RSS Update - forum: Anonyproz OpenVPN Service Provider 10:35 -!- dxtr [~dxtr@2a00:16d8:2:300:0:dead:beef:cafe] has joined #openvpn 10:35 -!- dxtr [~dxtr@2a00:16d8:2:300:0:dead:beef:cafe] has quit [Changing host] 10:35 -!- dxtr [~dxtr@unaffiliated/dxtr] has joined #openvpn 10:38 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 10:50 -!- Axeman [~Axeman3@198.105.46.46] has joined #openvpn 10:50 -!- Axeman [~Axeman3@198.105.46.46] has quit [Changing host] 10:50 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 10:50 -!- mode/#openvpn [+v Axeman] by ChanServ 11:00 -!- gladiatr [~sdspence@openvpn/community/support/gladiatr] has joined #openvpn 11:05 <@vpnHelper> RSS Update - forum: New openvpn server on dd-wrt, log posted, need assistance 11:14 -!- raidz [~raidz@openvpn/corp/admin/andrew] has joined #openvpn 11:14 -!- mode/#openvpn [+o raidz] by ChanServ 11:35 -!- Khas [~Khas@5e0bd775.bb.sky.com] has joined #openvpn 11:36 < Khas> I'm runni a VPS that has one interface, eth0. I want to setup OpenVPN to use tap, and a the guides I've read talk about a bridge. Do i need to set up a bridge, and if so, are there any guides on setting up a bridge in this configuration? 11:38 < Olipro> why do you want to use tap over tun 11:38 < Olipro> in any case, you don't /need/ to setup a bridge, but may wish to, depending on the use case 11:39 < Khas> For games and so all my clients are on the same subnet for sharing folders and rdp/vnc etc. :-)) 11:39 < Khas> I'm running tun just now. 11:39 < Olipro> I see, so the purpose is to put VPN clients /inside/ your LAN, as it were 11:41 < hyper_ch> !tunortap 11:41 <@vpnHelper> "tunortap" is (#1) you ONLY want tap if you need to pass layer2 traffic over the vpn (traffic destined for a MAC address). If you are using IP traffic you want tun. Dont waste the extra overhead. or (#2) and if your reason for wanting tap is windows shares, see !wins or (#3) also remember that if someone gets access to any side of a tap vpn they can use layer2 attacks like arp poisoning against you over 11:41 <@vpnHelper> the vpn or (#4) lan gaming? use tap! 11:50 < Khas> !wins 11:50 <@vpnHelper> "wins" is http://oreilly.com/catalog/samba/chapter/book/ch07_03.html is a good link for seeing how to run WINS on samba 11:54 -!- c1de0x [~c1de0x@208.111.44.254] has joined #openvpn 11:59 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Quit: Sorry Gotta Run!] 12:02 < emmanuelux> krzee, thx for the answer @10:39 12:07 < Zlotnik> bye o/ 12:08 < Zlotnik> i think i will use just a cyberghost or something like this 12:09 -!- Zlotnik [531995bf@gateway/web/freenode/ip.83.25.149.191] has quit [Quit: Page closed] 12:10 -!- arosen1 [~arosen@130.127.62.3] has joined #openvpn 12:13 < arosen1> I'm curious, if you have openvpn setup to do L2 tunneling and are using TCP (instead of UDP) as your transport. Then say if you want to talk CIFS to a server on the other side of the VPN then in this case I'm trying to figure out what happens. 12:13 < arosen1> the CIFS packets make it to your tap0 interface then: 12:13 < arosen1> is a new tcp connection fired up here? 12:14 < arosen1> Or is there already a persistent tcp tunnel already setup that it will put your data on? 12:15 < hyper_ch> arosen1: use !route 12:15 < hyper_ch> for accessing lans behind the vpn 12:15 < hyper_ch> you need to route it and traffic jus goes through the tunnel 12:15 < hyper_ch> but it's simpler if the samba server is also a vpn client or maybe even the vpn server 12:18 < rob0> The openvpn TCP connection would be one single connection, but sending data through it as needed. 12:18 <@vpnHelper> RSS Update - forum: New installation on Vmware esxi 5.0 - use appliance or not? 12:18 < rob0> and indeed, !wins is much better than !tap 12:19 < rob0> so the whole thing is quite full of ... less than ideal choices 12:20 < Khas> so using !winsi I can rdp/vnc/access shares? 12:21 < Khas> on tun i mean 12:22 < arosen1> wins = tun? 12:23 < arosen1> rob0: Well that answers my question anyway. It only uses one tcp connection to relay the data. 12:24 < rob0> !wins 12:24 <@vpnHelper> "wins" is http://oreilly.com/catalog/samba/chapter/book/ch07_03.html is a good link for seeing how to run WINS on samba 12:24 < arosen1> gotcha 12:24 < rob0> um, WINS on Samba is as simple as enabling it. 12:25 < arosen1> Also in OpenVPN all the data is relayed though the vpn server right? 12:25 < rob0> then you point your CIFS clients to that WINS server, and it serves WINS names as resolved from DNS. 12:26 < rob0> Any data which is routed via openvpn is ... routed via openvpn. 12:26 < rob0> Conversely, if not routed via openvpn, it's not. 12:26 < Khas> haha :-D 12:26 < rob0> well, what else can I say? 12:27 < Khas> Is there really that much of an overhead using l2? 12:27 < arosen1> Say we are talking about the L2 setup. Then it's still moved though the openvpn server 12:27 -!- barbie [~chatzilla@pool-71-164-184-119.dllstx.fios.verizon.net] has joined #openvpn 12:28 < rob0> I have never bothered to measure the L2/tap overhead, mainly because I've needed neither tap nor benchmarks. :) 12:28 < arosen1> If you had 3 sites 192.168.1/24 192,168.2/24, and 192,168.3/24 could you have them route to the correct site without going though the vpn server directly. 12:28 < arosen1> Or would you need to setup 3 vpn servers one at each site? 12:28 -!- babble [~coyote@unaffiliated/coyote] has joined #openvpn 12:29 < rob0> that's too abstract to try to answer 12:29 <@vpnHelper> RSS Update - forum: Please help quickly 12:30 < arosen1> Say I have 3 locations I want to route between (all private addressing though). 12:30 < Khas> I like the idea of my server running dhcp. 12:30 < arosen1> I guess in this setup you would use point to point 12:30 < arosen1> Well you could use tun and have 3 different routes setup 12:30 < arosen1> each route would be a different tun interface though 12:31 < Khas> If i add a *nix client to the network, it uses it's hostname instead of wins, right? 12:31 < arosen1> then you would need to have a vpn server at each site 12:31 < arosen1> for each subnet 12:31 < arosen1> This way traffic would be routed directly rather than relayed 12:31 < arosen1> right? 12:32 < Khas> why would you want that? 12:32 <+EugeneKay> Openvpn doesn't do mesh (yet). You can build one statically by having N links, yes. 12:32 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has quit [] 12:32 <+EugeneKay> Or run a routing daemon such as quagga 12:33 <+EugeneKay> Hub-and-spoke is usually the easiest topology to maintain 12:34 < rob0> "star topology" 12:34 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has joined #openvpn 12:35 < rob0> but indeed, for a small number of sites, it's not that difficult to do a full mesh 12:35 < thansen> can someone give me a hand with this.. http://pastebin.com/rQqnvFR4 12:36 < arosen1> Since openvpn routes everything though the openvpn server it seens like you would still need multiple servers no? 12:36 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has quit [Client Quit] 12:40 <@vpnHelper> RSS Update - forum: Please help quickly 12:46 <@vpnHelper> RSS Update - forum: Please help quickly 12:50 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 272 seconds] 12:52 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has quit [Remote host closed the connection] 12:58 <@vpnHelper> RSS Update - forum: Please help quickly 12:58 < hyper_ch> krzee: http://www.youtube.com/watch?v=HvVG7aXIG2g 12:58 <@vpnHelper> Title: Poppy and Georgie Chasing a Mouse - YouTube (at www.youtube.com) 13:07 -!- arosen1 [~arosen@130.127.62.3] has quit [Remote host closed the connection] 13:11 -!- arosen [~arosen@130.127.62.3] has joined #openvpn 13:18 -!- oc80z [oc80z@openvpn/user/oc80z] has quit [Excess Flood] 13:19 -!- oc80z [oc80z@blea.ch] has joined #openvpn 13:20 -!- c1de0x [~c1de0x@208.111.44.254] has quit [Ping timeout: 252 seconds] 13:20 -!- p3rror [~mezgani@41.137.254.45] has quit [Ping timeout: 252 seconds] 13:21 < babble> hello. i have a couple of questions about openVPN... 13:22 < babble> first, why is there a difference in these two OpenVPN programs 13:22 < babble> http://swupdate.openvpn.org/downloads/shield/openvpn-connect.msi 13:22 < hyper_ch> there are two programs? 13:22 < babble> http://swupdate.openvpn.org/community/releases/openvpn-2.2.2-install.exe 13:22 < babble> As both were downloaded from https://www.openvpn.net/ 13:22 <@vpnHelper> Title: OpenVPN - Open Source VPN (at www.openvpn.net) 13:23 < babble> As both were downloaded from https://www.openvpn.net/ 13:23 <@vpnHelper> Title: OpenVPN - Open Source VPN (at www.openvpn.net) 13:24 < babble> second, what is the difference in these two adaptors: 13:25 < babble> "tap-win32 adapter V9" 13:25 < babble> which was installed by the program from the 1st link above. 13:25 -!- cjs226 [~cjs226@rrcs-71-40-79-154.sw.biz.rr.com] has joined #openvpn 13:25 < babble> and the other adaptor: 13:25 < babble> "tap-win32 adapter OAS" 13:25 < hyper_ch> i don't know anything about windows 13:25 < babble> which was installed by the program from the 2nd link above 13:25 < hyper_ch> it's too complicated for me 13:26 < hyper_ch> I prefer the simplicity of *nix 13:26 < rob0> Windows is too complicated for everyone. 13:26 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn 13:26 < babble> anyone else here why is familiar with Windows? 13:27 < babble> anyone else here who is familiar with Windows? 13:28 < hyper_ch> !patience 13:28 < hyper_ch> krzee: there should be a !patience factoid 13:32 < rob0> well, that one was a typo correction, not necessarily nagging 13:34 < hyper_ch> rob0: maybe... but we still need that factoid 13:35 < rob0> true 13:35 < hyper_ch> oh... I forgot, babble uses windows which has no sed 13:38 <@vpnHelper> RSS Update - forum: Please help quickly 13:46 < babble> well, i have saved the set of questions in a text file, and i will return later. maybe there will be someone more familiar with Windows at that time. thanks anyway, fellows 13:47 < babble> i'll shoot the questions to the forum online too. 13:47 < babble> take care 13:47 -!- babble [~coyote@unaffiliated/coyote] has quit [Quit: Leaving] 13:47 < rob0> good luck ... you will need it 13:49 -!- misulicus [me@79.115.87.198] has joined #openvpn 13:50 < misulicus> hey guys another question 13:50 < misulicus> according to the guide i followed when installing i had to route iptables 13:50 < misulicus> this line 13:50 < misulicus> iptables -t nat -A POSTROUTING -s 1.2.3.0/24 -j SNAT --to 123.123.123.123 13:50 < misulicus> my clients will get ip`s with 1.2.3.. 13:50 < hyper_ch> what guide? 13:51 < misulicus> http://www.webhostingtalk.com/showpost.php?p=7294366&postcount=1 13:51 <@vpnHelper> Title: Web Hosting Talk - View Single Post - Install OpenVPN on CentOS (at www.webhostingtalk.com) 13:51 < hyper_ch> scratch that and use !howto 13:51 < misulicus> !howto 13:51 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror 13:51 < misulicus> wekk it worked with that uide 13:53 < misulicus> i cant find a page to download OpenVPN Client anywhere 13:54 -!- Transformer [~Transform@ool-4a59e397.dyn.optonline.net] has joined #openvpn 13:54 -!- Transformer [~Transform@ool-4a59e397.dyn.optonline.net] has left #openvpn [] 13:57 < hyper_ch> it's all the same 13:57 < hyper_ch> client / server 13:57 < hyper_ch> only difference is by config 14:00 < misulicus> found it: http://www.openvpn.net/index.php?option=com_content&id=357 14:00 <@vpnHelper> Title: Client Packages (at www.openvpn.net) 14:02 < misulicus> i wanna allow users to logint using that client 14:04 -!- barbie [~chatzilla@pool-71-164-184-119.dllstx.fios.verizon.net] has quit [Quit: between hops] 14:07 < ecrist> misulicus: that's AS 14:07 < ecrist> !as 14:07 <@vpnHelper> "as" is please go to #OpenVPN-AS for help with Access-Server 14:09 < misulicus> yeah but i dont have AS 14:09 < misulicus> and it workes with the community version too 14:14 < Khas> Does wins only work for clients on the same subnet? 14:16 < rob0> a WINS server is given as an IP address. If the client can route to that address and a WINS server answers, win! 14:17 < rob0> for support of your CIFS client, find an appropriate place, such as #samba for Samba, Microsoft support for Windows. 14:18 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 252 seconds] 14:18 < Khas> I'm trying to determine where the problem is to ask in the right place. wins is turned on, clients connected, but they can't talk to each other. They all have different subnets, despite whatvI've set in ovpn config 14:24 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn 14:47 -!- corretico [~luis@190.211.93.11] has quit [Ping timeout: 240 seconds] 14:51 < rob0> if tools like ping(1) and tracepath(1) and nc(1) work through the VPN, openvpn is not the problem. 14:51 < rob0> Even if not, as /topic says, it's usually a firewall or IP forwarding setting. 14:51 < hyper_ch> Khas: 14:51 < hyper_ch> !routing 14:51 < hyper_ch> !route 14:51 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT or (#3) See !tcpip for more info about a more basic networking guide 14:53 < Khas> Thing is, I don't want multiple lans. I just want one lan. I want all clients to exist on the same subnet. 14:53 < hyper_ch> make them all clients in the vpn 14:55 < Khas> I've set the server to dish out /24 subnet IPs, butthe clients get /30. 14:56 < hyper_ch> then you don't do it properly 15:00 -!- dazo is now known as dazo_afk 15:00 -!- resno [~resno@unaffiliated/resno] has joined #openvpn 15:01 < resno> !welcome 15:01 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 15:01 < resno> !howto 15:01 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror 15:07 <@vpnHelper> RSS Update - forum: Could not execute openvpn, are you sure OpenVPN is installed 15:11 -!- Axeman [~Axeman3@198.105.46.46] has joined #openvpn 15:11 -!- Axeman [~Axeman3@198.105.46.46] has quit [Changing host] 15:11 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 15:11 -!- mode/#openvpn [+v Axeman] by ChanServ 15:16 < Khas> If i have enabled client-to-client, i should be able to ping other clients. right? 15:16 < Khas> Oh no, they aren't on the same subnet. 15:17 < Khas> I have the same config for my server for ip allocation as the samples. Is there any other source of information that might help me? 15:19 -!- Gravitro_ [~admin@64.93.227.241] has quit [Quit: Computer has gone to sleep.] 15:19 <+EugeneKay> !man 15:19 <@vpnHelper> "man" is (#1) http://openvpn.net/man for 2.0 manual or (#2) http://openvpn.net/man-beta.html for 2.1 manual or (#3) http://openvpn.net/index.php/open-source/documentation/manuals/427-openvpn-22.html for 2.2 manual or (#4) the man pages are your friend! 15:19 -!- durando [~quassel@cpe-67-253-41-119.maine.res.rr.com] has joined #openvpn 15:22 -!- defsdoor [~andy@cpc17-sutt4-2-0-cust175.perr.cable.virginmedia.com] has quit [Quit: Ex-Chat] 15:29 -!- Araluccl1 [~lallo@151.77.226.107] has joined #openvpn 15:30 -!- Araluccl0 [~lallo@151.77.162.19] has quit [Ping timeout: 252 seconds] 15:37 -!- nonotza [~nonotza@66.246.94.130] has joined #openvpn 15:38 -!- nonotza [~nonotza@66.246.94.130] has quit [Client Quit] 15:38 -!- nonotza [~nonotza@66.246.94.130] has joined #openvpn 15:54 -!- p3rror [~mezgani@41.249.13.208] has joined #openvpn 15:57 -!- h4x0r` [~h4x0r@CPE-120-146-170-159.static.qld.bigpond.net.au] has joined #openvpn 15:57 -!- h4x0r` [~h4x0r@CPE-120-146-170-159.static.qld.bigpond.net.au] has quit [Changing host] 15:57 -!- h4x0r` [~h4x0r@unaffiliated/respekt] has joined #openvpn 16:05 < Araluccl1> hi, can anyone help? Im having a MULTI: bad source address from client [192.168.1.5], packet dropped if I try from one ip in my subnety (it not a direct vpn client...the client is the router) to ping my vpn server... actually if I tru a ping 10.8.0.1 ... the server sees the attempt but cant reply... I reade everywhere I can fix it addint route 192168.1.0 255.255.255.0 in server.conf and iroute 192.168.1.0 255.255.255.0 ino ccd... which I did but didnt sol 16:06 < Araluccl1> sorry for all tipos..I hoe it can be understood 16:06 < Araluccl1> typos 16:13 -!- cjs226 [~cjs226@rrcs-71-40-79-154.sw.biz.rr.com] has quit [] 16:22 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Ping timeout: 248 seconds] 16:30 -!- scampbell [~scampbell@c-98-224-240-62.hsd1.mi.comcast.net] has quit [Read error: Connection reset by peer] 16:31 -!- newl_ [~newl@97.75.165.156] has joined #openvpn 16:33 -!- h4x0r` [~h4x0r@unaffiliated/respekt] has quit [] 16:34 -!- h4x0r` [excon@creep.bur.st] has joined #openvpn 16:34 -!- h4x0r` [excon@creep.bur.st] has quit [Changing host] 16:34 -!- h4x0r` [excon@unaffiliated/respekt] has joined #openvpn 16:36 < krzee> Araluccl1, your ccd file is probably not being read 16:36 < krzee> maybe permission problem, maybe problem with the filename not exactly matching the CN, maybe the path to the ccd dir in your config is wrong 16:36 < Araluccl1> absolutely... to be sure I enabled ccd-exlusive..and now it gives auth failed... 16:36 < Araluccl1> is there a way to see if certificates are good... i was pretty sure they were... 16:37 < Araluccl1> without ccd-exclusive vpn works fine 16:37 < krzee> then they are fine 16:37 < krzee> but yes there is 16:37 < krzee> !cert-verify 16:37 < krzee> but like i said, your certs are fine 16:37 < krzee> !factoids search cert 16:37 <@vpnHelper> 'servercert', 'certs', 'nocert', 'certverify', 'certinfo', and 'cert_chains' 16:37 < krzee> !certverify 16:37 <@vpnHelper> "certverify" is verify your certs are signed correctly by running `openssl verify -CAfile ` for client.crt and server.crt 16:37 < Araluccl1> then what can it be... the name of the ccd files? 16:38 < krzee> [14:36] maybe permission problem, maybe problem with the filename not exactly matching the CN, maybe the path to the ccd dir in your config is wrong 16:38 < Araluccl1> ok..I check immediately... 16:39 < Araluccl1> I cant believe im so dumb... 16:40 < dioz> same 16:41 -!- unluckier [~jmk@p57A9E11B.dip.t-dialin.net] has joined #openvpn 16:43 < unluckier> hey! i've got a question, i'm sure it's very noob but i can't figure it out. i made a bridged openvpn setup, and even though everything seems okay, i cannot ping any host in the server's network except for the server itself.. anyone any ideas please? 16:44 < unluckier> !welcome 16:44 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 16:44 < unluckier> !goal 16:44 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc 16:45 < unluckier> !route 16:45 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT or (#3) See !tcpip for more info about a more basic networking guide 16:45 < unluckier> !redirect 16:45 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns 16:46 < unluckier> !ipforward 16:46 <@vpnHelper> "ipforward" is please choose between !linipforward !winipforward !osxipforward and !fbsdipforward 16:46 < unluckier> !linipforward 16:46 <@vpnHelper> "linipforward" is (#1) echo 1 > /proc/sys/net/ipv4/ip_forward for a temp solution (til reboot) or set net.ipv4.ip_forward = 1 in sysctl.conf for perm solution or (#2) chmod +x /etc/rc.d/rc.ip_forward for perm solution in slackware 16:48 < unluckier> !def1 16:48 <@vpnHelper> "def1" is (#1) used in redirect-gateway, Add the def1 flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. or (#2) please see --redirect-gateway in the man page ( !man ) to fully understand or (#3) push "redirect-gateway def1" 16:52 < Araluccl1> ok... i was dumb cause I mispelled the ccd file... now it seems correct but receive a /sbin/ifconfig tun0 10.8.0.14 netmask 10.8.0.13 mtu 1500 broadcast 255.255.255.254 16:52 < Araluccl1> ifconfig: SIOCSIFNETMASK: Invalid argument 16:52 < Araluccl1> I also have a few warnign into server log... can I pastebin them? 16:54 < Araluccl1> http://pastebin.com/dNE7iJqM my server log 16:55 < Araluccl1> ive never had thos openvpn needs a gateway error... when I didnt used topology subnet 16:55 < Araluccl1> butmaybe it depended by the failing ccd file 16:56 < Araluccl1> this is my server.conf http://pastebin.com/B6jZmAQD 16:57 < unluckier> !goal I would like to access the internet over my vpn 16:58 < unluckier> Araluccl1: that's quite a strange netmask. sure that's correct? 16:59 < Araluccl1> not really... I think I messed up a bit the confs... now I clean... plse ignore previous pastebins 17:03 < Araluccl1> ok...this is my actual server.conf 17:03 < Araluccl1> http://pastebin.com/3xtgAckE 17:04 < Araluccl1> this is my server log http://pastebin.com/LdKcTTmy 17:05 < Araluccl1> this is my client.conf http://pastebin.com/t8LiNhzG 17:06 < Araluccl1> this is my ccd file content 17:06 < Araluccl1> ifconfig-push 10.8.0.14 10.8.0.13 17:06 < Araluccl1> iroute 192.168.1.0 255.255.255.0 17:07 < Araluccl1> I receive this error into client log http://pastebin.com/VNmCLE0U 17:07 < unluckier> i'd really try to change that netmask. 17:07 < Araluccl1> 255.255.255.0? 17:08 < unluckier> worth a try - can't know for sure 17:08 < Araluccl1> what do you suggest? 17:08 < Araluccl1> (im really a newbiew...im sorry) 17:09 < unluckier> i suggest trying 255.255.255.0 17:09 < Araluccl1> isnt that correct? 17:09 < unluckier> can't be worse than 10.8.0.13 17:10 < Araluccl1> forgive me...its 1am... :) where dont you see 255.255.255.0 ? :) 17:10 < unluckier> it probably is. can't know for sure without knowing your network. try it and you will see. 17:10 < unluckier> /sbin/ifconfig tun0 10.8.0.14 netmask 10.8.0.13 17:10 < unluckier> that's the command you mentioned at 23:44 17:11 < Araluccl1> ahh... I guess its the combination route / iroute ... 17:11 < unluckier> 24:44 for you i guess 17:11 < Araluccl1> well.. its createf but the irote command I guess... its not mine... :) 17:11 < Araluccl1> ifconfig-push 10.8.0.14 10.8.0.13 17:11 < Araluccl1> this one I guess ? 17:12 < unluckier> so would i - i'm a noob too 17:12 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has quit [Remote host closed the connection] 17:12 < Araluccl1> I have a royte command into server.conf AND a combination ofifconfig-push + iroute into ccd file 17:13 < Araluccl1> I have a route command into server.conf AND a combination ofifconfig-push + iroute into ccd file 17:13 -!- gremly [~gremly@pcsp174-30.supercabletv.net.co] has quit [Quit: WeeChat 0.3.6] 17:13 < Araluccl1> well... i try then 17:13 -!- newl_ [~newl@97.75.165.156] has quit [Ping timeout: 252 seconds] 17:13 -!- newl [~newl@97.75.165.156] has joined #openvpn 17:16 -!- h4x0r` [excon@unaffiliated/respekt] has quit [] 17:19 < Araluccl1> I guess it worked :) 17:21 < unluckier> great! 17:22 < Araluccl1> but this have this one into server log OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route 17:22 < Araluccl1> still 17:22 -!- h4x0r` [h4x0r@79.133.201.84] has joined #openvpn 17:22 -!- h4x0r` [h4x0r@79.133.201.84] has quit [Changing host] 17:22 -!- h4x0r` [h4x0r@unaffiliated/respekt] has joined #openvpn 17:22 < Araluccl1> I guess route 1921.68.1.0 255.255.255.0 is not enought 17:23 < Araluccl1> I guess route 192.168.1.0 255.255.255.0 is not enough 17:26 < Araluccl1> yes... i added 10.8.0.1 as gw and now I dont receive the error... but still I cant ping 192.168.1.1 ... 17:27 < unluckier> okay, welcome to my problem =) assuming 192.168.1.1 is on your server's network 17:28 < Araluccl1> nope... for me 192.168.1.1 is my ip for the client :) 17:28 < Araluccl1> I can ping vpn ip 10.8.0.14 but not its real lan ip 192.168.1.1 17:29 -!- newl [~newl@97.75.165.156] has left #openvpn [] 17:30 -!- cjs226 [~cjs226@99-61-65-242.lightspeed.austtx.sbcglobal.net] has joined #openvpn 17:30 < unluckier> now that you mention it... i can't ping my client either -.0 17:30 < unluckier> -.- 17:31 < Araluccl1> hehe 17:31 < Araluccl1> maybe iptables problem? 17:32 < unluckier> i guess so too. 17:32 < Araluccl1> well..its too late for me... its 1.30am... tomorrow work... ill retyr tomorrow... 17:34 -!- nonotza [~nonotza@66.246.94.130] has quit [Quit: nonotza] 17:36 < tabakhase> push "dhcp-option DOMAIN dom1 dom2 dom3" -> no error but only dom1 is cheked (acording o my ngrep) 17:36 < tabakhase> internet says "pus each ov them with a single push" -> no effect 17:38 -!- misulicus [me@79.115.87.198] has quit [] 17:41 -!- unluckier [~jmk@p57A9E11B.dip.t-dialin.net] has quit [Quit: leaving] 17:47 -!- p3rror [~mezgani@41.249.13.208] has quit [Ping timeout: 240 seconds] 17:56 -!- JackWinter [~jack@ppp-289.vo.lu] has quit [Remote host closed the connection] 17:57 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Read error: Operation timed out] 17:57 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 17:59 -!- h4x0r` [h4x0r@unaffiliated/respekt] has quit [] 17:59 -!- tekzilla [~jon@hmbg-4d06b15e.pool.mediaWays.net] has quit [Ping timeout: 245 seconds] 17:59 -!- h4x0r` [h4x0r@79.133.201.84] has joined #openvpn 17:59 -!- h4x0r` [h4x0r@79.133.201.84] has quit [Changing host] 17:59 -!- h4x0r` [h4x0r@unaffiliated/respekt] has joined #openvpn 17:59 -!- JackWinter [~jack@ppp-289.vo.lu] has joined #openvpn 18:01 -!- tekzilla [~jon@hmbg-4d06f1c4.pool.mediaWays.net] has joined #openvpn 18:11 -!- Araluccl0 [~lallo@151.77.226.107] has joined #openvpn 18:11 -!- Araluccl1 [~lallo@151.77.226.107] has quit [Read error: Connection reset by peer] 18:11 -!- Deathzor [~deathtje@216.67.225.106] has joined #openvpn 18:12 < Deathzor> is there a way to do password auth in vpn but force the client to generated a public private key pair for itself ? 18:14 -!- Denial [Denial@drgi.co.uk] has quit [] 18:16 -!- durando [~quassel@cpe-67-253-41-119.maine.res.rr.com] has left #openvpn ["http://quassel-irc.org - Chat comfortably. Anywhere."] 18:16 < Khas> Do I need to do something special (or ask somewhere special) to get the DNS to get pushed to my android phone? 18:16 -!- p3rror [~mezgani@41.140.35.43] has joined #openvpn 18:19 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 18:19 -!- mode/#openvpn [+v Axeman] by ChanServ 18:19 < krzee> Khas, you need a script to handle it 18:19 < krzee> !pushdns 18:19 <@vpnHelper> "pushdns" is (#1) push "dhcp-option DNS a.b.c.d" to push dns to the client or (#2) http://thread.gmane.org/gmane.network.openvpn.user/25139/focus=25147 see that mail archive for some info on pushing dns or (#3) http://article.gmane.org/gmane.network.openvpn.user/25149 for a perm fix via regedit or (#4) in unix you'll use the update-resolv-conf script or (#5) also 18:19 <@vpnHelper> http://comments.gmane.org/gmane.network.openvpn.user/31975 reports --register-dns as fixing their problems pushing DNS to windows 7 18:20 < Khas> Do any of those tackle android? Cause it's specific to that platform. 18:20 < krzee> #4, although i dunno if that specific script would work actually 18:21 < krzee> ild just change the file instead with a script that works similar to #4 18:21 <+s7r> krzee: how can i setup username & passwd authentication and same client.crt for all clients.. and revoke just the username and password and also , very important, limit the wrong passwd attempts from the same soruce ip address to 3 in 1 minute, then ban that IP for 10 days 18:21 <+s7r> :D 18:21 < Khas> At the moment I've added it directly in openvpn-settings as a static ip, but I'd rather have something more dynamic incase of dns failure on my server heh 18:21 -!- Axeman2 [~Axeman3@openvpn/user/axeman] has joined #openvpn 18:21 -!- mode/#openvpn [+v Axeman2] by ChanServ 18:22 < krzee> oh you'll need to remount the filesystem in the script to get write access 18:22 < krzee> prolly wanna remount readonly after tho 18:23 -!- Axeman2 [~Axeman3@openvpn/user/axeman] has quit [Client Quit] 18:23 < Dev0n> do you set ip_forward to 1 in the server running openvpn or the clients connecting to it ? 18:25 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Ping timeout: 248 seconds] 18:25 < Khas> server 18:26 < Khas> Remember the iptables rules too 18:26 < Khas> :-) 18:26 < Dev0n> Khas, is there a list of iptables rules to look at ? 18:27 < Dev0n> I really not sure what rules I should be adding 18:27 < Khas> !iptables 18:27 <@vpnHelper> "iptables" is (#1) to test if iptables is your problem, disable all rules or put the defaults to accept: iptables -P INPUT ACCEPT; iptables -P OUTPUT ACCEPT; iptables -P FORWARD ACCEPT; iptables -F; iptables -Z or (#2) please see http://openvpn.net/man#lbBD for more info or (#3) you can see http://www.secure-computing.net/wiki/index.php/OpenVPN/Firewall for pf or iptables 18:28 < Khas> Tada :-D 18:28 < Dev0n> cool, thanks :) 18:29 < Dev0n> well, I don't ahve any rules in my iptables 18:30 < Dev0n> iptables -L is empty so 18:30 < Dev0n> that was to disable my firewall right ^ ? 18:31 < Khas> It depends on your firewall configuration. 18:31 < Khas> If you have nothing in iptables, and the default rules are allow, you've basically dropped your pants and bent over the table to the internet ;-) 18:31 < Dev0n> hehe 18:32 < Dev0n> so are there any rules to secure openvp n? 18:33 < Dev0n> I came across this, not sure if those are the rules I'm looking for? http://serverfault.com/questions/39307/linux-ip-forwarding-for-openvpn-correct-firewall-setup 18:33 <@vpnHelper> Title: iptables - Linux IP Forwarding for OpenVPN - correct firewall setup? - Server Fault (at serverfault.com) 18:33 -!- newl [~newl@97.75.165.156] has joined #openvpn 18:34 < Khas> Dev0n: http://openvpn.net/index.php/open-source/documentation/howto.html#redirect 18:34 <@vpnHelper> Title: HOWTO (at openvpn.net) 18:34 < Khas> It's in the howto :-D 18:34 < Khas> That's for forwarding 18:34 < Khas> After that, it's considered normal traffic 18:34 < Khas> So you write whatever rules you wish. 18:35 < Dev0n> ahh, ok but that's for the server running openvpn 18:36 < Dev0n> I'm still trying to figure out the bigger picture on how openvpn works 18:36 < Dev0n> is there a rules for the client side too ? 18:37 -!- s7r [~s7r@openvpn/user/s7r] has left #openvpn [] 18:43 -!- satdav [satdav@shellium/member/firefox.community.satdav] has joined #openvpn 18:43 < satdav> hi guys 18:43 < satdav> !welcome 18:43 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 18:43 < satdav> !goal 18:43 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc 18:43 -!- newl [~newl@97.75.165.156] has left #openvpn [] 18:44 < satdav> !goal I am looking for docs on how to setup openvpn on debain 64 bit 18:47 <@raidz> !goal 18:47 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc 18:48 < satdav> !goal learn how to install openvpn 18:49 <@raidz> !goal 18:49 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc 18:49 < satdav> is it possible to set it up to go on the net vie vpn 18:50 <@raidz> sure you can 18:51 < Dev0n> satdav, you're like me, only few hours ago :D 18:51 < satdav> cool 18:51 < Dev0n> I used: http://serverflux.com/networking/how-to-install-openvpn-on-debian-with-iptables/ 18:51 <@vpnHelper> Title: How To Install OpenVPN on Debian with IPTABLES | ServerFlux - Securing the Internet (at serverflux.com) 18:51 < satdav> I got a no bad doc for it 18:51 < satdav> http://howto.landure.fr/gnu-linux/debian-4-0-etch-en/install-and-setup-openvpn-on-debian-4-0-etch 18:51 < Dev0n> but instead of apt-get install openvpn, I built it from source 18:51 <@vpnHelper> Title: Install and setup OpenVPN on Debian 4.0 Etch Lone-Wolf Scripts (at howto.landure.fr) 18:51 < satdav> cool 18:52 < Dev0n> but rest of the stuff in that config should follow through 18:52 <@raidz> I am pretty sure Debian 4 is passed eol 18:52 < Dev0n> except for the iptables bit which I'm stuck at 18:52 < Dev0n> satdav, assuming you are on like squeeze and not deb 4 =x 18:52 < satdav> I am on squeeze 18:52 <@raidz> good good 18:53 < Dev0n> your article is outdated lol 18:53 < satdav> thats not mine it was a site i found 18:54 < Dev0n> I know, I meant the article you found :P 18:54 < satdav> true 18:54 < satdav> is it still the same steps 18:54 < satdav> as that article 18:55 < Dev0n> use mine 18:55 < Dev0n> err, the articlie that I linked you to 18:55 < Dev0n> article* 18:56 < satdav> cool 18:56 < satdav> I am trying to figure it out 18:57 < Dev0n> great, hope you know more about iptables than I do XD 18:57 -!- Khas [~Khas@5e0bd775.bb.sky.com] has quit [Read error: Connection reset by peer] 18:57 < satdav> I dont 18:57 < h4x0r`> peeps, im on windows, im trying to use my own client to connect to the driver at localhost, what do i have to do? just connect a socket to the driver to bring it up? 18:58 < satdav> I am using putty to connect 19:01 < satdav> I am emailing my host 19:01 < satdav> to do the ip tables bit 19:01 < satdav> as it wont work for me 19:12 -!- h4x0r` [h4x0r@unaffiliated/respekt] has quit [] 19:14 < Dev0n> shit 19:15 < Dev0n> ok so think I may have locked myself out the server 19:15 < Dev0n> can't connect through ssh now 19:15 < Dev0n> and all I did was start the vpnclient :( 19:15 < satdav> cool 19:16 < satdav> Dev0n, what host you with 19:16 < satdav> I am with cheapvps 19:16 < Dev0n> when I say server, it's right next to me 19:16 < Dev0n> lol 19:16 < Dev0n> I'm testing local before I do it on a production system 19:16 < satdav> cool 19:17 -!- Deele [~Mr.D@217.199.115.217] has quit [Ping timeout: 252 seconds] 19:19 < Dev0n> anyoen know why it would lock me out like that ? 19:19 < Dev0n> I can't ping either ips attached to the client now for some reason 19:19 -!- krzee [nobody@openvpn/community/support/krzee] has quit [Quit: This computer has gone to sleep] 19:19 < Dev0n> seems like running the openvpn on client changed the ifconfig :/ 19:20 -!- krzee [nobody@hemp.ircpimps.org] has joined #openvpn 19:20 -!- krzee [nobody@hemp.ircpimps.org] has quit [Changing host] 19:20 -!- krzee [nobody@openvpn/community/support/krzee] has joined #openvpn 19:26 -!- h4x0r` [h4x0r@79.133.201.84] has joined #openvpn 19:26 -!- h4x0r` [h4x0r@79.133.201.84] has quit [Changing host] 19:26 -!- h4x0r` [h4x0r@unaffiliated/respekt] has joined #openvpn 19:26 -!- p3rror [~mezgani@41.140.35.43] has quit [Quit: Leaving] 19:30 -!- Araluccl1 [~lallo@216.231.135.109] has joined #openvpn 19:30 -!- Araluccl0 [~lallo@151.77.226.107] has quit [Read error: Connection reset by peer] 19:31 -!- Araluccl0 [~lallo@151.77.226.107] has joined #openvpn 19:34 -!- Araluccl1 [~lallo@216.231.135.109] has quit [Ping timeout: 252 seconds] 19:37 -!- Araluccl1 [~lallo@216.231.135.109] has joined #openvpn 19:37 -!- Araluccl0 [~lallo@151.77.226.107] has quit [Read error: Connection reset by peer] 19:37 -!- Araluccl0 [~lallo@151.77.226.107] has joined #openvpn 19:38 -!- Araluccl1 [~lallo@216.231.135.109] has quit [Read error: Connection reset by peer] 19:43 -!- _julian_ [~quassel@hmbg-4d069de3.pool.mediaWays.net] has joined #openvpn 19:43 -!- h4x0r` [h4x0r@unaffiliated/respekt] has quit [Remote host closed the connection] 19:44 -!- h4x0r` [h4x0r@79.133.201.84] has joined #openvpn 19:44 -!- h4x0r` [h4x0r@79.133.201.84] has quit [Changing host] 19:44 -!- h4x0r` [h4x0r@unaffiliated/respekt] has joined #openvpn 19:45 -!- datums_nb [~datums@cpe-72-130-14-131.socal.res.rr.com] has joined #openvpn 19:46 -!- _julian [~quassel@hmbg-4d069511.pool.mediaWays.net] has quit [Ping timeout: 248 seconds] 19:48 -!- datums_nb [~datums@cpe-72-130-14-131.socal.res.rr.com] has quit [Read error: Connection reset by peer] 19:49 < Dev0n> ok so running openvpn on my client causes the ips to get blocked from access, except I can access them from the server running openvpn 19:50 < Dev0n> good thing that was possible as I ssh'd in and stop'd openvpn client on the client machine 19:50 < Dev0n> which allowed me to connet normally 19:51 < krzee> !redirect 19:51 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns 19:54 < Dev0n> krzee, I already did that 19:54 < Dev0n> push "redirect-gateway def1 bypass-dhcp" 19:54 < Dev0n> in the server conf 19:54 < Dev0n> actually, let me paste it 19:54 < Dev0n> pastebin even 19:57 < Dev0n> http://bpaste.net/show/nO3Q2aUKmSIUdriiUFLp/ 19:57 < Dev0n> there krzee 19:57 < Dev0n> current config for server and client 19:57 < Dev0n> everytime I run the openvpn client on the client, I get disconnected from it and I am only able to ssh into it through the server 19:58 < krzee> when that happens, can you ping 8.8.8.8? 19:58 < Dev0n> yea I can ping that and 8.8.4.4 fine from both server and client 19:59 < krzee> i see you push dns, and the client is some sort of unix, but the client doesnt have a script to change the dns 19:59 < krzee> !pushdns 19:59 <@vpnHelper> "pushdns" is (#1) push "dhcp-option DNS a.b.c.d" to push dns to the client or (#2) http://thread.gmane.org/gmane.network.openvpn.user/25139/focus=25147 see that mail archive for some info on pushing dns or (#3) http://article.gmane.org/gmane.network.openvpn.user/25149 for a perm fix via regedit or (#4) in unix you'll use the update-resolv-conf script or (#5) also 19:59 <@vpnHelper> http://comments.gmane.org/gmane.network.openvpn.user/31975 reports --register-dns as fixing their problems pushing DNS to windows 7 19:59 < krzee> #4 20:00 < krzee> if you can ping 8.8.8.8 when on the vpn, you have a dns issue, change the ns in resolv.conf by hand and it'll work, then fix it by using the script above in #4 20:00 -!- cjs226 [~cjs226@99-61-65-242.lightspeed.austtx.sbcglobal.net] has quit [] 20:01 < Dev0n> krzee, both client and server are debian squeeze and I can ping them fine without the openvpns running is what I mean 20:01 < Dev0n> not sure if it's different when they are running 20:01 < Dev0n> but the problem is I can't ssh directly into the client when they are running 20:02 < Dev0n> would that be related to DNS or something else / 20:02 < krzee> why would i care without the vpn 20:02 < krzee> try with 20:02 < krzee> oh 20:02 < krzee> !factoids search redirect 20:02 <@vpnHelper> 'redirect' and 'redirect_ips' 20:02 < krzee> !factoids search listen 20:02 <@vpnHelper> "listen-ipv6" is use --proto tcp6 or --proto udp6 ... and it *must* be the development version (!snapshots) ... 2.2.x and earlier don't support this 20:02 < krzee> hrm 20:03 < krzee> !factoids search split 20:03 <@vpnHelper> 'splitdns' and 'splitroute' 20:03 < krzee> !splitroute 20:03 <@vpnHelper> "splitroute" is (#1) https://forums.openvpn.net/topic7175.html to see how to add a second routing table so you can use --redirect-gateway AND still serve things to the internet or (#2) see !route_override for how to override --redirect-gateway for a certain subnet 20:03 < krzee> there ya go, #1 20:05 -!- astrostl [~astrostl@71-11-141-45.dhcp.stls.mo.charter.com] has joined #openvpn 20:06 < pwrcycle> good link 20:07 < krzee> vpnHelper++ 20:12 -!- MeanderingCode [~Meanderin@97-123-14-239.albq.qwest.net] has quit [Remote host closed the connection] 20:15 < Dev0n> nice one krzee 20:15 < Dev0n> now I can stay connected at least 20:15 < Dev0n> :D 20:16 < Dev0n> ok, I can't ping 8.8.8.8 from the client 20:17 < krzee> cat /proc/sys/net/ipv4/ip_forward 20:18 < Dev0n> set to 1 on both 20:19 < krzee> iptables -L -t nat 20:20 < Dev0n> server: MASQUERADE all -- 10.8.0.0/24 dest.hostname | client: nothign 20:20 < Dev0n> I have 2 ips on the client machine and I only want one of the ips to have all its traffic tunnled using the vpn 20:21 < krzee> well thats not especially how it works 20:21 < krzee> its by your routing table 20:23 < Dev0n> oh 20:31 -!- satdav [satdav@shellium/member/firefox.community.satdav] has quit [Quit: Leaving] 20:52 < Dev0n> krzee, I did the update-resolv-conf thing on the client 20:52 < Dev0n> and still can't seem to ping 8.8.8.8 20:54 -!- astrostl [~astrostl@71-11-141-45.dhcp.stls.mo.charter.com] has quit [] 22:00 -!- corretico [~luis@190.211.93.11] has joined #openvpn 22:06 -!- simplechat [~simplecha@123-243-79-139.static.tpgi.com.au] has joined #openvpn 22:06 -!- simplechat [~simplecha@123-243-79-139.static.tpgi.com.au] has quit [Changing host] 22:06 -!- simplechat [~simplecha@unaffiliated/simplechat] has joined #openvpn 22:25 -!- gremly [~gremly@pcsp174-30.supercabletv.net.co] has joined #openvpn 22:52 -!- simplechat [~simplecha@unaffiliated/simplechat] has quit [Remote host closed the connection] 23:12 -!- h4x0r` [h4x0r@unaffiliated/respekt] has quit [Remote host closed the connection] 23:20 -!- h4x0r` [h4x0r@79.133.201.84] has joined #openvpn 23:20 -!- h4x0r` [h4x0r@79.133.201.84] has quit [Changing host] 23:20 -!- h4x0r` [h4x0r@unaffiliated/respekt] has joined #openvpn 23:34 -!- futurestack [~o_o@unaffiliated/futurestack] has left #openvpn [] 23:40 -!- gremly [~gremly@pcsp174-30.supercabletv.net.co] has quit [Quit: WeeChat 0.3.6] 23:59 -!- c1de0x [~c1de0x@208.111.44.254] has joined #openvpn --- Day changed Fri Jan 27 2012 00:29 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 00:33 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 00:57 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has joined #openvpn 01:01 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 01:04 -!- treshoem [~treshoem@ns1.smartcellphonestogo.com] has joined #openvpn 01:13 -!- `Ile` [~Ile@kaniserver.net] has joined #openvpn 01:26 -!- root [~root@14.139.228.210] has joined #openvpn 01:26 < root> hello 01:26 -!- root is now known as pk__ 01:26 < pk__> i have this in my config file ca "C:\\direct\\ca.crt" 01:27 < pk__> is there a way to remove c:\\direct\\ and make openvpn to look for this file in the same directory where config file is 01:31 -!- pk__ [~root@14.139.228.210] has quit [Quit: Lost terminal] 01:44 <@vpnHelper> RSS Update - forum: Should HMAC firewall block client even with 1bit diff key? 01:44 -!- tjz [~pc@unaffiliated/tjz] has quit [Quit: bbl.] 01:51 -!- diffen3 [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has quit [Read error: No route to host] 01:51 -!- diffen3 [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has joined #openvpn 01:55 -!- treshoem [~treshoem@ns1.smartcellphonestogo.com] has quit [Quit: leaving] 02:04 -!- diffen3 [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has quit [Quit: Leaving] 02:04 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has joined #openvpn 02:08 <@vpnHelper> RSS Update - forum: Specifying external IP pool and custom port per client. || Adding new users/certs fails? 02:09 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Quit: UnterPerro] 02:13 < Mowee> Morning peepz 02:19 -!- h4x0r` [h4x0r@unaffiliated/respekt] has quit [Remote host closed the connection] 02:25 < `Ile`> morning 02:28 -!- h4x0r` [h4x0r@79.133.201.84] has joined #openvpn 02:28 -!- h4x0r` [h4x0r@79.133.201.84] has quit [Changing host] 02:28 -!- h4x0r` [h4x0r@unaffiliated/respekt] has joined #openvpn 02:30 -!- mike [3271e5c1@gateway/web/freenode/ip.50.113.229.193] has joined #openvpn 02:30 < mike> hello all o/ 02:31 -!- mike is now known as Guest31865 02:33 -!- Guest31865 [3271e5c1@gateway/web/freenode/ip.50.113.229.193] has left #openvpn [] 02:33 -!- d132e242 [3271e5c1@gateway/web/freenode/ip.50.113.229.193] has joined #openvpn 02:34 < d132e242> I have installed an openvpn server on my vps and i have successfully connected my client, but it doesn't seem that my traffic is going through the vpn. am i missing something? server is on centos and the client its windows 7 02:35 -!- h4x0r` [h4x0r@unaffiliated/respekt] has quit [Remote host closed the connection] 02:38 -!- h4x0r` [h4x0r@79.133.201.84] has joined #openvpn 02:38 -!- h4x0r` [h4x0r@79.133.201.84] has quit [Changing host] 02:38 -!- h4x0r` [h4x0r@unaffiliated/respekt] has joined #openvpn 02:39 -!- dazo_afk is now known as dazo 02:40 -!- jetole [~jetole@66.165.165.169] has joined #openvpn 02:41 <@dazo> d132e242: you probably missed enabling IP forwarding (/proc/sys/net/ipv4/ip_forward and/or same sysctl setting) or its your firewall 02:41 < jetole> Hey guys. I've administered a few openvpn links for years for our office but there has been one thing I have seen time and again that been... well let's say I've found it perplexing and I was wondering if someone could explain it to me... 02:42 < jetole> One of our offices as a 192.168.0.0/24 subnet which I know is a bad subnet but it's age old based on some off the shelf router that was purchased when there were 4 people in the company and since then there has been too many servers on it for anyone to care removing them, anyways, the actual subnets not important but I thought I would mention it. The thing I am wondering is this 02:44 <@vpnHelper> RSS Update - forum: draft HOWTO "Use a Windows CA with OpenVPN" 02:44 < jetole> many road warrior laptops have been setup for employees out of that office that are all running windows xp and the vpn runs as part of the windows service so it starts automatically without user intervention. When they bring their laptop into the office, plug it in and start it up, everything runs fine. Me and a couple of admins have Linux laptops and those are also set to start openvpn automatically but they tend to crash when in that office cause ... 02:44 < jetole> ... they are connecting to the same subnet they are on 02:44 < jetole> so my question is how come windows handles this without a glitch but Linux shits bricks? 02:45 -!- d132e242 [3271e5c1@gateway/web/freenode/ip.50.113.229.193] has quit [Ping timeout: 264 seconds] 02:46 < jetole> I'm looking into this now at the same time I'm asking about it but I'm guessing and willing to bet the routing order on Linux and Windows is different where on windows the openvpn connection probably appends the route after the route for the local subnet exists where on Linux I'm guessing it prepends the route before the route for the current subnet is defined. 02:48 < jetole> though looking at my routing table now on my Linux laptop, that doesn't look like the case 02:50 -!- Azrael808 [~peter@cpc17-walt12-2-0-cust657.13-2.cable.virginmedia.com] has joined #openvpn 02:53 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has quit [Read error: No route to host] 02:53 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has joined #openvpn 02:55 -!- asdf23r4 [3271e5c1@gateway/web/freenode/ip.50.113.229.193] has joined #openvpn 02:55 -!- asdf23r4 [3271e5c1@gateway/web/freenode/ip.50.113.229.193] has quit [Client Quit] 02:55 < jetole> hmmmm... I also wanted to see if I could find a way to write a scipt to not start that connection if it detected I was already on that network but I don't see anything about executing a script prior to connecting to a network 02:55 < jetole> ...so far in the man page 03:01 -!- Denial [Denial@drgi.co.uk] has joined #openvpn 03:01 <@dazo> jetole: openvpn is about establishing a VPN connection, *not when* to establish it ... so what you're looking for is to write your own script which checks the environment and *then* starts openvpn if the conditions are right 03:02 <@dazo> (you kind of don't check if you have the car keys *after* having set yourself into the car seat ... you kind of want to unlock the car *before* you enter the car 03:02 <@dazo> ) 03:08 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 252 seconds] 03:09 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 03:46 -!- noisebleed [~quassel@lula.inescn.pt] has joined #openvpn 03:46 -!- noisebleed [~quassel@lula.inescn.pt] has quit [Changing host] 03:46 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has joined #openvpn 04:13 -!- Homcsi [57e56714@gateway/web/freenode/ip.87.229.103.20] has joined #openvpn 04:15 -!- Homcsi [57e56714@gateway/web/freenode/ip.87.229.103.20] has quit [Client Quit] 04:21 <@vpnHelper> RSS Update - forum: Specifying external IP pool and custom port per client. || Including multiple machines on the client side bridge mode?? || Please help quickly 04:22 -!- Deele [~Mr.D@217.199.115.217] has joined #openvpn 04:23 -!- master_of_master [~master_of@p57B54E20.dip.t-dialin.net] has quit [Ping timeout: 245 seconds] 04:23 < jetole> dazo: while I know I can do so I have init.d start openvpn through the distro openvpn init.d script and it starts many different vpn's. It would be nice to be able to easily add a line in the config file for a particular connection that runs a script and then decides whether or not to connect based on the return value of that script. While you're analogy seems rather unrelated to the context at hand, I still understand your point but at the same time, ... 04:23 < jetole> ... if this option did already exist in openvpn, I find it hard to imagine the public mass declaring outcry that it never should have been developed or implemented in the first place but since I am not a openvpn developer, I can't complain that it's not there. All I can say is that if it were there then there would be nothing wrong with the context for why it was implemented but since it's not, I'm going to have to modify my init.d script to be a ... 04:23 < jetole> ... little bit more cautious about whether it should start a particular connection or not 04:25 -!- prakashkamliya [~prakashka@202.131.123.66] has joined #openvpn 04:25 < jetole> dazo: though do you know why this same config (sans the keys for that particular host) on this same network works flawlessly on windows xp allowing the windows hosts to connect to the local lan all the same whether openvpn is running or not but on Linux it doesn't allow you to connect to the local network unless you shut down that vpn connection. 04:25 <@dazo> jetole: there are even people wanting openvpn to make gold out of steel ... sure we could do that ... but we're trying to do things the Unix way .... many smaller programs which does one particular thing, and do that well ... when you combine them, then you can do amazing things 04:25 -!- master_of_master [~master_of@p57B5545E.dip.t-dialin.net] has joined #openvpn 04:26 <@dazo> jetole: this pre-check feature you want will not come to OpenVPN. End of story. 04:26 < jetole> dazo: well I don't feel the option to run a pre-up script is not the unix way but like I said, I'm not a developer and beggers can't be choosers 04:26 < jetole> dazo: that's ok. I'm content with that 04:27 < jetole> dazo: back to win vs lin, I understand the networking concepts of why the local area connection should not work on the Linux box, I'm perplexed as why it does work on the windows box. Any thoughts? 04:27 <@vpnHelper> RSS Update - forum: Unable to ping behind client from server in Bridge Mode || Site-to-Site Tunnel/IP masquerade question. || Howto run multiple client connection using single daemon 04:27 < prakashkamliya> Can any one help me in explaining howto run multiple client using single daemon ? 04:28 <@dazo> jetole: Last time I really used Windows was back around 2000 ... I don't know how OpenVPN behaves or why it behaves how it does it there 04:29 < `Ile`> jetole can u plz pm me 04:29 <@dazo> jetole: but I know that on Linux, the routes gets all messed up ... as you begin to route your local network via the VPN ... and then at the same time you redirect the connection from the OpenVPN client to the server via the same VPN tunnel 04:29 < jetole> dazo: well thanks anyways and I don't blame you but when you have to take care of a office full of users, sometimes you get stuck having to help them out 04:29 < jetole> `Ile`: about what? 04:30 < jetole> `Ile`: typically if I want to pm someone then I tell them why first 04:30 <@dazo> prakashkamliya: look at --server and --tls-server options in the man page ... or read the !howto 04:30 <@dazo> !howto 04:30 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror 04:30 <@dazo> !man 04:30 <@vpnHelper> "man" is (#1) http://openvpn.net/man for 2.0 manual or (#2) http://openvpn.net/man-beta.html for 2.1 manual or (#3) http://openvpn.net/index.php/open-source/documentation/manuals/427-openvpn-22.html for 2.2 manual or (#4) the man pages are your friend! 04:33 <@vpnHelper> RSS Update - forum: Bridging on the client side, but ip goes to tap0, not br0 04:40 <@vpnHelper> RSS Update - forum: Unable to ping behind client from server in Bridge Mode 04:41 <@dazo> jetole: it would be interesting if you could try the latest openvpn development version (the git tree got updated today) ... We've gotten a new feature implemented from James Yonan which tries to do something more clever with local routes 04:41 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has quit [Quit: This computer has gone to sleep] 04:42 <@dazo> it *might* be that this patch actually solves the issue you see on Linux .... that patch is especially written for Linux 04:42 <@dazo> jetole: http://openvpn.git.sourceforge.net/git/gitweb.cgi?p=openvpn/openvpn.git;a=commitdiff;h=8fc83a2d6cfa44032f38e13fc2f7dbc096f584d9 04:42 <@vpnHelper> Title: SourceForge - openvpn/openvpn.git/commitdiff (at openvpn.git.sourceforge.net) 04:46 <@vpnHelper> RSS Update - forum: Including multiple machines on the client side bridge mode?? || Howto run multiple client connection using single daemon 04:57 <@vpnHelper> RSS Update - forum: Should HMAC firewall block client even with 1bit diff key? || Adding new users/certs fails? 05:07 -!- Deele [~Mr.D@217.199.115.217] has quit [Disconnected by services] 05:07 -!- De`off [~Mr.D@80.233.175.48] has joined #openvpn 05:17 -!- h4x0r` [h4x0r@unaffiliated/respekt] has quit [Remote host closed the connection] 05:18 -!- h4x0r` [h4x0r@79.133.201.84] has joined #openvpn 05:18 -!- h4x0r` [h4x0r@79.133.201.84] has quit [Changing host] 05:18 -!- h4x0r` [h4x0r@unaffiliated/respekt] has joined #openvpn 05:23 -!- BoomSie [~gideon@dw77242112238.amsterdam-tc.dataweb.net] has joined #openvpn 05:28 -!- BoomSie [~gideon@dw77242112238.amsterdam-tc.dataweb.net] has quit [Client Quit] 05:52 -!- simplechat [~simplecha@123-243-79-139.static.tpgi.com.au] has joined #openvpn 05:52 -!- simplechat [~simplecha@123-243-79-139.static.tpgi.com.au] has quit [Changing host] 05:52 -!- simplechat [~simplecha@unaffiliated/simplechat] has joined #openvpn 05:55 < jetole> dazo: thanks. I'll give it a try but I'm not going to be at that location today so I don't really have a valid test grounds per se 05:55 < jetole> hey that rhymed :-) 06:17 -!- ravel_exe [ravel_exe@175.142.201.214] has joined #openvpn 06:22 <@vpnHelper> RSS Update - forum: Error forward 06:34 <@vpnHelper> RSS Update - forum: Error forward 06:36 -!- ravel_cmd [ravel_exe@175.142.201.214] has joined #openvpn 06:39 -!- ravel_exe [ravel_exe@175.142.201.214] has quit [Ping timeout: 252 seconds] 06:44 < prakashkamliya> dazo: tls-server or --server directive allow multiple client to connect to us 06:44 < prakashkamliya> but i want multiple client to connect to different server. i.e running multiple client on single machine using single daemon 06:44 < prakashkamliya> hope you got my question 06:44 <@dazo> so you want one openvpn client to connect to multiple openvpn servers? 06:45 <@vpnHelper> RSS Update - forum: Howto run multiple client connection using single daemon || Unable to ping behind client from server in Bridge Mode 06:46 -!- Deele [~Mr.D@217.199.115.217] has joined #openvpn 06:48 < prakashkamliya> yeah 06:48 -!- De`off [~Mr.D@80.233.175.48] has quit [Ping timeout: 252 seconds] 06:49 <@dazo> prakashkamliya: that's not possible. You need separate openvpn processes for each client connection 06:49 < prakashkamliya> and what about port number 06:49 < prakashkamliya> can i use same in all configurations ? 06:49 -!- ravel_exe [ravel_exe@175.142.201.214] has joined #openvpn 06:49 < prakashkamliya> as it is socket 06:50 < prakashkamliya> *as it is using socket 06:50 <@dazo> prakashkamliya: yes, on the client side, you can connect to the same port number on any remote host multiple times ... but it needs to be done by separate openvpn processes 06:51 < prakashkamliya> okay but i got one problem when i run openvpn --config client1.conf it runs perfectly with no problems 06:51 <@dazo> you might need to use --nobind in your configs ... but that's the only thing which limits you 06:52 < prakashkamliya> but when i run second client it says socket bind failed on local machine []:1194 adress already in use 06:52 <@dazo> you need to use --nobind 06:52 < prakashkamliya> okay...i will try it. 06:53 -!- ravel_cmd [ravel_exe@175.142.201.214] has quit [Ping timeout: 276 seconds] 06:53 < prakashkamliya> dazo: can i have connections such in one its is TUN type and other TAP type 06:53 <@dazo> yes, you can 06:53 -!- ravel_cmd [ravel_exe@175.142.201.214] has joined #openvpn 06:53 < prakashkamliya> thank you very much 06:56 -!- ravel_exe [ravel_exe@175.142.201.214] has quit [Ping timeout: 245 seconds] 06:56 -!- ravel_cmd [ravel_exe@175.142.201.214] has quit [Remote host closed the connection] 06:56 -!- ravel_exe [ravel_exe@175.142.201.214] has joined #openvpn 06:57 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 07:06 -!- ravel_cmd [ravel_exe@175.142.201.214] has joined #openvpn 07:10 -!- ravel_exe [ravel_exe@175.142.201.214] has quit [Ping timeout: 248 seconds] 07:11 -!- ravel_exe [ravel_exe@175.142.201.214] has joined #openvpn 07:13 -!- ravel_cmd [ravel_exe@175.142.201.214] has quit [Ping timeout: 252 seconds] 07:13 -!- Diffen [~diffen@c-217-115-61-226.cust.bredband2.com] has joined #openvpn 07:14 <@vpnHelper> RSS Update - forum: Error forward 07:20 <@vpnHelper> RSS Update - forum: Unable to ping behind client from server in Bridge Mode || Error forward 07:26 <@vpnHelper> RSS Update - forum: Howto run multiple client connection using single daemon 07:32 <@vpnHelper> RSS Update - forum: Bridging on the client side, but ip goes to tap0, not br0 07:37 -!- Araluccl0 [~lallo@151.77.226.107] has quit [Quit: Anche il discorsismo ha un limitismo.] 07:37 -!- Araluccl0 [~lallo@151.77.226.107] has joined #openvpn 07:38 -!- ravel_exe [ravel_exe@175.142.201.214] has quit [Remote host closed the connection] 07:39 -!- ravel_exe [ravel_exe@175.142.201.214] has joined #openvpn 07:44 <@vpnHelper> RSS Update - forum: Error forward 07:45 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Quit: UnterPerro] 07:50 <@vpnHelper> RSS Update - forum: Specific services via VPN (like POP3/SMTP/IMAP), how? || Newbee Help Please 07:56 <@vpnHelper> RSS Update - forum: Would You Use A VPN Provider That Gives You A Static IP? 08:02 <@vpnHelper> RSS Update - forum: Specific services via VPN (like POP3/SMTP/IMAP), how? || Error forward 08:05 < prakashkamliya> dazo: yeah nobind is working, Can you explain me how it is internally working, i mean i have read manual --nobind but it not much clear 08:06 <@dazo> prakashkamliya: when using --port (or --remote ) it sets both --lport and --rport to the same value 08:06 <@dazo> when using --nobind, --lport is not set in client mode 08:07 -!- ravel_cmd [ravel_exe@175.142.201.214] has joined #openvpn 08:10 -!- ravel_exe [ravel_exe@175.142.201.214] has quit [Ping timeout: 240 seconds] 08:10 <@dazo> and when --lport is not set, the OS will automatically use a random port number 08:14 <@vpnHelper> RSS Update - forum: Unable to ping behind client from server in Bridge Mode 08:15 < prakashkamliya> Thank You Very much dazo :) 08:20 <@vpnHelper> RSS Update - forum: Including multiple machines on the client side bridge mode?? 08:25 -!- prakashkamliya [~prakashka@202.131.123.66] has quit [Remote host closed the connection] 08:26 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has joined #openvpn 08:26 <@vpnHelper> RSS Update - forum: Specific services via VPN (like POP3/SMTP/IMAP), how? || Please Review My Site : 08:32 <@vpnHelper> RSS Update - forum: Which one better 08:36 -!- Diffen [~diffen@c-217-115-61-226.cust.bredband2.com] has quit [Quit: This computer has gone to sleep] 08:37 -!- ravel_exe [ravel_exe@175.142.201.214] has joined #openvpn 08:40 -!- ravel_cmd [ravel_exe@175.142.201.214] has quit [Ping timeout: 260 seconds] 08:41 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn 08:41 -!- mode/#openvpn [+v s7r] by ChanServ 08:45 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has quit [Ping timeout: 240 seconds] 08:48 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has joined #openvpn 09:07 -!- ravel_cmd [ravel_exe@175.142.201.214] has joined #openvpn 09:10 -!- ravel_exe [ravel_exe@175.142.201.214] has quit [Ping timeout: 252 seconds] 09:22 -!- KaiForce [~chatzilla@adsl-70-228-98-51.dsl.akrnoh.ameritech.net] has joined #openvpn 09:37 -!- ravel_exe [ravel_exe@175.142.201.214] has joined #openvpn 09:40 -!- ravel_cmd [ravel_exe@175.142.201.214] has quit [Ping timeout: 252 seconds] 09:41 -!- zetsuboudev [~zetsuboud@75-145-60-138-Jacksonville.hfc.comcastbusiness.net] has joined #openvpn 09:42 < zetsuboudev> Assuming the default server config file on a windows server, I' 09:43 < zetsuboudev> I'm* using openvpn as a way to secure tightvnc connections. It works great. However, with those default settings, does all internet traffic (i.e. web browsing, etc) now pass through that VPN, or would it still use the regular lan? 09:45 <@vpnHelper> RSS Update - forum: Error forward 09:46 < krzee> there is no default 09:47 < zetsuboudev> i mean, the sample configuration 09:47 < krzee> unless the configs make it happen, internet is not redirected 09:51 -!- Mp5 [~Mp5@99-59-223-143.lightspeed.jcvlfl.sbcglobal.net] has quit [Read error: Connection reset by peer] 09:52 -!- Mp5- [~Mp5@99-59-223-143.lightspeed.jcvlfl.sbcglobal.net] has joined #openvpn 09:59 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has joined #openvpn 10:00 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has quit [Client Quit] 10:12 -!- ilj [~ilj@sourcemage/grimoire/apprentice/ilj] has joined #openvpn 10:12 < ilj> hi 10:14 < ecrist> not yet. ;) 10:14 < ilj> I setting up a tunnel and I can do so manually. But when I pass --daemon option to openvpn it logs in system logs: openvpn[27330]: daemon() failed: No such device (errno=19) 10:14 <@vpnHelper> RSS Update - forum: OpenVPN Can't ping remote hosts 10:15 < ecrist> !logs 10:15 <@vpnHelper> "logs" is (#1) is please pastebin your logfiles from both client and server with verb set to 5 or (#2) In Tunnelblick, right-click and select copy to copy log text to clipboard. 10:15 < ecrist> !configs 10:15 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries 10:16 -!- ravel_exe [ravel_exe@175.142.201.214] has quit [] 10:17 < ilj> http://pastie.org/3264131 10:18 < ilj> server config is identical, only has proper remote and ip addresses 10:18 < ilj> I mean client config 10:19 < ilj> ok, whatever, I updated the paste and included the client config as well 10:20 -!- gffa [~gffa@unaffiliated/gffa] has joined #openvpn 10:25 < ilj> the tun module is loaded alright 10:25 < ilj> well, as I said I can configure this tunnel manually, but not if I choose to daemonize 10:32 < krzee> ifconfig tun-8-tun 10:33 < krzee> when you use a static device, it must be pre-configured manually 10:33 -!- JackWinter [~jack@ppp-289.vo.lu] has quit [Quit: Konversation terminated!] 10:33 -!- zbrewington [~Grinwood@50.76.170.241] has joined #openvpn 10:33 < zbrewington> !goal 10:33 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc 10:34 < zbrewington> !welcome 10:34 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 10:35 < ilj> I would like to set up this VPN tunnel as outline in configuration (see paste). In fact, I have a dozen of identically configured tunnels already running on this server. But today it referrs to this problem and won't let me daemonize openvpn for this particular new VPN tunnel. 10:36 -!- JackWinter [~jack@ppp-289.vo.lu] has joined #openvpn 10:36 < krzee> [08:32] ifconfig tun-8-tun 10:36 < krzee> [08:33] when you use a static device, it must be pre-configured manually 10:36 < krzee> ilj, ^ 10:36 < ilj> it doesn't exist 10:36 < krzee> theres your problem 10:36 < ilj> unlikely 10:36 < zbrewington> i have what i believe to be a pretty easy question, as i am missing a pretty obvious setup step. clinet : win7 / server: win 2008 => openVPN is connection and i am able to access the server via the openvpn traffic. However getting traffic to route through the server is not happening. i have added the push "redirect-gateway" to the server.ovpn ..but when i do my client is sending traffic traffic 10:36 < zbrewington> to the server. I think the traffic does not know what to do with the traffic it is receining. So my quesiton is how do i get my win 2008 server to route the traffice correctly. i have looked all over the internet and have found very little information (everything speaks of iptables for linux) 10:36 < krzee> if you wanna use a static device such as your config does, you must first make the device 10:36 < krzee> that IS your problem 10:37 < krzee> !winnat 10:37 <@vpnHelper> "winnat" is (#1) http://www.windowsnetworking.com/articles_tutorials/NAT_Windows_2003_Setup_Configuration.html for a guide on setting up NAT in windows or (#2) http://www.nanodocumet.com/?p=14 for windows XP 10:37 < krzee> zbrewington, ^ 10:37 < krzee> !redirect 10:37 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns 10:37 < zbrewington> thanks 10:37 < krzee> !winipforward 10:37 <@vpnHelper> "winipforward" is http://support.microsoft.com/kb/315236 to enable ip forwarding on windows 10:37 < zbrewington> i will look for that 10:38 < ilj> krzee, as I said, I have a dozen of tunnels that I've created in this way and I never had to configure link device prior to that. All I did was: /usr/sbin/openvpn --daemon --writepid /var/run/openvpn/tun-8-tun.pid --config /etc/openvpn/tun-8-tun.conf --cd /etc/openvpn --script-security 2 and ... 10:38 < ilj> ... that's it 10:39 < krzee> why did you come heere asking if you refuse to accept the answer 10:39 < krzee> look at --mktun in the manual 10:39 < ilj> I refuse the answer becaue it doesn't make sense :) 10:40 < ilj> ok I will 10:40 < krzee> !man 10:40 <@vpnHelper> "man" is (#1) http://openvpn.net/man for 2.0 manual or (#2) http://openvpn.net/man-beta.html for 2.1 manual or (#3) http://openvpn.net/index.php/open-source/documentation/manuals/427-openvpn-22.html for 2.2 manual or (#4) the man pages are your friend! 10:41 -!- simplechat [~simplecha@unaffiliated/simplechat] has quit [Remote host closed the connection] 10:42 -!- zbrewington [~Grinwood@50.76.170.241] has quit [Ping timeout: 255 seconds] 10:42 <@vpnHelper> RSS Update - forum: I connect but I see the network 10:44 -!- zbrewington [~Grinwood@50.76.170.241] has joined #openvpn 10:44 <@dazo> ilj: do you use --chroot? 10:45 < krzee> nope, heres his configs: http://pastie.org/3264131 10:46 <@dazo> I just saw a lot more command line arguments in addition 10:46 < krzee> o lol true, looks like linux startup script 10:48 -!- zbrewington [~Grinwood@50.76.170.241] has quit [Ping timeout: 248 seconds] 10:52 < krzee> ilj, sorry, im wrong 10:52 < ilj> krzee, how should I go about creating this tun device without having to kill off a dozen of already running VPN tunnels? It's a production system and essentially breaking the communication channels isn't such a great idea. 10:52 < krzee> thats not your problem 10:52 <@vpnHelper> RSS Update - forum: Error forward 10:52 < ilj> krzee, what is it then? 10:53 < krzee> good question, answer dazo above 10:53 <@dazo> I've looked at the code, and it happens when the daemon() call happens ... and I don't see any particular reason why that should fail 10:54 <@dazo> googling points out very little .... some people have had similar errors with sshd, and then it has been troubles with /dev/null not being a null-device, but a regular file 10:54 < ilj> this is it 10:54 < ilj> regular /dev/null 10:54 < ilj> wth 10:55 < ilj> do you happen to know how can this happen? 10:55 <@dazo> I have no idea 10:55 < ilj> that's a pity 10:55 < ilj> thanks for the poitner though 10:55 < ilj> much appreciated 10:55 <@dazo> ilj: http://www.hyperaxe.com/2008/11/16/sshd-fatal-daemon-failed-no-such-device.htm 10:55 <@vpnHelper> Title: SSHD fatal: daemon() failed: No such device (at www.hyperaxe.com) 10:56 <@dazo> that's one of the better descriptions ... 10:56 < krzee> dazo++ 10:56 < krzee> (stats page keeps karma now) 10:58 -!- s7r [~s7r@openvpn/user/s7r] has left #openvpn [] 11:00 < ilj> dazo, thanks man 11:17 -!- zbrewington [~Grinwood@wealthaccess.com] has joined #openvpn 11:21 -!- zbrewington [~Grinwood@wealthaccess.com] has quit [Ping timeout: 252 seconds] 11:21 -!- zbrewington [~Grinwood@wealthaccess.com] has joined #openvpn 11:23 -!- zbrewington [~Grinwood@wealthaccess.com] has quit [Client Quit] 11:26 -!- luckman212 [~irc@pool-108-41-8-176.nycmny.fios.verizon.net] has joined #openvpn 11:31 < zetsuboudev> After setting up 2.0.9 and getting everything working, I just decided to upgrade to 2.2. I've noticed that the vars.bat has a few extra fields that I can't find an explanation of. 2.0.9 only has the Common Name while 2.2.2 has both Common Name and Name 11:31 < zetsuboudev> What are the differences/consequences of the two? 11:34 < zetsuboudev> nvm, found the difference. Name is referring merely to the filename of the key 11:46 * dazo things we should really hide anything older 2.1.4 in a very very well hidden place 11:47 * dazo also wonders why people find it clever to install software which is getting close to 7 years old without questioning if there might be newer versions available .... 11:47 * dazo is also hungry and grumpy now :-P 11:50 -!- MeanderingCode [~Meanderin@97-123-14-239.albq.qwest.net] has joined #openvpn 11:50 -!- Thiago_Magalhaes [~Thiago@201-57-250-42.poolip.SDR.embratel.net.br] has joined #openvpn 11:50 < Thiago_Magalhaes> hello all 11:51 < Thiago_Magalhaes> may somebody help me? 11:51 < Thiago_Magalhaes> when a connect in the OpenVPN .. my internet connection is down... 11:52 < Thiago_Magalhaes> just de VPN is enabled 11:52 < Thiago_Magalhaes> what option in the .ovpn file is missing?? 11:52 < Thiago_Magalhaes> when i* 11:54 < hyper_ch> dazo: they use debian 11:54 < hyper_ch> or centos 11:55 <@dazo> hyper_ch: centos is no excuse .... EPEL repos got newer versions 11:55 <@dazo> debian .... ugh :/ 11:56 < hyper_ch> everbody <3 debian 11:56 < hyper_ch> debian stable has 2.1.3 11:59 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn 11:59 -!- mode/#openvpn [+v s7r] by ChanServ 12:01 < tabakhase> are there any ways to workaround the issue that pushing multiple dns search domains isnt possible? 12:01 < tabakhase> (clients on windows) 12:01 < hyper_ch> multiple dns search domains? 12:01 < hyper_ch> and I'd blame windows :) 12:03 < tabakhase> Thiago_Magalhaes what redirectGateway are you using if you do so? show your configs, how can you ask "whats missing" without showing what you have already -.- 12:04 < tabakhase> hyper_ch i need splitted zones in my DNS for mapping access levels... and also one zone is dynamicly updated so just as a jornal from my internall DHCP) 12:04 < hyper_ch> that sounds complicated 12:04 < hyper_ch> you sure you need to make it so complicated? 12:06 -!- i0x71 [~i0x71@saisconsulting.com] has joined #openvpn 12:06 < i0x71> hey, i setup openvpn and trying to get the client to route all traffic through the server, what should my routing table look like on the client side 12:06 < i0x71> the setup is routed not bridged 12:06 < tabakhase> hyper_ch im open to alternative soulutions... im using iptables to jail multiple vpn connections, (4 in complete) using -d ! 10.14.x.x. DROP for example) 12:07 < tabakhase> hyper_ch while thats happening i want you to use the global dns 12:07 < tabakhase> global == internal, sory 12:07 -!- dazo is now known as dazo_afk 12:07 < hyper_ch> i0x71: issue: !def1 12:08 < hyper_ch> i0x71: it will explain what you need to do 12:08 < hyper_ch> tabakhase: well, I don't really understand what you're trying to do 12:08 < tabakhase> hyper_ch im typing... 12:09 < i0x71> !def1 12:09 <@vpnHelper> "def1" is (#1) used in redirect-gateway, Add the def1 flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. or (#2) please see --redirect-gateway in the man page ( !man ) to fully understand or (#3) push "redirect-gateway def1" 12:09 < i0x71> hyper_ch: i already added the "push "redirect-gateway def1" 12:10 < hyper_ch> i0x71: where did you do it? 12:10 < i0x71> hyper_ch: for some reason it does not add any routes to the client 12:10 < i0x71> hyper_ch: server.conf 12:10 < hyper_ch> but that should work 12:11 < i0x71> hmm, just tried running the server with --redirect-gateway 12:13 < i0x71> hyper_ch: this is the routing table that it creates on the client: http://pastebin.com/QeWnBgUp 12:13 < i0x71> hyper_ch: 10.10.10.1 is the server vpn ip 12:13 < tabakhase> now asume a server (real network client) is searching for "host4", asking dns for host4, host4.sub, host4.glob.sub, host4.dhcp.sub, host4.offical.tld now host4.glob.sub matches, we get a internal IP and done. ||| now a vpn client (with limited access rights) dose the same, asking dns for host4 while his search is host4.sub, host4.dhcp.sub, host4.offical.tld here no match at all on .sub, 12:13 < tabakhase> so host4.real.tld matches on the official dns server, response is a internet IP and use this route to the host (due your vpn connection is limited to not reach them via the internal network) 12:13 < tabakhase> hyper_ch can you understand? :D 12:14 < i0x71> hyper_ch: for some reason traffic is going through local gateway 12:14 < hyper_ch> i0x71: weird 12:14 < hyper_ch> !configs 12:14 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries 12:15 < i0x71> !def1 12:15 <@vpnHelper> "def1" is (#1) used in redirect-gateway, Add the def1 flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. or (#2) please see --redirect-gateway in the man page ( !man ) to fully understand or (#3) push "redirect-gateway def1" 12:15 < hyper_ch> tabakhase: why don't you push internal dns servers to the client? 12:16 < tabakhase> hyper_ch ? thats what im doing 12:16 < hyper_ch> then I fail to see the problem 12:16 -!- i0x71 [~i0x71@saisconsulting.com] has quit [Quit: leaving] 12:17 < tabakhase> ? on the dns is zone sub zone glob.sub the entry for host4 ill put to blob.sub 12:18 < tabakhase> "when i know "thing" can access these ip blocks using internal routes i set the search domain acording to this" what works fine on servers, but not with openvpn 12:18 < tabakhase> and exacly thats my problem 12:19 -!- i0x71 [~i0x71@178.86.2.40] has joined #openvpn 12:19 < i0x71> any other sugestions 12:19 < tabakhase> making the expansion with serachDomains on the dns server isnt possible ether 12:19 < i0x71> perhaps someone can give an example as to what the routing table should look like if the gw is successfully pushed 12:20 < tabakhase> i0x71 were still waiting on your configs 12:20 -!- zetsuboudev [~zetsuboud@75-145-60-138-Jacksonville.hfc.comcastbusiness.net] has quit [Quit: Leaving] 12:21 < i0x71> oh 12:22 -!- Thiago_Magalhaes [~Thiago@201-57-250-42.poolip.SDR.embratel.net.br] has left #openvpn ["Saindo"] 12:22 < i0x71> client: http://pastebin.com/gM2wuiKE server: http://pastebin.com/Ymce6ygb 12:23 -!- ibins [~Michael@dslb-084-056-088-083.pools.arcor-ip.net] has joined #openvpn 12:24 < tabakhase> that ifconfig stuff looks weird 12:24 < tabakhase> do you just want one pointtopoint? 12:24 < i0x71> well, i simply just want to use the static.key 12:25 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has quit [] 12:25 < i0x71> if you are referring to setting up bridged instead 12:25 < tabakhase> ^^ 12:26 < tabakhase> static keys sucks 12:26 < tabakhase> creating a ca + certificates is exacly 2 minutes thanks to easyrsa whats shipped with openvpn, heck the docs/examples folder 12:26 < Essobi> lol 12:27 < Essobi> Indeed. 12:27 -!- Netsplit *.net <-> *.split quits: Guest5164, JoeGazz84, luckman212, corretico, RichardBronosky, JackWinter, rob0, Azrael808, prg3, chantra, (+3 more, use /NETSPLIT to show all of them) 12:28 -!- rob0 [rob0@harrier.slackbuilds.org] has joined #openvpn 12:28 -!- caesay [~caesay@socialshock.net] has joined #openvpn 12:28 -!- Netsplit over, joins: ostolvis 12:28 -!- rob0 [rob0@harrier.slackbuilds.org] has quit [Changing host] 12:28 -!- rob0 [rob0@pdpc/valentine/postfixninja/rob0] has joined #openvpn 12:28 -!- chantra [~chantra@ns353511.ovh.net] has joined #openvpn 12:28 -!- chantra [~chantra@ns353511.ovh.net] has quit [Changing host] 12:28 -!- chantra [~chantra@unaffiliated/chantra] has joined #openvpn 12:28 -!- Netsplit over, joins: jetole, JackWinter 12:28 -!- Netsplit over, joins: Azrael808 12:28 -!- Netsplit over, joins: corretico 12:28 -!- caesay is now known as Guest45789 12:28 -!- Netsplit over, joins: RichardBronosky 12:29 -!- Netsplit over, joins: epsilon, luckman212 12:29 < tabakhase> i0x71 check http://blog.zugschlus.de/archives/523-EasyRSA-on-Debian-for-an-OpenVPN-CA.html for step by step, but READ, the commands you need are 'hidden' in the text explining what youre doing 12:30 <@vpnHelper> Title: EasyRSA on Debian for an OpenVPN CA - Zugschlusbeobachtungen (at blog.zugschlus.de) 12:30 -!- Netsplit over, joins: prg3 12:35 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has quit [Remote host closed the connection] 12:36 -!- JoeGazz84 [~JoeGazz84@69.164.210.153] has joined #openvpn 12:41 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has joined #openvpn 12:41 < i0x71> thanks 12:42 < krzee> !pki 12:42 <@vpnHelper> "pki" is (#1) http://openvpn.net/index.php/open-source/documentation/howto.html#pki for how to make your PKI stuff (ca, and certs) or (#2) Heres a basic rundown of how it works... The server, client, and ca certs are all signed by the same ca.key. The server and client use the ca.crt to check that eachother were signed by the right ca.key. Optionally, the client also checks that the server cert was signed 12:42 <@vpnHelper> specially as a server (see !servercert) 12:44 < i0x71> in order to add the password auth, would that be done while creating the rsa keys ? 12:45 < tabakhase> afaik not, but give hem certs and take care about the revoke list is the better aproach 12:45 < tabakhase> the pass while creating certs s the passprase for the cert itself, so not directly connected to openvpn user passwords 12:46 <+EugeneKay> i0x71 - There's encryption on the ssl keyfile, and then there's password auth. Separate things entirely. 12:46 < tabakhase> where " for the cert itself" for sure s a "for the key of the client cert" 12:46 < i0x71> i figured 12:47 < i0x71> does anyone have otp working with openvpn ? 12:49 < tabakhase> hm, using authscripts you might be able to setup smth like that on your own... 12:49 < tabakhase> but no idea how to gater userInput at that position... 12:51 -!- Deele [~Mr.D@217.199.115.217] has quit [Ping timeout: 252 seconds] 12:57 -!- Deele [~Mr.D@217.199.115.217] has joined #openvpn 13:02 -!- Deele [~Mr.D@217.199.115.217] has quit [Disconnected by services] 13:02 -!- De`off [~Mr.D@217.199.115.217] has joined #openvpn 13:21 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has joined #openvpn 13:22 -!- s7r [~s7r@openvpn/user/s7r] has quit [Quit: Leaving.] 13:22 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has quit [Client Quit] 13:27 -!- scampbell [~scampbell@mail.scampbell.net] has joined #openvpn 13:27 < hyper_ch> !pki 13:27 <@vpnHelper> "pki" is (#1) http://openvpn.net/index.php/open-source/documentation/howto.html#pki for how to make your PKI stuff (ca, and certs) or (#2) Heres a basic rundown of how it works... The server, client, and ca certs are all signed by the same ca.key. The server and client use the ca.crt to check that eachother were signed by the right ca.key. Optionally, the client also checks that the server cert was 13:28 <@vpnHelper> signed specially as a server (see !servercert) 13:31 -!- Azrael808 [~peter@cpc17-walt12-2-0-cust657.13-2.cable.virginmedia.com] has quit [Ping timeout: 276 seconds] 13:31 <@vpnHelper> RSS Update - forum: Could not execute openvpn, are you sure OpenVPN is installed || OpenVPN Can't ping remote hosts 13:33 -!- h4x0r` [h4x0r@unaffiliated/respekt] has quit [Ping timeout: 252 seconds] 13:40 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 260 seconds] 13:43 -!- i0x71_ [~i0x71@178.86.2.40] has joined #openvpn 13:45 -!- i0x71 [~i0x71@178.86.2.40] has quit [Ping timeout: 245 seconds] 13:51 -!- BoomSie [~gideon@84-245-27-118.dsl.cambrium.nl] has joined #openvpn 13:52 -!- i0x71_ [~i0x71@178.86.2.40] has quit [Ping timeout: 244 seconds] 13:53 -!- i0x71 [~i0x71@saisconsulting.com] has joined #openvpn 14:02 -!- gremly [~gremly@pcsp174-30.supercabletv.net.co] has joined #openvpn 14:08 -!- ilj [~ilj@sourcemage/grimoire/apprentice/ilj] has quit [Ping timeout: 245 seconds] 14:30 -!- i0x71 [~i0x71@saisconsulting.com] has quit [Ping timeout: 252 seconds] 14:32 -!- c1de0x [~c1de0x@208.111.44.254] has quit [Ping timeout: 252 seconds] 14:34 -!- radioxid [~radioxid@78.237.60.197] has joined #openvpn 14:39 -!- JoeGazz84 [~JoeGazz84@69.164.210.153] has quit [Changing host] 14:39 -!- JoeGazz84 [~JoeGazz84@TechEssentials/JoeGazz84] has joined #openvpn 14:41 -!- c1de0x [~c1de0x@208.111.44.254] has joined #openvpn 14:56 -!- radioxid [~radioxid@78.237.60.197] has quit [Quit: Get MacIrssi - http://www.sysctl.co.uk/projects/macirssi/] 15:02 -!- c1de0x [~c1de0x@208.111.44.254] has quit [Ping timeout: 252 seconds] 15:07 -!- misulicus [me@79.115.87.198] has joined #openvpn 15:11 < misulicus> hey guys, got an issue. installed openvpn yesterday..connected worked fine, today i just tried it, i can connect but its like i have no internet, nothing works, not even ping 15:12 < tabakhase> misulicus reboot 15:13 < misulicus> my pc or server? 15:13 < tabakhase> uncorrectly closed connections can realy fuckup your local routing table and thre is no way to fix it propper 15:13 < tabakhase> (it might be possible but when you can reboot, reboot) 15:13 < tabakhase> pc 15:13 < misulicus> ah yea wil try that in a bit 15:13 < misulicus> also another weird thing i saw 15:14 < misulicus> after starting openvpn: #openvpn /etc/openvpn/1194.conf & 15:14 < misulicus> in ps -ax i see 2 proceses for this 15:14 < tabakhase> on the server? 15:14 < misulicus> yeah 15:15 < misulicus> 7559 pts/1 S 0:00 openvpn /etc/openvpn/1194.conf 15:15 < misulicus> 7560 pts/1 S 0:00 openvpn /etc/openvpn/1194.conf 15:15 < misulicus> for example 15:15 < tabakhase> pids are realy close to each other 15:16 < tabakhase> but cant say it without checking, maybe on my servers its the same, never noticed :D 15:18 < misulicus> gonna try rebooting my pc to see if it work 15:18 -!- misulicus [me@79.115.87.198] has quit [] 15:27 -!- c1de0x [~c1de0x@208.111.44.254] has joined #openvpn 15:27 -!- misulicus [~me@79.115.87.198] has joined #openvpn 15:27 < misulicus> yeah well rebooted pc..still not working 15:28 < tabakhase> ok, so ets start debuging 15:28 < tabakhase> !confis 15:28 < tabakhase> !configs 15:28 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries 15:30 < misulicus> server config: http://pastebin.com/YHAb72WJ 15:30 < misulicus> client config: http://pastebin.com/ykNK48RL 15:31 < misulicus> server is centos 15:31 < tabakhase> local SERVERIP is not a valid v4 ip 15:32 < misulicus> i removed my server ip and replaced with SERVERIP 15:34 < tabakhase> wait for it, my pizza just arrived <3 15:34 < misulicus> :D 15:36 < tabakhase> nd replacing ips would only mather when you include passwords in a pase, in that case you rater replace tha password anyway ;D 15:36 -!- spacedust [~info@unaffiliated/cosmicblue] has joined #openvpn 15:36 < spacedust> hi 15:36 < spacedust> i have an openvpn client 15:36 < misulicus> ok good to know :d 15:36 < spacedust> can i give my client an ip address ? 15:37 < tabakhase> whaat 15:37 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Read error: Operation timed out] 15:37 < spacedust> well now it gets it via dhcp from the openvpn server 15:37 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 15:38 < spacedust> and id like to tell the server that i would like to be .10 not .20 15:38 < tabakhase> ifconfig lines on the client 15:39 < spacedust> tabakhase: on the fly ? 15:39 < tabakhase> in your config 15:40 < spacedust> like here : remote 134.28.54.2 15:40 < spacedust> ifconfig 192.168.99.1 192.168.99.2 15:40 < spacedust> cant i do it now already connected ? :) 15:41 < misulicus> i`l wait 15:41 < spacedust> ip addr 15:42 < spacedust> ip del :D 15:42 < spacedust> ftw :D 15:42 < spacedust> its done ! 15:42 < tabakhase> spacedust so dont join tomorrow for asking hw to do it correctly 15:42 < tabakhase> there is ifconfig on the client 15:43 < tabakhase> even better is using ccd on the server and assign an ip there 15:43 < spacedust> yay 15:43 < spacedust> saved the day :D 15:43 < tabakhase> !ccd 15:43 <@vpnHelper> "ccd" is entries that are basically included into server.conf, but only for the specified client based on common-name. use --client-config-dir to enable it, then put the config options for the client in /common-name 15:43 < spacedust> locked myself out btw :P i could ssh into my servers from one ip ... and i changed my clients ip to that ... knocked out the other ip i guess :) heehe or i dunno how there was any conflict :) and then connected 15:44 < spacedust> tabakhase: well i couldnt even connect to the server :)) haha 15:44 < spacedust> just the vpn could 15:44 < spacedust> *i just could to the vpn ... sorry for the former line 15:46 < tabakhase> misulicus *nom nom nom* 15:47 -!- KaiForce [~chatzilla@adsl-70-228-98-51.dsl.akrnoh.ameritech.net] has quit [Quit: ChatZilla 0.9.88 [Firefox 9.0.1/20111220165912]] 15:47 < misulicus> ? 15:50 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 15:53 < tabakhase> finished him. <3 15:55 < tabakhase> misulicus ok, your configs seem fine... 15:56 < tabakhase> is your server maybe blocking the gateway? You might need additional rules for doing that 15:56 < tabakhase> speaking NAT 15:57 < misulicus> well not sure not too linux guru here. yesterday it worked fine 15:57 < misulicus> i asked my hosting, they said they added port tothe firewall 15:57 < misulicus> this is their reply 15:57 < misulicus> http://pastebin.com/EqXp3ici 15:57 <@vpnHelper> RSS Update - forum: Need help with OpenVPN 15:58 < tabakhase> paste an iptables-save 16:01 -!- ibins [~Michael@dslb-084-056-088-083.pools.arcor-ip.net] has quit [Quit: Verlassend] 16:03 < misulicus> http://pastebin.com/HTTrEcAz 16:06 < tabakhase> seems okay too 16:06 < tabakhase> can you verify the vpn getting connected correcly without the redirect-gateway? 16:07 -!- cphuntington97 [~jonathan@64.61.24.18] has quit [Quit: peacin] 16:08 < misulicus> ok how can i check that 16:08 < misulicus> ? 16:10 -!- grnmtn [~grnmtn@pppoe-68-142-35-164.gmavt.net] has joined #openvpn 16:10 -!- grnmtn [~grnmtn@pppoe-68-142-35-164.gmavt.net] has left #openvpn [] 16:12 -!- corretico [~luis@190.211.93.11] has quit [Ping timeout: 276 seconds] 16:13 < spacedust> hmmm 16:14 < spacedust> how come on my vpn server which is behind a nat i cant see dohh ... its udp :P thats why i cant see :) hehehe 16:14 < spacedust> i wanted to say how can i se ethe ESTABLISHED connection :)) 16:15 < spacedust> but then i realized its UDP 16:15 -!- h4x0r` [h4x0r@79.133.201.84] has joined #openvpn 16:15 -!- h4x0r` [h4x0r@79.133.201.84] has quit [Changing host] 16:15 -!- h4x0r` [h4x0r@unaffiliated/respekt] has joined #openvpn 16:19 -!- misulicus [~me@79.115.87.198] has quit [Read error: Connection reset by peer] 16:20 < tabakhase> spacedust you could do tcp to, but not recommended to squeeze tcp in tcp 16:20 -!- misulicus [~me@79.115.87.198] has joined #openvpn 16:20 < misulicus> darn.. 16:21 < misulicus> still no go 16:22 < misulicus> http://pastebin.com/nn75XDZx 16:22 < misulicus> thats the log from openvpn gui 16:23 < spacedust> tabakhase: uhum 16:23 < spacedust> tabakhase: what are the drawbacks ? 16:24 < spacedust> and is there anytime better to use ? or is it sometimes necessary ? 16:24 < tabakhase> !tcp 16:24 <@vpnHelper> "tcp" is (#1) Sometimes you cannot avoid tunneling over tcp, but if you can avoid it, DO. http://sites.inka.de/~bigred/devel/tcp-tcp.html Why TCP Over TCP Is A Bad Idea. or (#2) http://www.openvpn.net/papers/BLUG-talk/14.html for a presentation by James Yonan (OpenVPN lead developer) or (#3) if you must use tcp, you likely want --tcp-nodelay 16:25 * tabakhase loves shortcuts 16:26 <+EugeneKay> !factoids 16:26 <@vpnHelper> "factoids" is A semi-regularly updated dump of factoids database is available at http://www.secure-computing.net/factoids.php 16:30 -!- PBL [b8a1d258@gateway/web/freenode/ip.184.161.210.88] has joined #openvpn 16:32 -!- misulicus [~me@79.115.87.198] has quit [Read error: Connection reset by peer] 16:32 -!- misulicus [~me@79.115.87.198] has joined #openvpn 16:33 < tabakhase> EugeneKay duplicates and broken links \o/ 16:33 < misulicus> mrr 16:34 < misulicus> so annoyed 16:41 < tabakhase> misulicus still "you windows connect as client to server and your pc looses everything" 16:41 -!- mezgani [~mezgani@41.249.1.123] has joined #openvpn 16:42 < tabakhase> without redirect-gw you should end up "nothing"happening, new entrys in "route print" and you should be able to ping the server internaly 16:46 < Essobi> Well.. 16:47 < Essobi> don't make the mistake of handing a route to the client that says route the openvpn servers public IP over the VPN.. :D That turns openvpn into a big blackhole. 16:55 -!- c1de0x [~c1de0x@208.111.44.254] has quit [Ping timeout: 252 seconds] 17:02 -!- vin [~vincent@fsf/member/vin] has joined #openvpn 17:02 < tabakhase> hm, is there anything like "clinet-cmd-exec"? 17:02 < tabakhase> might be possible to create a workaround for the searchDomains on dns then... 17:03 < vin> I have set up a OpenVPN server on my archlinux server and a client on my archlinux client, which works. I can ping both interfaces but I now want to tunnel all my traffic from the client through the server. How do I do this? The guide I followed is this one https://wiki.archlinux.org/index.php/OpenVPN (up to the point of "Starting OpenVPN") 17:03 <@vpnHelper> Title: OpenVPN - ArchWiki (at wiki.archlinux.org) 17:05 < tabakhase> vin so remove push "redirect-gateway def1" 17:05 < tabakhase> as you wouldve seen on the headline "Routing traffic through the server" 17:06 -!- Denial [Denial@drgi.co.uk] has quit [Ping timeout: 252 seconds] 17:06 -!- Denial [Denial@drgi.co.uk] has joined #openvpn 17:06 < vin> tabakhase: because tthat was under "deprecated" i thought that there was a better way to do it 17:07 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 252 seconds] 17:08 < tabakhase> dont know why it is there... 17:08 < tabakhase> thats "the way" to do so.... 17:10 < vin> thanks, that worked! 17:11 < vin> tabakhase: can I ask you one more thing? In my example configuration file the push 17:11 < vin> "redirect .... 17:11 < vin> " 17:11 < vin> line has bypass-dhcp 17:12 -!- c1de0x [~c1de0x@208.111.44.254] has joined #openvpn 17:12 < vin> sorry for the extra newlines, typing skills suck :S 17:12 < vin> but should I keep that bypass-dhcp or not? 17:14 < tabakhase> !dhcp 17:14 <@vpnHelper> "dhcp" is redirect-gateway bypass-dhcp gets around the problem of DHCP packets to the local DHCP server being incorrectly routed into the tunnel. Available in 2.1 17:14 -!- misulicus [~me@79.115.87.198] has quit [Ping timeout: 240 seconds] 17:14 -!- misulicus1 [~me@184.173.10.92-static.reverse.softlayer.com] has joined #openvpn 17:14 < misulicus1> tabakhase: oke question. i ran this command on the server and now i can browse fine 17:14 < misulicus1> echo 1 > /proc/sys/net/ipv4/ip_forward 17:15 < misulicus1> could this be cause of server reboot ? 17:15 < misulicus1> not getting saved 17:15 < vin> tabakhase: thanks for the help! 17:15 < tabakhase> misulicus1 if you just run it for sure its not saved! 17:16 < misulicus1> ok dunno how to save it :( 17:17 < tabakhase> misulicus1 "technical it could be setted on many positions" 17:18 < tabakhase> init.d, sysconfig, defaults, init.d of firewall, even in the init of openvpn could be possible, check what suits your setup.. 17:20 < misulicus1> should do it right ? 17:22 -!- PBL [b8a1d258@gateway/web/freenode/ip.184.161.210.88] has quit [Ping timeout: 245 seconds] 17:24 < misulicus1> ok got one more q 17:24 < misulicus1> with this server config: 17:24 < misulicus1> server 1.2.3.0 255.255.255.0 17:24 < misulicus1> and iptables: -s 1.2.3.0/24 17:24 < misulicus1> how many connections can i assign ip`s to ? 17:27 -!- emmanuelux [~emmanuel@2a01:e35:2e4d:9010:21d:60ff:fe0e:b818] has quit [Ping timeout: 240 seconds] 17:27 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has quit [Remote host closed the connection] 17:27 < tabakhase> wheres the q? 17:28 < misulicus1> thats my q, how many IP`s can i give to users with that configuration 17:30 < misulicus1> simultanuosly 17:30 < tabakhase> netmask... 17:31 < misulicus1> ok so 254 17:32 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has joined #openvpn 17:32 < misulicus1> is it ok to use /16 instead to allow more connextions ? 17:33 < tabakhase> sure, but im hating your 1. ips 17:33 < misulicus1> well dunno what else to put :D 17:33 < tabakhase> private ips 17:34 < tabakhase> 10./ 178.16/ and 192.168/ 17:34 < tabakhase> http://en.wikipedia.org/wiki/Private_network 17:34 <@vpnHelper> Title: Private network - Wikipedia, the free encyclopedia (at en.wikipedia.org) 17:34 < ostolvis> 172.16/-172.31/ 17:34 < tabakhase> s/178/172/ 17:35 < misulicus1> ok so for example: 17:35 < misulicus1> server 172.16.0.0 172.31.255.255 will work right ? 17:35 < misulicus1> abnd then 17:36 < misulicus1> -s 172.16.0.0/24 17:36 < misulicus1> ? 17:36 < misulicus1> or /20 ? 17:36 < tabakhase> but note that a few ranges are having common usecases, like 192.168.0-1./ for your home network... 17:36 < tabakhase> 172.31.255.255 is NOT a netmask lol 17:37 < tabakhase> misulicus1 take a trip to http://jodies.de/ipcalc 17:37 <@vpnHelper> Title: IP Calculator / IP Subnetting (at jodies.de) 17:37 < misulicus1> thats where i am 17:37 <@vpnHelper> RSS Update - forum: OpenVPN Elliptic Curves (SHA512, ECDSA, ECDH, Linux, Debian) 17:38 < misulicus1> ok so then 17:38 < misulicus1> server 172.16.0.0 255.255.0.0 and -s 172.16.0.0/16 right ? 17:38 <+EugeneKay> Using a whole /16 for a VPN is a bit.... excessive 17:39 < misulicus1> yeah but just wanting to be safe 17:39 < misulicus1> from what i see /24 is only 254 connections 17:39 -!- misulicus1 is now known as misulicus 17:40 < misulicus> just want to allow more than 254 17:42 < tabakhase> a /19 should be fine hm= 17:43 < tabakhase> and you might wanne start on 172.16.32.0/19 or so, havng the beginning of that rnge not spammed with vpn stuff 17:43 < misulicus> ok kewl thanks 17:44 < tabakhase> so now tell me how to solve my problem please 17:45 < misulicus> now if only i could figure out a way for user management and not pam thing 17:45 < misulicus> what problem ? 17:46 < tabakhase> windows dosnt accept multiple dns search-domains 17:46 < tabakhase> at lest not when recived via push line.. 17:47 -!- De`off [~Mr.D@217.199.115.217] has quit [Ping timeout: 252 seconds] 17:47 < misulicus> no clue mate :d 17:47 < tabakhase> *grr* 17:48 < tabakhase> somehow your answer is NOT solving my problem! 17:48 < tabakhase> i even tryed typing it in backwards, he sayed "syntax error" =( 17:52 -!- corretico [~luis@190.211.93.11] has joined #openvpn 17:54 -!- ostolvis [~ostolvis@108.162.156.19] has quit [] 18:00 -!- tekzilla [~jon@hmbg-4d06f1c4.pool.mediaWays.net] has quit [Ping timeout: 252 seconds] 18:01 -!- tekzilla [~jon@hmbg-4d06f15a.pool.mediaWays.net] has joined #openvpn 18:05 <@vpnHelper> RSS Update - forum: Specifying external IP pool and custom port per client. 18:08 -!- misulicus [~me@184.173.10.92-static.reverse.softlayer.com] has quit [Ping timeout: 260 seconds] 18:10 -!- Denial [Denial@drgi.co.uk] has quit [] 18:39 -!- spacedust [~info@unaffiliated/cosmicblue] has left #openvpn [] 18:39 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has quit [Remote host closed the connection] 18:44 -!- h4x0r` [h4x0r@unaffiliated/respekt] has quit [Read error: Connection reset by peer] 18:47 -!- h4x0r` [h4x0r@79.133.201.84] has joined #openvpn 18:47 -!- h4x0r` [h4x0r@79.133.201.84] has quit [Changing host] 18:47 -!- h4x0r` [h4x0r@unaffiliated/respekt] has joined #openvpn 18:52 -!- h4x0r` [h4x0r@unaffiliated/respekt] has quit [Remote host closed the connection] 18:53 -!- h4x0r` [h4x0r@79.133.201.84] has joined #openvpn 18:53 -!- h4x0r` [h4x0r@79.133.201.84] has quit [Changing host] 18:53 -!- h4x0r` [h4x0r@unaffiliated/respekt] has joined #openvpn 18:56 -!- pranq_ [pranq@bbis.us] has quit [Changing host] 18:56 -!- pranq_ [pranq@unaffiliated/contempt] has joined #openvpn 19:00 -!- pranq_ is now known as pranq 19:06 < tabakhase> hm 19:12 -!- cron2 [~gert@openvpn/community/developer/cron2] has quit [Ping timeout: 252 seconds] 19:13 -!- rooth [rooth@ge.mig.en.redfox.nu] has quit [Ping timeout: 260 seconds] 19:19 -!- rooth [rooth@ge.mig.en.redfox.nu] has joined #openvpn 19:37 -!- Araluccl0 [~lallo@151.77.226.107] has quit [Quit: Anche il discorsismo ha un limitismo.] 19:37 -!- Araluccl0 [~lallo@151.77.226.107] has joined #openvpn 19:47 -!- cron2 [~gert@kirk.greenie.muc.de] has joined #openvpn 19:52 -!- ostolvis [~ostolvis@108.162.156.19] has joined #openvpn 19:53 < tabakhase> arrrg god damn! 19:54 < tabakhase> when i use my network dhcp for the vpn 19:54 < tabakhase> it "seems" to transmitt all the dns-domains into the client 19:54 < tabakhase> but dose he care when looking up a hostname? FOR SURE NOT! 19:56 < tabakhase> and also it seems impossible the overwrite the gateway the dhcp is pushing =( 20:00 -!- treshoem [~treshoem@ns1.smartcellphonestogo.com] has joined #openvpn 20:26 -!- h4x0r` [h4x0r@unaffiliated/respekt] has quit [Remote host closed the connection] 20:26 -!- h4x0r` [h4x0r@79.133.201.84] has joined #openvpn 20:26 -!- h4x0r` [h4x0r@79.133.201.84] has quit [Changing host] 20:26 -!- h4x0r` [h4x0r@unaffiliated/respekt] has joined #openvpn 20:29 < ecrist> iirc, you're looking for -no-gw 20:29 < ecrist> and the dhcp-option 20:29 < ecrist> or 20:29 < ecrist> !def1 20:29 <@vpnHelper> "def1" is (#1) used in redirect-gateway, Add the def1 flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. or (#2) please see --redirect-gateway in the man page ( !man ) to fully understand or (#3) push "redirect-gateway def1" 20:46 < tabakhase> ecrist problem is win related 20:46 < tabakhase> in fucking up the dnssuffix, not interpretting "domain domain2" as 2 individaul domains 20:46 <+EugeneKay> Probably a windows failing 20:46 < tabakhase> trying to ping a host on the linux machine rsults in a request for host.domain1 and an additinal tcp paket asking for host.domain2 (verified by grep) 20:47 < tabakhase> windows sends only one, namely "host.domain1 domain2" 20:47 < tabakhase> that dumpass -.- 21:04 < tabakhase> so, how am i going to targetting that issue? 21:05 <+EugeneKay> Only use one domain? 21:06 -!- APTX [APTX@unaffiliated/aptx] has quit [Ping timeout: 252 seconds] 21:06 < tabakhase> means no comfortable "secure" ddns zone, and the fancy "discover lan ips only when you have access to this level of network" wont work 21:07 < tabakhase> (im jailing virtualServers to 10.14./ for example while others are allowed to use 10./ in total 21:08 < tabakhase> 10.14. shouldn get the route to host.lan via 10.2.3.1, he should ask host.offical.tld and get none or 123.32.22.22(public ip) 21:13 < tabakhase> so on the server side thats fine, just not on windows clients.... maybe i can make a policy "no domain to vpn clients at all" and force them to always use the full hostname (99% of the vpning is just to login into a server behind the vpn anyway 21:13 < tabakhase> only a few rare cases the vpn client would make "real network access"... 21:15 < tabakhase> thats also removing a few security problems then... having dhcp zone where users can create hostnames dnamic and using that in a "real user" search domain might be a bit dangerous anyway.. 21:15 -!- APTX [APTX@unaffiliated/aptx] has joined #openvpn 21:15 * EugeneKay blinks 21:15 * tabakhase changes his hostname to google.com 21:16 <+EugeneKay> I'd ask for a diagram, but that just sounds like.... a mess. 21:16 < tabakhase> it IS a mess, but im just experimenting and searching for the sullution that suits my needs so ts okay 21:17 < tabakhase> i think i reinstalled the server from scratch at least 20 times within the last week 21:19 < tabakhase> same as the dhcp and dns stuff, never done before :D 21:19 -!- MeanderingCode_ [~Meanderin@97-123-0-8.albq.qwest.net] has joined #openvpn 21:22 -!- MeanderingCode [~Meanderin@97-123-14-239.albq.qwest.net] has quit [Ping timeout: 252 seconds] 21:24 -!- lakewood [~user@99-45-120-223.lightspeed.cicril.sbcglobal.net] has joined #openvpn 21:33 -!- krzee [nobody@openvpn/community/support/krzee] has quit [Quit: This computer has gone to sleep] 21:51 -!- lakewood [~user@99-45-120-223.lightspeed.cicril.sbcglobal.net] has quit [Remote host closed the connection] 22:20 -!- gremly [~gremly@pcsp174-30.supercabletv.net.co] has quit [Quit: WeeChat 0.3.6] 22:26 -!- dnine [3271e5c1@gateway/web/freenode/ip.50.113.229.193] has joined #openvpn 22:26 < dnine> !configs 22:26 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries 22:27 < dnine> !paste 22:27 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into pastebin or a similar website, or (#2) ie: www.pastebin.ca 22:33 -!- dnine [3271e5c1@gateway/web/freenode/ip.50.113.229.193] has quit [Ping timeout: 245 seconds] 22:51 -!- g5d3d3 [3271e5c1@gateway/web/freenode/ip.50.113.229.193] has joined #openvpn 22:51 < g5d3d3> I need a little help plz. client can connect, but no internet connectivity. my conf files: http://www.pastebin.ca/2106954 22:56 < g5d3d3> i think i need to set a rule in iptables but im not sure how to do it :/ 23:07 -!- Xgates [~Xgates@unaffiliated/xgates] has joined #openvpn 23:08 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 23:08 < Xgates> hi, I'm trying to get my client.conf to have log enabled to a file; 'log-append /var/log/openvpn.log' if I try that command OpenVPN doesn't start, how do I get logging to a file? 23:09 -!- g5d3d3 [3271e5c1@gateway/web/freenode/ip.50.113.229.193] has quit [Ping timeout: 245 seconds] 23:10 -!- saf324 [3271e5c1@gateway/web/freenode/ip.50.113.229.193] has joined #openvpn 23:10 < Xgates> brb 23:10 -!- Xgates [~Xgates@unaffiliated/xgates] has quit [Client Quit] 23:10 < saf324> did he reply to my question when i was gone? 23:11 < saf324> my client can connect to my server but has no internet access: http://www.pastebin.ca/2106954 23:11 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 23:12 -!- Xgates [~Xgates@unaffiliated/xgates] has joined #openvpn 23:13 < Xgates> log-append /var/log/openvpn.log or log /var/log/openvpn.log won't let me start OpenVPN and I thought one of these command placed in the .confg allows for logging to a specified file? 23:13 < Xgates> one the client.conf I mean... 23:14 < Xgates> anyone here can help me with this? 23:22 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 23:26 < saf324> :/ 23:27 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 23:36 < Xgates> anyone help please? 23:38 -!- Xgates [~Xgates@unaffiliated/xgates] has quit [Quit: Xgates] 23:40 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 23:43 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 23:46 -!- saf324 [3271e5c1@gateway/web/freenode/ip.50.113.229.193] has quit [Quit: Page closed] 23:51 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 23:54 -!- emmanuelux [~emmanuel@2a01:e35:2e4d:9010:21d:60ff:fe0e:b818] has joined #openvpn 23:56 -!- hitekrednek [~new@static24-72-49-17.r.rev.accesscomm.ca] has joined #openvpn --- Day changed Sat Jan 28 2012 00:06 -!- scampbell [~scampbell@mail.scampbell.net] has quit [Remote host closed the connection] 00:13 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 00:24 -!- ilj [~ilj@sourcemage/grimoire/apprentice/ilj] has joined #openvpn 00:29 <@vpnHelper> RSS Update - forum: [ASK] Client-disconnect not run openvpn with mysql || Adding new users/certs fails? 00:41 <@vpnHelper> RSS Update - forum: Adding new users/certs fails? 00:41 -!- simplechat [~simplecha@123-243-79-139.static.tpgi.com.au] has joined #openvpn 00:41 -!- simplechat [~simplecha@123-243-79-139.static.tpgi.com.au] has quit [Changing host] 00:41 -!- simplechat [~simplecha@unaffiliated/simplechat] has joined #openvpn 00:59 -!- ilj [~ilj@sourcemage/grimoire/apprentice/ilj] has left #openvpn [] 01:22 -!- Khas [~eoghan@ewangunn.com] has joined #openvpn 01:22 < Khas> !wins 01:22 <@vpnHelper> "wins" is http://oreilly.com/catalog/samba/chapter/book/ch07_03.html is a good link for seeing how to run WINS on samba 01:29 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 01:35 -!- SigmaProjects [~SigmaProj@cpe-66-74-191-116.socal.res.rr.com] has joined #openvpn 01:46 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 01:51 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 02:01 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 02:06 -!- Khas [~eoghan@ewangunn.com] has quit [Ping timeout: 244 seconds] 02:06 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 02:25 -!- cron2 [~gert@kirk.greenie.muc.de] has quit [Changing host] 02:25 -!- cron2 [~gert@openvpn/community/developer/cron2] has joined #openvpn 02:49 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 02:52 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 03:04 -!- mattock [~samuli@openvpn/corp/admin/mattock] has left #openvpn [] 03:34 -!- Denial [Denial@drgi.co.uk] has joined #openvpn 03:51 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 252 seconds] 03:52 -!- takamichi [~pri@217.23.4.104] has joined #openvpn 03:52 -!- koshie [~koshie@sd-26936.dedibox.fr] has joined #openvpn 03:52 < koshie> Hi 03:55 < koshie> The README of Openvpn says to create a subdirectory to store rsa key in an other place than the easy-rsa directory because clean-all will erase this directory. There is a «good place» to store this directory ? Maybe /usr/share/openvpn/keys ? 03:56 -!- DeltachaosDeskto [~deltachao@ip-78-94-62-93.unitymediagroup.de] has joined #openvpn 03:57 < koshie> Also I've an other question, with RPM distribution (I'm using CentOS 6.2) I need to cp /usr/share/easy-rsa because an upgrade will erase my configuration. I need to work in /etc/openvpn/easy-rsa or in /usr/share/openvpn/ ? 04:01 < DeltachaosDeskto> is it possible to brige a openvpn network interface to a vm? 04:02 < DeltachaosDeskto> that i have a connection in the vm without installing an openvpn client there? 04:07 -!- h4x0r` [h4x0r@unaffiliated/respekt] has quit [] 04:09 -!- kerfe [~a@51.pool85-60-134.dynamic.orange.es] has joined #openvpn 04:17 -!- simplechat [~simplecha@unaffiliated/simplechat] has quit [Remote host closed the connection] 04:23 -!- master_of_master [~master_of@p57B5545E.dip.t-dialin.net] has quit [Ping timeout: 248 seconds] 04:25 -!- master_of_master [~master_of@p57B54B22.dip.t-dialin.net] has joined #openvpn 04:38 -!- koshie [~koshie@sd-26936.dedibox.fr] has quit [Quit: leaving] 04:42 -!- gallatin [~gallatin@dslb-178-006-213-251.pools.arcor-ip.net] has joined #openvpn 04:44 -!- takamichi [~pri@217.23.4.104] has quit [Read error: Operation timed out] 04:44 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 04:58 <@vpnHelper> RSS Update - forum: Attendance Software 05:09 -!- ravel_exe [~ravel_exe@175.142.201.214] has joined #openvpn 05:16 -!- Dweezahr [~Dweezahr@flits102-34.flits.rug.nl] has quit [Ping timeout: 245 seconds] 05:17 -!- Dweezahr [~Dweezahr@flits102-34.flits.rug.nl] has joined #openvpn 05:24 -!- BoomSie [~gideon@84-245-27-118.dsl.cambrium.nl] has quit [Ping timeout: 252 seconds] 05:25 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 252 seconds] 05:25 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 05:34 -!- mete [~mete@178.209.50.247] has joined #openvpn 05:45 -!- ravel_exe [~ravel_exe@175.142.201.214] has quit [] 05:53 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn 05:53 -!- mode/#openvpn [+v s7r] by ChanServ 05:58 -!- krphop_ [~krphop@watch.out.the.feds.are.rightbehind.us] has quit [Ping timeout: 252 seconds] 06:00 -!- krphop [~krphop@watch.out.the.feds.are.rightbehind.us] has joined #openvpn 06:18 <@vpnHelper> RSS Update - forum: Please Review My Site : 06:24 <@vpnHelper> RSS Update - forum: Please Review My Site : 06:28 -!- simplechat [~simplecha@123-243-79-139.static.tpgi.com.au] has joined #openvpn 06:28 -!- simplechat [~simplecha@123-243-79-139.static.tpgi.com.au] has quit [Changing host] 06:28 -!- simplechat [~simplecha@unaffiliated/simplechat] has joined #openvpn 06:51 -!- ibins [~Michael@2001:6f8:1c60:7777:21a:4dff:fe66:600c] has joined #openvpn 06:56 -!- gremly [~gremly@pcsp174-30.supercabletv.net.co] has joined #openvpn 07:13 < Araluccl0> hi, does anyone know how/if I could route selective traffic (only Hulu.com video steaming) to a selected subnet ip (my media center which doesnt and can't have openvpn installed) 07:14 < Araluccl0> I can ping my MC ip... I could put route directives into .conf if I could install openvpn on it...but there is no binary available for it 07:15 < Araluccl0> of course I could use route-gateway def1 bt I only need selected traffic to be routed ...and only to selected ips 07:16 < Araluccl0> (i meant redirect-gateway def1) 07:17 < Araluccl0> ...not to mention that hulu is a bit temperamental cause uses a lot of load balancing so has different server ips... 07:21 -!- matsim [~matsim@dilatino.soleus.nu] has left #openvpn ["WeeChat 0.3.0"] 07:27 -!- ObamaIsAGangsta [~leno81@208.111.39.186] has joined #openvpn 07:30 < ObamaIsAGangsta> howdy 07:37 -!- Araluccl0 [~lallo@151.77.226.107] has quit [Quit: Anche il discorsismo ha un limitismo.] 07:37 -!- Araluccl0 [~lallo@151.77.226.107] has joined #openvpn 07:43 < ObamaIsAGangsta> anyone have a batch file for making many certs/keys at once? 07:48 -!- krzee [nobody@hemp.ircpimps.org] has joined #openvpn 07:48 -!- krzee [nobody@hemp.ircpimps.org] has quit [Changing host] 07:48 -!- krzee [nobody@openvpn/community/support/krzee] has joined #openvpn 07:49 -!- gallatin [~gallatin@dslb-178-006-213-251.pools.arcor-ip.net] has quit [Quit: Client exiting] 07:55 < Araluccl0> hi, does anyone know how/if I could route selective traffic (only Hulu.com video steaming) to a selected subnet ip (my media center which doesnt and can't have openvpn installed) 07:59 < krzee> kinda 08:01 < krzee> you could run openvpn on any machine in the lan 08:02 < krzee> then the media center must route hulu subnets through that machine 08:02 < krzee> and that machine must NAT the vpn subnet, have ip forwarding on, and be set to route *at least* the hulu subnets through the vpn 08:07 < Araluccl0> my MC cant run oepvpn... but I have it fully working on my openwrt roter 08:08 -!- DeltachaosDeskto [~deltachao@ip-78-94-62-93.unitymediagroup.de] has quit [Ping timeout: 272 seconds] 08:08 < Araluccl0> and I can successfully ping my MC lan ip from everywhere... 08:09 < Araluccl0> I found this http://darranboyd.wordpress.com/2011/11/16/strongvpn-pptp-on-dd-wrt-%E2%80%93-source-based-routing-improved/#comment-149 08:09 <@vpnHelper> Title: StrongVPN PPTP on DD-WRT – Source based routing (improved) « Darran Boyd (at darranboyd.wordpress.com) 08:09 < Araluccl0> it redirects stuff to specified ip even if not a vpn client... but redirects ALL stuff 08:10 < Araluccl0> at least if I understood correctly... really newbie in roputing stuff 08:10 < Araluccl0> I need something like this but only for HULU stuff... not for example... newsserver and torrent stuff 08:14 < krzee> instead of redirect-gateway you will just use the route command 08:15 < krzee> like route 10.0.0.0 255.255.255.0 would send all traffic to 10.0.0.X over the vpn 08:15 < Araluccl0> im doing this... but into a .conf for an actual vpn client... 08:15 < Araluccl0> # hulu / akamai 08:15 < Araluccl0> route 77.67.0.0 255.255.128.0 10.8.0.10 08:15 < Araluccl0> route 80.128.0.0 255.224.0.0 10.8.0.10 08:15 < krzee> (in the config) 08:15 < krzee> so you do that with the hulu subnets, then your vpn server must have ip forwarding enabled, and it must NAT the vpn subnet 08:16 < krzee> like i said earlier 08:16 < krzee> !redirect 08:16 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns 08:16 < Araluccl0> but my MC cant be a real vpn client 08:16 < Araluccl0> so no .conf for it... 08:16 < krzee> it will do that, but instead of redirecting everything, you only redirect hulu subnets 08:17 < Araluccl0> ok.. if I understoof... into my router.con I add rote directives... and it will use vpn tunl fopr thoose ips 08:17 < krzee> dude i dont care what machine runs it 08:17 < krzee> [06:01] you could run openvpn on any machine in the lan 08:17 < krzee> [06:02] then the media center must route hulu subnets through that machine 08:17 < krzee> [06:02] and that machine must NAT the vpn subnet, have ip forwarding on, and be set to route *at least* the hulu subnets through the vpn 08:17 < krzee> are you reading what i say? 08:18 < Araluccl0> yes... just newbie 08:18 <+s7r> krzee: route in client config or route ? 08:18 < Araluccl0> with that config... HULU suff will be used by ALL sublan right? 08:18 < Araluccl0> ahhh 08:18 < Araluccl0> destination ip 08:19 < Araluccl0> ok 08:19 < Araluccl0> with this config ALL my subnet will use vpn tunnel for hulu riught? 08:19 < Araluccl0> not just mu MC 08:20 < Araluccl0> sorry if I repeat the question :) 08:21 <+s7r> yes Araluccl0 all devices BEHIND the router which is running the openvpn with config as krzee said 08:21 <+s7r> everything downstream that router 08:21 < Araluccl0> ok 08:21 < Araluccl0> thats nie for me... im in italy so I coldnt use hulu wuth my gateway... 08:21 <+s7r> traffic to destination IP hulu will be routed via the vpn 08:21 < Araluccl0> nice 08:22 <+s7r> no problem 08:22 <+s7r> krzee: could you please clarify what i have asked, sorry 08:22 <+s7r> 4:18:13 PM) s7r: krzee: route in client config or route 08:22 < Araluccl0> now... i tried this solution.. it ahppens that HULU is really tricky to find actual video server ips 08:23 < Araluccl0> I tried about 10 different ip class... still geobanned 08:23 <+s7r> yes a site that big has many IPs for the website only, and the videos are streamed via other ips 08:23 <+s7r> it's too much wbesite to sit on one server one ip 08:23 <+s7r> that is the tricky stuff . why not route all traffic through the vpn 08:23 < Araluccl0> is there a way to find real iop for video streaming 08:23 < Araluccl0> real actual ips 08:23 < Araluccl0> ? 08:23 <+s7r> of course it is but you can find them when you watch videos 08:23 < Araluccl0> hehe 08:23 <+s7r> you have no guarantee that when you watch next video the ip will be the same 08:23 <+s7r> :D 08:24 < Araluccl0> so isnt there a definitive solution? 08:24 < Araluccl0> maybe the port 08:24 <+s7r> what port? 80? all websites run on port 80 08:24 < Araluccl0> all stuff trhu that port... rote with vpn tunnel? 08:24 <+s7r> openvpn is not your solution for what you need 08:24 <+s7r> openvpn has different purposes you might wanna check our goal 08:24 <+s7r> !goal 08:24 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc 08:24 < Araluccl0> .the port used by streamied videos? 08:25 <+s7r> they are streamed via http 08:25 <+s7r> which is port 80 08:25 <+s7r> at least i think so i never used hulu 08:25 <+s7r> it's not something worth interest 08:25 <+s7r> at least form e 08:25 <+s7r> i recommend you considering other solution besides openvpn 08:25 < krzee> s7r, huh? 08:26 <+s7r> make a proxy on your localhost with the usa server. use 2 browsers for example firefox and chrome 08:26 <+s7r> put the proxy in firefox.. and watch hulu from firefox 08:26 <+s7r> use all other websites which you don't want to be browsed from usa ip from chrome 08:26 < Araluccl0> I need to use this with my xnmb MC 08:26 < Araluccl0> and I dont now if it has a proxy settings... 08:26 < Araluccl0> xbmc 08:26 < Araluccl0> sorry 08:27 < Araluccl0> what it I want temporarely to route everything thru vopn TO my MC ip (not an actual vpn) ? 08:27 -!- cyberspace- is now known as cyberspace-_ 08:27 < krzee> !routebyapp 08:27 <@vpnHelper> "routebyapp" is if you want to send only certain apps over the VPN you need to run a socks server on the internal VPN subnet (see !sockd) then get an app like proxifier (google it) to selectively route traffic over the socks proxy based on port/app/subnet or any combination. 08:27 < Araluccl0> oh 08:28 < krzee> [06:22] 4:18:13 PM) s7r: krzee: route in client config or route 08:28 < krzee> !route 08:28 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT or (#3) See !tcpip for more info about a more basic networking guide 08:28 -!- cyberspace-_ is now known as cyberspace- 08:28 < Araluccl0> yes... my MC doesnt have a client conf... I did it with my windopws cvpn client... I cant with my XBMC machine 08:29 <+s7r> thanks krzee but in that link i cna only find routes to RFC1918 ip e.g. other lans.. 08:29 <+s7r> i am interested if i want to route traffic to 89.55.242.50 how i put in config 08:30 <+s7r> route 89.55.252.50 255.255.255.255 08:30 <+s7r> ? 08:30 <+s7r> or route 89.55.252.50 10.0.8.1 (openvpn server IP) 08:30 < krzee> its the route command 08:30 < krzee> why would it change 08:30 < krzee> just use the inet routable subnet instead of 1918 08:31 < krzee> whats it look like when its another lan...? 08:31 < krzee> [06:30] route 89.55.252.50 255.255.255.255 08:31 -!- h4x0r` [h4x0r@79.133.201.84] has joined #openvpn 08:31 -!- h4x0r` [h4x0r@79.133.201.84] has quit [Changing host] 08:31 -!- h4x0r` [h4x0r@unaffiliated/respekt] has joined #openvpn 08:31 < krzee> yes, for a single ip 08:32 <+s7r> thanks. and sorry for dumb question. it is same route command why would it change 08:33 <+s7r> client-to-client has to be used also in this case when routing to a single public ip? 08:33 < ObamaIsAGangsta> anyone know of a way to generate lots of client cert/keys in automoated way? like a script? 08:34 < ObamaIsAGangsta> i want to make around 100 and don't want to have to manually do each 08:34 < ObamaIsAGangsta> although i know each should have unique common name 08:34 < krzee> s7r, 08:34 < krzee> !c2c 08:34 <@vpnHelper> "c2c" is "client-to-client" is with this option packets from 1 client to another are routed inside the server process. without it packets leave the server process, hit the kernel (firewall, routing table) and if allowed by firewall and routed back to server process, they go to the client. you use this option when you do not want to use selective firewall rules on what clients can access things behind other 08:34 <@vpnHelper> clients 08:35 < krzee> ObamaIsAGangsta, sure, look inside easy-rsa and see how it runs stuff, or the code inside ssl-admin could help too, openssl manual couldnt hurt either 08:36 < krzee> both easy-rsa and ssl-admin are wrappers for openssl, and you will basically write your own little wrapper for it as well 08:36 < krzee> then you can generate whatever you can script ;] 08:36 < krzee> {1..100} no problem 08:41 -!- gremly [~gremly@pcsp174-30.supercabletv.net.co] has quit [Quit: WeeChat 0.3.6] 08:44 <@vpnHelper> RSS Update - forum: Iptables anti ddos 08:52 -!- gremly [~gremly@pcsp174-30.supercabletv.net.co] has joined #openvpn 09:01 < ObamaIsAGangsta> thanks 09:01 < ObamaIsAGangsta> but no-one has something already made... 09:01 < ObamaIsAGangsta> it must be a common request 09:02 < krzee> im sure tons of people have stuff they made, its just a openssl command in a loop 09:02 < ecrist> ObamaIsAGangsta: there's probably something out there, we just don't have it 09:02 < ecrist> read the perl code in ssl-admin, it's pretty straight-forward 09:02 < ObamaIsAGangsta> ok 09:02 < ObamaIsAGangsta> but i'd still have to type a unique common name for each 09:02 < ObamaIsAGangsta> would be nice if it could use something like system time 09:02 < krzee> or have an input file or system for it 09:02 < ObamaIsAGangsta> so its fully auto 09:02 < rawplayer> is ObamaIsAGangsta 09:02 < rawplayer> ? 09:03 < ecrist> ObamaIsAGangsta: so script it 09:03 < krzee> serious 09:03 < ecrist> it's been a todo for ssl-admin, but I haven't given two shits about it lately 09:03 < krzee> todo for the confgen too, and same thing there 09:03 < krzee> lol 09:03 * ObamaIsAGangsta isn't good at scripting 09:04 < ObamaIsAGangsta> the only script i've ever written is a bash one for iptables 09:04 * ecrist is a honey badger, and doesn't give a shit 09:04 < ObamaIsAGangsta> what's a honey badger? 09:05 < ObamaIsAGangsta> ok i will attempt to script it 09:05 < ObamaIsAGangsta> and pastebin my progress here 09:05 < ecrist> ObamaIsAGangsta: http://www.youtube.com/watch?v=4r7wHMg5Yjg 09:05 <@vpnHelper> Title: The Crazy Nastyass Honey Badger (original narration by Randall) - YouTube (at www.youtube.com) 09:05 < ObamaIsAGangsta> i've never used openssl, i always just use the easy-rsa scripts 09:06 < ecrist> well, easy-rsa uses openssl 09:06 < ObamaIsAGangsta> which aren't that great as they dont even give the key files the correct permissions 09:06 < krzee> well the easy-rsa scripts just run openssl 09:06 < ecrist> easy-rsa could probably do some batch stuff 09:06 < ObamaIsAGangsta> key's should be 400 09:06 < krzee> not probably, certainly 09:07 < ecrist> ssl-admin sets proper permissions 09:07 < ObamaIsAGangsta> ok im gonna make a post on stackoverflow asking for help 09:07 < ecrist> gay 09:07 < ObamaIsAGangsta> whats gay 09:07 < ecrist> how about you go learn to script 09:07 < ecrist> it's pretty easy 09:09 < krzee> -batch 09:09 < krzee> this sets the batch mode. In this mode no questions will be asked and all certificates will be certified automatically. 09:09 < ObamaIsAGangsta> nice find 09:10 < krzee> from the openssl docs o.O 09:10 -!- kerfe1 [~a@51.pool85-60-134.dynamic.orange.es] has joined #openvpn 09:11 < krzee> http://usrportage.de/archives/919-Batch-generating-SSL-certificates.html 09:11 <@vpnHelper> Title: Batch-generating SSL certificates - /usr/portage βeta — Lars Strojny (at usrportage.de) 09:12 < krzee> http://openssl-ca.sourceforge.net/ claims it does them in batch 09:12 <@vpnHelper> Title: OpenSSL Certificate Authority Shellscripts (at openssl-ca.sourceforge.net) 09:13 <+EugeneKay> I really ought to post that XCA OpenVPN demo PKI 09:13 -!- kerfe [~a@51.pool85-60-134.dynamic.orange.es] has quit [Ping timeout: 276 seconds] 09:18 -!- hitekrednek [~new@static24-72-49-17.r.rev.accesscomm.ca] has quit [Ping timeout: 252 seconds] 09:18 -!- Deele [~Mr.D@217.199.115.217] has joined #openvpn 09:24 <@vpnHelper> RSS Update - forum: Client Windows 7 can't run ping 09:49 -!- gremly [~gremly@pcsp174-30.supercabletv.net.co] has quit [Ping timeout: 260 seconds] 09:53 -!- emmanuelux [~emmanuel@2a01:e35:2e4d:9010:21d:60ff:fe0e:b818] has quit [Quit: Ex-Chat] 09:54 -!- emmanuelux [~emmanuel@2a01:e35:2e4d:9010:21d:60ff:fe0e:b818] has joined #openvpn 09:54 -!- emmanuelux [~emmanuel@2a01:e35:2e4d:9010:21d:60ff:fe0e:b818] has quit [Remote host closed the connection] 09:59 -!- emmanuelux [~emmanuel@2a01:e35:2e4d:9010:21d:60ff:fe0e:b818] has joined #openvpn 10:00 < ObamaIsAGangsta> hmm 10:01 < ObamaIsAGangsta> i wiresharked the tun0 and eth0 interfaces on my server and on both i can see dns requests 10:01 < ObamaIsAGangsta> its not encrypted 10:04 -!- morsik [morsik@darkserver.it] has joined #openvpn 10:04 < morsik> hello there 10:05 < morsik> i setup openvpn on my server, i configured openvpn client on my linux desktop 10:05 < morsik> i got connection, but i got strange route error :< 10:05 < morsik> http://pastebin.com/724ZkRyK 10:05 < morsik> ip route doesn't want to work 10:06 < morsik> i'm on archlinux 10:06 < morsik> oh wait... my local network is 10.0.0.0/8 10:06 < morsik> :x 10:08 -!- mezgani [~mezgani@41.249.1.123] has quit [Ping timeout: 276 seconds] 10:09 < morsik> ugh, i changed that netowrk, i don't have that warning but route command still doesn't want to work 10:12 < morsik> ifconfig & route: http://pastebin.com/ZiSE2Aji 10:13 < morsik> server.conf: http://pastebin.com/si7RsYHi 10:14 -!- mezgani [~mezgani@41.140.156.7] has joined #openvpn 10:19 <@vpnHelper> RSS Update - forum: Asking for a second password 10:24 -!- h4x0r` [h4x0r@unaffiliated/respekt] has quit [Ping timeout: 252 seconds] 10:26 -!- simplechat [~simplecha@unaffiliated/simplechat] has quit [Remote host closed the connection] 10:37 -!- ObamaIsAGangsta [~leno81@208.111.39.186] has quit [Remote host closed the connection] 10:40 -!- ObamaIsAGangsta [~leno81@208.111.39.186] has joined #openvpn 10:49 -!- ObamaIsAGangsta [~leno81@208.111.39.186] has quit [Remote host closed the connection] 10:49 -!- ObamaIsAGangsta [~leno81@208.111.39.186] has joined #openvpn 10:50 -!- h4x0r` [~h4x0r@84.19.169.166] has joined #openvpn 10:50 -!- h4x0r` [~h4x0r@84.19.169.166] has quit [Changing host] 10:50 -!- h4x0r` [~h4x0r@unaffiliated/respekt] has joined #openvpn 10:54 -!- danniel [~leno81@208.111.39.186] has joined #openvpn 10:54 -!- ObamaIsAGangsta [~leno81@208.111.39.186] has quit [Read error: Connection reset by peer] 10:57 -!- ibins [~Michael@2001:6f8:1c60:7777:21a:4dff:fe66:600c] has quit [Quit: Verlassend] 10:59 -!- danniel [~leno81@208.111.39.186] has quit [Remote host closed the connection] 11:00 -!- ObamaIsAGangsta [~leno81@208.111.39.186] has joined #openvpn 11:07 -!- ObamaIsAGangsta [~leno81@208.111.39.186] has quit [Remote host closed the connection] 11:13 -!- ObamaIsAGangsta [~leno81@208.111.39.186] has joined #openvpn 11:13 -!- kerfe1 [~a@51.pool85-60-134.dynamic.orange.es] has quit [Quit: • IRcap • 8.6 •] 11:14 -!- ObamaIsAGangsta [~leno81@208.111.39.186] has quit [Read error: Connection reset by peer] 11:15 -!- ObamaIsAGangsta [~leno81@208.111.39.186] has joined #openvpn 11:17 -!- morsik [morsik@darkserver.it] has quit [Read error: Operation timed out] 11:18 -!- ObamaIsAGangsta [~leno81@208.111.39.186] has quit [Remote host closed the connection] 11:20 -!- `Ile` [~Ile@kaniserver.net] has quit [Quit: KVIrc 4.1.3 Equilibrium http://www.kvirc.net/] 11:22 -!- ObamaIsAGangsta [~leno81@208.111.39.186] has joined #openvpn 11:25 -!- ObamaIsAGangsta [~leno81@208.111.39.186] has quit [Read error: Connection reset by peer] 11:29 -!- ObamaIsAGangsta [~leno81@208.111.39.186] has joined #openvpn 11:31 -!- danniel [~leno81@208.111.39.186] has joined #openvpn 11:33 -!- ObamaIsAGangsta [~leno81@208.111.39.186] has quit [Read error: Connection reset by peer] 11:36 -!- danniel [~leno81@208.111.39.186] has quit [Remote host closed the connection] 11:37 -!- ObamaIsAGangsta [~leno81@61.170.214.67] has joined #openvpn 12:18 -!- krzee [nobody@openvpn/community/support/krzee] has quit [Excess Flood] 12:18 -!- krzee [nobody@hemp.ircpimps.org] has joined #openvpn 12:18 -!- krzee [nobody@hemp.ircpimps.org] has quit [Changing host] 12:18 -!- krzee [nobody@openvpn/community/support/krzee] has joined #openvpn 12:21 < ObamaIsAGangsta> quiet in here 12:24 -!- Tykling [tykling@er.tyk.nu] has left #openvpn [] 12:25 <+EugeneKay> LOUD NOISES 12:25 -!- JackWinter [~jack@ppp-289.vo.lu] has quit [Quit: Konversation terminated!] 12:26 -!- mattock [~samuli@openvpn/corp/admin/mattock] has joined #openvpn 12:26 -!- mode/#openvpn [+o mattock] by ChanServ 12:26 -!- JackWinter [~jack@ppp-289.vo.lu] has joined #openvpn 12:38 < Araluccl0> hi, pls anyone help... Im trying to use vpn JUST for my Media Center box which cant have openvpn installed... I read tyhis link to do that but it seems overkill... http://darranboyd.wordpress.com/2011/11/16/strongvpn-pptp-on-dd-wrt-%E2%80%93-source-based-routing-improved/#comment-149 ...basically can anyone tell me if there is a simpler way top tell my router (10.8.0.14) to route traffic just for my media center box (192.168.1.135) tyhru vpn ip (10.8.0.1) 12:38 <@vpnHelper> Title: StrongVPN PPTP on DD-WRT – Source based routing (improved) « Darran Boyd (at darranboyd.wordpress.com) 12:40 < Araluccl0> the link uses pptd but I guess I could arrange it for openvpn... 12:41 < Araluccl0> (it also seems to have some errors in it SOURCEIP is created but never used into first script...if im not wrong)) 12:42 < Araluccl0> (also it uses ip rule for tcp ... I use udp instead... not sure if thats relevant) 12:45 -!- Transformer [~Transform@ool-4a59e397.dyn.optonline.net] has joined #openvpn 12:46 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Read error: Operation timed out] 12:47 -!- Transformer [~Transform@ool-4a59e397.dyn.optonline.net] has left #openvpn [] 12:47 -!- Rolybrau [~Rolybrau@190-75.78-83.cust.bluewin.ch] has joined #openvpn 12:47 -!- Rolybrau [~Rolybrau@190-75.78-83.cust.bluewin.ch] has quit [Changing host] 12:47 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 13:02 * ObamaIsAGangsta is an insomniac 13:02 <+s7r> ObamaIsAGangsta: light a joint if you wanna sleep 13:03 < ObamaIsAGangsta> dont smoke weed 13:22 -!- mgorbach [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has quit [Read error: Connection reset by peer] 13:23 -!- zz_mgorbach [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has joined #openvpn 13:43 * ObamaIsAGangsta tumbleweeds rolling 14:09 < krzee> i do, and im currently rolling it 14:12 < Araluccl0> hey...if you are bored you can help me making hulu wotk on my MC... even if my questions are lame... :) 14:14 < krzee> i already told you what to do 14:14 < krzee> go ahead and tell me what you didnt catch tho 14:15 < krzee> if you want it ONLY for your media box, run openvpn on a gateway that is ONLY for your media box 14:15 < Araluccl0> thanks a lot... my problem is that my MC box cant have openvopn installed... so I have to add routes on my openwrt router openvpn conf... can tou confirm this? 14:15 < krzee> aka a router or computer that is only the gateway for your media center 14:16 < krzee> if you want it to ONLY be for the media center, that router should be the router only for the media center 14:16 < krzee> then just redirect all internet traffic over the vpn for that router 14:16 < krzee> and have a different router that connects to the isp, openwrt router (which has openvpn) and the other lan computers 14:17 < Araluccl0> ok.. can you tell me the exact route command... consider my MC ip (lan ip) is 192.168.1.135 14:17 < krzee> then even tho that router redirects everything over the vpn, it will only be for the media center machine 14:17 < Araluccl0> exactly what I need 14:17 < krzee> just redirect everything 14:17 < krzee> !redirect 14:17 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns 14:17 <+EugeneKay> !spoonfeeding 14:17 <@vpnHelper> "spoonfeeding" is http://www.mp3car.com/the-faq-emporium/53368-faq-what-is-spoon-feeding.html 14:18 < Araluccl0> well... ideally would be ... redirect specific traffic (ip based...or port based) to specific lan ip... but all traffic can be enough so far 14:18 < krzee> thats not how it works 14:18 < krzee> you said you didnt know a specific subnet 14:18 < krzee> openvpn works based on your routing table 14:19 < Araluccl0> I already have that command ...but that redirect all stuff for all sublan if I push from the server... or for single client... bit my MC doesnt have a .conf to put the command in :) 14:19 < Araluccl0> unfortunately I dont 14:19 -!- Gravitron [~admin@64.93.225.15] has joined #openvpn 14:19 -!- Gravitron [~admin@64.93.225.15] has quit [Changing host] 14:19 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 14:20 < krzee> wtf you keep talking about the MC? 14:20 < krzee> im telling you to tell the router to redirect everything 14:20 < krzee> oh you'll need to do another thing tho 14:20 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 260 seconds] 14:20 < krzee> !clientlan 14:20 <@vpnHelper> "clientlan" is (#1) for a lan behind a client, the client must have ip forwarding enabled (!ipforward), the server needs a route to the lan, the server needs to push a route for the lan to clients, the server needs a ccd (!ccd) file for the client with an iroute (!iroute) entry in it, and the router of the lan the client is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for a 14:20 <@vpnHelper> better explanation 14:21 < krzee> you'll need that 14:21 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 14:21 < Araluccl0> what I need... is a comamnd to put into my router vpn conf which says "ok, all traffic for my subnet 192.168.1.135" has to route thru vpn... all the rest thru normal wan 14:21 < krzee> AND on your server, you'll need to NAT the client lan as well 14:21 < hyper_ch> hi krzee 14:21 < krzee> actually ya that is doable 14:21 < Araluccl0> I have ip_forwarding actine...and I have ccd 14:21 < Araluccl0> infact 14:22 < krzee> err wait, i dunno if it is 14:22 < Araluccl0> my MC xob can ping my vpn server ip 14:22 < Araluccl0> box 14:22 < krzee> source routing would be done in the firewall i think, and i dunno how 14:22 < krzee> its not something youd do in the vpn config 14:22 < Araluccl0> i found this 14:22 < Araluccl0> http://darranboyd.wordpress.com/2011/11/16/strongvpn-pptp-on-dd-wrt-%E2%80%93-source-based-routing-improved/#comment-149 14:22 <@vpnHelper> Title: StrongVPN PPTP on DD-WRT – Source based routing (improved) « Darran Boyd (at darranboyd.wordpress.com) 14:23 < Araluccl0> it (maybe) does what I need... instruct router to filter stuff just for my NON VPN sublan ip 14:23 < Araluccl0> but seems complex...and maybe overkill 14:23 < krzee> ahh second routing table 14:24 < krzee> the reason its complex is cause they have a script which makes a script 14:24 < Araluccl0> yes... anmd this /usr/sbin/iptables --insert FORWARD --protocol tcp --tcp-flags SYN,RST SYN --jump TCPMSS --clamp-mss-to-pmtu" 14:24 < krzee> and instead of using a HEREDOC they used echo for each line 14:24 < Araluccl0> whichj I dont really know what does 14:24 < krzee> i dunno what that is 14:25 < Araluccl0> yeah... me neither... but thats probably what makes pushing and filtering work 14:25 < krzee> either way, you will prolly get better help with source routing in a linux channel 14:25 < krzee> i can tell you an easier way 14:25 < krzee> assuming you have another router 14:25 < Araluccl0> yes...please 14:25 < krzee> do you have a second router? (doesnt need to run openwrt) 14:25 < Araluccl0> hmm... I can find one... 14:26 < krzee> ok so heres what you do 14:26 < krzee> the normal router gets the internet connection 14:26 < krzee> the 2 routers need to be using different subnets 14:26 < Araluccl0> ok 14:26 < krzee> all lan machines go on that first router 14:26 < krzee> the openwrt router goes on that first router as well 14:26 < Araluccl0> ok 14:27 < krzee> then the openwrt router redirects everything over the vpn 14:27 < krzee> and the media center hooks up to that router 14:27 < Araluccl0> you mean... if I want a machine to pass thru von I have to connect to that router? 14:27 < Araluccl0> vpn 14:27 < krzee> right 14:27 < krzee> anything hooked to the openwrt router will be vpn 14:28 < krzee> anything hooked to other will be non vpn 14:28 < krzee> want it not on vpn? dont plugin to openwrt router 14:28 < krzee> want in on vpn? plug into openwrt router :-p 14:28 < Araluccl0> yes..that could be a solution...even though id like a integrated all software one... 14:28 < krzee> put both on wifi and choose at will! ;) 14:29 < krzee> well you can, but it will be less easy and you'll need to figure out some of it yourself 14:29 < krzee> [12:25] i can tell you an easier way 14:29 < krzee> [12:25] assuming you have another router 14:29 < krzee> [12:25] yes...please 14:29 < krzee> thats just the easy way ;] 14:30 < Araluccl0> Ill try :) I want to learn too... 14:30 < Araluccl0> I think using custom script with openvpn I can do what I need... 14:30 < Araluccl0> but iptables can be really hard 14:30 < Araluccl0> for a newbie like me 14:30 < krzee> those ip commands are making a second routing table 14:30 < Araluccl0> yes table 100 14:30 < krzee> which works with those firewall commands 14:30 < Araluccl0> or something 14:31 < Araluccl0> yes... thats a nice solution...so its totally personalized 14:31 < krzee> thats all i can explain really tho 14:31 < Araluccl0> and I can use it for more than one ip 14:32 < Araluccl0> well i guess ill have to test...I dont think its hard if I realize what that monster iptables I pasted before does 14:32 < krzee> you might wanna run the script and look at the files it actually outputs 14:32 < Araluccl0> yes 14:32 < Araluccl0> thats the plan 14:32 < krzee> cause it has a layer of abstraction to generate the script files 14:32 < Araluccl0> my only concern 14:32 < Araluccl0> is that that instruction refers to tcp protocol...I use udp...you think its relevant? 14:32 < krzee> thats why i cook my own openwrt firmwares, i dont need to mess with making tmp scripts ;] 14:33 < krzee> no idea 14:33 < krzee> i dunno what its doing 14:33 < Araluccl0> hehe... id not know where to begin with personalizing openwrt 14:34 < Araluccl0> ill try though... maybe I just excute the script.. and it works :) 14:34 < Araluccl0> any idea... what the ppp0 interface would be... my tun0 or may wan ppoe-wan if? 14:34 < krzee> tun0 14:34 < Araluccl0> nice.. ill remember that then 14:35 < Araluccl0> oh..I found also a post where port based routing was done... 14:35 < Araluccl0> let everything using port X pass thru vpn 14:36 < Araluccl0> which could be useful too cause hulu internally uses a specific port (1135 if im not wrong) 14:36 < Araluccl0> when you use the official client 14:37 < Araluccl0> btw ill stick with ip based routing so far 14:38 < Araluccl0> http://www.dd-wrt.com/phpBB2/viewtopic.php?p=648513 (here if interested ...source and target based routing policy) 14:39 < Araluccl0> using custom table again 15:22 <@vpnHelper> RSS Update - forum: Unable to ping behind client from server in Bridge Mode 15:34 -!- chats_ [chats@gateway/shell/xzibition.com/x-drzypcepdiqgdxgw] has joined #openvpn 15:35 < chats_> Hi. Sometimes OpenVPN times out, meaning my home IP becomes visible again -- is there a way to prevent this (make OpenVPN wait and try to re-connect instead of terminating itself)? 15:36 <+EugeneKay> chats_ - yes. --ping-restart. 15:37 < chats_> EugeneKay: Thanks. 15:45 < krzee> see --keepalive too 15:47 < chats_> krzee: Thanks, too. 15:50 -!- corretico [~luis@190.211.93.11] has quit [Ping timeout: 276 seconds] 15:53 -!- |Mike|_ [mike@vps-2a01-4f8-101-1c1-b23f-f6e5.twenty-five.nl] has quit [Quit: Reconnecting] 15:53 -!- |Mike| [mike@vps-2a01-4f8-101-1c1-b23f-f6e5.twenty-five.nl] has joined #openvpn 15:54 -!- APTX [APTX@unaffiliated/aptx] has quit [Ping timeout: 252 seconds] 15:56 -!- APTX [APTX@unaffiliated/aptx] has joined #openvpn 15:56 < chats_> Hmm, doesn't seem to do anything different. On Windows, I noticed that, if the server went down, OpenVPN's CPU usage would surge for about 10 seconds until it would disconnect due to the time-out. On this Debian installation, it seems to always do that 10-120 seconds after connecting, and I don't know why. I know it's not the server, it's a local fault, and I can't figure anything out. 15:57 < chats_> Er, I mean, it does make a difference, but the end result is still the same. 15:57 < krzee> get a log 15:58 < chats_> Doing that now. 15:58 < krzee> bbl, food 15:58 <+s7r> bonapetit 15:58 <+s7r> :D 16:06 -!- s7r [~s7r@openvpn/user/s7r] has left #openvpn [] 16:22 -!- corretico [~luis@190.211.93.11] has joined #openvpn 16:37 -!- ehd [u1451@gateway/web/irccloud.com/x-radqxutoepcawvwf] has quit [Quit: Connection closed for inactivity] 16:41 -!- mezgani [~mezgani@41.140.156.7] has quit [Ping timeout: 276 seconds] 16:49 -!- Guest35145 [~h4x0r@CPE-120-146-170-159.static.qld.bigpond.net.au] has joined #openvpn 16:51 -!- h4x0r` [~h4x0r@unaffiliated/respekt] has quit [Ping timeout: 248 seconds] 16:53 -!- mezgani [~mezgani@41.248.160.41] has joined #openvpn 16:58 -!- Guest35145 [~h4x0r@CPE-120-146-170-159.static.qld.bigpond.net.au] has quit [] 17:09 -!- vin is now known as vi 17:09 -!- awsum [1f8550fe@gateway/web/freenode/ip.31.133.80.254] has joined #openvpn 17:10 -!- vi is now known as hoj 17:10 -!- hoj is now known as vin 17:10 < awsum> Hi guys, 17:11 -!- vin is now known as hoj 17:11 < awsum> If I have access to server management interface can I force particular client to reconnect? 17:11 -!- hoj is now known as vi 17:18 -!- ObamaIsAGangsta [~leno81@61.170.214.67] has quit [Read error: Connection reset by peer] 17:18 -!- JackWinter [~jack@ppp-289.vo.lu] has quit [Quit: Konversation terminated!] 17:22 -!- JackWinter [~jack@ppp-289.vo.lu] has joined #openvpn 17:27 -!- h4x0r` [~h4x0r@67.221.255.12] has joined #openvpn 17:27 -!- h4x0r` [~h4x0r@67.221.255.12] has quit [Changing host] 17:27 -!- h4x0r` [~h4x0r@unaffiliated/respekt] has joined #openvpn 17:44 < chats_> http://spider.xzibition.com/~chats/openvpn.png 17:44 < chats_> That's what happens every time I try to use OpenVPN. Even if I run it with --ping-restart, I get (essentially) the same problem. 17:45 < chats_> Anyone have an idea as to what I am doing wrong? I am clueless as to how to troubleshoot this. 17:48 -!- h4x0r` [~h4x0r@unaffiliated/respekt] has quit [Ping timeout: 244 seconds] 17:52 -!- vi [~vincent@fsf/member/vin] has left #openvpn ["WeeChat 0.3.6"] 18:01 -!- tekzilla [~jon@hmbg-4d06f15a.pool.mediaWays.net] has quit [Ping timeout: 248 seconds] 18:03 -!- tekzilla [~jon@hmbg-4d068409.pool.mediaWays.net] has joined #openvpn 18:06 -!- pnunn [~pnunn@58.108.220.221] has joined #openvpn 18:12 -!- h4x0r` [excon@creep.bur.st] has joined #openvpn 18:12 -!- h4x0r` [excon@creep.bur.st] has quit [Changing host] 18:12 -!- h4x0r` [excon@unaffiliated/respekt] has joined #openvpn 18:13 -!- awsum [1f8550fe@gateway/web/freenode/ip.31.133.80.254] has quit [Quit: Page closed] 18:46 -!- mezgani [~mezgani@41.248.160.41] has quit [Quit: Leaving] 19:01 < chats_> Switched to TCP, seemed to fix it. TY #openvpn 19:13 -!- Denial [Denial@drgi.co.uk] has quit [] 19:14 -!- h4x0r` [excon@unaffiliated/respekt] has quit [Remote host closed the connection] 19:18 -!- pnunn [~pnunn@58.108.220.221] has quit [Remote host closed the connection] 19:37 -!- Araluccl0 [~lallo@151.77.226.107] has quit [Quit: Anche il discorsismo ha un limitismo.] 19:37 -!- Araluccl0 [~lallo@151.77.226.107] has joined #openvpn 19:40 -!- _julian [~quassel@hmbg-5f765e6a.pool.mediaWays.net] has joined #openvpn 19:40 < ecrist> chats_: you 404'd that image already? 19:43 -!- _julian_ [~quassel@hmbg-4d069de3.pool.mediaWays.net] has quit [Ping timeout: 245 seconds] 19:44 < chats_> ecrist: Oh, sorry. Meant to remove "openvpn-.png". 19:44 < chats_> Try again, although it's nothing interesting for you to see. 19:48 < chats_> Oh, never mind, issues persist. Lovely. 19:48 -!- vereteran [~vereteran@static.88-198-170-117.clients.your-server.de] has left #openvpn ["Ухожу я от вас"] 19:55 < ecrist> !logs 19:55 <@vpnHelper> "logs" is (#1) is please pastebin your logfiles from both client and server with verb set to 5 or (#2) In Tunnelblick, right-click and select copy to copy log text to clipboard. 19:57 -!- seeion [~seeion@94.242.213.219] has joined #openvpn 19:57 < seeion> back lost the connection 19:58 -!- seeion [~seeion@94.242.213.219] has left #openvpn [] 20:00 -!- h4x0r` [excon@creep.bur.st] has joined #openvpn 20:00 -!- h4x0r` [excon@creep.bur.st] has quit [Changing host] 20:00 -!- h4x0r` [excon@unaffiliated/respekt] has joined #openvpn 20:07 -!- emmanuelux [~emmanuel@2a01:e35:2e4d:9010:21d:60ff:fe0e:b818] has quit [Ping timeout: 240 seconds] 20:08 -!- h4x0r` is now known as Rob3Rt 20:16 -!- KindOne [KindOne@colchester-lug/silly-fool/donut] has joined #openvpn 20:16 -!- KindOne [KindOne@colchester-lug/silly-fool/donut] has left #openvpn [] 20:26 -!- Rob3Rt [excon@unaffiliated/respekt] has quit [] 20:32 -!- JackWinter [~jack@ppp-289.vo.lu] has quit [Quit: Konversation terminated!] 20:34 -!- JackWinter [~jack@ppp-289.vo.lu] has joined #openvpn 20:37 -!- mastercode [~dudw@120.79-161-128.customer.lyse.net] has joined #openvpn 20:37 < mastercode> i have network a and b, network a we have lots off public ipv4 ips and on network b we only got 1 static public ipv4 adresse. is it posble that a server on network b use a public ipv4 ip from network a? with openvpn or somting like that ? network a and b defrent ISP 20:48 < rob0> Use your "public" IP addresses as openvpn endpoints. Use proxy ARP and possibly a alternate route table to use those "a" IP addresses on client "b". 20:48 < rob0> another possibility is ipip tunneling. If both endpoints are Linux, you're in luck, because I have done both of these. 20:49 < rob0> For proxy ARP, google "rob0 openvpn cookbook static IP at home". 20:50 < rob0> For ipip, http://rob0.nodns4.us/Linux-ipip-tunnels 20:57 -!- Deathzor [~deathtje@216.67.225.106] has quit [Ping timeout: 260 seconds] 21:01 < mastercode> with solotion a can i just set like 10 ips to nic on network b and it will work ? 21:01 < mastercode> dont need a openvpn client on all the servers ? 21:02 -!- tabakhase [t4b4kh453@unaffiliated/tabakhase] has quit [Ping timeout: 260 seconds] 21:02 -!- dazo_afk [dazo@openvpn/community/developer/dazo] has quit [Ping timeout: 260 seconds] 21:02 < mastercode> whats the most stable and fast data transfare ? we got fiber on location a and b 21:03 -!- tabakhase [t4b4kh453@rps9289.ovh.net] has joined #openvpn 21:03 -!- MikeW [~MW@ks35441.kimsufi.com] has quit [Ping timeout: 260 seconds] 21:04 -!- MikeW [~MW@ks35441.kimsufi.com] has joined #openvpn 21:04 -!- pranq [pranq@unaffiliated/contempt] has quit [Ping timeout: 260 seconds] 21:05 -!- pranq [pranq@unaffiliated/contempt] has joined #openvpn 21:07 < mastercode> rob0 you there ? 21:09 -!- dazo_afk [dazo@openvpn/community/developer/dazo] has joined #openvpn 21:09 -!- mode/#openvpn [+o dazo_afk] by ChanServ 21:20 -!- Deele [~Mr.D@217.199.115.217] has quit [Ping timeout: 252 seconds] 22:00 -!- S1lv3R [~Ben@178-83-34-83.dynamic.hispeed.ch] has joined #openvpn 22:02 < S1lv3R> Good morning 22:02 -!- raidz [~raidz@openvpn/corp/admin/andrew] has quit [Ping timeout: 252 seconds] 22:27 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 22:30 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 22:42 -!- `Ile` [~kvirc@109-93-250-215.dynamic.isp.telekom.rs] has joined #openvpn 23:02 <+EugeneKay> I refuse. 23:45 < jeev> refuse to.. 23:46 < `Ile`> ? 23:46 < jeev> i think he refuses to lose 23:47 < `Ile`> lose what? --- Day changed Sun Jan 29 2012 00:53 -!- `Ile` [~kvirc@109-93-250-215.dynamic.isp.telekom.rs] has quit [Remote host closed the connection] 01:09 < hyper_ch> EugeneKay: your morning is not good? 01:12 -!- kenyon [kenyon@darwin.kenyonralph.com] has joined #openvpn 01:12 -!- babble [~coyote@unaffiliated/coyote] has joined #openvpn 01:36 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 01:38 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 01:43 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 01:46 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 01:59 -!- babble [~coyote@unaffiliated/coyote] has quit [Quit: Leaving] 02:14 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 02:18 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 02:20 -!- Rob3Rt [~h4x0r@84.19.169.236] has joined #openvpn 02:20 -!- Rob3Rt [~h4x0r@84.19.169.236] has quit [Changing host] 02:20 -!- Rob3Rt [~h4x0r@unaffiliated/respekt] has joined #openvpn 02:24 -!- JPeterson [HydraIRC@s213-103-209-64.cust.tele2.se] has quit [Read error: Connection reset by peer] 02:25 -!- JPeterson [HydraIRC@s213-103-209-64.cust.tele2.se] has joined #openvpn 02:28 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 02:30 -!- Rob3Rt [~h4x0r@unaffiliated/respekt] has quit [Ping timeout: 272 seconds] 02:33 -!- Rob3Rt [~h4x0r@67.221.255.12] has joined #openvpn 02:33 -!- Rob3Rt [~h4x0r@67.221.255.12] has quit [Changing host] 02:33 -!- Rob3Rt [~h4x0r@unaffiliated/respekt] has joined #openvpn 02:41 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 02:44 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 02:59 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 03:03 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 03:04 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Excess Flood] 03:13 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 03:16 -!- batrick [~batrick@nmap/developer/batrick] has quit [Quit: WeeChat 0.3.2] 03:27 <@vpnHelper> RSS Update - forum: SSL Certificate problem - urgent 03:33 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Quit: UnterPerro lives to save another day] 03:45 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 03:49 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 03:50 -!- paul33 [~home@cxr69-12-88-171-224-231.fbx.proxad.net] has joined #openvpn 03:59 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 04:04 -!- paul33 [~home@cxr69-12-88-171-224-231.fbx.proxad.net] has quit [Quit: Quitte] 04:05 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 04:11 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has joined #openvpn 04:17 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 04:20 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 04:22 -!- Guest35145 [~h4x0r@CPE-120-146-170-159.static.qld.bigpond.net.au] has joined #openvpn 04:23 -!- Guest35145 [~h4x0r@CPE-120-146-170-159.static.qld.bigpond.net.au] has quit [Client Quit] 04:24 -!- master_of_master [~master_of@p57B54B22.dip.t-dialin.net] has quit [Ping timeout: 272 seconds] 04:24 <@vpnHelper> RSS Update - forum: Can OpenVPN be installed on Windows Server Core (no GUI)? 04:25 -!- Rob3Rt [~h4x0r@unaffiliated/respekt] has quit [Ping timeout: 252 seconds] 04:26 -!- master_of_master [~master_of@p57B53B7D.dip.t-dialin.net] has joined #openvpn 04:27 -!- Rob3Rt [h4x0r@79.133.201.84] has joined #openvpn 04:27 -!- Rob3Rt [h4x0r@79.133.201.84] has quit [Changing host] 04:27 -!- Rob3Rt [h4x0r@unaffiliated/respekt] has joined #openvpn 04:27 -!- emmanuelux [~emmanuel@2a01:e35:2e4d:9010:21d:60ff:fe0e:b818] has joined #openvpn 04:55 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 04:58 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 05:28 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 05:32 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn 05:32 -!- mode/#openvpn [+v s7r] by ChanServ 05:32 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 05:46 -!- Deele [~Mr.D@217.199.115.217] has joined #openvpn 05:50 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 245 seconds] 05:51 -!- batrick [~batrick@nmap/developer/batrick] has joined #openvpn 06:05 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn 06:16 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has quit [Remote host closed the connection] 06:20 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has joined #openvpn 06:47 -!- Denial [Denial@drgi.co.uk] has joined #openvpn 06:59 -!- Rob3Rt [h4x0r@unaffiliated/respekt] has quit [Ping timeout: 252 seconds] 07:13 <@vpnHelper> RSS Update - forum: How many conf files? 07:17 -!- Rob3Rt [h4x0r@79.133.201.84] has joined #openvpn 07:17 -!- Rob3Rt [h4x0r@79.133.201.84] has quit [Changing host] 07:17 -!- Rob3Rt [h4x0r@unaffiliated/respekt] has joined #openvpn 07:37 -!- Araluccl0 [~lallo@151.77.226.107] has quit [Quit: Anche il discorsismo ha un limitismo.] 07:37 -!- Araluccl0 [~lallo@151.77.226.107] has joined #openvpn 08:01 -!- mikkel [~mikkel@80-71-132-15.u.parknet.dk] has joined #openvpn 08:04 -!- S1lv3R [~Ben@178-83-34-83.dynamic.hispeed.ch] has quit [Read error: Connection reset by peer] 08:06 -!- S1lv3R [~Ben@178-83-34-83.dynamic.hispeed.ch] has joined #openvpn 08:15 -!- S1lv3R [~Ben@178-83-34-83.dynamic.hispeed.ch] has quit [Read error: Connection reset by peer] 08:17 -!- S1lv3R [~Ben@178-83-34-83.dynamic.hispeed.ch] has joined #openvpn 08:20 <@vpnHelper> RSS Update - forum: Connect Virtual dos mach. by VPN via remote pc to dos hub 08:29 -!- ibins [~Michael@2001:6f8:1c60:7777:21a:4dff:fe66:600c] has joined #openvpn 08:56 -!- jameslordhz [~jack@125.109.170.251] has joined #openvpn 08:56 -!- jameslordhz [~jack@125.109.170.251] has left #openvpn [] 09:01 -!- krzee [nobody@openvpn/community/support/krzee] has quit [Quit: This computer has gone to sleep] 09:05 -!- shinigamiz [6d43c479@gateway/web/freenode/ip.109.67.196.121] has joined #openvpn 09:06 < shinigamiz> hi, i installed the client but i cant configure it from the gui, tried placing the file according to docs but doesnt work, any advise? 09:06 < shinigamiz> this is on windows xp btw 09:21 <+EugeneKay> hyper_ch - no, I still qualified it as being evening, not morning. 09:22 <+EugeneKay> Now that I've slept, it's morning. 09:22 < hyper_ch> EugeneKay: can't be... it's late afternoon 09:22 < hyper_ch> not morning 09:22 < hyper_ch> I think your clock is a couple of hours off 09:22 <+EugeneKay> Time is an illusion. 09:22 < hyper_ch> you should install ntp 09:30 <+s7r> shinigamiz: what is the problem 09:30 <+s7r> what client are you using and where did you put the .ovpn file? 09:35 < shinigamiz> im unsing windows client 1.8.3.302 i put the config.ovpn file in c:\openvpn c:\program files\openvpn c:\program files\openvpn\config c:\program files\openvpn technologiC:\Program Files\OpenVPN Technologies\OpenVPN Client\etc C:\Program Files\OpenVPN Technologies\OpenVPN Client\etc\config :)es\openvpn client\ 09:42 <+s7r> if you are using the client for access server just put the config .ovpn on your desktop 09:42 <+s7r> click on client and click on that + and select import from local file, then browse the config on the desktop 09:42 <+s7r> save it with a name and click on it to connectr 09:45 < shinigamiz> i have no + 09:45 < shinigamiz> my client is limited because it cant find the config 09:45 < shinigamiz> i will try another version of ovpn 09:46 <+EugeneKay> !download 09:46 <@vpnHelper> "download" is (#1) http://www.openvpn.net/download to download OpenVPN or (#2) OpenVPN's Windows installer now includes OpenVPN GUI. Don't bother with http://openvpn.se anymore or (#3) Don't trust download.com at all. It provides an extremely old version with malware: http://insecure.org/news/download-com-fiasco.html 09:48 < shinigamiz> ok got it 09:48 < shinigamiz> thanks 09:48 -!- shinigamiz [6d43c479@gateway/web/freenode/ip.109.67.196.121] has quit [] 10:05 -!- hjf [~hjf@35-178-126-200.fibertel.com.ar] has joined #openvpn 10:12 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Read error: Operation timed out] 10:12 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 10:17 < hjf> I'm confused about the "mode server". If I need to set up a tunnel between two machines, I can configure the routing outside openvpn, at OS-level, right? say I want to make a vpn between two LANs: i just set up a tunnel between both and route lan A through openvpn endpoint IP at side B, and vice versa 10:19 < hjf> that is: lan A is 10.0.0.0/24 and lan B is 10.1.0.0/24. i set up openvpn with ifconfig 10.99.99.1 (server) and 10.99.99.2 10:19 < hjf> then route add 10.0.0.0/24 gw 10.99.99.1 10:20 < hjf> do the "push" options work in not "mode server"? so i do't need to add the routes manually 10:20 < hjf> manually as in "an external script" 10:23 < hjf> because I read about the "route" option, which i guess would work fine for static setups (my setup is static so it's ok, i'm just curious) 10:52 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has quit [Remote host closed the connection] 10:54 < tabakhase> http://www.secure-computing.net/wiki/index.php/Graph my setup is similar to this, but my gateway is not having a route. but still communication is working in both directions... 10:54 <@vpnHelper> Title: Graph - Secure Computing Wiki (at www.secure-computing.net) 10:54 -!- krzee [nobody@openvpn/community/support/krzee] has joined #openvpn 10:55 -!- tabakhase [t4b4kh453@rps9289.ovh.net] has quit [Changing host] 10:55 -!- tabakhase [t4b4kh453@unaffiliated/tabakhase] has joined #openvpn 10:57 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has joined #openvpn 11:09 -!- Sgt_Lemming [Sgt_Lemmin@124-170-64-249.dyn.iinet.net.au] has joined #openvpn 11:09 < Sgt_Lemming> hi all, trying to set up a VPN between a windows 7 computer and a smoothwall and having some issues 11:09 <+s7r> like what ? 11:10 < Sgt_Lemming> keep getting the error "unable to connect because your certificate is not yet valid, check that your system time is correct" 11:10 <+s7r> and is your system time correct? 11:10 <+s7r> time and date? 11:10 < Sgt_Lemming> yes 11:11 < Sgt_Lemming> on both ends 11:11 < Sgt_Lemming> double checked 11:11 <+s7r> ok and did you create the client certificate? 11:11 < Sgt_Lemming> yes, created on the smootwall 11:11 < Sgt_Lemming> using Zerina mod if anyone is familiar with it 11:11 <+s7r> why wouldn't it be valid yet how did you create it 11:11 <+s7r> never heard of it 11:11 < Sgt_Lemming> actually... I think I have an idea why 11:12 < Sgt_Lemming> I created the root cert before fixing the time zone >_< 11:12 < tabakhase> great :D 11:13 * Sgt_Lemming headdesks multiple times 11:13 < hjf> what would be a good way to route between 2 VPN tunnels? one goes through a fast dedicated link, the other is an internet connection. i want to use the fast link whenever available and fall back to the internet link if it fails. and when the fast link returns, route through it again 11:13 < hjf> do i need dynamic routing, like OSPF or something like that? 11:17 < Sgt_Lemming> gah, that was stupid, just accidentally created the root cert with the country set as afghanistan >_< 11:18 <+s7r> Sgt_Lemming: what is that Zernia you were saying 11:18 <+s7r> could you show it somewhere how it works? 11:18 <+s7r> is it easier to mentain PKI with it ? 11:18 < Sgt_Lemming> it's a mod for smoothwall to allow Open-VPN 11:18 < Sgt_Lemming> http://community.smoothwall.org/forum/viewforum.php?f=55 11:18 <@vpnHelper> Title: community.smoothwall.org View forum - Zerina (at community.smoothwall.org) 11:18 <+s7r> what does it have to do with certificates? 11:19 < Sgt_Lemming> you generate the certs via a web interface on the smoothwall machine, zerina is the mod for smoothwall to allow that 11:22 <+s7r> oh 11:22 <+s7r> this smoothwall is installed directly on metal 11:22 <+s7r> it's an OS itself ? 11:27 <+s7r> or is a package for linux distro e.g. centos 11:27 <+s7r> and it won't work without an os 11:28 < Sgt_Lemming> it's an OS 11:28 < Sgt_Lemming> smoothwall is a dedicated linux router package 11:29 < Sgt_Lemming> it's pretty nice and very reliable (approx 500 days uptime on current box) 11:29 < Sgt_Lemming> sigh, same issue after regenerating all certs... 11:32 < Sgt_Lemming> woot 11:32 < Sgt_Lemming> just worked 11:34 -!- hjf [~hjf@35-178-126-200.fibertel.com.ar] has left #openvpn [] 11:35 <+s7r> it was the time zone issue, correct? 11:36 -!- zz_mgorbach [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has quit [Ping timeout: 276 seconds] 11:36 < Sgt_Lemming> not sure 11:37 < Sgt_Lemming> might have taken a little while for the settings to take effect 11:38 <+s7r> could you make a picture of your screen while on web interface controller for certificates and public key infrastructure? and put it on imageshack.us i really would like to see how easy it is i am thinking to use it too 11:38 <+s7r> if it's easy 11:38 < Sgt_Lemming> and now it appears the connection to the box in question has gone down >_< 11:38 < Sgt_Lemming> frack it 11:38 <+s7r> at this time i am adding / removing users using easy-rsa via ssh command line 11:43 -!- zz_mgorbach [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has joined #openvpn 11:46 < Sgt_Lemming> probably doesn't help that the area it's in keeps getting flooded atm :-P 11:52 <@vpnHelper> RSS Update - forum: [Help] Cannot connect to vpn. 11:56 -!- s7r [~s7r@openvpn/user/s7r] has left #openvpn [] 12:12 -!- MeanderingCode_ [~Meanderin@97-123-0-8.albq.qwest.net] has quit [Read error: Connection reset by peer] 12:18 -!- BenLue [~Ben@178-83-34-83.dynamic.hispeed.ch] has joined #openvpn 12:21 -!- S1lv3R [~Ben@178-83-34-83.dynamic.hispeed.ch] has quit [Ping timeout: 245 seconds] 12:24 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Read error: Operation timed out] 12:28 < mastercode> when i have one config file in /etc/openvpn all works fine, but i like to run the openvpn on two ports so added a new config file called port443.conf and restart the service i get no errors, cp old.conf port443.conf and just edit port from 53 udp to 443 tcp. then it works fine on port 443 tcp but i get no trafikk when i connethed to port 53 udp 12:28 < mastercode> any ides ? 12:31 <+EugeneKay> Did you bother tochange the subnet being used by the new config file? 12:31 <+EugeneKay> Or the tun device? 12:32 < mastercode> nop :) i tryd to change the subnet then it failed to start so i changed it back 12:32 < mastercode> now i changed log file and some other stuff and it started in a defrent subnet 12:44 < mastercode> EugeneKay do i need to change tun dev also ? 12:46 <+EugeneKay> If you're specifying tun# explicitly, yes. 12:47 < mastercode> great it works fine now, last question howto setup the openvpn clinet conf to automatic try port 443 tcp if port 53 udp dont reply. 13:10 -!- Reihar [~Reihar@176.31.218.44] has joined #openvpn 13:10 < Reihar> Hi 13:10 < Reihar> I have a question about openvpn and http proxies. 13:11 < Reihar> I'm using a vpn over an http proxy and it works fine. 13:13 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 13:13 < Reihar> But I have a problem : if I try something like that : http-proxy 192.168.4.1 1080 stdin basic, it doesn't work. I have to use the auto option like that : http-proxy 192.168.4.1 1080 auto 13:13 < Reihar> I also tried with none and ntlm instead of basic 13:14 < Reihar> I'd like to specify a file for athentification but I don't know why it doesn't work. 13:14 < Reihar> I would be glad if helped me. 13:17 -!- resno [~resno@unaffiliated/resno] has left #openvpn [] 13:19 < Araluccl0> hi can anyone suggest me how I can tell my router to route all the traffic of a one of my lan ip thru my vpn even if that specific ip is not a openvpn itself? 13:19 < Araluccl0> i meant its not a openvpn client itself 13:19 < krzee> not an openvpn question 13:20 < Araluccl0> I see.. I hoped it was simpel to realize 13:21 < Araluccl0> and its probably something I could put into custom script I can launch into openvpn conf... 13:21 < Araluccl0> probably route-up 13:22 < Araluccl0> btw is there a channel where I could ask any help? #linux maybe? 13:22 < rob0> sounds like you are asking for router support, in which case you should call the manufacturer's help line. 13:23 < Araluccl0> nope..its just basic routing stff I think... its just im newbie with routing 13:29 <@vpnHelper> RSS Update - forum: Would You Use A VPN Provider That Gives You A Static IP? 13:41 <@vpnHelper> RSS Update - forum: Can VPN Services Provide End to End Encryption? 13:48 -!- thansen [~thansen@c-67-177-32-87.hsd1.ut.comcast.net] has quit [Quit: Ex-Chat] 13:54 < Reihar> Nobody knows about my problem ? 14:00 < hyper_ch> krzee: mattock: EugeneKay: dazo_afk: ecrist: https://www.networkworld.com/news/2012/012612-rsa-crypto-keys-255379.html?hpg1=bn 14:00 <@vpnHelper> Title: Hacking stunt: Stealing smartphone crypto keys using plain old radio (at www.networkworld.com) 14:13 < mastercode> question if i have a dedicated server with 32 ips. range 192.168.0.1-32 and the openvpn server has ip 192.168.0.1 can i give the clients ip 192.168.10.10-32 ? 14:14 < hyper_ch> mastercode: openvpn created a private subnet 14:14 < hyper_ch> or should create a private subnet 14:14 < hyper_ch> that is different from your lan 14:14 < mastercode> as this is just a exapmple and im taking about real public ipv4s. can sombody connethed to ip 192.168.10.10 on port 21 and as long as the vpn client has that port open ? 14:15 < hyper_ch> please rephrase that question, I don't understand 14:15 < mastercode> ok. 14:16 < mastercode> let says i have a dedicated server with 32 ips. (read public ips) 14:17 < mastercode> and i like to setup a openvpn server that gives the openvpn client reald public ips 14:17 < hyper_ch> openvpn won't hand out public ips 14:17 < hyper_ch> but you can forward incoming ips to specific vpn ips 14:17 < hyper_ch> using your firewall 14:18 < mastercode> im doing that all ready. so not thats not what im looking for 14:18 < mastercode> and i know this is posble as i have seen it. 14:19 < mastercode> so if i set the subnet to be real ips that i got from the ISP 14:19 < mastercode> that will not work ? 14:20 < hyper_ch> try it 14:20 < hyper_ch> but I think th "v" and "p" in vpn will prevent it 14:21 < mastercode> ok i seen a vpn company seling this im a client there but the dont offer static ips. 14:33 -!- Rob3Rt [h4x0r@unaffiliated/respekt] has quit [Ping timeout: 252 seconds] 14:33 -!- doomtimeusa [~kadath@rrcs-96-11-226-10.central.biz.rr.com] has joined #openvpn 14:35 <@vpnHelper> RSS Update - forum: Configuring an Open VPN server 15:13 -!- ibins [~Michael@2001:6f8:1c60:7777:21a:4dff:fe66:600c] has quit [Quit: Verlassend] 15:22 -!- batrick_ [~batrick@nmap/developer/batrick] has joined #openvpn 15:22 -!- batrick_ [~batrick@nmap/developer/batrick] has quit [Client Quit] 15:27 -!- batrick [~batrick@nmap/developer/batrick] has quit [Ping timeout: 240 seconds] 15:28 -!- mikkel [~mikkel@80-71-132-15.u.parknet.dk] has quit [Quit: Leaving] 15:32 -!- batrick [~batrick@nmap/developer/batrick] has joined #openvpn 15:46 -!- mastercode [~dudw@120.79-161-128.customer.lyse.net] has quit [Ping timeout: 255 seconds] 15:48 -!- doomtimeusa [~kadath@rrcs-96-11-226-10.central.biz.rr.com] has quit [Quit: Leaving] 15:49 -!- JackWinter2 [~jack@80.90.42.35] has joined #openvpn 15:50 -!- JackWinter [~jack@ppp-289.vo.lu] has quit [Ping timeout: 276 seconds] 15:59 <@vpnHelper> RSS Update - forum: OPENVPN Works from States, not Europe 16:20 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has joined #openvpn 16:35 <@vpnHelper> RSS Update - forum: Please Review My Site : 16:43 -!- Deele [~Mr.D@217.199.115.217] has quit [Ping timeout: 252 seconds] 17:08 -!- corretico [~luis@190.211.93.11] has quit [Ping timeout: 276 seconds] 17:13 -!- JackWinter2 [~jack@80.90.42.35] has quit [Quit: Konversation terminated!] 17:19 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has quit [Remote host closed the connection] 17:21 -!- JackWinter [~jack@ppp-289.vo.lu] has joined #openvpn 17:23 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has joined #openvpn 17:23 <@vpnHelper> RSS Update - forum: Fully routed and partially routed connection profiles? 17:24 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has quit [Remote host closed the connection] 17:27 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has joined #openvpn 17:32 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has quit [Remote host closed the connection] 17:42 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 252 seconds] 18:03 -!- tekzilla [~jon@hmbg-4d068409.pool.mediaWays.net] has quit [Ping timeout: 260 seconds] 18:04 -!- tekzilla [~jon@hmbg-5f760cc8.pool.mediaWays.net] has joined #openvpn 18:18 -!- zu [~zu@ks387228.kimsufi.com] has quit [Ping timeout: 252 seconds] 18:23 -!- zu [~zu@ks387228.kimsufi.com] has joined #openvpn 18:50 -!- Denial [Denial@drgi.co.uk] has quit [] 18:52 -!- Mp5shooter [~Mp5@204.152.221.189] has joined #openvpn 18:53 -!- zu [~zu@ks387228.kimsufi.com] has quit [Ping timeout: 255 seconds] 18:54 -!- Mp5- [~Mp5@99-59-223-143.lightspeed.jcvlfl.sbcglobal.net] has quit [] 19:33 -!- corretico [~luis@190.211.93.11] has joined #openvpn 19:37 -!- Araluccl0 [~lallo@151.77.226.107] has quit [Quit: Anche il discorsismo ha un limitismo.] 19:37 -!- Araluccl0 [~lallo@151.77.226.107] has joined #openvpn 19:40 -!- _julian [~quassel@hmbg-5f765e6a.pool.mediaWays.net] has quit [Read error: Operation timed out] 19:41 -!- _julian [~quassel@hmbg-4d06d11f.pool.mediaWays.net] has joined #openvpn 19:48 <@vpnHelper> RSS Update - forum: Would You Use A VPN Provider That Gives You A Static IP? 20:00 <@vpnHelper> RSS Update - forum: Please Review My Site : 20:23 -!- corretico [~luis@190.211.93.11] has quit [Ping timeout: 276 seconds] 20:42 <@vpnHelper> RSS Update - forum: RADIUS authentication 20:52 -!- emmanuelux [~emmanuel@2a01:e35:2e4d:9010:21d:60ff:fe0e:b818] has quit [Ping timeout: 240 seconds] 21:27 -!- oc80z [oc80z@blea.ch] has quit [Changing host] 21:27 -!- oc80z [oc80z@openvpn/user/oc80z] has joined #openvpn 21:32 -!- seeio [~seeio@94.242.213.242] has joined #openvpn 21:34 < seeio> hi, a VPN I'm using has some sort of routing issue going on because my logs will show a differnet SRC= which I spoke to a iptables firewall developer this that explained this, but the VPN doesn't seem to think there's an issue on their end, so I'm not sure how to tell them what to check 21:35 < seeio> are there several ways to push routing to a client? 21:36 < krzee> please use pastebin to show what you mean 21:36 <@vpnHelper> RSS Update - forum: OpenvpnAs and Pfsense Site-to-Site 21:36 < krzee> i think it needs sample data, logs and stuff 21:37 < seeio> here ya go; http://pastebin.com/whrNKBij 21:38 < seeio> check out the differences in SRC= at first I thougth this could be caused by a firewall but the developer of an iptables firewall I spoke to and several other people said that has nothing to do with a firewall that's a routing issue causing the SRC= to be different 21:40 < seeio> that's basically the problem the vpn server is not routing correct and right now that's all I have to show, other then that the logs just show me reconnect or get disconnected is all on the client side, nothing really to see... 21:40 -!- ostolvis [~ostolvis@108.162.156.19] has quit [Ping timeout: 245 seconds] 21:41 < seeio> krzee: can you still see me, not sure I just disconnected... 21:42 < seeio> am I still in the channel anyone? 21:42 < rob0> nope 21:42 < seeio> hehe ok thanks darn connection keeps dropping 21:43 < rob0> !firewall 21:43 <@vpnHelper> "firewall" is (#1) please see http://openvpn.net/man#lbBD for more info or (#2) see http://www.secure-computing.net/wiki/index.php/OpenVPN/Firewall for brief notes on disabling firewall rulesets. 21:43 < seeio> rob0: it's not the firewall that's a routing issue 21:44 < seeio> of course it could be a firewall if I had it tunnel to another ip etc, but I'm not 21:44 < rob0> all yo showed was two Shorewall drop logs ... 21:44 < seeio> I just have basic firewall rules of drop and accept that doesn't change SRC IPs... 21:44 < rob0> 03:36 < krzee> i think it needs sample data, logs and stuff 21:46 < rob0> uh, "sample data" maybe route tables, ping tests, configs ... 21:46 < rob0> some of that goes under "stuff" too 21:46 < seeio> I said I don't have anything to show other then that and what I'm asking is what can I tell the VPN to check on their end I guess for their server config to make sure they have the routing setup correct? 21:47 < seeio> let me start this over hehe... :) 21:47 < seeio> What can I tell the VPN on their end to check on their servers to make sure the routing is setup correct? 21:47 < rob0> What's wrong with the SRC? My telepathic powers fail me. 21:48 < rob0> One of those is a wlan0, the other is tun0 21:48 < rob0> but indeed, don't have the firewall dropping things while you try to debug 21:50 < seeio> good point I overlooked that, this also shows because it was wlan0 it wasn't getting routed over the Tunnel at that point 21:50 < seeio> anyhow... 21:51 < seeio> there's not point in running around asking me to trouble shoot this on my end when I know what the problem is, the problem is that the server has a routing issue, I'm simply asking you or someone else what I can have checked for this, that's all... 21:52 < seeio> so can someone please tell me what I can tell the VPN I'm helping what to look at on their server? I don't have access to the server so I don't know the settings 22:01 -!- seeio [~seeio@94.242.213.242] has quit [Quit: seeio] 22:06 -!- babble [~coyote@unaffiliated/coyote] has joined #openvpn 22:23 -!- SuperPhly [~superphly@r74-192-223-20.bcstcmta02.clsttx.tl.dh.suddenlink.net] has joined #openvpn 22:24 < SuperPhly> !welcome 22:24 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 22:24 < SuperPhly> !howto 22:24 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror 22:36 -!- babble [~coyote@unaffiliated/coyote] has quit [Ping timeout: 244 seconds] 22:39 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 22:56 < SuperPhly> My Windows Client (OpenVPN GUI) is connecting to my OVPN server, but it's stuck on "connecting". 22:56 < SuperPhly> There are no firewalls between us. Neither side is reporting an error, so I'm having a hard time figuring out "what's next" 23:01 -!- babble [~coyote@unaffiliated/coyote] has joined #openvpn 23:23 -!- epsilon [textblase@raid1.net] has quit [Quit: cya] 23:26 -!- Deele [~Mr.D@217.199.115.217] has joined #openvpn 23:35 <@vpnHelper> RSS Update - forum: Proper support for duplicate iroutes. || Getting this to work. 23:41 <@vpnHelper> RSS Update - forum: Need IPv6 code in mroute_extract_addr_from_packet || my other wish 23:46 -!- epsilon [textblase@raid1.net] has joined #openvpn --- Day changed Mon Jan 30 2012 00:03 -!- resha [7a022e4c@gateway/web/freenode/ip.122.2.46.76] has joined #openvpn 00:05 < resha> Is there a possibility that when I go to whatismyip.com, my server ip address but internal ip only? 00:10 -!- resha [7a022e4c@gateway/web/freenode/ip.122.2.46.76] has quit [Quit: Page closed] 00:30 < Sgt_Lemming> resha, no 00:31 < Sgt_Lemming> it shouldn't be able to see your server's internal IP unless something real strange is going on 00:42 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 00:43 -!- babble [~coyote@unaffiliated/coyote] has quit [Quit: Leaving] 01:16 -!- novaflash [~novaflash@openvpn/user/novaflash] has quit [Ping timeout: 255 seconds] 01:16 -!- novaflash [~novaflash@vpnserver1.jellemaautomatisering.nl] has joined #openvpn 01:19 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn 01:19 -!- mode/#openvpn [+v s7r] by ChanServ 01:25 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has joined #openvpn 01:35 <@vpnHelper> RSS Update - forum: OPENVPN Works from States, not Europe 01:36 -!- Carbon_Monoxide [~cmonxide@059148118175.ctinets.com] has joined #openvpn 01:41 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Quit: UnterPerro lives to save another day] 01:46 -!- Haraken [~ryuk@unaffiliated/haraken] has quit [Quit: insert quit message] 01:56 -!- dazo_afk is now known as dazo 02:04 -!- Deele [~Mr.D@217.199.115.217] has quit [Ping timeout: 252 seconds] 02:24 -!- Deele [~Mr.D@80.233.175.48] has joined #openvpn 02:32 < Mowee> Morning 02:40 -!- Waraudon [~WaraudonX@cpe-65-189-30-122.cinci.res.rr.com] has joined #openvpn 02:43 -!- SuperPhly [~superphly@r74-192-223-20.bcstcmta02.clsttx.tl.dh.suddenlink.net] has quit [Read error: Connection reset by peer] 02:43 -!- SuperPhly [~superphly@r74-192-223-20.bcstcmta02.clsttx.tl.dh.suddenlink.net] has joined #openvpn 02:44 -!- raa [~nag@42.79-160-154.customer.lyse.net] has quit [Ping timeout: 240 seconds] 02:45 -!- raa [~nag@42.79-160-154.customer.lyse.net] has joined #openvpn 02:56 -!- zu [~zu@ks387228.kimsufi.com] has joined #openvpn 03:23 -!- Denial [Denial@drgi.co.uk] has joined #openvpn 03:29 -!- Dev0n_ [~Dev0n@host-92-26-113-187.as13285.net] has joined #openvpn 03:30 -!- Araluccl0 [~lallo@151.77.226.107] has quit [Read error: Connection reset by peer] 03:30 -!- Araluccl0 [~lallo@151.77.226.107] has joined #openvpn 03:33 -!- Dev0n [~Dev0n@host-92-26-113-187.as13285.net] has quit [Ping timeout: 252 seconds] 03:35 <@vpnHelper> RSS Update - forum: Disabling auth with "auth none" disables HMAC firewall too? 03:38 -!- stephanj [stephan@nemesis.stejau.de] has left #openvpn [] 03:39 -!- emmanuelux [~emmanuel@2a01:e35:2e4d:9010:21d:60ff:fe0e:b818] has joined #openvpn 03:42 < SuperPhly> Anyone around? I'm looking to create a secure connection from my client machine to a server then out to the internet. Does anyone have an easy how-to on hwo that might be accomplished? 03:43 -!- Deele [~Mr.D@80.233.175.48] has quit [Disconnected by services] 03:43 -!- De`off [~Mr.D@217.199.115.217] has joined #openvpn 03:44 < hyper_ch> SuperPhly: issue: !howto 03:44 < hyper_ch> SuperPhly: and !def1 04:18 < Sgt_Lemming> !howto 04:18 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror 04:18 -!- RageCage [~RageCage@ssh.studentnatet.se] has joined #openvpn 04:23 -!- master_of_master [~master_of@p57B53B7D.dip.t-dialin.net] has quit [Ping timeout: 244 seconds] 04:25 -!- master_of_master [~master_of@p57B556A2.dip.t-dialin.net] has joined #openvpn 04:29 -!- prakashkamliya [~prakashka@202.131.123.66] has joined #openvpn 04:41 < prakashkamliya> Does ethernet bridging in tap mode creates any issue with local traffic initiated for other network as local lan interface losses its original identity? 04:47 <@vpnHelper> RSS Update - forum: Unable to ping behind client from server in Bridge Mode 05:00 -!- novaflash [~novaflash@vpnserver1.jellemaautomatisering.nl] has quit [Changing host] 05:00 -!- novaflash [~novaflash@openvpn/user/novaflash] has joined #openvpn 05:04 -!- Carbon_Monoxide [~cmonxide@059148118175.ctinets.com] has quit [Quit: Leaving] 05:08 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has joined #openvpn 05:23 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has quit [Quit: Leaving.] 05:28 -!- prakashkamliya [~prakashka@202.131.123.66] has quit [Remote host closed the connection] 05:29 -!- prakashkamliya [~prakashka@202.131.123.66] has joined #openvpn 05:31 -!- Waraudon [~WaraudonX@cpe-65-189-30-122.cinci.res.rr.com] has quit [Quit: Leaving] 05:33 -!- noisebleed [~quassel@piggy.inescn.pt] has joined #openvpn 05:33 -!- noisebleed [~quassel@piggy.inescn.pt] has quit [Changing host] 05:33 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has joined #openvpn 05:36 <@vpnHelper> RSS Update - forum: [Help] Cannot connect to vpn. || Configuring an Open VPN server 06:00 <@vpnHelper> RSS Update - forum: Ehernet Bridging Problem ? 06:30 -!- resha [~rave@184.22.182.246] has joined #openvpn 06:31 < resha> what are the other types of compression that openvpn supports? 06:31 <@dazo> resha: lzo 06:31 < resha> only lzo? 06:31 <@dazo> yes 06:31 < resha> cant we use other compression type like lzf or snappy or other types? 06:31 <@dazo> lzo is optimal as it is quicker to find out if it is worth compressing the data or not ... and it is fast 06:32 <@dazo> resha: if you want to contribute code to support those, please be my guest 06:32 < havoc> resha: unless you are on a *slow* link compression usually actually harms performance 06:32 < resha> no i dont know much. I just guess that maybe we can use comp-lzf 06:33 <@dazo> I don't know much about lzf and snappy .... but lzo support was implemented in the very beginning, and it's working pretty nicely for those needing it 06:33 <@dazo> but trying to compress non-compressable data (jpg, mgp, mp3, ogg, zip, gz, bz2, etc) is not making it more efficient 06:34 <@dazo> so you need to have a close look at the data you pass over the tunnel 06:35 < resha> there were two vpn that we are testing on our network. but i dont know what vpn that this vpn provider provides but it uses lzf compression and with that, the vpn connection works faster while with lzo, it hangs frequently. 06:35 < havoc> the only time I can see wanting compression in the modern world is over a dial-up link 06:35 < resha> yes dial-up 06:35 < havoc> ah 06:35 < havoc> then yeah, you probably want compression 06:36 < havoc> just be aware that *ANY* on-the-fly/dynamic compression *will* introduce latency 06:36 < havoc> that would be the "hangs" you mentioned 06:36 < havoc> it is unavoidable 06:37 < resha> using lzf compression does not hang but using lzo compression makes the connection hang 06:37 < havoc> resha: yes, because COMPRESSION (of any kind) introduces LATENCY 06:37 < havoc> they go hand in hand 06:37 < havoc> no LZO means no compression 06:37 < resha> i was thinking that I could just install lzf compression algo in the server and set option for in the server config likewize with client config 06:38 <@dazo> (http://agaoglu.tumblr.com/post/4605524309/lzo-vs-snappy-vs-lzf-vs-zlib-a-comparison-of ) 06:38 <@vpnHelper> Title: sleepcoding - LZO vs Snappy vs LZF vs ZLIB, A comparison of compression algorithms for fat cells in HBase (at agaoglu.tumblr.com) 06:38 < havoc> and when you must use compression computing horsepower on both ends is the only way to increase performance 06:38 < resha> dazo, that what I read a while ago 06:38 < havoc> ...as you're trading CPU time for bandwidth 06:39 <@dazo> snappy looks like something we should look into at some point, though 06:39 -!- De`off [~Mr.D@217.199.115.217] has quit [Ping timeout: 252 seconds] 06:39 < havoc> dazo: if I'm on dialup I use ssh +z 06:39 <@dazo> CPU time usually isn't the biggest issue these days, unless you're in the embedded world 06:39 < resha> so how can I introduce new compression for openvpn traffic without programming openvpn? 06:39 <@dazo> resha: not possible 06:40 < resha> :( now I am wondering what vpn is this vpn provider uses 06:43 < Sgt_Lemming> s7r, you about? 06:44 <+s7r> Sgt_Lemming ? 06:45 < Sgt_Lemming> got it working, VPN'd in to the other network and running quite nicely 06:45 -!- _julian [~quassel@hmbg-4d06d11f.pool.mediaWays.net] has quit [Read error: Operation timed out] 06:45 < Sgt_Lemming> so nice to be able to use my own machine for accessing everything, rather than RDP via the rather old server that is there >_< 06:45 <+s7r> of course, much better and quicker 06:45 < Sgt_Lemming> indeed 06:45 <+s7r> im glad you figured it out 06:46 -!- dupondje [~dupondje@artemis.dupie.be] has joined #openvpn 06:46 < Sgt_Lemming> yeah, zerina is a decent way of getting it running, just my own stupidity over the timezone stuff :-P 06:46 < Sgt_Lemming> didn't help that the modem in the building decided to christmas tree yet again >_< 06:47 <+s7r> :) 06:47 <+s7r> could you provide a print screen of zernia? 06:47 <+s7r> i want to see how it looks like and how easy it is for cert management 06:47 <+s7r> i use command line via ssh to create / remove users 06:47 < Sgt_Lemming> http://community.smoothwall.org/forum/viewtopic.php?f=55&t=28246 06:47 < dupondje> I have a VPN server (10.10.0.1) and VPN client (10.10.0.2). Client is a router with IP 192.168.3.1. Now I can ping that IP from the VPN server, but not and IP in teh same range 192.168.3.130. 06:47 <@vpnHelper> Title: community.smoothwall.org View topic - Zerina - Installation & Setup Instructions (at community.smoothwall.org) 06:48 < dupondje> Now whats the source IP the 192.168.3.130 receives ? Is that 10.10.0.1 ? 06:49 <+s7r> thanks Sgt_Lemming looks good 06:49 < Sgt_Lemming> np 06:49 < Sgt_Lemming> it's not bad 06:49 <+s7r> it allows you to create /edit .ovpn configs also ? 06:49 <+s7r> or just cert + keys ? 06:49 < Sgt_Lemming> it creates it for you 06:49 < Sgt_Lemming> you can edit it though 06:54 -!- resha [~rave@184.22.182.246] has quit [] 06:54 -!- _julian [~quassel@hmbg-5f762ce7.pool.mediaWays.net] has joined #openvpn 06:55 -!- resha [~rave@184.22.182.246] has joined #openvpn 06:55 < resha> dazo, since lzo is the openvpn compression, can we double its compression? 06:56 <@dazo> resha: !???!!? double the compression? 06:56 <@dazo> resha: please do me a favour ... try to zip a zip file and see how the result will be 06:56 <@dazo> it's the same principle 06:56 < resha> yeah, compress what is already compressed? :) 06:56 < Sgt_Lemming> doubling the compression will just result in higher CPU load with no actual traffic saving 06:57 <@dazo> in fact the result might be somewhat bigger 06:57 < Sgt_Lemming> yup 06:57 < Sgt_Lemming> it's like compressing MP3 files, the compressed file often ends up bigger 06:58 < resha> oh 06:59 <@dazo> but with lossy compressions (like MP3 and JPEG), the quality gets worse too 06:59 < resha> could it be possible that on the upcoming version, we can choose what compression to use? 06:59 < Sgt_Lemming> dazo, if you re-encoded an mp3 or jpeg sure 06:59 <@dazo> but loss-less compressions (vorbis, zip, lzo, xz, snappy, lzf, etc, etc) the unpacked result will be the same 07:00 <@dazo> resha: we have a todo list which is already way too long ... so don't expect it in the next couple of releases ... which is why we'll rather accept community contributions 07:01 < resha> yeah 07:02 -!- resha [~rave@184.22.182.246] has quit [] 07:10 < Sgt_Lemming> lol 07:10 < Sgt_Lemming> some people have no freaking clue :-P 07:10 < Sgt_Lemming> not like a VPN uses all that much traffic (well, on top of what you are doing) 07:12 < prakashkamliya> Does ethernet bridging in tap mode creates any issue with local traffic initiated for other network as local lan interface losses its original identity? 07:13 < prakashkamliya> is bridging mode only option for assigning ip to vpn client through dhcp ? 07:16 <@vpnHelper> RSS Update - forum: Active directory and user groups || Howto run multiple client connection using single daemon 07:17 < havoc> prakashkamliya: no, you can assign via DHCP if the OpenVPN server and DHCP server processes are on the same machine 07:18 < havoc> prakashkamliya: ....or if you run a DHCP-relay on the machine that OpenVPN runs on 07:18 <+s7r> dazo: i have these in cfg 07:18 <+s7r> what do they mean 07:18 <+s7r> reneg-sec 604800 07:18 <+s7r> sndbuf 100000 07:18 <+s7r> rcvbuf 100000 07:18 <@dazo> !man 07:18 <@vpnHelper> "man" is (#1) http://openvpn.net/man for 2.0 manual or (#2) http://openvpn.net/man-beta.html for 2.1 manual or (#3) http://openvpn.net/index.php/open-source/documentation/manuals/427-openvpn-22.html for 2.2 manual or (#4) the man pages are your friend! 07:19 <@dazo> s7r: it's all described there ... ^^^ 07:19 <+s7r> :)) 07:19 <+s7r> couldn't it be described in few words? 07:19 < havoc> yay! They fixed the doc links on the website :) 07:20 <@dazo> s7r: it's described pretty short and concise in the man page, I'm not in mood to copy paste what you can search for ;-) 07:24 -!- dupondje [~dupondje@artemis.dupie.be] has left #openvpn [] 07:24 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Read error: Operation timed out] 07:24 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 07:25 -!- jetole [~jetole@66.165.165.169] has quit [Quit: leaving] 07:26 < prakashkamliya> havoc: i mean whenever i need to assign ip to vpn-client through dhcp running on same machine, i have to use bridge mode i.e dev tap 07:26 < havoc> prakashkamliya: I do not believe you do 07:27 < prakashkamliya> i have setup it is working fine, but problem is while bridging lan interface loses its original identity and creating problem 07:28 < prakashkamliya> for other local traffic initiated for other network 07:31 -!- simplechat_ [~simplecha@unaffiliated/simplechat] has joined #openvpn 07:35 <@dazo> prakashkamliya: when you bridge, you set the IP address on the bridge interface? not the interfaces participating in the bridge? 07:36 < prakashkamliya> dazo: true assigning ip to bridge interface i.e ip of local lan interface to bridge , but if my webserver is listening on lan interface will it work as local lan is bridged with tap and new adapter is created 07:38 <@dazo> if your web server listens to the IP address of the bridge, it will respond to both tap and local lan requests 07:38 <@dazo> but you might need to restart the web server after setting up the bridge 07:40 < prakashkamliya> dazo: okay, what about openvpn interoperatibility with other ssl vpn ? i have not found any interop doc in manual ? 07:41 <@dazo> prakashkamliya: openvpn is only compatible with openvpn 07:41 < prakashkamliya> even if i am using tap mode and giving ip to client through dhcp ? 07:42 <@dazo> that is not related at all 07:42 < prakashkamliya> coz i thought tun uses some internal mechanism to assign ip to client that's why it may not compatible with other ssl vpn 07:42 <@dazo> the openvpn (ssl based) protocol is what the openvpn use to talk to the other openvpn side 07:43 < prakashkamliya> okay so it is only compatible if other side is also running openvpn 07:43 < prakashkamliya> ? 07:43 <@dazo> the tun/tap device is a virtual network card, which the local openvpn process reads and writes data to/from and transports it to the other side 07:43 <@dazo> that is correct ... openvpn is required on both sides 07:44 < prakashkamliya> okay..,and to use tap only when getting ip from vpn-server through dhcp ? 07:46 <@dazo> TAP devices behaves almost like normal network cards, as it will transport Ethernet frames (OSI layer 2) 07:46 <@dazo> TUN devices will only transport IP traffic (OSI layer 3) 07:47 < havoc> if you're bridging you must use TAP 07:47 <@dazo> so to make DHCP work, you need Ethernet frames, as it relies on Ethernet based broadcasts 07:47 < havoc> and no matter what you must use the same type for client and server 07:48 <@dazo> and the same for bridges .... bridges will only work with Ethernet frames, thus TAP is required 07:48 < havoc> dazo: what's the advantage of --topology subnet for TUN then? 07:48 < havoc> ...aside from not using the /30 PtP 07:49 <@dazo> less overhead ... as you skip the Ethernet frames, so less tunnel data 07:49 < havoc> I wasn't thinking that I couldn't use DHCP w/ TUN, so I may not be switching to TUN after all :( 07:49 < havoc> although if I stick w/ TAP I can bridge my udp:1194 and tcp:443 ifaces 07:49 <@dazo> if you do have a DHCP server which provides VPN addresses, you'll need TAP .... the DHCP client can't listen to tun devices 07:49 < havoc> so there will still be some gain 07:50 < havoc> dazo: yeah, doing that with TAP now 07:52 <@dazo> another disadvantage of TAP is the broadcast domain, and the risk of arp poisoning 07:53 <@dazo> (In TAP you'll transport all broadcasts over the VPN) 07:53 < prakashkamliya> dazo: do i need to compulsory bridging of tap with local lan nic for assigning ip to vpnclient through dhcp 07:54 < prakashkamliya> ? as tap listen's broadcast request and can assign ip through dhcp then what is need of bridging just for sake of assigning same ip of local net to tap adapter? 07:55 < prakashkamliya> dazo: i feel only one problem with bridging local lan nic losses its identity as script sets its ip 0.0.0.0 07:55 <@dazo> prakashkamliya: and that is normal 07:56 <@dazo> the local lan NIC should not have any IP address when being bridged 07:56 <@dazo> it the bridge interface (f.ex. br0 in Linux) which should have the IP address 07:57 < prakashkamliya> yes,true,and then my local traffic would be routed through bridge ? what if the traffic is not for vpn-server and for internet or some other network ? 07:57 < prakashkamliya> will that be routed through bridge ? 07:57 < prakashkamliya> as local eth0 lan losess its ip. 08:01 <@dazo> the bridge is not a router .... the bridge simply takes all traffic from all the bridge members and sends it out on the other members .... think of bridge like a switch 08:02 <@dazo> in fact if you have 8 NICs in a server, and bridge them all together ... you'll have the same behaviour as a 8 port switch 08:03 < prakashkamliya> okay i got it..thanks for help. 08:03 <@dazo> so the "meeting point" is the bridge device (br0) ... that is only used if you want to have services on that box available 08:03 -!- resha [~rave@184.22.182.246] has joined #openvpn 08:03 <@dazo> if you don't have an IP address on the bridge, it will still work as it will transport data across the ports 08:04 < resha> dazo, is there a relationship between compression and shaper. What I mean is, since compression works to make the traffic smaller, can shaper work that way? 08:05 < prakashkamliya> dazo: okay., 08:05 <@dazo> resha: nope, not at all ... shaper only limits the bandwidth the openvpn process will send out 08:06 < resha> hmmm. 08:09 < resha> I was looking for a while for some kind of software that openvpn traffic will pass to that compression tool and goes to client decompression to openvpn client. I have seen trafficcompressor but works for windows base only. Dazo, can you give me any suggestions plesase. 08:09 <@dazo> resha: I have not heard of that in the Linux world 08:09 <@dazo> or *nix world, for that matter 08:14 -!- simplechat_ [~simplecha@unaffiliated/simplechat] has quit [Remote host closed the connection] 08:17 -!- resha [~rave@184.22.182.246] has quit [Read error: Connection reset by peer] 08:34 -!- p3rror [~mezgani@41.137.254.45] has joined #openvpn 08:36 -!- cjs226 [~cjs226@rrcs-71-40-79-154.sw.biz.rr.com] has joined #openvpn 08:37 -!- cjs226 [~cjs226@rrcs-71-40-79-154.sw.biz.rr.com] has quit [Client Quit] 08:39 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has joined #openvpn 08:39 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 08:41 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 08:48 -!- resha [~rave@184.22.182.246] has joined #openvpn 08:50 < resha> dazo, I would like to study the source code of openvpn, what language is this? what software to use and other dependencies to install. I am using windows xp, so I would like to compile it under windows. Please tell me what I need so I can begin to study the source code. 08:51 <@dazo> resha: https://community.openvpn.net/openvpn/wiki/DeveloperDocumentation#Coderepositories 08:51 <@vpnHelper> Title: DeveloperDocumentation – OpenVPN Community (at community.openvpn.net) 08:51 <@dazo> it's all in C 08:51 <@dazo> yes, it's possible to build in Windows ... but I have no real experience with building on XP 08:52 < resha> what software should I use? vb.net ? 08:52 < resha> I have only studied vb6 and only few on c++ 08:53 < resha> thru reading 08:53 < resha> if you can tell me what software to use, then I can start going. 08:54 <@dazo> resha: https://community.openvpn.net/openvpn/wiki/BuildingOnWindows 08:54 <@vpnHelper> Title: BuildingOnWindows – OpenVPN Community (at community.openvpn.net) 08:55 < resha> alright 08:55 -!- resha [~rave@184.22.182.246] has quit [] 08:59 -!- d12fk [~heiko@exit0.net] has joined #openvpn 09:05 -!- raomin [~romain@240.22.66.86.rev.sfr.net] has joined #openvpn 09:11 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 252 seconds] 09:12 -!- takamichi [~pri@217.23.4.104] has joined #openvpn 09:18 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has quit [Ping timeout: 252 seconds] 09:18 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has quit [Read error: Operation timed out] 09:19 <@vpnHelper> RSS Update - forum: Open VPN expert required 09:23 -!- noisebleed [~quassel@kermit.inescn.pt] has joined #openvpn 09:23 -!- noisebleed [~quassel@kermit.inescn.pt] has quit [Changing host] 09:23 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has joined #openvpn 09:23 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has joined #openvpn 09:33 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 09:34 <+s7r> if i have 2 public ip addresses assigned to same interface (venet0) can openvpn listen on both, if yes how? 09:35 <+s7r> without local argument ? 09:36 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 09:36 <@dazo> s7r: correct 09:38 <+s7r> and if no --local is specified in server config, openvpn will listen not just on all IPs assigned to same interface but also on all interfaces with all their IP addresses, right ? 09:43 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 09:46 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 09:47 <@dazo> s7r: correct 09:47 <+s7r> thanks dazo 09:48 <+s7r> and dazo if i would like only to listen to 2 ip assigned to venet0 i put local venet0 09:48 <+s7r> or local , 09:48 <@dazo> nope, won't work ... openvpn only supports one or all 09:49 <+s7r> 2 daemons would work? 09:49 <+s7r> one for each IP ? 09:49 <@dazo> that would work, with the overhead of extra management .... I'd rather recommend to listen to all and use firewall 09:49 <@dazo> less maintenance 09:58 -!- cherwin_ is now known as cherwin 09:59 -!- catsup [d@ps38852.dreamhost.com] has quit [Read error: Operation timed out] 10:02 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn 10:02 -!- payal11 [payal@inara.dreamhost.com] has quit [Ping timeout: 255 seconds] 10:03 -!- takamichi [~pri@217.23.4.104] has quit [Ping timeout: 245 seconds] 10:03 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 10:13 <@vpnHelper> RSS Update - forum: OpenVPN Can't ping remote hosts 10:18 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has quit [Ping timeout: 240 seconds] 10:31 <@vpnHelper> RSS Update - forum: OpenVPN Can't ping remote hosts 10:43 -!- MeanderingCode [~Meanderin@75-173-17-195.albq.qwest.net] has joined #openvpn 11:02 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Ping timeout: 276 seconds] 11:16 -!- raidz [~Andrew@openvpn/corp/admin/andrew] has joined #openvpn 11:16 -!- mode/#openvpn [+o raidz] by ChanServ 11:24 -!- dazo is now known as dazo_afk 11:29 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has quit [] 11:30 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has joined #openvpn 11:31 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has quit [Client Quit] 11:45 -!- CaBa [caba@unique-inter.net] has joined #openvpn 11:45 < CaBa> hi 11:46 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has joined #openvpn 11:50 < CaBa> whats the recommended way to prevent the client from pulling a default route when the server pushes it? 12:00 <+s7r> have the server not to push it 12:01 < hyper_ch> oh dammit, IBM intends to start supporting OOo 12:02 -!- tessier [~treed@kernel-panic/copilotco] has joined #openvpn 12:04 < tessier> Is there any syntax for saying that a particular client doesn't get a particular route pushed to it but everyone else does? I have a 10.0.2.0/24 network where the openvpn server is and I have a 192.168.3.0/24 network which connects to the server. I have other VPN clients who I want to be able to access 192.168.3.0/24. But I can't just push a 192.168.3.0/24 route to all of the clients or the client who has that as his own local network gets it and he 12:07 <+EugeneKay> !ccd 12:07 <@vpnHelper> "ccd" is entries that are basically included into server.conf, but only for the specified client based on common-name. use --client-config-dir to enable it, then put the config options for the client in /common-name 12:07 <+EugeneKay> In combination wwith --push-reset 12:11 -!- DFSFOT [~Ahmet_fat@82-171-17-160.ip.telfort.nl] has joined #openvpn 12:11 < DFSFOT> hello 12:12 < DFSFOT> can anyone help me? 12:12 < Essobi> They make pills for that now. 12:12 < DFSFOT> where can i get the pills? 12:12 < ecrist> !ask 12:13 <@vpnHelper> "ask" is (#1) don't ask to ask, just ask your question please or (#2) http://www.latinsud.com/answer/ or (#3) http://www.catb.org/~esr/faqs/smart-questions.html to learn how to get help 12:14 < DFSFOT> can i also get the config file for free? 12:14 < CaBa> s7r: not an option 12:14 < DFSFOT> i just need for 5mins 12:15 <+s7r> DFSFOT: what do you need man? 12:15 < DFSFOT> i cannot connect to an IP 12:15 <+s7r> CaBa: no access to the server at all ? 12:15 <+s7r> DFSFOT: and? 12:15 <+s7r> what is the openvpn problem? 12:15 < DFSFOT> Mon Jan 30 19:15:24 2012 us=791000 TLS: Initial packet from 188.116.32.169:443, sid=4edf7e55 73117688 12:15 < DFSFOT> Mon Jan 30 19:15:27 2012 us=537000 VERIFY OK: depth=1, /C=DE/ST=Bayern/L=Gunzenhausen/O=HideME/CN=HideME_CA/emailAddress=feedback@hideme.ru 12:15 < DFSFOT> Mon Jan 30 19:15:27 2012 us=537000 VERIFY OK: nsCertType=SERVER 12:15 < DFSFOT> Mon Jan 30 19:15:27 2012 us=537000 VERIFY OK: depth=0, /C=DE/ST=Bayern/L=Gunzenhausen/O=HideME/CN=server/emailAddress=feedback@hideme.ru 12:15 < DFSFOT> Mon Jan 30 19:15:30 2012 us=704000 Connection reset, restarting [0] 12:15 < DFSFOT> Mon Jan 30 19:15:30 2012 us=704000 TCP/UDP: Closing socket 12:15 < DFSFOT> Mon Jan 30 19:15:30 2012 us=704000 SIGUSR1[soft,connection-reset] received, process restarting 12:15 < DFSFOT> Mon Jan 30 19:15:30 2012 us=704000 Restart pause, 5 second(s) 12:15 -!- DFSFOT was kicked from #openvpn by vpnHelper [Flooding detected. Please use http://pastebin.com for posting logs or configs.] 12:15 -!- DFSFOT [~Ahmet_fat@82-171-17-160.ip.telfort.nl] has joined #openvpn 12:15 < CaBa> s7r: yep. no access. 12:15 <+s7r> DFSFOT: use a pastebin man 12:15 -!- mode/#openvpn [+o ecrist] by ChanServ 12:15 <+s7r> you ever used irc before 12:15 < DFSFOT> yes 12:16 < DFSFOT> i hate pastebin 12:16 <+s7r> stop flooding the channel and keep it clean please 12:16 <@ecrist> don't paste into the channel 12:16 < DFSFOT> ok 12:16 <+s7r> if you want to get help here be polite 12:16 <+EugeneKay> That sucks for you, because we love it. 12:16 < DFSFOT> special for you i use pastebin 12:16 < DFSFOT> http://pastebin.com/hYUXHxQV 12:16 <+s7r> CaBa: then if you don't want client to follow the routes pushed by server run openvpn client on windwos 7 with no administrator privileges 12:16 <@vpnHelper> RSS Update - forum: [Help] Cannot connect to vpn. 12:17 < DFSFOT> i dunno what is wrong 12:17 < DFSFOT> but it do not connect 12:17 <+s7r> can you put in pastebin your .ovpn file too? 12:18 < CaBa> s7r: not an option either, client doesn't run windows. 12:18 <+s7r> that beats me then CaBa i'm sorry maybe someone else more experienced would have a solution 12:18 < DFSFOT> where is that .ovpn file= 12:18 < DFSFOT> ?* 12:19 -!- eddyst1 [~eddyst@drsd-4dbd8c77.pool.mediaWays.net] has joined #openvpn 12:19 -!- eddyst1 [~eddyst@drsd-4dbd8c77.pool.mediaWays.net] has left #openvpn [] 12:19 < DFSFOT> i see alot of .ovpn files 12:19 < DFSFOT> @vpnhelper that didn't help 12:20 <+s7r> :))) 12:20 <@ecrist> CaBa: --no-pull 12:20 <+s7r> DFSFOT: it's server fault. contact your vpn provider 12:20 <+s7r> tell them it's not working for you 12:20 <+s7r> or buy from somewhere else where it works 12:21 <@ecrist> DFSFOT: do you control the server? 12:21 < DFSFOT> i use OpenVPN 12:21 < DFSFOT> and some days ago it worked fine 12:21 <@ecrist> do you control there server process? 12:22 <@ecrist> we can only support users that control both the client and server 12:22 < DFSFOT> i really dunno understand what you mean so i think i dont 12:22 <@ecrist> then we cannot help you 12:22 <@ecrist> contact the server owners and they can help you 12:22 < DFSFOT> WTF do you mean? 12:22 < DFSFOT> wich server? 12:22 <@ecrist> what ever openvpn server you're trying to connect to 12:23 < DFSFOT> Poland 12:23 -!- MeanderingCode [~Meanderin@75-173-17-195.albq.qwest.net] has quit [Ping timeout: 240 seconds] 12:23 <@ecrist> Poland is a country 12:23 <@ecrist> not an openvpn server 12:23 <@ecrist> are you using the privatetunnel.com? 12:24 <+s7r> no ecrist he is using some russian service 12:24 <+s7r> just leave him alone 12:24 <@ecrist> oh, not our problem then 12:24 <+s7r> yup 12:24 < DFSFOT> 188.116.32.169 443 12:24 < DFSFOT> is that the server? 12:24 <+s7r> yes that is the server 12:24 <@ecrist> not ours 12:24 <@ecrist> you need to contact them 12:24 < DFSFOT> uhh that server is in my config file of OpenVPN how it can't be yours 12:24 <@ecrist> ah, incloak.com 12:25 -!- MeanderingCode [~Meanderin@75-173-22-137.albq.qwest.net] has joined #openvpn 12:25 <+s7r> :)))) 12:25 < DFSFOT> yes it is incloak 12:25 <@ecrist> DFSFOT: we write the software, you're paying someone else to manage it 12:25 < DFSFOT> do you know a good one?> 12:25 -!- MeanderingCode [~Meanderin@75-173-22-137.albq.qwest.net] has quit [Read error: Connection reset by peer] 12:25 <@ecrist> you need to contact the people at incloak 12:25 <+s7r> what ecrist is trying to tell you is that we can not help you 12:25 < DFSFOT> except incloak 12:25 <@ecrist> we cannot help you 12:25 <+s7r> (8:15:37 PM) DFSFOT: Mon Jan 30 19:15:27 2012 us=537000 VERIFY OK: depth=1, /C=DE/ST=Bayern/L=Gunzenhausen/O=HideME/CN=HideME_CA/emailAddress=feedback@hideme.ru 12:25 <+s7r> your provider hideme.ru contact them and complain 12:25 <@ecrist> DFSFOT: you can try privatetunnel.com 12:25 <@ecrist> but I've never used it 12:26 <+s7r> i use www.privatetunnel.com and it works perfectly 12:26 < DFSFOT> is it for free? 12:26 <@ecrist> no 12:26 < DFSFOT> trial 12:26 < DFSFOT> ? 12:26 <@ecrist> try going to the website, and reading it 12:26 <+s7r> DFSFOT: like all good things in life it costs 12:26 <@ecrist> there is a free trial 12:26 <+s7r> DFSFOT: nobody will provide good service for free 12:26 <+s7r> for free you will find only cheap service... which you are better off 12:26 <@ecrist> there is commercial support, we don't really support third-party services here, sorry 12:27 < DFSFOT> i only need it for 5mins 12:27 <+s7r> go to the page and create an account 12:27 <+s7r> you can use it for one day if yo udont download or youtube 12:27 <@ecrist> DFSFOT: we've tried to help, go away now 12:27 <+s7r> DFSFOT: just click: www.privatetunnel.com 12:27 <+s7r> read there it's all there 12:27 <+s7r> it's the last thing i am telling you 12:27 < CaBa> ecrist: when was that switch introduced? my manpage doesn't match 12:28 < DFSFOT> calm down man 12:28 <+s7r> CaBa: are you on 2.2 man page? 12:28 < CaBa> s7r: 2.2.1 12:28 -!- MeanderingCode [~Meanderin@75-173-22-137.albq.qwest.net] has joined #openvpn 12:29 <@ecrist> CaBa: --route-nopull 12:29 <@ecrist> sorry 12:29 < CaBa> ecrist: ah, thx. 12:29 <@ecrist> the stops pulling of all routes, though 12:29 < CaBa> ecrist: hm. no match either ;) 12:29 <@ecrist> http://openvpn.net/index.php/open-source/documentation/manuals/openvpn-22.html 12:29 <@vpnHelper> Title: OpenVPN 2.2 (at openvpn.net) 12:29 <@ecrist> it's there, trust me 12:29 < CaBa> yeah i'll check what routes are pulled and set them by hand 12:29 < CaBa> except for the default route 12:29 <@ecrist> if you're not running 2.2.2, we don't support your version. :) 12:29 < CaBa> i mean using --route 12:30 < CaBa> ecrist: 2.2.1 as i said :P 12:30 <@ecrist> --route-nopull is in the man page 12:30 <@ecrist> http://openvpn.net/index.php/open-source/documentation/manuals/openvpn-21.html 12:30 <@vpnHelper> Title: OpenVPN 2.1 (at openvpn.net) 12:30 <@ecrist> afaik, it's been in openvpn for quite some time 12:30 <@ecrist> 2.0.x 12:30 < CaBa> ecrist: ack. i missed it. my fault :o) 12:30 <+s7r> its here 12:30 <+s7r> --route-nopull 12:30 <+s7r> When used with --client or --pull, accept options pushed by server EXCEPT for routes 12:33 < tabakhase> would someone of you be so kind and kill my boss? 12:34 <+s7r> depends what juristriction are you in 12:34 <+s7r> is any deth penalty there 12:34 <+s7r> ? 12:34 <+s7r> death* sorry 12:34 < tabakhase> germany, should be fine, even the prisons are great 12:35 <+s7r> deustchland is nice yeah. prisons there are confortable too 12:35 <+s7r> how long are you guys going to support greece any longer? 12:35 <+s7r> because of them euro is loosing ground to US$ 12:36 < tabakhase> dont ask me... everythings clashing, nobody cares 12:36 < tabakhase> just media nonsense... 12:36 < tabakhase> eu is in procastination zone 12:38 < tabakhase> but wait for it, revolution upcomming... surveys are already on 14% for the pirate party (berlin)... so just a mather of time 12:39 -!- DFSFOT [~Ahmet_fat@82-171-17-160.ip.telfort.nl] has quit [Read error: Connection reset by peer] 12:39 < hyper_ch> tabakhase: 14% germany-wide would be nice 12:40 < CaBa> polls are 5% on a national level 12:40 <+s7r> i would trade eu for usa anytime 12:40 <+EugeneKay> US and A is best america! 12:49 <@ecrist> meh, I like my freedom, and I can enforce such with my guns. 12:49 <@ecrist> :) 12:51 <+s7r> at least americans have the balls to get out and claim their rights 12:51 < CaBa> *facepalm* 12:51 <+s7r> if laws such as PIPA or SOPA were in the EU, they would 12:51 <+s7r> be binding already 12:51 <+s7r> they would be up and running 12:52 < hyper_ch> [19:51] at least americans have the balls to get out and claim their rights --> you sure? 12:52 < CaBa> yeah... let talk about "exporting cryptography" 12:52 <+s7r> already the eu has agreed on ACTA . don't know what acta is ... don't understand what it does really 12:52 < hyper_ch> s7r: the US has agreed earlier to eu 12:52 <+s7r> hyper_ch: to be frank i am not sure i have never been to the usa nor applied for visa not as tourist eaven 12:52 < hyper_ch> and still the EU parliament needs to agree on it 12:52 <+s7r> but i like to think so 12:53 < hyper_ch> s7r: give the americans their big macs and their football and they are happy.... romans used to call it: panem et circenses 12:53 <+s7r> hyper_ch: but what will that acta do is it as bad as they say on media? 12:53 < hyper_ch> don't tell me you haven't heard of acta the last 2 (sic?) years 12:54 <+s7r> i heard of course i did ... but i don't understand what it does. it says it will protect copyrighted material 12:54 <+s7r> but how ? 12:54 <+s7r> what if I host a website in Thailand and stream videos from there what can acta do ? 12:55 < hyper_ch> you'll get butt raped 12:55 <+s7r> i have metalic underwear 12:55 <+s7r> adamantium as wolvarine's bones 12:55 <+s7r> :)) 12:56 < pwrcycle> s7r ask Patrick O'dwyer 12:56 < pwrcycle> and that's without acta 12:58 < hyper_ch> s7r: maybe a good start https://www.eff.org/deeplinks/2012/01/we-have-every-right-be-furious-about-acta 12:58 <@vpnHelper> Title: We Have Every Right to Be Furious About ACTA | Electronic Frontier Foundation (at www.eff.org) 12:59 <@raidz> ugh 13:00 <@raidz> ACTA is a sham 13:00 < hyper_ch> acta should be put of of its myersy 13:00 < hyper_ch> as should mpaa and riaa and *aa 13:00 <@raidz> ^^^ 13:01 <+s7r> maybe it wont pass the eu parlament 13:02 < hyper_ch> I hope it won't 13:05 <+s7r> if it does then we have openvpn to vpn to warmer places 13:05 <+s7r> :) 13:06 -!- noisebleed_ [~quassel@lula.inescn.pt] has joined #openvpn 13:06 < hyper_ch> if it does, you still have Switzerland :) 13:06 -!- Araluccl0 [~lallo@151.77.226.107] has quit [Ping timeout: 252 seconds] 13:06 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has quit [Ping timeout: 252 seconds] 13:13 -!- p3rror [~mezgani@41.137.254.45] has quit [Read error: Operation timed out] 13:21 -!- MeanderingCode_ [~Meanderin@97-123-3-158.albq.qwest.net] has joined #openvpn 13:22 -!- MeanderingCode [~Meanderin@75-173-22-137.albq.qwest.net] has quit [Ping timeout: 244 seconds] 13:29 -!- MeanderingCode_ [~Meanderin@97-123-3-158.albq.qwest.net] has quit [Ping timeout: 252 seconds] 13:30 -!- MeanderingCode [~Meanderin@97-123-7-71.albq.qwest.net] has joined #openvpn 13:31 -!- MeanderingCode_ [~Meanderin@97-123-7-71.albq.qwest.net] has joined #openvpn 13:33 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has quit [Ping timeout: 252 seconds] 13:34 -!- MeanderingCode [~Meanderin@97-123-7-71.albq.qwest.net] has quit [Ping timeout: 248 seconds] 13:35 -!- MeanderingCode [~Meanderin@97-123-8-77.albq.qwest.net] has joined #openvpn 13:36 -!- MeanderingCode_ [~Meanderin@97-123-7-71.albq.qwest.net] has quit [Ping timeout: 252 seconds] 13:38 -!- morsik [morsik@darkserver.it] has joined #openvpn 13:38 < morsik> hi i setup openvpn server and i discovered weird thing 13:39 < morsik> openvpn-status.log shows my addr as: 10.0.0.6 and my friends: 10.0.0.10 13:39 < morsik> but ipp.txt file contains: me: 10.0.0.4 and friend: 10.0.0.8 13:39 < morsik> i quite don't understand that... 13:41 -!- MeanderingCode [~Meanderin@97-123-8-77.albq.qwest.net] has quit [Ping timeout: 272 seconds] 13:44 -!- nonotza [~nonotza@50-57-234-249.static.cloud-ips.com] has joined #openvpn 13:47 -!- bauruine [~stefan@2001:8e0:100b:dead:f2de:f1ff:fe9f:974b] has joined #openvpn 14:01 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Read error: Operation timed out] 14:05 -!- Gravitron [~admin@64.93.224.111] has joined #openvpn 14:05 -!- Gravitron [~admin@64.93.224.111] has quit [Changing host] 14:05 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 14:07 <+EugeneKay> !/30 14:07 <@vpnHelper> "/30" is (#1) http://openvpn.net/index.php/open-source/faq/77-server/273-qifconfig-poolq-option-use-a-30-subnet-4-private-ip-addresses-per-client-when-used-in-tun-mode.html (sorry for the long link, they wont fix the anchors) explains why routed clients each use 4 ips or (#2) you can avoid this behavior by reading !topology or (#3) so by default, first client is .6, then .10 .14 .18 etc etc or (#4) use 14:07 <@vpnHelper> openvpn --show-valid-subnets to see the subnets you can use in net30 14:07 <+EugeneKay> morsik ^ 14:08 < morsik> EugeneKay: thanks 14:09 -!- Gravitro_ [~admin@69.163.40.45] has joined #openvpn 14:10 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Ping timeout: 272 seconds] 14:13 -!- EugeneKay [eugene@itvends.com] has quit [Quit: ZNC - http://znc.in] 14:13 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 14:14 -!- EugeneKay [eugene@itvends.com] has joined #openvpn 14:14 -!- mode/#openvpn [+v EugeneKay] by ChanServ 14:17 -!- noisebleed [~quassel@lula.inescn.pt] has joined #openvpn 14:17 -!- noisebleed [~quassel@lula.inescn.pt] has quit [Changing host] 14:17 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has joined #openvpn 14:17 -!- defsdoor [~andy@cpc17-sutt4-2-0-cust175.perr.cable.virginmedia.com] has joined #openvpn 14:18 -!- noisebleed_ [~quassel@lula.inescn.pt] has quit [Ping timeout: 276 seconds] 15:05 -!- gladiatr [~sdspence@openvpn/community/support/gladiatr] has quit [Ping timeout: 248 seconds] 15:09 -!- defsdoor [~andy@cpc17-sutt4-2-0-cust175.perr.cable.virginmedia.com] has quit [Quit: Ex-Chat] 15:19 -!- Obscurax [~bscrx@83.101.80.145] has joined #openvpn 15:19 < Obscurax> !welcome 15:19 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 15:19 < Obscurax> !howto 15:19 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror 15:20 < Obscurax> !goal 15:20 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc 15:20 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 248 seconds] 15:21 < Obscurax> hi 15:21 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 15:22 -!- LtHummus [~xbmc@50-78-162-17-static.hfc.comcastbusiness.net] has joined #openvpn 15:23 < LtHummus> !welcome 15:23 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 15:23 < Obscurax> !logs 15:23 <@vpnHelper> "logs" is (#1) is please pastebin your logfiles from both client and server with verb set to 5 or (#2) In Tunnelblick, right-click and select copy to copy log text to clipboard. 15:23 < LtHummus> !goal 15:23 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc 15:30 < Obscurax> Anyone who can help me with this? I'm trying to set up a connection to a vpn provider. When i connect through the gui all goes well. Now when I try to make the same connection as a service it's not working. 15:30 < Obscurax> OS: Server 2K8 R2; openvpn 2.2.2; ok log: http://pastebin.com/iWWjK1FT ; as service log: http://pastebin.com/UEUMbALr 15:35 -!- s7r [~s7r@openvpn/user/s7r] has left #openvpn [] 15:53 -!- Gravitro_ [~admin@69.163.40.45] has quit [Ping timeout: 252 seconds] 15:59 < Obscurax> fixed it, thanks anyway 16:00 -!- Obscurax [~bscrx@83.101.80.145] has quit [Read error: Connection reset by peer] 16:04 -!- Obscurax [~bscrx@m5.mullvad.net] has joined #openvpn 16:29 -!- bauruine [~stefan@2001:8e0:100b:dead:f2de:f1ff:fe9f:974b] has quit [Quit: Leaving] 16:33 -!- mangas [~mangas@a89-154-169-57.cpe.netcabo.pt] has joined #openvpn 16:52 -!- noisebleed_ [~quassel@piggy.inescn.pt] has joined #openvpn 16:53 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has quit [Ping timeout: 255 seconds] 16:59 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 252 seconds] 17:14 -!- l0gic [~anon@gw.et-cip.ruhr-uni-bochum.de] has joined #openvpn 17:14 < l0gic> !welcome 17:14 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 17:14 -!- EugeneKay [eugene@itvends.com] has quit [Quit: ZNC - http://znc.in] 17:14 < l0gic> !goal 17:14 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc 17:14 < l0gic> !route 17:14 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT or (#3) See !tcpip for more info about a more basic networking guide 17:15 < l0gic> !redirect 17:15 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns 17:16 < l0gic> !def1 17:16 <@vpnHelper> "def1" is (#1) used in redirect-gateway, Add the def1 flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. or (#2) please see --redirect-gateway in the man page ( !man ) to fully understand or (#3) push "redirect-gateway def1" 17:16 -!- EugeneKay [eugene@itvends.com] has joined #openvpn 17:18 < l0gic> hi 17:20 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has quit [Remote host closed the connection] 17:22 -!- EugeneKay [eugene@itvends.com] has quit [Quit: ZNC - http://znc.in] 17:23 -!- EugeneKay [eugene@itvends.com] has joined #openvpn 17:25 -!- p3rror [~mezgani@41.248.194.86] has joined #openvpn 17:27 -!- l0gic [~anon@gw.et-cip.ruhr-uni-bochum.de] has left #openvpn ["Playing the emo-kid sitting in a cornor! NOT!"] 17:38 -!- raidz [~Andrew@openvpn/corp/admin/andrew] has quit [Quit: Leaving.] 17:38 -!- raidz_ [~raidz@81.17.23.99] has joined #openvpn 17:39 -!- raidz_ is now known as raidz 17:39 -!- raidz [~raidz@81.17.23.99] has quit [Client Quit] 17:39 -!- raidz [~raidz@openvpn/corp/admin/andrew] has joined #openvpn 17:39 -!- mode/#openvpn [+o raidz] by ChanServ 17:46 -!- Schnabeltier [Schnabel3@ist.verliebt.in.seinen.bouncer.von.bouncer-paradise.com] has left #openvpn [] 17:47 -!- mangas [~mangas@a89-154-169-57.cpe.netcabo.pt] has left #openvpn ["Leaving"] 17:56 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has joined #openvpn 18:03 -!- tekzilla [~jon@hmbg-5f760cc8.pool.mediaWays.net] has quit [Ping timeout: 245 seconds] 18:05 -!- tekzilla [~jon@hmbg-5f765ebc.pool.mediaWays.net] has joined #openvpn 18:16 -!- novaflash is now known as novaflash_away 18:23 -!- novaflash_away is now known as novaflash 18:28 -!- raidz [~raidz@openvpn/corp/admin/andrew] has quit [Ping timeout: 276 seconds] 18:33 -!- Denial [Denial@drgi.co.uk] has quit [] 18:42 -!- lakewood [~user@99-45-120-223.lightspeed.cicril.sbcglobal.net] has joined #openvpn 18:42 < lakewood> !welcome 18:42 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 18:59 -!- nonotza [~nonotza@50-57-234-249.static.cloud-ips.com] has quit [Quit: nonotza] 19:06 -!- JoeGazz84 is now known as LadyGaga 19:06 -!- _julian [~quassel@hmbg-5f762ce7.pool.mediaWays.net] has quit [Read error: Operation timed out] 19:07 -!- LadyGaga is now known as jg84 19:09 -!- _julian [~quassel@hmbg-5f762e4c.pool.mediaWays.net] has joined #openvpn 19:23 -!- _quadDamage [~EmperorTo@jaguar-2-red.claimlynx.com] has quit [Read error: Connection reset by peer] 19:23 -!- _quadDamage [~EmperorTo@jaguar-2-red.claimlynx.com] has joined #openvpn 19:28 -!- lakewood [~user@99-45-120-223.lightspeed.cicril.sbcglobal.net] has quit [Read error: Connection reset by peer] 19:40 -!- Schnabeltier [Schnabel3@ist.verliebt.in.seinen.bouncer.von.bouncer-paradise.com] has joined #openvpn 19:41 -!- tjz [~pc@bb219-75-31-20.singnet.com.sg] has joined #openvpn 19:41 -!- tjz [~pc@bb219-75-31-20.singnet.com.sg] has quit [Changing host] 19:41 -!- tjz [~pc@unaffiliated/tjz] has joined #openvpn 20:02 -!- zz_mgorbach [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has quit [Ping timeout: 276 seconds] 20:07 -!- zz_mgorbach [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has joined #openvpn 20:20 -!- atomicfusion2 [~stephen@102-16-237-24.gci.net] has joined #openvpn 20:20 < atomicfusion2> is openvpn 3 still in the works? the last modification to the roadmap was over a year ago 20:25 -!- Netsplit *.net <-> *.split quits: oc80z, pwrcycle, crissi, fremo_, cron2, c1de0x, Schnabeltier, +dvl, +Nowak, +freaky[t], (+1 more, use /NETSPLIT to show all of them) 20:25 -!- cron2 [~gert@kirk.greenie.muc.de] has joined #openvpn 20:25 -!- pwrcycle [~pwrcycle@173.214.160.92] has joined #openvpn 20:25 -!- fremo [~fremo@noc.toile-libre.net] has joined #openvpn 20:25 -!- oc80z [oc80z@blea.ch] has joined #openvpn 20:25 -!- dvl [~dan@nyi.unixathome.org] has joined #openvpn 20:26 -!- Netsplit over, joins: arosen 20:26 -!- Netsplit over, joins: crissi 20:27 -!- freaky[t] [alpha@freakyonline.de] has joined #openvpn 20:33 -!- Nowak [nowak@warsaw.freeearthfoundation.com] has joined #openvpn 20:36 -!- noisebleed [~quassel@lula.inescn.pt] has joined #openvpn 20:36 -!- noisebleed [~quassel@lula.inescn.pt] has quit [Changing host] 20:36 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has joined #openvpn 20:36 -!- noisebleed_ [~quassel@piggy.inescn.pt] has quit [Ping timeout: 252 seconds] 20:44 -!- Gravitron [~admin@69.163.40.45] has joined #openvpn 20:44 -!- Gravitron [~admin@69.163.40.45] has quit [Changing host] 20:44 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 21:16 -!- atomicfusion2 [~stephen@102-16-237-24.gci.net] has quit [Ping timeout: 260 seconds] 21:32 -!- zeshoem [~zee@108.162.156.19] has joined #openvpn 21:35 -!- lakewood [~user@99-45-120-223.lightspeed.cicril.sbcglobal.net] has joined #openvpn 21:46 -!- emmanuelux [~emmanuel@2a01:e35:2e4d:9010:21d:60ff:fe0e:b818] has quit [Ping timeout: 240 seconds] 21:48 -!- atomicfusion1 [~stephen@102-16-237-24.gci.net] has joined #openvpn 22:00 -!- atomicfusion1 [~stephen@102-16-237-24.gci.net] has left #openvpn [] 22:02 -!- krzee [nobody@openvpn/community/support/krzee] has quit [Quit: This computer has gone to sleep] 22:12 -!- raa [~nag@42.79-160-154.customer.lyse.net] has quit [Read error: Connection reset by peer] 22:12 -!- raa [~nag@42.79-160-154.customer.lyse.net] has joined #openvpn 22:14 -!- prakashkamliya [~prakashka@202.131.123.66] has quit [Ping timeout: 276 seconds] 22:17 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 22:18 -!- Kyrasym_ [ca2a9082@gateway/web/freenode/ip.202.42.144.130] has joined #openvpn 22:19 < Kyrasym_> hello...could someone help me with my openvpn config...I am having problems routing my client traffic thru my VPN 22:19 -!- Dweezahr [~Dweezahr@flits102-34.flits.rug.nl] has quit [Ping timeout: 252 seconds] 22:20 < Kyrasym_> i have tried adding the various config to my client config but it does not route all traffic to my VPN 22:20 < Kyrasym_> i.e. redirect-gateway def1 22:23 < Kyrasym_> hmmm 22:25 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 22:25 < Kyrasym_> client dev tun0 proto tcp remote kyrasym.dyndns.org 1194 resolv-retry infinite nobind # Try to preserve some state across restarts. persist-key persist-tun cert client2.crt key client2.key redirect-gateway def1 22:27 -!- blackdog [foobar@ec2-107-20-53-20.compute-1.amazonaws.com] has joined #openvpn 22:28 < blackdog> hi. i'm wondering if there's a way to go backwards from the IP an authenticated node gets to their identity. 22:29 < blackdog> any suggestions on where to look? 22:29 -!- pwrcycle [~pwrcycle@173.214.160.92] has quit [Changing host] 22:29 -!- pwrcycle [~pwrcycle@unaffiliated/pwrcycle] has joined #openvpn 22:31 < Kyrasym_> ilol 22:31 < Kyrasym_> looks like nobody is here 22:31 < blackdog> looks like it:) 22:31 < Kyrasym_> or are we not following their rules? 22:32 < Kyrasym_> paste your configs and logs and a description of the issue 22:32 < Kyrasym_> lol 22:33 -!- Kyrasym_ [ca2a9082@gateway/web/freenode/ip.202.42.144.130] has quit [Quit: Page closed] 23:02 -!- Rob3Rt [~h4x0r@79.141.167.9] has joined #openvpn 23:02 -!- Rob3Rt [~h4x0r@79.141.167.9] has quit [Changing host] 23:02 -!- Rob3Rt [~h4x0r@unaffiliated/respekt] has joined #openvpn 23:02 -!- Rob3Rt [~h4x0r@unaffiliated/respekt] has quit [Client Quit] 23:04 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 23:09 -!- rawplayer [~foo@shell.students.os3.nl] has quit [Read error: Operation timed out] 23:09 -!- rawplayer [~foo@shell.students.os3.nl] has joined #openvpn 23:09 -!- KeatonTa [~textual@99-126-226-157.lightspeed.dllstx.sbcglobal.net] has joined #openvpn 23:10 < KeatonTa> Okay, I've done all the troubleshooting I can and now I'm here to get some help if possible. 23:10 < KeatonTa> Firstly, I'm running pfSense 2.0.1-RELEASE. 23:11 < KeatonTa> OpenVPN is configured to do user auth over a radius server running on pfSense and that is working fine (According to logs) 23:12 < KeatonTa> Here is my server1.conf and client.conf 23:12 < KeatonTa> Server config: 23:12 < KeatonTa> dev ovpns1 23:12 < KeatonTa> dev-type tun 23:12 < KeatonTa> dev-node /dev/tun1 23:12 < KeatonTa> writepid /var/run/openvpn_server1.pid 23:12 < KeatonTa> #user nobody 23:12 -!- KeatonTa [~textual@99-126-226-157.lightspeed.dllstx.sbcglobal.net] has quit [Excess Flood] 23:13 -!- KeatonTa [~textual@99-126-226-157.lightspeed.dllstx.sbcglobal.net] has joined #openvpn 23:13 < KeatonTa> Excuse my ignorance... 23:13 < KeatonTa> Pastebin coming up. 23:14 < KeatonTa> http://pastebin.com/6zPjJRKB 23:16 < KeatonTa> Here are the relevant logs. 23:16 < KeatonTa> JuvFxEgb 23:16 < KeatonTa> http://pastebin.com/JuvFxEgb ** 23:16 < KeatonTa> any help you can provide will be greatly appreciated! Thank you to anyone who helps me solve this massive headache. 23:28 -!- rawplayer [~foo@shell.students.os3.nl] has quit [Ping timeout: 276 seconds] 23:28 -!- rawplayer [~foo@shell.students.os3.nl] has joined #openvpn 23:47 < KeatonTa> :( 23:49 -!- KeatonTa [~textual@99-126-226-157.lightspeed.dllstx.sbcglobal.net] has quit [Quit: Textual IRC Client: http://www.textualapp.com/] 23:49 -!- JPeterson [HydraIRC@s213-103-209-64.cust.tele2.se] has quit [Ping timeout: 252 seconds] 23:50 * EugeneKay sneezes --- Day changed Tue Jan 31 2012 00:00 -!- noisebleed_ [~quassel@kermit.inescn.pt] has joined #openvpn 00:00 -!- JPeterson [HydraIRC@s213-103-209-64.cust.tele2.se] has joined #openvpn 00:01 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has quit [Ping timeout: 260 seconds] 00:13 <@vpnHelper> RSS Update - forum: Would You Use A VPN Provider That Gives You A Static IP? 00:20 -!- Dweezahr [~Dweezahr@flits102-34.flits.rug.nl] has joined #openvpn 00:21 -!- prakashkamliya [~prakashka@202.131.123.66] has joined #openvpn 00:29 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 00:33 -!- ScriptFanix [~vincent@Hanaman.riquer.fr] has joined #openvpn 00:42 -!- ScriptFanix [~vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 00:43 -!- blackdog [foobar@ec2-107-20-53-20.compute-1.amazonaws.com] has left #openvpn [] 00:51 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Quit: UnterPerro lives to save another day] 00:58 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 01:01 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has joined #openvpn 01:12 -!- prakashkamliya [~prakashka@202.131.123.66] has quit [Ping timeout: 255 seconds] 01:16 -!- `Ile` [~Ile@kaniserver.net] has joined #openvpn 01:47 <@vpnHelper> RSS Update - forum: Unable to ping behind client from server in Bridge Mode 01:49 -!- dazo_afk is now known as dazo 01:53 <@vpnHelper> RSS Update - forum: Active directory and user groups 02:01 -!- p3rror [~mezgani@41.248.194.86] has quit [Ping timeout: 276 seconds] 02:06 -!- c1de0x [~c1de0x@208.111.44.254] has joined #openvpn 02:11 -!- cron2 [~gert@kirk.greenie.muc.de] has quit [Changing host] 02:11 -!- cron2 [~gert@openvpn/community/developer/cron2] has joined #openvpn 02:17 <@vpnHelper> RSS Update - forum: Active directory and user groups 02:23 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 02:30 -!- crissi [crissi@wohnt.auf.Deep-Space-Nine.eu] has left #openvpn ["No matter how dark the night, somehow the Sun rises once again"] 02:50 -!- prakashkamliya [~prakashka@202.131.123.66] has joined #openvpn 02:50 < prakashkamliya> Can any one tell me that is it possible to use tap mode without bridging on server such that ip can be assigned to vpn client from subnet of server without using ethernet bridiging? 02:51 < prakashkamliya> my concern when bridge is created with local lan and tap, all rules of iptables of other service using interface eth1 (lan) doesnot 02:51 < prakashkamliya> works as local lan no more contain its original identity and bro is created 02:59 <@vpnHelper> RSS Update - forum: Using tap mode without ethernet bridging on server side. || Ubuntu lan-to-lan configuration 03:19 -!- emmanuelux [~emmanuel@2a01:e35:2e4d:9010:21d:60ff:fe0e:b818] has joined #openvpn 03:20 -!- defsdoor [~andy@cpc17-sutt4-2-0-cust175.perr.cable.virginmedia.com] has joined #openvpn 03:25 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn 03:25 -!- mode/#openvpn [+v s7r] by ChanServ 03:31 <@dazo> prakashkamliya: yes, you don't have to use bridging ... in fact we recommend against bridging here 03:33 <@dazo> !tap 03:33 <@vpnHelper> "tap" is "bridge" is (#1) http://openvpn.net/index.php/documentation/faq.html#bridge1, or (#2) http://openvpn.net/index.php/documentation/miscellaneous/ethernet-bridging.html, or (#3) Bridging looks like a good choice to people who don't know how to set up IP routing, but to learn routing is generally far better., or (#4) useful for windows sharing (without wins server) and LAN gaming, anything where the 03:33 <@vpnHelper> protocol uses MAC addresses instead of IP addresses. 03:34 <@dazo> prakashkamliya: it's very few use cases which really requires TAP ... so if you really don't need TAP, don't use it ... go for TUN. And when you consider to not do bridging, one of the biggest arguments for TAP is gone 03:36 <@vpnHelper> RSS Update - forum: [Help] Cannot connect to vpn. 03:58 < prakashkamliya> dazo: so it is recommend not to use tap mode 03:59 <@dazo> prakashkamliya: correct 03:59 <@dazo> TUN gives much lower overhead, as it will transport less data for each packet being sent over the VPN connection 03:59 <@vpnHelper> RSS Update - forum: Ubuntu lan-to-lan configuration 04:00 <@dazo> !tunortap 04:00 <@vpnHelper> "tunortap" is (#1) you ONLY want tap if you need to pass layer2 traffic over the vpn (traffic destined for a MAC address). If you are using IP traffic you want tun. Dont waste the extra overhead. or (#2) and if your reason for wanting tap is windows shares, see !wins or (#3) also remember that if someone gets access to any side of a tap vpn they can use layer2 attacks like arp poisoning against you over the 04:00 <@vpnHelper> vpn or (#4) lan gaming? use tap! 04:00 < prakashkamliya> okay thank you, and can you tell me how can i know common name of connecting client from its certificate so that i can create appropriate file in ccd 04:01 <@dazo> prakashkamliya: look in the log files? ... or use openssl x509 -noout -subject -in 04:02 < prakashkamliya> thats true is there no any parameter ? i mean i want to configure everything dynamically so that if new clients come with diff common name 04:02 <@dazo> but beware that OpenVPN will replace quite some characters with underscores (_) ... see the man page, search for --no-name-remapping for an explanation 04:03 <@dazo> prakashkamliya: the common name is stored in the certificate ... so give your clients different certificates with different CNs, and you have it 04:03 < prakashkamliya> okay. 04:05 -!- noisebleed [~quassel@piggy.inescn.pt] has joined #openvpn 04:05 -!- noisebleed [~quassel@piggy.inescn.pt] has quit [Changing host] 04:05 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has joined #openvpn 04:06 < prakashkamliya> dazo: and how about modifying live server configuration it has been written in manual that two parameter can be updated on fly 04:06 -!- noisebleed_ [~quassel@kermit.inescn.pt] has quit [Ping timeout: 252 seconds] 04:06 < prakashkamliya> but we also add route ip netmask in openvpn.conf file 04:07 < prakashkamliya> so can it be also updated on fly 04:07 -!- krzee [nobody@hemp.ircpimps.org] has joined #openvpn 04:07 -!- krzee [nobody@hemp.ircpimps.org] has quit [Changing host] 04:07 -!- krzee [nobody@openvpn/community/support/krzee] has joined #openvpn 04:07 < prakashkamliya> two parameters are ccd & crl-verify 04:08 <@dazo> I'm sorry, but I am not able to parse your question ... can you try to rephrase? 04:09 < prakashkamliya> i have server running and one client connected to it and appropriate route and iroute command are writeen in ccd and openvpn.conf file 04:09 < prakashkamliya> and if second client connects i want to create new file in ccd with iroute command and to add route command in openvpn.conf file 04:09 < prakashkamliya> such that it doesnt effect other tunnels connected with server 04:10 < prakashkamliya> i.e modifying live server configuration 04:10 <@dazo> the --client-config-dir is pointing at a directory ... in that directory you can add extra options which are parsed when that client connects 04:10 < krzee> !ccd 04:10 <@vpnHelper> "ccd" is entries that are basically included into server.conf, but only for the specified client based on common-name. use --client-config-dir to enable it, then put the config options for the client in /common-name 04:11 < krzee> !learn ccd as the ccd file is parsed each time the client connects. 04:11 <@vpnHelper> Joo got it. 04:11 < prakashkamliya> in manual it is written to add route ip netmask in server.conf file and iroute ip netmask in /common-name 04:12 <@dazo> correct 04:12 < krzee> !iroute 04:12 <@dazo> you can also add 'push "route ...."' in ccd files 04:12 <@vpnHelper> "iroute" is does not bypass or alter the kernel's routing table, it allows openvpn to know it should handle the routing when the kernel points to it but the network is not one that openvpn knows about. This is only needed when connecting a LAN which is behind a client, and therefor belongs in a ccd entry. Also see !route and !ccd 04:13 < prakashkamliya> okay so can we route command in ccd/common-name_of_client 04:13 < prakashkamliya> ? 04:13 < prakashkamliya> so can we add route command in ccd/common_name_of_client ? 04:13 <@dazo> no, you can *push* routes to clients via ccd ... and you can set up internal routing (iroute) in ccd 04:14 < krzee> when you use --route it adds a route to the routing table, this can point to openvpn, but not to a client, the client needs an iroute for the traffic to go beyond routing the normal routing table and into the openvpn server processes internal routing table between it and clients 04:15 < prakashkamliya> okay .. 04:15 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has joined #openvpn 04:16 < prakashkamliya> okay so what if i don't add route ip netmask in server.conf file and add iroute to ccd/common_name 04:16 < prakashkamliya> ? 04:16 < hyper_ch> krzee: still here? 04:17 < krzee> kinda 04:17 < krzee> prakashkamliya, then the kernel wont route the subnet to the vpn, and it wont matter that there is an iroute 04:17 < hyper_ch> I have a problem.... a complex one and not sure how to overcome it 04:17 < krzee> hyper_ch, penecillian 04:18 < krzee> ;] 04:18 < hyper_ch> penicillin ;) 04:18 < krzee> ya 04:18 < hyper_ch> a notebook that is in the lan and sometimes outside the lan 04:18 < prakashkamliya> krzee: then how can i modify live server configuration and also need to add route command in server.conf without restarting server 04:18 <@dazo> prakashkamliya: you can't 04:18 < hyper_ch> I think it's too complex to explain 04:18 < krzee> by restarting the server 04:18 < prakashkamliya> ooops! 04:19 < krzee> if clients are configured well they'll all reconnect right up 04:19 <@dazo> prakashkamliya: you need to setup all routes on the server 04:19 < krzee> no biggie 04:19 < prakashkamliya> i want to have site to site configuration so that machines behind both end can talk with each other 04:20 < krzee> !lan 04:20 < krzee> err 04:20 < krzee> !route 04:20 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT or (#3) See !tcpip for more info about a more basic networking guide 04:20 <@dazo> prakashkamliya: do this in more steps ... first make the the clients connect to a TUN setup (which it sounded like you're considering) ... and make clients access LAN behind the server .... *then* you can start doing the other way 04:21 <@dazo> trying to do everything at once, will just cause a chaos 04:22 < prakashkamliya> can we add route command outside of openvpn ? will it do same ? 04:23 < prakashkamliya> i think i need to try on it and can determine is it really possible 04:23 -!- master_of_master [~master_of@p57B556A2.dip.t-dialin.net] has quit [Ping timeout: 245 seconds] 04:26 -!- master_of_master [~master_of@p57B53038.dip.t-dialin.net] has joined #openvpn 04:27 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 260 seconds] 04:28 -!- mezgani_ [~mezgani@41.137.254.45] has joined #openvpn 04:29 < hyper_ch> krzee: you're any familiar with tomato wrt 04:30 < krzee> not specifically 04:30 < krzee> other than having looked at its webpage 04:31 < hyper_ch> krzee: how do you make sure you can connect to a given nated openvpn server from outside and inside the lan? 04:32 < krzee> i fail to understand the question 04:32 < krzee> you mean cause the ip you need to reach changes? 04:32 < hyper_ch> krzee: I want to connect to vpn.xxxx.ocm 04:32 < krzee> split-dns 04:32 < hyper_ch> the problem ist, the router for some reason does not resolve it to the correct lan ip 04:32 < hyper_ch> when queried from inside 04:33 < hyper_ch> and the network amanger always sets the router as nameserver 04:33 < krzee> ya thats splitdns 04:33 < krzee> !splitdns 04:33 <@vpnHelper> "splitdns" is see http://www.thekelleys.org.uk/dnsmasq/doc.html for dnsmasq, which will let you do split-dns setups 04:33 < hyper_ch> tomato wrt has dnsmasq but I fail to comprehend it 04:36 < prakashkamliya> dazo: krzee: yeah its working adding route command outside of openpvn 04:36 < prakashkamliya> ls 04:36 < krzee> cool 04:38 < hyper_ch> krzee: could you tell me how dnsmasq works? 04:38 < hyper_ch> I fail to see that 04:40 < hyper_ch> tomato gives me a text area field for Dnsmasq Custom configuration 04:46 -!- Rob3Rt [h4x0r@79.133.201.84] has joined #openvpn 04:46 -!- Rob3Rt [h4x0r@79.133.201.84] has quit [Changing host] 04:46 -!- Rob3Rt [h4x0r@unaffiliated/respekt] has joined #openvpn 04:48 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 04:57 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Ping timeout: 252 seconds] 04:58 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 04:59 < prakashkamliya> can we create file in ccd/common-name on fly whenever client connect using some scripting ? 05:03 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has quit [Quit: This computer has gone to sleep] 05:05 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 05:08 <@vpnHelper> RSS Update - forum: Problem with routes 05:20 -!- freaky[t] [alpha@freakyonline.de] has quit [Remote host closed the connection] 05:27 -!- freaky[t] [alpha@freakyonline.de] has joined #openvpn 05:47 <@dazo> prakashkamliya: you can generate ccd alternatives through scripts using a --client-connect script 05:48 <@dazo> From the man page: 05:48 <@dazo> If the script wants to generate a dynamic 05:48 <@dazo> config file to be applied on the server 05:48 <@dazo> when the client connects, it should write 05:48 <@dazo> it to the file named by $1. 05:51 -!- mattock [~samuli@openvpn/corp/admin/mattock] has quit [Ping timeout: 244 seconds] 05:52 * dazo heads out for a couple of hours 05:53 -!- dazo is now known as dazo_afk 05:53 -!- cpm [~Chip@c-71-58-93-57.hsd1.pa.comcast.net] has joined #openvpn 05:53 -!- cpm [~Chip@c-71-58-93-57.hsd1.pa.comcast.net] has quit [Changing host] 05:53 -!- cpm [~Chip@pdpc/supporter/active/cpm] has joined #openvpn 05:56 < prakashkamliya> i have read that but didn't actually got it i wrote following script 05:56 < prakashkamliya> #!/bin/sh 05:56 < prakashkamliya> if [ -n "$1" ] ; then 05:56 < prakashkamliya> echo $1 > /path/tmp.txt 05:56 < prakashkamliya> echo $common_name >> $1 05:56 < prakashkamliya> else 05:56 < prakashkamliya> exit 1 05:56 < prakashkamliya> fi 05:56 < prakashkamliya> but it is not writting common_name to tmp.txt 06:07 -!- buntfalke [~nobody@2001:638:208:fd4f:0:ff:fe00:1088] has joined #openvpn 06:07 -!- buntfalke [~nobody@2001:638:208:fd4f:0:ff:fe00:1088] has quit [Changing host] 06:07 -!- buntfalke [~nobody@unaffiliated/buntfalke] has joined #openvpn 06:09 <@vpnHelper> RSS Update - forum: howto iroute to be added dynamically using client-connet 06:10 -!- cpm [~Chip@pdpc/supporter/active/cpm] has quit [Ping timeout: 244 seconds] 06:40 < prakashkamliya> how can add iroute command for connecting client dynamically using client-connect script 06:40 < prakashkamliya> ? 06:44 -!- arcos9 [arcos9@sar95-1-82-229-92-61.fbx.proxad.net] has joined #openvpn 06:44 < arcos9> hello 06:46 < arcos9> hello, I would like to know how I can secure openvpn in DDoS attacks issued by my members, I do not want a vpn user can send attacks? 06:49 < arcos9> !logs 06:49 <@vpnHelper> "logs" is (#1) is please pastebin your logfiles from both client and server with verb set to 5 or (#2) In Tunnelblick, right-click and select copy to copy log text to clipboard. 06:55 <@vpnHelper> RSS Update - forum: Ubuntu lan-to-lan configuration 06:55 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has quit [Ping timeout: 260 seconds] 06:57 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has joined #openvpn 07:05 -!- dazo_afk is now known as dazo 07:05 -!- beerbro [~gustav@unaffiliated/beerbroy] has quit [Read error: Connection reset by peer] 07:07 <@vpnHelper> RSS Update - forum: RADIUS authentication 07:09 -!- gustav [~gustav@109.75.189.98] has joined #openvpn 07:10 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Quit: Rolybrau] 07:12 -!- Rob3Rt [h4x0r@unaffiliated/respekt] has quit [] 07:23 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 07:25 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 07:42 < BenLue> hiho 07:46 -!- BenLue is now known as S1lv3R 07:54 -!- prakashkamliya [~prakashka@202.131.123.66] has quit [Remote host closed the connection] 07:54 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Remote host closed the connection] 08:02 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 08:04 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 08:08 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 08:16 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 08:19 -!- Reihar [~Reihar@176.31.218.44] has left #openvpn ["WeeChat 0.3.6"] 08:20 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 08:30 -!- s7r [~s7r@openvpn/user/s7r] has left #openvpn [] 08:36 -!- prakashkamliya [~prakashka@202.131.123.66] has joined #openvpn 08:38 < prakashkamliya> dazo: without knowing common name in advance how can i configure ccd dynamically using client-connect script in manual they had written $1 will be name of temporary file but how to get common_name from that file d 08:38 < prakashkamliya> and added it to ccd/common-name file dynamically ? 08:38 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has joined #openvpn 08:39 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has quit [Client Quit] 08:39 <@dazo> prakashkamliya: you got it wrong ... the --client-connect script works differently with $1 .... your script writes the config options to $1 which you would want in the --ccd files ... it replaces the --ccd feature, so to speak 08:39 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has joined #openvpn 08:39 <@dazo> so in your script, just do: echo "iroute $subnet $netmask" >> $1 ... and so on 08:40 <@dazo> what you write to this file ($1) will then be read by openvpn when your script returns (exit 0), just as it would be a ccd file 08:40 < prakashkamliya> and then there would be no requirement of configuring separate file in ccd-folder ? 08:40 <@dazo> correct 08:40 < prakashkamliya> awesome ! 08:41 <@dazo> prakashkamliya: read more carefully the "SCRIPTING AND ENVIRONMENT" section in the man page, and you'll see all the environment variables you'll have available as well ... so you can tweak things even more dynamically on-the-fly 08:43 < prakashkamliya> okay and whatever i have written in that script can i modify it also on fly as once server is configured with --client-connect script.sh file in 08:43 < prakashkamliya> that i have written iroute $subnet $netmask of say one client 08:44 < prakashkamliya> and second client connects so i need to modify script accordingly ? 08:47 <@vpnHelper> RSS Update - forum: I cant access shared fileserver behind my vpnserver || I am very confused || New member posting messages? || I cant ping to open VPN server LAN IP || Client-side bridging || Disabling split tunneling for specific 08:53 <@vpnHelper> RSS Update - forum: private key password verification failed when using file 08:59 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has quit [Remote host closed the connection] 08:59 <@vpnHelper> RSS Update - forum: howto iroute to be added dynamically using client-connet || Routing client internet traffic through server fails. 09:02 -!- buntfalke [~nobody@unaffiliated/buntfalke] has quit [] 09:02 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has quit [Ping timeout: 272 seconds] 09:05 <@vpnHelper> RSS Update - forum: Routing client internet traffic through server fails. 09:10 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has joined #openvpn 09:10 -!- mezgani_ [~mezgani@41.137.254.45] has left #openvpn ["Leaving"] 09:11 -!- p3rror [~mezgani@41.137.254.45] has joined #openvpn 09:13 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has quit [Quit: Leaving] 09:23 -!- c1de0x [~c1de0x@208.111.44.254] has quit [Excess Flood] 09:31 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn 09:31 -!- mode/#openvpn [+v s7r] by ChanServ 09:36 -!- Dweezahr [~Dweezahr@flits102-34.flits.rug.nl] has quit [Read error: Connection reset by peer] 09:36 -!- Dweezahr [~Dweezahr@flits102-34.flits.rug.nl] has joined #openvpn 09:39 -!- Dweezahr [~Dweezahr@flits102-34.flits.rug.nl] has quit [Read error: Connection reset by peer] 09:39 -!- Dweezahr [~Dweezahr@flits102-34.flits.rug.nl] has joined #openvpn 09:46 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 09:50 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 09:57 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 10:04 -!- raaa [~nag@42.79-160-154.customer.lyse.net] has joined #openvpn 10:04 -!- S1lv3R [~Ben@178-83-34-83.dynamic.hispeed.ch] has quit [Read error: Connection reset by peer] 10:05 -!- Yojiro [~Yojiro@gateway/tor-sasl/yojiro] has joined #openvpn 10:05 -!- raa [~nag@42.79-160-154.customer.lyse.net] has quit [Ping timeout: 252 seconds] 10:05 -!- S1lv3R [~Ben@178-83-34-83.dynamic.hispeed.ch] has joined #openvpn 10:05 -!- Yojiro [~Yojiro@gateway/tor-sasl/yojiro] has left #openvpn [] 10:09 <@dazo> prakashkamliya: I suggest you try it out, and use --verb 4 on client and server ... the idea with $1 in the --client-connect script is to generate a client specific config entry (replacement to ccd) on-the-fly in a dynamic way 10:10 <@dazo> or not 'config entry' but rather 'config file' 10:11 -!- noisebleed [~quassel@piggy.inescn.pt] has joined #openvpn 10:11 -!- noisebleed [~quassel@piggy.inescn.pt] has quit [Changing host] 10:11 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has joined #openvpn 10:15 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 10:15 -!- S1lv3R [~Ben@178-83-34-83.dynamic.hispeed.ch] has quit [Read error: Connection reset by peer] 10:17 -!- S1lv3R [~Ben@178-83-34-83.dynamic.hispeed.ch] has joined #openvpn 10:19 -!- S1lv3R [~Ben@178-83-34-83.dynamic.hispeed.ch] has quit [Read error: Connection reset by peer] 10:20 -!- S1lv3R [~Ben@178-83-34-83.dynamic.hispeed.ch] has joined #openvpn 10:20 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Read error: Operation timed out] 10:21 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 10:21 -!- scampbell [~scampbell@c-98-224-240-62.hsd1.mi.comcast.net] has joined #openvpn 10:31 <@dazo> [OT] havoc, hyper_ch, krzee: you gotta see these ones ... http://nakedsecurity.sophos.com/2012/01/31/viruses-hacking-tv-movies/ (including the "Bones" video which only got a link) 10:33 < hyper_ch> dazo: hehehe :) 10:33 < hyper_ch> dazo: fighting malware is one thing 10:34 < hyper_ch> but they can crack encryption in a matter of minutes 10:36 <@dazo> (but the Matrix' sshnuke was actually a plausible SSH scenario at that time ... I remember that being discussed around that time and someone even pointed at a real CVE making sshnuke very plausible) 10:37 -!- APTX [APTX@unaffiliated/aptx] has quit [Read error: Connection reset by peer] 10:37 -!- APTX [APTX@unaffiliated/aptx] has joined #openvpn 10:39 -!- S1lv3R [~Ben@178-83-34-83.dynamic.hispeed.ch] has quit [Ping timeout: 245 seconds] 10:40 -!- S1lv3R [~Ben@178-83-34-83.dynamic.hispeed.ch] has joined #openvpn 10:43 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 10:44 < hyper_ch> Shouldn't Bruce Schneier be Neo? 10:45 <@dazo> hyper_ch: he isn't? 10:45 < hyper_ch> well, they used Keanu Reeves 10:45 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 10:46 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has joined #openvpn 10:46 <@dazo> hyper_ch: oh, I talked about real-life ... everyone knows movies aren't for real! ;-) 10:50 -!- `Ile` [~Ile@kaniserver.net] has quit [Remote host closed the connection] 10:52 < hyper_ch> hehehe 10:53 < hyper_ch> I guess you like the bruce schneier fact page? 11:03 <@dazo> Bruce has some good views on security, that's for sure ... but I use other sources as well :) 11:04 < hyper_ch> well, he once said the only effecitve security measure introduced for airplane security since 9/11 was reinforced doors to the cockpit 11:04 < hyper_ch> everything else is just make-believe security 11:04 <@dazo> and I completely agree 11:05 <@dazo> why wouldn't it be possible to bring some nasty/dangerous fluids into an airport into 10 x 100ml bottles vs a single 1l bottle? 11:06 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 11:06 < EugeneKay> "Because fuck you, that's why." 11:06 <@dazo> that's just the cartels like Pepsi Co and Coca Cola who managed to do that so that people would buy more once you're on the inside 11:07 < EugeneKay> You couldn't be more wrong. 11:08 < EugeneKay> It's the theatre of security. If the public feels like they're being subjected to oppressive security measures, then they'll think the terrists have no chance. 11:08 <@dazo> if I'm going on a "not so important flight" ... I'll bring 10 empty 100ml bottles ... and a filled up 0.5l bottle. If I'm stopped, I'll poor the 0.5l into those small ones and continue 11:08 < EugeneKay> Unfortunately, it's very much a case of "closing the barn door after the cow ran off" 11:08 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 11:08 <@dazo> exactly 11:09 < EugeneKay> But I assure you, pepsi & coke had nothing to do with it 11:12 < hyper_ch> dazo: why blow up a plane 11:12 < hyper_ch> if when you can do much more damage at the endless waiting security check crowds 11:13 < hyper_ch> you don't even need to be carefull until you're there 11:13 < EugeneKay> Like I said, theatre. 11:13 < hyper_ch> make-believe security 11:15 <@dazo> EugeneKay: well, but they surely earns on it ;-) 11:15 * dazo is in a conspiracy mood today :-P 11:15 < EugeneKay> I BET THEY DIDNT EVEN LAND ON THE MOON 11:16 < hyper_ch> the russians and nazis did 11:17 < hyper_ch> I've seen it on youtube that the nazis are preparing to comming back to earth soon 11:17 -!- bscrx [~bscrx@m5.mullvad.net] has joined #openvpn 11:18 < hyper_ch> EugeneKay: https://www.youtube.com/watch?v=BHRyGGrTfxY&feature=fvwrel 11:18 <@vpnHelper> Title: Iron Sky Teaser 3 - We Come In Peace! - YouTube (at www.youtube.com) 11:19 < EugeneKay> Sounds legit. 11:20 -!- S1lv3R [~Ben@178-83-34-83.dynamic.hispeed.ch] has left #openvpn [] 11:20 -!- S1lv3R [~Ben@178-83-34-83.dynamic.hispeed.ch] has joined #openvpn 11:20 -!- rooth_ [rooth@ge.mig.en.redfox.nu] has joined #openvpn 11:20 -!- MikeW_ [~MW@ks35441.kimsufi.com] has joined #openvpn 11:20 -!- morsik_ [morsik@darkserver.it] has joined #openvpn 11:20 -!- rob0_ [rob0@harrier.slackbuilds.org] has joined #openvpn 11:21 -!- tekzilla_ [~jon@hmbg-5f765ebc.pool.mediaWays.net] has joined #openvpn 11:21 -!- Essobi_ [~Essobi@74-133-160-231.dhcp.insightbb.com] has joined #openvpn 11:22 -!- oc80z [oc80z@blea.ch] has quit [Excess Flood] 11:22 -!- oc80z [oc80z@blea.ch] has joined #openvpn 11:24 -!- rob0_ [rob0@harrier.slackbuilds.org] has quit [Changing host] 11:24 -!- rob0_ [rob0@pdpc/valentine/postfixninja/rob0] has joined #openvpn 11:24 -!- S1lv3R [~Ben@178-83-34-83.dynamic.hispeed.ch] has quit [Read error: Connection reset by peer] 11:24 -!- prg3 [~prg3@chatter.majestik.org] has quit [Ping timeout: 244 seconds] 11:24 -!- EvilJStoker [jstoker@unaffiliated/jstoker] has quit [Ping timeout: 244 seconds] 11:24 -!- morsik [morsik@darkserver.it] has quit [Ping timeout: 244 seconds] 11:24 -!- Dweezahr [~Dweezahr@flits102-34.flits.rug.nl] has quit [Ping timeout: 244 seconds] 11:24 -!- tekzilla [~jon@hmbg-5f765ebc.pool.mediaWays.net] has quit [Ping timeout: 244 seconds] 11:24 -!- luckman212 [~irc@pool-108-41-8-176.nycmny.fios.verizon.net] has quit [Ping timeout: 244 seconds] 11:24 -!- rob0 [rob0@pdpc/valentine/postfixninja/rob0] has quit [Ping timeout: 244 seconds] 11:24 -!- MikeW [~MW@ks35441.kimsufi.com] has quit [Ping timeout: 240 seconds] 11:24 -!- rooth [rooth@ge.mig.en.redfox.nu] has quit [Ping timeout: 240 seconds] 11:24 -!- Obscurax [~bscrx@m5.mullvad.net] has quit [Ping timeout: 240 seconds] 11:24 -!- Essobi [~Essobi@74-133-160-231.dhcp.insightbb.com] has quit [Ping timeout: 240 seconds] 11:25 -!- rob0_ is now known as rob0 11:25 -!- MikeW_ is now known as Guest81506 11:25 -!- luckman212 [~irc@pool-108-41-8-176.nycmny.fios.verizon.net] has joined #openvpn 11:25 -!- prg3 [~prg3@chatter.majestik.org] has joined #openvpn 11:27 -!- S1lv3R [~Ben@178-83-34-83.dynamic.hispeed.ch] has joined #openvpn 11:28 -!- EvilJStoker [jstoker@unaffiliated/jstoker] has joined #openvpn 11:33 -!- BenLue [~Ben@178-83-34-83.dynamic.hispeed.ch] has joined #openvpn 11:33 -!- S1lv3R [~Ben@178-83-34-83.dynamic.hispeed.ch] has quit [Ping timeout: 245 seconds] 11:35 -!- noisebleed_ [~quassel@piggy.inescn.pt] has joined #openvpn 11:37 -!- mick_laptop [~mick@mickweiss.com] has quit [Ping timeout: 255 seconds] 11:37 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has quit [Ping timeout: 276 seconds] 11:39 -!- dazo is now known as dazo_afk 11:42 -!- BenLue is now known as S1lv3R 11:42 <@vpnHelper> RSS Update - forum: [Help] Cannot connect to vpn. 11:43 < S1lv3R> Question. I start OpenVPN Client as service (auto) When i start, login isnt working... Anyone Ideas? 11:44 -!- mick_laptop [~mick@mickweiss.com] has joined #openvpn 11:48 -!- MeanderingCode [~Meanderin@97-123-4-4.albq.qwest.net] has joined #openvpn 11:51 -!- mikkel [~mikkel@80-71-132-15.u.parknet.dk] has joined #openvpn 11:52 < S1lv3R> hello? 11:53 < hyper_ch> gremlinx 11:54 < hyper_ch> s/x/s/ 11:58 < S1lv3R> (o; 11:58 < S1lv3R> you are familiar with openvpn as Windowsservices ? 12:01 < hyper_ch> s/Windows/*nix/ 12:01 < hyper_ch> and you'll be much happier :) 12:05 < S1lv3R> ok im on the PC via Teamviever from my wifes Mother 12:05 < S1lv3R> I have installed Ovpn as Services 12:06 < S1lv3R> Service starts now Automatic but wenn i start the client dount connect my Server 12:06 < S1lv3R> You know whats wrong? 12:07 < S1lv3R> Ore i have forget some settings? 12:09 < S1lv3R> hyper_ch 12:10 < hyper_ch> don't ask me 12:10 < hyper_ch> on linux you just create an init script 12:10 < hyper_ch> or rather the distro already comes with one 12:10 < S1lv3R> (o; 12:10 < S1lv3R> okay 12:10 < hyper_ch> and then you put a bunch of *conf files into /etc/openvpn/ 12:10 < hyper_ch> and it loads them automagically at startup 12:14 -!- emmanuelux [~emmanuel@2a01:e35:2e4d:9010:21d:60ff:fe0e:b818] has quit [Quit: @+] 12:15 -!- emmanuelux [~emmanuel@2a01:e35:2e4d:9010:21d:60ff:fe0e:b818] has joined #openvpn 12:16 -!- noisebleed_ [~quassel@piggy.inescn.pt] has quit [Remote host closed the connection] 12:25 -!- Guest_ [~textual@99-126-226-157.lightspeed.dllstx.sbcglobal.net] has joined #openvpn 12:27 -!- Guest_ [~textual@99-126-226-157.lightspeed.dllstx.sbcglobal.net] has left #openvpn [] 12:27 -!- KeatonTa [~textual@99-126-226-157.lightspeed.dllstx.sbcglobal.net] has joined #openvpn 12:27 < KeatonTa> I don't understand why openvpn is not working. 12:28 < hyper_ch> it works 12:28 < hyper_ch> coincidentally I use it for the irc connection.... 12:28 < hyper_ch> q.e.d. 12:30 < KeatonTa> I just keep having an issue with openvpn config. 12:30 <@vpnHelper> RSS Update - forum: Problem with routes || User Auth for VPN 12:30 -!- Denial [Denial@drgi.co.uk] has joined #openvpn 12:31 * hyper_ch points to channel topic 12:32 < KeatonTa> Yea. I'm actually typing out my issue. 12:33 < KeatonTa> It's kinda long so I decided to make a forum post. 12:33 < KeatonTa> I'll post the link once I get it done. 12:47 < KeatonTa> TLS handshake failed.... 12:48 < KeatonTa> I hate this error message. 12:48 <@ecrist> !logs 12:48 <@vpnHelper> "logs" is (#1) is please pastebin your logfiles from both client and server with verb set to 5 or (#2) In Tunnelblick, right-click and select copy to copy log text to clipboard. 12:52 < KeatonTa> http://pastebin.com/pTxwD06t 12:52 < KeatonTa> ^^ Log 12:53 < KeatonTa> http://pastebin.com/gigBA12Q 12:54 < KeatonTa> ^^ server1.conf 12:54 <@ecrist> why are you running 2.2.0? 12:54 < KeatonTa> It is open vpn inside of pfSense 12:55 <@ecrist> geh 12:55 <@ecrist> I though pfSense was using snapshots 12:56 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 260 seconds] 12:56 < KeatonTa> I don't mean to sound ignorant, but I do remember that term being used. 12:56 < KeatonTa> I don't know what it exactly means. 12:56 <@ecrist> development snapshots 12:56 <@ecrist> two years ago scott started rolling those into pfsense, I thought 12:57 <@ecrist> try removing the tls-auth lines from both server and client 12:57 <@ecrist> see if that works 12:58 < pwrcycle> pfSense does work with openvpn. a friend of mine successfully set it up a few months ago. 12:59 < KeatonTa> Yea actually it was working just fine a few days ago. 12:59 < KeatonTa> Then I tried to up the encryption type to AES-256-CBC and all hell broke loose. 13:00 < KeatonTa> I even attempted a fresh install of pfSense and reconfiguring everything but still no go. 13:01 < KeatonTa> ecrist now I'm getting TLS Error: Unroutable control packet received from xxx.xxx.xxx.xxx:1194 (si=3 op=P_CONTROL_V1) 13:07 < KeatonTa> :/ 13:11 < S1lv3R> Its working now 13:12 < S1lv3R> But Next Question is how must i configure my NIC 13:12 < S1lv3R> For Windows DC i need Static ip 13:13 < S1lv3R> im right? 13:22 -!- buntfalke [~nobody@unaffiliated/buntfalke] has joined #openvpn 13:25 < S1lv3R> Im on the DC via ovpn, when i share some files, its normal Upload with 250kb/s 13:25 < S1lv3R> The file is 1,3 gb both ISP < 3000mbits Upload 13:25 < S1lv3R> ? 13:26 < S1lv3R> All Traffic goes over the ovpn Server 13:30 < KeatonTa> oh well.... 13:33 < S1lv3R> its not good= 13:33 < S1lv3R> ? 13:33 -!- p3rror [~mezgani@41.137.254.45] has quit [Ping timeout: 272 seconds] 13:33 -!- KeatonTa [~textual@99-126-226-157.lightspeed.dllstx.sbcglobal.net] has quit [Quit: Textual IRC Client: http://www.textualapp.com/] 13:49 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 13:49 * ScriptFanix is still wondering what DC stands for 13:50 < hyper_ch> District of Columbia 13:51 < ScriptFanix> oh that would be Domain Controller 13:52 < ScriptFanix> i was guessing DataCenter but didn't make sense :) 13:52 < ScriptFanix> it* 14:09 < reiffert> Direct Current? 14:09 -!- ePlus` [~zuma@217.28.6.95] has joined #openvpn 14:09 < ePlus`> hello al 14:09 < ePlus`> *all 14:10 < reiffert> Ah no, Desktop Calculator. 14:10 < ePlus`> is it common to loose your config after a reboot of your openvpnas server built from a OVF vmware template? 14:11 < ePlus`> do you have to specify a save of the config after you have built and configured the AS? 14:11 < reiffert> ePlus`: AS? 14:11 < reiffert> !as 14:11 <@vpnHelper> "as" is please go to #OpenVPN-AS for help with Access-Server 14:11 < ePlus`> oh 14:11 < ePlus`> sorry guys 14:11 < ePlus`> thought #openvpnas 14:11 < reiffert> welcome 14:25 -!- JackWinter [~jack@ppp-289.vo.lu] has quit [Quit: Konversation terminated!] 14:30 -!- JackWinter [~jack@ppp-289.vo.lu] has joined #openvpn 14:43 -!- kingkong1 [~kingkong@178.73.221.156] has joined #openvpn 14:43 < kingkong1> !welcome 14:43 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 14:44 < kingkong1> !goal 14:44 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc 14:46 < kingkong1> !paste 14:46 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into pastebin or a similar website, or (#2) ie: www.pastebin.ca 14:47 < kingkong1> !sample 14:47 <@vpnHelper> "sample" is (#1) http://www.ircpimps.org/openvpn.configs for a working sample config or (#2) DO NOT use these configs until you understand the commands in them, read up on each first column of the configs in the manpage (see !man) or (#3) these configs are for a basic multi-user vpn, which you can then build upon to add lans or internet redirecting 14:50 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has quit [] 14:50 < kingkong1> hi, can somebody help me with this? http://pastebin.com/0ZRkePJe 15:24 -!- kingkong1 [~kingkong@178.73.221.156] has quit [] 15:29 -!- morsik_ is now known as morsik 15:44 -!- lakewood [~user@99-45-120-223.lightspeed.cicril.sbcglobal.net] has quit [Remote host closed the connection] 16:03 -!- Denial [Denial@drgi.co.uk] has quit [] 16:12 -!- lakewood [~user@99-45-120-223.lightspeed.cicril.sbcglobal.net] has joined #openvpn 16:23 <@vpnHelper> RSS Update - forum: Can OV server be configured to use PSK (ie passphrase)? 16:28 -!- mikkel [~mikkel@80-71-132-15.u.parknet.dk] has quit [Quit: Leaving] 16:28 -!- scampbell [~scampbell@c-98-224-240-62.hsd1.mi.comcast.net] has quit [Remote host closed the connection] 16:35 -!- defsdoor [~andy@cpc17-sutt4-2-0-cust175.perr.cable.virginmedia.com] has quit [Quit: Ex-Chat] 16:36 -!- Obscurax [~bscrx@83.101.80.145] has joined #openvpn 16:39 -!- bscrx [~bscrx@m5.mullvad.net] has quit [Ping timeout: 245 seconds] 16:46 -!- rmk [rmk@unaffiliated/rmk] has joined #openvpn 16:49 -!- Obscurax [~bscrx@83.101.80.145] has quit [Ping timeout: 240 seconds] 16:53 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has quit [Remote host closed the connection] 17:05 -!- nonotza [~nonotza@50-57-234-249.static.cloud-ips.com] has joined #openvpn 17:07 -!- buntfalke [~nobody@unaffiliated/buntfalke] has quit [] 17:14 -!- Obscurax [~bscrx@83.101.80.145] has joined #openvpn 17:15 -!- fremo [~fremo@noc.toile-libre.net] has quit [Read error: Connection reset by peer] 17:15 -!- fremo [~fremo@noc.toile-libre.net] has joined #openvpn 17:32 -!- bscrx [~bscrx@83.101.80.145] has joined #openvpn 17:34 -!- Obscurax [~bscrx@83.101.80.145] has quit [Ping timeout: 240 seconds] 17:38 -!- bscrx [~bscrx@83.101.80.145] has quit [Ping timeout: 244 seconds] 17:45 -!- Denial [Denial@drgi.co.uk] has joined #openvpn 17:48 -!- Kateon [482392@xs8.xs4all.nl] has quit [Ping timeout: 252 seconds] 17:49 -!- Kateon [482392@xs8.xs4all.nl] has joined #openvpn 17:57 -!- Kateon [482392@xs8.xs4all.nl] has quit [Ping timeout: 260 seconds] 17:58 -!- Kateon [482392@xs8.xs4all.nl] has joined #openvpn 18:00 -!- dvl [~dan@nyi.unixathome.org] has quit [Changing host] 18:00 -!- dvl [~dan@pdpc/supporter/active/dvl] has joined #openvpn 18:05 -!- tekzilla_ [~jon@hmbg-5f765ebc.pool.mediaWays.net] has quit [Ping timeout: 248 seconds] 18:07 -!- tekzilla [~jon@hmbg-4d06cf56.pool.mediaWays.net] has joined #openvpn 18:07 -!- p3rror [~mezgani@41.140.46.155] has joined #openvpn 18:10 -!- krzee [nobody@openvpn/community/support/krzee] has quit [Quit: This computer has gone to sleep] 18:13 -!- master_of_master [~master_of@p57B53038.dip.t-dialin.net] has quit [Ping timeout: 248 seconds] 18:18 -!- krzee [nobody@openvpn/community/support/krzee] has joined #openvpn 18:20 -!- master_of_master [~master_of@p57B53923.dip.t-dialin.net] has joined #openvpn 18:23 -!- oc80z [oc80z@blea.ch] has quit [Changing host] 18:23 -!- oc80z [oc80z@openvpn/user/oc80z] has joined #openvpn 18:32 -!- s7r [~s7r@openvpn/user/s7r] has left #openvpn [] 18:33 -!- nonotza [~nonotza@50-57-234-249.static.cloud-ips.com] has quit [Quit: nonotza] 18:46 -!- Denial [Denial@drgi.co.uk] has quit [] 18:46 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 18:54 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 19:05 -!- _julian_ [~quassel@hmbg-4d06ac93.pool.mediaWays.net] has joined #openvpn 19:05 -!- _julian [~quassel@hmbg-5f762e4c.pool.mediaWays.net] has quit [Read error: Operation timed out] 19:52 -!- arcos9 [arcos9@sar95-1-82-229-92-61.fbx.proxad.net] has quit [] 20:14 -!- skered [~dereks@c-71-206-246-125.hsd1.pa.comcast.net] has joined #openvpn 20:15 < skered> Currently I have all traffic forwarded over the VPN, what do I need to pass to NOT route a single IP over the VPN? 20:22 < skered> push "ip mask something" 20:22 < skered> I don't know what something should be 20:22 <@ecrist> you can't really do that so well 20:22 -!- Dev0n_ [~Dev0n@host-92-26-113-187.as13285.net] has quit [Read error: Connection reset by peer] 20:23 -!- Dev0n_ [~Dev0n@host-92-26-113-187.as13285.net] has joined #openvpn 20:24 < skered> net_gateway isn't supported by all OSes :/ 20:25 < skered> And I take it Windows isn't one of them? 20:25 < skered> Appears to work on Tunnelblick but not Windows 20:52 -!- dioz is now known as kittonz 20:53 -!- kittonz is now known as kitton 20:57 -!- kitton is now known as dioz 21:05 -!- dxtr [~dxtr@unaffiliated/dxtr] has quit [Ping timeout: 260 seconds] 21:16 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Ping timeout: 276 seconds] 21:57 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 22:14 -!- hwdyki [~hwdyki@unaffiliated/hwdyki] has joined #openvpn 22:16 -!- MeanderingCode [~Meanderin@97-123-4-4.albq.qwest.net] has quit [Remote host closed the connection] 22:17 -!- MeanderingCode [~Meanderin@97-123-4-4.albq.qwest.net] has joined #openvpn 22:20 < hwdyki> i'm intermitently getting 'ERROR: could not read Auth username from stdin' on the client, followed by the client dying. client conf: http://pastebin.com/dji2NQm1, server conf: http://pastebin.com/zY6UhqyR 22:21 < hwdyki> also, sometimes, when the client is started, it does not get handed an IP by the server. i'm using /28 for the tunnel subnet, so i'm guessing it's running out of IPs. is there a way to get openvpn to reclaim unused IPs? 22:28 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Quit: UnterPerro] 22:36 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 22:38 -!- emmanuelux [~emmanuel@2a01:e35:2e4d:9010:21d:60ff:fe0e:b818] has quit [Quit: @+] 22:59 -!- emmanuelux [~emmanuel@2a01:e35:2e4d:9010:21d:60ff:fe0e:b818] has joined #openvpn 23:18 <@vpnHelper> RSS Update - forum: Open VPN expert required 23:24 -!- KaiForce [~chatzilla@adsl-70-228-98-51.dsl.akrnoh.ameritech.net] has joined #openvpn 23:29 -!- emmanuelux [~emmanuel@2a01:e35:2e4d:9010:21d:60ff:fe0e:b818] has quit [Quit: @+] 23:29 -!- atomicfusion1 [~stephen@102-16-237-24.gci.net] has joined #openvpn 23:29 < atomicfusion1> is openvpn 3 being worked on? 23:30 -!- LtHummus [~xbmc@50-78-162-17-static.hfc.comcastbusiness.net] has left #openvpn [] 23:31 -!- emmanuelux [~emmanuel@2a01:e35:2e4d:9010:21d:60ff:fe0e:b818] has joined #openvpn 23:52 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 23:53 -!- lakewood [~user@99-45-120-223.lightspeed.cicril.sbcglobal.net] has quit [Remote host closed the connection] 23:55 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn --- Day changed Wed Feb 01 2012 00:16 < prakashkamliya> is there any parameter like On-demand OpenVPN connection ? 00:16 < prakashkamliya> i mean connection initiates sets up only on demand 00:16 < prakashkamliya> ? 00:16 < prakashkamliya> whenever traffic arrives ? 00:22 < Essobi_> uhh, no 00:23 < prakashkamliya> so it will establishes connection when ever we initiate connection using command ? 00:24 < atomicfusion1> yes 00:24 < atomicfusion1> a connection will be esablished when openvpn is s tarted 00:26 < prakashkamliya> okay..,thanks a lot :) and can you help me in --client-connect script 00:26 < prakashkamliya> ? 00:26 < prakashkamliya> i have one server running with and now i want to add iroute to respective ccd/common name whenever client connects dynamically using --client-connect 00:27 < prakashkamliya> i have written script but how to dynamically add $subnet $netmask of connecting client to that script 00:27 < prakashkamliya> ? 00:32 < atomicfusion1> sorry, i dont know anything about iroute 00:33 < atomicfusion1> they're probably passes as command line arguments, but i dont know in what order 00:33 < atomicfusion1> *passed 00:37 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 00:38 < prakashkamliya> atomicfusion1: okay no probs thanks for help :) 00:40 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 00:41 -!- atomicfusion1 [~stephen@102-16-237-24.gci.net] has quit [Ping timeout: 260 seconds] 00:46 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 00:52 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 00:54 -!- emmanuelux [~emmanuel@2a01:e35:2e4d:9010:21d:60ff:fe0e:b818] has quit [Ping timeout: 240 seconds] 00:55 -!- Ile [~Ile@kaniserver.net] has joined #openvpn 00:57 <@vpnHelper> RSS Update - forum: howto iroute to be added dynamically using client-connet 00:58 -!- simplechat_ [~simplecha@123-243-79-139.static.tpgi.com.au] has joined #openvpn 00:58 -!- simplechat_ [~simplecha@123-243-79-139.static.tpgi.com.au] has quit [Changing host] 00:58 -!- simplechat_ [~simplecha@unaffiliated/simplechat] has joined #openvpn 00:58 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has joined #openvpn 01:03 <@vpnHelper> RSS Update - forum: public ip address assign 01:05 -!- catsup [d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer] 01:05 -!- catsup [~d@ps38852.dreamhost.com] has joined #openvpn 01:06 -!- catsup [~d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer] 01:10 < Sgt_Lemming> sigh, f'ing landlord is apparently trying to dodge fixing the problem properly >_< 01:12 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 01:15 <@vpnHelper> RSS Update - forum: Connection On Demand In OpenVPN ? 01:16 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn 01:17 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 01:29 -!- rooth_ is now known as rooth 01:35 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 01:38 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 01:57 <@vpnHelper> RSS Update - forum: howto iroute to be added dynamically using client-connet 02:03 <@vpnHelper> RSS Update - forum: Connection On Demand In OpenVPN ? || [Help] Cannot connect to vpn. 02:04 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Read error: Operation timed out] 02:04 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 02:10 <@vpnHelper> RSS Update - forum: Default Route on Client Not Working, or MASQ on Server Fails || VPN Connected, but no ping reply 02:16 <@vpnHelper> RSS Update - forum: VPN Connected, but no ping reply 02:16 -!- Denial [Denial@drgi.co.uk] has joined #openvpn 02:20 -!- SuperPhly [~superphly@r74-192-223-20.bcstcmta02.clsttx.tl.dh.suddenlink.net] has quit [Ping timeout: 255 seconds] 02:22 < Mowee> Morning 02:25 < Ile> morning 02:25 -!- Ile is now known as `Ile` 02:28 -!- prakashkamliya [~prakashka@202.131.123.66] has quit [Ping timeout: 276 seconds] 02:42 -!- p3rror [~mezgani@41.140.46.155] has quit [Ping timeout: 260 seconds] 02:52 -!- dazo_afk is now known as dazo 03:01 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Quit: UnterPerro] 03:27 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn 03:27 -!- mode/#openvpn [+v s7r] by ChanServ 03:39 <@vpnHelper> RSS Update - forum: Need IPv6 code in mroute_extract_addr_from_packet || Client can connect but has no access to the Internet || Running more than one vps with one ca.crt on client 03:40 -!- ePlus` [~zuma@217.28.6.95] has left #openvpn [] 03:41 -!- JackyAlcine [~desktop@sii/jackyalcine] has joined #openvpn 03:42 -!- _julian_ [~quassel@hmbg-4d06ac93.pool.mediaWays.net] has quit [Ping timeout: 255 seconds] 03:44 -!- defsdoor [~andy@cpc17-sutt4-2-0-cust175.perr.cable.virginmedia.com] has joined #openvpn 03:44 <@vpnHelper> RSS Update - forum: There is a problem in your selection of --ifconfig endpoints || Need IPv6 code in mroute_extract_addr_from_packet 03:45 < JackyAlcine> !welcome 03:45 < JackyAlcine> How do I connect to a VPN that provides no authentication? 03:45 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 03:46 -!- _julian [~quassel@hmbg-4d06e7b6.pool.mediaWays.net] has joined #openvpn 03:50 < hwdyki> !howto 03:50 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror 03:50 <@vpnHelper> RSS Update - forum: Disable TAP version check, how? 03:51 -!- JackyAlcine [~desktop@sii/jackyalcine] has quit [Remote host closed the connection] 04:05 -!- Deathvalley122 [~Death@localtel.eagleits.net] has quit [Excess Flood] 04:08 -!- Deathvalley122 [~Death@localtel.eagleits.net] has joined #openvpn 04:11 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has quit [Quit: This computer has gone to sleep] 04:13 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has joined #openvpn 04:27 -!- mcp [~mcp@wolk-project.de] has quit [Read error: Operation timed out] 04:27 -!- reiffert [~thomas@mail.reifferscheid.org] has quit [Read error: Operation timed out] 04:28 -!- _zero__ [~zero@noc.toile-libre.net] has joined #openvpn 04:28 -!- reiffert [~thomas@mail.reifferscheid.org] has joined #openvpn 04:29 -!- _zero_ [~zero@noc.toile-libre.net] has quit [Read error: Operation timed out] 04:29 -!- mcp [~mcp@wolk-project.de] has joined #openvpn 04:31 <@vpnHelper> RSS Update - forum: VPN Connected, but no ping reply || Default Route on Client Not Working, or MASQ on Server Fails || Can VPN Services Provide End to End Encryption? 04:36 <@vpnHelper> RSS Update - forum: Amazon EC2 "PING: Transmit Failed, error code 1232." || Frequent hang ups. || How to show my router external ip only || Installing VPN Client on Windows2003 Server not working || Site to site || Open VPN not connecting 04:40 -!- dxtr [1bfa1e7c@host-88-80-29-36.cust.prq.se] has joined #openvpn 04:40 -!- dxtr [1bfa1e7c@host-88-80-29-36.cust.prq.se] has quit [Changing host] 04:40 -!- dxtr [1bfa1e7c@unaffiliated/dxtr] has joined #openvpn 04:45 -!- hwdyki [~hwdyki@unaffiliated/hwdyki] has quit [Quit: hwdyki] 05:07 <@vpnHelper> RSS Update - forum: Need Help Server config for this client config. 05:48 -!- p3rror [~mezgani@41.137.254.45] has joined #openvpn 06:11 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 06:13 <@vpnHelper> RSS Update - forum: Remove routes when there is no connection w/ the peer 06:52 -!- RageCage [~RageCage@ssh.studentnatet.se] has quit [Ping timeout: 252 seconds] 06:53 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has left #openvpn [] 06:55 <@vpnHelper> RSS Update - forum: Site-to-Site Tunnel/IP masquerade question. 06:56 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has joined #openvpn 06:59 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Quit: UnterPerro] 07:01 <@vpnHelper> RSS Update - forum: How to show my router external ip only || How many conf files? 07:03 -!- RageCage [~RageCage@ssh.studentnatet.se] has joined #openvpn 07:07 <@vpnHelper> RSS Update - forum: Fully routed and partially routed connection profiles? || Remove routes when there is no connection w/ the peer || Connect Virtual dos mach. by VPN via remote pc to dos hub 07:12 -!- Diffen [~diffen@78-69-119-137-no42.tbcn.telia.com] has joined #openvpn 07:13 <@vpnHelper> RSS Update - forum: Disabling auth with "auth none" disables HMAC firewall too? || OPENVPN Works from States, not Europe 07:20 <@vpnHelper> RSS Update - forum: I cant ping to open VPN server LAN IP || Site to site 07:26 <@vpnHelper> RSS Update - forum: private key password verification failed when using file || Using tap mode without ethernet bridging on server side. || Problem with routes || Need help with OpenVPN 07:27 -!- morsik [morsik@darkserver.it] has left #openvpn [] 07:28 -!- Denial [Denial@drgi.co.uk] has quit [] 07:32 <@vpnHelper> RSS Update - forum: Can OV server be configured to use PSK (ie passphrase)? 07:33 -!- Denial [Denial@drgi.co.uk] has joined #openvpn 07:38 <@vpnHelper> RSS Update - forum: Disabling split tunneling for specific users? || public ip address assign || Could not execute openvpn, are you sure OpenVPN is installed 07:44 <@vpnHelper> RSS Update - forum: Empty log for Global stats and time conencted error || Hide ip and showed router ip 07:48 -!- ravel_exe [ravel_exe@175.142.201.214] has joined #openvpn 07:55 < S1lv3R> distinction between the two iptables -A INPUT -p gre -j ACCEPT and iptables -A INPUT -p 47 -j ACCEPT 07:56 < S1lv3R> ? 07:58 -!- gustav is now known as beerbro 08:00 -!- luckman212 [~irc@pool-108-41-8-176.nycmny.fios.verizon.net] has quit [Remote host closed the connection] 08:06 -!- JackWinter [~jack@ppp-289.vo.lu] has quit [Remote host closed the connection] 08:08 -!- Axeman [~Axeman3@198.105.46.46] has joined #openvpn 08:08 -!- Axeman [~Axeman3@198.105.46.46] has quit [Changing host] 08:08 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 08:08 -!- mode/#openvpn [+v Axeman] by ChanServ 08:08 < rob0> Since openvpn does not use GRE, it would appear that you are asking in the wrong channel. But to save time (I am in #Netfilter also), I'll answer: the former uses nsswitch services(5) name resolution to resolve the port name. The rules are the same. 08:09 < rob0> Offer void where taxed or prohibited, or where you have a system with a wrong/broken /etc/services or /etc/nsswitch.conf file. 08:09 -!- JackWinter [~jack@ppp-289.vo.lu] has joined #openvpn 08:17 -!- skered [~dereks@c-71-206-246-125.hsd1.pa.comcast.net] has left #openvpn [] 08:19 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Quit: Sorry Gotta Run!] 08:40 < S1lv3R> can i use ovpn with 2 NICs? 08:40 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 248 seconds] 08:41 -!- takamichi [~pri@217.23.4.104] has joined #openvpn 08:45 -!- ravel_exe [ravel_exe@175.142.201.214] has quit [] 08:46 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has joined #openvpn 08:49 -!- emmanuelux [~emmanuel@2a01:e35:2e4d:9010:21d:60ff:fe0e:b818] has joined #openvpn 08:50 < S1lv3R> Ping from my Server to Client works, but in the same Network i cant Ping from my Client1 to Client2! Anyone ideas? 08:51 < S1lv3R> Home Network 192.168.2.0 VPN Networ 10.8.0.0 09:02 -!- S1lv3R [~Ben@178-83-34-83.dynamic.hispeed.ch] has quit [Read error: Connection reset by peer] 09:03 -!- S1lv3R [~Ben@178-83-34-83.dynamic.hispeed.ch] has joined #openvpn 09:08 <@vpnHelper> RSS Update - forum: Problem with routes 09:11 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Remote host closed the connection] 09:22 -!- takamichi [~pri@217.23.4.104] has quit [Ping timeout: 245 seconds] 09:22 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 09:26 <@ecrist> S1lv3R: --client-to-client 09:28 < S1lv3R> ecrist im on the same Network with my Client2 09:30 -!- dels [~dels@unaffiliated/dels] has joined #openvpn 09:31 < S1lv3R> ok i have find the trouble *push "route 192.168.2.0 255.255.255.0"* was the magic word 09:31 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 09:32 -!- Diffen [~diffen@78-69-119-137-no42.tbcn.telia.com] has quit [Quit: This computer has gone to sleep] 09:38 <@ecrist> S1lv3R: by default, openvpn doesn't allow clients to talk to eachother over the vpn 09:39 < S1lv3R> ecrist openvpn supports connection listenings? 09:39 < S1lv3R> ore i can find it only in the logfile? 09:40 <@ecrist> no idea what you're talking about 09:41 < S1lv3R> Ex: openvpn list connections 09:41 < hyper_ch> hi there 09:41 <@ecrist> you gather that from the status log 09:41 < S1lv3R> Connectio from 123.45.67.89 09:41 < S1lv3R> ahh ok 09:55 < dels> hi 09:57 < dels> i have client-to-client flag set and i am using a tap device. on the server a radvd is running providing router advertisements. if client a pings client b it works fine using lla oder global scope addresses. but if i start tcpdump on the servers tap0 device he dosnt see the pings. i think its because openvpn just routes the traffic in the userspace. 09:57 < dels> but i want to see all clients communication on the servers tap device using tcpdump and other tools 09:58 < dels> is there any way to get openvpn routing all ipv6 communication through the kernelspace so i can monitor alle the things happening? 10:12 -!- Oren [~Oren@82.80.132.242] has joined #openvpn 10:13 < Oren> !route 10:14 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT or (#3) See !tcpip for more info about a more basic networking guide 10:16 -!- rkantos [~robin2@109.169.55.199] has joined #openvpn 10:16 -!- `Ile` [~Ile@kaniserver.net] has quit [Quit: KVIrc 4.1.3 Equilibrium http://www.kvirc.net/] 10:20 <@vpnHelper> RSS Update - forum: free radius openvpn 10:22 < dels> Oren: i have an ipv6 network and its not a routing problem on layer 3, its a problem how openvpn handles traffic. 10:22 < dels> i cant eavesdrop traffic between clients… 10:22 -!- gladiatr [~sdspence@135.15.124.24.cm.sunflower.com] has joined #openvpn 10:22 -!- gladiatr [~sdspence@135.15.124.24.cm.sunflower.com] has quit [Changing host] 10:22 -!- gladiatr [~sdspence@openvpn/community/support/gladiatr] has joined #openvpn 10:22 < dels> but id like to 10:26 -!- luckman212 [~irc@pool-108-41-8-176.nycmny.fios.verizon.net] has joined #openvpn 10:28 < Oren> dels - are you talking with me? :) 10:29 < Oren> hi, i have 2 sites, A and B, A has 192.168.0.0, B has 10.0.0.0. both gateways are at X.X.X.1 , i installed openvpn client on B (10.0.0.10), which connected to the gateway in site A, till now everything is working 10:29 < Oren> the problem begins when trying to access from another machine located in B, 10.0.0.9 10:29 < Oren> the packets arrive to the gateway (10.0.0.1), i created static routes which forward it back to 10.0.0.10 (the vpn client machine) 10:29 < Oren> the vpn client machine gets the packet on eth0, but doesnt transfer it to tun1 (leg of the vpn in subnet 192.168.0.X) 10:29 < dels> Oren: i thought your !route was ment as an answer to my question 10:38 <@vpnHelper> RSS Update - forum: Site-to-Site Tunnel/IP masquerade question. 10:38 -!- scampbell [~scampbell@mail.scampbell.net] has joined #openvpn 10:41 < rob0> dels, Oren joined the channel after you did, and could not have seen your question. 10:47 < jeev> rob0 is following me 10:57 -!- dels [~dels@unaffiliated/dels] has quit [Quit: Leaving.] 11:06 -!- simplechat_ [~simplecha@unaffiliated/simplechat] has quit [Remote host closed the connection] 11:14 -!- degrees [~degrees@85.113.41.238] has joined #openvpn 11:14 < degrees> hi there 11:15 -!- lakewood [~user@99-45-120-223.lightspeed.cicril.sbcglobal.net] has joined #openvpn 11:15 < degrees> i need help 11:16 < prg3> Asking a good question is the first step on a path to enlightenment :) 11:17 < degrees> I have OpenVPN 2.2.2 installed on win 2008 r2 standart. if i use netstat command i can't see open 1194 port, which writen in my config. Service is started, but network connection which for tap win32 adapter don't work correctly, because not connected. In win 2003 it worked all rigth. I add in windows firewall rule which mske 1194 port is open - don't work and then disable firewall - don't work. Sorry for bad english. i can't find answer in my own languag 11:17 < degrees> e, help me please. 11:18 -!- Axeman2 [~Axeman3@198.105.46.46] has joined #openvpn 11:18 -!- Axeman2 [~Axeman3@198.105.46.46] has quit [Changing host] 11:18 -!- Axeman2 [~Axeman3@openvpn/user/axeman] has joined #openvpn 11:18 -!- mode/#openvpn [+v Axeman2] by ChanServ 11:19 < degrees> hi 11:19 -!- Axeman2 [~Axeman3@openvpn/user/axeman] has left #openvpn [] 11:20 < prg3> degrees: Personally I only run the servers on OpenBSD or Linux, so I have no ideas on the Windows side. 11:21 < degrees> (( 11:23 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has quit [Ping timeout: 240 seconds] 11:24 < degrees> If netstat shows that there is no open ports, it may mean that the service does not start? 11:24 < prg3> that could be an indication of that.. could be the config is set to bind to the wrong IP address? Are there any logs 11:24 <@vpnHelper> RSS Update - forum: Supprting more then on client connection to the same server || Empty log for Global stats and time conencted error 11:28 < degrees> Now no, I'm at home, at work, everything is 11:28 < prg3> I'd go digging in the logs, sometimes helpful.. but I understand not checking logs on Windows :) 11:30 < degrees> good idea, he had not, take a look tomorrow at the server log 11:30 <@vpnHelper> RSS Update - forum: network problems after enabling dynamic IP feature || network issue after enabling dynamic IPs 11:32 < prg3> I'm a Unix guy, but dealing with Windows I've lost my "check the logs" because windows logs tend to be useless 11:32 <@ecrist> openvpn logging is the same on windows and unix 11:34 < degrees> I mean openvpn log 11:35 < prg3> ecrist: I'm sure.. I'm just talking the general state of logging on Windows makes me forget that decent services still have decent logs :) 11:36 < degrees> )) 11:36 <@vpnHelper> RSS Update - forum: I connect but I see the network || Open VPN don't work 11:37 < S1lv3R> ecrist i need add new client! I must only create new client with ./build-key ClientX ? 11:37 < degrees> it's my topic ) 11:37 < S1lv3R> ^^ 11:37 <@ecrist> S1lv3R: yes 11:37 <@ecrist> it's covered in the howto, S1lv3R 11:39 < degrees> link please 11:40 < S1lv3R> lol okay that was a trouble. I was using ./clear-all 11:40 < S1lv3R> degrees log servers/CompanyServ/logs/Server.log 11:41 < degrees> don't understand ) 11:42 < S1lv3R> i think its the wrong path 11:42 < degrees> ) 11:43 < degrees> I thought it was on my problem 11:44 < S1lv3R> i dount know! Try look likes key "E:\\Programme\\OpenVPN\\config\\ben.key" 11:44 < S1lv3R> i hope its working 11:46 < S1lv3R> Windoofs likes this Pathstyle 11:47 -!- dazo is now known as dazo_afk 11:49 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has joined #openvpn 11:49 < S1lv3R> and change your log path to log "C:\\Programm Files\\OpenVPN\\LOGS\\Server.log" Dount forget the "s 11:49 -!- Guest81506 [~MW@ks35441.kimsufi.com] has left #openvpn [] 11:50 < S1lv3R> all path in your conf files 11:53 < degrees> my conf file work at win 2003 32 bit, but does not work in win 2008 r2 64 bit 11:55 < degrees> I think tap win32 driver for 32 bit OS 11:55 < degrees> only 11:56 < S1lv3R> negativ 11:56 < degrees> кто нить говорит по русски? 11:56 < S1lv3R> i use this pathstyle for win7 64 11:56 <+s7r> negative works on 64 bit for me too 11:56 < S1lv3R> nope 11:56 < S1lv3R> English ore German 11:56 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has joined #openvpn 11:57 < degrees> ok 11:57 < S1lv3R> Win7 have the same Strukture as Windows Server 2008 11:57 <+s7r> almost 11:57 < S1lv3R> 2003 is different 11:58 < S1lv3R> degrees have you tryed this stylelikes C:\\dir\\dir\\file.key ? 11:59 < degrees> yes 11:59 < S1lv3R> Its working? 11:59 < S1lv3R> Same Error? 11:59 < degrees> its working on win 2003 12:00 < S1lv3R> ehhhh u need this for 2003 ore 2008R2? 12:02 < krzee> whats the error? 12:02 < krzee> !winpath 12:02 <@vpnHelper> "winpath" is (#1) Remember on Windows to quote pathnames and use double backslashes, e.g.: "C:\\Program Files\\OpenVPN\\config\\foo.key" or (#2) also, you can use forward slashes to avoid needing double backslashes, but you still need quotes, e.g.: C:/Program Files/OpenVPN/config/foo.key (but surrounded by quotes) 12:02 < degrees> win2008 on the same configuration as in win2003 12:02 < degrees> need for w2008r2 12:03 -!- lakewood [~user@99-45-120-223.lightspeed.cicril.sbcglobal.net] has quit [Remote host closed the connection] 12:07 -!- emmanuelux [~emmanuel@2a01:e35:2e4d:9010:21d:60ff:fe0e:b818] has quit [Quit: @+] 12:07 < S1lv3R> krzee, ovpn Windows Service ist starting but not up 12:07 -!- lakewood [~user@99-45-120-223.lightspeed.cicril.sbcglobal.net] has joined #openvpn 12:08 < S1lv3R> Hee need to configure the log Path for more infos 12:09 -!- emmanuelux [~emmanuel@2a01:e35:2e4d:9010:21d:60ff:fe0e:b818] has joined #openvpn 12:09 < krzee> oh i see, can also just start it from commandline without using --daemon 12:09 < krzee> that would show output still so you can see why logging isnt working 12:10 < krzee> or you can use just a filename, and the file should end up in the config dir (just in windows) iirc 12:10 < krzee> or maybe thats cause i always use --cd 12:11 < krzee> also, if you use the gui tool, i believe it has an output screen that is the same as the loh 12:11 < krzee> log* 12:11 -!- treshoem [~treshoem@ns1.smartcellphonestogo.com] has quit [Ping timeout: 245 seconds] 12:11 < S1lv3R> degrees look at http://forums.openvpn.net/topic9636.html#p20062 12:11 <@vpnHelper> Title: OpenVPN Support Forum I connect but I see the network : Server Administration (at forums.openvpn.net) 12:11 < S1lv3R> Check some Errors 12:12 < degrees> ok 12:12 < S1lv3R> Wed Jan 18 16:43:15 2012 /sbin/route del -net 10.7.0.0 netmask 255.255.255.0 12:12 < S1lv3R> SIOCDELRT: Operation not permitted 12:12 < S1lv3R> SIOCSIFADDR: Permission denied 12:12 < krzee> start as admin 12:12 < Essobi_> admin 12:12 < Essobi_> :D 12:12 < S1lv3R> Thats Winoofs 12:13 < S1lv3R> Windoofs 12:13 < krzee> thats you not starting as admin 12:13 < krzee> i dunno what windoofs means ;] 12:14 < S1lv3R> Hehe 12:14 < S1lv3R> !staticip 12:14 < S1lv3R> hmm 12:14 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Ping timeout: 252 seconds] 12:15 < S1lv3R> !help 12:15 <@vpnHelper> (help [] []) -- This command gives a useful description of what does. is only necessary if the command is in more than one plugin. 12:15 < krzee> !factoids 12:15 <@vpnHelper> "factoids" is A semi-regularly updated dump of factoids database is available at http://www.secure-computing.net/factoids.php 12:15 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 12:16 < S1lv3R> is vpnHelper an Eggdrop? 12:16 < krzee> no 12:16 < krzee> i havnt run eggdrops in yeeeeeears 12:16 -!- misulicus [me@79.115.87.182] has joined #openvpn 12:16 < krzee> and never for freenode 12:17 < S1lv3R> coded in php? Hehe 12:17 < krzee> python 12:17 < S1lv3R> ahh okay 12:17 < krzee> !version 12:17 <@vpnHelper> The current (running) version of this Supybot is 0.83.4.1. The newest version available online is 0.83.4.1. 12:17 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has quit [Quit: Leaving] 12:18 < misulicus> hey got a q, u know that for openvpn u got to put the client vpn and the ca.crt file in config folder, is it possible to create an openvpn installer that has the files built into it ? 12:19 -!- lakewood [~user@99-45-120-223.lightspeed.cicril.sbcglobal.net] has quit [Remote host closed the connection] 12:21 < S1lv3R> !static 12:21 <@vpnHelper> "static" is (#1) use --ifconfig-push in a ccd entry for a static ip for the vpn client or (#2) example in net30 (default): ifconfig-push 10.8.0.6 10.8.0.5 example in subnet (see !topology) or tap (see !tunortap): ifconfig-push 10.8.0.5 255.255.255.0 or (#3) also see !ccd and !iporder 12:21 < S1lv3R> !ccd 12:21 <@vpnHelper> "ccd" is (#1) entries that are basically included into server.conf, but only for the specified client based on common-name. use --client-config-dir to enable it, then put the config options for the client in /common-name or (#2) the ccd file is parsed each time the client connects. 12:24 < S1lv3R> cat /etc/openvpn/openvpn-status.log 12:24 < S1lv3R> upps 12:26 < S1lv3R> i like openvpn for HTC DHD with ICS 4.0.3 12:28 < degrees> S1lv3R in client config file no win path before key files 12:29 -!- Dev0n_ [~Dev0n@host-92-26-113-187.as13285.net] has quit [Read error: Connection reset by peer] 12:33 < S1lv3R> !winpath 12:33 <@vpnHelper> "winpath" is (#1) Remember on Windows to quote pathnames and use double backslashes, e.g.: "C:\\Program Files\\OpenVPN\\config\\foo.key" or (#2) also, you can use forward slashes to avoid needing double backslashes, but you still need quotes, e.g.: C:/Program Files/OpenVPN/config/foo.key (but surrounded by quotes) 12:34 < S1lv3R> Windows dount like Unix Path Styles 12:36 < krzee> "C:/Program Files/OpenVPN/config/foo.key" works 12:42 < S1lv3R> degrees and for ping to other Subnet, you need push route likes push "route 192.0.0.0 255.255.255.0" 12:43 < S1lv3R> Server.conf find push "route 12:43 -!- JPeterson [HydraIRC@s213-103-209-64.cust.tele2.se] has quit [Read error: Connection reset by peer] 12:43 < krzee> !route 12:43 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT or (#3) See !tcpip for more info about a more basic networking guide 12:43 -!- MeanderingCode [~Meanderin@97-123-4-4.albq.qwest.net] has quit [Read error: Operation timed out] 12:44 < hyper_ch> krzee: do you know how linux sets default gateway with multiple interface? 12:44 -!- JPeterson [HydraIRC@s213-103-209-64.cust.tele2.se] has joined #openvpn 12:44 < krzee> dunno why it would change 12:44 < hyper_ch> krzee: well, if you have dhcp on all interfaces 12:45 < hyper_ch> how will it chose the default gateway? 12:45 < krzee> add direct route to vpn server over whatever is currently default 12:45 < krzee> add default route to internet over vpn 12:45 < hyper_ch> krzee: not realted to vpn 12:45 < hyper_ch> in general :) 12:45 < krzee> dunno 12:45 < hyper_ch> and I thought you're a routing pro :) 12:45 < krzee> check the code 12:46 < krzee> i know it has had problems with finding the gateway of ppp interfaces before 12:46 < hyper_ch> it's simple to teach quantum physics to a baby :) 12:47 < hyper_ch> s/simple/simplre 12:47 < hyper_ch> simpler :) 12:47 < hyper_ch> than checking the code 12:47 < krzee> whys that? 12:47 < hyper_ch> btw, does "teaching" also imply a learning effect? 12:47 < krzee> yes, otherwise you are attempting to teach 12:48 < hyper_ch> does "explaining" imply an "understanding" by the explainee? 12:48 < krzee> and ya cant toss an r on "simple", it's just more simple ;] 12:48 < krzee> no, explaining does not 12:48 < hyper_ch> simple, simpler, simplest 12:49 < hyper_ch> :) 12:49 < krzee> you can explain without anyone having a clue when you say 12:49 < krzee> but in that situation you are not teaching them anything 12:49 < hyper_ch> it's easier to explain quantum physics to a baby than reading code :) 12:49 < hyper_ch> now I got it right 12:49 < krzee> it would be equally easy to explain quantum physics to a baby or a professor 12:50 < krzee> (assuming he doesnt call you out on being incorrect for stuff, lol) 12:50 < hyper_ch> but explaining to a baby sounds more impressive :) 12:50 < krzee> ;] 12:51 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Remote host closed the connection] 12:52 < krzee> ok well i must automate the provisioning / rooting of these voip phones 12:52 < krzee> so bbiab 12:52 < hyper_ch> bbiab? be back in a bit? 12:53 < prg3> yup 12:53 < hyper_ch> be back in a bentley? 12:53 < hyper_ch> bugatti 12:56 -!- belphegorr [~belphegor@ANantes-251-1-201-52.w90-54.abo.wanadoo.fr] has joined #openvpn 12:57 < belphegorr> hi 12:57 < S1lv3R> lol 12:57 < belphegorr> i want know if we can connect to an openvpn server with the original windows 7 client? 12:58 < S1lv3R> lmaa 12:58 < hyper_ch> what origintal windows 7 client? 12:58 < S1lv3R> its nulled 12:58 < S1lv3R> ^^ 13:00 < S1lv3R> !google howto configure openvpn Windows7 13:00 < belphegorr> into the network center there is an option to connect on vpn 13:01 <@vpnHelper> Windows XP,Vista & Windows 7 (32 & 64 bit) OpenVPN Setup ...: ; Windows 7 OpenVPN Install: ; Windows 7 OpenVPN Setup Instructions: 13:01 <@vpnHelper> RSS Update - forum: [Help] Cannot connect to vpn. 13:01 < hyper_ch> how am I supposed to know waht the windows network center is like :) 13:01 < S1lv3R> Windows have only VPN via PPTP 13:01 < hyper_ch> belphegorr: I tend to think no 13:02 < S1lv3R> Networkcenter isnt supports ovpn 13:02 < rob0> S1lv3R, that is not true AFAIK. I think they also support IPSec. 13:02 < belphegorr> mist 13:02 < rob0> but probably not openvpn 13:03 < rob0> anyway, WE do not support Windows here, or at least I do not. 13:03 < rob0> If you need generic Windows help, there are better places to ask. 13:03 < hyper_ch> belphegorr: issue !howto 13:03 < hyper_ch> !windows 13:03 <@vpnHelper> "windows" is (#1) pcs are like air conditioners, they work fine unless you open windows or (#2) http://secure-computing.net/files/windows.jpg for funny or (#3) http://secure-computing.net/files/windows_2.jpg for more funny 13:04 < S1lv3R> belphegorr do you speak german? 13:05 < degrees> thax all, i'll be back tomorrow, can someone else tell what, bye 13:05 < belphegorr> my german is poor now 13:05 < S1lv3R> degrees see ya 13:05 < hyper_ch> S1lv3R: I think s/he/it speaks french 13:05 < S1lv3R> wandoo 13:05 < S1lv3R> ^^ 13:05 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 13:05 < hyper_ch> parce-que tu es connecté par wannadoo :) 13:05 -!- degrees [~degrees@85.113.41.238] has quit [Quit: Ухожу я от вас (xchat 2.4.5 или старше)] 13:05 < S1lv3R> i think hes comming from Elsass 13:06 < S1lv3R> my frensh is bad 13:06 < S1lv3R> (o; 13:06 < belphegorr> yes i am in france now 13:06 < hyper_ch> S1lv3R: I hope your gf doesn't complain about it ;= 13:06 < S1lv3R> haha *Ditsh hyper_ch 13:07 < S1lv3R> only my language is bad 13:07 < hyper_ch> belphegorr: download the openvpn client from the openvpn page 13:08 < S1lv3R> You can start OpenVPN as windows Service 13:08 < hyper_ch> or save yourself all this pain and go linux 13:08 < belphegorr> it work with openvpn client but i want on ly know if it can work owne 13:09 < S1lv3R> lol hyper_ch thats my second os 13:09 < hyper_ch> and your first one is openbsd? 13:10 < S1lv3R> W2K8 R2 SP1 and Win7 Ulti (Original) 13:10 < S1lv3R> (o; 13:10 < hyper_ch> I prefer stable, reliable OSes where I can work efficiently on 13:10 < belphegorr> original :o 13:11 < S1lv3R> yes 13:12 -!- radioxid [~radioxid@37-8-189-79.romanichel.net] has joined #openvpn 13:13 < misulicus> hey got a q, u know that for openvpn u got to put the client vpn and the ca.crt file in config folder, is it possible to create an openvpn installer that has the files built into it ? 13:13 < S1lv3R> Download Openvpn Install & Configure and start as Services 13:13 < krzee> !win_rollup 13:13 <@vpnHelper> "win_rollup" is please see http://www.secure-computing.net/wiki/index.php/OpenVPN/HowTo_for_Windows_2 for dazo's writeup on making unattended windows installers for openvpn 13:14 < krzee> misulicus, ^ 13:14 < S1lv3R> OpenVPN/HowTo for Linux ? 13:15 < hyper_ch> S1lv3R: it does on debian and ubuntu 13:15 < hyper_ch> S1lv3R: all you need is to at a *conf file with keys and stuff 13:15 < S1lv3R> Likes Debian 13:15 < hyper_ch> into the /etc/openvpn folder 13:15 < hyper_ch> and then /etc/init.d/openvpn restart 13:15 < hyper_ch> or service openvpn restart on ubuntu 13:15 < S1lv3R> debian works too 13:16 < hyper_ch> debian is great for server 13:16 < hyper_ch> debian is great for clients 13:16 < hyper_ch> I mean ubuntu is great for clients 13:16 < S1lv3R> based on Debian 13:17 < misulicus> krzee thanks i`l read that link 13:18 < S1lv3R> I have tryed to configure PPTP with W2K8 R2 SP1 13:18 < S1lv3R> its so terrible 13:18 < misulicus> krzee that installer will work on xp/vista/7 ? 13:20 < hyper_ch> misulicus: why not just try it? 13:22 < S1lv3R> !iptables 13:22 <@vpnHelper> "iptables" is (#1) to test if iptables is your problem, disable all rules or put the defaults to accept: iptables -P INPUT ACCEPT; iptables -P OUTPUT ACCEPT; iptables -P FORWARD ACCEPT; iptables -F; iptables -Z or (#2) please see http://openvpn.net/man#lbBD for more info or (#3) you can see http://www.secure-computing.net/wiki/index.php/OpenVPN/Firewall for pf or iptables 13:25 -!- lakewood [~user@99-45-120-223.lightspeed.cicril.sbcglobal.net] has joined #openvpn 13:32 < S1lv3R> I have some trouble with my Mobile device 13:33 -!- atomicfusion2 [~stephen@69-161-21-126.static.acsalaska.net] has joined #openvpn 13:33 < S1lv3R> I connect with my OpenVPN Server 13:33 < S1lv3R> Internet works for few seconds 13:34 < S1lv3R> From other Point with Windows 7 Works fine 13:35 < S1lv3R> its an iptable prblem? 13:35 < S1lv3R> problem 13:35 < S1lv3R> ? 13:35 -!- lakewood [~user@99-45-120-223.lightspeed.cicril.sbcglobal.net] has quit [Remote host closed the connection] 13:36 -!- madal [~madal@b219.starfsm.hi.is] has joined #openvpn 13:36 < S1lv3R> can anyone check my iptable list? 13:36 < hyper_ch> S1lv3R: issue: !help 13:36 < misulicus> krzee got an issue with that guide. 13:37 < S1lv3R> !help 13:37 -!- atomicfusion2 [~stephen@69-161-21-126.static.acsalaska.net] has quit [Ping timeout: 240 seconds] 13:37 <@vpnHelper> (help [] []) -- This command gives a useful description of what does. is only necessary if the command is in more than one plugin. 13:37 < misulicus> after: Run the makensis program it sais to run md5sums on 2 files but i only get 1 ex file 13:37 < misulicus> OpenVPN-InstCfgWiz.exe is all i got 13:38 < madal> Has anyone deployed configured openvpn in redhat 6 with and configured against ldap ? 13:40 < madal> i am just a first time tester of openvpn 13:41 -!- madal [~madal@b219.starfsm.hi.is] has left #openvpn [] 13:44 -!- chmig [~chmig@46-126-126-44.dynamic.hispeed.ch] has joined #openvpn 13:45 < pwrcycle> !ldap 13:46 < pwrcycle> !help search ldap 13:46 <@vpnHelper> Error: There is no command "search ldap". 13:47 < pwrcycle> !search ldap 13:47 <@vpnHelper> There were no matching configuration variables. 13:47 < krzee> misulicus, i know nothing about it, maybe you can catch dazo when his nick doesnt have afk on it 13:48 < S1lv3R> hmmm 13:49 < S1lv3R> lol i have delete iptable entrys and now i cant connect to www 13:49 < S1lv3R> can anyone help me? 13:50 < S1lv3R> io hate iptables 13:51 < S1lv3R> please help me )o; 13:53 < krzee> not an openvpn problem 13:53 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has quit [] 13:54 < krzee> add back whatever you deleted 13:55 < krzee> or reload from backup 13:55 < S1lv3R> i was test from http://www.secure-computing.net/wiki/index.php/OpenVPN/Firewall 13:55 <@vpnHelper> Title: OpenVPN/Firewall - Secure Computing Wiki (at www.secure-computing.net) 14:00 < krzee> then you must have saved, now just reload 14:03 < S1lv3R> i have dd-wrt software backup wasnt working 14:03 -!- radioxid [~radioxid@37-8-189-79.romanichel.net] has quit [Read error: Connection reset by peer] 14:05 -!- mattock [~samuli@openvpn/corp/admin/mattock] has joined #openvpn 14:05 -!- mode/#openvpn [+o mattock] by ChanServ 14:07 < krzee> the page you linked shows how to save and restore 14:07 < krzee> if you didnt, i cant help you 14:07 -!- Schnabeltier [Schnabel3@ist.verliebt.in.seinen.bouncer.von.bouncer-paradise.com] has joined #openvpn 14:07 -!- JackWinter [~jack@ppp-289.vo.lu] has quit [Quit: Konversation terminated!] 14:08 < krzee> maybe they'll return with a reboot ;] 14:08 -!- Schnabeltier [Schnabel3@ist.verliebt.in.seinen.bouncer.von.bouncer-paradise.com] has quit [Remote host closed the connection] 14:10 -!- radioxid [~radioxid@37-8-189-79.romanichel.net] has joined #openvpn 14:10 -!- JackWinter [~jack@ppp-289.vo.lu] has joined #openvpn 14:11 -!- S1lv3R [~Ben@178-83-34-83.dynamic.hispeed.ch] has quit [Read error: Connection reset by peer] 14:19 < misulicus> any ideas what this can be from 14:19 < misulicus> Wed Feb 01 22:14:13 2012 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054) 14:23 -!- radioxid [~radioxid@37-8-189-79.romanichel.net] has quit [Quit: Get MacIrssi - http://www.sysctl.co.uk/projects/macirssi/] 14:25 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 14:26 -!- p3rror [~mezgani@41.137.254.45] has quit [Ping timeout: 244 seconds] 14:30 -!- scampbell [~scampbell@mail.scampbell.net] has quit [Remote host closed the connection] 14:33 <@vpnHelper> RSS Update - forum: OpenVPN server would not complete init sequence || How to limit bandwidth per user? 14:36 -!- chmig [~chmig@46-126-126-44.dynamic.hispeed.ch] has quit [Quit: chmig] 14:38 < belphegorr> good night und bis gleich thanks for your help 14:38 -!- belphegorr [~belphegor@ANantes-251-1-201-52.w90-54.abo.wanadoo.fr] has quit [Quit: IRC webchat at http://irc2go.com/] 14:43 -!- lakewood [~user@99-45-120-223.lightspeed.cicril.sbcglobal.net] has joined #openvpn 14:46 -!- mattock [~samuli@openvpn/corp/admin/mattock] has quit [Quit: mattock] 14:46 -!- mattock [~samuli@openvpn/corp/admin/mattock] has joined #openvpn 14:47 -!- mode/#openvpn [+o mattock] by ChanServ 14:51 -!- mattock [~samuli@openvpn/corp/admin/mattock] has quit [Ping timeout: 252 seconds] 14:55 -!- scampbell [~scampbell@mail.scampbell.net] has joined #openvpn 14:57 -!- KaiForce [~chatzilla@adsl-70-228-98-51.dsl.akrnoh.ameritech.net] has quit [Quit: ChatZilla 0.9.88 [Firefox 9.0.1/20111220165912]] 14:58 -!- majuscule [~dylan@dylansserver.com] has joined #openvpn 15:00 < majuscule> Sorry if this is a stupid/offtopic question but once I've created a vpn connection and a new interface tun0, how do I route all of my connections through it? 15:01 < hyper_ch> majuscule: issue !def1 15:05 -!- S1lv3R [~Ben@178-83-34-83.dynamic.hispeed.ch] has joined #openvpn 15:08 < majuscule> !def1 15:08 <@vpnHelper> "def1" is (#1) used in redirect-gateway, Add the def1 flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. or (#2) please see --redirect-gateway in the man page ( !man ) to fully understand or (#3) push "redirect-gateway def1" 15:14 < S1lv3R> !iptables 15:14 <@vpnHelper> "iptables" is (#1) to test if iptables is your problem, disable all rules or put the defaults to accept: iptables -P INPUT ACCEPT; iptables -P OUTPUT ACCEPT; iptables -P FORWARD ACCEPT; iptables -F; iptables -Z or (#2) please see http://openvpn.net/man#lbBD for more info or (#3) you can see http://www.secure-computing.net/wiki/index.php/OpenVPN/Firewall for pf or iptables 15:14 < majuscule> hyper_ch: thank you that worked, except it seems for DNS. might you be able to point me in the right direction with that? 15:15 < S1lv3R> iptables -A INPUT -p udp -s 1.2.3.4 --dport 1194 -j ACCEPT 15:15 < S1lv3R> is 1.2.3.4 my openvpnserver? 15:23 -!- bauruine [~stefan@2001:8e0:100b:dead:f2de:f1ff:fe9f:974b] has joined #openvpn 15:24 < hyper_ch> !pushdns 15:24 <@vpnHelper> "pushdns" is (#1) push "dhcp-option DNS a.b.c.d" to push dns to the client or (#2) http://thread.gmane.org/gmane.network.openvpn.user/25139/focus=25147 see that mail archive for some info on pushing dns or (#3) http://article.gmane.org/gmane.network.openvpn.user/25149 for a perm fix via regedit or (#4) in unix you'll use the update-resolv-conf script or (#5) also 15:24 <@vpnHelper> http://comments.gmane.org/gmane.network.openvpn.user/31975 reports --register-dns as fixing their problems pushing DNS to windows 7 15:28 < majuscule> hyper_ch: thanks, I actually tried "dhcp DNS 8.8.8.8" but it doesn't seem to be working 15:28 < majuscule> rhel server/ arch client 15:28 < hyper_ch> majuscule: re-read again 15:28 < majuscule> kk 15:28 < hyper_ch> http://thread.gmane.org/gmane.network.openvpn.user/25139/focus=25147 15:28 <@vpnHelper> Title: Gmane Loom (at thread.gmane.org) 15:28 < hyper_ch> push "dhcp-option DNS a.b.c.d" 15:29 < majuscule> hyper_ch: oh jeeze, i'm sorry, yes, that was a typo in irc, i tried the correct syntax 15:29 < majuscule> push "dhcp-option DNS 8.8.8.8" 15:29 < majuscule> push "dhcp-option DNS 8.8.4.4" 15:30 < hyper_ch> that belongs into the server config 15:30 < hyper_ch> or ccd 15:31 < majuscule> correct, it is in my server config 15:31 -!- defsdoor [~andy@cpc17-sutt4-2-0-cust175.perr.cable.virginmedia.com] has quit [Quit: Ex-Chat] 15:31 < hyper_ch> then it should work 15:31 < hyper_ch> otherwise enable log on server and client and check what happens 15:32 < majuscule> yeah i'm gonna look into it now 15:35 <+s7r> can i put ipv6 DNS addresses in that line ? 15:35 <+s7r> :D 15:38 -!- misulicus [me@79.115.87.182] has quit [] 15:44 -!- BenLue [~Ben@178-83-34-83.dynamic.hispeed.ch] has joined #openvpn 15:47 -!- S1lv3R [~Ben@178-83-34-83.dynamic.hispeed.ch] has quit [Ping timeout: 240 seconds] 15:49 -!- madal [~madal@b219.starfsm.hi.is] has joined #openvpn 15:51 < madal> new openvpn user here 15:51 < madal> just wanted to know if anyone has deployed openvpn in redhat 6 and authenticaion against ldap ? 15:54 < majuscule> hyper_ch: it looks like i was mistaken. none of my connections are actually going over the link. I don't know why. I did set redirect-gateway def1 15:55 < majuscule> the interface is being created 15:55 < majuscule> hyper_ch: how can I debug this? 15:57 -!- scampbell [~scampbell@mail.scampbell.net] has quit [Quit: Ex-Chat] 15:58 < majuscule> i'm looking at /var/log/messages, i see the interface being created but no connections 16:03 -!- misulicus [me@79.115.87.182] has joined #openvpn 16:04 < misulicus> hey guys 16:04 < misulicus> q: server 172.16.32.0 172.31.255.255 is that good for assigning IP`s ? 16:04 < misulicus> in server.conf 16:05 < misulicus> cause i get 16:05 < misulicus> Options error: --server directive network/netmask combination is invalid 16:05 < misulicus> Use --help for more information. 16:10 <+s7r> that is not good 16:10 <+s7r> use first ip and net mask e.g. 172.16.32.0 255.255.255.0 16:11 < misulicus> so: 172.16.32.0 255.255.254.0 should work ? 16:14 < misulicus> 172.16.32.0/24 how many IP`s will allow ? 16:15 < misulicus> ah thats 254 16:15 < |Mike|> ipcalc it.. 16:16 < |Mike|> http://pastebin.com/Rt9yV0Rh 16:17 < |Mike|> there ya go. 16:24 -!- zalzice [~zalzice@25.79-160-109.customer.lyse.net] has quit [Ping timeout: 248 seconds] 16:25 -!- messedup1 [~user1@66-169-98-239.dhcp.ftwo.tx.charter.com] has joined #openvpn 16:26 -!- zalzice [~zalzice@25.79-160-109.customer.lyse.net] has joined #openvpn 16:28 < messedup1> Afternoon all... Im working on a project, i want to run openvpn on my home network... 192.168, and be able to connect certain machine at home to it, then have a box, i can send around to other people, who will be able to boot it, and have it auto connect to the openvpn server, and give access inside their network... home network is again 192.168, id like the openvpn to dole out something like 172.31.21.X ip address... what al 16:28 < zeshoem> my version of ipcalc doesnt work the same way |Mike| 16:28 < zeshoem> asks for a bunch of options 16:30 -!- misulicus [me@79.115.87.182] has quit [Read error: Connection reset by peer] 16:31 -!- misulicus [~me@79.115.87.182] has joined #openvpn 16:34 < misulicus> well i manage to connect but its like i got no internet 16:34 < majuscule> After runing openvnpn with a static key on my server and client, the client can't connect to any IPs other than the server. What could be going wrong? 16:36 <@vpnHelper> RSS Update - forum: Client can connect but has no access to the Internet 16:37 -!- nonotza [~nonotza@50-57-234-249.static.cloud-ips.com] has joined #openvpn 16:37 -!- s7r [~s7r@openvpn/user/s7r] has left #openvpn [] 16:40 < |Mike|> majuscule: topic 16:40 < majuscule> !configs 16:40 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries 16:40 < majuscule> !logs 16:40 <@vpnHelper> "logs" is (#1) is please pastebin your logfiles from both client and server with verb set to 5 or (#2) In Tunnelblick, right-click and select copy to copy log text to clipboard. 16:43 -!- misulicus [~me@79.115.87.182] has quit [Ping timeout: 252 seconds] 16:43 -!- zalzice [~zalzice@25.79-160-109.customer.lyse.net] has quit [Read error: Operation timed out] 16:43 -!- misulicus [~me@79.115.87.182] has joined #openvpn 16:44 -!- misulicus [~me@79.115.87.182] has quit [Client Quit] 16:45 -!- radioxid [~radioxid@37.8.189.79] has joined #openvpn 16:47 -!- zalzice [~zalzice@25.79-160-109.customer.lyse.net] has joined #openvpn 16:51 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has quit [Remote host closed the connection] 16:53 -!- radioxid [~radioxid@37.8.189.79] has quit [Quit: Get MacIrssi - http://www.sysctl.co.uk/projects/macirssi/] 17:16 -!- bauruine [~stefan@2001:8e0:100b:dead:f2de:f1ff:fe9f:974b] has quit [Ping timeout: 245 seconds] 17:29 < messedup1> Afternoon all... Im working on a project, i want to run openvpn on my home network... 192.168, and be able to connect certain machine at home to it, then have a box, i can send around to other people, who will be able to boot it, and have it auto connect to the openvpn server, and give access inside their network... home network is again 192.168, id like the openvpn to dole out something like 172.31.21.X ip address... what al 17:32 -!- Essobi_ is now known as Essobi 17:35 -!- appleguru [4a0a4842@gateway/web/freenode/ip.74.10.72.66] has joined #openvpn 17:35 < appleguru> any idea how to forward broadcast traffic through VPN? 17:35 < appleguru> I've tried setting up bcrelay and pptpd in ubuntu, but my bradcasts still aren't making it throug 17:35 < appleguru> h 17:37 -!- mcp [~mcp@wolk-project.de] has quit [Read error: Operation timed out] 17:37 -!- JodaZ [~joda@ns387141.ovh.net] has quit [Write error: Broken pipe] 17:37 -!- Blue_Ice [~Blue_Ice@unaffiliated/blue-ice/x-2052838] has quit [Read error: Operation timed out] 17:37 -!- d12fk [~heiko@exit0.net] has quit [Read error: Operation timed out] 17:37 < EugeneKay> !tunortap 17:37 <@vpnHelper> "tunortap" is (#1) you ONLY want tap if you need to pass layer2 traffic over the vpn (traffic destined for a MAC address). If you are using IP traffic you want tun. Dont waste the extra overhead. or (#2) and if your reason for wanting tap is windows shares, see !wins or (#3) also remember that if someone gets access to any side of a tap vpn they can use layer2 attacks like arp poisoning against you 17:37 <@vpnHelper> over the vpn or (#4) lan gaming? use tap! 17:37 < EugeneKay> appleguru ^ 17:37 < havoc> stupid question, maybe (especially from me), but what's the difference between TUN & TAP, aside from the OSI Layer and ARP poisoning bit? 17:37 -!- mcp [~mcp@wolk-project.de] has joined #openvpn 17:37 -!- Blue_Ice [~Blue_Ice@sid.dupas.be] has joined #openvpn 17:37 -!- Blue_Ice [~Blue_Ice@sid.dupas.be] has quit [Changing host] 17:37 -!- Blue_Ice [~Blue_Ice@unaffiliated/blue-ice/x-2052838] has joined #openvpn 17:37 < havoc> TUN is better performance? 17:37 < EugeneKay> Performance & compatibility with bridging mode 17:38 -!- d12fk [~heiko@exit0.net] has joined #openvpn 17:38 < havoc> yeah, no L2 stuff (bridging, DHCP) 17:38 < EugeneKay> tun is a vanilla point-to-point link, you have to use routed mode. tap lets you pass Ethernet frames(in bridging mode), including all that L2 jazz. 17:39 < havoc> yeah, I'm all TAP now, but was thinking of moving to TUN 17:39 -!- JodaZ [~joda@ns387141.ovh.net] has joined #openvpn 17:39 < havoc> the thing is I like using external DHCP server 17:39 < EugeneKay> You can run routed over tap, but it's better to use tun. There isn't a tun driver for Windows, so everything uses TAP-Win32. Specifying "dev tun" will cause it to behave like a tun device, though. 17:39 < havoc> and was also thinking of briding 2 VPN ifaces for same subnet 17:39 < havoc> udp:1194 & tcp:443 17:40 < EugeneKay> And I think that sounds like a pile of terrible ideas. 17:40 < EugeneKay> But hey, go for it. 17:40 < havoc> what, bridging the two VPN ifaces? 17:40 < havoc> it's actually an awesom idea, from a management perspective 17:40 < havoc> but can't do it w/ tun 17:40 < EugeneKay> External DHCP server, bridging vpn ifaces, TCP:443.... 17:41 < havoc> so I'll have to decide 17:41 < havoc> tcp:443 is the hole puncher 17:41 < havoc> and the only thing that works in a lot of places 17:41 < EugeneKay> Really you should have openvpn listening on TCP:1194, and then do an iptables redirect from :443 and maybe :80 up to the higher port 17:42 < EugeneKay> !unpriv 17:42 <@vpnHelper> "unpriv" is see https://community.openvpn.net/openvpn/wiki/UnprivilegedUser for a write-up by EugeneKay on how to run OpenVPN without root/admin permissions. 17:42 < EugeneKay> Preferably in concert with that ^ 17:42 < havoc> hmm, that would work too, then no --port-share 17:42 < havoc> wait, wouldn't be able to have anything else on tcp:443 then 17:42 < EugeneKay> Not on the same IP, no. 17:43 < havoc> anyway, still much to consider 17:43 < EugeneKay> !google sslh 17:43 <@vpnHelper> sslh – ssl/ssh multiplexer - rutschle.net: ; sslh - search.cpan.org: ; ssl and ssh multiplexing using sslh - nion's blog: 17:43 < EugeneKay> That may be of interest to you, for doing hole-punching 17:44 < havoc> sslh, I'll try/have to rememner that 17:45 < havoc> the thing is that I really *want* to do things the Right way, but Reality has a nasty way of interfering :( 17:46 < appleguru> forgive my ignorance, but I have never heard of TAP before 17:46 < appleguru> ideally, I need something that is compatible with one of the built in VPN clients on the iPhone 17:46 < EugeneKay> I have a TCP instance listening for fallback when I'm behind a nazi firewall. It works great routed. 17:47 < EugeneKay> appleguru - Unless you have a concrete use case for broadcast(layer 2) traffic, use tun/routed. 17:47 < appleguru> I *need* broadcast traffic for my application 17:47 < appleguru> (and multicast) 17:48 < EugeneKay> Then you'll want bridging with tap. I don't have a clue if it's compatible with the iOS clients, or how to start using it, though. Sorry. :-p 17:48 < appleguru> I want to set up a bridge that is as close to being on the local network as possible 17:48 < havoc> EugeneKay: thanks for the info, I gotta run, but will most definitely consider everything, thanks :) 17:51 -!- Schnabeltier [Schnabel3@ist.verliebt.in.seinen.bouncer.von.bouncer-paradise.com] has joined #openvpn 17:52 -!- p3rror [~mezgani@41.248.198.132] has joined #openvpn 17:54 -!- emmanuelux [~emmanuel@2a01:e35:2e4d:9010:21d:60ff:fe0e:b818] has quit [Quit: @+] 17:56 -!- scampbell [~scampbell@mail.scampbell.net] has joined #openvpn 17:58 -!- appleguru [4a0a4842@gateway/web/freenode/ip.74.10.72.66] has quit [Ping timeout: 245 seconds] 18:02 -!- Harley [~Harley@125.70.184.234] has joined #openvpn 18:04 -!- tekzilla [~jon@hmbg-4d06cf56.pool.mediaWays.net] has quit [Read error: Operation timed out] 18:08 -!- tekzilla [~jon@hmbg-5f761017.pool.mediaWays.net] has joined #openvpn 18:20 -!- master_of_master [~master_of@p57B53923.dip.t-dialin.net] has quit [Ping timeout: 252 seconds] 18:22 -!- master_of_master [~master_of@p57B5529E.dip.t-dialin.net] has joined #openvpn 18:22 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has joined #openvpn 18:22 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has quit [Changing host] 18:22 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 18:22 -!- mode/#openvpn [+v Axeman] by ChanServ 18:47 -!- nonotza [~nonotza@50-57-234-249.static.cloud-ips.com] has quit [Quit: nonotza] 18:48 -!- Denial [Denial@drgi.co.uk] has quit [] 18:50 -!- 77CAACGW0 [~stephen@102-16-237-24.gci.net] has joined #openvpn 18:50 -!- 77CAACGW0 [~stephen@102-16-237-24.gci.net] has left #openvpn [] 20:02 -!- krzee [nobody@openvpn/community/support/krzee] has quit [Read error: Connection reset by peer] 20:02 -!- krzee [nobody@hemp.ircpimps.org] has joined #openvpn 20:02 -!- krzee [nobody@hemp.ircpimps.org] has quit [Changing host] 20:02 -!- krzee [nobody@openvpn/community/support/krzee] has joined #openvpn 20:13 < Dougy> ladies 20:13 < Dougy> and gentleman 20:23 < krzee> whats up Dougy 20:24 -!- scampbell [~scampbell@mail.scampbell.net] has quit [Quit: Ex-Chat] 20:26 -!- cadmium [~mike@75.47.2.73] has joined #openvpn 20:26 < cadmium> can anyone point me in the direction of a linux vpn server that doesn't require any licencing but is a good nuts and bolts setup ? 20:31 < krzee> openvpn doesnt require licensing unless you use access-server 20:31 < krzee> !download 20:32 <@vpnHelper> "download" is (#1) http://www.openvpn.net/download to download OpenVPN or (#2) OpenVPN's Windows installer now includes OpenVPN GUI. Don't bother with http://openvpn.se anymore or (#3) Don't trust download.com at all. It provides an extremely old version with malware: http://insecure.org/news/download-com-fiasco.html 20:37 -!- ostolvis [~ostolvis@108.162.156.19] has joined #openvpn 20:44 -!- ostolvis [~ostolvis@108.162.156.19] has quit [Ping timeout: 252 seconds] 20:46 -!- ostolvis [~ostolvis@108.162.156.19] has joined #openvpn 20:49 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Quit: Sorry Gotta Run!] 21:14 -!- nonotza [~nonotza@50-57-234-249.static.cloud-ips.com] has joined #openvpn 21:18 -!- madal [~madal@b219.starfsm.hi.is] has quit [Quit: The computer fell asleep] 21:21 -!- nonotza_ [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has joined #openvpn 21:24 -!- nonotza [~nonotza@50-57-234-249.static.cloud-ips.com] has quit [Ping timeout: 245 seconds] 21:24 -!- nonotza_ is now known as nonotza 21:26 -!- treshoem [~treshoem@ns1.smartcellphonestogo.com] has joined #openvpn 21:31 -!- simplechat_ [~simplecha@123-243-79-139.static.tpgi.com.au] has joined #openvpn 21:31 -!- simplechat_ [~simplecha@123-243-79-139.static.tpgi.com.au] has quit [Changing host] 21:31 -!- simplechat_ [~simplecha@unaffiliated/simplechat] has joined #openvpn 22:27 -!- emmanuelux [~emmanuel@2a01:e35:2e4d:9010:21d:60ff:fe0e:b818] has joined #openvpn 22:46 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 22:53 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 22:59 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 23:25 <@vpnHelper> RSS Update - forum: Disabling auth with "auth none" disables HMAC firewall too? 23:35 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 23:39 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 23:45 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 23:51 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 23:59 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] --- Day changed Thu Feb 02 2012 00:02 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 00:09 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 00:13 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 00:18 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 00:21 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 00:23 -!- emmanuelux [~emmanuel@2a01:e35:2e4d:9010:21d:60ff:fe0e:b818] has quit [Remote host closed the connection] 00:30 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 00:33 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 00:34 -!- nonotza [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has quit [Quit: nonotza] 00:38 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 00:43 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 00:53 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has joined #openvpn 00:54 -!- kokozedman [607fb67a@gateway/web/freenode/ip.96.127.182.122] has joined #openvpn 00:55 < kokozedman> hey guys... is there a way to shorten the delay that OpenVPN connects? 00:55 < kokozedman> there seems to be a lot of checks and other fancy stuffs before it gets connected 00:59 <@vpnHelper> RSS Update - forum: free radius openvpn 01:00 -!- emmanuelux [~emmanuel@2a01:e35:2e4d:9010:21d:60ff:fe0e:b818] has joined #openvpn 01:26 -!- kokozedman [607fb67a@gateway/web/freenode/ip.96.127.182.122] has quit [Ping timeout: 245 seconds] 01:26 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 01:29 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 01:54 -!- p3rror [~mezgani@41.248.198.132] has quit [Ping timeout: 240 seconds] 02:06 -!- emmanuelux [~emmanuel@2a01:e35:2e4d:9010:21d:60ff:fe0e:b818] has quit [Remote host closed the connection] 02:32 -!- madal [~madal@b219.starfsm.hi.is] has joined #openvpn 02:35 -!- madal [~madal@b219.starfsm.hi.is] has quit [Client Quit] 02:52 -!- Denial [Denial@drgi.co.uk] has joined #openvpn 02:55 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Quit: UnterPerro] 03:02 -!- gladiatr [~sdspence@openvpn/community/support/gladiatr] has quit [Ping timeout: 272 seconds] 03:07 -!- gladiatr [~sdspence@135.15.124.24.cm.sunflower.com] has joined #openvpn 03:09 -!- raomin [~romain@240.22.66.86.rev.sfr.net] has quit [Quit: leaving...] 03:19 -!- raomin [~romain@240.22.66.86.rev.sfr.net] has joined #openvpn 03:23 <@vpnHelper> RSS Update - forum: Client can connect but has no access to the Internet 03:44 -!- p3rror [~mezgani@41.205.221.206] has joined #openvpn 03:50 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 04:01 -!- noisebleed [~quassel@kermit.inescn.pt] has joined #openvpn 04:01 -!- noisebleed [~quassel@kermit.inescn.pt] has quit [Changing host] 04:01 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has joined #openvpn 04:05 <@vpnHelper> RSS Update - forum: Gateway fail 04:12 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 04:17 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 04:17 <@vpnHelper> RSS Update - forum: Client can connect but has no access to the Internet || Gateway fail 04:17 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Quit: UnterPerro lives to save another day] 05:11 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 05:31 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 05:37 < havoc> bah 05:42 -!- ravel_exe [ravel_exe@175.142.201.214] has joined #openvpn 05:44 -!- emmanuelux [~emmanuel@2a01:e35:2e4d:9010:21d:60ff:fe0e:b818] has joined #openvpn 05:46 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Remote host closed the connection] 05:49 -!- simplechat_ [~simplecha@unaffiliated/simplechat] has quit [Quit: Leaving] 05:55 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 06:01 -!- madal [~madal@bagmati.rhi.hi.is] has joined #openvpn 06:02 < madal> openvpn version 2 - works with openssl versin 1? 06:02 -!- prakashkamliya [~prakashka@202.131.123.66] has joined #openvpn 06:03 < prakashkamliya> howto know status of openvpn client running in background whether it is connected to server or not 06:08 -!- emmanuelux [~emmanuel@2a01:e35:2e4d:9010:21d:60ff:fe0e:b818] has quit [Remote host closed the connection] 06:12 <@vpnHelper> RSS Update - forum: howto iroute to be added dynamically using client-connet || Using tap mode without ethernet bridging on server side. 06:12 -!- emmanuelux [~emmanuel@2a01:e35:2e4d:9010:21d:60ff:fe0e:b818] has joined #openvpn 06:15 -!- ravel_exe [ravel_exe@175.142.201.214] has quit [] 06:18 <@vpnHelper> RSS Update - forum: Connection On Demand In OpenVPN ? || Unable to ping behind client from server in Bridge Mode 06:22 -!- prakashkamliya [~prakashka@202.131.123.66] has quit [Ping timeout: 240 seconds] 06:30 <@vpnHelper> RSS Update - forum: Unable to ping behind client from server in Bridge Mode 06:31 < madal> . ./vars 06:31 < madal> ************************************************************** 06:31 < madal> No /etc/openvpn/easy-rsa/2.0/openssl.cnf file could be found 06:31 < madal> Further invocations will fail 06:31 < madal> shall i copy from 1.0/openssl.cnf to this directory 06:31 < madal> will that work for version 2 ? 06:37 -!- FIP2 [~FIP@vpn3.freedom-ip.com] has joined #openvpn 06:37 < FIP2> Hi all 06:37 < FIP2> Hi ALl 06:37 < FIP2> all 06:37 < FIP2> i would like to know something about configuration of OpenVPN (server.conf) 06:37 < FIP2> one of my client send me this photo 06:37 < FIP2> http://nsa22.casimages.com/img/2012/02/02/120202125823655502.jpg 06:37 < FIP2> and we can see that we saw other client 06:37 < FIP2> and i don't want that 06:37 < FIP2> how can i block the communication between to client ? 06:37 -!- FIP2 was kicked from #openvpn by vpnHelper [Flooding detected. Please use http://pastebin.com for posting logs or configs.] 06:40 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has joined #openvpn 06:46 -!- MarKsaitis [~MarKsaiti@88.96.60.78] has joined #openvpn 06:47 -!- prakashkamliya [~prakashka@202.131.123.66] has joined #openvpn 07:01 -!- prakashkamliya [~prakashka@202.131.123.66] has quit [Ping timeout: 252 seconds] 07:17 -!- prakashkamliya [~prakashka@202.131.123.66] has joined #openvpn 07:25 -!- prakashkamliya_ [~prakashka@202.131.123.66] has joined #openvpn 07:26 -!- prakashkamliya [~prakashka@202.131.123.66] has quit [Ping timeout: 260 seconds] 07:26 -!- prakashkamliya_ [~prakashka@202.131.123.66] has quit [Remote host closed the connection] 07:30 <@vpnHelper> RSS Update - forum: howto know status of openvpn client ? 07:31 -!- nonotza [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has joined #openvpn 07:33 -!- bigcx2 [~ccole@173-163-44-9-cpennsylvania.hfc.comcastbusiness.net] has joined #openvpn 07:34 < bigcx2> !welcome 07:34 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 07:34 < bigcx2> !goal 07:34 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc 07:36 <@vpnHelper> RSS Update - forum: connecting freezes || OpenVPN server would not complete init sequence 07:38 -!- JackWinter [~jack@ppp-289.vo.lu] has quit [Quit: Konversation terminated!] 07:38 < bigcx2> !route 07:38 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT or (#3) See !tcpip for more info about a more basic networking guide 07:40 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has quit [Read error: Connection reset by peer] 07:40 -!- JackWinter [~jack@ppp-289.vo.lu] has joined #openvpn 07:42 <@vpnHelper> RSS Update - forum: crl produces huge log output 07:45 -!- BenLue is now known as S1lv3R 07:48 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Remote host closed the connection] 07:55 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has joined #openvpn 07:58 < bigcx2> hey guys, i've been beating my head on a wall over my vpn setup the past couple days trying to get this to work 07:58 < bigcx2> i was hoping one of the gurus here would be able to tell me something really simple that i'm doing wrong :) 07:59 -!- dazo_afk is now known as dazo 07:59 < bigcx2> basically I would like my vpn clients to be able to access my server and the lan it's on 07:59 < bigcx2> right now i'm using ethernet briding on my server with a single nic 08:00 < bigcx2> and i've been using a windows 7 client called viscosity 08:00 <@ecrist> !tunortap 08:00 <@vpnHelper> "tunortap" is (#1) you ONLY want tap if you need to pass layer2 traffic over the vpn (traffic destined for a MAC address). If you are using IP traffic you want tun. Dont waste the extra overhead. or (#2) and if your reason for wanting tap is windows shares, see !wins or (#3) also remember that if someone gets access to any side of a tap vpn they can use layer2 attacks like arp poisoning against you over 08:00 <@vpnHelper> the vpn or (#4) lan gaming? use tap! 08:00 <@ecrist> !welcome 08:00 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 08:00 <@ecrist> bigcx2: ^^^^ see those 08:01 < bigcx2> i'm able to connect to the server over the internet via a udp connection 08:01 < bigcx2> and i get an ip address on the local lan of my server 08:01 < bigcx2> but i can't ping anything on the remote subnet 08:01 <@ecrist> does the remote subnet know how to route to the VPN address space? 08:02 < bigcx2> and if i run a nmap scan on the ip address i receive from the server, it says its equvalent to localhost (aka my windows machine) 08:02 < bigcx2> ecrist: well i guess that's where i'm a little confused...my server lan is 192.168.66.0 08:03 < bigcx2> and my server ip is 192.168.66.49 08:03 < bigcx2> can i allocate a slice of that subnet for my openvpn clients or do i need a separate subnet altogether? 08:04 <@ecrist> if you're using tap (bridging) you use IPs that are already on that subnet 08:04 <@ecrist> that means you'll need to forward udp port 1194 to your openvpn server 08:04 < bigcx2> right, that works 08:04 <@ecrist> unless the openvpn server runs on your network gateway 08:04 <@ecrist> the openvpn server, then, needs to bridge the ethernet adapater on the lan, and the tap adapter for the vpn 08:05 < bigcx2> i agree...that's where i think i have an issue 08:05 <@vpnHelper> RSS Update - forum: OPENVPN Works from States, not Europe 08:05 < bigcx2> i have a simple setup script that runs before the server is started 08:05 < bigcx2> can i post that somewhere? 08:06 <@ecrist> pastebin 08:06 <@ecrist> what OS? 08:07 < bigcx2> http://pastebin.com/Dyqhy5kS 08:08 < bigcx2> ubuntu server 08:08 <@ecrist> I'm likely to not be much/any help on linux 08:08 <@ecrist> I use real unix. :) 08:09 <@ecrist> is your ethernet interface called eth0-eth1? 08:09 < bigcx2> lol ok 08:09 < bigcx2> yes 08:09 <@ecrist> that's a confusing interface name 08:09 < bigcx2> i agree 08:10 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 08:10 <@ecrist> does your script work? 08:10 < bigcx2> it "works" in that it executes without error! 08:10 < bigcx2> but that's about it 08:11 <@ecrist> does it create br0, and add both eth0-eth1 and tap0? 08:11 <@ecrist> as members of the bridge 08:11 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 245 seconds] 08:11 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 08:12 < bigcx2> i believe so...here's what my ifconfig looks like: 08:12 < bigcx2> http://pastebin.com/aKpA5bnA 08:15 < bigcx2> and then here's my routing table and server.conf 08:15 < bigcx2> http://pastebin.com/kpNNcJfZ 08:15 < bigcx2> i'm so confused 08:15 < bigcx2> i'm sure it's something stupid simple 08:16 < bigcx2> but i just haven't been able to wrap my head around what's going wrong 08:17 -!- d12fk [~heiko@exit0.net] has left #openvpn ["Konversation terminated!"] 08:19 -!- bigpaws_ [~bigpaws@c-68-37-125-150.hsd1.nj.comcast.net] has quit [Ping timeout: 245 seconds] 08:19 -!- bigpaws [~bigpaws@c-68-37-125-150.hsd1.nj.comcast.net] has joined #openvpn 08:33 -!- nonotza [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has quit [Quit: nonotza] 08:35 <@ecrist> I'm not sure where it's supposed to say on linux, where the bridge members are 08:36 < bigcx2> from re-reading the ethernet bridging openvpn page, it seems that my eth0-eth1 interface shouldn't have an address 08:36 < bigcx2> it seems that only my bridge interface should have an address 08:37 < bigcx2> "An important point to understand with Ethernet bridging is that each network interface which is added to the bridge will lose its individual identity in terms of specific settings such as IP address and netmask. Only the TCP/IP settings of the bridge interface itself will be relevent." 08:37 < bigcx2> so I took out my directive in /etc/network/interfaces to give my eth0-eth1 interface an address on startup 08:37 <@dazo> bigcx2: correct ... bridge members should not have an IP address in Linux ... only the bridge interface (say, br0) 08:38 < bigcx2> and now the only person that receives an ip is the bridge interface 08:38 <@dazo> and all firewalling need to match against br0 if it matched against eth0 or eth1 08:38 < bigcx2> dazo: ok thanks, but now I see that I'm not receiving any traffic from the outside world 08:38 <@dazo> (for more advanced firewalling on bridges, you need to use ebtables) 08:39 <@dazo> bigcx2: think of bridges like a software switch 08:39 <@dazo> all members you bridge together will get data replicated to the other ports 08:40 <@dazo> (in fact, if you just bridge eth devices and don't give any of the eth/br devices an IP address ... you have created a switch) 08:40 < bigcx2> dazo: makes sense, that was just starting to click as you said that 08:40 <@dazo> but use tcpdump to be able to more easily see if the traffic goes where it is supposed to go 08:40 <@dazo> you can use tcpdump on bridge members 08:41 <@dazo> but there are some kernel parameters as well (don't recall exactly what they're called ... but its some rp_ prefix) 08:41 <@dazo> you need to check out that they are set correctly 08:41 * dazo don't use bridging much, so he is not sure about the deep details 08:41 * dazo need to prepare boarding a plane 08:42 < bigcx2> dazo: ok, it seems like my firewall (on the server) is denying stuff from the physical interface to flow freely through the bridge 08:42 < bigcx2> never used tcpdump before, i'll give it a shot 08:42 < bigcx2> dazo: thanks 08:42 -!- dazo is now known as dazo_afk 08:43 -!- dli [~dli@cable-mtl-31.246.173-174.electronicbox.net] has joined #openvpn 08:44 < S1lv3R> ecrist i was reset yesterday my Router 08:44 < S1lv3R> It works now ^^ 08:44 < dli> I'm trying to connect to two openvpn servers, but seems like enabling one always disables the other: 08:44 < S1lv3R> again 08:44 < S1lv3R> but i have troubles with my Netfilter 08:44 < dli> TCP/UDP: Incoming packet rejected from 173 08:44 < dli> .248.213.185:30295[2], expected peer address: 192.168.1.14:30290 (allow this inc 08:44 < dli> oming source address/port by removing --remote or adding --float) 08:45 < dli> seems like both clients insists on using tun0, instead of any creating a tun1 08:48 -!- obiwahn [~obiwahn@pdpc/supporter/student/obiwahn] has joined #openvpn 08:48 < obiwahn> hi 08:49 < obiwahn> i have trouble conneting to hide my ass i have no clue waht could be wrong my config looks like this: http://paste.debian.net/154479/ 08:52 < obiwahn> http://paste.debian.net/154480/ here is a bit of the log 08:52 <@ecrist> obiwahn: you'll have to contact their support 08:53 < obiwahn> so there is nothing i can read fromthe logs? 08:54 -!- p3rror [~mezgani@41.205.221.206] has quit [Ping timeout: 240 seconds] 08:57 -!- JPeterson [HydraIRC@s213-103-209-64.cust.tele2.se] has quit [Ping timeout: 260 seconds] 08:57 <@vpnHelper> RSS Update - forum: Unstable connection - active sessions dropped msg in log 09:00 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Read error: Operation timed out] 09:00 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 09:03 <@vpnHelper> RSS Update - forum: OPENVPN Works from States, not Europe 09:03 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn 09:03 -!- mode/#openvpn [+v s7r] by ChanServ 09:04 -!- nonotza [~nonotza@66.246.94.130] has joined #openvpn 09:04 <@ecrist> obiwahn: your logs don't reveal much, other than the fact the connection isn't working 09:04 <+s7r> can i put ipv6 address in push 'dhcp-option DNS ' ? 09:04 <+s7r> speaking about 2.2.2 latest community release 09:04 <@ecrist> more details are likely in the server log, which you don't control. 09:05 <@ecrist> you could try turning up the verbosity of the log 09:05 < bigcx2> ecrist: got it working 09:05 <@ecrist> bigcx2: good to hear! 09:05 < bigcx2> the problem was twofold 09:06 < rob0> the problem was rob0 09:06 <+s7r> ecrist: can i put ipv6 address in push 'dhcp-option DNS ' ? 09:06 < bigcx2> one, i was assigning still assigning an ip address to the physical "eth0-eth1" interface, when the only person who should have been receiving an address was the bridge 09:06 <+s7r> sorry for highlight but i know you can tell me for sure 100% 09:06 <+s7r> :D 09:06 < bigcx2> and two, my firewall rules were a tad off 09:06 <@ecrist> s7r: I'm not sure 09:06 -!- p3rror [~mezgani@41.205.221.206] has joined #openvpn 09:06 < bigcx2> thanks for your help though 09:12 < obiwahn> ecrist: which level would you suggest i have already used 9 09:13 <@ecrist> if the log you showed me was 9, you likely have a local network issue 09:13 < rob0> 9? And you survived? 09:13 < obiwahn> ok - like waht? 09:13 < obiwahn> ecrist: i am able to connect to my university without a problem using openvpn 09:13 <@ecrist> well, I'm surprised you can IRC if that was verb 9 09:14 <@ecrist> !configs 09:14 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries 09:17 < obiwahn> ecrist: http://paste.debian.net/154489/ <-- working config 09:18 < obiwahn> http://paste.debian.net/154479/ <-- not working conf 09:18 < obiwahn> the log was not the full log 09:19 -!- Secret [~Secret@78.157.114.46] has quit [Ping timeout: 276 seconds] 09:19 < obiwahn> http://paste.debian.net/154480/ last lines of the log before connection reset. 09:19 <@ecrist> obiwahn: I want the full log 09:19 <@ecrist> not part of it 09:19 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 09:20 < obiwahn> mmmh ok 09:21 -!- Secret [~Secret@78.157.114.46] has joined #openvpn 09:25 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 09:27 < obiwahn> ecrist: hope you don't bock /msg i did no want to provide veryboy my machine and the log ... 09:27 < obiwahn> s/bock/block/ 09:27 <@ecrist> I don't do private messages 09:27 <@ecrist> either post it here, or gtfo. :) 09:28 < obiwahn> credentials are not contained in the log even when it is verbose?! 09:29 <@ecrist> no 09:30 < obiwahn> ecrist: http://paste.debian.net/154492/ 09:37 -!- Axeman [~Axeman3@198.105.46.46] has joined #openvpn 09:37 -!- Axeman [~Axeman3@198.105.46.46] has quit [Changing host] 09:37 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 09:37 -!- mode/#openvpn [+v Axeman] by ChanServ 09:40 < obiwahn> ecrist: any ideas? 09:47 -!- lakewood [~user@99-45-120-223.lightspeed.cicril.sbcglobal.net] has quit [Remote host closed the connection] 09:50 -!- rickuz [~rickuz@p5DC45693.dip.t-dialin.net] has joined #openvpn 09:51 < rickuz> hi 09:51 < rickuz> can sb explain me this error??? 09:51 < rickuz> Sorry but I can't become a daemon because this operating system doesn't appear to support either the daemon() or fork() system calls 09:51 < rickuz> version 1.0.3 09:51 < rickuz> windows 09:52 <@ecrist> what version of windows? 09:52 <@ecrist> and what version of openvpn? 09:52 < rickuz> clientconf : http://pastebin.com/Eyx2r952 09:52 < rickuz> win 7 x64 09:52 < obiwahn> it seems that your os does not implement those systemcalls:( 09:53 <@ecrist> what version of openvpn? 09:53 < rickuz> openVPN GUI 1.0.3 09:53 < rickuz> hold on 09:54 < rickuz> OpenVPN 2.2.2 09:54 <@ecrist> rickuz: download openvpn with the built-in gui from our site 09:54 <@ecrist> !download 09:54 <@vpnHelper> "download" is (#1) http://www.openvpn.net/download to download OpenVPN or (#2) OpenVPN's Windows installer now includes OpenVPN GUI. Don't bother with http://openvpn.se anymore or (#3) Don't trust download.com at all. It provides an extremely old version with malware: http://insecure.org/news/download-com-fiasco.html 09:54 < cadmium> anyone interested in doing an openVPN/slackware setup for contract? 09:54 < rickuz> ^^ i did 09:55 < rickuz> i user this link http://swupdate.openvpn.org/community/releases/openvpn-2.2.2-install.exe 09:55 <@ecrist> cadmium: the going rate is about $285/hr 09:55 < cadmium> ecrist i'll take that but you will have to work on screen and on teleconference 09:55 <@ecrist> rickuz: that includes the GUI, so not sure what other gui you're using 09:55 <@ecrist> $285/hr and you have to switch to freebsd 09:56 < cadmium> nope can't do it.. 09:56 <@ecrist> 20 hour minimum, I can have it done by 5pm CST today 09:56 < rickuz> ehm i clickt about 09:56 < cadmium> i like free bsd but i don't run production systems on freebsd unless I have to.. 09:56 <@ecrist> rickuz: are you running as admin 09:56 <@ecrist> also 09:56 <@ecrist> !configs 09:56 <@ecrist> !logs 09:56 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries 09:56 <@vpnHelper> "logs" is (#1) is please pastebin your logfiles from both client and server with verb set to 5 or (#2) In Tunnelblick, right-click and select copy to copy log text to clipboard. 09:56 <@ecrist> cadmium: I'd do it, but I know nothing of linux 09:57 < rickuz> ecrist: jep 09:57 <@ecrist> I use freebsd for everything these days 09:57 < rickuz> ecrist: me to by the way ;) 09:57 < rickuz> ecrist: http://pastebin.com/Eyx2r952 clientconf 09:58 < cadmium> well.. i suppose i could throw a system together 09:58 < obiwahn> ecrist: before you run off did my log tell you anything useful? i could neot even find the reaseon for the conection reset:( 09:58 < rickuz> http://pastebin.com/Ex1xYMgT log 09:58 <@ecrist> obiwahn: I never looked a second time 09:58 < cadmium> but i'd have to take it to install it at colo facility 09:59 < obiwahn> so would you please take a look at the full log:) 09:59 <@ecrist> obiwahn: first thing I see is you're using an old version of openvpn 10:01 <@ecrist> obiwahn: if I had to guess, you're using the wrong protocol/port 10:01 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 10:01 <@ecrist> but, this is why we don't support people that don't control both sides 10:01 <@ecrist> :) 10:01 <@ecrist> you'll have to contact their support 10:01 < obiwahn> ok 10:03 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 10:05 -!- Deathvalley122 [~Death@localtel.eagleits.net] has quit [Ping timeout: 245 seconds] 10:06 < rickuz> ecrist: can u explain me in a sentense what the meaing of this is?? 10:06 < rickuz> Sorry but I can't become a daemon because this operating system doesn't appear to support either the daemon() or fork() system calls 10:08 < rickuz> is it even possible to connect to a openvpn server in your own network??? 10:13 <@ecrist> rickuz: it's ill-advised to connect to an openvpn server on the same lan 10:13 <@ecrist> lots of potential for breakage 10:13 -!- Axeman [~Axeman3@openvpn/user/axeman] has left #openvpn ["Leaving"] 10:14 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 10:15 < obiwahn> ecrist: does # or ; make a difference or is it ust for readability? 10:16 <@ecrist> either is a comment 10:16 < obiwahn> ok it was a missing route-metric 1 10:17 <@ecrist> rickuz: remove daemon from your client config 10:18 -!- Deathvalley122 [~Death@localtel.eagleits.net] has joined #openvpn 10:19 < rickuz> ecrist: its just for testing reason 10:19 <@ecrist> and it's causing your error 10:20 <@ecrist> you cannot be a client and a daemon at the same time 10:20 < rickuz> ecrist: its working 10:20 < rickuz> perfect 10:20 < rickuz> thanks a lot 10:24 -!- emmanuelux [~emmanuel@2a01:e35:2e4d:9010:21d:60ff:fe0e:b818] has quit [Remote host closed the connection] 10:27 -!- emmanuelux [~emmanuel@2a01:e35:2e4d:9010:21d:60ff:fe0e:b818] has joined #openvpn 10:32 -!- Mowee [~Mowi@85.17.180.48] has quit [Ping timeout: 255 seconds] 10:32 -!- S1lv3R [~Ben@178-83-34-83.dynamic.hispeed.ch] has quit [Ping timeout: 255 seconds] 10:33 -!- Mowi [~Mowi@85.17.180.48] has joined #openvpn 10:34 -!- prometheanfire [~promethea@gentoo/developer/prometheanfire] has joined #openvpn 10:34 < prometheanfire> does openvpn support pushing ipv6 routes? 10:35 < EugeneKay> Not in the current stable, no. 10:35 < EugeneKay> !ipv6 10:35 -!- S1lv3R [~Ben@178-83-34-83.dynamic.hispeed.ch] has joined #openvpn 10:35 <@vpnHelper> "ipv6" is (#1) http://www.greenie.net/ipv6/openvpn.html for ipv6 payload patch (adds some nice ipv6 options) or (#2) see !snapshots for a release with ipv6 patches in it, report how it works to help it get included in a stable release 10:35 < EugeneKay> !snapshots 10:35 <@vpnHelper> "snapshots" is (#1) weekly dev snapshots are available from ftp://ftp.secure-computing.net/pub/openvpn or (#2) by helping test these features, and reporting back on either of the mailing lists, you can help these features become part of the stable branch 10:36 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 10:36 -!- S1lv3R [~Ben@178-83-34-83.dynamic.hispeed.ch] has quit [Client Quit] 10:37 -!- S1lv3R [~Ben@178-83-34-83.dynamic.hispeed.ch] has joined #openvpn 10:38 < prometheanfire> the gentoo ebuild is out of date, I may update that too 10:41 <@vpnHelper> RSS Update - forum: [Help] Cannot connect to vpn. 10:42 -!- BenLue [~Ben@178-83-34-83.dynamic.hispeed.ch] has joined #openvpn 10:45 -!- S1lv3R [~Ben@178-83-34-83.dynamic.hispeed.ch] has quit [Ping timeout: 272 seconds] 10:45 -!- BenLue is now known as S1lv3R 10:48 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has quit [Ping timeout: 252 seconds] 10:55 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Remote host closed the connection] 10:55 -!- Gravitron [~admin@69.163.40.45] has joined #openvpn 10:55 -!- Gravitron [~admin@69.163.40.45] has quit [Changing host] 10:55 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 10:57 -!- S1lv3R [~Ben@178-83-34-83.dynamic.hispeed.ch] has left #openvpn [] 10:57 -!- S1lv3R [~Ben@178-83-34-83.dynamic.hispeed.ch] has joined #openvpn 10:57 < S1lv3R> !iptables 10:57 <@vpnHelper> "iptables" is (#1) to test if iptables is your problem, disable all rules or put the defaults to accept: iptables -P INPUT ACCEPT; iptables -P OUTPUT ACCEPT; iptables -P FORWARD ACCEPT; iptables -F; iptables -Z or (#2) please see http://openvpn.net/man#lbBD for more info or (#3) you can see http://www.secure-computing.net/wiki/index.php/OpenVPN/Firewall for pf or iptables 11:00 -!- emmanuelux [~emmanuel@2a01:e35:2e4d:9010:21d:60ff:fe0e:b818] has quit [Quit: @+] 11:06 -!- JackWinter [~jack@ppp-289.vo.lu] has quit [Quit: Konversation terminated!] 11:09 -!- JackWinter [~jack@ppp-289.vo.lu] has joined #openvpn 11:09 < S1lv3R> ecrist is this setting avaible? push "route 0.0.0.0 255.255.255.0" 11:09 < S1lv3R> for ping all Clients? 11:09 -!- emmanuelux [~emmanuel@2a01:e35:2e4d:9010:21d:60ff:fe0e:b818] has joined #openvpn 11:09 < S1lv3R> aviable 11:10 -!- emmanuelux [~emmanuel@2a01:e35:2e4d:9010:21d:60ff:fe0e:b818] has quit [Read error: Connection reset by peer] 11:11 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Quit: Textual IRC Client: http://www.textualapp.com/] 11:11 -!- Azrael808 [~peter@212.161.9.162] has joined #openvpn 11:12 <@ecrist> S1lv3R: no 11:14 < S1lv3R> ecrist and this one? http://paste.debian.net/154514/ 11:15 < obiwahn> thank you ecrist 11:15 < obiwahn> byw 11:15 < obiwahn> e 11:15 -!- obiwahn [~obiwahn@pdpc/supporter/student/obiwahn] has left #openvpn [] 11:15 -!- prometheanfire [~promethea@gentoo/developer/prometheanfire] has left #openvpn [] 11:17 -!- Gravitron [~admin@64.93.145.58] has joined #openvpn 11:17 -!- Gravitron [~admin@64.93.145.58] has quit [Changing host] 11:17 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 11:21 -!- Azrael808 [~peter@212.161.9.162] has quit [Read error: Operation timed out] 11:22 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Ping timeout: 260 seconds] 11:22 -!- Gravitro_ [~admin@69.163.40.45] has joined #openvpn 11:24 < S1lv3R> it works with windows7 to? C:\Windows\system32>net stop "OpenVPN Service" 11:25 < dli> problem of getting two VPN networks up. help: openvpn[3864]: TCP/UDP: Incoming packet rejected from 173.248.213.185:30295[2], expected peer address: 192.168.1.14:30290 11:25 -!- emmanuelux [~emmanuel@2a01:e35:2e4d:9010:21d:60ff:fe0e:b818] has joined #openvpn 11:25 < dli> in fact, those are two VPN servers I want to connect to, but can only get one up now 11:28 -!- emmanuelux [~emmanuel@2a01:e35:2e4d:9010:21d:60ff:fe0e:b818] has quit [Read error: Connection reset by peer] 11:28 -!- Tiburon [~Tiburon@port944.ds1-brh.adsl.cybercity.dk] has joined #openvpn 11:29 < S1lv3R> !configs 11:29 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries 11:31 -!- MeanderingCode [~Meanderin@97-123-4-4.albq.qwest.net] has joined #openvpn 11:31 < S1lv3R> is this config correct? http://paste.debian.net/154517/ 11:34 -!- gladiatr [~sdspence@135.15.124.24.cm.sunflower.com] has quit [Changing host] 11:34 -!- gladiatr [~sdspence@openvpn/community/support/gladiatr] has joined #openvpn 11:35 -!- emmanuelux [~emmanuel@2a01:e35:2e4d:9010:21d:60ff:fe0e:b818] has joined #openvpn 11:36 -!- emmanuelux [~emmanuel@2a01:e35:2e4d:9010:21d:60ff:fe0e:b818] has quit [Read error: Connection reset by peer] 11:38 -!- emmanuelux [~emmanuel@2a01:e35:2e4d:9010:21d:60ff:fe0e:b818] has joined #openvpn 11:38 -!- emmanuelux [~emmanuel@2a01:e35:2e4d:9010:21d:60ff:fe0e:b818] has quit [Read error: Connection reset by peer] 11:46 < Tiburon> !welcome 11:46 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 11:47 < Tiburon> !route 11:47 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT or (#3) See !tcpip for more info about a more basic networking guide 11:48 < Tiburon> !redirect 11:48 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns 11:48 < Tiburon> !ipforward 11:48 <@vpnHelper> "ipforward" is please choose between !linipforward !winipforward !osxipforward and !fbsdipforward 11:49 < Tiburon> !linipforward 11:49 <@vpnHelper> "linipforward" is (#1) echo 1 > /proc/sys/net/ipv4/ip_forward for a temp solution (til reboot) or set net.ipv4.ip_forward = 1 in sysctl.conf for perm solution or (#2) chmod +x /etc/rc.d/rc.ip_forward for perm solution in slackware 11:50 < Tiburon> !winipforward 11:50 <@vpnHelper> "winipforward" is http://support.microsoft.com/kb/315236 to enable ip forwarding on windows 11:51 < Tiburon> !oxipforward 11:51 < Tiburon> !osxipforward 11:51 <@vpnHelper> "osxipforward" is (#1) sysctl -w net.inet.ip.forwarding=1 for a temp solution or (#2) add IPFORWARDING=-YES- in /etc/hostconfig for a permanent solution 11:53 -!- blahblah4 [~demigod12@ool-457a5d10.dyn.optonline.net] has joined #openvpn 11:56 < hyper_ch> -10°C is really cold :( 11:56 -!- rickuz [~rickuz@p5DC45693.dip.t-dialin.net] has quit [Quit: Leaving.] 11:57 -!- emmanuelux [~emmanuel@2a01:e35:2e4d:9010:21d:60ff:fe0e:b818] has joined #openvpn 12:02 < S1lv3R> Thu Feb 02 18:59:45 2012 RESOLVE: Cannot resolve host address: my.dyndns.net: [NO_DATA] The requested name is valid but does not have an IP address. 12:03 < S1lv3R> is my Dyndns not updated? 12:03 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has joined #openvpn 12:04 < S1lv3R> i dount understand this msg 12:06 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 260 seconds] 12:07 -!- takamichi [~pri@217.23.4.104] has joined #openvpn 12:17 < S1lv3R> !config 12:17 <@vpnHelper> (config []) -- If is given, sets the value of to . Otherwise, returns the current value of . You may omit the leading "supybot." in the name if you so choose. 12:18 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has quit [] 12:23 < S1lv3R> !pushroutes 12:24 < S1lv3R> !routes 12:24 < S1lv3R> !route 12:24 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT or (#3) See !tcpip for more info about a more basic networking guide 12:26 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has quit [Ping timeout: 252 seconds] 12:27 < Tiburon> !def1 12:27 <@vpnHelper> "def1" is (#1) used in redirect-gateway, Add the def1 flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. or (#2) please see --redirect-gateway in the man page ( !man ) to fully understand or (#3) push "redirect-gateway def1" 12:27 < Tiburon> !nat 12:27 <@vpnHelper> "nat" is (#1) http://openvpn.net/howto.html#redirect for an explanation of NAT as it applies to openvpn or (#2) http://www.secure-computing.net/wiki/index.php/OpenVPN/FAQ#Traffic_forwarding_doesn.27t_work_when_using_client_specific_access_rules or (#3) dont forget to turn on ip forwarding or (#4) please choose between !linnat !winnat and !fbsdnat for specific howto 12:32 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has joined #openvpn 12:49 < Tiburon> !fbsdnat 12:49 <@vpnHelper> "fbsdnat" is nat on $ext_if from $vpn_network to any -> ($ext_if) (this is for PF) 12:49 < Tiburon> !linnat 12:49 <@vpnHelper> "linnat" is (#1) for a basic iptables NAT where 10.8.0.x is the vpn network: iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE or (#2) to choose what IP address to NAT as, you can use iptables -t nat -I POSTROUTING -o eth0 -j SNAT --to or (#3) http://netfilter.org/documentation/HOWTO//NAT-HOWTO.html for more info or (#4) openvz see !openvzlinnat 12:50 -!- takamichi [~pri@217.23.4.104] has quit [Ping timeout: 248 seconds] 12:50 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 12:51 < Tiburon> !goal 12:51 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc 12:51 < Tiburon> !configs 12:51 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries 12:52 < Tiburon> !logs 12:52 <@vpnHelper> "logs" is (#1) is please pastebin your logfiles from both client and server with verb set to 5 or (#2) In Tunnelblick, right-click and select copy to copy log text to clipboard. 12:52 < S1lv3R> jemand deutsches hier oder der deutsch sprechen kann? 12:52 < hyper_ch> nein 12:53 < S1lv3R> Ich bin echt am verzweifeln 12:54 < S1lv3R> gut zu wissen ^^ 12:55 < hyper_ch> ping my.mydns.net 12:55 < hyper_ch> ping: unknown host my.mydns.net 12:55 < hyper_ch> ping my.dyndns.net 12:55 < hyper_ch> ping: unknown host my.dyndns.net 12:56 < S1lv3R> was machst du? 12:56 < S1lv3R> ping wipe.bounceme.net 12:56 < hyper_ch> [19:02] Thu Feb 02 18:59:45 2012 RESOLVE: Cannot resolve host address: my.dyndns.net: [NO_DATA] The requested name is valid but does not have an IP address. 12:57 < S1lv3R> 64 bytes from S3DEBSRV01.BASEL.S3SYSTEM.COM (192.168.2.3): icmp_req=1 ttl=64 time=0.013 ms 12:57 < S1lv3R> Antwort von 178.83.34.83: Bytes=32 Zeit<1ms TTL=64 12:58 < S1lv3R> sieht gut aus 12:58 < S1lv3R> eingetragen ist wipe.bounceme.net 13:00 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has quit [Remote host closed the connection] 13:01 < S1lv3R> Ist eine Verbindung ueber wan moeglich wen keine IPTABLE eintraege getaetigt werden 13:03 < S1lv3R> Netfilter hass ich zu tode, ich steig da nicht durch 13:04 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has quit [Ping timeout: 255 seconds] 13:05 < S1lv3R> Mein ovpn laeft soweit. Mit dem Client1 bin ich verbunden Client2 macht mir Probleme. Inet nicht moeglich 13:06 < S1lv3R> Ich dachte OpenVPN sei leichter wie PPTP 13:06 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has joined #openvpn 13:07 < S1lv3R> hyper_ch ping is working 13:08 < S1lv3R> but from Client2 isnt working 13:11 -!- MarKsaitis [~MarKsaiti@88.96.60.78] has quit [Ping timeout: 260 seconds] 13:12 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has joined #openvpn 13:16 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has quit [Ping timeout: 252 seconds] 13:17 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has quit [Remote host closed the connection] 13:18 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has joined #openvpn 13:22 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has joined #openvpn 13:22 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Remote host closed the connection] 13:25 < S1lv3R> hmmmm hab openvpn auf mein Debian installiert aber irgendwie funktioniert die Verbindung vom Client2 nicht. Kann vom Client2 meine DYNDNS auch nicht anpingen ); iptables -L -v liefert mir http://paste.debian.net/154534/ muss ich nochwas beachten oder hab ich was vergessen? 13:25 -!- p3rror [~mezgani@41.205.221.206] has quit [Ping timeout: 260 seconds] 13:31 -!- rkantos [~robin2@109.169.55.199] has quit [Ping timeout: 272 seconds] 13:39 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has quit [Remote host closed the connection] 13:39 -!- S1lv3R [~Ben@178-83-34-83.dynamic.hispeed.ch] has quit [Read error: Connection reset by peer] 13:41 -!- S1lv3R [~Ben@178-83-34-83.dynamic.hispeed.ch] has joined #openvpn 13:42 -!- novaflash [~novaflash@openvpn/user/novaflash] has left #openvpn [] 13:46 -!- Chat9470 [~Chat9470@app6.chatmosphere.org] has joined #openvpn 13:46 < Chat9470> Hi 13:47 < Chat9470> Hello 13:47 -!- Chat9470 [~Chat9470@app6.chatmosphere.org] has quit [Client Quit] 13:48 -!- Chat9470 [~Chat9470@app3.chatmosphere.org] has joined #openvpn 13:48 < Chat9470> Hii 13:48 < Chat9470> Hello 13:48 < Chat9470> Is anyone in room 13:48 -!- Chat9470 [~Chat9470@app3.chatmosphere.org] has quit [Client Quit] 13:52 < S1lv3R> !def1 13:52 <@vpnHelper> "def1" is (#1) used in redirect-gateway, Add the def1 flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. or (#2) please see --redirect-gateway in the man page ( !man ) to fully understand or (#3) push "redirect-gateway def1" 13:53 < S1lv3R> 3/hop 13:53 -!- S1lv3R [~Ben@178-83-34-83.dynamic.hispeed.ch] has left #openvpn [] 13:53 -!- S1lv3R [~Ben@178-83-34-83.dynamic.hispeed.ch] has joined #openvpn 13:54 < S1lv3R> !iptables 13:54 <@vpnHelper> "iptables" is (#1) to test if iptables is your problem, disable all rules or put the defaults to accept: iptables -P INPUT ACCEPT; iptables -P OUTPUT ACCEPT; iptables -P FORWARD ACCEPT; iptables -F; iptables -Z or (#2) please see http://openvpn.net/man#lbBD for more info or (#3) you can see http://www.secure-computing.net/wiki/index.php/OpenVPN/Firewall for pf or iptables 13:56 -!- JPeterson [HydraIRC@s213-103-209-64.cust.tele2.se] has joined #openvpn 13:59 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has joined #openvpn 13:59 -!- rickuz [~rickuz@77-21-40-215-dynip.superkabel.de] has joined #openvpn 14:14 -!- rickuz1 [~rickuz@77-21-40-215-dynip.superkabel.de] has joined #openvpn 14:15 -!- rickuz [~rickuz@77-21-40-215-dynip.superkabel.de] has quit [Ping timeout: 245 seconds] 14:16 -!- Chat9470 [~Chat9470@app17.chatmosphere.org] has joined #openvpn 14:16 -!- Chat9470 [~Chat9470@app17.chatmosphere.org] has quit [Client Quit] 14:18 -!- scampbell [~scampbell@c-98-224-240-62.hsd1.mi.comcast.net] has joined #openvpn 14:20 -!- Oren [~Oren@82.80.132.242] has quit [Ping timeout: 252 seconds] 14:22 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 14:24 -!- FIP [~FIP@vpn3.freedom-ip.com] has joined #openvpn 14:25 < FIP> hi 14:25 < FIP> all 14:25 < FIP> someone have configuration of iptables for VPS for full-tunneling OpenVPN 14:25 < FIP> ? 14:28 -!- nobody481 [~demigod12@ool-457a5d10.dyn.optonline.net] has joined #openvpn 14:29 -!- novaflash [~novaflash@openvpn/user/novaflash] has joined #openvpn 14:29 -!- mode/#openvpn [+v novaflash] by ChanServ 14:30 -!- pyrocommie [~Anonymous@2.29.76.76] has joined #openvpn 14:30 -!- FIP [~FIP@vpn3.freedom-ip.com] has quit [Read error: Connection reset by peer] 14:30 -!- autif [~autif@static-72-93-90-226.bstnma.fios.verizon.net] has joined #openvpn 14:31 -!- blahblah4 [~demigod12@ool-457a5d10.dyn.optonline.net] has quit [Ping timeout: 240 seconds] 14:31 < autif> I am trying to setup a static key mini how to http://openvpn.net/index.php/open-source/documentation/miscellaneous/78-static-key-mini-howto.html 14:31 <@vpnHelper> Title: Static Key Mini-HOWTO (at openvpn.net) 14:32 -!- rickuz [~rickuz@p5DC45693.dip.t-dialin.net] has joined #openvpn 14:32 -!- FIP [~FIP@82.225.153.211] has joined #openvpn 14:32 -!- rickuz1 [~rickuz@77-21-40-215-dynip.superkabel.de] has quit [Ping timeout: 240 seconds] 14:32 < autif> Where do I put the static.key and server.config files, what should the config file be renamed to 14:33 < EugeneKay> Wherver you like. Whatever you like. 14:34 < autif> I see 14:34 < autif> so they are passed on comman line I suppose 14:34 * autif looks up man 14:34 < EugeneKay> !man 14:34 <@vpnHelper> "man" is (#1) http://openvpn.net/man for 2.0 manual or (#2) http://openvpn.net/man-beta.html for 2.1 manual or (#3) http://openvpn.net/index.php/open-source/documentation/manuals/427-openvpn-22.html for 2.2 manual or (#4) the man pages are your friend! 14:34 < EugeneKay> !linnat 14:34 <@vpnHelper> "linnat" is (#1) for a basic iptables NAT where 10.8.0.x is the vpn network: iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE or (#2) to choose what IP address to NAT as, you can use iptables -t nat -I POSTROUTING -o eth0 -j SNAT --to or (#3) http://netfilter.org/documentation/HOWTO//NAT-HOWTO.html for more info or (#4) openvz see !openvzlinnat 14:34 < EugeneKay> FIP ^ 14:38 < autif> wow! 14:38 < autif> works beautifully 14:38 < autif> thank you! 14:39 -!- FIP2 [~FIP@82.225.153.211] has joined #openvpn 14:42 -!- novaflash is now known as novaflash_away 14:43 -!- FIP [~FIP@82.225.153.211] has quit [Ping timeout: 245 seconds] 14:43 -!- pyrocommie [~Anonymous@2.29.76.76] has quit [Quit: HydraIRC -> http://www.hydrairc.com <- *I* use it, so it must be good!] 14:43 < Tiburon> I am trying to redirect network traffic over VPN. Connection between client and server is up but there is no connection to the world. 14:43 -!- cadmium [~mike@75.47.2.73] has left #openvpn [] 14:44 < Tiburon> I'm supecting that the gateway is wrng on the client 14:44 -!- FIP2 [~FIP@82.225.153.211] has quit [Quit: Quitte] 14:44 <@vpnHelper> RSS Update - forum: Disabling split tunneling for specific users? 14:45 < Tiburon> OpenVPN gateway should be 192.168.142.1 but the client reports .5 as gateway 14:45 < Tiburon> also DHCP is .5 according to the client 14:46 < Tiburon> Does this ring any bell? 14:46 -!- MarKsaitis [~MarKsaiti@cpc4-rdng22-2-0-cust932.15-3.cable.virginmedia.com] has joined #openvpn 14:46 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has quit [Read error: Connection reset by peer] 14:47 < Tiburon> I can ping .1 but not .5 14:49 -!- novaflash_away is now known as novaflash 14:50 -!- rickuz [~rickuz@p5DC45693.dip.t-dialin.net] has quit [Ping timeout: 240 seconds] 14:50 -!- rickuz1 [~rickuz@77-21-40-215-dynip.superkabel.de] has joined #openvpn 14:51 -!- _quadDamage [~EmperorTo@jaguar-2-red.claimlynx.com] has quit [Remote host closed the connection] 14:53 -!- EmperorTom [~EmperorTo@jaguar-2-red.claimlynx.com] has joined #openvpn 14:58 -!- EmperorTom is now known as _quadDamage 15:07 -!- kisom [~x@c-fadde155.648-1-64736c11.cust.bredbandsbolaget.se] has joined #openvpn 15:09 < kisom> Are there any up-to-date instructions on how to roll a custom OpenVPN installer on Windows? I basically need an executable that installs OpenVPN on the machine, including configuration and certificates. 15:13 <@ecrist> nope 15:13 <@ecrist> not at this time 15:14 < kisom> ecrist: OK. I guess rebuilding OpenVPN and modifying the NSIS scripts are the only way to go then. 15:21 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has quit [] 15:34 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has joined #openvpn 15:40 < R-66Y> kisom: that's what I did. 15:41 < kisom> R-66Y: I assume you followed this page? https://community.openvpn.net/openvpn/wiki/BuildingOnWindows 15:41 <@vpnHelper> Title: BuildingOnWindows – OpenVPN Community (at community.openvpn.net) 15:43 < R-66Y> nope, I just had them use two installers: 1 for OpenVPN and its driver(s), 1 for certs and configuration 15:43 < R-66Y> built a simple installer from NSIS documentation 15:44 < R-66Y> keep in mind I deploy to admins mostly, not so much to end-users. it's a convenience thing 15:44 -!- Tiburon_ [~Tiburon@port944.ds1-brh.adsl.cybercity.dk] has joined #openvpn 15:45 < kisom> Yeah, this is going out to admins too. But there's 800+ of them so it still should be simple. 15:45 < kisom> Might just put together a small program that runs the installer with the silent switch and then copies the configuration + starts the service. 15:47 -!- Tiburon [~Tiburon@port944.ds1-brh.adsl.cybercity.dk] has quit [Ping timeout: 265 seconds] 15:47 -!- Tiburon_ is now known as Tiburon 15:48 -!- rickuz [~rickuz@77-21-40-215-dynip.superkabel.de] has joined #openvpn 15:50 -!- rickuz1 [~rickuz@77-21-40-215-dynip.superkabel.de] has quit [Ping timeout: 255 seconds] 16:02 -!- JackWinter [~jack@ppp-289.vo.lu] has quit [Quit: Konversation terminated!] 16:05 -!- JackWinter [~jack@ppp-289.vo.lu] has joined #openvpn 16:08 -!- scampbell [~scampbell@c-98-224-240-62.hsd1.mi.comcast.net] has quit [Quit: Ex-Chat] 16:11 <@vpnHelper> RSS Update - forum: Client can connect but has no access to the Internet || OpenVPN server would not complete init sequence 16:16 <@vpnHelper> RSS Update - forum: howto know status of openvpn client ? || Using tap mode without ethernet bridging on server side. || crl produces huge log output 16:20 -!- BoomSie [~gideon@84-245-27-118.dsl.cambrium.nl] has joined #openvpn 16:20 < tabakhase> ddns pls thy 16:23 <@vpnHelper> RSS Update - forum: Disabling split tunneling for specific users? || Unstable connection - active sessions dropped msg in log 16:28 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has quit [Ping timeout: 240 seconds] 16:28 <@vpnHelper> RSS Update - forum: [SOLVED] OPENVPN Works from States, not Europe 16:33 -!- BoomSie [~gideon@84-245-27-118.dsl.cambrium.nl] has quit [Ping timeout: 245 seconds] 16:33 -!- nonotza_ [~nonotza@50-57-234-249.static.cloud-ips.com] has joined #openvpn 16:34 -!- nonotza [~nonotza@66.246.94.130] has quit [Ping timeout: 245 seconds] 16:34 -!- nonotza_ is now known as nonotza 16:39 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has joined #openvpn 16:45 -!- Tiburon [~Tiburon@port944.ds1-brh.adsl.cybercity.dk] has quit [Quit: Tiburon] 16:55 < dli> TCP/UDP: Socket bind failed on local address [undef]:1194: Address already in use 16:58 -!- rickuz [~rickuz@77-21-40-215-dynip.superkabel.de] has left #openvpn [] 17:09 -!- autif [~autif@static-72-93-90-226.bstnma.fios.verizon.net] has quit [Quit: Leaving.] 17:16 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has quit [Remote host closed the connection] 17:18 < tabakhase> !cipher 17:18 < tabakhase> hm, i look for a table "speed/cpu vs. cryptig" 17:23 < tabakhase> !mssfix 17:23 < EugeneKay> !factoids 17:23 <@vpnHelper> "factoids" is A semi-regularly updated dump of factoids database is available at http://www.secure-computing.net/factoids.php 17:24 < tabakhase> nothing to mssfix at all =( 17:27 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 17:27 -!- Tiburon [~Tiburon@4807ds1-hl.0.fullrate.dk] has joined #openvpn 17:29 < majuscule> !def1 17:29 <@vpnHelper> "def1" is (#1) used in redirect-gateway, Add the def1 flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. or (#2) please see --redirect-gateway in the man page ( !man ) to fully understand or (#3) push "redirect-gateway def1" 17:29 -!- dli [~dli@cable-mtl-31.246.173-174.electronicbox.net] has quit [Remote host closed the connection] 17:39 < majuscule> I am trying to create a static key connection between my server and laptop. The new interface tun0 is created, and my default route seems correctly changed to tun0. However, the only computer I can connect to is my server, attempting to reach any other address simply recieves no reply. Here is my server configuration: http://paste.pocoo.org/show/544900/ Here is my client configuration: http://paste.pocoo.org/show/544901/ 17:40 < majuscule> Here is my server output: http://paste.pocoo.org/show/544903/ 17:41 < majuscule> Here is my client output: http://paste.pocoo.org/show/544904/ 17:42 < majuscule> iptables is disabled on both sides. /var/log/messages has no messages from openvpn except "kernel: tun0: Disabled Privacy Extensions" 17:42 < majuscule> What could be going wrong? 17:42 < Olipro> disabled /how/ 17:43 < Olipro> depending on your init script, that can mean either an ACCEPT on all chains, or a DROP 17:43 -!- smurfy [~smurfy@99-27-84-213.lightspeed.sndgca.sbcglobal.net] has joined #openvpn 17:43 < Olipro> naturally, the latter isn't so good 17:43 < smurfy> i had an ip change on a system, how can i get my license key fixed ? 17:44 < tabakhase> majuscule server need iptables for activating SNAT 17:46 < tabakhase> majuscule smth like ipt -t nat -A POSTROUTING -s 10.0.0.0/12(??) -o eth0(inet) -j SNAT --to Internet.ip.address should pay the price 17:48 -!- Ko6alt [~Ko6alt@ool-18ba3024.dyn.optonline.net] has joined #openvpn 17:49 < tabakhase> ja fuu 17:49 < Ko6alt> ecrist 17:49 < Ko6alt> you here? 17:49 < tabakhase> s/+*// wrong window ;-) 17:51 < Ko6alt> ecrist 17:51 < reiffert> smurfy: AS? 17:51 < reiffert> !as 17:51 <@vpnHelper> "as" is please go to #OpenVPN-AS for help with Access-Server 17:51 < Ko6alt> ecrist can i create web server certs with ssl-admin 17:52 < Ko6alt> or are these set-up strictly for openvpn 17:54 < majuscule> tabakhase: if you don't mind helping me understand that then, it's iptables -t [tablename], -A [rulechain] -s [source, this should be my client subnet?] -o [outbound interface?, why did you say inet? shouldn't this be the inbound interface tun0?] -j [SNAT is a packet state? but doesn't the -j switch refer to targets?] --to [internet.ip.address, this is the internet gateway ip address?] 17:56 -!- chats_ [chats@gateway/shell/xzibition.com/x-drzypcepdiqgdxgw] has quit [Read error: Connection reset by peer] 17:56 -!- chats_ [chats@gateway/shell/xzibition.com/x-ubsytnezvsxxovnt] has joined #openvpn 17:57 < reiffert> -o eth0 -j MASQUERADE 17:57 < reiffert> !forward 17:57 < reiffert> !nat 17:57 <@vpnHelper> "nat" is (#1) http://openvpn.net/howto.html#redirect for an explanation of NAT as it applies to openvpn or (#2) http://www.secure-computing.net/wiki/index.php/OpenVPN/FAQ#Traffic_forwarding_doesn.27t_work_when_using_client_specific_access_rules or (#3) dont forget to turn on ip forwarding or (#4) please choose between !linnat !winnat and !fbsdnat for specific howto 17:58 < reiffert> !linnat 17:58 < reiffert> !ipforward 17:58 <@vpnHelper> "linnat" is (#1) for a basic iptables NAT where 10.8.0.x is the vpn network: iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE or (#2) to choose what IP address to NAT as, you can use iptables -t nat -I POSTROUTING -o eth0 -j SNAT --to or (#3) http://netfilter.org/documentation/HOWTO//NAT-HOWTO.html for more info or (#4) openvz see !openvzlinnat 17:58 <@vpnHelper> "ipforward" is please choose between !linipforward !winipforward !osxipforward and !fbsdipforward 17:58 < reiffert> 1linipforward 17:58 < reiffert> !linipforward 17:58 <@vpnHelper> "linipforward" is (#1) echo 1 > /proc/sys/net/ipv4/ip_forward for a temp solution (til reboot) or set net.ipv4.ip_forward = 1 in sysctl.conf for perm solution or (#2) chmod +x /etc/rc.d/rc.ip_forward for perm solution in slackware 17:59 < tabakhase> majuscule -s [source, this should be my client subnet?] yes || -o i asume its eth0..., internet side... -j target, jep, the target is "do SNAT on it" and on --to youre right too 17:59 < tabakhase> MASQUERADE is not SNAT 18:00 < tabakhase> and "echo 1 > /proc/sys/net/ipv4/ip_forward" would have been the next step if its "still not working" 18:00 <@vpnHelper> RSS Update - forum: Disabling split tunneling for specific users? 18:00 < tabakhase> and you sayed "no iptables", so letzt start on the point thats visible to me 18:01 < reiffert> from man iptables 18:01 < reiffert> MASQUERADE 18:01 < reiffert> This target is only valid in the nat table, in the POSTROUTING chain. It should only be used with dynami- 18:01 < reiffert> cally assigned IP (dialup) connections: if you have a static IP address, you should use the SNAT target. 18:01 < reiffert> so you didnt ask him wether his eth0 got a static address or not ;) 18:02 -!- Denial [Denial@drgi.co.uk] has quit [] 18:02 < tabakhase> reiffert yes, he sayed "server" so i would asume a static IP, if it where diffrent he should have mentioned it... or it would fall up in debuging stage2 ;D 18:03 < reiffert> did he say linux yet or is he still looking for the NT powershell iptables equiv.? 18:03 < reiffert> :) 18:03 < tabakhase> ;D half questions->half answers 18:03 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Quit: UnterPerro] 18:05 -!- smurfy [~smurfy@99-27-84-213.lightspeed.sndgca.sbcglobal.net] has quit [] 18:07 < majuscule> tabakhase: I now have `MASQUERADE all -- ip-10-8-0-0.ec2.internal/24 anywhere` in my iptables NAT table 18:07 < majuscule> tabakhase: I still can't seem to connect :-/ i'm going to try the forwarding 18:07 < majuscule> for what it's worth, this is a RHEL server with a static IP 18:08 -!- tekzilla [~jon@hmbg-5f761017.pool.mediaWays.net] has quit [Ping timeout: 256 seconds] 18:10 < tabakhase> just mage sure to clean ALL rules in iptables... 18:10 -!- tekzilla [~jon@hmbg-5f760325.pool.mediaWays.net] has joined #openvpn 18:11 -!- gffa [~gffa@unaffiliated/gffa] has quit [Read error: Operation timed out] 18:14 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has quit [Ping timeout: 240 seconds] 18:18 -!- Olipro [~Olipro@d.e.r.p.6.a.1.0.d.d.0.7.2.0.1.0.a.2.ip6.arpa] has joined #openvpn 18:18 -!- Olipro [~Olipro@d.e.r.p.6.a.1.0.d.d.0.7.2.0.1.0.a.2.ip6.arpa] has quit [Changing host] 18:18 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn 18:19 -!- master_of_master [~master_of@p57B5529E.dip.t-dialin.net] has quit [Read error: Operation timed out] 18:20 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has quit [Client Quit] 18:22 -!- master_of_master [~master_of@p57B55A37.dip.t-dialin.net] has joined #openvpn 18:24 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn 18:26 -!- Harley [~Harley@125.70.184.234] has quit [Remote host closed the connection] 18:28 -!- nonotza [~nonotza@50-57-234-249.static.cloud-ips.com] has quit [Quit: nonotza] 18:28 -!- nonotza [~nonotza@66.246.94.130] has joined #openvpn 18:29 -!- nonotza [~nonotza@66.246.94.130] has quit [Read error: Connection reset by peer] 18:32 < majuscule> tabakhase: The forwarding doesn't seem to be solving it either :-( . I'm pretty sure my iptables look correct. Would you mind taking a look if i pastebin them? Or what else can I try? 18:39 -!- astrostl [~astrostl@71-11-141-45.dhcp.stls.mo.charter.com] has joined #openvpn 19:00 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 19:00 -!- demigod987 [~demigod98@ool-457a5d10.dyn.optonline.net] has joined #openvpn 19:01 -!- Ko6alt [~Ko6alt@ool-18ba3024.dyn.optonline.net] has quit [Quit: Leaving] 19:02 < tabakhase> majuscule next would be what you already mentioned on your own, the state of /proc/sys/net/ipv4/ip_forward 19:03 < tabakhase> f that is a 1, paste: vpn client+server, a "route print" on your client (if its windows i think), iptables-save and "ip addr" would be the whole stack 19:05 < tabakhase> you might start the pasting backwards as i mentioned them ;D 19:12 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Quit: UnterPerro] 19:16 -!- aspcartman1 [~Adium@128-72-208-119.broadband.corbina.ru] has joined #openvpn 19:16 < demigod987> I have an OpenVPN setup I've been using for a couple of years with no problem. But recently a new machine on my home network got the IP 192.168.0.3, and I can't ping it or connect to any of the services (vnc, etc) from the remote client that is connected via VPN. I have my configs and logs on pastebin.com if anyone wants to see them. 19:18 < aspcartman1> Guys, what can it possibly be: connecting thru lan (remote 192.168.0.116 1194 - on clientside) - everything is okey, but if i change this to ethernet adress (remote mydomain.com 1194 ) i got stuck on auth stage, and server speaks this: 19:18 < aspcartman1> TLS Error: TLS handshake failed 19:18 < aspcartman1> client - mac, server - debianlinux 19:19 < aspcartman1> And no iptables on server side. 19:21 < tabakhase> cant say anything to mac, but you should be able to set the authtls) with tls-remote or smth like that without influencing the connection host 19:22 < demigod987> If I manually assign a .4 or .5 IP address I can ping it without a problem. It's only .3 that's a problem and I can't figure out why. 19:22 < tabakhase> (tls-remote NAME is correct) 19:22 < tabakhase> is 192.168.0. interfeering with you normal cleint side network? 19:23 < tabakhase> hm 19:23 < tabakhase> youre using server in your local to connect from outer? 19:23 -!- astrostl [~astrostl@71-11-141-45.dhcp.stls.mo.charter.com] has quit [] 19:24 < aspcartman1> able to set the authtls) with tls-remote - didn't get the idea, really… 19:24 < aspcartman1> 192.168.0.1 (255.255.255.0) - is my local (NAT, under the linksys e4200). 192.168.16.0(255.255.!240!.0) -is what openvpn shares. 19:25 < tabakhase> oh 2 guys... tls-remote NAME is targetting you aspcartman1 19:25 < aspcartman1> If i connect locally - everything is just fine. 19:25 < tabakhase> the ip question goes to demigod987 19:26 < aspcartman1> i don't have any ip-related issues, i guess. Again, connecting inside local net - everything is worked as planned. 19:26 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 19:26 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Client Quit] 19:27 < aspcartman1> But as i change remote to blabla.com (it's my router's (with forwarded 1194) adress) - stuck on auth 19:27 < demigod987> tabakhase: I'm not sure what you're asking. 192.168.0.1 is the OpenVPN box and default router. .2 is the client that is connecting into the network using the OpenVPN client. .3 .7 .8 and .20 are clients on the home network. .2 can connect to all of them without a problem except .3 19:27 < tabakhase> aspcartman1 "TLS Error: TLS handshake failed" configs plx =) and nopaste the "stuck"+ 5 lines above 19:27 < demigod987> Wireshark on the VPN client computer, 192.168.0.2, shows that an echo request goes out and an echo reply comes back in, but Windows ping still reports "request timed out" 19:28 < tabakhase> demigod987 so its a bridged setup "and there is one host you cant reach" while the others are operating just fine? 19:29 < demigod987> tabakhase: I think that is accurate, though I'm not 100% it is bridged. Here are my configs: http://pastebin.com/kzumGWEn 19:29 < tabakhase> and on the .2 you even see the replys from .3? lol... 19:29 < demigod987> tabakhase: Yes, Wireshark shows the replies. So I'm really confused why Windows ping is reporting "request timed out". 19:29 < demigod987> I manually switched the IP on .3 to .4 and .5 as a test, and those worked fine. .3 is the only problem for some reason? 19:30 < tabakhase> demigod987 depending on your setup windows clients "need 2 ips" 19:32 -!- nonotza [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has joined #openvpn 19:32 < aspcartman1> http://pastebin.ca/2109161 19:32 -!- nonotza [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has quit [Remote host closed the connection] 19:32 < aspcartman1> connrefused apeared first time oO 19:33 < aspcartman1> sry english is not my native) 19:34 < demigod987> tabakhase: Meaning that the .2 client requires that .3 be free/available? 19:35 < aspcartman1> and TLS error again) 19:36 < tabakhase> demigod987 j, in your case irs more a tunnel than a bridge, so .3 is kind of used used as the gateway from your host (i think!) you could ether make "a real bridged setup" or make sure the ips reman unused 19:37 < tabakhase> aspcartman1 both configs are having "client"... 19:39 < aspcartman1> oops, too much windows on the screen 19:39 < aspcartman1> http://pastebin.ca/2109162 19:39 < aspcartman1> sry) 19:40 < tabakhase> demigod987 take a look at the manpage on "openvpn ifconfig", while using dev tun its the "other sides" ip so you cant use it 19:41 < tabakhase> (i think for reaching hosts "behind" that afterwards you might need adtional routes too) 19:42 < aspcartman1> and btw, to shock u guys: 19:42 < aspcartman1> ASPWD:~# modprobe iptables 19:42 < aspcartman1> FATAL: Module iptables not found. 19:42 < aspcartman1> ASPWD:~# modprobe ppp 19:42 < aspcartman1> FATAL: Module ppp not found. 19:42 < aspcartman1> ASPWD:~# lsmod 19:42 < aspcartman1> Module Size Used by 19:42 < aspcartman1> ASPWD:~# 19:42 -!- aspcartman1 was kicked from #openvpn by vpnHelper [Flooding detected. Please use http://pastebin.com for posting logs or configs.] 19:44 < tabakhase> aspcartman1 lets start with "why are you using tun?" youre might looking for tap... 19:44 < demigod987> tabakhase: Ok I'll check it out. Thanks for your help! 19:44 < tabakhase> demigod987 hf&gl, or same for you, when you want to bridge so bridge please, using tap + server lines 19:46 < tabakhase> (note that reqires some more effort, (static tap device bridged with your wanport, but its worth it ;-))) 19:46 < demigod987> I'm not sure I'll be able to figure that out, but I'll try 19:46 < tabakhase> in such a setup the vpn "dissapears" totaly =) 19:52 -!- s7r [~s7r@openvpn/user/s7r] has left #openvpn [] 19:52 -!- aspcartman1 [~Adium@128-72-208-119.broadband.corbina.ru] has joined #openvpn 19:53 < aspcartman1> didn't noticed i was kicked 19:53 < aspcartman1> what did i miss? 19:54 < tabakhase> [02:43:57] aspcartman1 lets start with "why are you using tun?" youre might looking for tap... 19:55 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 19:57 < aspcartman1> I want vpn for accessing my hardrive/server(one thing) whereever i go. There r lot's of port's, to be forwarded and also bonjour (aka netbios for every singe network service) don't work over internet 19:57 < aspcartman1> I tried pptp, but http://pastebin.ca/2109163 19:57 < tabakhase> aspcartman1 but appart from that, what CNAME is on the serverCert? 19:58 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 19:58 < tabakhase> youre having a "half bridget" setup (tun mixed with server) 19:59 -!- _julian_ [~quassel@hmbg-4d06c772.pool.mediaWays.net] has joined #openvpn 19:59 < aspcartman1> tabakhase: em… sry, i did it by manual with closed eyes, where should i look that? 19:59 < aspcartman1> It's about 6am here, i was fighting this thing whole day+night 19:59 < tabakhase> use ether tun + ifconfig (like demigod987 did in his paste) or use tap with bridge 20:00 < tabakhase> 2:59am MEZ here right now 20:00 -!- _julian [~quassel@hmbg-4d06e7b6.pool.mediaWays.net] has quit [Ping timeout: 244 seconds] 20:00 < aspcartman1> what is that, and why is it working over lan, but when i try over internet it fails? 20:00 < aspcartman1> 3am.. lucky you 20:00 < tabakhase> aspcartman1 because over lan its not using the vpn 20:00 < aspcartman1> wait, u live in +0 zone? o_O 20:00 < tabakhase> +1 it is 20:01 < tabakhase> berlin, germany 20:01 < aspcartman1> not using vpn? wtf, how is that possible - i start vpn and it's not using itself 20:01 < aspcartman1> moscow russia, +3 20:02 < aspcartman1> +3 − 6am +1 − 3am… something is wrong 20:02 < tabakhase> aspcartman1 didnt you just stoped daylight saving time stuff or so? 20:03 < aspcartman1> our president told us so. 20:03 < aspcartman1> But Microsoft time sync servers don't care, i suppose 20:03 < aspcartman1> :D 20:03 < tabakhase> ;D 20:05 < aspcartman1> So, am.. if u could help me figure out how to start ppp module (http://pastebin.ca/2109163 - no modules at all, wtf) - i'll ignore this openVPN and continue with pptpd (i like it more, it's simpler). 20:05 < aspcartman1> And i don't want to recompile kernel - one single mistake and device is ruined 20:06 < tabakhase> never done anything with ppp/pptpd 20:06 < tabakhase> sorry =( 20:06 < aspcartman1> anything with kernels maybe? 20:06 < EugeneKay> Be thankful. 20:06 < aspcartman1> It's not really ppp related 20:07 < tabakhase> aspcartman1 not enoutgh for compiling a custom kernel via remote 20:07 < aspcartman1> am so this is true? 20:07 < aspcartman1> To add a module to the kernel i have to recompile it? 20:08 < EugeneKay> aspcartman1, remind me what it is you're trying to achieve? 20:08 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 20:09 < aspcartman1> VPN server on a litle linux-drived HDD. pptp is prefered, but since i don't have any working kernel module (including ppp) - i'm stuck with openvpn 20:09 < tabakhase> EugeneKay started somewhere on a tsl handshake error, driffted to something more, not even sure on my own... 20:10 < tabakhase> and now comming up with the fact that hes talink about an embedded device hdd -.- 20:10 < aspcartman1> emm… what the difference? 20:10 < EugeneKay> Well, you won't get any help (from me, anyway) with PPTP, because pptp is terrible. 20:10 < aspcartman1> Linux is linux, debian 20:10 < EugeneKay> OpenVPN works great, once you grasp what it's doing. 20:11 < tabakhase> aspcartman1 linux s linuy, yes, but you forgot the hardware layer 20:11 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 20:11 < EugeneKay> No reason it shouldn't work on an embedded device. Slow, perhaps. 20:12 < aspcartman1> EugeneKay: i asked about kernel modules in general (http://pastebin.ca/2109163 again), not ppp especially :) I't doesn't fit in my mind - no kernel modules, wtf 20:12 < EugeneKay> *wrt devices do it jsut fine, I'm told. 20:12 < aspcartman1> WD Live 20:12 < aspcartman1> It's quite fast guy 20:14 -!- gffa [~gffa@unaffiliated/gffa] has joined #openvpn 20:14 < aspcartman1> If talking simpler all i want is pushing the button and - hey, my HDD has apeared on bonjour and mounted all it's afp shares, while HDD is at home, and i'm in campus. pptp, l2tp, openvpn - i don't really care 20:15 < aspcartman1> pptp and co ain't working coz of freaky kernel. OpenVPN is working over lan, but not internet and it's more then strange. 20:15 < aspcartman1> so that's the story 20:15 < EugeneKay> Bonjour requires bridging/TAP, and that is.... crap, frankly. 20:16 < aspcartman1> hmm.. so even with vpn i won't achive my goal? 20:17 < tabakhase> aspcartman1 apart from this "read UDPv4 [ECONNREFUSED]: Connection refused (code=111)" is not a handshare error... seems like you not forwarded the port on your router hm?! 20:17 < EugeneKay> Samba you can do. 20:17 < aspcartman1> 1194 - tcp+udp, forwarded 20:18 < tabakhase> tring via umts? 20:18 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 20:19 < aspcartman1> afp i can do too. ( samba on lion is kinda broken, apple going crazy)… What ports i have to forward to pass HDD's samba/afp go thru router? 20:19 < aspcartman1> tabakhase: who r this people? 20:20 < aspcartman1> tabakhase: googling... 20:20 < aspcartman1> tabakhase: googled it down.. didn't get the joke stil 20:21 < tabakhase> ? 20:21 * tabakhase didnt get it ether 20:22 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 20:24 < aspcartman1> "tring via umts?" - sounds like "cola via fanta" to me… googled it down, it didn't help. 20:24 < aspcartman1> i don't know what is tring and what is umts and googling did not helped 20:24 < aspcartman1> help*. Brains r shutting of. 20:26 < tabakhase> tring = trying umts = mobile broadband connection, so something that it realy goes trhough the router 20:28 < aspcartman1> u ask me to try to connect via my phones 3g for example? 20:30 < tabakhase> how else gonne try " Guys, what can it possibly be: connecting thru lan (remote 192.168.0.116 1194 - on clientside) - everything is okey, but if i change this to ethernet adress (remote mydomain.com 1194 ) i got stuck" 20:31 < tabakhase> when you try "to go via the router behind the router while you are already behind the router" will fail 20:31 < aspcartman1> em… just changing the this string, pushing save, and clicking connect 20:31 < aspcartman1> why is that? oO 20:32 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 20:32 < tabakhase> router has a forwarding rule from "external ips to my ineternal network" smth "from the internal to the internal" ist routed by him 20:33 < tabakhase> so your local dns might replace domain with the internal ip in that case (thats how you do stuff like that) 20:35 -!- aspcartman [~Adium@85.26.155.228] has joined #openvpn 20:36 < aspcartman> trying now 20:36 < aspcartman> omg 20:36 < aspcartman> connected 20:36 < tabakhase> ;D 20:36 < aspcartman> f@ck this, i'll be a stripper 20:36 < EugeneKay> Mmmmm strippers 20:37 < tabakhase> whats better than incorrect test setups <3<3 20:38 -!- aspcartman1 [~Adium@128-72-208-119.broadband.corbina.ru] has quit [Ping timeout: 260 seconds] 20:38 < aspcartman> :D 20:38 < aspcartman> btw can't ping HDD 20:39 < aspcartman> I'll kill it 20:39 < aspcartman> "I kill your dicks"©Bulletstorm 20:40 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 20:40 -!- aspcartman [~Adium@85.26.155.228] has quit [Read error: Connection reset by peer] 20:40 < tabakhase> what are you tring to ping, what is the hdd, what dose your routing look like... 20:40 -!- aspcartman [~Adium@85.26.155.228] has joined #openvpn 20:41 < tabakhase> ping your router? shouldnt work, png the hdd after connected? "could" work 20:41 < aspcartman> router is pinging, HHD - don't 20:41 < aspcartman> and it crashed again 20:44 -!- aspcartman [~Adium@85.26.155.228] has quit [Read error: Connection reset by peer] 20:46 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 20:48 -!- aspcartman [~Adium@85.26.155.228] has joined #openvpn 20:52 -!- aspcartman [~Adium@85.26.155.228] has left #openvpn [] 20:54 -!- emmanuelux [~emmanuel@2a01:e35:2e4d:9010:21d:60ff:fe0e:b818] has quit [Ping timeout: 240 seconds] 20:58 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 21:01 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 21:05 -!- dxtr [1bfa1e7c@unaffiliated/dxtr] has quit [Ping timeout: 260 seconds] 21:05 -!- dxtr [91df5e6b@host-88-80-29-36.cust.prq.se] has joined #openvpn 21:05 -!- dxtr [91df5e6b@host-88-80-29-36.cust.prq.se] has quit [Changing host] 21:05 -!- dxtr [91df5e6b@unaffiliated/dxtr] has joined #openvpn 21:07 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 21:14 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 21:18 -!- BenLue [~Ben@178-83-34-83.dynamic.hispeed.ch] has joined #openvpn 21:19 -!- S1lv3R [~Ben@178-83-34-83.dynamic.hispeed.ch] has quit [Read error: Connection reset by peer] 21:26 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 21:33 <@ecrist> sup /b/ros? 21:33 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 21:36 < Essobi> lulz 21:36 < Essobi> Being a b-tard? 21:38 <@ecrist> fuckin' a 21:39 < Essobi> :D 21:42 <@ecrist> I lol at a lot of what I see on /b 21:42 <@ecrist> particularly the coding/hacking stuff, and a lot of the stuff obviously posted by a virgin 13 yo who's trying to pretend like they've had more pussy than Tucker Max 21:43 <@ecrist> and even *I* haven't had that much gash 21:46 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 21:56 -!- catsup [d@ps38852.dreamhost.com] has quit [Read error: Operation timed out] 21:56 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn 22:00 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 22:01 -!- MarKsaitis [~MarKsaiti@cpc4-rdng22-2-0-cust932.15-3.cable.virginmedia.com] has quit [Ping timeout: 252 seconds] 22:07 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 22:10 -!- babble [~coyote@unaffiliated/coyote] has joined #openvpn 22:21 -!- babble [~coyote@unaffiliated/coyote] has quit [Quit: Leaving] 22:25 -!- Cr4zi3 [killaz@crazie2-1-pt.tunnel.tserv12.mia1.ipv6.he.net] has joined #openvpn 22:31 -!- luckman212_ [~irc@pool-108-41-8-176.nycmny.fios.verizon.net] has joined #openvpn 22:33 -!- luckman212 [~irc@pool-108-41-8-176.nycmny.fios.verizon.net] has quit [Ping timeout: 240 seconds] 23:03 -!- prakashkamliya [~prakashka@202.131.123.66] has joined #openvpn 23:08 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 23:14 -!- prakashkamliya [~prakashka@202.131.123.66] has quit [Ping timeout: 240 seconds] 23:14 -!- prakashkamliya [~prakashka@202.131.123.66] has joined #openvpn 23:15 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 245 seconds] 23:23 -!- prakashkamliya [~prakashka@202.131.123.66] has quit [Ping timeout: 252 seconds] 23:30 -!- prakashkamliya [~prakashka@202.131.123.66] has joined #openvpn 23:46 <@vpnHelper> RSS Update - forum: howto know status of openvpn client ? 23:50 -!- z`` [~david@cpc10-chap8-2-0-cust121.aztw.cable.virginmedia.com] has joined #openvpn 23:51 -!- z`` [~david@cpc10-chap8-2-0-cust121.aztw.cable.virginmedia.com] has quit [Client Quit] 23:52 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Quit: UnterPerro] 23:55 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 23:56 -!- David`` [~david@collider.irclabs.com] has joined #openvpn --- Day changed Fri Feb 03 2012 00:02 < David``> Hi. Having some troubles with OpenVPN that I haven't experienced before. I've tried connecting to multiple servers/providers, but I get the same problem: I can't access anything on-line. No connection to anything can be made. No idea what I'm doing, so I'd appreciate some help. Log at 'http://pastebin.com/L2vN8jEG'. 00:06 < David``> Oh, right -- okay. I see that I can ping sites, but I can't look up any DNS records. 00:13 < David``> If I run `host` on a domain, I get '5(REFUSED)' as an error. 00:14 -!- mode/#openvpn [+v EugeneKay] by ChanServ 00:17 <@vpnHelper> RSS Update - forum: howto know status of openvpn client ? 00:21 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 00:24 <@vpnHelper> RSS Update - forum: Unable to ping behind client from server in Bridge Mode || Using tap mode without ethernet bridging on server side. 00:27 <+EugeneKay> David`` - something something push dhcp-option dns 00:27 <+EugeneKay> !pushdns 00:27 <@vpnHelper> "pushdns" is (#1) push "dhcp-option DNS a.b.c.d" to push dns to the client or (#2) http://thread.gmane.org/gmane.network.openvpn.user/25139/focus=25147 see that mail archive for some info on pushing dns or (#3) http://article.gmane.org/gmane.network.openvpn.user/25149 for a perm fix via regedit or (#4) in unix you'll use the update-resolv-conf script or (#5) also 00:27 <@vpnHelper> http://comments.gmane.org/gmane.network.openvpn.user/31975 reports --register-dns as fixing their problems pushing DNS to windows 7 00:29 < David``> EugeneKay: Thanks, that worked, and I realised what the problem was. My '/etc/resolv.conf' was using local nameservers (192.168.4.100 and 192.168.8.100), and replacing those entries also fixed the problem. 00:29 < David``> I don't know if it was because of the local addresses or because they're my ISPs, but, either way, the above fixes worked. Thank you again. 00:29 <+EugeneKay> Yeah, linux has issues like that. I don't use it in a desktop context, but the usual "fix" for that is to specify google public resolvers and ignore your ISP's crappy ones 00:30 <+EugeneKay> Or run bind locally 00:30 <+EugeneKay> (issues meaning resolvconfd is something I've never bothered to figure out.... I just configure it statically) 00:54 < Essobi> !mtu 00:54 <@vpnHelper> "mtu" is (#1) see --mtu-test to learn how to test your MTU settings. Basically you just use --mtu-test in your normal client config or (#2) mtu debugging guide: http://www.secure-computing.net/wiki/index.php/OpenVPN/Troubleshooting 01:00 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has joined #openvpn 01:34 < prakashkamliya> can client with certificate signed by different ca connect to single server ? 01:34 < prakashkamliya> ? 01:36 < prakashkamliya> as in sample configuration it is written something like all client must have same ca 01:37 < prakashkamliya> Certificate authority (CA) file in .pem format, also referred to as the root certificate. This file can have multiple certificates in .pem format, concatenated together and what does this means ? 02:04 <+EugeneKay> prakashkamliya - in TLS mode, the remote certificate must be signed by (one of) the CA certificate(s) on file. 02:05 <+EugeneKay> In a single-CA config, the server(s) and client(s) must all be signed by the same CA. 02:05 <+EugeneKay> If you want to allow clients from multiple CAs, your server needs to have a ca.pem containing all of the CA certificates you want to try to authenticate against, one after the other 02:08 -!- mape2k [~mape2k@2001:6f8:133b:0:21f:3bff:fe27:21a9] has joined #openvpn 02:09 -!- Denial [Denial@drgi.co.uk] has joined #openvpn 02:11 -!- emmanuelux [~emmanuel@2a01:e35:2e4d:9010:21d:60ff:fe0e:b818] has joined #openvpn 02:17 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 02:26 -!- Azrael808 [~peter@212.161.9.162] has joined #openvpn 02:28 -!- cybermorpher [~cybermorp@74.213.120.11] has joined #openvpn 02:33 < cybermorpher> Any1 speak spanish here? 02:35 -!- cybermorpher [~cybermorp@74.213.120.11] has quit [Quit: Leaving] 02:36 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 02:47 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Quit: UnterPerro lives to save another day] 02:50 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 03:23 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has joined #openvpn 03:24 < Sgt_Lemming> evening all, went and looked at potential new hackerspace building today. Turns out we might be getting 3 buildings :-D 03:26 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has joined #openvpn 03:37 < krzee> Sgt_Lemming, congrats 03:37 < krzee> for what? 03:40 < Sgt_Lemming> for the hackerspace that I run 03:43 -!- noisebleed [~quassel@piggy.inescn.pt] has joined #openvpn 03:43 -!- noisebleed [~quassel@piggy.inescn.pt] has quit [Changing host] 03:43 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has joined #openvpn 04:00 < prakashkamliya> EugeneKay: you mean one ca.pem with all ca's hows that possible 04:18 -!- p3rror [~mezgani@41.137.254.45] has joined #openvpn 04:18 <@vpnHelper> RSS Update - forum: Failed to connect to TCP? 04:31 -!- prakashkamliya_ [~prakashka@202.131.123.66] has joined #openvpn 04:31 -!- prakashkamliya [~prakashka@202.131.123.66] has quit [Ping timeout: 244 seconds] 04:44 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 255 seconds] 04:44 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 04:49 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Ping timeout: 252 seconds] 04:49 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 04:50 -!- simplechat [~simplecha@123-243-79-139.static.tpgi.com.au] has joined #openvpn 04:50 -!- simplechat [~simplecha@123-243-79-139.static.tpgi.com.au] has quit [Changing host] 04:50 -!- simplechat [~simplecha@unaffiliated/simplechat] has joined #openvpn 04:55 <@vpnHelper> RSS Update - forum: Problem with routes 05:03 -!- JackWinter [~jack@ppp-289.vo.lu] has quit [Quit: Konversation terminated!] 05:06 -!- JackWinter [~jack@ppp-289.vo.lu] has joined #openvpn 05:14 -!- simplechat [~simplecha@unaffiliated/simplechat] has quit [Read error: Connection timed out] 05:14 -!- prakashkamliya_ [~prakashka@202.131.123.66] has quit [Remote host closed the connection] 05:14 -!- simplechat [~simplecha@unaffiliated/simplechat] has joined #openvpn 05:16 -!- linuxinternet [~linuxinte@202.131.123.66] has joined #openvpn 05:16 < linuxinternet> Hello, I have one question how can i specify remote ca-certificate while i am acting as server .? 05:17 < linuxinternet> what if i don't know in advance which ca has signed client certificate 05:17 < linuxinternet> i have all ca's with me in one directory but don't know who has signed how can specify multiple ca ? 05:19 -!- rickuz [~rickuz@p5DC45693.dip.t-dialin.net] has joined #openvpn 05:25 -!- eugenmayer1 [~EugenMaye@frbg-5f731a80.pool.mediaWays.net] has joined #openvpn 05:25 < eugenmayer1> getting Fri Feb 3 12:25:21 2012 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed 05:26 < eugenmayer1> with my new VPN net. Could that be that it is an issue that the "dh" does not match? 05:26 < eugenmayer1> this time i used XCA to create the CA cert 05:26 < krzee> !certverify 05:26 < eugenmayer1> created the dh afterwards, which should be no issue 05:26 <@vpnHelper> "certverify" is verify your certs are signed correctly by running `openssl verify -CAfile ` for client.crt and server.crt 05:26 < krzee> dh is unrelated 05:27 < eugenmayer1> ok. 05:27 < eugenmayer1> X509v3 Authority Key Identifier: 05:27 < eugenmayer1> X509v3 Subject Key Identifier: 05:27 < eugenmayer1> X509v3 Basic Constraints: 05:27 < eugenmayer1> CA:TRUE 05:28 < eugenmayer1> just to be sure, i dont need more extensions for the CA, dont i? 05:29 < eugenmayer1> looking at my working CAs and that new one, they look completly similar. As iam using the p12 bundled file, iam not sure what i could have done wrong at all 05:30 < linuxinternet> krzee: can you tell me how can i specify multiple ca ? 05:30 <@vpnHelper> RSS Update - forum: Connection On Demand or Instant Connection || howto specify multiple CA on server side using ca file ? 05:31 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has quit [Quit: Leaving] 05:32 < eugenmayer1> krzee: could that somehow be related to auth-user-pass-verify or client-cert-not-required 05:32 < eugenmayer1> which i use this time ( i dont think so, but well… ) 05:36 -!- simplechat [~simplecha@unaffiliated/simplechat] has quit [Read error: Connection timed out] 05:38 -!- simplechat [~simplecha@unaffiliated/simplechat] has joined #openvpn 05:38 < eugenmayer1> getting : openssl verify -CAfile KW_dmz.crt git_dmz.p12 05:38 < eugenmayer1> unable to load certificate 05:38 < eugenmayer1> 3511:error:0906D06C:PEM routines:PEM_read_bio:no start line:/SourceCache/OpenSSL098/OpenSSL098-44/src/crypto/pem/pem_lib.c:648:Expecting: TRUSTED CERTIFICATE 05:38 < eugenmayer1> ➜ Downloads 05:39 -!- phantomcircuit [~phantomci@50.57.81.35] has joined #openvpn 05:39 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Ping timeout: 252 seconds] 05:40 < eugenmayer1> Not sure what the particulary means 05:40 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 05:42 < krzee> linuxinternet, tried using --ca more than once? 05:42 < krzee> eugenmayer1, did you try what i said? 05:42 < eugenmayer1> krphop: sure i did, see above 05:43 < eugenmayer1> sorry krphop, wrong name. 05:43 < eugenmayer1> krzee: sure. that output comes from openssl verify 05:43 < eugenmayer1> i just created a new certificate and set the serial-number to be random .. that cert could be verified. Very odd 05:44 < eugenmayer1> What the.. 05:44 < eugenmayer1> openssl verify -CAfile KW_dmz.crt test_dmz.crt 05:44 < eugenmayer1> test_dmz.crt: OK 05:45 < eugenmayer1> but a cert created just right now, just with a different common name: does not work openssl verify -CAfile KW_dmz.crt git_dmz.p12 05:45 < eugenmayer1> ah! Well it looks like openssl verify cant take p12 05:45 < linuxinternet> --ca file more than once ? 05:46 < eugenmayer1> krzee: so now i have a verified crt, exported a p12 05:46 < eugenmayer1> openssl verify -CAfile KW_dmz.crt git_dmz.crt 05:46 < eugenmayer1> git_dmz.crt: OK 05:46 < Mowi> Hello 05:46 < linuxinternet> krzee: in openvpn manual it is written some thing like this : ca file this file can have multiple certificates .pem concatanated together 05:48 < linuxinternet> krzee: i really don't get what they mean 05:50 -!- eugenmayer1 [~EugenMaye@frbg-5f731a80.pool.mediaWays.net] has quit [Read error: Connection reset by peer] 05:50 -!- eugenmayer [~EugenMaye@frbg-5f731a80.pool.mediaWays.net] has joined #openvpn 05:53 -!- eugenmayer1 [~EugenMaye@frbg-5f731a80.pool.mediaWays.net] has joined #openvpn 05:53 -!- eugenmayer [~EugenMaye@frbg-5f731a80.pool.mediaWays.net] has quit [Read error: Connection reset by peer] 05:54 < eugenmayer1> krzee: eventhough ( see above ) i could verify the crt, i cannot connect using the p12…getting certificate veriy failed. If i skip verification with remote-cert-tls server 05:54 < eugenmayer1> it works 05:58 -!- eugenmayer [~EugenMaye@frbg-5f731a80.pool.mediaWays.net] has joined #openvpn 05:58 -!- eugenmayer1 [~EugenMaye@frbg-5f731a80.pool.mediaWays.net] has quit [Read error: Operation timed out] 06:01 -!- simplechat [~simplecha@unaffiliated/simplechat] has quit [Read error: Connection timed out] 06:05 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn 06:05 -!- mode/#openvpn [+v s7r] by ChanServ 06:13 < Tiburon> linuxinternet: from what you reference you are looking for something like: cat ca1.pem ca2.pem ca3.pem > camulti.pem 06:15 < Tiburon> I have not tried this so… you may need to edit camulti.pem to add a newline between each cert. 06:20 < eugenmayer> Iam pretty confused … being able to connect, the server gets flooded in its log "TLS Error: TLS handshake failed" 06:22 < linuxinternet> Tiburon: it is written something like that in manual what i want is multiple client connect to server whose certificates are signed by different ca's how can i specify 06:22 < linuxinternet> multiple ca in --ca file paramater 06:23 < Tiburon> linuxinternet: do the cat thing then --ca camulti.pem 06:24 < linuxinternet> Tiburon: i need to try and will let you know 06:30 < linuxinternet> Tiburon: it gives following error when running : Cannot load ca certificate file ca-multiple.pem path(null) SSL_CRT_LOAD_VERIFY error:02001002: system library fopen no such file or directory .. 06:34 < Tiburon> hmm … have you tried adding the newline between each cert in the ca-multiple.pem? Might be having trouble separating the certs. On the other hand the last part of the errormessage would suggest that it could not find the file at all. 06:36 < linuxinternet> yeah i have added new line between them 06:37 < linuxinternet> and as per me last line indicates file is not opned as it was not generated from openssl directly concatanated. 06:39 < linuxinternet> Tiburon: what about capath dir ? does it help something or searches in that directory ? 06:42 < Tiburon> I think the absolute path for the cert is needed when it is passed as a parameter. Not sure I'm still a bit new to OpenVPN. 06:44 < linuxinternet> okay no prob , will try and let you if any success 06:47 < Tiburon> linuxinternet: Good luck and happy hunting :-) 06:48 < krzee> If i skip verification with remote-cert-tls server 06:48 < krzee> [03:54] it works 06:48 < krzee> eugenmayer, doesnt that make the problem obvious? 06:48 < krzee> it wasnt signed as a server cert 06:48 < krzee> your CA software's fault 06:48 < eugenmayer> well, iam really totaly lost. 06:48 < krzee> then use easy-rsa 06:49 < eugenmayer> I reacreated the CA cert / server cert using the easyrsa approach, bit still, no way i get a verification on connection 06:49 < krzee> ya cause you have the client from old CA 06:49 < krzee> you need to keep everything on the same pki 06:49 < eugenmayer> krzee: i did. vars clean_all ..build.ca —build-server 06:50 < krzee> that is only ca and server 06:50 < krzee> isnt there a client too!> 06:53 <@vpnHelper> RSS Update - forum: howto specify multiple CA on server side using ca file ? 06:53 < eugenmayer> krzee: i imported the ca + ca.key / server + server.key in the XCA tool 06:54 < eugenmayer> then i created the new client cert. I have done this 50 times…and it works. With the same OpenVPN server, just different port / instance 06:54 < eugenmayer> i just dont get it. 06:56 < eugenmayer> krzee: maybe you cant point me with the nose. Iam just stuck 06:57 < eugenmayer> krzee: basically, because it did not work out using the XCA tool to create the CA, i reverted, used easyrsa, created ca / server keys / certs and imported them into the XCA tool. Then created the client-cert 06:57 < eugenmayer> restarted the vpn server and deployed the client key - but still i cant verify 06:58 < eugenmayer> wait. i missed something... 07:00 < eugenmayer> no. 07:00 < eugenmayer> Just cant get it work. 07:00 < krzee> !howto 07:00 < eugenmayer> Fri Feb 3 14:00:27 2012 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: /C=DE/ST=HN/L=HANNOVER/O=KontextWork_GbR/OU=IT/CN=dmz/emailAddress=info@kontextwork.de 07:00 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror 07:01 < eugenmayer> krzee: iam there already..have been .. 07:01 < krzee> start over, forget about that xca tool 07:01 < krzee> just do whats in easy-rsa, it works 07:01 < krzee> im going to sleep, gnite 07:01 < eugenmayer> n8 07:01 < eugenmayer> gn8 07:02 -!- eugenmayer1 [~EugenMaye@frbg-5f731a80.pool.mediaWays.net] has joined #openvpn 07:02 -!- eugenmayer [~EugenMaye@frbg-5f731a80.pool.mediaWays.net] has quit [Read error: Connection reset by peer] 07:07 -!- MarKsaitis [~MarKsaiti@cpc4-rdng22-2-0-cust932.15-3.cable.virginmedia.com] has joined #openvpn 07:08 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 256 seconds] 07:09 -!- takamichi [~pri@217.23.4.104] has joined #openvpn 07:29 -!- kolor [~klr@195.158.102.245] has joined #openvpn 07:29 < kolor> hi guys i've got a problem 07:32 < kolor> windows 7 says driver is not signed 07:32 < kolor> i disabled sign service, but network adapter won't appear 07:37 <@ecrist> 2.2.2? 07:37 <@ecrist> afaik, the driver *is* signed in the latest version] 07:47 -!- linuxinternet [~linuxinte@202.131.123.66] has quit [Ping timeout: 252 seconds] 07:53 -!- peppux [~peppux@adsl-ull-17-3.45-151.net24.it] has joined #openvpn 07:53 < peppux> hello 07:54 < peppux> i've configured a vpn but i can't ping the lan behind. someone can help me? 07:54 < peppux> the vpn server have two interfaces: tap0 and eth0 07:54 < peppux> eth0 have ip address 192.168.157.26 07:54 < peppux> and i can ping this ip 07:55 < peppux> but i can't ping other address in 192.168.157.0/24 network 08:02 -!- takamichi [~pri@217.23.4.104] has quit [Ping timeout: 252 seconds] 08:02 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 08:02 -!- simplechat [~simplecha@123-243-79-139.static.tpgi.com.au] has joined #openvpn 08:02 -!- simplechat [~simplecha@123-243-79-139.static.tpgi.com.au] has quit [Changing host] 08:02 -!- simplechat [~simplecha@unaffiliated/simplechat] has joined #openvpn 08:06 -!- APTX [APTX@unaffiliated/aptx] has quit [Remote host closed the connection] 08:07 -!- dazo_afk is now known as dazo 08:07 -!- APTX [APTX@unaffiliated/aptx] has joined #openvpn 08:10 -!- simplechat [~simplecha@unaffiliated/simplechat] has quit [Quit: Leaving] 08:10 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has quit [Remote host closed the connection] 08:12 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has joined #openvpn 08:24 <@vpnHelper> RSS Update - forum: Asking for a second password 08:28 -!- Axeman [~Axeman3@198.105.46.46] has joined #openvpn 08:28 -!- Axeman [~Axeman3@198.105.46.46] has quit [Changing host] 08:28 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 08:28 -!- mode/#openvpn [+v Axeman] by ChanServ 08:31 -!- mort_gib [~mort_gib@16.Red-83-36-63.staticIP.rima-tde.net] has joined #openvpn 08:34 -!- amir [~amir@unaffiliated/amir] has quit [Ping timeout: 272 seconds] 08:34 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has joined #openvpn 08:44 -!- eugenmayer1 [~EugenMaye@frbg-5f731a80.pool.mediaWays.net] has left #openvpn [] 08:45 -!- amir [~amir@unaffiliated/amir] has joined #openvpn 08:54 <@vpnHelper> RSS Update - forum: OpenVPN Can't ping remote hosts 09:06 <@vpnHelper> RSS Update - forum: Free providers? 09:11 -!- autif [~autif@static-72-93-90-226.bstnma.fios.verizon.net] has joined #openvpn 09:14 < autif> I am following the static key mono how to (http://openvpn.net/index.php/open-source/documentation/miscellaneous/78-static-key-mini-howto.html) and I am having some success. The topography is - Internet - DSL Router - Netgear Firewall - OpenVPN Server. 09:14 <@vpnHelper> Title: Static Key Mini-HOWTO (at openvpn.net) 09:15 < autif> When the client is connected to DSL Router - I seem to have full connectivity, however, when the client is connected to the Netgear Firewall, I do not 09:15 < autif> I get the following warning in the logs 09:16 < autif> 'ifconfig' is used inconsistently, local='ifconfig 10.8.0.2 10.8.0.1', remote='ifconfig 10.8.0.1 10.8.0.2' 09:16 < autif> I am not an expert in networks, I tried some googling, but could not understand 09:16 < autif> please advise 09:20 < Essobi> Anything other then MTU make high throughput TCP connections randomly hang? 09:21 < autif> Here is my config file http://pastebin.com/Fa4bTbuW 09:25 -!- oc80z [oc80z@openvpn/user/oc80z] has quit [Excess Flood] 09:25 -!- oc80z [oc80z@blea.ch] has joined #openvpn 09:26 -!- pk__ [~root@14.139.228.210] has joined #openvpn 09:26 -!- David`` [~david@collider.irclabs.com] has quit [Quit: leaving] 09:26 < pk__> can we cross compile openvpn for windows on linux? i mean is there a HOWTO article? 09:26 < pk__> i could not find any on Internet 09:44 -!- bnrstnr [bnrstnr@adsl-66-73-44-78.dsl.sfldmi.ameritech.net] has joined #openvpn 09:45 < bnrstnr> !welcome 09:45 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 09:46 -!- dazo is now known as dazo_afk 09:47 -!- cjs226 [~cjs226@rrcs-71-40-79-154.sw.biz.rr.com] has joined #openvpn 09:48 < bnrstnr> !goal 09:48 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc 09:55 < bnrstnr> hi, I need some help determining which path to go down for a specific application. I am installing an industrial controls system in a facility that allows for guest connections through an unsecured network that only allows for outgoing connections. the controls system needs to be serviced remotely from time to time, so I believe I need to connect via vpn to bypass the outgoing only situation. 09:55 < bnrstnr> I am fairly familiar with openvpn and have been using it for a couple years now. My initial thoughts were to bridge both server side and client side to create a point to point (?) connection where anybody servicing the equipment at my location could connect their laptop directly to the vpn server and access the equipment as if it were on the same lan. Does this sound possible or even remotely 09:55 < bnrstnr> close to being the best way of approaching this? 09:57 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 272 seconds] 09:57 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 10:04 -!- cadmium [~mike@75.47.2.73] has joined #openvpn 10:05 < cadmium> trouble knowing the options for openssl keygen options, want AES256 on vlan, does that mean all the key's have to be AES256? how do I specify this durring keygen ? 10:06 < cadmium> s/vlan/vpn tun\/tap 10:07 -!- mape2k [~mape2k@2001:6f8:133b:0:21f:3bff:fe27:21a9] has quit [Remote host closed the connection] 10:08 < mort_gib> Hey 10:09 < mort_gib> There is some work being done where a ssh tunnel is initiated on the remote end 10:09 < bnrstnr> not sure what you mean 10:09 < mort_gib> So, you ask a tech to run a script on the remote system, and that initiates the connection 10:10 < bnrstnr> ah yeah, I would like to just be able to run a script on startup and whenever they start the computer it would automatically connect to our server 10:10 < mort_gib> Yeah, you can do that. No problem 10:10 < bnrstnr> not too worried about that for now though 10:10 < bnrstnr> mainly wondering if I'm on the right path 10:11 -!- mape2k [~mape2k@2001:6f8:133b:0:21f:3bff:fe27:21a9] has joined #openvpn 10:11 < mort_gib> we have that with several clients 10:11 < mort_gib> and between their respective offices 10:11 < mort_gib> We even use Snom 370 VOIP phones as VPN clients 10:11 < mort_gib> :-) 10:11 < bnrstnr> haha 10:12 < mort_gib> Mind, don't try that from Zurich 10:12 < mort_gib> Knaek, Swisscom does some pretty weird crap on their network 10:12 < bnrstnr> with some smaller clients I've just installed a server in bridged mode and that worked perfectly.. I was a little worried of this new setup though 10:13 < mort_gib> Why bridge tough?? 10:14 < bnrstnr> I'm not sure if you're familiar with rslogix at all, but with ethernet I think the only way to connect to the devices is to be on the same subnet 10:14 -!- Harley_ [~Harley@182.149.55.145] has joined #openvpn 10:15 < mort_gib> Sorry, no not familiar with rslogix 10:15 < bnrstnr> I'm not positive about that either, but I know it works in bridged mode and it's fairly simple to set up the bridge so I just do it that way 10:16 < mort_gib> So this is a firmware?? 10:16 < mort_gib> Like embedded boxes 10:16 < mort_gib> Stux clients?? 10:16 < bnrstnr> not sure what a stux client is lol 10:16 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Quit: Sorry Gotta Run!] 10:17 < mort_gib> Sorry, typo 10:17 < mort_gib> Styx 10:17 < bnrstnr> yeah, quick google searched it.. sounds like it 10:17 < mort_gib> :-) Cool 10:18 < mort_gib> -Remember to protect them, or the Israelis will get you 10:18 < mort_gib> He he 10:18 < bnrstnr> haha 10:18 < bnrstnr> thanks for the input 10:18 < mort_gib> Your welcome 10:18 < mort_gib> You have some issues though 10:18 < bnrstnr> what's that? 10:19 < mort_gib> You need every clients IP range to be different 10:19 < mort_gib> Or the poor VPN Gateway will be very confused 10:19 < bnrstnr> yeah, that shouldn't be too big of a deal lol already had that headache before 10:19 < bnrstnr> I do a little better planning now 10:20 < mort_gib> See our clients come to us from other consulting comps. 10:20 < mort_gib> So all is on 192.168.0.0/24 -that is the default IP the ADSL routers use 10:20 < mort_gib> :-/ 10:21 < bnrstnr> oi 10:21 < bnrstnr> haha 10:21 < mort_gib> Exactly 10:21 < mort_gib> And no pwd on admin accounts 10:21 < mort_gib> NO AV software, or AVG Free if they are advanced 10:21 < mort_gib> -Expired mind you 10:22 < bnrstnr> at least here everything will be on 192.168.28.0/24 with no dhcp 10:22 < mort_gib> :-) Good business for us! 10:22 < bnrstnr> no kidding, easy too 10:22 < bnrstnr> frustrating, but easy fixes 10:23 < bnrstnr> I might spray paint the ip ranges for them to use on the electrical panel so they dont ruin my plans ;) 10:24 < Essobi> Sometimes, I just can't stop. http://images.memegenerator.net/instances/500x/14019929.jpg 10:30 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has quit [Ping timeout: 252 seconds] 10:38 -!- KaiForce [~chatzilla@adsl-70-228-98-51.dsl.akrnoh.ameritech.net] has joined #openvpn 10:40 <@vpnHelper> RSS Update - forum: Problem with routes 10:43 -!- autif [~autif@static-72-93-90-226.bstnma.fios.verizon.net] has quit [Quit: Leaving.] 10:52 -!- chats_ [chats@gateway/shell/xzibition.com/x-ubsytnezvsxxovnt] has quit [Read error: Connection reset by peer] 10:52 -!- chats_ [chats@gateway/shell/xzibition.com/x-gwsvuxkribrkmgtv] has joined #openvpn 10:52 -!- bnrstnr [bnrstnr@adsl-66-73-44-78.dsl.sfldmi.ameritech.net] has left #openvpn [] 10:55 -!- kolor [~klr@195.158.102.245] has quit [Ping timeout: 260 seconds] 10:56 -!- mort_gib [~mort_gib@16.Red-83-36-63.staticIP.rima-tde.net] has quit [Quit: Ex-Chat] 10:56 -!- Tiburon [~Tiburon@4807ds1-hl.0.fullrate.dk] has quit [Quit: Te audire no possum. Musa sapientum fixa est in aure.] 11:00 -!- rickuz1 [~rickuz@p5DC45693.dip.t-dialin.net] has joined #openvpn 11:00 -!- p3rror [~mezgani@41.137.254.45] has quit [Quit: Leaving] 11:02 -!- rickuz [~rickuz@p5DC45693.dip.t-dialin.net] has quit [Ping timeout: 256 seconds] 11:06 -!- Azrael808 [~peter@212.161.9.162] has quit [Ping timeout: 256 seconds] 11:09 -!- BenLue is now known as S1lv3R 11:13 -!- rickuz [~rickuz@p5DC45693.dip.t-dialin.net] has joined #openvpn 11:16 -!- S1lv3R [~Ben@178-83-34-83.dynamic.hispeed.ch] has quit [Read error: Connection reset by peer] 11:16 -!- rickuz1 [~rickuz@p5DC45693.dip.t-dialin.net] has quit [Ping timeout: 252 seconds] 11:18 -!- S1lv3R [~Ben@178-83-34-83.dynamic.hispeed.ch] has joined #openvpn 11:18 -!- S1lv3R [~Ben@178-83-34-83.dynamic.hispeed.ch] has quit [Read error: Connection reset by peer] 11:20 -!- S1lv3R [~Ben@178-83-34-83.dynamic.hispeed.ch] has joined #openvpn 11:21 -!- MeanderingCode [~Meanderin@97-123-4-4.albq.qwest.net] has quit [Read error: Connection reset by peer] 11:26 < rob0> dazo_afk, do you maintain easy-rsa? 11:32 -!- MeanderingCode [~Meanderin@97-123-4-4.albq.qwest.net] has joined #openvpn 11:56 -!- Gravitro_ [~admin@69.163.40.45] has quit [Remote host closed the connection] 11:56 -!- Gravitron [~admin@69.163.40.45] has joined #openvpn 11:56 -!- Gravitron [~admin@69.163.40.45] has quit [Changing host] 11:56 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 11:57 -!- rickuz [~rickuz@p5DC45693.dip.t-dialin.net] has quit [Quit: Leaving.] 12:00 -!- rawplayer [~foo@shell.students.os3.nl] has quit [Ping timeout: 245 seconds] 12:23 -!- rawplayer [~foo@shell.students.os3.nl] has joined #openvpn 12:24 -!- rawplayer [~foo@shell.students.os3.nl] has quit [Read error: Operation timed out] 12:28 -!- rawplayer [~foo@shell.students.os3.nl] has joined #openvpn 12:33 -!- rawplayer [~foo@shell.students.os3.nl] has quit [Ping timeout: 272 seconds] 12:38 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has quit [Ping timeout: 240 seconds] 12:38 -!- dkr [~dkr@67.132.255.16] has quit [Ping timeout: 252 seconds] 12:40 -!- cadmium [~mike@75.47.2.73] has quit [Ping timeout: 252 seconds] 12:41 < rob0> !easy-rsa 12:50 -!- vpopov [~happylife@dyn-58-222.fttbee.kis.ru] has joined #openvpn 12:53 < madal> can anyone tell me how to configure openvpn into open LDAP for authentication ? 12:56 -!- rawplayer [~foo@shell.students.os3.nl] has joined #openvpn 13:03 -!- rawplayer [~foo@shell.students.os3.nl] has quit [Ping timeout: 260 seconds] 13:03 < reiffert> !search --values ldap 13:03 <@vpnHelper> (search ) -- Searches for in the current configuration variables. 13:03 < reiffert> !search factoids --values ldap 13:03 <@vpnHelper> (search ) -- Searches for in the current configuration variables. 13:04 < reiffert> !factoids search ldap 13:04 <@vpnHelper> "ldap_iptables" is see http://planetjoel.com/viewarticle/638/OpenVPN%3A+Dynamically+create+IPtables+rules+based+on+LDAP+group+membership for a cool script for setting iptables rules based on LDAP membership (currently only handles TCP rules, but an easy fix to support UDP) 13:04 < reiffert> !factoids search --values ldap 13:04 <@vpnHelper> "ldap_iptables" is see http://planetjoel.com/viewarticle/638/OpenVPN%3A+Dynamically+create+IPtables+rules+based+on+LDAP+group+membership for a cool script for setting iptables rules based on LDAP membership (currently only handles TCP rules, but an easy fix to support UDP) 13:04 < reiffert> mhm, not what you are looking for I guess. 13:04 < reiffert> !factoids search --values pam 13:04 <@vpnHelper> No keys matched that query. 13:04 < reiffert> use the auth pam instead and have pam auth against ldap. 13:05 < reiffert> rob0 will help you for further details. 13:09 -!- rawplayer [~foo@shell.students.os3.nl] has joined #openvpn 13:14 -!- rawplayer [~foo@shell.students.os3.nl] has quit [Ping timeout: 240 seconds] 13:18 -!- MeanderingCode [~Meanderin@97-123-4-4.albq.qwest.net] has quit [Remote host closed the connection] 13:21 -!- dkr [~dkr@67.132.255.16] has joined #openvpn 13:25 -!- rawplayer [~foo@shell.students.os3.nl] has joined #openvpn 13:26 -!- cadmium [~mike@adsl-99-118-116-234.dsl.sfldmi.sbcglobal.net] has joined #openvpn 13:30 -!- rawplayer [~foo@shell.students.os3.nl] has quit [Ping timeout: 255 seconds] 13:42 -!- treshoem [~treshoem@ns1.smartcellphonestogo.com] has quit [Ping timeout: 256 seconds] 13:49 -!- treshoem [~treshoem@94.229.78.231] has joined #openvpn 13:49 -!- MeanderingCode [~Meanderin@97-123-4-4.albq.qwest.net] has joined #openvpn 13:54 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has quit [] 13:57 -!- MeanderingCode [~Meanderin@97-123-4-4.albq.qwest.net] has quit [Quit: No Ping reply in 180 seconds.] 13:58 -!- MeanderingCode [~Meanderin@97-123-4-4.albq.qwest.net] has joined #openvpn 14:05 -!- gremly [~gremly@200.119.32.55] has joined #openvpn 14:08 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has joined #openvpn 14:11 -!- rschmidt [~raphael@216-246-238-141.cpe.distributel.net] has joined #openvpn 14:15 -!- rawplayer [~foo@shell.students.os3.nl] has joined #openvpn 14:36 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has quit [Ping timeout: 252 seconds] 14:37 -!- rawplayer [~foo@shell.students.os3.nl] has quit [Ping timeout: 252 seconds] 14:40 -!- kraut [~kraut@blackhole.netzdeponie.de] has joined #openvpn 14:40 < kraut> hi 14:40 < kraut> what's the problem, if i miss padlock as an engine? f.e.openvpn --show-engines 14:41 < kraut> i mean, how can i debug this? 14:41 < kraut> i just downgraded openssl to 0.9.8o because of missing padlock support. that's now functioning but openvpn not yet. 14:44 -!- rawplayer [~foo@shell.students.os3.nl] has joined #openvpn 14:49 -!- mape2k [~mape2k@2001:6f8:133b:0:21f:3bff:fe27:21a9] has quit [Ping timeout: 252 seconds] 14:53 < messedup1> Im working on a project, i want to run openvpn on my home network... 192.168, and be able to connect certain machine at home to it, then have a box, i can send around to other people, who will be able to boot it, and have it auto connect to the openvpn server, and give access inside their network... home network is again 192.168, id like the openvpn to dole out something like 172.31.21.X ip address... what all do i need to do 14:53 -!- rawplayer [~foo@shell.students.os3.nl] has quit [Ping timeout: 256 seconds] 14:55 -!- rawplayer [~foo@shell.students.os3.nl] has joined #openvpn 14:59 -!- rawplayer [~foo@shell.students.os3.nl] has quit [Ping timeout: 255 seconds] 15:01 -!- kisom [~x@c-fadde155.648-1-64736c11.cust.bredbandsbolaget.se] has left #openvpn [] 15:04 < hyper_ch> use 10.8.x.x to hand out 15:06 -!- rawplayer [~foo@shell.students.os3.nl] has joined #openvpn 15:14 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has quit [Ping timeout: 272 seconds] 15:15 < krzee> kraut, did you build openvpn against your openssl with padlock? 15:16 < kraut> it's just from the ubuntu repositority 15:18 < krzee> iirc you need to build openvpn against the special openssl when you have special openssl like that 15:18 < krzee> but im not 100% 15:21 < kraut> :( 15:21 < kraut> this sucks a lot 15:30 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has joined #openvpn 15:32 -!- aufwl [32249ce2@gateway/web/freenode/ip.50.36.156.226] has joined #openvpn 15:36 -!- David`` [~david@collider.irclabs.com] has joined #openvpn 15:38 -!- mape2k [~mape2k@2001:6f8:133b:0:21f:3bff:fe27:21a9] has joined #openvpn 15:53 -!- vpopov [~happylife@dyn-58-222.fttbee.kis.ru] has quit [Quit: Leaving] 15:56 -!- gladiatr [~sdspence@openvpn/community/support/gladiatr] has quit [Ping timeout: 255 seconds] 16:01 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Read error: Operation timed out] 16:01 -!- KaiForce [~chatzilla@adsl-70-228-98-51.dsl.akrnoh.ameritech.net] has quit [Quit: ChatZilla 0.9.88 [Firefox 10.0/20120129021758]] 16:02 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 16:09 -!- gladiatr [~sdspence@135.15.124.24.cm.sunflower.com] has joined #openvpn 16:12 -!- cjs226 [~cjs226@rrcs-71-40-79-154.sw.biz.rr.com] has quit [] 16:15 -!- vpopov [~happylife@dyn-58-222.fttbee.kis.ru] has joined #openvpn 16:16 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 256 seconds] 16:26 -!- p3rror [~mezgani@41.249.7.207] has joined #openvpn 16:28 -!- mape2k [~mape2k@2001:6f8:133b:0:21f:3bff:fe27:21a9] has quit [Ping timeout: 252 seconds] 16:29 -!- nonotza [~nonotza@50-57-234-249.static.cloud-ips.com] has joined #openvpn 16:44 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has left #openvpn [] 16:52 < cadmium> hey guys 16:53 < cadmium> krzee i'm generating openssl key, csr, crt but not sure which options to use with rob0 any advise? 16:56 -!- ianthius [~ian@unaffiliated/ianthius] has joined #openvpn 16:56 < ianthius> !welcome 16:56 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 16:57 < ianthius> curious anyone connection a local lan to a vpn lan using dd-wrt? 16:57 < ianthius> *connecting 17:03 -!- cjs226 [~cjs226@99-61-65-242.lightspeed.austtx.sbcglobal.net] has joined #openvpn 17:24 -!- rschmidt [~raphael@216-246-238-141.cpe.distributel.net] has left #openvpn ["Leaving"] 17:34 -!- peppux [~peppux@adsl-ull-17-3.45-151.net24.it] has quit [Ping timeout: 255 seconds] 17:38 <@vpnHelper> RSS Update - forum: can't see local devices on LAN but can ping remote devices || Windows OpenVPN Server blocks other services 17:40 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has joined #openvpn 17:40 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has quit [Changing host] 17:40 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 17:40 -!- mode/#openvpn [+v Axeman] by ChanServ 17:44 <@vpnHelper> RSS Update - forum: vpn routing from windows 7 machines in private network || Windows OpenVPN Server blocks other services 17:46 < rob0> cadmium, a bit more complex than is needed (don't need the intermediate CAs), but this looks good: http://www.unicore.eu/documentation/manuals/unicore6/files/pki-0.2.pdf 17:47 -!- peppux [~peppux@adsl-ull-107-24.45-151.net24.it] has joined #openvpn 17:48 -!- nonotza [~nonotza@50-57-234-249.static.cloud-ips.com] has quit [Quit: nonotza] 17:48 < ianthius> anyone know how to use openvpn on the command line to automatically reconnect and save password if get disconnected? 18:01 -!- lakewood [~user@99-45-120-223.lightspeed.cicril.sbcglobal.net] has joined #openvpn 18:08 -!- tekzilla [~jon@hmbg-5f760325.pool.mediaWays.net] has quit [Ping timeout: 245 seconds] 18:10 -!- tekzilla [~jon@hmbg-5f767a12.pool.mediaWays.net] has joined #openvpn 18:11 -!- gremly [~gremly@200.119.32.55] has quit [Quit: WeeChat 0.3.6] 18:21 -!- master_of_master [~master_of@p57B55A37.dip.t-dialin.net] has quit [Ping timeout: 260 seconds] 18:22 -!- master_of_master [~master_of@p57B52E4C.dip.t-dialin.net] has joined #openvpn 18:39 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has quit [Remote host closed the connection] 18:57 -!- emmanuelux [~emmanuel@2a01:e35:2e4d:9010:21d:60ff:fe0e:b818] has quit [Ping timeout: 240 seconds] 18:59 -!- Carbon_Monoxide [~cmonxide@059148118175.ctinets.com] has joined #openvpn 19:04 < rob0> ianthius, might want "persist-key" 19:06 < ianthius> will that work with passwords? 19:07 < rob0> I don't know, actually, but it is something you might want to try. 19:07 < ianthius> hmm okay, thanks for the clie 19:07 < ianthius> clue 19:09 -!- Axeman [~Axeman3@openvpn/user/axeman] has left #openvpn ["Leaving"] 19:21 -!- nutron [~nutron@unaffiliated/nutron] has quit [Ping timeout: 252 seconds] 19:26 -!- s7r [~s7r@openvpn/user/s7r] has left #openvpn [] 19:35 -!- luckman212_ [~irc@pool-108-41-8-176.nycmny.fios.verizon.net] has quit [Remote host closed the connection] 19:37 -!- peppux [~peppux@adsl-ull-107-24.45-151.net24.it] has quit [Quit: WeeChat 0.3.6] 19:38 -!- Carbon_Monoxide [~cmonxide@059148118175.ctinets.com] has quit [Quit: Leaving] 19:43 -!- tekzilla [~jon@hmbg-5f767a12.pool.mediaWays.net] has quit [Ping timeout: 252 seconds] 19:44 -!- nutron [~nutron@unaffiliated/nutron] has joined #openvpn 19:45 -!- tekzilla [~jon@hmbg-5f767093.pool.mediaWays.net] has joined #openvpn 19:53 -!- Carbon_Monoxide [~cmonxide@059148118175.ctinets.com] has joined #openvpn 19:55 -!- _julian [~quassel@hmbg-5f760bf8.pool.mediaWays.net] has joined #openvpn 19:58 -!- _julian_ [~quassel@hmbg-4d06c772.pool.mediaWays.net] has quit [Ping timeout: 245 seconds] 20:05 -!- Carbon_Monoxide [~cmonxide@059148118175.ctinets.com] has quit [Quit: Leaving] 20:13 -!- MeanderingCode_ [~Meanderin@97-123-4-4.albq.qwest.net] has joined #openvpn 20:17 -!- TheRedOctober [~administr@pool-96-250-107-106.nycmny.fios.verizon.net] has joined #openvpn 20:18 -!- MeanderingCode [~Meanderin@97-123-4-4.albq.qwest.net] has quit [Ping timeout: 272 seconds] 20:20 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Ping timeout: 248 seconds] 20:22 -!- MarKsaitis [~MarKsaiti@cpc4-rdng22-2-0-cust932.15-3.cable.virginmedia.com] has quit [Ping timeout: 255 seconds] 20:54 -!- Carbon_Monoxide [~cmonxide@059148118175.ctinets.com] has joined #openvpn 21:05 -!- Harley_ [~Harley@182.149.55.145] has quit [Remote host closed the connection] 21:23 -!- Carbon_Monoxide [~cmonxide@059148118175.ctinets.com] has quit [Quit: Leaving] 21:39 -!- simplechat [~simplecha@123-243-79-139.static.tpgi.com.au] has joined #openvpn 21:39 -!- simplechat [~simplecha@123-243-79-139.static.tpgi.com.au] has quit [Changing host] 21:39 -!- simplechat [~simplecha@unaffiliated/simplechat] has joined #openvpn 21:49 -!- Carbon_Monoxide [~cmonxide@059148118175.ctinets.com] has joined #openvpn 21:50 -!- Carbon_Monoxide [~cmonxide@059148118175.ctinets.com] has quit [Client Quit] 21:55 -!- seroquel [seroquel@seattle195.riseup.net] has joined #openvpn 21:55 < seroquel> is there a way to make openvpn connect without inputting a password? 21:55 < seroquel> like can i add the password to the config file? 22:02 -!- Carbon_Monoxide [~cmonxide@059148118175.ctinets.com] has joined #openvpn 22:03 -!- linuxinternet [~linuxinte@202.131.123.66] has joined #openvpn 22:03 < seroquel> fuck u nerds 22:03 -!- seroquel [seroquel@seattle195.riseup.net] has quit [Remote host closed the connection] 22:04 < linuxinternet> seroquel ::: you better mind your language 22:04 -!- linuxinternet [~linuxinte@202.131.123.66] has left #openvpn [] 22:05 -!- linuxinternet [~linuxinte@202.131.123.66] has joined #openvpn 22:05 < lakewood> hahah he couldn't wait. 22:07 < linuxinternet> lakewood: very true,, 22:07 < lakewood> =) 22:08 < linuxinternet> : 22:08 < linuxinternet> :) 22:15 -!- Carbon_Monoxide [~cmonxide@059148118175.ctinets.com] has quit [Quit: Leaving] 22:18 -!- Carbon_Monoxide [~cmonxide@059148118175.ctinets.com] has joined #openvpn 22:43 <@vpnHelper> RSS Update - forum: howto specify multiple CA on server side using ca file ? 22:50 -!- lakewood [~user@99-45-120-223.lightspeed.cicril.sbcglobal.net] has quit [Remote host closed the connection] 22:51 -!- David`` [~david@collider.irclabs.com] has quit [Quit: leaving] 22:53 -!- lakewood [~user@99-45-120-223.lightspeed.cicril.sbcglobal.net] has joined #openvpn 22:56 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has joined #openvpn 23:16 -!- Carbon_Monoxide [~cmonxide@059148118175.ctinets.com] has quit [Quit: Leaving] 23:27 -!- Carbon_Monoxide [~cmonxide@059148118175.ctinets.com] has joined #openvpn 23:45 -!- Carbon_Monoxide [~cmonxide@059148118175.ctinets.com] has quit [Quit: Leaving] 23:51 -!- ianthius_ [ianthius@y0u.co.cc] has joined #openvpn 23:51 -!- krzee [nobody@openvpn/community/support/krzee] has quit [Quit: This computer has gone to sleep] 23:51 < ianthius_> anyone know how to make commandline client reconnect automatically when it get's disconnected? --- Day changed Sat Feb 04 2012 00:40 -!- linuxinternet [~linuxinte@202.131.123.66] has quit [Ping timeout: 255 seconds] 00:41 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 00:46 -!- Carbon_Monoxide [~cmonxide@059148118175.ctinets.com] has joined #openvpn 01:03 -!- linuxinternet [~linuxinte@202.131.123.66] has joined #openvpn 01:17 -!- linuxinternet_ [~linuxinte@202.131.123.66] has joined #openvpn 01:17 -!- linuxinternet [~linuxinte@202.131.123.66] has quit [Ping timeout: 240 seconds] 01:31 -!- Carbon_Monoxide [~cmonxide@059148118175.ctinets.com] has quit [Ping timeout: 240 seconds] 01:45 -!- vpopov [~happylife@dyn-58-222.fttbee.kis.ru] has quit [Ping timeout: 255 seconds] 01:47 -!- linuxinternet_ [~linuxinte@202.131.123.66] has quit [Ping timeout: 248 seconds] 01:50 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 272 seconds] 01:59 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 02:11 -!- linuxinternet_ [~linuxinte@202.131.123.66] has joined #openvpn 02:38 -!- linuxinternet_ [~linuxinte@202.131.123.66] has quit [Ping timeout: 248 seconds] 02:38 -!- linuxinternet_ [~linuxinte@202.131.123.66] has joined #openvpn 02:46 < linuxinternet_> ianthius: even i am searching for same solution let me know if you get any 02:53 -!- linuxinternet_ [~linuxinte@202.131.123.66] has quit [Ping timeout: 255 seconds] 03:04 -!- pk__ [~root@14.139.228.210] has left #openvpn [] 03:26 -!- Carbon_Monoxide [~cmonxide@059148118175.ctinets.com] has joined #openvpn 03:28 -!- kolor [~klr@195.158.102.245] has joined #openvpn 03:32 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Read error: Operation timed out] 03:33 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 03:34 -!- emmanuelux [~emmanuel@2a01:e35:2e4d:9010:21d:60ff:fe0e:b818] has joined #openvpn 03:38 -!- kolor [~klr@195.158.102.245] has left #openvpn [] 03:42 -!- mape2k [~mape2k@2001:6f8:133b:0:21f:3bff:fe27:21a9] has joined #openvpn 03:46 -!- Carbon_Monoxide [~cmonxide@059148118175.ctinets.com] has quit [Quit: Leaving] 03:48 -!- Carbon_Monoxide [~cmonxide@059148118175.ctinets.com] has joined #openvpn 04:07 -!- Carbon_Monoxide [~cmonxide@059148118175.ctinets.com] has quit [Quit: Leaving] 04:15 -!- p3rror [~mezgani@41.249.7.207] has quit [Read error: Connection reset by peer] 04:27 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 252 seconds] 04:28 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 04:35 -!- Carbon_Monoxide [~cmonxide@059148118175.ctinets.com] has joined #openvpn 04:39 -!- krzee [nobody@hemp.ircpimps.org] has joined #openvpn 04:39 -!- krzee [nobody@hemp.ircpimps.org] has quit [Changing host] 04:39 -!- krzee [nobody@openvpn/community/support/krzee] has joined #openvpn 04:46 < hyper_ch> dazo_afk: how is fosdem? 04:46 -!- vpopov [~happylife@dyn-58-222.fttbee.kis.ru] has joined #openvpn 05:10 -!- MarKsaitis [~MarKsaiti@cpc4-rdng22-2-0-cust932.15-3.cable.virginmedia.com] has joined #openvpn 05:10 -!- MarKsaitis [~MarKsaiti@cpc4-rdng22-2-0-cust932.15-3.cable.virginmedia.com] has quit [Read error: Connection reset by peer] 05:45 <@vpnHelper> RSS Update - forum: Client can connect but has no access to the Internet 05:50 -!- mape2k [~mape2k@2001:6f8:133b:0:21f:3bff:fe27:21a9] has quit [Quit: Leaving] 05:52 -!- krzee [nobody@openvpn/community/support/krzee] has left #openvpn ["Leaving"] 06:24 -!- rawplayer [~foo@shell.students.os3.nl] has quit [Ping timeout: 245 seconds] 06:38 -!- rawplayer [~foo@shell.students.os3.nl] has joined #openvpn 06:40 -!- mattock [~samuli@openvpn/corp/admin/mattock] has joined #openvpn 06:40 -!- mode/#openvpn [+o mattock] by ChanServ 06:43 -!- rawplayer [~foo@shell.students.os3.nl] has quit [Ping timeout: 245 seconds] 06:44 -!- rawplayer [~foo@shell.students.os3.nl] has joined #openvpn 06:45 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has quit [Quit: This computer has gone to sleep] 06:48 -!- rawplayer [~foo@shell.students.os3.nl] has quit [Ping timeout: 255 seconds] 06:55 -!- rawplayer [~foo@shell.students.os3.nl] has joined #openvpn 06:57 -!- krzee [nobody@hemp.ircpimps.org] has joined #openvpn 06:57 -!- krzee [nobody@hemp.ircpimps.org] has quit [Changing host] 06:57 -!- krzee [nobody@openvpn/community/support/krzee] has joined #openvpn 07:27 <@vpnHelper> RSS Update - forum: OpenVPN on CentOs : IP not changed 07:39 <@vpnHelper> RSS Update - forum: OpenVPN on CentOs : IP not changed 07:51 <@vpnHelper> RSS Update - forum: OpenVPN on CentOs : IP not changed 08:10 -!- simplechat [~simplecha@unaffiliated/simplechat] has quit [Remote host closed the connection] 08:23 -!- Carbon_Monoxide [~cmonxide@059148118175.ctinets.com] has quit [Quit: Leaving] 08:25 -!- Carbon_Monoxide [~cmonxide@059148118175.ctinets.com] has joined #openvpn 08:30 -!- Carbon_Monoxide [~cmonxide@059148118175.ctinets.com] has quit [Ping timeout: 240 seconds] 08:35 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has joined #openvpn 08:51 -!- dazo_afk is now known as dazo 09:03 -!- dazo is now known as dazo|afk 09:03 -!- Carbon_Monoxide [~cmonxide@059148118175.ctinets.com] has joined #openvpn 09:05 -!- Carbon_Monoxide [~cmonxide@059148118175.ctinets.com] has quit [Client Quit] 09:07 -!- MarKsaitis [~MarKsaiti@cpc4-rdng22-2-0-cust932.15-3.cable.virginmedia.com] has joined #openvpn 09:09 -!- MarKsaitis [~MarKsaiti@cpc4-rdng22-2-0-cust932.15-3.cable.virginmedia.com] has quit [Client Quit] 09:24 -!- cadmium [~mike@adsl-99-118-116-234.dsl.sfldmi.sbcglobal.net] has quit [Quit: My damn controlling terminal disappeared!] 09:34 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 240 seconds] 09:34 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 09:46 -!- dazo|afk is now known as dazo 09:47 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 252 seconds] 09:47 -!- dazo is now known as dazo_afk 09:47 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 09:50 -!- mattock [~samuli@openvpn/corp/admin/mattock] has quit [Quit: mattock] 09:52 -!- chats_ [chats@gateway/shell/xzibition.com/x-gwsvuxkribrkmgtv] has quit [Ping timeout: 272 seconds] 09:54 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has quit [Remote host closed the connection] 09:56 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has joined #openvpn 09:57 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has quit [Read error: Connection reset by peer] 10:00 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has joined #openvpn 10:01 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has quit [Read error: Connection reset by peer] 10:01 -!- c1de0x [~c1de0x@208.111.44.254] has joined #openvpn 10:08 -!- Essobi [~Essobi@74-133-160-231.dhcp.insightbb.com] has quit [Read error: Connection reset by peer] 10:09 -!- Essobi [~Essobi@74-133-160-231.dhcp.insightbb.com] has joined #openvpn 10:13 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has joined #openvpn 10:13 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has joined #openvpn 10:13 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has quit [Client Quit] 10:21 -!- VisionNL [~anonymous@tuig.nikhef.nl] has joined #openvpn 10:21 -!- ianthius_ [ianthius@y0u.co.cc] has quit [Read error: Connection reset by peer] 10:22 -!- MeanderingCode [~Meanderin@97-123-12-161.albq.qwest.net] has joined #openvpn 10:22 -!- ianthius_ [ianthius@y0u.co.cc] has joined #openvpn 10:23 -!- _martin [~user@194-208-138-040.tele.net] has joined #openvpn 10:23 -!- MeanderingCode_ [~Meanderin@97-123-4-4.albq.qwest.net] has quit [Ping timeout: 244 seconds] 10:25 < _martin> hi, im running a dlna service on my ready nas duo (debian) vpn an so works fine. but the broadcast of the dlna (upnp) isn't avabel for the connected vpn clients. i have to forward the upnp traffic to my ppp interface using the iptables. is there anyone who can give me an example how this works? 10:28 -!- novaflash is now known as novaflash_away 10:35 < hyper_ch> if only I knew what dlna is 10:35 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has joined #openvpn 10:36 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has quit [Remote host closed the connection] 10:37 -!- zz_mgorbach [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has quit [Read error: Connection reset by peer] 10:37 -!- zz_mgorbach [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has joined #openvpn 10:42 -!- p3rror [~mezgani@41.249.15.103] has joined #openvpn 10:45 -!- appleguru [~appleguru@pool-173-76-27-235.bstnma.fios.verizon.net] has joined #openvpn 10:46 -!- catbit [~BiGcaT@113.118.166.22] has joined #openvpn 10:47 < catbit> Hi all 10:47 < catbit> I have a problem with redirect-gateway 10:47 < catbit> Can anyone help me here? 10:48 < hyper_ch> catbit: type: !welcome 10:48 < catbit> !welcome 10:48 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 10:48 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has joined #openvpn 10:48 < catbit> !goal 10:48 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc 10:48 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has quit [Read error: Connection reset by peer] 10:49 < catbit> !goal tunnel all the internet traffic from my Tomato router to the remote OpenVPN server on EC2. 10:49 < catbit> !logs 10:49 <@vpnHelper> "logs" is (#1) is please pastebin your logfiles from both client and server with verb set to 5 or (#2) In Tunnelblick, right-click and select copy to copy log text to clipboard. 10:50 -!- appleguru [~appleguru@pool-173-76-27-235.bstnma.fios.verizon.net] has quit [Quit: appleguru] 10:50 < catbit> !configs 10:50 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries 10:51 < hyper_ch> catbit: tomato supports openvpn? 10:51 < catbit> yes 10:51 < hyper_ch> you use ccd? 10:52 < hyper_ch> or are there other clients that do not with to tunnel all traffic? 10:52 < catbit> !configs http://pastebin.com/c2tn4xE8 10:52 < hyper_ch> cat 10:53 -!- zz_mgorbach [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has quit [Read error: Connection reset by peer] 10:53 -!- mgorbachi [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has joined #openvpn 10:53 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has joined #openvpn 10:53 < hyper_ch> catbit: don't use ! at the beginning if you do not want to query the bot 10:53 < catbit> ok 10:53 < catbit> yes I use ccd 10:53 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has quit [Read error: Connection reset by peer] 10:53 < catbit> All the clients need to tunnel the Internet traffic. 10:53 < hyper_ch> and that looks wrong: route 192.168.1.0 255.255.255.0 10.8.0.1 10:54 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has joined #openvpn 10:54 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has quit [Read error: Connection reset by peer] 10:54 < catbit> I should remove that line? 10:54 < catbit> If I enable: push "redirect-gateway def1" 10:55 < catbit> I cannot ping the vpn server and any Internet sites. 10:55 < catbit> If I commet it out 10:55 < hyper_ch> let me fix your server conf 10:55 < catbit> I can ping 10.8.0.1 and vice versa, but the Internet traffic isn't going through the tunnel 10:55 < catbit> tks hyper_ch ! 10:59 -!- mgorbachi [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has quit [Ping timeout: 240 seconds] 11:00 -!- sigius [~sigius@93.125.185.45] has joined #openvpn 11:00 -!- sigius [~sigius@93.125.185.45] has quit [Read error: Connection reset by peer] 11:01 < hyper_ch> catbit: http://pastebin.com/z4hXRxSG 11:01 < hyper_ch> catbit: what distro? 11:01 -!- zz_mgorbach [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has joined #openvpn 11:01 < catbit> Amazon EC2 AMI micro instance 11:02 < hyper_ch> that's not a distro I think 11:02 < catbit> well it's the Amazon linux 11:02 < catbit> modified from Fedora 11:02 -!- ianthius_ [ianthius@y0u.co.cc] has quit [Read error: Connection reset by peer] 11:02 < hyper_ch> ah 11:02 < hyper_ch> well, I left the directive demon away 11:03 < hyper_ch> and msfix 11:03 < hyper_ch> and the tmu size 11:03 < hyper_ch> you might want to re-add them 11:03 < catbit> ok, let me try 11:04 -!- ianthius_ [ianthius@y0u.co.cc] has joined #openvpn 11:04 -!- Araluccl0 [~lallo@151.77.226.107] has joined #openvpn 11:06 < hyper_ch> !def 1 11:06 < hyper_ch> !def1 11:06 <@vpnHelper> "def1" is (#1) used in redirect-gateway, Add the def1 flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. or (#2) please see --redirect-gateway in the man page ( !man ) to fully understand or (#3) push "redirect-gateway def1" 11:06 < catbit> service openvpn restart 11:06 < catbit> Shutting down openvpn: [ OK ] 11:06 < catbit> Starting openvpn: [FAILED] 11:06 < hyper_ch> enable the log 11:07 < hyper_ch> it's commented out 11:07 < hyper_ch> restart openvpn 11:07 < hyper_ch> check the log 11:09 < catbit> it's ok now. let me update my router 11:09 -!- zz_mgorbach [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has quit [Ping timeout: 240 seconds] 11:10 < Araluccl0> hi, i was about to ask a question related to redirect-gateway... I need to do that but for a NON Vpn vlient into my subnet... my router is but my media center doesnt have a openvopn package...so I have to ad routes into my router .conf... I tried to add a simple route 192.168.1.135 255.255.255.255 vpn_gateway but it didnt work... can anyone help me? 11:10 < Araluccl0> client = client 11:10 < Araluccl0> :) vlient = client 11:11 < Araluccl0> 192.168.1.135 is my media center box if I add that string it stops accessing to wan 11:12 < hyper_ch> Araluccl0: I'm not following what you try to do 11:12 < hyper_ch> the def1 just adds to routing rules to through the vpn 11:12 < hyper_ch> that are both half of the internet 11:12 < hyper_ch> one is 0.0.0.0. 128.0.0.0 11:12 < hyper_ch> and one is 128.0.0.0 128.0.0.0 IIRC 11:13 < Araluccl0> hyper_ch I have a nmedia center into my sublan ... which cant be a vpn client 11:13 < Araluccl0> id like to route its traffic thru my vpn 11:13 < Araluccl0> my router is the only openvpn client so I thought to add custom routes into its conf for my media box 11:14 < hyper_ch> well, if you have a lan 11:14 < hyper_ch> nad if you have a router 11:14 < hyper_ch> then all traffic that goes outside your lan will be through the router 11:14 < hyper_ch> so only the router needs to be routed through the vpn 11:15 -!- catbit [~BiGcaT@113.118.166.22] has quit [Ping timeout: 252 seconds] 11:15 < Araluccl0> yes...but traffic doesnt route thru vpn ...at least not for my sublan 11:15 < hyper_ch> what are the routs on the router? 11:15 < Araluccl0> I need the equivalent of redirect-gateway def1 for a non VPN box 11:15 -!- catbit [~BiGcaT@113.118.166.22] has joined #openvpn 11:15 < hyper_ch> what is the client config on the router 11:16 < hyper_ch> what is the server config? 11:16 < Araluccl0> ah...wait... i padtebin 11:16 < hyper_ch> catbit: what does the log say? 11:16 < catbit> I need to disable my QoS first. 11:17 < catbit> It seems it's conflicting to the VPN 11:17 < hyper_ch> :) 11:17 < Araluccl0> http://pastebin.com/7hEvDTAR 11:17 < Araluccl0> this is my server.conf 11:18 < Araluccl0> and it works fine... 11:18 < hyper_ch> what's that senza topology subnet? 11:19 < hyper_ch> the ccd entry for the router is missing 11:19 < Araluccl0> its a conf when I dont use topology subnet 11:19 < Araluccl0> ah..wait 11:19 < Araluccl0> ifconfig-push 10.8.0.14 10.8.0.13 11:19 < Araluccl0> iroute 192.168.1.0 255.255.255.0 11:19 < Araluccl0> I pasted here cause it was small 11:20 < hyper_ch> just put push "redirect-gateway def1" to the router ccd 11:20 < hyper_ch> then the router should route all outgoing traffic through the vpn 11:20 < Araluccl0> yes but that route all my sublan thru vpn I only need my specific sublan non vpn client to be routed 11:21 < hyper_ch> and why cant you make the media server a vpn client? 11:21 < Araluccl0> all my sublan except 192.168.1.135 -> wan instead 192.168.1.135 -> vpn 11:21 -!- Carbon_Monoxide [~cmonxide@059148118175.ctinets.com] has joined #openvpn 11:21 < Araluccl0> it has a openelec distribution there is no openvpn package for it 11:22 < Araluccl0> and no apt or similar 11:22 < Araluccl0> its closed 11:22 < hyper_ch> compile it yoursel 11:22 -!- catbit [~BiGcaT@113.118.166.22] has quit [Ping timeout: 256 seconds] 11:22 < Araluccl0> the author says openvpn is kinda piracy :) 11:22 < hyper_ch> besides that, no clue 11:22 -!- catbit [~BiGcaT@ec2-175-41-203-12.ap-northeast-1.compute.amazonaws.com] has joined #openvpn 11:23 < Araluccl0> yes... but I thinki that with some smart routes into router conf I can do that 11:23 < hyper_ch> good luck finding them out 11:24 < Araluccl0> :) thanks I think that the key is add this into ccd roputer route 192.168.1.135 255.255.255.255 vpn_gatewa 11:24 < Araluccl0> route 192.168.1.135 255.255.255.255 vpn_gateway 11:24 < hyper_ch> you can try 11:24 < Araluccl0> openvpn sees vpn:gateway variable correctly... 11:25 < Araluccl0> I did ...but didnt work... box stops connecting to wan 11:25 < Araluccl0> vpn_gateway 11:25 < Araluccl0> maybe I have to add dns server too.. but dunno how 11:25 < hyper_ch> !dns 11:26 <@vpnHelper> "dns" is (#1) Level3 open recursive DNS server at 4.2.2.[1-6] or (#2) Google open recursive DNS server at 8.8.8.8 / 8.8.4.4 or (#3) you might be looking for !pushdns 11:26 < hyper_ch> !pushdns 11:26 <@vpnHelper> "pushdns" is (#1) push "dhcp-option DNS a.b.c.d" to push dns to the client or (#2) http://thread.gmane.org/gmane.network.openvpn.user/25139/focus=25147 see that mail archive for some info on pushing dns or (#3) http://article.gmane.org/gmane.network.openvpn.user/25149 for a perm fix via regedit or (#4) in unix you'll use the update-resolv-conf script or (#5) also 11:26 <@vpnHelper> http://comments.gmane.org/gmane.network.openvpn.user/31975 reports --register-dns as fixing their problems pushing DNS to windows 7 11:26 < hyper_ch> and try that route without "vpn_gateway" 11:27 < Araluccl0> yes I can use push "dhcp-option DNS a.b.c.d" BUT I need it to work on a different ip that the conf one 11:27 < Araluccl0> something like push "dhcp-option DNS a.b.c.d 192.168.1.135" 11:27 < hyper_ch> that's not an openvpn issue then 11:27 -!- catbit1 [~BiGcaT@113.118.166.22] has joined #openvpn 11:27 < catbit1> Hi hyper_ch 11:27 < Araluccl0> yeah...probably 11:28 < catbit1> It works now!!!! 11:28 -!- catbit [~BiGcaT@ec2-175-41-203-12.ap-northeast-1.compute.amazonaws.com] has quit [Ping timeout: 255 seconds] 11:28 < catbit1> tks alot hyper_ch ! 11:28 < hyper_ch> catbit1: good, as said, maybe you need to re-add msfix and mtu size.... but that's more of testing 11:28 < hyper_ch> to see how performance it 11:28 < catbit1> May I know what's the reason behind it? 11:28 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has joined #openvpn 11:28 < catbit1> does the order of the config items matter? 11:29 < hyper_ch> catbit1: no 11:29 < hyper_ch> you can even have same config optons multiple times 11:29 < hyper_ch> then just the last one will be used 11:29 < catbit1> I see 11:30 < catbit1> so it's this: push "route 10.8.0.0 255.255.255.0" 11:30 < hyper_ch> push is a different matter 11:30 < catbit1> and remove the route line you first mentioned 11:30 < hyper_ch> stuff like log /path/to/log/file 11:30 < hyper_ch> would be repace with a later instance of log /path/to/different/log/file 11:30 < catbit1> yep 11:31 < hyper_ch> not sure what you mean with removing first line 11:32 < catbit1> My original server.conf is: http://pastebin.com/c2tn4xE8 11:32 < catbit1> it has a line: route 192.168.1.0 255.255.255.0 10.8.0.1 11:32 < catbit1> you said this line is wrong 11:32 -!- novaflash_away [~novaflash@openvpn/user/novaflash] has quit [Quit: ABANDON SHIP! ABANDON SHIP!] 11:32 < hyper_ch> I supplied you with a working one 11:32 < catbit1> Yes 11:32 < hyper_ch> alter that one or your own to your needs 11:32 < hyper_ch> you said you have a working example 11:32 < hyper_ch> make a backup copy and start fiddling around as you desire 11:33 < catbit1> yeah, the one you created works 11:33 < catbit1> anyway, tks a lot hyper_ch !!!! 11:35 -!- _martin [~user@194-208-138-040.tele.net] has quit [Read error: Connection reset by peer] 11:36 -!- novaflash_away [~novaflash@vpnserver1.jellemaautomatisering.nl] has joined #openvpn 11:37 -!- novaflash_away is now known as novaflash 11:38 -!- ianthius_ [ianthius@y0u.co.cc] has quit [Quit: changing servers] 11:38 -!- ianthius_ [ianthius@204.188.223.45] has joined #openvpn 11:38 -!- catbit1 [~BiGcaT@113.118.166.22] has quit [Quit: Leaving] 11:41 -!- novaflash [~novaflash@vpnserver1.jellemaautomatisering.nl] has quit [Changing host] 11:41 -!- novaflash [~novaflash@openvpn/user/novaflash] has joined #openvpn 11:53 -!- zz_mgorbach [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has joined #openvpn 12:02 -!- zz_mgorbach [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has quit [Ping timeout: 240 seconds] 12:07 -!- oc80z [oc80z@blea.ch] has quit [Changing host] 12:07 -!- oc80z [oc80z@openvpn/user/oc80z] has joined #openvpn 12:12 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Remote host closed the connection] 12:12 -!- S1lv3R [~Ben@178-83-34-83.dynamic.hispeed.ch] has quit [Read error: Connection reset by peer] 12:14 -!- S1lv3R [NoMail@178-83-34-83.dynamic.hispeed.ch] has joined #openvpn 12:22 -!- S1lv3R [NoMail@178-83-34-83.dynamic.hispeed.ch] has quit [Read error: Connection reset by peer] 12:25 -!- forgotten [forgotten@is.undroppable.co.uk] has joined #openvpn 12:25 -!- S1lv3R [NoMail@178-83-34-83.dynamic.hispeed.ch] has joined #openvpn 12:26 < forgotten> hi can anyone help me get my vpn setup on a vps server running debian? i can't create tun/tap devices and unable to rebuild the kernel with loadable module support because grub can't recognize /dev/simfs as a hard disk. never worked with simfs before. 12:26 -!- zz_mgorbach [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has joined #openvpn 12:27 <+EugeneKay> What sort of VPS? 12:27 < forgotten> unmanaged 12:27 <+EugeneKay> No, the underlying tech. 12:27 < forgotten> debian squeeze, 2.6.18 12:27 <+EugeneKay> OpenVZ? 12:28 < forgotten> not sure 12:28 <+EugeneKay> uname -r 12:28 < forgotten> 2.6.18-238.5.1.el5.028stab085.3 12:29 <+EugeneKay> Yeah, that's an EL5 kernel, and you have a Debian userspace. 12:29 <+EugeneKay> And no tun devices 12:29 <+EugeneKay> What provider? 12:29 < forgotten> so theres no way to do it then? 12:29 <+EugeneKay> !openvz 12:29 <@vpnHelper> "openvz" is http://wiki.openvz.org/VPN_via_the_TUN/TAP_device to learn bout openvz specific stuff with regards to openvpn 12:29 < forgotten> webexxpurts.com 12:29 <+EugeneKay> You *can* do it, with help from your VPS host. 12:29 <+EugeneKay> But the easy way is to buy a VPS that isn't total crap 12:30 < forgotten> yeah i was starting to think thats what i did 12:30 < forgotten> but i can just cancel it at the end of the month 12:30 < forgotten> what provider do u recommend ? 12:30 <+EugeneKay> You can't recompile the kernel at all, you're not actually on a Private server 12:30 < forgotten> yeah i realized that after trying to compile and install grub2 lol 12:30 < forgotten> well realized i couldn't do much with it 12:31 <+EugeneKay> OpenVZ shares one kernel among all the "partitions" 12:31 < forgotten> oooooh 12:31 < forgotten> so its not a tru VM 12:31 <+EugeneKay> Like chroot, but a lil more so. 12:31 <+EugeneKay> Nope. 12:31 < forgotten> lame.. 12:31 <+EugeneKay> I use Linode. http://eugenekay.com/linode 12:31 <@vpnHelper> Title: Linode - Xen VPS Hosting (at eugenekay.com) 12:31 <+EugeneKay> $20/mo for 512MB ram, 4 CPUs, 20GB disk, 200GB transfer, all that. 12:31 < forgotten> someone told me arpnetworks or something, was good too 12:32 <+EugeneKay> Never heard of 'em 12:32 < forgotten> http://www.arpnetworks.com/ 12:32 <@vpnHelper> Title: ARP Networks Homepage (at www.arpnetworks.com) 12:32 < hyper_ch> forgotten: how much do you pay for the vps? 12:33 <+EugeneKay> Their pricing looks good, but they're not an exclusive-VPS provider like Linode is. That's all Linode does, and they do it excellently. 12:33 -!- Tixos [~sg@95.140.125.42] has joined #openvpn 12:33 < forgotten> hyper_ch: the one i got is only 10bucks, with cancelation anytime 12:33 < Tixos> hey 12:33 < forgotten> its the first one i ever got so i was just experimenting really 12:33 < hyper_ch> if you don't need too much of cpu power, you can get a dedi server for € 15 + vat 12:33 <+EugeneKay> They also look like they only have the one location in LA 12:33 < Tixos> could anyone shed some light on an error ive been getting for months, and my provider assures me its with my end not his 12:33 < Tixos> Sat Feb 4 17:34:13 2012 TLS: tls_process: killed expiring key 12:33 < forgotten> and vpn setup is a breaze? 12:34 < hyper_ch> Tixos: read the error 12:34 <+EugeneKay> If you can read + use bash, the howto is easy-peasy 12:34 < hyper_ch> sounds pretty obvious 12:34 < Tixos> great, 12:34 < Tixos> whats that then ? 12:34 < forgotten> EugeneKay: cool, i'll def. check into linode then, thanks a ton :) 12:34 <+EugeneKay> Tixos - when did you set up the PKI? 12:34 < Tixos> PKI? 12:34 < hyper_ch> forgotten: you need strong cpu? 12:34 <+EugeneKay> The ssl stuff 12:34 < Tixos> ? :S 12:35 <+EugeneKay> How long ago did you build the openvpn? 12:35 < Tixos> i just use the providers .ovpn file 12:35 < Tixos> i run like this 12:35 <+EugeneKay> Ahh. 12:35 < hyper_ch> forgotten: http://www.kimsufi.ie/ 12:35 <@vpnHelper> Title: Kimsufi - your range of dedicated servers from €14.99 p/m! (at www.kimsufi.ie) 12:35 < Tixos> sudo openvpn --config file.ovpn 12:35 < Tixos> every hour, exactly 1 hour, i get this error 12:35 < Tixos> but it stays connected etc 12:35 <+EugeneKay> hyper_ch - that's all well and good, if you're EUian 12:35 < forgotten> EugeneKay: if i decide to purchase one of these linode vps's is there some type of referal code you can give me to help you out? 12:36 <+EugeneKay> forgotten - http://eugenekay.com/linode 12:36 <@vpnHelper> Title: Linode - Xen VPS Hosting (at eugenekay.com) 12:36 < hyper_ch> EugeneKay: like EUgene ? 12:36 <+EugeneKay> I get $20 if you stay a customer for 90 days 12:36 < forgotten> EugeneKay: ya i went thru that link already, right on. 12:36 < forgotten> well lets see what happens :P 12:36 < forgotten> day 90, 12:36 < hyper_ch> EugeneKay: linode is in the US? 12:36 < forgotten> captains log 12:37 <+EugeneKay> They're a US company, they have four US locations, London, and Tokyo 12:37 < hyper_ch> iiieeks 12:37 -!- Carbon_Monoxide [~cmonxide@059148118175.ctinets.com] has quit [Quit: Leaving] 12:37 < Tixos> EugeneKay: here is the lines following each hour this happens 12:37 < Tixos> http://pastebin.com/5MkR8NJc 12:38 -!- Carbon_Monoxide [~cmonxide@059148118175.ctinets.com] has joined #openvpn 12:38 <+EugeneKay> Tixos - http://openvpn.net/archive/openvpn-users/2007-07/msg00104.html 12:38 <@vpnHelper> Title: Re: [Openvpn-users] TLS: tls_process, killed expiring key - What does this mean? (at openvpn.net) 12:39 <+EugeneKay> Paragraph 2 in particular ;-) 12:39 < Tixos> so nothing to worry about? 12:39 <+EugeneKay> Nope. 12:39 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 12:40 < Tixos> hmm, it looks messy 12:40 < forgotten> lol wow this place seems sweet! 12:40 < Tixos> if its normal, why does it report to terminal ? 12:40 <+EugeneKay> Because that's how stderr works 12:40 <+EugeneKay> Use the init scripts 12:40 < Tixos> but, it wants to reneg the key every hour 12:40 < Tixos> and its failing ? 12:41 < Tixos> or just telling me thats what its doing 12:41 <+EugeneKay> No, it's succeeding. 12:41 < Tixos> wtf, my provider seemed to think it was a problem 12:41 < Tixos> kind of worrying 12:41 <+EugeneKay> They're idiots. 12:41 < Tixos> so, i shouldnt use the --re-neg switch to extend the time ? 12:41 <+EugeneKay> This is relatively common with service providers 12:42 <+EugeneKay> Nope, it's a case of openvpn working as intended 12:42 < Tixos> its ok to use the same key over a longer period of time though? 12:42 <+EugeneKay> Switching the symmetric key is necessary to ensure good connection security. Some would say an hour is too long. 12:42 < Tixos> say 4hours? 12:42 < Tixos> ah ok then 12:42 < Tixos> so you get this output also ? 12:42 <+EugeneKay> As long as you're comfortable with. The overhead of a key wap isn't much. 12:42 <+EugeneKay> No, but I have verb turned down. 12:43 < Tixos> ah, that may help me, -v 1 ? 12:43 < Tixos> ill rtm :) 12:43 <+EugeneKay> I think I'm at 3. 12:43 < Tixos> hmm, i thought 3 was high 12:43 < Tixos> lol 12:43 < S1lv3R> forgotten ure on ircqnet? 12:43 < Tixos> im on 3 i think 12:43 < forgotten> negative 12:43 < S1lv3R> kk 12:43 < Tixos> thanks EugeneKay 12:44 <+EugeneKay> I tend not to play with my vpn once it's working. 12:44 < forgotten> i sit here, efnet, and oftc 12:44 < S1lv3R> i known forgotten from ircqnet (o; 12:44 <+EugeneKay> There's #linode on OFTC, btw 12:44 < forgotten> EugeneKay: so with linodes management system i can just blow my box away and reinstall whatever os like over and over? 12:44 < forgotten> like thru their website 12:44 <+EugeneKay> Yup. 12:44 < forgotten> sick!!!! 12:45 < forgotten> im sold on that alone 12:45 <+EugeneKay> Hit the shut down button, delete your disk, hit Deploy. 12:45 <+EugeneKay> And shazam 12:47 < forgotten> wow, and i got the server instantly too 12:47 < forgotten> setup was all automatic 12:48 < forgotten> this place is bad ass 12:48 <+EugeneKay> Don't forget to request an IPv6 pool 12:49 <+EugeneKay> !vend 12:49 <+EugeneKay> Oh right, this bot doesn't do that. 12:51 -!- S1lv3R [NoMail@178-83-34-83.dynamic.hispeed.ch] has quit [Read error: Connection reset by peer] 12:51 < forgotten> via the web manager? 12:52 <+EugeneKay> Yeah, remote access tab 12:53 < forgotten> it shows 12:53 < forgotten> 69.164.204.73/255.255.255.0 ( li118-73.members.linode.com ) 12:53 < forgotten> 2600:3c00::f03c:91ff:fedf:d329/64 12:53 < forgotten> with ipv6 dns as well.. 12:53 < forgotten> dont see anywhere to request 12:54 < forgotten> looks like it already has it 12:54 -!- S1lv3R [NoMail@178-83-34-83.dynamic.hispeed.ch] has joined #openvpn 12:54 <+EugeneKay> Hrm, I thought they had put aPool link in there. 12:55 <+EugeneKay> That's the single IP you get via autoconfig. YOu can get a set of 4,096(or a /64, but that's "beta") 12:55 < forgotten> oh nice 13:05 -!- Carbon_Monoxide [~cmonxide@059148118175.ctinets.com] has quit [Quit: Leaving] 13:05 < krzee> ecrist, web cert expired last night 13:06 -!- Tixos [~sg@95.140.125.42] has left #openvpn [] 13:08 < forgotten> lol i already have the vpn server running, tun0 ptp np 13:08 < forgotten> so easy 13:08 <+EugeneKay> ;-) 13:08 < forgotten> shame on me for not talking to you before i wasted 10 bucks 13:09 < forgotten> =P 13:10 -!- Carbon_Monoxide [~cmonxide@059148118175.ctinets.com] has joined #openvpn 13:17 < Araluccl0> can I ask for a little help anybody willing sicne I cant get it to work myself? I have a machine into my sublan (192.168.1.135) which traffic id like to be routed thru vpn but it can have openvpn installed so i wan trying to add some routes to my router ccd file to make that. I tried to add a simple route 192.168.1.135 255.255.255.255 vpn_gateway but it didnt work... can anyone help me? 13:17 -!- S1lv3R [NoMail@178-83-34-83.dynamic.hispeed.ch] has quit [Read error: Connection reset by peer] 13:18 < Araluccl0> err: it was "it cant have openvpn installed" 13:19 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Remote host closed the connection] 13:19 -!- S1lv3R [NoMail@178-83-34-83.dynamic.hispeed.ch] has joined #openvpn 13:23 -!- appleguru [~appleguru@pool-173-76-27-235.bstnma.fios.verizon.net] has joined #openvpn 13:23 -!- appleguru [~appleguru@pool-173-76-27-235.bstnma.fios.verizon.net] has quit [Client Quit] 13:38 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has quit [Quit: Leaving] 13:39 -!- sigi [~sigius@93-125-185-45.dsl.alice.nl] has joined #openvpn 13:40 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 248 seconds] 13:40 -!- sigi [~sigius@93-125-185-45.dsl.alice.nl] has quit [Read error: Connection reset by peer] 13:42 -!- sigi [~sigius@93-125-185-45.dsl.alice.nl] has joined #openvpn 13:42 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has quit [Remote host closed the connection] 13:43 -!- sigi [~sigius@93-125-185-45.dsl.alice.nl] has quit [Read error: Connection reset by peer] 13:45 < S1lv3R> cat /etc/openvpn/openvpn-status.log 13:45 < S1lv3R> upps sry wrong window 14:01 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has joined #openvpn 14:03 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has quit [Client Quit] 14:10 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 14:12 -!- amir [~amir@unaffiliated/amir] has quit [Remote host closed the connection] 14:12 -!- amir [~amir@unaffiliated/amir] has joined #openvpn 14:18 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 14:23 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Remote host closed the connection] 14:37 -!- ianthius__ [~ian@74.81.95.158] has joined #openvpn 14:38 < tabakhase> S1lv3R a log file in /etc/... shame on you 14:40 -!- ianthius [~ian@unaffiliated/ianthius] has quit [Ping timeout: 255 seconds] 14:41 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 14:44 -!- Carbon_Monoxide [~cmonxide@059148118175.ctinets.com] has quit [Quit: Leaving] 14:51 -!- vpopov [~happylife@dyn-58-222.fttbee.kis.ru] has quit [Read error: No route to host] 15:34 -!- Vivek [~vivek@gnu-india/admin/lopsa.member.vivek] has joined #openvpn 15:34 < Vivek> I am getting the following error when I try to connect via OpenVPN 15:34 < Vivek> The output of tail -f /var/log/syslog | grep -i vpn 15:34 < Vivek> is as follows 15:34 < Vivek> http://paste.debian.net/154928/ 15:35 < Vivek> Thanks in advance. 15:36 < krzee> try running openvpn directly 15:36 < krzee> !netman 15:36 <@vpnHelper> "netman" is if you are using network manager for linux to configure your vpn, dont! http://openvpn.net/archive/openvpn-users/2008-01/msg00046.html to read the same thing from the author of the openvpn 2 cookbook on the mail list 15:37 < Vivek> krzee: How do I run openvpn directly ? 15:37 < krzee> from commandline, openvpn command 15:37 < Vivek> Just the command openvpn right ? 15:37 < Vivek> Are there any parameters to be provided ? 15:37 < krzee> openvpn /path/to/config 15:38 < krzee> although it depends on your setup 15:38 < Vivek> I have use network manager. 15:38 < Vivek> How do I set it up otherwise 15:38 < Vivek> I was using a howto from riseup 15:38 < Vivek> https://help.riseup.net/en/vpn-howto#tor-and-the-riseup-vpn\ 15:38 <@vpnHelper> Title: How to run the Riseup VPN - help.riseup.net (at help.riseup.net) 15:40 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 248 seconds] 15:41 < Vivek> krzee: Are you around ? 15:42 < Vivek> Am I missing something ? 15:42 < krzee> dunno, too busy to read that 15:44 < Vivek> ok. 15:46 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 15:46 < Araluccl0> doesn anyone know if I can skip this check? parasbro.mediacenter.it.key' is a known vulnerable key I cant install openssl-vulnkey in /usr/bin cause its read opnly... 15:47 < Araluccl0> or set the path of the script to some other folder... 15:52 -!- jbusch175 [~jbusch175@c-76-111-84-174.hsd1.va.comcast.net] has joined #openvpn 15:53 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 16:09 -!- Gravitron [~admin@64.93.145.58] has joined #openvpn 16:09 -!- Gravitron [~admin@64.93.145.58] has quit [Changing host] 16:09 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 16:10 -!- Vivek [~vivek@gnu-india/admin/lopsa.member.vivek] has quit [Ping timeout: 244 seconds] 16:12 -!- Gravitro_ [~admin@69.163.40.45] has joined #openvpn 16:13 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Ping timeout: 240 seconds] 16:18 -!- oc80z [oc80z@openvpn/user/oc80z] has quit [Excess Flood] 16:18 -!- oc80z [oc80z@blea.ch] has joined #openvpn 16:34 < rob0> TLS Auth Error: --client-config-dir authentication failed for common name 'Shiboleet.Example.Org' file='clients/Shiboleet.Example.Org' 16:34 < rob0> but that file exists, case matched 16:34 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has joined #openvpn 16:34 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has quit [Changing host] 16:34 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 16:34 -!- mode/#openvpn [+v Axeman] by ChanServ 16:38 < rob0> !ccd 16:38 <@vpnHelper> "ccd" is (#1) entries that are basically included into server.conf, but only for the specified client based on common-name. use --client-config-dir to enable it, then put the config options for the client in /common-name or (#2) the ccd file is parsed each time the client connects. 16:38 < rob0> !ccd-exclusive 16:41 < rob0> Fixed. File was root:root 640, needed root:openvpn. 16:48 < Araluccl0> can anyone advice me to make this error dosappear pls? Sat Feb 4 22:47:05 2012 us=249831 ERROR: '/storage/.xbmc/addons/service.network.openvpn/bin/keys/parasbro.mediacenter.it.key' is a known vulnerable key. See 'man openssl-vulnkey' for details. 16:51 < forgotten> EugeneKay: still around? 16:54 <+EugeneKay> No 16:56 <+EugeneKay> WHy? 16:59 <@vpnHelper> RSS Update - forum: [SOLVED]Client can connect but has no access to the Internet 17:03 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 256 seconds] 17:05 -!- Diffen [~diffen@78-82-119-12.tn.glocalnet.net] has joined #openvpn 17:05 <@vpnHelper> RSS Update - forum: can't see local devices on LAN but can ping remote devices || Windows OpenVPN Server blocks other services || Client Windows 7 can't run ping || Fun with Avahi || Problem with routes | 17:06 < forgotten> EugeneKay: lol, having problems gettin windows clients to route thru ovpn 17:07 -!- rickuz [~rickuz@77-21-40-215-dynip.superkabel.de] has joined #openvpn 17:07 <+EugeneKay> Welcome to Windows 17:08 < forgotten> thats common then? 17:08 <+EugeneKay> !logs 17:08 <@vpnHelper> "logs" is (#1) is please pastebin your logfiles from both client and server with verb set to 5 or (#2) In Tunnelblick, right-click and select copy to copy log text to clipboard. 17:11 <@vpnHelper> RSS Update - forum: [SOLVED] Windows OpenVPN Server blocks other services 17:29 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has quit [Remote host closed the connection] 17:39 -!- Denial- [Denial@drgi.co.uk] has joined #openvpn 17:40 -!- rickuz1 [~rickuz@77-21-40-215-dynip.superkabel.de] has joined #openvpn 17:40 -!- BenLue [NoMail@178-83-34-83.dynamic.hispeed.ch] has joined #openvpn 17:40 -!- fremo__ [~fremo@noc.toile-libre.net] has joined #openvpn 17:43 -!- chantra_ [~chantra@unaffiliated/chantra] has joined #openvpn 17:44 -!- TheRedOc1ober [~administr@pool-96-250-107-106.nycmny.fios.verizon.net] has joined #openvpn 17:44 -!- masch_ [~quassel@big.masch.it] has joined #openvpn 17:44 -!- rob0_ [rob0@harrier.slackbuilds.org] has joined #openvpn 17:44 -!- rob0_ [rob0@harrier.slackbuilds.org] has quit [Changing host] 17:44 -!- rob0_ [rob0@pdpc/valentine/postfixninja/rob0] has joined #openvpn 17:45 -!- S1lv3R [NoMail@178-83-34-83.dynamic.hispeed.ch] has quit [Read error: Connection reset by peer] 17:45 -!- rickuz [~rickuz@77-21-40-215-dynip.superkabel.de] has quit [Ping timeout: 255 seconds] 17:45 -!- Denial [Denial@drgi.co.uk] has quit [Ping timeout: 255 seconds] 17:45 -!- Denial- is now known as Denial 17:45 -!- fremo [~fremo@noc.toile-libre.net] has quit [Ping timeout: 255 seconds] 17:45 -!- chantra [~chantra@unaffiliated/chantra] has quit [Ping timeout: 255 seconds] 17:45 -!- Intensity [bgdh4rG9xt@unaffiliated/intensity] has quit [Ping timeout: 255 seconds] 17:45 -!- TheRedOctober [~administr@pool-96-250-107-106.nycmny.fios.verizon.net] has quit [Ping timeout: 255 seconds] 17:45 -!- rob0 [rob0@pdpc/valentine/postfixninja/rob0] has quit [Ping timeout: 255 seconds] 17:45 -!- masch [~quassel@big.masch.it] has quit [Ping timeout: 255 seconds] 17:45 -!- phantomcircuit [~phantomci@50.57.81.35] has quit [Ping timeout: 255 seconds] 17:45 -!- pranq [pranq@unaffiliated/contempt] has quit [Ping timeout: 255 seconds] 17:45 -!- pranq [pranq@unaffiliated/contempt] has joined #openvpn 17:49 -!- Rejjaxx [~textual@c-67-161-204-134.hsd1.co.comcast.net] has joined #openvpn 17:49 < Rejjaxx> hey guys 17:50 < Rejjaxx> anyone here :o 17:50 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Quit: Sorry Gotta Run!] 17:55 -!- Guest89132 [~phantomci@50.57.81.35] has joined #openvpn 18:02 -!- JackWinter [~jack@ppp-289.vo.lu] has quit [Quit: Konversation terminated!] 18:02 -!- Intensity [1RlKwavoGr@unaffiliated/intensity] has joined #openvpn 18:03 -!- Denial [Denial@drgi.co.uk] has quit [] 18:05 -!- JackWinter [~jack@ppp-289.vo.lu] has joined #openvpn 18:19 -!- Rejjaxx [~textual@c-67-161-204-134.hsd1.co.comcast.net] has quit [Quit: Textual IRC Client: http://www.textualapp.com/] 18:20 -!- master_of_master [~master_of@p57B52E4C.dip.t-dialin.net] has quit [Ping timeout: 256 seconds] 18:21 -!- Diffen [~diffen@78-82-119-12.tn.glocalnet.net] has quit [Quit: This computer has gone to sleep] 18:22 -!- master_of_master [~master_of@p57B52D50.dip.t-dialin.net] has joined #openvpn 18:24 -!- rickuz1 [~rickuz@77-21-40-215-dynip.superkabel.de] has quit [Ping timeout: 245 seconds] 18:26 -!- justin [~quassel@tiny.justinzane.com] has joined #openvpn 18:26 < justin> !welcome 18:26 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 18:27 < justin> !goal 18:27 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc 18:29 -!- Rejjaxx [~x@85.17.5.143] has joined #openvpn 18:31 < justin> !goal I am using openvpn as a client to servers that I do not manage. The client connection requires a username/password which I provide via the auth-user-pass /path/to/user.pass directive. This works well for the initial connection; however, reconnections ignore the "auth-user-pass" file and require a username and password to be entered at the console. My goal is to completely automate the connection -- as if it were a daemon -- so that it stays up 18:31 < justin> totally without user input. 18:33 < justin> Note that I am running on Ubuntu Linux, using "dev-type tun" and, unfortunately, "proto tcp". 18:36 < rob0_> I'm coming up on server cert expiration soon, just generated the replacement from the original CSR. What do I need to do, just replace the old cert with new and restart? 18:36 -!- rob0_ is now known as rob0 18:37 < rob0> Also, what will happen a year from now when the CA cert expires? Generate a new one and append to the old one? 18:43 < justin> hello? 18:43 < Araluccl0> can anyone help pls ... Im really not able to make this thing work... I need to do exactly what is explained in this post http://forums.openvpn.net/topic9410.html but when I add the push "route 192.168.1.135 255.255.255.255 vpn_gateway" I receive the "Bad source packets dropped" error on the server pls help...getting crazy :) 18:43 <@vpnHelper> Title: OpenVPN Support Forum Redirect-Gateway for certain IP-range only : Server Administration (at forums.openvpn.net) 18:44 < Araluccl0> consider that 192.168.1.135 is not a vpn client cause there is no binariy for that distribution 18:44 <+EugeneKay> rob0 - yes, you generate a CA that doesn't expire for 10 years. 18:45 < Araluccl0> but I think the post cover that 18:45 < rob0> EugeneKay, heh, I think the last one was 5 years :) 18:45 < rob0> but am I right, you just cat them together? 18:46 <+EugeneKay> Correct. 18:46 < rob0> thanks 18:46 < Araluccl0> maybe I have to add an iroute directive into ccd file? 18:46 <+EugeneKay> With the -----END CERTIFICATE---- being on a different line from the followup ----BEGIN CERTIFICATE---- 18:46 <+EugeneKay> Then when the old one is expired / no longer used by any client/server you remove it 18:46 <+EugeneKay> My CA is set to expire on 2099-12-31, and my intermediaries at 10-year intervals. Good 'nuff, I think. 18:47 < rob0> hehe 18:47 <+EugeneKay> I'll probably have to revoke it before then because they're *only* 4096-bit 18:47 <+EugeneKay> And GPUs are getting cheaper every day 18:48 < rob0> yes 18:54 < rob0> justin, maybe look at making an expect(1) script, but I can't help with that other than this suggestion. 18:55 < rob0> There may be other ways folks have done that, did you search the list archives? 18:55 -!- Guest89132 [~phantomci@50.57.81.35] has quit [Quit: Clever quit message!] 18:56 < justin> @rob0: I thought about that. It seemed silly to me that the auth-user-pass thing would not work, though. Is it possible that the server is pushing "--auth-nocache" and I do not see it with --verb 3? 18:57 < justin> rob0: I looked through the archives, but did not see anything that deals specifically with reconnections. 19:02 -!- phantomcircuit [~phantomci@50.57.81.35] has joined #openvpn 19:33 -!- rickuz [~rickuz@77-20-173-176-dynip.superkabel.de] has joined #openvpn 19:38 -!- rickuz [~rickuz@77-20-173-176-dynip.superkabel.de] has quit [Ping timeout: 252 seconds] 19:45 -!- tekzilla [~jon@hmbg-5f767093.pool.mediaWays.net] has quit [Ping timeout: 240 seconds] 19:46 -!- emmanuelux [~emmanuel@2a01:e35:2e4d:9010:21d:60ff:fe0e:b818] has quit [Ping timeout: 240 seconds] 19:47 -!- tekzilla [~jon@hmbg-4d06e506.pool.mediaWays.net] has joined #openvpn 19:54 -!- _julian_ [~quassel@hmbg-5f77d88b.pool.mediaWays.net] has joined #openvpn 19:54 -!- krzee [nobody@openvpn/community/support/krzee] has quit [Quit: This computer has gone to sleep] 19:54 -!- jbusch175 [~jbusch175@c-76-111-84-174.hsd1.va.comcast.net] has quit [] 19:57 -!- _julian [~quassel@hmbg-5f760bf8.pool.mediaWays.net] has quit [Ping timeout: 252 seconds] 20:04 -!- zz_mgorbach is now known as mgorbach 20:21 -!- Rejjaxx [~x@85.17.5.143] has quit [Ping timeout: 248 seconds] 20:28 -!- forgotten [forgotten@is.undroppable.co.uk] has left #openvpn [] 20:36 <@vpnHelper> RSS Update - forum: Failed to connect to TCP? 20:46 -!- mgorbach [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has quit [Read error: Connection reset by peer] 20:46 -!- zz_mgorbach [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has joined #openvpn 20:46 -!- zz_mgorbach is now known as mgorbach 21:14 < justin> I've changed the verbosity to 5 and still see not signs of "--auth-nocache". Which makes me wonder how to debug the problem with "auth-user-pass" not working for reconnects. Anyone got any ideas? 21:16 < justin> Another !goal: I'm looking for direction for setting up monit to monitor/manage an openvpn client connection. Does anyone have experience with this. Most of the examples I've seen relate to using monit to supervise an openvpn server. 21:31 -!- cyberspace- [20253@ninthfloor.org] has quit [Remote host closed the connection] 21:38 -!- Guest_ [~textual@99-126-226-157.lightspeed.dllstx.sbcglobal.net] has joined #openvpn 21:38 -!- Guest_ [~textual@99-126-226-157.lightspeed.dllstx.sbcglobal.net] has left #openvpn [] 21:41 < justin> !paste 21:41 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into pastebin or a similar website, or (#2) ie: www.pastebin.ca 21:42 < justin> !paste 19:26:44 2012 us=10831 TLS: soft reset sec=0 bytes=246661172/0 pkts=501932/0 21:42 < justin> !paste 19:40:01 2012 us=328507 ERROR: Auth username is empty 21:44 < justin> The above is from the log file when the client connection failed. Why does openvpn "forget" the contents of the auth-user-pass file? 21:48 -!- krzee [nobody@hemp.ircpimps.org] has joined #openvpn 21:48 -!- krzee [nobody@hemp.ircpimps.org] has quit [Changing host] 21:48 -!- krzee [nobody@openvpn/community/support/krzee] has joined #openvpn 22:13 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 240 seconds] 22:13 -!- simplechat [~simplecha@123-243-79-139.static.tpgi.com.au] has joined #openvpn 22:13 -!- simplechat [~simplecha@123-243-79-139.static.tpgi.com.au] has quit [Changing host] 22:13 -!- simplechat [~simplecha@unaffiliated/simplechat] has joined #openvpn 22:18 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 22:25 -!- justin [~quassel@tiny.justinzane.com] has quit [Remote host closed the connection] 22:37 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 22:58 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 23:04 -!- Araluccl0 [~lallo@151.77.226.107] has quit [Quit: Anche il discorsismo ha un limitismo.] 23:04 -!- Araluccl0 [~lallo@151.77.226.107] has joined #openvpn 23:23 -!- oc80z [oc80z@blea.ch] has quit [Changing host] 23:23 -!- oc80z [oc80z@openvpn/user/oc80z] has joined #openvpn 23:56 -!- Beetle [~beetle@h70.20.131.174.dynamic.ip.windstream.net] has joined #openvpn 23:57 -!- Beetle [~beetle@h70.20.131.174.dynamic.ip.windstream.net] has left #openvpn [] 23:59 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn --- Day changed Sun Feb 05 2012 00:03 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 00:05 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 00:09 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 00:12 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 00:22 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 00:26 -!- Rob3Rt [h4x0r@79.133.201.84] has joined #openvpn 00:26 -!- Rob3Rt [h4x0r@79.133.201.84] has quit [Changing host] 00:26 -!- Rob3Rt [h4x0r@unaffiliated/respekt] has joined #openvpn 00:26 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 00:29 <@ecrist> krzee: thanks, I'll renew it tomorrow night 00:29 <@ecrist> not going to be using godaddy, so I need to find a new vendor 00:31 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 245 seconds] 00:36 -!- lakewood [~user@99-45-120-223.lightspeed.cicril.sbcglobal.net] has quit [Remote host closed the connection] 00:45 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Ping timeout: 252 seconds] 00:46 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 00:48 -!- ScriptFanix [vincent@Hanaman.LAN.riquer.fr] has joined #openvpn 01:01 -!- `Ile` [~kvirc@178-223-94-160.dynamic.isp.telekom.rs] has joined #openvpn 01:02 -!- ScriptFanix [vincent@Hanaman.LAN.riquer.fr] has quit [Ping timeout: 260 seconds] 01:03 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 01:30 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 01:32 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 01:58 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 02:07 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 02:11 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 02:13 -!- Denial [Denial@drgi.co.uk] has joined #openvpn 02:29 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 02:30 -!- psycholq [lukasz@6based.net] has joined #openvpn 02:31 < psycholq> !welcome 02:31 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 02:31 < psycholq> !goal 02:31 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc 02:31 -!- cron2 [~gert@openvpn/community/developer/cron2] has quit [Ping timeout: 252 seconds] 02:32 -!- cron2 [~gert@kirk.greenie.muc.de] has joined #openvpn 02:32 -!- emmanuelux [~emmanuel@2a01:e35:2e4d:9010:21d:60ff:fe0e:b818] has joined #openvpn 02:33 < psycholq> Can anyone tell me which major mode I should choose if I want to use my installation with --tun-ipv6 option? 02:37 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 02:38 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 02:38 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Quit: UnterPerro lives to save another day] 02:39 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Excess Flood] 02:40 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 02:42 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Excess Flood] 02:42 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 02:52 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 03:02 -!- cron2 [~gert@kirk.greenie.muc.de] has quit [Changing host] 03:02 -!- cron2 [~gert@openvpn/community/developer/cron2] has joined #openvpn 03:05 < psycholq> Anyone?;] 03:07 -!- h4x0r[h4xingU] [h4x0r@79.133.201.84] has joined #openvpn 03:07 -!- h4x0r[h4xingU] [h4x0r@79.133.201.84] has quit [Remote host closed the connection] 03:08 -!- Rob3Rt [h4x0r@unaffiliated/respekt] has quit [Ping timeout: 256 seconds] 03:17 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 03:19 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 03:23 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Excess Flood] 03:24 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 03:36 -!- mattock [~samuli@openvpn/corp/admin/mattock] has joined #openvpn 03:36 -!- mode/#openvpn [+o mattock] by ChanServ 03:45 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 04:06 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has joined #openvpn 04:10 -!- mattock [~samuli@openvpn/corp/admin/mattock] has quit [Quit: mattock] 04:15 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has quit [Remote host closed the connection] 04:20 -!- mattock [~samuli@openvpn/corp/admin/mattock] has joined #openvpn 04:20 -!- mode/#openvpn [+o mattock] by ChanServ 04:20 < Sgt_Lemming> home now, had some fun flying this arvo 04:37 -!- mattock [~samuli@openvpn/corp/admin/mattock] has quit [Read error: Operation timed out] 05:01 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Read error: Operation timed out] 05:01 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 05:04 -!- mattock [~samuli@openvpn/corp/admin/mattock] has joined #openvpn 05:04 -!- mode/#openvpn [+o mattock] by ChanServ 05:06 -!- VisionNL [~anonymous@tuig.nikhef.nl] has left #openvpn [] 05:07 -!- Diffen [~diffen@78-82-119-12.tn.glocalnet.net] has joined #openvpn 05:13 -!- Diffen [~diffen@78-82-119-12.tn.glocalnet.net] has quit [Quit: This computer has gone to sleep] 05:42 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 06:09 -!- BenLue is now known as S1lv3R 06:15 -!- saiju [~saiju@182.68.235.69] has joined #openvpn 06:22 -!- Cybertinus [~Cybertinu@cybertinus.jkit.nl] has joined #openvpn 06:49 -!- `Ile` [~kvirc@178-223-94-160.dynamic.isp.telekom.rs] has quit [Remote host closed the connection] 06:53 -!- saiju [~saiju@182.68.235.69] has quit [Quit: Leaving] 06:53 -!- saiju [~saiju@182.68.235.69] has joined #openvpn 06:55 -!- mattock [~samuli@openvpn/corp/admin/mattock] has quit [Ping timeout: 245 seconds] 06:56 -!- saiju [~saiju@182.68.235.69] has quit [Read error: Connection reset by peer] 06:57 -!- saiju [~saiju@182.68.235.69] has joined #openvpn 07:05 -!- Araluccl1 [~lallo@216.231.135.109] has joined #openvpn 07:05 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn 07:05 -!- mode/#openvpn [+v s7r] by ChanServ 07:08 -!- Araluccl0 [~lallo@151.77.226.107] has quit [Ping timeout: 265 seconds] 07:11 -!- tjz [~pc@unaffiliated/tjz] has quit [Quit: bbl.] 07:16 -!- JackyAlcine [~desktop@sii/jackyalcine] has joined #openvpn 07:17 -!- Araluccl0 [~lallo@151.77.226.107] has joined #openvpn 07:18 -!- JackyAlcine [~desktop@sii/jackyalcine] has quit [Excess Flood] 07:19 -!- JackyAlcine [~desktop@sii/jackyalcine] has joined #openvpn 07:21 -!- Rob3Rt [~h4x0r@101.162.154.218] has joined #openvpn 07:21 -!- Araluccl1 [~lallo@216.231.135.109] has quit [Ping timeout: 265 seconds] 07:21 -!- Rob3Rt [~h4x0r@101.162.154.218] has quit [Changing host] 07:21 -!- Rob3Rt [~h4x0r@unaffiliated/respekt] has joined #openvpn 07:22 -!- JackyAlcine [~desktop@sii/jackyalcine] has quit [Remote host closed the connection] 07:28 -!- Rob3Rt [~h4x0r@unaffiliated/respekt] has quit [] 07:34 -!- JackyAlcine [~desktop@sii/jackyalcine] has joined #openvpn 07:42 -!- JackyAlcine [~desktop@sii/jackyalcine] has quit [Remote host closed the connection] 07:53 -!- JackyAlcine [~desktop@sii/jackyalcine] has joined #openvpn 08:01 -!- JackyAlcine [~desktop@sii/jackyalcine] has quit [Remote host closed the connection] 08:04 -!- JackyAlcine [~desktop@sii/jackyalcine] has joined #openvpn 08:27 -!- saiju [~saiju@182.68.235.69] has quit [Quit: Leaving] 08:44 -!- edmont [4f93c074@gateway/web/freenode/ip.79.147.192.116] has joined #openvpn 08:44 < edmont> hi 08:45 < edmont> is there any way to avoid users sharing their certificates? 08:47 -!- JackyAlcine [~desktop@sii/jackyalcine] has quit [Remote host closed the connection] 08:49 < hyper_ch> why don't you create a cert for each user= 08:52 -!- JackyAlcine [~desktop@sii/jackyalcine] has joined #openvpn 08:53 -!- JackyAlcine [~desktop@sii/jackyalcine] has quit [Remote host closed the connection] 08:54 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 248 seconds] 08:57 -!- JackyAlcine [~desktop@ool-18be20d4.dyn.optonline.net] has joined #openvpn 08:57 -!- JackyAlcine [~desktop@ool-18be20d4.dyn.optonline.net] has quit [Changing host] 08:57 -!- JackyAlcine [~desktop@sii/jackyalcine] has joined #openvpn 09:03 -!- JackyAlcine [~desktop@sii/jackyalcine] has quit [Remote host closed the connection] 09:04 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has joined #openvpn --- Log closed Sun Feb 05 09:12:39 2012 --- Log opened Sun Feb 05 09:12:56 2012 09:12 -!- ecrist_ [~ecrist@jaguar-2-red.claimlynx.com] has joined #openvpn 09:12 -!- Irssi: #openvpn: Total of 149 nicks [3 ops, 0 halfops, 8 voices, 138 normal] 09:13 -!- ecrist [~ecrist@freebsd/contributor/openvpn.community.support.ecrist] has quit [Read error: Connection reset by peer] 09:13 -!- Axeman2 [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has joined #openvpn 09:13 -!- Axeman2 [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has quit [Changing host] 09:13 -!- Axeman2 [~Axeman3@openvpn/user/axeman] has joined #openvpn 09:13 -!- mode/#openvpn [+v Axeman2] by ChanServ 09:13 -!- Irssi: Join to #openvpn was synced in 40 secs 09:15 -!- Axeman2 [~Axeman3@openvpn/user/axeman] has left #openvpn [] 09:19 -!- p3rror [~mezgani@41.249.15.103] has quit [Ping timeout: 252 seconds] 09:28 -!- edmont [4f93c074@gateway/web/freenode/ip.79.147.192.116] has quit [Quit: Page closed] 09:29 -!- c1de0x [~c1de0x@208.111.44.254] has quit [Excess Flood] 09:32 -!- p3rror [~mezgani@41.140.153.219] has joined #openvpn 09:34 -!- bauruine [~stefan@2001:8e0:100b:dead:f2de:f1ff:fe9f:974b] has joined #openvpn 09:35 -!- caution [~caution@unaffiliated/caution] has joined #openvpn 09:35 < caution> !welcome 09:35 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 09:36 < caution> !goal 09:36 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc 09:53 -!- simplechat [~simplecha@unaffiliated/simplechat] has quit [Remote host closed the connection] 09:56 -!- MeanderingCode_ [~Meanderin@97-123-11-232.albq.qwest.net] has joined #openvpn 09:56 -!- MeanderingCode [~Meanderin@97-123-12-161.albq.qwest.net] has quit [Ping timeout: 245 seconds] 10:43 -!- Axeman [~Axeman3@knox.pace.edu] has joined #openvpn 10:43 -!- Axeman [~Axeman3@knox.pace.edu] has quit [Changing host] 10:43 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 10:43 -!- mode/#openvpn [+v Axeman] by ChanServ 10:46 -!- mgorbach [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has quit [Read error: Connection reset by peer] 10:46 -!- zz_mgorbach [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has joined #openvpn 10:46 -!- zz_mgorbach is now known as mgorbach 10:50 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 11:07 -!- p3rror [~mezgani@41.140.153.219] has quit [Read error: Operation timed out] 11:15 -!- Axeman2 [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has joined #openvpn 11:15 -!- Axeman2 [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has quit [Changing host] 11:15 -!- Axeman2 [~Axeman3@openvpn/user/axeman] has joined #openvpn 11:15 -!- mode/#openvpn [+v Axeman2] by ChanServ 11:19 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Ping timeout: 248 seconds] 11:23 -!- mgorbach [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has quit [Read error: Connection reset by peer] 11:32 -!- zz_mgorbach [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has joined #openvpn 11:32 -!- zz_mgorbach is now known as mgorbach 11:35 -!- merlin1991 [~merlin@Maemo/community/cssu/merlin1991] has joined #openvpn 11:35 < merlin1991> !config 11:35 <@vpnHelper> (config []) -- If is given, sets the value of to . Otherwise, returns the current value of . You may omit the leading "supybot." in the name if you so choose. 11:35 < merlin1991> !paste 11:35 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into pastebin or a similar website, or (#2) ie: www.pastebin.ca 11:35 * merlin1991 searches for that sed script to strip down the config to commands 11:39 -!- mgorbach [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has quit [Ping timeout: 240 seconds] 11:40 < merlin1991> !welcome 11:40 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 11:40 < merlin1991> !redirect 11:40 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns 11:41 < merlin1991> !dns 11:41 <@vpnHelper> "dns" is (#1) Level3 open recursive DNS server at 4.2.2.[1-6] or (#2) Google open recursive DNS server at 8.8.8.8 / 8.8.4.4 or (#3) you might be looking for !pushdns 11:41 < merlin1991> eh 11:41 < merlin1991> !pushdns 11:41 <@vpnHelper> "pushdns" is (#1) push "dhcp-option DNS a.b.c.d" to push dns to the client or (#2) http://thread.gmane.org/gmane.network.openvpn.user/25139/focus=25147 see that mail archive for some info on pushing dns or (#3) http://article.gmane.org/gmane.network.openvpn.user/25149 for a perm fix via regedit or (#4) in unix you'll use the update-resolv-conf script or (#5) also 11:41 <@vpnHelper> http://comments.gmane.org/gmane.network.openvpn.user/31975 reports --register-dns as fixing their problems pushing DNS to windows 7 11:44 -!- mgorbach [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has joined #openvpn 11:48 < merlin1991> okay so I pretty much have the problem of the last link, redirect in place (used to work when using cable) 11:48 < merlin1991> now win7 notebook is on wlan and as soon as I connect to the vpn dns resolving fails for applications but nslookup still works 11:49 <+EugeneKay> ecrist_ - for domains? Name.net treats me well. 11:51 < merlin1991> it's really odd, "nslookup google.com" --> get ip "ping google.com" --> unkown hostname 11:52 <+EugeneKay> Welcome to Windows. 11:52 < merlin1991> the odd thing is that system worked well at home, where windows 7 was connected over lan and not wlan 11:52 * merlin1991 wonders if using a cable would fix this 11:52 < merlin1991> will need some thinkering to get that set up though 11:54 < merlin1991> (route traffic through yet another laptop into wireless :D 11:54 < merlin1991> hm or I could go over usb into my n900 :D 12:00 < merlin1991> OMFG 12:01 < merlin1991> using win7 laptop with openvpn --(cable) --> win7 laptop with "share wlan connection" --(wlan)--> hotel ap works fine 12:01 < merlin1991> but skipping the step where I have a cable fscks dns lookup 12:01 -!- olax [~olax@82-212-130-115.teledisnet.be] has joined #openvpn 12:01 < olax> Hello 12:02 < olax> i need some help to open vpn 12:02 < olax> someone have 5 min to help me? 12:02 < merlin1991> !ask 12:02 <@vpnHelper> "ask" is (#1) don't ask to ask, just ask your question please or (#2) http://www.latinsud.com/answer/ or (#3) http://www.catb.org/~esr/faqs/smart-questions.html to learn how to get help 12:02 < olax> ok 12:03 < hyper_ch> EugeneKay: you think dazo_afk is totally drunk at fosdem? 12:06 <+EugeneKay> I hope so. 12:07 < hyper_ch> I tend to think that while at fosdem one has inet access 12:07 < hyper_ch> and since dazo_afk has been afk for quite some time, I tend to think he's more drunk than anything else :) 12:07 < hyper_ch> EugeneKay: you use firefox? 12:16 < merlin1991> EugeneKay: ever heard of such fud as I have currently? 12:18 < olax> when i download the 2.2.2 version, i got a folder with a lot of things inside, no installation needed? (sorry for my english) after this, i have to put configuration inside but i don't know where. thank you for helping me 12:27 -!- olax [~olax@82-212-130-115.teledisnet.be] has quit [Read error: Connection reset by peer] 12:29 -!- Schnabeltier [Schnabel3@ist.verliebt.in.seinen.bouncer.von.bouncer-paradise.com] has quit [Ping timeout: 252 seconds] 12:29 -!- InochI [~InochI@50.7.240.162] has joined #openvpn 12:30 < InochI> !welcom 12:30 < InochI> !welcome 12:30 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 12:30 -!- Axeman2 [~Axeman3@openvpn/user/axeman] has quit [Ping timeout: 247 seconds] 12:31 < InochI> !howto 12:31 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror 12:39 -!- Schnabeltier [Schnabel3@ist.verliebt.in.seinen.bouncer.von.bouncer-paradise.com] has joined #openvpn 12:49 -!- Axeman2 [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has joined #openvpn 12:49 -!- Axeman2 [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has quit [Changing host] 12:49 -!- Axeman2 [~Axeman3@openvpn/user/axeman] has joined #openvpn 12:49 -!- mode/#openvpn [+v Axeman2] by ChanServ 12:58 -!- m0nk3d0 [~androirc@c-67-181-161-182.hsd1.ca.comcast.net] has joined #openvpn 13:08 -!- MarcWeber [~marc@li142-245.members.linode.com] has joined #openvpn 13:27 -!- m0nk3d0 [~androirc@c-67-181-161-182.hsd1.ca.comcast.net] has quit [Quit: AndroIRC - Android IRC Client ( http://www.androirc.com )] 13:46 -!- mgorbach [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has quit [Read error: Connection reset by peer] 13:47 -!- zz_mgorbach [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has joined #openvpn 13:47 -!- zz_mgorbach is now known as mgorbach 14:08 -!- mgorbach [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has quit [Read error: Connection reset by peer] 14:08 -!- zz_mgorbach [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has joined #openvpn 14:08 -!- zz_mgorbach is now known as mgorbach 14:11 -!- psycholq [lukasz@6based.net] has left #openvpn ["WeeChat 0.3.2"] 14:15 <+EugeneKay> hyper_ch - I do 14:15 <+EugeneKay> merlin1991 I wasn't following along, so.... no? 14:15 < hyper_ch> EugeneKay: ever written an ff addon? 14:15 <+EugeneKay> hyper_ch - nyet. 14:15 < hyper_ch> aw :( 14:17 -!- TheRedOc1ober [~administr@pool-96-250-107-106.nycmny.fios.verizon.net] has quit [Quit: Lost terminal] 14:28 -!- mgorbach [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has quit [Read error: Connection reset by peer] 14:29 -!- zz_mgorbach [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has joined #openvpn 14:30 -!- zz_mgorbach is now known as mgorbach 14:34 -!- Axeman2 [~Axeman3@openvpn/user/axeman] has quit [Ping timeout: 248 seconds] 14:38 -!- mgorbach [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has quit [Read error: Connection reset by peer] 14:39 -!- zz_mgorbach [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has joined #openvpn 14:39 -!- zz_mgorbach is now known as mgorbach 14:39 -!- ianthius [~ian@unaffiliated/ianthius] has joined #openvpn 14:42 -!- ianthius__ [~ian@74.81.95.158] has quit [Ping timeout: 240 seconds] 14:44 -!- Gravitro_ [~admin@69.163.40.45] has quit [Ping timeout: 252 seconds] 14:44 <+EugeneKay> Yup. 14:46 -!- emmanuelux [~emmanuel@2a01:e35:2e4d:9010:21d:60ff:fe0e:b818] has quit [Quit: @+] 14:56 < MarcWeber> Does privatetunnel.com use UDP as transfer protocol? 14:58 < krzee> no clue, never heard of them 14:59 < krzee> oh i see 14:59 < krzee> its openvpn technologies lol 14:59 < krzee> ask in #openvpn-as 14:59 < krzee> they are the pro support for AS, they may know 15:09 -!- MeanderingCode_ is now known as MeanderingCode 15:12 < MarcWeber> My real question is: openvpn gui doesn't work on windows 7 . It was working fine for me. Now trying to use my old .ovpn file with the new install from (OpenVPN Connect) seems to work except DNS. 15:12 < MarcWeber> ping by IP works, but not by domain name. 15:12 < MarcWeber> That's why I tried the privatetunnel. 15:13 < MarcWeber> All I want is VOIP with a partner being in a network dropping 98% UDP packets... 15:15 < wedge> MarcWeber: running openvpn client as administrator? 15:16 < MarcWeber> I ran the .bat as administrator 15:16 < MarcWeber> and that contains the command running openvpn 15:17 <+EugeneKay> I'm at a loss for what you're actually trying to do and your troubleshooting steps to achieve this 15:18 <+EugeneKay> !logs 15:18 <@vpnHelper> "logs" is (#1) is please pastebin your logfiles from both client and server with verb set to 5 or (#2) In Tunnelblick, right-click and select copy to copy log text to clipboard. 15:18 <+EugeneKay> These would be useful ^ 15:27 -!- fonk [~fonk@unforgotten.de] has quit [Quit: leaving] 15:28 -!- emmanuelux [~emmanuel@2a01:e35:2e4d:9010:21d:60ff:fe0e:b818] has joined #openvpn 15:31 -!- n3lThon [~n3lThon@2.82.111.126] has joined #openvpn 15:32 -!- mcp [~mcp@wolk-project.de] has quit [Quit: ZNC - http://znc.sourceforge.net] 15:34 -!- InochI [~InochI@50.7.240.162] has quit [Ping timeout: 247 seconds] 15:35 -!- InochI [~InochI@50.7.240.162] has joined #openvpn 15:35 < n3lThon> hi, I have a simple question, the voip client linphone use always the default gateway, so it only works over the VPN when Im using for default gateway. But I only want to access the services and not to use it as default gateway. How can I solve this problem? 15:36 < n3lThon> The VPN is on bridged mode. 15:40 -!- Soap__ [~Soap@129.187.150.129] has joined #openvpn 15:41 -!- rickuz [~rickuz@77-21-40-158-dynip.superkabel.de] has joined #openvpn 15:41 < Soap__> hay, I'm currently in the process of getting a startssl certificate 15:41 < Soap__> what certificate target should I select? 15:41 < Soap__> web server ssl? 15:41 < rob0> !goal 15:41 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc 15:42 < Soap__> its for a multi-client to server config 15:42 < rob0> You want a self-signed certificate authority of your own. 15:42 < rob0> !easy-rsa 15:43 < Soap__> why not a trusted CA signed cert? 15:44 -!- mcp [~mcp@wolk-project.de] has joined #openvpn 15:44 < rob0> The CA certificate is what allows access. Do you want to control that, or do you want an external CA to control it? 15:44 < Soap__> in fact, that makes sense 16:04 -!- InochI [~InochI@50.7.240.162] has quit [Ping timeout: 248 seconds] 16:04 -!- s7r [~s7r@openvpn/user/s7r] has left #openvpn [] 16:06 -!- In0ch [~InochI@108-209-188-199.lightspeed.lsvlky.sbcglobal.net] has joined #openvpn 16:06 < n3lThon> there is no solution for me? 16:10 < rob0> I am not sure because the problem is vague. Sounds like a case to learn how to use routing, and set the software to use the proper IP address. 16:16 < Soap__> can you also do a tun multi-client setup with a static key? 16:16 < rob0> no. 16:26 <+EugeneKay> n3lThon - I'd help, but I don't do bridged mode 16:26 -!- bauruine [~stefan@2001:8e0:100b:dead:f2de:f1ff:fe9f:974b] has quit [Quit: Leaving] 16:27 -!- In0ch is now known as InochI 16:28 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has joined #openvpn 16:30 < n3lThon> EugeneKay: I know what I need to do but not how to do it. I have rthe rule that says the network is behind the tap interface, but since it is not default gateway linphone goes to the LAN connection, because it looks always to the default gateway, so i need to make a default route only for the server IP and other for normal network traffic. 16:31 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 16:31 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Client Quit] 16:31 <+EugeneKay> "but I don't do bridged mode" 16:32 -!- krzee [nobody@openvpn/community/support/krzee] has quit [Quit: This computer has gone to sleep] 16:36 < n3lThon> ok 16:37 <+EugeneKay> Why are you bridging? You don't sound like you need bridging. 16:43 < n3lThon> I need full network access for other services 16:44 < rob0> which services? 16:46 < n3lThon> some users have VNC server and I need to access to help them. its not everything on the server. I need to access the other users computers too. 16:46 < rob0> vnc is routable 16:47 < Soap__> rob0: how can I disable the message "Need IPv6 code in mroute_extract_addr_from_packet" on the server? 16:48 < n3lThon> which more used services are not routable? 16:48 <+EugeneKay> Soap__ - turn off IPv6 autoconfig 16:48 < n3lThon> can I used iptables to make both network full comunication? 16:49 < n3lThon> use* 16:49 <+EugeneKay> !route 16:49 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT or (#3) See !tcpip for more info about a more basic networking guide 16:49 < Soap__> EugeneKay: cant I turn that off server side? 16:49 -!- In0ch [~InochI@108-209-188-199.lightspeed.lsvlky.sbcglobal.net] has joined #openvpn 16:49 <+EugeneKay> Wait, are you using a tap device? 16:49 < Soap__> no, tun 16:49 <+EugeneKay> Hrm. That's odd.... I don't think it should be trying to do that, then.... 16:49 <+EugeneKay> (at least, it doesn't for me) 16:49 < Soap__> host is OSX, 2 clients windows 16:52 < Soap__> so no directive to disable? 16:52 < Sgt_Lemming> brb 16:52 -!- Sgt_Lemming [Sgt_Lemmin@124-170-64-249.dyn.iinet.net.au] has quit [Quit: F12! F12! F12!] 16:53 -!- InochI [~InochI@108-209-188-199.lightspeed.lsvlky.sbcglobal.net] has quit [Ping timeout: 252 seconds] 16:53 -!- In0ch [~InochI@108-209-188-199.lightspeed.lsvlky.sbcglobal.net] has quit [Ping timeout: 245 seconds] 17:00 < n3lThon> but since the vpn is not the default gateway so routed mode keeps the problem 17:01 < n3lThon> the linphone uses the default gateway for all connections it makes 17:02 < rob0> That's not so. If there was a static host or network route, that would be the route chosen by the kernel on the linphone machine. 17:03 < rob0> "common non-routable services", in A.D. 2012 I don't know of any. 17:03 < rob0> Ten years ago a lot of Windows networking relied on broadcasts, and broadcasts are not routable. 17:04 -!- Axeman2 [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has joined #openvpn 17:04 -!- Axeman2 [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has quit [Changing host] 17:04 -!- Axeman2 [~Axeman3@openvpn/user/axeman] has joined #openvpn 17:04 -!- mode/#openvpn [+v Axeman2] by ChanServ 17:07 <+EugeneKay> !tunortap 17:07 <@vpnHelper> "tunortap" is (#1) you ONLY want tap if you need to pass layer2 traffic over the vpn (traffic destined for a MAC address). If you are using IP traffic you want tun. Dont waste the extra overhead. or (#2) and if your reason for wanting tap is windows shares, see !wins or (#3) also remember that if someone gets access to any side of a tap vpn they can use layer2 attacks like arp poisoning against you 17:07 <@vpnHelper> over the vpn or (#4) lan gaming? use tap! 17:08 <+EugeneKay> The only two things that come to mind are Bonjour(which uses a horrid antique broadcast protocol), and old lan games(which use horrid antique proprietary broadcast protocols) 17:16 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn 17:17 < n3lThon> !wins 17:17 <@vpnHelper> "wins" is http://oreilly.com/catalog/samba/chapter/book/ch07_03.html is a good link for seeing how to run WINS on samba 17:18 < n3lThon> so if I want to use samba for windows share I need tap? Is that correct? And if the samba server is the same as VPN I need tap too? 17:21 -!- In0ch [~InochI@108-209-188-199.lightspeed.lsvlky.sbcglobal.net] has joined #openvpn 17:23 <+EugeneKay> No, you use WINS to avoid using tap 17:26 < rob0> Only ancient DOS-based Windows versions (and not even all of those) rely on broadcasts. I think it was W98 that first had WINS support. 17:26 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 240 seconds] 17:30 < n3lThon> EugeneKay: thanks. How can i get multiple clients on un in the same server? Im trying that now and im using "server ip netmask" line 17:31 < n3lThon> tun* 17:31 <+EugeneKay> !howto 17:31 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror 17:47 -!- In0ch is now known as InochI 17:58 < n3lThon> EugeneKay: server 10.0.0.0 255.255.255.0 and push "route 192.168.10.0 255.255.255.0 192.168.10.1" when I include the server IP 192.168.10.1 the client does not connect 18:07 -!- speakman [~daniel@unaffiliated/speakman] has quit [Ping timeout: 252 seconds] 18:09 < n3lThon> after debug, the openvpn generates the route so i dont need the gateway on push linux 18:09 < n3lThon> line* 18:13 < n3lThon> EugeneKay: so now I need the final config, and it is vpn clients access to lan pcs, because lan to vpn it is working. I have forwarding enable on server, both iptables and system. 18:15 -!- speakman [~daniel@h-181-147.a166.corp.bahnhof.se] has joined #openvpn 18:15 -!- speakman [~daniel@h-181-147.a166.corp.bahnhof.se] has quit [Changing host] 18:15 -!- speakman [~daniel@unaffiliated/speakman] has joined #openvpn 18:17 < rob0> --persist-key does not persist the server cert, does it? I generated the new cert with the same old key. 18:18 < rob0> I put the new cert in place of the old one without restarting. 3 clients made it through the "TLS: tls_process: killed expiring key" thing just fine. 18:20 -!- cjs226 [~cjs226@99-61-65-242.lightspeed.austtx.sbcglobal.net] has quit [] 18:20 -!- master_of_master [~master_of@p57B52D50.dip.t-dialin.net] has quit [Ping timeout: 245 seconds] 18:22 -!- master_of_master [~master_of@p57B550CA.dip.t-dialin.net] has joined #openvpn 18:27 < n3lThon> I have all network working, and I used MASQUERADE in POSTROUTING. Is there another way to have vpn accessing lan pcs? 18:29 < rob0> um, there is no good reason to NAT from one RFC 1918 (private) range to another. 18:39 < n3lThon> rob0: so which rule for iptables should I use? 18:39 < rob0> ? 18:40 -!- cjs226 [~cjs226@99-61-65-242.lightspeed.austtx.sbcglobal.net] has joined #openvpn 18:40 < rob0> If you didn't block it, it works. 18:40 < rob0> If you did block it, I'm sure I couldn't guess how to unblock it. 18:42 < rob0> well, I could: iptables -vI FORWARD -j ACCEPT -m comment --comment "this disables all FORWARD filtering" 18:43 < n3lThon> rob0: By default I have FORWARD to DROP, but I have this rule "iptables -A FORWARD -i tun0 -j ACCEPT" 18:44 < rob0> that means any packet coming in the tun0 interface is accepted 18:44 < n3lThon> but it does not work :| 18:45 < rob0> Offer void where taxed or prohibited, or if you set things up wrong somehow. :) 18:55 < n3lThon> thanks all 18:57 -!- InochI [~InochI@108-209-188-199.lightspeed.lsvlky.sbcglobal.net] has quit [] 18:57 -!- cjs226 [~cjs226@99-61-65-242.lightspeed.austtx.sbcglobal.net] has quit [] 18:58 -!- Denial [Denial@drgi.co.uk] has quit [] 19:04 < rob0> "verb 4" is not logging the "TLS: tls_process: killed expiring key" on the clients; I only see that on the server. Is that right? (Verified that syslogd on clients is working, of course.) 19:05 < rob0> maybe it's "mute 20" doing that 19:11 -!- n3lThon [~n3lThon@2.82.111.126] has quit [Quit: Leaving] 19:13 -!- emmanuelux [~emmanuel@2a01:e35:2e4d:9010:21d:60ff:fe0e:b818] has quit [Read error: Connection reset by peer] 19:17 -!- Araluccl0 [~lallo@151.77.226.107] has quit [Quit: Anche il discorsismo ha un limitismo.] 19:17 -!- Araluccl0 [~lallo@151.77.226.107] has joined #openvpn 19:21 -!- emmanuelux [~emmanuel@2a01:e35:2e4d:9010:21d:60ff:fe0e:b818] has joined #openvpn 19:22 < merlin1991> I'm in a silly situation where I want to reach the external ip of a redirect vpn server 19:23 < merlin1991> I can only reach the server over the ip on his tun adapter but not over his external one 19:25 < merlin1991> in order to reach the outside world I have a iptables -t nat -A POSTROUTING -s 10.8.1.0/24 -o eth0 -j MASQUERADE (10.8.1.0 is the range of vpn clients) 19:25 < rob0> strange, then how does the tunnel stay up? A tunnel cannot be transported through itself. 19:25 * merlin1991 thinks there probably is a route needed 19:27 -!- diffen3 [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has joined #openvpn 19:29 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has quit [Ping timeout: 252 seconds] 19:31 -!- cjs226 [~cjs226@99-61-65-242.lightspeed.austtx.sbcglobal.net] has joined #openvpn 19:32 -!- caution [~caution@unaffiliated/caution] has quit [Quit: caution] 19:46 -!- tekzilla [~jon@hmbg-4d06e506.pool.mediaWays.net] has quit [Ping timeout: 244 seconds] 19:48 -!- tekzilla [~jon@hmbg-5f763a9e.pool.mediaWays.net] has joined #openvpn 19:53 -!- _julian [~quassel@hmbg-4d06a5ee.pool.mediaWays.net] has joined #openvpn 19:53 -!- _julian_ [~quassel@hmbg-5f77d88b.pool.mediaWays.net] has quit [Read error: Operation timed out] 19:57 -!- MeanderingCode [~Meanderin@97-123-11-232.albq.qwest.net] has quit [Read error: Connection reset by peer] 20:05 -!- Axeman2 [~Axeman3@openvpn/user/axeman] has quit [Quit: Sorry Gotta Run!] 20:06 -!- Rob3Rt [~h4x0r@101.162.154.218] has joined #openvpn 20:06 -!- Rob3Rt [~h4x0r@101.162.154.218] has quit [Changing host] 20:06 -!- Rob3Rt [~h4x0r@unaffiliated/respekt] has joined #openvpn 20:08 -!- emmanuelux [~emmanuel@2a01:e35:2e4d:9010:21d:60ff:fe0e:b818] has quit [Remote host closed the connection] 20:13 -!- Rob3Rt [~h4x0r@unaffiliated/respekt] has quit [] 20:24 -!- diffen3 [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has quit [Quit: Leaving] 20:25 -!- fapI [~fapi@c-71-229-141-122.hsd1.co.comcast.net] has joined #openvpn 20:26 -!- fapI [~fapi@c-71-229-141-122.hsd1.co.comcast.net] has quit [Client Quit] 21:41 -!- `Ile` [~kvirc@93-86-78-156.dynamic.isp.telekom.rs] has joined #openvpn 21:42 -!- `Ile` [~kvirc@93-86-78-156.dynamic.isp.telekom.rs] has quit [Client Quit] 21:43 -!- `Ile` [~kvirc@93-86-78-156.dynamic.isp.telekom.rs] has joined #openvpn 21:50 -!- simplechat [~simplecha@123-243-79-139.static.tpgi.com.au] has joined #openvpn 21:50 -!- simplechat [~simplecha@123-243-79-139.static.tpgi.com.au] has quit [Changing host] 21:50 -!- simplechat [~simplecha@unaffiliated/simplechat] has joined #openvpn 21:53 < ecrist_> EugeneKay: was talking SSL. I have a low-assurity SSL cert now. it's actually encrypted, but there's no 'lock' icon or anything overly indicitive of encrypted traffic, unless you delve into debug 21:53 < ecrist_> I'd like more obvious indicator. Would love EV, but cannot afford 21:53 < ecrist_> people don't like self-signed. 21:53 < ecrist_> :/ 21:55 <+EugeneKay> ecrist_ - Startssl 21:56 < ecrist_> they're almost 3x the price of comodo 21:57 <+EugeneKay> YOu pay once for the verification, then you get as many domains as you like. And I don't remember them being THAT expensive 21:58 < `Ile`> morning 21:58 < ecrist_> http://www.startssl.com/ (look at Class 2) vs https://www.namecheap.com/ssl-certificates/comodo.aspx (EssentialSSL) 21:58 <@vpnHelper> Title: StartSSL™ Certificates & Public Key Infrastructure (at www.startssl.com) 22:00 * EugeneKay shrugs 22:02 * ecrist_ poofs 22:23 -!- Gravitron [~admin@69.163.40.45] has joined #openvpn 22:23 -!- Gravitron [~admin@69.163.40.45] has quit [Changing host] 22:23 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 22:45 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Ping timeout: 252 seconds] 22:47 -!- Gravitron [~admin@69.163.40.45] has joined #openvpn 22:47 -!- Gravitron [~admin@69.163.40.45] has quit [Changing host] 22:47 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 22:48 -!- lakewood [~ironman@99-45-120-223.lightspeed.cicril.sbcglobal.net] has joined #openvpn 22:50 -!- prakashkamliya [~prakashka@202.131.123.66] has joined #openvpn 22:51 < prakashkamliya> Can any tell me how to fire iroute for every connecting client using --client-connect script ? I mean howto or sample example of --client-connect script ? 22:53 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 22:58 -!- `Ile` [~kvirc@93-86-78-156.dynamic.isp.telekom.rs] has quit [Remote host closed the connection] 23:23 -!- oc80z [oc80z@openvpn/user/oc80z] has quit [Excess Flood] 23:23 -!- oc80z [oc80z@blea.ch] has joined #openvpn 23:48 -!- prakashkamliya [~prakashka@202.131.123.66] has quit [Ping timeout: 272 seconds] 23:48 -!- simplechat [~simplecha@unaffiliated/simplechat] has quit [Remote host closed the connection] 23:58 -!- ostolves [~ostolvis@108.162.156.19] has joined #openvpn 23:58 -!- ostolvis [~ostolvis@108.162.156.19] has quit [Read error: Connection reset by peer] --- Day changed Mon Feb 06 2012 00:03 -!- madal [~madal@bagmati.rhi.hi.is] has quit [Read error: Operation timed out] 00:03 < Olipro> what key usage flags does OpenVPN expect to be present (if the verification option is enabled) for a client x.509 cert? 00:07 -!- madal [~madal@bagmati.rhi.hi.is] has joined #openvpn 00:10 -!- ianthius [~ian@unaffiliated/ianthius] has quit [Quit: Leaving] 00:10 -!- krzee [nobody@openvpn/community/support/krzee] has joined #openvpn 00:53 <+EugeneKay> Hang on, I have that someplace 00:55 <+EugeneKay> digitalSignature and clientAuth 00:55 <+EugeneKay> Server has to be digitalSignature, keyEncipherment, serverAuth 00:57 <+EugeneKay> If you're self-signing, I also recommend you specify IPsec Tunnel / IPsec User for the server/client certs, and --remote-cert-eku 00:57 <+EugeneKay> Olipro ^ 00:58 < Olipro> cheers 00:59 <+EugeneKay> Note that remote-cert-eku can take a string OR the numeric OID. I recommend you use a string. 01:00 -!- krzee [nobody@openvpn/community/support/krzee] has quit [Quit: This computer has gone to sleep] 01:04 -!- sdferfx [~jeff@gateway/tor-sasl/sdferfx] has joined #openvpn 01:06 < sdferfx> Hello. I have configured openvpn with bridged interface on my Ubuntu VPS at Linode. I can connect but I cannot ping the gateway/ovpn server (172.17.17.1), and I cannot contact anything but lo. My understanding is that I should not need to add iptables rules as I have another Ubuntu box that is running an OpenVPN server without these and it works fine. The bridge appears to be set up correctly and the server has connectivity. 01:11 <+EugeneKay> sdferfx - why are you using bridging? Bridging is evil and causes cancer. 01:16 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 01:29 -!- `Ile` [~Ile@kaniserver.net] has joined #openvpn 01:50 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Quit: UnterPerro] 01:52 -!- krzee [nobody@hemp.ircpimps.org] has joined #openvpn 01:52 -!- krzee [nobody@hemp.ircpimps.org] has quit [Changing host] 01:52 -!- krzee [nobody@openvpn/community/support/krzee] has joined #openvpn 01:53 -!- mattock [~samuli@openvpn/corp/admin/mattock] has joined #openvpn 01:53 -!- mode/#openvpn [+o mattock] by ChanServ 02:02 -!- mattock [~samuli@openvpn/corp/admin/mattock] has quit [Remote host closed the connection] 02:06 < sdferfx> EugeneKay, I am using it now just because I already had a configuration file that used it since that box requires SMB which everything says requires bridging. 02:06 <+EugeneKay> !wins 02:06 <@vpnHelper> "wins" is http://oreilly.com/catalog/samba/chapter/book/ch07_03.html is a good link for seeing how to run WINS on samba 02:06 <+EugeneKay> SMB most emphatically does not require bridging. 02:06 -!- rickuz [~rickuz@77-21-40-158-dynip.superkabel.de] has quit [Ping timeout: 240 seconds] 02:08 < sdferfx> Ok, well, I am not touching that server since it works well. I'll change this one not to use bridging anymore though. :) 02:08 <@vpnHelper> RSS Update - forum: Lan behind VPN Server 02:11 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 252 seconds] 02:12 -!- takamichi [~pri@217.23.4.104] has joined #openvpn 02:15 < sdferfx> Thanks EugeneKay :D Whatever was wrong was the result of the bridge, changed to non-bridging and everything worked fine. Can you clue me in to when I WOULD want to use bridging? Did SMB used to require bridging? The reason I set it up was that everything I saw on Google said it was required to use Samba over VPN. 02:15 <+EugeneKay> !tunortap 02:15 <@vpnHelper> "tunortap" is (#1) you ONLY want tap if you need to pass layer2 traffic over the vpn (traffic destined for a MAC address). If you are using IP traffic you want tun. Dont waste the extra overhead. or (#2) and if your reason for wanting tap is windows shares, see !wins or (#3) also remember that if someone gets access to any side of a tap vpn they can use layer2 attacks like arp poisoning against you 02:15 <@vpnHelper> over the vpn or (#4) lan gaming? use tap! 02:15 <+EugeneKay> SMB requires bridging in non-WINS(broadcast) mode. This is how it works on a LAN. 02:16 <+EugeneKay> Give it a WINS or a DNS server, though, and that requirement vanishes 02:18 < sdferfx> I see. Thanks, that's good to know. The lan gaming thing is a little surprising but oh well. I dont' really understand why the bridge on that machine was giving me trouble but I am happy it is gone. I would guess it has something to do with dhcp -- I've only set up bridges on static networks previously 02:38 <+EugeneKay> "lan gaming" refers to "old as balls crappy IPX/SPX lan games" 02:42 < Mowi> Hello 02:47 < `Ile`> hi 02:48 <+EugeneKay> Wilkommen 02:51 < Olipro> 02:52 <+EugeneKay> queue* 02:54 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Read error: Operation timed out] 02:54 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 02:56 < Olipro> EugeneKay: no, cue 02:56 < Olipro> as in "arriving on cue" 02:56 <+EugeneKay> Their lying to you about that. 02:56 < Olipro> *They're 02:57 <+EugeneKay> Your full of it, mate. 02:57 < Olipro> you started it. 02:58 < Olipro> "*You're* looking at *Your* genitals again, aren't you" 02:58 <+EugeneKay> Hey now, this is a family establishment. 03:00 < Olipro> I know, that's why I avoided the colloquial 03:01 * EugeneKay sneezes 03:08 -!- takamichi [~pri@217.23.4.104] has quit [Ping timeout: 256 seconds] 03:08 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 03:12 -!- Azrael808 [~peter@cpc17-walt12-2-0-cust657.13-2.cable.virginmedia.com] has joined #openvpn 03:16 <@vpnHelper> RSS Update - forum: Push traffic through VPN even when using openvpn server's IP 03:34 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 255 seconds] 03:34 <@vpnHelper> RSS Update - forum: Push traffic through VPN even when using openvpn server's IP || Mod: please delete 03:37 -!- jg84 [~JoeGazz84@TechEssentials/JoeGazz84] has quit [Read error: Operation timed out] 03:43 -!- Joe_Gazz84 [~JoeGazz84@69.164.210.153] has joined #openvpn 03:48 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 04:03 -!- Denial [Denial@drgi.co.uk] has joined #openvpn 04:14 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has quit [Ping timeout: 240 seconds] 04:15 -!- Olipro [~Olipro@d.e.r.p.6.a.1.0.d.d.0.7.2.0.1.0.a.2.ip6.arpa] has joined #openvpn 04:15 -!- Olipro [~Olipro@d.e.r.p.6.a.1.0.d.d.0.7.2.0.1.0.a.2.ip6.arpa] has quit [Changing host] 04:15 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn 04:21 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has quit [Ping timeout: 272 seconds] 04:24 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has joined #openvpn 04:26 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn 04:47 <@vpnHelper> RSS Update - forum: OpenVPN Elliptic Curves (SHA512, ECDSA, ECDH, Linux, Debian) || ClearOS OpenVPN Server - Mikrotik Client - cant ping to serv || No access to share although server connect and ping ok 04:53 -!- Soap__ [~Soap@129.187.150.129] has left #openvpn [] 05:00 -!- CatKiller [~be@91.123.228.52] has quit [Ping timeout: 248 seconds] 05:15 -!- noisebleed [~quassel@lula.inescn.pt] has joined #openvpn 05:15 -!- noisebleed [~quassel@lula.inescn.pt] has quit [Changing host] 05:15 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has joined #openvpn 05:17 -!- n3lThon [~n3lThon@bl21-111-126.dsl.telepac.pt] has joined #openvpn 05:17 -!- krzee [nobody@openvpn/community/support/krzee] has quit [Quit: This computer has gone to sleep] 05:19 < n3lThon> hi 05:20 -!- emmanuelux [~emmanuel@2a01:e35:2e4d:9010:21d:60ff:fe0e:b818] has joined #openvpn 05:20 < n3lThon> rob0: I have this routes on server. Is it missing the route for returning packets to vpn clients? http://pastie.org/3326895 05:20 < n3lThon> !paste 05:21 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into pastebin or a similar website, or (#2) ie: www.pastebin.ca 05:33 -!- Netsplit *.net <-> *.split quits: JackWinter, bigcx2, ianthius_, gffa, zalzice, `Ile` 05:33 -!- Netsplit over, joins: gffa, `Ile` 05:34 -!- JackWinter [~jack@ppp-289.vo.lu] has joined #openvpn 05:34 -!- ianthius_ [ianthius@204.188.223.45] has joined #openvpn 05:34 -!- bigcx2 [~ccole@173-163-44-9-cpennsylvania.hfc.comcastbusiness.net] has joined #openvpn 05:34 -!- zalzice [~zalzice@25.79-160-109.customer.lyse.net] has joined #openvpn 05:36 -!- JackWinter [~jack@ppp-289.vo.lu] has quit [Remote host closed the connection] 05:36 -!- SuperPhly [~superphly@r74-192-223-20.bcstcmta02.clsttx.tl.dh.suddenlink.net] has joined #openvpn 05:36 -!- JackWinter [~jack@ppp-289.vo.lu] has joined #openvpn 05:36 < SuperPhly> Where am i supposed to store the keys/certs that easy-rsa creates? 05:38 < n3lThon> SuperPhly: where you want 05:38 < n3lThon> just put full path in server config file 05:41 < hyper_ch> dev/null is a great place so they remain secret 05:41 < SuperPhly> right, but it feels odd keeping secure, private files in /usr/docs/etc 05:41 < hyper_ch> why did you generate them in /usr/docs? 05:41 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has quit [Ping timeout: 240 seconds] 05:41 < SuperPhly> This is where all the scritps are /usr/share/doc/openvpn/examples/easy-rsa/2.0/keys 05:42 -!- Olipro [~Olipro@d.e.r.p.6.a.1.0.d.d.0.7.2.0.1.0.a.2.ip6.arpa] has joined #openvpn 05:42 -!- Olipro [~Olipro@d.e.r.p.6.a.1.0.d.d.0.7.2.0.1.0.a.2.ip6.arpa] has quit [Changing host] 05:42 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn 05:42 < SuperPhly> err ../ from the keys dir 05:42 < n3lThon> because he didint copy the generate scripts folders 05:42 < SuperPhly> n3lThon: ah, gotcha. 05:42 < hyper_ch> and you didn't think about cp -a /path/to/easy-rsa /etc/openvpn/ ? 05:42 < n3lThon> :D 05:42 < SuperPhly> solved ;) 05:43 < hyper_ch> but I still think /dev/null is a great place to keep them really safe 05:43 < hyper_ch> (even safe from you) 05:43 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has quit [Client Quit] 05:43 < SuperPhly> durrrrrr 05:44 -!- `Ile` [~Ile@kaniserver.net] has quit [Quit: KVIrc 4.1.3 Equilibrium http://www.kvirc.net/] 05:47 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn 05:55 -!- ironman_ [~ironman@99-45-120-223.lightspeed.cicril.sbcglobal.net] has joined #openvpn 05:57 < SuperPhly> Do I need to setup my tun0 with an IP in my /etc/network/interfaces file? or should it be handled by the dhcp server and openvpn? 05:58 -!- lakewood [~ironman@99-45-120-223.lightspeed.cicril.sbcglobal.net] has quit [Ping timeout: 252 seconds] 05:59 -!- CatKiller [~be@91.123.228.52] has joined #openvpn 06:00 -!- ironman__ [~ironman@99-45-120-223.lightspeed.cicril.sbcglobal.net] has joined #openvpn 06:04 -!- n3lThon [~n3lThon@bl21-111-126.dsl.telepac.pt] has quit [Ping timeout: 252 seconds] 06:04 -!- ironman_ [~ironman@99-45-120-223.lightspeed.cicril.sbcglobal.net] has quit [Ping timeout: 252 seconds] 06:05 -!- CatKiller [~be@91.123.228.52] has quit [Ping timeout: 248 seconds] 06:08 -!- cjs226 [~cjs226@99-61-65-242.lightspeed.austtx.sbcglobal.net] has quit [] 06:09 -!- rickuz [~rickuz@89.204.139.35] has joined #openvpn 06:14 -!- oc80z [oc80z@blea.ch] has quit [Excess Flood] 06:14 -!- oc80z [oc80z@blea.ch] has joined #openvpn 06:17 -!- CatKiller [~be@91.123.228.52] has joined #openvpn 06:26 -!- cpm_ [~Chip@pdpc/supporter/active/cpm] has joined #openvpn 06:27 -!- tushar_openvpn [~tushar@115.118.161.163] has joined #openvpn 06:29 < tushar_openvpn> Can any one help in client-connect script ? 06:29 < tushar_openvpn> i mean what is syntax and or sample configuration 06:29 < tushar_openvpn> i want to add iroute for every connecting client automatically ? how can i ? 06:29 < hyper_ch> what's iroute? 06:30 < tushar_openvpn> for adding multiple machines on client side we need to add iroute subnet netmask in ccd/common_name or else some --client-connect script 06:30 < tushar_openvpn> for routing traffic of local lan to remote lan 06:31 < tushar_openvpn> as per openvpn manual 06:31 < hyper_ch> !push 06:31 <@vpnHelper> "push" is usage: push , goes in the server config and makes the command act as if it was in the client config, can be used in ccd entries 06:32 < tushar_openvpn> that is client will push its routes ? 06:32 < tushar_openvpn> and will work same as ccd/common_name iroute subnet netmask 06:32 < tushar_openvpn> ? 06:33 < hyper_ch> no, the server pushes things to the clients 06:33 < hyper_ch> it's not good when clients can push routes and stuff to the server 06:34 < tushar_openvpn> hyper_ch: i want to add routes of client using iroute 06:34 < tushar_openvpn> and route 06:34 < hyper_ch> I don't understand 06:34 < tushar_openvpn> as per openvpn manual to include multiple machines on client side 06:34 < tushar_openvpn> wait let me explain you with scenario 06:35 < tushar_openvpn> to include multiple machines on client side as per openvpn manual we need to add route command 06:35 < tushar_openvpn> in openvpn-server.conf file 06:35 < tushar_openvpn> i.e route subnet netmask 06:36 < tushar_openvpn> and we need to create ccd/common_name and in that file we need to add iroute command 06:36 < tushar_openvpn> iroute subnet netmask 06:36 < tushar_openvpn> now i don't know common_name of connecting client in advance so i want to add iroute dynamically 06:37 < tushar_openvpn> i.e possible using iroute ? 06:37 < tushar_openvpn> hyper_ch: you got it ? 06:37 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has quit [Ping timeout: 240 seconds] 06:44 -!- cpm_ [~Chip@pdpc/supporter/active/cpm] has quit [Quit: cpm_] 06:46 -!- bigcx2 [~ccole@173-163-44-9-cpennsylvania.hfc.comcastbusiness.net] has quit [Quit: Leaving] 06:49 -!- cjs226 [~cjs226@rrcs-71-40-79-154.sw.biz.rr.com] has joined #openvpn 06:50 -!- sdferfx [~jeff@gateway/tor-sasl/sdferfx] has quit [Ping timeout: 276 seconds] 06:56 < hyper_ch> the hostname of the connecting client is defined by the client certificate name that you used 06:56 < hyper_ch> if you create a client certficiate named "bubabu" then the client's hostname is "bubabu" 06:56 < SuperPhly> i cannot for the life of me get tap0 to show in ifconfig 06:56 < hyper_ch> and you make a ccd entry named "bubabu" 06:57 < hyper_ch> !tunortap 06:57 < SuperPhly> on the server 06:57 <@vpnHelper> "tunortap" is (#1) you ONLY want tap if you need to pass layer2 traffic over the vpn (traffic destined for a MAC address). If you are using IP traffic you want tun. Dont waste the extra overhead. or (#2) and if your reason for wanting tap is windows shares, see !wins or (#3) also remember that if someone gets access to any side of a tap vpn they can use layer2 attacks like arp poisoning against you over 06:57 <@vpnHelper> the vpn or (#4) lan gaming? use tap! 06:57 -!- sdferfx [~jeff@gateway/tor-sasl/sdferfx] has joined #openvpn 06:58 < SuperPhly> hyper_ch: was that directed to me? I'm in need of tap, not tun. 06:59 < SuperPhly> I'm trying to get udhcpd to run on tap0, but udhcpd seems to die off immediately, leaving no log 06:59 < hyper_ch> why do you think you need tap? 06:59 < SuperPhly> netbios, windows network, etc 07:00 < hyper_ch> if you think you need tp 07:00 < hyper_ch> tap, then use tap 07:00 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn 07:00 < SuperPhly> right, i never asked whether to use it or not. 07:01 < SuperPhly> i'm asking what i need to do to get it to show up under ifconfig 07:02 < hyper_ch> [14:00] right, i never asked whether to use it or not. -- and sometimes the people don't know the right questions to ask 07:02 < SuperPhly> true... 07:03 < SuperPhly> my problems are with DHCP... which I think are coming from the same place that tun0 not showing up in ifconfig 07:03 < SuperPhly> rrr 07:03 < SuperPhly> err tap 07:03 < SuperPhly> god damn it, this gets confusing 07:04 -!- cjs226 [~cjs226@rrcs-71-40-79-154.sw.biz.rr.com] has quit [] 07:04 < tushar_openvpn> hyper_ch: but i dont know bubabu in advance client can be any one ,, i want to add iroute dynamically 07:04 < tushar_openvpn> client may change his/her certi 07:05 < tushar_openvpn> i want to add iroute dynamically and from manual what i understood is to use -client-connect script but i dont know how :? 07:05 < hyper_ch> tushar_openvpn: don't you give each client a cert= 07:07 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 07:08 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Client Quit] 07:13 < tushar_openvpn> yeah i definately give client come with its certificate but i dont know its common name in advance and want to configure it dynamically 07:16 < SuperPhly> ok, screw it... we'll live without samba/cifs. tun0 it is. 07:17 -!- Araluccl0 [~lallo@151.77.226.107] has quit [Quit: Anche il discorsismo ha un limitismo.] 07:17 -!- Araluccl0 [~lallo@151.77.226.107] has joined #openvpn 07:17 -!- BoomSie [~gideon@dw77242112238.amsterdam-tc.dataweb.net] has joined #openvpn 07:18 < hyper_ch> samba/cifs works over tun 07:19 -!- You're now known as ecrist 07:21 < SuperPhly> you just can't discover 07:21 < SuperPhly> or from what i know about smbd 07:21 < SuperPhly> hyper_ch: do i need a tun0 for each client connecting? 07:23 < hyper_ch> not sure about discovering... but don't you run one or multiple servers on fixed ips with known shares? 07:23 < hyper_ch> not sure what you mean with tun9 for each client connecting 07:24 < SuperPhly> err, if i have 2 clients connecting over a "tun#", can they both use tun0? 07:24 < SuperPhly> on the server 07:24 < SuperPhly> because right now, what i'm reading is that you have to specify a local ip and a remote ip 07:26 < hyper_ch> tun0 is a special interface created 07:26 < hyper_ch> nothing more 07:26 < hyper_ch> so if you have a network of three computers? 07:26 < hyper_ch> does each computer need two network interfaces to connect to the other two comptuers? 07:27 < ecrist> you need a WINS server 07:27 -!- KucukMubasir [~Ozgur@unaffiliated/kucukmubasir] has joined #openvpn 07:27 < ecrist> for browsing SMB across separate LANs 07:28 < hyper_ch> SuperPhly: listen to ecrist :) 07:28 < SuperPhly> ecrist: right, i'm going to look at that once i get things up and running with the VPN. 07:28 < SuperPhly> that makes sense though 07:28 < KucukMubasir> hi, I can't connect openvpn on windows and having this message "SIGTERM[soft,auth-failure] received, process exiting" any ideas? 07:28 < SuperPhly> I've got my client keys/cert, server key/cert, dh1024, and all that. 07:28 < KucukMubasir> I checked my credentials 07:29 < hyper_ch> KucukMubasir: run it as administrator? 07:29 < ecrist> KucukMubasir: we need to see the full logs 07:29 < ecrist> !logs 07:29 < SuperPhly> How do I go about creating the tun connects? 07:29 <@vpnHelper> "logs" is (#1) is please pastebin your logfiles from both client and server with verb set to 5 or (#2) In Tunnelblick, right-click and select copy to copy log text to clipboard. 07:29 < hyper_ch> SuperPhly: you specify tun in the config 07:29 < hyper_ch> and then it should automagically get created 07:30 < KucukMubasir> hyper_ch: yes 07:30 < KucukMubasir> ecrist: I am pasting 07:30 < SuperPhly> hyper_ch: can you give me an example setup? 07:30 < ecrist> !howto 07:30 < SuperPhly> maybe a client/server exmaple? 07:30 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror 07:31 < hyper_ch> !confgen 07:31 <@vpnHelper> "confgen" is (#1) http://www.doeshosting.com/code/openvpn-confgen.tgz for the bash config generator or (#2) you can use svn co http://www.secure-computing.net/svn/trunk/openvpn-confgen/ 07:31 < KucukMubasir> ecrist: http://pastebin.com/1kxqNNCQ 07:32 < ecrist> KucukMubasir: what about the server logs? 07:32 < ecrist> it would appear you're trying to connect to a vpn server that isn't running, or you're connecting to it incorrectly 07:33 < KucukMubasir> it is realvpn 07:33 < KucukMubasir> may I check its status any how? http://real-vpn.com/ 07:33 <@vpnHelper> Title: RealVPN | Quality VPN (at real-vpn.com) 07:33 < ecrist> KucukMubasir: we cannot help you 07:33 < ecrist> you need to contact their support 07:34 -!- cjs226 [~cjs226@rrcs-71-40-79-154.sw.biz.rr.com] has joined #openvpn 07:34 < KucukMubasir> thanks ecrist, so either my credentials or server's confirmation is mistaken. right? 07:35 < ecrist> it seems you're not connecting to the right ip and port 07:35 < ecrist> since there's a web server running on 207.210.70.202:80 07:35 < ecrist> and not an openvpn server 07:37 < KucukMubasir> then my config is wrong? 07:37 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has quit [Ping timeout: 272 seconds] 07:38 < hyper_ch> ecrist: if you don't specify a port in the configs... neither server nor client... will it just use default openvpn ports? 07:38 < ecrist> hyper_ch: not sure 07:38 < ecrist> KucukMubasir: probably 07:38 < ecrist> we can't help you, still 07:38 < ecrist> talk to their support 07:39 < KucukMubasir> thanks a lot ecrist 07:40 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn 07:44 < KucukMubasir> ecrist: I have "remote fr.real-vpn.com 443" on config file. this should be the openvpn, rather than the web page, right? can you verify if this is openvpn or not? 07:44 < hyper_ch> 443 sounds like ssl 07:45 < SuperPhly> !ta.key 07:46 < hyper_ch> KucukMubasir: did you use their config files? 07:46 < SuperPhly> hmm, what's this ta.key file for? 07:46 < KucukMubasir> there are 443, 1194,500 and 80 port on the openvpn list 07:46 < SuperPhly> and how do i gen it? 07:46 < ecrist> KucukMubasir: I'm not going to help you 07:46 < KucukMubasir> hyper_ch: yes, I used them 07:46 < ecrist> I've already stated that, we do not support other people's vpn, particularly commercial ones 07:46 < KucukMubasir> ecrist: thanks, It seems I am pushing my limits. I stop asking 07:47 < ecrist> contact their support 07:57 <@vpnHelper> RSS Update - forum: Push traffic through VPN even when using openvpn server's IP 08:04 -!- rickuz [~rickuz@89.204.139.35] has quit [Quit: Leaving.] 08:07 -!- sdferfx [~jeff@gateway/tor-sasl/sdferfx] has quit [Remote host closed the connection] 08:09 < SuperPhly> What windows client should I be using? 08:10 < |Mike|> the one from openvpn's website? 08:10 < SuperPhly> I'm using that one... just wanted to make sure. 08:11 < SuperPhly> It keeps giving me an error "process immediately exited" 08:11 < tushar_openvpn> hyper_ch: hey did you know about that client-connect script ? 08:12 < SuperPhly> Why is this in the capi.log: 2012-02-06 08:11:06-0600 [HTTPChannel,14,127.0.0.1] 127.0.0.1 - - [06/Feb/2012:14:11:05 +0000] "POST /RPC2 HTTP/1.1" 200 868 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2pre) Gecko/20100322 Prism/1.0b4 OpenVPN/1.5.0" 08:12 < SuperPhly> That's a browser string... why is a browser being initiated? 08:15 -!- KucukMubasir1 [~Ozgur@95.13.24.214] has joined #openvpn 08:15 < tushar_openvpn> Does any know how to add iroute for connecting client dynamically ? 08:18 -!- KucukMubasir [~Ozgur@unaffiliated/kucukmubasir] has quit [Ping timeout: 240 seconds] 08:19 -!- sdferfx [~jeff@gateway/tor-sasl/sdferfx] has joined #openvpn 08:20 < SuperPhly> client stalls when connecting: Mon Feb 06 08:19:43 2012 MANAGEMENT: >STATE:1328537983,WAIT,,, 08:23 -!- SuperPhly [~superphly@r74-192-223-20.bcstcmta02.clsttx.tl.dh.suddenlink.net] has quit [] 08:29 < aufwl> (openssl question) I'm trying to figure out how to pass all necessary values to openssl req ... to make a CSR from a script without being prompted. 08:30 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has quit [Ping timeout: 240 seconds] 08:30 < aufwl> easy-rsa works, but I am trying to figure out HOW, and it's too huge to figure out :-) 08:31 -!- Axeman [~Axeman3@198.105.46.22] has joined #openvpn 08:31 -!- Axeman [~Axeman3@198.105.46.22] has quit [Changing host] 08:31 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 08:31 -!- mode/#openvpn [+v Axeman] by ChanServ 08:31 < rob0> did you look at "man req"? 08:33 -!- Axeman [~Axeman3@openvpn/user/axeman] has left #openvpn [] 08:34 < tushar_openvpn> can we know common_name of connecting client ? 08:34 < tushar_openvpn> dynamically ? 08:35 -!- SuperPhly [~superphly@r74-192-223-20.bcstcmta02.clsttx.tl.dh.suddenlink.net] has joined #openvpn 08:35 < SuperPhly> I'm getting this error now: TLS Error: incoming packet authentication failed from 08:35 < SuperPhly> preceeded by: Authenticate/Decrypt packet error: packet HMAC authentication failed 08:35 < SuperPhly> the ta.key files are exactly copied, never tampered with 08:36 < aufwl> rob0: looks like the only way to do it is to have the script generate an openssl.cnf file? 08:42 <@vpnHelper> RSS Update - forum: howto determine common_name of connecting Client 08:45 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has joined #openvpn 08:46 -!- KucukMubasir [~Ozgur@unaffiliated/kucukmubasir] has joined #openvpn 08:46 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn 08:47 < rob0> tushar_openvpn, see the "Environmental Variables" section in the man page. 08:48 -!- pqatsi [~leleobhz@unaffiliated/leleobhz] has joined #openvpn 08:48 -!- KucukMubasir2 [~Ozgur@95.13.24.214] has joined #openvpn 08:48 < pqatsi> Considering a android binary, whats happening when i got this on console? "I/openvpn (13591): Cannot load inline certificate file: error:0906D06C:PEM routines:PEM_read_bio:no start line" 08:48 < pqatsi> ? 08:48 -!- scampbell [~scampbell@c-98-224-240-62.hsd1.mi.comcast.net] has joined #openvpn 08:49 -!- KucukMubasir1 [~Ozgur@95.13.24.214] has quit [Ping timeout: 240 seconds] 08:50 -!- KucukMubasir [~Ozgur@unaffiliated/kucukmubasir] has quit [Ping timeout: 240 seconds] 08:51 < pqatsi> By the way, ive compiled openvpn myself 08:53 < rob0> I'd guess that your inline certificate file cannot load because it has no start line. 08:55 < pqatsi> rob0: well, cyanogen openvpn works for me, but dont have ciphers i need, and this binary just appear to do not support android config 08:56 < pqatsi> rob0: And i dont know how android pass the system ssl certificate to application. i think this is done by management system 08:56 < pqatsi> or some kind of thing 08:56 < rob0> so then you need to look into the documentation of that management system 08:57 < rob0> maybe it won't work right with your compiled openvpn, for that matter 08:58 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn 08:58 -!- mode/#openvpn [+v s7r] by ChanServ 09:01 -!- Jarpse [~jarpse@privat.geekbunker.net] has joined #openvpn 09:09 -!- KucukMubasir [~Ozgur@unaffiliated/kucukmubasir] has joined #openvpn 09:10 < rob0> aufwl, tbh I am not sure. The man page appears to say the script needs to generate a config from a template. 09:11 -!- KucukMubasir2 [~Ozgur@95.13.24.214] has quit [Ping timeout: 244 seconds] 09:11 < pqatsi> rob0: my openvpn binary have problems with this key configuration and i think its easier fix my old problem 09:11 < pqatsi> openvpn from cyanogenmod attempt to connect 09:12 < pqatsi> on my server, i got this: Mon Feb 6 13:10:51 2012 TLS Error: cannot locate HMAC in incoming packet from [AF_INET]143.107.225.16:48329 09:12 < pqatsi> and just notting on client side 09:17 -!- KucukMubasir1 [~Ozgur@78.183.239.72] has joined #openvpn 09:18 < pqatsi> progress connecting but do not sustaun 09:18 < pqatsi> Mon Feb 6 13:17:19 2012 143.107.225.16:59111 [Leonardo_Silva_Amaral] Peer Connection Initiated with [AF_INET]143.107.225.16:59111 09:18 < pqatsi> Mon Feb 6 13:17:23 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111) 09:18 < pqatsi> why this? 09:20 -!- KucukMubasir [~Ozgur@unaffiliated/kucukmubasir] has quit [Ping timeout: 240 seconds] 09:20 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Read error: Operation timed out] 09:21 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 09:22 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has quit [Ping timeout: 272 seconds] 09:22 -!- mort_gib [~mort_gib@16.Red-83-36-63.staticIP.rima-tde.net] has joined #openvpn 09:24 < rob0> aufwl, it's -subj 09:25 -!- KucukMubasir1 is now known as KucukMubasir 09:26 -!- KucukMubasir [~Ozgur@78.183.239.72] has quit [Changing host] 09:26 -!- KucukMubasir [~Ozgur@unaffiliated/kucukmubasir] has joined #openvpn 09:26 -!- pqatsi [~leleobhz@unaffiliated/leleobhz] has quit [Ping timeout: 252 seconds] 09:28 -!- mattock [~samuli@openvpn/corp/admin/mattock] has joined #openvpn 09:28 -!- mode/#openvpn [+o mattock] by ChanServ 09:31 < rob0> aufwl, -subj "/C=$country_code/ST=$state/L=$city/CN=$common_name" (obviously with those variables populated) 09:33 -!- mort_gib [~mort_gib@16.Red-83-36-63.staticIP.rima-tde.net] has quit [Quit: Ex-Chat] 09:34 < aufwl> rob0: yes! Thanks! 09:34 -!- pqatsi [~leleobhz@unaffiliated/leleobhz] has joined #openvpn 09:34 -!- emmanuelux [~emmanuel@2a01:e35:2e4d:9010:21d:60ff:fe0e:b818] has quit [Remote host closed the connection] 09:35 -!- emmanuelux [~emmanuel@2a01:e35:2e4d:9010:21d:60ff:fe0e:b818] has joined #openvpn 09:38 -!- KucukMubasir1 [~Ozgur@78.183.239.72] has joined #openvpn 09:40 -!- KucukMubasir [~Ozgur@unaffiliated/kucukmubasir] has quit [Disconnected by services] 09:41 -!- KucukMubasir1 [~Ozgur@78.183.239.72] has left #openvpn [] 09:42 -!- S1lv3R [NoMail@178-83-34-83.dynamic.hispeed.ch] has quit [Ping timeout: 244 seconds] 09:43 -!- pqatsi [~leleobhz@unaffiliated/leleobhz] has quit [Quit: leaving] 09:43 -!- S1lv3R [NoMail@178-83-34-83.dynamic.hispeed.ch] has joined #openvpn 09:43 <@vpnHelper> RSS Update - forum: VPN Server Traffic still routes via ISP || howto determine common_name of connecting Client 09:55 -!- S1lv3R [NoMail@178-83-34-83.dynamic.hispeed.ch] has quit [Ping timeout: 255 seconds] 09:56 -!- S1lv3R [NoMail@178-83-34-83.dynamic.hispeed.ch] has joined #openvpn 10:13 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 10:16 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 10:23 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has quit [Quit: Leaving] 10:25 -!- axelm7 [axelm7@190.244.31.91] has joined #openvpn 10:26 < axelm7> hi everyone. Anybody here using OpenVPN-AS? I have a support question but nobody on #openvpnas is answering. Maybe someone here can help me out. I need to upgrade my 1.8.3.0 to the latest patch but I don't have the url to the release server. 10:27 < rob0> I have never used AS, and most likely no one else here has, either. 10:31 -!- havoc [~havoc@neptune.chaillet.net] has quit [Read error: Operation timed out] 10:31 -!- havoc [~havoc@neptune.chaillet.net] has joined #openvpn 10:32 < axelm7> rob0, ok, thanks 10:37 -!- axelm7 [axelm7@190.244.31.91] has left #openvpn [] 10:39 < rob0> man page: "For detailed documentation on the management interface, see the management-notes.txt file in the management folder of the OpenVPN source distribution." 10:39 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn 10:40 < rob0> so I goes looking into the source for the version that this man page is from (2.1.1), and no "management folder[sic]" exists. 10:50 < ecrist> sorry, we can give you a full refund, if you like 10:53 -!- BoomSie [~gideon@dw77242112238.amsterdam-tc.dataweb.net] has quit [Ping timeout: 245 seconds] 10:53 < rob0> is it in a later version? 10:56 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has quit [Quit: Leaving] 10:58 < ecrist> i think it's a left-over comment from 2.0.9 and earlier 10:59 < rob0> I guess the real goal is this: I have replaced my server certificate. Can I send a signal or something in the management console to read the new cert without killing clients? 10:59 < ecrist> no 10:59 < ecrist> you must restart openvpn 11:06 < Olipro> enter process memory, find where the certificate struct is, modify it in memory 11:07 < rob0> heh 11:07 < Olipro> *like a BOSS 11:15 -!- messedup1 [~user1@66-169-98-239.dhcp.ftwo.tx.charter.com] has left #openvpn [] 11:25 -!- n3lThon [~n3lThon@bl21-111-126.dsl.telepac.pt] has joined #openvpn 11:26 -!- dkr [~dkr@67.132.255.16] has quit [Read error: Operation timed out] 11:27 -!- vpopov [~happylife@dyn-51-18.fttbee.kis.ru] has joined #openvpn 11:32 <@vpnHelper> RSS Update - forum: Push traffic through VPN even when using openvpn server's IP 11:35 -!- rickuz [~rickuz@89.204.153.1] has joined #openvpn 11:40 -!- fellayaboy [~mystik@unaffiliated/fellayaboy] has joined #openvpn 11:41 < fellayaboy> !welcome 11:41 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 11:41 < fellayaboy> !goal 11:41 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc 11:42 -!- nonotza [~nonotza@50-57-234-249.static.cloud-ips.com] has joined #openvpn 11:45 < rob0> !route 11:45 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT or (#3) See !tcpip for more info about a more basic networking guide 11:45 < fellayaboy> hi im trying to create a small vpn for my home...i have a ubuntu 10.04 at home and a laptop with ubuntu 11.10 i want to be able to travel with my laptop and be able to connect to my home network....my routers dont support vpn nor dd wrt..i heard i can make a bridged open vpn using bridge-utils but i do not know to create a bridge using bridge-utils that will work for me...also im not sure whats the difference between routed and bridge if some 11:45 < fellayaboy> one could explain that, it would be awesome 11:46 < rob0> n3lThon, ^^ again 11:46 < rob0> If the openvpn endpoints are each the gateway for their LAN, everything works 11:47 < n3lThon> rob0: I changed the vpn to routed but I cant ping from vpn clients to lan pcs. 11:47 < rob0> the server pushes a route to the clients, saying "route these netblocks through me" 11:48 < fellayaboy> nevermind i found the difference between routed and bridged for openvpn. 11:48 < n3lThon> i have that 11:48 < fellayaboy> !howto 11:48 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror 11:49 < Olipro> he's running a server in a multi-client setup and has no iroutes 11:51 < rob0> iroutes are explained on the !route link 11:51 < n3lThon> :D 11:52 < n3lThon> !route 11:52 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT or (#3) See !tcpip for more info about a more basic networking guide 11:53 < Olipro> I note the wiki table mentions RIP for routing 11:53 < Olipro> OSPF is far less painful 11:54 < Olipro> mainly because OSPF cares about the type of link, and will generally treat it appropriately 11:54 < n3lThon> but I dont want the lan I am connected to access the VPN only I, is that the same? for example I am on friend house and I want only I acces my VPN. 11:56 -!- oc80z [oc80z@blea.ch] has quit [Excess Flood] 11:56 -!- oc80z [oc80z@blea.ch] has joined #openvpn 11:57 -!- merlin1991 [~merlin@Maemo/community/cssu/merlin1991] has left #openvpn ["http://quassel-irc.org - Chat comfortably. Anywhere."] 12:01 < n3lThon> Olipro: I need a subnet for each client? 12:02 < Olipro> every machine must be in /a/ subnet 12:02 < Olipro> in a multi-client setup, generally, they should all be in the same subnet 12:03 < Olipro> if your plan is to switch to p2p and use multiple openvpn configs, you can just use /32s 12:03 < Olipro> or no tunnel addresses at all, if you wish 12:04 -!- fellayaboy [~mystik@unaffiliated/fellayaboy] has quit [Quit: Leaving] 12:04 < Olipro> providing the machine has at least 1 address on /any/ interface that the client routes over the VPN plus ensuring strict rp-filtering is disabled, it'll work 12:04 -!- MarKsaitis [~MarKsaiti@cpc4-rdng22-2-0-cust932.15-3.cable.virginmedia.com] has joined #openvpn 12:05 < n3lThon> but openvpn dont do that automaticly with the "server ip mask" line? 12:05 < Olipro> no, quite the opposite 12:06 < Olipro> that's what you use for a multi-client configuration 12:06 < Olipro> NOT peer to peer 12:07 < n3lThon> with p2p cani have for example 2 clients connected to server at the same time? 12:07 < n3lThon> can* 12:09 < hyper_ch> n3lThon: with p2p the clients are reachable among them 12:10 < hyper_ch> but all traffic is still passed through the server 12:13 -!- rickuz1 [~rickuz@77-21-40-158-dynip.superkabel.de] has joined #openvpn 12:13 < n3lThon> I have this config http://pastie.org/3328975 12:14 -!- rickuz [~rickuz@89.204.153.1] has quit [Ping timeout: 240 seconds] 12:17 < rob0> but is the server the gateway for those LAN hosts? If not, they won't know how to respond to the pings they get. Routing has to be bidirectional: EACH side has to know how to reach the other. 12:17 < hyper_ch> n3lThon: why do you push that route: push "route 192.168.7.0 255.255.255.0" 12:17 < hyper_ch> when your vpn subnet is 10.0.0 = 12:17 < n3lThon> hyper_ch: lan network 12:18 < n3lThon> I want to access from vpn clients 12:18 < rob0> heh, well, answer me. 12:18 < n3lThon> sorry, I only did a simple bridge, never a routed one :( 12:19 < hyper_ch> !route 12:19 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT or (#3) See !tcpip for more info about a more basic networking guide 12:19 < rob0> Okay, have fun. 12:30 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has quit [Ping timeout: 272 seconds] 12:33 -!- fellayaboy [~mystik@unaffiliated/fellayaboy] has joined #openvpn 12:34 < fellayaboy> !howto 12:34 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror 12:36 -!- ZrZeRenato [~ZrZeRenat@177.106.196.43] has joined #openvpn 12:37 < ZrZeRenato> hi guys, im looking for openvpn tutorial on centos 6.2 12:37 < ZrZeRenato> ? 12:37 <+EugeneKay> !howto 12:37 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror 12:38 <+EugeneKay> ZrZeRenato ^ 12:39 < |Mike|> EugeneKay: you can also use !tell :P 12:39 <+EugeneKay> Wasn't aware vpnHelper had that turned on 12:39 < hyper_ch> !tell EugeneKay howto 12:39 <+EugeneKay> That PMs me 12:39 < hyper_ch> !tell howto EugeneKay 12:39 <@vpnHelper> Error: I haven't seen howto, I'll let you do the telling. 12:39 < hyper_ch> !tell hyper_ch howto 12:40 <+EugeneKay> !tell hyper_ch !eugenekay 12:40 <+EugeneKay> Hm. 12:40 < hyper_ch> !tell hyper_ch [howto] 12:40 < n3lThon> should I use a subnet /32 for each client? 12:40 < hyper_ch> that's the one 12:40 < |Mike|> n3lThon: isn't that a bit overkill? 12:40 < hyper_ch> !tell EugeneKay [howto] 12:40 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 256 seconds] 12:40 <+EugeneKay> That worked 12:40 < hyper_ch> but why is it in pm 12:41 < hyper_ch> it should just highlight the destinaire in here 12:41 <+EugeneKay> Probably a config var 12:41 < |Mike|> n3lThon: sorry, was trolling you a bit, but 1 IP per client is pretty normal. 12:41 <+EugeneKay> !topology 12:41 <@vpnHelper> "topology" is (#1) it is possible to avoid the !/30 behavior if you use 2.1+ with the option: topology subnet This will end up being default in later versions. or (#2) Clients will receive addresses ending in .2, .3, .4, etc, instead of being divided into 2-host subnets. or (#3) See http://osdir.com/ml/network.openvpn.devel/2005-09/msg00020.html for more history on this. 12:41 <+EugeneKay> With subnet, each client gets 1 IP. 12:41 < Olipro> net30 is The Worst. 12:42 < hyper_ch> why is net30 the worst? 12:42 < hyper_ch> everybody loves net30 12:43 <+EugeneKay> hyper_ch - it's because this is Misc.tell, not Infobot.tell 12:43 < hyper_ch> EugeneKay: well, having the factoids published in here makes other people also look at them 12:44 < hyper_ch> so highlighting one who seeks help with the factoid info would be nice 12:44 <+EugeneKay> Indeed. But !tell ain't the right command. :-p 12:44 < hyper_ch> how about !highlight EugeneKay [howto] 12:44 <+EugeneKay> Can probably do it with an alias, but I don't have permissions on the bot 12:45 < hyper_ch> well, you have more permissions than me 12:45 -!- dkr [~dkr@67.132.255.16] has joined #openvpn 12:45 < |Mike|> is it a dunkerbot/gozerbot? 12:45 <+EugeneKay> Supybot 12:46 <+EugeneKay> I don't even know what factoid moduel he's using 12:46 <+EugeneKay> I think it's Factoids, but eh 12:47 < rob0> !topology > EugeneKay 12:47 < rob0> nope 12:47 < Olipro> are you saying that !topology is better than EugeneKay? 12:47 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 12:48 <+EugeneKay> No, he's trying to redirect sdtout into me 12:48 < rob0> heh, no, that depends *which* particular topology :) 12:48 <+EugeneKay> !EugeneKay 12:48 <@vpnHelper> "EugeneKay" is right because EugeneKay is always right. 12:48 < rob0> oh wow! 12:52 <+EugeneKay> But anyway, ZrZeRenato, the howto works just fine on RHEL6 & derivatives 12:56 -!- Azrael808 [~peter@cpc17-walt12-2-0-cust657.13-2.cable.virginmedia.com] has quit [Ping timeout: 255 seconds] 12:58 -!- Zw [~Zw@133-61-11.connect.netcom.no] has joined #openvpn 12:59 < Zw> hi, whats the difference betsween openvpn and openvpn-as? 13:00 < hyper_ch> Zw: the "-as" 13:00 < Zw> ok tnx 13:00 -!- Zw [~Zw@133-61-11.connect.netcom.no] has left #openvpn [] 13:00 < hyper_ch> :/ 13:02 -!- Netsplit *.net <-> *.split quits: pa, +bigon, +Fiouz, MarcWeber, Champi, kraut, TypoNe, APTX, RageCage, |Mike|, (+2 more, use /NETSPLIT to show all of them) 13:02 -!- Netsplit over, joins: MarcWeber 13:02 -!- Netsplit over, joins: kraut, APTX, Fiouz 13:03 -!- Netsplit over, joins: pa 13:04 -!- Netsplit over, joins: TypoNe, |Mike| 13:04 -!- Champi [Champi@rootshell.fr] has joined #openvpn 13:05 -!- Netsplit over, joins: fahadsadah 13:07 -!- dkr [~dkr@67.132.255.16] has quit [Ping timeout: 272 seconds] 13:08 < fellayaboy> what is goin here..im trying to create a key using the instructions in the howto and i keep getting different results...instead of it creating a key using ./build-ca..i get other dialog.. 13:08 < fellayaboy> it says use pkitools but in the documentation in the howto i dont see anything about using pkitools 13:09 <@vpnHelper> RSS Update - forum: Fully routed and partially routed connection profiles? 13:11 < fellayaboy> noobody can help me at all? 13:11 < fellayaboy> 148 people in here and no one can help me 13:11 < fellayaboy> !welcom 13:11 < fellayaboy> !welcome 13:11 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 13:12 < fellayaboy> !howto 13:12 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror 13:12 -!- bigon [bigon@anor.bigon.be] has joined #openvpn 13:12 -!- bigon [bigon@anor.bigon.be] has quit [Changing host] 13:12 -!- bigon [bigon@ubuntu/member/bigon] has joined #openvpn 13:17 -!- RageCage [~RageCage@ssh.studentnatet.se] has joined #openvpn 13:17 -!- ronnocol [~lance@2001:1868:214::bad:babe] has joined #openvpn 13:22 -!- n3lThon [~n3lThon@bl21-111-126.dsl.telepac.pt] has quit [Ping timeout: 248 seconds] 13:24 -!- gremly [~gremly@186.28.150.33] has joined #openvpn 13:35 -!- oc80z [oc80z@blea.ch] has quit [Excess Flood] 13:35 -!- oc80z [oc80z@blea.ch] has joined #openvpn 13:37 -!- n3lThon [~n3lThon@bl21-111-126.dsl.telepac.pt] has joined #openvpn 13:41 -!- Netsplit *.net <-> *.split quits: beerbro, WebDawg, fbh, Mowi, S1lv3R 13:41 -!- Netsplit over, joins: S1lv3R 13:42 -!- Netsplit over, joins: WebDawg 13:46 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has quit [] 13:50 -!- n3lThon [~n3lThon@bl21-111-126.dsl.telepac.pt] has quit [Ping timeout: 260 seconds] 13:50 -!- fbh [fbh@lucifer.frands.net] has joined #openvpn 13:53 -!- emmanuelux [~emmanuel@2a01:e35:2e4d:9010:21d:60ff:fe0e:b818] has quit [Remote host closed the connection] 13:56 -!- emmanuelux [~emmanuel@2a01:e35:2e4d:9010:21d:60ff:fe0e:b818] has joined #openvpn 14:03 -!- vpopov [~happylife@dyn-51-18.fttbee.kis.ru] has quit [Ping timeout: 240 seconds] 14:07 -!- rickuz1 [~rickuz@77-21-40-158-dynip.superkabel.de] has quit [Quit: Leaving.] 14:08 -!- dkr [~dkr@67.132.255.16] has joined #openvpn 14:09 -!- zgr [~zgrge@79.165.25.46] has joined #openvpn 14:09 -!- zgr [~zgrge@79.165.25.46] has left #openvpn [] 14:11 -!- amir [~amir@unaffiliated/amir] has quit [Ping timeout: 265 seconds] 14:17 -!- gremly [~gremly@186.28.150.33] has quit [Ping timeout: 272 seconds] 14:24 -!- amir [~amir@unaffiliated/amir] has joined #openvpn 14:34 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 245 seconds] 14:34 -!- Mowee [~Mowi@85.17.180.48] has joined #openvpn 14:34 -!- gustav [~gustav@109.75.189.98] has joined #openvpn 14:36 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 14:39 -!- MarKsaitis [~MarKsaiti@cpc4-rdng22-2-0-cust932.15-3.cable.virginmedia.com] has quit [Quit: Leaving] 14:42 < rob0> fellayaboy, using easy-rsa? 14:43 < fellayaboy> yes 14:43 -!- gremly [~gremly@186.28.114.124] has joined #openvpn 14:43 < fellayaboy> the tutorial is kinda bad...the howto i mean...when i tried to source ./vars it didnt do anything...when i youtubed a video to see how to do it...they put source vars 14:43 < fellayaboy> it worked 14:44 < fellayaboy> i dont know if i was suppose to know that.... but i didnt 14:44 < rob0> a lot of this presumes some basic shell knowledge 14:45 < fellayaboy> yeah im a little sketchy 14:46 < Olipro> there's always xca 14:46 < fellayaboy> i wish i knew the basics but i dont know....i know little commands like cd ls rm and stuff like that 14:46 < Olipro> although that presumes some basic PKCS and x.509 familiarity 14:46 < fellayaboy> whats that 0lipro 14:46 < Olipro> *PKI 14:46 < Olipro> xca.sourceforge.net 14:47 < fellayaboy> how am i suppose to know wiether to use ./ or not 14:47 < fellayaboy> is it complicated? 14:47 * Olipro facepalms 14:47 < fellayaboy> lol 14:47 < fellayaboy> ok 14:47 < Olipro> ./ means "the current directory" 14:48 < Olipro> "./somefile" should be identical to just "somefile" 14:48 < fellayaboy> then it shiouldve worked just the same 14:49 < fellayaboy> maybe it was the fact taht i had to use sudo su instead of just sudo 14:49 < Olipro> what does sudo have to do with relative paths? 14:49 -!- Joe_Gazz84 [~JoeGazz84@69.164.210.153] has quit [Changing host] 14:49 -!- Joe_Gazz84 [~JoeGazz84@TechEssentials/JoeGazz84] has joined #openvpn 14:49 < fellayaboy> cuz i wasnt getting no results...when i used source ./vars or sudo source ./vars 14:50 < fellayaboy> but i did do sudo su and then source vars like i seen on the youtube video and it worked...idk how i was suppose to know that by myself..never went to school for linux or bash 14:51 < fellayaboy> but i learn along the way 14:52 < Olipro> sudo su will put you in shell running as root 14:52 < fellayaboy> i couldnt even access the keys folder...i had to use sudo su...i thought sudo was all that u needed... 14:52 < rob0> you need to be IN the easy-rsa directory when you are running PKI management commands 14:52 < fellayaboy> i thought sudo was root 14:52 < Olipro> sudo runs a single command as root 14:53 < fellayaboy> oohh 14:53 -!- mattock [~samuli@openvpn/corp/admin/mattock] has quit [Ping timeout: 260 seconds] 14:53 < rob0> and you do not need to be root, just install it where you have permission to write (under your $HOME) 14:53 < Olipro> more sensible distros will let you switch to root with just "su" 14:53 < hyper_ch> dazo_afk: EugeneKay: http://www.schneier.com/blog/archives/2012/02/the_failure_of_2.html 14:53 <@vpnHelper> Title: Schneier on Security: The Failure of Two-Factor Authentication (at www.schneier.com) 14:53 < fellayaboy> someone link me to a textbook, pdf or website where i could get the best knowledge of all these stuff related to terminal 14:54 < fellayaboy> 0lipro u dont like ubuntu? 14:54 -!- Joe_Gazz84 is now known as jg84 14:54 < rob0> I don't have a link, and it's "shell" not terminal. 14:55 < fellayaboy> whats the difference between the two 14:55 < Olipro> I'm not particularly fond of it, no 14:55 < hyper_ch> fellayaboy: http://fosswire.com/post/2007/08/unixlinux-command-cheat-sheet/ 14:55 <@vpnHelper> Title: Unix/Linux Command Cheat Sheet | FOSSwire (at fosswire.com) 14:55 < Olipro> but nor am I diametrically opposed to people using it 14:55 < Olipro> but by all means, consider giving OpenSUSE a try ;) 14:55 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Quit: Textual IRC Client: http://www.textualapp.com/] 14:56 < hyper_ch> apt FTW! 14:56 < hyper_ch> or NixOS 14:56 < Olipro> zypper > yum > apt 14:56 < hyper_ch> fellayaboy: that cheat sheet contains all the must-know unix commands 14:56 < rob0> changing distro/OS is rarely the best answer for a struggling noob. Pick one and learn it. Any of them can do it. 14:56 < Olipro> agreed 14:57 < fellayaboy> thanks hyper_ch i know alot of those little commands but i dont know much about the su & sudo ordeal or how soburce ./vars didnt result anything...tahts the stuff im not sure of.and i wanna know more about those type of " 14:57 < hyper_ch> but if you wanna change, change to a debian based one 14:57 < Olipro> also, man 14:57 < Olipro> man is your friend 14:57 < hyper_ch> fellayaboy: to get more than one root command, use sudo -i 14:57 < Olipro> any command you're not sure about? man it. 14:57 < Olipro> man sudo 14:57 < Olipro> man cd 14:57 < Olipro> etcetera 14:57 < hyper_ch> man Olipro 14:57 < hyper_ch> :) 14:58 < Olipro> only available in the "extended" manpages, folks 14:59 < Olipro> grep, unzip, mount, yes, yes, yes, fsck, umount, zip, sleep 14:59 < fellayaboy> yeah i know abut that stuff 14:59 < hyper_ch> and tmux 14:59 < fellayaboy> i know about man 14:59 < hyper_ch> tmux is a great program 14:59 < fellayaboy> i use it alot 14:59 < Olipro> *a lot 15:00 < fellayaboy> i think i just need to learn bash entirely 15:00 < fellayaboy> i think i gotta sit down and go through that whole thing..i think bash is my weak point 15:00 < hyper_ch> fellayaboy: http://linuxcommand.org/ 15:00 < fellayaboy> lolol i just read that 15:00 <@vpnHelper> Title: LinuxCommand.org: Learn the Linux command line. Write shell scripts. (at linuxcommand.org) 15:00 < Olipro> pfft, tmux 15:00 < Olipro> what's wrong with screen 15:01 < hyper_ch> screen is unmaintained 15:01 < hyper_ch> I've used screen since forever 15:01 < hyper_ch> and switched to tmux like a few months ago 15:01 < rob0> not so, there is a #screen channel and the maintainer is there 15:02 < hyper_ch> actually, this article made me look at tmux http://www.techrepublic.com/blog/opensource/is-tmux-the-gnu-screen-killer/1901 15:02 <@vpnHelper> Title: Is tmux the GNU Screen killer? | TechRepublic (at www.techrepublic.com) 15:02 < fellayaboy> thanks guys 15:03 < fellayaboy> ima go struggle 15:03 < ecrist> http://git.savannah.gnu.org/cgit/screen.git 15:03 <@vpnHelper> Title: screen.git - screen (at git.savannah.gnu.org) 15:03 < fellayaboy> with this openvpn stuff and get this thing to work if i can today..i just finished creating my keys..it was painstaking now onwards 15:03 < ecrist> I wouldn't say it's super active, but hardly unmaintained 15:04 < rob0> I'm using a git version of screen, in fact; horizontal and vertical split. 15:04 < rob0> but, I might look at tmux too 15:05 < hyper_ch> rob0: I can give you some nice .tmux.conf 15:05 < hyper_ch> to start with 15:05 < hyper_ch> like rebinding to ^a 15:06 < rob0> The vertical split on a widescreen monitor is very nice. 15:06 < pwrcycle> tmux is nice. and the dev for that is in #tmux too. tmux is default installed in FreeBSD, but linux distros haven't adopted it yet. 15:07 < hyper_ch> rob0: my current .tmux.conf http://pastebin.com/GcUXkhde 15:07 < pwrcycle> the big advantages of tmux are saving your screen splits when you detach, and tmux can handle more ttys than screen and won't crash if one of those ttys crash. 15:07 < hyper_ch> pwrcycle: do you know how to make multi-user sessions in tmux? 15:07 < pwrcycle> hyper_ch: no, never got to that. 15:08 < pwrcycle> hyper_ch: but hang out in #tmux, there are lots of undocumented commands. 15:08 < hyper_ch> I think that's the only feature that I miss 15:08 < hyper_ch> there's no undocumented commands... source code is documentation itself ;) 15:08 < pwrcycle> the dev guy there, is pretty helpful. nik or something like that. 15:10 < rob0> oh, so that DOES do vertical split ... I will probably try it sooner rather than later, thanks. :) 15:10 < hyper_ch> horizontal and vertical ones :) 15:11 < rob0> screen has had horizontal split since forever, but vertical is still in beta/git code. 15:12 < rob0> and screen does indeed save your layouts 15:12 < pwrcycle> rob0: the CentOS/RedHat versions of screen don't do vsplits, but Debian/Ubuntu installs will do splits. 15:12 < hyper_ch> you can even multisplit windows 15:13 < rob0> pwrcycle, as I said, I had to compile code from git for this 15:13 < pwrcycle> rob0: how does Screen save your split screen layout? 15:13 < rob0> ^a:layout store name 15:14 < rob0> and restore IIRC 15:14 < rob0> or maybe save ... I forget 15:14 < rob0> save 15:15 < rob0> my .screenrc sets up the three-way split 15:15 < pwrcycle> is "layout" a command you added? 15:16 < pwrcycle> hmm, works on Ubuntu, not in CentOS versions.. good to know though. 15:17 < rob0> no, it is documented in the man page ... in git 15:21 -!- Gravitron [~admin@64.93.145.58] has joined #openvpn 15:21 -!- Gravitron [~admin@64.93.145.58] has quit [Changing host] 15:21 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 15:26 < fellayaboy> im a little confused about the bridging and routing part of openvpn... 15:26 < fellayaboy> do i have to setup briding if my router doesnt support vpn? 15:26 < hyper_ch> !route 15:26 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT or (#3) See !tcpip for more info about a more basic networking guide 15:26 < hyper_ch> !bridge 15:26 <@vpnHelper> "bridge" is (#1) http://openvpn.net/index.php/documentation/miscellaneous/ethernet-bridging.html for the doc or (#2) http://openvpn.net/index.php/documentation/faq.html#bridge1 for info from the FAQ or (#3) also see !tunortap and !layer2 and read --server-bridge in the manual (!man) 15:28 < rob0> General best advice is to avoid bridging. 15:29 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Ping timeout: 265 seconds] 15:29 < fellayaboy> but is it possible to setup a vpn then if my router doesnt support vpn..im a noobie with vpn 15:29 -!- Gravitron [~admin@69.163.40.45] has joined #openvpn 15:30 -!- Gravitron [~admin@69.163.40.45] has quit [Changing host] 15:30 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 15:30 < fellayaboy> im guessing if my router doesnt support vpn than id have to do an ethernet bridge 15:30 < rob0> are you trying to run openvpn on the router? 15:30 < fellayaboy> noo 15:30 < rob0> then it is not relevant 15:30 < fellayaboy> oh okay..... 15:31 < fellayaboy> i gotta read more 15:31 < fellayaboy> cuz im lost lol but ill get it 15:34 -!- rickuz [~rickuz@77-21-40-158-dynip.superkabel.de] has joined #openvpn 15:46 -!- MeanderingCode [~Meanderin@97-123-11-232.albq.qwest.net] has joined #openvpn 15:51 -!- n3lThon [~n3lThon@bl21-111-126.dsl.telepac.pt] has joined #openvpn 15:51 -!- hpvincent [~zig@nap13-11-83-156-121-34.fbx.proxad.net] has joined #openvpn 15:52 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Ping timeout: 265 seconds] 15:53 -!- wizoz [~wizard@91.198.48.20] has joined #openvpn 15:54 < wizoz> Hey! Is it possible to set a tun-adapter to 100mbit rather than 10? 15:54 < wizoz> My connection is now capped to 10.4Mbps 15:58 < wizoz> Anyone? 15:59 -!- Gravitron [~admin@131.238.236.219] has joined #openvpn 15:59 -!- Gravitron [~admin@131.238.236.219] has quit [Changing host] 15:59 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 16:01 <+s7r> wizoz: the 10mbps speed you can see for tun/tap virtual adapter 16:01 <@vpnHelper> RSS Update - forum: There is a problem in your selection of --ifconfig endpoints 16:01 <+s7r> has nothing to do with the real speed 16:01 <+s7r> it's because if the driver the system sees it of 10mbps 16:01 <+s7r> but it has nothing to do with real speed in can go much higher 16:02 < wizoz> s7r: Are you sure about that? Because both my Intel i7 and my ASUS RT-N16 (460mhz) router gives me the same speed. 16:02 -!- fellayaboy [~mystik@unaffiliated/fellayaboy] has quit [Quit: Leaving] 16:03 -!- Gravitro_ [~admin@69.163.40.45] has joined #openvpn 16:03 < rob0> How did you measure this speed? 16:03 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Ping timeout: 256 seconds] 16:03 < wizoz> Both by iperf and e.g. time dd if=/dev/zero bs=1024 count=104857 | nc -q 0 10.0.0.1 5002 16:04 < wizoz> The i7 and the ASUS-router where however clients 16:04 < wizoz> The server, running OpenVPN, is also a i7 on a 100/100 mbit connection. 16:05 < wizoz> The clients are on 100/10 mbit. 16:05 < rob0> don't know, is the CPU maxed out? What cipher? 16:05 < wizoz> No cipher, just in case. 16:05 < wizoz> Doubt the i7 processor is running out. 16:06 < wizoz> I do not see any high cpu usage on i7 machine. 16:07 < wizoz> I cannot figure this one out. 16:12 -!- s7r [~s7r@openvpn/user/s7r] has left #openvpn [] 16:13 -!- BoomSie [~gideon@84-245-27-118.dsl.cambrium.nl] has joined #openvpn 16:19 -!- cjs226 [~cjs226@rrcs-71-40-79-154.sw.biz.rr.com] has quit [] 16:20 -!- horzuh [~horza@97.104.1.141] has joined #openvpn 16:28 -!- fellayaboy [~mystik@ool-44c0f4f0.dyn.optonline.net] has joined #openvpn 16:29 < fellayaboy> if i use openvpn..will i get an ip address from my routers dhcp??? 16:31 -!- rickuz1 [~rickuz@77-21-40-158-dynip.superkabel.de] has joined #openvpn 16:31 -!- rickuz [~rickuz@77-21-40-158-dynip.superkabel.de] has quit [Ping timeout: 252 seconds] 16:33 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 248 seconds] 16:33 <+EugeneKay> That depends upon how you set it up. You can get an address "on link" with your LAN, via bridging mode, but that is horrid and ugly and stupid. 16:36 -!- APTX_ [APTX@unaffiliated/aptx] has joined #openvpn 16:36 -!- APTX_ [APTX@unaffiliated/aptx] has quit [Remote host closed the connection] 16:36 -!- APTX [APTX@unaffiliated/aptx] has quit [Quit: No Ping reply in 180 seconds.] 16:36 < rob0> fellayaboy, read up on general networking and VPN concepts. A VPN cannot exist without an underlying physical IP address to carry the tunnel. 16:36 -!- APTX_ [APTX@unaffiliated/aptx] has joined #openvpn 16:36 < fellayaboy> ok 16:36 < fellayaboy> thanks EugeneKay 16:36 < fellayaboy> thanks rob0 16:38 -!- scampbell [~scampbell@c-98-224-240-62.hsd1.mi.comcast.net] has quit [Quit: Ex-Chat] 16:48 -!- fellayaboy [~mystik@ool-44c0f4f0.dyn.optonline.net] has quit [Quit: Leaving] 16:51 -!- Araluccl1 [~lallo@216.231.135.109] has joined #openvpn 16:54 -!- Araluccl0 [~lallo@151.77.226.107] has quit [Ping timeout: 265 seconds] 16:56 -!- Araluccl0 [~lallo@151.77.226.107] has joined #openvpn 16:57 -!- Araluccl1 [~lallo@216.231.135.109] has quit [Read error: Connection reset by peer] 16:57 -!- Siegfried [~Siegfried@unaffiliated/siegfried] has joined #openvpn 16:58 < Siegfried> !welcome 16:58 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 16:58 -!- Araluccl1 [~lallo@216.231.135.109] has joined #openvpn 16:59 < Siegfried> !goal 16:59 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc 16:59 < Siegfried> !logs 16:59 <@vpnHelper> "logs" is (#1) is please pastebin your logfiles from both client and server with verb set to 5 or (#2) In Tunnelblick, right-click and select copy to copy log text to clipboard. 17:01 < Siegfried> maybe you can help me, i'm trying to set up openvpn on vserver 17:01 -!- Araluccl0 [~lallo@151.77.226.107] has quit [Ping timeout: 265 seconds] 17:02 < Siegfried> i cannot use ifconfig and i cannot modify tun, it has an IP already set to 10.0.2.97 and ptp 10.0.2.98 17:02 < Siegfried> i think this is the problem because i set 10.0.2.0 255.255.255.0 and it gives the client the ip 10.0.2.6 with gw 10.0.2.5 17:04 -!- Araluccl0 [~lallo@151.77.226.107] has joined #openvpn 17:06 -!- krzee [nobody@hemp.ircpimps.org] has joined #openvpn 17:06 -!- krzee [nobody@hemp.ircpimps.org] has quit [Changing host] 17:06 -!- krzee [nobody@openvpn/community/support/krzee] has joined #openvpn 17:08 -!- Araluccl1 [~lallo@216.231.135.109] has quit [Ping timeout: 265 seconds] 17:19 -!- Siegfried [~Siegfried@unaffiliated/siegfried] has quit [Quit: Quitte] 17:24 -!- JackyAlcine [~desktop@sii/jackyalcine] has joined #openvpn 17:24 -!- n3lThon [~n3lThon@bl21-111-126.dsl.telepac.pt] has left #openvpn ["Leaving"] 17:27 -!- JackyAlcine [~desktop@sii/jackyalcine] has quit [Remote host closed the connection] 17:28 -!- rickuz1 [~rickuz@77-21-40-158-dynip.superkabel.de] has quit [Quit: Leaving.] 17:35 -!- Gravitro_ [~admin@69.163.40.45] has quit [Ping timeout: 260 seconds] 17:41 -!- Araluccl0 [~lallo@151.77.226.107] has quit [Ping timeout: 265 seconds] 17:42 -!- nonotza [~nonotza@50-57-234-249.static.cloud-ips.com] has quit [Quit: nonotza] 17:43 -!- fellayaboy [~mystik@unaffiliated/fellayaboy] has joined #openvpn 17:43 -!- JackyAlcine [~desktop@sii/jackyalcine] has joined #openvpn 17:46 < fellayaboy> ultimately when i connect to a vpn and i use a web browser will i be using the remote openvpn servers public ip address when i browse..if i go to cmyip.com will it show that im using the remotes servers ip?? 17:51 -!- JackyAlcine [~desktop@sii/jackyalcine] has quit [Remote host closed the connection] 17:53 <+EugeneKay> !def1 17:53 <@vpnHelper> "def1" is (#1) used in redirect-gateway, Add the def1 flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. or (#2) please see --redirect-gateway in the man page ( !man ) to fully understand or (#3) push "redirect-gateway def1" 17:53 <+EugeneKay> fellayaboy ^ 17:53 < fellayaboy> hmm 17:54 -!- Some_Person [~sam@99-99-216-248.lightspeed.hstntx.sbcglobal.net] has joined #openvpn 17:54 < fellayaboy> ok so #1 will override the default gateway... what is the default gateway 17:55 -!- krzee [nobody@openvpn/community/support/krzee] has quit [Quit: This computer has gone to sleep] 17:55 -!- JackyAlcine [~desktop@sii/jackyalcine] has joined #openvpn 17:56 -!- Araluccl0 [~lallo@151.77.170.15] has joined #openvpn 17:57 < Some_Person> How do I enable tun with a Xen VPS? Or does the hosting company need to do that? 17:59 <+EugeneKay> It 'just works' 17:59 < Some_Person> There appears to be no /dev/tun device though 17:59 <+EugeneKay> You can openvpn --mktun --dev tun0 18:00 < Some_Person> Oh, that worked. Thanks 18:00 <+EugeneKay> Openvpn "automagically" creates a tun device if you're running it as root / privileged user 18:00 < Some_Person> I see 18:00 <+EugeneKay> You really only need to do --mktn if you're trying to get it the openvpn process to run "unprivileged", which is a good idea 18:00 <+EugeneKay> !unpriv 18:00 <@vpnHelper> "unpriv" is see https://community.openvpn.net/openvpn/wiki/UnprivilegedUser for a write-up by EugeneKay on how to run OpenVPN without root/admin permissions. 18:00 < Some_Person> Well, I guess I need to go make a server config and all that crap 18:01 <+EugeneKay> That does tend to help, yes. 18:02 < Some_Person> Long story, but I basically have to reconfigure everything from scratch because my old server got wiped thanks to my ISP's email filter that left me without the knowledge that my server would be cut off 18:02 <+EugeneKay> Heh. 18:02 < Some_Person> But I'm on Xen now instead of OpenVZ, and I'm paying quite a bit more 18:02 <+EugeneKay> Linode? :-p 18:03 < Some_Person> No, I still can't quite afford that 18:04 < Some_Person> At least I have my old client configs I can sorta use as a guide 18:10 -!- JackyAlcine [~desktop@sii/jackyalcine] has quit [Remote host closed the connection] 18:10 < fellayaboy> is it possible to bridge an ethernet adapter to an ssh socks tunnel??? 18:12 < fellayaboy> guess not 18:13 -!- JackyAlcine [~desktop@sii/jackyalcine] has joined #openvpn 18:18 -!- master_of_master [~master_of@p57B550CA.dip.t-dialin.net] has quit [Read error: Operation timed out] 18:23 -!- master_of_master [~master_of@p57B542EE.dip.t-dialin.net] has joined #openvpn 18:27 -!- Some_Person [~sam@99-99-216-248.lightspeed.hstntx.sbcglobal.net] has quit [Changing host] 18:27 -!- Some_Person [~sam@unaffiliated/someperson/x-249303] has joined #openvpn 18:33 -!- JackyAlcine [~desktop@sii/jackyalcine] has quit [Remote host closed the connection] 18:36 -!- mgorbach [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has quit [Read error: Connection reset by peer] 18:37 -!- zz_mgorbach [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has joined #openvpn 18:37 -!- zz_mgorbach is now known as mgorbach 18:46 -!- Denial [Denial@drgi.co.uk] has quit [] 18:58 -!- ZrZeRenato [~ZrZeRenat@177.106.196.43] has quit [] 19:05 -!- fellayaboy [~mystik@unaffiliated/fellayaboy] has quit [Ping timeout: 240 seconds] 19:05 -!- fellayaboy [~mystik@ool-44c0f4f0.dyn.optonline.net] has joined #openvpn 19:07 -!- krzee [nobody@openvpn/community/support/krzee] has joined #openvpn 19:13 -!- fellayaboy [~mystik@ool-44c0f4f0.dyn.optonline.net] has quit [Quit: Leaving] 19:19 -!- emmanuelux [~emmanuel@2a01:e35:2e4d:9010:21d:60ff:fe0e:b818] has quit [Remote host closed the connection] 19:20 -!- Some_Person is now known as Some_Person|NoZN 19:20 -!- Some_Person|NoZN is now known as someperson|NoZNC 19:26 -!- someperson|NoZNC [~sam@unaffiliated/someperson/x-249303] has quit [Quit: Leaving] 19:29 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 19:39 -!- krzee [nobody@openvpn/community/support/krzee] has quit [Ping timeout: 252 seconds] 19:40 -!- mgorbach [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has quit [Read error: Connection reset by peer] 19:40 -!- JackyAlcine [~desktop@sii/jackyalcine] has joined #openvpn 19:40 -!- zz_mgorbach [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has joined #openvpn 19:40 -!- zz_mgorbach is now known as mgorbach 19:41 -!- krzee [nobody@openvpn/community/support/krzee] has joined #openvpn 19:47 -!- tekzilla [~jon@hmbg-5f763a9e.pool.mediaWays.net] has quit [Ping timeout: 256 seconds] 19:49 -!- JackyAlcine_ [~desktop@sii/jackyalcine] has joined #openvpn 19:49 -!- JackyAlcine [~desktop@sii/jackyalcine] has quit [Read error: Connection reset by peer] 19:49 -!- tekzilla [~jon@hmbg-5f7631b1.pool.mediaWays.net] has joined #openvpn 19:51 -!- _julian_ [~quassel@hmbg-4d06bc25.pool.mediaWays.net] has joined #openvpn 19:55 -!- _julian [~quassel@hmbg-4d06a5ee.pool.mediaWays.net] has quit [Ping timeout: 245 seconds] 19:55 -!- fellayaboy [~mystik@unaffiliated/fellayaboy] has joined #openvpn 19:56 -!- Some_Person [~Some_Pers@unaffiliated/someperson/x-249303] has joined #openvpn 19:56 < Some_Person> !vps 19:56 < Some_Person> !xen 19:56 < Some_Person> !help 19:56 <@vpnHelper> (help [] []) -- This command gives a useful description of what does. is only necessary if the command is in more than one plugin. 19:58 < fellayaboy> i finally created a vpn im able to ping the gateway 10.8.0.1 im using ubuntu andn using network manager with the openvpn plugin. when i connect it says i connected succesfully and i can see i did by looking at the servers terminal but when i access the internet from my pc i cant access an ything... is that suppose to happen..i dont see any other information to get this working after the howto 20:01 < fellayaboy> ok nevermind i found the answer..thats what the other guy must've told me to do thanks whoever sent that to me about using def1 20:06 -!- JPeterson [HydraIRC@s213-103-209-64.cust.tele2.se] has quit [Ping timeout: 252 seconds] 20:13 -!- JackyAlcine_ [~desktop@sii/jackyalcine] has quit [Read error: Connection reset by peer] 20:13 -!- JackyAlcine [~desktop@sii/jackyalcine] has joined #openvpn 20:14 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Quit: UnterPerro] 20:15 < Some_Person> How do I set up iptables and all that crap for an OpenVPN server hosted on a Xen VPS? 20:16 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 20:17 < Some_Person> !iptables 20:17 <@vpnHelper> "iptables" is (#1) to test if iptables is your problem, disable all rules or put the defaults to accept: iptables -P INPUT ACCEPT; iptables -P OUTPUT ACCEPT; iptables -P FORWARD ACCEPT; iptables -F; iptables -Z or (#2) please see http://openvpn.net/man#lbBD for more info or (#3) you can see http://www.secure-computing.net/wiki/index.php/OpenVPN/Firewall for pf or iptables 20:18 < krzee> Some_Person, however you want... ask a better question in order to get a better answer 20:18 < Some_Person> I'm setting up OpenVPN on a Xen VPS from scratch, and I've got what I think is a working server config, but I can't access the outside internet through OpenVPn 20:19 < krzee> !redirect 20:19 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns 20:19 < Some_Person> I didn't configure iptables or anything, so I'm guessing that's what I need to do 20:19 < krzee> !linipforward 20:19 <@vpnHelper> "linipforward" is (#1) echo 1 > /proc/sys/net/ipv4/ip_forward for a temp solution (til reboot) or set net.ipv4.ip_forward = 1 in sysctl.conf for perm solution or (#2) chmod +x /etc/rc.d/rc.ip_forward for perm solution in slackware 20:19 < krzee> !linnat 20:19 <@vpnHelper> "linnat" is (#1) for a basic iptables NAT where 10.8.0.x is the vpn network: iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE or (#2) to choose what IP address to NAT as, you can use iptables -t nat -I POSTROUTING -o eth0 -j SNAT --to or (#3) http://netfilter.org/documentation/HOWTO//NAT-HOWTO.html for more info or (#4) openvz see !openvzlinnat 20:19 < Some_Person> thanks 20:19 < krzee> !def1 20:19 <@vpnHelper> "def1" is (#1) used in redirect-gateway, Add the def1 flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. or (#2) please see --redirect-gateway in the man page ( !man ) to fully understand or (#3) push "redirect-gateway def1" 20:19 < krzee> np 20:19 < Some_Person> I've already done the redirect-gateway def1 thing 20:20 < Some_Person> Just need to do ipforward and nat 20:21 -!- fellayaboy [~mystik@unaffiliated/fellayaboy] has quit [Ping timeout: 244 seconds] 20:22 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Quit: UnterPerro] 20:26 < Some_Person> Thank you! It seems to be working 20:27 -!- Some_Person [~Some_Pers@unaffiliated/someperson/x-249303] has quit [Quit: ZNC - http://znc.sourceforge.net] 20:28 -!- Some_Person [~Some_Pers@unaffiliated/someperson/x-249303] has joined #openvpn 20:32 -!- krzee [nobody@openvpn/community/support/krzee] has quit [Remote host closed the connection] 20:32 -!- Some_Person [~Some_Pers@unaffiliated/someperson/x-249303] has left #openvpn [] 20:34 -!- fellayaboy [~mystik@pool-173-63-115-179.nwrknj.fios.verizon.net] has joined #openvpn 20:35 < fellayaboy> hi 20:36 -!- fellayaboy [~mystik@pool-173-63-115-179.nwrknj.fios.verizon.net] has quit [Changing host] 20:36 -!- fellayaboy [~mystik@unaffiliated/fellayaboy] has joined #openvpn 20:39 -!- JackyAlcine [~desktop@sii/jackyalcine] has quit [Remote host closed the connection] 20:41 -!- gremly [~gremly@186.28.114.124] has quit [Quit: WeeChat 0.3.6] 20:42 -!- Gravitron [~admin@64.93.225.62] has joined #openvpn 20:42 -!- Gravitron [~admin@64.93.225.62] has quit [Changing host] 20:42 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 20:45 -!- JPeterson [HydraIRC@s213-103-209-64.cust.tele2.se] has joined #openvpn 20:47 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Ping timeout: 260 seconds] 20:49 < fellayaboy> i have a vpn setup... and i get my nat from the vpn server so when i browse i use their public ip address...i connect to the net/vpn using the wireless portion of my pc...when im not conencted to vpn i can bridge to my wireless just by goign to network manager>edit connection>wired connection1> and changing method to shared to other computers..i tried doign this with openvpn connected but all i get is an APIPA address 169. 20:49 < fellayaboy> 254.9.129 how can i bridge this to work as it does without the vpn connection?? 20:49 < fellayaboy> comeon someone has to know or give me a hint 20:56 -!- JackyAlcine [~desktop@sii/jackyalcine] has joined #openvpn 20:59 -!- Gravitron [~admin@64.93.225.62] has joined #openvpn 20:59 -!- Gravitron [~admin@64.93.225.62] has quit [Changing host] 20:59 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 21:00 -!- JackyAlcine [~desktop@sii/jackyalcine] has quit [Read error: Connection reset by peer] 21:00 -!- JackyAlcine [~desktop@sii/jackyalcine] has joined #openvpn 21:04 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 21:05 -!- JackyAlcine [~desktop@sii/jackyalcine] has quit [Remote host closed the connection] 21:09 < rob0> I thought we already went through the talk about "you don't want bridging." 21:09 < rob0> I have no idea what your network manager thingy is doing and no interest in it. 21:10 < rob0> Maybe you just need to understand what bridging is? And in that, El Goog can be very helpful. 21:25 -!- fellayaboy [~mystik@unaffiliated/fellayaboy] has quit [Ping timeout: 244 seconds] 21:40 -!- flashuni [~textual@adsl-70-136-253-158.dsl.scrm01.sbcglobal.net] has joined #openvpn 21:41 < flashuni> Hey all! 21:41 < flashuni> I keep getting this error using openvpn on the client side for mac 21:41 < flashuni> Cannot allocate TUN/TAP dev dynamically 21:41 < flashuni> (using command line) 21:41 < flashuni> anyone else have this issue? 21:50 -!- flashuni [~textual@adsl-70-136-253-158.dsl.scrm01.sbcglobal.net] has quit [Read error: Connection reset by peer] 22:07 -!- RageCage [~RageCage@ssh.studentnatet.se] has quit [Ping timeout: 260 seconds] 22:23 -!- Transformer [~Transform@ool-4a59e397.dyn.optonline.net] has joined #openvpn 22:23 -!- Transformer [~Transform@ool-4a59e397.dyn.optonline.net] has quit [Excess Flood] 22:24 -!- gremly [~gremly@186.28.114.124] has joined #openvpn 22:29 -!- Gravitro_ [~admin@64.93.145.58] has joined #openvpn 22:30 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Ping timeout: 260 seconds] 22:32 -!- Gravitron [~admin@69.163.40.45] has joined #openvpn 22:32 -!- Gravitron [~admin@69.163.40.45] has quit [Changing host] 22:32 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 22:34 -!- Gravitro_ [~admin@64.93.145.58] has quit [Ping timeout: 256 seconds] 22:37 -!- gremly [~gremly@186.28.114.124] has quit [Quit: WeeChat 0.3.6] 23:02 -!- RageCage [~RageCage@ssh.studentnatet.se] has joined #openvpn 23:04 -!- Mowee [~Mowi@85.17.180.48] has quit [Excess Flood] 23:04 -!- Mowee [~Mowi@85.17.180.48] has joined #openvpn 23:05 -!- c1de0x [~c1de0x@208.111.44.254] has joined #openvpn 23:15 -!- notaHacker [~ath0@unaffiliated/ath0] has joined #openvpn 23:16 < notaHacker> !welcome 23:16 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 23:16 < notaHacker> lol 23:28 -!- Daskreech [~liveuser@katapult/ninja/daskreech] has joined #openvpn 23:28 -!- Daskreech [~liveuser@katapult/ninja/daskreech] has left #openvpn ["Konversation terminated!"] 23:33 < notaHacker> openvpn connects, completes initialization, then SOMETIMES works ONLY on whatever website happened to be loaded in firefox before starting openvpn -_- http://pastebin.com/bVwPxwvW 23:34 <+EugeneKay> DNS. 23:34 < notaHacker> What about it 23:34 < notaHacker> 0.o 23:34 <+EugeneKay> That's what's screwed up. 23:35 < notaHacker> >_< 23:35 < notaHacker> Why? 23:35 <+EugeneKay> You can't reach your ISP's local DNS servers because traffic is flowing via the redirect-gateway'ed VPN link 23:35 <+EugeneKay> If you're getting a DHCP server pushed to your client(I didn't even look at your pastebin, sorry), it isn't taking effect sporadically. 23:36 <+EugeneKay> Switch your OS away from the DHCP/ISP-provided dns servers to some public ones 23:36 <+EugeneKay> !dns 23:36 < notaHacker> But my VPN works great on windows 23:36 <@vpnHelper> "dns" is (#1) Level3 open recursive DNS server at 4.2.2.[1-6] or (#2) Google open recursive DNS server at 8.8.8.8 / 8.8.4.4 or (#3) you might be looking for !pushdns 23:36 <+EugeneKay> !pushdns 23:36 <@vpnHelper> "pushdns" is (#1) push "dhcp-option DNS a.b.c.d" to push dns to the client or (#2) http://thread.gmane.org/gmane.network.openvpn.user/25139/focus=25147 see that mail archive for some info on pushing dns or (#3) http://article.gmane.org/gmane.network.openvpn.user/25149 for a perm fix via regedit or (#4) in unix you'll use the update-resolv-conf script or (#5) also 23:36 <@vpnHelper> http://comments.gmane.org/gmane.network.openvpn.user/31975 reports --register-dns as fixing their problems pushing DNS to windows 7 23:37 <+EugeneKay> If you want to confirm it, try doing a nslookup when conencted to the VPN. 23:37 <+EugeneKay> Or post !logs from your client 23:37 <+EugeneKay> *full* logs 23:38 < notaHacker> What should I lookup...any thing or my assigned IP? 23:38 <+EugeneKay> somerandomdomainyoudonthavecacched.com 23:38 < notaHacker> lol 23:38 < notaHacker> brb 23:38 -!- notaHacker [~ath0@unaffiliated/ath0] has quit [Quit: OMGOMGOMG] 23:39 <@vpnHelper> RSS Update - forum: howto determine common_name of connecting Client 23:42 -!- fellayaboy [~mystik@unaffiliated/fellayaboy] has joined #openvpn 23:43 -!- notaHacker [~ath0@unaffiliated/ath0] has joined #openvpn 23:43 < notaHacker> EugeneKay: :) 23:44 < notaHacker> <3 23:44 < notaHacker> <3<3<3 23:44 < notaHacker> Thank you. 23:44 <+EugeneKay> !EugeneKay 23:44 <@vpnHelper> "EugeneKay" is right because EugeneKay is always right. 23:44 < notaHacker> I've been learning about MTU ALL fucking day. And it was DNS -_- 23:44 <+EugeneKay> The other option is to make !pushdns work, but 8.8.8.8 is dead easy. 23:44 <@vpnHelper> RSS Update - forum: howto know status of openvpn client ? 23:45 < notaHacker> I've always used 4.2.2.1 for public dns 23:45 -!- fellayaboy [~mystik@unaffiliated/fellayaboy] has quit [Quit: Leaving] 23:45 < notaHacker> I connected...did nslookup....I screamed....and then I just specified dns thru network manager lol 23:46 < rob0> Not a good idea. They have never closed that, but it is not specifically provided for anyone to use: they could cut off 4.2.2.x at any time. 23:46 <+EugeneKay> :-p 23:46 < rob0> Run your own resolver, or use Google's: safer. 23:46 < notaHacker> Well if they do I can remember 8.8.8.8 or .4.4 23:46 <+EugeneKay> I'm a fan of local resolvers - DNSSEC works. 23:47 < notaHacker> I'll look into that 23:47 < notaHacker> Thnx! 23:47 <+EugeneKay> Sure. 23:47 -!- notaHacker [~ath0@unaffiliated/ath0] has left #openvpn [] 23:47 < rob0> definitely, there is usually no benefit to using someone else's resolver. --- Day changed Tue Feb 07 2012 00:17 -!- krzee [nobody@66.11.114.212] has joined #openvpn 00:17 -!- krzee [nobody@66.11.114.212] has quit [Changing host] 00:17 -!- krzee [nobody@openvpn/community/support/krzee] has joined #openvpn 00:21 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 00:24 < tushar_openvpn> rob0: do you know how can i get status of client side i mean whether it is connected to server or connection failed ? 00:24 < tushar_openvpn> on server side i can determine using --status but that option is not giving any useful information on client side 00:24 <+EugeneKay> !management 00:25 <@vpnHelper> "management" is (#1) see http://openvpn.net/management for doc on management interface or (#2) read http://svn.openvpn.net/projects/openvpn/obsolete/BETA21-preauto/openvpn/management/management-notes.txt if you are a programmer making a GUI that will interact with OpenVPN 00:26 < tushar_openvpn> using that management can i able to display status on my GUI interface ? 00:27 < tushar_openvpn> i am trying to make a Kind of GUI Interface of openvpn so that client need not need to open and write in config , just use GUI and start openvpn tunnel 00:28 < krzee> read the link 00:28 <+EugeneKay> !read 00:28 <@vpnHelper> "read" is ive been known to overreact when people look for 2 minutes and ask me to explain it to them 00:29 < tushar_openvpn> okay okay I am reading it.. 00:32 < hyper_ch> hi krzee 01:09 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Quit: UnterPerro lives to save another day] 01:27 -!- tushar_openvpn [~tushar@115.118.161.163] has quit [Ping timeout: 240 seconds] 01:28 -!- tushar_openvpn [~tushar@115.118.161.163] has joined #openvpn 01:30 -!- `Ile` [~Ile@kaniserver.net] has joined #openvpn 01:35 -!- fellayaboy [~mystik@unaffiliated/fellayaboy] has joined #openvpn 01:42 -!- fellayaboy [~mystik@unaffiliated/fellayaboy] has quit [Quit: Leaving] 01:50 -!- offline_man [de5fa3de@gateway/web/freenode/ip.222.95.163.222] has joined #openvpn 01:55 -!- Denial [Denial@drgi.co.uk] has joined #openvpn 02:11 -!- SOG [~SOG@113.108.118.58] has joined #openvpn 02:15 -!- SOG [~SOG@113.108.118.58] has quit [Remote host closed the connection] 02:15 -!- Upgreydd [~chatzilla@83-145-170-32.cable-modem.tkk.net.pl] has joined #openvpn 02:20 < Upgreydd> hi all, i have a problem with my openvpn, here's my client log: http://pastebin.com/LxgkDvLw and client config: http://pastebin.com/4rAsz9J4 02:20 < Upgreydd> in server log i have no errors 02:20 <+EugeneKay> Bravo on the name, but we still need your server config/logs 02:21 < Upgreydd> EugeneKay: your'e talking to me? ;) 02:21 <+EugeneKay> And what, exactly, is the problem? 02:21 <+EugeneKay> No, to the couch :-p 02:22 <+EugeneKay> Also, can you grep out the comments from your configs? 02:22 <+EugeneKay> !configs 02:22 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries 02:23 -!- BoomSie_ [~gideon@dw77242112238.amsterdam-tc.dataweb.net] has joined #openvpn 02:27 -!- dazo_afk is now known as dazo 02:27 < Upgreydd> So let's start again. Here's my server config: http://pastebin.com/4YPB4qhk , client config: http://pastebin.com/2Ug0qGHX and client log: http://pastebin.com/ZkyEYKTs server openvpn log is empty 02:28 -!- oc80z [oc80z@blea.ch] has quit [Excess Flood] 02:28 < Upgreydd> When i'm trying to connect i'm stuck on this last lines in client log. OpenVPN gui is still "connecting" and is yellow 02:28 -!- oc80z [oc80z@blea.ch] has joined #openvpn 02:28 <+EugeneKay> Tue Feb 07 09:16:04 2012 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 02:28 <+EugeneKay> Firewall issue someplace. 02:30 < Upgreydd> in client i haven' 02:31 < Upgreydd> haven't firewall, i'll check the server 02:32 -!- rickuz [~rickuz@82.113.121.235] has joined #openvpn 02:33 < Upgreydd> here's my iptables -L http://pastebin.com/wZhVdfqU 02:33 -!- emmanuelux [~emmanuel@2a01:e35:2e4d:9010:21d:60ff:fe0e:b818] has joined #openvpn 02:34 < Upgreydd> EugeneKay: i don't know what's wrong here :/ 02:34 < Upgreydd> ACCEPT tcp -- anywhere anywhere tcp dpt:openvpn 02:34 < Upgreydd> ACCEPT udp -- anywhere anywhere udp dpt:openvpn 02:34 < Upgreydd> i think that's allright 02:34 -!- vpopov [~happylife@dyn-51-18.fttbee.kis.ru] has joined #openvpn 02:34 <+EugeneKay> Oh herp 02:34 <+EugeneKay> Tue Feb 07 09:16:04 2012 TLS Error: TLS handshake failed 02:35 <+EugeneKay> My mistake, firewall is fine. It's a TLS issue. Check your PKI. 02:35 < Upgreydd> PKI? what do you mean? 02:35 <+EugeneKay> the certs 02:35 < Upgreydd> Public Key Infrastructure? 02:35 <+EugeneKay> Yah 02:37 < Upgreydd> i don't know how to check/repair that :P 02:37 <+EugeneKay> Off hand, me neither. 02:40 <+EugeneKay> In any case, I am le tired, and going to bed. 02:40 <+EugeneKay> Sorry I can't be more help 02:40 <+EugeneKay> Keep it pimpin' 02:40 <@dazo> Upgreydd: check that the certificates have not expired (openssl x509 -noout -text -in ) .... and make sure clocks are sensible on both sides 02:41 <@dazo> if certs have expired, you need to issue new certificates 02:45 <+EugeneKay> Or do the time warp again 02:51 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 02:54 -!- Azrael808 [~peter@cpc17-walt12-2-0-cust657.13-2.cable.virginmedia.com] has joined #openvpn 02:54 -!- emmanuelux [~emmanuel@2a01:e35:2e4d:9010:21d:60ff:fe0e:b818] has quit [Quit: @+] 02:56 -!- emmanuelux [~emmanuel@2a01:e35:2e4d:9010:21d:60ff:fe0e:b818] has joined #openvpn 03:00 -!- offline_man [de5fa3de@gateway/web/freenode/ip.222.95.163.222] has quit [Ping timeout: 245 seconds] 03:04 -!- mattock [~samuli@openvpn/corp/admin/mattock] has joined #openvpn 03:04 -!- mode/#openvpn [+o mattock] by ChanServ 03:05 < Upgreydd> dazo thx 03:09 -!- Upgreydd [~chatzilla@83-145-170-32.cable-modem.tkk.net.pl] has quit [Quit: ChatZilla 0.9.88 [Firefox 10.0/20120129021758]] 03:26 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 03:36 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 03:41 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 03:44 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Excess Flood] 03:44 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 03:51 < tushar_openvpn> EugeneKay: i read link you gv me ,,but i didn't get howto control that management on GUI ,searched google but didnt got any such document that explain howto use that on GUI interface,, i tried telnet localhost on mangement port and its working fine 03:51 < tushar_openvpn> but howto display that all options on GUI ? & is it only way to get client-status whether it is connected or not ? 03:52 <@vpnHelper> RSS Update - forum: Cant Access Client Network From OpenVPN Server 03:54 -!- tushar_openvpn is now known as tusharsharma 03:57 <@vpnHelper> RSS Update - forum: howto determine common_name of connecting Client || howto know status of openvpn client ? || VPN up, routing looks good but packets vanishing || [SOLVED] - VPN Server Traffic still routes via ISP 04:04 <@vpnHelper> RSS Update - forum: [SOLVED] Fully routed and partially routed connection profil 04:04 -!- dropje [~yge@ip4da6274e.direct-adsl.nl] has joined #openvpn 04:10 <@vpnHelper> RSS Update - forum: A Little help Regarding lport and ICMP! 04:19 <@dazo> tusharsharma: did you try to do 'help' when telnetting into the management interface? 04:25 -!- noisebleed [~quassel@lula.inescn.pt] has joined #openvpn 04:25 -!- noisebleed [~quassel@lula.inescn.pt] has quit [Changing host] 04:25 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has joined #openvpn 04:28 <@vpnHelper> RSS Update - forum: pfsense to tomato OpenVPN - ping one direction only. 04:32 -!- janjust [~janjust@ardeche.nikhef.nl] has joined #openvpn 04:32 -!- janjust [~janjust@ardeche.nikhef.nl] has quit [Changing host] 04:32 -!- janjust [~janjust@openvpn/community/support/janjust] has joined #openvpn 04:33 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 04:39 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 04:44 <@vpnHelper> RSS Update - forum: Connect Virtual dos mach. by VPN via remote pc to dos hub 04:49 -!- rickuz [~rickuz@82.113.121.235] has quit [Quit: Leaving.] 04:49 -!- rickuz [~rickuz@82.113.121.235] has joined #openvpn 04:56 <@vpnHelper> RSS Update - forum: cannot reach client from server || pfsense to tomato OpenVPN - ping one direction only. 05:16 -!- Olipro_ [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn 05:18 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has quit [Ping timeout: 272 seconds] 05:18 -!- Olipro_ is now known as Olipro 05:19 -!- Upgreydd [~chatzilla@83-145-170-32.cable-modem.tkk.net.pl] has joined #openvpn 05:19 < tusharsharma> dazo: i did telneting and got whatever i want i mean status logs and all 05:19 < tusharsharma> but thing is i want to display status of connecting client on kind of GUI I am designing 05:20 < Upgreydd> That's me again. Here's my server config: http://pastebin.com/4YPB4qhk , client config: http://pastebin.com/2Ug0qGHX and client log: http://pastebin.com/ZkyEYKTs server openvpn log is empty. I've generated new certificates, copied and the same error. I have no firewall on client PC and opened openvpn ports in iptables, any idea what i can check else? 05:21 <@dazo> tusharsharma: then your GUI needs to establish a TCP connection to the management interface, send the command you want ... and then read back what the TCP socket returns ... it's that simple 05:21 <@dazo> the data returned, is the data you want to format/parse/display 05:21 < tusharsharma> okay i got that 05:22 -!- rickuz1 [~rickuz@89.204.153.57] has joined #openvpn 05:22 <@dazo> Upgreydd: the server log should not be empty ... then you're doing something wrong 05:22 < tusharsharma> dazo: i realize while typing thanks 05:22 -!- rickuz [~rickuz@82.113.121.235] has quit [Ping timeout: 276 seconds] 05:22 < janjust> Upgreydd: the client log mentions "Tue Feb 07 09:26:24 2012 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)" 05:22 < janjust> either the server is blocking access via a firewall or the server is not running at all 05:23 < krzee> !timeout 05:23 <@vpnHelper> "timeout" is if you see TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) then your problem is likely one of the following: either the server isnt running, your client is connecting to the wrong ip/port/protocol, the server's firewall/nat has an issue, or the client's isp blocks it 05:23 < Upgreydd> server is running as a daemon, in firewall i have something like that: 05:23 < Upgreydd> ACCEPT tcp -- anywhere anywhere tcp dpt:openvpn 05:23 < janjust> and, as dazo says, the server log should NOT be empty (add 'log-append /var/log/openvpn.log' to the server config) 05:23 < Upgreydd> ACCEPT udp -- anywhere anywhere udp dpt:openvpn 05:26 < Upgreydd> janjust: thx, here's server log verb 3: http://pastebin.com/DHMT3VaJ 05:26 < janjust> Upgreydd: that's a server log from the future (6 mins ahead) ;) 05:27 < janjust> other than that: the server is just sitting there waiting for incoming connections 05:27 < krzee> and use verb 5 for now 05:28 < tusharsharma> janjust: you replied on forum about -client-connect script : echo "iroute " >> $1 05:28 < janjust> tusharsharma: yep 05:28 < Upgreydd> http://pastebin.com/YhjSghzz iptables 05:28 < tusharsharma> but change for every connecting client 05:28 < tusharsharma> so how do i be able to manage that 05:28 < krzee> check which client is connecting 05:29 < janjust> tusharsharma: this network and netmask should be matched against the common_name of the connecting client 05:29 < Upgreydd> janjust in iptables i have opened ports, in client i haven't firewall, but i'm in NAT 05:30 < janjust> Upgreydd: plz post 'iptables -L -n -v' instead - it will show how many packets were actually ACCEPTed by the dpt:openvpn rules 05:31 < tusharsharma> janjust: i didn't actually get suppose one client has of 192.168.2.0 with common name vpn-client1 and other comes up with subnet 192.168.3.0 with common name vpn-client2 05:31 < janjust> tusharsharma: so something like "if [ "$common_name" = "client1" ] ; then echo "iroute " >> $1 " etc 05:31 < krzee> or a case statement 05:31 < Upgreydd> janjust: http://pastebin.com/n6Hgj0ka here 05:32 < tusharsharma> but I dont know common_name of connecting client in advance and client common_name with subnet mapping ? 05:32 < janjust> Upgreydd: so a few packets are seen by the UDP:1194 rule - try connecting the client again 05:32 < krzee> tusharsharma, http://wiki.bash-hackers.org/syntax/ccmd/case 05:32 <@vpnHelper> Title: The case statement [Bash Hackers Wiki] (at wiki.bash-hackers.org) 05:32 < janjust> tusharsharma: if you don't know which client should have which 'iroute' associated with it then nobody knows 05:33 < janjust> tusharsharma: the client cannot tell the VPN server : heey I'm vpn-clientX and I have subnet Y behind me 05:33 < janjust> that is simply not supported 05:34 < tusharsharma> i know which client have which subnet but that client might come up with different certificate with different common_name 05:34 < krzee> different cert = different computer 05:34 -!- Upgreydd_ [~chatzilla@83-145-170-32.cable-modem.tkk.net.pl] has joined #openvpn 05:34 < janjust> you can only map a certificate to a subnet 05:34 < krzee> or at least it should 05:35 < Upgreydd_> janjust: the same error "TLS Error: TLS handshake failed" here is my server log with verb 5: http://pastebin.com/WnFTTESv 05:35 < janjust> Upgreydd: this is a good hint: Auth Username/Password was not provided by peer 05:35 < janjust> did you specify 'auth-user-pass' on the client side? 05:38 -!- Upgreydd [~chatzilla@83-145-170-32.cable-modem.tkk.net.pl] has quit [Ping timeout: 252 seconds] 05:38 < janjust> BTW: krzee: yo , whassup dude! too bad you couldn't make it to FOSDEM last weekend ;) 05:38 -!- Upgreydd_ is now known as Upgreydd 05:38 < krzee> hey jan! ya that would have been awesome 05:39 < krzee> im even on vacation, but wrong side of earth 05:39 < krzee> in california 05:39 < janjust> also, too bad that mattock didn't bring the openvpn t shirts ;) 05:39 < krzee> ooo theres shirts now!? 05:39 * janjust heard rumors about t shirts 05:40 < krzee> ya i vaguely remember talk 05:40 < janjust> kewl dude, what's the weather like in california 05:40 < krzee> weather is great 05:40 < janjust> it's too frigging cold here 05:40 < krzee> lil colder than im used to in the caribbean, but nice 05:40 < Upgreydd> janjust: no, i haven't 05:40 < krzee> oh haha i guess i shouldnt complain ;] 05:40 < Upgreydd> what pass i suppose to add in my client config? to my ssh account? 05:41 < janjust> Upgreydd: your server config uses an auth plugin "plugin /usr/lib/openvpn/openvpn-auth-pam.so login" 05:41 < janjust> Upgreydd: if you use this then the client needs to supply a username+password 05:41 < janjust> if you're not using this plugin (yet), then comment it out in the server config file, restart the openvpn server process and try connecting again 05:42 < Upgreydd> janjust: other users are using this server too, i'm only a user with admin rights ;) 05:43 < janjust> hehe krzee : nope, you shouldn't complain; I was in Brazil until about 2 weeks ago: 86 degrees (F) ; then I go home, and Wham! 20/30's F 05:43 < Upgreydd> janjust: someone configured this openvpn before me, so i need to use this configuration 05:43 < krzee> mmmm brazil 05:43 < krzee> im jealous 05:43 < krzee> im headed to egypt next month 05:43 < janjust> Upgreydd: in that case, use 'auth-user-pass' on the client and supply the username+password that you use to log in on the VPN server with 05:43 < krzee> i wanna go to brazil too, need to look into a visa 05:44 < janjust> visa? for brazil? I can get in 90 days without one 05:44 < Upgreydd> janjust: can you show me an example of auth-user-pass? 05:44 < janjust> Upgreydd: just add 'auth-user-pass' to the client config, reconnect (on the commandline) and you'll be asked for a username+password 05:45 < krzee> ya im on usa passport 05:45 < tusharsharma> janjust: krzee : so i must know in advance common_name & subnet mapping then that is not as same as configurring iroute in ccd/common_name then what is difference between statically configuring and configuring dynamically using --client-script? 05:45 < krzee> because usa requires them to get a visa, they require usa people too 05:45 < janjust> hehe yeah and in Brazil they've got this mantra: do unto others as they do unto you 05:45 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 240 seconds] 05:45 < krzee> tusharsharma, basically the same, different way to do it 05:45 < krzee> you could have a database use a script 05:46 < krzee> instead of flat files 05:46 < janjust> tusharsharma: a ccd/common_name file does exactly the same as a script which dynamically matches the common_name to an iroute 05:46 < Upgreydd> janjust: Tue Feb 07 12:45:40 2012 TAP-Win32 adapter 'TAP' not found 05:47 < janjust> Upgreydd: comment out 'dev-node TAP' in the client config and reconnect 05:47 < tusharsharma> in --client-connect script that matching is done using switch case or using conditional statements run time and and also in ccd/common_name it checks during runtime 05:47 < janjust> tusharsharma: yep 05:48 -!- Upgreydd_ [~chatzilla@ns356890.ovh.net] has joined #openvpn 05:48 < Upgreydd_> janjust: connected :] thankyou :D 05:48 < janjust> great to hear that Upgreydd 05:49 < Upgreydd_> janjust: one more thing, is there a way to pass auth-user-pass automatically? 05:49 < janjust> depends on how the client is built, Upgreydd 05:50 < krzee> !pwfile 05:50 <@vpnHelper> "pwfile" is (#1) OpenVPN will only read passwords from a file if it has been built with the --enable-password-save configure option, or on Windows by defining ENABLE_PASSWORD_SAVE in config-win32.h or (#2) see --auth-user-pass in the manual (!man) for more info or (#3) if you're using this with the windows service, you will need --askpass 05:50 < krzee> but if you are doing that, why use passwords? 05:50 < krzee> certs are much better for that 05:50 < janjust> if it is enabled , you can use 'auth-user-pass ' BUT it will store your username+password in plaintext on the client 05:50 < Upgreydd_> as i said, another user configured this openvpn i'm only a user of this openvpn ;) 05:51 < krzee> oh i see, in that case you may wanna be a good user and see what the admin thinks of you storing your login and password in cleartext on the client machine 05:51 < krzee> ;] 05:52 < Upgreydd_> this server is only a storage, nothing special is there :p 05:52 -!- Upgreydd [~chatzilla@83-145-170-32.cable-modem.tkk.net.pl] has quit [Ping timeout: 260 seconds] 05:53 -!- Upgreydd [~chatzilla@83-145-170-32.cable-modem.tkk.net.pl] has joined #openvpn 05:54 -!- vpopov [~happylife@dyn-51-18.fttbee.kis.ru] has quit [Ping timeout: 265 seconds] 05:55 -!- rickuz1 [~rickuz@89.204.153.57] has quit [Quit: Leaving.] 05:56 -!- Araluccl0 [~lallo@151.77.170.15] has quit [Quit: Anche il discorsismo ha un limitismo.] 05:56 -!- Araluccl0 [~lallo@151.77.170.15] has joined #openvpn 05:57 -!- Upgreydd_ [~chatzilla@ns356890.ovh.net] has quit [Ping timeout: 260 seconds] 06:00 -!- Upgreydd [~chatzilla@83-145-170-32.cable-modem.tkk.net.pl] has quit [Ping timeout: 272 seconds] 06:01 -!- Upgreydd [~chatzilla@ns356890.ovh.net] has joined #openvpn 06:02 < Upgreydd> janjust: i've disconnected. TY for all, i have once more question, can i? 06:02 < janjust> you can always ask, whether you'll get an answer ..... 06:02 -!- vpopov [~happylife@dyn-51-18.fttbee.kis.ru] has joined #openvpn 06:03 < Upgreydd> is there a way to use another port in openvpn with TOR? when i connect to my openvpn on port 1234 i have standard openvpn and when i connect to another port 4321 i have openvpn with tor proxy :> 06:04 < janjust> Upgreydd: what does tor proxy mean in this case? an HTTP proxy for the client side? 06:06 < Upgreydd> client connect to server via VPN and server connect to TOR network, that can be socks proxy or http proxy, but i wanna have both connections, with vpn only and with proxy 06:07 < janjust> that's a server side thing, Upgreydd, that has little to do with openvpn 06:07 < Upgreydd> i have configured tor client in my server, but i'm thinking about running two configurations of openVPN on one machine 06:08 < janjust> if you have 2 openvpn instances running on the server you could use iptables/routing to make 'tun0' go out directly onto the internet, and 'tun1' via an HTTP/SOCKS proxy 06:08 < janjust> but, as I said, that has little to do with openvpn 06:08 < Upgreydd> ok, i'll read about this meybe you have some articles about that? 06:09 < janjust> Upgreydd: nope, use YourFavouriteSearchEngine 06:09 * janjust is out for lunch 06:09 < janjust> bye y'all 06:09 -!- janjust [~janjust@openvpn/community/support/janjust] has quit [Quit: Leaving] 06:09 < Upgreydd> ok :] cy'a guys thx a lot :] 06:09 -!- Upgreydd [~chatzilla@ns356890.ovh.net] has quit [Quit: ChatZilla 0.9.88 [Firefox 10.0/20120129021758]] 06:10 -!- vpopov [~happylife@dyn-51-18.fttbee.kis.ru] has quit [Ping timeout: 252 seconds] 06:12 -!- kyrix [~ashley@27.Red-88-8-31.dynamicIP.rima-tde.net] has joined #openvpn 06:26 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Read error: Operation timed out] 06:26 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 06:28 < tusharsharma> krzee: is it possible to map username of pam with subnet and then adding iroute accordingly 06:28 < Olipro> sounds like something LDAP would be better suited to 06:32 -!- ravel_exe [ravel_exe@175.142.201.214] has joined #openvpn 06:34 <@dazo> Olipro: you mean configure PAM with LDAP and an --up script to run ldapsearch to extract the subnet for the dynamic config? 06:35 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has joined #openvpn 06:49 < rob0> dazo, are you the easy-rsa maintainer? 06:50 <@dazo> rob0: no, I wouldn't really say so .... would you like to become one? ;-) 06:51 < rob0> heh ... not sure I have enough aspirin 06:51 <@dazo> LOL 06:53 < rob0> I think I ended up figuring out what I needed anyway ... req(1) with -subj to be able to generate a CSR without prompting 06:53 <@dazo> if you have some neat patches for it, I'm all for improving what can be improved 06:53 < rob0> so whilst you were out enjoying Belgian beer and fellow geeks, I was ... enjoying openssl man pages. 06:54 * dazo pats rob0 on his back, saying: Good geek, good geek! 06:57 -!- BoomSie_ [~gideon@dw77242112238.amsterdam-tc.dataweb.net] has quit [Quit: Ex-Chat] 06:58 -!- rickuz [~rickuz@p5DC45693.dip.t-dialin.net] has joined #openvpn 07:01 < Olipro> dazo: yep, that works 07:01 < Olipro> ...or does it, how can an up script get iroute(s) added? 07:04 <@dazo> Olipro: --client-connect I meant ... that can create dynamic client config's on-the-fly by writing the config options to $1 07:04 <@vpnHelper> RSS Update - forum: cannot reach client from server 07:04 < Olipro> mmm, that'd do the trick nicely 07:04 <@dazo> tusharsharma: ^^^ see discussion between me and Olipro 07:05 -!- MarKsaitis [~MarKsaiti@88.96.60.78] has joined #openvpn 07:34 -!- cjs226 [~cjs226@99-61-65-242.lightspeed.austtx.sbcglobal.net] has joined #openvpn 07:45 -!- gremly [~gremly@186.28.114.124] has joined #openvpn 07:49 < tekzilla> when pushing a DNS server from the OpenVPN server, will that replace any existing DNS servers on the client side ? 07:50 -!- gremly [~gremly@186.28.114.124] has quit [Ping timeout: 245 seconds] 07:52 < tusharsharma> i have done it using username-as-common-name and adding iroute using username and i know in advance username and subnet mapping 07:52 < ecrist> easy-rsa sucks balls 07:52 < ecrist> just sayin' 07:52 < tusharsharma> so it is required to have mapping of either common_name & subnet or username & subnet 07:53 < rob0> ecrist, :) 07:54 < ecrist> rob0: it's why I wrote ssl-admin 07:54 * rob0 will look at that, thanks 07:56 -!- MarKsaitis [~MarKsaiti@88.96.60.78] has quit [Quit: Leaving] 07:59 <@vpnHelper> RSS Update - forum: howto know status of openvpn client ? || howto determine common_name of connecting Client || Configuring Mac OSX Lion as a bridge server 08:03 -!- gremly_ [~gremly@186.28.53.233] has joined #openvpn 08:03 -!- gremly_ [~gremly@186.28.53.233] has quit [Client Quit] 08:04 < ecrist> !ssl-admin 08:04 <@vpnHelper> "ssl-admin" is (#1) if you use freebsd, it is in ports or (#2) svn co https://www.secure-computing.net/svn/trunk/ssl-admin to grab it from svn or (#3) A perl script for managing SSL certificates (being a CA). Makes a good replacement for easy-rsa 08:04 <@vpnHelper> RSS Update - forum: howto determine common_name of connecting Client 08:09 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has joined #openvpn 08:09 -!- vpopov [~happylife@dyn-51-18.fttbee.kis.ru] has joined #openvpn 08:11 -!- vpopov [~happylife@dyn-51-18.fttbee.kis.ru] has quit [Remote host closed the connection] 08:23 -!- rickuz1 [~rickuz@p5DC45693.dip.t-dialin.net] has joined #openvpn 08:24 -!- rickuz [~rickuz@p5DC45693.dip.t-dialin.net] has quit [Ping timeout: 248 seconds] 08:26 -!- ravel_exe [ravel_exe@175.142.201.214] has quit [] 08:33 -!- rickuz [~rickuz@89.204.130.195] has joined #openvpn 08:35 -!- rickuz1 [~rickuz@p5DC45693.dip.t-dialin.net] has quit [Ping timeout: 245 seconds] 08:48 -!- ravel_exe [ravel_exe@175.142.201.214] has joined #openvpn 08:51 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has quit [Quit: Leaving.] 08:53 -!- rickuz1 [~rickuz@p5DC45693.dip.t-dialin.net] has joined #openvpn 08:55 -!- rickuz [~rickuz@89.204.130.195] has quit [Ping timeout: 260 seconds] 08:57 <@vpnHelper> RSS Update - forum: VPN up, routing looks good but packets vanishing 08:59 -!- rickuz1 [~rickuz@p5DC45693.dip.t-dialin.net] has quit [Ping timeout: 244 seconds] 09:02 -!- kyrix [~ashley@27.Red-88-8-31.dynamicIP.rima-tde.net] has quit [Quit: Ex-Chat] 09:05 -!- spacedust [~info@unaffiliated/cosmicblue] has joined #openvpn 09:05 < spacedust> hi 09:05 < spacedust> can i upgrade my openvpn-s rsa key from 1024 to 2048 ? 09:05 < spacedust> what would i need to change ? 09:13 <@dazo> spacedust: you'll need to generate a new certificate then, but if signed by the same CA, that shouldn't cause any issues 09:18 -!- arosen [~arosen@130.127.62.3] has quit [Ping timeout: 260 seconds] 09:18 -!- arosen [~arosen@130.127.62.3] has joined #openvpn 09:20 -!- bjorneven [~quassel@122.85-200-248.bkkb.no] has joined #openvpn 09:30 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Quit: Textual IRC Client: http://www.textualapp.com/] 09:30 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has joined #openvpn 09:33 <@vpnHelper> RSS Update - forum: A Little help Regarding lport and ICMP! 09:33 -!- mgorbach [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has quit [Read error: Connection reset by peer] 09:34 -!- zz_mgorbach [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has joined #openvpn 09:34 -!- zz_mgorbach is now known as mgorbach 09:35 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 09:36 -!- `Ile` [~Ile@kaniserver.net] has quit [Quit: KVIrc 4.1.3 Equilibrium http://www.kvirc.net/] 09:36 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 09:37 -!- JackWinter [~jack@ppp-289.vo.lu] has quit [Remote host closed the connection] 09:38 -!- JackWinter [~jack@ppp-289.vo.lu] has joined #openvpn 09:39 -!- JackyAlcine [~desktop@sii/jackyalcine] has joined #openvpn 09:41 -!- JackyAlcine [~desktop@sii/jackyalcine] has quit [Excess Flood] 09:41 -!- JackyAlcine [~desktop@sii/jackyalcine] has joined #openvpn 09:44 -!- rickuz [~rickuz@77-20-67-25-dynip.superkabel.de] has joined #openvpn 09:45 -!- rickuz [~rickuz@77-20-67-25-dynip.superkabel.de] has quit [Client Quit] 09:45 -!- bjorneven_ [~quassel@122.85-200-248.bkkb.no] has joined #openvpn 09:46 -!- bjorneven [~quassel@122.85-200-248.bkkb.no] has quit [Ping timeout: 240 seconds] 09:46 -!- JackyAlcine [~desktop@sii/jackyalcine] has quit [Remote host closed the connection] 09:49 -!- mgorbach [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has quit [Read error: Connection reset by peer] 09:50 -!- zz_mgorbach [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has joined #openvpn 09:50 -!- zz_mgorbach is now known as mgorbach 09:57 -!- Gravitron [~admin@64.93.145.58] has joined #openvpn 09:57 -!- Gravitron [~admin@64.93.145.58] has quit [Changing host] 09:57 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 09:58 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 09:59 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has quit [Ping timeout: 252 seconds] 09:59 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has joined #openvpn 10:01 -!- Gravitro_ [~admin@69.163.40.45] has joined #openvpn 10:01 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Ping timeout: 245 seconds] 10:03 -!- bjorneven_ is now known as bjorneven 10:06 -!- S1lv3R [NoMail@178-83-34-83.dynamic.hispeed.ch] has quit [Read error: Connection reset by peer] 10:06 -!- S1lv3R [NoMail@178-83-34-83.dynamic.hispeed.ch] has joined #openvpn 10:13 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 10:18 -!- gianfx [~gianfx@host16-248-dynamic.12-79-r.retail.telecomitalia.it] has joined #openvpn 10:24 -!- Guest41768 [~desktop@ool-457388c5.dyn.optonline.net] has joined #openvpn 10:25 -!- Guest41768 [~desktop@ool-457388c5.dyn.optonline.net] has quit [Remote host closed the connection] 10:26 -!- JackyAlcine_ [~desktop@sii/jackyalcine] has joined #openvpn 10:28 -!- oc80z [oc80z@blea.ch] has quit [Changing host] 10:28 -!- oc80z [oc80z@openvpn/user/oc80z] has joined #openvpn 10:30 -!- JackyAlcine_ [~desktop@sii/jackyalcine] has quit [Remote host closed the connection] 10:35 -!- JackyAlcine_ [~desktop@sii/jackyalcine] has joined #openvpn 10:37 -!- rickuz [~rickuz@77-21-40-158-dynip.superkabel.de] has joined #openvpn 10:38 -!- JackyAlcine_ [~desktop@sii/jackyalcine] has quit [Remote host closed the connection] 10:42 -!- JackyAlcine_ [~desktop@sii/jackyalcine] has joined #openvpn 10:51 -!- JackyAlcine_ [~desktop@sii/jackyalcine] has quit [Remote host closed the connection] 10:51 <@vpnHelper> RSS Update - forum: Official Android App 10:53 -!- Gravitro_ [~admin@69.163.40.45] has quit [Quit: Textual IRC Client: http://www.textualapp.com/] 10:58 -!- totalizator [~totalizat@89-76-212-31.dynamic.chello.pl] has joined #openvpn 11:01 < totalizator> hi, my server log is flooded with "Inactivity timeout (--ping-restart), restarting" and it's doing it every minute (without client connected); is this normal? 11:04 -!- dkr [~dkr@67.132.255.16] has quit [Quit: Leaving] 11:28 -!- dropje [~yge@ip4da6274e.direct-adsl.nl] has quit [Quit: leaving] 11:33 -!- vpopov [~happylife@dyn-51-18.fttbee.kis.ru] has joined #openvpn 11:35 -!- vpopov [~happylife@dyn-51-18.fttbee.kis.ru] has quit [Remote host closed the connection] 11:40 -!- mgorbach is now known as zz_mgorbach 11:44 -!- krzee [nobody@openvpn/community/support/krzee] has quit [Quit: This computer has gone to sleep] 11:51 -!- gianfx [~gianfx@host16-248-dynamic.12-79-r.retail.telecomitalia.it] has quit [Quit: Sto andando via] 11:51 -!- cm_ [cm@cm.andrexen.com] has joined #openvpn 12:00 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has quit [Ping timeout: 276 seconds] 12:12 < totalizator> ok, I've added "ping-timer-rem" 12:21 -!- dren [Bob@cpe-67-253-125-80.maine.res.rr.com] has joined #openvpn 12:22 -!- ravel_exe [ravel_exe@175.142.201.214] has quit [] 12:24 -!- JPeterson [HydraIRC@s213-103-209-64.cust.tele2.se] has quit [Read error: Connection reset by peer] 12:25 -!- JPeterson [HydraIRC@s213-103-209-64.cust.tele2.se] has joined #openvpn 12:26 -!- vpopov [~happylife@dyn-51-18.fttbee.kis.ru] has joined #openvpn 12:32 -!- vpopov [~happylife@dyn-51-18.fttbee.kis.ru] has quit [Ping timeout: 265 seconds] 12:32 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has quit [Ping timeout: 276 seconds] 13:01 -!- zz_mgorbach [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has quit [Ping timeout: 276 seconds] 13:07 -!- MeanderingCode_ [~Meanderin@75-173-19-88.albq.qwest.net] has joined #openvpn 13:08 -!- MeanderingCode [~Meanderin@97-123-11-232.albq.qwest.net] has quit [Ping timeout: 276 seconds] 13:10 -!- zz_mgorbach [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has joined #openvpn 13:10 -!- zz_mgorbach is now known as mgorbach 13:25 -!- mgorbach [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has quit [Ping timeout: 245 seconds] 13:28 -!- dazo is now known as dazo_afk 13:30 -!- zz_mgorbach [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has joined #openvpn 13:30 -!- zz_mgorbach is now known as mgorbach 13:38 -!- dren [Bob@cpe-67-253-125-80.maine.res.rr.com] has quit [Quit: envision the unimaginable :[im]] 13:38 -!- dren_ [~chatzilla@cpe-67-253-125-80.maine.res.rr.com] has joined #openvpn 13:39 -!- dren_ is now known as dren 13:50 -!- ironman__ is now known as lakewood 13:51 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has quit [] 14:18 -!- dkr [~dkr@67.132.255.16] has joined #openvpn 14:27 < spacedust> if i want to switch from rsa 1024 to rsa 2048 then what certificates / keys do i need to regenerate ? 14:28 -!- JackyAlcine [~desktop@sii/jackyalcine] has joined #openvpn 14:28 < hyper_ch> all? 14:28 < hyper_ch> why not to 4096? 14:30 -!- aufwl [32249ce2@gateway/web/freenode/ip.50.36.156.226] has quit [Ping timeout: 245 seconds] 14:31 -!- nonotza [~nonotza@50-57-234-249.static.cloud-ips.com] has joined #openvpn 14:33 -!- JackyAlcine [~desktop@sii/jackyalcine] has quit [Read error: Connection reset by peer] 14:34 -!- JackyAlcine [~desktop@sii/jackyalcine] has joined #openvpn 14:37 -!- MarKsaitis [~MarKsaiti@cpc4-rdng22-2-0-cust932.15-3.cable.virginmedia.com] has joined #openvpn 14:49 -!- JackyAlcine [~desktop@sii/jackyalcine] has quit [Remote host closed the connection] 15:01 < wizoz> Hi guys. I would appricate some help. I've created a site-2-site tunnel using tun-interface. (server: 10.0.0.1, client: 10.0.0.2). When tunnels are started, I can ping the endpoint (10.0.0.1) from the client - but not the other way around. 15:02 < wizoz> I'm forwarding traffic from br0 to tun0 and tun0 to br0 on the client, and eth0 to tun0 and tun0 to eth0 on the server. 15:02 < wizoz> I do not see what I'm missing. 15:03 < ecrist> !/30 15:03 <@vpnHelper> "/30" is (#1) http://openvpn.net/index.php/open-source/faq/77-server/273-qifconfig-poolq-option-use-a-30-subnet-4-private-ip-addresses-per-client-when-used-in-tun-mode.html (sorry for the long link, they wont fix the anchors) explains why routed clients each use 4 ips or (#2) you can avoid this behavior by reading !topology or (#3) so by default, first client is .6, then .10 .14 .18 etc etc or (#4) use 15:03 <@vpnHelper> openvpn --show-valid-subnets to see the subnets you can use in net30 15:04 < wizoz> ecrist: Was what addressed to me? 15:04 < ecrist> yes 15:04 < wizoz> I will read up on it. 15:05 < wizoz> Does that seems to be my issue, clarified above? 15:05 < ecrist> yes 15:05 < ecrist> otherwise, why would I post it? 15:05 < wizoz> You're on a drug which makes you post random links ;) 15:05 < wizoz> Thanks. :) 15:05 < hyper_ch> ecrist: is dazo_afk still laying drunk around in bruxelles? 15:06 < wizoz> ecrist: It seems to apply to Windows. Both server and client are running linux. 15:06 < ecrist> wizoz: try reading, please 15:06 < wizoz> will do. 15:09 < wizoz> ecrist: Ah. thanks. 15:09 -!- JackyAlcine [~desktop@sii/jackyalcine] has joined #openvpn 15:12 < wizoz> This is however wierd. This where working fine yesterday, where both the server and the client (and the client client's (NAT) could both ping and reach 10.0.0.1 ) 15:12 < wizoz> Cannot see what I've done different. 15:13 -!- oc80z [oc80z@openvpn/user/oc80z] has quit [Excess Flood] 15:13 -!- [1]SigmaProjects [~SigmaProj@cpe-66-74-191-116.socal.res.rr.com] has joined #openvpn 15:13 -!- JackyAlcine [~desktop@sii/jackyalcine] has quit [Remote host closed the connection] 15:14 -!- oc80z [oc80z@blea.ch] has joined #openvpn 15:17 -!- SigmaProjects [~SigmaProj@cpe-66-74-191-116.socal.res.rr.com] has quit [Ping timeout: 272 seconds] 15:17 -!- [1]SigmaProjects is now known as SigmaProjects 15:22 -!- JackyAlcine_ [~desktop@sii/jackyalcine] has joined #openvpn 15:22 < spacedust> hyper_ch: are you joking with the 4096 ? :) 15:23 < spacedust> hyper_ch: and all as in from server.crt to client.key ? all ? or ca.crt also and dh and ta ? 15:23 -!- JackyAlcine_ [~desktop@sii/jackyalcine] has quit [Read error: Connection reset by peer] 15:24 < hyper_ch> does rsa even support 4096? 15:25 -!- JackyAlcine [~desktop@sii/jackyalcine] has joined #openvpn 15:43 -!- gremly [~gremly@186.28.53.233] has joined #openvpn 15:51 -!- JackyAlcine [~desktop@sii/jackyalcine] has quit [Remote host closed the connection] 16:04 -!- oc80z [oc80z@blea.ch] has quit [Excess Flood] 16:05 -!- oc80z [oc80z@blea.ch] has joined #openvpn 16:12 -!- Cybertinus [~Cybertinu@cybertinus.jkit.nl] has quit [Remote host closed the connection] 16:24 -!- Cybertinus [~Cybertinu@cybertinus.jkit.nl] has joined #openvpn 16:25 -!- gremly [~gremly@186.28.53.233] has quit [Quit: WeeChat 0.3.6] 16:28 -!- Cybertinus [~Cybertinu@cybertinus.jkit.nl] has quit [Read error: Connection reset by peer] 16:28 -!- Cybertinus [~Cybertinu@cybertinus.jkit.nl] has joined #openvpn 16:33 < spacedust> hyper_ch: i have no idea :) 16:33 < spacedust> shall i test ? :D 16:34 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has joined #openvpn 16:34 -!- APTX_ [APTX@unaffiliated/aptx] has quit [Read error: Connection reset by peer] 16:35 -!- APTX [APTX@unaffiliated/aptx] has joined #openvpn 16:39 < rawplayer> /w/win 80 16:49 -!- emmanuelux [~emmanuel@2a01:e35:2e4d:9010:21d:60ff:fe0e:b818] has quit [Ping timeout: 240 seconds] 16:56 -!- oc80z [oc80z@blea.ch] has quit [Excess Flood] 16:56 -!- oc80z [oc80z@blea.ch] has joined #openvpn 16:57 -!- Azrael808 [~peter@cpc17-walt12-2-0-cust657.13-2.cable.virginmedia.com] has quit [Ping timeout: 248 seconds] 16:59 -!- Cybertinus [~Cybertinu@cybertinus.jkit.nl] has quit [Remote host closed the connection] 16:59 -!- Cybertinus [~Cybertinu@cybertinus.jkit.nl] has joined #openvpn 17:01 -!- Cybertinus [~Cybertinu@cybertinus.jkit.nl] has quit [Remote host closed the connection] 17:01 -!- Cybertinus [~Cybertinu@cybertinus.jkit.nl] has joined #openvpn 17:06 -!- Cybertinus [~Cybertinu@cybertinus.jkit.nl] has quit [Remote host closed the connection] 17:06 -!- Cybertinus [~Cybertinu@cybertinus.jkit.nl] has joined #openvpn 17:27 -!- krzee [nobody@hemp.ircpimps.org] has joined #openvpn 17:27 -!- krzee [nobody@hemp.ircpimps.org] has quit [Changing host] 17:27 -!- krzee [nobody@openvpn/community/support/krzee] has joined #openvpn 17:31 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has joined #openvpn 17:49 -!- Cybertinus [~Cybertinu@cybertinus.jkit.nl] has quit [Remote host closed the connection] 17:49 -!- Cybertinus [~Cybertinu@cybertinus.jkit.nl] has joined #openvpn 17:52 -!- bigpaws [~bigpaws@c-68-37-125-150.hsd1.nj.comcast.net] has quit [Ping timeout: 245 seconds] 17:52 -!- bigpaws [~bigpaws@c-68-37-125-150.hsd1.nj.comcast.net] has joined #openvpn 17:56 -!- Araluccl0 [~lallo@151.77.170.15] has quit [Quit: Anche il discorsismo ha un limitismo.] 17:56 -!- Araluccl0 [~lallo@151.77.170.15] has joined #openvpn 18:08 -!- Cybertinus [~Cybertinu@cybertinus.jkit.nl] has quit [Remote host closed the connection] 18:08 -!- Cybertinus [~Cybertinu@cybertinus.jkit.nl] has joined #openvpn 18:10 -!- Denial [Denial@drgi.co.uk] has quit [] 18:11 -!- MarKsaitis [~MarKsaiti@cpc4-rdng22-2-0-cust932.15-3.cable.virginmedia.com] has quit [Ping timeout: 248 seconds] 18:12 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has quit [Ping timeout: 245 seconds] 18:14 -!- Gravitron [~admin@69.163.40.45] has joined #openvpn 18:14 -!- Gravitron [~admin@69.163.40.45] has quit [Changing host] 18:14 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 18:15 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has joined #openvpn 18:21 -!- master_of_master [~master_of@p57B542EE.dip.t-dialin.net] has quit [Ping timeout: 248 seconds] 18:22 -!- aeterna [~aeterna@unaffiliated/aeterna] has joined #openvpn 18:22 -!- rickuz [~rickuz@77-21-40-158-dynip.superkabel.de] has quit [Quit: Leaving.] 18:22 < aeterna> Hi there 18:23 -!- master_of_master [~master_of@p57B52604.dip.t-dialin.net] has joined #openvpn 18:24 < aeterna> I've successfully installed and configured openvpn on two endpoints. My problem is that one endpoint (a Windows machine, with openvpn gui installed) fails at stage 'Wed Feb 08 00:22:00 2012 TLS: Initial packet from [address:port], sid=[numbers]' 18:25 < aeterna> I know this is related to the restrictive firewall implemented by the government since wrapping TLS in a layer of (weak) custom encryption results in a successful connection 18:25 < aeterna> Is there a manner of changing openvpn's behavior such that the TLS handshake will not be intercepted? 18:28 -!- nonotza [~nonotza@50-57-234-249.static.cloud-ips.com] has quit [Quit: nonotza] 18:52 -!- krzee [nobody@openvpn/community/support/krzee] has quit [Quit: This computer has gone to sleep] 19:05 -!- raomin [~romain@240.22.66.86.rev.sfr.net] has quit [Ping timeout: 245 seconds] 19:11 -!- flashuni [~textual@adsl-69-111-106-109.dsl.scrm01.pacbell.net] has joined #openvpn 19:12 < flashuni> Hey all! Is anyone else having trouble getting push "redirect-gateway def1" working on mac os x lion as the client 19:19 -!- flashuni [~textual@adsl-69-111-106-109.dsl.scrm01.pacbell.net] has quit [Quit: Computer has gone to sleep.] 19:38 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 19:44 -!- krzee [nobody@openvpn/community/support/krzee] has joined #openvpn 19:49 -!- tekzilla [~jon@hmbg-5f7631b1.pool.mediaWays.net] has quit [Ping timeout: 276 seconds] 19:50 -!- tekzilla [~jon@hmbg-5f76728b.pool.mediaWays.net] has joined #openvpn 19:50 -!- _julian [~quassel@hmbg-5f7652a3.pool.mediaWays.net] has joined #openvpn 19:53 < spacedust> can i add a route command on a client that would redirect all traffic trought the newly created bridged openvpn tunnel ? 19:54 -!- _julian_ [~quassel@hmbg-4d06bc25.pool.mediaWays.net] has quit [Ping timeout: 252 seconds] 19:54 -!- krzee [nobody@openvpn/community/support/krzee] has quit [Quit: This computer has gone to sleep] 19:57 -!- Netsplit *.net <-> *.split quits: WebDawg, dren, APTX, totalizator, Araluccl0, Mp5shooter, TypoNe, Diffen, @mattock, MeanderingCode_, (+131 more, use /NETSPLIT to show all of them) 19:57 -!- phantomcircuit [~phantomci@50.57.81.35] has quit [Max SendQ exceeded] 19:59 -!- Netsplit over, joins: @mattock, cron2, Intensity, @vpnHelper, _julian, tekzilla, master_of_master, aeterna, bauruine, Gravitron (+131 more) 19:59 -!- gffa [~gffa@unaffiliated/gffa] has quit [Max SendQ exceeded] 19:59 < aeterna> I see 19:59 < aeterna> I will look into it 19:59 < aeterna> And thank you 19:59 -!- gffa [~gffa@unaffiliated/gffa] has joined #openvpn 20:00 < rob0> what government, if you don't mind saying? 20:00 < aeterna> Check out that presentation on IETF's website I linked 20:01 < aeterna> An example is presented there which happens to be my case 20:06 -!- Guest42339 [~phantomci@50.57.81.35] has joined #openvpn 20:07 -!- Netsplit *.net <-> *.split quits: Intensity, demigod987, Jarpse, _quadDamage, arosen, bjorneven, pwrcycle, tessier, madal, JPeterson, (+3 more, use /NETSPLIT to show all of them) 20:07 -!- Tick-Tock [~Tick-Tock@2607:f358:1:fed5:22:0:b683:4295] has quit [Read error: Operation timed out] 20:08 < aeterna> A question rob0 20:08 -!- Netsplit over, joins: JPeterson, bjorneven, arosen, Jarpse, madal, Intensity, demigod987, _quadDamage, mick_laptop, zeshoem (+3 more) 20:08 < aeterna> Is it advisable that I set up one static-key instance and and tunnel a TLS instance in it? 20:09 < aeterna> Would the overhead be prohibitively hight? 20:12 -!- Netsplit *.net <-> *.split quits: raaa, Dougy, SuperPhly, tabakhase, totalizator, treshoem, Kateon, Nowak, rawplayer, Gravitron, (+1 more, use /NETSPLIT to show all of them) 20:12 < ecrist> sup bitches? 20:12 < ecrist> bah, stupid netsplits 20:12 -!- Tick-Tock [~Tick-Tock@2607:f358:1:fed5:22:0:b683:4295] has joined #openvpn 20:12 -!- Netsplit over, joins: Gravitron, totalizator, SuperPhly, rawplayer, treshoem, Kateon, raaa, Nowak, tabakhase, RichardBronosky (+1 more) 20:12 -!- mode/#openvpn [+o ecrist] by ChanServ 20:13 < spacedust> works 20:13 -!- spacedust [~info@unaffiliated/cosmicblue] has left #openvpn [] 20:14 < rob0> aeterna, that would address the weakness of static keys ... once They [tm] gather enough traffic to brute force it, they find a TLS stream inside, and that won't break easily. 20:14 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 20:15 <@ecrist> :D 20:15 < rob0> Sorry, I am in console mode and can't easily view a PDF right now. 20:16 -!- Netsplit *.net <-> *.split quits: wedge, cjs226, JackWinter, Mp5shooter, freaky[t], @vpnHelper, kloeri, +peper, pimperle, mrsno_, (+7 more, use /NETSPLIT to show all of them) 20:16 -!- Netsplit over, joins: dkr, mgorbach, JackWinter, cjs226, mattock, sdferfx 20:16 -!- freaky[t] [alpha@freakyonline.de] has joined #openvpn 20:16 -!- epsilon [textblase@raid1.net] has joined #openvpn 20:16 -!- Mp5shooter [~Mp5@204.152.221.189] has joined #openvpn 20:16 -!- Netsplit over, joins: batrick, wedge, pimperle, kloeri, mrsno_, @vpnHelper, MrPPS_, +peper 20:16 -!- ServerMode/#openvpn [+oov mattock vpnHelper peper] by holmes.freenode.net 20:17 -!- peper [~peper@gentoo/developer/peper] has quit [Max SendQ exceeded] 20:17 -!- Netsplit *.net <-> *.split quits: MeanderingCode_, __nolife, cyberspace-, rmk, WebDawg, agagag, CaBa, TypoNe, jeev, openbsdnoob, (+1 more, use /NETSPLIT to show all of them) 20:17 -!- jg84 is now known as JoeGazz84 20:17 -!- JoeGazz84 is now known as jg84 20:17 -!- peper [~peper@gentoo/developer/peper] has joined #openvpn 20:18 -!- Netsplit over, joins: MeanderingCode_, WebDawg, TypoNe, cyberspace-, JodaZ, rmk, CaBa, agagag, openbsdnoob, __nolife (+1 more) 20:27 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 245 seconds] 20:27 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 20:29 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Excess Flood] 20:29 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 20:47 -!- oc80z [oc80z@blea.ch] has quit [Changing host] 20:47 -!- oc80z [oc80z@openvpn/user/oc80z] has joined #openvpn 20:50 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 21:00 -!- MarKsaitis [~MarKsaiti@cpc4-rdng22-2-0-cust932.15-3.cable.virginmedia.com] has joined #openvpn 21:19 -!- gremly [~gremly@186.28.53.233] has joined #openvpn 21:21 -!- MeanderingCode_ [~Meanderin@75-173-19-88.albq.qwest.net] has quit [Read error: Connection reset by peer] 21:25 < aeterna> It might interest you, rob0, that I finally opted for a static key point-to-point connection over which I'm doing regular SSH port forwarding 21:28 -!- krzee [nobody@openvpn/community/support/krzee] has joined #openvpn 21:38 -!- krzee [nobody@openvpn/community/support/krzee] has quit [Quit: This computer has gone to sleep] 21:44 <@ecrist> aeterna: I bought a douche thingy with yellow stripes. I'M RELEVANT 21:44 < aeterna> I apologize if you find my comment irrelevant 21:45 < aeterna> There is no need to mock me 21:47 <@ecrist> probably not. I suppose my point is, why do ssh port forwarding if you have a tunnel? 21:47 < aeterna> Since it is based on a shared secret key which I probably am not going to change very often 21:48 < aeterna> I did set the cipher to AES-256-CBC 21:48 < aeterna> What's more PuTTY provides a easy-to-setup and handy SOCKS proxy 21:48 < aeterna> The extra strength of auth and encryption of SSH is a bonus 21:48 -!- Mp5shooter [~Mp5@204.152.221.189] has quit [Read error: Connection reset by peer] 21:49 < aeterna> *an 21:49 < rob0> ecrist, that was explained earlier 21:50 < rob0> aeterna, if you need more than just SSH or just TCP, it would be trivial to tunnel inside the tunnel, with either another static key or TLS. 21:51 -!- Mp5shooter [~Mp5@204.152.221.189] has joined #openvpn 21:51 < aeterna> I didn't go that route since I was in a hurry 21:51 < rob0> so this is avoiding the firewall detection? 21:51 < aeterna> Yes, it's working pretty well 21:52 < rob0> good 21:52 < aeterna> The outer layer obfuscates and avoids DPI, the inner layer--hopefully--provides crypto-strength 21:52 < aeterna> When I find some more time I will look into running another openvpn instance 21:52 < rob0> I'd still do a cron job to generate a new key every week at one end and transfer over the tunnel 21:53 < aeterna> Very good point 21:53 < aeterna> Re. the tunnel-in-tunnel case, it occured to me that since one tunnel needs to be inside the other one the order of running openvpn instances becomes important 21:53 < rob0> yup 21:54 < rob0> the inner one could be started in an --up script 21:54 < aeterna> Looking at /etc/rc.d/openvpn (under Arch Linux) it seems to simply launch instances based on alphabetical order of configuration files it finds in /etc/openvpn 21:55 < rob0> --route-up <-- better 21:55 < aeterna> I haven't used that previously. Will sure read up on it. 21:55 * ecrist spiderman's yet another thread. muayahahahahahahaha 21:55 < rob0> so no, that wouldn't do, you'd want the inner tunnel to only start when the outer one is established. 21:56 <@ecrist> rob0: the nature of IRC is, people don't scroll up 21:56 < rob0> which can probably be managed with a different name for the inner tunnel config 21:56 <@ecrist> usually I do... but Jack Daniels commanded not 21:56 <@ecrist> ;) 21:56 < rob0> ecrist, right, but the issue is extreme worry (or paranoia) about gov't firewalls 21:57 * ecrist meh 21:57 < rob0> The advantage of a static key over TLS is that the traffic looks purely random. 21:58 < rob0> The disadvantage of a static key under TLS is that the traffic could be vulnerable to brute force if a large sample was collected. 21:58 * ecrist meh 21:58 < rob0> so my idea was to use the static key to fool the firewall, and an inner tunnel to secure it from brute force. 21:59 <@ecrist> my response to tyranny is to get a gun 21:59 <@ecrist> but I live in USA, so that's normal 21:59 < rob0> Anyway, you're right about that and about Jack. 21:59 <@ecrist> :D 21:59 <@ecrist> aww 21:59 < aeterna> Thanks again, rob0. I'll be going to get some sleep now 21:59 < rob0> heh, 150 years ago we took up guns against tyranny, and they assimilated us. 21:59 <@ecrist> my troll thread on 4chan got 404d 22:00 <@ecrist> rob0: don't include 'me' with 'us' 22:00 <@ecrist> in that context 22:00 < aeterna> Good luck, everyone 22:00 < rob0> yup, you're assimilated too ;) 22:00 < rob0> aeterna, yw, good luck 22:03 < rob0> fall of Fort Henry: 150 years ago yesterday 22:52 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 22:54 -!- ChrisInSydney [~Chris@60-242-81-231.tpgi.com.au] has joined #openvpn 22:54 < ChrisInSydney> hi all 22:58 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 256 seconds] 22:59 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 23:03 < ChrisInSydney> I have a question.... 23:03 < ChrisInSydney> DD-WRT routers 23:03 < ChrisInSydney> 3 routers A --> B --> C 23:03 < ChrisInSydney> A is client, B is Client and server (yes you can !) and C is server 23:04 < ChrisInSydney> A can ping B's networks, B can ping C and A A can not ping C but C seems to get to A and B 23:04 < ChrisInSydney> ive got an iptables FORWARD rule betwen tun0 & tun 1 in both directions 23:04 < ChrisInSydney> on node B 23:05 < ChrisInSydney> I have my iroute files on C set up for A's subnet t o be routed through B 23:06 < rob0> I'd do one server, two clients, and connect the clients via a p2p static key tunnel. 23:07 < rob0> simpler 23:07 < rob0> and all three thereby have direct links 23:07 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 23:08 -!- BoomSie [~gideon@84-245-27-118.dsl.cambrium.nl] has quit [Read error: Connection timed out] 23:14 -!- EvilJStoker [jstoker@unaffiliated/jstoker] has quit [Ping timeout: 252 seconds] 23:18 -!- dazo_afk [dazo@openvpn/community/developer/dazo] has quit [Ping timeout: 252 seconds] 23:18 -!- BoomSie [~gideon@84-245-27-118.dsl.cambrium.nl] has joined #openvpn 23:18 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Client Quit] 23:18 < ChrisInSydney> rob0, except that A and B exchange information between themselves, but B needs to talk to C along with D E and F 23:18 -!- ostolves [~ostolvis@108.162.156.19] has quit [Read error: Connection reset by peer] 23:18 < ChrisInSydney> I have a city branch with two small regional offices. I dont want to send traffic via head office 23:18 < ChrisInSydney> but each city office needs to talk back to head office 23:18 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 23:18 < ChrisInSydney> not the norm I now 23:18 < ChrisInSydney> know 23:18 -!- _julian_ [~quassel@hmbg-5f7652a3.pool.mediaWays.net] has joined #openvpn 23:18 -!- ostolvis [~ostolvis@108.162.156.19] has joined #openvpn 23:18 -!- EvilJStoker [jstoker@unaffiliated/jstoker] has joined #openvpn 23:18 -!- dazo_afk [dazo@openvpn/community/developer/dazo] has joined #openvpn 23:18 -!- mode/#openvpn [+o dazo_afk] by ChanServ 23:19 -!- Netsplit *.net <-> *.split quits: RageCage, _julian, ronnocol 23:22 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has quit [Quit: This computer has gone to sleep] 23:22 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 245 seconds] 23:23 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has joined #openvpn 23:23 < ChrisInSydney> I was contemplating two tunnels to two servers, but thats a command line hack and involves some additional storage 23:24 < hyper_ch> ChrisInSydney: how many phones? 23:25 < ChrisInSydney> branches have 2 or 3 23:25 < ChrisInSydney> offices have 20+ 23:25 < ChrisInSydney> all UDP tunnels. 23:25 < ChrisInSydney> QoS weighed heavily in favour of the voice subnet 23:25 < hyper_ch> wait... I thought you were thinking aobut FreeSWITCH 23:25 < ChrisInSydney> nahh 23:25 < hyper_ch> s/thinking/talking/ 23:25 < hyper_ch> its early morning here 23:25 < ChrisInSydney> this is straight IP routing 23:26 < ChrisInSydney> thast OK. Its afternoon here 23:26 < ChrisInSydney> Sydney 23:26 -!- RageCage_ [~RageCage@ssh.studentnatet.se] has joined #openvpn 23:26 -!- ronnocol [~lance@2001:1868:214::bad:babe] has joined #openvpn 23:26 < ChrisInSydney> Aus. 23:26 < ChrisInSydney> Where is your "here" ? 23:26 < hyper_ch> home :) 23:26 < ChrisInSydney> good to know 23:27 < ChrisInSydney> I new someome wo came home really drunk and had to break in through the window and crashed on the couch 23:27 < ChrisInSydney> only to find that he had gone back to his old place that he hadnt lived in for over 18 months 23:27 < ChrisInSydney> true story 23:27 < hyper_ch> why not running two or three servers? 23:27 < ChrisInSydney> running DD-WRT routers 23:28 < ChrisInSydney> That was my next attempt 23:28 < hyper_ch> I'm still not quite following 23:29 < hyper_ch> you have two offices 23:33 < hyper_ch> and between office communication shall be confidential, right? 23:33 < ChrisInSydney> correct 23:33 -!- ecrist [~ecrist@freebsd/contributor/openvpn.community.support.ecrist] has quit [Ping timeout: 252 seconds] --- Log closed Tue Feb 07 23:33:46 2012 --- Log opened Tue Feb 07 23:34:01 2012 23:34 -!- ecrist [~ecrist@jaguar-2-red.claimlynx.com] has joined #openvpn 23:34 -!- Irssi: #openvpn: Total of 150 nicks [3 ops, 0 halfops, 3 voices, 144 normal] 23:34 < ChrisInSydney> So I would have to program A to launch openvpn twice with two separate configs / devices 23:34 -!- emmanuelux [~emmanuel@2a01:e35:2e4d:9010:21d:60ff:fe0e:b818] has joined #openvpn 23:34 -!- BoomSie [~gideon@84-245-27-118.dsl.cambrium.nl] has quit [Max SendQ exceeded] 23:34 < hyper_ch> ChrisInSydney: that's simple 23:34 -!- Irssi: Join to #openvpn was synced in 33 secs 23:34 < ChrisInSydney> except I have to get out of the dd-wrt gui (which I am not affraid of) 23:34 < hyper_ch> you know you can even make use of includes 23:35 < ChrisInSydney> crack some jffs space and launch from the startup scripts 23:35 -!- ronnocol [~lance@2001:1868:214::bad:babe] has joined #openvpn 23:36 < hyper_ch> I wonder if that's a good idea to do on the dd-wrt 23:36 < ChrisInSydney> I did a basic test and it seemed to work. I think I did crash something, but I cant remember. Used a chip USB key in the back of the router 23:37 -!- MarcWebe1 [~marc@li142-245.members.linode.com] has joined #openvpn 23:37 < rob0> run a server at Head and at each City. All can be clients to Head, and each branch can be clients to their City 23:38 -!- amir__ [~amir@80-219-10-9.dclient.hispeed.ch] has joined #openvpn 23:38 -!- amir__ [~amir@80-219-10-9.dclient.hispeed.ch] has quit [Changing host] 23:38 -!- amir__ [~amir@unaffiliated/amir] has joined #openvpn 23:38 < ChrisInSydney> Thats sort of what I am doing. I was hoping that I wouldnt have to run a direct tunel form the branch to head office 23:38 -!- RageCage [~RageCage@ssh.studentnatet.se] has joined #openvpn 23:39 -!- amir [~amir@unaffiliated/amir] has quit [Ping timeout: 252 seconds] 23:39 -!- MarcWeber [~marc@li142-245.members.linode.com] has quit [Ping timeout: 252 seconds] 23:39 < ChrisInSydney> so I can ping tun1 and tun0 at B from A. I can not ping tun0 at C from A 23:39 < rob0> don't have to 23:39 < rob0> but you can if you want to 23:39 < rob0> you ping IP addresses, not interfaces 23:40 < rob0> just lay out your network carefully, there are lots of RFC 1918 netblocks to go around. 23:41 < rob0> no two offices on the same netblock 23:41 < ChrisInSydney> the addresses of the tun0 / tun1 23:42 < rob0> so the A<-->C tunnel is not working 23:46 < hyper_ch> ChrisInSydney: http://pastebin.com/8YHd76ne 23:46 < ChrisInSydney> tnx 23:46 < hyper_ch> includes are fun :) 23:46 < hyper_ch> makes the rest simpler 23:46 < hyper_ch> well, in your case you'd also need to put the keys out of the common.inc 23:46 < hyper_ch> I just do that setup because I run openvpn on tcp and udp 23:46 < ChrisInSydney> running /24s for each office 23:46 < ChrisInSydney> running /26s way away for the tunnels 23:46 < hyper_ch> one server uses 10.8.0.0 23:46 < hyper_ch> the other uses 10.8.1.0 23:46 < ChrisInSydney> 172.22.66.0/26, 172.22.66.64/26 for tunnels in this instance 23:46 < ChrisInSydney> A to C 23:46 < ChrisInSydney> no go 23:46 < ChrisInSydney> C to A is OK 23:46 < ChrisInSydney> so its a routing / iptables issue 23:46 -!- master_o1_master [~master_of@p57B52604.dip.t-dialin.net] has joined #openvpn 23:46 < hyper_ch> http://xkcd.com/1014/ 23:46 <@vpnHelper> Title: xkcd: Car Problems (at xkcd.com) 23:46 -!- Secret_ [~Secret@78.157.114.46] has joined #openvpn 23:46 < ChrisInSydney> hyper_ch: Thats about it 23:46 -!- Tick-Tock [~Tick-Tock@2607:f358:1:fed5:22:0:b683:4295] has quit [Ping timeout: 256 seconds] 23:46 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has quit [Ping timeout: 256 seconds] 23:46 -!- Secret [~Secret@78.157.114.46] has quit [Ping timeout: 256 seconds] 23:46 -!- master_of_master [~master_of@p57B52604.dip.t-dialin.net] has quit [Ping timeout: 256 seconds] 23:47 -!- Tick-Tock [~Tick-Tock@2607:f358:1:fed5:22:0:b683:4295] has joined #openvpn 23:47 < ChrisInSydney> I have an iroute file on C with A and B subnets 23:47 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has joined #openvpn 23:48 < ChrisInSydney> I have an iroute on B with As subnet 23:49 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has quit [Quit: This computer has gone to sleep] 23:51 < ChrisInSydney> I have an iptables -I FORWARD between tun0 and tun1 on B 23:51 < ChrisInSydney> both ways 23:52 < rob0> it's pretty simple to rule out/detect iptables problems 23:52 < rob0> iptables -I FORWARD -i tun+ -j ACCEPT 23:52 < rob0> INPUT too 23:52 < ChrisInSydney> ahh 23:52 < ChrisInSydney> I was looking at those 23:53 -!- dren [~chatzilla@cpe-67-253-125-80.maine.res.rr.com] has quit [Remote host closed the connection] 23:53 < ChrisInSydney> I have forward but no input 23:58 < ChrisInSydney> nope 23:59 < ChrisInSydney> :-( 23:59 < ChrisInSydney> So A can ping Bs tun0 and tun1 addresses 23:59 < ChrisInSydney> A can not ping Cs tun1 address --- Day changed Wed Feb 08 2012 00:03 < ChrisInSydney> Turned off firewalls on all devices. Usually fixes thngs. No love :-( 00:10 < ChrisInSydney> rob0: The iroute files allow the server to route back to the clients 00:10 < ChrisInSydney> ?? 00:18 < ChrisInSydney> I am about to go the dual route dual VPN way. Question 00:19 < ChrisInSydney> Can I have the same CA across all VPN servers ?? and use the same client certificate for connection to two servers? 00:20 < ChrisInSydney> for this example: A.crt from the same CA can be used to connect to the server at B and C ? but with two separate instances 00:21 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Quit: UnterPerro lives to save another day] 00:40 -!- `Ile` [~Ile@kaniserver.net] has joined #openvpn 00:43 < ChrisInSydney> Restarted all and now it works 00:43 < ChrisInSydney> the otehr way 00:43 < ChrisInSydney> other :-/ 00:44 < ChrisInSydney> C can not see A 00:44 < ChrisInSydney> A can see C 00:50 < ChrisInSydney> now I have neither seeing things 00:51 < ChrisInSydney> A can see B B can see C and C can see B 00:51 < ChrisInSydney> A and C can not ping either direction 00:52 < ChrisInSydney> it seems to be somethng in the automatic routing 00:52 < ChrisInSydney> iroute files maybe 00:52 < ChrisInSydney> any suggestions ?? 00:55 -!- spacedust [~info@unaffiliated/cosmicblue] has joined #openvpn 00:55 -!- krzee [nobody@64.234.228.10] has joined #openvpn 00:55 -!- krzee [nobody@64.234.228.10] has quit [Changing host] 00:55 -!- krzee [nobody@openvpn/community/support/krzee] has joined #openvpn 01:18 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 01:34 < ChrisInSydney> my its quiet in here 01:35 < `Ile`> nah 01:37 < hyper_ch> what does iroute do? 01:37 < ChrisInSydney> the iroute files have the client routes for the server 01:38 < ChrisInSydney> now nothing works :-( 01:38 < hyper_ch> I still fail to see why you'd need iroutes 01:38 < ChrisInSydney> client to client 01:38 < hyper_ch> I still fail to see why you'd need iroutes 01:39 < ChrisInSydney> These are subnet clients not single IPs 01:39 < ChrisInSydney> so Subnet C is where the server is, iroute lets me see subnet B from subnet C 01:40 < ChrisInSydney> iptables -t nat -I POSTROUTING -o `nvram get wan_ifname` -j MASQUERADE 01:40 < ChrisInSydney> # Sydney 01:40 < ChrisInSydney> ifconfig vlan3 10.0.12.1 netmask 255.255.255.0 up 01:40 < ChrisInSydney> ifconfig vlan4 10.0.10.210 netmask 255.255.255.0 up 01:40 < ChrisInSydney> # 01:40 < ChrisInSydney> iptables -I FORWARD -i vlan1 -o vlan3 -j ACCEPT 01:40 <+EugeneKay> !paste 01:40 < ChrisInSydney> iptables -I FORWARD -i vlan3 -o vlan1 -j ACCEPT 01:40 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into pastebin or a similar website, or (#2) ie: www.pastebin.ca 01:40 < ChrisInSydney> iptables -I FORWARD -i ppp0 -o vlan3 -j ACCEPT 01:40 < ChrisInSydney> iptables -I FORWARD -i vlan3 -o ppp0 -j ACCEPT 01:40 < ChrisInSydney> iptables -I INPUT -i vlan3 -j ACCEPT 01:40 < ChrisInSydney> iptables -I INPUT -i vlan1 -j ACCEPT 01:40 < ChrisInSydney> iptables -I FORWARD 1 --source 10.0.12.0/24 -j ACCEPT 01:40 < ChrisInSydney> # 01:40 < ChrisInSydney> # 01:40 < ChrisInSydney> # 01:40 < ChrisInSydney> iptables -I FORWARD -i vlan3 -o vlan4 -j ACCEPT 01:40 < ChrisInSydney> iptables -I FORWARD -i vlan4 -o vlan3 -j ACCEPT 01:40 < ChrisInSydney> iptables -I FORWARD -i ppp0 -o vlan4 -j ACCEPT 01:40 < ChrisInSydney> iptables -I FORWARD -i vlan4 -o ppp0 -j ACCEPT 01:40 < ChrisInSydney> iptables -I INPUT -i vlan4 -j ACCEPT 01:40 < ChrisInSydney> iptables -I INPUT -i vlan3 -j ACCEPT 01:40 < ChrisInSydney> iptables -I FORWARD 1 --source 10.0.10.0/24 -j ACCEPT 01:40 < ChrisInSydney> iptables -I FORWARD 1 --source 172.17.2.0/24 -j ACCEPT 01:40 < ChrisInSydney> iptables -I FORWARD 1 --source 172.17.102.0/24 -j ACCEPT 01:41 < ChrisInSydney> iptables -I FORWARD 1 --source 10.2.0/24 -j ACCEPT 01:41 < ChrisInSydney> # Brisbane Explicit definitions 01:41 < ChrisInSydney> iptables -I FORWARD 1 --source 172.17.3.0/24 -j ACCEPT 01:41 < ChrisInSydney> iptables -I FORWARD 1 --source 172.17.7.0/24 -j ACCEPT 01:41 < ChrisInSydney> iptables -I FORWARD 1 --source 172.17.8.0/24 -j ACCEPT 01:41 -!- mode/#openvpn [+o EugeneKay] by ChanServ 01:41 < ChrisInSydney> # OpenVPN Tunnels 01:41 -!- ChrisInSydney was kicked from #openvpn by EugeneKay [Spammmm] 01:41 -!- ianthius_ [ianthius@204.188.223.45] has quit [Ping timeout: 240 seconds] 01:41 <@EugeneKay> I thought the bot detected those 01:41 < `Ile`> =P 01:41 -!- ChrisInSydney [~Chris@60-242-81-231.tpgi.com.au] has joined #openvpn 01:42 < hyper_ch> http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing 01:42 <@vpnHelper> Title: OpenVPN/Routing - Secure Computing Wiki (at www.secure-computing.net) 01:42 <@EugeneKay> ChrisInSydney - no problem, it happens. but please, no PMs either ;-) 01:42 -!- ChrisInSydney [~Chris@60-242-81-231.tpgi.com.au] has quit [Quit: Catch yaz later] 01:43 -!- ChrisInSydney [~Chris@60-242-81-231.tpgi.com.au] has joined #openvpn 01:44 < ChrisInSydney> arghhh. Time to reboot this piece of...... 01:44 < ChrisInSydney> Windows 01:44 < hyper_ch> now I know the problem 01:44 < ChrisInSydney> he he he 01:44 -!- raomin [~romain@240.22.66.86.rev.sfr.net] has joined #openvpn 01:44 < ChrisInSydney> These are all broadcaom routers running dd-wrt 01:45 < ChrisInSydney> brb 01:45 -!- ChrisInSydney [~Chris@60-242-81-231.tpgi.com.au] has quit [Read error: Connection reset by peer] 01:45 <@EugeneKay> !windows 01:45 <@vpnHelper> "windows" is (#1) pcs are like air conditioners, they work fine unless you open windows or (#2) http://secure-computing.net/files/windows.jpg for funny or (#3) http://secure-computing.net/files/windows_2.jpg for more funny 01:48 -!- dazo_afk is now known as dazo 01:50 -!- ianthius_ [ianthius@y0u.co.cc] has joined #openvpn 01:52 -!- ChrisInSydney [~Chris@60-242-81-231.tpgi.com.au] has joined #openvpn 01:53 < ChrisInSydney> Well, as I was watching the "progress bar" I was thinking, at least I didnt dump the NVRAM script complete with WAN IPs and certificates :-/ 01:57 -!- MarKsaitis [~MarKsaiti@cpc4-rdng22-2-0-cust932.15-3.cable.virginmedia.com] has quit [Ping timeout: 252 seconds] 01:58 < ChrisInSydney> hyper_ch: I had that page open 02:12 < ChrisInSydney> i think I have it. Looks like I have two routes at B for the same subnet through tun0 & tun1 02:12 < ChrisInSydney> which would make sense why it changes on me 02:12 < ChrisInSydney> depends on who gets in there first 02:12 -!- rickuz [~rickuz@77-21-40-158-dynip.superkabel.de] has joined #openvpn 02:13 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 256 seconds] 02:13 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has quit [Ping timeout: 256 seconds] 02:13 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 02:22 -!- CaBa [caba@unique-inter.net] has left #openvpn [] 02:28 -!- rickuz [~rickuz@77-21-40-158-dynip.superkabel.de] has quit [Ping timeout: 276 seconds] 02:33 -!- Tegucigalpa0 [c1346b16@gateway/web/freenode/ip.193.52.107.22] has joined #openvpn 02:35 < Tegucigalpa0> Hello there. I'm using an open wifi with a proxy. I'd like to try to use my vpn via this proxy. How can i do ? Do i have to change my global conf in /etc/hosts or just in a conf in /etc/openvpn ? 02:37 < Tegucigalpa0> (sorry for my bad english) 02:38 <@EugeneKay> Tegucigalpa0 - OpenVPN supports HTTP and SOCKS proxies, via the --http-proxy and --socks-proxy directives 02:38 <@EugeneKay> !man 02:38 <@vpnHelper> "man" is (#1) http://openvpn.net/man for 2.0 manual or (#2) http://openvpn.net/man-beta.html for 2.1 manual or (#3) http://openvpn.net/index.php/open-source/documentation/manuals/427-openvpn-22.html for 2.2 manual or (#4) the man pages are your friend! 02:38 <@EugeneKay> See ^ 02:39 < Tegucigalpa0> Thanks you very much EugeneKay 02:39 < Tegucigalpa0> :) 02:43 -!- mete [~mete@178.209.50.247] has quit [Ping timeout: 248 seconds] 02:45 -!- madal [~madal@bagmati.rhi.hi.is] has quit [Ping timeout: 245 seconds] 02:45 -!- mode/#openvpn [-o EugeneKay] by EugeneKay 02:47 -!- Azrael808 [~peter@212.161.9.162] has joined #openvpn 02:48 -!- mete [~mete@mete.shell.la] has joined #openvpn 02:48 < Tegucigalpa0> When i try this : "sudo openvpn --http-proxy [proxyadress] 3128 /home/user/authfile /etc/openvpn/openvpn.conf" (in /home/user/authfile i wrote two lines, first with user second with the passwd) it tells me "Options error: You must define TUN/TAP device (--dev)" 02:50 < Tegucigalpa0> should i use "--mktun" ? I don't understand 02:59 < Tegucigalpa0> Ok i understood. I succeded to launch openvpn with options :). It doesn't work ( "HTTP proxy returned bad status" ) openvpn did what it could do :) 03:01 -!- Tegucigalpa0 [c1346b16@gateway/web/freenode/ip.193.52.107.22] has quit [] 03:03 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 245 seconds] 03:07 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has joined #openvpn 03:12 -!- raomin_ [~romain@240.22.66.86.rev.sfr.net] has joined #openvpn 03:14 -!- madal [~madal@bagmati.rhi.hi.is] has joined #openvpn 03:18 -!- Netsplit *.net <-> *.split quits: mete, Diffen, raomin 03:19 -!- Netsplit over, joins: mete 03:19 -!- Netsplit over, joins: Diffen 03:25 -!- Denial [Denial@drgi.co.uk] has joined #openvpn 03:27 -!- defsdoor [~andy@cpc17-sutt4-2-0-cust175.perr.cable.virginmedia.com] has joined #openvpn 03:34 -!- MarKsaitis [~MarKsaiti@94-194-204-114.zone8.bethere.co.uk] has joined #openvpn 03:52 -!- MarKsaitis [~MarKsaiti@94-194-204-114.zone8.bethere.co.uk] has quit [Ping timeout: 272 seconds] 03:57 -!- noisebleed [~quassel@kermit.inescn.pt] has joined #openvpn 03:57 -!- noisebleed [~quassel@kermit.inescn.pt] has quit [Changing host] 03:57 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has joined #openvpn 04:04 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 04:06 -!- BoomSie [~gideon@84-245-27-118.dsl.cambrium.nl] has joined #openvpn 04:09 -!- MarKsaitis [~MarKsaiti@gems1011.demon.co.uk] has joined #openvpn 04:10 -!- guifort [~guifort@LOrleans-167-38-33-19.w193-250.abo.wanadoo.fr] has joined #openvpn 04:10 < guifort> Hello All 04:10 < guifort> Someone can help me for a route problem with a Wimax Connection ? 04:13 -!- Azrael808 [~peter@212.161.9.162] has quit [Read error: Operation timed out] 04:18 -!- krzee [nobody@openvpn/community/support/krzee] has quit [Quit: This computer has gone to sleep] 04:19 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Read error: Operation timed out] 04:19 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 04:22 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 04:23 -!- BoomSie [~gideon@84-245-27-118.dsl.cambrium.nl] has quit [Read error: Connection timed out] 04:25 -!- BoomSie [~gideon@84-245-27-118.dsl.cambrium.nl] has joined #openvpn 04:28 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 04:29 -!- Uranellus [~alexander@unaffiliated/uranellus] has joined #openvpn 04:29 -!- Azrael808 [~peter@212.161.9.162] has joined #openvpn 04:34 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 246 seconds] 04:41 -!- prakashkamliya [~prakashka@202.131.123.66] has joined #openvpn 04:41 -!- BoomSie [~gideon@84-245-27-118.dsl.cambrium.nl] has quit [Read error: Connection timed out] 04:45 -!- zeroXten [~zeroXten@0x10.co.uk] has joined #openvpn 05:17 -!- MarKsaitis [~MarKsaiti@gems1011.demon.co.uk] has quit [Ping timeout: 276 seconds] 05:29 -!- MarKsaitis [~MarKsaiti@gems1011.demon.co.uk] has joined #openvpn 05:41 -!- JackWinter [~jack@ppp-289.vo.lu] has quit [Quit: Konversation terminated!] 05:41 < Uranellus> hello, I 05:43 < Uranellus> hello, I'm running a server using 'dev tap', and I'm trying to read packages with wireshark on the server. but I cannot see the traffic going directly from client A to client B. any ideas? or is that even enough information? 05:45 -!- JackWinter [~jack@ppp-289.vo.lu] has joined #openvpn 05:50 < spacedust> hi 05:50 < spacedust> how could i make another vpn connection ? 05:50 < spacedust> i made one and now thats the default and id like to make another one :) 05:51 < ChrisInSydney> two client connects ?? 05:52 < ChrisInSydney> spacedust: A assume you have two servers to connect to 05:52 < spacedust> oh 05:52 < spacedust> its donne :) 05:52 < ChrisInSydney> :-) 05:52 < ChrisInSydney> I'm just about to do this witha dd-wrt router 05:52 < spacedust> ChrisInSydney: i started the second vpn client manually :D 05:53 < ChrisInSydney> that will work 05:53 -!- amir__ is now known as amir 05:56 -!- Araluccl0 [~lallo@151.77.170.15] has quit [Quit: Anche il discorsismo ha un limitismo.] 05:56 -!- Araluccl0 [~lallo@151.77.170.15] has joined #openvpn 06:03 -!- dropje [~yge@ip4da6274e.direct-adsl.nl] has joined #openvpn 06:03 < dropje> cherwin: zzup? 06:04 < dropje> !logs 06:04 <@vpnHelper> "logs" is (#1) is please pastebin your logfiles from both client and server with verb set to 5 or (#2) In Tunnelblick, right-click and select copy to copy log text to clipboard. 06:04 < ChrisInSydney> is there anyway of determinig which ip range is causing a "MULTI: bad source address from client" message ? 06:04 -!- MarKsaitis_ [~MarKsaiti@94-194-204-114.zone8.bethere.co.uk] has joined #openvpn 06:07 -!- rickuz [~rickuz@p5DC45693.dip.t-dialin.net] has joined #openvpn 06:08 -!- MarKsaitis [~MarKsaiti@gems1011.demon.co.uk] has quit [Ping timeout: 260 seconds] 06:08 < cherwin> dropje: I'm fine how about you? 06:08 < cherwin> dropje: Long time no see. 06:09 < ChrisInSydney> A: I guess you go and make a coffee, drink it, then sit down and see that you have made a typo in the iroute files 06:12 < dropje> cherwin: haha idd :) 06:12 < spacedust> vpn2>vpn1> ==== http://ubuntuone.com/39b7QvuHrLCtEDLf7sdhli 06:12 -!- DexTerDDIT [~dexterddi@2001:470:1f06:687::2] has joined #openvpn 06:12 < spacedust> is it a coincidence ? :) 06:13 -!- cjs226 [~cjs226@99-61-65-242.lightspeed.austtx.sbcglobal.net] has quit [] 06:16 -!- Upgreydd [~chatzilla@83-145-170-32.cable-modem.tkk.net.pl] has joined #openvpn 06:16 < Upgreydd> Hi all, i have installed OpenVPN server (CLIENT->OpenVPN->INTERNET), is there a way to add another OpenVPN instance with TOR? (CLIENT->OpenVPN->TOR->INTERNET)? 06:21 -!- MarKsaitis__ [~MarKsaiti@gems1011.demon.co.uk] has joined #openvpn 06:23 -!- DexTerDDIT [~dexterddi@2001:470:1f06:687::2] has left #openvpn [] 06:24 -!- MarKsaitis_ [~MarKsaiti@94-194-204-114.zone8.bethere.co.uk] has quit [Ping timeout: 265 seconds] 06:26 -!- MarKsaitis [~MarKsaiti@gems1011.demon.co.uk] has joined #openvpn 06:27 < Upgreydd> !welcome 06:27 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 06:28 < Upgreydd> !interface 06:28 <@vpnHelper> "interface" is (#1) paste interface configuration from both client and server, while being disconnected and when beeing connected. Be sure to also add the routing tables for both situations from client and from server or (#2) in windows: ipconfig /all - unix: ifconfig -a , and for routing tables: netstat -rn 06:29 -!- MarKsaitis__ [~MarKsaiti@gems1011.demon.co.uk] has quit [Ping timeout: 252 seconds] 06:31 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 06:45 -!- goose [~goose@c-24-30-109-49.hsd1.ga.comcast.net] has joined #openvpn 06:45 < goose> !welcome 06:45 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 06:46 < goose> openvpn.se would be the place to get the client program for windows, yeah? 06:47 < Upgreydd> how to create another tun interface? 06:48 < Uranellus> !mitm 06:48 <@vpnHelper> "mitm" is (#1) http://openvpn.net/index.php/documentation/howto.html#mitm to know about stopping Man-in-the-Middle attacks by signing the server cert specially or (#2) use !servercert to generate the server cert manually or use the easy-rsa build-key-server script to build your server certificates or (#3) then use: ns-cert-type server in the client config 06:52 -!- cjs226 [~cjs226@rrcs-71-40-79-154.sw.biz.rr.com] has joined #openvpn 06:57 -!- Upgreydd [~chatzilla@83-145-170-32.cable-modem.tkk.net.pl] has quit [Quit: ChatZilla 0.9.88 [Firefox 10.0/20120129021758]] 06:59 -!- goose [~goose@c-24-30-109-49.hsd1.ga.comcast.net] has quit [Quit: Staying alive can kill you, it's taken years off of my life.] 07:00 -!- mattock [~samuli@openvpn/corp/admin/mattock] has quit [Ping timeout: 276 seconds] 07:05 -!- MarKsaitis [~MarKsaiti@gems1011.demon.co.uk] has quit [Read error: Connection reset by peer] 07:13 -!- mattock [~samuli@openvpn/corp/admin/mattock] has joined #openvpn 07:13 -!- mode/#openvpn [+o mattock] by ChanServ 07:20 -!- goose [~goose@c-24-30-109-49.hsd1.ga.comcast.net] has joined #openvpn 07:22 -!- goose [~goose@c-24-30-109-49.hsd1.ga.comcast.net] has quit [Quit: Staying alive can kill you, it's taken years off of my life.] 07:26 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has joined #openvpn 07:35 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has quit [Quit: Leaving] 07:36 -!- mattock [~samuli@openvpn/corp/admin/mattock] has quit [Ping timeout: 265 seconds] 07:46 -!- rickuz1 [~rickuz@p5DC45693.dip.t-dialin.net] has joined #openvpn 07:49 -!- rickuz [~rickuz@p5DC45693.dip.t-dialin.net] has quit [Ping timeout: 240 seconds] 07:52 -!- mattock [~samuli@openvpn/corp/admin/mattock] has joined #openvpn 07:52 -!- mode/#openvpn [+o mattock] by ChanServ 07:52 -!- Gunni [~gunni@unaffiliated/gunni] has joined #openvpn 08:00 -!- prakashkamliya [~prakashka@202.131.123.66] has quit [Ping timeout: 240 seconds] 08:02 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn 08:02 -!- mode/#openvpn [+v s7r] by ChanServ 08:02 -!- guifort__ [~guifort@106.49.69.86.rev.sfr.net] has joined #openvpn 08:02 -!- guifort [~guifort@LOrleans-167-38-33-19.w193-250.abo.wanadoo.fr] has quit [Ping timeout: 265 seconds] 08:08 -!- zheng [~zheng@101.80.43.45] has joined #openvpn 08:10 -!- MarcWebe1 [~marc@li142-245.members.linode.com] has quit [Quit: leaving] 08:17 -!- raomin_ [~romain@240.22.66.86.rev.sfr.net] has quit [Quit: leaving...] 08:17 -!- raomin_ [~romain@240.22.66.86.rev.sfr.net] has joined #openvpn 08:18 -!- raomin_ [~romain@240.22.66.86.rev.sfr.net] has quit [Client Quit] 08:18 -!- raomin_ [~romain@240.22.66.86.rev.sfr.net] has joined #openvpn 08:18 -!- raomin_ [~romain@240.22.66.86.rev.sfr.net] has quit [Remote host closed the connection] 08:18 -!- raomin [~romain@240.22.66.86.rev.sfr.net] has joined #openvpn 08:22 -!- gustav is now known as beerbro 08:31 <@vpnHelper> RSS Update - forum: using W7 2.2.2 client with xp 2.0.9 server 08:40 -!- astrostl is now known as honold 08:44 -!- honold is now known as astrostl 08:52 -!- ravel_exe [ravel_exe@175.142.201.214] has joined #openvpn 08:56 -!- ravel_cmd [ravel_exe@175.142.201.214] has joined #openvpn 08:58 <@vpnHelper> RSS Update - forum: using W7 2.2.2 client with xp 2.0.9 server 08:59 -!- ravel_exe [ravel_exe@175.142.201.214] has quit [Ping timeout: 276 seconds] 09:03 -!- ravel_exe [ravel_exe@175.142.201.214] has joined #openvpn 09:03 -!- ravel_cmd [ravel_exe@175.142.201.214] has quit [Ping timeout: 272 seconds] 09:07 -!- dberry [~dberry@unaffiliated/dberry] has joined #openvpn 09:08 -!- ravel_cmd [ravel_exe@175.142.201.214] has joined #openvpn 09:11 -!- ravel_exe [ravel_exe@175.142.201.214] has quit [Ping timeout: 248 seconds] 09:12 -!- ravel_exe [ravel_exe@175.142.201.214] has joined #openvpn 09:15 -!- [MSFT]CBranca [~kismetgfx@nat/microsoft/x-keuxffajgjtgfukj] has joined #openvpn 09:15 -!- zheng [~zheng@101.80.43.45] has quit [Quit: Leaving] 09:15 -!- ravel_cmd [ravel_exe@175.142.201.214] has quit [Ping timeout: 244 seconds] 09:17 -!- scott__ [~scott@61.87.203.237] has joined #openvpn 09:19 -!- ravel_cmd [ravel_exe@175.142.201.214] has joined #openvpn 09:19 -!- ravel_exe [ravel_exe@175.142.201.214] has quit [Ping timeout: 265 seconds] 09:20 -!- rickuz [~rickuz@p5DC45693.dip.t-dialin.net] has joined #openvpn 09:22 -!- rickuz2 [~rickuz@p5DC45693.dip.t-dialin.net] has joined #openvpn 09:22 -!- rickuz1 [~rickuz@p5DC45693.dip.t-dialin.net] has quit [Ping timeout: 246 seconds] 09:23 -!- ravel_cmd [ravel_exe@175.142.201.214] has quit [Ping timeout: 260 seconds] 09:24 -!- c1de0x [~c1de0x@208.111.44.254] has quit [Excess Flood] 09:25 -!- rickuz [~rickuz@p5DC45693.dip.t-dialin.net] has quit [Ping timeout: 245 seconds] 09:26 -!- scott__ [~scott@61.87.203.237] has quit [Quit: Leaving...] 09:36 -!- `Ile` [~Ile@kaniserver.net] has quit [Quit: KVIrc 4.1.3 Equilibrium http://www.kvirc.net/] 09:39 -!- krzee [nobody@64.234.228.10] has joined #openvpn 09:39 -!- krzee [nobody@64.234.228.10] has quit [Changing host] 09:39 -!- krzee [nobody@openvpn/community/support/krzee] has joined #openvpn 09:43 -!- BasicXP|2 [~BasicXP@2001:67c:2158:a019::3] has joined #openvpn 09:45 -!- KaiForce [~chatzilla@adsl-70-228-78-173.dsl.akrnoh.ameritech.net] has joined #openvpn 09:45 -!- MeanderingCode [~Meanderin@75-173-19-88.albq.qwest.net] has joined #openvpn 09:48 -!- BasicXP|2 [~BasicXP@2001:67c:2158:a019::3] has quit [Read error: Connection reset by peer] 09:53 <@vpnHelper> RSS Update - forum: using W7 2.2.2 client with xp 2.0.9 server 10:03 -!- krzee [nobody@openvpn/community/support/krzee] has quit [Quit: This computer has gone to sleep] 10:04 < Uranellus> !paste 10:04 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into pastebin or a similar website, or (#2) ie: www.pastebin.ca 10:06 -!- andrew_au [~andrew@ppp196-240.static.internode.on.net] has joined #openvpn 10:06 < andrew_au> hi, would someone be able to help me with getting a vpn to work. I've got traffic coming in via eth0 and going out via eth0 but need the outgoing traffic via eth1 10:08 -!- Azrael808 [~peter@212.161.9.162] has quit [Ping timeout: 265 seconds] 10:12 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 10:14 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 10:15 -!- oc80z [oc80z@openvpn/user/oc80z] has quit [Excess Flood] 10:15 -!- BasicXP [~BasicXP@ubuntu/member/BasicXP] has joined #openvpn 10:16 -!- oc80z [oc80z@blea.ch] has joined #openvpn 10:21 < BasicXP> Hello! I have a problem configuring OpenVPN on OpenWrt. I'm trying to configure a tap-tunnel. The server config is here: http://pastebin.com/MEzF8cuD (uCI). The problem is when connect to it with a Windows OpenVPN client, the client's tap adapter is inactive and no IP addresses (both v4 and v6) are received. I suppose I misconfigured something. eth0.1 and tap0 are bridged on the server side. 10:21 -!- Azrael808 [~peter@212.161.9.162] has joined #openvpn 10:22 < BasicXP> Thanks in advance for any help provided! 10:23 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 246 seconds] 10:25 < ecrist> !logs 10:25 <@vpnHelper> "logs" is (#1) is please pastebin your logfiles from both client and server with verb set to 5 or (#2) In Tunnelblick, right-click and select copy to copy log text to clipboard. 10:26 < BasicXP> k, hold on 10:29 < BasicXP> All logs I got for now: http://pastebin.com/a2WNWbDu 10:29 < BasicXP> Server log might not be properly configured, so I just used whatever I got in syslog 10:31 < Uranellus> !route 10:31 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT or (#3) See !tcpip for more info about a more basic networking guide 10:31 <@dazo> BasicXP: you see all those WARNING: lines ... start by fixing them, one by one 10:31 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 10:32 < BasicXP> I tried adding the tls-server line to the server config, but it failed, so I had to write tls_server, it worked 10:33 < BasicXP> Line 7 in the first paste 10:35 < BasicXP> Uranellus: i'm using a tap-setup, does it require routing? 10:35 -!- BoomSie_ [~gideon@dw77242112238.amsterdam-tc.dataweb.net] has joined #openvpn 10:35 -!- BoomSie_ [~gideon@dw77242112238.amsterdam-tc.dataweb.net] has quit [Read error: Connection reset by peer] 10:36 * dazo bites his tongue and fingers to avoid saying anything stupid 10:37 < BasicXP> say if you want, my fault still hehe 10:37 < Uranellus> BasicXP: sorry, the !route wasnt meant for you as a hint .. I have a routing problem myself and was looking for information ^^ 10:37 < BasicXP> ah k 10:38 <@dazo> BasicXP: *why* do you want to use tap? (And don't say "because I want to bridge, so I don't have to do routing") 10:38 < BasicXP> not really 10:39 < BasicXP> because i haven't found a better way to have both ipv4 and ipv6 working 10:39 < BasicXP> the setup recommended on openwrt's wiki is ipv4-only 10:39 <@dazo> !ipv6 10:39 <@vpnHelper> "ipv6" is (#1) http://www.greenie.net/ipv6/openvpn.html for ipv6 payload patch (adds some nice ipv6 options) or (#2) see !snapshots for a release with ipv6 patches in it, report how it works to help it get included in a stable release 10:40 <@dazo> BasicXP: that greenie link ... there's a pointer to a IPv6 enabled openvpn package for openwrt there 10:40 < BasicXP> i read in openvpn faq that a tap is indifferent to ipv4, ipv6 etc, because it's layer 2 tunneling 10:40 <@dazo> !tunortap 10:40 <@vpnHelper> "tunortap" is (#1) you ONLY want tap if you need to pass layer2 traffic over the vpn (traffic destined for a MAC address). If you are using IP traffic you want tun. Dont waste the extra overhead. or (#2) and if your reason for wanting tap is windows shares, see !wins or (#3) also remember that if someone gets access to any side of a tap vpn they can use layer2 attacks like arp poisoning against you over the 10:40 <@vpnHelper> vpn or (#4) lan gaming? use tap! 10:41 < BasicXP> well, it'd be good if windows shares would work heh 10:41 <@dazo> !windows 10:41 <@vpnHelper> "windows" is (#1) pcs are like air conditioners, they work fine unless you open windows or (#2) http://secure-computing.net/files/windows.jpg for funny or (#3) http://secure-computing.net/files/windows_2.jpg for more funny 10:41 <@dazo> !samba 10:41 <@vpnHelper> "samba" is (#1) http://openvpn.net/faq#samba-routing for using samba with a routed tun, or use NETBIOS with a bridge or (#2) http://www.openvpn.net/howto#samba if you run samba on linux and use tun mode 10:47 < BasicXP> right, thanks 10:47 < BasicXP> i'll continue digging myself 10:47 -!- BasicXP [~BasicXP@ubuntu/member/BasicXP] has left #openvpn ["I need to leave this channel."] 10:53 -!- s7r [~s7r@openvpn/user/s7r] has left #openvpn [] 11:02 -!- mgorbach is now known as zz_mgorbach 11:04 -!- ironman_ [~ironman@99-45-120-223.lightspeed.cicril.sbcglobal.net] has joined #openvpn 11:04 -!- lakewood [~ironman@99-45-120-223.lightspeed.cicril.sbcglobal.net] has quit [Read error: Connection reset by peer] 11:04 -!- ironman_ is now known as lakewood 11:11 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has quit [] 11:13 -!- gremly [~gremly@186.28.53.233] has quit [Ping timeout: 244 seconds] 11:22 < hyper_ch> dazo: ecrist: http://www.ipv6buddy.com/ 11:22 <@vpnHelper> Title: IPv6 Buddy (at www.ipv6buddy.com) 11:22 < hyper_ch> dazo: wb :) 11:31 * rob0 is gradually winning the struggle against openssl 11:31 -!- gremly [~gremly@186.28.116.249] has joined #openvpn 11:35 <@dazo> hyper_ch: hahaha! that's a cool one :) 11:35 < hyper_ch> dazo: I heard you got drunk at fosdem 11:36 <@dazo> hyper_ch: uhhh!? really!??! from whom? 11:36 < hyper_ch> is it true? 11:37 -!- Guest42339 [~phantomci@50.57.81.35] has quit [Quit: Clever quit message!] 11:37 <@dazo> hyper_ch: if I was drunk, nobody else would have survived fosdem ;-) 11:37 < hyper_ch> dazo: well, I actually spread that rumor 11:37 < hyper_ch> because you were _afk all the time 11:38 < hyper_ch> and I just couldn't imagine there wasn't internet at fosdem 11:38 < hyper_ch> so either you were sick/had an accident 11:38 < hyper_ch> or you were drunk 11:38 <@dazo> heh ... yeah, I didn't care about logging into irc when all the people I wanted to talk to was right besides me 11:40 < hyper_ch> awwwwww :( 11:42 <@dazo> more of the openvpn devs where there ... so if you see the -devel mailing list and the git commit log ... you see we were relatively efficient 11:42 < hyper_ch> you're not a dev? 11:42 <@dazo> I'm not doing development alone ;-) 11:43 <@dazo> yeah, I do provide patches as well 11:43 < hyper_ch> :) 11:43 < hyper_ch> bein efficient... does that mean the take-over-the-world button will be featured soon in openvpn? 11:44 -!- Azrael808 [~peter@212.161.9.162] has quit [Ping timeout: 245 seconds] 11:44 -!- phantomcircuit [~phantomci@50.57.81.35] has joined #openvpn 11:46 <@dazo> we got some nice openbsd fixes ... topology subnet should work there now, fixed some issues with tun/tap devices ... cleaned up some nasty code - and started fixing bugs introduced by that, some UTF-8 fixes, some IPv6 fixes 11:46 < hyper_ch> :) 11:46 <@dazo> waiting for a couple of more patches, and we'll tag the v2.3-alpha1 11:48 < hyper_ch> nice 11:48 < hyper_ch> any progress of making it possible to share directly client-client 11:48 < hyper_ch> and not passing traffic through the server? 11:49 <@dazo> nope, we've not looked at that at all ... that's not on the agenda now 11:49 < rob0> hyper_ch, I guess that means dazo doesn't want to talk to us! 11:49 -!- ChrisInSydney [~Chris@60-242-81-231.tpgi.com.au] has quit [Ping timeout: 265 seconds] 11:49 <@dazo> meshing is a nice feature, but needs major rehaul of the code to be able to tackle that 11:50 <@dazo> rob0: that's harsh! ;-) 11:50 < hyper_ch> rob0: :) 11:50 < hyper_ch> dazo: that is called meshing? 11:50 < rob0> mesh cold be a mess 11:50 < rob0> *could 11:51 -!- oc80z [oc80z@blea.ch] has quit [Excess Flood] 11:51 <@dazo> hyper_ch: that's the principle of mesh network ... you talk directly where you can talk directly, and via some others where that's required .... and there's no clear central point 11:51 -!- andrew_au [~andrew@ppp196-240.static.internode.on.net] has quit [Quit: andrew_au] 11:51 < rob0> thinking firewalls ... how are these clients going to punch through one another's firewalls? Same port, maybe 11:52 -!- oc80z [oc80z@blea.ch] has joined #openvpn 11:52 <@dazo> rob0: same principles as peer-to-peer apps 11:52 < rob0> but NATed clients could be a problem 11:52 <@dazo> IPv6 ;-) 11:52 * dazo runs for dinner 11:52 < rob0> and how would they auth? 11:52 < rob0> bye 11:52 < hyper_ch> nated clients aren't a problem in openvpn 11:53 < hyper_ch> well, clients connect to the openvpn server and then with help of it, establish an encrypted tunnel between two authorized clients 11:53 < rob0> I guess the central point would be a table at the server that is pushed out to clients and updated as necessary, with auth tokens and real IP addresses and ports 11:54 < rob0> or, maybe the clients are only given the connection info as needed, rather than maintaining tunnels to other clients 11:55 < hyper_ch> well, I don0t know 11:55 < hyper_ch> but smart-dazo will figure it out 11:56 -!- rickuz2 [~rickuz@p5DC45693.dip.t-dialin.net] has quit [Quit: Leaving.] 11:57 < rob0> question of static every-point tunnels vs. on-demand dynamic ones is a design consideration 12:00 < rob0> I think on-demand might be the better choice, but there would be lag as client-A signals the server that it wants to talk to client-B, then the server tells client-B to set up a tunnel to client-A and vice versa 12:03 -!- ironman_ [~ironman@99-45-120-223.lightspeed.cicril.sbcglobal.net] has joined #openvpn 12:05 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has quit [Ping timeout: 246 seconds] 12:05 -!- zz_mgorbach is now known as mgorbach 12:05 -!- lakewood [~ironman@99-45-120-223.lightspeed.cicril.sbcglobal.net] has quit [Ping timeout: 252 seconds] 12:08 -!- ironman__ [~ironman@99-45-120-223.lightspeed.cicril.sbcglobal.net] has joined #openvpn 12:11 -!- ironman_ [~ironman@99-45-120-223.lightspeed.cicril.sbcglobal.net] has quit [Ping timeout: 260 seconds] 12:15 -!- mattock [~samuli@openvpn/corp/admin/mattock] has quit [Ping timeout: 248 seconds] 12:17 -!- Azrael808 [~peter@178.108.102.160] has joined #openvpn 12:17 -!- JackWinter [~jack@ppp-289.vo.lu] has quit [Quit: Konversation terminated!] 12:20 -!- JackWinter [~jack@ppp-289.vo.lu] has joined #openvpn 12:25 -!- Azrael808 [~peter@178.108.102.160] has quit [Ping timeout: 245 seconds] 12:28 -!- mattock [~samuli@openvpn/corp/admin/mattock] has joined #openvpn 12:28 -!- mode/#openvpn [+o mattock] by ChanServ 12:32 <@vpnHelper> RSS Update - forum: can't reach internet on VPN 12:35 -!- Netsplit *.net <-> *.split quits: ScriptFanix, zeroXten 12:43 -!- Netsplit over, joins: ScriptFanix, zeroXten 12:44 <@vpnHelper> RSS Update - forum: pfsense to tomato OpenVPN - ping one direction only. || [resolved] OpenVPN on CentOs : IP not changed 12:47 < ecrist> hyper_ch: that's the stupidest thing I've seen in quite some time. 12:48 < hyper_ch> ecrist: :( 12:54 -!- gremly [~gremly@186.28.116.249] has quit [Quit: WeeChat 0.3.6] 12:55 -!- gremly [~gremly@186.28.116.249] has joined #openvpn 12:55 -!- guifort [~guifort@126.255.198.77.rev.sfr.net] has joined #openvpn 12:55 <@vpnHelper> RSS Update - forum: vpn routing from windows 7 machines in private network 12:59 -!- guifort__ [~guifort@106.49.69.86.rev.sfr.net] has quit [Ping timeout: 260 seconds] 13:08 -!- MeanderingCode_ [~Meanderin@seattle243.riseup.net] has joined #openvpn 13:09 -!- MeanderingCode [~Meanderin@75-173-19-88.albq.qwest.net] has quit [Ping timeout: 244 seconds] 13:18 -!- fellayaboy [~mystik@unaffiliated/fellayaboy] has joined #openvpn 13:19 < fellayaboy> how do i upgrade a dh 1024 with a 2048 13:19 < fellayaboy> would i have to generate keys all over again? 13:24 < fellayaboy> do i just need to change the vars export key_size=2048 ./build-dh and thats it or so i have to source vars after words? 13:24 < fellayaboy> afterwards* 13:28 < ecrist> !dh 13:28 <@vpnHelper> "dh" is build-dh from easy-rsa and option dh in ssl-admin, creates a file which is a prime number the size of bits you defined (1024 default) which is used in the diffie-hellman algorithm to provide a method to negotiate a secure connection over an insecure channel. just one of the layers of encryption available to you in your VPN 13:31 < fellayaboy> i already know that info 13:31 < fellayaboy> read my question please 13:33 < fellayaboy> nevermind i got it 13:33 < fellayaboy> thanks 13:43 -!- fellayaboy [~mystik@unaffiliated/fellayaboy] has quit [Ping timeout: 265 seconds] 13:51 -!- APTX [APTX@unaffiliated/aptx] has quit [Read error: Connection reset by peer] 13:51 -!- APTX [APTX@unaffiliated/aptx] has joined #openvpn 13:52 -!- rickuz [~rickuz@77-21-40-158-dynip.superkabel.de] has joined #openvpn 13:57 -!- defsdoor [~andy@cpc17-sutt4-2-0-cust175.perr.cable.virginmedia.com] has quit [Quit: Ex-Chat] 13:59 -!- [MSFT]CBranca [~kismetgfx@nat/microsoft/x-keuxffajgjtgfukj] has quit [Ping timeout: 244 seconds] 14:16 -!- raidz [~raidz@openvpn/corp/admin/andrew] has joined #openvpn 14:16 -!- mode/#openvpn [+o raidz] by ChanServ 14:22 -!- kisom [~x@c-fadde155.648-1-64736c11.cust.bredbandsbolaget.se] has joined #openvpn 14:23 < kisom> does anyone have experience with running openvpn over the great firewall of china? i've tried it with several ports and both UDP and TCP, but the firewall keeps sending reset packets... 14:24 <+EugeneKay> No experience, but I seem to recall that you need to drop RST packets for TCP:1194 14:25 -!- ChrisInSydney [~Chris@60-242-81-231.tpgi.com.au] has joined #openvpn 14:25 < kisom> yes that works... the problem is that i cannot do that on windows clients 14:46 -!- novaflash is now known as backtogeek 14:46 -!- backtogeek is now known as novaflash 14:55 -!- dberry [~dberry@unaffiliated/dberry] has quit [Ping timeout: 276 seconds] 14:55 -!- dberry [~dberry@pool-108-49-70-88.bstnma.fios.verizon.net] has joined #openvpn 15:05 < ecrist> kisom: move out of china. :) 15:05 < ecrist> or have them connect to an openvpn server INSIDE china, that isn't windows, and connects out of china 15:21 -!- mete [~mete@mete.shell.la] has quit [Read error: Operation timed out] 15:27 -!- mete [~mete@mete.shell.la] has joined #openvpn 15:51 -!- grendal-prime [~sgraham@2001:470:822a:200:1e75:8ff:fe48:dfef] has joined #openvpn 15:51 < grendal-prime> hey im trying to fire up a connecton with a script, then do some work on the machine and close the connection..what would the sequence of commands be for that..? 15:52 < grendal-prime> like openvpn --config myconfi.conf mycode goes here then openvpn --kill connection somehow 15:52 <+EugeneKay> You can fire it up & fork it off using the --daemon, and save the pid using --writepid for later kill-ing 15:53 <+EugeneKay> +directive 15:55 < grendal-prime> iiiii like that idea 15:55 < grendal-prime> iiii like the way you think 15:55 <+EugeneKay> Are you hitting on me? 15:56 < grendal-prime> rrrrrr you a woman? 15:56 <+EugeneKay> Not today 15:56 < grendal-prime> nope 15:56 < grendal-prime> ok 15:57 < grendal-prime> now that we know that neither of us are going to get any tit for tat on this.... 15:57 < grendal-prime> so i would just use the --daemon switch and exe() or system() ? 15:57 < grendal-prime> where would i collect the pid? 15:58 * EugeneKay shrugs 15:58 <+EugeneKay> Your script, you decide. 15:58 <+EugeneKay> /tmp is a good place to stick pidfiles 15:59 < grendal-prime> can you execute with a spcific pid? 15:59 -!- oc80z [oc80z@blea.ch] has quit [Excess Flood] 15:59 -!- oc80z [oc80z@blea.ch] has joined #openvpn 15:59 <+EugeneKay> "No" 15:59 < grendal-prime> hey... 15:59 < grendal-prime> you gotty 15:59 < grendal-prime> the daemon worked wonders 16:00 < grendal-prime> dont know why i didnt think of that 16:01 < grendal-prime> now i feel really stupid 16:01 < grendal-prime> grrr 16:02 -!- KaiForce [~chatzilla@adsl-70-228-78-173.dsl.akrnoh.ameritech.net] has quit [Quit: ChatZilla 0.9.88 [Firefox 10.0/20120129021758]] 16:03 < grendal-prime> polishing herry-carry knives 16:20 -!- cjs226 [~cjs226@rrcs-71-40-79-154.sw.biz.rr.com] has quit [] 16:22 -!- Denial [Denial@drgi.co.uk] has quit [] 16:36 -!- BoomSie [~gideon@84-245-27-118.dsl.cambrium.nl] has joined #openvpn 16:36 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Remote host closed the connection] 16:36 -!- Gravitron [~admin@69.163.40.45] has joined #openvpn 16:36 -!- Gravitron [~admin@69.163.40.45] has quit [Changing host] 16:36 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 16:38 -!- Milka [d4751c29@gateway/web/freenode/ip.212.117.28.41] has joined #openvpn 16:39 < Milka> hello 16:39 < Milka> how do you fight with "MULTI bad source address from client [192.168.1.10], packet dropped" 16:40 < Milka> im playing with replay-window with no success 16:41 < Milka> oh, pasted wrong error:) 16:41 < Milka> Replay-window backtrack occurred [1] 16:41 < Milka> at the moment > replay-window 16384 120 16:42 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Quit: Rolybrau] 16:42 < Milka> other client uses satellite internet with latencies ~1000ms 16:52 <@dazo> Milka: which version are you running? 16:52 < Milka> latest 16:52 <@dazo> which is? 16:52 <@dazo> in your case 16:52 < Milka> OpenVPN 2.2.2 16:52 <@dazo> goodie 16:52 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 16:53 -!- rickuz [~rickuz@77-21-40-158-dynip.superkabel.de] has quit [Quit: Leaving.] 16:54 <@dazo> Milka: http://openvpn.net/index.php/open-source/faq/79-client/317-qmulti-bad-source-address-from-client--packet-droppedq-or-qget-inst-by-virt-failedq.html 16:54 <@vpnHelper> Title: "MULTI: bad source address from client , packet dropped" or "GET INST BY VIRT: [failed]"? (at openvpn.net) 16:55 < Milka> i dont want to route any other client fomr his network 16:55 < Milka> all i need is him 16:55 < Milka> so dropping packets is not a bad thing i think? 16:55 < Milka> thing* 16:55 <@dazo> it's dropping packets which openvpn doesn't know what to do with, because it doesn't know where those packets should go 16:57 < Milka> so if i understand corrent, fixing that packed droping will fix my 'replay-window backtrack' problem too? 16:57 <@dazo> no, that's something else usually 16:58 <@dazo> Milka: Look up --replay-window in the man page 16:58 < Milka> i read it many times hm 16:58 < Milka> putting huge numbers in there helps a little 17:00 < Milka> i dont care much about "MULTI bad source address from client [192.168.1.10], packet dropped" if it doesnt affect my connectivity 17:00 < Milka> i think problem is with "Replay-window backtrack occurred" which i still cant fix 17:00 <@dazo> Milka: it's not just about the 'n' parameter ... there's an additional 't' parameter which should be investigated too 17:01 < Milka> the second one? 17:01 <@dazo> --replay-window